use of org.forgerock.openam.tokens.CoreTokenField in project OpenAM by OpenRock.
the class OAuth2UserApplications method deleteInstance.
/**
* Allows users to revoke an OAuth2 application. This will remove their consent and revoke any access and refresh
* tokens with a matching client id.
* @param context The request context.
* @param resourceId The id of the OAuth2 client.
* @return A promise of the removed application.
*/
@Delete
public Promise<ResourceResponse, ResourceException> deleteInstance(Context context, String resourceId) {
String userId = contextHelper.getUserId(context);
String realm = contextHelper.getRealm(context);
debug.message("Revoking access to OAuth2 client {} for user {}", resourceId, userId);
try {
oAuth2ProviderSettingsFactory.get(context).revokeConsent(userId, resourceId);
QueryFilter<CoreTokenField> queryFilter = and(getQueryFilter(userId, realm), equalTo(CLIENT_ID.getField(), resourceId));
JsonValue tokens = tokenStore.query(queryFilter);
if (tokens.asCollection().isEmpty()) {
return new org.forgerock.json.resource.NotFoundException().asPromise();
}
for (JsonValue token : tokens) {
String tokenId = getAttributeValue(token, ID.getOAuthField());
debug.message("Removing OAuth2 token {} with client {} for user {}", tokenId, resourceId, userId);
tokenStore.delete(tokenId);
}
return getResourceResponse(context, resourceId, tokens).asPromise();
} catch (CoreTokenException | InvalidClientException | NotFoundException | ServerException e) {
debug.message("Failed to revoke access to OAuth2 client {} for user {}", resourceId, userId, e);
return new InternalServerErrorException(e).asPromise();
} catch (InternalServerErrorException e) {
debug.message("Failed to revoke access to OAuth2 client {} for user {}", resourceId, userId, e);
return e.asPromise();
}
}
use of org.forgerock.openam.tokens.CoreTokenField in project OpenAM by OpenRock.
the class TokenResource method queryCollection.
@Override
public Promise<QueryResponse, ResourceException> queryCollection(Context context, QueryRequest queryRequest, QueryResourceHandler handler) {
try {
JsonValue response;
Collection<QueryFilter<CoreTokenField>> query = new ArrayList<QueryFilter<CoreTokenField>>();
//get uid of submitter
AMIdentity uid;
try {
uid = getUid(context);
if (!uid.equals(adminUserId)) {
query.add(QueryFilter.equalTo(USERNAME_FIELD, uid.getName()));
query.add(QueryFilter.equalTo(REALM_FIELD, DNMapper.orgNameToRealmName(uid.getRealm())));
}
} catch (Exception e) {
if (debug.errorEnabled()) {
debug.error("TokenResource :: QUERY : Unable to query collection as no UID discovered " + "for requesting user.");
}
return new PermanentException(401, "Unauthorized", e).asPromise();
}
String id = queryRequest.getQueryId();
String queryString;
if (id.equals("access_token")) {
queryString = "tokenName=access_token";
} else {
queryString = id;
}
String[] constraints = queryString.split(",");
boolean userNamePresent = false;
for (String constraint : constraints) {
String[] params = constraint.split("=");
if (params.length == 2) {
if (OAuthTokenField.USER_NAME.getOAuthField().equals(params[0])) {
userNamePresent = true;
}
query.add(QueryFilter.equalTo(getOAuth2TokenField(params[0]), params[1]));
}
}
if (adminUserId.equals(uid)) {
if (!userNamePresent) {
return new BadRequestException("userName field MUST be set in _queryId").asPromise();
}
} else if (userNamePresent) {
return new BadRequestException("userName field MUST NOT be set in _queryId").asPromise();
}
response = tokenStore.query(QueryFilter.and(query));
return handleResponse(handler, response, context);
} catch (UnauthorizedClientException e) {
debug.error("TokenResource :: QUERY : Unable to query collection as the client is not authorized.", e);
return new PermanentException(401, e.getMessage(), e).asPromise();
} catch (CoreTokenException e) {
debug.error("TokenResource :: QUERY : Unable to query collection as the token store is not available.", e);
return new ServiceUnavailableException(e.getMessage(), e).asPromise();
} catch (InternalServerErrorException e) {
debug.error("TokenResource :: QUERY : Unable to query collection as writing the response failed.", e);
return e.asPromise();
} catch (NotFoundException e) {
debug.error("TokenResource :: QUERY : Unable to query collection as realm does not have OAuth 2 provider.", e);
return e.asPromise();
}
}
use of org.forgerock.openam.tokens.CoreTokenField in project OpenAM by OpenRock.
the class TokenGenerationService method queryCollection.
@Override
public Promise<QueryResponse, ResourceException> queryCollection(final Context serverContext, final QueryRequest queryRequest, final QueryResourceHandler queryResultHandler) {
QueryFilter<JsonPointer> queryFilter = queryRequest.getQueryFilter();
if (queryFilter == null) {
return new BadRequestException(getUsageString()).asPromise();
}
try {
final QueryFilter<CoreTokenField> coreTokenFieldQueryFilter = convertToCoreTokenFieldQueryFilter(queryFilter);
final List<STSIssuedTokenState> issuedTokens = ctsTokenPersistence.listTokens(coreTokenFieldQueryFilter);
for (STSIssuedTokenState tokenState : issuedTokens) {
queryResultHandler.handleResource(newResourceResponse(tokenState.getTokenId(), EMPTY_STRING, tokenState.toJson()));
}
return newResultPromise(newQueryResponse());
} catch (CTSTokenPersistenceException e) {
logger.error("Exception caught obtaining list of sts-issued tokens: " + e, e);
return e.asPromise();
}
}
Aggregations