Example 1 with AuthorizationGrant
use of org.xdi.oxauth.model.common.AuthorizationGrant in project oxAuth by GluuFederation.
the class ClientInfoRestWebServiceImpl method requestClientInfo.
public Response requestClientInfo(String accessToken, String authorization, SecurityContext securityContext) {
if (authorization != null && !authorization.isEmpty() && authorization.startsWith("Bearer ")) {
accessToken = authorization.substring(7);
}
log.debug("Attempting to request Client Info, Access token = {}, Is Secure = {}", new Object[] { accessToken, securityContext.isSecure() });
Response.ResponseBuilder builder = Response.ok();
if (!ClientInfoParamsValidator.validateParams(accessToken)) {
builder = Response.status(400);
builder.entity(errorResponseFactory.getErrorAsJson(ClientInfoErrorResponseType.INVALID_REQUEST));
} else {
AuthorizationGrant authorizationGrant = authorizationGrantList.getAuthorizationGrantByAccessToken(accessToken);
if (authorizationGrant == null) {
builder = Response.status(400);
builder.entity(errorResponseFactory.getErrorAsJson(ClientInfoErrorResponseType.INVALID_TOKEN));
} else {
CacheControl cacheControl = new CacheControl();
cacheControl.setPrivate(true);
cacheControl.setNoTransform(false);
cacheControl.setNoStore(true);
builder.cacheControl(cacheControl);
builder.header("Pragma", "no-cache");
builder.entity(getJSonResponse(authorizationGrant.getClient(), authorizationGrant.getScopes()));
}
}
return builder.build();
}
Also used :
Response(javax.ws.rs.core.Response)
CacheControl(javax.ws.rs.core.CacheControl)
AuthorizationGrant(org.xdi.oxauth.model.common.AuthorizationGrant)
Example 2 with AuthorizationGrant
use of org.xdi.oxauth.model.common.AuthorizationGrant in project oxAuth by GluuFederation.
the class CreateRptWS method createJwr.
private JsonWebResponse createJwr(UmaRPT rpt, String authorization, List<String> gluuAccessTokenScopes) throws Exception {
final AuthorizationGrant grant = tokenService.getAuthorizationGrant(authorization);
JwtSigner jwtSigner = JwtSigner.newJwtSigner(appConfiguration, webKeysConfiguration, grant.getClient());
Jwt jwt = jwtSigner.newJwt();
jwt.getClaims().setExpirationTime(rpt.getExpirationDate());
jwt.getClaims().setIssuedAt(rpt.getCreationDate());
if (!gluuAccessTokenScopes.isEmpty()) {
jwt.getClaims().setClaim("scopes", gluuAccessTokenScopes);
}
return jwtSigner.sign();
}
Also used :
JwtSigner(org.xdi.oxauth.model.token.JwtSigner)
Jwt(org.xdi.oxauth.model.jwt.Jwt)
AuthorizationGrant(org.xdi.oxauth.model.common.AuthorizationGrant)
Example 3 with AuthorizationGrant
use of org.xdi.oxauth.model.common.AuthorizationGrant in project oxAuth by GluuFederation.
the class CreateRptWS method authorizeGat.
private void authorizeGat(GatRequest request, UmaRPT rpt, String authorization, HttpServletRequest httpRequest) {
if (request.getScopes().isEmpty()) {
// nothing to authorize
return;
}
AuthorizationGrant grant = tokenService.getAuthorizationGrant(authorization);
if (umaAuthorizationService.allowToAddPermissionForGat(grant, rpt, request.getScopes(), httpRequest, request.getClaims())) {
final List<String> scopes = new ArrayList<String>();
if (rpt.getPermissions() != null) {
scopes.addAll(rpt.getPermissions());
}
scopes.addAll(request.getScopes());
rpt.setPermissions(scopes);
try {
ldapEntryManager.merge(rpt);
return;
} catch (Exception e) {
log.error(e.getMessage(), e);
}
}
// throw not authorized exception
throw new WebApplicationException(Response.status(Response.Status.FORBIDDEN).entity(errorResponseFactory.getUmaJsonErrorResponse(UmaErrorResponseType.NOT_AUTHORIZED_PERMISSION)).build());
}
Also used :
WebApplicationException(javax.ws.rs.WebApplicationException)
ArrayList(java.util.ArrayList)
AuthorizationGrant(org.xdi.oxauth.model.common.AuthorizationGrant)
WebApplicationException(javax.ws.rs.WebApplicationException)
Example 4 with AuthorizationGrant
use of org.xdi.oxauth.model.common.AuthorizationGrant in project oxAuth by GluuFederation.
the class ResourceSetRegistrationWS method putResourceSetImpl.
