Examples with Client io.jans.as.common.model.registration.Client used on opensource projects

Search in sources :

Example 16 with Client

use of io.jans.as.common.model.registration.Client in project jans by JanssenProject.

the class RegisterRestWebServiceImpl method delete.

@Override
public Response delete(String clientId, String authorization, HttpServletRequest httpRequest, SecurityContext securityContext) {
    try {
        errorResponseFactory.validateComponentEnabled(ComponentType.REGISTRATION);
        String accessToken = tokenService.getToken(authorization);
        log.debug("Attempting to delete client: clientId = {}, registrationAccessToken = {} isSecure = {}", clientId, accessToken, securityContext.isSecure());
        if (!registerParamsValidator.validateParamsClientRead(clientId, accessToken)) {
            log.trace("Client parameters are invalid.");
            throw errorResponseFactory.createWebApplicationException(Response.Status.BAD_REQUEST, RegisterErrorResponseType.INVALID_CLIENT_METADATA, "");
        }
        if (isTrue(appConfiguration.getDcrAuthorizationWithClientCredentials())) {
            validateAuthorizationAccessToken(accessToken, clientId);
        }
        Client client = clientService.getClient(clientId, accessToken);
        if (client == null) {
            throw errorResponseFactory.createWebApplicationException(Response.Status.UNAUTHORIZED, RegisterErrorResponseType.INVALID_TOKEN, "");
        }
        clientService.remove(client);
        return Response.status(Response.Status.NO_CONTENT).cacheControl(ServerUtil.cacheControl(true, false)).header(Constants.PRAGMA, Constants.NO_CACHE).build();
    } catch (WebApplicationException e) {
        if (e.getResponse() != null) {
            return e.getResponse();
        }
        throw e;
    } catch (Exception e) {
        log.error(e.getMessage(), e);
        throw errorResponseFactory.createWebApplicationException(Response.Status.INTERNAL_SERVER_ERROR, RegisterErrorResponseType.INVALID_CLIENT_METADATA, "Failed to process request.");
    }
}
Also used : WebApplicationException(javax.ws.rs.WebApplicationException) Client(io.jans.as.common.model.registration.Client) JSONException(org.json.JSONException) InvalidJwtException(io.jans.as.model.exception.InvalidJwtException) WebApplicationException(javax.ws.rs.WebApplicationException)

Example 17 with Client

use of io.jans.as.common.model.registration.Client in project jans by JanssenProject.

the class RegisterRestWebServiceImpl method requestClientRead.

