From 97df36842df27b293716f2d885b570bdf98fe08d Mon Sep 17 00:00:00 2001
From: Kamidu Sachith <sachithp@wso2.com>
Date: Thu, 8 Oct 2015 14:02:29 +0530
Subject: [PATCH 1/9] Enabling OAuth Authentication for BackEnd Services

---
 .../backend-oauth-authenticator/pom.xml       | 108 +++++++++++
 .../backend/oauth/AuthenticatorException.java |  41 +++++
 .../backend/oauth/OauthAuthenticator.java     | 170 ++++++++++++++++++
 .../oauth/OauthAuthenticatorConstants.java    |  28 +++
 .../OauthAuthenticatorServiceComponent.java   |  56 ++++++
 .../oauth/validator/OAuth2TokenValidator.java |  34 ++++
 .../validator/OAuthValidationRespond.java     |  57 ++++++
 .../validator/OAuthValidatorFactory.java      |  52 ++++++
 .../impl/ExternalOAuthValidator.java          |  98 ++++++++++
 .../validator/impl/LocalOAuthValidator.java   |  69 +++++++
 components/identity-extensions/pom.xml        |   1 +
 pom.xml                                       |  21 ++-
 12 files changed, 730 insertions(+), 5 deletions(-)
 create mode 100644 components/identity-extensions/backend-oauth-authenticator/pom.xml
 create mode 100755 components/identity-extensions/backend-oauth-authenticator/src/main/java/org/wso2/carbon/identity/authenticator/backend/oauth/AuthenticatorException.java
 create mode 100755 components/identity-extensions/backend-oauth-authenticator/src/main/java/org/wso2/carbon/identity/authenticator/backend/oauth/OauthAuthenticator.java
 create mode 100755 components/identity-extensions/backend-oauth-authenticator/src/main/java/org/wso2/carbon/identity/authenticator/backend/oauth/OauthAuthenticatorConstants.java
 create mode 100755 components/identity-extensions/backend-oauth-authenticator/src/main/java/org/wso2/carbon/identity/authenticator/backend/oauth/internal/OauthAuthenticatorServiceComponent.java
 create mode 100755 components/identity-extensions/backend-oauth-authenticator/src/main/java/org/wso2/carbon/identity/authenticator/backend/oauth/validator/OAuth2TokenValidator.java
 create mode 100755 components/identity-extensions/backend-oauth-authenticator/src/main/java/org/wso2/carbon/identity/authenticator/backend/oauth/validator/OAuthValidationRespond.java
 create mode 100755 components/identity-extensions/backend-oauth-authenticator/src/main/java/org/wso2/carbon/identity/authenticator/backend/oauth/validator/OAuthValidatorFactory.java
 create mode 100755 components/identity-extensions/backend-oauth-authenticator/src/main/java/org/wso2/carbon/identity/authenticator/backend/oauth/validator/impl/ExternalOAuthValidator.java
 create mode 100755 components/identity-extensions/backend-oauth-authenticator/src/main/java/org/wso2/carbon/identity/authenticator/backend/oauth/validator/impl/LocalOAuthValidator.java

