mirror of
https://repository.entgra.net/community/device-mgt-core.git
synced 2025-10-06 02:01:45 +00:00
Refactored dynamic client code & add tenancy handling to authenticators
This commit is contained in:
harshanl
parent
d2df5a749a
commit
b0d6038b69
@ -27,10 +27,7 @@ import org.wso2.carbon.dynamic.client.registration.DynamicClientRegistrationServ
|
||||
public class DynamicClientUtil {
|
||||
|
||||
public static DynamicClientRegistrationService getDynamicClientRegistrationService() {
|
||||
DynamicClientRegistrationService dynamicClientRegistrationService;
|
||||
PrivilegedCarbonContext ctx = PrivilegedCarbonContext.getThreadLocalCarbonContext();
|
||||
dynamicClientRegistrationService =
|
||||
(DynamicClientRegistrationService) ctx.getOSGiService(DynamicClientRegistrationService.class, null);
|
||||
return dynamicClientRegistrationService;
|
||||
return (DynamicClientRegistrationService) ctx.getOSGiService(DynamicClientRegistrationService.class, null);
|
||||
}
|
||||
}
|
||||
|
||||
@ -46,30 +46,30 @@ public class RegistrationServiceImpl implements RegistrationService {
|
||||
@POST
|
||||
@Override
|
||||
public Response register(RegistrationProfile profile) {
|
||||
Response response;
|
||||
try {
|
||||
PrivilegedCarbonContext.startTenantFlow();
|
||||
PrivilegedCarbonContext.getThreadLocalCarbonContext().setTenantDomain(
|
||||
MultitenantConstants.SUPER_TENANT_DOMAIN_NAME);
|
||||
PrivilegedCarbonContext.getThreadLocalCarbonContext().
|
||||
setTenantId(MultitenantConstants.SUPER_TENANT_ID);
|
||||
|
||||
DynamicClientRegistrationService dynamicClientRegistrationService = DynamicClientUtil.
|
||||
getDynamicClientRegistrationService();
|
||||
if (dynamicClientRegistrationService != null) {
|
||||
OAuthApplicationInfo info = dynamicClientRegistrationService.
|
||||
registerOAuthApplication(profile);
|
||||
OAuthApplicationInfo info = dynamicClientRegistrationService.registerOAuthApplication(profile);
|
||||
return Response.status(Response.Status.CREATED).entity(info.toString()).build();
|
||||
}
|
||||
return Response.status(Response.Status.INTERNAL_SERVER_ERROR).
|
||||
response = Response.status(Response.Status.INTERNAL_SERVER_ERROR).
|
||||
entity("Dynamic Client Registration Service not available.").build();
|
||||
} catch (DynamicClientRegistrationException e) {
|
||||
String msg = "Error occurred while registering client '" + profile.getClientName() + "'";
|
||||
log.error(msg, e);
|
||||
return Response.status(Response.Status.BAD_REQUEST).entity(
|
||||
response = Response.status(Response.Status.BAD_REQUEST).entity(
|
||||
new FaultResponse(ErrorCode.INVALID_CLIENT_METADATA, msg)).build();
|
||||
} finally {
|
||||
PrivilegedCarbonContext.endTenantFlow();
|
||||
}
|
||||
return response;
|
||||
}
|
||||
|
||||
@DELETE
|
||||
@ -77,26 +77,32 @@ public class RegistrationServiceImpl implements RegistrationService {
|
||||
public Response unregister(@QueryParam("applicationName") String applicationName,
|
||||
@QueryParam("userId") String userId,
|
||||
@QueryParam("consumerKey") String consumerKey) {
|
||||
Response response;
|
||||
try {
|
||||
PrivilegedCarbonContext.startTenantFlow();
|
||||
PrivilegedCarbonContext.getThreadLocalCarbonContext().setTenantDomain(
|
||||
MultitenantConstants.SUPER_TENANT_DOMAIN_NAME);
|
||||
PrivilegedCarbonContext.getThreadLocalCarbonContext().setTenantId(MultitenantConstants.SUPER_TENANT_ID);
|
||||
DynamicClientRegistrationService dynamicClientRegistrationService = DynamicClientUtil.
|
||||
getDynamicClientRegistrationService();
|
||||
if (dynamicClientRegistrationService != null) {
|
||||
boolean status = dynamicClientRegistrationService.unregisterOAuthApplication(userId,
|
||||
applicationName,
|
||||
boolean status = dynamicClientRegistrationService.unregisterOAuthApplication(userId, applicationName,
|
||||
consumerKey);
|
||||
if (status) {
|
||||
return Response.status(Response.Status.ACCEPTED).build();
|
||||
}
|
||||
return Response.status(Response.Status.BAD_REQUEST).build();
|
||||
}
|
||||
return Response.status(Response.Status.INTERNAL_SERVER_ERROR).
|
||||
response = Response.status(Response.Status.INTERNAL_SERVER_ERROR).
|
||||
entity("Dynamic Client Registration Service not available.").build();
|
||||
} catch (DynamicClientRegistrationException e) {
|
||||
String msg = "Error occurred while un-registering client '" + applicationName + "'";
|
||||
log.error(msg, e);
|
||||
return Response.serverError().
|
||||
entity(new FaultResponse(ErrorCode.INVALID_CLIENT_METADATA, msg)).build();
|
||||
response = Response.serverError().entity(new FaultResponse(ErrorCode.INVALID_CLIENT_METADATA, msg)).build();
|
||||
} finally {
|
||||
PrivilegedCarbonContext.endTenantFlow();
|
||||
}
|
||||
return response;
|
||||
}
|
||||
|
||||
}
|
||||
|
||||
@ -26,6 +26,7 @@ public final class ApplicationConstants {
|
||||
private ClientMetadata() {
|
||||
throw new AssertionError();
|
||||
}
|
||||
//todo refactor names
|
||||
public static final String OAUTH_CLIENT_ID = "client_id"; //this means consumer key
|
||||
public static final String OAUTH_CLIENT_SECRET = "client_secret";
|
||||
public static final String OAUTH_REDIRECT_URIS = "redirect_uris";
|
||||
@ -36,7 +37,7 @@ public final class ApplicationConstants {
|
||||
public static final String APP_CALLBACK_URL = "callback_url";
|
||||
public static final String APP_HOME_PAGE = "homepage";
|
||||
public static final String OAUTH_CLIENT_CONTACT = "contact";
|
||||
public static final String APP_LOGOURI = "logouri";
|
||||
public static final String APP_LOGO_URI = "logo_uri";
|
||||
public static final String OAUTH_CLIENT_SCOPE = "scope";
|
||||
public static final String OAUTH_CLIENT_GRANT = "grant_types";
|
||||
public static final String OAUTH_CLIENT_RESPONSETYPE = "response_types";
|
||||
|
||||
@ -19,7 +19,7 @@
|
||||
package org.wso2.carbon.dynamic.client.registration;
|
||||
|
||||
/**
|
||||
* Custom exception to be thrown inside DynamicClientRegistration related functionalities.
|
||||
* Custom exception to be thrown inside DynamicClientRegistration related functionality.
|
||||
*/
|
||||
public class DynamicClientRegistrationException extends Exception {
|
||||
|
||||
|
||||
@ -21,7 +21,8 @@ package org.wso2.carbon.dynamic.client.registration;
|
||||
import org.wso2.carbon.dynamic.client.registration.profile.RegistrationProfile;
|
||||
|
||||
/**
|
||||
* This class represents the interface to be implemented by DynamicClientRegistrationService.
|
||||
* This class represents the interface to be implemented by DynamicClientRegistrationService which
|
||||
* is used to support the Dynamic-client-authentication protocol.
|
||||
*/
|
||||
public interface DynamicClientRegistrationService {
|
||||
|
||||
@ -34,7 +35,7 @@ public interface DynamicClientRegistrationService {
|
||||
* @throws DynamicClientRegistrationException
|
||||
*
|
||||
*/
|
||||
public OAuthApplicationInfo registerOAuthApplication(
|
||||
OAuthApplicationInfo registerOAuthApplication(
|
||||
RegistrationProfile profile) throws DynamicClientRegistrationException;
|
||||
|
||||
/**
|
||||
@ -47,7 +48,7 @@ public interface DynamicClientRegistrationService {
|
||||
* @throws DynamicClientRegistrationException
|
||||
*
|
||||
*/
|
||||
public boolean unregisterOAuthApplication(String userName, String applicationName,
|
||||
boolean unregisterOAuthApplication(String userName, String applicationName,
|
||||
String consumerKey) throws DynamicClientRegistrationException;
|
||||
|
||||
/**
|
||||
@ -58,6 +59,6 @@ public interface DynamicClientRegistrationService {
|
||||
* @throws DynamicClientRegistrationException
|
||||
*
|
||||
*/
|
||||
public boolean isOAuthApplicationExists(String applicationName) throws DynamicClientRegistrationException;
|
||||
boolean isOAuthApplicationAvailable(String applicationName) throws DynamicClientRegistrationException;
|
||||
|
||||
}
|
||||
|
||||
@ -38,12 +38,13 @@ import org.wso2.carbon.identity.sso.saml.admin.SAMLSSOConfigAdmin;
|
||||
import org.wso2.carbon.identity.sso.saml.dto.SAMLSSOServiceProviderDTO;
|
||||
import org.wso2.carbon.registry.core.Registry;
|
||||
import org.wso2.carbon.utils.multitenancy.MultitenantUtils;
|
||||
|
||||
import java.util.Arrays;
|
||||
|
||||
/**
|
||||
* Implementation of DynamicClientRegistrationService.
|
||||
*/
|
||||
public class DynamicClientRegistrationImpl implements DynamicClientRegistrationService {
|
||||
public class DynamicClientRegistrationServiceImpl implements DynamicClientRegistrationService {
|
||||
|
||||
private static final String TOKEN_SCOPE = "tokenScope";
|
||||
private static final String MDM = "mdm";
|
||||
@ -54,12 +55,14 @@ public class DynamicClientRegistrationImpl implements DynamicClientRegistrationS
|
||||
private static final String ASSERTION_CONSUMER_URI = "https://localhost:9443/mdm/sso/acs";
|
||||
private static final String AUDIENCE = "https://null:9443/oauth2/token";
|
||||
private static final Log log = LogFactory.getLog(DynamicClientRegistrationService.class);
|
||||
private static final String AUTH_TYPE_OAUTH_2 = "oauth2";
|
||||
private static final String OAUTH_CONSUMER_SECRET = "oauthConsumerSecret";
|
||||
private static final int STEP_ORDER = 1;
|
||||
|
||||
@Override
|
||||
public OAuthApplicationInfo registerOAuthApplication(RegistrationProfile profile)
|
||||
throws DynamicClientRegistrationException {
|
||||
public OAuthApplicationInfo registerOAuthApplication(RegistrationProfile profile) throws
|
||||
DynamicClientRegistrationException {
|
||||
OAuthApplicationInfo oAuthApplicationInfo = new OAuthApplicationInfo();
|
||||
|
||||
String applicationName = profile.getClientName();
|
||||
|
||||
if (log.isDebugEnabled()) {
|
||||
@ -74,9 +77,10 @@ public class DynamicClientRegistrationImpl implements DynamicClientRegistrationS
|
||||
OAuthApplicationInfo info;
|
||||
try {
|
||||
info = this.createOAuthApplication(profile);
|
||||
} catch (Exception e) {
|
||||
throw new DynamicClientRegistrationException(
|
||||
"Can not create OAuth application : " + applicationName, e);
|
||||
} catch (DynamicClientRegistrationException e) {
|
||||
throw new DynamicClientRegistrationException("Can not create OAuth application : " + applicationName, e);
|
||||
} catch (IdentityException e) {
|
||||
throw new DynamicClientRegistrationException("Can not create OAuth application : " + applicationName, e);
|
||||
}
|
||||
|
||||
if (info == null || info.getJsonString() == null) {
|
||||
@ -92,18 +96,14 @@ public class DynamicClientRegistrationImpl implements DynamicClientRegistrationS
|
||||
try {
|
||||
JSONObject jsonObject = new JSONObject(info.getJsonString());
|
||||
if (jsonObject.has(ApplicationConstants.ClientMetadata.OAUTH_REDIRECT_URIS)) {
|
||||
oAuthApplicationInfo
|
||||
.addParameter(ApplicationConstants.ClientMetadata.OAUTH_REDIRECT_URIS,
|
||||
oAuthApplicationInfo.addParameter(ApplicationConstants.ClientMetadata.OAUTH_REDIRECT_URIS,
|
||||
jsonObject
|
||||
.get(ApplicationConstants.ClientMetadata.
