Java Code Examples for org.wso2.carbon.identity.oauth2.util.OAuth2Util#checkUserNameAssertionEnabled()
The following examples show how to use
org.wso2.carbon.identity.oauth2.util.OAuth2Util#checkUserNameAssertionEnabled() .
You can vote up the ones you like or vote down the ones you don't like,
and go to the original project or source file by following the links above each example. You may check out the related API usage on the sidebar.
Example 1
Source File: From carbon-identity with Apache License 2.0 | 5 votes |
/** * This method is to revoke specific tokens * * @param tokens tokens that needs to be revoked * @throws IdentityOAuth2Exception if failed to revoke the access token */ public void revokeTokens(String[] tokens) throws IdentityOAuth2Exception { if (OAuth2Util.checkAccessTokenPartitioningEnabled() && OAuth2Util.checkUserNameAssertionEnabled()) { revokeTokensIndividual(tokens); } else { revokeTokensBatch(tokens); } }
Example 2
Source File: From carbon-identity with Apache License 2.0 | 5 votes |
public void revokeTokensIndividual(String[] tokens) throws IdentityOAuth2Exception { String accessTokenStoreTable = OAuthConstants.ACCESS_TOKEN_STORE_TABLE; Connection connection = IdentityDatabaseUtil.getDBConnection(); PreparedStatement ps = null; try { for (String token: tokens){ if (OAuth2Util.checkAccessTokenPartitioningEnabled() && OAuth2Util.checkUserNameAssertionEnabled()) { accessTokenStoreTable = OAuth2Util.getAccessTokenStoreTableFromAccessToken(token); } String sqlQuery = SQLQueries.REVOKE_ACCESS_TOKEN.replace( IDN_OAUTH2_ACCESS_TOKEN, accessTokenStoreTable); ps = connection.prepareStatement(sqlQuery); ps.setString(1, OAuthConstants.TokenStates.TOKEN_STATE_REVOKED); ps.setString(2, UUID.randomUUID().toString()); ps.setString(3, persistenceProcessor.getProcessedAccessTokenIdentifier(token)); int count = ps.executeUpdate(); if (log.isDebugEnabled()) { log.debug("Number of rows being updated : " + count); } } connection.commit(); } catch (SQLException e) { IdentityDatabaseUtil.rollBack(connection); throw new IdentityOAuth2Exception("Error occurred while revoking Access Token : " + tokens.toString(), e); } finally { IdentityDatabaseUtil.closeAllConnections(connection, null, ps); } }
Example 3
Source File: From carbon-identity with Apache License 2.0 | 5 votes |
/** * Ths method is to revoke specific tokens * * @param tokenId token that needs to be revoked * @throws IdentityOAuth2Exception if failed to revoke the access token */ public void revokeToken(String tokenId, String userId) throws IdentityOAuth2Exception { String accessTokenStoreTable = OAuthConstants.ACCESS_TOKEN_STORE_TABLE; Connection connection = IdentityDatabaseUtil.getDBConnection(); PreparedStatement ps = null; try { if (OAuth2Util.checkAccessTokenPartitioningEnabled() && OAuth2Util.checkUserNameAssertionEnabled()) { accessTokenStoreTable = OAuth2Util.getAccessTokenStoreTableFromUserId(userId); } String sqlQuery = SQLQueries.REVOKE_ACCESS_TOKEN_BY_TOKEN_ID.replace( IDN_OAUTH2_ACCESS_TOKEN, accessTokenStoreTable); ps = connection.prepareStatement(sqlQuery); ps.setString(1, OAuthConstants.TokenStates.TOKEN_STATE_REVOKED); ps.setString(2, UUID.randomUUID().toString()); ps.setString(3, tokenId); int count = ps.executeUpdate(); if (log.isDebugEnabled()) { log.debug("Number of rows being updated : " + count); } connection.commit(); } catch (SQLException e) { IdentityDatabaseUtil.rollBack(connection); throw new IdentityOAuth2Exception("Error occurred while revoking Access Token with ID : " + tokenId, e); } finally { IdentityDatabaseUtil.closeAllConnections(connection, null, ps); } }
