Improving performance of webapp authenticator valve implementation

revert-70aa11f8
prabathabey 9 years ago
parent 8585abff8d
commit 36462e2e4e

@ -105,9 +105,15 @@
org.apache.axis2.client,
org.apache.commons.codec.binary,
org.apache.commons.httpclient,
org.wso2.carbon.core.security
org.wso2.carbon.core.security,
org.apache.axis2.context,
org.apache.commons.httpclient.params,
org.apache.commons.pool,
org.apache.commons.pool.impl,
org.apache.http.client,
org.apache.http.conn,
org.apache.http.impl.client
</Import-Package>
<!--<Fragment-Host>tomcat</Fragment-Host>-->
</instructions>
</configuration>
</plugin>

@ -0,0 +1,119 @@
/*
* Copyright (c) 2015, WSO2 Inc. (http://www.wso2.org) All Rights Reserved.
*
* WSO2 Inc. licenses this file to you under the Apache License,
* Version 2.0 (the "License"); you may not use this file except
* in compliance with the License.
* You may obtain a copy of the License at
*
* http://www.apache.org/licenses/LICENSE-2.0
*
* Unless required by applicable law or agreed to in writing,
* software distributed under the License is distributed on an
* "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
* KIND, either express or implied. See the License for the
* specific language governing permissions and limitations
* under the License.
*
*/
package org.wso2.carbon.webapp.authenticator.framework.Utils;
import org.apache.axis2.AxisFault;
import org.apache.axis2.client.Options;
import org.apache.axis2.client.ServiceClient;
import org.apache.axis2.transport.http.HTTPConstants;
import org.apache.commons.codec.binary.Base64;
import org.apache.commons.httpclient.Header;
import org.apache.commons.httpclient.MultiThreadedHttpConnectionManager;
import org.apache.commons.logging.Log;
import org.apache.commons.logging.LogFactory;
import org.apache.commons.pool.PoolableObjectFactory;
import org.apache.http.client.HttpClient;
import org.apache.http.conn.ClientConnectionManager;
import org.apache.http.impl.client.DefaultHttpClient;
import org.wso2.carbon.identity.oauth2.stub.OAuth2TokenValidationServiceStub;
import org.wso2.carbon.webapp.authenticator.framework.authenticator.oauth.OAuthConstants;
import org.wso2.carbon.webapp.authenticator.framework.authenticator.oauth.OAuthTokenValidationException;
import java.util.ArrayList;
import java.util.List;
import java.util.Properties;
public class OAuthTokenValidationStubFactory implements PoolableObjectFactory {
private String url;
private String basicAuthHeader;
private static final Log log = LogFactory.getLog(OAuthTokenValidationStubFactory.class);
private HttpClient httpClient;
public OAuthTokenValidationStubFactory(String url, String adminUsername, String adminPassword,
Properties properties) {
this.url = url;
this.basicAuthHeader = new String(Base64.encodeBase64((adminUsername + ":" + adminPassword).getBytes()));
MultiThreadedHttpConnectionManager connectionManager = new MultiThreadedHttpConnectionManager();
connectionManager.getParams().setDefaultMaxConnectionsPerHost(
Integer.parseInt(properties.getProperty("MaxConnectionsPerHost")));
connectionManager.getParams().setMaxTotalConnections(
Integer.parseInt(properties.getProperty("MaxTotalConnections")));
this.httpClient = new DefaultHttpClient((ClientConnectionManager) connectionManager);
}
@Override
public Object makeObject() throws Exception {
return this.createStub();
}
@Override
public void destroyObject(Object o) throws Exception {
}
@Override
public boolean validateObject(Object o) {
return true;
}
@Override
public void activateObject(Object o) throws Exception {
if (log.isDebugEnabled()) {
log.debug("OAuth token validate stub instance is activated");
}
}
@Override
public void passivateObject(Object o) throws Exception {
if (o instanceof OAuth2TokenValidationServiceStub) {
OAuth2TokenValidationServiceStub stub = (OAuth2TokenValidationServiceStub) o;
stub._getServiceClient().cleanupTransport();
stub._getServiceClient().setOptions(null);
}
}
private OAuth2TokenValidationServiceStub createStub() throws OAuthTokenValidationException {
OAuth2TokenValidationServiceStub stub;
try {
stub = new OAuth2TokenValidationServiceStub(url);
ServiceClient client = stub._getServiceClient();
client.getServiceContext().getConfigurationContext().setProperty(
HTTPConstants.CACHED_HTTP_CLIENT, httpClient);
List<Header> headerList = new ArrayList<>();
Header header = new Header();
header.setName(HTTPConstants.HEADER_AUTHORIZATION);
header.setValue(OAuthConstants.AUTHORIZATION_HEADER_PREFIX_BASIC + " " + basicAuthHeader);
headerList.add(header);
Options options = client.getOptions();
options.setProperty(HTTPConstants.HTTP_HEADERS, headerList);
options.setProperty(HTTPConstants.REUSE_HTTP_CLIENT, "true");
client.setOptions(options);
} catch (AxisFault axisFault) {
throw new OAuthTokenValidationException("Exception occurred while creating the " +
"OAuth2TokenValidationServiceStub.", axisFault);
}
return stub;
}
}

