org.xdi.oxd.server.service.UmaTokenService 連携図

公開メンバ関数
	UmaTokenService (RpService rpService, ValidationService validationService, DiscoveryService discoveryService, HttpService httpService, OxdServerConfiguration configuration, StateService stateService)

RpGetRptResponse	getRpt (RpGetRptParams params) throws UnsupportedEncodingException

Pat	getPat (String oxdId)

Pat	obtainPat (String oxdId)

boolean	useClientAuthentication (UmaScopeType scopeType)

非公開メンバ関数
UmaToken	obtainToken (String oxdId, UmaScopeType scopeType, Rp site)

UmaToken	obtainTokenWithClientCredentials (OpenIdConfigurationResponse discovery, Rp site, UmaScopeType scopeType)

List< String >	scopes (UmaScopeType scopeType)

String	scopesAsString (UmaScopeType scopeType)

UmaToken	obtainTokenWithUserCredentials (OpenIdConfigurationResponse discovery, Rp site, UmaScopeType scopeType)

非公開変数類
final RpService	rpService

final ValidationService	validationService

final DiscoveryService	discoveryService

final HttpService	httpService

final OxdServerConfiguration	configuration

final StateService	stateService

静的非公開変数類
static final Logger	LOG = LoggerFactory.getLogger(UmaTokenService.class)

詳解

著者: Yuriy Zabrovarnyy

構築子と解体子

◆ UmaTokenService()

org.xdi.oxd.server.service.UmaTokenService.UmaTokenService	(	RpService	rpService,
		ValidationService	validationService,
		DiscoveryService	discoveryService,
		HttpService	httpService,
		OxdServerConfiguration	configuration,
		StateService	stateService
	)

inline

       {
         this.rpService = rpService;
         this.validationService = validationService;
         this.discoveryService = discoveryService;
         this.httpService = httpService;
         this.configuration = configuration;
         this.stateService = stateService;
     }

関数詳解

◆ getPat()

Pat org.xdi.oxd.server.service.UmaTokenService.getPat ( String oxdId )

inline

                                     {
         validationService.notBlankOxdId(oxdId);
 
         Rp site = rpService.getRp(oxdId);
 
         if (site.getPat() != null && site.getPatCreatedAt() != null && site.getPatExpiresIn() > 0) {
             Calendar expiredAt = Calendar.getInstance();
             expiredAt.setTime(site.getPatCreatedAt());
             expiredAt.add(Calendar.SECOND, site.getPatExpiresIn());
 
             if (!CoreUtils.isExpired(expiredAt.getTime())) {
                 LOG.debug("PAT from site configuration, PAT: " + site.getPat());
                 return new Pat(site.getPat(), "", site.getPatExpiresIn());
             }
         }
 
         return obtainPat(oxdId);
     }

◆ getRpt()

RpGetRptResponse org.xdi.oxd.server.service.UmaTokenService.getRpt ( RpGetRptParams params ) throws UnsupportedEncodingException

inline

                                                                                               {
         Rp rp = rpService.getRp(params.getOxdId());
         UmaMetadata discovery = discoveryService.getUmaDiscoveryByOxdId(params.getOxdId());
 
         if (!Strings.isNullOrEmpty(rp.getRpt()) && rp.getRptExpiresAt() != null) {
             if (!CoreUtils.isExpired(rp.getRptExpiresAt())) {
                 LOG.debug("RPT from rp, RPT: " + rp.getRpt() + ", rp: " + rp);
 
                 RpGetRptResponse result = new RpGetRptResponse();
                 result.setRpt(rp.getRpt());
                 result.setTokenType(rp.getRptTokenType());
                 result.setPct(rp.getRptPct());
                 result.setUpdated(rp.getRptUpgraded());
                 return result;
             }
         }
 
         final org.xdi.oxauth.client.uma.UmaTokenService tokenService = UmaClientFactory.instance().createTokenService(discovery, httpService.getClientExecutor());
         final UmaTokenResponse tokenResponse = tokenService.requestRpt(
                 "Basic " + Utils.encodeCredentials(rp.getClientId(), rp.getClientSecret()),
                 GrantType.OXAUTH_UMA_TICKET.getValue(),
                 params.getTicket(),
                 params.getClaimToken(),
                 params.getClaimTokenFormat(),
                 params.getPct(),
                 params.getRpt(),
                 params.getScope() != null ? Utils.joinAndUrlEncode(params.getScope()) : null
         );
 
         if (tokenResponse != null && StringUtils.isNotBlank(tokenResponse.getAccessToken())) {
             final IntrospectionService introspectionService = ServerLauncher.getInjector().getInstance(IntrospectionService.class);
             CorrectRptIntrospectionResponse status = introspectionService.introspectRpt(params.getOxdId(), tokenResponse.getAccessToken());
 
