diff --git a/jans-client-api/common/src/main/java/io/jans/ca/common/Command.java b/jans-client-api/common/src/main/java/io/jans/ca/common/Command.java deleted file mode 100644 index aac3f342610..00000000000 --- a/jans-client-api/common/src/main/java/io/jans/ca/common/Command.java +++ /dev/null @@ -1,84 +0,0 @@ -/** - * All rights reserved -- Copyright 2015 Gluu Inc. - */ -package io.jans.ca.common; - -import com.fasterxml.jackson.annotation.JsonProperty; -import com.fasterxml.jackson.annotation.JsonPropertyOrder; -import com.fasterxml.jackson.databind.JsonNode; -import com.fasterxml.jackson.databind.node.JsonNodeFactory; -import io.jans.ca.common.params.IParams; - -import java.io.Serializable; - -/** - * @author Yuriy Zabrovarnyy - * @version 0.9, 09/08/2013 - */ -@JsonPropertyOrder({"command", "params"}) -public class Command implements Serializable { - - @JsonProperty(value = "command") - private CommandType commandType; - @JsonProperty(value = "params") - private JsonNode params; - - public Command() { - } - - public Command(CommandType p_command) { - commandType = p_command; - } - - public Command(CommandType commandType, JsonNode params) { - this.commandType = commandType; - this.params = params; - } - - public Command(CommandType commandType, IParams params) { - this.commandType = commandType; - this.params = JsonNodeFactory.instance.pojoNode(params); - } - - public CommandType getCommandType() { - return commandType; - } - - public Command setCommandType(CommandType p_commandType) { - commandType = p_commandType; - return this; - } - - public JsonNode getParams() { - return params; - } - - public Command setParams(JsonNode p_params) { - params = p_params; - return this; - } - - public Command setParamsObject(IParams p_params) { - params = JsonNodeFactory.instance.pojoNode(p_params); - return this; - } - - public String paramsAsString() { - return params != null ? params.toString() : ""; - } - - /** - * Returns string representation of object - * - * @return string representation of object - */ - @Override - public String toString() { - final StringBuilder sb = new StringBuilder(); - sb.append("Command"); - sb.append("{command=").append(commandType); - sb.append(", params=").append(params); - sb.append('}'); - return sb.toString(); - } -} diff --git a/jans-client-api/common/src/main/java/io/jans/ca/common/CommandType.java b/jans-client-api/common/src/main/java/io/jans/ca/common/CommandType.java deleted file mode 100644 index f5f3e958854..00000000000 --- a/jans-client-api/common/src/main/java/io/jans/ca/common/CommandType.java +++ /dev/null @@ -1,92 +0,0 @@ -/** - * All rights reserved -- Copyright 2015 Gluu Inc. - */ -package io.jans.ca.common; - -import com.fasterxml.jackson.annotation.JsonCreator; -import com.fasterxml.jackson.annotation.JsonIgnore; -import com.fasterxml.jackson.annotation.JsonValue; -import org.apache.commons.lang.StringUtils; - -import jakarta.ws.rs.core.MediaType; - -/** - * @author Yuriy Zabrovarnyy - */ - -public enum CommandType { - - // Register - REGISTER_SITE("register_site", false, MediaType.APPLICATION_JSON), - UPDATE_SITE("update_site", false, MediaType.APPLICATION_JSON), - REMOVE_SITE("remove_site", false, MediaType.APPLICATION_JSON), - - // Connect (stateful) - GET_AUTHORIZATION_URL("get_authorization_url", true, MediaType.APPLICATION_JSON), - GET_AUTHORIZATION_CODE("get_authorization_code", true, MediaType.APPLICATION_JSON), - GET_TOKENS_BY_CODE("get_tokens_by_code", true, MediaType.APPLICATION_JSON), - GET_USER_INFO("get_user_info", true, MediaType.APPLICATION_JSON), - GET_LOGOUT_URI("get_logout_uri", true, MediaType.APPLICATION_JSON), - GET_ACCESS_TOKEN_BY_REFRESH_TOKEN("get_access_token_by_refresh_token", true, MediaType.APPLICATION_JSON), - INTROSPECT_ACCESS_TOKEN("introspect_access_token", true, MediaType.APPLICATION_JSON), - - VALIDATE("validate", true, MediaType.APPLICATION_JSON), - CHECK_ID_TOKEN("id_token_status", true, MediaType.APPLICATION_JSON), - CHECK_ACCESS_TOKEN("access_token_status", true, MediaType.APPLICATION_JSON), - - // UMA - RS_PROTECT("uma_rs_protect", true, MediaType.APPLICATION_JSON), - RS_MODIFY("uma_rs_modify", true, MediaType.APPLICATION_JSON), - RS_CHECK_ACCESS("uma_rs_check_access", true, MediaType.APPLICATION_JSON), - INTROSPECT_RPT("introspect_rpt", true, MediaType.APPLICATION_JSON), - RP_GET_RPT("uma_rp_get_rpt", true, MediaType.APPLICATION_JSON), - RP_GET_CLAIMS_GATHERING_URL("uma_rp_get_claims_gathering_url", true, MediaType.APPLICATION_JSON), - - // stateless - AUTHORIZATION_CODE_FLOW("authorization_code_flow", true, MediaType.APPLICATION_JSON), - IMPLICIT_FLOW("implicit_flow", true, MediaType.APPLICATION_JSON), - GET_CLIENT_TOKEN("get_client_token", false, MediaType.APPLICATION_JSON), - GET_RP("get_rp", false, MediaType.APPLICATION_JSON), - GET_JWKS("get_jwks", false, MediaType.APPLICATION_JSON), - GET_DISCOVERY("get_discovery", false, MediaType.APPLICATION_JSON), - ISSUER_DISCOVERY("issuer_discovery", false, MediaType.APPLICATION_JSON), - GET_RP_JWKS("get_rp_jwks", false, MediaType.APPLICATION_JSON), - GET_REQUEST_OBJECT_JWT("get_request_object_jwt", false, MediaType.TEXT_PLAIN), - GET_REQUEST_URI("get_request_uri", true, MediaType.APPLICATION_JSON); - - private final String value; - private final boolean authorizationRequired; - private final String returnType; - - CommandType(String value, boolean authorizationRequired, String returnType) { - this.value = value; - this.authorizationRequired = authorizationRequired; - this.returnType = returnType; - } - - @JsonIgnore - public boolean isAuthorizationRequired() { - return authorizationRequired; - } - - @JsonValue - public String getValue() { - return value; - } - - public String getReturnType() { - return returnType; - } - - @JsonCreator - public static CommandType fromValue(String v) { - if (StringUtils.isNotBlank(v)) { - for (CommandType t : values()) { - if (t.getValue().equalsIgnoreCase(v)) { - return t; - } - } - } - return null; - } -} diff --git a/jans-client-api/common/src/main/java/io/jans/ca/common/ErrorResponseCode.java b/jans-client-api/common/src/main/java/io/jans/ca/common/ErrorResponseCode.java index 51f090a05b3..a6b066e9561 100644 --- a/jans-client-api/common/src/main/java/io/jans/ca/common/ErrorResponseCode.java +++ b/jans-client-api/common/src/main/java/io/jans/ca/common/ErrorResponseCode.java @@ -115,8 +115,9 @@ public enum ErrorResponseCode { AT_HASH_NOT_FOUND(500, "at_hash_not_found", "`at_hash` is missing in `ID_TOKEN`."), C_HASH_NOT_FOUND(500, "c_hash_not_found", "`c_hash` is missing in `ID_TOKEN`."), S_HASH_NOT_FOUND(500, "s_hash_not_found", "`s_hash` is missing in `ID_TOKEN`."), - INVALID_AUTHORIZATION_RP_ID(400, "invalid_authorization_rp_id", "`rp_id` in `AuthorizationRpId` header is invalid. The `AuthorizationRpId` header should contain `rp_id` from `protect_commands_with_rp_id` field in jans_client_api.yml."), + INVALID_AUTHORIZATION_RP_ID(400, "invalid_authorization_rp_id", "`rp_id` in `AuthorizationRpId` header is invalid. The `AuthorizationRpId` header should contain `rp_id` from `protect_commands_with_rp_id` field in config."), AUTHORIZATION_RP_ID_NOT_FOUND(400, "authorization_rp_id_not_found", "`rp_id` in `AuthorizationRpId` header is not registered in jans_client_api."), + AUTHORIZATION_RP_ID_HEADER_NOT_FOUND(400, "authorization_rp_id_header_not_found", "`AuthorizationRpId` header is not present or invalid."), NO_CLIENT_ID_RETURNED(500, "no_client_id_returned", "`client_id` is not returned from OP host. Please check OP log file for error (oxauth.log)."), NO_CLIENT_SECRET_RETURNED(500, "no_client_secret_returned", "`client_secret` is not returned from OP host. Please check: 1) OP log file for error (oxauth.log) 2) whether `returnClientSecretOnRead` configuration property is set to true on OP host."), RP_ACCESS_DENIED(403, "rp_access_denied", "The caller is not allowed to make request to jans_client_api. To allow add ip_address of caller in `bind_ip_addresses` field of `jans_client_api.yml`."), diff --git a/jans-client-api/common/src/main/java/io/jans/ca/common/rest/ProtectedApi.java b/jans-client-api/common/src/main/java/io/jans/ca/common/rest/ProtectedApi.java new file mode 100644 index 00000000000..5be4398b167 --- /dev/null +++ b/jans-client-api/common/src/main/java/io/jans/ca/common/rest/ProtectedApi.java @@ -0,0 +1,23 @@ +/* + * Janssen Project software is available under the MIT License (2008). See http://opensource.org/licenses/MIT for full text. + * + * Copyright (c) 2020, Janssen Project + */ + +package io.jans.ca.common.rest; + +import jakarta.ws.rs.NameBinding; + +import java.lang.annotation.ElementType; +import java.lang.annotation.Retention; +import java.lang.annotation.RetentionPolicy; +import java.lang.annotation.Target; + +@NameBinding +@Retention(RetentionPolicy.RUNTIME) +@Target({ ElementType.TYPE, ElementType.METHOD }) +public @interface ProtectedApi { + + String[] scopes() default {}; + +} diff --git a/jans-client-api/common/src/test/java/io/jans/ca/common/JsonTest.java b/jans-client-api/common/src/test/java/io/jans/ca/common/JsonTest.java deleted file mode 100644 index 75e98f2738c..00000000000 --- a/jans-client-api/common/src/test/java/io/jans/ca/common/JsonTest.java +++ /dev/null @@ -1,51 +0,0 @@ -/* - * All rights reserved -- Copyright 2015 Gluu Inc. - */ -package io.jans.ca.common; - -import com.fasterxml.jackson.databind.node.JsonNodeFactory; -import org.testng.Assert; -import org.apache.commons.lang.StringUtils; -import org.testng.annotations.Test; - -import java.io.IOException; - -/** - * @author Yuriy Zabrovarnyy - * @version 0.9, 09/08/2013 - */ - -public class JsonTest { - - @Test - public void testCommandType() throws IOException { - final String json = Jackson2.asJson(CommandType.GET_AUTHORIZATION_URL); - Assert.assertEquals(json, "\"obtain_pat\""); - final CommandType obtainPat = Jackson2.createJsonMapper().readValue(json, CommandType.class); - Assert.assertNotNull(obtainPat); - } - - @Test - public void testCommand() throws IOException { - Command c = new Command(); - c.setCommandType(CommandType.GET_USER_INFO); - c.setParams(JsonNodeFactory.instance.textNode("myParams")); - - final String cJson = Jackson2.asJson(c); - Assert.assertTrue(StringUtils.isNotBlank(cJson)); - - final String json = "{\"command\":\"register_client\",\"params\": {\"discovery_url\":\"\",\n" + - " \"redirect_url\":\"\",\n" + - " \"client_name\":\"\"\n" + - " }\n" + - "}"; - final Command command = Jackson2.createJsonMapper().readValue(json, Command.class); - Assert.assertNotNull(command); - } - - @Test - public void testErrorResponseJson() throws IOException { - final String json = Jackson2.asJson(new ErrorResponse(ErrorResponseCode.INTERNAL_ERROR_UNKNOWN)); - Assert.assertTrue(StringUtils.isNotBlank(json)); - } -} diff --git a/jans-client-api/server/src/main/java/io/jans/ca/server/Processor.java b/jans-client-api/server/src/main/java/io/jans/ca/server/Processor.java deleted file mode 100644 index e478322448f..00000000000 --- a/jans-client-api/server/src/main/java/io/jans/ca/server/Processor.java +++ /dev/null @@ -1,131 +0,0 @@ -/* - * All rights reserved -- Copyright 2015 Gluu Inc. - */ -package io.jans.ca.server; - -import io.jans.ca.common.Command; -import io.jans.ca.common.ErrorResponseCode; -import io.jans.ca.common.params.IParams; -import io.jans.ca.common.response.IOpResponse; -import io.jans.ca.server.op.*; -import io.jans.ca.server.service.ServiceProvider; -import io.jans.ca.server.utils.Convertor; -import jakarta.enterprise.context.ApplicationScoped; -import jakarta.inject.Inject; -import jakarta.ws.rs.ClientErrorException; -import jakarta.ws.rs.WebApplicationException; -import org.slf4j.Logger; - -/** - * client-api operation processor. - * - * @author Yuriy Zabrovarnyy - */ -@ApplicationScoped -public class Processor { - @Inject - Logger logger; - @Inject - ServiceProvider serviceProvider; - - public IOpResponse process(Command command) { - if (command != null) { - try { - final IOperation operation = (IOperation) create(command); - if (operation != null) { - IParams iParams = Convertor.asParams(operation.getParameterClass(), command); - serviceProvider.getValidationService().validate(iParams); - - IOpResponse operationResponse = operation.execute(iParams); - if (operationResponse != null) { - return operationResponse; - } else { - logger.error("No response from operation. Command: {}", command); - } - } else { - logger.error("Operation is not supported! null"); - throw new HttpException(ErrorResponseCode.UNSUPPORTED_OPERATION); - } - } catch (ClientErrorException e) { - throw new WebApplicationException(e.getResponse().readEntity(String.class), e.getResponse().getStatus()); - } catch (WebApplicationException e) { - logger.error(e.getLocalizedMessage(), e); - throw e; - } catch (Throwable e) { - logger.error(e.getMessage(), e); - } - } - throw HttpException.internalError(); - } - - private IOperation create(Command command) { - - if (command != null && command.getCommandType() != null) { - switch (command.getCommandType()) { - case REGISTER_SITE: - return new RegisterSiteOperation(command, serviceProvider); - case UPDATE_SITE: - return new UpdateSiteOperation(command, serviceProvider); - case REMOVE_SITE: - return new RemoveSiteOperation(command, serviceProvider); - case GET_CLIENT_TOKEN: - return new GetClientTokenOperation(command, serviceProvider); - case GET_ACCESS_TOKEN_BY_REFRESH_TOKEN: - return new GetAccessTokenByRefreshTokenOperation(command, serviceProvider); - case INTROSPECT_ACCESS_TOKEN: - return new IntrospectAccessTokenOperation(command, serviceProvider); - case GET_USER_INFO: - return new GetUserInfoOperation(command, serviceProvider); - case GET_JWKS: - return new GetJwksOperation(command, serviceProvider); - case GET_DISCOVERY: - return new GetDiscoveryOperation(command, serviceProvider); - case GET_AUTHORIZATION_URL: - return new GetAuthorizationUrlOperation(command, serviceProvider); - case GET_TOKENS_BY_CODE: - return new GetTokensByCodeOperation(command, serviceProvider); - case GET_LOGOUT_URI: - return new GetLogoutUrlOperation(command, serviceProvider); - case RS_PROTECT: - return new RsProtectOperation(command, serviceProvider); - case RS_CHECK_ACCESS: - return new RsCheckAccessOperation(command, serviceProvider); - case INTROSPECT_RPT: - return new IntrospectRptOperation(command, serviceProvider); - case RP_GET_RPT: - return new RpGetRptOperation(command, serviceProvider); - case RP_GET_CLAIMS_GATHERING_URL: - return new RpGetGetClaimsGatheringUrlOperation(command, serviceProvider); - case GET_RP: - return new GetRpOperation(command, serviceProvider); - case GET_RP_JWKS: - return new GetRpJwksOperation(command, serviceProvider); - case GET_AUTHORIZATION_CODE: - return new GetAuthorizationCodeOperation(command, serviceProvider); - case AUTHORIZATION_CODE_FLOW: - return new AuthorizationCodeFlowOperation(command, serviceProvider); - case GET_REQUEST_OBJECT_JWT: - return new GetRequestObjectOperation(command, serviceProvider); - case RS_MODIFY: - return new RsModifyOperation(command, serviceProvider); - case VALIDATE: - return new ValidateOperation(command, serviceProvider); - case IMPLICIT_FLOW: - return new ImplicitFlowOperation(command, serviceProvider); - case CHECK_ACCESS_TOKEN: - return new CheckAccessTokenOperation(command, serviceProvider); - case CHECK_ID_TOKEN: - return new CheckIdTokenOperation(command, serviceProvider); - case ISSUER_DISCOVERY: - return new GetIssuerOperation(command, serviceProvider); - case GET_REQUEST_URI: - return new GetRequestObjectUriOperation(command, serviceProvider); - } - logger.error("Command is not supported. Command: {}", command); - } else { - logger.error("Command is invalid. Command: {}", command); - } - return null; - } - -} diff --git a/jans-client-api/server/src/main/java/io/jans/ca/server/configuration/AppInitializer.java b/jans-client-api/server/src/main/java/io/jans/ca/server/configuration/AppInitializer.java index 19c52f7e96e..dd6078aa42c 100644 --- a/jans-client-api/server/src/main/java/io/jans/ca/server/configuration/AppInitializer.java +++ b/jans-client-api/server/src/main/java/io/jans/ca/server/configuration/AppInitializer.java @@ -9,8 +9,11 @@ import io.jans.as.common.service.common.ApplicationFactory; import io.jans.as.model.util.SecurityProviderUtility; import io.jans.ca.server.persistence.service.PersistenceServiceImpl; +import io.jans.ca.server.security.service.AuthorizationService; +import io.jans.ca.server.security.service.ClientApiAuthorizationService; import io.jans.ca.server.service.RpService; import io.jans.ca.server.service.logger.LoggerServiceImpl; +import io.jans.exception.ConfigurationException; import io.jans.orm.PersistenceEntryManager; import io.jans.orm.PersistenceEntryManagerFactory; import io.jans.orm.model.PersistenceConfiguration; @@ -20,6 +23,7 @@ import io.jans.service.cdi.event.LdapConfigurationReload; import io.jans.service.cdi.util.CdiUtil; import io.jans.service.timer.QuartzSchedulerManager; +import io.jans.util.StringHelper; import io.jans.util.security.PropertiesDecrypter; import io.jans.util.security.StringEncrypter; import jakarta.enterprise.context.ApplicationScoped; @@ -32,6 +36,10 @@ import jakarta.inject.Inject; import jakarta.inject.Named; import jakarta.servlet.ServletContext; +import org.jboss.resteasy.plugins.providers.RegisterBuiltin; +import org.jboss.resteasy.plugins.providers.jackson.ResteasyJackson2Provider; +import org.jboss.resteasy.plugins.server.servlet.ResteasyContextParameters; +import org.jboss.resteasy.spi.ResteasyProviderFactory; import org.slf4j.Logger; import java.util.Properties; @@ -49,6 +57,8 @@ public class AppInitializer { @Named(ApplicationFactory.PERSISTENCE_ENTRY_MANAGER_NAME) Instance persistenceEntryManagerInstance; @Inject + private Instance authorizationServiceInstance; + @Inject BeanManager beanManager; @Inject @@ -84,11 +94,16 @@ public void onStart(@Observes @Initialized(ApplicationScoped.class) Object init) logger.info("============= STARTING CLIENT API APPLICATION ========================"); logger.info("init:{}", init); - SecurityProviderUtility.installBCProvider(); + // Resteasy config - Turn off the default patch filter + System.setProperty(ResteasyContextParameters.RESTEASY_PATCH_FILTER_DISABLED, "true"); + ResteasyProviderFactory instance = ResteasyProviderFactory.getInstance(); + RegisterBuiltin.register(instance); + instance.registerProvider(ResteasyJackson2Provider.class); // configuration configurationFactory.create(); persistenceEntryManagerInstance.get(); + this.createAuthorizationService(); // Initialize python interpreter pythonService.initPythonInterpreter(configurationFactory.getBaseConfiguration().getString("pythonModulesDir", null)); @@ -157,22 +172,33 @@ public PersistenceEntryManager createPersistenceEntryManager() throws Interrupte } + @Produces + @ApplicationScoped + @Named("authorizationService") + private AuthorizationService createAuthorizationService() { + logger.info("============= AppInitializer::createAuthorizationService() ================ "); + try { + return authorizationServiceInstance.select(ClientApiAuthorizationService.class).get(); + } catch (Exception ex) { + if (logger.isErrorEnabled()) { + logger.error("Failed to create AuthorizationService instance - exception:{} ", ex); + } + throw new ConfigurationException("Failed to create AuthorizationService instance , ", ex); + } + } + public void recreatePersistanceEntryManager(@Observes @LdapConfigurationReload String event) { closePersistenceEntryManager(); PersistenceEntryManager ldapEntryManager = persistenceEntryManagerInstance.get(); persistenceEntryManagerInstance.destroy(ldapEntryManager); - logger.debug("Recreated instance {} with operation service: {} - event:{}", ldapEntryManager, - ldapEntryManager.getOperationService(), event); + logger.debug("Recreated instance {} with operation service: {} - event:{}", ldapEntryManager, ldapEntryManager.getOperationService(), event); } private void closePersistenceEntryManager() { - PersistenceEntryManager oldInstance = CdiUtil.getContextBean(beanManager, PersistenceEntryManager.class, - ApplicationFactory.PERSISTENCE_ENTRY_MANAGER_NAME); - if (oldInstance == null || oldInstance.getOperationService() == null) - return; + PersistenceEntryManager oldInstance = CdiUtil.getContextBean(beanManager, PersistenceEntryManager.class, ApplicationFactory.PERSISTENCE_ENTRY_MANAGER_NAME); + if (oldInstance == null || oldInstance.getOperationService() == null) return; - logger.debug("Attempting to destroy {} with operation service: {}", oldInstance, - oldInstance.getOperationService()); + logger.debug("Attempting to destroy {} with operation service: {}", oldInstance, oldInstance.getOperationService()); oldInstance.destroy(); logger.debug("Destroyed {} with operation service: {}", oldInstance, oldInstance.getOperationService()); } diff --git a/jans-client-api/server/src/main/java/io/jans/ca/server/filter/AuthorizationFilter.java b/jans-client-api/server/src/main/java/io/jans/ca/server/filter/AuthorizationFilter.java new file mode 100644 index 00000000000..1a036e463ad --- /dev/null +++ b/jans-client-api/server/src/main/java/io/jans/ca/server/filter/AuthorizationFilter.java @@ -0,0 +1,82 @@ +/* + * Janssen Project software is available under the MIT License (2008). See http://opensource.org/licenses/MIT for full text. + * + * Copyright (c) 2020, Janssen Project + */ + +package io.jans.ca.server.filter; + +import io.jans.ca.server.security.service.AuthorizationService; +import io.jans.ca.common.rest.ProtectedApi; +import jakarta.annotation.Priority; +import jakarta.inject.Inject; +import jakarta.servlet.http.HttpServletRequest; +import jakarta.ws.rs.Priorities; +import jakarta.ws.rs.container.ContainerRequestContext; +import jakarta.ws.rs.container.ContainerRequestFilter; +import jakarta.ws.rs.container.ResourceInfo; +import jakarta.ws.rs.core.Context; +import jakarta.ws.rs.core.HttpHeaders; +import jakarta.ws.rs.core.Response; +import jakarta.ws.rs.core.UriInfo; +import jakarta.ws.rs.ext.Provider; +import org.apache.commons.io.IOUtils; +import org.slf4j.Logger; +import org.slf4j.LoggerFactory; + +import java.io.IOException; + +@Provider +@ProtectedApi +@Priority(Priorities.AUTHENTICATION) +public class AuthorizationFilter implements ContainerRequestFilter { + + private static final String AUTHENTICATION_SCHEME = "Bearer"; + private static final String AUTHORIZATION_RP_ID = "AuthorizationRpId"; + + private static final Logger log = LoggerFactory.getLogger(AuthorizationFilter.class); + + @Context + UriInfo info; + + @Context + HttpServletRequest request; + + @Context + private HttpHeaders httpHeaders; + + @Inject + AuthorizationService authorizationService; + + @SuppressWarnings({"all"}) + public void filter(ContainerRequestContext context) { + log.info("======================================================================="); + log.info("====== context = " + context + " , info.getAbsolutePath() = " + info.getAbsolutePath() + + " , info.getRequestUri() = " + info.getRequestUri() + "\n\n"); + log.info("====== info.getBaseUri()=" + info.getBaseUri() + " info.getPath()=" + info.getPath() + + " info.toString()=" + info.toString()); + log.info("====== request.getContextPath()=" + request.getContextPath() + " request.getRequestURI()=" + + request.getRequestURI() + " request.toString() " + request.toString()); + + log.info("======" + context.getMethod() + " " + info.getPath() + " FROM IP " + request.getRemoteAddr()); + log.info("======PERFORMING AUTHORIZATION========================================="); + String authorizationHeader = context.getHeaderString(HttpHeaders.AUTHORIZATION); + String authorizationRpIdHeader = context.getHeaderString(AUTHORIZATION_RP_ID); + + log.info("\n\n\n AuthorizationFilter::filter() - authorizationHeader = " + authorizationHeader + " , authorizationRpIdHeader = " + + authorizationRpIdHeader + " \n\n\n"); + try { + authorizationService.processAuthorization(info.getPath(), context.getMethod(), request.getRemoteAddr(), authorizationHeader, authorizationRpIdHeader); + log.info("======AUTHORIZATION GRANTED==========================================="); + } catch (Exception ex) { + log.error("======AUTHORIZATION FAILED ===========================================", ex); + abortWithUnauthorized(context, ex.getMessage()); + } + } + + private void abortWithUnauthorized(ContainerRequestContext requestContext, String errMsg) { + requestContext.abortWith(Response.status(Response.Status.UNAUTHORIZED).entity(errMsg) + .header(HttpHeaders.WWW_AUTHENTICATE, AUTHENTICATION_SCHEME).build()); + } + +} diff --git a/jans-client-api/server/src/main/java/io/jans/ca/server/op/AuthorizationCodeFlowOperation.java b/jans-client-api/server/src/main/java/io/jans/ca/server/op/AuthorizationCodeFlowOperation.java index 9ff89aa72b7..b42f346b017 100644 --- a/jans-client-api/server/src/main/java/io/jans/ca/server/op/AuthorizationCodeFlowOperation.java +++ b/jans-client-api/server/src/main/java/io/jans/ca/server/op/AuthorizationCodeFlowOperation.java @@ -10,13 +10,13 @@ import io.jans.as.model.common.Prompt; import io.jans.as.model.common.ResponseType; import io.jans.as.model.util.Util; -import io.jans.ca.common.Command; import io.jans.ca.common.params.AuthorizationCodeFlowParams; import io.jans.ca.common.response.AuthorizationCodeFlowResponse; import io.jans.ca.common.response.IOpResponse; import io.jans.ca.server.service.DiscoveryService; -import io.jans.ca.server.service.HttpService; -import io.jans.ca.server.service.ServiceProvider; +import jakarta.inject.Inject; +import jakarta.servlet.http.HttpServletRequest; +import jakarta.ws.rs.core.MediaType; import org.apache.commons.lang.StringUtils; import org.slf4j.Logger; import org.slf4j.LoggerFactory; @@ -34,18 +34,11 @@ public class AuthorizationCodeFlowOperation extends BaseOperation { private static final Logger LOG = LoggerFactory.getLogger(AuthorizationCodeFlowOperation.class); - - private DiscoveryService discoveryService; - private HttpService httpService; - - public AuthorizationCodeFlowOperation(Command command, ServiceProvider serviceProvider) { - super(command, serviceProvider, AuthorizationCodeFlowParams.class); - this.discoveryService = serviceProvider.getDiscoveryService(); - this.httpService = serviceProvider.getHttpService(); - } + @Inject + DiscoveryService discoveryService; @Override - public IOpResponse execute(AuthorizationCodeFlowParams params) { + public IOpResponse execute(AuthorizationCodeFlowParams params, HttpServletRequest httpServletRequest) { final OpenIdConfigurationResponse discovery = discoveryService.getConnectDiscoveryResponseByRpId(params.getRpId()); if (discovery != null) { return requestToken(discovery, params); @@ -54,6 +47,16 @@ public IOpResponse execute(AuthorizationCodeFlowParams params) { return null; } + @Override + public Class getParameterClass() { + return AuthorizationCodeFlowParams.class; + } + + @Override + public String getReturnType() { + return MediaType.APPLICATION_JSON; + } + private AuthorizationCodeFlowResponse requestToken(OpenIdConfigurationResponse discovery, AuthorizationCodeFlowParams params) { // 1. Request authorization and receive the authorization code. final List responseTypes = new ArrayList(); diff --git a/jans-client-api/server/src/main/java/io/jans/ca/server/op/BaseOperation.java b/jans-client-api/server/src/main/java/io/jans/ca/server/op/BaseOperation.java index 1d117378cf8..ed5ea923759 100644 --- a/jans-client-api/server/src/main/java/io/jans/ca/server/op/BaseOperation.java +++ b/jans-client-api/server/src/main/java/io/jans/ca/server/op/BaseOperation.java @@ -3,134 +3,175 @@ */ package io.jans.ca.server.op; +import com.fasterxml.jackson.databind.JsonNode; +import com.fasterxml.jackson.databind.node.JsonNodeFactory; import io.jans.as.model.crypto.AuthCryptoProvider; -import io.jans.ca.common.Command; +import io.jans.as.model.util.Util; import io.jans.ca.common.ErrorResponseCode; +import io.jans.ca.common.Jackson2; import io.jans.ca.common.params.HasRpIdParams; import io.jans.ca.common.params.IParams; +import io.jans.ca.common.response.IOpResponse; +import io.jans.ca.common.response.POJOResponse; import io.jans.ca.server.HttpException; import io.jans.ca.server.configuration.ApiAppConfiguration; import io.jans.ca.server.configuration.model.Rp; import io.jans.ca.server.persistence.service.MainPersistenceService; -import io.jans.ca.server.service.*; +import io.jans.ca.server.service.HttpService; +import io.jans.ca.server.service.RpSyncService; +import io.jans.ca.server.service.ValidationService; import io.jans.ca.server.utils.Convertor; - -/** - * Base abstract class for all operations. - * - * @author Yuriy Zabrovarnyy - * @version 0.9, 09/08/2013 - */ - +import jakarta.enterprise.context.RequestScoped; +import jakarta.inject.Inject; +import jakarta.inject.Named; +import jakarta.servlet.http.HttpServletRequest; +import jakarta.ws.rs.ClientErrorException; +import jakarta.ws.rs.WebApplicationException; +import jakarta.ws.rs.core.MediaType; +import jakarta.ws.rs.core.Response; +import org.slf4j.Logger; +import org.slf4j.LoggerFactory; + +import java.io.IOException; +import java.util.List; + +@RequestScoped +@Named public abstract class BaseOperation implements IOperation { - private final Command command; - private final Class parameterClass; - private final T params; + private static final Logger LOG = LoggerFactory.getLogger(BaseOperation.class); - private ServiceProvider serviceProvider; + private static final String LOCALHOST_IP_ADDRESS = "127.0.0.1"; - protected BaseOperation(Command command, ServiceProvider serviceProvider, Class parameterClass) { - this.command = command; - this.parameterClass = parameterClass; - this.params = Convertor.asParams(parameterClass, command); - this.serviceProvider = serviceProvider; - } + @Inject + ValidationService validationService; + @Inject + RpSyncService rpSyncService; + @Inject + HttpService httpService; + @Inject + MainPersistenceService jansConfigurationService; - @Override - public Class getParameterClass() { - return parameterClass; - } + public Response process(String paramsAsString, HttpServletRequest httpRequest) { + String endPointUrl = httpRequest.getRequestURL().toString(); + LOG.info("Endpoint: {}", endPointUrl); + LOG.info("Request parameters: {}", paramsAsString); - public T getParams() { - return params; - } + validateIpAddressAllowed(httpRequest.getRemoteAddr()); + Object forJsonConversion = getObjectForJsonConversion(paramsAsString, getParameterClass(), httpRequest); + String response = null; - public AuthCryptoProvider getCryptoProvider() throws Exception { - ApiAppConfiguration conf = serviceProvider.getJansConfigurationService().find(); - return new AuthCryptoProvider(conf.getCryptProviderKeyStorePath(), conf.getCryptProviderKeyStorePassword(), conf.getCryptProviderDnName()); - } - - public Rp getRp() { - if (params instanceof HasRpIdParams) { - serviceProvider.getValidationService().validate((HasRpIdParams) params); - HasRpIdParams hasRpId = (HasRpIdParams) params; - return serviceProvider.getRpSyncService().getRp(hasRpId.getRpId()); + if (getReturnType().equalsIgnoreCase(MediaType.APPLICATION_JSON)) { + response = Jackson2.asJsonSilently(forJsonConversion); + } else if (getReturnType().equalsIgnoreCase(MediaType.TEXT_PLAIN)) { + response = forJsonConversion.toString(); } - throw new HttpException(ErrorResponseCode.BAD_REQUEST_NO_RP_ID); - } - - /** - * Returns command - * - * @return command - */ - public Command getCommand() { - return command; - } - - public ValidationService getValidationService() { - return serviceProvider.getValidationService(); - } - - public HttpService getHttpService() { - return serviceProvider.getHttpService(); + LOG.trace("Send back response: {}", response); + return Response.ok(response).build(); } + private Object getObjectForJsonConversion(String paramsAsString, Class paramsClass, HttpServletRequest httpRequest) { + LOG.trace("Command: {}", paramsAsString); + T params = read(safeToJson(paramsAsString), paramsClass); + JsonNode jsonNodeParams = JsonNodeFactory.instance.pojoNode(params); - public RpSyncService getRpSyncService() { - return serviceProvider.getRpSyncService(); + final IOpResponse response = internProcess(jsonNodeParams, httpRequest); + Object forJsonConversion = response; + if (response instanceof POJOResponse) { + forJsonConversion = ((POJOResponse) response).getNode(); + } + return forJsonConversion; + } + + private IOpResponse internProcess(JsonNode jsonNodeParams, HttpServletRequest httpRequest) { + try { + IParams iParams = Convertor.asParams(getParameterClass(), jsonNodeParams); + validationService.validate(iParams); + + IOpResponse operationResponse = execute((T) iParams, httpRequest); + if (operationResponse != null) { + return operationResponse; + } else { + LOG.error("No response from operation. Endpoint: {}", httpRequest.getRequestURL().toString()); + } + } catch (ClientErrorException e) { + throw new WebApplicationException(e.getResponse().readEntity(String.class), e.getResponse().getStatus()); + } catch (WebApplicationException e) { + LOG.error(e.getLocalizedMessage(), e); + throw e; + } catch (Throwable e) { + LOG.error(e.getMessage(), e); + } + throw HttpException.internalError(); } - - public DiscoveryService getDiscoveryService() { - return serviceProvider.getDiscoveryService(); + public T read(String params, Class clazz) { + try { + return Jackson2.createJsonMapper().readValue(params, clazz); + } catch (IOException e) { + throw new WebApplicationException(Response.status(Response.Status.BAD_REQUEST).entity("Invalid parameters. Message: " + e.getMessage()).build()); + } } - - public RpService getRpService() { - return serviceProvider.getRpService(); + private String safeToJson(String jsonString) { + return Util.isNullOrEmpty(jsonString) ? "{}" : jsonString; } - - public IntrospectionService getIntrospectionService() { - return serviceProvider.getIntrospectionService(); + public Rp getRp(T params) { + if (params instanceof HasRpIdParams) { + validationService.validate((HasRpIdParams) params); + HasRpIdParams hasRpId = (HasRpIdParams) params; + return rpSyncService.getRp(hasRpId.getRpId()); + } + throw new HttpException(ErrorResponseCode.BAD_REQUEST_NO_RP_ID); } + private void validateIpAddressAllowed(String callerIpAddress) { + LOG.trace("Checking if caller ipAddress : {} is allowed to make request to jans_client_api.", callerIpAddress); + final ApiAppConfiguration conf = jansConfigurationService.find(); + List bindIpAddresses = conf.getBindIpAddresses(); - public MainPersistenceService getJansConfigurationService() { - return serviceProvider.getJansConfigurationService(); - } - + //localhost as default bindAddress + if ((bindIpAddresses == null || bindIpAddresses.isEmpty()) && LOCALHOST_IP_ADDRESS.equalsIgnoreCase(callerIpAddress)) { + return; + } + //show error if ip_address of a remote caller is not set in `bind_ip_addresses` + if (bindIpAddresses == null || bindIpAddresses.isEmpty()) { + LOG.error("The caller is not allowed to make request to jans_client_api. To allow add ip_address of caller in `bind_ip_addresses` array of configuration."); + throw new HttpException(ErrorResponseCode.RP_ACCESS_DENIED); + } + //allow all ip_address + if (bindIpAddresses.contains("*")) { + return; + } - public StateService getStateService() { - return serviceProvider.getStateService(); + if (bindIpAddresses.contains(callerIpAddress)) { + return; + } + LOG.error("The caller is not allowed to make request to jans_client_api. To allow add ip_address of caller in `bind_ip_addresses` array of configuration."); + throw new HttpException(ErrorResponseCode.RP_ACCESS_DENIED); } - - public UmaTokenService getUmaTokenService() { - return serviceProvider.getUmaTokenService(); + public AuthCryptoProvider getCryptoProvider() throws Exception { + ApiAppConfiguration conf = getJansConfigurationService().find(); + return new AuthCryptoProvider(conf.getCryptProviderKeyStorePath(), conf.getCryptProviderKeyStorePassword(), conf.getCryptProviderDnName()); } - - public KeyGeneratorService getKeyGeneratorService() { - return serviceProvider.getKeyGeneratorService(); + public HttpService getHttpService() { + return httpService; } - - public PublicOpKeyService getPublicOpKeyService() { - return serviceProvider.getPublicOpKeyService(); + public MainPersistenceService getJansConfigurationService() { + return jansConfigurationService; } - - public RequestObjectService getRequestObjectService() { - return serviceProvider.getRequestObjectService(); + public ValidationService getValidationService() { + return validationService; } - public OpClientFactory getOpClientFactory() { - return serviceProvider.getOpClientFactory(); + public RpSyncService getRpSyncService() { + return rpSyncService; } - } diff --git a/jans-client-api/server/src/main/java/io/jans/ca/server/op/CheckAccessTokenOperation.java b/jans-client-api/server/src/main/java/io/jans/ca/server/op/CheckAccessTokenOperation.java index d93e979dc74..9af4119a59d 100644 --- a/jans-client-api/server/src/main/java/io/jans/ca/server/op/CheckAccessTokenOperation.java +++ b/jans-client-api/server/src/main/java/io/jans/ca/server/op/CheckAccessTokenOperation.java @@ -11,12 +11,13 @@ import io.jans.as.model.jwt.Jwt; import io.jans.as.model.jwt.JwtClaimName; import io.jans.as.model.jwt.JwtHeaderName; -import io.jans.ca.common.Command; import io.jans.ca.common.params.CheckAccessTokenParams; import io.jans.ca.common.response.CheckAccessTokenResponse; import io.jans.ca.common.response.IOpResponse; import io.jans.ca.server.service.DiscoveryService; -import io.jans.ca.server.service.ServiceProvider; +import jakarta.inject.Inject; +import jakarta.servlet.http.HttpServletRequest; +import jakarta.ws.rs.core.MediaType; import org.slf4j.Logger; import org.slf4j.LoggerFactory; @@ -31,15 +32,11 @@ public class CheckAccessTokenOperation extends BaseOperation getParameterClass() { + return CheckAccessTokenParams.class; + } + + @Override + public String getReturnType() { + return MediaType.APPLICATION_JSON; + } + private boolean isAccessTokenValid(String p_accessToken, Jwt jwt, OpenIdConfigurationResponse discoveryResponse) { try { final String algorithm = jwt.getHeader().getClaimAsString(JwtHeaderName.ALGORITHM); diff --git a/jans-client-api/server/src/main/java/io/jans/ca/server/op/CheckIdTokenOperation.java b/jans-client-api/server/src/main/java/io/jans/ca/server/op/CheckIdTokenOperation.java index 4d1a53c3322..e52a454d645 100644 --- a/jans-client-api/server/src/main/java/io/jans/ca/server/op/CheckIdTokenOperation.java +++ b/jans-client-api/server/src/main/java/io/jans/ca/server/op/CheckIdTokenOperation.java @@ -4,14 +4,17 @@ import io.jans.as.model.common.ResponseType; import io.jans.as.model.jwt.Jwt; import io.jans.as.model.jwt.JwtClaimName; -import io.jans.ca.common.Command; import io.jans.ca.common.params.CheckIdTokenParams; import io.jans.ca.common.response.CheckIdTokenResponse; import io.jans.ca.common.response.IOpResponse; import io.jans.ca.server.HttpException; import io.jans.ca.server.Utils; import io.jans.ca.server.configuration.model.Rp; -import io.jans.ca.server.service.ServiceProvider; +import io.jans.ca.server.service.DiscoveryService; +import io.jans.ca.server.service.PublicOpKeyService; +import jakarta.inject.Inject; +import jakarta.servlet.http.HttpServletRequest; +import jakarta.ws.rs.core.MediaType; import org.slf4j.Logger; import org.slf4j.LoggerFactory; @@ -26,23 +29,26 @@ public class CheckIdTokenOperation extends BaseOperation { private static final Logger LOG = LoggerFactory.getLogger(CheckIdTokenOperation.class); - public CheckIdTokenOperation(Command command, ServiceProvider serviceProvider) { - super(command, serviceProvider, CheckIdTokenParams.class); - } + @Inject + DiscoveryService discoveryService; + @Inject + OpClientFactoryImpl opClientFactory; + @Inject + PublicOpKeyService publicOpKeyService; @Override - public IOpResponse execute(CheckIdTokenParams params) { + public IOpResponse execute(CheckIdTokenParams params, HttpServletRequest httpServletRequest) { try { - OpenIdConfigurationResponse discoveryResponse = getDiscoveryService().getConnectDiscoveryResponseByRpId(params.getRpId()); + OpenIdConfigurationResponse discoveryResponse = discoveryService.getConnectDiscoveryResponseByRpId(params.getRpId()); - final Rp rp = getRp(); + final Rp rp = getRp(params); final String idToken = params.getIdToken(); final Jwt jwt = Jwt.parse(idToken); final Validator validator = new Validator.Builder() .discoveryResponse(discoveryResponse) .idToken(jwt) - .keyService(getPublicOpKeyService()) - .opClientFactory(getOpClientFactory()) + .keyService(publicOpKeyService) + .opClientFactory(opClientFactory) .rpServerConfiguration(getJansConfigurationService().find()) .rp(rp) .build(); @@ -71,4 +77,15 @@ public IOpResponse execute(CheckIdTokenParams params) { public static boolean atHashCheckRequired(List responseTypes) { return responseTypes.stream().anyMatch(s -> ResponseType.fromString(s, " ").contains(ResponseType.TOKEN)); } + + @Override + public Class getParameterClass() { + return CheckIdTokenParams.class; + } + + @Override + public String getReturnType() { + return MediaType.APPLICATION_JSON; + } + } diff --git a/jans-client-api/server/src/main/java/io/jans/ca/server/op/GetAccessTokenByRefreshTokenOperation.java b/jans-client-api/server/src/main/java/io/jans/ca/server/op/GetAccessTokenByRefreshTokenOperation.java index 46a3d163145..b5f56b907eb 100644 --- a/jans-client-api/server/src/main/java/io/jans/ca/server/op/GetAccessTokenByRefreshTokenOperation.java +++ b/jans-client-api/server/src/main/java/io/jans/ca/server/op/GetAccessTokenByRefreshTokenOperation.java @@ -5,7 +5,6 @@ import io.jans.as.client.TokenClient; import io.jans.as.client.TokenResponse; import io.jans.as.model.util.Util; -import io.jans.ca.common.Command; import io.jans.ca.common.ErrorResponseCode; import io.jans.ca.common.params.GetAccessTokenByRefreshTokenParams; import io.jans.ca.common.response.GetClientTokenResponse; @@ -14,31 +13,31 @@ import io.jans.ca.server.Utils; import io.jans.ca.server.configuration.model.Rp; import io.jans.ca.server.service.DiscoveryService; -import io.jans.ca.server.service.ServiceProvider; +import jakarta.enterprise.context.RequestScoped; +import jakarta.inject.Inject; +import jakarta.inject.Named; +import jakarta.servlet.http.HttpServletRequest; +import jakarta.ws.rs.core.MediaType; import org.slf4j.Logger; import org.slf4j.LoggerFactory; import java.io.UnsupportedEncodingException; import java.util.Set; -/** - * @author yuriyz - */ +@RequestScoped +@Named public class GetAccessTokenByRefreshTokenOperation extends BaseOperation { private static final Logger LOG = LoggerFactory.getLogger(GetAccessTokenByRefreshTokenOperation.class); - private DiscoveryService discoveryService; - public GetAccessTokenByRefreshTokenOperation(Command command, ServiceProvider serviceProvider) { - super(command, serviceProvider, GetAccessTokenByRefreshTokenParams.class); - this.discoveryService = serviceProvider.getDiscoveryService(); - } + @Inject + DiscoveryService discoveryService; @Override - public IOpResponse execute(GetAccessTokenByRefreshTokenParams params) { + public IOpResponse execute(GetAccessTokenByRefreshTokenParams params, HttpServletRequest httpServletRequest) { try { validate(params); - final Rp rp = getRp(); + final Rp rp = getRp(params); final TokenClient tokenClient = new TokenClient(discoveryService.getConnectDiscoveryResponse(rp).getTokenEndpoint()); tokenClient.setExecutor(discoveryService.getHttpService().getClientEngine()); final TokenResponse tokenResponse = tokenClient.execRefreshToken(scopeAsString(params), params.getRefreshToken(), rp.getClientId(), rp.getClientSecret()); @@ -66,6 +65,16 @@ public IOpResponse execute(GetAccessTokenByRefreshTokenParams params) { throw HttpException.internalError(); } + @Override + public Class getParameterClass() { + return GetAccessTokenByRefreshTokenParams.class; + } + + @Override + public String getReturnType() { + return MediaType.APPLICATION_JSON; + } + private String scopeAsString(GetAccessTokenByRefreshTokenParams params) throws UnsupportedEncodingException { Set scope = Sets.newHashSet(); diff --git a/jans-client-api/server/src/main/java/io/jans/ca/server/op/GetAuthorizationCodeOperation.java b/jans-client-api/server/src/main/java/io/jans/ca/server/op/GetAuthorizationCodeOperation.java index 23a63a2adec..d7ded10894f 100644 --- a/jans-client-api/server/src/main/java/io/jans/ca/server/op/GetAuthorizationCodeOperation.java +++ b/jans-client-api/server/src/main/java/io/jans/ca/server/op/GetAuthorizationCodeOperation.java @@ -7,7 +7,6 @@ import io.jans.as.client.AuthorizeClient; import io.jans.as.model.common.Prompt; import io.jans.as.model.common.ResponseType; -import io.jans.ca.common.Command; import io.jans.ca.common.ErrorResponseCode; import io.jans.ca.common.params.GetAuthorizationCodeParams; import io.jans.ca.common.response.GetAuthorizationCodeResponse; @@ -15,40 +14,33 @@ import io.jans.ca.server.HttpException; import io.jans.ca.server.configuration.model.Rp; import io.jans.ca.server.service.DiscoveryService; -import io.jans.ca.server.service.HttpService; -import io.jans.ca.server.service.ServiceProvider; import io.jans.ca.server.service.StateService; +import jakarta.enterprise.context.RequestScoped; +import jakarta.inject.Inject; +import jakarta.inject.Named; +import jakarta.servlet.http.HttpServletRequest; +import jakarta.ws.rs.core.MediaType; import org.slf4j.Logger; import org.slf4j.LoggerFactory; import java.util.List; import java.util.UUID; -/** - * @author Yuriy Zabrovarnyy - * @version 0.9, 06/10/2015 - */ - +@RequestScoped +@Named public class GetAuthorizationCodeOperation extends BaseOperation { private static final Logger LOG = LoggerFactory.getLogger(GetAuthorizationCodeOperation.class); - + @Inject