org.xdi.oxauth.uma.service.UmaTokenService クラス

org.xdi.oxauth.uma.service.UmaTokenService 連携図

公開メンバ関数
Response	requestRpt (String grantType, String ticket, String claimToken, String claimTokenFormat, String pctCode, String rptCode, String scope, HttpServletRequest httpRequest)

非公開メンバ関数
void	addPctToPermissions (List< UmaPermission > permissions, UmaPCT pct)
void	updatePermissionsWithClientRequestedScope (List< UmaPermission > permissions, Map< UmaScopeDescription, Boolean > scopes)

非公開変数類
Logger	log
Identity	identity
ErrorResponseFactory	errorResponseFactory
UmaRptService	rptService
UmaPctService	pctService
UmaPermissionService	permissionService
UmaValidationService	umaValidationService
ClientService	clientService
TokenService	tokenService
AppConfiguration	appConfiguration
WebKeysConfiguration	webKeysConfiguration
UmaNeedsInfoService	umaNeedsInfoService
ExternalUmaRptPolicyService	policyService
UmaExpressionService	expressionService

詳解

UMA Token Service

関数詳解

addPctToPermissions()

void org.xdi.oxauth.uma.service.UmaTokenService.addPctToPermissions ( List< UmaPermission >  permissions, UmaPCT  pct  )

inlineprivate

                                                                                  {
        for (UmaPermission p : permissions) {
            p.getAttributes().put(UmaPermission.PCT, pct.getCode());
            permissionService.mergeSilently(p);
        }
    }

requestRpt()

Response org.xdi.oxauth.uma.service.UmaTokenService.requestRpt ( String  grantType, String  ticket, String  claimToken, String  claimTokenFormat, String  pctCode, String  rptCode, String  scope, HttpServletRequest  httpRequest  )

inline

                                            {
        try {
            log.trace("requestRpt grant_type: {}, ticket: {}, claim_token: {}, claim_token_format: {}, pct: {}, rpt: {}, scope: {}"
                    , grantType, ticket, claimToken, claimTokenFormat, pctCode, rptCode, scope);

            umaValidationService.validateGrantType(grantType);
            List<UmaPermission> permissions = umaValidationService.validateTicket(ticket);
            Jwt idToken = umaValidationService.validateClaimToken(claimToken, claimTokenFormat);
            UmaPCT pct = umaValidationService.validatePct(pctCode);
            UmaRPT rpt = umaValidationService.validateRPT(rptCode);
            Map<UmaScopeDescription, Boolean> scopes = umaValidationService.validateScopes(scope, permissions);
            Client client = identity.getSessionClient().getClient();

            if (client != null && client.isDisabled()) {
                throw new UmaWebException(Response.Status.FORBIDDEN, errorResponseFactory, UmaErrorResponseType.DISABLED_CLIENT);
            }

            pct = pctService.updateClaims(pct, idToken, client.getClientId(), permissions); // creates new pct if pct is null in request
            Claims claims = new Claims(idToken, pct, claimToken);

            Map<UmaScriptByScope, UmaAuthorizationContext> scriptMap = umaNeedsInfoService.checkNeedsInfo(claims, scopes, permissions, pct, httpRequest, client);

            if (!scriptMap.isEmpty()) {
                expressionService.evaluate(scriptMap, permissions);
            } else {
                log.warn("There are no any policies that protects scopes. Scopes: " + UmaScopeService.asString(scopes.keySet()) + ". Configuration property umaGrantAccessIfNoPolicies: " + appConfiguration.getUmaGrantAccessIfNoPolicies());

                if (appConfiguration.getUmaGrantAccessIfNoPolicies() != null && appConfiguration.getUmaGrantAccessIfNoPolicies()) {
                    log.warn("Access granted because there are no any protection. Make sure it is intentional behavior.");
                } else {
                    log.warn("Access denied because there are no any protection. Make sure it is intentional behavior.");
                    throw new UmaWebException(Response.Status.FORBIDDEN, errorResponseFactory, UmaErrorResponseType.FORBIDDEN_BY_POLICY);
                }
            }

            log.trace("Access granted.");

            final boolean upgraded;
            if (rpt == null) {
                rpt = rptService.createRPTAndPersist(client.getClientId());
                upgraded = false;
            } else {
                upgraded = true;
            }

            updatePermissionsWithClientRequestedScope(permissions, scopes);
            addPctToPermissions(permissions, pct);
            rptService.addPermissionToRPT(rpt, permissions);