Example 4
Source File: From carbon-identity with Apache License 2.0 | 4 votes |
/** * @param authenticatedUser * @return * @throws IdentityOAuth2Exception */ public Set<String> getAccessTokensForUser(AuthenticatedUser authenticatedUser) throws IdentityOAuth2Exception { String accessTokenStoreTable = OAuthConstants.ACCESS_TOKEN_STORE_TABLE; Connection connection = IdentityDatabaseUtil.getDBConnection(); PreparedStatement ps = null; ResultSet rs = null; Set<String> accessTokens = new HashSet<>(); boolean isUsernameCaseSensitive = IdentityUtil.isUserStoreInUsernameCaseSensitive(authenticatedUser.toString()); try { if (OAuth2Util.checkAccessTokenPartitioningEnabled() && OAuth2Util.checkUserNameAssertionEnabled()) { accessTokenStoreTable = OAuth2Util.getAccessTokenStoreTableFromUserId(authenticatedUser.toString()); } String sqlQuery = SQLQueries.GET_ACCESS_TOKEN_BY_AUTHZUSER.replace( IDN_OAUTH2_ACCESS_TOKEN, accessTokenStoreTable); if (!isUsernameCaseSensitive){ sqlQuery = sqlQuery.replace(AUTHZ_USER, LOWER_AUTHZ_USER); } ps = connection.prepareStatement(sqlQuery); if (isUsernameCaseSensitive) { ps.setString(1, authenticatedUser.getUserName()); } else { ps.setString(1, authenticatedUser.getUserName().toLowerCase()); } ps.setString(2, Integer.toString(OAuth2Util.getTenantId(authenticatedUser.getTenantDomain()))); ps.setString(3, OAuthConstants.TokenStates.TOKEN_STATE_ACTIVE); ps.setString(4, authenticatedUser.getUserStoreDomain()); rs = ps.executeQuery(); while ({ accessTokens.add(rs.getString(1)); } connection.commit(); } catch (SQLException e) { IdentityDatabaseUtil.rollBack(connection); throw new IdentityOAuth2Exception("Error occurred while revoking Access Token with user Name : " + authenticatedUser.getUserName() + " tenant ID : " + OAuth2Util.getTenantId(authenticatedUser .getTenantDomain()), e); } finally { IdentityDatabaseUtil.closeAllConnections(connection, null, ps); } return accessTokens; }
Example 5
Source File: From carbon-identity with Apache License 2.0 | 4 votes |
/** * This method is to list the application authorized by OAuth resource owners * * @param authzUser username of the resource owner * @return set of distinct client IDs authorized by user until now * @throws IdentityOAuth2Exception if failed to update the access token */ public Set<String> getAllTimeAuthorizedClientIds(AuthenticatedUser authzUser) throws IdentityOAuth2Exception { String accessTokenStoreTable = OAuthConstants.ACCESS_TOKEN_STORE_TABLE; PreparedStatement ps = null; Connection connection = IdentityDatabaseUtil.getDBConnection();; ResultSet rs = null; Set<String> distinctConsumerKeys = new HashSet<>(); boolean isUsernameCaseSensitive = IdentityUtil.isUserStoreInUsernameCaseSensitive(authzUser.toString()); String tenantDomain = authzUser.getTenantDomain(); String tenantAwareUsernameWithNoUserDomain = authzUser.getUserName(); String userDomain = authzUser.getUserStoreDomain(); if ((userDomain != null)){ userDomain.toUpperCase(); } try { int tenantId = OAuth2Util.getTenantId(tenantDomain); if (OAuth2Util.checkAccessTokenPartitioningEnabled() && OAuth2Util.checkUserNameAssertionEnabled()) { accessTokenStoreTable = OAuth2Util.getAccessTokenStoreTableFromUserId(authzUser.toString()); } String sqlQuery = SQLQueries.GET_DISTINCT_APPS_AUTHORIZED_BY_USER_ALL_TIME.replace( IDN_OAUTH2_ACCESS_TOKEN, accessTokenStoreTable); if (!isUsernameCaseSensitive) { sqlQuery = sqlQuery.replace(AUTHZ_USER, LOWER_AUTHZ_USER); } ps = connection.prepareStatement(sqlQuery); if (isUsernameCaseSensitive) { ps.setString(1, tenantAwareUsernameWithNoUserDomain); } else { ps.setString(1, tenantAwareUsernameWithNoUserDomain.toLowerCase()); } ps.setInt(2, tenantId); ps.setString(3, userDomain); rs = ps.executeQuery(); while ( { String consumerKey = persistenceProcessor.getPreprocessedClientId(rs.getString(1)); distinctConsumerKeys.add(consumerKey); } } catch (SQLException e) { throw new IdentityOAuth2Exception( "Error occurred while retrieving all distinct Client IDs authorized by " + "User ID : " + authzUser + " until now", e); } finally { IdentityDatabaseUtil.closeAllConnections(connection, rs, ps); } return distinctConsumerKeys; }
Example 6
Source File: From carbon-identity with Apache License 2.0 | 4 votes |
@Override public boolean validateGrant(OAuthTokenReqMessageContext tokReqMsgCtx) throws IdentityOAuth2Exception { if(!super.validateGrant(tokReqMsgCtx)){ return false; } OAuth2AccessTokenReqDTO tokenReqDTO = tokReqMsgCtx.getOauth2AccessTokenReqDTO(); String refreshToken = tokenReqDTO.getRefreshToken(); RefreshTokenValidationDataDO validationDataDO = tokenMgtDAO.validateRefreshToken( tokenReqDTO.getClientId(), refreshToken); if (validationDataDO.getAccessToken() == null) { log.debug("Invalid Refresh Token provided for Client with " + "Client Id : " + tokenReqDTO.getClientId()); return false; } if (validationDataDO.getRefreshTokenState() != null && !OAuthConstants.TokenStates.TOKEN_STATE_ACTIVE.equals( validationDataDO.getRefreshTokenState()) && !OAuthConstants.TokenStates.TOKEN_STATE_EXPIRED.equals( validationDataDO.getRefreshTokenState())) { if(log.isDebugEnabled()) { log.debug("Access Token is not in 'ACTIVE' or 'EXPIRED' state for Client with " + "Client Id : " + tokenReqDTO.getClientId()); } return false; } String userStoreDomain = null; if (OAuth2Util.checkAccessTokenPartitioningEnabled() && OAuth2Util.checkUserNameAssertionEnabled()) { try { userStoreDomain = OAuth2Util.getUserStoreDomainFromUserId(validationDataDO.getAuthorizedUser().toString()); } catch (IdentityOAuth2Exception e) { String errorMsg = "Error occurred while getting user store domain for User ID : " + validationDataDO.getAuthorizedUser(); log.error(errorMsg, e); throw new IdentityOAuth2Exception(errorMsg, e); } } AccessTokenDO accessTokenDO = tokenMgtDAO.retrieveLatestAccessToken(tokenReqDTO.getClientId(), validationDataDO.getAuthorizedUser(), userStoreDomain, OAuth2Util.buildScopeString(validationDataDO.getScope()), true); if (accessTokenDO == null){ if(log.isDebugEnabled()){ log.debug("Error while retrieving the latest refresh token"); } return false; }else if(!refreshToken.equals(accessTokenDO.getRefreshToken())){ if(log.isDebugEnabled()){ log.debug("Refresh token is not the latest."); } return false; } if (log.isDebugEnabled()) { log.debug("Refresh token validation successful for " + "Client id : " + tokenReqDTO.getClientId() + ", Authorized User : " + validationDataDO.getAuthorizedUser() + ", Token Scope : " + OAuth2Util.buildScopeString(validationDataDO.getScope())); } tokReqMsgCtx.setAuthorizedUser(validationDataDO.getAuthorizedUser()); tokReqMsgCtx.setScope(validationDataDO.getScope()); // Store the old access token as a OAuthTokenReqMessageContext property, this is already // a preprocessed token. tokReqMsgCtx.addProperty(PREV_ACCESS_TOKEN, validationDataDO); return true; }