org.gluu.oxtrust.service.uma.UmaPermissionService の継承関係図

org.gluu.oxtrust.service.uma.UmaPermissionService 連携図

公開メンバ関数
void	init ()

Pair< Boolean, Response >	validateRptToken (Token patToken, String authorization, String umaResourceId, String scopeId)

Pair< Boolean, Response >	validateRptToken (Token patToken, String authorization, String resourceId, List< String > scopeIds)

String	registerResourcePermission (Token patToken, String resourceId, List< String > scopeIds)

限定公開変数類
AppConfiguration	appConfiguration

非公開メンバ関数
boolean	isRptHasPermissions (RptIntrospectionResponse umaRptStatusResponse)

RptIntrospectionResponse	getStatusResponse (Token patToken, String rptToken)

Response	prepareRegisterPermissionsResponse (Token patToken, String resourceId, List< String > scopeIds)

String	getHost (String uri) throws MalformedURLException

非公開変数類
Logger	log

UmaMetadata	umaMetadata

JsonService	jsonService

AppInitializer	appInitializer

org.xdi.oxauth.client.uma.UmaPermissionService	permissionService

UmaRptIntrospectionService	rptStatusService

final Pair< Boolean, Response >	authenticationFailure = new Pair<Boolean, Response>(false, null)

final Pair< Boolean, Response >	authenticationSuccess = new Pair<Boolean, Response>(true, null)

ConnectionKeepAliveStrategy	connectionKeepAliveStrategy

静的非公開変数類
static final long	serialVersionUID = -3347131971095468866L

詳解

Provide methods to work with permissions and RPT tokens

著者: Yuriy Movchan Date: 12/06/2016

関数詳解

◆ getHost()

String org.gluu.oxtrust.service.uma.UmaPermissionService.getHost ( String uri ) throws MalformedURLException

inlineprivate

                                                                         {
                 URL url = new URL(uri);
 
                 return url.getHost();
         }

◆ getStatusResponse()

RptIntrospectionResponse org.gluu.oxtrust.service.uma.UmaPermissionService.getStatusResponse	(	Token	patToken,
		String	rptToken
	)

inlineprivate

                                                                                             {
                 String authorization = "Bearer " + patToken.getAccessToken();
 
                 // Determine RPT token to status
         RptIntrospectionResponse rptStatusResponse = null;
                 try {
                         rptStatusResponse = this.rptStatusService.requestRptStatus(authorization, rptToken, "");
                 } catch (Exception ex) {
                         log.error("Failed to determine RPT status", ex);
                         ex.printStackTrace();
                 }
 
                 // Validate RPT status response
                 if ((rptStatusResponse == null) || !rptStatusResponse.getActive()) {
                         return null;
                 }
 
                 return rptStatusResponse;
         }

◆ init()

void org.gluu.oxtrust.service.uma.UmaPermissionService.init ( )

inline

                            {
                 if (this.umaMetadata != null) {
                         if (appConfiguration.isRptConnectionPoolUseConnectionPooling()) {
 
                                 // For more information about PoolingHttpClientConnectionManager, please see:
                                 // http://hc.apache.org/httpcomponents-client-ga/httpclient/apidocs/index.html?org/apache/http/impl/conn/PoolingHttpClientConnectionManager.html
 
                                 log.info("##### Initializing custom ClientExecutor...");
                                 PoolingHttpClientConnectionManager connectionManager = new PoolingHttpClientConnectionManager();
                                 connectionManager.setMaxTotal(appConfiguration.getRptConnectionPoolMaxTotal());
                                 connectionManager.setDefaultMaxPerRoute(appConfiguration.getRptConnectionPoolDefaultMaxPerRoute());
                                 connectionManager.setValidateAfterInactivity(appConfiguration.getRptConnectionPoolValidateAfterInactivity() * 1000);
                                 CloseableHttpClient client = HttpClients.custom()
                                         .setKeepAliveStrategy(connectionKeepAliveStrategy)
                                         .setConnectionManager(connectionManager)
                                         .build();
                                 ClientExecutor clientExecutor = new ApacheHttpClient4Executor(client);
                                 log.info("##### Initializing custom ClientExecutor DONE");
 
