org.wso2.carbon.identity.oauth2.token.OAuthTokenReqMessageContext Java Examples
The following examples show how to use
org.wso2.carbon.identity.oauth2.token.OAuthTokenReqMessageContext.
You can vote up the ones you like or vote down the ones you don't like,
and go to the original project or source file by following the links above each example. You may check out the related API usage on the sidebar.
Example #1
| Source File: AbstractAuthorizationGrantHandler.java From carbon-identity with Apache License 2.0 | 6 votes |
|
@Override
public boolean authorizeAccessDelegation(OAuthTokenReqMessageContext tokReqMsgCtx)
throws IdentityOAuth2Exception {
OAuthCallback authzCallback = new OAuthCallback(tokReqMsgCtx.getAuthorizedUser(),
tokReqMsgCtx.getOauth2AccessTokenReqDTO().getClientId(),
OAuthCallback.OAuthCallbackType.ACCESS_DELEGATION_TOKEN);
authzCallback.setRequestedScope(tokReqMsgCtx.getScope());
if (tokReqMsgCtx.getOauth2AccessTokenReqDTO().getGrantType().equals(
org.wso2.carbon.identity.oauth.common.GrantType.SAML20_BEARER.toString())) {
authzCallback.setCarbonGrantType(org.wso2.carbon.identity.oauth.common.GrantType.valueOf(
OAuthConstants.OAUTH_SAML2_BEARER_GRANT_ENUM.toString()));
} else if (tokReqMsgCtx.getOauth2AccessTokenReqDTO().getGrantType().equals(
org.wso2.carbon.identity.oauth.common.GrantType.IWA_NTLM.toString())) {
authzCallback.setCarbonGrantType(org.wso2.carbon.identity.oauth.common.GrantType.valueOf(
OAuthConstants.OAUTH_IWA_NTLM_GRANT_ENUM.toString()));
} else {
authzCallback.setGrantType(tokReqMsgCtx.getOauth2AccessTokenReqDTO().getGrantType());
}
callbackManager.handleCallback(authzCallback);
tokReqMsgCtx.setValidityPeriod(authzCallback.getValidityPeriod());
return authzCallback.isAuthorized();
}
Example #2
| Source File: PermissionBasedScopeIssuer.java From carbon-apimgt with Apache License 2.0 | 6 votes |
|
/**
* This method is used to retrieve the authorized scopes with respect to a token.
*
* @param tokReqMsgCtx token message context
* @param whiteListedScopes scopes to be white listed
* @return authorized scopes list
*/
@Override
public List<String> getScopes(OAuthTokenReqMessageContext tokReqMsgCtx, List<String> whiteListedScopes) {
List<String> authorizedScopes = null;
List<String> requestedScopes = Arrays.asList(tokReqMsgCtx.getScope());
String clientId = tokReqMsgCtx.getOauth2AccessTokenReqDTO().getClientId();
AuthenticatedUser authenticatedUser = tokReqMsgCtx.getAuthorizedUser();
Map<String, String> appScopes = getAppScopes(clientId, authenticatedUser);
if (appScopes != null) {
//If no scopes can be found in the context of the application
if (isAppScopesEmpty(appScopes, clientId)) {
return getAllowedScopes(whiteListedScopes, requestedScopes);
}
authorizedScopes = getAuthorizedScopes(authenticatedUser, requestedScopes, appScopes, whiteListedScopes);
}
return authorizedScopes;
}
Example #3
| Source File: AbstractClientAuthHandler.java From carbon-identity with Apache License 2.0 | 6 votes |
|
@Override
public boolean authenticateClient(OAuthTokenReqMessageContext tokReqMsgCtx)
throws IdentityOAuth2Exception {
OAuth2AccessTokenReqDTO oAuth2AccessTokenReqDTO = tokReqMsgCtx.getOauth2AccessTokenReqDTO();
//Skipping credential validation for saml2 bearer if not configured as needed
if (StringUtils.isEmpty(oAuth2AccessTokenReqDTO.getClientSecret()) && org.wso2.carbon.identity.oauth.common
.GrantType.SAML20_BEARER.toString().equals(oAuth2AccessTokenReqDTO.getGrantType()) && JavaUtils
.isFalseExplicitly(authConfig)) {
if (log.isDebugEnabled()) {
log.debug("Grant type : " + oAuth2AccessTokenReqDTO.getGrantType() + " " +
