Examples with GluuAttribute org.gluu.model.GluuAttribute used on opensource projects

Search in sources :

Example 61 with GluuAttribute

use of org.gluu.model.GluuAttribute in project oxAuth by GluuFederation.

the class GluuConfigurationWS method createScopeToClaimsMapping.

private Map<String, Set<String>> createScopeToClaimsMapping() {
    Map<String, Set<String>> result = new HashMap<String, Set<String>>();
    try {
        for (Scope scope : scopeService.getAllScopesList()) {
            final Set<String> claimsList = new HashSet<String>();
            result.put(scope.getId(), claimsList);
            final List<String> claimIdList = scope.getOxAuthClaims();
            if (claimIdList != null && !claimIdList.isEmpty()) {
                for (String claimDn : claimIdList) {
                    final GluuAttribute attribute = attributeService.getAttributeByDn(claimDn);
                    final String claimName = attribute.getOxAuthClaimName();
                    if (StringUtils.isNotBlank(claimName)) {
                        claimsList.add(claimName);
                    }
                }
            }
        }
    } catch (Exception e) {
        log.error(e.getMessage(), e);
    }
    return result;
}
Also used : Scope(org.oxauth.persistence.model.Scope) WebApplicationException(javax.ws.rs.WebApplicationException) GluuAttribute(org.gluu.model.GluuAttribute)

Example 62 with GluuAttribute

use of org.gluu.model.GluuAttribute in project oxAuth by GluuFederation.

the class IdTokenFactory method setClaimsFromJwtAuthorizationRequest.

private void setClaimsFromJwtAuthorizationRequest(JsonWebResponse jwr, IAuthorizationGrant authorizationGrant, Set<String> scopes) throws InvalidClaimException {
    final JwtAuthorizationRequest requestObject = authorizationGrant.getJwtAuthorizationRequest();
    if (requestObject == null || requestObject.getIdTokenMember() == null) {
        return;
    }
    for (Claim claim : requestObject.getIdTokenMember().getClaims()) {
        // ClaimValueType.OPTIONAL.equals(claim.getClaimValue().getClaimValueType());
        boolean optional = true;
        GluuAttribute gluuAttribute = attributeService.getByClaimName(claim.getName());
        if (gluuAttribute == null) {
            continue;
        }
        Client client = authorizationGrant.getClient();
        if (validateRequesteClaim(gluuAttribute, client.getClaims(), scopes)) {
            String ldapClaimName = gluuAttribute.getName();
            Object attribute = authorizationGrant.getUser().getAttribute(ldapClaimName, optional, gluuAttribute.getOxMultiValuedAttribute());
            jwr.getClaims().setClaimFromJsonObject(claim.getName(), attribute);
        }
    }
}
Also used : JwtAuthorizationRequest(org.gluu.oxauth.model.authorize.JwtAuthorizationRequest) JwtSubClaimObject(org.gluu.oxauth.model.jwt.JwtSubClaimObject) Client(org.gluu.oxauth.model.registration.Client) Claim(org.gluu.oxauth.model.authorize.Claim) GluuAttribute(org.gluu.model.GluuAttribute)

Example 63 with GluuAttribute

use of org.gluu.model.GluuAttribute in project oxAuth by GluuFederation.

the class RegisterRestWebServiceImpl method getJSONObject.

