Class: Oxd::UMACommands

Inherits:

OxdConnector

• Object
• OxdConnector
• Oxd::UMACommands

Defined in:

lib/oxd/uma_commands.rb

Overview

This class carries out the commands for UMA Resource Server and UMA Requesting Party

Instance Method Summary

• #default_params ⇒ Object

  default params to send with every request.

• #initialize ⇒ UMACommands constructor

  class constructor.

• #introspect_rpt ⇒ OBJECT

  method to gain information about obtained RPT.

• #uma_add_resource(path, *conditions) ⇒ ARRAY

  :httpMethods => [“GET”], :scopes => [“photoz.example.com/dev/actions/view”] } condition2 = { :httpMethods => [“PUT”, “POST”], :scopes => [ “photoz.example.com/dev/actions/all”, “photoz.example.com/dev/actions/add” ], :ticketScopes => [“photoz.example.com/dev/actions/add”] } uma_add_resource(“/photo”, condition1, condition2).

• #uma_rp_get_claims_gathering_url(claims_redirect_uri) ⇒ Hash

  method to check if we have permission to access particular resource or not.

• #uma_rp_get_rpt(claim_token: nil, claim_token_format: nil, pct: nil, rpt: nil, scope: nil, state: nil) ⇒ Hash

  method for obtaining RPT to gain access to protected resources at the UMA resource server.

• #uma_rs_check_access(path, http_method) ⇒ Hash

  method to check if we have permission to access particular resource or not.

• #uma_rs_protect ⇒ STRING

  method to protect resources with UMA resource server.

Methods inherited from OxdConnector

#getData, #getResponseData, #getResponseObject, #is_json?, #logger, #oxd_http_request, #oxd_socket_request, #request, #trigger_error, #validate_command

Constructor Details

#initialize ⇒ UMACommands

class constructor

# File 'lib/oxd/uma_commands.rb', line 11

def initialize
	@resources = Array.new
	super
end

Instance Method Details

#default_params ⇒ Object

default params to send with every request

# File 'lib/oxd/uma_commands.rb', line 17

def default_params
	defaults = {
		"oxd_id" => @configuration.oxd_id,
		"protection_access_token" => @configuration.protection_access_token
	}
end

#introspect_rpt ⇒ OBJECT

method to gain information about obtained RPT

Returns:

• (OBJECT) —

  @response_data

# File 'lib/oxd/uma_commands.rb', line 147

def introspect_rpt
	@command = 'introspect_rpt'
	@params = default_params.merge({ "rpt" => @configuration.rpt })
       request('introspect-rpt')	        
       getResponseData
end

#uma_add_resource(path, *conditions) ⇒ ARRAY

:httpMethods => [“GET”], :scopes => [“photoz.example.com/dev/actions/view”] }

condition2 = {

:httpMethods => [“PUT”, “POST”], :scopes => [ “photoz.example.com/dev/actions/all”, “photoz.example.com/dev/actions/add” ], :ticketScopes => [“photoz.example.com/dev/actions/add”] }

uma_add_resource("/photo", condition1, condition2)

}

uma_add_resource("/photo", condition)

combines multiple resources into @resources array to pass to uma_rs_protect method

Examples:

: 1

condition1 = {

: 2 (with scope expressions)

condition = {
:httpMethods => ["GET"],
:scope_expression => {
	:rule => { 
		:and => [
			{
				:or => [{:var => 0}, {:var => 1}]
			},
			{:var => 2}
		]
	},
	:data => [
		"http://photoz.example.com/dev/actions/all",
		"http://photoz.example.com/dev/actions/add",
		"http://photoz.example.com/dev/actions/internalClient"
	]
}

Parameters:

• path (STRING) —

  REQUIRED

• conditions (HASH) —

  REQUIRED (variable number of conditions can be passed)

Returns:

• (ARRAY) —

  resources

# File 'lib/oxd/uma_commands.rb', line 63

def uma_add_resource(path, *conditions)			
    @resources.push({:path => path, :conditions => conditions})			
end