            UmaTokenResponse response = new UmaTokenResponse();
            response.setAccessToken(rpt.getCode());
            response.setUpgraded(upgraded);
            response.setTokenType("Bearer");
            response.setPct(pct.getCode());

            return Response.ok(ServerUtil.asJson(response)).build();
        } catch (Exception ex) {
            log.error("Exception happened", ex);
            if (ex instanceof WebApplicationException) {
                throw (WebApplicationException) ex;
            }
        }

        log.error("Failed to handle request to UMA Token Endpoint.");
        throw new UmaWebException(Response.Status.INTERNAL_SERVER_ERROR, errorResponseFactory, UmaErrorResponseType.SERVER_ERROR);
    }

updatePermissionsWithClientRequestedScope()

void org.xdi.oxauth.uma.service.UmaTokenService.updatePermissionsWithClientRequestedScope ( List< UmaPermission >  permissions, Map< UmaScopeDescription, Boolean >  scopes  )

inlineprivate

                                                                                                                                      {
        log.trace("Updating permissions with requested scopes ...");
        for (UmaPermission permission : permissions) {
            Set<String> scopeDns = new HashSet<String>(permission.getScopeDns());

            for (Map.Entry<UmaScopeDescription, Boolean> entry : scopes.entrySet()) {
                log.trace("Updating permissions with scope: " + entry.getKey().getId() + ", isRequestedScope: " + entry.getValue() + ", permisson: " + permission.getDn());
                scopeDns.add(entry.getKey().getDn());
            }

            permission.setScopeDns(new ArrayList<String>(scopeDns));
        }
    }

メンバ詳解

appConfiguration

AppConfiguration org.xdi.oxauth.uma.service.UmaTokenService.appConfiguration

private

clientService

ClientService org.xdi.oxauth.uma.service.UmaTokenService.clientService

private

errorResponseFactory

ErrorResponseFactory org.xdi.oxauth.uma.service.UmaTokenService.errorResponseFactory

private

expressionService

UmaExpressionService org.xdi.oxauth.uma.service.UmaTokenService.expressionService

private

identity

Identity org.xdi.oxauth.uma.service.UmaTokenService.identity

private

log

Logger org.xdi.oxauth.uma.service.UmaTokenService.log

private

pctService

UmaPctService org.xdi.oxauth.uma.service.UmaTokenService.pctService

private

permissionService

UmaPermissionService org.xdi.oxauth.uma.service.UmaTokenService.permissionService

private

policyService

ExternalUmaRptPolicyService org.xdi.oxauth.uma.service.UmaTokenService.policyService

private

rptService

UmaRptService org.xdi.oxauth.uma.service.UmaTokenService.rptService

private

tokenService

TokenService org.xdi.oxauth.uma.service.UmaTokenService.tokenService

private

umaNeedsInfoService

UmaNeedsInfoService org.xdi.oxauth.uma.service.UmaTokenService.umaNeedsInfoService

private

umaValidationService

UmaValidationService org.xdi.oxauth.uma.service.UmaTokenService.umaValidationService

private

webKeysConfiguration

WebKeysConfiguration org.xdi.oxauth.uma.service.UmaTokenService.webKeysConfiguration

private

---

このクラス詳解は次のファイルから抽出されました:

• D:/AppData/OpenId/gluu/src/oxAuth/Server/src/main/java/org/xdi/oxauth/uma/service/UmaTokenService.java