Search in sources :

Example 1 with Claim

use of io.jans.as.server.model.authorize.Claim in project jans by JanssenProject.

the class AuthorizeAction method getRequestedClaims.

public List<String> getRequestedClaims() {
    Set<String> result = new HashSet<String>();
    String requestJwt = request;
    if (StringUtils.isBlank(requestJwt) && StringUtils.isNotBlank(requestUri)) {
        try {
            URI reqUri = new URI(requestUri);
            String reqUriHash = reqUri.getFragment();
            String reqUriWithoutFragment = reqUri.getScheme() + ":" + reqUri.getSchemeSpecificPart();
            javax.ws.rs.client.Client clientRequest = ClientBuilder.newClient();
            try {
                Response clientResponse = clientRequest.target(reqUriWithoutFragment).request().buildGet().invoke();
                clientRequest.close();
                int status = clientResponse.getStatus();
                if (status == 200) {
                    String entity = clientResponse.readEntity(String.class);
                    if (StringUtils.isBlank(reqUriHash)) {
                        requestJwt = entity;
                    } else {
                        String hash = Base64Util.base64urlencode(JwtUtil.getMessageDigestSHA256(entity));
                        if (StringUtils.equals(reqUriHash, hash)) {
                            requestJwt = entity;
                        }
                    }
                }
            } finally {
                clientRequest.close();
            }
        } catch (Exception e) {
            log.error(e.getMessage(), e);
        }
    }
    if (StringUtils.isNotBlank(requestJwt)) {
        try {
            Client client = clientService.getClient(clientId);
            if (client != null) {
                JwtAuthorizationRequest jwtAuthorizationRequest = new JwtAuthorizationRequest(appConfiguration, cryptoProvider, request, client);
                if (jwtAuthorizationRequest.getUserInfoMember() != null) {
                    for (Claim claim : jwtAuthorizationRequest.getUserInfoMember().getClaims()) {
                        result.add(claim.getName());
                    }
                }
                if (jwtAuthorizationRequest.getIdTokenMember() != null) {
                    for (Claim claim : jwtAuthorizationRequest.getIdTokenMember().getClaims()) {
                        result.add(claim.getName());
                    }
                }
            }
        } catch (EntryPersistenceException | InvalidJwtException e) {
            log.error(e.getMessage(), e);
        }
    }
    return new ArrayList<>(result);
}
Also used : InvalidJwtException(io.jans.as.model.exception.InvalidJwtException) EntryPersistenceException(io.jans.orm.exception.EntryPersistenceException) URI(java.net.URI) InvalidJwtException(io.jans.as.model.exception.InvalidJwtException) AcrChangedException(io.jans.as.server.model.exception.AcrChangedException) WebApplicationException(javax.ws.rs.WebApplicationException) UnsupportedEncodingException(java.io.UnsupportedEncodingException) EntryPersistenceException(io.jans.orm.exception.EntryPersistenceException) IOException(java.io.IOException) Response(javax.ws.rs.core.Response) HttpServletResponse(javax.servlet.http.HttpServletResponse) JwtAuthorizationRequest(io.jans.as.server.model.authorize.JwtAuthorizationRequest) Client(io.jans.as.common.model.registration.Client) Claim(io.jans.as.server.model.authorize.Claim)

Example 2 with Claim

use of io.jans.as.server.model.authorize.Claim in project jans by JanssenProject.

the class ParValidator method setParAttributesFromIdTokenMember.

private void setParAttributesFromIdTokenMember(@NotNull Par par, @NotNull JwtAuthorizationRequest jwtRequest) {
    final IdTokenMember idTokenMember = jwtRequest.getIdTokenMember();
    if (idTokenMember == null) {
        return;
    }
    if (idTokenMember.getMaxAge() != null) {
        par.getAttributes().setMaxAge(idTokenMember.getMaxAge());
    }
    final Claim acrClaim = idTokenMember.getClaim(JwtClaimName.AUTHENTICATION_CONTEXT_CLASS_REFERENCE);
    if (acrClaim != null && acrClaim.getClaimValue() != null) {
        par.getAttributes().setAcrValuesStr(acrClaim.getClaimValue().getValueAsString());
    }
}
Also used : IdTokenMember(io.jans.as.server.model.authorize.IdTokenMember) Claim(io.jans.as.server.model.authorize.Claim)

Example 3 with Claim

use of io.jans.as.server.model.authorize.Claim in project jans by JanssenProject.

the class UserInfoRestWebServiceImpl method getJSonResponse.

