@Override
  public SortedMap<String, String> getClaims(String endUserName, String[] requestedClaims)
      throws IdentityOAuth2Exception {
    SortedMap<String, String> claimValues;
    try {
      int tenantId = JWTTokenGenerator.getTenantId(endUserName);
      // check in local cache
      String key = endUserName + ":" + tenantId;
      CacheKey cacheKey = new ClaimCacheKey(key);
      Object result = claimsLocalCache.getValueFromCache(cacheKey);

      if (result != null) {
        claimValues = ((UserClaims) result).getClaimValues();
      } else {
        // if no claims were requested, return all
        if (requestedClaims == null) {
          log.debug("No claims set requested. Returning all claims in the dialect");
          ClaimManager claimManager =
              OAuthComponentServiceHolder.getRealmService()
                  .getTenantUserRealm(tenantId)
                  .getClaimManager();
          ClaimMapping[] claims = claimManager.getAllClaimMappings(dialectURI);
          requestedClaims = claimToString(claims);
        }

        UserStoreManager userStoreManager =
            OAuthComponentServiceHolder.getRealmService()
                .getTenantUserRealm(tenantId)
                .getUserStoreManager();
        claimValues =
            new TreeMap(userStoreManager.getUserClaimValues(endUserName, requestedClaims, null));
        UserClaims userClaims = new UserClaims(claimValues);
        claimsLocalCache.addToCache(cacheKey, userClaims);
      }
    } catch (UserStoreException e) {
      log.debug("Error while reading user claims ", e);
      throw new IdentityOAuth2Exception(
          "Error while retrieving user claim values from " + "user store: " + e.getMessage());
    }
    return claimValues;
  }
Beispiel #2
0
  @Override
  public boolean validateGrant(OAuthTokenReqMessageContext tokReqMsgCtx)
      throws IdentityOAuth2Exception {
    OAuth2AccessTokenReqDTO oAuth2AccessTokenReqDTO = tokReqMsgCtx.getOauth2AccessTokenReqDTO();
    String username = oAuth2AccessTokenReqDTO.getResourceOwnerUsername();
    int tenantId;
    try {
      tenantId = IdentityUtil.getTenantIdOFUser(username);
    } catch (IdentityException e) {
      throw new IdentityOAuth2Exception(e.getMessage(), e);
    }

    // tenantId == -1, means an invalid tenant.
    if (tenantId == -1) {
      /*if (log.isDebugEnabled()) {
          log.debug("Token request with Password Grant Type for an invalid tenant : " +
                  MultitenantUtils.getTenantDomain(username));
      }
      return false;*/
      tenantId = MultitenantConstants.SUPER_TENANT_ID;
    }

    RealmService realmService = OAuthComponentServiceHolder.getRealmService();
    boolean authStatus;
    try {
      UserStoreManager userStoreManager =
          realmService.getTenantUserRealm(tenantId).getUserStoreManager();
      authStatus =
          userStoreManager.authenticate(
              MultitenantUtils.getTenantAwareUsername(username),
              oAuth2AccessTokenReqDTO.getResourceOwnerPassword());

      if (log.isDebugEnabled()) {
        log.debug(
            "Token request with Password Grant Type received. "
                + "Username : "******"Scope : "
                + OAuth2Util.buildScopeString(oAuth2AccessTokenReqDTO.getScope())
                + ", Authentication State : "
                + authStatus);
      }

    } catch (UserStoreException e) {
      throw new IdentityOAuth2Exception("Error when authenticating the user credentials.", e);
    }

    tokReqMsgCtx.setAuthorizedUser(oAuth2AccessTokenReqDTO.getResourceOwnerUsername());
    tokReqMsgCtx.setScope(oAuth2AccessTokenReqDTO.getScope());
    return authStatus;
  }