Example 11 with RestAuthException
use of org.forgerock.openam.core.rest.authn.exceptions.RestAuthException in project OpenAM by OpenRock.
the class AuthIdHelper method verifyAuthId.
/**
* Verifies the signature of the JWT, to ensure the JWT is valid.
*
* @param realmDN The DN for the realm being authenticated against.
* @param authId The authentication id JWT.
*/
public void verifyAuthId(String realmDN, String authId) throws RestAuthException {
SecretKey key = getSigningKey(realmDN);
try {
final SigningHandler signingHandler = signingManager.newHmacSigningHandler(key.getEncoded());
boolean verified = jwtBuilderFactory.reconstruct(authId, SignedJwt.class).verify(signingHandler);
if (!verified) {
throw new RestAuthException(ResourceException.BAD_REQUEST, "AuthId JWT Signature not valid");
}
} catch (JwtRuntimeException e) {
throw new RestAuthException(ResourceException.BAD_REQUEST, "Failed to parse JWT, " + e.getLocalizedMessage(), e);
}
}
Also used :
RestAuthException(org.forgerock.openam.core.rest.authn.exceptions.RestAuthException)
SecretKey(javax.crypto.SecretKey)
JwtRuntimeException(org.forgerock.json.jose.exceptions.JwtRuntimeException)
SignedJwt(org.forgerock.json.jose.jws.SignedJwt)
SigningHandler(org.forgerock.json.jose.jws.handlers.SigningHandler)
Example 12 with RestAuthException
use of org.forgerock.openam.core.rest.authn.exceptions.RestAuthException in project OpenAM by OpenRock.
the class LoginAuthenticatorTest method shouldThrow400ExceptionWithOrgDNNotValidReturningEmptyString.
@Test
public void shouldThrow400ExceptionWithOrgDNNotValidReturningEmptyString() throws SSOException, AuthException, AuthLoginException, IOException {
//Given
LoginConfiguration loginConfiguration = new LoginConfiguration();
HttpServletRequest request = mock(HttpServletRequest.class);
String sessionId = "SESSION_ID";
AuthIndexType authIndexType = AuthIndexType.COMPOSITE;
String authIndexValue = "INDEX_VALUE";
String ssoTokenId = "SSO_TOKEN_ID";
loginConfiguration.httpRequest(request).sessionId(sessionId).indexType(authIndexType).indexValue(authIndexValue).sessionUpgrade(ssoTokenId);
given(coreServicesWrapper.getDomainNameByRequest(request)).willReturn("");
//When
boolean exceptionCaught = false;
RestAuthException exception = null;
try {
loginAuthenticator.getLoginProcess(loginConfiguration);
} catch (RestAuthException e) {
exceptionCaught = true;
exception = e;
}
//Then
assertTrue(exceptionCaught);
assertEquals(exception.getStatusCode(), 400);
}
Also used :
HttpServletRequest(javax.servlet.http.HttpServletRequest)
RestAuthException(org.forgerock.openam.core.rest.authn.exceptions.RestAuthException)
Test(org.testng.annotations.Test)
Example 13 with RestAuthException
use of org.forgerock.openam.core.rest.authn.exceptions.RestAuthException in project OpenAM by OpenRock.
the class AuthenticationServiceV1Test method shouldReturnUnauthorizedCodeWithJsonErrorMessage.
@Test
public void shouldReturnUnauthorizedCodeWithJsonErrorMessage() throws IOException {
// given
Request httpRequest = new Request();
RestAuthException exception = new RestAuthException(401, "Invalid Password!!");
exception.setFailureUrl("http://localhost:8080");
// when
Response response = authServiceV1.handleErrorResponse(httpRequest, Status.valueOf(401), exception);
// then
assertThat(response.getStatus()).isEqualTo(Status.UNAUTHORIZED);
JsonValue responseBody = json(response.getEntity().getJson());
assertThat(responseBody).stringAt("errorMessage").isEqualTo("Invalid Password!!");
assertThat(responseBody).stringAt("failureUrl").isEqualTo("http://localhost:8080");
}
Also used :
RestAuthException(org.forgerock.openam.core.rest.authn.exceptions.RestAuthException)
Response(org.forgerock.http.protocol.Response)
Request(org.forgerock.http.protocol.Request)
JsonValue(org.forgerock.json.JsonValue)
Test(org.testng.annotations.Test)
Example 14 with RestAuthException
use of org.forgerock.openam.core.rest.authn.exceptions.RestAuthException in project OpenAM by OpenRock.
the class AuthenticationServiceV1Test method shouldReturnErrorMessageWithoutTemplate.
