Example 1 with IdentityOAuth2ScopeServerException
use of org.wso2.carbon.identity.oauth2.IdentityOAuth2ScopeServerException in project identity-inbound-auth-oauth by wso2-extensions.
the class OAuth2ScopeService method getScope.
/**
* @param name Name of the scope which need to get retrieved
* @return Retrieved Scope
* @throws IdentityOAuth2ScopeException
*/
public Scope getScope(String name) throws IdentityOAuth2ScopeException {
Scope scope;
int tenantID = Oauth2ScopeUtils.getTenantID();
validateScopeName(name);
scope = OAuthScopeCache.getInstance().getValueFromCache(new OAuthScopeCacheKey(name), tenantID);
if (scope == null) {
try {
scope = OAuthTokenPersistenceFactory.getInstance().getOAuthScopeDAO().getScopeByName(name, tenantID);
if (scope != null) {
if (log.isDebugEnabled()) {
log.debug("Scope is getting from the database. \n" + scope.toString());
}
OAuthScopeCache.getInstance().addToCache(new OAuthScopeCacheKey(name), scope, tenantID);
}
} catch (IdentityOAuth2ScopeServerException e) {
throw Oauth2ScopeUtils.generateServerException(Oauth2ScopeConstants.ErrorMessages.ERROR_CODE_FAILED_TO_GET_SCOPE_BY_NAME, name, e);
}
}
if (scope == null) {
throw Oauth2ScopeUtils.generateClientException(Oauth2ScopeConstants.ErrorMessages.ERROR_CODE_NOT_FOUND_SCOPE, name);
}
return scope;
}
Also used :
Scope(org.wso2.carbon.identity.oauth2.bean.Scope)
OAuthScopeCacheKey(org.wso2.carbon.identity.oauth.cache.OAuthScopeCacheKey)
Example 2 with IdentityOAuth2ScopeServerException
use of org.wso2.carbon.identity.oauth2.IdentityOAuth2ScopeServerException in project identity-inbound-auth-oauth by wso2-extensions.
the class OAuth2ScopeService method isUserHasAnExistingConsentForApp.
/**
* Check if the user already has an existing consent for the application.
*
* @param userId User id.
* @param appId Application id.
* @param userTenantId Tenant id.
* @return True if user already has an existing consent.
* @throws IdentityOAuth2ScopeException
*/
public boolean isUserHasAnExistingConsentForApp(String userId, String appId, int userTenantId) throws IdentityOAuth2ScopeException {
validateUserId(userId);
validateAppId(appId);
try {
boolean consentExists = false;
UserApplicationScopeConsentDO existingConsents = OAuthTokenPersistenceFactory.getInstance().getOAuthUserConsentedScopesDAO().getUserConsentForApplication(userId, appId, userTenantId);
if (CollectionUtils.isNotEmpty(existingConsents.getApprovedScopes()) || CollectionUtils.isNotEmpty(existingConsents.getDeniedScopes())) {
consentExists = true;
}
if (log.isDebugEnabled()) {
log.debug("Existing consent status : " + consentExists + " for user : " + userId + ", app : " + appId + " in tenant with id : " + userTenantId);
}
return consentExists;
} catch (IdentityOAuth2ScopeConsentException e) {
Oauth2ScopeConstants.ErrorMessages error = Oauth2ScopeConstants.ErrorMessages.ERROR_CODE_FAILED_TO_CHECK_EXISTING_CONSENTS_FOR_USER;
String msg = String.format(error.getMessage(), userId, appId, userTenantId);
throw new IdentityOAuth2ScopeServerException(error.getCode(), msg, e);
}
}
Also used :
UserApplicationScopeConsentDO(org.wso2.carbon.identity.oauth2.model.UserApplicationScopeConsentDO)
Example 3 with IdentityOAuth2ScopeServerException
use of org.wso2.carbon.identity.oauth2.IdentityOAuth2ScopeServerException in project identity-inbound-auth-oauth by wso2-extensions.
the class OAuth2ScopeService method hasUserProvidedConsentForAllRequestedScopes.
/**
* Check if user has already consented for requested scopes.
*
* @param userId User Id.
* @param appId Application Id.
* @param userTenantId Tenant Id.
* @param consentRequiredScopes List of consent required approved scopes.
* @return true if user has already provided the consent.
* @throws IdentityOAuth2ScopeException
*/
public boolean hasUserProvidedConsentForAllRequestedScopes(String userId, String appId, int userTenantId, List<String> consentRequiredScopes) throws IdentityOAuth2ScopeException {
validateUserId(userId);
validateAppId(appId);
try {
if (CollectionUtils.isNotEmpty(consentRequiredScopes)) {
UserApplicationScopeConsentDO existingConsent = OAuthTokenPersistenceFactory.getInstance().getOAuthUserConsentedScopesDAO().getUserConsentForApplication(userId, appId, userTenantId);
consentRequiredScopes.removeAll(existingConsent.getApprovedScopes());
consentRequiredScopes.removeAll(existingConsent.getDeniedScopes());
return consentRequiredScopes.isEmpty();
}
return true;
} catch (IdentityOAuth2ScopeConsentException e) {
Oauth2ScopeConstants.ErrorMessages error = Oauth2ScopeConstants.ErrorMessages.ERROR_CODE_FAILED_TO_CHECK_ALREADY_USER_CONSENTED;
String msg = String.format(error.getMessage(), userId, appId, userTenantId);
throw new IdentityOAuth2ScopeServerException(error.getCode(), msg, e);
}
}
Also used :
UserApplicationScopeConsentDO(org.wso2.carbon.identity.oauth2.model.UserApplicationScopeConsentDO)
Example 4 with IdentityOAuth2ScopeServerException
use of org.wso2.carbon.identity.oauth2.IdentityOAuth2ScopeServerException in project identity-inbound-auth-oauth by wso2-extensions.
the class OAuth2ScopeService method isScopeExists.
