Fixed SSO

3 years ago · 0162753d6a
parent 23b25fb540
commit 0162753d6a
10 changed files with 105 additions and 51 deletions
--- a/components/apimgt-extensions/org.wso2.carbon.apimgt.application.extension/src/main/java/org/wso2/carbon/apimgt/application/extension/APIManagementProviderServiceImpl.java
+++ b/components/apimgt-extensions/org.wso2.carbon.apimgt.application.extension/src/main/java/org/wso2/carbon/apimgt/application/extension/APIManagementProviderServiceImpl.java
@ -123,6 +123,7 @@ public class APIManagementProviderServiceImpl implements APIManagementProviderSe
                application = new Application(applicationName, subscriber);
                application.setTier(ApiApplicationConstants.DEFAULT_TIER);
                application.setGroupId("");
+                application.setTokenType("OAUTH");
                apiConsumer.addApplication(application, username);
                application = apiConsumer.getApplicationsByName(username, applicationName, "");
            } else {
--- a/components/ui-request-interceptor/io.entgra.ui.request.interceptor/src/main/java/io/entgra/ui/request/interceptor/LoginHandler.java
+++ b/components/ui-request-interceptor/io.entgra.ui.request.interceptor/src/main/java/io/entgra/ui/request/interceptor/LoginHandler.java
@ -24,7 +24,6 @@ import com.google.gson.JsonObject;
 import com.google.gson.JsonParser;
 import com.google.gson.JsonSyntaxException;
 import io.entgra.ui.request.interceptor.beans.AuthData;
-import io.entgra.ui.request.interceptor.beans.ProxyResponse;
 import io.entgra.ui.request.interceptor.exceptions.LoginException;
 import io.entgra.ui.request.interceptor.util.HandlerConstants;
 import io.entgra.ui.request.interceptor.util.HandlerUtil;
@ -35,12 +34,8 @@ import org.apache.http.HttpStatus;
 import org.apache.http.client.methods.HttpPost;
 import org.apache.http.entity.ContentType;
 import org.apache.http.entity.StringEntity;
-import org.wso2.carbon.apimgt.application.extension.APIManagementProviderService;
-import org.wso2.carbon.apimgt.application.extension.APIManagementProviderServiceImpl;
-import org.wso2.carbon.apimgt.application.extension.constants.ApiApplicationConstants;
-import org.wso2.carbon.apimgt.application.extension.dto.ApiApplicationKey;
-import org.wso2.carbon.apimgt.application.extension.exception.APIManagerException;
-import org.wso2.carbon.context.PrivilegedCarbonContext;
+import org.apache.http.protocol.HTTP;
+import io.entgra.ui.request.interceptor.beans.ProxyResponse;

 import javax.servlet.annotation.MultipartConfig;
 import javax.servlet.annotation.WebServlet;
@ -49,9 +44,7 @@ import javax.servlet.http.HttpServletRequest;
 import javax.servlet.http.HttpServletResponse;
 import javax.servlet.http.HttpSession;
 import java.io.IOException;
-import java.util.ArrayList;
 import java.util.Base64;
-import java.util.List;

@MultipartConfig
@WebServlet("/login")
@ -76,38 +69,28 @@ public class LoginHandler extends HttpServlet {
            httpSession = req.getSession(true);
            //setting session to expiry in 5 minutes
            httpSession.setMaxInactiveInterval(Math.toIntExact(HandlerConstants.TIMEOUT));
-            //todo: amalka do we need this remote call?
+
            JsonObject uiConfigJsonObject = HandlerUtil.getUIConfigAndPersistInSession(
                    uiConfigUrl, gatewayUrl, httpSession, resp);

            JsonArray tags = uiConfigJsonObject.get("appRegistration").getAsJsonObject().get("tags").getAsJsonArray();
            JsonArray scopes = uiConfigJsonObject.get("scopes").getAsJsonArray();

