Fix JWT token generation.

add_scope_mdm
commit b0d5fc29d5

@ -649,9 +649,14 @@ public class APIManagementProviderServiceImpl implements APIManagementProviderSe
io.entgra.device.mgt.core.apimgt.extension.rest.api.dto.AccessTokenInfo accessTokenInfo;
try {
if (username == null || password == null) {
apiApplicationKey = apiApplicationServices.createAndRetrieveApplicationCredentials();
apiApplicationKey = apiApplicationServices.createAndRetrieveApplicationCredentials(
"ClientForConsumerRestCalls",
"client_credentials password refresh_token urn:ietf:params:oauth:grant-type:jwt-bearer");
} else {
apiApplicationKey = apiApplicationServices.generateAndRetrieveApplicationKeys(username, password);
apiApplicationKey = apiApplicationServices.generateAndRetrieveApplicationKeys(
"ClientForConsumerRestCalls",
username, password,
"client_credentials password refresh_token urn:ietf:params:oauth:grant-type:jwt-bearer");
}
accessTokenInfo = apiApplicationServices.generateAccessTokenFromRegisteredApplication(
apiApplicationKey.getClientId(), apiApplicationKey.getClientSecret());

@ -24,9 +24,10 @@ import io.entgra.device.mgt.core.apimgt.extension.rest.api.exceptions.APIService
public interface APIApplicationServices {
APIApplicationKey createAndRetrieveApplicationCredentials() throws APIServicesException;
APIApplicationKey createAndRetrieveApplicationCredentials(String clientName, String grantType)
throws APIServicesException;
APIApplicationKey generateAndRetrieveApplicationKeys(String username, String password)
APIApplicationKey generateAndRetrieveApplicationKeys(String clientName, String username, String password, String grantType)
throws APIServicesException;
AccessTokenInfo generateAccessTokenFromRegisteredApplication(String clientId, String clientSecret) throws APIServicesException;

@ -44,7 +44,7 @@ public class APIApplicationServicesImpl implements APIApplicationServices {
getAPIManagerConfigurationService().getAPIManagerConfiguration();
@Override
public APIApplicationKey createAndRetrieveApplicationCredentials()
public APIApplicationKey createAndRetrieveApplicationCredentials(String clientName, String grantType)
throws APIServicesException {
String applicationEndpoint = config.getFirstProperty(Constants.DCR_END_POINT);
@ -53,8 +53,8 @@ public class APIApplicationServicesImpl implements APIApplicationServices {
JSONObject jsonObject = new JSONObject();
jsonObject.put("callbackUrl", Constants.EMPTY_STRING);
jsonObject.put("clientName", Constants.CLIENT_NAME);
jsonObject.put("grantType", Constants.GRANT_TYPE);
jsonObject.put("clientName", clientName);
jsonObject.put("grantType", grantType);
jsonObject.put("owner", serverUser);
jsonObject.put("saasApp", true);
@ -75,15 +75,15 @@ public class APIApplicationServicesImpl implements APIApplicationServices {
}
@Override
public APIApplicationKey generateAndRetrieveApplicationKeys(String username, String password)
public APIApplicationKey generateAndRetrieveApplicationKeys(String clientName, String username, String password, String grantType)
throws APIServicesException {
String applicationEndpoint = config.getFirstProperty(Constants.DCR_END_POINT);
JSONObject jsonObject = new JSONObject();
jsonObject.put("callbackUrl", Constants.EMPTY_STRING);
jsonObject.put("clientName", username);
jsonObject.put("grantType", Constants.GRANT_TYPE);
jsonObject.put("clientName", clientName);
jsonObject.put("grantType", grantType);
jsonObject.put("owner", username);
jsonObject.put("saasApp", true);

@ -27,10 +27,8 @@ public final class Constants {
public static final String AMPERSAND = "&";
public static final String SLASH = "/";
public static final String EQUAL = "=";
public static final String CLIENT_NAME = "rest_api_publisher_code";
public static final String SERVER_USER = "WorkflowConfigurations.ServerUser";
public static final String SERVER_PASSWORD = "WorkflowConfigurations.ServerPassword";
public static final String GRANT_TYPE = "client_credentials password refresh_token";
public static final String REFRESH_TOKEN_GRANT_TYPE_PARAM_NAME = "refresh_token";
public static final String OAUTH_EXPIRES_IN = "expires_in";
public static final String OAUTH_TOKEN_SCOPE = "scope";

