Example 56 with Scope
use of org.oxauth.persistence.model.Scope in project oxAuth by GluuFederation.
the class IdTokenFactory method fillClaims.
private void fillClaims(JsonWebResponse jwr, IAuthorizationGrant authorizationGrant, String nonce, AuthorizationCode authorizationCode, AccessToken accessToken, RefreshToken refreshToken, String state, Set<String> scopes, boolean includeIdTokenClaims, Function<JsonWebResponse, Void> preProcessing, Function<JsonWebResponse, Void> postProcessing) throws Exception {
jwr.getClaims().setIssuer(appConfiguration.getIssuer());
Audience.setAudience(jwr.getClaims(), authorizationGrant.getClient());
int lifeTime = appConfiguration.getIdTokenLifetime();
Calendar calendar = Calendar.getInstance();
Date issuedAt = calendar.getTime();
calendar.add(Calendar.SECOND, lifeTime);
Date expiration = calendar.getTime();
jwr.getClaims().setExpirationTime(expiration);
jwr.getClaims().setIssuedAt(issuedAt);
jwr.setClaim("code", UUID.randomUUID().toString());
if (preProcessing != null) {
preProcessing.apply(jwr);
}
final SessionId session = sessionIdService.getSessionByDn(authorizationGrant.getSessionDn());
if (session != null) {
jwr.setClaim("sid", session.getOutsideSid());
}
if (authorizationGrant.getAcrValues() != null) {
jwr.setClaim(JwtClaimName.AUTHENTICATION_CONTEXT_CLASS_REFERENCE, authorizationGrant.getAcrValues());
setAmrClaim(jwr, authorizationGrant.getAcrValues());
}
if (StringUtils.isNotBlank(nonce)) {
jwr.setClaim(JwtClaimName.NONCE, nonce);
}
if (authorizationGrant.getAuthenticationTime() != null) {
jwr.getClaims().setClaim(JwtClaimName.AUTHENTICATION_TIME, authorizationGrant.getAuthenticationTime());
}
if (authorizationCode != null) {
String codeHash = AbstractToken.getHash(authorizationCode.getCode(), jwr.getHeader().getSignatureAlgorithm());
jwr.setClaim(JwtClaimName.CODE_HASH, codeHash);
}
if (accessToken != null) {
String accessTokenHash = AbstractToken.getHash(accessToken.getCode(), jwr.getHeader().getSignatureAlgorithm());
jwr.setClaim(JwtClaimName.ACCESS_TOKEN_HASH, accessTokenHash);
}
if (Strings.isNotBlank(state)) {
String stateHash = AbstractToken.getHash(state, jwr.getHeader().getSignatureAlgorithm());
jwr.setClaim(JwtClaimName.STATE_HASH, stateHash);
}
if (authorizationGrant.getGrantType() != null) {
jwr.setClaim("grant", authorizationGrant.getGrantType().getValue());
}
jwr.setClaim(JwtClaimName.OX_OPENID_CONNECT_VERSION, appConfiguration.getOxOpenIdConnectVersion());
User user = authorizationGrant.getUser();
List<Scope> dynamicScopes = new ArrayList<>();
if (includeIdTokenClaims && authorizationGrant.getClient().isIncludeClaimsInIdToken()) {
for (String scopeName : scopes) {
Scope scope = scopeService.getScopeById(scopeName);
if (scope == null) {
continue;
}
if (DYNAMIC == scope.getScopeType()) {
dynamicScopes.add(scope);
continue;
}
Map<String, Object> claims = scopeService.getClaims(user, scope);
if (Boolean.TRUE.equals(scope.isOxAuthGroupClaims())) {
JwtSubClaimObject groupClaim = new JwtSubClaimObject();
groupClaim.setName(scope.getId());
for (Map.Entry<String, Object> entry : claims.entrySet()) {
String key = entry.getKey();