-            List<String> list = new ArrayList<String>();
-            for(int i=0; i < tags.size(); i++) {
-                list.add(tags.get(i).getAsString());
-            }
-
-            String[] tagsAsStringArray = list.toArray(new String[list.size()]);
+            HttpPost apiRegEndpoint = new HttpPost(gatewayUrl + HandlerConstants.APP_REG_ENDPOINT);
+            apiRegEndpoint.setHeader(HttpHeaders.AUTHORIZATION, HandlerConstants.BASIC + Base64.getEncoder()
+                    .encodeToString((username + HandlerConstants.COLON + password).getBytes()));
+            apiRegEndpoint.setHeader(HTTP.CONTENT_TYPE, ContentType.APPLICATION_JSON.toString());
+            apiRegEndpoint.setEntity(HandlerUtil.constructAppRegPayload(
+                    tags, HandlerConstants.PUBLISHER_APPLICATION_NAME, username, password));

-            String scopeString = HandlerUtil.getScopeString(scopes);
+            ProxyResponse clientAppResponse = HandlerUtil.execute(apiRegEndpoint);

-            if (scopeString != null) {
-                scopeString = scopeString.trim();
-            } else {
-                scopeString = "default";
+            if (clientAppResponse.getCode() == HttpStatus.SC_UNAUTHORIZED) {
+                HandlerUtil.handleError(resp, clientAppResponse);
+                return;
            }
-
-            APIManagementProviderService apiManagementProviderService = new APIManagementProviderServiceImpl();
-            ApiApplicationKey apiApplicationKey = apiManagementProviderService.generateAndRetrieveApplicationKeys(
-                    HandlerConstants.PUBLISHER_APPLICATION_NAME,
-                    tagsAsStringArray, HandlerConstants.PRODUCTION_KEY, username, false,
-                    ApiApplicationConstants.DEFAULT_VALIDITY_PERIOD);
-
-            if (apiApplicationKey != null && getTokenAndPersistInSession(apiApplicationKey.getConsumerKey(),
-                    apiApplicationKey.getConsumerSecret(), req, resp, scopes)) {
-                log.info("tenantDomain : " + PrivilegedCarbonContext.getThreadLocalCarbonContext().getTenantDomain());
-                log.info("username : " + PrivilegedCarbonContext.getThreadLocalCarbonContext().getUsername());
+            if (clientAppResponse.getCode() == HttpStatus.SC_CREATED && getTokenAndPersistInSession(req, resp,
+                    clientAppResponse.getData(), scopes)) {
                ProxyResponse proxyResponse = new ProxyResponse();
                proxyResponse.setCode(HttpStatus.SC_OK);
                HandlerUtil.handleSuccess(resp, proxyResponse);
@ -120,8 +103,6 @@ public class LoginHandler extends HttpServlet {
            log.error("Error occurred while parsing the response. ", e);
        } catch (LoginException e) {
            log.error("Error occurred while getting token data. ", e);
-        } catch (APIManagerException e) {
-            log.error("Error occurred while creating application. ", e);
        }
    }

@ -129,15 +110,19 @@ public class LoginHandler extends HttpServlet {
     * Generates token from token endpoint and persists them inside the session
     *
     * @param req - {@link HttpServletRequest}
-//     * @param clientAppResult - clientAppResult
+     * @param clientAppResult - clientAppResult
     * @param scopes - scopes defied in the application-mgt.xml
     * @throws LoginException - login exception throws when getting token result
     */
-    private boolean getTokenAndPersistInSession(String clientId, String clientSecret, HttpServletRequest req,
-            HttpServletResponse resp, JsonArray scopes) throws LoginException {
+    private boolean getTokenAndPersistInSession(HttpServletRequest req, HttpServletResponse resp,
+                                                String clientAppResult, JsonArray scopes) throws LoginException {
        JsonParser jsonParser = new JsonParser();
        try {
-            if (clientId != null && clientSecret != null) {
+            JsonElement jClientAppResult = jsonParser.parse(clientAppResult);
+            if (jClientAppResult.isJsonObject()) {
+                JsonObject jClientAppResultAsJsonObject = jClientAppResult.getAsJsonObject();
+                String clientId = jClientAppResultAsJsonObject.get("client_id").getAsString();
+                String clientSecret = jClientAppResultAsJsonObject.get("client_secret").getAsString();
                String encodedClientApp = Base64.getEncoder()
                        .encodeToString((clientId + HandlerConstants.COLON + clientSecret).getBytes());

