org.gluu.oxtrust.api.client.util.UmaAuthorizationClient クラス

org.gluu.oxtrust.api.client.util.UmaAuthorizationClient 連携図

公開メンバ関数
	UmaAuthorizationClient (String domain, String umaAatClientId, String umaAatClientJksPath, String umaAatClientJksPassword, String umaAatClientKeyId)
String	getAuthenticationHeader ()

関数
boolean	authorize (Response response) throws OxTrustAuthorizationException

非公開メンバ関数
boolean	obtainAuthorizedRpt (String asUri, String ticket) throws OxTrustAuthorizationException
String	getAuthorizedRpt (String asUri, String ticket) throws OxTrustAuthorizationException
TokenRequest	getAuthorizationTokenRequest (UmaMetadata umaMetadata) throws OxTrustAuthorizationException

非公開変数類
String	rpt
final String	umaAatClientId
final String	umaAatClientKeyId
final String	umaAatClientJksPath
final String	umaAatClientJksPassword
final ResteasyClient	client

静的非公開変数類
static final Logger	logger = LogManager.getLogger(UmaAuthorizationClient.class)

詳解

UMA token receiving.

著者

Yuriy Movchan

Dmitry Ognyannikov

構築子と解体子

UmaAuthorizationClient()

org.gluu.oxtrust.api.client.util.UmaAuthorizationClient.UmaAuthorizationClient ( String  domain, String  umaAatClientId, String  umaAatClientJksPath, String  umaAatClientJksPassword, String  umaAatClientKeyId  )

inline

Constructs a UmaAuthorizationClient object with the specified parameters and service contract.

引数

domain	The root URL of the oxTrust API service. Usually in the form https://your.gluu-server.com/identity/restv1
umaAatClientId	Requesting party Client Id
umaAatClientJksPath	Path to requesting party jks file in local filesystem
umaAatClientJksPassword	Keystore password
umaAatClientKeyId	Key Id in the keystore. Pass an empty string to use the first key in keystore

                                                                                                                                                              {
        /*
         Configures a proxy to interact with the service using the new JAX-RS 2.0 Client API, see section
         "Resteasy Proxy Framework" of RESTEasy JAX-RS user guide
         */
        client = new ResteasyClientBuilder().build();
        ResteasyWebTarget target = client.target(domain);
        
        
        this.umaAatClientId = umaAatClientId;
        this.umaAatClientJksPath = umaAatClientJksPath;
        this.umaAatClientJksPassword = umaAatClientJksPassword;
        this.umaAatClientKeyId = umaAatClientKeyId;
    }

関数詳解

authorize()

boolean org.gluu.oxtrust.api.client.util.UmaAuthorizationClient.authorize ( Response  response ) throws OxTrustAuthorizationException

inlinepackage

Recomputes a new RPT according to UMA workflow if the response passed as parameter has status code 401 (unauthorized).

引数

response

A Response object corresponding to the request obtained in the previous call to a service method

戻り値

If the parameter passed has a status code different to 401, it returns false. Otherwise it returns the success of the attempt made to get a new RPT

                                                                              {

        boolean value = false;

        if (response.getStatus() == Response.Status.UNAUTHORIZED.getStatusCode()) {

            try {
                String permissionTicketResponse = response.getHeaderString("WWW-Authenticate");
                String permissionTicket = null;
                String asUri = null;

                String[] headerKeyValues = StringHelper.split(permissionTicketResponse, ",");
                for (String headerKeyValue : headerKeyValues) {
                    if (headerKeyValue.startsWith("ticket=")) {
                        permissionTicket = headerKeyValue.substring(7);
                    }
                    if (headerKeyValue.startsWith("as_uri=")) {
                        asUri = headerKeyValue.substring(7);
                    }
                }
                value= !StringHelper.isEmpty(asUri) && !StringHelper.isEmpty(permissionTicket) && obtainAuthorizedRpt(asUri, permissionTicket);
            } catch (Exception e) {
                throw new OxTrustAuthorizationException(e.getMessage(), e);
            }
        }

        return value;
    }

getAuthenticationHeader()

String org.gluu.oxtrust.api.client.util.UmaAuthorizationClient.getAuthenticationHeader ( )

inline

Builds a string suitable for being passed as an authorization header. It does so by prefixing the current Requesting Party Token this object has with the word "Bearer ".

