Examples with RealmInfo org.forgerock.openam.core.RealmInfo used on opensource projects

Example 1 with RealmInfo

use of org.forgerock.openam.core.RealmInfo in project OpenAM by OpenRock.

the class IdTokenClaimGathererTest method mockOAuth2Uris.

private OAuth2UrisFactory<RealmInfo> mockOAuth2Uris() throws NotFoundException, ServerException {
    OAuth2UrisFactory<RealmInfo> oAuth2UrisFactory = mock(OAuth2UrisFactory.class);
    given(oAuth2UrisFactory.get(oAuth2Request)).willReturn(oAuth2Uris);
    PublicKey publicKey = mock(PublicKey.class);
    KeyPair keyPair = new KeyPair(publicKey, null);
    given(oAuth2ProviderSettings.getServerKeyPair()).willReturn(keyPair);
    return oAuth2UrisFactory;
}

Example 2 with RealmInfo

use of org.forgerock.openam.core.RealmInfo in project OpenAM by OpenRock.

the class RestletRealmRouter method doHandle.

/**
     * <p>Takes the last realm URI parameter from the request and appends to the growing full realm value.</p>
     *
     * <p>i.e. last realm URI parameter: realm2, current full realm value: /realm1, after appending: /realm1/realm2.</p>
     *
     * @param next {@inheritDoc}
     * @param request {@inheritDoc}
     * @param response {@inheritDoc}
     */
@Override
protected void doHandle(Restlet next, Request request, Response response) {
    RealmInfo realmInfo = getRealmFromURI(request);
    if (realmInfo == null) {
        realmInfo = getRealmFromServerName(request);
    }
    if (next != delegateRoute) {
        String overrideRealm = getRealmFromQueryString(request);
        if (overrideRealm != null) {
            realmInfo = realmInfo.withOverrideRealm(overrideRealm);
        }
        request.getAttributes().put(REALM_URL, request.getResourceRef().getBaseRef().toString());
    }
    // Check that the path references an existing realm
    if (!realmValidator.isRealm(realmInfo.getAbsoluteRealm())) {
        String realm = realmInfo.getAbsoluteRealm();
        try {
            SSOToken adminToken = coreWrapper.getAdminToken();
            //Need to strip off leading '/' from realm otherwise just generates a DN based of the realm value, which is wrong
            if (realmInfo.getAbsoluteRealm().startsWith("/")) {
                realm = realm.substring(1);
            }
            String orgDN = coreWrapper.getOrganization(adminToken, realm);
            realmInfo = realmInfo.withAbsoluteRealm(coreWrapper.convertOrgNameToRealmName(orgDN));
        } catch (IdRepoException | SSOException e) {
            throw new ResourceException(Status.CLIENT_ERROR_BAD_REQUEST, "Invalid realm, " + realm);
        }
    }
    request.getAttributes().put(REALM, realmInfo.getAbsoluteRealm());
    request.getAttributes().put(REALM_INFO, realmInfo);
    HttpServletRequest httpRequest = ServletUtils.getRequest(request);
    httpRequest.setAttribute(REALM, realmInfo.getAbsoluteRealm());
    httpRequest.setAttribute(REALM_INFO, realmInfo);
    request.getAttributes().remove("subrealm");
    super.doHandle(next, request, response);
}

Example 3 with RealmInfo

use of org.forgerock.openam.core.RealmInfo in project OpenAM by OpenRock.

the class OAuth2GuiceModule method configure.

