Class: Oxd::UMACommands

Inherits:
OxdConnector show all
Defined in:
lib/oxd/uma_commands.rb

Overview

This class carries out the commands for UMA Resource Server and UMA Requesting Party

Instance Method Summary collapse

Methods inherited from OxdConnector

#getData, #getData2, #getResponseData, #getResponseObject, #is_json?, #logger, #oxd_http_request, #oxd_socket_request, #request, #validate_command

Constructor Details

#initializeUMACommands

class constructor



11
12
13
14
 
# File 'lib/oxd/uma_commands.rb', line 11

def initialize
	@resources = Array.new
	super
end

Instance Method Details

#uma_add_resource(path, *conditions) ⇒ ARRAY

combines multiple resources into @resources array to pass to uma_rs_protect method

Examples:

condition1 = {:httpMethods => ["GET"], :scopes => ["http://photoz.example.com/dev/actions/view"]}
condition2 = {:httpMethods => ["PUT", "POST"], :scopes => ["http://photoz.example.com/dev/actions/all","http://photoz.example.com/dev/actions/add"],:ticketScopes => ["http://photoz.example.com/dev/actions/add"]}
uma_add_resource("/photo", condition1, condition2)

Parameters:

  • path (STRING)

    REQUIRED

  • conditions (HASH)

    REQUIRED (variable number of conditions can be passed)

Returns:

  • (ARRAY)

    resources



24
25
26
 
# File 'lib/oxd/uma_commands.rb', line 24

def uma_add_resource(path, *conditions)			
    @resources.push({:path => path, :conditions => conditions})			
end

#uma_rp_get_claims_gathering_url(claims_redirect_uri) ⇒ Hash

method to check if we have permission to access particular resource or not

Parameters:

  • claims_redirect_uri (STRING)

    REQUIRED

Returns:

  • (Hash)

    response data (url, state)



102
103
104
105
106
107
108
109
110
111
112
113
114
115
 
# File 'lib/oxd/uma_commands.rb', line 102

def uma_rp_get_claims_gathering_url( claims_redirect_uri )
	if (claims_redirect_uri.empty?)
          	logger(:log_msg => "Empty/Wrong value in place of claims_redirect_uri.")
      	end
	@command = 'uma_rp_get_claims_gathering_url'
	@params = {
		"oxd_id" => @configuration.oxd_id,
		"ticket" => @configuration.ticket,
		"claims_redirect_uri" => claims_redirect_uri,
		"protection_access_token" => @configuration.protection_access_token
       }
       request('uma-rp-get-claims-gathering-url')	        
       getResponseData
end

#uma_rp_get_rpt(claim_token = nil, claim_token_format = nil, pct = nil, rpt = nil, scope = nil, state = nil) ⇒ Hash

method for obtaining RPT to gain access to protected resources at the UMA resource server

Parameters:

  • claim_token (STRING) (defaults to: nil)

    OPTIONAL

  • claim_token_format (STRING) (defaults to: nil)

    OPTIONAL

  • pct (STRING) (defaults to: nil)

    OPTIONAL

  • rpt (STRING) (defaults to: nil)

    OPTIONAL

  • scope (STRING) (defaults to: nil)

    OPTIONAL

  • state (STRING) (defaults to: nil)

    OPTIONAL, state that is returned from uma_rp_get_claims_gathering_url command

Returns:

  • (Hash)

    response data (access_token, token_type, pct, upgraded)



52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
 
# File 'lib/oxd/uma_commands.rb', line 52

def uma_rp_get_rpt( claim_token = nil, claim_token_format = nil, pct = nil, rpt = nil, scope = nil, state = nil )
	@command = 'uma_rp_get_rpt'
	@params = {
		"oxd_id" => @configuration.oxd_id,
		"ticket" => @configuration.ticket,
		"claim_token" => claim_token,
		"claim_token_format" => claim_token_format,
		"pct" => pct,
		"rpt" => (!rpt.nil?)? rpt : @configuration.rpt,
		"scope" => scope,
		"state" => state,
		"protection_access_token" => @configuration.protection_access_token
       }
       request('uma-rp-get-rpt')
       
       if getResponseData['error'] == 'need_info' && !getResponseData['details']['ticket'].empty?
       	@configuration.ticket = getResponseData['details']['ticket']	        
       end

       getResponseData
end

#uma_rs_check_access(path, http_method) ⇒ Hash

method to check if we have permission to access particular resource or not

Parameters:

  • path (STRING)

    REQUIRED

  • http_method (Array)

    REQUIRED, must be one from ‘GET’, ‘POST’, ‘PUT’, ‘DELETE’

Returns:

  • (Hash)

    response data (access, ticket)



78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
 
# File 'lib/oxd/uma_commands.rb', line 78

def uma_rs_check_access(path, http_method)
	if (path.empty? || http_method.empty? || (!['GET', 'POST', 'PUT', 'DELETE'].include? http_method))
          	logger(:log_msg => "Empty/Wrong value in place of path or http_method.")
      	end
	@command = 'uma_rs_check_access'
	@params = {
		"oxd_id" => @configuration.oxd_id,
		"rpt" => @configuration.rpt,
		"path" => path,
		"http_method" => http_method,
		"protection_access_token" => @configuration.protection_access_token
       }
       request('uma-rs-check-access')
       if getResponseData['access'] == 'denied' && !getResponseData['ticket'].empty?
       	@configuration.ticket = getResponseData['ticket']
       elsif getResponseData['access'] == 'granted' 
       	@configuration.ticket = ""
       end
       getResponseData
end

#uma_rs_protectSTRING

method to protect resources with UMA resource server

Returns:

  • (STRING)

    oxd_id

Raises:

  • RuntimeError if @resources is nil



31
32
33
34
35
36
37
38
39
40
41
42
 
# File 'lib/oxd/uma_commands.rb', line 31

def uma_rs_protect
	logger(:log_msg => "Please set resources with uma_add_resource(path, *conditions) method first.") if(@resources.nil?)
	logger(:log_msg => "UMA configuration #{@configuration}", :error => '')
	@command = 'uma_rs_protect'
	@params = {
		"oxd_id" => @configuration.oxd_id,
		"resources" => @resources,
		"protection_access_token" => @configuration.protection_access_token
	}
       request('uma-rs-protect')
       getResponseData['oxd_id']
end