Search in sources :

Example 6 with ApiOperation

use of com.wordnik.swagger.annotations.ApiOperation in project oxAuth by GluuFederation.

the class ResourceSetRegistrationWS method getResourceSet.

@GET
@Path("{rsid}")
@Produces({ UmaConstants.JSON_MEDIA_TYPE })
@ApiOperation(value = "Reads a previously registered resource set description using the GET method.", notes = "Reads a previously registered resource set description using the GET method. If the request is successful, the authorization server MUST respond with a status message that includes a body containing the referenced resource set description, along with an \"_id\" property.", response = ResourceSet.class)
@ApiResponses(value = { @ApiResponse(code = 401, message = "Unauthorized") })
public Response getResourceSet(@HeaderParam("Authorization") String authorization, @PathParam("rsid") @ApiParam(value = "Resource set description object ID", required = true) String rsid) {
    try {
        umaValidationService.assertHasProtectionScope(authorization);
        log.debug("Getting resource set description: '{}'", rsid);
        final org.xdi.oxauth.model.uma.persistence.ResourceSet ldapResourceSet = resourceSetService.getResourceSetById(rsid);
        final ResourceSetWithId response = new ResourceSetWithId();
        response.setId(ldapResourceSet.getId());
        response.setName(ldapResourceSet.getName());
        response.setUri(ldapResourceSet.getUrl());
        response.setIconUri(ldapResourceSet.getIconUri());
        response.setScopes(umaScopeService.getScopeUrlsByDns(ldapResourceSet.getScopes()));
        final ResponseBuilder builder = Response.ok();
        // convert manually to avoid possible conflicts between resteasy providers, e.g. jettison, jackson
        builder.entity(ServerUtil.asJson(response));
        return builder.build();
    } catch (Exception ex) {
        log.error("Exception happened", ex);
        if (ex instanceof WebApplicationException) {
            throw (WebApplicationException) ex;
        }
        errorResponseFactory.throwUmaInternalErrorException();
        // redundant but required statement by java
        return null;
    }
}
Also used : ResourceSetWithId(org.xdi.oxauth.model.uma.ResourceSetWithId) WebApplicationException(javax.ws.rs.WebApplicationException) ResponseBuilder(javax.ws.rs.core.Response.ResponseBuilder) IOException(java.io.IOException) InvocationTargetException(java.lang.reflect.InvocationTargetException) WebApplicationException(javax.ws.rs.WebApplicationException) Path(javax.ws.rs.Path) Produces(javax.ws.rs.Produces) GET(javax.ws.rs.GET) ApiOperation(com.wordnik.swagger.annotations.ApiOperation) ApiResponses(com.wordnik.swagger.annotations.ApiResponses)

Example 7 with ApiOperation

use of com.wordnik.swagger.annotations.ApiOperation in project oxAuth by GluuFederation.

the class RptStatusWS method requestRptStatus.

