Examples with RsCheckAccessResponse io.jans.ca.common.response.RsCheckAccessResponse used on opensource projects

Search in sources :

Example 6 with RsCheckAccessResponse

use of io.jans.ca.common.response.RsCheckAccessResponse in project jans by JanssenProject.

the class RpGetRptTest method requestRpt.

public static RpGetRptResponse requestRpt(ClientInterface client, RegisterSiteResponse site, String rsProtect) throws IOException {
    RsProtectTest.protectResources(client, site, UmaFullTest.resourceList(rsProtect).getResources());
    final RsCheckAccessResponse checkAccess = RsCheckAccessTest.checkAccess(client, site, null);
    final RpGetRptParams params = new RpGetRptParams();
    params.setRpId(site.getRpId());
    params.setTicket(checkAccess.getTicket());
    final RpGetRptResponse response = client.umaRpGetRpt(Tester.getAuthorization(site), null, params);
    assertNotNull(response);
    assertTrue(StringUtils.isNotBlank(response.getRpt()));
    assertTrue(StringUtils.isNotBlank(response.getPct()));
    return response;
}
Also used : RpGetRptParams(io.jans.ca.common.params.RpGetRptParams) RsCheckAccessResponse(io.jans.ca.common.response.RsCheckAccessResponse) RpGetRptResponse(io.jans.ca.common.response.RpGetRptResponse)

Example 7 with RsCheckAccessResponse

use of io.jans.ca.common.response.RsCheckAccessResponse in project jans by JanssenProject.

the class UmaGetClaimsGatheringUrlTest method test_withCustomParameter.

@Parameters({ "host", "opHost", "paramRedirectUrl", "rsProtect" })
@Test
public void test_withCustomParameter(String host, String opHost, String paramRedirectUrl, String rsProtect) throws IOException {
    ClientInterface client = Tester.newClient(host);
    RegisterSiteResponse site = RegisterSiteTest.registerSite(client, opHost, paramRedirectUrl);
    RsProtectTest.protectResources(client, site, UmaFullTest.resourceList(rsProtect).getResources());
    final RsCheckAccessResponse checkAccess = RsCheckAccessTest.checkAccess(client, site, null);
    final RpGetClaimsGatheringUrlParams params = new RpGetClaimsGatheringUrlParams();
    params.setRpId(site.getRpId());
    params.setTicket(checkAccess.getTicket());
    params.setClaimsRedirectUri(paramRedirectUrl);
    Map<String, String> customParameterMap = Maps.newHashMap();
    customParameterMap.put("param1", "value1");
    customParameterMap.put("param2", "value2");
    params.setCustomParameters(customParameterMap);
    final RpGetClaimsGatheringUrlResponse response = client.umaRpGetClaimsGatheringUrl(Tester.getAuthorization(site), null, params);
    Map<String, String> parameters = CoreUtils.splitQuery(response.getUrl());
    assertTrue(StringUtils.isNotBlank(parameters.get("client_id")));
    assertTrue(StringUtils.isNotBlank(parameters.get("ticket")));
    assertTrue(StringUtils.isNotBlank(parameters.get("state")));
    assertTrue(StringUtils.isNotBlank(response.getState()));
    assertTrue(StringUtils.isNotBlank(parameters.get("param1")));
    assertTrue(StringUtils.isNotBlank(parameters.get("param2")));
    assertEquals(paramRedirectUrl, parameters.get("claims_redirect_uri"));
}
Also used : RpGetClaimsGatheringUrlParams(io.jans.ca.common.params.RpGetClaimsGatheringUrlParams) RpGetClaimsGatheringUrlResponse(io.jans.ca.common.response.RpGetClaimsGatheringUrlResponse) RsCheckAccessResponse(io.jans.ca.common.response.RsCheckAccessResponse) ClientInterface(io.jans.ca.client.ClientInterface) RegisterSiteResponse(io.jans.ca.common.response.RegisterSiteResponse) Parameters(org.testng.annotations.Parameters) Test(org.testng.annotations.Test)

Example 8 with RsCheckAccessResponse

use of io.jans.ca.common.response.RsCheckAccessResponse in project jans by JanssenProject.

the class RsCheckAccessOperation method execute.

