Java Code Examples for org.wso2.carbon.identity.oauth2.token.OAuthTokenReqMessageContext#getAuthorizedUser()

The following examples show how to use org.wso2.carbon.identity.oauth2.token.OAuthTokenReqMessageContext#getAuthorizedUser() . You can vote up the ones you like or vote down the ones you don't like, and go to the original project or source file by following the links above each example. You may check out the related API usage on the sidebar.
Example 1
Source File: AbstractAuthorizationGrantHandler.java    From carbon-identity with Apache License 2.0 6 votes vote down vote up 
@Override
public boolean authorizeAccessDelegation(OAuthTokenReqMessageContext tokReqMsgCtx)
        throws IdentityOAuth2Exception {
    OAuthCallback authzCallback = new OAuthCallback(tokReqMsgCtx.getAuthorizedUser(),
            tokReqMsgCtx.getOauth2AccessTokenReqDTO().getClientId(),
            OAuthCallback.OAuthCallbackType.ACCESS_DELEGATION_TOKEN);
    authzCallback.setRequestedScope(tokReqMsgCtx.getScope());
    if (tokReqMsgCtx.getOauth2AccessTokenReqDTO().getGrantType().equals(
            org.wso2.carbon.identity.oauth.common.GrantType.SAML20_BEARER.toString())) {
        authzCallback.setCarbonGrantType(org.wso2.carbon.identity.oauth.common.GrantType.valueOf(
                OAuthConstants.OAUTH_SAML2_BEARER_GRANT_ENUM.toString()));
    } else if (tokReqMsgCtx.getOauth2AccessTokenReqDTO().getGrantType().equals(
            org.wso2.carbon.identity.oauth.common.GrantType.IWA_NTLM.toString())) {
        authzCallback.setCarbonGrantType(org.wso2.carbon.identity.oauth.common.GrantType.valueOf(
                OAuthConstants.OAUTH_IWA_NTLM_GRANT_ENUM.toString()));
    } else {
        authzCallback.setGrantType(tokReqMsgCtx.getOauth2AccessTokenReqDTO().getGrantType());
    }
    callbackManager.handleCallback(authzCallback);
    tokReqMsgCtx.setValidityPeriod(authzCallback.getValidityPeriod());
    return authzCallback.isAuthorized();
}
Example 2
Source File: AbstractAuthorizationGrantHandler.java    From carbon-identity with Apache License 2.0 6 votes vote down vote up 
@Override
public boolean validateScope(OAuthTokenReqMessageContext tokReqMsgCtx)
        throws IdentityOAuth2Exception {
    OAuthCallback scopeValidationCallback = new OAuthCallback(tokReqMsgCtx.getAuthorizedUser(),
            tokReqMsgCtx.getOauth2AccessTokenReqDTO().getClientId(), OAuthCallback.OAuthCallbackType
            .SCOPE_VALIDATION_TOKEN);
    scopeValidationCallback.setRequestedScope(tokReqMsgCtx.getScope());
    if (tokReqMsgCtx.getOauth2AccessTokenReqDTO().getGrantType().equals(
            org.wso2.carbon.identity.oauth.common.GrantType.SAML20_BEARER.toString())) {
        scopeValidationCallback.setCarbonGrantType(org.wso2.carbon.identity.oauth.common.GrantType.valueOf(
                OAuthConstants.OAUTH_SAML2_BEARER_GRANT_ENUM.toString()));
    } else if (tokReqMsgCtx.getOauth2AccessTokenReqDTO().getGrantType().equals(
            org.wso2.carbon.identity.oauth.common.GrantType.IWA_NTLM.toString())) {
        scopeValidationCallback.setCarbonGrantType(org.wso2.carbon.identity.oauth.common.GrantType.valueOf(
                OAuthConstants.OAUTH_IWA_NTLM_GRANT_ENUM.toString()));
    } else {
        scopeValidationCallback.setGrantType(tokReqMsgCtx.getOauth2AccessTokenReqDTO().getGrantType());
    }

    callbackManager.handleCallback(scopeValidationCallback);
    tokReqMsgCtx.setValidityPeriod(scopeValidationCallback.getValidityPeriod());
    tokReqMsgCtx.setScope(scopeValidationCallback.getApprovedScope());
    return scopeValidationCallback.isValidScope();
}
Example 3
Source File: PermissionBasedScopeIssuer.java    From carbon-apimgt with Apache License 2.0 6 votes vote down vote up 
/**
 * This method is used to retrieve the authorized scopes with respect to a token.
 *
 * @param tokReqMsgCtx      token message context
 * @param whiteListedScopes scopes to be white listed
 * @return authorized scopes list
 */
@Override
public List<String> getScopes(OAuthTokenReqMessageContext tokReqMsgCtx, List<String> whiteListedScopes) {

