Search in sources :

Example 31 with CoreTokenField

use of org.forgerock.openam.tokens.CoreTokenField in project OpenAM by OpenRock.

the class OAuth2UserApplications method deleteInstance.

/**
     * Allows users to revoke an OAuth2 application. This will remove their consent and revoke any access and refresh
     * tokens with a matching client id.
     * @param context The request context.
     * @param resourceId The id of the OAuth2 client.
     * @return A promise of the removed application.
     */
@Delete
public Promise<ResourceResponse, ResourceException> deleteInstance(Context context, String resourceId) {
    String userId = contextHelper.getUserId(context);
    String realm = contextHelper.getRealm(context);
    debug.message("Revoking access to OAuth2 client {} for user {}", resourceId, userId);
    try {
        oAuth2ProviderSettingsFactory.get(context).revokeConsent(userId, resourceId);
        QueryFilter<CoreTokenField> queryFilter = and(getQueryFilter(userId, realm), equalTo(CLIENT_ID.getField(), resourceId));
        JsonValue tokens = tokenStore.query(queryFilter);
        if (tokens.asCollection().isEmpty()) {
            return new org.forgerock.json.resource.NotFoundException().asPromise();
        }
        for (JsonValue token : tokens) {
            String tokenId = getAttributeValue(token, ID.getOAuthField());
            debug.message("Removing OAuth2 token {} with client {} for user {}", tokenId, resourceId, userId);
            tokenStore.delete(tokenId);
        }
        return getResourceResponse(context, resourceId, tokens).asPromise();
    } catch (CoreTokenException | InvalidClientException | NotFoundException | ServerException e) {
        debug.message("Failed to revoke access to OAuth2 client {} for user {}", resourceId, userId, e);
        return new InternalServerErrorException(e).asPromise();
    } catch (InternalServerErrorException e) {
        debug.message("Failed to revoke access to OAuth2 client {} for user {}", resourceId, userId, e);
        return e.asPromise();
    }
}
Also used : ServerException(org.forgerock.oauth2.core.exceptions.ServerException) JsonValue(org.forgerock.json.JsonValue) CoreTokenException(org.forgerock.openam.cts.exceptions.CoreTokenException) NotFoundException(org.forgerock.oauth2.core.exceptions.NotFoundException) CoreTokenField(org.forgerock.openam.tokens.CoreTokenField) InvalidClientException(org.forgerock.oauth2.core.exceptions.InvalidClientException) InternalServerErrorException(org.forgerock.json.resource.InternalServerErrorException) Delete(org.forgerock.json.resource.annotations.Delete)

Example 32 with CoreTokenField

use of org.forgerock.openam.tokens.CoreTokenField in project OpenAM by OpenRock.

the class TokenResource method queryCollection.

@Override
public Promise<QueryResponse, ResourceException> queryCollection(Context context, QueryRequest queryRequest, QueryResourceHandler handler) {
    try {
        JsonValue response;
        Collection<QueryFilter<CoreTokenField>> query = new ArrayList<QueryFilter<CoreTokenField>>();
        //get uid of submitter
        AMIdentity uid;
        try {
            uid = getUid(context);
            if (!uid.equals(adminUserId)) {
                query.add(QueryFilter.equalTo(USERNAME_FIELD, uid.getName()));
                query.add(QueryFilter.equalTo(REALM_FIELD, DNMapper.orgNameToRealmName(uid.getRealm())));
            }
        } catch (Exception e) {
            if (debug.errorEnabled()) {
                debug.error("TokenResource :: QUERY : Unable to query collection as no UID discovered " + "for requesting user.");
            }
            return new PermanentException(401, "Unauthorized", e).asPromise();
        }
        String id = queryRequest.getQueryId();
        String queryString;
        if (id.equals("access_token")) {
            queryString = "tokenName=access_token";
        } else {
            queryString = id;
        }
        String[] constraints = queryString.split(",");
        boolean userNamePresent = false;
        for (String constraint : constraints) {
            String[] params = constraint.split("=");
            if (params.length == 2) {
                if (OAuthTokenField.USER_NAME.getOAuthField().equals(params[0])) {
                    userNamePresent = true;
                }
                query.add(QueryFilter.equalTo(getOAuth2TokenField(params[0]), params[1]));
            }
        }
        if (adminUserId.equals(uid)) {
            if (!userNamePresent) {
                return new BadRequestException("userName field MUST be set in _queryId").asPromise();
            }
        } else if (userNamePresent) {
            return new BadRequestException("userName field MUST NOT be set in _queryId").asPromise();
        }
        response = tokenStore.query(QueryFilter.and(query));
        return handleResponse(handler, response, context);
    } catch (UnauthorizedClientException e) {
        debug.error("TokenResource :: QUERY : Unable to query collection as the client is not authorized.", e);
        return new PermanentException(401, e.getMessage(), e).asPromise();
    } catch (CoreTokenException e) {
        debug.error("TokenResource :: QUERY : Unable to query collection as the token store is not available.", e);
        return new ServiceUnavailableException(e.getMessage(), e).asPromise();
    } catch (InternalServerErrorException e) {
        debug.error("TokenResource :: QUERY : Unable to query collection as writing the response failed.", e);
        return e.asPromise();
    } catch (NotFoundException e) {
        debug.error("TokenResource :: QUERY : Unable to query collection as realm does not have OAuth 2 provider.", e);
        return e.asPromise();
    }
}
Also used : JsonValue(org.forgerock.json.JsonValue) ArrayList(java.util.ArrayList) CoreTokenException(org.forgerock.openam.cts.exceptions.CoreTokenException) NotFoundException(org.forgerock.json.resource.NotFoundException) CoreTokenField(org.forgerock.openam.tokens.CoreTokenField) ServiceUnavailableException(org.forgerock.json.resource.ServiceUnavailableException) PermanentException(org.forgerock.json.resource.PermanentException) InternalServerErrorException(org.forgerock.json.resource.InternalServerErrorException) ServerException(org.forgerock.oauth2.core.exceptions.ServerException) ServiceUnavailableException(org.forgerock.json.resource.ServiceUnavailableException) UnauthorizedClientException(org.forgerock.oauth2.core.exceptions.UnauthorizedClientException) SSOException(com.iplanet.sso.SSOException) NotFoundException(org.forgerock.json.resource.NotFoundException) BadRequestException(org.forgerock.json.resource.BadRequestException) IdRepoException(com.sun.identity.idm.IdRepoException) SMSException(com.sun.identity.sm.SMSException) ResourceException(org.forgerock.json.resource.ResourceException) CoreTokenException(org.forgerock.openam.cts.exceptions.CoreTokenException) QueryFilter(org.forgerock.util.query.QueryFilter) AMIdentity(com.sun.identity.idm.AMIdentity) PermanentException(org.forgerock.json.resource.PermanentException) UnauthorizedClientException(org.forgerock.oauth2.core.exceptions.UnauthorizedClientException) BadRequestException(org.forgerock.json.resource.BadRequestException) InternalServerErrorException(org.forgerock.json.resource.InternalServerErrorException)

