@Override
public SortedMap<String, String> getClaims(String endUserName, String[] requestedClaims)
throws IdentityOAuth2Exception {
SortedMap<String, String> claimValues;
try {
int tenantId = JWTTokenGenerator.getTenantId(endUserName);
// check in local cache
String key = endUserName + ":" + tenantId;
CacheKey cacheKey = new ClaimCacheKey(key);
Object result = claimsLocalCache.getValueFromCache(cacheKey);
if (result != null) {
claimValues = ((UserClaims) result).getClaimValues();
} else {
// if no claims were requested, return all
if (requestedClaims == null) {
log.debug("No claims set requested. Returning all claims in the dialect");
ClaimManager claimManager =
OAuthComponentServiceHolder.getRealmService()
.getTenantUserRealm(tenantId)
.getClaimManager();
ClaimMapping[] claims = claimManager.getAllClaimMappings(dialectURI);
requestedClaims = claimToString(claims);
}
UserStoreManager userStoreManager =
OAuthComponentServiceHolder.getRealmService()
.getTenantUserRealm(tenantId)
.getUserStoreManager();
claimValues =
new TreeMap(userStoreManager.getUserClaimValues(endUserName, requestedClaims, null));
UserClaims userClaims = new UserClaims(claimValues);
claimsLocalCache.addToCache(cacheKey, userClaims);
}
} catch (UserStoreException e) {
log.debug("Error while reading user claims ", e);
throw new IdentityOAuth2Exception(
"Error while retrieving user claim values from " + "user store: " + e.getMessage());
}
return claimValues;
}
@Override
public boolean validateGrant(OAuthTokenReqMessageContext tokReqMsgCtx)
throws IdentityOAuth2Exception {
OAuth2AccessTokenReqDTO oAuth2AccessTokenReqDTO = tokReqMsgCtx.getOauth2AccessTokenReqDTO();
String username = oAuth2AccessTokenReqDTO.getResourceOwnerUsername();
int tenantId;
try {
tenantId = IdentityUtil.getTenantIdOFUser(username);
} catch (IdentityException e) {
throw new IdentityOAuth2Exception(e.getMessage(), e);
}
// tenantId == -1, means an invalid tenant.
if (tenantId == -1) {
/*if (log.isDebugEnabled()) {
log.debug("Token request with Password Grant Type for an invalid tenant : " +
MultitenantUtils.getTenantDomain(username));
}
return false;*/
tenantId = MultitenantConstants.SUPER_TENANT_ID;
}
RealmService realmService = OAuthComponentServiceHolder.getRealmService();
boolean authStatus;
try {
UserStoreManager userStoreManager =
realmService.getTenantUserRealm(tenantId).getUserStoreManager();
authStatus =
userStoreManager.authenticate(
MultitenantUtils.getTenantAwareUsername(username),
oAuth2AccessTokenReqDTO.getResourceOwnerPassword());
if (log.isDebugEnabled()) {
log.debug(
"Token request with Password Grant Type received. "
+ "Username : "******"Scope : "
+ OAuth2Util.buildScopeString(oAuth2AccessTokenReqDTO.getScope())
+ ", Authentication State : "
+ authStatus);
}
} catch (UserStoreException e) {
throw new IdentityOAuth2Exception("Error when authenticating the user credentials.", e);
}
tokReqMsgCtx.setAuthorizedUser(oAuth2AccessTokenReqDTO.getResourceOwnerUsername());
tokReqMsgCtx.setScope(oAuth2AccessTokenReqDTO.getScope());
return authStatus;
}