Search in sources :

Example 1 with Claims

use of io.jans.as.server.uma.authorization.Claims in project jans by JanssenProject.

the class UmaTokenService method requestRpt.

public Response requestRpt(String grantType, String ticket, String claimToken, String claimTokenFormat, String pctCode, String rptCode, String scope, HttpServletRequest httpRequest, HttpServletResponse httpResponse) {
    try {
        log.trace("requestRpt grant_type: {}, ticket: {}, claim_token: {}, claim_token_format: {}, pct: {}, rpt: {}, scope: {}", grantType, ticket, claimToken, claimTokenFormat, pctCode, rptCode, scope);
        umaValidationService.validateGrantType(grantType);
        List<UmaPermission> permissions = umaValidationService.validateTicket(ticket);
        Jwt idToken = umaValidationService.validateClaimToken(claimToken, claimTokenFormat);
        UmaPCT pct = umaValidationService.validatePct(pctCode);
        UmaRPT rpt = umaValidationService.validateRPT(rptCode);
        Client client = umaValidationService.validate(identity.getSessionClient().getClient());
        Map<Scope, Boolean> scopes = umaValidationService.validateScopes(scope, permissions, client);
        // creates new pct if pct is null in request
        pct = pctService.updateClaims(pct, idToken, client.getClientId(), permissions);
        Claims claims = new Claims(idToken, pct, claimToken);
        Map<UmaScriptByScope, UmaAuthorizationContext> scriptMap = umaNeedsInfoService.checkNeedsInfo(claims, scopes, permissions, pct, httpRequest, client);
        if (!scriptMap.isEmpty()) {
            expressionService.evaluate(scriptMap, permissions);
        } else {
            if (log.isWarnEnabled())
                log.warn("There are no any policies that protects scopes. Scopes: {}. Configuration property umaGrantAccessIfNoPolicies: {}", UmaScopeService.asString(scopes.keySet()), appConfiguration.getUmaGrantAccessIfNoPolicies());
            if (appConfiguration.getUmaGrantAccessIfNoPolicies() != null && appConfiguration.getUmaGrantAccessIfNoPolicies()) {
                log.warn("Access granted because there are no any protection. Make sure it is intentional behavior.");
            } else {
                log.warn("Access denied because there are no any protection. Make sure it is intentional behavior.");
                throw errorResponseFactory.createWebApplicationException(Response.Status.FORBIDDEN, UmaErrorResponseType.FORBIDDEN_BY_POLICY, "Access denied because there are no any protection. Make sure it is intentional behavior.");
            }
        }
        log.trace("Access granted.");
        updatePermissionsWithClientRequestedScope(permissions, scopes);
        addPctToPermissions(permissions, pct);
        boolean upgraded = false;
        if (rpt == null) {
            ExecutionContext executionContext = new ExecutionContext(httpRequest, httpResponse);
            executionContext.setClient(client);
            rpt = rptService.createRPTAndPersist(executionContext, permissions);
            rptCode = rpt.getNotHashedCode();
        } else if (rptService.addPermissionToRPT(rpt, permissions)) {
            upgraded = true;
        }
        UmaTokenResponse response = new UmaTokenResponse();
        response.setAccessToken(rptCode);
        response.setUpgraded(upgraded);
        response.setTokenType("Bearer");
        response.setPct(pct.getCode());
        return Response.ok(ServerUtil.asJson(response)).build();
    } catch (Exception ex) {
        log.error("Exception happened", ex);
        if (ex instanceof WebApplicationException) {
            throw (WebApplicationException) ex;
        }
    }
    log.error("Failed to handle request to UMA Token Endpoint.");
    throw errorResponseFactory.createWebApplicationException(Response.Status.INTERNAL_SERVER_ERROR, UmaErrorResponseType.SERVER_ERROR, "Failed to handle request to UMA Token Endpoint.");
}
Also used : UmaPCT(io.jans.as.server.uma.authorization.UmaPCT) Claims(io.jans.as.server.uma.authorization.Claims) UmaTokenResponse(io.jans.as.model.uma.UmaTokenResponse) WebApplicationException(javax.ws.rs.WebApplicationException) UmaAuthorizationContext(io.jans.as.server.uma.authorization.UmaAuthorizationContext) Jwt(io.jans.as.model.jwt.Jwt) WebApplicationException(javax.ws.rs.WebApplicationException) UmaScriptByScope(io.jans.as.server.uma.authorization.UmaScriptByScope) ExecutionContext(io.jans.as.server.model.common.ExecutionContext) UmaRPT(io.jans.as.server.uma.authorization.UmaRPT) UmaScriptByScope(io.jans.as.server.uma.authorization.UmaScriptByScope) Scope(io.jans.as.persistence.model.Scope) UmaPermission(io.jans.as.model.uma.persistence.UmaPermission) Client(io.jans.as.common.model.registration.Client)

Aggregations

Client (io.jans.as.common.model.registration.Client)1 Jwt (io.jans.as.model.jwt.Jwt)1 UmaTokenResponse (io.jans.as.model.uma.UmaTokenResponse)1 UmaPermission (io.jans.as.model.uma.persistence.UmaPermission)1 Scope (io.jans.as.persistence.model.Scope)1 ExecutionContext (io.jans.as.server.model.common.ExecutionContext)1 Claims (io.jans.as.server.uma.authorization.Claims)1 UmaAuthorizationContext (io.jans.as.server.uma.authorization.UmaAuthorizationContext)1 UmaPCT (io.jans.as.server.uma.authorization.UmaPCT)1 UmaRPT (io.jans.as.server.uma.authorization.UmaRPT)1 UmaScriptByScope (io.jans.as.server.uma.authorization.UmaScriptByScope)1 WebApplicationException (javax.ws.rs.WebApplicationException)1