org.xdi.oxauth.introspection.ws.rs.IntrospectionWebService クラス

org.xdi.oxauth.introspection.ws.rs.IntrospectionWebService 連携図

公開メンバ関数
Response	introspectGet (@HeaderParam("Authorization") String p_authorization, @QueryParam("token") String p_token, @QueryParam("token_type_hint") String tokenTypeHint)
Response	introspectPost (@HeaderParam("Authorization") String p_authorization, @FormParam("token") String p_token, @FormParam("token_type_hint") String tokenTypeHint)

非公開メンバ関数
Response	introspect (String p_authorization, String p_token, String tokenTypeHint)
AuthorizationGrant	getAuthorizationGrant (String authorization, String accessToken) throws UnsupportedEncodingException

非公開変数類
Logger	log
AppConfiguration	appConfiguration
TokenService	tokenService
ErrorResponseFactory	errorResponseFactory
AuthorizationGrantList	authorizationGrantList
ClientService	clientService

詳解

著者

Yuriy Zabrovarnyy

バージョン

June 30, 2018

関数詳解

getAuthorizationGrant()

AuthorizationGrant org.xdi.oxauth.introspection.ws.rs.IntrospectionWebService.getAuthorizationGrant ( String  authorization, String  accessToken  ) throws UnsupportedEncodingException

inlineprivate

                                                                                                                                   {
        AuthorizationGrant grant = tokenService.getAuthorizationGrantByPrefix(authorization, "Bearer ");
        if (grant != null) {
            final String authorizationAccessToken = authorization.substring("Bearer ".length());
            final AbstractToken accessTokenObject = grant.getAccessToken(authorizationAccessToken);
            if (accessTokenObject != null && accessTokenObject.isValid()) {
                return grant;
            } else {
                log.error("Access token is not valid: " + authorizationAccessToken);
                return null;
            }
        }

        grant = tokenService.getAuthorizationGrantByPrefix(authorization, "Basic ");
        if (grant != null) {
            return grant;
        }
        if (StringUtils.startsWithIgnoreCase(authorization, "Basic ")) {

            String encodedCredentials = authorization.substring("Basic ".length());

            String token = new String(Base64.decodeBase64(encodedCredentials), Util.UTF8_STRING_ENCODING);

            int delim = token.indexOf(":");

            if (delim != -1) {
                String clientId = URLDecoder.decode(token.substring(0, delim), Util.UTF8_STRING_ENCODING);
                String password = URLDecoder.decode(token.substring(delim + 1), Util.UTF8_STRING_ENCODING);
                if (clientService.authenticate(clientId, password)) {
                    final AuthorizationGrant grantOfIntrospectionToken = authorizationGrantList.getAuthorizationGrantByAccessToken(accessToken);
                    if (grantOfIntrospectionToken != null) {
                        if (!grantOfIntrospectionToken.getClientId().equals(clientId)) {
                            log.trace("Failed to match grant object clientId and client id provided during authentication.");
                            return null;
                        }
                        return authorizationGrantList.getAuthorizationGrantByAccessToken(encodedCredentials);
                    }
                } else {
                    log.trace("Failed to perform basic authentication for client: " + clientId);
                }

            }
        }
        return grant;
    }

introspect()

Response org.xdi.oxauth.introspection.ws.rs.IntrospectionWebService.introspect ( String  p_authorization, String  p_token, String  tokenTypeHint  )

inlineprivate

                                                                                              {
        try {
            log.trace("Introspect token, authorization: {}, token to introsppect: {}, tokenTypeHint:", p_authorization, p_token, tokenTypeHint);
            if (StringUtils.isNotBlank(p_authorization) && StringUtils.isNotBlank(p_token)) {
                final AuthorizationGrant authorizationGrant = getAuthorizationGrant(p_authorization, p_token);
                if (authorizationGrant != null) {
                    final AbstractToken authorizationAccessToken = authorizationGrant.getAccessToken(tokenService.getTokenFromAuthorizationParameter(p_authorization));

                    if (authorizationAccessToken != null && authorizationAccessToken.isValid()) {
                        if (ServerUtil.isTrue(appConfiguration.getIntrospectionAccessTokenMustHaveUmaProtectionScope())) { // #562 - make uma_protection optional
                            if (!authorizationGrant.getScopesAsString().contains(UmaScopeType.PROTECTION.getValue())) {
                                log.trace("access_token used to access introspection endpoint does not has uma_protection scope, however in oxauth configuration `checkUmaProtectionScopePresenceDuringIntrospection` is true");
                                return Response.status(Response.Status.UNAUTHORIZED).entity(errorResponseFactory.getErrorAsJson(AuthorizeErrorResponseType.ACCESS_DENIED) + " access_token does not have uma_protection scope which is required by OP configuration.").build();
                            }
                        }
                        final IntrospectionResponse response = new IntrospectionResponse(false);

