org.gluu.credmanager.core.OxdService 連携図

公開メンバ関数
void	inited ()

boolean	initialize ()

void	setSettings (OxdSettings config) throws Exception

void	setSettings (OxdSettings config, boolean triggerRegistration) throws Exception

OxdClientSettings	doRegister () throws Exception

void	removeSite (String oxdId)

String	getAuthzUrl (String acrValues) throws Exception

Pair< String, String >	getTokens (String code, String state) throws Exception

Map< String, List< String > >	getUserClaims (String accessToken) throws Exception

String	getLogoutUrl (String idTokenHint) throws Exception

boolean	updateSite (String postLogoutUri, Long expiration) throws Exception

boolean	extendSiteLifeTime ()

関数
private< T > T	restResponse (IParams params, String path, String token, Class< T > responseClass) throws Exception

非公開メンバ関数
String	getAuthzUrl (List< String > acrValues, String prompt) throws Exception

boolean	doUpdate (UpdateSiteParams cmdParams) throws Exception

String	getPAT () throws Exception

void	destroy ()

非公開変数類
Logger	logger

MainSettings	settings

LdapService	ldapService

int	consecutive = 0

OxdSettings	config

ResteasyClient	client

ObjectMapper	mapper

静的非公開変数類
static final String	LOGOUT_PAGE_URL = "bye.zul"

詳解

An app. scoped bean that encapsulates interactions with an oxd-server. Contains methods depicting the steps of the authorization code flow of OpenId Connect spec

著者: jgomer

関数詳解

◆ destroy()

void org.gluu.credmanager.core.OxdService.destroy ( )

inlineprivate

                            {
         if (client != null) {
             client.close();
         }
     }

◆ doRegister()

OxdClientSettings org.gluu.credmanager.core.OxdService.doRegister ( ) throws Exception

inline

                                                            {
 
         OxdClientSettings computedSettings;
         String clientName;
         logger.info("Setting oxd configs (host: {}, port: {}, https extension: {}, post logout: {})",
                 config.getHost(), config.getPort(), config.isUseHttpsExtension(), config.getPostLogoutUri());
 
         try {
             if (config.isUseHttpsExtension()) {
                 clientName = "cred-manager-extension-" + consecutive;
 
                 SetupClientParams cmdParams = new SetupClientParams();
                 cmdParams.setOpHost(config.getOpHost());
                 cmdParams.setAuthorizationRedirectUri(config.getRedirectUri());
                 cmdParams.setPostLogoutRedirectUri(config.getPostLogoutUri());
                 cmdParams.setAcrValues(config.getAcrValues());
                 cmdParams.setClientName(clientName);
 
                 //TODO: bug 3.1.1?
                 List<String> scopes = new ArrayList<>(Arrays.asList(UserService.OPEN_ID_SCOPES));
                 scopes.add("uma_protection");
                 cmdParams.setScope(scopes);
                 //END
 
                 cmdParams.setResponseTypes(Collections.singletonList("code"));
                 cmdParams.setTrustedClient(true);
                 //cmdParams.setGrantType(Collections.singletonList("authorization_code"));      //this is the default grant
 
                 SetupClientResponse setup = restResponse(cmdParams, "setup-client", null, SetupClientResponse.class);
                 computedSettings = new OxdClientSettings(clientName, setup.getOxdId(), setup.getClientId(), setup.getClientSecret());
             } else {
                 clientName = "cred-manager-" + consecutive;
 
                 RegisterSiteParams cmdParams = new RegisterSiteParams();
                 cmdParams.setOpHost(config.getOpHost());
                 cmdParams.setAuthorizationRedirectUri(config.getRedirectUri());
                 cmdParams.setPostLogoutRedirectUri(config.getPostLogoutUri());
                 cmdParams.setAcrValues(config.getAcrValues());
                 cmdParams.setClientName(clientName);
 
                 //These scopes should be set to default=true in LDAP (or using oxTrust). Otherwise the following will have no effect
                 cmdParams.setScope(Arrays.asList(UserService.OPEN_ID_SCOPES));
 
                 cmdParams.setResponseTypes(Collections.singletonList("code"));  //Use "token","id_token" for implicit flow
                 cmdParams.setTrustedClient(true);
                 //cmdParams.setGrantType(Collections.singletonList("authorization_code"));      //this is the default grant
 
