use of io.jans.as.model.uma.UmaTokenResponse in project jans by JanssenProject.
the class UmaSpontaneousScopeHttpTest method successfulRptRequest.
@Test(dependsOnMethods = { "registerPermissions" })
public void successfulRptRequest() throws Exception {
showTitle("successfulRptRequest");
UmaTokenResponse response = tokenService.requestRpt("Basic " + AccessProtectedResourceFlowHttpTest.encodeCredentials(clientResponse.getClientId(), clientResponse.getClientSecret()), GrantType.OXAUTH_UMA_TICKET.getValue(), permissionFlowTest.ticket, null, null, null, null, null);
assertIt(response);
this.rpt = response.getAccessToken();
}
use of io.jans.as.model.uma.UmaTokenResponse in project jans by JanssenProject.
the class AccessProtectedResourceFlowHttpTest method repeatRptRequest.
@Test(dependsOnMethods = { "successfulRptRequest" })
@Parameters({ "umaPatClientId", "umaPatClientSecret" })
public void repeatRptRequest(String umaPatClientId, String umaPatClientSecret) throws Exception {
showTitle("repeatRptRequest");
rsRegisterPermissions();
requestRptAndGetNeedsInfo(umaPatClientId, umaPatClientSecret);
claimsGathering(umaPatClientId);
showTitle("Request RPT with existing RPT (upgrade case) ... ");
UmaTokenResponse response = tokenService.requestRpt("Basic " + encodeCredentials(umaPatClientId, umaPatClientSecret), GrantType.OXAUTH_UMA_TICKET.getValue(), claimsGatheringTicket, null, null, null, this.rpt, "oxd");
assertIt(response);
assertTrue(response.getUpgraded());
this.rpt = response.getAccessToken();
}
use of io.jans.as.model.uma.UmaTokenResponse in project jans by JanssenProject.
the class AccessProtectedResourceFlowHttpTest method successfulRptRequest.
/**
* Request RPT with all claims provided
*/
@Test(dependsOnMethods = { "claimsGathering" })
@Parameters({ "umaPatClientId", "umaPatClientSecret" })
public void successfulRptRequest(String umaPatClientId, String umaPatClientSecret) throws Exception {
showTitle("successfulRptRequest");
UmaTokenResponse response = tokenService.requestRpt("Basic " + encodeCredentials(umaPatClientId, umaPatClientSecret), GrantType.OXAUTH_UMA_TICKET.getValue(), claimsGatheringTicket, null, null, null, null, null);
assertIt(response);
this.rpt = response.getAccessToken();
}
use of io.jans.as.model.uma.UmaTokenResponse in project jans by JanssenProject.
the class UmaTokenService method requestRpt.
public Response requestRpt(String grantType, String ticket, String claimToken, String claimTokenFormat, String pctCode, String rptCode, String scope, HttpServletRequest httpRequest, HttpServletResponse httpResponse) {
try {
log.trace("requestRpt grant_type: {}, ticket: {}, claim_token: {}, claim_token_format: {}, pct: {}, rpt: {}, scope: {}", grantType, ticket, claimToken, claimTokenFormat, pctCode, rptCode, scope);
umaValidationService.validateGrantType(grantType);
List<UmaPermission> permissions = umaValidationService.validateTicket(ticket);
Jwt idToken = umaValidationService.validateClaimToken(claimToken, claimTokenFormat);
UmaPCT pct = umaValidationService.validatePct(pctCode);
UmaRPT rpt = umaValidationService.validateRPT(rptCode);
Client client = umaValidationService.validate(identity.getSessionClient().getClient());
Map<Scope, Boolean> scopes = umaValidationService.validateScopes(scope, permissions, client);
// creates new pct if pct is null in request
pct = pctService.updateClaims(pct, idToken, client.getClientId(), permissions);
Claims claims = new Claims(idToken, pct, claimToken);
Map<UmaScriptByScope, UmaAuthorizationContext> scriptMap = umaNeedsInfoService.checkNeedsInfo(claims, scopes, permissions, pct, httpRequest, client);
if (!scriptMap.isEmpty()) {
expressionService.evaluate(scriptMap, permissions);
} else {
if (log.isWarnEnabled())
log.warn("There are no any policies that protects scopes. Scopes: {}. Configuration property umaGrantAccessIfNoPolicies: {}", UmaScopeService.asString(scopes.keySet()), appConfiguration.getUmaGrantAccessIfNoPolicies());
if (appConfiguration.getUmaGrantAccessIfNoPolicies() != null && appConfiguration.getUmaGrantAccessIfNoPolicies()) {
log.warn("Access granted because there are no any protection. Make sure it is intentional behavior.");
} else {
log.warn("Access denied because there are no any protection. Make sure it is intentional behavior.");
throw errorResponseFactory.createWebApplicationException(Response.Status.FORBIDDEN, UmaErrorResponseType.FORBIDDEN_BY_POLICY, "Access denied because there are no any protection. Make sure it is intentional behavior.");
}
}
log.trace("Access granted.");
updatePermissionsWithClientRequestedScope(permissions, scopes);
addPctToPermissions(permissions, pct);
boolean upgraded = false;
if (rpt == null) {
ExecutionContext executionContext = new ExecutionContext(httpRequest, httpResponse);
executionContext.setClient(client);
rpt = rptService.createRPTAndPersist(executionContext, permissions);
rptCode = rpt.getNotHashedCode();
} else if (rptService.addPermissionToRPT(rpt, permissions)) {
upgraded = true;
}
UmaTokenResponse response = new UmaTokenResponse();
response.setAccessToken(rptCode);
response.setUpgraded(upgraded);
response.setTokenType("Bearer");
response.setPct(pct.getCode());
return Response.ok(ServerUtil.asJson(response)).build();
} catch (Exception ex) {
log.error("Exception happened", ex);
if (ex instanceof WebApplicationException) {
throw (WebApplicationException) ex;
}
}
log.error("Failed to handle request to UMA Token Endpoint.");
throw errorResponseFactory.createWebApplicationException(Response.Status.INTERNAL_SERVER_ERROR, UmaErrorResponseType.SERVER_ERROR, "Failed to handle request to UMA Token Endpoint.");
}
use of io.jans.as.model.uma.UmaTokenResponse in project jans by JanssenProject.
