diff --git a/components/device-mgt/org.wso2.carbon.device.mgt.extensions/src/test/java/org/wso2/carbon/device/mgt/extensions/internal/DeviceTypeExtensionServiceComponentTest.java b/components/device-mgt/org.wso2.carbon.device.mgt.extensions/src/test/java/org/wso2/carbon/device/mgt/extensions/internal/DeviceTypeExtensionServiceComponentTest.java index e82e818b84..b4673712f4 100644 --- a/components/device-mgt/org.wso2.carbon.device.mgt.extensions/src/test/java/org/wso2/carbon/device/mgt/extensions/internal/DeviceTypeExtensionServiceComponentTest.java +++ b/components/device-mgt/org.wso2.carbon.device.mgt.extensions/src/test/java/org/wso2/carbon/device/mgt/extensions/internal/DeviceTypeExtensionServiceComponentTest.java @@ -22,6 +22,9 @@ package org.wso2.carbon.device.mgt.extensions.internal; import org.apache.sling.testing.mock.osgi.MockOsgi; import org.testng.annotations.Test; +/** + * This is a test case for {@link DeviceTypeExtensionServiceComponent}. + */ public class DeviceTypeExtensionServiceComponentTest { @Test(description = "This test case tests the behaviour of the Service Component when there is a possible " + "exception") diff --git a/components/webapp-authenticator-framework/org.wso2.carbon.webapp.authenticator.framework/pom.xml b/components/webapp-authenticator-framework/org.wso2.carbon.webapp.authenticator.framework/pom.xml index 18c559ff95..64c9d74814 100644 --- a/components/webapp-authenticator-framework/org.wso2.carbon.webapp.authenticator.framework/pom.xml +++ b/components/webapp-authenticator-framework/org.wso2.carbon.webapp.authenticator.framework/pom.xml @@ -243,6 +243,11 @@ commons-codec.wso2 commons-codec + + com.h2database.wso2 + h2-database-engine + test + diff --git a/components/webapp-authenticator-framework/org.wso2.carbon.webapp.authenticator.framework/src/main/java/org/wso2/carbon/webapp/authenticator/framework/Utils/Utils.java b/components/webapp-authenticator-framework/org.wso2.carbon.webapp.authenticator.framework/src/main/java/org/wso2/carbon/webapp/authenticator/framework/Utils/Utils.java index b139fa9e89..7224575298 100644 --- a/components/webapp-authenticator-framework/org.wso2.carbon.webapp.authenticator.framework/src/main/java/org/wso2/carbon/webapp/authenticator/framework/Utils/Utils.java +++ b/components/webapp-authenticator-framework/org.wso2.carbon.webapp.authenticator.framework/src/main/java/org/wso2/carbon/webapp/authenticator/framework/Utils/Utils.java @@ -21,39 +21,34 @@ package org.wso2.carbon.webapp.authenticator.framework.Utils; import org.apache.commons.logging.Log; import org.apache.commons.logging.LogFactory; -import org.wso2.carbon.base.MultitenantConstants; import org.wso2.carbon.context.PrivilegedCarbonContext; -import org.wso2.carbon.device.mgt.common.permission.mgt.Permission; -import org.wso2.carbon.device.mgt.common.permission.mgt.PermissionManagementException; -import org.wso2.carbon.device.mgt.common.permission.mgt.PermissionManagerService; -import org.wso2.carbon.device.mgt.core.permission.mgt.PermissionManagerServiceImpl; import org.wso2.carbon.identity.core.util.IdentityTenantUtil; import org.wso2.carbon.user.api.TenantManager; import org.wso2.carbon.user.api.UserStoreException; import org.wso2.carbon.user.core.service.RealmService; import org.wso2.carbon.utils.multitenancy.MultitenantUtils; import org.wso2.carbon.webapp.authenticator.framework.AuthenticationException; +import org.wso2.carbon.webapp.authenticator.framework.AuthenticationInfo; +import org.wso2.carbon.webapp.authenticator.framework.authenticator.WebappAuthenticator; +import org.wso2.carbon.webapp.authenticator.framework.authenticator.oauth.OAuth2TokenValidator; +import org.wso2.carbon.webapp.authenticator.framework.authenticator.oauth.OAuthValidationResponse; +import org.wso2.carbon.webapp.authenticator.framework.authenticator.oauth.OAuthValidatorFactory; +import org.wso2.carbon.webapp.authenticator.framework.internal.AuthenticatorFrameworkDataHolder; import java.util.Properties; import java.util.regex.Matcher; import java.util.regex.Pattern; public class Utils { - private static final Log log = LogFactory.getLog(Utils.class); - private static PermissionManagerService permissionManagerService = PermissionManagerServiceImpl.getInstance(); - private static Properties properties; - private static Permission permission; - - public static final String URL_PROPERTY = "URL"; - public static final String HTTP_METHOD_PROPERTY = "HTTP_METHOD"; public static int getTenantIdOFUser(String username) throws AuthenticationException { int tenantId = 0; String domainName = MultitenantUtils.getTenantDomain(username); if (domainName != null) { try { - TenantManager tenantManager = IdentityTenantUtil.getRealmService().getTenantManager(); + TenantManager tenantManager = AuthenticatorFrameworkDataHolder.getInstance().getRealmService() + .getTenantManager(); tenantId = tenantManager.getTenantId(domainName); } catch (UserStoreException e) { String errorMsg = "Error when getting the tenant id from the tenant domain : " + @@ -68,9 +63,7 @@ public class Utils { public static String getTenantDomain(int tenantId) throws AuthenticationException { try { PrivilegedCarbonContext.startTenantFlow(); - PrivilegedCarbonContext ctx = PrivilegedCarbonContext.getThreadLocalCarbonContext(); - - RealmService realmService = (RealmService) ctx.getOSGiService(RealmService.class, null); + RealmService realmService = AuthenticatorFrameworkDataHolder.getInstance().getRealmService(); if (realmService == null) { String msg = "RealmService is not initialized"; log.error(msg); @@ -88,7 +81,73 @@ public class Utils { } } - public static String replaceSystemProperty(String urlWithPlaceholders) { + /** + * To init BST and Oauth authenticators + * + * @param properties Properties of authenticators + * @return token validator, if all the required parameters satisfied + */ + public static OAuth2TokenValidator initAuthenticators(Properties properties) { + if (properties == null) { + throw new IllegalArgumentException( + "Required properties needed to initialize OAuthAuthenticator are not provided"); + } + String tokenValidationEndpointUrl = properties.getProperty("TokenValidationEndpointUrl"); + if (tokenValidationEndpointUrl == null || tokenValidationEndpointUrl.isEmpty()) { + throw new IllegalArgumentException("OAuth token validation endpoint url is not provided"); + } + String url = Utils.replaceSystemProperty(tokenValidationEndpointUrl); + if ((url == null) || (url.isEmpty())) { + throw new IllegalArgumentException("OAuth token validation endpoint url is not provided"); + } + String adminUsername = properties.getProperty("Username"); + if (adminUsername == null) { + throw new IllegalArgumentException( + "Username to connect to the OAuth token validation endpoint is not provided"); + } + + String adminPassword = properties.getProperty("Password"); + if (adminPassword == null) { + throw new IllegalArgumentException( + "Password to connect to the OAuth token validation endpoint is not provided"); + } + boolean isRemote = Boolean.parseBoolean(properties.getProperty("IsRemote")); + Properties validatorProperties = new Properties(); + String maxTotalConnections = properties.getProperty("MaxTotalConnections"); + String maxConnectionsPerHost = properties.getProperty("MaxConnectionsPerHost"); + if (maxTotalConnections != null) { + validatorProperties.setProperty("MaxTotalConnections", maxTotalConnections); + } + if (maxConnectionsPerHost != null) { + validatorProperties.setProperty("MaxConnectionsPerHost", maxConnectionsPerHost); + } + return OAuthValidatorFactory.getValidator(url, adminUsername, adminPassword, isRemote, validatorProperties); + } + + /** + * To set the authentication info based on the OauthValidationResponse. + * + * @return Updated Authentication info based on OauthValidationResponse + */ + public static AuthenticationInfo setAuthenticationInfo(OAuthValidationResponse oAuthValidationResponse, + AuthenticationInfo authenticationInfo) throws AuthenticationException { + if (oAuthValidationResponse.isValid()) { + String username = oAuthValidationResponse.getUserName(); + String tenantDomain = oAuthValidationResponse.getTenantDomain(); + + authenticationInfo.setUsername(username); + authenticationInfo.setTenantDomain(tenantDomain); + authenticationInfo.setTenantId(getTenantIdOFUser(username + "@" + tenantDomain)); + if (oAuthValidationResponse.isValid()) + authenticationInfo.setStatus(WebappAuthenticator.Status.CONTINUE); + } else { + authenticationInfo.setMessage(oAuthValidationResponse.getErrorMsg()); + } + return authenticationInfo; + + } + + private static String replaceSystemProperty(String urlWithPlaceholders) { String regex = "\\$\\{(.*?)\\}"; Pattern pattern = Pattern.compile(regex); Matcher matchPattern = pattern.matcher(urlWithPlaceholders); diff --git a/components/webapp-authenticator-framework/org.wso2.carbon.webapp.authenticator.framework/src/main/java/org/wso2/carbon/webapp/authenticator/framework/WebappAuthenticatorFactory.java b/components/webapp-authenticator-framework/org.wso2.carbon.webapp.authenticator.framework/src/main/java/org/wso2/carbon/webapp/authenticator/framework/WebappAuthenticatorFactory.java index c211e74e9b..4222b1a629 100644 --- a/components/webapp-authenticator-framework/org.wso2.carbon.webapp.authenticator.framework/src/main/java/org/wso2/carbon/webapp/authenticator/framework/WebappAuthenticatorFactory.java +++ b/components/webapp-authenticator-framework/org.wso2.carbon.webapp.authenticator.framework/src/main/java/org/wso2/carbon/webapp/authenticator/framework/WebappAuthenticatorFactory.java @@ -20,6 +20,7 @@ package org.wso2.carbon.webapp.authenticator.framework; import org.apache.catalina.connector.Request; import org.wso2.carbon.webapp.authenticator.framework.authenticator.WebappAuthenticator; +import org.wso2.carbon.webapp.authenticator.framework.internal.AuthenticatorFrameworkDataHolder; import java.util.Map; diff --git a/components/webapp-authenticator-framework/org.wso2.carbon.webapp.authenticator.framework/src/main/java/org/wso2/carbon/webapp/authenticator/framework/authenticator/BSTAuthenticator.java b/components/webapp-authenticator-framework/org.wso2.carbon.webapp.authenticator.framework/src/main/java/org/wso2/carbon/webapp/authenticator/framework/authenticator/BSTAuthenticator.java