Example 1 with IntrospectionResponse
use of org.gluu.oxauth.model.common.IntrospectionResponse in project oxAuth by GluuFederation.
the class IntrospectionWebService method introspect.
private Response introspect(String p_authorization, String p_token, String tokenTypeHint, String responseAsJwt, HttpServletRequest httpRequest, HttpServletResponse httpResponse) {
try {
log.trace("Introspect token, authorization: {}, token to introspect: {}, tokenTypeHint: {}", p_authorization, p_token, tokenTypeHint);
AuthorizationGrant authorizationGrant = validateAuthorization(p_authorization, p_token);
if (StringUtils.isBlank(p_token)) {
log.trace("Bad request: Token is blank.");
return Response.status(Response.Status.BAD_REQUEST).type(MediaType.APPLICATION_JSON_TYPE).entity(errorResponseFactory.errorAsJson(AuthorizeErrorResponseType.INVALID_REQUEST, "")).build();
}
final IntrospectionResponse response = new IntrospectionResponse(false);
final AuthorizationGrant grantOfIntrospectionToken = authorizationGrantList.getAuthorizationGrantByAccessToken(p_token);
AbstractToken tokenToIntrospect = null;
if (grantOfIntrospectionToken != null) {
tokenToIntrospect = grantOfIntrospectionToken.getAccessToken(p_token);
response.setActive(tokenToIntrospect.isValid());
response.setExpiresAt(ServerUtil.dateToSeconds(tokenToIntrospect.getExpirationDate()));
response.setIssuedAt(ServerUtil.dateToSeconds(tokenToIntrospect.getCreationDate()));
response.setAcrValues(grantOfIntrospectionToken.getAcrValues());
// #433
response.setScope(grantOfIntrospectionToken.getScopes() != null ? grantOfIntrospectionToken.getScopes() : Lists.newArrayList());
response.setClientId(grantOfIntrospectionToken.getClientId());
response.setSub(grantOfIntrospectionToken.getSub());
response.setUsername(grantOfIntrospectionToken.getUserId());
response.setIssuer(appConfiguration.getIssuer());
response.setAudience(grantOfIntrospectionToken.getClientId());
if (tokenToIntrospect instanceof AccessToken) {
AccessToken accessToken = (AccessToken) tokenToIntrospect;
response.setTokenType(accessToken.getTokenType() != null ? accessToken.getTokenType().getName() : TokenType.BEARER.getName());
}
} else {
log.debug("Failed to find grant for access_token: " + p_token + ". Return 200 with active=false.");
}
JSONObject responseAsJsonObject = createResponseAsJsonObject(response, tokenToIntrospect);
ExternalIntrospectionContext context = new ExternalIntrospectionContext(authorizationGrant, httpRequest, httpResponse, appConfiguration, attributeService);
context.setGrantOfIntrospectionToken(grantOfIntrospectionToken);
if (externalIntrospectionService.executeExternalModifyResponse(responseAsJsonObject, context)) {
log.trace("Successfully run extenal introspection scripts.");
} else {
responseAsJsonObject = createResponseAsJsonObject(response, tokenToIntrospect);
log.trace("Canceled changes made by external introspection script since method returned `false`.");
}
// Make scopes conform as required by spec, see #1499
if (response.getScope() != null && !appConfiguration.getIntrospectionResponseScopesBackwardCompatibility()) {
String scopes = StringUtils.join(response.getScope().toArray(), " ");
responseAsJsonObject.put("scope", scopes);
}
if (Boolean.TRUE.toString().equalsIgnoreCase(responseAsJwt)) {
return Response.status(Response.Status.OK).entity(createResponseAsJwt(responseAsJsonObject, grantOfIntrospectionToken)).build();
}
return Response.status(Response.Status.OK).entity(responseAsJsonObject.toString()).type(MediaType.APPLICATION_JSON_TYPE).build();
} catch (WebApplicationException e) {
log.error(e.getMessage(), e);
throw e;
} catch (Exception e) {
log.error(e.getMessage(), e);
return Response.status(Response.Status.INTERNAL_SERVER_ERROR).type(MediaType.APPLICATION_JSON_TYPE).build();
}
}
Also used :
AbstractToken(org.gluu.oxauth.model.common.AbstractToken)
JSONObject(org.json.JSONObject)
WebApplicationException(javax.ws.rs.WebApplicationException)
IntrospectionResponse(org.gluu.oxauth.model.common.IntrospectionResponse)
AccessToken(org.gluu.oxauth.model.common.AccessToken)
ExternalIntrospectionContext(org.gluu.oxauth.service.external.context.ExternalIntrospectionContext)
AuthorizationGrant(org.gluu.oxauth.model.common.AuthorizationGrant)
JSONException(org.json.JSONException)
IOException(java.io.IOException)
WebApplicationException(javax.ws.rs.WebApplicationException)
UnsupportedEncodingException(java.io.UnsupportedEncodingException)
Example 2 with IntrospectionResponse
use of org.gluu.oxauth.model.common.IntrospectionResponse in project oxAuth by GluuFederation.
