Example 71 with ServerException
use of org.forgerock.oauth2.core.exceptions.ServerException in project OpenAM by OpenRock.
the class OpenAMResourceOwnerSessionValidator method buildCustomLoginUrl.
private URI buildCustomLoginUrl(Template loginUrlTemplate, String gotoUrl, String acrValues, String realm, String moduleName, String serviceName, String locale) throws ServerException, UnsupportedEncodingException {
Map<String, String> templateData = new HashMap<>();
templateData.put("goto", URLEncoder.encode(gotoUrl, StandardCharsets.UTF_8.toString()));
templateData.put("acrValues", acrValues != null ? URLEncoder.encode(acrValues, StandardCharsets.UTF_8.toString()) : null);
templateData.put("realm", realm);
templateData.put("module", moduleName);
templateData.put("service", serviceName);
templateData.put("locale", locale);
try {
StringWriter loginUrlWriter = new StringWriter();
loginUrlTemplate.process(templateData, loginUrlWriter);
return URI.create(loginUrlWriter.toString());
} catch (IOException | TemplateException e) {
logger.error("Failed to template custom login url", e);
throw new ServerException("Failed to template custom login url");
}
}
Also used :
ServerException(org.forgerock.oauth2.core.exceptions.ServerException)
StringWriter(java.io.StringWriter)
HashMap(java.util.HashMap)
TemplateException(freemarker.template.TemplateException)
IOException(java.io.IOException)
Example 72 with ServerException
use of org.forgerock.oauth2.core.exceptions.ServerException in project OpenAM by OpenRock.
the class OpenAMResourceOwnerSessionValidator method buildDefaultLoginUrl.
private URI buildDefaultLoginUrl(OAuth2Request request, String gotoUrl, String acrValues, String realm, String moduleName, String serviceName, String locale) throws URISyntaxException, ServerException, NotFoundException {
final Request req = request.getRequest();
final String authURL = getAuthURL(getHttpServletRequest(req));
final URI authURI = new URI(authURL);
final Reference loginRef = new Reference(authURI);
if (!isEmpty(realm)) {
loginRef.addQueryParameter(OAuth2Constants.Custom.REALM, realm);
}
if (!isEmpty(locale)) {
loginRef.addQueryParameter(LOCALE, locale);
}
// Prefer standard acr_values, then module, then service
if (!isEmpty(acrValues)) {
final ACRValue chosen = chooseBestAcrValue(request, acrValues.split("\\s+"));
if (chosen != null) {
loginRef.addQueryParameter(chosen.method.getIndexType().toString(), chosen.method.getName());
// Adjust the GOTO url to indicate which acr value was actually chosen
req.getResourceRef().addQueryParameter(OAuth2Constants.JWTTokenParams.ACR, chosen.acr);
}
} else if (!isEmpty(moduleName)) {
loginRef.addQueryParameter(MODULE, moduleName);
} else if (!isEmpty(serviceName)) {
loginRef.addQueryParameter(SERVICE, serviceName);
}
loginRef.addQueryParameter(GOTO, gotoUrl);
return loginRef.toUri();
}
Also used :
Reference(org.restlet.data.Reference)
OAuth2Request(org.forgerock.oauth2.core.OAuth2Request)
HttpServletRequest(javax.servlet.http.HttpServletRequest)
Request(org.restlet.Request)
URI(java.net.URI)
Example 73 with ServerException
use of org.forgerock.oauth2.core.exceptions.ServerException in project OpenAM by OpenRock.
the class OpenAMResourceOwnerSessionValidator method validate.
