use of org.gluu.oxauth.model.uma.UmaTokenResponse in project oxAuth by GluuFederation.
the class UmaTokenService method requestRpt.
public Response requestRpt(String grantType, String ticket, String claimToken, String claimTokenFormat, String pctCode, String rptCode, String scope, HttpServletRequest httpRequest, HttpServletResponse httpResponse) {
try {
log.trace("requestRpt grant_type: {}, ticket: {}, claim_token: {}, claim_token_format: {}, pct: {}, rpt: {}, scope: {}", grantType, ticket, claimToken, claimTokenFormat, pctCode, rptCode, scope);
umaValidationService.validateGrantType(grantType);
List<UmaPermission> permissions = umaValidationService.validateTicket(ticket);
Jwt idToken = umaValidationService.validateClaimToken(claimToken, claimTokenFormat);
UmaPCT pct = umaValidationService.validatePct(pctCode);
UmaRPT rpt = umaValidationService.validateRPT(rptCode);
Client client = umaValidationService.validate(identity.getSessionClient().getClient());
Map<Scope, Boolean> scopes = umaValidationService.validateScopes(scope, permissions, client);
// creates new pct if pct is null in request
pct = pctService.updateClaims(pct, idToken, client.getClientId(), permissions);
Claims claims = new Claims(idToken, pct, claimToken);
Map<UmaScriptByScope, UmaAuthorizationContext> scriptMap = umaNeedsInfoService.checkNeedsInfo(claims, scopes, permissions, pct, httpRequest, client);
if (!scriptMap.isEmpty()) {
expressionService.evaluate(scriptMap, permissions);
} else {
log.warn("There are no any policies that protects scopes. Scopes: " + UmaScopeService.asString(scopes.keySet()) + ". Configuration property umaGrantAccessIfNoPolicies: " + appConfiguration.getUmaGrantAccessIfNoPolicies());
if (appConfiguration.getUmaGrantAccessIfNoPolicies() != null && appConfiguration.getUmaGrantAccessIfNoPolicies()) {
log.warn("Access granted because there are no any protection. Make sure it is intentional behavior.");
} else {
log.warn("Access denied because there are no any protection. Make sure it is intentional behavior.");
throw errorResponseFactory.createWebApplicationException(Response.Status.FORBIDDEN, UmaErrorResponseType.FORBIDDEN_BY_POLICY, "Access denied because there are no any protection. Make sure it is intentional behavior.");
}
}
log.trace("Access granted.");
updatePermissionsWithClientRequestedScope(permissions, scopes);
addPctToPermissions(permissions, pct);
boolean upgraded = false;
if (rpt == null) {
ExecutionContext executionContext = new ExecutionContext(httpRequest, httpResponse);
executionContext.setClient(client);
rpt = rptService.createRPTAndPersist(executionContext, permissions);
rptCode = rpt.getNotHashedCode();
} else if (rptService.addPermissionToRPT(rpt, permissions)) {
upgraded = true;
}
UmaTokenResponse response = new UmaTokenResponse();
response.setAccessToken(rptCode);
response.setUpgraded(upgraded);
response.setTokenType("Bearer");
response.setPct(pct.getCode());
return Response.ok(ServerUtil.asJson(response)).build();
} catch (Exception ex) {
log.error("Exception happened", ex);
if (ex instanceof WebApplicationException) {
throw (WebApplicationException) ex;
}
}
log.error("Failed to handle request to UMA Token Endpoint.");
throw errorResponseFactory.createWebApplicationException(Response.Status.INTERNAL_SERVER_ERROR, UmaErrorResponseType.SERVER_ERROR, "Failed to handle request to UMA Token Endpoint.");
}
use of org.gluu.oxauth.model.uma.UmaTokenResponse in project oxAuth by GluuFederation.
the class AccessProtectedResourceFlowHttpTest method repeatRptRequest.
@Test(dependsOnMethods = { "successfulRptRequest" })
@Parameters({ "umaPatClientId", "umaPatClientSecret" })
public void repeatRptRequest(String umaPatClientId, String umaPatClientSecret) throws Exception {
showTitle("repeatRptRequest");
rsRegisterPermissions();
requestRptAndGetNeedsInfo(umaPatClientId, umaPatClientSecret);
claimsGathering(umaPatClientId);
showTitle("Request RPT with existing RPT (upgrade case) ... ");
UmaTokenResponse response = tokenService.requestRpt("Basic " + encodeCredentials(umaPatClientId, umaPatClientSecret), GrantType.OXAUTH_UMA_TICKET.getValue(), claimsGatheringTicket, null, null, null, this.rpt, "oxd");
assert_(response);
assertTrue(response.getUpgraded());
this.rpt = response.getAccessToken();
}
use of org.gluu.oxauth.model.uma.UmaTokenResponse in project oxAuth by GluuFederation.
the class AccessProtectedResourceFlowHttpTest method successfulRptRequest.
/**
* Request RPT with all claims provided
*/
@Test(dependsOnMethods = { "claimsGathering" })
@Parameters({ "umaPatClientId", "umaPatClientSecret" })
public void successfulRptRequest(String umaPatClientId, String umaPatClientSecret) throws Exception {
showTitle("successfulRptRequest");
UmaTokenResponse response = tokenService.requestRpt("Basic " + encodeCredentials(umaPatClientId, umaPatClientSecret), GrantType.OXAUTH_UMA_TICKET.getValue(), claimsGatheringTicket, null, null, null, null, null);
assert_(response);
this.rpt = response.getAccessToken();
}
use of org.gluu.oxauth.model.uma.UmaTokenResponse in project oxTrust by GluuFederation.
the class BaseApiTest method getAuthorizedRpt.
private void getAuthorizedRpt(String asUri, String ticket) {
try {
UmaMetadata umaMetadata = UmaClientFactory.instance().createMetadataService(asUri).getMetadata();
if (umaMetadata == null) {
throw new IllegalArgumentException(String.format("Failed to load valid UMA metadata configuration from: %s", asUri));
}
TokenRequest tokenRequest = getAuthorizationTokenRequest(umaMetadata);
UmaTokenService tokenService = UmaClientFactory.instance().createTokenService(umaMetadata);
UmaTokenResponse rptResponse = tokenService.requestJwtAuthorizationRpt(ClientAssertionType.JWT_BEARER.toString(), tokenRequest.getClientAssertion(), GrantType.OXAUTH_UMA_TICKET.getValue(), ticket, null, null, null, null, null);
if (rptResponse == null) {
throw new IllegalArgumentException("UMA RPT token response is invalid");
}
if (StringUtils.isBlank(rptResponse.getAccessToken())) {
throw new IllegalArgumentException("UMA RPT is invalid");
}
this.rpt = rptResponse.getAccessToken();
System.out.println("RPT IS:" + this.rpt);
} catch (Exception ex) {
throw new IllegalArgumentException(ex.getMessage(), ex);
}
}
use of org.gluu.oxauth.model.uma.UmaTokenResponse in project oxAuth by GluuFederation.
the class UmaSpontaneousScopeHttpTest method successfulRptRequest.
@Test(dependsOnMethods = { "registerPermissions" })
public void successfulRptRequest() throws Exception {
showTitle("successfulRptRequest");
UmaTokenResponse response = tokenService.requestRpt("Basic " + encodeCredentials(clientResponse.getClientId(), clientResponse.getClientSecret()), GrantType.OXAUTH_UMA_TICKET.getValue(), permissionFlowTest.ticket, null, null, null, null, null);
assert_(response);
this.rpt = response.getAccessToken();
}
Aggregations