gluu
公開メンバ関数 | 非公開メンバ関数 | 非公開変数類 | 全メンバ一覧
org.xdi.oxauth.uma.service.UmaValidationService クラス
org.xdi.oxauth.uma.service.UmaValidationService 連携図
Collaboration graph

公開メンバ関数

AuthorizationGrant assertHasProtectionScope (String authorization)
 
UmaRPT validateRPT (String rptCode)
 
void validatePermissions (List< UmaPermission > permissions)
 
void validatePermission (UmaPermission permission)
 
void validatePermissions (UmaPermissionList permissions)
 
void validatePermission (org.xdi.oxauth.model.uma.UmaPermission permission)
 
void validateGrantType (String grantType)
 
List< UmaPermissionvalidateTicket (String ticket)
 
List< UmaPermissionvalidateTicketWithRedirect (String ticket, String claimsRedirectUri, String state)
 
Jwt validateClaimToken (String claimToken, String claimTokenFormat)
 
boolean isIdTokenValid (Jwt idToken)
 
UmaPCT validatePct (String pctCode)
 
Map< UmaScopeDescription, Boolean > validateScopes (String scope, List< UmaPermission > permissions)
 
void validateScopeExpression (String scopeExpression)
 
Client validateClientAndClaimsRedirectUri (String clientId, String claimsRedirectUri, String state)
 
String [] validatesGatheringScriptNames (String scriptNamesAsString, String claimsRedirectUri, String state)
 
void validateRestrictedByClient (String patClientDn, String rsId)
 
void validateResource (org.xdi.oxauth.model.uma.UmaResource resource)
 

非公開メンバ関数

AuthorizationGrant validateAuthorization (String authorization, UmaScopeType umaScopeType)
 
RSAPublicKey getPublicKey (String kid)
 
String getEqualRedirectUri (String redirectUri, String[] clientRedirectUris)
 

非公開変数類

Logger log
 
ErrorResponseFactory errorResponseFactory
 
TokenService tokenService
 
AuthorizationGrantList authorizationGrantList
 
UmaResourceService resourceService
 
UmaScopeService umaScopeService
 
AppConfiguration appConfiguration
 
UmaPermissionService permissionService
 
UmaPctService pctService
 
UmaRptService rptService
 
WebKeysConfiguration webKeysConfiguration
 
ClientService clientService
 
UmaExpressionService expressionService
 

詳解

著者
Yuriy Zabrovarnyy
バージョン
0.9, 04/02/2013

関数詳解

◆ assertHasProtectionScope()

AuthorizationGrant org.xdi.oxauth.uma.service.UmaValidationService.assertHasProtectionScope ( String  authorization)
inline
123  {
124  return validateAuthorization(authorization, UmaScopeType.PROTECTION);
125  }
org.xdi.oxauth.uma.service.UmaValidationService.validateAuthorization
AuthorizationGrant validateAuthorization(String authorization, UmaScopeType umaScopeType)
Definition: UmaValidationService.java:127

◆ getEqualRedirectUri()

String org.xdi.oxauth.uma.service.UmaValidationService.getEqualRedirectUri ( String  redirectUri,
String []  clientRedirectUris 
)
inlineprivate
449  {
450  final String redirectUriWithoutParams = RedirectionUriService.uriWithoutParams(redirectUri);
451 
452  for (String uri : clientRedirectUris) {
453  log.debug("Comparing {} == {}", uri, redirectUri);
454  if (uri.equals(redirectUri)) { // compare complete uri
455  return redirectUri;
456  }
457 
458  String uriWithoutParams = RedirectionUriService.uriWithoutParams(uri);
459  final Map<String, String> params = RedirectionUriService.getParams(uri);
460 
461  if ((uriWithoutParams.equals(redirectUriWithoutParams) && params.size() == 0 && RedirectionUriService.getParams(redirectUri).size() == 0) ||
462  uriWithoutParams.equals(redirectUriWithoutParams) && params.size() > 0 && RedirectionUriService.compareParams(redirectUri, uri)) {
463  return redirectUri;
464  }
465  }
466  return null;
467  }
org.xdi.oxauth.uma.service.UmaValidationService.log
Logger log
Definition: UmaValidationService.java:85

◆ getPublicKey()

RSAPublicKey org.xdi.oxauth.uma.service.UmaValidationService.getPublicKey ( String  kid)
inlineprivate
334  {
335  JSONWebKey key = webKeysConfiguration.getKey(kid);
336  if (key != null) {
337  switch (key.getKty()) {
338  case RSA:
339  return new RSAPublicKey(
340  key.getN(),
341  key.getE());
342  }
343  }
344  return null;
345  }
org.xdi.oxauth.model.jwk.JSONWebKeySet.getKey
JSONWebKey getKey(String keyId)
Definition: JSONWebKeySet.java:44
org.xdi.oxauth.uma.service.UmaValidationService.webKeysConfiguration
WebKeysConfiguration webKeysConfiguration
Definition: UmaValidationService.java:115

