Examples with ServerException org.forgerock.oauth2.core.exceptions.ServerException used on opensource projects

Example 21 with ServerException

use of org.forgerock.oauth2.core.exceptions.ServerException in project OpenAM by OpenRock.

the class OpenAMResourceOwnerSessionValidator method setCurrentAcr.

/**
     * If the user is already logged in when the OAuth2 request comes in with an acr_values parameter, we
     * look to see if they've already matched one. If they have, we set the acr value on the request.
     */
private void setCurrentAcr(SSOToken token, OAuth2Request request, String acrValuesStr) throws NotFoundException, ServerException, SSOException, AccessDeniedException, UnsupportedEncodingException, URISyntaxException, ResourceOwnerAuthenticationRequired {
    String serviceUsed = token.getProperty(ISAuthConstants.SERVICE);
    Set<String> acrValues = new HashSet<>(Arrays.asList(acrValuesStr.split("\\s+")));
    OAuth2ProviderSettings settings = providerSettingsFactory.get(request);
    Map<String, AuthenticationMethod> acrMap = settings.getAcrMapping();
    boolean matched = false;
    for (String acr : acrValues) {
        if (acrMap.containsKey(acr)) {
            if (serviceUsed.equals(acrMap.get(acr).getName())) {
                final Request req = request.getRequest();
                req.getResourceRef().addQueryParameter(OAuth2Constants.JWTTokenParams.ACR, acr);
                matched = true;
            }
        }
    }
    if (!matched) {
        throw authenticationRequired(request, token);
    }
}

Example 22 with ServerException

use of org.forgerock.oauth2.core.exceptions.ServerException in project OpenAM by OpenRock.

the class OpenAMResourceOwnerSessionValidator method chooseBestAcrValue.

/**
     * Searches through the supplied 'acr' values to find a matching authentication context configuration service for
     * this OpenID Connect client. If the client is not an OIDC client, or if no match is found, then {@code null} is
     * returned and the default login configuration for the realm will be used. Values will be tried in the order
     * passed, and the first matching value will be chosen.
     *
     * @param request the OAuth2 request that requires authentication.
     * @param acrValues the values of the acr_values parameter, in preference order.
     * @return the matching ACR value, or {@code null} if no match was found.
     */
private ACRValue chooseBestAcrValue(final OAuth2Request request, final String... acrValues) throws ServerException, NotFoundException {
    final OAuth2ProviderSettings settings = providerSettingsFactory.get(request);
    final Map<String, AuthenticationMethod> mapping = settings.getAcrMapping();
    if (mapping != null) {
        for (String acrValue : acrValues) {
            final AuthenticationMethod method = mapping.get(acrValue);
            if (method instanceof OpenAMAuthenticationMethod) {
                if (logger.messageEnabled()) {
                    logger.message("Picked ACR value [" + acrValue + "] -> " + method);
                }
                return new ACRValue(acrValue, (OpenAMAuthenticationMethod) method);
            }
        }
    }
    if (logger.messageEnabled()) {
        logger.message("No ACR value matched - using default login configuration");
    }
    return null;
}

Example 23 with ServerException

use of org.forgerock.oauth2.core.exceptions.ServerException in project OpenAM by OpenRock.

the class OpenAMResourceSetStore method delete.

@Override
public void delete(String resourceSetId, String resourceOwnerId) throws NotFoundException, ServerException {
    try {
        ResourceSetDescription token = read(resourceSetId, resourceOwnerId);
        delegate.delete(token.getId());
    } catch (org.forgerock.openam.sm.datalayer.store.NotFoundException e) {
        throw new NotFoundException("Could not find resource set");
    } catch (org.forgerock.openam.sm.datalayer.store.ServerException e) {
        throw new ServerException(e);
    }
}

Example 24 with ServerException

use of org.forgerock.oauth2.core.exceptions.ServerException in project OpenAM by OpenRock.

the class OpenAMTokenStore method readRefreshToken.

/**
     * {@inheritDoc}
     */
public RefreshToken readRefreshToken(OAuth2Request request, String tokenId) throws ServerException, InvalidGrantException, NotFoundException {
    RefreshToken loaded = request.getToken(RefreshToken.class);
    if (loaded != null) {
        return loaded;
    }
    logger.message("Read refresh token");
    JsonValue token;
    try {
        token = tokenStore.read(tokenId);
    } catch (CoreTokenException e) {
        logger.error("Unable to read refresh token corresponding to id: " + tokenId, e);
        throw new ServerException("Could not read token in CTS: " + e.getMessage());
    }
    if (token == null) {
        logger.error("Unable to read refresh token corresponding to id: " + tokenId);
        throw new InvalidGrantException("grant is invalid");
    }
    OpenAMRefreshToken refreshToken = new OpenAMRefreshToken(token);
    validateTokenRealm(refreshToken.getRealm(), request);
    request.setToken(RefreshToken.class, refreshToken);
    return refreshToken;
}

Example 25 with ServerException

use of org.forgerock.oauth2.core.exceptions.ServerException in project OpenAM by OpenRock.

the class OpenAMTokenStore method updateDeviceCode.

@Override
public void updateDeviceCode(DeviceCode code, OAuth2Request request) throws ServerException, NotFoundException, InvalidGrantException {
    try {
        readDeviceCode(code.getClientId(), code.getDeviceCode(), request);
        tokenStore.update(code);
    } catch (CoreTokenException e) {
        throw new ServerException("Could not update user code state");
    }
}