/**
* Check the existence of a scope depends on scope type. Type can be OAUTH2 scopes or OIDC scopes.
*
* @param name Name of the scope.
* @param includeOIDCScopes Include OIDC scopes as well.
* @return True if scope with the given scope name exists.
* @throws IdentityOAuth2ScopeException
*/
public boolean isScopeExists(String name, boolean includeOIDCScopes) throws IdentityOAuth2ScopeException {
boolean isScopeExists;
int tenantID = Oauth2ScopeUtils.getTenantID();
if (name == null) {
throw Oauth2ScopeUtils.generateClientException(Oauth2ScopeConstants.ErrorMessages.ERROR_CODE_BAD_REQUEST_SCOPE_NAME_NOT_SPECIFIED, null);
}
Scope scopeFromCache = OAuthScopeCache.getInstance().getValueFromCache(new OAuthScopeCacheKey(name), tenantID);
if (scopeFromCache != null) {
isScopeExists = true;
} else {
try {
isScopeExists = OAuthTokenPersistenceFactory.getInstance().getOAuthScopeDAO().isScopeExists(name, tenantID, includeOIDCScopes);
} catch (IdentityOAuth2ScopeServerException e) {
throw Oauth2ScopeUtils.generateServerException(Oauth2ScopeConstants.ErrorMessages.ERROR_CODE_FAILED_TO_GET_SCOPE_BY_NAME, name, e);
}
}
return isScopeExists;
}
Also used :
Scope(org.wso2.carbon.identity.oauth2.bean.Scope)
OAuthScopeCacheKey(org.wso2.carbon.identity.oauth.cache.OAuthScopeCacheKey)
Example 5 with IdentityOAuth2ScopeServerException
use of org.wso2.carbon.identity.oauth2.IdentityOAuth2ScopeServerException in project identity-inbound-auth-oauth by wso2-extensions.
the class OAuth2ScopeService method registerScope.
/**
* Register a scope with the bindings
*
* @param scope details of the scope to be registered
* @throws IdentityOAuth2ScopeServerException
*/
public Scope registerScope(Scope scope) throws IdentityOAuth2ScopeException {
addScopePreValidation(scope);
// Check whether a scope exists with the provided scope name or not regardless of scope type. We don't allow
// to register same scope name across OAuth2 and OIDC scope endpoints. We keep the scope name as unique.
boolean isScopeExists = isScopeExists(scope.getName(), true);
if (isScopeExists) {
// Rechecking to see if the existing scope is an OIDC scope to improve error response.
if (isScopeExists(scope.getName(), false)) {
throw Oauth2ScopeUtils.generateClientException(Oauth2ScopeConstants.ErrorMessages.ERROR_CODE_CONFLICT_REQUEST_EXISTING_SCOPE, scope.getName());
} else {
throw Oauth2ScopeUtils.generateClientException(Oauth2ScopeConstants.ErrorMessages.ERROR_CODE_CONFLICT_REQUEST_EXISTING_SCOPE_OIDC, scope.getName());
}
}
int tenantID = Oauth2ScopeUtils.getTenantID();
try {
OAuthTokenPersistenceFactory.getInstance().getOAuthScopeDAO().addScope(scope, tenantID);
if (log.isDebugEnabled()) {
log.debug("Scope is added to the database. \n" + scope.toString());
}
} catch (IdentityOAuth2ScopeServerException e) {
throw Oauth2ScopeUtils.generateServerException(Oauth2ScopeConstants.ErrorMessages.ERROR_CODE_FAILED_TO_REGISTER_SCOPE, scope.toString(), e);
}
OAuthScopeCache.getInstance().addToCache(new OAuthScopeCacheKey(scope.getName()), scope, tenantID);
return scope;
}
Also used :
OAuthScopeCacheKey(org.wso2.carbon.identity.oauth.cache.OAuthScopeCacheKey)
Aggregations
IdentityOAuth2ScopeServerException (org.wso2.carbon.identity.oauth2.IdentityOAuth2ScopeServerException)13
Scope (org.wso2.carbon.identity.oauth2.bean.Scope)13
Connection (java.sql.Connection)10
SQLException (java.sql.SQLException)10
ArrayList (java.util.ArrayList)8
PreparedStatement (java.sql.PreparedStatement)7
ResultSet (java.sql.ResultSet)7
HashSet (java.util.HashSet)7
NamedPreparedStatement (org.wso2.carbon.identity.oauth2.util.NamedPreparedStatement)7
OAuthScopeCacheKey (org.wso2.carbon.identity.oauth.cache.OAuthScopeCacheKey)6
HashMap (java.util.HashMap)5
Map (java.util.Map)5
UserApplicationScopeConsentDO (org.wso2.carbon.identity.oauth2.model.UserApplicationScopeConsentDO)5
IdentityOAuth2Exception (org.wso2.carbon.identity.oauth2.IdentityOAuth2Exception)2
OAuthSystemException (org.apache.oltu.oauth2.common.exception.OAuthSystemException)1
UserIdNotFoundException (org.wso2.carbon.identity.application.authentication.framework.exception.UserIdNotFoundException)1
OAuthScopeBindingCacheKey (org.wso2.carbon.identity.oauth.cache.OAuthScopeBindingCacheKey)1
InvalidOAuthClientException (org.wso2.carbon.identity.oauth.common.exception.InvalidOAuthClientException)1
OAuthAppDO (org.wso2.carbon.identity.oauth.dao.OAuthAppDO)1
ScopeBinding (org.wso2.carbon.identity.oauth2.bean.ScopeBinding)1