|
||||
OAUTH_REDIRECT_URIS));
|
||||
.get(ApplicationConstants.ClientMetadata.OAUTH_REDIRECT_URIS));
|
||||
}
|
||||
|
||||
if (jsonObject.has(ApplicationConstants.ClientMetadata.OAUTH_CLIENT_GRANT)) {
|
||||
oAuthApplicationInfo.addParameter(ApplicationConstants.ClientMetadata.
|
||||
OAUTH_CLIENT_GRANT, jsonObject
|
||||
.get(ApplicationConstants.ClientMetadata.
|
||||
OAUTH_CLIENT_GRANT));
|
||||
oAuthApplicationInfo.addParameter(ApplicationConstants.ClientMetadata.OAUTH_CLIENT_GRANT, jsonObject
|
||||
.get(ApplicationConstants.ClientMetadata.OAUTH_CLIENT_GRANT));
|
||||
}
|
||||
} catch (JSONException e) {
|
||||
throw new DynamicClientRegistrationException(
|
||||
@ -113,8 +113,7 @@ public class DynamicClientRegistrationImpl implements DynamicClientRegistrationS
|
||||
}
|
||||
|
||||
private OAuthApplicationInfo createOAuthApplication(
|
||||
RegistrationProfile profile)
|
||||
throws DynamicClientRegistrationException, IdentityException {
|
||||
RegistrationProfile profile) throws DynamicClientRegistrationException, IdentityException {
|
||||
|
||||
//Subscriber's name should be passed as a parameter, since it's under the subscriber
|
||||
//the OAuth App is created.
|
||||
@ -152,27 +151,22 @@ public class DynamicClientRegistrationImpl implements DynamicClientRegistrationS
|
||||
serviceProvider.setOwner(user);
|
||||
|
||||
serviceProvider.setDescription("Service Provider for application " + applicationName);
|
||||
|
||||
ApplicationManagementService appMgtService = DynamicClientRegistrationDataHolder.
|
||||
getInstance().getApplicationManagementService();
|
||||
ApplicationManagementService appMgtService = DynamicClientRegistrationDataHolder.getInstance().
|
||||
getApplicationManagementService();
|
||||
if (appMgtService == null) {
|
||||
throw new IllegalStateException(
|
||||
"Error occurred while retrieving Application Management" +
|
||||
"Service");
|
||||
throw new IllegalStateException("Error occurred while retrieving Application Management" + "Service");
|
||||
}
|
||||
|
||||
ServiceProvider existingServiceProvider = appMgtService.getServiceProvider(
|
||||
applicationName, tenantDomain);
|
||||
ServiceProvider existingServiceProvider = appMgtService.getServiceProvider(applicationName, tenantDomain);
|
||||
|
||||
if (existingServiceProvider == null) {
|
||||
appMgtService.createApplication(serviceProvider, tenantDomain, userName);
|
||||
}
|
||||
|
||||
ServiceProvider createdServiceProvider = appMgtService.getServiceProvider(
|
||||
applicationName, tenantDomain);
|
||||
ServiceProvider createdServiceProvider = appMgtService.getServiceProvider(applicationName, tenantDomain);
|
||||
if (createdServiceProvider == null) {
|
||||
throw new DynamicClientRegistrationException(
|
||||
"Couldn't create Service Provider Application " + applicationName);
|
||||
throw new DynamicClientRegistrationException("Couldn't create Service Provider Application " +
|
||||
applicationName);
|
||||
}
|
||||
//Set SaaS app option
|
||||
createdServiceProvider.setSaasApp(isSaaSApp);
|
||||
@ -187,8 +181,8 @@ public class DynamicClientRegistrationImpl implements DynamicClientRegistrationS
|
||||
log.debug("Creating OAuth App " + applicationName);
|
||||
}
|
||||
|
||||
if ((existingServiceProvider == null) || (existingServiceProvider.
|
||||
getInboundAuthenticationConfig().getInboundAuthenticationRequestConfigs().length == 0)) {
|
||||
if ((existingServiceProvider == null) || (existingServiceProvider.getInboundAuthenticationConfig().
|
||||
getInboundAuthenticationRequestConfigs().length == 0)) {
|
||||
oAuthAdminService.registerOAuthApplicationData(oAuthConsumerApp);
|
||||
}
|
||||
|
||||
@ -210,13 +204,12 @@ public class DynamicClientRegistrationImpl implements DynamicClientRegistrationS
|
||||
InboundAuthenticationRequestConfig inboundAuthenticationRequestConfig = new
|
||||
InboundAuthenticationRequestConfig();
|
||||
inboundAuthenticationRequestConfig.setInboundAuthKey(createdApp.getOauthConsumerKey());
|
||||
inboundAuthenticationRequestConfig.setInboundAuthType("oauth2");
|
||||
if (createdApp.getOauthConsumerSecret() != null && !createdApp.
|
||||
getOauthConsumerSecret()
|
||||
.isEmpty()) {
|
||||
inboundAuthenticationRequestConfig.setInboundAuthType(AUTH_TYPE_OAUTH_2);
|
||||
String oauthConsumerSecret = createdApp.getOauthConsumerSecret();
|
||||
if (oauthConsumerSecret != null && !oauthConsumerSecret.isEmpty()) {
|
||||
Property property = new Property();
|
||||
property.setName("oauthConsumerSecret");
|
||||
property.setValue(createdApp.getOauthConsumerSecret());
|
||||
property.setName(OAUTH_CONSUMER_SECRET);
|
||||
property.setValue(oauthConsumerSecret);
|
||||
Property[] properties = { property };
|
||||
inboundAuthenticationRequestConfig.setProperties(properties);
|
||||
}
|
||||
@ -240,7 +233,7 @@ public class DynamicClientRegistrationImpl implements DynamicClientRegistrationS
|
||||
localAuth.setEnabled(true);
|
||||
|
||||
AuthenticationStep authStep = new AuthenticationStep();
|
||||
authStep.setStepOrder(1);
|
||||
authStep.setStepOrder(STEP_ORDER);
|
||||
authStep.setSubjectStep(true);
|
||||
authStep.setAttributeStep(true);
|
||||
|
||||
@ -263,15 +256,13 @@ public class DynamicClientRegistrationImpl implements DynamicClientRegistrationS
|
||||
OAuthApplicationInfo oAuthApplicationInfo = new OAuthApplicationInfo();
|
||||
oAuthApplicationInfo.setClientId(createdApp.getOauthConsumerKey());
|
||||
oAuthApplicationInfo.setCallBackURL(createdApp.getCallbackUrl());
|
||||
oAuthApplicationInfo.setClientSecret(createdApp.getOauthConsumerSecret());
|
||||
oAuthApplicationInfo.setClientSecret(oauthConsumerSecret);
|
||||
oAuthApplicationInfo.setClientName(createdApp.getApplicationName());
|
||||
|
||||
oAuthApplicationInfo.addParameter(
|
||||
ApplicationConstants.ClientMetadata.OAUTH_REDIRECT_URIS,
|
||||
createdApp.getCallbackUrl());
|
||||
ApplicationConstants.ClientMetadata.OAUTH_REDIRECT_URIS, createdApp.getCallbackUrl());
|
||||
oAuthApplicationInfo.addParameter(
|
||||
ApplicationConstants.ClientMetadata.OAUTH_CLIENT_GRANT,
|
||||
createdApp.getGrantTypes());
|
||||
ApplicationConstants.ClientMetadata.OAUTH_CLIENT_GRANT, createdApp.getGrantTypes());
|
||||
|
||||
return oAuthApplicationInfo;
|
||||
} catch (IdentityApplicationManagementException e) {
|
||||
@ -287,20 +278,19 @@ public class DynamicClientRegistrationImpl implements DynamicClientRegistrationS
|
||||
}
|
||||
|
||||
protected Registry getConfigSystemRegistry() {
|
||||
return (Registry) PrivilegedCarbonContext.getThreadLocalCarbonContext().
|
||||
getRegistry(RegistryType.SYSTEM_CONFIGURATION);
|
||||
return (Registry) PrivilegedCarbonContext.getThreadLocalCarbonContext().getRegistry(RegistryType.
|
||||
SYSTEM_CONFIGURATION);
|
||||
}
|
||||
|
||||
@Override
|
||||
public boolean unregisterOAuthApplication(String userId, String applicationName,
|
||||
String consumerKey) throws DynamicClientRegistrationException {
|
||||
public boolean unregisterOAuthApplication(String userId, String applicationName, String consumerKey) throws
|
||||
DynamicClientRegistrationException {
|
||||
DynamicClientRegistrationUtil.validateUsername(userId);
|
||||
DynamicClientRegistrationUtil.validateApplicationName(applicationName);
|
||||
DynamicClientRegistrationUtil.validateConsumerKey(consumerKey);
|
||||
|
||||
boolean status = false;
|
||||
String tenantDomain = MultitenantUtils.getTenantDomain(userId);
|
||||
String baseUser = CarbonContext.getThreadLocalCarbonContext().getUsername();
|
||||
String userName = MultitenantUtils.getTenantAwareUsername(userId);
|
||||
|
||||
PrivilegedCarbonContext.startTenantFlow();
|
||||
@ -312,9 +302,9 @@ public class DynamicClientRegistrationImpl implements DynamicClientRegistrationS
|
||||
try {
|
||||
oAuthAdminService = new OAuthAdminService();
|
||||
oAuthConsumerApp = oAuthAdminService.getOAuthApplicationData(consumerKey);
|
||||
} catch (IdentityOAuthAdminException e) {
|
||||
throw new DynamicClientRegistrationException("Error occurred while retrieving application data", e);
|
||||
} catch (Exception e) {
|
||||
//We had to catch Exception here because getOAuthApplicationData can throw exceptions of java.lang.Exception
|
||||
// class.
|
||||
throw new DynamicClientRegistrationException("Error occurred while retrieving application data", e);
|
||||
}
|
||||
|
||||
@ -325,17 +315,15 @@ public class DynamicClientRegistrationImpl implements DynamicClientRegistrationS
|
||||
|
||||
try {
|
||||
oAuthAdminService.removeOAuthApplicationData(consumerKey);
|
||||
|
||||
ApplicationManagementService appMgtService = DynamicClientRegistrationDataHolder.
|
||||
getInstance().getApplicationManagementService();
|
||||
ApplicationManagementService appMgtService = DynamicClientRegistrationDataHolder.getInstance().
|
||||
getApplicationManagementService();
|
||||
|
||||
if (appMgtService == null) {
|
||||
throw new IllegalStateException(
|
||||
"Error occurred while retrieving Application Management" +
|
||||
"Service");
|
||||
}
|
||||
ServiceProvider createdServiceProvider = appMgtService.getServiceProvider(
|
||||
applicationName, tenantDomain);
|
||||
ServiceProvider createdServiceProvider = appMgtService.getServiceProvider(applicationName, tenantDomain);
|
||||
if (createdServiceProvider == null) {
|
||||
throw new DynamicClientRegistrationException(
|
||||
"Couldn't retrieve Service Provider Application " + applicationName);
|
||||
@ -348,36 +336,29 @@ public class DynamicClientRegistrationImpl implements DynamicClientRegistrationS
|
||||
} catch (IdentityOAuthAdminException e) {
|
||||
throw new DynamicClientRegistrationException("Error occurred while removing application '" +
|
||||
applicationName + "'", e);
|
||||
} catch (Exception e) {
|
||||
throw new DynamicClientRegistrationException("Error occurred while removing application '" +
|
||||
applicationName + "'", e);
|
||||
} finally {
|
||||
PrivilegedCarbonContext.endTenantFlow();
|
||||
PrivilegedCarbonContext.getThreadLocalCarbonContext().setUsername(baseUser);
|
||||
}
|
||||
return status;
|
||||
}
|
||||
|
||||
@Override
|
||||
public boolean isOAuthApplicationExists(String applicationName) throws DynamicClientRegistrationException {
|
||||
ApplicationManagementService appMgtService = DynamicClientRegistrationDataHolder.
|
||||
getInstance().getApplicationManagementService();
|
||||
public boolean isOAuthApplicationAvailable(String applicationName) throws DynamicClientRegistrationException {
|
||||
ApplicationManagementService appMgtService = DynamicClientRegistrationDataHolder.getInstance().
