changed websocket token retrieval mechanism

8 years ago · 21abaa8270
parent d54d854c4e
commit 21abaa8270
9 changed files with 63 additions and 27 deletions
--- a/components/analytics/iot-analytics/org.wso2.carbon.iot.geo.dashboard/src/main/resources/carbonapps/GadgetGeoDashboard_1.0.0/geo-dashboard/js/websocket.js
+++ b/components/analytics/iot-analytics/org.wso2.carbon.iot.geo.dashboard/src/main/resources/carbonapps/GadgetGeoDashboard_1.0.0/geo-dashboard/js/websocket.js
@ -702,14 +702,13 @@ function intializeWebsocketUrls() {
                                .constance.TENANT_INDEX + ApplicationOptions.constance.PATH_SEPARATOR + data.user.domain +
                            ApplicationOptions.constance.PATH_SEPARATOR + ApplicationOptions.constance
                                .CEP_WEB_SOCKET_OUTPUT_ADAPTOR_NAME + ApplicationOptions.constance.PATH_SEPARATOR + ApplicationOptions.constance.VERSION
-                            + "?deviceId=" + deviceId + "&deviceType=" + deviceType;
+                            + "?deviceId=" + deviceId + "&deviceType=" + deviceType + "&websocketToken=" + accessToken;
                        alertWebSocketURL = 'wss://' + hostname + ':' + port + ApplicationOptions.constance.PATH_SEPARATOR + ApplicationOptions.constance
                                .CEP_WEB_SOCKET_OUTPUT_ADAPTOR_WEBAPP_NAME + ApplicationOptions.constance.PATH_SEPARATOR + ApplicationOptions
                                .constance.TENANT_INDEX + ApplicationOptions.constance.PATH_SEPARATOR + data.user.domain +
                            ApplicationOptions.constance.PATH_SEPARATOR + ApplicationOptions.constance
                                .CEP_ON_ALERT_WEB_SOCKET_OUTPUT_ADAPTOR_NAME + ApplicationOptions.constance.PATH_SEPARATOR + ApplicationOptions.constance.VERSION
-                            + "?deviceId=" + deviceId + "&deviceType=" + deviceType;
-                        document.cookie = "websocket-token=" + accessToken + "; path=/";
+                            + "?deviceId=" + deviceId + "&deviceType=" + deviceType + "&websocketToken=" + accessToken;
                        $("#proximity_alert").hide();
                        initializeWebSocket();
                        initializeOnAlertWebSocket();
--- a/components/device-types/androidsense-plugin/org.wso2.carbon.device.mgt.iot.androidsense.ui/src/main/resources/jaggeryapps/devicemgt/app/units/cdmf.unit.device.type.android_sense.realtime.analytics-view/analytics-view.js
+++ b/components/device-types/androidsense-plugin/org.wso2.carbon.device.mgt.iot.androidsense.ui/src/main/resources/jaggeryapps/devicemgt/app/units/cdmf.unit.device.type.android_sense.realtime.analytics-view/analytics-view.js
@ -22,13 +22,21 @@ function onRequest(context) {
    var device = context.unit.params.device;
    var devicemgtProps = require("/app/modules/conf-reader/main.js")["conf"];
    var constants = require("/app/modules/constants.js");
-
    var websocketEndpoint = devicemgtProps["wssURL"].replace("https", "wss");
-	var tokenPair = session.get(constants["TOKEN_PAIR"]);
-	if (tokenPair) {
-		var token = parse(tokenPair)["accessToken"];
-		websocketEndpoint = websocketEndpoint + "/secured-websocket/org.wso2.iot.android.sense/1.0.0?" +
-			"token="+ token +"&deviceId=" + device.deviceIdentifier + "&deviceType=" + device.type;
-	}
+    var jwtService = carbonServer.osgiService(
+        'org.wso2.carbon.identity.jwt.client.extension.service.JWTClientManagerService');
+    var jwtClient = jwtService.getJWTClient();
+    var encodedClientKeys = session.get(constants["ENCODED_TENANT_BASED_WEB_SOCKET_CLIENT_CREDENTIALS"]);
+    var token = "";
+    if (encodedClientKeys) {
+        var tokenUtil = require("/app/modules/oauth/token-handler-utils.js")["utils"];
+        var resp = tokenUtil.decode(encodedClientKeys).split(":");
+        var tokenPair = jwtClient.getAccessToken(resp[0], resp[1], context.user.username,"default", {});
+        if (tokenPair) {
+            token = tokenPair.accessToken;
+        }