@ -344,7 +344,7 @@ public class KeyMgtServiceImpl implements KeyMgtService {
Response response = client.newCall(request).execute();
return gson.fromJson(response.body().string(), OAuthApplication.class);
} catch (IOException e) {
msg = "Error occurred while processing the response";
msg = "Error occurred while processing the response" + e;
throw new KeyMgtException(msg);
}
}

@ -90,7 +90,10 @@ public class APIPublisherServiceImpl implements APIPublisherService {
APIApplicationKey apiApplicationKey;
AccessTokenInfo accessTokenInfo;
try {
apiApplicationKey = apiApplicationServices.createAndRetrieveApplicationCredentials();
apiApplicationKey = apiApplicationServices.createAndRetrieveApplicationCredentials(
"ClientForPublisherRestCalls",
"client_credentials password refresh_token"
);
accessTokenInfo = apiApplicationServices.generateAccessTokenFromRegisteredApplication(
apiApplicationKey.getClientId(), apiApplicationKey.getClientSecret());
} catch (APIServicesException e) {
@ -403,7 +406,10 @@ public class APIPublisherServiceImpl implements APIPublisherService {
APIApplicationKey apiApplicationKey;
AccessTokenInfo accessTokenInfo;
try {
apiApplicationKey = apiApplicationServices.createAndRetrieveApplicationCredentials();
apiApplicationKey = apiApplicationServices.createAndRetrieveApplicationCredentials(
"ClientForPublisherRestCalls",
"client_credentials password refresh_token"
);
accessTokenInfo = apiApplicationServices.generateAccessTokenFromRegisteredApplication(
apiApplicationKey.getClientId(), apiApplicationKey.getClientSecret());
} catch (APIServicesException e) {

@ -23,6 +23,11 @@ import io.entgra.device.mgt.core.apimgt.application.extension.APIManagementProvi
import io.entgra.device.mgt.core.apimgt.application.extension.APIManagementProviderServiceImpl;
import io.entgra.device.mgt.core.apimgt.application.extension.dto.ApiApplicationKey;
import io.entgra.device.mgt.core.apimgt.application.extension.exception.APIManagerException;
import io.entgra.device.mgt.core.apimgt.application.extension.internal.APIApplicationManagerExtensionDataHolder;
import io.entgra.device.mgt.core.apimgt.extension.rest.api.APIApplicationServices;
import io.entgra.device.mgt.core.apimgt.extension.rest.api.APIApplicationServicesImpl;
import io.entgra.device.mgt.core.apimgt.extension.rest.api.dto.APIApplicationKey;
import io.entgra.device.mgt.core.apimgt.extension.rest.api.exceptions.APIServicesException;
import io.entgra.device.mgt.core.apimgt.keymgt.extension.DCRResponse;
import io.entgra.device.mgt.core.apimgt.keymgt.extension.TokenRequest;
import io.entgra.device.mgt.core.apimgt.keymgt.extension.TokenResponse;
@ -804,11 +809,11 @@ public class DeviceManagementServiceImpl implements DeviceManagementService {
//todo - lasantha - can't get password from here
ApiApplicationKey apiApplicationKey;
try {
DCRResponse adminDCRResponse = keyMgtService.dynamicClientRegistration(applicationName,
PrivilegedCarbonContext.getThreadLocalCarbonContext().getUserRealm()
.getRealmConfiguration().getAdminUserName(),
"client_credentials", null, new String[] {"device_management"}, false, validityTime, PrivilegedCarbonContext.getThreadLocalCarbonContext().getUserRealm()
.getRealmConfiguration().getAdminPassword());
APIApplicationServices apiApplicationServices = DeviceMgtAPIUtils.getApiApplicationServices();
APIApplicationKey adminDCRResponse = apiApplicationServices.createAndRetrieveApplicationCredentials(
"ClientForJWTTokenGeneration",
"client_credentials password refresh_token urn:ietf:params:oauth:grant-type:jwt-bearer"
);
PrivilegedCarbonContext ctx = PrivilegedCarbonContext.getThreadLocalCarbonContext();
JWTClientManagerService jwtClientManagerService = (JWTClientManagerService) ctx.
@ -816,11 +821,14 @@ public class DeviceManagementServiceImpl implements DeviceManagementService {
JWTClient jwtClient = jwtClientManagerService.getJWTClient();
AccessTokenInfo accessTokenInfo = jwtClient.getAccessToken(adminDCRResponse.getClientId(),
adminDCRResponse.getClientSecret(),
username, "appm:subscribe");
username, "appm:subscribe apim:admin apim:api_key apim:app_import_export apim:app_manage" +
" apim:store_settings apim:sub_alert_manage apim:sub_manage apim:subscribe openid perm:device:enroll " +
"perm:devices:details perm:devices:features perm:devices:search perm:devices:view perm:groups:groups " +
"perm:users:send-invitation");
APIManagementProviderService apiManagementProviderService = DeviceMgtAPIUtils.getAPIManagementService();
apiApplicationKey = apiManagementProviderService.generateAndRetrieveApplicationKeys(applicationName,
new String[] {"device_management"}, null, false, String.valueOf(validityTime),
new String[] {"device_management"}, "PRODUCTION", false, String.valueOf(validityTime),
accessTokenInfo.getAccessToken());
} catch (JWTClientException e) {
@ -828,8 +836,8 @@ public class DeviceManagementServiceImpl implements DeviceManagementService {
log.error(msg, e);
return Response.serverError().entity(
new ErrorResponse.ErrorResponseBuilder().setMessage(msg).build()).build();
} catch (UserStoreException e) {
String msg = "Error while getting user credentials.";
} catch (APIServicesException e) {
String msg = "Error while generating api Application";
log.error(msg, e);
return Response.serverError().entity(
new ErrorResponse.ErrorResponseBuilder().setMessage(msg).build()).build();

