Search in sources :

Example 1 with ExternalUmaRptClaimsContext

use of org.gluu.oxauth.service.external.context.ExternalUmaRptClaimsContext in project oxAuth by GluuFederation.

the class UmaRptIntrospectionWS method introspect.

private Response introspect(String authorization, String token, String tokenTypeHint, HttpServletRequest httpRequest, HttpServletResponse httpResponse) {
    try {
        umaValidationService.assertHasProtectionScope(authorization);
        final UmaRPT rpt = rptService.getRPTByCode(token);
        if (!isValid(rpt)) {
            return Response.status(Response.Status.OK).entity(new RptIntrospectionResponse(false)).cacheControl(ServerUtil.cacheControl(true)).build();
        }
        final List<org.gluu.oxauth.model.uma.UmaPermission> permissions = buildStatusResponsePermissions(rpt);
        // active status
        final RptIntrospectionResponse statusResponse = new RptIntrospectionResponse();
        statusResponse.setActive(true);
        statusResponse.setExpiresAt(ServerUtil.dateToSeconds(rpt.getExpirationDate()));
        statusResponse.setIssuedAt(ServerUtil.dateToSeconds(rpt.getCreationDate()));
        statusResponse.setPermissions(permissions);
        statusResponse.setClientId(rpt.getClientId());
        statusResponse.setAud(rpt.getClientId());
        statusResponse.setSub(rpt.getUserId());
        final List<UmaPermission> rptPermissions = rptService.getRptPermissions(rpt);
        if (!rptPermissions.isEmpty()) {
            UmaPermission permission = rptPermissions.iterator().next();
            String pctCode = permission.getAttributes().get(UmaPermission.PCT);
            if (StringHelper.isNotEmpty(pctCode)) {
                UmaPCT pct = pctService.getByCode(pctCode);
                if (pct != null) {
                    statusResponse.setPctClaims(pct.getClaims().toMap());
                } else {
                    log.error("Failed to find PCT with code: " + pctCode + " which is taken from permission object: " + permission.getDn());
                }
            } else {
                log.trace("PCT code is blank for RPT: " + rpt.getCode());
            }
        }
        JSONObject rptAsJson = new JSONObject(ServerUtil.asJson(statusResponse));
        ExternalUmaRptClaimsContext context = new ExternalUmaRptClaimsContext(clientService.getClient(rpt.getClientId()), httpRequest, httpResponse);
        if (externalUmaRptClaimsService.externalModify(rptAsJson, context)) {
            log.trace("Successfully run external RPT Claims script associated with {}", rpt.getClientId());
        } else {
            rptAsJson = new JSONObject(ServerUtil.asJson(statusResponse));
            log.trace("Canceled changes made by external RPT Claims script since method returned `false`.");
        }
        return Response.status(Response.Status.OK).entity(rptAsJson.toString()).type(MediaType.APPLICATION_JSON_TYPE).cacheControl(ServerUtil.cacheControl(true)).build();
    } catch (Exception ex) {
        log.error("Exception happened", ex);
        if (ex instanceof WebApplicationException) {
            throw (WebApplicationException) ex;
        }
        throw errorResponseFactory.createWebApplicationException(Response.Status.INTERNAL_SERVER_ERROR, UmaErrorResponseType.SERVER_ERROR, "Internal error.");
    }
}
Also used : UmaPCT(org.gluu.oxauth.uma.authorization.UmaPCT) ExternalUmaRptClaimsContext(org.gluu.oxauth.service.external.context.ExternalUmaRptClaimsContext) RptIntrospectionResponse(org.gluu.oxauth.model.uma.RptIntrospectionResponse) UmaRPT(org.gluu.oxauth.uma.authorization.UmaRPT) JSONObject(org.json.JSONObject) UmaPermission(org.gluu.oxauth.model.uma.persistence.UmaPermission)

Example 2 with ExternalUmaRptClaimsContext

use of org.gluu.oxauth.service.external.context.ExternalUmaRptClaimsContext in project oxAuth by GluuFederation.

the class UmaRptService method runScriptAndInjectValuesIntoJwt.

private void runScriptAndInjectValuesIntoJwt(Jwt jwt, ExecutionContext executionContext) {
    JSONObject responseAsJsonObject = new JSONObject();
    ExternalUmaRptClaimsContext context = new ExternalUmaRptClaimsContext(executionContext);
    if (externalUmaRptClaimsService.externalModify(responseAsJsonObject, context)) {
        log.trace("Successfully run external RPT Claim scripts.");
        if (context.isTranferPropertiesIntoJwtClaims()) {
            log.trace("Transfering claims into jwt ...");
            JwtUtil.transferIntoJwtClaims(responseAsJsonObject, jwt);
            log.trace("Transfered.");
        }
    }
}
Also used : ExternalUmaRptClaimsContext(org.gluu.oxauth.service.external.context.ExternalUmaRptClaimsContext) JSONObject(org.json.JSONObject)

Aggregations

ExternalUmaRptClaimsContext (org.gluu.oxauth.service.external.context.ExternalUmaRptClaimsContext)2 JSONObject (org.json.JSONObject)2 RptIntrospectionResponse (org.gluu.oxauth.model.uma.RptIntrospectionResponse)1 UmaPermission (org.gluu.oxauth.model.uma.persistence.UmaPermission)1 UmaPCT (org.gluu.oxauth.uma.authorization.UmaPCT)1 UmaRPT (org.gluu.oxauth.uma.authorization.UmaRPT)1