diff --git a/components/identity-extensions/backend-oauth-authenticator/pom.xml b/components/identity-extensions/backend-oauth-authenticator/pom.xml
new file mode 100644
index 0000000000..ac4bc382e5
--- /dev/null
+++ b/components/identity-extensions/backend-oauth-authenticator/pom.xml
@@ -0,0 +1,108 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<project xmlns="http://maven.apache.org/POM/4.0.0"
+         xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
+         xsi:schemaLocation="http://maven.apache.org/POM/4.0.0 http://maven.apache.org/xsd/maven-4.0.0.xsd">
+    <parent>
+        <artifactId>identity-extensions</artifactId>
+        <groupId>org.wso2.carbon.devicemgt</groupId>
+        <version>0.9.2-SNAPSHOT</version>
+    </parent>
+    <modelVersion>4.0.0</modelVersion>
+    <packaging>bundle</packaging>
+    <name>WSO2 Carbon - OAuth Back End Authenticator </name>
+    <artifactId>org.wso2.carbon.identity.authenticator.backend.oauth</artifactId>
+
+    <dependencies>
+        <dependency>
+            <groupId>org.wso2.carbon</groupId>
+            <artifactId>org.wso2.carbon.utils</artifactId>
+            <version>${carbon.kernel.version}</version>
+        </dependency>
+        <dependency>
+            <groupId>org.wso2.carbon.identity</groupId>
+            <artifactId>org.wso2.carbon.identity.base</artifactId>
+            <version>${carbon.identity.version}</version>
+        </dependency>
+        <dependency>
+            <groupId>org.wso2.carbon.identity</groupId>
+            <artifactId>org.wso2.carbon.identity.core</artifactId>
+            <version>${carbon.identity.version}</version>
+        </dependency>
+        <dependency>
+            <groupId>org.wso2.carbon</groupId>
+            <artifactId>org.wso2.carbon.core</artifactId>
+            <version>${carbon.kernel.version}</version>
+        </dependency>
+        <dependency>
+            <groupId>org.wso2.carbon</groupId>
+            <artifactId>org.wso2.carbon.logging</artifactId>
+            <version>${carbon.kernel.version}</version>
+        </dependency>
+        <dependency>
+            <groupId>org.wso2.carbon.identity</groupId>
+            <artifactId>org.wso2.carbon.identity.application.authentication.framework</artifactId>
+            <version>${carbon.identity.version}</version>
+        </dependency>
+        <dependency>
+            <groupId>org.wso2.carbon</groupId>
+            <artifactId>org.wso2.carbon.core.services</artifactId>
+            <version>${carbon.kernel.version}</version>
+        </dependency>
+        <dependency>
+            <groupId>org.wso2.carbon.identity</groupId>
+            <artifactId>org.wso2.carbon.identity.oauth</artifactId>
+            <version>${carbon.identity.version}</version>
+        </dependency>
+        <dependency>
+            <groupId>org.wso2.carbon.identity</groupId>
+            <artifactId>org.wso2.carbon.identity.application.common</artifactId>
+            <version>${carbon.identity.version}</version>
+        </dependency>
+        <dependency>
+            <groupId>org.wso2.carbon.identity</groupId>
+            <artifactId>org.wso2.carbon.identity.oauth.stub</artifactId>
+        </dependency>
+    </dependencies>
+
+    <build>
+        <plugins>
+            <plugin>
+                <groupId>org.apache.felix</groupId>
+                <artifactId>maven-scr-plugin</artifactId>
+            </plugin>
+            <plugin>
+                <groupId>org.apache.felix</groupId>
+                <artifactId>maven-bundle-plugin</artifactId>
+                <version>1.4.0</version>
+                <extensions>true</extensions>
+                <configuration>
+                    <instructions>
+                        <Bundle-SymbolicName>${pom.artifactId}</Bundle-SymbolicName>
+                        <Bundle-Name>${pom.artifactId}</Bundle-Name>
+                        <Private-Package>
+                            org.wso2.sample.authenticator.internal
+                        </Private-Package>
+                        <Export-Package>
+                            !org.wso2.sample.authenticator.internal,
+                            org.wso2.sample.authenticator.*,
+                        </Export-Package>
+                        <Import-Package>
+                            javax.servlet.http,
+                            org.apache.commons.logging,
+                            org.wso2.carbon.identity.application.authentication.framework.*,
+                            org.wso2.carbon.identity.oauth2,
+                            org.wso2.carbon.identity.oauth2.dto,
+                            org.wso2.carbon.user.core.service,
+                            org.wso2.carbon.utils.multitenancy
+                        </Import-Package>
+                        <Export-Package>
+                            org.wso2.carbon.identity.authenticator.backend.oauth.*;
+                        </Export-Package>
+                        <DynamicImport-Package>*</DynamicImport-Package>
+                    </instructions>
+                </configuration>
+            </plugin>
+        </plugins>
+    </build>
+
+</project>
\ No newline at end of file
diff --git a/components/identity-extensions/backend-oauth-authenticator/src/main/java/org/wso2/carbon/identity/authenticator/backend/oauth/AuthenticatorException.java b/components/identity-extensions/backend-oauth-authenticator/src/main/java/org/wso2/carbon/identity/authenticator/backend/oauth/AuthenticatorException.java
new file mode 100755
index 0000000000..05bc3d69f7
--- /dev/null
+++ b/components/identity-extensions/backend-oauth-authenticator/src/main/java/org/wso2/carbon/identity/authenticator/backend/oauth/AuthenticatorException.java
@@ -0,0 +1,41 @@
+/*
+*  Copyright (c) 2015 WSO2 Inc. (http://www.wso2.org) All Rights Reserved.
+*
+*  WSO2 Inc. licenses this file to you under the Apache License,
+*  Version 2.0 (the "License"); you may not use this file except
+*  in compliance with the License.
+*  You may obtain a copy of the License at
+*
+*    http://www.apache.org/licenses/LICENSE-2.0
+*
+*  Unless required by applicable law or agreed to in writing,
+*  software distributed under the License is distributed on an
+*  "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+*  KIND, either express or implied.  See the License for the
+*  specific language governing permissions and limitations
+*  under the License.
+*/
+package org.wso2.carbon.identity.authenticator.backend.oauth;
+
+/**
+ *Custom exception for backend OAuth authentication
+ */
+@SuppressWarnings("unused")
+public class AuthenticatorException extends Exception {
+
+    private static final long serialVersionUID = 1L;
+
+    public AuthenticatorException(String message) {
+        super(message);
+    }
+
+    public AuthenticatorException(Throwable e) {
+        super(e);
+    }
+
+    public AuthenticatorException(String message, Throwable e) {
+        super(message, e);
+    }
+
+
+}
diff --git a/components/identity-extensions/backend-oauth-authenticator/src/main/java/org/wso2/carbon/identity/authenticator/backend/oauth/OauthAuthenticator.java b/components/identity-extensions/backend-oauth-authenticator/src/main/java/org/wso2/carbon/identity/authenticator/backend/oauth/OauthAuthenticator.java
new file mode 100755
index 0000000000..43877ba832
--- /dev/null
+++ b/components/identity-extensions/backend-oauth-authenticator/src/main/java/org/wso2/carbon/identity/authenticator/backend/oauth/OauthAuthenticator.java
@@ -0,0 +1,170 @@
+/*
+ * Copyright (c) 2015 WSO2 Inc. (http://www.wso2.org) All Rights Reserved.
+ *
+ * WSO2 Inc. licenses this file to you under the Apache License,
+ * Version 2.0 (the "License"); you may not use this file except
+ * in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing,
+ * software distributed under the License is distributed on an
+ * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+ * KIND, either express or implied. See the License for the
+ * specific language governing permissions and limitations
+ * under the License.
+ */
+package org.wso2.carbon.identity.authenticator.backend.oauth;
+
+import org.apache.axis2.context.MessageContext;
+import org.apache.axis2.transport.http.HTTPConstants;
+import org.apache.commons.logging.Log;
+import org.apache.commons.logging.LogFactory;
+import org.wso2.carbon.base.MultitenantConstants;
+import org.wso2.carbon.core.security.AuthenticatorsConfiguration;
+import org.wso2.carbon.core.services.authentication.CarbonServerAuthenticator;
+import org.wso2.carbon.utils.ServerConstants;
+import org.wso2.carbon.identity.authenticator.backend.oauth.validator.OAuth2TokenValidator;
+import org.wso2.carbon.identity.authenticator.backend.oauth.validator.OAuthValidationRespond;
+import org.wso2.carbon.identity.authenticator.backend.oauth.validator.OAuthValidatorFactory;
+
+import javax.servlet.http.HttpServletRequest;
+import javax.servlet.http.HttpSession;
+import java.rmi.RemoteException;
+
+/**
+ * This is a custom back end authenticator for enable OAuth token authentication for admin services
+ */
+public class OauthAuthenticator implements CarbonServerAuthenticator {
+
+    private static final Log log = LogFactory.getLog(OauthAuthenticator.class);
+    private static final int PRIORITY = 5;
+    private static final int ACCESS_TOKEN_INDEX = 1;
+
+    private static String hostUrl = "";
+    private static boolean isRemote = false;
+
+    static {
+        AuthenticatorsConfiguration authenticatorsConfiguration = AuthenticatorsConfiguration.getInstance();
+        AuthenticatorsConfiguration.AuthenticatorConfig authenticatorConfig = authenticatorsConfiguration.getAuthenticatorConfig(OauthAuthenticatorConstants.AUTHENTICATOR_NAME);
+
+        if (authenticatorConfig != null) {
+            isRemote = Boolean.parseBoolean(authenticatorConfig.getParameters().get("isRemote"));
+            hostUrl = authenticatorConfig.getParameters().get("hostURL");
+
+        }
+    }
+
+    /**
+     * Checks whether the authentication of the context can be handled using this authenticator.
+     *
+     * @param messageContext containing the request need to be authenticated.
+     * @return boolean indicating whether the request can be authenticated by this Authenticator.
+     */
+    public boolean isHandle(MessageContext messageContext) {
+        HttpServletRequest httpServletRequest = getHttpRequest(messageContext);
+        String headerValue = httpServletRequest.getHeader(HTTPConstants.HEADER_AUTHORIZATION);
+
+        if (headerValue != null && !headerValue.trim().isEmpty()) {
+            String[] headerPart = headerValue.trim().split(OauthAuthenticatorConstants.SPLITING_CHARACTOR);
+
+            if (OauthAuthenticatorConstants.AUTHORIZATION_HEADER_PREFIX_BEARER.equals(headerPart[0])) {
+                return true;
+            }
+        } else if (httpServletRequest.getParameter(OauthAuthenticatorConstants.BEARER_TOKEN_IDENTIFIER) != null) {
+            return true;
+        }
+        return false;
+    }
+
+    /**
+     * Authenticates the user using the provided OAuth token and returns the status as a boolean.
+     * Sets the tenant domain and tenant friendly username to the session as attributes.
+     *
+     * @param messageContext containing the request need to be authenticated.
+     * @return boolean indicating the authentication status.
+     */
+    public boolean isAuthenticated(MessageContext messageContext) {
+        HttpServletRequest httpServletRequest = getHttpRequest(messageContext);
+        String headerValue = httpServletRequest.getHeader(HTTPConstants.HEADER_AUTHORIZATION);
+        //split the header value to separate the identity type and the token.
+        String[] headerPart = headerValue.trim().split(OauthAuthenticatorConstants.SPLITING_CHARACTOR);
+        String accessToken = headerPart[ACCESS_TOKEN_INDEX];
+        OAuth2TokenValidator tokenValidator = OAuthValidatorFactory.getValidator(isRemote,hostUrl);
+
+        if (tokenValidator == null) {
+            log.error("OAuthValidationFactory failed to return a validator",
+                    new AuthenticatorException("OAuthValidatorFactory Failed to determine the validator"));
+            return false;
+        }
+
+        OAuthValidationRespond respond = null;
+        try {
+            respond = tokenValidator.validateToken(accessToken);
+        } catch (RemoteException e) {
+            log.error("Failed to validate the OAuth token provided.", e);
+        }
+
+        if (respond != null && respond.isValid()) {
+            HttpSession session;
+
+            if ((session = httpServletRequest.getSession(false)) != null) {
+                session.setAttribute(MultitenantConstants.TENANT_DOMAIN, respond.getTenantDomain());
+                session.setAttribute(ServerConstants.USER_LOGGED_IN, respond.getUserName());
+
+                if (log.isDebugEnabled()) {
+                    log.debug("Authentication successful for " + session.getAttribute(ServerConstants.USER_LOGGED_IN));
+                }
+            }
+            return true;
+        }
+
+        if (log.isDebugEnabled()) {
+            log.debug("Authentication failed.Illegal attempt from session " + httpServletRequest.getSession().getId());
+        }
+        return false;
+    }
+
+    /**
+     * this method is currently not implemented.
+     *
+     * @param messageContext containing the request need to be authenticated.
+     * @return boolean
+     */
+    public boolean authenticateWithRememberMe(MessageContext messageContext) {
+        throw new UnsupportedOperationException();
+    }
+
+    /**
+     * @return string Authenticator name.
+     */
+    public String getAuthenticatorName() {
+        return OauthAuthenticatorConstants.AUTHENTICATOR_NAME;
+    }
+
+    /**
+     * @return int priority of the authenticator.
+     */
+    public int getPriority() {
+        return PRIORITY;
+    }
+
+    /**
+     * @return boolean true for enable or otherwise for disable status.
+     */
+    public boolean isDisabled() {
+        return false;
+    }
+
+    /**
+     * Retrieve HTTP Servlet Request form thr Message Context.
+     *
+     * @param messageContext Containing the Servlet Request for backend authentication.
+     * @return HTTPServletRequest.
+     */
+    private HttpServletRequest getHttpRequest(MessageContext messageContext) {
+        return (HttpServletRequest) messageContext.getProperty(HTTPConstants.MC_HTTP_SERVLETREQUEST);
+    }
+
+}
diff --git a/components/identity-extensions/backend-oauth-authenticator/src/main/java/org/wso2/carbon/identity/authenticator/backend/oauth/OauthAuthenticatorConstants.java b/components/identity-extensions/backend-oauth-authenticator/src/main/java/org/wso2/carbon/identity/authenticator/backend/oauth/OauthAuthenticatorConstants.java
new file mode 100755
index 0000000000..badaf8dbed
--- /dev/null
+++ b/components/identity-extensions/backend-oauth-authenticator/src/main/java/org/wso2/carbon/identity/authenticator/backend/oauth/OauthAuthenticatorConstants.java
@@ -0,0 +1,28 @@
+/*
+*  Copyright (c) 2015 WSO2 Inc. (http://www.wso2.org) All Rights Reserved.
+*
+*  WSO2 Inc. licenses this file to you under the Apache License,
+*  Version 2.0 (the "License"); you may not use this file except
+*  in compliance with the License.
+*  You may obtain a copy of the License at
+*
+*    http://www.apache.org/licenses/LICENSE-2.0
+*
+*  Unless required by applicable law or agreed to in writing,
+*  software distributed under the License is distributed on an
+*  "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+*  KIND, either express or implied.  See the License for the
+*  specific language governing permissions and limitations
+*  under the License.
+*/
+package org.wso2.carbon.identity.authenticator.backend.oauth;
+
+public class OauthAuthenticatorConstants {
+    public static final String AUTHORIZATION_HEADER_PREFIX_BEARER = "Bearer";
+    public static final String BEARER_TOKEN_TYPE = "bearer";
+    public static final String BEARER_TOKEN_IDENTIFIER = "token";
+    public static final String AUTHENTICATOR_NAME = "BackEndOAuthAuthenticator";
+    public static final String SPLITING_CHARACTOR = " ";
+    public static String OAUTH_ENDPOINT_POSTFIX =
+            "/services/OAuth2TokenValidationService.OAuth2TokenValidationServiceHttpsSoap12Endpoint/";
+}
diff --git a/components/identity-extensions/backend-oauth-authenticator/src/main/java/org/wso2/carbon/identity/authenticator/backend/oauth/internal/OauthAuthenticatorServiceComponent.java b/components/identity-extensions/backend-oauth-authenticator/src/main/java/org/wso2/carbon/identity/authenticator/backend/oauth/internal/OauthAuthenticatorServiceComponent.java
new file mode 100755
index 0000000000..59577ac633
--- /dev/null
+++ b/components/identity-extensions/backend-oauth-authenticator/src/main/java/org/wso2/carbon/identity/authenticator/backend/oauth/internal/OauthAuthenticatorServiceComponent.java
@@ -0,0 +1,56 @@
+/*
+*  Copyright (c) 2015 WSO2 Inc. (http://www.wso2.org) All Rights Reserved.
+*
+*  WSO2 Inc. licenses this file to you under the Apache License,
+*  Version 2.0 (the "License"); you may not use this file except
+*  in compliance with the License.
+*  You may obtain a copy of the License at
+*
+*    http://www.apache.org/licenses/LICENSE-2.0
+*
+*  Unless required by applicable law or agreed to in writing,
+*  software distributed under the License is distributed on an
+*  "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+*  KIND, either express or implied.  See the License for the
+*  specific language governing permissions and limitations
+*  under the License.
+*/
+
+package org.wso2.carbon.identity.authenticator.backend.oauth.internal;
+
+import org.apache.commons.logging.Log;
+import org.apache.commons.logging.LogFactory;
+import org.osgi.service.component.ComponentContext;
+import org.wso2.carbon.core.services.authentication.CarbonServerAuthenticator;
+import org.wso2.carbon.identity.authenticator.backend.oauth.OauthAuthenticator;
+
+
+/**