/**
 * Builds a JSon String with the response parameters.
 */
public String getJSonResponse(User user, AuthorizationGrant authorizationGrant, Collection<String> scopes) throws InvalidClaimException, ParseException {
    log.trace("Building JSON reponse with next scopes {} for user {} and user custom attributes {}", scopes, user.getUserId(), user.getCustomAttributes());
    JsonWebResponse jsonWebResponse = new JsonWebResponse();
    // Claims
    List<Scope> dynamicScopes = new ArrayList<>();
    for (String scopeName : scopes) {
        Scope scope = scopeService.getScopeById(scopeName);
        if ((scope != null) && (ScopeType.DYNAMIC == scope.getScopeType())) {
            dynamicScopes.add(scope);
            continue;
        }
        Map<String, Object> claims = scopeService.getClaims(user, scope);
        if (claims == null) {
            continue;
        }
        if (scope == null) {
            log.trace("Unable to find scope in persistence. Is it removed? Scope name: {}", scopeName);
        }
        if (scope != null && Boolean.TRUE.equals(scope.isGroupClaims())) {
            JwtSubClaimObject groupClaim = new JwtSubClaimObject();
            groupClaim.setName(scope.getId());
            for (Map.Entry<String, Object> entry : claims.entrySet()) {
                String key = entry.getKey();
                Object value = entry.getValue();
                if (value instanceof List) {
                    groupClaim.setClaim(key, (List<String>) value);
                } else {
                    groupClaim.setClaim(key, String.valueOf(value));
                }
            }
            jsonWebResponse.getClaims().setClaim(scope.getId(), groupClaim);
        } else {
            for (Map.Entry<String, Object> entry : claims.entrySet()) {
                String key = entry.getKey();
                Object value = entry.getValue();
                if (value instanceof List) {
                    jsonWebResponse.getClaims().setClaim(key, (List<String>) value);
                } else if (value instanceof Boolean) {
                    jsonWebResponse.getClaims().setClaim(key, (Boolean) value);
                } else if (value instanceof Date) {
                    jsonWebResponse.getClaims().setClaim(key, ((Date) value).getTime() / 1000);
                } else {
                    jsonWebResponse.getClaims().setClaim(key, String.valueOf(value));
                }
            }
        }
    }
    if (authorizationGrant.getClaims() != null) {
        JSONObject claimsObj = new JSONObject(authorizationGrant.getClaims());
        if (claimsObj.has("userinfo")) {
            JSONObject userInfoObj = claimsObj.getJSONObject("userinfo");
            for (Iterator<String> it = userInfoObj.keys(); it.hasNext(); ) {
                String claimName = it.next();
                // ClaimValueType.OPTIONAL.equals(claim.getClaimValue().getClaimValueType());
                boolean optional = true;
                GluuAttribute gluuAttribute = attributeService.getByClaimName(claimName);
                if (gluuAttribute != null) {
                    String ldapClaimName = gluuAttribute.getName();
                    Object attribute = user.getAttribute(ldapClaimName, optional, gluuAttribute.getOxMultiValuedAttribute());
                    jsonWebResponse.getClaims().setClaimFromJsonObject(claimName, attribute);
                }
            }
        }
    }
    if (authorizationGrant.getJwtAuthorizationRequest() != null && authorizationGrant.getJwtAuthorizationRequest().getUserInfoMember() != null) {
        for (Claim claim : authorizationGrant.getJwtAuthorizationRequest().getUserInfoMember().getClaims()) {
            // ClaimValueType.OPTIONAL.equals(claim.getClaimValue().getClaimValueType());
            boolean optional = true;
            GluuAttribute gluuAttribute = attributeService.getByClaimName(claim.getName());
            if (gluuAttribute != null) {
                Client client = authorizationGrant.getClient();
                if (validateRequesteClaim(gluuAttribute, client.getClaims(), scopes)) {
                    String ldapClaimName = gluuAttribute.getName();
                    Object attribute = user.getAttribute(ldapClaimName, optional, gluuAttribute.getOxMultiValuedAttribute());
                    jsonWebResponse.getClaims().setClaimFromJsonObject(claim.getName(), attribute);
                }
            }
        }
    }
    jsonWebResponse.getClaims().setSubjectIdentifier(authorizationGrant.getSub());
    if ((dynamicScopes.size() > 0) && externalDynamicScopeService.isEnabled()) {
        final UnmodifiableAuthorizationGrant unmodifiableAuthorizationGrant = new UnmodifiableAuthorizationGrant(authorizationGrant);
        DynamicScopeExternalContext dynamicScopeContext = new DynamicScopeExternalContext(dynamicScopes, jsonWebResponse, unmodifiableAuthorizationGrant);
        externalDynamicScopeService.executeExternalUpdateMethods(dynamicScopeContext);
    }
    return jsonWebResponse.toString();
}
Also used : JsonWebResponse(io.jans.as.model.token.JsonWebResponse) ArrayList(java.util.ArrayList) DynamicScopeExternalContext(io.jans.as.server.service.external.context.DynamicScopeExternalContext) JwtSubClaimObject(io.jans.as.model.jwt.JwtSubClaimObject) Date(java.util.Date) GluuAttribute(io.jans.model.GluuAttribute) UnmodifiableAuthorizationGrant(io.jans.as.server.model.common.UnmodifiableAuthorizationGrant) DefaultScope(io.jans.as.server.model.common.DefaultScope) Scope(io.jans.as.persistence.model.Scope) JSONObject(org.json.JSONObject) JSONObject(org.json.JSONObject) JwtSubClaimObject(io.jans.as.model.jwt.JwtSubClaimObject) List(java.util.List) ArrayList(java.util.ArrayList) AuthorizationGrantList(io.jans.as.server.model.common.AuthorizationGrantList) Client(io.jans.as.common.model.registration.Client) Map(java.util.Map) Claim(io.jans.as.server.model.authorize.Claim)

