org.gluu.oxtrust.service.uma.BaseUmaProtectionService クラス

org.gluu.oxtrust.service.uma.BaseUmaProtectionService の継承関係図

org.gluu.oxtrust.service.uma.BaseUmaProtectionService 連携図

公開メンバ関数
Token	getPatToken () throws UmaProtectionException
boolean	isExistPatToken ()
List< String >	getRequestedScopes (ResourceInfo resourceInfo)
abstract String	getUmaResourceId ()
abstract String	getUmaScope ()
abstract boolean	isEnabled ()
abstract Response	processAuthorization (HttpHeaders headers, ResourceInfo resourceInfo)

限定公開メンバ関数
boolean	isEnabledUmaAuthentication ()
long	computeAccessTokenExpirationTime (Integer expiresIn)
Response	getErrorResponse (Response.Status status, String detail)
abstract String	getClientId ()
abstract String	getClientKeyStorePassword ()
abstract String	getClientKeyStoreFile ()
abstract String	getClientKeyId ()

限定公開変数類
UmaPermissionService	umaPermissionService

関数
Response	processUmaAuthorization (String authorization, ResourceInfo resourceInfo) throws Exception

非公開メンバ関数
void	retrievePatToken () throws UmaProtectionException
boolean	isValidPatToken (Token validatePatToken, long validatePatTokenExpiration)
List< String >	getResourceScopes (String[] scopes)

非公開変数類
Logger	log
EncryptionService	encryptionService
UmaMetadata	umaMetadata
AppConfiguration	appConfiguration
Token	umaPat
long	umaPatAccessTokenExpiration = 0l
final ReentrantLock	lock = new ReentrantLock()

静的非公開変数類
static final long	serialVersionUID = -1147131971095468865L

詳解

Provide base methods to simplify work with UMA Rest services

著者

Yuriy Movchan Date: 12/06/2016

関数詳解

computeAccessTokenExpirationTime()

long org.gluu.oxtrust.service.uma.BaseUmaProtectionService.computeAccessTokenExpirationTime ( Integer  expiresIn )

inlineprotected

                                                                           {
                // Compute "accessToken" expiration timestamp
                Calendar calendar = Calendar.getInstance();
                if (expiresIn != null) {
                        calendar.add(Calendar.SECOND, expiresIn);
                        calendar.add(Calendar.SECOND, -10); // Subtract 10 seconds to avoid expirations during executing request
                }

                return calendar.getTimeInMillis();
        }

getClientId()

abstract String org.gluu.oxtrust.service.uma.BaseUmaProtectionService.getClientId ( )

abstractprotected

getClientKeyId()

abstract String org.gluu.oxtrust.service.uma.BaseUmaProtectionService.getClientKeyId ( )

abstractprotected

getClientKeyStoreFile()

abstract String org.gluu.oxtrust.service.uma.BaseUmaProtectionService.getClientKeyStoreFile ( )

abstractprotected

getClientKeyStorePassword()

abstract String org.gluu.oxtrust.service.uma.BaseUmaProtectionService.getClientKeyStorePassword ( )

abstractprotected

getErrorResponse()

Response org.gluu.oxtrust.service.uma.BaseUmaProtectionService.getErrorResponse ( Response.Status  status, String  detail  )

inlineprotected

                                                                               {
        return Response.status(status).entity(detail).build();
    }

getPatToken()

Token org.gluu.oxtrust.service.uma.BaseUmaProtectionService.getPatToken ( ) throws UmaProtectionException

inline

                                                                 {
                if (isValidPatToken(this.umaPat, this.umaPatAccessTokenExpiration)) {
                        return this.umaPat;
                }

                lock.lock();
                try {
                        if (isValidPatToken(this.umaPat, this.umaPatAccessTokenExpiration)) {
                                return this.umaPat;
                        }

                        retrievePatToken();
                } finally {
                  lock.unlock();
                }


                return this.umaPat;
        }

getRequestedScopes()

