Example 1 with RsResource
use of io.jans.ca.rs.protect.RsResource in project jans by JanssenProject.
the class RsProtectOperation method validate.
private void validate(RsProtectParams params) {
if (params.getResources() == null || params.getResources().isEmpty()) {
throw new HttpException(ErrorResponseCode.NO_UMA_RESOURCES_TO_PROTECT);
}
if (!ResourceValidator.isHttpMethodUniqueInPath(params.getResources())) {
throw new HttpException(ErrorResponseCode.UMA_HTTP_METHOD_NOT_UNIQUE);
}
if (params.getResources() != null) {
for (RsResource resource : params.getResources()) {
if (resource.getConditions() != null) {
for (Condition condition : resource.getConditions()) {
if (condition.getScopeExpression() != null) {
String json = condition.getScopeExpression().toString();
if (StringUtils.isNotBlank(json) && !json.equalsIgnoreCase("null")) {
boolean nodeValid = JsonLogicNodeParser.isNodeValid(json);
LOG.trace("Scope expression validator - Valid: " + nodeValid + ", expression: " + json);
if (!nodeValid) {
throw new HttpException(ErrorResponseCode.UMA_FAILED_TO_VALIDATE_SCOPE_EXPRESSION);
}
validateScopeExpression(json);
}
}
}
}
}
}
Rp rp = getRp();
List<UmaResource> existingUmaResources = rp.getUmaProtectedResources();
if (existingUmaResources != null && !existingUmaResources.isEmpty()) {
if (params.getOverwrite() == null || !params.getOverwrite()) {
throw new HttpException(ErrorResponseCode.UMA_PROTECTION_FAILED_BECAUSE_RESOURCES_ALREADY_EXISTS);
} else {
// remove existing resources, overwrite=true
UmaMetadata discovery = getDiscoveryService().getUmaDiscoveryByRpId(params.getRpId());
String pat = getUmaTokenService().getPat(params.getRpId()).getToken();
UmaResourceService resourceService = UmaClientFactory.instance().createResourceService(discovery, getHttpService().getClientEngine());
for (UmaResource resource : existingUmaResources) {
LOG.trace("Removing existing resource " + resource.getId() + " ...");
resourceService.deleteResource("Bearer " + pat, resource.getId());
LOG.trace("Removed existing resource " + resource.getId() + ".");
}
rp.getUmaProtectedResources().clear();
getRpService().updateSilently(rp);
}
}
}
Also used :
Condition(io.jans.ca.rs.protect.Condition)
UmaMetadata(io.jans.as.model.uma.UmaMetadata)
RsResource(io.jans.ca.rs.protect.RsResource)
UmaResourceService(io.jans.as.client.uma.UmaResourceService)
HttpException(io.jans.ca.server.HttpException)
Rp(io.jans.ca.server.service.Rp)
UmaResource(io.jans.ca.server.model.UmaResource)
Example 2 with RsResource
use of io.jans.ca.rs.protect.RsResource in project jans by JanssenProject.
the class RsProtectOperation method persist.
private void persist(ResourceRegistrar registrar, Rp rp) throws IOException {
Map<Key, RsResource> resourceMapCopy = registrar.getResourceMapCopy();
for (Map.Entry<Key, String> entry : registrar.getIdMapCopy().entrySet()) {
UmaResource resource = new UmaResource();
resource.setId(entry.getValue());
resource.setPath(entry.getKey().getPath());
resource.setHttpMethods(entry.getKey().getHttpMethods());
Set<String> scopes = Sets.newHashSet();
Set<String> scopesForTicket = Sets.newHashSet();
Set<String> scopeExpressions = Sets.newHashSet();
RsResource rsResource = resourceMapCopy.get(entry.getKey());
for (String httpMethod : entry.getKey().getHttpMethods()) {
List<String> rsScopes = rsResource.scopes(httpMethod);
if (rsScopes != null) {
scopes.addAll(rsScopes);
}
scopesForTicket.addAll(rsResource.getScopesForTicket(httpMethod));
JsonNode scopeExpression = rsResource.getScopeExpression(httpMethod);
if (scopeExpression != null) {
scopeExpressions.add(scopeExpression.toString());
}
}
resource.setScopes(Lists.newArrayList(scopes));
resource.setTicketScopes(Lists.newArrayList(scopesForTicket));
resource.setScopeExpressions(Lists.newArrayList(scopeExpressions));
if (rsResource.getIat() != null && rsResource.getIat() > 0) {
resource.setIat(rsResource.getIat());
}
if (rsResource.getExp() != null && rsResource.getExp() > 0) {
resource.setExp(rsResource.getExp());
}
rp.getUmaProtectedResources().add(resource);
}
getRpService().update(rp);
}
Also used :
RsResource(io.jans.ca.rs.protect.RsResource)
JsonNode(com.fasterxml.jackson.databind.JsonNode)
Map(java.util.Map)
Key(io.jans.ca.rs.protect.resteasy.Key)
UmaResource(io.jans.ca.server.model.UmaResource)
Example 3 with RsResource
use of io.jans.ca.rs.protect.RsResource in project jans by JanssenProject.
the class ApiProtectionService method createScopeIfNeeded.
