Example 56 with Request
use of org.restlet.Request in project OpenAM by OpenRock.
the class EndSessionTest method setup.
@BeforeMethod
public void setup() throws InvalidClientException, SignatureException, NotFoundException {
idToken = "eyAidHlwIjogIkpXVCIsICJhbGciOiAiSFMyNTYiIH0.eyAidG9rZW5OYW1lIjogImlkX3Rva2VuIiwgImF6cCI6ICJOZXdPcG" + "VuSWRDbGllbnQiLCAic3ViIjogIlRlc3RVc2VyIiwgImF0X2hhc2giOiAibHhSNE1BcGV1aXl0dWxiVFI4OV9wQSIsICJpc3MiOi" + "AiaHR0cDovL29wZW5hbS5leGFtcGxlLmNvbTo4MDgwL29wZW5hbS9vYXV0aDIiLCAib3JnLmZvcmdlcm9jay5vcGVuaWRjb25uZW" + "N0Lm9wcyI6ICI2OTYzOTc4MC04NjkzLTQ1ODktOTk1Ni05ZThkM2UxZWI2YjQiLCAiaWF0IjogMTQzNjM1MjM4MiwgImF1dGhfdG" + "ltZSI6IDE0MzYzNTIzODIsICJleHAiOiAxNDM2MzUyOTgyLCAidG9rZW5UeXBlIjogIkpXVFRva2VuIiwgIm5vbmNlIjogIjEyMz" + "Q1IiwgInJlYWxtIjogIi8iLCAiYXVkIjogWyAiTmV3T3BlbklkQ2xpZW50IiBdLCAiY19oYXNoIjogIkY3RENrMkE5cDVmeUN0VF" + "hpYmF5V2ciIH0.0uIyHGAsr04gu9H4cJ57UPYVJmSJwjCakozPATlCcuE";
oAuth2Request = mock(OAuth2Request.class);
when(oAuth2Request.getParameter(OAuth2Constants.Params.END_SESSION_ID_TOKEN_HINT)).thenReturn(idToken);
OAuth2RequestFactory<?, Request> requestFactory = mock(OAuth2RequestFactory.class);
ExceptionHandler exceptionHandler = mock(ExceptionHandler.class);
ClientRegistrationStore clientRegistrationStore = mock(ClientRegistrationStore.class);
openIDConnectEndSession = mock(OpenIDConnectEndSession.class);
endSession = new EndSession(requestFactory, openIDConnectEndSession, exceptionHandler, clientRegistrationStore);
Request request = mock(Request.class);
Response response = mock(Response.class);
when(response.getEntity()).thenReturn(mock(Representation.class));
endSession.setRequest(request);
endSession.setResponse(response);
when(requestFactory.create(any(Request.class))).thenReturn(oAuth2Request);
client = mock(ClientRegistration.class);
when(clientRegistrationStore.get(anyString(), any(OAuth2Request.class))).thenReturn(client);
}
Also used :
ExceptionHandler(org.forgerock.oauth2.restlet.ExceptionHandler)
Response(org.restlet.Response)
OAuth2Request(org.forgerock.oauth2.core.OAuth2Request)
ClientRegistration(org.forgerock.oauth2.core.ClientRegistration)
Request(org.restlet.Request)
OAuth2Request(org.forgerock.oauth2.core.OAuth2Request)
OpenIDConnectEndSession(org.forgerock.openidconnect.OpenIDConnectEndSession)
OpenIDConnectEndSession(org.forgerock.openidconnect.OpenIDConnectEndSession)
Representation(org.restlet.representation.Representation)
ClientRegistrationStore(org.forgerock.oauth2.core.ClientRegistrationStore)
BeforeMethod(org.testng.annotations.BeforeMethod)
Example 57 with Request
use of org.restlet.Request in project OpenAM by OpenRock.
the class OpenAMResourceOwnerSessionValidator method buildDefaultLoginUrl.