"Strict client validation set to : " + authConfig + " Authenticating without client secret");
}
return true;
}
if (log.isDebugEnabled()) {
log.debug("Grant type : " + oAuth2AccessTokenReqDTO.getGrantType() + " " +
"Strict client validation set to : " + authConfig);
}
return false;
}
Example #4
| Source File: ExtendedJWTGrantHandler.java From carbon-device-mgt with Apache License 2.0 | 6 votes |
|
@Override
public boolean validateGrant(OAuthTokenReqMessageContext tokReqMsgCtx) throws IdentityOAuth2Exception {
RequestParameter[] requestParameters = tokReqMsgCtx.getOauth2AccessTokenReqDTO().getRequestParameters();
for (RequestParameter requestParameter : requestParameters) {
if (TENANT_DOMAIN_KEY.equals(requestParameter.getKey())) {
String[] values = requestParameter.getValue();
if (values != null && values.length > 0) {
tokReqMsgCtx.getOauth2AccessTokenReqDTO()
.setTenantDomain(values[0]);
}
}
}
return super.validateGrant(tokReqMsgCtx);
}
Example #5
| Source File: ExtendedClientCredentialsGrantHandler.java From carbon-apimgt with Apache License 2.0 | 6 votes |
|
@Override
public boolean validateScope(OAuthTokenReqMessageContext tokReqMsgCtx) {
// Execute ScopeIssuer
boolean state = ScopesIssuer.getInstance().setScopes(tokReqMsgCtx);
// If ScopeIssuer returns true, then see if application scope is set.
if (state) {
String[] scopes = tokReqMsgCtx.getScope();
String applicationScope = TokenMgtDataHolder.getApplicationTokenScope();
if (scopes != null) {
// Arrays.asList won't work here, because list.add cannot be called
// on the returned list as it's immutable.
ArrayList<String> scopeList = new ArrayList<String>(scopes.length);
scopeList.addAll(Arrays.asList(scopes));
// Forcefully add application scope if it's not included in the list.
if (!scopeList.contains(applicationScope)) {
scopeList.add(applicationScope);
tokReqMsgCtx.setScope(scopeList.toArray(new String[scopeList.size()]));
}
}
}
return state;
}
Example #6
| Source File: AbstractAuthorizationGrantHandler.java From carbon-identity with Apache License 2.0 | 6 votes |
|
@Override
public boolean validateScope(OAuthTokenReqMessageContext tokReqMsgCtx)
throws IdentityOAuth2Exception {
OAuthCallback scopeValidationCallback = new OAuthCallback(tokReqMsgCtx.getAuthorizedUser(),
tokReqMsgCtx.getOauth2AccessTokenReqDTO().getClientId(), OAuthCallback.OAuthCallbackType
.SCOPE_VALIDATION_TOKEN);
scopeValidationCallback.setRequestedScope(tokReqMsgCtx.getScope());
if (tokReqMsgCtx.getOauth2AccessTokenReqDTO().getGrantType().equals(
org.wso2.carbon.identity.oauth.common.GrantType.SAML20_BEARER.toString())) {
scopeValidationCallback.setCarbonGrantType(org.wso2.carbon.identity.oauth.common.GrantType.valueOf(
OAuthConstants.OAUTH_SAML2_BEARER_GRANT_ENUM.toString()));
} else if (tokReqMsgCtx.getOauth2AccessTokenReqDTO().getGrantType().equals(
org.wso2.carbon.identity.oauth.common.GrantType.IWA_NTLM.toString())) {
scopeValidationCallback.setCarbonGrantType(org.wso2.carbon.identity.oauth.common.GrantType.valueOf(
OAuthConstants.OAUTH_IWA_NTLM_GRANT_ENUM.toString()));
} else {
scopeValidationCallback.setGrantType(tokReqMsgCtx.getOauth2AccessTokenReqDTO().getGrantType());
}
callbackManager.handleCallback(scopeValidationCallback);
tokReqMsgCtx.setValidityPeriod(scopeValidationCallback.getValidityPeriod());
tokReqMsgCtx.setScope(scopeValidationCallback.getApprovedScope());
return scopeValidationCallback.isValidScope();
}
Example #7
| Source File: JWTAccessTokenBuilder.java From msf4j with Apache License 2.0 | 6 votes |
|
/**
* Generic Signing function
*
* @param jwtClaimsSet contains JWT body
* @param request
* @return
* @throws IdentityOAuth2Exception
*/