|
||||
getApplicationManagementService();
|
||||
if (appMgtService == null) {
|
||||
throw new IllegalStateException(
|
||||
"Error occurred while retrieving Application Management" +
|
||||
"Service");
|
||||
}
|
||||
try {
|
||||
if (appMgtService.getServiceProvider(applicationName,
|
||||
CarbonContext.getThreadLocalCarbonContext()
|
||||
.getTenantDomain()) != null) {
|
||||
return true;
|
||||
}
|
||||
return appMgtService.getServiceProvider(applicationName,
|
||||
CarbonContext.getThreadLocalCarbonContext().getTenantDomain()) !=
|
||||
null;
|
||||
} catch (IdentityApplicationManagementException e) {
|
||||
throw new DynamicClientRegistrationException(
|
||||
"Error occurred while retrieving information of OAuthApp " + applicationName, e);
|
||||
}
|
||||
return false;
|
||||
}
|
||||
|
||||
}
|
||||
@ -45,7 +45,7 @@ public class DynamicClientRegistrationDataHolder {
|
||||
return applicationManagementService;
|
||||
}
|
||||
|
||||
public void setApplicationManagementService(ApplicationManagementService realmService) {
|
||||
this.applicationManagementService = realmService;
|
||||
public void setApplicationManagementService(ApplicationManagementService applicationManagementService) {
|
||||
this.applicationManagementService = applicationManagementService;
|
||||
}
|
||||
}
|
||||
|
||||
@ -20,9 +20,10 @@ package org.wso2.carbon.dynamic.client.registration.internal;
|
||||
|
||||
import org.apache.commons.logging.Log;
|
||||
import org.apache.commons.logging.LogFactory;
|
||||
import org.osgi.framework.ServiceRegistration;
|
||||
import org.osgi.service.component.ComponentContext;
|
||||
import org.wso2.carbon.dynamic.client.registration.DynamicClientRegistrationService;
|
||||
import org.wso2.carbon.dynamic.client.registration.impl.DynamicClientRegistrationImpl;
|
||||
import org.wso2.carbon.dynamic.client.registration.impl.DynamicClientRegistrationServiceImpl;
|
||||
import org.wso2.carbon.identity.application.mgt.ApplicationManagementService;
|
||||
|
||||
/**
|
||||
@ -44,9 +45,9 @@ public class DynamicClientRegistrationServiceComponent {
|
||||
log.debug("Starting DynamicClientRegistrationServiceComponent");
|
||||
}
|
||||
DynamicClientRegistrationService dynamicClientRegistrationService =
|
||||
new DynamicClientRegistrationImpl();
|
||||
componentContext.getBundleContext().registerService(DynamicClientRegistrationService.class.getName(),
|
||||
dynamicClientRegistrationService, null);
|
||||
new DynamicClientRegistrationServiceImpl();
|
||||
componentContext.getBundleContext().registerService(
|
||||
DynamicClientRegistrationService.class.getName(), dynamicClientRegistrationService, null);
|
||||
}
|
||||
|
||||
@SuppressWarnings("unused")
|
||||
|
||||
@ -19,11 +19,11 @@ package org.wso2.carbon.dynamic.client.registration.profile;
|
||||
|
||||
/**
|
||||
*
|
||||
* DTO class to be used when registering a OAuth application.
|
||||
* DTO class to be used when registering an OAuth application.
|
||||
*
|
||||
* */
|
||||
public class RegistrationProfile {
|
||||
|
||||
//todo mark mandatory fields
|
||||
private String applicationType;
|
||||
private String[] redirectUris;
|
||||
private String clientName;
|
||||
|
||||
@ -41,11 +41,9 @@ import java.util.*;
|
||||
public class DynamicClientWebAppRegistrationManager {
|
||||
|
||||
private static DynamicClientWebAppRegistrationManager dynamicClientWebAppRegistrationManager;
|
||||
private static List<RegistrationProfile> registrationProfileList = new ArrayList<>();
|
||||
private static Map<String, ServletContext> webAppContexts = new HashMap<>();
|
||||
|
||||
private static final Log log =
|
||||
LogFactory.getLog(DynamicClientWebAppRegistrationManager.class);
|
||||
private static final Log log = LogFactory.getLog(DynamicClientWebAppRegistrationManager.class);
|
||||
|
||||
private DynamicClientWebAppRegistrationManager() {
|
||||
}
|
||||
@ -64,17 +62,14 @@ public class DynamicClientWebAppRegistrationManager {
|
||||
|
||||
public OAuthAppDetails registerOAuthApplication(RegistrationProfile registrationProfile) {
|
||||
if (log.isDebugEnabled()) {
|
||||
log.debug("Registering OAuth application for web app : " +
|
||||
registrationProfile.getClientName());
|
||||
log.debug("Registering OAuth application for web app : " + registrationProfile.getClientName());
|
||||
}
|
||||
if (DynamicClientWebAppRegistrationUtil.validateRegistrationProfile(registrationProfile)) {
|
||||
DynamicClientRegistrationService dynamicClientRegistrationService =
|
||||
DynamicClientWebAppRegistrationDataHolder.getInstance()
|
||||
.getDynamicClientRegistrationService();
|
||||
DynamicClientWebAppRegistrationDataHolder.getInstance().getDynamicClientRegistrationService();
|
||||
try {
|
||||
OAuthApplicationInfo oAuthApplicationInfo =
|
||||
dynamicClientRegistrationService
|
||||
.registerOAuthApplication(registrationProfile);
|
||||
dynamicClientRegistrationService.registerOAuthApplication(registrationProfile);
|
||||
OAuthAppDetails oAuthAppDetails = new OAuthAppDetails();
|
||||
oAuthAppDetails.setWebAppName(registrationProfile.getClientName());
|
||||
oAuthAppDetails.setClientName(oAuthApplicationInfo.getClientName());
|
||||
@ -84,19 +79,17 @@ public class DynamicClientWebAppRegistrationManager {
|
||||
if (DynamicClientWebAppRegistrationUtil.putOAuthApplicationData(oAuthAppDetails)) {
|
||||
return oAuthAppDetails;
|
||||
} else {
|
||||
dynamicClientRegistrationService
|
||||
.unregisterOAuthApplication(registrationProfile.getOwner(),
|
||||
dynamicClientRegistrationService.unregisterOAuthApplication(registrationProfile.getOwner(),
|
||||
oAuthApplicationInfo.getClientName(),
|
||||
oAuthApplicationInfo.getClientId());
|
||||
log.warn(
|
||||
"Error occurred while persisting the OAuth application data in registry.");
|
||||
log.warn("Error occurred while persisting the OAuth application data in registry.");
|
||||
}
|
||||
} catch (DynamicClientRegistrationException e) {
|
||||
log.error("Error occurred while registering the OAuth application : " +
|
||||
registrationProfile.getClientName(), e);
|
||||
}
|
||||
}
|
||||
return new OAuthAppDetails();
|
||||
return null;
|
||||
}
|
||||
|
||||
public OAuthAppDetails getOAuthApplicationData(String clientName) {
|
||||
@ -106,12 +99,13 @@ public class DynamicClientWebAppRegistrationManager {
|
||||
log.error("Error occurred while fetching the OAuth application data for web app : " +
|
||||
clientName, e);
|
||||
}
|
||||
return new OAuthAppDetails();
|
||||
return null;
|
||||
}
|
||||
|
||||
public boolean isRegisteredOAuthApplication(String clientName) {
|
||||
OAuthAppDetails oAuthAppDetails = this.getOAuthApplicationData(clientName);
|
||||
if (oAuthAppDetails.getClientKey() != null && oAuthAppDetails.getClientSecret() != null) {
|
||||
if (oAuthAppDetails != null && (oAuthAppDetails.getClientKey() != null && oAuthAppDetails.getClientSecret() !=
|
||||
null)) {
|
||||
return true;
|
||||
}
|
||||
return false;
|
||||
@ -126,59 +120,59 @@ public class DynamicClientWebAppRegistrationManager {
|
||||
String requiredDynamicClientRegistration, webAppName;
|
||||
ServletContext servletContext;
|
||||
RegistrationProfile registrationProfile;
|
||||
OAuthAppDetails oAuthAppDetails = new OAuthAppDetails();
|
||||
OAuthAppDetails oAuthAppDetails = null;
|
||||
DynamicClientWebAppRegistrationManager dynamicClientWebAppRegistrationManager =
|
||||
DynamicClientWebAppRegistrationManager.getInstance();
|
||||
|
||||
//todo move enumeration to while loop
|
||||
Enumeration enumeration = new IteratorEnumeration(DynamicClientWebAppRegistrationManager.
|
||||
webAppContexts.keySet().iterator());
|
||||
if (log.isDebugEnabled()) {
|
||||
log.debug("Initiating the DynamicClientRegistration service for web-apps");
|
||||
}
|
||||
while (enumeration.hasMoreElements()) {
|
||||
oAuthAppDetails = new OAuthAppDetails();
|
||||
webAppName = (String) enumeration.nextElement();
|
||||
servletContext = DynamicClientWebAppRegistrationManager.webAppContexts.get(webAppName);
|
||||
requiredDynamicClientRegistration = servletContext.getInitParameter(
|
||||
DynamicClientWebAppRegistrationConstants.DYNAMIC_CLIENT_REQUIRED_FLAG);
|
||||
//Java web-app section
|
||||
if ((requiredDynamicClientRegistration != null) &&
|
||||
(Boolean.parseBoolean(requiredDynamicClientRegistration))) {
|
||||
if ((requiredDynamicClientRegistration != null) && (Boolean.
|
||||
parseBoolean(
|
||||
requiredDynamicClientRegistration))) {
|
||||
//Check whether this is an already registered application
|
||||
if (!dynamicClientWebAppRegistrationManager.isRegisteredOAuthApplication(webAppName)) {
|
||||
//Construct the RegistrationProfile
|
||||
registrationProfile = DynamicClientWebAppRegistrationUtil.
|
||||
constructRegistrationProfile(servletContext,
|
||||
webAppName);
|
||||
constructRegistrationProfile(servletContext, webAppName);
|
||||
//Register the OAuth application
|
||||
oAuthAppDetails = dynamicClientWebAppRegistrationManager.registerOAuthApplication(
|
||||
registrationProfile);
|
||||
oAuthAppDetails =
|
||||
dynamicClientWebAppRegistrationManager.registerOAuthApplication(registrationProfile);
|
||||
|
||||
} else {
|
||||
oAuthAppDetails =
|
||||
dynamicClientWebAppRegistrationManager.getOAuthApplicationData(webAppName);
|
||||
oAuthAppDetails = dynamicClientWebAppRegistrationManager.getOAuthApplicationData(webAppName);
|
||||
}
|
||||
} else if (requiredDynamicClientRegistration == null) {
|
||||
//Jaggery apps
|
||||
JaggeryOAuthConfigurationSettings jaggeryOAuthConfigurationSettings = DynamicClientWebAppRegistrationUtil
|
||||
.getJaggeryAppOAuthSettings(servletContext);
|
||||
JaggeryOAuthConfigurationSettings jaggeryOAuthConfigurationSettings =
|
||||
DynamicClientWebAppRegistrationUtil.getJaggeryAppOAuthSettings(servletContext);
|
||||
if (jaggeryOAuthConfigurationSettings.isRequireDynamicClientRegistration()) {
|
||||
if (!dynamicClientWebAppRegistrationManager
|
||||
.isRegisteredOAuthApplication(webAppName)) {
|
||||
registrationProfile = DynamicClientWebAppRegistrationUtil
|
||||
.constructRegistrationProfile(jaggeryOAuthConfigurationSettings, webAppName);
|
||||
oAuthAppDetails = dynamicClientWebAppRegistrationManager
|
||||
.registerOAuthApplication(registrationProfile);
|
||||
if (!dynamicClientWebAppRegistrationManager.isRegisteredOAuthApplication(webAppName)) {
|
||||
registrationProfile = DynamicClientWebAppRegistrationUtil.
|
||||
constructRegistrationProfile(jaggeryOAuthConfigurationSettings,
|
||||
webAppName);
|
||||
oAuthAppDetails = dynamicClientWebAppRegistrationManager.
