Examples of org.jboss.resteasy.skeleton.key.idm.model.data.Realm

• org.jboss.resteasy.skeleton.key.idm.model.data.Realm
  @author Bill Burke @version $Revision: 1 $

      String clientId = formData.getFirst("client_id");
      String scopeParam = formData.getFirst("scope");
      String state = formData.getFirst("state");
      String redirect = formData.getFirst("redirect_uri");

      Realm realm = identityManager.getRealm(realmName);
      if (realm == null)
      {
         logger.debug("realm not found");
         throw new NotFoundException();
      }
      if (!realm.isEnabled())
      {
         return Response.ok("Realm not enabled").type("text/html").build();
      }
      User client = identityManager.getUser(realm, clientId);
      if (client == null)
      {
         logger.debug("client not found");
         throw new ForbiddenException();
      }
      if (!client.isEnabled())
      {
         return Response.ok("Requester not enabled").type("text/html").build();
      }


      String username = formData.getFirst("username");
      User user = identityManager.getUser(realm, username);
      if (user == null)
      {
         logger.debug("user not found");
         return loginForm("Not valid user", redirect, clientId, scopeParam, state, realm, client);
      }
      if (!user.isEnabled())
      {
         return Response.ok("Your account is not enabled").type("text/html").build();

      }
      boolean authenticated = authenticate(realm, user, formData);
      if (!authenticated) return loginForm("Unable to authenticate, try again", redirect, clientId, scopeParam, state, realm, client);

      SkeletonKeyToken token = createToken(scopeParam, realm, client, user);
      AccessCode code = new AccessCode();
      code.setExpiration((System.currentTimeMillis() / 1000) + realm.getAccessCodeLifespan());
      code.setToken(token);
      code.setClient(client);
      synchronized (accessCodeMap)
      {
         accessCodeMap.put(code.getId(), code);
      }
      String accessCode = null;
      try
      {
         accessCode = new JWSBuilder().content(code.getId().getBytes("UTF-8")).rsa256(realm.getPrivateKey());
      }
      catch (UnsupportedEncodingException e)
      {
         throw new RuntimeException(e);
      }

   @POST
   @Produces("application/json")
   public Response accessRequest(@PathParam("realm") String realmId,
                                 MultivaluedMap<String, String> formData)
   {
      Realm realm = identityManager.getRealm(realmId);
      if (realm == null) throw new NotFoundException();

      String code = formData.getFirst("code");
      if (code == null)
      {
         logger.debug("code not specified");
         Map<String, String> error = new HashMap<String, String>();
         error.put("error", "invalid_request");
         error.put("error_description", "code not specified");
         return Response.status(Response.Status.BAD_REQUEST).entity(error).type("application/json").build();

      }
      String client_id = formData.getFirst("client_id");
      if (client_id == null)
      {
         logger.debug("client_id not specified");
         Map<String, String> error = new HashMap<String, String>();
         error.put("error", "invalid_request");
         error.put("error_description", "client_id not specified");
         return Response.status(Response.Status.BAD_REQUEST).entity(error).type("application/json").build();
      }
      User client = identityManager.getUser(realm, client_id);
      if (client == null)
      {
         logger.debug("Could not find user");
         Map<String, String> error = new HashMap<String, String>();
         error.put("error", "invalid_client");
         error.put("error_description", "Could not find user");
         return Response.status(Response.Status.BAD_REQUEST).entity(error).type("application/json").build();
      }

      if (!client.isEnabled())
      {
         logger.debug("user is not enabled");
         Map<String, String> error = new HashMap<String, String>();
         error.put("error", "invalid_client");
         error.put("error_description", "User is not enabled");
         return Response.status(Response.Status.BAD_REQUEST).entity(error).type("application/json").build();
      }

      boolean authenticated = authenticate(realm, client, formData);
      if (!authenticated)
      {
         Map<String, String> error = new HashMap<String, String>();
         error.put("error", "unauthorized_client");
         return Response.status(Response.Status.BAD_REQUEST).entity(error).type("application/json").build();
      }



      JWSInput input = new JWSInput(code, providers);
      boolean verifiedCode = false;
      try
      {
         verifiedCode = RSAProvider.verify(input, realm.getPublicKey());
      }
      catch (Exception ignored)
      {
         logger.debug("Failed to verify signature", ignored);
      }
      if (!verifiedCode)
      {
         Map<String, String> res = new HashMap<String, String>();
         res.put("error", "invalid_grant");
         res.put("error_description", "Unable to verify code signature");
         return Response.status(Response.Status.BAD_REQUEST).type(MediaType.APPLICATION_JSON_TYPE).entity(res).build();
      }
      String key = input.readContent(String.class);
      AccessCode accessCode = null;
      synchronized (accessCodeMap)
      {
         accessCode = accessCodeMap.remove(key);
      }
      if (accessCode == null)
      {
         Map<String, String> res = new HashMap<String, String>();
         res.put("error", "invalid_grant");
         res.put("error_description", "Code not found");
         return Response.status(Response.Status.BAD_REQUEST).type(MediaType.APPLICATION_JSON_TYPE).entity(res).build();
      }
      if (accessCode.isExpired())
      {
         Map<String, String> res = new HashMap<String, String>();
         res.put("error", "invalid_grant");
         res.put("error_description", "Code is expired");
         return Response.status(Response.Status.BAD_REQUEST).type(MediaType.APPLICATION_JSON_TYPE).entity(res).build();
      }
      if (!accessCode.getToken().isActive())
      {
         Map<String, String> res = new HashMap<String, String>();
         res.put("error", "invalid_grant");
         res.put("error_description", "Token expired");
         return Response.status(Response.Status.BAD_REQUEST).type(MediaType.APPLICATION_JSON_TYPE).entity(res).build();
      }
      if (!client.getId().equals(accessCode.getClient().getId()))
      {
         Map<String, String> res = new HashMap<String, String>();
         res.put("error", "invalid_grant");
         res.put("error_description", "Auth error");
         return Response.status(Response.Status.BAD_REQUEST).type(MediaType.APPLICATION_JSON_TYPE).entity(res).build();
      }
      AccessTokenResponse res = accessTokenResponse(realm.getPrivateKey(), accessCode.getToken());
      return Response.ok(res).build();

