org.xdi.oxauth.userinfo.ws.rs.UserInfoRestWebServiceImpl の継承関係図

org.xdi.oxauth.userinfo.ws.rs.UserInfoRestWebServiceImpl 連携図

公開メンバ関数
Response	requestUserInfoGet (String accessToken, String authorization, HttpServletRequest request, SecurityContext securityContext)

Response	requestUserInfoPost (String accessToken, String authorization, HttpServletRequest request, SecurityContext securityContext)

Response	requestUserInfo (String accessToken, String authorization, HttpServletRequest request, SecurityContext securityContext)

String	getJwtResponse (SignatureAlgorithm signatureAlgorithm, User user, AuthorizationGrant authorizationGrant, Collection< String > scopes) throws Exception

String	getJweResponse (KeyEncryptionAlgorithm keyEncryptionAlgorithm, BlockEncryptionAlgorithm blockEncryptionAlgorithm, User user, AuthorizationGrant authorizationGrant, Collection< String > scopes) throws Exception

String	getJSonResponse (User user, AuthorizationGrant authorizationGrant, Collection< String > scopes) throws Exception

boolean	validateRequesteClaim (GluuAttribute gluuAttribute, String[] clientAllowedClaims, Collection< String > scopes)

Map< String, Object >	getClaims (User user, Scope scope) throws InvalidClaimException, ParseException

Response	requestUserInfoGet ( @QueryParam("access_token") @ApiParam(value="OAuth 2.0 Access Token.", required=true) String accessToken, @HeaderParam("Authorization") String authorization, @Context HttpServletRequest request, @Context SecurityContext securityContext)

Response	requestUserInfoPost ( @FormParam("access_token") @ApiParam(value="OAuth 2.0 Access Token.", required=true) String accessToken, @HeaderParam("Authorization") String authorization, @Context HttpServletRequest request, @Context SecurityContext securityContext)

非公開メンバ関数
Response	response (int status, UserInfoErrorResponseType errorResponseType)

詳解

Provides interface for User Info REST web services

著者: Javier Rojas Blum

バージョン: September 3, 2018

関数詳解

◆ getClaims()

Map<String, Object> org.xdi.oxauth.userinfo.ws.rs.UserInfoRestWebServiceImpl.getClaims	(	User	user,
		Scope	scope
	)		throws InvalidClaimException, ParseException

inline

                                                                                                               {
         Map<String, Object> claims = new HashMap<String, Object>();
 
         if (scope != null && scope.getOxAuthClaims() != null) {
             for (String claimDn : scope.getOxAuthClaims()) {
                 GluuAttribute gluuAttribute = attributeService.getAttributeByDn(claimDn);
 
                 String claimName = gluuAttribute.getOxAuthClaimName();
                 String ldapName = gluuAttribute.getName();
                 Object attribute = null;
 
                 if (StringUtils.isNotBlank(claimName) && StringUtils.isNotBlank(ldapName)) {
                     if (ldapName.equals("uid")) {
                         attribute = user.getUserId();
                     } else if (AttributeDataType.BOOLEAN.equals(gluuAttribute.getDataType())) {
                         attribute = Boolean.parseBoolean((String) user.getAttribute(gluuAttribute.getName(), true));
                     } else if (AttributeDataType.DATE.equals(gluuAttribute.getDataType())) {
                         SimpleDateFormat format = new SimpleDateFormat("yyyyMMddHHmmss.SSS'Z'");
                         Object attributeValue = user.getAttribute(gluuAttribute.getName(), true);
                         if (attributeValue != null) {
                             attribute = format.parse(attributeValue.toString());
                         }
                     } else {
                         attribute = user.getAttribute(gluuAttribute.getName(), true);
                     }
 
                     if (attribute != null) {
                         if (attribute instanceof JSONArray) {
                             JSONArray jsonArray = (JSONArray) attribute;
                             List<String> values = new ArrayList<String>();
                             for (int i = 0; i < jsonArray.length(); i++) {
                                 String value = jsonArray.optString(i);
                                 if (value != null) {
                                     values.add(value);
                                 }
                             }
                             claims.put(claimName, values);
                         } else {
                             claims.put(claimName, attribute);
                         }
                     }
                 }
             }
         }
 
         return claims;
     }

◆ getJSonResponse()

String org.xdi.oxauth.userinfo.ws.rs.UserInfoRestWebServiceImpl.getJSonResponse	(	User	user,
		AuthorizationGrant	authorizationGrant,
		Collection< String >	scopes
	)		throws Exception

inline

Builds a JSon String with the response parameters.

