use of org.forgerock.oauth2.core.exceptions.ServerException in project OpenAM by OpenRock.
the class ClaimsParameterValidatorTest method shouldErrorValidatingJson.
@Test(expectedExceptions = BadRequestException.class)
public void shouldErrorValidatingJson() throws NotFoundException, BadRequestException, RedirectUriMismatchException, InvalidScopeException, InvalidRequestException, InvalidClientException, ServerException, UnsupportedResponseTypeException {
//given
OAuth2Request mockRequest = mock(OAuth2Request.class);
OAuth2ProviderSettings mockProviderSettings = mock(OAuth2ProviderSettings.class);
String responseTypes = "id_token";
given(mockProviderSettingsFactory.get(mockRequest)).willReturn(mockProviderSettings);
given(mockProviderSettings.getClaimsParameterSupported()).willReturn(true);
given(mockRequest.getParameter(OAuth2Constants.Custom.CLAIMS)).willReturn(invalidClaimsString);
given(mockRequest.getParameter(OAuth2Constants.Params.RESPONSE_TYPE)).willReturn(responseTypes);
//when
claimsParameterValidator.validateRequest(mockRequest);
//then
}
use of org.forgerock.oauth2.core.exceptions.ServerException in project OpenAM by OpenRock.
the class ClaimsParameterValidatorTest method shouldErrorValidatingResponseType.
@Test(expectedExceptions = BadRequestException.class)
public void shouldErrorValidatingResponseType() throws NotFoundException, BadRequestException, RedirectUriMismatchException, InvalidScopeException, InvalidRequestException, InvalidClientException, ServerException, UnsupportedResponseTypeException {
//given
OAuth2Request mockRequest = mock(OAuth2Request.class);
OAuth2ProviderSettings mockProviderSettings = mock(OAuth2ProviderSettings.class);
String responseTypes = "id_token";
given(mockProviderSettingsFactory.get(mockRequest)).willReturn(mockProviderSettings);
given(mockProviderSettings.getClaimsParameterSupported()).willReturn(true);
given(mockRequest.getParameter(OAuth2Constants.Custom.CLAIMS)).willReturn(validClaimsString);
given(mockRequest.getParameter(OAuth2Constants.Params.RESPONSE_TYPE)).willReturn(responseTypes);
//when
claimsParameterValidator.validateRequest(mockRequest);
//then
}
use of org.forgerock.oauth2.core.exceptions.ServerException in project OpenAM by OpenRock.
the class AuthorizationRequestEndpoint method requestAuthorization.
@Post
public Representation requestAuthorization(JsonRepresentation entity) throws BadRequestException, UmaException, EntitlementException, ServerException, NotFoundException {
UmaProviderSettings umaProviderSettings = umaProviderSettingsFactory.get(this.getRequest());
final OAuth2Request oauth2Request = requestFactory.create(getRequest());
OAuth2ProviderSettings oauth2ProviderSettings = oauth2ProviderSettingsFactory.get(oauth2Request);
OAuth2Uris oAuth2Uris = oAuth2UrisFactory.get(oauth2Request);
final UmaTokenStore umaTokenStore = umaProviderSettings.getUmaTokenStore();
String realm = oauth2Request.getParameter("realm");
JsonValue requestBody = json(toMap(entity));
PermissionTicket permissionTicket = getPermissionTicket(umaTokenStore, requestBody);
validatePermissionTicketHolder(umaTokenStore, permissionTicket);
final String resourceSetId = permissionTicket.getResourceSetId();
final Request request = getRequest();
final String resourceOwnerId = getResourceOwnerId(oauth2ProviderSettings, resourceSetId);
AMIdentity resourceOwner = createIdentity(resourceOwnerId, realm);
String requestingPartyId = null;
try {
requestingPartyId = getRequestingPartyId(umaProviderSettings, oAuth2Uris, requestBody);
} finally {
auditLogger.log(resourceSetId, resourceOwner, UmaAuditType.REQUEST, request, requestingPartyId == null ? getAuthorisationApiToken().getResourceOwnerId() : requestingPartyId);
}
if (isEntitled(umaProviderSettings, oauth2ProviderSettings, permissionTicket, requestingPartyId)) {
getResponse().setStatus(new Status(200));
auditLogger.log(resourceSetId, resourceOwner, UmaAuditType.GRANTED, request, requestingPartyId);
