Example 1 with Claim
use of org.gluu.oxauth.model.authorize.Claim in project oxAuth by GluuFederation.
the class AuthorizeAction method getRequestedClaims.
public List<String> getRequestedClaims() {
Set<String> result = new HashSet<String>();
String requestJwt = request;
if (StringUtils.isBlank(requestJwt) && StringUtils.isNotBlank(requestUri)) {
try {
URI reqUri = new URI(requestUri);
String reqUriHash = reqUri.getFragment();
String reqUriWithoutFragment = reqUri.getScheme() + ":" + reqUri.getSchemeSpecificPart();
javax.ws.rs.client.Client clientRequest = ClientBuilder.newClient();
try {
Response clientResponse = clientRequest.target(reqUriWithoutFragment).request().buildGet().invoke();
clientRequest.close();
int status = clientResponse.getStatus();
if (status == 200) {
String entity = clientResponse.readEntity(String.class);
if (StringUtils.isBlank(reqUriHash)) {
requestJwt = entity;
} else {
String hash = Base64Util.base64urlencode(JwtUtil.getMessageDigestSHA256(entity));
if (StringUtils.equals(reqUriHash, hash)) {
requestJwt = entity;
}
}
}
} finally {
clientRequest.close();
}
} catch (Exception e) {
log.error(e.getMessage(), e);
}
}
if (StringUtils.isNotBlank(requestJwt)) {
try {
Client client = clientService.getClient(clientId);
if (client != null) {
JwtAuthorizationRequest jwtAuthorizationRequest = new JwtAuthorizationRequest(appConfiguration, cryptoProvider, request, client);
if (jwtAuthorizationRequest.getUserInfoMember() != null) {
for (Claim claim : jwtAuthorizationRequest.getUserInfoMember().getClaims()) {
result.add(claim.getName());
}
}
if (jwtAuthorizationRequest.getIdTokenMember() != null) {
for (Claim claim : jwtAuthorizationRequest.getIdTokenMember().getClaims()) {
result.add(claim.getName());
}
}
}
} catch (EntryPersistenceException | InvalidJwtException e) {
log.error(e.getMessage(), e);
}
}
return new ArrayList<>(result);
}
Also used :
InvalidJwtException(org.gluu.oxauth.model.exception.InvalidJwtException)
ArrayList(java.util.ArrayList)
EntryPersistenceException(org.gluu.persist.exception.EntryPersistenceException)
URI(java.net.URI)
EntryPersistenceException(org.gluu.persist.exception.EntryPersistenceException)
WebApplicationException(javax.ws.rs.WebApplicationException)
UnsupportedEncodingException(java.io.UnsupportedEncodingException)
AcrChangedException(org.gluu.oxauth.model.exception.AcrChangedException)
InvalidJwtException(org.gluu.oxauth.model.exception.InvalidJwtException)
IOException(java.io.IOException)
Response(javax.ws.rs.core.Response)
HttpServletResponse(javax.servlet.http.HttpServletResponse)
JwtAuthorizationRequest(org.gluu.oxauth.model.authorize.JwtAuthorizationRequest)
Client(org.gluu.oxauth.model.registration.Client)
Claim(org.gluu.oxauth.model.authorize.Claim)
HashSet(java.util.HashSet)
Example 2 with Claim
use of org.gluu.oxauth.model.authorize.Claim in project oxAuth by GluuFederation.
the class IdTokenFactory method setClaimsFromJwtAuthorizationRequest.
