Add access token retrieving service

4 years ago · 7333329e78
parent ad4d7a453f
commit 7333329e78
6 changed files with 214 additions and 7 deletions
--- a/components/apimgt-extensions/org.wso2.carbon.apimgt.application.extension/pom.xml
+++ b/components/apimgt-extensions/org.wso2.carbon.apimgt.application.extension/pom.xml
@ -67,6 +67,11 @@
            <groupId>org.wso2.carbon.registry</groupId>
            <artifactId>org.wso2.carbon.registry.indexing</artifactId>
        </dependency>
+        <dependency>
+            <groupId>org.wso2.carbon.devicemgt</groupId>
+            <artifactId>org.wso2.carbon.identity.jwt.client.extension</artifactId>
+            <scope>provided</scope>
+        </dependency>
    </dependencies>

    <build>
@ -110,6 +115,7 @@
 							org.wso2.carbon.apimgt.integration.client.*,
 							org.wso2.carbon.apimgt.integration.generated.client.store.api,
 							org.wso2.carbon.apimgt.integration.generated.client.store.model,
+                            org.wso2.carbon.identity.jwt.client.extension.*,
 							feign
                        </Import-Package>
                        <Export-Package>
--- a/components/apimgt-extensions/org.wso2.carbon.apimgt.application.extension/src/main/java/org/wso2/carbon/apimgt/application/extension/APIManagementProviderService.java
+++ b/components/apimgt-extensions/org.wso2.carbon.apimgt.application.extension/src/main/java/org/wso2/carbon/apimgt/application/extension/APIManagementProviderService.java
@ -77,4 +77,18 @@ public interface APIManagementProviderService {
     */
    void removeAPIApplication(String applicationName, String username) throws APIManagerException;

+    /**
+     * To get access token for given scopes and for the given validity period
+     * @param scopes Scopes
+     * @param tags Tags
+     * @param applicationName Application Name
+     * @param tokenType Token Type
+     * @param validityPeriod Validity Period
+     * @return {@link String} Access Token
+     * @throws APIManagerException if error occurred while getting the access token for given scopes,
+     * validity period etc.
+     */
+    String getAccessToken(String scopes, String[] tags, String applicationName, String tokenType, String validityPeriod)
+            throws APIManagerException;
+
 }
--- a/components/apimgt-extensions/org.wso2.carbon.apimgt.application.extension/src/main/java/org/wso2/carbon/apimgt/application/extension/APIManagementProviderServiceImpl.java
+++ b/components/apimgt-extensions/org.wso2.carbon.apimgt.application.extension/src/main/java/org/wso2/carbon/apimgt/application/extension/APIManagementProviderServiceImpl.java
@ -21,6 +21,7 @@ package org.wso2.carbon.apimgt.application.extension;
 import feign.FeignException;
 import org.apache.commons.logging.Log;
 import org.apache.commons.logging.LogFactory;
+import org.wso2.carbon.apimgt.application.extension.bean.APIRegistrationProfile;
 import org.wso2.carbon.apimgt.application.extension.constants.ApiApplicationConstants;
 import org.wso2.carbon.apimgt.application.extension.dto.ApiApplicationKey;
 import org.wso2.carbon.apimgt.application.extension.exception.APIManagerException;
@ -30,6 +31,11 @@ import org.wso2.carbon.apimgt.integration.client.OAuthRequestInterceptor;
 import org.wso2.carbon.apimgt.integration.client.store.StoreClient;
 import org.wso2.carbon.apimgt.integration.generated.client.store.model.*;
 import org.wso2.carbon.context.PrivilegedCarbonContext;
+import org.wso2.carbon.identity.jwt.client.extension.JWTClient;
+import org.wso2.carbon.identity.jwt.client.extension.dto.AccessTokenInfo;
+import org.wso2.carbon.identity.jwt.client.extension.exception.JWTClientException;
+import org.wso2.carbon.identity.jwt.client.extension.service.JWTClientManagerService;
+import org.wso2.carbon.user.api.UserStoreException;
 import org.wso2.carbon.utils.multitenancy.MultitenantConstants;