private URI buildDefaultLoginUrl(OAuth2Request request, String gotoUrl, String acrValues, String realm, String moduleName, String serviceName, String locale) throws URISyntaxException, ServerException, NotFoundException {
final Request req = request.getRequest();
final String authURL = getAuthURL(getHttpServletRequest(req));
final URI authURI = new URI(authURL);
final Reference loginRef = new Reference(authURI);
if (!isEmpty(realm)) {
loginRef.addQueryParameter(OAuth2Constants.Custom.REALM, realm);
}
if (!isEmpty(locale)) {
loginRef.addQueryParameter(LOCALE, locale);
}
// Prefer standard acr_values, then module, then service
if (!isEmpty(acrValues)) {
final ACRValue chosen = chooseBestAcrValue(request, acrValues.split("\\s+"));
if (chosen != null) {
loginRef.addQueryParameter(chosen.method.getIndexType().toString(), chosen.method.getName());
// Adjust the GOTO url to indicate which acr value was actually chosen
req.getResourceRef().addQueryParameter(OAuth2Constants.JWTTokenParams.ACR, chosen.acr);
}
} else if (!isEmpty(moduleName)) {
loginRef.addQueryParameter(MODULE, moduleName);
} else if (!isEmpty(serviceName)) {
loginRef.addQueryParameter(SERVICE, serviceName);
}
loginRef.addQueryParameter(GOTO, gotoUrl);
return loginRef.toUri();
}
Also used :
Reference(org.restlet.data.Reference)
OAuth2Request(org.forgerock.oauth2.core.OAuth2Request)
HttpServletRequest(javax.servlet.http.HttpServletRequest)
Request(org.restlet.Request)
URI(java.net.URI)
Example 58 with Request
use of org.restlet.Request in project OpenAM by OpenRock.
the class OpenAMResourceOwnerSessionValidator method alterMaxAge.
/**
* After we are sent to authN we will come back to authZ, next time make sure
* we don't fail to max_age again (in case it's only a few seconds),
* otherwise we'll loop forever and ever...
*/
private void alterMaxAge(OAuth2Request req) {
final Request request = req.getRequest();
Form query = request.getResourceRef().getQueryAsForm();
Parameter param = query.getFirst(MAX_AGE);
if (param == null) {
param = new Parameter(MAX_AGE, CONFIRMED_MAX_AGE);
query.add(param);
} else {
param.setValue(CONFIRMED_MAX_AGE);
}
request.getResourceRef().setQuery(query.getQueryString());
}
Also used :
Form(org.restlet.data.Form)
OAuth2Request(org.forgerock.oauth2.core.OAuth2Request)
HttpServletRequest(javax.servlet.http.HttpServletRequest)
Request(org.restlet.Request)
Parameter(org.restlet.data.Parameter)
Example 59 with Request
use of org.restlet.Request in project OpenAM by OpenRock.
the class OpenAMResourceOwnerSessionValidatorTest method setUp.
@BeforeMethod
public void setUp() throws Exception {
mockSSOTokenManager = mock(SSOTokenManager.class);
mockProviderSettingsFactory = mock(OAuth2ProviderSettingsFactory.class);
providerSettings = mock(OAuth2ProviderSettings.class);
mockOAuth2Request = mock(OAuth2Request.class);
restletRequest = new Request();
mockHttpServletRequest = mock(HttpServletRequest.class);
CoreGuiceModule.DNWrapper dnWrapper = mock(CoreGuiceModule.DNWrapper.class);
OpenAMClientDAO mockClientDAO = mock(OpenAMClientDAO.class);
ClientCredentialsReader mockClientCredentialsReader = mock(ClientCredentialsReader.class);
given(mockOAuth2Request.getRequest()).willReturn(restletRequest);
given(mockHttpServletRequest.getRequestURI()).willReturn("/openam/oauth2/authorize");
given(mockHttpServletRequest.getScheme()).willReturn("http");
given(mockHttpServletRequest.getServerName()).willReturn("openam.example.com");
