use of io.jans.as.model.uma.RptIntrospectionResponse in project jans by JanssenProject.
the class UmaSpontaneousScopeHttpTest method rptStatus.
@Test(dependsOnMethods = { "successfulRptRequest" })
@Parameters()
public void rptStatus() {
showTitle("rptStatus");
final RptIntrospectionResponse status = this.rptStatusService.requestRptStatus("Bearer " + pat.getAccessToken(), rpt, "");
assertIt(status);
// at the end scope registered by permission must be present in RPT permission with scope allowed by spontaneous scope check
assertTrue(status.getPermissions().get(0).getScopes().contains(USER_2_SCOPE));
}
use of io.jans.as.model.uma.RptIntrospectionResponse in project jans by JanssenProject.
the class TTokenRequest method requestRptStatus.
public RptIntrospectionResponse requestRptStatus(String p_umaRptStatusPath, final String rpt) {
final Holder<RptIntrospectionResponse> h = new Holder<RptIntrospectionResponse>();
try {
Builder request = ResteasyClientBuilder.newClient().target(baseUri.toString() + p_umaRptStatusPath).request();
request.header("Content-Type", MediaType.APPLICATION_FORM_URLENCODED);
// todo uma2
// request.header("Authorization", "Bearer " + p_aat.getAccessToken());
Response response = request.post(Entity.form(new Form("token", rpt)));
String entity = response.readEntity(String.class);
// try {
// final String json =
// ServerUtil.createJsonMapper().writeValueAsString(rpt);
// request.setContent(Util.getBytes(json));
// request.setContentType(UmaConstants.JSON_MEDIA_TYPE);
// } catch (IOException e) {
// e.printStackTrace();
// fail();
// }
BaseTest.showResponse("UMA : TTokenRequest.requestRptStatus() : ", response, entity);
assertEquals(response.getStatus(), Response.Status.OK.getStatusCode(), "Unexpected response code.");
try {
final RptIntrospectionResponse result = ServerUtil.createJsonMapper().readValue(entity, RptIntrospectionResponse.class);
Assert.assertNotNull(result);
h.setT(result);
} catch (IOException e) {
e.printStackTrace();
fail();
}
} catch (Exception e) {
e.printStackTrace();
fail();
}
return h.getT();
}
use of io.jans.as.model.uma.RptIntrospectionResponse in project jans by JanssenProject.
the class RptPreProcessInterceptor method preProcess.
public ServerResponse preProcess(HttpRequest request) throws Failure, WebApplicationException {
String path = getPath(request);
String httpMethod = request.getHttpMethod();
Key key = resourceRegistrar.getKey(path, httpMethod);
if (key == null) {
LOG.debug("Resource is not protected with UMA, path:" + path + ", httpMethod: " + httpMethod);
return null;
}
try {
String rpt = getRpt(request.getHttpHeaders());
if (!Strings.isNullOrEmpty(rpt)) {
LOG.debug("RPT present in request");
final RptIntrospectionResponse status = requestRptStatus(rpt);
if (hasPermission(status, key, httpMethod, isGat(rpt))) {
LOG.debug("RPT has enough permissions, access GRANTED. Path: " + path + ", httpMethod:" + httpMethod);
return null;
}
}
} catch (Exception e) {
LOG.error(e.getMessage(), e);
if (e instanceof ClientErrorException) {
LOG.error("Entity: " + ((((ClientErrorException) e).getResponse()).readEntity(String.class)));
}
return new ServerResponse((BuiltResponse) Response.status(Response.Status.INTERNAL_SERVER_ERROR).entity(e.getMessage()).build());
}
// If the client's request at the protected resource has no RPT,
// or has an invalid RPT or insufficient authorization data associated with the RPT as determined through
// RPT status checking (see Section 3.4), then assuming the resource server chooses to respond to the client,
// it MUST use the protection API's permission registration endpoint to register a requested permission with
// the corresponding authorization server.
