Examples with Scope org.oxauth.persistence.model.Scope used on opensource projects

Search in sources :

Example 51 with Scope

use of org.oxauth.persistence.model.Scope in project oxAuth by GluuFederation.

the class UmaScopeWS method getScopeDescription.

@GET
@Path("{id}")
@Produces({ UmaConstants.JSON_MEDIA_TYPE })
public Response getScopeDescription(@PathParam("id") String id) {
    log.trace("UMA - get scope description: id: {}", id);
    try {
        if (StringUtils.isNotBlank(id)) {
            final Scope scope = umaScopeService.getScope(id);
            if (scope != null) {
                final UmaScopeDescription jsonScope = new UmaScopeDescription();
                jsonScope.setIconUri(scope.getIconUrl());
                jsonScope.setName(scope.getId());
                jsonScope.setDescription(scope.getDescription());
                return Response.status(Response.Status.OK).entity(ServerUtil.asJson(jsonScope)).build();
            }
        }
    } catch (Exception e) {
        log.error(e.getMessage(), e);
        throw errorResponseFactory.createWebApplicationException(Response.Status.INTERNAL_SERVER_ERROR, UmaErrorResponseType.SERVER_ERROR, "Internal error.");
    }
    throw errorResponseFactory.createWebApplicationException(Response.Status.NOT_FOUND, UmaErrorResponseType.NOT_FOUND, "Not found.");
}
Also used : Scope(org.oxauth.persistence.model.Scope) UmaScopeDescription(org.gluu.oxauth.model.uma.UmaScopeDescription) Path(javax.ws.rs.Path) Produces(javax.ws.rs.Produces) GET(javax.ws.rs.GET)

Example 52 with Scope

use of org.oxauth.persistence.model.Scope in project oxAuth by GluuFederation.

the class UserInfoRestWebServiceImpl method getJSonResponse.