|
||||
registerOAuthApplication(registrationProfile);
|
||||
} else {
|
||||
oAuthAppDetails = dynamicClientWebAppRegistrationManager
|
||||
.getOAuthApplicationData(webAppName);
|
||||
oAuthAppDetails = dynamicClientWebAppRegistrationManager.getOAuthApplicationData(webAppName);
|
||||
}
|
||||
}
|
||||
}
|
||||
//Add client credentials to the web-context
|
||||
if (oAuthAppDetails.getClientKey() != null) {
|
||||
if ((oAuthAppDetails != null && oAuthAppDetails.getClientKey() != null) && !oAuthAppDetails.getClientKey().isEmpty()) {
|
||||
DynamicClientWebAppRegistrationUtil.addClientCredentialsToWebContext(oAuthAppDetails,
|
||||
servletContext);
|
||||
log.info("Added OAuth application credentials to webapp context of webapp : " + webAppName);
|
||||
log.info("Added OAuth application credentials to webapp context of webapp : " +
|
||||
webAppName);
|
||||
}
|
||||
}
|
||||
}
|
||||
|
||||
@ -22,7 +22,7 @@ import javax.xml.bind.annotation.XmlElement;
|
||||
import javax.xml.bind.annotation.XmlRootElement;
|
||||
|
||||
/**
|
||||
* Represents OAuthConfiguration data.
|
||||
* Represents OAuthConfiguration data required to create OAuth service provider for Jaggery apps.
|
||||
*/
|
||||
@XmlRootElement(name = "OAuthSettings")
|
||||
public class JaggeryOAuthConfigurationSettings {
|
||||
|
||||
@ -22,7 +22,7 @@ import javax.xml.bind.annotation.XmlElement;
|
||||
import javax.xml.bind.annotation.XmlRootElement;
|
||||
|
||||
/**
|
||||
* Represents an OAuth application with basic data.
|
||||
* Represents an OAuth application with basic necessary data.
|
||||
*/
|
||||
@XmlRootElement(name = "OAuthAppDetails")
|
||||
public class OAuthAppDetails {
|
||||
|
||||
@ -47,7 +47,8 @@ public class DynamicClientWebAppRegistrationDataHolder {
|
||||
if (configurationContextService != null) {
|
||||
return configurationContextService;
|
||||
} else {
|
||||
throw new IllegalStateException("ConfigurationContext service has not initialized properly");
|
||||
throw new IllegalStateException(
|
||||
"ConfigurationContext service has not initialized properly");
|
||||
}
|
||||
}
|
||||
|
||||
@ -60,7 +61,8 @@ public class DynamicClientWebAppRegistrationDataHolder {
|
||||
if (dynamicClientRegistrationService != null) {
|
||||
return dynamicClientRegistrationService;
|
||||
} else {
|
||||
throw new IllegalStateException("DynamicClientRegistration service has not initialized properly");
|
||||
throw new IllegalStateException(
|
||||
"DynamicClientRegistration service has not initialized properly");
|
||||
}
|
||||
}
|
||||
|
||||
|
||||
@ -58,8 +58,8 @@ import org.wso2.carbon.utils.ConfigurationContextService;
|
||||
*/
|
||||
public class DynamicClientWebAppRegistrationServiceComponent {
|
||||
|
||||
private ServiceTracker serviceTracker;
|
||||
private static Log log = LogFactory.getLog(DynamicClientWebAppRegistrationServiceComponent.class);
|
||||
private static Log log =
|
||||
LogFactory.getLog(DynamicClientWebAppRegistrationServiceComponent.class);
|
||||
|
||||
@SuppressWarnings("unused")
|
||||
protected void activate(ComponentContext componentContext) {
|
||||
@ -125,7 +125,8 @@ public class DynamicClientWebAppRegistrationServiceComponent {
|
||||
*
|
||||
* @param dynamicClientRegistrationService An instance of DynamicClientRegistrationService
|
||||
*/
|
||||
protected void setDynamicClientService(DynamicClientRegistrationService dynamicClientRegistrationService) {
|
||||
protected void setDynamicClientService(
|
||||
DynamicClientRegistrationService dynamicClientRegistrationService) {
|
||||
if (log.isDebugEnabled()) {
|
||||
log.debug("Setting Dynamic Client Registration Service");
|
||||
}
|
||||
@ -138,7 +139,8 @@ public class DynamicClientWebAppRegistrationServiceComponent {
|
||||
*
|
||||
* @param dynamicClientRegistrationService An instance of DynamicClientRegistrationService
|
||||
*/
|
||||
protected void unsetDynamicClientService(DynamicClientRegistrationService dynamicClientRegistrationService) {
|
||||
protected void unsetDynamicClientService(
|
||||
DynamicClientRegistrationService dynamicClientRegistrationService) {
|
||||
if (log.isDebugEnabled()) {
|
||||
log.debug("Un setting Dynamic Client Registration Service");
|
||||
}
|
||||
@ -150,11 +152,13 @@ public class DynamicClientWebAppRegistrationServiceComponent {
|
||||
*
|
||||
* @param configurationContextService An instance of ConfigurationContextService
|
||||
*/
|
||||
protected void setConfigurationContextService(ConfigurationContextService configurationContextService) {
|
||||
protected void setConfigurationContextService(
|
||||
ConfigurationContextService configurationContextService) {
|
||||
if (log.isDebugEnabled()) {
|
||||
log.debug("Setting ConfigurationContextService");
|
||||
}
|
||||
DynamicClientWebAppRegistrationDataHolder.getInstance().setConfigurationContextService(configurationContextService);
|
||||
DynamicClientWebAppRegistrationDataHolder.getInstance().setConfigurationContextService(
|
||||
configurationContextService);
|
||||
}
|
||||
|
||||
/**
|
||||
@ -162,7 +166,8 @@ public class DynamicClientWebAppRegistrationServiceComponent {
|
||||
*
|
||||
* @param configurationContextService An instance of ConfigurationContextService
|
||||
*/
|
||||
protected void unsetConfigurationContextService(ConfigurationContextService configurationContextService) {
|
||||
protected void unsetConfigurationContextService(
|
||||
ConfigurationContextService configurationContextService) {
|
||||
if (log.isDebugEnabled()) {
|
||||
log.debug("Un-setting ConfigurationContextService");
|
||||
}
|
||||
|
||||
@ -40,8 +40,7 @@ public class DynamicClientWebAppDeploymentLifecycleListener implements Lifecycle
|
||||
public void lifecycleEvent(LifecycleEvent lifecycleEvent) {
|
||||
if (Lifecycle.AFTER_START_EVENT.equals(lifecycleEvent.getType())) {
|
||||
StandardContext context = (StandardContext) lifecycleEvent.getLifecycle();
|
||||
DynamicClientWebAppRegistrationManager.getInstance().saveServletContextToCache(
|
||||
context);
|
||||
DynamicClientWebAppRegistrationManager.getInstance().saveServletContextToCache(context);
|
||||
}
|
||||
}
|
||||
}
|
||||
|
||||
@ -62,9 +62,8 @@ public class DynamicClientWebAppRegistrationUtil {
|
||||
public static Registry getGovernanceRegistry() throws DynamicClientRegistrationException {
|
||||
try {
|
||||
int tenantId = PrivilegedCarbonContext.getThreadLocalCarbonContext().getTenantId();
|
||||
return DynamicClientWebAppRegistrationDataHolder.getInstance().getRegistryService()
|
||||
.getGovernanceSystemRegistry(
|
||||
tenantId);
|
||||
return DynamicClientWebAppRegistrationDataHolder.getInstance().getRegistryService().
|
||||
getGovernanceSystemRegistry(tenantId);
|
||||
} catch (RegistryException e) {
|
||||
throw new DynamicClientRegistrationException(
|
||||
"Error in retrieving governance registry instance: " +
|
||||
@ -75,8 +74,7 @@ public class DynamicClientWebAppRegistrationUtil {
|
||||
public static OAuthAppDetails getOAuthApplicationData(String appName)
|
||||
throws DynamicClientRegistrationException {
|
||||
Resource resource;
|
||||
String resourcePath =
|
||||
DynamicClientWebAppRegistrationConstants.OAUTH_APP_DATA_REGISTRY_PATH + "/" + appName;
|
||||
String resourcePath = DynamicClientWebAppRegistrationConstants.OAUTH_APP_DATA_REGISTRY_PATH + "/" + appName;
|
||||
try {
|
||||
if (log.isDebugEnabled()) {
|
||||
log.debug("Retrieving OAuth application " + appName + " data from Registry");
|
||||
@ -86,8 +84,7 @@ public class DynamicClientWebAppRegistrationUtil {
|
||||
JAXBContext context = JAXBContext.newInstance(OAuthAppDetails.class);
|
||||
Unmarshaller unmarshaller = context.createUnmarshaller();
|
||||
return (OAuthAppDetails) unmarshaller.unmarshal(
|
||||
new StringReader(new String((byte[]) resource.getContent(), Charset
|
||||
.forName(
|
||||
new StringReader(new String((byte[]) resource.getContent(), Charset.forName(
|
||||
DynamicClientWebAppRegistrationConstants.CharSets.CHARSET_UTF8))));
|
||||
}
|
||||
return new OAuthAppDetails();
|
||||
@ -96,13 +93,12 @@ public class DynamicClientWebAppRegistrationUtil {
|
||||
"Error occurred while parsing the OAuth application data : " + appName, e);
|
||||
} catch (RegistryException e) {
|
||||
throw new DynamicClientRegistrationException(
|
||||
"Error occurred while retrieving the Registry resource of OAuth application : " +
|
||||
appName, e);
|
||||
"Error occurred while retrieving the Registry resource of OAuth application : " + appName, e);
|
||||
}
|
||||
}
|
||||
|
||||
public static boolean putOAuthApplicationData(OAuthAppDetails oAuthAppDetails)
|
||||
throws DynamicClientRegistrationException {
|
||||
public static boolean putOAuthApplicationData(OAuthAppDetails oAuthAppDetails) throws
|
||||
DynamicClientRegistrationException {
|
||||
boolean status;
|
||||
try {
|
||||
if (log.isDebugEnabled()) {
|
||||
@ -113,15 +109,12 @@ public class DynamicClientWebAppRegistrationUtil {
|
||||
Marshaller marshaller = context.createMarshaller();
|
||||
marshaller.marshal(oAuthAppDetails, writer);
|
||||
|
||||
Resource resource =
|
||||
DynamicClientWebAppRegistrationUtil.getGovernanceRegistry().newResource();
|
||||
Resource resource = DynamicClientWebAppRegistrationUtil.getGovernanceRegistry().newResource();
|
||||
resource.setContent(writer.toString());
|
||||
resource.setMediaType(DynamicClientWebAppRegistrationConstants.ContentTypes.MEDIA_TYPE_XML);
|
||||
String resourcePath =
|
||||