Example 33 with CoreTokenField

use of org.forgerock.openam.tokens.CoreTokenField in project OpenAM by OpenRock.

the class TokenGenerationService method queryCollection.

@Override
public Promise<QueryResponse, ResourceException> queryCollection(final Context serverContext, final QueryRequest queryRequest, final QueryResourceHandler queryResultHandler) {
    QueryFilter<JsonPointer> queryFilter = queryRequest.getQueryFilter();
    if (queryFilter == null) {
        return new BadRequestException(getUsageString()).asPromise();
    }
    try {
        final QueryFilter<CoreTokenField> coreTokenFieldQueryFilter = convertToCoreTokenFieldQueryFilter(queryFilter);
        final List<STSIssuedTokenState> issuedTokens = ctsTokenPersistence.listTokens(coreTokenFieldQueryFilter);
        for (STSIssuedTokenState tokenState : issuedTokens) {
            queryResultHandler.handleResource(newResourceResponse(tokenState.getTokenId(), EMPTY_STRING, tokenState.toJson()));
        }
        return newResultPromise(newQueryResponse());
    } catch (CTSTokenPersistenceException e) {
        logger.error("Exception caught obtaining list of sts-issued tokens: " + e, e);
        return e.asPromise();
    }
}
Also used : BadRequestException(org.forgerock.json.resource.BadRequestException) STSIssuedTokenState(org.forgerock.openam.sts.user.invocation.STSIssuedTokenState) CoreTokenField(org.forgerock.openam.tokens.CoreTokenField) JsonPointer(org.forgerock.json.JsonPointer) CTSTokenPersistenceException(org.forgerock.openam.sts.CTSTokenPersistenceException)

Aggregations

CoreTokenField (org.forgerock.openam.tokens.CoreTokenField)33 Test (org.testng.annotations.Test)17 Calendar (java.util.Calendar)5 PartialToken (org.forgerock.openam.sm.datalayer.api.query.PartialToken)5 HashSet (java.util.HashSet)4 Map (java.util.Map)4 TokenFilterBuilder (org.forgerock.openam.cts.api.filter.TokenFilterBuilder)4 CoreTokenException (org.forgerock.openam.cts.exceptions.CoreTokenException)4 QueryFilter (org.forgerock.util.query.QueryFilter)4 ArrayList (java.util.ArrayList)3 LinkedHashMap (java.util.LinkedHashMap)3 JsonValue (org.forgerock.json.JsonValue)3 InternalServerErrorException (org.forgerock.json.resource.InternalServerErrorException)3 ServerException (org.forgerock.oauth2.core.exceptions.ServerException)3 TokenFilter (org.forgerock.openam.cts.api.filter.TokenFilter)3 Token (org.forgerock.openam.cts.api.tokens.Token)3 BadRequestException (org.forgerock.json.resource.BadRequestException)2 InvalidClientException (org.forgerock.oauth2.core.exceptions.InvalidClientException)2 NotFoundException (org.forgerock.oauth2.core.exceptions.NotFoundException)2 QueryBuilder (org.forgerock.openam.sm.datalayer.api.query.QueryBuilder)2