index ceb78d8a34..6adee97a45 100644 --- a/components/webapp-authenticator-framework/org.wso2.carbon.webapp.authenticator.framework/src/main/java/org/wso2/carbon/webapp/authenticator/framework/authenticator/BSTAuthenticator.java +++ b/components/webapp-authenticator-framework/org.wso2.carbon.webapp.authenticator.framework/src/main/java/org/wso2/carbon/webapp/authenticator/framework/authenticator/BSTAuthenticator.java @@ -26,19 +26,16 @@ import org.apache.axiom.soap.SOAPHeader; import org.apache.axiom.soap.impl.builder.StAXSOAPModelBuilder; import org.apache.catalina.connector.Request; import org.apache.catalina.connector.Response; -import org.apache.commons.codec.binary.Base64; import org.apache.commons.logging.Log; import org.apache.commons.logging.LogFactory; import org.apache.coyote.InputBuffer; import org.apache.tomcat.util.buf.ByteChunk; import org.wso2.carbon.webapp.authenticator.framework.AuthenticationException; -import org.wso2.carbon.webapp.authenticator.framework.AuthenticationFrameworkUtil; import org.wso2.carbon.webapp.authenticator.framework.AuthenticationInfo; import org.wso2.carbon.webapp.authenticator.framework.Utils.Utils; import org.wso2.carbon.webapp.authenticator.framework.authenticator.oauth.OAuth2TokenValidator; import org.wso2.carbon.webapp.authenticator.framework.authenticator.oauth.OAuthTokenValidationException; import org.wso2.carbon.webapp.authenticator.framework.authenticator.oauth.OAuthValidationResponse; -import org.wso2.carbon.webapp.authenticator.framework.authenticator.oauth.OAuthValidatorFactory; import javax.xml.stream.XMLStreamException; import javax.xml.stream.XMLStreamReader; @@ -58,45 +55,17 @@ public class BSTAuthenticator implements WebappAuthenticator { static { APPLICABLE_CONTENT_TYPES.add("application/xml"); APPLICABLE_CONTENT_TYPES.add("application/soap+xml"); + APPLICABLE_CONTENT_TYPES.add("application/text"); } public void init() { - if (this.properties == null) { - throw new IllegalArgumentException("Required properties needed to initialize OAuthAuthenticator " + - "are not provided"); - } - - String url = Utils.replaceSystemProperty(this.properties.getProperty("TokenValidationEndpointUrl")); - if ((url == null) || (url.isEmpty())) { - throw new IllegalArgumentException("OAuth token validation endpoint url is not provided"); - } - String adminUsername = this.properties.getProperty("Username"); - if (adminUsername == null) { - throw new IllegalArgumentException("Username to connect to the OAuth token validation endpoint " + - "is not provided"); - } - - String adminPassword = this.properties.getProperty("Password"); - if (adminPassword == null) { - throw new IllegalArgumentException("Password to connect to the OAuth token validation endpoint " + - "is not provided"); - } - - boolean isRemote = Boolean.parseBoolean(this.properties.getProperty("IsRemote")); - - Properties validatorProperties = new Properties(); - validatorProperties.setProperty("MaxTotalConnections", this.properties.getProperty("MaxTotalConnections")); - validatorProperties.setProperty("MaxConnectionsPerHost", this.properties.getProperty("MaxConnectionsPerHost")); - this.tokenValidator = - OAuthValidatorFactory.getValidator(url, adminUsername, adminPassword, isRemote, validatorProperties); + this.tokenValidator = Utils.initAuthenticators(this.properties); } @Override public boolean canHandle(Request request) { String contentType = request.getContentType(); - if (contentType != null && (contentType.contains("application/xml") || contentType.contains - ("application/soap+xml") || - contentType.contains("application/text"))) { + if (contentType != null && APPLICABLE_CONTENT_TYPES.contains(contentType)) { try { return isBSTHeaderExists(request); } catch (IOException | XMLStreamException e) { @@ -121,37 +90,11 @@ public class BSTAuthenticator implements WebappAuthenticator { if ((context == null) || ("".equals(context))) { authenticationInfo.setStatus(WebappAuthenticator.Status.CONTINUE); } - String apiVersion = tokenizer.nextToken(); - - String authLevel = "any"; try { - if ("noMatchedAuthScheme".equals(authLevel)) { - AuthenticationFrameworkUtil.handleNoMatchAuthScheme( - request, response, requestMethod, apiVersion, context); - - authenticationInfo.setStatus(WebappAuthenticator.Status.CONTINUE); - } else { - String bearerToken = new String( - Base64.decodeBase64(request.getAttribute("BST").toString().getBytes())); - - String resource = requestUri + ":" + requestMethod; - - OAuthValidationResponse oAuthValidationResponse = - this.tokenValidator.validateToken(bearerToken, resource); - - if (oAuthValidationResponse.isValid()) { - String username = oAuthValidationResponse.getUserName(); - String tenantDomain = oAuthValidationResponse.getTenantDomain(); - - authenticationInfo.setUsername(username); - authenticationInfo.setTenantDomain(tenantDomain); - authenticationInfo.setTenantId(Utils.getTenantIdOFUser(username + "@" + tenantDomain)); - if (oAuthValidationResponse.isValid()) - authenticationInfo.setStatus(WebappAuthenticator.Status.CONTINUE); - } else { - authenticationInfo.setMessage(oAuthValidationResponse.getErrorMsg()); - } - } + String bearerToken = new String(Base64.getDecoder().decode(request.getAttribute("BST").toString())); + String resource = requestUri + ":" + requestMethod; + OAuthValidationResponse oAuthValidationResponse = this.tokenValidator.validateToken(bearerToken, resource); + authenticationInfo = Utils.setAuthenticationInfo(oAuthValidationResponse, authenticationInfo); } catch (AuthenticationException e) { log.error("Failed to authenticate the incoming request", e); } catch (OAuthTokenValidationException e) { diff --git a/components/webapp-authenticator-framework/org.wso2.carbon.webapp.authenticator.framework/src/main/java/org/wso2/carbon/webapp/authenticator/framework/authenticator/BasicAuthAuthenticator.java b/components/webapp-authenticator-framework/org.wso2.carbon.webapp.authenticator.framework/src/main/java/org/wso2/carbon/webapp/authenticator/framework/authenticator/BasicAuthAuthenticator.java index 7de0e8c337..1b2afedc46 100644 --- a/components/webapp-authenticator-framework/org.wso2.carbon.webapp.authenticator.framework/src/main/java/org/wso2/carbon/webapp/authenticator/framework/authenticator/BasicAuthAuthenticator.java +++ b/components/webapp-authenticator-framework/org.wso2.carbon.webapp.authenticator.framework/src/main/java/org/wso2/carbon/webapp/authenticator/framework/authenticator/BasicAuthAuthenticator.java @@ -20,26 +20,27 @@ package org.wso2.carbon.webapp.authenticator.framework.authenticator; import org.apache.catalina.connector.Request; import org.apache.catalina.connector.Response; -import org.apache.catalina.util.Base64; import org.apache.commons.logging.Log; import org.apache.commons.logging.LogFactory; import org.apache.tomcat.util.buf.ByteChunk; -import org.apache.tomcat.util.buf.CharChunk; import org.apache.tomcat.util.buf.MessageBytes; import org.wso2.carbon.user.api.UserStoreException; import org.wso2.carbon.user.api.UserStoreManager; import org.wso2.carbon.utils.multitenancy.MultitenantUtils; import org.wso2.carbon.webapp.authenticator.framework.AuthenticationException; -import org.wso2.carbon.webapp.authenticator.framework.AuthenticatorFrameworkDataHolder; -import org.wso2.carbon.webapp.authenticator.framework.Constants; import org.wso2.carbon.webapp.authenticator.framework.AuthenticationInfo; +import org.wso2.carbon.webapp.authenticator.framework.internal.AuthenticatorFrameworkDataHolder; +import org.wso2.carbon.webapp.authenticator.framework.Constants; import org.wso2.carbon.webapp.authenticator.framework.Utils.Utils; +import java.nio.charset.Charset; +import java.util.Base64; import java.util.Properties; public class BasicAuthAuthenticator implements WebappAuthenticator { private static final String BASIC_AUTH_AUTHENTICATOR = "BasicAuth"; + private static final String AUTH_HEADER = "basic "; private static final Log log = LogFactory.getLog(BasicAuthAuthenticator.class); @Override @@ -52,12 +53,15 @@ public class BasicAuthAuthenticator implements WebappAuthenticator { if (!isAuthenticationSupported(request)) { return false; } + if (request.getCoyoteRequest() == null || request.getCoyoteRequest().getMimeHeaders() == null) { + return false; + } MessageBytes authorization = request.getCoyoteRequest().getMimeHeaders().getValue(Constants.HTTPHeaders.HEADER_HTTP_AUTHORIZATION); if (authorization != null) { authorization.toBytes(); ByteChunk authBC = authorization.getByteChunk(); - if (authBC.startsWithIgnoreCase("basic ", 0)) { + if (authBC.startsWithIgnoreCase(AUTH_HEADER, 0)) { return true; } } @@ -112,29 +116,25 @@ public class BasicAuthAuthenticator implements WebappAuthenticator { private Credentials getCredentials(Request request) { Credentials credentials = null; - MessageBytes authorization = - request.getCoyoteRequest().getMimeHeaders().getValue(Constants.HTTPHeaders.HEADER_HTTP_AUTHORIZATION); + String username; + String password = null; + MessageBytes authorization = request.getCoyoteRequest().getMimeHeaders() + .getValue(Constants.HTTPHeaders.HEADER_HTTP_AUTHORIZATION); if (authorization != null) { authorization.toBytes(); - ByteChunk authBC = authorization.getByteChunk(); - if (authBC.startsWithIgnoreCase("basic ", 0)) { - authBC.setOffset(authBC.getOffset() + 6); - - CharChunk authCC = authorization.getCharChunk(); - Base64.decode(authBC, authCC); - - String username; - String password = null; - - int colon = authCC.indexOf(':'); + String authorizationString = authorization.getByteChunk().toString(); + if (authorizationString.toLowerCase().startsWith(AUTH_HEADER)) { + // Authorization: Basic base64credentials + String base64Credentials = authorizationString.substring(AUTH_HEADER.length()).trim(); + String decodedString = new String(Base64.getDecoder().decode(base64Credentials), + Charset.forName("UTF-8")); + int colon = decodedString.indexOf(':', 0); if (colon < 0) { - username = authCC.toString(); + username = decodedString; } else { - char[] buf = authCC.getBuffer(); - username = new String(buf, 0, colon); - password = new String(buf, colon + 1, authCC.getEnd() - colon - 1); + username = decodedString.substring(0, colon); + password = decodedString.substring(colon + 1); } - authBC.setOffset(authBC.getOffset() - 6); credentials = new Credentials(username, password); } } @@ -145,7 +145,7 @@ public class BasicAuthAuthenticator implements WebappAuthenticator { private String username; private String password; - public Credentials(String username, String password) { + Credentials(String username, String password) { this.username = username; this.password = password; } @@ -154,7 +154,7 @@ public class BasicAuthAuthenticator implements WebappAuthenticator { return username; } - public String getPassword() { + String getPassword() { return password; } } diff --git a/components/webapp-authenticator-framework/org.wso2.carbon.webapp.authenticator.framework/src/main/java/org/wso2/carbon/webapp/authenticator/framework/authenticator/CertificateAuthenticator.java b/components/webapp-authenticator-framework/org.wso2.carbon.webapp.authenticator.framework/src/main/java/org/wso2/carbon/webapp/authenticator/framework/authenticator/CertificateAuthenticator.java index e47208a490..1a3ac9d18d 100644 --- a/components/webapp-authenticator-framework/org.wso2.carbon.webapp.authenticator.framework/src/main/java/org/wso2/carbon/webapp/authenticator/framework/authenticator/CertificateAuthenticator.java +++ b/components/webapp-authenticator-framework/org.wso2.carbon.webapp.authenticator.framework/src/main/java/org/wso2/carbon/webapp/authenticator/framework/authenticator/CertificateAuthenticator.java @@ -14,7 +14,7 @@ import org.wso2.carbon.device.mgt.common.DeviceManagementConstants; import org.wso2.carbon.device.mgt.common.EnrolmentInfo; import org.wso2.carbon.webapp.authenticator.framework.AuthenticationException; import org.wso2.carbon.webapp.authenticator.framework.AuthenticationInfo; -import org.wso2.carbon.webapp.authenticator.framework.AuthenticatorFrameworkDataHolder; +import org.wso2.carbon.webapp.authenticator.framework.internal.AuthenticatorFrameworkDataHolder; import org.wso2.carbon.webapp.authenticator.framework.Utils.Utils; import java.security.cert.X509Certificate; diff --git a/components/webapp-authenticator-framework/org.wso2.carbon.webapp.authenticator.framework/src/main/java/org/wso2/carbon/webapp/authenticator/framework/authenticator/JWTAuthenticator.java b/components/webapp-authenticator-framework/org.wso2.carbon.webapp.authenticator.framework/src/main/java/org/wso2/carbon/webapp/authenticator/framework/authenticator/JWTAuthenticator.java index 81f885cd36..3339ad8ceb 100644 --- a/components/webapp-authenticator-framework/org.wso2.carbon.webapp.authenticator.framework/src/main/java/org/wso2/carbon/webapp/authenticator/framework/authenticator/JWTAuthenticator.java +++ b/components/webapp-authenticator-framework/org.wso2.carbon.webapp.authenticator.framework/src/main/java/org/wso2/carbon/webapp/authenticator/framework/authenticator/JWTAuthenticator.java @@ -37,7 +37,7 @@ import org.wso2.carbon.user.api.UserStoreManager; import org.wso2.carbon.utils.CarbonUtils; import org.wso2.carbon.utils.multitenancy.MultitenantUtils; import org.wso2.carbon.webapp.authenticator.framework.AuthenticationInfo; -import org.wso2.carbon.webapp.authenticator.framework.AuthenticatorFrameworkDataHolder; +import org.wso2.carbon.webapp.authenticator.framework.internal.AuthenticatorFrameworkDataHolder; import java.io.FileInputStream; import java.security.KeyStore; diff --git a/components/webapp-authenticator-framework/org.wso2.carbon.webapp.authenticator.framework/src/main/java/org/wso2/carbon/webapp/authenticator/framework/authenticator/OAuthAuthenticator.java b/components/webapp-authenticator-framework/org.wso2.carbon.webapp.authenticator.framework/src/main/java/org/wso2/carbon/webapp/authenticator/framework/authenticator/OAuthAuthenticator.java index 0033e54dd8..1f793bb799 100644 --- a/components/webapp-authenticator-framework/org.wso2.carbon.webapp.authenticator.framework/src/main/java/org/wso2/carbon/webapp/authenticator/framework/authenticator/OAuthAuthenticator.java +++ b/components/webapp-authenticator-framework/org.wso2.carbon.webapp.authenticator.framework/src/main/java/org/wso2/carbon/webapp/authenticator/framework/authenticator/OAuthAuthenticator.java @@ -23,15 +23,12 @@ import org.apache.commons.logging.Log; import org.apache.commons.logging.LogFactory; import org.apache.tomcat.util.buf.ByteChunk; import org.apache.tomcat.util.buf.MessageBytes; -import org.wso2.carbon.device.mgt.common.permission.mgt.PermissionManagementException; import org.wso2.carbon.webapp.authenticator.framework.AuthenticationException; -import org.wso2.carbon.webapp.authenticator.framework.AuthenticationFrameworkUtil; import org.wso2.carbon.webapp.authenticator.framework.AuthenticationInfo; import org.wso2.carbon.webapp.authenticator.framework.Utils.Utils; import org.wso2.carbon.webapp.authenticator.framework.authenticator.oauth.OAuth2TokenValidator; import org.wso2.carbon.webapp.authenticator.framework.authenticator.oauth.OAuthTokenValidationException; import org.wso2.carbon.webapp.authenticator.framework.authenticator.oauth.OAuthValidationResponse; -import org.wso2.carbon.webapp.authenticator.framework.authenticator.oauth.OAuthValidatorFactory; import java.util.Properties; import java.util.StringTokenizer; @@ -39,50 +36,17 @@ import java.util.regex.Matcher; import java.util.regex.Pattern; public class OAuthAuthenticator implements WebappAuthenticator { - - private static final String OAUTH_AUTHENTICATOR = "OAuth"; - private static final String REGEX_BEARER_PATTERN = "[B|b]earer\\s"; private static final Pattern PATTERN = Pattern.compile("[B|b]earer\\s"); - private static final String BEARER_TOKEN_TYPE = "bearer"; - private static final String RESOURCE_KEY = "resource"; private Properties properties; private OAuth2TokenValidator tokenValidator; private static final Log log = LogFactory.getLog(OAuthAuthenticator.class); public void init() { - if (this.properties == null) { - throw new IllegalArgumentException("Required properties needed to initialize OAuthAuthenticator " + - "are not provided"); - } - - String url = Utils.replaceSystemProperty(this.properties.getProperty("TokenValidationEndpointUrl")); - if ((url == null) || (url.isEmpty())) { - throw new IllegalArgumentException("OAuth token validation endpoint url is not provided"); - } - String adminUsername = this.properties.getProperty("Username"); - if (adminUsername == null) { - throw new IllegalArgumentException("Username to connect to the OAuth token validation endpoint " + - "is not provided"); - } - - String adminPassword = this.properties.getProperty("Password"); - if (adminPassword == null) { - throw new IllegalArgumentException("Password to connect to the OAuth token validation endpoint " + - "is not provided"); - } - - boolean isRemote = Boolean.parseBoolean(this.properties.getProperty("IsRemote")); - - Properties validatorProperties = new Properties(); - validatorProperties.setProperty("MaxTotalConnections", this.properties.getProperty("MaxTotalConnections")); - validatorProperties.setProperty("MaxConnectionsPerHost", this.properties.getProperty("MaxConnectionsPerHost")); - this.tokenValidator = - OAuthValidatorFactory.getValidator(url, adminUsername, adminPassword, isRemote, validatorProperties); + this.tokenValidator = Utils.initAuthenticators(this.properties); } public boolean canHandle(org.apache.catalina.connector.Request request) { MessageBytes authorization = request.getCoyoteRequest().getMimeHeaders().getValue("Authorization"); - if (authorization != null) { authorization.toBytes(); ByteChunk authBC = authorization.getByteChunk(); @@ -103,42 +67,16 @@ public class OAuthAuthenticator implements WebappAuthenticator { authenticationInfo.setStatus(WebappAuthenticator.Status.CONTINUE); return authenticationInfo; } - StringTokenizer tokenizer = new StringTokenizer(requestUri, "/"); String context = tokenizer.nextToken(); if ((context == null) || (context.isEmpty())) { authenticationInfo.setStatus(WebappAuthenticator.Status.CONTINUE); } - String apiVersion = tokenizer.nextToken(); - - String authLevel = "any"; try { - if ("noMatchedAuthScheme".equals(authLevel)) { - AuthenticationFrameworkUtil.handleNoMatchAuthScheme( - request, response, requestMethod, apiVersion, context); - - authenticationInfo.setStatus(WebappAuthenticator.Status.CONTINUE); - } else { - String bearerToken = getBearerToken(request); - - String resource = requestUri + ":" + requestMethod; - - OAuthValidationResponse oAuthValidationResponse = - this.tokenValidator.validateToken(bearerToken, resource); - - if (oAuthValidationResponse.isValid()) { - String username = oAuthValidationResponse.getUserName(); - String tenantDomain = oAuthValidationResponse.getTenantDomain(); - - authenticationInfo.setUsername(username); - authenticationInfo.setTenantDomain(tenantDomain); - authenticationInfo.setTenantId(Utils.getTenantIdOFUser(username + "@" + tenantDomain)); - if (oAuthValidationResponse.isValid()) - authenticationInfo.setStatus(WebappAuthenticator.Status.CONTINUE); - } else { - authenticationInfo.setMessage(oAuthValidationResponse.getErrorMsg()); - } - } + String bearerToken = getBearerToken(request); + String resource = requestUri + ":" + requestMethod; + OAuthValidationResponse oAuthValidationResponse = this.tokenValidator.validateToken(bearerToken, resource); + authenticationInfo = Utils.setAuthenticationInfo(oAuthValidationResponse, authenticationInfo); } catch (AuthenticationException e) { log.error("Failed to authenticate the incoming request", e); } catch (OAuthTokenValidationException e) { diff --git a/components/webapp-authenticator-framework/org.wso2.carbon.webapp.authenticator.framework/src/main/java/org/wso2/carbon/webapp/authenticator/framework/authenticator/oauth/OAuthValidatorFactory.java b/components/webapp-authenticator-framework/org.wso2.carbon.webapp.authenticator.framework/src/main/java/org/wso2/carbon/webapp/authenticator/framework/authenticator/oauth/OAuthValidatorFactory.java index a5bbf2cbdb..0387e48533 100755 --- a/components/webapp-authenticator-framework/org.wso2.carbon.webapp.authenticator.framework/src/main/java/org/wso2/carbon/webapp/authenticator/framework/authenticator/oauth/OAuthValidatorFactory.java +++ b/components/webapp-authenticator-framework/org.wso2.carbon.webapp.authenticator.framework/src/main/java/org/wso2/carbon/webapp/authenticator/framework/authenticator/oauth/OAuthValidatorFactory.java @@ -17,9 +17,8 @@ */ package org.wso2.carbon.webapp.authenticator.framework.authenticator.oauth; -import org.wso2.carbon.core.security.AuthenticatorsConfiguration; -import org.wso2.carbon.webapp.authenticator.framework.authenticator.oauth.impl.RemoteOAuthValidator; import org.wso2.carbon.webapp.authenticator.framework.authenticator.oauth.impl.LocalOAuthValidator; +import org.wso2.carbon.webapp.authenticator.framework.authenticator.oauth.impl.RemoteOAuthValidator; import java.util.Properties; @@ -30,15 +29,14 @@ import java.util.Properties; public class OAuthValidatorFactory { public static OAuth2TokenValidator getValidator(String url, String adminUsername, String adminPassword, - boolean isRemote, Properties properties) - throws IllegalArgumentException - { + boolean isRemote, Properties properties) throws IllegalArgumentException { if (isRemote) { if ((url != null) && (!url.trim().isEmpty())) { url = url + "/services/OAuth2TokenValidationService.OAuth2TokenValidationServiceHttpsSoap12Endpoint/"; return new RemoteOAuthValidator(url, adminUsername, adminPassword, properties); } - throw new IllegalArgumentException("Remote server host can't be empty in OAuthAuthenticator configuration."); + throw new IllegalArgumentException( + "Remote server host can't be empty in OAuthAuthenticator configuration."); } return new LocalOAuthValidator(); diff --git a/components/webapp-authenticator-framework/org.wso2.carbon.webapp.authenticator.framework/src/main/java/org/wso2/carbon/webapp/authenticator/framework/authenticator/oauth/impl/LocalOAuthValidator.java b/components/webapp-authenticator-framework/org.wso2.carbon.webapp.authenticator.framework/src/main/java/org/wso2/carbon/webapp/authenticator/framework/authenticator/oauth/impl/LocalOAuthValidator.java index e02f500119..6a0422903b 100755 --- a/components/webapp-authenticator-framework/org.wso2.carbon.webapp.authenticator.framework/src/main/java/org/wso2/carbon/webapp/authenticator/framework/authenticator/oauth/impl/LocalOAuthValidator.java +++ b/components/webapp-authenticator-framework/org.wso2.carbon.webapp.authenticator.framework/src/main/java/org/wso2/carbon/webapp/authenticator/framework/authenticator/oauth/impl/LocalOAuthValidator.java @@ -21,7 +21,7 @@ import org.wso2.carbon.identity.oauth2.dto.OAuth2TokenValidationRequestDTO; import org.wso2.carbon.identity.oauth2.dto.OAuth2TokenValidationResponseDTO; import org.wso2.carbon.utils.multitenancy.MultitenantConstants; import org.wso2.carbon.utils.multitenancy.MultitenantUtils; -import org.wso2.carbon.webapp.authenticator.framework.AuthenticatorFrameworkDataHolder; +import org.wso2.carbon.webapp.authenticator.framework.internal.AuthenticatorFrameworkDataHolder; import org.wso2.carbon.webapp.authenticator.framework.authenticator.oauth.OAuth2TokenValidator; import org.wso2.carbon.webapp.authenticator.framework.authenticator.oauth.OAuthConstants; import org.wso2.carbon.webapp.authenticator.framework.authenticator.oauth.OAuthTokenValidationException; diff --git a/components/webapp-authenticator-framework/org.wso2.carbon.webapp.authenticator.framework/src/main/java/org/wso2/carbon/webapp/authenticator/framework/config/InvalidConfigurationStateException.java b/components/webapp-authenticator-framework/org.wso2.carbon.webapp.authenticator.framework/src/main/java/org/wso2/carbon/webapp/authenticator/framework/config/InvalidConfigurationStateException.java index 68d8125eec..b35ea54d30 100644 --- a/components/webapp-authenticator-framework/org.wso2.carbon.webapp.authenticator.framework/src/main/java/org/wso2/carbon/webapp/authenticator/framework/config/InvalidConfigurationStateException.java +++ b/components/webapp-authenticator-framework/org.wso2.carbon.webapp.authenticator.framework/src/main/java/org/wso2/carbon/webapp/authenticator/framework/config/InvalidConfigurationStateException.java @@ -22,53 +22,7 @@ public class InvalidConfigurationStateException extends RuntimeException { private static final long serialVersionUID = -3151279311229070297L; - private String errorMessage; - private int errorCode; - - public InvalidConfigurationStateException(int errorCode, String message) { - super(message); - this.errorCode = errorCode; - } - - public InvalidConfigurationStateException(int errorCode, String message, Throwable cause) { - super(message, cause); - this.errorCode = errorCode; - } - - public int getErrorCode() { - return errorCode; - } - - - public String getErrorMessage() { - return errorMessage; - } - - public void setErrorMessage(String errorMessage) { - this.errorMessage = errorMessage; - } - - public InvalidConfigurationStateException(String msg, Exception nestedEx) { - super(msg, nestedEx); - setErrorMessage(msg); - } - - public InvalidConfigurationStateException(String message, Throwable cause) { - super(message, cause); - setErrorMessage(message); - } - - public InvalidConfigurationStateException(String msg) { + InvalidConfigurationStateException(String msg) { super(msg); - setErrorMessage(msg); } - - public InvalidConfigurationStateException() { - super(); - } - - public InvalidConfigurationStateException(Throwable cause) { - super(cause); - } - } diff --git a/components/webapp-authenticator-framework/org.wso2.carbon.webapp.authenticator.framework/src/main/java/org/wso2/carbon/webapp/authenticator/framework/AuthenticatorFrameworkDataHolder.java b/components/webapp-authenticator-framework/org.wso2.carbon.webapp.authenticator.framework/src/main/java/org/wso2/carbon/webapp/authenticator/framework/internal/AuthenticatorFrameworkDataHolder.java similarity index 96% rename from components/webapp-authenticator-framework/org.wso2.carbon.webapp.authenticator.framework/src/main/java/org/wso2/carbon/webapp/authenticator/framework/AuthenticatorFrameworkDataHolder.java rename to components/webapp-authenticator-framework/org.wso2.carbon.webapp.authenticator.framework/src/main/java/org/wso2/carbon/webapp/authenticator/framework/internal/AuthenticatorFrameworkDataHolder.java index 75aa7dba86..8607d02239 100644 --- a/components/webapp-authenticator-framework/org.wso2.carbon.webapp.authenticator.framework/src/main/java/org/wso2/carbon/webapp/authenticator/framework/AuthenticatorFrameworkDataHolder.java +++ b/components/webapp-authenticator-framework/org.wso2.carbon.webapp.authenticator.framework/src/main/java/org/wso2/carbon/webapp/authenticator/framework/internal/AuthenticatorFrameworkDataHolder.java @@ -16,7 +16,7 @@ * under the License. * */ -package org.wso2.carbon.webapp.authenticator.framework; +package org.wso2.carbon.webapp.authenticator.framework.internal; import org.wso2.carbon.certificate.mgt.core.scep.SCEPManager; import org.wso2.carbon.certificate.mgt.core.service.CertificateManagementService; @@ -24,6 +24,7 @@ import org.wso2.carbon.identity.oauth2.OAuth2TokenValidationService; import org.wso2.carbon.registry.core.service.TenantRegistryLoader; import org.wso2.carbon.registry.indexing.service.TenantIndexingLoader; import org.wso2.carbon.user.core.service.RealmService; +import org.wso2.carbon.webapp.authenticator.framework.WebappAuthenticatorRepository; public class AuthenticatorFrameworkDataHolder { diff --git a/components/webapp-authenticator-framework/org.wso2.carbon.webapp.authenticator.framework/src/main/java/org/wso2/carbon/webapp/authenticator/framework/internal/WebappAuthenticatorFrameworkServiceComponent.java b/components/webapp-authenticator-framework/org.wso2.carbon.webapp.authenticator.framework/src/main/java/org/wso2/carbon/webapp/authenticator/framework/internal/WebappAuthenticatorFrameworkServiceComponent.java index 017d4ced44..36dd1c09c6 100644 --- a/components/webapp-authenticator-framework/org.wso2.carbon.webapp.authenticator.framework/src/main/java/org/wso2/carbon/webapp/authenticator/framework/internal/WebappAuthenticatorFrameworkServiceComponent.java +++ b/components/webapp-authenticator-framework/org.wso2.carbon.webapp.authenticator.framework/src/main/java/org/wso2/carbon/webapp/authenticator/framework/internal/WebappAuthenticatorFrameworkServiceComponent.java @@ -31,7 +31,6 @@ import org.wso2.carbon.registry.indexing.service.TenantIndexingLoader; import org.wso2.carbon.tomcat.ext.valves.CarbonTomcatValve; import org.wso2.carbon.tomcat.ext.valves.TomcatValveContainer; import org.wso2.carbon.user.core.service.RealmService; -import org.wso2.carbon.webapp.authenticator.framework.AuthenticatorFrameworkDataHolder; import org.wso2.carbon.webapp.authenticator.framework.WebappAuthenticationValve; import org.wso2.carbon.webapp.authenticator.framework.WebappAuthenticatorRepository; import org.wso2.carbon.webapp.authenticator.framework.authenticator.WebappAuthenticator; diff --git a/components/webapp-authenticator-framework/org.wso2.carbon.webapp.authenticator.framework/src/test/java/org/wso2/carbon/webapp/authenticator/framework/BaseWebAppAuthenticatorFrameworkTest.java b/components/webapp-authenticator-framework/org.wso2.carbon.webapp.authenticator.framework/src/test/java/org/wso2/carbon/webapp/authenticator/framework/BaseWebAppAuthenticatorFrameworkTest.java new file mode 100644 index 0000000000..d6210dda36 --- /dev/null +++ b/components/webapp-authenticator-framework/org.wso2.carbon.webapp.authenticator.framework/src/test/java/org/wso2/carbon/webapp/authenticator/framework/BaseWebAppAuthenticatorFrameworkTest.java @@ -0,0 +1,50 @@ +package org.wso2.carbon.webapp.authenticator.framework; + +import org.testng.annotations.BeforeSuite; +import org.wso2.carbon.CarbonConstants; +import org.wso2.carbon.context.PrivilegedCarbonContext; +import org.wso2.carbon.device.mgt.core.internal.DeviceManagementDataHolder; +import org.wso2.carbon.device.mgt.core.permission.mgt.PermissionUtils; +import org.wso2.carbon.registry.core.exceptions.RegistryException; +import org.wso2.carbon.registry.core.jdbc.realm.InMemoryRealmService; +import org.wso2.carbon.user.api.Permission; +import org.wso2.carbon.user.api.UserStoreException; +import org.wso2.carbon.user.api.UserStoreManager; +import org.wso2.carbon.user.core.service.RealmService; +import org.wso2.carbon.utils.multitenancy.MultitenantConstants; +import