Search in sources :

Example 1 with AuthorizeRequestHook

use of org.forgerock.oauth2.restlet.AuthorizeRequestHook in project OpenAM by OpenRock.

the class OAuth2GuiceModule method configure.

/**
     * {@inheritDoc}
     */
@Override
protected void configure() {
    bind(AuthorizationService.class).to(AuthorizationServiceImpl.class);
    bind(new TypeLiteral<OAuth2RequestFactory<?, Request>>() {
    }).to(RestletOAuth2RequestFactory.class);
    bind(ResourceOwnerConsentVerifier.class).to(OpenIdResourceOwnerConsentVerifier.class);
    bind(ClientRegistrationStore.class).to(OpenAMClientRegistrationStore.class);
    bind(OpenIdConnectClientRegistrationStore.class).to(OpenAMClientRegistrationStore.class);
    bind(OAuth2ProviderSettingsFactory.class).to(OpenAMOAuth2ProviderSettingsFactory.class);
    bind(OAuth2ProviderSettingsFactory.class).to(OpenAMOAuth2ProviderSettingsFactory.class);
    bind(ResourceOwnerSessionValidator.class).to(OpenAMResourceOwnerSessionValidator.class);
    bind(ClientAuthenticator.class).to(ClientAuthenticatorImpl.class);
    bind(TokenStore.class).to(OpenAMTokenStore.class);
    bind(OpenIdConnectTokenStore.class).to(OpenAMTokenStore.class);
    bind(AccessTokenService.class).to(AccessTokenServiceImpl.class);
    bind(ResourceOwnerAuthenticator.class).to(OpenAMResourceOwnerAuthenticator.class);
    bind(IdTokenResponseTypeHandler.class).to(OpenAMIdTokenResponseTypeHandler.class);
    bind(UserInfoService.class).to(UserInfoServiceImpl.class);
    bind(TokenInfoService.class).to(TokenInfoServiceImpl.class);
    bind(ClientAuthenticationFailureFactory.class).to(OpenAMClientAuthenticationFailureFactory.class);
    bind(AccessTokenVerifier.class).to(RestletHeaderAccessTokenVerifier.class);
    bind(AccessTokenVerifier.class).annotatedWith(named(HEADER)).to(RestletHeaderAccessTokenVerifier.class);
    bind(AccessTokenVerifier.class).annotatedWith(named(FORM_BODY)).to(RestletFormBodyAccessTokenVerifier.class);
    bind(AccessTokenVerifier.class).annotatedWith(named(QUERY_PARAM)).to(RestletQueryParameterAccessTokenVerifier.class);
    bind(OpenIDConnectProvider.class).to(OpenAMOpenIDConnectProvider.class);
    bind(ClientDAO.class).to(OpenAMClientDAO.class);
    bind(OpenIdConnectClientRegistrationService.class).to(OpenAMOpenIdConnectClientRegistrationService.class);
    bind(OpenAMSettings.class).toProvider(new Provider<OpenAMSettings>() {

