Search in sources :

Example 1 with PermissionTicket

use of org.xdi.oxauth.model.uma.PermissionTicket in project oxAuth by GluuFederation.

the class RegisterResourceSetPermissionFlowHttpTest method testRegisterResourceSetPermissionForInvalidResource.

/**
     * Test for registering permissions for resource set
     */
@Test
@Parameters({ "umaAmHost" })
public void testRegisterResourceSetPermissionForInvalidResource(final String umaAmHost) throws Exception {
    showTitle("testRegisterResourceSetPermissionForInvalidResource");
    PermissionRegistrationService resourceSetPermissionRegistrationService = UmaClientFactory.instance().createResourceSetPermissionRegistrationService(this.metadataConfiguration);
    // Register permissions for resource set
    UmaPermission resourceSetPermissionRequest = new UmaPermission();
    resourceSetPermissionRequest.setResourceSetId(this.umaRegisterResourceSetFlowHttpTest.resourceSetId + "1");
    resourceSetPermissionRequest.setScopes(Arrays.asList("http://photoz.example.com/dev/scopes/view", "http://photoz.example.com/dev/scopes/all"));
    PermissionTicket resourceSetPermissionTiket = null;
    try {
        resourceSetPermissionTiket = resourceSetPermissionRegistrationService.registerResourceSetPermission("Bearer " + this.umaRegisterResourceSetFlowHttpTest.m_pat.getAccessToken(), umaAmHost, resourceSetPermissionRequest);
    } catch (ClientResponseFailure ex) {
        System.err.println(ex.getResponse().getEntity(String.class));
        assertEquals(ex.getResponse().getStatus(), Response.Status.BAD_REQUEST.getStatusCode(), "Unexpected response status");
    }
    assertNull(resourceSetPermissionTiket, "Resource set permission is not null");
}
Also used : PermissionTicket(org.xdi.oxauth.model.uma.PermissionTicket) UmaPermission(org.xdi.oxauth.model.uma.UmaPermission) ClientResponseFailure(org.jboss.resteasy.client.ClientResponseFailure) PermissionRegistrationService(org.xdi.oxauth.client.uma.PermissionRegistrationService) Parameters(org.testng.annotations.Parameters) Test(org.testng.annotations.Test) BaseTest(org.xdi.oxauth.BaseTest)

Example 2 with PermissionTicket

use of org.xdi.oxauth.model.uma.PermissionTicket in project oxAuth by GluuFederation.

the class RegisterResourceSetPermissionFlowHttpTest method registerResourceSetPermission.

public String registerResourceSetPermission(final String umaAmHost, String resourceSetId, List<String> scopes) throws Exception {
    PermissionRegistrationService resourceSetPermissionRegistrationService = UmaClientFactory.instance().createResourceSetPermissionRegistrationService(this.metadataConfiguration);
    // Register permissions for resource set
    UmaPermission resourceSetPermissionRequest = new UmaPermission();
    resourceSetPermissionRequest.setResourceSetId(resourceSetId);
    resourceSetPermissionRequest.setScopes(scopes);
    PermissionTicket t = null;
    try {
        t = resourceSetPermissionRegistrationService.registerResourceSetPermission("Bearer " + this.umaRegisterResourceSetFlowHttpTest.m_pat.getAccessToken(), umaAmHost, resourceSetPermissionRequest);
    } catch (ClientResponseFailure ex) {
        System.err.println(ex.getResponse().getEntity(String.class));
        throw ex;
    }
    UmaTestUtil.assert_(t);
    this.ticketForFullAccess = t.getTicket();
    return t.getTicket();
}
Also used : PermissionTicket(org.xdi.oxauth.model.uma.PermissionTicket) UmaPermission(org.xdi.oxauth.model.uma.UmaPermission) ClientResponseFailure(org.jboss.resteasy.client.ClientResponseFailure) PermissionRegistrationService(org.xdi.oxauth.client.uma.PermissionRegistrationService)

Example 3 with PermissionTicket

use of org.xdi.oxauth.model.uma.PermissionTicket in project oxAuth by GluuFederation.

the class PermissionService method hasEnoughPermissionsWithTicketRegistration.

public Pair<Boolean, Response> hasEnoughPermissionsWithTicketRegistration(UmaRPT p_rpt, List<ResourceSetPermission> p_rptPermissions, RsResourceType p_resourceType, List<RsScopeType> p_scopes) {
    final Pair<Boolean, Response> result = new Pair<Boolean, Response>(false, null);
    final ResourceSet resource = umaRsResourceService.getResource(p_resourceType);
    if (resource == null || StringUtils.isBlank(resource.getId())) {
        result.setFirst(false);
        result.setSecond(Response.status(Response.Status.INTERNAL_SERVER_ERROR).build());
        return result;
    }
    if (hasEnoughPermissions(p_rpt, p_rptPermissions, resource, p_scopes)) {
        result.setFirst(true);
        return result;
    } else {
        // If the RPT is valid but has insufficient authorization data for the type of access sought,
        // the resource server SHOULD register a requested permission with the authorization server
        // that would suffice for that scope of access (see Section 3.2),
        // and then respond with the HTTP 403 (Forbidden) status code,
        // along with providing the authorization server's URI in an "as_uri" property in the header,
        // and the permission ticket it just received from the AM in the body in a JSON-encoded "ticket" property.
        result.setFirst(false);
        final String ticket = registerPermission(p_rpt, resource, p_scopes);
        //                    log.debug("Register permissions on AM, permission ticket: " + ticket);
        final String entity = ServerUtil.asJsonSilently(new PermissionTicket(ticket));
        log.debug("Construct response: HTTP 403 (Forbidden), entity: " + entity);
        final Response response = Response.status(Response.Status.FORBIDDEN).header("host_id", appConfiguration.getIssuer()).header("as_uri", appConfiguration.getUmaConfigurationEndpoint()).header("error", "insufficient_scope").entity(entity).build();
        result.setSecond(response);
        return result;
    }
}
Also used : Response(javax.ws.rs.core.Response) PermissionTicket(org.xdi.oxauth.model.uma.PermissionTicket) ResourceSet(org.xdi.oxauth.model.uma.persistence.ResourceSet) Pair(org.xdi.util.Pair)

