Fixes in JWT token generation

add_scope_mdm
Pasindu Rupasinghe 1 year ago
parent 83780c6a0c
commit 8ea4932019

@ -800,9 +800,14 @@ public class APIManagementProviderServiceImpl implements APIManagementProviderSe
io.entgra.device.mgt.core.apimgt.extension.rest.api.dto.AccessTokenInfo accessTokenInfo; io.entgra.device.mgt.core.apimgt.extension.rest.api.dto.AccessTokenInfo accessTokenInfo;
try { try {
if (username == null || password == null) { if (username == null || password == null) {
apiApplicationKey = apiApplicationServices.createAndRetrieveApplicationCredentials(); apiApplicationKey = apiApplicationServices.createAndRetrieveApplicationCredentials(
"ClientForConsumerRestCalls",
"client_credentials password refresh_token urn:ietf:params:oauth:grant-type:jwt-bearer");
} else { } else {
apiApplicationKey = apiApplicationServices.generateAndRetrieveApplicationKeys(username, password); apiApplicationKey = apiApplicationServices.generateAndRetrieveApplicationKeys(
"ClientForConsumerRestCalls",
username, password,
"client_credentials password refresh_token urn:ietf:params:oauth:grant-type:jwt-bearer");
} }
accessTokenInfo = apiApplicationServices.generateAccessTokenFromRegisteredApplication( accessTokenInfo = apiApplicationServices.generateAccessTokenFromRegisteredApplication(
apiApplicationKey.getClientId(), apiApplicationKey.getClientSecret()); apiApplicationKey.getClientId(), apiApplicationKey.getClientSecret());

@ -24,9 +24,10 @@ import io.entgra.device.mgt.core.apimgt.extension.rest.api.exceptions.APIService
public interface APIApplicationServices { public interface APIApplicationServices {
APIApplicationKey createAndRetrieveApplicationCredentials() throws APIServicesException; APIApplicationKey createAndRetrieveApplicationCredentials(String clientName, String grantType)
throws APIServicesException;
APIApplicationKey generateAndRetrieveApplicationKeys(String username, String password) APIApplicationKey generateAndRetrieveApplicationKeys(String clientName, String username, String password, String grantType)
throws APIServicesException; throws APIServicesException;
AccessTokenInfo generateAccessTokenFromRegisteredApplication(String clientId, String clientSecret) throws APIServicesException; AccessTokenInfo generateAccessTokenFromRegisteredApplication(String clientId, String clientSecret) throws APIServicesException;

@ -44,7 +44,7 @@ public class APIApplicationServicesImpl implements APIApplicationServices {
getAPIManagerConfigurationService().getAPIManagerConfiguration(); getAPIManagerConfigurationService().getAPIManagerConfiguration();
@Override @Override
public APIApplicationKey createAndRetrieveApplicationCredentials() public APIApplicationKey createAndRetrieveApplicationCredentials(String clientName, String grantType)
throws APIServicesException { throws APIServicesException {
String applicationEndpoint = config.getFirstProperty(Constants.DCR_END_POINT); String applicationEndpoint = config.getFirstProperty(Constants.DCR_END_POINT);
@ -53,8 +53,8 @@ public class APIApplicationServicesImpl implements APIApplicationServices {
JSONObject jsonObject = new JSONObject(); JSONObject jsonObject = new JSONObject();
jsonObject.put("callbackUrl", Constants.EMPTY_STRING); jsonObject.put("callbackUrl", Constants.EMPTY_STRING);
jsonObject.put("clientName", Constants.CLIENT_NAME); jsonObject.put("clientName", clientName);
jsonObject.put("grantType", Constants.GRANT_TYPE); jsonObject.put("grantType", grantType);
jsonObject.put("owner", serverUser); jsonObject.put("owner", serverUser);
jsonObject.put("saasApp", true); jsonObject.put("saasApp", true);
@ -75,15 +75,15 @@ public class APIApplicationServicesImpl implements APIApplicationServices {
} }
@Override @Override
public APIApplicationKey generateAndRetrieveApplicationKeys(String username, String password) public APIApplicationKey generateAndRetrieveApplicationKeys(String clientName, String username, String password, String grantType)
throws APIServicesException { throws APIServicesException {
String applicationEndpoint = config.getFirstProperty(Constants.DCR_END_POINT); String applicationEndpoint = config.getFirstProperty(Constants.DCR_END_POINT);
JSONObject jsonObject = new JSONObject(); JSONObject jsonObject = new JSONObject();
jsonObject.put("callbackUrl", Constants.EMPTY_STRING); jsonObject.put("callbackUrl", Constants.EMPTY_STRING);
jsonObject.put("clientName", username); jsonObject.put("clientName", clientName);
jsonObject.put("grantType", Constants.GRANT_TYPE); jsonObject.put("grantType", grantType);
jsonObject.put("owner", username); jsonObject.put("owner", username);
jsonObject.put("saasApp", true); jsonObject.put("saasApp", true);

