use of org.wso2.carbon.identity.oauth.endpoint.exception.AccessDeniedException in project identity-inbound-auth-oauth by wso2-extensions.
the class OAuthRequestStateValidator method validateRequest.
private void validateRequest(OAuthMessage oAuthMessage) throws InvalidRequestParentException {
validateRepeatedParameters(oAuthMessage);
if (oAuthMessage.getResultFromLogin() != null && oAuthMessage.getResultFromConsent() != null) {
if (log.isDebugEnabled()) {
log.debug("Invalid authorization request.\'SessionDataKey\' found in request as parameter and " + "attribute, and both have non NULL objects in cache");
}
if (LoggerUtils.isDiagnosticLogsEnabled()) {
Map<String, Object> params = new HashMap<>();
oAuthMessage.getRequest().getParameterMap().forEach(params::put);
LoggerUtils.triggerDiagnosticLogEvent(OAuthConstants.LogConstants.OAUTH_INBOUND_SERVICE, params, OAuthConstants.LogConstants.FAILED, "invalid 'SessionDataKey' parameter in authorization request", "validate-input-parameters", null);
}
throw new InvalidRequestException("Invalid authorization request", OAuth2ErrorCodes.INVALID_REQUEST, OAuth2ErrorCodes.OAuth2SubErrorCodes.INVALID_AUTHORIZATION_REQUEST);
} else if (oAuthMessage.getClientId() == null && oAuthMessage.getResultFromLogin() == null && oAuthMessage.getResultFromConsent() == null) {
if (log.isDebugEnabled()) {
log.debug("Invalid authorization request.\'SessionDataKey\' not found in request as parameter or " + "attribute, and client_id parameter cannot be found in request");
}
if (LoggerUtils.isDiagnosticLogsEnabled()) {
Map<String, Object> params = new HashMap<>();
oAuthMessage.getRequest().getParameterMap().forEach(params::put);
LoggerUtils.triggerDiagnosticLogEvent(OAuthConstants.LogConstants.OAUTH_INBOUND_SERVICE, params, OAuthConstants.LogConstants.FAILED, "invalid 'client_id' and 'SessionDataKey' parameters cannot be found in request", "validate-input-parameters", null);
}
throw new InvalidRequestException("Invalid authorization request", OAuth2ErrorCodes.INVALID_REQUEST, OAuth2ErrorCodes.OAuth2SubErrorCodes.INVALID_CLIENT);
} else if (oAuthMessage.getSessionDataKeyFromLogin() != null && oAuthMessage.getResultFromLogin() == null) {
if (log.isDebugEnabled()) {
log.debug("Session data not found in SessionDataCache for " + oAuthMessage.getSessionDataKeyFromLogin());
}
if (LoggerUtils.isDiagnosticLogsEnabled()) {
Map<String, Object> params = new HashMap<>();
oAuthMessage.getRequest().getParameterMap().forEach(params::put);
LoggerUtils.triggerDiagnosticLogEvent(OAuthConstants.LogConstants.OAUTH_INBOUND_SERVICE, params, OAuthConstants.LogConstants.FAILED, "Access denied since user session has timed-out.", "validate-input-parameters", null);
}
throw new AccessDeniedException("Session Timed Out", OAuth2ErrorCodes.ACCESS_DENIED, OAuth2ErrorCodes.OAuth2SubErrorCodes.SESSION_TIME_OUT);
} else if (oAuthMessage.getSessionDataKeyFromConsent() != null && oAuthMessage.getResultFromConsent() == null) {
if (oAuthMessage.getResultFromLogin() == null) {
if (log.isDebugEnabled()) {
log.debug("Session data not found in SessionDataCache for " + oAuthMessage.getSessionDataKeyFromConsent());
}
if (LoggerUtils.isDiagnosticLogsEnabled()) {
Map<String, Object> params = new HashMap<>();
oAuthMessage.getRequest().getParameterMap().forEach(params::put);
LoggerUtils.triggerDiagnosticLogEvent(OAuthConstants.LogConstants.OAUTH_INBOUND_SERVICE, params, OAuthConstants.LogConstants.FAILED, "Access denied since user session has timed-out.", "validate-input-parameters", null);
}
throw new AccessDeniedException("Session Timed Out", OAuth2ErrorCodes.ACCESS_DENIED, OAuth2ErrorCodes.OAuth2SubErrorCodes.SESSION_TIME_OUT);
} else {
// if the sessionDataKeyFromConsent parameter present in the login request, skip it and allow login
// since result from login is there.
oAuthMessage.setSessionDataKeyFromConsent(null);
}
}
}
Aggregations