DynamicClientWebAppRegistrationConstants.OAUTH_APP_DATA_REGISTRY_PATH + "/" +
|
||||
String resourcePath = DynamicClientWebAppRegistrationConstants.OAUTH_APP_DATA_REGISTRY_PATH + "/" +
|
||||
oAuthAppDetails.getWebAppName();
|
||||
status =
|
||||
DynamicClientWebAppRegistrationUtil.putRegistryResource(resourcePath, resource);
|
||||
status = DynamicClientWebAppRegistrationUtil.putRegistryResource(resourcePath, resource);
|
||||
} catch (RegistryException e) {
|
||||
throw new DynamicClientRegistrationException(
|
||||
"Error occurred while persisting OAuth application data : " +
|
||||
@ -134,53 +127,42 @@ public class DynamicClientWebAppRegistrationUtil {
|
||||
return status;
|
||||
}
|
||||
|
||||
public static boolean putRegistryResource(String path,
|
||||
Resource resource)
|
||||
throws DynamicClientRegistrationException {
|
||||
boolean status;
|
||||
public static boolean putRegistryResource(String path, Resource resource) throws DynamicClientRegistrationException {
|
||||
try {
|
||||
Registry governanceRegistry = DynamicClientWebAppRegistrationUtil
|
||||
.getGovernanceRegistry();
|
||||
Registry governanceRegistry = DynamicClientWebAppRegistrationUtil.getGovernanceRegistry();
|
||||
governanceRegistry.beginTransaction();
|
||||
governanceRegistry.put(path, resource);
|
||||
governanceRegistry.commitTransaction();
|
||||
status = true;
|
||||
return true;
|
||||
} catch (RegistryException e) {
|
||||
throw new DynamicClientRegistrationException(
|
||||
"Error occurred while persisting registry resource : " +
|
||||
throw new DynamicClientRegistrationException("Error occurred while persisting registry resource : " +
|
||||
e.getMessage(), e);
|
||||
}
|
||||
return status;
|
||||
}
|
||||
|
||||
public static Resource getRegistryResource(String path)
|
||||
throws DynamicClientRegistrationException {
|
||||
public static Resource getRegistryResource(String path) throws DynamicClientRegistrationException {
|
||||
try {
|
||||
Registry governanceRegistry = DynamicClientWebAppRegistrationUtil
|
||||
.getGovernanceRegistry();
|
||||
Registry governanceRegistry = DynamicClientWebAppRegistrationUtil.getGovernanceRegistry();
|
||||
if (governanceRegistry.resourceExists(path)) {
|
||||
return governanceRegistry.get(path);
|
||||
}
|
||||
return null;
|
||||
} catch (RegistryException e) {
|
||||
throw new DynamicClientRegistrationException(
|
||||
"Error in retrieving registry resource : " +
|
||||
throw new DynamicClientRegistrationException("Error in retrieving registry resource : " +
|
||||
e.getMessage(), e);
|
||||
}
|
||||
}
|
||||
|
||||
public static String getUserName() {
|
||||
String username = "";
|
||||
RealmService realmService =
|
||||
DynamicClientWebAppRegistrationDataHolder.getInstance().getRealmService();
|
||||
RealmService realmService = DynamicClientWebAppRegistrationDataHolder.getInstance().getRealmService();
|
||||
if (realmService != null) {
|
||||
username = realmService.getBootstrapRealmConfiguration().getAdminUserName();
|
||||
}
|
||||
return username;
|
||||
}
|
||||
|
||||
public static RegistrationProfile constructRegistrationProfile(ServletContext servletContext,
|
||||
String webAppName) {
|
||||
public static RegistrationProfile constructRegistrationProfile(ServletContext servletContext, String webAppName) {
|
||||
RegistrationProfile registrationProfile;
|
||||
registrationProfile = new RegistrationProfile();
|
||||
registrationProfile.setGrantType(servletContext.getInitParameter(
|
||||
@ -193,18 +175,16 @@ public class DynamicClientWebAppRegistrationUtil {
|
||||
if ((callbackURL != null) && !callbackURL.isEmpty()) {
|
||||
registrationProfile.setCallbackUrl(callbackURL);
|
||||
} else {
|
||||
registrationProfile.setCallbackUrl(DynamicClientWebAppRegistrationUtil.getCallbackUrl(
|
||||
webAppName));
|
||||
registrationProfile.setCallbackUrl(DynamicClientWebAppRegistrationUtil.getCallbackUrl(webAppName));
|
||||
}
|
||||
registrationProfile.setClientName(webAppName);
|
||||
registrationProfile.setSaasApp(Boolean.parseBoolean(servletContext.getInitParameter(
|
||||
DynamicClientWebAppRegistrationUtil.OAUTH_PARAM_SAAS_APP)));
|
||||
|
||||
return registrationProfile;
|
||||
}
|
||||
|
||||
public static RegistrationProfile constructRegistrationProfile(
|
||||
JaggeryOAuthConfigurationSettings jaggeryOAuthConfigurationSettings, String webAppName) {
|
||||
public static RegistrationProfile constructRegistrationProfile(JaggeryOAuthConfigurationSettings
|
||||
jaggeryOAuthConfigurationSettings, String webAppName) {
|
||||
RegistrationProfile registrationProfile = new RegistrationProfile();
|
||||
if (jaggeryOAuthConfigurationSettings != null) {
|
||||
registrationProfile.setGrantType(jaggeryOAuthConfigurationSettings.getGrantType());
|
||||
@ -215,18 +195,17 @@ public class DynamicClientWebAppRegistrationUtil {
|
||||
if (jaggeryOAuthConfigurationSettings.getCallbackURL() != null) {
|
||||
registrationProfile.setCallbackUrl(jaggeryOAuthConfigurationSettings.getCallbackURL());
|
||||
} else {
|
||||
registrationProfile.setCallbackUrl(
|
||||
DynamicClientWebAppRegistrationUtil.getCallbackUrl(webAppName));
|
||||
registrationProfile.setCallbackUrl(DynamicClientWebAppRegistrationUtil.getCallbackUrl(webAppName));
|
||||
}
|
||||
} else {
|
||||
log.warn(
|
||||
"Please configure OAuth settings properly for jaggery app : " + webAppName);
|
||||
log.warn("Please configure OAuth settings properly for jaggery app : " + webAppName);
|
||||
}
|
||||
return registrationProfile;
|
||||
}
|
||||
|
||||
public static boolean validateRegistrationProfile(RegistrationProfile registrationProfile) {
|
||||
boolean status = true;
|
||||
//todo fix this
|
||||
if (registrationProfile.getGrantType() == null) {
|
||||
status = false;
|
||||
log.warn("Required parameter 'grantType' is missing for initiating Dynamic-Client " +
|
||||
@ -241,14 +220,11 @@ public class DynamicClientWebAppRegistrationUtil {
|
||||
}
|
||||
|
||||
public static JaggeryOAuthConfigurationSettings getJaggeryAppOAuthSettings(ServletContext servletContext) {
|
||||
JaggeryOAuthConfigurationSettings
|
||||
jaggeryOAuthConfigurationSettings = new JaggeryOAuthConfigurationSettings();
|
||||
JaggeryOAuthConfigurationSettings jaggeryOAuthConfigurationSettings = new JaggeryOAuthConfigurationSettings();
|
||||
try {
|
||||
InputStream inputStream =
|
||||
servletContext.getResourceAsStream(JAGGERY_APP_OAUTH_CONFIG_PATH);
|
||||
InputStream inputStream = servletContext.getResourceAsStream(JAGGERY_APP_OAUTH_CONFIG_PATH);
|
||||
if (inputStream != null) {
|
||||
JsonReader reader =
|
||||
new JsonReader(new InputStreamReader(inputStream, CHARSET_UTF_8));
|
||||
JsonReader reader = new JsonReader(new InputStreamReader(inputStream, CHARSET_UTF_8));
|
||||
reader.beginObject();
|
||||
while (reader.hasNext()) {
|
||||
String key = reader.nextName();
|
||||
|
||||
@ -46,6 +46,7 @@ public class PermissionBasedScopeValidator extends OAuth2ScopeValidator {
|
||||
private PermissionMethod() {
|
||||
throw new AssertionError();
|
||||
}
|
||||
|
||||
public static final String READ = "read";
|
||||
public static final String WRITE = "write";
|
||||
public static final String DELETE = "delete";
|
||||
@ -74,7 +75,8 @@ public class PermissionBasedScopeValidator extends OAuth2ScopeValidator {
|
||||
String username = accessTokenDO.getAuthzUser().getUserName();
|
||||
UserRealm userRealm = CarbonContext.getThreadLocalCarbonContext().getUserRealm();
|
||||
if (userRealm != null && userRealm.getAuthorizationManager() != null) {
|
||||
status = userRealm.getAuthorizationManager().isUserAuthorized(username, permission.getPath(),
|
||||
status = userRealm.getAuthorizationManager()
|
||||
.isUserAuthorized(username, permission.getPath(),
|
||||
PermissionMethod.READ);
|
||||
}
|
||||
}
|
||||
|
||||
@ -62,8 +62,8 @@ public class AuthenticationFrameworkUtil {
|
||||
String username = apiKeyValidationDTO.getEndUserName();
|
||||
PrivilegedCarbonContext.getThreadLocalCarbonContext().setUsername(username);
|
||||
try {
|
||||
PrivilegedCarbonContext.getThreadLocalCarbonContext().setTenantId(
|
||||
IdentityUtil.getTenantIdOFUser(username));
|
||||
PrivilegedCarbonContext.getThreadLocalCarbonContext().setTenantId(IdentityUtil.
|
||||
getTenantIdOFUser(username));
|
||||
} catch (IdentityException e) {
|
||||
throw new AuthenticationException("Error occurred while retrieving the tenant ID of user '" +
|
||||
username + "'", e);
|
||||
|
||||
@ -0,0 +1,65 @@
|
||||
/*
|
||||
* Copyright (c) 2015, WSO2 Inc. (http://www.wso2.org) All Rights Reserved.
|
||||
*
|
||||
* WSO2 Inc. licenses this file to you under the Apache License,
|
||||
* Version 2.0 (the "License"); you may not use this file except
|
||||
* in compliance with the License.
|
||||
* you may obtain a copy of the License at
|
||||
*
|
||||
* http://www.apache.org/licenses/LICENSE-2.0
|
||||
*
|
||||
* Unless required by applicable law or agreed to in writing,
|
||||
* software distributed under the License is distributed on an
|
||||
* "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
|
||||
* KIND, either express or implied. See the License for the
|
||||
* specific language governing permissions and limitations
|
||||
* under the License.
|
||||
*/
|
||||
|
||||
package org.wso2.carbon.webapp.authenticator.framework;
|
||||
|
||||
import org.wso2.carbon.webapp.authenticator.framework.authenticator.WebappAuthenticator;
|
||||
|
||||
/**
|
||||
* DTO class to hold the information of authenticated user AND STATUS.
