Example 6 with UserProperties
use of io.gravitee.am.model.safe.UserProperties in project gravitee-access-management by gravitee-io.
the class IDTokenServiceImpl method createExecution.
private ExecutionContext createExecution(OAuth2Request request, Client client, User user) {
ExecutionContext simpleExecutionContext = new SimpleExecutionContext(request, null);
ExecutionContext executionContext = executionContextFactory.create(simpleExecutionContext);
executionContext.setAttribute("client", new ClientProperties(client));
if (user != null) {
executionContext.setAttribute("user", new UserProperties(user));
}
Object authFlowAttributes = request.getContext().get(ConstantKeys.AUTH_FLOW_CONTEXT_ATTRIBUTES_KEY);
if (authFlowAttributes != null) {
executionContext.setAttribute(ConstantKeys.AUTH_FLOW_CONTEXT_ATTRIBUTES_KEY, authFlowAttributes);
request.getContext().remove(ConstantKeys.AUTH_FLOW_CONTEXT_ATTRIBUTES_KEY);
}
return executionContext;
}
Also used :
ClientProperties(io.gravitee.am.model.safe.ClientProperties)
ExecutionContext(io.gravitee.gateway.api.ExecutionContext)
SimpleExecutionContext(io.gravitee.gateway.api.context.SimpleExecutionContext)
UserProperties(io.gravitee.am.model.safe.UserProperties)
SimpleExecutionContext(io.gravitee.gateway.api.context.SimpleExecutionContext)
Example 7 with UserProperties
use of io.gravitee.am.model.safe.UserProperties in project gravitee-access-management by gravitee-io.
the class UMATokenGranter method executePolicies.
/**
* The resource owner works with the authorization server to configure policy conditions (authorization grant rules), which the authorization server executes in the process of issuing access tokens.
* The authorization process makes use of claims gathered from the requesting party and client in order to satisfy all operative operative policy conditions.
* @param oAuth2Request OAuth 2.0 Token Request
* @param client client
* @param endUser requesting party
* @return
*/
private Single<OAuth2Request> executePolicies(OAuth2Request oAuth2Request, Client client, User endUser) {
List<PermissionRequest> permissionRequests = oAuth2Request.getPermissions();
if (permissionRequests == null || permissionRequests.isEmpty()) {
return Single.just(oAuth2Request);
}
List<String> resourceIds = permissionRequests.stream().map(PermissionRequest::getResourceId).collect(Collectors.toList());
// find access policies for the given resources
return resourceService.findAccessPoliciesByResources(resourceIds).map(accessPolicy -> {
Rule rule = new DefaultRule(accessPolicy);
Optional<PermissionRequest> permission = permissionRequests.stream().filter(permissionRequest -> permissionRequest.getResourceId().equals(accessPolicy.getResource())).findFirst();
if (permission.isPresent()) {
((DefaultRule) rule).setMetadata(Collections.singletonMap("permissionRequest", permission.get()));
}
return rule;
}).toList().flatMap(rules -> {
// no policy registered, continue
if (rules.isEmpty()) {
return Single.just(oAuth2Request);
}
// prepare the execution context
ExecutionContext simpleExecutionContext = new SimpleExecutionContext(oAuth2Request, oAuth2Request.getHttpResponse());
ExecutionContext executionContext = executionContextFactory.create(simpleExecutionContext);
executionContext.setAttribute("client", new ClientProperties(client));
if (endUser != null) {
executionContext.setAttribute("user", new UserProperties(endUser));
}
// execute the policies
return rulesEngine.fire(rules, executionContext).toSingleDefault(oAuth2Request).onErrorResumeNext(ex -> Single.error(new InvalidGrantException("Policy conditions are not met for actual request parameters")));
});
}
Also used :
DefaultRule(io.gravitee.am.gateway.handler.uma.policy.DefaultRule)
PermissionTicket(io.gravitee.am.model.uma.PermissionTicket)
ResourceService(io.gravitee.am.service.ResourceService)
java.util(java.util)
Client(io.gravitee.am.model.oidc.Client)
MultiValueMap(io.gravitee.common.util.MultiValueMap)
Maybe(io.reactivex.Maybe)
InvalidTokenException(io.gravitee.am.common.exception.oauth2.InvalidTokenException)
TokenService(io.gravitee.am.gateway.handler.oauth2.service.token.TokenService)
TechnicalException(io.gravitee.am.repository.exceptions.TechnicalException)
InvalidScopeException(io.gravitee.am.gateway.handler.oauth2.exception.InvalidScopeException)
Single(io.reactivex.Single)
JWTService(io.gravitee.am.gateway.handler.common.jwt.JWTService)
RulesEngine(io.gravitee.am.gateway.handler.uma.policy.RulesEngine)
JsonObject(io.vertx.core.json.JsonObject)
Rule(io.gravitee.am.gateway.handler.uma.policy.Rule)
PermissionTicketService(io.gravitee.am.service.PermissionTicketService)
TokenType(io.gravitee.am.common.oauth2.TokenType)
User(io.gravitee.am.model.User)
ExecutionContextFactory(io.gravitee.am.gateway.handler.context.ExecutionContextFactory)
InvalidGrantException(io.gravitee.am.gateway.handler.oauth2.exception.InvalidGrantException)