@ -189,9 +174,6 @@ public class LoginHandler extends HttpServlet {
        if (HandlerConstants.HTTP_PROTOCOL.equals(req.getScheme())) {
            iotsCorePort = System.getProperty("iot.core.http.port");
        }
-
-        String keyManagerPort = System.getProperty("iot.keymanager.https.port");
-
        username = req.getParameter("username");
        password = req.getParameter("password");
        gatewayUrl = req.getScheme() + HandlerConstants.SCHEME_SEPARATOR + System.getProperty("iot.gateway.host")
@ -199,8 +181,8 @@ public class LoginHandler extends HttpServlet {
        uiConfigUrl = req.getScheme() + HandlerConstants.SCHEME_SEPARATOR + System.getProperty("iot.core.host")
                + HandlerConstants.COLON + iotsCorePort + HandlerConstants.UI_CONFIG_ENDPOINT;
        keyManagerUrl = HandlerConstants.HTTPS_PROTOCOL + HandlerConstants.SCHEME_SEPARATOR +
-                System.getProperty("iot.keymanager.host") + HandlerConstants.COLON + keyManagerPort;
-
+                System.getProperty("iot.keymanager.host") + HandlerConstants.COLON
+                + System.getProperty("iot.keymanager.https.port");
        if (username == null || password == null) {
            String msg = "Invalid login request. Username or Password is not received for login request.";
            log.error(msg);
--- a/components/ui-request-interceptor/io.entgra.ui.request.interceptor/src/main/java/io/entgra/ui/request/interceptor/SsoLoginCallbackHandler.java
+++ b/components/ui-request-interceptor/io.entgra.ui.request.interceptor/src/main/java/io/entgra/ui/request/interceptor/SsoLoginCallbackHandler.java
@ -60,8 +60,11 @@ public class SsoLoginCallbackHandler extends HttpServlet {
                + HandlerConstants.COLON + HandlerUtil.getGatewayPort(req.getScheme());
        String iotsCoreUrl = req.getScheme() + HandlerConstants.SCHEME_SEPARATOR + System.getProperty("iot.core.host")
                + HandlerConstants.COLON + iotsCorePort;
+        String keyManagerUrl = req.getScheme() + HandlerConstants.SCHEME_SEPARATOR
+                + System.getProperty("iot.keymanager.host") + HandlerConstants.COLON
+                + System.getProperty("iot.keymanager.https.port");

-        HttpPost tokenEndpoint = new HttpPost(gatewayUrl + HandlerConstants.TOKEN_ENDPOINT);
+        HttpPost tokenEndpoint = new HttpPost(keyManagerUrl + HandlerConstants.TOKEN_ENDPOINT);
        tokenEndpoint.setHeader(HttpHeaders.AUTHORIZATION, HandlerConstants.BASIC + session.getAttribute("encodedClientApp"));
        tokenEndpoint.setHeader(HttpHeaders.CONTENT_TYPE, ContentType.APPLICATION_FORM_URLENCODED.toString());