@POST
@Produces({ UmaConstants.JSON_MEDIA_TYPE })
@ApiOperation(value = "The resource server MUST determine a received RPT's status, including both whether it is active and, if so, its associated authorization data, before giving or refusing access to the client. An RPT is associated with a set of authorization data that governs whether the client is authorized for access. The token's nature and format are dictated by its profile; the profile might allow it to be self-contained, such that the resource server is able to determine its status locally, or might require or allow the resource server to make a run-time introspection request of the authorization server that issued the token.", produces = UmaConstants.JSON_MEDIA_TYPE, notes = "The endpoint MAY allow other parameters to provide further context to\n" + "   the query.  For instance, an authorization service may need to know\n" + "   the IP address of the client accessing the protected resource in\n" + "   order to determine the appropriateness of the token being presented.\n" + "\n" + "   To prevent unauthorized token scanning attacks, the endpoint MUST\n" + "   also require some form of authorization to access this endpoint, such\n" + "   as client authentication as described in OAuth 2.0 [RFC6749] or a\n" + "   separate OAuth 2.0 access token such as the bearer token described in\n" + "   OAuth 2.0 Bearer Token Usage [RFC6750].  The methods of managing and\n" + "   validating these authentication credentials are out of scope of this\n" + "   specification.\n")
@ApiResponses(value = { @ApiResponse(code = 401, message = "Unauthorized") })
public Response requestRptStatus(@HeaderParam("Authorization") String authorization, @FormParam("token") @ApiParam(value = "The string value of the token.  For access tokens,\n" + "      this is the \"access_token\" value returned from the token endpoint\n" + "      defined in OAuth 2.0 [RFC6749] section 5.1.  For refresh tokens,\n" + "      this is the \"refresh_token\" value returned from the token endpoint\n" + "      as defined in OAuth 2.0 [RFC6749] section 5.1.  Other token types\n" + "      are outside the scope of this specification.", required = true) String rptAsString, @FormParam("token_type_hint") @ApiParam(value = "A hint about the type of the token\n" + "      submitted for introspection.  The protected resource re MAY pass\n" + "      this parameter in order to help the authorization server to\n" + "      optimize the token lookup.  If the server is unable to locate the\n" + "      token using the given hint, it MUST extend its search across all\n" + "      of its supported token types.  An authorization server MAY ignore\n" + "      this parameter, particularly if it is able to detect the token\n" + "      type automatically.  Values for this field are defined in OAuth\n" + "      Token Revocation [RFC7009].", required = false) String tokenTypeHint) {
    try {
        umaValidationService.assertHasProtectionScope(authorization);
        final UmaRPT rpt = rptManager.getRPTByCode(rptAsString);
        if (rpt != null && AbstractRPTManager.isGat(rpt.getCode())) {
            return gatResponse(rpt);
        }
        if (!isValid(rpt)) {
            return Response.status(Response.Status.OK).entity(new RptIntrospectionResponse(false)).cacheControl(ServerUtil.cacheControl(true)).build();
        }
        final List<UmaPermission> permissions = buildStatusResponsePermissions(rpt);
        // active status
        final RptIntrospectionResponse statusResponse = new RptIntrospectionResponse();
        statusResponse.setActive(true);
        statusResponse.setExpiresAt(rpt.getExpirationDate());
        statusResponse.setIssuedAt(rpt.getCreationDate());
        statusResponse.setPermissions(permissions);
        // convert manually to avoid possible conflict between resteasy providers, e.g. jettison, jackson
        final String entity = ServerUtil.asJson(statusResponse);
        return Response.status(Response.Status.OK).entity(entity).cacheControl(ServerUtil.cacheControl(true)).build();
    } catch (Exception ex) {
        log.error("Exception happened", ex);
        if (ex instanceof WebApplicationException) {
            throw (WebApplicationException) ex;
        }
        throw new WebApplicationException(Response.status(Response.Status.INTERNAL_SERVER_ERROR).entity(errorResponseFactory.getUmaJsonErrorResponse(UmaErrorResponseType.SERVER_ERROR)).build());
    }
}
Also used : RptIntrospectionResponse(org.xdi.oxauth.model.uma.RptIntrospectionResponse) UmaRPT(org.xdi.oxauth.model.common.uma.UmaRPT) WebApplicationException(javax.ws.rs.WebApplicationException) UmaPermission(org.xdi.oxauth.model.uma.UmaPermission) IOException(java.io.IOException) WebApplicationException(javax.ws.rs.WebApplicationException) POST(javax.ws.rs.POST) Produces(javax.ws.rs.Produces) ApiOperation(com.wordnik.swagger.annotations.ApiOperation) ApiResponses(com.wordnik.swagger.annotations.ApiResponses)

Example 8 with ApiOperation

use of com.wordnik.swagger.annotations.ApiOperation in project oxAuth by GluuFederation.

the class CheckSessionStatusRestWebServiceImpl method requestCheckSessionStatus.