the class IntrospectionWebServiceEmbeddedTest method introspection.
@Test(dependsOnMethods = "requestTokenToIntrospect")
@Parameters({ "introspectionPath" })
public void introspection(final String introspectionPath) throws Exception {
Builder request = ResteasyClientBuilder.newClient().target(url.toString() + introspectionPath).request();
request.header("Accept", "application/json");
request.header("Authorization", "Bearer " + authorization.getAccessToken());
Response response = request.post(Entity.form(new Form("token", tokenToIntrospect.getAccessToken())));
String entity = response.readEntity(String.class);
showResponse("introspection", response, entity);
assertEquals(response.getStatus(), 200);
try {
final IntrospectionResponse t = ServerUtil.createJsonMapper().readValue(entity, IntrospectionResponse.class);
assertTrue(t != null && t.isActive());
} catch (Exception e) {
e.printStackTrace();
fail();
}
}
Also used :
IntrospectionResponse(org.gluu.oxauth.model.common.IntrospectionResponse)
Response(javax.ws.rs.core.Response)
Form(javax.ws.rs.core.Form)
IntrospectionResponse(org.gluu.oxauth.model.common.IntrospectionResponse)
ResteasyClientBuilder(org.jboss.resteasy.client.jaxrs.ResteasyClientBuilder)
Builder(javax.ws.rs.client.Invocation.Builder)
Parameters(org.testng.annotations.Parameters)
BaseTest(org.gluu.oxauth.BaseTest)
Test(org.testng.annotations.Test)
Example 3 with IntrospectionResponse
use of org.gluu.oxauth.model.common.IntrospectionResponse in project oxAuth by GluuFederation.
the class IntrospectionWsHttpTest method basicAuthentication.
@Test
@Parameters({ "umaPatClientId", "umaPatClientSecret" })
public void basicAuthentication(final String umaPatClientId, final String umaPatClientSecret) throws Exception {
final Token tokenToIntrospect = UmaClient.requestPat(tokenEndpoint, umaPatClientId, umaPatClientSecret, clientEngine(true));
final IntrospectionService introspectionService = ClientFactory.instance().createIntrospectionService(introspectionEndpoint, clientEngine(true));
final IntrospectionResponse introspectionResponse = introspectionService.introspectToken("Basic " + BaseRequest.getEncodedCredentials(umaPatClientId, umaPatClientSecret), tokenToIntrospect.getAccessToken());
assertTrue(introspectionResponse != null && introspectionResponse.isActive());
}
Also used :
IntrospectionResponse(org.gluu.oxauth.model.common.IntrospectionResponse)
IntrospectionService(org.gluu.oxauth.client.service.IntrospectionService)
Token(org.gluu.oxauth.model.uma.wrapper.Token)
Parameters(org.testng.annotations.Parameters)
BaseTest(org.gluu.oxauth.BaseTest)
Test(org.testng.annotations.Test)
Example 4 with IntrospectionResponse
use of org.gluu.oxauth.model.common.IntrospectionResponse in project oxTrust by GluuFederation.
