Search in sources :

Example 1 with IOpResponse

use of io.jans.ca.common.response.IOpResponse in project jans by JanssenProject.

the class RestResource method getObjectForJsonConversion.

private static <T extends IParams> Object getObjectForJsonConversion(CommandType commandType, String paramsAsString, Class<T> paramsClass, String authorization, String AuthorizationRpId) {
    LOG.trace("Command: {}", paramsAsString);
    T params = read(safeToJson(paramsAsString), paramsClass);
    final RpServerConfiguration conf = ServerLauncher.getInjector().getInstance(ConfigurationService.class).get();
    if (commandType.isAuthorizationRequired()) {
        validateAuthorizationRpId(conf, AuthorizationRpId);
        validateAccessToken(authorization, safeToRpId((HasRpIdParams) params, AuthorizationRpId));
    }
    Command command = new Command(commandType, params);
    final IOpResponse response = ServerLauncher.getInjector().getInstance(Processor.class).process(command);
    Object forJsonConversion = response;
    if (response instanceof POJOResponse) {
        forJsonConversion = ((POJOResponse) response).getNode();
    }
    return forJsonConversion;
}
Also used : POJOResponse(io.jans.ca.common.response.POJOResponse) Command(io.jans.ca.common.Command) IOpResponse(io.jans.ca.common.response.IOpResponse) JSONObject(org.json.JSONObject) ConfigurationService(io.jans.ca.server.service.ConfigurationService)

Example 2 with IOpResponse

use of io.jans.ca.common.response.IOpResponse in project jans by JanssenProject.

the class Processor method process.

public IOpResponse process(Command command) {
    if (command != null) {
        try {
            final IOperation<IParams> operation = (IOperation<IParams>) OperationFactory.create(command, ServerLauncher.getInjector());
            if (operation != null) {
                IParams iParams = Convertor.asParams(operation.getParameterClass(), command);
                validationService.validate(iParams);
                IOpResponse operationResponse = operation.execute(iParams);
                if (operationResponse != null) {
                    return operationResponse;
                } else {
                    LOG.error("No response from operation. Command: " + command);
                }
            } else {
                LOG.error("Operation is not supported!");
                throw new HttpException(ErrorResponseCode.UNSUPPORTED_OPERATION);
            }
        } catch (ClientErrorException e) {
            throw new WebApplicationException(e.getResponse().readEntity(String.class), e.getResponse().getStatus());
        } catch (WebApplicationException e) {
            LOG.error(e.getLocalizedMessage(), e);
            throw e;
        } catch (Throwable e) {
            LOG.error(e.getMessage(), e);
        }
    }
    throw HttpException.internalError();
}
Also used : IOperation(io.jans.ca.server.op.IOperation) WebApplicationException(javax.ws.rs.WebApplicationException) IParams(io.jans.ca.common.params.IParams) IOpResponse(io.jans.ca.common.response.IOpResponse) ClientErrorException(javax.ws.rs.ClientErrorException)

Example 3 with IOpResponse

use of io.jans.ca.common.response.IOpResponse in project jans by JanssenProject.

the class RpGetGetClaimsGatheringUrlOperation method execute.