@Override
public Response requestClientRead(String clientId, String authorization, HttpServletRequest httpRequest, SecurityContext securityContext) {
    String accessToken = tokenService.getToken(authorization);
    log.debug("Attempting to read client: clientId = {}, registrationAccessToken = {} isSecure = {}", clientId, accessToken, securityContext.isSecure());
    errorResponseFactory.validateComponentEnabled(ComponentType.REGISTRATION);
    Response.ResponseBuilder builder = Response.ok();
    OAuth2AuditLog oAuth2AuditLog = new OAuth2AuditLog(ServerUtil.getIpAddress(httpRequest), Action.CLIENT_READ);
    oAuth2AuditLog.setClientId(clientId);
    try {
        if (registerParamsValidator.validateParamsClientRead(clientId, accessToken)) {
            if (isTrue(appConfiguration.getDcrAuthorizationWithClientCredentials())) {
                validateAuthorizationAccessToken(accessToken, clientId);
            }
            Client client = clientService.getClient(clientId, accessToken);
            if (client != null) {
                oAuth2AuditLog.setScope(clientScopesToString(client));
                oAuth2AuditLog.setSuccess(true);
                JSONObject jsonObject = getJSONObject(client);
                jsonObject = modifyReadScript(jsonObject, new ExecutionContext(httpRequest, null).setClient(client));
                builder.entity(jsonObjectToString(jsonObject));
            } else {
                log.trace("The Access Token is not valid for the Client ID, returns invalid_token error.");
                builder = Response.status(Response.Status.UNAUTHORIZED.getStatusCode()).type(MediaType.APPLICATION_JSON_TYPE);
                builder.entity(errorResponseFactory.errorAsJson(RegisterErrorResponseType.INVALID_TOKEN, "The Access Token is not valid for the Client"));
            }
        } else {
            log.trace("Client ID or Access Token is not valid.");
            throw errorResponseFactory.createWebApplicationException(Response.Status.BAD_REQUEST, RegisterErrorResponseType.INVALID_CLIENT_METADATA, "Client ID or Access Token is not valid.");
        }
    } catch (JSONException e) {
        log.error(e.getMessage(), e);
        throw errorResponseFactory.createWebApplicationException(Response.Status.INTERNAL_SERVER_ERROR, RegisterErrorResponseType.INVALID_CLIENT_METADATA, "Failed to parse json.");
    } catch (StringEncrypter.EncryptionException e) {
        log.error(e.getMessage(), e);
        throw errorResponseFactory.createWebApplicationException(Response.Status.INTERNAL_SERVER_ERROR, RegisterErrorResponseType.INVALID_CLIENT_METADATA, "Encryption exception occurred.");
    }
    builder.cacheControl(ServerUtil.cacheControl(true, false));
    builder.header(Constants.PRAGMA, Constants.NO_CACHE);
    applicationAuditLogger.sendMessage(oAuth2AuditLog);
    return builder.build();
}
Also used : Response(javax.ws.rs.core.Response) ExecutionContext(io.jans.as.server.model.common.ExecutionContext) JSONObject(org.json.JSONObject) OAuth2AuditLog(io.jans.as.server.model.audit.OAuth2AuditLog) JSONException(org.json.JSONException) Client(io.jans.as.common.model.registration.Client) StringEncrypter(io.jans.util.security.StringEncrypter)

Example 18 with Client

use of io.jans.as.common.model.registration.Client in project jans by JanssenProject.

the class IdTokenFactory method createJwr.

public JsonWebResponse createJwr(IAuthorizationGrant grant, AuthorizationCode authorizationCode, AccessToken accessToken, RefreshToken refreshToken, ExecutionContext executionContext) throws Exception {
    final Client client = grant.getClient();
    JsonWebResponse jwr = jwrService.createJwr(client);
    fillClaims(jwr, grant, authorizationCode, accessToken, refreshToken, executionContext);
    if (log.isTraceEnabled())
        log.trace("Created claims for id_token, claims: {}", jwr.getClaims().toJsonString());
    return jwrService.encode(jwr, client);
}
Also used : JsonWebResponse(io.jans.as.model.token.JsonWebResponse) Client(io.jans.as.common.model.registration.Client)

Example 19 with Client

use of io.jans.as.common.model.registration.Client in project jans by JanssenProject.

the class ParRestWebService method requestPushedAuthorizationRequest.

