Examples with RptIntrospectionResponse org.xdi.oxauth.model.uma.RptIntrospectionResponse used on opensource projects

Example 1 with RptIntrospectionResponse

use of org.xdi.oxauth.model.uma.RptIntrospectionResponse in project oxAuth by GluuFederation.

the class TrustElevationHttpTest method trustElevation.

@Test
@Parameters({ "umaMetaDataUrl", "umaAmHost", "umaPatClientId", "umaPatClientSecret", "umaAatClientId", "umaAatClientSecret" })
public void trustElevation(final String umaMetaDataUrl, final String umaAmHost, final String umaPatClientId, final String umaPatClientSecret, final String umaAatClientId, final String umaAatClientSecret) throws Exception {
    this.metadataConfiguration = UmaClientFactory.instance().createMetaDataConfigurationService(umaMetaDataUrl).getMetadataConfiguration();
    UmaTestUtil.assert_(this.metadataConfiguration);
    this.umaObtainRptTokenFlowHttpTest = new ObtainRptTokenFlowHttpTest(this.metadataConfiguration);
    this.umaRegisterResourceSetFlowHttpTest = new RegisterResourceSetFlowHttpTest(this.metadataConfiguration);
    this.umaRegisterResourceSetPermissionFlowHttpTest = new RegisterResourceSetPermissionFlowHttpTest(this.metadataConfiguration);
    this.rptStatusService = UmaClientFactory.instance().createRptStatusService(metadataConfiguration);
    this.rptPermissionAuthorizationService = UmaClientFactory.instance().createAuthorizationRequestService(metadataConfiguration);
    m_pat = UmaClient.requestPat(tokenEndpoint, umaPatClientId, umaPatClientSecret);
    m_aat = UmaClient.requestAat(tokenEndpoint, umaAatClientId, umaAatClientSecret);
    UmaTestUtil.assert_(m_pat);
    UmaTestUtil.assert_(m_aat);
    final List<String> rsScopes = Arrays.asList("http://gluu.example.com/dev/scopes/view", "http://gluu.example.com/dev/scopes/all");
    this.umaRegisterResourceSetFlowHttpTest.m_pat = m_pat;
    final String resourceId = this.umaRegisterResourceSetFlowHttpTest.registerResourceSet(rsScopes);
    this.umaObtainRptTokenFlowHttpTest.m_aat = this.m_aat;
    this.umaObtainRptTokenFlowHttpTest.testObtainRptTokenFlow(umaAmHost);
    this.umaRegisterResourceSetPermissionFlowHttpTest.umaRegisterResourceSetFlowHttpTest = umaRegisterResourceSetFlowHttpTest;
    this.umaRegisterResourceSetPermissionFlowHttpTest.registerResourceSetPermission(umaAmHost, resourceId, rsScopes);
    RptIntrospectionResponse rptStatus = this.rptStatusService.requestRptStatus("Bearer " + m_pat.getAccessToken(), this.umaObtainRptTokenFlowHttpTest.rptToken, "");
    RptAuthorizationRequest rptAuthorizationRequest = new RptAuthorizationRequest(this.umaObtainRptTokenFlowHttpTest.rptToken, umaRegisterResourceSetPermissionFlowHttpTest.ticketForFullAccess);
    try {
        RptAuthorizationResponse authorizationResponse = this.rptPermissionAuthorizationService.requestRptPermissionAuthorization("Bearer " + m_aat.getAccessToken(), umaAmHost, rptAuthorizationRequest);
    } catch (ClientResponseFailure ex) {
        System.err.println(ex.getResponse().getEntity(String.class));
        throw ex;
    }
    rptStatus = this.rptStatusService.requestRptStatus("Bearer " + m_pat.getAccessToken(), this.umaObtainRptTokenFlowHttpTest.rptToken, "");
}

Example 2 with RptIntrospectionResponse

use of org.xdi.oxauth.model.uma.RptIntrospectionResponse in project oxAuth by GluuFederation.

the class AccessProtectedResourceFlowHttpTest method testHostDetermineRptStatus1.

