Examples with AuthorizationGrantCacheEntry org.wso2.carbon.identity.oauth.cache.AuthorizationGrantCacheEntry used on opensource projects

Search in sources :

Example 11 with AuthorizationGrantCacheEntry

use of org.wso2.carbon.identity.oauth.cache.AuthorizationGrantCacheEntry in project identity-inbound-auth-oauth by wso2-extensions.

the class DefaultOIDCClaimsCallbackHandler method isTokenHasCustomUserClaims.

/**
 * To check whether a token has custom user claims.
 *
 * @param refreshTokenValidationDataDO RefreshTokenValidationDataDO.
 * @return true if the token user attributes has non OIDC claims.
 */
private boolean isTokenHasCustomUserClaims(RefreshTokenValidationDataDO refreshTokenValidationDataDO) {
    AuthorizationGrantCacheKey cacheKey = new AuthorizationGrantCacheKey(refreshTokenValidationDataDO.getAccessToken());
    AuthorizationGrantCacheEntry cacheEntry = AuthorizationGrantCache.getInstance().getValueFromCacheByToken(cacheKey);
    boolean hasNonOIDCClaims = cacheEntry != null && cacheEntry.isHasNonOIDCClaims();
    if (log.isDebugEnabled()) {
        log.debug("hasNonOIDCClaims is set to " + hasNonOIDCClaims + " for the access token of the user : " + refreshTokenValidationDataDO.getAuthorizedUser());
    }
    return cacheEntry != null && cacheEntry.isHasNonOIDCClaims();
}
Also used : AuthorizationGrantCacheEntry(org.wso2.carbon.identity.oauth.cache.AuthorizationGrantCacheEntry) AuthorizationGrantCacheKey(org.wso2.carbon.identity.oauth.cache.AuthorizationGrantCacheKey)

Example 12 with AuthorizationGrantCacheEntry

use of org.wso2.carbon.identity.oauth.cache.AuthorizationGrantCacheEntry in project identity-inbound-auth-oauth by wso2-extensions.

the class DefaultOIDCClaimsCallbackHandler method getUserAttributesFromCacheUsingCode.

/**
 * Get user attributes cached against the authorization code.
 *
 * @param authorizationCode Authorization Code
 * @return User attributes cached against the authorization code
 */
private Map<ClaimMapping, String> getUserAttributesFromCacheUsingCode(String authorizationCode) {
    if (log.isDebugEnabled()) {
        if (IdentityUtil.isTokenLoggable(IdentityConstants.IdentityTokens.AUTHORIZATION_CODE)) {
            log.debug("Retrieving user attributes cached against authorization code: " + authorizationCode);
        } else {
            log.debug("Retrieving user attributes cached against authorization code.");
        }
    }
    AuthorizationGrantCacheKey cacheKey = new AuthorizationGrantCacheKey(authorizationCode);
    AuthorizationGrantCacheEntry cacheEntry = AuthorizationGrantCache.getInstance().getValueFromCacheByCode(cacheKey);
    return cacheEntry == null ? new HashMap<>() : cacheEntry.getUserAttributes();
}
Also used : AuthorizationGrantCacheEntry(org.wso2.carbon.identity.oauth.cache.AuthorizationGrantCacheEntry) AuthorizationGrantCacheKey(org.wso2.carbon.identity.oauth.cache.AuthorizationGrantCacheKey)

Example 13 with AuthorizationGrantCacheEntry

use of org.wso2.carbon.identity.oauth.cache.AuthorizationGrantCacheEntry in project identity-inbound-auth-oauth by wso2-extensions.

the class TokenResponseTypeHandler method addUserAttributesToCache.