/**
 * Builds a JSon String with the response parameters.
 */
public String getJSonResponse(User user, AuthorizationGrant authorizationGrant, Collection<String> scopes) throws Exception {
    log.trace("Building JSON reponse with next scopes {0} for user {1} and user custom attributes {0}", scopes, user.getUserId(), user.getCustomAttributes());
    JsonWebResponse jsonWebResponse = new JsonWebResponse();
    // Claims
    List<Scope> dynamicScopes = new ArrayList<Scope>();
    for (String scopeName : scopes) {
        org.oxauth.persistence.model.Scope scope = scopeService.getScopeById(scopeName);
        if ((scope != null) && (org.gluu.oxauth.model.common.ScopeType.DYNAMIC == scope.getScopeType())) {
            dynamicScopes.add(scope);
            continue;
        }
        Map<String, Object> claims = scopeService.getClaims(user, scope);
        if (claims == null) {
            continue;
        }
        if (scope != null && Boolean.TRUE.equals(scope.isOxAuthGroupClaims())) {
            JwtSubClaimObject groupClaim = new JwtSubClaimObject();
            groupClaim.setName(scope.getId());
            for (Map.Entry<String, Object> entry : claims.entrySet()) {
                String key = entry.getKey();
                Object value = entry.getValue();
                if (value instanceof List) {
                    groupClaim.setClaim(key, (List<String>) value);
                } else {
                    groupClaim.setClaim(key, String.valueOf(value));
                }
            }
            jsonWebResponse.getClaims().setClaim(scope.getId(), groupClaim);
        } else {
            for (Map.Entry<String, Object> entry : claims.entrySet()) {
                String key = entry.getKey();
                Object value = entry.getValue();
                if (value instanceof List) {
                    jsonWebResponse.getClaims().setClaim(key, (List<String>) value);
                } else if (value instanceof Boolean) {
                    jsonWebResponse.getClaims().setClaim(key, (Boolean) value);
                } else if (value instanceof Date) {
                    jsonWebResponse.getClaims().setClaim(key, ((Date) value).getTime() / 1000);
                } else {
                    jsonWebResponse.getClaims().setClaim(key, String.valueOf(value));
                }
            }
        }
    }
    if (authorizationGrant.getClaims() != null) {
        JSONObject claimsObj = new JSONObject(authorizationGrant.getClaims());
        if (claimsObj.has("userinfo")) {
            JSONObject userInfoObj = claimsObj.getJSONObject("userinfo");
            for (Iterator<String> it = userInfoObj.keys(); it.hasNext(); ) {
                String claimName = it.next();
                // ClaimValueType.OPTIONAL.equals(claim.getClaimValue().getClaimValueType());
                boolean optional = true;
                GluuAttribute gluuAttribute = attributeService.getByClaimName(claimName);
                if (gluuAttribute != null) {
                    String ldapClaimName = gluuAttribute.getName();
                    Object attribute = user.getAttribute(ldapClaimName, optional, gluuAttribute.getOxMultiValuedAttribute());
                    jsonWebResponse.getClaims().setClaimFromJsonObject(claimName, attribute);
                }
            }
        }
    }
    if (authorizationGrant.getJwtAuthorizationRequest() != null && authorizationGrant.getJwtAuthorizationRequest().getUserInfoMember() != null) {
        for (Claim claim : authorizationGrant.getJwtAuthorizationRequest().getUserInfoMember().getClaims()) {
            // ClaimValueType.OPTIONAL.equals(claim.getClaimValue().getClaimValueType());
            boolean optional = true;
            GluuAttribute gluuAttribute = attributeService.getByClaimName(claim.getName());
            if (gluuAttribute != null) {
                Client client = authorizationGrant.getClient();
                if (validateRequesteClaim(gluuAttribute, client.getClaims(), scopes)) {
                    String ldapClaimName = gluuAttribute.getName();
                    Object attribute = user.getAttribute(ldapClaimName, optional, gluuAttribute.getOxMultiValuedAttribute());
                    jsonWebResponse.getClaims().setClaimFromJsonObject(claim.getName(), attribute);
                }
            }
        }
    }
    jsonWebResponse.getClaims().setSubjectIdentifier(authorizationGrant.getSub());
    if ((dynamicScopes.size() > 0) && externalDynamicScopeService.isEnabled()) {
        final UnmodifiableAuthorizationGrant unmodifiableAuthorizationGrant = new UnmodifiableAuthorizationGrant(authorizationGrant);
        DynamicScopeExternalContext dynamicScopeContext = new DynamicScopeExternalContext(dynamicScopes, jsonWebResponse, unmodifiableAuthorizationGrant);
        externalDynamicScopeService.executeExternalUpdateMethods(dynamicScopeContext);
    }
    return jsonWebResponse.toString();
}
Also used : JsonWebResponse(org.gluu.oxauth.model.token.JsonWebResponse) DynamicScopeExternalContext(org.gluu.oxauth.service.external.context.DynamicScopeExternalContext) JwtSubClaimObject(org.gluu.oxauth.model.jwt.JwtSubClaimObject) GluuAttribute(org.gluu.model.GluuAttribute) Scope(org.oxauth.persistence.model.Scope) JSONObject(org.json.JSONObject) JwtSubClaimObject(org.gluu.oxauth.model.jwt.JwtSubClaimObject) JSONObject(org.json.JSONObject) Client(org.gluu.oxauth.model.registration.Client) Claim(org.gluu.oxauth.model.authorize.Claim) Scope(org.oxauth.persistence.model.Scope)

Example 53 with Scope

use of org.oxauth.persistence.model.Scope in project oxAuth by GluuFederation.

the class OpenIdConfiguration method createScopeToClaimsMapping.

