mirror of
https://repository.entgra.net/community/device-mgt-core.git
synced 2025-10-06 02:01:45 +00:00
Updated Grant Type Implementation
This commit is contained in:
ayyoob
parent
8eb29a77cc
commit
d5e756c205
@ -2,9 +2,9 @@ package org.wso2.carbon.device.mgt.oauth.extensions;
|
||||
|
||||
|
||||
/**
|
||||
* This hold the constants related oauth extensions.
|
||||
* This hold the OAuthConstants related oauth extensions.
|
||||
*/
|
||||
public class Constants {
|
||||
public class OAuthConstants {
|
||||
|
||||
public static final String DEFAULT_DEVICE_ASSERTION = "device";
|
||||
public static final String DEFAULT_USERNAME_IDENTIFIER = "username";
|
||||
@ -301,7 +301,7 @@ public class OAuthExtUtils {
|
||||
DeviceRequestDTO deviceRequestDTO = null;
|
||||
RequestParameter parameters[] = tokReqMsgCtx.getOauth2AccessTokenReqDTO().getRequestParameters();
|
||||
for (RequestParameter parameter : parameters) {
|
||||
if (Constants.DEFAULT_DEVICE_ASSERTION.equals(parameter.getKey())) {
|
||||
if (OAuthConstants.DEFAULT_DEVICE_ASSERTION.equals(parameter.getKey())) {
|
||||
String deviceJson = parameter.getValue()[0];
|
||||
Gson gson = new Gson();
|
||||
deviceRequestDTO = gson.fromJson(new String(Base64.decodeBase64(deviceJson)),
|
||||
@ -309,12 +309,15 @@ public class OAuthExtUtils {
|
||||
}
|
||||
}
|
||||
if (deviceRequestDTO != null) {
|
||||
String scopeName = deviceRequestDTO.getScope();
|
||||
String requestScopes = deviceRequestDTO.getScope();
|
||||
String scopeNames[] = requestScopes.split(" ");
|
||||
for (String scopeName : scopeNames) {
|
||||
List<DeviceIdentifier> deviceIdentifiers = deviceRequestDTO.getDeviceIdentifiers();
|
||||
DeviceAuthorizationResult deviceAuthorizationResult = OAuthExtensionsDataHolder.getInstance()
|
||||
.getDeviceAccessAuthorizationService()
|
||||
.isUserAuthorized(deviceIdentifiers, username, getPermissions(scopeName));
|
||||
if (deviceAuthorizationResult != null && deviceAuthorizationResult.getAuthorizedDevices() != null) {
|
||||
if (deviceAuthorizationResult != null &&
|
||||
deviceAuthorizationResult.getAuthorizedDevices() != null) {
|
||||
String scopes[] = tokReqMsgCtx.getScope();
|
||||
String authorizedScopes[] = new String[scopes.length + deviceAuthorizationResult
|
||||
.getAuthorizedDevices().size()];
|
||||
@ -324,13 +327,15 @@ public class OAuthExtUtils {
|
||||
scopeIndex++;
|
||||
}
|
||||
for (DeviceIdentifier deviceIdentifier : deviceAuthorizationResult.getAuthorizedDevices()) {
|
||||
authorizedScopes[scopeIndex] = DEFAULT_SCOPE_TAG + ":" + deviceIdentifier.getType() + ":" +
|
||||
authorizedScopes[scopeIndex] =
|
||||
DEFAULT_SCOPE_TAG + ":" + deviceIdentifier.getType() + ":" +
|
||||
deviceIdentifier.getId() + ":" + scopeName;
|
||||
scopeIndex++;
|
||||
}
|
||||
tokReqMsgCtx.setScope(authorizedScopes);
|
||||
}
|
||||
}
|
||||
}
|
||||
} catch (DeviceAccessAuthorizationException e) {
|
||||
log.error("Error occurred while checking authorization for the user " + username, e);
