Search in sources :

Example 6 with Pair

use of org.gluu.util.Pair in project oxTrust by GluuFederation.

the class UmaPermissionService method validateRptToken.

public Pair<Boolean, Response> validateRptToken(Token patToken, String authorization, String resourceId, List<String> scopeIds) {
    /*
		 * //caller of this method never pass null patToken if (patToken == null) {
		 * return authenticationFailure; }
		 */
    log.trace("Validating RPT, resourceId: {}, scopeIds: {}, authorization: {}", resourceId, scopeIds, authorization);
    if (StringHelper.isNotEmpty(authorization) && authorization.startsWith("Bearer ")) {
        String rptToken = authorization.substring(7);
        RptIntrospectionResponse rptStatusResponse = getStatusResponse(patToken, rptToken);
        log.trace("RPT status response: {} ", rptStatusResponse);
        if ((rptStatusResponse == null) || !rptStatusResponse.getActive()) {
            log.warn("Status response for RPT token: '{}' is invalid, will do a retry", rptToken);
        } else {
            boolean rptHasPermissions = isRptHasPermissions(rptStatusResponse);
            if (rptHasPermissions) {
                // Collect all scopes
                List<String> returnScopeIds = new LinkedList<String>();
                for (UmaPermission umaPermission : rptStatusResponse.getPermissions()) {
                    if (umaPermission.getScopes() != null) {
                        returnScopeIds.addAll(umaPermission.getScopes());
                    }
                }
                if (returnScopeIds.containsAll(scopeIds)) {
                    return authenticationSuccess;
                }
                log.error("Status response for RPT token: '{}' not contains right permissions", rptToken);
            }
        }
    }
    Response registerPermissionsResponse = prepareRegisterPermissionsResponse(patToken, resourceId, scopeIds);
    if (registerPermissionsResponse == null) {
        return authenticationFailure;
    }
    return new Pair<Boolean, Response>(true, registerPermissionsResponse);
}
Also used : RptIntrospectionResponse(org.gluu.oxauth.model.uma.RptIntrospectionResponse) Response(javax.ws.rs.core.Response) HttpResponse(org.apache.http.HttpResponse) RptIntrospectionResponse(org.gluu.oxauth.model.uma.RptIntrospectionResponse) UmaPermission(org.gluu.oxauth.model.uma.UmaPermission) LinkedList(java.util.LinkedList) Pair(org.gluu.util.Pair)

Aggregations

Pair (org.gluu.util.Pair)6 AuthorizationGrant (org.gluu.oxauth.model.common.AuthorizationGrant)2 URISyntaxException (java.net.URISyntaxException)1 ArrayList (java.util.ArrayList)1 Date (java.util.Date)1 LinkedList (java.util.LinkedList)1 WebApplicationException (javax.ws.rs.WebApplicationException)1 Response (javax.ws.rs.core.Response)1 HttpResponse (org.apache.http.HttpResponse)1 AbstractToken (org.gluu.oxauth.model.common.AbstractToken)1 SessionId (org.gluu.oxauth.model.common.SessionId)1 SimpleUser (org.gluu.oxauth.model.common.SimpleUser)1 User (org.gluu.oxauth.model.common.User)1 InvalidJwtException (org.gluu.oxauth.model.exception.InvalidJwtException)1 RptIntrospectionResponse (org.gluu.oxauth.model.uma.RptIntrospectionResponse)1 UmaPermission (org.gluu.oxauth.model.uma.UmaPermission)1 GluuInumMap (org.gluu.oxtrust.ldap.cache.model.GluuInumMap)1 GluuSimplePerson (org.gluu.oxtrust.ldap.cache.model.GluuSimplePerson)1 PersistenceEntryManager (org.gluu.persist.PersistenceEntryManager)1 BasePersistenceException (org.gluu.persist.exception.BasePersistenceException)1