mirror of
https://repository.entgra.net/community/device-mgt-core.git
synced 2025-10-06 02:01:45 +00:00
Updated Grant Type Implementation
This commit is contained in:
ayyoob
parent
8eb29a77cc
commit
d5e756c205
@ -2,9 +2,9 @@ package org.wso2.carbon.device.mgt.oauth.extensions;
|
|||||||
|
|
||||||
|
|
||||||
/**
|
/**
|
||||||
* This hold the constants related oauth extensions.
|
* This hold the OAuthConstants related oauth extensions.
|
||||||
*/
|
*/
|
||||||
public class Constants {
|
public class OAuthConstants {
|
||||||
|
|
||||||
public static final String DEFAULT_DEVICE_ASSERTION = "device";
|
public static final String DEFAULT_DEVICE_ASSERTION = "device";
|
||||||
public static final String DEFAULT_USERNAME_IDENTIFIER = "username";
|
public static final String DEFAULT_USERNAME_IDENTIFIER = "username";
|
||||||
@ -301,7 +301,7 @@ public class OAuthExtUtils {
|
|||||||
DeviceRequestDTO deviceRequestDTO = null;
|
DeviceRequestDTO deviceRequestDTO = null;
|
||||||
RequestParameter parameters[] = tokReqMsgCtx.getOauth2AccessTokenReqDTO().getRequestParameters();
|
RequestParameter parameters[] = tokReqMsgCtx.getOauth2AccessTokenReqDTO().getRequestParameters();
|
||||||
for (RequestParameter parameter : parameters) {
|
for (RequestParameter parameter : parameters) {
|
||||||
if (Constants.DEFAULT_DEVICE_ASSERTION.equals(parameter.getKey())) {
|
if (OAuthConstants.DEFAULT_DEVICE_ASSERTION.equals(parameter.getKey())) {
|
||||||
String deviceJson = parameter.getValue()[0];
|
String deviceJson = parameter.getValue()[0];
|
||||||
Gson gson = new Gson();
|
Gson gson = new Gson();
|
||||||
deviceRequestDTO = gson.fromJson(new String(Base64.decodeBase64(deviceJson)),
|
deviceRequestDTO = gson.fromJson(new String(Base64.decodeBase64(deviceJson)),
|
||||||
@ -309,12 +309,15 @@ public class OAuthExtUtils {
|
|||||||
}
|
}
|
||||||
}
|
}
|
||||||
if (deviceRequestDTO != null) {
|
if (deviceRequestDTO != null) {
|
||||||
String scopeName = deviceRequestDTO.getScope();
|
String requestScopes = deviceRequestDTO.getScope();
|
||||||
|
String scopeNames[] = requestScopes.split(" ");
|
||||||
|
for (String scopeName : scopeNames) {
|
||||||
List<DeviceIdentifier> deviceIdentifiers = deviceRequestDTO.getDeviceIdentifiers();
|
List<DeviceIdentifier> deviceIdentifiers = deviceRequestDTO.getDeviceIdentifiers();
|
||||||
DeviceAuthorizationResult deviceAuthorizationResult = OAuthExtensionsDataHolder.getInstance()
|
DeviceAuthorizationResult deviceAuthorizationResult = OAuthExtensionsDataHolder.getInstance()
|
||||||
.getDeviceAccessAuthorizationService()
|
.getDeviceAccessAuthorizationService()
|
||||||
.isUserAuthorized(deviceIdentifiers, username, getPermissions(scopeName));
|
.isUserAuthorized(deviceIdentifiers, username, getPermissions(scopeName));
|
||||||
if (deviceAuthorizationResult != null && deviceAuthorizationResult.getAuthorizedDevices() != null) {
|
if (deviceAuthorizationResult != null &&
|
||||||
|
deviceAuthorizationResult.getAuthorizedDevices() != null) {
|
||||||
String scopes[] = tokReqMsgCtx.getScope();
|
String scopes[] = tokReqMsgCtx.getScope();
|
||||||
String authorizedScopes[] = new String[scopes.length + deviceAuthorizationResult
|
String authorizedScopes[] = new String[scopes.length + deviceAuthorizationResult
|
||||||
.getAuthorizedDevices().size()];
|
.getAuthorizedDevices().size()];
|
||||||
@ -324,13 +327,15 @@ public class OAuthExtUtils {
|
|||||||
scopeIndex++;
|
scopeIndex++;
|
||||||
}
|
}
|
||||||
for (DeviceIdentifier deviceIdentifier : deviceAuthorizationResult.getAuthorizedDevices()) {