Example 4 with Claim

use of io.jans.as.server.model.authorize.Claim in project jans by JanssenProject.

the class IdTokenFactory method setClaimsFromJwtAuthorizationRequest.

private void setClaimsFromJwtAuthorizationRequest(JsonWebResponse jwr, IAuthorizationGrant authorizationGrant, Set<String> scopes) throws InvalidClaimException {
    final JwtAuthorizationRequest requestObject = authorizationGrant.getJwtAuthorizationRequest();
    if (requestObject == null || requestObject.getIdTokenMember() == null) {
        return;
    }
    for (Claim claim : requestObject.getIdTokenMember().getClaims()) {
        // ClaimValueType.OPTIONAL.equals(claim.getClaimValue().getClaimValueType());
        boolean optional = true;
        GluuAttribute gluuAttribute = attributeService.getByClaimName(claim.getName());
        if (gluuAttribute == null) {
            continue;
        }
        Client client = authorizationGrant.getClient();
        if (validateRequesteClaim(gluuAttribute, client.getClaims(), scopes)) {
            String ldapClaimName = gluuAttribute.getName();
            Object attribute = authorizationGrant.getUser().getAttribute(ldapClaimName, optional, gluuAttribute.getOxMultiValuedAttribute());
            jwr.getClaims().setClaimFromJsonObject(claim.getName(), attribute);
        }
    }
}
Also used : JwtAuthorizationRequest(io.jans.as.server.model.authorize.JwtAuthorizationRequest) JSONObject(org.json.JSONObject) JwtSubClaimObject(io.jans.as.model.jwt.JwtSubClaimObject) Client(io.jans.as.common.model.registration.Client) Claim(io.jans.as.server.model.authorize.Claim) GluuAttribute(io.jans.model.GluuAttribute)

Aggregations

Claim (io.jans.as.server.model.authorize.Claim)4 Client (io.jans.as.common.model.registration.Client)3 JwtSubClaimObject (io.jans.as.model.jwt.JwtSubClaimObject)2 JwtAuthorizationRequest (io.jans.as.server.model.authorize.JwtAuthorizationRequest)2 GluuAttribute (io.jans.model.GluuAttribute)2 JSONObject (org.json.JSONObject)2 InvalidJwtException (io.jans.as.model.exception.InvalidJwtException)1 JsonWebResponse (io.jans.as.model.token.JsonWebResponse)1 Scope (io.jans.as.persistence.model.Scope)1 IdTokenMember (io.jans.as.server.model.authorize.IdTokenMember)1 AuthorizationGrantList (io.jans.as.server.model.common.AuthorizationGrantList)1 DefaultScope (io.jans.as.server.model.common.DefaultScope)1 UnmodifiableAuthorizationGrant (io.jans.as.server.model.common.UnmodifiableAuthorizationGrant)1 AcrChangedException (io.jans.as.server.model.exception.AcrChangedException)1 DynamicScopeExternalContext (io.jans.as.server.service.external.context.DynamicScopeExternalContext)1 EntryPersistenceException (io.jans.orm.exception.EntryPersistenceException)1 IOException (java.io.IOException)1 UnsupportedEncodingException (java.io.UnsupportedEncodingException)1 URI (java.net.URI)1 ArrayList (java.util.ArrayList)1