+ * @scr.component component.name="org.wso2.carbon.identity.authenticator.backend.oauth.OauthAuthenticator" immediate="true"
+ */
+@SuppressWarnings("unused")
+public class OauthAuthenticatorServiceComponent {
+
+    private static final Log log = LogFactory.getLog(OauthAuthenticatorServiceComponent
+            .class);
+
+    protected void activate(ComponentContext ctxt) {
+        try {
+            OauthAuthenticator oauthAuthenticator = new OauthAuthenticator();
+            ctxt.getBundleContext().registerService(CarbonServerAuthenticator.class.getName(),
+                    oauthAuthenticator, null);
+            if (log.isDebugEnabled()) {
+                log.debug("OAuth Authenticator bundle is activated");
+            }
+        } catch (Throwable e) {
+            log.fatal(" Error while activating OAuth authenticator ", e);
+        }
+    }
+
+    protected void deactivate(ComponentContext ctxt) {
+        if (log.isDebugEnabled()) {
+            log.debug("OAuth Authenticator bundle is deactivated");
+        }
+    }
+
+}
diff --git a/components/identity-extensions/backend-oauth-authenticator/src/main/java/org/wso2/carbon/identity/authenticator/backend/oauth/validator/OAuth2TokenValidator.java b/components/identity-extensions/backend-oauth-authenticator/src/main/java/org/wso2/carbon/identity/authenticator/backend/oauth/validator/OAuth2TokenValidator.java
new file mode 100755
index 0000000000..7382fe1370
--- /dev/null
+++ b/components/identity-extensions/backend-oauth-authenticator/src/main/java/org/wso2/carbon/identity/authenticator/backend/oauth/validator/OAuth2TokenValidator.java
@@ -0,0 +1,34 @@
+/*
+*  Copyright (c) 2015 WSO2 Inc. (http://www.wso2.org) All Rights Reserved.
+*
+*  WSO2 Inc. licenses this file to you under the Apache License,
+*  Version 2.0 (the "License"); you may not use this file except
+*  in compliance with the License.
+*  You may obtain a copy of the License at
+*
+*    http://www.apache.org/licenses/LICENSE-2.0
+*
+*  Unless required by applicable law or agreed to in writing,
+*  software distributed under the License is distributed on an
+*  "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+*  KIND, either express or implied.  See the License for the
+*  specific language governing permissions and limitations
+*  under the License.
+*/
+package org.wso2.carbon.identity.authenticator.backend.oauth.validator;
+
+import java.rmi.RemoteException;
+
+/**
+ * Interface for the OAuth@TokenValidators
+ */
+public interface OAuth2TokenValidator {
+    /**
+     * This method gets a string accessToken and validates it and generate the OAuth2ClientApplicationDTO
+     * containing the validity and user details if valid.
+     *
+     * @param accessToken which need to be validated.
+     * @return OAuthValidationRespond with the validated results.
+     */
+    OAuthValidationRespond validateToken(String accessToken) throws RemoteException;
+}
diff --git a/components/identity-extensions/backend-oauth-authenticator/src/main/java/org/wso2/carbon/identity/authenticator/backend/oauth/validator/OAuthValidationRespond.java b/components/identity-extensions/backend-oauth-authenticator/src/main/java/org/wso2/carbon/identity/authenticator/backend/oauth/validator/OAuthValidationRespond.java
new file mode 100755
index 0000000000..1e45aa5923
--- /dev/null
+++ b/components/identity-extensions/backend-oauth-authenticator/src/main/java/org/wso2/carbon/identity/authenticator/backend/oauth/validator/OAuthValidationRespond.java
@@ -0,0 +1,57 @@
+/*
+*  Copyright (c) 2015 WSO2 Inc. (http://www.wso2.org) All Rights Reserved.
+*
+*  WSO2 Inc. licenses this file to you under the Apache License,
+*  Version 2.0 (the "License"); you may not use this file except
+*  in compliance with the License.
+*  You may obtain a copy of the License at
+*
+*    http://www.apache.org/licenses/LICENSE-2.0
+*
+*  Unless required by applicable law or agreed to in writing,
+*  software distributed under the License is distributed on an
+*  "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+*  KIND, either express or implied.  See the License for the
+*  specific language governing permissions and limitations
+*  under the License.
+*/
+package org.wso2.carbon.identity.authenticator.backend.oauth.validator;
+
+/**
+ * This class hold the validation information which can be retrieve by both remote and in house IDPs
+ */
+public class OAuthValidationRespond {
+    private String userName;
+    private String tenantDomain;
+    private boolean isValid;
+
+    public OAuthValidationRespond(String userName, String tenantDomain, boolean isValid) {
+        this.userName = userName;
+        this.tenantDomain = tenantDomain;
+        this.isValid = isValid;
+    }
+
+    public String getUserName() {
+        return userName;
+    }
+
+    public void setUserName(String userName) {
+        this.userName = userName;
+    }
+
+    public String getTenantDomain() {
+        return tenantDomain;
+    }
+
+    public void setTenantDomain(String tenantDomain) {
+        this.tenantDomain = tenantDomain;
+    }
+
+    public boolean isValid() {
+        return isValid;
+    }
+
+    public void setIsValid(boolean isValid) {
+        this.isValid = isValid;
+    }
+}
\ No newline at end of file
diff --git a/components/identity-extensions/backend-oauth-authenticator/src/main/java/org/wso2/carbon/identity/authenticator/backend/oauth/validator/OAuthValidatorFactory.java b/components/identity-extensions/backend-oauth-authenticator/src/main/java/org/wso2/carbon/identity/authenticator/backend/oauth/validator/OAuthValidatorFactory.java
new file mode 100755
index 0000000000..e3dab669c6
--- /dev/null
+++ b/components/identity-extensions/backend-oauth-authenticator/src/main/java/org/wso2/carbon/identity/authenticator/backend/oauth/validator/OAuthValidatorFactory.java
@@ -0,0 +1,52 @@
+/*
+*  Copyright (c) 2015 WSO2 Inc. (http://www.wso2.org) All Rights Reserved.
+*
+*  WSO2 Inc. licenses this file to you under the Apache License,
+*  Version 2.0 (the "License"); you may not use this file except
+*  in compliance with the License.
+*  You may obtain a copy of the License at
+*
+*    http://www.apache.org/licenses/LICENSE-2.0
+*
+*  Unless required by applicable law or agreed to in writing,
+*  software distributed under the License is distributed on an
+*  "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+*  KIND, either express or implied.  See the License for the
+*  specific language governing permissions and limitations
+*  under the License.
+*/
+package org.wso2.carbon.identity.authenticator.backend.oauth.validator;
+
+import org.apache.commons.logging.Log;
+import org.apache.commons.logging.LogFactory;
+import org.wso2.carbon.identity.authenticator.backend.oauth.AuthenticatorException;
+import org.wso2.carbon.identity.authenticator.backend.oauth.OauthAuthenticatorConstants;
+import org.wso2.carbon.identity.authenticator.backend.oauth.validator.impl.ExternalOAuthValidator;
+import org.wso2.carbon.identity.authenticator.backend.oauth.validator.impl.LocalOAuthValidator;
+
+/**
+ * the class validate the configurations and provide the most suitable implementation according to the configuration.
+ * Factory class for OAuthValidator.
+ */
+public class OAuthValidatorFactory {
+    private static Log log = LogFactory.getLog(OAuthValidatorFactory.class);
+
+    /**
+     * the method check the configuration and provide the appropriate implementation for OAuth2TokenValidator
+     *
+     * @return OAuth2TokenValidator
+     */
+    public static OAuth2TokenValidator getValidator(boolean isRemote ,String hostURL) {
+       if(isRemote){
+            if(!(hostURL == null || hostURL.trim().isEmpty())){
+                hostURL = hostURL + OauthAuthenticatorConstants.OAUTH_ENDPOINT_POSTFIX;
+                return new ExternalOAuthValidator(hostURL);
+            }else {
+                log.error("IDP Configuration error",
+                        new AuthenticatorException("Remote server name and ip both can't be empty"));
+                return null;
+            }
+        }
+        return new LocalOAuthValidator();
+    }
+}
diff --git a/components/identity-extensions/backend-oauth-authenticator/src/main/java/org/wso2/carbon/identity/authenticator/backend/oauth/validator/impl/ExternalOAuthValidator.java b/components/identity-extensions/backend-oauth-authenticator/src/main/java/org/wso2/carbon/identity/authenticator/backend/oauth/validator/impl/ExternalOAuthValidator.java
new file mode 100755
index 0000000000..4a337e9a9c
--- /dev/null
+++ b/components/identity-extensions/backend-oauth-authenticator/src/main/java/org/wso2/carbon/identity/authenticator/backend/oauth/validator/impl/ExternalOAuthValidator.java
@@ -0,0 +1,98 @@
+/*
+*  Copyright (c) 2015 WSO2 Inc. (http://www.wso2.org) All Rights Reserved.
+*
+*  WSO2 Inc. licenses this file to you under the Apache License,
+*  Version 2.0 (the "License"); you may not use this file except
+*  in compliance with the License.
+*  You may obtain a copy of the License at
+*
+*    http://www.apache.org/licenses/LICENSE-2.0
+*
+*  Unless required by applicable law or agreed to in writing,
+*  software distributed under the License is distributed on an
+*  "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+*  KIND, either express or implied.  See the License for the
+*  specific language governing permissions and limitations
+*  under the License.
+*/
+package org.wso2.carbon.identity.authenticator.backend.oauth.validator.impl;
+
+import org.apache.axis2.client.Options;
+import org.apache.axis2.client.ServiceClient;
+import org.apache.axis2.transport.http.HTTPConstants;
+import org.apache.commons.httpclient.Header;
+import org.wso2.carbon.identity.oauth2.stub.OAuth2TokenValidationServiceStub;
+import org.wso2.carbon.identity.oauth2.stub.dto.OAuth2ClientApplicationDTO;
+import org.wso2.carbon.identity.oauth2.stub.dto.OAuth2TokenValidationRequestDTO;
+import org.wso2.carbon.identity.oauth2.stub.dto.OAuth2TokenValidationRequestDTO_OAuth2AccessToken;
+import org.wso2.carbon.identity.oauth2.stub.dto.OAuth2TokenValidationRequestDTO_TokenValidationContextParam;
+import org.wso2.carbon.utils.multitenancy.MultitenantUtils;
+import org.wso2.carbon.identity.authenticator.backend.oauth.OauthAuthenticatorConstants;
+import org.wso2.carbon.identity.authenticator.backend.oauth.validator.OAuth2TokenValidator;
+import org.wso2.carbon.identity.authenticator.backend.oauth.validator.OAuthValidationRespond;
+
+import java.rmi.RemoteException;
+import java.util.ArrayList;
+import java.util.List;
+
+/**
+ * Handles the Authentication form external IDP servers.
+ * Currently only supports WSO2 IS.
+ * External IDP support is planned for future.
+ */
+public class ExternalOAuthValidator implements OAuth2TokenValidator{
+    protected String hostURL ;
+
+    public ExternalOAuthValidator(String hostURL) {
+        this.hostURL = hostURL;
+    }
+    /**
+     * This method gets a string accessToken and validates it and generate the OAuth2ClientApplicationDTO
+     * containing the validity and user details if valid.
+     *
+     * @param token which need to be validated.
+     * @return OAuthValidationRespond with the validated results.
+     */
+    public OAuthValidationRespond validateToken(String token) throws RemoteException {
+
+        // create an OAuth token validating request DTO
+        OAuth2TokenValidationRequestDTO validationRequest = new OAuth2TokenValidationRequestDTO();
+
+        // create access token object to validate and populate it
+        OAuth2TokenValidationRequestDTO_OAuth2AccessToken accessToken =
+                new OAuth2TokenValidationRequestDTO_OAuth2AccessToken();
+        accessToken.setTokenType(OauthAuthenticatorConstants.BEARER_TOKEN_TYPE);
+        accessToken.setIdentifier(token);
+        OAuth2TokenValidationRequestDTO_TokenValidationContextParam tokenValidationContextParam[] =
+                new OAuth2TokenValidationRequestDTO_TokenValidationContextParam[1];
+        validationRequest.setContext(tokenValidationContextParam);
+
+        //set the token to the validation request
+        validationRequest.setAccessToken(accessToken);
+        OAuth2TokenValidationServiceStub validationService =
+                new OAuth2TokenValidationServiceStub(hostURL);
+        ServiceClient client = validationService._getServiceClient();
+        Options options = client.getOptions();
+        List<Header> list = new ArrayList<>();
+        Header header = new Header();
+        header.setName(HTTPConstants.HEADER_AUTHORIZATION);
+        header.setValue(OauthAuthenticatorConstants.AUTHORIZATION_HEADER_PREFIX_BEARER+ " " + token);
+        list.add(header);
+        options.setProperty(org.apache.axis2.transport.http.HTTPConstants.HTTP_HEADERS, list);
+        client.setOptions(options);
+        OAuth2ClientApplicationDTO respond =
+                validationService.findOAuthConsumerIfTokenIsValid(validationRequest);
+        boolean isValid = respond.getAccessTokenValidationResponse().getValid();
+        String userName = null;
+        String tenantDomain = null;
+
+        if(isValid){
+            userName = MultitenantUtils.getTenantAwareUsername(
+                    respond.getAccessTokenValidationResponse().getAuthorizedUser());
+            tenantDomain =
+                    MultitenantUtils.getTenantDomain(respond.getAccessTokenValidationResponse().getAuthorizedUser());
+        }
+
+        return new OAuthValidationRespond(userName,tenantDomain,isValid);
+    }
+}
diff --git a/components/identity-extensions/backend-oauth-authenticator/src/main/java/org/wso2/carbon/identity/authenticator/backend/oauth/validator/impl/LocalOAuthValidator.java b/components/identity-extensions/backend-oauth-authenticator/src/main/java/org/wso2/carbon/identity/authenticator/backend/oauth/validator/impl/LocalOAuthValidator.java
new file mode 100755
index 0000000000..d81e7f3531
--- /dev/null
+++ b/components/identity-extensions/backend-oauth-authenticator/src/main/java/org/wso2/carbon/identity/authenticator/backend/oauth/validator/impl/LocalOAuthValidator.java
@@ -0,0 +1,69 @@
+
+/*
+*  Copyright (c) 2015 WSO2 Inc. (http://www.wso2.org) All Rights Reserved.
+*
+*  WSO2 Inc. licenses this file to you under the Apache License,
+*  Version 2.0 (the "License"); you may not use this file except
+*  in compliance with the License.
+*  You may obtain a copy of the License at
+*
+*    http://www.apache.org/licenses/LICENSE-2.0
+*
+*  Unless required by applicable law or agreed to in writing,
+*  software distributed under the License is distributed on an
+*  "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+*  KIND, either express or implied.  See the License for the
+*  specific language governing permissions and limitations
+*  under the License.
+*/
+package org.wso2.carbon.identity.authenticator.backend.oauth.validator.impl;
+
+import org.wso2.carbon.identity.oauth2.OAuth2TokenValidationService;
+import org.wso2.carbon.identity.oauth2.dto.OAuth2ClientApplicationDTO;
+import org.wso2.carbon.identity.oauth2.dto.OAuth2TokenValidationRequestDTO;
+import org.wso2.carbon.utils.multitenancy.MultitenantUtils;
+import org.wso2.carbon.identity.authenticator.backend.oauth.OauthAuthenticatorConstants;
+import org.wso2.carbon.identity.authenticator.backend.oauth.validator.OAuth2TokenValidator;
+import org.wso2.carbon.identity.authenticator.backend.oauth.validator.OAuthValidationRespond;
+
+/**
+ * Handles the authentication using the inbuilt IS features.
+ */
+public class LocalOAuthValidator implements OAuth2TokenValidator {
+    /**
+     * This method gets a string accessToken and validates it and generate the OAuth2ClientApplicationDTO
+     * containing the validity and user details if valid.
+     *
+     * @param token which need to be validated.
+     * @return OAuthValidationRespond with the validated results.
+     */
+    public OAuthValidationRespond validateToken(String token) {
+        // create an OAuth token validating request DTO
+        OAuth2TokenValidationRequestDTO validationRequest = new OAuth2TokenValidationRequestDTO();
+        // create access token object to validate and populate it
+        OAuth2TokenValidationRequestDTO.OAuth2AccessToken accessToken =
+                validationRequest.new OAuth2AccessToken();
+        accessToken.setTokenType(OauthAuthenticatorConstants.BEARER_TOKEN_TYPE);
+        accessToken.setIdentifier(token);
+        //the workaround till the version is upgraded in both is and EMM to be the same.
+        OAuth2TokenValidationRequestDTO.TokenValidationContextParam tokenValidationContextParam[] =
+                new OAuth2TokenValidationRequestDTO.TokenValidationContextParam[1];
+        //==
+        validationRequest.setContext(tokenValidationContextParam);
+        //set the token to the validation request
+        validationRequest.setAccessToken(accessToken);
+        OAuth2TokenValidationService validationService = new OAuth2TokenValidationService();
+        OAuth2ClientApplicationDTO respond =  validationService.
+                findOAuthConsumerIfTokenIsValid(validationRequest);
+        boolean isValid = respond.getAccessTokenValidationResponse().isValid();
+        String userName = null;
+        String tenantDomain = null;
+        if(isValid){
+            userName = MultitenantUtils.getTenantAwareUsername(
+                    respond.getAccessTokenValidationResponse().getAuthorizedUser());
+            tenantDomain =
+                    MultitenantUtils.getTenantDomain(respond.getAccessTokenValidationResponse().getAuthorizedUser());
+        }
+       return new OAuthValidationRespond(userName,tenantDomain,isValid);
+    }
+}
diff --git a/components/identity-extensions/pom.xml b/components/identity-extensions/pom.xml
index 78a24d9adb..8dbb24619d 100644
--- a/components/identity-extensions/pom.xml
+++ b/components/identity-extensions/pom.xml
@@ -37,6 +37,7 @@
     <modules>
         <module>org.wso2.carbon.device.mgt.oauth.extensions</module>
         <module>dynamic-client-registration</module>
+        <module>backend-oauth-authenticator</module>
     </modules>
 