private void setClaimsFromJwtAuthorizationRequest(JsonWebResponse jwr, IAuthorizationGrant authorizationGrant, Set<String> scopes) throws InvalidClaimException {
final JwtAuthorizationRequest requestObject = authorizationGrant.getJwtAuthorizationRequest();
if (requestObject == null || requestObject.getIdTokenMember() == null) {
return;
}
for (Claim claim : requestObject.getIdTokenMember().getClaims()) {
// ClaimValueType.OPTIONAL.equals(claim.getClaimValue().getClaimValueType());
boolean optional = true;
GluuAttribute gluuAttribute = attributeService.getByClaimName(claim.getName());
if (gluuAttribute == null) {
continue;
}
Client client = authorizationGrant.getClient();
if (validateRequesteClaim(gluuAttribute, client.getClaims(), scopes)) {
String ldapClaimName = gluuAttribute.getName();
Object attribute = authorizationGrant.getUser().getAttribute(ldapClaimName, optional, gluuAttribute.getOxMultiValuedAttribute());
jwr.getClaims().setClaimFromJsonObject(claim.getName(), attribute);
}
}
}
Also used :
JwtAuthorizationRequest(org.gluu.oxauth.model.authorize.JwtAuthorizationRequest)
JwtSubClaimObject(org.gluu.oxauth.model.jwt.JwtSubClaimObject)
Client(org.gluu.oxauth.model.registration.Client)
Claim(org.gluu.oxauth.model.authorize.Claim)
GluuAttribute(org.gluu.model.GluuAttribute)
Example 3 with Claim
use of org.gluu.oxauth.model.authorize.Claim in project oxAuth by GluuFederation.
the class UserInfoRestWebServiceImpl method getJSonResponse.
/**
* Builds a JSon String with the response parameters.
*/
public String getJSonResponse(User user, AuthorizationGrant authorizationGrant, Collection<String> scopes) throws Exception {
log.trace("Building JSON reponse with next scopes {0} for user {1} and user custom attributes {0}", scopes, user.getUserId(), user.getCustomAttributes());
JsonWebResponse jsonWebResponse = new JsonWebResponse();
// Claims
List<Scope> dynamicScopes = new ArrayList<Scope>();
for (String scopeName : scopes) {
org.oxauth.persistence.model.Scope scope = scopeService.getScopeById(scopeName);
if ((scope != null) && (org.gluu.oxauth.model.common.ScopeType.DYNAMIC == scope.getScopeType())) {
dynamicScopes.add(scope);
continue;
}
Map<String, Object> claims = scopeService.getClaims(user, scope);
if (claims == null) {
continue;
}
if (scope != null && Boolean.TRUE.equals(scope.isOxAuthGroupClaims())) {
JwtSubClaimObject groupClaim = new JwtSubClaimObject();
groupClaim.setName(scope.getId());
for (Map.Entry<String, Object> entry : claims.entrySet()) {
String key = entry.getKey();
Object value = entry.getValue();
if (value instanceof List) {
groupClaim.setClaim(key, (List<String>) value);
} else {
groupClaim.setClaim(key, String.valueOf(value));
}
}
jsonWebResponse.getClaims().setClaim(scope.getId(), groupClaim);
} else {
for (Map.Entry<String, Object> entry : claims.entrySet()) {
String key = entry.getKey();
Object value = entry.getValue();
if (value instanceof List) {
jsonWebResponse.getClaims().setClaim(key, (List<String>) value);
} else if (value instanceof Boolean) {
jsonWebResponse.getClaims().setClaim(key, (Boolean) value);
} else if (value instanceof Date) {
jsonWebResponse.getClaims().setClaim(key, ((Date) value).getTime() / 1000);
} else {
jsonWebResponse.getClaims().setClaim(key, String.valueOf(value));
}
}
}
}
if (authorizationGrant.getClaims() != null) {
JSONObject claimsObj = new JSONObject(authorizationGrant.getClaims());
if (claimsObj.has("userinfo")) {
JSONObject userInfoObj = claimsObj.getJSONObject("userinfo");
for (Iterator<String> it = userInfoObj.keys(); it.hasNext(); ) {
