use of org.forgerock.oauth2.resources.ResourceSetDescription in project OpenAM by OpenRock.
the class UmaAuditLogger method getResourceSet.
private ResourceSetDescription getResourceSet(String resourceSetId, OAuth2ProviderSettings providerSettings) throws UmaException {
try {
ResourceSetStore store = providerSettings.getResourceSetStore();
Set<ResourceSetDescription> results = store.query(QueryFilter.equalTo(ResourceSetTokenField.RESOURCE_SET_ID, resourceSetId));
if (results.size() != 1) {
throw new UmaException(400, "invalid_resource_set_id", "Could not find Resource Set, " + resourceSetId);
}
return results.iterator().next();
} catch (org.forgerock.oauth2.core.exceptions.ServerException e) {
throw new UmaException(400, "invalid_resource_set_id", e.getMessage());
}
}
use of org.forgerock.oauth2.resources.ResourceSetDescription in project OpenAM by OpenRock.
the class UmaAuditLogger method getResourceName.
public String getResourceName(String resourceSetId, Request request) throws NotFoundException, UmaException, org.forgerock.oauth2.core.exceptions.ServerException {
OAuth2ProviderSettings providerSettings = oauth2ProviderSettingsFactory.get(requestFactory.create(request));
ResourceSetDescription resourceSetDescription = getResourceSet(resourceSetId, providerSettings);
return resourceSetDescription.getName();
}
use of org.forgerock.oauth2.resources.ResourceSetDescription in project OpenAM by OpenRock.
the class PermissionRequestEndpoint method registerPermissionRequest.
/**
* Registers the permission that the client requires for it to be able to access a protected resource.
*
* @param entity The permission request JSON body.
* @return A JSON object containing the permission ticket.
* @throws UmaException If the JSON request body is invalid or the requested resource set does not exist.
*/
@Post
public Representation registerPermissionRequest(JsonRepresentation entity) throws UmaException, NotFoundException, ServerException {
JsonValue permissionRequest = json(toMap(entity));
String resourceSetId = getResourceSetId(permissionRequest);
OAuth2Request oAuth2Request = requestFactory.create(getRequest());
String clientId = getClientId(oAuth2Request);
OAuth2ProviderSettings providerSettings = providerSettingsFactory.get(oAuth2Request);
String resourceOwnerId = getResourceOwnerId(oAuth2Request);
ResourceSetDescription resourceSetDescription = getResourceSet(resourceSetId, resourceOwnerId, providerSettings);
Set<String> scopes = validateScopes(permissionRequest, resourceSetDescription);
for (PermissionRequestFilter filter : extensionFilterManager.getFilters(PermissionRequestFilter.class)) {
filter.onPermissionRequest(resourceSetDescription, scopes, clientId);
}
String ticket = umaProviderSettingsFactory.get(getRequest()).getUmaTokenStore().createPermissionTicket(resourceSetId, scopes, clientId).getId();
return setResponse(201, Collections.<String, Object>singletonMap("ticket", ticket));
}
use of org.forgerock.oauth2.resources.ResourceSetDescription in project OpenAM by OpenRock.
the class UmaResourceSetRegistrationHook method resourceSetCreated.
/**
* Creates a ResourceType for the Resource Set and adds it to the Resource Server's policy Application.
*
* @param realm {@inheritDoc}
* @param resourceSet {@inheritDoc}
*/
@Override
public void resourceSetCreated(String realm, ResourceSetDescription resourceSet) throws ServerException {
Map<String, Boolean> resourceTypeActions = new HashMap<String, Boolean>();
for (String umaScope : resourceSet.getScopes()) {
resourceTypeActions.put(umaScope, Boolean.TRUE);
}
ResourceType resourceType = ResourceType.builder().setName(resourceSet.getName() + " - " + resourceSet.getId()).setUUID(resourceSet.getId()).setDescription("Dynamically created resource type for the UMA resource set. " + "Used to find all Policy Engine Policies that make up an UMA Policy").setActions(resourceTypeActions).addPattern(UmaConstants.UMA_POLICY_SCHEME_PATTERN).build();
Subject adminSubject = SubjectUtils.createSuperAdminSubject();
try {
resourceTypeService.saveResourceType(adminSubject, realm, resourceType);
} catch (EntitlementException e) {
logger.error("Failed to create resource type for resource set, {}", resourceSet, e);
throw new ServerException(e);
}
try {
Application application = applicationManager.getApplication(adminSubject, realm, resourceSet.getClientId().toLowerCase());
application.addResourceTypeUuid(resourceType.getUUID());
applicationManager.saveApplication(adminSubject, realm, application);
} catch (EntitlementException e) {
logger.error("Failed to add Resource Type, " + resourceType.getUUID() + " to application, " + resourceSet.getClientId(), e);
throw new ServerException(e);
}
}
use of org.forgerock.oauth2.resources.ResourceSetDescription in project OpenAM by OpenRock.
the class AuthorizationRequestEndpointTest method setup.
