use of io.jans.ca.common.introspection.CorrectRptIntrospectionResponse in project jans by JanssenProject.
the class IntrospectRptOperation method execute.
@Override
public IOpResponse execute(IntrospectRptParams params) {
getValidationService().validate(params);
CorrectRptIntrospectionResponse response = getIntrospectionService().introspectRpt(params.getRpId(), params.getRpt());
return new POJOResponse(response);
}
use of io.jans.ca.common.introspection.CorrectRptIntrospectionResponse in project jans by JanssenProject.
the class OpClientFactoryMockImpl method createClientFactory.
public synchronized ClientFactory createClientFactory() {
Optional<ClientFactory> clientFactoryOpt = Optional.ofNullable((ClientFactory) opClientCache.getIfPresent("ClientFactory"));
Optional<CorrectRptIntrospectionService> correctRptIntrospectionServiceOpt = Optional.ofNullable((CorrectRptIntrospectionService) opClientCache.getIfPresent("CorrectRptIntrospectionService"));
ClientFactory clientFactory = null;
if (!clientFactoryOpt.isPresent() || !correctRptIntrospectionServiceOpt.isPresent()) {
clientFactory = mock(ClientFactory.class);
CorrectRptIntrospectionService correctRptIntrospectionService = mock(CorrectRptIntrospectionService.class);
when(clientFactory.createCorrectRptStatusService(any(), any())).thenReturn(correctRptIntrospectionService);
CorrectRptIntrospectionResponse correctRptIntrospectionResponse = new CorrectRptIntrospectionResponse();
correctRptIntrospectionResponse.setActive(true);
correctRptIntrospectionResponse.setClientId("d457e3de-30dd-400a-8698-2b98472b7a40");
correctRptIntrospectionResponse.setIssuedAt((int) (System.currentTimeMillis() / 1000));
correctRptIntrospectionResponse.setExpiresAt((int) (System.currentTimeMillis() / 1000));
when(correctRptIntrospectionService.requestRptStatus(any(), any(), any())).thenReturn(correctRptIntrospectionResponse);
opClientCache.put("ClientFactory", clientFactory);
opClientCache.put("CorrectRptIntrospectionService", correctRptIntrospectionService);
} else {
clientFactory = (ClientFactory) opClientCache.getIfPresent("ClientFactory");
}
return clientFactory;
}
use of io.jans.ca.common.introspection.CorrectRptIntrospectionResponse in project jans by JanssenProject.
the class UmaSpontaneousScopeTest method init.
@Parameters({ "host", "opHost", "paramRedirectUrl", "userId", "userSecret", "rsProtectWithSpontaneousScope" })
@Test
public void init(String host, String opHost, String paramRedirectUrl, String userId, String userSecret, String rsProtectWithSpontaneousScope) throws Exception {
List<String> scopes = Lists.newArrayList("openid", "uma_protection", "profile", "address", "email", "phone", "user_name", "jans_client_api");
List<String> responseTypes = Lists.newArrayList("code", "id_token", "token");
// register client
ClientInterface client = Tester.newClient(host);
final RegisterSiteResponse registerResponse = RegisterSiteTest.registerSite(client, opHost, paramRedirectUrl, scopes, responseTypes, true, null);
// UMA RP - Get RPT
// Spontaneous Scope Regress: ^/user/.+$
RpGetRptResponse response = RpGetRptTest.requestRpt(client, registerResponse, rsProtectWithSpontaneousScope);
// UMA Introspect RPT
IntrospectRptParams params = new IntrospectRptParams();
params.setRpId(registerResponse.getRpId());
params.setRpt(response.getRpt());
final CorrectRptIntrospectionResponse rptIntrospectionResponse = client.introspectRpt(Tester.getAuthorization(registerResponse), null, params);
rptIntrospectionResponse.getPermissions().forEach(permission -> {
assertTrue(permission.getScopes().contains(USER_2_SCOPE));
});
}
use of io.jans.ca.common.introspection.CorrectRptIntrospectionResponse in project jans by JanssenProject.
the class IntrospectRptTest method test.
