use of org.gluu.oxauth.model.uma.RptIntrospectionResponse in project oxAuth by GluuFederation.
the class UmaRptIntrospectionWS method introspect.
private Response introspect(String authorization, String token, String tokenTypeHint, HttpServletRequest httpRequest, HttpServletResponse httpResponse) {
try {
umaValidationService.assertHasProtectionScope(authorization);
final UmaRPT rpt = rptService.getRPTByCode(token);
if (!isValid(rpt)) {
return Response.status(Response.Status.OK).entity(new RptIntrospectionResponse(false)).cacheControl(ServerUtil.cacheControl(true)).build();
}
final List<org.gluu.oxauth.model.uma.UmaPermission> permissions = buildStatusResponsePermissions(rpt);
// active status
final RptIntrospectionResponse statusResponse = new RptIntrospectionResponse();
statusResponse.setActive(true);
statusResponse.setExpiresAt(ServerUtil.dateToSeconds(rpt.getExpirationDate()));
statusResponse.setIssuedAt(ServerUtil.dateToSeconds(rpt.getCreationDate()));
statusResponse.setPermissions(permissions);
statusResponse.setClientId(rpt.getClientId());
statusResponse.setAud(rpt.getClientId());
statusResponse.setSub(rpt.getUserId());
final List<UmaPermission> rptPermissions = rptService.getRptPermissions(rpt);
if (!rptPermissions.isEmpty()) {
UmaPermission permission = rptPermissions.iterator().next();
String pctCode = permission.getAttributes().get(UmaPermission.PCT);
if (StringHelper.isNotEmpty(pctCode)) {
UmaPCT pct = pctService.getByCode(pctCode);
if (pct != null) {
statusResponse.setPctClaims(pct.getClaims().toMap());
} else {
log.error("Failed to find PCT with code: " + pctCode + " which is taken from permission object: " + permission.getDn());
}
} else {
log.trace("PCT code is blank for RPT: " + rpt.getCode());
}
}
JSONObject rptAsJson = new JSONObject(ServerUtil.asJson(statusResponse));
ExternalUmaRptClaimsContext context = new ExternalUmaRptClaimsContext(clientService.getClient(rpt.getClientId()), httpRequest, httpResponse);
if (externalUmaRptClaimsService.externalModify(rptAsJson, context)) {
log.trace("Successfully run external RPT Claims script associated with {}", rpt.getClientId());
} else {
rptAsJson = new JSONObject(ServerUtil.asJson(statusResponse));
log.trace("Canceled changes made by external RPT Claims script since method returned `false`.");
}
return Response.status(Response.Status.OK).entity(rptAsJson.toString()).type(MediaType.APPLICATION_JSON_TYPE).cacheControl(ServerUtil.cacheControl(true)).build();
} catch (Exception ex) {
log.error("Exception happened", ex);
if (ex instanceof WebApplicationException) {
throw (WebApplicationException) ex;
}
throw errorResponseFactory.createWebApplicationException(Response.Status.INTERNAL_SERVER_ERROR, UmaErrorResponseType.SERVER_ERROR, "Internal error.");
}
}
use of org.gluu.oxauth.model.uma.RptIntrospectionResponse in project oxAuth by GluuFederation.
the class AccessProtectedResourceFlowWSTest method _3_hostDeterminesRptStatus.
/*
* **************************************************************** 3. Host
* determines RPT status
*/
@Test(dependsOnMethods = { "_2_requesterAccessProtectedResourceWithNotEnoughPermissionsRpt" })
@Parameters({ "umaRptStatusPath" })
public void _3_hostDeterminesRptStatus(String umaRptStatusPath) throws Exception {
final RptIntrospectionResponse status = TUma.requestRptStatus(url, umaRptStatusPath, rpt.getRpt());
Assert.assertTrue(status.getActive(), "Token response status is not active");
Assert.assertTrue(status.getPermissions() == null || status.getPermissions().isEmpty(), "Permissions list is not empty.");
}
use of org.gluu.oxauth.model.uma.RptIntrospectionResponse in project oxAuth by GluuFederation.
the class AccessProtectedResourceFlowWSTest method _6_hostDeterminesRptStatus.
/*
* **************************************************************** 6. Host
* determines RPT status
*/
@Test(dependsOnMethods = { "_5_authorizePermission" })
@Parameters({ "umaRptStatusPath" })
public void _6_hostDeterminesRptStatus(String umaRptStatusPath) throws Exception {
final RptIntrospectionResponse status = TUma.requestRptStatus(url, umaRptStatusPath, rpt.getRpt());
UmaTestUtil.assert_(status);
}
use of org.gluu.oxauth.model.uma.RptIntrospectionResponse in project oxTrust by GluuFederation.
the class UmaPermissionService method getStatusResponse.
private RptIntrospectionResponse getStatusResponse(Token patToken, String rptToken) {
String authorization = "Bearer " + patToken.getAccessToken();
if (this.rptStatusService == null) {
init(null);
}
// Determine RPT token to status
RptIntrospectionResponse rptStatusResponse = null;
try {
rptStatusResponse = this.rptStatusService.requestRptStatus(authorization, rptToken, "");
} catch (Exception ex) {
log.error("Failed to determine RPT status", ex);
ex.printStackTrace();
}
// Validate RPT status response
if ((rptStatusResponse == null) || !rptStatusResponse.getActive()) {
return null;
}
return rptStatusResponse;
}
use of org.gluu.oxauth.model.uma.RptIntrospectionResponse in project oxTrust by GluuFederation.
the class UmaPermissionService method validateRptToken.
public Pair<Boolean, Response> validateRptToken(Token patToken, String authorization, String resourceId, List<String> scopeIds) {
/*
* //caller of this method never pass null patToken if (patToken == null) {
* return authenticationFailure; }
*/
log.trace("Validating RPT, resourceId: {}, scopeIds: {}, authorization: {}", resourceId, scopeIds, authorization);
if (StringHelper.isNotEmpty(authorization) && authorization.startsWith("Bearer ")) {
String rptToken = authorization.substring(7);
RptIntrospectionResponse rptStatusResponse = getStatusResponse(patToken, rptToken);
log.trace("RPT status response: {} ", rptStatusResponse);
if ((rptStatusResponse == null) || !rptStatusResponse.getActive()) {
log.warn("Status response for RPT token: '{}' is invalid, will do a retry", rptToken);
} else {
boolean rptHasPermissions = isRptHasPermissions(rptStatusResponse);
if (rptHasPermissions) {
// Collect all scopes
List<String> returnScopeIds = new LinkedList<String>();
for (UmaPermission umaPermission : rptStatusResponse.getPermissions()) {
if (umaPermission.getScopes() != null) {
returnScopeIds.addAll(umaPermission.getScopes());
}
}
if (returnScopeIds.containsAll(scopeIds)) {
return authenticationSuccess;
}
log.error("Status response for RPT token: '{}' not contains right permissions", rptToken);
}
}
}
Response registerPermissionsResponse = prepareRegisterPermissionsResponse(patToken, resourceId, scopeIds);
if (registerPermissionsResponse == null) {
return authenticationFailure;
}
return new Pair<Boolean, Response>(true, registerPermissionsResponse);
}
Aggregations