Examples with ResourceSetPermission org.xdi.oxauth.model.uma.persistence.ResourceSetPermission used on opensource projects

Example 1 with ResourceSetPermission

use of org.xdi.oxauth.model.uma.persistence.ResourceSetPermission in project oxAuth by GluuFederation.

the class RptPermissionAuthorizationWS method authorizeRptPermission.

private UmaRPT authorizeRptPermission(String authorization, RptAuthorizationRequest rptAuthorizationRequest, HttpServletRequest httpRequest, AuthorizationGrant grant, String amHost) {
    UmaRPT rpt;
    if (Util.isNullOrEmpty(rptAuthorizationRequest.getRpt())) {
        rpt = rptManager.createRPT(authorization, amHost, false);
    } else {
        rpt = rptManager.getRPTByCode(rptAuthorizationRequest.getRpt());
    }
    // Validate RPT
    try {
        umaValidationService.validateRPT(rpt);
    } catch (WebApplicationException e) {
        // according to latest UMA spec ( dated 2015-02-23 https://docs.kantarainitiative.org/uma/draft-uma-core.html)
        // it's up to implementation whether to create new RPT for each request or pass back requests RPT.
        // Here we decided to pass back new RPT if request's RPT in invalid.
        rpt = rptManager.getRPTByCode(rptAuthorizationRequest.getRpt());
    }
    final ResourceSetPermission resourceSetPermission = resourceSetPermissionManager.getResourceSetPermissionByTicket(rptAuthorizationRequest.getTicket());
    // Validate resource set permission
    umaValidationService.validateResourceSetPermission(resourceSetPermission);
    // Add permission to RPT
    if (umaAuthorizationService.allowToAddPermission(grant, rpt, resourceSetPermission, httpRequest, rptAuthorizationRequest.getClaims())) {
        rptManager.addPermissionToRPT(rpt, resourceSetPermission);
        invalidateTicket(resourceSetPermission);
        return rpt;
    }
    // throw not authorized exception
    throw new WebApplicationException(Response.status(Response.Status.FORBIDDEN).entity(errorResponseFactory.getUmaJsonErrorResponse(UmaErrorResponseType.NOT_AUTHORIZED_PERMISSION)).build());
}

Example 2 with ResourceSetPermission

use of org.xdi.oxauth.model.uma.persistence.ResourceSetPermission in project oxAuth by GluuFederation.

the class PermissionService method registerPermission.

private String registerPermission(UmaRPT p_rpt, ResourceSet p_resource, List<RsScopeType> p_scopes) {
    final Date expirationDate = rptExpirationDate();
    final UmaPermission r = new UmaPermission();
    r.setResourceSetId(p_resource.getId());
    r.setExpiresAt(expirationDate);
    final String host = appConfiguration.getIssuer();
    final ResourceSetPermission permission = resourceSetPermissionManager.createResourceSetPermission(host, r, expirationDate);
    // IMPORTANT : set scope dns before persistence
    permission.setScopeDns(umaRsResourceService.getScopeDns(p_scopes));
    final Client client = clientService.getClient(p_rpt.getClientId());
    resourceSetPermissionManager.addResourceSetPermission(permission, client.getDn());
    return permission.getTicket();
}

Example 3 with ResourceSetPermission

use of org.xdi.oxauth.model.uma.persistence.ResourceSetPermission in project oxAuth by GluuFederation.

the class ResourceSetPermissionManager method getResourceSetPermissionByTicket.

@Override
public ResourceSetPermission getResourceSetPermissionByTicket(String p_ticket) {
    try {
        final String baseDn = staticConfiguration.getBaseDn().getClients();
        final Filter filter = Filter.create(String.format("&(oxTicket=%s)", p_ticket));
        final List<ResourceSetPermission> entries = ldapEntryManager.findEntries(baseDn, ResourceSetPermission.class, filter);
        if (entries != null && !entries.isEmpty()) {
            return entries.get(0);
        }
    } catch (Exception e) {
        log.trace(e.getMessage(), e);
    }
    return null;
}

Example 4 with ResourceSetPermission

use of org.xdi.oxauth.model.uma.persistence.ResourceSetPermission in project oxAuth by GluuFederation.

the class ResourceSetPermissionManager method cleanupResourceSetPermissions.

