diff --git a/Client/src/test/java/org/xdi/oxauth/ws/rs/PersistClientAuthorizationsHttpTest.java b/Client/src/test/java/org/xdi/oxauth/ws/rs/PersistClientAuthorizationsHttpTest.java new file mode 100644 index 0000000000..783f0f265b --- /dev/null +++ b/Client/src/test/java/org/xdi/oxauth/ws/rs/PersistClientAuthorizationsHttpTest.java @@ -0,0 +1,181 @@ +package org.xdi.oxauth.ws.rs; + +import org.testng.annotations.Parameters; +import org.testng.annotations.Test; +import org.xdi.oxauth.BaseTest; +import org.xdi.oxauth.client.*; +import org.xdi.oxauth.model.common.AuthenticationMethod; +import org.xdi.oxauth.model.common.GrantType; +import org.xdi.oxauth.model.common.Prompt; +import org.xdi.oxauth.model.common.ResponseType; +import org.xdi.oxauth.model.register.ApplicationType; +import org.xdi.oxauth.model.util.StringUtils; + +import java.util.Arrays; +import java.util.List; +import java.util.UUID; + +import static org.testng.Assert.assertEquals; +import static org.testng.Assert.assertNotNull; + +/** + * @author Javier Rojas Blum + * @version October 16, 2015 + */ +public class PersistClientAuthorizationsHttpTest extends BaseTest { + + @Parameters({"userId", "userSecret", "redirectUris", "redirectUri"}) + @Test + public void persistentClientAuthorizations(final String userId, final String userSecret, + final String redirectUris, final String redirectUri) throws Exception { + showTitle("persistentClientAuthorizations"); + + List responseTypes = Arrays.asList(ResponseType.CODE, ResponseType.ID_TOKEN); + + // 1. Register client + RegisterRequest registerRequest = new RegisterRequest(ApplicationType.WEB, "oxAuth test app", + StringUtils.spaceSeparatedToList(redirectUris)); + registerRequest.setResponseTypes(responseTypes); + + RegisterClient registerClient = new RegisterClient(registrationEndpoint); + registerClient.setRequest(registerRequest); + RegisterResponse registerResponse = registerClient.exec(); + + showClient(registerClient); + assertEquals(registerResponse.getStatus(), 200, "Unexpected response code: " + registerResponse.getEntity()); + assertNotNull(registerResponse.getClientId()); + assertNotNull(registerResponse.getClientSecret()); + assertNotNull(registerResponse.getRegistrationAccessToken()); + assertNotNull(registerResponse.getClientIdIssuedAt()); + assertNotNull(registerResponse.getClientSecretExpiresAt()); + + String clientId = registerResponse.getClientId(); + String clientSecret = registerResponse.getClientSecret(); + + String sessionId = null; + { + // 2. Request authorization + List scopes = Arrays.asList("openid", "profile"); + String nonce = UUID.randomUUID().toString(); + String state = UUID.randomUUID().toString(); + + AuthorizationRequest authorizationRequest = new AuthorizationRequest(responseTypes, clientId, scopes, redirectUri, nonce); + authorizationRequest.setState(state); + + AuthorizationResponse authorizationResponse = authenticateResourceOwnerAndGrantAccess( + authorizationEndpoint, authorizationRequest, userId, userSecret); + + assertNotNull(authorizationResponse.getLocation()); + assertNotNull(authorizationResponse.getCode()); + assertNotNull(authorizationResponse.getIdToken()); + assertNotNull(authorizationResponse.getState()); + + String authorizationCode = authorizationResponse.getCode(); + sessionId = authorizationResponse.getSessionId(); + + // 3. Request access token using the authorization code. + TokenRequest tokenRequest = new