Search in sources :

Example 1 with GluuAttribute

use of io.jans.model.GluuAttribute in project jans by JanssenProject.

the class ScopeService method fillClaims.

private void fillClaims(Map<String, Object> claims, List<String> scopeClaims, User user) throws InvalidClaimException {
    for (String claimDn : scopeClaims) {
        GluuAttribute gluuAttribute = attributeService.getAttributeByDn(claimDn);
        String claimName = gluuAttribute.getClaimName();
        String ldapName = gluuAttribute.getName();
        if (StringUtils.isBlank(claimName)) {
            log.error("Failed to get claim because claim name is not set for attribute, id: {}", gluuAttribute.getDn());
            continue;
        }
        if (StringUtils.isBlank(ldapName)) {
            log.error("Failed to get claim because name is not set for attribute, id: {}", gluuAttribute.getDn());
            continue;
        }
        setClaimField(ldapName, claimName, user, gluuAttribute, claims);
    }
}
Also used : GluuAttribute(io.jans.model.GluuAttribute)

Example 2 with GluuAttribute

use of io.jans.model.GluuAttribute in project jans by JanssenProject.

the class AttributesResource method patchAtribute.

@PATCH
@Consumes(MediaType.APPLICATION_JSON_PATCH_JSON)
@ProtectedApi(scopes = { ApiAccessConstants.ATTRIBUTES_WRITE_ACCESS })
@Path(ApiConstants.INUM_PATH)
public Response patchAtribute(@PathParam(ApiConstants.INUM) @NotNull String inum, @NotNull String pathString) throws JsonPatchException, IOException {
    log.debug(" GluuAttribute details to patch - inum = " + inum + " , pathString = " + pathString);
    GluuAttribute existingAttribute = attributeService.getAttributeByInum(inum);
    checkResourceNotNull(existingAttribute, GLUU_ATTRIBUTE);
    existingAttribute = Jackson.applyPatch(pathString, existingAttribute);
    attributeService.updateAttribute(existingAttribute);
    return Response.ok(existingAttribute).build();
}
Also used : GluuAttribute(io.jans.model.GluuAttribute) ProtectedApi(io.jans.configapi.core.rest.ProtectedApi)

Example 3 with GluuAttribute

use of io.jans.model.GluuAttribute in project jans by JanssenProject.

the class ExtensionService method getResourceExtensions.

public List<Extension> getResourceExtensions(Class<? extends BaseScimResource> cls) {
    List<Extension> list = new ArrayList<>();
    try {
        // Currently support one extension only for User Resource
        if (cls.equals(UserResource.class)) {
            Map<String, ExtensionField> fields = new HashMap<>();
            for (GluuAttribute attribute : attributeService.getSCIMRelatedAttributes()) {
                if (Optional.ofNullable(attribute.getScimCustomAttr()).orElse(false)) {
                    // first non-null check is needed because certain entries do not have the multivalue attribute set
                    ExtensionField field = new ExtensionField();
                    field.setDescription(attribute.getDescription());
                    field.setType(attribute.getDataType());
                    field.setMultiValued(Optional.ofNullable(attribute.getOxMultiValuedAttribute()).orElse(false));
                    field.setName(attribute.getName());
                    fields.put(attribute.getName(), field);
                }
            }
            String uri = appConfiguration.getUserExtensionSchemaURI();
            if (StringUtils.isEmpty(uri)) {
                uri = USER_EXT_SCHEMA_ID;
            }
            Extension ext = new Extension(uri);
            ext.setFields(fields);
            if (uri.equals(USER_EXT_SCHEMA_ID)) {
                ext.setName(USER_EXT_SCHEMA_NAME);
                ext.setDescription(USER_EXT_SCHEMA_DESCRIPTION);
            }
            list.add(ext);
        }
    } catch (Exception e) {
        log.error("An error ocurred when building extension for {}", cls.getName());
        log.error(e.getMessage(), e);
    }
    return list;
}
Also used : Extension(io.jans.scim.model.scim2.extensions.Extension) ExtensionField(io.jans.scim.model.scim2.extensions.ExtensionField) HashMap(java.util.HashMap) ArrayList(java.util.ArrayList) GluuAttribute(io.jans.model.GluuAttribute)