/**
 * @deprecated theses params:
 *             <ul>
 *             <li>id_generation_endpoint</li>
 *             <li>introspection_endpoint</li>
 *             <li>auth_level_mapping</li>
 *             <li>scope_to_claims_mapping</li>
 *             </ul>
 *             will be moved from /.well-known/openid-configuration to
 *             /.well-known/gluu-configuration
 */
@Deprecated
private JSONArray createScopeToClaimsMapping(JSONArray scopesSupported, JSONArray claimsSupported) {
    final JSONArray scopeToClaimMapping = new JSONArray();
    Set<String> scopes = new HashSet<String>();
    Set<String> claims = new HashSet<String>();
    try {
        for (Scope scope : scopeService.getAllScopesList()) {
            if ((scope.getScopeType() == ScopeType.SPONTANEOUS && scope.isDeletable()) || !(canShowInConfigEndpoint(scope.getAttributes()))) {
                continue;
            }
            final JSONArray claimsList = new JSONArray();
            final JSONObject mapping = new JSONObject();
            mapping.put(scope.getId(), claimsList);
            scopes.add(scope.getId());
            scopeToClaimMapping.put(mapping);
            if (ScopeType.DYNAMIC.equals(scope.getScopeType())) {
                List<String> claimNames = externalDynamicScopeService.executeExternalGetSupportedClaimsMethods(Arrays.asList(scope));
                for (String claimName : claimNames) {
                    if (StringUtils.isNotBlank(claimName)) {
                        claimsList.put(claimName);
                        claims.add(claimName);
                    }
                }
            } else {
                final List<String> claimIdList = scope.getOxAuthClaims();
                if (claimIdList != null && !claimIdList.isEmpty()) {
                    for (String claimDn : claimIdList) {
                        final GluuAttribute attribute = attributeService.getAttributeByDn(claimDn);
                        final String claimName = attribute.getOxAuthClaimName();
                        if (StringUtils.isNotBlank(claimName)) {
                            claimsList.put(claimName);
                            claims.add(claimName);
                        }
                    }
                }
            }
        }
        for (String scope : scopes) {
            scopesSupported.put(scope);
        }
        for (String claim : claims) {
            claimsSupported.put(claim);
        }
    } catch (Exception e) {
        log.error(e.getMessage(), e);
    }
    return scopeToClaimMapping;
}
Also used : Scope(org.oxauth.persistence.model.Scope) JSONObject(org.json.JSONObject) JSONArray(org.json.JSONArray) IOException(java.io.IOException) GluuAttribute(org.gluu.model.GluuAttribute)

Example 54 with Scope

use of org.oxauth.persistence.model.Scope in project oxAuth by GluuFederation.

the class RegisterRestWebServiceImpl method clientScopesToString.

private String clientScopesToString(Client client) {
    String[] scopeDns = client.getScopes();
    if (scopeDns != null) {
        String[] scopeNames = new String[scopeDns.length];
        for (int i = 0; i < scopeDns.length; i++) {
            Scope scope = scopeService.getScopeByDn(scopeDns[i]);
            scopeNames[i] = scope.getId();
        }
        return StringUtils.join(scopeNames, " ");
    }
    return null;
}
Also used : Scope(org.oxauth.persistence.model.Scope)

Example 55 with Scope

use of org.oxauth.persistence.model.Scope in project oxAuth by GluuFederation.

the class RegisterRestWebServiceImpl method getJSONObject.

