mirror of
https://repository.entgra.net/community/device-mgt-core.git
synced 2025-10-06 02:01:45 +00:00
Fixed SSO
This commit is contained in:
Amalka Subasinghe
parent
23b25fb540
commit
0162753d6a
@ -123,6 +123,7 @@ public class APIManagementProviderServiceImpl implements APIManagementProviderSe
|
||||
application = new Application(applicationName, subscriber);
|
||||
application.setTier(ApiApplicationConstants.DEFAULT_TIER);
|
||||
application.setGroupId("");
|
||||
application.setTokenType("OAUTH");
|
||||
apiConsumer.addApplication(application, username);
|
||||
application = apiConsumer.getApplicationsByName(username, applicationName, "");
|
||||
} else {
|
||||
|
||||
@ -24,7 +24,6 @@ import com.google.gson.JsonObject;
|
||||
import com.google.gson.JsonParser;
|
||||
import com.google.gson.JsonSyntaxException;
|
||||
import io.entgra.ui.request.interceptor.beans.AuthData;
|
||||
import io.entgra.ui.request.interceptor.beans.ProxyResponse;
|
||||
import io.entgra.ui.request.interceptor.exceptions.LoginException;
|
||||
import io.entgra.ui.request.interceptor.util.HandlerConstants;
|
||||
import io.entgra.ui.request.interceptor.util.HandlerUtil;
|
||||
@ -35,12 +34,8 @@ import org.apache.http.HttpStatus;
|
||||
import org.apache.http.client.methods.HttpPost;
|
||||
import org.apache.http.entity.ContentType;
|
||||
import org.apache.http.entity.StringEntity;
|
||||
import org.wso2.carbon.apimgt.application.extension.APIManagementProviderService;
|
||||
import org.wso2.carbon.apimgt.application.extension.APIManagementProviderServiceImpl;
|
||||
import org.wso2.carbon.apimgt.application.extension.constants.ApiApplicationConstants;
|
||||
import org.wso2.carbon.apimgt.application.extension.dto.ApiApplicationKey;
|
||||
import org.wso2.carbon.apimgt.application.extension.exception.APIManagerException;
|
||||
import org.wso2.carbon.context.PrivilegedCarbonContext;
|
||||
import org.apache.http.protocol.HTTP;
|
||||
import io.entgra.ui.request.interceptor.beans.ProxyResponse;
|
||||
|
||||
import javax.servlet.annotation.MultipartConfig;
|
||||
import javax.servlet.annotation.WebServlet;
|
||||
@ -49,9 +44,7 @@ import javax.servlet.http.HttpServletRequest;
|
||||
import javax.servlet.http.HttpServletResponse;
|
||||
import javax.servlet.http.HttpSession;
|
||||
import java.io.IOException;
|
||||
import java.util.ArrayList;
|
||||
import java.util.Base64;
|
||||
import java.util.List;
|
||||
|
||||
@MultipartConfig
|
||||
@WebServlet("/login")
|
||||
@ -76,38 +69,28 @@ public class LoginHandler extends HttpServlet {
|
||||
httpSession = req.getSession(true);
|
||||
//setting session to expiry in 5 minutes
|
||||
httpSession.setMaxInactiveInterval(Math.toIntExact(HandlerConstants.TIMEOUT));
|
||||
//todo: amalka do we need this remote call?