@Override
public IOpResponse execute(final RsCheckAccessParams params) throws Exception {
    validate(params);
    Rp rp = getRp();
    UmaResource resource = rp.umaResource(params.getPath(), params.getHttpMethod());
    if (resource == null) {
        final ErrorResponse error = new ErrorResponse("invalid_request");
        error.setErrorDescription("Resource is not protected with path: " + params.getPath() + " and httpMethod: " + params.getHttpMethod() + ". Please protect your resource first with uma_rs_protect command. Check details on " + CoreUtils.DOC_URL);
        LOG.error(error.getErrorDescription());
        throw new WebApplicationException(Response.status(Response.Status.BAD_REQUEST).type(MediaType.APPLICATION_JSON_TYPE).entity(Jackson2.asJson(error)).build());
    }
    PatProvider patProvider = new PatProvider() {

        @Override
        public String getPatToken() {
            return getUmaTokenService().getPat(params.getRpId()).getToken();
        }

        @Override
        public void clearPat() {
        // do nothing
        }
    };
    List<String> requiredScopes = getRequiredScopes(params, resource);
    CorrectRptIntrospectionResponse status = getIntrospectionService().introspectRpt(params.getRpId(), params.getRpt());
    LOG.trace("RPT: " + params.getRpt() + ", status: " + status);
    if (!Strings.isNullOrEmpty(params.getRpt()) && status != null && status.getActive() && status.getPermissions() != null) {
        for (CorrectUmaPermission permission : status.getPermissions()) {
            boolean containsAny = !Collections.disjoint(requiredScopes, permission.getScopes());
            LOG.trace("containsAny: " + containsAny + ", requiredScopes: " + requiredScopes + ", permissionScopes: " + permission.getScopes());
            if (containsAny) {
                if ((permission.getResourceId() != null && permission.getResourceId().equals(resource.getId()))) {
                    // normal UMA
                    LOG.debug("RPT has enough permissions, access GRANTED. Path: " + params.getPath() + ", httpMethod:" + params.getHttpMethod() + ", site: " + rp);
                    return new RsCheckAccessResponse("granted");
                }
            }
        }
    }
    if (CollectionUtils.isEmpty(params.getScopes()) && !CollectionUtils.isEmpty(resource.getTicketScopes())) {
        requiredScopes = resource.getTicketScopes();
    }
    final RptPreProcessInterceptor rptInterceptor = getOpClientFactory().createRptPreProcessInterceptor(new ResourceRegistrar(patProvider, new ServiceProvider(rp.getOpHost())));
    Response response = null;
    try {
        LOG.trace("Try to register ticket, scopes: " + requiredScopes + ", resourceId: " + resource.getId());
        response = rptInterceptor.registerTicketResponse(requiredScopes, resource.getId());
    } catch (ClientErrorException e) {
        LOG.debug("Failed to register ticket. Entity: " + e.getResponse().readEntity(String.class) + ", status: " + e.getResponse().getStatus(), e);
        if (e.getResponse().getStatus() == 400 || e.getResponse().getStatus() == 401) {
            LOG.debug("Try maybe PAT is lost on AS, force refresh PAT and request ticket again ...");
            // force to refresh PAT
            getUmaTokenService().obtainPat(params.getRpId());
            response = rptInterceptor.registerTicketResponse(requiredScopes, resource.getId());
        } else {
            throw e;
        }
    } catch (Exception e) {
        LOG.error(e.getMessage(), e);
        throw e;
    }
    RsCheckAccessResponse opResponse = new RsCheckAccessResponse("denied");
    opResponse.setWwwAuthenticateHeader((String) response.getMetadata().getFirst("WWW-Authenticate"));
    opResponse.setTicket(((PermissionTicket) response.getEntity()).getTicket());
    LOG.debug("Access denied for path: " + params.getPath() + " and httpMethod: " + params.getHttpMethod() + ". Ticket is registered: " + opResponse);
    return opResponse;
}
Also used : CorrectRptIntrospectionResponse(io.jans.ca.common.introspection.CorrectRptIntrospectionResponse) WebApplicationException(javax.ws.rs.WebApplicationException) RsCheckAccessResponse(io.jans.ca.common.response.RsCheckAccessResponse) ResourceRegistrar(io.jans.ca.rs.protect.resteasy.ResourceRegistrar) CorrectUmaPermission(io.jans.ca.common.introspection.CorrectUmaPermission) ClientErrorException(javax.ws.rs.ClientErrorException) HttpException(io.jans.ca.server.HttpException) WebApplicationException(javax.ws.rs.WebApplicationException) CorrectRptIntrospectionResponse(io.jans.ca.common.introspection.CorrectRptIntrospectionResponse) IOpResponse(io.jans.ca.common.response.IOpResponse) RsCheckAccessResponse(io.jans.ca.common.response.RsCheckAccessResponse) Response(javax.ws.rs.core.Response) ServiceProvider(io.jans.ca.rs.protect.resteasy.ServiceProvider) PatProvider(io.jans.ca.rs.protect.resteasy.PatProvider) ClientErrorException(javax.ws.rs.ClientErrorException) RptPreProcessInterceptor(io.jans.ca.rs.protect.resteasy.RptPreProcessInterceptor) Rp(io.jans.ca.server.service.Rp) UmaResource(io.jans.ca.server.model.UmaResource)