@Override
public IOpResponse execute(RpGetClaimsGatheringUrlParams params) throws Exception {
    validate(params);
    final UmaMetadata metadata = getDiscoveryService().getUmaDiscoveryByRpId(params.getRpId());
    final Rp rp = getRp();
    final String state = StringUtils.isNotBlank(params.getState()) ? getStateService().putState(getStateService().encodeExpiredObject(params.getState(), ExpiredObjectType.STATE)) : getStateService().generateState();
    String url = metadata.getClaimsInteractionEndpoint() + "?client_id=" + rp.getClientId() + "&ticket=" + params.getTicket() + "&claims_redirect_uri=" + params.getClaimsRedirectUri() + "&state=" + state;
    if (params.getCustomParameters() != null && !params.getCustomParameters().isEmpty()) {
        List<String> paramsList = Lists.newArrayList("rp_id", "client_id", "ticket", "state", "claims_redirect_uri");
        Map<String, String> customParameterMap = params.getCustomParameters().entrySet().stream().filter(map -> !paramsList.contains(map.getKey())).collect(Collectors.toMap(map -> map.getKey(), map -> map.getValue()));
        if (!customParameterMap.isEmpty()) {
            url += "&" + Utils.mapAsStringWithEncodedValues(customParameterMap);
        }
    }
    final RpGetClaimsGatheringUrlResponse r = new RpGetClaimsGatheringUrlResponse();
    r.setUrl(url);
    r.setState(state);
    return r;
}
Also used : StringUtils(org.apache.commons.lang.StringUtils) Utils(io.jans.ca.server.Utils) Collectors(java.util.stream.Collectors) Injector(com.google.inject.Injector) HttpException(io.jans.ca.server.HttpException) UmaMetadata(io.jans.as.model.uma.UmaMetadata) RpGetClaimsGatheringUrlParams(io.jans.ca.common.params.RpGetClaimsGatheringUrlParams) ErrorResponseCode(io.jans.ca.common.ErrorResponseCode) IOpResponse(io.jans.ca.common.response.IOpResponse) List(java.util.List) Lists(com.google.common.collect.Lists) ExpiredObjectType(io.jans.ca.common.ExpiredObjectType) Map(java.util.Map) RpGetClaimsGatheringUrlResponse(io.jans.ca.common.response.RpGetClaimsGatheringUrlResponse) Command(io.jans.ca.common.Command) Rp(io.jans.ca.server.service.Rp) UmaMetadata(io.jans.as.model.uma.UmaMetadata) RpGetClaimsGatheringUrlResponse(io.jans.ca.common.response.RpGetClaimsGatheringUrlResponse) Rp(io.jans.ca.server.service.Rp)

Example 4 with IOpResponse

use of io.jans.ca.common.response.IOpResponse in project jans by JanssenProject.

the class RsCheckAccessOperation method execute.

@Override
public IOpResponse execute(final RsCheckAccessParams params) throws Exception {
    validate(params);
    Rp rp = getRp();
    UmaResource resource = rp.umaResource(params.getPath(), params.getHttpMethod());
    if (resource == null) {
        final ErrorResponse error = new ErrorResponse("invalid_request");
        error.setErrorDescription("Resource is not protected with path: " + params.getPath() + " and httpMethod: " + params.getHttpMethod() + ". Please protect your resource first with uma_rs_protect command. Check details on " + CoreUtils.DOC_URL);
        LOG.error(error.getErrorDescription());
        throw new WebApplicationException(Response.status(Response.Status.BAD_REQUEST).type(MediaType.APPLICATION_JSON_TYPE).entity(Jackson2.asJson(error)).build());
    }
    PatProvider patProvider = new PatProvider() {

        @Override
        public String getPatToken() {
            return getUmaTokenService().getPat(params.getRpId()).getToken();
        }