protected String signJWT(JWTClaimsSet jwtClaimsSet, OAuthTokenReqMessageContext request)
throws IdentityOAuth2Exception {
if (JWSAlgorithm.RS256.equals(signatureAlgorithm) || JWSAlgorithm.RS384.equals(signatureAlgorithm) ||
JWSAlgorithm.RS512.equals(signatureAlgorithm)) {
return signJWTWithRSA(jwtClaimsSet, request);
} else if (JWSAlgorithm.HS256.equals(signatureAlgorithm) || JWSAlgorithm.HS384.equals(signatureAlgorithm) ||
JWSAlgorithm.HS512.equals(signatureAlgorithm)) {
// return signWithHMAC(jwtClaimsSet,jwsAlgorithm,request); implementation need to be done
return null;
} else {
// return signWithEC(jwtClaimsSet,jwsAlgorithm,request); implementation need to be done
return null;
}
}
Example #8
| Source File: ExtendedClientCredentialsGrantHandler.java From carbon-apimgt with Apache License 2.0 | 6 votes |
|
@Override
public boolean authorizeAccessDelegation(OAuthTokenReqMessageContext tokReqMsgCtx) {
RequestParameter[] parameters = tokReqMsgCtx.getOauth2AccessTokenReqDTO().getRequestParameters();
long validityPeriod;
if (parameters == null) {
return true;
}
// find out validity period
for (RequestParameter parameter : parameters) {
if (VALIDITY_PERIOD.equals(parameter.getKey())
&& parameter.getValue() != null && parameter.getValue().length > 0) {
validityPeriod = Long.parseLong(parameter.getValue()[0]);
//set validity time
tokReqMsgCtx.setValidityPeriod(validityPeriod);
}
}
return true;
}
Example #9
| Source File: DefaultIDTokenBuilder.java From carbon-identity with Apache License 2.0 | 6 votes |
|
/**
* Generic Signing function
*
* @param jwtClaimsSet contains JWT body
* @param request
* @return
* @throws IdentityOAuth2Exception
*/
protected String signJWT(JWTClaimsSet jwtClaimsSet, OAuthTokenReqMessageContext request)
throws IdentityOAuth2Exception {
if (JWSAlgorithm.RS256.equals(signatureAlgorithm) || JWSAlgorithm.RS384.equals(signatureAlgorithm) ||
JWSAlgorithm.RS512.equals(signatureAlgorithm)) {
return signJWTWithRSA(jwtClaimsSet, request);
} else if (JWSAlgorithm.HS256.equals(signatureAlgorithm) || JWSAlgorithm.HS384.equals(signatureAlgorithm) ||
JWSAlgorithm.HS512.equals(signatureAlgorithm)) {
// return signWithHMAC(jwtClaimsSet,jwsAlgorithm,request); implementation need to be done
return null;
} else {
// return signWithEC(jwtClaimsSet,jwsAlgorithm,request); implementation need to be done
return null;
}
}
Example #10
| Source File: SAMLAssertionClaimsCallback.java From carbon-identity with Apache License 2.0 | 6 votes |
|
private String getSubjectClaimUri(OAuthTokenReqMessageContext request) {
ApplicationManagementService applicationMgtService = OAuth2ServiceComponentHolder
.getApplicationMgtService();
ServiceProvider serviceProvider = null;
try {
String tenantDomain = PrivilegedCarbonContext.getThreadLocalCarbonContext().getTenantDomain();
String spName = applicationMgtService.getServiceProviderNameByClientId(request.getOauth2AccessTokenReqDTO()
.getClientId(),
INBOUND_AUTH2_TYPE, tenantDomain);
serviceProvider = applicationMgtService.getApplicationExcludingFileBasedSPs(spName, tenantDomain);
if (serviceProvider != null) {
return serviceProvider.getLocalAndOutBoundAuthenticationConfig().getSubjectClaimUri();
}
} catch (IdentityApplicationManagementException ex) {
log.error("Error while getting service provider information.", ex);
}
return null;
}
Example #11
| Source File: ClientCredentialsGrantHandler.java From carbon-identity with Apache License 2.0 | 5 votes |
|
@Override
public boolean validateGrant(OAuthTokenReqMessageContext tokReqMsgCtx)
throws IdentityOAuth2Exception {
if(!super.validateGrant(tokReqMsgCtx)){
return false;
}
// By this time, we have already validated client credentials.