|
for (DeviceIdentifier deviceIdentifier : deviceAuthorizationResult.getAuthorizedDevices()) {
|
||||||
authorizedScopes[scopeIndex] = DEFAULT_SCOPE_TAG + ":" + deviceIdentifier.getType() + ":" +
|
authorizedScopes[scopeIndex] =
|
||||||
|
DEFAULT_SCOPE_TAG + ":" + deviceIdentifier.getType() + ":" +
|
||||||
deviceIdentifier.getId() + ":" + scopeName;
|
deviceIdentifier.getId() + ":" + scopeName;
|
||||||
scopeIndex++;
|
scopeIndex++;
|
||||||
}
|
}
|
||||||
tokReqMsgCtx.setScope(authorizedScopes);
|
tokReqMsgCtx.setScope(authorizedScopes);
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
}
|
||||||
} catch (DeviceAccessAuthorizationException e) {
|
} catch (DeviceAccessAuthorizationException e) {
|
||||||
log.error("Error occurred while checking authorization for the user " + username, e);
|
log.error("Error occurred while checking authorization for the user " + username, e);
|
||||||
} finally {
|
} finally {
|
||||||
|
|||||||
@ -18,13 +18,10 @@
|
|||||||
|
|
||||||
package org.wso2.carbon.device.mgt.oauth.extensions.handlers.grant;
|
package org.wso2.carbon.device.mgt.oauth.extensions.handlers.grant;
|
||||||
|
|
||||||
import com.google.gson.Gson;
|
|
||||||
import org.apache.commons.codec.binary.Base64;
|
|
||||||
import org.apache.commons.logging.Log;
|
import org.apache.commons.logging.Log;
|
||||||
import org.apache.commons.logging.LogFactory;
|
import org.apache.commons.logging.LogFactory;
|
||||||
import org.wso2.carbon.apimgt.keymgt.handlers.ExtendedPasswordGrantHandler;
|
import org.wso2.carbon.apimgt.keymgt.handlers.ExtendedPasswordGrantHandler;
|
||||||
import org.wso2.carbon.device.mgt.oauth.extensions.Constants;
|
import org.wso2.carbon.device.mgt.oauth.extensions.OAuthConstants;
|
||||||
import org.wso2.carbon.device.mgt.oauth.extensions.DeviceRequestDTO;
|
|
||||||
import org.wso2.carbon.device.mgt.oauth.extensions.OAuthExtUtils;
|
import org.wso2.carbon.device.mgt.oauth.extensions.OAuthExtUtils;
|
||||||
import org.wso2.carbon.identity.oauth2.IdentityOAuth2Exception;
|
import org.wso2.carbon.identity.oauth2.IdentityOAuth2Exception;
|
||||||
import org.wso2.carbon.identity.oauth2.model.RequestParameter;
|
import org.wso2.carbon.identity.oauth2.model.RequestParameter;
|
||||||
@ -40,12 +37,12 @@ public class ExtendedDeviceMgtPasswordGrantHandler extends ExtendedPasswordGrant
|
|||||||
RequestParameter parameters[] = tokReqMsgCtx.getOauth2AccessTokenReqDTO().getRequestParameters();
|
RequestParameter parameters[] = tokReqMsgCtx.getOauth2AccessTokenReqDTO().getRequestParameters();
|
||||||
for (RequestParameter parameter : parameters) {
|
for (RequestParameter parameter : parameters) {
|
||||||
switch (parameter.getKey()) {
|
switch (parameter.getKey()) {
|
||||||
case Constants.DEFAULT_USERNAME_IDENTIFIER:
|
case OAuthConstants.DEFAULT_USERNAME_IDENTIFIER:
|
||||||
String username = parameter.getValue()[0];
|
String username = parameter.getValue()[0];
|
||||||
tokReqMsgCtx.getOauth2AccessTokenReqDTO().setResourceOwnerUsername(username);
|
tokReqMsgCtx.getOauth2AccessTokenReqDTO().setResourceOwnerUsername(username);
|
||||||
break;
|
break;
|
||||||
|
|
||||||
case Constants.DEFAULT_PASSWORD_IDENTIFIER:
|
case OAuthConstants.DEFAULT_PASSWORD_IDENTIFIER:
|
||||||
String password = parameter.getValue()[0];
|
String password = parameter.getValue()[0];
|
||||||
tokReqMsgCtx.getOauth2AccessTokenReqDTO().setResourceOwnerPassword(password);
|
tokReqMsgCtx.getOauth2AccessTokenReqDTO().setResourceOwnerPassword(password);
|
||||||
break;
|
break;