                        final AuthorizationGrant grantOfIntrospectionToken = authorizationGrantList.getAuthorizationGrantByAccessToken(p_token);
                        if (grantOfIntrospectionToken != null) {
                            final AbstractToken tokenToIntrospect = grantOfIntrospectionToken.getAccessToken(p_token);
                            final User user = grantOfIntrospectionToken.getUser();

                            response.setActive(tokenToIntrospect.isValid());
                            response.setExpiresAt(ServerUtil.dateToSeconds(tokenToIntrospect.getExpirationDate()));
                            response.setIssuedAt(ServerUtil.dateToSeconds(tokenToIntrospect.getCreationDate()));
                            response.setAcrValues(grantOfIntrospectionToken.getAcrValues());
                            response.setScope(grantOfIntrospectionToken.getScopes() != null ? grantOfIntrospectionToken.getScopes() : new ArrayList<String>()); // #433
                            response.setClientId(grantOfIntrospectionToken.getClientId());
                            response.setSub(grantOfIntrospectionToken.getSub());
                            response.setUsername(user != null ? user.getAttribute("displayName") : null);
                            response.setIssuer(appConfiguration.getIssuer());
                            response.setAudience(grantOfIntrospectionToken.getClientId());

                            if (tokenToIntrospect instanceof AccessToken) {
                                AccessToken accessToken = (AccessToken) tokenToIntrospect;
                                response.setTokenType(accessToken.getTokenType() != null ? accessToken.getTokenType().getName() : TokenType.BEARER.getName());
                            }
                        } else {
                            log.error("Failed to find grant for access_token: " + p_token);
                            return Response.status(Response.Status.BAD_REQUEST).entity(errorResponseFactory.getErrorAsJson(AuthorizeErrorResponseType.INVALID_REQUEST)).build();
                        }
                        return Response.status(Response.Status.OK).entity(ServerUtil.asJson(response)).build();
                    } else {
                        log.error("Access token is not valid. Valid: " + (authorizationAccessToken != null && authorizationAccessToken.isValid()));
                        return Response.status(Response.Status.UNAUTHORIZED).entity(errorResponseFactory.getErrorAsJson(AuthorizeErrorResponseType.ACCESS_DENIED)).build();
                    }
                } else {
                    log.error("Authorization grant is null.");
                    return Response.status(Response.Status.UNAUTHORIZED).entity(errorResponseFactory.getErrorAsJson(AuthorizeErrorResponseType.ACCESS_DENIED)).build();
                }
            }
        } catch (Exception e) {
            log.error(e.getMessage(), e);
            return Response.status(Response.Status.INTERNAL_SERVER_ERROR).build();
        }

        return Response.status(Response.Status.BAD_REQUEST).entity(errorResponseFactory.getErrorAsJson(AuthorizeErrorResponseType.INVALID_REQUEST)).build();
    }

introspectGet()

Response org.xdi.oxauth.introspection.ws.rs.IntrospectionWebService.introspectGet ( @HeaderParam("Authorization") String  p_authorization, @QueryParam("token") String  p_token, @QueryParam("token_type_hint") String  tokenTypeHint  )

inline

      {
        return introspect(p_authorization, p_token, tokenTypeHint);
    }

introspectPost()

Response org.xdi.oxauth.introspection.ws.rs.IntrospectionWebService.introspectPost ( @HeaderParam("Authorization") String  p_authorization, @FormParam("token") String  p_token, @FormParam("token_type_hint") String  tokenTypeHint  )

inline

                                                                                       {
        return introspect(p_authorization, p_token, tokenTypeHint);
    }

メンバ詳解

appConfiguration

AppConfiguration org.xdi.oxauth.introspection.ws.rs.IntrospectionWebService.appConfiguration

private

authorizationGrantList

AuthorizationGrantList org.xdi.oxauth.introspection.ws.rs.IntrospectionWebService.authorizationGrantList

private

clientService

ClientService org.xdi.oxauth.introspection.ws.rs.IntrospectionWebService.clientService

private

errorResponseFactory

ErrorResponseFactory org.xdi.oxauth.introspection.ws.rs.IntrospectionWebService.errorResponseFactory

private

log

Logger org.xdi.oxauth.introspection.ws.rs.IntrospectionWebService.log

private

tokenService

TokenService org.xdi.oxauth.introspection.ws.rs.IntrospectionWebService.tokenService

private

---

このクラス詳解は次のファイルから抽出されました:

• D:/AppData/OpenId/gluu/src/oxAuth/Server/src/main/java/org/xdi/oxauth/introspection/ws/rs/IntrospectionWebService.java