   }

                                     @QueryParam("redirect_uri") String redirect,
                                     @QueryParam("client_id") String clientId,
                                     @QueryParam("scope") String scopeParam,
                                     @QueryParam("state") String state)
   {
      Realm realm = identityManager.getRealm(realmName);
      if (realm == null) throw new NotFoundException();
      User client = identityManager.getUser(realm, clientId);
      if (client == null)
         return Response.ok("<h1>Security Alert</h1><p>Unknown client trying to get access to your account.</p>").type("text/html").build();

   @Consumes(MediaType.APPLICATION_FORM_URLENCODED)
   @Produces("application/json")
   public Response accessTokenGrant(@PathParam("realm") String realmId,
                                    MultivaluedMap<String, String> formParams)
   {
      Realm realm = identityManager.getRealm(realmId);
      if (realm == null) throw new NotFoundException();
      if (!realm.isEnabled())
      {
         logger.debug("realm is not enabled");
         throw new NotFoundException();
      }

      User user = identityManager.getUser(realm, formParams.getFirst("client_id"));
      if (user == null)
      {
         logger.debug("Could not find user");
         Map<String, String> error = new HashMap<String, String>();
         error.put("error", "invalid_client");
         error.put("error_description", "Could not find user");
         return Response.status(Response.Status.BAD_REQUEST).entity(error).type("application/json").build();
     }

      if (!user.isEnabled())
      {
         logger.debug("user is not enabled");
         Map<String, String> error = new HashMap<String, String>();
         error.put("error", "invalid_client");
         error.put("error_description", "User is not enabled");
         return Response.status(Response.Status.BAD_REQUEST).entity(error).type("application/json").build();
      }

      boolean authenticated = authenticate(realm, user, formParams);
      if (!authenticated)
      {
         Map<String, String> error = new HashMap<String, String>();
         error.put("error", "unauthorized_client");
         return Response.status(Response.Status.BAD_REQUEST).entity(error).type("application/json").build();
      }
      SkeletonKeyToken token = createAccessToken(user, realm);
      if (token == null)
      {
         Map<String, String> error = new HashMap<String, String>();
         error.put("error", "unauthorized_client");
         return Response.status(Response.Status.BAD_REQUEST).entity(error).type("application/json").build();

      }
      return Response.ok(accessTokenResponse(realm.getPrivateKey(), token), MediaType.APPLICATION_JSON_TYPE).build();
   }

      Set<String> realms = (Set<String>)cache.get("/realms/names/" + name);
      List<Realm> list = new ArrayList<Realm>();
      if (realms == null) return list;
      for (String id : realms)
      {
         Realm realm = getRealm(id);
         if (realm != null) list.add(realm);
      }
      return list;
   }

   @GET
   @Path("realms/{realm}")
   @Produces("application/json")
   public PublishedRealmRepresentation getRealm(@PathParam("realm") String id)
   {
      Realm realm = identityManager.getRealm(id);
      if (realm == null)
      {
         logger.debug("realm not found");
         throw new NotFoundException();
      }

   @GET
   @Path("realms/{realm}.html")
   @Produces("text/html")
   public String getRealmHtml(@PathParam("realm") String id)
   {
      Realm realm = identityManager.getRealm(id);
      if (realm == null)
      {
         logger.debug("realm not found");
         throw new NotFoundException();
      }

   @POST
   @Consumes("application/json")
   public Response importDomain(RealmRepresentation rep)
   {
      Realm realm = createRealm(rep);
      UriBuilder builder = uriInfo.getRequestUriBuilder().path(realm.getId());
      return Response.created(builder.build())
                     .entity(RealmResource.realmRep(realm, uriInfo))
                     .type(MediaType.APPLICATION_JSON_TYPE).build();
   }

   protected Realm createRealm(RealmRepresentation rep)
   {
      verifyRealmRepresentation(rep);

      Realm realm = new Realm();
      KeyPair keyPair = null;
      try
      {
         keyPair = KeyPairGenerator.getInstance("RSA").generateKeyPair();
      }
      catch (NoSuchAlgorithmException e)
      {
         throw new RuntimeException(e);
      }
      realm.setPrivateKey(keyPair.getPrivate());
      realm.setPublicKey(keyPair.getPublic());
      realm.setName(rep.getRealm());
      realm.setEnabled(rep.isEnabled());
      realm.setTokenLifespan(rep.getTokenLifespan());
      realm.setAccessCodeLifespan(rep.getAccessCodeLifespan());
      realm.setSslNotRequired(rep.isSslNotRequired());
      realm = identityManager.create(realm);
      Map<String, User> userMap = new HashMap<String, User>();

      Role adminRole = identityManager.create(realm, "admin");