LOG.debug("Client does not present valid RPT. Registering permission ticket ...");
return new ServerResponse((BuiltResponse) registerTicketResponse(path, httpMethod));
}
use of io.jans.as.model.uma.RptIntrospectionResponse in project jans by JanssenProject.
the class AccessProtectedResourceFlowWSTest method _3_hostDeterminesRptStatus.
/*
* **************************************************************** 3. Host
* determines RPT status
*/
@Test(dependsOnMethods = { "_2_requesterAccessProtectedResourceWithNotEnoughPermissionsRpt" })
@Parameters({ "umaRptStatusPath" })
public void _3_hostDeterminesRptStatus(String umaRptStatusPath) throws Exception {
final RptIntrospectionResponse status = TUma.requestRptStatus(url, umaRptStatusPath, rpt.getRpt());
Assert.assertTrue(status.getActive(), "Token response status is not active");
Assert.assertTrue(status.getPermissions() == null || status.getPermissions().isEmpty(), "Permissions list is not empty.");
}
use of io.jans.as.model.uma.RptIntrospectionResponse in project jans by JanssenProject.
the class UmaRptIntrospectionWS method introspect.
private Response introspect(String authorization, String token, HttpServletRequest httpRequest, HttpServletResponse httpResponse) {
try {
errorResponseFactory.validateComponentEnabled(ComponentType.UMA);
umaValidationService.assertHasProtectionScope(authorization);
final UmaRPT rpt = rptService.getRPTByCode(token);
if (!isValid(rpt)) {
return Response.status(Response.Status.OK).entity(new RptIntrospectionResponse(false)).cacheControl(ServerUtil.cacheControl(true)).build();
}
final List<io.jans.as.model.uma.UmaPermission> permissions = buildStatusResponsePermissions(rpt);
// active status
final RptIntrospectionResponse statusResponse = new RptIntrospectionResponse();
statusResponse.setActive(true);
statusResponse.setExpiresAt(ServerUtil.dateToSeconds(rpt.getExpirationDate()));
statusResponse.setIssuedAt(ServerUtil.dateToSeconds(rpt.getCreationDate()));
statusResponse.setPermissions(permissions);
statusResponse.setClientId(rpt.getClientId());
statusResponse.setAud(rpt.getClientId());
statusResponse.setSub(rpt.getUserId());
final List<UmaPermission> rptPermissions = rptService.getRptPermissions(rpt);
if (!rptPermissions.isEmpty()) {
UmaPermission permission = rptPermissions.iterator().next();
String pctCode = permission.getAttributes().get(UmaPermission.PCT);
if (StringHelper.isNotEmpty(pctCode)) {
UmaPCT pct = pctService.getByCode(pctCode);
if (pct != null) {
statusResponse.setPctClaims(pct.getClaims().toMap());
} else {
log.error("Failed to find PCT with code: {} which is taken from permission object: {}", pctCode, permission.getDn());
}
} else {
log.trace("PCT code is blank for RPT: {}", rpt.getCode());
}
}
JSONObject rptAsJson = new JSONObject(ServerUtil.asJson(statusResponse));
ExternalUmaRptClaimsContext context = new ExternalUmaRptClaimsContext(clientService.getClient(rpt.getClientId()), httpRequest, httpResponse);
if (externalUmaRptClaimsService.externalModify(rptAsJson, context)) {
log.trace("Successfully run external RPT Claims script associated with {}", rpt.getClientId());
} else {
rptAsJson = new JSONObject(ServerUtil.asJson(statusResponse));
log.trace("Canceled changes made by external RPT Claims script since method returned `false`.");
}
return Response.status(Response.Status.OK).entity(rptAsJson.toString()).type(MediaType.APPLICATION_JSON_TYPE).cacheControl(ServerUtil.cacheControl(true)).build();
} catch (Exception ex) {
log.error("Exception happened", ex);
if (ex instanceof WebApplicationException) {
throw (WebApplicationException) ex;
}
throw errorResponseFactory.createWebApplicationException(Response.Status.INTERNAL_SERVER_ERROR, UmaErrorResponseType.SERVER_ERROR, "Internal error.");
}
}
Aggregations