             LOG.debug("RPT " + tokenResponse.getAccessToken() + ", status: " + status);
             if (status.getActive()) {
                 LOG.debug("RPT is successfully obtained from AS. RPT: {}", tokenResponse.getAccessToken());
 
                 rp.setRpt(tokenResponse.getAccessToken());
                 rp.setRptTokenType(tokenResponse.getTokenType());
                 rp.setRptPct(tokenResponse.getPct());
                 rp.setRptUpgraded(tokenResponse.getUpgraded());
                 rp.setRptCreatedAt(new Date(status.getIssuedAt() * 1000));
                 rp.setRptExpiresAt(new Date(status.getExpiresAt() * 1000));
                 rpService.updateSilently(rp);
 
                 RpGetRptResponse result = new RpGetRptResponse();
                 result.setRpt(rp.getRpt());
                 result.setTokenType(rp.getRptTokenType());
                 result.setPct(rp.getRptPct());
                 result.setUpdated(rp.getRptUpgraded());
                 return result;
             }
         }
 
         LOG.error("Failed to get RPT for rp: " + rp);
         throw new ErrorResponseException(ErrorResponseCode.FAILED_TO_GET_RPT);
     }

◆ obtainPat()

Pat org.xdi.oxd.server.service.UmaTokenService.obtainPat ( String oxdId )

inline

                                        {
         Rp site = rpService.getRp(oxdId);
         UmaToken token = obtainToken(oxdId, UmaScopeType.PROTECTION, site);
 
         site.setPat(token.getToken());
         site.setPatCreatedAt(new Date());
         site.setPatExpiresIn(token.getExpiresIn());
         site.setPatRefreshToken(token.getRefreshToken());
 
         rpService.updateSilently(site);
 
         return (Pat) token;
     }

◆ obtainToken()

UmaToken org.xdi.oxd.server.service.UmaTokenService.obtainToken	(	String	oxdId,
		UmaScopeType	scopeType,
		Rp	site
	)

inlineprivate

                                                                                 {
 
         OpenIdConfigurationResponse discovery = discoveryService.getConnectDiscoveryResponseByOxdId(oxdId);
 
         final UmaToken token;
         if (useClientAuthentication(scopeType)) {
             token = obtainTokenWithClientCredentials(discovery, site, scopeType);
             LOG.trace("Obtained token with client authentication: " + token);
         } else {
             token = obtainTokenWithUserCredentials(discovery, site, scopeType);
             LOG.trace("Obtained token with user credentials: " + token);
         }
 
         return token;
     }

◆ obtainTokenWithClientCredentials()

UmaToken org.xdi.oxd.server.service.UmaTokenService.obtainTokenWithClientCredentials	(	OpenIdConfigurationResponse	discovery,
		Rp	site,
		UmaScopeType	scopeType
	)

inlineprivate

                                                                                                                               {
         final TokenClient tokenClient = new TokenClient(discovery.getTokenEndpoint());
         tokenClient.setExecutor(httpService.getClientExecutor());
         final TokenResponse response = tokenClient.execClientCredentialsGrant(scopesAsString(scopeType), site.getClientId(), site.getClientSecret());
         if (response != null) {
             if (Util.allNotBlank(response.getAccessToken())) {
                 if (!response.getScope().contains(scopeType.getValue())) {
                     LOG.error("oxd requested scope " + scopeType + " but AS returned access_token without that scope, token scopes :" + response.getScope());
                     LOG.error("Please check AS(oxauth) configuration and make sure UMA scope (uma_protection) is enabled.");
                     throw new RuntimeException("oxd requested scope " + scopeType + " but AS returned access_token without that scope, token scopes :" + response.getScope());
                 }
 
                 final UmaToken opResponse = UmaTokenFactory.newToken(scopeType);
                 opResponse.setToken(response.getAccessToken());
                 opResponse.setRefreshToken(response.getRefreshToken());
                 opResponse.setExpiresIn(response.getExpiresIn());
                 return opResponse;
             } else {
                 LOG.error("Token is blank in response, site: " + site);
             }
         } else {
             LOG.error("No response from TokenClient");
         }
         throw new RuntimeException("Failed to obtain PAT.");
     }

◆ obtainTokenWithUserCredentials()

UmaToken org.xdi.oxd.server.service.UmaTokenService.obtainTokenWithUserCredentials	(	OpenIdConfigurationResponse	discovery,
		Rp	site,
		UmaScopeType	scopeType
	)

inlineprivate

                                                                                                                             {
 
         // 1. Request authorization and receive the authorization code.
         final List<ResponseType> responseTypes = Lists.newArrayList();
         responseTypes.add(ResponseType.CODE);
         responseTypes.add(ResponseType.ID_TOKEN);
 
         final String state = stateService.generateState();
 
         final AuthorizationRequest request = new AuthorizationRequest(responseTypes, site.getClientId(), scopes(scopeType), site.getAuthorizationRedirectUri(), null);
         request.setState(state);
         request.setAuthUsername(site.getUserId());
         request.setAuthPassword(site.getUserSecret());
         request.getPrompts().add(Prompt.NONE);
 
         final AuthorizeClient authorizeClient = new AuthorizeClient(discovery.getAuthorizationEndpoint());
         authorizeClient.setExecutor(httpService.getClientExecutor());
         authorizeClient.setRequest(request);
         final AuthorizationResponse response1 = authorizeClient.exec();
 