DiscoveryService discoveryService; - HttpService httpService; + @Inject OpClientFactoryImpl opClientFactory; + @Inject StateService stateService; - public GetAuthorizationCodeOperation(Command pCommand, ServiceProvider serviceProvider) { - super(pCommand, serviceProvider, GetAuthorizationCodeParams.class); - this.discoveryService = serviceProvider.getDiscoveryService(); - this.stateService = serviceProvider.getStateService(); - this.opClientFactory = serviceProvider.getOpClientFactory(); - this.httpService = serviceProvider.getHttpService(); - } - @Override - public IOpResponse execute(GetAuthorizationCodeParams params) { - final Rp rp = getRp(); + public IOpResponse execute(GetAuthorizationCodeParams params, HttpServletRequest httpServletRequest) { + final Rp rp = getRp(params); String nonce = Strings.isNullOrEmpty(params.getNonce()) ? UUID.randomUUID().toString() : params.getNonce(); String state = Strings.isNullOrEmpty(params.getState()) ? UUID.randomUUID().toString() : params.getState(); @@ -80,6 +72,16 @@ public IOpResponse execute(GetAuthorizationCodeParams params) { } } + @Override + public Class getParameterClass() { + return GetAuthorizationCodeParams.class; + } + + @Override + public String getReturnType() { + return MediaType.APPLICATION_JSON; + } + private List acrValues(GetAuthorizationCodeParams params, Rp rp) { List acrs = Lists.newArrayList(); if (params.getAcrValues() != null && !params.getAcrValues().isEmpty()) { diff --git a/jans-client-api/server/src/main/java/io/jans/ca/server/op/GetAuthorizationUrlOperation.java b/jans-client-api/server/src/main/java/io/jans/ca/server/op/GetAuthorizationUrlOperation.java index 2297f001f69..8b74cac0d62 100644 --- a/jans-client-api/server/src/main/java/io/jans/ca/server/op/GetAuthorizationUrlOperation.java +++ b/jans-client-api/server/src/main/java/io/jans/ca/server/op/GetAuthorizationUrlOperation.java @@ -4,7 +4,6 @@ import com.google.common.collect.Lists; import io.jans.as.model.authorize.AuthorizeRequestParam; import io.jans.as.model.util.Util; -import io.jans.ca.common.Command; import io.jans.ca.common.ErrorResponseCode; import io.jans.ca.common.ExpiredObjectType; import io.jans.ca.common.params.GetAuthorizationUrlParams; @@ -14,9 +13,12 @@ import io.jans.ca.server.Utils; import io.jans.ca.server.configuration.model.Rp; import io.jans.ca.server.service.DiscoveryService; -import io.jans.ca.server.service.ServiceProvider; import io.jans.ca.server.service.StateService; -import io.jans.ca.server.persistence.service.MainPersistenceService; +import jakarta.enterprise.context.RequestScoped; +import jakarta.inject.Inject; +import jakarta.inject.Named; +import jakarta.servlet.http.HttpServletRequest; +import jakarta.ws.rs.core.MediaType; import org.apache.commons.lang.StringUtils; import org.slf4j.Logger; import org.slf4j.LoggerFactory; @@ -24,34 +26,19 @@ import java.util.ArrayList; import java.util.List; -/** - * @author Yuriy Zabrovarnyy - * @version 0.9, 22/09/2015 - */ - +@RequestScoped +@Named public class GetAuthorizationUrlOperation extends BaseOperation { private static final Logger LOG = LoggerFactory.getLogger(GetAuthorizationUrlOperation.class); - + @Inject DiscoveryService discoveryService; + @Inject StateService stateService; - MainPersistenceService jansConfigurationService; - - /** - * Base constructor - * - * @param command command - */ - public GetAuthorizationUrlOperation(Command command, ServiceProvider serviceProvider) { - super(command, serviceProvider, GetAuthorizationUrlParams.class); - this.discoveryService = serviceProvider.getDiscoveryService(); - this.stateService = serviceProvider.getStateService(); - this.jansConfigurationService = serviceProvider.getJansConfigurationService(); - } @Override - public IOpResponse execute(GetAuthorizationUrlParams params) throws Exception { - final Rp rp = getRp(); + public IOpResponse execute(GetAuthorizationUrlParams params, HttpServletRequest httpServletRequest) throws Exception { + final Rp rp = getRp(params); String authorizationEndpoint = discoveryService.getConnectDiscoveryResponse(rp).getAuthorizationEndpoint(); @@ -123,4 +110,15 @@ private List acrValues(Rp rp, GetAuthorizationUrlParams params) { return new ArrayList<>(); } } + + @Override + public Class getParameterClass() { + return GetAuthorizationUrlParams.class; + } + + @Override + public String getReturnType() { + return MediaType.APPLICATION_JSON; + } + } diff --git a/jans-client-api/server/src/main/java/io/jans/ca/server/op/GetClientTokenOperation.java b/jans-client-api/server/src/main/java/io/jans/ca/server/op/GetClientTokenOperation.java index 62325bcfdbe..cd0bf29716d 100644 --- a/jans-client-api/server/src/main/java/io/jans/ca/server/op/GetClientTokenOperation.java +++ b/jans-client-api/server/src/main/java/io/jans/ca/server/op/GetClientTokenOperation.java @@ -8,7 +8,6 @@ import io.jans.as.model.common.GrantType; import io.jans.as.model.crypto.signature.SignatureAlgorithm; import io.jans.as.model.util.Util; -import io.jans.ca.common.Command; import io.jans.ca.common.ErrorResponseCode; import io.jans.ca.common.params.GetClientTokenParams; import io.jans.ca.common.response.GetClientTokenResponse; @@ -17,42 +16,31 @@ import io.jans.ca.server.Utils; import io.jans.ca.server.service.DiscoveryService; import io.jans.ca.server.service.HttpService; -import io.jans.ca.server.service.ServiceProvider; +import jakarta.enterprise.context.RequestScoped; +import jakarta.inject.Inject; +import jakarta.inject.Named; +import jakarta.servlet.http.HttpServletRequest; +import jakarta.ws.rs.core.MediaType; import org.slf4j.Logger; import org.slf4j.LoggerFactory; import java.io.UnsupportedEncodingException; import java.util.Set; - -/** - * @author Yuriy Zabrovarnyy - * @version 0.9, 31/03/2017 - */ - +@RequestScoped +@Named public class GetClientTokenOperation extends BaseOperation { private static final Logger LOG = LoggerFactory.getLogger(GetClientTokenOperation.class); - private DiscoveryService discoveryService; - - private HttpService httpService; - - private OpClientFactoryImpl opClientFactory; - - /** - * Base constructor - * - * @param command command - */ - public GetClientTokenOperation(Command command, ServiceProvider serviceProvider) { - super(command, serviceProvider, GetClientTokenParams.class); - this.discoveryService = serviceProvider.getDiscoveryService(); - this.httpService = discoveryService.getHttpService(); - this.opClientFactory = discoveryService.getOpClientFactory(); - } + @Inject + DiscoveryService discoveryService; + @Inject + HttpService httpService; + @Inject + OpClientFactoryImpl opClientFactory; @Override - public IOpResponse execute(GetClientTokenParams params) { + public IOpResponse execute(GetClientTokenParams params, HttpServletRequest httpRequest) { try { final AuthenticationMethod authenticationMethod = AuthenticationMethod.fromString(params.getAuthenticationMethod()); final String tokenEndpoint = discoveryService.getConnectDiscoveryResponse(params.getOpConfigurationEndpoint(), params.getOpHost(), params.getOpDiscoveryPath()).getTokenEndpoint(); @@ -107,6 +95,16 @@ public IOpResponse execute(GetClientTokenParams params) { throw HttpException.internalError(); } + @Override + public Class getParameterClass() { + return GetClientTokenParams.class; + } + + @Override + public String getReturnType() { + return MediaType.APPLICATION_JSON; + } + private String scopeAsString(GetClientTokenParams params) throws UnsupportedEncodingException { Set scope = Sets.newHashSet(); diff --git a/jans-client-api/server/src/main/java/io/jans/ca/server/op/GetDiscoveryOperation.java b/jans-client-api/server/src/main/java/io/jans/ca/server/op/GetDiscoveryOperation.java index a9d8ba4847d..773f0b2e20a 100644 --- a/jans-client-api/server/src/main/java/io/jans/ca/server/op/GetDiscoveryOperation.java +++ b/jans-client-api/server/src/main/java/io/jans/ca/server/op/GetDiscoveryOperation.java @@ -1,42 +1,34 @@ package io.jans.ca.server.op; import io.jans.as.client.OpenIdConfigurationResponse; -import io.jans.ca.common.Command; import io.jans.ca.common.ErrorResponseCode; import io.jans.ca.common.params.GetDiscoveryParams; import io.jans.ca.common.response.GetDiscoveryResponse; import io.jans.ca.common.response.IOpResponse; import io.jans.ca.server.HttpException; import io.jans.ca.server.service.DiscoveryService; -import io.jans.ca.server.service.ServiceProvider; +import jakarta.enterprise.context.RequestScoped; +import jakarta.inject.Inject; +import jakarta.inject.Named; +import jakarta.servlet.http.HttpServletRequest; +import jakarta.ws.rs.core.MediaType; import org.apache.commons.beanutils.BeanUtils; import org.slf4j.Logger; import org.slf4j.LoggerFactory; import java.lang.reflect.InvocationTargetException; -/** - * @author Yuriy Zabrovarnyy - * @version 0.9, 22/09/2015 - */ - +@RequestScoped +@Named public class GetDiscoveryOperation extends BaseOperation { private static final Logger LOG = LoggerFactory.getLogger(GetDiscoveryOperation.class); - private DiscoveryService discoveryService; - - /** - * Base constructor - * - * @param command command - */ - public GetDiscoveryOperation(Command command, ServiceProvider serviceProvider) { - super(command, serviceProvider, GetDiscoveryParams.class); - this.discoveryService = serviceProvider.getDiscoveryService(); - } + @Inject + DiscoveryService discoveryService; - public IOpResponse execute(GetDiscoveryParams params) { + @Override + public IOpResponse execute(GetDiscoveryParams params, HttpServletRequest httpRequest) { OpenIdConfigurationResponse discoveryResponse = discoveryService.getConnectDiscoveryResponse(params.getOpConfigurationEndpoint(), params.getOpHost(), params.getOpDiscoveryPath()); GetDiscoveryResponse response = new GetDiscoveryResponse(); @@ -48,4 +40,15 @@ public IOpResponse execute(GetDiscoveryParams params) { } throw new HttpException(ErrorResponseCode.FAILED_TO_GET_DISCOVERY); } + + @Override + public Class getParameterClass() { + return GetDiscoveryParams.class; + } + + @Override + public String getReturnType() { + return MediaType.APPLICATION_JSON; + } + } diff --git a/jans-client-api/server/src/main/java/io/jans/ca/server/op/GetIssuerOperation.java b/jans-client-api/server/src/main/java/io/jans/ca/server/op/GetIssuerOperation.java index 31ae24f1c9e..4659ffce01c 100644 --- a/jans-client-api/server/src/main/java/io/jans/ca/server/op/GetIssuerOperation.java +++ b/jans-client-api/server/src/main/java/io/jans/ca/server/op/GetIssuerOperation.java @@ -3,13 +3,15 @@ import io.jans.as.client.OpenIdConnectDiscoveryClient; import io.jans.as.client.OpenIdConnectDiscoveryResponse; import io.jans.as.model.discovery.WebFingerParam; -import io.jans.ca.common.Command; import io.jans.ca.common.ErrorResponseCode; import io.jans.ca.common.params.GetIssuerParams; import io.jans.ca.common.response.GetIssuerResponse; import io.jans.ca.common.response.IOpResponse; import io.jans.ca.server.HttpException; -import io.jans.ca.server.service.ServiceProvider; +import io.jans.ca.server.service.DiscoveryService; +import jakarta.inject.Inject; +import jakarta.servlet.http.HttpServletRequest; +import jakarta.ws.rs.core.MediaType; import org.apache.commons.beanutils.BeanUtils; import org.python.google.common.base.Strings; import org.slf4j.Logger; @@ -22,15 +24,14 @@ public class GetIssuerOperation extends BaseOperation { private static final Logger LOG = LoggerFactory.getLogger(GetIssuerOperation.class); - public GetIssuerOperation(Command command, ServiceProvider serviceProvider) { - super(command, serviceProvider, GetIssuerParams.class); - } + @Inject + DiscoveryService discoveryService; - public IOpResponse execute(GetIssuerParams params) { + public IOpResponse execute(GetIssuerParams params, HttpServletRequest httpServletRequest) { validateParams(params); GetIssuerResponse webfingerResponse = getWebfingerResponse(params.getResource()); - String issuerFromDiscovery = getDiscoveryService().getConnectDiscoveryResponse(params.getOpConfigurationEndpoint(), params.getOpHost(), params.getOpDiscoveryPath()).getIssuer(); + String issuerFromDiscovery = discoveryService.getConnectDiscoveryResponse(params.getOpConfigurationEndpoint(), params.getOpHost(), params.getOpDiscoveryPath()).getIssuer(); validateIssuer(webfingerResponse, issuerFromDiscovery); return webfingerResponse; @@ -76,4 +77,15 @@ private static void validateIssuer(GetIssuerResponse webfingerResponse, String i throw new HttpException(ErrorResponseCode.INVALID_ISSUER_DISCOVERED); } } + + @Override + public Class getParameterClass() { + return GetIssuerParams.class; + } + + @Override + public String getReturnType() { + return MediaType.APPLICATION_JSON; + } + } diff --git a/jans-client-api/server/src/main/java/io/jans/ca/server/op/GetJwksOperation.java b/jans-client-api/server/src/main/java/io/jans/ca/server/op/GetJwksOperation.java index 339d7ebbfab..f9e6f335158 100644 --- a/jans-client-api/server/src/main/java/io/jans/ca/server/op/GetJwksOperation.java +++ b/jans-client-api/server/src/main/java/io/jans/ca/server/op/GetJwksOperation.java @@ -6,7 +6,6 @@ import io.jans.as.client.JwkClient; import io.jans.as.client.JwkResponse; import io.jans.as.client.OpenIdConfigurationResponse; -import io.jans.ca.common.Command; import io.jans.ca.common.ErrorResponseCode; import io.jans.ca.common.params.GetJwksParams; import io.jans.ca.common.response.GetJwksResponse; @@ -14,27 +13,22 @@ import io.jans.ca.common.response.POJOResponse; import io.jans.ca.server.HttpException; import io.jans.ca.server.service.DiscoveryService; -import io.jans.ca.server.service.ServiceProvider; +import jakarta.enterprise.context.RequestScoped; +import jakarta.inject.Inject; +import jakarta.inject.Named; +import jakarta.servlet.http.HttpServletRequest; +import jakarta.ws.rs.core.MediaType; import org.apache.commons.lang.StringUtils; -/** - * Service class for fetching JSON Web Key set - * - * @author Shoeb - * @version 12/01/2018 - */ - +@RequestScoped +@Named public class GetJwksOperation extends BaseOperation { - private DiscoveryService discoveryService; - - public GetJwksOperation(Command command, ServiceProvider serviceProvider) { - super(command, serviceProvider, GetJwksParams.class); - this.discoveryService = serviceProvider.getDiscoveryService(); - } + @Inject + DiscoveryService discoveryService; @Override - public IOpResponse execute(GetJwksParams params) { + public IOpResponse execute(GetJwksParams params, HttpServletRequest httpServletRequest) { if (StringUtils.isEmpty(params.getOpHost()) && StringUtils.isEmpty(params.getOpConfigurationEndpoint())) { throw new HttpException(ErrorResponseCode.INVALID_OP_HOST_AND_CONFIGURATION_ENDPOINT); @@ -62,4 +56,15 @@ public IOpResponse execute(GetJwksParams params) { } } + + @Override + public Class getParameterClass() { + return GetJwksParams.class; + } + + @Override + public String getReturnType() { + return MediaType.APPLICATION_JSON; + } + } diff --git a/jans-client-api/server/src/main/java/io/jans/ca/server/op/GetLogoutUrlOperation.java b/jans-client-api/server/src/main/java/io/jans/ca/server/op/GetLogoutUrlOperation.java index 9cf89e9ff5b..adfe581f710 100644 --- a/jans-client-api/server/src/main/java/io/jans/ca/server/op/GetLogoutUrlOperation.java +++ b/jans-client-api/server/src/main/java/io/jans/ca/server/op/GetLogoutUrlOperation.java @@ -2,7 +2,6 @@ import com.google.common.base.Strings; import io.jans.as.client.OpenIdConfigurationResponse; -import io.jans.ca.common.Command; import io.jans.ca.common.ErrorResponseCode; import io.jans.ca.common.ExpiredObjectType; import io.jans.ca.common.params.GetLogoutUrlParams; @@ -10,40 +9,34 @@ import io.jans.ca.common.response.IOpResponse; import io.jans.ca.server.HttpException; import io.jans.ca.server.configuration.model.Rp; -import io.jans.ca.server.persistence.service.MainPersistenceService; import io.jans.ca.server.service.DiscoveryService; -import io.jans.ca.server.service.ServiceProvider; import io.jans.ca.server.service.StateService; +import jakarta.enterprise.context.RequestScoped; +import jakarta.inject.Inject; +import jakarta.inject.Named; +import jakarta.servlet.http.HttpServletRequest; +import jakarta.ws.rs.core.MediaType; import org.slf4j.Logger; import org.slf4j.LoggerFactory; import java.net.URLEncoder; -/** - * @author Yuriy Zabrovarnyy - * @version 0.9, 17/11/2015 - */ - +@RequestScoped +@Named public class GetLogoutUrlOperation extends BaseOperation { private static final String GOOGLE_OP_HOST = "https://accounts.google.com"; private static final Logger LOG = LoggerFactory.getLogger(GetLogoutUrlOperation.class); - private DiscoveryService discoveryService; - private MainPersistenceService configurationService; - private StateService stateService; - - public GetLogoutUrlOperation(Command command, ServiceProvider serviceProvider) { - super(command, serviceProvider, GetLogoutUrlParams.class); - this.discoveryService = serviceProvider.getDiscoveryService(); - this.stateService = serviceProvider.getStateService(); - this.configurationService = serviceProvider.getJansConfigurationService(); - } + @Inject + DiscoveryService discoveryService; + @Inject + StateService stateService; @Override - public IOpResponse execute(GetLogoutUrlParams params) throws Exception { - final Rp rp = getRp(); + public IOpResponse execute(GetLogoutUrlParams params, HttpServletRequest httpServletRequest) throws Exception { + final Rp rp = getRp(params); OpenIdConfigurationResponse discoveryResponse = discoveryService.getConnectDiscoveryResponse(rp); String endSessionEndpoint = discoveryResponse.getEndSessionEndpoint(); @@ -57,7 +50,7 @@ public IOpResponse execute(GetLogoutUrlParams params) throws Exception { } if (Strings.isNullOrEmpty(endSessionEndpoint)) { - if (rp.getOpHost().startsWith(GOOGLE_OP_HOST) && configurationService.find().getSupportGoogleLogout()) { + if (rp.getOpHost().startsWith(GOOGLE_OP_HOST) && getJansConfigurationService().find().getSupportGoogleLogout()) { String logoutUrl = "https://www.google.com/accounts/Logout?continue=https://appengine.google.com/_ah/logout?continue=" + postLogoutRedirectUrl; return new GetLogoutUriResponse(logoutUrl); } @@ -83,6 +76,16 @@ public IOpResponse execute(GetLogoutUrlParams params) throws Exception { return new GetLogoutUriResponse(uri); } + @Override + public Class getParameterClass() { + return GetLogoutUrlParams.class; + } + + @Override + public String getReturnType() { + return MediaType.APPLICATION_JSON; + } + private static String separator(String uri) { return uri.contains("?") ? "&" : "?"; } diff --git a/jans-client-api/server/src/main/java/io/jans/ca/server/op/GetRequestObjectOperation.java b/jans-client-api/server/src/main/java/io/jans/ca/server/op/GetRequestObjectOperation.java index 8d8e4a54ec5..2cb7eedf712 100644 --- a/jans-client-api/server/src/main/java/io/jans/ca/server/op/GetRequestObjectOperation.java +++ b/jans-client-api/server/src/main/java/io/jans/ca/server/op/GetRequestObjectOperation.java @@ -1,7 +1,6 @@ package io.jans.ca.server.op; import com.google.common.base.Strings; -import io.jans.ca.common.Command; import io.jans.ca.common.ErrorResponseCode; import io.jans.ca.common.ExpiredObject; import io.jans.ca.common.params.StringParam; @@ -9,22 +8,19 @@ import io.jans.ca.common.response.POJOResponse; import io.jans.ca.server.HttpException; import io.jans.ca.server.service.RequestObjectService; -import io.jans.ca.server.service.ServiceProvider; +import jakarta.inject.Inject; +import jakarta.servlet.http.HttpServletRequest; +import jakarta.ws.rs.core.MediaType; import org.slf4j.Logger; import org.slf4j.LoggerFactory; public class GetRequestObjectOperation extends BaseOperation { private static final Logger LOG = LoggerFactory.getLogger(GetRequestObjectOperation.class); - - private RequestObjectService requestObjectService; - - public GetRequestObjectOperation(Command command, ServiceProvider serviceProvider) { - super(command, serviceProvider, StringParam.class); - this.requestObjectService = serviceProvider.getRequestObjectService(); - } + @Inject + RequestObjectService requestObjectService; @Override - public IOpResponse execute(StringParam params) { + public IOpResponse execute(StringParam params, HttpServletRequest httpServletRequest) { try { ExpiredObject expiredObject = requestObjectService.get(params.getValue()); @@ -43,4 +39,15 @@ public IOpResponse execute(StringParam params) { } } + + @Override + public Class getParameterClass() { + return StringParam.class; + } + + @Override + public String getReturnType() { + return MediaType.TEXT_PLAIN; + } + } diff --git a/jans-client-api/server/src/main/java/io/jans/ca/server/op/GetRequestObjectUriOperation.java b/jans-client-api/server/src/main/java/io/jans/ca/server/op/GetRequestObjectUriOperation.java index c9ac4db66ca..d7822eaebc2 100644 --- a/jans-client-api/server/src/main/java/io/jans/ca/server/op/GetRequestObjectUriOperation.java +++ b/jans-client-api/server/src/main/java/io/jans/ca/server/op/GetRequestObjectUriOperation.java @@ -6,7 +6,6 @@ import io.jans.as.model.jwk.Use; import io.jans.as.model.jwt.Jwt; import io.jans.as.model.jwt.JwtType; -import io.jans.ca.common.Command; import io.jans.ca.common.ErrorResponseCode; import io.jans.ca.common.params.GetRequestObjectUriParams; import io.jans.ca.common.response.GetRequestObjectUriResponse; @@ -14,7 +13,11 @@ import io.jans.ca.server.HttpException; import io.jans.ca.server.Utils; import io.jans.ca.server.configuration.model.Rp; -import io.jans.ca.server.service.ServiceProvider; +import io.jans.ca.server.service.KeyGeneratorService; +import io.jans.ca.server.service.RequestObjectService; +import jakarta.inject.Inject; +import jakarta.servlet.http.HttpServletRequest; +import jakarta.ws.rs.core.MediaType; import org.apache.commons.lang.StringUtils; import org.json.JSONObject; import org.slf4j.Logger; @@ -30,15 +33,16 @@ public class GetRequestObjectUriOperation extends BaseOperation getParameterClass() { + return GetRequestObjectUriParams.class; + } + + @Override + public String getReturnType() { + return MediaType.APPLICATION_JSON; + } + } diff --git a/jans-client-api/server/src/main/java/io/jans/ca/server/op/GetRpJwksOperation.java b/jans-client-api/server/src/main/java/io/jans/ca/server/op/GetRpJwksOperation.java index 56df76bd518..0c87d83061d 100644 --- a/jans-client-api/server/src/main/java/io/jans/ca/server/op/GetRpJwksOperation.java +++ b/jans-client-api/server/src/main/java/io/jans/ca/server/op/GetRpJwksOperation.java @@ -1,24 +1,24 @@ package io.jans.ca.server.op; -import io.jans.ca.common.Command; import io.jans.ca.common.params.GetJwksParams; import io.jans.ca.common.response.IOpResponse; import io.jans.ca.common.response.POJOResponse; import io.jans.ca.server.HttpException; import io.jans.ca.server.service.KeyGeneratorService; -import io.jans.ca.server.service.ServiceProvider; +import jakarta.enterprise.context.RequestScoped; +import jakarta.inject.Inject; +import jakarta.inject.Named; +import jakarta.servlet.http.HttpServletRequest; +import