--- a/components/ui-request-interceptor/io.entgra.ui.request.interceptor/src/main/java/io/entgra/ui/request/interceptor/SsoLoginHandler.java
+++ b/components/ui-request-interceptor/io.entgra.ui.request.interceptor/src/main/java/io/entgra/ui/request/interceptor/SsoLoginHandler.java
@ -69,6 +69,7 @@ public class SsoLoginHandler extends HttpServlet {
    private static String adminPassword;
    private static String gatewayUrl;
    private static String iotsCoreUrl;
+    private static String keyManagerUrl;
    private static String encodedAdminCredentials;
    private static String encodedClientApp;
    private static String applicationId;
@ -101,7 +102,7 @@ public class SsoLoginHandler extends HttpServlet {
     */
    private void dynamicClientRegistration(HttpServletRequest req, HttpServletResponse resp) {
        try {
-            File userMgtConf = new File("conf/user-mgt.xml");
+            File userMgtConf = new File("repository/conf/user-mgt.xml");
            DocumentBuilderFactory dbFactory = DocumentBuilderFactory.newInstance();
            DocumentBuilder dBuilder = dbFactory.newDocumentBuilder();
            Document doc = dBuilder.parse(userMgtConf);
@ -123,6 +124,9 @@ public class SsoLoginHandler extends HttpServlet {
            iotsCoreUrl = req.getScheme() + HandlerConstants.SCHEME_SEPARATOR + System.getProperty("iot.core.host")
                    + HandlerConstants.COLON + iotsCorePort;
            String uiConfigUrl = iotsCoreUrl + HandlerConstants.UI_CONFIG_ENDPOINT;
+            keyManagerUrl = HandlerConstants.HTTPS_PROTOCOL + HandlerConstants.SCHEME_SEPARATOR +
+                    System.getProperty("iot.keymanager.host") + HandlerConstants.COLON
+                    + System.getProperty("iot.keymanager.https.port");

            httpSession = req.getSession(false);
            if (httpSession != null) {
@ -211,7 +215,7 @@ public class SsoLoginHandler extends HttpServlet {
            ProxyResponse updateApplicationGrantTypesEndpointResponse = HandlerUtil.execute(updateApplicationGrantTypesEndpoint);

            // Update app as a SaaS app
-            this.updateSaasApp(applicationName);
+            this.updateSaasApp(applicationId);

            if (updateApplicationGrantTypesEndpointResponse.getCode() == HttpStatus.SC_UNAUTHORIZED) {
                HandlerUtil.handleError(resp, updateApplicationGrantTypesEndpointResponse);
@ -262,7 +266,7 @@ public class SsoLoginHandler extends HttpServlet {
     * @throws IOException IO exception throws if an error occurred when invoking token endpoint
     */
    private ProxyResponse getTokenResult(String encodedClientApp) throws IOException {
-        HttpPost tokenEndpoint = new HttpPost(gatewayUrl + HandlerConstants.TOKEN_ENDPOINT);
+        HttpPost tokenEndpoint = new HttpPost(keyManagerUrl + HandlerConstants.TOKEN_ENDPOINT);
        tokenEndpoint.setHeader(HttpHeaders.AUTHORIZATION, HandlerConstants.BASIC + encodedClientApp);
        tokenEndpoint.setHeader(HttpHeaders.CONTENT_TYPE, ContentType.APPLICATION_FORM_URLENCODED.toString());

--- a/components/ui-request-interceptor/io.entgra.ui.request.interceptor/src/main/java/io/entgra/ui/request/interceptor/util/HandlerConstants.java
+++ b/components/ui-request-interceptor/io.entgra.ui.request.interceptor/src/main/java/io/entgra/ui/request/interceptor/util/HandlerConstants.java
@ -25,7 +25,7 @@ public class HandlerConstants {
    public static final String TOKEN_ENDPOINT = "/oauth2/token";
    public static final String INTROSPECT_ENDPOINT = "/oauth2/introspect";
    public static final String AUTHORIZATION_ENDPOINT = "/oauth2/authorize";
-    public static final String APIM_APPLICATIONS_ENDPOINT = "/api/am/store/v0.12/applications/";
+    public static final String APIM_APPLICATIONS_ENDPOINT = "/api/am/devportal/v2/applications/";
    public static final String IDENTITY_APP_MGT_ENDPOINT = "/services/IdentityApplicationManagementService.IdentityApplicationManagementServiceHttpsSoap11Endpoint";
    public static final String LOGIN_PAGE = "/login";
    public static final String SSO_LOGIN_CALLBACK = "/ssoLoginCallback";
@ -67,7 +67,7 @@ public class HandlerConstants {

    public static final String OTP_HEADER = "one-time-token";