@Test
public void shouldReturnErrorMessageWithoutTemplate() throws IOException {
// given
Request httpRequest = new Request();
AuthLoginException ale = new AuthLoginException("amAuth", "119", null);
RestAuthException exception = new RestAuthException(401, ale);
// when
String message = authServiceV1.getLocalizedMessage(httpRequest, exception);
// then
assertThat(message).isEqualTo("Invalid Auth Level.");
}
Also used :
RestAuthException(org.forgerock.openam.core.rest.authn.exceptions.RestAuthException)
Request(org.forgerock.http.protocol.Request)
AuthLoginException(com.sun.identity.authentication.spi.AuthLoginException)
Test(org.testng.annotations.Test)
Example 15 with RestAuthException
use of org.forgerock.openam.core.rest.authn.exceptions.RestAuthException in project OpenAM by OpenRock.
the class RestAuthCallbackHandlerManager method handleJsonCallbacks.
/**
* Handles the JSON representations of Callbacks, converting them back to Callbacks by setting the values from
* the JSONArray to the original Callbacks passed in.
*
* The method sets the appropriate values on the Callbacks parameter and returns the same Callbacks
* parameter. This is required because of the way the AuthContext handles submitting requirements (Callbacks).
*
* The JSON callbacks array must be in the same order as it was sent it, so it matches the order of the Callback
* object array.
*
* @param originalCallbacks The Callbacks to set values from the JSONArray onto.
* @param jsonCallbacks The JSON representation of the Callbacks.
* @return The same Callbacks as in the parameters with the required values set.
*/
public Callback[] handleJsonCallbacks(final Callback[] originalCallbacks, final JsonValue jsonCallbacks) throws RestAuthException {
if (originalCallbacks.length != jsonCallbacks.size()) {
logger.error("Incorrect number of callbacks found in JSON response");
throw new RestAuthException(ResourceException.BAD_REQUEST, "Incorrect number of callbacks found in JSON response");
}
for (int i = 0; i < originalCallbacks.length; i++) {
final Callback originalCallback = originalCallbacks[i];
final RestAuthCallbackHandler restAuthCallbackHandler = restAuthCallbackHandlerFactory.getRestAuthCallbackHandler(originalCallback.getClass());
final JsonValue jsonCallback = jsonCallbacks.get(i);
if (!restAuthCallbackHandler.getCallbackClassName().equals(jsonCallback.get("type").asString())) {
logger.error("Required callback not found in JSON response");
throw new RestAuthException(ResourceException.BAD_REQUEST, "Required callback not found in JSON response");
}
restAuthCallbackHandler.convertFromJson(originalCallback, jsonCallback);
}
return originalCallbacks;
}
Also used :
RestAuthException(org.forgerock.openam.core.rest.authn.exceptions.RestAuthException)
Callback(javax.security.auth.callback.Callback)
JsonValue(org.forgerock.json.JsonValue)
RestAuthCallbackHandler(org.forgerock.openam.core.rest.authn.callbackhandlers.RestAuthCallbackHandler)
Aggregations
RestAuthException (org.forgerock.openam.core.rest.authn.exceptions.RestAuthException)22
Test (org.testng.annotations.Test)14
HttpServletRequest (javax.servlet.http.HttpServletRequest)5
JsonValue (org.forgerock.json.JsonValue)5
Request (org.forgerock.http.protocol.Request)4
Response (org.forgerock.http.protocol.Response)4
LoginConfiguration (org.forgerock.openam.core.rest.authn.core.LoginConfiguration)4
RestAuthResponseException (org.forgerock.openam.core.rest.authn.exceptions.RestAuthResponseException)4
AuthLoginException (com.sun.identity.authentication.spi.AuthLoginException)3
HttpServletResponse (javax.servlet.http.HttpServletResponse)3
SignedJwt (org.forgerock.json.jose.jws.SignedJwt)3
AuthContextLocalWrapper (org.forgerock.openam.core.rest.authn.core.wrappers.AuthContextLocalWrapper)3
SSOToken (com.iplanet.sso.SSOToken)2
PublicKey (java.security.PublicKey)2
Map (java.util.Map)2
SigningHandler (org.forgerock.json.jose.jws.handlers.SigningHandler)2
SessionID (com.iplanet.dpro.session.SessionID)1
SSOException (com.iplanet.sso.SSOException)1
RedirectCallback (com.sun.identity.authentication.spi.RedirectCallback)1
L10NMessageImpl (com.sun.identity.shared.locale.L10NMessageImpl)1