@ -27,10 +27,8 @@ public final class Constants {
public static final String AMPERSAND = "&"; public static final String AMPERSAND = "&";
public static final String SLASH = "/"; public static final String SLASH = "/";
public static final String EQUAL = "="; public static final String EQUAL = "=";
public static final String CLIENT_NAME = "rest_api_publisher_code";
public static final String SERVER_USER = "WorkflowConfigurations.ServerUser"; public static final String SERVER_USER = "WorkflowConfigurations.ServerUser";
public static final String SERVER_PASSWORD = "WorkflowConfigurations.ServerPassword"; public static final String SERVER_PASSWORD = "WorkflowConfigurations.ServerPassword";
public static final String GRANT_TYPE = "client_credentials password refresh_token";
public static final String REFRESH_TOKEN_GRANT_TYPE_PARAM_NAME = "refresh_token"; public static final String REFRESH_TOKEN_GRANT_TYPE_PARAM_NAME = "refresh_token";
public static final String OAUTH_EXPIRES_IN = "expires_in"; public static final String OAUTH_EXPIRES_IN = "expires_in";
public static final String OAUTH_TOKEN_SCOPE = "scope"; public static final String OAUTH_TOKEN_SCOPE = "scope";

@ -344,7 +344,7 @@ public class KeyMgtServiceImpl implements KeyMgtService {
Response response = client.newCall(request).execute(); Response response = client.newCall(request).execute();
return gson.fromJson(response.body().string(), OAuthApplication.class); return gson.fromJson(response.body().string(), OAuthApplication.class);
} catch (IOException e) { } catch (IOException e) {
msg = "Error occurred while processing the response"; msg = "Error occurred while processing the response" + e;
throw new KeyMgtException(msg); throw new KeyMgtException(msg);
} }
} }

@ -90,7 +90,10 @@ public class APIPublisherServiceImpl implements APIPublisherService {
APIApplicationKey apiApplicationKey; APIApplicationKey apiApplicationKey;
AccessTokenInfo accessTokenInfo; AccessTokenInfo accessTokenInfo;
try { try {
apiApplicationKey = apiApplicationServices.createAndRetrieveApplicationCredentials(); apiApplicationKey = apiApplicationServices.createAndRetrieveApplicationCredentials(
"ClientForPublisherRestCalls",
"client_credentials password refresh_token"
);
accessTokenInfo = apiApplicationServices.generateAccessTokenFromRegisteredApplication( accessTokenInfo = apiApplicationServices.generateAccessTokenFromRegisteredApplication(
apiApplicationKey.getClientId(), apiApplicationKey.getClientSecret()); apiApplicationKey.getClientId(), apiApplicationKey.getClientSecret());
} catch (APIServicesException e) { } catch (APIServicesException e) {
@ -403,7 +406,10 @@ public class APIPublisherServiceImpl implements APIPublisherService {
APIApplicationKey apiApplicationKey; APIApplicationKey apiApplicationKey;
AccessTokenInfo accessTokenInfo; AccessTokenInfo accessTokenInfo;
try { try {
apiApplicationKey = apiApplicationServices.createAndRetrieveApplicationCredentials(); apiApplicationKey = apiApplicationServices.createAndRetrieveApplicationCredentials(
"ClientForPublisherRestCalls",
"client_credentials password refresh_token"
);
accessTokenInfo = apiApplicationServices.generateAccessTokenFromRegisteredApplication( accessTokenInfo = apiApplicationServices.generateAccessTokenFromRegisteredApplication(
apiApplicationKey.getClientId(), apiApplicationKey.getClientSecret()); apiApplicationKey.getClientId(), apiApplicationKey.getClientSecret());
} catch (APIServicesException e) { } catch (APIServicesException e) {