Example 4 with GluuAttribute

use of io.jans.model.GluuAttribute in project jans by JanssenProject.

the class RegisterRestWebServiceImpl method getJSONObject.

private JSONObject getJSONObject(Client client) throws JSONException, StringEncrypter.EncryptionException {
    JSONObject responseJsonObject = new JSONObject();
    JsonApplier.getInstance().apply(client, responseJsonObject);
    JsonApplier.getInstance().apply(client.getAttributes(), responseJsonObject);
    Util.addToJSONObjectIfNotNull(responseJsonObject, RegisterResponseParam.CLIENT_ID.toString(), client.getClientId());
    if (isTrue(appConfiguration.getReturnClientSecretOnRead())) {
        Util.addToJSONObjectIfNotNull(responseJsonObject, CLIENT_SECRET.toString(), clientService.decryptSecret(client.getClientSecret()));
    }
    Util.addToJSONObjectIfNotNull(responseJsonObject, RegisterResponseParam.REGISTRATION_ACCESS_TOKEN.toString(), client.getRegistrationAccessToken());
    Util.addToJSONObjectIfNotNull(responseJsonObject, REGISTRATION_CLIENT_URI.toString(), appConfiguration.getRegistrationEndpoint() + "?" + RegisterResponseParam.CLIENT_ID.toString() + "=" + client.getClientId());
    responseJsonObject.put(CLIENT_ID_ISSUED_AT.toString(), client.getClientIdIssuedAt().getTime() / 1000);
    responseJsonObject.put(CLIENT_SECRET_EXPIRES_AT.toString(), client.getClientSecretExpiresAt() != null && client.getClientSecretExpiresAt().getTime() > 0 ? client.getClientSecretExpiresAt().getTime() / 1000 : 0);
    Util.addToJSONObjectIfNotNull(responseJsonObject, REDIRECT_URIS.toString(), client.getRedirectUris());
    Util.addToJSONObjectIfNotNull(responseJsonObject, CLAIMS_REDIRECT_URIS.toString(), client.getClaimRedirectUris());
    Util.addToJSONObjectIfNotNull(responseJsonObject, RESPONSE_TYPES.toString(), ResponseType.toStringArray(client.getResponseTypes()));
    Util.addToJSONObjectIfNotNull(responseJsonObject, GRANT_TYPES.toString(), GrantType.toStringArray(client.getGrantTypes()));
    Util.addToJSONObjectIfNotNull(responseJsonObject, APPLICATION_TYPE.toString(), client.getApplicationType());
    Util.addToJSONObjectIfNotNull(responseJsonObject, CONTACTS.toString(), client.getContacts());
    Util.addToJSONObjectIfNotNull(responseJsonObject, CLIENT_NAME.toString(), client.getClientName());
    Util.addToJSONObjectIfNotNull(responseJsonObject, LOGO_URI.toString(), client.getLogoUri());
    Util.addToJSONObjectIfNotNull(responseJsonObject, CLIENT_URI.toString(), client.getClientUri());
    Util.addToJSONObjectIfNotNull(responseJsonObject, POLICY_URI.toString(), client.getPolicyUri());
    Util.addToJSONObjectIfNotNull(responseJsonObject, TOS_URI.toString(), client.getTosUri());
    Util.addToJSONObjectIfNotNull(responseJsonObject, JWKS_URI.toString(), client.getJwksUri());
    Util.addToJSONObjectIfNotNull(responseJsonObject, SECTOR_IDENTIFIER_URI.toString(), client.getSectorIdentifierUri());
    Util.addToJSONObjectIfNotNull(responseJsonObject, SUBJECT_TYPE.toString(), client.getSubjectType());
    Util.addToJSONObjectIfNotNull(responseJsonObject, AUTHORIZATION_SIGNED_RESPONSE_ALG.toString(), client.getAttributes().getAuthorizationSignedResponseAlg());
    Util.addToJSONObjectIfNotNull(responseJsonObject, AUTHORIZATION_ENCRYPTED_RESPONSE_ALG.toString(), client.getAttributes().getAuthorizationEncryptedResponseAlg());
