diff --git a/components/apimgt-extensions/org.wso2.carbon.apimgt.application.extension/pom.xml b/components/apimgt-extensions/org.wso2.carbon.apimgt.application.extension/pom.xml index 55ba73615e6..c042b1b0a6a 100644 --- a/components/apimgt-extensions/org.wso2.carbon.apimgt.application.extension/pom.xml +++ b/components/apimgt-extensions/org.wso2.carbon.apimgt.application.extension/pom.xml @@ -67,6 +67,11 @@ org.wso2.carbon.registry org.wso2.carbon.registry.indexing + + org.wso2.carbon.devicemgt + org.wso2.carbon.identity.jwt.client.extension + provided + @@ -110,6 +115,7 @@ org.wso2.carbon.apimgt.integration.client.*, org.wso2.carbon.apimgt.integration.generated.client.store.api, org.wso2.carbon.apimgt.integration.generated.client.store.model, + org.wso2.carbon.identity.jwt.client.extension.*, feign diff --git a/components/apimgt-extensions/org.wso2.carbon.apimgt.application.extension/src/main/java/org/wso2/carbon/apimgt/application/extension/APIManagementProviderService.java b/components/apimgt-extensions/org.wso2.carbon.apimgt.application.extension/src/main/java/org/wso2/carbon/apimgt/application/extension/APIManagementProviderService.java index 4f10bedb36e..83cfbabf554 100644 --- a/components/apimgt-extensions/org.wso2.carbon.apimgt.application.extension/src/main/java/org/wso2/carbon/apimgt/application/extension/APIManagementProviderService.java +++ b/components/apimgt-extensions/org.wso2.carbon.apimgt.application.extension/src/main/java/org/wso2/carbon/apimgt/application/extension/APIManagementProviderService.java @@ -77,4 +77,18 @@ public interface APIManagementProviderService { */ void removeAPIApplication(String applicationName, String username) throws APIManagerException; + /** + * To get access token for given scopes and for the given validity period + * @param scopes Scopes + * @param tags Tags + * @param applicationName Application Name + * @param tokenType Token Type + * @param validityPeriod Validity Period + * @return {@link String} Access Token + * @throws APIManagerException if error occurred while getting the access token for given scopes, + * validity period etc. + */ + String getAccessToken(String scopes, String[] tags, String applicationName, String tokenType, String validityPeriod) + throws APIManagerException; + } diff --git a/components/apimgt-extensions/org.wso2.carbon.apimgt.application.extension/src/main/java/org/wso2/carbon/apimgt/application/extension/APIManagementProviderServiceImpl.java b/components/apimgt-extensions/org.wso2.carbon.apimgt.application.extension/src/main/java/org/wso2/carbon/apimgt/application/extension/APIManagementProviderServiceImpl.java index 7c1609304ea..1a77dbf680a 100644 --- a/components/apimgt-extensions/org.wso2.carbon.apimgt.application.extension/src/main/java/org/wso2/carbon/apimgt/application/extension/APIManagementProviderServiceImpl.java +++ b/components/apimgt-extensions/org.wso2.carbon.apimgt.application.extension/src/main/java/org/wso2/carbon/apimgt/application/extension/APIManagementProviderServiceImpl.java @@ -21,6 +21,7 @@ package org.wso2.carbon.apimgt.application.extension; import feign.FeignException; import org.apache.commons.logging.Log; import org.apache.commons.logging.LogFactory; +import org.wso2.carbon.apimgt.application.extension.bean.APIRegistrationProfile; import org.wso2.carbon.apimgt.application.extension.constants.ApiApplicationConstants; import org.wso2.carbon.apimgt.application.extension.dto.ApiApplicationKey; import org.wso2.carbon.apimgt.application.extension.exception.APIManagerException; @@ -30,6 +31,11 @@ import org.wso2.carbon.apimgt.integration.client.OAuthRequestInterceptor; import org.wso2.carbon.apimgt.integration.client.store.StoreClient; import org.wso2.carbon.apimgt.integration.generated.client.store.model.