Examples with Scope com.auth0.json.mgmt.Scope used on opensource projects

Search in sources :

Example 1 with Scope

use of com.auth0.json.mgmt.Scope in project sda-dropwizard-commons by SDA-SE.

the class OpaAuthFilter method filter.

@Override
public void filter(ContainerRequestContext requestContext) {
    Span span = tracer.buildSpan("authorizeUsingOpa").withTag("opa.allow", false).withTag(COMPONENT, "OpaAuthFilter").start();
    try (Scope ignored = tracer.scopeManager().activate(span)) {
        // collect input parameters for Opa request
        UriInfo uriInfo = requestContext.getUriInfo();
        String method = requestContext.getMethod();
        String trace = requestContext.getHeaderString(RequestTracing.TOKEN_HEADER);
        String jwt = null;
        // if security context already exist and if it is a jwt security context,
        // we include the jwt in the request
        SecurityContext securityContext = requestContext.getSecurityContext();
        Map<String, Claim> claims = null;
        if (null != securityContext) {
            JwtPrincipal jwtPrincipal = getJwtPrincipal(requestContext.getSecurityContext());
            if (jwtPrincipal != null) {
                // JWT principal found, this means that JWT has been validated by
                // auth bundle
                // and can be used within this bundle
                jwt = jwtPrincipal.getJwt();
                claims = jwtPrincipal.getClaims();
            }
        }
        JsonNode constraints = null;
        if (!isDisabled && !isExcluded(uriInfo)) {
            // process the actual request to the open policy agent server
            String[] path = uriInfo.getPathSegments().stream().map(PathSegment::getPath).toArray(String[]::new);
            OpaInput opaInput = new OpaInput(jwt, path, method, trace);
            ObjectNode objectNode = om.convertValue(opaInput, ObjectNode.class);
            // append the input extensions to the input object
            inputExtensions.forEach((namespace, extension) -> objectNode.set(namespace, om.valueToTree(extension.createAdditionalInputContent(requestContext))));
            OpaRequest request = OpaRequest.request(objectNode);
            constraints = authorizeWithOpa(request, span);
        }
        OpaJwtPrincipal principal = OpaJwtPrincipal.create(jwt, claims, constraints, om);
        replaceSecurityContext(requestContext, securityContext, principal);
    } finally {
        span.finish();
    }
}
Also used : OpaJwtPrincipal(org.sdase.commons.server.opa.OpaJwtPrincipal) ObjectNode(com.fasterxml.jackson.databind.node.ObjectNode) JwtPrincipal(org.sdase.commons.server.auth.JwtPrincipal) OpaJwtPrincipal(org.sdase.commons.server.opa.OpaJwtPrincipal) JsonNode(com.fasterxml.jackson.databind.JsonNode) Span(io.opentracing.Span) Scope(io.opentracing.Scope) SecurityContext(javax.ws.rs.core.SecurityContext) OpaRequest(org.sdase.commons.server.opa.filter.model.OpaRequest) UriInfo(javax.ws.rs.core.UriInfo) Claim(com.auth0.jwt.interfaces.Claim) OpaInput(org.sdase.commons.server.opa.filter.model.OpaInput)

Example 2 with Scope

use of com.auth0.json.mgmt.Scope in project chemvantage by chuckwight.

the class Token method doGet.