private void addUserAttributesToCache(String accessToken, OAuthAuthzReqMessageContext msgCtx) throws IdentityOAuth2Exception {
    OAuth2AuthorizeReqDTO authorizeReqDTO = msgCtx.getAuthorizationReqDTO();
    Map<ClaimMapping, String> userAttributes = authorizeReqDTO.getUser().getUserAttributes();
    AuthorizationGrantCacheKey authorizationGrantCacheKey = new AuthorizationGrantCacheKey(accessToken);
    AuthorizationGrantCacheEntry authorizationGrantCacheEntry = new AuthorizationGrantCacheEntry(userAttributes);
    if (StringUtils.isNotBlank(authorizeReqDTO.getEssentialClaims())) {
        authorizationGrantCacheEntry.setEssentialClaims(authorizeReqDTO.getEssentialClaims());
    }
    if (authorizeReqDTO.getRequestObject() != null) {
        authorizationGrantCacheEntry.setRequestObject(authorizeReqDTO.getRequestObject());
    }
    if (authorizeReqDTO.getAuthTime() != 0) {
        authorizationGrantCacheEntry.setAuthTime(authorizeReqDTO.getAuthTime());
    }
    if (authorizeReqDTO.getMaxAge() != 0) {
        authorizationGrantCacheEntry.setMaxAge(authorizeReqDTO.getMaxAge());
    }
    ClaimMapping key = new ClaimMapping();
    Claim claimOfKey = new Claim();
    claimOfKey.setClaimUri(OAuth2Util.SUB);
    key.setRemoteClaim(claimOfKey);
    String sub = userAttributes.get(key);
    AccessTokenDO accessTokenDO = getAccessTokenDO(accessToken, msgCtx);
    if (accessTokenDO != null && StringUtils.isNotBlank(accessTokenDO.getTokenId())) {
        authorizationGrantCacheEntry.setTokenId(accessTokenDO.getTokenId());
        if (StringUtils.isBlank(sub)) {
            sub = authorizeReqDTO.getUser().getAuthenticatedSubjectIdentifier();
        }
        if (StringUtils.isNotBlank(sub)) {
            if (log.isDebugEnabled() && IdentityUtil.isTokenLoggable(IdentityConstants.IdentityTokens.USER_CLAIMS)) {
                log.debug("Setting subject: " + sub + " as the sub claim in cache against the access token.");
            }
            authorizationGrantCacheEntry.setSubjectClaim(sub);
        }
        authorizationGrantCacheEntry.setValidityPeriod(TimeUnit.MILLISECONDS.toNanos(accessTokenDO.getValidityPeriodInMillis()));
        AuthorizationGrantCache.getInstance().addToCacheByToken(authorizationGrantCacheKey, authorizationGrantCacheEntry);
    }
}
Also used : AccessTokenDO(org.wso2.carbon.identity.oauth2.model.AccessTokenDO) ClaimMapping(org.wso2.carbon.identity.application.common.model.ClaimMapping) AuthorizationGrantCacheEntry(org.wso2.carbon.identity.oauth.cache.AuthorizationGrantCacheEntry) OAuth2AuthorizeReqDTO(org.wso2.carbon.identity.oauth2.dto.OAuth2AuthorizeReqDTO) AuthorizationGrantCacheKey(org.wso2.carbon.identity.oauth.cache.AuthorizationGrantCacheKey) Claim(org.wso2.carbon.identity.application.common.model.Claim)

Example 14 with AuthorizationGrantCacheEntry

use of org.wso2.carbon.identity.oauth.cache.AuthorizationGrantCacheEntry in project identity-inbound-auth-oauth by wso2-extensions.

the class ResponseTypeHandlerUtil method addUserAttributesToCache.

private static void addUserAttributesToCache(String accessToken, OAuthAuthzReqMessageContext msgCtx) throws IdentityOAuth2Exception {
    OAuth2AuthorizeReqDTO authorizeReqDTO = msgCtx.getAuthorizationReqDTO();
    Map<ClaimMapping, String> userAttributes = authorizeReqDTO.getUser().getUserAttributes();
    AuthorizationGrantCacheKey authorizationGrantCacheKey = new AuthorizationGrantCacheKey(accessToken);
    AuthorizationGrantCacheEntry authorizationGrantCacheEntry = new AuthorizationGrantCacheEntry(userAttributes);
    if (StringUtils.isNotBlank(authorizeReqDTO.getEssentialClaims())) {
        authorizationGrantCacheEntry.setEssentialClaims(authorizeReqDTO.getEssentialClaims());
    }
    ClaimMapping key = new ClaimMapping();
    Claim claimOfKey = new Claim();
    claimOfKey.setClaimUri(OAuth2Util.SUB);
    key.setRemoteClaim(claimOfKey);
    String sub = null;
    try {
        sub = authorizeReqDTO.getUser().getUserId();
    } catch (UserIdNotFoundException e) {
    // Ignoring the unavailability of the user id, since it is handled later.
    }
    AccessTokenDO accessTokenDO = getAccessTokenDO(accessToken, msgCtx);
    if (accessTokenDO != null && StringUtils.isNotBlank(accessTokenDO.getTokenId())) {
        authorizationGrantCacheEntry.setTokenId(accessTokenDO.getTokenId());
    }
    if (StringUtils.isBlank(sub)) {
        sub = authorizeReqDTO.getUser().getAuthenticatedSubjectIdentifier();
    }
    if (StringUtils.isNotBlank(sub)) {
        userAttributes.put(key, sub);
    }
    authorizationGrantCacheEntry.setValidityPeriod(TimeUnit.MILLISECONDS.toNanos(accessTokenDO.getValidityPeriodInMillis()));
    AuthorizationGrantCache.getInstance().addToCacheByToken(authorizationGrantCacheKey, authorizationGrantCacheEntry);
}
Also used : AccessTokenDO(org.wso2.carbon.identity.oauth2.model.AccessTokenDO) ClaimMapping(org.wso2.carbon.identity.application.common.model.ClaimMapping) AuthorizationGrantCacheEntry(org.wso2.carbon.identity.oauth.cache.AuthorizationGrantCacheEntry) OAuth2AuthorizeReqDTO(org.wso2.carbon.identity.oauth2.dto.OAuth2AuthorizeReqDTO) AuthorizationGrantCacheKey(org.wso2.carbon.identity.oauth.cache.AuthorizationGrantCacheKey) UserIdNotFoundException(org.wso2.carbon.identity.application.authentication.framework.exception.UserIdNotFoundException) Claim(org.wso2.carbon.identity.application.common.model.Claim)