◆ isIdTokenValid()

boolean org.xdi.oxauth.uma.service.UmaValidationService.isIdTokenValid ( Jwt  idToken)
inline
293  {
294  try {
295  final String issuer = idToken.getClaims().getClaimAsString(JwtClaimName.ISSUER);
296  //final String nonceFromToken = idToken.getClaims().getClaimAsString(JwtClaimName.NONCE);
297  //final String audienceFromToken = idToken.getClaims().getClaimAsString(JwtClaimName.AUDIENCE);
298 
299  final Date expiresAt = idToken.getClaims().getClaimAsDate(JwtClaimName.EXPIRATION_TIME);
300  final Date now = new Date();
301  if (now.after(expiresAt)) {
302  log.error("ID Token is expired. (It is after " + now + ").");
303  return false;
304  }
305 
306  // 1. validate issuer
307  if (!issuer.equals(appConfiguration.getIssuer())) {
308  log.error("ID Token issuer is invalid. Token issuer: " + issuer + ", server issuer: " + appConfiguration.getIssuer());
309  return false;
310  }
311 
312  // 2. validate signature
313  final String kid = idToken.getHeader().getClaimAsString(JwtHeaderName.KEY_ID);
314  final String algorithm = idToken.getHeader().getClaimAsString(JwtHeaderName.ALGORITHM);
315  RSAPublicKey publicKey = getPublicKey(kid);
316  if (publicKey != null) {
317  RSASigner rsaSigner = new RSASigner(SignatureAlgorithm.fromString(algorithm), publicKey);
318  boolean signature = rsaSigner.validate(idToken);
319  if (signature) {
320  log.debug("ID Token is successfully validated.");
321  return true;
322  }
323  log.error("ID Token signature is invalid.");
324  } else {
325  log.error("Failed to get RSA public key.");
326  }
327  return false;
328  } catch (Exception e) {
329  log.error("Failed to validate id_token. Message: " + e.getMessage(), e);
330  return false;
331  }
332  }
org.xdi.oxauth.uma.service.UmaValidationService.log
Logger log
Definition: UmaValidationService.java:85
org.xdi.oxauth.uma.service.UmaValidationService.appConfiguration
AppConfiguration appConfiguration
Definition: UmaValidationService.java:103
org.xdi.oxauth.model.configuration.AppConfiguration.getIssuer
String getIssuer()
Definition: AppConfiguration.java:274
org.xdi.oxauth.uma.service.UmaValidationService.getPublicKey
RSAPublicKey getPublicKey(String kid)
Definition: UmaValidationService.java:334

◆ validateAuthorization()

AuthorizationGrant org.xdi.oxauth.uma.service.UmaValidationService.validateAuthorization ( String  authorization,
UmaScopeType  umaScopeType 
)
inlineprivate
127  {
128  log.trace("Validate authorization: {}", authorization);
129  if (StringHelper.isEmpty(authorization)) {
130  errorResponseFactory.throwUmaWebApplicationException(UNAUTHORIZED, UNAUTHORIZED_CLIENT);
131  }
132 
133  String token = tokenService.getTokenFromAuthorizationParameter(authorization);
134  if (StringHelper.isEmpty(token)) {
135  log.debug("Token is invalid");
136  errorResponseFactory.throwUmaWebApplicationException(UNAUTHORIZED, UNAUTHORIZED_CLIENT);
137  }
138 
139  AuthorizationGrant authorizationGrant = authorizationGrantList.getAuthorizationGrantByAccessToken(token);
140  if (authorizationGrant == null) {
141  errorResponseFactory.throwUmaWebApplicationException(UNAUTHORIZED, ACCESS_DENIED);
142  }
143 
144  if (!authorizationGrant.isValid()) {
145  errorResponseFactory.throwUmaWebApplicationException(UNAUTHORIZED, INVALID_TOKEN);
146  }
147 
148  Set<String> scopes = authorizationGrant.getScopes();
149  if (!scopes.contains(umaScopeType.getValue())) {
150  errorResponseFactory.throwUmaWebApplicationException(Response.Status.NOT_ACCEPTABLE, INVALID_CLIENT_SCOPE);
151  }
152  return authorizationGrant;
153  }
org.xdi.oxauth.uma.service.UmaValidationService.log
Logger log
Definition: UmaValidationService.java:85
org.xdi.oxauth.uma.service.UmaValidationService.tokenService
TokenService tokenService
Definition: UmaValidationService.java:91
org.xdi.oxauth.uma.service.UmaValidationService.authorizationGrantList
AuthorizationGrantList authorizationGrantList
Definition: UmaValidationService.java:94
org.xdi.oxauth.uma.service.UmaValidationService.errorResponseFactory
ErrorResponseFactory errorResponseFactory
Definition: UmaValidationService.java:88
org.xdi.oxauth.service.token.TokenService.getTokenFromAuthorizationParameter
String getTokenFromAuthorizationParameter(String authorizationParameter)
Definition: TokenService.java:30
org.xdi.oxauth.model.error.ErrorResponseFactory.throwUmaWebApplicationException
public< T > T throwUmaWebApplicationException(Response.Status status, IErrorType type)
Definition: ErrorResponseFactory.java:117
org.xdi.oxauth.model.common.AuthorizationGrantList.getAuthorizationGrantByAccessToken
AuthorizationGrant getAuthorizationGrantByAccessToken(String accessToken)
Definition: AuthorizationGrantList.java:166

