mirror of
https://repository.entgra.net/community/device-mgt-core.git
synced 2025-10-06 02:01:45 +00:00
Fixed conflicts
This commit is contained in:
mharindu
commit
efc9fc3265
@ -78,7 +78,10 @@ public class APIPublisherServiceImpl implements APIPublisherService {
|
||||
+ api.getId().getVersion() + "'");
|
||||
}
|
||||
} else {
|
||||
api.setStatus(provider.getAPI(api.getId()).getStatus());
|
||||
if (provider.getAPI(api.getId()).getStatus() == APIStatus.CREATED) {
|
||||
provider.changeLifeCycleStatus(api.getId(), PUBLISH_ACTION);
|
||||
}
|
||||
api.setStatus(APIStatus.PUBLISHED);
|
||||
provider.updateAPI(api);
|
||||
if (log.isDebugEnabled()) {
|
||||
log.debug("An API already exists with the name '" + api.getId().getApiName() +
|
||||
|
||||
@ -18,6 +18,7 @@
|
||||
|
||||
package org.wso2.carbon.apimgt.webapp.publisher;
|
||||
|
||||
import org.apache.commons.lang.StringUtils;
|
||||
import org.apache.commons.logging.Log;
|
||||
import org.apache.commons.logging.LogFactory;
|
||||
import org.wso2.carbon.apimgt.api.APIManagementException;
|
||||
@ -111,7 +112,8 @@ public class APIPublisherUtil {
|
||||
// adding scopes to the api
|
||||
Set<URITemplate> uriTemplates = config.getUriTemplates();
|
||||
Map<String, Scope> apiScopes = new HashMap<>();
|
||||
|
||||
Scope existingScope;
|
||||
String existingPermissions;
|
||||
if (uriTemplates != null) {
|
||||
// this creates distinct scopes list
|
||||
for (URITemplate template : uriTemplates) {
|
||||
@ -119,6 +121,12 @@ public class APIPublisherUtil {
|
||||
if (scope != null) {
|
||||
if (apiScopes.get(scope.getKey()) == null) {
|
||||
apiScopes.put(scope.getKey(), scope);
|
||||
} else {
|
||||
existingScope = apiScopes.get(scope.getKey());
|
||||
existingPermissions = existingScope.getRoles();
|
||||
existingPermissions = getDistinctPermissions(existingPermissions + "," + scope.getRoles());
|
||||
existingScope.setRoles(existingPermissions);
|
||||
apiScopes.put(scope.getKey(), existingScope);
|
||||
}
|
||||
}
|
||||
}
|
||||
@ -300,4 +308,9 @@ public class APIPublisherUtil {
|
||||
return apiConfig;
|
||||
}
|
||||
|
||||
private static String getDistinctPermissions(String permissions) {
|
||||
String[] unique = new HashSet<String>(Arrays.asList(permissions.split(","))).toArray(new String[0]);
|
||||
return StringUtils.join(unique, ",");
|
||||
}
|
||||
|
||||
}
|
||||
|
||||
@ -117,7 +117,10 @@
|
||||
org.apache.axiom.soap.impl.builder,
|
||||
org.apache.axiom.om,
|
||||
org.apache.axiom.om.impl.builder,
|
||||
org.apache.axiom.om.util
|
||||
org.apache.axiom.om.util,
|
||||
org.wso2.carbon.registry.core.*,
|
||||
org.wso2.carbon.registry.common.*;version="${carbon.registry.imp.pkg.version.range}",
|
||||
org.wso2.carbon.registry.indexing.*; version="${carbon.registry.imp.pkg.version.range}",
|
||||
</Import-Package>
|
||||
</instructions>
|
||||
</configuration>
|
||||
@ -214,6 +217,14 @@
|
||||
<groupId>commons-pool.wso2</groupId>
|
||||
<artifactId>commons-pool</artifactId>
|
||||
</dependency>
|
||||
<dependency>
|
||||
<groupId>org.wso2.carbon.registry</groupId>
|
||||
<artifactId>org.wso2.carbon.registry.indexing</artifactId>
|
||||
</dependency>
|
||||
<dependency>
|
||||
<groupId>org.wso2.carbon</groupId>
|
||||
<artifactId>org.wso2.carbon.registry.core</artifactId>
|
||||
</dependency>
|
||||
</dependencies>
|
||||
|
||||
</project>
|
||||
|
||||
@ -21,6 +21,8 @@ package org.wso2.carbon.webapp.authenticator.framework;
|
||||
import org.wso2.carbon.certificate.mgt.core.service.CertificateManagementService;
|
||||
import org.wso2.carbon.device.mgt.core.scep.SCEPManager;