-    public static final String AX_PREFIX = "ax2317:";
+    public static final String AX_PREFIX = "ax2251:";
    public static final String PAYLOADS_DIR = "repository/resources/payloads";
    public static final String SOAP_ACTION_HEADER = "SOAPAction";

--- a/features/device-mgt/org.wso2.carbon.device.mgt.basics.feature/src/main/resources/conf/mdm-ui-config.xml
+++ b/features/device-mgt/org.wso2.carbon.device.mgt.basics.feature/src/main/resources/conf/mdm-ui-config.xml
@ -19,7 +19,7 @@

 <UIConfiguration>
    <EnableOAuth>true</EnableOAuth>
-    <EnableSSO>false</EnableSSO>
+    <EnableSSO>true</EnableSSO>
    <AppRegistration>
        <Tags>
            <Tag>application_management</Tag>
--- a/features/device-mgt/org.wso2.carbon.device.mgt.basics.feature/src/main/resources/conf_templates/templates/repository/conf/mdm-ui-config.xml.j2
+++ b/features/device-mgt/org.wso2.carbon.device.mgt.basics.feature/src/main/resources/conf_templates/templates/repository/conf/mdm-ui-config.xml.j2
@ -26,7 +26,7 @@
    {% if mdm_ui_conf.enable_sso is defined %}
    <EnableSSO>{{mdm_ui_conf.enable_sso}}</EnableSSO>
    {% else %}
-    <EnableSSO>false</EnableSSO>
+    <EnableSSO>true</EnableSSO>
    {% endif %}
    <AppRegistration>
        <Tags>
--- a/features/ui-request-interceptor/io.entgra.ui.request.interceptor.feature/src/main/resources/p2.inf
+++ b/features/ui-request-interceptor/io.entgra.ui.request.interceptor.feature/src/main/resources/p2.inf
@ -4,3 +4,4 @@ org.eclipse.equinox.p2.touchpoint.natives.copy(source:${installFolder}/../featur
 org.eclipse.equinox.p2.touchpoint.natives.copy(source:${installFolder}/../features/io.entgra.ui.request.interceptor_${feature.version}/webapps/ui-request-handler.war,target:${installFolder}/../../deployment/server/webapps/store-ui-request-handler.war,overwrite:true);\
 org.eclipse.equinox.p2.touchpoint.natives.copy(source:${installFolder}/../features/io.entgra.ui.request.interceptor_${feature.version}/webapps/ui-request-handler.war,target:${installFolder}/../../deployment/server/webapps/entgra-ui-request-handler.war,overwrite:true);\
 org.eclipse.equinox.p2.touchpoint.natives.copy(source:${installFolder}/../features/io.entgra.ui.request.interceptor_${feature.version}/webapps/ui-request-handler.war,target:${installFolder}/../../deployment/server/webapps/mdm-reports-ui-request-handler.war,overwrite:true);\
+org.eclipse.equinox.p2.touchpoint.natives.copy(source:${installFolder}/../features/io.entgra.ui.request.interceptor_${feature.version}/payloads/,target:${installFolder}/../../resources/payloads/,overwrite:true);\
--- a/features/ui-request-interceptor/io.entgra.ui.request.interceptor.feature/src/main/resources/payloads/get-app-request.xml
+++ b/features/ui-request-interceptor/io.entgra.ui.request.interceptor.feature/src/main/resources/payloads/get-app-request.xml
@ -0,0 +1,8 @@
+<soapenv:Envelope xmlns:soapenv="http://schemas.xmlsoap.org/soap/envelope/" xmlns:xsd="http://org.apache.axis2/xsd">
+   <soapenv:Header/>
+   <soapenv:Body>
+      <xsd:getApplication>
+         <xsd:applicationName>${applicationName}</xsd:applicationName>
+      </xsd:getApplication>
+   </soapenv:Body>
+</soapenv:Envelope>
--- a/features/ui-request-interceptor/io.entgra.ui.request.interceptor.feature/src/main/resources/payloads/update-app-request.xml
