Search in sources :

Example 31 with ResourceSetDescription

use of org.forgerock.oauth2.resources.ResourceSetDescription in project OpenAM by OpenRock.

the class UmaAuditLogger method getResourceSet.

private ResourceSetDescription getResourceSet(String resourceSetId, OAuth2ProviderSettings providerSettings) throws UmaException {
    try {
        ResourceSetStore store = providerSettings.getResourceSetStore();
        Set<ResourceSetDescription> results = store.query(QueryFilter.equalTo(ResourceSetTokenField.RESOURCE_SET_ID, resourceSetId));
        if (results.size() != 1) {
            throw new UmaException(400, "invalid_resource_set_id", "Could not find Resource Set, " + resourceSetId);
        }
        return results.iterator().next();
    } catch (org.forgerock.oauth2.core.exceptions.ServerException e) {
        throw new UmaException(400, "invalid_resource_set_id", e.getMessage());
    }
}
Also used : ResourceSetStore(org.forgerock.oauth2.resources.ResourceSetStore) UmaException(org.forgerock.openam.uma.UmaException) ResourceSetDescription(org.forgerock.oauth2.resources.ResourceSetDescription)

Example 32 with ResourceSetDescription

use of org.forgerock.oauth2.resources.ResourceSetDescription in project OpenAM by OpenRock.

the class UmaAuditLogger method getResourceName.

public String getResourceName(String resourceSetId, Request request) throws NotFoundException, UmaException, org.forgerock.oauth2.core.exceptions.ServerException {
    OAuth2ProviderSettings providerSettings = oauth2ProviderSettingsFactory.get(requestFactory.create(request));
    ResourceSetDescription resourceSetDescription = getResourceSet(resourceSetId, providerSettings);
    return resourceSetDescription.getName();
}
Also used : OAuth2ProviderSettings(org.forgerock.oauth2.core.OAuth2ProviderSettings) ResourceSetDescription(org.forgerock.oauth2.resources.ResourceSetDescription)

Example 33 with ResourceSetDescription

use of org.forgerock.oauth2.resources.ResourceSetDescription in project OpenAM by OpenRock.

the class PermissionRequestEndpoint method registerPermissionRequest.

/**
     * Registers the permission that the client requires for it to be able to access a protected resource.
     *
     * @param entity The permission request JSON body.
     * @return A JSON object containing the permission ticket.
     * @throws UmaException If the JSON request body is invalid or the requested resource set does not exist.
     */
@Post
public Representation registerPermissionRequest(JsonRepresentation entity) throws UmaException, NotFoundException, ServerException {
    JsonValue permissionRequest = json(toMap(entity));
    String resourceSetId = getResourceSetId(permissionRequest);
    OAuth2Request oAuth2Request = requestFactory.create(getRequest());
    String clientId = getClientId(oAuth2Request);
    OAuth2ProviderSettings providerSettings = providerSettingsFactory.get(oAuth2Request);
    String resourceOwnerId = getResourceOwnerId(oAuth2Request);
    ResourceSetDescription resourceSetDescription = getResourceSet(resourceSetId, resourceOwnerId, providerSettings);
    Set<String> scopes = validateScopes(permissionRequest, resourceSetDescription);
    for (PermissionRequestFilter filter : extensionFilterManager.getFilters(PermissionRequestFilter.class)) {
        filter.onPermissionRequest(resourceSetDescription, scopes, clientId);
    }
    String ticket = umaProviderSettingsFactory.get(getRequest()).getUmaTokenStore().createPermissionTicket(resourceSetId, scopes, clientId).getId();
    return setResponse(201, Collections.<String, Object>singletonMap("ticket", ticket));
}
Also used : OAuth2Request(org.forgerock.oauth2.core.OAuth2Request) PermissionRequestFilter(org.forgerock.openam.uma.extensions.PermissionRequestFilter) JsonValue(org.forgerock.json.JsonValue) OAuth2ProviderSettings(org.forgerock.oauth2.core.OAuth2ProviderSettings) ResourceSetDescription(org.forgerock.oauth2.resources.ResourceSetDescription) Post(org.restlet.resource.Post)

Example 34 with ResourceSetDescription

use of org.forgerock.oauth2.resources.ResourceSetDescription in project OpenAM by OpenRock.

the class UmaResourceSetRegistrationHook method resourceSetCreated.