/**
     * Host determines RPT status
     */
@Test(dependsOnMethods = { "testRequesterAccessProtectedResourceWithNotEnoughPermissionsRpt" })
@Parameters({ "umaAmHost" })
public void testHostDetermineRptStatus1(final String umaAmHost) throws Exception {
    showTitle("testHostDetermineRptStatus1");
    String resourceSetId = umaRegisterResourceSetFlowHttpTest.resourceSetId;
    // Determine RPT token to status
    RptIntrospectionResponse tokenStatusResponse = null;
    try {
        tokenStatusResponse = this.rptStatusService.requestRptStatus("Bearer " + m_pat.getAccessToken(), this.umaObtainRptTokenFlowHttpTest.rptToken, "");
    } catch (ClientResponseFailure ex) {
        System.err.println(ex.getResponse().getEntity(String.class));
        //			assertEquals(ex.getResponse().getStatus(), Response.Status.BAD_REQUEST.getStatusCode(), "Unexpected response status");
        throw ex;
    }
    assertNotNull(tokenStatusResponse, "Token response status is not invalid");
    assertTrue(tokenStatusResponse.getActive(), "Token response status is not active");
    assertTrue(tokenStatusResponse.getPermissions() == null || tokenStatusResponse.getPermissions().isEmpty());
}

Example 3 with RptIntrospectionResponse

use of org.xdi.oxauth.model.uma.RptIntrospectionResponse in project oxAuth by GluuFederation.

the class GatFlowHttpTest method testHostDetermineRptStatus2.

/**
     * Host determines GAT status
     */
@Test(dependsOnMethods = { "testRequesterAccessProtectedResourceWithEnoughPermissionsRpt" })
public void testHostDetermineRptStatus2() throws Exception {
    showTitle("testHostDetermineRptStatus2");
    // Determine GAT status
    RptIntrospectionResponse tokenStatusResponse = null;
    try {
        tokenStatusResponse = this.rptStatusService.requestRptStatus("Bearer " + pat.getAccessToken(), gat, "");
    } catch (ClientResponseFailure ex) {
        System.err.println(ex.getResponse().getEntity(String.class));
        throw ex;
    }
    UmaTestUtil.assert_(tokenStatusResponse);
}

Example 4 with RptIntrospectionResponse

use of org.xdi.oxauth.model.uma.RptIntrospectionResponse in project oxAuth by GluuFederation.

the class RptStatusWS method gatResponse.

private Response gatResponse(UmaRPT rpt) throws IOException {
    if (!isValid(rpt)) {
        return Response.status(Response.Status.OK).entity(new RptIntrospectionResponse(false)).cacheControl(ServerUtil.cacheControl(true)).build();
    }
    UmaPermission permission = new UmaPermission();
    permission.setScopes(rpt.getPermissions());
    permission.setExpiresAt(rpt.getExpirationDate());
    permission.setIssuedAt(new Date());
    final RptIntrospectionResponse statusResponse = new RptIntrospectionResponse();
    statusResponse.setActive(true);
    statusResponse.setExpiresAt(rpt.getExpirationDate());
    statusResponse.setIssuedAt(rpt.getCreationDate());
    statusResponse.setPermissions(Lists.newArrayList(permission));
    // convert manually to avoid possible conflict between resteasy providers, e.g. jettison, jackson
    final String entity = ServerUtil.asJson(statusResponse);
    return Response.status(Response.Status.OK).entity(entity).cacheControl(ServerUtil.cacheControl(true)).build();
}

Example 5 with RptIntrospectionResponse

use of org.xdi.oxauth.model.uma.RptIntrospectionResponse in project oxAuth by GluuFederation.

the class RptStatusWS method requestRptStatus.