Example 15 with AuthorizationGrantCacheEntry

use of org.wso2.carbon.identity.oauth.cache.AuthorizationGrantCacheEntry in project identity-inbound-auth-oauth by wso2-extensions.

the class ClaimProviderImpl method getAdditionalClaims.

@Override
public Map<String, Object> getAdditionalClaims(OAuthTokenReqMessageContext oAuthTokenReqMessageContext, OAuth2AccessTokenRespDTO oAuth2AccessTokenRespDTO) throws IdentityOAuth2Exception {
    Map<String, Object> additionalClaims = new HashMap<>();
    String claimValue = null;
    String accessCode = oAuthTokenReqMessageContext.getOauth2AccessTokenReqDTO().getAuthorizationCode();
    if (StringUtils.isBlank(accessCode)) {
        if (log.isDebugEnabled()) {
            log.debug("AccessCode is null. Possibly a back end grant");
        }
        return additionalClaims;
    }
    AuthorizationGrantCacheEntry authzGrantCacheEntry = getAuthorizationGrantCacheEntryFromCode(accessCode);
    if (authzGrantCacheEntry != null) {
        claimValue = authzGrantCacheEntry.getOidcSessionId();
    }
    if (claimValue != null) {
        if (log.isDebugEnabled()) {
            log.debug("sid claim is found in the session state");
        }
        additionalClaims.put("sid", claimValue);
    }
    return additionalClaims;
}
Also used : AuthorizationGrantCacheEntry(org.wso2.carbon.identity.oauth.cache.AuthorizationGrantCacheEntry) HashMap(java.util.HashMap)

Aggregations

AuthorizationGrantCacheEntry (org.wso2.carbon.identity.oauth.cache.AuthorizationGrantCacheEntry)24 AuthorizationGrantCacheKey (org.wso2.carbon.identity.oauth.cache.AuthorizationGrantCacheKey)18 HashMap (java.util.HashMap)7 ClaimMapping (org.wso2.carbon.identity.application.common.model.ClaimMapping)6 JWTClaimsSet (com.nimbusds.jwt.JWTClaimsSet)3 Matchers.anyString (org.mockito.Matchers.anyString)3 Claim (org.wso2.carbon.identity.application.common.model.Claim)3 ArrayList (java.util.ArrayList)2 AttributeBuilder (org.opensaml.saml.saml2.core.impl.AttributeBuilder)2 PrepareForTest (org.powermock.core.classloader.annotations.PrepareForTest)2 Test (org.testng.annotations.Test)2 OAuth2AuthorizeReqDTO (org.wso2.carbon.identity.oauth2.dto.OAuth2AuthorizeReqDTO)2 AccessTokenDO (org.wso2.carbon.identity.oauth2.model.AccessTokenDO)2 RefreshTokenValidationDataDO (org.wso2.carbon.identity.oauth2.model.RefreshTokenValidationDataDO)2 OAuthTokenReqMessageContext (org.wso2.carbon.identity.oauth2.token.OAuthTokenReqMessageContext)2 SAML2BearerGrantHandlerTest (org.wso2.carbon.identity.oauth2.token.handlers.grant.saml.SAML2BearerGrantHandlerTest)2 RequestedClaim (org.wso2.carbon.identity.openidconnect.model.RequestedClaim)2 UserRealm (org.wso2.carbon.user.core.UserRealm)2 PlainJWT (com.nimbusds.jwt.PlainJWT)1 Key (java.security.Key)1
About Me
UseOf

Java Tutorials :

Simple Java RabbitMQ Example with Spring
Simple Springboot JPA Eclipeslink Example
Simple SpringBoot JPA Hibernate Example
Jackson JSON @JsonIgnore and @JsonIgnoreProperties Examples
Java Infinite recursion (StackOverflowError) Jackson solutions
Simple Java Jackson Serialize Objects to JSON and convert them back To Object
ElasticSearch 5 - Upload files using Java API in binary field Example
Java JAXB marshall unmarshall Examples from String and Stream
Java 8 forEach List and Map examples
ElasticSearch 5 Java API SearchRequestBuilder examples
Java ElasticSearch 5 examples with node index and mapping - running local
Convert String to int or Integer Java 8
Java 9 in action - JShell - Ubuntu
Java - removing invalid characters from a file name
Hello world!? or Hello Tutorial