mitreid-connect
公開メンバ関数 | 静的公開変数類 | 非公開変数類 | 静的非公開変数類 | 全メンバ一覧
org.mitre.uma.web.AuthorizationRequestEndpoint クラス
org.mitre.uma.web.AuthorizationRequestEndpoint 連携図
Collaboration graph

公開メンバ関数

String authorizationRequest (@RequestBody String jsonString, Model m, Authentication auth)
 

静的公開変数類

static final String RPT = "rpt"
 
static final String TICKET = "ticket"
 
static final String URL = "authz_request"
 

非公開変数類

PermissionService permissionService
 
OAuth2TokenEntityService tokenService
 
ClaimsProcessingService claimsProcessingService
 
UmaTokenService umaTokenService
 

静的非公開変数類

static final Logger logger = LoggerFactory.getLogger(AuthorizationRequestEndpoint.class)
 

詳解

著者
jricher

関数詳解

◆ authorizationRequest()

String org.mitre.uma.web.AuthorizationRequestEndpoint.authorizationRequest ( @RequestBody String  jsonString,
Model  m,
Authentication  auth 
)
inline
82  {
83 
84  AuthenticationUtilities.ensureOAuthScope(auth, SystemScopeService.UMA_AUTHORIZATION_SCOPE);
85 
86  JsonParser parser = new JsonParser();
87  JsonElement e = parser.parse(jsonString);
88 
89  if (e.isJsonObject()) {
90  JsonObject o = e.getAsJsonObject();
91 
92  if (o.has(TICKET)) {
93 
94  OAuth2AccessTokenEntity incomingRpt = null;
95  if (o.has(RPT)) {
96  String rptValue = o.get(RPT).getAsString();
97  incomingRpt = tokenService.readAccessToken(rptValue);
98  }
99 
100  String ticketValue = o.get(TICKET).getAsString();
101 
102  PermissionTicket ticket = permissionService.getByTicket(ticketValue);
103 
104  if (ticket != null) {
105  // found the ticket, see if it's any good
106 
107  ResourceSet rs = ticket.getPermission().getResourceSet();
108 
109  if (rs.getPolicies() == null || rs.getPolicies().isEmpty()) {
110  // the required claims are empty, this resource has no way to be authorized
111 
112  m.addAttribute(JsonErrorView.ERROR, "not_authorized");
113  m.addAttribute(JsonErrorView.ERROR_MESSAGE, "This resource set can not be accessed.");
114  m.addAttribute(HttpCodeView.CODE, HttpStatus.FORBIDDEN);
115  return JsonErrorView.VIEWNAME;
116  } else {
117  // claims weren't empty or missing, we need to check against what we have
118 
119  ClaimProcessingResult result = claimsProcessingService.claimsAreSatisfied(rs, ticket);
120 
121 
122  if (result.isSatisfied()) {
123  // the service found what it was looking for, issue a token
124 
125  // we need to downscope this based on the required set that was matched if it was matched
126  OAuth2Authentication o2auth = (OAuth2Authentication) auth;
127 
128  OAuth2AccessTokenEntity token = umaTokenService.createRequestingPartyToken(o2auth, ticket, result.getMatched());
129 
130  // if we have an inbound RPT, throw it out because we're replacing it
131  if (incomingRpt != null) {
132  tokenService.revokeAccessToken(incomingRpt);
133  }
134 
135  Map<String, String> entity = ImmutableMap.of("rpt", token.getValue());
136 
137  m.addAttribute(JsonEntityView.ENTITY, entity);
138 
139  return JsonEntityView.VIEWNAME;
140 
141  } else {
142 
143  // if we got here, the claim didn't match, forward the user to the claim gathering endpoint
144  JsonObject entity = new JsonObject();
145 
146  entity.addProperty(JsonErrorView.ERROR, "need_info");
147  JsonObject details = new JsonObject();
148 
149  JsonObject rpClaims = new JsonObject();
150  rpClaims.addProperty("redirect_user", true);
151  rpClaims.addProperty("ticket", ticketValue);
152  JsonArray req = new JsonArray();
153  for (Claim claim : result.getUnmatched()) {
154  JsonObject c = new JsonObject();
155  c.addProperty("name", claim.getName());
156  c.addProperty("friendly_name", claim.getFriendlyName());
157  c.addProperty("claim_type", claim.getClaimType());
158  JsonArray f = new JsonArray();
159  for (String format : claim.getClaimTokenFormat()) {
160  f.add(new JsonPrimitive(format));
161  }
