From 6baf3a4ac5f738da241f460612d7f68b0de3b42e Mon Sep 17 00:00:00 2001 From: jmunozherbas Date: Thu, 23 Jun 2022 00:14:04 -0400 Subject: [PATCH 01/10] feat(jans-client-api):Modify injection services in operations --- .../java/io/jans/ca/server/Processor.java | 12 +- .../ca/server/op/GetDiscoveryOperation.java | 44 +-- .../jans/ca/server/op/ITemplateOperation.java | 23 ++ .../ca/server/op/RegisterSiteOperation.java | 37 +-- .../jans/ca/server/op/TemplateOperation.java | 250 ++++++++++++++++++ .../ca/server/op/UpdateSiteOperation.java | 34 ++- .../io/jans/ca/server/rest/BaseResource.java | 4 + .../jans/ca/server/rest/OAuth20Resource.java | 20 +- 8 files changed, 364 insertions(+), 60 deletions(-) create mode 100644 jans-client-api/server/src/main/java/io/jans/ca/server/op/ITemplateOperation.java create mode 100644 jans-client-api/server/src/main/java/io/jans/ca/server/op/TemplateOperation.java diff --git a/jans-client-api/server/src/main/java/io/jans/ca/server/Processor.java b/jans-client-api/server/src/main/java/io/jans/ca/server/Processor.java index e478322448f..4e2b716a4a1 100644 --- a/jans-client-api/server/src/main/java/io/jans/ca/server/Processor.java +++ b/jans-client-api/server/src/main/java/io/jans/ca/server/Processor.java @@ -62,10 +62,10 @@ private IOperation create(Command command) { if (command != null && command.getCommandType() != null) { switch (command.getCommandType()) { - case REGISTER_SITE: - return new RegisterSiteOperation(command, serviceProvider); - case UPDATE_SITE: - return new UpdateSiteOperation(command, serviceProvider); +// case REGISTER_SITE: +// return new RegisterSiteOperation(command, serviceProvider); +// case UPDATE_SITE: +// return new UpdateSiteOperation(command, serviceProvider); case REMOVE_SITE: return new RemoveSiteOperation(command, serviceProvider); case GET_CLIENT_TOKEN: @@ -78,8 +78,8 @@ private IOperation create(Command command) { return new GetUserInfoOperation(command, serviceProvider); case GET_JWKS: return new GetJwksOperation(command, serviceProvider); - case GET_DISCOVERY: - return new GetDiscoveryOperation(command, serviceProvider); +// case GET_DISCOVERY: +// return new GetDiscoveryOperation(command, serviceProvider); case GET_AUTHORIZATION_URL: return new GetAuthorizationUrlOperation(command, serviceProvider); case GET_TOKENS_BY_CODE: diff --git a/jans-client-api/server/src/main/java/io/jans/ca/server/op/GetDiscoveryOperation.java b/jans-client-api/server/src/main/java/io/jans/ca/server/op/GetDiscoveryOperation.java index a9d8ba4847d..24f8dbad835 100644 --- a/jans-client-api/server/src/main/java/io/jans/ca/server/op/GetDiscoveryOperation.java +++ b/jans-client-api/server/src/main/java/io/jans/ca/server/op/GetDiscoveryOperation.java @@ -2,41 +2,38 @@ import io.jans.as.client.OpenIdConfigurationResponse; import io.jans.ca.common.Command; +import io.jans.ca.common.CommandType; import io.jans.ca.common.ErrorResponseCode; import io.jans.ca.common.params.GetDiscoveryParams; +import io.jans.ca.common.params.IParams; import io.jans.ca.common.response.GetDiscoveryResponse; import io.jans.ca.common.response.IOpResponse; import io.jans.ca.server.HttpException; import io.jans.ca.server.service.DiscoveryService; import io.jans.ca.server.service.ServiceProvider; +import jakarta.enterprise.context.RequestScoped; +import jakarta.inject.Inject; +import jakarta.inject.Named; +import jakarta.servlet.http.HttpServletRequest; +import jakarta.ws.rs.core.Context; +import jakarta.ws.rs.core.Response; import org.apache.commons.beanutils.BeanUtils; import org.slf4j.Logger; import org.slf4j.LoggerFactory; import java.lang.reflect.InvocationTargetException; -/** - * @author Yuriy Zabrovarnyy - * @version 0.9, 22/09/2015 - */ - -public class GetDiscoveryOperation extends BaseOperation { +@RequestScoped +@Named +public class GetDiscoveryOperation extends TemplateOperation { private static final Logger LOG = LoggerFactory.getLogger(GetDiscoveryOperation.class); - private DiscoveryService discoveryService; - - /** - * Base constructor - * - * @param command command - */ - public GetDiscoveryOperation(Command command, ServiceProvider serviceProvider) { - super(command, serviceProvider, GetDiscoveryParams.class); - this.discoveryService = serviceProvider.getDiscoveryService(); - } + @Inject + DiscoveryService discoveryService; - public IOpResponse execute(GetDiscoveryParams params) { + @Override + public IOpResponse execute(GetDiscoveryParams params, HttpServletRequest httpRequest) { OpenIdConfigurationResponse discoveryResponse = discoveryService.getConnectDiscoveryResponse(params.getOpConfigurationEndpoint(), params.getOpHost(), params.getOpDiscoveryPath()); GetDiscoveryResponse response = new GetDiscoveryResponse(); @@ -48,4 +45,15 @@ public IOpResponse execute(GetDiscoveryParams params) { } throw new HttpException(ErrorResponseCode.FAILED_TO_GET_DISCOVERY); } + + @Override + public Class getParameterClass() { + return GetDiscoveryParams.class; + } + + @Override + public CommandType getCommandType() { + return CommandType.GET_DISCOVERY; + } + } diff --git a/jans-client-api/server/src/main/java/io/jans/ca/server/op/ITemplateOperation.java b/jans-client-api/server/src/main/java/io/jans/ca/server/op/ITemplateOperation.java new file mode 100644 index 00000000000..5d70445a897 --- /dev/null +++ b/jans-client-api/server/src/main/java/io/jans/ca/server/op/ITemplateOperation.java @@ -0,0 +1,23 @@ +/* + * All rights reserved -- Copyright 2015 Gluu Inc. + */ +package io.jans.ca.server.op; + +import io.jans.ca.common.CommandType; +import io.jans.ca.common.params.IParams; +import io.jans.ca.common.response.IOpResponse; +import jakarta.servlet.http.HttpServletRequest; + +public interface ITemplateOperation { + + /** + * Executes operations and produces response. + * + * @return command response + */ + IOpResponse execute(T params, HttpServletRequest httpRequest) throws Exception; + + Class getParameterClass(); + + CommandType getCommandType(); +} diff --git a/jans-client-api/server/src/main/java/io/jans/ca/server/op/RegisterSiteOperation.java b/jans-client-api/server/src/main/java/io/jans/ca/server/op/RegisterSiteOperation.java index 1c6045f3fa5..375732d1219 100644 --- a/jans-client-api/server/src/main/java/io/jans/ca/server/op/RegisterSiteOperation.java +++ b/jans-client-api/server/src/main/java/io/jans/ca/server/op/RegisterSiteOperation.java @@ -16,6 +16,7 @@ import io.jans.as.model.register.ApplicationType; import io.jans.as.model.uma.UmaMetadata; import io.jans.ca.common.Command; +import io.jans.ca.common.CommandType; import io.jans.ca.common.ErrorResponseCode; import io.jans.ca.common.params.RegisterSiteParams; import io.jans.ca.common.response.IOpResponse; @@ -28,6 +29,8 @@ import io.jans.ca.server.service.RpService; import io.jans.ca.server.persistence.service.MainPersistenceService; import io.jans.ca.server.service.ServiceProvider; +import jakarta.inject.Inject; +import jakarta.servlet.http.HttpServletRequest; import org.apache.commons.collections.CollectionUtils; import org.apache.commons.lang.StringUtils; import org.apache.commons.lang.math.NumberUtils; @@ -43,27 +46,17 @@ * @author Yuriy Zabrovarnyy */ -public class RegisterSiteOperation extends BaseOperation { +public class RegisterSiteOperation extends TemplateOperation { private static final Logger LOG = LoggerFactory.getLogger(RegisterSiteOperation.class); private Rp rp; - private RpService rpService; - private DiscoveryService discoveryService; - private MainPersistenceService jansConfigurationService; - - /** - * Base constructor - * - * @param command command - */ - public RegisterSiteOperation(Command command, ServiceProvider serviceProvider) { - super(command, serviceProvider, RegisterSiteParams.class); - this.discoveryService = serviceProvider.getDiscoveryService(); - this.rpService = serviceProvider.getRpService(); - this.jansConfigurationService = rpService.getConfigurationService(); - } + @Inject + RpService rpService; + @Inject + DiscoveryService discoveryService; + public RegisterSiteResponse execute_(RegisterSiteParams params) { validateParametersAndFallbackIfNeeded(params); @@ -89,7 +82,7 @@ public RegisterSiteResponse execute_(RegisterSiteParams params) { } @Override - public IOpResponse execute(RegisterSiteParams params) { + public IOpResponse execute(RegisterSiteParams params, HttpServletRequest httpRequest) { try { return execute_(params); } catch (HttpException e) { @@ -100,6 +93,16 @@ public IOpResponse execute(RegisterSiteParams params) { throw HttpException.internalError(); } + @Override + public Class getParameterClass() { + return RegisterSiteParams.class; + } + + @Override + public CommandType getCommandType() { + return CommandType.REGISTER_SITE; + } + private void validateParametersAndFallbackIfNeeded(RegisterSiteParams params) { if (StringUtils.isNotBlank(params.getClientId()) && StringUtils.isBlank(params.getClientSecret())) { throw new HttpException(ErrorResponseCode.INVALID_CLIENT_SECRET_REQUIRED); diff --git a/jans-client-api/server/src/main/java/io/jans/ca/server/op/TemplateOperation.java b/jans-client-api/server/src/main/java/io/jans/ca/server/op/TemplateOperation.java new file mode 100644 index 00000000000..0d2af13e42d --- /dev/null +++ b/jans-client-api/server/src/main/java/io/jans/ca/server/op/TemplateOperation.java @@ -0,0 +1,250 @@ +/* + All rights reserved -- Copyright 2015 Gluu Inc. + */ +package io.jans.ca.server.op; + +import io.jans.as.model.util.Util; +import io.jans.ca.common.Command; +import io.jans.ca.common.CommandType; +import io.jans.ca.common.ErrorResponseCode; +import io.jans.ca.common.Jackson2; +import io.jans.ca.common.params.HasRpIdParams; +import io.jans.ca.common.params.IParams; +import io.jans.ca.common.response.IOpResponse; +import io.jans.ca.common.response.POJOResponse; +import io.jans.ca.server.HttpException; +import io.jans.ca.server.configuration.ApiAppConfiguration; +import io.jans.ca.server.configuration.model.Rp; +import io.jans.ca.server.persistence.service.MainPersistenceService; +import io.jans.ca.server.service.RpSyncService; +import io.jans.ca.server.service.ValidationService; +import io.jans.ca.server.utils.Convertor; +import jakarta.inject.Inject; +import jakarta.servlet.http.HttpServletRequest; +import jakarta.ws.rs.ClientErrorException; +import jakarta.ws.rs.WebApplicationException; +import jakarta.ws.rs.core.Context; +import jakarta.ws.rs.core.MediaType; +import jakarta.ws.rs.core.Response; +import org.slf4j.Logger; +import org.slf4j.LoggerFactory; + +import java.io.IOException; +import java.util.List; + +public abstract class TemplateOperation implements ITemplateOperation { + + private static final Logger LOG = LoggerFactory.getLogger(TemplateOperation.class); + private static final String LOCALHOST_IP_ADDRESS = "127.0.0.1"; + + @Inject + ValidationService validationService; + @Inject + RpSyncService rpSyncService; + @Inject + MainPersistenceService jansConfigurationService; + + public Response process(String paramsAsString, HttpServletRequest httpRequest) { + String endPointUrl = httpRequest.getRequestURL().toString(); + LOG.info("Endpoint: {}", endPointUrl); + LOG.info("Request parameters: {}", paramsAsString); + LOG.info("CommandType: {}", getCommandType()); + + validateIpAddressAllowed(httpRequest.getRemoteAddr()); + Object forJsonConversion = getObjectForJsonConversion(paramsAsString, getParameterClass(), httpRequest); + String response = null; + + if (getCommandType().getReturnType().equalsIgnoreCase(MediaType.APPLICATION_JSON)) { + response = Jackson2.asJsonSilently(forJsonConversion); + } else if (getCommandType().getReturnType().equalsIgnoreCase(MediaType.TEXT_PLAIN)) { + response = forJsonConversion.toString(); + } + + LOG.trace("Send back response: {}", response); + return Response.ok(response).build(); + } + + public Response process(String paramsAsString, String authorization, String authorizationRpId, HttpServletRequest httpRequest) { + String endPointUrl = httpRequest.getRequestURL().toString(); + LOG.info("Endpoint: {}", endPointUrl); + LOG.info("Request parameters: {}", paramsAsString); + LOG.info("CommandType: {}", getCommandType()); + + validateIpAddressAllowed(httpRequest.getRemoteAddr()); + Object forJsonConversion = getObjectForJsonConversion(paramsAsString, getParameterClass(), authorization, authorizationRpId, httpRequest); + String response = null; + + if (getCommandType().getReturnType().equalsIgnoreCase(MediaType.APPLICATION_JSON)) { + response = Jackson2.asJsonSilently(forJsonConversion); + } else if (getCommandType().getReturnType().equalsIgnoreCase(MediaType.TEXT_PLAIN)) { + response = forJsonConversion.toString(); + } + + LOG.trace("Send back response: {}", response); + return Response.ok(response).build(); + } + + private void validateIpAddressAllowed(String callerIpAddress) { + LOG.trace("Checking if caller ipAddress : {} is allowed to make request to jans_client_api.", callerIpAddress); + final ApiAppConfiguration conf = jansConfigurationService.find(); + List bindIpAddresses = conf.getBindIpAddresses(); + + //localhost as default bindAddress + if ((bindIpAddresses == null || bindIpAddresses.isEmpty()) && LOCALHOST_IP_ADDRESS.equalsIgnoreCase(callerIpAddress)) { + return; + } + //show error if ip_address of a remote caller is not set in `bind_ip_addresses` + if (bindIpAddresses == null || bindIpAddresses.isEmpty()) { + LOG.error("The caller is not allowed to make request to jans_client_api. To allow add ip_address of caller in `bind_ip_addresses` array of configuration."); + throw new HttpException(ErrorResponseCode.RP_ACCESS_DENIED); + } + //allow all ip_address + if (bindIpAddresses.contains("*")) { + return; + } + + if (bindIpAddresses.contains(callerIpAddress)) { + return; + } + LOG.error("The caller is not allowed to make request to jans_client_api. To allow add ip_address of caller in `bind_ip_addresses` array of configuration."); + throw new HttpException(ErrorResponseCode.RP_ACCESS_DENIED); + } + + private Object getObjectForJsonConversion(String paramsAsString, Class paramsClass, HttpServletRequest httpRequest) { + LOG.trace("Command: {}", paramsAsString); + T params = read(safeToJson(paramsAsString), paramsClass); + Command command = new Command(getCommandType(), params); + final IOpResponse response = internProcess(command, httpRequest); + Object forJsonConversion = response; + if (response instanceof POJOResponse) { + forJsonConversion = ((POJOResponse) response).getNode(); + } + return forJsonConversion; + } + + private Object getObjectForJsonConversion(String paramsAsString, Class paramsClass, String authorization, String authorizationRpId, HttpServletRequest httpRequest) { + LOG.trace("Command: {}", paramsAsString); + T params = read(safeToJson(paramsAsString), paramsClass); + + final ApiAppConfiguration conf = jansConfigurationService.find(); + + if (getCommandType().isAuthorizationRequired()) { + validateAuthorizationRpId(conf, authorizationRpId); + validateAccessToken(authorization, safeToRpId((HasRpIdParams) params, authorizationRpId)); + } + + Command command = new Command(getCommandType(), params); + final IOpResponse response = internProcess(command, httpRequest); + Object forJsonConversion = response; + if (response instanceof POJOResponse) { + forJsonConversion = ((POJOResponse) response).getNode(); + } + return forJsonConversion; + } + + + private IOpResponse internProcess(Command command, HttpServletRequest httpRequest) { + try { + IParams iParams = Convertor.asParams(getParameterClass(), command); + validationService.validate(iParams); + + IOpResponse operationResponse = execute((T) iParams, httpRequest); + if (operationResponse != null) { + return operationResponse; + } else { + LOG.error("No response from operation. Command: {}", getCommandType().getValue()); + } + } catch (ClientErrorException e) { + throw new WebApplicationException(e.getResponse().readEntity(String.class), e.getResponse().getStatus()); + } catch (WebApplicationException e) { + LOG.error(e.getLocalizedMessage(), e); + throw e; + } catch (Throwable e) { + LOG.error(e.getMessage(), e); + } + throw HttpException.internalError(); + } + + public T read(String params, Class clazz) { + try { + return Jackson2.createJsonMapper().readValue(params, clazz); + } catch (IOException e) { + throw new WebApplicationException(Response.status(Response.Status.BAD_REQUEST).entity("Invalid parameters. Message: " + e.getMessage()).build()); + } + } + + private String safeToJson(String jsonString) { + return Util.isNullOrEmpty(jsonString) ? "{}" : jsonString; + } + + public Rp getRp(T params) { + if (params instanceof HasRpIdParams) { + validationService.validate((HasRpIdParams) params); + HasRpIdParams hasRpId = (HasRpIdParams) params; + return rpSyncService.getRp(hasRpId.getRpId()); + } + throw new HttpException(ErrorResponseCode.BAD_REQUEST_NO_RP_ID); + } + + private String safeToRpId(HasRpIdParams params, String authorizationRpId) { + return Util.isNullOrEmpty(authorizationRpId) ? params.getRpId() : authorizationRpId; + } + + private void validateAuthorizationRpId(ApiAppConfiguration conf, String authorizationRpId) { + + if (Util.isNullOrEmpty(authorizationRpId)) { + return; + } + + final Rp rp = rpSyncService.getRp(authorizationRpId); + + if (rp == null || Util.isNullOrEmpty(rp.getRpId())) { + LOG.debug("`rp_id` in `AuthorizationRpId` header is not registered in jans_client_api."); + throw new HttpException(ErrorResponseCode.AUTHORIZATION_RP_ID_NOT_FOUND); + } + + if (conf.getProtectCommandsWithRpId() == null || conf.getProtectCommandsWithRpId().isEmpty()) { + return; + } + + if (!conf.getProtectCommandsWithRpId().contains(authorizationRpId)) { + LOG.debug("`rp_id` in `AuthorizationRpId` header is invalid. The `AuthorizationRpId` header should contain `rp_id` from `protect_commands_with_rp_id` field in client-api-server.yml."); + throw new HttpException(ErrorResponseCode.INVALID_AUTHORIZATION_RP_ID); + } + } + + private void validateAccessToken(String authorization, String authorizationRpId) { + final String prefix = "Bearer "; + final ApiAppConfiguration conf = jansConfigurationService.find(); + + if (conf.getProtectCommandsWithAccessToken() != null && !conf.getProtectCommandsWithAccessToken()) { + LOG.debug("Skip protection because protect_commands_with_access_token: false in configuration file."); + return; + } + + if (Util.isNullOrEmpty(authorization)) { + LOG.debug("No access token provided in Authorization header. Forbidden."); + throw new HttpException(ErrorResponseCode.BLANK_ACCESS_TOKEN); + } + + String accessToken = authorization.substring(prefix.length()); + if (Util.isNullOrEmpty(accessToken)) { + LOG.debug("No access token provided in Authorization header. Forbidden."); + throw new HttpException(ErrorResponseCode.BLANK_ACCESS_TOKEN); + } + + validationService.validateAccessToken(accessToken, authorizationRpId); + } + + public MainPersistenceService getJansConfigurationService() { + return jansConfigurationService; + } + + public ValidationService getValidationService() { + return validationService; + } + + public RpSyncService getRpSyncService() { + return rpSyncService; + } +} diff --git a/jans-client-api/server/src/main/java/io/jans/ca/server/op/UpdateSiteOperation.java b/jans-client-api/server/src/main/java/io/jans/ca/server/op/UpdateSiteOperation.java index cb77e071b3a..a143c719159 100644 --- a/jans-client-api/server/src/main/java/io/jans/ca/server/op/UpdateSiteOperation.java +++ b/jans-client-api/server/src/main/java/io/jans/ca/server/op/UpdateSiteOperation.java @@ -12,6 +12,7 @@ import io.jans.as.model.crypto.encryption.KeyEncryptionAlgorithm; import io.jans.as.model.crypto.signature.SignatureAlgorithm; import io.jans.ca.common.Command; +import io.jans.ca.common.CommandType; import io.jans.ca.common.ErrorResponseCode; import io.jans.ca.common.params.UpdateSiteParams; import io.jans.ca.common.response.IOpResponse; @@ -20,7 +21,10 @@ import io.jans.ca.server.Utils; import io.jans.ca.server.configuration.model.Rp; import io.jans.ca.server.mapper.RegisterRequestMapper; +import io.jans.ca.server.service.RpService; import io.jans.ca.server.service.ServiceProvider; +import jakarta.inject.Inject; +import jakarta.servlet.http.HttpServletRequest; import jakarta.ws.rs.HttpMethod; import org.apache.commons.collections.CollectionUtils; import org.apache.commons.lang.StringUtils; @@ -37,24 +41,18 @@ * @version 0.9, 11/03/2016 */ -public class UpdateSiteOperation extends BaseOperation { +public class UpdateSiteOperation extends TemplateOperation { private static final Logger LOG = LoggerFactory.getLogger(UpdateSiteOperation.class); private Rp rp; - /** - * Base constructor - * - * @param command command - */ - public UpdateSiteOperation(Command command, ServiceProvider serviceProvider) { - super(command, serviceProvider, UpdateSiteParams.class); - } + @Inject + RpService rpService; @Override - public IOpResponse execute(UpdateSiteParams params) { - rp = getRp(); + public IOpResponse execute(UpdateSiteParams params, HttpServletRequest httpServletRequest) { + rp = getRp(params); LOG.info("Updating rp ... rp: " + rp); persistRp(rp, params); @@ -64,13 +62,23 @@ public IOpResponse execute(UpdateSiteParams params) { return response; } + @Override + public Class getParameterClass() { + return UpdateSiteParams.class; + } + + @Override + public CommandType getCommandType() { + return CommandType.UPDATE_SITE; + } + private void persistRp(Rp rp, UpdateSiteParams params) { try { RegisterRequest registerRequest = createRegisterClientRequest(rp, params); updateRegisteredClient(rp, registerRequest); RegisterRequestMapper.fillRp(rp, registerRequest); - getRpService().update(rp); + rpService.update(rp); LOG.info("RP updated: " + rp); } catch (Exception e) { @@ -84,7 +92,7 @@ private void updateRegisteredClient(Rp rp, RegisterRequest registerRequest) { throw new HttpException(ErrorResponseCode.INVALID_REGISTRATION_CLIENT_URL); } - final RegisterClient registerClient = getRpService().createRegisterClient(rp.getClientRegistrationClientUri(), registerRequest); + final RegisterClient registerClient = rpService.createRegisterClient(rp.getClientRegistrationClientUri(), registerRequest); final RegisterResponse response = registerClient.exec(); if (response != null) { if (response.getStatus() == 200) { diff --git a/jans-client-api/server/src/main/java/io/jans/ca/server/rest/BaseResource.java b/jans-client-api/server/src/main/java/io/jans/ca/server/rest/BaseResource.java index de487252368..9e00c8d17ef 100644 --- a/jans-client-api/server/src/main/java/io/jans/ca/server/rest/BaseResource.java +++ b/jans-client-api/server/src/main/java/io/jans/ca/server/rest/BaseResource.java @@ -172,4 +172,8 @@ private String safeToRpId(HasRpIdParams params, String authorizationRpId) { private String safeToJson(String jsonString) { return Util.isNullOrEmpty(jsonString) ? "{}" : jsonString; } + + public HttpServletRequest getHttpRequest() { + return httpRequest; + } } diff --git a/jans-client-api/server/src/main/java/io/jans/ca/server/rest/OAuth20Resource.java b/jans-client-api/server/src/main/java/io/jans/ca/server/rest/OAuth20Resource.java index c609fe44686..94793daaa38 100644 --- a/jans-client-api/server/src/main/java/io/jans/ca/server/rest/OAuth20Resource.java +++ b/jans-client-api/server/src/main/java/io/jans/ca/server/rest/OAuth20Resource.java @@ -2,6 +2,10 @@ import io.jans.ca.common.CommandType; import io.jans.ca.common.params.*; +import io.jans.ca.server.op.GetDiscoveryOperation; +import io.jans.ca.server.op.RegisterSiteOperation; +import io.jans.ca.server.op.UpdateSiteOperation; +import jakarta.inject.Inject; import jakarta.ws.rs.*; import jakarta.ws.rs.core.MediaType; import jakarta.ws.rs.core.Response; @@ -9,13 +13,19 @@ @Path("/") public class OAuth20Resource extends BaseResource { + @Inject + GetDiscoveryOperation getDiscoveryOp; + @Inject + RegisterSiteOperation registerSiteOp; + @Inject + UpdateSiteOperation updateSiteOp; + @POST @Path("/register-site") @Produces(MediaType.APPLICATION_JSON) public Response registerSite(String params) { logger.info("Api Resource: /register-site Params: {}", params); - String result = process(CommandType.REGISTER_SITE, params, RegisterSiteParams.class, null, null); - return Response.ok(result).build(); + return registerSiteOp.process(params, getHttpRequest()); } @POST @@ -23,8 +33,7 @@ public Response registerSite(String params) { @Produces(MediaType.APPLICATION_JSON) public Response updateSite(@HeaderParam("Authorization") String authorization, @HeaderParam("AuthorizationRpId") String authorizationRpId, String params) { logger.info("Api Resource: /update-site Params: {}", params); - String result = process(CommandType.UPDATE_SITE, params, UpdateSiteParams.class, authorization, authorizationRpId); - return Response.ok(result).build(); + return updateSiteOp.process(params, authorization, authorizationRpId, getHttpRequest()); } @POST @@ -91,8 +100,7 @@ public Response getJwks(@HeaderParam("Authorization") String authorization, @Hea @Produces(MediaType.APPLICATION_JSON) public Response getDiscovery(String params) { logger.info("Api Resource: /get-discovery Params: {}", params); - String result = process(CommandType.GET_DISCOVERY, params, GetDiscoveryParams.class, null, null); - return Response.ok(result).build(); + return getDiscoveryOp.process(params, getHttpRequest()); } @POST From f54da6910849f727949505833887175978a22685 Mon Sep 17 00:00:00 2001 From: jmunozherbas Date: Tue, 28 Jun 2022 23:47:34 -0400 Subject: [PATCH 02/10] feat(jans-client-api):Change operations to request scope, and rmove Processor --- .../java/io/jans/ca/server/Processor.java | 131 -------------- .../ca/server/filter/AuthorizationFilter.java | 105 ++++++++++++ .../op/AuthorizationCodeFlowOperation.java | 28 +-- .../io/jans/ca/server/op/BaseOperation.java | 6 - .../server/op/CheckAccessTokenOperation.java | 25 ++- .../ca/server/op/CheckIdTokenOperation.java | 36 +++- ...GetAccessTokenByRefreshTokenOperation.java | 33 ++-- .../op/GetAuthorizationCodeOperation.java | 41 +++-- .../op/GetAuthorizationUrlOperation.java | 44 ++--- .../ca/server/op/GetClientTokenOperation.java | 50 +++--- .../jans/ca/server/op/GetIssuerOperation.java | 25 ++- .../jans/ca/server/op/GetJwksOperation.java | 38 +++-- .../ca/server/op/GetLogoutUrlOperation.java | 44 ++--- .../server/op/GetRequestObjectOperation.java | 26 ++- .../op/GetRequestObjectUriOperation.java | 36 ++-- .../jans/ca/server/op/GetRpJwksOperation.java | 29 +++- .../io/jans/ca/server/op/GetRpOperation.java | 36 ++-- .../server/op/GetTokensByCodeOperation.java | 64 +++---- .../ca/server/op/GetUserInfoOperation.java | 39 +++-- .../ca/server/op/ImplicitFlowOperation.java | 28 ++- .../op/IntrospectAccessTokenOperation.java | 33 ++-- .../ca/server/op/IntrospectRptOperation.java | 34 ++-- .../ca/server/op/RemoveSiteOperation.java | 37 ++-- .../RpGetGetClaimsGatheringUrlOperation.java | 42 +++-- .../jans/ca/server/op/RpGetRptOperation.java | 34 ++-- .../ca/server/op/RsCheckAccessOperation.java | 43 +++-- .../jans/ca/server/op/RsModifyOperation.java | 45 +++-- .../jans/ca/server/op/RsProtectOperation.java | 59 ++++--- .../jans/ca/server/op/TemplateOperation.java | 18 +- .../ca/server/op/UpdateSiteOperation.java | 9 +- .../jans/ca/server/op/ValidateOperation.java | 55 ++++-- .../io/jans/ca/server/rest/BaseResource.java | 160 ------------------ .../jans/ca/server/rest/OAuth20Resource.java | 53 +++--- .../ca/server/rest/OpenIdConnectResource.java | 26 ++- .../io/jans/ca/server/rest/RpResource.java | 35 ++-- .../server/rest/UMA2RelyingPartyResource.java | 17 +- .../rest/UMA2ResourceServerResource.java | 28 +-- 37 files changed, 836 insertions(+), 756 deletions(-) delete mode 100644 jans-client-api/server/src/main/java/io/jans/ca/server/Processor.java create mode 100644 jans-client-api/server/src/main/java/io/jans/ca/server/filter/AuthorizationFilter.java diff --git a/jans-client-api/server/src/main/java/io/jans/ca/server/Processor.java b/jans-client-api/server/src/main/java/io/jans/ca/server/Processor.java deleted file mode 100644 index 4e2b716a4a1..00000000000 --- a/jans-client-api/server/src/main/java/io/jans/ca/server/Processor.java +++ /dev/null @@ -1,131 +0,0 @@ -/* - * All rights reserved -- Copyright 2015 Gluu Inc. - */ -package io.jans.ca.server; - -import io.jans.ca.common.Command; -import io.jans.ca.common.ErrorResponseCode; -import io.jans.ca.common.params.IParams; -import io.jans.ca.common.response.IOpResponse; -import io.jans.ca.server.op.*; -import io.jans.ca.server.service.ServiceProvider; -import io.jans.ca.server.utils.Convertor; -import jakarta.enterprise.context.ApplicationScoped; -import jakarta.inject.Inject; -import jakarta.ws.rs.ClientErrorException; -import jakarta.ws.rs.WebApplicationException; -import org.slf4j.Logger; - -/** - * client-api operation processor. - * - * @author Yuriy Zabrovarnyy - */ -@ApplicationScoped -public class Processor { - @Inject - Logger logger; - @Inject - ServiceProvider serviceProvider; - - public IOpResponse process(Command command) { - if (command != null) { - try { - final IOperation operation = (IOperation) create(command); - if (operation != null) { - IParams iParams = Convertor.asParams(operation.getParameterClass(), command); - serviceProvider.getValidationService().validate(iParams); - - IOpResponse operationResponse = operation.execute(iParams); - if (operationResponse != null) { - return operationResponse; - } else { - logger.error("No response from operation. Command: {}", command); - } - } else { - logger.error("Operation is not supported! null"); - throw new HttpException(ErrorResponseCode.UNSUPPORTED_OPERATION); - } - } catch (ClientErrorException e) { - throw new WebApplicationException(e.getResponse().readEntity(String.class), e.getResponse().getStatus()); - } catch (WebApplicationException e) { - logger.error(e.getLocalizedMessage(), e); - throw e; - } catch (Throwable e) { - logger.error(e.getMessage(), e); - } - } - throw HttpException.internalError(); - } - - private IOperation create(Command command) { - - if (command != null && command.getCommandType() != null) { - switch (command.getCommandType()) { -// case REGISTER_SITE: -// return new RegisterSiteOperation(command, serviceProvider); -// case UPDATE_SITE: -// return new UpdateSiteOperation(command, serviceProvider); - case REMOVE_SITE: - return new RemoveSiteOperation(command, serviceProvider); - case GET_CLIENT_TOKEN: - return new GetClientTokenOperation(command, serviceProvider); - case GET_ACCESS_TOKEN_BY_REFRESH_TOKEN: - return new GetAccessTokenByRefreshTokenOperation(command, serviceProvider); - case INTROSPECT_ACCESS_TOKEN: - return new IntrospectAccessTokenOperation(command, serviceProvider); - case GET_USER_INFO: - return new GetUserInfoOperation(command, serviceProvider); - case GET_JWKS: - return new GetJwksOperation(command, serviceProvider); -// case GET_DISCOVERY: -// return new GetDiscoveryOperation(command, serviceProvider); - case GET_AUTHORIZATION_URL: - return new GetAuthorizationUrlOperation(command, serviceProvider); - case GET_TOKENS_BY_CODE: - return new GetTokensByCodeOperation(command, serviceProvider); - case GET_LOGOUT_URI: - return new GetLogoutUrlOperation(command, serviceProvider); - case RS_PROTECT: - return new RsProtectOperation(command, serviceProvider); - case RS_CHECK_ACCESS: - return new RsCheckAccessOperation(command, serviceProvider); - case INTROSPECT_RPT: - return new IntrospectRptOperation(command, serviceProvider); - case RP_GET_RPT: - return new RpGetRptOperation(command, serviceProvider); - case RP_GET_CLAIMS_GATHERING_URL: - return new RpGetGetClaimsGatheringUrlOperation(command, serviceProvider); - case GET_RP: - return new GetRpOperation(command, serviceProvider); - case GET_RP_JWKS: - return new GetRpJwksOperation(command, serviceProvider); - case GET_AUTHORIZATION_CODE: - return new GetAuthorizationCodeOperation(command, serviceProvider); - case AUTHORIZATION_CODE_FLOW: - return new AuthorizationCodeFlowOperation(command, serviceProvider); - case GET_REQUEST_OBJECT_JWT: - return new GetRequestObjectOperation(command, serviceProvider); - case RS_MODIFY: - return new RsModifyOperation(command, serviceProvider); - case VALIDATE: - return new ValidateOperation(command, serviceProvider); - case IMPLICIT_FLOW: - return new ImplicitFlowOperation(command, serviceProvider); - case CHECK_ACCESS_TOKEN: - return new CheckAccessTokenOperation(command, serviceProvider); - case CHECK_ID_TOKEN: - return new CheckIdTokenOperation(command, serviceProvider); - case ISSUER_DISCOVERY: - return new GetIssuerOperation(command, serviceProvider); - case GET_REQUEST_URI: - return new GetRequestObjectUriOperation(command, serviceProvider); - } - logger.error("Command is not supported. Command: {}", command); - } else { - logger.error("Command is invalid. Command: {}", command); - } - return null; - } - -} diff --git a/jans-client-api/server/src/main/java/io/jans/ca/server/filter/AuthorizationFilter.java b/jans-client-api/server/src/main/java/io/jans/ca/server/filter/AuthorizationFilter.java new file mode 100644 index 00000000000..c1d074d5964 --- /dev/null +++ b/jans-client-api/server/src/main/java/io/jans/ca/server/filter/AuthorizationFilter.java @@ -0,0 +1,105 @@ +/* + * Janssen Project software is available under the MIT License (2008). See http://opensource.org/licenses/MIT for full text. + * + * Copyright (c) 2020, Janssen Project + */ + +package io.jans.ca.server.filter; + +import io.jans.configapi.core.rest.ProtectedApi; +//import io.jans.configapi.security.service.AuthorizationService; +import io.jans.configapi.util.ApiConstants; +import jakarta.annotation.Priority; +import jakarta.inject.Inject; +import jakarta.servlet.http.HttpServletRequest; +import jakarta.ws.rs.Priorities; +import jakarta.ws.rs.container.ContainerRequestContext; +import jakarta.ws.rs.container.ContainerRequestFilter; +import jakarta.ws.rs.container.ResourceInfo; +import jakarta.ws.rs.core.Context; +import jakarta.ws.rs.core.HttpHeaders; +import jakarta.ws.rs.core.Response; +import jakarta.ws.rs.core.UriInfo; +import jakarta.ws.rs.ext.Provider; +import org.slf4j.Logger; + +@Provider +@ProtectedApi +@Priority(Priorities.AUTHENTICATION) +public class AuthorizationFilter implements ContainerRequestFilter { + + private static final String AUTHENTICATION_SCHEME = "Bearer"; + + @Inject + Logger log; + + @Context + UriInfo info; + + @Context + HttpServletRequest request; + + @Context + private HttpHeaders httpHeaders; + + @Context + private ResourceInfo resourceInfo; + +// @Inject +// AuthorizationService authorizationService; + + @SuppressWarnings({ "all" }) + public void filter(ContainerRequestContext context) { + log.info("======================================================================="); + log.info("====== context = " + context + " , info.getAbsolutePath() = " + info.getAbsolutePath() + + " , info.getRequestUri() = " + info.getRequestUri() + "\n\n"); + log.info("====== info.getBaseUri()=" + info.getBaseUri() + " info.getPath()=" + info.getPath() + + " info.toString()=" + info.toString()); + log.info("====== request.getContextPath()=" + request.getContextPath() + " request.getRequestURI()=" + + request.getRequestURI() + " request.toString() " + request.toString()); + log.info("======" + context.getMethod() + " " + info.getPath() + " FROM IP " + request.getRemoteAddr()); + log.info("======PERFORMING AUTHORIZATION========================================="); + String authorizationHeader = context.getHeaderString(HttpHeaders.AUTHORIZATION); + String issuer = context.getHeaderString(ApiConstants.ISSUER); +// boolean configOauthEnabled = authorizationService.isConfigOauthEnabled(); +// log.info("\n\n\n AuthorizationFilter::filter() - authorizationHeader = " + authorizationHeader + " , issuer = " +// + issuer + " , configOauthEnabled = " + configOauthEnabled + "\n\n\n"); +// +// if (!configOauthEnabled) { +// log.info("====== Authorization Granted...====== "); +// return; +// } +// +// log.info("\n\n\n AuthorizationFilter::filter() - Config Api OAuth Valdation Enabled"); +// if (!isTokenBasedAuthentication(authorizationHeader)) { +// abortWithUnauthorized(context, "ONLY TOKEN BASED AUTHORIZATION IS SUPPORTED!"); +// log.info("======ONLY TOKEN BASED AUTHORIZATION IS SUPPORTED======================"); +// return; +// } +// try { +// authorizationHeader = this.authorizationService.processAuthorization(authorizationHeader, issuer, +// resourceInfo, context.getMethod(), request.getRequestURI()); +// +// if (authorizationHeader != null && authorizationHeader.trim().length() > 0) { +// context.getHeaders().remove(HttpHeaders.AUTHORIZATION); +// context.getHeaders().add(HttpHeaders.AUTHORIZATION, authorizationHeader); +// } +// log.info("======AUTHORIZATION GRANTED==========================================="); +// } catch (Exception ex) { +// log.error("======AUTHORIZATION FAILED ===========================================", ex); +// abortWithUnauthorized(context, ex.getMessage()); +// } + + } + + private boolean isTokenBasedAuthentication(String authorizationHeader) { + return authorizationHeader != null + && authorizationHeader.toLowerCase().startsWith(AUTHENTICATION_SCHEME.toLowerCase() + " "); + } + + private void abortWithUnauthorized(ContainerRequestContext requestContext, String errMsg) { + requestContext.abortWith(Response.status(Response.Status.UNAUTHORIZED).entity(errMsg) + .header(HttpHeaders.WWW_AUTHENTICATE, AUTHENTICATION_SCHEME).build()); + } + +} diff --git a/jans-client-api/server/src/main/java/io/jans/ca/server/op/AuthorizationCodeFlowOperation.java b/jans-client-api/server/src/main/java/io/jans/ca/server/op/AuthorizationCodeFlowOperation.java index 9ff89aa72b7..d8c0ee970aa 100644 --- a/jans-client-api/server/src/main/java/io/jans/ca/server/op/AuthorizationCodeFlowOperation.java +++ b/jans-client-api/server/src/main/java/io/jans/ca/server/op/AuthorizationCodeFlowOperation.java @@ -11,12 +11,15 @@ import io.jans.as.model.common.ResponseType; import io.jans.as.model.util.Util; import io.jans.ca.common.Command; +import io.jans.ca.common.CommandType; import io.jans.ca.common.params.AuthorizationCodeFlowParams; import io.jans.ca.common.response.AuthorizationCodeFlowResponse; import io.jans.ca.common.response.IOpResponse; import io.jans.ca.server.service.DiscoveryService; import io.jans.ca.server.service.HttpService; import io.jans.ca.server.service.ServiceProvider; +import jakarta.inject.Inject; +import jakarta.servlet.http.HttpServletRequest; import org.apache.commons.lang.StringUtils; import org.slf4j.Logger; import org.slf4j.LoggerFactory; @@ -31,21 +34,14 @@ * @version 0.9, 19/06/2015 */ -public class AuthorizationCodeFlowOperation extends BaseOperation { +public class AuthorizationCodeFlowOperation extends TemplateOperation { private static final Logger LOG = LoggerFactory.getLogger(AuthorizationCodeFlowOperation.class); - - private DiscoveryService discoveryService; - private HttpService httpService; - - public AuthorizationCodeFlowOperation(Command command, ServiceProvider serviceProvider) { - super(command, serviceProvider, AuthorizationCodeFlowParams.class); - this.discoveryService = serviceProvider.getDiscoveryService(); - this.httpService = serviceProvider.getHttpService(); - } + @Inject + DiscoveryService discoveryService; @Override - public IOpResponse execute(AuthorizationCodeFlowParams params) { + public IOpResponse execute(AuthorizationCodeFlowParams params, HttpServletRequest httpServletRequest) { final OpenIdConfigurationResponse discovery = discoveryService.getConnectDiscoveryResponseByRpId(params.getRpId()); if (discovery != null) { return requestToken(discovery, params); @@ -54,6 +50,16 @@ public IOpResponse execute(AuthorizationCodeFlowParams params) { return null; } + @Override + public Class getParameterClass() { + return AuthorizationCodeFlowParams.class; + } + + @Override + public CommandType getCommandType() { + return CommandType.AUTHORIZATION_CODE_FLOW; + } + private AuthorizationCodeFlowResponse requestToken(OpenIdConfigurationResponse discovery, AuthorizationCodeFlowParams params) { // 1. Request authorization and receive the authorization code. final List responseTypes = new ArrayList(); diff --git a/jans-client-api/server/src/main/java/io/jans/ca/server/op/BaseOperation.java b/jans-client-api/server/src/main/java/io/jans/ca/server/op/BaseOperation.java index 1d117378cf8..49ad78d4f2f 100644 --- a/jans-client-api/server/src/main/java/io/jans/ca/server/op/BaseOperation.java +++ b/jans-client-api/server/src/main/java/io/jans/ca/server/op/BaseOperation.java @@ -46,12 +46,6 @@ public T getParams() { return params; } - - public AuthCryptoProvider getCryptoProvider() throws Exception { - ApiAppConfiguration conf = serviceProvider.getJansConfigurationService().find(); - return new AuthCryptoProvider(conf.getCryptProviderKeyStorePath(), conf.getCryptProviderKeyStorePassword(), conf.getCryptProviderDnName()); - } - public Rp getRp() { if (params instanceof HasRpIdParams) { serviceProvider.getValidationService().validate((HasRpIdParams) params); diff --git a/jans-client-api/server/src/main/java/io/jans/ca/server/op/CheckAccessTokenOperation.java b/jans-client-api/server/src/main/java/io/jans/ca/server/op/CheckAccessTokenOperation.java index d93e979dc74..c94774d2445 100644 --- a/jans-client-api/server/src/main/java/io/jans/ca/server/op/CheckAccessTokenOperation.java +++ b/jans-client-api/server/src/main/java/io/jans/ca/server/op/CheckAccessTokenOperation.java @@ -12,11 +12,14 @@ import io.jans.as.model.jwt.JwtClaimName; import io.jans.as.model.jwt.JwtHeaderName; import io.jans.ca.common.Command; +import io.jans.ca.common.CommandType; import io.jans.ca.common.params.CheckAccessTokenParams; import io.jans.ca.common.response.CheckAccessTokenResponse; import io.jans.ca.common.response.IOpResponse; import io.jans.ca.server.service.DiscoveryService; import io.jans.ca.server.service.ServiceProvider; +import jakarta.inject.Inject; +import jakarta.servlet.http.HttpServletRequest; import org.slf4j.Logger; import org.slf4j.LoggerFactory; @@ -27,19 +30,15 @@ * @version 0.9, 23/10/2013 */ -public class CheckAccessTokenOperation extends BaseOperation { +public class CheckAccessTokenOperation extends TemplateOperation { private static final Logger LOG = LoggerFactory.getLogger(CheckAccessTokenOperation.class); - private DiscoveryService discoveryService; - - public CheckAccessTokenOperation(Command command, ServiceProvider serviceProvider) { - super(command, serviceProvider, CheckAccessTokenParams.class); - this.discoveryService = serviceProvider.getDiscoveryService(); - } + @Inject + DiscoveryService discoveryService; @Override - public IOpResponse execute(CheckAccessTokenParams params) throws Exception { + public IOpResponse execute(CheckAccessTokenParams params, HttpServletRequest httpServletRequest) throws Exception { final OpenIdConfigurationResponse discoveryResponse = discoveryService.getConnectDiscoveryResponseByRpId(params.getRpId()); final String idToken = params.getIdToken(); final String accessToken = params.getAccessToken(); @@ -56,6 +55,16 @@ public IOpResponse execute(CheckAccessTokenParams params) throws Exception { return opResponse; } + @Override + public Class getParameterClass() { + return CheckAccessTokenParams.class; + } + + @Override + public CommandType getCommandType() { + return CommandType.CHECK_ACCESS_TOKEN; + } + private boolean isAccessTokenValid(String p_accessToken, Jwt jwt, OpenIdConfigurationResponse discoveryResponse) { try { final String algorithm = jwt.getHeader().getClaimAsString(JwtHeaderName.ALGORITHM); diff --git a/jans-client-api/server/src/main/java/io/jans/ca/server/op/CheckIdTokenOperation.java b/jans-client-api/server/src/main/java/io/jans/ca/server/op/CheckIdTokenOperation.java index 4d1a53c3322..cfb20a0b974 100644 --- a/jans-client-api/server/src/main/java/io/jans/ca/server/op/CheckIdTokenOperation.java +++ b/jans-client-api/server/src/main/java/io/jans/ca/server/op/CheckIdTokenOperation.java @@ -5,13 +5,18 @@ import io.jans.as.model.jwt.Jwt; import io.jans.as.model.jwt.JwtClaimName; import io.jans.ca.common.Command; +import io.jans.ca.common.CommandType; import io.jans.ca.common.params.CheckIdTokenParams; import io.jans.ca.common.response.CheckIdTokenResponse; import io.jans.ca.common.response.IOpResponse; import io.jans.ca.server.HttpException; import io.jans.ca.server.Utils; import io.jans.ca.server.configuration.model.Rp; +import io.jans.ca.server.service.DiscoveryService; +import io.jans.ca.server.service.PublicOpKeyService; import io.jans.ca.server.service.ServiceProvider; +import jakarta.inject.Inject; +import jakarta.servlet.http.HttpServletRequest; import org.slf4j.Logger; import org.slf4j.LoggerFactory; @@ -22,27 +27,30 @@ * @version 0.9, 18/10/2013 */ -public class CheckIdTokenOperation extends BaseOperation { +public class CheckIdTokenOperation extends TemplateOperation { private static final Logger LOG = LoggerFactory.getLogger(CheckIdTokenOperation.class); - public CheckIdTokenOperation(Command command, ServiceProvider serviceProvider) { - super(command, serviceProvider, CheckIdTokenParams.class); - } + @Inject + DiscoveryService discoveryService; + @Inject + OpClientFactoryImpl opClientFactory; + @Inject + PublicOpKeyService publicOpKeyService; @Override - public IOpResponse execute(CheckIdTokenParams params) { + public IOpResponse execute(CheckIdTokenParams params, HttpServletRequest httpServletRequest) { try { - OpenIdConfigurationResponse discoveryResponse = getDiscoveryService().getConnectDiscoveryResponseByRpId(params.getRpId()); + OpenIdConfigurationResponse discoveryResponse = discoveryService.getConnectDiscoveryResponseByRpId(params.getRpId()); - final Rp rp = getRp(); + final Rp rp = getRp(params); final String idToken = params.getIdToken(); final Jwt jwt = Jwt.parse(idToken); final Validator validator = new