use of org.gluu.oxauth.uma.authorization.UmaRPT in project oxAuth by GluuFederation.
the class UmaRptIntrospectionWS method introspect.
private Response introspect(String authorization, String token, String tokenTypeHint, HttpServletRequest httpRequest, HttpServletResponse httpResponse) {
try {
umaValidationService.assertHasProtectionScope(authorization);
final UmaRPT rpt = rptService.getRPTByCode(token);
if (!isValid(rpt)) {
return Response.status(Response.Status.OK).entity(new RptIntrospectionResponse(false)).cacheControl(ServerUtil.cacheControl(true)).build();
}
final List<org.gluu.oxauth.model.uma.UmaPermission> permissions = buildStatusResponsePermissions(rpt);
// active status
final RptIntrospectionResponse statusResponse = new RptIntrospectionResponse();
statusResponse.setActive(true);
statusResponse.setExpiresAt(ServerUtil.dateToSeconds(rpt.getExpirationDate()));
statusResponse.setIssuedAt(ServerUtil.dateToSeconds(rpt.getCreationDate()));
statusResponse.setPermissions(permissions);
statusResponse.setClientId(rpt.getClientId());
statusResponse.setAud(rpt.getClientId());
statusResponse.setSub(rpt.getUserId());
final List<UmaPermission> rptPermissions = rptService.getRptPermissions(rpt);
if (!rptPermissions.isEmpty()) {
UmaPermission permission = rptPermissions.iterator().next();
String pctCode = permission.getAttributes().get(UmaPermission.PCT);
if (StringHelper.isNotEmpty(pctCode)) {
UmaPCT pct = pctService.getByCode(pctCode);
if (pct != null) {
statusResponse.setPctClaims(pct.getClaims().toMap());
} else {
log.error("Failed to find PCT with code: " + pctCode + " which is taken from permission object: " + permission.getDn());
}
} else {
log.trace("PCT code is blank for RPT: " + rpt.getCode());
}
}
JSONObject rptAsJson = new JSONObject(ServerUtil.asJson(statusResponse));
ExternalUmaRptClaimsContext context = new ExternalUmaRptClaimsContext(clientService.getClient(rpt.getClientId()), httpRequest, httpResponse);
if (externalUmaRptClaimsService.externalModify(rptAsJson, context)) {
log.trace("Successfully run external RPT Claims script associated with {}", rpt.getClientId());
} else {
rptAsJson = new JSONObject(ServerUtil.asJson(statusResponse));
log.trace("Canceled changes made by external RPT Claims script since method returned `false`.");
}
return Response.status(Response.Status.OK).entity(rptAsJson.toString()).type(MediaType.APPLICATION_JSON_TYPE).cacheControl(ServerUtil.cacheControl(true)).build();
} catch (Exception ex) {
log.error("Exception happened", ex);
if (ex instanceof WebApplicationException) {
throw (WebApplicationException) ex;
}
throw errorResponseFactory.createWebApplicationException(Response.Status.INTERNAL_SERVER_ERROR, UmaErrorResponseType.SERVER_ERROR, "Internal error.");
}
}
use of org.gluu.oxauth.uma.authorization.UmaRPT in project oxAuth by GluuFederation.
the class UmaRptService method createRPTAndPersist.
public UmaRPT createRPTAndPersist(ExecutionContext executionContext, List<UmaPermission> permissions) {
try {
final Date creationDate = new Date();
final Date expirationDate = rptExpirationDate();
final Client client = executionContext.getClient();
final String code;
if (client.isRptAsJwt()) {
code = createRptJwt(executionContext, permissions, creationDate, expirationDate);
} else {
code = UUID.randomUUID().toString() + "_" + INumGenerator.generate(8);
}
UmaRPT rpt = new UmaRPT(code, creationDate, expirationDate, null, client.getClientId());
rpt.setPermissions(getPermissionDns(permissions));
persist(rpt);
statService.reportUmaToken(GrantType.OXAUTH_UMA_TICKET);
return rpt;
} catch (Exception e) {
log.error(e.getMessage(), e);
throw new RuntimeException("Failed to generate RPT, clientId: " + executionContext.getClient().getClientId(), e);
}
}
use of org.gluu.oxauth.uma.authorization.UmaRPT in project oxAuth by GluuFederation.
the class CleanerTimerTest method umaRpt_whichIsExpiredAndDeletable_MustBeRemoved.
@Test
public void umaRpt_whichIsExpiredAndDeletable_MustBeRemoved() throws StringEncrypter.EncryptionException {
final Client client = createClient();
clientService.persist(client);
// 1. create RPT
final ExecutionContext executionContext = new ExecutionContext(null, null);
executionContext.setClient(client);
final UmaRPT rpt = umaRptService.createRPTAndPersist(executionContext, Lists.newArrayList());
// 2. RPT exists
assertNotNull(umaRptService.getRPTByCode(rpt.getNotHashedCode()));
// 3. clean up
cleanerTimer.processImpl();
cacheService.clear();
// 4. RPT exists
assertNotNull(umaRptService.getRPTByCode(rpt.getNotHashedCode()));
final Calendar calendar = new GregorianCalendar(TimeZone.getTimeZone("UTC"));
calendar.add(Calendar.MINUTE, -10);
rpt.setExpirationDate(calendar.getTime());
umaRptService.merge(rpt);
// 5. clean up
cleanerTimer.processImpl();
cacheService.clear();
// 6. no RPT in persistence
assertNull(umaRptService.getRPTByCode(rpt.getNotHashedCode()));
}
Aggregations