Example 1 with ResponseTypeHandler
use of org.wso2.carbon.identity.oauth2.authz.handlers.ResponseTypeHandler in project identity-inbound-auth-oauth by wso2-extensions.
the class AuthorizationHandlerManager method validateAuthzRequest.
private OAuth2AuthorizeRespDTO validateAuthzRequest(OAuth2AuthorizeReqDTO authzReqDTO, OAuthAuthzReqMessageContext authzReqMsgCtx, ResponseTypeHandler authzHandler) throws IdentityOAuth2Exception {
OAuth2AuthorizeRespDTO authorizeRespDTO = new OAuth2AuthorizeRespDTO();
if (isInvalidResponseType(authzReqDTO, authorizeRespDTO)) {
return authorizeRespDTO;
}
if (isInvalidClient(authzReqDTO, authorizeRespDTO, authzReqMsgCtx, authzHandler)) {
return authorizeRespDTO;
}
if (isInvalidAccessDelegation(authzReqDTO, authorizeRespDTO, authzReqMsgCtx, authzHandler)) {
return authorizeRespDTO;
}
List<String> allowedScopes = OAuthServerConfiguration.getInstance().getAllowedScopes();
List<String> requestedAllowedScopes = new ArrayList<>();
String[] requestedScopes = authzReqMsgCtx.getAuthorizationReqDTO().getScopes();
List<String> scopesToBeValidated = new ArrayList<>();
if (requestedScopes != null) {
for (String scope : requestedScopes) {
if (OAuth2Util.isAllowedScope(allowedScopes, scope)) {
requestedAllowedScopes.add(scope);
} else {
scopesToBeValidated.add(scope);
}
}
authzReqMsgCtx.getAuthorizationReqDTO().setScopes(scopesToBeValidated.toArray(new String[0]));
}
// Execute Internal SCOPE Validation.
String[] authorizedInternalScopes = new String[0];
boolean isManagementApp = isManagementApp(authzReqDTO);
if (isManagementApp) {
if (log.isDebugEnabled()) {
log.debug("Handling the internal scope validation.");
}
JDBCPermissionBasedInternalScopeValidator scopeValidator = new JDBCPermissionBasedInternalScopeValidator();
authorizedInternalScopes = scopeValidator.validateScope(authzReqMsgCtx);
// Execute internal console scopes validation.
if (IdentityUtil.isSystemRolesEnabled()) {
RoleBasedInternalScopeValidator roleBasedInternalScopeValidator = new RoleBasedInternalScopeValidator();
String[] roleBasedInternalConsoleScopes = roleBasedInternalScopeValidator.validateScope(authzReqMsgCtx);
authorizedInternalScopes = (String[]) ArrayUtils.addAll(authorizedInternalScopes, roleBasedInternalConsoleScopes);
}
} else {
if (log.isDebugEnabled()) {
log.debug("Skipping the internal scope validation as the application is not" + " configured as Management App");
}
}
// Clear the internal scopes. Internal scopes should only handle in JDBCPermissionBasedInternalScopeValidator.
// Those scopes should not send to the other scopes validators.
// Thus remove the scopes from the authzReqMsgCtx. Will be added to the response after executing
// the other scope validators.
removeInternalScopes(authzReqMsgCtx);
// Adding the authorized internal scopes to tokReqMsgCtx for any special validators to use.
authzReqMsgCtx.setAuthorizedInternalScopes(authorizedInternalScopes);
boolean isDropUnregisteredScopes = OAuthServerConfiguration.getInstance().isDropUnregisteredScopes();
if (isDropUnregisteredScopes) {
if (log.isDebugEnabled()) {
log.debug("DropUnregisteredScopes config is enabled. Attempting to drop unregistered scopes.");
}
String[] filteredScopes = OAuth2Util.dropUnregisteredScopes(authzReqMsgCtx.getAuthorizationReqDTO().getScopes(), authzReqMsgCtx.getAuthorizationReqDTO().getTenantDomain());
authzReqMsgCtx.getAuthorizationReqDTO().setScopes(filteredScopes);
}
boolean valid = validateScope(authzReqDTO, authorizeRespDTO, authzReqMsgCtx, authzHandler);
if (valid) {
// Add authorized internal scopes to the request for sending in the response.
addAuthorizedInternalScopes(authzReqMsgCtx, authzReqMsgCtx.getAuthorizedInternalScopes());
addAllowedScopes(authzReqMsgCtx, requestedAllowedScopes.toArray(new String[0]));
}
return authorizeRespDTO;
}
Also used :
RoleBasedInternalScopeValidator(org.wso2.carbon.identity.oauth2.validators.RoleBasedInternalScopeValidator)
OAuth2AuthorizeRespDTO(org.wso2.carbon.identity.oauth2.dto.OAuth2AuthorizeRespDTO)
JDBCPermissionBasedInternalScopeValidator(org.wso2.carbon.identity.oauth2.validators.JDBCPermissionBasedInternalScopeValidator)
ArrayList(java.util.ArrayList)
Example 2 with ResponseTypeHandler
use of org.wso2.carbon.identity.oauth2.authz.handlers.ResponseTypeHandler in project identity-inbound-auth-oauth by wso2-extensions.
the class OAuthServerConfiguration method getSupportedResponseTypes.
