org.gluu.oxtrust.service.uma.ScimUmaProtectionService の継承関係図

org.gluu.oxtrust.service.uma.ScimUmaProtectionService 連携図

公開メンバ関数
String	getUmaResourceId ()

String	getUmaScope ()

boolean	isEnabled ()

Response	processAuthorization (HttpHeaders headers, ResourceInfo resourceInfo)

Token	getPatToken () throws UmaProtectionException

boolean	isExistPatToken ()

List< String >	getRequestedScopes (ResourceInfo resourceInfo)

限定公開メンバ関数
String	getClientId ()

String	getClientKeyStorePassword ()

String	getClientKeyStoreFile ()

String	getClientKeyId ()

boolean	isEnabledUmaAuthentication ()

long	computeAccessTokenExpirationTime (Integer expiresIn)

Response	getErrorResponse (Response.Status status, String detail)

限定公開変数類
UmaPermissionService	umaPermissionService

関数
Response	processUmaAuthorization (String authorization, ResourceInfo resourceInfo) throws Exception

非公開メンバ関数
boolean	isScimEnabled ()

Response	processTestModeAuthorization (String token) throws Exception

非公開変数類
Logger	log

AppConfiguration	appConfiguration

ApplianceService	applianceService

JsonConfigurationService	jsonConfigurationService

OpenIdService	openIdService

静的非公開変数類
static final long	serialVersionUID = -5447131971095468865L

詳解

Provides service to protect SCIM UMA Rest service endpoints

著者: Yuriy Movchan Date: 12/06/2016

関数詳解

◆ computeAccessTokenExpirationTime()

long org.gluu.oxtrust.service.uma.BaseUmaProtectionService.computeAccessTokenExpirationTime ( Integer expiresIn )

inlineprotectedinherited

                                                                            {
                 // Compute "accessToken" expiration timestamp
                 Calendar calendar = Calendar.getInstance();
                 if (expiresIn != null) {
                         calendar.add(Calendar.SECOND, expiresIn);
                         calendar.add(Calendar.SECOND, -10); // Subtract 10 seconds to avoid expirations during executing request
                 }
 
                 return calendar.getTimeInMillis();
         }

◆ getClientId()

String org.gluu.oxtrust.service.uma.ScimUmaProtectionService.getClientId ( )

inlineprotected

                                        {
                 return appConfiguration.getScimUmaClientId();
         }

◆ getClientKeyId()

String org.gluu.oxtrust.service.uma.ScimUmaProtectionService.getClientKeyId ( )

inlineprotected

                                           {
                 return appConfiguration.getScimUmaClientKeyId();
         }

◆ getClientKeyStoreFile()

String org.gluu.oxtrust.service.uma.ScimUmaProtectionService.getClientKeyStoreFile ( )

inlineprotected

                                                  {
                 return appConfiguration.getScimUmaClientKeyStoreFile();
         }

◆ getClientKeyStorePassword()

String org.gluu.oxtrust.service.uma.ScimUmaProtectionService.getClientKeyStorePassword ( )

inlineprotected

                                                      {
                 return appConfiguration.getScimUmaClientKeyStorePassword();
         }

◆ getErrorResponse()

Response org.gluu.oxtrust.service.uma.BaseUmaProtectionService.getErrorResponse	(	Response.Status	status,
		String	detail
	)

inlineprotectedinherited

                                                                                {
         return Response.status(status).entity(detail).build();
     }

◆ getPatToken()

Token org.gluu.oxtrust.service.uma.BaseUmaProtectionService.getPatToken ( ) throws UmaProtectionException

inlineinherited

                                                                  {
                 if (isValidPatToken(this.umaPat, this.umaPatAccessTokenExpiration)) {
                         return this.umaPat;
                 }
 
                 lock.lock();
                 try {
                         if (isValidPatToken(this.umaPat, this.umaPatAccessTokenExpiration)) {
                                 return this.umaPat;
                         }
 
                         retrievePatToken();
                 } finally {
                   lock.unlock();
                 }
 
 
                 return this.umaPat;
         }

◆ getRequestedScopes()

List<String> org.gluu.oxtrust.service.uma.BaseUmaProtectionService.getRequestedScopes ( ResourceInfo resourceInfo )

inlineinherited

                                                                           {
                 Class<?> resourceClass = resourceInfo.getResourceClass();
                 ProtectedApi typeAnnotation = resourceClass.getAnnotation(ProtectedApi.class);
                 if (typeAnnotation == null) {
                         return Collections.emptyList();
                 }
 