tokReqMsgCtx.setScope(tokReqMsgCtx.getOauth2AccessTokenReqDTO().getScope());
return true;
}
Example #12
| Source File: ExtendedSAML2BearerGrantHandler.java From carbon-device-mgt with Apache License 2.0 | 5 votes |
|
@Override
public boolean validateGrant(OAuthTokenReqMessageContext tokReqMsgCtx) throws IdentityOAuth2Exception {
if(!super.validateGrant(tokReqMsgCtx)){
return false;
}
AuthenticatedUser authenticatedUser = tokReqMsgCtx.getAuthorizedUser();
authenticatedUser.setUserName(MultitenantUtils.getTenantAwareUsername(authenticatedUser.getUserName()));
return true;
}
Example #13
| Source File: AbstractAuthorizationGrantHandler.java From carbon-identity with Apache License 2.0 | 5 votes |
|
@Override
public boolean validateGrant(OAuthTokenReqMessageContext tokReqMsgCtx)
throws IdentityOAuth2Exception {
OAuth2AccessTokenReqDTO tokenReqDTO = tokReqMsgCtx.getOauth2AccessTokenReqDTO();
String grantType = tokenReqDTO.getGrantType();
// Load application data from the cache
AppInfoCache appInfoCache = AppInfoCache.getInstance();
OAuthAppDO oAuthAppDO = appInfoCache.getValueFromCache(tokenReqDTO.getClientId());
if (oAuthAppDO == null) {
try {
oAuthAppDO = new OAuthAppDAO().getAppInformation(tokenReqDTO.getClientId());
appInfoCache.addToCache(tokenReqDTO.getClientId(), oAuthAppDO);
} catch (InvalidOAuthClientException e) {
throw new IdentityOAuth2Exception(e.getMessage(), e);
}
}
// If the application has defined a limited set of grant types, then check the grant
if (oAuthAppDO.getGrantTypes() != null && !oAuthAppDO.getGrantTypes().contains(grantType)) {
if (log.isDebugEnabled()) {
//Do not change this log format as these logs use by external applications
log.debug("Unsupported Grant Type : " + grantType + " for client id : " + tokenReqDTO.getClientId());
}
return false;
}
return true;
}
Example #14
| Source File: AuthorizationCodeGrantHandler.java From carbon-identity with Apache License 2.0 | 5 votes |
|
@Override
public OAuth2AccessTokenRespDTO issue(OAuthTokenReqMessageContext tokReqMsgCtx)
throws IdentityOAuth2Exception {
OAuth2AccessTokenRespDTO tokenRespDTO = super.issue(tokReqMsgCtx);
// get the token from the OAuthTokenReqMessageContext which is stored while validating
// the authorization code.
