use of org.gluu.util.Pair in project oxTrust by GluuFederation.
the class UmaPermissionService method validateRptToken.
public Pair<Boolean, Response> validateRptToken(Token patToken, String authorization, String resourceId, List<String> scopeIds) {
/*
* //caller of this method never pass null patToken if (patToken == null) {
* return authenticationFailure; }
*/
log.trace("Validating RPT, resourceId: {}, scopeIds: {}, authorization: {}", resourceId, scopeIds, authorization);
if (StringHelper.isNotEmpty(authorization) && authorization.startsWith("Bearer ")) {
String rptToken = authorization.substring(7);
RptIntrospectionResponse rptStatusResponse = getStatusResponse(patToken, rptToken);
log.trace("RPT status response: {} ", rptStatusResponse);
if ((rptStatusResponse == null) || !rptStatusResponse.getActive()) {
log.warn("Status response for RPT token: '{}' is invalid, will do a retry", rptToken);
} else {
boolean rptHasPermissions = isRptHasPermissions(rptStatusResponse);
if (rptHasPermissions) {
// Collect all scopes
List<String> returnScopeIds = new LinkedList<String>();
for (UmaPermission umaPermission : rptStatusResponse.getPermissions()) {
if (umaPermission.getScopes() != null) {
returnScopeIds.addAll(umaPermission.getScopes());
}
}
if (returnScopeIds.containsAll(scopeIds)) {
return authenticationSuccess;
}
log.error("Status response for RPT token: '{}' not contains right permissions", rptToken);
}
}
}
Response registerPermissionsResponse = prepareRegisterPermissionsResponse(patToken, resourceId, scopeIds);
if (registerPermissionsResponse == null) {
return authenticationFailure;
}
return new Pair<Boolean, Response>(true, registerPermissionsResponse);
}
Aggregations