Search in sources :

Example 16 with RestAuthException

use of org.forgerock.openam.core.rest.authn.exceptions.RestAuthException in project OpenAM by OpenRock.

the class RestAuthenticationHandler method processAuthentication.

/**
     * Using the given LoginProcess will process the authentication by getting the required callbacks and either
     * completing and submitting them or sending the requirements back to the client as JSON. If the authentication
     * process has completed it will then check the completion status and will either return an error or the SSO Token
     * Id to the client.
     *
     * @param request The HttpServletRequest.
     * @param response The HttpServletResponse.
     * @param postBody The post body of the request.
     * @param loginProcess The LoginProcess used to track the login.
     * @param loginConfiguration The LoginConfiguration used to configure the login process.
     * @return A ResponseBuilder which contains the contents of the response to return to the client.
     * @throws AuthLoginException If there is a problem submitting the callbacks.
     * @throws SignatureException If there is a problem creating the JWT to use in the response to the client.
     */
private JsonValue processAuthentication(HttpServletRequest request, HttpServletResponse response, JsonValue postBody, String authId, LoginProcess loginProcess, LoginConfiguration loginConfiguration) throws AuthLoginException, SignatureException, RestAuthException {
    switch(loginProcess.getLoginStage()) {
        case REQUIREMENTS_WAITING:
            {
                Callback[] callbacks = loginProcess.getCallbacks();
                JsonValue jsonCallbacks;
                try {
                    if (callbacks.length == 1 && callbacks[0] instanceof RedirectCallback && postBody != null) {
                        jsonCallbacks = null;
                    } else {
                        jsonCallbacks = handleCallbacks(request, response, postBody, callbacks);
                    }
                } catch (RestAuthResponseException e) {
                    // Include the authId in the JSON response.
                    if (authId == null) {
                        authId = authIdHelper.createAuthId(loginConfiguration, loginProcess.getAuthContext());
                    }
                    e.getJsonResponse().put(AUTH_ID, authId);
                    AuditRequestContext.putProperty(AUTH_ID, authId);
                    throw e;
                }
                if (jsonCallbacks != null && jsonCallbacks.size() > 0) {
                    JsonValue jsonValue = createJsonCallbackResponse(authId, loginConfiguration, loginProcess, jsonCallbacks);
                    return jsonValue;
                } else {
                    loginProcess = loginProcess.next(callbacks);
                    return processAuthentication(request, response, null, authId, loginProcess, loginConfiguration);
                }
            }
        case COMPLETE:
            {
                loginProcess.cleanup();
                if (loginProcess.isSuccessful()) {
                    // send token to client
                    JsonObject jsonResponseObject = JsonValueBuilder.jsonValue();
                    SSOToken ssoToken = loginProcess.getSSOToken();
                    if (ssoToken != null) {
                        String tokenId = ssoToken.getTokenID().toString();
                        jsonResponseObject.put(TOKEN_ID, tokenId);
                        AuditRequestContext.putProperty(TOKEN_ID, tokenId);
                    } else {
                        jsonResponseObject.put("message", "Authentication Successful");
                    }
                    String gotoUrl = urlValidator.getRedirectUrl(loginProcess.getOrgDN(), urlValidator.getValueFromJson(postBody, RedirectUrlValidator.GOTO), loginProcess.getSuccessURL());
                    jsonResponseObject.put("successUrl", gotoUrl);
                    return jsonResponseObject.build();
                } else {
                    // send Error to client
                    AuthenticationContext authContext = loginProcess.getAuthContext();
                    String errorCode = authContext.getErrorCode();
                    String errorMessage = authContext.getErrorMessage();
                    throw new RestAuthErrorCodeException(errorCode, errorMessage);
                }
            }
    }
    // This should never happen
    throw new RestAuthException(ResourceException.INTERNAL_ERROR, "Unknown Authentication State!");
}
Also used : RestAuthErrorCodeException(org.forgerock.openam.core.rest.authn.exceptions.RestAuthErrorCodeException) RestAuthException(org.forgerock.openam.core.rest.authn.exceptions.RestAuthException) RedirectCallback(com.sun.identity.authentication.spi.RedirectCallback) SSOToken(com.iplanet.sso.SSOToken) AuthenticationContext(org.forgerock.openam.core.rest.authn.core.AuthenticationContext) RestAuthResponseException(org.forgerock.openam.core.rest.authn.exceptions.RestAuthResponseException) JsonValue(org.forgerock.json.JsonValue) JsonObject(org.forgerock.openam.utils.JsonObject)

Example 17 with RestAuthException

use of org.forgerock.openam.core.rest.authn.exceptions.RestAuthException in project OpenAM by OpenRock.

the class AuthIdHelperTest method shouldThrowRestAuthExceptionWhenReconstructingAuthIdFails.

@Test
public void shouldThrowRestAuthExceptionWhenReconstructingAuthIdFails() {
    //Given
    given(jwtBuilderFactory.reconstruct("AUTH_ID", SignedJwt.class)).willThrow(JwtRuntimeException.class);
    //When
    RestAuthException exception = null;
    boolean exceptionCaught = false;
    try {
        authIdHelper.reconstructAuthId("AUTH_ID");
        fail();
    } catch (RestAuthException e) {
        exception = e;
        exceptionCaught = true;
    }
    //Then
    assertTrue(exceptionCaught);
    assertEquals(exception.getStatusCode(), 400);
}
Also used : RestAuthException(org.forgerock.openam.core.rest.authn.exceptions.RestAuthException) Test(org.testng.annotations.Test)

Example 18 with RestAuthException

use of org.forgerock.openam.core.rest.authn.exceptions.RestAuthException in project OpenAM by OpenRock.

the class AuthIdHelperTest method shouldThrowExceptionWhenGeneratingAuthIdAndKeyAliasIsNull.

