use of io.jans.ca.rs.protect.resteasy.ResourceRegistrar in project jans by JanssenProject.
the class RsProtectOperation method execute.
@Override
public IOpResponse execute(final RsProtectParams params) throws Exception {
validate(params);
Rp rp = getRp();
PatProvider patProvider = new PatProvider() {
@Override
public String getPatToken() {
return getUmaTokenService().getPat(params.getRpId()).getToken();
}
@Override
public void clearPat() {
// do nothing
}
};
ResourceRegistrar registrar = getOpClientFactory().createResourceRegistrar(patProvider, new ServiceProvider(rp.getOpHost()));
try {
registrar.register(params.getResources());
} catch (ClientErrorException e) {
LOG.debug("Failed to register resource. Entity: " + e.getResponse().readEntity(String.class) + ", status: " + e.getResponse().getStatus(), e);
if (e.getResponse().getStatus() == 400 || e.getResponse().getStatus() == 401) {
LOG.debug("Try maybe PAT is lost on AS, force refresh PAT and re-try ...");
// force to refresh PAT
getUmaTokenService().obtainPat(params.getRpId());
registrar.register(params.getResources());
} else {
throw e;
}
} catch (Exception e) {
LOG.error(e.getMessage(), e);
throw e;
}
persist(registrar, rp);
return new RsProtectResponse(rp.getRpId());
}
use of io.jans.ca.rs.protect.resteasy.ResourceRegistrar in project jans by JanssenProject.
the class RsCheckAccessOperation method execute.
@Override
public IOpResponse execute(final RsCheckAccessParams params) throws Exception {
validate(params);
Rp rp = getRp();
UmaResource resource = rp.umaResource(params.getPath(), params.getHttpMethod());
if (resource == null) {
final ErrorResponse error = new ErrorResponse("invalid_request");
error.setErrorDescription("Resource is not protected with path: " + params.getPath() + " and httpMethod: " + params.getHttpMethod() + ". Please protect your resource first with uma_rs_protect command. Check details on " + CoreUtils.DOC_URL);
LOG.error(error.getErrorDescription());
throw new WebApplicationException(Response.status(Response.Status.BAD_REQUEST).type(MediaType.APPLICATION_JSON_TYPE).entity(Jackson2.asJson(error)).build());
}
PatProvider patProvider = new PatProvider() {
@Override
public String getPatToken() {
return getUmaTokenService().getPat(params.getRpId()).getToken();
}
@Override
public void clearPat() {
// do nothing
}
};
List<String> requiredScopes = getRequiredScopes(params, resource);
CorrectRptIntrospectionResponse status = getIntrospectionService().introspectRpt(params.getRpId(), params.getRpt());
LOG.trace("RPT: " + params.getRpt() + ", status: " + status);
if (!Strings.isNullOrEmpty(params.getRpt()) && status != null && status.getActive() && status.getPermissions() != null) {
for (CorrectUmaPermission permission : status.getPermissions()) {
boolean containsAny = !Collections.disjoint(requiredScopes, permission.getScopes());
LOG.trace("containsAny: " + containsAny + ", requiredScopes: " + requiredScopes + ", permissionScopes: " + permission.getScopes());
if (containsAny) {
if ((permission.getResourceId() != null && permission.getResourceId().equals(resource.getId()))) {
// normal UMA
LOG.debug("RPT has enough permissions, access GRANTED. Path: " + params.getPath() + ", httpMethod:" + params.getHttpMethod() + ", site: " + rp);
return new RsCheckAccessResponse("granted");
}
}
}
}
if (CollectionUtils.isEmpty(params.getScopes()) && !CollectionUtils.isEmpty(resource.getTicketScopes())) {
requiredScopes = resource.getTicketScopes();
}
final RptPreProcessInterceptor rptInterceptor = getOpClientFactory().createRptPreProcessInterceptor(new ResourceRegistrar(patProvider, new ServiceProvider(rp.getOpHost())));
Response response = null;
try {
LOG.trace("Try to register ticket, scopes: " + requiredScopes + ", resourceId: " + resource.getId());
response = rptInterceptor.registerTicketResponse(requiredScopes, resource.getId());
} catch (ClientErrorException e) {
LOG.debug("Failed to register ticket. Entity: " + e.getResponse().readEntity(String.class) + ", status: " + e.getResponse().getStatus(), e);
if (e.getResponse().getStatus() == 400 || e.getResponse().getStatus() == 401) {
LOG.debug("Try maybe PAT is lost on AS, force refresh PAT and request ticket again ...");
// force to refresh PAT
getUmaTokenService().obtainPat(params.getRpId());
response = rptInterceptor.registerTicketResponse(requiredScopes, resource.getId());
} else {
throw e;
}
} catch (Exception e) {
LOG.error(e.getMessage(), e);
throw e;
}
RsCheckAccessResponse opResponse = new RsCheckAccessResponse("denied");
opResponse.setWwwAuthenticateHeader((String) response.getMetadata().getFirst("WWW-Authenticate"));
opResponse.setTicket(((PermissionTicket) response.getEntity()).getTicket());
LOG.debug("Access denied for path: " + params.getPath() + " and httpMethod: " + params.getHttpMethod() + ". Ticket is registered: " + opResponse);
return opResponse;
}
Aggregations