/**
     * {@inheritDoc}
     */
@Override
protected void configure() {
    bind(AuthorizationService.class).to(AuthorizationServiceImpl.class);
    bind(new TypeLiteral<OAuth2RequestFactory<?, Request>>() {
    }).to(RestletOAuth2RequestFactory.class);
    bind(ResourceOwnerConsentVerifier.class).to(OpenIdResourceOwnerConsentVerifier.class);
    bind(ClientRegistrationStore.class).to(OpenAMClientRegistrationStore.class);
    bind(OpenIdConnectClientRegistrationStore.class).to(OpenAMClientRegistrationStore.class);
    bind(OAuth2ProviderSettingsFactory.class).to(OpenAMOAuth2ProviderSettingsFactory.class);
    bind(OAuth2ProviderSettingsFactory.class).to(OpenAMOAuth2ProviderSettingsFactory.class);
    bind(ResourceOwnerSessionValidator.class).to(OpenAMResourceOwnerSessionValidator.class);
    bind(ClientAuthenticator.class).to(ClientAuthenticatorImpl.class);
    bind(TokenStore.class).to(OpenAMTokenStore.class);
    bind(OpenIdConnectTokenStore.class).to(OpenAMTokenStore.class);
    bind(AccessTokenService.class).to(AccessTokenServiceImpl.class);
    bind(ResourceOwnerAuthenticator.class).to(OpenAMResourceOwnerAuthenticator.class);
    bind(IdTokenResponseTypeHandler.class).to(OpenAMIdTokenResponseTypeHandler.class);
    bind(UserInfoService.class).to(UserInfoServiceImpl.class);
    bind(TokenInfoService.class).to(TokenInfoServiceImpl.class);
    bind(ClientAuthenticationFailureFactory.class).to(OpenAMClientAuthenticationFailureFactory.class);
    bind(AccessTokenVerifier.class).to(RestletHeaderAccessTokenVerifier.class);
    bind(AccessTokenVerifier.class).annotatedWith(named(HEADER)).to(RestletHeaderAccessTokenVerifier.class);
    bind(AccessTokenVerifier.class).annotatedWith(named(FORM_BODY)).to(RestletFormBodyAccessTokenVerifier.class);
    bind(AccessTokenVerifier.class).annotatedWith(named(QUERY_PARAM)).to(RestletQueryParameterAccessTokenVerifier.class);
    bind(OpenIDConnectProvider.class).to(OpenAMOpenIDConnectProvider.class);
    bind(ClientDAO.class).to(OpenAMClientDAO.class);
    bind(OpenIdConnectClientRegistrationService.class).to(OpenAMOpenIdConnectClientRegistrationService.class);
    bind(OpenAMSettings.class).toProvider(new Provider<OpenAMSettings>() {

        public OpenAMSettings get() {
            return new OpenAMSettingsImpl(OAuth2Constants.OAuth2ProviderService.NAME, OAuth2Constants.OAuth2ProviderService.VERSION);
        }
    });
    bind(OpenIDTokenIssuer.class).to(OpenAMOpenIdTokenIssuer.class);
    final Multibinder<AuthorizeRequestValidator> authorizeRequestValidators = Multibinder.newSetBinder(binder(), AuthorizeRequestValidator.class);
    authorizeRequestValidators.addBinding().to(AuthorizeRequestValidatorImpl.class);
    authorizeRequestValidators.addBinding().to(OpenIdConnectAuthorizeRequestValidator.class);
    authorizeRequestValidators.addBinding().to(ClaimsParameterValidator.class);
