Fix OAuth2ScopeValidator Issues

Due to the version bumping of the identity component, there were some references to the deprecated methods. Hence removed those and referred approved methods. In addition to that, to compatible with WSO2 cording standards, reformat the source as well.
merge-requests/1/head
lasantha 7 years ago
parent fbd7ba2afb
commit 9629101a85

@ -110,7 +110,8 @@
org.wso2.carbon.identity.base;version="${carbon.identity.framework.version.range}",
org.wso2.carbon.identity.oauth2.*;version="${carbon.identity.framework.version.range}",
org.wso2.carbon.utils.multitenancy,
org.apache.oltu.oauth2.common.validators
org.apache.oltu.oauth2.common.validators,
org.apache.commons.lang3.tuple,
</Import-Package>
</instructions>
</configuration>

@ -28,11 +28,9 @@ import org.wso2.carbon.identity.core.util.IdentityTenantUtil;
import org.wso2.carbon.identity.oauth.cache.CacheEntry;
import org.wso2.carbon.identity.oauth.cache.OAuthCache;
import org.wso2.carbon.identity.oauth.cache.OAuthCacheKey;
import org.wso2.carbon.identity.oauth.config.OAuthServerConfiguration;
import org.wso2.carbon.identity.oauth2.IdentityOAuth2Exception;
import org.wso2.carbon.identity.oauth2.dao.OAuthScopeDAO;
import org.wso2.carbon.identity.oauth2.dao.OAuthScopeDAOImpl;
import org.wso2.carbon.identity.oauth2.dao.TokenMgtDAO;
import org.wso2.carbon.identity.oauth2.dao.TokenManagementDAOImpl;
import org.wso2.carbon.identity.oauth2.model.AccessTokenDO;
import org.wso2.carbon.identity.oauth2.model.ResourceScopeCacheEntry;
import org.wso2.carbon.identity.oauth2.validators.OAuth2ScopeValidator;
@ -64,12 +62,12 @@ public class ExtendedJDBCScopeValidator extends OAuth2ScopeValidator {
}
String resourceScope = null;
// TokenMgtDAO tokenMgtDAO = new TokenMgtDAO();
OAuthScopeDAOImpl scopeDAO = new OAuthScopeDAOImpl();
TokenManagementDAOImpl tokenManagementDAO = new TokenManagementDAOImpl();
boolean cacheHit = false;
// Check the cache, if caching is enabled.
if (OAuthServerConfiguration.getInstance().isCacheEnabled()) {
if (OAuthCache.getInstance().isEnabled()) {
OAuthCache oauthCache = OAuthCache.getInstance();
OAuthCacheKey cacheKey = new OAuthCacheKey(resource);
CacheEntry result = oauthCache.getValueFromCache(cacheKey);
@ -82,9 +80,9 @@ public class ExtendedJDBCScopeValidator extends OAuth2ScopeValidator {
}
if (!cacheHit) {
resourceScope = scopeDAO.findScopeOfResource(resource);
resourceScope = tokenManagementDAO.findTenantAndScopeOfResource(resource).getKey();
if (OAuthServerConfiguration.getInstance().isCacheEnabled()) {
if (OAuthCache.getInstance().isEnabled()) {
OAuthCache oauthCache = OAuthCache.getInstance();
OAuthCacheKey cacheKey = new OAuthCacheKey(resource);
ResourceScopeCacheEntry cacheEntry = new ResourceScopeCacheEntry(resourceScope);
@ -114,8 +112,12 @@ public class ExtendedJDBCScopeValidator extends OAuth2ScopeValidator {
}
try {
User authorizedUser = accessTokenDO.getAuthzUser();
RealmService realmService = OAuthExtensionsDataHolder.getInstance().getRealmService();
int tenantId = realmService.getTenantManager().getTenantId(authorizedUser.getTenantDomain());
//Get the permissions associated with the scope, if any
Set<String> permissionsOfScope = scopeDAO.getBindingsOfScopeByScopeName(resourceScope);
Set<String> permissionsOfScope = scopeDAO.getBindingsOfScopeByScopeName(resourceScope, tenantId);
//If the scope doesn't have any permissions associated with it.
if (permissionsOfScope == null || permissionsOfScope.isEmpty()) {
@ -134,10 +136,6 @@ public class ExtendedJDBCScopeValidator extends OAuth2ScopeValidator {
log.debug(logMessage.toString());
}
User authorizedUser = accessTokenDO.getAuthzUser();
RealmService realmService = OAuthExtensionsDataHolder.getInstance().getRealmService();
int tenantId = realmService.getTenantManager().getTenantId(authorizedUser.getTenantDomain());
if (tenantId == 0 || tenantId == -1) {
tenantId = IdentityTenantUtil.getTenantIdOfUser(authorizedUser.getUserName());