        public OpenAMSettings get() {
            return new OpenAMSettingsImpl(OAuth2Constants.OAuth2ProviderService.NAME, OAuth2Constants.OAuth2ProviderService.VERSION);
        }
    });
    bind(OpenIDTokenIssuer.class).to(OpenAMOpenIdTokenIssuer.class);
    final Multibinder<AuthorizeRequestValidator> authorizeRequestValidators = Multibinder.newSetBinder(binder(), AuthorizeRequestValidator.class);
    authorizeRequestValidators.addBinding().to(AuthorizeRequestValidatorImpl.class);
    authorizeRequestValidators.addBinding().to(OpenIdConnectAuthorizeRequestValidator.class);
    authorizeRequestValidators.addBinding().to(ClaimsParameterValidator.class);
    authorizeRequestValidators.addBinding().to(SubjectTypeValidator.class);
    authorizeRequestValidators.addBinding().to(CodeVerifierValidator.class);
    final Multibinder<AuthorizationCodeRequestValidator> authorizationCodeRequestValidators = Multibinder.newSetBinder(binder(), AuthorizationCodeRequestValidator.class);
    authorizationCodeRequestValidators.addBinding().to(AuthorizationCodeRequestValidatorImpl.class);
    final Multibinder<ClientCredentialsRequestValidator> clientCredentialsRequestValidators = Multibinder.newSetBinder(binder(), ClientCredentialsRequestValidator.class);
    clientCredentialsRequestValidators.addBinding().to(ClientCredentialsRequestValidatorImpl.class);
    final Multibinder<PasswordCredentialsRequestValidator> passwordCredentialsRequestValidators = Multibinder.newSetBinder(binder(), PasswordCredentialsRequestValidator.class);
    passwordCredentialsRequestValidators.addBinding().to(PasswordCredentialsRequestValidatorImpl.class);
    final MapBinder<String, GrantTypeHandler> grantTypeHandlers = MapBinder.newMapBinder(binder(), String.class, GrantTypeHandler.class);
    grantTypeHandlers.addBinding(CLIENT_CREDENTIALS).to(ClientCredentialsGrantTypeHandler.class);
    grantTypeHandlers.addBinding(PASSWORD).to(PasswordCredentialsGrantTypeHandler.class);
    grantTypeHandlers.addBinding(AUTHORIZATION_CODE).to(AuthorizationCodeGrantTypeHandler.class);
    grantTypeHandlers.addBinding(DEVICE_CODE).to(DeviceCodeGrantTypeHandler.class);
    grantTypeHandlers.addBinding(JWT_BEARER).to(JwtBearerGrantTypeHandler.class);
    grantTypeHandlers.addBinding(OAuth2Constants.TokenEndpoint.SAML2_BEARER).to(Saml2GrantTypeHandler.class);
    final Multibinder<AuthorizeRequestHook> authorizeRequestHooks = Multibinder.newSetBinder(binder(), AuthorizeRequestHook.class);
    authorizeRequestHooks.addBinding().to(LoginHintHook.class);
    final Multibinder<TokenRequestHook> tokenRequestHooks = Multibinder.newSetBinder(binder(), TokenRequestHook.class);
    tokenRequestHooks.addBinding().to(LoginHintHook.class);
    install(new FactoryModuleBuilder().implement(ResourceSetStore.class, OpenAMResourceSetStore.class).build(ResourceSetStoreFactory.class));
    bind(TokenIdGenerator.class).to(ThreadSafeTokenIdGenerator.class);
    Multibinder.newSetBinder(binder(), TokenIntrospectionHandler.class).addBinding().to(OAuth2TokenIntrospectionHandler.class);
    bind(TokenIntrospectionService.class).to(TokenIntrospectionServiceImpl.class);
    Multibinder.newSetBinder(binder(), ResourceSetRegistrationHook.class);
    bind(OpenIDConnectURLValidator.class).toInstance(OpenIDConnectURLValidator.getInstance());
    install(new LabelsGuiceModule());
    bind(OAuth2UrisFactory.class).to(OpenAMOAuth2UrisFactory.class);
    bind(new TypeLiteral<OAuth2UrisFactory<RealmInfo>>() {
    }).to(OpenAMOAuth2UrisFactory.class);
}
Also used : IdTokenResponseTypeHandler(org.forgerock.openidconnect.IdTokenResponseTypeHandler) OpenAMIdTokenResponseTypeHandler(org.forgerock.openam.openidconnect.OpenAMIdTokenResponseTypeHandler) OpenIdConnectTokenStore(org.forgerock.openidconnect.OpenIdConnectTokenStore) OpenAMOpenIDConnectProvider(org.forgerock.openam.openidconnect.OpenAMOpenIDConnectProvider) OpenIDConnectProvider(org.forgerock.openidconnect.OpenIDConnectProvider) FactoryModuleBuilder(com.google.inject.assistedinject.FactoryModuleBuilder) ResourceOwnerConsentVerifier(org.forgerock.oauth2.core.ResourceOwnerConsentVerifier) OpenIdResourceOwnerConsentVerifier(org.forgerock.openidconnect.OpenIdResourceOwnerConsentVerifier) OpenIDTokenIssuer(org.forgerock.openidconnect.OpenIDTokenIssuer) OpenAMClientRegistrationStore(org.forgerock.openam.oauth2.OpenAMClientRegistrationStore) OpenIdConnectClientRegistrationStore(org.forgerock.openidconnect.OpenIdConnectClientRegistrationStore) ClientRegistrationStore(org.forgerock.oauth2.core.ClientRegistrationStore) AuthorizationCodeRequestValidator(org.forgerock.oauth2.core.AuthorizationCodeRequestValidator) OpenIdConnectClientRegistrationStore(org.forgerock.openidconnect.OpenIdConnectClientRegistrationStore) ClientCredentialsRequestValidator(org.forgerock.oauth2.core.ClientCredentialsRequestValidator) TokenIntrospectionService(org.forgerock.oauth2.core.TokenIntrospectionService) UserInfoService(org.forgerock.openidconnect.UserInfoService) PasswordCredentialsRequestValidator(org.forgerock.oauth2.core.PasswordCredentialsRequestValidator) RealmInfo(org.forgerock.openam.core.RealmInfo) TokenRequestHook(org.forgerock.oauth2.restlet.TokenRequestHook) TypeLiteral(com.google.inject.TypeLiteral) OAuth2ProviderSettingsFactory(org.forgerock.oauth2.core.OAuth2ProviderSettingsFactory) OpenAMOAuth2ProviderSettingsFactory(org.forgerock.openam.oauth2.OpenAMOAuth2ProviderSettingsFactory) OpenAMClientDAO(org.forgerock.openam.oauth2.OpenAMClientDAO) ClientDAO(org.forgerock.openidconnect.ClientDAO) OpenAMSettingsImpl(org.forgerock.openam.utils.OpenAMSettingsImpl) OpenAMResourceOwnerSessionValidator(org.forgerock.openam.oauth2.OpenAMResourceOwnerSessionValidator) ResourceOwnerSessionValidator(org.forgerock.oauth2.core.ResourceOwnerSessionValidator) RestletFormBodyAccessTokenVerifier(org.forgerock.oauth2.restlet.RestletFormBodyAccessTokenVerifier) RestletQueryParameterAccessTokenVerifier(org.forgerock.oauth2.restlet.RestletQueryParameterAccessTokenVerifier) RestletHeaderAccessTokenVerifier(org.forgerock.oauth2.restlet.RestletHeaderAccessTokenVerifier) AccessTokenVerifier(org.forgerock.oauth2.core.AccessTokenVerifier) AuthorizationCodeGrantTypeHandler(org.forgerock.oauth2.core.AuthorizationCodeGrantTypeHandler) JwtBearerGrantTypeHandler(org.forgerock.oauth2.core.JwtBearerGrantTypeHandler) ClientCredentialsGrantTypeHandler(org.forgerock.oauth2.core.ClientCredentialsGrantTypeHandler) DeviceCodeGrantTypeHandler(org.forgerock.oauth2.core.DeviceCodeGrantTypeHandler) Saml2GrantTypeHandler(org.forgerock.openam.oauth2.saml2.core.Saml2GrantTypeHandler) GrantTypeHandler(org.forgerock.oauth2.core.GrantTypeHandler) PasswordCredentialsGrantTypeHandler(org.forgerock.oauth2.core.PasswordCredentialsGrantTypeHandler) OpenAMOAuth2UrisFactory(org.forgerock.openam.oauth2.OpenAMOAuth2UrisFactory) OAuth2UrisFactory(org.forgerock.oauth2.core.OAuth2UrisFactory) AuthorizeRequestValidator(org.forgerock.oauth2.core.AuthorizeRequestValidator) OpenIdConnectAuthorizeRequestValidator(org.forgerock.openidconnect.OpenIdConnectAuthorizeRequestValidator) Request(org.restlet.Request) OAuth2Request(org.forgerock.oauth2.core.OAuth2Request) TokenInfoService(org.forgerock.oauth2.core.TokenInfoService) ClientAuthenticationFailureFactory(org.forgerock.oauth2.core.exceptions.ClientAuthenticationFailureFactory) OpenAMClientAuthenticationFailureFactory(org.forgerock.oauth2.restlet.OpenAMClientAuthenticationFailureFactory) OpenAMSettings(org.forgerock.openam.utils.OpenAMSettings) OpenIDConnectURLValidator(org.forgerock.openam.oauth2.validation.OpenIDConnectURLValidator) ThreadSafeTokenIdGenerator(org.forgerock.openam.sm.datalayer.utils.ThreadSafeTokenIdGenerator) TokenIdGenerator(org.forgerock.openam.cts.api.tokens.TokenIdGenerator) AuthorizationService(org.forgerock.oauth2.core.AuthorizationService) AccessTokenService(org.forgerock.oauth2.core.AccessTokenService) OpenIdConnectClientRegistrationService(org.forgerock.openidconnect.OpenIdConnectClientRegistrationService) OpenAMOpenIdConnectClientRegistrationService(org.forgerock.openam.openidconnect.OpenAMOpenIdConnectClientRegistrationService) ClientAuthenticator(org.forgerock.oauth2.core.ClientAuthenticator) OpenAMResourceOwnerAuthenticator(org.forgerock.openam.oauth2.OpenAMResourceOwnerAuthenticator) ResourceOwnerAuthenticator(org.forgerock.oauth2.core.ResourceOwnerAuthenticator) LabelsGuiceModule(org.forgerock.openam.oauth2.resources.labels.LabelsGuiceModule) TokenStore(org.forgerock.oauth2.core.TokenStore) OpenIdConnectTokenStore(org.forgerock.openidconnect.OpenIdConnectTokenStore) OpenAMTokenStore(org.forgerock.openam.oauth2.OpenAMTokenStore) OAuthTokenStore(org.forgerock.openam.oauth2.OAuthTokenStore) AuthorizeRequestHook(org.forgerock.oauth2.restlet.AuthorizeRequestHook) ResourceSetStoreFactory(org.forgerock.openam.oauth2.resources.ResourceSetStoreFactory)