@GET
@Path("/session_status")
@Produces({ MediaType.APPLICATION_JSON })
@ApiOperation(value = "Determine cussrent sesion status.", notes = "Determine cussrent sesion status.", response = Response.class, responseContainer = "JSON")
@ApiResponses(value = { @ApiResponse(code = 400, message = "invalid_request\n" + "The request is missing a required parameter, includes an unsupported parameter or parameter value, repeats the same parameter, uses more than one method for including an access token, or is otherwise malformed.  The resource server SHOULD respond with the HTTP 400 (Bad Request) status code.") })
public Response requestCheckSessionStatus(@Context HttpServletRequest httpRequest, @Context HttpServletResponse httpResponse, @Context SecurityContext securityContext) throws IOException {
    String sessionStateCookie = sessionStateService.getSessionStateFromCookie(httpRequest);
    log.debug("Found session '{}' cookie: '{}'", SessionStateService.SESSION_STATE_COOKIE_NAME, sessionStateCookie);
    CheckSessionResponse response = new CheckSessionResponse("unknown", "");
    SessionState sessionState = sessionStateService.getSessionState(sessionStateCookie);
    if (sessionState != null) {
        response.setState(sessionState.getState().getValue());
        response.setAuthTime(sessionState.getAuthenticationTime());
        String sessionCustomState = sessionState.getSessionAttributes().get(SessionStateService.SESSION_CUSTOM_STATE);
        if (StringHelper.isNotEmpty(sessionCustomState)) {
            response.setCustomState(sessionCustomState);
        }
    }
    String responseJson = ServerUtil.asJson(response);
    log.debug("Check session status response: '{}'", responseJson);
    return Response.ok().type(MediaType.APPLICATION_JSON).entity(responseJson).build();
}
Also used : SessionState(org.xdi.oxauth.model.common.SessionState) Path(javax.ws.rs.Path) Produces(javax.ws.rs.Produces) GET(javax.ws.rs.GET) ApiOperation(com.wordnik.swagger.annotations.ApiOperation) ApiResponses(com.wordnik.swagger.annotations.ApiResponses)

Example 9 with ApiOperation

use of com.wordnik.swagger.annotations.ApiOperation in project oxTrust by GluuFederation.

the class GroupWebService method searchGroupsPost.

@Path("/.search")
@POST
@Produces({ Constants.MEDIA_TYPE_SCIM_JSON, MediaType.APPLICATION_JSON })
@HeaderParam("Accept")
@DefaultValue(Constants.MEDIA_TYPE_SCIM_JSON)
@ApiOperation(value = "Search group POST /.search", notes = "Returns a list of groups (https://tools.ietf.org/html/rfc7644#section-3.4.3)", response = ListResponse.class)
public Response searchGroupsPost(@HeaderParam("Authorization") String authorization, @QueryParam(OxTrustConstants.QUERY_PARAMETER_TEST_MODE_OAUTH2_TOKEN) final String token, @ApiParam(value = "SearchRequest", required = true) SearchRequest searchRequest) throws Exception {
    try {
        log.info("IN GroupWebService.searchGroupsPost()...");
        // Authorization check is done in searchGroups()
        Response response = searchGroups(authorization, token, searchRequest.getFilter(), searchRequest.getStartIndex(), searchRequest.getCount(), searchRequest.getSortBy(), searchRequest.getSortOrder(), searchRequest.getAttributesArray());
        URI location = new URI(appConfiguration.getBaseEndpoint() + "/scim/v2/Groups/.search");
        log.info("LEAVING GroupWebService.searchGroupsPost()...");
        return Response.fromResponse(response).location(location).build();
    } catch (EntryPersistenceException ex) {
        log.error("Error in searchGroupsPost", ex);
        ex.printStackTrace();
        return getErrorResponse(Response.Status.NOT_FOUND, ErrorScimType.INVALID_VALUE, "Resource not found");
    } catch (Exception ex) {
        log.error("Error in searchGroupsPost", ex);
        ex.printStackTrace();
        return getErrorResponse(Response.Status.BAD_REQUEST, ErrorScimType.INVALID_FILTER, INTERNAL_SERVER_ERROR_MESSAGE);
    }
}
Also used : VirtualListViewResponse(org.xdi.ldap.model.VirtualListViewResponse) ListResponse(org.gluu.oxtrust.model.scim2.ListResponse) Response(javax.ws.rs.core.Response) EntryPersistenceException(org.gluu.site.ldap.persistence.exception.EntryPersistenceException) URI(java.net.URI) EntryPersistenceException(org.gluu.site.ldap.persistence.exception.EntryPersistenceException) DuplicateEntryException(org.gluu.site.ldap.exception.DuplicateEntryException) Path(javax.ws.rs.Path) DefaultValue(javax.ws.rs.DefaultValue) HeaderParam(javax.ws.rs.HeaderParam) POST(javax.ws.rs.POST) Produces(javax.ws.rs.Produces) ApiOperation(com.wordnik.swagger.annotations.ApiOperation)

Example 10 with ApiOperation

use of com.wordnik.swagger.annotations.ApiOperation in project oxTrust by GluuFederation.

the class UserWebService method deleteUser.