/**
* {@inheritDoc}
*/
public ResourceOwner validate(OAuth2Request request) throws ResourceOwnerAuthenticationRequired, AccessDeniedException, BadRequestException, InteractionRequiredException, LoginRequiredException, ServerException, NotFoundException {
final OpenIdPrompt openIdPrompt = new OpenIdPrompt(request);
if (!openIdPrompt.isValid()) {
String message = "Invalid prompt parameter \"" + openIdPrompt.getOriginalValue() + "\"";
logger.message(message);
throw new BadRequestException(message);
}
SSOToken token = null;
try {
token = ssoTokenManager.createSSOToken(getHttpServletRequest(request.<Request>getRequest()));
} catch (SSOException e) {
logger.warning("Error authenticating user against OpenAM: ", e);
}
try {
if (token == null) {
token = ssoTokenManager.createSSOToken(request.getSession());
}
} catch (SSOException e) {
logger.warning("Error authenticating user against OpenAM: ", e);
}
try {
if (token != null) {
try {
// As the organization in the token is stored in lowercase, we need to lower case the auth2realm
String auth2Realm = dnWrapper.orgNameToDN(realmNormaliser.normalise((String) request.getParameter("realm"))).toLowerCase();
String tokenRealm = token.getProperty("Organization");
// auth2Realm can't be null as we would have an error earlier
if (!auth2Realm.equals(tokenRealm)) {
throw authenticationRequired(request);
}
} catch (SSOException e) {
throw new AccessDeniedException(e);
}
if (openIdPrompt.containsLogin()) {
throw authenticationRequired(request, token);
}
final String acrValuesStr = request.getParameter(ACR_VALUES);
if (acrValuesStr != null) {
setCurrentAcr(token, request, acrValuesStr);
}
try {
final long authTime = stringToDate(token.getProperty(ISAuthConstants.AUTH_INSTANT)).getTime();
if (isPastMaxAge(getMaxAge(request), authTime)) {
alterMaxAge(request);
throw authenticationRequired(request, token);
}
final AMIdentity id = IdUtils.getIdentity(AccessController.doPrivileged(AdminTokenAction.getInstance()), token.getProperty(Constants.UNIVERSAL_IDENTIFIER));
return new OpenAMResourceOwner(id.getName(), id, authTime);
} catch (Exception e) {
//Exception as chance of MANY exception types here.
logger.error("Error authenticating user against OpenAM: ", e);
throw new LoginRequiredException();
}
} else if (PASSWORD.equals(request.getParameter(GRANT_TYPE))) {
// been null from the attempted creation in L148.
return getResourceOwner(request.getToken(AccessToken.class));
} else {
if (openIdPrompt.containsNone()) {
logger.error("Not pre-authenticated and prompt parameter equals none.");
if (request.getParameter(OAuth2Constants.Params.RESPONSE_TYPE) != null) {
throw new InteractionRequiredException(Utils.isOpenIdConnectFragmentErrorType(splitResponseType(request.<String>getParameter(RESPONSE_TYPE))) ? FRAGMENT : QUERY);
} else {
throw new InteractionRequiredException();
}
} else if (!isRefreshToken(request)) {
throw authenticationRequired(request);
} else {
return getResourceOwner(request.getToken(RefreshToken.class));
}
}
} catch (SSOException | UnsupportedEncodingException | URISyntaxException e) {
throw new AccessDeniedException(e);
}
}
Also used :
LoginRequiredException(org.forgerock.oauth2.core.exceptions.LoginRequiredException)
InteractionRequiredException(org.forgerock.oauth2.core.exceptions.InteractionRequiredException)
AccessDeniedException(org.forgerock.oauth2.core.exceptions.AccessDeniedException)
SSOToken(com.iplanet.sso.SSOToken)
UnsupportedEncodingException(java.io.UnsupportedEncodingException)
SSOException(com.iplanet.sso.SSOException)
URISyntaxException(java.net.URISyntaxException)
OpenIdPrompt(org.forgerock.openidconnect.OpenIdPrompt)
URISyntaxException(java.net.URISyntaxException)
InvalidClientAuthZHeaderException(org.forgerock.oauth2.core.exceptions.InvalidClientAuthZHeaderException)
ParseException(java.text.ParseException)
EncodingException(org.owasp.esapi.errors.EncodingException)
ServerException(org.forgerock.oauth2.core.exceptions.ServerException)
NotFoundException(org.forgerock.oauth2.core.exceptions.NotFoundException)
UnauthorizedClientException(org.forgerock.oauth2.core.exceptions.UnauthorizedClientException)
SSOException(com.iplanet.sso.SSOException)
UnsupportedEncodingException(java.io.UnsupportedEncodingException)
TemplateException(freemarker.template.TemplateException)
InvalidClientException(org.forgerock.oauth2.core.exceptions.InvalidClientException)
BadRequestException(org.forgerock.oauth2.core.exceptions.BadRequestException)
LoginRequiredException(org.forgerock.oauth2.core.exceptions.LoginRequiredException)
InteractionRequiredException(org.forgerock.oauth2.core.exceptions.InteractionRequiredException)
IOException(java.io.IOException)
InvalidRequestException(org.forgerock.oauth2.core.exceptions.InvalidRequestException)
AccessDeniedException(org.forgerock.oauth2.core.exceptions.AccessDeniedException)
RefreshToken(org.forgerock.oauth2.core.RefreshToken)
AMIdentity(com.sun.identity.idm.AMIdentity)
BadRequestException(org.forgerock.oauth2.core.exceptions.BadRequestException)
Example 74 with ServerException
use of org.forgerock.oauth2.core.exceptions.ServerException in project OpenAM by OpenRock.
the class OpenAMOAuth2UrisFactory method get.