Object value = entry.getValue();
if (value instanceof List) {
groupClaim.setClaim(key, (List) value);
} else {
groupClaim.setClaim(key, (String) value);
}
}
jwr.getClaims().setClaim(scope.getId(), groupClaim);
} else {
for (Map.Entry<String, Object> entry : claims.entrySet()) {
String key = entry.getKey();
Object value = entry.getValue();
if (value instanceof List) {
jwr.getClaims().setClaim(key, (List) value);
} else if (value instanceof Boolean) {
jwr.getClaims().setClaim(key, (Boolean) value);
} else if (value instanceof Date) {
jwr.getClaims().setClaim(key, ((Date) value).getTime() / 1000);
} else {
jwr.setClaim(key, (String) value);
}
}
}
jwr.getClaims().setSubjectIdentifier(authorizationGrant.getUser().getAttribute("inum"));
}
}
setClaimsFromJwtAuthorizationRequest(jwr, authorizationGrant, scopes);
jwrService.setSubjectIdentifier(jwr, authorizationGrant);
if ((dynamicScopes.size() > 0) && externalDynamicScopeService.isEnabled()) {
final UnmodifiableAuthorizationGrant unmodifiableAuthorizationGrant = new UnmodifiableAuthorizationGrant(authorizationGrant);
DynamicScopeExternalContext dynamicScopeContext = new DynamicScopeExternalContext(dynamicScopes, jwr, unmodifiableAuthorizationGrant);
externalDynamicScopeService.executeExternalUpdateMethods(dynamicScopeContext);
}
processCiba(jwr, authorizationGrant, refreshToken);
if (postProcessing != null) {
postProcessing.apply(jwr);
}
}
Also used :
DynamicScopeExternalContext(org.gluu.oxauth.service.external.context.DynamicScopeExternalContext)
JwtSubClaimObject(org.gluu.oxauth.model.jwt.JwtSubClaimObject)
Scope(org.oxauth.persistence.model.Scope)
JwtSubClaimObject(org.gluu.oxauth.model.jwt.JwtSubClaimObject)
Example 57 with Scope
use of org.oxauth.persistence.model.Scope in project oxAuth by GluuFederation.
the class ScopeService method getScopeByDn.
/**
* returns Scope by Dn
*
* @return Scope
*/
public Scope getScopeByDn(String dn) {
BaseCacheService usedCacheService = getCacheService();
final Scope scope = usedCacheService.getWithPut(dn, () -> ldapEntryManager.find(Scope.class, dn), 60);
if (scope != null && StringUtils.isNotBlank(scope.getId())) {
// put also by id, since we call it by id and dn
usedCacheService.put(scope.getId(), scope);
}
return scope;
}
Also used :
Scope(org.oxauth.persistence.model.Scope)
BaseCacheService(org.gluu.service.BaseCacheService)
Example 58 with Scope
use of org.oxauth.persistence.model.Scope in project oxAuth by GluuFederation.
the class ScopeService method getScopeByClaim.
/**
* Get scope by oxAuthClaims
*
* @param claimDn
* @return List of scope
*/
public List<Scope> getScopeByClaim(String claimDn) {
List<Scope> scopes = fromCacheByClaimDn(claimDn);
if (scopes == null) {
Filter filter = Filter.createEqualityFilter("oxAuthClaim", claimDn);
String scopesBaseDN = staticConfiguration.getBaseDn().getScopes();
scopes = ldapEntryManager.findEntries(scopesBaseDN, Scope.class, filter);
putInCache(claimDn, scopes);
}
return scopes;
}Example 59 with Scope
use of org.oxauth.persistence.model.Scope in project oxAuth by GluuFederation.
the class ScopeService method getScopeById.
