use of io.jans.as.server.model.common.AbstractToken in project jans by JanssenProject.
the class StatWS method validateAuthorization.
private void validateAuthorization(String authorization) {
log.trace("Validating authorization: {}", authorization);
AuthorizationGrant grant = tokenService.getAuthorizationGrant(authorization);
if (grant == null) {
log.trace("Unable to find token by authorization: {}", authorization);
throw errorResponseFactory.createWebApplicationException(Response.Status.UNAUTHORIZED, TokenErrorResponseType.ACCESS_DENIED, "Can't find grant for authorization.");
}
final AbstractToken accessToken = grant.getAccessToken(tokenService.getToken(authorization));
if (accessToken == null) {
log.trace("Unable to find token by authorization: {}", authorization);
throw errorResponseFactory.createWebApplicationException(Response.Status.UNAUTHORIZED, TokenErrorResponseType.ACCESS_DENIED, "Can't find access token.");
}
if (accessToken.isExpired()) {
log.trace("Access Token is expired: {}", accessToken.getCode());
throw errorResponseFactory.createWebApplicationException(Response.Status.UNAUTHORIZED, TokenErrorResponseType.ACCESS_DENIED, "Token expired.");
}
if (!grant.getScopesAsString().contains(appConfiguration.getStatAuthorizationScope())) {
log.trace("Access Token does NOT have '{}' scope which is required to call Statistic Endpoint.", appConfiguration.getStatAuthorizationScope());
throw errorResponseFactory.createWebApplicationException(Response.Status.UNAUTHORIZED, TokenErrorResponseType.ACCESS_DENIED, appConfiguration.getStatAuthorizationScope() + " scope is required for token.");
}
}
use of io.jans.as.server.model.common.AbstractToken in project jans by JanssenProject.
the class RegisterRestWebServiceImpl method validateAuthorizationAccessToken.
private void validateAuthorizationAccessToken(String accessToken, String clientId) {
if (isFalse(appConfiguration.getDcrAuthorizationWithClientCredentials())) {
return;
}
if (StringUtils.isBlank(accessToken) || StringUtils.isBlank(clientId)) {
log.trace("Access Token or clientId is blank.");
throw new WebApplicationException(Response.status(Response.Status.BAD_REQUEST).type(MediaType.APPLICATION_JSON_TYPE).entity(errorResponseFactory.errorAsJson(RegisterErrorResponseType.INVALID_TOKEN, "The Access Token is not valid for the Client ID.")).build());
}
final AuthorizationGrant grant = authorizationGrantList.getAuthorizationGrantByAccessToken(accessToken);
if (grant == null) {
log.trace("Unable to find grant by access token: {}", accessToken);
throw new WebApplicationException(Response.status(Response.Status.UNAUTHORIZED).type(MediaType.APPLICATION_JSON_TYPE).entity(errorResponseFactory.errorAsJson(RegisterErrorResponseType.INVALID_TOKEN, "The Access Token grant is not found.")).build());
}
final AbstractToken accessTokenObj = grant.getAccessToken(accessToken);
if (accessTokenObj == null || !accessTokenObj.isValid()) {
log.trace("Unable to find access token object or otherwise it's expired.");
throw new WebApplicationException(Response.status(Response.Status.UNAUTHORIZED).type(MediaType.APPLICATION_JSON_TYPE).entity(errorResponseFactory.errorAsJson(RegisterErrorResponseType.INVALID_TOKEN, "The Access Token object is not found or otherwise expired.")).build());
}
if (!clientId.equals(grant.getClientId())) {
log.trace("ClientId from request does not match to access token's client id.");
throw new WebApplicationException(Response.status(Response.Status.BAD_REQUEST).type(MediaType.APPLICATION_JSON_TYPE).entity(errorResponseFactory.errorAsJson(RegisterErrorResponseType.INVALID_TOKEN, "The Access Token object is not found or otherwise expired.")).build());
}
}
use of io.jans.as.server.model.common.AbstractToken in project jans by JanssenProject.
the class ClientInfoRestWebServiceImpl method requestClientInfo.