                              {
         JsonWebResponse jsonWebResponse = new JsonWebResponse();
 
         // Claims
         List<Scope> dynamicScopes = new ArrayList<Scope>();
         for (String scopeName : scopes) {
             org.xdi.oxauth.model.common.Scope scope = scopeService.getScopeByDisplayName(scopeName);
             if ((scope != null) && (org.xdi.oxauth.model.common.ScopeType.DYNAMIC == scope.getScopeType())) {
                 dynamicScopes.add(scope);
                 continue;
             }
 
             Map<String, Object> claims = getClaims(user, scope);
 
             if (scope.getIsOxAuthGroupClaims()) {
                 JwtSubClaimObject groupClaim = new JwtSubClaimObject();
                 groupClaim.setName(scope.getDisplayName());
                 for (Map.Entry<String, Object> entry : claims.entrySet()) {
                     String key = entry.getKey();
                     Object value = entry.getValue();
 
                     if (value instanceof List) {
                         groupClaim.setClaim(key, (List<String>) value);
                     } else {
                         groupClaim.setClaim(key, (String) value);
                     }
                 }
 
                 jsonWebResponse.getClaims().setClaim(scope.getDisplayName(), groupClaim);
             } else {
                 for (Map.Entry<String, Object> entry : claims.entrySet()) {
                     String key = entry.getKey();
                     Object value = entry.getValue();
 
                     if (value instanceof List) {
                         jsonWebResponse.getClaims().setClaim(key, (List<String>) value);
                     } else if (value instanceof Boolean) {
                         jsonWebResponse.getClaims().setClaim(key, (Boolean) value);
                     } else if (value instanceof Date) {
                         jsonWebResponse.getClaims().setClaim(key, ((Date) value).getTime());
                     } else {
                         jsonWebResponse.getClaims().setClaim(key, (String) value);
                     }
                 }
             }
 
             jsonWebResponse.getClaims().setSubjectIdentifier(authorizationGrant.getUser().getAttribute("inum"));
         }
 
         if (authorizationGrant.getClaims() != null) {
             JSONObject claimsObj = new JSONObject(authorizationGrant.getClaims());
             if (claimsObj.has("userinfo")) {
                 JSONObject userInfoObj = claimsObj.getJSONObject("userinfo");
                 for (Iterator<String> it = userInfoObj.keys(); it.hasNext(); ) {
                     String claimName = it.next();
                     boolean optional = true; // ClaimValueType.OPTIONAL.equals(claim.getClaimValue().getClaimValueType());
                     GluuAttribute gluuAttribute = attributeService.getByClaimName(claimName);
 
                     if (gluuAttribute != null) {
                         String ldapClaimName = gluuAttribute.getName();
 
                         Object attribute = user.getAttribute(ldapClaimName, optional);
                         if (attribute != null) {
                             if (attribute instanceof JSONArray) {
                                 JSONArray jsonArray = (JSONArray) attribute;
                                 List<String> values = new ArrayList<String>();
                                 for (int i = 0; i < jsonArray.length(); i++) {
                                     String value = jsonArray.optString(i);
                                     if (value != null) {
                                         values.add(value);
                                     }
                                 }
                                 jsonWebResponse.getClaims().setClaim(claimName, values);
                             } else {
                                 String value = (String) attribute;
                                 jsonWebResponse.getClaims().setClaim(claimName, value);
                             }
                         }
                     }
                 }
             }
         }
 
         if (authorizationGrant.getJwtAuthorizationRequest() != null
                 && authorizationGrant.getJwtAuthorizationRequest().getUserInfoMember() != null) {
             for (Claim claim : authorizationGrant.getJwtAuthorizationRequest().getUserInfoMember().getClaims()) {
                 boolean optional = true; // ClaimValueType.OPTIONAL.equals(claim.getClaimValue().getClaimValueType());
                 GluuAttribute gluuAttribute = attributeService.getByClaimName(claim.getName());
 
                 if (gluuAttribute != null) {
                     Client client = authorizationGrant.getClient();
 
                     if (validateRequesteClaim(gluuAttribute, client.getClaims(), scopes)) {
                         String ldapClaimName = gluuAttribute.getName();
                         Object attribute = user.getAttribute(ldapClaimName, optional);
                         if (attribute != null) {
                             if (attribute instanceof JSONArray) {
                                 JSONArray jsonArray = (JSONArray) attribute;
                                 List<String> values = new ArrayList<String>();
                                 for (int i = 0; i < jsonArray.length(); i++) {
                                     String value = jsonArray.optString(i);
                                     if (value != null) {
                                         values.add(value);
                                     }
                                 }
                                 jsonWebResponse.getClaims().setClaim(claim.getName(), values);
                             } else {
                                 String value = (String) attribute;
                                 jsonWebResponse.getClaims().setClaim(claim.getName(), value);
                             }
                         }
                     }
                 }
             }
         }
 
         // Check for Subject Identifier Type
         if (authorizationGrant.getClient().getSubjectType() != null &&
                 SubjectType.fromString(authorizationGrant.getClient().getSubjectType()).equals(SubjectType.PAIRWISE)) {
             String sectorIdentifierUri = null;
             if (StringUtils.isNotBlank(authorizationGrant.getClient().getSectorIdentifierUri())) {
                 sectorIdentifierUri = authorizationGrant.getClient().getSectorIdentifierUri();
             } else {
                 sectorIdentifierUri = authorizationGrant.getClient().getRedirectUris()[0];
             }
 