@ -27,6 +27,8 @@ import org.apache.tomcat.util.buf.MessageBytes;
import org.wso2.carbon.webapp.authenticator.framework.Constants;
import org.wso2.carbon.webapp.authenticator.framework.AuthenticationInfo;
import java.util.Properties;
public class BasicAuthAuthenticator implements WebappAuthenticator {
private static final String BASIC_AUTH_AUTHENTICATOR = "BasicAuth";
@ -55,6 +57,21 @@ public class BasicAuthAuthenticator implements WebappAuthenticator {
return BasicAuthAuthenticator.BASIC_AUTH_AUTHENTICATOR;
}
@Override
public String getProperty(String name) {
return null;
}
@Override
public Properties getProperties() {
return null;
}
@Override
public void setProperties(Properties properties) {
}
private Credentials getCredentials(Request request) {
Credentials credentials = null;
MessageBytes authorization =

@ -15,6 +15,7 @@ import org.wso2.carbon.webapp.authenticator.framework.AuthenticatorFrameworkData
import org.wso2.carbon.webapp.authenticator.framework.AuthenticationInfo;
import java.security.cert.X509Certificate;
import java.util.Properties;
/**
* This authenticator authenticates HTTP requests using certificates.
@ -93,4 +94,20 @@ public class CertificateAuthenticator implements WebappAuthenticator {
public String getName() {
return CERTIFICATE_AUTHENTICATOR;
}
@Override
public String getProperty(String name) {
return null;
}
@Override
public Properties getProperties() {
return null;
}
@Override
public void setProperties(Properties properties) {
}
}

@ -39,6 +39,7 @@ import org.wso2.carbon.webapp.authenticator.framework.AuthenticatorFrameworkData
import java.security.interfaces.RSAPublicKey;
import java.text.ParseException;
import java.util.Properties;
import java.util.StringTokenizer;
/**
@ -141,4 +142,20 @@ public class JWTAuthenticator implements WebappAuthenticator {
public String getName() {
return JWTAuthenticator.JWT_AUTHENTICATOR;
}
@Override
public String getProperty(String name) {
return null;
}
@Override
public Properties getProperties() {
return null;
}
@Override
public void setProperties(Properties properties) {
}
}

