use of org.xdi.oxauth.model.uma.PermissionTicket in project oxAuth by GluuFederation.
the class RegisterResourceSetPermissionFlowHttpTest method testRegisterResourceSetPermissionForInvalidResource.
/**
* Test for registering permissions for resource set
*/
@Test
@Parameters({ "umaAmHost" })
public void testRegisterResourceSetPermissionForInvalidResource(final String umaAmHost) throws Exception {
showTitle("testRegisterResourceSetPermissionForInvalidResource");
PermissionRegistrationService resourceSetPermissionRegistrationService = UmaClientFactory.instance().createResourceSetPermissionRegistrationService(this.metadataConfiguration);
// Register permissions for resource set
UmaPermission resourceSetPermissionRequest = new UmaPermission();
resourceSetPermissionRequest.setResourceSetId(this.umaRegisterResourceSetFlowHttpTest.resourceSetId + "1");
resourceSetPermissionRequest.setScopes(Arrays.asList("http://photoz.example.com/dev/scopes/view", "http://photoz.example.com/dev/scopes/all"));
PermissionTicket resourceSetPermissionTiket = null;
try {
resourceSetPermissionTiket = resourceSetPermissionRegistrationService.registerResourceSetPermission("Bearer " + this.umaRegisterResourceSetFlowHttpTest.m_pat.getAccessToken(), umaAmHost, resourceSetPermissionRequest);
} catch (ClientResponseFailure ex) {
System.err.println(ex.getResponse().getEntity(String.class));
assertEquals(ex.getResponse().getStatus(), Response.Status.BAD_REQUEST.getStatusCode(), "Unexpected response status");
}
assertNull(resourceSetPermissionTiket, "Resource set permission is not null");
}
use of org.xdi.oxauth.model.uma.PermissionTicket in project oxAuth by GluuFederation.
the class RegisterResourceSetPermissionFlowHttpTest method registerResourceSetPermission.
public String registerResourceSetPermission(final String umaAmHost, String resourceSetId, List<String> scopes) throws Exception {
PermissionRegistrationService resourceSetPermissionRegistrationService = UmaClientFactory.instance().createResourceSetPermissionRegistrationService(this.metadataConfiguration);
// Register permissions for resource set
UmaPermission resourceSetPermissionRequest = new UmaPermission();
resourceSetPermissionRequest.setResourceSetId(resourceSetId);
resourceSetPermissionRequest.setScopes(scopes);
PermissionTicket t = null;
try {
t = resourceSetPermissionRegistrationService.registerResourceSetPermission("Bearer " + this.umaRegisterResourceSetFlowHttpTest.m_pat.getAccessToken(), umaAmHost, resourceSetPermissionRequest);
} catch (ClientResponseFailure ex) {
System.err.println(ex.getResponse().getEntity(String.class));
throw ex;
}
UmaTestUtil.assert_(t);
this.ticketForFullAccess = t.getTicket();
return t.getTicket();
}
use of org.xdi.oxauth.model.uma.PermissionTicket in project oxAuth by GluuFederation.
the class PermissionService method hasEnoughPermissionsWithTicketRegistration.
public Pair<Boolean, Response> hasEnoughPermissionsWithTicketRegistration(UmaRPT p_rpt, List<ResourceSetPermission> p_rptPermissions, RsResourceType p_resourceType, List<RsScopeType> p_scopes) {
final Pair<Boolean, Response> result = new Pair<Boolean, Response>(false, null);
final ResourceSet resource = umaRsResourceService.getResource(p_resourceType);
if (resource == null || StringUtils.isBlank(resource.getId())) {
result.setFirst(false);
result.setSecond(Response.status(Response.Status.INTERNAL_SERVER_ERROR).build());
return result;
}
if (hasEnoughPermissions(p_rpt, p_rptPermissions, resource, p_scopes)) {
result.setFirst(true);
return result;
} else {
// If the RPT is valid but has insufficient authorization data for the type of access sought,
// the resource server SHOULD register a requested permission with the authorization server
// that would suffice for that scope of access (see Section 3.2),
// and then respond with the HTTP 403 (Forbidden) status code,
// along with providing the authorization server's URI in an "as_uri" property in the header,
// and the permission ticket it just received from the AM in the body in a JSON-encoded "ticket" property.
result.setFirst(false);
final String ticket = registerPermission(p_rpt, resource, p_scopes);
// log.debug("Register permissions on AM, permission ticket: " + ticket);
final String entity = ServerUtil.asJsonSilently(new PermissionTicket(ticket));
log.debug("Construct response: HTTP 403 (Forbidden), entity: " + entity);
final Response response = Response.status(Response.Status.FORBIDDEN).header("host_id", appConfiguration.getIssuer()).header("as_uri", appConfiguration.getUmaConfigurationEndpoint()).header("error", "insufficient_scope").entity(entity).build();
result.setSecond(response);
return result;
}
}
use of org.xdi.oxauth.model.uma.PermissionTicket in project oxTrust by GluuFederation.
the class UmaPermissionService method prepareRegisterUmaPermissionsResponse.
private Response prepareRegisterUmaPermissionsResponse(Token patToken, String resourceSetId, String umaScope) {
String ticket = registerUmaPermissions(patToken, resourceSetId, umaScope);
if (StringHelper.isEmpty(ticket)) {
return null;
}
String entity = null;
try {
entity = jsonService.objectToJson(new PermissionTicket(ticket));
} catch (Exception ex) {
log.error("Failed to prepare response", ex);
}
if (entity == null) {
return null;
}
log.debug("Construct response: HTTP 403 (Forbidden), entity: '{}'", entity);
Response response = null;
try {
response = Response.status(Response.Status.FORBIDDEN).header("host_id", getHost(appConfiguration.getIdpUrl())).header("as_uri", appInitializer.getUmaConfigurationEndpoint()).header("error", "insufficient_scope").entity(entity).build();
} catch (MalformedURLException ex) {
log.error("Failed to determine host by URI", ex);
}
return response;
}
use of org.xdi.oxauth.model.uma.PermissionTicket in project oxTrust by GluuFederation.
the class UmaPermissionService method registerUmaPermissions.
private String registerUmaPermissions(Token patToken, String resourceSetId, String umaScope) {
String authorization = "Bearer " + patToken.getAccessToken();
// Register permissions for resource set
UmaPermission resourceSetPermissionRequest = new UmaPermission();
resourceSetPermissionRequest.setResourceSetId(resourceSetId);
resourceSetPermissionRequest.setScopes(Arrays.asList(umaScope));
PermissionTicket resourceSetPermissionTicket = null;
try {
resourceSetPermissionTicket = this.resourceSetPermissionRegistrationService.registerResourceSetPermission(authorization, getHost(umaMetadataConfiguration.getIssuer()), resourceSetPermissionRequest);
} catch (MalformedURLException ex) {
log.error("Failed to determine host by URI", ex);
} catch (ClientResponseFailure ex) {
log.error("Failed to register permissions for resource set: '{}'", ex, resourceSetId);
}
if ((resourceSetPermissionTicket == null) || StringHelper.isEmpty(resourceSetPermissionTicket.getTicket())) {
log.error("Resource set permission ticket is invalid");
return null;
}
return resourceSetPermissionTicket.getTicket();
}
Aggregations