◆ validateClaimToken()

Jwt org.xdi.oxauth.uma.service.UmaValidationService.validateClaimToken ( String  claimToken,
String  claimTokenFormat 
)
inline
265  {
266  if (StringUtils.isNotBlank(claimToken)) {
267  if (!ClaimTokenFormatType.isValueValid(claimTokenFormat)) {
268  log.error("claim_token_format is unsupported. Supported format is http://openid.net/specs/openid-connect-core-1_0.html#IDToken");
269  errorResponseFactory.throwUmaWebApplicationException(BAD_REQUEST, INVALID_CLAIM_TOKEN_FORMAT);
270  }
271 
272  try {
273  final Jwt idToken = Jwt.parse(claimToken);
274  if (idToken != null) {
275  if (ServerUtil.isTrue(appConfiguration.getUmaValidateClaimToken()) && !isIdTokenValid(idToken)) {
276  log.error("claim_token validation failed.");
277  errorResponseFactory.throwUmaWebApplicationException(BAD_REQUEST, INVALID_CLAIM_TOKEN);
278  }
279  return idToken;
280  }
281  } catch (Exception e) {
282  log.error("Failed to parse claim_token as valid id_token.", e);
283  }
284 
285  errorResponseFactory.throwUmaWebApplicationException(BAD_REQUEST, INVALID_CLAIM_TOKEN);
286  } else if (StringUtils.isNotBlank(claimTokenFormat)) {
287  log.error("claim_token is blank but claim_token_format is not blank. Both must be blank or both must be not blank");
288  errorResponseFactory.throwUmaWebApplicationException(BAD_REQUEST, INVALID_CLAIM_TOKEN);
289  }
290  return null;
291  }
org.xdi.oxauth.uma.service.UmaValidationService.log
Logger log
Definition: UmaValidationService.java:85
org.xdi.oxauth.uma.service.UmaValidationService.appConfiguration
AppConfiguration appConfiguration
Definition: UmaValidationService.java:103
org.xdi.oxauth.uma.service.UmaValidationService.errorResponseFactory
ErrorResponseFactory errorResponseFactory
Definition: UmaValidationService.java:88
org.xdi.oxauth.model.configuration.AppConfiguration.getUmaValidateClaimToken
Boolean getUmaValidateClaimToken()
Definition: AppConfiguration.java:245
org.xdi.oxauth.model.error.ErrorResponseFactory.throwUmaWebApplicationException
public< T > T throwUmaWebApplicationException(Response.Status status, IErrorType type)
Definition: ErrorResponseFactory.java:117
org.xdi.oxauth.uma.service.UmaValidationService.isIdTokenValid
boolean isIdTokenValid(Jwt idToken)
Definition: UmaValidationService.java:293

◆ validateClientAndClaimsRedirectUri()