jakarta.ws.rs.core.MediaType; +@RequestScoped +@Named public class GetRpJwksOperation extends BaseOperation { - - private KeyGeneratorService keyGeneratorService; - - public GetRpJwksOperation(Command command, ServiceProvider serviceProvider) { - super(command, serviceProvider, GetJwksParams.class); - this.keyGeneratorService = serviceProvider.getKeyGeneratorService(); - } + @Inject + KeyGeneratorService keyGeneratorService; @Override - public IOpResponse execute(GetJwksParams params) { + public IOpResponse execute(GetJwksParams params, HttpServletRequest httpServletRequest) { try { return new POJOResponse(keyGeneratorService.getKeys()); @@ -27,6 +27,16 @@ public IOpResponse execute(GetJwksParams params) { } catch (Exception e) { throw new RuntimeException(e); } + } + @Override + public Class getParameterClass() { + return GetJwksParams.class; } + + @Override + public String getReturnType() { + return MediaType.APPLICATION_JSON; + } + } diff --git a/jans-client-api/server/src/main/java/io/jans/ca/server/op/GetRpOperation.java b/jans-client-api/server/src/main/java/io/jans/ca/server/op/GetRpOperation.java index 60c375204de..9b7ce5135ae 100644 --- a/jans-client-api/server/src/main/java/io/jans/ca/server/op/GetRpOperation.java +++ b/jans-client-api/server/src/main/java/io/jans/ca/server/op/GetRpOperation.java @@ -1,6 +1,5 @@ package io.jans.ca.server.op; -import io.jans.ca.common.Command; import io.jans.ca.common.Jackson2; import io.jans.ca.common.params.GetRpParams; import io.jans.ca.common.response.GetRpResponse; @@ -8,31 +7,27 @@ import io.jans.ca.server.configuration.model.MinimumRp; import io.jans.ca.server.configuration.model.Rp; import io.jans.ca.server.service.RpService; -import io.jans.ca.server.service.RpSyncService; -import io.jans.ca.server.service.ServiceProvider; +import jakarta.enterprise.context.RequestScoped; +import jakarta.inject.Inject; +import jakarta.inject.Named; +import jakarta.servlet.http.HttpServletRequest; +import jakarta.ws.rs.core.MediaType; import org.slf4j.Logger; import org.slf4j.LoggerFactory; import java.util.ArrayList; import java.util.List; -/** - * @author yuriyz - */ +@RequestScoped +@Named public class GetRpOperation extends BaseOperation { private static final Logger LOG = LoggerFactory.getLogger(GetRpOperation.class); - private RpService rpService; - private RpSyncService rpSyncService; - - public GetRpOperation(Command command, ServiceProvider serviceProvider) { - super(command, serviceProvider, GetRpParams.class); - this.rpService = serviceProvider.getRpService(); - this.rpSyncService = serviceProvider.getRpSyncService(); - } + @Inject + RpService rpService; @Override - public IOpResponse execute(GetRpParams params) { + public IOpResponse execute(GetRpParams params, HttpServletRequest httpServletRequest) { if (params.getList() != null && params.getList()) { List rps = new ArrayList<>(); for (Rp rp : rpService.getRps().values()) { @@ -41,7 +36,7 @@ public IOpResponse execute(GetRpParams params) { return new GetRpResponse(Jackson2.createJsonMapper().valueToTree(rps)); } - Rp rp = rpSyncService.getRp(params.getRpId()); + Rp rp = getRpSyncService().getRp(params.getRpId()); if (rp != null) { return new GetRpResponse(Jackson2.createJsonMapper().valueToTree(rp)); } else { @@ -49,4 +44,15 @@ public IOpResponse execute(GetRpParams params) { } return new GetRpResponse(); } + + @Override + public Class getParameterClass() { + return GetRpParams.class; + } + + @Override + public String getReturnType() { + return MediaType.APPLICATION_JSON; + } + } diff --git a/jans-client-api/server/src/main/java/io/jans/ca/server/op/GetTokensByCodeOperation.java b/jans-client-api/server/src/main/java/io/jans/ca/server/op/GetTokensByCodeOperation.java index e458681833b..8348a9ffd79 100644 --- a/jans-client-api/server/src/main/java/io/jans/ca/server/op/GetTokensByCodeOperation.java +++ b/jans-client-api/server/src/main/java/io/jans/ca/server/op/GetTokensByCodeOperation.java @@ -12,7 +12,6 @@ import io.jans.as.model.jwk.Algorithm; import io.jans.as.model.jwk.Use; import io.jans.as.model.jwt.Jwt; -import io.jans.ca.common.Command; import io.jans.ca.common.ErrorResponseCode; import io.jans.ca.common.ExpiredObjectType; import io.jans.ca.common.Jackson2; @@ -22,45 +21,38 @@ import io.jans.ca.server.HttpException; import io.jans.ca.server.configuration.model.Rp; import io.jans.ca.server.service.*; -import io.jans.ca.server.persistence.service.MainPersistenceService; +import jakarta.enterprise.context.RequestScoped; +import jakarta.inject.Inject; +import jakarta.inject.Named; +import jakarta.servlet.http.HttpServletRequest; +import jakarta.ws.rs.core.MediaType; import org.python.jline.internal.Log; import org.slf4j.Logger; import org.slf4j.LoggerFactory; -/** - * @author Yuriy Zabrovarnyy - * @version 0.9, 22/09/2015 - */ - +@RequestScoped +@Named public class GetTokensByCodeOperation extends BaseOperation { private static final Logger LOG = LoggerFactory.getLogger(GetTokensByCodeOperation.class); - private StateService stateService; - private DiscoveryService discoveryService; - private RpService rpService; - private KeyGeneratorService keyGeneratorService; - private PublicOpKeyService publicOpKeyService; - private MainPersistenceService jansConfigurationService; - private OpClientFactoryImpl opClientFactory; - private HttpService httpService; - - public GetTokensByCodeOperation(Command command, ServiceProvider serviceProvider) { - super(command, serviceProvider, GetTokensByCodeParams.class); - this.discoveryService = serviceProvider.getDiscoveryService(); - this.stateService = serviceProvider.getStateService(); - this.rpService = serviceProvider.getRpService(); - this.keyGeneratorService = serviceProvider.getKeyGeneratorService(); - this.httpService = discoveryService.getHttpService(); - this.opClientFactory = discoveryService.getOpClientFactory(); - this.jansConfigurationService = stateService.getConfigurationService(); - this.publicOpKeyService = serviceProvider.getPublicOpKeyService(); - } + @Inject + StateService stateService; + @Inject + DiscoveryService discoveryService; + @Inject + RpService rpService; + @Inject + KeyGeneratorService keyGeneratorService; + @Inject + PublicOpKeyService publicOpKeyService; + @Inject + OpClientFactoryImpl opClientFactory; @Override - public IOpResponse execute(GetTokensByCodeParams params) throws Exception { + public IOpResponse execute(GetTokensByCodeParams params, HttpServletRequest httpServletRequest) throws Exception { validate(params); - final Rp rp = getRp(); + final Rp rp = getRp(params); OpenIdConfigurationResponse discoveryResponse = discoveryService.getConnectDiscoveryResponse(rp); final TokenRequest tokenRequest = new TokenRequest(GrantType.AUTHORIZATION_CODE); @@ -157,6 +149,16 @@ public IOpResponse execute(GetTokensByCodeParams params) throws Exception { return null; } + @Override + public Class getParameterClass() { + return GetTokensByCodeParams.class; + } + + @Override + public String getReturnType() { + return MediaType.APPLICATION_JSON; + } + private void validate(GetTokensByCodeParams params) { if (Strings.isNullOrEmpty(params.getCode())) { diff --git a/jans-client-api/server/src/main/java/io/jans/ca/server/op/GetUserInfoOperation.java b/jans-client-api/server/src/main/java/io/jans/ca/server/op/GetUserInfoOperation.java index 37ce12075d5..7987e0ba158 100644 --- a/jans-client-api/server/src/main/java/io/jans/ca/server/op/GetUserInfoOperation.java +++ b/jans-client-api/server/src/main/java/io/jans/ca/server/op/GetUserInfoOperation.java @@ -6,7 +6,6 @@ import io.jans.as.client.UserInfoResponse; import io.jans.as.model.jwt.Jwt; import io.jans.as.model.jwt.JwtClaimName; -import io.jans.ca.common.Command; import io.jans.ca.common.ErrorResponseCode; import io.jans.ca.common.Jackson2; import io.jans.ca.common.params.GetUserInfoParams; @@ -15,37 +14,30 @@ import io.jans.ca.server.HttpException; import io.jans.ca.server.service.DiscoveryService; import io.jans.ca.server.service.HttpService; -import io.jans.ca.server.service.ServiceProvider; -import io.jans.ca.server.persistence.service.MainPersistenceService; +import jakarta.enterprise.context.RequestScoped; +import jakarta.inject.Inject; +import jakarta.inject.Named; +import jakarta.servlet.http.HttpServletRequest; +import jakarta.ws.rs.core.MediaType; import org.slf4j.Logger; import org.slf4j.LoggerFactory; import java.io.IOException; -/** - * @author Yuriy Zabrovarnyy - * @version 0.9, 22/09/2015 - */ - +@RequestScoped +@Named public class GetUserInfoOperation extends BaseOperation { private static final Logger LOG = LoggerFactory.getLogger(GetUserInfoOperation.class); + @Inject DiscoveryService discoveryService; - MainPersistenceService jansConfigurationService; + @Inject OpClientFactoryImpl opClientFactory; + @Inject HttpService httpService; - - public GetUserInfoOperation(Command command, ServiceProvider serviceProvider) { - super(command, serviceProvider, GetUserInfoParams.class); - this.discoveryService = serviceProvider.getDiscoveryService(); - this.jansConfigurationService = serviceProvider.getJansConfigurationService(); - this.opClientFactory = discoveryService.getOpClientFactory(); - this.httpService = discoveryService.getHttpService(); - } - @Override - public IOpResponse execute(GetUserInfoParams params) throws IOException { + public IOpResponse execute(GetUserInfoParams params, HttpServletRequest httpServletRequest) throws IOException { getValidationService().validate(params); UserInfoClient client = opClientFactory.createUserInfoClient(discoveryService.getConnectDiscoveryResponseByRpId(params.getRpId()).getUserInfoEndpoint()); @@ -85,4 +77,15 @@ public void validateSubjectIdentifier(String idToken, UserInfoResponse response) throw new HttpException(ErrorResponseCode.FAILED_TO_VERIFY_SUBJECT_IDENTIFIER); } } + + @Override + public Class getParameterClass() { + return GetUserInfoParams.class; + } + + @Override + public String getReturnType() { + return MediaType.APPLICATION_JSON; + } + } diff --git a/jans-client-api/server/src/main/java/io/jans/ca/server/op/IOperation.java b/jans-client-api/server/src/main/java/io/jans/ca/server/op/IOperation.java index f390a37d116..8ce23296f59 100644 --- a/jans-client-api/server/src/main/java/io/jans/ca/server/op/IOperation.java +++ b/jans-client-api/server/src/main/java/io/jans/ca/server/op/IOperation.java @@ -5,13 +5,7 @@ import io.jans.ca.common.params.IParams; import io.jans.ca.common.response.IOpResponse; - -/** - * Base interface for client-api operations. Operation parameter must be specified via contructor. - * - * @author Yuriy Zabrovarnyy - * @version 0.9, 09/08/2013 - */ +import jakarta.servlet.http.HttpServletRequest; public interface IOperation { @@ -20,7 +14,9 @@ public interface IOperation { * * @return command response */ - IOpResponse execute(T params) throws Exception; + IOpResponse execute(T params, HttpServletRequest httpRequest) throws Exception; Class getParameterClass(); + + String getReturnType(); } diff --git a/jans-client-api/server/src/main/java/io/jans/ca/server/op/ImplicitFlowOperation.java b/jans-client-api/server/src/main/java/io/jans/ca/server/op/ImplicitFlowOperation.java index a552f82ea5e..5d2ae4a7213 100644 --- a/jans-client-api/server/src/main/java/io/jans/ca/server/op/ImplicitFlowOperation.java +++ b/jans-client-api/server/src/main/java/io/jans/ca/server/op/ImplicitFlowOperation.java @@ -10,11 +10,13 @@ import io.jans.as.model.common.Prompt; import io.jans.as.model.common.ResponseType; import io.jans.as.model.util.Util; -import io.jans.ca.common.Command; import io.jans.ca.common.params.ImplicitFlowParams; import io.jans.ca.common.response.IOpResponse; import io.jans.ca.common.response.ImplicitFlowResponse; -import io.jans.ca.server.service.ServiceProvider; +import io.jans.ca.server.service.DiscoveryService; +import jakarta.inject.Inject; +import jakarta.servlet.http.HttpServletRequest; +import jakarta.ws.rs.core.MediaType; import org.slf4j.Logger; import org.slf4j.LoggerFactory; @@ -30,14 +32,12 @@ public class ImplicitFlowOperation extends BaseOperation { private static final Logger LOG = LoggerFactory.getLogger(ImplicitFlowOperation.class); - - public ImplicitFlowOperation(Command p_command, ServiceProvider serviceProvider) { - super(p_command, serviceProvider, ImplicitFlowParams.class); - } + @Inject + DiscoveryService discoveryService; @Override - public IOpResponse execute(ImplicitFlowParams params) { - final OpenIdConfigurationResponse discovery = getDiscoveryService().getConnectDiscoveryResponseByRpId(params.getRpId()); + public IOpResponse execute(ImplicitFlowParams params, HttpServletRequest httpServletRequest) { + final OpenIdConfigurationResponse discovery = discoveryService.getConnectDiscoveryResponseByRpId(params.getRpId()); if (discovery != null) { return requestToken(discovery, params); } @@ -101,4 +101,15 @@ private ImplicitFlowResponse requestToken(OpenIdConfigurationResponse discovery, } return null; } + + @Override + public Class getParameterClass() { + return ImplicitFlowParams.class; + } + + @Override + public String getReturnType() { + return MediaType.APPLICATION_JSON; + } + } \ No newline at end of file diff --git a/jans-client-api/server/src/main/java/io/jans/ca/server/op/IntrospectAccessTokenOperation.java b/jans-client-api/server/src/main/java/io/jans/ca/server/op/IntrospectAccessTokenOperation.java index b56428ac5f0..401697fe538 100644 --- a/jans-client-api/server/src/main/java/io/jans/ca/server/op/IntrospectAccessTokenOperation.java +++ b/jans-client-api/server/src/main/java/io/jans/ca/server/op/IntrospectAccessTokenOperation.java @@ -1,35 +1,43 @@ package io.jans.ca.server.op; import io.jans.as.model.common.IntrospectionResponse; -import io.jans.ca.common.Command; import io.jans.ca.common.params.IntrospectAccessTokenParams; import io.jans.ca.common.response.IOpResponse; import io.jans.ca.common.response.POJOResponse; import io.jans.ca.server.service.IntrospectionService; -import io.jans.ca.server.service.ServiceProvider; +import jakarta.enterprise.context.RequestScoped; +import jakarta.inject.Inject; +import jakarta.inject.Named; +import jakarta.servlet.http.HttpServletRequest; +import jakarta.ws.rs.core.MediaType; import org.slf4j.Logger; import org.slf4j.LoggerFactory; -/** - * @author yuriyz - */ +@RequestScoped +@Named public class IntrospectAccessTokenOperation extends BaseOperation { private static final Logger LOG = LoggerFactory.getLogger(IntrospectAccessTokenOperation.class); - - private IntrospectionService introspectionService; - - public IntrospectAccessTokenOperation(Command command, ServiceProvider serviceProvider) { - super(command, serviceProvider,IntrospectAccessTokenParams.class); - this.introspectionService = serviceProvider.getIntrospectionService(); - } + @Inject + IntrospectionService introspectionService; @Override - public IOpResponse execute(IntrospectAccessTokenParams params) { + public IOpResponse execute(IntrospectAccessTokenParams params, HttpServletRequest httpServletRequest) { getValidationService().validate(params); IntrospectionResponse response = introspectionService.introspectToken(params.getRpId(), params.getAccessToken()); return new POJOResponse(response); } + + @Override + public Class getParameterClass() { + return IntrospectAccessTokenParams.class; + } + + @Override + public String getReturnType() { + return MediaType.APPLICATION_JSON; + } + } diff --git a/jans-client-api/server/src/main/java/io/jans/ca/server/op/IntrospectRptOperation.java b/jans-client-api/server/src/main/java/io/jans/ca/server/op/IntrospectRptOperation.java index 0da8b496ed2..4fa3e5ec319 100644 --- a/jans-client-api/server/src/main/java/io/jans/ca/server/op/IntrospectRptOperation.java +++ b/jans-client-api/server/src/main/java/io/jans/ca/server/op/IntrospectRptOperation.java @@ -1,26 +1,39 @@ package io.jans.ca.server.op; -import io.jans.ca.common.Command; import io.jans.ca.common.introspection.CorrectRptIntrospectionResponse; import io.jans.ca.common.params.IntrospectRptParams; import io.jans.ca.common.response.IOpResponse; import io.jans.ca.common.response.POJOResponse; -import io.jans.ca.server.service.ServiceProvider; +import io.jans.ca.server.service.IntrospectionService; +import jakarta.enterprise.context.RequestScoped; +import jakarta.inject.Inject; +import jakarta.inject.Named; +import jakarta.servlet.http.HttpServletRequest; +import jakarta.ws.rs.core.MediaType; -/** - * @author yuriyz - */ +@RequestScoped +@Named public class IntrospectRptOperation extends BaseOperation { - public IntrospectRptOperation(Command command, ServiceProvider serviceProvider) { - super(command, serviceProvider, IntrospectRptParams.class); - } + @Inject + IntrospectionService introspectionService; @Override - public IOpResponse execute(IntrospectRptParams params) { + public IOpResponse execute(IntrospectRptParams params, HttpServletRequest httpServletRequest) { getValidationService().validate(params); - CorrectRptIntrospectionResponse response = getIntrospectionService().introspectRpt(params.getRpId(), params.getRpt()); + CorrectRptIntrospectionResponse response = introspectionService.introspectRpt(params.getRpId(), params.getRpt()); return new POJOResponse(response); } + + @Override + public Class getParameterClass() { + return IntrospectRptParams.class; + } + + @Override + public String getReturnType() { + return MediaType.APPLICATION_JSON; + } + } diff --git a/jans-client-api/server/src/main/java/io/jans/ca/server/op/RegisterSiteOperation.java b/jans-client-api/server/src/main/java/io/jans/ca/server/op/RegisterSiteOperation.java index 1c6045f3fa5..cfde623614c 100644 --- a/jans-client-api/server/src/main/java/io/jans/ca/server/op/RegisterSiteOperation.java +++ b/jans-client-api/server/src/main/java/io/jans/ca/server/op/RegisterSiteOperation.java @@ -15,7 +15,6 @@ import io.jans.as.model.crypto.signature.SignatureAlgorithm; import io.jans.as.model.register.ApplicationType; import io.jans.as.model.uma.UmaMetadata; -import io.jans.ca.common.Command; import io.jans.ca.common.ErrorResponseCode; import io.jans.ca.common.params.RegisterSiteParams; import io.jans.ca.common.response.IOpResponse; @@ -26,8 +25,9 @@ import io.jans.ca.server.mapper.RegisterRequestMapper; import io.jans.ca.server.service.DiscoveryService; import io.jans.ca.server.service.RpService; -import io.jans.ca.server.persistence.service.MainPersistenceService; -import io.jans.ca.server.service.ServiceProvider; +import jakarta.inject.Inject; +import jakarta.servlet.http.HttpServletRequest; +import jakarta.ws.rs.core.MediaType; import org.apache.commons.collections.CollectionUtils; import org.apache.commons.lang.StringUtils; import org.apache.commons.lang.math.NumberUtils; @@ -49,21 +49,11 @@ public class RegisterSiteOperation extends BaseOperation { private Rp rp; - private RpService rpService; - private DiscoveryService discoveryService; - private MainPersistenceService jansConfigurationService; - - /** - * Base constructor - * - * @param command command - */ - public RegisterSiteOperation(Command command, ServiceProvider serviceProvider) { - super(command, serviceProvider, RegisterSiteParams.class); - this.discoveryService = serviceProvider.getDiscoveryService(); - this.rpService = serviceProvider.getRpService(); - this.jansConfigurationService = rpService.getConfigurationService(); - } + @Inject + RpService rpService; + @Inject + DiscoveryService discoveryService; + public RegisterSiteResponse execute_(RegisterSiteParams params) { validateParametersAndFallbackIfNeeded(params); @@ -89,7 +79,7 @@ public RegisterSiteResponse execute_(RegisterSiteParams params) { } @Override - public IOpResponse execute(RegisterSiteParams params) { + public IOpResponse execute(RegisterSiteParams params, HttpServletRequest httpRequest) { try { return execute_(params); } catch (HttpException e) { @@ -100,6 +90,16 @@ public IOpResponse execute(RegisterSiteParams params) { throw HttpException.internalError(); } + @Override + public Class getParameterClass() { + return RegisterSiteParams.class; + } + + @Override + public String getReturnType() { + return MediaType.APPLICATION_JSON; + } + private void validateParametersAndFallbackIfNeeded(RegisterSiteParams params) { if (StringUtils.isNotBlank(params.getClientId()) && StringUtils.isBlank(params.getClientSecret())) { throw new HttpException(ErrorResponseCode.INVALID_CLIENT_SECRET_REQUIRED); diff --git a/jans-client-api/server/src/main/java/io/jans/ca/server/op/RemoveSiteOperation.java b/jans-client-api/server/src/main/java/io/jans/ca/server/op/RemoveSiteOperation.java index 389e8271605..1aaad233040 100644 --- a/jans-client-api/server/src/main/java/io/jans/ca/server/op/RemoveSiteOperation.java +++ b/jans-client-api/server/src/main/java/io/jans/ca/server/op/RemoveSiteOperation.java @@ -1,33 +1,41 @@ package io.jans.ca.server.op; -import io.jans.ca.common.Command; import io.jans.ca.common.ErrorResponseCode; import io.jans.ca.common.params.RemoveSiteParams; import io.jans.ca.common.response.IOpResponse; import io.jans.ca.common.response.RemoveSiteResponse; import io.jans.ca.server.HttpException; import io.jans.ca.server.service.RpService; -import io.jans.ca.server.service.ServiceProvider; +import jakarta.enterprise.context.RequestScoped; +import jakarta.inject.Inject; +import jakarta.inject.Named; +import jakarta.servlet.http.HttpServletRequest; +import jakarta.ws.rs.core.MediaType; -/** - * @author yuriyz - */ +@RequestScoped +@Named public class RemoveSiteOperation extends BaseOperation { - private RpService rpService; - - public RemoveSiteOperation(Command command, ServiceProvider serviceProvider) { - super(command, serviceProvider, RemoveSiteParams.class); - this.rpService = serviceProvider.getRpService(); - - } + @Inject + RpService rpService; @Override - public IOpResponse execute(RemoveSiteParams params) { - String rpId = getRp().getRpId(); + public IOpResponse execute(RemoveSiteParams params, HttpServletRequest httpRequest) { + String rpId = getRp(params).getRpId(); if (rpService.remove(rpId)) { return new RemoveSiteResponse(rpId); } throw new HttpException(ErrorResponseCode.FAILED_TO_REMOVE_SITE); } + + @Override + public Class getParameterClass() { + return RemoveSiteParams.class; + } + + @Override + public String getReturnType() { + return MediaType.APPLICATION_JSON; + } + } diff --git a/jans-client-api/server/src/main/java/io/jans/ca/server/op/RpGetGetClaimsGatheringUrlOperation.java b/jans-client-api/server/src/main/java/io/jans/ca/server/op/RpGetGetClaimsGatheringUrlOperation.java index 7bbb9130721..1b31b8cc7ed 100644 --- a/jans-client-api/server/src/main/java/io/jans/ca/server/op/RpGetGetClaimsGatheringUrlOperation.java +++ b/jans-client-api/server/src/main/java/io/jans/ca/server/op/RpGetGetClaimsGatheringUrlOperation.java @@ -2,7 +2,6 @@ import com.google.common.collect.Lists; import io.jans.as.model.uma.UmaMetadata; -import io.jans.ca.common.Command; import io.jans.ca.common.ErrorResponseCode; import