|
||||
import org.wso2.carbon.identity.oauth2.OAuth2TokenValidationService;
|
||||
import org.wso2.carbon.registry.core.service.TenantRegistryLoader;
|
||||
import org.wso2.carbon.registry.indexing.service.TenantIndexingLoader;
|
||||
import org.wso2.carbon.user.core.service.RealmService;
|
||||
|
||||
public class AuthenticatorFrameworkDataHolder {
|
||||
@ -30,6 +32,8 @@ public class AuthenticatorFrameworkDataHolder {
|
||||
private CertificateManagementService certificateManagementService;
|
||||
private SCEPManager scepManager;
|
||||
private OAuth2TokenValidationService oAuth2TokenValidationService;
|
||||
private TenantIndexingLoader tenantIndexingLoader;
|
||||
private TenantRegistryLoader tenantRegistryLoader;
|
||||
|
||||
private static AuthenticatorFrameworkDataHolder
|
||||
thisInstance = new AuthenticatorFrameworkDataHolder();
|
||||
@ -92,4 +96,21 @@ public class AuthenticatorFrameworkDataHolder {
|
||||
OAuth2TokenValidationService oAuth2TokenValidationService) {
|
||||
this.oAuth2TokenValidationService = oAuth2TokenValidationService;
|
||||
}
|
||||
|
||||
public TenantIndexingLoader getTenantIndexingLoader() {
|
||||
return tenantIndexingLoader;
|
||||
}
|
||||
|
||||
public void setTenantIndexingLoader(
|
||||
TenantIndexingLoader tenantIndexingLoader) {
|
||||
this.tenantIndexingLoader = tenantIndexingLoader;
|
||||
}
|
||||
|
||||
public void setTenantRegistryLoader(TenantRegistryLoader tenantRegistryLoader) {
|
||||
this.tenantRegistryLoader = tenantRegistryLoader;
|
||||
}
|
||||
|
||||
public TenantRegistryLoader getTenantRegistryLoader() {
|
||||
return tenantRegistryLoader;
|
||||
}
|
||||
}
|
||||
|
||||
@ -22,23 +22,24 @@ import com.nimbusds.jose.JOSEException;
|
||||
import com.nimbusds.jose.JWSVerifier;
|
||||
import com.nimbusds.jose.crypto.RSASSAVerifier;
|
||||
import com.nimbusds.jwt.SignedJWT;
|
||||
import org.apache.axiom.util.base64.Base64Utils;
|
||||
import org.apache.axis2.transport.http.HTTPConstants;
|
||||
import org.apache.catalina.connector.Request;
|
||||
import org.apache.catalina.connector.Response;
|
||||
import org.apache.commons.logging.Log;
|
||||
import org.apache.commons.logging.LogFactory;
|
||||
import org.wso2.carbon.core.util.KeyStoreManager;
|
||||
import org.wso2.carbon.user.api.TenantManager;
|
||||
import org.wso2.carbon.registry.core.exceptions.RegistryException;
|
||||
import org.wso2.carbon.registry.core.service.TenantRegistryLoader;
|
||||
import org.wso2.carbon.user.api.UserStoreException;
|
||||
import org.wso2.carbon.user.api.UserStoreManager;
|
||||
import org.wso2.carbon.utils.multitenancy.MultitenantConstants;
|
||||
import org.wso2.carbon.utils.multitenancy.MultitenantUtils;
|
||||
import org.wso2.carbon.webapp.authenticator.framework.AuthenticationInfo;
|
||||
import org.wso2.carbon.webapp.authenticator.framework.AuthenticatorFrameworkDataHolder;
|
||||
|
||||
import java.security.PublicKey;
|
||||
import java.security.interfaces.RSAPublicKey;
|
||||
import java.text.ParseException;
|
||||
import java.util.HashMap;
|
||||
import java.util.Map;
|
||||
import java.util.Properties;
|
||||
import java.util.StringTokenizer;
|
||||
|
||||
@ -48,10 +49,11 @@ import java.util.StringTokenizer;
|
||||
public class JWTAuthenticator implements WebappAuthenticator {
|
||||
|
||||
private static final Log log = LogFactory.getLog(JWTAuthenticator.class);
|
||||
public static final String SIGNED_JWT_AUTH_USERNAME = "http://wso2.org/claims/enduser";
|
||||
private static final String SIGNED_JWT_AUTH_USERNAME = "http://wso2.org/claims/enduser";
|
||||