    Util.addToJSONObjectIfNotNull(responseJsonObject, AUTHORIZATION_ENCRYPTED_RESPONSE_ENC.toString(), client.getAttributes().getAuthorizationEncryptedResponseEnc());
    Util.addToJSONObjectIfNotNull(responseJsonObject, ID_TOKEN_SIGNED_RESPONSE_ALG.toString(), client.getIdTokenSignedResponseAlg());
    Util.addToJSONObjectIfNotNull(responseJsonObject, ID_TOKEN_ENCRYPTED_RESPONSE_ALG.toString(), client.getIdTokenEncryptedResponseAlg());
    Util.addToJSONObjectIfNotNull(responseJsonObject, ID_TOKEN_ENCRYPTED_RESPONSE_ENC.toString(), client.getIdTokenEncryptedResponseEnc());
    Util.addToJSONObjectIfNotNull(responseJsonObject, USERINFO_SIGNED_RESPONSE_ALG.toString(), client.getUserInfoSignedResponseAlg());
    Util.addToJSONObjectIfNotNull(responseJsonObject, USERINFO_ENCRYPTED_RESPONSE_ALG.toString(), client.getUserInfoEncryptedResponseAlg());
    Util.addToJSONObjectIfNotNull(responseJsonObject, USERINFO_ENCRYPTED_RESPONSE_ENC.toString(), client.getUserInfoEncryptedResponseEnc());
    Util.addToJSONObjectIfNotNull(responseJsonObject, REQUEST_OBJECT_SIGNING_ALG.toString(), client.getRequestObjectSigningAlg());
    Util.addToJSONObjectIfNotNull(responseJsonObject, REQUEST_OBJECT_ENCRYPTION_ALG.toString(), client.getRequestObjectEncryptionAlg());
    Util.addToJSONObjectIfNotNull(responseJsonObject, REQUEST_OBJECT_ENCRYPTION_ENC.toString(), client.getRequestObjectEncryptionEnc());
    Util.addToJSONObjectIfNotNull(responseJsonObject, TOKEN_ENDPOINT_AUTH_METHOD.toString(), client.getTokenEndpointAuthMethod());
    Util.addToJSONObjectIfNotNull(responseJsonObject, TOKEN_ENDPOINT_AUTH_SIGNING_ALG.toString(), client.getTokenEndpointAuthSigningAlg());
    Util.addToJSONObjectIfNotNull(responseJsonObject, DEFAULT_MAX_AGE.toString(), client.getDefaultMaxAge());
    Util.addToJSONObjectIfNotNull(responseJsonObject, REQUIRE_AUTH_TIME.toString(), client.getRequireAuthTime());
    Util.addToJSONObjectIfNotNull(responseJsonObject, DEFAULT_ACR_VALUES.toString(), client.getDefaultAcrValues());
    Util.addToJSONObjectIfNotNull(responseJsonObject, INITIATE_LOGIN_URI.toString(), client.getInitiateLoginUri());
    Util.addToJSONObjectIfNotNull(responseJsonObject, POST_LOGOUT_REDIRECT_URIS.toString(), client.getPostLogoutRedirectUris());
    Util.addToJSONObjectIfNotNull(responseJsonObject, REQUEST_URIS.toString(), client.getRequestUris());
    Util.addToJSONObjectIfNotNull(responseJsonObject, AUTHORIZED_ORIGINS.toString(), client.getAuthorizedOrigins());
    Util.addToJSONObjectIfNotNull(responseJsonObject, RPT_AS_JWT.toString(), client.isRptAsJwt());
    Util.addToJSONObjectIfNotNull(responseJsonObject, TLS_CLIENT_AUTH_SUBJECT_DN.toString(), client.getAttributes().getTlsClientAuthSubjectDn());
    Util.addToJSONObjectIfNotNull(responseJsonObject, ALLOW_SPONTANEOUS_SCOPES.toString(), client.getAttributes().getAllowSpontaneousScopes());
    Util.addToJSONObjectIfNotNull(responseJsonObject, SPONTANEOUS_SCOPES.toString(), client.getAttributes().getSpontaneousScopes());
    Util.addToJSONObjectIfNotNull(responseJsonObject, RUN_INTROSPECTION_SCRIPT_BEFORE_ACCESS_TOKEN_CREATION_AS_JWT_AND_INCLUDE_CLAIMS.toString(), client.getAttributes().getRunIntrospectionScriptBeforeAccessTokenAsJwtCreationAndIncludeClaims());
