Example 46 with Scope
use of org.oxauth.persistence.model.Scope in project oxAuth by GluuFederation.
the class GluuConfigurationWS method createScopeToClaimsMapping.
private Map<String, Set<String>> createScopeToClaimsMapping() {
Map<String, Set<String>> result = new HashMap<String, Set<String>>();
try {
for (Scope scope : scopeService.getAllScopesList()) {
final Set<String> claimsList = new HashSet<String>();
result.put(scope.getId(), claimsList);
final List<String> claimIdList = scope.getOxAuthClaims();
if (claimIdList != null && !claimIdList.isEmpty()) {
for (String claimDn : claimIdList) {
final GluuAttribute attribute = attributeService.getAttributeByDn(claimDn);
final String claimName = attribute.getOxAuthClaimName();
if (StringUtils.isNotBlank(claimName)) {
claimsList.add(claimName);
}
}
}
}
} catch (Exception e) {
log.error(e.getMessage(), e);
}
return result;
}
Also used :
Scope(org.oxauth.persistence.model.Scope)
WebApplicationException(javax.ws.rs.WebApplicationException)
GluuAttribute(org.gluu.model.GluuAttribute)
Example 47 with Scope
use of org.oxauth.persistence.model.Scope in project oxAuth by GluuFederation.
the class UmaNeedsInfoService method checkNeedsInfo.
public Map<UmaScriptByScope, UmaAuthorizationContext> checkNeedsInfo(Claims claims, Map<Scope, Boolean> requestedScopes, List<UmaPermission> permissions, UmaPCT pct, HttpServletRequest httpRequest, Client client) {
Map<UmaScriptByScope, UmaAuthorizationContext> scriptMap = new HashMap<UmaScriptByScope, UmaAuthorizationContext>();
Map<String, String> ticketAttributes = new HashMap<String, String>();
List<ClaimDefinition> missedClaims = new ArrayList<ClaimDefinition>();
UmaAuthorizationContextBuilder contextBuilder = new UmaAuthorizationContextBuilder(appConfiguration, attributeService, resourceService, permissions, requestedScopes, claims, httpRequest, sessionService, userService, permissionService, client);
for (Scope scope : requestedScopes.keySet()) {
List<String> authorizationPolicies = scope.getUmaAuthorizationPolicies();
if (authorizationPolicies != null && !authorizationPolicies.isEmpty()) {
for (String scriptDN : authorizationPolicies) {
// log.trace("Loading UMA script: " + scriptDN + ", scope: " + scope + " ...");
CustomScriptConfiguration script = policyService.getScriptByDn(scriptDN);
if (script != null) {
UmaAuthorizationContext context = contextBuilder.build(script);
scriptMap.put(new UmaScriptByScope(scope, script), context);
List<ClaimDefinition> requiredClaims = policyService.getRequiredClaims(script, context);
if (requiredClaims != null && !requiredClaims.isEmpty()) {
for (ClaimDefinition definition : requiredClaims) {
if (!claims.has(definition.getName())) {
missedClaims.add(definition);
}
}
}
String claimsGatheringScriptName = policyService.getClaimsGatheringScriptName(script, context);
if (StringUtils.isNotBlank(claimsGatheringScriptName)) {
ticketAttributes.put(UmaConstants.GATHERING_ID, constructGatheringScriptNameValue(ticketAttributes.get(UmaConstants.GATHERING_ID), claimsGatheringScriptName));
} else {
log.debug("External 'getClaimsGatheringScriptName' script method return null or blank value, script: " + script.getName());
}
} else {
log.error("Unable to load UMA script dn: '{}'", scriptDN);
}
}
} else {
log.trace("No policies defined for scope: " + scope.getId() + ", scopeDn: " + scope.getDn());
}
}
if (!missedClaims.isEmpty()) {
ticketAttributes.put(UmaPermission.PCT, pct.getCode());
String newTicket = permissionService.changeTicket(permissions, ticketAttributes);
UmaNeedInfoResponse needInfoResponse = new UmaNeedInfoResponse();
needInfoResponse.setTicket(newTicket);
needInfoResponse.setError("need_info");
needInfoResponse.setRedirectUser(buildClaimsGatheringRedirectUri(scriptMap.values(), client, newTicket));
needInfoResponse.setRequiredClaims(missedClaims);
throw new WebApplicationException(Response.status(Response.Status.FORBIDDEN).entity(ServerUtil.asJsonSilently(needInfoResponse)).build());
}
return scriptMap;
}
Also used :
UmaNeedInfoResponse(org.gluu.oxauth.model.uma.UmaNeedInfoResponse)
WebApplicationException(javax.ws.rs.WebApplicationException)
ClaimDefinition(org.gluu.model.uma.ClaimDefinition)
Scope(org.oxauth.persistence.model.Scope)
CustomScriptConfiguration(org.gluu.model.custom.script.conf.CustomScriptConfiguration)
Example 48 with Scope
use of org.oxauth.persistence.model.Scope in project oxAuth by GluuFederation.
