From 310525d066fb0d91473a3266e952071c1ab6c75d Mon Sep 17 00:00:00 2001 From: ayyoob Date: Mon, 17 Apr 2017 17:44:38 +0530 Subject: [PATCH] added token recovery option when token refresh failed --- .../client/OAuthRequestInterceptor.java | 45 +++++++++++------- .../client/OAuthRequestInterceptor.java | 46 +++++++++++-------- .../client/OAuthRequestInterceptor.java | 38 +++++++++------ .../client/OAuthRequestInterceptor.java | 46 ++++++++++++------- 4 files changed, 111 insertions(+), 64 deletions(-) diff --git a/components/extensions/appm-connector/org.wso2.carbon.appmgt.mdm.restconnector/src/main/java/org/wso2/carbon/appmgt/mdm/restconnector/authorization/client/OAuthRequestInterceptor.java b/components/extensions/appm-connector/org.wso2.carbon.appmgt.mdm.restconnector/src/main/java/org/wso2/carbon/appmgt/mdm/restconnector/authorization/client/OAuthRequestInterceptor.java index 9c4f80b71..925f158d5 100755 --- a/components/extensions/appm-connector/org.wso2.carbon.appmgt.mdm.restconnector/src/main/java/org/wso2/carbon/appmgt/mdm/restconnector/authorization/client/OAuthRequestInterceptor.java +++ b/components/extensions/appm-connector/org.wso2.carbon.appmgt.mdm.restconnector/src/main/java/org/wso2/carbon/appmgt/mdm/restconnector/authorization/client/OAuthRequestInterceptor.java @@ -19,6 +19,7 @@ package org.wso2.carbon.appmgt.mdm.restconnector.authorization.client; import feign.Client; import feign.Feign; +import feign.FeignException; import feign.Logger; import feign.Request; import feign.RequestInterceptor; @@ -64,7 +65,7 @@ public class OAuthRequestInterceptor implements RequestInterceptor { private ApiApplicationRegistrationService apiApplicationRegistrationService; private TokenIssuerService tokenIssuerService; private static Log log = LogFactory.getLog(OAuthRequestInterceptor.class); - + private ApiApplicationKey apiApplicationKey; /** * Creates an interceptor that authenticates all requests. @@ -91,27 +92,39 @@ public class OAuthRequestInterceptor implements RequestInterceptor { @Override public void apply(RequestTemplate template) { if (tokenInfo == null) { - ApiRegistrationProfile apiRegistrationProfile = new ApiRegistrationProfile(); - apiRegistrationProfile.setApplicationName(APPLICATION_NAME); - apiRegistrationProfile.setIsAllowedToAllDomains(false); - apiRegistrationProfile.setIsMappingAnExistingOAuthApp(false); - apiRegistrationProfile.setTags(DEVICE_MANAGEMENT_SERVICE_TAG); - ApiApplicationKey apiApplicationKey = apiApplicationRegistrationService.register(apiRegistrationProfile); + if (apiApplicationKey == null) { + ApiRegistrationProfile apiRegistrationProfile = new ApiRegistrationProfile(); + apiRegistrationProfile.setApplicationName(APPLICATION_NAME); + apiRegistrationProfile.setIsAllowedToAllDomains(false); + apiRegistrationProfile.setIsMappingAnExistingOAuthApp(false); + apiRegistrationProfile.setTags(DEVICE_MANAGEMENT_SERVICE_TAG); + apiApplicationKey = apiApplicationRegistrationService.register(apiRegistrationProfile); + } String consumerKey = apiApplicationKey.getConsumerKey(); String consumerSecret = apiApplicationKey.getConsumerSecret(); String username = AuthorizationConfigurationManager.getInstance().getUserName(); String password = AuthorizationConfigurationManager.getInstance().getPassword(); - tokenIssuerService = Feign.builder().client(getSSLClient()).logger(new Slf4jLogger()).logLevel(Logger.Level.FULL) - .requestInterceptor(new BasicAuthRequestInterceptor(consumerKey, consumerSecret)) - .contract(new JAXRSContract()).encoder(new GsonEncoder()).decoder(new GsonDecoder()) - .target(TokenIssuerService.class, AuthorizationConfigurationManager.getInstance().getTokenApiURL()); + if (tokenIssuerService == null) { + tokenIssuerService = Feign.builder().client(getSSLClient()).logger(new Slf4jLogger()).logLevel( + Logger.Level.FULL) + .requestInterceptor(new BasicAuthRequestInterceptor(consumerKey, consumerSecret)) + .contract(new JAXRSContract()).encoder(new GsonEncoder()).decoder(new GsonDecoder()) + .target(TokenIssuerService.class, + AuthorizationConfigurationManager.getInstance().getTokenApiURL()); + } tokenInfo = tokenIssuerService.getToken(PASSWORD_GRANT_TYPE, username, password); tokenInfo.setExpires_in(System.currentTimeMillis() + tokenInfo.getExpires_in()); - } - synchronized (this) { - if (System.currentTimeMillis() + Long.parseLong(refreshTimeOffset) > tokenInfo.getExpires_in()) { - tokenInfo = tokenIssuerService.getToken(REFRESH_GRANT_TYPE, tokenInfo.getRefresh_token()); - tokenInfo.setExpires_in(System.currentTimeMillis() + tokenInfo.getExpires_in()); + } else { + synchronized (this) { + if (System.currentTimeMillis() + Long.parseLong(refreshTimeOffset) > tokenInfo.getExpires_in()) { + try { + tokenInfo = tokenIssuerService.getToken(REFRESH_GRANT_TYPE, tokenInfo.getRefresh_token()); + tokenInfo.setExpires_in(System.currentTimeMillis() + tokenInfo.getExpires_in()); + } catch (FeignException e) { + tokenInfo = null; + apply(template); + } + } } } String headerValue = Constants.RestConstants.BEARER + tokenInfo.getAccess_token(); diff --git a/components/extensions/cdmf-transport-adapters/input/org.wso2.carbon.device.mgt.input.adapter.http/src/main/java/org/wso2/carbon/device/mgt/input/adapter/http/authorization/client/OAuthRequestInterceptor.java b/components/extensions/cdmf-transport-adapters/input/org.wso2.carbon.device.mgt.input.adapter.http/src/main/java/org/wso2/carbon/device/mgt/input/adapter/http/authorization/client/OAuthRequestInterceptor.java index 0c6eff5d8..35afcd267 100755 --- a/components/extensions/cdmf-transport-adapters/input/org.wso2.carbon.device.mgt.input.adapter.http/src/main/java/org/wso2/carbon/device/mgt/input/adapter/http/authorization/client/OAuthRequestInterceptor.java +++ b/components/extensions/cdmf-transport-adapters/input/org.wso2.carbon.device.mgt.input.adapter.http/src/main/java/org/wso2/carbon/device/mgt/input/adapter/http/authorization/client/OAuthRequestInterceptor.java @@ -16,6 +16,7 @@ package org.wso2.carbon.device.mgt.input.adapter.http.authorization.client; import feign.Client; import feign.Feign; +import feign.FeignException; import feign.Logger; import feign.Request; import feign.RequestInterceptor; @@ -77,7 +78,7 @@ public class OAuthRequestInterceptor implements RequestInterceptor { private static String deviceMgtServerUrl; private static String scopes; private static Map globalProperties; - + private ApiApplicationKey apiApplicationKey; /** * Creates an interceptor that authenticates all requests. @@ -104,27 +105,36 @@ public class OAuthRequestInterceptor implements RequestInterceptor { @Override public void apply(RequestTemplate template) { if (tokenInfo == null) { - //had to do on demand initialization due to start up error. - ApiRegistrationProfile apiRegistrationProfile = new ApiRegistrationProfile(); - apiRegistrationProfile.setApplicationName(APPLICATION_NAME); - apiRegistrationProfile.setIsAllowedToAllDomains(false); - apiRegistrationProfile.setIsMappingAnExistingOAuthApp(false); - apiRegistrationProfile.setTags(DEVICE_MANAGEMENT_SERVICE_TAG); - ApiApplicationKey apiApplicationKey = apiApplicationRegistrationService.register(apiRegistrationProfile); + if (apiApplicationKey == null) { + ApiRegistrationProfile apiRegistrationProfile = new