Search in sources :

Example 1 with RptIntrospectionResponse

use of io.jans.as.model.uma.RptIntrospectionResponse in project jans by JanssenProject.

the class UmaSpontaneousScopeHttpTest method rptStatus.

@Test(dependsOnMethods = { "successfulRptRequest" })
@Parameters()
public void rptStatus() {
    showTitle("rptStatus");
    final RptIntrospectionResponse status = this.rptStatusService.requestRptStatus("Bearer " + pat.getAccessToken(), rpt, "");
    assertIt(status);
    // at the end scope registered by permission must be present in RPT permission with scope allowed by spontaneous scope check
    assertTrue(status.getPermissions().get(0).getScopes().contains(USER_2_SCOPE));
}
Also used : RptIntrospectionResponse(io.jans.as.model.uma.RptIntrospectionResponse) Parameters(org.testng.annotations.Parameters) Test(org.testng.annotations.Test) BaseTest(io.jans.as.client.BaseTest)

Example 2 with RptIntrospectionResponse

use of io.jans.as.model.uma.RptIntrospectionResponse in project jans by JanssenProject.

the class TTokenRequest method requestRptStatus.

public RptIntrospectionResponse requestRptStatus(String p_umaRptStatusPath, final String rpt) {
    final Holder<RptIntrospectionResponse> h = new Holder<RptIntrospectionResponse>();
    try {
        Builder request = ResteasyClientBuilder.newClient().target(baseUri.toString() + p_umaRptStatusPath).request();
        request.header("Content-Type", MediaType.APPLICATION_FORM_URLENCODED);
        // todo uma2
        // request.header("Authorization", "Bearer " + p_aat.getAccessToken());
        Response response = request.post(Entity.form(new Form("token", rpt)));
        String entity = response.readEntity(String.class);
        // try {
        // final String json =
        // ServerUtil.createJsonMapper().writeValueAsString(rpt);
        // request.setContent(Util.getBytes(json));
        // request.setContentType(UmaConstants.JSON_MEDIA_TYPE);
        // } catch (IOException e) {
        // e.printStackTrace();
        // fail();
        // }
        BaseTest.showResponse("UMA : TTokenRequest.requestRptStatus() : ", response, entity);
        assertEquals(response.getStatus(), Response.Status.OK.getStatusCode(), "Unexpected response code.");
        try {
            final RptIntrospectionResponse result = ServerUtil.createJsonMapper().readValue(entity, RptIntrospectionResponse.class);
            Assert.assertNotNull(result);
            h.setT(result);
        } catch (IOException e) {
            e.printStackTrace();
            fail();
        }
    } catch (Exception e) {
        e.printStackTrace();
        fail();
    }
    return h.getT();
}
Also used : RptIntrospectionResponse(io.jans.as.model.uma.RptIntrospectionResponse) RPTResponse(io.jans.as.model.uma.RPTResponse) Response(javax.ws.rs.core.Response) RptIntrospectionResponse(io.jans.as.model.uma.RptIntrospectionResponse) Form(javax.ws.rs.core.Form) Holder(io.jans.as.model.common.Holder) ResteasyClientBuilder(org.jboss.resteasy.client.jaxrs.ResteasyClientBuilder) Builder(javax.ws.rs.client.Invocation.Builder) IOException(java.io.IOException) JSONException(org.json.JSONException) IOException(java.io.IOException)

Example 3 with RptIntrospectionResponse

use of io.jans.as.model.uma.RptIntrospectionResponse in project jans by JanssenProject.

the class RptPreProcessInterceptor method preProcess.