+        websocketEndpoint = websocketEndpoint + "/secured-websocket/org.wso2.iot.android.sense/1.0.0?" +
+            + "deviceId=" + device.deviceIdentifier + "&deviceType=" + device.type + "&websocketToken=" + token;
+    }
    return {"device": device, "websocketEndpoint": websocketEndpoint};
 }
--- a/components/device-types/arduino-plugin/org.wso2.carbon.device.mgt.iot.arduino.ui/src/main/resources/jaggeryapps/devicemgt/app/units/cdmf.unit.device.type.arduino.realtime.analytics-view/analytics-view.js
+++ b/components/device-types/arduino-plugin/org.wso2.carbon.device.mgt.iot.arduino.ui/src/main/resources/jaggeryapps/devicemgt/app/units/cdmf.unit.device.type.arduino.realtime.analytics-view/analytics-view.js
@ -36,9 +36,7 @@ function onRequest(context) {
            token = tokenPair.accessToken;
        }
        websocketEndpoint = websocketEndpoint + "/secured-websocket/org.wso2.iot.devices.temperature/1.0.0?"
-            + "deviceId=" + device.deviceIdentifier + "&deviceType=" + device.type;
-        var websocketToken= {'name':'websocket-token','value': token, 'path':'/', "maxAge":18000};
-        response.addCookie(websocketToken);
+            + "deviceId=" + device.deviceIdentifier + "&deviceType=" + device.type + "&websocketToken=" + token;
    }
    return {"device": device, "websocketEndpoint": websocketEndpoint};
 }
--- a/components/device-types/raspberrypi-plugin/org.wso2.carbon.device.mgt.iot.raspberrypi.ui/src/main/resources/jaggeryapps/devicemgt/app/units/cdmf.unit.device.type.raspberrypi.realtime.analytics-view/analytics-view.js
+++ b/components/device-types/raspberrypi-plugin/org.wso2.carbon.device.mgt.iot.raspberrypi.ui/src/main/resources/jaggeryapps/devicemgt/app/units/cdmf.unit.device.type.raspberrypi.realtime.analytics-view/analytics-view.js
@ -36,9 +36,7 @@ function onRequest(context) {
            token = tokenPair.accessToken;
        }
        websocketEndpoint = websocketEndpoint + "/secured-websocket/org.wso2.iot.devices.temperature/1.0.0?"
-            + "deviceId=" + device.deviceIdentifier + "&deviceType=" + device.type;
-        var websocketToken= {'name':'websocket-token','value': token, 'path':'/', "maxAge":18000};
-        response.addCookie(websocketToken);
+            + "deviceId=" + device.deviceIdentifier + "&deviceType=" + device.type + "&websocketToken=" + token;
    }
    return {"device": device, "websocketEndpoint": websocketEndpoint};
 }
--- a/components/device-types/virtual-fire-alarm-plugin/org.wso2.carbon.device.mgt.iot.virtualfirealarm.ui/src/main/resources/jaggeryapps/devicemgt/app/units/cdmf.unit.device.type.virtual_firealarm.realtime.analytics-view/analytics-view.js
+++ b/components/device-types/virtual-fire-alarm-plugin/org.wso2.carbon.device.mgt.iot.virtualfirealarm.ui/src/main/resources/jaggeryapps/devicemgt/app/units/cdmf.unit.device.type.virtual_firealarm.realtime.analytics-view/analytics-view.js
@ -36,9 +36,7 @@ function onRequest(context) {
            token = tokenPair.accessToken;
        }
        websocketEndpoint = websocketEndpoint + "/secured-websocket/org.wso2.iot.devices.temperature/1.0.0?"
-            + "deviceId=" + device.deviceIdentifier + "&deviceType=" + device.type;
-        var websocketToken= {'name':'websocket-token','value': token, 'path':'/', "maxAge":18000};
-        response.addCookie(websocketToken);
+            + "deviceId=" + device.deviceIdentifier + "&deviceType=" + device.type + "&websocketToken=" + token;
    }
    return {"device": device, "websocketEndpoint": websocketEndpoint};
 }
--- a/components/extensions/cdmf-transport-adapters/output/org.wso2.carbon.device.mgt.output.adapter.websocket.endpoint/src/main/java/org/wso2/carbon/device/mgt/output/adapter/websocket/endpoint/SuperTenantSubscriptionEndpoint.java
+++ b/components/extensions/cdmf-transport-adapters/output/org.wso2.carbon.device.mgt.output.adapter.websocket.endpoint/src/main/java/org/wso2/carbon/device/mgt/output/adapter/websocket/endpoint/SuperTenantSubscriptionEndpoint.java
@ -18,6 +18,7 @@

