Examples with UmaPermission org.xdi.oxauth.model.uma.UmaPermission used on opensource projects

Example 1 with UmaPermission

use of org.xdi.oxauth.model.uma.UmaPermission in project oxAuth by GluuFederation.

the class RptStatusWS method gatResponse.

private Response gatResponse(UmaRPT rpt) throws IOException {
    if (!isValid(rpt)) {
        return Response.status(Response.Status.OK).entity(new RptIntrospectionResponse(false)).cacheControl(ServerUtil.cacheControl(true)).build();
    }
    UmaPermission permission = new UmaPermission();
    permission.setScopes(rpt.getPermissions());
    permission.setExpiresAt(rpt.getExpirationDate());
    permission.setIssuedAt(new Date());
    final RptIntrospectionResponse statusResponse = new RptIntrospectionResponse();
    statusResponse.setActive(true);
    statusResponse.setExpiresAt(rpt.getExpirationDate());
    statusResponse.setIssuedAt(rpt.getCreationDate());
    statusResponse.setPermissions(Lists.newArrayList(permission));
    // convert manually to avoid possible conflict between resteasy providers, e.g. jettison, jackson
    final String entity = ServerUtil.asJson(statusResponse);
    return Response.status(Response.Status.OK).entity(entity).cacheControl(ServerUtil.cacheControl(true)).build();
}

Example 2 with UmaPermission

use of org.xdi.oxauth.model.uma.UmaPermission in project oxAuth by GluuFederation.

the class RptStatusWS method requestRptStatus.

@POST
@Produces({ UmaConstants.JSON_MEDIA_TYPE })
@ApiOperation(value = "The resource server MUST determine a received RPT's status, including both whether it is active and, if so, its associated authorization data, before giving or refusing access to the client. An RPT is associated with a set of authorization data that governs whether the client is authorized for access. The token's nature and format are dictated by its profile; the profile might allow it to be self-contained, such that the resource server is able to determine its status locally, or might require or allow the resource server to make a run-time introspection request of the authorization server that issued the token.", produces = UmaConstants.JSON_MEDIA_TYPE, notes = "The endpoint MAY allow other parameters to provide further context to\n" + "   the query.  For instance, an authorization service may need to know\n" + "   the IP address of the client accessing the protected resource in\n" + "   order to determine the appropriateness of the token being presented.\n" + "\n" + "   To prevent unauthorized token scanning attacks, the endpoint MUST\n" + "   also require some form of authorization to access this endpoint, such\n" + "   as client authentication as described in OAuth 2.0 [RFC6749] or a\n" + "   separate OAuth 2.0 access token such as the bearer token described in\n" + "   OAuth 2.0 Bearer Token Usage [RFC6750].  The methods of managing and\n" + "   validating these authentication credentials are out of scope of this\n" + "   specification.\n")
@ApiResponses(value = { @ApiResponse(code = 401, message = "Unauthorized") })
public Response requestRptStatus(@HeaderParam("Authorization") String authorization, @FormParam("token") @ApiParam(value = "The string value of the token.  For access tokens,\n" + "      this is the \"access_token\" value returned from the token endpoint\n" + "      defined in OAuth 2.0 [RFC6749] section 5.1.  For refresh tokens,\n" + "      this is the \"refresh_token\" value returned from the token endpoint\n" + "      as defined in OAuth 2.0 [RFC6749] section 5.1.  Other token types\n" + "      are outside the scope of this specification.", required = true) String rptAsString, @FormParam("token_type_hint") @ApiParam(value = "A hint about the type of the token\n" + "      submitted for introspection.  The protected resource re MAY pass\n" + "      this parameter in order to help the authorization server to\n" + "      optimize the token lookup.  If the server is unable to locate the\n" + "      token using the given hint, it MUST extend its search across all\n" + "      of its supported token types.  An authorization server MAY ignore\n" + "      this parameter, particularly if it is able to detect the token\n" + "      type automatically.  Values for this field are defined in OAuth\n" + "      Token Revocation [RFC7009].", required = false) String tokenTypeHint) {
    try {
        umaValidationService.assertHasProtectionScope(authorization);
        final UmaRPT rpt = rptManager.getRPTByCode(rptAsString);
        if (rpt != null && AbstractRPTManager.isGat(rpt.getCode())) {
            return gatResponse(rpt);
        }
        if (!isValid(rpt)) {
            return Response.status(Response.Status.OK).entity(new RptIntrospectionResponse(false)).cacheControl(ServerUtil.cacheControl(true)).build();
        }
        final List<UmaPermission> permissions = buildStatusResponsePermissions(rpt);
        // active status
        final RptIntrospectionResponse statusResponse = new RptIntrospectionResponse();
        statusResponse.setActive(true);
        statusResponse.setExpiresAt(rpt.getExpirationDate());
        statusResponse.setIssuedAt(rpt.getCreationDate());
        statusResponse.setPermissions(permissions);
        // convert manually to avoid possible conflict between resteasy providers, e.g. jettison, jackson
        final String entity = ServerUtil.asJson(statusResponse);
        return Response.status(Response.Status.OK).entity(entity).cacheControl(ServerUtil.cacheControl(true)).build();
    } catch (Exception ex) {
        log.error("Exception happened", ex);
        if (ex instanceof WebApplicationException) {
            throw (WebApplicationException) ex;
        }
        throw new WebApplicationException(Response.status(Response.Status.INTERNAL_SERVER_ERROR).entity(errorResponseFactory.getUmaJsonErrorResponse(UmaErrorResponseType.SERVER_ERROR)).build());
    }
}