/**
* Get scope by DisplayName
*
* @param id
* @return scope
*/
public Scope getScopeById(String id) {
BaseCacheService usedCacheService = getCacheService();
final Object cached = usedCacheService.get(id);
if (cached != null)
return (Scope) cached;
try {
List<Scope> scopes = ldapEntryManager.findEntries(staticConfiguration.getBaseDn().getScopes(), Scope.class, Filter.createEqualityFilter("oxId", id));
if ((scopes != null) && (scopes.size() > 0)) {
final Scope scope = scopes.get(0);
usedCacheService.put(id, scope);
usedCacheService.put(scope.getDn(), scope);
return scope;
}
} catch (Exception e) {
log.error("Failed to find scope with id: " + id, e);
}
return null;
}
Also used :
Scope(org.oxauth.persistence.model.Scope)
BaseCacheService(org.gluu.service.BaseCacheService)
InvalidClaimException(org.gluu.oxauth.model.exception.InvalidClaimException)
Example 60 with Scope
use of org.oxauth.persistence.model.Scope in project oxAuth by GluuFederation.
the class ClientService method getAttribute.
public Object getAttribute(Client client, String clientAttribute) throws InvalidClaimException {
Object attribute = null;
if (clientAttribute != null) {
if (clientAttribute.equals("displayName")) {
attribute = client.getClientName();
} else if (clientAttribute.equals("inum")) {
attribute = client.getClientId();
} else if (clientAttribute.equals("oxAuthAppType")) {
attribute = client.getApplicationType();
} else if (clientAttribute.equals("oxAuthIdTokenSignedResponseAlg")) {
attribute = client.getIdTokenSignedResponseAlg();
} else if (clientAttribute.equals("oxAuthRedirectURI") && client.getRedirectUris() != null) {
JSONArray array = new JSONArray();
for (String redirectUri : client.getRedirectUris()) {
array.put(redirectUri);
}
attribute = array;
} else if (clientAttribute.equals("oxAuthScope") && client.getScopes() != null) {
JSONArray array = new JSONArray();
for (String scopeDN : client.getScopes()) {
Scope s = scopeService.getScopeByDn(scopeDN);
if (s != null) {
String scopeName = s.getId();
array.put(scopeName);
}
}
attribute = array;
} else {
for (CustomAttribute customAttribute : client.getCustomAttributes()) {
if (customAttribute.getName().equals(clientAttribute)) {
List<String> values = customAttribute.getValues();
if (values != null) {
if (values.size() == 1) {
attribute = values.get(0);
} else {
JSONArray array = new JSONArray();
for (String v : values) {
array.put(v);
}
attribute = array;
}
}
break;
}
}
}
}
return attribute;
}
Also used :
Scope(org.oxauth.persistence.model.Scope)
CustomAttribute(org.gluu.persist.model.base.CustomAttribute)
JSONArray(org.json.JSONArray)
Aggregations
Scope (org.oxauth.persistence.model.Scope)63
ArrayList (java.util.ArrayList)15
IOException (java.io.IOException)12
Operation (io.swagger.v3.oas.annotations.Operation)10
ProtectedApi (org.gluu.oxtrust.service.filter.ProtectedApi)10
ApiResponses (io.swagger.v3.oas.annotations.responses.ApiResponses)9
HttpEntity (org.apache.http.HttpEntity)8
HttpResponse (org.apache.http.HttpResponse)8
ParseException (org.apache.http.ParseException)8
GluuAttribute (org.gluu.model.GluuAttribute)8
Test (org.junit.Test)8
User (org.gluu.oxauth.model.common.User)7
ArgumentMatchers.anyString (org.mockito.ArgumentMatchers.anyString)7
Test (org.testng.annotations.Test)7
BasePersistenceException (org.gluu.persist.exception.BasePersistenceException)5
HttpGet (org.apache.http.client.methods.HttpGet)4
HttpPost (org.apache.http.client.methods.HttpPost)4
HttpUriRequest (org.apache.http.client.methods.HttpUriRequest)4
ByteArrayEntity (org.apache.http.entity.ByteArrayEntity)4
Filter (org.gluu.search.filter.Filter)4