|
||||||
|
|||||||
@ -20,7 +20,7 @@ package org.wso2.carbon.device.mgt.oauth.extensions.validators;
|
|||||||
|
|
||||||
import org.apache.oltu.oauth2.common.OAuth;
|
import org.apache.oltu.oauth2.common.OAuth;
|
||||||
import org.apache.oltu.oauth2.common.validators.AbstractValidator;
|
import org.apache.oltu.oauth2.common.validators.AbstractValidator;
|
||||||
import org.wso2.carbon.device.mgt.oauth.extensions.Constants;
|
import org.wso2.carbon.device.mgt.oauth.extensions.OAuthConstants;
|
||||||
|
|
||||||
import javax.servlet.http.HttpServletRequest;
|
import javax.servlet.http.HttpServletRequest;
|
||||||
|
|
||||||
@ -34,6 +34,5 @@ public class ExtendedDeviceJWTGrantValidator extends AbstractValidator<HttpServl
|
|||||||
public ExtendedDeviceJWTGrantValidator() {
|
public ExtendedDeviceJWTGrantValidator() {
|
||||||
requiredParams.add(OAuth.OAUTH_GRANT_TYPE);
|
requiredParams.add(OAuth.OAUTH_GRANT_TYPE);
|
||||||
requiredParams.add(OAuth.OAUTH_ASSERTION);
|
requiredParams.add(OAuth.OAUTH_ASSERTION);
|
||||||
requiredParams.add(Constants.DEFAULT_DEVICE_ASSERTION);
|
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
@ -20,7 +20,7 @@ package org.wso2.carbon.device.mgt.oauth.extensions.validators;
|
|||||||
|
|
||||||
import org.apache.oltu.oauth2.common.OAuth;
|
import org.apache.oltu.oauth2.common.OAuth;
|
||||||
import org.apache.oltu.oauth2.common.validators.AbstractValidator;
|
import org.apache.oltu.oauth2.common.validators.AbstractValidator;
|
||||||
import org.wso2.carbon.device.mgt.oauth.extensions.Constants;
|
import org.wso2.carbon.device.mgt.oauth.extensions.OAuthConstants;
|
||||||
|
|
||||||
import javax.servlet.http.HttpServletRequest;
|
import javax.servlet.http.HttpServletRequest;
|
||||||
|
|
||||||
@ -32,6 +32,6 @@ public class ExtendedDevicePasswordGrantValidator extends AbstractValidator<Http
|
|||||||
public ExtendedDevicePasswordGrantValidator() {
|
public ExtendedDevicePasswordGrantValidator() {
|
||||||
requiredParams.add(OAuth.OAUTH_USERNAME);
|
requiredParams.add(OAuth.OAUTH_USERNAME);
|
||||||
requiredParams.add(OAuth.OAUTH_PASSWORD);
|
requiredParams.add(OAuth.OAUTH_PASSWORD);
|
||||||
requiredParams.add(Constants.DEFAULT_DEVICE_ASSERTION);
|
requiredParams.add(OAuthConstants.DEFAULT_DEVICE_ASSERTION);
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
@ -44,6 +44,7 @@ import java.security.KeyStoreException;
|
|||||||
import java.security.NoSuchAlgorithmException;
|
import java.security.NoSuchAlgorithmException;
|
||||||
import java.util.ArrayList;
|
import java.util.ArrayList;
|
||||||
import java.util.List;
|
import java.util.List;
|
||||||
|
import java.util.Map;
|
||||||
|
|
||||||
/**
|
/**
|
||||||
* this class represents an implementation of Token Client which is based on JWT
|
* this class represents an implementation of Token Client which is based on JWT
|
||||||
@ -63,14 +64,10 @@ public class JWTClient {
|
|||||||
this.isDefaultJWTClient = isDefaultJWTClient;
|
this.isDefaultJWTClient = isDefaultJWTClient;
|
||||||
}
|
}
|
||||||
|
|
||||||
|
|
||||||
/**
|
|
||||||
* {@inheritDoc}
|
|
||||||
*/
|
|
||||||
public AccessTokenInfo getAccessToken(String consumerKey, String consumerSecret, String username, String scopes)
|
public AccessTokenInfo getAccessToken(String consumerKey, String consumerSecret, String username, String scopes)
|
||||||
throws JWTClientException {
|
throws JWTClientException {
|
||||||
List<NameValuePair> params = new ArrayList<>();
|
List<NameValuePair> params = new ArrayList<>();
|
||||||
