Example 1 with UmaProtectionException
use of org.gluu.oxtrust.exception.UmaProtectionException in project oxTrust by GluuFederation.
the class PassportRestWebService method processAuthorization.
protected Response processAuthorization(String authorization) {
if (!pasportUmaProtectionService.isEnabled()) {
log.info("UMA authentication is disabled");
return getErrorResponse(Response.Status.FORBIDDEN, "Passport configuration was disabled");
}
Token patToken;
try {
patToken = pasportUmaProtectionService.getPatToken();
} catch (UmaProtectionException ex) {
return getErrorResponse(Response.Status.FORBIDDEN, "Failed to obtain PAT token");
}
Pair<Boolean, Response> rptTokenValidationResult = umaPermissionService.validateRptToken(patToken, authorization, pasportUmaProtectionService.getUmaResourceId(), pasportUmaProtectionService.getUmaScope());
if (rptTokenValidationResult.getFirst()) {
if (rptTokenValidationResult.getSecond() != null) {
return rptTokenValidationResult.getSecond();
}
} else {
return getErrorResponse(Response.Status.FORBIDDEN, "Invalid GAT/RPT token");
}
return null;
}
Also used :
PassportConfigResponse(org.gluu.oxtrust.model.passport.PassportConfigResponse)
Response(javax.ws.rs.core.Response)
UmaProtectionException(org.gluu.oxtrust.exception.UmaProtectionException)
Token(org.xdi.oxauth.model.uma.wrapper.Token)
Example 2 with UmaProtectionException
use of org.gluu.oxtrust.exception.UmaProtectionException in project oxTrust by GluuFederation.
the class BaseUmaProtectionService method processUmaAuthorization.
Response processUmaAuthorization(String authorization, ResourceInfo resourceInfo) throws Exception {
List<String> scopes = getRequestedScopes(resourceInfo);
Token patToken = null;
try {
patToken = getPatToken();
} catch (UmaProtectionException ex) {
return getErrorResponse(Response.Status.INTERNAL_SERVER_ERROR, "Failed to obtain PAT token");
}
Pair<Boolean, Response> rptTokenValidationResult;
if (scopes.isEmpty()) {
rptTokenValidationResult = umaPermissionService.validateRptToken(patToken, authorization, getUmaResourceId(), scopes);
} else {
rptTokenValidationResult = umaPermissionService.validateRptToken(patToken, authorization, getUmaResourceId(), getUmaScope());
}
if (rptTokenValidationResult.getFirst()) {
if (rptTokenValidationResult.getSecond() != null) {
return rptTokenValidationResult.getSecond();
}
} else {
return getErrorResponse(Response.Status.UNAUTHORIZED, "Invalid GAT/RPT token");
}
return null;
}
Also used :
Response(javax.ws.rs.core.Response)
UmaProtectionException(org.gluu.oxtrust.exception.UmaProtectionException)
Token(org.xdi.oxauth.model.uma.wrapper.Token)
Example 3 with UmaProtectionException
use of org.gluu.oxtrust.exception.UmaProtectionException in project oxTrust by GluuFederation.
the class BaseUmaProtectionService method retrievePatToken.
private void retrievePatToken() throws UmaProtectionException {
this.umaPat = null;
if (umaMetadata == null) {
return;
}
String umaClientKeyStoreFile = getClientKeyStoreFile();
String umaClientKeyStorePassword = getClientKeyStorePassword();
if (StringHelper.isEmpty(umaClientKeyStoreFile) || StringHelper.isEmpty(umaClientKeyStorePassword)) {
throw new UmaProtectionException("UMA JKS keystore path or password is empty");
}
if (umaClientKeyStorePassword != null) {
try {
umaClientKeyStorePassword = encryptionService.decrypt(umaClientKeyStorePassword);
} catch (EncryptionException ex) {
log.error("Failed to decrypt UmaClientKeyStorePassword password", ex);
}
}
try {
this.umaPat = UmaClient.requestPat(umaMetadata.getTokenEndpoint(), umaClientKeyStoreFile, umaClientKeyStorePassword, getClientId(), getClientKeyId());
if (this.umaPat == null) {
this.umaPatAccessTokenExpiration = 0l;
} else {
this.umaPatAccessTokenExpiration = computeAccessTokenExpirationTime(this.umaPat.getExpiresIn());
}
} catch (Exception ex) {
throw new UmaProtectionException("Failed to obtain valid UMA PAT token", ex);
}
if ((this.umaPat == null) || (this.umaPat.getAccessToken() == null)) {
throw new UmaProtectionException("Failed to obtain valid UMA PAT token");
}
}
Also used :
UmaProtectionException(org.gluu.oxtrust.exception.UmaProtectionException)
EncryptionException(org.xdi.util.security.StringEncrypter.EncryptionException)
UmaProtectionException(org.gluu.oxtrust.exception.UmaProtectionException)
EncryptionException(org.xdi.util.security.StringEncrypter.EncryptionException)
Example 4 with UmaProtectionException
use of org.gluu.oxtrust.exception.UmaProtectionException in project oxTrust by GluuFederation.