/**
     * Creates a ResourceType for the Resource Set and adds it to the Resource Server's policy Application.
     *
     * @param realm {@inheritDoc}
     * @param resourceSet {@inheritDoc}
     */
@Override
public void resourceSetCreated(String realm, ResourceSetDescription resourceSet) throws ServerException {
    Map<String, Boolean> resourceTypeActions = new HashMap<String, Boolean>();
    for (String umaScope : resourceSet.getScopes()) {
        resourceTypeActions.put(umaScope, Boolean.TRUE);
    }
    ResourceType resourceType = ResourceType.builder().setName(resourceSet.getName() + " - " + resourceSet.getId()).setUUID(resourceSet.getId()).setDescription("Dynamically created resource type for the UMA resource set. " + "Used to find all Policy Engine Policies that make up an UMA Policy").setActions(resourceTypeActions).addPattern(UmaConstants.UMA_POLICY_SCHEME_PATTERN).build();
    Subject adminSubject = SubjectUtils.createSuperAdminSubject();
    try {
        resourceTypeService.saveResourceType(adminSubject, realm, resourceType);
    } catch (EntitlementException e) {
        logger.error("Failed to create resource type for resource set, {}", resourceSet, e);
        throw new ServerException(e);
    }
    try {
        Application application = applicationManager.getApplication(adminSubject, realm, resourceSet.getClientId().toLowerCase());
        application.addResourceTypeUuid(resourceType.getUUID());
        applicationManager.saveApplication(adminSubject, realm, application);
    } catch (EntitlementException e) {
        logger.error("Failed to add Resource Type, " + resourceType.getUUID() + " to application, " + resourceSet.getClientId(), e);
        throw new ServerException(e);
    }
}
Also used : EntitlementException(com.sun.identity.entitlement.EntitlementException) ServerException(org.forgerock.oauth2.core.exceptions.ServerException) HashMap(java.util.HashMap) ResourceType(org.forgerock.openam.entitlement.ResourceType) Application(com.sun.identity.entitlement.Application) Subject(javax.security.auth.Subject)

Example 35 with ResourceSetDescription

use of org.forgerock.oauth2.resources.ResourceSetDescription in project OpenAM by OpenRock.

the class AuthorizationRequestEndpointTest method setup.