+++ b/features/ui-request-interceptor/io.entgra.ui.request.interceptor.feature/src/main/resources/payloads/update-app-request.xml
@ -0,0 +1,55 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<soapenv:Envelope xmlns:soapenv="http://schemas.xmlsoap.org/soap/envelope/" xmlns:xsd="http://org.apache.axis2/xsd" xmlns:xsd1="http://model.common.application.identity.carbon.wso2.org/xsd" xmlns:xsd2="http://script.model.common.application.identity.carbon.wso2.org/xsd">
+   <soapenv:Header />
+   <soapenv:Body>
+      <xsd:updateApplication>
+         <xsd:serviceProvider>
+            <xsd1:applicationID>${applicationId}</xsd1:applicationID>
+            <xsd1:applicationName>${applicationName}</xsd1:applicationName>
+            <!-- <xsd1:certificateContent>?</xsd1:certificateContent> -->
+            <xsd1:description>${description}</xsd1:description>
+            <xsd1:inboundAuthenticationConfig>
+               <xsd1:inboundAuthenticationRequestConfigs>
+                  <!-- <xsd1:friendlyName>?</xsd1:friendlyName> -->
+                  <xsd1:inboundAuthKey>${inboundAuthKey}</xsd1:inboundAuthKey>
+                  <xsd1:inboundAuthType>${inboundAuthType}</xsd1:inboundAuthType>
+                  <xsd1:inboundConfigType>${inboundConfigType}</xsd1:inboundConfigType>
+                  <!-- <xsd1:properties>
+                     <xsd1:advanced>?</xsd1:advanced>
+                     <xsd1:confidential>?</xsd1:confidential>
+                     <xsd1:defaultValue>?</xsd1:defaultValue>
+                     <xsd1:description>?</xsd1:description>
+                     <xsd1:displayName>?</xsd1:displayName>
+                     <xsd1:displayOrder>?</xsd1:displayOrder>
+                     <xsd1:name>?</xsd1:name>
+                     <xsd1:required>false</xsd1:required>
+                     <xsd1:type>?</xsd1:type>
+                     <xsd1:value>?</xsd1:value>
+                  </xsd1:properties> -->
+               </xsd1:inboundAuthenticationRequestConfigs>
+            </xsd1:inboundAuthenticationConfig>
+            <!-- <xsd1:inboundProvisioningConfig>
+               <xsd1:dumbMode>?</xsd1:dumbMode>
+               <xsd1:provisioningEnabled>?</xsd1:provisioningEnabled>
+               <xsd1:provisioningUserStore>?</xsd1:provisioningUserStore>
+            </xsd1:inboundProvisioningConfig>
+            <xsd1:outboundProvisioningConfig>
+               <xsd1:provisionByRoleList>?</xsd1:provisionByRoleList>
+            </xsd1:outboundProvisioningConfig> -->
+            <xsd1:owner>
+               <xsd1:tenantDomain>${tenantDomain}</xsd1:tenantDomain>
+               <xsd1:userName>${userName}</xsd1:userName>
+               <xsd1:userStoreDomain>${userStoreDomain}</xsd1:userStoreDomain>
+            </xsd1:owner>
+            <xsd1:saasApp>${saasApp}</xsd1:saasApp>
+            <xsd1:spProperties>
+               <!-- <xsd1:displayName>?</xsd1:displayName> -->
+               <xsd1:name>displayName</xsd1:name>
+               <xsd1:value>${displayName}</xsd1:value>
+            </xsd1:spProperties>
+            <xsd1:permissionAndRoleConfig></xsd1:permissionAndRoleConfig>
+         </xsd:serviceProvider>
+      </xsd:updateApplication>
+   </soapenv:Body>
+</soapenv:Envelope>
+