GrantType(io.gravitee.am.common.oauth2.GrantType)
ClientProperties(io.gravitee.am.model.safe.ClientProperties)
PermissionRequest(io.gravitee.am.model.uma.PermissionRequest)
ExecutionContext(io.gravitee.gateway.api.ExecutionContext)
JWT(io.gravitee.am.common.jwt.JWT)
UserAuthenticationManager(io.gravitee.am.gateway.handler.common.auth.user.UserAuthenticationManager)
TokenRequest(io.gravitee.am.gateway.handler.oauth2.service.request.TokenRequest)
UmaException(io.gravitee.am.common.exception.uma.UmaException)
Domain(io.gravitee.am.model.Domain)
AbstractTokenGranter(io.gravitee.am.gateway.handler.oauth2.service.granter.AbstractTokenGranter)
Resource(io.gravitee.am.model.uma.Resource)
UserInvalidException(io.gravitee.am.service.exception.UserInvalidException)
Collectors(java.util.stream.Collectors)
Stream(java.util.stream.Stream)
RequiredClaims(io.gravitee.am.common.exception.uma.RequiredClaims)
Token(io.gravitee.am.gateway.handler.oauth2.service.token.Token)
DefaultRule(io.gravitee.am.gateway.handler.uma.policy.DefaultRule)
ApplicationScopeSettings(io.gravitee.am.model.application.ApplicationScopeSettings)
UserProperties(io.gravitee.am.model.safe.UserProperties)
OAuth2Request(io.gravitee.am.gateway.handler.oauth2.service.request.OAuth2Request)
SimpleExecutionContext(io.gravitee.gateway.api.context.SimpleExecutionContext)
Parameters(io.gravitee.am.common.oauth2.Parameters)
StringUtils(org.springframework.util.StringUtils)
PermissionRequest(io.gravitee.am.model.uma.PermissionRequest)
ClientProperties(io.gravitee.am.model.safe.ClientProperties)
SimpleExecutionContext(io.gravitee.gateway.api.context.SimpleExecutionContext)
InvalidGrantException(io.gravitee.am.gateway.handler.oauth2.exception.InvalidGrantException)
ExecutionContext(io.gravitee.gateway.api.ExecutionContext)
SimpleExecutionContext(io.gravitee.gateway.api.context.SimpleExecutionContext)
UserProperties(io.gravitee.am.model.safe.UserProperties)
Rule(io.gravitee.am.gateway.handler.uma.policy.Rule)
DefaultRule(io.gravitee.am.gateway.handler.uma.policy.DefaultRule)
Example 8 with UserProperties
use of io.gravitee.am.model.safe.UserProperties in project gravitee-access-management by gravitee-io.
the class EmailServiceImpl method prepareEmailParams.
private Map<String, Object> prepareEmailParams(User user, Client client, Integer expiresAfter, String redirectUri) {
// generate a JWT to store user's information and for security purpose
final Map<String, Object> claims = new HashMap<>();
claims.put(Claims.iat, new Date().getTime() / 1000);
claims.put(Claims.exp, new Date(System.currentTimeMillis() + (expiresAfter * 1000)).getTime() / 1000);
claims.put(Claims.sub, user.getId());
if (client != null) {
claims.put(Claims.aud, client.getId());
}
String token = jwtBuilder.sign(new JWT(claims));
String redirectUrl = domainService.buildUrl(domain, redirectUri + "?token=" + token);
Map<String, Object> params = new HashMap<>();
params.put("user", new UserProperties(user));
params.put("url", redirectUrl);
params.put("token", token);
params.put("expireAfterSeconds", expiresAfter);
params.put("domain", new DomainProperties(domain));
if (client != null) {
params.put("client", new ClientProperties(client));
}
return params;
}
Also used :
DomainProperties(io.gravitee.am.model.safe.DomainProperties)
ClientProperties(io.gravitee.am.model.safe.ClientProperties)
UserProperties(io.gravitee.am.model.safe.UserProperties)
HashMap(java.util.HashMap)
JWT(io.gravitee.am.common.jwt.JWT)
FreeMarkerTemplateUtils.processTemplateIntoString(org.springframework.ui.freemarker.FreeMarkerTemplateUtils.processTemplateIntoString)
Date(java.util.Date)
Aggregations
UserProperties (io.gravitee.am.model.safe.UserProperties)8
ClientProperties (io.gravitee.am.model.safe.ClientProperties)6
DomainProperties (io.gravitee.am.model.safe.DomainProperties)4
JWT (io.gravitee.am.common.jwt.JWT)3
User (io.gravitee.am.model.User)3
ExecutionContext (io.gravitee.gateway.api.ExecutionContext)3
SimpleExecutionContext (io.gravitee.gateway.api.context.SimpleExecutionContext)3
Client (io.gravitee.am.model.oidc.Client)2
Date (java.util.Date)2
HashMap (java.util.HashMap)2
InvalidTokenException (io.gravitee.am.common.exception.oauth2.InvalidTokenException)1
RequiredClaims (io.gravitee.am.common.exception.uma.RequiredClaims)1
UmaException (io.gravitee.am.common.exception.uma.UmaException)1
GrantType (io.gravitee.am.common.oauth2.GrantType)1
Parameters (io.gravitee.am.common.oauth2.Parameters)1
TokenType (io.gravitee.am.common.oauth2.TokenType)1
UserAuthenticationManager (io.gravitee.am.gateway.handler.common.auth.user.UserAuthenticationManager)1
JWTService (io.gravitee.am.gateway.handler.common.jwt.JWTService)1
ExecutionContextFactory (io.gravitee.am.gateway.handler.context.ExecutionContextFactory)1
InvalidGrantException (io.gravitee.am.gateway.handler.oauth2.exception.InvalidGrantException)1