the class BaseUmaProtectionService method retrievePatToken.
private void retrievePatToken() throws UmaProtectionException {
this.umaPat = null;
if (umaMetadata == null) {
return;
}
String umaClientKeyStoreFile = getClientKeyStoreFile();
String umaClientKeyStorePassword = getClientKeyStorePassword();
if (StringHelper.isEmpty(umaClientKeyStoreFile) || StringHelper.isEmpty(umaClientKeyStorePassword)) {
throw new UmaProtectionException("UMA JKS keystore path or password is empty");
}
if (umaClientKeyStorePassword != null) {
try {
umaClientKeyStorePassword = encryptionService.decrypt(umaClientKeyStorePassword);
} catch (EncryptionException ex) {
log.error("Failed to decrypt UmaClientKeyStorePassword password", ex);
}
}
try {
this.umaPat = UmaClient.requestPat(umaMetadata.getTokenEndpoint(), umaClientKeyStoreFile, umaClientKeyStorePassword, getClientId(), getClientKeyId());
if (this.umaPat == null) {
this.umaPatAccessTokenExpiration = 0l;
} else {
this.umaPatAccessTokenExpiration = computeAccessTokenExpirationTime(this.umaPat.getExpiresIn());
}
} catch (Exception ex) {
throw new UmaProtectionException("Failed to obtain valid UMA PAT token", ex);
}
if ((this.umaPat == null) || (this.umaPat.getAccessToken() == null)) {
throw new UmaProtectionException("Failed to obtain valid UMA PAT token");
}
}
Also used :
UmaProtectionException(org.gluu.oxtrust.exception.UmaProtectionException)
EncryptionException(org.gluu.util.security.StringEncrypter.EncryptionException)
EncryptionException(org.gluu.util.security.StringEncrypter.EncryptionException)
UmaProtectionException(org.gluu.oxtrust.exception.UmaProtectionException)
Example 5 with UmaProtectionException
use of org.gluu.oxtrust.exception.UmaProtectionException in project oxTrust by GluuFederation.
the class BaseUmaProtectionService method processUmaAuthorization.
Response processUmaAuthorization(String authorization, ResourceInfo resourceInfo) throws Exception {
List<String> scopes = getRequestedScopes(resourceInfo);
Token patToken = null;
try {
patToken = getPatToken();
} catch (UmaProtectionException ex) {
return IProtectionService.simpleResponse(Response.Status.INTERNAL_SERVER_ERROR, "Failed to obtain PAT token");
}
Pair<Boolean, Response> rptTokenValidationResult;
if (!scopes.isEmpty()) {
rptTokenValidationResult = umaPermissionService.validateRptToken(patToken, authorization, getUmaResourceId(), scopes);
} else {
rptTokenValidationResult = umaPermissionService.validateRptToken(patToken, authorization, getUmaResourceId(), getUmaScope());
}
if (rptTokenValidationResult.getFirst()) {
if (rptTokenValidationResult.getSecond() != null) {
return rptTokenValidationResult.getSecond();
}
} else {
return IProtectionService.simpleResponse(Response.Status.UNAUTHORIZED, "Invalid GAT/RPT token");
}
return null;
}
Also used :
Response(javax.ws.rs.core.Response)
UmaProtectionException(org.gluu.oxtrust.exception.UmaProtectionException)
Token(org.gluu.oxauth.model.uma.wrapper.Token)
Aggregations
UmaProtectionException (org.gluu.oxtrust.exception.UmaProtectionException)5
Response (javax.ws.rs.core.Response)3
Token (org.xdi.oxauth.model.uma.wrapper.Token)2
Token (org.gluu.oxauth.model.uma.wrapper.Token)1
PassportConfigResponse (org.gluu.oxtrust.model.passport.PassportConfigResponse)1
EncryptionException (org.gluu.util.security.StringEncrypter.EncryptionException)1
EncryptionException (org.xdi.util.security.StringEncrypter.EncryptionException)1