Client org.xdi.oxauth.uma.service.UmaValidationService.validateClientAndClaimsRedirectUri ( String  clientId,
String  claimsRedirectUri,
String  state 
)
inline
409  {
410  if (StringUtils.isBlank(clientId)) {
411  log.error("Invalid clientId: {}", clientId);
412  throw new UmaWebException(BAD_REQUEST, errorResponseFactory, UmaErrorResponseType.INVALID_CLIENT_ID);
413  }
414  Client client = clientService.getClient(clientId);
415  if (client == null) {
416  log.error("Failed to find client with client_id: {}", clientId);
417  throw new UmaWebException(BAD_REQUEST, errorResponseFactory, UmaErrorResponseType.INVALID_CLIENT_ID);
418  }
419 
420  if (StringUtils.isNotBlank(claimsRedirectUri)) {
421  if (ArrayUtils.isEmpty(client.getClaimRedirectUris())) {
422  log.error("Client does not have claims_redirect_uri specified, clientId: " + clientId);
423  throw new UmaWebException(BAD_REQUEST, errorResponseFactory, UmaErrorResponseType.INVALID_CLAIMS_REDIRECT_URI);
424  }
425 
426  String equalRedirectUri = getEqualRedirectUri(claimsRedirectUri, client.getClaimRedirectUris());
427  if (equalRedirectUri != null) {
428  log.trace("Found match for claims_redirect_uri : " + equalRedirectUri);
429  return client;
430  } else {
431  log.trace("Failed to find match for claims_redirect_uri : " + claimsRedirectUri + ", client claimRedirectUris: " + Arrays.toString(client.getClaimRedirectUris()));
432  }
433  } else {
434  log.trace("claims_redirect_uri is blank");
435  if (client.getClaimRedirectUris() != null && client.getClaimRedirectUris().length == 1) {
436  log.trace("claims_redirect_uri is blank and only one claims_redirect_uri is registered.");
437  return client;
438  }
439  }
440 
441  if (StringUtils.isBlank(claimsRedirectUri)) {
442  log.error("claims_redirect_uri is blank and there is none or more then one registered claims_redirect_uri for clientId: " + clientId);
443  throw new UmaWebException(BAD_REQUEST, errorResponseFactory, UmaErrorResponseType.INVALID_CLAIMS_REDIRECT_URI);
444  }
445 
446  throw new UmaWebException(claimsRedirectUri, errorResponseFactory, INVALID_CLAIMS_REDIRECT_URI, state);
447  }
org.xdi.oxauth.uma.service.UmaValidationService.log
Logger log
Definition: UmaValidationService.java:85
org.xdi.oxauth.uma.service.UmaValidationService.getEqualRedirectUri
String getEqualRedirectUri(String redirectUri, String[] clientRedirectUris)
Definition: UmaValidationService.java:449
org.xdi.oxauth.uma.service.UmaValidationService.errorResponseFactory
ErrorResponseFactory errorResponseFactory
Definition: UmaValidationService.java:88
org.xdi.oxauth.uma.service.UmaValidationService.clientService
ClientService clientService
Definition: UmaValidationService.java:118
org.xdi.oxauth.service.ClientService.getClient
Set< Client > getClient(Collection< String > clientIds, boolean silent)
Definition: ClientService.java:123

◆ validateGrantType()

void org.xdi.oxauth.uma.service.UmaValidationService.validateGrantType ( String  grantType)
inline
229  {
230  log.trace("Validate grantType: {}", grantType);
231 
232  if (!GrantType.OXAUTH_UMA_TICKET.getValue().equals(grantType)) {
233  errorResponseFactory.throwUmaWebApplicationException(BAD_REQUEST, INVALID_RESOURCE_ID);
234  }
235  }
org.xdi.oxauth.uma.service.UmaValidationService.log
Logger log
Definition: UmaValidationService.java:85
org.xdi.oxauth.uma.service.UmaValidationService.errorResponseFactory
ErrorResponseFactory errorResponseFactory
Definition: UmaValidationService.java:88
org.xdi.oxauth.model.error.ErrorResponseFactory.throwUmaWebApplicationException
public< T > T throwUmaWebApplicationException(Response.Status status, IErrorType type)
Definition: ErrorResponseFactory.java:117

◆ validatePct()

UmaPCT org.xdi.oxauth.uma.service.UmaValidationService.validatePct ( String  pctCode)
inline
347  {
348  if (StringUtils.isNotBlank(pctCode)) {
349  UmaPCT pct = pctService.getByCode(pctCode);
350 
351  if (pct != null) {
352  pct.checkExpired();
353  if (pct.isValid()) {
354  log.trace("PCT is validated successfully, pct: " + pctCode);
355  return pct;
356  } else {
357  log.error("PCT is not valid. Revoked: " + pct.isRevoked() + ", Expired: " + pct.isExpired() + ", pctCode: " + pctCode);
358  }
359  } else {
360  log.error("Failed to find PCT with pctCode: " + pctCode);
361  }
362 
363  errorResponseFactory.throwUmaWebApplicationException(UNAUTHORIZED, INVALID_PCT);
364  }
365  return null;
366  }
org.xdi.oxauth.uma.service.UmaValidationService.log
Logger log
Definition: UmaValidationService.java:85
org.xdi.oxauth.uma.service.UmaValidationService.errorResponseFactory
ErrorResponseFactory errorResponseFactory
Definition: UmaValidationService.java:88
org.xdi.oxauth.uma.service.UmaValidationService.pctService
UmaPctService pctService
Definition: UmaValidationService.java:109
org.xdi.oxauth.model.error.ErrorResponseFactory.throwUmaWebApplicationException
public< T > T throwUmaWebApplicationException(Response.Status status, IErrorType type)
Definition: ErrorResponseFactory.java:117
org.xdi.oxauth.model.common.AbstractToken.checkExpired
void checkExpired()
Definition: AbstractToken.java:84
org.xdi.oxauth.uma.service.UmaPctService.getByCode
UmaPCT getByCode(String pctCode)
Definition: UmaPctService.java:91

