deenath
/
device-mgt-core
forked from community/device-mgt-core
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

added web app tenant authorisation for tenant for non managed api scenario

Browse Source
revert-70aa11f8
ayyoob 9 years ago
parent 3a3e9cc649
commit 733884cba7
2 changed files with 62 additions and 0 deletions
Show Stats Download Patch File Download Diff File

13
components/webapp-authenticator-framework/org.wso2.carbon.webapp.authenticator.framework/src/main/java/org/wso2/carbon/webapp/authenticator/framework/WebappAuthenticationValve.java
Unescape View File

@ -26,6 +26,7 @@ import org.wso2.carbon.context.PrivilegedCarbonContext;
import org.wso2.carbon.tomcat.ext.valves.CarbonTomcatValve; import org.wso2.carbon.tomcat.ext.valves.CarbonTomcatValve;
import org.wso2.carbon.tomcat.ext.valves.CompositeValve; import org.wso2.carbon.tomcat.ext.valves.CompositeValve;
import org.wso2.carbon.webapp.authenticator.framework.authenticator.WebappAuthenticator; import org.wso2.carbon.webapp.authenticator.framework.authenticator.WebappAuthenticator;
import org.wso2.carbon.webapp.authenticator.framework.authorizer.WebappTenantAuthorizer;
import javax.servlet.http.HttpServletResponse; import javax.servlet.http.HttpServletResponse;
import java.util.HashMap; import java.util.HashMap;
@ -44,6 +45,8 @@ public class WebappAuthenticationValve extends CarbonTomcatValve {
return; return;
} }
WebappAuthenticator authenticator = WebappAuthenticatorFactory.getAuthenticator(request); WebappAuthenticator authenticator = WebappAuthenticatorFactory.getAuthenticator(request);
if (authenticator == null) { if (authenticator == null) {
String msg = "Failed to load an appropriate authenticator to authenticate the request"; String msg = "Failed to load an appropriate authenticator to authenticate the request";
@ -51,6 +54,11 @@ public class WebappAuthenticationValve extends CarbonTomcatValve {
return; return;
} }
AuthenticationInfo authenticationInfo = authenticator.authenticate(request, response); AuthenticationInfo authenticationInfo = authenticator.authenticate(request, response);
if (isManagedAPI(request) && (authenticationInfo.getStatus() == WebappAuthenticator.Status.CONTINUE ||
authenticationInfo.getStatus() == WebappAuthenticator.Status.SUCCESS)) {
WebappAuthenticator.Status status = WebappTenantAuthorizer.authorize(request, authenticationInfo);
authenticationInfo.setStatus(status);
}
if (authenticationInfo.getTenantId() != -1) { if (authenticationInfo.getTenantId() != -1) {
try { try {
PrivilegedCarbonContext.startTenantFlow(); PrivilegedCarbonContext.startTenantFlow();
@ -77,6 +85,11 @@ public class WebappAuthenticationValve extends CarbonTomcatValve {
return (param == null || !Boolean.parseBoolean(param) || isNonSecuredEndPoint(request)); return (param == null || !Boolean.parseBoolean(param) || isNonSecuredEndPoint(request));
} }
private boolean isManagedAPI(Request request) {
String param = request.getContext().findParameter("managed-api-enabled");
return (param != null && Boolean.parseBoolean(param));
}
private boolean isContextSkipped(Request request) { private boolean isContextSkipped(Request request) {
String ctx = request.getContext().getPath(); String ctx = request.getContext().getPath();
if (ctx == null || "".equals(ctx)) { if (ctx == null || "".equals(ctx)) {

49
components/webapp-authenticator-framework/org.wso2.carbon.webapp.authenticator.framework/src/main/java/org/wso2/carbon/webapp/authenticator/framework/authorizer/WebappTenantAuthorizer.java
Unescape View File

@ -0,0 +1,49 @@
/*
* Copyright (c) 2015, WSO2 Inc. (http://www.wso2.org) All Rights Reserved.
*
* WSO2 Inc. licenses this file to you under the Apache License,
* Version 2.0 (the "License"); you may not use this file except
* in compliance with the License.
* You may obtain a copy of the License at
*
* http://www.apache.org/licenses/LICENSE-2.0
*
* Unless required by applicable law or agreed to in writing,
* software distributed under the License is distributed on an
* "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
* KIND, either express or implied. See the License for the
* specific language governing permissions and limitations
* under the License.
*/
package org.wso2.carbon.webapp.authenticator.framework.authorizer;
import org.apache.catalina.connector.Request;
import org.wso2.carbon.webapp.authenticator.framework.AuthenticationInfo;
import org.wso2.carbon.webapp.authenticator.framework.authenticator.WebappAuthenticator;
/**
* This class represents the methods that are used to authorize requests based on the tenant subscription.
*/
public class WebappTenantAuthorizer {
private static final String SHARED_WITH_ALL_TENANTS_PARAM_NAME = "isSharedWithAllTenants";
private static final String PROVIDER_TENANT_DOMAIN_PARAM_NAME = "providerTenantDomain";
public static WebappAuthenticator.Status authorize(Request request, AuthenticationInfo authenticationInfo) {
String tenantDomain = authenticationInfo.getTenantDomain();
if (tenantDomain != null && isSharedWithAllTenants(request) || isProviderTenant(request, tenantDomain)) {
return WebappAuthenticator.Status.CONTINUE;
}
return WebappAuthenticator.Status.FAILURE;
}
private static boolean isSharedWithAllTenants(Request request) {
String param = request.getContext().findParameter(SHARED_WITH_ALL_TENANTS_PARAM_NAME);
return (param == null || Boolean.parseBoolean(param));
}
private static boolean isProviderTenant(Request request, String requestTenantDomain) {
String param = request.getContext().findParameter(PROVIDER_TENANT_DOMAIN_PARAM_NAME);
return (param == null || requestTenantDomain.equals(param));
}
}
Write Preview
Loading…
Cancel
Save