/** * To check whether user claims in token is loggable. * * @return true if the user claims in token is loggable, otherwise false. */ private static boolean isUserClaimsInTokenLoggable() { return IdentityUtil.isTokenLoggable(IdentityConstants.IdentityTokens.USER_CLAIMS); }
/** * Test request for PDP * * @param xacmlRequest XACML request as String * @return response as String */ public String test(String xacmlRequest) { if (log.isDebugEnabled() && IdentityUtil.isTokenLoggable(IdentityConstants.IdentityTokens.XACML_REQUEST)) { log.debug("XACML Request : " + xacmlRequest); } String xacmlResponse = pdpTest.evaluate(xacmlRequest); if (log.isDebugEnabled() && IdentityUtil.isTokenLoggable(IdentityConstants.IdentityTokens.XACML_RESPONSE)) { log.debug("XACML Response : " + xacmlResponse); } return xacmlResponse; }
/** * Test request for PDP * * @param xacmlRequest XACML request as String * @return response as String */ public String test(String xacmlRequest) { if (log.isDebugEnabled() && IdentityUtil.isTokenLoggable(IdentityConstants.IdentityTokens.XACML_REQUEST)) { log.debug("XACML Request : " + xacmlRequest); } String xacmlResponse = pdpTest.evaluate(xacmlRequest); if (log.isDebugEnabled() && IdentityUtil.isTokenLoggable(IdentityConstants.IdentityTokens.XACML_RESPONSE)) { log.debug("XACML Response : " + xacmlResponse); } return xacmlResponse; }
/** * Test request for PDP * * @param xacmlRequest XACML request as String * @return response as String */ public String test(String xacmlRequest) { if (log.isDebugEnabled() && IdentityUtil.isTokenLoggable(IdentityConstants.IdentityTokens.XACML_REQUEST)) { log.debug("XACML Request : " + xacmlRequest); } String xacmlResponse = pdpTest.evaluate(xacmlRequest); if (log.isDebugEnabled() && IdentityUtil.isTokenLoggable(IdentityConstants.IdentityTokens.XACML_RESPONSE)) { log.debug("XACML Response : " + xacmlResponse); } return xacmlResponse; }
private Map<String, Object> getUserInfoJson(String fbAuthUserInfoUrl, String userInfoFields, String token) throws ApplicationAuthenticatorException { String userInfoString = getUserInfoString(fbAuthUserInfoUrl, userInfoFields, token); if (log.isDebugEnabled() && IdentityUtil.isTokenLoggable(IdentityConstants.IdentityTokens.USER_ID_TOKEN)) { log.debug("UserInfoString : " + userInfoString); } Map<String, Object> jsonObject = JSONUtils.parseJSON(userInfoString); return jsonObject; }
protected Map<String, Object> getUserInfoJson(String fbAuthUserInfoUrl, String userInfoFields, String token) throws ApplicationAuthenticatorException { String userInfoString = getUserInfoString(fbAuthUserInfoUrl, userInfoFields, token); if (log.isDebugEnabled() && IdentityUtil.isTokenLoggable(IdentityConstants.IdentityTokens.USER_ID_TOKEN)) { log.debug("UserInfoString : " + userInfoString); } Map<String, Object> jsonObject = JSONUtils.parseJSON(userInfoString); return jsonObject; }
private Map<String, Object> getUserInfoJson(String fbAuthUserInfoUrl, String userInfoFields, String token) throws ApplicationAuthenticatorException { String userInfoString = getUserInfoString(fbAuthUserInfoUrl, userInfoFields, token); if (log.isDebugEnabled() && IdentityUtil.isTokenLoggable(IdentityConstants.IdentityTokens.USER_ID_TOKEN)) { log.debug("UserInfoString : " + userInfoString); } Map<String, Object> jsonObject = JSONUtils.parseJSON(userInfoString); return jsonObject; }
private void removeFromCache(OAuthCacheKey cacheKey, String consumerKey, AccessTokenDO existingAccessTokenDO) { oauthCache.clearCacheEntry(cacheKey); if (log.isDebugEnabled()) { if (IdentityUtil.isTokenLoggable(IdentityConstants.IdentityTokens.ACCESS_TOKEN)) { log.debug("Access token(hashed) " + DigestUtils.sha256Hex(existingAccessTokenDO .getAccessToken()) + " is expired. Therefore cleared it from cache and marked" + " it as expired in database"); } else { log.debug("Existing access token for client: " + consumerKey + " is expired. " + "Therefore cleared it from cache and marked it as expired in database"); } } }
