Examples with RptIntrospectionResponse org.xdi.oxauth.model.uma.RptIntrospectionResponse used on opensource projects

Example 6 with RptIntrospectionResponse

use of org.xdi.oxauth.model.uma.RptIntrospectionResponse in project oxTrust by GluuFederation.

the class UmaPermissionService method validateRptToken.

public Pair<Boolean, Response> validateRptToken(Token patToken, String authorization, String resourceSetId, String scopeId) {
    if ((patToken == null) || (authorization == null) || !authorization.startsWith("Bearer ")) {
        return authenticationFailure;
    }
    String rptToken = authorization.substring(7);
    boolean isGat = rptToken.startsWith("gat_");
    RptIntrospectionResponse rptStatusResponse = getStatusResponse(patToken, rptToken);
    if ((rptStatusResponse == null) || !rptStatusResponse.getActive()) {
        log.error("Status response for RPT token: '{}' is invalid", rptToken);
        return authenticationFailure;
    }
    boolean rptHasPermissions = isRptHasPermissions(rptStatusResponse);
    if (rptHasPermissions) {
        for (UmaPermission umaPermission : rptStatusResponse.getPermissions()) {
            if ((umaPermission.getScopes() != null) && umaPermission.getScopes().contains(scopeId) && (isGat || StringHelper.equals(resourceSetId, umaPermission.getResourceSetId()))) {
                return authenticationSuccess;
            }
        }
        log.error("Status response for RPT token: '{}' not contains right permission", rptToken);
        return authenticationFailure;
    }
    // If the RPT is valid but has insufficient authorization data for the type of access sought,
    // the resource server SHOULD register a requested permission with the authorization server
    // that would suffice for that scope of access (see Section 3.2),
    // and then respond with the HTTP 403 (Forbidden) status code,
    // along with providing the authorization server's URI in an "as_uri" property in the header,
    // and the permission ticket it just received from the AM in the body in a JSON-encoded "ticket" property.
    final String ticket = registerUmaPermissions(patToken, resourceSetId, scopeId);
    if (StringHelper.isEmpty(ticket)) {
        return authenticationFailure;
    }
    Response registerUmaPermissionsResponse = prepareRegisterUmaPermissionsResponse(patToken, resourceSetId, scopeId);
    if (registerUmaPermissionsResponse == null) {
        return authenticationFailure;
    }
    return new Pair<Boolean, Response>(true, registerUmaPermissionsResponse);
}

Example 7 with RptIntrospectionResponse

use of org.xdi.oxauth.model.uma.RptIntrospectionResponse in project oxTrust by GluuFederation.

the class UmaPermissionService method getStatusResponse.

private RptIntrospectionResponse getStatusResponse(Token patToken, String rptToken) {
    String authorization = "Bearer " + patToken.getAccessToken();
    // Determine RPT token to status
    RptIntrospectionResponse rptStatusResponse = null;
    try {
        rptStatusResponse = this.rptStatusService.requestRptStatus(authorization, rptToken, "");
    } catch (Exception ex) {
        log.error("Failed to determine RPT status", ex);
        ex.printStackTrace();
    }
    // Validate RPT status response
    if ((rptStatusResponse == null) || !rptStatusResponse.getActive()) {
        return null;
    }
    return rptStatusResponse;
}

Example 8 with RptIntrospectionResponse

use of org.xdi.oxauth.model.uma.RptIntrospectionResponse in project oxTrust by GluuFederation.

the class UmaPermissionService method validateRptToken.

public Pair<Boolean, Response> validateRptToken(Token patToken, String authorization, String resourceId, List<String> scopeIds) {
    if (StringHelper.isNotEmpty(authorization) && authorization.startsWith("Bearer ")) {
        String rptToken = authorization.substring(7);
        RptIntrospectionResponse rptStatusResponse = getStatusResponse(patToken, rptToken);
        if ((rptStatusResponse == null) || !rptStatusResponse.getActive()) {
            log.error("Status response for RPT token: '{}' is invalid", rptToken);
        // return authenticationFailure;
        } else {
            boolean rptHasPermissions = isRptHasPermissions(rptStatusResponse);
            if (rptHasPermissions) {
                // Collect all scopes
                List<String> returnScopeIds = new LinkedList<String>();
                for (UmaPermission umaPermission : rptStatusResponse.getPermissions()) {
                    if (umaPermission.getScopes() != null) {
                        returnScopeIds.addAll(umaPermission.getScopes());
                    }
                }
                if (returnScopeIds.containsAll(scopeIds)) {
                    return authenticationSuccess;
                }
                log.error("Status response for RPT token: '{}' not contains right permissions", rptToken);
            }
        }
    }
    Response registerPermissionsResponse = prepareRegisterPermissionsResponse(patToken, resourceId, scopeIds);
    if (registerPermissionsResponse == null) {
        return authenticationFailure;
    }
    return new Pair<Boolean, Response>(true, registerPermissionsResponse);
}

Example 9 with RptIntrospectionResponse

use of org.xdi.oxauth.model.uma.RptIntrospectionResponse in project oxAuth by GluuFederation.

the class AccessProtectedResourceFlowHttpTest method testHostDetermineRptStatus2.

/**
     * Host determines RPT status
     */
@Test(dependsOnMethods = { "testRequesterAccessProtectedResourceWithEnoughPermissionsRpt" })
@Parameters({ "umaAmHost" })
public void testHostDetermineRptStatus2(final String umaAmHost) throws Exception {
    showTitle("testHostDetermineRptStatus2");
    // Determine RPT token to status
    RptIntrospectionResponse tokenStatusResponse = null;
    try {
        tokenStatusResponse = this.rptStatusService.requestRptStatus("Bearer " + m_pat.getAccessToken(), this.umaObtainRptTokenFlowHttpTest.rptToken, "");
    } catch (ClientResponseFailure ex) {
        System.err.println(ex.getResponse().getEntity(String.class));
        throw ex;
    }
    UmaTestUtil.assert_(tokenStatusResponse);
// Requester RPT has permission to access this resource set with scope http://photoz.example.com/dev/scopes/view. Hence host should allow him to download this resource.
}

Example 10 with RptIntrospectionResponse

use of org.xdi.oxauth.model.uma.RptIntrospectionResponse in project oxAuth by GluuFederation.

the class GatFlowHttpTest method testHostDetermineRptStatus1.

/**
     * Host determines GAT status
     */
@Test(dependsOnMethods = { "testRequesterObtainsGat" })
public void testHostDetermineRptStatus1() throws Exception {
    showTitle("testHostDetermineRptStatus1");
    // Determine GAT status
    RptIntrospectionResponse tokenStatusResponse = null;
    try {
        tokenStatusResponse = this.rptStatusService.requestRptStatus("Bearer " + pat.getAccessToken(), gat, "");
    } catch (ClientResponseFailure ex) {
        System.err.println(ex.getResponse().getEntity(String.class));
        //			assertEquals(ex.getResponse().getStatus(), Response.Status.BAD_REQUEST.getStatusCode(), "Unexpected response status");
        throw ex;
    }
    assertNotNull(tokenStatusResponse, "Token response status is not invalid");
    assertTrue(tokenStatusResponse.getActive(), "Token response status is not active");
    assertTrue(tokenStatusResponse.getPermissions() == null || tokenStatusResponse.getPermissions().isEmpty());
}