private void createScopeIfNeeded(String apiProtectionType) {
log.debug("ApiProtectionService:::createScopeIfNeeded() - apiProtectionType:{}", apiProtectionType);
List<String> rsScopes = null;
List<Scope> scopeList = new ArrayList<>();
for (RsResource rsResource : rsResourceList) {
for (Condition condition : rsResource.getConditions()) {
String resourceName = condition.getHttpMethods() + ":::" + rsResource.getPath();
rsScopes = condition.getScopes();
log.trace("ApiProtectionService:::createScopeIfNeeded() - resourceName:{}, rsScopes:{} ", resourceName, rsScopes);
// If no scopes for the path then skip validation
if (rsScopes == null || rsScopes.isEmpty()) {
break;
}
for (String scopeName : rsScopes) {
log.debug("ApiProtectionService:::createScopeIfNeeded() - scopeName:{} ", scopeName);
// Check in cache
Scope scope = ApiProtectionCache.getScope(scopeName);
log.debug("ApiProtectionService:::createScopeIfNeeded() - ApiProtectionCache.getScope(scopeName):{}", ApiProtectionCache.getScope(scopeName));
if (scope != null) {
log.debug("Scope - '{}' exists in cache.", scopeName);
scopeList.add(scope);
break;
}
// validate scope
scopeList = validateScope(scopeName);
}
// for scopes
// Add to resource cache
ApiProtectionCache.putResource(resourceName, scopeList);
log.debug("ApiProtectionService:::createScopeIfNeeded() - resourceName:{}, scopeList:{}", resourceName, scopeList);
}
// condition
}
}
Also used :
Condition(io.jans.ca.rs.protect.Condition)
Scope(io.jans.as.persistence.model.Scope)
RsResource(io.jans.ca.rs.protect.RsResource)
ArrayList(java.util.ArrayList)
Example 4 with RsResource
use of io.jans.ca.rs.protect.RsResource in project jans by JanssenProject.
the class OpClientFactoryMockImpl method getIdMap.
private static Map<Key, String> getIdMap(String rsProtect) {
Map<Key, String> rsIdMap = new HashMap<>();
try {
rsProtect = StringUtils.replace(rsProtect, "'", "\"");
RsResourceList rsResourceList = Jackson2.createJsonMapper().readValue(rsProtect, RsResourceList.class);
for (RsResource rsResource : rsResourceList.getResources()) {
for (Condition condition : rsResource.getConditions()) {
Key key = new Key();
key.setHttpMethods(condition.getHttpMethods());
key.setPath(rsResource.getPath());
rsIdMap.put(key, UUID.randomUUID().toString());
}
}
} catch (Exception e) {
LOG.error("Failed to parse uma-rs-protect resource json .", e);
}
return rsIdMap;
}
Also used :
Condition(io.jans.ca.rs.protect.Condition)
RsResource(io.jans.ca.rs.protect.RsResource)
RsResourceList(io.jans.ca.rs.protect.RsResourceList)
RSAPublicKey(io.jans.as.model.crypto.signature.RSAPublicKey)
Example 5 with RsResource
use of io.jans.ca.rs.protect.RsResource in project jans by JanssenProject.
the class RsProtectTest method overwriteTrue.
@Parameters({ "host", "redirectUrls", "opHost", "rsProtect" })
@Test
public void overwriteTrue(String host, String redirectUrls, String opHost, String rsProtect) throws IOException {
ClientInterface client = Tester.newClient(host);
final RegisterSiteResponse site = RegisterSiteTest.registerSite(client, opHost, redirectUrls);
List<RsResource> resources = UmaFullTest.resourceList(rsProtect).getResources();
protectResources(client, site, resources);
final RsProtectParams2 params = new RsProtectParams2();
params.setRpId(site.getRpId());
params.setResources(Jackson2.createJsonMapper().readTree(Jackson2.asJsonSilently(resources)));
// force overwrite
params.setOverwrite(true);
RsProtectResponse response = client.umaRsProtect(Tester.getAuthorization(site), null, params);
assertNotNull(response);
}
Also used :
RsProtectParams2(io.jans.ca.client.RsProtectParams2)
RsResource(io.jans.ca.rs.protect.RsResource)
RsProtectResponse(io.jans.ca.common.response.RsProtectResponse)
ClientInterface(io.jans.ca.client.ClientInterface)
RegisterSiteResponse(io.jans.ca.common.response.RegisterSiteResponse)
Parameters(org.testng.annotations.Parameters)
Test(org.testng.annotations.Test)
Aggregations
RsResource (io.jans.ca.rs.protect.RsResource)7
Condition (io.jans.ca.rs.protect.Condition)4
RSAPublicKey (io.jans.as.model.crypto.signature.RSAPublicKey)2
ClientInterface (io.jans.ca.client.ClientInterface)2
RsProtectParams2 (io.jans.ca.client.RsProtectParams2)2
RegisterSiteResponse (io.jans.ca.common.response.RegisterSiteResponse)2
RsResourceList (io.jans.ca.rs.protect.RsResourceList)2
UmaResource (io.jans.ca.server.model.UmaResource)2
Parameters (org.testng.annotations.Parameters)2
Test (org.testng.annotations.Test)2
JsonNode (com.fasterxml.jackson.databind.JsonNode)1
UmaResourceService (io.jans.as.client.uma.UmaResourceService)1
UmaMetadata (io.jans.as.model.uma.UmaMetadata)1
Scope (io.jans.as.persistence.model.Scope)1
RsProtectResponse (io.jans.ca.common.response.RsProtectResponse)1
Key (io.jans.ca.rs.protect.resteasy.Key)1
HttpException (io.jans.ca.server.HttpException)1
Rp (io.jans.ca.server.service.Rp)1
ArrayList (java.util.ArrayList)1
Map (java.util.Map)1
