Example 6 with IntrospectionResponse
use of io.jans.as.model.common.IntrospectionResponse in project jans by JanssenProject.
the class IntrospectionWsHttpTest method basicAuthentication.
@Test
@Parameters({ "umaPatClientId", "umaPatClientSecret" })
public void basicAuthentication(final String umaPatClientId, final String umaPatClientSecret) throws Exception {
final Token tokenToIntrospect = UmaClient.requestPat(tokenEndpoint, umaPatClientId, umaPatClientSecret, clientEngine(true));
final IntrospectionService introspectionService = ClientFactory.instance().createIntrospectionService(introspectionEndpoint, clientEngine(true));
final IntrospectionResponse introspectionResponse = introspectionService.introspectToken("Basic " + BaseRequest.getEncodedCredentials(umaPatClientId, umaPatClientSecret), tokenToIntrospect.getAccessToken());
assertTrue(introspectionResponse != null && introspectionResponse.isActive());
}
Also used :
IntrospectionResponse(io.jans.as.model.common.IntrospectionResponse)
IntrospectionService(io.jans.as.client.service.IntrospectionService)
Token(io.jans.as.model.uma.wrapper.Token)
Parameters(org.testng.annotations.Parameters)
BaseTest(io.jans.as.client.BaseTest)
Test(org.testng.annotations.Test)
Example 7 with IntrospectionResponse
use of io.jans.as.model.common.IntrospectionResponse in project jans by JanssenProject.
the class IntrospectionWsHttpTest method bearer.
@Test
@Parameters({ "umaPatClientId", "umaPatClientSecret" })
public void bearer(final String umaPatClientId, final String umaPatClientSecret) throws Exception {
final Token authorization = UmaClient.requestPat(tokenEndpoint, umaPatClientId, umaPatClientSecret);
final Token tokenToIntrospect = UmaClient.requestPat(tokenEndpoint, umaPatClientId, umaPatClientSecret);
final IntrospectionService introspectionService = ClientFactory.instance().createIntrospectionService(introspectionEndpoint);
final IntrospectionResponse introspectionResponse = introspectionService.introspectToken("Bearer " + authorization.getAccessToken(), tokenToIntrospect.getAccessToken());
assertTrue(introspectionResponse != null && introspectionResponse.isActive());
}
Also used :
IntrospectionResponse(io.jans.as.model.common.IntrospectionResponse)
IntrospectionService(io.jans.as.client.service.IntrospectionService)
Token(io.jans.as.model.uma.wrapper.Token)
Parameters(org.testng.annotations.Parameters)
BaseTest(io.jans.as.client.BaseTest)
Test(org.testng.annotations.Test)
Example 8 with IntrospectionResponse
use of io.jans.as.model.common.IntrospectionResponse in project jans by JanssenProject.
the class OpenIdAuthorizationService method processAuthorization.
public String processAuthorization(String token, String issuer, ResourceInfo resourceInfo, String method, String path) throws Exception {
logger.debug("oAuth Authorization parameters , token:{}, issuer:{}, resourceInfo:{}, method: {}, path: {} ", token, issuer, resourceInfo, method, path);
if (StringUtils.isBlank(token)) {
logger.error("Token is blank !!!");
throw new WebApplicationException("Token is blank.", Response.status(Response.Status.UNAUTHORIZED).build());
}
// Validate issuer
logger.info("Validate issuer");
if (StringUtils.isNotBlank(issuer) && !authUtil.isValidIssuer(issuer)) {
throw new WebApplicationException("Header Issuer is Invalid.", Response.status(Response.Status.UNAUTHORIZED).build());
}
// Check the type of token simple, jwt, reference
logger.info("Verify if JWT");
String acccessToken = token.substring("Bearer".length()).trim();
boolean isJwtToken = jwtUtil.isJwt(acccessToken);
if (isJwtToken) {
try {
logger.info("Since token is JWT Validate it");
jwtUtil.parse(acccessToken);
List<String> tokenScopes = jwtUtil.validateToken(acccessToken);
logger.debug(" tokenScopes:{} ", tokenScopes);
// Validate Scopes
return this.validateScope(acccessToken, tokenScopes, resourceInfo, issuer);
} catch (InvalidJwtException exp) {
logger.error("oAuth Invalid Jwt token:{}, exception:{} ", token, exp);
throw new WebApplicationException("Jwt Token is Invalid.", Response.status(Response.Status.UNAUTHORIZED).build());
}
}
logger.info("Token is NOT JWT hence introspecting it as Reference token ");
IntrospectionResponse introspectionResponse = openIdService.getIntrospectionResponse(token, token.substring("Bearer".length()).trim(), issuer);
logger.trace("oAuth Authorization introspectionResponse:{}", introspectionResponse);