 import java.util.ArrayList;
@ -230,4 +236,87 @@ public class APIManagementProviderServiceImpl implements APIManagementProviderSe
        return this.generateAndRetrieveApplicationKeys(applicationName, tags, keyType, username,
                isAllowedAllDomains, validityTime, null);
    }
+
+    @Override
+    public String getAccessToken(String scopes, String[] tags, String applicationName, String tokenType,
+            String validityPeriod) throws APIManagerException {
+        try {
+            String tenantDomain = PrivilegedCarbonContext.getThreadLocalCarbonContext().getTenantDomain(true);
+            ApiApplicationKey clientCredentials = getClientCredentials(tenantDomain, tags, applicationName, tokenType,
+                    validityPeriod);
+
+            if (clientCredentials == null) {
+                String msg = "Oauth Application creation is failed.";
+                log.error(msg);
+                throw new APIManagerException(msg);
+            }
+
+            String user =
+                    PrivilegedCarbonContext.getThreadLocalCarbonContext().getUsername() + "@" + PrivilegedCarbonContext
+                            .getThreadLocalCarbonContext().getTenantDomain(true);
+
+            JWTClientManagerService jwtClientManagerService = APIApplicationManagerExtensionDataHolder.getInstance()
+                    .getJwtClientManagerService();
+            JWTClient jwtClient = jwtClientManagerService.getJWTClient();
+            AccessTokenInfo accessTokenForAdmin = jwtClient
+                    .getAccessToken(clientCredentials.getConsumerKey(), clientCredentials.getConsumerSecret(), user,
+                            scopes);
+
+            return accessTokenForAdmin.getAccessToken();
+        } catch (JWTClientException e) {
+            String msg = "JWT Error occurred while registering Application to get access token.";
+            log.error(msg, e);
+            throw new APIManagerException(msg, e);
+        } catch (APIManagerException e) {
+            String msg = "Error occurred while getting access tokens.";
+            log.error(msg, e);
+            throw new APIManagerException(msg, e);
+        } catch (UserStoreException e) {
+            String msg = "User management exception when getting client credentials.";
+            log.error(msg, e);
+            throw new APIManagerException(msg, e);
+        }
+    }
+
+    /**
+     * Get Client credentials
+     * @param tenantDomain Tenant Domain
+     * @param tags Tags
+     * @param applicationName Application Name
+     * @param tokenType Token Type
+     * @param validityPeriod Validity Period
+     * @return {@link ApiApplicationKey}
+     * @throws APIManagerException if error occurred while generating access token
+     * @throws UserStoreException if error ocurred while getting admin username.
+     */
+    private ApiApplicationKey getClientCredentials(String tenantDomain, String[] tags, String applicationName,
+            String tokenType, String validityPeriod) throws APIManagerException, UserStoreException {
+
+        APIRegistrationProfile registrationProfile = new APIRegistrationProfile();
+        registrationProfile.setAllowedToAllDomains(false);
+        registrationProfile.setMappingAnExistingOAuthApp(false);
+        registrationProfile.setTags(tags);
+        registrationProfile.setApplicationName(applicationName);
+
+        ApiApplicationKey info = null;
+        if (tenantDomain == null || tenantDomain.isEmpty()) {
+            tenantDomain = MultitenantConstants.SUPER_TENANT_DOMAIN_NAME;
+        }
+        try {
+            PrivilegedCarbonContext.startTenantFlow();
+            PrivilegedCarbonContext.getThreadLocalCarbonContext().setTenantDomain(tenantDomain, true);
+            PrivilegedCarbonContext.getThreadLocalCarbonContext().setUsername(
+                    PrivilegedCarbonContext.getThreadLocalCarbonContext().getUserRealm().getRealmConfiguration()
+                            .getAdminUserName());
+
+            if (registrationProfile.getUsername() == null || registrationProfile.getUsername().isEmpty()) {
+                info = generateAndRetrieveApplicationKeys(registrationProfile.getApplicationName(),
+                        registrationProfile.getTags(), tokenType, registrationProfile.getApplicationName(),
+                        registrationProfile.isAllowedToAllDomains(), validityPeriod);
+            }
+        } finally {
+            PrivilegedCarbonContext.endTenantFlow();
+        }
+        return info;
+    }
 }
--- a/components/apimgt-extensions/org.wso2.carbon.apimgt.application.extension/src/main/java/org/wso2/carbon/apimgt/application/extension/bean/APIRegistrationProfile.java
+++ b/components/apimgt-extensions/org.wso2.carbon.apimgt.application.extension/src/main/java/org/wso2/carbon/apimgt/application/extension/bean/APIRegistrationProfile.java
@ -0,0 +1,77 @@
+/*
+ * Copyright (c) 2021, Entgra (Pvt) Ltd. (http://www.entgra.io) All Rights Reserved.
+ *
+ * Entgra (Pvt) Ltd. licenses this file to you under the Apache License,
+ * Version 2.0 (the "License"); you may not use this file except
+ * in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing,
+ * software distributed under the License is distributed on an
+ * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+ * KIND, either express or implied. See the License for the
+ * specific language governing permissions and limitations
+ * under the License.
+ */
+
+package org.wso2.carbon.apimgt.application.extension.bean;
+
+public class APIRegistrationProfile {
+    private String applicationName;
+    private String tags[];
+    private boolean isAllowedToAllDomains;
+    private boolean isMappingAnExistingOAuthApp;
+    private String username;
+    private String password;
+
+    public String getUsername() {
+        return username;
+    }
+
+    public void setUsername(String username) {
+        this.username = username;
+    }
+
+    public String getPassword() {
+        return password;
+    }
+
+    public void setPassword(String password) {
+        this.password = password;
+    }
+
+    public String getApplicationName() {
+        return applicationName;
+    }
+
+    public void setApplicationName(String applicationName) {
+        this.applicationName = applicationName;
+    }
+
+    public String[] getTags() {
+        return tags;
+    }
+
+    public void setTags(String[] tags) {
+        this.tags = tags;
+    }
+
+    public boolean isAllowedToAllDomains() {
+        return isAllowedToAllDomains;
+    }
+
+    public void setAllowedToAllDomains(boolean allowedToAllDomains) {
+        isAllowedToAllDomains = allowedToAllDomains;
+    }
+
+    public boolean isMappingAnExistingOAuthApp() {
+        return isMappingAnExistingOAuthApp;
+    }
+
+    public void setMappingAnExistingOAuthApp(boolean mappingAnExistingOAuthApp) {
+        isMappingAnExistingOAuthApp = mappingAnExistingOAuthApp;
+    }
+
+}
--- a/components/apimgt-extensions/org.wso2.carbon.apimgt.application.extension/src/main/java/org/wso2/carbon/apimgt/application/extension/internal/APIApplicationManagerExtensionDataHolder.java
+++ b/components/apimgt-extensions/org.wso2.carbon.apimgt.application.extension/src/main/java/org/wso2/carbon/apimgt/application/extension/internal/APIApplicationManagerExtensionDataHolder.java
@ -19,11 +19,15 @@ package org.wso2.carbon.apimgt.application.extension.internal;

