public class UmaSharingService extends Object
UmaSharingService provides core UMA features to the Identity Gateway
when acting as an UMA Resource Server.
It is linked to a single UMA Authorization Server.
It is also the place where protected application knowledge is described: each item of the resources
array describe a resource (that can be composed of multiple endpoints) that share the same set of scopes.
Each resource contains a pattern used to define which one of them to use when a Share is
created. A resource also contains a list of actions that
defines the set of scopes to require when a requesting party request comes in.
{
"name": "UmaService",
"type": "UmaService",
"config": {
"protectionApiHandler": "HttpsClient",
"wellKnownEndpoint": "https://openam.example.com:8443/openam/uma/.well-known/uma2-configuration",
"resources": [
{
"pattern": "/guillaume/.*",
"actions" : [
{
"scopes" : [ "http://api.example.com/operations#read" ],
"condition" : "${request.method == 'GET'}"
},
{
"scopes" : [ "http://api.example.com/operations#delete" ],
"condition" : "${request.method == 'DELETE'}"
}
]
}
]
}
}
Along with the UmaService, a REST endpoint is deployed in IG's API namespace:
/openig/api/system/objects/../objects/[name-of-the-uma-service-object]/share.
The dotted segment depends on your deployment (like which RouterHandler hosts the route that
in turns contains this object).| Modifier and Type | Class and Description |
|---|---|
static class |
UmaSharingService.Heaplet
Creates and initializes an UMA service in a heap environment.
|
| Modifier and Type | Method and Description |
|---|---|
Promise<org.forgerock.openig.uma.Share,UmaException> |
createShare(Context context,
String resourcePath,
String pat)
Creates a Share that will be used to protect the given
resourcePath. |
org.forgerock.openig.uma.Share |
findShare(Request request)
Find a
Share. |
URI |
getIntrospectionEndpoint()
Returns the OAuth 2.0 Introspection endpoint Uri.
|
URI |
getIssuerUri()
Returns the issuer's URI.
|
URI |
getPermissionEndpoint()
Returns the UMA Permission Request endpoint Uri.
|
org.forgerock.openig.uma.Share |
getShare(String id)
Returns the
Share with the given id. |
Set<org.forgerock.openig.uma.Share> |
listShares()
Returns a copy of the list of currently managed shares.
|
org.forgerock.openig.uma.Share |
removeShare(String shareId)
Removes the previously created Share from the registered shares.
|
public Promise<org.forgerock.openig.uma.Share,UmaException> createShare(Context context, String resourcePath, String pat)
resourcePath.context - Context chain used to keep a relationship between requests (tracking)resourcePath - resource to be protectedpat - Protection Api Token (PAT)Share asynchronouslypublic org.forgerock.openig.uma.Share findShare(Request request) throws UmaException
Share.request - the incoming requesting party requestShare to be used to protect the resource accessUmaException - when no Share can handle the request.public org.forgerock.openig.uma.Share removeShare(String shareId)
shareId - share identifiernull otherwise.public Set<org.forgerock.openig.uma.Share> listShares()
public URI getIssuerUri()
public URI getPermissionEndpoint()
public URI getIntrospectionEndpoint()
public org.forgerock.openig.uma.Share getShare(String id)
Share with the given id.id - Share identifierShare with the given id (or null if none was found).Copyright 2011-2017 ForgeRock AS.