// This servlet is the OpenID Connection starting point for platforms to reach ChemVantage
// The servlet identifies the deployment corresponding to the request, and returns a Java Web Token
// containing information needed for the subsequent launch request or other service request.
protected void doGet(HttpServletRequest request, HttpServletResponse response) throws ServletException, IOException {
    StringBuffer debug = new StringBuffer("Issuing auth token:<br>");
    try {
        // store parameters required by third-party initiated login procedure:
        // this should be the platform_id URL (aud)
        String platform_id = request.getParameter("iss");
        debug.append("iss: " + platform_id + "<br>");
        String login_hint = request.getParameter("login_hint");
        debug.append("login_hint: " + login_hint + "<br>");
        String target_link_uri = request.getParameter("target_link_uri");
        debug.append("target_link_uri: " + target_link_uri + "<br>");
        debug.append("parameters: " + request.getParameterMap().keySet().toString() + "<br>");
        if (platform_id == null)
            throw new Exception("Missing required iss parameter.");
        if (login_hint == null)
            throw new Exception("Missing required login_hint parameter.");
        if (target_link_uri == null)
            throw new Exception("Missing required target_link_uri parameter.");
        String deployment_id = request.getParameter("lti_deployment_id");
        debug.append("deployment_id: " + deployment_id + "<br>");
        String client_id = request.getParameter("client_id");
        debug.append("client_id: " + client_id + "<br>");
        Deployment d = getDeployment(platform_id, deployment_id, client_id);
        if (d == null)
            throw new Exception("ChemVantage was unable to identify the deployment from your LMS. " + "Please check the registration to ensure the correct deployment_id and client_id. If your " + "platform registered multiple deployments with ChemVantage, it must provide the client_id " + "and/or deployment_id to uniquely identify one of them with each auth token request.<br/>" + "Contact admin@chemvantage.org for assistance.");
        String redirect_uri = target_link_uri;
        Date now = new Date();
        // 5 minutes from now
        Date exp = new Date(now.getTime() + 300000L);
        String nonce = Nonce.generateNonce();
        Algorithm algorithm = Algorithm.HMAC256(Subject.getHMAC256Secret());
        debug.append("JWT algorithm loaded OK.<br>");
        String iss = "https://" + request.getServerName();
        String token = JWT.create().withIssuer(iss).withSubject(login_hint).withAudience(platform_id).withExpiresAt(exp).withIssuedAt(now).withClaim("nonce", nonce).withClaim("deployment_id", d.getDeploymentId()).withClaim("client_id", d.client_id).withClaim("redirect_uri", redirect_uri).sign(algorithm);
        debug.append("JWT constructed and signed OK<br>");
        String lti_message_hint = request.getParameter("lti_message_hint");
        String oidc_auth_url = d.oidc_auth_url + "?response_type=id_token" + "&response_mode=form_post" + "&scope=openid" + "&prompt=none" + "&login_hint=" + login_hint + "&redirect_uri=" + redirect_uri + (lti_message_hint == null ? "" : "&lti_message_hint=" + lti_message_hint) + "&client_id=" + d.client_id + "&state=" + token + "&nonce=" + nonce;
        debug.append("Sending token: " + oidc_auth_url + "<p>");
        response.sendRedirect(oidc_auth_url);
    // d.claims = oidc_auth_url;
    // ofy().save().entity(d);
    } catch (Exception e) {
        response.getWriter().println("<h3>Failed Auth Token</h3>" + e.toString() + " " + e.getMessage() + "<br>" + debug.toString());
    }
}
Also used : Algorithm(com.auth0.jwt.algorithms.Algorithm) ServletException(javax.servlet.ServletException) IOException(java.io.IOException) Date(java.util.Date)

Example 3 with Scope

use of com.auth0.json.mgmt.Scope in project auth0-java by auth0.

the class OrganizationsEntity method deleteInvitation.

/**
 * Delete an invitation. A token with {@code delete:organization_invitations`} scope is required.
 *
 * @param orgId the ID of the organization
 * @param invitationId the ID of the invitation to delete
 * @return a Request to execute
 *
 * @see <a href="https://auth0.com/docs/api/management/v2#!/Organizations/delete_invitations_by_invitation_id">https://auth0.com/docs/api/management/v2#!/Organizations/delete_invitations_by_invitation_id</a>
 */
public Request<Void> deleteInvitation(String orgId, String invitationId) {
    Asserts.assertNotNull(orgId, "organization ID");
    Asserts.assertNotNull(invitationId, "invitation ID");
    String url = baseUrl.newBuilder().addPathSegments(ORGS_PATH).addPathSegment(orgId).addPathSegment("invitations").addPathSegment(invitationId).build().toString();
    VoidRequest request = new VoidRequest(client, url, "DELETE");
    request.addHeader(AUTHORIZATION_HEADER, "Bearer " + apiToken);
    return request;
}
Also used : VoidRequest(com.auth0.net.VoidRequest)

Example 4 with Scope

use of com.auth0.json.mgmt.Scope in project auth0-java by auth0.

the class OrganizationsEntity method addMembers.