◆ validatePermission() [1/2]

void org.xdi.oxauth.uma.service.UmaValidationService.validatePermission ( UmaPermission  permission)
inline
180  {
181  if (permission == null || "invalidated".equalsIgnoreCase(permission.getStatus())) {
182  log.error("Permission is null or otherwise invalidated. Status: " + (permission != null ? permission.getStatus() : ""));
183  errorResponseFactory.throwUmaWebApplicationException(BAD_REQUEST, INVALID_TICKET);
184  }
185 
186  permission.checkExpired();
187  if (!permission.isValid()) {
188  log.error("Permission is not valid.");
189  errorResponseFactory.throwUmaWebApplicationException(BAD_REQUEST, EXPIRED_TICKET);
190  }
191  }
org.xdi.oxauth.uma.service.UmaValidationService.log
Logger log
Definition: UmaValidationService.java:85
org.xdi.oxauth.uma.service.UmaValidationService.errorResponseFactory
ErrorResponseFactory errorResponseFactory
Definition: UmaValidationService.java:88
org.xdi.oxauth.model.error.ErrorResponseFactory.throwUmaWebApplicationException
public< T > T throwUmaWebApplicationException(Response.Status status, IErrorType type)
Definition: ErrorResponseFactory.java:117

◆ validatePermission() [2/2]

void org.xdi.oxauth.uma.service.UmaValidationService.validatePermission ( org.xdi.oxauth.model.uma.UmaPermission  permission)
inline
199  {
200  String resourceId = permission.getResourceId();
201  if (StringHelper.isEmpty(resourceId)) {
202  log.error("Resource id is empty");
203  errorResponseFactory.throwUmaWebApplicationException(BAD_REQUEST, INVALID_RESOURCE_ID);
204  }
205 
206  try {
207  UmaResource resource = resourceService.getResourceById(resourceId);
208  if (resource == null) {
209  log.error("Resource isn't registered or there are two resources with same Id");
210  errorResponseFactory.throwUmaWebApplicationException(BAD_REQUEST, INVALID_RESOURCE_ID);
211  return;
212  }
213 
214  final List<String> scopeUrls = umaScopeService.getScopeIdsByDns(resource.getScopes());
215  if (!scopeUrls.containsAll(permission.getScopes())) {
216  log.error("At least one of the scope isn't registered");
217  errorResponseFactory.throwUmaWebApplicationException(BAD_REQUEST, INVALID_RESOURCE_SCOPE);
218  } else {
219  return;
220  }
221  } catch (EntryPersistenceException ex) {
222  log.error(ex.getMessage(), ex);
223  }
224 
225  log.error("Resource isn't registered");
226  errorResponseFactory.throwUmaWebApplicationException(BAD_REQUEST, INVALID_RESOURCE_ID);
227  }
org.xdi.oxauth.uma.service.UmaValidationService.log
Logger log
Definition: UmaValidationService.java:85
org.xdi.oxauth.uma.service.UmaScopeService.getScopeIdsByDns
List< String > getScopeIdsByDns(List< String > scopeDns)
Definition: UmaScopeService.java:129
org.xdi.oxauth.uma.service.UmaValidationService.errorResponseFactory
ErrorResponseFactory errorResponseFactory
Definition: UmaValidationService.java:88
org.xdi.oxauth.model.error.ErrorResponseFactory.throwUmaWebApplicationException
public< T > T throwUmaWebApplicationException(Response.Status status, IErrorType type)
Definition: ErrorResponseFactory.java:117
org.xdi.oxauth.uma.service.UmaValidationService.resourceService
UmaResourceService resourceService
Definition: UmaValidationService.java:97
org.xdi.oxauth.uma.service.UmaValidationService.umaScopeService
UmaScopeService umaScopeService
Definition: UmaValidationService.java:100
org.xdi.oxauth.uma.service.UmaResourceService.getResourceById
UmaResource getResourceById(String id)
Definition: UmaResourceService.java:180

◆ validatePermissions() [1/2]

void org.xdi.oxauth.uma.service.UmaValidationService.validatePermissions ( List< UmaPermission permissions)
inline
174  {
175  for (UmaPermission permission : permissions) {
176  validatePermission(permission);
177  }
178  }
org.xdi.oxauth.uma.service.UmaValidationService.validatePermission
void validatePermission(UmaPermission permission)
Definition: UmaValidationService.java:180

◆ validatePermissions() [2/2]

void org.xdi.oxauth.uma.service.UmaValidationService.validatePermissions ( UmaPermissionList  permissions)
inline
193  {
194  for (org.xdi.oxauth.model.uma.UmaPermission permission : permissions) {
195  validatePermission(permission);
196  }
197  }
org.xdi.oxauth.uma.service.UmaValidationService.validatePermission
void validatePermission(UmaPermission permission)
Definition: UmaValidationService.java:180
org.xdi.oxauth.model.uma
Definition: ClaimTokenFormatType.java:1
org.xdi.oxauth.model.uma.UmaPermission
Definition: UmaPermission.java:37

