Example 6 with UmaPermission
use of org.xdi.oxauth.model.uma.UmaPermission in project oxTrust by GluuFederation.
the class UmaPermissionService method validateRptToken.
public Pair<Boolean, Response> validateRptToken(Token patToken, String authorization, String resourceSetId, String scopeId) {
if ((patToken == null) || (authorization == null) || !authorization.startsWith("Bearer ")) {
return authenticationFailure;
}
String rptToken = authorization.substring(7);
boolean isGat = rptToken.startsWith("gat_");
RptIntrospectionResponse rptStatusResponse = getStatusResponse(patToken, rptToken);
if ((rptStatusResponse == null) || !rptStatusResponse.getActive()) {
log.error("Status response for RPT token: '{}' is invalid", rptToken);
return authenticationFailure;
}
boolean rptHasPermissions = isRptHasPermissions(rptStatusResponse);
if (rptHasPermissions) {
for (UmaPermission umaPermission : rptStatusResponse.getPermissions()) {
if ((umaPermission.getScopes() != null) && umaPermission.getScopes().contains(scopeId) && (isGat || StringHelper.equals(resourceSetId, umaPermission.getResourceSetId()))) {
return authenticationSuccess;
}
}
log.error("Status response for RPT token: '{}' not contains right permission", rptToken);
return authenticationFailure;
}
// If the RPT is valid but has insufficient authorization data for the type of access sought,
// the resource server SHOULD register a requested permission with the authorization server
// that would suffice for that scope of access (see Section 3.2),
// and then respond with the HTTP 403 (Forbidden) status code,
// along with providing the authorization server's URI in an "as_uri" property in the header,
// and the permission ticket it just received from the AM in the body in a JSON-encoded "ticket" property.
final String ticket = registerUmaPermissions(patToken, resourceSetId, scopeId);
if (StringHelper.isEmpty(ticket)) {
return authenticationFailure;
}
Response registerUmaPermissionsResponse = prepareRegisterUmaPermissionsResponse(patToken, resourceSetId, scopeId);
if (registerUmaPermissionsResponse == null) {
return authenticationFailure;
}
return new Pair<Boolean, Response>(true, registerUmaPermissionsResponse);
}
Also used :
Response(javax.ws.rs.core.Response)
RptIntrospectionResponse(org.xdi.oxauth.model.uma.RptIntrospectionResponse)
HttpResponse(org.apache.http.HttpResponse)
RptIntrospectionResponse(org.xdi.oxauth.model.uma.RptIntrospectionResponse)
UmaPermission(org.xdi.oxauth.model.uma.UmaPermission)
Pair(org.xdi.util.Pair)
Example 7 with UmaPermission
use of org.xdi.oxauth.model.uma.UmaPermission in project oxTrust by GluuFederation.
the class UmaPermissionService method validateRptToken.
public Pair<Boolean, Response> validateRptToken(Token patToken, String authorization, String resourceId, List<String> scopeIds) {
if (StringHelper.isNotEmpty(authorization) && authorization.startsWith("Bearer ")) {
String rptToken = authorization.substring(7);
RptIntrospectionResponse rptStatusResponse = getStatusResponse(patToken, rptToken);
if ((rptStatusResponse == null) || !rptStatusResponse.getActive()) {
log.error("Status response for RPT token: '{}' is invalid", rptToken);
// return authenticationFailure;
} else {
boolean rptHasPermissions = isRptHasPermissions(rptStatusResponse);
if (rptHasPermissions) {
// Collect all scopes
List<String> returnScopeIds = new LinkedList<String>();
for (UmaPermission umaPermission : rptStatusResponse.getPermissions()) {
if (umaPermission.getScopes() != null) {
returnScopeIds.addAll(umaPermission.getScopes());
}
}
if (returnScopeIds.containsAll(scopeIds)) {
return authenticationSuccess;
}
log.error("Status response for RPT token: '{}' not contains right permissions", rptToken);
}
}
}
Response registerPermissionsResponse = prepareRegisterPermissionsResponse(patToken, resourceId, scopeIds);
if (registerPermissionsResponse == null) {
return authenticationFailure;
}
return new Pair<Boolean, Response>(true, registerPermissionsResponse);
}
Also used :
Response(javax.ws.rs.core.Response)
RptIntrospectionResponse(org.xdi.oxauth.model.uma.RptIntrospectionResponse)
HttpResponse(org.apache.http.HttpResponse)
RptIntrospectionResponse(org.xdi.oxauth.model.uma.RptIntrospectionResponse)
UmaPermission(org.xdi.oxauth.model.uma.UmaPermission)
LinkedList(java.util.LinkedList)
Pair(org.xdi.util.Pair)
Example 8 with UmaPermission
use of org.xdi.oxauth.model.uma.UmaPermission in project oxTrust by GluuFederation.
