Fix login handler

add_scope_mdm
tcdlpds 11 months ago
parent 66eac3c744
commit 8c841dfc2e

@ -19,6 +19,7 @@
package io.entgra.device.mgt.core.ui.request.interceptor; package io.entgra.device.mgt.core.ui.request.interceptor;
import com.fasterxml.jackson.databind.JsonNode; import com.fasterxml.jackson.databind.JsonNode;
import com.fasterxml.jackson.databind.node.ArrayNode;
import com.google.gson.*; import com.google.gson.*;
import io.entgra.device.mgt.core.ui.request.interceptor.beans.AuthData; import io.entgra.device.mgt.core.ui.request.interceptor.beans.AuthData;
import io.entgra.device.mgt.core.ui.request.interceptor.beans.ProxyResponse; import io.entgra.device.mgt.core.ui.request.interceptor.beans.ProxyResponse;
@ -30,12 +31,12 @@ import io.entgra.device.mgt.core.ui.request.interceptor.util.HandlerConstants;
import io.entgra.device.mgt.core.ui.request.interceptor.util.HandlerUtil; import io.entgra.device.mgt.core.ui.request.interceptor.util.HandlerUtil;
import org.apache.commons.logging.Log; import org.apache.commons.logging.Log;
import org.apache.commons.logging.LogFactory; import org.apache.commons.logging.LogFactory;
import org.apache.http.HttpHeaders; import org.apache.hc.client5.http.entity.UrlEncodedFormEntity;
import org.apache.http.HttpStatus; import org.apache.hc.core5.http.ClassicHttpRequest;
import org.apache.http.client.methods.HttpPost; import org.apache.hc.core5.http.HttpStatus;
import org.apache.http.entity.ContentType; import org.apache.hc.core5.http.NameValuePair;
import org.apache.http.entity.StringEntity; import org.apache.hc.core5.http.io.support.ClassicRequestBuilder;
import org.apache.http.protocol.HTTP; import org.apache.hc.core5.http.message.BasicNameValuePair;
import javax.servlet.annotation.MultipartConfig; import javax.servlet.annotation.MultipartConfig;
import javax.servlet.annotation.WebServlet; import javax.servlet.annotation.WebServlet;
@ -44,7 +45,7 @@ import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse; import javax.servlet.http.HttpServletResponse;
import javax.servlet.http.HttpSession; import javax.servlet.http.HttpSession;
import java.io.IOException; import java.io.IOException;
import java.util.Base64; import java.util.*;
@MultipartConfig @MultipartConfig
@WebServlet("/login") @WebServlet("/login")
@ -71,8 +72,8 @@ public class LoginHandler extends HttpServlet {
JsonNode uiConfigJsonObject = HandlerUtil.getUIConfigAndPersistInSession(uiConfigUrl, gatewayUrl, httpSession, JsonNode uiConfigJsonObject = HandlerUtil.getUIConfigAndPersistInSession(uiConfigUrl, gatewayUrl, httpSession,
resp); resp);
JsonArray tags = uiConfigJsonObject.get("appRegistration").getAsJsonObject().get("tags").getAsJsonArray(); ArrayNode tags = (ArrayNode) uiConfigJsonObject.get("appRegistration").get("tags");
JsonArray scopes = uiConfigJsonObject.get("scopes").getAsJsonArray(); ArrayNode scopes = (ArrayNode) uiConfigJsonObject.get("scopes");
int sessionTimeOut = Integer.parseInt(String.valueOf(uiConfigJsonObject.get("sessionTimeOut"))); int sessionTimeOut = Integer.parseInt(String.valueOf(uiConfigJsonObject.get("sessionTimeOut")));
//setting session to expire in 1h //setting session to expire in 1h
@ -84,12 +85,14 @@ public class LoginHandler extends HttpServlet {
OAuthApp oAuthApp = loginCache.getOAuthAppCache(oAuthAppCacheKey); OAuthApp oAuthApp = loginCache.getOAuthAppCache(oAuthAppCacheKey);
if (oAuthApp == null) { if (oAuthApp == null) {
HttpPost apiRegEndpoint = new HttpPost(gatewayUrl + HandlerConstants.APP_REG_ENDPOINT);