162  c.add("claim_token_format", f);
163  JsonArray i = new JsonArray();
164  for (String issuer : claim.getIssuer()) {
165  i.add(new JsonPrimitive(issuer));
166  }
167  c.add("issuer", i);
168  req.add(c);
169  }
170  rpClaims.add("required_claims", req);
171  details.add("requesting_party_claims", rpClaims);
172  entity.add("error_details", details);
173 
174  m.addAttribute(JsonEntityView.ENTITY, entity);
175  return JsonEntityView.VIEWNAME;
176  }
177 
178 
179  }
180  } else {
181  // ticket wasn't found, return an error
182  m.addAttribute(HttpStatus.BAD_REQUEST);
183  m.addAttribute(JsonErrorView.ERROR, "invalid_ticket");
184  return JsonErrorView.VIEWNAME;
185  }
186 
187  } else {
188  m.addAttribute(HttpCodeView.CODE, HttpStatus.BAD_REQUEST);
189  m.addAttribute(JsonErrorView.ERROR_MESSAGE, "Missing JSON elements.");
190  return JsonErrorView.VIEWNAME;
191  }
192 
193 
194  } else {
195  m.addAttribute(HttpCodeView.CODE, HttpStatus.BAD_REQUEST);
196  m.addAttribute(JsonErrorView.ERROR_MESSAGE, "Malformed JSON request.");
197  return JsonErrorView.VIEWNAME;
198  }
199 
200  }
org.mitre.uma.web.AuthorizationRequestEndpoint.tokenService
OAuth2TokenEntityService tokenService
Definition: AuthorizationRequestEndpoint.java:73
org.mitre.uma.web.AuthorizationRequestEndpoint.claimsProcessingService
ClaimsProcessingService claimsProcessingService
Definition: AuthorizationRequestEndpoint.java:76
org.mitre.uma.model.Permission.getResourceSet
ResourceSet getResourceSet()
Definition: Permission.java:66
org.mitre.uma.model.PermissionTicket.getPermission
Permission getPermission()
Definition: PermissionTicket.java:91
org.mitre.uma.web.AuthorizationRequestEndpoint.permissionService
PermissionService permissionService
Definition: AuthorizationRequestEndpoint.java:70
org.mitre.uma.web.AuthorizationRequestEndpoint.RPT
static final String RPT
Definition: AuthorizationRequestEndpoint.java:65
org.mitre.uma.web.AuthorizationRequestEndpoint.TICKET
static final String TICKET
Definition: AuthorizationRequestEndpoint.java:66
org.mitre.uma.service.PermissionService.getByTicket
PermissionTicket getByTicket(String ticket)
org.mitre.uma.web.AuthorizationRequestEndpoint.umaTokenService
UmaTokenService umaTokenService
Definition: AuthorizationRequestEndpoint.java:79
org.mitre.oauth2.service.OAuth2TokenEntityService.readAccessToken
OAuth2AccessTokenEntity readAccessToken(String accessTokenValue)
org.mitre.uma.service.UmaTokenService.createRequestingPartyToken
OAuth2AccessTokenEntity createRequestingPartyToken(OAuth2Authentication o2auth, PermissionTicket ticket, Policy policy)
org.mitre.oauth2.service.OAuth2TokenEntityService.revokeAccessToken
void revokeAccessToken(OAuth2AccessTokenEntity accessToken)
org.mitre.uma.service.ClaimsProcessingService.claimsAreSatisfied
ClaimProcessingResult claimsAreSatisfied(ResourceSet rs, PermissionTicket ticket)

メンバ詳解

◆ claimsProcessingService

ClaimsProcessingService org.mitre.uma.web.AuthorizationRequestEndpoint.claimsProcessingService
private

◆ logger

final Logger org.mitre.uma.web.AuthorizationRequestEndpoint.logger = LoggerFactory.getLogger(AuthorizationRequestEndpoint.class)
staticprivate

◆ permissionService

PermissionService org.mitre.uma.web.AuthorizationRequestEndpoint.permissionService
private

◆ RPT

final String org.mitre.uma.web.AuthorizationRequestEndpoint.RPT = "rpt"
static

◆ TICKET

final String org.mitre.uma.web.AuthorizationRequestEndpoint.TICKET = "ticket"
static

◆ tokenService

OAuth2TokenEntityService org.mitre.uma.web.AuthorizationRequestEndpoint.tokenService
private

◆ umaTokenService

UmaTokenService org.mitre.uma.web.AuthorizationRequestEndpoint.umaTokenService
private

◆ URL

final String org.mitre.uma.web.AuthorizationRequestEndpoint.URL = "authz_request"
static
このクラス詳解は次のファイルから抽出されました:
2018年09月27日(木) 21時26分40秒作成 - mitreid-connect / 構成:   doxygen 1.8.13