Example 1 with UmaPCT
use of io.jans.as.server.uma.authorization.UmaPCT in project jans by JanssenProject.
the class CleanerTimerTest method umaPct_whichIsExpiredAndDeletable_MustBeRemoved.
@Test
public void umaPct_whichIsExpiredAndDeletable_MustBeRemoved() throws StringEncrypter.EncryptionException {
final Client client = createClient();
clientService.persist(client);
// 1. create pct
UmaPCT pct = umaPctService.createPct(client.getClientId());
umaPctService.persist(pct);
// 2. pct exists
assertNotNull(umaPctService.getByCode(pct.getCode()));
// 3. clean up
cleanerTimer.processImpl();
cacheService.clear();
// 4. pct exists
assertNotNull(umaPctService.getByCode(pct.getCode()));
final Calendar calendar = Calendar.getInstance();
calendar.add(Calendar.MINUTE, -10);
pct.setExpirationDate(calendar.getTime());
umaPctService.merge(pct);
// 5. clean up
cleanerTimer.processImpl();
cacheService.clear();
// 6. no pct in persistence
assertNull(umaPctService.getByCode(pct.getCode()));
}
Also used :
UmaPCT(io.jans.as.server.uma.authorization.UmaPCT)
Calendar(java.util.Calendar)
GregorianCalendar(java.util.GregorianCalendar)
Client(io.jans.as.common.model.registration.Client)
Test(org.testng.annotations.Test)
BaseComponentTest(io.jans.as.server.BaseComponentTest)
Example 2 with UmaPCT
use of io.jans.as.server.uma.authorization.UmaPCT in project jans by JanssenProject.
the class UmaRptIntrospectionWS method introspect.
private Response introspect(String authorization, String token, HttpServletRequest httpRequest, HttpServletResponse httpResponse) {
try {
errorResponseFactory.validateComponentEnabled(ComponentType.UMA);
umaValidationService.assertHasProtectionScope(authorization);
final UmaRPT rpt = rptService.getRPTByCode(token);
if (!isValid(rpt)) {
return Response.status(Response.Status.OK).entity(new RptIntrospectionResponse(false)).cacheControl(ServerUtil.cacheControl(true)).build();
}
final List<io.jans.as.model.uma.UmaPermission> permissions = buildStatusResponsePermissions(rpt);
// active status
final RptIntrospectionResponse statusResponse = new RptIntrospectionResponse();
statusResponse.setActive(true);
statusResponse.setExpiresAt(ServerUtil.dateToSeconds(rpt.getExpirationDate()));
statusResponse.setIssuedAt(ServerUtil.dateToSeconds(rpt.getCreationDate()));
statusResponse.setPermissions(permissions);
statusResponse.setClientId(rpt.getClientId());
statusResponse.setAud(rpt.getClientId());
statusResponse.setSub(rpt.getUserId());
final List<UmaPermission> rptPermissions = rptService.getRptPermissions(rpt);
if (!rptPermissions.isEmpty()) {
UmaPermission permission = rptPermissions.iterator().next();
String pctCode = permission.getAttributes().get(UmaPermission.PCT);
if (StringHelper.isNotEmpty(pctCode)) {
UmaPCT pct = pctService.getByCode(pctCode);
if (pct != null) {
statusResponse.setPctClaims(pct.getClaims().toMap());
} else {
log.error("Failed to find PCT with code: {} which is taken from permission object: {}", pctCode, permission.getDn());
}
} else {
log.trace("PCT code is blank for RPT: {}", rpt.getCode());
}
}
JSONObject rptAsJson = new JSONObject(ServerUtil.asJson(statusResponse));
ExternalUmaRptClaimsContext context = new ExternalUmaRptClaimsContext(clientService.getClient(rpt.getClientId()), httpRequest, httpResponse);
if (externalUmaRptClaimsService.externalModify(rptAsJson, context)) {
log.trace("Successfully run external RPT Claims script associated with {}", rpt.getClientId());
} else {
rptAsJson = new JSONObject(ServerUtil.asJson(statusResponse));
log.trace("Canceled changes made by external RPT Claims script since method returned `false`.");
}
return Response.status(Response.Status.OK).entity(rptAsJson.toString()).type(MediaType.APPLICATION_JSON_TYPE).cacheControl(ServerUtil.cacheControl(true)).build();
} catch (Exception ex) {
log.error("Exception happened", ex);
if (ex instanceof WebApplicationException) {
throw (WebApplicationException) ex;
}
throw errorResponseFactory.createWebApplicationException(Response.Status.INTERNAL_SERVER_ERROR, UmaErrorResponseType.SERVER_ERROR, "Internal error.");
}
}
Also used :
UmaPCT(io.jans.as.server.uma.authorization.UmaPCT)
ExternalUmaRptClaimsContext(io.jans.as.server.service.external.context.ExternalUmaRptClaimsContext)
WebApplicationException(javax.ws.rs.WebApplicationException)
WebApplicationException(javax.ws.rs.WebApplicationException)
RptIntrospectionResponse(io.jans.as.model.uma.RptIntrospectionResponse)
UmaRPT(io.jans.as.server.uma.authorization.UmaRPT)
JSONObject(org.json.JSONObject)
UmaPermission(io.jans.as.model.uma.persistence.UmaPermission)
Example 3 with UmaPCT
use of io.jans.as.server.uma.authorization.UmaPCT in project jans by JanssenProject.
the class UmaPctService method updateClaims.