|
||||
|
||||
JsonObject uiConfigJsonObject = HandlerUtil.getUIConfigAndPersistInSession(
|
||||
uiConfigUrl, gatewayUrl, httpSession, resp);
|
||||
|
||||
JsonArray tags = uiConfigJsonObject.get("appRegistration").getAsJsonObject().get("tags").getAsJsonArray();
|
||||
JsonArray scopes = uiConfigJsonObject.get("scopes").getAsJsonArray();
|
||||
|
||||
List<String> list = new ArrayList<String>();
|
||||
for(int i=0; i < tags.size(); i++) {
|
||||
list.add(tags.get(i).getAsString());
|
||||
HttpPost apiRegEndpoint = new HttpPost(gatewayUrl + HandlerConstants.APP_REG_ENDPOINT);
|
||||
apiRegEndpoint.setHeader(HttpHeaders.AUTHORIZATION, HandlerConstants.BASIC + Base64.getEncoder()
|
||||
.encodeToString((username + HandlerConstants.COLON + password).getBytes()));
|
||||
apiRegEndpoint.setHeader(HTTP.CONTENT_TYPE, ContentType.APPLICATION_JSON.toString());
|
||||
apiRegEndpoint.setEntity(HandlerUtil.constructAppRegPayload(
|
||||
tags, HandlerConstants.PUBLISHER_APPLICATION_NAME, username, password));
|
||||
|
||||
ProxyResponse clientAppResponse = HandlerUtil.execute(apiRegEndpoint);
|
||||
|
||||
if (clientAppResponse.getCode() == HttpStatus.SC_UNAUTHORIZED) {
|
||||
HandlerUtil.handleError(resp, clientAppResponse);
|
||||
return;
|
||||
}
|
||||
|
||||
String[] tagsAsStringArray = list.toArray(new String[list.size()]);
|
||||
|
||||
String scopeString = HandlerUtil.getScopeString(scopes);
|
||||
|
||||
if (scopeString != null) {
|
||||
scopeString = scopeString.trim();
|
||||
} else {
|
||||
scopeString = "default";
|
||||
}
|
||||
|
||||
APIManagementProviderService apiManagementProviderService = new APIManagementProviderServiceImpl();
|
||||
ApiApplicationKey apiApplicationKey = apiManagementProviderService.generateAndRetrieveApplicationKeys(
|
||||
HandlerConstants.PUBLISHER_APPLICATION_NAME,
|
||||
tagsAsStringArray, HandlerConstants.PRODUCTION_KEY, username, false,
|
||||
ApiApplicationConstants.DEFAULT_VALIDITY_PERIOD);
|
||||
|
||||
if (apiApplicationKey != null && getTokenAndPersistInSession(apiApplicationKey.getConsumerKey(),
|
||||
apiApplicationKey.getConsumerSecret(), req, resp, scopes)) {
|
||||
log.info("tenantDomain : " + PrivilegedCarbonContext.getThreadLocalCarbonContext().getTenantDomain());
|
||||
log.info("username : " + PrivilegedCarbonContext.getThreadLocalCarbonContext().getUsername());
|
||||
if (clientAppResponse.getCode() == HttpStatus.SC_CREATED && getTokenAndPersistInSession(req, resp,
|
||||
clientAppResponse.getData(), scopes)) {
|
||||
ProxyResponse proxyResponse = new ProxyResponse();
|
||||
proxyResponse.setCode(HttpStatus.SC_OK);
|
||||
HandlerUtil.handleSuccess(resp, proxyResponse);
|
||||
@ -120,8 +103,6 @@ public class LoginHandler extends HttpServlet {
|
||||
log.error("Error occurred while parsing the response. ", e);
|
||||
} catch (LoginException e) {
|
||||
log.error("Error occurred while getting token data. ", e);
|
||||
} catch (APIManagerException e) {
|
||||
log.error("Error occurred while creating application. ", e);
|
||||
}
|
||||
}
|
||||
|
||||
@ -129,15 +110,19 @@ public class LoginHandler extends HttpServlet {
|