private JSONObject getJSONObject(Client client) throws JSONException, StringEncrypter.EncryptionException {
    JSONObject responseJsonObject = new JSONObject();
    JsonApplier.getInstance().apply(client, responseJsonObject);
    JsonApplier.getInstance().apply(client.getAttributes(), responseJsonObject);
    Util.addToJSONObjectIfNotNull(responseJsonObject, RegisterResponseParam.CLIENT_ID.toString(), client.getClientId());
    if (appConfiguration.getReturnClientSecretOnRead()) {
        Util.addToJSONObjectIfNotNull(responseJsonObject, CLIENT_SECRET.toString(), clientService.decryptSecret(client.getClientSecret()));
    }
    Util.addToJSONObjectIfNotNull(responseJsonObject, RegisterResponseParam.REGISTRATION_ACCESS_TOKEN.toString(), client.getRegistrationAccessToken());
    Util.addToJSONObjectIfNotNull(responseJsonObject, REGISTRATION_CLIENT_URI.toString(), appConfiguration.getRegistrationEndpoint() + "?" + RegisterResponseParam.CLIENT_ID.toString() + "=" + client.getClientId());
    responseJsonObject.put(CLIENT_ID_ISSUED_AT.toString(), client.getClientIdIssuedAt().getTime() / 1000);
    responseJsonObject.put(CLIENT_SECRET_EXPIRES_AT.toString(), client.getClientSecretExpiresAt() != null && client.getClientSecretExpiresAt().getTime() > 0 ? client.getClientSecretExpiresAt().getTime() / 1000 : 0);
    Util.addToJSONObjectIfNotNull(responseJsonObject, REDIRECT_URIS.toString(), client.getRedirectUris());
    Util.addToJSONObjectIfNotNull(responseJsonObject, CLAIMS_REDIRECT_URIS.toString(), client.getClaimRedirectUris());
    Util.addToJSONObjectIfNotNull(responseJsonObject, RESPONSE_TYPES.toString(), ResponseType.toStringArray(client.getResponseTypes()));
    Util.addToJSONObjectIfNotNull(responseJsonObject, GRANT_TYPES.toString(), GrantType.toStringArray(client.getGrantTypes()));
    Util.addToJSONObjectIfNotNull(responseJsonObject, APPLICATION_TYPE.toString(), client.getApplicationType());
    Util.addToJSONObjectIfNotNull(responseJsonObject, CONTACTS.toString(), client.getContacts());
    Util.addToJSONObjectIfNotNull(responseJsonObject, CLIENT_NAME.toString(), client.getClientName());
    Util.addToJSONObjectIfNotNull(responseJsonObject, LOGO_URI.toString(), client.getLogoUri());
    Util.addToJSONObjectIfNotNull(responseJsonObject, CLIENT_URI.toString(), client.getClientUri());
    Util.addToJSONObjectIfNotNull(responseJsonObject, POLICY_URI.toString(), client.getPolicyUri());
    Util.addToJSONObjectIfNotNull(responseJsonObject, TOS_URI.toString(), client.getTosUri());
    Util.addToJSONObjectIfNotNull(responseJsonObject, JWKS_URI.toString(), client.getJwksUri());
    Util.addToJSONObjectIfNotNull(responseJsonObject, SECTOR_IDENTIFIER_URI.toString(), client.getSectorIdentifierUri());
    Util.addToJSONObjectIfNotNull(responseJsonObject, SUBJECT_TYPE.toString(), client.getSubjectType());
    Util.addToJSONObjectIfNotNull(responseJsonObject, ID_TOKEN_SIGNED_RESPONSE_ALG.toString(), client.getIdTokenSignedResponseAlg());