@Override
public OAuth2Uris get(HttpServletRequest request, RealmInfo realmInfo) throws NotFoundException, ServerException {
String absoluteRealm = realmInfo.getAbsoluteRealm();
BaseURLProvider baseURLProvider = baseURLProviderFactory.get(absoluteRealm);
String baseUrl;
try {
baseUrl = baseURLProvider.getRealmURL(request, "/oauth2", absoluteRealm);
} catch (InvalidBaseUrlException e) {
throw new ServerException("Configuration error");
}
return get(absoluteRealm, baseUrl);
}
Also used :
ServerException(org.forgerock.oauth2.core.exceptions.ServerException)
InvalidBaseUrlException(org.forgerock.openam.services.baseurl.InvalidBaseUrlException)
BaseURLProvider(org.forgerock.openam.services.baseurl.BaseURLProvider)
Example 75 with ServerException
use of org.forgerock.oauth2.core.exceptions.ServerException in project OpenAM by OpenRock.
the class OpenAMOAuth2ProviderSettings method getAllowedResponseTypes.
/**
* {@inheritDoc}
*/
public Map<String, ResponseTypeHandler> getAllowedResponseTypes() throws UnsupportedResponseTypeException, ServerException {
try {
Set<String> responseTypeSet = getSetting(realm, OAuth2ProviderService.RESPONSE_TYPE_LIST);
if (responseTypeSet == null || responseTypeSet.isEmpty()) {
return Collections.emptyMap();
}
Map<String, ResponseTypeHandler> responseTypes = new HashMap<String, ResponseTypeHandler>();
for (String responseType : responseTypeSet) {
String[] parts = responseType.split("\\|");
if (parts.length != 2) {
logger.error("Response type wrong format for realm: " + realm);
continue;
}
responseTypes.put(parts[0], wrap(parts[0], parts[1]));
}
return responseTypes;
} catch (SMSException e) {
logger.error(e.getMessage());
throw new ServerException(e);
} catch (SSOException e) {
logger.error(e.getMessage());
throw new ServerException(e);
}
}
Also used :
NoneResponseTypeHandler(org.forgerock.oauth2.core.NoneResponseTypeHandler)
LegacyResponseTypeHandler(org.forgerock.openam.oauth2.legacy.LegacyResponseTypeHandler)
ResponseTypeHandler(org.forgerock.oauth2.core.ResponseTypeHandler)
ServerException(org.forgerock.oauth2.core.exceptions.ServerException)
HashMap(java.util.HashMap)
SMSException(com.sun.identity.sm.SMSException)
SSOException(com.iplanet.sso.SSOException)
Aggregations
ServerException (org.forgerock.oauth2.core.exceptions.ServerException)60
OAuth2ProviderSettings (org.forgerock.oauth2.core.OAuth2ProviderSettings)31
OAuth2Request (org.forgerock.oauth2.core.OAuth2Request)25
JsonValue (org.forgerock.json.JsonValue)18
NotFoundException (org.forgerock.oauth2.core.exceptions.NotFoundException)18
CoreTokenException (org.forgerock.openam.cts.exceptions.CoreTokenException)18
ResourceSetDescription (org.forgerock.oauth2.resources.ResourceSetDescription)14
HashMap (java.util.HashMap)13
AccessToken (org.forgerock.oauth2.core.AccessToken)13
HashSet (java.util.HashSet)12
InvalidGrantException (org.forgerock.oauth2.core.exceptions.InvalidGrantException)11
ResourceSetStore (org.forgerock.oauth2.resources.ResourceSetStore)11
SSOException (com.iplanet.sso.SSOException)9
Request (org.restlet.Request)9
InvalidClientException (org.forgerock.oauth2.core.exceptions.InvalidClientException)8
Map (java.util.Map)7
OAuth2Uris (org.forgerock.oauth2.core.OAuth2Uris)7
JSONObject (org.json.JSONObject)7
SMSException (com.sun.identity.sm.SMSException)6
ResourceOwner (org.forgerock.oauth2.core.ResourceOwner)6
