Refine search
@Override public void set(final U profile) throws Exception { this.session.get().set(key(profile.getId()), AuthSerializer.objToStr(profile)); }
@Override public void validate(final TokenCredentials credentials, final WebContext webContext) { val token = credentials.getToken().trim(); val at = this.ticketRegistry.getTicket(token, AccessToken.class); if (at == null || at.isExpired()) { val err = String.format("Access token is not found or has expired. Unable to authenticate requesting party access token %s", token); throw new CredentialsException(err); } if (!at.getScopes().contains(getRequiredScope())) { val err = String.format("Missing scope [%s]. Unable to authenticate requesting party access token %s", OAuth20Constants.UMA_PERMISSION_URL, token); throw new CredentialsException(err); } val profile = new CommonProfile(); val authentication = at.getAuthentication(); val principal = authentication.getPrincipal(); profile.setId(principal.getId()); val attributes = new LinkedHashMap<String, Object>(authentication.getAttributes()); attributes.putAll(principal.getAttributes()); profile.addAttributes(attributes); profile.addPermissions(at.getScopes()); profile.addAttribute(AccessToken.class.getName(), at); LOGGER.debug("Authenticated access token [{}]", profile); credentials.setUserProfile(profile); }
@Before public void setUp() { profile = new CommonProfile(); }
@Override protected void doIsPermitted(String permission, Handler<AsyncResult<Boolean>> resultHandler) { /* * Assume permitted if any profile is permitted */ resultHandler.handle(Future.succeededFuture( profiles.values().stream() .anyMatch(p -> p.getPermissions().contains(permission)) )); }
/** * Update the principal, to be called on any modification of the profiles map internally. */ private void updatePrincipal() { principal = new JsonObject(); profiles.forEach((name, profile) -> { final JsonObject jsonProfile = new JsonObject(); profile.getAttributes() .forEach((attributeName, attributeValue) -> jsonProfile.put(attributeName, attributeValue.toString())); principal.put(name, jsonProfile); }); }
@Test public void testGetUserProfile() { final DirectFormClient formClient = getFormClient(); formClient.setProfileCreator((credentials, context) -> { String username = credentials.getUsername(); final CommonProfile profile = new CommonProfile(); profile.setId(username); profile.addAttribute(Pac4jConstants.USERNAME, username); return profile; }); final MockWebContext context = MockWebContext.create(); final CommonProfile profile = formClient.getUserProfile(new UsernamePasswordCredentials(USERNAME, USERNAME), context); assertEquals(USERNAME, profile.getId()); assertEquals(CommonProfile.class.getName() + CommonProfile.SEPARATOR + USERNAME, profile.getTypedId()); assertTrue(ProfileHelper.isTypedIdOf(profile.getTypedId(), CommonProfile.class)); assertEquals(USERNAME, profile.getUsername()); assertEquals(1, profile.getAttributes().size()); } }
public Pac4jSubject(final CommonProfile profile) { id = profile.getId(); for (final String role : profile.getRoles()) { roles.add(new Pac4jRole(role)); } for (final String permission : profile.getPermissions()) { permissions.add(new Pac4jPermission(permission)); } }
/** * Returns a name for the principal based upon one of the attributes * of the main CommonProfile. The attribute name used to query the CommonProfile * is specified in the constructor. * * @return a name for the Principal or null if the attribute is not populated. */ @Override public String getName() { CommonProfile profile = this.getProfile(); if(null == principalNameAttribute) { return profile.getId(); } Object attrValue = profile.getAttribute(principalNameAttribute); return (null == attrValue) ? null : String.valueOf(attrValue); }
protected void verifyProfile(final U profile) { CommonHelper.assertNotNull("profile", profile); CommonHelper.assertNull("profile.sub", profile.getAttribute(JwtClaims.SUBJECT)); CommonHelper.assertNull(INTERNAL_ROLES, profile.getAttribute(INTERNAL_ROLES)); CommonHelper.assertNull(INTERNAL_PERMISSIONS, profile.getAttribute(INTERNAL_PERMISSIONS)); }
WebContext ctx = req.require(WebContext.class); List<Client> clientList = clients.findAllClients(); Client client = clientList.size() == 1 ? clientList.get(0) : clients.findClient(ctx); String id = profile.getId(); req.set(Auth.ID, id); session.set(Auth.ID, id);
oidcClient.setAuthorizationGenerator((ctx, profile) -> { profile.addRole("ROLE_ADMIN"); return profile; }); if (CommonHelper.isNotBlank(token)) { final CommonProfile profile = new CommonProfile(); profile.setId(token); credentials.setUserProfile(profile); final Clients clients = new Clients("http://localhost:8080/callback", oidcClient, saml2Client, facebookClient, twitterClient, formClient, indirectBasicAuthClient, casClient, parameterClient, directBasicAuthClient, new AnonymousClient(), headerClient);