    Util.addToJSONObjectIfNotNull(responseJsonObject, ID_TOKEN_ENCRYPTED_RESPONSE_ALG.toString(), client.getIdTokenEncryptedResponseAlg());
    Util.addToJSONObjectIfNotNull(responseJsonObject, ID_TOKEN_ENCRYPTED_RESPONSE_ENC.toString(), client.getIdTokenEncryptedResponseEnc());
    Util.addToJSONObjectIfNotNull(responseJsonObject, USERINFO_SIGNED_RESPONSE_ALG.toString(), client.getUserInfoSignedResponseAlg());
    Util.addToJSONObjectIfNotNull(responseJsonObject, USERINFO_ENCRYPTED_RESPONSE_ALG.toString(), client.getUserInfoEncryptedResponseAlg());
    Util.addToJSONObjectIfNotNull(responseJsonObject, USERINFO_ENCRYPTED_RESPONSE_ENC.toString(), client.getUserInfoEncryptedResponseEnc());
    Util.addToJSONObjectIfNotNull(responseJsonObject, REQUEST_OBJECT_SIGNING_ALG.toString(), client.getRequestObjectSigningAlg());
    Util.addToJSONObjectIfNotNull(responseJsonObject, REQUEST_OBJECT_ENCRYPTION_ALG.toString(), client.getRequestObjectEncryptionAlg());
    Util.addToJSONObjectIfNotNull(responseJsonObject, REQUEST_OBJECT_ENCRYPTION_ENC.toString(), client.getRequestObjectEncryptionEnc());
    Util.addToJSONObjectIfNotNull(responseJsonObject, TOKEN_ENDPOINT_AUTH_METHOD.toString(), client.getTokenEndpointAuthMethod());
    Util.addToJSONObjectIfNotNull(responseJsonObject, TOKEN_ENDPOINT_AUTH_SIGNING_ALG.toString(), client.getTokenEndpointAuthSigningAlg());
    Util.addToJSONObjectIfNotNull(responseJsonObject, DEFAULT_MAX_AGE.toString(), client.getDefaultMaxAge());
    Util.addToJSONObjectIfNotNull(responseJsonObject, REQUIRE_AUTH_TIME.toString(), client.getRequireAuthTime());
    Util.addToJSONObjectIfNotNull(responseJsonObject, DEFAULT_ACR_VALUES.toString(), client.getDefaultAcrValues());
    Util.addToJSONObjectIfNotNull(responseJsonObject, INITIATE_LOGIN_URI.toString(), client.getInitiateLoginUri());
    Util.addToJSONObjectIfNotNull(responseJsonObject, POST_LOGOUT_REDIRECT_URIS.toString(), client.getPostLogoutRedirectUris());
    Util.addToJSONObjectIfNotNull(responseJsonObject, REQUEST_URIS.toString(), client.getRequestUris());
    Util.addToJSONObjectIfNotNull(responseJsonObject, AUTHORIZED_ORIGINS.toString(), client.getAuthorizedOrigins());
    Util.addToJSONObjectIfNotNull(responseJsonObject, RPT_AS_JWT.toString(), client.isRptAsJwt());
    Util.addToJSONObjectIfNotNull(responseJsonObject, TLS_CLIENT_AUTH_SUBJECT_DN.toString(), client.getAttributes().getTlsClientAuthSubjectDn());
    Util.addToJSONObjectIfNotNull(responseJsonObject, ALLOW_SPONTANEOUS_SCOPES.toString(), client.getAttributes().getAllowSpontaneousScopes());
    Util.addToJSONObjectIfNotNull(responseJsonObject, SPONTANEOUS_SCOPES.toString(), client.getAttributes().getSpontaneousScopes());
    Util.addToJSONObjectIfNotNull(responseJsonObject, RUN_INTROSPECTION_SCRIPT_BEFORE_ACCESS_TOKEN_CREATION_AS_JWT_AND_INCLUDE_CLAIMS.toString(), client.getAttributes().getRunIntrospectionScriptBeforeAccessTokenAsJwtCreationAndIncludeClaims());
    Util.addToJSONObjectIfNotNull(responseJsonObject, KEEP_CLIENT_AUTHORIZATION_AFTER_EXPIRATION.toString(), client.getAttributes().getKeepClientAuthorizationAfterExpiration());
