Search in sources :

Example 1 with RptIntrospectionResponse

use of org.gluu.oxauth.model.uma.RptIntrospectionResponse in project oxAuth by GluuFederation.

the class UmaRptIntrospectionWS method introspect.

private Response introspect(String authorization, String token, String tokenTypeHint, HttpServletRequest httpRequest, HttpServletResponse httpResponse) {
    try {
        umaValidationService.assertHasProtectionScope(authorization);
        final UmaRPT rpt = rptService.getRPTByCode(token);
        if (!isValid(rpt)) {
            return Response.status(Response.Status.OK).entity(new RptIntrospectionResponse(false)).cacheControl(ServerUtil.cacheControl(true)).build();
        }
        final List<org.gluu.oxauth.model.uma.UmaPermission> permissions = buildStatusResponsePermissions(rpt);
        // active status
        final RptIntrospectionResponse statusResponse = new RptIntrospectionResponse();
        statusResponse.setActive(true);
        statusResponse.setExpiresAt(ServerUtil.dateToSeconds(rpt.getExpirationDate()));
        statusResponse.setIssuedAt(ServerUtil.dateToSeconds(rpt.getCreationDate()));
        statusResponse.setPermissions(permissions);
        statusResponse.setClientId(rpt.getClientId());
        statusResponse.setAud(rpt.getClientId());
        statusResponse.setSub(rpt.getUserId());
        final List<UmaPermission> rptPermissions = rptService.getRptPermissions(rpt);
        if (!rptPermissions.isEmpty()) {
            UmaPermission permission = rptPermissions.iterator().next();
            String pctCode = permission.getAttributes().get(UmaPermission.PCT);
            if (StringHelper.isNotEmpty(pctCode)) {
                UmaPCT pct = pctService.getByCode(pctCode);
                if (pct != null) {
                    statusResponse.setPctClaims(pct.getClaims().toMap());
                } else {
                    log.error("Failed to find PCT with code: " + pctCode + " which is taken from permission object: " + permission.getDn());
                }
            } else {
                log.trace("PCT code is blank for RPT: " + rpt.getCode());
            }
        }
        JSONObject rptAsJson = new JSONObject(ServerUtil.asJson(statusResponse));
        ExternalUmaRptClaimsContext context = new ExternalUmaRptClaimsContext(clientService.getClient(rpt.getClientId()), httpRequest, httpResponse);
        if (externalUmaRptClaimsService.externalModify(rptAsJson, context)) {
            log.trace("Successfully run external RPT Claims script associated with {}", rpt.getClientId());
        } else {
            rptAsJson = new JSONObject(ServerUtil.asJson(statusResponse));
            log.trace("Canceled changes made by external RPT Claims script since method returned `false`.");
        }
        return Response.status(Response.Status.OK).entity(rptAsJson.toString()).type(MediaType.APPLICATION_JSON_TYPE).cacheControl(ServerUtil.cacheControl(true)).build();
    } catch (Exception ex) {
        log.error("Exception happened", ex);
        if (ex instanceof WebApplicationException) {
            throw (WebApplicationException) ex;
        }
        throw errorResponseFactory.createWebApplicationException(Response.Status.INTERNAL_SERVER_ERROR, UmaErrorResponseType.SERVER_ERROR, "Internal error.");
    }
}
Also used : UmaPCT(org.gluu.oxauth.uma.authorization.UmaPCT) ExternalUmaRptClaimsContext(org.gluu.oxauth.service.external.context.ExternalUmaRptClaimsContext) RptIntrospectionResponse(org.gluu.oxauth.model.uma.RptIntrospectionResponse) UmaRPT(org.gluu.oxauth.uma.authorization.UmaRPT) JSONObject(org.json.JSONObject) UmaPermission(org.gluu.oxauth.model.uma.persistence.UmaPermission)

Example 2 with RptIntrospectionResponse

use of org.gluu.oxauth.model.uma.RptIntrospectionResponse in project oxAuth by GluuFederation.

the class AccessProtectedResourceFlowWSTest method _3_hostDeterminesRptStatus.

/*
	 * **************************************************************** 3. Host
	 * determines RPT status
	 */
@Test(dependsOnMethods = { "_2_requesterAccessProtectedResourceWithNotEnoughPermissionsRpt" })
@Parameters({ "umaRptStatusPath" })
public void _3_hostDeterminesRptStatus(String umaRptStatusPath) throws Exception {
    final RptIntrospectionResponse status = TUma.requestRptStatus(url, umaRptStatusPath, rpt.getRpt());
    Assert.assertTrue(status.getActive(), "Token response status is not active");
    Assert.assertTrue(status.getPermissions() == null || status.getPermissions().isEmpty(), "Permissions list is not empty.");
}
Also used : RptIntrospectionResponse(org.gluu.oxauth.model.uma.RptIntrospectionResponse) Parameters(org.testng.annotations.Parameters) BaseTest(org.gluu.oxauth.BaseTest) Test(org.testng.annotations.Test)

Example 3 with RptIntrospectionResponse

use of org.gluu.oxauth.model.uma.RptIntrospectionResponse in project oxAuth by GluuFederation.

the class AccessProtectedResourceFlowWSTest method _6_hostDeterminesRptStatus.

