use of io.jans.as.model.common.IntrospectionResponse in project jans by JanssenProject.
the class IntrospectionWsHttpTest method basicAuthentication.
@Test
@Parameters({ "umaPatClientId", "umaPatClientSecret" })
public void basicAuthentication(final String umaPatClientId, final String umaPatClientSecret) throws Exception {
final Token tokenToIntrospect = UmaClient.requestPat(tokenEndpoint, umaPatClientId, umaPatClientSecret, clientEngine(true));
final IntrospectionService introspectionService = ClientFactory.instance().createIntrospectionService(introspectionEndpoint, clientEngine(true));
final IntrospectionResponse introspectionResponse = introspectionService.introspectToken("Basic " + BaseRequest.getEncodedCredentials(umaPatClientId, umaPatClientSecret), tokenToIntrospect.getAccessToken());
assertTrue(introspectionResponse != null && introspectionResponse.isActive());
}
use of io.jans.as.model.common.IntrospectionResponse in project jans by JanssenProject.
the class IntrospectionWsHttpTest method bearer.
@Test
@Parameters({ "umaPatClientId", "umaPatClientSecret" })
public void bearer(final String umaPatClientId, final String umaPatClientSecret) throws Exception {
final Token authorization = UmaClient.requestPat(tokenEndpoint, umaPatClientId, umaPatClientSecret);
final Token tokenToIntrospect = UmaClient.requestPat(tokenEndpoint, umaPatClientId, umaPatClientSecret);
final IntrospectionService introspectionService = ClientFactory.instance().createIntrospectionService(introspectionEndpoint);
final IntrospectionResponse introspectionResponse = introspectionService.introspectToken("Bearer " + authorization.getAccessToken(), tokenToIntrospect.getAccessToken());
assertTrue(introspectionResponse != null && introspectionResponse.isActive());
}
use of io.jans.as.model.common.IntrospectionResponse in project jans by JanssenProject.
the class OpenIdAuthorizationService method processAuthorization.
public String processAuthorization(String token, String issuer, ResourceInfo resourceInfo, String method, String path) throws Exception {
logger.debug("oAuth Authorization parameters , token:{}, issuer:{}, resourceInfo:{}, method: {}, path: {} ", token, issuer, resourceInfo, method, path);
if (StringUtils.isBlank(token)) {
logger.error("Token is blank !!!");
throw new WebApplicationException("Token is blank.", Response.status(Response.Status.UNAUTHORIZED).build());
}
// Validate issuer
logger.info("Validate issuer");
if (StringUtils.isNotBlank(issuer) && !authUtil.isValidIssuer(issuer)) {
throw new WebApplicationException("Header Issuer is Invalid.", Response.status(Response.Status.UNAUTHORIZED).build());
}
// Check the type of token simple, jwt, reference
logger.info("Verify if JWT");
String acccessToken = token.substring("Bearer".length()).trim();
boolean isJwtToken = jwtUtil.isJwt(acccessToken);
if (isJwtToken) {
try {
logger.info("Since token is JWT Validate it");
jwtUtil.parse(acccessToken);
List<String> tokenScopes = jwtUtil.validateToken(acccessToken);
logger.debug(" tokenScopes:{} ", tokenScopes);
// Validate Scopes
return this.validateScope(acccessToken, tokenScopes, resourceInfo, issuer);
} catch (InvalidJwtException exp) {
logger.error("oAuth Invalid Jwt token:{}, exception:{} ", token, exp);
throw new WebApplicationException("Jwt Token is Invalid.", Response.status(Response.Status.UNAUTHORIZED).build());
}
}
logger.info("Token is NOT JWT hence introspecting it as Reference token ");
IntrospectionResponse introspectionResponse = openIdService.getIntrospectionResponse(token, token.substring("Bearer".length()).trim(), issuer);
logger.trace("oAuth Authorization introspectionResponse:{}", introspectionResponse);
if (introspectionResponse == null || !introspectionResponse.isActive()) {
logger.error("Token is Invalid.");
throw new WebApplicationException("Token is Invalid.", Response.status(Response.Status.UNAUTHORIZED).build());
}
List<String> tokenScopes = introspectionResponse.getScope();
// Validate Scopes
acccessToken = validateScope(acccessToken, tokenScopes, resourceInfo, issuer);
boolean isAuthorized = externalAuthorization(token, issuer, method, path);
logger.debug("Custom authorization - isAuthorized:{}", isAuthorized);
return acccessToken;
}
use of io.jans.as.model.common.IntrospectionResponse in project jans by JanssenProject.