                 List<String> scopes = new ArrayList<String>();
                 scopes.addAll(getResourceScopes(typeAnnotation.scopes()));
 
                 Method resourceMethod = resourceInfo.getResourceMethod();
                 ProtectedApi methodAnnotation = resourceMethod.getAnnotation(ProtectedApi.class);
                 if (methodAnnotation != null) {
                         scopes.addAll(getResourceScopes(methodAnnotation.scopes()));
                 }
 
                 return scopes;
         }

◆ getUmaResourceId()

String org.gluu.oxtrust.service.uma.ScimUmaProtectionService.getUmaResourceId ( )

inline

                                          {
                 return appConfiguration.getScimUmaResourceId();
         }

◆ getUmaScope()

String org.gluu.oxtrust.service.uma.ScimUmaProtectionService.getUmaScope ( )

inline

                                     {
                 return appConfiguration.getScimUmaScope();
         }

◆ isEnabled()

boolean org.gluu.oxtrust.service.uma.ScimUmaProtectionService.isEnabled ( )

inline

                                    {
                 return isScimEnabled() && isEnabledUmaAuthentication();
         }

◆ isEnabledUmaAuthentication()

boolean org.gluu.oxtrust.service.uma.BaseUmaProtectionService.isEnabledUmaAuthentication ( )

inlineprotectedinherited

                                                        {
         return (umaMetadata != null) && isExistPatToken();
         }

◆ isExistPatToken()

boolean org.gluu.oxtrust.service.uma.BaseUmaProtectionService.isExistPatToken ( )

inlineinherited

                                          {
                 try {
                         return getPatToken() != null;
                 } catch (UmaProtectionException ex) {
                         log.error("Failed to check UMA PAT token status", ex);
                 }
 
                 return false;
         }

◆ isScimEnabled()

boolean org.gluu.oxtrust.service.uma.ScimUmaProtectionService.isScimEnabled ( )

inlineprivate

                                         {
                 GluuAppliance appliance = applianceService.getAppliance();
                 GluuBoolean scimEnabled = appliance.getScimEnabled();
                 
                 return GluuBoolean.ENABLED.equals(scimEnabled) || GluuBoolean.TRUE.equals(scimEnabled);
         }

◆ processAuthorization()

Response org.gluu.oxtrust.service.uma.ScimUmaProtectionService.processAuthorization	(	HttpHeaders	headers,
		ResourceInfo	resourceInfo
	)

inline

This method checks whether the authorization header is present and valid before scim service methods can be actually called.

引数

headers	An object holding HTTP headers
uriInfo	An object that allows access to request URI information

戻り値: A null value if the authorization was successful, otherwise a Response object is returned signaling an authorization error

                                                                                             {
 
         //Comment this method body if you want to skip the authorization check and proceed straight to use your SCIM service.
         //This is useful under certain circumstances while doing development
         //log.warn("Bypassing protection TEMPORARILY");
 
         Response authorizationResponse = null;
         String authorization = headers.getHeaderString("Authorization");
         log.info("==== SCIM Service call intercepted ====");
         log.info("Authorization header {} found", StringUtils.isEmpty(authorization) ? "not" : "");
 
         try {
             //Test mode may be removed in upcoming versions of Gluu Server...
             if (jsonConfigurationService.getOxTrustappConfiguration().isScimTestMode()) {
                 log.info("SCIM Test Mode is ACTIVE");
                 authorizationResponse = processTestModeAuthorization(authorization);
             }
             else
             if (isEnabled()){
                 log.info("SCIM is protected by UMA");
                 authorizationResponse = processUmaAuthorization(authorization, resourceInfo);
             }
             else{
                 log.info("Please activate UMA or test mode to protect your SCIM endpoints. Read the Gluu SCIM docs to learn more");
                 authorizationResponse= getErrorResponse(Response.Status.UNAUTHORIZED, "SCIM API not protected");
             }
         }
         catch (Exception e){
             log.error(e.getMessage(), e);
             authorizationResponse=getErrorResponse(Response.Status.INTERNAL_SERVER_ERROR, e.getMessage());
         }
         return authorizationResponse;
 
     }

◆ processTestModeAuthorization()

