use of org.forgerock.oauth2.restlet.AuthorizeRequestHook in project OpenAM by OpenRock.
the class OAuth2GuiceModule method configure.
/**
* {@inheritDoc}
*/
@Override
protected void configure() {
bind(AuthorizationService.class).to(AuthorizationServiceImpl.class);
bind(new TypeLiteral<OAuth2RequestFactory<?, Request>>() {
}).to(RestletOAuth2RequestFactory.class);
bind(ResourceOwnerConsentVerifier.class).to(OpenIdResourceOwnerConsentVerifier.class);
bind(ClientRegistrationStore.class).to(OpenAMClientRegistrationStore.class);
bind(OpenIdConnectClientRegistrationStore.class).to(OpenAMClientRegistrationStore.class);
bind(OAuth2ProviderSettingsFactory.class).to(OpenAMOAuth2ProviderSettingsFactory.class);
bind(OAuth2ProviderSettingsFactory.class).to(OpenAMOAuth2ProviderSettingsFactory.class);
bind(ResourceOwnerSessionValidator.class).to(OpenAMResourceOwnerSessionValidator.class);
bind(ClientAuthenticator.class).to(ClientAuthenticatorImpl.class);
bind(TokenStore.class).to(OpenAMTokenStore.class);
bind(OpenIdConnectTokenStore.class).to(OpenAMTokenStore.class);
bind(AccessTokenService.class).to(AccessTokenServiceImpl.class);
bind(ResourceOwnerAuthenticator.class).to(OpenAMResourceOwnerAuthenticator.class);
bind(IdTokenResponseTypeHandler.class).to(OpenAMIdTokenResponseTypeHandler.class);
bind(UserInfoService.class).to(UserInfoServiceImpl.class);
bind(TokenInfoService.class).to(TokenInfoServiceImpl.class);
bind(ClientAuthenticationFailureFactory.class).to(OpenAMClientAuthenticationFailureFactory.class);
bind(AccessTokenVerifier.class).to(RestletHeaderAccessTokenVerifier.class);
bind(AccessTokenVerifier.class).annotatedWith(named(HEADER)).to(RestletHeaderAccessTokenVerifier.class);
bind(AccessTokenVerifier.class).annotatedWith(named(FORM_BODY)).to(RestletFormBodyAccessTokenVerifier.class);
bind(AccessTokenVerifier.class).annotatedWith(named(QUERY_PARAM)).to(RestletQueryParameterAccessTokenVerifier.class);
bind(OpenIDConnectProvider.class).to(OpenAMOpenIDConnectProvider.class);
bind(ClientDAO.class).to(OpenAMClientDAO.class);
bind(OpenIdConnectClientRegistrationService.class).to(OpenAMOpenIdConnectClientRegistrationService.class);
bind(OpenAMSettings.class).toProvider(new Provider<OpenAMSettings>() {
public OpenAMSettings get() {
return new OpenAMSettingsImpl(OAuth2Constants.OAuth2ProviderService.NAME, OAuth2Constants.OAuth2ProviderService.VERSION);
}
});
bind(OpenIDTokenIssuer.class).to(OpenAMOpenIdTokenIssuer.class);
final Multibinder<AuthorizeRequestValidator> authorizeRequestValidators = Multibinder.newSetBinder(binder(), AuthorizeRequestValidator.class);
authorizeRequestValidators.addBinding().to(AuthorizeRequestValidatorImpl.class);
authorizeRequestValidators.addBinding().to(OpenIdConnectAuthorizeRequestValidator.class);
authorizeRequestValidators.addBinding().to(ClaimsParameterValidator.class);
authorizeRequestValidators.addBinding().to(SubjectTypeValidator.class);
authorizeRequestValidators.addBinding().to(CodeVerifierValidator.class);
