Examples with PermissionTicket org.xdi.oxauth.model.uma.PermissionTicket used on opensource projects
Example 1 with PermissionTicket
use of org.xdi.oxauth.model.uma.PermissionTicket in project oxAuth by GluuFederation.
the class RegisterResourceSetPermissionFlowHttpTest method testRegisterResourceSetPermissionForInvalidResource.
/**
* Test for registering permissions for resource set
*/
@Test
@Parameters({ "umaAmHost" })
public void testRegisterResourceSetPermissionForInvalidResource(final String umaAmHost) throws Exception {
showTitle("testRegisterResourceSetPermissionForInvalidResource");
PermissionRegistrationService resourceSetPermissionRegistrationService = UmaClientFactory.instance().createResourceSetPermissionRegistrationService(this.metadataConfiguration);
// Register permissions for resource set
UmaPermission resourceSetPermissionRequest = new UmaPermission();
resourceSetPermissionRequest.setResourceSetId(this.umaRegisterResourceSetFlowHttpTest.resourceSetId + "1");
resourceSetPermissionRequest.setScopes(Arrays.asList("http://photoz.example.com/dev/scopes/view", "http://photoz.example.com/dev/scopes/all"));
PermissionTicket resourceSetPermissionTiket = null;
try {
resourceSetPermissionTiket = resourceSetPermissionRegistrationService.registerResourceSetPermission("Bearer " + this.umaRegisterResourceSetFlowHttpTest.m_pat.getAccessToken(), umaAmHost, resourceSetPermissionRequest);
} catch (ClientResponseFailure ex) {
System.err.println(ex.getResponse().getEntity(String.class));
assertEquals(ex.getResponse().getStatus(), Response.Status.BAD_REQUEST.getStatusCode(), "Unexpected response status");
}
assertNull(resourceSetPermissionTiket, "Resource set permission is not null");
}
Also used :
PermissionTicket(org.xdi.oxauth.model.uma.PermissionTicket)
UmaPermission(org.xdi.oxauth.model.uma.UmaPermission)
ClientResponseFailure(org.jboss.resteasy.client.ClientResponseFailure)
PermissionRegistrationService(org.xdi.oxauth.client.uma.PermissionRegistrationService)
Parameters(org.testng.annotations.Parameters)
Test(org.testng.annotations.Test)
BaseTest(org.xdi.oxauth.BaseTest)
Example 2 with PermissionTicket
use of org.xdi.oxauth.model.uma.PermissionTicket in project oxAuth by GluuFederation.
the class RegisterResourceSetPermissionFlowHttpTest method registerResourceSetPermission.
public String registerResourceSetPermission(final String umaAmHost, String resourceSetId, List<String> scopes) throws Exception {
PermissionRegistrationService resourceSetPermissionRegistrationService = UmaClientFactory.instance().createResourceSetPermissionRegistrationService(this.metadataConfiguration);
// Register permissions for resource set
UmaPermission resourceSetPermissionRequest = new UmaPermission();
resourceSetPermissionRequest.setResourceSetId(resourceSetId);
resourceSetPermissionRequest.setScopes(scopes);
PermissionTicket t = null;
try {
t = resourceSetPermissionRegistrationService.registerResourceSetPermission("Bearer " + this.umaRegisterResourceSetFlowHttpTest.m_pat.getAccessToken(), umaAmHost, resourceSetPermissionRequest);
} catch (ClientResponseFailure ex) {
System.err.println(ex.getResponse().getEntity(String.class));
throw ex;
}
UmaTestUtil.assert_(t);
this.ticketForFullAccess = t.getTicket();
return t.getTicket();
}
Also used :
PermissionTicket(org.xdi.oxauth.model.uma.PermissionTicket)
UmaPermission(org.xdi.oxauth.model.uma.UmaPermission)
ClientResponseFailure(org.jboss.resteasy.client.ClientResponseFailure)
PermissionRegistrationService(org.xdi.oxauth.client.uma.PermissionRegistrationService)
Example 3 with PermissionTicket
use of org.xdi.oxauth.model.uma.PermissionTicket in project oxAuth by GluuFederation.
the class PermissionService method hasEnoughPermissionsWithTicketRegistration.
public Pair<Boolean, Response> hasEnoughPermissionsWithTicketRegistration(UmaRPT p_rpt, List<ResourceSetPermission> p_rptPermissions, RsResourceType p_resourceType, List<RsScopeType> p_scopes) {
final Pair<Boolean, Response> result = new Pair<Boolean, Response>(false, null);
final ResourceSet resource = umaRsResourceService.getResource(p_resourceType);
if (resource == null || StringUtils.isBlank(resource.getId())) {
result.setFirst(false);
result.setSecond(Response.status(Response.Status.INTERNAL_SERVER_ERROR).build());
return result;
}
if (hasEnoughPermissions(p_rpt, p_rptPermissions, resource, p_scopes)) {
result.setFirst(true);
return result;
} else {
// If the RPT is valid but has insufficient authorization data for the type of access sought,
// the resource server SHOULD register a requested permission with the authorization server
// that would suffice for that scope of access (see Section 3.2),
// and then respond with the HTTP 403 (Forbidden) status code,
// along with providing the authorization server's URI in an "as_uri" property in the header,
// and the permission ticket it just received from the AM in the body in a JSON-encoded "ticket" property.