                 CommandClient commandClient = null;
                 try {
                     commandClient = new CommandClient(config.getHost(), config.getPort());
                     Command command = new Command(CommandType.REGISTER_SITE).setParamsObject(cmdParams);
                     RegisterSiteResponse site = commandClient.send(command).dataAsResponse(RegisterSiteResponse.class);
                     computedSettings = new OxdClientSettings(clientName, site.getOxdId(), null, null);
                 } finally {
                     CommandClient.closeQuietly(commandClient);
                 }
             }
             consecutive++;
             logger.info("oxd client registered successfully, oxd-id={}", computedSettings.getOxdId());
         } catch (Exception e) {
             consecutive++;
             String msg = "Setting oxd-server configs failed";
             logger.error(msg, e);
             throw new Exception(msg, e);
         }
         return computedSettings;
 
     }

◆ doUpdate()

boolean org.gluu.credmanager.core.OxdService.doUpdate ( UpdateSiteParams cmdParams ) throws Exception

inlineprivate

                                                                           {
 
         UpdateSiteResponse resp = null;
         if (config.isUseHttpsExtension()) {
             resp = restResponse(cmdParams, "update-site", getPAT(), UpdateSiteResponse.class);
         } else {
             CommandClient commandClient = null;
             try {
                 commandClient = new CommandClient(config.getHost(), config.getPort());
                 Command command = new Command(CommandType.UPDATE_SITE).setParamsObject(cmdParams);
                 resp = commandClient.send(command).dataAsResponse(UpdateSiteResponse.class);
             } finally {
                 CommandClient.closeQuietly(commandClient);
             }
         }
         return resp != null;
 
     }

◆ extendSiteLifeTime()

boolean org.gluu.credmanager.core.OxdService.extendSiteLifeTime ( )

inline

                                         {
         /*
         //Extending the life time cannot take place because scopes are changed by those defaulted in Gluu Server
         //Unfortunately, the custom script that turns on the scopes is only run upon registration (not updates)
         //On the other hand, oxd site registration does not allow to set the expiration. To workaround it, the
         //associated client registration cust script is in charge of extending the lifetime
         GregorianCalendar cal=new GregorianCalendar();
         cal.add(Calendar.YEAR, 1);
 
         UpdateSiteParams cmdParams = new UpdateSiteParams();
         cmdParams.setOxdId(config.getClient().getOxdId());
         cmdParams.setClientSecretExpiresAt(new Date(cal.getTimeInMillis()));
 
         return doUpdate(cmdParams);
         */
         return true;
 
     }

◆ getAuthzUrl() [1/2]

String org.gluu.credmanager.core.OxdService.getAuthzUrl	(	List< String >	acrValues,
		String	prompt
	)		throws Exception

inlineprivate

Returns a string with an autorization URL to redirect an application (see OpenId connect "code" flow)

引数

acrValues	List of acr_values. See OpenId Connect core 1.0 (section 3.1.2.1)
prompt	See OpenId Connect core 1.0 (section 3.1.2.1)

戻り値: String consisting of an authentication request with desired parameters

例外

Exception

                                                                                        {
 
         GetAuthorizationUrlParams cmdParams = new GetAuthorizationUrlParams();
         cmdParams.setOxdId(config.getClient().getOxdId());
         cmdParams.setAcrValues(acrValues);
         cmdParams.setPrompt(prompt);
 
         GetAuthorizationUrlResponse resp;
         if (config.isUseHttpsExtension()) {
             resp = restResponse(cmdParams, "get-authorization-url", getPAT(), GetAuthorizationUrlResponse.class);
         } else {
             CommandClient commandClient = null;
             try {
                 commandClient = new CommandClient(config.getHost(), config.getPort());
                 Command command = new Command(CommandType.GET_AUTHORIZATION_URL).setParamsObject(cmdParams);
                 resp = commandClient.send(command).dataAsResponse(GetAuthorizationUrlResponse.class);
             } finally {
                 CommandClient.closeQuietly(commandClient);
             }
         }
         return resp.getAuthorizationUrl();
 
