use of io.gravitee.am.common.oauth2.Parameters in project gravitee-access-management by gravitee-io.
the class CibaTokenGranter method parseRequest.
@Override
protected Single<TokenRequest> parseRequest(TokenRequest tokenRequest, Client client) {
MultiValueMap<String, String> parameters = tokenRequest.parameters();
final String authReqId = parameters.getFirst(Parameters.AUTH_REQ_ID);
if (isEmpty(authReqId)) {
return Single.error(new InvalidRequestException("Missing parameter: auth_req_id"));
}
return super.parseRequest(tokenRequest, client).flatMap(tokenRequest1 -> authenticationRequestService.retrieve(domain, authReqId).map(cibaRequest -> {
if (!cibaRequest.getClientId().equals(client.getClientId())) {
logger.warn("client_id '{}' requests token using not owned authentication request '{}'", client.getId(), authReqId);
throw new AuthenticationRequestNotFoundException("Authentication request not found");
}
return cibaRequest;
}).map(cibaRequest -> {
// set resource owner
tokenRequest1.setSubject(cibaRequest.getSubject());
// set original scopes
tokenRequest1.setScopes(cibaRequest.getScopes());
// store only the AuthenticationFlowContext.data attributes in order to simplify EL templating
// and provide an up to date set of data if the enrichAuthFlow Policy ius used multiple time in a step
// {#context.attributes['authFlow']['entry']}
tokenRequest1.getContext().put(AUTH_FLOW_CONTEXT_ATTRIBUTES_KEY, emptyMap());
return tokenRequest1;
}));
}
use of io.gravitee.am.common.oauth2.Parameters in project geotoolkit by Geomatys.
the class SmlXMLBindingTest method ComponentUnmarshallMarshalingTest.
/**
* Test simple Record Marshalling.
*
* @throws java.lang.Exception
*/
@Test
public void ComponentUnmarshallMarshalingTest() throws Exception {
Unmarshaller unmarshaller = SensorMLMarshallerPool.getInstance().acquireUnmarshaller();
InputStream is = SmlXMLBindingTest.class.getResourceAsStream("/org/geotoolkit/sml/component.xml");
Object unmarshalled = unmarshaller.unmarshal(is);
if (unmarshalled instanceof JAXBElement) {
unmarshalled = ((JAXBElement) unmarshalled).getValue();
}
assertTrue(unmarshalled instanceof SensorML);
SensorML result = (SensorML) unmarshalled;
Member member = new Member();
member.setRole("urn:x-ogx:def:sensor:OGC:detector");
ComponentType component = new ComponentType();
List<JAXBElement<String>> kw = new ArrayList<JAXBElement<String>>();
kw.add(sml100Factory.createKeywordsKeywordListKeyword("piezometer"));
kw.add(sml100Factory.createKeywordsKeywordListKeyword("geosciences"));
kw.add(sml100Factory.createKeywordsKeywordListKeyword("point d'eau"));
Keywords keywords = new Keywords(new KeywordList(URI.create("urn:x-brgm:def:gcmd:keywords"), kw));
component.setKeywords(keywords);
Classifier cl1 = new Classifier("intendedApplication", new Term("eaux souterraines", URI.create("urn:x-ogc:def:classifier:OGC:application")));
CodeSpacePropertyType cs = new CodeSpacePropertyType("urn:x-brgm:def:GeoPoint:bss");
Classifier cl2 = new Classifier("sensorType", new Term(cs, "Profondeur", URI.create("urn:sensor:classifier:sensorType")));
List<Classifier> cls = new ArrayList<Classifier>();
cls.add(cl1);
cls.add(cl2);
ClassifierList claList = new ClassifierList(null, cls);
Classification classification = new Classification(claList);
component.setClassification(classification);
List<Identifier> identifiers = new ArrayList<Identifier>();
cs = new CodeSpacePropertyType("urn:x-brgm:def:sensorSystem:hydras");
Identifier id1 = new Identifier("supervisorCode", new Term(cs, "00ARGLELES_2000", URI.create("urn:x-ogc:def:identifier:OGC:modelNumber")));
Identifier id2 = new Identifier("longName", new Term("Madofil II", URI.create("urn:x-ogc:def:identifier:OGC:longname")));
identifiers.add(id1);
identifiers.add(id2);
IdentifierList identifierList = new IdentifierList(null, identifiers);
Identification identification = new Identification(identifierList);
component.setIdentification(identification);
TimePeriodType period = new TimePeriodType(new TimePositionType("2004-06-01"));
ValidTime vTime = new ValidTime(period);
component.setValidTime(vTime);
Capabilities capabilities = new Capabilities();
TimeRange timeRange = new TimeRange(Arrays.asList("1987-04-23", "now"));