String authzCode = (String) tokReqMsgCtx.getProperty(AUTHZ_CODE);
// if it's not there (which is unlikely), recalculate it.
if (authzCode == null) {
authzCode = tokReqMsgCtx.getOauth2AccessTokenReqDTO().getAuthorizationCode();
}
// Clear the cache entry
if (cacheEnabled) {
String clientId = tokReqMsgCtx.getOauth2AccessTokenReqDTO().getClientId();
OAuthCacheKey cacheKey = new OAuthCacheKey(OAuth2Util.buildCacheKeyStringForAuthzCode(
clientId, authzCode));
oauthCache.clearCacheEntry(cacheKey);
if (log.isDebugEnabled()) {
log.debug("Cache was cleared for authorization code info for client id : " + clientId);
}
}
return tokenRespDTO;
}
Example #15
| Source File: OAuth2Util.java From carbon-identity with Apache License 2.0 | 5 votes |
|
/**
*
* @return
*/
public static OAuthTokenReqMessageContext getTokenRequestContext() {
if (log.isDebugEnabled()) {
log.debug("Retreived OAuthTokenReqMessageContext from threadlocal");
}
return tokenRequestContext.get();
}
Example #16
| Source File: OAuth2Util.java From carbon-identity with Apache License 2.0 | 5 votes |
|
/**
*
* @param context
*/
public static void setTokenRequestContext(OAuthTokenReqMessageContext context) {
tokenRequestContext.set(context);
if (log.isDebugEnabled()) {
log.debug("Added OAuthTokenReqMessageContext to threadlocal");
}
}
Example #17
| Source File: ExtendedClientCredentialsGrantHandler.java From carbon-apimgt with Apache License 2.0 | 5 votes |
|
@Override
public boolean validateGrant(OAuthTokenReqMessageContext tokReqMsgCtx)
throws IdentityOAuth2Exception {
boolean validateResult = super.validateGrant(tokReqMsgCtx);
AuthenticatedUser user = tokReqMsgCtx.getAuthorizedUser();
String username = user.getUserName();
user.setUserName(username);
tokReqMsgCtx.setAuthorizedUser(user);
return validateResult;
}
Example #18
| Source File: ExtendedSAML2BearerGrantHandler.java From carbon-apimgt with Apache License 2.0 | 5 votes |
|
@Override
public boolean validateScope(OAuthTokenReqMessageContext tokReqMsgCtx) {
String isSAML2Enabled = System.getProperty(ResourceConstants.CHECK_ROLES_FROM_SAML_ASSERTION);
// set user as federated only if CHECK_ROLES_FROM_SAML_ASSERTION system property is set
if (Boolean.parseBoolean(isSAML2Enabled)) {
AuthenticatedUser authenticatedUser = tokReqMsgCtx.getAuthorizedUser();
authenticatedUser.setUserStoreDomain("FEDERATED");
tokReqMsgCtx.setAuthorizedUser(authenticatedUser);
}
return ScopesIssuer.getInstance().setScopes(tokReqMsgCtx);
}
Example #19
| Source File: ClientCredentialsGrantHandler.java From attic-stratos with Apache License 2.0 | 5 votes |
|
@Override
public boolean validateGrant(OAuthTokenReqMessageContext tokReqMsgCtx)
throws IdentityOAuth2Exception {
// By this time, we have already validated client credentials.
tokReqMsgCtx.setScope(tokReqMsgCtx.getOauth2AccessTokenReqDTO().getScope());
return true;
}
Example #20
| Source File: ClientCredentialsGrantHandler.java From attic-stratos with Apache License 2.0 | 5 votes |
|
protected String signJWT(String payLoad, OAuthTokenReqMessageContext request)
throws IdentityOAuth2Exception {
JWSAlgorithm jwsAlgorithm =
mapSignatureAlgorithm(OAuthServerConfiguration.getInstance()
.getSignatureAlgorithm());
if (JWSAlgorithm.RS256.equals(jwsAlgorithm) || JWSAlgorithm.RS384.equals(jwsAlgorithm) ||
JWSAlgorithm.RS512.equals(jwsAlgorithm)) {
return signJWTWithRSA(payLoad, jwsAlgorithm, request);
}
log.error("UnSupported Signature Algorithm");
throw new IdentityOAuth2Exception("UnSupported Signature Algorithm");
}
Example #21
| Source File: DefaultIDTokenBuilder.java From carbon-identity with Apache License 2.0 | 5 votes |
|
/**
* @param request
* @return AuthorizationGrantCacheEntry contains user attributes and nonce value
*/
private AuthorizationGrantCacheEntry getAuthorizationGrantCacheEntry(
OAuthTokenReqMessageContext request) {
String authorizationCode = (String) request.getProperty(AUTHORIZATION_CODE);
AuthorizationGrantCacheKey authorizationGrantCacheKey = new AuthorizationGrantCacheKey(authorizationCode);
AuthorizationGrantCacheEntry authorizationGrantCacheEntry =
(AuthorizationGrantCacheEntry) AuthorizationGrantCache.getInstance().