private Response putResourceSetImpl(Response.Status status, String authorization, String rsid, ResourceSet resourceSet) throws IllegalAccessException, InvocationTargetException, IOException {
log.trace("putResourceSetImpl, rsid: {}, status:", rsid, status.name());
String patToken = tokenService.getTokenFromAuthorizationParameter(authorization);
AuthorizationGrant authorizationGrant = authorizationGrantList.getAuthorizationGrantByAccessToken(patToken);
String userDn = authorizationGrant.getUserDn();
String clientDn = authorizationGrant.getClientDn();
final String resourceSetDn;
if (status == Response.Status.CREATED) {
resourceSetDn = addResourceSet(rsid, resourceSet, userDn, clientDn);
} else {
resourceSetDn = updateResourceSet(rsid, resourceSet);
}
// Load resource set description
org.xdi.oxauth.model.uma.persistence.ResourceSet ldapUpdatedResourceSet = resourceSetService.getResourceSetByDn(resourceSetDn);
ResourceSetResponse response = new ResourceSetResponse();
response.setId(ldapUpdatedResourceSet.getId());
return Response.status(status).entity(ServerUtil.asJson(response)).build();
}
Also used :
ResourceSetResponse(org.xdi.oxauth.model.uma.ResourceSetResponse)
AuthorizationGrant(org.xdi.oxauth.model.common.AuthorizationGrant)
Example 5 with AuthorizationGrant
use of org.xdi.oxauth.model.common.AuthorizationGrant in project oxAuth by GluuFederation.
the class RptPermissionAuthorizationWS method requestRptPermissionAuthorization.
@POST
@Consumes({ UmaConstants.JSON_MEDIA_TYPE })
@Produces({ UmaConstants.JSON_MEDIA_TYPE })
public Response requestRptPermissionAuthorization(@HeaderParam("Authorization") String authorization, @HeaderParam("Host") String amHost, RptAuthorizationRequest rptAuthorizationRequest, @Context HttpServletRequest httpRequest) {
try {
final AuthorizationGrant grant = umaValidationService.assertHasAuthorizationScope(authorization);
final String validatedAmHost = umaValidationService.validateAmHost(amHost);
final UmaRPT rpt = authorizeRptPermission(authorization, rptAuthorizationRequest, httpRequest, grant, validatedAmHost);
// convert manually to avoid possible conflict between resteasy providers, e.g. jettison, jackson
return Response.ok(ServerUtil.asJson(new RptAuthorizationResponse(rpt.getCode()))).build();
} catch (Exception ex) {
log.error("Exception happened", ex);
if (ex instanceof WebApplicationException) {
throw (WebApplicationException) ex;
}
throw new WebApplicationException(Response.status(Response.Status.INTERNAL_SERVER_ERROR).entity(errorResponseFactory.getUmaJsonErrorResponse(UmaErrorResponseType.SERVER_ERROR)).build());
}
}
Also used :
UmaRPT(org.xdi.oxauth.model.common.uma.UmaRPT)
RptAuthorizationResponse(org.xdi.oxauth.model.uma.RptAuthorizationResponse)
WebApplicationException(javax.ws.rs.WebApplicationException)
AuthorizationGrant(org.xdi.oxauth.model.common.AuthorizationGrant)
WebApplicationException(javax.ws.rs.WebApplicationException)
POST(javax.ws.rs.POST)
Consumes(javax.ws.rs.Consumes)
Produces(javax.ws.rs.Produces)
Aggregations
AuthorizationGrant (org.xdi.oxauth.model.common.AuthorizationGrant)15
WebApplicationException (javax.ws.rs.WebApplicationException)5
SessionState (org.xdi.oxauth.model.common.SessionState)5
Client (org.xdi.oxauth.model.registration.Client)4
ArrayList (java.util.ArrayList)3
OAuth2AuditLog (org.xdi.oxauth.model.audit.OAuth2AuditLog)3
IOException (java.io.IOException)2
SignatureException (java.security.SignatureException)2
Produces (javax.ws.rs.Produces)2
ResponseBuilder (javax.ws.rs.core.Response.ResponseBuilder)2
AccessToken (org.xdi.oxauth.model.common.AccessToken)2
IdToken (org.xdi.oxauth.model.common.IdToken)2
User (org.xdi.oxauth.model.common.User)2
InvalidJwtException (org.xdi.oxauth.model.exception.InvalidJwtException)2
ApiOperation (com.wordnik.swagger.annotations.ApiOperation)1
ApiResponses (com.wordnik.swagger.annotations.ApiResponses)1
InvocationTargetException (java.lang.reflect.InvocationTargetException)1
ConnectException (java.net.ConnectException)1
URI (java.net.URI)1
URISyntaxException (java.net.URISyntaxException)1
