Examples with UmaRPT org.gluu.oxauth.uma.authorization.UmaRPT used on opensource projects

Example 1 with UmaRPT

use of org.gluu.oxauth.uma.authorization.UmaRPT in project oxAuth by GluuFederation.

the class UmaRptIntrospectionWS method introspect.

private Response introspect(String authorization, String token, String tokenTypeHint, HttpServletRequest httpRequest, HttpServletResponse httpResponse) {
    try {
        umaValidationService.assertHasProtectionScope(authorization);
        final UmaRPT rpt = rptService.getRPTByCode(token);
        if (!isValid(rpt)) {
            return Response.status(Response.Status.OK).entity(new RptIntrospectionResponse(false)).cacheControl(ServerUtil.cacheControl(true)).build();
        }
        final List<org.gluu.oxauth.model.uma.UmaPermission> permissions = buildStatusResponsePermissions(rpt);
        // active status
        final RptIntrospectionResponse statusResponse = new RptIntrospectionResponse();
        statusResponse.setActive(true);
        statusResponse.setExpiresAt(ServerUtil.dateToSeconds(rpt.getExpirationDate()));
        statusResponse.setIssuedAt(ServerUtil.dateToSeconds(rpt.getCreationDate()));
        statusResponse.setPermissions(permissions);
        statusResponse.setClientId(rpt.getClientId());
        statusResponse.setAud(rpt.getClientId());
        statusResponse.setSub(rpt.getUserId());
        final List<UmaPermission> rptPermissions = rptService.getRptPermissions(rpt);
        if (!rptPermissions.isEmpty()) {
            UmaPermission permission = rptPermissions.iterator().next();
            String pctCode = permission.getAttributes().get(UmaPermission.PCT);
            if (StringHelper.isNotEmpty(pctCode)) {
                UmaPCT pct = pctService.getByCode(pctCode);
                if (pct != null) {
                    statusResponse.setPctClaims(pct.getClaims().toMap());
                } else {
                    log.error("Failed to find PCT with code: " + pctCode + " which is taken from permission object: " + permission.getDn());
                }
            } else {
                log.trace("PCT code is blank for RPT: " + rpt.getCode());
            }
        }
        JSONObject rptAsJson = new JSONObject(ServerUtil.asJson(statusResponse));
        ExternalUmaRptClaimsContext context = new ExternalUmaRptClaimsContext(clientService.getClient(rpt.getClientId()), httpRequest, httpResponse);
        if (externalUmaRptClaimsService.externalModify(rptAsJson, context)) {
            log.trace("Successfully run external RPT Claims script associated with {}", rpt.getClientId());
        } else {
            rptAsJson = new JSONObject(ServerUtil.asJson(statusResponse));
            log.trace("Canceled changes made by external RPT Claims script since method returned `false`.");
        }
        return Response.status(Response.Status.OK).entity(rptAsJson.toString()).type(MediaType.APPLICATION_JSON_TYPE).cacheControl(ServerUtil.cacheControl(true)).build();
    } catch (Exception ex) {
        log.error("Exception happened", ex);
        if (ex instanceof WebApplicationException) {
            throw (WebApplicationException) ex;
        }
        throw errorResponseFactory.createWebApplicationException(Response.Status.INTERNAL_SERVER_ERROR, UmaErrorResponseType.SERVER_ERROR, "Internal error.");
    }
}

Example 2 with UmaRPT

use of org.gluu.oxauth.uma.authorization.UmaRPT in project oxAuth by GluuFederation.

the class UmaRptService method createRPTAndPersist.

public UmaRPT createRPTAndPersist(ExecutionContext executionContext, List<UmaPermission> permissions) {
    try {
        final Date creationDate = new Date();
        final Date expirationDate = rptExpirationDate();
        final Client client = executionContext.getClient();
        final String code;
        if (client.isRptAsJwt()) {
            code = createRptJwt(executionContext, permissions, creationDate, expirationDate);
        } else {
            code = UUID.randomUUID().toString() + "_" + INumGenerator.generate(8);
        }
        UmaRPT rpt = new UmaRPT(code, creationDate, expirationDate, null, client.getClientId());
        rpt.setPermissions(getPermissionDns(permissions));
        persist(rpt);
        statService.reportUmaToken(GrantType.OXAUTH_UMA_TICKET);
        return rpt;
    } catch (Exception e) {
        log.error(e.getMessage(), e);
        throw new RuntimeException("Failed to generate RPT, clientId: " + executionContext.getClient().getClientId(), e);
    }
}

Example 3 with UmaRPT

use of org.gluu.oxauth.uma.authorization.UmaRPT in project oxAuth by GluuFederation.

the class CleanerTimerTest method umaRpt_whichIsExpiredAndDeletable_MustBeRemoved.

@Test
public void umaRpt_whichIsExpiredAndDeletable_MustBeRemoved() throws StringEncrypter.EncryptionException {
    final Client client = createClient();
    clientService.persist(client);
    // 1. create RPT
    final ExecutionContext executionContext = new ExecutionContext(null, null);
    executionContext.setClient(client);
    final UmaRPT rpt = umaRptService.createRPTAndPersist(executionContext, Lists.newArrayList());
    // 2. RPT exists
    assertNotNull(umaRptService.getRPTByCode(rpt.getNotHashedCode()));
    // 3. clean up
    cleanerTimer.processImpl();
    cacheService.clear();
    // 4. RPT exists
    assertNotNull(umaRptService.getRPTByCode(rpt.getNotHashedCode()));
    final Calendar calendar = new GregorianCalendar(TimeZone.getTimeZone("UTC"));
    calendar.add(Calendar.MINUTE, -10);
    rpt.setExpirationDate(calendar.getTime());
    umaRptService.merge(rpt);
    // 5. clean up
    cleanerTimer.processImpl();
    cacheService.clear();
    // 6. no RPT in persistence
    assertNull(umaRptService.getRPTByCode(rpt.getNotHashedCode()));
}