getValueFromCacheByCode(authorizationGrantCacheKey);
return authorizationGrantCacheEntry;
}
Example #22
| Source File: AbstractClientAuthHandler.java From carbon-identity with Apache License 2.0 | 5 votes |
|
@Override
public boolean canAuthenticate(OAuthTokenReqMessageContext tokReqMsgCtx)
throws IdentityOAuth2Exception {
OAuth2AccessTokenReqDTO oAuth2AccessTokenReqDTO = tokReqMsgCtx.getOauth2AccessTokenReqDTO();
if (StringUtils.isNotEmpty(oAuth2AccessTokenReqDTO.getClientId()) &&
StringUtils.isNotEmpty(oAuth2AccessTokenReqDTO.getClientSecret())) {
if (log.isDebugEnabled()) {
log.debug("Can authenticate with client ID and Secret." +
" Client ID: "+ oAuth2AccessTokenReqDTO.getClientId());
}
return true;
} else {
if (org.wso2.carbon.identity.oauth.common.GrantType.SAML20_BEARER.toString().equals(
oAuth2AccessTokenReqDTO.getGrantType())) {
//Getting configured value for client credential validation requirements
authConfig = properties.getProperty(
OAuthConstants.CLIENT_AUTH_CREDENTIAL_VALIDATION);
if (log.isDebugEnabled()) {
log.debug("Grant type : " + oAuth2AccessTokenReqDTO.getGrantType());
}
//If user has set strict validation to false, can authenticate without credentials
if (StringUtils.isNotEmpty(authConfig) && JavaUtils.isFalseExplicitly(authConfig)) {
if (log.isDebugEnabled()) {
log.debug("Client auth credential validation set to : " + authConfig + ". " +
"can authenticate without client secret");
}
return true;
}
}
}
return false;
}
Example #23
| Source File: JWTAccessTokenBuilder.java From msf4j with Apache License 2.0 | 5 votes |
|
/**
* To build id token from OauthToken request message context
*
* @param request Token request message context
* @return Signed jwt string.
* @throws IdentityOAuth2Exception
*/
protected String buildIDToken(OAuthTokenReqMessageContext request)
throws IdentityOAuth2Exception {
String issuer = OAuth2Util.getIDTokenIssuer();
long lifetimeInMillis = OAuthServerConfiguration.getInstance().
getApplicationAccessTokenValidityPeriodInSeconds() * 1000;
long curTimeInMillis = Calendar.getInstance().getTimeInMillis();
// setting subject
String subject = request.getAuthorizedUser().getAuthenticatedSubjectIdentifier();
if (!StringUtils.isNotBlank(subject)) {
subject = request.getAuthorizedUser().getUserName();
}
// Set claims to jwt token.
