Example 1 with DefaultRule
use of io.gravitee.am.gateway.handler.uma.policy.DefaultRule in project gravitee-access-management by gravitee-io.
the class UMATokenGranter method executePolicies.
/**
* The resource owner works with the authorization server to configure policy conditions (authorization grant rules), which the authorization server executes in the process of issuing access tokens.
* The authorization process makes use of claims gathered from the requesting party and client in order to satisfy all operative operative policy conditions.
* @param oAuth2Request OAuth 2.0 Token Request
* @param client client
* @param endUser requesting party
* @return
*/
private Single<OAuth2Request> executePolicies(OAuth2Request oAuth2Request, Client client, User endUser) {
List<PermissionRequest> permissionRequests = oAuth2Request.getPermissions();
if (permissionRequests == null || permissionRequests.isEmpty()) {
return Single.just(oAuth2Request);
}
List<String> resourceIds = permissionRequests.stream().map(PermissionRequest::getResourceId).collect(Collectors.toList());
// find access policies for the given resources
return resourceService.findAccessPoliciesByResources(resourceIds).map(accessPolicy -> {
Rule rule = new DefaultRule(accessPolicy);
Optional<PermissionRequest> permission = permissionRequests.stream().filter(permissionRequest -> permissionRequest.getResourceId().equals(accessPolicy.getResource())).findFirst();
if (permission.isPresent()) {
((DefaultRule) rule).setMetadata(Collections.singletonMap("permissionRequest", permission.get()));
}
return rule;
}).toList().flatMap(rules -> {
// no policy registered, continue
if (rules.isEmpty()) {
return Single.just(oAuth2Request);
}
// prepare the execution context
ExecutionContext simpleExecutionContext = new SimpleExecutionContext(oAuth2Request, oAuth2Request.getHttpResponse());
ExecutionContext executionContext = executionContextFactory.create(simpleExecutionContext);
executionContext.setAttribute("client", new ClientProperties(client));
if (endUser != null) {
executionContext.setAttribute("user", new UserProperties(endUser));
}
// execute the policies
return rulesEngine.fire(rules, executionContext).toSingleDefault(oAuth2Request).onErrorResumeNext(ex -> Single.error(new InvalidGrantException("Policy conditions are not met for actual request parameters")));
});
}
Also used :
DefaultRule(io.gravitee.am.gateway.handler.uma.policy.DefaultRule)
PermissionTicket(io.gravitee.am.model.uma.PermissionTicket)
ResourceService(io.gravitee.am.service.ResourceService)
java.util(java.util)
Client(io.gravitee.am.model.oidc.Client)
MultiValueMap(io.gravitee.common.util.MultiValueMap)
Maybe(io.reactivex.Maybe)
InvalidTokenException(io.gravitee.am.common.exception.oauth2.InvalidTokenException)
TokenService(io.gravitee.am.gateway.handler.oauth2.service.token.TokenService)
TechnicalException(io.gravitee.am.repository.exceptions.TechnicalException)
InvalidScopeException(io.gravitee.am.gateway.handler.oauth2.exception.InvalidScopeException)
Single(io.reactivex.Single)
JWTService(io.gravitee.am.gateway.handler.common.jwt.JWTService)
RulesEngine(io.gravitee.am.gateway.handler.uma.policy.RulesEngine)
JsonObject(io.vertx.core.json.JsonObject)
Rule(io.gravitee.am.gateway.handler.uma.policy.Rule)
PermissionTicketService(io.gravitee.am.service.PermissionTicketService)
TokenType(io.gravitee.am.common.oauth2.TokenType)
User(io.gravitee.am.model.User)
ExecutionContextFactory(io.gravitee.am.gateway.handler.context.ExecutionContextFactory)
InvalidGrantException(io.gravitee.am.gateway.handler.oauth2.exception.InvalidGrantException)