戻り値

String built or null if this instance has no RPT yet

                                            {
        return StringHelper.isEmpty(rpt) ?  null : "Bearer " + rpt;
    }

getAuthorizationTokenRequest()

TokenRequest org.gluu.oxtrust.api.client.util.UmaAuthorizationClient.getAuthorizationTokenRequest ( UmaMetadata  umaMetadata ) throws OxTrustAuthorizationException

inlineprivate

                                                                                                                    {

        try {
            if (StringHelper.isEmpty(umaAatClientJksPath) || StringHelper.isEmpty(umaAatClientJksPassword)) {
                throw new OxTrustAuthorizationException("UMA JKS keystore path or password is empty");
            }
            OxAuthCryptoProvider cryptoProvider;
            try {
                cryptoProvider = new OxAuthCryptoProvider(umaAatClientJksPath, umaAatClientJksPassword, null);
            }
            catch (Exception ex) {
                throw new OxTrustAuthorizationException("Failed to initialize crypto provider");
            }

            String keyId = umaAatClientKeyId;
            if (StringHelper.isEmpty(keyId)) {
                // Get first key
                List<String> aliases = cryptoProvider.getKeyAliases();
                if (aliases.size() > 0) {
                    keyId = aliases.get(0);
                }
            }

            if (StringHelper.isEmpty(keyId)) {
                throw new OxTrustAuthorizationException("UMA keyId is empty");
            }

            TokenRequest tokenRequest = new TokenRequest(GrantType.CLIENT_CREDENTIALS);
            tokenRequest.setAuthenticationMethod(AuthenticationMethod.PRIVATE_KEY_JWT);
            tokenRequest.setAuthUsername(umaAatClientId);
            tokenRequest.setCryptoProvider(cryptoProvider);
            tokenRequest.setAlgorithm(cryptoProvider.getSignatureAlgorithm(keyId));
            tokenRequest.setKeyId(keyId);
            tokenRequest.setAudience(umaMetadata.getTokenEndpoint());

            return tokenRequest;
        } catch (Exception ex) {
            throw new OxTrustAuthorizationException("Failed to get client token", ex);
        }

    }

getAuthorizedRpt()

String org.gluu.oxtrust.api.client.util.UmaAuthorizationClient.getAuthorizedRpt ( String  asUri, String  ticket  ) throws OxTrustAuthorizationException

inlineprivate

                                                                                                      {

        try {
                // Get metadata configuration
                UmaMetadata umaMetadata = UmaClientFactory.instance().createMetadataService(asUri).getMetadata();
            if (umaMetadata == null) {
                throw new OxTrustAuthorizationException(String.format("Failed to load valid UMA metadata configuration from: %s", asUri));
            }

                TokenRequest tokenRequest = getAuthorizationTokenRequest(umaMetadata);
            //No need for claims token. See comments on issue https://github.com/GluuFederation/SCIM-Client/issues/22

            UmaTokenService tokenService = UmaClientFactory.instance().createTokenService(umaMetadata);
            UmaTokenResponse rptResponse = tokenService.requestJwtAuthorizationRpt(ClientAssertionType.JWT_BEARER.toString(), tokenRequest.getClientAssertion(), GrantType.OXAUTH_UMA_TICKET.getValue(), ticket, null, null, null, null, null); //ClaimTokenFormatType.ID_TOKEN.getValue()

            if (rptResponse == null) {
                throw new OxTrustAuthorizationException("UMA RPT token response is invalid");
            }

            if (StringUtils.isBlank(rptResponse.getAccessToken())) {
                throw new OxTrustAuthorizationException("UMA RPT is invalid");
            }
            
            this.rpt = rptResponse.getAccessToken();

            return rpt;
        } catch (Exception ex) {
            throw new OxTrustAuthorizationException(ex.getMessage(), ex);
        }

    }

obtainAuthorizedRpt()

boolean org.gluu.oxtrust.api.client.util.UmaAuthorizationClient.obtainAuthorizedRpt ( String  asUri, String  ticket  ) throws OxTrustAuthorizationException

inlineprivate

                                                                                                          {

        try {
            return StringUtils.isNotBlank(getAuthorizedRpt(asUri, ticket));
        } catch (Exception e) {
            throw new OxTrustAuthorizationException(e.getMessage(), e);
        }

    }

メンバ詳解

client

final ResteasyClient org.gluu.oxtrust.api.client.util.UmaAuthorizationClient.client

private

logger

final Logger org.gluu.oxtrust.api.client.util.UmaAuthorizationClient.logger = LogManager.getLogger(UmaAuthorizationClient.class)

staticprivate

rpt

String org.gluu.oxtrust.api.client.util.UmaAuthorizationClient.rpt

private

umaAatClientId

final String org.gluu.oxtrust.api.client.util.UmaAuthorizationClient.umaAatClientId

private

umaAatClientJksPassword

final String org.gluu.oxtrust.api.client.util.UmaAuthorizationClient.umaAatClientJksPassword

private

umaAatClientJksPath

final String org.gluu.oxtrust.api.client.util.UmaAuthorizationClient.umaAatClientJksPath

private

umaAatClientKeyId

final String org.gluu.oxtrust.api.client.util.UmaAuthorizationClient.umaAatClientKeyId

private

---

このクラス詳解は次のファイルから抽出されました:

• D:/AppData/OpenId/gluu/src/oxTrust/client/src/main/java/org/gluu/oxtrust/api/client/util/UmaAuthorizationClient.java