             String userInum = authorizationGrant.getUser().getAttribute("inum");
             String clientId = authorizationGrant.getClientId();
             PairwiseIdentifier pairwiseIdentifier = pairwiseIdentifierService.findPairWiseIdentifier(
                     userInum, sectorIdentifierUri, clientId);
             if (pairwiseIdentifier == null) {
                 pairwiseIdentifier = new PairwiseIdentifier(sectorIdentifierUri, clientId);
                 pairwiseIdentifier.setId(UUID.randomUUID().toString());
                 pairwiseIdentifier.setDn(pairwiseIdentifierService.getDnForPairwiseIdentifier(
                         pairwiseIdentifier.getId(),
                         userInum));
                 pairwiseIdentifierService.addPairwiseIdentifier(userInum, pairwiseIdentifier);
             }
             jsonWebResponse.getClaims().setSubjectIdentifier(pairwiseIdentifier.getId());
         } else {
             String openidSubAttribute = appConfiguration.getOpenidSubAttribute();
             jsonWebResponse.getClaims().setSubjectIdentifier(authorizationGrant.getUser().getAttribute(openidSubAttribute));
         }
 
         if ((dynamicScopes.size() > 0) && externalDynamicScopeService.isEnabled()) {
             final UnmodifiableAuthorizationGrant unmodifiableAuthorizationGrant = new UnmodifiableAuthorizationGrant(authorizationGrant);
             DynamicScopeExternalContext dynamicScopeContext = new DynamicScopeExternalContext(dynamicScopes, jsonWebResponse, unmodifiableAuthorizationGrant);
             externalDynamicScopeService.executeExternalUpdateMethods(dynamicScopeContext);
         }
 
         return jsonWebResponse.toString();
     }

◆ getJweResponse()

String org.xdi.oxauth.userinfo.ws.rs.UserInfoRestWebServiceImpl.getJweResponse	(	KeyEncryptionAlgorithm	keyEncryptionAlgorithm,
		BlockEncryptionAlgorithm	blockEncryptionAlgorithm,
		User	user,
		AuthorizationGrant	authorizationGrant,
		Collection< String >	scopes
	)		throws Exception

inline

                                                                                                           {
         Jwe jwe = new Jwe();
 
         // Header
         jwe.getHeader().setType(JwtType.JWT);
         jwe.getHeader().setAlgorithm(keyEncryptionAlgorithm);
         jwe.getHeader().setEncryptionMethod(blockEncryptionAlgorithm);
 
         // Claims
         List<Scope> dynamicScopes = new ArrayList<Scope>();
         for (String scopeName : scopes) {
             Scope scope = scopeService.getScopeByDisplayName(scopeName);
             if (org.xdi.oxauth.model.common.ScopeType.DYNAMIC == scope.getScopeType()) {
                 dynamicScopes.add(scope);
                 continue;
             }
 
             if (scope.getOxAuthClaims() != null) {
                 for (String claimDn : scope.getOxAuthClaims()) {
                     GluuAttribute gluuAttribute = attributeService.getAttributeByDn(claimDn);
 
                     String claimName = gluuAttribute.getOxAuthClaimName();
                     String ldapName = gluuAttribute.getName();
                     Object attributeValue = null;
 
                     if (StringUtils.isNotBlank(claimName) && StringUtils.isNotBlank(ldapName)) {
                         if (ldapName.equals("uid")) {
                             attributeValue = user.getUserId();
                         } else {
                             attributeValue = user.getAttribute(gluuAttribute.getName(), true);
                         }
 
                         if (attributeValue != null) {
                             if (attributeValue instanceof JSONArray) {
                                 JSONArray jsonArray = (JSONArray) attributeValue;
                                 List<String> values = new ArrayList<String>();
                                 for (int i = 0; i < jsonArray.length(); i++) {
                                     String value = jsonArray.optString(i);
                                     if (value != null) {
                                         values.add(value);
                                     }
                                 }
                                 jwe.getClaims().setClaim(claimName, values);
                             } else {
                                 String value = attributeValue.toString();
                                 jwe.getClaims().setClaim(claimName, value);
                             }
                         }
                     }
                 }
             }
         }
         if (authorizationGrant.getJwtAuthorizationRequest() != null
                 && authorizationGrant.getJwtAuthorizationRequest().getUserInfoMember() != null) {
             for (Claim claim : authorizationGrant.getJwtAuthorizationRequest().getUserInfoMember().getClaims()) {
                 boolean optional = true; // ClaimValueType.OPTIONAL.equals(claim.getClaimValue().getClaimValueType());
                 GluuAttribute gluuAttribute = attributeService.getByClaimName(claim.getName());
 
                 if (gluuAttribute != null) {
                     Client client = authorizationGrant.getClient();
 