ApiRegistrationProfile(); + apiRegistrationProfile.setApplicationName(APPLICATION_NAME); + apiRegistrationProfile.setIsAllowedToAllDomains(false); + apiRegistrationProfile.setIsMappingAnExistingOAuthApp(false); + apiRegistrationProfile.setTags(DEVICE_MANAGEMENT_SERVICE_TAG); + apiApplicationKey = apiApplicationRegistrationService.register(apiRegistrationProfile); + } String consumerKey = apiApplicationKey.getConsumerKey(); String consumerSecret = apiApplicationKey.getConsumerSecret(); - tokenIssuerService = Feign.builder().client(getSSLClient()) - .logger(new Slf4jLogger()).logLevel(Logger.Level.FULL) - .requestInterceptor(new BasicAuthRequestInterceptor(consumerKey, consumerSecret)) - .contract(new JAXRSContract()).encoder(new GsonEncoder()).decoder(new GsonDecoder()) - .target(TokenIssuerService.class, tokenEndpoint); + if (tokenIssuerService == null) { + tokenIssuerService = Feign.builder().client(getSSLClient()) + .logger(new Slf4jLogger()).logLevel(Logger.Level.FULL) + .requestInterceptor(new BasicAuthRequestInterceptor(consumerKey, consumerSecret)) + .contract(new JAXRSContract()).encoder(new GsonEncoder()).decoder(new GsonDecoder()) + .target(TokenIssuerService.class, tokenEndpoint); + } tokenInfo = tokenIssuerService.getToken(PASSWORD_GRANT_TYPE, username, password, REQUIRED_SCOPE); tokenInfo.setExpires_in(System.currentTimeMillis() + (tokenInfo.getExpires_in() * 1000)); - } - synchronized(this) { - if (System.currentTimeMillis() + refreshTimeOffset > tokenInfo.getExpires_in()) { - tokenInfo = tokenIssuerService.getToken(REFRESH_GRANT_TYPE, tokenInfo.getRefresh_token()); - tokenInfo.setExpires_in(System.currentTimeMillis() + tokenInfo.getExpires_in()); + } else { + synchronized (this) { + if (System.currentTimeMillis() + refreshTimeOffset > tokenInfo.getExpires_in()) { + try { + tokenInfo = tokenIssuerService.getToken(REFRESH_GRANT_TYPE, tokenInfo.getRefresh_token()); + tokenInfo.setExpires_in(System.currentTimeMillis() + tokenInfo.getExpires_in()); + } catch (FeignException e) { + tokenInfo = null; + apply(template); + } + } } } String headerValue = "Bearer " + tokenInfo.getAccess_token(); diff --git a/components/extensions/cdmf-transport-adapters/output/org.wso2.carbon.device.mgt.output.adapter.websocket/src/main/java/org/wso2/carbon/device/mgt/output/adapter/websocket/authorization/client/OAuthRequestInterceptor.java b/components/extensions/cdmf-transport-adapters/output/org.wso2.carbon.device.mgt.output.adapter.websocket/src/main/java/org/wso2/carbon/device/mgt/output/adapter/websocket/authorization/client/OAuthRequestInterceptor.java index e6f38d281..dedb95371 100755 --- a/components/extensions/cdmf-transport-adapters/output/org.wso2.carbon.device.mgt.output.adapter.websocket/src/main/java/org/wso2/carbon/device/mgt/output/adapter/websocket/authorization/client/OAuthRequestInterceptor.java +++ b/components/extensions/cdmf-transport-adapters/output/org.wso2.carbon.device.mgt.output.adapter.websocket/src/main/java/org/wso2/carbon/device/mgt/output/adapter/websocket/authorization/client/OAuthRequestInterceptor.java @@ -16,6 +16,7 @@ package org.wso2.carbon.device.mgt.output.adapter.websocket.authorization.client import feign.Client; import feign.Feign; +import feign.FeignException; import feign.Logger; import feign.Request; import feign.RequestInterceptor; @@ -62,6 +63,7 @@ public class OAuthRequestInterceptor implements RequestInterceptor { private static final String REQUIRED_SCOPE = "perm:authorization:verify"; private ApiApplicationRegistrationService apiApplicationRegistrationService; private TokenIssuerService tokenIssuerService; + private ApiApplicationKey apiApplicationKey; private static Log log = LogFactory.getLog(OAuthRequestInterceptor.class); @@ -105,26 +107,36 @@ public class OAuthRequestInterceptor implements RequestInterceptor { @Override public void apply(RequestTemplate template) { if (tokenInfo == null) { - //had to do on demand initialization due to start up error. - ApiRegistrationProfile apiRegistrationProfile = new ApiRegistrationProfile(); - apiRegistrationProfile.setApplicationName(APPLICATION_NAME); - apiRegistrationProfile.setIsAllowedToAllDomains(false); - apiRegistrationProfile.setIsMappingAnExistingOAuthApp(false); - apiRegistrationProfile.setTags(DEVICE_MANAGEMENT_SERVICE_TAG); - ApiApplicationKey apiApplicationKey = apiApplicationRegistrationService.register(apiRegistrationProfile); + if (apiApplicationKey == null) { + ApiRegistrationProfile apiRegistrationProfile = new ApiRegistrationProfile(); + apiRegistrationProfile.setApplicationName(APPLICATION_NAME); + apiRegistrationProfile.setIsAllowedToAllDomains(false); + apiRegistrationProfile.setIsMappingAnExistingOAuthApp(false); + apiRegistrationProfile.setTags(DEVICE_MANAGEMENT_SERVICE_TAG); + apiApplicationKey = apiApplicationRegistrationService.register( + apiRegistrationProfile); + } String consumerKey = apiApplicationKey.getConsumerKey(); String consumerSecret = apiApplicationKey.getConsumerSecret(); - tokenIssuerService = Feign.builder().client(getSSLClient()).logger(new Slf4jLogger()).logLevel(Logger.Level.FULL) - .requestInterceptor(new BasicAuthRequestInterceptor(consumerKey, consumerSecret)) - .contract(new JAXRSContract()).encoder(new GsonEncoder()).decoder(new GsonDecoder()) - .target(TokenIssuerService.class, tokenEndpoint); + if (tokenIssuerService == null) { + tokenIssuerService = Feign.builder().client(getSSLClient()).logger(new Slf4jLogger()).logLevel( + Logger.Level.FULL) + .requestInterceptor(new BasicAuthRequestInterceptor(consumerKey, consumerSecret)) + .contract(new JAXRSContract()).encoder(new GsonEncoder()).decoder(new GsonDecoder()) + .target(TokenIssuerService.class, tokenEndpoint); + } tokenInfo = tokenIssuerService.getToken(PASSWORD_GRANT_TYPE, username, password, REQUIRED_SCOPE); tokenInfo.setExpires_in(System.currentTimeMillis() + (tokenInfo.getExpires_in() * 1000)); } synchronized(this) { if (System.currentTimeMillis() + refreshTimeOffset > tokenInfo.getExpires_in()) { - tokenInfo = tokenIssuerService.getToken(REFRESH_GRANT_TYPE, tokenInfo.getRefresh_token()); - tokenInfo.setExpires_in(System.currentTimeMillis() + tokenInfo.getExpires_in()); + try { + tokenInfo = tokenIssuerService.getToken(REFRESH_GRANT_TYPE, tokenInfo.getRefresh_token()); + tokenInfo.setExpires_in(System.currentTimeMillis() + tokenInfo.getExpires_in()); + } catch (FeignException e) { + tokenInfo = null; + apply(template); + } } } String headerValue = "Bearer " + tokenInfo.getAccess_token(); diff --git a/components/extensions/mb-extensions/org.wso2.carbon.andes.extensions.device.mgt.mqtt.authorization/src/main/java/org/wso2/carbon/andes/extensions/device/mgt/mqtt/authorization/client/OAuthRequestInterceptor.java b/components/extensions/mb-extensions/org.wso2.carbon.andes.extensions.device.mgt.mqtt.authorization/src/main/java/org/wso2/carbon/andes/extensions/device/mgt/mqtt/authorization/client/OAuthRequestInterceptor.java index 5f860985d..b6124baae 100755 --- a/components/extensions/mb-extensions/org.wso2.carbon.andes.extensions.device.mgt.mqtt.authorization/src/main/java/org/wso2/carbon/andes/extensions/device/mgt/mqtt/authorization/client/OAuthRequestInterceptor.java +++ b/components/extensions/mb-extensions/org.wso2.carbon.andes.extensions.device.mgt.mqtt.authorization/src/main/java/org/wso2/carbon/andes/extensions/device/mgt/mqtt/authorization/client/OAuthRequestInterceptor.java @@ -16,6 +16,7 @@ package org.wso2.carbon.andes.extensions.device.mgt.mqtt.authorization.client; import