final Multibinder<AuthorizationCodeRequestValidator> authorizationCodeRequestValidators = Multibinder.newSetBinder(binder(), AuthorizationCodeRequestValidator.class);
authorizationCodeRequestValidators.addBinding().to(AuthorizationCodeRequestValidatorImpl.class);
final Multibinder<ClientCredentialsRequestValidator> clientCredentialsRequestValidators = Multibinder.newSetBinder(binder(), ClientCredentialsRequestValidator.class);
clientCredentialsRequestValidators.addBinding().to(ClientCredentialsRequestValidatorImpl.class);
final Multibinder<PasswordCredentialsRequestValidator> passwordCredentialsRequestValidators = Multibinder.newSetBinder(binder(), PasswordCredentialsRequestValidator.class);
passwordCredentialsRequestValidators.addBinding().to(PasswordCredentialsRequestValidatorImpl.class);
final MapBinder<String, GrantTypeHandler> grantTypeHandlers = MapBinder.newMapBinder(binder(), String.class, GrantTypeHandler.class);
grantTypeHandlers.addBinding(CLIENT_CREDENTIALS).to(ClientCredentialsGrantTypeHandler.class);
grantTypeHandlers.addBinding(PASSWORD).to(PasswordCredentialsGrantTypeHandler.class);
grantTypeHandlers.addBinding(AUTHORIZATION_CODE).to(AuthorizationCodeGrantTypeHandler.class);
grantTypeHandlers.addBinding(DEVICE_CODE).to(DeviceCodeGrantTypeHandler.class);
grantTypeHandlers.addBinding(JWT_BEARER).to(JwtBearerGrantTypeHandler.class);
grantTypeHandlers.addBinding(OAuth2Constants.TokenEndpoint.SAML2_BEARER).to(Saml2GrantTypeHandler.class);
final Multibinder<AuthorizeRequestHook> authorizeRequestHooks = Multibinder.newSetBinder(binder(), AuthorizeRequestHook.class);
authorizeRequestHooks.addBinding().to(LoginHintHook.class);
final Multibinder<TokenRequestHook> tokenRequestHooks = Multibinder.newSetBinder(binder(), TokenRequestHook.class);
tokenRequestHooks.addBinding().to(LoginHintHook.class);
install(new FactoryModuleBuilder().implement(ResourceSetStore.class, OpenAMResourceSetStore.class).build(ResourceSetStoreFactory.class));
bind(TokenIdGenerator.class).to(ThreadSafeTokenIdGenerator.class);
Multibinder.newSetBinder(binder(), TokenIntrospectionHandler.class).addBinding().to(OAuth2TokenIntrospectionHandler.class);
bind(TokenIntrospectionService.class).to(TokenIntrospectionServiceImpl.class);
Multibinder.newSetBinder(binder(), ResourceSetRegistrationHook.class);
bind(OpenIDConnectURLValidator.class).toInstance(OpenIDConnectURLValidator.getInstance());
install(new LabelsGuiceModule());
bind(OAuth2UrisFactory.class).to(OpenAMOAuth2UrisFactory.class);
bind(new TypeLiteral<OAuth2UrisFactory<RealmInfo>>() {
}).to(OpenAMOAuth2UrisFactory.class);
}
use of org.forgerock.oauth2.restlet.AuthorizeRequestHook in project OpenAM by OpenRock.
the class AuthorizeResource method authorize.
/**
* Handles GET requests to the OAuth2 authorize endpoint.
* <br/>
* This method will be called when a client has requested a resource owner grants it authorization to access a
* resource.
*
* @return The body to be sent in the response to the user agent.
* @throws OAuth2RestletException If a OAuth2 error occurs whilst processing the authorization request.