@Override public String getAccessTokenHash(String accessToken) throws OAuthSystemException { try { JWT parse = JWTParser.parse(accessToken); return parse.getJWTClaimsSet().getJWTID(); } catch (ParseException e) { if (log.isDebugEnabled() && IdentityUtil.isTokenLoggable(IdentityConstants.IdentityTokens.ACCESS_TOKEN)) { log.debug("Error while getting JWTID from token: " + accessToken); } throw new OAuthSystemException("Error while getting access token hash", e); } }
@Override public String getAccessTokenHash(String accessToken) throws OAuthSystemException { if (StringUtils.isNotEmpty(accessToken) && accessToken.contains(APIConstants.DOT)) { try { JWT parse = JWTParser.parse(accessToken); return parse.getJWTClaimsSet().getJWTID(); } catch (ParseException e) { if (log.isDebugEnabled() && IdentityUtil.isTokenLoggable(IdentityConstants.IdentityTokens.ACCESS_TOKEN)) { log.debug("Error while getting JWTID from token: " + accessToken); } throw new OAuthSystemException("Error while getting access token hash", e); } } else { return accessToken; } }
/** * Get user attributes cached against the authorization code * * @param authorizationCode Authorization Code * @return User attributes cached against the authorization code */ private Map<ClaimMapping, String> getUserAttributesFromCacheUsingCode(String authorizationCode) { if (log.isDebugEnabled()) { if (IdentityUtil.isTokenLoggable(IdentityConstants.IdentityTokens.AUTHORIZATION_CODE)) { log.debug("Retrieving user attributes cached against authorization code: " + authorizationCode); } else { log.debug("Retrieving user attributes cached against authorization code."); } } AuthorizationGrantCacheKey cacheKey = new AuthorizationGrantCacheKey(authorizationCode); AuthorizationGrantCacheEntry cacheEntry = AuthorizationGrantCache.getInstance().getValueFromCacheByCode(cacheKey); return cacheEntry == null ? new HashMap<>() : cacheEntry.getUserAttributes(); }
private boolean isExistingTokenValid(AccessTokenDO existingTokenBean, long expireTime) { if(TOKEN_STATE_ACTIVE.equals(existingTokenBean.getTokenState()) && expireTime != 0) { return true; } else { if (log.isDebugEnabled()) { if (IdentityUtil.isTokenLoggable(IdentityConstants.IdentityTokens.ACCESS_TOKEN)) { log.debug("Access token(hashed) " + DigestUtils.sha256Hex(existingTokenBean .getAccessToken()) + " is not valid anymore"); } else { log.debug("Latest access token in the database for client: " + existingTokenBean.getConsumerKey() + " is not valid anymore"); } } } return false; }
/** * Get user attribute cached against the access token * * @param accessToken Access token * @return User attributes cached against the access token */ private Map<ClaimMapping, String> getUserAttributesFromCacheUsingToken(String accessToken) { if (log.isDebugEnabled()) { if (IdentityUtil.isTokenLoggable(IdentityConstants.IdentityTokens.ACCESS_TOKEN)) { log.debug("Retrieving user attributes cached against access token: " + accessToken); } else { log.debug("Retrieving user attributes cached against access token."); } } AuthorizationGrantCacheKey cacheKey = new AuthorizationGrantCacheKey(accessToken); AuthorizationGrantCacheEntry cacheEntry = AuthorizationGrantCache.getInstance() .getValueFromCacheByToken(cacheKey); return cacheEntry == null ? new HashMap<>() : cacheEntry.getUserAttributes(); }
private static void removeTokenFromCache(OAuthCacheKey cacheKey, AccessTokenDO tokenBean) { OAuthCache.getInstance().clearCacheEntry(cacheKey); if (log.isDebugEnabled()) { if (IdentityUtil.isTokenLoggable(IdentityConstants.IdentityTokens.ACCESS_TOKEN)) { log.debug("Access token(hashed): " + DigestUtils.sha256Hex(tokenBean.getAccessToken()) + " is expired" + ". Therefore cleared it from cache."); } else { log.debug("Existing access token for client: " + tokenBean.getConsumerKey() + " is expired. " + "Therefore cleared it from cache."); } } }
private static boolean isAccessTokenValid(AccessTokenDO tokenBean) throws IdentityOAuth2Exception { if (tokenBean != null) { long expireTime = getAccessTokenExpiryTimeMillis(tokenBean); if (TOKEN_STATE_ACTIVE.equals(tokenBean.getTokenState()) && expireTime != 0) { return true; } else { if (log.isDebugEnabled()) { if (IdentityUtil.isTokenLoggable(IdentityConstants.IdentityTokens.ACCESS_TOKEN)) { log.debug("Access token(hashed): " + DigestUtils.sha256Hex(tokenBean.getAccessToken()) + " is" + " not valid anymore"); } else { log.debug("Latest access token in the database for client: " + tokenBean.getConsumerKey() + "" + " is not valid anymore"); } } } } return false; }