private static final String SIGNED_JWT_AUTH_TENANT_ID = "http://wso2.org/claims/enduserTenantId";
|
||||
private static final String JWT_AUTHENTICATOR = "JWT";
|
||||
private static final String JWT_ASSERTION_HEADER = "X-JWT-Assertion";
|
||||
|
||||
private static final Map<String, PublicKey> publicKeyHolder = new HashMap<>();
|
||||
@Override
|
||||
public void init() {
|
||||
|
||||
@ -79,20 +81,26 @@ public class JWTAuthenticator implements WebappAuthenticator {
|
||||
authenticationInfo.setStatus(Status.CONTINUE);
|
||||
}
|
||||
|
||||
//Get the filesystem keystore default primary certificate
|
||||
KeyStoreManager keyStoreManager = KeyStoreManager.getInstance(MultitenantConstants.SUPER_TENANT_ID);
|
||||
try {
|
||||
keyStoreManager.getDefaultPrimaryCertificate();
|
||||
String authorizationHeader = request.getHeader(JWT_ASSERTION_HEADER);
|
||||
JWSVerifier verifier = new RSASSAVerifier((RSAPublicKey) keyStoreManager.getDefaultPublicKey());
|
||||
|
||||
SignedJWT jwsObject = SignedJWT.parse(authorizationHeader);
|
||||
if (jwsObject.verify(verifier)) {
|
||||
String username = jwsObject.getJWTClaimsSet().getStringClaim(SIGNED_JWT_AUTH_USERNAME);
|
||||
String tenantDomain = MultitenantUtils.getTenantDomain(username);
|
||||
int tenantId = Integer.parseInt(jwsObject.getJWTClaimsSet().getStringClaim(SIGNED_JWT_AUTH_TENANT_ID));
|
||||
PublicKey publicKey = publicKeyHolder.get(tenantDomain);
|
||||
if (publicKey == null) {
|
||||
loadTenantRegistry(tenantId);
|
||||
KeyStoreManager keyStoreManager = KeyStoreManager.getInstance(tenantId);
|
||||
publicKey = keyStoreManager.getDefaultPublicKey();
|
||||
publicKeyHolder.put(tenantDomain, publicKey);
|
||||
}
|
||||
|
||||
//Get the filesystem keystore default primary certificate
|
||||
JWSVerifier verifier = new RSASSAVerifier((RSAPublicKey) publicKey);
|
||||
//https://wso2.org/jira/browse/APIMANAGER-4504 need to change this to jwsObject.verify(verifier)
|
||||
if (username != null && !username.isEmpty() && tenantDomain != null && !tenantDomain.isEmpty()) {
|
||||
username = MultitenantUtils.getTenantAwareUsername(username);
|
||||
TenantManager tenantManager = AuthenticatorFrameworkDataHolder.getInstance().getRealmService().
|
||||
getTenantManager();
|
||||
int tenantId = tenantManager.getTenantId(tenantDomain);
|
||||
if (tenantId == -1) {
|
||||
log.error("tenantDomain is not valid. username : " + username + ", tenantDomain " +
|
||||
": " + tenantDomain);
|
||||
@ -121,24 +129,6 @@ public class JWTAuthenticator implements WebappAuthenticator {
|
||||
return authenticationInfo;
|
||||
}
|
||||
|
||||
private String decodeAuthorizationHeader(String authorizationHeader) {
|
||||
|
||||
if (authorizationHeader == null) {
|
||||
return null;
|
||||
}
|
||||
|
||||
String[] splitValues = authorizationHeader.trim().split(" ");
|
||||
byte[] decodedBytes = Base64Utils.decode(splitValues[1].trim());
|
||||
if (decodedBytes != null) {
|
||||
return new String(decodedBytes);
|
||||
} else {
|
||||
if (log.isDebugEnabled()) {
|
||||
log.debug("Error decoding authorization header.");
|
||||
}
|
||||
return null;
|
||||
}
|
||||
}
|
||||
|
||||
@Override
|
||||
public String getName() {
|
||||
return JWTAuthenticator.JWT_AUTHENTICATOR;
|
||||
@ -158,4 +148,11 @@ public class JWTAuthenticator implements WebappAuthenticator {
|
||||
public String getProperty(String name) {
|
||||
return null;
|
||||
}
|
||||
|
||||
private static void loadTenantRegistry(int tenantId) throws RegistryException {
|
||||
TenantRegistryLoader tenantRegistryLoader = AuthenticatorFrameworkDataHolder.getInstance().