Example 2 with AuthorizeRequestHook

use of org.forgerock.oauth2.restlet.AuthorizeRequestHook in project OpenAM by OpenRock.

the class AuthorizeResource method authorize.

/**
     * Handles GET requests to the OAuth2 authorize endpoint.
     * <br/>
     * This method will be called when a client has requested a resource owner grants it authorization to access a
     * resource.
     *
     * @return The body to be sent in the response to the user agent.
     * @throws OAuth2RestletException If a OAuth2 error occurs whilst processing the authorization request.
     */
@Get
public Representation authorize() throws OAuth2RestletException {
    final OAuth2Request request = requestFactory.create(getRequest());
    for (AuthorizeRequestHook hook : hooks) {
        hook.beforeAuthorizeHandling(request, getRequest(), getResponse());
    }
    try {
        final AuthorizationToken authorizationToken = authorizationService.authorize(request);
        final String redirectUri = getQueryValue("redirect_uri");
        Representation response = representation.toRepresentation(getContext(), getRequest(), getResponse(), authorizationToken, redirectUri);
        for (AuthorizeRequestHook hook : hooks) {
            hook.afterAuthorizeSuccess(request, getRequest(), getResponse());
        }
        return response;
    } catch (IllegalArgumentException e) {
        if (e.getMessage().contains("client_id")) {
            throw new OAuth2RestletException(400, "invalid_request", e.getMessage(), request.<String>getParameter("state"));
        }
        throw new OAuth2RestletException(400, "invalid_request", e.getMessage(), request.<String>getParameter("redirect_uri"), request.<String>getParameter("state"));
    } catch (ResourceOwnerAuthenticationRequired e) {
        throw new OAuth2RestletException(e.getStatusCode(), e.getError(), e.getMessage(), e.getRedirectUri().toString(), null);
    } catch (ResourceOwnerConsentRequired e) {
        return representation.getRepresentation(getContext(), request, "authorize.ftl", getDataModel(e, request));
    } catch (InvalidClientException e) {
        throw new OAuth2RestletException(e.getStatusCode(), e.getError(), e.getMessage(), request.<String>getParameter("state"));
    } catch (RedirectUriMismatchException e) {
        throw new OAuth2RestletException(e.getStatusCode(), e.getError(), e.getMessage(), request.<String>getParameter("state"));
    } catch (OAuth2Exception e) {
        throw new OAuth2RestletException(e.getStatusCode(), e.getError(), e.getMessage(), request.<String>getParameter("redirect_uri"), request.<String>getParameter("state"), e.getParameterLocation());
    }
}
Also used : ResourceOwnerAuthenticationRequired(org.forgerock.oauth2.core.exceptions.ResourceOwnerAuthenticationRequired) OAuth2Request(org.forgerock.oauth2.core.OAuth2Request) AuthorizationToken(org.forgerock.oauth2.core.AuthorizationToken) RedirectUriMismatchException(org.forgerock.oauth2.core.exceptions.RedirectUriMismatchException) ResourceOwnerConsentRequired(org.forgerock.oauth2.core.exceptions.ResourceOwnerConsentRequired) InvalidClientException(org.forgerock.oauth2.core.exceptions.InvalidClientException) Representation(org.restlet.representation.Representation) OAuth2Exception(org.forgerock.oauth2.core.exceptions.OAuth2Exception) Get(org.restlet.resource.Get)

Example 3 with AuthorizeRequestHook

use of org.forgerock.oauth2.restlet.AuthorizeRequestHook in project OpenAM by OpenRock.

the class AuthorizeResource method authorize.