         ClientUtils.showClient(authorizeClient);
 
         final String scope = response1.getScope();
         final String authorizationCode = response1.getCode();
         if (!state.equals(response1.getState())) {
             throw new ErrorResponseException(ErrorResponseCode.INVALID_STATE);
         }
 
         if (Util.allNotBlank(authorizationCode)) {
 
             // 2. Request access token using the authorization code.
             final TokenRequest tokenRequest = new TokenRequest(GrantType.AUTHORIZATION_CODE);
             tokenRequest.setCode(authorizationCode);
             tokenRequest.setRedirectUri(site.getAuthorizationRedirectUri());
             tokenRequest.setAuthUsername(site.getClientId());
             tokenRequest.setAuthPassword(site.getClientSecret());
             tokenRequest.setAuthenticationMethod(AuthenticationMethod.CLIENT_SECRET_BASIC);
             tokenRequest.setScope(scope);
 
             final TokenClient tokenClient1 = new TokenClient(discovery.getTokenEndpoint());
             tokenClient1.setRequest(tokenRequest);
             tokenClient1.setExecutor(httpService.getClientExecutor());
             final TokenResponse response2 = tokenClient1.exec();
             ClientUtils.showClient(authorizeClient);
 
             if (response2.getStatus() == 200 && Util.allNotBlank(response2.getAccessToken())) {
                 final UmaToken token = UmaTokenFactory.newToken(scopeType);
                 token.setToken(response2.getAccessToken());
                 token.setRefreshToken(response2.getRefreshToken());
                 token.setExpiresIn(response2.getExpiresIn());
                 return token;
             } else {
                 LOG.error("Status: " + response2.getStatus() + ", Entity: " + response2.getEntity());
             }
         } else {
             LOG.debug("Authorization code is blank.");
         }
         throw new RuntimeException("Failed to obtain Token, scopeType: " + scopeType + ", site: " + site);
     }

◆ scopes()

List<String> org.xdi.oxd.server.service.UmaTokenService.scopes ( UmaScopeType scopeType )

inlineprivate

                                                         {
         final List<String> scopes = new ArrayList<String>();
         scopes.add(scopeType.getValue());
         scopes.add("openid");
         return scopes;
     }

◆ scopesAsString()

String org.xdi.oxd.server.service.UmaTokenService.scopesAsString ( UmaScopeType scopeType )

inlineprivate

                                                           {
         String scopesAsString = "";
         for (String scope : scopes(scopeType)) {
             scopesAsString += scope + " ";
         }
         return scopesAsString.trim();
     }

◆ useClientAuthentication()

boolean org.xdi.oxd.server.service.UmaTokenService.useClientAuthentication ( UmaScopeType scopeType )

inline

                                                                    {
         if (scopeType == UmaScopeType.PROTECTION) {
             return configuration.getUseClientAuthenticationForPat() != null && configuration.getUseClientAuthenticationForPat();
         } else {
             throw new RuntimeException("Unknown UMA scope type: " + scopeType);
         }
     }

メンバ詳解

◆ configuration

final OxdServerConfiguration org.xdi.oxd.server.service.UmaTokenService.configuration

private

◆ discoveryService

final DiscoveryService org.xdi.oxd.server.service.UmaTokenService.discoveryService

private

◆ httpService

final HttpService org.xdi.oxd.server.service.UmaTokenService.httpService

private

◆ LOG

final Logger org.xdi.oxd.server.service.UmaTokenService.LOG = LoggerFactory.getLogger(UmaTokenService.class)

staticprivate

◆ rpService

final RpService org.xdi.oxd.server.service.UmaTokenService.rpService

private

◆ stateService

final StateService org.xdi.oxd.server.service.UmaTokenService.stateService

private

◆ validationService

final ValidationService org.xdi.oxd.server.service.UmaTokenService.validationService

private

このクラス詳解は次のファイルから抽出されました:

D:/AppData/OpenId/gluu/src/oxd/oxd-server/src/main/java/org/xdi/oxd/server/service/UmaTokenService.java

公開メンバ関数

非公開メンバ関数

非公開変数類

静的非公開変数類

詳解

構築子と解体子

◆ UmaTokenService()

関数詳解

◆ getPat()

◆ getRpt()

◆ obtainPat()

◆ obtainToken()

◆ obtainTokenWithClientCredentials()

◆ obtainTokenWithUserCredentials()

◆ scopes()

◆ scopesAsString()

◆ useClientAuthentication()

メンバ詳解

◆ configuration

◆ discoveryService

◆ httpService

◆ LOG

◆ rpService

◆ stateService

◆ validationService