 package org.wso2.carbon.device.mgt.output.adapter.websocket.endpoint;

+import org.apache.commons.collections.map.HashedMap;
 import org.apache.commons.logging.Log;
 import org.apache.commons.logging.LogFactory;
 import org.wso2.carbon.context.PrivilegedCarbonContext;
@ -38,6 +39,7 @@ import javax.websocket.OnOpen;
 import javax.websocket.server.PathParam;
 import javax.websocket.server.ServerEndpoint;
 import java.io.IOException;
+import java.util.LinkedList;
 import java.util.List;
 import java.util.Map;

@ -63,10 +65,12 @@ public class SuperTenantSubscriptionEndpoint extends SubscriptionEndpoint {
 		if (log.isDebugEnabled()) {
 			log.debug("WebSocket opened, for Session id: " + session.getId() + ", for the Stream:" + streamName);
 		}
-		Map<String, List<String>> httpHeaders;
-		httpHeaders = (Map<String, List<String>>) config.getUserProperties().get(Constants.HTTP_HEADERS);
+		Map<String, List<String>> sessionQueryParam = new HashedMap();
+		List<String> sessionQueryParamList = new LinkedList<>();
+		sessionQueryParamList.add(session.getQueryString());
+		sessionQueryParam.put(Constants.QUERY_STRING, sessionQueryParamList);
 		Authenticator authenticator = ServiceHolder.getWebsocketValidationService().getAuthenticator();
-		AuthenticationInfo authenticationInfo = authenticator.isAuthenticated(httpHeaders);
+		AuthenticationInfo authenticationInfo = authenticator.isAuthenticated(sessionQueryParam);
 		if (authenticationInfo != null && authenticationInfo.isAuthenticated()) {
 			Authorizer authorizer = ServiceHolder.getWebsocketValidationService().getAuthorizer();
 			boolean isAuthorized = authorizer.isAuthorized(authenticationInfo, session, streamName);
--- a/components/extensions/cdmf-transport-adapters/output/org.wso2.carbon.device.mgt.output.adapter.websocket.endpoint/src/main/java/org/wso2/carbon/device/mgt/output/adapter/websocket/endpoint/TenantSubscriptionEndpoint.java
+++ b/components/extensions/cdmf-transport-adapters/output/org.wso2.carbon.device.mgt.output.adapter.websocket.endpoint/src/main/java/org/wso2/carbon/device/mgt/output/adapter/websocket/endpoint/TenantSubscriptionEndpoint.java
@ -18,6 +18,7 @@

 package org.wso2.carbon.device.mgt.output.adapter.websocket.endpoint;

+import org.apache.commons.collections.map.HashedMap;
 import org.apache.commons.logging.Log;
 import org.apache.commons.logging.LogFactory;
 import org.wso2.carbon.context.PrivilegedCarbonContext;
@ -37,6 +38,7 @@ import javax.websocket.OnOpen;
 import javax.websocket.server.PathParam;
 import javax.websocket.server.ServerEndpoint;
 import java.io.IOException;
+import java.util.LinkedList;
 import java.util.List;
 import java.util.Map;

