use of org.gluu.oxauth.service.external.context.ExternalUmaRptClaimsContext in project oxAuth by GluuFederation.
the class UmaRptIntrospectionWS method introspect.
private Response introspect(String authorization, String token, String tokenTypeHint, HttpServletRequest httpRequest, HttpServletResponse httpResponse) {
try {
umaValidationService.assertHasProtectionScope(authorization);
final UmaRPT rpt = rptService.getRPTByCode(token);
if (!isValid(rpt)) {
return Response.status(Response.Status.OK).entity(new RptIntrospectionResponse(false)).cacheControl(ServerUtil.cacheControl(true)).build();
}
final List<org.gluu.oxauth.model.uma.UmaPermission> permissions = buildStatusResponsePermissions(rpt);
// active status
final RptIntrospectionResponse statusResponse = new RptIntrospectionResponse();
statusResponse.setActive(true);
statusResponse.setExpiresAt(ServerUtil.dateToSeconds(rpt.getExpirationDate()));
statusResponse.setIssuedAt(ServerUtil.dateToSeconds(rpt.getCreationDate()));
statusResponse.setPermissions(permissions);
statusResponse.setClientId(rpt.getClientId());
statusResponse.setAud(rpt.getClientId());
statusResponse.setSub(rpt.getUserId());
final List<UmaPermission> rptPermissions = rptService.getRptPermissions(rpt);
if (!rptPermissions.isEmpty()) {
UmaPermission permission = rptPermissions.iterator().next();
String pctCode = permission.getAttributes().get(UmaPermission.PCT);
if (StringHelper.isNotEmpty(pctCode)) {
UmaPCT pct = pctService.getByCode(pctCode);
if (pct != null) {
statusResponse.setPctClaims(pct.getClaims().toMap());
} else {
log.error("Failed to find PCT with code: " + pctCode + " which is taken from permission object: " + permission.getDn());
}
} else {
log.trace("PCT code is blank for RPT: " + rpt.getCode());
}
}
JSONObject rptAsJson = new JSONObject(ServerUtil.asJson(statusResponse));
ExternalUmaRptClaimsContext context = new ExternalUmaRptClaimsContext(clientService.getClient(rpt.getClientId()), httpRequest, httpResponse);
if (externalUmaRptClaimsService.externalModify(rptAsJson, context)) {
log.trace("Successfully run external RPT Claims script associated with {}", rpt.getClientId());
} else {
rptAsJson = new JSONObject(ServerUtil.asJson(statusResponse));
log.trace("Canceled changes made by external RPT Claims script since method returned `false`.");
}
return Response.status(Response.Status.OK).entity(rptAsJson.toString()).type(MediaType.APPLICATION_JSON_TYPE).cacheControl(ServerUtil.cacheControl(true)).build();
} catch (Exception ex) {
log.error("Exception happened", ex);
if (ex instanceof WebApplicationException) {
throw (WebApplicationException) ex;
}
throw errorResponseFactory.createWebApplicationException(Response.Status.INTERNAL_SERVER_ERROR, UmaErrorResponseType.SERVER_ERROR, "Internal error.");
}
}
use of org.gluu.oxauth.service.external.context.ExternalUmaRptClaimsContext in project oxAuth by GluuFederation.
the class UmaRptService method runScriptAndInjectValuesIntoJwt.
private void runScriptAndInjectValuesIntoJwt(Jwt jwt, ExecutionContext executionContext) {
JSONObject responseAsJsonObject = new JSONObject();
ExternalUmaRptClaimsContext context = new ExternalUmaRptClaimsContext(executionContext);
if (externalUmaRptClaimsService.externalModify(responseAsJsonObject, context)) {
log.trace("Successfully run external RPT Claim scripts.");
if (context.isTranferPropertiesIntoJwtClaims()) {
log.trace("Transfering claims into jwt ...");
JwtUtil.transferIntoJwtClaims(responseAsJsonObject, jwt);
log.trace("Transfered.");
}
}
}
Aggregations