Examples with Pair org.xdi.util.Pair used on opensource projects

Example 1 with Pair

use of org.xdi.util.Pair in project oxAuth by GluuFederation.

the class PermissionService method hasEnoughPermissionsWithTicketRegistration.

public Pair<Boolean, Response> hasEnoughPermissionsWithTicketRegistration(UmaRPT p_rpt, List<ResourceSetPermission> p_rptPermissions, RsResourceType p_resourceType, List<RsScopeType> p_scopes) {
    final Pair<Boolean, Response> result = new Pair<Boolean, Response>(false, null);
    final ResourceSet resource = umaRsResourceService.getResource(p_resourceType);
    if (resource == null || StringUtils.isBlank(resource.getId())) {
        result.setFirst(false);
        result.setSecond(Response.status(Response.Status.INTERNAL_SERVER_ERROR).build());
        return result;
    }
    if (hasEnoughPermissions(p_rpt, p_rptPermissions, resource, p_scopes)) {
        result.setFirst(true);
        return result;
    } else {
        // If the RPT is valid but has insufficient authorization data for the type of access sought,
        // the resource server SHOULD register a requested permission with the authorization server
        // that would suffice for that scope of access (see Section 3.2),
        // and then respond with the HTTP 403 (Forbidden) status code,
        // along with providing the authorization server's URI in an "as_uri" property in the header,
        // and the permission ticket it just received from the AM in the body in a JSON-encoded "ticket" property.
        result.setFirst(false);
        final String ticket = registerPermission(p_rpt, resource, p_scopes);
        //                    log.debug("Register permissions on AM, permission ticket: " + ticket);
        final String entity = ServerUtil.asJsonSilently(new PermissionTicket(ticket));
        log.debug("Construct response: HTTP 403 (Forbidden), entity: " + entity);
        final Response response = Response.status(Response.Status.FORBIDDEN).header("host_id", appConfiguration.getIssuer()).header("as_uri", appConfiguration.getUmaConfigurationEndpoint()).header("error", "insufficient_scope").entity(entity).build();
        result.setSecond(response);
        return result;
    }
}

Example 2 with Pair

use of org.xdi.util.Pair in project oxTrust by GluuFederation.

the class UmaPermissionService method validateRptToken.

public Pair<Boolean, Response> validateRptToken(Token patToken, String authorization, String resourceSetId, String scopeId) {
    if ((patToken == null) || (authorization == null) || !authorization.startsWith("Bearer ")) {
        return authenticationFailure;
    }
    String rptToken = authorization.substring(7);
    boolean isGat = rptToken.startsWith("gat_");
    RptIntrospectionResponse rptStatusResponse = getStatusResponse(patToken, rptToken);
    if ((rptStatusResponse == null) || !rptStatusResponse.getActive()) {
        log.error("Status response for RPT token: '{}' is invalid", rptToken);
        return authenticationFailure;
    }
    boolean rptHasPermissions = isRptHasPermissions(rptStatusResponse);
    if (rptHasPermissions) {
        for (UmaPermission umaPermission : rptStatusResponse.getPermissions()) {
            if ((umaPermission.getScopes() != null) && umaPermission.getScopes().contains(scopeId) && (isGat || StringHelper.equals(resourceSetId, umaPermission.getResourceSetId()))) {
                return authenticationSuccess;
            }
        }
        log.error("Status response for RPT token: '{}' not contains right permission", rptToken);
        return authenticationFailure;
    }
    // If the RPT is valid but has insufficient authorization data for the type of access sought,
    // the resource server SHOULD register a requested permission with the authorization server
    // that would suffice for that scope of access (see Section 3.2),
    // and then respond with the HTTP 403 (Forbidden) status code,
    // along with providing the authorization server's URI in an "as_uri" property in the header,
    // and the permission ticket it just received from the AM in the body in a JSON-encoded "ticket" property.
    final String ticket = registerUmaPermissions(patToken, resourceSetId, scopeId);
    if (StringHelper.isEmpty(ticket)) {
        return authenticationFailure;
    }
    Response registerUmaPermissionsResponse = prepareRegisterUmaPermissionsResponse(patToken, resourceSetId, scopeId);
    if (registerUmaPermissionsResponse == null) {
        return authenticationFailure;
    }
    return new Pair<Boolean, Response>(true, registerUmaPermissionsResponse);
}

Example 3 with Pair

use of org.xdi.util.Pair in project oxTrust by GluuFederation.

the class UmaPermissionService method validateRptToken.

public Pair<Boolean, Response> validateRptToken(Token patToken, String authorization, String resourceId, List<String> scopeIds) {
    if (StringHelper.isNotEmpty(authorization) && authorization.startsWith("Bearer ")) {
        String rptToken = authorization.substring(7);
        RptIntrospectionResponse rptStatusResponse = getStatusResponse(patToken, rptToken);
        if ((rptStatusResponse == null) || !rptStatusResponse.getActive()) {
            log.error("Status response for RPT token: '{}' is invalid", rptToken);
        // return authenticationFailure;
        } else {
            boolean rptHasPermissions = isRptHasPermissions(rptStatusResponse);
            if (rptHasPermissions) {
                // Collect all scopes
                List<String> returnScopeIds = new LinkedList<String>();
                for (UmaPermission umaPermission : rptStatusResponse.getPermissions()) {
                    if (umaPermission.getScopes() != null) {
                        returnScopeIds.addAll(umaPermission.getScopes());
                    }
                }
                if (returnScopeIds.containsAll(scopeIds)) {
                    return authenticationSuccess;
                }
                log.error("Status response for RPT token: '{}' not contains right permissions", rptToken);
            }
        }
    }
    Response registerPermissionsResponse = prepareRegisterPermissionsResponse(patToken, resourceId, scopeIds);
    if (registerPermissionsResponse == null) {
        return authenticationFailure;
    }
    return new Pair<Boolean, Response>(true, registerPermissionsResponse);
}

Example 4 with Pair

use of org.xdi.util.Pair in project oxTrust by GluuFederation.

the class SearchResourcesWebService method computeResults.