TokenRequest(GrantType.AUTHORIZATION_CODE); + tokenRequest.setCode(authorizationCode); + tokenRequest.setRedirectUri(redirectUri); + tokenRequest.setAuthUsername(clientId); + tokenRequest.setAuthPassword(clientSecret); + tokenRequest.setAuthenticationMethod(AuthenticationMethod.CLIENT_SECRET_BASIC); + + TokenClient tokenClient = new TokenClient(tokenEndpoint); + tokenClient.setRequest(tokenRequest); + TokenResponse tokenResponse = tokenClient.exec(); + + showClient(tokenClient); + assertEquals(tokenResponse.getStatus(), 200, "Unexpected response code: " + tokenResponse.getStatus()); + assertNotNull(tokenResponse.getEntity()); + assertNotNull(tokenResponse.getAccessToken()); + assertNotNull(tokenResponse.getExpiresIn()); + assertNotNull(tokenResponse.getTokenType()); + assertNotNull(tokenResponse.getRefreshToken()); + } + + { + // 4. Request authorization + List scopes = Arrays.asList("openid", "address", "email"); + String nonce = UUID.randomUUID().toString(); + String state = UUID.randomUUID().toString(); + + AuthorizationRequest authorizationRequest = new AuthorizationRequest(responseTypes, clientId, scopes, redirectUri, nonce); + authorizationRequest.setState(state); + + AuthorizationResponse authorizationResponse = authenticateResourceOwnerAndGrantAccess( + authorizationEndpoint, authorizationRequest, userId, userSecret); + + assertNotNull(authorizationResponse.getLocation()); + assertNotNull(authorizationResponse.getCode()); + assertNotNull(authorizationResponse.getIdToken()); + assertNotNull(authorizationResponse.getState()); + + String authorizationCode = authorizationResponse.getCode(); + + // 5. Request access token using the authorization code. + TokenRequest tokenRequest = new TokenRequest(GrantType.AUTHORIZATION_CODE); + tokenRequest.setCode(authorizationCode); + tokenRequest.setRedirectUri(redirectUri); + tokenRequest.setAuthUsername(clientId); + tokenRequest.setAuthPassword(clientSecret); + tokenRequest.setAuthenticationMethod(AuthenticationMethod.CLIENT_SECRET_BASIC); + + TokenClient tokenClient = new TokenClient(tokenEndpoint); + tokenClient.setRequest(tokenRequest); + TokenResponse tokenResponse = tokenClient.exec(); + + showClient(tokenClient); + assertEquals(tokenResponse.getStatus(), 200, "Unexpected response code: " + tokenResponse.getStatus()); + assertNotNull(tokenResponse.getEntity()); + assertNotNull(tokenResponse.getAccessToken()); + assertNotNull(tokenResponse.getExpiresIn()); + assertNotNull(tokenResponse.getTokenType()); + assertNotNull(tokenResponse.getRefreshToken()); + } + + { + // 6. Request authorization + List scopes = Arrays.asList("openid", "profile", "address", "email"); + String nonce = UUID.randomUUID().toString(); + String state = UUID.randomUUID().toString(); + + AuthorizationRequest authorizationRequest = new AuthorizationRequest(responseTypes, clientId, scopes, redirectUri, nonce); + authorizationRequest.setState(state); + authorizationRequest.getPrompts().add(Prompt.NONE); + authorizationRequest.setSessionId(sessionId); + + AuthorizeClient authorizeClient = new AuthorizeClient(authorizationEndpoint); + authorizeClient.setRequest(authorizationRequest); + + AuthorizationResponse authorizationResponse = authorizeClient.exec(); + + assertNotNull(authorizationResponse.getLocation()); + assertNotNull(authorizationResponse.getCode()); + assertNotNull(authorizationResponse.getState()); + assertNotNull(authorizationResponse.getScope()); + + String authorizationCode = authorizationResponse.getCode(); + + // 7. Get Access Token + TokenRequest tokenRequest = new