Example 4 with PermissionTicket

use of org.xdi.oxauth.model.uma.PermissionTicket in project oxTrust by GluuFederation.

the class UmaPermissionService method prepareRegisterUmaPermissionsResponse.

private Response prepareRegisterUmaPermissionsResponse(Token patToken, String resourceSetId, String umaScope) {
    String ticket = registerUmaPermissions(patToken, resourceSetId, umaScope);
    if (StringHelper.isEmpty(ticket)) {
        return null;
    }
    String entity = null;
    try {
        entity = jsonService.objectToJson(new PermissionTicket(ticket));
    } catch (Exception ex) {
        log.error("Failed to prepare response", ex);
    }
    if (entity == null) {
        return null;
    }
    log.debug("Construct response: HTTP 403 (Forbidden), entity: '{}'", entity);
    Response response = null;
    try {
        response = Response.status(Response.Status.FORBIDDEN).header("host_id", getHost(appConfiguration.getIdpUrl())).header("as_uri", appInitializer.getUmaConfigurationEndpoint()).header("error", "insufficient_scope").entity(entity).build();
    } catch (MalformedURLException ex) {
        log.error("Failed to determine host by URI", ex);
    }
    return response;
}
Also used : Response(javax.ws.rs.core.Response) RptIntrospectionResponse(org.xdi.oxauth.model.uma.RptIntrospectionResponse) HttpResponse(org.apache.http.HttpResponse) PermissionTicket(org.xdi.oxauth.model.uma.PermissionTicket) MalformedURLException(java.net.MalformedURLException) MalformedURLException(java.net.MalformedURLException)

Example 5 with PermissionTicket

use of org.xdi.oxauth.model.uma.PermissionTicket in project oxTrust by GluuFederation.

the class UmaPermissionService method registerUmaPermissions.

private String registerUmaPermissions(Token patToken, String resourceSetId, String umaScope) {
    String authorization = "Bearer " + patToken.getAccessToken();
    // Register permissions for resource set
    UmaPermission resourceSetPermissionRequest = new UmaPermission();
    resourceSetPermissionRequest.setResourceSetId(resourceSetId);
    resourceSetPermissionRequest.setScopes(Arrays.asList(umaScope));
    PermissionTicket resourceSetPermissionTicket = null;
    try {
        resourceSetPermissionTicket = this.resourceSetPermissionRegistrationService.registerResourceSetPermission(authorization, getHost(umaMetadataConfiguration.getIssuer()), resourceSetPermissionRequest);
    } catch (MalformedURLException ex) {
        log.error("Failed to determine host by URI", ex);
    } catch (ClientResponseFailure ex) {
        log.error("Failed to register permissions for resource set: '{}'", ex, resourceSetId);
    }
    if ((resourceSetPermissionTicket == null) || StringHelper.isEmpty(resourceSetPermissionTicket.getTicket())) {
        log.error("Resource set permission ticket is invalid");
        return null;
    }
    return resourceSetPermissionTicket.getTicket();
}
Also used : PermissionTicket(org.xdi.oxauth.model.uma.PermissionTicket) MalformedURLException(java.net.MalformedURLException) UmaPermission(org.xdi.oxauth.model.uma.UmaPermission) ClientResponseFailure(org.jboss.resteasy.client.ClientResponseFailure)

Aggregations

PermissionTicket (org.xdi.oxauth.model.uma.PermissionTicket)9 UmaPermission (org.xdi.oxauth.model.uma.UmaPermission)6 Response (javax.ws.rs.core.Response)3 ClientResponseFailure (org.jboss.resteasy.client.ClientResponseFailure)3 Parameters (org.testng.annotations.Parameters)3 Test (org.testng.annotations.Test)3 BaseTest (org.xdi.oxauth.BaseTest)3 MalformedURLException (java.net.MalformedURLException)2 PermissionRegistrationService (org.xdi.oxauth.client.uma.PermissionRegistrationService)2 ApiOperation (com.wordnik.swagger.annotations.ApiOperation)1 ApiResponses (com.wordnik.swagger.annotations.ApiResponses)1 IOException (java.io.IOException)1 Consumes (javax.ws.rs.Consumes)1 POST (javax.ws.rs.POST)1 Produces (javax.ws.rs.Produces)1 WebApplicationException (javax.ws.rs.WebApplicationException)1 Builder (javax.ws.rs.client.Invocation.Builder)1 HttpResponse (org.apache.http.HttpResponse)1 ResteasyClientBuilder (org.jboss.resteasy.client.jaxrs.ResteasyClientBuilder)1 ResourceSetResponse (org.xdi.oxauth.model.uma.ResourceSetResponse)1