private JSONObject getJSONObject(Client client) throws JSONException, StringEncrypter.EncryptionException {
    JSONObject responseJsonObject = new JSONObject();
    JsonApplier.getInstance().apply(client, responseJsonObject);
    JsonApplier.getInstance().apply(client.getAttributes(), responseJsonObject);
    Util.addToJSONObjectIfNotNull(responseJsonObject, RegisterResponseParam.CLIENT_ID.toString(), client.getClientId());
    if (appConfiguration.getReturnClientSecretOnRead()) {
        Util.addToJSONObjectIfNotNull(responseJsonObject, CLIENT_SECRET.toString(), clientService.decryptSecret(client.getClientSecret()));
    }
    Util.addToJSONObjectIfNotNull(responseJsonObject, RegisterResponseParam.REGISTRATION_ACCESS_TOKEN.toString(), client.getRegistrationAccessToken());
    Util.addToJSONObjectIfNotNull(responseJsonObject, REGISTRATION_CLIENT_URI.toString(), appConfiguration.getRegistrationEndpoint() + "?" + RegisterResponseParam.CLIENT_ID.toString() + "=" + client.getClientId());
    responseJsonObject.put(CLIENT_ID_ISSUED_AT.toString(), client.getClientIdIssuedAt().getTime() / 1000);
    responseJsonObject.put(CLIENT_SECRET_EXPIRES_AT.toString(), client.getClientSecretExpiresAt() != null && client.getClientSecretExpiresAt().getTime() > 0 ? client.getClientSecretExpiresAt().getTime() / 1000 : 0);
    Util.addToJSONObjectIfNotNull(responseJsonObject, REDIRECT_URIS.toString(), client.getRedirectUris());
    Util.addToJSONObjectIfNotNull(responseJsonObject, CLAIMS_REDIRECT_URIS.toString(), client.getClaimRedirectUris());
    Util.addToJSONObjectIfNotNull(responseJsonObject, RESPONSE_TYPES.toString(), ResponseType.toStringArray(client.getResponseTypes()));
    Util.addToJSONObjectIfNotNull(responseJsonObject, GRANT_TYPES.toString(), GrantType.toStringArray(client.getGrantTypes()));
    Util.addToJSONObjectIfNotNull(responseJsonObject, APPLICATION_TYPE.toString(), client.getApplicationType());
    Util.addToJSONObjectIfNotNull(responseJsonObject, CONTACTS.toString(), client.getContacts());
    Util.addToJSONObjectIfNotNull(responseJsonObject, CLIENT_NAME.toString(), client.getClientName());
    Util.addToJSONObjectIfNotNull(responseJsonObject, LOGO_URI.toString(), client.getLogoUri());
    Util.addToJSONObjectIfNotNull(responseJsonObject, CLIENT_URI.toString(), client.getClientUri());
    Util.addToJSONObjectIfNotNull(responseJsonObject, POLICY_URI.toString(), client.getPolicyUri());
    Util.addToJSONObjectIfNotNull(responseJsonObject, TOS_URI.toString(), client.getTosUri());
    Util.addToJSONObjectIfNotNull(responseJsonObject, JWKS_URI.toString(), client.getJwksUri());
    Util.addToJSONObjectIfNotNull(responseJsonObject, SECTOR_IDENTIFIER_URI.toString(), client.getSectorIdentifierUri());
    Util.addToJSONObjectIfNotNull(responseJsonObject, SUBJECT_TYPE.toString(), client.getSubjectType());
    Util.addToJSONObjectIfNotNull(responseJsonObject, ID_TOKEN_SIGNED_RESPONSE_ALG.toString(), client.getIdTokenSignedResponseAlg());
    Util.addToJSONObjectIfNotNull(responseJsonObject, ID_TOKEN_ENCRYPTED_RESPONSE_ALG.toString(), client.getIdTokenEncryptedResponseAlg());
    Util.addToJSONObjectIfNotNull(responseJsonObject, ID_TOKEN_ENCRYPTED_RESPONSE_ENC.toString(), client.getIdTokenEncryptedResponseEnc());
    Util.addToJSONObjectIfNotNull(responseJsonObject, USERINFO_SIGNED_RESPONSE_ALG.toString(), client.getUserInfoSignedResponseAlg());
    Util.addToJSONObjectIfNotNull(responseJsonObject, USERINFO_ENCRYPTED_RESPONSE_ALG.toString(), client.getUserInfoEncryptedResponseAlg());
    Util.addToJSONObjectIfNotNull(responseJsonObject, USERINFO_ENCRYPTED_RESPONSE_ENC.toString(), client.getUserInfoEncryptedResponseEnc());
    Util.addToJSONObjectIfNotNull(responseJsonObject, REQUEST_OBJECT_SIGNING_ALG.toString(), client.getRequestObjectSigningAlg());
    Util.addToJSONObjectIfNotNull(responseJsonObject, REQUEST_OBJECT_ENCRYPTION_ALG.toString(), client.getRequestObjectEncryptionAlg());
    Util.addToJSONObjectIfNotNull(responseJsonObject, REQUEST_OBJECT_ENCRYPTION_ENC.toString(), client.getRequestObjectEncryptionEnc());
    Util.addToJSONObjectIfNotNull(responseJsonObject, TOKEN_ENDPOINT_AUTH_METHOD.toString(), client.getTokenEndpointAuthMethod());
    Util.addToJSONObjectIfNotNull(responseJsonObject, TOKEN_ENDPOINT_AUTH_SIGNING_ALG.toString(), client.getTokenEndpointAuthSigningAlg());
    Util.addToJSONObjectIfNotNull(responseJsonObject, DEFAULT_MAX_AGE.toString(), client.getDefaultMaxAge());
    Util.addToJSONObjectIfNotNull(responseJsonObject, REQUIRE_AUTH_TIME.toString(), client.getRequireAuthTime());