◆ validateResource()

void org.xdi.oxauth.uma.service.UmaValidationService.validateResource ( org.xdi.oxauth.model.uma.UmaResource  resource)
inline
489  {
490  validateScopeExpression(resource.getScopeExpression());
491 
492  List<String> scopeDNs = umaScopeService.getScopeDNsByIdsAndAddToLdapIfNeeded(resource.getScopes());
493  if (scopeDNs.isEmpty() && StringUtils.isBlank(resource.getScopeExpression()) ) {
494  log.error("Invalid resource. Both `scope` and `scope_expression` are blank.");
495  throw new UmaWebException(BAD_REQUEST, errorResponseFactory, UmaErrorResponseType.INVALID_RESOURCE_SCOPE);
496  }
497  }
org.xdi.oxauth.uma.service.UmaValidationService.log
Logger log
Definition: UmaValidationService.java:85
org.xdi.oxauth.uma.service.UmaScopeService.getScopeDNsByIdsAndAddToLdapIfNeeded
List< String > getScopeDNsByIdsAndAddToLdapIfNeeded(List< String > scopeIds)
Definition: UmaScopeService.java:102
org.xdi.oxauth.uma.service.UmaValidationService.errorResponseFactory
ErrorResponseFactory errorResponseFactory
Definition: UmaValidationService.java:88
org.xdi.oxauth.uma.service.UmaValidationService.validateScopeExpression
void validateScopeExpression(String scopeExpression)
Definition: UmaValidationService.java:402
org.xdi.oxauth.uma.service.UmaValidationService.umaScopeService
UmaScopeService umaScopeService
Definition: UmaValidationService.java:100

◆ validateRestrictedByClient()

void org.xdi.oxauth.uma.service.UmaValidationService.validateRestrictedByClient ( String  patClientDn,
String  rsId 
)
inline
479  {
480  if (ServerUtil.isTrue(appConfiguration.getUmaRestrictResourceToAssociatedClient())) {
481  final List<String> clients = resourceService.getResourceById(rsId).getClients();
482  if (!clients.contains(patClientDn)) {
483  log.error("Access to resource is denied because resource associated client does not match PAT client (it can be switched off if set umaRestrictResourceToAssociatedClient oxauth configuration property to false). Associated clients: " + clients + ", PAT client: " + patClientDn);
484  throw new UmaWebException(Response.Status.FORBIDDEN, errorResponseFactory, ACCESS_DENIED);
485  }
486  }
487  }
org.xdi.oxauth.uma.service.UmaValidationService.log
Logger log
Definition: UmaValidationService.java:85
org.xdi.oxauth.uma.service.UmaValidationService.appConfiguration
AppConfiguration appConfiguration
Definition: UmaValidationService.java:103
org.xdi.oxauth.model.uma.persistence.UmaResource.getClients
List< String > getClients()
Definition: UmaResource.java:115
org.xdi.oxauth.uma.service.UmaValidationService.errorResponseFactory
ErrorResponseFactory errorResponseFactory
Definition: UmaValidationService.java:88
org.xdi.oxauth.model.configuration.AppConfiguration.getUmaRestrictResourceToAssociatedClient
Boolean getUmaRestrictResourceToAssociatedClient()
Definition: AppConfiguration.java:261
org.xdi.oxauth.uma.service.UmaValidationService.resourceService
UmaResourceService resourceService
Definition: UmaValidationService.java:97
org.xdi.oxauth.uma.service.UmaResourceService.getResourceById
UmaResource getResourceById(String id)
Definition: UmaResourceService.java:180

◆ validateRPT()

UmaRPT org.xdi.oxauth.uma.service.UmaValidationService.validateRPT ( String  rptCode)
inline
155  {
156  if (StringUtils.isNotBlank(rptCode)) {
157  UmaRPT rpt = rptService.getRPTByCode(rptCode);
158  if (rpt != null) {
159  rpt.checkExpired();
160  if (rpt.isValid()) {
161  return rpt;
162  } else {
163  log.error("RPT is not valid. Revoked: " + rpt.isRevoked() + ", Expired: " + rpt.isExpired() + ", rptCode: " + rptCode);
164  }
165  } else {
166  log.error("RPT is null, rptCode: " + rptCode);
167  }
168 
169  errorResponseFactory.throwUmaWebApplicationException(BAD_REQUEST, INVALID_RPT);
170  }
171  return null;
172  }
org.xdi.oxauth.uma.service.UmaValidationService.log
Logger log
Definition: UmaValidationService.java:85
org.xdi.oxauth.uma.service.UmaRptService.getRPTByCode
UmaRPT getRPTByCode(String rptCode)
Definition: UmaRptService.java:102
org.xdi.oxauth.uma.service.UmaValidationService.rptService
UmaRptService rptService
Definition: UmaValidationService.java:112
org.xdi.oxauth.uma.service.UmaValidationService.errorResponseFactory
ErrorResponseFactory errorResponseFactory
Definition: UmaValidationService.java:88
org.xdi.oxauth.model.error.ErrorResponseFactory.throwUmaWebApplicationException
public< T > T throwUmaWebApplicationException(Response.Status status, IErrorType type)
Definition: ErrorResponseFactory.java:117
org.xdi.oxauth.model.common.AbstractToken.checkExpired
void checkExpired()
Definition: AbstractToken.java:84