@ -24,16 +24,17 @@ import org.apache.commons.logging.Log;
import org.apache.commons.logging.LogFactory;
import org.apache.tomcat.util.buf.ByteChunk;
import org.apache.tomcat.util.buf.MessageBytes;
import org.wso2.carbon.identity.oauth2.dto.OAuth2TokenValidationRequestDTO;
import org.wso2.carbon.identity.oauth2.dto.OAuth2TokenValidationResponseDTO;
import org.wso2.carbon.utils.multitenancy.MultitenantUtils;
import org.wso2.carbon.webapp.authenticator.framework.*;
import org.wso2.carbon.webapp.authenticator.framework.AuthenticationException;
import org.wso2.carbon.webapp.authenticator.framework.AuthenticationFrameworkUtil;
import org.wso2.carbon.webapp.authenticator.framework.AuthenticationInfo;
import org.wso2.carbon.webapp.authenticator.framework.Constants;
import org.wso2.carbon.webapp.authenticator.framework.Utils.Utils;
import org.wso2.carbon.webapp.authenticator.framework.authenticator.oauth.OAuth2TokenValidator;
import org.wso2.carbon.webapp.authenticator.framework.authenticator.oauth.OAuthTokenValidationException;
import org.wso2.carbon.webapp.authenticator.framework.authenticator.oauth.OAuthValidationResponse;
import org.wso2.carbon.webapp.authenticator.framework.authenticator.oauth.OAuthValidatorFactory;
import java.util.Properties;
import java.util.StringTokenizer;
import java.util.regex.Matcher;
import java.util.regex.Pattern;
@ -46,9 +47,23 @@ public class OAuthAuthenticator implements WebappAuthenticator {
private static final String BEARER_TOKEN_TYPE = "bearer";
private static final String RESOURCE_KEY = "resource";
private Properties properties;
private OAuth2TokenValidator tokenValidator;
private static final Log log = LogFactory.getLog(OAuthAuthenticator.class);
public OAuthAuthenticator() {
String url = properties.getProperty("TokenValidationEndpointUrl");
String adminUsername = properties.getProperty("Username");
String adminPassword = properties.getProperty("Password");
boolean isRemote = Boolean.parseBoolean(properties.getProperty("IsRemote"));
Properties validatorProperties = new Properties();
validatorProperties.setProperty("MaxTotalConnections", properties.getProperty("MaxTotalConnections"));
validatorProperties.setProperty("MaxConnectionsPerHost", properties.getProperty("MaxTotalConnectionsPerHost"));
this.tokenValidator = OAuthValidatorFactory.getNewValidator(url, adminUsername, adminPassword, isRemote, validatorProperties);
}
@Override
public boolean canHandle(Request request) {
MessageBytes authorization =
@ -93,9 +108,8 @@ public class OAuthAuthenticator implements WebappAuthenticator {
String bearerToken = this.getBearerToken(request);
//Set the resource context param. This will be used in scope validation.
String resource = requestUri + ":" + requestMethod;
//Get the appropriate OAuth validator from OAuthValidatorFactory.
OAuth2TokenValidator oAuth2TokenValidator = OAuthValidatorFactory.getValidator();
OAuthValidationResponse oAuthValidationResponse = oAuth2TokenValidator.validateToken(bearerToken, resource);
OAuthValidationResponse oAuthValidationResponse = tokenValidator.validateToken(bearerToken, resource);
if (oAuthValidationResponse.isValid()) {
String username = oAuthValidationResponse.getUserName();
@ -127,6 +141,24 @@ public class OAuthAuthenticator implements WebappAuthenticator {
return OAuthAuthenticator.OAUTH_AUTHENTICATOR;
}
@Override
public String getProperty(String name) {
if (properties == null) {
return null;
}
return properties.getProperty(name);
}
@Override
public Properties getProperties() {
return properties;
}
@Override
public void setProperties(Properties properties) {
this.properties = properties;
}
private String getBearerToken(Request request) {
MessageBytes authorization =
request.getCoyoteRequest().getMimeHeaders().