the class OpenIdAuthorizationService method validateScope.
private String validateScope(String accessToken, List<String> tokenScopes, ResourceInfo resourceInfo, String issuer) throws WebApplicationException {
logger.debug("Validate scope, accessToken:{}, tokenScopes:{}, resourceInfo: {}, issuer: {}", accessToken, tokenScopes, resourceInfo, issuer);
try {
// Get resource scope
List<String> resourceScopes = getRequestedScopes(resourceInfo);
// Check if resource requires auth server specific scope
List<String> authSpecificScope = getAuthSpecificScopeRequired(resourceInfo);
logger.debug(" resourceScopes:{}, authSpecificScope:{} ", resourceScopes, authSpecificScope);
// If No auth scope required OR if token contains the authSpecificScope
if ((authSpecificScope == null || authSpecificScope.isEmpty())) {
logger.debug("Validating token scopes as no authSpecificScope required");
if (!validateScope(tokenScopes, resourceScopes)) {
logger.error("Insufficient scopes! Required scope:{} - however token scopes:{}", resourceScopes, tokenScopes);
throw new WebApplicationException("Insufficient scopes! , Required scope: " + resourceScopes + ", however token scopes: " + tokenScopes, Response.status(Response.Status.UNAUTHORIZED).build());
}
return AUTHENTICATION_SCHEME + accessToken;
}
// find missing scopes
List<String> missingScopes = findMissingElements(resourceScopes, tokenScopes);
logger.debug("missingScopes:{}", missingScopes);
// error
if (missingScopes != null && !missingScopes.isEmpty() && !isEqualCollection(missingScopes, authSpecificScope)) {
logger.error("Insufficient scopes!! Required scope:{}, , however token scopes:{} ", resourceScopes, tokenScopes);
throw new WebApplicationException("Insufficient scopes!! , Required scope: " + resourceScopes + ", however token scopes: " + tokenScopes, Response.status(Response.Status.UNAUTHORIZED).build());
}
// Generate token with required resourceScopes
resourceScopes.addAll(authSpecificScope);
accessToken = openIdService.requestAccessToken(authUtil.getClientId(), resourceScopes);
logger.debug("Introspecting new accessToken:{}", accessToken);
// Introspect
IntrospectionResponse introspectionResponse = openIdService.getIntrospectionResponse(AUTHENTICATION_SCHEME + accessToken, accessToken, authUtil.getIssuer());
// Validate Token Scope
if (!validateScope(introspectionResponse.getScope(), resourceScopes)) {
logger.error("Insufficient scopes!!! for new token as well - Required scope:{}, token scopes:{}", resourceScopes, introspectionResponse.getScope());
throw new WebApplicationException("Insufficient scopes!!! Required scope: " + resourceScopes + ", token scopes: " + introspectionResponse.getScope(), Response.status(Response.Status.UNAUTHORIZED).build());
}
logger.info("Token scopes Valid Returning accessToken:{}", accessToken);
return AUTHENTICATION_SCHEME + accessToken;
} catch (Exception ex) {
if (log.isErrorEnabled()) {
log.error("oAuth authorization error:{} ", ex.getMessage());
}
throw new WebApplicationException("oAuth authorization error " + ex.getMessage(), Response.status(Response.Status.INTERNAL_SERVER_ERROR).build());
}
}
use of io.jans.as.model.common.IntrospectionResponse in project jans by JanssenProject.
the class IntrospectionWebServiceEmbeddedTest method introspection.
@Test(dependsOnMethods = "requestTokenToIntrospect")
@Parameters({ "introspectionPath" })
public void introspection(final String introspectionPath) throws Exception {
Builder request = ResteasyClientBuilder.newClient().target(url.toString() + introspectionPath).request();
request.header("Accept", "application/json");
request.header("Authorization", "Bearer " + authorization.getAccessToken());
Response response = request.post(Entity.form(new Form("token", tokenToIntrospect.getAccessToken())));
String entity = response.readEntity(String.class);
showResponse("introspection", response, entity);
assertEquals(response.getStatus(), 200);
try {
final IntrospectionResponse t = ServerUtil.createJsonMapper().readValue(entity, IntrospectionResponse.class);
assertTrue(t != null && t.isActive());
} catch (Exception e) {
e.printStackTrace();
fail();
}
}
Aggregations