@Override
public void cleanupResourceSetPermissions(final Date now) {
    BatchOperation<ResourceSetPermission> resourceSetPermissionBatchService = new BatchOperation<ResourceSetPermission>(ldapEntryManager) {

        @Override
        protected List<ResourceSetPermission> getChunkOrNull(int chunkSize) {
            return ldapEntryManager.findEntries(staticConfiguration.getBaseDn().getClients(), ResourceSetPermission.class, getFilter(), SearchScope.SUB, null, this, 0, chunkSize, chunkSize);
        }

        @Override
        protected void performAction(List<ResourceSetPermission> entries) {
            for (ResourceSetPermission p : entries) {
                try {
                    ldapEntryManager.remove(p);
                } catch (Exception e) {
                    log.error("Failed to remove entry", e);
                }
            }
        }

        private Filter getFilter() {
            try {
                return Filter.create(String.format("(oxAuthExpiration<=%s)", StaticUtils.encodeGeneralizedTime(now)));
            } catch (LDAPException e) {
                log.trace(e.getMessage(), e);
                return Filter.createPresenceFilter("oxAuthExpiration");
            }
        }
    };
    resourceSetPermissionBatchService.iterateAllByChunks(CleanerTimer.BATCH_SIZE);
}

Example 5 with ResourceSetPermission

use of org.xdi.oxauth.model.uma.persistence.ResourceSetPermission in project oxAuth by GluuFederation.

the class PermissionRegistrationWS method registerResourceSetPermission.

@POST
@Consumes({ UmaConstants.JSON_MEDIA_TYPE })
@Produces({ UmaConstants.JSON_MEDIA_TYPE })
@ApiOperation(value = "Registers permission using the POST method", consumes = UmaConstants.JSON_MEDIA_TYPE, produces = UmaConstants.JSON_MEDIA_TYPE, notes = "The resource server uses the POST method at the endpoint. The body of the HTTP request message contains a JSON object providing the requested permission, using a format derived from the scope description format specified in [OAuth-resource-reg], as follows. The object has the following properties:")
@ApiResponses(value = { @ApiResponse(code = 401, message = "Unauthorized"), @ApiResponse(code = 400, message = "Bad Request") })
public Response registerResourceSetPermission(@Context HttpServletRequest request, @HeaderParam("Authorization") String authorization, @HeaderParam("Host") String amHost, @ApiParam(value = "The identifier for a resource set to which this client is seeking access. The identifier MUST correspond to a resource set that was previously registered.", required = true) UmaPermission resourceSetPermissionRequest) {
    try {
        umaValidationService.assertHasProtectionScope(authorization);
        String validatedAmHost = umaValidationService.validateAmHost(amHost);
        umaValidationService.validateResourceSet(resourceSetPermissionRequest);
        final ResourceSetPermission resourceSetPermissions = resourceSetPermissionManager.createResourceSetPermission(validatedAmHost, resourceSetPermissionRequest, umaRsPermissionService.rptExpirationDate());
        resourceSetPermissionManager.addResourceSetPermission(resourceSetPermissions, tokenService.getClientDn(authorization));
        return Response.status(Response.Status.CREATED).entity(new PermissionTicket(resourceSetPermissions.getTicket())).build();
    } catch (Exception ex) {
        if (ex instanceof WebApplicationException) {
            throw (WebApplicationException) ex;
        }
        log.error("Exception happened", ex);
        throw new WebApplicationException(Response.status(Response.Status.INTERNAL_SERVER_ERROR).entity(errorResponseFactory.getUmaJsonErrorResponse(UmaErrorResponseType.SERVER_ERROR)).build());
    }
}