Example 3 with UmaPermission

use of org.xdi.oxauth.model.uma.UmaPermission in project oxAuth by GluuFederation.

the class PermissionService method registerPermission.

private String registerPermission(UmaRPT p_rpt, ResourceSet p_resource, List<RsScopeType> p_scopes) {
    final Date expirationDate = rptExpirationDate();
    final UmaPermission r = new UmaPermission();
    r.setResourceSetId(p_resource.getId());
    r.setExpiresAt(expirationDate);
    final String host = appConfiguration.getIssuer();
    final ResourceSetPermission permission = resourceSetPermissionManager.createResourceSetPermission(host, r, expirationDate);
    // IMPORTANT : set scope dns before persistence
    permission.setScopeDns(umaRsResourceService.getScopeDns(p_scopes));
    final Client client = clientService.getClient(p_rpt.getClientId());
    resourceSetPermissionManager.addResourceSetPermission(permission, client.getDn());
    return permission.getTicket();
}

Example 4 with UmaPermission

use of org.xdi.oxauth.model.uma.UmaPermission in project oxAuth by GluuFederation.

the class RegisterResourceSetPermissionFlowHttpTest method testRegisterResourceSetPermissionForInvalidResource.

/**
     * Test for registering permissions for resource set
     */
@Test
@Parameters({ "umaAmHost" })
public void testRegisterResourceSetPermissionForInvalidResource(final String umaAmHost) throws Exception {
    showTitle("testRegisterResourceSetPermissionForInvalidResource");
    PermissionRegistrationService resourceSetPermissionRegistrationService = UmaClientFactory.instance().createResourceSetPermissionRegistrationService(this.metadataConfiguration);
    // Register permissions for resource set
    UmaPermission resourceSetPermissionRequest = new UmaPermission();
    resourceSetPermissionRequest.setResourceSetId(this.umaRegisterResourceSetFlowHttpTest.resourceSetId + "1");
    resourceSetPermissionRequest.setScopes(Arrays.asList("http://photoz.example.com/dev/scopes/view", "http://photoz.example.com/dev/scopes/all"));
    PermissionTicket resourceSetPermissionTiket = null;
    try {
        resourceSetPermissionTiket = resourceSetPermissionRegistrationService.registerResourceSetPermission("Bearer " + this.umaRegisterResourceSetFlowHttpTest.m_pat.getAccessToken(), umaAmHost, resourceSetPermissionRequest);
    } catch (ClientResponseFailure ex) {
        System.err.println(ex.getResponse().getEntity(String.class));
        assertEquals(ex.getResponse().getStatus(), Response.Status.BAD_REQUEST.getStatusCode(), "Unexpected response status");
    }
    assertNull(resourceSetPermissionTiket, "Resource set permission is not null");
}

Example 5 with UmaPermission

use of org.xdi.oxauth.model.uma.UmaPermission in project oxAuth by GluuFederation.

the class RegisterResourceSetPermissionFlowHttpTest method registerResourceSetPermission.

public String registerResourceSetPermission(final String umaAmHost, String resourceSetId, List<String> scopes) throws Exception {
    PermissionRegistrationService resourceSetPermissionRegistrationService = UmaClientFactory.instance().createResourceSetPermissionRegistrationService(this.metadataConfiguration);
    // Register permissions for resource set
    UmaPermission resourceSetPermissionRequest = new UmaPermission();
    resourceSetPermissionRequest.setResourceSetId(resourceSetId);
    resourceSetPermissionRequest.setScopes(scopes);
    PermissionTicket t = null;
    try {
        t = resourceSetPermissionRegistrationService.registerResourceSetPermission("Bearer " + this.umaRegisterResourceSetFlowHttpTest.m_pat.getAccessToken(), umaAmHost, resourceSetPermissionRequest);
    } catch (ClientResponseFailure ex) {
        System.err.println(ex.getResponse().getEntity(String.class));
        throw ex;
    }
    UmaTestUtil.assert_(t);
    this.ticketForFullAccess = t.getTicket();
    return t.getTicket();
}