public ServerResponse preProcess(HttpRequest request) throws Failure, WebApplicationException {
    String path = getPath(request);
    String httpMethod = request.getHttpMethod();
    Key key = resourceRegistrar.getKey(path, httpMethod);
    if (key == null) {
        LOG.debug("Resource is not protected with UMA, path:" + path + ", httpMethod: " + httpMethod);
        return null;
    }
    try {
        String rpt = getRpt(request.getHttpHeaders());
        if (!Strings.isNullOrEmpty(rpt)) {
            LOG.debug("RPT present in request");
            final RptIntrospectionResponse status = requestRptStatus(rpt);
            if (hasPermission(status, key, httpMethod, isGat(rpt))) {
                LOG.debug("RPT has enough permissions, access GRANTED. Path: " + path + ", httpMethod:" + httpMethod);
                return null;
            }
        }
    } catch (Exception e) {
        LOG.error(e.getMessage(), e);
        if (e instanceof ClientErrorException) {
            LOG.error("Entity: " + ((((ClientErrorException) e).getResponse()).readEntity(String.class)));
        }
        return new ServerResponse((BuiltResponse) Response.status(Response.Status.INTERNAL_SERVER_ERROR).entity(e.getMessage()).build());
    }
    // If the client's request at the protected resource has no RPT,
    // or has an invalid RPT or insufficient authorization data associated with the RPT as determined through
    // RPT status checking (see Section 3.4), then assuming the resource server chooses to respond to the client,
    // it MUST use the protection API's permission registration endpoint to register a requested permission with
    // the corresponding authorization server.
    LOG.debug("Client does not present valid RPT. Registering permission ticket ...");
    return new ServerResponse((BuiltResponse) registerTicketResponse(path, httpMethod));
}
Also used : ServerResponse(org.jboss.resteasy.core.ServerResponse) RptIntrospectionResponse(io.jans.as.model.uma.RptIntrospectionResponse) ClientErrorException(javax.ws.rs.ClientErrorException) BuiltResponse(org.jboss.resteasy.specimpl.BuiltResponse) ClientErrorException(javax.ws.rs.ClientErrorException) WebApplicationException(javax.ws.rs.WebApplicationException)

Example 4 with RptIntrospectionResponse

use of io.jans.as.model.uma.RptIntrospectionResponse in project jans by JanssenProject.

the class AccessProtectedResourceFlowWSTest method _3_hostDeterminesRptStatus.

/*
     * **************************************************************** 3. Host
     * determines RPT status
     */
@Test(dependsOnMethods = { "_2_requesterAccessProtectedResourceWithNotEnoughPermissionsRpt" })
@Parameters({ "umaRptStatusPath" })
public void _3_hostDeterminesRptStatus(String umaRptStatusPath) throws Exception {
    final RptIntrospectionResponse status = TUma.requestRptStatus(url, umaRptStatusPath, rpt.getRpt());
    Assert.assertTrue(status.getActive(), "Token response status is not active");
    Assert.assertTrue(status.getPermissions() == null || status.getPermissions().isEmpty(), "Permissions list is not empty.");
}
Also used : RptIntrospectionResponse(io.jans.as.model.uma.RptIntrospectionResponse) Parameters(org.testng.annotations.Parameters) Test(org.testng.annotations.Test) BaseTest(io.jans.as.server.BaseTest)

Example 5 with RptIntrospectionResponse

use of io.jans.as.model.uma.RptIntrospectionResponse in project jans by JanssenProject.

the class UmaRptIntrospectionWS method introspect.

