Search in sources :

Example 56 with ServerException

use of org.forgerock.oauth2.core.exceptions.ServerException in project OpenAM by OpenRock.

the class ResourceSetRegistrationEndpoint method createResourceSet.

/**
     * <p>Creates or updates a resource set description.</p>
     *
     * <p>If the request contains a If-Match header an update is performed, otherwise a create is performed.</p>
     *
     * <p>An update will replace the current description of the resource set with the contents of the request body.</p>
     *
     * @param entity The new resource set description.
     * @return A JSON object containing the authorization server's unique id for the resource set and, optionally,
     * a policy uri.
     * @throws NotFoundException If the requested resource set description does not exist.
     * @throws ServerException When an error occurs during creating or updating.
     * @throws BadRequestException If the request JSON is invalid.
     */
@Post
public Representation createResourceSet(JsonRepresentation entity) throws NotFoundException, ServerException, BadRequestException {
    ResourceSetDescription resourceSetDescription = new ResourceSetDescription(null, getClientId(), getResourceOwnerId(), validator.validate(toMap(entity)));
    OAuth2Request oAuth2Request = requestFactory.create(getRequest());
    ResourceSetStore store = providerSettingsFactory.get(oAuth2Request).getResourceSetStore();
    QueryFilter<String> query = QueryFilter.and(QueryFilter.equalTo(ResourceSetTokenField.NAME, resourceSetDescription.getName()), QueryFilter.equalTo(ResourceSetTokenField.CLIENT_ID, getClientId()), QueryFilter.equalTo(ResourceSetTokenField.RESOURCE_OWNER_ID, getResourceOwnerId()));
    if (!store.query(query).isEmpty()) {
        getResponse().setStatus(Status.CLIENT_ERROR_BAD_REQUEST);
        Map<String, Object> response = new HashMap<String, Object>();
        response.put(OAuth2Constants.Params.ERROR, Status.CLIENT_ERROR_BAD_REQUEST.getReasonPhrase());
        response.put(OAuth2Constants.Params.ERROR_DESCRIPTION, "A shared item with the name '" + resourceSetDescription.getName() + "' already exists");
        return new JsonRepresentation(response);
    }
    JsonValue labels = resourceSetDescription.getDescription().get(OAuth2Constants.ResourceSets.LABELS);
    resourceSetDescription.getDescription().remove(OAuth2Constants.ResourceSets.LABELS);
    for (ResourceRegistrationFilter filter : extensionFilterManager.getFilters(ResourceRegistrationFilter.class)) {
        filter.beforeResourceRegistration(resourceSetDescription);
    }
    store.create(oAuth2Request, resourceSetDescription);
    if (labels.isNotNull()) {
        resourceSetDescription.getDescription().add(OAuth2Constants.ResourceSets.LABELS, labels.asSet());
    }
    labelRegistration.updateLabelsForNewResourceSet(resourceSetDescription);
    for (ResourceRegistrationFilter filter : extensionFilterManager.getFilters(ResourceRegistrationFilter.class)) {
        filter.afterResourceRegistration(resourceSetDescription);
    }
    for (ResourceSetRegistrationHook hook : hooks) {
        hook.resourceSetCreated(oAuth2Request.<String>getParameter("realm"), resourceSetDescription);
    }
    getResponse().setStatus(Status.SUCCESS_CREATED);
    return createJsonResponse(resourceSetDescription, false, true);
}
Also used : OAuth2Request(org.forgerock.oauth2.core.OAuth2Request) HashMap(java.util.HashMap) ResourceSetStore(org.forgerock.oauth2.resources.ResourceSetStore) ResourceSetRegistrationHook(org.forgerock.oauth2.restlet.resources.ResourceSetRegistrationHook) JsonValue(org.forgerock.json.JsonValue) ResourceSetDescription(org.forgerock.oauth2.resources.ResourceSetDescription) JsonRepresentation(org.restlet.ext.json.JsonRepresentation) ResourceRegistrationFilter(org.forgerock.openam.oauth2.extensions.ResourceRegistrationFilter) Post(org.restlet.resource.Post)

Example 57 with ServerException

use of org.forgerock.oauth2.core.exceptions.ServerException in project OpenAM by OpenRock.

the class ResourceSetRegistrationEndpoint method deleteResourceSet.