||||
* Generates token from token endpoint and persists them inside the session
|
||||
*
|
||||
* @param req - {@link HttpServletRequest}
|
||||
// * @param clientAppResult - clientAppResult
|
||||
* @param clientAppResult - clientAppResult
|
||||
* @param scopes - scopes defied in the application-mgt.xml
|
||||
* @throws LoginException - login exception throws when getting token result
|
||||
*/
|
||||
private boolean getTokenAndPersistInSession(String clientId, String clientSecret, HttpServletRequest req,
|
||||
HttpServletResponse resp, JsonArray scopes) throws LoginException {
|
||||
private boolean getTokenAndPersistInSession(HttpServletRequest req, HttpServletResponse resp,
|
||||
String clientAppResult, JsonArray scopes) throws LoginException {
|
||||
JsonParser jsonParser = new JsonParser();
|
||||
try {
|
||||
if (clientId != null && clientSecret != null) {
|
||||
JsonElement jClientAppResult = jsonParser.parse(clientAppResult);
|
||||
if (jClientAppResult.isJsonObject()) {
|
||||
JsonObject jClientAppResultAsJsonObject = jClientAppResult.getAsJsonObject();
|
||||
String clientId = jClientAppResultAsJsonObject.get("client_id").getAsString();
|
||||
String clientSecret = jClientAppResultAsJsonObject.get("client_secret").getAsString();
|
||||
String encodedClientApp = Base64.getEncoder()
|
||||
.encodeToString((clientId + HandlerConstants.COLON + clientSecret).getBytes());
|
||||
|
||||
@ -189,9 +174,6 @@ public class LoginHandler extends HttpServlet {
|
||||
if (HandlerConstants.HTTP_PROTOCOL.equals(req.getScheme())) {
|
||||
iotsCorePort = System.getProperty("iot.core.http.port");
|
||||
}
|
||||
|
||||
String keyManagerPort = System.getProperty("iot.keymanager.https.port");
|
||||
|
||||
username = req.getParameter("username");
|
||||
password = req.getParameter("password");
|
||||
gatewayUrl = req.getScheme() + HandlerConstants.SCHEME_SEPARATOR + System.getProperty("iot.gateway.host")
|
||||
@ -199,8 +181,8 @@ public class LoginHandler extends HttpServlet {
|
||||
uiConfigUrl = req.getScheme() + HandlerConstants.SCHEME_SEPARATOR + System.getProperty("iot.core.host")
|
||||
+ HandlerConstants.COLON + iotsCorePort + HandlerConstants.UI_CONFIG_ENDPOINT;
|
||||
keyManagerUrl = HandlerConstants.HTTPS_PROTOCOL + HandlerConstants.SCHEME_SEPARATOR +
|
||||
System.getProperty("iot.keymanager.host") + HandlerConstants.COLON + keyManagerPort;
|
||||
|
||||
System.getProperty("iot.keymanager.host") + HandlerConstants.COLON
|
||||
+ System.getProperty("iot.keymanager.https.port");
|
||||
if (username == null || password == null) {
|
||||
String msg = "Invalid login request. Username or Password is not received for login request.";
|
||||
log.error(msg);
|
||||
|
||||
@ -60,8 +60,11 @@ public class SsoLoginCallbackHandler extends HttpServlet {
|
||||
+ HandlerConstants.COLON + HandlerUtil.getGatewayPort(req.getScheme());
|
||||
String iotsCoreUrl = req.getScheme() + HandlerConstants.SCHEME_SEPARATOR + System.getProperty("iot.core.host")
|
||||
+ HandlerConstants.COLON + iotsCorePort;
|
||||
String keyManagerUrl = req.getScheme() + HandlerConstants.SCHEME_SEPARATOR
|
