use of io.jans.as.server.uma.authorization.UmaAuthorizationContextBuilder in project jans by JanssenProject.
the class UmaNeedsInfoService method checkNeedsInfo.
public Map<UmaScriptByScope, UmaAuthorizationContext> checkNeedsInfo(Claims claims, Map<Scope, Boolean> requestedScopes, List<UmaPermission> permissions, UmaPCT pct, HttpServletRequest httpRequest, Client client) {
Map<UmaScriptByScope, UmaAuthorizationContext> scriptMap = new HashMap<>();
Map<String, String> ticketAttributes = new HashMap<>();
List<ClaimDefinition> missedClaims = new ArrayList<>();
UmaAuthorizationContextBuilder contextBuilder = new UmaAuthorizationContextBuilder(appConfiguration, resourceService, permissions, requestedScopes, claims, httpRequest, sessionService, permissionService, client);
for (Scope scope : requestedScopes.keySet()) {
List<String> authorizationPolicies = scope.getUmaAuthorizationPolicies();
if (authorizationPolicies != null && !authorizationPolicies.isEmpty()) {
for (String scriptDN : authorizationPolicies) {
CustomScriptConfiguration script = policyService.getScriptByDn(scriptDN);
if (script != null) {
UmaAuthorizationContext context = contextBuilder.build(script);
scriptMap.put(new UmaScriptByScope(scope, script), context);
List<ClaimDefinition> requiredClaims = policyService.getRequiredClaims(script, context);
if (requiredClaims != null && !requiredClaims.isEmpty()) {
for (ClaimDefinition definition : requiredClaims) {
if (!claims.has(definition.getName())) {
missedClaims.add(definition);
}
}
}
String claimsGatheringScriptName = policyService.getClaimsGatheringScriptName(script, context);
if (StringUtils.isNotBlank(claimsGatheringScriptName)) {
ticketAttributes.put(UmaConstants.GATHERING_ID, constructGatheringScriptNameValue(ticketAttributes.get(UmaConstants.GATHERING_ID), claimsGatheringScriptName));
} else {
log.debug("External 'getClaimsGatheringScriptName' script method return null or blank value, script: {}", script.getName());
}
} else {
log.error("Unable to load UMA script dn: '{}'", scriptDN);
}
}
} else {
log.trace("No policies defined for scope: {}, scopeDn: {}", scope.getId(), scope.getDn());
}
}
if (!missedClaims.isEmpty()) {
ticketAttributes.put(UmaPermission.PCT, pct.getCode());
String newTicket = permissionService.changeTicket(permissions, ticketAttributes);
UmaNeedInfoResponse needInfoResponse = new UmaNeedInfoResponse();
needInfoResponse.setTicket(newTicket);
needInfoResponse.setError("need_info");
needInfoResponse.setRedirectUser(buildClaimsGatheringRedirectUri(scriptMap.values(), client, newTicket));
needInfoResponse.setRequiredClaims(missedClaims);
throw new WebApplicationException(Response.status(Response.Status.FORBIDDEN).entity(ServerUtil.asJsonSilently(needInfoResponse)).build());
}
return scriptMap;
}
Aggregations