/**
     * <p>Deletes the resource set description for the request resource set id as long as the If-Match header matches
     * the current version of the resource set.</p>
     *
     * <p>If no If-Match header is present on the request a 512 Precondition Failed response will be returned.</p>
     *
     * @return An empty representation.
     * @throws NotFoundException If the requested resource set description does not exist.
     * @throws ServerException When an error occurs during removal.
     */
@Delete
public Representation deleteResourceSet() throws NotFoundException, ServerException {
    if (!isConditionalRequest()) {
        throw new ResourceException(512, "precondition_failed", "Require If-Match header to delete Resource Set", null);
    }
    ResourceSetStore store = providerSettingsFactory.get(requestFactory.create(getRequest())).getResourceSetStore();
    ResourceSetDescription resourceSetDescription = store.read(getResourceSetId(), getResourceOwnerId());
    OAuth2Request oAuth2Request = requestFactory.create(getRequest());
    for (ResourceSetRegistrationHook hook : hooks) {
        hook.resourceSetDeleted(oAuth2Request.<String>getParameter("realm"), resourceSetDescription);
    }
    labelRegistration.updateLabelsForDeletedResourceSet(resourceSetDescription);
    store.delete(getResourceSetId(), getResourceOwnerId());
    return createEmptyResponse();
}
Also used : OAuth2Request(org.forgerock.oauth2.core.OAuth2Request) ResourceSetStore(org.forgerock.oauth2.resources.ResourceSetStore) ResourceSetRegistrationHook(org.forgerock.oauth2.restlet.resources.ResourceSetRegistrationHook) ResourceException(org.restlet.resource.ResourceException) ResourceSetDescription(org.forgerock.oauth2.resources.ResourceSetDescription) Delete(org.restlet.resource.Delete)

Example 58 with ServerException

use of org.forgerock.oauth2.core.exceptions.ServerException in project OpenAM by OpenRock.

the class OpenAMTokenStore method createRefreshToken.

@Override
public RefreshToken createRefreshToken(String grantType, String clientId, String resourceOwnerId, String redirectUri, Set<String> scope, OAuth2Request request, String validatedClaims) throws ServerException, NotFoundException {
    final String realm = realmNormaliser.normalise(request.<String>getParameter(REALM));
    logger.message("Create refresh token");
    OpenIdConnectClientRegistration clientRegistration = getClientRegistration(clientId, request);
    final OAuth2ProviderSettings providerSettings = providerSettingsFactory.get(request);
    final String id = UUID.randomUUID().toString();
    final String auditId = UUID.randomUUID().toString();
    final long lifeTime;
    if (clientRegistration == null) {
        lifeTime = providerSettings.getRefreshTokenLifetime();
    } else {
        lifeTime = clientRegistration.getRefreshTokenLifeTime(providerSettings);
    }
    long expiryTime = lifeTime < 0 ? -1 : lifeTime + System.currentTimeMillis();
    AuthorizationCode token = request.getToken(AuthorizationCode.class);
    String authModules = null;
    String acr = null;
    if (token != null) {
        authModules = token.getAuthModules();
        acr = token.getAuthenticationContextClassReference();
    }
    RefreshToken currentRefreshToken = request.getToken(RefreshToken.class);
    if (currentRefreshToken != null) {
        authModules = currentRefreshToken.getAuthModules();
        acr = currentRefreshToken.getAuthenticationContextClassReference();
    }
    OpenAMRefreshToken refreshToken = new OpenAMRefreshToken(id, resourceOwnerId, clientId, redirectUri, scope, expiryTime, OAuth2Constants.Bearer.BEARER, OAuth2Constants.Token.OAUTH_REFRESH_TOKEN, grantType, realm, authModules, acr, auditId);
    if (!StringUtils.isBlank(validatedClaims)) {
        refreshToken.setClaims(validatedClaims);
    }
    try {
        tokenStore.create(refreshToken);
        if (auditLogger.isAuditLogEnabled()) {
            String[] obs = { "CREATED_REFRESH_TOKEN", refreshToken.toString() };
            auditLogger.logAccessMessage("CREATED_REFRESH_TOKEN", obs, null);
        }
    } catch (CoreTokenException e) {
        if (auditLogger.isAuditLogEnabled()) {
            String[] obs = { "FAILED_CREATE_REFRESH_TOKEN", refreshToken.toString() };
            auditLogger.logErrorMessage("FAILED_CREATE_REFRESH_TOKEN", obs, null);
        }
        logger.error("Unable to create refresh token: " + refreshToken.getTokenInfo(), e);
        throw new ServerException("Could not create token in CTS: " + e.getMessage());
    }
    request.setToken(RefreshToken.class, refreshToken);
    return refreshToken;
}
Also used : AuthorizationCode(org.forgerock.oauth2.core.AuthorizationCode) OpenIdConnectClientRegistration(org.forgerock.openidconnect.OpenIdConnectClientRegistration) RefreshToken(org.forgerock.oauth2.core.RefreshToken) ServerException(org.forgerock.oauth2.core.exceptions.ServerException) CoreTokenException(org.forgerock.openam.cts.exceptions.CoreTokenException) OAuth2ProviderSettings(org.forgerock.oauth2.core.OAuth2ProviderSettings)

Example 59 with ServerException

use of org.forgerock.oauth2.core.exceptions.ServerException in project OpenAM by OpenRock.

the class OpenAMTokenStore method appendIdTokenClaims.

