예제 #1
0
  /**
   * Issue access token in exchange to an Authorization Grant.
   *
   * @param tokenReqDTO <Code>OAuth2AccessTokenReqDTO</Code> representing the Access Token request
   * @return <Code>OAuth2AccessTokenRespDTO</Code> representing the Access Token response
   */
  public OAuth2AccessTokenRespDTO issueAccessToken(OAuth2AccessTokenReqDTO tokenReqDTO) {

    if (log.isDebugEnabled()) {
      log.debug(
          "Access Token request received for Client ID "
              + tokenReqDTO.getClientId()
              + ", User ID "
              + tokenReqDTO.getResourceOwnerUsername()
              + ", Scope : "
              + Arrays.toString(tokenReqDTO.getScope())
              + " and Grant Type : "
              + tokenReqDTO.getGrantType());
    }

    try {
      AccessTokenIssuer tokenIssuer = AccessTokenIssuer.getInstance();
      return tokenIssuer.issue(tokenReqDTO);
    } catch (InvalidOAuthClientException e) {
      if (log.isDebugEnabled()) {
        log.debug(
            "Error occurred while issuing access token for Client ID : "
                + tokenReqDTO.getClientId()
                + ", User ID: "
                + tokenReqDTO.getResourceOwnerUsername()
                + ", Scope : "
                + Arrays.toString(tokenReqDTO.getScope())
                + " and Grant Type : "
                + tokenReqDTO.getGrantType(),
            e);
      }
      OAuth2AccessTokenRespDTO tokenRespDTO = new OAuth2AccessTokenRespDTO();
      tokenRespDTO.setError(true);
      tokenRespDTO.setErrorCode(OAuth2ErrorCodes.INVALID_CLIENT);
      tokenRespDTO.setErrorMsg("Invalid Client");
      return tokenRespDTO;
    } catch (Exception e) { // in case of an error, consider it as a system error
      log.error(
          "Error occurred while issuing the access token for Client ID : "
              + tokenReqDTO.getClientId()
              + ", User ID "
              + tokenReqDTO.getResourceOwnerUsername()
              + ", Scope : "
              + Arrays.toString(tokenReqDTO.getScope())
              + " and Grant Type : "
              + tokenReqDTO.getGrantType(),
          e);
      OAuth2AccessTokenRespDTO tokenRespDTO = new OAuth2AccessTokenRespDTO();
      tokenRespDTO.setError(true);
      if (e.getCause().getCause() instanceof SQLIntegrityConstraintViolationException) {
        tokenRespDTO.setErrorCode("sql_error");
      } else {
        tokenRespDTO.setErrorCode(OAuth2ErrorCodes.SERVER_ERROR);
      }
      tokenRespDTO.setErrorMsg("Server Error");
      return tokenRespDTO;
    }
  }
예제 #2
0
  @Override
  public boolean validateGrant(OAuthTokenReqMessageContext tokReqMsgCtx)
      throws IdentityOAuth2Exception {
    OAuth2AccessTokenReqDTO oAuth2AccessTokenReqDTO = tokReqMsgCtx.getOauth2AccessTokenReqDTO();
    String username = oAuth2AccessTokenReqDTO.getResourceOwnerUsername();
    int tenantId;
    try {
      tenantId = IdentityUtil.getTenantIdOFUser(username);
    } catch (IdentityException e) {
      throw new IdentityOAuth2Exception(e.getMessage(), e);
    }

    // tenantId == -1, means an invalid tenant.
    if (tenantId == -1) {
      /*if (log.isDebugEnabled()) {
          log.debug("Token request with Password Grant Type for an invalid tenant : " +
                  MultitenantUtils.getTenantDomain(username));
      }
      return false;*/
      tenantId = MultitenantConstants.SUPER_TENANT_ID;
    }

    RealmService realmService = OAuthComponentServiceHolder.getRealmService();
    boolean authStatus;
    try {
      UserStoreManager userStoreManager =
          realmService.getTenantUserRealm(tenantId).getUserStoreManager();
      authStatus =
          userStoreManager.authenticate(
              MultitenantUtils.getTenantAwareUsername(username),
              oAuth2AccessTokenReqDTO.getResourceOwnerPassword());

      if (log.isDebugEnabled()) {
        log.debug(
            "Token request with Password Grant Type received. "
                + "Username : "******"Scope : "
                + OAuth2Util.buildScopeString(oAuth2AccessTokenReqDTO.getScope())
                + ", Authentication State : "
                + authStatus);
      }

    } catch (UserStoreException e) {
      throw new IdentityOAuth2Exception("Error when authenticating the user credentials.", e);
    }

    tokReqMsgCtx.setAuthorizedUser(oAuth2AccessTokenReqDTO.getResourceOwnerUsername());
    tokReqMsgCtx.setScope(oAuth2AccessTokenReqDTO.getScope());
    return authStatus;
  }