if (introspectionResponse == null || !introspectionResponse.isActive()) {
logger.error("Token is Invalid.");
throw new WebApplicationException("Token is Invalid.", Response.status(Response.Status.UNAUTHORIZED).build());
}
List<String> tokenScopes = introspectionResponse.getScope();
// Validate Scopes
acccessToken = validateScope(acccessToken, tokenScopes, resourceInfo, issuer);
boolean isAuthorized = externalAuthorization(token, issuer, method, path);
logger.debug("Custom authorization - isAuthorized:{}", isAuthorized);
return acccessToken;
}
Also used :
InvalidJwtException(io.jans.as.model.exception.InvalidJwtException)
WebApplicationException(javax.ws.rs.WebApplicationException)
IntrospectionResponse(io.jans.as.model.common.IntrospectionResponse)
Example 9 with IntrospectionResponse
use of io.jans.as.model.common.IntrospectionResponse in project jans by JanssenProject.
the class OpenIdAuthorizationService method validateScope.
private String validateScope(String accessToken, List<String> tokenScopes, ResourceInfo resourceInfo, String issuer) throws WebApplicationException {
logger.debug("Validate scope, accessToken:{}, tokenScopes:{}, resourceInfo: {}, issuer: {}", accessToken, tokenScopes, resourceInfo, issuer);
try {
// Get resource scope
List<String> resourceScopes = getRequestedScopes(resourceInfo);
// Check if resource requires auth server specific scope
List<String> authSpecificScope = getAuthSpecificScopeRequired(resourceInfo);
logger.debug(" resourceScopes:{}, authSpecificScope:{} ", resourceScopes, authSpecificScope);
// If No auth scope required OR if token contains the authSpecificScope
if ((authSpecificScope == null || authSpecificScope.isEmpty())) {
logger.debug("Validating token scopes as no authSpecificScope required");
if (!validateScope(tokenScopes, resourceScopes)) {
logger.error("Insufficient scopes! Required scope:{} - however token scopes:{}", resourceScopes, tokenScopes);
throw new WebApplicationException("Insufficient scopes! , Required scope: " + resourceScopes + ", however token scopes: " + tokenScopes, Response.status(Response.Status.UNAUTHORIZED).build());
}
return AUTHENTICATION_SCHEME + accessToken;
}
// find missing scopes
List<String> missingScopes = findMissingElements(resourceScopes, tokenScopes);
logger.debug("missingScopes:{}", missingScopes);
// error
if (missingScopes != null && !missingScopes.isEmpty() && !isEqualCollection(missingScopes, authSpecificScope)) {
logger.error("Insufficient scopes!! Required scope:{}, , however token scopes:{} ", resourceScopes, tokenScopes);
throw new WebApplicationException("Insufficient scopes!! , Required scope: " + resourceScopes + ", however token scopes: " + tokenScopes, Response.status(Response.Status.UNAUTHORIZED).build());
}
// Generate token with required resourceScopes
resourceScopes.addAll(authSpecificScope);
accessToken = openIdService.requestAccessToken(authUtil.getClientId(), resourceScopes);
logger.debug("Introspecting new accessToken:{}", accessToken);
// Introspect
IntrospectionResponse introspectionResponse = openIdService.getIntrospectionResponse(AUTHENTICATION_SCHEME + accessToken, accessToken, authUtil.getIssuer());
// Validate Token Scope
if (!validateScope(introspectionResponse.getScope(), resourceScopes)) {
logger.error("Insufficient scopes!!! for new token as well - Required scope:{}, token scopes:{}", resourceScopes, introspectionResponse.getScope());
throw new WebApplicationException("Insufficient scopes!!! Required scope: " + resourceScopes + ", token scopes: " + introspectionResponse.getScope(), Response.status(Response.Status.UNAUTHORIZED).build());
}
logger.info("Token scopes Valid Returning accessToken:{}", accessToken);
return AUTHENTICATION_SCHEME + accessToken;
} catch (Exception ex) {
if (log.isErrorEnabled()) {
log.error("oAuth authorization error:{} ", ex.getMessage());
}
throw new WebApplicationException("oAuth authorization error " + ex.getMessage(), Response.status(Response.Status.INTERNAL_SERVER_ERROR).build());
}
}
Also used :
WebApplicationException(javax.ws.rs.WebApplicationException)
IntrospectionResponse(io.jans.as.model.common.IntrospectionResponse)
WebApplicationException(javax.ws.rs.WebApplicationException)
InvalidJwtException(io.jans.as.model.exception.InvalidJwtException)
Example 10 with IntrospectionResponse
use of io.jans.as.model.common.IntrospectionResponse in project jans by JanssenProject.
