Example 1 with InvalidClaimException
use of org.xdi.oxauth.model.exception.InvalidClaimException in project oxAuth by GluuFederation.
the class UserInfoRestWebServiceImpl method requestUserInfo.
public Response requestUserInfo(String accessToken, String authorization, HttpServletRequest request, SecurityContext securityContext) {
if (authorization != null && !authorization.isEmpty() && authorization.startsWith("Bearer ")) {
accessToken = authorization.substring(7);
}
log.debug("Attempting to request User Info, Access token = {}, Is Secure = {}", accessToken, securityContext.isSecure());
Response.ResponseBuilder builder = Response.ok();
OAuth2AuditLog oAuth2AuditLog = new OAuth2AuditLog(ServerUtil.getIpAddress(request), Action.USER_INFO);
try {
if (!UserInfoParamsValidator.validateParams(accessToken)) {
builder = Response.status(400);
builder.entity(errorResponseFactory.getErrorAsJson(UserInfoErrorResponseType.INVALID_REQUEST));
} else {
AuthorizationGrant authorizationGrant = authorizationGrantList.getAuthorizationGrantByAccessToken(accessToken);
if (authorizationGrant == null) {
builder = Response.status(400);
builder.entity(errorResponseFactory.getErrorAsJson(UserInfoErrorResponseType.INVALID_TOKEN));
} else if (authorizationGrant.getAuthorizationGrantType() == AuthorizationGrantType.CLIENT_CREDENTIALS) {
builder = Response.status(403);
builder.entity(errorResponseFactory.getErrorAsJson(UserInfoErrorResponseType.INSUFFICIENT_SCOPE));
} else if (!authorizationGrant.getScopes().contains(DefaultScope.OPEN_ID.toString()) && !authorizationGrant.getScopes().contains(DefaultScope.PROFILE.toString())) {
builder = Response.status(403);
builder.entity(errorResponseFactory.getErrorAsJson(UserInfoErrorResponseType.INSUFFICIENT_SCOPE));
oAuth2AuditLog.updateOAuth2AuditLog(authorizationGrant, false);
} else {
oAuth2AuditLog.updateOAuth2AuditLog(authorizationGrant, true);
CacheControl cacheControl = new CacheControl();
cacheControl.setPrivate(true);
cacheControl.setNoTransform(false);
cacheControl.setNoStore(true);
builder.cacheControl(cacheControl);
builder.header("Pragma", "no-cache");
User currentUser = authorizationGrant.getUser();
try {
currentUser = userService.getUserByDn(authorizationGrant.getUserDn());
} catch (EntryPersistenceException ex) {
log.warn("Failed to reload user entry: '{}'", authorizationGrant.getUserDn());
}
if (authorizationGrant.getClient() != null && authorizationGrant.getClient().getUserInfoEncryptedResponseAlg() != null && authorizationGrant.getClient().getUserInfoEncryptedResponseEnc() != null) {
KeyEncryptionAlgorithm keyEncryptionAlgorithm = KeyEncryptionAlgorithm.fromName(authorizationGrant.getClient().getUserInfoEncryptedResponseAlg());
BlockEncryptionAlgorithm blockEncryptionAlgorithm = BlockEncryptionAlgorithm.fromName(authorizationGrant.getClient().getUserInfoEncryptedResponseEnc());
builder.type("application/jwt");
builder.entity(getJweResponse(keyEncryptionAlgorithm, blockEncryptionAlgorithm, currentUser, authorizationGrant, authorizationGrant.getScopes()));
} else if (authorizationGrant.getClient() != null && authorizationGrant.getClient().getUserInfoSignedResponseAlg() != null) {
SignatureAlgorithm algorithm = SignatureAlgorithm.fromString(authorizationGrant.getClient().getUserInfoSignedResponseAlg());
builder.type("application/jwt");
builder.entity(getJwtResponse(algorithm, currentUser, authorizationGrant, authorizationGrant.getScopes()));
} else {
builder.type((MediaType.APPLICATION_JSON + ";charset=UTF-8"));
builder.entity(getJSonResponse(currentUser, authorizationGrant, authorizationGrant.getScopes()));
}
}
}
} catch (StringEncrypter.EncryptionException e) {
// 500
builder = Response.status(Response.Status.INTERNAL_SERVER_ERROR.getStatusCode());
log.error(e.getMessage(), e);
} catch (InvalidJwtException e) {
// 500
builder = Response.status(Response.Status.INTERNAL_SERVER_ERROR.getStatusCode());
