Examples with AuthorizationGrant org.gluu.oxauth.model.common.AuthorizationGrant used on opensource projects

Example 16 with AuthorizationGrant

use of org.gluu.oxauth.model.common.AuthorizationGrant in project oxAuth by GluuFederation.

the class EndSessionRestWebServiceImpl method getPair.

private Pair<SessionId, AuthorizationGrant> getPair(String idTokenHint, String sid, HttpServletRequest httpRequest) {
    AuthorizationGrant authorizationGrant = authorizationGrantList.getAuthorizationGrantByIdToken(idTokenHint);
    if (authorizationGrant == null) {
        Boolean endSessionWithAccessToken = appConfiguration.getEndSessionWithAccessToken();
        if ((endSessionWithAccessToken != null) && endSessionWithAccessToken) {
            authorizationGrant = authorizationGrantList.getAuthorizationGrantByAccessToken(idTokenHint);
        }
    }
    SessionId ldapSessionId = null;
    try {
        String id = cookieService.getSessionIdFromCookie(httpRequest);
        if (StringHelper.isNotEmpty(id)) {
            ldapSessionId = sessionIdService.getSessionId(id);
        }
        if (StringUtils.isNotBlank(sid) && ldapSessionId == null) {
            ldapSessionId = sessionIdService.getSessionBySid(sid);
        }
    } catch (Exception e) {
        log.error("Failed to current session id.", e);
    }
    return new Pair<>(ldapSessionId, authorizationGrant);
}

Example 17 with AuthorizationGrant

use of org.gluu.oxauth.model.common.AuthorizationGrant in project oxAuth by GluuFederation.

the class UmaPermissionRegistrationWS method registerPermission.

@POST
@Consumes({ UmaConstants.JSON_MEDIA_TYPE })
@Produces({ UmaConstants.JSON_MEDIA_TYPE })
public Response registerPermission(@Context HttpServletRequest request, @HeaderParam("Authorization") String authorization, String requestAsString) {
    try {
        final AuthorizationGrant authorizationGrant = umaValidationService.assertHasProtectionScope(authorization);
        // UMA2 spec defined 2 possible requests, single permission or list of permission. So here we parse manually
        UmaPermissionList permissionList = parseRequest(requestAsString);
        umaValidationService.validatePermissions(permissionList, authorizationGrant.getClient());
        String ticket = permissionService.addPermission(permissionList, tokenService.getClientDn(authorization));
        return Response.status(Response.Status.CREATED).type(MediaType.APPLICATION_JSON_TYPE).entity(new PermissionTicket(ticket)).build();
    } catch (Exception ex) {
        if (ex instanceof WebApplicationException) {
            throw (WebApplicationException) ex;
        }
        log.error("Exception happened", ex);
        throw errorResponseFactory.createWebApplicationException(Response.Status.INTERNAL_SERVER_ERROR, UmaErrorResponseType.SERVER_ERROR, "Internal error.");
    }
}

Example 18 with AuthorizationGrant

use of org.gluu.oxauth.model.common.AuthorizationGrant in project oxAuth by GluuFederation.

the class UmaValidationService method validateAuthorization.

private AuthorizationGrant validateAuthorization(String authorization, UmaScopeType umaScopeType) {
    log.trace("Validate authorization: {}", authorization);
    if (StringHelper.isEmpty(authorization)) {
        throw errorResponseFactory.createWebApplicationException(UNAUTHORIZED, UNAUTHORIZED_CLIENT, "Authorization header is blank.");
    }
    String token = tokenService.getToken(authorization);
    if (StringHelper.isEmpty(token)) {
        log.debug("Token is invalid.");
        throw errorResponseFactory.createWebApplicationException(UNAUTHORIZED, UNAUTHORIZED_CLIENT, "Token is invalid.");
    }
    AuthorizationGrant authorizationGrant = authorizationGrantList.getAuthorizationGrantByAccessToken(token);
    if (authorizationGrant == null) {
        throw errorResponseFactory.createWebApplicationException(UNAUTHORIZED, ACCESS_DENIED, "Unable to find authorization grant by token.");
    }
    Set<String> scopes = authorizationGrant.getScopes();
    if (!scopes.contains(umaScopeType.getValue())) {
        throw errorResponseFactory.createWebApplicationException(Response.Status.NOT_ACCEPTABLE, INVALID_CLIENT_SCOPE, "Client does not have scope: " + umaScopeType.getValue());
    }
    return authorizationGrant;
}

