Пример #1
0
  @Override
  public boolean validateGrant(OAuthTokenReqMessageContext tokReqMsgCtx)
      throws IdentityOAuth2Exception {
    OAuth2AccessTokenReqDTO oAuth2AccessTokenReqDTO = tokReqMsgCtx.getOauth2AccessTokenReqDTO();
    String username = oAuth2AccessTokenReqDTO.getResourceOwnerUsername();
    int tenantId;
    try {
      tenantId = IdentityUtil.getTenantIdOFUser(username);
    } catch (IdentityException e) {
      throw new IdentityOAuth2Exception(e.getMessage(), e);
    }

    // tenantId == -1, means an invalid tenant.
    if (tenantId == -1) {
      /*if (log.isDebugEnabled()) {
          log.debug("Token request with Password Grant Type for an invalid tenant : " +
                  MultitenantUtils.getTenantDomain(username));
      }
      return false;*/
      tenantId = MultitenantConstants.SUPER_TENANT_ID;
    }

    RealmService realmService = OAuthComponentServiceHolder.getRealmService();
    boolean authStatus;
    try {
      UserStoreManager userStoreManager =
          realmService.getTenantUserRealm(tenantId).getUserStoreManager();
      authStatus =
          userStoreManager.authenticate(
              MultitenantUtils.getTenantAwareUsername(username),
              oAuth2AccessTokenReqDTO.getResourceOwnerPassword());

      if (log.isDebugEnabled()) {
        log.debug(
            "Token request with Password Grant Type received. "
                + "Username : "******"Scope : "
                + OAuth2Util.buildScopeString(oAuth2AccessTokenReqDTO.getScope())
                + ", Authentication State : "
                + authStatus);
      }

    } catch (UserStoreException e) {
      throw new IdentityOAuth2Exception("Error when authenticating the user credentials.", e);
    }

    tokReqMsgCtx.setAuthorizedUser(oAuth2AccessTokenReqDTO.getResourceOwnerUsername());
    tokReqMsgCtx.setScope(oAuth2AccessTokenReqDTO.getScope());
    return authStatus;
  }
  public String buildIDToken(
      OAuthTokenReqMessageContext request, OAuth2AccessTokenRespDTO tokenRespDTO)
      throws IdentityOAuth2Exception {
    OAuthServerConfiguration config = OAuthServerConfiguration.getInstance();
    String issuer = config.getOpenIDConnectIDTokenIssuerIdentifier();
    int lifetime = Integer.parseInt(config.getOpenIDConnectIDTokenExpiration()) * 1000;
    int curTime = (int) Calendar.getInstance().getTimeInMillis();
    // setting subject
    String subject = request.getAuthorizedUser();
    String claim = config.getOpenIDConnectIDTokenSubjectClaim();
    if (claim != null) {
      String tenantUser = MultitenantUtils.getTenantAwareUsername(request.getAuthorizedUser());
      String domainName = MultitenantUtils.getTenantDomain(request.getAuthorizedUser());
      try {
        subject =
            IdentityTenantUtil.getRealm(domainName, tenantUser)
                .getUserStoreManager()
                .getUserClaimValue(tenantUser, claim, null);
      } catch (Exception e) {
        throw new IdentityOAuth2Exception("Erro while generating the IDToken", e);
      }
    }

    if (DEBUG) {
      log.debug("Using issuer " + issuer);
      log.debug("Subject " + subject);
      log.debug("ID Token expiration seconds" + lifetime);
      log.debug("Current time " + curTime);
    }

    try {
      IDTokenBuilder builder =
          new IDTokenBuilder()
              .setIssuer(issuer)
              .setSubject(subject)
              .setAudience(request.getOauth2AccessTokenReqDTO().getClientId())
              .setAuthorizedParty(request.getOauth2AccessTokenReqDTO().getClientId())
              .setExpiration(curTime + lifetime)
              .setIssuedAt(curTime);
      // setting up custom claims
      CustomClaimsCallbackHandler claimsCallBackHandler =
          OAuthServerConfiguration.getInstance().getOpenIDConnectCustomClaimsCallbackHandler();
      claimsCallBackHandler.handleCustomClaims(builder, request);
      return builder.buildIDToken();
    } catch (IDTokenException e) {
      throw new IdentityOAuth2Exception("Erro while generating the IDToken", e);
    }
  }