Search in sources :

Example 1 with OpenAMSettingsImpl

use of org.forgerock.openam.utils.OpenAMSettingsImpl in project OpenAM by OpenRock.

the class BaseURLProviderFactory method create.

private synchronized BaseURLProvider create(String realmDN) {
    if (!providers.containsKey(realmDN)) {
        debug.message("Creating base URL provider for realm: {}", realmDN);
        OpenAMSettingsImpl settings = new OpenAMSettingsImpl(SERVICE_NAME, SERVICE_VERSION);
        try {
            BaseURLProvider provider;
            if (settings.hasConfig(realmDN)) {
                ProviderType providerType = ProviderType.valueOf(settings.getStringSetting(realmDN, PROVIDER_TYPE));
                provider = providerType.getProvider();
                provider.init(settings, realmDN);
                provider.setContextPath(settings.getStringSetting(realmDN, CONTEXT_PATH));
            } else {
                provider = new RequestValuesBaseURLProvider();
                provider.setContextPath(servletContext.getContextPath());
            }
            provider.setCoreWrapper(coreWrapper);
            providers.put(realmDN, provider);
        } catch (SMSException | SSOException e) {
            debug.error("Unable to access BaseURL config for realm {}", realmDN, e);
            throw new IllegalStateException(e);
        }
    }
    return providers.get(realmDN);
}
Also used : SMSException(com.sun.identity.sm.SMSException) OpenAMSettingsImpl(org.forgerock.openam.utils.OpenAMSettingsImpl) SSOException(com.iplanet.sso.SSOException)

Example 2 with OpenAMSettingsImpl

use of org.forgerock.openam.utils.OpenAMSettingsImpl in project OpenAM by OpenRock.

the class OAuth2GuiceModule method configure.

/**
     * {@inheritDoc}
     */
@Override
protected void configure() {
    bind(AuthorizationService.class).to(AuthorizationServiceImpl.class);
    bind(new TypeLiteral<OAuth2RequestFactory<?, Request>>() {
    }).to(RestletOAuth2RequestFactory.class);
    bind(ResourceOwnerConsentVerifier.class).to(OpenIdResourceOwnerConsentVerifier.class);
    bind(ClientRegistrationStore.class).to(OpenAMClientRegistrationStore.class);
    bind(OpenIdConnectClientRegistrationStore.class).to(OpenAMClientRegistrationStore.class);
    bind(OAuth2ProviderSettingsFactory.class).to(OpenAMOAuth2ProviderSettingsFactory.class);
    bind(OAuth2ProviderSettingsFactory.class).to(OpenAMOAuth2ProviderSettingsFactory.class);
    bind(ResourceOwnerSessionValidator.class).to(OpenAMResourceOwnerSessionValidator.class);
    bind(ClientAuthenticator.class).to(ClientAuthenticatorImpl.class);
    bind(TokenStore.class).to(OpenAMTokenStore.class);
    bind(OpenIdConnectTokenStore.class).to(OpenAMTokenStore.class);
    bind(AccessTokenService.class).to(AccessTokenServiceImpl.class);
    bind(ResourceOwnerAuthenticator.class).to(OpenAMResourceOwnerAuthenticator.class);
    bind(IdTokenResponseTypeHandler.class).to(OpenAMIdTokenResponseTypeHandler.class);
    bind(UserInfoService.class).to(UserInfoServiceImpl.class);
    bind(TokenInfoService.class).to(TokenInfoServiceImpl.class);
    bind(ClientAuthenticationFailureFactory.class).to(OpenAMClientAuthenticationFailureFactory.class);
    bind(AccessTokenVerifier.class).to(RestletHeaderAccessTokenVerifier.class);
    bind(AccessTokenVerifier.class).annotatedWith(named(HEADER)).to(RestletHeaderAccessTokenVerifier.class);
    bind(AccessTokenVerifier.class).annotatedWith(named(FORM_BODY)).to(RestletFormBodyAccessTokenVerifier.class);
    bind(AccessTokenVerifier.class).annotatedWith(named(QUERY_PARAM)).to(RestletQueryParameterAccessTokenVerifier.class);
    bind(OpenIDConnectProvider.class).to(OpenAMOpenIDConnectProvider.class);
    bind(ClientDAO.class).to(OpenAMClientDAO.class);
    bind(OpenIdConnectClientRegistrationService.class).to(OpenAMOpenIdConnectClientRegistrationService.class);
    bind(OpenAMSettings.class).toProvider(new Provider<OpenAMSettings>() {