@ -27,9 +27,7 @@ import org.wso2.carbon.identity.application.common.model.User;
import org.wso2.carbon.identity.core.util.IdentityTenantUtil;
import org.wso2.carbon.identity.oauth2.IdentityOAuth2Exception;
import org.wso2.carbon.identity.oauth2.dao.OAuthScopeDAO;
import org.wso2.carbon.identity.oauth2.dao.OAuthScopeDAOImpl;
import org.wso2.carbon.identity.oauth2.dao.OAuthTokenPersistenceFactory;
import org.wso2.carbon.identity.oauth2.dao.TokenMgtDAO;
import org.wso2.carbon.identity.oauth2.model.AccessTokenDO;
import org.wso2.carbon.identity.oauth2.validators.OAuth2ScopeValidator;
import org.wso2.carbon.user.api.AuthorizationManager;
@ -59,12 +57,7 @@ public class PermissionBasedScopeValidator extends OAuth2ScopeValidator {
return true;
}
OAuthScopeDAO pp = OAuthTokenPersistenceFactory.getInstance().getOAuthScopeDAO();
int tid = PrivilegedCarbonContext.getThreadLocalCarbonContext().getTenantId();
// TokenMgtDAO tokenMgtDAO = new TokenMgtDAO();
OAuthScopeDAOImpl nn = new OAuthScopeDAOImpl();
OAuthScopeDAO authScopeDAO = OAuthTokenPersistenceFactory.getInstance().getOAuthScopeDAO();
List<String> scopeList = new ArrayList<>(Arrays.asList(scopes));
//If the access token does not bear the scope required for accessing the Resource.
@ -77,8 +70,16 @@ public class PermissionBasedScopeValidator extends OAuth2ScopeValidator {
}
try {
User authorizedUser = accessTokenDO.getAuthzUser();
RealmService realmService = OAuthExtensionsDataHolder.getInstance().getRealmService();
int tenantId = realmService.getTenantManager().getTenantId(authorizedUser.getTenantDomain());
if (tenantId == 0 || tenantId == -1) {
tenantId = IdentityTenantUtil.getTenantIdOfUser(authorizedUser.getUserName());
}
//Get the permissions associated with the scope, if any
Set<String> permissionsOfScope = pp.getBindingsOfScopeByScopeName(resourceScope, tid);
Set<String> permissionsOfScope = authScopeDAO.getBindingsOfScopeByScopeName(resourceScope, tenantId);
//If the scope doesn't have any permissions associated with it.
if (permissionsOfScope == null || permissionsOfScope.isEmpty()) {
@ -97,15 +98,6 @@ public class PermissionBasedScopeValidator extends OAuth2ScopeValidator {
log.debug(logMessage.toString());
}
User authorizedUser = accessTokenDO.getAuthzUser();
RealmService realmService = OAuthExtensionsDataHolder.getInstance().getRealmService();
int tenantId = realmService.getTenantManager().getTenantId(authorizedUser.getTenantDomain());
if (tenantId == 0 || tenantId == -1) {
tenantId = IdentityTenantUtil.getTenantIdOfUser(authorizedUser.getUserName());
}
AuthorizationManager authorizationManager;
String[] userRoles;
boolean tenantFlowStarted = false;

@ -29,7 +29,6 @@ import org.wso2.carbon.identity.core.util.IdentityTenantUtil;
import org.wso2.carbon.identity.core.util.IdentityUtil;
import org.wso2.carbon.identity.oauth2.IdentityOAuth2Exception;
import org.wso2.carbon.identity.oauth2.dao.OAuthScopeDAOImpl;
import org.wso2.carbon.identity.oauth2.dao.TokenMgtDAO;
import org.wso2.carbon.identity.oauth2.model.AccessTokenDO;
import org.wso2.carbon.identity.oauth2.validators.OAuth2ScopeValidator;
import org.wso2.carbon.user.api.UserStoreException;
@ -62,9 +61,7 @@ public class RoleBasedScopeValidator extends OAuth2ScopeValidator {
return true;
}
// TokenMgtDAO tokenMgtDAO = new TokenMgtDAO();
OAuthScopeDAOImpl scopeDAO = new OAuthScopeDAOImpl();
List<String> scopeList = new ArrayList<>(Arrays.asList(scopes));
//If the access token does not bear the scope required for accessing the Resource.
@ -77,8 +74,15 @@ public class RoleBasedScopeValidator extends OAuth2ScopeValidator {
}
try {
User authzUser = accessTokenDO.getAuthzUser();
RealmService realmService = OAuthExtensionsDataHolder.getInstance().getRealmService();
int tenantId = realmService.getTenantManager().getTenantId(authzUser.getTenantDomain());
if (tenantId == 0 || tenantId == -1) {
tenantId = IdentityTenantUtil.getTenantIdOfUser(authzUser.getUserName());
}
//Get the roles associated with the scope, if any
Set<String> rolesOfScope = scopeDAO.getBindingsOfScopeByScopeName(resourceScope);
Set<String> rolesOfScope = scopeDAO.getBindingsOfScopeByScopeName(resourceScope, tenantId);
//If the scope doesn't have any roles associated with it.
if(rolesOfScope == null || rolesOfScope.isEmpty()){
@ -97,16 +101,6 @@ public class RoleBasedScopeValidator extends OAuth2ScopeValidator {
log.debug(logMessage.toString());
}
User authzUser = accessTokenDO.getAuthzUser();
RealmService realmService = OAuthExtensionsDataHolder.getInstance().getRealmService();
int tenantId = realmService.getTenantManager().
getTenantId(authzUser.getTenantDomain());
if (tenantId == 0 || tenantId == -1) {
tenantId = IdentityTenantUtil.getTenantIdOfUser(authzUser.getUserName());
}
UserStoreManager userStoreManager;
String[] userRoles;
boolean tenantFlowStarted = false;

Loading…
Cancel
Save