List<String> org.gluu.oxtrust.service.uma.BaseUmaProtectionService.getRequestedScopes ( ResourceInfo  resourceInfo )

inline

                                                                          {
                Class<?> resourceClass = resourceInfo.getResourceClass();
                ProtectedApi typeAnnotation = resourceClass.getAnnotation(ProtectedApi.class);
                if (typeAnnotation == null) {
                        return Collections.emptyList();
                }

                List<String> scopes = new ArrayList<String>();
                scopes.addAll(getResourceScopes(typeAnnotation.scopes()));

                Method resourceMethod = resourceInfo.getResourceMethod();
                ProtectedApi methodAnnotation = resourceMethod.getAnnotation(ProtectedApi.class);
                if (methodAnnotation != null) {
                        scopes.addAll(getResourceScopes(methodAnnotation.scopes()));
                }

                return scopes;
        }

getResourceScopes()

List<String> org.gluu.oxtrust.service.uma.BaseUmaProtectionService.getResourceScopes ( String []  scopes )

inlineprivate

                                                                {
                List<String> result = new ArrayList<String>();
                if ((scopes == null) || (scopes.length == 0)) {
                        return result;
                }
                
                String baseEndpoint = appConfiguration.getBaseEndpoint();
                if (baseEndpoint.endsWith("/")) {
                        baseEndpoint = baseEndpoint.substring(0, baseEndpoint.length() - 1);
                }

                for (String scope : scopes) {
                        String umaIssuerScope = baseEndpoint + scope;
                        result.add(umaIssuerScope);
                }
                
                return result;
        }

getUmaResourceId()

abstract String org.gluu.oxtrust.service.uma.BaseUmaProtectionService.getUmaResourceId ( )

abstract

getUmaScope()

abstract String org.gluu.oxtrust.service.uma.BaseUmaProtectionService.getUmaScope ( )

abstract

isEnabled()

abstract boolean org.gluu.oxtrust.service.uma.BaseUmaProtectionService.isEnabled ( )

abstract

isEnabledUmaAuthentication()

boolean org.gluu.oxtrust.service.uma.BaseUmaProtectionService.isEnabledUmaAuthentication ( )

inlineprotected

                                                       {
        return (umaMetadata != null) && isExistPatToken();
        }

isExistPatToken()

boolean org.gluu.oxtrust.service.uma.BaseUmaProtectionService.isExistPatToken ( )

inline

                                         {
                try {
                        return getPatToken() != null;
                } catch (UmaProtectionException ex) {
                        log.error("Failed to check UMA PAT token status", ex);
                }

                return false;
        }

isValidPatToken()

boolean org.gluu.oxtrust.service.uma.BaseUmaProtectionService.isValidPatToken ( Token  validatePatToken, long  validatePatTokenExpiration  )

inlineprivate

                                                                                                 {
                final long now = System.currentTimeMillis();

                // Get new access token only if is the previous one is missing or expired
        return !((validatePatToken == null) || (validatePatToken.getAccessToken() == null) ||
                (validatePatTokenExpiration <= now));
    }

processAuthorization()

abstract Response org.gluu.oxtrust.service.uma.BaseUmaProtectionService.processAuthorization ( HttpHeaders  headers, ResourceInfo  resourceInfo  )

abstract

processUmaAuthorization()

Response org.gluu.oxtrust.service.uma.BaseUmaProtectionService.processUmaAuthorization ( String  authorization, ResourceInfo  resourceInfo  ) throws Exception

inlinepackage

                                                                                                       {
                List<String> scopes = getRequestedScopes(resourceInfo);

        Token patToken = null;
        try {
            patToken = getPatToken();
        }
        catch (UmaProtectionException ex) {
            return getErrorResponse(Response.Status.INTERNAL_SERVER_ERROR, "Failed to obtain PAT token");
        }