Validator.Builder() .discoveryResponse(discoveryResponse) .idToken(jwt) - .keyService(getPublicOpKeyService()) - .opClientFactory(getOpClientFactory()) + .keyService(publicOpKeyService) + .opClientFactory(opClientFactory) .rpServerConfiguration(getJansConfigurationService().find()) .rp(rp) .build(); @@ -71,4 +79,14 @@ public IOpResponse execute(CheckIdTokenParams params) { public static boolean atHashCheckRequired(List responseTypes) { return responseTypes.stream().anyMatch(s -> ResponseType.fromString(s, " ").contains(ResponseType.TOKEN)); } + + @Override + public Class getParameterClass() { + return CheckIdTokenParams.class; + } + + @Override + public CommandType getCommandType() { + return CommandType.CHECK_ID_TOKEN; + } } diff --git a/jans-client-api/server/src/main/java/io/jans/ca/server/op/GetAccessTokenByRefreshTokenOperation.java b/jans-client-api/server/src/main/java/io/jans/ca/server/op/GetAccessTokenByRefreshTokenOperation.java index 46a3d163145..86158c6c467 100644 --- a/jans-client-api/server/src/main/java/io/jans/ca/server/op/GetAccessTokenByRefreshTokenOperation.java +++ b/jans-client-api/server/src/main/java/io/jans/ca/server/op/GetAccessTokenByRefreshTokenOperation.java @@ -6,6 +6,7 @@ import io.jans.as.client.TokenResponse; import io.jans.as.model.util.Util; import io.jans.ca.common.Command; +import io.jans.ca.common.CommandType; import io.jans.ca.common.ErrorResponseCode; import io.jans.ca.common.params.GetAccessTokenByRefreshTokenParams; import io.jans.ca.common.response.GetClientTokenResponse; @@ -15,30 +16,30 @@ import io.jans.ca.server.configuration.model.Rp; import io.jans.ca.server.service.DiscoveryService; import io.jans.ca.server.service.ServiceProvider; +import jakarta.enterprise.context.RequestScoped; +import jakarta.inject.Inject; +import jakarta.inject.Named; +import jakarta.servlet.http.HttpServletRequest; import org.slf4j.Logger; import org.slf4j.LoggerFactory; import java.io.UnsupportedEncodingException; import java.util.Set; -/** - * @author yuriyz - */ -public class GetAccessTokenByRefreshTokenOperation extends BaseOperation { +@RequestScoped +@Named +public class GetAccessTokenByRefreshTokenOperation extends TemplateOperation { private static final Logger LOG = LoggerFactory.getLogger(GetAccessTokenByRefreshTokenOperation.class); - private DiscoveryService discoveryService; - public GetAccessTokenByRefreshTokenOperation(Command command, ServiceProvider serviceProvider) { - super(command, serviceProvider, GetAccessTokenByRefreshTokenParams.class); - this.discoveryService = serviceProvider.getDiscoveryService(); - } + @Inject + DiscoveryService discoveryService; @Override - public IOpResponse execute(GetAccessTokenByRefreshTokenParams params) { + public IOpResponse execute(GetAccessTokenByRefreshTokenParams params, HttpServletRequest httpServletRequest) { try { validate(params); - final Rp rp = getRp(); + final Rp rp = getRp(params); final TokenClient tokenClient = new TokenClient(discoveryService.getConnectDiscoveryResponse(rp).getTokenEndpoint()); tokenClient.setExecutor(discoveryService.getHttpService().getClientEngine()); final TokenResponse tokenResponse = tokenClient.execRefreshToken(scopeAsString(params), params.getRefreshToken(), rp.getClientId(), rp.getClientSecret()); @@ -66,6 +67,16 @@ public IOpResponse execute(GetAccessTokenByRefreshTokenParams params) { throw HttpException.internalError(); } + @Override + public Class getParameterClass() { + return GetAccessTokenByRefreshTokenParams.class; + } + + @Override + public CommandType getCommandType() { + return CommandType.GET_ACCESS_TOKEN_BY_REFRESH_TOKEN; + } + private String scopeAsString(GetAccessTokenByRefreshTokenParams params) throws UnsupportedEncodingException { Set scope = Sets.newHashSet(); diff --git a/jans-client-api/server/src/main/java/io/jans/ca/server/op/GetAuthorizationCodeOperation.java b/jans-client-api/server/src/main/java/io/jans/ca/server/op/GetAuthorizationCodeOperation.java index 23a63a2adec..3926e36e8c7 100644 --- a/jans-client-api/server/src/main/java/io/jans/ca/server/op/GetAuthorizationCodeOperation.java +++ b/jans-client-api/server/src/main/java/io/jans/ca/server/op/GetAuthorizationCodeOperation.java @@ -8,6 +8,7 @@ import io.jans.as.model.common.Prompt; import io.jans.as.model.common.ResponseType; import io.jans.ca.common.Command; +import io.jans.ca.common.CommandType; import io.jans.ca.common.ErrorResponseCode; import io.jans.ca.common.params.GetAuthorizationCodeParams; import io.jans.ca.common.response.GetAuthorizationCodeResponse; @@ -18,37 +19,31 @@ import io.jans.ca.server.service.HttpService; import io.jans.ca.server.service.ServiceProvider; import io.jans.ca.server.service.StateService; +import jakarta.enterprise.context.RequestScoped; +import jakarta.inject.Inject; +import jakarta.inject.Named; +import jakarta.servlet.http.HttpServletRequest; import org.slf4j.Logger; import org.slf4j.LoggerFactory; import java.util.List; import java.util.UUID; -/** - * @author Yuriy Zabrovarnyy - * @version 0.9, 06/10/2015 - */ - -public class GetAuthorizationCodeOperation extends BaseOperation { +@RequestScoped +@Named +public class GetAuthorizationCodeOperation extends TemplateOperation { private static final Logger LOG = LoggerFactory.getLogger(GetAuthorizationCodeOperation.class); - + @Inject DiscoveryService discoveryService; - HttpService httpService; + @Inject OpClientFactoryImpl opClientFactory; + @Inject StateService stateService; - public GetAuthorizationCodeOperation(Command pCommand, ServiceProvider serviceProvider) { - super(pCommand, serviceProvider, GetAuthorizationCodeParams.class); - this.discoveryService = serviceProvider.getDiscoveryService(); - this.stateService = serviceProvider.getStateService(); - this.opClientFactory = serviceProvider.getOpClientFactory(); - this.httpService = serviceProvider.getHttpService(); - } - @Override - public IOpResponse execute(GetAuthorizationCodeParams params) { - final Rp rp = getRp(); + public IOpResponse execute(GetAuthorizationCodeParams params, HttpServletRequest httpServletRequest) { + final Rp rp = getRp(params); String nonce = Strings.isNullOrEmpty(params.getNonce()) ? UUID.randomUUID().toString() : params.getNonce(); String state = Strings.isNullOrEmpty(params.getState()) ? UUID.randomUUID().toString() : params.getState(); @@ -80,6 +75,16 @@ public IOpResponse execute(GetAuthorizationCodeParams params) { } } + @Override + public Class getParameterClass() { + return GetAuthorizationCodeParams.class; + } + + @Override + public CommandType getCommandType() { + return CommandType.GET_AUTHORIZATION_CODE; + } + private List acrValues(GetAuthorizationCodeParams params, Rp rp) { List acrs = Lists.newArrayList(); if (params.getAcrValues() != null && !params.getAcrValues().isEmpty()) { diff --git a/jans-client-api/server/src/main/java/io/jans/ca/server/op/GetAuthorizationUrlOperation.java b/jans-client-api/server/src/main/java/io/jans/ca/server/op/GetAuthorizationUrlOperation.java index 2297f001f69..7e47caf5b84 100644 --- a/jans-client-api/server/src/main/java/io/jans/ca/server/op/GetAuthorizationUrlOperation.java +++ b/jans-client-api/server/src/main/java/io/jans/ca/server/op/GetAuthorizationUrlOperation.java @@ -5,6 +5,7 @@ import io.jans.as.model.authorize.AuthorizeRequestParam; import io.jans.as.model.util.Util; import io.jans.ca.common.Command; +import io.jans.ca.common.CommandType; import io.jans.ca.common.ErrorResponseCode; import io.jans.ca.common.ExpiredObjectType; import io.jans.ca.common.params.GetAuthorizationUrlParams; @@ -17,6 +18,10 @@ import io.jans.ca.server.service.ServiceProvider; import io.jans.ca.server.service.StateService; import io.jans.ca.server.persistence.service.MainPersistenceService; +import jakarta.enterprise.context.RequestScoped; +import jakarta.inject.Inject; +import jakarta.inject.Named; +import jakarta.servlet.http.HttpServletRequest; import org.apache.commons.lang.StringUtils; import org.slf4j.Logger; import org.slf4j.LoggerFactory; @@ -24,34 +29,19 @@ import java.util.ArrayList; import java.util.List; -/** - * @author Yuriy Zabrovarnyy - * @version 0.9, 22/09/2015 - */ - -public class GetAuthorizationUrlOperation extends BaseOperation { +@RequestScoped +@Named +public class GetAuthorizationUrlOperation extends TemplateOperation { private static final Logger LOG = LoggerFactory.getLogger(GetAuthorizationUrlOperation.class); - + @Inject DiscoveryService discoveryService; + @Inject StateService stateService; - MainPersistenceService jansConfigurationService; - - /** - * Base constructor - * - * @param command command - */ - public GetAuthorizationUrlOperation(Command command, ServiceProvider serviceProvider) { - super(command, serviceProvider, GetAuthorizationUrlParams.class); - this.discoveryService = serviceProvider.getDiscoveryService(); - this.stateService = serviceProvider.getStateService(); - this.jansConfigurationService = serviceProvider.getJansConfigurationService(); - } @Override - public IOpResponse execute(GetAuthorizationUrlParams params) throws Exception { - final Rp rp = getRp(); + public IOpResponse execute(GetAuthorizationUrlParams params, HttpServletRequest httpServletRequest) throws Exception { + final Rp rp = getRp(params); String authorizationEndpoint = discoveryService.getConnectDiscoveryResponse(rp).getAuthorizationEndpoint(); @@ -123,4 +113,14 @@ private List acrValues(Rp rp, GetAuthorizationUrlParams params) { return new ArrayList<>(); } } + + @Override + public Class getParameterClass() { + return GetAuthorizationUrlParams.class; + } + + @Override + public CommandType getCommandType() { + return CommandType.GET_AUTHORIZATION_URL; + } } diff --git a/jans-client-api/server/src/main/java/io/jans/ca/server/op/GetClientTokenOperation.java b/jans-client-api/server/src/main/java/io/jans/ca/server/op/GetClientTokenOperation.java index 62325bcfdbe..a28c124027b 100644 --- a/jans-client-api/server/src/main/java/io/jans/ca/server/op/GetClientTokenOperation.java +++ b/jans-client-api/server/src/main/java/io/jans/ca/server/op/GetClientTokenOperation.java @@ -9,6 +9,7 @@ import io.jans.as.model.crypto.signature.SignatureAlgorithm; import io.jans.as.model.util.Util; import io.jans.ca.common.Command; +import io.jans.ca.common.CommandType; import io.jans.ca.common.ErrorResponseCode; import io.jans.ca.common.params.GetClientTokenParams; import io.jans.ca.common.response.GetClientTokenResponse; @@ -18,41 +19,30 @@ import io.jans.ca.server.service.DiscoveryService; import io.jans.ca.server.service.HttpService; import io.jans.ca.server.service.ServiceProvider; +import jakarta.enterprise.context.RequestScoped; +import jakarta.inject.Inject; +import jakarta.inject.Named; +import jakarta.servlet.http.HttpServletRequest; import org.slf4j.Logger; import org.slf4j.LoggerFactory; import java.io.UnsupportedEncodingException; import java.util.Set; - -/** - * @author Yuriy Zabrovarnyy - * @version 0.9, 31/03/2017 - */ - -public class GetClientTokenOperation extends BaseOperation { +@RequestScoped +@Named +public class GetClientTokenOperation extends TemplateOperation { private static final Logger LOG = LoggerFactory.getLogger(GetClientTokenOperation.class); - private DiscoveryService discoveryService; - - private HttpService httpService; - - private OpClientFactoryImpl opClientFactory; - - /** - * Base constructor - * - * @param command command - */ - public GetClientTokenOperation(Command command, ServiceProvider serviceProvider) { - super(command, serviceProvider, GetClientTokenParams.class); - this.discoveryService = serviceProvider.getDiscoveryService(); - this.httpService = discoveryService.getHttpService(); - this.opClientFactory = discoveryService.getOpClientFactory(); - } + @Inject + DiscoveryService discoveryService; + @Inject + HttpService httpService; + @Inject + OpClientFactoryImpl opClientFactory; @Override - public IOpResponse execute(GetClientTokenParams params) { + public IOpResponse execute(GetClientTokenParams params, HttpServletRequest httpRequest) { try { final AuthenticationMethod authenticationMethod = AuthenticationMethod.fromString(params.getAuthenticationMethod()); final String tokenEndpoint = discoveryService.getConnectDiscoveryResponse(params.getOpConfigurationEndpoint(), params.getOpHost(), params.getOpDiscoveryPath()).getTokenEndpoint(); @@ -107,6 +97,16 @@ public IOpResponse execute(GetClientTokenParams params) { throw HttpException.internalError(); } + @Override + public Class getParameterClass() { + return GetClientTokenParams.class; + } + + @Override + public CommandType getCommandType() { + return CommandType.GET_CLIENT_TOKEN; + } + private String scopeAsString(GetClientTokenParams params) throws UnsupportedEncodingException { Set scope = Sets.newHashSet(); diff --git a/jans-client-api/server/src/main/java/io/jans/ca/server/op/GetIssuerOperation.java b/jans-client-api/server/src/main/java/io/jans/ca/server/op/GetIssuerOperation.java index 31ae24f1c9e..ce5e7765c41 100644 --- a/jans-client-api/server/src/main/java/io/jans/ca/server/op/GetIssuerOperation.java +++ b/jans-client-api/server/src/main/java/io/jans/ca/server/op/GetIssuerOperation.java @@ -4,12 +4,16 @@ import io.jans.as.client.OpenIdConnectDiscoveryResponse; import io.jans.as.model.discovery.WebFingerParam; import io.jans.ca.common.Command; +import io.jans.ca.common.CommandType; import io.jans.ca.common.ErrorResponseCode; import io.jans.ca.common.params.GetIssuerParams; import io.jans.ca.common.response.GetIssuerResponse; import io.jans.ca.common.response.IOpResponse; import io.jans.ca.server.HttpException; +import io.jans.ca.server.service.DiscoveryService; import io.jans.ca.server.service.ServiceProvider; +import jakarta.inject.Inject; +import jakarta.servlet.http.HttpServletRequest; import org.apache.commons.beanutils.BeanUtils; import org.python.google.common.base.Strings; import org.slf4j.Logger; @@ -18,19 +22,18 @@ import java.util.List; import java.util.stream.Collectors; -public class GetIssuerOperation extends BaseOperation { +public class GetIssuerOperation extends TemplateOperation { private static final Logger LOG = LoggerFactory.getLogger(GetIssuerOperation.class); - public GetIssuerOperation(Command command, ServiceProvider serviceProvider) { - super(command, serviceProvider, GetIssuerParams.class); - } + @Inject + DiscoveryService discoveryService; - public IOpResponse execute(GetIssuerParams params) { + public IOpResponse execute(GetIssuerParams params, HttpServletRequest httpServletRequest) { validateParams(params); GetIssuerResponse webfingerResponse = getWebfingerResponse(params.getResource()); - String issuerFromDiscovery = getDiscoveryService().getConnectDiscoveryResponse(params.getOpConfigurationEndpoint(), params.getOpHost(), params.getOpDiscoveryPath()).getIssuer(); + String issuerFromDiscovery = discoveryService.getConnectDiscoveryResponse(params.getOpConfigurationEndpoint(), params.getOpHost(), params.getOpDiscoveryPath()).getIssuer(); validateIssuer(webfingerResponse, issuerFromDiscovery); return webfingerResponse; @@ -76,4 +79,14 @@ private static void validateIssuer(GetIssuerResponse webfingerResponse, String i throw new HttpException(ErrorResponseCode.INVALID_ISSUER_DISCOVERED); } } + + @Override + public Class getParameterClass() { + return GetIssuerParams.class; + } + + @Override + public CommandType getCommandType() { + return CommandType.ISSUER_DISCOVERY; + } } diff --git a/jans-client-api/server/src/main/java/io/jans/ca/server/op/GetJwksOperation.java b/jans-client-api/server/src/main/java/io/jans/ca/server/op/GetJwksOperation.java index 339d7ebbfab..d5f3ffdbad6 100644 --- a/jans-client-api/server/src/main/java/io/jans/ca/server/op/GetJwksOperation.java +++ b/jans-client-api/server/src/main/java/io/jans/ca/server/op/GetJwksOperation.java @@ -6,7 +6,7 @@ import io.jans.as.client.JwkClient; import io.jans.as.client.JwkResponse; import io.jans.as.client.OpenIdConfigurationResponse; -import io.jans.ca.common.Command; +import io.jans.ca.common.CommandType; import io.jans.ca.common.ErrorResponseCode; import io.jans.ca.common.params.GetJwksParams; import io.jans.ca.common.response.GetJwksResponse; @@ -14,27 +14,21 @@ import io.jans.ca.common.response.POJOResponse; import io.jans.ca.server.HttpException; import io.jans.ca.server.service.DiscoveryService; -import io.jans.ca.server.service.ServiceProvider; +import jakarta.enterprise.context.RequestScoped; +import jakarta.inject.Inject; +import jakarta.inject.Named; +import jakarta.servlet.http.HttpServletRequest; import org.apache.commons.lang.StringUtils; -/** - * Service class for fetching JSON Web Key set - * - * @author Shoeb - * @version 12/01/2018 - */ +@RequestScoped +@Named +public class GetJwksOperation extends TemplateOperation { -public class GetJwksOperation extends BaseOperation { - - private DiscoveryService discoveryService; - - public GetJwksOperation(Command command, ServiceProvider serviceProvider) { - super(command, serviceProvider, GetJwksParams.class); - this.discoveryService = serviceProvider.getDiscoveryService(); - } + @Inject + DiscoveryService discoveryService; @Override - public IOpResponse execute(GetJwksParams params) { + public IOpResponse execute(GetJwksParams params, HttpServletRequest httpServletRequest) { if (StringUtils.isEmpty(params.getOpHost()) && StringUtils.isEmpty(params.getOpConfigurationEndpoint())) { throw new HttpException(ErrorResponseCode.INVALID_OP_HOST_AND_CONFIGURATION_ENDPOINT); @@ -62,4 +56,14 @@ public IOpResponse execute(GetJwksParams params) { } } + + @Override + public Class getParameterClass() { + return GetJwksParams.class; + } + + @Override + public CommandType getCommandType() { + return CommandType.GET_JWKS; + } } diff --git a/jans-client-api/server/src/main/java/io/jans/ca/server/op/GetLogoutUrlOperation.java b/jans-client-api/server/src/main/java/io/jans/ca/server/op/GetLogoutUrlOperation.java index 9cf89e9ff5b..3c9f16c2ef1 100644 --- a/jans-client-api/server/src/main/java/io/jans/ca/server/op/GetLogoutUrlOperation.java +++ b/jans-client-api/server/src/main/java/io/jans/ca/server/op/GetLogoutUrlOperation.java @@ -3,6 +3,7 @@ import com.google.common.base.Strings; import io.jans.as.client.OpenIdConfigurationResponse; import io.jans.ca.common.Command; +import io.jans.ca.common.CommandType; import io.jans.ca.common.ErrorResponseCode; import io.jans.ca.common.ExpiredObjectType; import io.jans.ca.common.params.GetLogoutUrlParams; @@ -14,36 +15,31 @@ import io.jans.ca.server.service.DiscoveryService; import io.jans.ca.server.service.ServiceProvider; import io.jans.ca.server.service.StateService; +import jakarta.enterprise.context.RequestScoped; +import jakarta.inject.Inject; +import jakarta.inject.Named; +import jakarta.servlet.http.HttpServletRequest; import org.slf4j.Logger; import org.slf4j.LoggerFactory; import java.net.URLEncoder; -/** - * @author Yuriy Zabrovarnyy - * @version 0.9, 17/11/2015 - */ - -public class GetLogoutUrlOperation extends BaseOperation { +@RequestScoped +@Named +public class GetLogoutUrlOperation extends TemplateOperation { private static final String GOOGLE_OP_HOST = "https://accounts.google.com"; private static final Logger LOG = LoggerFactory.getLogger(GetLogoutUrlOperation.class); - private DiscoveryService discoveryService; - private MainPersistenceService configurationService; - private StateService stateService; - - public GetLogoutUrlOperation(Command command, ServiceProvider serviceProvider) { - super(command, serviceProvider, GetLogoutUrlParams.class); - this.discoveryService = serviceProvider.getDiscoveryService(); - this.stateService = serviceProvider.getStateService(); - this.configurationService = serviceProvider.getJansConfigurationService(); - } + @Inject + DiscoveryService discoveryService; + @Inject + StateService stateService; @Override - public IOpResponse execute(GetLogoutUrlParams params) throws Exception { - final Rp rp = getRp(); + public IOpResponse execute(GetLogoutUrlParams params, HttpServletRequest httpServletRequest) throws Exception { + final Rp rp = getRp(params); OpenIdConfigurationResponse discoveryResponse = discoveryService.getConnectDiscoveryResponse(rp); String endSessionEndpoint = discoveryResponse.getEndSessionEndpoint(); @@ -57,7 +53,7 @@ public IOpResponse execute(GetLogoutUrlParams params) throws Exception { } if (Strings.isNullOrEmpty(endSessionEndpoint)) { - if (rp.getOpHost().startsWith(GOOGLE_OP_HOST) && configurationService.find().getSupportGoogleLogout()) { + if (rp.getOpHost().startsWith(GOOGLE_OP_HOST) && getJansConfigurationService().find().getSupportGoogleLogout()) { String logoutUrl = "https://www.google.com/accounts/Logout?continue=https://appengine.google.com/_ah/logout?continue=" + postLogoutRedirectUrl; return new GetLogoutUriResponse(logoutUrl); } @@ -83,6 +79,16 @@ public IOpResponse execute(GetLogoutUrlParams params) throws Exception { return new GetLogoutUriResponse(uri); } + @Override + public Class getParameterClass() { + return GetLogoutUrlParams.class; + } + + @Override + public CommandType getCommandType() { + return CommandType.GET_LOGOUT_URI; + } + private static String separator(String uri) { return uri.contains("?") ? "&" : "?"; } diff --git a/jans-client-api/server/src/main/java/io/jans/ca/server/op/GetRequestObjectOperation.java b/jans-client-api/server/src/main/java/io/jans/ca/server/op/GetRequestObjectOperation.java index 8d8e4a54ec5..e356fe0afa1 100644 --- a/jans-client-api/server/src/main/java/io/jans/ca/server/op/GetRequestObjectOperation.java +++ b/jans-client-api/server/src/main/java/io/jans/ca/server/op/GetRequestObjectOperation.java @@ -2,6 +2,7 @@ import com.google.common.base.Strings; import io.jans.ca.common.Command; +import io.jans.ca.common.CommandType; import io.jans.ca.common.ErrorResponseCode; import io.jans.ca.common.ExpiredObject; import io.jans.ca.common.params.StringParam; @@ -10,21 +11,18 @@ import io.jans.ca.server.HttpException; import io.jans.ca.server.service.RequestObjectService; import io.jans.ca.server.service.ServiceProvider; +import jakarta.inject.Inject; +import jakarta.servlet.http.HttpServletRequest; import org.slf4j.Logger; import org.slf4j.LoggerFactory; -public class GetRequestObjectOperation extends BaseOperation { +public class GetRequestObjectOperation extends TemplateOperation { private static final Logger LOG = LoggerFactory.getLogger(GetRequestObjectOperation.class); - - private RequestObjectService requestObjectService; - - public GetRequestObjectOperation(Command command, ServiceProvider serviceProvider) { - super(command, serviceProvider, StringParam.class); - this.requestObjectService = serviceProvider.getRequestObjectService(); - } + @Inject + RequestObjectService requestObjectService; @Override - public IOpResponse execute(StringParam params) { + public IOpResponse execute(StringParam params, HttpServletRequest httpServletRequest) { try { ExpiredObject expiredObject = requestObjectService.get(params.getValue()); @@ -43,4 +41,14 @@ public IOpResponse execute(StringParam params) { } } + + @Override + public Class getParameterClass() { + return StringParam.class; + } + + @Override + public CommandType getCommandType() { + return CommandType.GET_REQUEST_OBJECT_JWT; + } } diff --git a/jans-client-api/server/src/main/java/io/jans/ca/server/op/GetRequestObjectUriOperation.java b/jans-client-api/server/src/main/java/io/jans/ca/server/op/GetRequestObjectUriOperation.java index c9ac4db66ca..d51e392f9ac 100644 --- a/jans-client-api/server/src/main/java/io/jans/ca/server/op/GetRequestObjectUriOperation.java +++ b/jans-client-api/server/src/main/java/io/jans/ca/server/op/GetRequestObjectUriOperation.java @@ -6,7 +6,7 @@ import io.jans.as.model.jwk.Use; import io.jans.as.model.jwt.Jwt; import io.jans.as.model.jwt.JwtType; -import io.jans.ca.common.Command; +import io.jans.ca.common.CommandType; import io.jans.ca.common.ErrorResponseCode; import io.jans.ca.common.params.GetRequestObjectUriParams; import io.jans.ca.common.response.GetRequestObjectUriResponse; @@ -14,7 +14,10 @@ import io.jans.ca.server.HttpException; import io.jans.ca.server.Utils; import io.jans.ca.server.configuration.model.Rp; -import io.jans.ca.server.service.ServiceProvider; +import io.jans.ca.server.service.KeyGeneratorService; +import io.jans.ca.server.service.RequestObjectService; +import jakarta.inject.Inject; +import jakarta.servlet.http.HttpServletRequest; import org.apache.commons.lang.StringUtils; import org.json.JSONObject; import org.slf4j.Logger; @@ -25,20 +28,21 @@ import java.util.Map; import java.util.UUID; -public class GetRequestObjectUriOperation extends BaseOperation { +public class GetRequestObjectUriOperation extends TemplateOperation { private static final Logger LOG = LoggerFactory.getLogger(GetRequestObjectUriOperation.class); - public GetRequestObjectUriOperation(Command command, ServiceProvider serviceProvider) { - super(command, serviceProvider, GetRequestObjectUriParams.class); - } + @Inject + KeyGeneratorService keyGeneratorService; + @Inject + RequestObjectService requestObjectService; - public IOpResponse execute(GetRequestObjectUriParams params) { + public IOpResponse execute(GetRequestObjectUriParams params, HttpServletRequest httpServletRequest) { try { validate(params); - final Rp rp = getRp(); + final Rp rp = getRp(params); SignatureAlgorithm algo = SignatureAlgorithm.fromString(params.getRequestObjectSigningAlg()) != null ? SignatureAlgorithm.fromString(params.getRequestObjectSigningAlg()) : SignatureAlgorithm.fromString(rp.getRequestObjectSigningAlg()); @@ -51,11 +55,11 @@ public IOpResponse execute(GetRequestObjectUriParams params) { Jwt unsignedJwt = createRequestObject(algo, rp, params); //signing request object - Jwt signedJwt = getKeyGeneratorService().sign(unsignedJwt, rp.getClientSecret(), algo); + Jwt signedJwt = keyGeneratorService.sign(unsignedJwt, rp.getClientSecret(), algo); //setting request object in Expired Object String requestUriId = UUID.randomUUID().toString(); - getRequestObjectService().put(requestUriId, signedJwt.toString()); + requestObjectService.put(requestUriId, signedJwt.toString()); String requestUri = baseRequestUri(params.getRpHostUrl()) + requestUriId; LOG.trace("RequestObject created successfully. request_uri : {} ", requestUri); @@ -78,7 +82,7 @@ public Jwt createRequestObject(SignatureAlgorithm algo, Rp rp, GetRequestObjectU jwt.getHeader().setType(JwtType.JWT); try { jwt.getHeader().setAlgorithm(algo); - String keyId = getKeyGeneratorService().getKeyId(Algorithm.fromString(algo.getName()), Use.SIGNATURE); + String keyId = keyGeneratorService.getKeyId(Algorithm.fromString(algo.getName()), Use.SIGNATURE); if (keyId != null) { jwt.getHeader().setKeyId(keyId); } @@ -125,4 +129,14 @@ private String baseRequestUri(String rpHost) { } return rpHost + "/get-request-object/"; } + + @Override + public Class getParameterClass() { + return GetRequestObjectUriParams.class; + } + + @Override + public CommandType getCommandType() { + return CommandType.GET_REQUEST_URI; + } } diff --git a/jans-client-api/server/src/main/java/io/jans/ca/server/op/GetRpJwksOperation.java b/jans-client-api/server/src/main/java/io/jans/ca/server/op/GetRpJwksOperation.java index 56df76bd518..55aa681c78b 100644 --- a/jans-client-api/server/src/main/java/io/jans/ca/server/op/GetRpJwksOperation.java +++ b/jans-client-api/server/src/main/java/io/jans/ca/server/op/GetRpJwksOperation.java @@ -1,24 +1,26 @@ package io.jans.ca.server.op; import io.jans.ca.common.Command; +import io.jans.ca.common.CommandType; import io.jans.ca.common.params.GetJwksParams; import io.jans.ca.common.response.IOpResponse; import io.jans.ca.common.response.POJOResponse; import io.jans.ca.server.HttpException; import io.jans.ca.server.service.KeyGeneratorService; import io.jans.ca.server.service.ServiceProvider; +import jakarta.enterprise.context.RequestScoped; +import jakarta.inject.Inject; +import jakarta.inject.Named; +import jakarta.servlet.http.HttpServletRequest; -public class GetRpJwksOperation extends BaseOperation { - - private KeyGeneratorService keyGeneratorService; - - public GetRpJwksOperation(Command command, ServiceProvider serviceProvider) { - super(command, serviceProvider, GetJwksParams.class); - this.keyGeneratorService = serviceProvider.getKeyGeneratorService(); - } +@RequestScoped +@Named +public class GetRpJwksOperation extends TemplateOperation { + @Inject + KeyGeneratorService keyGeneratorService; @Override - public IOpResponse execute(GetJwksParams params) { + public IOpResponse execute(GetJwksParams params, HttpServletRequest httpServletRequest) { try { return new POJOResponse(keyGeneratorService.getKeys()); @@ -27,6 +29,15 @@ public IOpResponse execute(GetJwksParams params) { } catch (Exception e) { throw new RuntimeException(e); } + } + @Override + public Class getParameterClass() { + return GetJwksParams.class; + } + + @Override + public CommandType getCommandType() { + return CommandType.GET_RP_JWKS; } } diff --git a/jans-client-api/server/src/main/java/io/jans/ca/server/op/GetRpOperation.java b/jans-client-api/server/src/main/java/io/jans/ca/server/op/GetRpOperation.java index 60c375204de..64ce9dcacf9 100644 --- a/jans-client-api/server/src/main/java/io/jans/ca/server/op/GetRpOperation.java +++ b/jans-client-api/server/src/main/java/io/jans/ca/server/op/GetRpOperation.java @@ -1,6 +1,7 @@ package io.jans.ca.server.op; import io.jans.ca.common.Command; +import io.jans.ca.common.CommandType; import io.jans.ca.common.Jackson2; import io.jans.ca.common.params.GetRpParams; import io.jans.ca.common.response.GetRpResponse; @@ -10,29 +11,26 @@ import io.jans.ca.server.service.RpService; import io.jans.ca.server.service.RpSyncService; import io.jans.ca.server.service.ServiceProvider; +import jakarta.enterprise.context.RequestScoped; +import jakarta.inject.Inject; +import jakarta.inject.Named; +import jakarta.servlet.http.HttpServletRequest; import org.slf4j.Logger; import org.slf4j.LoggerFactory; import java.util.ArrayList; import java.util.List; -/** - * @author yuriyz - */ -public class GetRpOperation extends BaseOperation { +@RequestScoped +@Named +public class GetRpOperation extends TemplateOperation { private static final Logger LOG = LoggerFactory.getLogger(GetRpOperation.class); - private RpService rpService; - private RpSyncService rpSyncService; - - public GetRpOperation(Command command, ServiceProvider serviceProvider) { - super(command, serviceProvider, GetRpParams.class); - this.rpService = serviceProvider.getRpService(); - this.rpSyncService = serviceProvider.getRpSyncService(); - } + @Inject + RpService rpService; @Override - public IOpResponse execute(GetRpParams params) { + public IOpResponse execute(GetRpParams params, HttpServletRequest httpServletRequest) { if (params.getList() != null && params.getList()) { List rps = new ArrayList<>(); for (Rp rp : rpService.getRps().values()) { @@ -41,7 +39,7 @@ public IOpResponse execute(GetRpParams params) { return new GetRpResponse(Jackson2.createJsonMapper().valueToTree(rps)); } - Rp rp = rpSyncService.getRp(params.getRpId()); + Rp rp = getRpSyncService().getRp(params.getRpId()); if (rp != null) { return new GetRpResponse(Jackson2.createJsonMapper().valueToTree(rp)); } else { @@ -49,4 +47,14 @@ public IOpResponse execute(GetRpParams params) { } return new GetRpResponse(); } + + @Override + public Class getParameterClass() { + return GetRpParams.class; + } + + @Override + public CommandType getCommandType() { + return CommandType.GET_RP; + } } diff --git a/jans-client-api/server/src/main/java/io/jans/ca/server/op/GetTokensByCodeOperation.java b/jans-client-api/server/src/main/java/io/jans/ca/server/op/GetTokensByCodeOperation.java index e458681833b..086b4106680 100644 --- a/jans-client-api/server/src/main/java/io/jans/ca/server/op/GetTokensByCodeOperation.java +++ b/jans-client-api/server/src/main/java/io/jans/ca/server/op/GetTokensByCodeOperation.java @@ -12,10 +12,7 @@ import io.jans.as.model.jwk.Algorithm; import io.jans.as.model.jwk.Use; import io.jans.as.model.jwt.Jwt; -import io.jans.ca.common.Command; -import io.jans.ca.common.ErrorResponseCode; -import io.jans.ca.common.ExpiredObjectType; -import io.jans.ca.common.Jackson2; +import io.jans.ca.common.*; import io.jans.ca.common.params.GetTokensByCodeParams; import io.jans.ca.common.response.GetTokensByCodeResponse; import io.jans.ca.common.response.IOpResponse; @@ -23,44 +20,37 @@ import io.jans.ca.server.configuration.model.Rp; import io.jans.ca.server.service.*; import io.jans.ca.server.persistence.service.MainPersistenceService; +import jakarta.enterprise.context.RequestScoped; +import jakarta.inject.Inject; +import jakarta.inject.Named; +import jakarta.servlet.http.HttpServletRequest; import org.python.jline.internal.Log; import org.slf4j.Logger; import org.slf4j.LoggerFactory; -/** - * @author Yuriy Zabrovarnyy - * @version 0.9, 22/09/2015 - */ - -public class GetTokensByCodeOperation extends BaseOperation { +@RequestScoped +@Named +public class GetTokensByCodeOperation extends TemplateOperation { private static final Logger LOG = LoggerFactory.getLogger(GetTokensByCodeOperation.class); - private StateService stateService; - private DiscoveryService discoveryService; - private RpService rpService; - private KeyGeneratorService keyGeneratorService; - private PublicOpKeyService publicOpKeyService; - private MainPersistenceService jansConfigurationService; - private OpClientFactoryImpl opClientFactory; - private HttpService httpService; - - public GetTokensByCodeOperation(Command command, ServiceProvider serviceProvider) { - super(command, serviceProvider, GetTokensByCodeParams.class); - this.discoveryService = serviceProvider.getDiscoveryService(); - this.stateService = serviceProvider.getStateService(); - this.rpService = serviceProvider.getRpService(); - this.keyGeneratorService = serviceProvider.getKeyGeneratorService(); - this.httpService = discoveryService.getHttpService(); - this.opClientFactory = discoveryService.getOpClientFactory(); - this.jansConfigurationService = stateService.getConfigurationService(); - this.publicOpKeyService = serviceProvider.getPublicOpKeyService(); - } + @Inject + StateService stateService; + @Inject + DiscoveryService discoveryService; + @Inject + RpService rpService; + @Inject + KeyGeneratorService keyGeneratorService; + @Inject + PublicOpKeyService publicOpKeyService; + @Inject + OpClientFactoryImpl opClientFactory; @Override - public IOpResponse execute(GetTokensByCodeParams params) throws Exception { + public IOpResponse execute(GetTokensByCodeParams params, HttpServletRequest httpServletRequest) throws Exception { validate(params); - final Rp rp = getRp(); + final Rp rp = getRp(params); OpenIdConfigurationResponse discoveryResponse = discoveryService.getConnectDiscoveryResponse(rp); final TokenRequest tokenRequest = new TokenRequest(GrantType.AUTHORIZATION_CODE); @@ -157,6 +147,16 @@ public IOpResponse execute(GetTokensByCodeParams params) throws Exception { return null; } + @Override + public Class getParameterClass() { + return GetTokensByCodeParams.class; + } + + @Override + public CommandType getCommandType() { + return CommandType.GET_TOKENS_BY_CODE; + } + private void validate(GetTokensByCodeParams params) { if (Strings.isNullOrEmpty(params.getCode())) { diff --git a/jans-client-api/server/src/main/java/io/jans/ca/server/op/GetUserInfoOperation.java b/jans-client-api/server/src/main/java/io/jans/ca/server/op/GetUserInfoOperation.java index 37ce12075d5..d066cb0ba3f 100644 --- a/jans-client-api/server/src/main/java/io/jans/ca/server/op/GetUserInfoOperation.java +++ b/jans-client-api/server/src/main/java/io/jans/ca/server/op/GetUserInfoOperation.java @@ -7,6 +7,7 @@ import io.jans.as.model.jwt.Jwt; import io.jans.as.model.jwt.JwtClaimName; import io.jans.ca.common.Command; +import io.jans.ca.common.CommandType; import io.jans.ca.common.ErrorResponseCode; import io.jans.ca.common.Jackson2; import io.jans.ca.common.params.GetUserInfoParams; @@ -17,35 +18,29 @@ import io.jans.ca.server.service.HttpService; import io.jans.ca.server.service.ServiceProvider; import io.jans.ca.server.persistence.service.MainPersistenceService; +import jakarta.enterprise.context.RequestScoped; +import jakarta.inject.Inject; +import jakarta.inject.Named; +import jakarta.servlet.http.HttpServletRequest; import org.slf4j.Logger; import org.slf4j.LoggerFactory; import java.io.IOException; -/** - * @author Yuriy Zabrovarnyy - * @version 0.9, 22/09/2015 - */ - -public class GetUserInfoOperation extends BaseOperation { +@RequestScoped +@Named +public class GetUserInfoOperation extends TemplateOperation { private static final Logger LOG = LoggerFactory.getLogger(GetUserInfoOperation.class); + @Inject DiscoveryService discoveryService; - MainPersistenceService jansConfigurationService; + @Inject OpClientFactoryImpl opClientFactory; + @Inject HttpService httpService; - - public GetUserInfoOperation(Command command, ServiceProvider serviceProvider) { - super(command, serviceProvider, GetUserInfoParams.class); - this.discoveryService = serviceProvider.getDiscoveryService(); - this.jansConfigurationService = serviceProvider.getJansConfigurationService(); - this.opClientFactory = discoveryService.getOpClientFactory(); - this.httpService = discoveryService.getHttpService(); - } - @Override - public IOpResponse execute(GetUserInfoParams params) throws IOException { + public IOpResponse execute(GetUserInfoParams params, HttpServletRequest httpServletRequest) throws IOException { getValidationService().validate(params); UserInfoClient client = opClientFactory.createUserInfoClient(discoveryService.getConnectDiscoveryResponseByRpId(params.getRpId()).getUserInfoEndpoint()); @@ -85,4 +80,14 @@ public void validateSubjectIdentifier(String idToken, UserInfoResponse response) throw new HttpException(ErrorResponseCode.FAILED_TO_VERIFY_SUBJECT_IDENTIFIER); } } + + @Override + public Class getParameterClass() { + return GetUserInfoParams.class; + } + + @Override + public CommandType getCommandType() { + return CommandType.GET_USER_INFO; + } } diff --git a/jans-client-api/server/src/main/java/io/jans/ca/server/op/ImplicitFlowOperation.java b/jans-client-api/server/src/main/java/io/jans/ca/server/op/ImplicitFlowOperation.java index a552f82ea5e..e06bac3119d 100644 --- a/jans-client-api/server/src/main/java/io/jans/ca/server/op/ImplicitFlowOperation.java +++ b/jans-client-api/server/src/main/java/io/jans/ca/server/op/ImplicitFlowOperation.java @@ -10,11 +10,13 @@ import io.jans.as.model.common.Prompt; import io.jans.as.model.common.ResponseType; import io.jans.as.model.util.Util; -import io.jans.ca.common.Command; +import io.jans.ca.common.CommandType; import io.jans.ca.common.params.ImplicitFlowParams; import io.jans.ca.common.response.IOpResponse; import io.jans.ca.common.response.ImplicitFlowResponse; -import io.jans.ca.server.service.ServiceProvider; +import io.jans.ca.server.service.DiscoveryService; +import jakarta.inject.Inject; +import jakarta.servlet.http.HttpServletRequest; import org.slf4j.Logger; import org.slf4j.LoggerFactory; @@ -27,17 +29,15 @@ * @version 0.9, 23/06/2015 */ -public class ImplicitFlowOperation extends BaseOperation { +public class ImplicitFlowOperation extends TemplateOperation { private static final Logger LOG = LoggerFactory.getLogger(ImplicitFlowOperation.class); - - public ImplicitFlowOperation(Command p_command, ServiceProvider serviceProvider) { - super(p_command, serviceProvider, ImplicitFlowParams.class); - } + @Inject + DiscoveryService discoveryService; @Override - public IOpResponse execute(ImplicitFlowParams params) { - final OpenIdConfigurationResponse discovery = getDiscoveryService().getConnectDiscoveryResponseByRpId(params.getRpId()); + public IOpResponse execute(ImplicitFlowParams params, HttpServletRequest httpServletRequest) { + final OpenIdConfigurationResponse discovery = discoveryService.getConnectDiscoveryResponseByRpId(params.getRpId()); if (discovery != null) { return requestToken(discovery, params); } @@ -101,4 +101,14 @@ private ImplicitFlowResponse requestToken(OpenIdConfigurationResponse discovery, } return null; } + + @Override + public Class getParameterClass() { + return ImplicitFlowParams.class; + } + + @Override + public CommandType getCommandType() { + return CommandType.IMPLICIT_FLOW; + } } \ No newline at end of file diff --git a/jans-client-api/server/src/main/java/io/jans/ca/server/op/IntrospectAccessTokenOperation.java b/jans-client-api/server/src/main/java/io/jans/ca/server/op/IntrospectAccessTokenOperation.java index b56428ac5f0..d8ee5984cb5 100644 --- a/jans-client-api/server/src/main/java/io/jans/ca/server/op/IntrospectAccessTokenOperation.java +++ b/jans-client-api/server/src/main/java/io/jans/ca/server/op/IntrospectAccessTokenOperation.java @@ -2,34 +2,43 @@ import io.jans.as.model.common.IntrospectionResponse; import io.jans.ca.common.Command; +import io.jans.ca.common.CommandType; import io.jans.ca.common.params.IntrospectAccessTokenParams; import io.jans.ca.common.response.IOpResponse; import io.jans.ca.common.response.POJOResponse; import io.jans.ca.server.service.IntrospectionService; import io.jans.ca.server.service.ServiceProvider; +import jakarta.enterprise.context.RequestScoped; +import jakarta.inject.Inject; +import jakarta.inject.Named; +import jakarta.servlet.http.HttpServletRequest; import org.slf4j.Logger; import org.slf4j.LoggerFactory; -/** - * @author yuriyz - */ -public class IntrospectAccessTokenOperation extends BaseOperation { +@RequestScoped +@Named +public class IntrospectAccessTokenOperation extends TemplateOperation { private static final Logger LOG = LoggerFactory.getLogger(IntrospectAccessTokenOperation.class); - - private IntrospectionService introspectionService; - - public IntrospectAccessTokenOperation(Command command, ServiceProvider serviceProvider) { - super(command, serviceProvider,IntrospectAccessTokenParams.class); - this.introspectionService = serviceProvider.getIntrospectionService(); - } + @Inject + IntrospectionService introspectionService; @Override - public IOpResponse execute(IntrospectAccessTokenParams params) { + public IOpResponse execute(IntrospectAccessTokenParams params, HttpServletRequest httpServletRequest) { getValidationService().validate(params); IntrospectionResponse response = introspectionService.introspectToken(params.getRpId(), params.getAccessToken()); return new POJOResponse(response); } + + @Override + public Class getParameterClass() { + return IntrospectAccessTokenParams.class; + } + + @Override + public CommandType getCommandType() { + return CommandType.INTROSPECT_ACCESS_TOKEN; + } } diff --git a/jans-client-api/server/src/main/java/io/jans/ca/server/op/IntrospectRptOperation.java b/jans-client-api/server/src/main/java/io/jans/ca/server/op/IntrospectRptOperation.java index 0da8b496ed2..17becd109bc 100644 --- a/jans-client-api/server/src/main/java/io/jans/ca/server/op/IntrospectRptOperation.java +++ b/jans-client-api/server/src/main/java/io/jans/ca/server/op/IntrospectRptOperation.java @@ -1,26 +1,38 @@ package io.jans.ca.server.op; -import io.jans.ca.common.Command; +import io.jans.ca.common.CommandType; import io.jans.ca.common.introspection.CorrectRptIntrospectionResponse; import io.jans.ca.common.params.IntrospectRptParams; import io.jans.ca.common.response.IOpResponse; import io.jans.ca.common.response.POJOResponse; -import io.jans.ca.server.service.ServiceProvider; +import io.jans.ca.server.service.IntrospectionService; +import jakarta.enterprise.context.RequestScoped; +import jakarta.inject.Inject; +import jakarta.inject.Named; +import jakarta.servlet.http.HttpServletRequest; -/** - * @author yuriyz - */ -public class IntrospectRptOperation extends BaseOperation { +@RequestScoped +@Named +public class IntrospectRptOperation extends TemplateOperation { - public IntrospectRptOperation(Command command, ServiceProvider serviceProvider) { - super(command, serviceProvider, IntrospectRptParams.class); - } + @Inject + IntrospectionService introspectionService; @Override - public IOpResponse execute(IntrospectRptParams params) { + public IOpResponse execute(IntrospectRptParams params, HttpServletRequest httpServletRequest) { getValidationService().validate(params); - CorrectRptIntrospectionResponse response = getIntrospectionService().introspectRpt(params.getRpId(), params.getRpt()); + CorrectRptIntrospectionResponse response = introspectionService.introspectRpt(params.getRpId(), params.getRpt()); return new POJOResponse(response); } + + @Override + public Class getParameterClass() { + return IntrospectRptParams.class; + } + + @Override + public CommandType getCommandType() { + return CommandType.INTROSPECT_RPT; + } } diff --git a/jans-client-api/server/src/main/java/io/jans/ca/server/op/RemoveSiteOperation.java b/jans-client-api/server/src/main/java/io/jans/ca/server/op/RemoveSiteOperation.java index 389e8271605..5502a19d87e 100644 --- a/jans-client-api/server/src/main/java/io/jans/ca/server/op/RemoveSiteOperation.java +++ b/jans-client-api/server/src/main/java/io/jans/ca/server/op/RemoveSiteOperation.java @@ -1,33 +1,40 @@ package io.jans.ca.server.op; -import io.jans.ca.common.Command; +import io.jans.ca.common.CommandType; import io.jans.ca.common.ErrorResponseCode; import io.jans.ca.common.params.RemoveSiteParams; import io.jans.ca.common.response.IOpResponse; import io.jans.ca.common.response.RemoveSiteResponse; import io.jans.ca.server.HttpException; import io.jans.ca.server.service.RpService; -import io.jans.ca.server.service.ServiceProvider; +import jakarta.enterprise.context.RequestScoped; +import jakarta.inject.Inject; +import jakarta.inject.Named; +import jakarta.servlet.http.HttpServletRequest; -/** - * @author yuriyz - */ -public class RemoveSiteOperation extends BaseOperation { +@RequestScoped +@Named +public class RemoveSiteOperation extends TemplateOperation { - private RpService rpService; - - public RemoveSiteOperation(Command