public Map<String, ResponseTypeHandler> getSupportedResponseTypes() {
if (supportedResponseTypes == null) {
synchronized (this) {
if (supportedResponseTypes == null) {
Map<String, ResponseTypeHandler> supportedResponseTypesTemp = new Hashtable<>();
for (Map.Entry<String, String> entry : supportedResponseTypeClassNames.entrySet()) {
ResponseTypeHandler responseTypeHandler = null;
try {
responseTypeHandler = (ResponseTypeHandler) Class.forName(entry.getValue()).newInstance();
responseTypeHandler.init();
} catch (InstantiationException e) {
log.error("Error instantiating " + entry.getValue(), e);
} catch (IllegalAccessException e) {
log.error("Illegal access to " + entry.getValue(), e);
} catch (ClassNotFoundException e) {
log.error("Cannot find class: " + entry.getValue(), e);
} catch (IdentityOAuth2Exception e) {
log.error("Error while initializing " + entry.getValue(), e);
}
supportedResponseTypesTemp.put(entry.getKey(), responseTypeHandler);
}
supportedResponseTypes = supportedResponseTypesTemp;
}
}
}
return supportedResponseTypes;
}
Also used :
ResponseTypeHandler(org.wso2.carbon.identity.oauth2.authz.handlers.ResponseTypeHandler)
IdentityOAuth2Exception(org.wso2.carbon.identity.oauth2.IdentityOAuth2Exception)
Hashtable(java.util.Hashtable)
Map(java.util.Map)
HashMap(java.util.HashMap)
Example 3 with ResponseTypeHandler
use of org.wso2.carbon.identity.oauth2.authz.handlers.ResponseTypeHandler in project identity-inbound-auth-oauth by wso2-extensions.
the class OAuth2ServiceTest method getResponseHander.
private ResponseTypeHandler getResponseHander(OAuth2Parameters oAuth2Parameters) throws Exception {
oAuth2Parameters.setResponseType("dummyResponseType");
Map<String, ResponseTypeHandler> testMap = new HashMap<>();
ResponseTypeHandler mockResponseTypeHander = mock(ResponseTypeHandler.class);
testMap.put("dummyResponseType", mockResponseTypeHander);
WhiteboxImpl.setInternalState(AuthorizationHandlerManager.getInstance(), "responseHandlers", testMap);
return mockResponseTypeHander;
}
Also used :
ResponseTypeHandler(org.wso2.carbon.identity.oauth2.authz.handlers.ResponseTypeHandler)
HashMap(java.util.HashMap)
Matchers.anyString(org.mockito.Matchers.anyString)
Example 4 with ResponseTypeHandler
use of org.wso2.carbon.identity.oauth2.authz.handlers.ResponseTypeHandler in project identity-inbound-auth-oauth by wso2-extensions.
the class AuthorizationHandlerManager method handleAuthorization.
public OAuth2AuthorizeRespDTO handleAuthorization(OAuth2AuthorizeReqDTO authzReqDTO) throws IdentityOAuth2Exception, IdentityOAuthAdminException, InvalidOAuthClientException {
OAuthAuthzReqMessageContext authzReqMsgCtx = getOAuthAuthzReqMessageContext(authzReqDTO);
ResponseTypeHandler authzHandler = getResponseHandler(authzReqDTO);
OAuth2AuthorizeRespDTO authorizeRespDTO = validateAuthzRequest(authzReqDTO, authzReqMsgCtx, authzHandler);
if (isErrorResponseFound(authorizeRespDTO)) {
if (log.isDebugEnabled()) {
log.debug("Error response received for authorization request by user : " + authzReqDTO.getUser() + ", client : " + authzReqDTO.getConsumerKey() + ", scope : " + OAuth2Util.buildScopeString(authzReqDTO.getScopes()));
}
return authorizeRespDTO;
}
try {
// set the authorization request context to be used by downstream handlers. This is introduced as a fix for
// IDENTITY-4111
OAuth2Util.setAuthzRequestContext(authzReqMsgCtx);
authorizeRespDTO = authzHandler.issue(authzReqMsgCtx);
} finally {
// clears authorization request context
OAuth2Util.clearAuthzRequestContext();
}
return authorizeRespDTO;
}
Also used :
ResponseTypeHandler(org.wso2.carbon.identity.oauth2.authz.handlers.ResponseTypeHandler)
OAuth2AuthorizeRespDTO(org.wso2.carbon.identity.oauth2.dto.OAuth2AuthorizeRespDTO)
Aggregations
ResponseTypeHandler (org.wso2.carbon.identity.oauth2.authz.handlers.ResponseTypeHandler)3
HashMap (java.util.HashMap)2
OAuth2AuthorizeRespDTO (org.wso2.carbon.identity.oauth2.dto.OAuth2AuthorizeRespDTO)2
ArrayList (java.util.ArrayList)1
Hashtable (java.util.Hashtable)1
Map (java.util.Map)1
Matchers.anyString (org.mockito.Matchers.anyString)1
IdentityOAuth2Exception (org.wso2.carbon.identity.oauth2.IdentityOAuth2Exception)1
JDBCPermissionBasedInternalScopeValidator (org.wso2.carbon.identity.oauth2.validators.JDBCPermissionBasedInternalScopeValidator)1
RoleBasedInternalScopeValidator (org.wso2.carbon.identity.oauth2.validators.RoleBasedInternalScopeValidator)1
