use of com.wordnik.swagger.annotations.ApiResponses in project oxAuth by GluuFederation.
the class ResourceSetRegistrationWS method getResourceSet.
@GET
@Path("{rsid}")
@Produces({ UmaConstants.JSON_MEDIA_TYPE })
@ApiOperation(value = "Reads a previously registered resource set description using the GET method.", notes = "Reads a previously registered resource set description using the GET method. If the request is successful, the authorization server MUST respond with a status message that includes a body containing the referenced resource set description, along with an \"_id\" property.", response = ResourceSet.class)
@ApiResponses(value = { @ApiResponse(code = 401, message = "Unauthorized") })
public Response getResourceSet(@HeaderParam("Authorization") String authorization, @PathParam("rsid") @ApiParam(value = "Resource set description object ID", required = true) String rsid) {
try {
umaValidationService.assertHasProtectionScope(authorization);
log.debug("Getting resource set description: '{}'", rsid);
final org.xdi.oxauth.model.uma.persistence.ResourceSet ldapResourceSet = resourceSetService.getResourceSetById(rsid);
final ResourceSetWithId response = new ResourceSetWithId();
response.setId(ldapResourceSet.getId());
response.setName(ldapResourceSet.getName());
response.setUri(ldapResourceSet.getUrl());
response.setIconUri(ldapResourceSet.getIconUri());
response.setScopes(umaScopeService.getScopeUrlsByDns(ldapResourceSet.getScopes()));
final ResponseBuilder builder = Response.ok();
// convert manually to avoid possible conflicts between resteasy providers, e.g. jettison, jackson
builder.entity(ServerUtil.asJson(response));
return builder.build();
} catch (Exception ex) {
log.error("Exception happened", ex);
if (ex instanceof WebApplicationException) {
throw (WebApplicationException) ex;
}
errorResponseFactory.throwUmaInternalErrorException();
// redundant but required statement by java
return null;
}
}
use of com.wordnik.swagger.annotations.ApiResponses in project oxAuth by GluuFederation.
the class RptStatusWS method requestRptStatus.
@POST
@Produces({ UmaConstants.JSON_MEDIA_TYPE })
@ApiOperation(value = "The resource server MUST determine a received RPT's status, including both whether it is active and, if so, its associated authorization data, before giving or refusing access to the client. An RPT is associated with a set of authorization data that governs whether the client is authorized for access. The token's nature and format are dictated by its profile; the profile might allow it to be self-contained, such that the resource server is able to determine its status locally, or might require or allow the resource server to make a run-time introspection request of the authorization server that issued the token.", produces = UmaConstants.JSON_MEDIA_TYPE, notes = "The endpoint MAY allow other parameters to provide further context to\n" + " the query. For instance, an authorization service may need to know\n" + " the IP address of the client accessing the protected resource in\n" + " order to determine the appropriateness of the token being presented.\n" + "\n" + " To prevent unauthorized token scanning attacks, the endpoint MUST\n" + " also require some form of authorization to access this endpoint, such\n" + " as client authentication as described in OAuth 2.0 [RFC6749] or a\n" + " separate OAuth 2.0 access token such as the bearer token described in\n" + " OAuth 2.0 Bearer Token Usage [RFC6750]. The methods of managing and\n" + " validating these authentication credentials are out of scope of this\n" + " specification.\n")
@ApiResponses(value = { @ApiResponse(code = 401, message = "Unauthorized") })
public Response requestRptStatus(@HeaderParam("Authorization") String authorization, @FormParam("token") @ApiParam(value = "The string value of the token. For access tokens,\n" + " this is the \"access_token\" value returned from the token endpoint\n" + " defined in OAuth 2.0 [RFC6749] section 5.1. For refresh tokens,\n" + " this is the \"refresh_token\" value returned from the token endpoint\n" + " as defined in OAuth 2.0 [RFC6749] section 5.1. Other token types\n" + " are outside the scope of this specification.", required = true) String rptAsString, @FormParam("token_type_hint") @ApiParam(value = "A hint about the type of the token\n" + " submitted for introspection. The protected resource re MAY pass\n" + " this parameter in order to help the authorization server to\n" + " optimize the token lookup. If the server is unable to locate the\n" + " token using the given hint, it MUST extend its search across all\n" + " of its supported token types. An authorization server MAY ignore\n" + " this parameter, particularly if it is able to detect the token\n" + " type automatically. Values for this field are defined in OAuth\n" + " Token Revocation [RFC7009].", required = false) String tokenTypeHint) {
try {
umaValidationService.assertHasProtectionScope(authorization);
final UmaRPT rpt = rptManager.getRPTByCode(rptAsString);
if (rpt != null && AbstractRPTManager.isGat(rpt.getCode())) {
return gatResponse(rpt);
}
if (!isValid(rpt)) {
return Response.status(Response.Status.OK).entity(new RptIntrospectionResponse(false)).cacheControl(ServerUtil.cacheControl(true)).build();
}
final List<UmaPermission> permissions = buildStatusResponsePermissions(rpt);
// active status
final RptIntrospectionResponse statusResponse = new RptIntrospectionResponse();
statusResponse.setActive(true);
statusResponse.setExpiresAt(rpt.getExpirationDate());
statusResponse.setIssuedAt(rpt.getCreationDate());
statusResponse.setPermissions(permissions);
// convert manually to avoid possible conflict between resteasy providers, e.g. jettison, jackson
final String entity = ServerUtil.asJson(statusResponse);
return Response.status(Response.Status.OK).entity(entity).cacheControl(ServerUtil.cacheControl(true)).build();
} catch (Exception ex) {
log.error("Exception happened", ex);
if (ex instanceof WebApplicationException) {
throw (WebApplicationException) ex;
}
throw new WebApplicationException(Response.status(Response.Status.INTERNAL_SERVER_ERROR).entity(errorResponseFactory.getUmaJsonErrorResponse(UmaErrorResponseType.SERVER_ERROR)).build());
}
}
use of com.wordnik.swagger.annotations.ApiResponses in project oxAuth by GluuFederation.