        public OpenAMSettings get() {
            return new OpenAMSettingsImpl(OAuth2Constants.OAuth2ProviderService.NAME, OAuth2Constants.OAuth2ProviderService.VERSION);
        }
    });
    bind(OpenIDTokenIssuer.class).to(OpenAMOpenIdTokenIssuer.class);
    final Multibinder<AuthorizeRequestValidator> authorizeRequestValidators = Multibinder.newSetBinder(binder(), AuthorizeRequestValidator.class);
    authorizeRequestValidators.addBinding().to(AuthorizeRequestValidatorImpl.class);
    authorizeRequestValidators.addBinding().to(OpenIdConnectAuthorizeRequestValidator.class);
    authorizeRequestValidators.addBinding().to(ClaimsParameterValidator.class);
    authorizeRequestValidators.addBinding().to(SubjectTypeValidator.class);
    authorizeRequestValidators.addBinding().to(CodeVerifierValidator.class);
    final Multibinder<AuthorizationCodeRequestValidator> authorizationCodeRequestValidators = Multibinder.newSetBinder(binder(), AuthorizationCodeRequestValidator.class);
    authorizationCodeRequestValidators.addBinding().to(AuthorizationCodeRequestValidatorImpl.class);
    final Multibinder<ClientCredentialsRequestValidator> clientCredentialsRequestValidators = Multibinder.newSetBinder(binder(), ClientCredentialsRequestValidator.class);
    clientCredentialsRequestValidators.addBinding().to(ClientCredentialsRequestValidatorImpl.class);
    final Multibinder<PasswordCredentialsRequestValidator> passwordCredentialsRequestValidators = Multibinder.newSetBinder(binder(), PasswordCredentialsRequestValidator.class);
    passwordCredentialsRequestValidators.addBinding().to(PasswordCredentialsRequestValidatorImpl.class);
    final MapBinder<String, GrantTypeHandler> grantTypeHandlers = MapBinder.newMapBinder(binder(), String.class, GrantTypeHandler.class);
    grantTypeHandlers.addBinding(CLIENT_CREDENTIALS).to(ClientCredentialsGrantTypeHandler.class);
    grantTypeHandlers.addBinding(PASSWORD).to(PasswordCredentialsGrantTypeHandler.class);
    grantTypeHandlers.addBinding(AUTHORIZATION_CODE).to(AuthorizationCodeGrantTypeHandler.class);
    grantTypeHandlers.addBinding(DEVICE_CODE).to(DeviceCodeGrantTypeHandler.class);
    grantTypeHandlers.addBinding(JWT_BEARER).to(JwtBearerGrantTypeHandler.class);
    grantTypeHandlers.addBinding(OAuth2Constants.TokenEndpoint.SAML2_BEARER).to(Saml2GrantTypeHandler.class);
    final Multibinder<AuthorizeRequestHook> authorizeRequestHooks = Multibinder.newSetBinder(binder(), AuthorizeRequestHook.class);
    authorizeRequestHooks.addBinding().to(LoginHintHook.class);
    final Multibinder<TokenRequestHook> tokenRequestHooks = Multibinder.newSetBinder(binder(), TokenRequestHook.class);
    tokenRequestHooks.addBinding().to(LoginHintHook.class);
    install(new FactoryModuleBuilder().implement(ResourceSetStore.class, OpenAMResourceSetStore.class).build(ResourceSetStoreFactory.class));
    bind(TokenIdGenerator.class).to(ThreadSafeTokenIdGenerator.class);