@ -19,6 +19,7 @@
package io.entgra.device.mgt.core.device.mgt.api.jaxrs.util;
import io.entgra.device.mgt.core.apimgt.application.extension.APIManagementProviderService;
import io.entgra.device.mgt.core.apimgt.extension.rest.api.APIApplicationServices;
import io.entgra.device.mgt.core.apimgt.extension.rest.api.ConsumerRESTAPIServices;
import io.entgra.device.mgt.core.application.mgt.common.services.ApplicationManager;
import io.entgra.device.mgt.core.application.mgt.common.services.SubscriptionManager;
@ -156,6 +157,7 @@ public class DeviceMgtAPIUtils {
private static volatile SubscriptionManager subscriptionManager;
private static volatile ApplicationManager applicationManager;
private static volatile APIApplicationServices apiApplicationServices;
private static volatile ConsumerRESTAPIServices consumerRESTAPIServices;
private static volatile APIManagementProviderService apiManagementProviderService;
@ -410,6 +412,25 @@ public class DeviceMgtAPIUtils {
return consumerRESTAPIServices;
}
/**
* Initializing and accessing method for APIM API application REST API.
*
* @return APIApplicationServices instance
* @throws IllegalStateException if APIApplicationServices cannot be initialized
*/
public static synchronized APIApplicationServices getApiApplicationServices() {
if (apiApplicationServices == null) {
PrivilegedCarbonContext ctx = PrivilegedCarbonContext.getThreadLocalCarbonContext();
apiApplicationServices = (APIApplicationServices) ctx.getOSGiService(APIApplicationServices.class, null);
if (apiApplicationServices == null) {
String msg = "API application service has not initialized.";
log.error(msg);
throw new IllegalStateException(msg);
}
}
return apiApplicationServices;
}
/**
* Initializing and accessing method for API management Provider Service.
*

@ -138,7 +138,9 @@ public class JWTClient {
if (jwtConfig == null) {
return null;
}
URL tokenEndpoint = new URL(jwtConfig.getTokenEndpoint());
// todo:
// URL tokenEndpoint = new URL(jwtConfig.getTokenEndpoint());
URL tokenEndpoint = new URL("https://localhost:9443/oauth2/token");
HttpClient httpClient = JWTClientUtil.getHttpClient(tokenEndpoint.getProtocol());
HttpPost postMethod = new HttpPost(tokenEndpoint.toString());
postMethod.setEntity(new UrlEncodedFormEntity(nameValuePairs));

Loading…
Cancel
Save