    Util.addToJSONObjectIfNotNull(responseJsonObject, DEFAULT_ACR_VALUES.toString(), client.getDefaultAcrValues());
    Util.addToJSONObjectIfNotNull(responseJsonObject, INITIATE_LOGIN_URI.toString(), client.getInitiateLoginUri());
    Util.addToJSONObjectIfNotNull(responseJsonObject, POST_LOGOUT_REDIRECT_URIS.toString(), client.getPostLogoutRedirectUris());
    Util.addToJSONObjectIfNotNull(responseJsonObject, REQUEST_URIS.toString(), client.getRequestUris());
    Util.addToJSONObjectIfNotNull(responseJsonObject, AUTHORIZED_ORIGINS.toString(), client.getAuthorizedOrigins());
    Util.addToJSONObjectIfNotNull(responseJsonObject, RPT_AS_JWT.toString(), client.isRptAsJwt());
    Util.addToJSONObjectIfNotNull(responseJsonObject, TLS_CLIENT_AUTH_SUBJECT_DN.toString(), client.getAttributes().getTlsClientAuthSubjectDn());
    Util.addToJSONObjectIfNotNull(responseJsonObject, ALLOW_SPONTANEOUS_SCOPES.toString(), client.getAttributes().getAllowSpontaneousScopes());
    Util.addToJSONObjectIfNotNull(responseJsonObject, SPONTANEOUS_SCOPES.toString(), client.getAttributes().getSpontaneousScopes());
    Util.addToJSONObjectIfNotNull(responseJsonObject, RUN_INTROSPECTION_SCRIPT_BEFORE_ACCESS_TOKEN_CREATION_AS_JWT_AND_INCLUDE_CLAIMS.toString(), client.getAttributes().getRunIntrospectionScriptBeforeAccessTokenAsJwtCreationAndIncludeClaims());
    Util.addToJSONObjectIfNotNull(responseJsonObject, KEEP_CLIENT_AUTHORIZATION_AFTER_EXPIRATION.toString(), client.getAttributes().getKeepClientAuthorizationAfterExpiration());
    Util.addToJSONObjectIfNotNull(responseJsonObject, ACCESS_TOKEN_AS_JWT.toString(), client.isAccessTokenAsJwt());
    Util.addToJSONObjectIfNotNull(responseJsonObject, ACCESS_TOKEN_SIGNING_ALG.toString(), client.getAccessTokenSigningAlg());
    Util.addToJSONObjectIfNotNull(responseJsonObject, ACCESS_TOKEN_LIFETIME.toString(), client.getAccessTokenLifetime());
    Util.addToJSONObjectIfNotNull(responseJsonObject, SOFTWARE_ID.toString(), client.getSoftwareId());
    Util.addToJSONObjectIfNotNull(responseJsonObject, SOFTWARE_VERSION.toString(), client.getSoftwareVersion());
    Util.addToJSONObjectIfNotNull(responseJsonObject, SOFTWARE_STATEMENT.toString(), client.getSoftwareStatement());
    if (!Util.isNullOrEmpty(client.getJwks())) {
        Util.addToJSONObjectIfNotNull(responseJsonObject, JWKS.toString(), new JSONObject(client.getJwks()));
    }
    // Logout params
    Util.addToJSONObjectIfNotNull(responseJsonObject, FRONT_CHANNEL_LOGOUT_URI.toString(), client.getFrontChannelLogoutUri());
    Util.addToJSONObjectIfNotNull(responseJsonObject, FRONT_CHANNEL_LOGOUT_SESSION_REQUIRED.toString(), client.getFrontChannelLogoutSessionRequired());
    Util.addToJSONObjectIfNotNull(responseJsonObject, BACKCHANNEL_LOGOUT_URI.toString(), client.getAttributes().getBackchannelLogoutUri());
    Util.addToJSONObjectIfNotNull(responseJsonObject, BACKCHANNEL_LOGOUT_SESSION_REQUIRED.toString(), client.getAttributes().getBackchannelLogoutSessionRequired());
    // Custom Params
    String[] scopeNames = null;
    String[] scopeDns = client.getScopes();
    if (scopeDns != null) {
        scopeNames = new String[scopeDns.length];
        for (int i = 0; i < scopeDns.length; i++) {
            Scope scope = scopeService.getScopeByDn(scopeDns[i]);
            scopeNames[i] = scope.getId();
        }
    }
    if (appConfiguration.getLegacyDynamicRegistrationScopeParam()) {
        Util.addToJSONObjectIfNotNull(responseJsonObject, SCOPES.toString(), scopeNames);
    } else {
        Util.addToJSONObjectIfNotNull(responseJsonObject, SCOPE.toString(), implode(scopeNames, " "));
    }
    String[] claimNames = null;
    String[] claimDns = client.getClaims();
    if (claimDns != null) {
        claimNames = new String[claimDns.length];
        for (int i = 0; i < claimDns.length; i++) {
            GluuAttribute gluuAttribute = attributeService.getAttributeByDn(claimDns[i]);
            claimNames[i] = gluuAttribute.getOxAuthClaimName();
        }
    }
    putCustomAttributesInResponse(client, responseJsonObject);
    if (claimNames != null && claimNames.length > 0) {
        Util.addToJSONObjectIfNotNull(responseJsonObject, CLAIMS.toString(), implode(claimNames, " "));
    }
    cibaRegisterClientResponseService.updateResponse(responseJsonObject, client);
    return responseJsonObject;
}
Also used : JSONObject(org.json.JSONObject) Scope(org.oxauth.persistence.model.Scope) GluuAttribute(org.gluu.model.GluuAttribute)