params.add(new BasicNameValuePair(JWTConstants.GRANT_TYPE_PARAM_NAME, JWTConstants.JWT_GRANT_TYPE));
|
params.add(new BasicNameValuePair(JWTConstants.GRANT_TYPE_PARAM_NAME, jwtConfig.getJwtGrantType()));
|
||||||
String assertion = JWTClientUtil.generateSignedJWTAssertion(username, jwtConfig, isDefaultJWTClient);
|
String assertion = JWTClientUtil.generateSignedJWTAssertion(username, jwtConfig, isDefaultJWTClient);
|
||||||
if (assertion == null) {
|
if (assertion == null) {
|
||||||
throw new JWTClientException("JWT is not configured properly for user : " + username);
|
throw new JWTClientException("JWT is not configured properly for user : " + username);
|
||||||
@ -80,9 +77,26 @@ public class JWTClient {
|
|||||||
return getTokenInfo(params, consumerKey, consumerSecret);
|
return getTokenInfo(params, consumerKey, consumerSecret);
|
||||||
}
|
}
|
||||||
|
|
||||||
/**
|
public AccessTokenInfo getAccessToken(String consumerKey, String consumerSecret, String username, String scopes,
|
||||||
* {@inheritDoc}
|
Map<String, String> paramsMap)
|
||||||
*/
|
throws JWTClientException {
|
||||||
|
List<NameValuePair> params = new ArrayList<>();
|
||||||
|
params.add(new BasicNameValuePair(JWTConstants.GRANT_TYPE_PARAM_NAME, jwtConfig.getJwtGrantType()));
|
||||||
|
String assertion = JWTClientUtil.generateSignedJWTAssertion(username, jwtConfig, isDefaultJWTClient);
|
||||||
|
if (assertion == null) {
|
||||||
|
throw new JWTClientException("JWT is not configured properly for user : " + username);
|
||||||
|
}
|
||||||
|
params.add(new BasicNameValuePair(JWTConstants.JWT_PARAM_NAME, assertion));
|
||||||
|
params.add(new BasicNameValuePair(JWTConstants.SCOPE_PARAM_NAME, scopes));
|
||||||
|
if (paramsMap != null) {
|
||||||
|
for (String key : paramsMap.keySet()) {
|
||||||
|
params.add(new BasicNameValuePair(key, paramsMap.get(key)));
|
||||||
|
}
|
||||||
|
}
|
||||||
|
return getTokenInfo(params, consumerKey, consumerSecret);
|
||||||
|
}
|
||||||
|
|
||||||
|
|
||||||
public AccessTokenInfo getAccessTokenFromRefreshToken(String refreshToken, String username, String scopes,
|
public AccessTokenInfo getAccessTokenFromRefreshToken(String refreshToken, String username, String scopes,
|
||||||
String consumerKey, String consumerSecret)
|
String consumerKey, String consumerSecret)
|
||||||
throws JWTClientException {
|
throws JWTClientException {
|
||||||
|
|||||||
@ -23,7 +23,7 @@ package org.wso2.carbon.identity.jwt.client.extension.constant;
|
|||||||
public class JWTConstants {
|
public class JWTConstants {
|
||||||
public static final String OAUTH_EXPIRES_IN = "expires_in";
|
public static final String OAUTH_EXPIRES_IN = "expires_in";
|
||||||
public static final String OAUTH_TOKEN_TYPE = "token_type";
|
public static final String OAUTH_TOKEN_TYPE = "token_type";
|
||||||
public static final String JWT_GRANT_TYPE = "urn:ietf:params:oauth:grant-type:device-mgt:jwt-bearer";
|
public static final String JWT_GRANT_TYPE = "urn:ietf:params:oauth:grant-type:jwt-bearer";
|
||||||
public static final String GRANT_TYPE_PARAM_NAME = "grant_type";
|
public static final String GRANT_TYPE_PARAM_NAME = "grant_type";
|
||||||
public static final String REFRESH_TOKEN_GRANT_TYPE = "refresh_token";
|
public static final String REFRESH_TOKEN_GRANT_TYPE = "refresh_token";
|
||||||
public static final String REFRESH_TOKEN_GRANT_TYPE_PARAM_NAME = "refresh_token";
|
public static final String REFRESH_TOKEN_GRANT_TYPE_PARAM_NAME = "refresh_token";
|
||||||
|
|||||||
@ -1,6 +1,7 @@
|
|||||||
package org.wso2.carbon.identity.jwt.client.extension.dto;