     }

◆ getAuthzUrl() [2/2]

String org.gluu.credmanager.core.OxdService.getAuthzUrl ( String acrValues ) throws Exception

inline

                                                                  {
         return getAuthzUrl(Collections.singletonList(acrValues), null);
     }

◆ getLogoutUrl()

String org.gluu.credmanager.core.OxdService.getLogoutUrl ( String idTokenHint ) throws Exception

inline

                                                                     {
 
         GetLogoutUrlParams cmdParams = new GetLogoutUrlParams();
         cmdParams.setOxdId(config.getClient().getOxdId());
         cmdParams.setPostLogoutRedirectUri(config.getPostLogoutUri());
         cmdParams.setIdTokenHint(idTokenHint);
 
         LogoutResponse resp;
         if (config.isUseHttpsExtension()) {
             resp = restResponse(cmdParams, "get-logout-uri", getPAT(), LogoutResponse.class);
         } else {
             CommandClient commandClient = null;
             try {
                 commandClient = new CommandClient(config.getHost(), config.getPort());
                 Command command = new Command(CommandType.GET_LOGOUT_URI).setParamsObject(cmdParams);
                 resp = commandClient.send(command).dataAsResponse(LogoutResponse.class);
             } finally {
                 CommandClient.closeQuietly(commandClient);
             }
         }
         return resp.getUri();
 
     }

◆ getPAT()

String org.gluu.credmanager.core.OxdService.getPAT ( ) throws Exception

inlineprivate

                                              {
 
         GetClientTokenParams cmdParams = new GetClientTokenParams();
         cmdParams.setOpHost(config.getOpHost());
         cmdParams.setClientId(config.getClient().getClientId());
         cmdParams.setClientSecret(config.getClient().getClientSecret());
         cmdParams.setScope(Arrays.asList(UserService.OPEN_ID_SCOPES));
 
         GetClientTokenResponse resp = restResponse(cmdParams, "get-client-token", null, GetClientTokenResponse.class);
         String token = resp.getAccessToken();
         logger.trace("getPAT. token={}", token);
 
         return token;
 
     }

◆ getTokens()

Pair<String, String> org.gluu.credmanager.core.OxdService.getTokens	(	String	code,
		String	state
	)		throws Exception

inline

                                                                                       {
 
         GetTokensByCodeParams cmdParams = new GetTokensByCodeParams();
         cmdParams.setOxdId(config.getClient().getOxdId());
         cmdParams.setCode(code);
         cmdParams.setState(state);
 
         GetTokensByCodeResponse resp;
         if (config.isUseHttpsExtension()) {
             resp = restResponse(cmdParams, "get-tokens-by-code", getPAT(), GetTokensByCodeResponse.class);
         } else {
             CommandClient commandClient = null;
             try {
                 commandClient = new CommandClient(config.getHost(), config.getPort());
                 Command command = new Command(CommandType.GET_TOKENS_BY_CODE).setParamsObject(cmdParams);
                 resp = commandClient.send(command).dataAsResponse(GetTokensByCodeResponse.class);
             } finally {
                 CommandClient.closeQuietly(commandClient);
             }
         }
         //validate accessToken with at_hash inside idToken: resp.getIdToken();
         return new Pair<>(resp.getAccessToken(), resp.getIdToken());
 
     }

◆ getUserClaims()

Map<String, List<String> > org.gluu.credmanager.core.OxdService.getUserClaims ( String accessToken ) throws Exception

inline

                                                                                         {
 
         GetUserInfoParams cmdParams = new GetUserInfoParams();
         cmdParams.setOxdId(config.getClient().getOxdId());
         cmdParams.setAccessToken(accessToken);
 
