use of io.jans.as.server.model.authorize.Claim in project jans by JanssenProject.
the class AuthorizeAction method getRequestedClaims.
public List<String> getRequestedClaims() {
Set<String> result = new HashSet<String>();
String requestJwt = request;
if (StringUtils.isBlank(requestJwt) && StringUtils.isNotBlank(requestUri)) {
try {
URI reqUri = new URI(requestUri);
String reqUriHash = reqUri.getFragment();
String reqUriWithoutFragment = reqUri.getScheme() + ":" + reqUri.getSchemeSpecificPart();
javax.ws.rs.client.Client clientRequest = ClientBuilder.newClient();
try {
Response clientResponse = clientRequest.target(reqUriWithoutFragment).request().buildGet().invoke();
clientRequest.close();
int status = clientResponse.getStatus();
if (status == 200) {
String entity = clientResponse.readEntity(String.class);
if (StringUtils.isBlank(reqUriHash)) {
requestJwt = entity;
} else {
String hash = Base64Util.base64urlencode(JwtUtil.getMessageDigestSHA256(entity));
if (StringUtils.equals(reqUriHash, hash)) {
requestJwt = entity;
}
}
}
} finally {
clientRequest.close();
}
} catch (Exception e) {
log.error(e.getMessage(), e);
}
}
if (StringUtils.isNotBlank(requestJwt)) {
try {
Client client = clientService.getClient(clientId);
if (client != null) {
JwtAuthorizationRequest jwtAuthorizationRequest = new JwtAuthorizationRequest(appConfiguration, cryptoProvider, request, client);
if (jwtAuthorizationRequest.getUserInfoMember() != null) {
for (Claim claim : jwtAuthorizationRequest.getUserInfoMember().getClaims()) {
result.add(claim.getName());
}
}
if (jwtAuthorizationRequest.getIdTokenMember() != null) {
for (Claim claim : jwtAuthorizationRequest.getIdTokenMember().getClaims()) {
result.add(claim.getName());
}
}
}
} catch (EntryPersistenceException | InvalidJwtException e) {
log.error(e.getMessage(), e);
}
}
return new ArrayList<>(result);
}
use of io.jans.as.server.model.authorize.Claim in project jans by JanssenProject.
the class ParValidator method setParAttributesFromIdTokenMember.
private void setParAttributesFromIdTokenMember(@NotNull Par par, @NotNull JwtAuthorizationRequest jwtRequest) {
final IdTokenMember idTokenMember = jwtRequest.getIdTokenMember();
if (idTokenMember == null) {
return;
}
if (idTokenMember.getMaxAge() != null) {
par.getAttributes().setMaxAge(idTokenMember.getMaxAge());
}
final Claim acrClaim = idTokenMember.getClaim(JwtClaimName.AUTHENTICATION_CONTEXT_CLASS_REFERENCE);
if (acrClaim != null && acrClaim.getClaimValue() != null) {
par.getAttributes().setAcrValuesStr(acrClaim.getClaimValue().getValueAsString());
}
}
use of io.jans.as.server.model.authorize.Claim in project jans by JanssenProject.
the class UserInfoRestWebServiceImpl method getJSonResponse.
/**
* Builds a JSon String with the response parameters.