@POST
@Produces({ MediaType.APPLICATION_JSON })
public Response requestPushedAuthorizationRequest(@FormParam("scope") String scope, @FormParam("response_type") String responseType, @FormParam("client_id") String clientId, @FormParam("redirect_uri") String redirectUri, @FormParam("state") String state, @FormParam("response_mode") String responseMode, @FormParam("nonce") String nonce, @FormParam("display") String display, @FormParam("prompt") String prompt, @FormParam("max_age") Integer maxAge, @FormParam("ui_locales") String uiLocales, @FormParam("id_token_hint") String idTokenHint, @FormParam("login_hint") String loginHint, @FormParam("acr_values") String acrValuesStr, @FormParam("amr_values") String amrValuesStr, @FormParam("request") String request, @FormParam("request_uri") String requestUri, @FormParam("session_id") String sessionId, @FormParam("origin_headers") String originHeaders, @FormParam("code_challenge") String codeChallenge, @FormParam("code_challenge_method") String codeChallengeMethod, @FormParam("nbf") String nbf, @FormParam(AuthorizeRequestParam.CUSTOM_RESPONSE_HEADERS) String customResponseHeaders, @FormParam("claims") String claims, @Context HttpServletRequest httpRequest, @Context HttpServletResponse httpResponse, @Context SecurityContext securityContext) {
    try {
        errorResponseFactory.validateComponentEnabled(ComponentType.PAR);
        // it may be encoded
        scope = ServerUtil.urlDecode(scope);
        String tokenBindingHeader = httpRequest.getHeader("Sec-Token-Binding");
        // ATTENTION : please do not add more parameter in this debug method because it will not work with framework
        // there is limit of 10 parameters (hardcoded), see: org.jboss.seam.core.Interpolator#interpolate
        log.debug("Attempting to request PAR: " + "responseType = {}, clientId = {}, scope = {}, redirectUri = {}, nonce = {}, " + "state = {}, request = {}, isSecure = {}, sessionId = {}", responseType, clientId, scope, redirectUri, nonce, state, request, securityContext.isSecure(), sessionId);
        log.debug("Attempting to request PAR: " + "acrValues = {}, amrValues = {}, originHeaders = {}, codeChallenge = {}, codeChallengeMethod = {}, " + "customRespHeaders = {}, claims = {}, tokenBindingHeader = {}", acrValuesStr, amrValuesStr, originHeaders, codeChallenge, codeChallengeMethod, customResponseHeaders, claims, tokenBindingHeader);
        parValidator.validatePkce(codeChallenge, codeChallengeMethod, state);
        List<ResponseType> responseTypes = ResponseType.fromString(responseType, " ");
        ResponseMode responseModeObj = ResponseMode.getByValue(responseMode);
        Jwt requestObject = Jwt.parseSilently(request);
        clientId = getClientId(clientId, requestObject);
        Client client = authorizeRestWebServiceValidator.validateClient(clientId, state, true);
        redirectUri = getRedirectUri(redirectUri, requestObject);
        redirectUri = authorizeRestWebServiceValidator.validateRedirectUri(client, redirectUri, state, null, httpRequest, AuthorizeErrorResponseType.INVALID_REQUEST);
        RedirectUriResponse redirectUriResponse = new RedirectUriResponse(new RedirectUri(redirectUri, responseTypes, responseModeObj), state, httpRequest, errorResponseFactory);
        redirectUriResponse.setFapiCompatible(appConfiguration.isFapi());
        parValidator.validateRequestUriIsAbsent(requestUri);
        final Integer parLifetime = client.getAttributes().getParLifetime();
        final Par par = new Par();