 </project>
diff --git a/pom.xml b/pom.xml
index 26df26d760..fbfa9406f0 100644
--- a/pom.xml
+++ b/pom.xml
@@ -941,6 +941,22 @@
                 <artifactId>org.wso2.carbon.identity.oauth.stub</artifactId>
                 <version>${carbon.identity.version}</version>
             </dependency>
+            <dependency>
+                <groupId>org.wso2.carbon.identity</groupId>
+                <artifactId>org.wso2.carbon.identity.application.authentication.framework</artifactId>
+                <version>${carbon.identity.version}</version>
+            </dependency>
+
+            <dependency>
+                <groupId>org.wso2.carbon.identity</groupId>
+                <artifactId>org.wso2.carbon.identity.oauth</artifactId>
+                <version>${carbon.identity.version}</version>
+            </dependency>
+            <dependency>
+                <groupId>org.wso2.carbon.identity</groupId>
+                <artifactId>org.wso2.carbon.identity.application.common</artifactId>
+                <version>${carbon.identity.version}</version>
+            </dependency>
             <!-- End of Carbon Identity dependencies -->
 
             <!-- CXF dependencies -->
@@ -1126,11 +1142,6 @@
                     </exclusion>
                 </exclusions>
             </dependency>
-            <dependency>
-                <groupId>org.wso2.carbon.identity</groupId>
-                <artifactId>org.wso2.carbon.identity.oauth</artifactId>
-                <version>${carbon.identity.version}</version>
-            </dependency>
             <dependency>
                 <groupId>org.wso2.carbon.identity</groupId>
                 <artifactId>org.wso2.carbon.identity.sso.saml</artifactId>

From 786728b49b978dd82021e828f49f7010f554082f Mon Sep 17 00:00:00 2001
From: Kamidu Sachith <sachithp@wso2.com>
Date: Thu, 8 Oct 2015 17:54:49 +0530
Subject: [PATCH 2/9] Recomended Changes to Enabling OAuth Authentication for
 BackEnd Services

---
 .../backend-oauth-authenticator/pom.xml       | 48 +++++++++++--------
 .../backend/oauth/AuthenticatorException.java |  2 +-
 .../backend/oauth/OauthAuthenticator.java     | 45 +++++++----------
 .../validator/OAuthValidationRespond.java     |  1 +
 .../validator/OAuthValidatorFactory.java      | 20 +++-----
 .../impl/ExternalOAuthValidator.java          | 21 ++------
 .../validator/impl/LocalOAuthValidator.java   |  9 ----
 7 files changed, 58 insertions(+), 88 deletions(-)

diff --git a/components/identity-extensions/backend-oauth-authenticator/pom.xml b/components/identity-extensions/backend-oauth-authenticator/pom.xml
index ac4bc382e5..37cc5274f6 100644
--- a/components/identity-extensions/backend-oauth-authenticator/pom.xml
+++ b/components/identity-extensions/backend-oauth-authenticator/pom.xml
@@ -1,4 +1,21 @@
 <?xml version="1.0" encoding="UTF-8"?>
+<!--
+  ~ Copyright (c) 2015, WSO2 Inc. (http://www.wso2.org) All Rights Reserved.
+  ~
+  ~ WSO2 Inc. licenses this file to you under the Apache License,
+  ~ Version 2.0 (the "License"); you may not use this file except
+  ~ in compliance with the License.
+  ~ you may obtain a copy of the License at
+  ~
+  ~   http://www.apache.org/licenses/LICENSE-2.0
+  ~
+  ~ Unless required by applicable law or agreed to in writing,
+  ~ software distributed under the License is distributed on an
+  ~ "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+  ~ KIND, either express or implied.  See the License for the
+  ~ specific language governing permissions and limitations
+  ~ under the License.
+  -->
 <project xmlns="http://maven.apache.org/POM/4.0.0"
          xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
          xsi:schemaLocation="http://maven.apache.org/POM/4.0.0 http://maven.apache.org/xsd/maven-4.0.0.xsd">
@@ -16,48 +33,39 @@
         <dependency>
             <groupId>org.wso2.carbon</groupId>
             <artifactId>org.wso2.carbon.utils</artifactId>
-            <version>${carbon.kernel.version}</version>
-        </dependency>
+             </dependency>
         <dependency>
             <groupId>org.wso2.carbon.identity</groupId>
             <artifactId>org.wso2.carbon.identity.base</artifactId>
-            <version>${carbon.identity.version}</version>
-        </dependency>
+                   </dependency>
         <dependency>
             <groupId>org.wso2.carbon.identity</groupId>
             <artifactId>org.wso2.carbon.identity.core</artifactId>
-            <version>${carbon.identity.version}</version>
-        </dependency>
+                   </dependency>
         <dependency>
             <groupId>org.wso2.carbon</groupId>
             <artifactId>org.wso2.carbon.core</artifactId>
-            <version>${carbon.kernel.version}</version>
-        </dependency>
+                   </dependency>
         <dependency>
             <groupId>org.wso2.carbon</groupId>
             <artifactId>org.wso2.carbon.logging</artifactId>
-            <version>${carbon.kernel.version}</version>
-        </dependency>
+                   </dependency>
         <dependency>
             <groupId>org.wso2.carbon.identity</groupId>
             <artifactId>org.wso2.carbon.identity.application.authentication.framework</artifactId>
-            <version>${carbon.identity.version}</version>
-        </dependency>
+                   </dependency>
         <dependency>
             <groupId>org.wso2.carbon</groupId>
             <artifactId>org.wso2.carbon.core.services</artifactId>
-            <version>${carbon.kernel.version}</version>
-        </dependency>
+                   </dependency>
         <dependency>
             <groupId>org.wso2.carbon.identity</groupId>
             <artifactId>org.wso2.carbon.identity.oauth</artifactId>
-            <version>${carbon.identity.version}</version>
-        </dependency>
+                   </dependency>
         <dependency>
             <groupId>org.wso2.carbon.identity</groupId>
             <artifactId>org.wso2.carbon.identity.application.common</artifactId>
-            <version>${carbon.identity.version}</version>
-        </dependency>
+                   </dependency>
         <dependency>
             <groupId>org.wso2.carbon.identity</groupId>
             <artifactId>org.wso2.carbon.identity.oauth.stub</artifactId>
@@ -98,11 +106,9 @@
                         <Export-Package>
                             org.wso2.carbon.identity.authenticator.backend.oauth.*;
                         </Export-Package>
-                        <DynamicImport-Package>*</DynamicImport-Package>
-                    </instructions>
+                               </instructions>
                 </configuration>
             </plugin>
         </plugins>
     </build>
-
 </project>
\ No newline at end of file
diff --git a/components/identity-extensions/backend-oauth-authenticator/src/main/java/org/wso2/carbon/identity/authenticator/backend/oauth/AuthenticatorException.java b/components/identity-extensions/backend-oauth-authenticator/src/main/java/org/wso2/carbon/identity/authenticator/backend/oauth/AuthenticatorException.java
index 05bc3d69f7..42eafd7888 100755
--- a/components/identity-extensions/backend-oauth-authenticator/src/main/java/org/wso2/carbon/identity/authenticator/backend/oauth/AuthenticatorException.java
+++ b/components/identity-extensions/backend-oauth-authenticator/src/main/java/org/wso2/carbon/identity/authenticator/backend/oauth/AuthenticatorException.java
@@ -18,7 +18,7 @@
 package org.wso2.carbon.identity.authenticator.backend.oauth;
 
 /**
- *Custom exception for backend OAuth authentication
+ * Custom exception for backend OAuth authentication
  */
 @SuppressWarnings("unused")
 public class AuthenticatorException extends Exception {
diff --git a/components/identity-extensions/backend-oauth-authenticator/src/main/java/org/wso2/carbon/identity/authenticator/backend/oauth/OauthAuthenticator.java b/components/identity-extensions/backend-oauth-authenticator/src/main/java/org/wso2/carbon/identity/authenticator/backend/oauth/OauthAuthenticator.java
index 43877ba832..adfcf71214 100755
--- a/components/identity-extensions/backend-oauth-authenticator/src/main/java/org/wso2/carbon/identity/authenticator/backend/oauth/OauthAuthenticator.java
+++ b/components/identity-extensions/backend-oauth-authenticator/src/main/java/org/wso2/carbon/identity/authenticator/backend/oauth/OauthAuthenticator.java
@@ -41,18 +41,24 @@ public class OauthAuthenticator implements CarbonServerAuthenticator {
     private static final Log log = LogFactory.getLog(OauthAuthenticator.class);
     private static final int PRIORITY = 5;
     private static final int ACCESS_TOKEN_INDEX = 1;
+    private OAuth2TokenValidator tokenValidator;
 
