org.gluu.oxtrust.service.uma.ApiUmaProtectionService の継承関係図

org.gluu.oxtrust.service.uma.ApiUmaProtectionService 連携図

公開メンバ関数
String	getUmaResourceId ()

String	getUmaScope ()

boolean	isEnabled ()

Response	processAuthorization (HttpHeaders headers, ResourceInfo resourceInfo)

Token	getPatToken () throws UmaProtectionException

boolean	isExistPatToken ()

List< String >	getRequestedScopes (ResourceInfo resourceInfo)

限定公開メンバ関数
String	getClientId ()

String	getClientKeyStorePassword ()

String	getClientKeyStoreFile ()

String	getClientKeyId ()

boolean	isEnabledUmaAuthentication ()

long	computeAccessTokenExpirationTime (Integer expiresIn)

Response	getErrorResponse (Response.Status status, String detail)

限定公開変数類
UmaPermissionService	umaPermissionService

関数
Response	processUmaAuthorization (String authorization, ResourceInfo resourceInfo) throws Exception

非公開メンバ関数
Response	processTestModeAuthorization (String token) throws Exception

非公開変数類
Logger	log

AppConfiguration	appConfiguration

OpenIdService	openIdService

静的非公開変数類
static final long	serialVersionUID = 362749692619005003L

詳解

Provides service to protect APIs Rest service endpoints with UMA scope.

著者: Dmitry Ognyannikov

関数詳解

◆ computeAccessTokenExpirationTime()

long org.gluu.oxtrust.service.uma.BaseUmaProtectionService.computeAccessTokenExpirationTime ( Integer expiresIn )

inlineprotectedinherited

                                                                            {
                 // Compute "accessToken" expiration timestamp
                 Calendar calendar = Calendar.getInstance();
                 if (expiresIn != null) {
                         calendar.add(Calendar.SECOND, expiresIn);
                         calendar.add(Calendar.SECOND, -10); // Subtract 10 seconds to avoid expirations during executing request
                 }
 
                 return calendar.getTimeInMillis();
         }

◆ getClientId()

String org.gluu.oxtrust.service.uma.ApiUmaProtectionService.getClientId ( )

inlineprotected

                                    {
         return appConfiguration.getApiUmaClientId();
     }

◆ getClientKeyId()

String org.gluu.oxtrust.service.uma.ApiUmaProtectionService.getClientKeyId ( )

inlineprotected

                                       {
         return appConfiguration.getApiUmaClientKeyId();
     }

◆ getClientKeyStoreFile()

String org.gluu.oxtrust.service.uma.ApiUmaProtectionService.getClientKeyStoreFile ( )

inlineprotected

                                              {
         return appConfiguration.getApiUmaClientKeyStoreFile();
     }

◆ getClientKeyStorePassword()

String org.gluu.oxtrust.service.uma.ApiUmaProtectionService.getClientKeyStorePassword ( )

inlineprotected

                                                  {
         return appConfiguration.getApiUmaClientKeyStorePassword();
     }

◆ getErrorResponse()

Response org.gluu.oxtrust.service.uma.BaseUmaProtectionService.getErrorResponse	(	Response.Status	status,
		String	detail
	)

inlineprotectedinherited

                                                                                {
         return Response.status(status).entity(detail).build();
     }

◆ getPatToken()

Token org.gluu.oxtrust.service.uma.BaseUmaProtectionService.getPatToken ( ) throws UmaProtectionException

inlineinherited

                                                                  {
                 if (isValidPatToken(this.umaPat, this.umaPatAccessTokenExpiration)) {
                         return this.umaPat;
                 }
 
                 lock.lock();
                 try {
                         if (isValidPatToken(this.umaPat, this.umaPatAccessTokenExpiration)) {
                                 return this.umaPat;
                         }
 
                         retrievePatToken();
                 } finally {
                   lock.unlock();
                 }
 
 
                 return this.umaPat;
         }

◆ getRequestedScopes()