|
||||
*/
|
||||
public class AuthenticationInfo {
|
||||
|
||||
private WebappAuthenticator.Status status = WebappAuthenticator.Status.FAILURE;
|
||||
private String username;
|
||||
private String tenantDomain;
|
||||
private int tenantId = -1;
|
||||
|
||||
public WebappAuthenticator.Status getStatus() {
|
||||
return status;
|
||||
}
|
||||
|
||||
public void setStatus(
|
||||
WebappAuthenticator.Status status) {
|
||||
this.status = status;
|
||||
}
|
||||
|
||||
public String getUsername() {
|
||||
return username;
|
||||
}
|
||||
|
||||
public void setUsername(String username) {
|
||||
this.username = username;
|
||||
}
|
||||
|
||||
public String getTenantDomain() {
|
||||
return tenantDomain;
|
||||
}
|
||||
|
||||
public void setTenantDomain(String tenantDomain) {
|
||||
this.tenantDomain = tenantDomain;
|
||||
}
|
||||
|
||||
public int getTenantId() {
|
||||
return tenantId;
|
||||
}
|
||||
|
||||
public void setTenantId(int tenantId) {
|
||||
this.tenantId = tenantId;
|
||||
}
|
||||
}
|
||||
@ -23,7 +23,7 @@ import org.wso2.carbon.device.mgt.core.scep.SCEPManager;
|
||||
import org.wso2.carbon.identity.oauth2.OAuth2TokenValidationService;
|
||||
import org.wso2.carbon.user.core.service.RealmService;
|
||||
|
||||
public class DataHolder {
|
||||
public class AuthenticatorFrameworkDataHolder {
|
||||
|
||||
private WebappAuthenticatorRepository repository;
|
||||
private RealmService realmService;
|
||||
@ -31,11 +31,12 @@ public class DataHolder {
|
||||
private SCEPManager scepManager;
|
||||
private OAuth2TokenValidationService oAuth2TokenValidationService;
|
||||
|
||||
private static DataHolder thisInstance = new DataHolder();
|
||||
private static AuthenticatorFrameworkDataHolder
|
||||
thisInstance = new AuthenticatorFrameworkDataHolder();
|
||||
|
||||
private DataHolder() {}
|
||||
private AuthenticatorFrameworkDataHolder() {}
|
||||
|
||||
public static DataHolder getInstance() {
|
||||
public static AuthenticatorFrameworkDataHolder getInstance() {
|
||||
return thisInstance;
|
||||
}
|
||||
|
||||
@ -22,6 +22,7 @@ import org.apache.catalina.connector.Request;
|
||||
import org.apache.catalina.connector.Response;
|
||||
import org.apache.commons.logging.Log;
|
||||
import org.apache.commons.logging.LogFactory;
|
||||
import org.wso2.carbon.context.PrivilegedCarbonContext;
|
||||
import org.wso2.carbon.tomcat.ext.valves.CarbonTomcatValve;
|
||||
import org.wso2.carbon.tomcat.ext.valves.CompositeValve;
|
||||
import org.wso2.carbon.webapp.authenticator.framework.authenticator.WebappAuthenticator;
|
||||
@ -31,9 +32,9 @@ import java.util.Arrays;
|
||||
import java.util.List;
|
||||
import java.util.StringTokenizer;
|
||||
|
||||
public class WebappAuthenticationHandler extends CarbonTomcatValve {
|
||||
public class WebappAuthenticationValve extends CarbonTomcatValve {
|
||||
|
||||
private static final Log log = LogFactory.getLog(WebappAuthenticationHandler.class);
|
||||
private static final Log log = LogFactory.getLog(WebappAuthenticationValve.class);
|
||||
private static final String BYPASS_URIS = "bypass-uris";
|
||||
|
||||
@Override
|
||||
@ -44,16 +45,13 @@ public class WebappAuthenticationHandler extends CarbonTomcatValve {
|
||||
return;
|
||||
}
|
||||
|
||||
String byPassURIs = request.getContext().findParameter(WebappAuthenticationHandler.BYPASS_URIS);
|
||||
String byPassURIs = request.getContext().findParameter(WebappAuthenticationValve.BYPASS_URIS);
|
||||
|
||||
if (byPassURIs != null && !byPassURIs.isEmpty()) {
|
||||
|
||||
List<String> requestURI = Arrays.asList(byPassURIs.split(","));
|
||||
|
||||
if (requestURI != null && requestURI.size() > 0) {
|
||||
for (String pathURI : requestURI) {
|
||||
pathURI = pathURI.replace("\n", "").replace("\r", "").trim();
|
||||
|
||||
if (request.getRequestURI().equals(pathURI)) {
|
||||
this.getNext().invoke(request, response, compositeValve);
|
||||
return;
|
||||
@ -68,8 +66,21 @@ public class WebappAuthenticationHandler extends CarbonTomcatValve {
|
||||
AuthenticationFrameworkUtil.handleResponse(request, response, HttpServletResponse.SC_UNAUTHORIZED, msg);
|
||||
return;
|
||||
}
|
||||
WebappAuthenticator.Status status = authenticator.authenticate(request, response);
|
||||
this.processResponse(request, response, compositeValve, status);
|
||||
AuthenticationInfo authenticationInfo = authenticator.authenticate(request, response);
|
||||
if (authenticationInfo.getTenantId() != -1) {
|
||||
try {
|
||||
PrivilegedCarbonContext.startTenantFlow();
|
||||
PrivilegedCarbonContext privilegedCarbonContext = PrivilegedCarbonContext.getThreadLocalCarbonContext();
|
||||
privilegedCarbonContext.setTenantId(authenticationInfo.getTenantId());
|
||||
privilegedCarbonContext.setTenantDomain(authenticationInfo.getTenantDomain());
|
||||
privilegedCarbonContext.setUsername(authenticationInfo.getUsername());
|
||||
this.processRequest(request, response, compositeValve, authenticationInfo.getStatus());
|
||||
} finally {
|
||||
PrivilegedCarbonContext.endTenantFlow();
|
||||
}
|
||||
} else {
|
||||
this.processRequest(request, response, compositeValve, authenticationInfo.getStatus());
|
||||
}
|
||||
}
|
||||
|
||||
private boolean isAdminService(Request request) {
|
||||
@ -101,7 +112,7 @@ public class WebappAuthenticationHandler extends CarbonTomcatValve {
|
||||
return (ctx.equalsIgnoreCase("carbon") || ctx.equalsIgnoreCase("services"));
|
||||
}
|
||||
|
||||
private void processResponse(Request request, Response response, CompositeValve compositeValve,
|
||||
private void processRequest(Request request, Response response, CompositeValve compositeValve,
|
||||
WebappAuthenticator.Status status) {
|
||||
switch (status) {
|
||||
case SUCCESS:
|
||||
@ -111,7 +122,9 @@ public class WebappAuthenticationHandler extends CarbonTomcatValve {
|
||||
case FAILURE:
|
||||
String msg = "Failed to authorize incoming request";
|
||||
log.error(msg);
|
||||
AuthenticationFrameworkUtil.handleResponse(request, response, HttpServletResponse.SC_UNAUTHORIZED, msg);
|
||||
AuthenticationFrameworkUtil
|
||||
.handleResponse(request, response, HttpServletResponse.SC_UNAUTHORIZED,
|
||||
msg);
|
||||
break;
|
||||
}
|
||||
}
|
||||
@ -26,12 +26,12 @@ import java.util.Map;
|
||||
public class WebappAuthenticatorFactory {
|
||||
|
||||
public static WebappAuthenticator getAuthenticator(String authScheme) {
|
||||
return DataHolder.getInstance().getWebappAuthenticatorRepository().getAuthenticator(authScheme);
|
||||
return AuthenticatorFrameworkDataHolder.getInstance().getWebappAuthenticatorRepository().getAuthenticator(authScheme);
|
||||
}
|
||||
|
||||
public static WebappAuthenticator getAuthenticator(Request request) {
|
||||
Map<String, WebappAuthenticator> authenticators =
|
||||
DataHolder.getInstance().getWebappAuthenticatorRepository().getAuthenticators();
|
||||
AuthenticatorFrameworkDataHolder.getInstance().getWebappAuthenticatorRepository().getAuthenticators();
|
||||
for (WebappAuthenticator authenticator : authenticators.values()) {
|
||||
if (authenticator.canHandle(request)) {
|
||||
return authenticator;
|
||||
|
||||
@ -1,71 +0,0 @@
|
||||
/*
|
||||
* Copyright (c) 2015, WSO2 Inc. (http://www.wso2.org) All Rights Reserved.
|
||||
*
|
||||
* WSO2 Inc. licenses this file to you under the Apache License,
|
||||
* Version 2.0 (the "License"); you may not use this file except
|
||||
* in compliance with the License.
|
||||
* You may obtain a copy of the License at
|
||||
*
|
||||
* http://www.apache.org/licenses/LICENSE-2.0
|
||||
*
|
||||
* Unless required by applicable law or agreed to in writing,
|
||||
* software distributed under the License is distributed on an
|
||||
* "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
|
||||
* KIND, either express or implied. See the License for the
|
||||
* specific language governing permissions and limitations
|
||||
* under the License.
|
||||
*
|
||||
*/
|
||||
package org.wso2.carbon.webapp.authenticator.framework;
|
||||
|
||||
import org.apache.catalina.connector.Request;
|
||||
import org.apache.catalina.connector.Response;
|
||||
import org.apache.commons.logging.Log;
|
||||
import org.apache.commons.logging.LogFactory;
|
||||
import org.wso2.carbon.tomcat.ext.valves.CarbonTomcatValve;
|
||||
import org.wso2.carbon.tomcat.ext.valves.CompositeValve;
|
||||
import org.wso2.carbon.webapp.authenticator.framework.authenticator.WebappAuthenticator;
|
||||
|
||||
import javax.servlet.http.HttpServletResponse;
|
||||
|
||||
public class WebappAuthenticatorFrameworkValve extends CarbonTomcatValve {
|
||||
|
||||
private static final String AUTHENTICATION_SCHEME = "authentication-scheme";
|
||||
private static final Log log = LogFactory.getLog(WebappAuthenticatorFrameworkValve.class);
|
||||
|
||||
@Override
|
||||
public void invoke(Request request, Response response, CompositeValve compositeValve) {
|
||||
|
||||
String authScheme = request.getContext().findParameter(WebappAuthenticatorFrameworkValve.AUTHENTICATION_SCHEME);
|
||||
|
||||
if (authScheme == null || authScheme.isEmpty()) {
|
||||
this.getNext().invoke(request, response, compositeValve);
|
||||
return;
|
||||
}
|
||||
|
||||
WebappAuthenticator authenticator = WebappAuthenticatorFactory.getAuthenticator(authScheme);
|
||||
if (authenticator == null) {
|
||||
String msg = "Failed to load an appropriate authenticator to authenticate the request";
|
||||
AuthenticationFrameworkUtil.handleResponse(request, response, HttpServletResponse.SC_UNAUTHORIZED, msg);
|
||||
return;
|
||||
}
|
||||
WebappAuthenticator.Status status = authenticator.authenticate(request, response);
|
||||
this.processResponse(request, response, compositeValve, status);
|
||||
}
|
||||
|
||||
private void processResponse(Request request, Response response, CompositeValve compositeValve,
|
||||
WebappAuthenticator.Status status) {
|
||||
switch (status) {
|
||||
case SUCCESS:
|
||||
case CONTINUE:
|
||||
this.getNext().invoke(request, response, compositeValve);
|
||||
break;
|
||||
case FAILURE:
|
||||
String msg = "Failed to authorize incoming request";
|
||||
log.error(msg);
|
||||
AuthenticationFrameworkUtil.handleResponse(request, response, HttpServletResponse.SC_UNAUTHORIZED, msg);
|
||||
break;
|
||||
}
|
||||
}
|
||||
|
||||
}
|
||||
@ -25,6 +25,7 @@ import org.apache.tomcat.util.buf.ByteChunk;
|
||||
import org.apache.tomcat.util.buf.CharChunk;
|
||||
import org.apache.tomcat.util.buf.MessageBytes;
|
||||
import org.wso2.carbon.webapp.authenticator.framework.Constants;
|
||||
import org.wso2.carbon.webapp.authenticator.framework.AuthenticationInfo;
|
||||
|
||||
public class BasicAuthAuthenticator implements WebappAuthenticator {
|
||||
|
||||
@ -45,8 +46,8 @@ public class BasicAuthAuthenticator implements WebappAuthenticator {
|
||||
}
|
||||
|
||||
@Override
|
||||
public Status authenticate(Request request, Response response) {
|
||||
return Status.CONTINUE;
|
||||
public AuthenticationInfo authenticate(Request request, Response response) {
|
||||
return new AuthenticationInfo();
|
||||
}
|
||||
|
||||
@Override
|
||||
|
||||
@ -5,13 +5,13 @@ import org.apache.catalina.connector.Response;
|
||||
import org.apache.commons.logging.Log;
|
||||
import org.apache.commons.logging.LogFactory;
|
||||
import org.wso2.carbon.certificate.mgt.core.exception.KeystoreException;
|
||||
import org.wso2.carbon.context.PrivilegedCarbonContext;
|
||||
import org.wso2.carbon.device.mgt.common.DeviceIdentifier;
|
||||
import org.wso2.carbon.device.mgt.common.DeviceManagementConstants;
|
||||
import org.wso2.carbon.device.mgt.core.scep.SCEPException;
|
||||
import org.wso2.carbon.device.mgt.core.scep.SCEPManager;
|
||||
import org.wso2.carbon.device.mgt.core.scep.TenantedDeviceWrapper;
|
||||
import org.wso2.carbon.webapp.authenticator.framework.DataHolder;
|
||||
import org.wso2.carbon.webapp.authenticator.framework.AuthenticatorFrameworkDataHolder;
|
||||
import org.wso2.carbon.webapp.authenticator.framework.AuthenticationInfo;
|
||||
|
||||
import java.security.cert.X509Certificate;
|
||||
|
||||
@ -27,56 +27,47 @@ public class CertificateAuthenticator implements WebappAuthenticator {
|
||||
@Override
|
||||
public boolean canHandle(Request request) {
|
||||
String certVerificationHeader = request.getContext().findParameter(CERTIFICATE_VERIFICATION_HEADER);
|
||||
|
||||
if (certVerificationHeader != null && !certVerificationHeader.isEmpty()) {
|
||||
|
||||
String certHeader = request.getHeader(certVerificationHeader);
|
||||
|
||||
return certHeader != null;
|
||||
}
|
||||
|
||||
return false;
|
||||
}
|
||||
|
||||
@Override
|
||||
public Status authenticate(Request request, Response response) {
|
||||
public AuthenticationInfo authenticate(Request request, Response response) {
|
||||
|
||||
AuthenticationInfo authenticationInfo = new AuthenticationInfo();
|
||||
String requestUri = request.getRequestURI();
|
||||
if (requestUri == null || requestUri.isEmpty()) {
|
||||
return Status.CONTINUE;
|
||||
authenticationInfo.setStatus(Status.CONTINUE);
|
||||
}
|
||||
|
||||
String certVerificationHeader = request.getContext().findParameter(CERTIFICATE_VERIFICATION_HEADER);
|
||||
|
||||
try {
|
||||
if (certVerificationHeader != null && !certVerificationHeader.isEmpty()) {
|
||||
|
||||
String certHeader = request.getHeader(certVerificationHeader);
|
||||
|
||||
if (certHeader != null && DataHolder.getInstance().getCertificateManagementService().
|
||||
if (certHeader != null &&
|
||||
AuthenticatorFrameworkDataHolder.getInstance().getCertificateManagementService().
|
||||
verifySignature(certHeader)) {
|
||||
|
||||
X509Certificate certificate = DataHolder.getInstance().getCertificateManagementService().
