OpenAMOAuth2ProviderSettings.java revision 02b85867be37dad95903d24592f5a8e6f9fb64ba
/*
* The contents of this file are subject to the terms of the Common Development and
* Distribution License (the License). You may not use this file except in compliance with the
* License.
*
* You can obtain a copy of the License at legal/CDDLv1.0.txt. See the License for the
* specific language governing permission and limitations under the License.
*
* When distributing Covered Software, include this CDDL Header Notice in each file and include
* the License file at legal/CDDLv1.0.txt. If applicable, add the following below the CDDL
* Header, with the fields enclosed by brackets [] replaced by your own identifying
* information: "Portions copyright [year] [name of copyright owner]".
*
* Copyright 2014 ForgeRock AS.
*/
/**
* Models all of the possible settings the OpenAM OAuth2 provider can have and that can be configured.
*
* @since 12.0.0
*/
public class OpenAMOAuth2ProviderSettings extends OpenAMSettingsImpl implements OAuth2ProviderSettings {
private final String deploymentUrl;
private final CookieExtractor cookieExtractor;
private ScopeValidator scopeValidator;
/**
* Constructs a new OpenAMOAuth2ProviderSettings.
*
* @param realm The realm.
* @param deploymentUrl The deployment url.
* @param cookieExtractor An instance of the CookieExtractor.
*/
public OpenAMOAuth2ProviderSettings(String realm, String deploymentUrl, CookieExtractor cookieExtractor) {
this.deploymentUrl = deploymentUrl;
this.cookieExtractor = cookieExtractor;
}
private void addServiceListener() {
try {
"changes will not be dynamically updated for realm " + realm);
}
} catch (Exception e) {
}
}
/**
* {@inheritDoc}
*/
public Set<String> getSetting(String realm, String attributeName) throws SSOException, SMSException {
synchronized (attributeCache) {
}
return value;
}
}
/**
* {@inheritDoc}
*/
public Map<String, ResponseTypeHandler> getAllowedResponseTypes() throws UnsupportedResponseTypeException,
try {
Set<String> responseTypeSet = getSetting(realm, OAuth2Constants.OAuth2ProviderService.RESPONSE_TYPE_LIST);
return Collections.emptyMap();
}
continue;
}
}
return responseTypes;
} catch (SMSException e) {
throw new ServerException(e);
} catch (SSOException e) {
throw new ServerException(e);
}
}
throws UnsupportedResponseTypeException {
logger.warning("Requested a response type that is not configured. response_type=" + responseTypeName);
throw new UnsupportedResponseTypeException("Response type is not supported");
return new NoneResponseTypeHandler();
}
try {
.asSubclass(ResponseType.class));
}
} catch (ClassNotFoundException e) {
throw new UnsupportedResponseTypeException("Response type is not supported");
}
}
/**
* {@inheritDoc}
*/
try {
}
//check the values of the attribute set vs the scope and client requested
//attribute set is in the form of client_id|scope1 scope2 scope3
}
} else {
}
//if both the client and the scopes are identical to the saved consent then approve
return true;
}
}
} catch (Exception e) {
return false;
}
return false;
}
if (scopeValidator == null) {
try {
final String scopeValidatorClassName =
if (isEmpty(scopeValidatorClassName)) {
throw new ServerException("Scope Validator class not set.");
}
return new LegacyScopeValidator(scopeClass);
}
} catch (SSOException e) {
throw new ServerException(e);
} catch (SMSException e) {
throw new ServerException(e);
} catch (ClassNotFoundException e) {
throw new ServerException(e);
}
}
return scopeValidator;
}
/**
* Wraps a legacy {@link Scope} as a {@link ScopeValidator}.
*
* @since 12.0.0
*/
private final class LegacyScopeValidator implements ScopeValidator {
private Scope scopeValidator;
this.scopeValidator = scopeValidator;
}
/**
* {@inheritDoc}
*/
public Set<String> validateAuthorizationScope(ClientRegistration clientRegistration, Set<String> scope) {
return scopeValidator.scopeToPresentOnAuthorizationPage(scope, clientRegistration.getAllowedScopes(),
}
/**
* {@inheritDoc}
*/
public Set<String> validateAccessTokenScope(ClientRegistration clientRegistration, Set<String> scope,
}
/**
* {@inheritDoc}
*/
public Set<String> validateRefreshTokenScope(ClientRegistration clientRegistration, Set<String> requestedScope,
return scopeValidator.scopeRequestedForRefreshToken(requestedScope, clientRegistration.getAllowedScopes(),
}
/**
* {@inheritDoc}
*/
throws UnauthorizedClientException {
}
/**
* {@inheritDoc}
*/
}
/**
* {@inheritDoc}
*/
try {
} catch (ServerException e) {
}
}
return scopeValidator.extraDataToReturnForAuthorizeEndpoint(new HashMap<String, String>(), legacyTokens);
}
/**
* {@inheritDoc}
*/
throws ServerException, InvalidClientException {
data.put(OAuth2Constants.Custom.SSO_TOKEN_ID, getSsoToken(ServletUtils.getRequest(request.<Request>getRequest())));
if (tokenEntries != null) {
}
}
}
}
}
}
return null;
}
}
/**
* {@inheritDoc}
*/
public Set<String> validateAuthorizationScope(ClientRegistration clientRegistration, Set<String> scope)
throws ServerException {
}
/**
* {@inheritDoc}
*/
public Set<String> validateAccessTokenScope(ClientRegistration clientRegistration, Set<String> scope,
}
/**
* {@inheritDoc}
*/
public Set<String> validateRefreshTokenScope(ClientRegistration clientRegistration, Set<String> requestedScope,
return getScopeValidator().validateRefreshTokenScope(clientRegistration, requestedScope, tokenScope, request);
}
/**
* {@inheritDoc}
*/
public Map<String, Object> getUserInfo(AccessToken token, OAuth2Request request) throws ServerException,
}
/**
* {@inheritDoc}
*/
}
/**
* {@inheritDoc}
*/
}
/**
* {@inheritDoc}
*/
throws ServerException, InvalidClientException {
}
/**
* {@inheritDoc}
*/
try {
//get the current set of consents and add our new consent to it.