Aggregations

Scope (org.oxauth.persistence.model.Scope)63 ArrayList (java.util.ArrayList)15 IOException (java.io.IOException)12 Operation (io.swagger.v3.oas.annotations.Operation)10 ProtectedApi (org.gluu.oxtrust.service.filter.ProtectedApi)10 ApiResponses (io.swagger.v3.oas.annotations.responses.ApiResponses)9 HttpEntity (org.apache.http.HttpEntity)8 HttpResponse (org.apache.http.HttpResponse)8 ParseException (org.apache.http.ParseException)8 GluuAttribute (org.gluu.model.GluuAttribute)8 Test (org.junit.Test)8 User (org.gluu.oxauth.model.common.User)7 ArgumentMatchers.anyString (org.mockito.ArgumentMatchers.anyString)7 Test (org.testng.annotations.Test)7 BasePersistenceException (org.gluu.persist.exception.BasePersistenceException)5 HttpGet (org.apache.http.client.methods.HttpGet)4 HttpPost (org.apache.http.client.methods.HttpPost)4 HttpUriRequest (org.apache.http.client.methods.HttpUriRequest)4 ByteArrayEntity (org.apache.http.entity.ByteArrayEntity)4 Filter (org.gluu.search.filter.Filter)4
About Me
UseOf

Java Tutorials :

Simple Java RabbitMQ Example with Spring
Simple Springboot JPA Eclipeslink Example
Simple SpringBoot JPA Hibernate Example
Jackson JSON @JsonIgnore and @JsonIgnoreProperties Examples
Java Infinite recursion (StackOverflowError) Jackson solutions
Simple Java Jackson Serialize Objects to JSON and convert them back To Object
ElasticSearch 5 - Upload files using Java API in binary field Example
Java JAXB marshall unmarshall Examples from String and Stream
Java 8 forEach List and Map examples
ElasticSearch 5 Java API SearchRequestBuilder examples
Java ElasticSearch 5 examples with node index and mapping - running local
Convert String to int or Integer Java 8
Java 9 in action - JShell - Ubuntu
Java - removing invalid characters from a file name
Hello world!? or Hello Tutorial