Example 19 with AuthorizationGrant

use of org.gluu.oxauth.model.common.AuthorizationGrant in project oxAuth by GluuFederation.

the class UmaResourceRegistrationWS method putResourceImpl.

private Response putResourceImpl(Response.Status status, String authorization, String rsid, UmaResource resource) throws IOException {
    log.trace("putResourceImpl, rsid: {}, status:", rsid, status.name());
    AuthorizationGrant authorizationGrant = umaValidationService.assertHasProtectionScope(authorization);
    umaValidationService.validateResource(resource);
    String userDn = authorizationGrant.getUserDn();
    String clientDn = authorizationGrant.getClientDn();
    org.gluu.oxauth.model.uma.persistence.UmaResource ldapUpdatedResource;
    if (status == Response.Status.CREATED) {
        ldapUpdatedResource = addResource(rsid, resource, userDn, clientDn);
    } else {
        umaValidationService.validateRestrictedByClient(clientDn, rsid);
        ldapUpdatedResource = updateResource(rsid, resource);
    }
    UmaResourceResponse response = new UmaResourceResponse();
    response.setId(ldapUpdatedResource.getId());
    return Response.status(status).type(MediaType.APPLICATION_JSON_TYPE).entity(ServerUtil.asJson(response)).build();
}

Example 20 with AuthorizationGrant

use of org.gluu.oxauth.model.common.AuthorizationGrant in project oxAuth by GluuFederation.

the class UmaResourceRegistrationWS method getResource.

@GET
@Path("{rsid}")
@Produces({ UmaConstants.JSON_MEDIA_TYPE })
public Response getResource(@HeaderParam("Authorization") String authorization, @PathParam("rsid") String rsid) {
    try {
        final AuthorizationGrant authorizationGrant = umaValidationService.assertHasProtectionScope(authorization);
        umaValidationService.validateRestrictedByClient(authorizationGrant.getClientDn(), rsid);
        log.debug("Getting resource description: '{}'", rsid);
        final org.gluu.oxauth.model.uma.persistence.UmaResource ldapResource = resourceService.getResourceById(rsid);
        final UmaResourceWithId response = new UmaResourceWithId();
        response.setId(ldapResource.getId());
        response.setName(ldapResource.getName());
        response.setDescription(ldapResource.getDescription());
        response.setIconUri(ldapResource.getIconUri());
        response.setScopes(umaScopeService.getScopeIdsByDns(ldapResource.getScopes()));
        response.setScopeExpression(ldapResource.getScopeExpression());
        response.setType(ldapResource.getType());
        response.setIat(ServerUtil.dateToSeconds(ldapResource.getCreationDate()));
        response.setExp(ServerUtil.dateToSeconds(ldapResource.getExpirationDate()));
        final ResponseBuilder builder = Response.ok();
        // convert manually to avoid possible conflicts between resteasy providers, e.g. jettison, jackson
        builder.entity(ServerUtil.asJson(response));
        return builder.build();
    } catch (Exception ex) {
        log.error("Exception happened", ex);
        if (ex instanceof WebApplicationException) {
            throw (WebApplicationException) ex;
        }
        throw errorResponseFactory.createWebApplicationException(Response.Status.INTERNAL_SERVER_ERROR, UmaErrorResponseType.SERVER_ERROR, ex.getMessage());
    }
}