Class UmaSharingService


  • public class UmaSharingService
    extends Object
    An UmaSharingService provides core UMA features to the Identity Gateway when acting as an UMA Resource Server.

    It is linked to a single UMA Authorization Server.

    It is also the place where protected application knowledge is described: each item of the resources array describe a resource (that can be composed of multiple endpoints) that share the same set of scopes.

    Each resource contains a pattern used to define which one of them to use when a Share is created. A resource also contains a list of actions that defines the set of scopes to require when a requesting party request comes in.

         {
             "name": "UmaService",
             "type": "UmaService",
             "config": {
               "protectionApiHandler": "HttpsClient",
               "wellKnownEndpoint": "https://openam.example.com:8443/openam/uma/.well-known/uma2-configuration",
               "resources": [
                 {
                   "pattern": "/guillaume/.*",
                   "actions" : [
                     {
                       "scopes"    : [ "http://api.example.com/operations#read" ],
                       "condition" : "${request.method == 'GET'}"
                     },
                     {
                       "scopes"    : [ "http://api.example.com/operations#delete" ],
                       "condition" : "${request.method == 'DELETE'}"
                     }
                   ]
                 }
               ]
             }
           }
         
     
    Along with the UmaService, a REST endpoint is deployed in IG's API namespace: /openig/api/system/objects/../objects/[name-of-the-uma-service-object]/share. The dotted segment depends on your deployment (like which RouterHandler hosts the route that in turns contains this object).
    • Method Detail

      • createShare

        public Promise<org.forgerock.openig.uma.Share,​UmaException> createShare​(Context context,
                                                                                      String resourcePath,
                                                                                      String pat)
        Creates a Share that will be used to protect the given resourcePath.
        Parameters:
        context - Context chain used to keep a relationship between requests (tracking)
        resourcePath - resource to be protected
        pat - Protection Api Token (PAT)
        Returns:
        the created Share asynchronously
        See Also:
        Create Resource Description
      • findShare

        public org.forgerock.openig.uma.Share findShare​(Request request)
                                                 throws UmaException
        Find a Share.
        Parameters:
        request - the incoming requesting party request
        Returns:
        a Share to be used to protect the resource access
        Throws:
        UmaException - when no Share can handle the request.
      • removeShare

        public org.forgerock.openig.uma.Share removeShare​(String shareId)
        Removes the previously created Share from the registered shares. In effect, the resources is no more shared/protected
        Parameters:
        shareId - share identifier
        Returns:
        the removed Share instance if found, null otherwise.
      • listShares

        public Set<org.forgerock.openig.uma.Share> listShares()
        Returns a copy of the list of currently managed shares.
        Returns:
        a copy of the list of currently managed shares.
      • getIssuerUri

        public URI getIssuerUri()
        Returns the issuer's URI.
        Returns:
        the issuer's URI.
      • getPermissionEndpoint

        public URI getPermissionEndpoint()
        Returns the UMA Permission Request endpoint Uri.
        Returns:
        the UMA Permission Request endpoint Uri.
      • getIntrospectionEndpoint

        public URI getIntrospectionEndpoint()
        Returns the OAuth 2.0 Introspection endpoint Uri.
        Returns:
        the OAuth 2.0 Introspection endpoint Uri.
      • getShare

        public org.forgerock.openig.uma.Share getShare​(String id)
        Returns the Share with the given id.
        Parameters:
        id - Share identifier
        Returns:
        the Share with the given id (or null if none was found).