                     if (validateRequesteClaim(gluuAttribute, client.getClaims(), scopes)) {
                         String ldapClaimName = gluuAttribute.getName();
                         Object attribute = user.getAttribute(ldapClaimName, optional);
                         if (attribute != null) {
                             if (attribute instanceof JSONArray) {
                                 JSONArray jsonArray = (JSONArray) attribute;
                                 List<String> values = new ArrayList<String>();
                                 for (int i = 0; i < jsonArray.length(); i++) {
                                     String value = jsonArray.optString(i);
                                     if (value != null) {
                                         values.add(value);
                                     }
                                 }
                                 jwe.getClaims().setClaim(claim.getName(), values);
                             } else {
                                 String value = attribute.toString();
                                 jwe.getClaims().setClaim(claim.getName(), value);
                             }
                         }
                     }
                 }
             }
         }
 
         // Check for Subject Identifier Type
         if (authorizationGrant.getClient().getSubjectType() != null &&
                 SubjectType.fromString(authorizationGrant.getClient().getSubjectType()).equals(SubjectType.PAIRWISE)) {
             String sectorIdentifierUri = null;
             if (StringUtils.isNotBlank(authorizationGrant.getClient().getSectorIdentifierUri())) {
                 sectorIdentifierUri = authorizationGrant.getClient().getSectorIdentifierUri();
             } else {
                 sectorIdentifierUri = authorizationGrant.getClient().getRedirectUris()[0];
             }
 
             String userInum = authorizationGrant.getUser().getAttribute("inum");
             String clientId = authorizationGrant.getClientId();
             PairwiseIdentifier pairwiseIdentifier = pairwiseIdentifierService.findPairWiseIdentifier(
                     userInum, sectorIdentifierUri, clientId);
             if (pairwiseIdentifier == null) {
                 pairwiseIdentifier = new PairwiseIdentifier(sectorIdentifierUri, clientId);
                 pairwiseIdentifier.setId(UUID.randomUUID().toString());
                 pairwiseIdentifier.setDn(pairwiseIdentifierService.getDnForPairwiseIdentifier(
                         pairwiseIdentifier.getId(),
                         userInum));
                 pairwiseIdentifierService.addPairwiseIdentifier(userInum, pairwiseIdentifier);
             }
             jwe.getClaims().setSubjectIdentifier(pairwiseIdentifier.getId());
         } else {
             String openidSubAttribute = appConfiguration.getOpenidSubAttribute();
             jwe.getClaims().setSubjectIdentifier(authorizationGrant.getUser().getAttribute(openidSubAttribute));
         }
 
         if ((dynamicScopes.size() > 0) && externalDynamicScopeService.isEnabled()) {
             final UnmodifiableAuthorizationGrant unmodifiableAuthorizationGrant = new UnmodifiableAuthorizationGrant(authorizationGrant);
             DynamicScopeExternalContext dynamicScopeContext = new DynamicScopeExternalContext(dynamicScopes, jwe, unmodifiableAuthorizationGrant);
             externalDynamicScopeService.executeExternalUpdateMethods(dynamicScopeContext);
         }
 
         // Encryption
         if (keyEncryptionAlgorithm == KeyEncryptionAlgorithm.RSA_OAEP
                 || keyEncryptionAlgorithm == KeyEncryptionAlgorithm.RSA1_5) {
             JSONObject jsonWebKeys = JwtUtil.getJSONWebKeys(authorizationGrant.getClient().getJwksUri());
             AbstractCryptoProvider cryptoProvider = CryptoProviderFactory.getCryptoProvider(appConfiguration);
             String keyId = cryptoProvider.getKeyId(JSONWebKeySet.fromJSONObject(jsonWebKeys), SignatureAlgorithm.RS256, Use.ENCRYPTION);
             PublicKey publicKey = cryptoProvider.getPublicKey(keyId, jsonWebKeys);
 
             if (publicKey != null) {
                 JweEncrypter jweEncrypter = new JweEncrypterImpl(keyEncryptionAlgorithm, blockEncryptionAlgorithm, publicKey);
                 jwe = jweEncrypter.encrypt(jwe);
             } else {
                 throw new InvalidJweException("The public key is not valid");
             }
         } else if (keyEncryptionAlgorithm == KeyEncryptionAlgorithm.A128KW
                 || keyEncryptionAlgorithm == KeyEncryptionAlgorithm.A256KW) {
             try {
                 byte[] sharedSymmetricKey = clientService.decryptSecret(authorizationGrant.getClient().getClientSecret()).getBytes(Util.UTF8_STRING_ENCODING);
                 JweEncrypter jweEncrypter = new JweEncrypterImpl(keyEncryptionAlgorithm, blockEncryptionAlgorithm, sharedSymmetricKey);
                 jwe = jweEncrypter.encrypt(jwe);
             } catch (UnsupportedEncodingException e) {
                 throw new InvalidJweException(e);
             } catch (StringEncrypter.EncryptionException e) {
                 throw new InvalidJweException(e);
             } catch (Exception e) {
                 throw new InvalidJweException(e);
             }
         }
 
         return jwe.toString();
     }

◆ getJwtResponse()

