org.xdi.oxd.server.op.RsCheckAccessOperation クラス

org.xdi.oxd.server.op.RsCheckAccessOperation の継承関係図

org.xdi.oxd.server.op.RsCheckAccessOperation 連携図

公開メンバ関数
CommandResponse	execute (final RsCheckAccessParams params) throws Exception
Class< T >	getParameterClass ()
T	getParams ()
Injector	getInjector ()
HttpService	getHttpService ()
IntrospectionService	getIntrospectionService ()
PublicOpKeyService	getKeyService ()
StateService	getStateService ()
LicenseService	getLicenseService ()
DiscoveryService	getDiscoveryService ()
UmaTokenService	getUmaTokenService ()
RpService	getRpService ()
ConfigurationService	getConfigurationService ()
OxAuthCryptoProvider	getCryptoProvider () throws Exception
Rp	getRp ()
ValidationService	getValidationService ()
Command	getCommand ()
CommandResponse	okResponse (IOpResponse p_data)

限定公開メンバ関数
	RsCheckAccessOperation (Command command, final Injector injector)

関数
public< T > T	getInstance (Class< T > type)

非公開メンバ関数
void	validate (RsCheckAccessParams params)

静的非公開変数類
static final Logger	LOG = LoggerFactory.getLogger(RsCheckAccessOperation.class)

詳解

著者

Yuriy Zabrovarnyy

バージョン

0.9, 31/05/2016

構築子と解体子

RsCheckAccessOperation()

org.xdi.oxd.server.op.RsCheckAccessOperation.RsCheckAccessOperation ( Command  command, final Injector  injector  )

inlineprotected

Constructor

引数

command

command

                                                                               {
        super(command, injector, RsCheckAccessParams.class);
    }

関数詳解

execute()

CommandResponse org.xdi.oxd.server.op.RsCheckAccessOperation.execute ( final RsCheckAccessParams  params ) throws Exception

inline

                                                                                      {
        validate(params);

        Rp site = getRp();
        UmaResource resource = site.umaResource(params.getPath(), params.getHttpMethod());
        if (resource == null) {
            final ErrorResponse error = new ErrorResponse("invalid_request");
            error.setErrorDescription("Resource is not protected with path: " + params.getPath() + " and httpMethod: " + params.getHttpMethod() +
                    ". Please protect your resource first with uma_rs_protect command. Check details on " + ConfigurationService.DOC_URL);
            LOG.error(error.getErrorDescription());
            return CommandResponse.error().setData(new POJONode(error));
        }

        PatProvider patProvider = new PatProvider() {
            @Override
            public String getPatToken() {
                return getUmaTokenService().getPat(params.getOxdId()).getToken();
            }

            @Override
            public void clearPat() {
                // do nothing
            }
        };

        CorrectRptIntrospectionResponse status = getIntrospectionService().introspectRpt(params.getOxdId(), params.getRpt());

        LOG.trace("RPT: " + params.getRpt() + ", status: " + status);

        if (!Strings.isNullOrEmpty(params.getRpt()) && status != null && status.getActive() && status.getPermissions() != null) {
            for (CorrectUmaPermission permission : status.getPermissions()) {
                List<String> requiredScopes = resource.getScopes();

                if (requiredScopes.isEmpty()) {
                    LOG.trace("Not scopes in resource:" + resource + ", oxdId: " + params.getOxdId());
                    if (!resource.getScopeExpressions().isEmpty() && JsonLogicNodeParser.isNodeValid(resource.getScopeExpressions().get(0))) {
                        requiredScopes = JsonLogicNodeParser.parseNode(resource.getScopeExpressions().get(0)).getData();
                        LOG.trace("Set requiredScope from scope expression.");
                    }
                }

                boolean containsAny = !Collections.disjoint(requiredScopes, permission.getScopes());

                LOG.trace("containsAny: " + containsAny + ", requiredScopes: " + requiredScopes + ", permissionScopes: " + permission.getScopes());

                if (containsAny) {
                    if ((permission.getResourceId() != null && permission.getResourceId().equals(resource.getId()))) { // normal UMA
                        LOG.debug("RPT has enough permissions, access GRANTED. Path: " + params.getPath() + ", httpMethod:" + params.getHttpMethod() + ", site: " + site);
                        return okResponse(new RsCheckAccessResponse("granted"));
                    }
                }
            }
        }

        List<String> scopes = resource.getTicketScopes();
        if (scopes.isEmpty()) {
            scopes = resource.getScopes();
        }

        final RptPreProcessInterceptor rptInterceptor = new RptPreProcessInterceptor(new ResourceRegistrar(patProvider, new ServiceProvider(site.getOpHost())));
        Response response = null;
        try {
            LOG.trace("Try to register ticket, scopes: " + scopes + ", resourceId: " + resource.getId());
            response = rptInterceptor.registerTicketResponse(scopes, resource.getId());
        } catch (ClientResponseFailure e) {
            LOG.debug("Failed to register ticket. Entity: " + e.getResponse().getEntity(String.class) + ", status: " + e.getResponse().getStatus(), e);
            if (e.getResponse().getStatus() == 400 || e.getResponse().getStatus() == 401) {
                LOG.debug("Try maybe PAT is lost on AS, force refresh PAT and request ticket again ...");
                getUmaTokenService().obtainPat(params.getOxdId()); // force to refresh PAT
                response = rptInterceptor.registerTicketResponse(scopes, resource.getId());
            } else {
                throw e;
            }
        }

