Examples with AuthorizationGrant org.xdi.oxauth.model.common.AuthorizationGrant used on opensource projects

Example 11 with AuthorizationGrant

use of org.xdi.oxauth.model.common.AuthorizationGrant in project oxAuth by GluuFederation.

the class CleanerTimer method processRegisteredClients.

private void processRegisteredClients() {
    log.debug("Start Client clean up");
    BatchOperation<Client> clientBatchService = new BatchOperation<Client>(ldapEntryManager) {

        @Override
        protected List<Client> getChunkOrNull(int chunkSize) {
            return clientService.getClientsWithExpirationDate(this, chunkSize, chunkSize);
        }

        @Override
        protected void performAction(List<Client> entries) {
            for (Client client : entries) {
                try {
                    GregorianCalendar now = new GregorianCalendar(TimeZone.getTimeZone("UTC"));
                    GregorianCalendar expirationDate = new GregorianCalendar(TimeZone.getTimeZone("UTC"));
                    expirationDate.setTime(client.getClientSecretExpiresAt());
                    if (expirationDate.before(now)) {
                        List<AuthorizationGrant> toRemove = authorizationGrantList.getAuthorizationGrant(client.getClientId());
                        authorizationGrantList.removeAuthorizationGrants(toRemove);
                        log.debug("Removing Client: {}, Expiration date: {}", client.getClientId(), client.getClientSecretExpiresAt());
                        clientService.remove(client);
                    }
                } catch (Exception e) {
                    log.error("Failed to remove entry", e);
                }
            }
        }
    };
    clientBatchService.iterateAllByChunks(BATCH_SIZE);
    log.debug("End Client clean up");
}

Example 12 with AuthorizationGrant

use of org.xdi.oxauth.model.common.AuthorizationGrant in project oxAuth by GluuFederation.

the class EndSessionRestWebServiceImpl method httpBased.

public Response httpBased(String postLogoutRedirectUri, String state, Pair<SessionState, AuthorizationGrant> pair) {
    SessionState sessionState = pair.getFirst();
    AuthorizationGrant authorizationGrant = pair.getSecond();
    // Validate redirectUri
    String redirectUri;
    if (authorizationGrant == null) {
        redirectUri = redirectionUriService.validatePostLogoutRedirectUri(sessionState, postLogoutRedirectUri);
    } else {
        redirectUri = redirectionUriService.validatePostLogoutRedirectUri(authorizationGrant.getClient().getClientId(), postLogoutRedirectUri);
    }
    final Set<String> frontchannelLogoutUris = getRpFrontchannelLogoutUris(pair);
    final String html = constructPage(frontchannelLogoutUris, redirectUri, state);
    log.debug("Constructed http logout page: " + html);
    return Response.ok().cacheControl(ServerUtil.cacheControl(true, true)).header("Pragma", "no-cache").type(MediaType.TEXT_HTML_TYPE).entity(html).build();
}

Example 13 with AuthorizationGrant

use of org.xdi.oxauth.model.common.AuthorizationGrant in project oxAuth by GluuFederation.

the class EndSessionRestWebServiceImpl method endSession.

private Pair<SessionState, AuthorizationGrant> endSession(String idTokenHint, String sessionState, HttpServletRequest httpRequest, HttpServletResponse httpResponse, SecurityContext sec) {
    AuthorizationGrant authorizationGrant = authorizationGrantList.getAuthorizationGrantByIdToken(idTokenHint);
    if (authorizationGrant == null) {
        Boolean endSessionWithAccessToken = appConfiguration.getEndSessionWithAccessToken();
        if ((endSessionWithAccessToken != null) && endSessionWithAccessToken) {
            authorizationGrant = authorizationGrantList.getAuthorizationGrantByAccessToken(idTokenHint);
        }
    }
    SessionState ldapSessionState = removeSessionState(sessionState, httpRequest, httpResponse);
    if ((authorizationGrant == null) && (ldapSessionState == null)) {
        log.info("Failed to find out authorization grant for id_token_hint '{}' and session_state '{}'", idTokenHint, sessionState);
        errorResponseFactory.throwUnauthorizedException(EndSessionErrorResponseType.INVALID_GRANT);
    }
    boolean isExternalLogoutPresent;
    boolean externalLogoutResult = false;
    isExternalLogoutPresent = externalApplicationSessionService.isEnabled();
    if (isExternalLogoutPresent && (ldapSessionState != null)) {
        String userName = ldapSessionState.getSessionAttributes().get(Constants.AUTHENTICATED_USER);
        externalLogoutResult = externalApplicationSessionService.executeExternalEndSessionMethods(httpRequest, ldapSessionState);
        log.info("End session result for '{}': '{}'", userName, "logout", externalLogoutResult);
    }
    boolean isGrantAndExternalLogoutSuccessful = isExternalLogoutPresent && externalLogoutResult;
    if (isExternalLogoutPresent && !isGrantAndExternalLogoutSuccessful) {
        errorResponseFactory.throwUnauthorizedException(EndSessionErrorResponseType.INVALID_GRANT);
    }
    if (ldapSessionState != null) {
        grantService.removeAllTokensBySession(ldapSessionState.getDn());
    }
    if (identity != null) {
        identity.logout();
    }
    return new Pair<SessionState, AuthorizationGrant>(ldapSessionState, authorizationGrant);
}