String org.xdi.oxauth.userinfo.ws.rs.UserInfoRestWebServiceImpl.getJwtResponse	(	SignatureAlgorithm	signatureAlgorithm,
		User	user,
		AuthorizationGrant	authorizationGrant,
		Collection< String >	scopes
	)		throws Exception

inline

                                                                              {
         Jwt jwt = new Jwt();
         AbstractCryptoProvider cryptoProvider = CryptoProviderFactory.getCryptoProvider(appConfiguration);
 
         // Header
         jwt.getHeader().setType(JwtType.JWT);
         jwt.getHeader().setAlgorithm(signatureAlgorithm);
 
         String keyId = cryptoProvider.getKeyId(webKeysConfiguration, signatureAlgorithm, Use.SIGNATURE);
         if (keyId != null) {
             jwt.getHeader().setKeyId(keyId);
         }
 
         // Claims
         List<Scope> dynamicScopes = new ArrayList<Scope>();
         for (String scopeName : scopes) {
             Scope scope = scopeService.getScopeByDisplayName(scopeName);
             if (org.xdi.oxauth.model.common.ScopeType.DYNAMIC == scope.getScopeType()) {
                 dynamicScopes.add(scope);
                 continue;
             }
 
             if (scope.getOxAuthClaims() != null) {
                 for (String claimDn : scope.getOxAuthClaims()) {
                     GluuAttribute gluuAttribute = attributeService.getAttributeByDn(claimDn);
 
                     String claimName = gluuAttribute.getOxAuthClaimName();
                     String ldapName = gluuAttribute.getName();
                     Object attributeValue = null;
 
                     if (StringUtils.isNotBlank(claimName) && StringUtils.isNotBlank(ldapName)) {
                         if (ldapName.equals("uid")) {
                             attributeValue = user.getUserId();
                         } else {
                             attributeValue = user.getAttribute(gluuAttribute.getName(), true);
                         }
 
                         if (attributeValue != null) {
                             if (attributeValue instanceof JSONArray) {
                                 JSONArray jsonArray = (JSONArray) attributeValue;
                                 List<String> values = new ArrayList<String>();
                                 for (int i = 0; i < jsonArray.length(); i++) {
                                     String value = jsonArray.optString(i);
                                     if (value != null) {
                                         values.add(value);
                                     }
                                 }
                                 jwt.getClaims().setClaim(claimName, values);
                             } else {
                                 String value = attributeValue.toString();
                                 jwt.getClaims().setClaim(claimName, value);
                             }
                         }
                     }
                 }
             }
         }
 
         if (authorizationGrant.getJwtAuthorizationRequest() != null
                 && authorizationGrant.getJwtAuthorizationRequest().getUserInfoMember() != null) {
             for (Claim claim : authorizationGrant.getJwtAuthorizationRequest().getUserInfoMember().getClaims()) {
                 boolean optional = true; // ClaimValueType.OPTIONAL.equals(claim.getClaimValue().getClaimValueType());
                 GluuAttribute gluuAttribute = attributeService.getByClaimName(claim.getName());
 
                 if (gluuAttribute != null) {
                     Client client = authorizationGrant.getClient();
 
                     if (validateRequesteClaim(gluuAttribute, client.getClaims(), scopes)) {
                         String ldapClaimName = gluuAttribute.getName();
                         Object attribute = user.getAttribute(ldapClaimName, optional);
                         if (attribute != null) {
                             if (attribute instanceof JSONArray) {
                                 JSONArray jsonArray = (JSONArray) attribute;
                                 List<String> values = new ArrayList<String>();
                                 for (int i = 0; i < jsonArray.length(); i++) {
                                     String value = jsonArray.optString(i);
                                     if (value != null) {
                                         values.add(value);
                                     }
                                 }
                                 jwt.getClaims().setClaim(claim.getName(), values);
                             } else {
                                 String value = attribute.toString();
                                 jwt.getClaims().setClaim(claim.getName(), value);
                             }
                         }
                     }
                 }
             }
         }
 
         // Check for Subject Identifier Type
         if (authorizationGrant.getClient().getSubjectType() != null &&
                 SubjectType.fromString(authorizationGrant.getClient().getSubjectType()).equals(SubjectType.PAIRWISE)) {
             String sectorIdentifierUri = null;
             if (StringUtils.isNotBlank(authorizationGrant.getClient().getSectorIdentifierUri())) {
                 sectorIdentifierUri = authorizationGrant.getClient().getSectorIdentifierUri();
             } else {
                 sectorIdentifierUri = authorizationGrant.getClient().getRedirectUris()[0];
             }
 