/**
     * Handles POST requests to the OAuth2 authorize endpoint.
     * <br/>
     * This method will be called when a user has given their consent for an authorization request.
     *
     * @param entity The entity on the request.
     * @return The body to be sent in the response to the user agent.
     * @throws OAuth2RestletException If a OAuth2 error occurs whilst processing the authorization request.
     */
@Post
public Representation authorize(Representation entity) throws OAuth2RestletException {
    final OAuth2Request request = requestFactory.create(getRequest());
    for (AuthorizeRequestHook hook : hooks) {
        hook.beforeAuthorizeHandling(request, getRequest(), getResponse());
    }
    final boolean consentGiven = "allow".equalsIgnoreCase(request.<String>getParameter("decision"));
    final boolean saveConsent = "on".equalsIgnoreCase(request.<String>getParameter("save_consent"));
    try {
        final AuthorizationToken authorizationToken = authorizationService.authorize(request, consentGiven, saveConsent);
        final String redirectUri = request.getParameter("redirect_uri");
        Representation response = representation.toRepresentation(getContext(), getRequest(), getResponse(), authorizationToken, redirectUri);
        for (AuthorizeRequestHook hook : hooks) {
            hook.afterAuthorizeSuccess(request, getRequest(), getResponse());
        }
        return response;
    } catch (ResourceOwnerAuthenticationRequired e) {
        throw new OAuth2RestletException(e.getStatusCode(), e.getError(), e.getMessage(), e.getRedirectUri().toString(), null);
    } catch (InvalidClientException e) {
        throw new OAuth2RestletException(e.getStatusCode(), e.getError(), e.getMessage(), request.<String>getParameter("state"));
    } catch (RedirectUriMismatchException e) {
        throw new OAuth2RestletException(e.getStatusCode(), e.getError(), e.getMessage(), request.<String>getParameter("state"));
    } catch (OAuth2Exception e) {
        throw new OAuth2RestletException(e.getStatusCode(), e.getError(), e.getMessage(), request.<String>getParameter("redirect_uri"), request.<String>getParameter("state"), e.getParameterLocation());
    }
}
Also used : ResourceOwnerAuthenticationRequired(org.forgerock.oauth2.core.exceptions.ResourceOwnerAuthenticationRequired) OAuth2Request(org.forgerock.oauth2.core.OAuth2Request) AuthorizationToken(org.forgerock.oauth2.core.AuthorizationToken) RedirectUriMismatchException(org.forgerock.oauth2.core.exceptions.RedirectUriMismatchException) InvalidClientException(org.forgerock.oauth2.core.exceptions.InvalidClientException) Representation(org.restlet.representation.Representation) OAuth2Exception(org.forgerock.oauth2.core.exceptions.OAuth2Exception) Post(org.restlet.resource.Post)

Aggregations

OAuth2Request (org.forgerock.oauth2.core.OAuth2Request)3 AuthorizationToken (org.forgerock.oauth2.core.AuthorizationToken)2 InvalidClientException (org.forgerock.oauth2.core.exceptions.InvalidClientException)2 OAuth2Exception (org.forgerock.oauth2.core.exceptions.OAuth2Exception)2 RedirectUriMismatchException (org.forgerock.oauth2.core.exceptions.RedirectUriMismatchException)2 ResourceOwnerAuthenticationRequired (org.forgerock.oauth2.core.exceptions.ResourceOwnerAuthenticationRequired)2 Representation (org.restlet.representation.Representation)2 TypeLiteral (com.google.inject.TypeLiteral)1 FactoryModuleBuilder (com.google.inject.assistedinject.FactoryModuleBuilder)1 AccessTokenService (org.forgerock.oauth2.core.AccessTokenService)1 AccessTokenVerifier (org.forgerock.oauth2.core.AccessTokenVerifier)1 AuthorizationCodeGrantTypeHandler (org.forgerock.oauth2.core.AuthorizationCodeGrantTypeHandler)1 AuthorizationCodeRequestValidator (org.forgerock.oauth2.core.AuthorizationCodeRequestValidator)1 AuthorizationService (org.forgerock.oauth2.core.AuthorizationService)1 AuthorizeRequestValidator (org.forgerock.oauth2.core.AuthorizeRequestValidator)1 ClientAuthenticator (org.forgerock.oauth2.core.ClientAuthenticator)1 ClientCredentialsGrantTypeHandler (org.forgerock.oauth2.core.ClientCredentialsGrantTypeHandler)1 ClientCredentialsRequestValidator (org.forgerock.oauth2.core.ClientCredentialsRequestValidator)1 ClientRegistrationStore (org.forgerock.oauth2.core.ClientRegistrationStore)1 DeviceCodeGrantTypeHandler (org.forgerock.oauth2.core.DeviceCodeGrantTypeHandler)1