Examples of org.jboss.resteasy.skeleton.key.representations.SkeletonKeyScope

• org.jboss.resteasy.skeleton.key.representations.SkeletonKeyScope
  Key is resource desired. Values are roles desired for that resource @author Bill Burke @version $Revision: 1 $

public class SkeletonKeyTokenTest
{
   @Test
   public void testScope() throws Exception
   {
     SkeletonKeyScope scope2 = new SkeletonKeyScope();

      scope2.add("one", "admin");
      scope2.add("one", "buyer");
      scope2.add("two", "seller");
      String json = JsonSerialization.toString(scope2, true);
      System.out.println(json);


   }

         token.audience(realm.getName());
         if (realm.getTokenLifespan() > 0)
         {
            token.expiration((System.currentTimeMillis() / 1000) + realm.getTokenLifespan());
         }
         SkeletonKeyScope scope = null;
         byte[] bytes = Base64Url.decode(scopeParam);
         try
         {
            scope = JsonSerialization.fromBytes(SkeletonKeyScope.class, bytes);
         }
         catch (IOException e)
         {
            throw new RuntimeException(e);
         }
         for (String res : scope.keySet())
         {
            Resource resource = identityManager.getResource(realm, res);
            ScopeMapping scopeMapping = identityManager.getScopeMapping(realm, resource, client);
            RoleMapping roleMapping = identityManager.getRoleMapping(realm, resource, user);
            SkeletonKeyToken.Access access = token.addAccess(resource.getName());
            for (String role : scope.get(res))
            {
               if (!scopeMapping.getRoles().contains(role))
               {
                  throw new ForbiddenException(Response.status(403).entity("<h1>Security Alert</h1><p>Known client not authorized for the requested scope.</p>").type("text/html").build());
               }

            }
            html.append("<p/><p><b>").append(validationError).append("</b></p>");
         }
         html.append("<p>A Third Party is requesting access to the following resources</p>");
         html.append("<table>");
         SkeletonKeyScope scope = null;
         byte[] bytes = Base64Url.decode(scopeParam);
         try
         {
            scope = JsonSerialization.fromBytes(SkeletonKeyScope.class, bytes);
         }
         catch (IOException e)
         {
            throw new RuntimeException(e);
         }
         for (String res : scope.keySet())
         {
            Resource resource = identityManager.getResource(realm, res);
            html.append("<tr><td><b>Resource: </b>").append(resource.getName()).append("</td><td><b>Roles:</b>");
            ScopeMapping mapping = identityManager.getScopeMapping(realm, resource, client);
            for (String role : scope.get(res))
            {
               html.append(" ").append(role);
               if (!mapping.getRoles().contains(role))
               {
                  return Response.ok("<h1>Security Alert</h1><p>Known client not authorized for the requested scope.</p>").type("text/html").build();
               }
            }
            html.append("</td></tr>");
         }
         html.append("</table><p>To Authorize, please login below</p>");
      }
      else
      {
         ScopeMapping mapping = identityManager.getScopeMapping(realm, client);
         if (mapping != null && mapping.getRoles().contains("login"))
         {
            html.append("<h1>Login For ").append(realm.getName()).append(" Realm</h1>");
            if (validationError != null)
            {
               try
               {
                  Thread.sleep(1000); // put in a delay
               }
               catch (InterruptedException e)
               {
                  throw new RuntimeException(e);
               }
               html.append("<p/><p><b>").append(validationError).append("</b></p>");
            }
         }
         else
         {
            html.append("<h1>Grant Request For ").append(realm.getName()).append(" Realm</h1>");
            if (validationError != null)
            {
               try
               {
                  Thread.sleep(1000); // put in a delay
               }
               catch (InterruptedException e)
               {
                  throw new RuntimeException(e);
               }
               html.append("<p/><p><b>").append(validationError).append("</b></p>");
            }
            SkeletonKeyScope scope = new SkeletonKeyScope();
            List<Resource> resources = identityManager.getResources(realm);
            boolean found = false;
            for (Resource resource : resources)
            {
               ScopeMapping resourceScope = identityManager.getScopeMapping(realm, resource, client);
               if (resourceScope == null) continue;
               if (resourceScope.getRoles().size() == 0) continue;
               if (!found)
               {
                  found = true;
                  html.append("<p>A Third Party is requesting access to the following resources</p>");
                  html.append("<table>");
               }
               html.append("<tr><td><b>Resource: </b>").append(resource.getName()).append("</td><td><b>Roles:</b>");
               // todo add description of role
               for (String role : resourceScope.getRoles())
               {
                  html.append(" ").append(role);
                  scope.add(resource.getName(), role);
               }
            }
            if (!found)
            {
               return Response.ok("<h1>Security Alert</h1><p>Known client not authorized to access this realm.</p>").type("text/html").build();