             String userInum = authorizationGrant.getUser().getAttribute("inum");
             String clientId = authorizationGrant.getClientId();
             PairwiseIdentifier pairwiseIdentifier = pairwiseIdentifierService.findPairWiseIdentifier(
                     userInum, sectorIdentifierUri, clientId);
             if (pairwiseIdentifier == null) {
                 pairwiseIdentifier = new PairwiseIdentifier(sectorIdentifierUri, clientId);
                 pairwiseIdentifier.setId(UUID.randomUUID().toString());
                 pairwiseIdentifier.setDn(pairwiseIdentifierService.getDnForPairwiseIdentifier(
                         pairwiseIdentifier.getId(),
                         userInum));
                 pairwiseIdentifierService.addPairwiseIdentifier(userInum, pairwiseIdentifier);
             }
             jwt.getClaims().setSubjectIdentifier(pairwiseIdentifier.getId());
         } else {
             String openidSubAttribute = appConfiguration.getOpenidSubAttribute();
             jwt.getClaims().setSubjectIdentifier(authorizationGrant.getUser().getAttribute(openidSubAttribute));
         }
 
         // If signed, the UserInfo Response SHOULD contain the Claims iss (issuer) and aud (audience) as members. The iss value should be the OP's Issuer Identifier URL. The aud value should be or include the RP's Client ID value.
         jwt.getClaims().setIssuer(appConfiguration.getIssuer());
         jwt.getClaims().setAudience(authorizationGrant.getClientId());
 
         if ((dynamicScopes.size() > 0) && externalDynamicScopeService.isEnabled()) {
             final UnmodifiableAuthorizationGrant unmodifiableAuthorizationGrant = new UnmodifiableAuthorizationGrant(authorizationGrant);
             DynamicScopeExternalContext dynamicScopeContext = new DynamicScopeExternalContext(dynamicScopes, jwt, unmodifiableAuthorizationGrant);
             externalDynamicScopeService.executeExternalUpdateMethods(dynamicScopeContext);
         }
 
         // Signature
         String sharedSecret = clientService.decryptSecret(authorizationGrant.getClient().getClientSecret());
         String signature = cryptoProvider.sign(jwt.getSigningInput(), jwt.getHeader().getKeyId(), sharedSecret, signatureAlgorithm);
         jwt.setEncodedSignature(signature);
 
         return jwt.toString();
     }

◆ requestUserInfo()

Response org.xdi.oxauth.userinfo.ws.rs.UserInfoRestWebServiceImpl.requestUserInfo	(	String	accessToken,
		String	authorization,
		HttpServletRequest	request,
		SecurityContext	securityContext
	)

inline

                                                                                                                                            {
         if (authorization != null && !authorization.isEmpty() && authorization.startsWith("Bearer ")) {
             accessToken = authorization.substring(7);
         }
         log.debug("Attempting to request User Info, Access token = {}, Is Secure = {}",
                 accessToken, securityContext.isSecure());
         Response.ResponseBuilder builder = Response.ok();
 
         OAuth2AuditLog oAuth2AuditLog = new OAuth2AuditLog(ServerUtil.getIpAddress(request), Action.USER_INFO);
 
         try {
             if (!UserInfoParamsValidator.validateParams(accessToken)) {
                 builder = Response.status(400);
                 builder.entity(errorResponseFactory.getErrorAsJson(UserInfoErrorResponseType.INVALID_REQUEST));
             } else {
                 AuthorizationGrant authorizationGrant = authorizationGrantList.getAuthorizationGrantByAccessToken(accessToken);
 
                 if (authorizationGrant == null) {
                     log.trace("Failed to find authorization grant by access_token: " + accessToken);
                     return response(400, UserInfoErrorResponseType.INVALID_TOKEN);
                 }
 
                 final AbstractToken accessTokenObject = authorizationGrant.getAccessToken(accessToken);
                 if (accessTokenObject == null || !accessTokenObject.isValid()) {
                     log.trace("Invalid access token object, access_token: {}, isNull: {}, isValid: {}", accessToken, accessTokenObject == null, accessTokenObject.isValid());
                     return response(400, UserInfoErrorResponseType.INVALID_TOKEN);
                 }
 