*; import org.wso2.carbon.context.PrivilegedCarbonContext; +import org.wso2.carbon.identity.jwt.client.extension.JWTClient; +import org.wso2.carbon.identity.jwt.client.extension.dto.AccessTokenInfo; +import org.wso2.carbon.identity.jwt.client.extension.exception.JWTClientException; +import org.wso2.carbon.identity.jwt.client.extension.service.JWTClientManagerService; +import org.wso2.carbon.user.api.UserStoreException; import org.wso2.carbon.utils.multitenancy.MultitenantConstants; import java.util.ArrayList; @@ -230,4 +236,87 @@ public class APIManagementProviderServiceImpl implements APIManagementProviderSe return this.generateAndRetrieveApplicationKeys(applicationName, tags, keyType, username, isAllowedAllDomains, validityTime, null); } + + @Override + public String getAccessToken(String scopes, String[] tags, String applicationName, String tokenType, + String validityPeriod) throws APIManagerException { + try { + String tenantDomain = PrivilegedCarbonContext.getThreadLocalCarbonContext().getTenantDomain(true); + ApiApplicationKey clientCredentials = getClientCredentials(tenantDomain, tags, applicationName, tokenType, + validityPeriod); + + if (clientCredentials == null) { + String msg = "Oauth Application creation is failed."; + log.error(msg); + throw new APIManagerException(msg); + } + + String user = + PrivilegedCarbonContext.getThreadLocalCarbonContext().getUsername() + "@" + PrivilegedCarbonContext + .getThreadLocalCarbonContext().getTenantDomain(true); + + JWTClientManagerService jwtClientManagerService = APIApplicationManagerExtensionDataHolder.getInstance() + .getJwtClientManagerService(); + JWTClient jwtClient = jwtClientManagerService.getJWTClient(); + AccessTokenInfo accessTokenForAdmin = jwtClient + .getAccessToken(clientCredentials.getConsumerKey(), clientCredentials.getConsumerSecret(), user, + scopes); + + return accessTokenForAdmin.getAccessToken(); + } catch (JWTClientException e) { + String msg = "JWT Error occurred while registering Application to get access token."; + log.error(msg, e); + throw new APIManagerException(msg, e); + } catch (APIManagerException e) { + String msg = "Error occurred while getting access tokens."; + log.error(msg, e); + throw new APIManagerException(msg, e); + } catch (UserStoreException e) { + String msg = "User management exception when getting client credentials."; + log.error(msg, e); + throw new APIManagerException(msg, e); + } + } + + /** + * Get Client credentials + * @param tenantDomain Tenant Domain + * @param tags Tags + * @param applicationName Application Name + * @param tokenType Token Type + * @param validityPeriod Validity Period + * @return {@link ApiApplicationKey} + * @throws APIManagerException if error occurred while generating access token + * @throws UserStoreException if error ocurred while getting admin username. + */ + private ApiApplicationKey getClientCredentials(String tenantDomain, String[] tags, String applicationName, + String tokenType, String validityPeriod) throws APIManagerException, UserStoreException { + + APIRegistrationProfile registrationProfile = new APIRegistrationProfile(); + registrationProfile.setAllowedToAllDomains(false); + registrationProfile.setMappingAnExistingOAuthApp(false); + registrationProfile.setTags(tags); + registrationProfile.setApplicationName(applicationName); + + ApiApplicationKey info = null; + if (tenantDomain == null || tenantDomain.isEmpty()) { + tenantDomain = MultitenantConstants.SUPER_TENANT_DOMAIN_NAME; + } + try { + PrivilegedCarbonContext.startTenantFlow(); + PrivilegedCarbonContext.getThreadLocalCarbonContext().setTenantDomain(tenantDomain, true); + PrivilegedCarbonContext.getThreadLocalCarbonContext().setUsername( + PrivilegedCarbonContext.getThreadLocalCarbonContext().getUserRealm().getRealmConfiguration() + .getAdminUserName()); + + if (registrationProfile.getUsername() == null || registrationProfile.getUsername().isEmpty()) { + info = generateAndRetrieveApplicationKeys(registrationProfile.getApplicationName(), + registrationProfile.getTags(), tokenType, registrationProfile.getApplicationName(), + registrationProfile.isAllowedToAllDomains(), validityPeriod); + } + } finally { + PrivilegedCarbonContext.endTenantFlow(); + } + return info; + } } diff --git a/components/apimgt-extensions/org.wso2.carbon.apimgt.application.extension/src/main/java/org/wso2/carbon/apimgt/application/extension/bean/APIRegistrationProfile.java b/components/apimgt-extensions/org.wso2.carbon.apimgt.application.extension/src/main/java/org/wso2/carbon/apimgt/application/extension/bean/APIRegistrationProfile.java new file mode 100644 index 00000000000..2bacdac9222 --- /dev/null +++ b/components/apimgt-extensions/org.wso2.carbon.apimgt.application.extension/src/main/java/org/wso2/carbon/apimgt/application/extension/bean/APIRegistrationProfile.java @@ -0,0 +1,77 @@ +/* + * Copyright (c) 2021, Entgra (Pvt) Ltd. (http://www.entgra.io) All Rights Reserved. + * + * Entgra (Pvt) Ltd. licenses this file to you under the Apache License, + * Version 2.0 (the "License"); you may not use this file except + * in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, + * software distributed under the License is distributed on an + * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY + * KIND, either express or implied. See the License for the + * specific language governing permissions and limitations + * under the License. + */ + +package org.wso2.carbon.apimgt.application.extension.bean; + +public class APIRegistrationProfile { + private String applicationName; + private String tags[]; + private boolean isAllowedToAllDomains; + private boolean isMappingAnExistingOAuthApp; + private String username; + private String password; + + public String getUsername() { + return username; + } + + public void setUsername(String username) { + this.username = username; + } + + public String getPassword() { + return password; + } + + public void setPassword(String password) { + this.password = password; + } + + public String getApplicationName() { + return applicationName; + } + + public void setApplicationName(String applicationName) { + this.applicationName = applicationName; + } + + public String[] getTags() { + return tags; + } + + public void setTags(String[] tags) { + this.tags = tags; + } + + public boolean isAllowedToAllDomains() { + return isAllowedToAllDomains; + } + + public void setAllowedToAllDomains(boolean allowedToAllDomains) { + isAllowedToAllDomains = allowedToAllDomains; + } + + public boolean isMappingAnExistingOAuthApp() { + return isMappingAnExistingOAuthApp; + } + + public void setMappingAnExistingOAuthApp(boolean mappingAnExistingOAuthApp) { + isMappingAnExistingOAuthApp = mappingAnExistingOAuthApp; + } + +} diff --git a/components/apimgt-extensions/org.wso2.carbon.apimgt.application.extension/src/main/java/org/wso2/carbon/apimgt/application/extension/internal/APIApplicationManagerExtensionDataHolder.java b/components/apimgt-extensions/org.wso2.carbon.apimgt.application.extension/src/main/java/org/wso2/carbon/apimgt/application/extension/internal/APIApplicationManagerExtensionDataHolder.java index cf7cbadea43..90f297e6d3a 100644 --- a/components/apimgt-extensions/org.wso2.carbon.apimgt.application.extension/src/main/java/org/wso2/carbon/apimgt/application/extension/internal/APIApplicationManagerExtensionDataHolder.java +++ b/components/apimgt-extensions/org.wso2.carbon.apimgt.application.extension/src/main/java/org/wso2/carbon/apimgt/application/extension/internal/APIApplicationManagerExtensionDataHolder.java @@ -19,11 +19,15 @@ package org.wso2.carbon.apimgt.application.extension.internal; import org.wso2.carbon.apimgt.application.extension.APIManagementProviderService; import org.wso2.carbon.apimgt.integration.client.service.IntegrationClientService; +import org.wso2.carbon.context.PrivilegedCarbonContext; +import org.wso2.carbon.identity.jwt.client.extension.service.JWTClientManagerService; import org.wso2.carbon.registry.core.service.TenantRegistryLoader; import