    Multibinder.newSetBinder(binder(), TokenIntrospectionHandler.class).addBinding().to(OAuth2TokenIntrospectionHandler.class);
    bind(TokenIntrospectionService.class).to(TokenIntrospectionServiceImpl.class);
    Multibinder.newSetBinder(binder(), ResourceSetRegistrationHook.class);
    bind(OpenIDConnectURLValidator.class).toInstance(OpenIDConnectURLValidator.getInstance());
    install(new LabelsGuiceModule());
    bind(OAuth2UrisFactory.class).to(OpenAMOAuth2UrisFactory.class);
    bind(new TypeLiteral<OAuth2UrisFactory<RealmInfo>>() {
    }).to(OpenAMOAuth2UrisFactory.class);
}
Also used : IdTokenResponseTypeHandler(org.forgerock.openidconnect.IdTokenResponseTypeHandler) OpenAMIdTokenResponseTypeHandler(org.forgerock.openam.openidconnect.OpenAMIdTokenResponseTypeHandler) OpenIdConnectTokenStore(org.forgerock.openidconnect.OpenIdConnectTokenStore) OpenAMOpenIDConnectProvider(org.forgerock.openam.openidconnect.OpenAMOpenIDConnectProvider) OpenIDConnectProvider(org.forgerock.openidconnect.OpenIDConnectProvider) FactoryModuleBuilder(com.google.inject.assistedinject.FactoryModuleBuilder) ResourceOwnerConsentVerifier(org.forgerock.oauth2.core.ResourceOwnerConsentVerifier) OpenIdResourceOwnerConsentVerifier(org.forgerock.openidconnect.OpenIdResourceOwnerConsentVerifier) OpenIDTokenIssuer(org.forgerock.openidconnect.OpenIDTokenIssuer) OpenAMClientRegistrationStore(org.forgerock.openam.oauth2.OpenAMClientRegistrationStore) OpenIdConnectClientRegistrationStore(org.forgerock.openidconnect.OpenIdConnectClientRegistrationStore) ClientRegistrationStore(org.forgerock.oauth2.core.ClientRegistrationStore) AuthorizationCodeRequestValidator(org.forgerock.oauth2.core.AuthorizationCodeRequestValidator) OpenIdConnectClientRegistrationStore(org.forgerock.openidconnect.OpenIdConnectClientRegistrationStore) ClientCredentialsRequestValidator(org.forgerock.oauth2.core.ClientCredentialsRequestValidator) TokenIntrospectionService(org.forgerock.oauth2.core.TokenIntrospectionService) UserInfoService(org.forgerock.openidconnect.UserInfoService) PasswordCredentialsRequestValidator(org.forgerock.oauth2.core.PasswordCredentialsRequestValidator) RealmInfo(org.forgerock.openam.core.RealmInfo) TokenRequestHook(org.forgerock.oauth2.restlet.TokenRequestHook) TypeLiteral(com.google.inject.TypeLiteral) OAuth2ProviderSettingsFactory(org.forgerock.oauth2.core.OAuth2ProviderSettingsFactory) OpenAMOAuth2ProviderSettingsFactory(org.forgerock.openam.oauth2.OpenAMOAuth2ProviderSettingsFactory) OpenAMClientDAO(org.forgerock.openam.oauth2.OpenAMClientDAO) ClientDAO(org.forgerock.openidconnect.ClientDAO) OpenAMSettingsImpl(org.forgerock.openam.utils.OpenAMSettingsImpl) OpenAMResourceOwnerSessionValidator(org.forgerock.openam.oauth2.OpenAMResourceOwnerSessionValidator) ResourceOwnerSessionValidator(org.forgerock.oauth2.core.ResourceOwnerSessionValidator) RestletFormBodyAccessTokenVerifier(org.forgerock.oauth2.restlet.RestletFormBodyAccessTokenVerifier) RestletQueryParameterAccessTokenVerifier(org.forgerock.oauth2.restlet.RestletQueryParameterAccessTokenVerifier) RestletHeaderAccessTokenVerifier(org.forgerock.oauth2.restlet.RestletHeaderAccessTokenVerifier) AccessTokenVerifier(org.forgerock.oauth2.core.AccessTokenVerifier) AuthorizationCodeGrantTypeHandler(org.forgerock.oauth2.core.AuthorizationCodeGrantTypeHandler) JwtBearerGrantTypeHandler(org.forgerock.oauth2.core.JwtBearerGrantTypeHandler) ClientCredentialsGrantTypeHandler(org.forgerock.oauth2.core.ClientCredentialsGrantTypeHandler) DeviceCodeGrantTypeHandler(org.forgerock.oauth2.core.DeviceCodeGrantTypeHandler) Saml2GrantTypeHandler(org.forgerock.openam.oauth2.saml2.core.Saml2GrantTypeHandler) GrantTypeHandler(org.forgerock.oauth2.core.GrantTypeHandler) PasswordCredentialsGrantTypeHandler(org.forgerock.oauth2.core.PasswordCredentialsGrantTypeHandler) OpenAMOAuth2UrisFactory(org.forgerock.openam.oauth2.OpenAMOAuth2UrisFactory) OAuth2UrisFactory(org.forgerock.oauth2.core.OAuth2UrisFactory) AuthorizeRequestValidator(org.forgerock.oauth2.core.AuthorizeRequestValidator) OpenIdConnectAuthorizeRequestValidator(org.forgerock.openidconnect.OpenIdConnectAuthorizeRequestValidator) Request(org.restlet.Request) OAuth2Request(org.forgerock.oauth2.core.OAuth2Request) TokenInfoService(org.forgerock.oauth2.core.TokenInfoService) ClientAuthenticationFailureFactory(org.forgerock.oauth2.core.exceptions.ClientAuthenticationFailureFactory) OpenAMClientAuthenticationFailureFactory(org.forgerock.oauth2.restlet.OpenAMClientAuthenticationFailureFactory) OpenAMSettings(org.forgerock.openam.utils.OpenAMSettings) OpenIDConnectURLValidator(org.forgerock.openam.oauth2.validation.OpenIDConnectURLValidator) ThreadSafeTokenIdGenerator(org.forgerock.openam.sm.datalayer.utils.ThreadSafeTokenIdGenerator) TokenIdGenerator(org.forgerock.openam.cts.api.tokens.TokenIdGenerator) AuthorizationService(org.forgerock.oauth2.core.AuthorizationService) AccessTokenService(org.forgerock.oauth2.core.AccessTokenService) OpenIdConnectClientRegistrationService(org.forgerock.openidconnect.OpenIdConnectClientRegistrationService) OpenAMOpenIdConnectClientRegistrationService(org.forgerock.openam.openidconnect.OpenAMOpenIdConnectClientRegistrationService) ClientAuthenticator(org.forgerock.oauth2.core.ClientAuthenticator) OpenAMResourceOwnerAuthenticator(org.forgerock.openam.oauth2.OpenAMResourceOwnerAuthenticator) ResourceOwnerAuthenticator(org.forgerock.oauth2.core.ResourceOwnerAuthenticator) LabelsGuiceModule(org.forgerock.openam.oauth2.resources.labels.LabelsGuiceModule) TokenStore(org.forgerock.oauth2.core.TokenStore) OpenIdConnectTokenStore(org.forgerock.openidconnect.OpenIdConnectTokenStore) OpenAMTokenStore(org.forgerock.openam.oauth2.OpenAMTokenStore) OAuthTokenStore(org.forgerock.openam.oauth2.OAuthTokenStore) AuthorizeRequestHook(org.forgerock.oauth2.restlet.AuthorizeRequestHook) ResourceSetStoreFactory(org.forgerock.openam.oauth2.resources.ResourceSetStoreFactory)