    authorizeRequestValidators.addBinding().to(SubjectTypeValidator.class);
    authorizeRequestValidators.addBinding().to(CodeVerifierValidator.class);
    final Multibinder<AuthorizationCodeRequestValidator> authorizationCodeRequestValidators = Multibinder.newSetBinder(binder(), AuthorizationCodeRequestValidator.class);
    authorizationCodeRequestValidators.addBinding().to(AuthorizationCodeRequestValidatorImpl.class);
    final Multibinder<ClientCredentialsRequestValidator> clientCredentialsRequestValidators = Multibinder.newSetBinder(binder(), ClientCredentialsRequestValidator.class);
    clientCredentialsRequestValidators.addBinding().to(ClientCredentialsRequestValidatorImpl.class);
    final Multibinder<PasswordCredentialsRequestValidator> passwordCredentialsRequestValidators = Multibinder.newSetBinder(binder(), PasswordCredentialsRequestValidator.class);
    passwordCredentialsRequestValidators.addBinding().to(PasswordCredentialsRequestValidatorImpl.class);
    final MapBinder<String, GrantTypeHandler> grantTypeHandlers = MapBinder.newMapBinder(binder(), String.class, GrantTypeHandler.class);
    grantTypeHandlers.addBinding(CLIENT_CREDENTIALS).to(ClientCredentialsGrantTypeHandler.class);
    grantTypeHandlers.addBinding(PASSWORD).to(PasswordCredentialsGrantTypeHandler.class);
    grantTypeHandlers.addBinding(AUTHORIZATION_CODE).to(AuthorizationCodeGrantTypeHandler.class);
    grantTypeHandlers.addBinding(DEVICE_CODE).to(DeviceCodeGrantTypeHandler.class);
    grantTypeHandlers.addBinding(JWT_BEARER).to(JwtBearerGrantTypeHandler.class);
    grantTypeHandlers.addBinding(OAuth2Constants.TokenEndpoint.SAML2_BEARER).to(Saml2GrantTypeHandler.class);
    final Multibinder<AuthorizeRequestHook> authorizeRequestHooks = Multibinder.newSetBinder(binder(), AuthorizeRequestHook.class);
    authorizeRequestHooks.addBinding().to(LoginHintHook.class);
    final Multibinder<TokenRequestHook> tokenRequestHooks = Multibinder.newSetBinder(binder(), TokenRequestHook.class);
    tokenRequestHooks.addBinding().to(LoginHintHook.class);
    install(new FactoryModuleBuilder().implement(ResourceSetStore.class, OpenAMResourceSetStore.class).build(ResourceSetStoreFactory.class));
    bind(TokenIdGenerator.class).to(ThreadSafeTokenIdGenerator.class);
    Multibinder.newSetBinder(binder(), TokenIntrospectionHandler.class).addBinding().to(OAuth2TokenIntrospectionHandler.class);
    bind(TokenIntrospectionService.class).to(TokenIntrospectionServiceImpl.class);
    Multibinder.newSetBinder(binder(), ResourceSetRegistrationHook.class);
    bind(OpenIDConnectURLValidator.class).toInstance(OpenIDConnectURLValidator.getInstance());
    install(new LabelsGuiceModule());
    bind(OAuth2UrisFactory.class).to(OpenAMOAuth2UrisFactory.class);
    bind(new TypeLiteral<OAuth2UrisFactory<RealmInfo>>() {
    }).to(OpenAMOAuth2UrisFactory.class);
}