Response org.gluu.oxtrust.service.uma.ScimUmaProtectionService.processTestModeAuthorization ( String token ) throws Exception

inlineprivate

                                                                                  {
 
         Response response = null;
 
         if (StringUtils.isNotEmpty(token)) {
             token=token.replaceFirst("Bearer\\s+","");
             log.debug("Validating token {}", token);
 
             String clientInfoEndpoint=openIdService.getOpenIdConfiguration().getClientInfoEndpoint();
             ClientInfoClient clientInfoClient = new ClientInfoClient(clientInfoEndpoint);
             ClientInfoResponse clientInfoResponse = clientInfoClient.execClientInfo(token);
 
             if (clientInfoResponse.getErrorType()!=null) {
                 response=getErrorResponse(Response.Status.UNAUTHORIZED, "Invalid token "+ token);
                 log.debug("Error validating access token: {}", clientInfoResponse.getErrorDescription());
             }
         }
         else{
             log.info("Request is missing authorization header");
             //see section 3.12 RFC 7644
             response = getErrorResponse(Response.Status.INTERNAL_SERVER_ERROR, "No authorization header found");
         }
         return response;
 
     }

◆ processUmaAuthorization()

Response org.gluu.oxtrust.service.uma.BaseUmaProtectionService.processUmaAuthorization	(	String	authorization,
		ResourceInfo	resourceInfo
	)		throws Exception

inlinepackageinherited

                                                                                                        {
                 List<String> scopes = getRequestedScopes(resourceInfo);
 
         Token patToken = null;
         try {
             patToken = getPatToken();
         }
         catch (UmaProtectionException ex) {
             return getErrorResponse(Response.Status.INTERNAL_SERVER_ERROR, "Failed to obtain PAT token");
         }
 
         Pair<Boolean, Response> rptTokenValidationResult;
         if (scopes.isEmpty()) {
                 rptTokenValidationResult = umaPermissionService.validateRptToken(patToken, authorization, getUmaResourceId(), scopes);
         } else {
                 rptTokenValidationResult = umaPermissionService.validateRptToken(patToken, authorization, getUmaResourceId(), getUmaScope());
         }
 
         if (rptTokenValidationResult.getFirst()) {
             if (rptTokenValidationResult.getSecond() != null) {
                 return rptTokenValidationResult.getSecond();
             }
         }
         else {
             return getErrorResponse(Response.Status.UNAUTHORIZED, "Invalid GAT/RPT token");
         }
         return null;
 
     }

メンバ詳解

◆ appConfiguration

AppConfiguration org.gluu.oxtrust.service.uma.ScimUmaProtectionService.appConfiguration

private

◆ applianceService

ApplianceService org.gluu.oxtrust.service.uma.ScimUmaProtectionService.applianceService

private

◆ jsonConfigurationService

JsonConfigurationService org.gluu.oxtrust.service.uma.ScimUmaProtectionService.jsonConfigurationService

private

◆ log

Logger org.gluu.oxtrust.service.uma.ScimUmaProtectionService.log

private

◆ openIdService

OpenIdService org.gluu.oxtrust.service.uma.ScimUmaProtectionService.openIdService

private

◆ serialVersionUID

final long org.gluu.oxtrust.service.uma.ScimUmaProtectionService.serialVersionUID = -5447131971095468865L

staticprivate

◆ umaPermissionService

UmaPermissionService org.gluu.oxtrust.service.uma.BaseUmaProtectionService.umaPermissionService

protectedinherited

このクラス詳解は次のファイルから抽出されました:

D:/AppData/OpenId/gluu/src/oxTrust/server/src/main/java/org/gluu/oxtrust/service/uma/ScimUmaProtectionService.java

公開メンバ関数

限定公開メンバ関数

限定公開変数類

関数

非公開メンバ関数

非公開変数類

静的非公開変数類

詳解

関数詳解

◆ computeAccessTokenExpirationTime()

◆ getClientId()

◆ getClientKeyId()

◆ getClientKeyStoreFile()

◆ getClientKeyStorePassword()

◆ getErrorResponse()

◆ getPatToken()

◆ getRequestedScopes()

◆ getUmaResourceId()

◆ getUmaScope()

◆ isEnabled()

◆ isEnabledUmaAuthentication()

◆ isExistPatToken()

◆ isScimEnabled()

◆ processAuthorization()

◆ processTestModeAuthorization()

◆ processUmaAuthorization()

メンバ詳解

◆ appConfiguration

◆ applianceService

◆ jsonConfigurationService

◆ log

◆ openIdService

◆ serialVersionUID

◆ umaPermissionService