command, ServiceProvider serviceProvider) { - super(command, serviceProvider, RemoveSiteParams.class); - this.rpService = serviceProvider.getRpService(); - - } + @Inject + RpService rpService; @Override - public IOpResponse execute(RemoveSiteParams params) { - String rpId = getRp().getRpId(); + public IOpResponse execute(RemoveSiteParams params, HttpServletRequest httpRequest) { + String rpId = getRp(params).getRpId(); if (rpService.remove(rpId)) { return new RemoveSiteResponse(rpId); } throw new HttpException(ErrorResponseCode.FAILED_TO_REMOVE_SITE); } + + @Override + public Class getParameterClass() { + return RemoveSiteParams.class; + } + + @Override + public CommandType getCommandType() { + return CommandType.REMOVE_SITE; + } } diff --git a/jans-client-api/server/src/main/java/io/jans/ca/server/op/RpGetGetClaimsGatheringUrlOperation.java b/jans-client-api/server/src/main/java/io/jans/ca/server/op/RpGetGetClaimsGatheringUrlOperation.java index 7bbb9130721..a368c7475c2 100644 --- a/jans-client-api/server/src/main/java/io/jans/ca/server/op/RpGetGetClaimsGatheringUrlOperation.java +++ b/jans-client-api/server/src/main/java/io/jans/ca/server/op/RpGetGetClaimsGatheringUrlOperation.java @@ -2,7 +2,7 @@ import com.google.common.collect.Lists; import io.jans.as.model.uma.UmaMetadata; -import io.jans.ca.common.Command; +import io.jans.ca.common.CommandType; import io.jans.ca.common.ErrorResponseCode; import io.jans.ca.common.ExpiredObjectType; import io.jans.ca.common.params.RpGetClaimsGatheringUrlParams; @@ -12,36 +12,32 @@ import io.jans.ca.server.Utils; import io.jans.ca.server.configuration.model.Rp; import io.jans.ca.server.service.DiscoveryService; -import io.jans.ca.server.service.ServiceProvider; import io.jans.ca.server.service.StateService; +import jakarta.enterprise.context.RequestScoped; +import jakarta.inject.Inject; +import jakarta.inject.Named; +import jakarta.servlet.http.HttpServletRequest; import org.apache.commons.lang.StringUtils; import java.util.List; import java.util.Map; import java.util.stream.Collectors; -/** - * @author Yuriy Zabrovarnyy - * @version 0.9, 17/06/2016 - */ +@RequestScoped +@Named +public class RpGetGetClaimsGatheringUrlOperation extends TemplateOperation { -public class RpGetGetClaimsGatheringUrlOperation extends BaseOperation { - - private DiscoveryService discoveryService; - private StateService stateService; - - public RpGetGetClaimsGatheringUrlOperation(Command command, ServiceProvider serviceProvider) { - super(command, serviceProvider, RpGetClaimsGatheringUrlParams.class); - this.discoveryService = serviceProvider.getDiscoveryService(); - this.stateService = serviceProvider.getStateService(); - } + @Inject + DiscoveryService discoveryService; + @Inject + StateService stateService; @Override - public IOpResponse execute(RpGetClaimsGatheringUrlParams params) throws Exception { + public IOpResponse execute(RpGetClaimsGatheringUrlParams params, HttpServletRequest httpServletRequest) throws Exception { validate(params); final UmaMetadata metadata = discoveryService.getUmaDiscoveryByRpId(params.getRpId()); - final Rp rp = getRp(); + final Rp rp = getRp(params); final String state = StringUtils.isNotBlank(params.getState()) ? stateService.putState(stateService.encodeExpiredObject(params.getState(), ExpiredObjectType.STATE)) : stateService.generateState(); String url = metadata.getClaimsInteractionEndpoint() + @@ -69,6 +65,16 @@ public IOpResponse execute(RpGetClaimsGatheringUrlParams params) throws Exceptio return r; } + @Override + public Class getParameterClass() { + return RpGetClaimsGatheringUrlParams.class; + } + + @Override + public CommandType getCommandType() { + return CommandType.RP_GET_CLAIMS_GATHERING_URL; + } + private void validate(RpGetClaimsGatheringUrlParams params) { if (StringUtils.isBlank(params.getTicket())) { throw new HttpException(ErrorResponseCode.NO_UMA_TICKET_PARAMETER); diff --git a/jans-client-api/server/src/main/java/io/jans/ca/server/op/RpGetRptOperation.java b/jans-client-api/server/src/main/java/io/jans/ca/server/op/RpGetRptOperation.java index 578663d4c80..c5a280459b3 100644 --- a/jans-client-api/server/src/main/java/io/jans/ca/server/op/RpGetRptOperation.java +++ b/jans-client-api/server/src/main/java/io/jans/ca/server/op/RpGetRptOperation.java @@ -6,6 +6,7 @@ import io.jans.as.model.uma.UmaNeedInfoResponse; import io.jans.as.model.util.Util; import io.jans.ca.common.Command; +import io.jans.ca.common.CommandType; import io.jans.ca.common.ErrorResponseCode; import io.jans.ca.common.Jackson2; import io.jans.ca.common.params.RpGetRptParams; @@ -13,6 +14,10 @@ import io.jans.ca.server.HttpException; import io.jans.ca.server.service.ServiceProvider; +import jakarta.enterprise.context.RequestScoped; +import jakarta.inject.Inject; +import jakarta.inject.Named; +import jakarta.servlet.http.HttpServletRequest; import jakarta.ws.rs.ClientErrorException; import jakarta.ws.rs.WebApplicationException; import jakarta.ws.rs.core.MediaType; @@ -26,23 +31,16 @@ import java.io.IOException; -/** - * @author Yuriy Zabrovarnyy - * @version 0.9, 02/01/2014 - */ - -public class RpGetRptOperation extends BaseOperation { +@RequestScoped +@Named +public class RpGetRptOperation extends TemplateOperation { private static final Logger LOG = LoggerFactory.getLogger(RpGetRptOperation.class); - private UmaTokenService umaTokenService; - - public RpGetRptOperation(Command command, ServiceProvider serviceProvider) { - super(command, serviceProvider, RpGetRptParams.class); - this.umaTokenService = serviceProvider.getUmaTokenService(); - } + @Inject + UmaTokenService umaTokenService; @Override - public IOpResponse execute(RpGetRptParams params) throws Exception { + public IOpResponse execute(RpGetRptParams params, HttpServletRequest httpServletRequest) throws Exception { try { validate(params); return umaTokenService.getRpt(params); @@ -53,6 +51,16 @@ public IOpResponse execute(RpGetRptParams params) throws Exception { } } + @Override + public Class getParameterClass() { + return RpGetRptParams.class; + } + + @Override + public CommandType getCommandType() { + return CommandType.RP_GET_RPT; + } + public static IOpResponse handleRptError(int status, String entity) throws IOException { final UmaNeedInfoResponse needInfo = parseNeedInfoSilently(entity); if (needInfo != null) { diff --git a/jans-client-api/server/src/main/java/io/jans/ca/server/op/RsCheckAccessOperation.java b/jans-client-api/server/src/main/java/io/jans/ca/server/op/RsCheckAccessOperation.java index 03320be8915..1aaa0418887 100644 --- a/jans-client-api/server/src/main/java/io/jans/ca/server/op/RsCheckAccessOperation.java +++ b/jans-client-api/server/src/main/java/io/jans/ca/server/op/RsCheckAccessOperation.java @@ -18,6 +18,10 @@ import io.jans.ca.server.configuration.model.UmaResource; import io.jans.ca.server.service.IntrospectionService; import io.jans.ca.server.service.UmaTokenService; +import jakarta.enterprise.context.RequestScoped; +import jakarta.inject.Inject; +import jakarta.inject.Named; +import jakarta.servlet.http.HttpServletRequest; import jakarta.ws.rs.ClientErrorException; import jakarta.ws.rs.WebApplicationException; import jakarta.ws.rs.core.MediaType; @@ -29,30 +33,23 @@ import java.util.Collections; import java.util.List; -/** - * @author Yuriy Zabrovarnyy - * @version 0.9, 31/05/2016 - */ - -public class RsCheckAccessOperation extends BaseOperation { +@RequestScoped +@Named +public class RsCheckAccessOperation extends TemplateOperation { private static final Logger LOG = LoggerFactory.getLogger(RsCheckAccessOperation.class); - private UmaTokenService umaTokenService; - private IntrospectionService introspectionService; - private OpClientFactoryImpl opClientFactory; - - public RsCheckAccessOperation(Command command, io.jans.ca.server.service.ServiceProvider serviceProvider) { - super(command, serviceProvider, RsCheckAccessParams.class); - this.umaTokenService = serviceProvider.getUmaTokenService(); - this.introspectionService = umaTokenService.getIntrospectionService(); - this.opClientFactory = umaTokenService.getOpClientFactory(); - } + @Inject + UmaTokenService umaTokenService; + @Inject + IntrospectionService introspectionService; + @Inject + OpClientFactoryImpl opClientFactory; @Override - public IOpResponse execute(final RsCheckAccessParams params) throws Exception { + public IOpResponse execute(final RsCheckAccessParams params, HttpServletRequest httpServletRequest) throws Exception { validate(params); - Rp rp = getRp(); + Rp rp = getRp(params); UmaResource resource = rp.umaResource(params.getPath(), params.getHttpMethod()); if (resource == null) { final ErrorResponse error = new ErrorResponse("invalid_request"); @@ -131,6 +128,16 @@ public void clearPat() { return opResponse; } + @Override + public Class getParameterClass() { + return RsCheckAccessParams.class; + } + + @Override + public CommandType getCommandType() { + return CommandType.RS_CHECK_ACCESS; + } + private List getRequiredScopes(RsCheckAccessParams params, UmaResource resource) { List resourceScopes = resource.getScopes(); diff --git a/jans-client-api/server/src/main/java/io/jans/ca/server/op/RsModifyOperation.java b/jans-client-api/server/src/main/java/io/jans/ca/server/op/RsModifyOperation.java index 47496fffffe..f765ee8a1ad 100644 --- a/jans-client-api/server/src/main/java/io/jans/ca/server/op/RsModifyOperation.java +++ b/jans-client-api/server/src/main/java/io/jans/ca/server/op/RsModifyOperation.java @@ -15,7 +15,13 @@ import io.jans.ca.server.HttpException; import io.jans.ca.server.configuration.model.Rp; import io.jans.ca.server.configuration.model.UmaResource; -import io.jans.ca.server.service.*; +import io.jans.ca.server.service.DiscoveryService; +import io.jans.ca.server.service.RpService; +import io.jans.ca.server.service.UmaTokenService; +import jakarta.enterprise.context.RequestScoped; +import jakarta.inject.Inject; +import jakarta.inject.Named; +import jakarta.servlet.http.HttpServletRequest; import jakarta.ws.rs.ClientErrorException; import jakarta.ws.rs.WebApplicationException; import jakarta.ws.rs.core.MediaType; @@ -27,29 +33,24 @@ import java.util.List; import java.util.stream.Collectors; -public class RsModifyOperation extends BaseOperation { +@RequestScoped +@Named +public class RsModifyOperation extends TemplateOperation { private static final Logger LOG = LoggerFactory.getLogger(RsModifyOperation.class); - private UmaTokenService umaTokenService; - private DiscoveryService discoveryService; - private RpService rpService; - private HttpService httpService; - - public RsModifyOperation(Command command, ServiceProvider serviceProvider) { - super(command, serviceProvider, RsModifyParams.class); - this.discoveryService = serviceProvider.getDiscoveryService(); - this.umaTokenService = serviceProvider.getUmaTokenService(); - this.httpService = serviceProvider.getHttpService(); - this.rpService = serviceProvider.getRpService(); - } - + @Inject + UmaTokenService umaTokenService; + @Inject + DiscoveryService discoveryService; + @Inject + RpService rpService; @Override - public IOpResponse execute(final RsModifyParams params) throws Exception { + public IOpResponse execute(final RsModifyParams params, HttpServletRequest httpServletRequest) throws Exception { validate(params); - Rp rp = getRp(); + Rp rp = getRp(params); PatProvider patProvider = new PatProvider() { @Override @@ -171,4 +172,14 @@ private void validate(RsModifyParams params) { } } } + + @Override + public Class getParameterClass() { + return RsModifyParams.class; + } + + @Override + public CommandType getCommandType() { + return CommandType.RS_MODIFY; + } } diff --git a/jans-client-api/server/src/main/java/io/jans/ca/server/op/RsProtectOperation.java b/jans-client-api/server/src/main/java/io/jans/ca/server/op/RsProtectOperation.java index 3738a43ab4f..db79d7bb18d 100644 --- a/jans-client-api/server/src/main/java/io/jans/ca/server/op/RsProtectOperation.java +++ b/jans-client-api/server/src/main/java/io/jans/ca/server/op/RsProtectOperation.java @@ -11,6 +11,7 @@ import io.jans.as.model.uma.UmaMetadata; import io.jans.as.model.util.Util; import io.jans.ca.common.Command; +import io.jans.ca.common.CommandType; import io.jans.ca.common.ErrorResponseCode; import io.jans.ca.common.params.RsProtectParams; import io.jans.ca.common.response.IOpResponse; @@ -25,6 +26,13 @@ import io.jans.ca.server.HttpException; import io.jans.ca.server.configuration.model.Rp; import io.jans.ca.server.configuration.model.UmaResource; +import io.jans.ca.server.service.DiscoveryService; +import io.jans.ca.server.service.RpService; +import io.jans.ca.server.service.UmaTokenService; +import jakarta.enterprise.context.RequestScoped; +import jakarta.inject.Inject; +import jakarta.inject.Named; +import jakarta.servlet.http.HttpServletRequest; import jakarta.ws.rs.ClientErrorException; import org.apache.commons.lang.StringUtils; import org.slf4j.Logger; @@ -34,30 +42,31 @@ import java.util.List; import java.util.Map; import java.util.Set; - -/** - * @author Yuriy Zabrovarnyy - * @version 0.9, 31/05/2016 - */ - -public class RsProtectOperation extends BaseOperation { +@RequestScoped +@Named +public class RsProtectOperation extends TemplateOperation { private static final Logger LOG = LoggerFactory.getLogger(RsProtectOperation.class); - public RsProtectOperation(Command pCommand, io.jans.ca.server.service.ServiceProvider serviceProvider) { - super(pCommand, serviceProvider, RsProtectParams.class); - } + @Inject + RpService rpService; + @Inject + UmaTokenService umaTokenService; + @Inject + OpClientFactoryImpl opClientFactory; + @Inject + DiscoveryService discoveryService; @Override - public IOpResponse execute(final RsProtectParams params) throws Exception { + public IOpResponse execute(final RsProtectParams params, HttpServletRequest httpServletRequest) throws Exception { validate(params); - Rp rp = getRp(); + Rp rp = getRp(params); PatProvider patProvider = new PatProvider() { @Override public String getPatToken() { - return getUmaTokenService().getPat(params.getRpId()).getToken(); + return umaTokenService.getPat(params.getRpId()).getToken(); } @Override @@ -66,14 +75,14 @@ public void clearPat() { } }; - ResourceRegistrar registrar = getOpClientFactory().createResourceRegistrar(patProvider, new ServiceProvider(rp.getOpHost())); + ResourceRegistrar registrar = opClientFactory.createResourceRegistrar(patProvider, new ServiceProvider(rp.getOpHost())); try { registrar.register(params.getResources()); } catch (ClientErrorException e) { LOG.debug("Failed to register resource. Entity: " + e.getResponse().readEntity(String.class) + ", status: " + e.getResponse().getStatus(), e); if (e.getResponse().getStatus() == 400 || e.getResponse().getStatus() == 401) { LOG.debug("Try maybe PAT is lost on AS, force refresh PAT and re-try ..."); - getUmaTokenService().obtainPat(params.getRpId()); // force to refresh PAT + umaTokenService.obtainPat(params.getRpId()); // force to refresh PAT registrar.register(params.getResources()); } else { throw e; @@ -88,6 +97,16 @@ public void clearPat() { return new RsProtectResponse(rp.getRpId()); } + @Override + public Class getParameterClass() { + return RsProtectParams.class; + } + + @Override + public CommandType getCommandType() { + return CommandType.RS_PROTECT; + } + private void persist(ResourceRegistrar registrar, Rp rp) throws IOException { Map resourceMapCopy = registrar.getResourceMapCopy(); @@ -130,7 +149,7 @@ private void persist(ResourceRegistrar registrar, Rp rp) throws IOException { rp.getUmaProtectedResources().add(resource); } - getRpService().update(rp); + rpService.update(rp); } private void validate(RsProtectParams params) { @@ -160,15 +179,15 @@ private void validate(RsProtectParams params) { } } - Rp rp = getRp(); + Rp rp = getRp(params); List existingUmaResources = rp.getUmaProtectedResources(); if (existingUmaResources != null && !existingUmaResources.isEmpty()) { if (params.getOverwrite() == null || !params.getOverwrite()) { throw new HttpException(ErrorResponseCode.UMA_PROTECTION_FAILED_BECAUSE_RESOURCES_ALREADY_EXISTS); } else { // remove existing resources, overwrite=true - UmaMetadata discovery = getDiscoveryService().getUmaDiscoveryByRpId(params.getRpId()); - String pat = getUmaTokenService().getPat(params.getRpId()).getToken(); + UmaMetadata discovery = discoveryService.getUmaDiscoveryByRpId(params.getRpId()); + String pat = umaTokenService.getPat(params.getRpId()).getToken(); UmaResourceService resourceService = UmaClientFactory.instance().createResourceService(discovery, getHttpService().getClientEngine()); for (UmaResource resource : existingUmaResources) { @@ -177,7 +196,7 @@ private void validate(RsProtectParams params) { LOG.trace("Removed existing resource " + resource.getId() + "."); } rp.getUmaProtectedResources().clear(); - getRpService().updateSilently(rp); + rpService.updateSilently(rp); } } } diff --git a/jans-client-api/server/src/main/java/io/jans/ca/server/op/TemplateOperation.java b/jans-client-api/server/src/main/java/io/jans/ca/server/op/TemplateOperation.java index 0d2af13e42d..ee9a443f372 100644 --- a/jans-client-api/server/src/main/java/io/jans/ca/server/op/TemplateOperation.java +++ b/jans-client-api/server/src/main/java/io/jans/ca/server/op/TemplateOperation.java @@ -3,6 +3,7 @@ */ package io.jans.ca.server.op; +import io.jans.as.model.crypto.AuthCryptoProvider; import io.jans.as.model.util.Util; import io.jans.ca.common.Command; import io.jans.ca.common.CommandType; @@ -16,10 +17,13 @@ import io.jans.ca.server.configuration.ApiAppConfiguration; import io.jans.ca.server.configuration.model.Rp; import io.jans.ca.server.persistence.service.MainPersistenceService; +import io.jans.ca.server.service.HttpService; import io.jans.ca.server.service.RpSyncService; import io.jans.ca.server.service.ValidationService; import io.jans.ca.server.utils.Convertor; +import jakarta.enterprise.context.RequestScoped; import jakarta.inject.Inject; +import jakarta.inject.Named; import jakarta.servlet.http.HttpServletRequest; import jakarta.ws.rs.ClientErrorException; import jakarta.ws.rs.WebApplicationException; @@ -31,7 +35,8 @@ import java.io.IOException; import java.util.List; - +@RequestScoped +@Named public abstract class TemplateOperation implements ITemplateOperation { private static final Logger LOG = LoggerFactory.getLogger(TemplateOperation.class); @@ -42,6 +47,8 @@ public abstract class TemplateOperation implements ITemplateO @Inject RpSyncService rpSyncService; @Inject + HttpService httpService; + @Inject MainPersistenceService jansConfigurationService; public Response process(String paramsAsString, HttpServletRequest httpRequest) { @@ -236,6 +243,15 @@ private void validateAccessToken(String authorization, String authorizationRpId) validationService.validateAccessToken(accessToken, authorizationRpId); } + public AuthCryptoProvider getCryptoProvider() throws Exception { + ApiAppConfiguration conf = getJansConfigurationService().find(); + return new AuthCryptoProvider(conf.getCryptProviderKeyStorePath(), conf.getCryptProviderKeyStorePassword(), conf.getCryptProviderDnName()); + } + + public HttpService getHttpService() { + return httpService; + } + public MainPersistenceService getJansConfigurationService() { return jansConfigurationService; } diff --git a/jans-client-api/server/src/main/java/io/jans/ca/server/op/UpdateSiteOperation.java b/jans-client-api/server/src/main/java/io/jans/ca/server/op/UpdateSiteOperation.java index a143c719159..39f14baeb58 100644 --- a/jans-client-api/server/src/main/java/io/jans/ca/server/op/UpdateSiteOperation.java +++ b/jans-client-api/server/src/main/java/io/jans/ca/server/op/UpdateSiteOperation.java @@ -23,7 +23,9 @@ import io.jans.ca.server.mapper.RegisterRequestMapper; import io.jans.ca.server.service.RpService; import io.jans.ca.server.service.ServiceProvider; +import jakarta.enterprise.context.RequestScoped; import jakarta.inject.Inject; +import jakarta.inject.Named; import jakarta.servlet.http.HttpServletRequest; import jakarta.ws.rs.HttpMethod; import org.apache.commons.collections.CollectionUtils; @@ -36,11 +38,8 @@ import java.util.Set; import java.util.stream.Collectors; -/** - * @author Yuriy Zabrovarnyy - * @version 0.9, 11/03/2016 - */ - +@RequestScoped +@Named public class UpdateSiteOperation extends TemplateOperation { private static final Logger LOG = LoggerFactory.getLogger(UpdateSiteOperation.class); diff --git a/jans-client-api/server/src/main/java/io/jans/ca/server/op/ValidateOperation.java b/jans-client-api/server/src/main/java/io/jans/ca/server/op/ValidateOperation.java index f8c73671b09..ecaa69ba0e3 100644 --- a/jans-client-api/server/src/main/java/io/jans/ca/server/op/ValidateOperation.java +++ b/jans-client-api/server/src/main/java/io/jans/ca/server/op/ValidateOperation.java @@ -4,44 +4,53 @@ import io.jans.as.client.OpenIdConfigurationResponse; import io.jans.as.model.jwt.Jwt; import io.jans.ca.common.Command; +import io.jans.ca.common.CommandType; import io.jans.ca.common.ErrorResponseCode; import io.jans.ca.common.params.ValidateParams; import io.jans.ca.common.response.IOpResponse; import io.jans.ca.common.response.POJOResponse; import io.jans.ca.server.HttpException; import io.jans.ca.server.configuration.model.Rp; +import io.jans.ca.server.service.DiscoveryService; +import io.jans.ca.server.service.PublicOpKeyService; import io.jans.ca.server.service.ServiceProvider; +import io.jans.ca.server.service.StateService; +import jakarta.enterprise.context.RequestScoped; +import jakarta.inject.Inject; +import jakarta.inject.Named; +import jakarta.servlet.http.HttpServletRequest; -/** - * @author Yuriy Zabrovarnyy - * @version 0.9, 14/03/2017 - */ +@RequestScoped +@Named +public class ValidateOperation extends TemplateOperation { -public class ValidateOperation extends BaseOperation { + @Inject + DiscoveryService discoveryService; + @Inject + PublicOpKeyService publicOpKeyService; + @Inject + StateService stateService; + @Inject + OpClientFactoryImpl opClientFactory; - - public ValidateOperation(Command command, ServiceProvider serviceProvider) { - super(command, serviceProvider, ValidateParams.class); - } - - @Override - public IOpResponse execute(ValidateParams params) throws Exception { + @Override + public IOpResponse execute(ValidateParams params, HttpServletRequest httpServletRequest) throws Exception { validateParams(params); - Rp rp = getRp(); - OpenIdConfigurationResponse discoveryResponse = getDiscoveryService().getConnectDiscoveryResponseByRpId(params.getRpId()); + Rp rp = getRp(params); + OpenIdConfigurationResponse discoveryResponse = discoveryService.getConnectDiscoveryResponseByRpId(params.getRpId()); final Jwt idToken = Jwt.parse(params.getIdToken()); final Validator validator = new Validator.Builder() .discoveryResponse(discoveryResponse) .idToken(idToken) - .keyService(getPublicOpKeyService()) - .opClientFactory(getOpClientFactory()) + .keyService(publicOpKeyService) + .opClientFactory(opClientFactory) .rpServerConfiguration(getJansConfigurationService().find()) .rp(rp) .build(); - validator.validateNonce(getStateService()); + validator.validateNonce(stateService); validator.validateIdToken(rp.getClientId()); validator.validateAccessToken(params.getAccessToken()); validator.validateAuthorizationCode(params.getCode()); @@ -49,6 +58,16 @@ public IOpResponse execute(ValidateParams params) throws Exception { return new POJOResponse(""); } + @Override + public Class getParameterClass() { + return ValidateParams.class; + } + + @Override + public CommandType getCommandType() { + return CommandType.VALIDATE; + } + private void validateParams(ValidateParams params) { if (Strings.isNullOrEmpty(params.getCode())) { throw new HttpException(ErrorResponseCode.BAD_REQUEST_NO_CODE); @@ -56,7 +75,7 @@ private void validateParams(ValidateParams params) { if (Strings.isNullOrEmpty(params.getState())) { throw new HttpException(ErrorResponseCode.BAD_REQUEST_NO_STATE); } - if (!getStateService().isExpiredObjectPresent(params.getState())) { + if (!stateService.isExpiredObjectPresent(params.getState())) { throw new HttpException(ErrorResponseCode.BAD_REQUEST_STATE_NOT_VALID); } if (!Strings.isNullOrEmpty(params.getIdToken())) { diff --git a/jans-client-api/server/src/main/java/io/jans/ca/server/rest/BaseResource.java b/jans-client-api/server/src/main/java/io/jans/ca/server/rest/BaseResource.java index 9e00c8d17ef..cf011680189 100644 --- a/jans-client-api/server/src/main/java/io/jans/ca/server/rest/BaseResource.java +++ b/jans-client-api/server/src/main/java/io/jans/ca/server/rest/BaseResource.java @@ -1,177 +1,17 @@ package io.jans.ca.server.rest; -import io.jans.as.model.util.Util; -import io.jans.ca.common.Command; -import io.jans.ca.common.CommandType; -import io.jans.ca.common.ErrorResponseCode; -import io.jans.ca.common.Jackson2; -import io.jans.ca.common.params.HasRpIdParams; -import io.jans.ca.common.params.IParams; -import io.jans.ca.common.response.IOpResponse; -import io.jans.ca.common.response.POJOResponse; -import io.jans.ca.server.HttpException; -import io.jans.ca.server.Processor; -import io.jans.ca.server.configuration.ApiAppConfiguration; -import io.jans.ca.server.configuration.model.Rp; -import io.jans.ca.server.service.RpSyncService; -import io.jans.ca.server.service.ValidationService; -import io.jans.ca.server.persistence.service.MainPersistenceService; import jakarta.inject.Inject; import jakarta.servlet.http.HttpServletRequest; -import jakarta.ws.rs.WebApplicationException; import jakarta.ws.rs.core.Context; -import jakarta.ws.rs.core.MediaType; -import jakarta.ws.rs.core.Response; import org.slf4j.Logger; -import java.io.IOException; -import java.util.List; - public class BaseResource { @Inject Logger logger; - @Inject - MainPersistenceService jansConfigurationService; - @Inject - RpSyncService rpSyncService; - @Inject - ValidationService validationService; - @Inject - Processor processor; - @Context private HttpServletRequest httpRequest; - private static final String LOCALHOST_IP_ADDRESS = "127.0.0.1"; - - public T read(String params, Class clazz) { - try { - return Jackson2.createJsonMapper().readValue(params, clazz); - } catch (IOException e) { - throw new WebApplicationException(Response.status(Response.Status.BAD_REQUEST).entity("Invalid parameters. Message: " + e.getMessage()).build()); - } - } - - public String process(CommandType commandType, String paramsAsString, Class paramsClass, String authorization, String authorizationRpId) { - String endPointUrl = httpRequest.getRequestURL().toString(); - logger.info("Endpoint: {}", endPointUrl); - logger.info("Request parameters: {}", paramsAsString); - logger.info("CommandType: {}", commandType); - - validateIpAddressAllowed(httpRequest.getRemoteAddr()); - Object forJsonConversion = getObjectForJsonConversion(commandType, paramsAsString, paramsClass, authorization, authorizationRpId); - String response = null; - - if (commandType.getReturnType().equalsIgnoreCase(MediaType.APPLICATION_JSON)) { - response = Jackson2.asJsonSilently(forJsonConversion); - } else if (commandType.getReturnType().equalsIgnoreCase(MediaType.TEXT_PLAIN)) { - response = forJsonConversion.toString(); - } - - logger.trace("Send back response: {}", response); - return response; - } - - private void validateIpAddressAllowed(String callerIpAddress) { - logger.trace("Checking if caller ipAddress : {} is allowed to make request to jans_client_api.", callerIpAddress); - final ApiAppConfiguration conf = jansConfigurationService.find(); - List bindIpAddresses = conf.getBindIpAddresses(); - - //localhost as default bindAddress - if ((bindIpAddresses == null || bindIpAddresses.isEmpty()) && LOCALHOST_IP_ADDRESS.equalsIgnoreCase(callerIpAddress)) { - return; - } - //show error if ip_address of a remote caller is not set in `bind_ip_addresses` - if (bindIpAddresses == null || bindIpAddresses.isEmpty()) { - logger.error("The caller is not allowed to make request to jans_client_api. To allow add ip_address of caller in `bind_ip_addresses` array of configuration."); - throw new HttpException(ErrorResponseCode.RP_ACCESS_DENIED); - } - //allow all ip_address - if (bindIpAddresses.contains("*")) { - return; - } - - if (bindIpAddresses.contains(callerIpAddress)) { - return; - } - logger.error("The caller is not allowed to make request to jans_client_api. To allow add ip_address of caller in `bind_ip_addresses` array of configuration."); - throw new HttpException(ErrorResponseCode.RP_ACCESS_DENIED); - } - - private Object getObjectForJsonConversion(CommandType commandType, String paramsAsString, Class paramsClass, String authorization, String authorizationRpId) { - logger.trace("Command: {}", paramsAsString); - T params = read(safeToJson(paramsAsString), paramsClass); - - final ApiAppConfiguration conf = jansConfigurationService.find(); - - if (commandType.isAuthorizationRequired()) { - validateAuthorizationRpId(conf, authorizationRpId); - validateAccessToken(authorization, safeToRpId((HasRpIdParams) params, authorizationRpId)); - } - - Command command = new Command(commandType, params); - final IOpResponse response = processor.process(command); - Object forJsonConversion = response; - if (response instanceof POJOResponse) { - forJsonConversion = ((POJOResponse) response).getNode(); - } - return forJsonConversion; - } - - private void validateAuthorizationRpId(ApiAppConfiguration conf, String authorizationRpId) { - - if (Util.isNullOrEmpty(authorizationRpId)) { - return; - } - - final Rp rp = rpSyncService.getRp(authorizationRpId); - - if (rp == null || Util.isNullOrEmpty(rp.getRpId())) { - logger.debug("`rp_id` in `AuthorizationRpId` header is not registered in jans_client_api."); - throw new HttpException(ErrorResponseCode.AUTHORIZATION_RP_ID_NOT_FOUND); - } - - if (conf.getProtectCommandsWithRpId() == null || conf.getProtectCommandsWithRpId().isEmpty()) { - return; - } - - if (!conf.getProtectCommandsWithRpId().contains(authorizationRpId)) { - logger.debug("`rp_id` in `AuthorizationRpId` header is invalid. The `AuthorizationRpId` header should contain `rp_id` from `protect_commands_with_rp_id` field in client-api-server.yml."); - throw new HttpException(ErrorResponseCode.INVALID_AUTHORIZATION_RP_ID); - } - } - - private void validateAccessToken(String authorization, String authorizationRpId) { - final String prefix = "Bearer "; - final ApiAppConfiguration conf = jansConfigurationService.find(); - - if (conf.getProtectCommandsWithAccessToken() != null && !conf.getProtectCommandsWithAccessToken()) { - logger.debug("Skip protection because protect_commands_with_access_token: false in configuration file."); - return; - } - - if (Util.isNullOrEmpty(authorization)) { - logger.debug("No access token provided in Authorization header. Forbidden."); - throw new HttpException(ErrorResponseCode.BLANK_ACCESS_TOKEN); - } - - String accessToken = authorization.substring(prefix.length()); - if (Util.isNullOrEmpty(accessToken)) { - logger.debug("No access token provided in Authorization header. Forbidden."); - throw new HttpException(ErrorResponseCode.BLANK_ACCESS_TOKEN); - } - - validationService.validateAccessToken(accessToken, authorizationRpId); - } - - private String safeToRpId(HasRpIdParams params, String authorizationRpId) { - return Util.isNullOrEmpty(authorizationRpId) ? params.getRpId() : authorizationRpId; - } - - private String safeToJson(String jsonString) { - return Util.isNullOrEmpty(jsonString) ? "{}" : jsonString; - } public HttpServletRequest getHttpRequest() { return httpRequest; diff --git a/jans-client-api/server/src/main/java/io/jans/ca/server/rest/OAuth20Resource.java b/jans-client-api/server/src/main/java/io/jans/ca/server/rest/OAuth20Resource.java index 94793daaa38..7e39a197770 100644 --- a/jans-client-api/server/src/main/java/io/jans/ca/server/rest/OAuth20Resource.java +++ b/jans-client-api/server/src/main/java/io/jans/ca/server/rest/OAuth20Resource.java @@ -1,10 +1,6 @@ package io.jans.ca.server.rest; -import io.jans.ca.common.CommandType; -import io.jans.ca.common.params.*; -import io.jans.ca.server.op.GetDiscoveryOperation; -import io.jans.ca.server.op.RegisterSiteOperation; -import io.jans.ca.server.op.UpdateSiteOperation; +import io.jans.ca.server.op.*; import jakarta.inject.Inject; import jakarta.ws.rs.*; import jakarta.ws.rs.core.MediaType; @@ -19,6 +15,26 @@ public class OAuth20Resource extends BaseResource { RegisterSiteOperation registerSiteOp; @Inject UpdateSiteOperation updateSiteOp; + @Inject + RemoveSiteOperation removeSiteOp; + @Inject + GetClientTokenOperation getClientTokenOp; + @Inject + GetAccessTokenByRefreshTokenOperation getAccessTokenByRefreshTokenOp; + @Inject + IntrospectAccessTokenOperation introspectAccessTokenOp; + @Inject + GetUserInfoOperation getUserInfoOp; + @Inject + GetJwksOperation getJwksOp; + @Inject + GetLogoutUrlOperation getLogoutUrlOp; + @Inject + GetIssuerOperation getIssuerOp; + @Inject + CheckIdTokenOperation getCheckIdTokenOp; + @Inject + CheckAccessTokenOperation getCheckAccessTokenOp; @POST @Path("/register-site") @@ -42,8 +58,7 @@ public Response updateSite(@HeaderParam("Authorization") String authorization, @ @Consumes(MediaType.APPLICATION_JSON) public Response removeSite(@HeaderParam("Authorization") String authorization, @HeaderParam("AuthorizationRpId") String authorizationRpId, String params) { logger.info("Api Resource: /remove-site Params: {}", params); - String result = process(CommandType.REMOVE_SITE, params, RemoveSiteParams.class, authorization, authorizationRpId); - return Response.ok(result).build(); + return removeSiteOp.process(params, authorization, authorizationRpId, getHttpRequest()); } @POST @@ -51,8 +66,7 @@ public Response removeSite(@HeaderParam("Authorization") String authorization, @ @Produces(MediaType.APPLICATION_JSON) public Response getClientToken(String params) { logger.info("Api Resource: /get-client-token Params: {}", params); - String result = process(CommandType.GET_CLIENT_TOKEN, params, GetClientTokenParams.class, null, null); - return Response.ok(result).build(); + return getClientTokenOp.process(params, getHttpRequest()); } @POST @@ -61,8 +75,7 @@ public Response getClientToken(String params) { @Consumes(MediaType.APPLICATION_JSON) public Response getAccessTokenByRefreshToken(@HeaderParam("Authorization") String authorization, @HeaderParam("AuthorizationRpId") String authorizationRpId, String params) { logger.info("Api Resource: /get-access-token-by-refresh-token Params: {}", params); - String result = process(CommandType.GET_ACCESS_TOKEN_BY_REFRESH_TOKEN, params, GetAccessTokenByRefreshTokenParams.class, authorization, authorizationRpId); - return Response.ok(result).build(); + return getAccessTokenByRefreshTokenOp.process(params, authorization, authorizationRpId, getHttpRequest()); } @POST @@ -71,8 +84,7 @@ public Response getAccessTokenByRefreshToken(@HeaderParam("Authorization") Strin @Consumes(MediaType.APPLICATION_JSON) public Response introspectAccessToken(@HeaderParam("Authorization") String authorization, @HeaderParam("AuthorizationRpId") String authorizationRpId, String params) { logger.info("Api Resource: /introspect-access-token Params: {}", params); - String result = process(CommandType.INTROSPECT_ACCESS_TOKEN, params, IntrospectAccessTokenParams.class, authorization, authorizationRpId); - return Response.ok(result).build(); + return introspectAccessTokenOp.process(params, authorization, authorizationRpId, getHttpRequest()); } @POST @@ -81,8 +93,7 @@ public Response introspectAccessToken(@HeaderParam("Authorization") String autho @Consumes(MediaType.APPLICATION_JSON) public Response getUserInfo(@HeaderParam("Authorization") String authorization, @HeaderParam("AuthorizationRpId") String authorizationRpId, String params) { logger.info("Api Resource: /get-user-info Params: {}", params); - String result = process(CommandType.GET_USER_INFO, params, GetUserInfoParams.class, authorization, authorizationRpId); - return Response.ok(result).build(); + return getUserInfoOp.process(params, authorization, authorizationRpId, getHttpRequest()); } @POST @@ -91,8 +102,7 @@ public Response getUserInfo(@HeaderParam("Authorization") String authorization, @Consumes(MediaType.APPLICATION_JSON) public Response getJwks(@HeaderParam("Authorization") String authorization, @HeaderParam("AuthorizationRpId") String authorizationRpId, String params) { logger.info("Api Resource: /get-jwks Params: {}", params); - String result = process(CommandType.GET_JWKS, params, GetJwksParams.class, authorization, authorizationRpId); - return Response.ok(result).build(); + return getJwksOp.process(params, authorization, authorizationRpId, getHttpRequest()); } @POST @@ -109,8 +119,7 @@ public Response getDiscovery(String params) { @Consumes(MediaType.APPLICATION_JSON) public Response checkAccessToken(@HeaderParam("Authorization") String authorization, @HeaderParam("AuthorizationRpId") String authorizationRpId, String params) { logger.info("Api Resource: /check-access-token Params: {}", params); - String result = process(CommandType.CHECK_ACCESS_TOKEN, params, CheckAccessTokenParams.class, authorization, authorizationRpId); - return Response.ok(result).build(); + return getCheckAccessTokenOp.process(params, authorization, authorizationRpId, getHttpRequest()); } @POST @@ -119,8 +128,7 @@ public Response checkAccessToken(@HeaderParam("Authorization") String authorizat @Consumes(MediaType.APPLICATION_JSON) public Response checkIdToken(@HeaderParam("Authorization") String authorization, @HeaderParam("AuthorizationRpId") String authorizationRpId, String params) { logger.info("Api Resource: /check-id-token Params: {}", params); - String result = process(CommandType.CHECK_ID_TOKEN, params, CheckIdTokenParams.class, authorization, authorizationRpId); - return Response.ok(result).build(); + return getCheckIdTokenOp.process(params, authorization, authorizationRpId, getHttpRequest()); } @POST @@ -129,7 +137,6 @@ public Response checkIdToken(@HeaderParam("Authorization") String authorization, @Consumes(MediaType.APPLICATION_JSON) public Response getIssuer(String params) { logger.info("Api Resource: /get-issuer Params: {}", params); - String result = process(CommandType.ISSUER_DISCOVERY, params, GetIssuerParams.class, null, null); - return Response.ok(result).build(); + return getIssuerOp.process(params, getHttpRequest()); } } diff --git a/jans-client-api/server/src/main/java/io/jans/ca/server/rest/OpenIdConnectResource.java b/jans-client-api/server/src/main/java/io/jans/ca/server/rest/OpenIdConnectResource.java index e75a75ce44f..64a42e4f3f5 100644 --- a/jans-client-api/server/src/main/java/io/jans/ca/server/rest/OpenIdConnectResource.java +++ b/jans-client-api/server/src/main/java/io/jans/ca/server/rest/OpenIdConnectResource.java @@ -5,6 +5,11 @@ import io.jans.ca.common.params.GetAuthorizationUrlParams; import io.jans.ca.common.params.GetLogoutUrlParams; import io.jans.ca.common.params.GetTokensByCodeParams; +import io.jans.ca.server.op.GetAuthorizationCodeOperation; +import io.jans.ca.server.op.GetAuthorizationUrlOperation; +import io.jans.ca.server.op.GetLogoutUrlOperation; +import io.jans.ca.server.op.GetTokensByCodeOperation; +import jakarta.inject.Inject; import jakarta.ws.rs.*; import jakarta.ws.rs.core.MediaType; import jakarta.ws.rs.core.Response; @@ -12,14 +17,22 @@ @Path("/") public class OpenIdConnectResource extends BaseResource { + @Inject + GetAuthorizationCodeOperation getAuthorizationCodeOp; + @Inject + GetAuthorizationUrlOperation getAuthorizationUrlOp; + @Inject + GetTokensByCodeOperation getTokensByCodeOp; + @Inject + GetLogoutUrlOperation getLogoutUrlOp; + @POST @Path("/get-authorization-url") @Produces(MediaType.APPLICATION_JSON) @Consumes(MediaType.APPLICATION_JSON) public Response getAuthorizationUrl(@HeaderParam("Authorization") String authorization, @HeaderParam("AuthorizationRpId") String authorizationRpId, String params) { logger.info("Api Resource: /get-authorization-url Params: {}", params); - String result = process(CommandType.GET_AUTHORIZATION_URL, params, GetAuthorizationUrlParams.class, authorization, authorizationRpId); - return Response.ok(result).build(); + return getAuthorizationUrlOp.process(params, authorization, authorizationRpId, getHttpRequest()); } @POST @@ -28,8 +41,7 @@ public Response getAuthorizationUrl(@HeaderParam("Authorization") String authori @Consumes(MediaType.APPLICATION_JSON) public Response getAuthorizationCode(@HeaderParam("Authorization") String authorization, @HeaderParam("AuthorizationRpId") String authorizationRpId, String params) { logger.info("Api Resource: /get-authorization-code Params: {}", params); - String result = process(CommandType.GET_AUTHORIZATION_CODE, params, GetAuthorizationCodeParams.class, authorization, authorizationRpId); - return Response.ok(result).build(); + return getAuthorizationCodeOp.process(params, authorization, authorizationRpId, getHttpRequest()); } @POST @@ -38,8 +50,7 @@ public Response getAuthorizationCode(@HeaderParam("Authorization") String author @Consumes(MediaType.APPLICATION_JSON) public Response getTokenByCode(@HeaderParam("Authorization") String authorization, @HeaderParam("AuthorizationRpId") String authorizationRpId, String params) { logger.info("Api Resource: /get-tokens-by-code Params: {}", params); - String result = process(CommandType.GET_TOKENS_BY_CODE, params, GetTokensByCodeParams.class, authorization, authorizationRpId); - return Response.ok(result).build(); + return getTokensByCodeOp.process(params, authorization, authorizationRpId, getHttpRequest()); } @POST @@ -48,7 +59,6 @@ public Response getTokenByCode(@HeaderParam("Authorization") String authorizatio @Consumes(MediaType.APPLICATION_JSON) public Response getLogoutUri(@HeaderParam("Authorization") String authorization, @HeaderParam("AuthorizationRpId") String authorizationRpId, String params) { logger.info("Api Resource: /get-logout-uri Params: {}", params); - String result = process(CommandType.GET_LOGOUT_URI, params, GetLogoutUrlParams.class, authorization, authorizationRpId); - return Response.ok(result).build(); + return getLogoutUrlOp.process(params, authorization, authorizationRpId, getHttpRequest()); } } diff --git a/jans-client-api/server/src/main/java/io/jans/ca/server/rest/RpResource.java b/jans-client-api/server/src/main/java/io/jans/ca/server/rest/RpResource.java index fd6e93cdebe..a5f6e3f2744 100644 --- a/jans-client-api/server/src/main/java/io/jans/ca/server/rest/RpResource.java +++ b/jans-client-api/server/src/main/java/io/jans/ca/server/rest/RpResource.java @@ -1,7 +1,8 @@ package io.jans.ca.server.rest; -import io.jans.ca.common.CommandType; -import io.jans.ca.common.params.*; +import io.jans.ca.common.params.StringParam; +import io.jans.ca.server.op.*; +import jakarta.inject.Inject; import jakarta.ws.rs.*; import jakarta.ws.rs.core.MediaType; import jakarta.ws.rs.core.Response; @@ -9,15 +10,23 @@ @Path("/") public class RpResource extends BaseResource { + @Inject + GetRpJwksOperation getRpJwksOp; + @Inject + GetRpOperation getRpOp; + @Inject + AuthorizationCodeFlowOperation authorizationCodeFlowOp; + @Inject + GetRequestObjectOperation getRequestObjectOp; + @Inject + GetRequestObjectUriOperation getRequestObjectUriOp; + @GET @Path("/get-rp-jwks") @Produces(MediaType.APPLICATION_JSON) public Response getRpJwks() { logger.info("Api Resource: get-rp-jwks"); - String result = process(CommandType.GET_RP_JWKS, null, GetJwksParams.class, null, null); - logger.info("Api Resource: get-rp-jwks - result:{}", result); - - return Response.ok(result).build(); + return getRpJwksOp.process(null, getHttpRequest()); } @POST @@ -25,10 +34,7 @@ public Response getRpJwks() { @Produces(MediaType.APPLICATION_JSON) public Response getRp(@HeaderParam("Authorization") String authorization, @HeaderParam("AuthorizationRpId") String authorizationRpId, String params) { logger.info("Api Resource: get-rp"); - String result = process(CommandType.GET_RP, params, GetRpParams.class, authorization, authorizationRpId); - logger.info("Api Resource: get-rp - result:{}", result); - - return Response.ok(result).build(); + return getRpOp.process(params, authorization, authorizationRpId, getHttpRequest()); } @POST @@ -37,8 +43,7 @@ public Response getRp(@HeaderParam("Authorization") String authorization, @Heade @Consumes(MediaType.APPLICATION_JSON) public Response authorizationCodeFlow(@HeaderParam("Authorization") String authorization, @HeaderParam("AuthorizationRpId") String authorizationRpId, String params) { logger.info("Api Resource: authorization-code-flow"); - String result = process(CommandType.AUTHORIZATION_CODE_FLOW, params, AuthorizationCodeFlowParams.class, authorization, authorizationRpId); - return Response.ok(result).build(); + return authorizationCodeFlowOp.process(params, authorization, authorizationRpId, getHttpRequest()); } @GET @@ -46,8 +51,7 @@ public Response authorizationCodeFlow(@HeaderParam("Authorization") String autho @Produces(MediaType.TEXT_PLAIN) public Response getRequestObject(@PathParam("request_object_id") String value) { logger.info("Api Resource: get-request-object/{}", value); - String result = process(CommandType.GET_REQUEST_OBJECT_JWT, (new StringParam(value)).toJsonString(), StringParam.class, null, null); - return Response.ok(result).build(); + return getRequestObjectOp.process((new StringParam(value)).toJsonString(), getHttpRequest()); } @POST @@ -56,7 +60,6 @@ public Response getRequestObject(@PathParam("request_object_id") String value) { @Consumes(MediaType.APPLICATION_JSON) public Response getRequestObjectUri(@HeaderParam("Authorization") String authorization, @HeaderParam("AuthorizationRpId") String authorizationRpId, String params) { logger.info("Api Resource: get-request-object-uri"); - String result = process(CommandType.GET_REQUEST_URI, params, GetRequestObjectUriParams.class, authorization, authorizationRpId); - return Response.ok(result).build(); + return getRequestObjectUriOp.process(params, authorization, authorizationRpId, getHttpRequest()); } } diff --git a/jans-client-api/server/src/main/java/io/jans/ca/server/rest/UMA2RelyingPartyResource.java b/jans-client-api/server/src/main/java/io/jans/ca/server/rest/UMA2RelyingPartyResource.java index 876dc176d32..cd67aaa569c 100644 --- a/jans-client-api/server/src/main/java/io/jans/ca/server/rest/UMA2RelyingPartyResource.java +++ b/jans-client-api/server/src/main/java/io/jans/ca/server/rest/UMA2RelyingPartyResource.java @@ -1,8 +1,8 @@ package io.jans.ca.server.rest; -import io.jans.ca.common.CommandType; -import io.jans.ca.common.params.RpGetClaimsGatheringUrlParams; -import io.jans.ca.common.params.RpGetRptParams; +import io.jans.ca.server.op.RpGetGetClaimsGatheringUrlOperation; +import io.jans.ca.server.op.RpGetRptOperation; +import jakarta.inject.Inject; import jakarta.ws.rs.