String claimName = it.next();
// ClaimValueType.OPTIONAL.equals(claim.getClaimValue().getClaimValueType());
boolean optional = true;
GluuAttribute gluuAttribute = attributeService.getByClaimName(claimName);
if (gluuAttribute != null) {
String ldapClaimName = gluuAttribute.getName();
Object attribute = user.getAttribute(ldapClaimName, optional, gluuAttribute.getOxMultiValuedAttribute());
jsonWebResponse.getClaims().setClaimFromJsonObject(claimName, attribute);
}
}
}
}
if (authorizationGrant.getJwtAuthorizationRequest() != null && authorizationGrant.getJwtAuthorizationRequest().getUserInfoMember() != null) {
for (Claim claim : authorizationGrant.getJwtAuthorizationRequest().getUserInfoMember().getClaims()) {
// ClaimValueType.OPTIONAL.equals(claim.getClaimValue().getClaimValueType());
boolean optional = true;
GluuAttribute gluuAttribute = attributeService.getByClaimName(claim.getName());
if (gluuAttribute != null) {
Client client = authorizationGrant.getClient();
if (validateRequesteClaim(gluuAttribute, client.getClaims(), scopes)) {
String ldapClaimName = gluuAttribute.getName();
Object attribute = user.getAttribute(ldapClaimName, optional, gluuAttribute.getOxMultiValuedAttribute());
jsonWebResponse.getClaims().setClaimFromJsonObject(claim.getName(), attribute);
}
}
}
}
jsonWebResponse.getClaims().setSubjectIdentifier(authorizationGrant.getSub());
if ((dynamicScopes.size() > 0) && externalDynamicScopeService.isEnabled()) {
final UnmodifiableAuthorizationGrant unmodifiableAuthorizationGrant = new UnmodifiableAuthorizationGrant(authorizationGrant);
DynamicScopeExternalContext dynamicScopeContext = new DynamicScopeExternalContext(dynamicScopes, jsonWebResponse, unmodifiableAuthorizationGrant);
externalDynamicScopeService.executeExternalUpdateMethods(dynamicScopeContext);
}
return jsonWebResponse.toString();
}
Also used :
JsonWebResponse(org.gluu.oxauth.model.token.JsonWebResponse)
DynamicScopeExternalContext(org.gluu.oxauth.service.external.context.DynamicScopeExternalContext)
JwtSubClaimObject(org.gluu.oxauth.model.jwt.JwtSubClaimObject)
GluuAttribute(org.gluu.model.GluuAttribute)
Scope(org.oxauth.persistence.model.Scope)
JSONObject(org.json.JSONObject)
JwtSubClaimObject(org.gluu.oxauth.model.jwt.JwtSubClaimObject)
JSONObject(org.json.JSONObject)
Client(org.gluu.oxauth.model.registration.Client)
Claim(org.gluu.oxauth.model.authorize.Claim)
Scope(org.oxauth.persistence.model.Scope)
Aggregations
Claim (org.gluu.oxauth.model.authorize.Claim)3
Client (org.gluu.oxauth.model.registration.Client)3
GluuAttribute (org.gluu.model.GluuAttribute)2
JwtAuthorizationRequest (org.gluu.oxauth.model.authorize.JwtAuthorizationRequest)2
JwtSubClaimObject (org.gluu.oxauth.model.jwt.JwtSubClaimObject)2
IOException (java.io.IOException)1
UnsupportedEncodingException (java.io.UnsupportedEncodingException)1
URI (java.net.URI)1
ArrayList (java.util.ArrayList)1
HashSet (java.util.HashSet)1
HttpServletResponse (javax.servlet.http.HttpServletResponse)1
WebApplicationException (javax.ws.rs.WebApplicationException)1
Response (javax.ws.rs.core.Response)1
AcrChangedException (org.gluu.oxauth.model.exception.AcrChangedException)1
InvalidJwtException (org.gluu.oxauth.model.exception.InvalidJwtException)1
JsonWebResponse (org.gluu.oxauth.model.token.JsonWebResponse)1
DynamicScopeExternalContext (org.gluu.oxauth.service.external.context.DynamicScopeExternalContext)1
EntryPersistenceException (org.gluu.persist.exception.EntryPersistenceException)1
JSONObject (org.json.JSONObject)1
Scope (org.oxauth.persistence.model.Scope)1
