use of org.forgerock.openam.core.rest.authn.exceptions.RestAuthException in project OpenAM by OpenRock.
the class RestAuthenticationHandler method processAuthentication.
/**
* Using the given LoginProcess will process the authentication by getting the required callbacks and either
* completing and submitting them or sending the requirements back to the client as JSON. If the authentication
* process has completed it will then check the completion status and will either return an error or the SSO Token
* Id to the client.
*
* @param request The HttpServletRequest.
* @param response The HttpServletResponse.
* @param postBody The post body of the request.
* @param loginProcess The LoginProcess used to track the login.
* @param loginConfiguration The LoginConfiguration used to configure the login process.
* @return A ResponseBuilder which contains the contents of the response to return to the client.
* @throws AuthLoginException If there is a problem submitting the callbacks.
* @throws SignatureException If there is a problem creating the JWT to use in the response to the client.
*/
private JsonValue processAuthentication(HttpServletRequest request, HttpServletResponse response, JsonValue postBody, String authId, LoginProcess loginProcess, LoginConfiguration loginConfiguration) throws AuthLoginException, SignatureException, RestAuthException {
switch(loginProcess.getLoginStage()) {
case REQUIREMENTS_WAITING:
{
Callback[] callbacks = loginProcess.getCallbacks();
JsonValue jsonCallbacks;
try {
if (callbacks.length == 1 && callbacks[0] instanceof RedirectCallback && postBody != null) {
jsonCallbacks = null;
} else {
jsonCallbacks = handleCallbacks(request, response, postBody, callbacks);
}
} catch (RestAuthResponseException e) {
// Include the authId in the JSON response.
if (authId == null) {
authId = authIdHelper.createAuthId(loginConfiguration, loginProcess.getAuthContext());
}
e.getJsonResponse().put(AUTH_ID, authId);
AuditRequestContext.putProperty(AUTH_ID, authId);
throw e;
}
if (jsonCallbacks != null && jsonCallbacks.size() > 0) {
JsonValue jsonValue = createJsonCallbackResponse(authId, loginConfiguration, loginProcess, jsonCallbacks);
return jsonValue;
} else {
loginProcess = loginProcess.next(callbacks);
return processAuthentication(request, response, null, authId, loginProcess, loginConfiguration);
}
}
case COMPLETE:
{
loginProcess.cleanup();
if (loginProcess.isSuccessful()) {
// send token to client
JsonObject jsonResponseObject = JsonValueBuilder.jsonValue();
SSOToken ssoToken = loginProcess.getSSOToken();
if (ssoToken != null) {
String tokenId = ssoToken.getTokenID().toString();
jsonResponseObject.put(TOKEN_ID, tokenId);
AuditRequestContext.putProperty(TOKEN_ID, tokenId);
} else {
jsonResponseObject.put("message", "Authentication Successful");
}
String gotoUrl = urlValidator.getRedirectUrl(loginProcess.getOrgDN(), urlValidator.getValueFromJson(postBody, RedirectUrlValidator.GOTO), loginProcess.getSuccessURL());
jsonResponseObject.put("successUrl", gotoUrl);
return jsonResponseObject.build();
} else {
// send Error to client
AuthenticationContext authContext = loginProcess.getAuthContext();
String errorCode = authContext.getErrorCode();
String errorMessage = authContext.getErrorMessage();
throw new RestAuthErrorCodeException(errorCode, errorMessage);
}
}
}
// This should never happen
throw new RestAuthException(ResourceException.INTERNAL_ERROR, "Unknown Authentication State!");
}
use of org.forgerock.openam.core.rest.authn.exceptions.RestAuthException in project OpenAM by OpenRock.
the class AuthIdHelperTest method shouldThrowRestAuthExceptionWhenReconstructingAuthIdFails.
@Test
public void shouldThrowRestAuthExceptionWhenReconstructingAuthIdFails() {
//Given
given(jwtBuilderFactory.reconstruct("AUTH_ID", SignedJwt.class)).willThrow(JwtRuntimeException.class);
//When
RestAuthException exception = null;
boolean exceptionCaught = false;
try {
authIdHelper.reconstructAuthId("AUTH_ID");
fail();
} catch (RestAuthException e) {
exception = e;
exceptionCaught = true;
}
//Then
assertTrue(exceptionCaught);
assertEquals(exception.getStatusCode(), 400);
}
use of org.forgerock.openam.core.rest.authn.exceptions.RestAuthException in project OpenAM by OpenRock.
the class AuthIdHelperTest method shouldThrowExceptionWhenGeneratingAuthIdAndKeyAliasIsNull.
@Test
public void shouldThrowExceptionWhenGeneratingAuthIdAndKeyAliasIsNull() throws SSOException, SMSException, SignatureException {
//Given
LoginConfiguration loginConfiguration = mock(LoginConfiguration.class);
AuthContextLocalWrapper authContext = mock(AuthContextLocalWrapper.class);
given(authContext.getOrgDN()).willReturn("ORG_DN");
given(authContext.getSessionID()).willReturn(new SessionID("SESSION_ID"));
given(loginConfiguration.getIndexType()).willReturn(AuthIndexType.NONE);
given(loginConfiguration.getIndexValue()).willReturn(null);
mockGetSigningKey("ORG_DN", true);
//When
boolean exceptionCaught = false;
try {
authIdHelper.createAuthId(loginConfiguration, authContext);
fail();
} catch (RestAuthException e) {
exceptionCaught = true;
}
//Then
assertTrue(exceptionCaught);
}
use of org.forgerock.openam.core.rest.authn.exceptions.RestAuthException in project OpenAM by OpenRock.
the class AuthIdHelperTest method shouldVerifyAuthIdAndFailWhenReconstructingJwt.
@Test
public void shouldVerifyAuthIdAndFailWhenReconstructingJwt() throws SignatureException, SSOException, SMSException {
//Given
PublicKey publicKey = mock(PublicKey.class);
given(jwtBuilderFactory.reconstruct("AUTH_ID", SignedJwt.class)).willThrow(JwtRuntimeException.class);
mockGetSigningKey("REALM_DN", false);
//When
boolean exceptionCaught = false;
RestAuthException exception = null;
try {
authIdHelper.verifyAuthId("REALM_DN", "AUTH_ID");
fail();
} catch (RestAuthException e) {
exceptionCaught = true;
exception = e;
}
//Then
assertTrue(exceptionCaught);
assertEquals(exception.getStatusCode(), 400);
}
use of org.forgerock.openam.core.rest.authn.exceptions.RestAuthException in project OpenAM by OpenRock.
the class AuthIdHelperTest method shouldThrowSSOExceptionWhenFailToGetOrgConfig.
@Test
public void shouldThrowSSOExceptionWhenFailToGetOrgConfig() throws SSOException, SMSException, SignatureException {
//Given
LoginConfiguration loginConfiguration = mock(LoginConfiguration.class);
AuthContextLocalWrapper authContext = mock(AuthContextLocalWrapper.class);
given(coreServicesWrapper.getServiceConfigManager("iPlanetAMAuthService", null)).willThrow(SSOException.class);
//When
boolean exceptionCaught = false;
RestAuthException exception = null;
try {
authIdHelper.createAuthId(loginConfiguration, authContext);
fail();
} catch (RestAuthException e) {
exceptionCaught = true;
exception = e;
}
//Then
assertTrue(exceptionCaught);
assertEquals(exception.getStatusCode(), 500);
}
Aggregations