the class IntrospectionWebServiceEmbeddedTest method introspection.
@Test(dependsOnMethods = "requestTokenToIntrospect")
@Parameters({ "introspectionPath" })
public void introspection(final String introspectionPath) throws Exception {
Builder request = ResteasyClientBuilder.newClient().target(url.toString() + introspectionPath).request();
request.header("Accept", "application/json");
request.header("Authorization", "Bearer " + authorization.getAccessToken());
Response response = request.post(Entity.form(new Form("token", tokenToIntrospect.getAccessToken())));
String entity = response.readEntity(String.class);
showResponse("introspection", response, entity);
assertEquals(response.getStatus(), 200);
try {
final IntrospectionResponse t = ServerUtil.createJsonMapper().readValue(entity, IntrospectionResponse.class);
assertTrue(t != null && t.isActive());
} catch (Exception e) {
e.printStackTrace();
fail();
}
}
Also used :
IntrospectionResponse(io.jans.as.model.common.IntrospectionResponse)
Response(javax.ws.rs.core.Response)
Form(javax.ws.rs.core.Form)
IntrospectionResponse(io.jans.as.model.common.IntrospectionResponse)
ResteasyClientBuilder(org.jboss.resteasy.client.jaxrs.ResteasyClientBuilder)
Builder(javax.ws.rs.client.Invocation.Builder)
Parameters(org.testng.annotations.Parameters)
Test(org.testng.annotations.Test)
BaseTest(io.jans.as.server.BaseTest)
Aggregations
IntrospectionResponse (io.jans.as.model.common.IntrospectionResponse)13
Parameters (org.testng.annotations.Parameters)4
Test (org.testng.annotations.Test)4
BaseTest (io.jans.as.client.BaseTest)3
IntrospectionService (io.jans.as.client.service.IntrospectionService)3
InvalidJwtException (io.jans.as.model.exception.InvalidJwtException)3
Token (io.jans.as.model.uma.wrapper.Token)3
Response (javax.ws.rs.core.Response)3
HttpException (io.jans.ca.server.HttpException)2
WebApplicationException (javax.ws.rs.WebApplicationException)2
Builder (javax.ws.rs.client.Invocation.Builder)2
JwkResponse (io.jans.as.client.JwkResponse)1
TokenResponse (io.jans.as.client.TokenResponse)1
AuthCryptoProvider (io.jans.as.model.crypto.AuthCryptoProvider)1
SignatureAlgorithm (io.jans.as.model.crypto.signature.SignatureAlgorithm)1
Jwt (io.jans.as.model.jwt.Jwt)1
JwtClaims (io.jans.as.model.jwt.JwtClaims)1
BaseTest (io.jans.as.server.BaseTest)1
CorrectRptIntrospectionResponse (io.jans.ca.common.introspection.CorrectRptIntrospectionResponse)1
POJOResponse (io.jans.ca.common.response.POJOResponse)1