#uma_rp_get_claims_gathering_url(claims_redirect_uri) ⇒ Hash

method to check if we have permission to access particular resource or not

Parameters:

• claims_redirect_uri (STRING) —

  REQUIRED

Returns:

• (Hash) —

  response data (url, state)

# File 'lib/oxd/uma_commands.rb', line 132

def uma_rp_get_claims_gathering_url( claims_redirect_uri )
	if (claims_redirect_uri.empty?)
          	trigger_error("Empty/Wrong value in place of claims_redirect_uri.")
      	end
	@command = 'uma_rp_get_claims_gathering_url'
       @params = default_params.merge({
		"ticket" => @configuration.ticket,
		"claims_redirect_uri" => claims_redirect_uri
       })
       request('uma-rp-get-claims-gathering-url')	        
       getResponseData["url"]
end

#uma_rp_get_rpt(claim_token: nil, claim_token_format: nil, pct: nil, rpt: nil, scope: nil, state: nil) ⇒ Hash

method for obtaining RPT to gain access to protected resources at the UMA resource server

Parameters:

• claim_token (STRING) (defaults to: nil) —

  OPTIONAL

• claim_token_format (STRING) (defaults to: nil) —

  OPTIONAL

• pct (STRING) (defaults to: nil) —

  OPTIONAL

• rpt (STRING) (defaults to: nil) —

  OPTIONAL

• scope (STRING) (defaults to: nil) —

  OPTIONAL

• state (STRING) (defaults to: nil) —

  OPTIONAL, state that is returned from uma_rp_get_claims_gathering_url command

Returns:

• (Hash) —

  response data (access_token, token_type, pct, upgraded)

# File 'lib/oxd/uma_commands.rb', line 87

def uma_rp_get_rpt( claim_token: nil, claim_token_format: nil, pct: nil, rpt: nil, scope: nil, state: nil )
	@command = 'uma_rp_get_rpt'
       @params = default_params.merge({
		"ticket" => @configuration.ticket,
		"claim_token" => claim_token,
		"claim_token_format" => claim_token_format,
		"pct" => pct,
		"rpt" => (!rpt.nil?)? rpt : @configuration.rpt,
		"scope" => scope,
		"state" => state
       })
       request('uma-rp-get-rpt')
       
       if getResponseData['error'] == 'need_info' && !getResponseData['details']['ticket'].empty?
       	@configuration.ticket = getResponseData['details']['ticket']
       else
       	@configuration.rpt = getResponseData['access_token']
       end
       getResponseData
end

#uma_rs_check_access(path, http_method) ⇒ Hash

method to check if we have permission to access particular resource or not

Parameters:

• path (STRING) —

  REQUIRED

• http_method (Array) —

  REQUIRED, must be one from ‘GET’, ‘POST’, ‘PUT’, ‘DELETE’

Returns:

• (Hash) —

  response data (access, ticket)

# File 'lib/oxd/uma_commands.rb', line 112

def uma_rs_check_access(path, http_method)
	if (path.empty? || http_method.empty? || (!['GET', 'POST', 'PUT', 'DELETE'].include? http_method))
          	trigger_error("Empty/Wrong value in place of path or http_method.")
      	end
	@command = 'uma_rs_check_access'
       @params = default_params.merge({
		"rpt" => @configuration.rpt,
		"path" => path,
		"http_method" => http_method
       })
       request('uma-rs-check-access')
       if getResponseData['access'] == 'denied' && !getResponseData['ticket'].empty?
       	@configuration.ticket = getResponseData['ticket']	        
       end
       getResponseData
end

#uma_rs_protect ⇒ STRING

method to protect resources with UMA resource server

Returns:

• (STRING) —

  oxd_id

Raises:

• RuntimeError if @resources is nil

# File 'lib/oxd/uma_commands.rb', line 70

def uma_rs_protect
	trigger_error("Please set resources with uma_add_resource(path, *conditions) method first.") if(@resources.nil?)
	logger("UMA configuration #{@configuration}")
	@command = 'uma_rs_protect'
	@params = default_params.merge({ "resources" => @resources })
       request('uma-rs-protect')
       getResponseData['oxd_id']
end