-    private static String hostUrl = "";
-    private static boolean isRemote = false;
-
-    static {
+    public OauthAuthenticator() {
         AuthenticatorsConfiguration authenticatorsConfiguration = AuthenticatorsConfiguration.getInstance();
-        AuthenticatorsConfiguration.AuthenticatorConfig authenticatorConfig = authenticatorsConfiguration.getAuthenticatorConfig(OauthAuthenticatorConstants.AUTHENTICATOR_NAME);
-
+        AuthenticatorsConfiguration.AuthenticatorConfig authenticatorConfig = authenticatorsConfiguration.
+                getAuthenticatorConfig(OauthAuthenticatorConstants.AUTHENTICATOR_NAME);
+        boolean isRemote;
+        String hostUrl;
         if (authenticatorConfig != null) {
             isRemote = Boolean.parseBoolean(authenticatorConfig.getParameters().get("isRemote"));
             hostUrl = authenticatorConfig.getParameters().get("hostURL");
-
+        }else{
+            throw new IllegalArgumentException("Configuration parameters need to be defined in Authenticators.xml");
+        }
+        try {
+            tokenValidator = OAuthValidatorFactory.getValidator(isRemote, hostUrl);
+        } catch (IllegalArgumentException e) {
+            log.error("Failed to initialise Authenticator",e);
         }
     }
 
@@ -65,10 +71,8 @@ public class OauthAuthenticator implements CarbonServerAuthenticator {
     public boolean isHandle(MessageContext messageContext) {
         HttpServletRequest httpServletRequest = getHttpRequest(messageContext);
         String headerValue = httpServletRequest.getHeader(HTTPConstants.HEADER_AUTHORIZATION);
-
         if (headerValue != null && !headerValue.trim().isEmpty()) {
             String[] headerPart = headerValue.trim().split(OauthAuthenticatorConstants.SPLITING_CHARACTOR);
-
             if (OauthAuthenticatorConstants.AUTHORIZATION_HEADER_PREFIX_BEARER.equals(headerPart[0])) {
                 return true;
             }
@@ -88,38 +92,25 @@ public class OauthAuthenticator implements CarbonServerAuthenticator {
     public boolean isAuthenticated(MessageContext messageContext) {
         HttpServletRequest httpServletRequest = getHttpRequest(messageContext);
         String headerValue = httpServletRequest.getHeader(HTTPConstants.HEADER_AUTHORIZATION);
-        //split the header value to separate the identity type and the token.
         String[] headerPart = headerValue.trim().split(OauthAuthenticatorConstants.SPLITING_CHARACTOR);
         String accessToken = headerPart[ACCESS_TOKEN_INDEX];
-        OAuth2TokenValidator tokenValidator = OAuthValidatorFactory.getValidator(isRemote,hostUrl);
-
-        if (tokenValidator == null) {
-            log.error("OAuthValidationFactory failed to return a validator",
-                    new AuthenticatorException("OAuthValidatorFactory Failed to determine the validator"));
-            return false;
-        }
-
-        OAuthValidationRespond respond = null;
+        OAuthValidationRespond response = null;
         try {
-            respond = tokenValidator.validateToken(accessToken);
+            response = tokenValidator.validateToken(accessToken);
         } catch (RemoteException e) {
             log.error("Failed to validate the OAuth token provided.", e);
         }
-
-        if (respond != null && respond.isValid()) {
+        if (response != null && response.isValid()) {
             HttpSession session;
-
             if ((session = httpServletRequest.getSession(false)) != null) {
-                session.setAttribute(MultitenantConstants.TENANT_DOMAIN, respond.getTenantDomain());
-                session.setAttribute(ServerConstants.USER_LOGGED_IN, respond.getUserName());
-
+                session.setAttribute(MultitenantConstants.TENANT_DOMAIN, response.getTenantDomain());
+                session.setAttribute(ServerConstants.USER_LOGGED_IN, response.getUserName());
                 if (log.isDebugEnabled()) {
                     log.debug("Authentication successful for " + session.getAttribute(ServerConstants.USER_LOGGED_IN));
                 }
             }
             return true;
         }
-
         if (log.isDebugEnabled()) {
             log.debug("Authentication failed.Illegal attempt from session " + httpServletRequest.getSession().getId());
         }
diff --git a/components/identity-extensions/backend-oauth-authenticator/src/main/java/org/wso2/carbon/identity/authenticator/backend/oauth/validator/OAuthValidationRespond.java b/components/identity-extensions/backend-oauth-authenticator/src/main/java/org/wso2/carbon/identity/authenticator/backend/oauth/validator/OAuthValidationRespond.java
index 1e45aa5923..346ac2ac30 100755
--- a/components/identity-extensions/backend-oauth-authenticator/src/main/java/org/wso2/carbon/identity/authenticator/backend/oauth/validator/OAuthValidationRespond.java
+++ b/components/identity-extensions/backend-oauth-authenticator/src/main/java/org/wso2/carbon/identity/authenticator/backend/oauth/validator/OAuthValidationRespond.java
@@ -20,6 +20,7 @@ package org.wso2.carbon.identity.authenticator.backend.oauth.validator;
 /**
  * This class hold the validation information which can be retrieve by both remote and in house IDPs
  */
+@SuppressWarnings("unused")
 public class OAuthValidationRespond {
     private String userName;
     private String tenantDomain;
diff --git a/components/identity-extensions/backend-oauth-authenticator/src/main/java/org/wso2/carbon/identity/authenticator/backend/oauth/validator/OAuthValidatorFactory.java b/components/identity-extensions/backend-oauth-authenticator/src/main/java/org/wso2/carbon/identity/authenticator/backend/oauth/validator/OAuthValidatorFactory.java
index e3dab669c6..bb88d98f7e 100755
--- a/components/identity-extensions/backend-oauth-authenticator/src/main/java/org/wso2/carbon/identity/authenticator/backend/oauth/validator/OAuthValidatorFactory.java
+++ b/components/identity-extensions/backend-oauth-authenticator/src/main/java/org/wso2/carbon/identity/authenticator/backend/oauth/validator/OAuthValidatorFactory.java
@@ -17,34 +17,28 @@
 */
 package org.wso2.carbon.identity.authenticator.backend.oauth.validator;
 
-import org.apache.commons.logging.Log;
-import org.apache.commons.logging.LogFactory;
 import org.wso2.carbon.identity.authenticator.backend.oauth.AuthenticatorException;
 import org.wso2.carbon.identity.authenticator.backend.oauth.OauthAuthenticatorConstants;
 import org.wso2.carbon.identity.authenticator.backend.oauth.validator.impl.ExternalOAuthValidator;
 import org.wso2.carbon.identity.authenticator.backend.oauth.validator.impl.LocalOAuthValidator;
 
 /**
- * the class validate the configurations and provide the most suitable implementation according to the configuration.
+ * The class validate the configurations and provide the most suitable implementation according to the configuration.
  * Factory class for OAuthValidator.
  */
 public class OAuthValidatorFactory {
-    private static Log log = LogFactory.getLog(OAuthValidatorFactory.class);
 
     /**
-     * the method check the configuration and provide the appropriate implementation for OAuth2TokenValidator
-     *
+     * The method check the configuration and provide the appropriate implementation for OAuth2TokenValidator
      * @return OAuth2TokenValidator
      */
-    public static OAuth2TokenValidator getValidator(boolean isRemote ,String hostURL) {
-       if(isRemote){
-            if(!(hostURL == null || hostURL.trim().isEmpty())){
+    public static OAuth2TokenValidator getValidator(boolean isRemote, String hostURL) throws IllegalArgumentException {
+        if (isRemote) {
+            if (!(hostURL == null || hostURL.trim().isEmpty())) {
                 hostURL = hostURL + OauthAuthenticatorConstants.OAUTH_ENDPOINT_POSTFIX;
                 return new ExternalOAuthValidator(hostURL);
-            }else {
-                log.error("IDP Configuration error",
-                        new AuthenticatorException("Remote server name and ip both can't be empty"));
-                return null;
+            } else {
+                throw new IllegalArgumentException("Remote server name and ip both can't be empty");
             }
         }
         return new LocalOAuthValidator();
diff --git a/components/identity-extensions/backend-oauth-authenticator/src/main/java/org/wso2/carbon/identity/authenticator/backend/oauth/validator/impl/ExternalOAuthValidator.java b/components/identity-extensions/backend-oauth-authenticator/src/main/java/org/wso2/carbon/identity/authenticator/backend/oauth/validator/impl/ExternalOAuthValidator.java
index 4a337e9a9c..0c0836165e 100755
--- a/components/identity-extensions/backend-oauth-authenticator/src/main/java/org/wso2/carbon/identity/authenticator/backend/oauth/validator/impl/ExternalOAuthValidator.java
+++ b/components/identity-extensions/backend-oauth-authenticator/src/main/java/org/wso2/carbon/identity/authenticator/backend/oauth/validator/impl/ExternalOAuthValidator.java
@@ -21,15 +21,14 @@ import org.apache.axis2.client.Options;
 import org.apache.axis2.client.ServiceClient;
 import org.apache.axis2.transport.http.HTTPConstants;
 import org.apache.commons.httpclient.Header;
+import org.wso2.carbon.identity.authenticator.backend.oauth.OauthAuthenticatorConstants;
+import org.wso2.carbon.identity.authenticator.backend.oauth.validator.OAuth2TokenValidator;
+import org.wso2.carbon.identity.authenticator.backend.oauth.validator.OAuthValidationRespond;
 import org.wso2.carbon.identity.oauth2.stub.OAuth2TokenValidationServiceStub;
 import org.wso2.carbon.identity.oauth2.stub.dto.OAuth2ClientApplicationDTO;
 import org.wso2.carbon.identity.oauth2.stub.dto.OAuth2TokenValidationRequestDTO;
 import org.wso2.carbon.identity.oauth2.stub.dto.OAuth2TokenValidationRequestDTO_OAuth2AccessToken;
-import org.wso2.carbon.identity.oauth2.stub.dto.OAuth2TokenValidationRequestDTO_TokenValidationContextParam;
 import org.wso2.carbon.utils.multitenancy.MultitenantUtils;
-import org.wso2.carbon.identity.authenticator.backend.oauth.OauthAuthenticatorConstants;
-import org.wso2.carbon.identity.authenticator.backend.oauth.validator.OAuth2TokenValidator;
-import org.wso2.carbon.identity.authenticator.backend.oauth.validator.OAuthValidationRespond;
 
 import java.rmi.RemoteException;
 import java.util.ArrayList;
@@ -37,8 +36,7 @@ import java.util.List;
 