◆ validateScopeExpression()

void org.xdi.oxauth.uma.service.UmaValidationService.validateScopeExpression ( String  scopeExpression)
inline
402  {
403  if (StringUtils.isNotBlank(scopeExpression) && !expressionService.isExpressionValid(scopeExpression)) {
404  log.error("Scope expression is invalid. Expression: " + scopeExpression);
405  throw new UmaWebException(BAD_REQUEST, errorResponseFactory, UmaErrorResponseType.INVALID_RESOURCE_SCOPE);
406  }
407  }
org.xdi.oxauth.uma.service.UmaValidationService.log
Logger log
Definition: UmaValidationService.java:85
org.xdi.oxauth.uma.service.UmaExpressionService.isExpressionValid
boolean isExpressionValid(String expression)
Definition: UmaExpressionService.java:48
org.xdi.oxauth.uma.service.UmaValidationService.errorResponseFactory
ErrorResponseFactory errorResponseFactory
Definition: UmaValidationService.java:88
org.xdi.oxauth.uma.service.UmaValidationService.expressionService
UmaExpressionService expressionService
Definition: UmaValidationService.java:121

◆ validateScopes()

Map<UmaScopeDescription, Boolean> org.xdi.oxauth.uma.service.UmaValidationService.validateScopes ( String  scope,
List< UmaPermission permissions 
)
inline
引数
scopescope string from token request
permissionspermissions
戻り値
map of loaded scope and boolean, true - if client requested scope and false if it is permission ticket scope
373  {
374  scope = ServerUtil.urlDecode(scope);
375  final String[] scopesRequested = StringUtils.isNotBlank(scope) ? scope.split(" ") : new String[0];
376 
377  final Map<UmaScopeDescription, Boolean> result = new HashMap<UmaScopeDescription, Boolean>();
378 
379  if (ArrayUtils.isNotEmpty(scopesRequested)) {
380  for (UmaScopeDescription s : umaScopeService.getScopesByIds(Arrays.asList(scopesRequested))) {
381  result.put(s, true);
382  }
383  }
384  for (UmaPermission permission : permissions) {
385  for (UmaScopeDescription s : umaScopeService.getScopesByDns(permission.getScopeDns())) {
386  result.put(s, false);
387  }
388  }
389  if (result.isEmpty()) {
390  log.error("There are no any scopes requested in give request.");
391  throw new UmaWebException(BAD_REQUEST, errorResponseFactory, UmaErrorResponseType.INVALID_RESOURCE_SCOPE);
392  }
393  log.trace("CandidateGrantedScopes: " + Joiner.on(", ").join(Iterables.transform(result.keySet(), new Function<UmaScopeDescription, String>() {
394  @Override
395  public String apply(UmaScopeDescription umaScopeDescription) {
396  return umaScopeDescription.getId();
397  }
398  })));
399  return result;
400  }
org.xdi.oxauth.uma.service.UmaValidationService.log
Logger log
Definition: UmaValidationService.java:85
org.xdi.oxauth.uma.service.UmaScopeService.getScopesByDns
List< UmaScopeDescription > getScopesByDns(List< String > scopeDns)
Definition: UmaScopeService.java:110
org.xdi.oxauth.uma.service.UmaScopeService.getScopesByIds
List< UmaScopeDescription > getScopesByIds(List< String > scopeIds)
Definition: UmaScopeService.java:143
org.xdi.oxauth.uma.service.UmaValidationService.errorResponseFactory
ErrorResponseFactory errorResponseFactory
Definition: UmaValidationService.java:88
org.xdi.oxauth.uma.service.UmaValidationService.umaScopeService
UmaScopeService umaScopeService
Definition: UmaValidationService.java:100

◆ validatesGatheringScriptNames()

String [] org.xdi.oxauth.uma.service.UmaValidationService.validatesGatheringScriptNames ( String  scriptNamesAsString,
String  claimsRedirectUri,
String  state 
)
inline
469  {
470  if (StringUtils.isNotBlank(scriptNamesAsString)) {
471  final String[] scriptNames = scriptNamesAsString.split(" ");
472  if (ArrayUtils.isNotEmpty(scriptNames)) {
473  return scriptNames;
474  }
475  }
476  throw new UmaWebException(claimsRedirectUri, errorResponseFactory, INVALID_CLAIMS_GATHERING_SCRIPT_NAME, state);
477  }
org.xdi.oxauth.uma.service.UmaValidationService.errorResponseFactory
ErrorResponseFactory errorResponseFactory
Definition: UmaValidationService.java:88