*; import jakarta.ws.rs.core.MediaType; import jakarta.ws.rs.core.Response; @@ -10,14 +10,18 @@ @Path("/") public class UMA2RelyingPartyResource extends BaseResource { + @Inject + RpGetRptOperation rpGetRptOp; + @Inject + RpGetGetClaimsGatheringUrlOperation rpGetGetClaimsGatheringUrlOp; + @POST @Path("/uma-rp-get-rpt") @Produces(MediaType.APPLICATION_JSON) @Consumes(MediaType.APPLICATION_JSON) public Response umaRpGetRpt(@HeaderParam("Authorization") String authorization, @HeaderParam("AuthorizationRpId") String authorizationRpId, String params) { logger.info("Api Resource: /uma-rp-get-rpt Params: {}", params); - String result = process(CommandType.RP_GET_RPT, params, RpGetRptParams.class, authorization, authorizationRpId); - return Response.ok(result).build(); + return rpGetRptOp.process(params, authorization, authorizationRpId, getHttpRequest()); } @POST @@ -26,8 +30,7 @@ public Response umaRpGetRpt(@HeaderParam("Authorization") String authorization, @Consumes(MediaType.APPLICATION_JSON) public Response umaRpGetClaimsGatheringUrl(@HeaderParam("Authorization") String authorization, @HeaderParam("AuthorizationRpId") String authorizationRpId, String params) { logger.info("Api Resource: /uma-rp-get-claims-gathering-url Params: {}", params); - String result = process(CommandType.RP_GET_CLAIMS_GATHERING_URL, params, RpGetClaimsGatheringUrlParams.class, authorization, authorizationRpId); - return Response.ok(result).build(); + return rpGetGetClaimsGatheringUrlOp.process(params, authorization, authorizationRpId, getHttpRequest()); } } diff --git a/jans-client-api/server/src/main/java/io/jans/ca/server/rest/UMA2ResourceServerResource.java b/jans-client-api/server/src/main/java/io/jans/ca/server/rest/UMA2ResourceServerResource.java index 8c28d96b782..0a38509f86e 100644 --- a/jans-client-api/server/src/main/java/io/jans/ca/server/rest/UMA2ResourceServerResource.java +++ b/jans-client-api/server/src/main/java/io/jans/ca/server/rest/UMA2ResourceServerResource.java @@ -1,7 +1,10 @@ package io.jans.ca.server.rest; -import io.jans.ca.common.CommandType; -import io.jans.ca.common.params.*; +import io.jans.ca.server.op.IntrospectRptOperation; +import io.jans.ca.server.op.RsCheckAccessOperation; +import io.jans.ca.server.op.RsModifyOperation; +import io.jans.ca.server.op.RsProtectOperation; +import jakarta.inject.Inject; import jakarta.ws.rs.*; import jakarta.ws.rs.core.MediaType; import jakarta.ws.rs.core.Response; @@ -9,14 +12,22 @@ @Path("/") public class UMA2ResourceServerResource extends BaseResource { + @Inject + RsProtectOperation rsProtectOp; + @Inject + RsModifyOperation rsModifyOp; + @Inject + IntrospectRptOperation introspectRptOp; + @Inject + RsCheckAccessOperation rsCheckAccessOp; + @POST @Path("/uma-rs-protect") @Produces(MediaType.APPLICATION_JSON) @Consumes(MediaType.APPLICATION_JSON) public Response umaRsProtect(@HeaderParam("Authorization") String authorization, @HeaderParam("AuthorizationRpId") String authorizationRpId, String params) { logger.info("Api Resource: /uma-rs-protect Params: {}", params); - String result = process(CommandType.RS_PROTECT, params, RsProtectParams.class, authorization, authorizationRpId); - return Response.ok(result).build(); + return rsProtectOp.process(params, authorization, authorizationRpId, getHttpRequest()); } @POST @@ -25,8 +36,7 @@ public Response umaRsProtect(@HeaderParam("Authorization") String authorization, @Consumes(MediaType.APPLICATION_JSON) public Response umaRsCheckAccess(@HeaderParam("Authorization") String authorization, @HeaderParam("AuthorizationRpId") String authorizationRpId, String params) { logger.info("Api Resource: /uma-rs-check-access Params: {}", params); - String result = process(CommandType.RS_CHECK_ACCESS, params, RsCheckAccessParams.class, authorization, authorizationRpId); - return Response.ok(result).build(); + return rsCheckAccessOp.process(params, authorization, authorizationRpId, getHttpRequest()); } @POST @@ -35,8 +45,7 @@ public Response umaRsCheckAccess(@HeaderParam("Authorization") String authorizat @Consumes(MediaType.APPLICATION_JSON) public Response introspectRpt(@HeaderParam("Authorization") String authorization, @HeaderParam("AuthorizationRpId") String authorizationRpId, String params) { logger.info("Api Resource: /introspect-rpt Params: {}", params); - String result = process(CommandType.INTROSPECT_RPT, params, IntrospectRptParams.class, authorization, authorizationRpId); - return Response.ok(result).build(); + return introspectRptOp.process(params, authorization, authorizationRpId, getHttpRequest()); } @POST @@ -45,7 +54,6 @@ public Response introspectRpt(@HeaderParam("Authorization") String authorization @Consumes(MediaType.APPLICATION_JSON) public Response umaRsModify(@HeaderParam("Authorization") String authorization, @HeaderParam("AuthorizationRpId") String authorizationRpId, String params) { logger.info("Api Resource: /uma-rs-modify Params: {}", params); - String result = process(CommandType.RS_MODIFY, params, RsModifyParams.class, authorization, authorizationRpId); - return Response.ok(result).build(); + return rsModifyOp.process(params, authorization, authorizationRpId, getHttpRequest()); } } From b6e3b3b5d3dffd47f192db97050cf0b8a5a44eb7 Mon Sep 17 00:00:00 2001 From: jmunozherbas Date: Thu, 30 Jun 2022 01:46:01 -0400 Subject: [PATCH 03/10] feat(jans-client-api):remove explicit authorization headers from endpoints --- .../ca/server/filter/AuthorizationFilter.java | 105 ------------------ .../jans/ca/server/op/TemplateOperation.java | 20 +--- .../jans/ca/server/rest/OAuth20Resource.java | 34 +++--- .../ca/server/rest/OpenIdConnectResource.java | 16 +-- .../io/jans/ca/server/rest/RpResource.java | 12 +- .../server/rest/UMA2RelyingPartyResource.java | 13 ++- .../rest/UMA2ResourceServerResource.java | 21 ++-- 7 files changed, 54 insertions(+), 167 deletions(-) delete mode 100644 jans-client-api/server/src/main/java/io/jans/ca/server/filter/AuthorizationFilter.java diff --git a/jans-client-api/server/src/main/java/io/jans/ca/server/filter/AuthorizationFilter.java b/jans-client-api/server/src/main/java/io/jans/ca/server/filter/AuthorizationFilter.java deleted file mode 100644 index c1d074d5964..00000000000 --- a/jans-client-api/server/src/main/java/io/jans/ca/server/filter/AuthorizationFilter.java +++ /dev/null @@ -1,105 +0,0 @@ -/* - * Janssen Project software is available under the MIT License (2008). See http://opensource.org/licenses/MIT for full text. - * - * Copyright (c) 2020, Janssen Project - */ - -package io.jans.ca.server.filter; - -import io.jans.configapi.core.rest.ProtectedApi; -//import io.jans.configapi.security.service.AuthorizationService; -import io.jans.configapi.util.ApiConstants; -import jakarta.annotation.Priority; -import jakarta.inject.Inject; -import jakarta.servlet.http.HttpServletRequest; -import jakarta.ws.rs.Priorities; -import jakarta.ws.rs.container.ContainerRequestContext; -import jakarta.ws.rs.container.ContainerRequestFilter; -import jakarta.ws.rs.container.ResourceInfo; -import jakarta.ws.rs.core.Context; -import jakarta.ws.rs.core.HttpHeaders; -import jakarta.ws.rs.core.Response; -import jakarta.ws.rs.core.UriInfo; -import jakarta.ws.rs.ext.Provider; -import org.slf4j.Logger; - -@Provider -@ProtectedApi -@Priority(Priorities.AUTHENTICATION) -public class AuthorizationFilter implements ContainerRequestFilter { - - private static final String AUTHENTICATION_SCHEME = "Bearer"; - - @Inject - Logger log; - - @Context - UriInfo info; - - @Context - HttpServletRequest request; - - @Context - private HttpHeaders httpHeaders; - - @Context - private ResourceInfo resourceInfo; - -// @Inject -// AuthorizationService authorizationService; - - @SuppressWarnings({ "all" }) - public void filter(ContainerRequestContext context) { - log.info("======================================================================="); - log.info("====== context = " + context + " , info.getAbsolutePath() = " + info.getAbsolutePath() - + " , info.getRequestUri() = " + info.getRequestUri() + "\n\n"); - log.info("====== info.getBaseUri()=" + info.getBaseUri() + " info.getPath()=" + info.getPath() - + " info.toString()=" + info.toString()); - log.info("====== request.getContextPath()=" + request.getContextPath() + " request.getRequestURI()=" - + request.getRequestURI() + " request.toString() " + request.toString()); - log.info("======" + context.getMethod() + " " + info.getPath() + " FROM IP " + request.getRemoteAddr()); - log.info("======PERFORMING AUTHORIZATION========================================="); - String authorizationHeader = context.getHeaderString(HttpHeaders.AUTHORIZATION); - String issuer = context.getHeaderString(ApiConstants.ISSUER); -// boolean configOauthEnabled = authorizationService.isConfigOauthEnabled(); -// log.info("\n\n\n AuthorizationFilter::filter() - authorizationHeader = " + authorizationHeader + " , issuer = " -// + issuer + " , configOauthEnabled = " + configOauthEnabled + "\n\n\n"); -// -// if (!configOauthEnabled) { -// log.info("====== Authorization Granted...====== "); -// return; -// } -// -// log.info("\n\n\n AuthorizationFilter::filter() - Config Api OAuth Valdation Enabled"); -// if (!isTokenBasedAuthentication(authorizationHeader)) { -// abortWithUnauthorized(context, "ONLY TOKEN BASED AUTHORIZATION IS SUPPORTED!"); -// log.info("======ONLY TOKEN BASED AUTHORIZATION IS SUPPORTED======================"); -// return; -// } -// try { -// authorizationHeader = this.authorizationService.processAuthorization(authorizationHeader, issuer, -// resourceInfo, context.getMethod(), request.getRequestURI()); -// -// if (authorizationHeader != null && authorizationHeader.trim().length() > 0) { -// context.getHeaders().remove(HttpHeaders.AUTHORIZATION); -// context.getHeaders().add(HttpHeaders.AUTHORIZATION, authorizationHeader); -// } -// log.info("======AUTHORIZATION GRANTED==========================================="); -// } catch (Exception ex) { -// log.error("======AUTHORIZATION FAILED ===========================================", ex); -// abortWithUnauthorized(context, ex.getMessage()); -// } - - } - - private boolean isTokenBasedAuthentication(String authorizationHeader) { - return authorizationHeader != null - && authorizationHeader.toLowerCase().startsWith(AUTHENTICATION_SCHEME.toLowerCase() + " "); - } - - private void abortWithUnauthorized(ContainerRequestContext requestContext, String errMsg) { - requestContext.abortWith(Response.status(Response.Status.UNAUTHORIZED).entity(errMsg) - .header(HttpHeaders.WWW_AUTHENTICATE, AUTHENTICATION_SCHEME).build()); - } - -} diff --git a/jans-client-api/server/src/main/java/io/jans/ca/server/op/TemplateOperation.java b/jans-client-api/server/src/main/java/io/jans/ca/server/op/TemplateOperation.java index ee9a443f372..598fd9d2179 100644 --- a/jans-client-api/server/src/main/java/io/jans/ca/server/op/TemplateOperation.java +++ b/jans-client-api/server/src/main/java/io/jans/ca/server/op/TemplateOperation.java @@ -78,7 +78,7 @@ public Response process(String paramsAsString, String authorization, String auth LOG.info("CommandType: {}", getCommandType()); validateIpAddressAllowed(httpRequest.getRemoteAddr()); - Object forJsonConversion = getObjectForJsonConversion(paramsAsString, getParameterClass(), authorization, authorizationRpId, httpRequest); + Object forJsonConversion = getObjectForJsonConversion(paramsAsString, getParameterClass(), httpRequest); String response = null; if (getCommandType().getReturnType().equalsIgnoreCase(MediaType.APPLICATION_JSON)) { @@ -121,26 +121,15 @@ private Object getObjectForJsonConversion(String paramsAsStr LOG.trace("Command: {}", paramsAsString); T params = read(safeToJson(paramsAsString), paramsClass); Command command = new Command(getCommandType(), params); - final IOpResponse response = internProcess(command, httpRequest); - Object forJsonConversion = response; - if (response instanceof POJOResponse) { - forJsonConversion = ((POJOResponse) response).getNode(); - } - return forJsonConversion; - } - - private Object getObjectForJsonConversion(String paramsAsString, Class paramsClass, String authorization, String authorizationRpId, HttpServletRequest httpRequest) { - LOG.trace("Command: {}", paramsAsString); - T params = read(safeToJson(paramsAsString), paramsClass); - - final ApiAppConfiguration conf = jansConfigurationService.find(); if (getCommandType().isAuthorizationRequired()) { + final ApiAppConfiguration conf = jansConfigurationService.find(); + String authorization = httpRequest.getHeader("Authorization"); + String authorizationRpId = httpRequest.getHeader("AuthorizationRpId"); validateAuthorizationRpId(conf, authorizationRpId); validateAccessToken(authorization, safeToRpId((HasRpIdParams) params, authorizationRpId)); } - Command command = new Command(getCommandType(), params); final IOpResponse response = internProcess(command, httpRequest); Object forJsonConversion = response; if (response instanceof POJOResponse) { @@ -149,7 +138,6 @@ private Object getObjectForJsonConversion(String paramsAsStr return forJsonConversion; } - private IOpResponse internProcess(Command command, HttpServletRequest httpRequest) { try { IParams iParams = Convertor.asParams(getParameterClass(), command); diff --git a/jans-client-api/server/src/main/java/io/jans/ca/server/rest/OAuth20Resource.java b/jans-client-api/server/src/main/java/io/jans/ca/server/rest/OAuth20Resource.java index 7e39a197770..b12512d8f37 100644 --- a/jans-client-api/server/src/main/java/io/jans/ca/server/rest/OAuth20Resource.java +++ b/jans-client-api/server/src/main/java/io/jans/ca/server/rest/OAuth20Resource.java @@ -28,8 +28,6 @@ public class OAuth20Resource extends BaseResource { @Inject GetJwksOperation getJwksOp; @Inject - GetLogoutUrlOperation getLogoutUrlOp; - @Inject GetIssuerOperation getIssuerOp; @Inject CheckIdTokenOperation getCheckIdTokenOp; @@ -47,18 +45,18 @@ public Response registerSite(String params) { @POST @Path("/update-site") @Produces(MediaType.APPLICATION_JSON) - public Response updateSite(@HeaderParam("Authorization") String authorization, @HeaderParam("AuthorizationRpId") String authorizationRpId, String params) { + public Response updateSite(String params) { logger.info("Api Resource: /update-site Params: {}", params); - return updateSiteOp.process(params, authorization, authorizationRpId, getHttpRequest()); + return updateSiteOp.process(params, getHttpRequest()); } @POST @Path("/remove-site") @Produces(MediaType.APPLICATION_JSON) @Consumes(MediaType.APPLICATION_JSON) - public Response removeSite(@HeaderParam("Authorization") String authorization, @HeaderParam("AuthorizationRpId") String authorizationRpId, String params) { + public Response removeSite(String params) { logger.info("Api Resource: /remove-site Params: {}", params); - return removeSiteOp.process(params, authorization, authorizationRpId, getHttpRequest()); + return removeSiteOp.process(params, getHttpRequest()); } @POST @@ -73,36 +71,36 @@ public Response getClientToken(String params) { @Path("/get-access-token-by-refresh-token") @Produces(MediaType.APPLICATION_JSON) @Consumes(MediaType.APPLICATION_JSON) - public Response getAccessTokenByRefreshToken(@HeaderParam("Authorization") String authorization, @HeaderParam("AuthorizationRpId") String authorizationRpId, String params) { + public Response getAccessTokenByRefreshToken(String params) { logger.info("Api Resource: /get-access-token-by-refresh-token Params: {}", params); - return getAccessTokenByRefreshTokenOp.process(params, authorization, authorizationRpId, getHttpRequest()); + return getAccessTokenByRefreshTokenOp.process(params, getHttpRequest()); } @POST @Path("/introspect-access-token") @Produces(MediaType.APPLICATION_JSON) @Consumes(MediaType.APPLICATION_JSON) - public Response introspectAccessToken(@HeaderParam("Authorization") String authorization, @HeaderParam("AuthorizationRpId") String authorizationRpId, String params) { + public Response introspectAccessToken(String params) { logger.info("Api Resource: /introspect-access-token Params: {}", params); - return introspectAccessTokenOp.process(params, authorization, authorizationRpId, getHttpRequest()); + return introspectAccessTokenOp.process(params, getHttpRequest()); } @POST @Path("/get-user-info") @Produces(MediaType.APPLICATION_JSON) @Consumes(MediaType.APPLICATION_JSON) - public Response getUserInfo(@HeaderParam("Authorization") String authorization, @HeaderParam("AuthorizationRpId") String authorizationRpId, String params) { + public Response getUserInfo(String params) { logger.info("Api Resource: /get-user-info Params: {}", params); - return getUserInfoOp.process(params, authorization, authorizationRpId, getHttpRequest()); + return getUserInfoOp.process(params, getHttpRequest()); } @POST @Path("/get-jwks") @Produces(MediaType.APPLICATION_JSON) @Consumes(MediaType.APPLICATION_JSON) - public Response getJwks(@HeaderParam("Authorization") String authorization, @HeaderParam("AuthorizationRpId") String authorizationRpId, String params) { + public Response getJwks(String params) { logger.info("Api Resource: /get-jwks Params: {}", params); - return getJwksOp.process(params, authorization, authorizationRpId, getHttpRequest()); + return getJwksOp.process(params, getHttpRequest()); } @POST @@ -117,18 +115,18 @@ public Response getDiscovery(String params) { @Path("/check-access-token") @Produces(MediaType.APPLICATION_JSON) @Consumes(MediaType.APPLICATION_JSON) - public Response checkAccessToken(@HeaderParam("Authorization") String authorization, @HeaderParam("AuthorizationRpId") String authorizationRpId, String params) { + public Response checkAccessToken(String params) { logger.info("Api Resource: /check-access-token Params: {}", params); - return getCheckAccessTokenOp.process(params, authorization, authorizationRpId, getHttpRequest()); + return getCheckAccessTokenOp.process(params, getHttpRequest()); } @POST @Path("/check-id-token") @Produces(MediaType.APPLICATION_JSON) @Consumes(MediaType.APPLICATION_JSON) - public Response checkIdToken(@HeaderParam("Authorization") String authorization, @HeaderParam("AuthorizationRpId") String authorizationRpId, String params) { + public Response checkIdToken(String params) { logger.info("Api Resource: /check-id-token Params: {}", params); - return getCheckIdTokenOp.process(params, authorization, authorizationRpId, getHttpRequest()); + return getCheckIdTokenOp.process(params, getHttpRequest()); } @POST diff --git a/jans-client-api/server/src/main/java/io/jans/ca/server/rest/OpenIdConnectResource.java b/jans-client-api/server/src/main/java/io/jans/ca/server/rest/OpenIdConnectResource.java index 64a42e4f3f5..f4658d0f362 100644 --- a/jans-client-api/server/src/main/java/io/jans/ca/server/rest/OpenIdConnectResource.java +++ b/jans-client-api/server/src/main/java/io/jans/ca/server/rest/OpenIdConnectResource.java @@ -30,35 +30,35 @@ public class OpenIdConnectResource extends BaseResource { @Path("/get-authorization-url") @Produces(MediaType.APPLICATION_JSON) @Consumes(MediaType.APPLICATION_JSON) - public Response getAuthorizationUrl(@HeaderParam("Authorization") String authorization, @HeaderParam("AuthorizationRpId") String authorizationRpId, String params) { + public Response getAuthorizationUrl(String params) { logger.info("Api Resource: /get-authorization-url Params: {}", params); - return getAuthorizationUrlOp.process(params, authorization, authorizationRpId, getHttpRequest()); + return getAuthorizationUrlOp.process(params, getHttpRequest()); } @POST @Path("/get-authorization-code") @Produces(MediaType.APPLICATION_JSON) @Consumes(MediaType.APPLICATION_JSON) - public Response getAuthorizationCode(@HeaderParam("Authorization") String authorization, @HeaderParam("AuthorizationRpId") String authorizationRpId, String params) { + public Response getAuthorizationCode(String params) { logger.info("Api Resource: /get-authorization-code Params: {}", params); - return getAuthorizationCodeOp.process(params, authorization, authorizationRpId, getHttpRequest()); + return getAuthorizationCodeOp.process(params, getHttpRequest()); } @POST @Path("/get-tokens-by-code") @Produces(MediaType.APPLICATION_JSON) @Consumes(MediaType.APPLICATION_JSON) - public Response getTokenByCode(@HeaderParam("Authorization") String authorization, @HeaderParam("AuthorizationRpId") String authorizationRpId, String params) { + public Response getTokenByCode(String params) { logger.info("Api Resource: /get-tokens-by-code Params: {}", params); - return getTokensByCodeOp.process(params, authorization, authorizationRpId, getHttpRequest()); + return getTokensByCodeOp.process(params, getHttpRequest()); } @POST @Path("/get-logout-uri") @Produces(MediaType.APPLICATION_JSON) @Consumes(MediaType.APPLICATION_JSON) - public Response getLogoutUri(@HeaderParam("Authorization") String authorization, @HeaderParam("AuthorizationRpId") String authorizationRpId, String params) { + public Response getLogoutUri(String params) { logger.info("Api Resource: /get-logout-uri Params: {}", params); - return getLogoutUrlOp.process(params, authorization, authorizationRpId, getHttpRequest()); + return getLogoutUrlOp.process(params, getHttpRequest()); } } diff --git a/jans-client-api/server/src/main/java/io/jans/ca/server/rest/RpResource.java b/jans-client-api/server/src/main/java/io/jans/ca/server/rest/RpResource.java index a5f6e3f2744..5d83e541d65 100644 --- a/jans-client-api/server/src/main/java/io/jans/ca/server/rest/RpResource.java +++ b/jans-client-api/server/src/main/java/io/jans/ca/server/rest/RpResource.java @@ -32,18 +32,18 @@ public Response getRpJwks() { @POST @Path("/get-rp") @Produces(MediaType.APPLICATION_JSON) - public Response getRp(@HeaderParam("Authorization") String authorization, @HeaderParam("AuthorizationRpId") String authorizationRpId, String params) { + public Response getRp(String params) { logger.info("Api Resource: get-rp"); - return getRpOp.process(params, authorization, authorizationRpId, getHttpRequest()); + return getRpOp.process(params, getHttpRequest()); } @POST @Path("/authorization-code-flow") @Produces(MediaType.APPLICATION_JSON) @Consumes(MediaType.APPLICATION_JSON) - public Response authorizationCodeFlow(@HeaderParam("Authorization") String authorization, @HeaderParam("AuthorizationRpId") String authorizationRpId, String params) { + public Response authorizationCodeFlow(String params) { logger.info("Api Resource: authorization-code-flow"); - return authorizationCodeFlowOp.process(params, authorization, authorizationRpId, getHttpRequest()); + return authorizationCodeFlowOp.process(params, getHttpRequest()); } @GET @@ -58,8 +58,8 @@ public Response getRequestObject(@PathParam("request_object_id") String value) { @Path("/get-request-object-uri") @Produces(MediaType.APPLICATION_JSON) @Consumes(MediaType.APPLICATION_JSON) - public Response getRequestObjectUri(@HeaderParam("Authorization") String authorization, @HeaderParam("AuthorizationRpId") String authorizationRpId, String params) { + public Response getRequestObjectUri(String params) { logger.info("Api Resource: get-request-object-uri"); - return getRequestObjectUriOp.process(params, authorization, authorizationRpId, getHttpRequest()); + return getRequestObjectUriOp.process(params, getHttpRequest()); } } diff --git a/jans-client-api/server/src/main/java/io/jans/ca/server/rest/UMA2RelyingPartyResource.java b/jans-client-api/server/src/main/java/io/jans/ca/server/rest/UMA2RelyingPartyResource.java index cd67aaa569c..7b47ea36b2f 100644 --- a/jans-client-api/server/src/main/java/io/jans/ca/server/rest/UMA2RelyingPartyResource.java +++ b/jans-client-api/server/src/main/java/io/jans/ca/server/rest/UMA2RelyingPartyResource.java @@ -3,7 +3,10 @@ import io.jans.ca.server.op.RpGetGetClaimsGatheringUrlOperation; import io.jans.ca.server.op.RpGetRptOperation; import jakarta.inject.Inject; -import jakarta.ws.rs.*; +import jakarta.ws.rs.Consumes; +import jakarta.ws.rs.POST; +import jakarta.ws.rs.Path; +import jakarta.ws.rs.Produces; import jakarta.ws.rs.core.MediaType; import jakarta.ws.rs.core.Response; @@ -19,18 +22,18 @@ public class UMA2RelyingPartyResource extends BaseResource { @Path("/uma-rp-get-rpt") @Produces(MediaType.APPLICATION_JSON) @Consumes(MediaType.APPLICATION_JSON) - public Response umaRpGetRpt(@HeaderParam("Authorization") String authorization, @HeaderParam("AuthorizationRpId") String authorizationRpId, String params) { + public Response umaRpGetRpt(String params) { logger.info("Api Resource: /uma-rp-get-rpt Params: {}", params); - return rpGetRptOp.process(params, authorization, authorizationRpId, getHttpRequest()); + return rpGetRptOp.process(params, getHttpRequest()); } @POST @Path("/uma-rp-get-claims-gathering-url") @Produces(MediaType.APPLICATION_JSON) @Consumes(MediaType.APPLICATION_JSON) - public Response umaRpGetClaimsGatheringUrl(@HeaderParam("Authorization") String authorization, @HeaderParam("AuthorizationRpId") String authorizationRpId, String params) { + public Response umaRpGetClaimsGatheringUrl(String params) { logger.info("Api Resource: /uma-rp-get-claims-gathering-url Params: {}", params); - return rpGetGetClaimsGatheringUrlOp.process(params, authorization, authorizationRpId, getHttpRequest()); + return rpGetGetClaimsGatheringUrlOp.process(params, getHttpRequest()); } } diff --git a/jans-client-api/server/src/main/java/io/jans/ca/server/rest/UMA2ResourceServerResource.java b/jans-client-api/server/src/main/java/io/jans/ca/server/rest/UMA2ResourceServerResource.java index 0a38509f86e..286445e42ce 100644 --- a/jans-client-api/server/src/main/java/io/jans/ca/server/rest/UMA2ResourceServerResource.java +++ b/jans-client-api/server/src/main/java/io/jans/ca/server/rest/UMA2ResourceServerResource.java @@ -5,7 +5,10 @@ import io.jans.ca.server.op.RsModifyOperation; import io.jans.ca.server.op.RsProtectOperation; import jakarta.inject.Inject; -import jakarta.ws.rs.*; +import jakarta.ws.rs.Consumes; +import jakarta.ws.rs.POST; +import jakarta.ws.rs.Path; +import jakarta.ws.rs.Produces; import jakarta.ws.rs.core.MediaType; import jakarta.ws.rs.core.Response; @@ -25,35 +28,35 @@ public class UMA2ResourceServerResource extends BaseResource { @Path("/uma-rs-protect") @Produces(MediaType.APPLICATION_JSON) @Consumes(MediaType.APPLICATION_JSON) - public Response umaRsProtect(@HeaderParam("Authorization") String authorization, @HeaderParam("AuthorizationRpId") String authorizationRpId, String params) { + public Response umaRsProtect(String params) { logger.info("Api Resource: /uma-rs-protect Params: {}", params); - return rsProtectOp.process(params, authorization, authorizationRpId, getHttpRequest()); + return rsProtectOp.process(params, getHttpRequest()); } @POST @Path("/uma-rs-check-access") @Produces(MediaType.APPLICATION_JSON) @Consumes(MediaType.APPLICATION_JSON) - public Response umaRsCheckAccess(@HeaderParam("Authorization") String authorization, @HeaderParam("AuthorizationRpId") String authorizationRpId, String params) { + public Response umaRsCheckAccess(String params) { logger.info("Api Resource: /uma-rs-check-access Params: {}", params); - return rsCheckAccessOp.process(params, authorization, authorizationRpId, getHttpRequest()); + return rsCheckAccessOp.process(params, getHttpRequest()); } @POST @Path("/introspect-rpt") @Produces(MediaType.APPLICATION_JSON) @Consumes(MediaType.APPLICATION_JSON) - public Response introspectRpt(@HeaderParam("Authorization") String authorization, @HeaderParam("AuthorizationRpId") String authorizationRpId, String params) { + public Response introspectRpt(String params) { logger.info("Api Resource: /introspect-rpt Params: {}", params); - return introspectRptOp.process(params, authorization, authorizationRpId, getHttpRequest()); + return introspectRptOp.process(params, getHttpRequest()); } @POST @Path("/uma-rs-modify") @Produces(MediaType.APPLICATION_JSON) @Consumes(MediaType.APPLICATION_JSON) - public Response umaRsModify(@HeaderParam("Authorization") String authorization, @HeaderParam("AuthorizationRpId") String authorizationRpId, String params) { + public Response umaRsModify(String params) { logger.info("Api Resource: /uma-rs-modify Params: {}", params); - return rsModifyOp.process(params, authorization, authorizationRpId, getHttpRequest()); + return rsModifyOp.process(params, getHttpRequest()); } } From 21550432ecfb89ad4b45f3d6fda6b534353bc588 Mon Sep 17 00:00:00 2001 From: jmunozherbas Date: Thu, 30 Jun 2022 01:57:40 -0400 Subject: [PATCH 04/10] feat(jans-client-api):remove BaseOperation --- .../io/jans/ca/server/op/BaseOperation.java | 130 ------------------ .../java/io/jans/ca/server/op/IOperation.java | 26 ---- 2 files changed, 156 deletions(-) delete mode 100644 jans-client-api/server/src/main/java/io/jans/ca/server/op/BaseOperation.java delete mode 100644 jans-client-api/server/src/main/java/io/jans/ca/server/op/IOperation.java diff --git a/jans-client-api/server/src/main/java/io/jans/ca/server/op/BaseOperation.java b/jans-client-api/server/src/main/java/io/jans/ca/server/op/BaseOperation.java deleted file mode 100644 index 49ad78d4f2f..00000000000 --- a/jans-client-api/server/src/main/java/io/jans/ca/server/op/BaseOperation.java +++ /dev/null @@ -1,130 +0,0 @@ -/* - All rights reserved -- Copyright 2015 Gluu Inc. - */ -package io.jans.ca.server.op; - -import io.jans.as.model.crypto.AuthCryptoProvider; -import io.jans.ca.common.Command; -import io.jans.ca.common.ErrorResponseCode; -import io.jans.ca.common.params.HasRpIdParams; -import io.jans.ca.common.params.IParams; -import io.jans.ca.server.HttpException; -import io.jans.ca.server.configuration.ApiAppConfiguration; -import io.jans.ca.server.configuration.model.Rp; -import io.jans.ca.server.persistence.service.MainPersistenceService; -import io.jans.ca.server.service.*; -import io.jans.ca.server.utils.Convertor; - -/** - * Base abstract class for all operations. - * - * @author Yuriy Zabrovarnyy - * @version 0.9, 09/08/2013 - */ - -public abstract class BaseOperation implements IOperation { - - private final Command command; - private final Class parameterClass; - private final T params; - - private ServiceProvider serviceProvider; - - protected BaseOperation(Command command, ServiceProvider serviceProvider, Class parameterClass) { - this.command = command; - this.parameterClass = parameterClass; - this.params = Convertor.asParams(parameterClass, command); - this.serviceProvider = serviceProvider; - } - - @Override - public Class getParameterClass() { - return parameterClass; - } - - public T getParams() { - return params; - } - - public Rp getRp() { - if (params instanceof HasRpIdParams) { - serviceProvider.getValidationService().validate((HasRpIdParams) params); - HasRpIdParams hasRpId = (HasRpIdParams) params; - return serviceProvider.getRpSyncService().getRp(hasRpId.getRpId()); - } - throw new HttpException(ErrorResponseCode.BAD_REQUEST_NO_RP_ID); - } - - /** - * Returns command - * - * @return command - */ - public Command getCommand() { - return command; - } - - public ValidationService getValidationService() { - return serviceProvider.getValidationService(); - } - - - public HttpService getHttpService() { - return serviceProvider.getHttpService(); - } - - - public RpSyncService getRpSyncService() { - return serviceProvider.getRpSyncService(); - } - - - public DiscoveryService getDiscoveryService() { - return serviceProvider.getDiscoveryService(); - } - - - public RpService getRpService() { - return serviceProvider.getRpService(); - } - - - public IntrospectionService getIntrospectionService() { - return serviceProvider.getIntrospectionService(); - } - - - public MainPersistenceService getJansConfigurationService() { - return serviceProvider.getJansConfigurationService(); - } - - - public StateService getStateService() { - return serviceProvider.getStateService(); - } - - - public UmaTokenService getUmaTokenService() { - return serviceProvider.getUmaTokenService(); - } - - - public KeyGeneratorService getKeyGeneratorService() { - return serviceProvider.getKeyGeneratorService(); - } - - - public PublicOpKeyService getPublicOpKeyService() { - return serviceProvider.getPublicOpKeyService(); - } - - - public RequestObjectService getRequestObjectService() { - return serviceProvider.getRequestObjectService(); - } - - public OpClientFactory getOpClientFactory() { - return serviceProvider.getOpClientFactory(); - } - -} diff --git a/jans-client-api/server/src/main/java/io/jans/ca/server/op/IOperation.java b/jans-client-api/server/src/main/java/io/jans/ca/server/op/IOperation.java deleted file mode 100644 index f390a37d116..00000000000 --- a/jans-client-api/server/src/main/java/io/jans/ca/server/op/IOperation.java +++ /dev/null @@ -1,26 +0,0 @@ -/* - * All rights reserved -- Copyright 2015 Gluu Inc. - */ -package io.jans.ca.server.op; - -import io.jans.ca.common.params.IParams; -import io.jans.ca.common.response.IOpResponse; - -/** - * Base interface for client-api operations. Operation parameter must be specified via contructor. - * - * @author Yuriy Zabrovarnyy - * @version 0.9, 09/08/2013 - */ - -public interface IOperation { - - /** - * Executes operations and produces response. - * - * @return command response - */ - IOpResponse execute(T params) throws Exception; - - Class getParameterClass(); -} From 6e567877d7b2a14beb7b2384fc8e43b111150397 Mon Sep 17 00:00:00 2001 From: jmunozherbas Date: Wed, 6 Jul 2022 22:41:55 -0400 Subject: [PATCH 05/10] feat(jans-client-api):Add Filter Authorization --- .../server/configuration/AppInitializer.java | 46 ++++-- .../ca/server/filter/AuthorizationFilter.java | 82 ++++++++++ .../op/AuthorizationCodeFlowOperation.java | 5 +- ...plateOperation.java => BaseOperation.java} | 87 +---------- .../server/op/CheckAccessTokenOperation.java | 4 +- .../ca/server/op/CheckIdTokenOperation.java | 4 +- ...GetAccessTokenByRefreshTokenOperation.java | 4 +- .../op/GetAuthorizationCodeOperation.java | 5 +- .../op/GetAuthorizationUrlOperation.java | 5 +- .../ca/server/op/GetClientTokenOperation.java | 4 +- .../ca/server/op/GetDiscoveryOperation.java | 7 +- .../jans/ca/server/op/GetIssuerOperation.java | 4 +- .../jans/ca/server/op/GetJwksOperation.java | 2 +- .../ca/server/op/GetLogoutUrlOperation.java | 5 +- .../server/op/GetRequestObjectOperation.java | 4 +- .../op/GetRequestObjectUriOperation.java | 2 +- .../jans/ca/server/op/GetRpJwksOperation.java | 4 +- .../io/jans/ca/server/op/GetRpOperation.java | 5 +- .../server/op/GetTokensByCodeOperation.java | 3 +- .../ca/server/op/GetUserInfoOperation.java | 5 +- ...TemplateOperation.java => IOperation.java} | 2 +- .../ca/server/op/ImplicitFlowOperation.java | 2 +- .../op/IntrospectAccessTokenOperation.java | 4 +- .../ca/server/op/IntrospectRptOperation.java | 2 +- .../ca/server/op/RegisterSiteOperation.java | 5 +- .../ca/server/op/RemoveSiteOperation.java | 2 +- .../RpGetGetClaimsGatheringUrlOperation.java | 2 +- .../jans/ca/server/op/RpGetRptOperation.java | 4 +- .../ca/server/op/RsCheckAccessOperation.java | 2 +- .../jans/ca/server/op/RsModifyOperation.java | 2 +- .../jans/ca/server/op/RsProtectOperation.java | 3 +- .../ca/server/op/UpdateSiteOperation.java | 4 +- .../jans/ca/server/op/ValidateOperation.java | 4 +- .../jans/ca/server/rest/OAuth20Resource.java | 7 + .../ca/server/rest/OpenIdConnectResource.java | 5 + .../io/jans/ca/server/rest/RpResource.java | 3 + .../server/rest/UMA2RelyingPartyResource.java | 3 + .../rest/UMA2ResourceServerResource.java | 5 + .../service/AuthorizationRpIdParam.java | 13 ++ .../service/AuthorizationService.java | 34 ++++ .../ClientApiAuthorizationService.java | 147 ++++++++++++++++++ .../services/jakarta.ws.rs.ext.Providers | 3 +- 42 files changed, 373 insertions(+), 172 deletions(-) create mode 100644 jans-client-api/server/src/main/java/io/jans/ca/server/filter/AuthorizationFilter.java rename jans-client-api/server/src/main/java/io/jans/ca/server/op/{TemplateOperation.java => BaseOperation.java} (63%) rename jans-client-api/server/src/main/java/io/jans/ca/server/op/{ITemplateOperation.java => IOperation.java} (90%) create mode 100644 jans-client-api/server/src/main/java/io/jans/ca/server/security/service/AuthorizationRpIdParam.java create mode 100644 jans-client-api/server/src/main/java/io/jans/ca/server/security/service/AuthorizationService.java create mode 100644 jans-client-api/server/src/main/java/io/jans/ca/server/security/service/ClientApiAuthorizationService.java diff --git a/jans-client-api/server/src/main/java/io/jans/ca/server/configuration/AppInitializer.java b/jans-client-api/server/src/main/java/io/jans/ca/server/configuration/AppInitializer.java index 19c52f7e96e..456e51df03b 100644 --- a/jans-client-api/server/src/main/java/io/jans/ca/server/configuration/AppInitializer.java +++ b/jans-client-api/server/src/main/java/io/jans/ca/server/configuration/AppInitializer.java @@ -9,8 +9,11 @@ import io.jans.as.common.service.common.ApplicationFactory; import io.jans.as.model.util.SecurityProviderUtility; import io.jans.ca.server.persistence.service.PersistenceServiceImpl; +import io.jans.ca.server.security.service.AuthorizationService; +import io.jans.ca.server.security.service.ClientApiAuthorizationService; import io.jans.ca.server.service.RpService; import io.jans.ca.server.service.logger.LoggerServiceImpl; +import io.jans.exception.ConfigurationException; import io.jans.orm.PersistenceEntryManager; import io.jans.orm.PersistenceEntryManagerFactory; import io.jans.orm.model.PersistenceConfiguration; @@ -20,6 +23,7 @@ import io.jans.service.cdi.event.LdapConfigurationReload; import io.jans.service.cdi.util.CdiUtil; import io.jans.service.timer.QuartzSchedulerManager; +import io.jans.util.StringHelper; import io.jans.util.security.PropertiesDecrypter; import io.jans.util.security.StringEncrypter; import jakarta.enterprise.context.ApplicationScoped; @@ -32,6 +36,10 @@ import jakarta.inject.Inject; import jakarta.inject.Named; import jakarta.servlet.ServletContext; +import org.jboss.resteasy.plugins.providers.RegisterBuiltin; +import org.jboss.resteasy.plugins.providers.jackson.ResteasyJackson2Provider; +import org.jboss.resteasy.plugins.server.servlet.ResteasyContextParameters; +import org.jboss.resteasy.spi.ResteasyProviderFactory; import org.slf4j.Logger; import java.util.Properties; @@ -49,6 +57,8 @@ public class AppInitializer { @Named(ApplicationFactory.PERSISTENCE_ENTRY_MANAGER_NAME) Instance persistenceEntryManagerInstance; @Inject + private Instance authorizationServiceInstance; + @Inject BeanManager beanManager; @Inject @@ -84,11 +94,18 @@ public void onStart(@Observes @Initialized(ApplicationScoped.class) Object init) logger.info("============= STARTING CLIENT API APPLICATION ========================"); logger.info("init:{}", init); - SecurityProviderUtility.installBCProvider(); + // Resteasy config - Turn off the default patch filter + System.setProperty(ResteasyContextParameters.RESTEASY_PATCH_FILTER_DISABLED, "true"); + ResteasyProviderFactory instance = ResteasyProviderFactory.getInstance(); + RegisterBuiltin.register(instance); + instance.registerProvider(ResteasyJackson2Provider.class); + +// SecurityProviderUtility.installBCProvider(); // configuration configurationFactory.create(); persistenceEntryManagerInstance.get(); + this.createAuthorizationService(); // Initialize python interpreter pythonService.initPythonInterpreter(configurationFactory.getBaseConfiguration().getString("pythonModulesDir", null)); @@ -157,22 +174,33 @@ public PersistenceEntryManager createPersistenceEntryManager() throws Interrupte } + @Produces + @ApplicationScoped + @Named("authorizationService") + private AuthorizationService createAuthorizationService() { + logger.info("============= AppInitializer::createAuthorizationService() ================ "); + try { + return authorizationServiceInstance.select(ClientApiAuthorizationService.class).get(); + } catch (Exception ex) { + if (logger.isErrorEnabled()) { + logger.error("Failed to create AuthorizationService instance - exception:{} ", ex); + } + throw new ConfigurationException("Failed to create AuthorizationService instance , ", ex); + } + } + public void recreatePersistanceEntryManager(@Observes @LdapConfigurationReload String event) { closePersistenceEntryManager(); PersistenceEntryManager ldapEntryManager = persistenceEntryManagerInstance.get(); persistenceEntryManagerInstance.destroy(ldapEntryManager); - logger.debug("Recreated instance {} with operation service: {} - event:{}", ldapEntryManager, - ldapEntryManager.getOperationService(), event); + logger.debug("Recreated instance {} with operation service: {} - event:{}", ldapEntryManager, ldapEntryManager.getOperationService(), event); } private void closePersistenceEntryManager() { - PersistenceEntryManager oldInstance = CdiUtil.getContextBean(beanManager, PersistenceEntryManager.class, - ApplicationFactory.PERSISTENCE_ENTRY_MANAGER_NAME); - if (oldInstance == null || oldInstance.getOperationService() == null) - return; + PersistenceEntryManager oldInstance = CdiUtil.getContextBean(beanManager, PersistenceEntryManager.class, ApplicationFactory.PERSISTENCE_ENTRY_MANAGER_NAME); + if (oldInstance == null || oldInstance.getOperationService() == null) return; - logger.debug("Attempting to destroy {} with operation service: {}", oldInstance, - oldInstance.getOperationService()); + logger.debug("Attempting to destroy {} with operation service: {}", oldInstance, oldInstance.getOperationService()); oldInstance.destroy(); logger.debug("Destroyed {} with operation service: {}", oldInstance, oldInstance.getOperationService()); } diff --git a/jans-client-api/server/src/main/java/io/jans/ca/server/filter/AuthorizationFilter.java b/jans-client-api/server/src/main/java/io/jans/ca/server/filter/AuthorizationFilter.java new file mode 100644 index 00000000000..16978e82a47 --- /dev/null +++ b/jans-client-api/server/src/main/java/io/jans/ca/server/filter/AuthorizationFilter.java @@ -0,0 +1,82 @@ +/* + * Janssen Project software is available under the MIT License (2008). See http://opensource.org/licenses/MIT for full text. + * + * Copyright (c) 2020, Janssen Project + */ + +package io.jans.ca.server.filter; + +import io.jans.ca.server.security.service.AuthorizationService; +import io.jans.configapi.core.rest.ProtectedApi; +import jakarta.annotation.Priority; +import jakarta.inject.Inject; +import jakarta.servlet.http.HttpServletRequest; +import jakarta.ws.rs.Priorities; +import jakarta.ws.rs.container.ContainerRequestContext; +import jakarta.ws.rs.container.ContainerRequestFilter; +import jakarta.ws.rs.container.ResourceInfo; +import jakarta.ws.rs.core.Context; +import jakarta.ws.rs.core.HttpHeaders; +import jakarta.ws.rs.core.Response; +import jakarta.ws.rs.core.UriInfo; +import jakarta.ws.rs.ext.Provider; +import org.apache.commons.io.IOUtils; +import org.slf4j.Logger; +import org.slf4j.LoggerFactory; + +import java.io.IOException; + +@Provider +@ProtectedApi +@Priority(Priorities.AUTHENTICATION) +public class AuthorizationFilter implements ContainerRequestFilter { + + private static final String AUTHENTICATION_SCHEME = "Bearer"; + private static final String AUTHORIZATION_RP_ID = "AuthorizationRpId"; + + private static final Logger log = LoggerFactory.getLogger(AuthorizationFilter.class); + + @Context + UriInfo info; + + @Context + HttpServletRequest request; + + @Context + private HttpHeaders httpHeaders; + + @Inject + AuthorizationService authorizationService; + + @SuppressWarnings({"all"}) + public void filter(ContainerRequestContext context) { + log.info("======================================================================="); + log.info("====== context = " + context + " , info.getAbsolutePath() = " + info.getAbsolutePath() + + " , info.getRequestUri() = " + info.getRequestUri() + "\n\n"); + log.info("====== info.getBaseUri()=" + info.getBaseUri() + " info.getPath()=" + info.getPath() + + " info.toString()=" + info.toString()); + log.info("====== request.getContextPath()=" + request.getContextPath() + " request.getRequestURI()=" + + request.getRequestURI() + " request.toString() " + request.toString()); + + log.info("======" + context.getMethod() + " " + info.getPath() + " FROM IP " + request.getRemoteAddr()); + log.info("======PERFORMING AUTHORIZATION========================================="); + String authorizationHeader = context.getHeaderString(HttpHeaders.AUTHORIZATION); + String authorizationRpIdHeader = context.getHeaderString(AUTHORIZATION_RP_ID); + + log.info("\n\n\n AuthorizationFilter::filter() - authorizationHeader = " + authorizationHeader + " , authorizationRpIdHeader = " + + authorizationRpIdHeader + " \n\n\n"); + try { + authorizationService.processAuthorization(info.getPath(), context.getMethod(), request.getRemoteAddr(), authorizationHeader, authorizationRpIdHeader); + log.info("======AUTHORIZATION GRANTED==========================================="); + } catch (Exception ex) { + log.error("======AUTHORIZATION FAILED ===========================================", ex); + abortWithUnauthorized(context, ex.getMessage()); + } + } + + private void abortWithUnauthorized(ContainerRequestContext requestContext, String errMsg) { + requestContext.abortWith(Response.status(Response.Status.UNAUTHORIZED).entity(errMsg) + .header(HttpHeaders.WWW_AUTHENTICATE, AUTHENTICATION_SCHEME).build()); + } + +} diff --git a/jans-client-api/server/src/main/java/io/jans/ca/server/op/AuthorizationCodeFlowOperation.java b/jans-client-api/server/src/main/java/io/jans/ca/server/op/AuthorizationCodeFlowOperation.java index d8c0ee970aa..8ce973e7277 100644 --- a/jans-client-api/server/src/main/java/io/jans/ca/server/op/AuthorizationCodeFlowOperation.java +++ b/jans-client-api/server/src/main/java/io/jans/ca/server/op/AuthorizationCodeFlowOperation.java @@ -10,14 +10,11 @@ import io.jans.as.model.common.Prompt; import io.jans.as.model.common.ResponseType; import io.jans.as.model.util.Util; -import io.jans.ca.common.Command; import io.jans.ca.common.CommandType; import io.jans.ca.common.params.AuthorizationCodeFlowParams; import io.jans.ca.common.response.AuthorizationCodeFlowResponse; import io.jans.ca.common.response.IOpResponse; import io.jans.ca.server.service.DiscoveryService; -import io.jans.ca.server.service.HttpService; -import io.jans.ca.server.service.ServiceProvider; import jakarta.inject.Inject; import jakarta.servlet.http.HttpServletRequest; import org.apache.commons.lang.StringUtils; @@ -34,7 +31,7 @@ * @version 0.9, 19/06/2015 */ -public class AuthorizationCodeFlowOperation extends TemplateOperation { +public class AuthorizationCodeFlowOperation extends BaseOperation { private static final Logger LOG = LoggerFactory.getLogger(AuthorizationCodeFlowOperation.class); @Inject diff --git a/jans-client-api/server/src/main/java/io/jans/ca/server/op/TemplateOperation.java b/jans-client-api/server/src/main/java/io/jans/ca/server/op/BaseOperation.java similarity index 63% rename from jans-client-api/server/src/main/java/io/jans/ca/server/op/TemplateOperation.java rename to jans-client-api/server/src/main/java/io/jans/ca/server/op/BaseOperation.java index 598fd9d2179..c92eb677d98 100644 --- a/jans-client-api/server/src/main/java/io/jans/ca/server/op/TemplateOperation.java +++ b/jans-client-api/server/src/main/java/io/jans/ca/server/op/BaseOperation.java @@ -6,7 +6,6 @@ import io.jans.as.model.crypto.AuthCryptoProvider; import io.jans.as.model.util.Util; import io.jans.ca.common.Command; -import io.jans.ca.common.CommandType; import io.jans.ca.common.ErrorResponseCode; import io.jans.ca.common.Jackson2; import io.jans.ca.common.params.HasRpIdParams; @@ -27,20 +26,18 @@ import jakarta.servlet.http.HttpServletRequest; import jakarta.ws.rs.ClientErrorException; import jakarta.ws.rs.WebApplicationException; -import jakarta.ws.rs.core.Context; import jakarta.ws.rs.core.MediaType; import jakarta.ws.rs.core.Response; import org.slf4j.Logger; import org.slf4j.LoggerFactory; import java.io.IOException; -import java.util.List; + @RequestScoped @Named -public abstract class TemplateOperation implements ITemplateOperation { +public abstract class BaseOperation implements IOperation { - private static final Logger LOG = LoggerFactory.getLogger(TemplateOperation.class); - private static final String LOCALHOST_IP_ADDRESS = "127.0.0.1"; + private static final Logger LOG = LoggerFactory.getLogger(BaseOperation.class); @Inject ValidationService validationService; @@ -57,27 +54,6 @@ public Response process(String paramsAsString, HttpServletRequest httpRequest) { LOG.info("Request parameters: {}", paramsAsString); LOG.info("CommandType: {}", getCommandType()); - validateIpAddressAllowed(httpRequest.getRemoteAddr()); - Object forJsonConversion = getObjectForJsonConversion(paramsAsString, getParameterClass(), httpRequest); - String response = null; - - if (getCommandType().getReturnType().equalsIgnoreCase(MediaType.APPLICATION_JSON)) { - response = Jackson2.asJsonSilently(forJsonConversion); - } else if (getCommandType().getReturnType().equalsIgnoreCase(MediaType.TEXT_PLAIN)) { - response = forJsonConversion.toString(); - } - - LOG.trace("Send back response: {}", response); - return Response.ok(response).build(); - } - - public Response process(String paramsAsString, String authorization, String authorizationRpId, HttpServletRequest httpRequest) { - String endPointUrl = httpRequest.getRequestURL().toString(); - LOG.info("Endpoint: {}", endPointUrl); - LOG.info("Request parameters: {}", paramsAsString); - LOG.info("CommandType: {}", getCommandType()); - - validateIpAddressAllowed(httpRequest.getRemoteAddr()); Object forJsonConversion = getObjectForJsonConversion(paramsAsString, getParameterClass(), httpRequest); String response = null; @@ -91,32 +67,6 @@ public Response process(String paramsAsString, String authorization, String auth return Response.ok(response).build(); } - private void validateIpAddressAllowed(String callerIpAddress) { - LOG.trace("Checking if caller ipAddress : {} is allowed to make request to jans_client_api.", callerIpAddress); - final ApiAppConfiguration conf = jansConfigurationService.find(); - List bindIpAddresses = conf.getBindIpAddresses(); - - //localhost as default bindAddress - if ((bindIpAddresses == null || bindIpAddresses.isEmpty()) && LOCALHOST_IP_ADDRESS.equalsIgnoreCase(callerIpAddress)) { - return; - } - //show error if ip_address of a remote caller is not set in `bind_ip_addresses` - if (bindIpAddresses == null || bindIpAddresses.isEmpty()) { - LOG.error("The caller is not allowed to make request to jans_client_api. To allow add ip_address of caller in `bind_ip_addresses` array of configuration."); - throw new HttpException(ErrorResponseCode.RP_ACCESS_DENIED); - } - //allow all ip_address - if (bindIpAddresses.contains("*")) { - return; - } - - if (bindIpAddresses.contains(callerIpAddress)) { - return; - } - LOG.error("The caller is not allowed to make request to jans_client_api. To allow add ip_address of caller in `bind_ip_addresses` array of configuration."); - throw new HttpException(ErrorResponseCode.RP_ACCESS_DENIED); - } - private Object getObjectForJsonConversion(String paramsAsString, Class paramsClass, HttpServletRequest httpRequest) { LOG.trace("Command: {}", paramsAsString); T params = read(safeToJson(paramsAsString), paramsClass); @@ -126,8 +76,7 @@ private Object getObjectForJsonConversion(String paramsAsStr final ApiAppConfiguration conf = jansConfigurationService.find(); String authorization = httpRequest.getHeader("Authorization"); String authorizationRpId = httpRequest.getHeader("AuthorizationRpId"); - validateAuthorizationRpId(conf, authorizationRpId); - validateAccessToken(authorization, safeToRpId((HasRpIdParams) params, authorizationRpId)); + validateAccessToken(authorization, safeToRpId((HasRpIdParams) params, authorizationRpId), conf); } final IOpResponse response = internProcess(command, httpRequest); @@ -185,35 +134,11 @@ private String safeToRpId(HasRpIdParams params, String authorizationRpId) { return Util.isNullOrEmpty(authorizationRpId) ? params.getRpId() : authorizationRpId; } - private void validateAuthorizationRpId(ApiAppConfiguration conf, String authorizationRpId) { - - if (Util.isNullOrEmpty(authorizationRpId)) { - return; - } - - final Rp rp = rpSyncService.getRp(authorizationRpId); - - if (rp == null || Util.isNullOrEmpty(rp.getRpId())) { - LOG.debug("`rp_id` in `AuthorizationRpId` header is not registered in jans_client_api."); - throw new HttpException(ErrorResponseCode.AUTHORIZATION_RP_ID_NOT_FOUND); - } - - if (conf.getProtectCommandsWithRpId() == null || conf.getProtectCommandsWithRpId().isEmpty()) { - return; - } - - if (!conf.getProtectCommandsWithRpId().contains(authorizationRpId)) { - LOG.debug("`rp_id` in `AuthorizationRpId` header is invalid. The `AuthorizationRpId` header should contain `rp_id` from `protect_commands_with_rp_id` field in client-api-server.yml."); - throw new HttpException(ErrorResponseCode.INVALID_AUTHORIZATION_RP_ID); - } - } - - private void validateAccessToken(String authorization, String authorizationRpId) { + private void validateAccessToken(String authorization, String authorizationRpId, ApiAppConfiguration conf) { final String prefix = "Bearer "; - final ApiAppConfiguration conf = jansConfigurationService.find(); if (conf.getProtectCommandsWithAccessToken() != null && !conf.getProtectCommandsWithAccessToken()) { - LOG.debug("Skip protection because protect_commands_with_access_token: false in configuration file."); + LOG.debug("Skip protection because protect_commands_with_access_token: false in configuration."); return; } diff --git a/jans-client-api/server/src/main/java/io/jans/ca/server/op/CheckAccessTokenOperation.java b/jans-client-api/server/src/main/java/io/jans/ca/server/op/CheckAccessTokenOperation.java index c94774d2445..6ad069ce05e 100644 --- a/jans-client-api/server/src/main/java/io/jans/ca/server/op/CheckAccessTokenOperation.java +++ b/jans-client-api/server/src/main/java/io/jans/ca/server/op/CheckAccessTokenOperation.java @@ -11,13 +11,11 @@ import io.jans.as.model.jwt.Jwt; import io.jans.as.model.jwt.JwtClaimName; import io.jans.as.model.jwt.JwtHeaderName; -import io.jans.ca.common.Command; import io.jans.ca.common.CommandType; import io.jans.ca.common.params.CheckAccessTokenParams; import io.jans.ca.common.response.CheckAccessTokenResponse; import io.jans.ca.common.response.IOpResponse; import io.jans.ca.server.service.DiscoveryService; -import io.jans.ca.server.service.ServiceProvider; import jakarta.inject.Inject; import jakarta.servlet.http.HttpServletRequest; import org.slf4j.Logger; @@ -30,7 +28,7 @@ * @version 0.9, 23/10/2013 */ -public class CheckAccessTokenOperation extends TemplateOperation { +public class CheckAccessTokenOperation extends BaseOperation { private static final Logger LOG = LoggerFactory.getLogger(CheckAccessTokenOperation.class); diff --git a/jans-client-api/server/src/main/java/io/jans/ca/server/op/CheckIdTokenOperation.java b/jans-client-api/server/src/main/java/io/jans/ca/server/op/CheckIdTokenOperation.java index cfb20a0b974..1d661f0e70d 100644 --- a/jans-client-api/server/src/main/java/io/jans/ca/server/op/CheckIdTokenOperation.java +++ b/jans-client-api/server/src/main/java/io/jans/ca/server/op/CheckIdTokenOperation.java @@ -4,7 +4,6 @@ import io.jans.as.model.common.ResponseType; import io.jans.as.model.jwt.Jwt; import io.jans.as.model.jwt.JwtClaimName; -import io.jans.ca.common.Command; import io.jans.ca.common.CommandType; import io.jans.ca.common.params.CheckIdTokenParams; import io.jans.ca.common.response.CheckIdTokenResponse; @@ -14,7 +13,6 @@ import io.jans.ca.server.configuration.model.Rp; import io.jans.ca.server.service.DiscoveryService; import io.jans.ca.server.service.PublicOpKeyService; -import io.jans.ca.server.service.ServiceProvider; import jakarta.inject.Inject; import jakarta.servlet.http.HttpServletRequest; import org.slf4j.Logger; @@ -27,7 +25,7 @@ * @version 0.9, 18/10/2013 */ -public class CheckIdTokenOperation extends TemplateOperation { +public class CheckIdTokenOperation extends BaseOperation { private static final Logger LOG = LoggerFactory.getLogger(CheckIdTokenOperation.class); diff --git a/jans-client-api/server/src/main/java/io/jans/ca/server/op/GetAccessTokenByRefreshTokenOperation.java b/jans-client-api/server/src/main/java/io/jans/ca/server/op/GetAccessTokenByRefreshTokenOperation.java index 86158c6c467..6f84b644581 100644 --- a/jans-client-api/server/src/main/java/io/jans/ca/server/op/GetAccessTokenByRefreshTokenOperation.java +++ b/jans-client-api/server/src/main/java/io/jans/ca/server/op/GetAccessTokenByRefreshTokenOperation.java @@ -5,7 +5,6 @@ import io.jans.as.client.TokenClient; import io.jans.as.client.TokenResponse; import io.jans.as.model.util.Util; -import io.jans.ca.common.Command; import io.jans.ca.common.CommandType; import io.jans.ca.common.ErrorResponseCode; import io.jans.ca.common.params.GetAccessTokenByRefreshTokenParams; @@ -15,7 +14,6 @@ import io.jans.ca.server.Utils; import io.jans.ca.server.configuration.model.Rp; import io.jans.ca.server.service.DiscoveryService; -import io.jans.ca.server.service.ServiceProvider; import jakarta.enterprise.context.RequestScoped; import jakarta.inject.Inject; import jakarta.inject.Named; @@ -28,7 +26,7 @@ @RequestScoped @Named -public class GetAccessTokenByRefreshTokenOperation extends TemplateOperation { +public class GetAccessTokenByRefreshTokenOperation extends BaseOperation { private static final Logger LOG = LoggerFactory.getLogger(GetAccessTokenByRefreshTokenOperation.class); diff --git a/jans-client-api/server/src/main/java/io/jans/ca/server/op/GetAuthorizationCodeOperation.java b/jans-client-api/server/src/main/java/io/jans/ca/server/op/GetAuthorizationCodeOperation.java index 3926e36e8c7..5009135c5c8 100644 --- a/jans-client-api/server/src/main/java/io/jans/ca/server/op/GetAuthorizationCodeOperation.java +++ b/jans-client-api/server/src/main/java/io/jans/ca/server/op/GetAuthorizationCodeOperation.java @@ -7,7 +7,6 @@ import io.jans.as.client.AuthorizeClient; import io.jans.as.model.common.Prompt; import io.jans.as.model.common.ResponseType; -import io.jans.ca.common.Command; import io.jans.ca.common.CommandType; import io.jans.ca.common.ErrorResponseCode; import io.jans.ca.common.params.GetAuthorizationCodeParams; @@ -16,8 +15,6 @@ import io.jans.ca.server.HttpException; import io.jans.ca.server.configuration.model.Rp; import io.jans.ca.server.service.DiscoveryService; -import io.jans.ca.server.service.HttpService; -import io.jans.ca.server.service.ServiceProvider; import io.jans.ca.server.service.StateService; import jakarta.enterprise.context.RequestScoped; import jakarta.inject.Inject; @@ -31,7 +28,7 @@ @RequestScoped @Named -public class GetAuthorizationCodeOperation extends TemplateOperation { +public class GetAuthorizationCodeOperation extends BaseOperation { private static final Logger LOG = LoggerFactory.getLogger(GetAuthorizationCodeOperation.class); @Inject diff --git a/jans-client-api/server/src/main/java/io/jans/ca/server/op/GetAuthorizationUrlOperation.java b/jans-client-api/server/src/main/java/io/jans/ca/server/op/GetAuthorizationUrlOperation.java index 7e47caf5b84..46946860b1e 100644 --- a/jans-client-api/server/src/main/java/io/jans/ca/server/op/GetAuthorizationUrlOperation.java +++ b/jans-client-api/server/src/main/java/io/jans/ca/server/op/GetAuthorizationUrlOperation.java @@ -4,7 +4,6 @@ import com.google.common.collect.Lists; import io.jans.as.model.authorize.AuthorizeRequestParam; import io.jans.as.model.util.Util; -import io.jans.ca.common.Command; import io.jans.ca.common.CommandType; import io.jans.ca.common.ErrorResponseCode; import io.jans.ca.common.ExpiredObjectType; @@ -15,9 +14,7 @@ import io.jans.ca.server.Utils; import io.jans.ca.server.configuration.model.Rp; import io.jans.ca.server.service.DiscoveryService; -import io.jans.ca.server.service.ServiceProvider; import io.jans.ca.server.service.StateService; -import io.jans.ca.server.persistence.service.MainPersistenceService; import jakarta.enterprise.context.RequestScoped; import jakarta.inject.Inject; import jakarta.inject.Named; @@ -31,7 +28,7 @@ @RequestScoped @Named -public class GetAuthorizationUrlOperation extends TemplateOperation { +public class GetAuthorizationUrlOperation extends BaseOperation { private static final Logger LOG = LoggerFactory.getLogger(GetAuthorizationUrlOperation.class); @Inject diff --git a/jans-client-api/server/src/main/java/io/jans/ca/server/op/GetClientTokenOperation.java b/jans-client-api/server/src/main/java/io/jans/ca/server/op/GetClientTokenOperation.java index a28c124027b..768f1a45845 100644 --- a/jans-client-api/server/src/main/java/io/jans/ca/server/op/GetClientTokenOperation.java +++ b/jans-client-api/server/src/main/java/io/jans/ca/server/op/GetClientTokenOperation.java @@ -8,7 +8,6 @@ import io.jans.as.model.common.GrantType; import io.jans.as.model.crypto.signature.SignatureAlgorithm; import io.jans.as.model.util.Util; -import io.jans.ca.common.Command; import io.jans.ca.common.CommandType; import io.jans.ca.common.ErrorResponseCode; import io.jans.ca.common.params.GetClientTokenParams; @@ -18,7 +17,6 @@ import io.jans.ca.server.Utils; import io.jans.ca.server.service.DiscoveryService; import io.jans.ca.server.service.HttpService; -import io.jans.ca.server.service.ServiceProvider; import jakarta.enterprise.context.RequestScoped; import jakarta.inject.Inject; import jakarta.inject.Named; @@ -30,7 +28,7 @@ import java.util.Set; @RequestScoped @Named -public class GetClientTokenOperation extends TemplateOperation { +public class GetClientTokenOperation extends BaseOperation { private static final Logger LOG = LoggerFactory.getLogger(GetClientTokenOperation.class); diff --git a/jans-client-api/server/src/main/java/io/jans/ca/server/op/GetDiscoveryOperation.java b/jans-client-api/server/src/main/java/io/jans/ca/server/op/GetDiscoveryOperation.java index 24f8dbad835..76182b8bbb6 100644 --- a/jans-client-api/server/src/main/java/io/jans/ca/server/op/GetDiscoveryOperation.java +++ b/jans-client-api/server/src/main/java/io/jans/ca/server/op/GetDiscoveryOperation.java @@ -1,22 +1,17 @@ package io.jans.ca.server.op; import io.jans.as.client.OpenIdConfigurationResponse; -import io.jans.ca.common.Command; import io.jans.ca.common.CommandType; import io.jans.ca.common.ErrorResponseCode; import io.jans.ca.common.params.GetDiscoveryParams; -import io.jans.ca.common.params.IParams; import io.jans.ca.common.response.GetDiscoveryResponse; import io.jans.ca.common.response.IOpResponse; import io.jans.ca.server.HttpException; import io.jans.ca.server.service.DiscoveryService; -import io.jans.ca.server.service.ServiceProvider; import jakarta.enterprise.context.RequestScoped; import jakarta.inject.Inject; import jakarta.inject.Named; import jakarta.servlet.http.HttpServletRequest; -import jakarta.ws.rs.core.Context; -import jakarta.ws.rs.core.Response; import org.apache.commons.beanutils.BeanUtils; import org.slf4j.Logger; import org.slf4j.LoggerFactory; @@ -25,7 +20,7 @@ @RequestScoped @Named -public class GetDiscoveryOperation extends TemplateOperation { +public class GetDiscoveryOperation extends BaseOperation { private static final Logger LOG = LoggerFactory.getLogger(GetDiscoveryOperation.class); diff --git a/jans-client-api/server/src/main/java/io/jans/ca/server/op/GetIssuerOperation.java b/jans-client-api/server/src/main/java/io/jans/ca/server/op/GetIssuerOperation.java index ce5e7765c41..3ad1cbf8f64 100644 --- a/jans-client-api/server/src/main/java/io/jans/ca/server/op/GetIssuerOperation.java +++ b/jans-client-api/server/src/main/java/io/jans/ca/server/op/GetIssuerOperation.java @@ -3,7 +3,6 @@ import io.jans.as.client.OpenIdConnectDiscoveryClient; import io.jans.as.client.OpenIdConnectDiscoveryResponse; import io.jans.as.model.discovery.WebFingerParam; -import io.jans.ca.common.Command; import io.jans.ca.common.CommandType; import io.jans.ca.common.ErrorResponseCode; import io.jans.ca.common.params.GetIssuerParams; @@ -11,7 +10,6 @@ import io.jans.ca.common.response.IOpResponse; import io.jans.ca.server.HttpException; import io.jans.ca.server.service.DiscoveryService; -import io.jans.ca.server.service.ServiceProvider; import jakarta.inject.Inject; import jakarta.servlet.http.HttpServletRequest; import org.apache.commons.beanutils.BeanUtils; @@ -22,7 +20,7 @@ import java.util.List; import java.util.stream.Collectors; -public class GetIssuerOperation extends TemplateOperation { +public class GetIssuerOperation extends BaseOperation { private static final Logger LOG = LoggerFactory.getLogger(GetIssuerOperation.class); diff --git a/jans-client-api/server/src/main/java/io/jans/ca/server/op/GetJwksOperation.java b/jans-client-api/server/src/main/java/io/jans/ca/server/op/GetJwksOperation.java index d5f3ffdbad6..2ae13e65943 100644 --- a/jans-client-api/server/src/main/java/io/jans/ca/server/op/GetJwksOperation.java +++ b/jans-client-api/server/src/main/java/io/jans/ca/server/op/GetJwksOperation.java @@ -22,7 +22,7 @@ @RequestScoped @Named -public class GetJwksOperation extends TemplateOperation { +public class GetJwksOperation extends BaseOperation { @Inject DiscoveryService discoveryService; diff --git a/jans-client-api/server/src/main/java/io/jans/ca/server/op/GetLogoutUrlOperation.java b/jans-client-api/server/src/main/java/io/jans/ca/server/op/GetLogoutUrlOperation.java index 3c9f16c2ef1..ddaaaeab6af 100644 --- a/jans-client-api/server/src/main/java/io/jans/ca/server/op/GetLogoutUrlOperation.java +++ b/jans-client-api/server/src/main/java/io/jans/ca/server/op/GetLogoutUrlOperation.java @@ -2,7 +2,6 @@ import com.google.common.base.Strings; import io.jans.as.client.OpenIdConfigurationResponse; -import io.jans.ca.common.Command; import io.jans.ca.common.CommandType; import io.jans.ca.common.ErrorResponseCode; import io.jans.ca.common.ExpiredObjectType; @@ -11,9 +10,7 @@ import io.jans.ca.common.response.IOpResponse; import io.jans.ca.server.HttpException; import io.jans.ca.server.configuration.model.Rp; -import io.jans.ca.server.persistence.service.MainPersistenceService; import io.jans.ca.server.service.DiscoveryService; -import io.jans.ca.server.service.ServiceProvider; import io.jans.ca.server.service.StateService; import jakarta.enterprise.context.RequestScoped; import jakarta.inject.Inject; @@ -26,7 +23,7 @@ @RequestScoped @Named -public class GetLogoutUrlOperation extends TemplateOperation { +public class GetLogoutUrlOperation extends BaseOperation { private static final String GOOGLE_OP_HOST = "https://accounts.google.com"; diff --git a/jans-client-api/server/src/main/java/io/jans/ca/server/op/GetRequestObjectOperation.java b/jans-client-api/server/src/main/java/io/jans/ca/server/op/GetRequestObjectOperation.java index e356fe0afa1..2ab872218bf 100644 --- a/jans-client-api/server/src/main/java/io/jans/ca/server/op/GetRequestObjectOperation.java +++ b/jans-client-api/server/src/main/java/io/jans/ca/server/op/GetRequestObjectOperation.java @@ -1,7 +1,6 @@ package io.jans.ca.server.op; import com.google.common.base.Strings; -import io.jans.ca.common.Command; import io.jans.ca.common.CommandType; import io.jans.ca.common.ErrorResponseCode; import io.jans.ca.common.ExpiredObject; @@ -10,13 +9,12 @@ import io.jans.ca.common.response.POJOResponse; import io.jans.ca.server.HttpException; import io.jans.ca.server.service.RequestObjectService; -import io.jans.ca.server.service.ServiceProvider; import jakarta.inject.Inject; import jakarta.servlet.http.HttpServletRequest; import org.slf4j.Logger; import org.slf4j.LoggerFactory; -public class GetRequestObjectOperation extends TemplateOperation { +public class GetRequestObjectOperation extends BaseOperation { private static final Logger LOG = LoggerFactory.getLogger(GetRequestObjectOperation.class); @Inject RequestObjectService requestObjectService; diff --git a/jans-client-api/server/src/main/java/io/jans/ca/server/op/GetRequestObjectUriOperation.java b/jans-client-api/server/src/main/java/io/jans/ca/server/op/GetRequestObjectUriOperation.java index d51e392f9ac..2ea5f3005d1 100644 --- a/jans-client-api/server/src/main/java/io/jans/ca/server/op/GetRequestObjectUriOperation.java +++ b/jans-client-api/server/src/main/java/io/jans/ca/server/op/GetRequestObjectUriOperation.java @@ -28,7 +28,7 @@ import java.util.Map; import java.util.UUID; -public class GetRequestObjectUriOperation extends TemplateOperation { +public class GetRequestObjectUriOperation extends BaseOperation { private static final Logger LOG = LoggerFactory.getLogger(GetRequestObjectUriOperation.class); diff --git a/jans-client-api/server/src/main/java/io/jans/ca/server/op/GetRpJwksOperation.java b/jans-client-api/server/src/main/java/io/jans/ca/server/op/GetRpJwksOperation.java index 55aa681c78b..def52c5a585 100644 --- a/jans-client-api/server/src/main/java/io/jans/ca/server/op/GetRpJwksOperation.java +++ b/jans-client-api/server/src/main/java/io/jans/ca/server/op/GetRpJwksOperation.java @@ -1,13 +1,11 @@ package io.jans.ca.server.op; -import io.jans.ca.common.Command; import io.jans.ca.common.CommandType; import io.jans.ca.common.params.GetJwksParams; import io.jans.ca.common.response.IOpResponse; import io.jans.ca.common.response.POJOResponse; import io.jans.ca.server.HttpException; import io.jans.ca.server.service.KeyGeneratorService; -import io.jans.ca.server.service.ServiceProvider; import jakarta.enterprise.context.RequestScoped; import jakarta.inject.Inject; import jakarta.inject.Named; @@ -15,7 +13,7 @@ @RequestScoped @Named -public class GetRpJwksOperation extends TemplateOperation { +public class GetRpJwksOperation extends BaseOperation { @Inject KeyGeneratorService keyGeneratorService; diff --git a/jans-client-api/server/src/main/java/io/jans/ca/server/op/GetRpOperation.java b/jans-client-api/server/src/main/java/io/jans/ca/server/op/GetRpOperation.java index 64ce9dcacf9..8d2d5425452 100644 --- a/jans-client-api/server/src/main/java/io/jans/ca/server/op/GetRpOperation.java +++ b/jans-client-api/server/src/main/java/io/jans/ca/server/op/GetRpOperation.java @@ -1,6 +1,5 @@ package io.jans.ca.server.op; -import io.jans.ca.common.Command; import io.jans.ca.common.CommandType; import io.jans.ca.common.Jackson2; import io.jans.ca.common.params.GetRpParams; @@ -9,8 +8,6 @@ import io.jans.ca.server.configuration.model.MinimumRp; import io.jans.ca.server.configuration.model.Rp; import io.jans.ca.server.service.RpService; -import io.jans.ca.server.service.RpSyncService; -import io.jans.ca.server.service.ServiceProvider; import jakarta.enterprise.context.RequestScoped; import jakarta.inject.Inject; import jakarta.inject.Named; @@ -23,7 +20,7 @@ @RequestScoped @Named -public class GetRpOperation extends TemplateOperation { +public class GetRpOperation extends BaseOperation { private static final Logger LOG = LoggerFactory.getLogger(GetRpOperation.class); @Inject diff --git a/jans-client-api/server/src/main/java/io/jans/ca/server/op/GetTokensByCodeOperation.java b/jans-client-api/server/src/main/java/io/jans/ca/server/op/GetTokensByCodeOperation.java index 086b4106680..c6beade091c 100644 --- a/jans-client-api/server/src/main/java/io/jans/ca/server/op/GetTokensByCodeOperation.java +++ b/jans-client-api/server/src/main/java/io/jans/ca/server/op/GetTokensByCodeOperation.java @@ -19,7 +19,6 @@ import io.jans.ca.server.HttpException; import io.jans.ca.server.configuration.model.Rp; import io.jans.ca.server.service.*; -import io.jans.ca.server.persistence.service.MainPersistenceService; import jakarta.enterprise.context.RequestScoped; import jakarta.inject.Inject; import jakarta.inject.Named; @@ -30,7 +29,7 @@ @RequestScoped @Named -public class GetTokensByCodeOperation extends TemplateOperation { +public class GetTokensByCodeOperation extends BaseOperation { private static final Logger LOG = LoggerFactory.getLogger(GetTokensByCodeOperation.class); @Inject diff --git a/jans-client-api/server/src/main/java/io/jans/ca/server/op/GetUserInfoOperation.java b/jans-client-api/server/src/main/java/io/jans/ca/server/op/GetUserInfoOperation.java index d066cb0ba3f..65eb3dc66d0 100644 --- a/jans-client-api/server/src/main/java/io/jans/ca/server/op/GetUserInfoOperation.java +++ b/jans-client-api/server/src/main/java/io/jans/ca/server/op/GetUserInfoOperation.java @@ -6,7 +6,6 @@ import io.jans.as.client.UserInfoResponse; import io.jans.as.model.jwt.Jwt; import io.jans.as.model.jwt.JwtClaimName; -import io.jans.ca.common.Command; import io.jans.ca.common.CommandType; import io.jans.ca.common.ErrorResponseCode; import io.jans.ca.common.Jackson2; @@ -16,8 +15,6 @@ import io.jans.ca.server.HttpException; import io.jans.ca.server.service.DiscoveryService; import io.jans.ca.server.service.HttpService; -import io.jans.ca.server.service.ServiceProvider; -import io.jans.ca.server.persistence.service.MainPersistenceService; import jakarta.enterprise.context.RequestScoped; import jakarta.inject.Inject; import jakarta.inject.Named; @@ -29,7 +26,7 @@ @RequestScoped @Named -public class GetUserInfoOperation extends TemplateOperation { +public class GetUserInfoOperation extends BaseOperation { private static final Logger LOG = LoggerFactory.getLogger(GetUserInfoOperation.class); @Inject diff --git a/jans-client-api/server/src/main/java/io/jans/ca/server/op/ITemplateOperation.java b/jans-client-api/server/src/main/java/io/jans/ca/server/op/IOperation.java similarity index 90% rename from jans-client-api/server/src/main/java/io/jans/ca/server/op/ITemplateOperation.java rename to jans-client-api/server/src/main/java/io/jans/ca/server/op/IOperation.java index 5d70445a897..043a545acb9 100644 --- a/jans-client-api/server/src/main/java/io/jans/ca/server/op/ITemplateOperation.java +++ b/jans-client-api/server/src/main/java/io/jans/ca/server/op/IOperation.java @@ -8,7 +8,7 @@ import io.jans.ca.common.response.IOpResponse; import jakarta.servlet.http.HttpServletRequest; -public interface ITemplateOperation { +public interface IOperation { /** * Executes operations and produces response. diff --git a/jans-client-api/server/src/main/java/io/jans/ca/server/op/ImplicitFlowOperation.java b/jans-client-api/server/src/main/java/io/jans/ca/server/op/ImplicitFlowOperation.java index e06bac3119d..f50f4bfda2b 100644 --- a/jans-client-api/server/src/main/java/io/jans/ca/server/op/ImplicitFlowOperation.java +++ b/jans-client-api/server/src/main/java/io/jans/ca/server/op/ImplicitFlowOperation.java @@ -29,7 +29,7 @@ * @version 0.9, 23/06/2015 */ -public class ImplicitFlowOperation extends TemplateOperation { +public class ImplicitFlowOperation extends BaseOperation { private static final Logger LOG = LoggerFactory.getLogger(ImplicitFlowOperation.class); @Inject diff --git a/jans-client-api/server/src/main/java/io/jans/ca/server/op/IntrospectAccessTokenOperation.java b/jans-client-api/server/src/main/java/io/jans/ca/server/op/IntrospectAccessTokenOperation.java index d8ee5984cb5..b35c0624e7f 100644 --- a/jans-client-api/server/src/main/java/io/jans/ca/server/op/IntrospectAccessTokenOperation.java +++ b/jans-client-api/server/src/main/java/io/jans/ca/server/op/IntrospectAccessTokenOperation.java @@ -1,13 +1,11 @@ package io.jans.ca.server.op; import io.jans.as.model.common.IntrospectionResponse; -import io.jans.ca.common.Command; import io.jans.ca.common.CommandType; import io.jans.ca.common.params.IntrospectAccessTokenParams; import io.jans.ca.common.response.IOpResponse; import io.jans.ca.common.response.POJOResponse; import io.jans.ca.server.service.IntrospectionService; -import io.jans.ca.server.service.ServiceProvider; import jakarta.enterprise.context.RequestScoped; import jakarta.inject.Inject; import jakarta.inject.Named; @@ -17,7 +15,7 @@ @RequestScoped @Named -public class IntrospectAccessTokenOperation extends TemplateOperation { +public class IntrospectAccessTokenOperation extends BaseOperation { private static final Logger LOG = LoggerFactory.getLogger(IntrospectAccessTokenOperation.class); @Inject diff --git a/jans-client-api/server/src/main/java/io/jans/ca/server/op/IntrospectRptOperation.java b/jans-client-api/server/src/main/java/io/jans/ca/server/op/IntrospectRptOperation.java index 17becd109bc..5f5a084495c 100644 --- a/jans-client-api/server/src/main/java/io/jans/ca/server/op/IntrospectRptOperation.java +++ b/jans-client-api/server/src/main/java/io/jans/ca/server/op/IntrospectRptOperation.java @@ -13,7 +13,7 @@ @RequestScoped @Named -public class IntrospectRptOperation extends TemplateOperation { +public class IntrospectRptOperation extends BaseOperation { @Inject IntrospectionService introspectionService; diff --git a/jans-client-api/server/src/main/java/io/jans/ca/server/op/RegisterSiteOperation.java b/jans-client-api/server/src/main/java/io/jans/ca/server/op/RegisterSiteOperation.java index 375732d1219..440b3726241 100644 --- a/jans-client-api/server/src/main/java/io/jans/ca/server/op/RegisterSiteOperation.java +++ b/jans-client-api/server/src/main/java/io/jans/ca/server/op/RegisterSiteOperation.java @@ -15,7 +15,6 @@ import io.jans.as.model.crypto.signature.SignatureAlgorithm; import io.jans.as.model.register.ApplicationType; import io.jans.as.model.uma.UmaMetadata; -import io.jans.ca.common.Command; import io.jans.ca.common.CommandType; import io.jans.ca.common.ErrorResponseCode; import io.jans.ca.common.params.RegisterSiteParams; @@ -27,8 +26,6 @@ import io.jans.ca.server.mapper.RegisterRequestMapper; import io.jans.ca.server.service.DiscoveryService; import io.jans.ca.server.service.RpService; -import io.jans.ca.server.persistence.service.MainPersistenceService; -import io.jans.ca.server.service.ServiceProvider; import jakarta.inject.Inject; import jakarta.servlet.http.HttpServletRequest; import org.apache.commons.collections.CollectionUtils; @@ -46,7 +43,7 @@ * @author Yuriy Zabrovarnyy */ -public class RegisterSiteOperation extends TemplateOperation { +public class RegisterSiteOperation extends BaseOperation { private static final Logger LOG = LoggerFactory.getLogger(RegisterSiteOperation.class); diff --git a/jans-client-api/server/src/main/java/io/jans/ca/server/op/RemoveSiteOperation.java b/jans-client-api/server/src/main/java/io/jans/ca/server/op/RemoveSiteOperation.java index 5502a19d87e..272e2bb86e2 100644 --- a/jans-client-api/server/src/main/java/io/jans/ca/server/op/RemoveSiteOperation.java +++ b/jans-client-api/server/src/main/java/io/jans/ca/server/op/RemoveSiteOperation.java @@ -14,7 +14,7 @@ @RequestScoped @Named -public class RemoveSiteOperation extends TemplateOperation { +public class RemoveSiteOperation extends BaseOperation { @Inject RpService rpService; diff --git a/jans-client-api/server/src/main/java/io/jans/ca/server/op/RpGetGetClaimsGatheringUrlOperation.java b/jans-client-api/server/src/main/java/io/jans/ca/server/op/RpGetGetClaimsGatheringUrlOperation.java index a368c7475c2..128809af305 100644 --- a/jans-client-api/server/src/main/java/io/jans/ca/server/op/RpGetGetClaimsGatheringUrlOperation.java +++ b/jans-client-api/server/src/main/java/io/jans/ca/server/op/RpGetGetClaimsGatheringUrlOperation.java @@ -25,7 +25,7 @@ @RequestScoped @Named -public class RpGetGetClaimsGatheringUrlOperation extends TemplateOperation { +public class RpGetGetClaimsGatheringUrlOperation extends BaseOperation { @Inject DiscoveryService discoveryService; diff --git a/jans-client-api/server/src/main/java/io/jans/ca/server/op/RpGetRptOperation.java b/jans-client-api/server/src/main/java/io/jans/ca/server/op/RpGetRptOperation.java index c5a280459b3..94a20f64f14 100644 --- a/jans-client-api/server/src/main/java/io/jans/ca/server/op/RpGetRptOperation.java +++ b/jans-client-api/server/src/main/java/io/jans/ca/server/op/RpGetRptOperation.java @@ -5,7 +5,6 @@ import io.jans.as.model.uma.UmaNeedInfoResponse; import io.jans.as.model.util.Util; -import io.jans.ca.common.Command; import io.jans.ca.common.CommandType; import io.jans.ca.common.ErrorResponseCode; import io.jans.ca.common.Jackson2; @@ -13,7 +12,6 @@ import io.jans.ca.common.response.IOpResponse; import io.jans.ca.server.HttpException; -import io.jans.ca.server.service.ServiceProvider; import jakarta.enterprise.context.RequestScoped; import jakarta.inject.Inject; import jakarta.inject.Named; @@ -33,7 +31,7 @@ @RequestScoped @Named -public class RpGetRptOperation extends TemplateOperation { +public class RpGetRptOperation extends BaseOperation { private static final Logger LOG = LoggerFactory.getLogger(RpGetRptOperation.class); @Inject diff --git a/jans-client-api/server/src/main/java/io/jans/ca/server/op/RsCheckAccessOperation.java b/jans-client-api/server/src/main/java/io/jans/ca/server/op/RsCheckAccessOperation.java index 1aaa0418887..5276af25ca0 100644 --- a/jans-client-api/server/src/main/java/io/jans/ca/server/op/RsCheckAccessOperation.java +++ b/jans-client-api/server/src/main/java/io/jans/ca/server/op/RsCheckAccessOperation.java @@ -35,7 +35,7 @@ @RequestScoped @Named -public class RsCheckAccessOperation extends TemplateOperation { +public class RsCheckAccessOperation extends BaseOperation { private static final Logger LOG = LoggerFactory.getLogger(RsCheckAccessOperation.class); @Inject diff --git a/jans-client-api/server/src/main/java/io/jans/ca/server/op/RsModifyOperation.java b/jans-client-api/server/src/main/java/io/jans/ca/server/op/RsModifyOperation.java index f765ee8a1ad..004d5e9aacf 100644 --- a/jans-client-api/server/src/main/java/io/jans/ca/server/op/RsModifyOperation.java +++ b/jans-client-api/server/src/main/java/io/jans/ca/server/op/RsModifyOperation.java @@ -35,7 +35,7 @@ @RequestScoped @Named -public class RsModifyOperation extends TemplateOperation { +public class RsModifyOperation extends BaseOperation { private static final Logger LOG = LoggerFactory.getLogger(RsModifyOperation.class); diff --git a/jans-client-api/server/src/main/java/io/jans/ca/server/op/RsProtectOperation.java b/jans-client-api/server/src/main/java/io/jans/ca/server/op/RsProtectOperation.java index db79d7bb18d..9b7918b621d 100644 --- a/jans-client-api/server/src/main/java/io/jans/ca/server/op/RsProtectOperation.java +++ b/jans-client-api/server/src/main/java/io/jans/ca/server/op/RsProtectOperation.java @@ -10,7 +10,6 @@ import io.jans.as.model.uma.JsonLogicNodeParser; import io.jans.as.model.uma.UmaMetadata; import io.jans.as.model.util.Util; -import io.jans.ca.common.Command; import io.jans.ca.common.CommandType; import io.jans.ca.common.ErrorResponseCode; import io.jans.ca.common.params.RsProtectParams; @@ -44,7 +43,7 @@ import java.util.Set; @RequestScoped @Named -public class RsProtectOperation extends TemplateOperation { +public class RsProtectOperation extends BaseOperation { private static final Logger LOG = LoggerFactory.getLogger(RsProtectOperation.class); diff --git a/jans-client-api/server/src/main/java/io/jans/ca/server/op/UpdateSiteOperation.java b/jans-client-api/server/src/main/java/io/jans/ca/server/op/UpdateSiteOperation.java index 39f14baeb58..78ee889f26e 100644 --- a/jans-client-api/server/src/main/java/io/jans/ca/server/op/UpdateSiteOperation.java +++ b/jans-client-api/server/src/main/java/io/jans/ca/server/op/UpdateSiteOperation.java @@ -11,7 +11,6 @@ import io.jans.as.model.crypto.encryption.BlockEncryptionAlgorithm; import io.jans.as.model.crypto.encryption.KeyEncryptionAlgorithm; import io.jans.as.model.crypto.signature.SignatureAlgorithm; -import io.jans.ca.common.Command; import io.jans.ca.common.CommandType; import io.jans.ca.common.ErrorResponseCode; import io.jans.ca.common.params.UpdateSiteParams; @@ -22,7 +21,6 @@ import io.jans.ca.server.configuration.model.Rp; import io.jans.ca.server.mapper.RegisterRequestMapper; import io.jans.ca.server.service.RpService; -import io.jans.ca.server.service.ServiceProvider; import jakarta.enterprise.context.RequestScoped; import jakarta.inject.Inject; import jakarta.inject.Named; @@ -40,7 +38,7 @@ @RequestScoped @Named -public class UpdateSiteOperation extends TemplateOperation { +public class UpdateSiteOperation extends BaseOperation { private static final Logger LOG = LoggerFactory.getLogger(UpdateSiteOperation.class); diff --git a/jans-client-api/server/src/main/java/io/jans/ca/server/op/ValidateOperation.java b/jans-client-api/server/src/main/java/io/jans/ca/server/op/ValidateOperation.java index ecaa69ba0e3..d27e7c92dc5 100644 --- a/jans-client-api/server/src/main/java/io/jans/ca/server/op/ValidateOperation.java +++ b/jans-client-api/server/src/main/java/io/jans/ca/server/op/ValidateOperation.java @@ -3,7 +3,6 @@ import com.google.common.base.Strings; import io.jans.as.client.OpenIdConfigurationResponse; import io.jans.as.model.jwt.Jwt; -import io.jans.ca.common.Command; import io.jans.ca.common.CommandType; import io.jans.ca.common.ErrorResponseCode; import io.jans.ca.common.params.ValidateParams; @@ -13,7 +12,6 @@ import io.jans.ca.server.configuration.model.Rp; import io.jans.ca.server.service.DiscoveryService; import io.jans.ca.server.service.PublicOpKeyService; -import io.jans.ca.server.service.ServiceProvider; import io.jans.ca.server.service.StateService; import jakarta.enterprise.context.RequestScoped; import jakarta.inject.Inject; @@ -22,7 +20,7 @@ @RequestScoped @Named -public class ValidateOperation extends TemplateOperation { +public class ValidateOperation extends BaseOperation { @Inject DiscoveryService discoveryService; diff --git a/jans-client-api/server/src/main/java/io/jans/ca/server/rest/OAuth20Resource.java b/jans-client-api/server/src/main/java/io/jans/ca/server/rest/OAuth20Resource.java index b12512d8f37..8488362f778 100644 --- a/jans-client-api/server/src/main/java/io/jans/ca/server/rest/OAuth20Resource.java +++ b/jans-client-api/server/src/main/java/io/jans/ca/server/rest/OAuth20Resource.java @@ -1,6 +1,7 @@ package io.jans.ca.server.rest; import io.jans.ca.server.op.*; +import io.jans.configapi.core.rest.ProtectedApi; import jakarta.inject.Inject; import jakarta.ws.rs.*; import jakarta.ws.rs.core.MediaType; @@ -68,6 +69,7 @@ public Response getClientToken(String params) { } @POST + @ProtectedApi @Path("/get-access-token-by-refresh-token") @Produces(MediaType.APPLICATION_JSON) @Consumes(MediaType.APPLICATION_JSON) @@ -77,6 +79,7 @@ public Response getAccessTokenByRefreshToken(String params) { } @POST + @ProtectedApi @Path("/introspect-access-token") @Produces(MediaType.APPLICATION_JSON) @Consumes(MediaType.APPLICATION_JSON) @@ -86,6 +89,7 @@ public Response introspectAccessToken(String params) { } @POST + @ProtectedApi @Path("/get-user-info") @Produces(MediaType.APPLICATION_JSON) @Consumes(MediaType.APPLICATION_JSON) @@ -112,6 +116,7 @@ public Response getDiscovery(String params) { } @POST + @ProtectedApi @Path("/check-access-token") @Produces(MediaType.APPLICATION_JSON) @Consumes(MediaType.APPLICATION_JSON) @@ -121,6 +126,7 @@ public Response checkAccessToken(String params) { } @POST + @ProtectedApi @Path("/check-id-token") @Produces(MediaType.APPLICATION_JSON) @Consumes(MediaType.APPLICATION_JSON) @@ -130,6 +136,7 @@ public Response checkIdToken(String params) { } @POST + @ProtectedApi @Path("/get-issuer") @Produces(MediaType.APPLICATION_JSON) @Consumes(MediaType.APPLICATION_JSON) diff --git a/jans-client-api/server/src/main/java/io/jans/ca/server/rest/OpenIdConnectResource.java b/jans-client-api/server/src/main/java/io/jans/ca/server/rest/OpenIdConnectResource.java index f4658d0f362..90467580500 100644 --- a/jans-client-api/server/src/main/java/io/jans/ca/server/rest/OpenIdConnectResource.java +++ b/jans-client-api/server/src/main/java/io/jans/ca/server/rest/OpenIdConnectResource.java @@ -9,6 +9,7 @@ import io.jans.ca.server.op.GetAuthorizationUrlOperation; import io.jans.ca.server.op.GetLogoutUrlOperation; import io.jans.ca.server.op.GetTokensByCodeOperation; +import io.jans.configapi.core.rest.ProtectedApi; import jakarta.inject.Inject; import jakarta.ws.rs.*; import jakarta.ws.rs.core.MediaType; @@ -27,6 +28,7 @@ public class OpenIdConnectResource extends BaseResource { GetLogoutUrlOperation getLogoutUrlOp; @POST + @ProtectedApi @Path("/get-authorization-url") @Produces(MediaType.APPLICATION_JSON) @Consumes(MediaType.APPLICATION_JSON) @@ -36,6 +38,7 @@ public Response getAuthorizationUrl(String params) { } @POST + @ProtectedApi @Path("/get-authorization-code") @Produces(MediaType.APPLICATION_JSON) @Consumes(MediaType.APPLICATION_JSON) @@ -45,6 +48,7 @@ public Response getAuthorizationCode(String params) { } @POST + @ProtectedApi @Path("/get-tokens-by-code") @Produces(MediaType.APPLICATION_JSON) @Consumes(MediaType.APPLICATION_JSON) @@ -54,6 +58,7 @@ public Response getTokenByCode(String params) { } @POST + @ProtectedApi @Path("/get-logout-uri") @Produces(MediaType.APPLICATION_JSON) @Consumes(MediaType.APPLICATION_JSON) diff --git a/jans-client-api/server/src/main/java/io/jans/ca/server/rest/RpResource.java b/jans-client-api/server/src/main/java/io/jans/ca/server/rest/RpResource.java index 5d83e541d65..abdd305bedf 100644 --- a/jans-client-api/server/src/main/java/io/jans/ca/server/rest/RpResource.java +++ b/jans-client-api/server/src/main/java/io/jans/ca/server/rest/RpResource.java @@ -2,6 +2,7 @@ import io.jans.ca.common.params.StringParam; import io.jans.ca.server.op.*; +import io.jans.configapi.core.rest.ProtectedApi; import jakarta.inject.Inject; import jakarta.ws.rs.