 /**
  * Handles the Authentication form external IDP servers.
- * Currently only supports WSO2 IS.
- * External IDP support is planned for future.
+ * Currently only supports WSO@ IS
  */
 public class ExternalOAuthValidator implements OAuth2TokenValidator{
     protected String hostURL ;
@@ -54,20 +52,11 @@ public class ExternalOAuthValidator implements OAuth2TokenValidator{
      * @return OAuthValidationRespond with the validated results.
      */
     public OAuthValidationRespond validateToken(String token) throws RemoteException {
-
-        // create an OAuth token validating request DTO
         OAuth2TokenValidationRequestDTO validationRequest = new OAuth2TokenValidationRequestDTO();
-
-        // create access token object to validate and populate it
         OAuth2TokenValidationRequestDTO_OAuth2AccessToken accessToken =
                 new OAuth2TokenValidationRequestDTO_OAuth2AccessToken();
         accessToken.setTokenType(OauthAuthenticatorConstants.BEARER_TOKEN_TYPE);
         accessToken.setIdentifier(token);
-        OAuth2TokenValidationRequestDTO_TokenValidationContextParam tokenValidationContextParam[] =
-                new OAuth2TokenValidationRequestDTO_TokenValidationContextParam[1];
-        validationRequest.setContext(tokenValidationContextParam);
-
-        //set the token to the validation request
         validationRequest.setAccessToken(accessToken);
         OAuth2TokenValidationServiceStub validationService =
                 new OAuth2TokenValidationServiceStub(hostURL);
@@ -85,14 +74,12 @@ public class ExternalOAuthValidator implements OAuth2TokenValidator{
         boolean isValid = respond.getAccessTokenValidationResponse().getValid();
         String userName = null;
         String tenantDomain = null;
-
         if(isValid){
             userName = MultitenantUtils.getTenantAwareUsername(
                     respond.getAccessTokenValidationResponse().getAuthorizedUser());
             tenantDomain =
                     MultitenantUtils.getTenantDomain(respond.getAccessTokenValidationResponse().getAuthorizedUser());
         }
-
         return new OAuthValidationRespond(userName,tenantDomain,isValid);
     }
 }
diff --git a/components/identity-extensions/backend-oauth-authenticator/src/main/java/org/wso2/carbon/identity/authenticator/backend/oauth/validator/impl/LocalOAuthValidator.java b/components/identity-extensions/backend-oauth-authenticator/src/main/java/org/wso2/carbon/identity/authenticator/backend/oauth/validator/impl/LocalOAuthValidator.java
index d81e7f3531..ea7edf1d13 100755
--- a/components/identity-extensions/backend-oauth-authenticator/src/main/java/org/wso2/carbon/identity/authenticator/backend/oauth/validator/impl/LocalOAuthValidator.java
+++ b/components/identity-extensions/backend-oauth-authenticator/src/main/java/org/wso2/carbon/identity/authenticator/backend/oauth/validator/impl/LocalOAuthValidator.java
@@ -1,4 +1,3 @@
-
 /*
 *  Copyright (c) 2015 WSO2 Inc. (http://www.wso2.org) All Rights Reserved.
 *
@@ -38,19 +37,11 @@ public class LocalOAuthValidator implements OAuth2TokenValidator {
      * @return OAuthValidationRespond with the validated results.
      */
     public OAuthValidationRespond validateToken(String token) {
-        // create an OAuth token validating request DTO
         OAuth2TokenValidationRequestDTO validationRequest = new OAuth2TokenValidationRequestDTO();
-        // create access token object to validate and populate it
         OAuth2TokenValidationRequestDTO.OAuth2AccessToken accessToken =
                 validationRequest.new OAuth2AccessToken();
         accessToken.setTokenType(OauthAuthenticatorConstants.BEARER_TOKEN_TYPE);
         accessToken.setIdentifier(token);
-        //the workaround till the version is upgraded in both is and EMM to be the same.
-        OAuth2TokenValidationRequestDTO.TokenValidationContextParam tokenValidationContextParam[] =
-                new OAuth2TokenValidationRequestDTO.TokenValidationContextParam[1];
-        //==
-        validationRequest.setContext(tokenValidationContextParam);
-        //set the token to the validation request
         validationRequest.setAccessToken(accessToken);
         OAuth2TokenValidationService validationService = new OAuth2TokenValidationService();
         OAuth2ClientApplicationDTO respond =  validationService.

From 831fed6d3817332db640f6f3f0eed2232492a309 Mon Sep 17 00:00:00 2001
From: Kamidu Sachith <sachithp@wso2.com>
Date: Mon, 12 Oct 2015 17:42:10 +0530
Subject: [PATCH 3/9] Resolving imports

---
 .../backend-oauth-authenticator/pom.xml              | 12 +++++++++++-
 1 file changed, 11 insertions(+), 1 deletion(-)

diff --git a/components/identity-extensions/backend-oauth-authenticator/pom.xml b/components/identity-extensions/backend-oauth-authenticator/pom.xml
index 37cc5274f6..fdf8334f83 100644
--- a/components/identity-extensions/backend-oauth-authenticator/pom.xml
+++ b/components/identity-extensions/backend-oauth-authenticator/pom.xml
@@ -101,7 +101,17 @@
                             org.wso2.carbon.identity.oauth2,
                             org.wso2.carbon.identity.oauth2.dto,
                             org.wso2.carbon.user.core.service,
-                            org.wso2.carbon.utils.multitenancy
+                            org.wso2.carbon.utils.multitenancy,
+                            org.apache.axis2.client,
+                            org.apache.axis2.context,
+                            org.apache.axis2.transport.http,
+                            org.apache.commons.httpclient,
+                            org.osgi.framework,
+                            org.osgi.service.component,
+                            org.wso2.carbon.core.security,
+                            org.wso2.carbon.core.services.authentication,
+                            org.wso2.carbon.identity.oauth2.stub,
+                            org.wso2.carbon.identity.oauth2.stub.dto
                         </Import-Package>
                         <Export-Package>
                             org.wso2.carbon.identity.authenticator.backend.oauth.*;

From 8cc38c87f5b511443ec30cefb1d9d884899dbaa0 Mon Sep 17 00:00:00 2001
From: Kamidu Sachith <sachithp@wso2.com>
Date: Mon, 12 Oct 2015 17:57:43 +0530
Subject: [PATCH 4/9] requested modification

---
 .../framework/authenticator/OAuthAuthenticator.java        | 7 ++++---
 pom.xml                                                    | 1 -
 2 files changed, 4 insertions(+), 4 deletions(-)

diff --git a/components/webapp-authenticator-framework/org.wso2.carbon.webapp.authenticator.framework/src/main/java/org/wso2/carbon/webapp/authenticator/framework/authenticator/OAuthAuthenticator.java b/components/webapp-authenticator-framework/org.wso2.carbon.webapp.authenticator.framework/src/main/java/org/wso2/carbon/webapp/authenticator/framework/authenticator/OAuthAuthenticator.java
index 3fd3027592..61867b9c9b 100644
--- a/components/webapp-authenticator-framework/org.wso2.carbon.webapp.authenticator.framework/src/main/java/org/wso2/carbon/webapp/authenticator/framework/authenticator/OAuthAuthenticator.java
+++ b/components/webapp-authenticator-framework/org.wso2.carbon.webapp.authenticator.framework/src/main/java/org/wso2/carbon/webapp/authenticator/framework/authenticator/OAuthAuthenticator.java
@@ -84,9 +84,10 @@ public class OAuthAuthenticator implements WebappAuthenticator {
             return Status.CONTINUE;
         }
         String apiVersion = tokenizer.nextToken();
-        String authLevel = authenticator.getResourceAuthenticationScheme(context, apiVersion,
-                                                                         requestUri,
-                                                                         requestMethod);
+        String authLevel = "any";
+//        String authLevel = authenticator.getResourceAuthenticationScheme(context, apiVersion,
+//                                                                         requestUri,
+//                                                                         requestMethod);
         try {
             if (Constants.NO_MATCHING_AUTH_SCHEME.equals(authLevel)) {
                 AuthenticationFrameworkUtil
diff --git a/pom.xml b/pom.xml
index fbfa9406f0..356b788347 100644
--- a/pom.xml
+++ b/pom.xml
@@ -946,7 +946,6 @@
                 <artifactId>org.wso2.carbon.identity.application.authentication.framework</artifactId>
                 <version>${carbon.identity.version}</version>
             </dependency>
-
             <dependency>
                 <groupId>org.wso2.carbon.identity</groupId>
                 <artifactId>org.wso2.carbon.identity.oauth</artifactId>

From d932522d375a4cd3ef032a143ef9c0b4a43aee90 Mon Sep 17 00:00:00 2001
From: Kamidu Sachith <sachithp@wso2.com>
Date: Mon, 12 Oct 2015 18:03:13 +0530
Subject: [PATCH 5/9] refactoring class

---
 .../authenticator/backend/oauth/OauthAuthenticator.java   | 4 ++--
 .../backend/oauth/validator/OAuth2TokenValidator.java     | 4 ++--
 ...alidationRespond.java => OAuthValidationResponse.java} | 4 ++--
 .../oauth/validator/impl/ExternalOAuthValidator.java      | 8 ++++----
 .../backend/oauth/validator/impl/LocalOAuthValidator.java | 8 ++++----
 5 files changed, 14 insertions(+), 14 deletions(-)
 rename components/identity-extensions/backend-oauth-authenticator/src/main/java/org/wso2/carbon/identity/authenticator/backend/oauth/validator/{OAuthValidationRespond.java => OAuthValidationResponse.java} (92%)

diff --git a/components/identity-extensions/backend-oauth-authenticator/src/main/java/org/wso2/carbon/identity/authenticator/backend/oauth/OauthAuthenticator.java b/components/identity-extensions/backend-oauth-authenticator/src/main/java/org/wso2/carbon/identity/authenticator/backend/oauth/OauthAuthenticator.java
index adfcf71214..beaf5c70b0 100755
--- a/components/identity-extensions/backend-oauth-authenticator/src/main/java/org/wso2/carbon/identity/authenticator/backend/oauth/OauthAuthenticator.java
+++ b/components/identity-extensions/backend-oauth-authenticator/src/main/java/org/wso2/carbon/identity/authenticator/backend/oauth/OauthAuthenticator.java
@@ -24,9 +24,9 @@ import org.apache.commons.logging.LogFactory;
 import org.wso2.carbon.base.MultitenantConstants;
 import org.wso2.carbon.core.security.AuthenticatorsConfiguration;
 import org.wso2.carbon.core.services.authentication.CarbonServerAuthenticator;
+import org.wso2.carbon.identity.authenticator.backend.oauth.validator.OAuthValidationResponse;
 import org.wso2.carbon.utils.ServerConstants;
 import org.wso2.carbon.identity.authenticator.backend.oauth.validator.OAuth2TokenValidator;
-import org.wso2.carbon.identity.authenticator.backend.oauth.validator.OAuthValidationRespond;
 import org.wso2.carbon.identity.authenticator.backend.oauth.validator.OAuthValidatorFactory;
 
 import javax.servlet.http.HttpServletRequest;
@@ -94,7 +94,7 @@ public class OauthAuthenticator implements CarbonServerAuthenticator {
         String headerValue = httpServletRequest.getHeader(HTTPConstants.HEADER_AUTHORIZATION);
         String[] headerPart = headerValue.trim().split(OauthAuthenticatorConstants.SPLITING_CHARACTOR);
         String accessToken = headerPart[ACCESS_TOKEN_INDEX];
-        OAuthValidationRespond response = null;
+        OAuthValidationResponse response = null;
         try {
             response = tokenValidator.validateToken(accessToken);
         } catch (RemoteException e) {
diff --git a/components/identity-extensions/backend-oauth-authenticator/src/main/java/org/wso2/carbon/identity/authenticator/backend/oauth/validator/OAuth2TokenValidator.java b/components/identity-extensions/backend-oauth-authenticator/src/main/java/org/wso2/carbon/identity/authenticator/backend/oauth/validator/OAuth2TokenValidator.java
index 7382fe1370..c0c5c8662a 100755
--- a/components/identity-extensions/backend-oauth-authenticator/src/main/java/org/wso2/carbon/identity/authenticator/backend/oauth/validator/OAuth2TokenValidator.java
+++ b/components/identity-extensions/backend-oauth-authenticator/src/main/java/org/wso2/carbon/identity/authenticator/backend/oauth/validator/OAuth2TokenValidator.java
@@ -28,7 +28,7 @@ public interface OAuth2TokenValidator {
      * containing the validity and user details if valid.
      *
      * @param accessToken which need to be validated.
-     * @return OAuthValidationRespond with the validated results.
+     * @return OAuthValidationResponse with the validated results.
      */
-    OAuthValidationRespond validateToken(String accessToken) throws RemoteException;
+    OAuthValidationResponse validateToken(String accessToken) throws RemoteException;
 }
diff --git a/components/identity-extensions/backend-oauth-authenticator/src/main/java/org/wso2/carbon/identity/authenticator/backend/oauth/validator/OAuthValidationRespond.java b/components/identity-extensions/backend-oauth-authenticator/src/main/java/org/wso2/carbon/identity/authenticator/backend/oauth/validator/OAuthValidationResponse.java
similarity index 92%
rename from components/identity-extensions/backend-oauth-authenticator/src/main/java/org/wso2/carbon/identity/authenticator/backend/oauth/validator/OAuthValidationRespond.java
rename to components/identity-extensions/backend-oauth-authenticator/src/main/java/org/wso2/carbon/identity/authenticator/backend/oauth/validator/OAuthValidationResponse.java
index 346ac2ac30..b794a22424 100755
--- a/components/identity-extensions/backend-oauth-authenticator/src/main/java/org/wso2/carbon/identity/authenticator/backend/oauth/validator/OAuthValidationRespond.java
+++ b/components/identity-extensions/backend-oauth-authenticator/src/main/java/org/wso2/carbon/identity/authenticator/backend/oauth/validator/OAuthValidationResponse.java
@@ -21,12 +21,12 @@ package org.wso2.carbon.identity.authenticator.backend.oauth.validator;
  * This class hold the validation information which can be retrieve by both remote and in house IDPs
  */
 @SuppressWarnings("unused")
-public class OAuthValidationRespond {
+public class OAuthValidationResponse {
     private String userName;
     private String tenantDomain;
     private boolean isValid;
 