*/
public String getJSonResponse(User user, AuthorizationGrant authorizationGrant, Collection<String> scopes) throws InvalidClaimException, ParseException {
log.trace("Building JSON reponse with next scopes {} for user {} and user custom attributes {}", scopes, user.getUserId(), user.getCustomAttributes());
JsonWebResponse jsonWebResponse = new JsonWebResponse();
// Claims
List<Scope> dynamicScopes = new ArrayList<>();
for (String scopeName : scopes) {
Scope scope = scopeService.getScopeById(scopeName);
if ((scope != null) && (ScopeType.DYNAMIC == scope.getScopeType())) {
dynamicScopes.add(scope);
continue;
}
Map<String, Object> claims = scopeService.getClaims(user, scope);
if (claims == null) {
continue;
}
if (scope == null) {
log.trace("Unable to find scope in persistence. Is it removed? Scope name: {}", scopeName);
}
if (scope != null && Boolean.TRUE.equals(scope.isGroupClaims())) {
JwtSubClaimObject groupClaim = new JwtSubClaimObject();
groupClaim.setName(scope.getId());
for (Map.Entry<String, Object> entry : claims.entrySet()) {
String key = entry.getKey();
Object value = entry.getValue();
if (value instanceof List) {
groupClaim.setClaim(key, (List<String>) value);
} else {
groupClaim.setClaim(key, String.valueOf(value));
}
}
jsonWebResponse.getClaims().setClaim(scope.getId(), groupClaim);
} else {
for (Map.Entry<String, Object> entry : claims.entrySet()) {
String key = entry.getKey();
Object value = entry.getValue();
if (value instanceof List) {
jsonWebResponse.getClaims().setClaim(key, (List<String>) value);
} else if (value instanceof Boolean) {
jsonWebResponse.getClaims().setClaim(key, (Boolean) value);
} else if (value instanceof Date) {
jsonWebResponse.getClaims().setClaim(key, ((Date) value).getTime() / 1000);
} else {
jsonWebResponse.getClaims().setClaim(key, String.valueOf(value));
}
}
}
}
if (authorizationGrant.getClaims() != null) {
JSONObject claimsObj = new JSONObject(authorizationGrant.getClaims());
if (claimsObj.has("userinfo")) {
JSONObject userInfoObj = claimsObj.getJSONObject("userinfo");
for (Iterator<String> it = userInfoObj.keys(); it.hasNext(); ) {
String claimName = it.next();
// ClaimValueType.OPTIONAL.equals(claim.getClaimValue().getClaimValueType());
boolean optional = true;
GluuAttribute gluuAttribute = attributeService.getByClaimName(claimName);
if (gluuAttribute != null) {
String ldapClaimName = gluuAttribute.getName();
Object attribute = user.getAttribute(ldapClaimName, optional, gluuAttribute.getOxMultiValuedAttribute());
jsonWebResponse.getClaims().setClaimFromJsonObject(claimName, attribute);
}
}
}
}
if (authorizationGrant.getJwtAuthorizationRequest() != null && authorizationGrant.getJwtAuthorizationRequest().getUserInfoMember() != null) {
for (Claim claim : authorizationGrant.getJwtAuthorizationRequest().getUserInfoMember().getClaims()) {
// ClaimValueType.OPTIONAL.equals(claim.getClaimValue().getClaimValueType());
boolean optional = true;
GluuAttribute gluuAttribute = attributeService.getByClaimName(claim.getName());
if (gluuAttribute != null) {
Client client = authorizationGrant.getClient();
if (validateRequesteClaim(gluuAttribute, client.getClaims(), scopes)) {
String ldapClaimName = gluuAttribute.getName();
Object attribute = user.getAttribute(ldapClaimName, optional, gluuAttribute.getOxMultiValuedAttribute());
jsonWebResponse.getClaims().setClaimFromJsonObject(claim.getName(), attribute);
}
}
}
}
jsonWebResponse.getClaims().setSubjectIdentifier(authorizationGrant.getSub());
if ((dynamicScopes.size() > 0) && externalDynamicScopeService.isEnabled()) {
final UnmodifiableAuthorizationGrant unmodifiableAuthorizationGrant = new UnmodifiableAuthorizationGrant(authorizationGrant);
DynamicScopeExternalContext dynamicScopeContext = new DynamicScopeExternalContext(dynamicScopes, jsonWebResponse, unmodifiableAuthorizationGrant);
externalDynamicScopeService.executeExternalUpdateMethods(dynamicScopeContext);
}
return jsonWebResponse.toString();
}
use of io.jans.as.server.model.authorize.Claim in project jans by JanssenProject.
the class IdTokenFactory method setClaimsFromJwtAuthorizationRequest.
private void setClaimsFromJwtAuthorizationRequest(JsonWebResponse jwr, IAuthorizationGrant authorizationGrant, Set<String> scopes) throws InvalidClaimException {
final JwtAuthorizationRequest requestObject = authorizationGrant.getJwtAuthorizationRequest();
if (requestObject == null || requestObject.getIdTokenMember() == null) {
return;
}
for (Claim claim : requestObject.getIdTokenMember().getClaims()) {
// ClaimValueType.OPTIONAL.equals(claim.getClaimValue().getClaimValueType());
boolean optional = true;
GluuAttribute gluuAttribute = attributeService.getByClaimName(claim.getName());
if (gluuAttribute == null) {
continue;
}
Client client = authorizationGrant.getClient();
if (validateRequesteClaim(gluuAttribute, client.getClaims(), scopes)) {
String ldapClaimName = gluuAttribute.getName();
Object attribute = authorizationGrant.getUser().getAttribute(ldapClaimName, optional, gluuAttribute.getOxMultiValuedAttribute());
jwr.getClaims().setClaimFromJsonObject(claim.getName(), attribute);
}
}
}
Aggregations