@ -23,6 +23,11 @@ import io.entgra.device.mgt.core.apimgt.application.extension.APIManagementProvi
import io.entgra.device.mgt.core.apimgt.application.extension.APIManagementProviderServiceImpl; import io.entgra.device.mgt.core.apimgt.application.extension.APIManagementProviderServiceImpl;
import io.entgra.device.mgt.core.apimgt.application.extension.dto.ApiApplicationKey; import io.entgra.device.mgt.core.apimgt.application.extension.dto.ApiApplicationKey;
import io.entgra.device.mgt.core.apimgt.application.extension.exception.APIManagerException; import io.entgra.device.mgt.core.apimgt.application.extension.exception.APIManagerException;
import io.entgra.device.mgt.core.apimgt.application.extension.internal.APIApplicationManagerExtensionDataHolder;
import io.entgra.device.mgt.core.apimgt.extension.rest.api.APIApplicationServices;
import io.entgra.device.mgt.core.apimgt.extension.rest.api.APIApplicationServicesImpl;
import io.entgra.device.mgt.core.apimgt.extension.rest.api.dto.APIApplicationKey;
import io.entgra.device.mgt.core.apimgt.extension.rest.api.exceptions.APIServicesException;
import io.entgra.device.mgt.core.apimgt.keymgt.extension.DCRResponse; import io.entgra.device.mgt.core.apimgt.keymgt.extension.DCRResponse;
import io.entgra.device.mgt.core.apimgt.keymgt.extension.TokenRequest; import io.entgra.device.mgt.core.apimgt.keymgt.extension.TokenRequest;
import io.entgra.device.mgt.core.apimgt.keymgt.extension.TokenResponse; import io.entgra.device.mgt.core.apimgt.keymgt.extension.TokenResponse;
@ -804,11 +809,12 @@ public class DeviceManagementServiceImpl implements DeviceManagementService {
//todo - lasantha - can't get password from here //todo - lasantha - can't get password from here
ApiApplicationKey apiApplicationKey; ApiApplicationKey apiApplicationKey;
try { try {
DCRResponse adminDCRResponse = keyMgtService.dynamicClientRegistration(applicationName,
PrivilegedCarbonContext.getThreadLocalCarbonContext().getUserRealm() APIApplicationServices apiApplicationServices = DeviceMgtAPIUtils.getApiApplicationServices();
.getRealmConfiguration().getAdminUserName(), APIApplicationKey adminDCRResponse = apiApplicationServices.createAndRetrieveApplicationCredentials(
"client_credentials", null, new String[] {"device_management"}, false, validityTime, PrivilegedCarbonContext.getThreadLocalCarbonContext().getUserRealm() "ClientForJWTTokenGeneration",
.getRealmConfiguration().getAdminPassword()); "client_credentials password refresh_token urn:ietf:params:oauth:grant-type:jwt-bearer"
);
PrivilegedCarbonContext ctx = PrivilegedCarbonContext.getThreadLocalCarbonContext(); PrivilegedCarbonContext ctx = PrivilegedCarbonContext.getThreadLocalCarbonContext();
JWTClientManagerService jwtClientManagerService = (JWTClientManagerService) ctx. JWTClientManagerService jwtClientManagerService = (JWTClientManagerService) ctx.
@ -816,11 +822,14 @@ public class DeviceManagementServiceImpl implements DeviceManagementService {
JWTClient jwtClient = jwtClientManagerService.getJWTClient(); JWTClient jwtClient = jwtClientManagerService.getJWTClient();
AccessTokenInfo accessTokenInfo = jwtClient.getAccessToken(adminDCRResponse.getClientId(), AccessTokenInfo accessTokenInfo = jwtClient.getAccessToken(adminDCRResponse.getClientId(),
adminDCRResponse.getClientSecret(), adminDCRResponse.getClientSecret(),
username, "appm:subscribe"); username, "appm:subscribe apim:admin apim:api_key apim:app_import_export apim:app_manage" +
" apim:store_settings apim:sub_alert_manage apim:sub_manage apim:subscribe openid perm:device:enroll " +
"perm:devices:details perm:devices:features perm:devices:search perm:devices:view perm:groups:groups " +
"perm:users:send-invitation");
APIManagementProviderService apiManagementProviderService = DeviceMgtAPIUtils.getAPIManagementService(); APIManagementProviderService apiManagementProviderService = DeviceMgtAPIUtils.getAPIManagementService();
apiApplicationKey = apiManagementProviderService.generateAndRetrieveApplicationKeys(applicationName, apiApplicationKey = apiManagementProviderService.generateAndRetrieveApplicationKeys(applicationName,
new String[] {"device_management"}, null, false, String.valueOf(validityTime), new String[] {"device_management"}, "PRODUCTION", false, String.valueOf(validityTime),
accessTokenInfo.getAccessToken()); accessTokenInfo.getAccessToken());
} catch (JWTClientException e) { } catch (JWTClientException e) {
@ -828,8 +837,8 @@ public class DeviceManagementServiceImpl implements DeviceManagementService {
log.error(msg, e); log.error(msg, e);
return Response.serverError().entity( return Response.serverError().entity(
new ErrorResponse.ErrorResponseBuilder().setMessage(msg).build()).build(); new ErrorResponse.ErrorResponseBuilder().setMessage(msg).build()).build();
} catch (UserStoreException e) { } catch (APIServicesException e) {
String msg = "Error while getting user credentials."; String msg = "Error while generating api Application";
log.error(msg, e); log.error(msg, e);
return Response.serverError().entity( return Response.serverError().entity(
new ErrorResponse.ErrorResponseBuilder().setMessage(msg).build()).build(); new ErrorResponse.ErrorResponseBuilder().setMessage(msg).build()).build();