org.wso2.carbon.registry.indexing.service.TenantIndexingLoader; import org.wso2.carbon.user.core.service.RealmService; import org.wso2.carbon.user.core.tenant.TenantManager; +import java.util.Hashtable; + public class APIApplicationManagerExtensionDataHolder { private static APIApplicationManagerExtensionDataHolder thisInstance = new APIApplicationManagerExtensionDataHolder(); private APIManagementProviderService apiManagementProviderService; @@ -32,6 +36,7 @@ public class APIApplicationManagerExtensionDataHolder { private TenantRegistryLoader tenantRegistryLoader; private TenantIndexingLoader indexLoader; private IntegrationClientService integrationClientService; + private JWTClientManagerService jwtClientManagerService; private APIApplicationManagerExtensionDataHolder() { } @@ -97,4 +102,16 @@ public class APIApplicationManagerExtensionDataHolder { IntegrationClientService integrationClientService) { this.integrationClientService = integrationClientService; } + + public JWTClientManagerService getJwtClientManagerService() { + if (jwtClientManagerService == null) { + PrivilegedCarbonContext ctx = PrivilegedCarbonContext.getThreadLocalCarbonContext(); + jwtClientManagerService = (JWTClientManagerService)ctx.getOSGiService(JWTClientManagerService.class, (Hashtable)null); + } + return jwtClientManagerService; + } + + public void setJwtClientManagerService(JWTClientManagerService jwtClientManagerService) { + this.jwtClientManagerService = jwtClientManagerService; + } } diff --git a/components/apimgt-extensions/org.wso2.carbon.apimgt.application.extension/src/main/java/org/wso2/carbon/apimgt/application/extension/internal/APIApplicationManagerExtensionServiceComponent.java b/components/apimgt-extensions/org.wso2.carbon.apimgt.application.extension/src/main/java/org/wso2/carbon/apimgt/application/extension/internal/APIApplicationManagerExtensionServiceComponent.java index 18bdec251af..9d28c89f167 100644 --- a/components/apimgt-extensions/org.wso2.carbon.apimgt.application.extension/src/main/java/org/wso2/carbon/apimgt/application/extension/internal/APIApplicationManagerExtensionServiceComponent.java +++ b/components/apimgt-extensions/org.wso2.carbon.apimgt.application.extension/src/main/java/org/wso2/carbon/apimgt/application/extension/internal/APIApplicationManagerExtensionServiceComponent.java @@ -58,16 +58,20 @@ import org.wso2.carbon.user.core.service.RealmService; */ public class APIApplicationManagerExtensionServiceComponent { - private static Log log = LogFactory.getLog(APIApplicationManagerExtensionServiceComponent.class); + private static final Log log = LogFactory.getLog(APIApplicationManagerExtensionServiceComponent.class); protected void activate(ComponentContext componentContext) { - if (log.isDebugEnabled()) { - log.debug("Initializing device extension bundle"); + try { + if (log.isDebugEnabled()) { + log.debug("Initializing device extension bundle"); + } + APIManagementProviderService apiManagementProviderService = new APIManagementProviderServiceImpl(); + APIApplicationManagerExtensionDataHolder.getInstance().setAPIManagementProviderService(apiManagementProviderService); + BundleContext bundleContext = componentContext.getBundleContext(); + bundleContext.registerService(APIManagementProviderService.class.getName(), apiManagementProviderService, null); + } catch (Throwable e) { + log.error("Error occurred while initializing API application management extension bundle", e); } - APIManagementProviderService apiManagementProviderService = new APIManagementProviderServiceImpl(); - APIApplicationManagerExtensionDataHolder.getInstance().setAPIManagementProviderService(apiManagementProviderService); - BundleContext bundleContext = componentContext.getBundleContext(); - bundleContext.registerService(APIManagementProviderService.class.getName(), apiManagementProviderService, null); } protected void deactivate(ComponentContext componentContext) {