DataComponentPropertyType field = new DataComponentPropertyType("periodOfData", "urn:x-brgm:def:property:periodOfData", timeRange);
DataRecordType record = new DataRecordType("urn:x-brgm:def:property:periodOfData", Arrays.asList(field));
JAXBElement<? extends AbstractDataRecordType> jbRecord = swe100Factory.createDataRecord(record);
capabilities.setAbstractDataRecord(jbRecord);
component.setCapabilities(capabilities);
Contact contact = new Contact("urn:x-ogc:def:role:manufacturer", new ResponsibleParty("IRIS"));
component.setContact(contact);
Position position = new Position("conductivitePosition", "piezometer#piezoPosition");
component.setPosition(position);
IoComponentPropertyType io = new IoComponentPropertyType("level", new ObservableProperty("urn:x-ogc:def:phenomenon:OGC:level"));
InputList inputList = new InputList(Arrays.asList(io));
Inputs inputs = new Inputs(inputList);
component.setInputs(inputs);
IoComponentPropertyType io2 = new IoComponentPropertyType("depth", new ObservableProperty("urn:x-ogc:def:phenomenon:OGC:depth"));
OutputList outputList = new OutputList(Arrays.asList(io2));
Outputs outputs = new Outputs(outputList);
component.setOutputs(outputs);
List<DataComponentPropertyType> params = new ArrayList<DataComponentPropertyType>();
UomPropertyType uom = new UomPropertyType(null, "urn:ogc:unit:minuts");
QuantityType quantity1 = new QuantityType("urn:x-ogc:def:property:frequency", uom, 60.0);
DataComponentPropertyType p1 = new DataComponentPropertyType("frequency", "urn:x-ogc:def:property:frequency", quantity1);
params.add(p1);
UomPropertyType uom2 = new UomPropertyType("m", null);
QuantityType quantity2 = new QuantityType("urn:x-ogc:def:property:precision", uom2, 0.05);
DataComponentPropertyType p2 = new DataComponentPropertyType("precision", "urn:x-ogc:def:property:precision", quantity2);
params.add(p2);
QuantityRange quantityRange = new QuantityRange(uom2, Arrays.asList(0.0, 10.0));
DataComponentPropertyType p3 = new DataComponentPropertyType("validity", "urn:x-ogc:def:property:validity", quantityRange);
params.add(p3);
ParameterList paramList = new ParameterList(params);
Parameters parameters = new Parameters(paramList);
component.setParameters(parameters);
component.setPosition(new Position("conductivitePosition", "piezometer#piezoPosition"));
component.setName(new DefaultIdentifier("Capteur Profondeur de ARGELES"));
member.setProcess(sml100Factory.createComponent(component));
SensorML expectedResult = new SensorML("1.0", Arrays.asList(member));
assertEquals(result.getMember().size(), 1);
assertTrue(result.getMember().get(0).getProcess() != null);
assertTrue(result.getMember().get(0).getProcess().getValue() instanceof ComponentType);
ComponentType resultProcess = (ComponentType) result.getMember().get(0).getProcess().getValue();
assertEquals(resultProcess.getCapabilities(), component.getCapabilities());
assertTrue(resultProcess.getContact().size() == 1);
assertEquals(resultProcess.getContact().get(0).getContactList(), component.getContact().get(0).getContactList());
assertEquals(resultProcess.getContact().get(0).getResponsibleParty().getContactInfo(), component.getContact().get(0).getResponsibleParty().getContactInfo());
assertEquals(resultProcess.getContact().get(0).getResponsibleParty().getOrganizationName(), component.getContact().get(0).getResponsibleParty().getOrganizationName());
assertEquals(resultProcess.getContact().get(0).getResponsibleParty(), component.getContact().get(0).getResponsibleParty());
assertEquals(resultProcess.getContact().get(0), component.getContact().get(0));
assertEquals(resultProcess.getContact(), component.getContact());
assertTrue(resultProcess.getClassification().size() == 1);
assertTrue(resultProcess.getClassification().get(0).getClassifierList().getClassifier().size() == 2);
assertEquals(resultProcess.getClassification().get(0).getClassifierList().getClassifier().get(0).getTerm(), component.getClassification().get(0).getClassifierList().getClassifier().get(0).getTerm());
assertEquals(resultProcess.getClassification().get(0).getClassifierList().getClassifier().get(0), component.getClassification().get(0).getClassifierList().getClassifier().get(0));
assertEquals(resultProcess.getClassification().get(0).getClassifierList().getClassifier(), component.getClassification().get(0).getClassifierList().getClassifier());