TokenRequest(GrantType.AUTHORIZATION_CODE); + tokenRequest.setCode(authorizationCode); + tokenRequest.setRedirectUri(redirectUri); + tokenRequest.setAuthUsername(clientId); + tokenRequest.setAuthPassword(clientSecret); + tokenRequest.setAuthenticationMethod(AuthenticationMethod.CLIENT_SECRET_BASIC); + + TokenClient tokenClient = new TokenClient(tokenEndpoint); + tokenClient.setRequest(tokenRequest); + TokenResponse tokenResponse = tokenClient.exec(); + + showClient(tokenClient); + assertEquals(tokenResponse.getStatus(), 200, "Unexpected response code: " + tokenResponse.getStatus()); + assertNotNull(tokenResponse.getEntity(), "The entity is null"); + assertNotNull(tokenResponse.getAccessToken(), "The access token is null"); + assertNotNull(tokenResponse.getExpiresIn(), "The expires in value is null"); + assertNotNull(tokenResponse.getTokenType(), "The token type is null"); + assertNotNull(tokenResponse.getRefreshToken(), "The refresh token is null"); + } + } +} diff --git a/Client/src/test/resources/testng.xml b/Client/src/test/resources/testng.xml index a92956777f..c22b377fa8 100644 --- a/Client/src/test/resources/testng.xml +++ b/Client/src/test/resources/testng.xml @@ -72,6 +72,13 @@ + + + + + + + diff --git a/Server/conf/oxauth-config.xml b/Server/conf/oxauth-config.xml index 6756dd8a82..6a8234ef7c 100644 --- a/Server/conf/oxauth-config.xml +++ b/Server/conf/oxauth-config.xml @@ -272,6 +272,7 @@ true ${config.client.dynamic-registration-expiration-time} + true true diff --git a/Server/src/main/java/org/xdi/oxauth/authorize/ws/rs/AuthorizeAction.java b/Server/src/main/java/org/xdi/oxauth/authorize/ws/rs/AuthorizeAction.java index 98e9e2fb69..6dec94430b 100644 --- a/Server/src/main/java/org/xdi/oxauth/authorize/ws/rs/AuthorizeAction.java +++ b/Server/src/main/java/org/xdi/oxauth/authorize/ws/rs/AuthorizeAction.java @@ -32,6 +32,7 @@ import org.xdi.oxauth.model.federation.FederationTrust; import org.xdi.oxauth.model.federation.FederationTrustStatus; import org.xdi.oxauth.model.jwt.JwtClaimName; +import org.xdi.oxauth.model.ldap.ClientAuthorizations; import org.xdi.oxauth.model.registration.Client; import org.xdi.oxauth.model.util.LocaleUtil; import org.xdi.oxauth.model.util.Util; @@ -47,7 +48,7 @@ /** * @author Javier Rojas Blum * @author Yuriy Movchan - * @version October 1, 2015 + * @version October 16, 2015 */ @Name("authorizeAction") @Scope(ScopeType.EVENT) // Do not change scope, we try to keep server without http sessions @@ -80,6 +81,9 @@ public class AuthorizeAction { @In private AuthenticationService authenticationService; + @In + private ClientAuthorizationsService clientAuthorizationsService; + @In private ExternalAuthenticationService externalAuthenticationService; @@ -237,8 +241,12 @@ public void checkPermissionGranted() { } if (AuthorizeParamsValidator.validatePrompt(prompts)) { - // if trusted client = true, then skip authorization page and grant access directly - if (ConfigurationFactory.instance().getConfiguration().getTrustedClientEnabled()) { + ClientAuthorizations clientAuthorizations = clientAuthorizationsService.findClientAuthorizations(user.getAttribute("inum"), client.getClientId()); + if (clientAuthorizations != null && clientAuthorizations.getScopes() != null && + Arrays.asList(clientAuthorizations.getScopes()).containsAll( + org.xdi.oxauth.model.util.StringUtils.spaceSeparatedToList(scope))) { + permissionGranted(session); + } else if (ConfigurationFactory.instance().getConfiguration().getTrustedClientEnabled()) { // if trusted client = true, then skip authorization page and grant access directly if (Boolean.parseBoolean(client.getTrustedClient()) && !prompts.contains(Prompt.CONSENT)) { permissionGranted(session); } @@ -575,6 +583,11 @@ public void permissionGranted() { public void permissionGranted(SessionId session) { try { + final User user = userService.getUserByDn(session.getUserDn()); + final Client client = clientService.getClient(clientId); + final List scopes = org.xdi.oxauth.model.util.StringUtils.spaceSeparatedToList(scope); + clientAuthorizationsService.add(user.getAttribute("inum"), client.getClientId(), scopes); + session.addPermission(clientId, true); sessionIdService.updateSessionId(session); diff --git a/Server/src/main/java/org/xdi/oxauth/authorize/ws/rs/AuthorizeRestWebServiceImpl.java b/Server/src/main/java/org/xdi/oxauth/authorize/ws/rs/AuthorizeRestWebServiceImpl.java index 815ad2e7b6..1f4f0e7b20 100644 --- a/Server/src/main/java/org/xdi/oxauth/authorize/ws/rs/AuthorizeRestWebServiceImpl.java +++ b/Server/src/main/java/org/xdi/oxauth/authorize/ws/rs/AuthorizeRestWebServiceImpl.java @@ -24,6 +24,7 @@ import org.xdi.oxauth.model.error.ErrorResponseFactory; import org.xdi.oxauth.model.exception.InvalidJwtException; import org.xdi.oxauth.model.jwt.JwtClaimName; +import org.xdi.oxauth.model.ldap.ClientAuthorizations; import org.xdi.oxauth.model.registration.Client; import org.xdi.oxauth.model.util.JwtUtil; import org.xdi.oxauth.model.util.Util; @@ -54,7 +55,7 @@ * Implementation for request authorization through REST web services. * * @author Javier Rojas Blum - * @version October 1, 2015 + * @version October 16, 2015 */ @Name("requestAuthorizationRestWebService") @Api(value = "/oxauth/authorize", description = "Authorization Endpoint") @@ -105,6 +106,9 @@ public class AuthorizeRestWebServiceImpl implements AuthorizeRestWebService { @In private SessionId sessionUser; + @In + private ClientAuthorizationsService clientAuthorizationsService; + @Override public Response requestAuthorizationGet( String scope, String responseType, String clientId, String redirectUri, String state, String responseMode, @@ -391,6 +395,11 @@ public Response requestAuthorization( } } + ClientAuthorizations clientAuthorizations = clientAuthorizationsService.findClientAuthorizations(user.getAttribute("inum"), client.getClientId()); + if (clientAuthorizations != null && clientAuthorizations.getScopes() != null && + Arrays.asList(clientAuthorizations.getScopes()).containsAll(scopes)) { + sessionUser.addPermission(clientId, true); + } if (prompts.contains(Prompt.NONE) && Boolean.parseBoolean(client.getTrustedClient())) { sessionUser.addPermission(clientId, true); } diff --git a/Server/src/main/java/org/xdi/oxauth/model/config/Configuration.java b/Server/src/main/java/org/xdi/oxauth/model/config/Configuration.java index 6f79ae7e92..968474402e 100644 --- a/Server/src/main/java/org/xdi/oxauth/model/config/Configuration.java +++ b/Server/src/main/java/org/xdi/oxauth/model/config/Configuration.java @@ -22,7 +22,7 @@ * @author Javier Rojas Blum * @author Yuriy Zabrovarnyy * @author Yuriy Movchan - * @version October 1, 2015 + * @version October 16, 2015 */ @XmlRootElement(name = "configuration") @JsonIgnoreProperties(ignoreUnknown = true) @@ -95,6 +95,7 @@ public class Configuration { private String oxId; private Boolean dynamicRegistrationEnabled; private int dynamicRegistrationExpirationTime; + private Boolean dynamicRegistrationPersistClientAuthorizations; private Boolean trustedClientEnabled; private Boolean dynamicRegistrationScopesParamEnabled; private String dynamicRegistrationCustomObjectClass; @@ -881,6 +882,15 @@ public void setDynamicRegistrationExpirationTime(int dynamicRegistrationExpirati this.dynamicRegistrationExpirationTime = dynamicRegistrationExpirationTime; } + @XmlElement(name = "dynamic-registration-persist-client-authorizations") + public Boolean getDynamicRegistrationPersistClientAuthorizations() { + return dynamicRegistrationPersistClientAuthorizations; + } + + public void setDynamicRegistrationPersistClientAuthorizations(Boolean dynamicRegistrationPersistClientAuthorizations) { + this.dynamicRegistrationPersistClientAuthorizations = dynamicRegistrationPersistClientAuthorizations; + } + @XmlElement(name = "trusted-client-enabled") public Boolean getTrustedClientEnabled() { return trustedClientEnabled; diff --git a/Server/src/main/java/org/xdi/oxauth/model/ldap/ClientAuthorizations.java b/Server/src/main/java/org/xdi/oxauth/model/ldap/ClientAuthorizations.java new file mode 100644 index 0000000000..f1a1b2bdf1 --- /dev/null +++ b/Server/src/main/java/org/xdi/oxauth/model/ldap/ClientAuthorizations.java @@ -0,0 +1,79 @@ +package org.xdi.oxauth.model.ldap; + +import org.gluu.site.ldap.persistence.annotation.LdapAttribute; +import org.gluu.site.ldap.persistence.annotation.LdapDN; +import org.gluu.site.ldap.persistence.annotation.LdapEntry; +import org.gluu.site.ldap.persistence.annotation.LdapObjectClass; + +/** + * @author Javier Rojas Blum + * @version October 16, 2015 + */ +@LdapEntry +@LdapObjectClass(values = {"top", "oxClientAuthorizations"}) +public class ClientAuthorizations { + + @LdapDN + private String dn; + + @LdapAttribute(name = "oxId") + private String id; + + @LdapAttribute(name = "oxAuthClientId") + private String clientId; + + @LdapAttribute(name = "oxAuthScope") + private String[] scopes; + + public String getDn() { + return dn; + } + + public void setDn(String dn) { + this.dn = dn; + } + + public String getId() { + return id; + } + + public void setId(String id) { + this.id = id; + } + + public String getClientId() { + return clientId; + } + + public void setClientId(String clientId) { + this.clientId = clientId; + } + + public String[] getScopes() { + return scopes; + } + + public void setScopes(String[] scopes) { + this.scopes = scopes; + } + + @Override + public boolean equals(Object o) { + if (this == o) return true; + if (o == null || getClass() != o.getClass()) return false; + + ClientAuthorizations that = (ClientAuthorizations) o; + + if (!dn.equals(that.dn)) return false; + if (!id.equals(that.id)) return false; + + return true; + } + + @Override + public int hashCode() { + int result = dn.hashCode(); + result = 31 * result + id.hashCode(); + return result; + } +} diff --git a/Server/src/main/java/org/xdi/oxauth/model/registration/Client.java b/Server/src/main/java/org/xdi/oxauth/model/registration/Client.java index bff4b54a7b..5debecb3af 100644 --- a/Server/src/main/java/org/xdi/oxauth/model/registration/Client.java +++ b/Server/src/main/java/org/xdi/oxauth/model/registration/Client.java @@ -26,7 +26,7 @@ /** * @author Javier Rojas Blum - * @version 0.9 May 18, 2015 + * @version October 16, 2015 */ @LdapEntry @LdapObjectClass(values = {"top", "oxAuthClient"}) @@ -155,6 +155,9 @@ public class Client { @LdapAttribute(name = "oxLastLogonTime") private Date lastLogonTime; + @LdapAttribute(name = "oxPersistClientAuthorizations") + private Boolean persistClientAuthorizations; + @LdapAttributesList(name = "name", value = "values", sortByName = true) private List customAttributes = new ArrayList(); @@ -900,22 +903,30 @@ public void setFederationURI(String p_federationURI) { } public Date getLastAccessTime() { - return lastAccessTime; - } + return lastAccessTime; + } - public void setLastAccessTime(Date