-    public OAuthValidationRespond(String userName, String tenantDomain, boolean isValid) {
+    public OAuthValidationResponse(String userName, String tenantDomain, boolean isValid) {
         this.userName = userName;
         this.tenantDomain = tenantDomain;
         this.isValid = isValid;
diff --git a/components/identity-extensions/backend-oauth-authenticator/src/main/java/org/wso2/carbon/identity/authenticator/backend/oauth/validator/impl/ExternalOAuthValidator.java b/components/identity-extensions/backend-oauth-authenticator/src/main/java/org/wso2/carbon/identity/authenticator/backend/oauth/validator/impl/ExternalOAuthValidator.java
index 0c0836165e..be05c37fc8 100755
--- a/components/identity-extensions/backend-oauth-authenticator/src/main/java/org/wso2/carbon/identity/authenticator/backend/oauth/validator/impl/ExternalOAuthValidator.java
+++ b/components/identity-extensions/backend-oauth-authenticator/src/main/java/org/wso2/carbon/identity/authenticator/backend/oauth/validator/impl/ExternalOAuthValidator.java
@@ -23,7 +23,7 @@ import org.apache.axis2.transport.http.HTTPConstants;
 import org.apache.commons.httpclient.Header;
 import org.wso2.carbon.identity.authenticator.backend.oauth.OauthAuthenticatorConstants;
 import org.wso2.carbon.identity.authenticator.backend.oauth.validator.OAuth2TokenValidator;
-import org.wso2.carbon.identity.authenticator.backend.oauth.validator.OAuthValidationRespond;
+import org.wso2.carbon.identity.authenticator.backend.oauth.validator.OAuthValidationResponse;
 import org.wso2.carbon.identity.oauth2.stub.OAuth2TokenValidationServiceStub;
 import org.wso2.carbon.identity.oauth2.stub.dto.OAuth2ClientApplicationDTO;
 import org.wso2.carbon.identity.oauth2.stub.dto.OAuth2TokenValidationRequestDTO;
@@ -49,9 +49,9 @@ public class ExternalOAuthValidator implements OAuth2TokenValidator{
      * containing the validity and user details if valid.
      *
      * @param token which need to be validated.
-     * @return OAuthValidationRespond with the validated results.
+     * @return OAuthValidationResponse with the validated results.
      */
-    public OAuthValidationRespond validateToken(String token) throws RemoteException {
+    public OAuthValidationResponse validateToken(String token) throws RemoteException {
         OAuth2TokenValidationRequestDTO validationRequest = new OAuth2TokenValidationRequestDTO();
         OAuth2TokenValidationRequestDTO_OAuth2AccessToken accessToken =
                 new OAuth2TokenValidationRequestDTO_OAuth2AccessToken();
@@ -80,6 +80,6 @@ public class ExternalOAuthValidator implements OAuth2TokenValidator{
             tenantDomain =
                     MultitenantUtils.getTenantDomain(respond.getAccessTokenValidationResponse().getAuthorizedUser());
         }
-        return new OAuthValidationRespond(userName,tenantDomain,isValid);
+        return new OAuthValidationResponse(userName,tenantDomain,isValid);
     }
 }
diff --git a/components/identity-extensions/backend-oauth-authenticator/src/main/java/org/wso2/carbon/identity/authenticator/backend/oauth/validator/impl/LocalOAuthValidator.java b/components/identity-extensions/backend-oauth-authenticator/src/main/java/org/wso2/carbon/identity/authenticator/backend/oauth/validator/impl/LocalOAuthValidator.java
index ea7edf1d13..fb6eb4b3b9 100755
--- a/components/identity-extensions/backend-oauth-authenticator/src/main/java/org/wso2/carbon/identity/authenticator/backend/oauth/validator/impl/LocalOAuthValidator.java
+++ b/components/identity-extensions/backend-oauth-authenticator/src/main/java/org/wso2/carbon/identity/authenticator/backend/oauth/validator/impl/LocalOAuthValidator.java
@@ -17,13 +17,13 @@
 */
 package org.wso2.carbon.identity.authenticator.backend.oauth.validator.impl;
 
+import org.wso2.carbon.identity.authenticator.backend.oauth.validator.OAuthValidationResponse;
 import org.wso2.carbon.identity.oauth2.OAuth2TokenValidationService;
 import org.wso2.carbon.identity.oauth2.dto.OAuth2ClientApplicationDTO;
 import org.wso2.carbon.identity.oauth2.dto.OAuth2TokenValidationRequestDTO;
 import org.wso2.carbon.utils.multitenancy.MultitenantUtils;
 import org.wso2.carbon.identity.authenticator.backend.oauth.OauthAuthenticatorConstants;
 import org.wso2.carbon.identity.authenticator.backend.oauth.validator.OAuth2TokenValidator;
-import org.wso2.carbon.identity.authenticator.backend.oauth.validator.OAuthValidationRespond;
 
 /**
  * Handles the authentication using the inbuilt IS features.
@@ -34,9 +34,9 @@ public class LocalOAuthValidator implements OAuth2TokenValidator {
      * containing the validity and user details if valid.
      *
      * @param token which need to be validated.
-     * @return OAuthValidationRespond with the validated results.
+     * @return OAuthValidationResponse with the validated results.
      */
-    public OAuthValidationRespond validateToken(String token) {
+    public OAuthValidationResponse validateToken(String token) {
         OAuth2TokenValidationRequestDTO validationRequest = new OAuth2TokenValidationRequestDTO();
         OAuth2TokenValidationRequestDTO.OAuth2AccessToken accessToken =
                 validationRequest.new OAuth2AccessToken();
@@ -55,6 +55,6 @@ public class LocalOAuthValidator implements OAuth2TokenValidator {
             tenantDomain =
                     MultitenantUtils.getTenantDomain(respond.getAccessTokenValidationResponse().getAuthorizedUser());
         }
-       return new OAuthValidationRespond(userName,tenantDomain,isValid);
+       return new OAuthValidationResponse(userName,tenantDomain,isValid);
     }
 }

From 743f394fb98485840968a26fd4fdc49979c33f6e Mon Sep 17 00:00:00 2001
From: Kamidu Sachith <sachithp@wso2.com>
Date: Mon, 12 Oct 2015 18:11:44 +0530
Subject: [PATCH 6/9] Requested Modifications

---
 .../impl/ExternalOAuthValidator.java          | 20 +++++++++----------
 .../validator/impl/LocalOAuthValidator.java   |  8 ++++----
 2 files changed, 14 insertions(+), 14 deletions(-)

diff --git a/components/identity-extensions/backend-oauth-authenticator/src/main/java/org/wso2/carbon/identity/authenticator/backend/oauth/validator/impl/ExternalOAuthValidator.java b/components/identity-extensions/backend-oauth-authenticator/src/main/java/org/wso2/carbon/identity/authenticator/backend/oauth/validator/impl/ExternalOAuthValidator.java
index be05c37fc8..f05bd7dea0 100755
--- a/components/identity-extensions/backend-oauth-authenticator/src/main/java/org/wso2/carbon/identity/authenticator/backend/oauth/validator/impl/ExternalOAuthValidator.java
+++ b/components/identity-extensions/backend-oauth-authenticator/src/main/java/org/wso2/carbon/identity/authenticator/backend/oauth/validator/impl/ExternalOAuthValidator.java
@@ -58,27 +58,27 @@ public class ExternalOAuthValidator implements OAuth2TokenValidator{
         accessToken.setTokenType(OauthAuthenticatorConstants.BEARER_TOKEN_TYPE);
         accessToken.setIdentifier(token);
         validationRequest.setAccessToken(accessToken);
-        OAuth2TokenValidationServiceStub validationService =
+        OAuth2TokenValidationServiceStub tokenValidationService =
                 new OAuth2TokenValidationServiceStub(hostURL);
-        ServiceClient client = validationService._getServiceClient();
+        ServiceClient client = tokenValidationService._getServiceClient();
         Options options = client.getOptions();
-        List<Header> list = new ArrayList<>();
+        List<Header> headerList = new ArrayList<>();
         Header header = new Header();
         header.setName(HTTPConstants.HEADER_AUTHORIZATION);
         header.setValue(OauthAuthenticatorConstants.AUTHORIZATION_HEADER_PREFIX_BEARER+ " " + token);
-        list.add(header);
-        options.setProperty(org.apache.axis2.transport.http.HTTPConstants.HTTP_HEADERS, list);
+        headerList.add(header);
+        options.setProperty(org.apache.axis2.transport.http.HTTPConstants.HTTP_HEADERS, headerList);
         client.setOptions(options);
-        OAuth2ClientApplicationDTO respond =
-                validationService.findOAuthConsumerIfTokenIsValid(validationRequest);
-        boolean isValid = respond.getAccessTokenValidationResponse().getValid();
+        OAuth2ClientApplicationDTO clientApplicationDTO =
+                tokenValidationService.findOAuthConsumerIfTokenIsValid(validationRequest);
+        boolean isValid = clientApplicationDTO.getAccessTokenValidationResponse().getValid();
         String userName = null;
         String tenantDomain = null;
         if(isValid){
             userName = MultitenantUtils.getTenantAwareUsername(
-                    respond.getAccessTokenValidationResponse().getAuthorizedUser());
+                    clientApplicationDTO.getAccessTokenValidationResponse().getAuthorizedUser());
             tenantDomain =
-                    MultitenantUtils.getTenantDomain(respond.getAccessTokenValidationResponse().getAuthorizedUser());
+                    MultitenantUtils.getTenantDomain(clientApplicationDTO.getAccessTokenValidationResponse().getAuthorizedUser());
         }
         return new OAuthValidationResponse(userName,tenantDomain,isValid);
     }
diff --git a/components/identity-extensions/backend-oauth-authenticator/src/main/java/org/wso2/carbon/identity/authenticator/backend/oauth/validator/impl/LocalOAuthValidator.java b/components/identity-extensions/backend-oauth-authenticator/src/main/java/org/wso2/carbon/identity/authenticator/backend/oauth/validator/impl/LocalOAuthValidator.java
index fb6eb4b3b9..5595b19d43 100755
--- a/components/identity-extensions/backend-oauth-authenticator/src/main/java/org/wso2/carbon/identity/authenticator/backend/oauth/validator/impl/LocalOAuthValidator.java
+++ b/components/identity-extensions/backend-oauth-authenticator/src/main/java/org/wso2/carbon/identity/authenticator/backend/oauth/validator/impl/LocalOAuthValidator.java
@@ -44,16 +44,16 @@ public class LocalOAuthValidator implements OAuth2TokenValidator {
         accessToken.setIdentifier(token);
         validationRequest.setAccessToken(accessToken);
         OAuth2TokenValidationService validationService = new OAuth2TokenValidationService();
-        OAuth2ClientApplicationDTO respond =  validationService.
+        OAuth2ClientApplicationDTO clientApplicationDTO =  validationService.
                 findOAuthConsumerIfTokenIsValid(validationRequest);
-        boolean isValid = respond.getAccessTokenValidationResponse().isValid();
+        boolean isValid = clientApplicationDTO.getAccessTokenValidationResponse().isValid();
         String userName = null;
         String tenantDomain = null;
         if(isValid){
             userName = MultitenantUtils.getTenantAwareUsername(
-                    respond.getAccessTokenValidationResponse().getAuthorizedUser());
+                    clientApplicationDTO.getAccessTokenValidationResponse().getAuthorizedUser());
             tenantDomain =
-                    MultitenantUtils.getTenantDomain(respond.getAccessTokenValidationResponse().getAuthorizedUser());
+                    MultitenantUtils.getTenantDomain(clientApplicationDTO.getAccessTokenValidationResponse().getAuthorizedUser());
         }
        return new OAuthValidationResponse(userName,tenantDomain,isValid);
     }