@ -63,10 +65,12 @@ public class TenantSubscriptionEndpoint extends SubscriptionEndpoint {
        if (log.isDebugEnabled()) {
            log.debug("WebSocket opened, for Session id: "+session.getId()+", for the Stream:"+streamName);
        }
-        Map<String, List<String>> httpHeaders;
-        httpHeaders = (Map<String, List<String>>) config.getUserProperties().get(Constants.HTTP_HEADERS);
+        Map<String, List<String>> sessionQueryParam = new HashedMap();
+        List<String> sessionQueryParamList = new LinkedList<>();
+        sessionQueryParamList.add(session.getQueryString());
+        sessionQueryParam.put(Constants.QUERY_STRING, sessionQueryParamList);
        Authenticator authenticator = ServiceHolder.getWebsocketValidationService().getAuthenticator();
-        AuthenticationInfo authenticationInfo = authenticator.isAuthenticated(httpHeaders);
+        AuthenticationInfo authenticationInfo = authenticator.isAuthenticated(sessionQueryParam);
        if (authenticationInfo != null && authenticationInfo.isAuthenticated()) {
            Authorizer authorizer = ServiceHolder.getWebsocketValidationService().getAuthorizer();
            boolean isAuthorized = authorizer.isAuthorized(authenticationInfo, session, streamName);
--- a/components/extensions/cdmf-transport-adapters/output/org.wso2.carbon.device.mgt.output.adapter.websocket.endpoint/src/main/java/org/wso2/carbon/device/mgt/output/adapter/websocket/endpoint/constants/Constants.java
+++ b/components/extensions/cdmf-transport-adapters/output/org.wso2.carbon.device.mgt.output.adapter.websocket.endpoint/src/main/java/org/wso2/carbon/device/mgt/output/adapter/websocket/endpoint/constants/Constants.java
@ -22,4 +22,5 @@ package org.wso2.carbon.device.mgt.output.adapter.websocket.endpoint.constants;

 public class Constants {
    public static final String HTTP_HEADERS = "HttpHeaders";
+    public static final String  QUERY_STRING = "queryString";
 }
--- a/components/extensions/cdmf-transport-adapters/output/org.wso2.carbon.device.mgt.output.adapter.websocket/src/main/java/org/wso2/carbon/device/mgt/output/adapter/websocket/authentication/oauth/OAuthTokenValdiator.java
+++ b/components/extensions/cdmf-transport-adapters/output/org.wso2.carbon.device.mgt.output.adapter.websocket/src/main/java/org/wso2/carbon/device/mgt/output/adapter/websocket/authentication/oauth/OAuthTokenValdiator.java
@ -45,7 +45,10 @@ public class OAuthTokenValdiator {
 	private static final String COOKIE_KEYPAIR_SEPERATOR = ";";
 	private static final String COOKIE = "cookie";
 	private static final String TOKEN_TYPE = "bearer";
-	private static final String TOKEN_IDENTIFIER = "websocket-token";
+	private static final String TOKEN_IDENTIFIER = "websocketToken";
+	private static final String QUERY_STRING_SEPERATOR = "&";
+	private static final String QUERY_KEY_VALUE_SEPERATOR = "=";
+	private static final String QUERY_STRING = "queryString";
 	private static OAuthTokenValdiator oAuthTokenValdiator;


@ -59,7 +62,7 @@ public class OAuthTokenValdiator {
 	 * @return AuthenticationInfo with the validated results.
 	 */
 	public AuthenticationInfo validateToken(Map<String, List<String>> webSocketConnectionProperties) {
-		String token = getToken(webSocketConnectionProperties);
+		String token = getTokenFromSession(webSocketConnectionProperties);
 		if (token == null) {
 			AuthenticationInfo authenticationInfo = new AuthenticationInfo();
 			authenticationInfo.setAuthenticated(false);
@ -168,4 +171,27 @@ public class OAuthTokenValdiator {
 		log.error("WebSocket token should be specified in cookie");
 		return null;
 	}
+
+	/**
+	 * Retrieving the token from the http session
+	 * @param webSocketConnectionProperties WebSocket connection information including http headers
+	 * @return retrieved token
+	 */
+	private String getTokenFromSession(Map<String, List<String>> webSocketConnectionProperties) {
+		String queryString = webSocketConnectionProperties.get(QUERY_STRING).get(0);
+		if (queryString != null) {
+			String[] allQueryParamPairs = queryString.split(QUERY_STRING_SEPERATOR);
+			for (String keyValuePair : allQueryParamPairs) {
+				String[] queryParamPair = keyValuePair.split(QUERY_KEY_VALUE_SEPERATOR);
+				if (queryParamPair.length != 2) {
+					log.warn("Invalid query string [" + queryString + "] passed in.");
+					break;
+				}
+				if (queryParamPair[0].equals(TOKEN_IDENTIFIER)) {
+					return queryParamPair[1];
+				}
+			}
+		}
+		return null;
+	}
 }