the class UmaTokenService method getRpt.
public RpGetRptResponse getRpt(RpGetRptParams params) throws Exception {
Rp rp = rpSyncService.getRp(params.getRpId());
UmaMetadata discovery = discoveryService.getUmaDiscoveryByRpId(params.getRpId());
if (!Strings.isNullOrEmpty(rp.getRpt()) && rp.getRptExpiresAt() != null) {
if (!CoreUtils.isExpired(rp.getRptExpiresAt())) {
LOG.debug("RPT from rp, RPT: " + rp.getRpt() + ", rp: " + rp);
RpGetRptResponse result = new RpGetRptResponse();
result.setRpt(rp.getRpt());
result.setTokenType(rp.getRptTokenType());
result.setPct(rp.getRptPct());
result.setUpdated(rp.getRptUpgraded());
return result;
}
}
Builder client = opClientFactory.createClientRequest(discovery.getTokenEndpoint(), httpService.getClientEngine());
client.header("Authorization", "Basic " + Utils.encodeCredentials(rp.getClientId(), rp.getClientSecret()));
Form formRequest = new Form();
formRequest.param("grant_type", GrantType.OXAUTH_UMA_TICKET.getValue());
formRequest.param("ticket", params.getTicket());
if (params.getClaimToken() != null) {
formRequest.param("claim_token", params.getClaimToken());
}
if (params.getClaimTokenFormat() != null) {
formRequest.param("claim_token_format", params.getClaimTokenFormat());
}
if (params.getPct() != null) {
formRequest.param("pct", params.getPct());
}
if (params.getRpt() != null) {
formRequest.param("rpt", params.getRpt());
}
if (params.getScope() != null) {
formRequest.param("scope", Utils.joinAndUrlEncode(params.getScope()));
}
if (params.getParams() != null && !params.getParams().isEmpty()) {
for (Map.Entry<String, String> p : params.getParams().entrySet()) {
formRequest.param(p.getKey(), p.getValue());
}
}
Response response = null;
try {
response = client.buildPost(Entity.form(formRequest)).invoke();
} catch (Exception e) {
LOG.error("Failed to receive RPT response for rp: " + rp, e);
throw new HttpException(ErrorResponseCode.FAILED_TO_GET_RPT);
}
String entityResponse = null;
try {
entityResponse = response.readEntity(String.class);
} catch (Exception e) {
LOG.error("Failed to read RPT response for rp: " + rp, e);
throw new HttpException(ErrorResponseCode.FAILED_TO_GET_RPT);
} finally {
response.close();
}
UmaTokenResponse tokenResponse = asTokenResponse(entityResponse);
if (tokenResponse != null && StringUtils.isNotBlank(tokenResponse.getAccessToken())) {
final IntrospectionService introspectionService = ServerLauncher.getInjector().getInstance(IntrospectionService.class);
CorrectRptIntrospectionResponse status = introspectionService.introspectRpt(params.getRpId(), tokenResponse.getAccessToken());
LOG.debug("RPT " + tokenResponse.getAccessToken() + ", status: " + status);
if (status.getActive()) {
LOG.debug("RPT is successfully obtained from AS. RPT: {}", tokenResponse.getAccessToken());
rp.setRpt(tokenResponse.getAccessToken());
rp.setRptTokenType(tokenResponse.getTokenType());
rp.setRptPct(tokenResponse.getPct());
rp.setRptUpgraded(tokenResponse.getUpgraded());
rp.setRptCreatedAt(new Date(status.getIssuedAt() * 1000));
rp.setRptExpiresAt(new Date(status.getExpiresAt() * 1000));
rpService.updateSilently(rp);
RpGetRptResponse result = new RpGetRptResponse();
result.setRpt(rp.getRpt());
result.setTokenType(rp.getRptTokenType());
result.setPct(rp.getRptPct());
result.setUpdated(rp.getRptUpgraded());
return result;
}
} else {
RpGetRptOperation.handleRptError(response.getStatus(), entityResponse);
}
LOG.error("Failed to get RPT for rp: " + rp);
throw new HttpException(ErrorResponseCode.FAILED_TO_GET_RPT);
}
Aggregations