        Pair<Boolean, Response> rptTokenValidationResult;
        if (scopes.isEmpty()) {
                rptTokenValidationResult = umaPermissionService.validateRptToken(patToken, authorization, getUmaResourceId(), scopes);
        } else {
                rptTokenValidationResult = umaPermissionService.validateRptToken(patToken, authorization, getUmaResourceId(), getUmaScope());
        }

        if (rptTokenValidationResult.getFirst()) {
            if (rptTokenValidationResult.getSecond() != null) {
                return rptTokenValidationResult.getSecond();
            }
        }
        else {
            return getErrorResponse(Response.Status.UNAUTHORIZED, "Invalid GAT/RPT token");
        }
        return null;

    }

retrievePatToken()

void org.gluu.oxtrust.service.uma.BaseUmaProtectionService.retrievePatToken ( ) throws UmaProtectionException

inlineprivate

                                                                      {
                this.umaPat = null;
                if (umaMetadata == null) {
                        return;
                }

                String umaClientKeyStoreFile = getClientKeyStoreFile();
                String umaClientKeyStorePassword = getClientKeyStorePassword();
                if (StringHelper.isEmpty(umaClientKeyStoreFile) || StringHelper.isEmpty(umaClientKeyStorePassword)) {
                        throw new UmaProtectionException("UMA JKS keystore path or password is empty");
                }

                if (umaClientKeyStorePassword != null) {
                        try {
                                umaClientKeyStorePassword = encryptionService.decrypt(umaClientKeyStorePassword);
                        } catch (EncryptionException ex) {
                                log.error("Failed to decrypt UmaClientKeyStorePassword password", ex);
                        }
                }
                

                try {
                        this.umaPat = UmaClient.requestPat(umaMetadata.getTokenEndpoint(), umaClientKeyStoreFile, umaClientKeyStorePassword, getClientId(), getClientKeyId());
                        if (this.umaPat == null) {
                                this.umaPatAccessTokenExpiration = 0l;
                        } else {
                                this.umaPatAccessTokenExpiration = computeAccessTokenExpirationTime(this.umaPat.getExpiresIn());
                        }
                } catch (Exception ex) {
                        throw new UmaProtectionException("Failed to obtain valid UMA PAT token", ex);
                }
                
                if ((this.umaPat == null) || (this.umaPat.getAccessToken() == null)) {
                        throw new UmaProtectionException("Failed to obtain valid UMA PAT token");
                }
        }

メンバ詳解

appConfiguration

AppConfiguration org.gluu.oxtrust.service.uma.BaseUmaProtectionService.appConfiguration

private

encryptionService

EncryptionService org.gluu.oxtrust.service.uma.BaseUmaProtectionService.encryptionService

private

lock

final ReentrantLock org.gluu.oxtrust.service.uma.BaseUmaProtectionService.lock = new ReentrantLock()

private

log

Logger org.gluu.oxtrust.service.uma.BaseUmaProtectionService.log

private

serialVersionUID

final long org.gluu.oxtrust.service.uma.BaseUmaProtectionService.serialVersionUID = -1147131971095468865L

staticprivate

umaMetadata

UmaMetadata org.gluu.oxtrust.service.uma.BaseUmaProtectionService.umaMetadata

private

umaPat

Token org.gluu.oxtrust.service.uma.BaseUmaProtectionService.umaPat

private

umaPatAccessTokenExpiration

long org.gluu.oxtrust.service.uma.BaseUmaProtectionService.umaPatAccessTokenExpiration = 0l

private

umaPermissionService

UmaPermissionService org.gluu.oxtrust.service.uma.BaseUmaProtectionService.umaPermissionService

protected

---

このクラス詳解は次のファイルから抽出されました:

• D:/AppData/OpenId/gluu/src/oxTrust/server/src/main/java/org/gluu/oxtrust/service/uma/BaseUmaProtectionService.java