the class DefaultOAuthProtectionService method processIntrospectionResponse.
public Response processIntrospectionResponse(IntrospectionResponse iresponse, ResourceInfo resourceInfo) {
Response response = null;
List<String> scopes = getRequestedScopes(resourceInfo);
log.info("Call requires scopes: {}", scopes);
List<String> tokenScopes = Optional.ofNullable(iresponse).map(IntrospectionResponse::getScope).orElse(null);
if (tokenScopes == null || !iresponse.isActive() || !tokenScopes.containsAll(scopes)) {
String msg = "Invalid token or insufficient scopes";
log.error("{}. Token scopes: {}", msg, tokenScopes);
// see section 3.12 RFC 7644
response = IProtectionService.simpleResponse(Response.Status.FORBIDDEN, msg);
}
return response;
}
Also used :
IntrospectionResponse(org.gluu.oxauth.model.common.IntrospectionResponse)
Response(javax.ws.rs.core.Response)
Example 5 with IntrospectionResponse
use of org.gluu.oxauth.model.common.IntrospectionResponse in project oxTrust by GluuFederation.
the class BaseOAuthProtectionService method processAuthorization.
@Override
public Response processAuthorization(HttpHeaders headers, ResourceInfo resourceInfo) {
Response authorizationResponse;
try {
String token = headers.getHeaderString(HttpHeaders.AUTHORIZATION);
boolean authFound = StringUtils.isNotEmpty(token);
log.info("Authorization header {} found", authFound ? "" : "not");
if (authFound) {
token = token.replaceFirst("Bearer\\s+", "");
log.debug("Validating token {}", token);
IntrospectionResponse iresp = null;
try {
iresp = introspectionService.introspectToken("Bearer " + token, token);
} catch (Exception e) {
log.error(e.getMessage());
}
authorizationResponse = processIntrospectionResponse(iresp, resourceInfo);
} else {
log.info("Request is missing authorization header");
// see section 3.12 RFC 7644
authorizationResponse = IProtectionService.simpleResponse(Response.Status.UNAUTHORIZED, "No authorization header found");
}
} catch (Exception e) {
log.error(e.getMessage(), e);
authorizationResponse = IProtectionService.simpleResponse(Response.Status.INTERNAL_SERVER_ERROR, e.getMessage());
}
return authorizationResponse;
}
Also used :
IntrospectionResponse(org.gluu.oxauth.model.common.IntrospectionResponse)
Response(javax.ws.rs.core.Response)
IntrospectionResponse(org.gluu.oxauth.model.common.IntrospectionResponse)
Aggregations
IntrospectionResponse (org.gluu.oxauth.model.common.IntrospectionResponse)8
Response (javax.ws.rs.core.Response)4
BaseTest (org.gluu.oxauth.BaseTest)4
Parameters (org.testng.annotations.Parameters)4
Test (org.testng.annotations.Test)4
IntrospectionService (org.gluu.oxauth.client.service.IntrospectionService)3
Token (org.gluu.oxauth.model.uma.wrapper.Token)3
IOException (java.io.IOException)1
UnsupportedEncodingException (java.io.UnsupportedEncodingException)1
WebApplicationException (javax.ws.rs.WebApplicationException)1
Builder (javax.ws.rs.client.Invocation.Builder)1
Form (javax.ws.rs.core.Form)1
AbstractToken (org.gluu.oxauth.model.common.AbstractToken)1
AccessToken (org.gluu.oxauth.model.common.AccessToken)1
AuthorizationGrant (org.gluu.oxauth.model.common.AuthorizationGrant)1
ExternalIntrospectionContext (org.gluu.oxauth.service.external.context.ExternalIntrospectionContext)1
ResteasyClientBuilder (org.jboss.resteasy.client.jaxrs.ResteasyClientBuilder)1
JSONException (org.json.JSONException)1
JSONObject (org.json.JSONObject)1