||||
+ System.getProperty("iot.keymanager.host") + HandlerConstants.COLON
|
||||
+ System.getProperty("iot.keymanager.https.port");
|
||||
|
||||
HttpPost tokenEndpoint = new HttpPost(gatewayUrl + HandlerConstants.TOKEN_ENDPOINT);
|
||||
HttpPost tokenEndpoint = new HttpPost(keyManagerUrl + HandlerConstants.TOKEN_ENDPOINT);
|
||||
tokenEndpoint.setHeader(HttpHeaders.AUTHORIZATION, HandlerConstants.BASIC + session.getAttribute("encodedClientApp"));
|
||||
tokenEndpoint.setHeader(HttpHeaders.CONTENT_TYPE, ContentType.APPLICATION_FORM_URLENCODED.toString());
|
||||
|
||||
|
||||
@ -69,6 +69,7 @@ public class SsoLoginHandler extends HttpServlet {
|
||||
private static String adminPassword;
|
||||
private static String gatewayUrl;
|
||||
private static String iotsCoreUrl;
|
||||
private static String keyManagerUrl;
|
||||
private static String encodedAdminCredentials;
|
||||
private static String encodedClientApp;
|
||||
private static String applicationId;
|
||||
@ -101,7 +102,7 @@ public class SsoLoginHandler extends HttpServlet {
|
||||
*/
|
||||
private void dynamicClientRegistration(HttpServletRequest req, HttpServletResponse resp) {
|
||||
try {
|
||||
File userMgtConf = new File("conf/user-mgt.xml");
|
||||
File userMgtConf = new File("repository/conf/user-mgt.xml");
|
||||
DocumentBuilderFactory dbFactory = DocumentBuilderFactory.newInstance();
|
||||
DocumentBuilder dBuilder = dbFactory.newDocumentBuilder();
|
||||
Document doc = dBuilder.parse(userMgtConf);
|
||||
@ -123,6 +124,9 @@ public class SsoLoginHandler extends HttpServlet {
|
||||
iotsCoreUrl = req.getScheme() + HandlerConstants.SCHEME_SEPARATOR + System.getProperty("iot.core.host")
|
||||
+ HandlerConstants.COLON + iotsCorePort;
|
||||
String uiConfigUrl = iotsCoreUrl + HandlerConstants.UI_CONFIG_ENDPOINT;
|
||||
keyManagerUrl = HandlerConstants.HTTPS_PROTOCOL + HandlerConstants.SCHEME_SEPARATOR +
|
||||
System.getProperty("iot.keymanager.host") + HandlerConstants.COLON
|
||||
+ System.getProperty("iot.keymanager.https.port");
|
||||
|
||||
httpSession = req.getSession(false);
|
||||
if (httpSession != null) {
|
||||
@ -211,7 +215,7 @@ public class SsoLoginHandler extends HttpServlet {
|
||||
ProxyResponse updateApplicationGrantTypesEndpointResponse = HandlerUtil.execute(updateApplicationGrantTypesEndpoint);
|
||||
|
||||
// Update app as a SaaS app
|
||||
this.updateSaasApp(applicationName);
|
||||
this.updateSaasApp(applicationId);
|
||||
|
||||
if (updateApplicationGrantTypesEndpointResponse.getCode() == HttpStatus.SC_UNAUTHORIZED) {
|
||||
HandlerUtil.handleError(resp, updateApplicationGrantTypesEndpointResponse);
|
||||
@ -262,7 +266,7 @@ public class SsoLoginHandler extends HttpServlet {
|
||||
* @throws IOException IO exception throws if an error occurred when invoking token endpoint
|
||||
*/
|
||||
private ProxyResponse getTokenResult(String encodedClientApp) throws IOException {
|
||||
HttpPost tokenEndpoint = new HttpPost(gatewayUrl + HandlerConstants.TOKEN_ENDPOINT);
|
||||
HttpPost tokenEndpoint = new HttpPost(keyManagerUrl + HandlerConstants.TOKEN_ENDPOINT);
|
||||