assertEquals(resultProcess.getClassification().get(0).getClassifierList(), component.getClassification().get(0).getClassifierList());
assertEquals(resultProcess.getClassification().get(0), component.getClassification().get(0));
assertEquals(resultProcess.getClassification(), component.getClassification());
assertEquals(resultProcess.getIdentification(), component.getIdentification());
assertEquals(resultProcess.getValidTime(), component.getValidTime());
assertEquals(resultProcess.getParameters(), component.getParameters());
assertEquals(resultProcess.getInputs().getInputList().getInput(), component.getInputs().getInputList().getInput());
assertEquals(resultProcess.getInputs().getInputList(), component.getInputs().getInputList());
assertEquals(resultProcess.getInputs(), component.getInputs());
assertEquals(resultProcess.getOutputs(), component.getOutputs());
assertEquals(resultProcess.getSMLLocation(), component.getSMLLocation());
assertEquals(resultProcess.getPosition(), component.getPosition());
assertEquals(resultProcess.getSpatialReferenceFrame(), component.getSpatialReferenceFrame());
assertEquals(resultProcess.getDocumentation(), component.getDocumentation());
assertEquals(resultProcess.getCharacteristics(), component.getCharacteristics());
assertEquals(resultProcess.getKeywords(), component.getKeywords());
assertEquals(resultProcess.getParameters(), component.getParameters());
assertEquals(resultProcess.getName(), component.getName());
assertEquals(resultProcess, component);
assertEquals(expectedResult.getMember().get(0), result.getMember().get(0));
assertEquals(expectedResult.getMember(), result.getMember());
assertEquals(expectedResult, result);
SensorMLMarshallerPool.getInstance().recycle(unmarshaller);
}
use of io.gravitee.am.common.oauth2.Parameters in project gravitee-access-management by gravitee-io.
the class UMATokenGranter method executePolicies.
/**
* The resource owner works with the authorization server to configure policy conditions (authorization grant rules), which the authorization server executes in the process of issuing access tokens.
* The authorization process makes use of claims gathered from the requesting party and client in order to satisfy all operative operative policy conditions.
* @param oAuth2Request OAuth 2.0 Token Request
* @param client client
* @param endUser requesting party
* @return
*/
private Single<OAuth2Request> executePolicies(OAuth2Request oAuth2Request, Client client, User endUser) {
List<PermissionRequest> permissionRequests = oAuth2Request.getPermissions();
if (permissionRequests == null || permissionRequests.isEmpty()) {
return Single.just(oAuth2Request);
}
List<String> resourceIds = permissionRequests.stream().map(PermissionRequest::getResourceId).collect(Collectors.toList());
// find access policies for the given resources
return resourceService.findAccessPoliciesByResources(resourceIds).map(accessPolicy -> {
Rule rule = new DefaultRule(accessPolicy);
Optional<PermissionRequest> permission = permissionRequests.stream().filter(permissionRequest -> permissionRequest.getResourceId().equals(accessPolicy.getResource())).findFirst();
if (permission.isPresent()) {
((DefaultRule) rule).setMetadata(Collections.singletonMap("permissionRequest", permission.get()));
}
return rule;
}).toList().flatMap(rules -> {
// no policy registered, continue
if (rules.isEmpty()) {
return Single.just(oAuth2Request);
}
// prepare the execution context
ExecutionContext simpleExecutionContext = new SimpleExecutionContext(oAuth2Request, oAuth2Request.getHttpResponse());
ExecutionContext executionContext = executionContextFactory.create(simpleExecutionContext);
executionContext.setAttribute("client", new ClientProperties(client));
if (endUser != null) {
executionContext.setAttribute("user", new UserProperties(endUser));
}
// execute the policies
return rulesEngine.fire(rules, executionContext).toSingleDefault(oAuth2Request).onErrorResumeNext(ex -> Single.error(new InvalidGrantException("Policy conditions are not met for actual request parameters")));
});
}
use of io.gravitee.am.common.oauth2.Parameters in project gravitee-access-management by gravitee-io.
the class AuthorizationCodeTokenGranter method parseRequest.
