Merge pull request #919 from charithag/master

Prevent all nodes from using a same app id for oauth
revert-dabc3590
Geeth 6 years ago committed by GitHub
commit c20492eb1c
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23

@ -18,15 +18,14 @@ import feign.Client;
import feign.Feign; import feign.Feign;
import feign.FeignException; import feign.FeignException;
import feign.Logger; import feign.Logger;
import feign.Request;
import feign.RequestInterceptor; import feign.RequestInterceptor;
import feign.RequestTemplate; import feign.RequestTemplate;
import feign.Response;
import feign.auth.BasicAuthRequestInterceptor; import feign.auth.BasicAuthRequestInterceptor;
import feign.gson.GsonDecoder; import feign.gson.GsonDecoder;
import feign.gson.GsonEncoder; import feign.gson.GsonEncoder;
import feign.jaxrs.JAXRSContract; import feign.jaxrs.JAXRSContract;
import feign.slf4j.Slf4jLogger; import feign.slf4j.Slf4jLogger;
import org.apache.commons.lang.RandomStringUtils;
import org.apache.commons.logging.Log; import org.apache.commons.logging.Log;
import org.apache.commons.logging.LogFactory; import org.apache.commons.logging.LogFactory;
import org.wso2.carbon.base.ServerConfiguration; import org.wso2.carbon.base.ServerConfiguration;
@ -38,12 +37,24 @@ import org.wso2.carbon.device.mgt.output.adapter.websocket.authorization.client.
import org.wso2.carbon.device.mgt.output.adapter.websocket.util.PropertyUtils; import org.wso2.carbon.device.mgt.output.adapter.websocket.util.PropertyUtils;
import org.wso2.carbon.event.output.adapter.core.exception.OutputEventAdapterException; import org.wso2.carbon.event.output.adapter.core.exception.OutputEventAdapterException;
import javax.net.ssl.HostnameVerifier;
import javax.net.ssl.*; import javax.net.ssl.KeyManagerFactory;
import javax.net.ssl.SSLContext;
import javax.net.ssl.SSLSession;
import javax.net.ssl.SSLSocketFactory;
import javax.net.ssl.TrustManager;
import javax.net.ssl.TrustManagerFactory;
import javax.net.ssl.X509TrustManager;
import java.io.FileInputStream; import java.io.FileInputStream;
import java.io.IOException; import java.io.IOException;
import java.io.InputStream; import java.io.InputStream;
import java.security.*; import java.net.InetAddress;
import java.net.UnknownHostException;
import java.security.KeyManagementException;
import java.security.KeyStore;
import java.security.KeyStoreException;
import java.security.NoSuchAlgorithmException;
import java.security.UnrecoverableKeyException;
import java.security.cert.CertificateException; import java.security.cert.CertificateException;
import java.util.Map; import java.util.Map;
@ -68,24 +79,35 @@ public class OAuthRequestInterceptor implements RequestInterceptor {
private static final String CONNECTION_USERNAME = "username"; private static final String CONNECTION_USERNAME = "username";
private static final String CONNECTION_PASSWORD = "password"; private static final String CONNECTION_PASSWORD = "password";
private static final String TOKEN_ENDPOINT = "tokenUrl";
private static final String TOKEN_REFRESH_TIME_OFFSET = "tokenRefreshTimeOffset"; private static final String TOKEN_REFRESH_TIME_OFFSET = "tokenRefreshTimeOffset";
private static final String TOKEN_SCOPES = "scopes";
private static final String DEVICE_MGT_SERVER_URL = "deviceMgtServerUrl"; private static final String DEVICE_MGT_SERVER_URL = "deviceMgtServerUrl";
private static final String TOKEN_ENDPOINT_CONTEXT = "tokenUrl"; private static final String TOKEN_ENDPOINT_CONTEXT = "tokenUrl";
private static String username; private static String username;
private static String password; private static String password;
private static String tokenEndpoint; private static String tokenEndpoint;
private static String deviceMgtServerUrl; private static String deviceMgtServerUrl;
private static String scopes; private static String clientHash = "";
private static Map<String, String> globalProperties;
/** /**
* Creates an interceptor that authenticates all requests. * Creates an interceptor that authenticates all requests.
*/ */
public OAuthRequestInterceptor(Map<String, String> globalProperties) { public OAuthRequestInterceptor(Map<String, String> globalProperties) {
this.globalProperties = globalProperties; try {
InetAddress inetAddress = InetAddress.getLocalHost();
String ip = inetAddress.getHostAddress();
if (ip != null && ip.equals("127.0.0.1")) {
clientHash = ip.replace(".", "");
} else {
clientHash = RandomStringUtils.random(8, true, true);
}
} catch (UnknownHostException e) {
log.warn("Error occurred while generating unique hash for node.");
clientHash = RandomStringUtils.random(8, true, true);
}
if (log.isDebugEnabled()) {
log.debug("Client hash: " + clientHash);
}
try { try {
deviceMgtServerUrl = getDeviceMgtServerUrl(globalProperties); deviceMgtServerUrl = getDeviceMgtServerUrl(globalProperties);
refreshTimeOffset = getRefreshTimeOffset(globalProperties) * 1000; refreshTimeOffset = getRefreshTimeOffset(globalProperties) * 1000;
@ -108,7 +130,7 @@ public class OAuthRequestInterceptor implements RequestInterceptor {
if (tokenInfo == null) { if (tokenInfo == null) {
if (apiApplicationKey == null) { if (apiApplicationKey == null) {
ApiRegistrationProfile apiRegistrationProfile = new ApiRegistrationProfile(); ApiRegistrationProfile apiRegistrationProfile = new ApiRegistrationProfile();
apiRegistrationProfile.setApplicationName(APPLICATION_NAME); apiRegistrationProfile.setApplicationName(APPLICATION_NAME + "-" + clientHash);
apiRegistrationProfile.setIsAllowedToAllDomains(false); apiRegistrationProfile.setIsAllowedToAllDomains(false);
apiRegistrationProfile.setIsMappingAnExistingOAuthApp(false); apiRegistrationProfile.setIsMappingAnExistingOAuthApp(false);
apiRegistrationProfile.setTags(DEVICE_MANAGEMENT_SERVICE_TAG); apiRegistrationProfile.setTags(DEVICE_MANAGEMENT_SERVICE_TAG);

@ -52,13 +52,13 @@
<SharedWithAllTenants>true</SharedWithAllTenants> <SharedWithAllTenants>true</SharedWithAllTenants>
</ProvisioningConfig> </ProvisioningConfig>
<!-- <!--
isScheduled element used to enable scheduler task to send push notification. isScheduled element used to enable scheduler task to send push notification as batches.
Task will send push notification as batches. So this will reduce sudden request burst when many devices try to Batch size and scheduler interval can be configured via cdm-config.xml. So this will reduce sudden request
access server after receiving push notification. burst when many devices try to access server after receiving push notification.
--> -->
<!--Configuration for enable firebase push notifications--> <!--Configuration for enable firebase push notifications-->
<!--<PushNotificationProviderConfig type="FCM" isScheduled="false">--> <PushNotificationProviderConfig type="FCM" isScheduled="false">
<!--</PushNotificationProviderConfig>--> </PushNotificationProviderConfig>
<DataSource> <DataSource>
<JndiConfig> <JndiConfig>

Loading…
Cancel
Save