                 if (authorizationGrant.getAuthorizationGrantType() == AuthorizationGrantType.CLIENT_CREDENTIALS) {
                     builder = Response.status(403);
                     builder.entity(errorResponseFactory.getErrorAsJson(UserInfoErrorResponseType.INSUFFICIENT_SCOPE));
                 } else if (appConfiguration.getOpenidScopeBackwardCompatibility()
                         && !authorizationGrant.getScopes().contains(DefaultScope.OPEN_ID.toString())
                         && !authorizationGrant.getScopes().contains(DefaultScope.PROFILE.toString())) {
                     builder = Response.status(403);
                     builder.entity(errorResponseFactory.getErrorAsJson(UserInfoErrorResponseType.INSUFFICIENT_SCOPE));
                     oAuth2AuditLog.updateOAuth2AuditLog(authorizationGrant, false);
                 } else if (!appConfiguration.getOpenidScopeBackwardCompatibility()
                         && !authorizationGrant.getScopes().contains(DefaultScope.OPEN_ID.toString())) {
                     builder = Response.status(403);
                     builder.entity(errorResponseFactory.getErrorAsJson(UserInfoErrorResponseType.INSUFFICIENT_SCOPE));
                     oAuth2AuditLog.updateOAuth2AuditLog(authorizationGrant, false);
                 }
                 else {
                     oAuth2AuditLog.updateOAuth2AuditLog(authorizationGrant, true);
                     CacheControl cacheControl = new CacheControl();
                     cacheControl.setPrivate(true);
                     cacheControl.setNoTransform(false);
                     cacheControl.setNoStore(true);
                     builder.cacheControl(cacheControl);
                     builder.header("Pragma", "no-cache");
 
                     User currentUser = authorizationGrant.getUser();
                     try {
                         currentUser = userService.getUserByDn(authorizationGrant.getUserDn());
                     } catch (EntryPersistenceException ex) {
                         log.warn("Failed to reload user entry: '{}'", authorizationGrant.getUserDn());
                     }
 
                     if (authorizationGrant.getClient() != null
                             && authorizationGrant.getClient().getUserInfoEncryptedResponseAlg() != null
                             && authorizationGrant.getClient().getUserInfoEncryptedResponseEnc() != null) {
                         KeyEncryptionAlgorithm keyEncryptionAlgorithm = KeyEncryptionAlgorithm.fromName(authorizationGrant.getClient().getUserInfoEncryptedResponseAlg());
                         BlockEncryptionAlgorithm blockEncryptionAlgorithm = BlockEncryptionAlgorithm.fromName(authorizationGrant.getClient().getUserInfoEncryptedResponseEnc());
                         builder.type("application/jwt");
                         builder.entity(getJweResponse(
                                 keyEncryptionAlgorithm,
                                 blockEncryptionAlgorithm,
                                 currentUser,
                                 authorizationGrant,
                                 authorizationGrant.getScopes()));
                     } else if (authorizationGrant.getClient() != null
                             && authorizationGrant.getClient().getUserInfoSignedResponseAlg() != null) {
                         SignatureAlgorithm algorithm = SignatureAlgorithm.fromString(authorizationGrant.getClient().getUserInfoSignedResponseAlg());
                         builder.type("application/jwt");
                         builder.entity(getJwtResponse(algorithm,
                                 currentUser,
                                 authorizationGrant,
                                 authorizationGrant.getScopes()));
                     } else {
                         builder.type((MediaType.APPLICATION_JSON + ";charset=UTF-8"));
                         builder.entity(getJSonResponse(currentUser,
                                 authorizationGrant,
                                 authorizationGrant.getScopes()));
                     }
                 }
             }
         } catch (Exception e) {
             log.error(e.getMessage(), e);
             builder = Response.status(Response.Status.INTERNAL_SERVER_ERROR.getStatusCode()); // 500
         } finally {
             applicationAuditLogger.sendMessage(oAuth2AuditLog);
         }
 
         return builder.build();
     }

◆ requestUserInfoGet() [1/2]

Response org.xdi.oxauth.userinfo.ws.rs.UserInfoRestWebService.requestUserInfoGet	(	@QueryParam("access_token") @ApiParam(value="OAuth 2.0 Access Token.", required=true) String	accessToken,
		@HeaderParam("Authorization") String	authorization,
		@Context HttpServletRequest	request,
		@Context SecurityContext	securityContext
	)

inherited

◆ requestUserInfoGet() [2/2]

Response org.xdi.oxauth.userinfo.ws.rs.UserInfoRestWebServiceImpl.requestUserInfoGet	(	String	accessToken,
		String	authorization,
		HttpServletRequest	request,
		SecurityContext	securityContext
	)

inline

                                                                                                                                               {
         return requestUserInfo(accessToken, authorization, request, securityContext);
     }

◆ requestUserInfoPost() [1/2]

Response org.xdi.oxauth.userinfo.ws.rs.UserInfoRestWebService.requestUserInfoPost	(	@FormParam("access_token") @ApiParam(value="OAuth 2.0 Access Token.", required=true) String	accessToken,
		@HeaderParam("Authorization") String	authorization,
		@Context HttpServletRequest	request,
		@Context SecurityContext	securityContext
	)

inherited

◆ requestUserInfoPost() [2/2]

Response org.xdi.oxauth.userinfo.ws.rs.UserInfoRestWebServiceImpl.requestUserInfoPost	(	String	accessToken,
		String	authorization,
		HttpServletRequest	request,
		SecurityContext	securityContext
	)

inline

                                                                                                                                                {
         return requestUserInfo(accessToken, authorization, request, securityContext);
     }

◆ response()