log.error(e.getMessage(), e);
} catch (SignatureException e) {
// 500
builder = Response.status(Response.Status.INTERNAL_SERVER_ERROR.getStatusCode());
log.error(e.getMessage(), e);
} catch (InvalidClaimException e) {
// 500
builder = Response.status(Response.Status.INTERNAL_SERVER_ERROR.getStatusCode());
log.error(e.getMessage(), e);
} catch (Exception e) {
// 500
builder = Response.status(Response.Status.INTERNAL_SERVER_ERROR.getStatusCode());
log.error(e.getMessage(), e);
}
applicationAuditLogger.sendMessage(oAuth2AuditLog);
return builder.build();
}
Also used :
InvalidJwtException(org.xdi.oxauth.model.exception.InvalidJwtException)
OAuth2AuditLog(org.xdi.oxauth.model.audit.OAuth2AuditLog)
EntryPersistenceException(org.gluu.site.ldap.persistence.exception.EntryPersistenceException)
SignatureAlgorithm(org.xdi.oxauth.model.crypto.signature.SignatureAlgorithm)
SignatureException(java.security.SignatureException)
InvalidClaimException(org.xdi.oxauth.model.exception.InvalidClaimException)
StringEncrypter(org.xdi.util.security.StringEncrypter)
InvalidJwtException(org.xdi.oxauth.model.exception.InvalidJwtException)
SignatureException(java.security.SignatureException)
UnsupportedEncodingException(java.io.UnsupportedEncodingException)
InvalidClaimException(org.xdi.oxauth.model.exception.InvalidClaimException)
EntryPersistenceException(org.gluu.site.ldap.persistence.exception.EntryPersistenceException)
InvalidJweException(org.xdi.oxauth.model.exception.InvalidJweException)
BlockEncryptionAlgorithm(org.xdi.oxauth.model.crypto.encryption.BlockEncryptionAlgorithm)
JsonWebResponse(org.xdi.oxauth.model.token.JsonWebResponse)
Response(javax.ws.rs.core.Response)
KeyEncryptionAlgorithm(org.xdi.oxauth.model.crypto.encryption.KeyEncryptionAlgorithm)
CacheControl(javax.ws.rs.core.CacheControl)
Example 2 with InvalidClaimException
use of org.xdi.oxauth.model.exception.InvalidClaimException in project oxAuth by GluuFederation.
the class SimpleUser method getAttribute.
public Object getAttribute(String userAttribute, boolean optional) throws InvalidClaimException {
Object attribute = null;
for (org.xdi.ldap.model.CustomAttribute customAttribute : customAttributes) {
if (customAttribute.getName().equals(userAttribute)) {
List<String> values = customAttribute.getValues();
if (values != null) {
if (values.size() == 1) {
attribute = values.get(0);
} else {
JSONArray array = new JSONArray();
for (String v : values) {
array.put(v);
}
attribute = array;
}
}
break;
}
}
if (attribute != null) {
return attribute;
} else if (optional) {
return attribute;
} else {
throw new InvalidClaimException("The claim " + userAttribute + " was not found.");
}
}
Also used :
JSONArray(org.codehaus.jettison.json.JSONArray)
InvalidClaimException(org.xdi.oxauth.model.exception.InvalidClaimException)
Aggregations
InvalidClaimException (org.xdi.oxauth.model.exception.InvalidClaimException)2
UnsupportedEncodingException (java.io.UnsupportedEncodingException)1
SignatureException (java.security.SignatureException)1
CacheControl (javax.ws.rs.core.CacheControl)1
Response (javax.ws.rs.core.Response)1
JSONArray (org.codehaus.jettison.json.JSONArray)1
EntryPersistenceException (org.gluu.site.ldap.persistence.exception.EntryPersistenceException)1
OAuth2AuditLog (org.xdi.oxauth.model.audit.OAuth2AuditLog)1
BlockEncryptionAlgorithm (org.xdi.oxauth.model.crypto.encryption.BlockEncryptionAlgorithm)1
KeyEncryptionAlgorithm (org.xdi.oxauth.model.crypto.encryption.KeyEncryptionAlgorithm)1
SignatureAlgorithm (org.xdi.oxauth.model.crypto.signature.SignatureAlgorithm)1
InvalidJweException (org.xdi.oxauth.model.exception.InvalidJweException)1
InvalidJwtException (org.xdi.oxauth.model.exception.InvalidJwtException)1
JsonWebResponse (org.xdi.oxauth.model.token.JsonWebResponse)1
StringEncrypter (org.xdi.util.security.StringEncrypter)1