result.setFirst(false);
final String ticket = registerPermission(p_rpt, resource, p_scopes);
// log.debug("Register permissions on AM, permission ticket: " + ticket);
final String entity = ServerUtil.asJsonSilently(new PermissionTicket(ticket));
log.debug("Construct response: HTTP 403 (Forbidden), entity: " + entity);
final Response response = Response.status(Response.Status.FORBIDDEN).header("host_id", appConfiguration.getIssuer()).header("as_uri", appConfiguration.getUmaConfigurationEndpoint()).header("error", "insufficient_scope").entity(entity).build();
result.setSecond(response);
return result;
}
}
Also used :
Response(javax.ws.rs.core.Response)
PermissionTicket(org.xdi.oxauth.model.uma.PermissionTicket)
ResourceSet(org.xdi.oxauth.model.uma.persistence.ResourceSet)
Pair(org.xdi.util.Pair)
Example 4 with PermissionTicket
use of org.xdi.oxauth.model.uma.PermissionTicket in project oxTrust by GluuFederation.
the class UmaPermissionService method prepareRegisterUmaPermissionsResponse.
private Response prepareRegisterUmaPermissionsResponse(Token patToken, String resourceSetId, String umaScope) {
String ticket = registerUmaPermissions(patToken, resourceSetId, umaScope);
if (StringHelper.isEmpty(ticket)) {
return null;
}
String entity = null;
try {
entity = jsonService.objectToJson(new PermissionTicket(ticket));
} catch (Exception ex) {
log.error("Failed to prepare response", ex);
}
if (entity == null) {
return null;
}
log.debug("Construct response: HTTP 403 (Forbidden), entity: '{}'", entity);
Response response = null;
try {
response = Response.status(Response.Status.FORBIDDEN).header("host_id", getHost(appConfiguration.getIdpUrl())).header("as_uri", appInitializer.getUmaConfigurationEndpoint()).header("error", "insufficient_scope").entity(entity).build();
} catch (MalformedURLException ex) {
log.error("Failed to determine host by URI", ex);
}
return response;
}
Also used :
Response(javax.ws.rs.core.Response)
RptIntrospectionResponse(org.xdi.oxauth.model.uma.RptIntrospectionResponse)
HttpResponse(org.apache.http.HttpResponse)
PermissionTicket(org.xdi.oxauth.model.uma.PermissionTicket)
MalformedURLException(java.net.MalformedURLException)
MalformedURLException(java.net.MalformedURLException)
Example 5 with PermissionTicket
use of org.xdi.oxauth.model.uma.PermissionTicket in project oxTrust by GluuFederation.
the class UmaPermissionService method registerUmaPermissions.
private String registerUmaPermissions(Token patToken, String resourceSetId, String umaScope) {
String authorization = "Bearer " + patToken.getAccessToken();
// Register permissions for resource set
UmaPermission resourceSetPermissionRequest = new UmaPermission();
resourceSetPermissionRequest.setResourceSetId(resourceSetId);
resourceSetPermissionRequest.setScopes(Arrays.asList(umaScope));
PermissionTicket resourceSetPermissionTicket = null;
try {
resourceSetPermissionTicket = this.resourceSetPermissionRegistrationService.registerResourceSetPermission(authorization, getHost(umaMetadataConfiguration.getIssuer()), resourceSetPermissionRequest);
} catch (MalformedURLException ex) {
log.error("Failed to determine host by URI", ex);
} catch (ClientResponseFailure ex) {
log.error("Failed to register permissions for resource set: '{}'", ex, resourceSetId);
}
if ((resourceSetPermissionTicket == null) || StringHelper.isEmpty(resourceSetPermissionTicket.getTicket())) {
log.error("Resource set permission ticket is invalid");
return null;
}
return resourceSetPermissionTicket.getTicket();
}
Also used :
PermissionTicket(org.xdi.oxauth.model.uma.PermissionTicket)
MalformedURLException(java.net.MalformedURLException)
UmaPermission(org.xdi.oxauth.model.uma.UmaPermission)
ClientResponseFailure(org.jboss.resteasy.client.ClientResponseFailure)
Aggregations
PermissionTicket (org.xdi.oxauth.model.uma.PermissionTicket)9
UmaPermission (org.xdi.oxauth.model.uma.UmaPermission)6
Response (javax.ws.rs.core.Response)3
ClientResponseFailure (org.jboss.resteasy.client.ClientResponseFailure)3
Parameters (org.testng.annotations.Parameters)3
Test (org.testng.annotations.Test)3
BaseTest (org.xdi.oxauth.BaseTest)3
MalformedURLException (java.net.MalformedURLException)2
PermissionRegistrationService (org.xdi.oxauth.client.uma.PermissionRegistrationService)2
ApiOperation (com.wordnik.swagger.annotations.ApiOperation)1
ApiResponses (com.wordnik.swagger.annotations.ApiResponses)1
IOException (java.io.IOException)1
Consumes (javax.ws.rs.Consumes)1
POST (javax.ws.rs.POST)1
Produces (javax.ws.rs.Produces)1
WebApplicationException (javax.ws.rs.WebApplicationException)1
Builder (javax.ws.rs.client.Invocation.Builder)1
HttpResponse (org.apache.http.HttpResponse)1
ResteasyClientBuilder (org.jboss.resteasy.client.jaxrs.ResteasyClientBuilder)1
ResourceSetResponse (org.xdi.oxauth.model.uma.ResourceSetResponse)1