Example 3 with OpenAMSettingsImpl

use of org.forgerock.openam.utils.OpenAMSettingsImpl in project OpenAM by OpenRock.

the class OpenAMScopeValidator method getOIDCClaimsExtensionScript.

private ScriptObject getOIDCClaimsExtensionScript(String realm) throws ServerException {
    OpenAMSettingsImpl settings = new OpenAMSettingsImpl(OAuth2Constants.OAuth2ProviderService.NAME, OAuth2Constants.OAuth2ProviderService.VERSION);
    try {
        String scriptId = settings.getStringSetting(realm, OAuth2Constants.OAuth2ProviderService.OIDC_CLAIMS_EXTENSION_SCRIPT);
        if (EMPTY_SCRIPT_SELECTION.equals(scriptId)) {
            return new ScriptObject("oidc-claims-script", "", SupportedScriptingLanguage.JAVASCRIPT);
        }
        ScriptConfiguration config = getScriptConfiguration(realm, scriptId);
        return new ScriptObject(config.getName(), config.getScript(), config.getLanguage());
    } catch (org.forgerock.openam.scripting.ScriptException | SSOException | SMSException e) {
        logger.message("Error running OIDC claims script", e);
        throw new ServerException("Error running OIDC claims script: " + e.getMessage());
    }
}
Also used : ScriptObject(org.forgerock.openam.scripting.ScriptObject) ScriptException(javax.script.ScriptException) ServerException(org.forgerock.oauth2.core.exceptions.ServerException) SMSException(com.sun.identity.sm.SMSException) OpenAMSettingsImpl(org.forgerock.openam.utils.OpenAMSettingsImpl) ScriptConfiguration(org.forgerock.openam.scripting.service.ScriptConfiguration) SSOException(com.iplanet.sso.SSOException)

Aggregations

OpenAMSettingsImpl (org.forgerock.openam.utils.OpenAMSettingsImpl)3 SSOException (com.iplanet.sso.SSOException)2 SMSException (com.sun.identity.sm.SMSException)2 TypeLiteral (com.google.inject.TypeLiteral)1 FactoryModuleBuilder (com.google.inject.assistedinject.FactoryModuleBuilder)1 ScriptException (javax.script.ScriptException)1 AccessTokenService (org.forgerock.oauth2.core.AccessTokenService)1 AccessTokenVerifier (org.forgerock.oauth2.core.AccessTokenVerifier)1 AuthorizationCodeGrantTypeHandler (org.forgerock.oauth2.core.AuthorizationCodeGrantTypeHandler)1 AuthorizationCodeRequestValidator (org.forgerock.oauth2.core.AuthorizationCodeRequestValidator)1 AuthorizationService (org.forgerock.oauth2.core.AuthorizationService)1 AuthorizeRequestValidator (org.forgerock.oauth2.core.AuthorizeRequestValidator)1 ClientAuthenticator (org.forgerock.oauth2.core.ClientAuthenticator)1 ClientCredentialsGrantTypeHandler (org.forgerock.oauth2.core.ClientCredentialsGrantTypeHandler)1 ClientCredentialsRequestValidator (org.forgerock.oauth2.core.ClientCredentialsRequestValidator)1 ClientRegistrationStore (org.forgerock.oauth2.core.ClientRegistrationStore)1 DeviceCodeGrantTypeHandler (org.forgerock.oauth2.core.DeviceCodeGrantTypeHandler)1 GrantTypeHandler (org.forgerock.oauth2.core.GrantTypeHandler)1 JwtBearerGrantTypeHandler (org.forgerock.oauth2.core.JwtBearerGrantTypeHandler)1 OAuth2ProviderSettingsFactory (org.forgerock.oauth2.core.OAuth2ProviderSettingsFactory)1