Example 21 with ChallengeResponse
use of org.restlet.data.ChallengeResponse in project OpenAM by OpenRock.
the class AccessTokenProtectionFilter method beforeHandle.
@Override
protected int beforeHandle(Request request, Response response) {
ChallengeResponse challengeResponse = request.getChallengeResponse();
Status failure = null;
if (challengeResponse == null) {
failure = new Status(401, new InvalidTokenException());
} else {
String tokenId = challengeResponse.getRawValue();
try {
OAuth2Request oAuth2Request = requestFactory.create(request);
AccessToken accessToken = tokenStore.readAccessToken(oAuth2Request, tokenId);
if (accessToken == null || accessToken.isExpired()) {
failure = new Status(401, new InvalidTokenException());
} else if (requiredScope != null && !accessToken.getScope().contains(requiredScope)) {
failure = new Status(403, new InsufficientScopeException(requiredScope));
} else {
oAuth2Request.setToken(AccessToken.class, accessToken);
}
} catch (ServerException e) {
failure = new Status(500, e);
} catch (NotFoundException e) {
debug.message("Error loading token with id: " + tokenId, e);
failure = new Status(404, e);
} catch (InvalidGrantException e) {
debug.message("Error loading token with id: " + tokenId, e);
failure = new Status(401, new InvalidTokenException());
}
}
if (failure != null) {
response.setStatus(failure);
return STOP;
}
return super.beforeHandle(request, response);
}
Also used :
Status(org.restlet.data.Status)
InvalidTokenException(org.forgerock.oauth2.core.exceptions.InvalidTokenException)
InsufficientScopeException(org.forgerock.oauth2.core.exceptions.InsufficientScopeException)
OAuth2Request(org.forgerock.oauth2.core.OAuth2Request)
ServerException(org.forgerock.oauth2.core.exceptions.ServerException)
AccessToken(org.forgerock.oauth2.core.AccessToken)
NotFoundException(org.forgerock.oauth2.core.exceptions.NotFoundException)
InvalidGrantException(org.forgerock.oauth2.core.exceptions.InvalidGrantException)
ChallengeResponse(org.restlet.data.ChallengeResponse)
Example 22 with ChallengeResponse
use of org.restlet.data.ChallengeResponse in project OpenAM by OpenRock.
the class OAuth2AuditRefreshTokenContextProvider method retrieveRefreshTokenFromChallengeResponse.
private RefreshToken retrieveRefreshTokenFromChallengeResponse(Request request) {
RefreshToken refreshToken;
ChallengeResponse challengeResponse = request.getChallengeResponse();
if (challengeResponse == null) {
return null;
}
String bearerToken = challengeResponse.getRawValue();
if ("undefined".equals(bearerToken)) {
return null;
}
OAuth2Request oAuth2Request = requestFactory.create(request);
try {
refreshToken = tokenStore.readRefreshToken(oAuth2Request, bearerToken);
} catch (ServerException | InvalidGrantException | NotFoundException e) {
return null;
}
return refreshToken;
}
Also used :
OAuth2Request(org.forgerock.oauth2.core.OAuth2Request)
RefreshToken(org.forgerock.oauth2.core.RefreshToken)
ServerException(org.forgerock.oauth2.core.exceptions.ServerException)
NotFoundException(org.forgerock.oauth2.core.exceptions.NotFoundException)
InvalidGrantException(org.forgerock.oauth2.core.exceptions.InvalidGrantException)
ChallengeResponse(org.restlet.data.ChallengeResponse)
Example 23 with ChallengeResponse
use of org.restlet.data.ChallengeResponse in project OpenAM by OpenRock.
the class OAuth2AuditAccessTokenContextProvider method retrieveAccessTokenFromChallengeResponse.