Example 14 with AuthorizationGrant

use of org.xdi.oxauth.model.common.AuthorizationGrant in project oxAuth by GluuFederation.

the class EndSessionRestWebServiceImpl method getRpFrontchannelLogoutUris.

private Set<String> getRpFrontchannelLogoutUris(Pair<SessionState, AuthorizationGrant> pair) {
    final Set<String> result = Sets.newHashSet();
    SessionState sessionState = pair.getFirst();
    AuthorizationGrant authorizationGrant = pair.getSecond();
    if (sessionState == null) {
        log.error("session_state is not passed to endpoint (as cookie or manually). Therefore unable to match clients for session_state." + "Http based html will contain no iframes.");
        return result;
    }
    final Set<Client> clientsByDns = sessionState.getPermissionGrantedMap() != null ? clientService.getClient(sessionState.getPermissionGrantedMap().getClientIds(true), true) : Sets.<Client>newHashSet();
    if (authorizationGrant != null) {
        clientsByDns.add(authorizationGrant.getClient());
    }
    for (Client client : clientsByDns) {
        String[] logoutUris = client.getFrontChannelLogoutUri();
        if (logoutUris == null) {
            continue;
        }
        for (String logoutUri : logoutUris) {
            if (Util.isNullOrEmpty(logoutUri)) {
                // skip client if logout_uri is blank
                continue;
            }
            if (client.getFrontChannelLogoutSessionRequired() != null && client.getFrontChannelLogoutSessionRequired()) {
                if (logoutUri.contains("?")) {
                    logoutUri = logoutUri + "&sid=" + sessionState.getId();
                } else {
                    logoutUri = logoutUri + "?sid=" + sessionState.getId();
                }
            }
            result.add(logoutUri);
        }
    }
    return result;
}

Example 15 with AuthorizationGrant

use of org.xdi.oxauth.model.common.AuthorizationGrant in project oxAuth by GluuFederation.

the class ResourceSetRegistrationWS method getResourceSetList.

/**
     * Gets resource set lists.
     * ATTENTION: "scope" is parameter added by gluu to have additional filtering.
     * There is no such parameter in UMA specification.
     *
     * @param authorization authorization
     * @param scope         scope of resource set for additional filtering, can blank string.
     * @return resource set ids.
     */
@GET
@Produces({ UmaConstants.JSON_MEDIA_TYPE })
@ApiOperation(value = "Lists all previously registered resource set identifiers for this user using the GET method.", notes = "Lists all previously registered resource set identifiers for this user using the GET method. The authorization server MUST return the list in the form of a JSON array of {rsid} string values.\n" + "\n" + "The resource server uses this method as a first step in checking whether its understanding of protected resources is in full synchronization with the authorization server's understanding.", response = ResourceSet.class)
@ApiResponses(value = { @ApiResponse(code = 401, message = "Unauthorized") })
public List<String> getResourceSetList(@HeaderParam("Authorization") String authorization, @QueryParam("scope") @ApiParam(value = "Scope uri", required = false) String scope) {
    try {
        log.trace("Getting list of resource set descriptions.");
        final AuthorizationGrant authorizationGrant = umaValidationService.assertHasProtectionScope(authorization);
        final String clientDn = authorizationGrant.getClientDn();
        final List<org.xdi.oxauth.model.uma.persistence.ResourceSet> ldapResourceSets = resourceSetService.getResourceSetsByAssociatedClient(clientDn);
        final List<String> result = new ArrayList<String>(ldapResourceSets.size());
        for (org.xdi.oxauth.model.uma.persistence.ResourceSet ldapResourceSet : ldapResourceSets) {
            // if scope parameter is not null then filter by it, otherwise just add to result
            if (StringUtils.isNotBlank(scope)) {
                final List<String> scopeUrlsByDns = umaScopeService.getScopeUrlsByDns(ldapResourceSet.getScopes());
                if (scopeUrlsByDns != null && scopeUrlsByDns.contains(scope)) {
                    result.add(ldapResourceSet.getId());
                }
            } else {
                result.add(ldapResourceSet.getId());
            }
        }
        return result;
    } catch (Exception ex) {
        log.error("Exception happened on getResourceSetList()", ex);
        if (ex instanceof WebApplicationException) {
            throw (WebApplicationException) ex;
        }
    }
    errorResponseFactory.throwUmaInternalErrorException();
    // redundant but required by java
    return Lists.newArrayList();
}