From 08d18789a8bb40308b699a69d4f3c6c8819d4e33 Mon Sep 17 00:00:00 2001 From: charitha Date: Mon, 1 Oct 2018 23:44:58 +0530 Subject: [PATCH 1/2] Fix issue in remote connect token handling (cherry picked from commit 4f1b807) --- .../RemoteSessionManagementServiceImpl.java | 50 +++++++++++----- .../authentication/OAuthAuthenticator.java | 5 +- .../oauth/OAuthTokenValidator.java | 60 +------------------ 3 files changed, 40 insertions(+), 75 deletions(-) diff --git a/components/extensions/remote-session-extension/org.wso2.carbon.device.mgt.extensions.remote.session/src/main/java/org/wso2/carbon/device/mgt/extensions/remote.session/RemoteSessionManagementServiceImpl.java b/components/extensions/remote-session-extension/org.wso2.carbon.device.mgt.extensions.remote.session/src/main/java/org/wso2/carbon/device/mgt/extensions/remote.session/RemoteSessionManagementServiceImpl.java index 23320c4838..6f24538f02 100644 --- a/components/extensions/remote-session-extension/org.wso2.carbon.device.mgt.extensions.remote.session/src/main/java/org/wso2/carbon/device/mgt/extensions/remote.session/RemoteSessionManagementServiceImpl.java +++ b/components/extensions/remote-session-extension/org.wso2.carbon.device.mgt.extensions.remote.session/src/main/java/org/wso2/carbon/device/mgt/extensions/remote.session/RemoteSessionManagementServiceImpl.java @@ -42,11 +42,8 @@ import java.io.IOException; import java.text.SimpleDateFormat; import java.util.ArrayList; import java.util.Date; -import java.util.HashMap; -import java.util.LinkedList; import java.util.List; import java.util.UUID; -import java.util.Map; /** * Class @{@link RemoteSessionManagementServiceImpl} is the implementation of @{@link RemoteSessionManagementService} @@ -68,16 +65,13 @@ public class RemoteSessionManagementServiceImpl implements RemoteSessionManageme } // Read Query Parameters for obtain the token - Map> sessionQueryParam = new HashMap(); - List sessionQueryParamList = new LinkedList<>(); - sessionQueryParamList.add(session.getQueryString()); - sessionQueryParam.put(RemoteSessionConstants.QUERY_STRING, sessionQueryParamList); + String token = getTokenFromSession(session); // if session initiated using operation id means request came from device. if (operationId == null) { // Validate the token OAuthAuthenticator oAuthAuthenticator = RemoteSessionManagementDataHolder.getInstance().getOauthAuthenticator(); - AuthenticationInfo authenticationInfo = oAuthAuthenticator.isAuthenticated(sessionQueryParam); + AuthenticationInfo authenticationInfo = oAuthAuthenticator.isAuthenticated(token); if (authenticationInfo != null && authenticationInfo.isAuthenticated()) { try { @@ -136,17 +130,16 @@ public class RemoteSessionManagementServiceImpl implements RemoteSessionManageme session.setMaxTextMessageBufferSize(RemoteSessionManagementDataHolder.getInstance() .getMaxMessageBufferSize()); session.setMaxIdleTimeout(RemoteSessionManagementDataHolder.getInstance().getMaxIdleTimeout()); - String uuid = session.getQueryString(); - if (uuid != null && uuid.isEmpty()) { - log.error("Could not find a UUID related to the remote session"); + if (token != null && token.isEmpty()) { + log.error("Could not find a UUID related to the remote session."); } else { - String tenantDomain = RemoteSessionManagementDataHolder.getInstance().getUuidToTenantMap().remove(uuid); + String tenantDomain = RemoteSessionManagementDataHolder.getInstance().getUuidToTenantMap().remove(token); if (tenantDomain == null || tenantDomain.isEmpty()) { - log.error("Invalid UUID, could not create the remote session"); + log.error("Invalid UUID, could not create the remote session."); } else { // create new device session - initializeDeviceSession(session, tenantDomain, deviceType, deviceId, operationId, uuid); + initializeDeviceSession(session, tenantDomain, deviceType, deviceId, operationId, token); } } } @@ -370,4 +363,33 @@ public class RemoteSessionManagementServiceImpl implements RemoteSessionManageme } } + + /** + * Retrieving the token from the http session + * + * @param session WebSocket session + * @return retrieved token + */ + private String getTokenFromSession(Session session) { + if (session == null) { + return null; + } + String queryString = session.getQueryString(); + if (queryString != null) { + String[] allQueryParamPairs = queryString.split(RemoteSessionConstants.OAuthTokenValidator + .QUERY_STRING_SEPERATOR); + for (String keyValuePair : allQueryParamPairs) { + String[] queryParamPair = keyValuePair.split(RemoteSessionConstants.OAuthTokenValidator + .QUERY_KEY_VALUE_SEPERATOR); + if (queryParamPair.length != 2) { + log.warn("Invalid query string [" + queryString + "] passed in."); + break; + } + if (queryParamPair[0].equals(RemoteSessionConstants.OAuthTokenValidator.TOKEN_IDENTIFIER)) { + return queryParamPair[1]; + } + } + } + return null; + } } diff --git a/components/extensions/remote-session-extension/org.wso2.carbon.device.mgt.extensions.remote.session/src/main/java/org/wso2/carbon/device/mgt/extensions/remote.session/authentication/OAuthAuthenticator.java b/components/extensions/remote-session-extension/org.wso2.carbon.device.mgt.extensions.remote.session/src/main/java/org/wso2/carbon/device/mgt/extensions/remote.session/authentication/OAuthAuthenticator.java index b6832fc488..c8ecdab26a 100644 --- a/components/extensions/remote-session-extension/org.wso2.carbon.device.mgt.extensions.remote.session/src/main/java/org/wso2/carbon/device/mgt/extensions/remote.session/authentication/OAuthAuthenticator.java +++ b/components/extensions/remote-session-extension/org.wso2.carbon.device.mgt.extensions.remote.session/src/main/java/org/wso2/carbon/device/mgt/extensions/remote.session/authentication/OAuthAuthenticator.java @@ -14,7 +14,6 @@ package org.wso2.carbon.device.mgt.extensions.remote.session.authentication; - import org.wso2.carbon.device.mgt.extensions.remote.session.authentication.oauth.OAuthTokenValidator; import java.util.List; @@ -30,7 +29,7 @@ public class OAuthAuthenticator { oAuthTokenValidator = new OAuthTokenValidator(globalProperties); } - public AuthenticationInfo isAuthenticated(Map> webSocketConnectionProperties) { - return oAuthTokenValidator.validateToken(webSocketConnectionProperties); + public AuthenticationInfo isAuthenticated(String token) { + return oAuthTokenValidator.validateToken(token); } } diff --git a/components/extensions/remote-session-extension/org.wso2.carbon.device.mgt.extensions.remote.session/src/main/java/org/wso2/carbon/device/mgt/extensions/remote.session/authentication/oauth/OAuthTokenValidator.java b/components/extensions/remote-session-extension/org.wso2.carbon.device.mgt.extensions.remote.session/src/main/java/org/wso2/carbon/device/mgt/extensions/remote.session/authentication/oauth/OAuthTokenValidator.java index 352289cf23..0d17dad8a0 100644 --- a/components/extensions/remote-session-extension/org.wso2.carbon.device.mgt.extensions.remote.session/src/main/java/org/wso2/carbon/device/mgt/extensions/remote.session/authentication/oauth/OAuthTokenValidator.java +++ b/components/extensions/remote-session-extension/org.wso2.carbon.device.mgt.extensions.remote.session/src/main/java/org/wso2/carbon/device/mgt/extensions/remote.session/authentication/oauth/OAuthTokenValidator.java @@ -40,8 +40,6 @@ public class OAuthTokenValidator { private static String cookie; private GenericObjectPool stubs; private static Log log = LogFactory.getLog(OAuthTokenValidator.class); - private static OAuthTokenValidator oAuthTokenValidator; - public OAuthTokenValidator(Map globalProperties) { this.stubs = new GenericObjectPool(new OAuthTokenValidatorStubFactory(globalProperties)); @@ -50,11 +48,10 @@ public class OAuthTokenValidator { /** * This method gets a string accessToken and validates it * - * @param webSocketConnectionProperties WebSocket connection information including http headers + * @param token oauth token * @return AuthenticationInfo with the validated results. */ - public AuthenticationInfo validateToken(Map> webSocketConnectionProperties) { - String token = getTokenFromSession(webSocketConnectionProperties); + public AuthenticationInfo validateToken(String token) { if (token == null) { AuthenticationInfo authenticationInfo = new AuthenticationInfo(); authenticationInfo.setAuthenticated(false); @@ -65,10 +62,6 @@ public class OAuthTokenValidator { Object stub = this.stubs.borrowObject(); if (stub != null) { tokenValidationServiceStub = (OAuth2TokenValidationServiceStub) stub; - if (cookie != null) { - tokenValidationServiceStub._getServiceClient().getOptions().setProperty( - HTTPConstants.COOKIE_STRING, cookie); - } return