apiRegEndpoint.setHeader(HttpHeaders.AUTHORIZATION, HandlerConstants.BASIC + Base64.getEncoder() ClassicHttpRequest apiRegEndpoint = ClassicRequestBuilder.post(gatewayUrl + HandlerConstants.APP_REG_ENDPOINT)
.encodeToString((username + HandlerConstants.COLON + password).getBytes())); .setEntity(HandlerUtil.constructAppRegPayload(tags, HandlerConstants.PUBLISHER_APPLICATION_NAME,
apiRegEndpoint.setHeader(HTTP.CONTENT_TYPE, ContentType.APPLICATION_JSON.toString()); username, password, null, null))
apiRegEndpoint.setEntity(HandlerUtil.constructAppRegPayload(tags, HandlerConstants.PUBLISHER_APPLICATION_NAME, .setHeader(org.apache.hc.core5.http.HttpHeaders.CONTENT_TYPE,
username, password, null, null)); org.apache.hc.core5.http.ContentType.APPLICATION_JSON.toString())
.setHeader(org.apache.hc.core5.http.HttpHeaders.AUTHORIZATION, HandlerConstants.BASIC + Base64.getEncoder().encodeToString((username + HandlerConstants.COLON + password).getBytes()))
.build();
ProxyResponse clientAppResponse = HandlerUtil.execute(apiRegEndpoint); ProxyResponse clientAppResponse = HandlerUtil.execute(apiRegEndpoint);
@ -99,15 +102,13 @@ public class LoginHandler extends HttpServlet {
} }
if (clientAppResponse.getCode() == HttpStatus.SC_CREATED) { if (clientAppResponse.getCode() == HttpStatus.SC_CREATED) {
JsonParser jsonParser = new JsonParser(); JsonNode jsonNode = clientAppResponse.getData();
JsonElement jClientAppResult = jsonParser.parse(clientAppResponse.getData());
String clientId = null; String clientId = null;
String clientSecret = null; String clientSecret = null;
String encodedClientApp = null; String encodedClientApp = null;
if (jClientAppResult.isJsonObject()) { if (jsonNode != null) {
JsonObject jClientAppResultAsJsonObject = jClientAppResult.getAsJsonObject(); clientId = jsonNode.get("client_id").textValue();
clientId = jClientAppResultAsJsonObject.get("client_id").getAsString(); clientSecret = jsonNode.get("client_secret").textValue();
clientSecret = jClientAppResultAsJsonObject.get("client_secret").getAsString();
encodedClientApp = Base64.getEncoder() encodedClientApp = Base64.getEncoder()
.encodeToString((clientId + HandlerConstants.COLON + clientSecret).getBytes()); .encodeToString((clientId + HandlerConstants.COLON + clientSecret).getBytes());
oAuthApp = new OAuthApp( oAuthApp = new OAuthApp(
@ -155,8 +156,7 @@ public class LoginHandler extends HttpServlet {
*/ */
private boolean getTokenAndPersistInSession(HttpServletRequest req, HttpServletResponse resp, private boolean getTokenAndPersistInSession(HttpServletRequest req, HttpServletResponse resp,
String clientId, String clientSecret, String encodedClientApp, String clientId, String clientSecret, String encodedClientApp,
JsonArray scopes) throws LoginException { ArrayNode scopes) throws LoginException {
JsonParser jsonParser = new JsonParser();
try { try {
ProxyResponse tokenResultResponse = getTokenResult(encodedClientApp, scopes); ProxyResponse tokenResultResponse = getTokenResult(encodedClientApp, scopes);
@ -166,16 +166,13 @@ public class LoginHandler extends HttpServlet {
HandlerUtil.handleError(resp, tokenResultResponse); HandlerUtil.handleError(resp, tokenResultResponse);
return false; return false;
} }
String tokenResult = tokenResultResponse.getData(); JsonNode tokenResult = tokenResultResponse.getData();
if (tokenResult == null) { if (tokenResult == null) {
log.error("Invalid token response is received."); log.error("Invalid token response is received.");
HandlerUtil.handleError(resp, tokenResultResponse); HandlerUtil.handleError(resp, tokenResultResponse);
return false; return false;
} }
JsonElement jTokenResult = jsonParser.parse(tokenResult);
if (jTokenResult.isJsonObject()) {
