use of org.forgerock.oauth2.core.exceptions.ServerException in project OpenAM by OpenRock.
the class ResourceSetRegistrationEndpoint method createResourceSet.
/**
* <p>Creates or updates a resource set description.</p>
*
* <p>If the request contains a If-Match header an update is performed, otherwise a create is performed.</p>
*
* <p>An update will replace the current description of the resource set with the contents of the request body.</p>
*
* @param entity The new resource set description.
* @return A JSON object containing the authorization server's unique id for the resource set and, optionally,
* a policy uri.
* @throws NotFoundException If the requested resource set description does not exist.
* @throws ServerException When an error occurs during creating or updating.
* @throws BadRequestException If the request JSON is invalid.
*/
@Post
public Representation createResourceSet(JsonRepresentation entity) throws NotFoundException, ServerException, BadRequestException {
ResourceSetDescription resourceSetDescription = new ResourceSetDescription(null, getClientId(), getResourceOwnerId(), validator.validate(toMap(entity)));
OAuth2Request oAuth2Request = requestFactory.create(getRequest());
ResourceSetStore store = providerSettingsFactory.get(oAuth2Request).getResourceSetStore();
QueryFilter<String> query = QueryFilter.and(QueryFilter.equalTo(ResourceSetTokenField.NAME, resourceSetDescription.getName()), QueryFilter.equalTo(ResourceSetTokenField.CLIENT_ID, getClientId()), QueryFilter.equalTo(ResourceSetTokenField.RESOURCE_OWNER_ID, getResourceOwnerId()));
if (!store.query(query).isEmpty()) {
getResponse().setStatus(Status.CLIENT_ERROR_BAD_REQUEST);
Map<String, Object> response = new HashMap<String, Object>();
response.put(OAuth2Constants.Params.ERROR, Status.CLIENT_ERROR_BAD_REQUEST.getReasonPhrase());
response.put(OAuth2Constants.Params.ERROR_DESCRIPTION, "A shared item with the name '" + resourceSetDescription.getName() + "' already exists");
return new JsonRepresentation(response);
}
JsonValue labels = resourceSetDescription.getDescription().get(OAuth2Constants.ResourceSets.LABELS);
resourceSetDescription.getDescription().remove(OAuth2Constants.ResourceSets.LABELS);
for (ResourceRegistrationFilter filter : extensionFilterManager.getFilters(ResourceRegistrationFilter.class)) {
filter.beforeResourceRegistration(resourceSetDescription);
}
store.create(oAuth2Request, resourceSetDescription);
if (labels.isNotNull()) {
resourceSetDescription.getDescription().add(OAuth2Constants.ResourceSets.LABELS, labels.asSet());
}
labelRegistration.updateLabelsForNewResourceSet(resourceSetDescription);
for (ResourceRegistrationFilter filter : extensionFilterManager.getFilters(ResourceRegistrationFilter.class)) {
filter.afterResourceRegistration(resourceSetDescription);
}
for (ResourceSetRegistrationHook hook : hooks) {
hook.resourceSetCreated(oAuth2Request.<String>getParameter("realm"), resourceSetDescription);
}
getResponse().setStatus(Status.SUCCESS_CREATED);
return createJsonResponse(resourceSetDescription, false, true);
}
use of org.forgerock.oauth2.core.exceptions.ServerException in project OpenAM by OpenRock.
the class ResourceSetRegistrationEndpoint method deleteResourceSet.
/**
* <p>Deletes the resource set description for the request resource set id as long as the If-Match header matches
* the current version of the resource set.</p>
*
* <p>If no If-Match header is present on the request a 512 Precondition Failed response will be returned.</p>
*
* @return An empty representation.
* @throws NotFoundException If the requested resource set description does not exist.
* @throws ServerException When an error occurs during removal.
*/
@Delete
public Representation deleteResourceSet() throws NotFoundException, ServerException {
if (!isConditionalRequest()) {
throw new ResourceException(512, "precondition_failed", "Require If-Match header to delete Resource Set", null);
}
ResourceSetStore store = providerSettingsFactory.get(requestFactory.create(getRequest())).getResourceSetStore();
ResourceSetDescription resourceSetDescription = store.read(getResourceSetId(), getResourceOwnerId());
OAuth2Request oAuth2Request = requestFactory.create(getRequest());
for (ResourceSetRegistrationHook hook : hooks) {
hook.resourceSetDeleted(oAuth2Request.<String>getParameter("realm"), resourceSetDescription);
}
labelRegistration.updateLabelsForDeletedResourceSet(resourceSetDescription);
store.delete(getResourceSetId(), getResourceOwnerId());
return createEmptyResponse();
}
use of org.forgerock.oauth2.core.exceptions.ServerException in project OpenAM by OpenRock.
the class OpenAMTokenStore method createRefreshToken.