io.jans.ca.common.ExpiredObjectType; import io.jans.ca.common.params.RpGetClaimsGatheringUrlParams; @@ -12,36 +11,33 @@ import io.jans.ca.server.Utils; import io.jans.ca.server.configuration.model.Rp; import io.jans.ca.server.service.DiscoveryService; -import io.jans.ca.server.service.ServiceProvider; import io.jans.ca.server.service.StateService; +import jakarta.enterprise.context.RequestScoped; +import jakarta.inject.Inject; +import jakarta.inject.Named; +import jakarta.servlet.http.HttpServletRequest; +import jakarta.ws.rs.core.MediaType; import org.apache.commons.lang.StringUtils; import java.util.List; import java.util.Map; import java.util.stream.Collectors; -/** - * @author Yuriy Zabrovarnyy - * @version 0.9, 17/06/2016 - */ - +@RequestScoped +@Named public class RpGetGetClaimsGatheringUrlOperation extends BaseOperation { - private DiscoveryService discoveryService; - private StateService stateService; - - public RpGetGetClaimsGatheringUrlOperation(Command command, ServiceProvider serviceProvider) { - super(command, serviceProvider, RpGetClaimsGatheringUrlParams.class); - this.discoveryService = serviceProvider.getDiscoveryService(); - this.stateService = serviceProvider.getStateService(); - } + @Inject + DiscoveryService discoveryService; + @Inject + StateService stateService; @Override - public IOpResponse execute(RpGetClaimsGatheringUrlParams params) throws Exception { + public IOpResponse execute(RpGetClaimsGatheringUrlParams params, HttpServletRequest httpServletRequest) throws Exception { validate(params); final UmaMetadata metadata = discoveryService.getUmaDiscoveryByRpId(params.getRpId()); - final Rp rp = getRp(); + final Rp rp = getRp(params); final String state = StringUtils.isNotBlank(params.getState()) ? stateService.putState(stateService.encodeExpiredObject(params.getState(), ExpiredObjectType.STATE)) : stateService.generateState(); String url = metadata.getClaimsInteractionEndpoint() + @@ -69,6 +65,16 @@ public IOpResponse execute(RpGetClaimsGatheringUrlParams params) throws Exceptio return r; } + @Override + public Class getParameterClass() { + return RpGetClaimsGatheringUrlParams.class; + } + + @Override + public String getReturnType() { + return MediaType.APPLICATION_JSON; + } + private void validate(RpGetClaimsGatheringUrlParams params) { if (StringUtils.isBlank(params.getTicket())) { throw new HttpException(ErrorResponseCode.NO_UMA_TICKET_PARAMETER); diff --git a/jans-client-api/server/src/main/java/io/jans/ca/server/op/RpGetRptOperation.java b/jans-client-api/server/src/main/java/io/jans/ca/server/op/RpGetRptOperation.java index 578663d4c80..b7c21e3b552 100644 --- a/jans-client-api/server/src/main/java/io/jans/ca/server/op/RpGetRptOperation.java +++ b/jans-client-api/server/src/main/java/io/jans/ca/server/op/RpGetRptOperation.java @@ -5,44 +5,37 @@ import io.jans.as.model.uma.UmaNeedInfoResponse; import io.jans.as.model.util.Util; -import io.jans.ca.common.Command; import io.jans.ca.common.ErrorResponseCode; import io.jans.ca.common.Jackson2; import io.jans.ca.common.params.RpGetRptParams; import io.jans.ca.common.response.IOpResponse; import io.jans.ca.server.HttpException; - -import io.jans.ca.server.service.ServiceProvider; +import io.jans.ca.server.service.UmaTokenService; +import jakarta.enterprise.context.RequestScoped; +import jakarta.inject.Inject; +import jakarta.inject.Named; +import jakarta.servlet.http.HttpServletRequest; import jakarta.ws.rs.ClientErrorException; import jakarta.ws.rs.WebApplicationException; import jakarta.ws.rs.core.MediaType; import jakarta.ws.rs.core.Response; import jakarta.ws.rs.core.Response.Status; - -import io.jans.ca.server.service.UmaTokenService; import org.apache.commons.lang.StringUtils; import org.slf4j.Logger; import org.slf4j.LoggerFactory; import java.io.IOException; -/** - * @author Yuriy Zabrovarnyy - * @version 0.9, 02/01/2014 - */ - +@RequestScoped +@Named public class RpGetRptOperation extends BaseOperation { private static final Logger LOG = LoggerFactory.getLogger(RpGetRptOperation.class); - private UmaTokenService umaTokenService; - - public RpGetRptOperation(Command command, ServiceProvider serviceProvider) { - super(command, serviceProvider, RpGetRptParams.class); - this.umaTokenService = serviceProvider.getUmaTokenService(); - } + @Inject + UmaTokenService umaTokenService; @Override - public IOpResponse execute(RpGetRptParams params) throws Exception { + public IOpResponse execute(RpGetRptParams params, HttpServletRequest httpServletRequest) throws Exception { try { validate(params); return umaTokenService.getRpt(params); @@ -53,6 +46,16 @@ public IOpResponse execute(RpGetRptParams params) throws Exception { } } + @Override + public Class getParameterClass() { + return RpGetRptParams.class; + } + + @Override + public String getReturnType() { + return MediaType.APPLICATION_JSON; + } + public static IOpResponse handleRptError(int status, String entity) throws IOException { final UmaNeedInfoResponse needInfo = parseNeedInfoSilently(entity); if (needInfo != null) { diff --git a/jans-client-api/server/src/main/java/io/jans/ca/server/op/RsCheckAccessOperation.java b/jans-client-api/server/src/main/java/io/jans/ca/server/op/RsCheckAccessOperation.java index 03320be8915..ee750b8cc09 100644 --- a/jans-client-api/server/src/main/java/io/jans/ca/server/op/RsCheckAccessOperation.java +++ b/jans-client-api/server/src/main/java/io/jans/ca/server/op/RsCheckAccessOperation.java @@ -3,7 +3,10 @@ import com.google.common.base.Strings; import io.jans.as.model.uma.JsonLogicNodeParser; import io.jans.as.model.uma.PermissionTicket; -import io.jans.ca.common.*; +import io.jans.ca.common.CoreUtils; +import io.jans.ca.common.ErrorResponse; +import io.jans.ca.common.ErrorResponseCode; +import io.jans.ca.common.Jackson2; import io.jans.ca.common.introspection.CorrectRptIntrospectionResponse; import io.jans.ca.common.introspection.CorrectUmaPermission; import io.jans.ca.common.params.RsCheckAccessParams; @@ -18,6 +21,10 @@ import io.jans.ca.server.configuration.model.UmaResource; import io.jans.ca.server.service.IntrospectionService; import io.jans.ca.server.service.UmaTokenService; +import jakarta.enterprise.context.RequestScoped; +import jakarta.inject.Inject; +import jakarta.inject.Named; +import jakarta.servlet.http.HttpServletRequest; import jakarta.ws.rs.ClientErrorException; import jakarta.ws.rs.WebApplicationException; import jakarta.ws.rs.core.MediaType; @@ -29,30 +36,23 @@ import java.util.Collections; import java.util.List; -/** - * @author Yuriy Zabrovarnyy - * @version 0.9, 31/05/2016 - */ - +@RequestScoped +@Named public class RsCheckAccessOperation extends BaseOperation { private static final Logger LOG = LoggerFactory.getLogger(RsCheckAccessOperation.class); - private UmaTokenService umaTokenService; - private IntrospectionService introspectionService; - private OpClientFactoryImpl opClientFactory; - - public RsCheckAccessOperation(Command command, io.jans.ca.server.service.ServiceProvider serviceProvider) { - super(command, serviceProvider, RsCheckAccessParams.class); - this.umaTokenService = serviceProvider.getUmaTokenService(); - this.introspectionService = umaTokenService.getIntrospectionService(); - this.opClientFactory = umaTokenService.getOpClientFactory(); - } + @Inject + UmaTokenService umaTokenService; + @Inject + IntrospectionService introspectionService; + @Inject + OpClientFactoryImpl opClientFactory; @Override - public IOpResponse execute(final RsCheckAccessParams params) throws Exception { + public IOpResponse execute(final RsCheckAccessParams params, HttpServletRequest httpServletRequest) throws Exception { validate(params); - Rp rp = getRp(); + Rp rp = getRp(params); UmaResource resource = rp.umaResource(params.getPath(), params.getHttpMethod()); if (resource == null) { final ErrorResponse error = new ErrorResponse("invalid_request"); @@ -131,6 +131,16 @@ public void clearPat() { return opResponse; } + @Override + public Class getParameterClass() { + return RsCheckAccessParams.class; + } + + @Override + public String getReturnType() { + return MediaType.APPLICATION_JSON; + } + private List getRequiredScopes(RsCheckAccessParams params, UmaResource resource) { List resourceScopes = resource.getScopes(); diff --git a/jans-client-api/server/src/main/java/io/jans/ca/server/op/RsModifyOperation.java b/jans-client-api/server/src/main/java/io/jans/ca/server/op/RsModifyOperation.java index 47496fffffe..740e36ee208 100644 --- a/jans-client-api/server/src/main/java/io/jans/ca/server/op/RsModifyOperation.java +++ b/jans-client-api/server/src/main/java/io/jans/ca/server/op/RsModifyOperation.java @@ -15,7 +15,13 @@ import io.jans.ca.server.HttpException; import io.jans.ca.server.configuration.model.Rp; import io.jans.ca.server.configuration.model.UmaResource; -import io.jans.ca.server.service.*; +import io.jans.ca.server.service.DiscoveryService; +import io.jans.ca.server.service.RpService; +import io.jans.ca.server.service.UmaTokenService; +import jakarta.enterprise.context.RequestScoped; +import jakarta.inject.Inject; +import jakarta.inject.Named; +import jakarta.servlet.http.HttpServletRequest; import jakarta.ws.rs.ClientErrorException; import jakarta.ws.rs.WebApplicationException; import jakarta.ws.rs.core.MediaType; @@ -27,29 +33,24 @@ import java.util.List; import java.util.stream.Collectors; +@RequestScoped +@Named public class RsModifyOperation extends BaseOperation { private static final Logger LOG = LoggerFactory.getLogger(RsModifyOperation.class); - private UmaTokenService umaTokenService; - private DiscoveryService discoveryService; - private RpService rpService; - private HttpService httpService; - - public RsModifyOperation(Command command, ServiceProvider serviceProvider) { - super(command, serviceProvider, RsModifyParams.class); - this.discoveryService = serviceProvider.getDiscoveryService(); - this.umaTokenService = serviceProvider.getUmaTokenService(); - this.httpService = serviceProvider.getHttpService(); - this.rpService = serviceProvider.getRpService(); - } - + @Inject + UmaTokenService umaTokenService; + @Inject + DiscoveryService discoveryService; + @Inject + RpService rpService; @Override - public IOpResponse execute(final RsModifyParams params) throws Exception { + public IOpResponse execute(final RsModifyParams params, HttpServletRequest httpServletRequest) throws Exception { validate(params); - Rp rp = getRp(); + Rp rp = getRp(params); PatProvider patProvider = new PatProvider() { @Override @@ -171,4 +172,15 @@ private void validate(RsModifyParams params) { } } } + + @Override + public Class getParameterClass() { + return RsModifyParams.class; + } + + @Override + public String getReturnType() { + return MediaType.APPLICATION_JSON; + } + } diff --git a/jans-client-api/server/src/main/java/io/jans/ca/server/op/RsProtectOperation.java b/jans-client-api/server/src/main/java/io/jans/ca/server/op/RsProtectOperation.java index 3738a43ab4f..168718e33b5 100644 --- a/jans-client-api/server/src/main/java/io/jans/ca/server/op/RsProtectOperation.java +++ b/jans-client-api/server/src/main/java/io/jans/ca/server/op/RsProtectOperation.java @@ -10,7 +10,6 @@ import io.jans.as.model.uma.JsonLogicNodeParser; import io.jans.as.model.uma.UmaMetadata; import io.jans.as.model.util.Util; -import io.jans.ca.common.Command; import io.jans.ca.common.ErrorResponseCode; import io.jans.ca.common.params.RsProtectParams; import io.jans.ca.common.response.IOpResponse; @@ -25,7 +24,15 @@ import io.jans.ca.server.HttpException; import io.jans.ca.server.configuration.model.Rp; import io.jans.ca.server.configuration.model.UmaResource; +import io.jans.ca.server.service.DiscoveryService; +import io.jans.ca.server.service.RpService; +import io.jans.ca.server.service.UmaTokenService; +import jakarta.enterprise.context.RequestScoped; +import jakarta.inject.Inject; +import jakarta.inject.Named; +import jakarta.servlet.http.HttpServletRequest; import jakarta.ws.rs.ClientErrorException; +import jakarta.ws.rs.core.MediaType; import org.apache.commons.lang.StringUtils; import org.slf4j.Logger; import org.slf4j.LoggerFactory; @@ -35,29 +42,31 @@ import java.util.Map; import java.util.Set; -/** - * @author Yuriy Zabrovarnyy - * @version 0.9, 31/05/2016 - */ - +@RequestScoped +@Named public class RsProtectOperation extends BaseOperation { private static final Logger LOG = LoggerFactory.getLogger(RsProtectOperation.class); - public RsProtectOperation(Command pCommand, io.jans.ca.server.service.ServiceProvider serviceProvider) { - super(pCommand, serviceProvider, RsProtectParams.class); - } + @Inject + RpService rpService; + @Inject + UmaTokenService umaTokenService; + @Inject + OpClientFactoryImpl opClientFactory; + @Inject + DiscoveryService discoveryService; @Override - public IOpResponse execute(final RsProtectParams params) throws Exception { + public IOpResponse execute(final RsProtectParams params, HttpServletRequest httpServletRequest) throws Exception { validate(params); - Rp rp = getRp(); + Rp rp = getRp(params); PatProvider patProvider = new PatProvider() { @Override public String getPatToken() { - return getUmaTokenService().getPat(params.getRpId()).getToken(); + return umaTokenService.getPat(params.getRpId()).getToken(); } @Override @@ -66,14 +75,14 @@ public void clearPat() { } }; - ResourceRegistrar registrar = getOpClientFactory().createResourceRegistrar(patProvider, new ServiceProvider(rp.getOpHost())); + ResourceRegistrar registrar = opClientFactory.createResourceRegistrar(patProvider, new ServiceProvider(rp.getOpHost())); try { registrar.register(params.getResources()); } catch (ClientErrorException e) { LOG.debug("Failed to register resource. Entity: " + e.getResponse().readEntity(String.class) + ", status: " + e.getResponse().getStatus(), e); if (e.getResponse().getStatus() == 400 || e.getResponse().getStatus() == 401) { LOG.debug("Try maybe PAT is lost on AS, force refresh PAT and re-try ..."); - getUmaTokenService().obtainPat(params.getRpId()); // force to refresh PAT + umaTokenService.obtainPat(params.getRpId()); // force to refresh PAT registrar.register(params.getResources()); } else { throw e; @@ -88,6 +97,16 @@ public void clearPat() { return new RsProtectResponse(rp.getRpId()); } + @Override + public Class getParameterClass() { + return RsProtectParams.class; + } + + @Override + public String getReturnType() { + return MediaType.APPLICATION_JSON; + } + private void persist(ResourceRegistrar registrar, Rp rp) throws IOException { Map resourceMapCopy = registrar.getResourceMapCopy(); @@ -130,7 +149,7 @@ private void persist(ResourceRegistrar registrar, Rp rp) throws IOException { rp.getUmaProtectedResources().add(resource); } - getRpService().update(rp); + rpService.update(rp); } private void validate(RsProtectParams params) { @@ -160,15 +179,15 @@ private void validate(RsProtectParams params) { } } - Rp rp = getRp(); + Rp rp = getRp(params); List existingUmaResources = rp.getUmaProtectedResources(); if (existingUmaResources != null && !existingUmaResources.isEmpty()) { if (params.getOverwrite() == null || !params.getOverwrite()) { throw new HttpException(ErrorResponseCode.UMA_PROTECTION_FAILED_BECAUSE_RESOURCES_ALREADY_EXISTS); } else { // remove existing resources, overwrite=true - UmaMetadata discovery = getDiscoveryService().getUmaDiscoveryByRpId(params.getRpId()); - String pat = getUmaTokenService().getPat(params.getRpId()).getToken(); + UmaMetadata discovery = discoveryService.getUmaDiscoveryByRpId(params.getRpId()); + String pat = umaTokenService.getPat(params.getRpId()).getToken(); UmaResourceService resourceService = UmaClientFactory.instance().createResourceService(discovery, getHttpService().getClientEngine()); for (UmaResource resource : existingUmaResources) { @@ -177,7 +196,7 @@ private void validate(RsProtectParams params) { LOG.trace("Removed existing resource " + resource.getId() + "."); } rp.getUmaProtectedResources().clear(); - getRpService().updateSilently(rp); + rpService.updateSilently(rp); } } } diff --git a/jans-client-api/server/src/main/java/io/jans/ca/server/op/UpdateSiteOperation.java b/jans-client-api/server/src/main/java/io/jans/ca/server/op/UpdateSiteOperation.java index cb77e071b3a..949ded26f85 100644 --- a/jans-client-api/server/src/main/java/io/jans/ca/server/op/UpdateSiteOperation.java +++ b/jans-client-api/server/src/main/java/io/jans/ca/server/op/UpdateSiteOperation.java @@ -11,7 +11,6 @@ import io.jans.as.model.crypto.encryption.BlockEncryptionAlgorithm; import io.jans.as.model.crypto.encryption.KeyEncryptionAlgorithm; import io.jans.as.model.crypto.signature.SignatureAlgorithm; -import io.jans.ca.common.Command; import io.jans.ca.common.ErrorResponseCode; import io.jans.ca.common.params.UpdateSiteParams; import io.jans.ca.common.response.IOpResponse; @@ -20,8 +19,13 @@ import io.jans.ca.server.Utils; import io.jans.ca.server.configuration.model.Rp; import io.jans.ca.server.mapper.RegisterRequestMapper; -import io.jans.ca.server.service.ServiceProvider; +import io.jans.ca.server.service.RpService; +import jakarta.enterprise.context.RequestScoped; +import jakarta.inject.Inject; +import jakarta.inject.Named; +import jakarta.servlet.http.HttpServletRequest; import jakarta.ws.rs.HttpMethod; +import jakarta.ws.rs.core.MediaType; import org.apache.commons.collections.CollectionUtils; import org.apache.commons.lang.StringUtils; import org.apache.commons.lang.math.NumberUtils; @@ -32,29 +36,20 @@ import java.util.Set; import java.util.stream.Collectors; -/** - * @author Yuriy Zabrovarnyy - * @version 0.9, 11/03/2016 - */ - +@RequestScoped +@Named public class UpdateSiteOperation extends BaseOperation { private static final Logger LOG = LoggerFactory.getLogger(UpdateSiteOperation.class); private Rp rp; - /** - * Base constructor - * - * @param command command - */ - public UpdateSiteOperation(Command command, ServiceProvider serviceProvider) { - super(command, serviceProvider, UpdateSiteParams.class); - } + @Inject + RpService rpService; @Override - public IOpResponse execute(UpdateSiteParams params) { - rp = getRp(); + public IOpResponse execute(UpdateSiteParams params, HttpServletRequest httpServletRequest) { + rp = getRp(params); LOG.info("Updating rp ... rp: " + rp); persistRp(rp, params); @@ -64,13 +59,23 @@ public IOpResponse execute(UpdateSiteParams params) { return response; } + @Override + public Class getParameterClass() { + return UpdateSiteParams.class; + } + + @Override + public String getReturnType() { + return MediaType.APPLICATION_JSON; + } + private void persistRp(Rp rp, UpdateSiteParams params) { try { RegisterRequest registerRequest = createRegisterClientRequest(rp, params); updateRegisteredClient(rp, registerRequest); RegisterRequestMapper.fillRp(rp, registerRequest); - getRpService().update(rp); + rpService.update(rp); LOG.info("RP updated: " + rp); } catch (Exception e) { @@ -84,7 +89,7 @@ private void updateRegisteredClient(Rp rp, RegisterRequest registerRequest) { throw new HttpException(ErrorResponseCode.INVALID_REGISTRATION_CLIENT_URL); } - final RegisterClient registerClient = getRpService().createRegisterClient(rp.getClientRegistrationClientUri(), registerRequest); + final RegisterClient registerClient = rpService.createRegisterClient(rp.getClientRegistrationClientUri(), registerRequest); final RegisterResponse response = registerClient.exec(); if (response != null) { if (response.getStatus() == 200) { diff --git a/jans-client-api/server/src/main/java/io/jans/ca/server/op/ValidateOperation.java b/jans-client-api/server/src/main/java/io/jans/ca/server/op/ValidateOperation.java index f8c73671b09..f3fe1cc6d1f 100644 --- a/jans-client-api/server/src/main/java/io/jans/ca/server/op/ValidateOperation.java +++ b/jans-client-api/server/src/main/java/io/jans/ca/server/op/ValidateOperation.java @@ -3,45 +3,52 @@ import com.google.common.base.Strings; import io.jans.as.client.OpenIdConfigurationResponse; import io.jans.as.model.jwt.Jwt; -import io.jans.ca.common.Command; import io.jans.ca.common.ErrorResponseCode; import io.jans.ca.common.params.ValidateParams; import io.jans.ca.common.response.IOpResponse; import io.jans.ca.common.response.POJOResponse; import io.jans.ca.server.HttpException; import io.jans.ca.server.configuration.model.Rp; -import io.jans.ca.server.service.ServiceProvider; - -/** - * @author Yuriy Zabrovarnyy - * @version 0.9, 14/03/2017 - */ +import io.jans.ca.server.service.DiscoveryService; +import io.jans.ca.server.service.PublicOpKeyService; +import io.jans.ca.server.service.StateService; +import jakarta.enterprise.context.RequestScoped; +import jakarta.inject.Inject; +import jakarta.inject.Named; +import jakarta.servlet.http.HttpServletRequest; +import jakarta.ws.rs.core.MediaType; +@RequestScoped +@Named public class ValidateOperation extends BaseOperation { - - public ValidateOperation(Command command, ServiceProvider serviceProvider) { - super(command, serviceProvider, ValidateParams.class); - } + @Inject + DiscoveryService discoveryService; + @Inject + PublicOpKeyService publicOpKeyService; + @Inject + StateService stateService; + @Inject + OpClientFactoryImpl opClientFactory; @Override - public IOpResponse execute(ValidateParams params) throws Exception { + public IOpResponse execute(ValidateParams params, HttpServletRequest httpServletRequest) throws Exception { validateParams(params); - Rp rp = getRp(); - OpenIdConfigurationResponse discoveryResponse = getDiscoveryService().getConnectDiscoveryResponseByRpId(params.getRpId()); + Rp rp = getRp(params); + OpenIdConfigurationResponse discoveryResponse = discoveryService.getConnectDiscoveryResponseByRpId(params.getRpId()); final Jwt idToken = Jwt.parse(params.getIdToken()); final Validator validator = new Validator.Builder() .discoveryResponse(discoveryResponse) .idToken(idToken) - .keyService(getPublicOpKeyService()) - .opClientFactory(getOpClientFactory()) + .keyService(publicOpKeyService) + .opClientFactory(opClientFactory) .rpServerConfiguration(getJansConfigurationService().find()) .rp(rp) .build(); - validator.validateNonce(getStateService()); + validator.validateNonce(stateService); validator.validateIdToken(rp.getClientId()); validator.validateAccessToken(params.getAccessToken()); validator.validateAuthorizationCode(params.getCode()); @@ -49,6 +56,16 @@ public IOpResponse execute(ValidateParams params) throws Exception { return new POJOResponse(""); } + @Override + public Class getParameterClass() { + return ValidateParams.class; + } + + @Override + public String getReturnType() { + return MediaType.APPLICATION_JSON; + } + private void validateParams(ValidateParams params) { if (Strings.isNullOrEmpty(params.getCode())) { throw new HttpException(ErrorResponseCode.BAD_REQUEST_NO_CODE); @@ -56,7 +73,7 @@ private void validateParams(ValidateParams params) { if (Strings.isNullOrEmpty(params.getState())) { throw new HttpException(ErrorResponseCode.BAD_REQUEST_NO_STATE); } - if (!getStateService().isExpiredObjectPresent(params.getState())) { + if (!stateService.isExpiredObjectPresent(params.getState())) { throw new HttpException(ErrorResponseCode.BAD_REQUEST_STATE_NOT_VALID); } if (!Strings.isNullOrEmpty(params.getIdToken())) { diff --git a/jans-client-api/server/src/main/java/io/jans/ca/server/rest/BaseResource.java b/jans-client-api/server/src/main/java/io/jans/ca/server/rest/BaseResource.java index de487252368..cf011680189 100644 --- a/jans-client-api/server/src/main/java/io/jans/ca/server/rest/BaseResource.java +++ b/jans-client-api/server/src/main/java/io/jans/ca/server/rest/BaseResource.java @@ -1,175 +1,19 @@ package io.jans.ca.server.rest; -import io.jans.as.model.util.Util; -import io.jans.ca.common.Command; -import io.jans.ca.common.CommandType; -import io.jans.ca.common.ErrorResponseCode; -import io.jans.ca.common.Jackson2; -import io.jans.ca.common.params.HasRpIdParams; -import io.jans.ca.common.params.IParams; -import io.jans.ca.common.response.IOpResponse; -import io.jans.ca.common.response.POJOResponse; -import io.jans.ca.server.HttpException; -import io.jans.ca.server.Processor; -import io.jans.ca.server.configuration.ApiAppConfiguration; -import io.jans.ca.server.configuration.model.Rp; -import io.jans.ca.server.service.RpSyncService; -import io.jans.ca.server.service.ValidationService; -import io.jans.ca.server.persistence.service.MainPersistenceService; import jakarta.inject.Inject; import jakarta.servlet.http.HttpServletRequest; -import jakarta.ws.rs.WebApplicationException; import jakarta.ws.rs.core.Context; -import jakarta.ws.rs.core.MediaType; -import jakarta.ws.rs.core.Response; import org.slf4j.Logger; -import java.io.IOException; -import java.util.List; - public class BaseResource { @Inject Logger logger; - @Inject - MainPersistenceService jansConfigurationService; - @Inject - RpSyncService rpSyncService; - @Inject - ValidationService validationService; - @Inject - Processor processor; - @Context private HttpServletRequest httpRequest; - private static final String LOCALHOST_IP_ADDRESS = "127.0.0.1"; - - public T read(String params, Class clazz) { - try { - return Jackson2.createJsonMapper().readValue(params, clazz); - } catch (IOException e) { - throw new WebApplicationException(Response.status(Response.Status.BAD_REQUEST).entity("Invalid parameters. Message: " + e.getMessage()).build()); - } - } - - public String process(CommandType commandType, String paramsAsString, Class paramsClass, String authorization, String authorizationRpId) { - String endPointUrl = httpRequest.getRequestURL().toString(); - logger.info("Endpoint: {}", endPointUrl); - logger.info("Request parameters: {}", paramsAsString); - logger.info("CommandType: {}", commandType); - - validateIpAddressAllowed(httpRequest.getRemoteAddr()); - Object forJsonConversion = getObjectForJsonConversion(commandType, paramsAsString, paramsClass, authorization, authorizationRpId); - String response = null; - - if (commandType.getReturnType().equalsIgnoreCase(MediaType.APPLICATION_JSON)) { - response = Jackson2.asJsonSilently(forJsonConversion); - } else if (commandType.getReturnType().equalsIgnoreCase(MediaType.TEXT_PLAIN)) { - response = forJsonConversion.toString(); - } - - logger.trace("Send back response: {}", response); - return response; - } - - private void validateIpAddressAllowed(String callerIpAddress) { - logger.trace("Checking if caller ipAddress : {} is allowed to make request to jans_client_api.", callerIpAddress); - final ApiAppConfiguration conf = jansConfigurationService.find(); - List bindIpAddresses = conf.getBindIpAddresses(); - - //localhost as default bindAddress - if ((bindIpAddresses == null || bindIpAddresses.isEmpty()) && LOCALHOST_IP_ADDRESS.equalsIgnoreCase(callerIpAddress)) { - return; - } - //show error if ip_address of a remote caller is not set in `bind_ip_addresses` - if (bindIpAddresses == null || bindIpAddresses.isEmpty()) { - logger.error("The caller is not allowed to make request to jans_client_api. To allow add ip_address of caller in `bind_ip_addresses` array of configuration."); - throw new HttpException(ErrorResponseCode.RP_ACCESS_DENIED); - } - //allow all ip_address - if (bindIpAddresses.contains("*")) { - return; - } - - if (bindIpAddresses.contains(callerIpAddress)) { - return; - } - logger.error("The caller is not allowed to make request to jans_client_api. To allow add ip_address of caller in `bind_ip_addresses` array of configuration."); - throw new HttpException(ErrorResponseCode.RP_ACCESS_DENIED); - } - - private Object getObjectForJsonConversion(CommandType commandType, String paramsAsString, Class paramsClass, String authorization, String authorizationRpId) { - logger.trace("Command: {}", paramsAsString); - T params = read(safeToJson(paramsAsString), paramsClass); - - final ApiAppConfiguration conf = jansConfigurationService.find(); - - if (commandType.isAuthorizationRequired()) { - validateAuthorizationRpId(conf, authorizationRpId); - validateAccessToken(authorization, safeToRpId((HasRpIdParams) params, authorizationRpId)); - } - - Command command = new Command(commandType, params); - final IOpResponse response = processor.process(command); - Object forJsonConversion = response; - if (response instanceof POJOResponse) { - forJsonConversion = ((POJOResponse) response).getNode(); - } - return forJsonConversion; - } - - private void validateAuthorizationRpId(ApiAppConfiguration conf, String authorizationRpId) { - - if (Util.isNullOrEmpty(authorizationRpId)) { - return; - } - - final Rp rp = rpSyncService.getRp(authorizationRpId); - - if (rp == null || Util.isNullOrEmpty(rp.getRpId())) { - logger.debug("`rp_id` in `AuthorizationRpId` header is not registered in jans_client_api."); - throw new HttpException(ErrorResponseCode.AUTHORIZATION_RP_ID_NOT_FOUND); - } - - if (conf.getProtectCommandsWithRpId() == null || conf.getProtectCommandsWithRpId().isEmpty()) { - return; - } - - if (!conf.getProtectCommandsWithRpId().contains(authorizationRpId)) { - logger.debug("`rp_id` in `AuthorizationRpId` header is invalid. The `AuthorizationRpId` header should contain `rp_id` from `protect_commands_with_rp_id` field in client-api-server.yml."); - throw new HttpException(ErrorResponseCode.INVALID_AUTHORIZATION_RP_ID); - } - } - - private void validateAccessToken(String authorization, String authorizationRpId) { - final String prefix = "Bearer "; - final ApiAppConfiguration conf = jansConfigurationService.find(); - - if (conf.getProtectCommandsWithAccessToken() != null && !conf.getProtectCommandsWithAccessToken()) { - logger.debug("Skip protection because protect_commands_with_access_token: false in configuration file."); - return; - } - - if (Util.isNullOrEmpty(authorization)) { - logger.debug("No access token provided in Authorization header. Forbidden."); - throw new HttpException(ErrorResponseCode.BLANK_ACCESS_TOKEN); - } - - String accessToken = authorization.substring(prefix.length()); - if (Util.isNullOrEmpty(accessToken)) { - logger.debug("No access token provided in Authorization header. Forbidden."); - throw new HttpException(ErrorResponseCode.BLANK_ACCESS_TOKEN); - } - - validationService.validateAccessToken(accessToken, authorizationRpId); - } - - private String safeToRpId(HasRpIdParams params, String authorizationRpId) { - return Util.isNullOrEmpty(authorizationRpId) ? params.getRpId() : authorizationRpId; - } - private String safeToJson(String jsonString) { - return Util.isNullOrEmpty(jsonString) ? "{}" : jsonString; + public HttpServletRequest getHttpRequest() { + return httpRequest; } } diff --git a/jans-client-api/server/src/main/java/io/jans/ca/server/rest/OAuth20Resource.java b/jans-client-api/server/src/main/java/io/jans/ca/server/rest/OAuth20Resource.java index c609fe44686..4b4d67e42dc 100644 --- a/jans-client-api/server/src/main/java/io/jans/ca/server/rest/OAuth20Resource.java +++ b/jans-client-api/server/src/main/java/io/jans/ca/server/rest/OAuth20Resource.java @@ -1,7 +1,8 @@ package io.jans.ca.server.rest; -import io.jans.ca.common.CommandType; -import io.jans.ca.common.params.*; +import io.jans.ca.server.op.*; +import io.jans.ca.common.rest.ProtectedApi; +import jakarta.inject.Inject; import jakarta.ws.rs.*; import jakarta.ws.rs.core.MediaType; import jakarta.ws.rs.core.Response; @@ -9,32 +10,54 @@ @Path("/") public class OAuth20Resource extends BaseResource { + @Inject + GetDiscoveryOperation getDiscoveryOp; + @Inject + RegisterSiteOperation registerSiteOp; + @Inject + UpdateSiteOperation updateSiteOp; + @Inject + RemoveSiteOperation removeSiteOp; + @Inject + GetClientTokenOperation getClientTokenOp; + @Inject + GetAccessTokenByRefreshTokenOperation getAccessTokenByRefreshTokenOp; + @Inject + IntrospectAccessTokenOperation introspectAccessTokenOp; + @Inject + GetUserInfoOperation getUserInfoOp; + @Inject + GetJwksOperation getJwksOp; + @Inject + GetIssuerOperation getIssuerOp; + @Inject + CheckIdTokenOperation getCheckIdTokenOp; + @Inject + CheckAccessTokenOperation getCheckAccessTokenOp; + @POST @Path("/register-site") @Produces(MediaType.APPLICATION_JSON) public Response registerSite(String params) { logger.info("Api Resource: /register-site Params: {}", params); - String result = process(CommandType.REGISTER_SITE, params, RegisterSiteParams.class, null, null); - return Response.ok(result).build(); + return registerSiteOp.process(params, getHttpRequest()); } @POST @Path("/update-site") @Produces(MediaType.APPLICATION_JSON) - public Response updateSite(@HeaderParam("Authorization") String authorization, @HeaderParam("AuthorizationRpId") String authorizationRpId, String params) { + public Response updateSite(String params) { logger.info("Api Resource: /update-site Params: {}", params); - String result = process(CommandType.UPDATE_SITE, params, UpdateSiteParams.class, authorization, authorizationRpId); - return Response.ok(result).build(); + return updateSiteOp.process(params, getHttpRequest()); } @POST @Path("/remove-site") @Produces(MediaType.APPLICATION_JSON) @Consumes(MediaType.APPLICATION_JSON) - public Response removeSite(@HeaderParam("Authorization") String authorization, @HeaderParam("AuthorizationRpId") String authorizationRpId, String params) { + public Response removeSite(String params) { logger.info("Api Resource: /remove-site Params: {}", params); - String result = process(CommandType.REMOVE_SITE, params, RemoveSiteParams.class, authorization, authorizationRpId); - return Response.ok(result).build(); + return removeSiteOp.process(params, getHttpRequest()); } @POST @@ -42,48 +65,46 @@ public Response removeSite(@HeaderParam("Authorization") String authorization, @ @Produces(MediaType.APPLICATION_JSON) public Response getClientToken(String params) { logger.info("Api Resource: /get-client-token Params: {}", params); - String result = process(CommandType.GET_CLIENT_TOKEN, params, GetClientTokenParams.class, null, null); - return Response.ok(result).build(); + return getClientTokenOp.process(params, getHttpRequest()); } @POST + @ProtectedApi @Path("/get-access-token-by-refresh-token") @Produces(MediaType.APPLICATION_JSON) @Consumes(MediaType.APPLICATION_JSON) - public Response getAccessTokenByRefreshToken(@HeaderParam("Authorization") String authorization, @HeaderParam("AuthorizationRpId") String authorizationRpId, String params) { + public Response getAccessTokenByRefreshToken(String params) { logger.info("Api Resource: /get-access-token-by-refresh-token Params: {}", params); - String result = process(CommandType.GET_ACCESS_TOKEN_BY_REFRESH_TOKEN, params, GetAccessTokenByRefreshTokenParams.class, authorization, authorizationRpId); - return Response.ok(result).build(); + return getAccessTokenByRefreshTokenOp.process(params, getHttpRequest()); } @POST + @ProtectedApi @Path("/introspect-access-token") @Produces(MediaType.APPLICATION_JSON) @Consumes(MediaType.APPLICATION_JSON) - public Response introspectAccessToken(@HeaderParam("Authorization") String authorization, @HeaderParam("AuthorizationRpId") String authorizationRpId, String params) { + public Response introspectAccessToken(String params) { logger.info("Api Resource: /introspect-access-token Params: {}", params); - String result = process(CommandType.INTROSPECT_ACCESS_TOKEN, params, IntrospectAccessTokenParams.class, authorization, authorizationRpId); - return Response.ok(result).build(); + return introspectAccessTokenOp.process(params, getHttpRequest()); } @POST + @ProtectedApi @Path("/get-user-info") @Produces(MediaType.APPLICATION_JSON) @Consumes(MediaType.APPLICATION_JSON) - public Response getUserInfo(@HeaderParam("Authorization") String authorization, @HeaderParam("AuthorizationRpId") String authorizationRpId, String params) { + public Response getUserInfo(String params) { logger.info("Api Resource: /get-user-info Params: {}", params); - String result = process(CommandType.GET_USER_INFO, params, GetUserInfoParams.class, authorization, authorizationRpId); - return Response.ok(result).build(); + return getUserInfoOp.process(params, getHttpRequest()); } @POST @Path("/get-jwks") @Produces(MediaType.APPLICATION_JSON) @Consumes(MediaType.APPLICATION_JSON) - public Response getJwks(@HeaderParam("Authorization") String authorization, @HeaderParam("AuthorizationRpId") String authorizationRpId, String params) { + public Response getJwks(String params) { logger.info("Api Resource: /get-jwks Params: {}", params); - String result = process(CommandType.GET_JWKS, params, GetJwksParams.class, authorization, authorizationRpId); - return Response.ok(result).build(); + return getJwksOp.process(params, getHttpRequest()); } @POST @@ -91,28 +112,27 @@ public Response getJwks(@HeaderParam("Authorization") String authorization, @Hea @Produces(MediaType.APPLICATION_JSON) public Response getDiscovery(String params) { logger.info("Api Resource: /get-discovery Params: {}", params); - String result = process(CommandType.GET_DISCOVERY, params, GetDiscoveryParams.class, null, null); - return Response.ok(result).build(); + return getDiscoveryOp.process(params, getHttpRequest()); } @POST + @ProtectedApi @Path("/check-access-token") @Produces(MediaType.APPLICATION_JSON) @Consumes(MediaType.APPLICATION_JSON) - public Response checkAccessToken(@HeaderParam("Authorization") String authorization, @HeaderParam("AuthorizationRpId") String authorizationRpId, String params) { + public Response checkAccessToken(String params) { logger.info("Api Resource: /check-access-token Params: {}", params); - String result = process(CommandType.CHECK_ACCESS_TOKEN, params, CheckAccessTokenParams.class, authorization, authorizationRpId); - return Response.ok(result).build(); + return getCheckAccessTokenOp.process(params, getHttpRequest()); } @POST + @ProtectedApi @Path("/check-id-token") @Produces(MediaType.APPLICATION_JSON) @Consumes(MediaType.APPLICATION_JSON) - public Response checkIdToken(@HeaderParam("Authorization") String authorization, @HeaderParam("AuthorizationRpId") String authorizationRpId, String params) { + public Response checkIdToken(String params) { logger.info("Api Resource: /check-id-token Params: {}", params); - String result = process(CommandType.CHECK_ID_TOKEN, params, CheckIdTokenParams.class, authorization, authorizationRpId); - return Response.ok(result).build(); + return getCheckIdTokenOp.process(params, getHttpRequest()); } @POST @@ -121,7 +141,6 @@ public Response checkIdToken(@HeaderParam("Authorization") String authorization, @Consumes(MediaType.APPLICATION_JSON) public Response getIssuer(String params) { logger.info("Api Resource: /get-issuer Params: {}", params); - String result = process(CommandType.ISSUER_DISCOVERY, params, GetIssuerParams.class, null, null); - return Response.ok(result).build(); + return getIssuerOp.process(params, getHttpRequest()); } } diff --git a/jans-client-api/server/src/main/java/io/jans/ca/server/rest/OpenIdConnectResource.java b/jans-client-api/server/src/main/java/io/jans/ca/server/rest/OpenIdConnectResource.java index e75a75ce44f..dde205aa3f4 100644 --- a/jans-client-api/server/src/main/java/io/jans/ca/server/rest/OpenIdConnectResource.java +++ b/jans-client-api/server/src/main/java/io/jans/ca/server/rest/OpenIdConnectResource.java @@ -1,10 +1,11 @@ package io.jans.ca.server.rest; -import io.jans.ca.common.CommandType; -import io.jans.ca.common.params.GetAuthorizationCodeParams; -import io.jans.ca.common.params.GetAuthorizationUrlParams; -import io.jans.ca.common.params.GetLogoutUrlParams; -import io.jans.ca.common.params.GetTokensByCodeParams; +import io.jans.ca.server.op.GetAuthorizationCodeOperation; +import io.jans.ca.server.op.GetAuthorizationUrlOperation; +import io.jans.ca.server.op.GetLogoutUrlOperation; +import io.jans.ca.server.op.GetTokensByCodeOperation; +import io.jans.ca.common.rest.ProtectedApi; +import jakarta.inject.Inject; import jakarta.ws.rs.*; import jakarta.ws.rs.core.MediaType; import jakarta.ws.rs.core.Response; @@ -12,43 +13,52 @@ @Path("/") public class OpenIdConnectResource extends BaseResource { + @Inject + GetAuthorizationCodeOperation getAuthorizationCodeOp; + @Inject + GetAuthorizationUrlOperation getAuthorizationUrlOp; + @Inject + GetTokensByCodeOperation getTokensByCodeOp; + @Inject + GetLogoutUrlOperation getLogoutUrlOp; + @POST + @ProtectedApi @Path("/get-authorization-url") @Produces(MediaType.APPLICATION_JSON) @Consumes(MediaType.APPLICATION_JSON) - public Response getAuthorizationUrl(@HeaderParam("Authorization") String authorization, @HeaderParam("AuthorizationRpId") String authorizationRpId, String params) { + public Response getAuthorizationUrl(String params) { logger.info("Api Resource: /get-authorization-url Params: {}", params); - String result = process(CommandType.GET_AUTHORIZATION_URL, params, GetAuthorizationUrlParams.class, authorization, authorizationRpId); - return Response.ok(result).build(); + return getAuthorizationUrlOp.process(params, getHttpRequest()); } @POST + @ProtectedApi @Path("/get-authorization-code") @Produces(MediaType.APPLICATION_JSON) @Consumes(MediaType.APPLICATION_JSON) - public Response getAuthorizationCode(@HeaderParam("Authorization") String authorization, @HeaderParam("AuthorizationRpId") String authorizationRpId, String params) { + public Response getAuthorizationCode(String params) { logger.info("Api Resource: /get-authorization-code Params: {}", params); - String result = process(CommandType.GET_AUTHORIZATION_CODE, params, GetAuthorizationCodeParams.class, authorization, authorizationRpId); - return Response.ok(result).build(); + return getAuthorizationCodeOp.process(params, getHttpRequest()); } @POST + @ProtectedApi @Path("/get-tokens-by-code") @Produces(MediaType.APPLICATION_JSON) @Consumes(MediaType.APPLICATION_JSON) - public Response getTokenByCode(@HeaderParam("Authorization") String authorization, @HeaderParam("AuthorizationRpId") String authorizationRpId, String params) { + public Response getTokenByCode(String params) { logger.info("Api Resource: /get-tokens-by-code Params: {}", params); - String result = process(CommandType.GET_TOKENS_BY_CODE, params, GetTokensByCodeParams.class, authorization, authorizationRpId); - return Response.ok(result).build(); + return getTokensByCodeOp.process(params, getHttpRequest()); } @POST + @ProtectedApi @Path("/get-logout-uri") @Produces(MediaType.APPLICATION_JSON) @Consumes(MediaType.APPLICATION_JSON) - public Response getLogoutUri(@HeaderParam("Authorization") String authorization, @HeaderParam("AuthorizationRpId") String authorizationRpId, String params) { + public Response getLogoutUri(String params) { logger.info("Api Resource: /get-logout-uri Params: {}", params); - String result = process(CommandType.GET_LOGOUT_URI, params, GetLogoutUrlParams.class, authorization, authorizationRpId); - return Response.ok(result).build(); + return getLogoutUrlOp.process(params, getHttpRequest()); } } diff --git a/jans-client-api/server/src/main/java/io/jans/ca/server/rest/RpResource.java b/jans-client-api/server/src/main/java/io/jans/ca/server/rest/RpResource.java index fd6e93cdebe..c966d63cc45 100644 --- a/jans-client-api/server/src/main/java/io/jans/ca/server/rest/RpResource.java +++ b/jans-client-api/server/src/main/java/io/jans/ca/server/rest/RpResource.java @@ -1,7 +1,9 @@ package io.jans.ca.server.rest; -import io.jans.ca.common.CommandType; -import io.jans.ca.common.params.*; +import io.jans.ca.common.params.StringParam; +import io.jans.ca.server.op.*; +import io.jans.ca.common.rest.ProtectedApi; +import jakarta.inject.Inject; import jakarta.ws.rs.*; import jakarta.ws.rs.core.MediaType; import jakarta.ws.rs.core.Response; @@ -9,36 +11,41 @@ @Path("/") public class RpResource extends BaseResource { + @Inject + GetRpJwksOperation getRpJwksOp; + @Inject + GetRpOperation getRpOp; + @Inject + AuthorizationCodeFlowOperation authorizationCodeFlowOp; + @Inject + GetRequestObjectOperation getRequestObjectOp; + @Inject + GetRequestObjectUriOperation getRequestObjectUriOp; + @GET @Path("/get-rp-jwks") @Produces(MediaType.APPLICATION_JSON) public Response getRpJwks() { logger.info("Api Resource: get-rp-jwks"); - String result = process(CommandType.GET_RP_JWKS, null, GetJwksParams.class, null, null); - logger.info("Api Resource: get-rp-jwks - result:{}", result); - - return Response.ok(result).build(); + return getRpJwksOp.process(null, getHttpRequest()); } @POST @Path("/get-rp") @Produces(MediaType.APPLICATION_JSON) - public Response getRp(@HeaderParam("Authorization") String authorization, @HeaderParam("AuthorizationRpId") String authorizationRpId, String params) { + public Response getRp(String params) { logger.info("Api Resource: get-rp"); - String result = process(CommandType.GET_RP, params, GetRpParams.class, authorization, authorizationRpId); - logger.info("Api Resource: get-rp - result:{}", result); - - return Response.ok(result).build(); + return getRpOp.process(params, getHttpRequest()); } @POST + @ProtectedApi @Path("/authorization-code-flow") @Produces(MediaType.APPLICATION_JSON) @Consumes(MediaType.APPLICATION_JSON) - public Response authorizationCodeFlow(@HeaderParam("Authorization") String authorization, @HeaderParam("AuthorizationRpId") String authorizationRpId, String params) { + public Response authorizationCodeFlow(String params) { logger.info("Api Resource: authorization-code-flow"); - String result = process(CommandType.AUTHORIZATION_CODE_FLOW, params, AuthorizationCodeFlowParams.class, authorization, authorizationRpId); - return Response.ok(result).build(); + return authorizationCodeFlowOp.process(params, getHttpRequest()); } @GET @@ -46,17 +53,16 @@ public Response authorizationCodeFlow(@HeaderParam("Authorization") String autho @Produces(MediaType.TEXT_PLAIN) public Response getRequestObject(@PathParam("request_object_id") String value) { logger.info("Api Resource: get-request-object/{}", value); - String result = process(CommandType.GET_REQUEST_OBJECT_JWT, (new StringParam(value)).toJsonString(), StringParam.class, null, null); - return Response.ok(result).build(); + return getRequestObjectOp.process((new StringParam(value)).toJsonString(), getHttpRequest()); } @POST + @ProtectedApi @Path("/get-request-object-uri") @Produces(MediaType.APPLICATION_JSON) @Consumes(MediaType.APPLICATION_JSON) - public Response getRequestObjectUri(@HeaderParam("Authorization") String authorization, @HeaderParam("AuthorizationRpId") String authorizationRpId, String params) { + public Response getRequestObjectUri(String params) { logger.info("Api Resource: get-request-object-uri"); - String result = process(CommandType.GET_REQUEST_URI, params, GetRequestObjectUriParams.class, authorization, authorizationRpId); - return Response.ok(result).build(); + return getRequestObjectUriOp.process(params, getHttpRequest()); } } diff --git a/jans-client-api/server/src/main/java/io/jans/ca/server/rest/UMA2RelyingPartyResource.java b/jans-client-api/server/src/main/java/io/jans/ca/server/rest/UMA2RelyingPartyResource.java index 876dc176d32..1c1e9ebe397 100644 --- a/jans-client-api/server/src/main/java/io/jans/ca/server/rest/UMA2RelyingPartyResource.java +++ b/jans-client-api/server/src/main/java/io/jans/ca/server/rest/UMA2RelyingPartyResource.java @@ -1,33 +1,42 @@ package io.jans.ca.server.rest; -import io.jans.ca.common.CommandType; -import io.jans.ca.common.params.RpGetClaimsGatheringUrlParams; -import io.jans.ca.common.params.RpGetRptParams; -import jakarta.ws.rs.