Example 1 with BadRequestException
use of org.wso2.charon3.core.exceptions.BadRequestException in project OpenAM by OpenRock.
the class OpenIDConnectEndSession method endSession.
/**
* Ends an OpenId Connect session.
*
* @param idToken The OpenId Token.
* @throws BadRequestException If the request is malformed.
* @throws ServerException If any internal server error occurs.
*/
public void endSession(String idToken) throws BadRequestException, ServerException {
if (idToken == null || idToken.isEmpty()) {
logger.warn("No id_token_hint parameter supplied to the endSession endpoint");
throw new BadRequestException("The endSession endpoint requires an id_token_hint parameter");
}
JwtReconstruction jwtReconstruction = new JwtReconstruction();
SignedJwt jwt = jwtReconstruction.reconstructJwt(idToken, SignedJwt.class);
JwtClaimsSet claims = jwt.getClaimsSet();
String opsId = (String) claims.getClaim(OAuth2Constants.JWTTokenParams.OPS);
if (opsId == null) {
opsId = (String) claims.getClaim(OAuth2Constants.JWTTokenParams.LEGACY_OPS);
}
openIDConnectProvider.destroySession(opsId);
}
Also used :
JwtClaimsSet(org.forgerock.json.jose.jwt.JwtClaimsSet)
JwtReconstruction(org.forgerock.json.jose.common.JwtReconstruction)
BadRequestException(org.forgerock.oauth2.core.exceptions.BadRequestException)
SignedJwt(org.forgerock.json.jose.jws.SignedJwt)
Example 2 with BadRequestException
use of org.wso2.charon3.core.exceptions.BadRequestException in project OpenAM by OpenRock.
the class ClaimsParameterValidator method validateRequest.
@Override
public void validateRequest(OAuth2Request request) throws InvalidClientException, InvalidRequestException, RedirectUriMismatchException, UnsupportedResponseTypeException, ServerException, BadRequestException, InvalidScopeException, NotFoundException {
final OAuth2ProviderSettings settings = providerSettingsFactory.get(request);
final String claims = request.getParameter(OAuth2Constants.Custom.CLAIMS);
//if we aren't supporting this no need to validate
if (!settings.getClaimsParameterSupported()) {
return;
}
//if we support, but it's not requested, no need to validate
if (claims == null) {
return;
}
final JSONObject claimsJson;
//convert claims into JSON object
try {
claimsJson = new JSONObject(claims);
} catch (JSONException e) {
throw new BadRequestException("Invalid JSON in supplied claims parameter.");
}
JSONObject userinfoClaims = null;
try {
userinfoClaims = claimsJson.getJSONObject(OAuth2Constants.UserinfoEndpoint.USERINFO);
} catch (Exception e) {
//fall through
}
//results in an Access Token being issued to the Client for use at the UserInfo Endpoint.
if (userinfoClaims != null) {
String responseType = request.getParameter(OAuth2Constants.Params.RESPONSE_TYPE);
if (responseType != null && responseType.trim().equals(OAuth2Constants.JWTTokenParams.ID_TOKEN)) {
throw new BadRequestException("Must request an access token when providing " + "userinfo in claims parameter.");
}
}
}
Also used :
JSONObject(org.json.JSONObject)
JSONException(org.json.JSONException)
BadRequestException(org.forgerock.oauth2.core.exceptions.BadRequestException)
OAuth2ProviderSettings(org.forgerock.oauth2.core.OAuth2ProviderSettings)
ServerException(org.forgerock.oauth2.core.exceptions.ServerException)
NotFoundException(org.forgerock.oauth2.core.exceptions.NotFoundException)
InvalidRequestException(org.forgerock.oauth2.core.exceptions.InvalidRequestException)
RedirectUriMismatchException(org.forgerock.oauth2.core.exceptions.RedirectUriMismatchException)
JSONException(org.json.JSONException)
InvalidClientException(org.forgerock.oauth2.core.exceptions.InvalidClientException)
BadRequestException(org.forgerock.oauth2.core.exceptions.BadRequestException)
UnsupportedResponseTypeException(org.forgerock.oauth2.core.exceptions.UnsupportedResponseTypeException)
InvalidScopeException(org.forgerock.oauth2.core.exceptions.InvalidScopeException)
Example 3 with BadRequestException
use of org.wso2.charon3.core.exceptions.BadRequestException in project OpenAM by OpenRock.
the class ResourceSetRegistrationExceptionFilterTest method shouldSetBadRequestExceptionResponse.
