Search in sources :

Example 1 with ResourceSet

use of org.xdi.oxauth.model.uma.persistence.ResourceSet in project oxAuth by GluuFederation.

the class PermissionService method hasEnoughPermissionsWithTicketRegistration.

public Pair<Boolean, Response> hasEnoughPermissionsWithTicketRegistration(UmaRPT p_rpt, List<ResourceSetPermission> p_rptPermissions, RsResourceType p_resourceType, List<RsScopeType> p_scopes) {
    final Pair<Boolean, Response> result = new Pair<Boolean, Response>(false, null);
    final ResourceSet resource = umaRsResourceService.getResource(p_resourceType);
    if (resource == null || StringUtils.isBlank(resource.getId())) {
        result.setFirst(false);
        result.setSecond(Response.status(Response.Status.INTERNAL_SERVER_ERROR).build());
        return result;
    }
    if (hasEnoughPermissions(p_rpt, p_rptPermissions, resource, p_scopes)) {
        result.setFirst(true);
        return result;
    } else {
        // If the RPT is valid but has insufficient authorization data for the type of access sought,
        // the resource server SHOULD register a requested permission with the authorization server
        // that would suffice for that scope of access (see Section 3.2),
        // and then respond with the HTTP 403 (Forbidden) status code,
        // along with providing the authorization server's URI in an "as_uri" property in the header,
        // and the permission ticket it just received from the AM in the body in a JSON-encoded "ticket" property.
        result.setFirst(false);
        final String ticket = registerPermission(p_rpt, resource, p_scopes);
        //                    log.debug("Register permissions on AM, permission ticket: " + ticket);
        final String entity = ServerUtil.asJsonSilently(new PermissionTicket(ticket));
        log.debug("Construct response: HTTP 403 (Forbidden), entity: " + entity);
        final Response response = Response.status(Response.Status.FORBIDDEN).header("host_id", appConfiguration.getIssuer()).header("as_uri", appConfiguration.getUmaConfigurationEndpoint()).header("error", "insufficient_scope").entity(entity).build();
        result.setSecond(response);
        return result;
    }
}
Also used : Response(javax.ws.rs.core.Response) PermissionTicket(org.xdi.oxauth.model.uma.PermissionTicket) ResourceSet(org.xdi.oxauth.model.uma.persistence.ResourceSet) Pair(org.xdi.util.Pair)

Example 2 with ResourceSet

use of org.xdi.oxauth.model.uma.persistence.ResourceSet in project oxAuth by GluuFederation.

the class RsResourceService method getResource.

public ResourceSet getResource(RsResourceType p_type) {
    final ResourceSet criteria = new ResourceSet();
    criteria.setDn(resourceSetService.getBaseDnForResourceSet());
    criteria.setName(p_type.getValue());
    final List<ResourceSet> ldapResourceSets = resourceSetService.findResourceSets(criteria);
    if (ldapResourceSets == null || ldapResourceSets.isEmpty()) {
        log.trace("No resource set for type: {}", p_type);
        return createResourceSet(p_type);
    } else {
        final int size = ldapResourceSets.size();
        final ResourceSet first = ldapResourceSets.get(0);
        if (size > 1) {
            // skip first element
            for (int i = 1; i < size; i++) {
                resourceSetService.remove(ldapResourceSets.get(i));
            }
        }
        return first;
    }
}
Also used : ResourceSet(org.xdi.oxauth.model.uma.persistence.ResourceSet)

Example 3 with ResourceSet

use of org.xdi.oxauth.model.uma.persistence.ResourceSet in project oxAuth by GluuFederation.

the class RsResourceService method createResourceSet.

private ResourceSet createResourceSet(RsResourceType p_type) {
    log.trace("Creating new internal resource set, type: {} ...", p_type);
    // Create resource set description branch if needed
    if (!resourceSetService.containsBranch()) {
        resourceSetService.addBranch();
    }
    final String rsid = String.valueOf(System.currentTimeMillis());
    final ResourceSet s = new ResourceSet();
    s.setId(rsid);
    s.setRev("1");
    s.setName(p_type.getValue());
    s.setDn(resourceSetService.getDnForResourceSet(rsid));
    s.setScopes(getScopeDns(p_type.getScopeTypes()));
    //            final Boolean addClient = appConfiguration.getUmaKeepClientDuringResourceSetRegistration();
    //            if (addClient != null ? addClient : true) {
    //                s.setClients(new ArrayList<String>(Arrays.asList(clientDn)));
    //            }
    resourceSetService.addResourceSet(s);
    log.trace("New internal resource set created, type: {}.", p_type);
    return s;
}
Also used : ResourceSet(org.xdi.oxauth.model.uma.persistence.ResourceSet)

Example 4 with ResourceSet

use of org.xdi.oxauth.model.uma.persistence.ResourceSet in project oxAuth by GluuFederation.

the class ResourceSetService method getResourceSetById.

public ResourceSet getResourceSetById(String id) {
    prepareResourceSetsBranch();
    ResourceSet ldapResourceSet = new ResourceSet();
    ldapResourceSet.setDn(getBaseDnForResourceSet());
    ldapResourceSet.setId(id);
    final List<ResourceSet> result = findResourceSets(ldapResourceSet);
    if (result.size() == 0) {
        log.error("Failed to find resource set with id: " + id);
        errorResponseFactory.throwUmaNotFoundException();
    } else if (result.size() > 1) {
        log.error("Multiple resource sets found with given id: " + id);
        errorResponseFactory.throwUmaInternalErrorException();
    }
    return result.get(0);
}
Also used : ResourceSet(org.xdi.oxauth.model.uma.persistence.ResourceSet)

Example 5 with ResourceSet

use of org.xdi.oxauth.model.uma.persistence.ResourceSet in project oxTrust by GluuFederation.

the class ResourceSetService method findResourceSets.

/**
	 * Search resource sets by pattern
	 * 
	 * @param pattern Pattern
	 * @param sizeLimit Maximum count of results
	 * @return List of resource sets
	 */
public List<ResourceSet> findResourceSets(String pattern, int sizeLimit) {
    String[] targetArray = new String[] { pattern };
    Filter oxIdFilter = Filter.createSubstringFilter("oxId", null, targetArray, null);
    Filter displayNameFilter = Filter.createSubstringFilter(OxTrustConstants.displayName, null, targetArray, null);
    Filter searchFilter = Filter.createORFilter(oxIdFilter, displayNameFilter);
    List<ResourceSet> result = ldapEntryManager.findEntries(getDnForResourceSet(null), ResourceSet.class, searchFilter, 0, sizeLimit);
    return result;
}
Also used : Filter(com.unboundid.ldap.sdk.Filter) ResourceSet(org.xdi.oxauth.model.uma.persistence.ResourceSet)

Aggregations

ResourceSet (org.xdi.oxauth.model.uma.persistence.ResourceSet)9 Filter (com.unboundid.ldap.sdk.Filter)1 WebApplicationException (javax.ws.rs.WebApplicationException)1 Response (javax.ws.rs.core.Response)1 EntryPersistenceException (org.gluu.site.ldap.persistence.exception.EntryPersistenceException)1 DisplayNameEntry (org.xdi.model.DisplayNameEntry)1 PermissionTicket (org.xdi.oxauth.model.uma.PermissionTicket)1 Pair (org.xdi.util.Pair)1