    List<String> authorizedScopes = null;
    List<String> requestedScopes = Arrays.asList(tokReqMsgCtx.getScope());
    String clientId = tokReqMsgCtx.getOauth2AccessTokenReqDTO().getClientId();
    AuthenticatedUser authenticatedUser = tokReqMsgCtx.getAuthorizedUser();
    Map<String, String> appScopes = getAppScopes(clientId, authenticatedUser);
    if (appScopes != null) {
        //If no scopes can be found in the context of the application
        if (isAppScopesEmpty(appScopes, clientId)) {
            return getAllowedScopes(whiteListedScopes, requestedScopes);
        }
        authorizedScopes = getAuthorizedScopes(authenticatedUser, requestedScopes, appScopes, whiteListedScopes);
    }
    return authorizedScopes;
}
Example 4
Source File: ExtendedSAML2BearerGrantHandler.java    From carbon-device-mgt with Apache License 2.0 5 votes vote down vote up 
@Override
public boolean validateGrant(OAuthTokenReqMessageContext tokReqMsgCtx) throws IdentityOAuth2Exception {
    if(!super.validateGrant(tokReqMsgCtx)){
        return false;
    }
    AuthenticatedUser authenticatedUser = tokReqMsgCtx.getAuthorizedUser();
    authenticatedUser.setUserName(MultitenantUtils.getTenantAwareUsername(authenticatedUser.getUserName()));
    return true;
}
Example 5
Source File: ExtendedClientCredentialsGrantHandler.java    From carbon-apimgt with Apache License 2.0 5 votes vote down vote up 
@Override
public boolean validateGrant(OAuthTokenReqMessageContext tokReqMsgCtx)
        throws IdentityOAuth2Exception {

    boolean validateResult = super.validateGrant(tokReqMsgCtx);
    AuthenticatedUser user = tokReqMsgCtx.getAuthorizedUser();
    String username = user.getUserName();
    user.setUserName(username);
    tokReqMsgCtx.setAuthorizedUser(user);

    return validateResult;
}
Example 6
Source File: ExtendedSAML2BearerGrantHandler.java    From carbon-apimgt with Apache License 2.0 5 votes vote down vote up 
@Override
public boolean validateScope(OAuthTokenReqMessageContext tokReqMsgCtx) {
    String isSAML2Enabled = System.getProperty(ResourceConstants.CHECK_ROLES_FROM_SAML_ASSERTION);

    // set user as federated only if CHECK_ROLES_FROM_SAML_ASSERTION system property is set
    if (Boolean.parseBoolean(isSAML2Enabled)) {
        AuthenticatedUser authenticatedUser = tokReqMsgCtx.getAuthorizedUser();
        authenticatedUser.setUserStoreDomain("FEDERATED");
        tokReqMsgCtx.setAuthorizedUser(authenticatedUser);
    }

    return ScopesIssuer.getInstance().setScopes(tokReqMsgCtx);
}
Example 7
Source File: RoleBasedScopesIssuer.java    From carbon-apimgt with Apache License 2.0 4 votes vote down vote up 
/**
 * This method is used to retrieve the authorized scopes with respect to a token.
 *
 * @param tokReqMsgCtx      token message context
 * @param whiteListedScopes scopes to be white listed
 * @return authorized scopes list
 */
@Override
public List<String> getScopes(OAuthTokenReqMessageContext tokReqMsgCtx, List<String> whiteListedScopes) {

    List<String> authorizedScopes = null;
    String[] requestedScopes = tokReqMsgCtx.getScope();
    String clientId = tokReqMsgCtx.getOauth2AccessTokenReqDTO().getClientId();
    AuthenticatedUser authenticatedUser = tokReqMsgCtx.getAuthorizedUser();

    Map<String, String> appScopes = getAppScopes(clientId, authenticatedUser);
    if (appScopes != null) {
        //If no scopes can be found in the context of the application
        if (isAppScopesEmpty(appScopes, clientId)) {
            return getAllowedScopes(whiteListedScopes, Arrays.asList(requestedScopes));
        }

        String grantType = tokReqMsgCtx.getOauth2AccessTokenReqDTO().getGrantType();
        String[] userRoles = null;

        // If GrantType is SAML20_BEARER and CHECK_ROLES_FROM_SAML_ASSERTION is true, or if GrantType is
        // JWT_BEARER and retrieveRolesFromUserStoreForScopeValidation system property is true,
        // use user roles from assertion or jwt otherwise use roles from userstore.
        String isSAML2Enabled = System.getProperty(ResourceConstants.CHECK_ROLES_FROM_SAML_ASSERTION);
        String isRetrieveRolesFromUserStoreForScopeValidation = System
                .getProperty(ResourceConstants.RETRIEVE_ROLES_FROM_USERSTORE_FOR_SCOPE_VALIDATION);
        if (GrantType.SAML20_BEARER.toString().equals(grantType) && Boolean.parseBoolean(isSAML2Enabled)) {
            Assertion assertion = (Assertion) tokReqMsgCtx.getProperty(ResourceConstants.SAML2_ASSERTION);
            userRoles = getRolesFromAssertion(assertion);
        } else if (JWTConstants.OAUTH_JWT_BEARER_GRANT_TYPE.equals(grantType) && !(Boolean
                .parseBoolean(isRetrieveRolesFromUserStoreForScopeValidation))) {
            AuthenticatedUser user = tokReqMsgCtx.getAuthorizedUser();
            Map<ClaimMapping, String> userAttributes = user.getUserAttributes();
            if (tokReqMsgCtx.getProperty(ResourceConstants.ROLE_CLAIM) != null) {
                userRoles = getRolesFromUserAttribute(userAttributes,
                        tokReqMsgCtx.getProperty(ResourceConstants.ROLE_CLAIM).toString());
            }
        } else {
            userRoles = getUserRoles(authenticatedUser);
        }
        authorizedScopes = getAuthorizedScopes(userRoles, requestedScopes, appScopes, whiteListedScopes);
    }
    return authorizedScopes;
}