use of io.jans.ca.rs.protect.Condition in project jans by JanssenProject.
the class RsProtectOperation method validate.
private void validate(RsProtectParams params) {
if (params.getResources() == null || params.getResources().isEmpty()) {
throw new HttpException(ErrorResponseCode.NO_UMA_RESOURCES_TO_PROTECT);
}
if (!ResourceValidator.isHttpMethodUniqueInPath(params.getResources())) {
throw new HttpException(ErrorResponseCode.UMA_HTTP_METHOD_NOT_UNIQUE);
}
if (params.getResources() != null) {
for (RsResource resource : params.getResources()) {
if (resource.getConditions() != null) {
for (Condition condition : resource.getConditions()) {
if (condition.getScopeExpression() != null) {
String json = condition.getScopeExpression().toString();
if (StringUtils.isNotBlank(json) && !json.equalsIgnoreCase("null")) {
boolean nodeValid = JsonLogicNodeParser.isNodeValid(json);
LOG.trace("Scope expression validator - Valid: " + nodeValid + ", expression: " + json);
if (!nodeValid) {
throw new HttpException(ErrorResponseCode.UMA_FAILED_TO_VALIDATE_SCOPE_EXPRESSION);
}
validateScopeExpression(json);
}
}
}
}
}
}
Rp rp = getRp();
List<UmaResource> existingUmaResources = rp.getUmaProtectedResources();
if (existingUmaResources != null && !existingUmaResources.isEmpty()) {
if (params.getOverwrite() == null || !params.getOverwrite()) {
throw new HttpException(ErrorResponseCode.UMA_PROTECTION_FAILED_BECAUSE_RESOURCES_ALREADY_EXISTS);
} else {
// remove existing resources, overwrite=true
UmaMetadata discovery = getDiscoveryService().getUmaDiscoveryByRpId(params.getRpId());
String pat = getUmaTokenService().getPat(params.getRpId()).getToken();
UmaResourceService resourceService = UmaClientFactory.instance().createResourceService(discovery, getHttpService().getClientEngine());
for (UmaResource resource : existingUmaResources) {
LOG.trace("Removing existing resource " + resource.getId() + " ...");
resourceService.deleteResource("Bearer " + pat, resource.getId());
LOG.trace("Removed existing resource " + resource.getId() + ".");
}
rp.getUmaProtectedResources().clear();
getRpService().updateSilently(rp);
}
}
}
use of io.jans.ca.rs.protect.Condition in project jans by JanssenProject.
the class ApiProtectionService method createScopeIfNeeded.
private void createScopeIfNeeded(String apiProtectionType) {
log.debug("ApiProtectionService:::createScopeIfNeeded() - apiProtectionType:{}", apiProtectionType);
List<String> rsScopes = null;
List<Scope> scopeList = new ArrayList<>();
for (RsResource rsResource : rsResourceList) {
for (Condition condition : rsResource.getConditions()) {
String resourceName = condition.getHttpMethods() + ":::" + rsResource.getPath();
rsScopes = condition.getScopes();
log.trace("ApiProtectionService:::createScopeIfNeeded() - resourceName:{}, rsScopes:{} ", resourceName, rsScopes);
// If no scopes for the path then skip validation
if (rsScopes == null || rsScopes.isEmpty()) {
break;
}
for (String scopeName : rsScopes) {
log.debug("ApiProtectionService:::createScopeIfNeeded() - scopeName:{} ", scopeName);
// Check in cache
Scope scope = ApiProtectionCache.getScope(scopeName);
log.debug("ApiProtectionService:::createScopeIfNeeded() - ApiProtectionCache.getScope(scopeName):{}", ApiProtectionCache.getScope(scopeName));
if (scope != null) {
log.debug("Scope - '{}' exists in cache.", scopeName);
scopeList.add(scope);
break;
}
// validate scope
scopeList = validateScope(scopeName);
}
// for scopes
// Add to resource cache
ApiProtectionCache.putResource(resourceName, scopeList);
log.debug("ApiProtectionService:::createScopeIfNeeded() - resourceName:{}, scopeList:{}", resourceName, scopeList);
}
// condition
}
}
use of io.jans.ca.rs.protect.Condition in project jans by JanssenProject.
the class OpClientFactoryMockImpl method getIdMap.
private static Map<Key, String> getIdMap(String rsProtect) {
Map<Key, String> rsIdMap = new HashMap<>();
try {
rsProtect = StringUtils.replace(rsProtect, "'", "\"");
RsResourceList rsResourceList = Jackson2.createJsonMapper().readValue(rsProtect, RsResourceList.class);
for (RsResource rsResource : rsResourceList.getResources()) {
for (Condition condition : rsResource.getConditions()) {
Key key = new Key();
key.setHttpMethods(condition.getHttpMethods());
key.setPath(rsResource.getPath());
rsIdMap.put(key, UUID.randomUUID().toString());
}
}
} catch (Exception e) {
LOG.error("Failed to parse uma-rs-protect resource json .", e);
}
return rsIdMap;
}
use of io.jans.ca.rs.protect.Condition in project jans by JanssenProject.
the class ResourceRegistrar method register.
private void register(RsResource rsResource) {
try {
for (Condition condition : rsResource.getConditions()) {
Key key = new Key(rsResource.getPath(), condition.getHttpMethods());
UmaResource resource = new UmaResource();
resource.setName(key.getResourceName());
if (condition.getScopeExpression() != null && JsonLogicNodeParser.isNodeValid(condition.getScopeExpression().toString())) {
resource.setScopeExpression(condition.getScopeExpression().toString());
resource.setScopes(JsonLogicNodeParser.parseNode(condition.getScopeExpression().toString()).getData());
} else {
resource.setScopes(condition.getScopes());
}
// set creation and expiration timestamp
if (isSafeToInt(rsResource.getIat())) {
resource.setIat(rsResource.getIat());
}
if (isSafeToInt(rsResource.getExp())) {
resource.setExp(rsResource.getExp());
}
UmaResourceResponse resourceResponse = serviceProvider.getResourceService().addResource("Bearer " + patProvider.getPatToken(), resource);
Preconditions.checkNotNull(resourceResponse.getId(), "Resource ID can not be null.");
resourceMap.put(key, rsResource);
idMap.put(key, resourceResponse.getId());
LOG.debug("Registered resource, path: " + key.getPath() + ", http methods: " + condition.getHttpMethods() + ", id: " + resourceResponse.getId());
}
} catch (Exception ex) {
LOG.error(ex.getMessage(), ex);
throw ex;
}
}
use of io.jans.ca.rs.protect.Condition in project jans by JanssenProject.
the class ResourceRegistrar method putRegisteredResource.
public void putRegisteredResource(RsResource resource, String idOfResourceOnAuthorizationServer) {
for (Condition condition : resource.getConditions()) {
Key key = new Key(resource.getPath(), condition.getHttpMethods());
resourceMap.put(key, resource);
idMap.put(key, idOfResourceOnAuthorizationServer);
LOG.debug("Put registered resource, path: " + key.getPath() + ", http methods: " + condition.getHttpMethods() + ", id: " + idOfResourceOnAuthorizationServer);
}
}
Aggregations