*/
@Get
public Representation authorize() throws OAuth2RestletException {
final OAuth2Request request = requestFactory.create(getRequest());
for (AuthorizeRequestHook hook : hooks) {
hook.beforeAuthorizeHandling(request, getRequest(), getResponse());
}
try {
final AuthorizationToken authorizationToken = authorizationService.authorize(request);
final String redirectUri = getQueryValue("redirect_uri");
Representation response = representation.toRepresentation(getContext(), getRequest(), getResponse(), authorizationToken, redirectUri);
for (AuthorizeRequestHook hook : hooks) {
hook.afterAuthorizeSuccess(request, getRequest(), getResponse());
}
return response;
} catch (IllegalArgumentException e) {
if (e.getMessage().contains("client_id")) {
throw new OAuth2RestletException(400, "invalid_request", e.getMessage(), request.<String>getParameter("state"));
}
throw new OAuth2RestletException(400, "invalid_request", e.getMessage(), request.<String>getParameter("redirect_uri"), request.<String>getParameter("state"));
} catch (ResourceOwnerAuthenticationRequired e) {
throw new OAuth2RestletException(e.getStatusCode(), e.getError(), e.getMessage(), e.getRedirectUri().toString(), null);
} catch (ResourceOwnerConsentRequired e) {
return representation.getRepresentation(getContext(), request, "authorize.ftl", getDataModel(e, request));
} catch (InvalidClientException e) {
throw new OAuth2RestletException(e.getStatusCode(), e.getError(), e.getMessage(), request.<String>getParameter("state"));
} catch (RedirectUriMismatchException e) {
throw new OAuth2RestletException(e.getStatusCode(), e.getError(), e.getMessage(), request.<String>getParameter("state"));
} catch (OAuth2Exception e) {
throw new OAuth2RestletException(e.getStatusCode(), e.getError(), e.getMessage(), request.<String>getParameter("redirect_uri"), request.<String>getParameter("state"), e.getParameterLocation());
}
}
use of org.forgerock.oauth2.restlet.AuthorizeRequestHook in project OpenAM by OpenRock.
the class AuthorizeResource method authorize.
/**
* Handles POST requests to the OAuth2 authorize endpoint.
* <br/>
* This method will be called when a user has given their consent for an authorization request.
*
* @param entity The entity on the request.
* @return The body to be sent in the response to the user agent.
* @throws OAuth2RestletException If a OAuth2 error occurs whilst processing the authorization request.
*/
@Post
public Representation authorize(Representation entity) throws OAuth2RestletException {
final OAuth2Request request = requestFactory.create(getRequest());
for (AuthorizeRequestHook hook : hooks) {
hook.beforeAuthorizeHandling(request, getRequest(), getResponse());
}
final boolean consentGiven = "allow".equalsIgnoreCase(request.<String>getParameter("decision"));
final boolean saveConsent = "on".equalsIgnoreCase(request.<String>getParameter("save_consent"));
try {
final AuthorizationToken authorizationToken = authorizationService.authorize(request, consentGiven, saveConsent);
final String redirectUri = request.getParameter("redirect_uri");
Representation response = representation.toRepresentation(getContext(), getRequest(), getResponse(), authorizationToken, redirectUri);
for (AuthorizeRequestHook hook : hooks) {
hook.afterAuthorizeSuccess(request, getRequest(), getResponse());
}
return response;
} catch (ResourceOwnerAuthenticationRequired e) {
throw new OAuth2RestletException(e.getStatusCode(), e.getError(), e.getMessage(), e.getRedirectUri().toString(), null);
} catch (InvalidClientException e) {
throw new OAuth2RestletException(e.getStatusCode(), e.getError(), e.getMessage(), request.<String>getParameter("state"));
} catch (RedirectUriMismatchException e) {
throw new OAuth2RestletException(e.getStatusCode(), e.getError(), e.getMessage(), request.<String>getParameter("state"));
} catch (OAuth2Exception e) {
throw new OAuth2RestletException(e.getStatusCode(), e.getError(), e.getMessage(), request.<String>getParameter("redirect_uri"), request.<String>getParameter("state"), e.getParameterLocation());
}
}
Aggregations