|
||||
X509Certificate certificate =
|
||||
AuthenticatorFrameworkDataHolder.getInstance().getCertificateManagementService().
|
||||
extractCertificateFromSignature(certHeader);
|
||||
String challengeToken = DataHolder.getInstance().getCertificateManagementService().
|
||||
extractChallengeToken(certificate);
|
||||
String challengeToken = AuthenticatorFrameworkDataHolder.getInstance().
|
||||
getCertificateManagementService().extractChallengeToken(certificate);
|
||||
|
||||
if (challengeToken != null) {
|
||||
|
||||
challengeToken = challengeToken.substring(challengeToken.indexOf("(") + 1).trim();
|
||||
|
||||
SCEPManager scepManager = DataHolder.getInstance().getScepManager();
|
||||
SCEPManager scepManager = AuthenticatorFrameworkDataHolder.getInstance().getScepManager();
|
||||
DeviceIdentifier deviceIdentifier = new DeviceIdentifier();
|
||||
deviceIdentifier.setId(challengeToken);
|
||||
deviceIdentifier.setType(DeviceManagementConstants.MobileDeviceTypes.MOBILE_DEVICE_TYPE_IOS);
|
||||
|
||||
TenantedDeviceWrapper tenantedDeviceWrapper = scepManager.getValidatedDevice(deviceIdentifier);
|
||||
|
||||
PrivilegedCarbonContext ctx = PrivilegedCarbonContext.getThreadLocalCarbonContext();
|
||||
ctx.setTenantId(tenantedDeviceWrapper.getTenantId());
|
||||
ctx.setTenantDomain(tenantedDeviceWrapper.getTenantDomain());
|
||||
|
||||
return Status.SUCCESS;
|
||||
authenticationInfo.setTenantDomain(tenantedDeviceWrapper.getTenantDomain());
|
||||
authenticationInfo.setTenantId(tenantedDeviceWrapper.getTenantId());
|
||||
authenticationInfo.setStatus(Status.CONTINUE);
|
||||
}
|
||||
}
|
||||
}
|
||||
@ -85,8 +76,7 @@ public class CertificateAuthenticator implements WebappAuthenticator {
|
||||
} catch (SCEPException e) {
|
||||
log.error("SCEPException occurred ", e);
|
||||
}
|
||||
|
||||
return Status.FAILURE;
|
||||
return authenticationInfo;
|
||||
}
|
||||
|
||||
@Override
|
||||
|
||||
@ -28,14 +28,14 @@ import org.apache.catalina.connector.Request;
|
||||
import org.apache.catalina.connector.Response;
|
||||
import org.apache.commons.logging.Log;
|
||||
import org.apache.commons.logging.LogFactory;
|
||||
import org.wso2.carbon.context.PrivilegedCarbonContext;
|
||||
import org.wso2.carbon.core.util.KeyStoreManager;
|
||||
import org.wso2.carbon.user.api.TenantManager;
|
||||
import org.wso2.carbon.user.api.UserStoreException;
|
||||
import org.wso2.carbon.user.api.UserStoreManager;
|
||||
import org.wso2.carbon.utils.multitenancy.MultitenantConstants;
|
||||
import org.wso2.carbon.utils.multitenancy.MultitenantUtils;
|
||||
import org.wso2.carbon.webapp.authenticator.framework.DataHolder;
|
||||
import org.wso2.carbon.webapp.authenticator.framework.AuthenticationInfo;
|
||||
import org.wso2.carbon.webapp.authenticator.framework.AuthenticatorFrameworkDataHolder;
|
||||
|
||||
import java.security.interfaces.RSAPublicKey;
|
||||
import java.text.ParseException;
|
||||
@ -49,26 +49,28 @@ public class JWTAuthenticator implements WebappAuthenticator {
|
||||
private static final Log log = LogFactory.getLog(JWTAuthenticator.class);
|
||||
public static final String SIGNED_JWT_AUTH_USERNAME = "Username";
|
||||
private static final String JWT_AUTHENTICATOR = "JWT";
|
||||
private static final String JWT_ASSERTION_HEADER = "X-JWT-Assertion";
|
||||
|
||||
@Override
|
||||
public boolean canHandle(Request request) {
|
||||
String authorizationHeader = request.getHeader(HTTPConstants.HEADER_AUTHORIZATION);
|
||||
if(decodeAuthorizationHeader(authorizationHeader) != null){
|
||||
String authorizationHeader = request.getHeader(JWTAuthenticator.JWT_ASSERTION_HEADER);
|
||||
if((authorizationHeader != null) && !authorizationHeader.isEmpty()){
|
||||
return true;
|
||||
}
|
||||
return false;
|
||||
}
|
||||
|
||||
@Override
|
||||
public Status authenticate(Request request, Response response) {
|
||||
public AuthenticationInfo authenticate(Request request, Response response) {
|
||||
String requestUri = request.getRequestURI();
|
||||
AuthenticationInfo authenticationInfo = new AuthenticationInfo();
|
||||
if (requestUri == null || "".equals(requestUri)) {
|
||||
return Status.CONTINUE;
|
||||
authenticationInfo.setStatus(Status.CONTINUE);
|
||||
}
|
||||
StringTokenizer tokenizer = new StringTokenizer(requestUri, "/");
|
||||
String context = tokenizer.nextToken();
|
||||
if (context == null || "".equals(context)) {
|
||||
return Status.CONTINUE;
|
||||
authenticationInfo.setStatus(Status.CONTINUE);
|
||||
}
|
||||
|
||||
if (log.isDebugEnabled()) {
|
||||
@ -76,8 +78,7 @@ public class JWTAuthenticator implements WebappAuthenticator {
|
||||
}
|
||||
|
||||
//Get the filesystem keystore default primary certificate
|
||||
KeyStoreManager keyStoreManager = KeyStoreManager.getInstance(
|
||||
MultitenantConstants.SUPER_TENANT_ID);
|
||||
KeyStoreManager keyStoreManager = KeyStoreManager.getInstance(MultitenantConstants.SUPER_TENANT_ID);
|
||||
try {
|
||||
keyStoreManager.getDefaultPrimaryCertificate();
|
||||
String authorizationHeader = request.getHeader(HTTPConstants.HEADER_AUTHORIZATION);
|
||||
@ -89,38 +90,33 @@ public class JWTAuthenticator implements WebappAuthenticator {
|
||||
String username = jwsObject.getJWTClaimsSet().getStringClaim(SIGNED_JWT_AUTH_USERNAME);
|
||||
String tenantDomain = MultitenantUtils.getTenantDomain(username);
|
||||
username = MultitenantUtils.getTenantAwareUsername(username);
|
||||
TenantManager tenantManager = DataHolder.getInstance().getRealmService().getTenantManager();
|
||||
TenantManager tenantManager = AuthenticatorFrameworkDataHolder.getInstance().getRealmService().
|
||||
getTenantManager();
|
||||
int tenantId = tenantManager.getTenantId(tenantDomain);
|
||||
|
||||
if (tenantId == -1) {
|
||||
log.error("tenantDomain is not valid. username : " + username + ", tenantDomain " +
|
||||
": " + tenantDomain);
|
||||
return Status.FAILURE;
|
||||
}
|
||||
|
||||
UserStoreManager userStore = DataHolder.getInstance().getRealmService().
|
||||
} else {
|
||||
UserStoreManager userStore = AuthenticatorFrameworkDataHolder.getInstance().getRealmService().
|
||||
getTenantUserRealm(tenantId).getUserStoreManager();
|
||||
if (userStore.isExistingUser(username)) {
|
||||
PrivilegedCarbonContext ctx = PrivilegedCarbonContext.getThreadLocalCarbonContext();
|
||||
ctx.setTenantId(tenantId);
|
||||
ctx.setUsername(username);
|
||||
return Status.SUCCESS;
|
||||
authenticationInfo.setTenantId(tenantId);
|
||||
authenticationInfo.setUsername(username);
|
||||
authenticationInfo.setTenantDomain(tenantDomain);
|
||||
authenticationInfo.setStatus(Status.CONTINUE);
|
||||
}
|
||||
}
|
||||
}
|
||||
} catch (UserStoreException e) {
|
||||
log.error("Error occurred while obtaining the user.", e);
|
||||
return Status.FAILURE;
|
||||
} catch (ParseException e) {
|
||||
log.error("Error occurred while parsing the JWT header.", e);
|
||||
return Status.FAILURE;
|
||||
} catch (JOSEException e) {
|
||||
log.error("Error occurred while verifying the JWT header.", e);
|
||||
return Status.FAILURE;
|
||||
} catch (Exception e) {
|
||||
log.error("Error occurred while verifying the JWT header.", e);
|
||||
return Status.FAILURE;
|
||||
}
|
||||
return Status.CONTINUE;
|
||||
return authenticationInfo;
|
||||
}
|
||||
|
||||
private String decodeAuthorizationHeader(String authorizationHeader) {
|
||||
|
||||
@ -25,16 +25,12 @@ import org.apache.commons.logging.LogFactory;
|
||||
import org.apache.tomcat.util.buf.ByteChunk;
|
||||
import org.apache.tomcat.util.buf.MessageBytes;
|
||||
import org.wso2.carbon.apimgt.core.gateway.APITokenAuthenticator;
|
||||
import org.wso2.carbon.context.PrivilegedCarbonContext;
|
||||
import org.wso2.carbon.identity.base.IdentityException;
|
||||
import org.wso2.carbon.identity.core.util.IdentityUtil;
|
||||
import org.wso2.carbon.identity.oauth2.dto.OAuth2TokenValidationRequestDTO;
|
||||
import org.wso2.carbon.identity.oauth2.dto.OAuth2TokenValidationResponseDTO;
|
||||
import org.wso2.carbon.utils.multitenancy.MultitenantUtils;
|
||||
import org.wso2.carbon.webapp.authenticator.framework.AuthenticationException;
|
||||
import org.wso2.carbon.webapp.authenticator.framework.AuthenticationFrameworkUtil;
|
||||
import org.wso2.carbon.webapp.authenticator.framework.Constants;
|
||||
import org.wso2.carbon.webapp.authenticator.framework.DataHolder;
|
||||
import org.wso2.carbon.webapp.authenticator.framework.*;
|
||||
|
||||
import java.util.StringTokenizer;
|
||||
import java.util.regex.Matcher;
|
||||
@ -55,8 +51,7 @@ public class OAuthAuthenticator implements WebappAuthenticator {
|
||||
@Override
|
||||
public boolean canHandle(Request request) {
|
||||
MessageBytes authorization =
|
||||
request.getCoyoteRequest().getMimeHeaders().
|
||||
getValue(Constants.HTTPHeaders.HEADER_HTTP_AUTHORIZATION);
|
||||
request.getCoyoteRequest().getMimeHeaders().getValue(Constants.HTTPHeaders.HEADER_HTTP_AUTHORIZATION);
|
||||
String tokenValue;
|
||||
if (authorization != null) {
|
||||
authorization.toBytes();
|
||||
@ -71,35 +66,34 @@ public class OAuthAuthenticator implements WebappAuthenticator {
|
||||
}
|
||||
|
||||
@Override
|
||||
public Status authenticate(Request request, Response response) {
|
||||
public AuthenticationInfo authenticate(Request request, Response response) {
|
||||
String requestUri = request.getRequestURI();
|
||||
String requestMethod = request.getMethod();
|
||||
AuthenticationInfo authenticationInfo = new AuthenticationInfo();
|
||||
if (requestUri == null || "".equals(requestUri)) {
|
||||
return Status.CONTINUE;
|
||||
authenticationInfo.setStatus(Status.CONTINUE);
|
||||
return authenticationInfo;
|
||||
}
|
||||
|
||||
StringTokenizer tokenizer = new StringTokenizer(requestUri, "/");
|
||||
String context = tokenizer.nextToken();
|
||||
if (context == null || "".equals(context)) {
|
||||
return Status.CONTINUE;
|
||||
authenticationInfo.setStatus(Status.CONTINUE);
|
||||
}
|
||||
String apiVersion = tokenizer.nextToken();
|
||||
String authLevel = authenticator.getResourceAuthenticationScheme(context, apiVersion,
|
||||
requestUri,
|
||||
requestMethod);
|
||||
String authLevel = authenticator.getResourceAuthenticationScheme(context, apiVersion, requestUri, requestMethod);
|
||||
//String authLevel = "any";
|
||||
try {
|
||||
if (Constants.NO_MATCHING_AUTH_SCHEME.equals(authLevel)) {
|
||||
AuthenticationFrameworkUtil
|
||||
.handleNoMatchAuthScheme(request, response, requestMethod,
|
||||
apiVersion, context);
|
||||
return Status.CONTINUE;
|
||||
AuthenticationFrameworkUtil.handleNoMatchAuthScheme(request, response, requestMethod, apiVersion,
|
||||
context);
|
||||
authenticationInfo.setStatus(Status.CONTINUE);
|
||||
} else {
|
||||
String bearerToken = this.getBearerToken(request);
|
||||
// Create a OAuth2TokenValidationRequestDTO object for validating access token
|
||||
OAuth2TokenValidationRequestDTO dto = new OAuth2TokenValidationRequestDTO();
|
||||
//Set the access token info
|
||||
OAuth2TokenValidationRequestDTO.OAuth2AccessToken oAuth2AccessToken =
|
||||
dto.new OAuth2AccessToken();
|
||||
OAuth2TokenValidationRequestDTO.OAuth2AccessToken oAuth2AccessToken = dto.new OAuth2AccessToken();
|
||||
oAuth2AccessToken.setTokenType(OAuthAuthenticator.BEARER_TOKEN_TYPE);
|
||||
oAuth2AccessToken.setIdentifier(bearerToken);
|
||||
dto.setAccessToken(oAuth2AccessToken);
|
||||
@ -115,30 +109,26 @@ public class OAuthAuthenticator implements WebappAuthenticator {
|
||||
dto.setContext(tokenValidationContextParams);
|
||||
|
||||
OAuth2TokenValidationResponseDTO oAuth2TokenValidationResponseDTO =
|
||||
DataHolder.getInstance().