org.wso2.carbon.webapp.authenticator.framework.internal.AuthenticatorFrameworkDataHolder; + +import java.io.File; +import java.net.URL; + +import static org.wso2.carbon.security.SecurityConstants.ADMIN_USER; +import static org.wso2.carbon.utils.ServerConstants.ADMIN_ROLE; + +/** + * This is the base class for starting up the relevant services + */ +public class BaseWebAppAuthenticatorFrameworkTest { + public final static String AUTHORIZATION_HEADER = "Authorization"; + + @BeforeSuite + public void init() throws RegistryException, UserStoreException { + ClassLoader classLoader = getClass().getClassLoader(); + URL resourceUrl = classLoader.getResource("carbon-home"); + if (resourceUrl != null) { + File carbonHome = new File(resourceUrl.getFile()); + System.setProperty("carbon.home", carbonHome.getAbsolutePath()); + } + PrivilegedCarbonContext.getThreadLocalCarbonContext() + .setTenantDomain(org.wso2.carbon.base.MultitenantConstants.SUPER_TENANT_DOMAIN_NAME); + PrivilegedCarbonContext.getThreadLocalCarbonContext() + .setTenantId(org.wso2.carbon.base.MultitenantConstants.SUPER_TENANT_ID); + RealmService realmService = new InMemoryRealmService(); + AuthenticatorFrameworkDataHolder.getInstance().setRealmService(realmService); + UserStoreManager userStoreManager = AuthenticatorFrameworkDataHolder.getInstance().getRealmService() + .getTenantUserRealm(MultitenantConstants.SUPER_TENANT_ID).getUserStoreManager(); + Permission adminPermission = new Permission(PermissionUtils.ADMIN_PERMISSION_REGISTRY_PATH, + CarbonConstants.UI_PERMISSION_ACTION); + userStoreManager.addRole(ADMIN_ROLE + "t", new String[] { ADMIN_USER }, new Permission[] { adminPermission }); + + } +} diff --git a/components/webapp-authenticator-framework/org.wso2.carbon.webapp.authenticator.framework/src/test/java/org/wso2/carbon/webapp/authenticator/framework/authenticator/BSTAuthenticatorTest.java b/components/webapp-authenticator-framework/org.wso2.carbon.webapp.authenticator.framework/src/test/java/org/wso2/carbon/webapp/authenticator/framework/authenticator/BSTAuthenticatorTest.java new file mode 100644 index 0000000000..9eeaca651f --- /dev/null +++ b/components/webapp-authenticator-framework/org.wso2.carbon.webapp.authenticator.framework/src/test/java/org/wso2/carbon/webapp/authenticator/framework/authenticator/BSTAuthenticatorTest.java @@ -0,0 +1,92 @@ +/* + * Copyright (c) 2017, WSO2 Inc. (http://www.wso2.org) All Rights Reserved. + * + * WSO2 Inc. licenses this file to you under the Apache License, + * Version 2.0 (the "License"); you may not use this file except + * in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, + * software distributed under the License is distributed on an + * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY + * KIND, either express or implied. See the License for the + * specific language governing permissions and limitations + * under the License. + * + */ + +package org.wso2.carbon.webapp.authenticator.framework.authenticator; + +import org.testng.Assert; +import org.testng.annotations.BeforeTest; +import org.testng.annotations.Test; +import org.wso2.carbon.webapp.authenticator.framework.authenticator.oauth.OAuth2TokenValidator; + +import java.lang.reflect.Field; +import java.util.Properties; + +/** + * This is a test class for {@link BSTAuthenticator}. + */ +public class BSTAuthenticatorTest { + private BSTAuthenticator bstAuthenticator; + private Properties properties; + + @BeforeTest + public void init() { + bstAuthenticator = new BSTAuthenticator(); + properties = new Properties(); + } + + @Test(description = "This test case is used to test the behaviour of BST Authenticator when the properties are " + + "null", expectedExceptions = {IllegalArgumentException.class}, + expectedExceptionsMessageRegExp = "Required properties needed to initialize OAuthAuthenticator are " + + "not provided") + public void testInitWithoutProperties() { + bstAuthenticator.init(); + } + + @Test(description = "This test case is used to test the behaviour of BST Authenticator when the token validation " + + "urlproperty is not set ", expectedExceptions = {IllegalArgumentException.class}, + expectedExceptionsMessageRegExp = "OAuth token validation endpoint url is not provided", + dependsOnMethods = {"testInitWithoutProperties"}) + public void testInitWithoutTokenValidationUrl() { + bstAuthenticator.setProperties(properties); + bstAuthenticator.init(); + } + + @Test(description = "This test case is used to test the behaviour of BST Authenticator when the user " + + "name is not set", expectedExceptions = {IllegalArgumentException.class}, + expectedExceptionsMessageRegExp = "Username to connect to the OAuth token validation " + + "endpoint is not provided", dependsOnMethods = {"testInitWithoutTokenValidationUrl"}) + public void testInitWithoutUserName() { + properties.setProperty("TokenValidationEndpointUrl", "test"); + bstAuthenticator.setProperties(properties); + bstAuthenticator.init(); + } + + @Test(description = "This test case is used to test the behaviour of BST Authenticator when the password " + + "name is not set", expectedExceptions = {IllegalArgumentException.class}, + expectedExceptionsMessageRegExp = "Password to connect to the OAuth token validation endpoint is " + + "not provided", dependsOnMethods = {"testInitWithoutUserName"}) + public void testInitWithoutPassword() { + properties.setProperty("Username", "admin"); + bstAuthenticator.setProperties(properties); + bstAuthenticator.init(); + } + + @Test(description = "This test case is used to test the behaviour of BST Authenticator when all the required " + + "properties are set correctly", dependsOnMethods = {"testInitWithoutPassword"}) + public void testInitWithRemote() throws NoSuchFieldException, IllegalAccessException { + properties.setProperty("Password", "admin"); + bstAuthenticator.setProperties(properties); + bstAuthenticator.init(); + Field tokenValidator = BSTAuthenticator.class.getDeclaredField("tokenValidator"); + tokenValidator.setAccessible(true); + OAuth2TokenValidator oAuth2TokenValidator = (OAuth2TokenValidator) tokenValidator.get(bstAuthenticator); + Assert.assertNotNull(oAuth2TokenValidator, "Token validation creation failed even with the required " + + "parameters."); + } +} diff --git a/components/webapp-authenticator-framework/org.wso2.carbon.webapp.authenticator.framework/src/test/java/org/wso2/carbon/webapp/authenticator/framework/authenticator/BasicAuthAuthenticatorTest.java b/components/webapp-authenticator-framework/org.wso2.carbon.webapp.authenticator.framework/src/test/java/org/wso2/carbon/webapp/authenticator/framework/authenticator/BasicAuthAuthenticatorTest.java index 7f26a10c00..e5ca9f0f86 100644 --- a/components/webapp-authenticator-framework/org.wso2.carbon.webapp.authenticator.framework/src/test/java/org/wso2/carbon/webapp/authenticator/framework/authenticator/BasicAuthAuthenticatorTest.java +++ b/components/webapp-authenticator-framework/org.wso2.carbon.webapp.authenticator.framework/src/test/java/org/wso2/carbon/webapp/authenticator/framework/authenticator/BasicAuthAuthenticatorTest.java @@ -1,41 +1,154 @@ +/* + * Copyright (c) 2017, WSO2 Inc. (http://www.wso2.org) All Rights Reserved. + * + * WSO2 Inc. licenses this file to you under the Apache License, + * Version 2.0 (the "License"); you may not use this file except + * in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, + * software distributed under the License is distributed on an + * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY + * KIND, either express or implied. See the License for the + * specific language governing permissions and limitations + * under the License. + * + */ + package org.wso2.carbon.webapp.authenticator.framework.authenticator; import org.apache.catalina.Context; import org.apache.catalina.connector.Request; import org.apache.catalina.core.StandardContext; +import org.apache.commons.codec.EncoderException; import org.apache.tomcat.util.buf.MessageBytes; import org.apache.tomcat.util.http.MimeHeaders; +import org.testng.Assert; +import org.testng.annotations.BeforeTest; import org.testng.annotations.Test; +import org.wso2.carbon.utils.multitenancy.MultitenantConstants; +import org.wso2.carbon.webapp.authenticator.framework.AuthenticationInfo; +import org.wso2.carbon.webapp.authenticator.framework.BaseWebAppAuthenticatorFrameworkTest; -import java.lang.reflect.Constructor; import java.lang.reflect.Field; import java.lang.reflect.InvocationTargetException; +import java.util.Base64; + +import static org.wso2.carbon.security.SecurityConstants.ADMIN_USER; +/** + * This is a test case for {@link BasicAuthAuthenticator}. + */ public class BasicAuthAuthenticatorTest { - @Test - public void testCanHandle() + private BasicAuthAuthenticator basicAuthAuthenticator; + private Field headersField; + private Context context; + private Request request; + private MimeHeaders mimeHeaders; + private org.apache.coyote.Request coyoteRequest; + private MessageBytes bytes; + + @BeforeTest + public void init() throws NoSuchFieldException { + basicAuthAuthenticator = new BasicAuthAuthenticator(); + headersField = org.apache.coyote.Request.class.getDeclaredField("headers"); + headersField.setAccessible(true); + } + + @Test(description = "This method tests the behaviour of canHandle method when different wrong values given for a " + + "request") + public void testCanHandleWithoutRequireParameters() throws NoSuchFieldException, IllegalAccessException, ClassNotFoundException, NoSuchMethodException, InvocationTargetException, InstantiationException { - Request request = new Request(); - Context context = new StandardContext(); + request = new Request(); + context = new StandardContext(); + request.setContext(context); + Assert.assertFalse(basicAuthAuthenticator.canHandle(request), + "Without proper headers and parameters, the request can be handled by BasicAuthAuthenticator."); context.addParameter("basicAuth", "true"); request.setContext(context); - org.apache.coyote.Request coyoteRequest = new org.apache.coyote.Request(); - Field headers = org.apache.coyote.Request.class.getDeclaredField("headers"); - headers.setAccessible(true); + Assert.assertFalse(basicAuthAuthenticator.canHandle(request), + "Without proper Authentication headers