         GetUserInfoResponse resp;
         if (config.isUseHttpsExtension()) {
             resp = restResponse(cmdParams, "get-user-info", getPAT(), GetUserInfoResponse.class);
         } else {
             CommandClient commandClient = null;
             try {
                 commandClient = new CommandClient(config.getHost(), config.getPort());
                 Command command = new Command(CommandType.GET_USER_INFO).setParamsObject(cmdParams);
                 resp = commandClient.send(command).dataAsResponse(GetUserInfoResponse.class);
             } finally {
                 CommandClient.closeQuietly(commandClient);
             }
         }
         return resp.getClaims();
 
     }

◆ inited()

void org.gluu.credmanager.core.OxdService.inited ( )

inline

                          {
         mapper =  new ObjectMapper();
         client = new ResteasyClientBuilder().build();
     }

◆ initialize()

boolean org.gluu.credmanager.core.OxdService.initialize ( )

inline

                                 {
 
         boolean success = false;
 
         OxdSettings oxdConfig = settings.getOxdSettings();
         if (oxdConfig == null) {
             logger.error("No oxd configuration was provided");
         } else {
             String issuerUrl = ldapService.getIssuerUrl();
             String oxdHost = oxdConfig.getHost();
             String oxdRedirectUri = oxdConfig.getRedirectUri();
 
             if (oxdConfig.getPort() <= 0 || Utils.isEmpty(oxdHost) || Utils.isEmpty(oxdRedirectUri)) {
                 logger.error("Host, port, and URI for redirect must be present in configuration file");
             } else {
 
                 String tmp = oxdConfig.getPostLogoutUri();
                 if (Utils.isEmpty(tmp)) {   //Use default post logout if not in config settings
                     tmp = oxdRedirectUri;    //Remove trailing slash if any in redirect URI
                     tmp = tmp.endsWith("/") ? tmp.substring(0, tmp.length() - 1) : tmp;
                     oxdConfig.setPostLogoutUri(tmp + "/" + LOGOUT_PAGE_URL);
                 }
                 //TODO: bug 3.1.1?  https://github.com/GluuFederation/oxd/issues/124
                 oxdConfig.setOpHost(issuerUrl);
                 //END
                 oxdConfig.setAcrValues(Collections.singletonList(DEFAULT_ACR));
 
                 try {
                     if (ldapService.getDynamicClientExpirationTime() > 0) {
                         Optional<String> oxdIdOpt = Optional.ofNullable(oxdConfig.getClient()).map(OxdClientSettings::getOxdId);
                         if (oxdIdOpt.isPresent()) {
                             setSettings(oxdConfig);
 
                             if (!extendSiteLifeTime()) {
                                 logger.warn("An error occured while extending the lifetime of the associated oxd client.");
                                 logger.info("Attempting a new site registration");
                                 setSettings(oxdConfig, true);
                             }
                         } else {
                             //trigger registration
                             setSettings(oxdConfig, true);
 
                             if (!extendSiteLifeTime()) {
                                 logger.warn("An error occured while extending the lifetime of the associated oxd client.");
                             }
                         }
                         settings.save();
                         success = true;
 
                     } else {
                         logger.error("Dynamic registration of OpenId Connect clients must be enabled in the server. "
                                 + "Check expiration time is greater than zero");
                     }
                 } catch (Exception e) {
                     logger.warn("Users will not be able to login until a new sucessful attempt to refresh oxd-associated "
                             + "clients takes place. Restart the app to trigger the update immediately");
                 }
             }
         }
         return success;
 
     }

◆ removeSite()

void org.gluu.credmanager.core.OxdService.removeSite ( String oxdId )

inline

                                          {
 
         try {
             RemoveSiteParams cmdParams = new RemoveSiteParams(oxdId);
             RemoveSiteResponse resp;
 
             if (config.isUseHttpsExtension()) {
                 resp = restResponse(cmdParams, "remove-site", getPAT(), RemoveSiteResponse.class);
             } else {
                 CommandClient commandClient = null;
                 try {
                     commandClient = new CommandClient(config.getHost(), config.getPort());
                     Command command = new Command(CommandType.REMOVE_SITE).setParamsObject(cmdParams);
                     resp = commandClient.send(command).dataAsResponse(RemoveSiteResponse.class);
                 } finally {
                     CommandClient.closeQuietly(commandClient);
                 }
             }
             logger.info("Site removed {}", resp.getOxdId());
         } catch (Exception e) {
             logger.debug(e.getMessage(), e);
         }
 