@Parameters({ "host", "opHost", "redirectUrls", "rsProtect" })
@Test
public void test(String host, String opHost, String redirectUrls, String rsProtect) throws IOException {
ClientInterface client = Tester.newClient(host);
RegisterSiteResponse site = RegisterSiteTest.registerSite(client, opHost, redirectUrls);
final RpGetRptResponse rptResponse = RpGetRptTest.requestRpt(client, site, rsProtect);
IntrospectRptParams params = new IntrospectRptParams();
params.setRpId(site.getRpId());
params.setRpt(rptResponse.getRpt());
final CorrectRptIntrospectionResponse response = client.introspectRpt(Tester.getAuthorization(site), null, params);
assertNotNull(response);
assertTrue(response.getActive());
assertTrue(response.getExpiresAt() != null);
assertTrue(response.getIssuedAt() != null);
}
use of io.jans.ca.common.introspection.CorrectRptIntrospectionResponse in project jans by JanssenProject.
the class RsCheckAccessOperation method execute.
@Override
public IOpResponse execute(final RsCheckAccessParams params) throws Exception {
validate(params);
Rp rp = getRp();
UmaResource resource = rp.umaResource(params.getPath(), params.getHttpMethod());
if (resource == null) {
final ErrorResponse error = new ErrorResponse("invalid_request");
error.setErrorDescription("Resource is not protected with path: " + params.getPath() + " and httpMethod: " + params.getHttpMethod() + ". Please protect your resource first with uma_rs_protect command. Check details on " + CoreUtils.DOC_URL);
LOG.error(error.getErrorDescription());
throw new WebApplicationException(Response.status(Response.Status.BAD_REQUEST).type(MediaType.APPLICATION_JSON_TYPE).entity(Jackson2.asJson(error)).build());
}
PatProvider patProvider = new PatProvider() {
@Override
public String getPatToken() {
return getUmaTokenService().getPat(params.getRpId()).getToken();
}
@Override
public void clearPat() {
// do nothing
}
};
List<String> requiredScopes = getRequiredScopes(params, resource);
CorrectRptIntrospectionResponse status = getIntrospectionService().introspectRpt(params.getRpId(), params.getRpt());
LOG.trace("RPT: " + params.getRpt() + ", status: " + status);
if (!Strings.isNullOrEmpty(params.getRpt()) && status != null && status.getActive() && status.getPermissions() != null) {
for (CorrectUmaPermission permission : status.getPermissions()) {
boolean containsAny = !Collections.disjoint(requiredScopes, permission.getScopes());
LOG.trace("containsAny: " + containsAny + ", requiredScopes: " + requiredScopes + ", permissionScopes: " + permission.getScopes());
if (containsAny) {
if ((permission.getResourceId() != null && permission.getResourceId().equals(resource.getId()))) {
// normal UMA
LOG.debug("RPT has enough permissions, access GRANTED. Path: " + params.getPath() + ", httpMethod:" + params.getHttpMethod() + ", site: " + rp);
return new RsCheckAccessResponse("granted");
}
}
}
}
if (CollectionUtils.isEmpty(params.getScopes()) && !CollectionUtils.isEmpty(resource.getTicketScopes())) {
requiredScopes = resource.getTicketScopes();
}
final RptPreProcessInterceptor rptInterceptor = getOpClientFactory().createRptPreProcessInterceptor(new ResourceRegistrar(patProvider, new ServiceProvider(rp.getOpHost())));
Response response = null;
try {
LOG.trace("Try to register ticket, scopes: " + requiredScopes + ", resourceId: " + resource.getId());
response = rptInterceptor.registerTicketResponse(requiredScopes, resource.getId());
} catch (ClientErrorException e) {
LOG.debug("Failed to register ticket. Entity: " + e.getResponse().readEntity(String.class) + ", status: " + e.getResponse().getStatus(), e);
if (e.getResponse().getStatus() == 400 || e.getResponse().getStatus() == 401) {
LOG.debug("Try maybe PAT is lost on AS, force refresh PAT and request ticket again ...");
// force to refresh PAT
getUmaTokenService().obtainPat(params.getRpId());
response = rptInterceptor.registerTicketResponse(requiredScopes, resource.getId());
} else {
throw e;
}
} catch (Exception e) {
LOG.error(e.getMessage(), e);
throw e;
}
RsCheckAccessResponse opResponse = new RsCheckAccessResponse("denied");
opResponse.setWwwAuthenticateHeader((String) response.getMetadata().getFirst("WWW-Authenticate"));
opResponse.setTicket(((PermissionTicket) response.getEntity()).getTicket());
LOG.debug("Access denied for path: " + params.getPath() + " and httpMethod: " + params.getHttpMethod() + ". Ticket is registered: " + opResponse);
return opResponse;
}
Aggregations