@ -22,6 +22,8 @@ import org.apache.catalina.connector.Request;
import org.apache.catalina.connector.Response;
import org.wso2.carbon.webapp.authenticator.framework.AuthenticationInfo;
import java.util.Properties;
public interface WebappAuthenticator {
enum Status {
@ -34,4 +36,10 @@ public interface WebappAuthenticator {
String getName();
String getProperty(String name);
Properties getProperties();
void setProperties(Properties properties);
}

@ -31,4 +31,5 @@ public interface OAuth2TokenValidator {
* @return OAuthValidationResponse with the validated results.
*/
OAuthValidationResponse validateToken(String accessToken, String resource) throws OAuthTokenValidationException;
}

@ -21,6 +21,8 @@ import org.wso2.carbon.core.security.AuthenticatorsConfiguration;
import org.wso2.carbon.webapp.authenticator.framework.authenticator.oauth.impl.RemoteOAuthValidator;
import org.wso2.carbon.webapp.authenticator.framework.authenticator.oauth.impl.LocalOAuthValidator;
import java.util.Properties;
/**
* The class validate the configurations and provide the most suitable implementation according to the configuration.
* Factory class for OAuthValidator.
@ -32,12 +34,13 @@ public class OAuthValidatorFactory {
private static final String AUTHENTICATOR_CONFIG_ADMIN_USERNAME = "adminUsername";
private static final String AUTHENTICATOR_CONFIG_ADMIN_PASSWORD = "adminPassword";
private static final String AUTHENTICATOR_CONFIG_OAUTH_AUTHENTICATOR_NAME = "OAuthAuthenticator";
private static String OAUTH_ENDPOINT_POSTFIX =
private static final String OAUTH_ENDPOINT_POSTFIX =
"/services/OAuth2TokenValidationService.OAuth2TokenValidationServiceHttpsSoap12Endpoint/";
/**
* This factory method checks the authenticators.xml configuration file and provides an appropriate implementation
* of OAuth2TokenValidator.
*
* @return OAuth2TokenValidator
*/
public static OAuth2TokenValidator getValidator() throws IllegalArgumentException {
@ -54,18 +57,34 @@ public class OAuthValidatorFactory {
hostUrl = authenticatorConfig.getParameters().get(AUTHENTICATOR_CONFIG_HOST_URL);
adminUserName = authenticatorConfig.getParameters().get(AUTHENTICATOR_CONFIG_ADMIN_USERNAME);
adminPassword = authenticatorConfig.getParameters().get(AUTHENTICATOR_CONFIG_ADMIN_PASSWORD);
}else{
} else {
throw new IllegalArgumentException("OAuth Authenticator configuration parameters need to be defined in " +
"Authenticators.xml.");
}
if (isRemote) {
if (!(hostUrl == null || hostUrl.trim().isEmpty())) {
hostUrl = hostUrl + OAUTH_ENDPOINT_POSTFIX;
return new RemoteOAuthValidator(hostUrl, adminUserName, adminPassword);
return new RemoteOAuthValidator(hostUrl, adminUserName, adminPassword, null);
} else {
throw new IllegalArgumentException("Remote server host can't be empty in authenticators.xml.");
}
}
return new LocalOAuthValidator();
}
public static OAuth2TokenValidator getNewValidator(
String url, String adminUsername, String adminPassword, boolean isRemote,
Properties properties) throws IllegalArgumentException {
if (isRemote) {
if (!(url == null || url.trim().isEmpty())) {
url = url + OAUTH_ENDPOINT_POSTFIX;
return new RemoteOAuthValidator(url, adminUsername, adminPassword, properties);
} else {
throw new IllegalArgumentException("Remote server host can't be empty in OAuthAuthenticator " +
"configuration.");
}
}
return new LocalOAuthValidator();
}
}