public Response requestClientInfo(String accessToken, String authorization, SecurityContext securityContext) {
if (tokenService.isBearerAuthToken(authorization)) {
accessToken = tokenService.getBearerToken(authorization);
}
log.debug("Attempting to request Client Info, Access token = {}, Is Secure = {}", accessToken, securityContext.isSecure());
errorResponseFactory.validateComponentEnabled(ComponentType.CLIENTINFO);
Response.ResponseBuilder builder = Response.ok();
if (!ClientInfoParamsValidator.validateParams(accessToken)) {
builder = Response.status(400);
builder.entity(errorResponseFactory.errorAsJson(ClientInfoErrorResponseType.INVALID_REQUEST, "Failed to validate access token."));
} else {
AuthorizationGrant authorizationGrant = authorizationGrantList.getAuthorizationGrantByAccessToken(accessToken);
if (authorizationGrant == null) {
log.trace("Failed to find authorization grant for access token.");
return Response.status(400).entity(errorResponseFactory.getErrorAsJson(ClientInfoErrorResponseType.INVALID_TOKEN, "", "Unable to find grant object associated with access token.")).build();
}
final AbstractToken token = authorizationGrant.getAccessToken(accessToken);
if (token == null || !token.isValid()) {
log.trace("Invalid access token.");
return Response.status(400).entity(errorResponseFactory.getErrorAsJson(ClientInfoErrorResponseType.INVALID_TOKEN, "", "Invalid access token.")).build();
}
builder.cacheControl(ServerUtil.cacheControlWithNoStoreTransformAndPrivate());
builder.header(Constants.PRAGMA, Constants.NO_CACHE);
builder.entity(getJSonResponse(authorizationGrant.getClient(), authorizationGrant.getScopes()));
}
return builder.build();
}
use of io.jans.as.server.model.common.AbstractToken in project jans by JanssenProject.
the class IntrospectionWebService method fillResponse.
@Nullable
private AbstractToken fillResponse(String token, IntrospectionResponse response, AuthorizationGrant grantOfIntrospectionToken) {
AbstractToken tokenToIntrospect = null;
if (grantOfIntrospectionToken != null) {
tokenToIntrospect = grantOfIntrospectionToken.getAccessToken(token);
response.setActive(tokenToIntrospect.isValid());
response.setExpiresAt(ServerUtil.dateToSeconds(tokenToIntrospect.getExpirationDate()));
response.setIssuedAt(ServerUtil.dateToSeconds(tokenToIntrospect.getCreationDate()));
response.setAcrValues(grantOfIntrospectionToken.getAcrValues());
// #433
response.setScope(grantOfIntrospectionToken.getScopes() != null ? grantOfIntrospectionToken.getScopes() : Lists.newArrayList());
response.setClientId(grantOfIntrospectionToken.getClientId());
response.setSub(grantOfIntrospectionToken.getSub());
response.setUsername(grantOfIntrospectionToken.getUserId());
response.setIssuer(appConfiguration.getIssuer());
response.setAudience(grantOfIntrospectionToken.getClientId());
if (tokenToIntrospect instanceof AccessToken) {
AccessToken accessToken = (AccessToken) tokenToIntrospect;
response.setTokenType(accessToken.getTokenType() != null ? accessToken.getTokenType().getName() : io.jans.as.model.common.TokenType.BEARER.getName());
// DPoP
if (StringUtils.isNotBlank(accessToken.getDpop())) {
response.setNotBefore(accessToken.getCreationDate().getTime());
HashMap<String, String> cnf = new HashMap<>();
cnf.put("jkt", accessToken.getDpop());
response.setCnf(cnf);
}
}
} else {
if (log.isDebugEnabled())
log.debug("Failed to find grant for access_token: {}. Return 200 with active=false.", escapeLog(token));
}
return tokenToIntrospect;
}
use of io.jans.as.server.model.common.AbstractToken in project jans by JanssenProject.
the class SessionRestWebService method validateToken.
private AuthorizationGrant validateToken(String accessToken) {
if (StringUtils.isBlank(accessToken)) {
throw new WebApplicationException(response(Response.Status.BAD_REQUEST, INVALID_TOKEN));
}
AuthorizationGrant authorizationGrant = authorizationGrantList.getAuthorizationGrantByAccessToken(accessToken);
if (authorizationGrant == null) {
log.trace("Failed to find authorization grant by access_token: {}", accessToken);
throw new WebApplicationException(response(Response.Status.UNAUTHORIZED, INVALID_TOKEN));
}
final AbstractToken accessTokenObject = authorizationGrant.getAccessToken(accessToken);
if (accessTokenObject == null || !accessTokenObject.isValid()) {
log.trace("Invalid access token object, access_token: {}, isNull: {}, isValid: {}", accessToken, accessTokenObject == null, false);
throw new WebApplicationException(response(Response.Status.UNAUTHORIZED, INVALID_TOKEN));
}
final Set<String> scopes = authorizationGrant.getScopes();
if (BooleanUtils.isFalse(appConfiguration.getOpenidScopeBackwardCompatibility()) && !scopes.contains(DefaultScope.OPEN_ID.toString())) {
throw new WebApplicationException(response(Response.Status.FORBIDDEN, UserInfoErrorResponseType.INSUFFICIENT_SCOPE));
}
final String requiredScope = appConfiguration.getActiveSessionAuthorizationScope();
if (StringUtils.isNotBlank(requiredScope) && !scopes.contains(requiredScope)) {
log.trace("Required scope {} is not present.", requiredScope);
throw new WebApplicationException(response(Response.Status.FORBIDDEN, UserInfoErrorResponseType.INSUFFICIENT_SCOPE));
}
return authorizationGrant;
}
Aggregations