the class UmaScopeService method addScope.
private Scope addScope(String scopeId) {
final Boolean addAutomatically = appConfiguration.getUmaAddScopesAutomatically();
if (addAutomatically != null && addAutomatically) {
final String inum = inumService.generateInum();
final Scope newScope = new Scope();
newScope.setScopeType(ScopeType.UMA);
newScope.setInum(inum);
newScope.setDisplayName(scopeId);
newScope.setId(scopeId);
newScope.setDeletable(false);
final boolean persisted = persist(newScope);
if (persisted) {
return newScope;
} else {
log.error("Failed to persist scope, id:{}" + scopeId);
}
}
throw errorResponseFactory.createWebApplicationException(Response.Status.BAD_REQUEST, UmaErrorResponseType.INVALID_SCOPE, "Failed to persist scope.");
}
Also used :
Scope(org.oxauth.persistence.model.Scope)
Example 49 with Scope
use of org.oxauth.persistence.model.Scope in project oxAuth by GluuFederation.
the class UmaScopeService method getScope.
public Scope getScope(String scopeId) {
try {
final Filter filter = Filter.createEqualityFilter("oxId", scopeId);
final List<Scope> entries = ldapEntryManager.findEntries(baseDn(), Scope.class, filter);
if (entries != null && !entries.isEmpty()) {
// if more then one scope then it's problem, non-deterministic behavior, id must be unique
if (entries.size() > 1) {
log.error("Found more then one UMA scope, id: {}", scopeId);
for (Scope s : entries) {
log.error("Scope, Id: {}, dn: {}", s.getId(), s.getDn());
}
}
return entries.get(0);
}
} catch (Exception e) {
log.error(e.getMessage(), e);
}
return null;
}Example 50 with Scope
use of org.oxauth.persistence.model.Scope in project oxAuth by GluuFederation.
the class UmaTokenService method updatePermissionsWithClientRequestedScope.
private void updatePermissionsWithClientRequestedScope(List<UmaPermission> permissions, Map<Scope, Boolean> scopes) {
log.trace("Updating permissions with requested scopes ...");
for (UmaPermission permission : permissions) {
Set<String> scopeDns = new HashSet<>(permission.getScopeDns());
for (Map.Entry<Scope, Boolean> entry : scopes.entrySet()) {
log.trace("Updating permissions with scope: " + entry.getKey().getId() + ", isRequestedScope: " + entry.getValue() + ", permisson: " + permission.getDn());
scopeDns.add(entry.getKey().getDn());
}
permission.setScopeDns(new ArrayList<>(scopeDns));
}
}
Also used :
Scope(org.oxauth.persistence.model.Scope)
UmaPermission(org.gluu.oxauth.model.uma.persistence.UmaPermission)
Aggregations
Scope (org.oxauth.persistence.model.Scope)63
ArrayList (java.util.ArrayList)15
IOException (java.io.IOException)12
Operation (io.swagger.v3.oas.annotations.Operation)10
ProtectedApi (org.gluu.oxtrust.service.filter.ProtectedApi)10
ApiResponses (io.swagger.v3.oas.annotations.responses.ApiResponses)9
HttpEntity (org.apache.http.HttpEntity)8
HttpResponse (org.apache.http.HttpResponse)8
ParseException (org.apache.http.ParseException)8
GluuAttribute (org.gluu.model.GluuAttribute)8
Test (org.junit.Test)8
User (org.gluu.oxauth.model.common.User)7
ArgumentMatchers.anyString (org.mockito.ArgumentMatchers.anyString)7
Test (org.testng.annotations.Test)7
BasePersistenceException (org.gluu.persist.exception.BasePersistenceException)5
HttpGet (org.apache.http.client.methods.HttpGet)4
HttpPost (org.apache.http.client.methods.HttpPost)4
HttpUriRequest (org.apache.http.client.methods.HttpUriRequest)4
ByteArrayEntity (org.apache.http.entity.ByteArrayEntity)4
Filter (org.gluu.search.filter.Filter)4