@Test
@SuppressWarnings("unchecked")
public void shouldSetBadRequestExceptionResponse() throws Exception {
//Given
Request request = mock(Request.class);
Response response = mock(Response.class);
Exception exception = new BadRequestException("MESSAGE");
Status status = new Status(444, exception);
given(response.getStatus()).willReturn(status);
//When
exceptionFilter.afterHandle(request, response);
//Then
ArgumentCaptor<JacksonRepresentation> exceptionResponseCaptor = ArgumentCaptor.forClass(JacksonRepresentation.class);
verify(response).setEntity(exceptionResponseCaptor.capture());
Map<String, String> responseBody = (Map<String, String>) exceptionResponseCaptor.getValue().getObject();
assertThat(responseBody).containsOnly(entry("error", "bad_request"), entry("error_description", "MESSAGE"));
ArgumentCaptor<Status> statusCaptor = ArgumentCaptor.forClass(Status.class);
verify(response).setStatus(statusCaptor.capture());
assertThat(statusCaptor.getValue().getCode()).isEqualTo(400);
assertThat(statusCaptor.getValue().getThrowable()).isEqualTo(exception);
}
Also used :
Response(org.restlet.Response)
Status(org.restlet.data.Status)
JacksonRepresentation(org.restlet.ext.jackson.JacksonRepresentation)
Request(org.restlet.Request)
BadRequestException(org.forgerock.oauth2.core.exceptions.BadRequestException)
Map(java.util.Map)
BadRequestException(org.forgerock.oauth2.core.exceptions.BadRequestException)
Test(org.testng.annotations.Test)
Example 4 with BadRequestException
use of org.wso2.charon3.core.exceptions.BadRequestException in project OpenAM by OpenRock.
the class AuthorizationRequestEndpoint method getTicketId.
private String getTicketId(JsonValue requestBody) throws BadRequestException {
final JsonValue ticket = requestBody.get("ticket");
String ticketId = null;
try {
ticketId = ticket.asString();
} catch (Exception e) {
throw new BadRequestException(UNABLE_TO_RETRIEVE_TICKET_MESSAGE);
}
if (ticketId == null) {
throw new BadRequestException(UNABLE_TO_RETRIEVE_TICKET_MESSAGE);
}
return ticketId;
}
Also used :
JsonValue(org.forgerock.json.JsonValue)
BadRequestException(org.forgerock.oauth2.core.exceptions.BadRequestException)
JSONException(org.json.JSONException)
ServerException(org.forgerock.oauth2.core.exceptions.ServerException)
NotFoundException(org.forgerock.oauth2.core.exceptions.NotFoundException)
InvalidGrantException(org.forgerock.oauth2.core.exceptions.InvalidGrantException)
BadRequestException(org.forgerock.oauth2.core.exceptions.BadRequestException)
EntitlementException(com.sun.identity.entitlement.EntitlementException)
Example 5 with BadRequestException
use of org.wso2.charon3.core.exceptions.BadRequestException in project OpenAM by OpenRock.
the class OpenAMResourceSetStoreTest method shouldNotCreateDuplicateResourceSetWithSameId.
@Test(enabled = false, expectedExceptions = BadRequestException.class)
public void shouldNotCreateDuplicateResourceSetWithSameId() throws Exception {
//Given
OAuth2Request request = mock(OAuth2Request.class);
ResourceSetDescription resourceSetDescription = new ResourceSetDescription("RESOURCE_SET_ID", "CLIENT_ID", "RESOURCE_OWNER_ID", Collections.<String, Object>singletonMap("name", "RESOURCE_SET_NAME"));
resourceSetDescription.setRealm("REALM");
given(dataStore.query(Matchers.<QueryFilter<String>>anyObject())).willReturn(Collections.singleton(resourceSetDescription));
//When
try {
store.create(request, resourceSetDescription);
} catch (BadRequestException e) {
//Then
assertThat(resourceSetDescription.getPolicyUri()).isNull();
verify(dataStore, never()).create(any(ResourceSetDescription.class));
throw e;
}
}
Also used :
OAuth2Request(org.forgerock.oauth2.core.OAuth2Request)
BadRequestException(org.forgerock.oauth2.core.exceptions.BadRequestException)
ResourceSetDescription(org.forgerock.oauth2.resources.ResourceSetDescription)
Test(org.testng.annotations.Test)
Aggregations
BadRequestException (org.wso2.charon3.core.exceptions.BadRequestException)63
CharonException (org.wso2.charon3.core.exceptions.CharonException)31
SimpleAttribute (org.wso2.charon3.core.attributes.SimpleAttribute)30
ComplexAttribute (org.wso2.charon3.core.attributes.ComplexAttribute)27
HashMap (java.util.HashMap)23
MultiValuedAttribute (org.wso2.charon3.core.attributes.MultiValuedAttribute)23
Attribute (org.wso2.charon3.core.attributes.Attribute)20
InternalErrorException (org.wso2.charon3.core.exceptions.InternalErrorException)19
SCIMResponse (org.wso2.charon3.core.protocol.SCIMResponse)19
SCIMResourceTypeSchema (org.wso2.charon3.core.schema.SCIMResourceTypeSchema)19
NotFoundException (org.wso2.charon3.core.exceptions.NotFoundException)18
JSONException (org.json.JSONException)17
JSONObject (org.json.JSONObject)17
AbstractSCIMObject (org.wso2.charon3.core.objects.AbstractSCIMObject)16
JSONEncoder (org.wso2.charon3.core.encoder.JSONEncoder)15
JSONDecoder (org.wso2.charon3.core.encoder.JSONDecoder)14
NotImplementedException (org.wso2.charon3.core.exceptions.NotImplementedException)14
User (org.wso2.charon3.core.objects.User)12
JSONArray (org.json.JSONArray)11
ArrayList (java.util.ArrayList)9