JsonObject jTokenResultAsJsonObject = jTokenResult.getAsJsonObject();
HttpSession session = req.getSession(false); HttpSession session = req.getSession(false);
if (session == null) { if (session == null) {
return false; return false;
@ -184,13 +181,11 @@ public class LoginHandler extends HttpServlet {
authData.setClientId(clientId); authData.setClientId(clientId);
authData.setClientSecret(clientSecret); authData.setClientSecret(clientSecret);
authData.setEncodedClientApp(encodedClientApp); authData.setEncodedClientApp(encodedClientApp);
authData.setAccessToken(jTokenResultAsJsonObject.get("access_token").getAsString()); authData.setAccessToken(tokenResult.get("access_token").textValue());
authData.setRefreshToken(jTokenResultAsJsonObject.get("refresh_token").getAsString()); authData.setRefreshToken(tokenResult.get("refresh_token").textValue());
authData.setScope(jTokenResultAsJsonObject.get("scope").getAsString()); authData.setScope(tokenResult.get("scope").textValue());
session.setAttribute(HandlerConstants.SESSION_AUTH_DATA_KEY, authData); session.setAttribute(HandlerConstants.SESSION_AUTH_DATA_KEY, authData);
return true; return true;
}
return false;
} catch (IOException e) { } catch (IOException e) {
throw new LoginException("Error occurred while sending the response into the socket", e); throw new LoginException("Error occurred while sending the response into the socket", e);
} }
@ -228,22 +223,26 @@ public class LoginHandler extends HttpServlet {
* @throws IOException IO exception throws if an error occurred when invoking token endpoint * @throws IOException IO exception throws if an error occurred when invoking token endpoint
*/ */
private ProxyResponse getTokenResult(String encodedClientApp, JsonNode scopes) throws IOException { private ProxyResponse getTokenResult(String encodedClientApp, JsonNode scopes) throws IOException {
HttpPost tokenEndpoint = new HttpPost(gatewayUrl + HandlerConstants.INTERNAL_TOKEN_ENDPOINT);
tokenEndpoint.setHeader(HttpHeaders.AUTHORIZATION, HandlerConstants.BASIC + encodedClientApp);
tokenEndpoint.setHeader(HttpHeaders.CONTENT_TYPE, ContentType.APPLICATION_FORM_URLENCODED.toString());
String scopeString = HandlerUtil.getScopeString(scopes); String scopeString = HandlerUtil.getScopeString(scopes);
if (scopeString != null) { if (scopeString != null) {
scopeString = scopeString.trim(); scopeString = scopeString.trim();
} else { } else {
scopeString = "default"; scopeString = "default";
} }
StringEntity tokenEPPayload = new StringEntity( List<NameValuePair> nameValuePairs = new ArrayList<>();
"grant_type=" + HandlerConstants.PASSWORD_GRANT_TYPE + "&username=" + username + "&password=" + nameValuePairs.add(new BasicNameValuePair("grant_type", HandlerConstants.PASSWORD_GRANT_TYPE));
password + "&scope=" + scopeString, nameValuePairs.add(new BasicNameValuePair("username", username));
ContentType.APPLICATION_FORM_URLENCODED); nameValuePairs.add(new BasicNameValuePair("password", password));
tokenEndpoint.setEntity(tokenEPPayload); nameValuePairs.add(new BasicNameValuePair("scope", scopeString));
ClassicHttpRequest tokenEndpoint = ClassicRequestBuilder.post(gatewayUrl + HandlerConstants.INTERNAL_TOKEN_ENDPOINT)
.setEntity(new UrlEncodedFormEntity(nameValuePairs))
.setHeader(org.apache.hc.core5.http.HttpHeaders.CONTENT_TYPE,
org.apache.hc.core5.http.ContentType.APPLICATION_FORM_URLENCODED.toString())
.setHeader(org.apache.hc.core5.http.HttpHeaders.AUTHORIZATION, HandlerConstants.BASIC + encodedClientApp)
.build();
return HandlerUtil.execute(tokenEndpoint); return HandlerUtil.execute(tokenEndpoint);
} }
} }

Loading…
Cancel
Save