|
||||
} finally {
|
||||
|
||||
@ -18,13 +18,10 @@
|
||||
|
||||
package org.wso2.carbon.device.mgt.oauth.extensions.handlers.grant;
|
||||
|
||||
import com.google.gson.Gson;
|
||||
import org.apache.commons.codec.binary.Base64;
|
||||
import org.apache.commons.logging.Log;
|
||||
import org.apache.commons.logging.LogFactory;
|
||||
import org.wso2.carbon.apimgt.keymgt.handlers.ExtendedPasswordGrantHandler;
|
||||
import org.wso2.carbon.device.mgt.oauth.extensions.Constants;
|
||||
import org.wso2.carbon.device.mgt.oauth.extensions.DeviceRequestDTO;
|
||||
import org.wso2.carbon.device.mgt.oauth.extensions.OAuthConstants;
|
||||
import org.wso2.carbon.device.mgt.oauth.extensions.OAuthExtUtils;
|
||||
import org.wso2.carbon.identity.oauth2.IdentityOAuth2Exception;
|
||||
import org.wso2.carbon.identity.oauth2.model.RequestParameter;
|
||||
@ -40,12 +37,12 @@ public class ExtendedDeviceMgtPasswordGrantHandler extends ExtendedPasswordGrant
|
||||
RequestParameter parameters[] = tokReqMsgCtx.getOauth2AccessTokenReqDTO().getRequestParameters();
|
||||
for (RequestParameter parameter : parameters) {
|
||||
switch (parameter.getKey()) {
|
||||
case Constants.DEFAULT_USERNAME_IDENTIFIER:
|
||||
case OAuthConstants.DEFAULT_USERNAME_IDENTIFIER:
|
||||
String username = parameter.getValue()[0];
|
||||
tokReqMsgCtx.getOauth2AccessTokenReqDTO().setResourceOwnerUsername(username);
|
||||
break;
|
||||
|
||||
case Constants.DEFAULT_PASSWORD_IDENTIFIER:
|
||||
case OAuthConstants.DEFAULT_PASSWORD_IDENTIFIER:
|
||||
String password = parameter.getValue()[0];
|
||||
tokReqMsgCtx.getOauth2AccessTokenReqDTO().setResourceOwnerPassword(password);
|
||||
break;
|
||||
|
||||
@ -20,7 +20,7 @@ package org.wso2.carbon.device.mgt.oauth.extensions.validators;
|
||||
|
||||
import org.apache.oltu.oauth2.common.OAuth;
|
||||
import org.apache.oltu.oauth2.common.validators.AbstractValidator;
|
||||
import org.wso2.carbon.device.mgt.oauth.extensions.Constants;
|
||||
import org.wso2.carbon.device.mgt.oauth.extensions.OAuthConstants;
|
||||
|
||||
import javax.servlet.http.HttpServletRequest;
|
||||
|
||||
@ -34,6 +34,5 @@ public class ExtendedDeviceJWTGrantValidator extends AbstractValidator<HttpServl
|
||||
public ExtendedDeviceJWTGrantValidator() {
|
||||
requiredParams.add(OAuth.OAUTH_GRANT_TYPE);
|
||||
requiredParams.add(OAuth.OAUTH_ASSERTION);
|
||||
requiredParams.add(Constants.DEFAULT_DEVICE_ASSERTION);
|
||||
}
|
||||
}
|
||||
@ -20,7 +20,7 @@ package org.wso2.carbon.device.mgt.oauth.extensions.validators;
|
||||
|
||||
import org.apache.oltu.oauth2.common.OAuth;
|
||||
import org.apache.oltu.oauth2.common.validators.AbstractValidator;
|
||||
import org.wso2.carbon.device.mgt.oauth.extensions.Constants;
|
||||
import org.wso2.carbon.device.mgt.oauth.extensions.OAuthConstants;
|
||||
|
||||
import javax.servlet.http.HttpServletRequest;
|
||||
|
||||