@Override
protected Single<TokenRequest> parseRequest(TokenRequest tokenRequest, Client client) {
MultiValueMap<String, String> parameters = tokenRequest.parameters();
String code = parameters.getFirst(Parameters.CODE);
if (code == null || code.isEmpty()) {
return Single.error(new InvalidRequestException("Missing parameter: code"));
}
return super.parseRequest(tokenRequest, client).flatMap(tokenRequest1 -> authorizationCodeService.remove(code, client).flatMap(authorizationCode -> authenticationFlowContextService.removeContext(authorizationCode.getTransactionId(), authorizationCode.getContextVersion()).onErrorResumeNext(error -> (exitOnError) ? Maybe.error(error) : Maybe.just(new AuthenticationFlowContext())).map(ctx -> {
checkRedirectUris(tokenRequest1, authorizationCode);
checkPKCE(tokenRequest1, authorizationCode);
// set resource owner
tokenRequest1.setSubject(authorizationCode.getSubject());
// set original scopes
tokenRequest1.setScopes(authorizationCode.getScopes());
// set authorization code initial request parameters (step1 of authorization code flow)
if (authorizationCode.getRequestParameters() != null) {
authorizationCode.getRequestParameters().forEach((key, value) -> tokenRequest1.parameters().putIfAbsent(key, value));
}
// set decoded authorization code to the current request
Map<String, Object> decodedAuthorizationCode = new HashMap<>();
decodedAuthorizationCode.put("code", authorizationCode.getCode());
decodedAuthorizationCode.put("transactionId", authorizationCode.getTransactionId());
tokenRequest1.setAuthorizationCode(decodedAuthorizationCode);
// store only the AuthenticationFlowContext.data attributes in order to simplify EL templating
// and provide an up to date set of data if the enrichAuthFlow Policy ius used multiple time in a step
// {#context.attributes['authFlow']['entry']}
tokenRequest1.getContext().put(ConstantKeys.AUTH_FLOW_CONTEXT_ATTRIBUTES_KEY, ctx.getData());
return tokenRequest1;
})).toSingle());
}
use of io.gravitee.am.common.oauth2.Parameters in project gravitee-access-management by gravitee-io.
the class AuthorizationRequestFailureHandler method processOAuth2Exception.
private void processOAuth2Exception(AuthorizationRequest authorizationRequest, OAuth2Exception oAuth2Exception, Client client, String defaultErrorURL, RoutingContext context, Handler<AsyncResult<String>> handler) {
final String clientId = authorizationRequest.getClientId();
// no client available or missing redirect_uri, go to default error page
if (clientId == null || client == null || authorizationRequest.getRedirectUri() == null) {
authorizationRequest.setRedirectUri(defaultErrorURL);
}
// user set a wrong redirect_uri, go to default error page
if (oAuth2Exception instanceof RedirectMismatchException) {
authorizationRequest.setRedirectUri(defaultErrorURL);
}
// check if the redirect_uri request parameter is allowed
if (client != null && client.getRedirectUris() != null && authorizationRequest.getRedirectUri() != null && !client.getRedirectUris().contains(authorizationRequest.getRedirectUri())) {
authorizationRequest.setRedirectUri(defaultErrorURL);
}
// return to the default error page to avoid redirect using wrong response mode
if (oAuth2Exception instanceof InvalidRequestObjectException && context.get(ConstantKeys.REQUEST_OBJECT_KEY) == null) {
authorizationRequest.setRedirectUri(defaultErrorURL);
}
// Process error response
try {
// Response Mode is not supplied by the client, process the response as usual
if (client == null || authorizationRequest.getResponseMode() == null || !authorizationRequest.getResponseMode().endsWith("jwt")) {
// redirect user
handler.handle(Future.succeededFuture(buildRedirectUri(oAuth2Exception.getOAuth2ErrorCode(), oAuth2Exception.getMessage(), authorizationRequest, context)));
return;
}
// Otherwise the JWT contains the error response parameters
JWTOAuth2Exception jwtException = new JWTOAuth2Exception(oAuth2Exception, authorizationRequest.getState());
jwtException.setIss(openIDDiscoveryService.getIssuer(authorizationRequest.getOrigin()));
jwtException.setAud(client.getClientId());
// There is nothing about expiration. We admit to use the one settled for authorization code validity
jwtException.setExp(Instant.now().plusSeconds(this.codeValidityInSec).getEpochSecond());
// Sign if needed, else return unsigned JWT
jwtService.encodeAuthorization(jwtException.build(), client).flatMap(authorization -> jweService.encryptAuthorization(authorization, client)).subscribe(jwt -> handler.handle(Future.succeededFuture(jwtException.buildRedirectUri(authorizationRequest.getRedirectUri(), authorizationRequest.getResponseType(), authorizationRequest.getResponseMode(), jwt))), ex -> handler.handle(Future.failedFuture(ex)));
} catch (Exception e) {
handler.handle(Future.failedFuture(e));
}
}
Aggregations