lastAccessTime) { - this.lastAccessTime = lastAccessTime; - } + public void setLastAccessTime(Date lastAccessTime) { + this.lastAccessTime = lastAccessTime; + } - public Date getLastLogonTime() { - return lastLogonTime; - } + public Date getLastLogonTime() { + return lastLogonTime; + } - public void setLastLogonTime(Date lastLogonTime) { - this.lastLogonTime = lastLogonTime; - } + public void setLastLogonTime(Date lastLogonTime) { + this.lastLogonTime = lastLogonTime; + } + + public Boolean getPersistClientAuthorizations() { + return persistClientAuthorizations; + } + + public void setPersistClientAuthorizations(Boolean persistClientAuthorizations) { + this.persistClientAuthorizations = persistClientAuthorizations; + } - public List getCustomAttributes() { + public List getCustomAttributes() { return customAttributes; } diff --git a/Server/src/main/java/org/xdi/oxauth/register/ws/rs/RegisterRestWebServiceImpl.java b/Server/src/main/java/org/xdi/oxauth/register/ws/rs/RegisterRestWebServiceImpl.java index 8f0bc09fe4..219e5a8a70 100644 --- a/Server/src/main/java/org/xdi/oxauth/register/ws/rs/RegisterRestWebServiceImpl.java +++ b/Server/src/main/java/org/xdi/oxauth/register/ws/rs/RegisterRestWebServiceImpl.java @@ -58,7 +58,7 @@ * @author Javier Rojas Blum * @author Yuriy Zabrovarnyy * @author Yuriy Movchan - * @version September 1, 2015 + * @version October 16, 2015 */ @Name("registerRestWebService") public class RegisterRestWebServiceImpl implements RegisterRestWebService { @@ -172,6 +172,9 @@ private Response registerClientImpl(String requestParams, SecurityContext securi client.setLastAccessTime(currentTime); client.setLastLogonTime(currentTime); + boolean persistClientAuthorizations = ConfigurationFactory.instance().getConfiguration().getDynamicRegistrationPersistClientAuthorizations(); + client.setPersistClientAuthorizations(persistClientAuthorizations); + clientService.persist(client); JSONObject jsonObject = getJSONObject(client); diff --git a/Server/src/main/java/org/xdi/oxauth/service/ClientAuthorizationsService.java b/Server/src/main/java/org/xdi/oxauth/service/ClientAuthorizationsService.java new file mode 100644 index 0000000000..555e4df728 --- /dev/null +++ b/Server/src/main/java/org/xdi/oxauth/service/ClientAuthorizationsService.java @@ -0,0 +1,111 @@ +package org.xdi.oxauth.service; + +import com.unboundid.ldap.sdk.Filter; +import org.gluu.site.ldap.persistence.LdapEntryManager; +import org.hibernate.annotations.common.util.StringHelper; +import org.jboss.seam.Component; +import org.jboss.seam.ScopeType; +import org.jboss.seam.annotations.*; +import org.jboss.seam.log.Log; +import org.xdi.ldap.model.SimpleBranch; +import org.xdi.oxauth.model.ldap.ClientAuthorizations; + +import java.util.*; + +/** + * @author Javier Rojas Blum + * @version October 16, 2015 + */ +@Scope(ScopeType.STATELESS) +@Name("clientAuthorizationsService") +@AutoCreate +public class ClientAuthorizationsService { + + @Logger + private Log log; + + @In + private LdapEntryManager ldapEntryManager; + + @In + private UserService userService; + + public void addBranch(final String userInum) { + SimpleBranch branch = new SimpleBranch(); + branch.setOrganizationalUnitName("clientAuthorizations"); + branch.setDn(getBaseDnForClientAuthorizations(userInum)); + + ldapEntryManager.persist(branch); + } + + public boolean containsBranch(final String userInum) { + return ldapEntryManager.contains(SimpleBranch.class, getBaseDnForClientAuthorizations(userInum)); + } + + public void prepareBranch(final String userInum) { + // Create client authorizations