|
||||
getTenantRegistryLoader();
|
||||
AuthenticatorFrameworkDataHolder.getInstance().getTenantIndexingLoader().loadTenantIndex(tenantId);
|
||||
tenantRegistryLoader.loadTenantRegistry(tenantId);
|
||||
}
|
||||
}
|
||||
|
||||
@ -25,6 +25,8 @@ import org.osgi.service.component.ComponentContext;
|
||||
import org.wso2.carbon.certificate.mgt.core.service.CertificateManagementService;
|
||||
import org.wso2.carbon.device.mgt.core.scep.SCEPManager;
|
||||
import org.wso2.carbon.identity.oauth2.OAuth2TokenValidationService;
|
||||
import org.wso2.carbon.registry.core.service.TenantRegistryLoader;
|
||||
import org.wso2.carbon.registry.indexing.service.TenantIndexingLoader;
|
||||
import org.wso2.carbon.tomcat.ext.valves.CarbonTomcatValve;
|
||||
import org.wso2.carbon.tomcat.ext.valves.TomcatValveContainer;
|
||||
import org.wso2.carbon.user.core.service.RealmService;
|
||||
@ -67,6 +69,17 @@ import java.util.Properties;
|
||||
* policy="dynamic"
|
||||
* bind="setOAuth2ValidationService"
|
||||
* unbind="unsetOAuth2ValidationService"
|
||||
* @scr.reference name="tenant.indexloader"
|
||||
* interface="org.wso2.carbon.registry.indexing.service.TenantIndexingLoader"
|
||||
* cardinality="1..1"
|
||||
* policy="dynamic"
|
||||
* bind="setTenantIndexLoader"
|
||||
* unbind="unsetTenantIndexLoader"
|
||||
* @scr.reference name="tenant.registryloader"
|
||||
* interface="org.wso2.carbon.registry.core.service.TenantRegistryLoader"
|
||||
* cardinality="1..1" policy="dynamic"
|
||||
* bind="setTenantRegistryLoader"
|
||||
* unbind="unsetTenantRegistryLoader"
|
||||
*/
|
||||
public class WebappAuthenticatorFrameworkServiceComponent {
|
||||
|
||||
@ -183,4 +196,20 @@ public class WebappAuthenticatorFrameworkServiceComponent {
|
||||
}
|
||||
AuthenticatorFrameworkDataHolder.getInstance().setOAuth2TokenValidationService(null);
|
||||
}
|
||||
|
||||
protected void setTenantIndexLoader(TenantIndexingLoader tenantIndexLoader) {
|
||||
AuthenticatorFrameworkDataHolder.getInstance().setTenantIndexingLoader(tenantIndexLoader);
|
||||
}
|
||||
|
||||
protected void unsetTenantIndexLoader(TenantIndexingLoader tenantIndexLoader) {
|
||||
AuthenticatorFrameworkDataHolder.getInstance().setTenantIndexingLoader(null);
|
||||
}
|
||||
|
||||
protected void setTenantRegistryLoader(TenantRegistryLoader tenantRegistryLoader) {
|
||||
AuthenticatorFrameworkDataHolder.getInstance().setTenantRegistryLoader(tenantRegistryLoader);
|
||||
}
|
||||
|
||||
protected void unsetTenantRegistryLoader(TenantRegistryLoader tenantRegistryLoader) {
|
||||
AuthenticatorFrameworkDataHolder.getInstance().setTenantRegistryLoader(null);
|
||||
}
|
||||
}
|
||||
|
||||
Loading…
Reference in New Issue
Block a user