@Override
public RefreshToken createRefreshToken(String grantType, String clientId, String resourceOwnerId, String redirectUri, Set<String> scope, OAuth2Request request, String validatedClaims) throws ServerException, NotFoundException {
final String realm = realmNormaliser.normalise(request.<String>getParameter(REALM));
logger.message("Create refresh token");
OpenIdConnectClientRegistration clientRegistration = getClientRegistration(clientId, request);
final OAuth2ProviderSettings providerSettings = providerSettingsFactory.get(request);
final String id = UUID.randomUUID().toString();
final String auditId = UUID.randomUUID().toString();
final long lifeTime;
if (clientRegistration == null) {
lifeTime = providerSettings.getRefreshTokenLifetime();
} else {
lifeTime = clientRegistration.getRefreshTokenLifeTime(providerSettings);
}
long expiryTime = lifeTime < 0 ? -1 : lifeTime + System.currentTimeMillis();
AuthorizationCode token = request.getToken(AuthorizationCode.class);
String authModules = null;
String acr = null;
if (token != null) {
authModules = token.getAuthModules();
acr = token.getAuthenticationContextClassReference();
}
RefreshToken currentRefreshToken = request.getToken(RefreshToken.class);
if (currentRefreshToken != null) {
authModules = currentRefreshToken.getAuthModules();
acr = currentRefreshToken.getAuthenticationContextClassReference();
}
OpenAMRefreshToken refreshToken = new OpenAMRefreshToken(id, resourceOwnerId, clientId, redirectUri, scope, expiryTime, OAuth2Constants.Bearer.BEARER, OAuth2Constants.Token.OAUTH_REFRESH_TOKEN, grantType, realm, authModules, acr, auditId);
if (!StringUtils.isBlank(validatedClaims)) {
refreshToken.setClaims(validatedClaims);
}
try {
tokenStore.create(refreshToken);
if (auditLogger.isAuditLogEnabled()) {
String[] obs = { "CREATED_REFRESH_TOKEN", refreshToken.toString() };
auditLogger.logAccessMessage("CREATED_REFRESH_TOKEN", obs, null);
}
} catch (CoreTokenException e) {
if (auditLogger.isAuditLogEnabled()) {
String[] obs = { "FAILED_CREATE_REFRESH_TOKEN", refreshToken.toString() };
auditLogger.logErrorMessage("FAILED_CREATE_REFRESH_TOKEN", obs, null);
}
logger.error("Unable to create refresh token: " + refreshToken.getTokenInfo(), e);
throw new ServerException("Could not create token in CTS: " + e.getMessage());
}
request.setToken(RefreshToken.class, refreshToken);
return refreshToken;
}
use of org.forgerock.oauth2.core.exceptions.ServerException in project OpenAM by OpenRock.
the class OpenAMTokenStore method appendIdTokenClaims.
//return all claims from scopes + claims requested in the id_token
private void appendIdTokenClaims(OAuth2Request request, OAuth2ProviderSettings providerSettings, OpenAMOpenIdConnectToken oidcToken) throws ServerException, NotFoundException, InvalidClientException {
try {
AccessToken accessToken = request.getToken(AccessToken.class);
Map<String, Object> userInfo = providerSettings.getUserInfo(accessToken, request).getValues();
for (Map.Entry<String, Object> claim : userInfo.entrySet()) {
oidcToken.put(claim.getKey(), claim.getValue());
}
} catch (UnauthorizedClientException e) {
throw failureFactory.getException(request, e.getMessage());
}
}
use of org.forgerock.oauth2.core.exceptions.ServerException in project OpenAM by OpenRock.
the class OpenAMTokenStore method createAccessToken.
/**
* {@inheritDoc}
*/
public AccessToken createAccessToken(String grantType, String accessTokenType, String authorizationCode, String resourceOwnerId, String clientId, String redirectUri, Set<String> scope, RefreshToken refreshToken, String nonce, String claims, OAuth2Request request) throws ServerException, NotFoundException {
OpenIdConnectClientRegistration clientRegistration = getClientRegistration(clientId, request);
final OAuth2ProviderSettings providerSettings = providerSettingsFactory.get(request);
final String id = UUID.randomUUID().toString();
final String auditId = UUID.randomUUID().toString();
String realm = realmNormaliser.normalise(request.<String>getParameter(REALM));
long expiryTime = 0;
if (clientRegistration == null) {
expiryTime = providerSettings.getAccessTokenLifetime() + System.currentTimeMillis();
} else {
expiryTime = clientRegistration.getAccessTokenLifeTime(providerSettings) + System.currentTimeMillis();
}
final AccessToken accessToken;
if (refreshToken == null) {
accessToken = new OpenAMAccessToken(id, authorizationCode, resourceOwnerId, clientId, redirectUri, scope, expiryTime, null, OAuth2Constants.Token.OAUTH_ACCESS_TOKEN, grantType, nonce, realm, claims, auditId);
} else {
accessToken = new OpenAMAccessToken(id, authorizationCode, resourceOwnerId, clientId, redirectUri, scope, expiryTime, refreshToken.getTokenId(), OAuth2Constants.Token.OAUTH_ACCESS_TOKEN, grantType, nonce, realm, claims, auditId);
}
try {
tokenStore.create(accessToken);
if (auditLogger.isAuditLogEnabled()) {
String[] obs = { "CREATED_TOKEN", accessToken.toString() };
auditLogger.logAccessMessage("CREATED_TOKEN", obs, null);
}
} catch (CoreTokenException e) {
logger.error("Could not create token in CTS: " + e.getMessage());
if (auditLogger.isAuditLogEnabled()) {
String[] obs = { "FAILED_CREATE_TOKEN", accessToken.toString() };
auditLogger.logErrorMessage("FAILED_CREATE_TOKEN", obs, null);
}
throw new ServerException("Could not create token in CTS: " + e.getMessage());
}
request.setToken(AccessToken.class, accessToken);
return accessToken;
}
Aggregations