@BeforeMethod
@SuppressWarnings("unchecked")
public void setup() throws ServerException, InvalidGrantException, NotFoundException, EntitlementException, JSONException {
    requestFactory = mock(OAuth2RequestFactory.class);
    OAuth2Request oAuth2Request = mock(OAuth2Request.class);
    given(requestFactory.create(any(Request.class))).willReturn(oAuth2Request);
    given(oAuth2Request.getParameter("realm")).willReturn("REALM");
    accessToken = mock(AccessToken.class);
    oauth2TokenStore = mock(TokenStore.class);
    given(oauth2TokenStore.readAccessToken(Matchers.<OAuth2Request>anyObject(), anyString())).willReturn(accessToken);
    given(accessToken.getClientId()).willReturn(RS_CLIENT_ID);
    given(accessToken.getResourceOwnerId()).willReturn(REQUESTING_PARTY_ID);
    umaAuditLogger = mock(UmaAuditLogger.class);
    umaTokenStore = mock(UmaTokenStore.class);
    rpt = mock(RequestingPartyToken.class);
    given(rpt.getId()).willReturn("1");
    permissionTicket = mock(PermissionTicket.class);
    given(permissionTicket.getExpiryTime()).willReturn(System.currentTimeMillis() + 10000);
    given(permissionTicket.getResourceSetId()).willReturn(RS_ID);
    given(permissionTicket.getResourceServerClientId()).willReturn(RS_CLIENT_ID);
    given(permissionTicket.getRealm()).willReturn("REALM");
    given(umaTokenStore.readPermissionTicket(anyString())).willReturn(permissionTicket);
    given(umaTokenStore.createRPT(Matchers.<PermissionTicket>anyObject())).willReturn(rpt);
    resourceSetStore = mock(ResourceSetStore.class);
    ResourceSetDescription resourceSet = new ResourceSetDescription();
    resourceSet.setId(RS_DESCRIPTION_ID);
    resourceSet.setResourceOwnerId(RESOURCE_OWNER_ID);
    given(resourceSetStore.query(QueryFilter.equalTo(ResourceSetTokenField.RESOURCE_SET_ID, RS_ID))).willReturn(Collections.singleton(resourceSet));
    umaProviderSettings = mock(UmaProviderSettings.class);
    policyEvaluator = mock(Evaluator.class);
    given(umaProviderSettings.getPolicyEvaluator(any(Subject.class), eq(RS_CLIENT_ID.toLowerCase()))).willReturn(policyEvaluator);
    given(umaProviderSettings.getUmaTokenStore()).willReturn(umaTokenStore);
    umaProviderSettingsFactory = mock(UmaProviderSettingsFactory.class);
    given(umaProviderSettingsFactory.get(Matchers.<Request>anyObject())).willReturn(umaProviderSettings);
    given(umaProviderSettings.getUmaTokenStore()).willReturn(umaTokenStore);
    OAuth2ProviderSettingsFactory oauth2ProviderSettingsFactory = mock(OAuth2ProviderSettingsFactory.class);
    OAuth2ProviderSettings oauth2ProviderSettings = mock(OAuth2ProviderSettings.class);
    given(oauth2ProviderSettingsFactory.get(any(OAuth2Request.class))).willReturn(oauth2ProviderSettings);
    given(oauth2ProviderSettings.getResourceSetStore()).willReturn(resourceSetStore);
    OAuth2UrisFactory<RealmInfo> oauth2UrisFactory = mock(OAuth2UrisFactory.class);
    OAuth2Uris oauth2Uris = mock(OAuth2Uris.class);
    given(oauth2UrisFactory.get(any(OAuth2Request.class))).willReturn(oauth2Uris);
    given(oauth2Uris.getIssuer()).willReturn("ISSUER");
    pendingRequestsService = mock(PendingRequestsService.class);
    Map<String, ClaimGatherer> claimGatherers = new HashMap<>();
    idTokenClaimGatherer = mock(IdTokenClaimGatherer.class);
    claimGatherers.put(IdTokenClaimGatherer.FORMAT, idTokenClaimGatherer);
    ExtensionFilterManager extensionFilterManager = mock(ExtensionFilterManager.class);
    requestAuthorizationFilter = mock(RequestAuthorizationFilter.class);
    given(extensionFilterManager.getFilters(RequestAuthorizationFilter.class)).willReturn(Collections.singletonList(requestAuthorizationFilter));
    UmaExceptionHandler exceptionHandler = mock(UmaExceptionHandler.class);
    endpoint = spy(new AuthorizationRequestEndpoint2(umaProviderSettingsFactory, oauth2TokenStore, requestFactory, oauth2ProviderSettingsFactory, oauth2UrisFactory, umaAuditLogger, pendingRequestsService, claimGatherers, extensionFilterManager, exceptionHandler, jacksonRepresentationFactory));
    request = mock(Request.class);
    given(endpoint.getRequest()).willReturn(request);
    response = mock(Response.class);
    endpoint.setResponse(response);
    requestBody = mock(JSONObject.class);
    given(requestBody.toString()).willReturn("{\"ticket\": \"016f84e8-f9b9-11e0-bd6f-0021cc6004de\"}");
    entity = mock(JsonRepresentation.class);
    given(entity.getJsonObject()).willReturn(requestBody);
}
Also used : OAuth2Uris(org.forgerock.oauth2.core.OAuth2Uris) HashMap(java.util.HashMap) Matchers.anyString(org.mockito.Matchers.anyString) ResourceSetDescription(org.forgerock.oauth2.resources.ResourceSetDescription) RealmInfo(org.forgerock.openam.core.RealmInfo) OAuth2RequestFactory(org.forgerock.oauth2.core.OAuth2RequestFactory) OAuth2ProviderSettingsFactory(org.forgerock.oauth2.core.OAuth2ProviderSettingsFactory) AccessToken(org.forgerock.oauth2.core.AccessToken) ResourceSetStore(org.forgerock.oauth2.resources.ResourceSetStore) OAuth2ProviderSettings(org.forgerock.oauth2.core.OAuth2ProviderSettings) UmaAuditLogger(org.forgerock.openam.uma.audit.UmaAuditLogger) UmaPendingRequest(org.forgerock.openam.sm.datalayer.impl.uma.UmaPendingRequest) OAuth2Request(org.forgerock.oauth2.core.OAuth2Request) HttpServletRequest(javax.servlet.http.HttpServletRequest) Request(org.restlet.Request) RequestAuthorizationFilter(org.forgerock.openam.uma.extensions.RequestAuthorizationFilter) Evaluator(com.sun.identity.entitlement.Evaluator) Subject(javax.security.auth.Subject) Response(org.restlet.Response) OAuth2Request(org.forgerock.oauth2.core.OAuth2Request) JSONObject(org.json.JSONObject) TokenStore(org.forgerock.oauth2.core.TokenStore) JsonRepresentation(org.restlet.ext.json.JsonRepresentation) ExtensionFilterManager(org.forgerock.openam.oauth2.extensions.ExtensionFilterManager) BeforeMethod(org.testng.annotations.BeforeMethod)

Aggregations

ResourceSetDescription (org.forgerock.oauth2.resources.ResourceSetDescription)59 Test (org.testng.annotations.Test)33 ResourceException (org.forgerock.json.resource.ResourceException)19 HashSet (java.util.HashSet)15 UmaPolicy (org.forgerock.openam.uma.UmaPolicy)15 Context (org.forgerock.services.context.Context)14 JsonValue (org.forgerock.json.JsonValue)12 QueryResponse (org.forgerock.json.resource.QueryResponse)12 Collection (java.util.Collection)11 ResourceSetStore (org.forgerock.oauth2.resources.ResourceSetStore)11 RealmContext (org.forgerock.openam.rest.RealmContext)11 HashMap (java.util.HashMap)10 Responses.newQueryResponse (org.forgerock.json.resource.Responses.newQueryResponse)10 RootContext (org.forgerock.services.context.RootContext)10 Pair (org.forgerock.util.Pair)10 ServerException (org.forgerock.oauth2.core.exceptions.ServerException)9 QueryFilter (org.forgerock.util.query.QueryFilter)9 JsonRepresentation (org.restlet.ext.json.JsonRepresentation)9 List (java.util.List)8 ResourceSetLabel (org.forgerock.openam.oauth2.resources.labels.ResourceSetLabel)8