@BeforeMethod
@SuppressWarnings("unchecked")
public void setup() throws ServerException, InvalidGrantException, NotFoundException, EntitlementException, JSONException {
requestFactory = mock(OAuth2RequestFactory.class);
OAuth2Request oAuth2Request = mock(OAuth2Request.class);
given(requestFactory.create(any(Request.class))).willReturn(oAuth2Request);
given(oAuth2Request.getParameter("realm")).willReturn("REALM");
accessToken = mock(AccessToken.class);
oauth2TokenStore = mock(TokenStore.class);
given(oauth2TokenStore.readAccessToken(Matchers.<OAuth2Request>anyObject(), anyString())).willReturn(accessToken);
given(accessToken.getClientId()).willReturn(RS_CLIENT_ID);
given(accessToken.getResourceOwnerId()).willReturn(REQUESTING_PARTY_ID);
umaAuditLogger = mock(UmaAuditLogger.class);
umaTokenStore = mock(UmaTokenStore.class);
rpt = mock(RequestingPartyToken.class);
given(rpt.getId()).willReturn("1");
permissionTicket = mock(PermissionTicket.class);
given(permissionTicket.getExpiryTime()).willReturn(System.currentTimeMillis() + 10000);
given(permissionTicket.getResourceSetId()).willReturn(RS_ID);
given(permissionTicket.getResourceServerClientId()).willReturn(RS_CLIENT_ID);
given(permissionTicket.getRealm()).willReturn("REALM");
given(umaTokenStore.readPermissionTicket(anyString())).willReturn(permissionTicket);
given(umaTokenStore.createRPT(Matchers.<PermissionTicket>anyObject())).willReturn(rpt);
resourceSetStore = mock(ResourceSetStore.class);
ResourceSetDescription resourceSet = new ResourceSetDescription();
resourceSet.setId(RS_DESCRIPTION_ID);
resourceSet.setResourceOwnerId(RESOURCE_OWNER_ID);
given(resourceSetStore.query(QueryFilter.equalTo(ResourceSetTokenField.RESOURCE_SET_ID, RS_ID))).willReturn(Collections.singleton(resourceSet));
umaProviderSettings = mock(UmaProviderSettings.class);
policyEvaluator = mock(Evaluator.class);
given(umaProviderSettings.getPolicyEvaluator(any(Subject.class), eq(RS_CLIENT_ID.toLowerCase()))).willReturn(policyEvaluator);
given(umaProviderSettings.getUmaTokenStore()).willReturn(umaTokenStore);
umaProviderSettingsFactory = mock(UmaProviderSettingsFactory.class);
given(umaProviderSettingsFactory.get(Matchers.<Request>anyObject())).willReturn(umaProviderSettings);
given(umaProviderSettings.getUmaTokenStore()).willReturn(umaTokenStore);
OAuth2ProviderSettingsFactory oauth2ProviderSettingsFactory = mock(OAuth2ProviderSettingsFactory.class);
OAuth2ProviderSettings oauth2ProviderSettings = mock(OAuth2ProviderSettings.class);
given(oauth2ProviderSettingsFactory.get(any(OAuth2Request.class))).willReturn(oauth2ProviderSettings);
given(oauth2ProviderSettings.getResourceSetStore()).willReturn(resourceSetStore);
OAuth2UrisFactory<RealmInfo> oauth2UrisFactory = mock(OAuth2UrisFactory.class);
OAuth2Uris oauth2Uris = mock(OAuth2Uris.class);
given(oauth2UrisFactory.get(any(OAuth2Request.class))).willReturn(oauth2Uris);
given(oauth2Uris.getIssuer()).willReturn("ISSUER");
pendingRequestsService = mock(PendingRequestsService.class);
Map<String, ClaimGatherer> claimGatherers = new HashMap<>();
idTokenClaimGatherer = mock(IdTokenClaimGatherer.class);
claimGatherers.put(IdTokenClaimGatherer.FORMAT, idTokenClaimGatherer);
ExtensionFilterManager extensionFilterManager = mock(ExtensionFilterManager.class);
requestAuthorizationFilter = mock(RequestAuthorizationFilter.class);
given(extensionFilterManager.getFilters(RequestAuthorizationFilter.class)).willReturn(Collections.singletonList(requestAuthorizationFilter));
UmaExceptionHandler exceptionHandler = mock(UmaExceptionHandler.class);
endpoint = spy(new AuthorizationRequestEndpoint2(umaProviderSettingsFactory, oauth2TokenStore, requestFactory, oauth2ProviderSettingsFactory, oauth2UrisFactory, umaAuditLogger, pendingRequestsService, claimGatherers, extensionFilterManager, exceptionHandler, jacksonRepresentationFactory));
request = mock(Request.class);
given(endpoint.getRequest()).willReturn(request);
response = mock(Response.class);
endpoint.setResponse(response);
requestBody = mock(JSONObject.class);
given(requestBody.toString()).willReturn("{\"ticket\": \"016f84e8-f9b9-11e0-bd6f-0021cc6004de\"}");
entity = mock(JsonRepresentation.class);
given(entity.getJsonObject()).willReturn(requestBody);
}
Aggregations