tokenEndpoint.setHeader(HttpHeaders.AUTHORIZATION, HandlerConstants.BASIC + encodedClientApp);
|
||||
tokenEndpoint.setHeader(HttpHeaders.CONTENT_TYPE, ContentType.APPLICATION_FORM_URLENCODED.toString());
|
||||
|
||||
|
||||
@ -25,7 +25,7 @@ public class HandlerConstants {
|
||||
public static final String TOKEN_ENDPOINT = "/oauth2/token";
|
||||
public static final String INTROSPECT_ENDPOINT = "/oauth2/introspect";
|
||||
public static final String AUTHORIZATION_ENDPOINT = "/oauth2/authorize";
|
||||
public static final String APIM_APPLICATIONS_ENDPOINT = "/api/am/store/v0.12/applications/";
|
||||
public static final String APIM_APPLICATIONS_ENDPOINT = "/api/am/devportal/v2/applications/";
|
||||
public static final String IDENTITY_APP_MGT_ENDPOINT = "/services/IdentityApplicationManagementService.IdentityApplicationManagementServiceHttpsSoap11Endpoint";
|
||||
public static final String LOGIN_PAGE = "/login";
|
||||
public static final String SSO_LOGIN_CALLBACK = "/ssoLoginCallback";
|
||||
@ -67,7 +67,7 @@ public class HandlerConstants {
|
||||
|
||||
public static final String OTP_HEADER = "one-time-token";
|
||||
|
||||
public static final String AX_PREFIX = "ax2317:";
|
||||
public static final String AX_PREFIX = "ax2251:";
|
||||
public static final String PAYLOADS_DIR = "repository/resources/payloads";
|
||||
public static final String SOAP_ACTION_HEADER = "SOAPAction";
|
||||
|
||||
|
||||
@ -19,7 +19,7 @@
|
||||
|
||||
<UIConfiguration>
|
||||
<EnableOAuth>true</EnableOAuth>
|
||||
<EnableSSO>false</EnableSSO>
|
||||
<EnableSSO>true</EnableSSO>
|
||||
<AppRegistration>
|
||||
<Tags>
|
||||
<Tag>application_management</Tag>
|
||||
|
||||
@ -26,7 +26,7 @@
|
||||
{% if mdm_ui_conf.enable_sso is defined %}
|
||||
<EnableSSO>{{mdm_ui_conf.enable_sso}}</EnableSSO>
|
||||
{% else %}
|
||||
<EnableSSO>false</EnableSSO>
|
||||
<EnableSSO>true</EnableSSO>
|
||||
{% endif %}
|
||||
<AppRegistration>
|
||||
<Tags>
|
||||
|
||||
@ -4,3 +4,4 @@ org.eclipse.equinox.p2.touchpoint.natives.copy(source:${installFolder}/../featur
|
||||
org.eclipse.equinox.p2.touchpoint.natives.copy(source:${installFolder}/../features/io.entgra.ui.request.interceptor_${feature.version}/webapps/ui-request-handler.war,target:${installFolder}/../../deployment/server/webapps/store-ui-request-handler.war,overwrite:true);\
|
||||
org.eclipse.equinox.p2.touchpoint.natives.copy(source:${installFolder}/../features/io.entgra.ui.request.interceptor_${feature.version}/webapps/ui-request-handler.war,target:${installFolder}/../../deployment/server/webapps/entgra-ui-request-handler.war,overwrite:true);\
|
||||
org.eclipse.equinox.p2.touchpoint.natives.copy(source:${installFolder}/../features/io.entgra.ui.request.interceptor_${feature.version}/webapps/ui-request-handler.war,target:${installFolder}/../../deployment/server/webapps/mdm-reports-ui-request-handler.war,overwrite:true);\
|
||||
org.eclipse.equinox.p2.touchpoint.natives.copy(source:${installFolder}/../features/io.entgra.ui.request.interceptor_${feature.version}/payloads/,target:${installFolder}/../../resources/payloads/,overwrite:true);\
|
||||
|
||||
@ -0,0 +1,8 @@