        par.setDeletable(true);
        par.setTtl(parLifetime);
        par.setExpirationDate(Util.createExpirationDate(parLifetime));
        par.getAttributes().setScope(scope);
        par.getAttributes().setNbf(Util.parseIntegerSilently(nbf));
        par.getAttributes().setResponseType(responseType);
        par.getAttributes().setClientId(clientId);
        par.getAttributes().setRedirectUri(redirectUri);
        par.getAttributes().setState(state);
        par.getAttributes().setResponseMode(responseMode);
        par.getAttributes().setNonce(nonce);
        par.getAttributes().setDisplay(display);
        par.getAttributes().setPrompt(prompt);
        par.getAttributes().setMaxAge(maxAge);
        par.getAttributes().setUiLocales(uiLocales);
        par.getAttributes().setIdTokenHint(idTokenHint);
        par.getAttributes().setLoginHint(loginHint);
        par.getAttributes().setAcrValuesStr(acrValuesStr);
        par.getAttributes().setAmrValuesStr(amrValuesStr);
        par.getAttributes().setRequest(request);
        par.getAttributes().setRequestUri(requestUri);
        par.getAttributes().setSessionId(sessionId);
        par.getAttributes().setOriginHeaders(originHeaders);
        par.getAttributes().setCodeChallenge(codeChallenge);
        par.getAttributes().setCodeChallengeMethod(codeChallengeMethod);
        par.getAttributes().setCustomResponseHeaders(customResponseHeaders);
        par.getAttributes().setClaims(claims);
        par.getAttributes().setCustomParameters(requestParameterService.getCustomParameters(QueryStringDecoder.decode(httpRequest.getQueryString())));
        parValidator.validateRequestObject(redirectUriResponse, par, client);
        authorizeRestWebServiceValidator.validatePkce(par.getAttributes().getCodeChallenge(), redirectUriResponse);
        parService.persist(par);
        ParResponse parResponse = new ParResponse();
        parResponse.setRequestUri(ParService.toOutsideId(par.getId()));
        // set it to TTL instead of lifetime because TTL can be updated during request object validation
        parResponse.setExpiresIn(par.getTtl());
        final String responseAsString = ServerUtil.asJson(parResponse);
        log.debug("Created PAR {}", responseAsString);
        return Response.status(Response.Status.CREATED).entity(responseAsString).type(MediaType.APPLICATION_JSON_TYPE).build();
    } catch (WebApplicationException e) {
        if (e.getResponse().getStatus() == Response.Status.FOUND.getStatusCode()) {
            throw errorResponseFactory.createBadRequestException(createErrorResponseFromRedirectErrorUri(e.getResponse().getLocation()));
        }
        if (log.isErrorEnabled())
            log.error(e.getMessage(), e);
        throw e;
    } catch (Exception e) {
        log.error(e.getMessage(), e);
        return Response.status(Response.Status.INTERNAL_SERVER_ERROR).type(MediaType.APPLICATION_JSON_TYPE).build();
    }
}
Also used : Par(io.jans.as.persistence.model.Par) WebApplicationException(javax.ws.rs.WebApplicationException) Jwt(io.jans.as.model.jwt.Jwt) RedirectUriResponse(io.jans.as.server.service.RedirectUriResponse) RedirectUri(io.jans.as.common.util.RedirectUri) WebApplicationException(javax.ws.rs.WebApplicationException) AuthorizeErrorResponseType(io.jans.as.model.authorize.AuthorizeErrorResponseType) ResponseType(io.jans.as.model.common.ResponseType) ResponseMode(io.jans.as.model.common.ResponseMode) Client(io.jans.as.common.model.registration.Client) POST(javax.ws.rs.POST) Produces(javax.ws.rs.Produces)