Example 9 with RsCheckAccessResponse

use of io.jans.ca.common.response.RsCheckAccessResponse in project jans by JanssenProject.

the class UmaFullTest method mockTest.

@Parameters({ "host", "redirectUrls", "opHost", "rsProtect" })
@Test
public void mockTest(String host, String redirectUrls, String opHost, String rsProtect) throws Exception {
    ClientInterface client = Tester.newClient(host);
    RegisterSiteResponse site = RegisterSiteTest.registerSite(client, opHost, redirectUrls);
    RsProtectTest.protectResources(client, site, UmaFullTest.resourceList(rsProtect).getResources());
    final RsCheckAccessResponse checkAccess = RsCheckAccessTest.checkAccess(client, site, null);
    final RpGetRptParams params = new RpGetRptParams();
    params.setRpId(site.getRpId());
    params.setTicket(checkAccess.getTicket());
    final RpGetRptResponse response = client.umaRpGetRpt(Tester.getAuthorization(), null, params);
    assertNotNull(response);
    assertTrue(StringUtils.isNotBlank(response.getRpt()));
    assertTrue(StringUtils.isNotBlank(response.getPct()));
}
Also used : RpGetRptParams(io.jans.ca.common.params.RpGetRptParams) RsCheckAccessResponse(io.jans.ca.common.response.RsCheckAccessResponse) ClientInterface(io.jans.ca.client.ClientInterface) RegisterSiteResponse(io.jans.ca.common.response.RegisterSiteResponse) RpGetRptResponse(io.jans.ca.common.response.RpGetRptResponse) Parameters(org.testng.annotations.Parameters) Test(org.testng.annotations.Test) RegisterSiteTest(io.jans.ca.server.RegisterSiteTest) RsCheckAccessTest(io.jans.ca.server.RsCheckAccessTest) RsProtectTest(io.jans.ca.server.RsProtectTest)

Example 10 with RsCheckAccessResponse

use of io.jans.ca.common.response.RsCheckAccessResponse in project jans by JanssenProject.

the class DifferentAuthServerTest method umaFullTest_withDifferentAuthServer.