@ -23,12 +23,17 @@ import org.apache.axis2.client.ServiceClient;
import org.apache.axis2.transport.http.HTTPConstants;
import org.apache.commons.codec.binary.Base64;
import org.apache.commons.httpclient.Header;
import org.apache.commons.logging.Log;
import org.apache.commons.logging.LogFactory;
import org.apache.commons.pool.ObjectPool;
import org.apache.commons.pool.impl.GenericObjectPool;
import org.wso2.carbon.identity.oauth2.stub.OAuth2TokenValidationServiceStub;
import org.wso2.carbon.identity.oauth2.stub.dto.OAuth2TokenValidationRequestDTO;
import org.wso2.carbon.identity.oauth2.stub.dto.OAuth2TokenValidationRequestDTO_OAuth2AccessToken;
import org.wso2.carbon.identity.oauth2.stub.dto.OAuth2TokenValidationRequestDTO_TokenValidationContextParam;
import org.wso2.carbon.identity.oauth2.stub.dto.OAuth2TokenValidationResponseDTO;
import org.wso2.carbon.utils.multitenancy.MultitenantUtils;
import org.wso2.carbon.webapp.authenticator.framework.Utils.OAuthTokenValidationStubFactory;
import org.wso2.carbon.webapp.authenticator.framework.authenticator.oauth.OAuth2TokenValidator;
import org.wso2.carbon.webapp.authenticator.framework.authenticator.oauth.OAuthConstants;
import org.wso2.carbon.webapp.authenticator.framework.authenticator.oauth.OAuthTokenValidationException;
@ -37,25 +42,20 @@ import org.wso2.carbon.webapp.authenticator.framework.authenticator.oauth.OAuthV
import java.rmi.RemoteException;
import java.util.ArrayList;
import java.util.List;
import java.util.Properties;
/**
* Handles the OAuth2 token validation from remote IS servers using remote OAuthValidation service-stub.
*/
public class RemoteOAuthValidator implements OAuth2TokenValidator {
private String hostURL;
private String adminUserName;
private String adminPassword;
private GenericObjectPool stubs;
public RemoteOAuthValidator(String hostURL, String adminUserName, String adminPassword) {
this.hostURL = hostURL;
this.adminUserName = adminUserName;
this.adminPassword = adminPassword;
}
private static final Log log = LogFactory.getLog(RemoteOAuthValidator.class);
private String getBasicAuthCredentials() {
byte[] bytesEncoded = Base64.encodeBase64((adminUserName + ":" + adminPassword).getBytes());
return new String(bytesEncoded);
public RemoteOAuthValidator(String hostURL, String adminUserName, String adminPassword, Properties properties) {
this.stubs = new GenericObjectPool(
new OAuthTokenValidationStubFactory(hostURL, adminUserName, adminPassword, properties));
}
@Override
@ -79,29 +79,25 @@ public class RemoteOAuthValidator implements OAuth2TokenValidator {
tokenValidationContextParams[0] = resourceContextParam;
validationRequest.setContext(tokenValidationContextParams);
OAuth2TokenValidationServiceStub tokenValidationService;
try {
tokenValidationService = new OAuth2TokenValidationServiceStub(hostURL);
} catch (AxisFault axisFault) {
throw new OAuthTokenValidationException("Exception occurred while obtaining the " +
"OAuth2TokenValidationServiceStub.", axisFault);
}
ServiceClient client = tokenValidationService._getServiceClient();
Options options = client.getOptions();
List<Header> headerList = new ArrayList<>();
Header header = new Header();
header.setName(HTTPConstants.HEADER_AUTHORIZATION);
header.setValue(OAuthConstants.AUTHORIZATION_HEADER_PREFIX_BASIC + " " + getBasicAuthCredentials());
headerList.add(header);
options.setProperty(HTTPConstants.HTTP_HEADERS, headerList);
client.setOptions(options);
OAuth2TokenValidationResponseDTO tokenValidationResponse;
OAuth2TokenValidationServiceStub stub = null;
try {
tokenValidationResponse = tokenValidationService.
stub = (OAuth2TokenValidationServiceStub) stubs.borrowObject();
tokenValidationResponse = stub.
findOAuthConsumerIfTokenIsValid(validationRequest).getAccessTokenValidationResponse();
} catch (RemoteException e) {
throw new OAuthTokenValidationException("Remote Exception occurred while invoking the Remote IS server for " +
"OAuth2 token validation.", e);
throw new OAuthTokenValidationException("Remote Exception occurred while invoking the Remote " +
"IS server for OAuth2 token validation.", e);
} catch (Exception e) {
throw new OAuthTokenValidationException("Error occurred while borrowing an oauth token validation " +
"service stub from the pool", e);
} finally {
try {
stubs.returnObject(stub);
} catch (Exception e) {
log.warn("Error occurred while returning the object back to the oauth token validation service " +
" stub pool", e);
}
}
boolean isValid = tokenValidationResponse.getValid();
String userName;
@ -115,6 +111,7 @@ public class RemoteOAuthValidator implements OAuth2TokenValidator {
oAuthValidationResponse.setErrorMsg(tokenValidationResponse.getErrorMsg());
return oAuthValidationResponse;
}
return new OAuthValidationResponse(userName,tenantDomain,isValid);
return new OAuthValidationResponse(userName, tenantDomain, isValid);
}
}