|
||||
<soapenv:Envelope xmlns:soapenv="http://schemas.xmlsoap.org/soap/envelope/" xmlns:xsd="http://org.apache.axis2/xsd">
|
||||
<soapenv:Header/>
|
||||
<soapenv:Body>
|
||||
<xsd:getApplication>
|
||||
<xsd:applicationName>${applicationName}</xsd:applicationName>
|
||||
</xsd:getApplication>
|
||||
</soapenv:Body>
|
||||
</soapenv:Envelope>
|
||||
@ -0,0 +1,55 @@
|
||||
<?xml version="1.0" encoding="UTF-8"?>
|
||||
<soapenv:Envelope xmlns:soapenv="http://schemas.xmlsoap.org/soap/envelope/" xmlns:xsd="http://org.apache.axis2/xsd" xmlns:xsd1="http://model.common.application.identity.carbon.wso2.org/xsd" xmlns:xsd2="http://script.model.common.application.identity.carbon.wso2.org/xsd">
|
||||
<soapenv:Header />
|
||||
<soapenv:Body>
|
||||
<xsd:updateApplication>
|
||||
<xsd:serviceProvider>
|
||||
<xsd1:applicationID>${applicationId}</xsd1:applicationID>
|
||||
<xsd1:applicationName>${applicationName}</xsd1:applicationName>
|
||||
<!-- <xsd1:certificateContent>?</xsd1:certificateContent> -->
|
||||
<xsd1:description>${description}</xsd1:description>
|
||||
<xsd1:inboundAuthenticationConfig>
|
||||
<xsd1:inboundAuthenticationRequestConfigs>
|
||||
<!-- <xsd1:friendlyName>?</xsd1:friendlyName> -->
|
||||
<xsd1:inboundAuthKey>${inboundAuthKey}</xsd1:inboundAuthKey>
|
||||
<xsd1:inboundAuthType>${inboundAuthType}</xsd1:inboundAuthType>
|
||||
<xsd1:inboundConfigType>${inboundConfigType}</xsd1:inboundConfigType>
|
||||
<!-- <xsd1:properties>
|
||||
<xsd1:advanced>?</xsd1:advanced>
|
||||
<xsd1:confidential>?</xsd1:confidential>
|
||||
<xsd1:defaultValue>?</xsd1:defaultValue>
|
||||
<xsd1:description>?</xsd1:description>
|
||||
<xsd1:displayName>?</xsd1:displayName>
|
||||
<xsd1:displayOrder>?</xsd1:displayOrder>
|
||||
<xsd1:name>?</xsd1:name>
|
||||
<xsd1:required>false</xsd1:required>
|
||||
<xsd1:type>?</xsd1:type>
|
||||
<xsd1:value>?</xsd1:value>
|
||||
</xsd1:properties> -->
|
||||
</xsd1:inboundAuthenticationRequestConfigs>
|
||||
</xsd1:inboundAuthenticationConfig>
|
||||
<!-- <xsd1:inboundProvisioningConfig>
|
||||
<xsd1:dumbMode>?</xsd1:dumbMode>
|
||||
<xsd1:provisioningEnabled>?</xsd1:provisioningEnabled>
|
||||
<xsd1:provisioningUserStore>?</xsd1:provisioningUserStore>
|
||||
</xsd1:inboundProvisioningConfig>
|
||||
<xsd1:outboundProvisioningConfig>
|
||||
<xsd1:provisionByRoleList>?</xsd1:provisionByRoleList>
|
||||
</xsd1:outboundProvisioningConfig> -->
|
||||
<xsd1:owner>
|
||||
<xsd1:tenantDomain>${tenantDomain}</xsd1:tenantDomain>
|
||||
<xsd1:userName>${userName}</xsd1:userName>
|
||||
<xsd1:userStoreDomain>${userStoreDomain}</xsd1:userStoreDomain>
|
||||
</xsd1:owner>
|
||||
<xsd1:saasApp>${saasApp}</xsd1:saasApp>
|
||||
<xsd1:spProperties>
|
||||
<!-- <xsd1:displayName>?</xsd1:displayName> -->
|
||||
<xsd1:name>displayName</xsd1:name>
|
||||
<xsd1:value>${displayName}</xsd1:value>
|
||||
</xsd1:spProperties>
|
||||
<xsd1:permissionAndRoleConfig></xsd1:permissionAndRoleConfig>
|
||||
</xsd:serviceProvider>
|
||||
</xsd:updateApplication>
|
||||
</soapenv:Body>
|
||||
</soapenv:Envelope>
|
||||
|
||||
Loading…
Reference in New Issue
Block a user