Package org.forgerock.openig.uma

Class UmaSharingService

  • public class UmaSharingService
extends Object
    An UmaSharingService provides core UMA features to the Identity Gateway when acting as an UMA Resource Server.

    It is linked to a single UMA Authorization Server.

    It is also the place where protected application knowledge is described: each item of the resources array describe a resource (that can be composed of multiple endpoints) that share the same set of scopes.

    Each resource contains a pattern used to define which one of them to use when a Share is created. A resource also contains a list of actions that defines the set of scopes to require when a requesting party request comes in. 

         {
         "name": "UmaService",
         "type": "UmaService",
         "config": {
           "protectionApiHandler": "HttpsClient",
           "wellKnownEndpoint": "https://openam.example.com:8443/openam/uma/.well-known/uma2-configuration",
           "resources": [
             {
               "pattern": "/guillaume/.*",
               "actions" : [
                 {
                   "scopes"    : [ "http://api.example.com/operations#read" ],
                   "condition" : "${request.method == 'GET'}"
                 },
                 {
                   "scopes"    : [ "http://api.example.com/operations#delete" ],
                   "condition" : "${request.method == 'DELETE'}"
                 }
               ]
             }
           ]
         }
       }
    Along with the UmaService, a REST endpoint is deployed in IG's API namespace: /openig/api/system/objects/../objects/[name-of-the-uma-service-object]/share. The dotted segment depends on your deployment (like which RouterHandler hosts the route that in turns contains this object).

    • Method Detail

      • createShare

        public Promise<org.forgerock.openig.uma.Share,​UmaException> createShare​(Context context,
                                                                              String resourcePath,
                                                                              String pat)
        Creates a Share that will be used to protect the given resourcePath.
        Parameters:
        context - Context chain used to keep a relationship between requests (tracking)
        resourcePath - resource to be protected
        pat - Protection Api Token (PAT)
        Returns:
        the created Share asynchronously
        See Also:
        Create Resource Description

      • findShare

        public org.forgerock.openig.uma.Share findShare​(Request request)
                                         throws UmaException
        Find a Share.
        Parameters:
        request - the incoming requesting party request
        Returns:
        a Share to be used to protect the resource access
        Throws:
        UmaException - when no Share can handle the request.

      • removeShare

        public org.forgerock.openig.uma.Share removeShare​(String shareId)
        Removes the previously created Share from the registered shares. In effect, the resources is no more shared/protected
        Parameters:
        shareId - share identifier
        Returns:
        the removed Share instance if found, null otherwise.

      • listShares

        public Set<org.forgerock.openig.uma.Share> listShares()
        Returns a copy of the list of currently managed shares.
        Returns:
        a copy of the list of currently managed shares.

      • getIssuerUri

        public URI getIssuerUri()
        Returns the issuer's URI.
        Returns:
        the issuer's URI.

      • getPermissionEndpoint

        public URI getPermissionEndpoint()
        Returns the UMA Permission Request endpoint Uri.
        Returns:
        the UMA Permission Request endpoint Uri.

      • getIntrospectionEndpoint

        public URI getIntrospectionEndpoint()
        Returns the OAuth 2.0 Introspection endpoint Uri.
        Returns:
        the OAuth 2.0 Introspection endpoint Uri.

      • getShare

        public org.forgerock.openig.uma.Share getShare​(String id)
        Returns the Share with the given id.
        Parameters:
        id - Share identifier
        Returns:
        the Share with the given id (or null if none was found).