    Util.addToJSONObjectIfNotNull(responseJsonObject, ACCESS_TOKEN_AS_JWT.toString(), client.isAccessTokenAsJwt());
    Util.addToJSONObjectIfNotNull(responseJsonObject, ACCESS_TOKEN_SIGNING_ALG.toString(), client.getAccessTokenSigningAlg());
    Util.addToJSONObjectIfNotNull(responseJsonObject, ACCESS_TOKEN_LIFETIME.toString(), client.getAccessTokenLifetime());
    Util.addToJSONObjectIfNotNull(responseJsonObject, SOFTWARE_ID.toString(), client.getSoftwareId());
    Util.addToJSONObjectIfNotNull(responseJsonObject, SOFTWARE_VERSION.toString(), client.getSoftwareVersion());
    Util.addToJSONObjectIfNotNull(responseJsonObject, SOFTWARE_STATEMENT.toString(), client.getSoftwareStatement());
    if (!Util.isNullOrEmpty(client.getJwks())) {
        Util.addToJSONObjectIfNotNull(responseJsonObject, JWKS.toString(), new JSONObject(client.getJwks()));
    }
    // Logout params
    Util.addToJSONObjectIfNotNull(responseJsonObject, FRONT_CHANNEL_LOGOUT_URI.toString(), client.getFrontChannelLogoutUri());
    Util.addToJSONObjectIfNotNull(responseJsonObject, FRONT_CHANNEL_LOGOUT_SESSION_REQUIRED.toString(), client.getFrontChannelLogoutSessionRequired());
    Util.addToJSONObjectIfNotNull(responseJsonObject, BACKCHANNEL_LOGOUT_URI.toString(), client.getAttributes().getBackchannelLogoutUri());
    Util.addToJSONObjectIfNotNull(responseJsonObject, BACKCHANNEL_LOGOUT_SESSION_REQUIRED.toString(), client.getAttributes().getBackchannelLogoutSessionRequired());
    // Custom Params
    String[] scopeNames = null;
    String[] scopeDns = client.getScopes();
    if (scopeDns != null) {
        scopeNames = new String[scopeDns.length];
        for (int i = 0; i < scopeDns.length; i++) {
            Scope scope = scopeService.getScopeByDn(scopeDns[i]);
            scopeNames[i] = scope.getId();
        }
    }
    if (appConfiguration.getLegacyDynamicRegistrationScopeParam()) {
        Util.addToJSONObjectIfNotNull(responseJsonObject, SCOPES.toString(), scopeNames);
    } else {
        Util.addToJSONObjectIfNotNull(responseJsonObject, SCOPE.toString(), implode(scopeNames, " "));
    }
    String[] claimNames = null;
    String[] claimDns = client.getClaims();
    if (claimDns != null) {
        claimNames = new String[claimDns.length];
        for (int i = 0; i < claimDns.length; i++) {
            GluuAttribute gluuAttribute = attributeService.getAttributeByDn(claimDns[i]);
            claimNames[i] = gluuAttribute.getOxAuthClaimName();
        }
    }
    putCustomAttributesInResponse(client, responseJsonObject);
    if (claimNames != null && claimNames.length > 0) {
        Util.addToJSONObjectIfNotNull(responseJsonObject, CLAIMS.toString(), implode(claimNames, " "));
    }
    cibaRegisterClientResponseService.updateResponse(responseJsonObject, client);
    return responseJsonObject;
}
Also used : JSONObject(org.json.JSONObject) Scope(org.oxauth.persistence.model.Scope) GluuAttribute(org.gluu.model.GluuAttribute)