     }

◆ restResponse()

private<T> T org.gluu.credmanager.core.OxdService.restResponse	(	IParams	params,
		String	path,
		String	token,
		Class< T >	responseClass
	)		throws Exception

inlinepackage

                                                                                                                    {
 
         String payload = mapper.writeValueAsString(params);
         logger.trace("Sending /{} request to oxd-https-extension with payload \n{}", path, payload);
 
         String authz = StringUtils.isEmpty(token) ? null : "Bearer " + token;
         ResteasyWebTarget target = client.target(String.format("https://%s:%s/%s", config.getHost(), config.getPort(), path));
         Response response = target.request().header("Authorization", authz).post(Entity.json(payload));
 
         CommandResponse cmdResponse = response.readEntity(CommandResponse.class);
         logger.trace("Response received was \n{}", cmdResponse == null ? null : cmdResponse.getData().toString());
 
         return cmdResponse.getStatus().equals(ResponseStatus.OK) ? mapper.convertValue(cmdResponse.getData(), responseClass) : null;
 
     }

◆ setSettings() [1/2]

void org.gluu.credmanager.core.OxdService.setSettings ( OxdSettings config ) throws Exception

inline

                                                                  {
         setSettings(config, false);
     }

◆ setSettings() [2/2]

void org.gluu.credmanager.core.OxdService.setSettings	(	OxdSettings	config,
		boolean	triggerRegistration
	)		throws Exception

inline

                                                                                               {
         this.config = config;
         if (triggerRegistration) {
             config.setClient(doRegister());
         }
     }

◆ updateSite()

boolean org.gluu.credmanager.core.OxdService.updateSite	(	String	postLogoutUri,
		Long	expiration
	)		throws Exception

inline

                                                                                       {
 
         UpdateSiteParams cmdParams = new UpdateSiteParams();
         cmdParams.setOxdId(config.getClient().getOxdId());
         if (postLogoutUri != null) {
             cmdParams.setPostLogoutRedirectUri(postLogoutUri);
         }
         if (expiration != null) {
             cmdParams.setClientSecretExpiresAt(new Date(expiration));
         }
         return doUpdate(cmdParams);
 
     }

メンバ詳解

◆ client

ResteasyClient org.gluu.credmanager.core.OxdService.client

private

◆ config

OxdSettings org.gluu.credmanager.core.OxdService.config

private

◆ consecutive

int org.gluu.credmanager.core.OxdService.consecutive = 0

private

◆ ldapService

LdapService org.gluu.credmanager.core.OxdService.ldapService

private

◆ logger

Logger org.gluu.credmanager.core.OxdService.logger

private

◆ LOGOUT_PAGE_URL

final String org.gluu.credmanager.core.OxdService.LOGOUT_PAGE_URL = "bye.zul"

staticprivate

◆ mapper

ObjectMapper org.gluu.credmanager.core.OxdService.mapper

private

◆ settings

MainSettings org.gluu.credmanager.core.OxdService.settings

private

このクラス詳解は次のファイルから抽出されました:

D:/AppData/OpenId/gluu/src/cred-manager/app/src/main/java/org/gluu/credmanager/core/OxdService.java

公開メンバ関数

関数

非公開メンバ関数

非公開変数類

静的非公開変数類

詳解

関数詳解

◆ destroy()

◆ doRegister()

◆ doUpdate()

◆ extendSiteLifeTime()

◆ getAuthzUrl() [1/2]

◆ getAuthzUrl() [2/2]

◆ getLogoutUrl()

◆ getPAT()

◆ getTokens()

◆ getUserClaims()

◆ inited()

◆ initialize()

◆ removeSite()

◆ restResponse()

◆ setSettings() [1/2]

◆ setSettings() [2/2]

◆ updateSite()

メンバ詳解

◆ client

◆ config

◆ consecutive

◆ ldapService

◆ logger

◆ LOGOUT_PAGE_URL

◆ mapper

◆ settings