public Pac4jAccount(final LinkedHashMap<String, CommonProfile> profiles) { this.roles = new HashSet<>(); this.profiles = ProfileHelper.flatIntoAProfileList(profiles); for (final CommonProfile profile : this.profiles) { final Set<String> roles = profile.getRoles(); for (final String role : roles) { this.roles.add(role); } } final CommonProfile profile = ProfileHelper.flatIntoOneProfile(this.profiles).get(); this.principal = () -> profile.getId(); }
val profile = new CommonProfile(); profile.setId(username); entry.getAttributes().forEach(a -> profile.addAttribute(a.getName(), a.getStringValues())); LOGGER.debug("Assembled user profile with roles after generating authorization claims [{}]", profile); val authorities = profile.getRoles() .stream() .map(SimpleGrantedAuthority::new)
protected JWTClaimsSet buildJwtClaimsSet(final U profile) { // claims builder with subject and issue time final JWTClaimsSet.Builder builder = new JWTClaimsSet.Builder() .subject(profile.getTypedId()) .issueTime(new Date()); if (this.expirationTime != null) { builder.expirationTime(this.expirationTime); } // add attributes final Map<String, Object> attributes = profile.getAttributes(); for (final Map.Entry<String, Object> entry : attributes.entrySet()) { builder.claim(entry.getKey(), entry.getValue()); } builder.claim(INTERNAL_ROLES, profile.getRoles()); builder.claim(INTERNAL_PERMISSIONS, profile.getPermissions()); // claims return builder.build(); }
@Override public void validate(final UsernamePasswordCredentials credentials, final WebContext context) { if (credentials == null) { throw new CredentialsException("No credential"); } String username = credentials.getUsername(); String password = credentials.getPassword(); if (CommonHelper.isBlank(username)) { throw new CredentialsException("Username cannot be blank"); } if (CommonHelper.isBlank(password)) { throw new CredentialsException("Password cannot be blank"); } if (CommonHelper.areNotEquals(username, password)) { throw new CredentialsException("Username : '" + username + "' does not match password"); } final CommonProfile profile = new CommonProfile(); profile.setId(username); profile.addAttribute(Pac4jConstants.USERNAME, username); credentials.setUserProfile(profile); } }
@Override public void validate(final TokenCredentials credentials, final WebContext context) { if (credentials == null) { throw new CredentialsException("credentials must not be null"); } if (CommonHelper.isBlank(credentials.getToken())) { throw new CredentialsException("token must not be blank"); } final String token = credentials.getToken(); final CommonProfile profile = new CommonProfile(); profile.setId(token); credentials.setUserProfile(profile); } }
@Override public CommonProfile generate(final WebContext context, final CommonProfile profile) { val id = profile.getId(); if (rules.containsKey(id)) { val defn = rules.get(id); profile.addRoles(defn.getRoles()); profile.addPermissions(defn.getPermissions()); } return profile; }
@Override protected AuthorizationInfo doGetAuthorizationInfo(final PrincipalCollection principals) { final Set<String> roles = new HashSet<>(); final Set<String> permissions = new HashSet<>(); final Pac4jPrincipal principal = principals.oneByType(Pac4jPrincipal.class); if (principal != null) { final List<CommonProfile> profiles = principal.getProfiles(); for (CommonProfile profile : profiles) { if (profile != null) { roles.addAll(profile.getRoles()); permissions.addAll(profile.getPermissions()); } } } final SimpleAuthorizationInfo simpleAuthorizationInfo = new SimpleAuthorizationInfo(); simpleAuthorizationInfo.addRoles(roles); simpleAuthorizationInfo.addStringPermissions(permissions); return simpleAuthorizationInfo; } }
/** * Validates the token and returns the corresponding user profile. * * @param token the JWT * @return the corresponding user profile */ public Map<String, Object> validateTokenAndGetClaims(final String token) { final CommonProfile profile = validateToken(token); final Map<String, Object> claims = new HashMap<>(profile.getAttributes()); claims.put(JwtClaims.SUBJECT, profile.getId()); return claims; }
public void handle(final Request req, final Response rsp) throws Throwable { Clients clients = req.require(Clients.class); String clientName = req.param(clients.getClientNameParameter()).value(this.clientName); log.debug("profile: {}", identity); if (identity != null) { req.set(Auth.ID, identity.getId()); req.set(Auth.CNAME, client.getName()); store.set(identity);