private void addTokenToCache(OAuthCacheKey cacheKey, AccessTokenDO existingAccessTokenDO) { if (isHashDisabled && cacheEnabled) { oauthCache.addToCache(cacheKey, existingAccessTokenDO); // Adding AccessTokenDO to improve validation performance OAuthCacheKey accessTokenCacheKey = new OAuthCacheKey(existingAccessTokenDO.getAccessToken()); oauthCache.addToCache(accessTokenCacheKey, existingAccessTokenDO); if (log.isDebugEnabled()) { log.debug("Access Token info was added to the cache for the cache key : " + cacheKey.getCacheKeyString()); if (IdentityUtil.isTokenLoggable(IdentityConstants.IdentityTokens.ACCESS_TOKEN)) { log.debug("Access token was added to OAuthCache for cache key : " + accessTokenCacheKey .getCacheKeyString()); } } } }
private static void addTokenToCache(OAuthCacheKey cacheKey, AccessTokenDO tokenBean) { OAuthCache.getInstance().addToCache(cacheKey, tokenBean); // Adding AccessTokenDO to improve validation performance OAuthCacheKey accessTokenCacheKey = new OAuthCacheKey(tokenBean.getAccessToken()); OAuthCache.getInstance().addToCache(accessTokenCacheKey, tokenBean); if (log.isDebugEnabled()) { log.debug("Access token info was added to the cache for cache key : " + cacheKey.getCacheKeyString()); if (IdentityUtil.isTokenLoggable(IdentityConstants.IdentityTokens.ACCESS_TOKEN)) { log.debug("Access token was added to OAuthCache for cache key : " + accessTokenCacheKey .getCacheKeyString()); } } }
private void revokeExistingAccessTokens(String tokenId, AuthzCodeDO authzCodeDO) throws IdentityOAuth2Exception { OAuthTokenPersistenceFactory.getInstance().getAccessTokenDAO().revokeAccessToken(tokenId, authzCodeDO .getAuthorizedUser().toString()); if (log.isDebugEnabled()) { if (IdentityUtil.isTokenLoggable(IdentityConstants.IdentityTokens.AUTHORIZATION_CODE)) { log.debug("Validated authorization code(hashed): " + DigestUtils.sha256Hex(authzCodeDO .getAuthorizationCode()) + " for client: " + authzCodeDO.getConsumerKey() + " is not active. " + "So revoking the access tokens issued for the authorization code."); } else { log.debug("Validated authorization code for client: " + authzCodeDO.getConsumerKey() + " is not " + "active. So revoking the access tokens issued for the authorization code."); } } }
private void persistNewToken(OAuthTokenReqMessageContext tokReqMsgCtx, AccessTokenDO accessTokenBean, String clientId) throws IdentityOAuth2Exception { String userStoreDomain = getUserStoreDomain(tokReqMsgCtx.getAuthorizedUser()); RefreshTokenValidationDataDO oldAccessToken = (RefreshTokenValidationDataDO) tokReqMsgCtx.getProperty(PREV_ACCESS_TOKEN); if (log.isDebugEnabled()) { if (IdentityUtil.isTokenLoggable(IdentityConstants.IdentityTokens.ACCESS_TOKEN)) { log.debug("Previous access token (hashed): " + DigestUtils.sha256Hex(oldAccessToken.getAccessToken())); } } // set the previous access token state to "INACTIVE" and store new access token in single db connection OAuthTokenPersistenceFactory.getInstance().getAccessTokenDAO() .invalidateAndCreateNewAccessToken(oldAccessToken.getTokenId(), OAuthConstants.TokenStates.TOKEN_STATE_INACTIVE, clientId, UUID.randomUUID().toString(), accessTokenBean, userStoreDomain); updateCacheIfEnabled(tokReqMsgCtx, accessTokenBean, clientId, oldAccessToken); }
private void updateCacheIfEnabled(AccessTokenDO newTokenBean, String scope) { if (isHashDisabled && cacheEnabled) { OAuthCacheKey cacheKey = getOAuthCacheKey(scope, newTokenBean.getConsumerKey(), newTokenBean.getAuthzUser().toString()); oauthCache.addToCache(cacheKey, newTokenBean); // Adding AccessTokenDO to improve validation performance OAuthCacheKey accessTokenCacheKey = new OAuthCacheKey(newTokenBean.getAccessToken()); oauthCache.addToCache(accessTokenCacheKey, newTokenBean); if (log.isDebugEnabled()) { log.debug("Access token was added to OAuthCache for cache key : " + cacheKey.getCacheKeyString()); if (IdentityUtil.isTokenLoggable(IdentityConstants.IdentityTokens.ACCESS_TOKEN)) { log.debug("Access token was added to OAuthCache for cache key(hashed) : " + DigestUtils.sha256Hex(accessTokenCacheKey.getCacheKeyString())); } } } }