@ -32,6 +32,6 @@ public class ExtendedDevicePasswordGrantValidator extends AbstractValidator<Http
|
||||
public ExtendedDevicePasswordGrantValidator() {
|
||||
requiredParams.add(OAuth.OAUTH_USERNAME);
|
||||
requiredParams.add(OAuth.OAUTH_PASSWORD);
|
||||
requiredParams.add(Constants.DEFAULT_DEVICE_ASSERTION);
|
||||
requiredParams.add(OAuthConstants.DEFAULT_DEVICE_ASSERTION);
|
||||
}
|
||||
}
|
||||
@ -44,6 +44,7 @@ import java.security.KeyStoreException;
|
||||
import java.security.NoSuchAlgorithmException;
|
||||
import java.util.ArrayList;
|
||||
import java.util.List;
|
||||
import java.util.Map;
|
||||
|
||||
/**
|
||||
* this class represents an implementation of Token Client which is based on JWT
|
||||
@ -63,14 +64,10 @@ public class JWTClient {
|
||||
this.isDefaultJWTClient = isDefaultJWTClient;
|
||||
}
|
||||
|
||||
|
||||
/**
|
||||
* {@inheritDoc}
|
||||
*/
|
||||
public AccessTokenInfo getAccessToken(String consumerKey, String consumerSecret, String username, String scopes)
|
||||
throws JWTClientException {
|
||||
List<NameValuePair> params = new ArrayList<>();
|
||||
params.add(new BasicNameValuePair(JWTConstants.GRANT_TYPE_PARAM_NAME, JWTConstants.JWT_GRANT_TYPE));
|
||||
params.add(new BasicNameValuePair(JWTConstants.GRANT_TYPE_PARAM_NAME, jwtConfig.getJwtGrantType()));
|
||||
String assertion = JWTClientUtil.generateSignedJWTAssertion(username, jwtConfig, isDefaultJWTClient);
|
||||
if (assertion == null) {
|
||||
throw new JWTClientException("JWT is not configured properly for user : " + username);
|
||||
@ -80,9 +77,26 @@ public class JWTClient {
|
||||
return getTokenInfo(params, consumerKey, consumerSecret);
|
||||
}
|
||||
|
||||
/**
|
||||
* {@inheritDoc}
|
||||
*/
|
||||
public AccessTokenInfo getAccessToken(String consumerKey, String consumerSecret, String username, String scopes,
|
||||
Map<String, String> paramsMap)
|
||||
throws JWTClientException {
|
||||
List<NameValuePair> params = new ArrayList<>();
|
||||
params.add(new BasicNameValuePair(JWTConstants.GRANT_TYPE_PARAM_NAME, jwtConfig.getJwtGrantType()));
|
||||
String assertion = JWTClientUtil.generateSignedJWTAssertion(username, jwtConfig, isDefaultJWTClient);
|
||||
if (assertion == null) {
|
||||
throw new JWTClientException("JWT is not configured properly for user : " + username);
|
||||
}
|
||||
params.add(new BasicNameValuePair(JWTConstants.JWT_PARAM_NAME, assertion));
|
||||
params.add(new BasicNameValuePair(JWTConstants.SCOPE_PARAM_NAME, scopes));
|
||||
if (paramsMap != null) {
|
||||
for (String key : paramsMap.keySet()) {
|
||||
params.add(new BasicNameValuePair(key, paramsMap.get(key)));
|
||||
}
|
||||
}
|
||||
return getTokenInfo(params, consumerKey, consumerSecret);
|
||||
}
|
||||
|
||||
|
||||
public AccessTokenInfo getAccessTokenFromRefreshToken(String refreshToken, String username, String scopes,
|
||||
String consumerKey, String consumerSecret)
|
||||
throws JWTClientException {
|
||||
|
||||
@ -23,7 +23,7 @@ package org.wso2.carbon.identity.jwt.client.extension.constant;