/*
	 * **************************************************************** 6. Host
	 * determines RPT status
	 */
@Test(dependsOnMethods = { "_5_authorizePermission" })
@Parameters({ "umaRptStatusPath" })
public void _6_hostDeterminesRptStatus(String umaRptStatusPath) throws Exception {
    final RptIntrospectionResponse status = TUma.requestRptStatus(url, umaRptStatusPath, rpt.getRpt());
    UmaTestUtil.assert_(status);
}
Also used : RptIntrospectionResponse(org.gluu.oxauth.model.uma.RptIntrospectionResponse) Parameters(org.testng.annotations.Parameters) BaseTest(org.gluu.oxauth.BaseTest) Test(org.testng.annotations.Test)

Example 4 with RptIntrospectionResponse

use of org.gluu.oxauth.model.uma.RptIntrospectionResponse in project oxTrust by GluuFederation.

the class UmaPermissionService method getStatusResponse.

private RptIntrospectionResponse getStatusResponse(Token patToken, String rptToken) {
    String authorization = "Bearer " + patToken.getAccessToken();
    if (this.rptStatusService == null) {
        init(null);
    }
    // Determine RPT token to status
    RptIntrospectionResponse rptStatusResponse = null;
    try {
        rptStatusResponse = this.rptStatusService.requestRptStatus(authorization, rptToken, "");
    } catch (Exception ex) {
        log.error("Failed to determine RPT status", ex);
        ex.printStackTrace();
    }
    // Validate RPT status response
    if ((rptStatusResponse == null) || !rptStatusResponse.getActive()) {
        return null;
    }
    return rptStatusResponse;
}
Also used : RptIntrospectionResponse(org.gluu.oxauth.model.uma.RptIntrospectionResponse) MalformedURLException(java.net.MalformedURLException) OxIntializationException(org.gluu.exception.OxIntializationException)

Example 5 with RptIntrospectionResponse

use of org.gluu.oxauth.model.uma.RptIntrospectionResponse in project oxTrust by GluuFederation.

the class UmaPermissionService method validateRptToken.

public Pair<Boolean, Response> validateRptToken(Token patToken, String authorization, String resourceId, List<String> scopeIds) {
    /*
		 * //caller of this method never pass null patToken if (patToken == null) {
		 * return authenticationFailure; }
		 */
    log.trace("Validating RPT, resourceId: {}, scopeIds: {}, authorization: {}", resourceId, scopeIds, authorization);
    if (StringHelper.isNotEmpty(authorization) && authorization.startsWith("Bearer ")) {
        String rptToken = authorization.substring(7);
        RptIntrospectionResponse rptStatusResponse = getStatusResponse(patToken, rptToken);
        log.trace("RPT status response: {} ", rptStatusResponse);
        if ((rptStatusResponse == null) || !rptStatusResponse.getActive()) {
            log.warn("Status response for RPT token: '{}' is invalid, will do a retry", rptToken);
        } else {
            boolean rptHasPermissions = isRptHasPermissions(rptStatusResponse);
            if (rptHasPermissions) {
                // Collect all scopes
                List<String> returnScopeIds = new LinkedList<String>();
                for (UmaPermission umaPermission : rptStatusResponse.getPermissions()) {
                    if (umaPermission.getScopes() != null) {
                        returnScopeIds.addAll(umaPermission.getScopes());
                    }
                }
                if (returnScopeIds.containsAll(scopeIds)) {
                    return authenticationSuccess;
                }
                log.error("Status response for RPT token: '{}' not contains right permissions", rptToken);
            }
        }
    }
    Response registerPermissionsResponse = prepareRegisterPermissionsResponse(patToken, resourceId, scopeIds);
    if (registerPermissionsResponse == null) {
        return authenticationFailure;
    }
    return new Pair<Boolean, Response>(true, registerPermissionsResponse);
}
Also used : RptIntrospectionResponse(org.gluu.oxauth.model.uma.RptIntrospectionResponse) Response(javax.ws.rs.core.Response) HttpResponse(org.apache.http.HttpResponse) RptIntrospectionResponse(org.gluu.oxauth.model.uma.RptIntrospectionResponse) UmaPermission(org.gluu.oxauth.model.uma.UmaPermission) LinkedList(java.util.LinkedList) Pair(org.gluu.util.Pair)

Aggregations

RptIntrospectionResponse (org.gluu.oxauth.model.uma.RptIntrospectionResponse)7 BaseTest (org.gluu.oxauth.BaseTest)3 Parameters (org.testng.annotations.Parameters)3 Test (org.testng.annotations.Test)3 Response (javax.ws.rs.core.Response)2 IOException (java.io.IOException)1 MalformedURLException (java.net.MalformedURLException)1 LinkedList (java.util.LinkedList)1 Builder (javax.ws.rs.client.Invocation.Builder)1 Form (javax.ws.rs.core.Form)1 HttpResponse (org.apache.http.HttpResponse)1 OxIntializationException (org.gluu.exception.OxIntializationException)1 Holder (org.gluu.oxauth.model.common.Holder)1 RPTResponse (org.gluu.oxauth.model.uma.RPTResponse)1 UmaPermission (org.gluu.oxauth.model.uma.UmaPermission)1 UmaPermission (org.gluu.oxauth.model.uma.persistence.UmaPermission)1 ExternalUmaRptClaimsContext (org.gluu.oxauth.service.external.context.ExternalUmaRptClaimsContext)1 UmaPCT (org.gluu.oxauth.uma.authorization.UmaPCT)1 UmaRPT (org.gluu.oxauth.uma.authorization.UmaRPT)1 Pair (org.gluu.util.Pair)1