} else {
}
//update the user profile with our new consent settings
} catch (Exception e) {
}
}
/**
* {@inheritDoc}
*/
public boolean issueRefreshTokens() throws ServerException {
try {
} catch (SMSException e) {
throw new ServerException(e);
} catch (SSOException e) {
throw new ServerException(e);
}
}
/**
* {@inheritDoc}
*/
public boolean issueRefreshTokensOnRefreshingToken() throws ServerException {
try {
return getBooleanSetting(realm, OAuth2Constants.OAuth2ProviderService.ISSUE_REFRESH_TOKEN_ON_REFRESHING_TOKEN);
} catch (SMSException e) {
throw new ServerException(e);
} catch (SSOException e) {
throw new ServerException(e);
}
}
/**
* {@inheritDoc}
*/
public long getAuthorizationCodeLifetime() throws ServerException {
try {
} catch (SMSException e) {
throw new ServerException(e);
} catch (SSOException e) {
throw new ServerException(e);
}
}
/**
* {@inheritDoc}
*/
public long getAccessTokenLifetime() throws ServerException {
try {
} catch (SMSException e) {
throw new ServerException(e);
} catch (SSOException e) {
throw new ServerException(e);
}
}
/**
* {@inheritDoc}
*/
public long getOpenIdTokenLifetime() throws ServerException {
try {
} catch (SMSException e) {
throw new ServerException(e);
} catch (SSOException e) {
throw new ServerException(e);
}
}
/**
* {@inheritDoc}
*/
public long getRefreshTokenLifetime() throws ServerException {
try {
} catch (SMSException e) {
throw new ServerException(e);
} catch (SSOException e) {
throw new ServerException(e);
}
}
/**
* {@inheritDoc}
*/
try {
return getServerKeyPair(realm);
} catch (SMSException e) {
throw new ServerException(e);
} catch (SSOException e) {
throw new ServerException(e);
}
}
/**
* {@inheritDoc}
*/
try {
} catch (SMSException e) {
throw new ServerException(e);
} catch (SSOException e) {
throw new ServerException(e);
}
}
/**
* {@inheritDoc}
*/
try {
} catch (SMSException e) {
throw new ServerException(e);
} catch (SSOException e) {
throw new ServerException(e);
}
}
/**
* {@inheritDoc}
*/
try {
} catch (SMSException e) {
throw new ServerException(e);
} catch (SSOException e) {
throw new ServerException(e);
}
}
/**
* {@inheritDoc}
*/
public String getOpenIDConnectVersion() {
return "3.0";
}
/**
* {@inheritDoc}
*/
public String getOpenIDConnectIssuer() {
return deploymentUrl;
}
/**
* {@inheritDoc}
*/
public String getAuthorizationEndpoint() {
return deploymentUrl + "/oauth2/authorize";
}
/**
* {@inheritDoc}
*/
public String getTokenEndpoint() {
return deploymentUrl + "/oauth2/access_token";
}
/**
* {@inheritDoc}
*/
public String getUserInfoEndpoint() {
return deploymentUrl + "/oauth2/userinfo";
}
/**
* {@inheritDoc}
*/
public String getCheckSessionEndpoint() {
return deploymentUrl + "/oauth2/connect/checkSession";
}
/**
* {@inheritDoc}
*/
public String getEndSessionEndpoint() {
return deploymentUrl + "/oauth2/connect/endSession";
}
/**
* {@inheritDoc}
*/
try {
} catch (SMSException e) {
throw new ServerException(e);
} catch (SSOException e) {
throw new ServerException(e);
}
}
/**
* {@inheritDoc}
*/
public String getClientRegistrationEndpoint() {
return deploymentUrl + "/oauth2/connect/register";
}
/**
* {@inheritDoc}
*/
try {
} catch (SMSException e) {
throw new ServerException(e);
} catch (SSOException e) {
throw new ServerException(e);
}
}
/**
* ServiceListener implementation to clear cache when it changes.
*/
private final class OAuth2ProviderSettingsChangeListener implements ServiceListener {
+ ". This is unexpected.");
}
public void globalConfigChanged(String serviceName, String version, String groupName, String serviceComponent,
int type) {
logger.warning("The globalConfigChanged ServiceListener method was invoked for service " + serviceName);
//if the global config changes, all organizationalConfig change listeners are invoked as well.
}
public void organizationConfigChanged(String serviceName, String version, String orgName, String groupName,
if (logger.messageEnabled()) {
}
synchronized (attributeCache) {
}
} else {
if (logger.messageEnabled()) {
}
}
}
/*
The listener receives updates for all changes for each service instance in a given realm. I want to be sure
that I only pull updates as necessary if the update pertains to this particular realm.
*/
private boolean currentRealmTargetedByOrganizationUpdate(String serviceName, String version, String orgName,
int type) {
}
}
}