*; +import io.jans.ca.server.op.RpGetGetClaimsGatheringUrlOperation; +import io.jans.ca.server.op.RpGetRptOperation; +import io.jans.ca.common.rest.ProtectedApi; +import jakarta.inject.Inject; +import jakarta.ws.rs.Consumes; +import jakarta.ws.rs.POST; +import jakarta.ws.rs.Path; +import jakarta.ws.rs.Produces; import jakarta.ws.rs.core.MediaType; import jakarta.ws.rs.core.Response; @Path("/") public class UMA2RelyingPartyResource extends BaseResource { + @Inject + RpGetRptOperation rpGetRptOp; + @Inject + RpGetGetClaimsGatheringUrlOperation rpGetGetClaimsGatheringUrlOp; + @POST + @ProtectedApi @Path("/uma-rp-get-rpt") @Produces(MediaType.APPLICATION_JSON) @Consumes(MediaType.APPLICATION_JSON) - public Response umaRpGetRpt(@HeaderParam("Authorization") String authorization, @HeaderParam("AuthorizationRpId") String authorizationRpId, String params) { + public Response umaRpGetRpt(String params) { logger.info("Api Resource: /uma-rp-get-rpt Params: {}", params); - String result = process(CommandType.RP_GET_RPT, params, RpGetRptParams.class, authorization, authorizationRpId); - return Response.ok(result).build(); + return rpGetRptOp.process(params, getHttpRequest()); } @POST + @ProtectedApi @Path("/uma-rp-get-claims-gathering-url") @Produces(MediaType.APPLICATION_JSON) @Consumes(MediaType.APPLICATION_JSON) - public Response umaRpGetClaimsGatheringUrl(@HeaderParam("Authorization") String authorization, @HeaderParam("AuthorizationRpId") String authorizationRpId, String params) { + public Response umaRpGetClaimsGatheringUrl(String params) { logger.info("Api Resource: /uma-rp-get-claims-gathering-url Params: {}", params); - String result = process(CommandType.RP_GET_CLAIMS_GATHERING_URL, params, RpGetClaimsGatheringUrlParams.class, authorization, authorizationRpId); - return Response.ok(result).build(); + return rpGetGetClaimsGatheringUrlOp.process(params, getHttpRequest()); } } diff --git a/jans-client-api/server/src/main/java/io/jans/ca/server/rest/UMA2ResourceServerResource.java b/jans-client-api/server/src/main/java/io/jans/ca/server/rest/UMA2ResourceServerResource.java index 8c28d96b782..989d7cffbe5 100644 --- a/jans-client-api/server/src/main/java/io/jans/ca/server/rest/UMA2ResourceServerResource.java +++ b/jans-client-api/server/src/main/java/io/jans/ca/server/rest/UMA2ResourceServerResource.java @@ -1,51 +1,67 @@ package io.jans.ca.server.rest; -import io.jans.ca.common.CommandType; -import io.jans.ca.common.params.*; -import jakarta.ws.rs.*; +import io.jans.ca.server.op.IntrospectRptOperation; +import io.jans.ca.server.op.RsCheckAccessOperation; +import io.jans.ca.server.op.RsModifyOperation; +import io.jans.ca.server.op.RsProtectOperation; +import io.jans.ca.common.rest.ProtectedApi; +import jakarta.inject.Inject; +import jakarta.ws.rs.Consumes; +import jakarta.ws.rs.POST; +import jakarta.ws.rs.Path; +import jakarta.ws.rs.Produces; import jakarta.ws.rs.core.MediaType; import jakarta.ws.rs.core.Response; @Path("/") public class UMA2ResourceServerResource extends BaseResource { + @Inject + RsProtectOperation rsProtectOp; + @Inject + RsModifyOperation rsModifyOp; + @Inject + IntrospectRptOperation introspectRptOp; + @Inject + RsCheckAccessOperation rsCheckAccessOp; + @POST + @ProtectedApi @Path("/uma-rs-protect") @Produces(MediaType.APPLICATION_JSON) @Consumes(MediaType.APPLICATION_JSON) - public Response umaRsProtect(@HeaderParam("Authorization") String authorization, @HeaderParam("AuthorizationRpId") String authorizationRpId, String params) { + public Response umaRsProtect(String params) { logger.info("Api Resource: /uma-rs-protect Params: {}", params); - String result = process(CommandType.RS_PROTECT, params, RsProtectParams.class, authorization, authorizationRpId); - return Response.ok(result).build(); + return rsProtectOp.process(params, getHttpRequest()); } @POST + @ProtectedApi @Path("/uma-rs-check-access") @Produces(MediaType.APPLICATION_JSON) @Consumes(MediaType.APPLICATION_JSON) - public Response umaRsCheckAccess(@HeaderParam("Authorization") String authorization, @HeaderParam("AuthorizationRpId") String authorizationRpId, String params) { + public Response umaRsCheckAccess(String params) { logger.info("Api Resource: /uma-rs-check-access Params: {}", params); - String result = process(CommandType.RS_CHECK_ACCESS, params, RsCheckAccessParams.class, authorization, authorizationRpId); - return Response.ok(result).build(); + return rsCheckAccessOp.process(params, getHttpRequest()); } @POST + @ProtectedApi @Path("/introspect-rpt") @Produces(MediaType.APPLICATION_JSON) @Consumes(MediaType.APPLICATION_JSON) - public Response introspectRpt(@HeaderParam("Authorization") String authorization, @HeaderParam("AuthorizationRpId") String authorizationRpId, String params) { + public Response introspectRpt(String params) { logger.info("Api Resource: /introspect-rpt Params: {}", params); - String result = process(CommandType.INTROSPECT_RPT, params, IntrospectRptParams.class, authorization, authorizationRpId); - return Response.ok(result).build(); + return introspectRptOp.process(params, getHttpRequest()); } @POST + @ProtectedApi @Path("/uma-rs-modify") @Produces(MediaType.APPLICATION_JSON) @Consumes(MediaType.APPLICATION_JSON) - public Response umaRsModify(@HeaderParam("Authorization") String authorization, @HeaderParam("AuthorizationRpId") String authorizationRpId, String params) { + public Response umaRsModify(String params) { logger.info("Api Resource: /uma-rs-modify Params: {}", params); - String result = process(CommandType.RS_MODIFY, params, RsModifyParams.class, authorization, authorizationRpId); - return Response.ok(result).build(); + return rsModifyOp.process(params, getHttpRequest()); } } diff --git a/jans-client-api/server/src/main/java/io/jans/ca/server/security/service/AuthorizationRpIdParam.java b/jans-client-api/server/src/main/java/io/jans/ca/server/security/service/AuthorizationRpIdParam.java new file mode 100644 index 00000000000..0066a1e0385 --- /dev/null +++ b/jans-client-api/server/src/main/java/io/jans/ca/server/security/service/AuthorizationRpIdParam.java @@ -0,0 +1,13 @@ +package io.jans.ca.server.security.service; + +public class AuthorizationRpIdParam { + private String rpId; + + public String getRpId() { + return rpId; + } + + public void setRpId(String rpId) { + this.rpId = rpId; + } +} diff --git a/jans-client-api/server/src/main/java/io/jans/ca/server/security/service/AuthorizationService.java b/jans-client-api/server/src/main/java/io/jans/ca/server/security/service/AuthorizationService.java new file mode 100644 index 00000000000..71a20c6409b --- /dev/null +++ b/jans-client-api/server/src/main/java/io/jans/ca/server/security/service/AuthorizationService.java @@ -0,0 +1,34 @@ +/* + * Janssen Project software is available under the MIT License (2008). See http://opensource.org/licenses/MIT for full text. + * + * Copyright (c) 2020, Janssen Project + */ + +package io.jans.ca.server.security.service; + +import jakarta.inject.Inject; +import jakarta.ws.rs.core.Response; +import org.apache.commons.collections4.CollectionUtils; +import org.slf4j.Logger; + +import java.io.Serializable; +import java.util.List; + +public abstract class AuthorizationService implements Serializable { + + private static final long serialVersionUID = 4012335221233316230L; + + @Inject + transient Logger log; + + public abstract String processAuthorization(String path, String method, String remoteAddress, + String authorization, String authorizationRpId) throws Exception; + + protected Response getErrorResponse(Response.Status status, String detail) { + return Response.status(status).entity(detail).build(); + } + + public boolean isEqualCollection(List list1, List list2) { + return CollectionUtils.isEqualCollection(list1, list2); + } +} diff --git a/jans-client-api/server/src/main/java/io/jans/ca/server/security/service/ClientApiAuthorizationService.java b/jans-client-api/server/src/main/java/io/jans/ca/server/security/service/ClientApiAuthorizationService.java new file mode 100644 index 00000000000..7ace631433b --- /dev/null +++ b/jans-client-api/server/src/main/java/io/jans/ca/server/security/service/ClientApiAuthorizationService.java @@ -0,0 +1,116 @@ +/* + * Janssen Project software is available under the MIT License (2008). See http://opensource.org/licenses/MIT for full text. + * + * Copyright (c) 2020, Janssen Project + */ + +package io.jans.ca.server.security.service; + +import io.jans.as.model.util.StringUtils; +import io.jans.as.model.util.Util; +import io.jans.ca.common.ErrorResponseCode; +import io.jans.ca.server.HttpException; +import io.jans.ca.server.configuration.ApiAppConfiguration; +import io.jans.ca.server.configuration.model.Rp; +import io.jans.ca.server.persistence.service.MainPersistenceService; +import io.jans.ca.server.service.RpSyncService; +import io.jans.ca.server.service.ValidationService; +import jakarta.annotation.Priority; +import jakarta.enterprise.context.ApplicationScoped; +import jakarta.enterprise.inject.Alternative; +import jakarta.inject.Inject; +import jakarta.inject.Named; +import jakarta.servlet.http.HttpServletRequest; +import jakarta.servlet.http.HttpServletResponse; +import jakarta.ws.rs.core.Context; +import org.slf4j.Logger; + +import java.io.Serializable; +import java.util.List; + +@ApplicationScoped +@Named("clientApiAuthorizationService") +@Alternative +@Priority(1) +public class ClientApiAuthorizationService extends AuthorizationService implements Serializable { + + private static final long serialVersionUID = 1L; + private static final String AUTHENTICATION_SCHEME = "Bearer "; + + @Inject + transient Logger LOG; + + @Context + transient HttpServletRequest request; + + @Context + transient HttpServletResponse response; + + @Inject + ValidationService validationService; + @Inject + RpSyncService rpSyncService; + + @Inject + MainPersistenceService jansConfigurationService; + + public String processAuthorization(String path, String method, String remoteAddress, + String authorization, String authorizationRpId) throws Exception { + LOG.debug("oAuth Authorization parameters , path:{}, method:{}, authorization: {}, authorizationRpId: {} ", + path, method, authorization, authorizationRpId); + + final ApiAppConfiguration conf = jansConfigurationService.find(); + + validateAuthorizationRpId(conf, authorizationRpId); + validateAccessToken(authorization, authorizationRpId); + + return "AUTHORIZATION SUCCESS"; + } + + private void validateAuthorizationRpId(ApiAppConfiguration conf, String authorizationRpId) { + + if (Util.isNullOrEmpty(authorizationRpId)) { + LOG.debug("`AuthorizationRpId` header is null or Empty"); + throw new HttpException(ErrorResponseCode.AUTHORIZATION_RP_ID_HEADER_NOT_FOUND); + } + + final Rp rp = rpSyncService.getRp(authorizationRpId); + + if (rp == null || Util.isNullOrEmpty(rp.getRpId())) { + LOG.debug("`rp_id` in `AuthorizationRpId` header is not registered in jans_client_api."); + throw new HttpException(ErrorResponseCode.AUTHORIZATION_RP_ID_NOT_FOUND); + } + + if (conf.getProtectCommandsWithRpId() == null || conf.getProtectCommandsWithRpId().isEmpty()) { + return; + } + + if (!conf.getProtectCommandsWithRpId().contains(authorizationRpId)) { + LOG.debug("`rp_id` in `AuthorizationRpId` header is invalid. The `AuthorizationRpId` header should contain `rp_id` from `protect_commands_with_rp_id` field in client-api-server.yml."); + throw new HttpException(ErrorResponseCode.INVALID_AUTHORIZATION_RP_ID); + } + } + + private void validateAccessToken(String authorization, String authorizationRpId) { + final String prefix = AUTHENTICATION_SCHEME; + final ApiAppConfiguration conf = jansConfigurationService.find(); + + if (conf.getProtectCommandsWithAccessToken() != null && !conf.getProtectCommandsWithAccessToken()) { + LOG.debug("Skip protection because protect_commands_with_access_token: false in configuration file."); + return; + } + + if (Util.isNullOrEmpty(authorization)) { + LOG.debug("No access token provided in Authorization header. Forbidden."); + throw new HttpException(ErrorResponseCode.BLANK_ACCESS_TOKEN); + } + + String accessToken = authorization.substring(prefix.length()); + if (Util.isNullOrEmpty(accessToken)) { + LOG.debug("No access token provided in Authorization header. Forbidden."); + throw new HttpException(ErrorResponseCode.BLANK_ACCESS_TOKEN); + } + validationService.validateAccessToken(accessToken, authorizationRpId); + } + +} \ No newline at end of file diff --git a/jans-client-api/server/src/main/java/io/jans/ca/server/utils/Convertor.java b/jans-client-api/server/src/main/java/io/jans/ca/server/utils/Convertor.java index 1c1af3b1bf0..910f0812536 100644 --- a/jans-client-api/server/src/main/java/io/jans/ca/server/utils/Convertor.java +++ b/jans-client-api/server/src/main/java/io/jans/ca/server/utils/Convertor.java @@ -3,8 +3,8 @@ */ package io.jans.ca.server.utils; +import com.fasterxml.jackson.databind.JsonNode; import com.fasterxml.jackson.databind.node.POJONode; -import io.jans.ca.common.Command; import io.jans.ca.common.ErrorResponseCode; import io.jans.ca.common.Jackson2; import io.jans.ca.common.params.IParams; @@ -35,11 +35,11 @@ private Convertor() { * @param parameter calss * @return parameter object based on string representation */ - public static T asParams(Class clazz, Command command) { - if (command.getParams() instanceof POJONode) { - return (T) ((POJONode)command.getParams()).getPojo(); + public static T asParams(Class clazz, JsonNode jsonNodeParams) { + if (jsonNodeParams instanceof POJONode) { + return (T) ((POJONode) jsonNodeParams).getPojo(); } - final String paramsAsString = command.paramsAsString(); + final String paramsAsString = jsonNodeParams != null ? jsonNodeParams.toString() : ""; try { T params = Jackson2.createJsonMapper().readValue(paramsAsString, clazz); if (params == null) { diff --git a/jans-client-api/server/src/main/resources/META-INF/services/jakarta.ws.rs.ext.Providers b/jans-client-api/server/src/main/resources/META-INF/services/jakarta.ws.rs.ext.Providers index 139597f9cb0..4cc92f1a8fa 100644 --- a/jans-client-api/server/src/main/resources/META-INF/services/jakarta.ws.rs.ext.Providers +++ b/jans-client-api/server/src/main/resources/META-INF/services/jakarta.ws.rs.ext.Providers @@ -1,2 +1 @@ - - +io.jans.ca.server.filter.AuthorizationFilter \ No newline at end of file diff --git a/jans-client-api/server/src/test/java/io/jans/ca/server/manual/NotAllowedTest.java b/jans-client-api/server/src/test/java/io/jans/ca/server/manual/NotAllowedTest.java index c44aba595d5..d604eec1fd9 100644 --- a/jans-client-api/server/src/test/java/io/jans/ca/server/manual/NotAllowedTest.java +++ b/jans-client-api/server/src/test/java/io/jans/ca/server/manual/NotAllowedTest.java @@ -4,8 +4,6 @@ import com.google.common.collect.Lists; import io.jans.ca.client.ClientInterface; import io.jans.ca.client.RsProtectParams2; -import io.jans.ca.common.Command; -import io.jans.ca.common.CommandType; import io.jans.ca.common.Jackson2; import io.jans.ca.common.params.RegisterSiteParams; import io.jans.ca.common.response.RegisterSiteResponse; @@ -53,9 +51,6 @@ public static RegisterSiteResponse registerSite(ClientInterface client) { params.setAcrValues(Lists.newArrayList("gplus", "basic", "duo", "u2f")); params.setGrantTypes(Lists.newArrayList("authorization_code")); - final Command command = new Command(CommandType.REGISTER_SITE); - command.setParamsObject(params); - final RegisterSiteResponse resp = client.registerSite(params); assertNotNull(resp); assertTrue(!Strings.isNullOrEmpty(resp.getRpId())); diff --git a/jans-client-api/server/src/test/java/io/jans/ca/server/tests/AuthorizationCodeFlowTest.java b/jans-client-api/server/src/test/java/io/jans/ca/server/tests/AuthorizationCodeFlowTest.java index bd6232c74e7..bb47f2ceaa6 100644 --- a/jans-client-api/server/src/test/java/io/jans/ca/server/tests/AuthorizationCodeFlowTest.java +++ b/jans-client-api/server/src/test/java/io/jans/ca/server/tests/AuthorizationCodeFlowTest.java @@ -45,7 +45,7 @@ public void test(String host, String opHost, String redirectUrls, String clientI params.setUserSecret(userSecret); String strAuthorization = Tester.getAuthorization(hostTargetURL, site); - final AuthorizationCodeFlowResponse resp = client.authorizationCodeFlow(strAuthorization, null, params); + final AuthorizationCodeFlowResponse resp = client.authorizationCodeFlow(strAuthorization, params.getRpId(), params); assertNotNull(resp); TestUtils.notEmpty(resp.getAccessToken()); diff --git a/jans-client-api/server/src/test/java/io/jans/ca/server/tests/CheckAccessTokenTest.java b/jans-client-api/server/src/test/java/io/jans/ca/server/tests/CheckAccessTokenTest.java index 07a42a25d31..4664a9e6631 100644 --- a/jans-client-api/server/src/test/java/io/jans/ca/server/tests/CheckAccessTokenTest.java +++ b/jans-client-api/server/src/test/java/io/jans/ca/server/tests/CheckAccessTokenTest.java @@ -43,7 +43,7 @@ public void test(String host, String redirectUrls, String userId, String userSec params.setRpId(site.getRpId()); String strAuthorization = Tester.getAuthorization(hostTargetURL, site); - final CheckAccessTokenResponse checkR = client.checkAccessToken(strAuthorization, null, params); + final CheckAccessTokenResponse checkR = client.checkAccessToken(strAuthorization, params.getRpId(), params); assertNotNull(checkR); assertTrue(checkR.isActive()); assertNotNull(checkR.getExpiresAt()); diff --git a/jans-client-api/server/src/test/java/io/jans/ca/server/tests/CheckIdTokenTest.java b/jans-client-api/server/src/test/java/io/jans/ca/server/tests/CheckIdTokenTest.java index c986eca2eb6..7e2eb65a90a 100644 --- a/jans-client-api/server/src/test/java/io/jans/ca/server/tests/CheckIdTokenTest.java +++ b/jans-client-api/server/src/test/java/io/jans/ca/server/tests/CheckIdTokenTest.java @@ -46,7 +46,7 @@ public void test(String host, String opHost, String redirectUrls, String userId, params.setNonce(nonce); String strAuthorization = Tester.getAuthorization(hostTargetURL, site); - final CheckIdTokenResponse checkR = client.checkIdToken(strAuthorization, null, params); + final CheckIdTokenResponse checkR = client.checkIdToken(strAuthorization, params.getRpId(), params); assertNotNull(checkR); assertTrue(checkR.isActive()); assertNotNull(checkR.getExpiresAt()); diff --git a/jans-client-api/server/src/test/java/io/jans/ca/server/tests/DifferentAuthServerTest.java b/jans-client-api/server/src/test/java/io/jans/ca/server/tests/DifferentAuthServerTest.java index 6cd06131f97..35856b75edb 100644 --- a/jans-client-api/server/src/test/java/io/jans/ca/server/tests/DifferentAuthServerTest.java +++ b/jans-client-api/server/src/test/java/io/jans/ca/server/tests/DifferentAuthServerTest.java @@ -27,7 +27,7 @@ import static org.testng.Assert.assertTrue; import static org.testng.AssertJUnit.assertNotNull; -//Set `protect_commands_with_access_token` field to true in client-api-server.yml file +//Set `protect_commands_with_access_token` field to true in config register public class DifferentAuthServerTest extends BaseTest { @ArquillianResource diff --git a/jans-client-api/server/src/test/java/io/jans/ca/server/tests/GetAuthorizationUrlTest.java b/jans-client-api/server/src/test/java/io/jans/ca/server/tests/GetAuthorizationUrlTest.java index d9940ec7b4b..753fd8a6b03 100644 --- a/jans-client-api/server/src/test/java/io/jans/ca/server/tests/GetAuthorizationUrlTest.java +++ b/jans-client-api/server/src/test/java/io/jans/ca/server/tests/GetAuthorizationUrlTest.java @@ -37,7 +37,7 @@ public void test(String host, String redirectUrls, String opHost) { final GetAuthorizationUrlParams commandParams = new GetAuthorizationUrlParams(); commandParams.setRpId(site.getRpId()); - final GetAuthorizationUrlResponse resp = client.getAuthorizationUrl(Tester.getAuthorization(getApiTagetURL(url), site), null, commandParams); + final GetAuthorizationUrlResponse resp = client.getAuthorizationUrl(Tester.getAuthorization(getApiTagetURL(url), site), commandParams.getRpId(), commandParams); assertNotNull(resp); notEmpty(resp.getAuthorizationUrl()); } @@ -53,7 +53,7 @@ public void testWithParameterAuthorizationUrl(String host, String opHost, String commandParams.setRpId(site.getRpId()); commandParams.setRedirectUri(paramRedirectUrl); - final GetAuthorizationUrlResponse resp = client.getAuthorizationUrl(Tester.getAuthorization(getApiTagetURL(url), site), null, commandParams); + final GetAuthorizationUrlResponse resp = client.getAuthorizationUrl(Tester.getAuthorization(getApiTagetURL(url), site), commandParams.getRpId(), commandParams); assertNotNull(resp); notEmpty(resp.getAuthorizationUrl()); assertTrue(resp.getAuthorizationUrl().contains(paramRedirectUrl)); @@ -69,7 +69,7 @@ public void testWithResponseType(String host, String redirectUrls, String opHost commandParams.setRpId(site.getRpId()); commandParams.setResponseTypes(Lists.newArrayList("code", "token")); - final GetAuthorizationUrlResponse resp = client.getAuthorizationUrl(Tester.getAuthorization(getApiTagetURL(url), site), null, commandParams); + final GetAuthorizationUrlResponse resp = client.getAuthorizationUrl(Tester.getAuthorization(getApiTagetURL(url), site), commandParams.getRpId(), commandParams); assertNotNull(resp); notEmpty(resp.getAuthorizationUrl()); @@ -92,7 +92,7 @@ public void testWithParams(String host, String redirectUrls, String opHost) thro params.put("is_valid", "true"); commandParams.setParams(params); - final GetAuthorizationUrlResponse resp = client.getAuthorizationUrl(Tester.getAuthorization(getApiTagetURL(url), site), null, commandParams); + final GetAuthorizationUrlResponse resp = client.getAuthorizationUrl(Tester.getAuthorization(getApiTagetURL(url), site), commandParams.getRpId(), commandParams); notEmpty(resp.getAuthorizationUrl()); Map parameters = CoreUtils.splitQuery(resp.getAuthorizationUrl()); @@ -116,7 +116,7 @@ public void testWithCustomStateParameter(String host, String opHost, String redi commandParams.setRedirectUri(paramRedirectUrl); commandParams.setState(state); - final GetAuthorizationUrlResponse resp = client.getAuthorizationUrl(Tester.getAuthorization(getApiTagetURL(url), site), null, commandParams); + final GetAuthorizationUrlResponse resp = client.getAuthorizationUrl(Tester.getAuthorization(getApiTagetURL(url), site), commandParams.getRpId(), commandParams); assertNotNull(resp); notEmpty(resp.getAuthorizationUrl()); assertTrue(resp.getAuthorizationUrl().contains(paramRedirectUrl)); @@ -137,7 +137,7 @@ public void testWithNonceParameter(String host, String opHost, String redirectUr commandParams.setRedirectUri(paramRedirectUrl); commandParams.setNonce("dummy_nonce"); - final GetAuthorizationUrlResponse resp = client.getAuthorizationUrl(Tester.getAuthorization(getApiTagetURL(url), site), null, commandParams); + final GetAuthorizationUrlResponse resp = client.getAuthorizationUrl(Tester.getAuthorization(getApiTagetURL(url), site), commandParams.getRpId(), commandParams); assertNotNull(resp); notEmpty(resp.getAuthorizationUrl()); assertTrue(resp.getAuthorizationUrl().contains(paramRedirectUrl)); diff --git a/jans-client-api/server/src/test/java/io/jans/ca/server/tests/GetLogoutUrlTest.java b/jans-client-api/server/src/test/java/io/jans/ca/server/tests/GetLogoutUrlTest.java index dc566e5c497..1bfb178a330 100644 --- a/jans-client-api/server/src/test/java/io/jans/ca/server/tests/GetLogoutUrlTest.java +++ b/jans-client-api/server/src/test/java/io/jans/ca/server/tests/GetLogoutUrlTest.java @@ -37,7 +37,7 @@ public void test(String host, String opHost, String redirectUrls, String postLog params.setState(UUID.randomUUID().toString()); params.setSessionState(UUID.randomUUID().toString()); // here must be real session instead of dummy UUID - final GetLogoutUriResponse resp = client.getLogoutUri(Tester.getAuthorization(getApiTagetURL(url), site), null, params); + final GetLogoutUriResponse resp = client.getLogoutUri(Tester.getAuthorization(getApiTagetURL(url), site), params.getRpId(), params); assertNotNull(resp); assertTrue(resp.getUri().contains(URLEncoder.encode(postLogoutRedirectUrl, "UTF-8"))); } diff --git a/jans-client-api/server/src/test/java/io/jans/ca/server/tests/GetRequestUriTest.java b/jans-client-api/server/src/test/java/io/jans/ca/server/tests/GetRequestUriTest.java index 600faddcc3b..3d1e131712d 100644 --- a/jans-client-api/server/src/test/java/io/jans/ca/server/tests/GetRequestUriTest.java +++ b/jans-client-api/server/src/test/java/io/jans/ca/server/tests/GetRequestUriTest.java @@ -46,7 +46,7 @@ public void test(String host, String redirectUrls, String opHost) { GetRequestObjectUriParams getRequestUriParams = new GetRequestObjectUriParams(); getRequestUriParams.setRpId(site.getRpId()); getRequestUriParams.setRpHostUrl(hostTargetURL); - GetRequestObjectUriResponse getRequestUriResponse = client.getRequestObjectUri(strAuthorization, null, getRequestUriParams); + GetRequestObjectUriResponse getRequestUriResponse = client.getRequestObjectUri(strAuthorization, getRequestUriParams.getRpId(), getRequestUriParams); assertNotNull(getRequestUriResponse.getRequestUri()); //Get Request object String requestObjectId = getRequestUriResponse.getRequestUri().substring(getRequestUriResponse.getRequestUri().lastIndexOf('/') + 1); @@ -58,7 +58,7 @@ public void test(String host, String redirectUrls, String opHost) { final GetAuthorizationUrlParams commandParams = new GetAuthorizationUrlParams(); commandParams.setRpId(site.getRpId()); commandParams.setParams(paramsMap); - final GetAuthorizationUrlResponse resp = client.getAuthorizationUrl(strAuthorization, null, commandParams); + final GetAuthorizationUrlResponse resp = client.getAuthorizationUrl(strAuthorization, commandParams.getRpId(), commandParams); assertNotNull(resp); TestUtils.notEmpty(resp.getAuthorizationUrl()); } diff --git a/jans-client-api/server/src/test/java/io/jans/ca/server/tests/GetTokensByCodeTest.java b/jans-client-api/server/src/test/java/io/jans/ca/server/tests/GetTokensByCodeTest.java index 280ef7babdd..1f4aca6c9ba 100644 --- a/jans-client-api/server/src/test/java/io/jans/ca/server/tests/GetTokensByCodeTest.java +++ b/jans-client-api/server/src/test/java/io/jans/ca/server/tests/GetTokensByCodeTest.java @@ -171,7 +171,7 @@ public static GetClientTokenResponse refreshToken(GetTokensByCodeResponse2 resp, refreshParams.setScope(Lists.newArrayList("openid", "jans_client_api")); refreshParams.setRefreshToken(resp.getRefreshToken()); - GetClientTokenResponse refreshResponse = client.getAccessTokenByRefreshToken(Tester.getAuthorization(client.getApitargetURL(), site), null, refreshParams); + GetClientTokenResponse refreshResponse = client.getAccessTokenByRefreshToken(Tester.getAuthorization(client.getApitargetURL(), site), refreshParams.getRpId(), refreshParams); assertNotNull(refreshResponse); notEmpty(refreshResponse.getAccessToken()); @@ -222,7 +222,7 @@ public static GetTokensByCodeResponse2 tokenByInvalidCode(ClientInterface client GetTokensByCodeResponse2 resp = null; - resp = client.getTokenByCode(Tester.getAuthorization(client.getApitargetURL(), site), null, params); + resp = client.getTokenByCode(Tester.getAuthorization(client.getApitargetURL(), site), params.getRpId(), params); assertNotNull(resp); assertEquals(resp.getError(), "bad_request"); assertEquals(resp.getErrorDescription(), "'state' is not registered."); @@ -231,7 +231,7 @@ public static GetTokensByCodeResponse2 tokenByInvalidCode(ClientInterface client } public static String codeRequest(ClientInterface client, String opHost, RegisterSiteResponse site, String userId, String userSecret, String clientId, String redirectUrls, String state, String nonce) { - return codeRequest(client, opHost, site, userId, userSecret, clientId, redirectUrls, state, nonce, null, null); + return codeRequest(client, opHost, site, userId, userSecret, clientId, redirectUrls, state, nonce, null, site.getRpId()); } public static String codeRequest(ClientInterface client, String opHost, RegisterSiteResponse site, String userId, String userSecret, String clientId, String redirectUrls, String state, String nonce, String accessToken, String authorizationRpId) { diff --git a/jans-client-api/server/src/test/java/io/jans/ca/server/tests/GetUserInfoTest.java b/jans-client-api/server/src/test/java/io/jans/ca/server/tests/GetUserInfoTest.java index 55cb7f65e9e..37200948164 100644 --- a/jans-client-api/server/src/test/java/io/jans/ca/server/tests/GetUserInfoTest.java +++ b/jans-client-api/server/src/test/java/io/jans/ca/server/tests/GetUserInfoTest.java @@ -41,7 +41,7 @@ public void test(String host, String opHost, String redirectUrls, String userId, params.setAccessToken(tokens.getAccessToken()); params.setIdToken(tokens.getIdToken()); - final JsonNode resp = client.getUserInfo(Tester.getAuthorization(client.getApitargetURL(), site), null, params); + final JsonNode resp = client.getUserInfo(Tester.getAuthorization(client.getApitargetURL(), site), params.getRpId(), params); assertNotNull(resp); assertNotNull(resp.get("sub")); } @@ -55,7 +55,7 @@ private GetTokensByCodeResponse2 requestTokens(ClientInterface client, String op params.setCode(GetTokensByCodeTest.codeRequest(client, opHost, site, userId, userSecret, clientId, redirectUrls, state, nonce)); params.setState(state); - final GetTokensByCodeResponse2 resp = client.getTokenByCode(Tester.getAuthorization(client.getApitargetURL(), site), null, params); + final GetTokensByCodeResponse2 resp = client.getTokenByCode(Tester.getAuthorization(client.getApitargetURL(), site), params.getRpId(), params); assertNotNull(resp); notEmpty(resp.getAccessToken()); notEmpty(resp.getIdToken()); diff --git a/jans-client-api/server/src/test/java/io/jans/ca/server/tests/IntrospectAccessTokenTest.java b/jans-client-api/server/src/test/java/io/jans/ca/server/tests/IntrospectAccessTokenTest.java index edd34b5897e..72f0a623e6b 100644 --- a/jans-client-api/server/src/test/java/io/jans/ca/server/tests/IntrospectAccessTokenTest.java +++ b/jans-client-api/server/src/test/java/io/jans/ca/server/tests/IntrospectAccessTokenTest.java @@ -50,7 +50,7 @@ public void introspectAccessToken(String host, String opHost, String redirectUrl introspectParams.setRpId(setupResponse.getRpId()); introspectParams.setAccessToken(tokenResponse.getAccessToken()); - IntrospectAccessTokenResponse introspectionResponse = client.introspectAccessToken("Bearer " + tokenResponse.getAccessToken(), null, introspectParams); + IntrospectAccessTokenResponse introspectionResponse = client.introspectAccessToken("Bearer " + tokenResponse.getAccessToken(), introspectParams.getRpId(), introspectParams); assertNotNull(introspectionResponse); assertTrue(introspectionResponse.isActive()); diff --git a/jans-client-api/server/src/test/java/io/jans/ca/server/tests/IntrospectRptTest.java b/jans-client-api/server/src/test/java/io/jans/ca/server/tests/IntrospectRptTest.java index 883b208f362..dc71ec67771 100644 --- a/jans-client-api/server/src/test/java/io/jans/ca/server/tests/IntrospectRptTest.java +++ b/jans-client-api/server/src/test/java/io/jans/ca/server/tests/IntrospectRptTest.java @@ -37,7 +37,7 @@ public void test(String host, String opHost, String redirectUrls, String rsProte params.setRpId(site.getRpId()); params.setRpt(rptResponse.getRpt()); - final CorrectRptIntrospectionResponse response = client.introspectRpt(Tester.getAuthorization(client.getApitargetURL(), site), null, params); + final CorrectRptIntrospectionResponse response = client.introspectRpt(Tester.getAuthorization(client.getApitargetURL(), site), params.getRpId(), params); assertNotNull(response); assertTrue(response.getActive()); diff --git a/jans-client-api/server/src/test/java/io/jans/ca/server/tests/RpGetRptTest.java b/jans-client-api/server/src/test/java/io/jans/ca/server/tests/RpGetRptTest.java index 4ffb95be692..d3b97e95072 100644 --- a/jans-client-api/server/src/test/java/io/jans/ca/server/tests/RpGetRptTest.java +++ b/jans-client-api/server/src/test/java/io/jans/ca/server/tests/RpGetRptTest.java @@ -84,7 +84,7 @@ public static RpGetRptResponse requestRpt(ClientInterface client, RegisterSiteRe params.setRpId(site.getRpId()); params.setTicket(checkAccess.getTicket()); - final RpGetRptResponse response = client.umaRpGetRpt(Tester.getAuthorization(client.getApitargetURL(), site), null, params); + final RpGetRptResponse response = client.umaRpGetRpt(Tester.getAuthorization(client.getApitargetURL(), site), params.getRpId(), params); assertNotNull(response); assertTrue(StringUtils.isNotBlank(response.getRpt())); diff --git a/jans-client-api/server/src/test/java/io/jans/ca/server/tests/RsCheckAccessTest.java b/jans-client-api/server/src/test/java/io/jans/ca/server/tests/RsCheckAccessTest.java index 9448af17b07..649d28a5476 100644 --- a/jans-client-api/server/src/test/java/io/jans/ca/server/tests/RsCheckAccessTest.java +++ b/jans-client-api/server/src/test/java/io/jans/ca/server/tests/RsCheckAccessTest.java @@ -72,7 +72,7 @@ public static RsCheckAccessResponse checkAccess(ClientInterface client, Register params.setRpt("dummy"); params.setScopes(scopeList); - final RsCheckAccessResponse response = client.umaRsCheckAccess(Tester.getAuthorization(client.getApitargetURL(), site), null, params); + final RsCheckAccessResponse response = client.umaRsCheckAccess(Tester.getAuthorization(client.getApitargetURL(), site), params.getRpId(), params); assertNotNull(response); assertTrue(StringUtils.isNotBlank(response.getAccess())); @@ -87,7 +87,7 @@ public static void checkAccessWithIncorrectScopes(ClientInterface client, Regist params.setRpt("dummy"); params.setScopes(scopeList); try { - RsCheckAccessResponse r = client.umaRsCheckAccess(Tester.getAuthorization(client.getApitargetURL(), site), null, params); + RsCheckAccessResponse r = client.umaRsCheckAccess(Tester.getAuthorization(client.getApitargetURL(), site), params.getRpId(), params); assertNotNull(r); assertNotNull(r.getError()); diff --git a/jans-client-api/server/src/test/java/io/jans/ca/server/tests/RsModifyTest.java b/jans-client-api/server/src/test/java/io/jans/ca/server/tests/RsModifyTest.java index d55ea5efbb3..a071594ed73 100644 --- a/jans-client-api/server/src/test/java/io/jans/ca/server/tests/RsModifyTest.java +++ b/jans-client-api/server/src/test/java/io/jans/ca/server/tests/RsModifyTest.java @@ -58,7 +58,7 @@ public static RsModifyResponse modifyResourcesWithScopes(ClientInterface client, params2.setScopes(Lists.newArrayList("http://photoz.example.com/dev/actions/see")); String strAuthorization = Tester.getAuthorization(client.getApitargetURL(), site); - RsModifyResponse response = client.umaRsModify(strAuthorization, null, params2); + RsModifyResponse response = client.umaRsModify(strAuthorization, params2.getRpId(), params2); assertNotNull(response.getRpId()); return response; } @@ -72,7 +72,7 @@ public static RsModifyResponse modifyResourcesWithScopeExpression(ClientInterfac params2.setScopeExpression(correctScopeExpression.replaceAll("'", "\"")); String strAuthorization = Tester.getAuthorization(client.getApitargetURL(), site); - RsModifyResponse response = client.umaRsModify(strAuthorization, null, params2); + RsModifyResponse response = client.umaRsModify(strAuthorization, params2.getRpId(), params2); assertNotNull(response.getRpId()); return response; } diff --git a/jans-client-api/server/src/test/java/io/jans/ca/server/tests/RsProtectTest.java b/jans-client-api/server/src/test/java/io/jans/ca/server/tests/RsProtectTest.java index 2e9b355d672..23c0b79e7ed 100644 --- a/jans-client-api/server/src/test/java/io/jans/ca/server/tests/RsProtectTest.java +++ b/jans-client-api/server/src/test/java/io/jans/ca/server/tests/RsProtectTest.java @@ -73,7 +73,7 @@ public void overwriteFalse(String host, String redirectUrls, String opHost, Stri final RsProtectParams2 params = new RsProtectParams2(); params.setRpId(site.getRpId()); params.setResources(Jackson2.createJsonMapper().readTree(Jackson2.asJsonSilently(resources))); - RsProtectResponse r = client.umaRsProtect(Tester.getAuthorization(getApiTagetURL(url), site), null, params); + RsProtectResponse r = client.umaRsProtect(Tester.getAuthorization(getApiTagetURL(url), site), params.getRpId(), params); assertNotNull(r); assertEquals(r.getError(), "uma_protection_exists"); } @@ -93,7 +93,7 @@ public void overwriteTrue(String host, String redirectUrls, String opHost, Strin params.setResources(Jackson2.createJsonMapper().readTree(Jackson2.asJsonSilently(resources))); params.setOverwrite(true); // force overwrite - RsProtectResponse response = client.umaRsProtect(Tester.getAuthorization(getApiTagetURL(url), site), null, params); + RsProtectResponse response = client.umaRsProtect(Tester.getAuthorization(getApiTagetURL(url), site), params.getRpId(), params); assertNotNull(response); } @@ -123,7 +123,7 @@ public void protectWithScopeExpressionSeconds(String host, String redirectUrls, params.setPath("/GetAll"); params.setRpt(""); - final RsCheckAccessResponse response = client.umaRsCheckAccess(Tester.getAuthorization(getApiTagetURL(url), site), null, params); + final RsCheckAccessResponse response = client.umaRsCheckAccess(Tester.getAuthorization(getApiTagetURL(url), site), params.getRpId(), params); assertNotNull(response); assertTrue(StringUtils.isNotBlank(response.getAccess())); @@ -138,7 +138,7 @@ public static RsProtectResponse protectResources(ClientInterface client, Registe e.printStackTrace(); } - final RsProtectResponse resp = client.umaRsProtect(Tester.getAuthorization(client.getApitargetURL(), site), null, params); + final RsProtectResponse resp = client.umaRsProtect(Tester.getAuthorization(client.getApitargetURL(), site), params.getRpId(), params); assertNotNull(resp); return resp; } diff --git a/jans-client-api/server/src/test/java/io/jans/ca/server/tests/UmaFullTest.java b/jans-client-api/server/src/test/java/io/jans/ca/server/tests/UmaFullTest.java index 84bbc0ec50e..536b9d03fdb 100644 --- a/jans-client-api/server/src/test/java/io/jans/ca/server/tests/UmaFullTest.java +++ b/jans-client-api/server/src/test/java/io/jans/ca/server/tests/UmaFullTest.java @@ -46,7 +46,7 @@ public void test(String host, String redirectUrls, String opHost, String rsProte params.setRpId(site.getRpId()); params.setTicket(checkAccess.getTicket()); - final RpGetRptResponse response = client.umaRpGetRpt(Tester.getAuthorization(client.getApitargetURL(), site), null, params); + final RpGetRptResponse response = client.umaRpGetRpt(Tester.getAuthorization(client.getApitargetURL(), site), params.getRpId(), params); assertNotNull(response); assertTrue(StringUtils.isNotBlank(response.getRpt())); @@ -72,7 +72,7 @@ public void testWithInvalidTicket(String host, String redirectUrls, String opHos params.setRpId(site.getRpId()); params.setTicket(UUID.randomUUID().toString()); - RpGetRptResponse r = client.umaRpGetRpt(Tester.getAuthorization(client.getApitargetURL(), site), null, params); + RpGetRptResponse r = client.umaRpGetRpt(Tester.getAuthorization(client.getApitargetURL(), site), params.getRpId(), params); assertNotNull(r); assertEquals(r.getError(), "invalid_ticket"); } diff --git a/jans-client-api/server/src/test/java/io/jans/ca/server/tests/UmaGetClaimsGatheringUrlTest.java b/jans-client-api/server/src/test/java/io/jans/ca/server/tests/UmaGetClaimsGatheringUrlTest.java index ced577bd93f..665cc71a462 100644 --- a/jans-client-api/server/src/test/java/io/jans/ca/server/tests/UmaGetClaimsGatheringUrlTest.java +++ b/jans-client-api/server/src/test/java/io/jans/ca/server/tests/UmaGetClaimsGatheringUrlTest.java @@ -42,7 +42,7 @@ public void test(String host, String opHost, String paramRedirectUrl, String rsP params.setTicket(checkAccess.getTicket()); params.setClaimsRedirectUri(paramRedirectUrl); - final RpGetClaimsGatheringUrlResponse response = client.umaRpGetClaimsGatheringUrl(Tester.getAuthorization(client.getApitargetURL(), site), null, params); + final RpGetClaimsGatheringUrlResponse response = client.umaRpGetClaimsGatheringUrl(Tester.getAuthorization(client.getApitargetURL(), site), params.getRpId(), params); Map parameters = CoreUtils.splitQuery(response.getUrl()); @@ -74,7 +74,7 @@ public void test_withCustomParameter(String host, String opHost, String paramRed customParameterMap.put("param2", "value2"); params.setCustomParameters(customParameterMap); - final RpGetClaimsGatheringUrlResponse response = client.umaRpGetClaimsGatheringUrl(Tester.getAuthorization(client.getApitargetURL(), site), null, params); + final RpGetClaimsGatheringUrlResponse response = client.umaRpGetClaimsGatheringUrl(Tester.getAuthorization(client.getApitargetURL(), site), params.getRpId(), params); Map parameters = CoreUtils.splitQuery(response.getUrl()); @@ -104,7 +104,7 @@ public void test_withState(String host, String opHost, String paramRedirectUrl, params.setClaimsRedirectUri(paramRedirectUrl); params.setState(state); - final RpGetClaimsGatheringUrlResponse response = client.umaRpGetClaimsGatheringUrl(Tester.getAuthorization(client.getApitargetURL(), site), null, params); + final RpGetClaimsGatheringUrlResponse response = client.umaRpGetClaimsGatheringUrl(Tester.getAuthorization(client.getApitargetURL(), site), params.getRpId(), params); Map parameters = CoreUtils.splitQuery(response.getUrl()); diff --git a/jans-client-api/server/src/test/java/io/jans/ca/server/tests/UmaSpontaneousScopeTest.java b/jans-client-api/server/src/test/java/io/jans/ca/server/tests/UmaSpontaneousScopeTest.java index c1821650655..3d864228dd8 100644 --- a/jans-client-api/server/src/test/java/io/jans/ca/server/tests/UmaSpontaneousScopeTest.java +++ b/jans-client-api/server/src/test/java/io/jans/ca/server/tests/UmaSpontaneousScopeTest.java @@ -41,7 +41,7 @@ public void init(String host, String opHost, String paramRedirectUrl, String use params.setRpId(registerResponse.getRpId()); params.setRpt(response.getRpt()); - final CorrectRptIntrospectionResponse rptIntrospectionResponse = client.introspectRpt(Tester.getAuthorization(client.getApitargetURL(), registerResponse), null, params); + final CorrectRptIntrospectionResponse rptIntrospectionResponse = client.introspectRpt(Tester.getAuthorization(client.getApitargetURL(), registerResponse), params.getRpId(), params); rptIntrospectionResponse.getPermissions().forEach( permission -> { assertTrue(permission.getScopes().contains(USER_2_SCOPE)); diff --git a/jans-client-api/server/src/test/java/io/jans/ca/server/tests/UpdateSiteTest.java b/jans-client-api/server/src/test/java/io/jans/ca/server/tests/UpdateSiteTest.java index f86524270b7..bb7395926fd 100644 --- a/jans-client-api/server/src/test/java/io/jans/ca/server/tests/UpdateSiteTest.java +++ b/jans-client-api/server/src/test/java/io/jans/ca/server/tests/UpdateSiteTest.java @@ -69,7 +69,7 @@ public void update(String host, String opHost, String redirectUrls) throws IOExc updateParams.setScope(Lists.newArrayList("profile")); updateParams.setAcrValues(Lists.newArrayList("acrAfter")); - UpdateSiteResponse updateResponse = getClientInterface(url).updateSite(Tester.getAuthorization(getApiTagetURL(url), registerResponse), null, updateParams); + UpdateSiteResponse updateResponse = getClientInterface(url).updateSite(Tester.getAuthorization(getApiTagetURL(url), registerResponse), updateParams.getRpId(), updateParams); assertNotNull(updateResponse); String strAuthorization2 = Tester.getAuthorization(getApiTagetURL(url), registerResponse, updateParams.getScope()); @@ -81,13 +81,13 @@ public void update(String host, String opHost, String redirectUrls) throws IOExc public static Rp fetchRp(String apiTargetUrl, RegisterSiteResponse site) throws IOException { String strAuthorization = Tester.getAuthorization(apiTargetUrl, site); - final String rpAsJson = Tester.newClient(apiTargetUrl).getRp(strAuthorization, null, new GetRpParams(site.getRpId())); + final String rpAsJson = Tester.newClient(apiTargetUrl).getRp(strAuthorization, site.getRpId(), new GetRpParams(site.getRpId())); GetRpResponse resp = Jackson2.createJsonMapper().readValue(rpAsJson, GetRpResponse.class); return Jackson2.createJsonMapper().readValue(resp.getNode().toString(), Rp.class); } public static Rp fetchRp(String apiTargetUrl, String strAuthorization, String rpId) throws IOException { - final String rpAsJson = Tester.newClient(apiTargetUrl).getRp(strAuthorization, null, new GetRpParams(rpId)); + final String rpAsJson = Tester.newClient(apiTargetUrl).getRp(strAuthorization, rpId, new GetRpParams(rpId)); GetRpResponse resp = Jackson2.createJsonMapper().readValue(rpAsJson, GetRpResponse.class); return Jackson2.createJsonMapper().readValue(resp.getNode().toString(), Rp.class); }