|
||||
getoAuth2TokenValidationService().validate(dto);
|
||||
AuthenticatorFrameworkDataHolder.getInstance().getoAuth2TokenValidationService().validate(dto);
|
||||
if (oAuth2TokenValidationResponseDTO.isValid()) {
|
||||
String username = oAuth2TokenValidationResponseDTO.getAuthorizedUser();
|
||||
try {
|
||||
PrivilegedCarbonContext.getThreadLocalCarbonContext().setTenantId(
|
||||
IdentityUtil.getTenantIdOFUser(username));
|
||||
PrivilegedCarbonContext.getThreadLocalCarbonContext().setUsername(username);
|
||||
PrivilegedCarbonContext.getThreadLocalCarbonContext().setTenantDomain(
|
||||
MultitenantUtils.getTenantDomain(username));
|
||||
authenticationInfo.setUsername(username);
|
||||
authenticationInfo.setTenantDomain(MultitenantUtils.getTenantDomain(username));
|
||||
authenticationInfo.setTenantId(IdentityUtil.getTenantIdOFUser(username));
|
||||
} catch (IdentityException e) {
|
||||
throw new AuthenticationException(
|
||||
"Error occurred while retrieving the tenant ID of user '" +
|
||||
username + "'", e);
|
||||
"Error occurred while retrieving the tenant ID of user '" + username + "'", e);
|
||||
}
|
||||
if (oAuth2TokenValidationResponseDTO.isValid()) {
|
||||
authenticationInfo.setStatus(Status.CONTINUE);
|
||||
}
|
||||
boolean isAuthenticated = oAuth2TokenValidationResponseDTO.isValid();
|
||||
return (isAuthenticated) ? Status.SUCCESS : Status.FAILURE;
|
||||
}
|
||||
}
|
||||
} catch (AuthenticationException e) {
|
||||
log.error("Failed to authenticate the incoming request", e);
|
||||
return Status.FAILURE;
|
||||
}
|
||||
return Status.FAILURE;
|
||||
return authenticationInfo;
|
||||
}
|
||||
|
||||
@Override
|
||||
|
||||
@ -20,6 +20,7 @@ package org.wso2.carbon.webapp.authenticator.framework.authenticator;
|
||||
|
||||
import org.apache.catalina.connector.Request;
|
||||
import org.apache.catalina.connector.Response;
|
||||
import org.wso2.carbon.webapp.authenticator.framework.AuthenticationInfo;
|
||||
|
||||
public interface WebappAuthenticator {
|
||||
|
||||
@ -29,7 +30,7 @@ public interface WebappAuthenticator {
|
||||
|
||||
boolean canHandle(Request request);
|
||||
|
||||
Status authenticate(Request request, Response response);
|
||||
AuthenticationInfo authenticate(Request request, Response response);
|
||||
|
||||
String getName();
|
||||
|
||||
|
||||
@ -38,14 +38,13 @@ public class PermissionAuthorizationValve extends CarbonTomcatValve {
|
||||
@Override
|
||||
public void invoke(Request request, Response response, CompositeValve compositeValve) {
|
||||
|
||||
String permissionStatus =
|
||||
request.getContext().findParameter(AUTHORIZATION_ENABLED);
|
||||
String permissionStatus = request.getContext().findParameter(AUTHORIZATION_ENABLED);
|
||||
if (permissionStatus == null || permissionStatus.isEmpty()) {
|
||||
this.processResponse(request, response, compositeValve, WebappAuthenticator.Status.CONTINUE);
|
||||
return;
|
||||
}
|
||||
// check whether the permission checking function is enabled in web.xml
|
||||
boolean isEnabled = new Boolean(permissionStatus);
|
||||
boolean isEnabled = Boolean.valueOf(permissionStatus);
|
||||
if (!isEnabled) {
|
||||
this.processResponse(request, response, compositeValve, WebappAuthenticator.Status.CONTINUE);
|
||||
return;
|
||||
|
||||
@ -44,13 +44,11 @@ public class PermissionAuthorizer {
|
||||
String requestUri = request.getRequestURI();
|
||||
String requestMethod = request.getMethod();
|
||||
|
||||
if (requestUri == null || requestUri.isEmpty() ||
|
||||
requestMethod == null || requestMethod.isEmpty()) {
|
||||
if (requestUri == null || requestUri.isEmpty() || requestMethod == null || requestMethod.isEmpty()) {
|
||||
return WebappAuthenticator.Status.CONTINUE;
|
||||
}
|
||||
|
||||
PermissionManagerServiceImpl
|
||||
registryBasedPermissionManager = PermissionManagerServiceImpl.getInstance();
|
||||
PermissionManagerServiceImpl registryBasedPermissionManager = PermissionManagerServiceImpl.getInstance();
|
||||
Properties properties = new Properties();
|
||||
properties.put("",requestUri);
|
||||
properties.put("",requestMethod);
|
||||
|
||||
@ -27,8 +27,8 @@ import org.wso2.carbon.identity.oauth2.OAuth2TokenValidationService;
|
||||
import org.wso2.carbon.tomcat.ext.valves.CarbonTomcatValve;
|
||||
import org.wso2.carbon.tomcat.ext.valves.TomcatValveContainer;
|
||||
import org.wso2.carbon.user.core.service.RealmService;
|
||||
import org.wso2.carbon.webapp.authenticator.framework.DataHolder;
|
||||
import org.wso2.carbon.webapp.authenticator.framework.WebappAuthenticationHandler;
|
||||
import org.wso2.carbon.webapp.authenticator.framework.AuthenticatorFrameworkDataHolder;
|
||||
import org.wso2.carbon.webapp.authenticator.framework.WebappAuthenticationValve;
|
||||
import org.wso2.carbon.webapp.authenticator.framework.authenticator.WebappAuthenticator;
|
||||
import org.wso2.carbon.webapp.authenticator.framework.WebappAuthenticatorRepository;
|
||||
import org.wso2.carbon.webapp.authenticator.framework.config.AuthenticatorConfig;
|
||||
@ -77,15 +77,14 @@ public class WebappAuthenticatorFrameworkServiceComponent {
|
||||
WebappAuthenticatorConfig.init();
|
||||
WebappAuthenticatorRepository repository = new WebappAuthenticatorRepository();
|
||||
for (AuthenticatorConfig config : WebappAuthenticatorConfig.getInstance().getAuthenticators()) {
|
||||
WebappAuthenticator authenticator =
|
||||
(WebappAuthenticator) Class.forName(config.getClassName()).newInstance();
|
||||
WebappAuthenticator authenticator = (WebappAuthenticator) Class.forName(config.getClassName()).
|
||||
newInstance();
|
||||
repository.addAuthenticator(authenticator);
|
||||
}
|
||||
DataHolder.getInstance().setWebappAuthenticatorRepository(repository);
|
||||
AuthenticatorFrameworkDataHolder.getInstance().setWebappAuthenticatorRepository(repository);
|
||||
|
||||
List<CarbonTomcatValve> valves = new ArrayList<CarbonTomcatValve>();
|
||||
valves.add(new WebappAuthenticationHandler());
|
||||
//valves.add(new PermissionAuthorizationValve());
|
||||
valves.add(new WebappAuthenticationValve());
|
||||
TomcatValveContainer.addValves(valves);
|
||||
|
||||
if (log.isDebugEnabled()) {
|
||||
@ -105,18 +104,18 @@ public class WebappAuthenticatorFrameworkServiceComponent {
|
||||
if (log.isDebugEnabled()) {
|
||||
log.debug("RealmService acquired");
|
||||
}
|
||||
DataHolder.getInstance().setRealmService(realmService);
|
||||
AuthenticatorFrameworkDataHolder.getInstance().setRealmService(realmService);
|
||||
}
|
||||
|
||||
protected void unsetRealmService(RealmService realmService) {
|
||||
DataHolder.getInstance().setRealmService(null);
|
||||
AuthenticatorFrameworkDataHolder.getInstance().setRealmService(null);
|
||||
}
|
||||
|
||||
protected void setCertificateManagementService(CertificateManagementService certificateManagementService) {
|
||||
if (log.isDebugEnabled()) {
|
||||
log.debug("Setting certificate management service");
|
||||
}
|
||||
DataHolder.getInstance().setCertificateManagementService(certificateManagementService);
|
||||
AuthenticatorFrameworkDataHolder.getInstance().setCertificateManagementService(certificateManagementService);
|
||||
}
|
||||
|
||||
protected void unsetCertificateManagementService(CertificateManagementService certificateManagementService) {
|
||||
@ -124,14 +123,14 @@ public class WebappAuthenticatorFrameworkServiceComponent {
|
||||
log.debug("Removing certificate management service");
|
||||
}
|
||||
|
||||
DataHolder.getInstance().setCertificateManagementService(null);
|
||||
AuthenticatorFrameworkDataHolder.getInstance().setCertificateManagementService(null);
|
||||
}
|
||||
|
||||
protected void setSCEPManagementService(SCEPManager scepManager) {
|
||||
if (log.isDebugEnabled()) {
|
||||
log.debug("Setting SCEP management service");
|
||||
}
|
||||
DataHolder.getInstance().setScepManager(scepManager);
|
||||
AuthenticatorFrameworkDataHolder.getInstance().setScepManager(scepManager);
|
||||
}
|
||||
|
||||
protected void unsetSCEPManagementService(SCEPManager scepManager) {
|
||||
@ -139,7 +138,7 @@ public class WebappAuthenticatorFrameworkServiceComponent {
|
||||
log.debug("Removing SCEP management service");
|
||||
}
|
||||
|
||||
DataHolder.getInstance().setScepManager(null);
|
||||
AuthenticatorFrameworkDataHolder.getInstance().setScepManager(null);
|
||||
}
|
||||
|
||||
/**
|
||||
@ -151,7 +150,7 @@ public class WebappAuthenticatorFrameworkServiceComponent {
|
||||
if (log.isDebugEnabled()) {
|
||||
log.debug("Setting OAuth2TokenValidationService Service");
|
||||
}
|
||||
DataHolder.getInstance().setoAuth2TokenValidationService(tokenValidationService);
|
||||
AuthenticatorFrameworkDataHolder.getInstance().setoAuth2TokenValidationService(tokenValidationService);
|
||||
}
|
||||
|
||||
/**
|
||||
@ -163,6 +162,6 @@ public class WebappAuthenticatorFrameworkServiceComponent {
|
||||
if (log.isDebugEnabled()) {
|
||||
log.debug("Unsetting OAuth2TokenValidationService Service");
|
||||
}
|
||||
DataHolder.getInstance().setoAuth2TokenValidationService(null);
|
||||
AuthenticatorFrameworkDataHolder.getInstance().setoAuth2TokenValidationService(null);
|
||||
}
|
||||
}
|
||||
|
||||
Loading…
Reference in New Issue
Block a user