    Util.addToJSONObjectIfNotNull(responseJsonObject, KEEP_CLIENT_AUTHORIZATION_AFTER_EXPIRATION.toString(), client.getAttributes().getKeepClientAuthorizationAfterExpiration());
    Util.addToJSONObjectIfNotNull(responseJsonObject, ACCESS_TOKEN_AS_JWT.toString(), client.isAccessTokenAsJwt());
    Util.addToJSONObjectIfNotNull(responseJsonObject, ACCESS_TOKEN_SIGNING_ALG.toString(), client.getAccessTokenSigningAlg());
    Util.addToJSONObjectIfNotNull(responseJsonObject, ACCESS_TOKEN_LIFETIME.toString(), client.getAccessTokenLifetime());
    Util.addToJSONObjectIfNotNull(responseJsonObject, PAR_LIFETIME.toString(), client.getAttributes().getParLifetime());
    Util.addToJSONObjectIfNotNull(responseJsonObject, REQUIRE_PAR.toString(), client.getAttributes().getRequirePar());
    Util.addToJSONObjectIfNotNull(responseJsonObject, SOFTWARE_ID.toString(), client.getSoftwareId());
    Util.addToJSONObjectIfNotNull(responseJsonObject, SOFTWARE_VERSION.toString(), client.getSoftwareVersion());
    Util.addToJSONObjectIfNotNull(responseJsonObject, SOFTWARE_STATEMENT.toString(), client.getSoftwareStatement());
    Util.addToJSONObjectIfNotNull(responseJsonObject, PUBLIC_SUBJECT_IDENTIFIER_ATTRIBUTE.getName(), client.getAttributes().getPublicSubjectIdentifierAttribute());
    if (!Util.isNullOrEmpty(client.getJwks())) {
        Util.addToJSONObjectIfNotNull(responseJsonObject, JWKS.toString(), new JSONObject(client.getJwks()));
    }
    // Logout params
    Util.addToJSONObjectIfNotNull(responseJsonObject, FRONT_CHANNEL_LOGOUT_URI.toString(), client.getFrontChannelLogoutUri());
    Util.addToJSONObjectIfNotNull(responseJsonObject, FRONT_CHANNEL_LOGOUT_SESSION_REQUIRED.toString(), client.getFrontChannelLogoutSessionRequired());
    Util.addToJSONObjectIfNotNull(responseJsonObject, BACKCHANNEL_LOGOUT_URI.toString(), client.getAttributes().getBackchannelLogoutUri());
    Util.addToJSONObjectIfNotNull(responseJsonObject, BACKCHANNEL_LOGOUT_SESSION_REQUIRED.toString(), client.getAttributes().getBackchannelLogoutSessionRequired());
    // Custom Params
    String[] scopeNames = null;
    String[] scopeDns = client.getScopes();
    if (scopeDns != null) {
        scopeNames = new String[scopeDns.length];
        for (int i = 0; i < scopeDns.length; i++) {
            Scope scope = scopeService.getScopeByDn(scopeDns[i]);
            scopeNames[i] = scope.getId();
        }
    }
    Util.addToJSONObjectIfNotNull(responseJsonObject, SCOPE.toString(), implode(scopeNames, " "));
    String[] claimNames = null;
    String[] claimDns = client.getClaims();
    if (claimDns != null) {
        claimNames = new String[claimDns.length];
        for (int i = 0; i < claimDns.length; i++) {
            GluuAttribute gluuAttribute = attributeService.getAttributeByDn(claimDns[i]);
            claimNames[i] = gluuAttribute.getClaimName();
        }
    }
    putCustomAttributesInResponse(client, responseJsonObject);
    if (claimNames != null && claimNames.length > 0) {
        Util.addToJSONObjectIfNotNull(responseJsonObject, CLAIMS.toString(), implode(claimNames, " "));
    }
    cibaRegisterClientResponseService.updateResponse(responseJsonObject, client);
    return responseJsonObject;
}
Also used : JSONObject(org.json.JSONObject) Scope(io.jans.as.persistence.model.Scope) GluuAttribute(io.jans.model.GluuAttribute)