branch if needed + if (!containsBranch(userInum)) { + addBranch(userInum); + } + } + + public ClientAuthorizations findClientAuthorizations(String userInum, String clientId) { + prepareBranch(userInum); + + String baseDn = getBaseDnForClientAuthorizations(userInum); + Filter filter = Filter.createEqualityFilter("oxAuthClientId", clientId); + + List entries = ldapEntryManager.findEntries(baseDn, ClientAuthorizations.class, filter); + if (entries != null && !entries.isEmpty()) { + // if more then one entry then it's problem, non-deterministic behavior, id must be unique + if (entries.size() > 1) { + log.error("Found more then one client authorization entry by client Id: {0}" + clientId); + for (ClientAuthorizations entry : entries) { + log.error(entry); + } + } + return entries.get(0); + } + + return null; + } + + public void add(String userInum, String clientId, List scopes) { + prepareBranch(userInum); + + ClientAuthorizations clientAuthorizations = findClientAuthorizations(userInum, clientId); + + if (clientAuthorizations == null) { + clientAuthorizations = new ClientAuthorizations(); + clientAuthorizations.setId(UUID.randomUUID().toString()); + clientAuthorizations.setClientId(clientId); + clientAuthorizations.setScopes(scopes.toArray(new String[scopes.size()])); + clientAuthorizations.setDn(getBaseDnForClientAuthorizations(clientAuthorizations.getId(), userInum)); + + ldapEntryManager.persist(clientAuthorizations); + } else { + Set set = new HashSet(scopes); + set.addAll(Arrays.asList(clientAuthorizations.getScopes())); + clientAuthorizations.setScopes(set.toArray(new String[set.size()])); + + ldapEntryManager.merge(clientAuthorizations); + } + } + + public String getBaseDnForClientAuthorizations(String oxId, String userInum) { + String baseDn = getBaseDnForClientAuthorizations(userInum); + if (StringHelper.isEmpty(oxId)) { + return baseDn; + } + return String.format("oxId=%s,%s", oxId, baseDn); + } + + public String getBaseDnForClientAuthorizations(String userInum) { + final String userBaseDn = userService.getDnForUser(userInum); // inum=1234,ou=people,o=@!1111,o=gluu" + return String.format("ou=clientAuthorizations,%s", userBaseDn); // "ou=clientAuthorizations,inum=1234,ou=people,o=@!1111,o=gluu" + } + + public static ClientAuthorizationsService instance() { + return (ClientAuthorizationsService) Component.getInstance(ClientAuthorizationsService.class); + } +} diff --git a/Server/src/main/java/org/xdi/oxauth/service/PairwiseIdentifierService.java b/Server/src/main/java/org/xdi/oxauth/service/PairwiseIdentifierService.java index 4d843eb0d2..58b85d41a8 100644 --- a/Server/src/main/java/org/xdi/oxauth/service/PairwiseIdentifierService.java +++ b/Server/src/main/java/org/xdi/oxauth/service/PairwiseIdentifierService.java @@ -14,7 +14,7 @@ /** * @author Javier Rojas Blum - * @version August 21, 2015 + * @version October 16, 2015 */ @Scope(ScopeType.STATELESS) @Name("pairwiseIdentifierService") @@ -57,7 +57,7 @@ public PairwiseIdentifier findPairWiseIdentifier(String userInum, String sectorI List entries = ldapEntryManager.findEntries(baseDnForPairwiseIdentifiers, PairwiseIdentifier.class, filter); if (entries != null && !entries.isEmpty()) { - // if more then one scope then it's problem, non-deterministic behavior, id must be unique + // if more then one entry then it's problem, non-deterministic behavior, id must be unique if (entries.size() > 1) { log.error("Found more then one pairwise identifier by sector identifier: {0}" + sectorIdentifierUri); for (PairwiseIdentifier pairwiseIdentifier : entries) {