*; import jakarta.ws.rs.core.MediaType; @@ -38,6 +39,7 @@ public Response getRp(String params) { } @POST + @ProtectedApi @Path("/authorization-code-flow") @Produces(MediaType.APPLICATION_JSON) @Consumes(MediaType.APPLICATION_JSON) @@ -55,6 +57,7 @@ public Response getRequestObject(@PathParam("request_object_id") String value) { } @POST + @ProtectedApi @Path("/get-request-object-uri") @Produces(MediaType.APPLICATION_JSON) @Consumes(MediaType.APPLICATION_JSON) diff --git a/jans-client-api/server/src/main/java/io/jans/ca/server/rest/UMA2RelyingPartyResource.java b/jans-client-api/server/src/main/java/io/jans/ca/server/rest/UMA2RelyingPartyResource.java index 7b47ea36b2f..f0d4777ab51 100644 --- a/jans-client-api/server/src/main/java/io/jans/ca/server/rest/UMA2RelyingPartyResource.java +++ b/jans-client-api/server/src/main/java/io/jans/ca/server/rest/UMA2RelyingPartyResource.java @@ -2,6 +2,7 @@ import io.jans.ca.server.op.RpGetGetClaimsGatheringUrlOperation; import io.jans.ca.server.op.RpGetRptOperation; +import io.jans.configapi.core.rest.ProtectedApi; import jakarta.inject.Inject; import jakarta.ws.rs.Consumes; import jakarta.ws.rs.POST; @@ -19,6 +20,7 @@ public class UMA2RelyingPartyResource extends BaseResource { RpGetGetClaimsGatheringUrlOperation rpGetGetClaimsGatheringUrlOp; @POST + @ProtectedApi @Path("/uma-rp-get-rpt") @Produces(MediaType.APPLICATION_JSON) @Consumes(MediaType.APPLICATION_JSON) @@ -28,6 +30,7 @@ public Response umaRpGetRpt(String params) { } @POST + @ProtectedApi @Path("/uma-rp-get-claims-gathering-url") @Produces(MediaType.APPLICATION_JSON) @Consumes(MediaType.APPLICATION_JSON) diff --git a/jans-client-api/server/src/main/java/io/jans/ca/server/rest/UMA2ResourceServerResource.java b/jans-client-api/server/src/main/java/io/jans/ca/server/rest/UMA2ResourceServerResource.java index 286445e42ce..2662c4c5b12 100644 --- a/jans-client-api/server/src/main/java/io/jans/ca/server/rest/UMA2ResourceServerResource.java +++ b/jans-client-api/server/src/main/java/io/jans/ca/server/rest/UMA2ResourceServerResource.java @@ -4,6 +4,7 @@ import io.jans.ca.server.op.RsCheckAccessOperation; import io.jans.ca.server.op.RsModifyOperation; import io.jans.ca.server.op.RsProtectOperation; +import io.jans.configapi.core.rest.ProtectedApi; import jakarta.inject.Inject; import jakarta.ws.rs.Consumes; import jakarta.ws.rs.POST; @@ -25,6 +26,7 @@ public class UMA2ResourceServerResource extends BaseResource { RsCheckAccessOperation rsCheckAccessOp; @POST + @ProtectedApi @Path("/uma-rs-protect") @Produces(MediaType.APPLICATION_JSON) @Consumes(MediaType.APPLICATION_JSON) @@ -34,6 +36,7 @@ public Response umaRsProtect(String params) { } @POST + @ProtectedApi @Path("/uma-rs-check-access") @Produces(MediaType.APPLICATION_JSON) @Consumes(MediaType.APPLICATION_JSON) @@ -43,6 +46,7 @@ public Response umaRsCheckAccess(String params) { } @POST + @ProtectedApi @Path("/introspect-rpt") @Produces(MediaType.APPLICATION_JSON) @Consumes(MediaType.APPLICATION_JSON) @@ -52,6 +56,7 @@ public Response introspectRpt(String params) { } @POST + @ProtectedApi @Path("/uma-rs-modify") @Produces(MediaType.APPLICATION_JSON) @Consumes(MediaType.APPLICATION_JSON) diff --git a/jans-client-api/server/src/main/java/io/jans/ca/server/security/service/AuthorizationRpIdParam.java b/jans-client-api/server/src/main/java/io/jans/ca/server/security/service/AuthorizationRpIdParam.java new file mode 100644 index 00000000000..0066a1e0385 --- /dev/null +++ b/jans-client-api/server/src/main/java/io/jans/ca/server/security/service/AuthorizationRpIdParam.java @@ -0,0 +1,13 @@ +package io.jans.ca.server.security.service; + +public class AuthorizationRpIdParam { + private String rpId; + + public String getRpId() { + return rpId; + } + + public void setRpId(String rpId) { + this.rpId = rpId; + } +} diff --git a/jans-client-api/server/src/main/java/io/jans/ca/server/security/service/AuthorizationService.java b/jans-client-api/server/src/main/java/io/jans/ca/server/security/service/AuthorizationService.java new file mode 100644 index 00000000000..71a20c6409b --- /dev/null +++ b/jans-client-api/server/src/main/java/io/jans/ca/server/security/service/AuthorizationService.java @@ -0,0 +1,34 @@ +/* + * Janssen Project software is available under the MIT License (2008). See http://opensource.org/licenses/MIT for full text. + * + * Copyright (c) 2020, Janssen Project + */ + +package io.jans.ca.server.security.service; + +import jakarta.inject.Inject; +import jakarta.ws.rs.core.Response; +import org.apache.commons.collections4.CollectionUtils; +import org.slf4j.Logger; + +import java.io.Serializable; +import java.util.List; + +public abstract class AuthorizationService implements Serializable { + + private static final long serialVersionUID = 4012335221233316230L; + + @Inject + transient Logger log; + + public abstract String processAuthorization(String path, String method, String remoteAddress, + String authorization, String authorizationRpId) throws Exception; + + protected Response getErrorResponse(Response.Status status, String detail) { + return Response.status(status).entity(detail).build(); + } + + public boolean isEqualCollection(List list1, List list2) { + return CollectionUtils.isEqualCollection(list1, list2); + } +} diff --git a/jans-client-api/server/src/main/java/io/jans/ca/server/security/service/ClientApiAuthorizationService.java b/jans-client-api/server/src/main/java/io/jans/ca/server/security/service/ClientApiAuthorizationService.java new file mode 100644 index 00000000000..58718351f13 --- /dev/null +++ b/jans-client-api/server/src/main/java/io/jans/ca/server/security/service/ClientApiAuthorizationService.java @@ -0,0 +1,147 @@ +/* + * Janssen Project software is available under the MIT License (2008). See http://opensource.org/licenses/MIT for full text. + * + * Copyright (c) 2020, Janssen Project + */ + +package io.jans.ca.server.security.service; + +import io.jans.as.model.util.StringUtils; +import io.jans.as.model.util.Util; +import io.jans.ca.common.ErrorResponseCode; +import io.jans.ca.server.HttpException; +import io.jans.ca.server.configuration.ApiAppConfiguration; +import io.jans.ca.server.configuration.model.Rp; +import io.jans.ca.server.persistence.service.MainPersistenceService; +import io.jans.ca.server.service.RpSyncService; +import io.jans.ca.server.service.ValidationService; +import jakarta.annotation.Priority; +import jakarta.enterprise.context.ApplicationScoped; +import jakarta.enterprise.inject.Alternative; +import jakarta.inject.Inject; +import jakarta.inject.Named; +import jakarta.servlet.http.HttpServletRequest; +import jakarta.servlet.http.HttpServletResponse; +import jakarta.ws.rs.core.Context; +import org.slf4j.Logger; + +import java.io.Serializable; +import java.util.List; + +@ApplicationScoped +@Named("clientApiAuthorizationService") +@Alternative +@Priority(1) +public class ClientApiAuthorizationService extends AuthorizationService implements Serializable { + + private static final long serialVersionUID = 1L; + private static final String AUTHENTICATION_SCHEME = "Bearer "; + private static final String LOCALHOST_IP_ADDRESS = "127.0.0.1"; + + @Inject + transient Logger LOG; + + @Context + transient HttpServletRequest request; + + @Context + transient HttpServletResponse response; + + @Inject + ValidationService validationService; + @Inject + RpSyncService rpSyncService; + + @Inject + MainPersistenceService jansConfigurationService; + + public String processAuthorization(String path, String method, String remoteAddress, + String authorization, String authorizationRpId) throws Exception { + LOG.debug("oAuth Authorization parameters , path:{}, method:{}, authorization: {}, authorizationRpId: {} ", + path, method, authorization, authorizationRpId); + + final ApiAppConfiguration conf = jansConfigurationService.find(); + validateIpAddressAllowed(remoteAddress); + + validateAuthorizationRpId(conf, authorizationRpId); + validateAccessToken(authorization, authorizationRpId); + + return "AUTHORIZATION SUCCESS"; + } + + private void validateAuthorizationRpId(ApiAppConfiguration conf, String authorizationRpId) { + + if (Util.isNullOrEmpty(authorizationRpId)) { + return; + } + + final Rp rp = rpSyncService.getRp(authorizationRpId); + + if (rp == null || Util.isNullOrEmpty(rp.getRpId())) { + LOG.debug("`rp_id` in `AuthorizationRpId` header is not registered in jans_client_api."); + throw new HttpException(ErrorResponseCode.AUTHORIZATION_RP_ID_NOT_FOUND); + } + + if (conf.getProtectCommandsWithRpId() == null || conf.getProtectCommandsWithRpId().isEmpty()) { + return; + } + + if (!conf.getProtectCommandsWithRpId().contains(authorizationRpId)) { + LOG.debug("`rp_id` in `AuthorizationRpId` header is invalid. The `AuthorizationRpId` header should contain `rp_id` from `protect_commands_with_rp_id` field in client-api-server.yml."); + throw new HttpException(ErrorResponseCode.INVALID_AUTHORIZATION_RP_ID); + } + } + + private void validateAccessToken(String authorization, String authorizationRpId) { + final String prefix = AUTHENTICATION_SCHEME; + final ApiAppConfiguration conf = jansConfigurationService.find(); + + if (conf.getProtectCommandsWithAccessToken() != null && !conf.getProtectCommandsWithAccessToken()) { + LOG.debug("Skip protection because protect_commands_with_access_token: false in configuration file."); + return; + } + + if (Util.isNullOrEmpty(authorization)) { + LOG.debug("No access token provided in Authorization header. Forbidden."); + throw new HttpException(ErrorResponseCode.BLANK_ACCESS_TOKEN); + } + + String accessToken = authorization.substring(prefix.length()); + if (Util.isNullOrEmpty(accessToken)) { + LOG.debug("No access token provided in Authorization header. Forbidden."); + throw new HttpException(ErrorResponseCode.BLANK_ACCESS_TOKEN); + } + if (!Util.isNullOrEmpty(authorizationRpId)) { + validationService.validateAccessToken(accessToken, authorizationRpId); + } else { + LOG.warn("No RpId provided in AuthorizationRpId header. Forbidden."); + } + } + + private void validateIpAddressAllowed(String callerIpAddress) { + LOG.trace("Checking if caller ipAddress : {} is allowed to make request to jans_client_api.", callerIpAddress); + final ApiAppConfiguration conf = jansConfigurationService.find(); + List bindIpAddresses = conf.getBindIpAddresses(); + + //localhost as default bindAddress + if ((bindIpAddresses == null || bindIpAddresses.isEmpty()) && LOCALHOST_IP_ADDRESS.equalsIgnoreCase(callerIpAddress)) { + return; + } + //show error if ip_address of a remote caller is not set in `bind_ip_addresses` + if (bindIpAddresses == null || bindIpAddresses.isEmpty()) { + LOG.error("The caller is not allowed to make request to jans_client_api. To allow add ip_address of caller in `bind_ip_addresses` array of configuration."); + throw new HttpException(ErrorResponseCode.RP_ACCESS_DENIED); + } + //allow all ip_address + if (bindIpAddresses.contains("*")) { + return; + } + + if (bindIpAddresses.contains(callerIpAddress)) { + return; + } + LOG.error("The caller is not allowed to make request to jans_client_api. To allow add ip_address of caller in `bind_ip_addresses` array of configuration."); + throw new HttpException(ErrorResponseCode.RP_ACCESS_DENIED); + } + +} \ No newline at end of file diff --git a/jans-client-api/server/src/main/resources/META-INF/services/jakarta.ws.rs.ext.Providers b/jans-client-api/server/src/main/resources/META-INF/services/jakarta.ws.rs.ext.Providers index 139597f9cb0..4cc92f1a8fa 100644 --- a/jans-client-api/server/src/main/resources/META-INF/services/jakarta.ws.rs.ext.Providers +++ b/jans-client-api/server/src/main/resources/META-INF/services/jakarta.ws.rs.ext.Providers @@ -1,2 +1 @@ - - +io.jans.ca.server.filter.AuthorizationFilter \ No newline at end of file From 776fe1f436041447bec9c939c195a69866169039 Mon Sep 17 00:00:00 2001 From: jmunozherbas Date: Fri, 8 Jul 2022 01:17:25 -0400 Subject: [PATCH 06/10] fix(jans-client-api):remove unused comments AppInitializer --- .../java/io/jans/ca/server/configuration/AppInitializer.java | 2 -- 1 file changed, 2 deletions(-) diff --git a/jans-client-api/server/src/main/java/io/jans/ca/server/configuration/AppInitializer.java b/jans-client-api/server/src/main/java/io/jans/ca/server/configuration/AppInitializer.java index 456e51df03b..dd6078aa42c 100644 --- a/jans-client-api/server/src/main/java/io/jans/ca/server/configuration/AppInitializer.java +++ b/jans-client-api/server/src/main/java/io/jans/ca/server/configuration/AppInitializer.java @@ -100,8 +100,6 @@ public void onStart(@Observes @Initialized(ApplicationScoped.class) Object init) RegisterBuiltin.register(instance); instance.registerProvider(ResteasyJackson2Provider.class); -// SecurityProviderUtility.installBCProvider(); - // configuration configurationFactory.create(); persistenceEntryManagerInstance.get(); From a41362048bca0732060f36b3c5f8702415be306d Mon Sep 17 00:00:00 2001 From: jmunozherbas Date: Fri, 8 Jul 2022 03:56:21 -0400 Subject: [PATCH 07/10] feat(jans-client-api):include ProtectedApi annotation into jans-client-api --- .../io/jans/ca/common/rest/ProtectedApi.java | 23 +++++++++++++++++++ .../ca/server/filter/AuthorizationFilter.java | 2 +- .../jans/ca/server/rest/OAuth20Resource.java | 2 +- .../ca/server/rest/OpenIdConnectResource.java | 2 +- .../io/jans/ca/server/rest/RpResource.java | 2 +- .../server/rest/UMA2RelyingPartyResource.java | 2 +- .../rest/UMA2ResourceServerResource.java | 2 +- 7 files changed, 29 insertions(+), 6 deletions(-) create mode 100644 jans-client-api/common/src/main/java/io/jans/ca/common/rest/ProtectedApi.java diff --git a/jans-client-api/common/src/main/java/io/jans/ca/common/rest/ProtectedApi.java b/jans-client-api/common/src/main/java/io/jans/ca/common/rest/ProtectedApi.java new file mode 100644 index 00000000000..5be4398b167 --- /dev/null +++ b/jans-client-api/common/src/main/java/io/jans/ca/common/rest/ProtectedApi.java @@ -0,0 +1,23 @@ +/* + * Janssen Project software is available under the MIT License (2008). See http://opensource.org/licenses/MIT for full text. + * + * Copyright (c) 2020, Janssen Project + */ + +package io.jans.ca.common.rest; + +import jakarta.ws.rs.NameBinding; + +import java.lang.annotation.ElementType; +import java.lang.annotation.Retention; +import java.lang.annotation.RetentionPolicy; +import java.lang.annotation.Target; + +@NameBinding +@Retention(RetentionPolicy.RUNTIME) +@Target({ ElementType.TYPE, ElementType.METHOD }) +public @interface ProtectedApi { + + String[] scopes() default {}; + +} diff --git a/jans-client-api/server/src/main/java/io/jans/ca/server/filter/AuthorizationFilter.java b/jans-client-api/server/src/main/java/io/jans/ca/server/filter/AuthorizationFilter.java index 16978e82a47..1a036e463ad 100644 --- a/jans-client-api/server/src/main/java/io/jans/ca/server/filter/AuthorizationFilter.java +++ b/jans-client-api/server/src/main/java/io/jans/ca/server/filter/AuthorizationFilter.java @@ -7,7 +7,7 @@ package io.jans.ca.server.filter; import io.jans.ca.server.security.service.AuthorizationService; -import io.jans.configapi.core.rest.ProtectedApi; +import io.jans.ca.common.rest.ProtectedApi; import jakarta.annotation.Priority; import jakarta.inject.Inject; import jakarta.servlet.http.HttpServletRequest; diff --git a/jans-client-api/server/src/main/java/io/jans/ca/server/rest/OAuth20Resource.java b/jans-client-api/server/src/main/java/io/jans/ca/server/rest/OAuth20Resource.java index 8488362f778..6f472fd77e0 100644 --- a/jans-client-api/server/src/main/java/io/jans/ca/server/rest/OAuth20Resource.java +++ b/jans-client-api/server/src/main/java/io/jans/ca/server/rest/OAuth20Resource.java @@ -1,7 +1,7 @@ package io.jans.ca.server.rest; import io.jans.ca.server.op.*; -import io.jans.configapi.core.rest.ProtectedApi; +import io.jans.ca.common.rest.ProtectedApi; import jakarta.inject.Inject; import jakarta.ws.rs.*; import jakarta.ws.rs.core.MediaType; diff --git a/jans-client-api/server/src/main/java/io/jans/ca/server/rest/OpenIdConnectResource.java b/jans-client-api/server/src/main/java/io/jans/ca/server/rest/OpenIdConnectResource.java index 90467580500..142a35d4a8b 100644 --- a/jans-client-api/server/src/main/java/io/jans/ca/server/rest/OpenIdConnectResource.java +++ b/jans-client-api/server/src/main/java/io/jans/ca/server/rest/OpenIdConnectResource.java @@ -9,7 +9,7 @@ import io.jans.ca.server.op.GetAuthorizationUrlOperation; import io.jans.ca.server.op.GetLogoutUrlOperation; import io.jans.ca.server.op.GetTokensByCodeOperation; -import io.jans.configapi.core.rest.ProtectedApi; +import io.jans.ca.common.rest.ProtectedApi; import jakarta.inject.Inject; import jakarta.ws.rs.*; import jakarta.ws.rs.core.MediaType; diff --git a/jans-client-api/server/src/main/java/io/jans/ca/server/rest/RpResource.java b/jans-client-api/server/src/main/java/io/jans/ca/server/rest/RpResource.java index abdd305bedf..c966d63cc45 100644 --- a/jans-client-api/server/src/main/java/io/jans/ca/server/rest/RpResource.java +++ b/jans-client-api/server/src/main/java/io/jans/ca/server/rest/RpResource.java @@ -2,7 +2,7 @@ import io.jans.ca.common.params.StringParam; import io.jans.ca.server.op.*; -import io.jans.configapi.core.rest.ProtectedApi; +import io.jans.ca.common.rest.ProtectedApi; import jakarta.inject.Inject; import jakarta.ws.rs.*; import jakarta.ws.rs.core.MediaType; diff --git a/jans-client-api/server/src/main/java/io/jans/ca/server/rest/UMA2RelyingPartyResource.java b/jans-client-api/server/src/main/java/io/jans/ca/server/rest/UMA2RelyingPartyResource.java index f0d4777ab51..1c1e9ebe397 100644 --- a/jans-client-api/server/src/main/java/io/jans/ca/server/rest/UMA2RelyingPartyResource.java +++ b/jans-client-api/server/src/main/java/io/jans/ca/server/rest/UMA2RelyingPartyResource.java @@ -2,7 +2,7 @@ import io.jans.ca.server.op.RpGetGetClaimsGatheringUrlOperation; import io.jans.ca.server.op.RpGetRptOperation; -import io.jans.configapi.core.rest.ProtectedApi; +import io.jans.ca.common.rest.ProtectedApi; import jakarta.inject.Inject; import jakarta.ws.rs.Consumes; import jakarta.ws.rs.POST; diff --git a/jans-client-api/server/src/main/java/io/jans/ca/server/rest/UMA2ResourceServerResource.java b/jans-client-api/server/src/main/java/io/jans/ca/server/rest/UMA2ResourceServerResource.java index 2662c4c5b12..989d7cffbe5 100644 --- a/jans-client-api/server/src/main/java/io/jans/ca/server/rest/UMA2ResourceServerResource.java +++ b/jans-client-api/server/src/main/java/io/jans/ca/server/rest/UMA2ResourceServerResource.java @@ -4,7 +4,7 @@ import io.jans.ca.server.op.RsCheckAccessOperation; import io.jans.ca.server.op.RsModifyOperation; import io.jans.ca.server.op.RsProtectOperation; -import io.jans.configapi.core.rest.ProtectedApi; +import io.jans.ca.common.rest.ProtectedApi; import jakarta.inject.Inject; import jakarta.ws.rs.Consumes; import jakarta.ws.rs.POST; From 80a1f0b265b467e2b393c95310405232c4b9f389 Mon Sep 17 00:00:00 2001 From: jmunozherbas Date: Fri, 8 Jul 2022 10:50:18 -0400 Subject: [PATCH 08/10] fix(jans-client-api):move validateIpAddressAllowed from AuthorizationFilter to BaseOperation to control IP in all cases --- .../io/jans/ca/server/op/BaseOperation.java | 32 +++++++++++++++++++ .../ClientApiAuthorizationService.java | 28 ---------------- 2 files changed, 32 insertions(+), 28 deletions(-) diff --git a/jans-client-api/server/src/main/java/io/jans/ca/server/op/BaseOperation.java b/jans-client-api/server/src/main/java/io/jans/ca/server/op/BaseOperation.java index c92eb677d98..eff12bfa82d 100644 --- a/jans-client-api/server/src/main/java/io/jans/ca/server/op/BaseOperation.java +++ b/jans-client-api/server/src/main/java/io/jans/ca/server/op/BaseOperation.java @@ -32,6 +32,7 @@ import org.slf4j.LoggerFactory; import java.io.IOException; +import java.util.List; @RequestScoped @Named @@ -39,6 +40,8 @@ public abstract class BaseOperation implements IOperation private static final Logger LOG = LoggerFactory.getLogger(BaseOperation.class); + private static final String LOCALHOST_IP_ADDRESS = "127.0.0.1"; + @Inject ValidationService validationService; @Inject @@ -54,6 +57,8 @@ public Response process(String paramsAsString, HttpServletRequest httpRequest) { LOG.info("Request parameters: {}", paramsAsString); LOG.info("CommandType: {}", getCommandType()); + validateIpAddressAllowed(httpRequest.getRemoteAddr()); + Object forJsonConversion = getObjectForJsonConversion(paramsAsString, getParameterClass(), httpRequest); String response = null; @@ -156,6 +161,33 @@ private void validateAccessToken(String authorization, String authorizationRpId, validationService.validateAccessToken(accessToken, authorizationRpId); } + + private void validateIpAddressAllowed(String callerIpAddress) { + LOG.trace("Checking if caller ipAddress : {} is allowed to make request to jans_client_api.", callerIpAddress); + final ApiAppConfiguration conf = jansConfigurationService.find(); + List bindIpAddresses = conf.getBindIpAddresses(); + + //localhost as default bindAddress + if ((bindIpAddresses == null || bindIpAddresses.isEmpty()) && LOCALHOST_IP_ADDRESS.equalsIgnoreCase(callerIpAddress)) { + return; + } + //show error if ip_address of a remote caller is not set in `bind_ip_addresses` + if (bindIpAddresses == null || bindIpAddresses.isEmpty()) { + LOG.error("The caller is not allowed to make request to jans_client_api. To allow add ip_address of caller in `bind_ip_addresses` array of configuration."); + throw new HttpException(ErrorResponseCode.RP_ACCESS_DENIED); + } + //allow all ip_address + if (bindIpAddresses.contains("*")) { + return; + } + + if (bindIpAddresses.contains(callerIpAddress)) { + return; + } + LOG.error("The caller is not allowed to make request to jans_client_api. To allow add ip_address of caller in `bind_ip_addresses` array of configuration."); + throw new HttpException(ErrorResponseCode.RP_ACCESS_DENIED); + } + public AuthCryptoProvider getCryptoProvider() throws Exception { ApiAppConfiguration conf = getJansConfigurationService().find(); return new AuthCryptoProvider(conf.getCryptProviderKeyStorePath(), conf.getCryptProviderKeyStorePassword(), conf.getCryptProviderDnName()); diff --git a/jans-client-api/server/src/main/java/io/jans/ca/server/security/service/ClientApiAuthorizationService.java b/jans-client-api/server/src/main/java/io/jans/ca/server/security/service/ClientApiAuthorizationService.java index 58718351f13..8cf767783e8 100644 --- a/jans-client-api/server/src/main/java/io/jans/ca/server/security/service/ClientApiAuthorizationService.java +++ b/jans-client-api/server/src/main/java/io/jans/ca/server/security/service/ClientApiAuthorizationService.java @@ -36,7 +36,6 @@ public class ClientApiAuthorizationService extends AuthorizationService implemen private static final long serialVersionUID = 1L; private static final String AUTHENTICATION_SCHEME = "Bearer "; - private static final String LOCALHOST_IP_ADDRESS = "127.0.0.1"; @Inject transient Logger LOG; @@ -61,7 +60,6 @@ public String processAuthorization(String path, String method, String remoteAddr path, method, authorization, authorizationRpId); final ApiAppConfiguration conf = jansConfigurationService.find(); - validateIpAddressAllowed(remoteAddress); validateAuthorizationRpId(conf, authorizationRpId); validateAccessToken(authorization, authorizationRpId); @@ -118,30 +116,4 @@ private void validateAccessToken(String authorization, String authorizationRpId) } } - private void validateIpAddressAllowed(String callerIpAddress) { - LOG.trace("Checking if caller ipAddress : {} is allowed to make request to jans_client_api.", callerIpAddress); - final ApiAppConfiguration conf = jansConfigurationService.find(); - List bindIpAddresses = conf.getBindIpAddresses(); - - //localhost as default bindAddress - if ((bindIpAddresses == null || bindIpAddresses.isEmpty()) && LOCALHOST_IP_ADDRESS.equalsIgnoreCase(callerIpAddress)) { - return; - } - //show error if ip_address of a remote caller is not set in `bind_ip_addresses` - if (bindIpAddresses == null || bindIpAddresses.isEmpty()) { - LOG.error("The caller is not allowed to make request to jans_client_api. To allow add ip_address of caller in `bind_ip_addresses` array of configuration."); - throw new HttpException(ErrorResponseCode.RP_ACCESS_DENIED); - } - //allow all ip_address - if (bindIpAddresses.contains("*")) { - return; - } - - if (bindIpAddresses.contains(callerIpAddress)) { - return; - } - LOG.error("The caller is not allowed to make request to jans_client_api. To allow add ip_address of caller in `bind_ip_addresses` array of configuration."); - throw new HttpException(ErrorResponseCode.RP_ACCESS_DENIED); - } - } \ No newline at end of file From 950e04246054901fbbf5cd00634221e15ad4a2c5 Mon Sep 17 00:00:00 2001 From: jmunozherbas Date: Tue, 12 Jul 2022 03:07:45 -0400 Subject: [PATCH 09/10] feat(jans-client-api):remove Command and CommandType --- .../main/java/io/jans/ca/common/Command.java | 84 ----------------- .../java/io/jans/ca/common/CommandType.java | 92 ------------------- .../test/java/io/jans/ca/common/JsonTest.java | 51 ---------- .../op/AuthorizationCodeFlowOperation.java | 11 ++- .../io/jans/ca/server/op/BaseOperation.java | 21 +++-- .../server/op/CheckAccessTokenOperation.java | 11 ++- .../ca/server/op/CheckIdTokenOperation.java | 12 ++- ...GetAccessTokenByRefreshTokenOperation.java | 11 ++- .../op/GetAuthorizationCodeOperation.java | 11 ++- .../op/GetAuthorizationUrlOperation.java | 12 ++- .../ca/server/op/GetClientTokenOperation.java | 11 ++- .../ca/server/op/GetDiscoveryOperation.java | 11 ++- .../jans/ca/server/op/GetIssuerOperation.java | 12 ++- .../jans/ca/server/op/GetJwksOperation.java | 12 ++- .../ca/server/op/GetLogoutUrlOperation.java | 11 ++- .../server/op/GetRequestObjectOperation.java | 12 ++- .../op/GetRequestObjectUriOperation.java | 12 ++- .../jans/ca/server/op/GetRpJwksOperation.java | 12 ++- .../io/jans/ca/server/op/GetRpOperation.java | 12 ++- .../server/op/GetTokensByCodeOperation.java | 14 ++- .../ca/server/op/GetUserInfoOperation.java | 12 ++- .../java/io/jans/ca/server/op/IOperation.java | 5 +- .../ca/server/op/ImplicitFlowOperation.java | 12 ++- .../op/IntrospectAccessTokenOperation.java | 12 ++- .../ca/server/op/IntrospectRptOperation.java | 12 ++- .../ca/server/op/RegisterSiteOperation.java | 11 ++- .../ca/server/op/RemoveSiteOperation.java | 12 ++- .../RpGetGetClaimsGatheringUrlOperation.java | 11 ++- .../jans/ca/server/op/RpGetRptOperation.java | 14 +-- .../ca/server/op/RsCheckAccessOperation.java | 14 ++- .../jans/ca/server/op/RsModifyOperation.java | 10 +- .../jans/ca/server/op/RsProtectOperation.java | 12 ++- .../ca/server/op/UpdateSiteOperation.java | 11 ++- .../jans/ca/server/op/ValidateOperation.java | 13 ++- .../ca/server/rest/OpenIdConnectResource.java | 5 - .../io/jans/ca/server/utils/Convertor.java | 10 +- .../jans/ca/server/manual/NotAllowedTest.java | 5 - 37 files changed, 272 insertions(+), 344 deletions(-) delete mode 100644 jans-client-api/common/src/main/java/io/jans/ca/common/Command.java delete mode 100644 jans-client-api/common/src/main/java/io/jans/ca/common/CommandType.java delete mode 100644 jans-client-api/common/src/test/java/io/jans/ca/common/JsonTest.java diff --git a/jans-client-api/common/src/main/java/io/jans/ca/common/Command.java b/jans-client-api/common/src/main/java/io/jans/ca/common/Command.java deleted file mode 100644 index aac3f342610..00000000000 --- a/jans-client-api/common/src/main/java/io/jans/ca/common/Command.java +++ /dev/null @@ -1,84 +0,0 @@ -/** - * All rights reserved -- Copyright 2015 Gluu Inc. - */ -package io.jans.ca.common; - -import com.fasterxml.jackson.annotation.JsonProperty; -import com.fasterxml.jackson.annotation.JsonPropertyOrder; -import com.fasterxml.jackson.databind.JsonNode; -import com.fasterxml.jackson.databind.node.JsonNodeFactory; -import io.jans.ca.common.params.IParams; - -import java.io.Serializable; - -/** - * @author Yuriy Zabrovarnyy - * @version 0.9, 09/08/2013 - */ -@JsonPropertyOrder({"command", "params"}) -public class Command implements Serializable { - - @JsonProperty(value = "command") - private CommandType commandType; - @JsonProperty(value = "params") - private JsonNode params; - - public Command() { - } - - public Command(CommandType p_command) { - commandType = p_command; - } - - public Command(CommandType commandType, JsonNode params) { - this.commandType = commandType; - this.params = params; - } - - public Command(CommandType commandType, IParams params) { - this.commandType = commandType; - this.params = JsonNodeFactory.instance.pojoNode(params); - } - - public CommandType getCommandType() { - return commandType; - } - - public Command setCommandType(CommandType p_commandType) { - commandType = p_commandType; - return this; - } - - public JsonNode getParams() { - return params; - } - - public Command setParams(JsonNode p_params) { - params = p_params; - return this; - } - - public Command setParamsObject(IParams p_params) { - params = JsonNodeFactory.instance.pojoNode(p_params); - return this; - } - - public String paramsAsString() { - return params != null ? params.toString() : ""; - } - - /** - * Returns string representation of object - * - * @return string representation of object - */ - @Override - public String toString() { - final StringBuilder sb = new StringBuilder(); - sb.append("Command"); - sb.append("{command=").append(commandType); - sb.append(", params=").append(params); - sb.append('}'); - return sb.toString(); - } -} diff --git a/jans-client-api/common/src/main/java/io/jans/ca/common/CommandType.java b/jans-client-api/common/src/main/java/io/jans/ca/common/CommandType.java deleted file mode 100644 index f5f3e958854..00000000000 --- a/jans-client-api/common/src/main/java/io/jans/ca/common/CommandType.java +++ /dev/null @@ -1,92 +0,0 @@ -/** - * All rights reserved -- Copyright 2015 Gluu Inc. - */ -package io.jans.ca.common; - -import com.fasterxml.jackson.annotation.JsonCreator; -import com.fasterxml.jackson.annotation.JsonIgnore; -import com.fasterxml.jackson.annotation.JsonValue; -import org.apache.commons.lang.StringUtils; - -import jakarta.ws.rs.core.MediaType; - -/** - * @author Yuriy Zabrovarnyy - */ - -public enum CommandType { - - // Register - REGISTER_SITE("register_site", false, MediaType.APPLICATION_JSON), - UPDATE_SITE("update_site", false, MediaType.APPLICATION_JSON), - REMOVE_SITE("remove_site", false, MediaType.APPLICATION_JSON), - - // Connect (stateful) - GET_AUTHORIZATION_URL("get_authorization_url", true, MediaType.APPLICATION_JSON), - GET_AUTHORIZATION_CODE("get_authorization_code", true, MediaType.APPLICATION_JSON), - GET_TOKENS_BY_CODE("get_tokens_by_code", true, MediaType.APPLICATION_JSON), - GET_USER_INFO("get_user_info", true, MediaType.APPLICATION_JSON), - GET_LOGOUT_URI("get_logout_uri", true, MediaType.APPLICATION_JSON), - GET_ACCESS_TOKEN_BY_REFRESH_TOKEN("get_access_token_by_refresh_token", true, MediaType.APPLICATION_JSON), - INTROSPECT_ACCESS_TOKEN("introspect_access_token", true, MediaType.APPLICATION_JSON), - - VALIDATE("validate", true, MediaType.APPLICATION_JSON), - CHECK_ID_TOKEN("id_token_status", true, MediaType.APPLICATION_JSON), - CHECK_ACCESS_TOKEN("access_token_status", true, MediaType.APPLICATION_JSON), - - // UMA - RS_PROTECT("uma_rs_protect", true, MediaType.APPLICATION_JSON), - RS_MODIFY("uma_rs_modify", true, MediaType.APPLICATION_JSON), - RS_CHECK_ACCESS("uma_rs_check_access", true, MediaType.APPLICATION_JSON), - INTROSPECT_RPT("introspect_rpt", true, MediaType.APPLICATION_JSON), - RP_GET_RPT("uma_rp_get_rpt", true, MediaType.APPLICATION_JSON), - RP_GET_CLAIMS_GATHERING_URL("uma_rp_get_claims_gathering_url", true, MediaType.APPLICATION_JSON), - - // stateless - AUTHORIZATION_CODE_FLOW("authorization_code_flow", true, MediaType.APPLICATION_JSON), - IMPLICIT_FLOW("implicit_flow", true, MediaType.APPLICATION_JSON), - GET_CLIENT_TOKEN("get_client_token", false, MediaType.APPLICATION_JSON), - GET_RP("get_rp", false, MediaType.APPLICATION_JSON), - GET_JWKS("get_jwks", false, MediaType.APPLICATION_JSON), - GET_DISCOVERY("get_discovery", false, MediaType.APPLICATION_JSON), - ISSUER_DISCOVERY("issuer_discovery", false, MediaType.APPLICATION_JSON), - GET_RP_JWKS("get_rp_jwks", false, MediaType.APPLICATION_JSON), - GET_REQUEST_OBJECT_JWT("get_request_object_jwt", false, MediaType.TEXT_PLAIN), - GET_REQUEST_URI("get_request_uri", true, MediaType.APPLICATION_JSON); - - private final String value; - private final boolean authorizationRequired; - private final String returnType; - - CommandType(String value, boolean authorizationRequired, String returnType) { - this.value = value; - this.authorizationRequired = authorizationRequired; - this.returnType = returnType; - } - - @JsonIgnore - public boolean isAuthorizationRequired() { - return authorizationRequired; - } - - @JsonValue - public String getValue() { - return value; - } - - public String getReturnType() { - return returnType; - } - - @JsonCreator - public static CommandType fromValue(String v) { - if (StringUtils.isNotBlank(v)) { - for (CommandType t : values()) { - if (t.getValue().equalsIgnoreCase(v)) { - return t; - } - } - } - return null; - } -} diff --git a/jans-client-api/common/src/test/java/io/jans/ca/common/JsonTest.java b/jans-client-api/common/src/test/java/io/jans/ca/common/JsonTest.java deleted file mode 100644 index 75e98f2738c..00000000000 --- a/jans-client-api/common/src/test/java/io/jans/ca/common/JsonTest.java +++ /dev/null @@ -1,51 +0,0 @@ -/* - * All rights reserved -- Copyright 2015 Gluu Inc. - */ -package io.jans.ca.common; - -import com.fasterxml.jackson.databind.node.JsonNodeFactory; -import org.testng.Assert; -import org.apache.commons.lang.StringUtils; -import org.testng.annotations.Test; - -import java.io.IOException; - -/** - * @author Yuriy Zabrovarnyy - * @version 0.9, 09/08/2013 - */ - -public class JsonTest { - - @Test - public void testCommandType() throws IOException { - final String json = Jackson2.asJson(CommandType.GET_AUTHORIZATION_URL); - Assert.assertEquals(json, "\"obtain_pat\""); - final CommandType obtainPat = Jackson2.createJsonMapper().readValue(json, CommandType.class); - Assert.assertNotNull(obtainPat); - } - - @Test - public void testCommand() throws IOException { - Command c = new Command(); - c.setCommandType(CommandType.GET_USER_INFO); - c.setParams(JsonNodeFactory.instance.textNode("myParams")); - - final String cJson = Jackson2.asJson(c); - Assert.assertTrue(StringUtils.isNotBlank(cJson)); - - final String json = "{\"command\":\"register_client\",\"params\": {\"discovery_url\":\"\",\n" + - " \"redirect_url\":\"\",\n" + - " \"client_name\":\"\"\n" + - " }\n" + - "}"; - final Command command = Jackson2.createJsonMapper().readValue(json, Command.class); - Assert.assertNotNull(command); - } - - @Test - public void testErrorResponseJson() throws IOException { - final String json = Jackson2.asJson(new ErrorResponse(ErrorResponseCode.INTERNAL_ERROR_UNKNOWN)); - Assert.assertTrue(StringUtils.isNotBlank(json)); - } -} diff --git a/jans-client-api/server/src/main/java/io/jans/ca/server/op/AuthorizationCodeFlowOperation.java b/jans-client-api/server/src/main/java/io/jans/ca/server/op/AuthorizationCodeFlowOperation.java index 8ce973e7277..f7eb30b8430 100644 --- a/jans-client-api/server/src/main/java/io/jans/ca/server/op/AuthorizationCodeFlowOperation.java +++ b/jans-client-api/server/src/main/java/io/jans/ca/server/op/AuthorizationCodeFlowOperation.java @@ -10,13 +10,13 @@ import io.jans.as.model.common.Prompt; import io.jans.as.model.common.ResponseType; import io.jans.as.model.util.Util; -import io.jans.ca.common.CommandType; import io.jans.ca.common.params.AuthorizationCodeFlowParams; import io.jans.ca.common.response.AuthorizationCodeFlowResponse; import io.jans.ca.common.response.IOpResponse; import io.jans.ca.server.service.DiscoveryService; import jakarta.inject.Inject; import jakarta.servlet.http.HttpServletRequest; +import jakarta.ws.rs.core.MediaType; import org.apache.commons.lang.StringUtils; import org.slf4j.Logger; import org.slf4j.LoggerFactory; @@ -53,8 +53,13 @@ public Class getParameterClass() { } @Override - public CommandType getCommandType() { - return CommandType.AUTHORIZATION_CODE_FLOW; + public boolean isAuthorizationRequired() { + return true; + } + + @Override + public String getReturnType() { + return MediaType.APPLICATION_JSON; } private AuthorizationCodeFlowResponse requestToken(OpenIdConfigurationResponse discovery, AuthorizationCodeFlowParams params) { diff --git a/jans-client-api/server/src/main/java/io/jans/ca/server/op/BaseOperation.java b/jans-client-api/server/src/main/java/io/jans/ca/server/op/BaseOperation.java index eff12bfa82d..e44bc56fa6f 100644 --- a/jans-client-api/server/src/main/java/io/jans/ca/server/op/BaseOperation.java +++ b/jans-client-api/server/src/main/java/io/jans/ca/server/op/BaseOperation.java @@ -3,9 +3,10 @@ */ package io.jans.ca.server.op; +import com.fasterxml.jackson.databind.JsonNode; +import com.fasterxml.jackson.databind.node.JsonNodeFactory; import io.jans.as.model.crypto.AuthCryptoProvider; import io.jans.as.model.util.Util; -import io.jans.ca.common.Command; import io.jans.ca.common.ErrorResponseCode; import io.jans.ca.common.Jackson2; import io.jans.ca.common.params.HasRpIdParams; @@ -55,16 +56,15 @@ public Response process(String paramsAsString, HttpServletRequest httpRequest) { String endPointUrl = httpRequest.getRequestURL().toString(); LOG.info("Endpoint: {}", endPointUrl); LOG.info("Request parameters: {}", paramsAsString); - LOG.info("CommandType: {}", getCommandType()); validateIpAddressAllowed(httpRequest.getRemoteAddr()); Object forJsonConversion = getObjectForJsonConversion(paramsAsString, getParameterClass(), httpRequest); String response = null; - if (getCommandType().getReturnType().equalsIgnoreCase(MediaType.APPLICATION_JSON)) { + if (getReturnType().equalsIgnoreCase(MediaType.APPLICATION_JSON)) { response = Jackson2.asJsonSilently(forJsonConversion); - } else if (getCommandType().getReturnType().equalsIgnoreCase(MediaType.TEXT_PLAIN)) { + } else if (getReturnType().equalsIgnoreCase(MediaType.TEXT_PLAIN)) { response = forJsonConversion.toString(); } @@ -75,16 +75,17 @@ public Response process(String paramsAsString, HttpServletRequest httpRequest) { private Object getObjectForJsonConversion(String paramsAsString, Class paramsClass, HttpServletRequest httpRequest) { LOG.trace("Command: {}", paramsAsString); T params = read(safeToJson(paramsAsString), paramsClass); - Command command = new Command(getCommandType(), params); - if (getCommandType().isAuthorizationRequired()) { + if (isAuthorizationRequired()) { final ApiAppConfiguration conf = jansConfigurationService.find(); String authorization = httpRequest.getHeader("Authorization"); String authorizationRpId = httpRequest.getHeader("AuthorizationRpId"); validateAccessToken(authorization, safeToRpId((HasRpIdParams) params, authorizationRpId), conf); } - final IOpResponse response = internProcess(command, httpRequest); + JsonNode jsonNodeParams = JsonNodeFactory.instance.pojoNode(params); + + final IOpResponse response = internProcess(jsonNodeParams, httpRequest); Object forJsonConversion = response; if (response instanceof POJOResponse) { forJsonConversion = ((POJOResponse) response).getNode(); @@ -92,16 +93,16 @@ private Object getObjectForJsonConversion(String paramsAsStr return forJsonConversion; } - private IOpResponse internProcess(Command command, HttpServletRequest httpRequest) { + private IOpResponse internProcess(JsonNode jsonNodeParams, HttpServletRequest httpRequest) { try { - IParams iParams = Convertor.asParams(getParameterClass(), command); + IParams iParams = Convertor.asParams(getParameterClass(), jsonNodeParams); validationService.validate(iParams); IOpResponse operationResponse = execute((T) iParams, httpRequest); if (operationResponse != null) { return operationResponse; } else { - LOG.error("No response from operation. Command: {}", getCommandType().getValue()); + LOG.error("No response from operation. Endpoint: {}", httpRequest.getRequestURL().toString()); } } catch (ClientErrorException e) { throw new WebApplicationException(e.getResponse().readEntity(String.class), e.getResponse().getStatus()); diff --git a/jans-client-api/server/src/main/java/io/jans/ca/server/op/CheckAccessTokenOperation.java b/jans-client-api/server/src/main/java/io/jans/ca/server/op/CheckAccessTokenOperation.java index 6ad069ce05e..19fd2f69096 100644 --- a/jans-client-api/server/src/main/java/io/jans/ca/server/op/CheckAccessTokenOperation.java +++ b/jans-client-api/server/src/main/java/io/jans/ca/server/op/CheckAccessTokenOperation.java @@ -11,13 +11,13 @@ import io.jans.as.model.jwt.Jwt; import io.jans.as.model.jwt.JwtClaimName; import io.jans.as.model.jwt.JwtHeaderName; -import io.jans.ca.common.CommandType; import io.jans.ca.common.params.CheckAccessTokenParams; import io.jans.ca.common.response.CheckAccessTokenResponse; import io.jans.ca.common.response.IOpResponse; import io.jans.ca.server.service.DiscoveryService; import jakarta.inject.Inject; import jakarta.servlet.http.HttpServletRequest; +import jakarta.ws.rs.core.MediaType; import org.slf4j.Logger; import org.slf4j.LoggerFactory; @@ -59,8 +59,13 @@ public Class getParameterClass() { } @Override - public CommandType getCommandType() { - return CommandType.CHECK_ACCESS_TOKEN; + public boolean isAuthorizationRequired() { + return true; + } + + @Override + public String getReturnType() { + return MediaType.APPLICATION_JSON; } private boolean isAccessTokenValid(String p_accessToken, Jwt jwt, OpenIdConfigurationResponse discoveryResponse) { diff --git a/jans-client-api/server/src/main/java/io/jans/ca/server/op/CheckIdTokenOperation.java b/jans-client-api/server/src/main/java/io/jans/ca/server/op/CheckIdTokenOperation.java index 1d661f0e70d..f44b009ec5f 100644 --- a/jans-client-api/server/src/main/java/io/jans/ca/server/op/CheckIdTokenOperation.java +++ b/jans-client-api/server/src/main/java/io/jans/ca/server/op/CheckIdTokenOperation.java @@ -4,7 +4,6 @@ import io.jans.as.model.common.ResponseType; import io.jans.as.model.jwt.Jwt; import io.jans.as.model.jwt.JwtClaimName; -import io.jans.ca.common.CommandType; import io.jans.ca.common.params.CheckIdTokenParams; import io.jans.ca.common.response.CheckIdTokenResponse; import io.jans.ca.common.response.IOpResponse; @@ -15,6 +14,7 @@ import io.jans.ca.server.service.PublicOpKeyService; import jakarta.inject.Inject; import jakarta.servlet.http.HttpServletRequest; +import jakarta.ws.rs.core.MediaType; import org.slf4j.Logger; import org.slf4j.LoggerFactory; @@ -84,7 +84,13 @@ public Class getParameterClass() { } @Override - public CommandType getCommandType() { - return CommandType.CHECK_ID_TOKEN; + public boolean isAuthorizationRequired() { + return true; } + + @Override + public String getReturnType() { + return MediaType.APPLICATION_JSON; + } + } diff --git a/jans-client-api/server/src/main/java/io/jans/ca/server/op/GetAccessTokenByRefreshTokenOperation.java b/jans-client-api/server/src/main/java/io/jans/ca/server/op/GetAccessTokenByRefreshTokenOperation.java index 6f84b644581..fac3727f641 100644 --- a/jans-client-api/server/src/main/java/io/jans/ca/server/op/GetAccessTokenByRefreshTokenOperation.java +++ b/jans-client-api/server/src/main/java/io/jans/ca/server/op/GetAccessTokenByRefreshTokenOperation.java @@ -5,7 +5,6 @@ import io.jans.as.client.TokenClient; import io.jans.as.client.TokenResponse; import io.jans.as.model.util.Util; -import io.jans.ca.common.CommandType; import io.jans.ca.common.ErrorResponseCode; import io.jans.ca.common.params.GetAccessTokenByRefreshTokenParams; import io.jans.ca.common.response.GetClientTokenResponse; @@ -18,6 +17,7 @@ import jakarta.inject.Inject; import jakarta.inject.Named; import jakarta.servlet.http.HttpServletRequest; +import jakarta.ws.rs.core.MediaType; import org.slf4j.Logger; import org.slf4j.LoggerFactory; @@ -71,8 +71,13 @@ public Class getParameterClass() { } @Override - public CommandType getCommandType() { - return CommandType.GET_ACCESS_TOKEN_BY_REFRESH_TOKEN; + public boolean isAuthorizationRequired() { + return true; + } + + @Override + public String getReturnType() { + return MediaType.APPLICATION_JSON; } private String scopeAsString(GetAccessTokenByRefreshTokenParams params) throws UnsupportedEncodingException { diff --git a/jans-client-api/server/src/main/java/io/jans/ca/server/op/GetAuthorizationCodeOperation.java b/jans-client-api/server/src/main/java/io/jans/ca/server/op/GetAuthorizationCodeOperation.java index 5009135c5c8..acd8083deeb 100644 --- a/jans-client-api/server/src/main/java/io/jans/ca/server/op/GetAuthorizationCodeOperation.java +++ b/jans-client-api/server/src/main/java/io/jans/ca/server/op/GetAuthorizationCodeOperation.java @@ -7,7 +7,6 @@ import io.jans.as.client.AuthorizeClient; import io.jans.as.model.common.Prompt; import io.jans.as.model.common.ResponseType; -import io.jans.ca.common.CommandType; import io.jans.ca.common.ErrorResponseCode; import io.jans.ca.common.params.GetAuthorizationCodeParams; import io.jans.ca.common.response.GetAuthorizationCodeResponse; @@ -20,6 +19,7 @@ import jakarta.inject.Inject; import jakarta.inject.Named; import jakarta.servlet.http.HttpServletRequest; +import jakarta.ws.rs.core.MediaType; import org.slf4j.Logger; import org.slf4j.LoggerFactory; @@ -78,8 +78,13 @@ public Class getParameterClass() { } @Override - public CommandType getCommandType() { - return CommandType.GET_AUTHORIZATION_CODE; + public boolean isAuthorizationRequired() { + return true; + } + + @Override + public String getReturnType() { + return MediaType.APPLICATION_JSON; } private List acrValues(GetAuthorizationCodeParams params, Rp rp) { diff --git a/jans-client-api/server/src/main/java/io/jans/ca/server/op/GetAuthorizationUrlOperation.java b/jans-client-api/server/src/main/java/io/jans/ca/server/op/GetAuthorizationUrlOperation.java index 46946860b1e..e4e06222ecc 100644 --- a/jans-client-api/server/src/main/java/io/jans/ca/server/op/GetAuthorizationUrlOperation.java +++ b/jans-client-api/server/src/main/java/io/jans/ca/server/op/GetAuthorizationUrlOperation.java @@ -4,7 +4,6 @@ import com.google.common.collect.Lists; import io.jans.as.model.authorize.AuthorizeRequestParam; import io.jans.as.model.util.Util; -import io.jans.ca.common.CommandType; import io.jans.ca.common.ErrorResponseCode; import io.jans.ca.common.ExpiredObjectType; import io.jans.ca.common.params.GetAuthorizationUrlParams; @@ -19,6 +18,7 @@ import jakarta.inject.Inject; import jakarta.inject.Named; import jakarta.servlet.http.HttpServletRequest; +import jakarta.ws.rs.core.MediaType; import org.apache.commons.lang.StringUtils; import org.slf4j.Logger; import org.slf4j.LoggerFactory; @@ -117,7 +117,13 @@ public Class getParameterClass() { } @Override - public CommandType getCommandType() { - return CommandType.GET_AUTHORIZATION_URL; + public boolean isAuthorizationRequired() { + return true; } + + @Override + public String getReturnType() { + return MediaType.APPLICATION_JSON; + } + } diff --git a/jans-client-api/server/src/main/java/io/jans/ca/server/op/GetClientTokenOperation.java b/jans-client-api/server/src/main/java/io/jans/ca/server/op/GetClientTokenOperation.java index 768f1a45845..dd0f987f5ce 100644 --- a/jans-client-api/server/src/main/java/io/jans/ca/server/op/GetClientTokenOperation.java +++ b/jans-client-api/server/src/main/java/io/jans/ca/server/op/GetClientTokenOperation.java @@ -8,7 +8,6 @@ import io.jans.as.model.common.GrantType; import io.jans.as.model.crypto.signature.SignatureAlgorithm; import io.jans.as.model.util.Util; -import io.jans.ca.common.CommandType; import io.jans.ca.common.ErrorResponseCode; import io.jans.ca.common.params.GetClientTokenParams; import io.jans.ca.common.response.GetClientTokenResponse; @@ -21,6 +20,7 @@ import jakarta.inject.Inject; import jakarta.inject.Named; import jakarta.servlet.http.HttpServletRequest; +import jakarta.ws.rs.core.MediaType; import org.slf4j.Logger; import org.slf4j.LoggerFactory; @@ -101,8 +101,13 @@ public Class getParameterClass() { } @Override - public CommandType getCommandType() { - return CommandType.GET_CLIENT_TOKEN; + public boolean isAuthorizationRequired() { + return false; + } + + @Override + public String getReturnType() { + return MediaType.APPLICATION_JSON; } private String scopeAsString(GetClientTokenParams params) throws UnsupportedEncodingException { diff --git a/jans-client-api/server/src/main/java/io/jans/ca/server/op/GetDiscoveryOperation.java b/jans-client-api/server/src/main/java/io/jans/ca/server/op/GetDiscoveryOperation.java index 76182b8bbb6..725ab1ab7ff 100644 --- a/jans-client-api/server/src/main/java/io/jans/ca/server/op/GetDiscoveryOperation.java +++ b/jans-client-api/server/src/main/java/io/jans/ca/server/op/GetDiscoveryOperation.java @@ -1,7 +1,6 @@ package io.jans.ca.server.op; import io.jans.as.client.OpenIdConfigurationResponse; -import io.jans.ca.common.CommandType; import io.jans.ca.common.ErrorResponseCode; import io.jans.ca.common.params.GetDiscoveryParams; import io.jans.ca.common.response.GetDiscoveryResponse; @@ -12,6 +11,7 @@ import jakarta.inject.Inject; import jakarta.inject.Named; import jakarta.servlet.http.HttpServletRequest; +import jakarta.ws.rs.core.MediaType; import org.apache.commons.beanutils.BeanUtils; import org.slf4j.Logger; import org.slf4j.LoggerFactory; @@ -47,8 +47,13 @@ public Class getParameterClass() { } @Override - public CommandType getCommandType() { - return CommandType.GET_DISCOVERY; + public boolean isAuthorizationRequired() { + return false; + } + + @Override + public String getReturnType() { + return MediaType.APPLICATION_JSON; } } diff --git a/jans-client-api/server/src/main/java/io/jans/ca/server/op/GetIssuerOperation.java b/jans-client-api/server/src/main/java/io/jans/ca/server/op/GetIssuerOperation.java index 3ad1cbf8f64..28419535b03 100644 --- a/jans-client-api/server/src/main/java/io/jans/ca/server/op/GetIssuerOperation.java +++ b/jans-client-api/server/src/main/java/io/jans/ca/server/op/GetIssuerOperation.java @@ -3,7 +3,6 @@ import io.jans.as.client.OpenIdConnectDiscoveryClient; import io.jans.as.client.OpenIdConnectDiscoveryResponse; import io.jans.as.model.discovery.WebFingerParam; -import io.jans.ca.common.CommandType; import io.jans.ca.common.ErrorResponseCode; import io.jans.ca.common.params.GetIssuerParams; import io.jans.ca.common.response.GetIssuerResponse; @@ -12,6 +11,7 @@ import io.jans.ca.server.service.DiscoveryService; import jakarta.inject.Inject; import jakarta.servlet.http.HttpServletRequest; +import jakarta.ws.rs.core.MediaType; import org.apache.commons.beanutils.BeanUtils; import org.python.google.common.base.Strings; import org.slf4j.Logger; @@ -84,7 +84,13 @@ public Class getParameterClass() { } @Override - public CommandType getCommandType() { - return CommandType.ISSUER_DISCOVERY; + public boolean isAuthorizationRequired() { + return false; } + + @Override + public String getReturnType() { + return MediaType.APPLICATION_JSON; + } + } diff --git a/jans-client-api/server/src/main/java/io/jans/ca/server/op/GetJwksOperation.java b/jans-client-api/server/src/main/java/io/jans/ca/server/op/GetJwksOperation.java index 2ae13e65943..34762b99f04 100644 --- a/jans-client-api/server/src/main/java/io/jans/ca/server/op/GetJwksOperation.java +++ b/jans-client-api/server/src/main/java/io/jans/ca/server/op/GetJwksOperation.java @@ -6,7 +6,6 @@ import io.jans.as.client.JwkClient; import io.jans.as.client.JwkResponse; import io.jans.as.client.OpenIdConfigurationResponse; -import io.jans.ca.common.CommandType; import io.jans.ca.common.ErrorResponseCode; import io.jans.ca.common.params.GetJwksParams; import io.jans.ca.common.response.GetJwksResponse; @@ -18,6 +17,7 @@ import jakarta.inject.Inject; import jakarta.inject.Named; import jakarta.servlet.http.HttpServletRequest; +import jakarta.ws.rs.core.MediaType; import org.apache.commons.lang.StringUtils; @RequestScoped @@ -63,7 +63,13 @@ public Class getParameterClass() { } @Override - public CommandType getCommandType() { - return CommandType.GET_JWKS; + public boolean isAuthorizationRequired() { + return false; } + + @Override + public String getReturnType() { + return MediaType.APPLICATION_JSON; + } + } diff --git a/jans-client-api/server/src/main/java/io/jans/ca/server/op/GetLogoutUrlOperation.java b/jans-client-api/server/src/main/java/io/jans/ca/server/op/GetLogoutUrlOperation.java index ddaaaeab6af..3cc3ac03b8a 100644 --- a/jans-client-api/server/src/main/java/io/jans/ca/server/op/GetLogoutUrlOperation.java +++ b/jans-client-api/server/src/main/java/io/jans/ca/server/op/GetLogoutUrlOperation.java @@ -2,7 +2,6 @@ import com.google.common.base.Strings; import io.jans.as.client.OpenIdConfigurationResponse; -import io.jans.ca.common.CommandType; import io.jans.ca.common.ErrorResponseCode; import io.jans.ca.common.ExpiredObjectType; import io.jans.ca.common.params.GetLogoutUrlParams; @@ -16,6 +15,7 @@ import jakarta.inject.Inject; import jakarta.inject.Named; import jakarta.servlet.http.HttpServletRequest; +import jakarta.ws.rs.core.MediaType; import org.slf4j.Logger; import org.slf4j.LoggerFactory; @@ -82,8 +82,13 @@ public Class getParameterClass() { } @Override - public CommandType getCommandType() { - return CommandType.GET_LOGOUT_URI; + public boolean isAuthorizationRequired() { + return true; + } + + @Override + public String getReturnType() { + return MediaType.APPLICATION_JSON; } private static String separator(String uri) { diff --git a/jans-client-api/server/src/main/java/io/jans/ca/server/op/GetRequestObjectOperation.java b/jans-client-api/server/src/main/java/io/jans/ca/server/op/GetRequestObjectOperation.java index 2ab872218bf..b1ee07ef723 100644 --- a/jans-client-api/server/src/main/java/io/jans/ca/server/op/GetRequestObjectOperation.java +++ b/jans-client-api/server/src/main/java/io/jans/ca/server/op/GetRequestObjectOperation.java @@ -1,7 +1,6 @@ package io.jans.ca.server.op; import com.google.common.base.Strings; -import io.jans.ca.common.CommandType; import io.jans.ca.common.ErrorResponseCode; import io.jans.ca.common.ExpiredObject; import io.jans.ca.common.params.StringParam; @@ -11,6 +10,7 @@ import io.jans.ca.server.service.RequestObjectService; import jakarta.inject.Inject; import jakarta.servlet.http.HttpServletRequest; +import jakarta.ws.rs.core.MediaType; import org.slf4j.Logger; import org.slf4j.LoggerFactory; @@ -46,7 +46,13 @@ public Class getParameterClass() { } @Override - public CommandType getCommandType() { - return CommandType.GET_REQUEST_OBJECT_JWT; + public boolean isAuthorizationRequired() { + return false; } + + @Override + public String getReturnType() { + return MediaType.TEXT_PLAIN; + } + } diff --git a/jans-client-api/server/src/main/java/io/jans/ca/server/op/GetRequestObjectUriOperation.java b/jans-client-api/server/src/main/java/io/jans/ca/server/op/GetRequestObjectUriOperation.java index 2ea5f3005d1..c7da998152e 100644 --- a/jans-client-api/server/src/main/java/io/jans/ca/server/op/GetRequestObjectUriOperation.java +++ b/jans-client-api/server/src/main/java/io/jans/ca/server/op/GetRequestObjectUriOperation.java @@ -6,7 +6,6 @@ import io.jans.as.model.jwk.Use; import io.jans.as.model.jwt.Jwt; import io.jans.as.model.jwt.JwtType; -import io.jans.ca.common.CommandType; import io.jans.ca.common.ErrorResponseCode; import io.jans.ca.common.params.GetRequestObjectUriParams; import io.jans.ca.common.response.GetRequestObjectUriResponse; @@ -18,6 +17,7 @@ import io.jans.ca.server.service.RequestObjectService; import jakarta.inject.Inject; import jakarta.servlet.http.HttpServletRequest; +import jakarta.ws.rs.core.MediaType; import org.apache.commons.lang.StringUtils; import org.json.JSONObject; import org.slf4j.Logger; @@ -136,7 +136,13 @@ public Class getParameterClass() { } @Override - public CommandType getCommandType() { - return CommandType.GET_REQUEST_URI; + public boolean isAuthorizationRequired() { + return true; } + + @Override + public String getReturnType() { + return MediaType.APPLICATION_JSON; + } + } diff --git a/jans-client-api/server/src/main/java/io/jans/ca/server/op/GetRpJwksOperation.java b/jans-client-api/server/src/main/java/io/jans/ca/server/op/GetRpJwksOperation.java index def52c5a585..5a67f195a88 100644 --- a/jans-client-api/server/src/main/java/io/jans/ca/server/op/GetRpJwksOperation.java +++ b/jans-client-api/server/src/main/java/io/jans/ca/server/op/GetRpJwksOperation.java @@ -1,6 +1,5 @@ package io.jans.ca.server.op; -import io.jans.ca.common.CommandType; import io.jans.ca.common.params.GetJwksParams; import io.jans.ca.common.response.IOpResponse; import io.jans.ca.common.response.POJOResponse; @@ -10,6 +9,7 @@ import jakarta.inject.Inject; import jakarta.inject.Named; import jakarta.servlet.http.HttpServletRequest; +import jakarta.ws.rs.core.MediaType; @RequestScoped @Named @@ -35,7 +35,13 @@ public Class getParameterClass() { } @Override - public CommandType getCommandType() { - return CommandType.GET_RP_JWKS; + public boolean isAuthorizationRequired() { + return false; } + + @Override + public String getReturnType() { + return MediaType.APPLICATION_JSON; + } + } diff --git a/jans-client-api/server/src/main/java/io/jans/ca/server/op/GetRpOperation.java b/jans-client-api/server/src/main/java/io/jans/ca/server/op/GetRpOperation.java index 8d2d5425452..712b47b2114 100644 --- a/jans-client-api/server/src/main/java/io/jans/ca/server/op/GetRpOperation.java +++ b/jans-client-api/server/src/main/java/io/jans/ca/server/op/GetRpOperation.java @@ -1,6 +1,5 @@ package io.jans.ca.server.op; -import io.jans.ca.common.CommandType; import io.jans.ca.common.Jackson2; import io.jans.ca.common.params.GetRpParams; import io.jans.ca.common.response.GetRpResponse; @@ -12,6 +11,7 @@ import jakarta.inject.Inject; import jakarta.inject.Named; import jakarta.servlet.http.HttpServletRequest; +import jakarta.ws.rs.core.MediaType; import org.slf4j.Logger; import org.slf4j.LoggerFactory; @@ -51,7 +51,13 @@ public Class getParameterClass() { } @Override - public CommandType getCommandType() { - return CommandType.GET_RP; + public boolean isAuthorizationRequired() { + return false; } + + @Override + public String getReturnType() { + return MediaType.APPLICATION_JSON; + } + } diff --git a/jans-client-api/server/src/main/java/io/jans/ca/server/op/GetTokensByCodeOperation.java b/jans-client-api/server/src/main/java/io/jans/ca/server/op/GetTokensByCodeOperation.java index c6beade091c..1c78f8b4961 100644 --- a/jans-client-api/server/src/main/java/io/jans/ca/server/op/GetTokensByCodeOperation.java +++ b/jans-client-api/server/src/main/java/io/jans/ca/server/op/GetTokensByCodeOperation.java @@ -12,7 +12,9 @@ import io.jans.as.model.jwk.Algorithm; import io.jans.as.model.jwk.Use; import io.jans.as.model.jwt.Jwt; -import io.jans.ca.common.*; +import io.jans.ca.common.ErrorResponseCode; +import io.jans.ca.common.ExpiredObjectType; +import io.jans.ca.common.Jackson2; import io.jans.ca.common.params.GetTokensByCodeParams; import io.jans.ca.common.response.GetTokensByCodeResponse; import io.jans.ca.common.response.IOpResponse; @@ -23,6 +25,7 @@ import jakarta.inject.Inject; import jakarta.inject.Named; import jakarta.servlet.http.HttpServletRequest; +import jakarta.ws.rs.core.MediaType; import org.python.jline.internal.Log; import org.slf4j.Logger; import org.slf4j.LoggerFactory; @@ -152,8 +155,13 @@ public Class getParameterClass() { } @Override - public CommandType getCommandType() { - return CommandType.GET_TOKENS_BY_CODE; + public boolean isAuthorizationRequired() { + return true; + } + + @Override + public String getReturnType() { + return MediaType.APPLICATION_JSON; } private void validate(GetTokensByCodeParams params) { diff --git a/jans-client-api/server/src/main/java/io/jans/ca/server/op/GetUserInfoOperation.java b/jans-client-api/server/src/main/java/io/jans/ca/server/op/GetUserInfoOperation.java index 65eb3dc66d0..9c75f7a1f02 100644 --- a/jans-client-api/server/src/main/java/io/jans/ca/server/op/GetUserInfoOperation.java +++ b/jans-client-api/server/src/main/java/io/jans/ca/server/op/GetUserInfoOperation.java @@ -6,7 +6,6 @@ import io.jans.as.client.UserInfoResponse; import io.jans.as.model.jwt.Jwt; import io.jans.as.model.jwt.JwtClaimName; -import io.jans.ca.common.CommandType; import io.jans.ca.common.ErrorResponseCode; import io.jans.ca.common.Jackson2; import io.jans.ca.common.params.GetUserInfoParams; @@ -19,6 +18,7 @@ import jakarta.inject.Inject; import jakarta.inject.Named; import jakarta.servlet.http.HttpServletRequest; +import jakarta.ws.rs.core.MediaType; import org.slf4j.Logger; import org.slf4j.LoggerFactory; @@ -84,7 +84,13 @@ public Class getParameterClass() { } @Override - public CommandType getCommandType() { - return CommandType.GET_USER_INFO; + public boolean isAuthorizationRequired() { + return true; } + + @Override + public String getReturnType() { + return MediaType.APPLICATION_JSON; + } + } diff --git a/jans-client-api/server/src/main/java/io/jans/ca/server/op/IOperation.java b/jans-client-api/server/src/main/java/io/jans/ca/server/op/IOperation.java index 043a545acb9..510030206d8 100644 --- a/jans-client-api/server/src/main/java/io/jans/ca/server/op/IOperation.java +++ b/jans-client-api/server/src/main/java/io/jans/ca/server/op/IOperation.java @@ -3,7 +3,6 @@ */ package io.jans.ca.server.op; -import io.jans.ca.common.CommandType; import io.jans.ca.common.params.IParams; import io.jans.ca.common.response.IOpResponse; import jakarta.servlet.http.HttpServletRequest; @@ -19,5 +18,7 @@ public interface IOperation { Class getParameterClass(); - CommandType getCommandType(); + boolean isAuthorizationRequired(); + + String getReturnType(); } diff --git a/jans-client-api/server/src/main/java/io/jans/ca/server/op/ImplicitFlowOperation.java b/jans-client-api/server/src/main/java/io/jans/ca/server/op/ImplicitFlowOperation.java index f50f4bfda2b..9e6cbd7acf0 100644 --- a/jans-client-api/server/src/main/java/io/jans/ca/server/op/ImplicitFlowOperation.java +++ b/jans-client-api/server/src/main/java/io/jans/ca/server/op/ImplicitFlowOperation.java @@ -10,13 +10,13 @@ import io.jans.as.model.common.Prompt; import io.jans.as.model.common.ResponseType; import io.jans.as.model.util.Util; -import io.jans.ca.common.CommandType; import io.jans.ca.common.params.ImplicitFlowParams; import io.jans.ca.common.response.IOpResponse; import io.jans.ca.common.response.ImplicitFlowResponse; import io.jans.ca.server.service.DiscoveryService; import jakarta.inject.Inject; import jakarta.servlet.http.HttpServletRequest; +import jakarta.ws.rs.core.MediaType; import org.slf4j.Logger; import org.slf4j.LoggerFactory; @@ -108,7 +108,13 @@ public Class getParameterClass() { } @Override - public CommandType getCommandType() { - return CommandType.IMPLICIT_FLOW; + public boolean isAuthorizationRequired() { + return true; } + + @Override + public String getReturnType() { + return MediaType.APPLICATION_JSON; + } + } \ No newline at end of file diff --git a/jans-client-api/server/src/main/java/io/jans/ca/server/op/IntrospectAccessTokenOperation.java b/jans-client-api/server/src/main/java/io/jans/ca/server/op/IntrospectAccessTokenOperation.java index b35c0624e7f..abe7c5eb438 100644 --- a/jans-client-api/server/src/main/java/io/jans/ca/server/op/IntrospectAccessTokenOperation.java +++ b/jans-client-api/server/src/main/java/io/jans/ca/server/op/IntrospectAccessTokenOperation.java @@ -1,7 +1,6 @@ package io.jans.ca.server.op; import io.jans.as.model.common.IntrospectionResponse; -import io.jans.ca.common.CommandType; import io.jans.ca.common.params.IntrospectAccessTokenParams; import io.jans.ca.common.response.IOpResponse; import io.jans.ca.common.response.POJOResponse; @@ -10,6 +9,7 @@ import jakarta.inject.Inject; import jakarta.inject.Named; import jakarta.servlet.http.HttpServletRequest; +import jakarta.ws.rs.core.MediaType; import org.slf4j.Logger; import org.slf4j.LoggerFactory; @@ -36,7 +36,13 @@ public Class getParameterClass() { } @Override - public CommandType getCommandType() { - return CommandType.INTROSPECT_ACCESS_TOKEN; + public boolean isAuthorizationRequired() { + return true; } + + @Override + public String getReturnType() { + return MediaType.APPLICATION_JSON; + } + } diff --git a/jans-client-api/server/src/main/java/io/jans/ca/server/op/IntrospectRptOperation.java b/jans-client-api/server/src/main/java/io/jans/ca/server/op/IntrospectRptOperation.java index 5f5a084495c..a08c15a2c86 100644 --- a/jans-client-api/server/src/main/java/io/jans/ca/server/op/IntrospectRptOperation.java +++ b/jans-client-api/server/src/main/java/io/jans/ca/server/op/IntrospectRptOperation.java @@ -1,6 +1,5 @@ package io.jans.ca.server.op; -import io.jans.ca.common.CommandType; import io.jans.ca.common.introspection.CorrectRptIntrospectionResponse; import io.jans.ca.common.params.IntrospectRptParams; import io.jans.ca.common.response.IOpResponse; @@ -10,6 +9,7 @@ import jakarta.inject.Inject; import jakarta.inject.Named; import jakarta.servlet.http.HttpServletRequest; +import jakarta.ws.rs.core.MediaType; @RequestScoped @Named @@ -32,7 +32,13 @@ public Class getParameterClass() { } @Override - public CommandType getCommandType() { - return CommandType.INTROSPECT_RPT; + public boolean isAuthorizationRequired() { + return true; } + + @Override + public String getReturnType() { + return MediaType.APPLICATION_JSON; + } + } diff --git a/jans-client-api/server/src/main/java/io/jans/ca/server/op/RegisterSiteOperation.java b/jans-client-api/server/src/main/java/io/jans/ca/server/op/RegisterSiteOperation.java index 440b3726241..31f51aebec3 100644 --- a/jans-client-api/server/src/main/java/io/jans/ca/server/op/RegisterSiteOperation.java +++ b/jans-client-api/server/src/main/java/io/jans/ca/server/op/RegisterSiteOperation.java @@ -15,7 +15,6 @@ import io.jans.as.model.crypto.signature.SignatureAlgorithm; import io.jans.as.model.register.ApplicationType; import io.jans.as.model.uma.UmaMetadata; -import io.jans.ca.common.CommandType; import io.jans.ca.common.ErrorResponseCode; import io.jans.ca.common.params.RegisterSiteParams; import io.jans.ca.common.response.IOpResponse; @@ -28,6 +27,7 @@ import io.jans.ca.server.service.RpService; import jakarta.inject.Inject; import jakarta.servlet.http.HttpServletRequest; +import jakarta.ws.rs.core.MediaType; import org.apache.commons.collections.CollectionUtils; import org.apache.commons.lang.StringUtils; import org.apache.commons.lang.math.NumberUtils; @@ -96,8 +96,13 @@ public Class getParameterClass() { } @Override - public CommandType getCommandType() { - return CommandType.REGISTER_SITE; + public boolean isAuthorizationRequired() { + return false; + } + + @Override + public String getReturnType() { + return MediaType.APPLICATION_JSON; } private void validateParametersAndFallbackIfNeeded(RegisterSiteParams params) { diff --git a/jans-client-api/server/src/main/java/io/jans/ca/server/op/RemoveSiteOperation.java b/jans-client-api/server/src/main/java/io/jans/ca/server/op/RemoveSiteOperation.java index 272e2bb86e2..e42da884c2a 100644 --- a/jans-client-api/server/src/main/java/io/jans/ca/server/op/RemoveSiteOperation.java +++ b/jans-client-api/server/src/main/java/io/jans/ca/server/op/RemoveSiteOperation.java @@ -1,6 +1,5 @@ package io.jans.ca.server.op; -import io.jans.ca.common.CommandType; import io.jans.ca.common.ErrorResponseCode; import io.jans.ca.common.params.RemoveSiteParams; import io.jans.ca.common.response.IOpResponse; @@ -11,6 +10,7 @@ import jakarta.inject.Inject; import jakarta.inject.Named; import jakarta.servlet.http.HttpServletRequest; +import jakarta.ws.rs.core.MediaType; @RequestScoped @Named @@ -34,7 +34,13 @@ public Class getParameterClass() { } @Override - public CommandType getCommandType() { - return CommandType.REMOVE_SITE; + public boolean isAuthorizationRequired() { + return false; } + + @Override + public String getReturnType() { + return MediaType.APPLICATION_JSON; + } + } diff --git a/jans-client-api/server/src/main/java/io/jans/ca/server/op/RpGetGetClaimsGatheringUrlOperation.java b/jans-client-api/server/src/main/java/io/jans/ca/server/op/RpGetGetClaimsGatheringUrlOperation.java index 128809af305..556b59219ca 100644 --- a/jans-client-api/server/src/main/java/io/jans/ca/server/op/RpGetGetClaimsGatheringUrlOperation.java +++ b/jans-client-api/server/src/main/java/io/jans/ca/server/op/RpGetGetClaimsGatheringUrlOperation.java @@ -2,7 +2,6 @@ import com.google.common.collect.Lists; import io.jans.as.model.uma.UmaMetadata; -import io.jans.ca.common.CommandType; import io.jans.ca.common.ErrorResponseCode; import io.jans.ca.common.ExpiredObjectType; import io.jans.ca.common.params.RpGetClaimsGatheringUrlParams; @@ -17,6 +16,7 @@ import jakarta.inject.Inject; import jakarta.inject.Named; import jakarta.servlet.http.HttpServletRequest; +import jakarta.ws.rs.core.MediaType; import org.apache.commons.lang.StringUtils; import java.util.List; @@ -71,8 +71,13 @@ public Class getParameterClass() { } @Override - public CommandType getCommandType() { - return CommandType.RP_GET_CLAIMS_GATHERING_URL; + public boolean isAuthorizationRequired() { + return true; + } + + @Override + public String getReturnType() { + return MediaType.APPLICATION_JSON; } private void validate(RpGetClaimsGatheringUrlParams params) { diff --git a/jans-client-api/server/src/main/java/io/jans/ca/server/op/RpGetRptOperation.java b/jans-client-api/server/src/main/java/io/jans/ca/server/op/RpGetRptOperation.java index 94a20f64f14..a63237b86a3 100644 --- a/jans-client-api/server/src/main/java/io/jans/ca/server/op/RpGetRptOperation.java +++ b/jans-client-api/server/src/main/java/io/jans/ca/server/op/RpGetRptOperation.java @@ -5,13 +5,12 @@ import io.jans.as.model.uma.UmaNeedInfoResponse; import io.jans.as.model.util.Util; -import io.jans.ca.common.CommandType; import io.jans.ca.common.ErrorResponseCode; import io.jans.ca.common.Jackson2; import io.jans.ca.common.params.RpGetRptParams; import io.jans.ca.common.response.IOpResponse; import io.jans.ca.server.HttpException; - +import io.jans.ca.server.service.UmaTokenService; import jakarta.enterprise.context.RequestScoped; import jakarta.inject.Inject; import jakarta.inject.Named; @@ -21,8 +20,6 @@ import jakarta.ws.rs.core.MediaType; import jakarta.ws.rs.core.Response; import jakarta.ws.rs.core.Response.Status; - -import io.jans.ca.server.service.UmaTokenService; import org.apache.commons.lang.StringUtils; import org.slf4j.Logger; import org.slf4j.LoggerFactory; @@ -55,8 +52,13 @@ public Class getParameterClass() { } @Override - public CommandType getCommandType() { - return CommandType.RP_GET_RPT; + public boolean isAuthorizationRequired() { + return true; + } + + @Override + public String getReturnType() { + return MediaType.APPLICATION_JSON; } public static IOpResponse handleRptError(int status, String entity) throws IOException { diff --git a/jans-client-api/server/src/main/java/io/jans/ca/server/op/RsCheckAccessOperation.java b/jans-client-api/server/src/main/java/io/jans/ca/server/op/RsCheckAccessOperation.java index 5276af25ca0..eb142e9500c 100644 --- a/jans-client-api/server/src/main/java/io/jans/ca/server/op/RsCheckAccessOperation.java +++ b/jans-client-api/server/src/main/java/io/jans/ca/server/op/RsCheckAccessOperation.java @@ -3,7 +3,10 @@ import com.google.common.base.Strings; import io.jans.as.model.uma.JsonLogicNodeParser; import io.jans.as.model.uma.PermissionTicket; -import io.jans.ca.common.*; +import io.jans.ca.common.CoreUtils; +import io.jans.ca.common.ErrorResponse; +import io.jans.ca.common.ErrorResponseCode; +import io.jans.ca.common.Jackson2; import io.jans.ca.common.introspection.CorrectRptIntrospectionResponse; import io.jans.ca.common.introspection.CorrectUmaPermission; import io.jans.ca.common.params.RsCheckAccessParams; @@ -134,8 +137,13 @@ public Class getParameterClass() { } @Override - public CommandType getCommandType() { - return CommandType.RS_CHECK_ACCESS; + public boolean isAuthorizationRequired() { + return true; + } + + @Override + public String getReturnType() { + return MediaType.APPLICATION_JSON; } private List getRequiredScopes(RsCheckAccessParams params, UmaResource resource) { diff --git a/jans-client-api/server/src/main/java/io/jans/ca/server/op/RsModifyOperation.java b/jans-client-api/server/src/main/java/io/jans/ca/server/op/RsModifyOperation.java index 004d5e9aacf..6da36502179 100644 --- a/jans-client-api/server/src/main/java/io/jans/ca/server/op/RsModifyOperation.java +++ b/jans-client-api/server/src/main/java/io/jans/ca/server/op/RsModifyOperation.java @@ -179,7 +179,13 @@ public Class getParameterClass() { } @Override - public CommandType getCommandType() { - return CommandType.RS_MODIFY; + public boolean isAuthorizationRequired() { + return true; } + + @Override + public String getReturnType() { + return MediaType.APPLICATION_JSON; + } + } diff --git a/jans-client-api/server/src/main/java/io/jans/ca/server/op/RsProtectOperation.java b/jans-client-api/server/src/main/java/io/jans/ca/server/op/RsProtectOperation.java index 9b7918b621d..381020a6022 100644 --- a/jans-client-api/server/src/main/java/io/jans/ca/server/op/RsProtectOperation.java +++ b/jans-client-api/server/src/main/java/io/jans/ca/server/op/RsProtectOperation.java @@ -10,7 +10,6 @@ import io.jans.as.model.uma.JsonLogicNodeParser; import io.jans.as.model.uma.UmaMetadata; import io.jans.as.model.util.Util; -import io.jans.ca.common.CommandType; import io.jans.ca.common.ErrorResponseCode; import io.jans.ca.common.params.RsProtectParams; import io.jans.ca.common.response.IOpResponse; @@ -33,6 +32,7 @@ import jakarta.inject.Named; import jakarta.servlet.http.HttpServletRequest; import jakarta.ws.rs.ClientErrorException; +import jakarta.ws.rs.core.MediaType; import org.apache.commons.lang.StringUtils; import org.slf4j.Logger; import org.slf4j.LoggerFactory; @@ -41,6 +41,7 @@ import java.util.List; import java.util.Map; import java.util.Set; + @RequestScoped @Named public class RsProtectOperation extends BaseOperation { @@ -102,8 +103,13 @@ public Class getParameterClass() { } @Override - public CommandType getCommandType() { - return CommandType.RS_PROTECT; + public boolean isAuthorizationRequired() { + return true; + } + + @Override + public String getReturnType() { + return MediaType.APPLICATION_JSON; } private void persist(ResourceRegistrar registrar, Rp rp) throws IOException { diff --git a/jans-client-api/server/src/main/java/io/jans/ca/server/op/UpdateSiteOperation.java b/jans-client-api/server/src/main/java/io/jans/ca/server/op/UpdateSiteOperation.java index 78ee889f26e..c41e342efff 100644 --- a/jans-client-api/server/src/main/java/io/jans/ca/server/op/UpdateSiteOperation.java +++ b/jans-client-api/server/src/main/java/io/jans/ca/server/op/UpdateSiteOperation.java @@ -11,7 +11,6 @@ import io.jans.as.model.crypto.encryption.BlockEncryptionAlgorithm; import io.jans.as.model.crypto.encryption.KeyEncryptionAlgorithm; import io.jans.as.model.crypto.signature.SignatureAlgorithm; -import io.jans.ca.common.CommandType; import io.jans.ca.common.ErrorResponseCode; import io.jans.ca.common.params.UpdateSiteParams; import io.jans.ca.common.response.IOpResponse; @@ -26,6 +25,7 @@ import jakarta.inject.Named; import jakarta.servlet.http.HttpServletRequest; import jakarta.ws.rs.HttpMethod; +import jakarta.ws.rs.core.MediaType; import org.apache.commons.collections.CollectionUtils; import org.apache.commons.lang.StringUtils; import org.apache.commons.lang.math.NumberUtils; @@ -65,8 +65,13 @@ public Class getParameterClass() { } @Override - public CommandType getCommandType() { - return CommandType.UPDATE_SITE; + public boolean isAuthorizationRequired() { + return false; + } + + @Override + public String getReturnType() { + return MediaType.APPLICATION_JSON; } private void persistRp(Rp rp, UpdateSiteParams params) { diff --git a/jans-client-api/server/src/main/java/io/jans/ca/server/op/ValidateOperation.java b/jans-client-api/server/src/main/java/io/jans/ca/server/op/ValidateOperation.java index d27e7c92dc5..000885f292a 100644 --- a/jans-client-api/server/src/main/java/io/jans/ca/server/op/ValidateOperation.java +++ b/jans-client-api/server/src/main/java/io/jans/ca/server/op/ValidateOperation.java @@ -3,7 +3,6 @@ import com.google.common.base.Strings; import io.jans.as.client.OpenIdConfigurationResponse; import io.jans.as.model.jwt.Jwt; -import io.jans.ca.common.CommandType; import io.jans.ca.common.ErrorResponseCode; import io.jans.ca.common.params.ValidateParams; import io.jans.ca.common.response.IOpResponse; @@ -17,6 +16,7 @@ import jakarta.inject.Inject; import jakarta.inject.Named; import jakarta.servlet.http.HttpServletRequest; +import jakarta.ws.rs.core.MediaType; @RequestScoped @Named @@ -31,7 +31,7 @@ public class ValidateOperation extends BaseOperation { @Inject OpClientFactoryImpl opClientFactory; - @Override + @Override public IOpResponse execute(ValidateParams params, HttpServletRequest httpServletRequest) throws Exception { validateParams(params); @@ -62,8 +62,13 @@ public Class getParameterClass() { } @Override - public CommandType getCommandType() { - return CommandType.VALIDATE; + public boolean isAuthorizationRequired() { + return true; + } + + @Override + public String getReturnType() { + return MediaType.APPLICATION_JSON; } private void validateParams(ValidateParams params) { diff --git a/jans-client-api/server/src/main/java/io/jans/ca/server/rest/OpenIdConnectResource.java b/jans-client-api/server/src/main/java/io/jans/ca/server/rest/OpenIdConnectResource.java index 142a35d4a8b..dde205aa3f4 100644 --- a/jans-client-api/server/src/main/java/io/jans/ca/server/rest/OpenIdConnectResource.java +++ b/jans-client-api/server/src/main/java/io/jans/ca/server/rest/OpenIdConnectResource.java @@ -1,10 +1,5 @@ package io.jans.ca.server.rest; -import io.jans.ca.common.CommandType; -import io.jans.ca.common.params.GetAuthorizationCodeParams; -import io.jans.ca.common.params.GetAuthorizationUrlParams; -import io.jans.ca.common.params.GetLogoutUrlParams; -import io.jans.ca.common.params.GetTokensByCodeParams; import io.jans.ca.server.op.GetAuthorizationCodeOperation; import io.jans.ca.server.op.GetAuthorizationUrlOperation; import io.jans.ca.server.op.GetLogoutUrlOperation; diff --git a/jans-client-api/server/src/main/java/io/jans/ca/server/utils/Convertor.java b/jans-client-api/server/src/main/java/io/jans/ca/server/utils/Convertor.java index 1c1af3b1bf0..910f0812536 100644 --- a/jans-client-api/server/src/main/java/io/jans/ca/server/utils/Convertor.java +++ b/jans-client-api/server/src/main/java/io/jans/ca/server/utils/Convertor.java @@ -3,8 +3,8 @@ */ package io.jans.ca.server.utils; +import com.fasterxml.jackson.databind.JsonNode; import com.fasterxml.jackson.databind.node.POJONode; -import io.jans.ca.common.Command; import io.jans.ca.common.ErrorResponseCode; import io.jans.ca.common.Jackson2; import io.jans.ca.common.params.IParams; @@ -35,11 +35,11 @@ private Convertor() { * @param parameter calss * @return parameter object based on string representation */ - public static T asParams(Class clazz, Command command) { - if (command.getParams() instanceof POJONode) { - return (T) ((POJONode)command.getParams()).getPojo(); + public static T asParams(Class clazz, JsonNode jsonNodeParams) { + if (jsonNodeParams instanceof POJONode) { + return (T) ((POJONode) jsonNodeParams).getPojo(); } - final String paramsAsString = command.paramsAsString(); + final String paramsAsString = jsonNodeParams != null ? jsonNodeParams.toString() : ""; try { T params = Jackson2.createJsonMapper().readValue(paramsAsString, clazz); if (params == null) { diff --git a/jans-client-api/server/src/test/java/io/jans/ca/server/manual/NotAllowedTest.java b/jans-client-api/server/src/test/java/io/jans/ca/server/manual/NotAllowedTest.java index c44aba595d5..d604eec1fd9 100644 --- a/jans-client-api/server/src/test/java/io/jans/ca/server/manual/NotAllowedTest.java +++ b/jans-client-api/server/src/test/java/io/jans/ca/server/manual/NotAllowedTest.java @@ -4,8 +4,6 @@ import com.google.common.collect.Lists; import io.jans.ca.client.ClientInterface; import io.jans.ca.client.RsProtectParams2; -import io.jans.ca.common.Command; -import io.jans.ca.common.CommandType; import io.jans.ca.common.Jackson2; import io.jans.ca.common.params.RegisterSiteParams; import io.jans.ca.common.response.RegisterSiteResponse; @@ -53,9 +51,6 @@ public static RegisterSiteResponse registerSite(ClientInterface client) { params.setAcrValues(Lists.newArrayList("gplus", "basic", "duo", "u2f")); params.setGrantTypes(Lists.newArrayList("authorization_code")); - final Command command = new Command(CommandType.REGISTER_SITE); - command.setParamsObject(params); - final RegisterSiteResponse resp = client.registerSite(params); assertNotNull(resp); assertTrue(!Strings.isNullOrEmpty(resp.getRpId())); From f635b9672105f40f37a71f3159e47f2fdeedd1e9 Mon Sep 17 00:00:00 2001 From: jmunozherbas Date: Wed, 13 Jul 2022 01:00:14 -0400 Subject: [PATCH 10/10] feat(jans-client-api):remove authorizationRpId validation using body params, now is mandatory in header --- .../io/jans/ca/common/ErrorResponseCode.java | 3 +- .../op/AuthorizationCodeFlowOperation.java | 5 --- .../io/jans/ca/server/op/BaseOperation.java | 35 ------------------- .../server/op/CheckAccessTokenOperation.java | 5 --- .../ca/server/op/CheckIdTokenOperation.java | 5 --- ...GetAccessTokenByRefreshTokenOperation.java | 5 --- .../op/GetAuthorizationCodeOperation.java | 5 --- .../op/GetAuthorizationUrlOperation.java | 5 --- .../ca/server/op/GetClientTokenOperation.java | 5 --- .../ca/server/op/GetDiscoveryOperation.java | 5 --- .../jans/ca/server/op/GetIssuerOperation.java | 5 --- .../jans/ca/server/op/GetJwksOperation.java | 5 --- .../ca/server/op/GetLogoutUrlOperation.java | 5 --- .../server/op/GetRequestObjectOperation.java | 5 --- .../op/GetRequestObjectUriOperation.java | 5 --- .../jans/ca/server/op/GetRpJwksOperation.java | 5 --- .../io/jans/ca/server/op/GetRpOperation.java | 5 --- .../server/op/GetTokensByCodeOperation.java | 5 --- .../ca/server/op/GetUserInfoOperation.java | 5 --- .../java/io/jans/ca/server/op/IOperation.java | 2 -- .../ca/server/op/ImplicitFlowOperation.java | 5 --- .../op/IntrospectAccessTokenOperation.java | 5 --- .../ca/server/op/IntrospectRptOperation.java | 5 --- .../ca/server/op/RegisterSiteOperation.java | 5 --- .../ca/server/op/RemoveSiteOperation.java | 5 --- .../RpGetGetClaimsGatheringUrlOperation.java | 5 --- .../jans/ca/server/op/RpGetRptOperation.java | 5 --- .../ca/server/op/RsCheckAccessOperation.java | 5 --- .../jans/ca/server/op/RsModifyOperation.java | 5 --- .../jans/ca/server/op/RsProtectOperation.java | 5 --- .../ca/server/op/UpdateSiteOperation.java | 5 --- .../jans/ca/server/op/ValidateOperation.java | 5 --- .../jans/ca/server/rest/OAuth20Resource.java | 1 - .../ClientApiAuthorizationService.java | 9 ++--- .../tests/AuthorizationCodeFlowTest.java | 2 +- .../ca/server/tests/CheckAccessTokenTest.java | 2 +- .../ca/server/tests/CheckIdTokenTest.java | 2 +- .../server/tests/DifferentAuthServerTest.java | 2 +- .../server/tests/GetAuthorizationUrlTest.java | 12 +++---- .../ca/server/tests/GetLogoutUrlTest.java | 2 +- .../ca/server/tests/GetRequestUriTest.java | 4 +-- .../ca/server/tests/GetTokensByCodeTest.java | 6 ++-- .../jans/ca/server/tests/GetUserInfoTest.java | 4 +-- .../tests/IntrospectAccessTokenTest.java | 2 +- .../ca/server/tests/IntrospectRptTest.java | 2 +- .../io/jans/ca/server/tests/RpGetRptTest.java | 2 +- .../ca/server/tests/RsCheckAccessTest.java | 4 +-- .../io/jans/ca/server/tests/RsModifyTest.java | 4 +-- .../jans/ca/server/tests/RsProtectTest.java | 8 ++--- .../io/jans/ca/server/tests/UmaFullTest.java | 4 +-- .../tests/UmaGetClaimsGatheringUrlTest.java | 6 ++-- .../server/tests/UmaSpontaneousScopeTest.java | 2 +- .../jans/ca/server/tests/UpdateSiteTest.java | 6 ++-- 53 files changed, 43 insertions(+), 228 deletions(-) diff --git a/jans-client-api/common/src/main/java/io/jans/ca/common/ErrorResponseCode.java b/jans-client-api/common/src/main/java/io/jans/ca/common/ErrorResponseCode.java index 51f090a05b3..a6b066e9561 100644 --- a/jans-client-api/common/src/main/java/io/jans/ca/common/ErrorResponseCode.java +++ b/jans-client-api/common/src/main/java/io/jans/ca/common/ErrorResponseCode.java @@ -115,8 +115,9 @@ public enum ErrorResponseCode { AT_HASH_NOT_FOUND(500, "at_hash_not_found", "`at_hash` is missing in `ID_TOKEN`."), C_HASH_NOT_FOUND(500, "c_hash_not_found", "`c_hash` is missing in `ID_TOKEN`."), S_HASH_NOT_FOUND(500, "s_hash_not_found", "`s_hash` is missing in `ID_TOKEN`."), - INVALID_AUTHORIZATION_RP_ID(400, "invalid_authorization_rp_id", "`rp_id` in `AuthorizationRpId` header is invalid. The `AuthorizationRpId` header should contain `rp_id` from `protect_commands_with_rp_id` field in jans_client_api.yml."), + INVALID_AUTHORIZATION_RP_ID(400, "invalid_authorization_rp_id", "`rp_id` in `AuthorizationRpId` header is invalid. The `AuthorizationRpId` header should contain `rp_id` from `protect_commands_with_rp_id` field in config."), AUTHORIZATION_RP_ID_NOT_FOUND(400, "authorization_rp_id_not_found", "`rp_id` in `AuthorizationRpId` header is not registered in jans_client_api."), + AUTHORIZATION_RP_ID_HEADER_NOT_FOUND(400, "authorization_rp_id_header_not_found", "`AuthorizationRpId` header is not present or invalid."), NO_CLIENT_ID_RETURNED(500, "no_client_id_returned", "`client_id` is not returned from OP host. Please check OP log file for error (oxauth.log)."), NO_CLIENT_SECRET_RETURNED(500, "no_client_secret_returned", "`client_secret` is not returned from OP host. Please check: 1) OP log file for error (oxauth.log) 2) whether `returnClientSecretOnRead` configuration property is set to true on OP host."), RP_ACCESS_DENIED(403, "rp_access_denied", "The caller is not allowed to make request to jans_client_api. To allow add ip_address of caller in `bind_ip_addresses` field of `jans_client_api.yml`."), diff --git a/jans-client-api/server/src/main/java/io/jans/ca/server/op/AuthorizationCodeFlowOperation.java b/jans-client-api/server/src/main/java/io/jans/ca/server/op/AuthorizationCodeFlowOperation.java index f7eb30b8430..b42f346b017 100644 --- a/jans-client-api/server/src/main/java/io/jans/ca/server/op/AuthorizationCodeFlowOperation.java +++ b/jans-client-api/server/src/main/java/io/jans/ca/server/op/AuthorizationCodeFlowOperation.java @@ -52,11 +52,6 @@ public Class getParameterClass() { return AuthorizationCodeFlowParams.class; } - @Override - public boolean isAuthorizationRequired() { - return true; - } - @Override public String getReturnType() { return MediaType.APPLICATION_JSON; diff --git a/jans-client-api/server/src/main/java/io/jans/ca/server/op/BaseOperation.java b/jans-client-api/server/src/main/java/io/jans/ca/server/op/BaseOperation.java index e44bc56fa6f..ed5ea923759 100644 --- a/jans-client-api/server/src/main/java/io/jans/ca/server/op/BaseOperation.java +++ b/jans-client-api/server/src/main/java/io/jans/ca/server/op/BaseOperation.java @@ -75,14 +75,6 @@ public Response process(String paramsAsString, HttpServletRequest httpRequest) { private Object getObjectForJsonConversion(String paramsAsString, Class paramsClass, HttpServletRequest httpRequest) { LOG.trace("Command: {}", paramsAsString); T params = read(safeToJson(paramsAsString), paramsClass); - - if (isAuthorizationRequired()) { - final ApiAppConfiguration conf = jansConfigurationService.find(); - String authorization = httpRequest.getHeader("Authorization"); - String authorizationRpId = httpRequest.getHeader("AuthorizationRpId"); - validateAccessToken(authorization, safeToRpId((HasRpIdParams) params, authorizationRpId), conf); - } - JsonNode jsonNodeParams = JsonNodeFactory.instance.pojoNode(params); final IOpResponse response = internProcess(jsonNodeParams, httpRequest); @@ -136,33 +128,6 @@ public Rp getRp(T params) { throw new HttpException(ErrorResponseCode.BAD_REQUEST_NO_RP_ID); } - private String safeToRpId(HasRpIdParams params, String authorizationRpId) { - return Util.isNullOrEmpty(authorizationRpId) ? params.getRpId() : authorizationRpId; - } - - private void validateAccessToken(String authorization, String authorizationRpId, ApiAppConfiguration conf) { - final String prefix = "Bearer "; - - if (conf.getProtectCommandsWithAccessToken() != null && !conf.getProtectCommandsWithAccessToken()) { - LOG.debug("Skip protection because protect_commands_with_access_token: false in configuration."); - return; - } - - if (Util.isNullOrEmpty(authorization)) { - LOG.debug("No access token provided in Authorization header. Forbidden."); - throw new HttpException(ErrorResponseCode.BLANK_ACCESS_TOKEN); - } - - String accessToken = authorization.substring(prefix.length()); - if (Util.isNullOrEmpty(accessToken)) { - LOG.debug("No access token provided in Authorization header. Forbidden."); - throw new HttpException(ErrorResponseCode.BLANK_ACCESS_TOKEN); - } - - validationService.validateAccessToken(accessToken, authorizationRpId); - } - - private void validateIpAddressAllowed(String callerIpAddress) { LOG.trace("Checking if caller ipAddress : {} is allowed to make request to jans_client_api.", callerIpAddress); final ApiAppConfiguration conf = jansConfigurationService.find(); diff --git a/jans-client-api/server/src/main/java/io/jans/ca/server/op/CheckAccessTokenOperation.java b/jans-client-api/server/src/main/java/io/jans/ca/server/op/CheckAccessTokenOperation.java index 19fd2f69096..9af4119a59d 100644 --- a/jans-client-api/server/src/main/java/io/jans/ca/server/op/CheckAccessTokenOperation.java +++ b/jans-client-api/server/src/main/java/io/jans/ca/server/op/CheckAccessTokenOperation.java @@ -58,11 +58,6 @@ public Class getParameterClass() { return CheckAccessTokenParams.class; } - @Override - public boolean isAuthorizationRequired() { - return true; - } - @Override public String getReturnType() { return MediaType.APPLICATION_JSON; diff --git a/jans-client-api/server/src/main/java/io/jans/ca/server/op/CheckIdTokenOperation.java b/jans-client-api/server/src/main/java/io/jans/ca/server/op/CheckIdTokenOperation.java index f44b009ec5f..e52a454d645 100644 --- a/jans-client-api/server/src/main/java/io/jans/ca/server/op/CheckIdTokenOperation.java +++ b/jans-client-api/server/src/main/java/io/jans/ca/server/op/CheckIdTokenOperation.java @@ -83,11 +83,6 @@ public Class getParameterClass() { return CheckIdTokenParams.class; } - @Override - public boolean isAuthorizationRequired() { - return true; - } - @Override public String getReturnType() { return MediaType.APPLICATION_JSON; diff --git a/jans-client-api/server/src/main/java/io/jans/ca/server/op/GetAccessTokenByRefreshTokenOperation.java b/jans-client-api/server/src/main/java/io/jans/ca/server/op/GetAccessTokenByRefreshTokenOperation.java index fac3727f641..b5f56b907eb 100644 --- a/jans-client-api/server/src/main/java/io/jans/ca/server/op/GetAccessTokenByRefreshTokenOperation.java +++ b/jans-client-api/server/src/main/java/io/jans/ca/server/op/GetAccessTokenByRefreshTokenOperation.java @@ -70,11 +70,6 @@ public Class getParameterClass() { return GetAccessTokenByRefreshTokenParams.class; } - @Override - public boolean isAuthorizationRequired() { - return true; - } - @Override public String getReturnType() { return MediaType.APPLICATION_JSON; diff --git a/jans-client-api/server/src/main/java/io/jans/ca/server/op/GetAuthorizationCodeOperation.java b/jans-client-api/server/src/main/java/io/jans/ca/server/op/GetAuthorizationCodeOperation.java index acd8083deeb..d7ded10894f 100644 --- a/jans-client-api/server/src/main/java/io/jans/ca/server/op/GetAuthorizationCodeOperation.java +++ b/jans-client-api/server/src/main/java/io/jans/ca/server/op/GetAuthorizationCodeOperation.java @@ -77,11 +77,6 @@ public Class getParameterClass() { return GetAuthorizationCodeParams.class; } - @Override - public boolean isAuthorizationRequired() { - return true; - } - @Override public String getReturnType() { return MediaType.APPLICATION_JSON; diff --git a/jans-client-api/server/src/main/java/io/jans/ca/server/op/GetAuthorizationUrlOperation.java b/jans-client-api/server/src/main/java/io/jans/ca/server/op/GetAuthorizationUrlOperation.java index e4e06222ecc..8b74cac0d62 100644 --- a/jans-client-api/server/src/main/java/io/jans/ca/server/op/GetAuthorizationUrlOperation.java +++ b/jans-client-api/server/src/main/java/io/jans/ca/server/op/GetAuthorizationUrlOperation.java @@ -116,11 +116,6 @@ public Class getParameterClass() { return GetAuthorizationUrlParams.class; } - @Override - public boolean isAuthorizationRequired() { - return true; - } - @Override public String getReturnType() { return MediaType.APPLICATION_JSON; diff --git a/jans-client-api/server/src/main/java/io/jans/ca/server/op/GetClientTokenOperation.java b/jans-client-api/server/src/main/java/io/jans/ca/server/op/GetClientTokenOperation.java index dd0f987f5ce..cd0bf29716d 100644 --- a/jans-client-api/server/src/main/java/io/jans/ca/server/op/GetClientTokenOperation.java +++ b/jans-client-api/server/src/main/java/io/jans/ca/server/op/GetClientTokenOperation.java @@ -100,11 +100,6 @@ public Class getParameterClass() { return GetClientTokenParams.class; } - @Override - public boolean isAuthorizationRequired() { - return false; - } - @Override public String getReturnType() { return