Java Code Examples for org.wso2.carbon.identity.oauth2.token.OAuthTokenReqMessageContext#getProperty()
The following examples show how to use
org.wso2.carbon.identity.oauth2.token.OAuthTokenReqMessageContext#getProperty() .
You can vote up the ones you like or vote down the ones you don't like,
and go to the original project or source file by following the links above each example. You may check out the related API usage on the sidebar.
Example 1
| Source File: DefaultIDTokenBuilder.java From carbon-identity with Apache License 2.0 | 5 votes |
|
/**
* @param request
* @return AuthorizationGrantCacheEntry contains user attributes and nonce value
*/
private AuthorizationGrantCacheEntry getAuthorizationGrantCacheEntry(
OAuthTokenReqMessageContext request) {
String authorizationCode = (String) request.getProperty(AUTHORIZATION_CODE);
AuthorizationGrantCacheKey authorizationGrantCacheKey = new AuthorizationGrantCacheKey(authorizationCode);
AuthorizationGrantCacheEntry authorizationGrantCacheEntry =
(AuthorizationGrantCacheEntry) AuthorizationGrantCache.getInstance().
getValueFromCacheByCode(authorizationGrantCacheKey);
return authorizationGrantCacheEntry;
}
Example 2
| Source File: SAMLAssertionClaimsCallback.java From carbon-identity with Apache License 2.0 | 5 votes |
|
/**
* Get response map
*
* @param requestMsgCtx Token request message context
* @return Mapped claimed
* @throws OAuthSystemException
*/
private Map<String, Object> getResponse(OAuthTokenReqMessageContext requestMsgCtx)
throws OAuthSystemException {
Map<ClaimMapping, String> userAttributes =
getUserAttributesFromCache(requestMsgCtx.getProperty(OAuthConstants.ACCESS_TOKEN).toString());
Map<String, Object> claims = Collections.emptyMap();
if (userAttributes.isEmpty() && requestMsgCtx.getProperty(OAuthConstants.AUTHZ_CODE) != null) {
userAttributes =
getUserAttributesFromCache(requestMsgCtx.getProperty(OAuthConstants.AUTHZ_CODE).toString());
}
// If subject claim uri is null, we get the actual user name of the logged in user.
if (MapUtils.isEmpty(userAttributes) && (getSubjectClaimUri(requestMsgCtx) == null)) {
if (log.isDebugEnabled()) {
log.debug("User attributes not found in cache. Trying to retrieve attribute for user " + requestMsgCtx
.getAuthorizedUser());
}
try {
claims = getClaimsFromUserStore(requestMsgCtx);
} catch (UserStoreException | IdentityApplicationManagementException | IdentityException e) {
log.error("Error occurred while getting claims for user " + requestMsgCtx.getAuthorizedUser(), e);
}
} else {
claims = getClaimsMap(userAttributes);
}
return claims;
}
Example 3
| Source File: AuthorizationCodeGrantHandler.java From carbon-identity with Apache License 2.0 | 5 votes |
|
@Override
public OAuth2AccessTokenRespDTO issue(OAuthTokenReqMessageContext tokReqMsgCtx)
throws IdentityOAuth2Exception {
OAuth2AccessTokenRespDTO tokenRespDTO = super.issue(tokReqMsgCtx);
// get the token from the OAuthTokenReqMessageContext which is stored while validating
// the authorization code.
String authzCode = (String) tokReqMsgCtx.getProperty(AUTHZ_CODE);
// if it's not there (which is unlikely), recalculate it.
if (authzCode == null) {
authzCode = tokReqMsgCtx.getOauth2AccessTokenReqDTO().getAuthorizationCode();
}
// Clear the cache entry
if (cacheEnabled) {
String clientId = tokReqMsgCtx.getOauth2AccessTokenReqDTO().getClientId();
OAuthCacheKey cacheKey = new OAuthCacheKey(OAuth2Util.buildCacheKeyStringForAuthzCode(
clientId, authzCode));
oauthCache.clearCacheEntry(cacheKey);
if (log.isDebugEnabled()) {
log.debug("Cache was cleared for authorization code info for client id : " + clientId);
}
}
return tokenRespDTO;
}
Example 4
| Source File: RoleBasedScopesIssuer.java From carbon-apimgt with Apache License 2.0 | 4 votes |
|
/**
* This method is used to retrieve the authorized scopes with respect to a token.
*
* @param tokReqMsgCtx token message context
* @param whiteListedScopes scopes to be white listed
* @return authorized scopes list
*/
@Override
public List<String> getScopes(OAuthTokenReqMessageContext tokReqMsgCtx, List<String> whiteListedScopes) {
List<String> authorizedScopes = null;
String[] requestedScopes = tokReqMsgCtx.getScope();
String clientId = tokReqMsgCtx.getOauth2AccessTokenReqDTO().getClientId();
AuthenticatedUser authenticatedUser = tokReqMsgCtx.getAuthorizedUser();
Map<String, String> appScopes = getAppScopes(clientId, authenticatedUser);
if (appScopes != null) {
//If no scopes can be found in the context of the application
if (isAppScopesEmpty(appScopes, clientId)) {
return getAllowedScopes(whiteListedScopes, Arrays.asList(requestedScopes));
}
String grantType = tokReqMsgCtx.getOauth2AccessTokenReqDTO().getGrantType();
String[] userRoles = null;
// If GrantType is SAML20_BEARER and CHECK_ROLES_FROM_SAML_ASSERTION is true, or if GrantType is
// JWT_BEARER and retrieveRolesFromUserStoreForScopeValidation system property is true,
// use user roles from assertion or jwt otherwise use roles from userstore.
String isSAML2Enabled = System.getProperty(ResourceConstants.CHECK_ROLES_FROM_SAML_ASSERTION);
String isRetrieveRolesFromUserStoreForScopeValidation = System
.getProperty(ResourceConstants.RETRIEVE_ROLES_FROM_USERSTORE_FOR_SCOPE_VALIDATION);
if (GrantType.SAML20_BEARER.toString().equals(grantType) && Boolean.parseBoolean(isSAML2Enabled)) {
Assertion assertion = (Assertion) tokReqMsgCtx.getProperty(ResourceConstants.SAML2_ASSERTION);
userRoles = getRolesFromAssertion(assertion);
} else if (JWTConstants.OAUTH_JWT_BEARER_GRANT_TYPE.equals(grantType) && !(Boolean
.parseBoolean(isRetrieveRolesFromUserStoreForScopeValidation))) {
AuthenticatedUser user = tokReqMsgCtx.getAuthorizedUser();
Map<ClaimMapping, String> userAttributes = user.getUserAttributes();
if (tokReqMsgCtx.getProperty(ResourceConstants.ROLE_CLAIM) != null) {
userRoles = getRolesFromUserAttribute(userAttributes,
tokReqMsgCtx.getProperty(ResourceConstants.ROLE_CLAIM).toString());
}
} else {
userRoles = getUserRoles(authenticatedUser);
}
authorizedScopes = getAuthorizedScopes(userRoles, requestedScopes, appScopes, whiteListedScopes);
}
return authorizedScopes;
}