getAuthenticationInfo(token, tokenValidationServiceStub); } else { log.warn("Stub initialization failed."); @@ -145,53 +138,4 @@ public class OAuthTokenValidator { return authenticationInfo; } - /** - * Retrieving the token from the http header - * - * @param webSocketConnectionProperties WebSocket connection information including http headers - * @return retrieved token - */ - private String getToken(Map> webSocketConnectionProperties) { - String cookieString = webSocketConnectionProperties.get(RemoteSessionConstants.OAuthTokenValidator.COOKIE) - .get(0); - String[] properties = cookieString.split(RemoteSessionConstants.OAuthTokenValidator.COOKIE_KEYPAIR_SEPERATOR); - String token; - for (String keyValuePair : properties) { - if (RemoteSessionConstants.OAuthTokenValidator.TOKEN_IDENTIFIER.equals((keyValuePair. - split(RemoteSessionConstants.OAuthTokenValidator.COOKIE_KEY_VALUE_SEPERATOR)[0]).trim())) { - token = (keyValuePair.split(RemoteSessionConstants.OAuthTokenValidator.COOKIE_KEY_VALUE_SEPERATOR) - [1]).trim(); - return token; - } - } - log.error("WebSocket token should be specified in cookie"); - return null; - } - - /** - * Retrieving the token from the http session - * - * @param webSocketConnectionProperties WebSocket connection information including http headers - * @return retrieved token - */ - private String getTokenFromSession(Map> webSocketConnectionProperties) { - String queryString = webSocketConnectionProperties.get(RemoteSessionConstants.OAuthTokenValidator - .QUERY_STRING).get(0); - if (queryString != null) { - String[] allQueryParamPairs = queryString.split(RemoteSessionConstants.OAuthTokenValidator - .QUERY_STRING_SEPERATOR); - for (String keyValuePair : allQueryParamPairs) { - String[] queryParamPair = keyValuePair.split(RemoteSessionConstants.OAuthTokenValidator - .QUERY_KEY_VALUE_SEPERATOR); - if (queryParamPair.length != 2) { - log.warn("Invalid query string [" + queryString + "] passed in."); - break; - } - if (queryParamPair[0].equals(RemoteSessionConstants.OAuthTokenValidator.TOKEN_IDENTIFIER)) { - return queryParamPair[1]; - } - } - } - return null; - } } From 2a1bcab6488784d45425723a849af0830c171831 Mon Sep 17 00:00:00 2001 From: charitha Date: Tue, 2 Oct 2018 01:20:10 +0530 Subject: [PATCH 2/2] Fix incorrect logic --- .../RemoteSessionManagementServiceImpl.java | 10 +++++++--- 1 file changed, 7 insertions(+), 3 deletions(-) diff --git a/components/extensions/remote-session-extension/org.wso2.carbon.device.mgt.extensions.remote.session/src/main/java/org/wso2/carbon/device/mgt/extensions/remote.session/RemoteSessionManagementServiceImpl.java b/components/extensions/remote-session-extension/org.wso2.carbon.device.mgt.extensions.remote.session/src/main/java/org/wso2/carbon/device/mgt/extensions/remote.session/RemoteSessionManagementServiceImpl.java index 6f24538f02..5de235d90d 100644 --- a/components/extensions/remote-session-extension/org.wso2.carbon.device.mgt.extensions.remote.session/src/main/java/org/wso2/carbon/device/mgt/extensions/remote.session/RemoteSessionManagementServiceImpl.java +++ b/components/extensions/remote-session-extension/org.wso2.carbon.device.mgt.extensions.remote.session/src/main/java/org/wso2/carbon/device/mgt/extensions/remote.session/RemoteSessionManagementServiceImpl.java @@ -131,12 +131,16 @@ public class RemoteSessionManagementServiceImpl implements RemoteSessionManageme .getMaxMessageBufferSize()); session.setMaxIdleTimeout(RemoteSessionManagementDataHolder.getInstance().getMaxIdleTimeout()); - if (token != null && token.isEmpty()) { - log.error("Could not find a UUID related to the remote session."); + if (token == null || token.isEmpty()) { + String message = "Could not find a UUID related to the remote session."; + log.error(message); + throw new RemoteSessionManagementException(message); } else { String tenantDomain = RemoteSessionManagementDataHolder.getInstance().getUuidToTenantMap().remove(token); if (tenantDomain == null || tenantDomain.isEmpty()) { - log.error("Invalid UUID, could not create the remote session."); + String message = "Invalid UUID (" + token + "), could not create the remote session."; + log.error(message); + throw new RemoteSessionManagementException(message); } else { // create new device session initializeDeviceSession(session, tenantDomain, deviceType, deviceId, operationId, token);