request can be handled by BasicAuthAuthenticator."); + coyoteRequest = new org.apache.coyote.Request(); + mimeHeaders = new MimeHeaders(); + bytes = mimeHeaders.addValue("Authorization"); + bytes.setString("test"); + headersField.set(coyoteRequest, mimeHeaders); + request.setCoyoteRequest(coyoteRequest); + Assert.assertFalse(basicAuthAuthenticator.canHandle(request), + "With a different authorization header Basic Authenticator can handle the request"); - Field mimeHeaderField = MimeHeaders.class.getDeclaredField("headers"); - mimeHeaderField.setAccessible(true); + } + @Test(description = "This method tests the canHandle method when all the required parameters are given with the " + + "request", dependsOnMethods = {"testCanHandleWithoutRequireParameters"}) + public void testCanHandleWithRequireParameters() throws IllegalAccessException { + request = new Request(); + context = new StandardContext(); + context.addParameter("basicAuth", "true"); + request.setContext(context); + mimeHeaders = new MimeHeaders(); + bytes = mimeHeaders.addValue("Authorization"); + bytes.setString("basic "); + headersField.set(coyoteRequest, mimeHeaders); + request.setCoyoteRequest(coyoteRequest); + Assert.assertTrue(basicAuthAuthenticator.canHandle(request), + "Basic Authenticator cannot handle a request with all the required headers and parameters."); + } - MimeHeaders mimeHeaders = new MimeHeaders(); - MessageBytes bytes = mimeHeaders.addValue("Authorization"); - bytes.setString("test"); -// mimeHeaders.setValue() - headers.set(coyoteRequest, mimeHeaders); + @Test(description = "This method tests the behaviour of the authenticate method in BasicAuthenticator with valid " + + "credentials", dependsOnMethods = "testCanHandleWithRequireParameters") + public void testAuthenticateWithValidCredentials() throws EncoderException, IllegalAccessException { + String encodedString = new String(Base64.getEncoder().encode((ADMIN_USER + ":" + ADMIN_USER).getBytes())); + request = new Request(); + context = new StandardContext(); + context.addParameter("basicAuth", "true"); + request.setContext(context); + mimeHeaders = new MimeHeaders(); + bytes = mimeHeaders.addValue(BaseWebAppAuthenticatorFrameworkTest.AUTHORIZATION_HEADER); + bytes.setString("basic " + encodedString); + coyoteRequest = new org.apache.coyote.Request(); + headersField.set(coyoteRequest, mimeHeaders); + request.setCoyoteRequest(coyoteRequest); + AuthenticationInfo authenticationInfo = basicAuthAuthenticator.authenticate(request, null); + Assert.assertEquals(authenticationInfo.getStatus(), WebappAuthenticator.Status.CONTINUE, + "For a valid user authentication failed."); + Assert.assertEquals(authenticationInfo.getUsername(), ADMIN_USER, + "Authenticated username for from BasicAuthenticator is not matching with the original user."); + Assert.assertEquals(authenticationInfo.getTenantDomain(), MultitenantConstants.SUPER_TENANT_DOMAIN_NAME, + "Authenticated user's tenant domain from BasicAuthenticator is not matching with the " + + "original user's tenant domain"); + Assert.assertEquals(authenticationInfo.getTenantId(), MultitenantConstants.SUPER_TENANT_ID, + "Authenticated user's tenant ID from BasicAuthenticator is not matching with the " + + "original user's tenant ID"); + } + @Test(description = "This method tests the behaviour of the authenticate method in BasicAuthenticator with " + + "in-valid credentials", dependsOnMethods = {"testAuthenticateWithValidCredentials"}) + public void testAuthenticateWithWrongCredentials() throws IllegalAccessException { + String encodedString = new String(Base64.getEncoder().encode((ADMIN_USER + ":test" + ADMIN_USER).getBytes())); + mimeHeaders = new MimeHeaders(); + bytes = mimeHeaders.addValue(BaseWebAppAuthenticatorFrameworkTest.AUTHORIZATION_HEADER); + bytes.setString("basic " + encodedString); + coyoteRequest = new org.apache.coyote.Request(); + headersField.set(coyoteRequest, mimeHeaders); request.setCoyoteRequest(coyoteRequest); - BasicAuthAuthenticator basicAuthAuthenticator = new BasicAuthAuthenticator(); - basicAuthAuthenticator.canHandle(request); + AuthenticationInfo authenticationInfo = basicAuthAuthenticator.authenticate(request, null); + Assert.assertEquals(authenticationInfo.getStatus(), WebappAuthenticator.Status.FAILURE, + "For a wrong credentials authentication succeeded."); + + encodedString = new String(Base64.getEncoder().encode((ADMIN_USER).getBytes())); + mimeHeaders = new MimeHeaders(); + bytes = mimeHeaders.addValue(BaseWebAppAuthenticatorFrameworkTest.AUTHORIZATION_HEADER); + bytes.setString("basic " + encodedString); + coyoteRequest = new org.apache.coyote.Request(); + headersField.set(coyoteRequest, mimeHeaders); + request.setCoyoteRequest(coyoteRequest); + authenticationInfo = basicAuthAuthenticator.authenticate(request, null); + Assert.assertEquals(authenticationInfo.getStatus(), WebappAuthenticator.Status.FAILURE, + "For a request with missing password authentication succeeded."); + } } diff --git a/components/webapp-authenticator-framework/org.wso2.carbon.webapp.authenticator.framework/src/test/resources/carbon-home/dbscripts/h2.sql b/components/webapp-authenticator-framework/org.wso2.carbon.webapp.authenticator.framework/src/test/resources/carbon-home/dbscripts/h2.sql new file mode 100644 index 0000000000..f6b31c78d9 --- /dev/null +++ b/components/webapp-authenticator-framework/org.wso2.carbon.webapp.authenticator.framework/src/test/resources/carbon-home/dbscripts/h2.sql @@ -0,0 +1,429 @@ +CREATE TABLE IF NOT EXISTS REG_CLUSTER_LOCK ( + REG_LOCK_NAME VARCHAR (20), + REG_LOCK_STATUS VARCHAR (20), + REG_LOCKED_TIME TIMESTAMP, + REG_TENANT_ID INTEGER DEFAULT 0, + PRIMARY KEY (REG_LOCK_NAME) +); + +CREATE TABLE IF NOT EXISTS REG_LOG ( + REG_LOG_ID INTEGER AUTO_INCREMENT, + REG_PATH VARCHAR (2000), + REG_USER_ID VARCHAR (31) NOT NULL, + REG_LOGGED_TIME TIMESTAMP NOT NULL, + REG_ACTION INTEGER NOT NULL, + REG_ACTION_DATA VARCHAR (500), + REG_TENANT_ID INTEGER DEFAULT 0, + PRIMARY KEY (REG_LOG_ID, REG_TENANT_ID) +); + +CREATE INDEX IF NOT EXISTS REG_LOG_IND_BY_REG_LOGTIME ON REG_LOG(REG_LOGGED_TIME, REG_TENANT_ID); + +CREATE TABLE IF NOT EXISTS REG_PATH( + REG_PATH_ID INTEGER NOT NULL AUTO_INCREMENT, + REG_PATH_VALUE VARCHAR(2000) NOT NULL, + REG_PATH_PARENT_ID INT, + REG_TENANT_ID INTEGER DEFAULT 0, + CONSTRAINT PK_REG_PATH PRIMARY KEY(REG_PATH_ID, REG_TENANT_ID) +); +CREATE INDEX IF NOT EXISTS REG_PATH_IND_BY_NAME ON REG_PATH(REG_PATH_VALUE, REG_TENANT_ID); +CREATE INDEX IF NOT EXISTS REG_PATH_IND_BY_PARENT_ID ON REG_PATH(REG_PATH_PARENT_ID, REG_TENANT_ID); + + +CREATE TABLE IF NOT EXISTS REG_CONTENT ( + REG_CONTENT_ID INTEGER NOT NULL AUTO_INCREMENT, + REG_CONTENT_DATA LONGBLOB, + REG_TENANT_ID INTEGER DEFAULT 0, + CONSTRAINT PK_REG_CONTENT PRIMARY KEY(REG_CONTENT_ID, REG_TENANT_ID) +); + +CREATE TABLE IF NOT EXISTS REG_CONTENT_HISTORY ( + REG_CONTENT_ID INTEGER NOT NULL, + REG_CONTENT_DATA LONGBLOB, + REG_DELETED SMALLINT, + REG_TENANT_ID INTEGER DEFAULT 0, + CONSTRAINT PK_REG_CONTENT_HISTORY PRIMARY KEY(REG_CONTENT_ID, REG_TENANT_ID) +); + +CREATE TABLE IF NOT EXISTS REG_RESOURCE ( + REG_PATH_ID INTEGER NOT NULL, + REG_NAME VARCHAR(256), + REG_VERSION INTEGER NOT NULL AUTO_INCREMENT, + REG_MEDIA_TYPE VARCHAR(500), + REG_CREATOR VARCHAR(31) NOT NULL, + REG_CREATED_TIME TIMESTAMP NOT NULL, + REG_LAST_UPDATOR VARCHAR(31), + REG_LAST_UPDATED_TIME TIMESTAMP NOT NULL, + REG_DESCRIPTION VARCHAR(1000), + REG_CONTENT_ID INTEGER, + REG_TENANT_ID INTEGER DEFAULT 0, + REG_UUID VARCHAR(100) NOT NULL, + CONSTRAINT PK_REG_RESOURCE PRIMARY KEY(REG_VERSION, REG_TENANT_ID) +); + +ALTER TABLE REG_RESOURCE ADD CONSTRAINT IF NOT EXISTS REG_RESOURCE_FK_BY_PATH_ID FOREIGN KEY (REG_PATH_ID, REG_TENANT_ID) REFERENCES REG_PATH (REG_PATH_ID, REG_TENANT_ID); +ALTER TABLE REG_RESOURCE ADD CONSTRAINT IF NOT EXISTS REG_RESOURCE_FK_BY_CONTENT_ID FOREIGN KEY (REG_CONTENT_ID, REG_TENANT_ID) REFERENCES REG_CONTENT (REG_CONTENT_ID, REG_TENANT_ID); +CREATE INDEX IF NOT EXISTS REG_RESOURCE_IND_BY_NAME ON REG_RESOURCE(REG_NAME, REG_TENANT_ID); +CREATE INDEX IF NOT EXISTS REG_RESOURCE_IND_BY_PATH_ID_NAME ON REG_RESOURCE(REG_PATH_ID, REG_NAME, REG_TENANT_ID); +CREATE INDEX IF NOT EXISTS REG_RESOURCE_IND_BY_UUID ON REG_RESOURCE(REG_UUID); +CREATE INDEX IF NOT EXISTS REG_RESOURCE_IND_BY_TENANT ON REG_RESOURCE(REG_TENANT_ID, REG_UUID); +CREATE INDEX IF NOT EXISTS REG_RESOURCE_IND_BY_TYPE ON REG_RESOURCE(REG_TENANT_ID, REG_MEDIA_TYPE); + +CREATE TABLE IF NOT EXISTS REG_RESOURCE_HISTORY ( + REG_PATH_ID INTEGER NOT NULL, + REG_NAME VARCHAR(256), + REG_VERSION INTEGER NOT NULL, + REG_MEDIA_TYPE VARCHAR(500), + REG_CREATOR VARCHAR(31) NOT NULL, + REG_CREATED_TIME TIMESTAMP NOT NULL, + REG_LAST_UPDATOR VARCHAR(31), + REG_LAST_UPDATED_TIME TIMESTAMP NOT NULL, + REG_DESCRIPTION VARCHAR(1000), + REG_CONTENT_ID INTEGER, + REG_DELETED SMALLINT, + REG_TENANT_ID INTEGER DEFAULT 0, + REG_UUID VARCHAR(100) NOT NULL, + CONSTRAINT PK_REG_RESOURCE_HISTORY PRIMARY KEY(REG_VERSION, REG_TENANT_ID) +); + +ALTER TABLE REG_RESOURCE_HISTORY ADD CONSTRAINT IF NOT EXISTS REG_RESOURCE_HIST_FK_BY_PATHID FOREIGN KEY (REG_PATH_ID, REG_TENANT_ID) REFERENCES REG_PATH (REG_PATH_ID, REG_TENANT_ID); +ALTER TABLE REG_RESOURCE_HISTORY ADD CONSTRAINT IF NOT EXISTS REG_RESOURCE_HIST_FK_BY_CONTENT_ID FOREIGN KEY (REG_CONTENT_ID, REG_TENANT_ID) REFERENCES REG_CONTENT_HISTORY (REG_CONTENT_ID, REG_TENANT_ID); +CREATE INDEX IF NOT EXISTS REG_RESOURCE_HISTORY_IND_BY_NAME ON REG_RESOURCE_HISTORY(REG_NAME, REG_TENANT_ID); +CREATE INDEX IF NOT EXISTS REG_RESOURCE_HISTORY_IND_BY_PATH_ID_NAME ON REG_RESOURCE(REG_PATH_ID, REG_NAME, REG_TENANT_ID); + +CREATE TABLE IF NOT EXISTS REG_COMMENT ( + REG_ID INTEGER NOT NULL AUTO_INCREMENT, + REG_COMMENT_TEXT VARCHAR(500) NOT NULL, + REG_USER_ID VARCHAR(31) NOT NULL, + REG_COMMENTED_TIME TIMESTAMP NOT NULL, + REG_TENANT_ID INTEGER DEFAULT 0, + CONSTRAINT PK_REG_COMMENT PRIMARY KEY(REG_ID, REG_TENANT_ID) +); + +CREATE TABLE IF NOT EXISTS REG_RESOURCE_COMMENT ( + REG_COMMENT_ID INTEGER NOT NULL, + REG_VERSION INTEGER, + REG_PATH_ID INTEGER, + REG_RESOURCE_NAME VARCHAR(256), + REG_TENANT_ID INTEGER DEFAULT 0 +); + +ALTER TABLE REG_RESOURCE_COMMENT ADD CONSTRAINT IF NOT EXISTS REG_RESOURCE_COMMENT_FK_BY_PATH_ID