JWTClaimsSet jwtClaimsSet = new JWTClaimsSet();
jwtClaimsSet.setIssuer(issuer);
jwtClaimsSet.setSubject(subject);
jwtClaimsSet.setAudience(Arrays.asList(request.getOauth2AccessTokenReqDTO().getClientId()));
jwtClaimsSet.setClaim(Constants.AUTHORIZATION_PARTY, request.getOauth2AccessTokenReqDTO().getClientId());
jwtClaimsSet.setExpirationTime(new Date(curTimeInMillis + lifetimeInMillis));
jwtClaimsSet.setIssueTime(new Date(curTimeInMillis));
addUserClaims(jwtClaimsSet, request.getAuthorizedUser());
if (JWSAlgorithm.NONE.getName().equals(signatureAlgorithm.getName())) {
return new PlainJWT(jwtClaimsSet).serialize();
}
return signJWT(jwtClaimsSet, request);
}
Example #24
| Source File: JWTAccessTokenBuilder.java From msf4j with Apache License 2.0 | 5 votes |
|
public String accessToken(OAuthTokenReqMessageContext oAuthTokenReqMessageContext) throws OAuthSystemException {
if (log.isDebugEnabled()) {
log.debug("Access token request with token request message context. Authorized user " +
oAuthTokenReqMessageContext.getAuthorizedUser().toString());
}
try {
return this.buildIDToken(oAuthTokenReqMessageContext);
} catch (IdentityOAuth2Exception e) {
if (log.isDebugEnabled()) {
log.debug("Error occurred while issuing jwt access token. Hence returning default token", e);
}
// Return default access token if it fails to build jwt
return super.accessToken(oAuthTokenReqMessageContext);
}
}
Example #25
| Source File: SAMLAssertionClaimsCallback.java From carbon-identity with Apache License 2.0 | 5 votes |
|
/**
* Get response map
*
* @param requestMsgCtx Token request message context
* @return Mapped claimed
* @throws OAuthSystemException
*/
private Map<String, Object> getResponse(OAuthTokenReqMessageContext requestMsgCtx)
throws OAuthSystemException {
Map<ClaimMapping, String> userAttributes =
getUserAttributesFromCache(requestMsgCtx.getProperty(OAuthConstants.ACCESS_TOKEN).toString());
Map<String, Object> claims = Collections.emptyMap();
if (userAttributes.isEmpty() && requestMsgCtx.getProperty(OAuthConstants.AUTHZ_CODE) != null) {
userAttributes =
getUserAttributesFromCache(requestMsgCtx.getProperty(OAuthConstants.AUTHZ_CODE).toString());
}
// If subject claim uri is null, we get the actual user name of the logged in user.
if (MapUtils.isEmpty(userAttributes) && (getSubjectClaimUri(requestMsgCtx) == null)) {
if (log.isDebugEnabled()) {
log.debug("User attributes not found in cache. Trying to retrieve attribute for user " + requestMsgCtx
.getAuthorizedUser());
}
try {
claims = getClaimsFromUserStore(requestMsgCtx);
} catch (UserStoreException | IdentityApplicationManagementException | IdentityException e) {
log.error("Error occurred while getting claims for user " + requestMsgCtx.getAuthorizedUser(), e);
}
} else {
claims = getClaimsMap(userAttributes);
}
return claims;
}
Example #26
| Source File: ExtendedPasswordGrantHandler.java From carbon-apimgt with Apache License 2.0 | 4 votes |
|
@Override
public boolean validateScope(OAuthTokenReqMessageContext tokReqMsgCtx){
return ScopesIssuer.getInstance().setScopes(tokReqMsgCtx);
}
Example #27
| Source File: ExtendedAuthorizationCodeGrantHandler.java From carbon-apimgt with Apache License 2.0 | 4 votes |
|
@Override
public boolean validateGrant(OAuthTokenReqMessageContext tokReqMsgCtx) throws IdentityOAuth2Exception {
return super.validateGrant(tokReqMsgCtx);
}
Example #28
| Source File: ExtendedAuthorizationCodeGrantHandler.java From carbon-apimgt with Apache License 2.0 | 4 votes |
|
@Override
public OAuth2AccessTokenRespDTO issue(OAuthTokenReqMessageContext tokReqMsgCtx)
throws IdentityOAuth2Exception {
return super.issue(tokReqMsgCtx);
}
Example #29
| Source File: ExtendedAuthorizationCodeGrantHandler.java From carbon-apimgt with Apache License 2.0 | 4 votes |
|
@Override
public boolean authorizeAccessDelegation(OAuthTokenReqMessageContext tokReqMsgCtx)
throws IdentityOAuth2Exception {
return super.authorizeAccessDelegation(tokReqMsgCtx);
}
Example #30
| Source File: ExtendedAuthorizationCodeGrantHandler.java From carbon-apimgt with Apache License 2.0 | 4 votes |
|
@Override
public boolean validateScope(OAuthTokenReqMessageContext tokReqMsgCtx) {
return ScopesIssuer.getInstance().setScopes(tokReqMsgCtx);
}