//return all claims from scopes + claims requested in the id_token
private void appendIdTokenClaims(OAuth2Request request, OAuth2ProviderSettings providerSettings, OpenAMOpenIdConnectToken oidcToken) throws ServerException, NotFoundException, InvalidClientException {
    try {
        AccessToken accessToken = request.getToken(AccessToken.class);
        Map<String, Object> userInfo = providerSettings.getUserInfo(accessToken, request).getValues();
        for (Map.Entry<String, Object> claim : userInfo.entrySet()) {
            oidcToken.put(claim.getKey(), claim.getValue());
        }
    } catch (UnauthorizedClientException e) {
        throw failureFactory.getException(request, e.getMessage());
    }
}
Also used : AccessToken(org.forgerock.oauth2.core.AccessToken) UnauthorizedClientException(org.forgerock.oauth2.core.exceptions.UnauthorizedClientException) JSONObject(org.json.JSONObject) Map(java.util.Map)

Example 60 with ServerException

use of org.forgerock.oauth2.core.exceptions.ServerException in project OpenAM by OpenRock.

the class OpenAMTokenStore method createAccessToken.

/**
     * {@inheritDoc}
     */
public AccessToken createAccessToken(String grantType, String accessTokenType, String authorizationCode, String resourceOwnerId, String clientId, String redirectUri, Set<String> scope, RefreshToken refreshToken, String nonce, String claims, OAuth2Request request) throws ServerException, NotFoundException {
    OpenIdConnectClientRegistration clientRegistration = getClientRegistration(clientId, request);
    final OAuth2ProviderSettings providerSettings = providerSettingsFactory.get(request);
    final String id = UUID.randomUUID().toString();
    final String auditId = UUID.randomUUID().toString();
    String realm = realmNormaliser.normalise(request.<String>getParameter(REALM));
    long expiryTime = 0;
    if (clientRegistration == null) {
        expiryTime = providerSettings.getAccessTokenLifetime() + System.currentTimeMillis();
    } else {
        expiryTime = clientRegistration.getAccessTokenLifeTime(providerSettings) + System.currentTimeMillis();
    }
    final AccessToken accessToken;
    if (refreshToken == null) {
        accessToken = new OpenAMAccessToken(id, authorizationCode, resourceOwnerId, clientId, redirectUri, scope, expiryTime, null, OAuth2Constants.Token.OAUTH_ACCESS_TOKEN, grantType, nonce, realm, claims, auditId);
    } else {
        accessToken = new OpenAMAccessToken(id, authorizationCode, resourceOwnerId, clientId, redirectUri, scope, expiryTime, refreshToken.getTokenId(), OAuth2Constants.Token.OAUTH_ACCESS_TOKEN, grantType, nonce, realm, claims, auditId);
    }
    try {
        tokenStore.create(accessToken);
        if (auditLogger.isAuditLogEnabled()) {
            String[] obs = { "CREATED_TOKEN", accessToken.toString() };
            auditLogger.logAccessMessage("CREATED_TOKEN", obs, null);
        }
    } catch (CoreTokenException e) {
        logger.error("Could not create token in CTS: " + e.getMessage());
        if (auditLogger.isAuditLogEnabled()) {
            String[] obs = { "FAILED_CREATE_TOKEN", accessToken.toString() };
            auditLogger.logErrorMessage("FAILED_CREATE_TOKEN", obs, null);
        }
        throw new ServerException("Could not create token in CTS: " + e.getMessage());
    }
    request.setToken(AccessToken.class, accessToken);
    return accessToken;
}
Also used : OpenIdConnectClientRegistration(org.forgerock.openidconnect.OpenIdConnectClientRegistration) ServerException(org.forgerock.oauth2.core.exceptions.ServerException) AccessToken(org.forgerock.oauth2.core.AccessToken) CoreTokenException(org.forgerock.openam.cts.exceptions.CoreTokenException) OAuth2ProviderSettings(org.forgerock.oauth2.core.OAuth2ProviderSettings)

Aggregations

ServerException (org.forgerock.oauth2.core.exceptions.ServerException)60 OAuth2ProviderSettings (org.forgerock.oauth2.core.OAuth2ProviderSettings)31 OAuth2Request (org.forgerock.oauth2.core.OAuth2Request)25 JsonValue (org.forgerock.json.JsonValue)18 NotFoundException (org.forgerock.oauth2.core.exceptions.NotFoundException)18 CoreTokenException (org.forgerock.openam.cts.exceptions.CoreTokenException)18 ResourceSetDescription (org.forgerock.oauth2.resources.ResourceSetDescription)14 HashMap (java.util.HashMap)13 AccessToken (org.forgerock.oauth2.core.AccessToken)13 HashSet (java.util.HashSet)12 InvalidGrantException (org.forgerock.oauth2.core.exceptions.InvalidGrantException)11 ResourceSetStore (org.forgerock.oauth2.resources.ResourceSetStore)11 SSOException (com.iplanet.sso.SSOException)9 Request (org.restlet.Request)9 InvalidClientException (org.forgerock.oauth2.core.exceptions.InvalidClientException)8 Map (java.util.Map)7 OAuth2Uris (org.forgerock.oauth2.core.OAuth2Uris)7 JSONObject (org.json.JSONObject)7 SMSException (com.sun.identity.sm.SMSException)6 ResourceOwner (org.forgerock.oauth2.core.ResourceOwner)6