OAuth2AuditAccessTokenContextProvider.java revision d79b3a1008170c69ef720163254b78c998d55ee0
461da2984c747708e8badd27fa55ef879f40e712Pallavi Jha* The contents of this file are subject to the terms of the Common Development and
461da2984c747708e8badd27fa55ef879f40e712Pallavi Jha* Distribution License (the License). You may not use this file except in compliance with the
461da2984c747708e8badd27fa55ef879f40e712Pallavi Jha* You can obtain a copy of the License at legal/CDDLv1.0.txt. See the License for the
461da2984c747708e8badd27fa55ef879f40e712Pallavi Jha* specific language governing permission and limitations under the License.
461da2984c747708e8badd27fa55ef879f40e712Pallavi Jha* When distributing Covered Software, include this CDDL Header Notice in each file and include
461da2984c747708e8badd27fa55ef879f40e712Pallavi Jha* the License file at legal/CDDLv1.0.txt. If applicable, add the following below the CDDL
461da2984c747708e8badd27fa55ef879f40e712Pallavi Jha* Header, with the fields enclosed by brackets [] replaced by your own identifying
461da2984c747708e8badd27fa55ef879f40e712Pallavi Jha* information: "Portions copyright [year] [name of copyright owner]".
461da2984c747708e8badd27fa55ef879f40e712Pallavi Jha* Copyright 2015 ForgeRock AS.
461da2984c747708e8badd27fa55ef879f40e712Pallavi Jhaimport org.forgerock.oauth2.core.OAuth2RequestFactory;
461da2984c747708e8badd27fa55ef879f40e712Pallavi Jhaimport org.forgerock.oauth2.core.exceptions.InvalidGrantException;
461da2984c747708e8badd27fa55ef879f40e712Pallavi Jhaimport org.forgerock.oauth2.core.exceptions.NotFoundException;
461da2984c747708e8badd27fa55ef879f40e712Pallavi Jhaimport org.forgerock.oauth2.core.exceptions.ServerException;
461da2984c747708e8badd27fa55ef879f40e712Pallavi Jhaimport org.forgerock.openam.audit.AuditConstants.TrackingIdKey;
461da2984c747708e8badd27fa55ef879f40e712Pallavi Jhaimport static org.forgerock.openam.audit.AuditConstants.TrackingIdKey.OAUTH2_ACCESS;
461da2984c747708e8badd27fa55ef879f40e712Pallavi Jha * A provider which provides user id and context details for auditing purposes. This provider draws its details
461da2984c747708e8badd27fa55ef879f40e712Pallavi Jha * from an OAuth2 {@link AccessToken} if one is available.
461da2984c747708e8badd27fa55ef879f40e712Pallavi Jha * @since 13.0.0
4e5e846de22407f825fe3b4040d79606818a2419Jakub Hrozekpublic class OAuth2AuditAccessTokenContextProvider extends OAuth2AuditOAuth2TokenContextProvider {
461da2984c747708e8badd27fa55ef879f40e712Pallavi Jha private final OAuth2RequestFactory<Request> requestFactory;
80b5dbe123ec94c5a8fcb99f9a4953c1513deb58Sumit Bose * Create a new instance of OAuth2AuditAccessTokenContextProvider, which will use the supplied {@link TokenStore},
461da2984c747708e8badd27fa55ef879f40e712Pallavi Jha * {@link OAuth2RequestFactory}.
461da2984c747708e8badd27fa55ef879f40e712Pallavi Jha * @param tokenStore The helper to use for reading authentication JWTs.
461da2984c747708e8badd27fa55ef879f40e712Pallavi Jha * @param requestFactory The factory for creating OAuth2Request instances.
80b5dbe123ec94c5a8fcb99f9a4953c1513deb58Sumit Bose public OAuth2AuditAccessTokenContextProvider(TokenStore tokenStore, OAuth2RequestFactory<Request> requestFactory) {
461da2984c747708e8badd27fa55ef879f40e712Pallavi Jha * {@inheritDoc}
80b5dbe123ec94c5a8fcb99f9a4953c1513deb58Sumit Bose String userId = getUserIdFromAccessTokenFromAuthorizationHeader(request);
461da2984c747708e8badd27fa55ef879f40e712Pallavi Jha userId = getUserIdFromAccessTokenFromRequest(request);
461da2984c747708e8badd27fa55ef879f40e712Pallavi Jha * {@inheritDoc}
461da2984c747708e8badd27fa55ef879f40e712Pallavi Jha trackingId = getTrackingIdFromAccessTokenFromAuthorizationHeader(request);
461da2984c747708e8badd27fa55ef879f40e712Pallavi Jha trackingId = getTrackingIdFromAccessTokenFromRequest(request);
461da2984c747708e8badd27fa55ef879f40e712Pallavi Jha * {@inheritDoc}
461da2984c747708e8badd27fa55ef879f40e712Pallavi Jha private String getUserIdFromAccessTokenFromAuthorizationHeader(Request request) {
461da2984c747708e8badd27fa55ef879f40e712Pallavi Jha AccessToken accessToken = retrieveAccessTokenFromChallengeResponse(request);
461da2984c747708e8badd27fa55ef879f40e712Pallavi Jha private String getUserIdFromAccessTokenFromRequest(Request request) {
461da2984c747708e8badd27fa55ef879f40e712Pallavi Jha AccessToken accessToken = retrieveAccessTokenFromRequest(request);
bc052ea17d858c19f9cb9c9e2bc602e754f68831Sumit Bose private String getTrackingIdFromAccessTokenFromAuthorizationHeader(Request request) {
461da2984c747708e8badd27fa55ef879f40e712Pallavi Jha AccessToken accessToken = retrieveAccessTokenFromChallengeResponse(request);
80b5dbe123ec94c5a8fcb99f9a4953c1513deb58Sumit Bose trackingId = getTrackingIdFromToken(accessToken);
461da2984c747708e8badd27fa55ef879f40e712Pallavi Jha private String getTrackingIdFromAccessTokenFromRequest(Request request) {
461da2984c747708e8badd27fa55ef879f40e712Pallavi Jha AccessToken accessToken = retrieveAccessTokenFromRequest(request);
461da2984c747708e8badd27fa55ef879f40e712Pallavi Jha trackingId = getTrackingIdFromToken(accessToken);
461da2984c747708e8badd27fa55ef879f40e712Pallavi Jha private AccessToken retrieveAccessTokenFromChallengeResponse(Request request) {
461da2984c747708e8badd27fa55ef879f40e712Pallavi Jha ChallengeResponse challengeResponse = request.getChallengeResponse();
461da2984c747708e8badd27fa55ef879f40e712Pallavi Jha String bearerToken = challengeResponse.getRawValue();
461da2984c747708e8badd27fa55ef879f40e712Pallavi Jha OAuth2Request oAuth2Request = requestFactory.create(request);
461da2984c747708e8badd27fa55ef879f40e712Pallavi Jha token = tokenStore.readAccessToken(oAuth2Request, bearerToken);
461da2984c747708e8badd27fa55ef879f40e712Pallavi Jha } catch (ServerException | InvalidGrantException | NotFoundException e) {
461da2984c747708e8badd27fa55ef879f40e712Pallavi Jha private AccessToken retrieveAccessTokenFromRequest(Request request) {