 import org.wso2.carbon.apimgt.application.extension.APIManagementProviderService;
 import org.wso2.carbon.apimgt.integration.client.service.IntegrationClientService;
+import org.wso2.carbon.context.PrivilegedCarbonContext;
+import org.wso2.carbon.identity.jwt.client.extension.service.JWTClientManagerService;
 import org.wso2.carbon.registry.core.service.TenantRegistryLoader;
 import org.wso2.carbon.registry.indexing.service.TenantIndexingLoader;
 import org.wso2.carbon.user.core.service.RealmService;
 import org.wso2.carbon.user.core.tenant.TenantManager;

+import java.util.Hashtable;
+
 public class APIApplicationManagerExtensionDataHolder {
    private static APIApplicationManagerExtensionDataHolder thisInstance = new APIApplicationManagerExtensionDataHolder();
    private APIManagementProviderService apiManagementProviderService;
@ -32,6 +36,7 @@ public class APIApplicationManagerExtensionDataHolder {
    private TenantRegistryLoader tenantRegistryLoader;
    private TenantIndexingLoader indexLoader;
    private IntegrationClientService integrationClientService;
+    private JWTClientManagerService jwtClientManagerService;

    private APIApplicationManagerExtensionDataHolder() {
    }
@ -97,4 +102,16 @@ public class APIApplicationManagerExtensionDataHolder {
            IntegrationClientService integrationClientService) {
        this.integrationClientService = integrationClientService;
    }
+
+    public JWTClientManagerService getJwtClientManagerService() {
+        if (jwtClientManagerService == null) {
+            PrivilegedCarbonContext ctx = PrivilegedCarbonContext.getThreadLocalCarbonContext();
+            jwtClientManagerService = (JWTClientManagerService)ctx.getOSGiService(JWTClientManagerService.class, (Hashtable)null);
+        }
+        return jwtClientManagerService;
+    }
+
+    public void setJwtClientManagerService(JWTClientManagerService jwtClientManagerService) {
+        this.jwtClientManagerService = jwtClientManagerService;
+    }
 }
--- a/components/apimgt-extensions/org.wso2.carbon.apimgt.application.extension/src/main/java/org/wso2/carbon/apimgt/application/extension/internal/APIApplicationManagerExtensionServiceComponent.java
+++ b/components/apimgt-extensions/org.wso2.carbon.apimgt.application.extension/src/main/java/org/wso2/carbon/apimgt/application/extension/internal/APIApplicationManagerExtensionServiceComponent.java
@ -58,16 +58,20 @@ import org.wso2.carbon.user.core.service.RealmService;
 */
 public class APIApplicationManagerExtensionServiceComponent {

-    private static Log log = LogFactory.getLog(APIApplicationManagerExtensionServiceComponent.class);
+    private static final Log log = LogFactory.getLog(APIApplicationManagerExtensionServiceComponent.class);

    protected void activate(ComponentContext componentContext) {
-        if (log.isDebugEnabled()) {
-            log.debug("Initializing device extension bundle");
+        try {
+            if (log.isDebugEnabled()) {
+                log.debug("Initializing device extension bundle");
+            }
+            APIManagementProviderService apiManagementProviderService = new APIManagementProviderServiceImpl();
+            APIApplicationManagerExtensionDataHolder.getInstance().setAPIManagementProviderService(apiManagementProviderService);
+            BundleContext bundleContext = componentContext.getBundleContext();
+            bundleContext.registerService(APIManagementProviderService.class.getName(), apiManagementProviderService, null);
+        }  catch (Throwable e) {
+            log.error("Error occurred while initializing API application management extension bundle", e);
        }
-        APIManagementProviderService apiManagementProviderService = new APIManagementProviderServiceImpl();
-        APIApplicationManagerExtensionDataHolder.getInstance().setAPIManagementProviderService(apiManagementProviderService);
-        BundleContext bundleContext = componentContext.getBundleContext();
-        bundleContext.registerService(APIManagementProviderService.class.getName(), apiManagementProviderService, null);
    }

    protected void deactivate(ComponentContext componentContext) {