FOREIGN KEY (REG_PATH_ID, REG_TENANT_ID) REFERENCES REG_PATH (REG_PATH_ID, REG_TENANT_ID); +ALTER TABLE REG_RESOURCE_COMMENT ADD CONSTRAINT IF NOT EXISTS REG_RESOURCE_COMMENT_FK_BY_COMMENT_ID FOREIGN KEY (REG_COMMENT_ID, REG_TENANT_ID) REFERENCES REG_COMMENT (REG_ID, REG_TENANT_ID); +CREATE INDEX IF NOT EXISTS REG_RESOURCE_COMMENT_IND_BY_PATH_ID_AND_RESOURCE_NAME ON REG_RESOURCE_COMMENT(REG_PATH_ID, REG_RESOURCE_NAME, REG_TENANT_ID); +CREATE INDEX IF NOT EXISTS REG_RESOURCE_COMMENT_IND_BY_VERSION ON REG_RESOURCE_COMMENT(REG_VERSION, REG_TENANT_ID); + +CREATE TABLE IF NOT EXISTS REG_RATING ( + REG_ID INTEGER NOT NULL AUTO_INCREMENT, + REG_RATING INTEGER NOT NULL, + REG_USER_ID VARCHAR(31) NOT NULL, + REG_RATED_TIME TIMESTAMP NOT NULL, + REG_TENANT_ID INTEGER DEFAULT 0, + CONSTRAINT PK_REG_RATING PRIMARY KEY(REG_ID, REG_TENANT_ID) +); + +CREATE TABLE IF NOT EXISTS REG_RESOURCE_RATING ( + REG_RATING_ID INTEGER NOT NULL, + REG_VERSION INTEGER, + REG_PATH_ID INTEGER, + REG_RESOURCE_NAME VARCHAR(256), + REG_TENANT_ID INTEGER DEFAULT 0 +); + +ALTER TABLE REG_RESOURCE_RATING ADD CONSTRAINT IF NOT EXISTS REG_RESOURCE_RATING_FK_BY_PATH_ID FOREIGN KEY (REG_PATH_ID, REG_TENANT_ID) REFERENCES REG_PATH (REG_PATH_ID, REG_TENANT_ID); +ALTER TABLE REG_RESOURCE_RATING ADD CONSTRAINT IF NOT EXISTS REG_RESOURCE_RATING_FK_BY_RATING_ID FOREIGN KEY (REG_RATING_ID, REG_TENANT_ID) REFERENCES REG_RATING (REG_ID, REG_TENANT_ID); +CREATE INDEX IF NOT EXISTS REG_RESOURCE_RATING_IND_BY_PATH_ID_AND_RESOURCE_NAME ON REG_RESOURCE_RATING(REG_PATH_ID, REG_RESOURCE_NAME, REG_TENANT_ID); +CREATE INDEX IF NOT EXISTS REG_RESOURCE_RATING_IND_BY_VERSION ON REG_RESOURCE_RATING(REG_VERSION, REG_TENANT_ID); + + +CREATE TABLE IF NOT EXISTS REG_TAG ( + REG_ID INTEGER NOT NULL AUTO_INCREMENT, + REG_TAG_NAME VARCHAR(500) NOT NULL, + REG_USER_ID VARCHAR(31) NOT NULL, + REG_TAGGED_TIME TIMESTAMP NOT NULL, + REG_TENANT_ID INTEGER DEFAULT 0, + CONSTRAINT PK_REG_TAG PRIMARY KEY(REG_ID, REG_TENANT_ID) +); + +CREATE TABLE IF NOT EXISTS REG_RESOURCE_TAG ( + REG_TAG_ID INTEGER NOT NULL, + REG_VERSION INTEGER, + REG_PATH_ID INTEGER, + REG_RESOURCE_NAME VARCHAR(256), + REG_TENANT_ID INTEGER DEFAULT 0 +); + +ALTER TABLE REG_RESOURCE_TAG ADD CONSTRAINT IF NOT EXISTS REG_RESOURCE_TAG_FK_BY_PATH_ID FOREIGN KEY (REG_PATH_ID, REG_TENANT_ID) REFERENCES REG_PATH (REG_PATH_ID, REG_TENANT_ID); +ALTER TABLE REG_RESOURCE_TAG ADD CONSTRAINT IF NOT EXISTS REG_RESOURCE_TAG_FK_BY_TAG_ID FOREIGN KEY (REG_TAG_ID, REG_TENANT_ID) REFERENCES REG_TAG (REG_ID, REG_TENANT_ID); +CREATE INDEX IF NOT EXISTS REG_RESOURCE_TAG_IND_BY_PATH_ID_AND_RESOURCE_NAME ON REG_RESOURCE_TAG(REG_PATH_ID, REG_RESOURCE_NAME, REG_TENANT_ID); +CREATE INDEX IF NOT EXISTS REG_RESOURCE_TAG_IND_BY_VERSION ON REG_RESOURCE_TAG(REG_VERSION, REG_TENANT_ID); + +CREATE TABLE IF NOT EXISTS REG_PROPERTY ( + REG_ID INTEGER NOT NULL AUTO_INCREMENT, + REG_NAME VARCHAR(100) NOT NULL, + REG_VALUE VARCHAR(1000), + REG_TENANT_ID INTEGER DEFAULT 0, + CONSTRAINT PK_REG_PROPERTY PRIMARY KEY(REG_ID, REG_TENANT_ID) +); + +CREATE TABLE IF NOT EXISTS REG_RESOURCE_PROPERTY ( + REG_PROPERTY_ID INTEGER NOT NULL, + REG_VERSION INTEGER, + REG_PATH_ID INTEGER, + REG_RESOURCE_NAME VARCHAR(256), + REG_TENANT_ID INTEGER DEFAULT 0 +); + +ALTER TABLE REG_RESOURCE_PROPERTY ADD CONSTRAINT IF NOT EXISTS REG_RESOURCE_PROPERTY_FK_BY_PATH_ID FOREIGN KEY (REG_PATH_ID, REG_TENANT_ID) REFERENCES REG_PATH (REG_PATH_ID, REG_TENANT_ID); +ALTER TABLE REG_RESOURCE_PROPERTY ADD CONSTRAINT IF NOT EXISTS REG_RESOURCE_PROPERTY_FK_BY_TAG_ID FOREIGN KEY (REG_PROPERTY_ID, REG_TENANT_ID) REFERENCES REG_PROPERTY (REG_ID, REG_TENANT_ID); +CREATE INDEX IF NOT EXISTS REG_RESOURCE_PROPERTY_IND_BY_PATH_ID_AND_RESOURCE_NAME ON REG_RESOURCE_PROPERTY(REG_PATH_ID, REG_RESOURCE_NAME, REG_TENANT_ID); +CREATE INDEX IF NOT EXISTS REG_RESOURCE_PROPERTY_IND_BY_VERSION ON REG_RESOURCE_PROPERTY(REG_VERSION, REG_TENANT_ID); + +CREATE TABLE IF NOT EXISTS REG_ASSOCIATION ( + REG_ASSOCIATION_ID INTEGER AUTO_INCREMENT, + REG_SOURCEPATH VARCHAR (2000) NOT NULL, + REG_TARGETPATH VARCHAR (2000) NOT NULL, + REG_ASSOCIATION_TYPE VARCHAR (2000) NOT NULL, + REG_TENANT_ID INTEGER DEFAULT 0, + PRIMARY KEY (REG_ASSOCIATION_ID, REG_TENANT_ID) +); + +CREATE TABLE IF NOT EXISTS REG_SNAPSHOT ( + REG_SNAPSHOT_ID INTEGER NOT NULL AUTO_INCREMENT, + REG_PATH_ID INTEGER NOT NULL, + REG_RESOURCE_NAME VARCHAR (256), + REG_RESOURCE_VIDS LONGBLOB NOT NULL, + REG_TENANT_ID INTEGER DEFAULT 0, + CONSTRAINT PK_REG_SNAPSHOT PRIMARY KEY(REG_SNAPSHOT_ID, REG_TENANT_ID) +); + +ALTER TABLE REG_SNAPSHOT ADD CONSTRAINT IF NOT EXISTS REG_SNAPSHOT_FK_BY_PATH_ID FOREIGN KEY (REG_PATH_ID, REG_TENANT_ID) REFERENCES REG_PATH (REG_PATH_ID, REG_TENANT_ID); +CREATE INDEX IF NOT EXISTS REG_SNAPSHOT_IND_BY_PATH_ID_AND_RESOURCE_NAME ON REG_SNAPSHOT(REG_PATH_ID, REG_RESOURCE_NAME, REG_TENANT_ID); + +-- ################################ +-- USER MANAGER TABLES +-- ################################ + +CREATE TABLE IF NOT EXISTS UM_TENANT ( + UM_ID INTEGER NOT NULL AUTO_INCREMENT, + UM_DOMAIN_NAME VARCHAR(255) NOT NULL, + UM_EMAIL VARCHAR(255), + UM_ACTIVE BOOLEAN DEFAULT FALSE, + UM_CREATED_DATE TIMESTAMP NOT NULL, + UM_USER_CONFIG LONGBLOB NOT NULL, + PRIMARY KEY (UM_ID), + UNIQUE(UM_DOMAIN_NAME)); + +CREATE TABLE IF NOT EXISTS UM_DOMAIN( + UM_DOMAIN_ID INTEGER NOT NULL AUTO_INCREMENT, + UM_DOMAIN_NAME VARCHAR(255), + UM_TENANT_ID INTEGER DEFAULT 0, + PRIMARY KEY (UM_DOMAIN_ID, UM_TENANT_ID) +); + +CREATE INDEX IF NOT EXISTS INDEX_UM_TENANT_UM_DOMAIN_NAME ON UM_TENANT (UM_DOMAIN_NAME); + +CREATE TABLE IF NOT EXISTS UM_USER ( + UM_ID INTEGER NOT NULL AUTO_INCREMENT, + UM_USER_NAME VARCHAR(255) NOT NULL, + UM_USER_PASSWORD VARCHAR(255) NOT NULL, + UM_SALT_VALUE VARCHAR(31), + UM_REQUIRE_CHANGE BOOLEAN DEFAULT FALSE, + UM_CHANGED_TIME TIMESTAMP NOT NULL, + UM_TENANT_ID INTEGER DEFAULT 0, + PRIMARY KEY (UM_ID, UM_TENANT_ID), + UNIQUE(UM_USER_NAME, UM_TENANT_ID)); + +CREATE TABLE IF NOT EXISTS UM_SYSTEM_USER ( + UM_ID INTEGER NOT NULL AUTO_INCREMENT, + UM_USER_NAME VARCHAR(255) NOT NULL, + UM_USER_PASSWORD VARCHAR(255) NOT NULL, + UM_SALT_VALUE VARCHAR(31), + UM_REQUIRE_CHANGE BOOLEAN DEFAULT FALSE, + UM_CHANGED_TIME TIMESTAMP NOT NULL, + UM_TENANT_ID INTEGER DEFAULT 0, + PRIMARY KEY (UM_ID, UM_TENANT_ID), + UNIQUE(UM_USER_NAME, UM_TENANT_ID)); + +CREATE TABLE IF NOT EXISTS UM_USER_ATTRIBUTE ( + UM_ID INTEGER NOT NULL AUTO_INCREMENT, + UM_ATTR_NAME VARCHAR(255) NOT NULL, + UM_ATTR_VALUE VARCHAR(1024), + UM_PROFILE_ID VARCHAR(255), + UM_USER_ID INTEGER, + UM_TENANT_ID INTEGER DEFAULT 0, + PRIMARY KEY (UM_ID, UM_TENANT_ID), + FOREIGN KEY (UM_USER_ID, UM_TENANT_ID) REFERENCES UM_USER(UM_ID, UM_TENANT_ID)); + +CREATE INDEX IF NOT EXISTS UM_USER_ID_INDEX ON UM_USER_ATTRIBUTE(UM_USER_ID); + +CREATE TABLE IF NOT EXISTS UM_ROLE ( + UM_ID INTEGER NOT NULL AUTO_INCREMENT, + UM_ROLE_NAME VARCHAR(255) NOT NULL, + UM_TENANT_ID INTEGER DEFAULT 0, + UM_SHARED_ROLE BOOLEAN DEFAULT FALSE, + PRIMARY KEY (UM_ID, UM_TENANT_ID), + UNIQUE(UM_ROLE_NAME, UM_TENANT_ID)); + +CREATE TABLE IF NOT EXISTS UM_MODULE( + UM_ID INTEGER NOT NULL AUTO_INCREMENT, + UM_MODULE_NAME VARCHAR(100), + UNIQUE(UM_MODULE_NAME), + PRIMARY KEY(UM_ID) +); + +CREATE TABLE IF NOT EXISTS UM_MODULE_ACTIONS( + UM_ACTION VARCHAR(255) NOT NULL, + UM_MODULE_ID INTEGER NOT NULL, + PRIMARY KEY(UM_ACTION, UM_MODULE_ID), + FOREIGN KEY (UM_MODULE_ID) REFERENCES UM_MODULE(UM_ID) ON DELETE CASCADE +); + +CREATE TABLE IF NOT EXISTS UM_PERMISSION ( + UM_ID INTEGER NOT NULL AUTO_INCREMENT, + UM_RESOURCE_ID VARCHAR(255) NOT NULL, + UM_ACTION VARCHAR(255) NOT NULL, + UM_TENANT_ID INTEGER DEFAULT 0, + UM_MODULE_ID INTEGER DEFAULT 0, + UNIQUE(UM_RESOURCE_ID,UM_ACTION, UM_TENANT_ID), + PRIMARY KEY (UM_ID, UM_TENANT_ID)); + +CREATE INDEX IF NOT EXISTS INDEX_UM_PERMISSION_UM_RESOURCE_ID_UM_ACTION ON UM_PERMISSION (UM_RESOURCE_ID, UM_ACTION, UM_TENANT_ID); + +CREATE TABLE IF NOT EXISTS UM_ROLE_PERMISSION ( + UM_ID INTEGER NOT NULL AUTO_INCREMENT, + UM_PERMISSION_ID INTEGER NOT NULL, + UM_ROLE_NAME VARCHAR(255) NOT NULL, + UM_IS_ALLOWED SMALLINT NOT NULL, + UM_TENANT_ID INTEGER DEFAULT 0, + UM_DOMAIN_ID INTEGER, + FOREIGN KEY (UM_PERMISSION_ID, UM_TENANT_ID) REFERENCES UM_PERMISSION(UM_ID, UM_TENANT_ID) ON DELETE CASCADE, + FOREIGN KEY (UM_DOMAIN_ID, UM_TENANT_ID) REFERENCES UM_DOMAIN(UM_DOMAIN_ID, UM_TENANT_ID) ON DELETE CASCADE, + PRIMARY KEY (UM_ID, UM_TENANT_ID)); + +CREATE TABLE IF NOT EXISTS UM_USER_PERMISSION ( + UM_ID INTEGER NOT NULL AUTO_INCREMENT, + UM_PERMISSION_ID INTEGER NOT NULL, + UM_USER_NAME VARCHAR(255) NOT NULL, + UM_IS_ALLOWED SMALLINT NOT NULL, + UNIQUE (UM_PERMISSION_ID, UM_USER_NAME, UM_TENANT_ID), + UM_TENANT_ID INTEGER DEFAULT 0, + FOREIGN KEY (UM_PERMISSION_ID, UM_TENANT_ID) REFERENCES UM_PERMISSION(UM_ID, UM_TENANT_ID) ON DELETE CASCADE, + PRIMARY KEY (UM_ID, UM_TENANT_ID)); + +CREATE TABLE IF NOT EXISTS UM_USER_ROLE ( + UM_ID INTEGER NOT NULL AUTO_INCREMENT, + UM_ROLE_ID INTEGER NOT NULL, + UM_USER_ID INTEGER NOT NULL, + UM_TENANT_ID INTEGER DEFAULT 0, + UNIQUE (UM_USER_ID, UM_ROLE_ID, UM_TENANT_ID), + FOREIGN KEY (UM_ROLE_ID, UM_TENANT_ID) REFERENCES UM_ROLE(UM_ID, UM_TENANT_ID), + FOREIGN KEY (UM_USER_ID, UM_TENANT_ID) REFERENCES UM_USER(UM_ID, UM_TENANT_ID), + PRIMARY KEY (UM_ID, UM_TENANT_ID)); + + +CREATE TABLE IF NOT EXISTS UM_SHARED_USER_ROLE( + UM_ROLE_ID INTEGER NOT NULL, + UM_USER_ID INTEGER NOT NULL, + UM_USER_TENANT_ID INTEGER NOT NULL, + UM_ROLE_TENANT_ID INTEGER NOT NULL, + UNIQUE(UM_USER_ID,UM_ROLE_ID,UM_USER_TENANT_ID, UM_ROLE_TENANT_ID), + FOREIGN KEY(UM_ROLE_ID,UM_ROLE_TENANT_ID) REFERENCES UM_ROLE(UM_ID,UM_TENANT_ID) ON DELETE CASCADE , + FOREIGN KEY(UM_USER_ID,UM_USER_TENANT_ID) REFERENCES UM_USER(UM_ID,UM_TENANT_ID) ON DELETE CASCADE +); + +CREATE TABLE IF NOT EXISTS UM_ACCOUNT_MAPPING( + UM_ID INTEGER NOT NULL AUTO_INCREMENT, + UM_USER_NAME VARCHAR(255) NOT NULL, + UM_TENANT_ID INTEGER NOT NULL, + UM_USER_STORE_DOMAIN VARCHAR(100), + UM_ACC_LINK_ID INTEGER NOT NULL, + UNIQUE(UM_USER_NAME, UM_TENANT_ID, UM_USER_STORE_DOMAIN, UM_ACC_LINK_ID), + FOREIGN KEY (UM_TENANT_ID) REFERENCES UM_TENANT(UM_ID) ON DELETE CASCADE, + PRIMARY KEY (UM_ID) +); + + +CREATE TABLE IF NOT EXISTS UM_DIALECT( + UM_ID INTEGER NOT NULL