@Test
public void shouldThrowExceptionWhenGeneratingAuthIdAndKeyAliasIsNull() throws SSOException, SMSException, SignatureException {
    //Given
    LoginConfiguration loginConfiguration = mock(LoginConfiguration.class);
    AuthContextLocalWrapper authContext = mock(AuthContextLocalWrapper.class);
    given(authContext.getOrgDN()).willReturn("ORG_DN");
    given(authContext.getSessionID()).willReturn(new SessionID("SESSION_ID"));
    given(loginConfiguration.getIndexType()).willReturn(AuthIndexType.NONE);
    given(loginConfiguration.getIndexValue()).willReturn(null);
    mockGetSigningKey("ORG_DN", true);
    //When
    boolean exceptionCaught = false;
    try {
        authIdHelper.createAuthId(loginConfiguration, authContext);
        fail();
    } catch (RestAuthException e) {
        exceptionCaught = true;
    }
    //Then
    assertTrue(exceptionCaught);
}
Also used : RestAuthException(org.forgerock.openam.core.rest.authn.exceptions.RestAuthException) LoginConfiguration(org.forgerock.openam.core.rest.authn.core.LoginConfiguration) AuthContextLocalWrapper(org.forgerock.openam.core.rest.authn.core.wrappers.AuthContextLocalWrapper) SessionID(com.iplanet.dpro.session.SessionID) Test(org.testng.annotations.Test)

Example 19 with RestAuthException

use of org.forgerock.openam.core.rest.authn.exceptions.RestAuthException in project OpenAM by OpenRock.

the class AuthIdHelperTest method shouldVerifyAuthIdAndFailWhenReconstructingJwt.

@Test
public void shouldVerifyAuthIdAndFailWhenReconstructingJwt() throws SignatureException, SSOException, SMSException {
    //Given
    PublicKey publicKey = mock(PublicKey.class);
    given(jwtBuilderFactory.reconstruct("AUTH_ID", SignedJwt.class)).willThrow(JwtRuntimeException.class);
    mockGetSigningKey("REALM_DN", false);
    //When
    boolean exceptionCaught = false;
    RestAuthException exception = null;
    try {
        authIdHelper.verifyAuthId("REALM_DN", "AUTH_ID");
        fail();
    } catch (RestAuthException e) {
        exceptionCaught = true;
        exception = e;
    }
    //Then
    assertTrue(exceptionCaught);
    assertEquals(exception.getStatusCode(), 400);
}
Also used : RestAuthException(org.forgerock.openam.core.rest.authn.exceptions.RestAuthException) PublicKey(java.security.PublicKey) Test(org.testng.annotations.Test)

Example 20 with RestAuthException

use of org.forgerock.openam.core.rest.authn.exceptions.RestAuthException in project OpenAM by OpenRock.

the class AuthIdHelperTest method shouldThrowSSOExceptionWhenFailToGetOrgConfig.

@Test
public void shouldThrowSSOExceptionWhenFailToGetOrgConfig() throws SSOException, SMSException, SignatureException {
    //Given
    LoginConfiguration loginConfiguration = mock(LoginConfiguration.class);
    AuthContextLocalWrapper authContext = mock(AuthContextLocalWrapper.class);
    given(coreServicesWrapper.getServiceConfigManager("iPlanetAMAuthService", null)).willThrow(SSOException.class);
    //When
    boolean exceptionCaught = false;
    RestAuthException exception = null;
    try {
        authIdHelper.createAuthId(loginConfiguration, authContext);
        fail();
    } catch (RestAuthException e) {
        exceptionCaught = true;
        exception = e;
    }
    //Then
    assertTrue(exceptionCaught);
    assertEquals(exception.getStatusCode(), 500);
}
Also used : RestAuthException(org.forgerock.openam.core.rest.authn.exceptions.RestAuthException) LoginConfiguration(org.forgerock.openam.core.rest.authn.core.LoginConfiguration) AuthContextLocalWrapper(org.forgerock.openam.core.rest.authn.core.wrappers.AuthContextLocalWrapper) Test(org.testng.annotations.Test)

Aggregations

RestAuthException (org.forgerock.openam.core.rest.authn.exceptions.RestAuthException)22 Test (org.testng.annotations.Test)14 HttpServletRequest (javax.servlet.http.HttpServletRequest)5 JsonValue (org.forgerock.json.JsonValue)5 Request (org.forgerock.http.protocol.Request)4 Response (org.forgerock.http.protocol.Response)4 LoginConfiguration (org.forgerock.openam.core.rest.authn.core.LoginConfiguration)4 RestAuthResponseException (org.forgerock.openam.core.rest.authn.exceptions.RestAuthResponseException)4 AuthLoginException (com.sun.identity.authentication.spi.AuthLoginException)3 HttpServletResponse (javax.servlet.http.HttpServletResponse)3 SignedJwt (org.forgerock.json.jose.jws.SignedJwt)3 AuthContextLocalWrapper (org.forgerock.openam.core.rest.authn.core.wrappers.AuthContextLocalWrapper)3 SSOToken (com.iplanet.sso.SSOToken)2 PublicKey (java.security.PublicKey)2 Map (java.util.Map)2 SigningHandler (org.forgerock.json.jose.jws.handlers.SigningHandler)2 SessionID (com.iplanet.dpro.session.SessionID)1 SSOException (com.iplanet.sso.SSOException)1 RedirectCallback (com.sun.identity.authentication.spi.RedirectCallback)1 L10NMessageImpl (com.sun.identity.shared.locale.L10NMessageImpl)1