given(mockHttpServletRequest.getServerPort()).willReturn(8080);
given(ACTIVE_SESSION_TOKEN.getProperty("Organization")).willReturn("/");
given(mockProviderSettingsFactory.get(any(OAuth2Request.class))).willReturn(providerSettings);
resourceOwnerSessionValidator = new OpenAMResourceOwnerSessionValidator(dnWrapper, mockSSOTokenManager, mockProviderSettingsFactory, mockClientDAO, mockClientCredentialsReader) {
@Override
HttpServletRequest getHttpServletRequest(Request req) {
return mockHttpServletRequest;
}
};
when(dnWrapper.orgNameToDN("/")).thenReturn("/");
}
Also used :
SSOTokenManager(com.iplanet.sso.SSOTokenManager)
HttpServletRequest(javax.servlet.http.HttpServletRequest)
OAuth2Request(org.forgerock.oauth2.core.OAuth2Request)
OAuth2ProviderSettingsFactory(org.forgerock.oauth2.core.OAuth2ProviderSettingsFactory)
HttpServletRequest(javax.servlet.http.HttpServletRequest)
Request(org.restlet.Request)
OAuth2Request(org.forgerock.oauth2.core.OAuth2Request)
CoreGuiceModule(org.forgerock.openam.core.guice.CoreGuiceModule)
OAuth2ProviderSettings(org.forgerock.oauth2.core.OAuth2ProviderSettings)
BeforeMethod(org.testng.annotations.BeforeMethod)
Example 60 with Request
use of org.restlet.Request in project OpenAM by OpenRock.
the class AbstractRestletAccessAuditFilterTest method shouldCaptureResponseBodyProperties.
@Test
public void shouldCaptureResponseBodyProperties() throws Exception {
// Given
auditFilter = new RestletAccessAuditFilterTest(restlet, eventPublisher, eventFactory, RestletBodyAuditor.jsonAuditor("fred"), RestletBodyAuditor.jsonAuditor("gary"));
Request request = new Request();
request.setDate(new Date());
Response response = new Response(request);
response.setEntity(new JsonRepresentation((Map<String, Object>) object(field("fred", "v"), field("gary", 7))));
when(eventPublisher.isAuditing(anyString(), anyString(), any(EventName.class))).thenReturn(true);
// When
auditFilter.afterHandle(request, response);
// Then
ArgumentCaptor<AuditEvent> captor = ArgumentCaptor.forClass(AuditEvent.class);
verify(eventPublisher).tryPublish(anyString(), captor.capture());
assertThat(captor.getValue().getValue()).isObject().hasObject("response").hasObject("detail").contains("gary", 7);
}
Also used :
Response(org.restlet.Response)
Request(org.restlet.Request)
AuditEvent(org.forgerock.audit.events.AuditEvent)
JsonRepresentation(org.restlet.ext.json.JsonRepresentation)
Map(java.util.Map)
ConcurrentHashMap(java.util.concurrent.ConcurrentHashMap)
Date(java.util.Date)
Test(org.testng.annotations.Test)
Aggregations
Request (org.restlet.Request)79
Response (org.restlet.Response)44
OAuth2Request (org.forgerock.oauth2.core.OAuth2Request)37
Test (org.testng.annotations.Test)36
ChallengeResponse (org.restlet.data.ChallengeResponse)18
Status (org.restlet.data.Status)15
HttpServletRequest (javax.servlet.http.HttpServletRequest)12
AccessToken (org.forgerock.oauth2.core.AccessToken)11
AccessTokenVerifier (org.forgerock.oauth2.core.AccessTokenVerifier)11
HttpRequest (org.restlet.engine.adapter.HttpRequest)9
Representation (org.restlet.representation.Representation)9
OAuth2ProviderSettings (org.forgerock.oauth2.core.OAuth2ProviderSettings)8
Form (org.restlet.data.Form)8
Reference (org.restlet.data.Reference)8
BeforeMethod (org.testng.annotations.BeforeMethod)8
Map (java.util.Map)7
OAuth2ProviderSettingsFactory (org.forgerock.oauth2.core.OAuth2ProviderSettingsFactory)6
Test (org.junit.Test)6
Client (org.restlet.Client)6
URI (java.net.URI)4
