use of org.xdi.oxauth.model.uma.persistence.ResourceSet in project oxAuth by GluuFederation.
the class PermissionService method hasEnoughPermissionsWithTicketRegistration.
public Pair<Boolean, Response> hasEnoughPermissionsWithTicketRegistration(UmaRPT p_rpt, List<ResourceSetPermission> p_rptPermissions, RsResourceType p_resourceType, List<RsScopeType> p_scopes) {
final Pair<Boolean, Response> result = new Pair<Boolean, Response>(false, null);
final ResourceSet resource = umaRsResourceService.getResource(p_resourceType);
if (resource == null || StringUtils.isBlank(resource.getId())) {
result.setFirst(false);
result.setSecond(Response.status(Response.Status.INTERNAL_SERVER_ERROR).build());
return result;
}
if (hasEnoughPermissions(p_rpt, p_rptPermissions, resource, p_scopes)) {
result.setFirst(true);
return result;
} else {
// If the RPT is valid but has insufficient authorization data for the type of access sought,
// the resource server SHOULD register a requested permission with the authorization server
// that would suffice for that scope of access (see Section 3.2),
// and then respond with the HTTP 403 (Forbidden) status code,
// along with providing the authorization server's URI in an "as_uri" property in the header,
// and the permission ticket it just received from the AM in the body in a JSON-encoded "ticket" property.
result.setFirst(false);
final String ticket = registerPermission(p_rpt, resource, p_scopes);
// log.debug("Register permissions on AM, permission ticket: " + ticket);
final String entity = ServerUtil.asJsonSilently(new PermissionTicket(ticket));
log.debug("Construct response: HTTP 403 (Forbidden), entity: " + entity);
final Response response = Response.status(Response.Status.FORBIDDEN).header("host_id", appConfiguration.getIssuer()).header("as_uri", appConfiguration.getUmaConfigurationEndpoint()).header("error", "insufficient_scope").entity(entity).build();
result.setSecond(response);
return result;
}
}
use of org.xdi.oxauth.model.uma.persistence.ResourceSet in project oxAuth by GluuFederation.
the class RsResourceService method getResource.
public ResourceSet getResource(RsResourceType p_type) {
final ResourceSet criteria = new ResourceSet();
criteria.setDn(resourceSetService.getBaseDnForResourceSet());
criteria.setName(p_type.getValue());
final List<ResourceSet> ldapResourceSets = resourceSetService.findResourceSets(criteria);
if (ldapResourceSets == null || ldapResourceSets.isEmpty()) {
log.trace("No resource set for type: {}", p_type);
return createResourceSet(p_type);
} else {
final int size = ldapResourceSets.size();
final ResourceSet first = ldapResourceSets.get(0);
if (size > 1) {
// skip first element
for (int i = 1; i < size; i++) {
resourceSetService.remove(ldapResourceSets.get(i));
}
}
return first;
}
}
use of org.xdi.oxauth.model.uma.persistence.ResourceSet in project oxAuth by GluuFederation.
the class RsResourceService method createResourceSet.
private ResourceSet createResourceSet(RsResourceType p_type) {
log.trace("Creating new internal resource set, type: {} ...", p_type);
// Create resource set description branch if needed
if (!resourceSetService.containsBranch()) {
resourceSetService.addBranch();
}
final String rsid = String.valueOf(System.currentTimeMillis());
final ResourceSet s = new ResourceSet();
s.setId(rsid);
s.setRev("1");
s.setName(p_type.getValue());
s.setDn(resourceSetService.getDnForResourceSet(rsid));
s.setScopes(getScopeDns(p_type.getScopeTypes()));
// final Boolean addClient = appConfiguration.getUmaKeepClientDuringResourceSetRegistration();
// if (addClient != null ? addClient : true) {
// s.setClients(new ArrayList<String>(Arrays.asList(clientDn)));
// }
resourceSetService.addResourceSet(s);
log.trace("New internal resource set created, type: {}.", p_type);
return s;
}
use of org.xdi.oxauth.model.uma.persistence.ResourceSet in project oxAuth by GluuFederation.
the class ResourceSetService method getResourceSetById.
public ResourceSet getResourceSetById(String id) {
prepareResourceSetsBranch();
ResourceSet ldapResourceSet = new ResourceSet();
ldapResourceSet.setDn(getBaseDnForResourceSet());
ldapResourceSet.setId(id);
final List<ResourceSet> result = findResourceSets(ldapResourceSet);
if (result.size() == 0) {
log.error("Failed to find resource set with id: " + id);
errorResponseFactory.throwUmaNotFoundException();
} else if (result.size() > 1) {
log.error("Multiple resource sets found with given id: " + id);
errorResponseFactory.throwUmaInternalErrorException();
}
return result.get(0);
}
use of org.xdi.oxauth.model.uma.persistence.ResourceSet in project oxTrust by GluuFederation.
the class ResourceSetService method findResourceSets.
/**
* Search resource sets by pattern
*
* @param pattern Pattern
* @param sizeLimit Maximum count of results
* @return List of resource sets
*/
public List<ResourceSet> findResourceSets(String pattern, int sizeLimit) {
String[] targetArray = new String[] { pattern };
Filter oxIdFilter = Filter.createSubstringFilter("oxId", null, targetArray, null);
Filter displayNameFilter = Filter.createSubstringFilter(OxTrustConstants.displayName, null, targetArray, null);
Filter searchFilter = Filter.createORFilter(oxIdFilter, displayNameFilter);
List<ResourceSet> result = ldapEntryManager.findEntries(getDnForResourceSet(null), ResourceSet.class, searchFilter, 0, sizeLimit);
return result;
}
Aggregations