@ -18,14 +18,18 @@
*/
package org.wso2.carbon.webapp.authenticator.framework.config;
import javax.xml.bind.annotation.XmlAttribute;
import javax.xml.bind.annotation.XmlElement;
import javax.xml.bind.annotation.XmlElementWrapper;
import javax.xml.bind.annotation.XmlRootElement;
import java.util.List;
@XmlRootElement(name = "Authenticator")
public class AuthenticatorConfig {
private String name;
private String className;
private List<Parameter> params;
@XmlElement(name = "Name", required = true)
public String getName() {
@ -45,4 +49,35 @@ public class AuthenticatorConfig {
this.className = className;
}
@XmlElementWrapper(name = "Parameters", nillable = true)
@XmlElement(name = "Parameter", nillable = false)
public List<Parameter> getParams() {
return params;
}
@XmlRootElement(name = "Parameter")
public static class Parameter {
private String name;
private String value;
@XmlAttribute(name = "Name")
public String getName() {
return name;
}
public void setName(String name) {
this.name = name;
}
@XmlElement(name = "Value")
public String getValue() {
return value;
}
public void setValue(String value) {
this.value = value;
}
}
}

@ -36,6 +36,7 @@ import org.wso2.carbon.webapp.authenticator.framework.config.WebappAuthenticator
import java.util.ArrayList;
import java.util.List;
import java.util.Properties;
/**
* @scr.component name="org.wso2.carbon.webapp.authenticator" immediate="true"
@ -79,6 +80,13 @@ public class WebappAuthenticatorFrameworkServiceComponent {
for (AuthenticatorConfig config : WebappAuthenticatorConfig.getInstance().getAuthenticators()) {
WebappAuthenticator authenticator = (WebappAuthenticator) Class.forName(config.getClassName()).
newInstance();
if (config.getParams() != null || !config.getParams().isEmpty()) {
Properties properties = new Properties();
for (AuthenticatorConfig.Parameter param : config.getParams()) {
properties.setProperty(param.getName(), param.getValue());
}
authenticator.setProperties(properties);
}
repository.addAuthenticator(authenticator);
}
AuthenticatorFrameworkDataHolder.getInstance().setWebappAuthenticatorRepository(repository);

@ -1263,6 +1263,12 @@
<artifactId>neethi</artifactId>
<version>${neethi.version}</version>
</dependency>
<dependency>
<groupId>commons-pool.wso2</groupId>
<artifactId>commons-pool</artifactId>
<version>${commons.pool.wso2.version}</version>
</dependency>
</dependencies>
</dependencyManagement>
@ -1556,6 +1562,8 @@
<!-- Release plugin ID for github-->
<project.scm.id>github-scm</project.scm.id>
<commons.pool.wso2.version>1.5.6.wso2v1</commons.pool.wso2.version>
</properties>
</project>

Loading…
Cancel
Save