Examples with Scope org.oxauth.persistence.model.Scope used on opensource projects

Example 6 with Scope

use of org.oxauth.persistence.model.Scope in project oxAuth by GluuFederation.

the class ClientInfoRestWebServiceImpl method getJSonResponse.

/**
 * Builds a JSon String with the response parameters.
 */
public String getJSonResponse(Client client, Set<String> scopes) {
    JSONObject jsonObj = new JSONObject();
    try {
        for (String scopeName : scopes) {
            Scope scope = scopeService.getScopeById(scopeName);
            if (scope.getOxAuthClaims() != null) {
                for (String claimDn : scope.getOxAuthClaims()) {
                    GluuAttribute attribute = attributeService.getAttributeByDn(claimDn);
                    String attributeName = attribute.getName();
                    Object attributeValue = clientService.getAttribute(client, attribute.getName());
                    jsonObj.put(attributeName, attributeValue);
                }
            }
        }
    } catch (JSONException e) {
        log.error(e.getMessage(), e);
    } catch (Exception e) {
        log.error(e.getMessage(), e);
    }
    return jsonObj.toString();
}

Example 7 with Scope

use of org.oxauth.persistence.model.Scope in project oxAuth by GluuFederation.

the class UmaScopeService method getScopesByIds.

public List<Scope> getScopesByIds(List<String> scopeIds) {
    List<Scope> result = new ArrayList<Scope>();
    if (scopeIds != null && !scopeIds.isEmpty()) {
        List<String> notInLdap = new ArrayList<String>(scopeIds);
        final List<Scope> entries = ldapEntryManager.findEntries(baseDn(), Scope.class, createAnyFilterByIds(scopeIds));
        if (entries != null) {
            result.addAll(entries);
            for (Scope scope : entries) {
                notInLdap.remove(scope.getId());
            }
        }
        if (!notInLdap.isEmpty()) {
            for (String scopeId : notInLdap) {
                result.add(addScope(scopeId));
            }
        }
    }
    return result;
}

Example 8 with Scope

use of org.oxauth.persistence.model.Scope in project oxAuth by GluuFederation.

the class UmaTokenService method requestRpt.

public Response requestRpt(String grantType, String ticket, String claimToken, String claimTokenFormat, String pctCode, String rptCode, String scope, HttpServletRequest httpRequest, HttpServletResponse httpResponse) {
    try {
        log.trace("requestRpt grant_type: {}, ticket: {}, claim_token: {}, claim_token_format: {}, pct: {}, rpt: {}, scope: {}", grantType, ticket, claimToken, claimTokenFormat, pctCode, rptCode, scope);
        umaValidationService.validateGrantType(grantType);
        List<UmaPermission> permissions = umaValidationService.validateTicket(ticket);
        Jwt idToken = umaValidationService.validateClaimToken(claimToken, claimTokenFormat);
        UmaPCT pct = umaValidationService.validatePct(pctCode);
        UmaRPT rpt = umaValidationService.validateRPT(rptCode);
        Client client = umaValidationService.validate(identity.getSessionClient().getClient());
        Map<Scope, Boolean> scopes = umaValidationService.validateScopes(scope, permissions, client);
        // creates new pct if pct is null in request
        pct = pctService.updateClaims(pct, idToken, client.getClientId(), permissions);
        Claims claims = new Claims(idToken, pct, claimToken);
        Map<UmaScriptByScope, UmaAuthorizationContext> scriptMap = umaNeedsInfoService.checkNeedsInfo(claims, scopes, permissions, pct, httpRequest, client);
        if (!scriptMap.isEmpty()) {
            expressionService.evaluate(scriptMap, permissions);
        } else {
            log.warn("There are no any policies that protects scopes. Scopes: " + UmaScopeService.asString(scopes.keySet()) + ". Configuration property umaGrantAccessIfNoPolicies: " + appConfiguration.getUmaGrantAccessIfNoPolicies());
            if (appConfiguration.getUmaGrantAccessIfNoPolicies() != null && appConfiguration.getUmaGrantAccessIfNoPolicies()) {
                log.warn("Access granted because there are no any protection. Make sure it is intentional behavior.");
            } else {
                log.warn("Access denied because there are no any protection. Make sure it is intentional behavior.");
                throw errorResponseFactory.createWebApplicationException(Response.Status.FORBIDDEN, UmaErrorResponseType.FORBIDDEN_BY_POLICY, "Access denied because there are no any protection. Make sure it is intentional behavior.");
            }
        }
        log.trace("Access granted.");
        updatePermissionsWithClientRequestedScope(permissions, scopes);
        addPctToPermissions(permissions, pct);
        boolean upgraded = false;
        if (rpt == null) {
            ExecutionContext executionContext = new ExecutionContext(httpRequest, httpResponse);
            executionContext.setClient(client);
            rpt = rptService.createRPTAndPersist(executionContext, permissions);
            rptCode = rpt.getNotHashedCode();
        } else if (rptService.addPermissionToRPT(rpt, permissions)) {
            upgraded = true;
        }
        UmaTokenResponse response = new UmaTokenResponse();
        response.setAccessToken(rptCode);
        response.setUpgraded(upgraded);
        response.setTokenType("Bearer");
        response.setPct(pct.getCode());
        return Response.ok(ServerUtil.asJson(response)).build();
    } catch (Exception ex) {
        log.error("Exception happened", ex);
        if (ex instanceof WebApplicationException) {
            throw (WebApplicationException) ex;
        }
    }
    log.error("Failed to handle request to UMA Token Endpoint.");
    throw errorResponseFactory.createWebApplicationException(Response.Status.INTERNAL_SERVER_ERROR, UmaErrorResponseType.SERVER_ERROR, "Failed to handle request to UMA Token Endpoint.");
}