/**
 * Here we reuse every single POST search found in other web services, but handle serialization differently to a more
 * manual approach for performance reasons. In the end, this saves us 3 deserializations and 3 serializations of
 * multiple results packs.
 * Result set as a whole will not be sorted by sortBy param but every group of resources (by resource type) will be
 * sorted as such
 * @param searchRequest
 * @param resources
 * @return
 */
private Pair<Integer, Integer> computeResults(SearchRequest searchRequest, List<JsonNode> resources) throws Exception {
    int i;
    int totalInPage = 0, totalResults = 0, skip = 0;
    boolean resultsAvailable = false;
    Integer startIndex_ = searchRequest.getStartIndex();
    JsonNode tree = null;
    // Move forward to skip the searches that might have no results and find the first one starting at index = searchRequest.getStartIndex()
    for (i = 0; i < NUM_RESOURCE_TYPES && !resultsAvailable; i++) {
        tree = getListResponseTree(i, searchRequest);
        if (tree != null) {
            totalResults += tree.get("totalResults").asInt();
            if (totalResults > 0) {
                if (totalResults >= startIndex_) {
                    // when null, it means searchRequest.getCount() was zero or empty page
                    resultsAvailable = tree.get("itemsPerPage") != null;
                    if (searchRequest.getStartIndex() == 1)
                        skip = startIndex_ - (totalResults - tree.get("totalResults").asInt()) - 1;
                }
                // Adjust startindex of subsequent searches to 1
                searchRequest.setStartIndex(1);
            }
        }
    }
    if (resultsAvailable) {
        // Accumulate till we have searchRequest.getCount() results or exhaust data
        Iterator<JsonNode> iterator = tree.get("Resources").getElements();
        while (iterator.hasNext() && totalInPage < searchRequest.getCount()) {
            if (skip == 0) {
                totalInPage++;
                resources.add(iterator.next());
            } else {
                skip--;
                iterator.next();
            }
        }
        while (i < NUM_RESOURCE_TYPES && totalInPage < searchRequest.getCount()) {
            resultsAvailable = false;
            tree = getListResponseTree(i, searchRequest);
            if (tree != null) {
                totalResults += tree.get("totalResults").asInt();
                if (tree.get("totalResults").asInt() > 0)
                    resultsAvailable = tree.get("itemsPerPage") != null;
            }
            if (resultsAvailable) {
                for (iterator = tree.get("Resources").getElements(); iterator.hasNext() && totalInPage < searchRequest.getCount(); totalInPage++) resources.add(iterator.next());
            }
            i++;
        }
        // Continue the remainder of searches to just compute final value for totalResults
        while (i < NUM_RESOURCE_TYPES) {
            tree = getListResponseTree(i, searchRequest);
            if (tree != null)
                totalResults += tree.get("totalResults").asInt();
            i++;
        }
    }
    // Revert startIndex to original
    searchRequest.setStartIndex(startIndex_);
    return new Pair<Integer, Integer>(totalInPage, totalResults);
}

Example 5 with Pair

use of org.xdi.util.Pair in project oxTrust by GluuFederation.

the class CacheRefreshTimer method removeTargetEntries.

private Pair<List<String>, List<String>> removeTargetEntries(LdapServerConnection inumDbServerConnection, LdapEntryManager targetLdapEntryManager, List<GluuSimplePerson> removedPersons, HashMap<String, GluuInumMap> inumInumMap) {
    String runDate = ldapEntryManager.encodeGeneralizedTime(new Date(this.lastFinishedTime));
    LdapEntryManager inumDbLdapEntryManager = inumDbServerConnection.getLdapEntryManager();
    List<String> result1 = new ArrayList<String>();
    List<String> result2 = new ArrayList<String>();
    for (GluuSimplePerson removedPerson : removedPersons) {
        String inum = removedPerson.getAttribute(OxTrustConstants.inum);
        // Update GluuInumMap if it exist
        GluuInumMap currentInumMap = inumInumMap.get(inum);
        if (currentInumMap == null) {
            log.warn("Can't find inum entry of person with DN: {}", removedPerson.getDn());
        } else {
            GluuInumMap removedInumMap = getMarkInumMapEntryAsRemoved(currentInumMap, runDate);
            try {
                inumDbLdapEntryManager.merge(removedInumMap);
                result2.add(removedInumMap.getInum());
            } catch (BaseMappingException ex) {
                log.error("Failed to update entry with inum '{}' and DN: {}", currentInumMap.getInum(), currentInumMap.getDn(), ex);
                continue;
            }
        }
        // Remove person from target server
        try {
            targetLdapEntryManager.removeRecursively(removedPerson.getDn());
            result1.add(inum);
        } catch (BaseMappingException ex) {
            log.error("Failed to remove person entry with inum '{}' and DN: {}", inum, removedPerson.getDn(), ex);
            continue;
        }
        log.debug("Person with DN: '{}' removed from target server", removedPerson.getDn());
    }
    return new Pair<List<String>, List<String>>(result1, result2);
}