GrantType(io.gravitee.am.common.oauth2.GrantType)
ClientProperties(io.gravitee.am.model.safe.ClientProperties)
PermissionRequest(io.gravitee.am.model.uma.PermissionRequest)
ExecutionContext(io.gravitee.gateway.api.ExecutionContext)
JWT(io.gravitee.am.common.jwt.JWT)
UserAuthenticationManager(io.gravitee.am.gateway.handler.common.auth.user.UserAuthenticationManager)
TokenRequest(io.gravitee.am.gateway.handler.oauth2.service.request.TokenRequest)
UmaException(io.gravitee.am.common.exception.uma.UmaException)
Domain(io.gravitee.am.model.Domain)
AbstractTokenGranter(io.gravitee.am.gateway.handler.oauth2.service.granter.AbstractTokenGranter)
Resource(io.gravitee.am.model.uma.Resource)
UserInvalidException(io.gravitee.am.service.exception.UserInvalidException)
Collectors(java.util.stream.Collectors)
Stream(java.util.stream.Stream)
RequiredClaims(io.gravitee.am.common.exception.uma.RequiredClaims)
Token(io.gravitee.am.gateway.handler.oauth2.service.token.Token)
DefaultRule(io.gravitee.am.gateway.handler.uma.policy.DefaultRule)
ApplicationScopeSettings(io.gravitee.am.model.application.ApplicationScopeSettings)
UserProperties(io.gravitee.am.model.safe.UserProperties)
OAuth2Request(io.gravitee.am.gateway.handler.oauth2.service.request.OAuth2Request)
SimpleExecutionContext(io.gravitee.gateway.api.context.SimpleExecutionContext)
Parameters(io.gravitee.am.common.oauth2.Parameters)
StringUtils(org.springframework.util.StringUtils)
PermissionRequest(io.gravitee.am.model.uma.PermissionRequest)
ClientProperties(io.gravitee.am.model.safe.ClientProperties)
SimpleExecutionContext(io.gravitee.gateway.api.context.SimpleExecutionContext)
InvalidGrantException(io.gravitee.am.gateway.handler.oauth2.exception.InvalidGrantException)
ExecutionContext(io.gravitee.gateway.api.ExecutionContext)
SimpleExecutionContext(io.gravitee.gateway.api.context.SimpleExecutionContext)
UserProperties(io.gravitee.am.model.safe.UserProperties)
Rule(io.gravitee.am.gateway.handler.uma.policy.Rule)
DefaultRule(io.gravitee.am.gateway.handler.uma.policy.DefaultRule)
Aggregations
InvalidTokenException (io.gravitee.am.common.exception.oauth2.InvalidTokenException)1
RequiredClaims (io.gravitee.am.common.exception.uma.RequiredClaims)1
UmaException (io.gravitee.am.common.exception.uma.UmaException)1
JWT (io.gravitee.am.common.jwt.JWT)1
GrantType (io.gravitee.am.common.oauth2.GrantType)1
Parameters (io.gravitee.am.common.oauth2.Parameters)1
TokenType (io.gravitee.am.common.oauth2.TokenType)1
UserAuthenticationManager (io.gravitee.am.gateway.handler.common.auth.user.UserAuthenticationManager)1
JWTService (io.gravitee.am.gateway.handler.common.jwt.JWTService)1
ExecutionContextFactory (io.gravitee.am.gateway.handler.context.ExecutionContextFactory)1
InvalidGrantException (io.gravitee.am.gateway.handler.oauth2.exception.InvalidGrantException)1
InvalidScopeException (io.gravitee.am.gateway.handler.oauth2.exception.InvalidScopeException)1
AbstractTokenGranter (io.gravitee.am.gateway.handler.oauth2.service.granter.AbstractTokenGranter)1
OAuth2Request (io.gravitee.am.gateway.handler.oauth2.service.request.OAuth2Request)1
TokenRequest (io.gravitee.am.gateway.handler.oauth2.service.request.TokenRequest)1
Token (io.gravitee.am.gateway.handler.oauth2.service.token.Token)1
TokenService (io.gravitee.am.gateway.handler.oauth2.service.token.TokenService)1
DefaultRule (io.gravitee.am.gateway.handler.uma.policy.DefaultRule)1
Rule (io.gravitee.am.gateway.handler.uma.policy.Rule)1
RulesEngine (io.gravitee.am.gateway.handler.uma.policy.RulesEngine)1