public UmaPCT updateClaims(UmaPCT pct, Jwt idToken, String clientId, List<UmaPermission> permissions) {
try {
String ticketPctCode = permissions.get(0).getAttributes().get("pct");
UmaPCT ticketPct = StringUtils.isNotBlank(ticketPctCode) ? getByCode(ticketPctCode) : null;
boolean hasPct = pct != null;
if (!hasPct) {
if (ticketPct != null) {
pct = ticketPct;
} else {
pct = createPctAndPersist(clientId);
}
}
// copy claims from pctTicket into normal pct
JwtClaims pctClaims = pct.getClaims();
if (ticketPct != null && hasPct) {
JwtClaims ticketClaims = ticketPct.getClaims();
for (String key : ticketClaims.keys()) {
pctClaims.setClaimObject(key, ticketClaims.getClaim(key), false);
}
pct = ticketPct;
}
if (idToken != null && idToken.getClaims() != null) {
for (String key : idToken.getClaims().keys()) {
pctClaims.setClaimObject(key, idToken.getClaims().getClaim(key), false);
}
}
pct.setClaims(pctClaims);
log.trace("PCT code: {}, claims: {}", pct.getCode(), pct.getClaimValuesAsJson());
pct.resetTtlFromExpirationDate();
ldapEntryManager.merge(pct);
return ldapEntryManager.find(UmaPCT.class, pct.getDn());
} catch (Exception e) {
log.error("Failed to update PCT claims. " + e.getMessage(), e);
}
return pct;
}Example 4 with UmaPCT
use of io.jans.as.server.uma.authorization.UmaPCT in project jans by JanssenProject.
the class UmaRptService method createRptJwt.
private String createRptJwt(ExecutionContext executionContext, List<UmaPermission> permissions, Date creationDate, Date expirationDate) throws Exception {
Client client = executionContext.getClient();
SignatureAlgorithm signatureAlgorithm = SignatureAlgorithm.fromString(appConfiguration.getDefaultSignatureAlgorithm());
if (client.getAccessTokenSigningAlg() != null && SignatureAlgorithm.fromString(client.getAccessTokenSigningAlg()) != null) {
signatureAlgorithm = SignatureAlgorithm.fromString(client.getAccessTokenSigningAlg());
}
final JwtSigner jwtSigner = new JwtSigner(appConfiguration, webKeysConfiguration, signatureAlgorithm, client.getClientId(), clientService.decryptSecret(client.getClientSecret()));
final Jwt jwt = jwtSigner.newJwt();
jwt.getClaims().setClaim("client_id", client.getClientId());
jwt.getClaims().setExpirationTime(expirationDate);
jwt.getClaims().setIssuedAt(creationDate);
Audience.setAudience(jwt.getClaims(), client);
if (permissions != null && !permissions.isEmpty()) {
String pctCode = permissions.iterator().next().getAttributes().get(UmaPermission.PCT);
if (StringHelper.isNotEmpty(pctCode)) {
UmaPCT pct = pctService.getByCode(pctCode);
if (pct != null) {
jwt.getClaims().setClaim("pct_claims", pct.getClaims().toJsonObject());
} else {
log.error("Failed to find PCT with code: {} which is taken from permission object: {}", pctCode, permissions.iterator().next().getDn());
}
}
jwt.getClaims().setClaim("permissions", buildPermissionsJSONObject(permissions));
}
runScriptAndInjectValuesIntoJwt(jwt, executionContext);
return jwtSigner.sign().toString();
}
Also used :
JwtSigner(io.jans.as.server.model.token.JwtSigner)
UmaPCT(io.jans.as.server.uma.authorization.UmaPCT)
Jwt(io.jans.as.model.jwt.Jwt)
SignatureAlgorithm(io.jans.as.model.crypto.signature.SignatureAlgorithm)
Client(io.jans.as.common.model.registration.Client)
Example 5 with UmaPCT
use of io.jans.as.server.uma.authorization.UmaPCT in project jans by JanssenProject.
the class UmaPctService method getByCode.
public UmaPCT getByCode(String pctCode) {
try {
final Filter filter = Filter.createEqualityFilter("tknCde", pctCode);
final List<UmaPCT> entries = ldapEntryManager.findEntries(branchBaseDn(), UmaPCT.class, filter);
if (entries != null && !entries.isEmpty()) {
return entries.get(0);
} else {
log.error("Failed to find PCT by code: {}", pctCode);
}
} catch (Exception e) {
log.error(e.getMessage(), e);
}
return null;
}Aggregations
UmaPCT (io.jans.as.server.uma.authorization.UmaPCT)8
Client (io.jans.as.common.model.registration.Client)3
Jwt (io.jans.as.model.jwt.Jwt)2
UmaPermission (io.jans.as.model.uma.persistence.UmaPermission)2
UmaRPT (io.jans.as.server.uma.authorization.UmaRPT)2
WebApplicationException (javax.ws.rs.WebApplicationException)2
SignatureAlgorithm (io.jans.as.model.crypto.signature.SignatureAlgorithm)1
JwtClaims (io.jans.as.model.jwt.JwtClaims)1
RptIntrospectionResponse (io.jans.as.model.uma.RptIntrospectionResponse)1
UmaTokenResponse (io.jans.as.model.uma.UmaTokenResponse)1
Scope (io.jans.as.persistence.model.Scope)1
BaseComponentTest (io.jans.as.server.BaseComponentTest)1
ExecutionContext (io.jans.as.server.model.common.ExecutionContext)1
JwtSigner (io.jans.as.server.model.token.JwtSigner)1
ExternalUmaRptClaimsContext (io.jans.as.server.service.external.context.ExternalUmaRptClaimsContext)1
Claims (io.jans.as.server.uma.authorization.Claims)1
UmaAuthorizationContext (io.jans.as.server.uma.authorization.UmaAuthorizationContext)1
UmaScriptByScope (io.jans.as.server.uma.authorization.UmaScriptByScope)1
Filter (io.jans.orm.search.filter.Filter)1
Calendar (java.util.Calendar)1