Example 5 with GluuAttribute

use of io.jans.model.GluuAttribute in project jans by JanssenProject.

the class JansConfigurationWS method createScopeToClaimsMapping.

private Map<String, Set<String>> createScopeToClaimsMapping() {
    Map<String, Set<String>> result = new HashMap<>();
    try {
        for (Scope scope : scopeService.getAllScopesList()) {
            final Set<String> claimsList = new HashSet<>();
            result.put(scope.getId(), claimsList);
            final List<String> claimIdList = scope.getClaims();
            if (claimIdList != null && !claimIdList.isEmpty()) {
                for (String claimDn : claimIdList) {
                    final GluuAttribute attribute = attributeService.getAttributeByDn(claimDn);
                    final String claimName = attribute.getClaimName();
                    if (StringUtils.isNotBlank(claimName)) {
                        claimsList.add(claimName);
                    }
                }
            }
        }
    } catch (Exception e) {
        log.error(e.getMessage(), e);
    }
    return result;
}
Also used : HashSet(java.util.HashSet) Set(java.util.Set) Scope(io.jans.as.persistence.model.Scope) HashMap(java.util.HashMap) WebApplicationException(javax.ws.rs.WebApplicationException) HashSet(java.util.HashSet) GluuAttribute(io.jans.model.GluuAttribute)

Aggregations

GluuAttribute (io.jans.model.GluuAttribute)26 Scope (io.jans.as.persistence.model.Scope)8 JSONObject (org.json.JSONObject)7 ProtectedApi (io.jans.configapi.core.rest.ProtectedApi)5 ArrayList (java.util.ArrayList)4 JwtSubClaimObject (io.jans.as.model.jwt.JwtSubClaimObject)3 HashMap (java.util.HashMap)3 HashSet (java.util.HashSet)3 User (io.jans.as.common.model.common.User)2 Client (io.jans.as.common.model.registration.Client)2 Claim (io.jans.as.server.model.authorize.Claim)2 Filter (io.jans.orm.search.filter.Filter)2 IOException (java.io.IOException)2 Date (java.util.Date)2 List (java.util.List)2 JSONArray (org.json.JSONArray)2 ArgumentMatchers.anyString (org.mockito.ArgumentMatchers.anyString)2 Test (org.testng.annotations.Test)2 JsonWebResponse (io.jans.as.model.token.JsonWebResponse)1 JwtAuthorizationRequest (io.jans.as.server.model.authorize.JwtAuthorizationRequest)1