List<String> org.gluu.oxtrust.service.uma.BaseUmaProtectionService.getRequestedScopes ( ResourceInfo resourceInfo )

inlineinherited

                                                                           {
                 Class<?> resourceClass = resourceInfo.getResourceClass();
                 ProtectedApi typeAnnotation = resourceClass.getAnnotation(ProtectedApi.class);
                 if (typeAnnotation == null) {
                         return Collections.emptyList();
                 }
 
                 List<String> scopes = new ArrayList<String>();
                 scopes.addAll(getResourceScopes(typeAnnotation.scopes()));
 
                 Method resourceMethod = resourceInfo.getResourceMethod();
                 ProtectedApi methodAnnotation = resourceMethod.getAnnotation(ProtectedApi.class);
                 if (methodAnnotation != null) {
                         scopes.addAll(getResourceScopes(methodAnnotation.scopes()));
                 }
 
                 return scopes;
         }

◆ getUmaResourceId()

String org.gluu.oxtrust.service.uma.ApiUmaProtectionService.getUmaResourceId ( )

inline

                                      {
         return appConfiguration.getApiUmaResourceId();
     }

◆ getUmaScope()

String org.gluu.oxtrust.service.uma.ApiUmaProtectionService.getUmaScope ( )

inline

                                 {
         return appConfiguration.getApiUmaScope();
     }

◆ isEnabled()

boolean org.gluu.oxtrust.service.uma.ApiUmaProtectionService.isEnabled ( )

inline

                                {
         return isEnabledUmaAuthentication();
     }

◆ isEnabledUmaAuthentication()

boolean org.gluu.oxtrust.service.uma.BaseUmaProtectionService.isEnabledUmaAuthentication ( )

inlineprotectedinherited

                                                        {
         return (umaMetadata != null) && isExistPatToken();
         }

◆ isExistPatToken()

boolean org.gluu.oxtrust.service.uma.BaseUmaProtectionService.isExistPatToken ( )

inlineinherited

                                          {
                 try {
                         return getPatToken() != null;
                 } catch (UmaProtectionException ex) {
                         log.error("Failed to check UMA PAT token status", ex);
                 }
 
                 return false;
         }

◆ processAuthorization()

Response org.gluu.oxtrust.service.uma.ApiUmaProtectionService.processAuthorization	(	HttpHeaders	headers,
		ResourceInfo	resourceInfo
	)

inline

                                                                                              {
         Response authorizationResponse =  null;
 
         String authorization = headers.getHeaderString("Authorization");
         log.info("==== API Service call intercepted ====");
         log.info("Authorization header {} found", StringUtils.isEmpty(authorization) ? "not" : "");
 
         try {
             //Test mode may be removed in upcoming versions of Gluu Server...
             if (appConfiguration.isScimTestMode()) {
                 log.info("API Test Mode is ACTIVE");
                 authorizationResponse = processTestModeAuthorization(authorization);
             }
             else
             if (isEnabled()){
                 log.info("API is protected by UMA");
                 authorizationResponse = processUmaAuthorization(authorization, resourceInfo);
             }
             else{
                 log.info("Please activate UMA or test mode to protect your API endpoints. Read the Gluu API docs to learn more");
                 authorizationResponse= getErrorResponse(Response.Status.UNAUTHORIZED, "API not protected");
             }
         }
         catch (Exception e){
             log.error(e.getMessage(), e);
             authorizationResponse=getErrorResponse(Response.Status.INTERNAL_SERVER_ERROR, e.getMessage());
         }
 
         return authorizationResponse;
         }

◆ processTestModeAuthorization()

Response org.gluu.oxtrust.service.uma.ApiUmaProtectionService.processTestModeAuthorization ( String token ) throws Exception

inlineprivate

                                                                                      {
                 Response response = null;
 
                 if (StringUtils.isNotEmpty(token)) {
                         token = token.replaceFirst("Bearer\\s+", "");
                         log.debug("Validating token {}", token);
 