/**
 * Add members to an organization. A token with {@code create:organization_members} scope is required.
 *
 * @param orgId the ID of the organization
 * @param members The members to add
 * @return a Request to execute
 *
 * @see <a href="https://auth0.com/docs/api/management/v2#!/Organizations/post_members">https://auth0.com/docs/api/management/v2#!/Organizations/post_members</a>
 */
public Request<Void> addMembers(String orgId, Members members) {
    Asserts.assertNotNull(orgId, "organization ID");
    Asserts.assertNotNull(members, "members");
    String url = baseUrl.newBuilder().addPathSegments(ORGS_PATH).addPathSegment(orgId).addPathSegment("members").build().toString();
    VoidRequest request = new VoidRequest(client, url, "POST");
    request.addHeader(AUTHORIZATION_HEADER, "Bearer " + apiToken);
    request.setBody(members);
    return request;
}
Also used : VoidRequest(com.auth0.net.VoidRequest)

Example 5 with Scope

use of com.auth0.json.mgmt.Scope in project auth0-java by auth0.

the class OrganizationsEntity method deleteConnection.

/**
 * Delete a connection from an organization. A token with {@code delete:organization_connections} scope is required.
 *
 * @param orgId the ID of the organization
 * @param connectionId the ID of the connection to delete
 * @return a Request to execute
 *
 * @see <a href="https://auth0.com/docs/api/management/v2#!/Organizations/delete_enabled_connections_by_connectionId">https://auth0.com/docs/api/management/v2#!/Organizations/delete_enabled_connections_by_connectionId</a>
 */
public Request<Void> deleteConnection(String orgId, String connectionId) {
    Asserts.assertNotNull(orgId, "organization ID");
    Asserts.assertNotNull(connectionId, "connection ID");
    String url = baseUrl.newBuilder().addPathSegments(ORGS_PATH).addPathSegment(orgId).addPathSegment("enabled_connections").addPathSegment(connectionId).build().toString();
    VoidRequest voidRequest = new VoidRequest(client, url, "DELETE");
    voidRequest.addHeader(AUTHORIZATION_HEADER, "Bearer " + apiToken);
    return voidRequest;
}
Also used : VoidRequest(com.auth0.net.VoidRequest)

Aggregations

VoidRequest (com.auth0.net.VoidRequest)24 Test (org.junit.Test)4 AuthAPI (com.auth0.client.auth.AuthAPI)3 Date (java.util.Date)3 HttpServletRequest (javax.servlet.http.HttpServletRequest)3 RecordedRequest (okhttp3.mockwebserver.RecordedRequest)3 Test (org.junit.jupiter.api.Test)3 MockHttpServletRequest (org.springframework.mock.web.MockHttpServletRequest)3 ClientGrant (com.auth0.json.mgmt.ClientGrant)2 JWT (com.auth0.jwt.JWT)2 JWTCreator (com.auth0.jwt.JWTCreator)2 Algorithm (com.auth0.jwt.algorithms.Algorithm)2 Arrays (java.util.Arrays)2 List (java.util.List)2 Collectors (java.util.stream.Collectors)2 JSONObject (org.json.simple.JSONObject)2 ResourceServer (com.auth0.json.mgmt.ResourceServer)1 Scope (com.auth0.json.mgmt.Scope)1 JwkProvider (com.auth0.jwk.JwkProvider)1 JwkProviderBuilder (com.auth0.jwk.JwkProviderBuilder)1
About Me
UseOf

Java Tutorials :

Simple Java RabbitMQ Example with Spring
Simple Springboot JPA Eclipeslink Example
Simple SpringBoot JPA Hibernate Example
Jackson JSON @JsonIgnore and @JsonIgnoreProperties Examples
Java Infinite recursion (StackOverflowError) Jackson solutions
Simple Java Jackson Serialize Objects to JSON and convert them back To Object
ElasticSearch 5 - Upload files using Java API in binary field Example
Java JAXB marshall unmarshall Examples from String and Stream
Java 8 forEach List and Map examples
ElasticSearch 5 Java API SearchRequestBuilder examples
Java ElasticSearch 5 examples with node index and mapping - running local
Convert String to int or Integer Java 8
Java 9 in action - JShell - Ubuntu
Java - removing invalid characters from a file name
Hello world!? or Hello Tutorial