@Parameters({ "host", "authServer", "redirectUrls", "opHost", "rsProtect" })
@Test
public void umaFullTest_withDifferentAuthServer(String host, String authServer, String redirectUrls, String opHost, String rsProtect) throws Exception {
    ClientInterface client = Tester.newClient(host);
    RegisterSiteResponse site = RegisterSiteTest.registerSite(client, opHost, redirectUrls);
    RegisterSiteResponse authServerResp = RegisterSiteTest.registerSite(client, authServer, redirectUrls);
    RsProtectTest.protectResources(client, site, UmaFullTest.resourceList(rsProtect).getResources());
    final RsCheckAccessResponse checkAccess = RsCheckAccessTest.checkAccess(client, site, null);
    final RpGetRptParams params = new RpGetRptParams();
    params.setRpId(site.getRpId());
    params.setTicket(checkAccess.getTicket());
    final RpGetRptResponse response = client.umaRpGetRpt(Tester.getAuthorization(authServerResp), authServerResp.getRpId(), params);
    Assert.assertNotNull(response);
    assertTrue(StringUtils.isNotBlank(response.getRpt()));
    assertTrue(StringUtils.isNotBlank(response.getPct()));
}
Also used : RpGetRptParams(io.jans.ca.common.params.RpGetRptParams) RsCheckAccessResponse(io.jans.ca.common.response.RsCheckAccessResponse) ClientInterface(io.jans.ca.client.ClientInterface) RegisterSiteResponse(io.jans.ca.common.response.RegisterSiteResponse) RpGetRptResponse(io.jans.ca.common.response.RpGetRptResponse) Parameters(org.testng.annotations.Parameters) Test(org.testng.annotations.Test)

Aggregations

RsCheckAccessResponse (io.jans.ca.common.response.RsCheckAccessResponse)10 ClientInterface (io.jans.ca.client.ClientInterface)7 RegisterSiteResponse (io.jans.ca.common.response.RegisterSiteResponse)7 Parameters (org.testng.annotations.Parameters)7 Test (org.testng.annotations.Test)7 RpGetRptParams (io.jans.ca.common.params.RpGetRptParams)4 RpGetRptResponse (io.jans.ca.common.response.RpGetRptResponse)4 RpGetClaimsGatheringUrlParams (io.jans.ca.common.params.RpGetClaimsGatheringUrlParams)3 RpGetClaimsGatheringUrlResponse (io.jans.ca.common.response.RpGetClaimsGatheringUrlResponse)3 RsCheckAccessParams (io.jans.ca.common.params.RsCheckAccessParams)2 CorrectRptIntrospectionResponse (io.jans.ca.common.introspection.CorrectRptIntrospectionResponse)1 CorrectUmaPermission (io.jans.ca.common.introspection.CorrectUmaPermission)1 IOpResponse (io.jans.ca.common.response.IOpResponse)1 PatProvider (io.jans.ca.rs.protect.resteasy.PatProvider)1 ResourceRegistrar (io.jans.ca.rs.protect.resteasy.ResourceRegistrar)1 RptPreProcessInterceptor (io.jans.ca.rs.protect.resteasy.RptPreProcessInterceptor)1 ServiceProvider (io.jans.ca.rs.protect.resteasy.ServiceProvider)1 HttpException (io.jans.ca.server.HttpException)1 RegisterSiteTest (io.jans.ca.server.RegisterSiteTest)1 RsCheckAccessTest (io.jans.ca.server.RsCheckAccessTest)1
About Me
UseOf

Java Tutorials :

Simple Java RabbitMQ Example with Spring
Simple Springboot JPA Eclipeslink Example
Simple SpringBoot JPA Hibernate Example
Jackson JSON @JsonIgnore and @JsonIgnoreProperties Examples
Java Infinite recursion (StackOverflowError) Jackson solutions
Simple Java Jackson Serialize Objects to JSON and convert them back To Object
ElasticSearch 5 - Upload files using Java API in binary field Example
Java JAXB marshall unmarshall Examples from String and Stream
Java 8 forEach List and Map examples
ElasticSearch 5 Java API SearchRequestBuilder examples
Java ElasticSearch 5 examples with node index and mapping - running local
Convert String to int or Integer Java 8
Java 9 in action - JShell - Ubuntu
Java - removing invalid characters from a file name
Hello world!? or Hello Tutorial