                         String clientInfoEndpoint = openIdService.getOpenIdConfiguration().getClientInfoEndpoint();
                         ClientInfoClient clientInfoClient = new ClientInfoClient(clientInfoEndpoint);
                         ClientInfoResponse clientInfoResponse = clientInfoClient.execClientInfo(token);
 
                         if (clientInfoResponse.getErrorType() != null) {
                                 response = getErrorResponse(Status.UNAUTHORIZED, "Invalid token " + token);
                                 log.debug("Error validating access token: {}", clientInfoResponse.getErrorDescription());
                         }
                 } else {
                         log.info("Request is missing authorization header");
                         // see section 3.12 RFC 7644
                         response = getErrorResponse(Status.INTERNAL_SERVER_ERROR, "No authorization header found");
                 }
                 return response;
 
         }

◆ processUmaAuthorization()

Response org.gluu.oxtrust.service.uma.BaseUmaProtectionService.processUmaAuthorization	(	String	authorization,
		ResourceInfo	resourceInfo
	)		throws Exception

inlinepackageinherited

                                                                                                        {
                 List<String> scopes = getRequestedScopes(resourceInfo);
 
         Token patToken = null;
         try {
             patToken = getPatToken();
         }
         catch (UmaProtectionException ex) {
             return getErrorResponse(Response.Status.INTERNAL_SERVER_ERROR, "Failed to obtain PAT token");
         }
 
         Pair<Boolean, Response> rptTokenValidationResult;
         if (scopes.isEmpty()) {
                 rptTokenValidationResult = umaPermissionService.validateRptToken(patToken, authorization, getUmaResourceId(), scopes);
         } else {
                 rptTokenValidationResult = umaPermissionService.validateRptToken(patToken, authorization, getUmaResourceId(), getUmaScope());
         }
 
         if (rptTokenValidationResult.getFirst()) {
             if (rptTokenValidationResult.getSecond() != null) {
                 return rptTokenValidationResult.getSecond();
             }
         }
         else {
             return getErrorResponse(Response.Status.UNAUTHORIZED, "Invalid GAT/RPT token");
         }
         return null;
 
     }

メンバ詳解

◆ appConfiguration

AppConfiguration org.gluu.oxtrust.service.uma.ApiUmaProtectionService.appConfiguration

private

◆ log

Logger org.gluu.oxtrust.service.uma.ApiUmaProtectionService.log

private

◆ openIdService

OpenIdService org.gluu.oxtrust.service.uma.ApiUmaProtectionService.openIdService

private

◆ serialVersionUID

final long org.gluu.oxtrust.service.uma.ApiUmaProtectionService.serialVersionUID = 362749692619005003L

staticprivate

◆ umaPermissionService

UmaPermissionService org.gluu.oxtrust.service.uma.BaseUmaProtectionService.umaPermissionService

protectedinherited

このクラス詳解は次のファイルから抽出されました:

D:/AppData/OpenId/gluu/src/oxTrust/server/src/main/java/org/gluu/oxtrust/service/uma/ApiUmaProtectionService.java

公開メンバ関数

限定公開メンバ関数

限定公開変数類

関数

非公開メンバ関数

非公開変数類

静的非公開変数類

詳解

関数詳解

◆ computeAccessTokenExpirationTime()

◆ getClientId()

◆ getClientKeyId()

◆ getClientKeyStoreFile()

◆ getClientKeyStorePassword()

◆ getErrorResponse()

◆ getPatToken()

◆ getRequestedScopes()

◆ getUmaResourceId()

◆ getUmaScope()

◆ isEnabled()

◆ isEnabledUmaAuthentication()

◆ isExistPatToken()

◆ processAuthorization()

◆ processTestModeAuthorization()

◆ processUmaAuthorization()

メンバ詳解

◆ appConfiguration

◆ log

◆ openIdService

◆ serialVersionUID

◆ umaPermissionService