Example 4 with RealmInfo

use of org.forgerock.openam.core.RealmInfo in project OpenAM by OpenRock.

the class AuthorizationRequestEndpointTest method setup.

@BeforeMethod
@SuppressWarnings("unchecked")
public void setup() throws ServerException, InvalidGrantException, NotFoundException, EntitlementException, JSONException {
    requestFactory = mock(OAuth2RequestFactory.class);
    OAuth2Request oAuth2Request = mock(OAuth2Request.class);
    given(requestFactory.create(any(Request.class))).willReturn(oAuth2Request);
    given(oAuth2Request.getParameter("realm")).willReturn("REALM");
    accessToken = mock(AccessToken.class);
    oauth2TokenStore = mock(TokenStore.class);
    given(oauth2TokenStore.readAccessToken(Matchers.<OAuth2Request>anyObject(), anyString())).willReturn(accessToken);
    given(accessToken.getClientId()).willReturn(RS_CLIENT_ID);
    given(accessToken.getResourceOwnerId()).willReturn(REQUESTING_PARTY_ID);
    umaAuditLogger = mock(UmaAuditLogger.class);
    umaTokenStore = mock(UmaTokenStore.class);
    rpt = mock(RequestingPartyToken.class);
    given(rpt.getId()).willReturn("1");
    permissionTicket = mock(PermissionTicket.class);
    given(permissionTicket.getExpiryTime()).willReturn(System.currentTimeMillis() + 10000);
    given(permissionTicket.getResourceSetId()).willReturn(RS_ID);
    given(permissionTicket.getResourceServerClientId()).willReturn(RS_CLIENT_ID);
    given(permissionTicket.getRealm()).willReturn("REALM");
    given(umaTokenStore.readPermissionTicket(anyString())).willReturn(permissionTicket);
    given(umaTokenStore.createRPT(Matchers.<PermissionTicket>anyObject())).willReturn(rpt);
    resourceSetStore = mock(ResourceSetStore.class);
    ResourceSetDescription resourceSet = new ResourceSetDescription();
    resourceSet.setId(RS_DESCRIPTION_ID);
    resourceSet.setResourceOwnerId(RESOURCE_OWNER_ID);
    given(resourceSetStore.query(QueryFilter.equalTo(ResourceSetTokenField.RESOURCE_SET_ID, RS_ID))).willReturn(Collections.singleton(resourceSet));
    umaProviderSettings = mock(UmaProviderSettings.class);
    policyEvaluator = mock(Evaluator.class);
    given(umaProviderSettings.getPolicyEvaluator(any(Subject.class), eq(RS_CLIENT_ID.toLowerCase()))).willReturn(policyEvaluator);
    given(umaProviderSettings.getUmaTokenStore()).willReturn(umaTokenStore);
    umaProviderSettingsFactory = mock(UmaProviderSettingsFactory.class);
    given(umaProviderSettingsFactory.get(Matchers.<Request>anyObject())).willReturn(umaProviderSettings);
    given(umaProviderSettings.getUmaTokenStore()).willReturn(umaTokenStore);
    OAuth2ProviderSettingsFactory oauth2ProviderSettingsFactory = mock(OAuth2ProviderSettingsFactory.class);
    OAuth2ProviderSettings oauth2ProviderSettings = mock(OAuth2ProviderSettings.class);
    given(oauth2ProviderSettingsFactory.get(any(OAuth2Request.class))).willReturn(oauth2ProviderSettings);
    given(oauth2ProviderSettings.getResourceSetStore()).willReturn(resourceSetStore);
    OAuth2UrisFactory<RealmInfo> oauth2UrisFactory = mock(OAuth2UrisFactory.class);
    OAuth2Uris oauth2Uris = mock(OAuth2Uris.class);
    given(oauth2UrisFactory.get(any(OAuth2Request.class))).willReturn(oauth2Uris);
    given(oauth2Uris.getIssuer()).willReturn("ISSUER");
    pendingRequestsService = mock(PendingRequestsService.class);
    Map<String, ClaimGatherer> claimGatherers = new HashMap<>();
    idTokenClaimGatherer = mock(IdTokenClaimGatherer.class);
    claimGatherers.put(IdTokenClaimGatherer.FORMAT, idTokenClaimGatherer);
    ExtensionFilterManager extensionFilterManager = mock(ExtensionFilterManager.class);
    requestAuthorizationFilter = mock(RequestAuthorizationFilter.class);
    given(extensionFilterManager.getFilters(RequestAuthorizationFilter.class)).willReturn(Collections.singletonList(requestAuthorizationFilter));
    UmaExceptionHandler exceptionHandler = mock(UmaExceptionHandler.class);
    endpoint = spy(new AuthorizationRequestEndpoint2(umaProviderSettingsFactory, oauth2TokenStore, requestFactory, oauth2ProviderSettingsFactory, oauth2UrisFactory, umaAuditLogger, pendingRequestsService, claimGatherers, extensionFilterManager, exceptionHandler, jacksonRepresentationFactory));
    request = mock(Request.class);
    given(endpoint.getRequest()).willReturn(request);
    response = mock(Response.class);
    endpoint.setResponse(response);
    requestBody = mock(JSONObject.class);
    given(requestBody.toString()).willReturn("{\"ticket\": \"016f84e8-f9b9-11e0-bd6f-0021cc6004de\"}");
    entity = mock(JsonRepresentation.class);
    given(entity.getJsonObject()).willReturn(requestBody);
}

Example 5 with RealmInfo

use of org.forgerock.openam.core.RealmInfo in project OpenAM by OpenRock.

the class IdTokenClaimGathererTest method setup.

@BeforeMethod
public void setup() throws Exception {
    initMocks(this);
    OAuth2ProviderSettingsFactory oAuth2ProviderSettingsFactory = mockOAuth2ProviderSettings();
    OAuth2UrisFactory<RealmInfo> oauth2UrisFactory = mockOAuth2Uris();
    ClientRegistrationStore clientRegistrationStore = mockClientRegistrationStore();
    claimGatherer = spy(new IdTokenClaimGatherer(oAuth2ProviderSettingsFactory, oauth2UrisFactory, clientRegistrationStore, jwtReconstruction, signingManager));
    given(jwtReconstruction.reconstructJwt(anyString(), eq(SignedJwt.class))).willReturn(idToken);
    given(idToken.getHeader()).willReturn(jwsHeader);
    given(idToken.getClaimsSet()).willReturn(claimsSet);
}