|
package org.wso2.carbon.identity.jwt.client.extension.dto;
|
||||||
|
|
||||||
import org.wso2.carbon.core.util.Utils;
|
import org.wso2.carbon.core.util.Utils;
|
||||||
|
import org.wso2.carbon.identity.jwt.client.extension.constant.JWTConstants;
|
||||||
|
|
||||||
import java.util.ArrayList;
|
import java.util.ArrayList;
|
||||||
import java.util.List;
|
import java.util.List;
|
||||||
@ -20,6 +21,7 @@ public class JWTConfig {
|
|||||||
private static final String JKS_PASSWORD ="KeyStorePassword";
|
private static final String JKS_PASSWORD ="KeyStorePassword";
|
||||||
private static final String JKA_PRIVATE_KEY_PASSWORD = "PrivateKeyPassword";
|
private static final String JKA_PRIVATE_KEY_PASSWORD = "PrivateKeyPassword";
|
||||||
private static final String TOKEN_ENDPOINT = "TokenEndpoint";
|
private static final String TOKEN_ENDPOINT = "TokenEndpoint";
|
||||||
|
private static final String JWT_GRANT_TYPE_NAME = "GrantType";
|
||||||
|
|
||||||
/**
|
/**
|
||||||
* issuer of the JWT
|
* issuer of the JWT
|
||||||
@ -69,6 +71,11 @@ public class JWTConfig {
|
|||||||
private String privateKeyAlias;
|
private String privateKeyAlias;
|
||||||
private String privateKeyPassword;
|
private String privateKeyPassword;
|
||||||
|
|
||||||
|
/**
|
||||||
|
* Jwt Grant Type Name
|
||||||
|
*/
|
||||||
|
private String jwtGrantType;
|
||||||
|
|
||||||
/**
|
/**
|
||||||
* @param properties load the config from the properties file.
|
* @param properties load the config from the properties file.
|
||||||
*/
|
*/
|
||||||
@ -89,6 +96,8 @@ public class JWTConfig {
|
|||||||
privateKeyAlias = properties.getProperty(JKS_PRIVATE_KEY_ALIAS);
|
privateKeyAlias = properties.getProperty(JKS_PRIVATE_KEY_ALIAS);
|
||||||
privateKeyPassword = properties.getProperty(JKA_PRIVATE_KEY_PASSWORD);
|
privateKeyPassword = properties.getProperty(JKA_PRIVATE_KEY_PASSWORD);
|
||||||
tokenEndpoint = properties.getProperty(TOKEN_ENDPOINT, "");
|
tokenEndpoint = properties.getProperty(TOKEN_ENDPOINT, "");
|
||||||
|
jwtGrantType = properties.getProperty(JWT_GRANT_TYPE_NAME, JWTConstants.JWT_GRANT_TYPE);
|
||||||
|
|
||||||
}
|
}
|
||||||
|
|
||||||
private static List<String> getAudience(String audience){
|
private static List<String> getAudience(String audience){
|
||||||
@ -146,4 +155,8 @@ public class JWTConfig {
|
|||||||
public String getTokenEndpoint() {
|
public String getTokenEndpoint() {
|
||||||
return Utils.replaceSystemProperty(tokenEndpoint);
|
return Utils.replaceSystemProperty(tokenEndpoint);
|
||||||
}
|
}
|
||||||
|
|
||||||
|
public String getJwtGrantType() {
|
||||||
|
return jwtGrantType;
|
||||||
|
}
|
||||||
}
|
}
|
||||||
|
|||||||
5
pom.xml
5
pom.xml
@ -780,6 +780,11 @@
|
|||||||
<artifactId>org.wso2.carbon.apimgt.keymgt.client</artifactId>
|
<artifactId>org.wso2.carbon.apimgt.keymgt.client</artifactId>
|
||||||
<version>${carbon.api.mgt.version}</version>
|
<version>${carbon.api.mgt.version}</version>
|
||||||
</dependency>
|
</dependency>
|
||||||
|
<dependency>
|
||||||
|
<groupId>org.wso2.carbon.apimgt</groupId>
|
||||||
|
<artifactId>org.wso2.carbon.apimgt.keymgt</artifactId>
|
||||||
|
<version>${carbon.api.mgt.version}</version>
|
||||||
|
</dependency>
|
||||||
<dependency>
|
<dependency>
|
||||||
<groupId>org.wso2.carbon.apimgt</groupId>
|
<groupId>org.wso2.carbon.apimgt</groupId>
|
||||||
<artifactId>org.wso2.carbon.apimgt.impl</artifactId>
|
<artifactId>org.wso2.carbon.apimgt.impl</artifactId>
|
||||||
|
|||||||
Loading…
Reference in New Issue
Block a user