Package org.forgerock.openig.uma

Class UmaSharingService

java.lang.Object
org.forgerock.openig.uma.UmaSharingService
public class UmaSharingService extends Object
An UmaSharingService provides core UMA features to the Identity Gateway when acting as an UMA Resource Server.

It is linked to a single UMA Authorization Server.

It is also the place where protected application knowledge is described: each item of the resources array describe a resource (that can be composed of multiple endpoints) that share the same set of scopes.

Each resource contains a pattern used to define which one of them to use when a Share is created. A resource also contains a list of actions that defines the set of scopes to require when a requesting party request comes in. 

     {
         "name": "UmaService",
         "type": "UmaService",
         "config": {
           "protectionApiHandler": "HttpsClient",
           "wellKnownEndpoint": "https://openam.example.com:8443/openam/uma/.well-known/uma2-configuration",
           "resources": [
             {
               "pattern": "/guillaume/.*",
               "actions" : [
                 {
                   "scopes"    : [ "http://api.example.com/operations#read" ],
                   "condition" : "${request.method == 'GET'}"
                 },
                 {
                   "scopes"    : [ "http://api.example.com/operations#delete" ],
                   "condition" : "${request.method == 'DELETE'}"
                 }
               ]
             }
           ]
         }
       }
Along with the UmaService, a REST endpoint is deployed in IG's API namespace: /openig/api/system/objects/../objects/[name-of-the-uma-service-object]/share. The dotted segment depends on your deployment (like which RouterHandler hosts the route that in turns contains this object).

  • Method Details

    • createShare

      public Promise<org.forgerock.openig.uma.Share,UmaException> createShare(Context context, String resourcePath, String pat)
      Creates a Share that will be used to protect the given resourcePath.
      Parameters:
      context - Context chain used to keep a relationship between requests (tracking)
      resourcePath - resource to be protected
      pat - Protection Api Token (PAT)
      Returns:
      the created Share asynchronously
      See Also:

    • findShare

      public org.forgerock.openig.uma.Share findShare(Request request) throws UmaException
      Find a Share.
      Parameters:
      request - the incoming requesting party request
      Returns:
      a Share to be used to protect the resource access
      Throws:
      UmaException - when no Share can handle the request.

    • removeShare

      public org.forgerock.openig.uma.Share removeShare(String shareId)
      Removes the previously created Share from the registered shares. In effect, the resources is no more shared/protected
      Parameters:
      shareId - share identifier
      Returns:
      the removed Share instance if found, null otherwise.

    • listShares

      public Set<org.forgerock.openig.uma.Share> listShares()
      Returns a copy of the list of currently managed shares.
      Returns:
      a copy of the list of currently managed shares.

    • getIssuerUri

      public URI getIssuerUri()
      Returns the issuer's URI.
      Returns:
      the issuer's URI.

    • getPermissionEndpoint

      public URI getPermissionEndpoint()
      Returns the UMA Permission Request endpoint Uri.
      Returns:
      the UMA Permission Request endpoint Uri.

    • getIntrospectionEndpoint

      public URI getIntrospectionEndpoint()
      Returns the OAuth 2.0 Introspection endpoint Uri.
      Returns:
      the OAuth 2.0 Introspection endpoint Uri.

    • getShare

      public org.forgerock.openig.uma.Share getShare(String id)
      Returns the Share with the given id.
      Parameters:
      id - Share identifier
      Returns:
      the Share with the given id (or null if none was found).