        RsCheckAccessResponse opResponse = new RsCheckAccessResponse("denied");
        opResponse.setWwwAuthenticateHeader((String) response.getMetadata().getFirst("WWW-Authenticate"));
        opResponse.setTicket(((PermissionTicket) response.getEntity()).getTicket());
        LOG.debug("Access denied for path: " + params.getPath() + " and httpMethod: " + params.getHttpMethod() + ". Ticket is registered: " + opResponse);

        return okResponse(opResponse);
    }

getCommand()

Command org.xdi.oxd.server.op.BaseOperation< T extends IParams >.getCommand ( )

inlineinherited

Returns command

戻り値

command

                                {
        return command;
    }

getConfigurationService()

ConfigurationService org.xdi.oxd.server.op.BaseOperation< T extends IParams >.getConfigurationService ( )

inlineinherited

                                                          {
        return getInstance(ConfigurationService.class);
    }

getCryptoProvider()

OxAuthCryptoProvider org.xdi.oxd.server.op.BaseOperation< T extends IParams >.getCryptoProvider ( ) throws Exception

inlineinherited

                                                                     {
        OxdServerConfiguration conf = getConfigurationService().get();
        return new OxAuthCryptoProvider(conf.getCryptProviderKeyStorePath(), conf.getCryptProviderKeyStorePassword(), conf.getCryptProviderDnName());
    }

getDiscoveryService()

DiscoveryService org.xdi.oxd.server.op.BaseOperation< T extends IParams >.getDiscoveryService ( )

inlineinherited

                                                  {
        return getInstance(DiscoveryService.class);
    }

getHttpService()

HttpService org.xdi.oxd.server.op.BaseOperation< T extends IParams >.getHttpService ( )

inlineinherited

                                        {
        return getInstance(HttpService.class);
    }

getInjector()

Injector org.xdi.oxd.server.op.BaseOperation< T extends IParams >.getInjector ( )

inlineinherited

Gets injector.

戻り値

injector

                                  {
        return injector;
    }

getInstance()

public<T> T org.xdi.oxd.server.op.BaseOperation< T extends IParams >.getInstance ( Class< T >  type )

inlinepackageinherited

                                            {
        return injector.getInstance(type);
    }

getIntrospectionService()

IntrospectionService org.xdi.oxd.server.op.BaseOperation< T extends IParams >.getIntrospectionService ( )

inlineinherited

                                                          {
        return getInstance(IntrospectionService.class);
    }

getKeyService()

PublicOpKeyService org.xdi.oxd.server.op.BaseOperation< T extends IParams >.getKeyService ( )

inlineinherited

                                              {
        return getInstance(PublicOpKeyService.class);
    }

getLicenseService()

LicenseService org.xdi.oxd.server.op.BaseOperation< T extends IParams >.getLicenseService ( )

inlineinherited

                                              {
        return getInstance(LicenseService.class);
    }

getParameterClass()

Class<T> org.xdi.oxd.server.op.BaseOperation< T extends IParams >.getParameterClass ( )

inlineinherited

                                        {
        return parameterClass;
    }

getParams()

T org.xdi.oxd.server.op.BaseOperation< T extends IParams >.getParams ( )

inlineinherited

                         {
        return params;
    }

getRp()

Rp org.xdi.oxd.server.op.BaseOperation< T extends IParams >.getRp ( )

inlineinherited

                      {
        if (params instanceof HasOxdIdParams) {
            getValidationService().validate((HasOxdIdParams) params);
            HasOxdIdParams hasOxdId = (HasOxdIdParams) params;
            return getRpService().getRp(hasOxdId.getOxdId());
        }
        throw new ErrorResponseException(ErrorResponseCode.BAD_REQUEST_NO_OXD_ID);
    }

getRpService()

RpService org.xdi.oxd.server.op.BaseOperation< T extends IParams >.getRpService ( )

inlineinherited

                                    {
        return getInstance(RpService.class);
    }

getStateService()

StateService org.xdi.oxd.server.op.BaseOperation< T extends IParams >.getStateService ( )

inlineinherited

                                          {
        return getInstance(StateService.class);
    }

getUmaTokenService()

UmaTokenService org.xdi.oxd.server.op.BaseOperation< T extends IParams >.getUmaTokenService ( )

inlineinherited

                                                {
        return getInstance(UmaTokenService.class);
    }

getValidationService()

ValidationService org.xdi.oxd.server.op.BaseOperation< T extends IParams >.getValidationService ( )

inlineinherited

                                                    {
        return getInstance(ValidationService.class);
    }

okResponse()

CommandResponse org.xdi.oxd.server.op.BaseOperation< T extends IParams >.okResponse ( IOpResponse  p_data )

inlineinherited

Ok response for operation

引数

p_data

response

戻り値

ok response with data

                                                          {
        if (p_data == null) {
            return CommandResponse.createInternalError();
        }
        return CommandResponse.ok().setData(new POJONode(p_data));
    }

validate()

void org.xdi.oxd.server.op.RsCheckAccessOperation.validate ( RsCheckAccessParams  params )

inlineprivate

                                                      {
        if (Strings.isNullOrEmpty(params.getHttpMethod())) {
            throw new ErrorResponseException(ErrorResponseCode.NO_UMA_HTTP_METHOD);
        }
        if (Strings.isNullOrEmpty(params.getPath())) {
            throw new ErrorResponseException(ErrorResponseCode.NO_UMA_PATH_PARAMETER);
        }
    }

メンバ詳解

LOG

final Logger org.xdi.oxd.server.op.RsCheckAccessOperation.LOG = LoggerFactory.getLogger(RsCheckAccessOperation.class)

staticprivate

---

このクラス詳解は次のファイルから抽出されました:

• D:/AppData/OpenId/gluu/src/oxd/oxd-server/src/main/java/org/xdi/oxd/server/op/RsCheckAccessOperation.java