                                 this.permissionService = UmaClientFactory.instance().createPermissionService(this.umaMetadata, clientExecutor);
                                 this.rptStatusService = UmaClientFactory.instance().createRptStatusService(this.umaMetadata, clientExecutor);
 
                         } else {
                                 this.permissionService = UmaClientFactory.instance().createPermissionService(this.umaMetadata);
                                 this.rptStatusService = UmaClientFactory.instance().createRptStatusService(this.umaMetadata);
                         }
                 }
         }

◆ isRptHasPermissions()

boolean org.gluu.oxtrust.service.uma.UmaPermissionService.isRptHasPermissions ( RptIntrospectionResponse umaRptStatusResponse )

inlineprivate

                                                                                            {
         return !((umaRptStatusResponse.getPermissions() == null) || umaRptStatusResponse.getPermissions().isEmpty());
     }

◆ prepareRegisterPermissionsResponse()

Response org.gluu.oxtrust.service.uma.UmaPermissionService.prepareRegisterPermissionsResponse	(	Token	patToken,
		String	resourceId,
		List< String >	scopeIds
	)

inlineprivate

                                                                                                                       {
                 String ticket = registerResourcePermission(patToken, resourceId, scopeIds);
                 if (StringHelper.isEmpty(ticket)) {
                         return null;
                 }
 
         log.debug("Construct response: HTTP 401 (Unauthorized), ticket: '{}'",  ticket);
         Response response = null;
                 try {
                         String authHeaderValue = String.format("UMA realm=\"Authorization required\", host_id=%s, as_uri=%s, ticket=%s",
                                         getHost(appConfiguration.getIdpUrl()),  appInitializer.getUmaConfigurationEndpoint(), ticket);
                         response = Response.status(Response.Status.UNAUTHORIZED).
                                 header("WWW-Authenticate", authHeaderValue).
                                 build();
                 } catch (MalformedURLException ex) {
                 log.error("Failed to determine host by URI", ex);
                 }
                 
          return response;
         }

◆ registerResourcePermission()

String org.gluu.oxtrust.service.uma.UmaPermissionService.registerResourcePermission	(	Token	patToken,
		String	resourceId,
		List< String >	scopeIds
	)

inline

                                                                                                            {
 
         UmaPermission permission = new UmaPermission();
         permission.setResourceId(resourceId);
         permission.setScopes(scopeIds);
 
         PermissionTicket ticket = permissionService.registerPermission(
                 "Bearer " + patToken.getAccessToken(), UmaPermissionList.instance(permission));
         
         if (ticket == null) {
                 return null;
         }
 
         return ticket.getTicket();
     }

◆ validateRptToken() [1/2]

Pair<Boolean, Response> org.gluu.oxtrust.service.uma.UmaPermissionService.validateRptToken	(	Token	patToken,
		String	authorization,
		String	umaResourceId,
		String	scopeId
	)

inline

                                                                                                                                     {
                 return validateRptToken(patToken, authorization, umaResourceId, Arrays.asList(scopeId));
         }

◆ validateRptToken() [2/2]

Pair<Boolean, Response> org.gluu.oxtrust.service.uma.UmaPermissionService.validateRptToken	(	Token	patToken,
		String	authorization,
		String	resourceId,
		List< String >	scopeIds
	)

inline

                                                                                                                                         {
             /* //caller of this method never pass null patToken
                 if (patToken == null) {
                 return authenticationFailure;
                 } */
 
                 if (StringHelper.isNotEmpty(authorization) && authorization.startsWith("Bearer ")) {
                         String rptToken = authorization.substring(7);
         
                 RptIntrospectionResponse rptStatusResponse = getStatusResponse(patToken, rptToken);
                         if ((rptStatusResponse == null) || !rptStatusResponse.getActive()) {
                                 log.error("Status response for RPT token: '{}' is invalid", rptToken);
                                 //return authenticationFailure;
                         } else{
                 boolean rptHasPermissions = isRptHasPermissions(rptStatusResponse);
 
                 if (rptHasPermissions) {
                         // Collect all scopes
                         List<String> returnScopeIds = new LinkedList<String>();
                     for (UmaPermission umaPermission : rptStatusResponse.getPermissions()) {
                         if (umaPermission.getScopes() != null) {
                                 returnScopeIds.addAll(umaPermission.getScopes());
                         }
                     }
                     
                     if (returnScopeIds.containsAll(scopeIds)) {
                         return authenticationSuccess;
                     }
 
                     log.error("Status response for RPT token: '{}' not contains right permissions", rptToken);
                 }
             }
                 }
 
