Search in sources :

Example 1 with AccessDeniedException

use of org.wso2.carbon.identity.oauth.endpoint.exception.AccessDeniedException in project identity-inbound-auth-oauth by wso2-extensions.

the class OAuthRequestStateValidator method validateRequest.

private void validateRequest(OAuthMessage oAuthMessage) throws InvalidRequestParentException {
    validateRepeatedParameters(oAuthMessage);
    if (oAuthMessage.getResultFromLogin() != null && oAuthMessage.getResultFromConsent() != null) {
        if (log.isDebugEnabled()) {
            log.debug("Invalid authorization request.\'SessionDataKey\' found in request as parameter and " + "attribute, and both have non NULL objects in cache");
        }
        if (LoggerUtils.isDiagnosticLogsEnabled()) {
            Map<String, Object> params = new HashMap<>();
            oAuthMessage.getRequest().getParameterMap().forEach(params::put);
            LoggerUtils.triggerDiagnosticLogEvent(OAuthConstants.LogConstants.OAUTH_INBOUND_SERVICE, params, OAuthConstants.LogConstants.FAILED, "invalid 'SessionDataKey' parameter in authorization request", "validate-input-parameters", null);
        }
        throw new InvalidRequestException("Invalid authorization request", OAuth2ErrorCodes.INVALID_REQUEST, OAuth2ErrorCodes.OAuth2SubErrorCodes.INVALID_AUTHORIZATION_REQUEST);
    } else if (oAuthMessage.getClientId() == null && oAuthMessage.getResultFromLogin() == null && oAuthMessage.getResultFromConsent() == null) {
        if (log.isDebugEnabled()) {
            log.debug("Invalid authorization request.\'SessionDataKey\' not found in request as parameter or " + "attribute, and client_id parameter cannot be found in request");
        }
        if (LoggerUtils.isDiagnosticLogsEnabled()) {
            Map<String, Object> params = new HashMap<>();
            oAuthMessage.getRequest().getParameterMap().forEach(params::put);
            LoggerUtils.triggerDiagnosticLogEvent(OAuthConstants.LogConstants.OAUTH_INBOUND_SERVICE, params, OAuthConstants.LogConstants.FAILED, "invalid 'client_id' and 'SessionDataKey' parameters cannot be found in request", "validate-input-parameters", null);
        }
        throw new InvalidRequestException("Invalid authorization request", OAuth2ErrorCodes.INVALID_REQUEST, OAuth2ErrorCodes.OAuth2SubErrorCodes.INVALID_CLIENT);
    } else if (oAuthMessage.getSessionDataKeyFromLogin() != null && oAuthMessage.getResultFromLogin() == null) {
        if (log.isDebugEnabled()) {
            log.debug("Session data not found in SessionDataCache for " + oAuthMessage.getSessionDataKeyFromLogin());
        }
        if (LoggerUtils.isDiagnosticLogsEnabled()) {
            Map<String, Object> params = new HashMap<>();
            oAuthMessage.getRequest().getParameterMap().forEach(params::put);
            LoggerUtils.triggerDiagnosticLogEvent(OAuthConstants.LogConstants.OAUTH_INBOUND_SERVICE, params, OAuthConstants.LogConstants.FAILED, "Access denied since user session has timed-out.", "validate-input-parameters", null);
        }
        throw new AccessDeniedException("Session Timed Out", OAuth2ErrorCodes.ACCESS_DENIED, OAuth2ErrorCodes.OAuth2SubErrorCodes.SESSION_TIME_OUT);
    } else if (oAuthMessage.getSessionDataKeyFromConsent() != null && oAuthMessage.getResultFromConsent() == null) {
        if (oAuthMessage.getResultFromLogin() == null) {
            if (log.isDebugEnabled()) {
                log.debug("Session data not found in SessionDataCache for " + oAuthMessage.getSessionDataKeyFromConsent());
            }
            if (LoggerUtils.isDiagnosticLogsEnabled()) {
                Map<String, Object> params = new HashMap<>();
                oAuthMessage.getRequest().getParameterMap().forEach(params::put);
                LoggerUtils.triggerDiagnosticLogEvent(OAuthConstants.LogConstants.OAUTH_INBOUND_SERVICE, params, OAuthConstants.LogConstants.FAILED, "Access denied since user session has timed-out.", "validate-input-parameters", null);
            }
            throw new AccessDeniedException("Session Timed Out", OAuth2ErrorCodes.ACCESS_DENIED, OAuth2ErrorCodes.OAuth2SubErrorCodes.SESSION_TIME_OUT);
        } else {
            // if the sessionDataKeyFromConsent parameter present in the login request, skip it and allow login
            // since result from login is there.
            oAuthMessage.setSessionDataKeyFromConsent(null);
        }
    }
}
Also used : AccessDeniedException(org.wso2.carbon.identity.oauth.endpoint.exception.AccessDeniedException) HashMap(java.util.HashMap) InvalidRequestException(org.wso2.carbon.identity.oauth.endpoint.exception.InvalidRequestException) HashMap(java.util.HashMap) Map(java.util.Map)

Aggregations

HashMap (java.util.HashMap)1 Map (java.util.Map)1 AccessDeniedException (org.wso2.carbon.identity.oauth.endpoint.exception.AccessDeniedException)1 InvalidRequestException (org.wso2.carbon.identity.oauth.endpoint.exception.InvalidRequestException)1