return createJsonRpt(umaTokenStore, permissionTicket);
} else {
try {
if (verifyPendingRequestDoesNotAlreadyExist(resourceSetId, resourceOwnerId, permissionTicket.getRealm(), requestingPartyId, permissionTicket.getScopes())) {
auditLogger.log(resourceSetId, resourceOwner, UmaAuditType.DENIED, request, requestingPartyId);
throw new UmaException(403, UmaConstants.NOT_AUTHORISED_ERROR_CODE, "The client is not authorised to access the requested resource set");
} else {
pendingRequestsService.createPendingRequest(ServletUtils.getRequest(getRequest()), resourceSetId, auditLogger.getResourceName(resourceSetId, request), resourceOwnerId, requestingPartyId, permissionTicket.getRealm(), permissionTicket.getScopes());
auditLogger.log(resourceSetId, resourceOwner, UmaAuditType.REQUEST_SUBMITTED, request, requestingPartyId);
}
} catch (org.forgerock.openam.sm.datalayer.store.ServerException e) {
logger.error("Failed to create pending request", e);
throw new UmaException(403, UmaConstants.NOT_AUTHORISED_ERROR_CODE, "Failed to create pending request");
}
throw newRequestSubmittedException();
}
}
use of org.forgerock.oauth2.core.exceptions.ServerException in project OpenAM by OpenRock.
the class UmaPolicyApplicationListener method identityDeleted.
/**
* Deletes, (based on configuration), the resource servers policy application, policies and
* resource sets.
*
* @param universalId {@inheritDoc}
*/
@Override
public void identityDeleted(String universalId) {
try {
AMIdentity identity = getIdentity(universalId);
if (!isAgentIdentity(identity)) {
return;
}
removeApplication(identity.getRealm(), identity.getName());
} catch (IdRepoException e) {
logger.error("Failed to get identity", e);
} catch (NotFoundException e) {
logger.error("Failed to get UMA Provider settings", e);
} catch (ServerException e) {
logger.error("Failed to get UMA Provider settings", e);
}
}
use of org.forgerock.oauth2.core.exceptions.ServerException in project OpenAM by OpenRock.
the class ResourceSetService method combine.
private Collection<ResourceSetDescription> combine(Context context, ResourceSetWithPolicyQuery resourceSetWithPolicyQuery, Collection<ResourceSetDescription> resourceSets, Collection<UmaPolicy> policies, boolean augmentWithPolicies, String resourceOwnerId) throws org.forgerock.oauth2.core.exceptions.NotFoundException, ServerException {
Map<String, ResourceSetDescription> resourceSetsById = new HashMap<String, ResourceSetDescription>();
Map<String, UmaPolicy> policiesById = new HashMap<String, UmaPolicy>();
for (ResourceSetDescription resourceSet : resourceSets) {
resourceSetsById.put(resourceSet.getId(), resourceSet);
}
for (UmaPolicy policy : policies) {
policiesById.put(policy.getId(), policy);
}
if (AggregateQuery.Operator.AND.equals(resourceSetWithPolicyQuery.getOperator())) {
resourceSetsById.keySet().retainAll(policiesById.keySet());
if (augmentWithPolicies) {
for (ResourceSetDescription resourceSet : resourceSetsById.values()) {
resourceSet.setPolicy(policiesById.get(resourceSet.getId()).asJson());
}
}
} else if (AggregateQuery.Operator.OR.equals(resourceSetWithPolicyQuery.getOperator())) {
if (augmentWithPolicies) {
for (ResourceSetDescription resourceSet : resourceSetsById.values()) {
augmentWithPolicy(context, resourceSet.getId(), resourceSet);
}
}
for (Map.Entry<String, UmaPolicy> entry : policiesById.entrySet()) {
ResourceSetDescription resourceSet;
if (resourceSetsById.containsKey(entry.getKey())) {
resourceSet = resourceSetsById.get(entry.getKey());
} else {
RealmContext realmContext = context.asContext(RealmContext.class);
resourceSet = resourceSetStoreFactory.create(realmContext.getResolvedRealm()).read(entry.getKey(), resourceOwnerId);
}
if (augmentWithPolicies) {
resourceSet.setPolicy(entry.getValue().asJson());
}
resourceSetsById.put(entry.getKey(), resourceSet);
}
}
return resourceSetsById.values();
}
Aggregations