Example 20 with Client

use of io.jans.as.common.model.registration.Client in project jans by JanssenProject.

the class AuthorizeService method permissionDenied.

public void permissionDenied(final SessionId session) {
    log.trace("permissionDenied");
    invalidateSessionCookiesIfNeeded();
    if (session == null) {
        authenticationFailedSessionInvalid();
        return;
    }
    String baseRedirectUri = session.getSessionAttributes().get(AuthorizeRequestParam.REDIRECT_URI);
    String state = session.getSessionAttributes().get(AuthorizeRequestParam.STATE);
    ResponseMode responseMode = ResponseMode.fromString(session.getSessionAttributes().get(AuthorizeRequestParam.RESPONSE_MODE));
    List<ResponseType> responseType = ResponseType.fromString(session.getSessionAttributes().get(AuthorizeRequestParam.RESPONSE_TYPE), " ");
    RedirectUri redirectUri = new RedirectUri(baseRedirectUri, responseType, responseMode);
    redirectUri.parseQueryString(errorResponseFactory.getErrorAsQueryString(AuthorizeErrorResponseType.ACCESS_DENIED, state));
    // CIBA
    Map<String, String> sessionAttribute = requestParameterService.getAllowedParameters(session.getSessionAttributes());
    if (sessionAttribute.containsKey(AuthorizeRequestParam.AUTH_REQ_ID)) {
        String authReqId = sessionAttribute.get(AuthorizeRequestParam.AUTH_REQ_ID);
        CibaRequestCacheControl request = cibaRequestService.getCibaRequest(authReqId);
        if (request != null && request.getClient() != null) {
            if (request.getStatus() == CibaRequestStatus.PENDING) {
                cibaRequestService.removeCibaRequest(authReqId);
            }
            switch(request.getClient().getBackchannelTokenDeliveryMode()) {
                case POLL:
                    request.setStatus(CibaRequestStatus.DENIED);
                    request.setTokensDelivered(false);
                    cibaRequestService.update(request);
                    break;
                case PING:
                    request.setStatus(CibaRequestStatus.DENIED);
                    request.setTokensDelivered(false);
                    cibaRequestService.update(request);
                    cibaPingCallbackService.pingCallback(request.getAuthReqId(), request.getClient().getBackchannelClientNotificationEndpoint(), request.getClientNotificationToken());
                    break;
                case PUSH:
                    cibaPushErrorService.pushError(request.getAuthReqId(), request.getClient().getBackchannelClientNotificationEndpoint(), request.getClientNotificationToken(), PushErrorResponseType.ACCESS_DENIED, "The end-user denied the authorization request.");
                    break;
            }
        }
    }
    if (sessionAttribute.containsKey(DeviceAuthorizationService.SESSION_USER_CODE)) {
        processDeviceAuthDeniedResponse(sessionAttribute);
    }
    if (responseMode == ResponseMode.JWT) {
        String clientId = session.getSessionAttributes().get(AuthorizeRequestParam.CLIENT_ID);
        Client client = clientService.getClient(clientId);
        facesService.redirectToExternalURL(createJarmRedirectUri(redirectUri, client, session));
    } else
        facesService.redirectToExternalURL(redirectUri.toString());
}
Also used : ResponseMode(io.jans.as.model.common.ResponseMode) CibaRequestCacheControl(io.jans.as.server.model.common.CibaRequestCacheControl) RedirectUri(io.jans.as.common.util.RedirectUri) Client(io.jans.as.common.model.registration.Client) PushErrorResponseType(io.jans.as.model.ciba.PushErrorResponseType) AuthorizeErrorResponseType(io.jans.as.model.authorize.AuthorizeErrorResponseType) ResponseType(io.jans.as.model.common.ResponseType)

Aggregations

Client (io.jans.as.common.model.registration.Client)70 WebApplicationException (javax.ws.rs.WebApplicationException)20 InvalidJwtException (io.jans.as.model.exception.InvalidJwtException)12 JSONObject (org.json.JSONObject)12 Test (org.testng.annotations.Test)12 User (io.jans.as.common.model.common.User)11 BaseComponentTest (io.jans.as.server.BaseComponentTest)10 Calendar (java.util.Calendar)10 GregorianCalendar (java.util.GregorianCalendar)10 IOException (java.io.IOException)9 OAuth2AuditLog (io.jans.as.server.model.audit.OAuth2AuditLog)8 AuthorizationGrant (io.jans.as.server.model.common.AuthorizationGrant)8 ExecutionContext (io.jans.as.server.model.common.ExecutionContext)8 JSONException (org.json.JSONException)8 Jwt (io.jans.as.model.jwt.Jwt)7 Response (javax.ws.rs.core.Response)7 SessionClient (io.jans.as.server.model.session.SessionClient)6 ProtectedApi (io.jans.configapi.core.rest.ProtectedApi)6 ServletException (javax.servlet.ServletException)6 SignatureAlgorithm (io.jans.as.model.crypto.signature.SignatureAlgorithm)5
About Me
UseOf

Java Tutorials :

Simple Java RabbitMQ Example with Spring
Simple Springboot JPA Eclipeslink Example
Simple SpringBoot JPA Hibernate Example
Jackson JSON @JsonIgnore and @JsonIgnoreProperties Examples
Java Infinite recursion (StackOverflowError) Jackson solutions
Simple Java Jackson Serialize Objects to JSON and convert them back To Object
ElasticSearch 5 - Upload files using Java API in binary field Example
Java JAXB marshall unmarshall Examples from String and Stream
Java 8 forEach List and Map examples
ElasticSearch 5 Java API SearchRequestBuilder examples
Java ElasticSearch 5 examples with node index and mapping - running local
Convert String to int or Integer Java 8
Java 9 in action - JShell - Ubuntu
Java - removing invalid characters from a file name
Hello world!? or Hello Tutorial