@Path("{id}")
@DELETE
@Produces({ Constants.MEDIA_TYPE_SCIM_JSON + "; charset=utf-8", MediaType.APPLICATION_JSON + "; charset=utf-8" })
@HeaderParam("Accept")
@DefaultValue(Constants.MEDIA_TYPE_SCIM_JSON)
@ApiOperation(value = "Delete User", notes = "Delete User (https://tools.ietf.org/html/rfc7644#section-3.6)")
public Response deleteUser(@HeaderParam("Authorization") String authorization, @QueryParam(OxTrustConstants.QUERY_PARAMETER_TEST_MODE_OAUTH2_TOKEN) final String token, @PathParam("id") String id) throws Exception {
    Response authorizationResponse;
    if (jsonConfigurationService.getOxTrustappConfiguration().isScimTestMode()) {
        log.info(" ##### SCIM Test Mode is ACTIVE");
        authorizationResponse = processTestModeAuthorization(token);
    } else {
        authorizationResponse = processAuthorization(authorization);
    }
    if (authorizationResponse != null) {
        return authorizationResponse;
    }
    try {
        scim2UserService.deleteUser(id);
        return Response.noContent().build();
    } catch (EntryPersistenceException ex) {
        log.error("Failed to delete user", ex);
        ex.printStackTrace();
        return getErrorResponse(Response.Status.NOT_FOUND, "Resource " + id + " not found");
    } catch (Exception ex) {
        log.error("Failed to delete user", ex);
        ex.printStackTrace();
        return getErrorResponse(Response.Status.INTERNAL_SERVER_ERROR, INTERNAL_SERVER_ERROR_MESSAGE);
    }
}
Also used : ListResponse(org.gluu.oxtrust.model.scim2.ListResponse) Response(javax.ws.rs.core.Response) VirtualListViewResponse(org.xdi.ldap.model.VirtualListViewResponse) EntryPersistenceException(org.gluu.site.ldap.persistence.exception.EntryPersistenceException) PersonRequiredFieldsException(org.gluu.oxtrust.exception.PersonRequiredFieldsException) EntryPersistenceException(org.gluu.site.ldap.persistence.exception.EntryPersistenceException) DuplicateEntryException(org.gluu.site.ldap.exception.DuplicateEntryException) Path(javax.ws.rs.Path) DefaultValue(javax.ws.rs.DefaultValue) DELETE(javax.ws.rs.DELETE) HeaderParam(javax.ws.rs.HeaderParam) Produces(javax.ws.rs.Produces) ApiOperation(com.wordnik.swagger.annotations.ApiOperation)

Aggregations

ApiOperation (com.wordnik.swagger.annotations.ApiOperation)41 Produces (javax.ws.rs.Produces)30 DefaultValue (javax.ws.rs.DefaultValue)19 HeaderParam (javax.ws.rs.HeaderParam)19 Response (javax.ws.rs.core.Response)19 DuplicateEntryException (org.gluu.site.ldap.exception.DuplicateEntryException)19 EntryPersistenceException (org.gluu.site.ldap.persistence.exception.EntryPersistenceException)19 ListResponse (org.gluu.oxtrust.model.scim2.ListResponse)18 VirtualListViewResponse (org.xdi.ldap.model.VirtualListViewResponse)18 Path (javax.ws.rs.Path)17 URI (java.net.URI)16 GET (javax.ws.rs.GET)13 ApiResponses (com.wordnik.swagger.annotations.ApiResponses)11 RequestMapping (org.springframework.web.bind.annotation.RequestMapping)11 POST (javax.ws.rs.POST)10 WebApplicationException (javax.ws.rs.WebApplicationException)10 ResponseBody (org.springframework.web.bind.annotation.ResponseBody)9 ResponseStatus (org.springframework.web.bind.annotation.ResponseStatus)9 Consumes (javax.ws.rs.Consumes)8 PersonRequiredFieldsException (org.gluu.oxtrust.exception.PersonRequiredFieldsException)8