MediaType.APPLICATION_JSON; diff --git a/jans-client-api/server/src/main/java/io/jans/ca/server/op/GetDiscoveryOperation.java b/jans-client-api/server/src/main/java/io/jans/ca/server/op/GetDiscoveryOperation.java index 725ab1ab7ff..773f0b2e20a 100644 --- a/jans-client-api/server/src/main/java/io/jans/ca/server/op/GetDiscoveryOperation.java +++ b/jans-client-api/server/src/main/java/io/jans/ca/server/op/GetDiscoveryOperation.java @@ -46,11 +46,6 @@ public Class getParameterClass() { return GetDiscoveryParams.class; } - @Override - public boolean isAuthorizationRequired() { - return false; - } - @Override public String getReturnType() { return MediaType.APPLICATION_JSON; diff --git a/jans-client-api/server/src/main/java/io/jans/ca/server/op/GetIssuerOperation.java b/jans-client-api/server/src/main/java/io/jans/ca/server/op/GetIssuerOperation.java index 28419535b03..4659ffce01c 100644 --- a/jans-client-api/server/src/main/java/io/jans/ca/server/op/GetIssuerOperation.java +++ b/jans-client-api/server/src/main/java/io/jans/ca/server/op/GetIssuerOperation.java @@ -83,11 +83,6 @@ public Class getParameterClass() { return GetIssuerParams.class; } - @Override - public boolean isAuthorizationRequired() { - return false; - } - @Override public String getReturnType() { return MediaType.APPLICATION_JSON; diff --git a/jans-client-api/server/src/main/java/io/jans/ca/server/op/GetJwksOperation.java b/jans-client-api/server/src/main/java/io/jans/ca/server/op/GetJwksOperation.java index 34762b99f04..f9e6f335158 100644 --- a/jans-client-api/server/src/main/java/io/jans/ca/server/op/GetJwksOperation.java +++ b/jans-client-api/server/src/main/java/io/jans/ca/server/op/GetJwksOperation.java @@ -62,11 +62,6 @@ public Class getParameterClass() { return GetJwksParams.class; } - @Override - public boolean isAuthorizationRequired() { - return false; - } - @Override public String getReturnType() { return MediaType.APPLICATION_JSON; diff --git a/jans-client-api/server/src/main/java/io/jans/ca/server/op/GetLogoutUrlOperation.java b/jans-client-api/server/src/main/java/io/jans/ca/server/op/GetLogoutUrlOperation.java index 3cc3ac03b8a..adfe581f710 100644 --- a/jans-client-api/server/src/main/java/io/jans/ca/server/op/GetLogoutUrlOperation.java +++ b/jans-client-api/server/src/main/java/io/jans/ca/server/op/GetLogoutUrlOperation.java @@ -81,11 +81,6 @@ public Class getParameterClass() { return GetLogoutUrlParams.class; } - @Override - public boolean isAuthorizationRequired() { - return true; - } - @Override public String getReturnType() { return MediaType.APPLICATION_JSON; diff --git a/jans-client-api/server/src/main/java/io/jans/ca/server/op/GetRequestObjectOperation.java b/jans-client-api/server/src/main/java/io/jans/ca/server/op/GetRequestObjectOperation.java index b1ee07ef723..2cb7eedf712 100644 --- a/jans-client-api/server/src/main/java/io/jans/ca/server/op/GetRequestObjectOperation.java +++ b/jans-client-api/server/src/main/java/io/jans/ca/server/op/GetRequestObjectOperation.java @@ -45,11 +45,6 @@ public Class getParameterClass() { return StringParam.class; } - @Override - public boolean isAuthorizationRequired() { - return false; - } - @Override public String getReturnType() { return MediaType.TEXT_PLAIN; diff --git a/jans-client-api/server/src/main/java/io/jans/ca/server/op/GetRequestObjectUriOperation.java b/jans-client-api/server/src/main/java/io/jans/ca/server/op/GetRequestObjectUriOperation.java index c7da998152e..d7822eaebc2 100644 --- a/jans-client-api/server/src/main/java/io/jans/ca/server/op/GetRequestObjectUriOperation.java +++ b/jans-client-api/server/src/main/java/io/jans/ca/server/op/GetRequestObjectUriOperation.java @@ -135,11 +135,6 @@ public Class getParameterClass() { return GetRequestObjectUriParams.class; } - @Override - public boolean isAuthorizationRequired() { - return true; - } - @Override public String getReturnType() { return MediaType.APPLICATION_JSON; diff --git a/jans-client-api/server/src/main/java/io/jans/ca/server/op/GetRpJwksOperation.java b/jans-client-api/server/src/main/java/io/jans/ca/server/op/GetRpJwksOperation.java index 5a67f195a88..0c87d83061d 100644 --- a/jans-client-api/server/src/main/java/io/jans/ca/server/op/GetRpJwksOperation.java +++ b/jans-client-api/server/src/main/java/io/jans/ca/server/op/GetRpJwksOperation.java @@ -34,11 +34,6 @@ public Class getParameterClass() { return GetJwksParams.class; } - @Override - public boolean isAuthorizationRequired() { - return false; - } - @Override public String getReturnType() { return MediaType.APPLICATION_JSON; diff --git a/jans-client-api/server/src/main/java/io/jans/ca/server/op/GetRpOperation.java b/jans-client-api/server/src/main/java/io/jans/ca/server/op/GetRpOperation.java index 712b47b2114..9b7ce5135ae 100644 --- a/jans-client-api/server/src/main/java/io/jans/ca/server/op/GetRpOperation.java +++ b/jans-client-api/server/src/main/java/io/jans/ca/server/op/GetRpOperation.java @@ -50,11 +50,6 @@ public Class getParameterClass() { return GetRpParams.class; } - @Override - public boolean isAuthorizationRequired() { - return false; - } - @Override public String getReturnType() { return MediaType.APPLICATION_JSON; diff --git a/jans-client-api/server/src/main/java/io/jans/ca/server/op/GetTokensByCodeOperation.java b/jans-client-api/server/src/main/java/io/jans/ca/server/op/GetTokensByCodeOperation.java index 1c78f8b4961..8348a9ffd79 100644 --- a/jans-client-api/server/src/main/java/io/jans/ca/server/op/GetTokensByCodeOperation.java +++ b/jans-client-api/server/src/main/java/io/jans/ca/server/op/GetTokensByCodeOperation.java @@ -154,11 +154,6 @@ public Class getParameterClass() { return GetTokensByCodeParams.class; } - @Override - public boolean isAuthorizationRequired() { - return true; - } - @Override public String getReturnType() { return MediaType.APPLICATION_JSON; diff --git a/jans-client-api/server/src/main/java/io/jans/ca/server/op/GetUserInfoOperation.java b/jans-client-api/server/src/main/java/io/jans/ca/server/op/GetUserInfoOperation.java index 9c75f7a1f02..7987e0ba158 100644 --- a/jans-client-api/server/src/main/java/io/jans/ca/server/op/GetUserInfoOperation.java +++ b/jans-client-api/server/src/main/java/io/jans/ca/server/op/GetUserInfoOperation.java @@ -83,11 +83,6 @@ public Class getParameterClass() { return GetUserInfoParams.class; } - @Override - public boolean isAuthorizationRequired() { - return true; - } - @Override public String getReturnType() { return MediaType.APPLICATION_JSON; diff --git a/jans-client-api/server/src/main/java/io/jans/ca/server/op/IOperation.java b/jans-client-api/server/src/main/java/io/jans/ca/server/op/IOperation.java index 510030206d8..8ce23296f59 100644 --- a/jans-client-api/server/src/main/java/io/jans/ca/server/op/IOperation.java +++ b/jans-client-api/server/src/main/java/io/jans/ca/server/op/IOperation.java @@ -18,7 +18,5 @@ public interface IOperation { Class getParameterClass(); - boolean isAuthorizationRequired(); - String getReturnType(); } diff --git a/jans-client-api/server/src/main/java/io/jans/ca/server/op/ImplicitFlowOperation.java b/jans-client-api/server/src/main/java/io/jans/ca/server/op/ImplicitFlowOperation.java index 9e6cbd7acf0..5d2ae4a7213 100644 --- a/jans-client-api/server/src/main/java/io/jans/ca/server/op/ImplicitFlowOperation.java +++ b/jans-client-api/server/src/main/java/io/jans/ca/server/op/ImplicitFlowOperation.java @@ -107,11 +107,6 @@ public Class getParameterClass() { return ImplicitFlowParams.class; } - @Override - public boolean isAuthorizationRequired() { - return true; - } - @Override public String getReturnType() { return MediaType.APPLICATION_JSON; diff --git a/jans-client-api/server/src/main/java/io/jans/ca/server/op/IntrospectAccessTokenOperation.java b/jans-client-api/server/src/main/java/io/jans/ca/server/op/IntrospectAccessTokenOperation.java index abe7c5eb438..401697fe538 100644 --- a/jans-client-api/server/src/main/java/io/jans/ca/server/op/IntrospectAccessTokenOperation.java +++ b/jans-client-api/server/src/main/java/io/jans/ca/server/op/IntrospectAccessTokenOperation.java @@ -35,11 +35,6 @@ public Class getParameterClass() { return IntrospectAccessTokenParams.class; } - @Override - public boolean isAuthorizationRequired() { - return true; - } - @Override public String getReturnType() { return MediaType.APPLICATION_JSON; diff --git a/jans-client-api/server/src/main/java/io/jans/ca/server/op/IntrospectRptOperation.java b/jans-client-api/server/src/main/java/io/jans/ca/server/op/IntrospectRptOperation.java index a08c15a2c86..4fa3e5ec319 100644 --- a/jans-client-api/server/src/main/java/io/jans/ca/server/op/IntrospectRptOperation.java +++ b/jans-client-api/server/src/main/java/io/jans/ca/server/op/IntrospectRptOperation.java @@ -31,11 +31,6 @@ public Class getParameterClass() { return IntrospectRptParams.class; } - @Override - public boolean isAuthorizationRequired() { - return true; - } - @Override public String getReturnType() { return MediaType.APPLICATION_JSON; diff --git a/jans-client-api/server/src/main/java/io/jans/ca/server/op/RegisterSiteOperation.java b/jans-client-api/server/src/main/java/io/jans/ca/server/op/RegisterSiteOperation.java index 31f51aebec3..cfde623614c 100644 --- a/jans-client-api/server/src/main/java/io/jans/ca/server/op/RegisterSiteOperation.java +++ b/jans-client-api/server/src/main/java/io/jans/ca/server/op/RegisterSiteOperation.java @@ -95,11 +95,6 @@ public Class getParameterClass() { return RegisterSiteParams.class; } - @Override - public boolean isAuthorizationRequired() { - return false; - } - @Override public String getReturnType() { return MediaType.APPLICATION_JSON; diff --git a/jans-client-api/server/src/main/java/io/jans/ca/server/op/RemoveSiteOperation.java b/jans-client-api/server/src/main/java/io/jans/ca/server/op/RemoveSiteOperation.java index e42da884c2a..1aaad233040 100644 --- a/jans-client-api/server/src/main/java/io/jans/ca/server/op/RemoveSiteOperation.java +++ b/jans-client-api/server/src/main/java/io/jans/ca/server/op/RemoveSiteOperation.java @@ -33,11 +33,6 @@ public Class getParameterClass() { return RemoveSiteParams.class; } - @Override - public boolean isAuthorizationRequired() { - return false; - } - @Override public String getReturnType() { return MediaType.APPLICATION_JSON; diff --git a/jans-client-api/server/src/main/java/io/jans/ca/server/op/RpGetGetClaimsGatheringUrlOperation.java b/jans-client-api/server/src/main/java/io/jans/ca/server/op/RpGetGetClaimsGatheringUrlOperation.java index 556b59219ca..1b31b8cc7ed 100644 --- a/jans-client-api/server/src/main/java/io/jans/ca/server/op/RpGetGetClaimsGatheringUrlOperation.java +++ b/jans-client-api/server/src/main/java/io/jans/ca/server/op/RpGetGetClaimsGatheringUrlOperation.java @@ -70,11 +70,6 @@ public Class getParameterClass() { return RpGetClaimsGatheringUrlParams.class; } - @Override - public boolean isAuthorizationRequired() { - return true; - } - @Override public String getReturnType() { return MediaType.APPLICATION_JSON; diff --git a/jans-client-api/server/src/main/java/io/jans/ca/server/op/RpGetRptOperation.java b/jans-client-api/server/src/main/java/io/jans/ca/server/op/RpGetRptOperation.java index a63237b86a3..b7c21e3b552 100644 --- a/jans-client-api/server/src/main/java/io/jans/ca/server/op/RpGetRptOperation.java +++ b/jans-client-api/server/src/main/java/io/jans/ca/server/op/RpGetRptOperation.java @@ -51,11 +51,6 @@ public Class getParameterClass() { return RpGetRptParams.class; } - @Override - public boolean isAuthorizationRequired() { - return true; - } - @Override public String getReturnType() { return MediaType.APPLICATION_JSON; diff --git a/jans-client-api/server/src/main/java/io/jans/ca/server/op/RsCheckAccessOperation.java b/jans-client-api/server/src/main/java/io/jans/ca/server/op/RsCheckAccessOperation.java index eb142e9500c..ee750b8cc09 100644 --- a/jans-client-api/server/src/main/java/io/jans/ca/server/op/RsCheckAccessOperation.java +++ b/jans-client-api/server/src/main/java/io/jans/ca/server/op/RsCheckAccessOperation.java @@ -136,11 +136,6 @@ public Class getParameterClass() { return RsCheckAccessParams.class; } - @Override - public boolean isAuthorizationRequired() { - return true; - } - @Override public String getReturnType() { return MediaType.APPLICATION_JSON; diff --git a/jans-client-api/server/src/main/java/io/jans/ca/server/op/RsModifyOperation.java b/jans-client-api/server/src/main/java/io/jans/ca/server/op/RsModifyOperation.java index 6da36502179..740e36ee208 100644 --- a/jans-client-api/server/src/main/java/io/jans/ca/server/op/RsModifyOperation.java +++ b/jans-client-api/server/src/main/java/io/jans/ca/server/op/RsModifyOperation.java @@ -178,11 +178,6 @@ public Class getParameterClass() { return RsModifyParams.class; } - @Override - public boolean isAuthorizationRequired() { - return true; - } - @Override public String getReturnType() { return MediaType.APPLICATION_JSON; diff --git a/jans-client-api/server/src/main/java/io/jans/ca/server/op/RsProtectOperation.java b/jans-client-api/server/src/main/java/io/jans/ca/server/op/RsProtectOperation.java index 381020a6022..168718e33b5 100644 --- a/jans-client-api/server/src/main/java/io/jans/ca/server/op/RsProtectOperation.java +++ b/jans-client-api/server/src/main/java/io/jans/ca/server/op/RsProtectOperation.java @@ -102,11 +102,6 @@ public Class getParameterClass() { return RsProtectParams.class; } - @Override - public boolean isAuthorizationRequired() { - return true; - } - @Override public String getReturnType() { return MediaType.APPLICATION_JSON; diff --git a/jans-client-api/server/src/main/java/io/jans/ca/server/op/UpdateSiteOperation.java b/jans-client-api/server/src/main/java/io/jans/ca/server/op/UpdateSiteOperation.java index c41e342efff..949ded26f85 100644 --- a/jans-client-api/server/src/main/java/io/jans/ca/server/op/UpdateSiteOperation.java +++ b/jans-client-api/server/src/main/java/io/jans/ca/server/op/UpdateSiteOperation.java @@ -64,11 +64,6 @@ public Class getParameterClass() { return UpdateSiteParams.class; } - @Override - public boolean isAuthorizationRequired() { - return false; - } - @Override public String getReturnType() { return MediaType.APPLICATION_JSON; diff --git a/jans-client-api/server/src/main/java/io/jans/ca/server/op/ValidateOperation.java b/jans-client-api/server/src/main/java/io/jans/ca/server/op/ValidateOperation.java index 000885f292a..f3fe1cc6d1f 100644 --- a/jans-client-api/server/src/main/java/io/jans/ca/server/op/ValidateOperation.java +++ b/jans-client-api/server/src/main/java/io/jans/ca/server/op/ValidateOperation.java @@ -61,11 +61,6 @@ public Class getParameterClass() { return ValidateParams.class; } - @Override - public boolean isAuthorizationRequired() { - return true; - } - @Override public String getReturnType() { return MediaType.APPLICATION_JSON; diff --git a/jans-client-api/server/src/main/java/io/jans/ca/server/rest/OAuth20Resource.java b/jans-client-api/server/src/main/java/io/jans/ca/server/rest/OAuth20Resource.java index 6f472fd77e0..4b4d67e42dc 100644 --- a/jans-client-api/server/src/main/java/io/jans/ca/server/rest/OAuth20Resource.java +++ b/jans-client-api/server/src/main/java/io/jans/ca/server/rest/OAuth20Resource.java @@ -136,7 +136,6 @@ public Response checkIdToken(String params) { } @POST - @ProtectedApi @Path("/get-issuer") @Produces(MediaType.APPLICATION_JSON) @Consumes(MediaType.APPLICATION_JSON) diff --git a/jans-client-api/server/src/main/java/io/jans/ca/server/security/service/ClientApiAuthorizationService.java b/jans-client-api/server/src/main/java/io/jans/ca/server/security/service/ClientApiAuthorizationService.java index 8cf767783e8..7ace631433b 100644 --- a/jans-client-api/server/src/main/java/io/jans/ca/server/security/service/ClientApiAuthorizationService.java +++ b/jans-client-api/server/src/main/java/io/jans/ca/server/security/service/ClientApiAuthorizationService.java @@ -70,7 +70,8 @@ public String processAuthorization(String path, String method, String remoteAddr private void validateAuthorizationRpId(ApiAppConfiguration conf, String authorizationRpId) { if (Util.isNullOrEmpty(authorizationRpId)) { - return; + LOG.debug("`AuthorizationRpId` header is null or Empty"); + throw new HttpException(ErrorResponseCode.AUTHORIZATION_RP_ID_HEADER_NOT_FOUND); } final Rp rp = rpSyncService.getRp(authorizationRpId); @@ -109,11 +110,7 @@ private void validateAccessToken(String authorization, String authorizationRpId) LOG.debug("No access token provided in Authorization header. Forbidden."); throw new HttpException(ErrorResponseCode.BLANK_ACCESS_TOKEN); } - if (!Util.isNullOrEmpty(authorizationRpId)) { - validationService.validateAccessToken(accessToken, authorizationRpId); - } else { - LOG.warn("No RpId provided in AuthorizationRpId header. Forbidden."); - } + validationService.validateAccessToken(accessToken, authorizationRpId); } } \ No newline at end of file diff --git a/jans-client-api/server/src/test/java/io/jans/ca/server/tests/AuthorizationCodeFlowTest.java b/jans-client-api/server/src/test/java/io/jans/ca/server/tests/AuthorizationCodeFlowTest.java index bd6232c74e7..bb47f2ceaa6 100644 --- a/jans-client-api/server/src/test/java/io/jans/ca/server/tests/AuthorizationCodeFlowTest.java +++ b/jans-client-api/server/src/test/java/io/jans/ca/server/tests/AuthorizationCodeFlowTest.java @@ -45,7 +45,7 @@ public void test(String host, String opHost, String redirectUrls, String clientI params.setUserSecret(userSecret); String strAuthorization = Tester.getAuthorization(hostTargetURL, site); - final AuthorizationCodeFlowResponse resp = client.authorizationCodeFlow(strAuthorization, null, params); + final AuthorizationCodeFlowResponse resp = client.authorizationCodeFlow(strAuthorization, params.getRpId(), params); assertNotNull(resp); TestUtils.notEmpty(resp.getAccessToken()); diff --git a/jans-client-api/server/src/test/java/io/jans/ca/server/tests/CheckAccessTokenTest.java b/jans-client-api/server/src/test/java/io/jans/ca/server/tests/CheckAccessTokenTest.java index 07a42a25d31..4664a9e6631 100644 --- a/jans-client-api/server/src/test/java/io/jans/ca/server/tests/CheckAccessTokenTest.java +++ b/jans-client-api/server/src/test/java/io/jans/ca/server/tests/CheckAccessTokenTest.java @@ -43,7 +43,7 @@ public void test(String host, String redirectUrls, String userId, String userSec params.setRpId(site.getRpId()); String strAuthorization = Tester.getAuthorization(hostTargetURL, site); - final CheckAccessTokenResponse checkR = client.checkAccessToken(strAuthorization, null, params); + final CheckAccessTokenResponse checkR = client.checkAccessToken(strAuthorization, params.getRpId(), params); assertNotNull(checkR); assertTrue(checkR.isActive()); assertNotNull(checkR.getExpiresAt()); diff --git a/jans-client-api/server/src/test/java/io/jans/ca/server/tests/CheckIdTokenTest.java b/jans-client-api/server/src/test/java/io/jans/ca/server/tests/CheckIdTokenTest.java index c986eca2eb6..7e2eb65a90a 100644 --- a/jans-client-api/server/src/test/java/io/jans/ca/server/tests/CheckIdTokenTest.java +++ b/jans-client-api/server/src/test/java/io/jans/ca/server/tests/CheckIdTokenTest.java @@ -46,7 +46,7 @@ public void test(String host, String opHost, String redirectUrls, String userId, params.setNonce(nonce); String strAuthorization = Tester.getAuthorization(hostTargetURL, site); - final CheckIdTokenResponse checkR = client.checkIdToken(strAuthorization, null, params); + final CheckIdTokenResponse checkR = client.checkIdToken(strAuthorization, params.getRpId(), params); assertNotNull(checkR); assertTrue(checkR.isActive()); assertNotNull(checkR.getExpiresAt()); diff --git a/jans-client-api/server/src/test/java/io/jans/ca/server/tests/DifferentAuthServerTest.java b/jans-client-api/server/src/test/java/io/jans/ca/server/tests/DifferentAuthServerTest.java index 6cd06131f97..35856b75edb 100644 --- a/jans-client-api/server/src/test/java/io/jans/ca/server/tests/DifferentAuthServerTest.java +++ b/jans-client-api/server/src/test/java/io/jans/ca/server/tests/DifferentAuthServerTest.java @@ -27,7 +27,7 @@ import static org.testng.Assert.assertTrue; import static org.testng.AssertJUnit.assertNotNull; -//Set `protect_commands_with_access_token` field to true in client-api-server.yml file +//Set `protect_commands_with_access_token` field to true in config register public class DifferentAuthServerTest extends BaseTest { @ArquillianResource diff --git a/jans-client-api/server/src/test/java/io/jans/ca/server/tests/GetAuthorizationUrlTest.java b/jans-client-api/server/src/test/java/io/jans/ca/server/tests/GetAuthorizationUrlTest.java index d9940ec7b4b..753fd8a6b03 100644 --- a/jans-client-api/server/src/test/java/io/jans/ca/server/tests/GetAuthorizationUrlTest.java +++ b/jans-client-api/server/src/test/java/io/jans/ca/server/tests/GetAuthorizationUrlTest.java @@ -37,7 +37,7 @@ public void test(String host, String redirectUrls, String opHost) { final GetAuthorizationUrlParams commandParams = new GetAuthorizationUrlParams(); commandParams.setRpId(site.getRpId()); - final GetAuthorizationUrlResponse resp = client.getAuthorizationUrl(Tester.getAuthorization(getApiTagetURL(url), site), null, commandParams); + final GetAuthorizationUrlResponse resp = client.getAuthorizationUrl(Tester.getAuthorization(getApiTagetURL(url), site), commandParams.getRpId(), commandParams); assertNotNull(resp); notEmpty(resp.getAuthorizationUrl()); } @@ -53,7 +53,7 @@ public void testWithParameterAuthorizationUrl(String host, String opHost, String commandParams.setRpId(site.getRpId()); commandParams.setRedirectUri(paramRedirectUrl); - final GetAuthorizationUrlResponse resp = client.getAuthorizationUrl(Tester.getAuthorization(getApiTagetURL(url), site), null, commandParams); + final GetAuthorizationUrlResponse resp = client.getAuthorizationUrl(Tester.getAuthorization(getApiTagetURL(url), site), commandParams.getRpId(), commandParams); assertNotNull(resp); notEmpty(resp.getAuthorizationUrl()); assertTrue(resp.getAuthorizationUrl().contains(paramRedirectUrl)); @@ -69,7 +69,7 @@ public void testWithResponseType(String host, String redirectUrls, String opHost commandParams.setRpId(site.getRpId()); commandParams.setResponseTypes(Lists.newArrayList("code", "token")); - final GetAuthorizationUrlResponse resp = client.getAuthorizationUrl(Tester.getAuthorization(getApiTagetURL(url), site), null, commandParams); + final GetAuthorizationUrlResponse resp = client.getAuthorizationUrl(Tester.getAuthorization(getApiTagetURL(url), site), commandParams.getRpId(), commandParams); assertNotNull(resp); notEmpty(resp.getAuthorizationUrl()); @@ -92,7 +92,7 @@ public void testWithParams(String host, String redirectUrls, String opHost) thro params.put("is_valid", "true"); commandParams.setParams(params); - final GetAuthorizationUrlResponse resp = client.getAuthorizationUrl(Tester.getAuthorization(getApiTagetURL(url), site), null, commandParams); + final GetAuthorizationUrlResponse resp = client.getAuthorizationUrl(Tester.getAuthorization(getApiTagetURL(url), site), commandParams.getRpId(), commandParams); notEmpty(resp.getAuthorizationUrl()); Map parameters = CoreUtils.splitQuery(resp.getAuthorizationUrl()); @@ -116,7 +116,7 @@ public void testWithCustomStateParameter(String host, String opHost, String redi commandParams.setRedirectUri(paramRedirectUrl); commandParams.setState(state); - final GetAuthorizationUrlResponse resp = client.getAuthorizationUrl(Tester.getAuthorization(getApiTagetURL(url), site), null, commandParams); + final GetAuthorizationUrlResponse resp = client.getAuthorizationUrl(Tester.getAuthorization(getApiTagetURL(url), site), commandParams.getRpId(), commandParams); assertNotNull(resp); notEmpty(resp.getAuthorizationUrl()); assertTrue(resp.getAuthorizationUrl().contains(paramRedirectUrl)); @@ -137,7 +137,7 @@ public void testWithNonceParameter(String host, String opHost, String redirectUr commandParams.setRedirectUri(paramRedirectUrl); commandParams.setNonce("dummy_nonce"); - final GetAuthorizationUrlResponse resp = client.getAuthorizationUrl(Tester.getAuthorization(getApiTagetURL(url), site), null, commandParams); + final GetAuthorizationUrlResponse resp = client.getAuthorizationUrl(Tester.getAuthorization(getApiTagetURL(url), site), commandParams.getRpId(), commandParams); assertNotNull(resp); notEmpty(resp.getAuthorizationUrl()); assertTrue(resp.getAuthorizationUrl().contains(paramRedirectUrl)); diff --git a/jans-client-api/server/src/test/java/io/jans/ca/server/tests/GetLogoutUrlTest.java b/jans-client-api/server/src/test/java/io/jans/ca/server/tests/GetLogoutUrlTest.java index dc566e5c497..1bfb178a330 100644 --- a/jans-client-api/server/src/test/java/io/jans/ca/server/tests/GetLogoutUrlTest.java +++ b/jans-client-api/server/src/test/java/io/jans/ca/server/tests/GetLogoutUrlTest.java @@ -37,7 +37,7 @@ public void test(String host, String opHost, String redirectUrls, String postLog params.setState(UUID.randomUUID().toString()); params.setSessionState(UUID.randomUUID().toString()); // here must be real session instead of dummy UUID - final GetLogoutUriResponse resp = client.getLogoutUri(Tester.getAuthorization(getApiTagetURL(url), site), null, params); + final GetLogoutUriResponse resp = client.getLogoutUri(Tester.getAuthorization(getApiTagetURL(url), site), params.getRpId(), params); assertNotNull(resp); assertTrue(resp.getUri().contains(URLEncoder.encode(postLogoutRedirectUrl, "UTF-8"))); } diff --git a/jans-client-api/server/src/test/java/io/jans/ca/server/tests/GetRequestUriTest.java b/jans-client-api/server/src/test/java/io/jans/ca/server/tests/GetRequestUriTest.java index 600faddcc3b..3d1e131712d 100644 --- a/jans-client-api/server/src/test/java/io/jans/ca/server/tests/GetRequestUriTest.java +++ b/jans-client-api/server/src/test/java/io/jans/ca/server/tests/GetRequestUriTest.java @@ -46,7 +46,7 @@ public void test(String host, String redirectUrls, String opHost) { GetRequestObjectUriParams getRequestUriParams = new GetRequestObjectUriParams(); getRequestUriParams.setRpId(site.getRpId()); getRequestUriParams.setRpHostUrl(hostTargetURL); - GetRequestObjectUriResponse getRequestUriResponse = client.getRequestObjectUri(strAuthorization, null, getRequestUriParams); + GetRequestObjectUriResponse getRequestUriResponse = client.getRequestObjectUri(strAuthorization, getRequestUriParams.getRpId(), getRequestUriParams); assertNotNull(getRequestUriResponse.getRequestUri()); //Get Request object String requestObjectId = getRequestUriResponse.getRequestUri().substring(getRequestUriResponse.getRequestUri().lastIndexOf('/') + 1); @@ -58,7 +58,7 @@ public void test(String host, String redirectUrls, String opHost) { final GetAuthorizationUrlParams commandParams = new GetAuthorizationUrlParams(); commandParams.setRpId(site.getRpId()); commandParams.setParams(paramsMap); - final GetAuthorizationUrlResponse resp = client.getAuthorizationUrl(strAuthorization, null, commandParams); + final GetAuthorizationUrlResponse resp = client.getAuthorizationUrl(strAuthorization, commandParams.getRpId(), commandParams); assertNotNull(resp); TestUtils.notEmpty(resp.getAuthorizationUrl()); } diff --git a/jans-client-api/server/src/test/java/io/jans/ca/server/tests/GetTokensByCodeTest.java b/jans-client-api/server/src/test/java/io/jans/ca/server/tests/GetTokensByCodeTest.java index 280ef7babdd..1f4aca6c9ba 100644 --- a/jans-client-api/server/src/test/java/io/jans/ca/server/tests/GetTokensByCodeTest.java +++ b/jans-client-api/server/src/test/java/io/jans/ca/server/tests/GetTokensByCodeTest.java @@ -171,7 +171,7 @@ public static GetClientTokenResponse refreshToken(GetTokensByCodeResponse2 resp, refreshParams.setScope(Lists.newArrayList("openid", "jans_client_api")); refreshParams.setRefreshToken(resp.getRefreshToken()); - GetClientTokenResponse refreshResponse = client.getAccessTokenByRefreshToken(Tester.getAuthorization(client.getApitargetURL(), site), null, refreshParams); + GetClientTokenResponse refreshResponse = client.getAccessTokenByRefreshToken(Tester.getAuthorization(client.getApitargetURL(), site), refreshParams.getRpId(), refreshParams); assertNotNull(refreshResponse); notEmpty(refreshResponse.getAccessToken()); @@ -222,7 +222,7 @@ public static GetTokensByCodeResponse2 tokenByInvalidCode(ClientInterface client GetTokensByCodeResponse2 resp = null; - resp = client.getTokenByCode(Tester.getAuthorization(client.getApitargetURL(), site), null, params); + resp = client.getTokenByCode(Tester.getAuthorization(client.getApitargetURL(), site), params.getRpId(), params); assertNotNull(resp); assertEquals(resp.getError(), "bad_request"); assertEquals(resp.getErrorDescription(), "'state' is not registered."); @@ -231,7 +231,7 @@ public static GetTokensByCodeResponse2 tokenByInvalidCode(ClientInterface client } public static String codeRequest(ClientInterface client, String opHost, RegisterSiteResponse site, String userId, String userSecret, String clientId, String redirectUrls, String state, String nonce) { - return codeRequest(client, opHost, site, userId, userSecret, clientId, redirectUrls, state, nonce, null, null); + return codeRequest(client, opHost, site, userId, userSecret, clientId, redirectUrls, state, nonce, null, site.getRpId()); } public static String codeRequest(ClientInterface client, String opHost, RegisterSiteResponse site, String userId, String userSecret, String clientId, String redirectUrls, String state, String nonce, String accessToken, String authorizationRpId) { diff --git a/jans-client-api/server/src/test/java/io/jans/ca/server/tests/GetUserInfoTest.java b/jans-client-api/server/src/test/java/io/jans/ca/server/tests/GetUserInfoTest.java index 55cb7f65e9e..37200948164 100644 --- a/jans-client-api/server/src/test/java/io/jans/ca/server/tests/GetUserInfoTest.java +++ b/jans-client-api/server/src/test/java/io/jans/ca/server/tests/GetUserInfoTest.java @@ -41,7 +41,7 @@ public void test(String host, String opHost, String redirectUrls, String userId, params.setAccessToken(tokens.getAccessToken()); params.setIdToken(tokens.getIdToken()); - final JsonNode resp = client.getUserInfo(Tester.getAuthorization(client.getApitargetURL(), site), null, params); + final JsonNode resp = client.getUserInfo(Tester.getAuthorization(client.getApitargetURL(), site), params.getRpId(), params); assertNotNull(resp); assertNotNull(resp.get("sub")); } @@ -55,7 +55,7 @@ private GetTokensByCodeResponse2 requestTokens(ClientInterface client, String op params.setCode(GetTokensByCodeTest.codeRequest(client, opHost, site, userId, userSecret, clientId, redirectUrls, state, nonce)); params.setState(state); - final GetTokensByCodeResponse2 resp = client.getTokenByCode(Tester.getAuthorization(client.getApitargetURL(), site), null, params); + final GetTokensByCodeResponse2 resp = client.getTokenByCode(Tester.getAuthorization(client.getApitargetURL(), site), params.getRpId(), params); assertNotNull(resp); notEmpty(resp.getAccessToken()); notEmpty(resp.getIdToken()); diff --git a/jans-client-api/server/src/test/java/io/jans/ca/server/tests/IntrospectAccessTokenTest.java b/jans-client-api/server/src/test/java/io/jans/ca/server/tests/IntrospectAccessTokenTest.java index edd34b5897e..72f0a623e6b 100644 --- a/jans-client-api/server/src/test/java/io/jans/ca/server/tests/IntrospectAccessTokenTest.java +++ b/jans-client-api/server/src/test/java/io/jans/ca/server/tests/IntrospectAccessTokenTest.java @@ -50,7 +50,7 @@ public void introspectAccessToken(String host, String opHost, String redirectUrl introspectParams.setRpId(setupResponse.getRpId()); introspectParams.setAccessToken(tokenResponse.getAccessToken()); - IntrospectAccessTokenResponse introspectionResponse = client.introspectAccessToken("Bearer " + tokenResponse.getAccessToken(), null, introspectParams); + IntrospectAccessTokenResponse introspectionResponse = client.introspectAccessToken("Bearer " + tokenResponse.getAccessToken(), introspectParams.getRpId(), introspectParams); assertNotNull(introspectionResponse); assertTrue(introspectionResponse.isActive()); diff --git a/jans-client-api/server/src/test/java/io/jans/ca/server/tests/IntrospectRptTest.java b/jans-client-api/server/src/test/java/io/jans/ca/server/tests/IntrospectRptTest.java index 883b208f362..dc71ec67771 100644 --- a/jans-client-api/server/src/test/java/io/jans/ca/server/tests/IntrospectRptTest.java +++ b/jans-client-api/server/src/test/java/io/jans/ca/server/tests/IntrospectRptTest.java @@ -37,7 +37,7 @@ public void test(String host, String opHost, String redirectUrls, String rsProte params.setRpId(site.getRpId()); params.setRpt(rptResponse.getRpt()); - final CorrectRptIntrospectionResponse response = client.introspectRpt(Tester.getAuthorization(client.getApitargetURL(), site), null, params); + final CorrectRptIntrospectionResponse response = client.introspectRpt(Tester.getAuthorization(client.getApitargetURL(), site), params.getRpId(), params); assertNotNull(response); assertTrue(response.getActive()); diff --git a/jans-client-api/server/src/test/java/io/jans/ca/server/tests/RpGetRptTest.java b/jans-client-api/server/src/test/java/io/jans/ca/server/tests/RpGetRptTest.java index 4ffb95be692..d3b97e95072 100644 --- a/jans-client-api/server/src/test/java/io/jans/ca/server/tests/RpGetRptTest.java +++ b/jans-client-api/server/src/test/java/io/jans/ca/server/tests/RpGetRptTest.java @@ -84,7 +84,7 @@ public static RpGetRptResponse requestRpt(ClientInterface client, RegisterSiteRe params.setRpId(site.getRpId()); params.setTicket(checkAccess.getTicket()); - final RpGetRptResponse response = client.umaRpGetRpt(Tester.getAuthorization(client.getApitargetURL(), site), null, params); + final RpGetRptResponse response = client.umaRpGetRpt(Tester.getAuthorization(client.getApitargetURL(), site), params.getRpId(), params); assertNotNull(response); assertTrue(StringUtils.isNotBlank(response.getRpt())); diff --git a/jans-client-api/server/src/test/java/io/jans/ca/server/tests/RsCheckAccessTest.java b/jans-client-api/server/src/test/java/io/jans/ca/server/tests/RsCheckAccessTest.java index 9448af17b07..649d28a5476 100644 --- a/jans-client-api/server/src/test/java/io/jans/ca/server/tests/RsCheckAccessTest.java +++ b/jans-client-api/server/src/test/java/io/jans/ca/server/tests/RsCheckAccessTest.java @@ -72,7 +72,7 @@ public static RsCheckAccessResponse checkAccess(ClientInterface client, Register params.setRpt("dummy"); params.setScopes(scopeList); - final RsCheckAccessResponse response = client.umaRsCheckAccess(Tester.getAuthorization(client.getApitargetURL(), site), null, params); + final RsCheckAccessResponse response = client.umaRsCheckAccess(Tester.getAuthorization(client.getApitargetURL(), site), params.getRpId(), params); assertNotNull(response); assertTrue(StringUtils.isNotBlank(response.getAccess())); @@ -87,7 +87,7 @@ public static void checkAccessWithIncorrectScopes(ClientInterface client, Regist params.setRpt("dummy"); params.setScopes(scopeList); try { - RsCheckAccessResponse r = client.umaRsCheckAccess(Tester.getAuthorization(client.getApitargetURL(), site), null, params); + RsCheckAccessResponse r = client.umaRsCheckAccess(Tester.getAuthorization(client.getApitargetURL(), site), params.getRpId(), params); assertNotNull(r); assertNotNull(r.getError()); diff --git a/jans-client-api/server/src/test/java/io/jans/ca/server/tests/RsModifyTest.java b/jans-client-api/server/src/test/java/io/jans/ca/server/tests/RsModifyTest.java index d55ea5efbb3..a071594ed73 100644 --- a/jans-client-api/server/src/test/java/io/jans/ca/server/tests/RsModifyTest.java +++ b/jans-client-api/server/src/test/java/io/jans/ca/server/tests/RsModifyTest.java @@ -58,7 +58,7 @@ public static RsModifyResponse modifyResourcesWithScopes(ClientInterface client, params2.setScopes(Lists.newArrayList("http://photoz.example.com/dev/actions/see")); String strAuthorization = Tester.getAuthorization(client.getApitargetURL(), site); - RsModifyResponse response = client.umaRsModify(strAuthorization, null, params2); + RsModifyResponse response = client.umaRsModify(strAuthorization, params2.getRpId(), params2); assertNotNull(response.getRpId()); return response; } @@ -72,7 +72,7 @@ public static RsModifyResponse modifyResourcesWithScopeExpression(ClientInterfac params2.setScopeExpression(correctScopeExpression.replaceAll("'", "\"")); String strAuthorization = Tester.getAuthorization(client.getApitargetURL(), site); - RsModifyResponse response = client.umaRsModify(strAuthorization, null, params2); + RsModifyResponse response = client.umaRsModify(strAuthorization, params2.getRpId(), params2); assertNotNull(response.getRpId()); return response; } diff --git a/jans-client-api/server/src/test/java/io/jans/ca/server/tests/RsProtectTest.java b/jans-client-api/server/src/test/java/io/jans/ca/server/tests/RsProtectTest.java index 2e9b355d672..23c0b79e7ed 100644 --- a/jans-client-api/server/src/test/java/io/jans/ca/server/tests/RsProtectTest.java +++ b/jans-client-api/server/src/test/java/io/jans/ca/server/tests/RsProtectTest.java @@ -73,7 +73,7 @@ public void overwriteFalse(String host, String redirectUrls, String opHost, Stri final RsProtectParams2 params = new RsProtectParams2(); params.setRpId(site.getRpId()); params.setResources(Jackson2.createJsonMapper().readTree(Jackson2.asJsonSilently(resources))); - RsProtectResponse r = client.umaRsProtect(Tester.getAuthorization(getApiTagetURL(url), site), null, params); + RsProtectResponse r = client.umaRsProtect(Tester.getAuthorization(getApiTagetURL(url), site), params.getRpId(), params); assertNotNull(r); assertEquals(r.getError(), "uma_protection_exists"); } @@ -93,7 +93,7 @@ public void overwriteTrue(String host, String redirectUrls, String opHost, Strin params.setResources(Jackson2.createJsonMapper().readTree(Jackson2.asJsonSilently(resources))); params.setOverwrite(true); // force overwrite - RsProtectResponse response = client.umaRsProtect(Tester.getAuthorization(getApiTagetURL(url), site), null, params); + RsProtectResponse response = client.umaRsProtect(Tester.getAuthorization(getApiTagetURL(url), site), params.getRpId(), params); assertNotNull(response); } @@ -123,7 +123,7 @@ public void protectWithScopeExpressionSeconds(String host, String redirectUrls, params.setPath("/GetAll"); params.setRpt(""); - final RsCheckAccessResponse response = client.umaRsCheckAccess(Tester.getAuthorization(getApiTagetURL(url), site), null, params); + final RsCheckAccessResponse response = client.umaRsCheckAccess(Tester.getAuthorization(getApiTagetURL(url), site), params.getRpId(), params); assertNotNull(response); assertTrue(StringUtils.isNotBlank(response.getAccess())); @@ -138,7 +138,7 @@ public static RsProtectResponse protectResources(ClientInterface client, Registe e.printStackTrace(); } - final RsProtectResponse resp = client.umaRsProtect(Tester.getAuthorization(client.getApitargetURL(), site), null, params); + final RsProtectResponse resp = client.umaRsProtect(Tester.getAuthorization(client.getApitargetURL(), site), params.getRpId(), params); assertNotNull(resp); return resp; } diff --git a/jans-client-api/server/src/test/java/io/jans/ca/server/tests/UmaFullTest.java b/jans-client-api/server/src/test/java/io/jans/ca/server/tests/UmaFullTest.java index 84bbc0ec50e..536b9d03fdb 100644 --- a/jans-client-api/server/src/test/java/io/jans/ca/server/tests/UmaFullTest.java +++ b/jans-client-api/server/src/test/java/io/jans/ca/server/tests/UmaFullTest.java @@ -46,7 +46,7 @@ public void test(String host, String redirectUrls, String opHost, String rsProte params.setRpId(site.getRpId()); params.setTicket(checkAccess.getTicket()); - final RpGetRptResponse response = client.umaRpGetRpt(Tester.getAuthorization(client.getApitargetURL(), site), null, params); + final RpGetRptResponse response = client.umaRpGetRpt(Tester.getAuthorization(client.getApitargetURL(), site), params.getRpId(), params); assertNotNull(response); assertTrue(StringUtils.isNotBlank(response.getRpt())); @@ -72,7 +72,7 @@ public void testWithInvalidTicket(String host, String redirectUrls, String opHos params.setRpId(site.getRpId()); params.setTicket(UUID.randomUUID().toString()); - RpGetRptResponse r = client.umaRpGetRpt(Tester.getAuthorization(client.getApitargetURL(), site), null, params); + RpGetRptResponse r = client.umaRpGetRpt(Tester.getAuthorization(client.getApitargetURL(), site), params.getRpId(), params); assertNotNull(r); assertEquals(r.getError(), "invalid_ticket"); } diff --git a/jans-client-api/server/src/test/java/io/jans/ca/server/tests/UmaGetClaimsGatheringUrlTest.java b/jans-client-api/server/src/test/java/io/jans/ca/server/tests/UmaGetClaimsGatheringUrlTest.java index ced577bd93f..665cc71a462 100644 --- a/jans-client-api/server/src/test/java/io/jans/ca/server/tests/UmaGetClaimsGatheringUrlTest.java +++ b/jans-client-api/server/src/test/java/io/jans/ca/server/tests/UmaGetClaimsGatheringUrlTest.java @@ -42,7 +42,7 @@ public void test(String host, String opHost, String paramRedirectUrl, String rsP params.setTicket(checkAccess.getTicket()); params.setClaimsRedirectUri(paramRedirectUrl); - final RpGetClaimsGatheringUrlResponse response = client.umaRpGetClaimsGatheringUrl(Tester.getAuthorization(client.getApitargetURL(), site), null, params); + final RpGetClaimsGatheringUrlResponse response = client.umaRpGetClaimsGatheringUrl(Tester.getAuthorization(client.getApitargetURL(), site), params.getRpId(), params); Map parameters = CoreUtils.splitQuery(response.getUrl()); @@ -74,7 +74,7 @@ public void test_withCustomParameter(String host, String opHost, String paramRed customParameterMap.put("param2", "value2"); params.setCustomParameters(customParameterMap); - final RpGetClaimsGatheringUrlResponse response = client.umaRpGetClaimsGatheringUrl(Tester.getAuthorization(client.getApitargetURL(), site), null, params); + final RpGetClaimsGatheringUrlResponse response = client.umaRpGetClaimsGatheringUrl(Tester.getAuthorization(client.getApitargetURL(), site), params.getRpId(), params); Map parameters = CoreUtils.splitQuery(response.getUrl()); @@ -104,7 +104,7 @@ public void test_withState(String host, String opHost, String paramRedirectUrl, params.setClaimsRedirectUri(paramRedirectUrl); params.setState(state); - final RpGetClaimsGatheringUrlResponse response = client.umaRpGetClaimsGatheringUrl(Tester.getAuthorization(client.getApitargetURL(), site), null, params); + final RpGetClaimsGatheringUrlResponse response = client.umaRpGetClaimsGatheringUrl(Tester.getAuthorization(client.getApitargetURL(), site), params.getRpId(), params); Map parameters = CoreUtils.splitQuery(response.getUrl()); diff --git a/jans-client-api/server/src/test/java/io/jans/ca/server/tests/UmaSpontaneousScopeTest.java b/jans-client-api/server/src/test/java/io/jans/ca/server/tests/UmaSpontaneousScopeTest.java index c1821650655..3d864228dd8 100644 --- a/jans-client-api/server/src/test/java/io/jans/ca/server/tests/UmaSpontaneousScopeTest.java +++ b/jans-client-api/server/src/test/java/io/jans/ca/server/tests/UmaSpontaneousScopeTest.java @@ -41,7 +41,7 @@ public void init(String host, String opHost, String paramRedirectUrl, String use params.setRpId(registerResponse.getRpId()); params.setRpt(response.getRpt()); - final CorrectRptIntrospectionResponse rptIntrospectionResponse = client.introspectRpt(Tester.getAuthorization(client.getApitargetURL(), registerResponse), null, params); + final CorrectRptIntrospectionResponse rptIntrospectionResponse = client.introspectRpt(Tester.getAuthorization(client.getApitargetURL(), registerResponse), params.getRpId(), params); rptIntrospectionResponse.getPermissions().forEach( permission -> { assertTrue(permission.getScopes().contains(USER_2_SCOPE)); diff --git a/jans-client-api/server/src/test/java/io/jans/ca/server/tests/UpdateSiteTest.java b/jans-client-api/server/src/test/java/io/jans/ca/server/tests/UpdateSiteTest.java index f86524270b7..bb7395926fd 100644 --- a/jans-client-api/server/src/test/java/io/jans/ca/server/tests/UpdateSiteTest.java +++ b/jans-client-api/server/src/test/java/io/jans/ca/server/tests/UpdateSiteTest.java @@ -69,7 +69,7 @@ public void update(String host, String opHost, String redirectUrls) throws IOExc updateParams.setScope(Lists.newArrayList("profile")); updateParams.setAcrValues(Lists.newArrayList("acrAfter")); - UpdateSiteResponse updateResponse = getClientInterface(url).updateSite(Tester.getAuthorization(getApiTagetURL(url), registerResponse), null, updateParams); + UpdateSiteResponse updateResponse = getClientInterface(url).updateSite(Tester.getAuthorization(getApiTagetURL(url), registerResponse), updateParams.getRpId(), updateParams); assertNotNull(updateResponse); String strAuthorization2 = Tester.getAuthorization(getApiTagetURL(url), registerResponse, updateParams.getScope()); @@ -81,13 +81,13 @@ public void update(String host, String opHost, String redirectUrls) throws IOExc public static Rp fetchRp(String apiTargetUrl, RegisterSiteResponse site) throws IOException { String strAuthorization = Tester.getAuthorization(apiTargetUrl, site); - final String rpAsJson = Tester.newClient(apiTargetUrl).getRp(strAuthorization, null, new GetRpParams(site.getRpId())); + final String rpAsJson = Tester.newClient(apiTargetUrl).getRp(strAuthorization, site.getRpId(), new GetRpParams(site.getRpId())); GetRpResponse resp = Jackson2.createJsonMapper().readValue(rpAsJson, GetRpResponse.class); return Jackson2.createJsonMapper().readValue(resp.getNode().toString(), Rp.class); } public static Rp fetchRp(String apiTargetUrl, String strAuthorization, String rpId) throws IOException { - final String rpAsJson = Tester.newClient(apiTargetUrl).getRp(strAuthorization, null, new GetRpParams(rpId)); + final String rpAsJson = Tester.newClient(apiTargetUrl).getRp(strAuthorization, rpId, new GetRpParams(rpId)); GetRpResponse resp = Jackson2.createJsonMapper().readValue(rpAsJson, GetRpResponse.class); return Jackson2.createJsonMapper().readValue(resp.getNode().toString(), Rp.class); }