                 Response registerPermissionsResponse = prepareRegisterPermissionsResponse(patToken, resourceId, scopeIds);
         if (registerPermissionsResponse == null) {
                 return authenticationFailure;
         }
 
         return new Pair<Boolean, Response>(true, registerPermissionsResponse);
         }

メンバ詳解

◆ appConfiguration

AppConfiguration org.gluu.oxtrust.service.uma.UmaPermissionService.appConfiguration

protected

◆ appInitializer

AppInitializer org.gluu.oxtrust.service.uma.UmaPermissionService.appInitializer

private

◆ authenticationFailure

final Pair<Boolean, Response> org.gluu.oxtrust.service.uma.UmaPermissionService.authenticationFailure = new Pair<Boolean, Response>(false, null)

private

◆ authenticationSuccess

final Pair<Boolean, Response> org.gluu.oxtrust.service.uma.UmaPermissionService.authenticationSuccess = new Pair<Boolean, Response>(true, null)

private

◆ connectionKeepAliveStrategy

ConnectionKeepAliveStrategy org.gluu.oxtrust.service.uma.UmaPermissionService.connectionKeepAliveStrategy

private

初期値:

= new ConnectionKeepAliveStrategy() {
                @Override
                public long getKeepAliveDuration(HttpResponse httpResponse, HttpContext httpContext) {
                        HeaderElementIterator headerElementIterator = new BasicHeaderElementIterator(httpResponse.headerIterator(HTTP.CONN_KEEP_ALIVE));
                        while (headerElementIterator.hasNext()) {
                                HeaderElement headerElement = headerElementIterator.nextElement();
                                String name = headerElement.getName();
                                String value = headerElement.getValue();
                                if (value != null && name.equalsIgnoreCase("timeout")) {
                                        return Long.parseLong(value) * 1000;
                                }
                        }
                        
                        return appConfiguration.getRptConnectionPoolCustomKeepAliveTimeout() * 1000;
                }
        }

◆ jsonService

JsonService org.gluu.oxtrust.service.uma.UmaPermissionService.jsonService

private

◆ log

Logger org.gluu.oxtrust.service.uma.UmaPermissionService.log

private

◆ permissionService

org.xdi.oxauth.client.uma.UmaPermissionService org.gluu.oxtrust.service.uma.UmaPermissionService.permissionService

private

◆ rptStatusService

UmaRptIntrospectionService org.gluu.oxtrust.service.uma.UmaPermissionService.rptStatusService

private

◆ serialVersionUID

final long org.gluu.oxtrust.service.uma.UmaPermissionService.serialVersionUID = -3347131971095468866L

staticprivate

◆ umaMetadata

UmaMetadata org.gluu.oxtrust.service.uma.UmaPermissionService.umaMetadata

private

このクラス詳解は次のファイルから抽出されました:

D:/AppData/OpenId/gluu/src/oxTrust/server/src/main/java/org/gluu/oxtrust/service/uma/UmaPermissionService.java

公開メンバ関数

限定公開変数類

非公開メンバ関数

非公開変数類

静的非公開変数類

詳解

関数詳解

◆ getHost()

◆ getStatusResponse()

◆ init()

◆ isRptHasPermissions()

◆ prepareRegisterPermissionsResponse()

◆ registerResourcePermission()

◆ validateRptToken() [1/2]

◆ validateRptToken() [2/2]

メンバ詳解

◆ appConfiguration

◆ appInitializer

◆ authenticationFailure

◆ authenticationSuccess

◆ connectionKeepAliveStrategy

◆ jsonService

◆ log

◆ permissionService

◆ rptStatusService

◆ serialVersionUID

◆ umaMetadata