@POST
@Produces({ UmaConstants.JSON_MEDIA_TYPE })
@ApiOperation(value = "The resource server MUST determine a received RPT's status, including both whether it is active and, if so, its associated authorization data, before giving or refusing access to the client. An RPT is associated with a set of authorization data that governs whether the client is authorized for access. The token's nature and format are dictated by its profile; the profile might allow it to be self-contained, such that the resource server is able to determine its status locally, or might require or allow the resource server to make a run-time introspection request of the authorization server that issued the token.", produces = UmaConstants.JSON_MEDIA_TYPE, notes = "The endpoint MAY allow other parameters to provide further context to\n" + "   the query.  For instance, an authorization service may need to know\n" + "   the IP address of the client accessing the protected resource in\n" + "   order to determine the appropriateness of the token being presented.\n" + "\n" + "   To prevent unauthorized token scanning attacks, the endpoint MUST\n" + "   also require some form of authorization to access this endpoint, such\n" + "   as client authentication as described in OAuth 2.0 [RFC6749] or a\n" + "   separate OAuth 2.0 access token such as the bearer token described in\n" + "   OAuth 2.0 Bearer Token Usage [RFC6750].  The methods of managing and\n" + "   validating these authentication credentials are out of scope of this\n" + "   specification.\n")
@ApiResponses(value = { @ApiResponse(code = 401, message = "Unauthorized") })
public Response requestRptStatus(@HeaderParam("Authorization") String authorization, @FormParam("token") @ApiParam(value = "The string value of the token.  For access tokens,\n" + "      this is the \"access_token\" value returned from the token endpoint\n" + "      defined in OAuth 2.0 [RFC6749] section 5.1.  For refresh tokens,\n" + "      this is the \"refresh_token\" value returned from the token endpoint\n" + "      as defined in OAuth 2.0 [RFC6749] section 5.1.  Other token types\n" + "      are outside the scope of this specification.", required = true) String rptAsString, @FormParam("token_type_hint") @ApiParam(value = "A hint about the type of the token\n" + "      submitted for introspection.  The protected resource re MAY pass\n" + "      this parameter in order to help the authorization server to\n" + "      optimize the token lookup.  If the server is unable to locate the\n" + "      token using the given hint, it MUST extend its search across all\n" + "      of its supported token types.  An authorization server MAY ignore\n" + "      this parameter, particularly if it is able to detect the token\n" + "      type automatically.  Values for this field are defined in OAuth\n" + "      Token Revocation [RFC7009].", required = false) String tokenTypeHint) {
    try {
        umaValidationService.assertHasProtectionScope(authorization);
        final UmaRPT rpt = rptManager.getRPTByCode(rptAsString);
        if (rpt != null && AbstractRPTManager.isGat(rpt.getCode())) {
            return gatResponse(rpt);
        }
        if (!isValid(rpt)) {
            return Response.status(Response.Status.OK).entity(new RptIntrospectionResponse(false)).cacheControl(ServerUtil.cacheControl(true)).build();
        }
        final List<UmaPermission> permissions = buildStatusResponsePermissions(rpt);
        // active status
        final RptIntrospectionResponse statusResponse = new RptIntrospectionResponse();
        statusResponse.setActive(true);
        statusResponse.setExpiresAt(rpt.getExpirationDate());
        statusResponse.setIssuedAt(rpt.getCreationDate());
        statusResponse.setPermissions(permissions);
        // convert manually to avoid possible conflict between resteasy providers, e.g. jettison, jackson
        final String entity = ServerUtil.asJson(statusResponse);
        return Response.status(Response.Status.OK).entity(entity).cacheControl(ServerUtil.cacheControl(true)).build();
    } catch (Exception ex) {
        log.error("Exception happened", ex);
        if (ex instanceof WebApplicationException) {
            throw (WebApplicationException) ex;
        }
        throw new WebApplicationException(Response.status(Response.Status.INTERNAL_SERVER_ERROR).entity(errorResponseFactory.getUmaJsonErrorResponse(UmaErrorResponseType.SERVER_ERROR)).build());
    }
}