the class CheckSessionStatusRestWebServiceImpl method requestCheckSessionStatus.
@GET
@Path("/session_status")
@Produces({ MediaType.APPLICATION_JSON })
@ApiOperation(value = "Determine cussrent sesion status.", notes = "Determine cussrent sesion status.", response = Response.class, responseContainer = "JSON")
@ApiResponses(value = { @ApiResponse(code = 400, message = "invalid_request\n" + "The request is missing a required parameter, includes an unsupported parameter or parameter value, repeats the same parameter, uses more than one method for including an access token, or is otherwise malformed. The resource server SHOULD respond with the HTTP 400 (Bad Request) status code.") })
public Response requestCheckSessionStatus(@Context HttpServletRequest httpRequest, @Context HttpServletResponse httpResponse, @Context SecurityContext securityContext) throws IOException {
String sessionStateCookie = sessionStateService.getSessionStateFromCookie(httpRequest);
log.debug("Found session '{}' cookie: '{}'", SessionStateService.SESSION_STATE_COOKIE_NAME, sessionStateCookie);
CheckSessionResponse response = new CheckSessionResponse("unknown", "");
SessionState sessionState = sessionStateService.getSessionState(sessionStateCookie);
if (sessionState != null) {
response.setState(sessionState.getState().getValue());
response.setAuthTime(sessionState.getAuthenticationTime());
String sessionCustomState = sessionState.getSessionAttributes().get(SessionStateService.SESSION_CUSTOM_STATE);
if (StringHelper.isNotEmpty(sessionCustomState)) {
response.setCustomState(sessionCustomState);
}
}
String responseJson = ServerUtil.asJson(response);
log.debug("Check session status response: '{}'", responseJson);
return Response.ok().type(MediaType.APPLICATION_JSON).entity(responseJson).build();
}
use of com.wordnik.swagger.annotations.ApiResponses in project oxTrust by GluuFederation.
the class TrustRelationshipWebService method setContacts.
@POST
@Path("/set_contacts/{inum}")
@Consumes({ MediaType.APPLICATION_JSON })
@Produces(MediaType.TEXT_PLAIN)
@ApiOperation(value = "set contacts for TrustRelationship", notes = "Find TrustRelationship by inum and set contacts. Contacts parameter is List<TrustContact>")
@ApiResponses(value = { @ApiResponse(code = 200, message = "OK"), @ApiResponse(code = 500, message = "Server error") })
public void setContacts(@PathParam("inum") String trustRelationshipInum, String contacts, @Context HttpServletResponse response) {
try {
GluuSAMLTrustRelationship trustRelationship = trustService.getRelationshipByInum(trustRelationshipInum);
List<TrustContact> contactsList = objectMapper.readValue(contacts, new TypeReference<List<TrustContact>>() {
});
trustService.saveContacts(trustRelationship, contactsList);
} catch (Exception e) {
logger.error("setContacts() Exception", e);
try {
response.sendError(HttpServletResponse.SC_INTERNAL_SERVER_ERROR, "INTERNAL SERVER ERROR");
} catch (Exception ex) {
}
}
}
use of com.wordnik.swagger.annotations.ApiResponses in project oxTrust by GluuFederation.
the class TrustRelationshipWebService method listDeconstructedTrustRelationships.
@GET
@Path("/list_deconstructed_trust_relationships/{inum}")
@Produces(MediaType.APPLICATION_JSON)
@ApiResponses(value = { @ApiResponse(code = 200, message = "OK", response = SAMLTrustRelationshipShort.class), @ApiResponse(code = 500, message = "Server error") })
public String listDeconstructedTrustRelationships(@PathParam("inum") String inum, @Context HttpServletResponse response) {
try {
GluuSAMLTrustRelationship trustRelationship = trustService.getRelationshipByInum(inum);
List<SAMLTrustRelationshipShort> trustRelationships = convertTRtoTRShort(trustService.getDeconstructedTrustRelationships(trustRelationship));
// convert to JSON
return objectMapper.writeValueAsString(trustRelationships);
} catch (Exception e) {
logger.error("listAllActiveTrustRelationships() Exception", e);
try {
response.sendError(HttpServletResponse.SC_INTERNAL_SERVER_ERROR, "INTERNAL SERVER ERROR");
} catch (Exception ex) {
}
return OxTrustConstants.RESULT_FAILURE;
}
}
Aggregations