Example 64 with GluuAttribute

use of org.gluu.model.GluuAttribute in project oxAuth by GluuFederation.

the class ScopeService method fillClaims.

private void fillClaims(Map<String, Object> claims, List<String> scopeClaims, User user) throws InvalidClaimException {
    for (String claimDn : scopeClaims) {
        GluuAttribute gluuAttribute = attributeService.getAttributeByDn(claimDn);
        String claimName = gluuAttribute.getOxAuthClaimName();
        String ldapName = gluuAttribute.getName();
        if (StringUtils.isBlank(claimName)) {
            log.error("Failed to get claim because claim name is not set for attribute, id: {}", gluuAttribute.getDn());
            continue;
        }
        if (StringUtils.isBlank(ldapName)) {
            log.error("Failed to get claim because name is not set for attribute, id: {}", gluuAttribute.getDn());
            continue;
        }
        setClaimField(ldapName, claimName, user, gluuAttribute, claims);
    }
}
Also used : GluuAttribute(org.gluu.model.GluuAttribute)

Example 65 with GluuAttribute

use of org.gluu.model.GluuAttribute in project oxAuth by GluuFederation.

the class OpenIdConfiguration method createScopeToClaimsMapping.

/**
 * @deprecated theses params:
 *             <ul>
 *             <li>id_generation_endpoint</li>
 *             <li>introspection_endpoint</li>
 *             <li>auth_level_mapping</li>
 *             <li>scope_to_claims_mapping</li>
 *             </ul>
 *             will be moved from /.well-known/openid-configuration to
 *             /.well-known/gluu-configuration
 */
@Deprecated
private JSONArray createScopeToClaimsMapping(JSONArray scopesSupported, JSONArray claimsSupported) {
    final JSONArray scopeToClaimMapping = new JSONArray();
    Set<String> scopes = new HashSet<String>();
    Set<String> claims = new HashSet<String>();
    try {
        for (Scope scope : scopeService.getAllScopesList()) {
            if ((scope.getScopeType() == ScopeType.SPONTANEOUS && scope.isDeletable()) || !(canShowInConfigEndpoint(scope.getAttributes()))) {
                continue;
            }
            final JSONArray claimsList = new JSONArray();
            final JSONObject mapping = new JSONObject();
            mapping.put(scope.getId(), claimsList);
            scopes.add(scope.getId());
            scopeToClaimMapping.put(mapping);
            if (ScopeType.DYNAMIC.equals(scope.getScopeType())) {
                List<String> claimNames = externalDynamicScopeService.executeExternalGetSupportedClaimsMethods(Arrays.asList(scope));
                for (String claimName : claimNames) {
                    if (StringUtils.isNotBlank(claimName)) {
                        claimsList.put(claimName);
                        claims.add(claimName);
                    }
                }
            } else {
                final List<String> claimIdList = scope.getOxAuthClaims();
                if (claimIdList != null && !claimIdList.isEmpty()) {
                    for (String claimDn : claimIdList) {
                        final GluuAttribute attribute = attributeService.getAttributeByDn(claimDn);
                        final String claimName = attribute.getOxAuthClaimName();
                        if (StringUtils.isNotBlank(claimName)) {
                            claimsList.put(claimName);
                            claims.add(claimName);
                        }
                    }
                }
            }
        }
        for (String scope : scopes) {
            scopesSupported.put(scope);
        }
        for (String claim : claims) {
            claimsSupported.put(claim);
        }
    } catch (Exception e) {
        log.error(e.getMessage(), e);
    }
    return scopeToClaimMapping;
}
Also used : Scope(org.oxauth.persistence.model.Scope) JSONObject(org.json.JSONObject) JSONArray(org.json.JSONArray) IOException(java.io.IOException) GluuAttribute(org.gluu.model.GluuAttribute)

Aggregations

GluuAttribute (org.gluu.model.GluuAttribute)68 ArrayList (java.util.ArrayList)21 GluuCustomAttribute (org.gluu.oxtrust.model.GluuCustomAttribute)10 IOException (java.io.IOException)8 Scope (org.oxauth.persistence.model.Scope)8 HttpEntity (org.apache.http.HttpEntity)7 HttpResponse (org.apache.http.HttpResponse)7 ParseException (org.apache.http.ParseException)7 Test (org.junit.Test)7 HttpGet (org.apache.http.client.methods.HttpGet)6 HttpUriRequest (org.apache.http.client.methods.HttpUriRequest)6 Filter (org.gluu.search.filter.Filter)5 JSONObject (org.json.JSONObject)4 Operation (io.swagger.v3.oas.annotations.Operation)3 ApiResponses (io.swagger.v3.oas.annotations.responses.ApiResponses)3 HashMap (java.util.HashMap)3 HashSet (java.util.HashSet)3 FacesMessage (javax.faces.application.FacesMessage)3 UIInput (javax.faces.component.UIInput)3 AttributeValidation (org.gluu.model.attribute.AttributeValidation)3
About Me
UseOf

Java Tutorials :

Simple Java RabbitMQ Example with Spring
Simple Springboot JPA Eclipeslink Example
Simple SpringBoot JPA Hibernate Example
Jackson JSON @JsonIgnore and @JsonIgnoreProperties Examples
Java Infinite recursion (StackOverflowError) Jackson solutions
Simple Java Jackson Serialize Objects to JSON and convert them back To Object
ElasticSearch 5 - Upload files using Java API in binary field Example
Java JAXB marshall unmarshall Examples from String and Stream
Java 8 forEach List and Map examples
ElasticSearch 5 Java API SearchRequestBuilder examples
Java ElasticSearch 5 examples with node index and mapping - running local
Convert String to int or Integer Java 8
Java 9 in action - JShell - Ubuntu
Java - removing invalid characters from a file name
Hello world!? or Hello Tutorial