private Response introspect(String authorization, String token, HttpServletRequest httpRequest, HttpServletResponse httpResponse) {
    try {
        errorResponseFactory.validateComponentEnabled(ComponentType.UMA);
        umaValidationService.assertHasProtectionScope(authorization);
        final UmaRPT rpt = rptService.getRPTByCode(token);
        if (!isValid(rpt)) {
            return Response.status(Response.Status.OK).entity(new RptIntrospectionResponse(false)).cacheControl(ServerUtil.cacheControl(true)).build();
        }
        final List<io.jans.as.model.uma.UmaPermission> permissions = buildStatusResponsePermissions(rpt);
        // active status
        final RptIntrospectionResponse statusResponse = new RptIntrospectionResponse();
        statusResponse.setActive(true);
        statusResponse.setExpiresAt(ServerUtil.dateToSeconds(rpt.getExpirationDate()));
        statusResponse.setIssuedAt(ServerUtil.dateToSeconds(rpt.getCreationDate()));
        statusResponse.setPermissions(permissions);
        statusResponse.setClientId(rpt.getClientId());
        statusResponse.setAud(rpt.getClientId());
        statusResponse.setSub(rpt.getUserId());
        final List<UmaPermission> rptPermissions = rptService.getRptPermissions(rpt);
        if (!rptPermissions.isEmpty()) {
            UmaPermission permission = rptPermissions.iterator().next();
            String pctCode = permission.getAttributes().get(UmaPermission.PCT);
            if (StringHelper.isNotEmpty(pctCode)) {
                UmaPCT pct = pctService.getByCode(pctCode);
                if (pct != null) {
                    statusResponse.setPctClaims(pct.getClaims().toMap());
                } else {
                    log.error("Failed to find PCT with code: {} which is taken from permission object: {}", pctCode, permission.getDn());
                }
            } else {
                log.trace("PCT code is blank for RPT: {}", rpt.getCode());
            }
        }
        JSONObject rptAsJson = new JSONObject(ServerUtil.asJson(statusResponse));
        ExternalUmaRptClaimsContext context = new ExternalUmaRptClaimsContext(clientService.getClient(rpt.getClientId()), httpRequest, httpResponse);
        if (externalUmaRptClaimsService.externalModify(rptAsJson, context)) {
            log.trace("Successfully run external RPT Claims script associated with {}", rpt.getClientId());
        } else {
            rptAsJson = new JSONObject(ServerUtil.asJson(statusResponse));
            log.trace("Canceled changes made by external RPT Claims script since method returned `false`.");
        }
        return Response.status(Response.Status.OK).entity(rptAsJson.toString()).type(MediaType.APPLICATION_JSON_TYPE).cacheControl(ServerUtil.cacheControl(true)).build();
    } catch (Exception ex) {
        log.error("Exception happened", ex);
        if (ex instanceof WebApplicationException) {
            throw (WebApplicationException) ex;
        }
        throw errorResponseFactory.createWebApplicationException(Response.Status.INTERNAL_SERVER_ERROR, UmaErrorResponseType.SERVER_ERROR, "Internal error.");
    }
}
Also used : UmaPCT(io.jans.as.server.uma.authorization.UmaPCT) ExternalUmaRptClaimsContext(io.jans.as.server.service.external.context.ExternalUmaRptClaimsContext) WebApplicationException(javax.ws.rs.WebApplicationException) WebApplicationException(javax.ws.rs.WebApplicationException) RptIntrospectionResponse(io.jans.as.model.uma.RptIntrospectionResponse) UmaRPT(io.jans.as.server.uma.authorization.UmaRPT) JSONObject(org.json.JSONObject) UmaPermission(io.jans.as.model.uma.persistence.UmaPermission)

Aggregations

RptIntrospectionResponse (io.jans.as.model.uma.RptIntrospectionResponse)7 Parameters (org.testng.annotations.Parameters)3 Test (org.testng.annotations.Test)3 BaseTest (io.jans.as.server.BaseTest)2 WebApplicationException (javax.ws.rs.WebApplicationException)2 BaseTest (io.jans.as.client.BaseTest)1 Holder (io.jans.as.model.common.Holder)1 RPTResponse (io.jans.as.model.uma.RPTResponse)1 UmaPermission (io.jans.as.model.uma.persistence.UmaPermission)1 ExternalUmaRptClaimsContext (io.jans.as.server.service.external.context.ExternalUmaRptClaimsContext)1 UmaPCT (io.jans.as.server.uma.authorization.UmaPCT)1 UmaRPT (io.jans.as.server.uma.authorization.UmaRPT)1 IOException (java.io.IOException)1 ClientErrorException (javax.ws.rs.ClientErrorException)1 Builder (javax.ws.rs.client.Invocation.Builder)1 Form (javax.ws.rs.core.Form)1 Response (javax.ws.rs.core.Response)1 ResteasyClientBuilder (org.jboss.resteasy.client.jaxrs.ResteasyClientBuilder)1 ServerResponse (org.jboss.resteasy.core.ServerResponse)1 BuiltResponse (org.jboss.resteasy.specimpl.BuiltResponse)1