AUTO_INCREMENT, + UM_DIALECT_URI VARCHAR(255) NOT NULL, + UM_TENANT_ID INTEGER DEFAULT 0, + UNIQUE(UM_DIALECT_URI, UM_TENANT_ID), + PRIMARY KEY (UM_ID, UM_TENANT_ID) +); + + +CREATE TABLE IF NOT EXISTS UM_CLAIM( + UM_ID INTEGER NOT NULL AUTO_INCREMENT, + UM_DIALECT_ID INTEGER NOT NULL, + UM_CLAIM_URI VARCHAR(255) NOT NULL, + UM_DISPLAY_TAG VARCHAR(255), + UM_DESCRIPTION VARCHAR(255), + UM_MAPPED_ATTRIBUTE_DOMAIN VARCHAR(255), + UM_MAPPED_ATTRIBUTE VARCHAR(255), + UM_REG_EX VARCHAR(255), + UM_SUPPORTED SMALLINT, + UM_REQUIRED SMALLINT, + UM_DISPLAY_ORDER INTEGER, + UM_CHECKED_ATTRIBUTE SMALLINT, + UM_READ_ONLY SMALLINT, + UM_TENANT_ID INTEGER DEFAULT 0, + UNIQUE(UM_DIALECT_ID, UM_CLAIM_URI,UM_MAPPED_ATTRIBUTE_DOMAIN, UM_TENANT_ID), + FOREIGN KEY(UM_DIALECT_ID, UM_TENANT_ID) REFERENCES UM_DIALECT(UM_ID, UM_TENANT_ID), + PRIMARY KEY (UM_ID, UM_TENANT_ID) +); + +CREATE TABLE IF NOT EXISTS UM_PROFILE_CONFIG( + UM_ID INTEGER NOT NULL AUTO_INCREMENT, + UM_DIALECT_ID INTEGER, + UM_PROFILE_NAME VARCHAR(255), + UM_TENANT_ID INTEGER DEFAULT 0, + FOREIGN KEY(UM_DIALECT_ID, UM_TENANT_ID) REFERENCES UM_DIALECT(UM_ID, UM_TENANT_ID), + PRIMARY KEY (UM_ID, UM_TENANT_ID) +); + + +CREATE TABLE IF NOT EXISTS UM_HYBRID_ROLE( + UM_ID INTEGER NOT NULL AUTO_INCREMENT, + UM_ROLE_NAME VARCHAR(255), + UM_TENANT_ID INTEGER DEFAULT 0, + PRIMARY KEY (UM_ID, UM_TENANT_ID) +); + +CREATE TABLE IF NOT EXISTS UM_HYBRID_USER_ROLE( + UM_ID INTEGER NOT NULL AUTO_INCREMENT, + UM_USER_NAME VARCHAR(255), + UM_ROLE_ID INTEGER NOT NULL, + UM_TENANT_ID INTEGER DEFAULT 0, + UM_DOMAIN_ID INTEGER, + UNIQUE (UM_USER_NAME, UM_ROLE_ID, UM_TENANT_ID,UM_DOMAIN_ID), + FOREIGN KEY (UM_ROLE_ID, UM_TENANT_ID) REFERENCES UM_HYBRID_ROLE(UM_ID, UM_TENANT_ID) ON DELETE CASCADE, + FOREIGN KEY (UM_DOMAIN_ID, UM_TENANT_ID) REFERENCES UM_DOMAIN(UM_DOMAIN_ID, UM_TENANT_ID) ON DELETE CASCADE, + PRIMARY KEY (UM_ID, UM_TENANT_ID) +); + +CREATE TABLE IF NOT EXISTS UM_HYBRID_REMEMBER_ME ( + UM_ID INTEGER NOT NULL AUTO_INCREMENT, + UM_USER_NAME VARCHAR(255) NOT NULL, + UM_COOKIE_VALUE VARCHAR(1024), + UM_CREATED_TIME TIMESTAMP, + UM_TENANT_ID INTEGER DEFAULT 0, + PRIMARY KEY (UM_ID, UM_TENANT_ID) +); + +CREATE TABLE IF NOT EXISTS UM_SYSTEM_ROLE( + UM_ID INTEGER NOT NULL AUTO_INCREMENT, + UM_ROLE_NAME VARCHAR(255), + UM_TENANT_ID INTEGER DEFAULT 0, + PRIMARY KEY (UM_ID, UM_TENANT_ID) +); + +CREATE TABLE IF NOT EXISTS UM_SYSTEM_USER_ROLE( + UM_ID INTEGER NOT NULL AUTO_INCREMENT, + UM_USER_NAME VARCHAR(255), + UM_ROLE_ID INTEGER NOT NULL, + UM_TENANT_ID INTEGER DEFAULT 0, + UNIQUE (UM_USER_NAME, UM_ROLE_ID, UM_TENANT_ID), + FOREIGN KEY (UM_ROLE_ID, UM_TENANT_ID) REFERENCES UM_SYSTEM_ROLE(UM_ID, UM_TENANT_ID), + PRIMARY KEY (UM_ID, UM_TENANT_ID) +); diff --git a/components/webapp-authenticator-framework/org.wso2.carbon.webapp.authenticator.framework/src/test/resources/carbon-home/repository/conf/carbon.xml b/components/webapp-authenticator-framework/org.wso2.carbon.webapp.authenticator.framework/src/test/resources/carbon-home/repository/conf/carbon.xml new file mode 100644 index 0000000000..31752cf9b4 --- /dev/null +++ b/components/webapp-authenticator-framework/org.wso2.carbon.webapp.authenticator.framework/src/test/resources/carbon-home/repository/conf/carbon.xml @@ -0,0 +1,656 @@ + + + + + + + + + ${product.name} + + + ${product.key} + + + ${product.version} + + + + + + + + + local:/${carbon.context}/services/ + + + + + + + ${default.server.role} + + + + + + + org.wso2.carbon + + + / + + + + + + + + + 15 + + + + + + + + + 0 + + + + + 9999 + + 11111 + + + + + + 10389 + + 8000 + + + + + + 10500 + + + + + + + org.wso2.carbon.tomcat.jndi.CarbonJavaURLContextFactory + + + + + + + + + java + + + + + + + + + + false + + + false + + + 600 + + + + false + + + + + + + + 30 + + + + + + + + + 15 + + + + + + ${carbon.home}/repository/deployment/server/ + + + 15 + + + ${carbon.home}/repository/conf/axis2/axis2.xml + + + 30000 + + + ${carbon.home}/repository/deployment/client/ + + ${carbon.home}/repository/conf/axis2/axis2_client.xml + + true + + + + + + + + + + admin + Default Administrator Role + + + user + Default User Role + + + + + + + + + + + + ${carbon.home}/repository/resources/security/wso2carbon.jks + + JKS + + wso2carbon + + wso2carbon + + wso2carbon + + + + + + ${carbon.home}/repository/resources/security/client-truststore.jks + + JKS + + wso2carbon + + + + + + + + + + + + + + + + + + + UserManager + + + false + + + + + + + ${carbon.home}/tmp/work + + + + + + true + + + 10 + + + 30 + + + + + + 100 + + + + keystore + certificate + * + + org.wso2.carbon.ui.transports.fileupload.AnyFileUploadExecutor + + + + + jarZip + + org.wso2.carbon.ui.transports.fileupload.JarZipUploadExecutor + + + + dbs + + org.wso2.carbon.ui.transports.fileupload.DBSFileUploadExecutor + + + + tools + + org.wso2.carbon.ui.transports.fileupload.ToolsFileUploadExecutor + + + + toolsAny + + org.wso2.carbon.ui.transports.fileupload.ToolsAnyFileUploadExecutor + + + + + + + info + org.wso2.carbon.core.transports.util.InfoProcessor + + + wsdl + org.wso2.carbon.core.transports.util.Wsdl11Processor + + + wsdl2 + org.wso2.carbon.core.transports.util.Wsdl20Processor + + + xsd + org.wso2.carbon.core.transports.util.XsdProcessor + + + + + + false + false + true + svn + http://svnrepo.example.com/repos/ + username + password + true + + + + + + + + + + + + + + + ${require.carbon.servlet} + + + + + true + + + + + + + default repository + ${p2.repo.url} + + + + + + + + true + + + + + + true + + diff --git a/components/webapp-authenticator-framework/org.wso2.carbon.webapp.authenticator.framework/src/test/resources/carbon-home/repository/conf/etc/device-mgt-plugin-configs/mobile/sample-default-platform-configuration.xml b/components/webapp-authenticator-framework/org.wso2.carbon.webapp.authenticator.framework/src/test/resources/carbon-home/repository/conf/etc/device-mgt-plugin-configs/mobile/sample-default-platform-configuration.xml new file mode 100644 index 0000000000..5c529cdfa9 --- /dev/null +++ b/components/webapp-authenticator-framework/org.wso2.carbon.webapp.authenticator.framework/src/test/resources/carbon-home/repository/conf/etc/device-mgt-plugin-configs/mobile/sample-default-platform-configuration.xml @@ -0,0 +1,28 @@ + + + + + + sample + + test + String + test + + diff --git a/components/webapp-authenticator-framework/org.wso2.carbon.webapp.authenticator.framework/src/test/resources/carbon-home/repository/conf/etc/device-mgt-plugin-configs/mobile/wrong-default-platform-configuration.xml b/components/webapp-authenticator-framework/org.wso2.carbon.webapp.authenticator.framework/src/test/resources/carbon-home/repository/conf/etc/device-mgt-plugin-configs/mobile/wrong-default-platform-configuration.xml new file mode 100644 index 0000000000..645805d7a8 --- /dev/null +++ b/components/webapp-authenticator-framework/org.wso2.carbon.webapp.authenticator.framework/src/test/resources/carbon-home/repository/conf/etc/device-mgt-plugin-configs/mobile/wrong-default-platform-configuration.xml @@ -0,0 +1,23 @@ + + + + + + diff --git a/components/webapp-authenticator-framework/org.wso2.carbon.webapp.authenticator.framework/src/test/resources/carbon-home/repository/conf/etc/device-mgt-plugins/test/license.xml b/components/webapp-authenticator-framework/org.wso2.carbon.webapp.authenticator.framework/src/test/resources/carbon-home/repository/conf/etc/device-mgt-plugins/test/license.xml new file mode 100644 index 0000000000..7bf018734d --- /dev/null +++ b/components/webapp-authenticator-framework/org.wso2.carbon.webapp.authenticator.framework/src/test/resources/carbon-home/repository/conf/etc/device-mgt-plugins/test/license.xml @@ -0,0 +1,25 @@ + + + + + + en_US + 1.0.0 + This is a file based license + diff --git a/components/webapp-authenticator-framework/org.wso2.carbon.webapp.authenticator.framework/src/test/resources/carbon-home/repository/conf/registry.xml b/components/webapp-authenticator-framework/org.wso2.carbon.webapp.authenticator.framework/src/test/resources/carbon-home/repository/conf/registry.xml new file mode 100644 index 0000000000..0bb97a7dc9 --- /dev/null +++ b/components/webapp-authenticator-framework/org.wso2.carbon.webapp.authenticator.framework/src/test/resources/carbon-home/repository/conf/registry.xml @@ -0,0 +1,50 @@ + + + + + + + + wso2registry + false + true + / + + + jdbc:h2:./target/databasetest/CARBON_TEST + + org.h2.Driver + 80 + 60000 + 5 + + + false + + + + true + true + true + true + + diff --git a/components/webapp-authenticator-framework/org.wso2.carbon.webapp.authenticator.framework/src/test/resources/testng.xml b/components/webapp-authenticator-framework/org.wso2.carbon.webapp.authenticator.framework/src/test/resources/testng.xml index bbaf6827fa..4ce2c1153a 100644 --- a/components/webapp-authenticator-framework/org.wso2.carbon.webapp.authenticator.framework/src/test/resources/testng.xml +++ b/components/webapp-authenticator-framework/org.wso2.carbon.webapp.authenticator.framework/src/test/resources/testng.xml @@ -24,10 +24,12 @@ + + diff --git a/components/webapp-authenticator-framework/org.wso2.carbon.webapp.authenticator.framework/src/test/resources/user-test/user-mgt-registry-test.xml b/components/webapp-authenticator-framework/org.wso2.carbon.webapp.authenticator.framework/src/test/resources/user-test/user-mgt-registry-test.xml new file mode 100644 index 0000000000..bac4fc7667 --- /dev/null +++ b/components/webapp-authenticator-framework/org.wso2.carbon.webapp.authenticator.framework/src/test/resources/user-test/user-mgt-registry-test.xml @@ -0,0 +1,80 @@ + + + + + true + admin + + admin + admin + + everyone + false + 500 + jdbc:h2:target/databasetest/CARBON_TEST + org.h2.Driver + 50 + 60000 + 5 + + + org.wso2.carbon.user.core.tenant.JDBCTenantManager + false + 100 + false + default + SHA-256 + true + true + true + false + ^[\S]{5,30}$ + Password length should be between 5 to 30 characters + + ^[\S]{5,30}$ + [a-zA-Z0-9._-|//]{3,30}$ + ^[\S]{3,30}$ + ^[^~!#$;%^*+={}\\|\\\\<>,\'\"]{3,30}$ + ^[\S]{3,30}$ + true + 100 + 100 + false + false + true + , + true + + + true + + + + login + manage-configuration + manage-security + upload-services + manage-services + manage-lc-configuration + manage-mediation + monitor-system + delegate-identity + +