◆ validateTicket()

List<UmaPermission> org.xdi.oxauth.uma.service.UmaValidationService.validateTicket ( String  ticket)
inline
237  {
238  if (StringUtils.isBlank(ticket)) {
239  log.error("Ticket is null or blank.");
240  errorResponseFactory.throwUmaWebApplicationException(BAD_REQUEST, INVALID_TICKET);
241  }
242 
243  List<UmaPermission> permissions = permissionService.getPermissionsByTicket(ticket);
244  if (permissions == null || permissions.isEmpty()) {
245  log.error("Unable to find permissions registered for given ticket:" + ticket);
246  errorResponseFactory.throwUmaWebApplicationException(BAD_REQUEST, INVALID_TICKET);
247  }
248  return permissions;
249  }
org.xdi.oxauth.uma.service.UmaValidationService.log
Logger log
Definition: UmaValidationService.java:85
org.xdi.oxauth.uma.service.UmaValidationService.permissionService
UmaPermissionService permissionService
Definition: UmaValidationService.java:106
org.xdi.oxauth.uma.service.UmaValidationService.errorResponseFactory
ErrorResponseFactory errorResponseFactory
Definition: UmaValidationService.java:88
org.xdi.oxauth.uma.service.UmaPermissionService.getPermissionsByTicket
List< UmaPermission > getPermissionsByTicket(String ticket)
Definition: UmaPermissionService.java:136
org.xdi.oxauth.model.error.ErrorResponseFactory.throwUmaWebApplicationException
public< T > T throwUmaWebApplicationException(Response.Status status, IErrorType type)
Definition: ErrorResponseFactory.java:117

◆ validateTicketWithRedirect()

List<UmaPermission> org.xdi.oxauth.uma.service.UmaValidationService.validateTicketWithRedirect ( String  ticket,
String  claimsRedirectUri,
String  state 
)
inline
251  {
252  if (StringUtils.isBlank(ticket)) {
253  log.error("Ticket is null or blank.");
254  throw new UmaWebException(claimsRedirectUri, errorResponseFactory, INVALID_TICKET, state);
255  }
256 
257  List<UmaPermission> permissions = permissionService.getPermissionsByTicket(ticket);
258  if (permissions == null || permissions.isEmpty()) {
259  log.error("Unable to find permissions registered for given ticket:" + ticket);
260  throw new UmaWebException(claimsRedirectUri, errorResponseFactory, INVALID_TICKET, state);
261  }
262  return permissions;
263  }
org.xdi.oxauth.uma.service.UmaValidationService.log
Logger log
Definition: UmaValidationService.java:85
org.xdi.oxauth.uma.service.UmaValidationService.permissionService
UmaPermissionService permissionService
Definition: UmaValidationService.java:106
org.xdi.oxauth.uma.service.UmaValidationService.errorResponseFactory
ErrorResponseFactory errorResponseFactory
Definition: UmaValidationService.java:88
org.xdi.oxauth.uma.service.UmaPermissionService.getPermissionsByTicket
List< UmaPermission > getPermissionsByTicket(String ticket)
Definition: UmaPermissionService.java:136

メンバ詳解

◆ appConfiguration

AppConfiguration org.xdi.oxauth.uma.service.UmaValidationService.appConfiguration
private

◆ authorizationGrantList

AuthorizationGrantList org.xdi.oxauth.uma.service.UmaValidationService.authorizationGrantList
private

◆ clientService

ClientService org.xdi.oxauth.uma.service.UmaValidationService.clientService
private

◆ errorResponseFactory

ErrorResponseFactory org.xdi.oxauth.uma.service.UmaValidationService.errorResponseFactory
private

◆ expressionService

UmaExpressionService org.xdi.oxauth.uma.service.UmaValidationService.expressionService
private

◆ log

Logger org.xdi.oxauth.uma.service.UmaValidationService.log
private

◆ pctService

UmaPctService org.xdi.oxauth.uma.service.UmaValidationService.pctService
private

◆ permissionService

UmaPermissionService org.xdi.oxauth.uma.service.UmaValidationService.permissionService
private

◆ resourceService

UmaResourceService org.xdi.oxauth.uma.service.UmaValidationService.resourceService
private

◆ rptService

UmaRptService org.xdi.oxauth.uma.service.UmaValidationService.rptService
private

◆ tokenService

TokenService org.xdi.oxauth.uma.service.UmaValidationService.tokenService
private

◆ umaScopeService

UmaScopeService org.xdi.oxauth.uma.service.UmaValidationService.umaScopeService
private

◆ webKeysConfiguration

WebKeysConfiguration org.xdi.oxauth.uma.service.UmaValidationService.webKeysConfiguration
private
このクラス詳解は次のファイルから抽出されました:
2018年09月30日(日) 14時46分27秒作成 - gluu / 構成:   doxygen 1.8.13