|
||||
public class JWTConstants {
|
||||
public static final String OAUTH_EXPIRES_IN = "expires_in";
|
||||
public static final String OAUTH_TOKEN_TYPE = "token_type";
|
||||
public static final String JWT_GRANT_TYPE = "urn:ietf:params:oauth:grant-type:device-mgt:jwt-bearer";
|
||||
public static final String JWT_GRANT_TYPE = "urn:ietf:params:oauth:grant-type:jwt-bearer";
|
||||
public static final String GRANT_TYPE_PARAM_NAME = "grant_type";
|
||||
public static final String REFRESH_TOKEN_GRANT_TYPE = "refresh_token";
|
||||
public static final String REFRESH_TOKEN_GRANT_TYPE_PARAM_NAME = "refresh_token";
|
||||
|
||||
@ -1,6 +1,7 @@
|
||||
package org.wso2.carbon.identity.jwt.client.extension.dto;
|
||||
|
||||
import org.wso2.carbon.core.util.Utils;
|
||||
import org.wso2.carbon.identity.jwt.client.extension.constant.JWTConstants;
|
||||
|
||||
import java.util.ArrayList;
|
||||
import java.util.List;
|
||||
@ -20,6 +21,7 @@ public class JWTConfig {
|
||||
private static final String JKS_PASSWORD ="KeyStorePassword";
|
||||
private static final String JKA_PRIVATE_KEY_PASSWORD = "PrivateKeyPassword";
|
||||
private static final String TOKEN_ENDPOINT = "TokenEndpoint";
|
||||
private static final String JWT_GRANT_TYPE_NAME = "GrantType";
|
||||
|
||||
/**
|
||||
* issuer of the JWT
|
||||
@ -69,6 +71,11 @@ public class JWTConfig {
|
||||
private String privateKeyAlias;
|
||||
private String privateKeyPassword;
|
||||
|
||||
/**
|
||||
* Jwt Grant Type Name
|
||||
*/
|
||||
private String jwtGrantType;
|
||||
|
||||
/**
|
||||
* @param properties load the config from the properties file.
|
||||
*/
|
||||
@ -89,6 +96,8 @@ public class JWTConfig {
|
||||
privateKeyAlias = properties.getProperty(JKS_PRIVATE_KEY_ALIAS);
|
||||
privateKeyPassword = properties.getProperty(JKA_PRIVATE_KEY_PASSWORD);
|
||||
tokenEndpoint = properties.getProperty(TOKEN_ENDPOINT, "");
|
||||
jwtGrantType = properties.getProperty(JWT_GRANT_TYPE_NAME, JWTConstants.JWT_GRANT_TYPE);
|
||||
|
||||
}
|
||||
|
||||
private static List<String> getAudience(String audience){
|
||||
@ -146,4 +155,8 @@ public class JWTConfig {
|
||||
public String getTokenEndpoint() {
|
||||
return Utils.replaceSystemProperty(tokenEndpoint);
|
||||
}
|
||||
|
||||
public String getJwtGrantType() {
|
||||
return jwtGrantType;
|
||||
}
|
||||
}
|
||||
|
||||
5
pom.xml
5
pom.xml
@ -780,6 +780,11 @@
|
||||
<artifactId>org.wso2.carbon.apimgt.keymgt.client</artifactId>
|
||||
<version>${carbon.api.mgt.version}</version>
|
||||
</dependency>
|
||||
<dependency>
|
||||
<groupId>org.wso2.carbon.apimgt</groupId>
|
||||
<artifactId>org.wso2.carbon.apimgt.keymgt</artifactId>
|
||||
<version>${carbon.api.mgt.version}</version>
|
||||
</dependency>
|
||||
<dependency>
|
||||
<groupId>org.wso2.carbon.apimgt</groupId>
|
||||
<artifactId>org.wso2.carbon.apimgt.impl</artifactId>
|
||||
|
||||
Loading…
Reference in New Issue
Block a user