the class UmaPermissionService method registerUmaPermissions.
private String registerUmaPermissions(Token patToken, String resourceSetId, String umaScope) {
String authorization = "Bearer " + patToken.getAccessToken();
// Register permissions for resource set
UmaPermission resourceSetPermissionRequest = new UmaPermission();
resourceSetPermissionRequest.setResourceSetId(resourceSetId);
resourceSetPermissionRequest.setScopes(Arrays.asList(umaScope));
PermissionTicket resourceSetPermissionTicket = null;
try {
resourceSetPermissionTicket = this.resourceSetPermissionRegistrationService.registerResourceSetPermission(authorization, getHost(umaMetadataConfiguration.getIssuer()), resourceSetPermissionRequest);
} catch (MalformedURLException ex) {
log.error("Failed to determine host by URI", ex);
} catch (ClientResponseFailure ex) {
log.error("Failed to register permissions for resource set: '{}'", ex, resourceSetId);
}
if ((resourceSetPermissionTicket == null) || StringHelper.isEmpty(resourceSetPermissionTicket.getTicket())) {
log.error("Resource set permission ticket is invalid");
return null;
}
return resourceSetPermissionTicket.getTicket();
}
Also used :
PermissionTicket(org.xdi.oxauth.model.uma.PermissionTicket)
MalformedURLException(java.net.MalformedURLException)
UmaPermission(org.xdi.oxauth.model.uma.UmaPermission)
ClientResponseFailure(org.jboss.resteasy.client.ClientResponseFailure)
Example 9 with UmaPermission
use of org.xdi.oxauth.model.uma.UmaPermission in project oxAuth by GluuFederation.
the class ServerUtil method convert.
public static UmaPermission convert(ResourceSetPermission p_permission, ScopeService p_umaScopeService) {
if (p_permission != null) {
final UmaPermission result = new UmaPermission();
result.setResourceSetId(p_permission.getResourceSetId());
result.setScopes(p_umaScopeService.getScopeUrlsByDns(p_permission.getScopeDns()));
result.setExpiresAt(p_permission.getExpirationDate());
return result;
}
return null;
}
Also used :
UmaPermission(org.xdi.oxauth.model.uma.UmaPermission)
Example 10 with UmaPermission
use of org.xdi.oxauth.model.uma.UmaPermission in project oxAuth by GluuFederation.
the class AccessProtectedResourceFlowWSTest method _4_registerPermissionForRpt.
/*
* **************************************************************** 4.
* Registers permission for RPT
*/
@Test(dependsOnMethods = { "_3_hostDeterminesRptStatus" })
@Parameters({ "umaAmHost", "umaHost", "umaPermissionPath" })
public void _4_registerPermissionForRpt(final String umaAmHost, String umaHost, String umaPermissionPath) throws Exception {
final UmaPermission r = new UmaPermission();
r.setResourceSetId(resourceSet.getId());
r.setScopes(Arrays.asList("http://photoz.example.com/dev/scopes/view"));
ticket = TUma.registerPermission(url, pat, umaAmHost, umaHost, r, umaPermissionPath);
UmaTestUtil.assert_(ticket);
}
Also used :
UmaPermission(org.xdi.oxauth.model.uma.UmaPermission)
Parameters(org.testng.annotations.Parameters)
Test(org.testng.annotations.Test)
BaseTest(org.xdi.oxauth.BaseTest)
Aggregations
UmaPermission (org.xdi.oxauth.model.uma.UmaPermission)14
PermissionTicket (org.xdi.oxauth.model.uma.PermissionTicket)6
Parameters (org.testng.annotations.Parameters)5
Test (org.testng.annotations.Test)5
BaseTest (org.xdi.oxauth.BaseTest)5
RptIntrospectionResponse (org.xdi.oxauth.model.uma.RptIntrospectionResponse)4
Response (javax.ws.rs.core.Response)3
ClientResponseFailure (org.jboss.resteasy.client.ClientResponseFailure)3
IOException (java.io.IOException)2
Date (java.util.Date)2
HttpResponse (org.apache.http.HttpResponse)2
PermissionRegistrationService (org.xdi.oxauth.client.uma.PermissionRegistrationService)2
Pair (org.xdi.util.Pair)2
ApiOperation (com.wordnik.swagger.annotations.ApiOperation)1
ApiResponses (com.wordnik.swagger.annotations.ApiResponses)1
MalformedURLException (java.net.MalformedURLException)1
LinkedList (java.util.LinkedList)1
POST (javax.ws.rs.POST)1
Produces (javax.ws.rs.Produces)1
WebApplicationException (javax.ws.rs.WebApplicationException)1