From fe355b3184828d6c9f3932a00ee5d8b59f301778 Mon Sep 17 00:00:00 2001
From: Kamidu Sachith <sachithp@wso2.com>
Date: Mon, 12 Oct 2015 18:13:46 +0530
Subject: [PATCH 7/9] Romoving Temporary Solutions

---
 .../framework/authenticator/OAuthAuthenticator.java        | 7 +++----
 1 file changed, 3 insertions(+), 4 deletions(-)

diff --git a/components/webapp-authenticator-framework/org.wso2.carbon.webapp.authenticator.framework/src/main/java/org/wso2/carbon/webapp/authenticator/framework/authenticator/OAuthAuthenticator.java b/components/webapp-authenticator-framework/org.wso2.carbon.webapp.authenticator.framework/src/main/java/org/wso2/carbon/webapp/authenticator/framework/authenticator/OAuthAuthenticator.java
index 61867b9c9b..3fd3027592 100644
--- a/components/webapp-authenticator-framework/org.wso2.carbon.webapp.authenticator.framework/src/main/java/org/wso2/carbon/webapp/authenticator/framework/authenticator/OAuthAuthenticator.java
+++ b/components/webapp-authenticator-framework/org.wso2.carbon.webapp.authenticator.framework/src/main/java/org/wso2/carbon/webapp/authenticator/framework/authenticator/OAuthAuthenticator.java
@@ -84,10 +84,9 @@ public class OAuthAuthenticator implements WebappAuthenticator {
             return Status.CONTINUE;
         }
         String apiVersion = tokenizer.nextToken();
-        String authLevel = "any";
-//        String authLevel = authenticator.getResourceAuthenticationScheme(context, apiVersion,
-//                                                                         requestUri,
-//                                                                         requestMethod);
+        String authLevel = authenticator.getResourceAuthenticationScheme(context, apiVersion,
+                                                                         requestUri,
+                                                                         requestMethod);
         try {
             if (Constants.NO_MATCHING_AUTH_SCHEME.equals(authLevel)) {
                 AuthenticationFrameworkUtil

From 824f57b5d2491818edeea9960bb4941e5c0f86bc Mon Sep 17 00:00:00 2001
From: Kamidu Sachith <sachithp@wso2.com>
Date: Mon, 12 Oct 2015 18:36:59 +0530
Subject: [PATCH 8/9] Change the code for better performance

---
 .../validator/impl/ExternalOAuthValidator.java   | 14 +++++++-------
 .../validator/impl/LocalOAuthValidator.java      | 16 ++++++++--------
 2 files changed, 15 insertions(+), 15 deletions(-)

diff --git a/components/identity-extensions/backend-oauth-authenticator/src/main/java/org/wso2/carbon/identity/authenticator/backend/oauth/validator/impl/ExternalOAuthValidator.java b/components/identity-extensions/backend-oauth-authenticator/src/main/java/org/wso2/carbon/identity/authenticator/backend/oauth/validator/impl/ExternalOAuthValidator.java
index f05bd7dea0..e68088fe63 100755
--- a/components/identity-extensions/backend-oauth-authenticator/src/main/java/org/wso2/carbon/identity/authenticator/backend/oauth/validator/impl/ExternalOAuthValidator.java
+++ b/components/identity-extensions/backend-oauth-authenticator/src/main/java/org/wso2/carbon/identity/authenticator/backend/oauth/validator/impl/ExternalOAuthValidator.java
@@ -25,9 +25,9 @@ import org.wso2.carbon.identity.authenticator.backend.oauth.OauthAuthenticatorCo
 import org.wso2.carbon.identity.authenticator.backend.oauth.validator.OAuth2TokenValidator;
 import org.wso2.carbon.identity.authenticator.backend.oauth.validator.OAuthValidationResponse;
 import org.wso2.carbon.identity.oauth2.stub.OAuth2TokenValidationServiceStub;
-import org.wso2.carbon.identity.oauth2.stub.dto.OAuth2ClientApplicationDTO;
 import org.wso2.carbon.identity.oauth2.stub.dto.OAuth2TokenValidationRequestDTO;
 import org.wso2.carbon.identity.oauth2.stub.dto.OAuth2TokenValidationRequestDTO_OAuth2AccessToken;
+import org.wso2.carbon.identity.oauth2.stub.dto.OAuth2TokenValidationResponseDTO;
 import org.wso2.carbon.utils.multitenancy.MultitenantUtils;
 
 import java.rmi.RemoteException;
@@ -69,16 +69,16 @@ public class ExternalOAuthValidator implements OAuth2TokenValidator{
         headerList.add(header);
         options.setProperty(org.apache.axis2.transport.http.HTTPConstants.HTTP_HEADERS, headerList);
         client.setOptions(options);
-        OAuth2ClientApplicationDTO clientApplicationDTO =
-                tokenValidationService.findOAuthConsumerIfTokenIsValid(validationRequest);
-        boolean isValid = clientApplicationDTO.getAccessTokenValidationResponse().getValid();
+        OAuth2TokenValidationResponseDTO tokenValidationResponse =
+                tokenValidationService.findOAuthConsumerIfTokenIsValid(validationRequest).getAccessTokenValidationResponse();
+        boolean isValid = tokenValidationResponse.getValid();
         String userName = null;
         String tenantDomain = null;
         if(isValid){
             userName = MultitenantUtils.getTenantAwareUsername(
-                    clientApplicationDTO.getAccessTokenValidationResponse().getAuthorizedUser());
-            tenantDomain =
-                    MultitenantUtils.getTenantDomain(clientApplicationDTO.getAccessTokenValidationResponse().getAuthorizedUser());
+                    tokenValidationResponse.getAuthorizedUser());
+            tenantDomain = MultitenantUtils.
+                    getTenantDomain(tokenValidationResponse.getAuthorizedUser());
         }
         return new OAuthValidationResponse(userName,tenantDomain,isValid);
     }
diff --git a/components/identity-extensions/backend-oauth-authenticator/src/main/java/org/wso2/carbon/identity/authenticator/backend/oauth/validator/impl/LocalOAuthValidator.java b/components/identity-extensions/backend-oauth-authenticator/src/main/java/org/wso2/carbon/identity/authenticator/backend/oauth/validator/impl/LocalOAuthValidator.java
index 5595b19d43..2deb2b3b36 100755
--- a/components/identity-extensions/backend-oauth-authenticator/src/main/java/org/wso2/carbon/identity/authenticator/backend/oauth/validator/impl/LocalOAuthValidator.java
+++ b/components/identity-extensions/backend-oauth-authenticator/src/main/java/org/wso2/carbon/identity/authenticator/backend/oauth/validator/impl/LocalOAuthValidator.java
@@ -17,13 +17,13 @@
 */
 package org.wso2.carbon.identity.authenticator.backend.oauth.validator.impl;
 
+import org.wso2.carbon.identity.authenticator.backend.oauth.OauthAuthenticatorConstants;
+import org.wso2.carbon.identity.authenticator.backend.oauth.validator.OAuth2TokenValidator;
 import org.wso2.carbon.identity.authenticator.backend.oauth.validator.OAuthValidationResponse;
 import org.wso2.carbon.identity.oauth2.OAuth2TokenValidationService;
-import org.wso2.carbon.identity.oauth2.dto.OAuth2ClientApplicationDTO;
 import org.wso2.carbon.identity.oauth2.dto.OAuth2TokenValidationRequestDTO;
+import org.wso2.carbon.identity.oauth2.dto.OAuth2TokenValidationResponseDTO;
 import org.wso2.carbon.utils.multitenancy.MultitenantUtils;
-import org.wso2.carbon.identity.authenticator.backend.oauth.OauthAuthenticatorConstants;
-import org.wso2.carbon.identity.authenticator.backend.oauth.validator.OAuth2TokenValidator;
 
 /**
  * Handles the authentication using the inbuilt IS features.
@@ -44,16 +44,16 @@ public class LocalOAuthValidator implements OAuth2TokenValidator {
         accessToken.setIdentifier(token);
         validationRequest.setAccessToken(accessToken);
         OAuth2TokenValidationService validationService = new OAuth2TokenValidationService();
-        OAuth2ClientApplicationDTO clientApplicationDTO =  validationService.
-                findOAuthConsumerIfTokenIsValid(validationRequest);
-        boolean isValid = clientApplicationDTO.getAccessTokenValidationResponse().isValid();
+        OAuth2TokenValidationResponseDTO tokenValidationResponse =  validationService.
+                findOAuthConsumerIfTokenIsValid(validationRequest).getAccessTokenValidationResponse();
+        boolean isValid = tokenValidationResponse.isValid();
         String userName = null;
         String tenantDomain = null;
         if(isValid){
             userName = MultitenantUtils.getTenantAwareUsername(
-                    clientApplicationDTO.getAccessTokenValidationResponse().getAuthorizedUser());
+                    tokenValidationResponse.getAuthorizedUser());
             tenantDomain =
-                    MultitenantUtils.getTenantDomain(clientApplicationDTO.getAccessTokenValidationResponse().getAuthorizedUser());
+                    MultitenantUtils.getTenantDomain(tokenValidationResponse.getAuthorizedUser());
         }
        return new OAuthValidationResponse(userName,tenantDomain,isValid);
     }

From a66949c7e0f599dada46cf390fb9b0e399522da7 Mon Sep 17 00:00:00 2001
From: Kamidu Sachith <sachithp@wso2.com>
Date: Mon, 12 Oct 2015 18:45:32 +0530
Subject: [PATCH 9/9] Code Fixing

---
 .../backend/oauth/validator/impl/ExternalOAuthValidator.java  | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/components/identity-extensions/backend-oauth-authenticator/src/main/java/org/wso2/carbon/identity/authenticator/backend/oauth/validator/impl/ExternalOAuthValidator.java b/components/identity-extensions/backend-oauth-authenticator/src/main/java/org/wso2/carbon/identity/authenticator/backend/oauth/validator/impl/ExternalOAuthValidator.java
index e68088fe63..8d8a101537 100755
--- a/components/identity-extensions/backend-oauth-authenticator/src/main/java/org/wso2/carbon/identity/authenticator/backend/oauth/validator/impl/ExternalOAuthValidator.java
+++ b/components/identity-extensions/backend-oauth-authenticator/src/main/java/org/wso2/carbon/identity/authenticator/backend/oauth/validator/impl/ExternalOAuthValidator.java
@@ -69,8 +69,8 @@ public class ExternalOAuthValidator implements OAuth2TokenValidator{
         headerList.add(header);
         options.setProperty(org.apache.axis2.transport.http.HTTPConstants.HTTP_HEADERS, headerList);
         client.setOptions(options);
-        OAuth2TokenValidationResponseDTO tokenValidationResponse =
-                tokenValidationService.findOAuthConsumerIfTokenIsValid(validationRequest).getAccessTokenValidationResponse();
+        OAuth2TokenValidationResponseDTO tokenValidationResponse = tokenValidationService.
+                findOAuthConsumerIfTokenIsValid(validationRequest).getAccessTokenValidationResponse();
         boolean isValid = tokenValidationResponse.getValid();
         String userName = null;
         String tenantDomain = null;