@ -19,6 +19,7 @@
package io.entgra.device.mgt.core.device.mgt.api.jaxrs.util; package io.entgra.device.mgt.core.device.mgt.api.jaxrs.util;
import io.entgra.device.mgt.core.apimgt.application.extension.APIManagementProviderService; import io.entgra.device.mgt.core.apimgt.application.extension.APIManagementProviderService;
import io.entgra.device.mgt.core.apimgt.extension.rest.api.APIApplicationServices;
import io.entgra.device.mgt.core.apimgt.extension.rest.api.ConsumerRESTAPIServices; import io.entgra.device.mgt.core.apimgt.extension.rest.api.ConsumerRESTAPIServices;
import io.entgra.device.mgt.core.application.mgt.common.services.ApplicationManager; import io.entgra.device.mgt.core.application.mgt.common.services.ApplicationManager;
import io.entgra.device.mgt.core.application.mgt.common.services.SubscriptionManager; import io.entgra.device.mgt.core.application.mgt.common.services.SubscriptionManager;
@ -157,6 +158,7 @@ public class DeviceMgtAPIUtils {
private static volatile SubscriptionManager subscriptionManager; private static volatile SubscriptionManager subscriptionManager;
private static volatile ApplicationManager applicationManager; private static volatile ApplicationManager applicationManager;
private static volatile ConsumerRESTAPIServices consumerRESTAPIServices; private static volatile ConsumerRESTAPIServices consumerRESTAPIServices;
private static volatile APIApplicationServices apiApplicationServices;
private static volatile APIManagementProviderService apiManagementProviderService; private static volatile APIManagementProviderService apiManagementProviderService;
static { static {
@ -410,6 +412,25 @@ public class DeviceMgtAPIUtils {
return consumerRESTAPIServices; return consumerRESTAPIServices;
} }
/**
* Initializing and accessing method for APIM API application REST API.
*
* @return APIApplicationServices instance
* @throws IllegalStateException if APIApplicationServices cannot be initialized
*/
public static synchronized APIApplicationServices getApiApplicationServices() {
if (apiApplicationServices == null) {
PrivilegedCarbonContext ctx = PrivilegedCarbonContext.getThreadLocalCarbonContext();
apiApplicationServices = (APIApplicationServices) ctx.getOSGiService(APIApplicationServices.class, null);
if (apiApplicationServices == null) {
String msg = "API application service has not initialized.";
log.error(msg);
throw new IllegalStateException(msg);
}
}
return apiApplicationServices;
}
/** /**
* Initializing and accessing method for API management Provider Service. * Initializing and accessing method for API management Provider Service.
* *

Loading…
Cancel
Save