Response org.xdi.oxauth.userinfo.ws.rs.UserInfoRestWebServiceImpl.response	(	int	status,
		UserInfoErrorResponseType	errorResponseType
	)

inlineprivate

                                                                                        {
         return Response.status(status).entity(errorResponseFactory.getErrorAsJson(errorResponseType)).build();
     }

◆ validateRequesteClaim()

boolean org.xdi.oxauth.userinfo.ws.rs.UserInfoRestWebServiceImpl.validateRequesteClaim	(	GluuAttribute	gluuAttribute,
		String []	clientAllowedClaims,
		Collection< String >	scopes
	)

inline

                                                                                                                                {
         if (gluuAttribute != null) {
             if (clientAllowedClaims != null) {
                 for (int i = 0; i < clientAllowedClaims.length; i++) {
                     if (gluuAttribute.getDn().equals(clientAllowedClaims[i])) {
                         return true;
                     }
                 }
             }
 
             for (String scopeName : scopes) {
                 org.xdi.oxauth.model.common.Scope scope = scopeService.getScopeByDisplayName(scopeName);
 
                 if (scope != null && scope.getOxAuthClaims() != null) {
                     for (String claimDn : scope.getOxAuthClaims()) {
                         if (gluuAttribute.getDisplayName().equals(attributeService.getAttributeByDn(claimDn).getDisplayName())) {
                             return true;
                         }
                     }
                 }
             }
         }
 
         return false;
     }

メンバ詳解

◆ appConfiguration

AppConfiguration org.xdi.oxauth.userinfo.ws.rs.UserInfoRestWebServiceImpl.appConfiguration

private

◆ applicationAuditLogger

ApplicationAuditLogger org.xdi.oxauth.userinfo.ws.rs.UserInfoRestWebServiceImpl.applicationAuditLogger

private

◆ attributeService

AttributeService org.xdi.oxauth.userinfo.ws.rs.UserInfoRestWebServiceImpl.attributeService

private

◆ authorizationGrantList

AuthorizationGrantList org.xdi.oxauth.userinfo.ws.rs.UserInfoRestWebServiceImpl.authorizationGrantList

private

◆ clientService

ClientService org.xdi.oxauth.userinfo.ws.rs.UserInfoRestWebServiceImpl.clientService

private

◆ errorResponseFactory

ErrorResponseFactory org.xdi.oxauth.userinfo.ws.rs.UserInfoRestWebServiceImpl.errorResponseFactory

private

◆ externalDynamicScopeService

ExternalDynamicScopeService org.xdi.oxauth.userinfo.ws.rs.UserInfoRestWebServiceImpl.externalDynamicScopeService

private

◆ log

Logger org.xdi.oxauth.userinfo.ws.rs.UserInfoRestWebServiceImpl.log

private

◆ pairwiseIdentifierService

PairwiseIdentifierService org.xdi.oxauth.userinfo.ws.rs.UserInfoRestWebServiceImpl.pairwiseIdentifierService

private

◆ scopeService

ScopeService org.xdi.oxauth.userinfo.ws.rs.UserInfoRestWebServiceImpl.scopeService

private

◆ userService

UserService org.xdi.oxauth.userinfo.ws.rs.UserInfoRestWebServiceImpl.userService

private

◆ webKeysConfiguration

WebKeysConfiguration org.xdi.oxauth.userinfo.ws.rs.UserInfoRestWebServiceImpl.webKeysConfiguration

private

このクラス詳解は次のファイルから抽出されました:

D:/AppData/OpenId/gluu/src/oxAuth/Server/src/main/java/org/xdi/oxauth/userinfo/ws/rs/UserInfoRestWebServiceImpl.java

非公開変数類
Logger	log

ApplicationAuditLogger	applicationAuditLogger

ErrorResponseFactory	errorResponseFactory

AuthorizationGrantList	authorizationGrantList

ClientService	clientService

ScopeService	scopeService

AttributeService	attributeService

UserService	userService

ExternalDynamicScopeService	externalDynamicScopeService

PairwiseIdentifierService	pairwiseIdentifierService

AppConfiguration	appConfiguration

WebKeysConfiguration	webKeysConfiguration

公開メンバ関数

非公開メンバ関数

非公開変数類

詳解

関数詳解

◆ getClaims()

◆ getJSonResponse()

◆ getJweResponse()

◆ getJwtResponse()

◆ requestUserInfo()

◆ requestUserInfoGet() [1/2]

◆ requestUserInfoGet() [2/2]

◆ requestUserInfoPost() [1/2]

◆ requestUserInfoPost() [2/2]

◆ response()

◆ validateRequesteClaim()

メンバ詳解

◆ appConfiguration

◆ applicationAuditLogger

◆ attributeService

◆ authorizationGrantList

◆ clientService

◆ errorResponseFactory

◆ externalDynamicScopeService

◆ log

◆ pairwiseIdentifierService

◆ scopeService

◆ userService

◆ webKeysConfiguration