Example 9 with Scope

use of org.oxauth.persistence.model.Scope in project oxAuth by GluuFederation.

the class UmaValidationService method validatePermission.

public void validatePermission(org.gluu.oxauth.model.uma.UmaPermission permission, Client client) {
    String resourceId = permission.getResourceId();
    if (StringHelper.isEmpty(resourceId)) {
        log.error("Resource id is empty");
        throw errorResponseFactory.createWebApplicationException(BAD_REQUEST, INVALID_RESOURCE_ID, "Resource id is empty");
    }
    try {
        UmaResource resource = resourceService.getResourceById(resourceId);
        if (resource == null) {
            log.error("Resource isn't registered or there are two resources with same Id");
            throw errorResponseFactory.createWebApplicationException(BAD_REQUEST, INVALID_RESOURCE_ID, "Resource is not registered.");
        }
        for (String s : permission.getScopes()) {
            if (resource.getScopes().contains(s)) {
                continue;
            }
            final Scope spontaneousScope = umaScopeService.getOrCreate(client, s, Sets.newHashSet(umaScopeService.getScopeIdsByDns(resource.getScopes())));
            if (spontaneousScope == null) {
                log.error("Scope isn't registered and is not allowed by spontaneous scopes. Scope: " + s);
                throw errorResponseFactory.createWebApplicationException(BAD_REQUEST, INVALID_SCOPE, "At least one of the scopes isn't registered");
            }
        }
        return;
    } catch (EntryPersistenceException ex) {
        log.error(ex.getMessage(), ex);
    }
    log.error("Resource isn't registered");
    throw errorResponseFactory.createWebApplicationException(BAD_REQUEST, INVALID_RESOURCE_ID, "Resource isn't registered");
}

Example 10 with Scope

use of org.oxauth.persistence.model.Scope in project oxAuth by GluuFederation.

the class UmaValidationService method validateScopes.

/**
 * @param scope scope string from token request
 * @param permissions permissions
 * @return map of loaded scope and boolean, true - if client requested scope and false if it is permission ticket scope
 */
public Map<Scope, Boolean> validateScopes(String scope, List<UmaPermission> permissions, Client client) {
    scope = ServerUtil.urlDecode(scope);
    final String[] scopesRequested = StringUtils.isNotBlank(scope) ? scope.split(" ") : new String[0];
    final Map<Scope, Boolean> result = new HashMap<Scope, Boolean>();
    if (ArrayUtils.isNotEmpty(scopesRequested)) {
        final Set<String> resourceScopes = resourceService.getResourceScopes(permissions.stream().map(UmaPermission::getResourceId).collect(Collectors.toSet()));
        for (String scopeId : scopesRequested) {
            final Scope ldapScope = umaScopeService.getOrCreate(client, scopeId, resourceScopes);
            if (ldapScope != null) {
                result.put(ldapScope, true);
            } else {
                log.trace("Skip requested scope because it's not allowed, scope: " + scopeId);
            }
        }
    }
    for (UmaPermission permission : permissions) {
        for (Scope s : umaScopeService.getScopesByDns(permission.getScopeDns())) {
            result.put(s, false);
        }
    }
    if (result.isEmpty()) {
        log.error("There are no any scopes requested in the request.");
        throw errorResponseFactory.createWebApplicationException(BAD_REQUEST, UmaErrorResponseType.INVALID_SCOPE, "There are no any scopes requested in give request.");
    }
    log.trace("CandidateGrantedScopes: " + Joiner.on(", ").join(Iterables.transform(result.keySet(), new Function<Scope, String>() {

        @Override
        public String apply(Scope scope) {
            return scope.getId();
        }
    })));
    return result;
}