        @Override
        public void clearPat() {
        // do nothing
        }
    };
    List<String> requiredScopes = getRequiredScopes(params, resource);
    CorrectRptIntrospectionResponse status = getIntrospectionService().introspectRpt(params.getRpId(), params.getRpt());
    LOG.trace("RPT: " + params.getRpt() + ", status: " + status);
    if (!Strings.isNullOrEmpty(params.getRpt()) && status != null && status.getActive() && status.getPermissions() != null) {
        for (CorrectUmaPermission permission : status.getPermissions()) {
            boolean containsAny = !Collections.disjoint(requiredScopes, permission.getScopes());
            LOG.trace("containsAny: " + containsAny + ", requiredScopes: " + requiredScopes + ", permissionScopes: " + permission.getScopes());
            if (containsAny) {
                if ((permission.getResourceId() != null && permission.getResourceId().equals(resource.getId()))) {
                    // normal UMA
                    LOG.debug("RPT has enough permissions, access GRANTED. Path: " + params.getPath() + ", httpMethod:" + params.getHttpMethod() + ", site: " + rp);
                    return new RsCheckAccessResponse("granted");
                }
            }
        }
    }
    if (CollectionUtils.isEmpty(params.getScopes()) && !CollectionUtils.isEmpty(resource.getTicketScopes())) {
        requiredScopes = resource.getTicketScopes();
    }
    final RptPreProcessInterceptor rptInterceptor = getOpClientFactory().createRptPreProcessInterceptor(new ResourceRegistrar(patProvider, new ServiceProvider(rp.getOpHost())));
    Response response = null;
    try {
        LOG.trace("Try to register ticket, scopes: " + requiredScopes + ", resourceId: " + resource.getId());
        response = rptInterceptor.registerTicketResponse(requiredScopes, resource.getId());
    } catch (ClientErrorException e) {
        LOG.debug("Failed to register ticket. Entity: " + e.getResponse().readEntity(String.class) + ", status: " + e.getResponse().getStatus(), e);
        if (e.getResponse().getStatus() == 400 || e.getResponse().getStatus() == 401) {
            LOG.debug("Try maybe PAT is lost on AS, force refresh PAT and request ticket again ...");
            // force to refresh PAT
            getUmaTokenService().obtainPat(params.getRpId());
            response = rptInterceptor.registerTicketResponse(requiredScopes, resource.getId());
        } else {
            throw e;
        }
    } catch (Exception e) {
        LOG.error(e.getMessage(), e);
        throw e;
    }
    RsCheckAccessResponse opResponse = new RsCheckAccessResponse("denied");
    opResponse.setWwwAuthenticateHeader((String) response.getMetadata().getFirst("WWW-Authenticate"));
    opResponse.setTicket(((PermissionTicket) response.getEntity()).getTicket());
    LOG.debug("Access denied for path: " + params.getPath() + " and httpMethod: " + params.getHttpMethod() + ". Ticket is registered: " + opResponse);
    return opResponse;
}
Also used : CorrectRptIntrospectionResponse(io.jans.ca.common.introspection.CorrectRptIntrospectionResponse) WebApplicationException(javax.ws.rs.WebApplicationException) RsCheckAccessResponse(io.jans.ca.common.response.RsCheckAccessResponse) ResourceRegistrar(io.jans.ca.rs.protect.resteasy.ResourceRegistrar) CorrectUmaPermission(io.jans.ca.common.introspection.CorrectUmaPermission) ClientErrorException(javax.ws.rs.ClientErrorException) HttpException(io.jans.ca.server.HttpException) WebApplicationException(javax.ws.rs.WebApplicationException) CorrectRptIntrospectionResponse(io.jans.ca.common.introspection.CorrectRptIntrospectionResponse) IOpResponse(io.jans.ca.common.response.IOpResponse) RsCheckAccessResponse(io.jans.ca.common.response.RsCheckAccessResponse) Response(javax.ws.rs.core.Response) ServiceProvider(io.jans.ca.rs.protect.resteasy.ServiceProvider) PatProvider(io.jans.ca.rs.protect.resteasy.PatProvider) ClientErrorException(javax.ws.rs.ClientErrorException) RptPreProcessInterceptor(io.jans.ca.rs.protect.resteasy.RptPreProcessInterceptor) Rp(io.jans.ca.server.service.Rp) UmaResource(io.jans.ca.server.model.UmaResource)

Aggregations

IOpResponse (io.jans.ca.common.response.IOpResponse)4 Command (io.jans.ca.common.Command)2 HttpException (io.jans.ca.server.HttpException)2 Rp (io.jans.ca.server.service.Rp)2 ClientErrorException (javax.ws.rs.ClientErrorException)2 WebApplicationException (javax.ws.rs.WebApplicationException)2 Lists (com.google.common.collect.Lists)1 Injector (com.google.inject.Injector)1 UmaMetadata (io.jans.as.model.uma.UmaMetadata)1 ErrorResponseCode (io.jans.ca.common.ErrorResponseCode)1 ExpiredObjectType (io.jans.ca.common.ExpiredObjectType)1 CorrectRptIntrospectionResponse (io.jans.ca.common.introspection.CorrectRptIntrospectionResponse)1 CorrectUmaPermission (io.jans.ca.common.introspection.CorrectUmaPermission)1 IParams (io.jans.ca.common.params.IParams)1 RpGetClaimsGatheringUrlParams (io.jans.ca.common.params.RpGetClaimsGatheringUrlParams)1 POJOResponse (io.jans.ca.common.response.POJOResponse)1 RpGetClaimsGatheringUrlResponse (io.jans.ca.common.response.RpGetClaimsGatheringUrlResponse)1 RsCheckAccessResponse (io.jans.ca.common.response.RsCheckAccessResponse)1 PatProvider (io.jans.ca.rs.protect.resteasy.PatProvider)1 ResourceRegistrar (io.jans.ca.rs.protect.resteasy.ResourceRegistrar)1