private AccessToken retrieveAccessTokenFromChallengeResponse(Request request) {
AccessToken token;
ChallengeResponse challengeResponse = request.getChallengeResponse();
if (challengeResponse == null) {
return null;
}
String bearerToken = challengeResponse.getRawValue();
if ("undefined".equals(bearerToken)) {
return null;
}
OAuth2Request oAuth2Request = requestFactory.create(request);
try {
token = tokenStore.readAccessToken(oAuth2Request, bearerToken);
} catch (ServerException | InvalidGrantException | NotFoundException e) {
return null;
}
return token;
}
Also used :
OAuth2Request(org.forgerock.oauth2.core.OAuth2Request)
ServerException(org.forgerock.oauth2.core.exceptions.ServerException)
AccessToken(org.forgerock.oauth2.core.AccessToken)
NotFoundException(org.forgerock.oauth2.core.exceptions.NotFoundException)
InvalidGrantException(org.forgerock.oauth2.core.exceptions.InvalidGrantException)
ChallengeResponse(org.restlet.data.ChallengeResponse)
Example 24 with ChallengeResponse
use of org.restlet.data.ChallengeResponse in project vcell by virtualcell.
the class UserVerifier method verify.
@Override
public int verify(Request request, Response response) {
ChallengeResponse challengeResponse = request.getChallengeResponse();
AuthenticationStatus result = verify(challengeResponse);
Context.getCurrent().getLogger().log(Level.FINE, "UserVerifier.verify(request,response) - returning " + result + ", request='" + request + "'");
switch(result) {
case invalid:
{
request.getCookies().removeAll("org.vcell.auth");
response.getCookieSettings().removeAll("org.vcell.auth");
return RESULT_INVALID;
}
case stale:
{
request.getCookies().removeAll("org.vcell.auth");
response.getCookieSettings().removeAll("org.vcell.auth");
return RESULT_STALE;
}
case missing:
{
return RESULT_MISSING;
}
case valid:
{
return RESULT_VALID;
}
default:
{
return RESULT_UNKNOWN;
}
}
}
Also used :
ChallengeResponse(org.restlet.data.ChallengeResponse)
Example 25 with ChallengeResponse
use of org.restlet.data.ChallengeResponse in project vcell by virtualcell.
the class VCellCookieAuthenticator method logout.
@Override
protected int logout(Request request, Response response) {
try {
Cookie credentialsCookie = request.getCookies().getFirst(getCookieName());
if (credentialsCookie != null) {
ChallengeResponse challengeResponse = parseCredentials(credentialsCookie.getValue());
ApiAccessToken apiAccessToken = vcellApiApplication.getApiAccessToken(challengeResponse);
if (apiAccessToken != null) {
vcellApiApplication.getUserVerifier().invalidateApiAccessToken(apiAccessToken.getToken());
getLogger().log(Level.INFO, "MyCookieAuthenticator.login(request,response) - invalidated accessToken '" + apiAccessToken.getToken() + "'");
}
}
} catch (Exception e) {
e.printStackTrace(System.out);
getLogger().log(Level.SEVERE, "MyCookieAuthenticator.logout(request,response) - exception while invalidating '" + CustomAuthHelper.ACCESS_TOKEN + "'", e);
}
return super.logout(request, response);
}
Also used :
Cookie(org.restlet.data.Cookie)
ApiAccessToken(cbit.vcell.modeldb.ApiAccessToken)
DataAccessException(org.vcell.util.DataAccessException)
SQLException(java.sql.SQLException)
ChallengeResponse(org.restlet.data.ChallengeResponse)
Aggregations
ChallengeResponse (org.restlet.data.ChallengeResponse)26
OAuth2Request (org.forgerock.oauth2.core.OAuth2Request)17
Request (org.restlet.Request)15
Test (org.testng.annotations.Test)9
AccessToken (org.forgerock.oauth2.core.AccessToken)8
Response (org.restlet.Response)8
Status (org.restlet.data.Status)5
HttpRequest (org.restlet.engine.adapter.HttpRequest)5
InvalidGrantException (org.forgerock.oauth2.core.exceptions.InvalidGrantException)4
NotFoundException (org.forgerock.oauth2.core.exceptions.NotFoundException)4
ServerException (org.forgerock.oauth2.core.exceptions.ServerException)4
AccessTokenVerifier (org.forgerock.oauth2.core.AccessTokenVerifier)3
ApiAccessToken (cbit.vcell.modeldb.ApiAccessToken)2
SQLException (java.sql.SQLException)2
Form (org.restlet.data.Form)2
Representation (org.restlet.representation.Representation)2
ApiClient (cbit.vcell.modeldb.ApiClient)1
ParseException (java.text.ParseException)1
Collection (java.util.Collection)1
HashSet (java.util.HashSet)1