feign.Client; import feign.Feign; +import feign.FeignException; import feign.Logger; import feign.Request; import feign.RequestInterceptor; @@ -63,6 +64,7 @@ public class OAuthRequestInterceptor implements RequestInterceptor { private ApiApplicationRegistrationService apiApplicationRegistrationService; private TokenIssuerService tokenIssuerService; private static Log log = LogFactory.getLog(OAuthRequestInterceptor.class); + private ApiApplicationKey apiApplicationKey; /** * Creates an interceptor that authenticates all requests. @@ -82,29 +84,39 @@ public class OAuthRequestInterceptor implements RequestInterceptor { @Override public void apply(RequestTemplate template) { if (tokenInfo == null) { - //had to do on demand initialization due to start up error. - ApiRegistrationProfile apiRegistrationProfile = new ApiRegistrationProfile(); - apiRegistrationProfile.setApplicationName(APPLICATION_NAME); - apiRegistrationProfile.setIsAllowedToAllDomains(false); - apiRegistrationProfile.setIsMappingAnExistingOAuthApp(false); - apiRegistrationProfile.setTags(DEVICE_MANAGEMENT_SERVICE_TAG); - ApiApplicationKey apiApplicationKey = apiApplicationRegistrationService.register(apiRegistrationProfile); + if (apiApplicationKey == null) { + ApiRegistrationProfile apiRegistrationProfile = new ApiRegistrationProfile(); + apiRegistrationProfile.setApplicationName(APPLICATION_NAME); + apiRegistrationProfile.setIsAllowedToAllDomains(false); + apiRegistrationProfile.setIsMappingAnExistingOAuthApp(false); + apiRegistrationProfile.setTags(DEVICE_MANAGEMENT_SERVICE_TAG); + apiApplicationKey = apiApplicationRegistrationService.register(apiRegistrationProfile); + } String consumerKey = apiApplicationKey.getConsumerKey(); String consumerSecret = apiApplicationKey.getConsumerSecret(); String username = AuthorizationConfigurationManager.getInstance().getUsername(); String password = AuthorizationConfigurationManager.getInstance().getPassword(); - tokenIssuerService = Feign.builder().client(getSSLClient()).logger(new Slf4jLogger()).logLevel(Logger.Level.FULL) - .requestInterceptor(new BasicAuthRequestInterceptor(consumerKey, consumerSecret)) - .contract(new JAXRSContract()).encoder(new GsonEncoder()).decoder(new GsonDecoder()) - .target(TokenIssuerService.class, - AuthorizationConfigurationManager.getInstance().getTokenEndpoint()); + if (tokenIssuerService == null) { + tokenIssuerService = Feign.builder().client(getSSLClient()).logger(new Slf4jLogger()).logLevel( + Logger.Level.FULL) + .requestInterceptor(new BasicAuthRequestInterceptor(consumerKey, consumerSecret)) + .contract(new JAXRSContract()).encoder(new GsonEncoder()).decoder(new GsonDecoder()) + .target(TokenIssuerService.class, + AuthorizationConfigurationManager.getInstance().getTokenEndpoint()); + } tokenInfo = tokenIssuerService.getToken(PASSWORD_GRANT_TYPE, username, password, REQUIRED_SCOPE); tokenInfo.setExpires_in(System.currentTimeMillis() + (tokenInfo.getExpires_in() * 1000)); - } - synchronized (this) { - if (System.currentTimeMillis() + refreshTimeOffset > tokenInfo.getExpires_in()) { - tokenInfo = tokenIssuerService.getToken(REFRESH_GRANT_TYPE, tokenInfo.getRefresh_token()); - tokenInfo.setExpires_in(System.currentTimeMillis() + tokenInfo.getExpires_in()); + } else { + synchronized (this) { + if (System.currentTimeMillis() + refreshTimeOffset > tokenInfo.getExpires_in()) { + try { + tokenInfo = tokenIssuerService.getToken(REFRESH_GRANT_TYPE, tokenInfo.getRefresh_token()); + tokenInfo.setExpires_in(System.currentTimeMillis() + tokenInfo.getExpires_in()); + } catch (FeignException e) { + tokenInfo = null; + apply(template); + } + } } } String headerValue = "Bearer " + tokenInfo.getAccess_token();