From 995c59da24efbe3bde8ae85d7b529da7c899c860 Mon Sep 17 00:00:00 2001 From: Deenath Geeganage Date: Wed, 8 Mar 2023 15:30:28 +0530 Subject: [PATCH] Add BackChannel during DCR added an api invocation that would enable and add backChannel logout url to the Identity server per request Handler --- .../request/interceptor/SessionIdStore.java | 2 +- .../request/interceptor/SsoLoginHandler.java | 31 +++++++++++++++++-- .../interceptor/SsoLogoutCallbackHandler.java | 2 +- .../request/interceptor/SsoLogoutHandler.java | 8 ++++- .../interceptor/util/HandlerConstants.java | 4 +++ 5 files changed, 42 insertions(+), 5 deletions(-) diff --git a/components/ui-request-interceptor/io.entgra.ui.request.interceptor/src/main/java/io/entgra/ui/request/interceptor/SessionIdStore.java b/components/ui-request-interceptor/io.entgra.ui.request.interceptor/src/main/java/io/entgra/ui/request/interceptor/SessionIdStore.java index b59ef145668..53625431b94 100644 --- a/components/ui-request-interceptor/io.entgra.ui.request.interceptor/src/main/java/io/entgra/ui/request/interceptor/SessionIdStore.java +++ b/components/ui-request-interceptor/io.entgra.ui.request.interceptor/src/main/java/io/entgra/ui/request/interceptor/SessionIdStore.java @@ -1,5 +1,5 @@ /* - * Copyright (c) 2019, Entgra (Pvt) Ltd. (http://www.entgra.io) All Rights Reserved. + * Copyright (c) 2023, Entgra (Pvt) Ltd. (http://www.entgra.io) All Rights Reserved. * * Entgra (Pvt) Ltd. licenses this file to you under the Apache License, * Version 2.0 (the "License"); you may not use this file except diff --git a/components/ui-request-interceptor/io.entgra.ui.request.interceptor/src/main/java/io/entgra/ui/request/interceptor/SsoLoginHandler.java b/components/ui-request-interceptor/io.entgra.ui.request.interceptor/src/main/java/io/entgra/ui/request/interceptor/SsoLoginHandler.java index adb09e1f8c4..78dc619d371 100644 --- a/components/ui-request-interceptor/io.entgra.ui.request.interceptor/src/main/java/io/entgra/ui/request/interceptor/SsoLoginHandler.java +++ b/components/ui-request-interceptor/io.entgra.ui.request.interceptor/src/main/java/io/entgra/ui/request/interceptor/SsoLoginHandler.java @@ -244,6 +244,9 @@ public class SsoLoginHandler extends HttpServlet { return; } HandlerUtil.handleError(resp, null); + + // Enables BackChannelLogout + enableBackChannelLogout(); } catch (IOException e) { log.error("Error occurred while sending the response into the socket. ", e); } catch (JsonSyntaxException e) { @@ -311,10 +314,14 @@ public class SsoLoginHandler extends HttpServlet { String logoutRedirect = ""; if (applicationName.equals("entgra")) { logoutRedirect = iotsCoreUrl + "/endpoint-mgt"; - } else { + } else if (applicationName.equals("publisher")) { + logoutRedirect = iotsCoreUrl + "/app-publisher"; + } + else{ logoutRedirect = (iotsCoreUrl + "/" + applicationName); } - jsonObject.put(HandlerConstants.CALLBACK_URL_KEY, "regexp=(" + iotsCoreUrl + baseContextPath + HandlerConstants.SSO_LOGIN_CALLBACK + "|" + logoutRedirect + ")"); + jsonObject.put(HandlerConstants.CALLBACK_URL_KEY, "regexp=(" + iotsCoreUrl + baseContextPath + + HandlerConstants.SSO_LOGIN_CALLBACK + "|" + logoutRedirect + ")"); String payload = jsonObject.toString(); return new StringEntity(payload, ContentType.APPLICATION_JSON); } @@ -470,4 +477,24 @@ public class SsoLoginHandler extends HttpServlet { HandlerUtil.execute(updateApplicationEndpoint); } + + /*** + * Enables Backchannel Logout + * This Invokes the Identity server and updates its specific application with logoutCallBackHandler URL + */ + private void enableBackChannelLogout() throws IOException { + String apiUpdateOAuth = iotsCoreUrl + HandlerConstants.IDENTITY_DCR_ENDPOINT + oAuthApp.getClientId(); + HttpPut setBackChannelLogout = new HttpPut(apiUpdateOAuth); + setBackChannelLogout.setHeader(HttpHeaders.AUTHORIZATION, HandlerConstants.BASIC + + encodedAdminCredentials); + setBackChannelLogout.setHeader(HttpHeaders.CONTENT_TYPE, ContentType.APPLICATION_JSON.toString()); + JsonObject jsonObject = new JsonObject(); + jsonObject.addProperty(HandlerConstants.BACKCHANNEL_LOGOUT_URI, iotsCoreUrl + baseContextPath + + HandlerConstants.SSO_LOGOUT_CALLBACK); + jsonObject.addProperty(HandlerConstants.BACKCHANNEL_LOGOUT_SESSION_REQUIRED, true); + String payload = jsonObject.toString(); + setBackChannelLogout.setEntity(new StringEntity(payload, ContentType.APPLICATION_JSON)); + + HandlerUtil.execute(setBackChannelLogout); + } } diff --git a/components/ui-request-interceptor/io.entgra.ui.request.interceptor/src/main/java/io/entgra/ui/request/interceptor/SsoLogoutCallbackHandler.java b/components/ui-request-interceptor/io.entgra.ui.request.interceptor/src/main/java/io/entgra/ui/request/interceptor/SsoLogoutCallbackHandler.java index 87b36a2e335..7131ba2b284 100644 --- a/components/ui-request-interceptor/io.entgra.ui.request.interceptor/src/main/java/io/entgra/ui/request/interceptor/SsoLogoutCallbackHandler.java +++ b/components/ui-request-interceptor/io.entgra.ui.request.interceptor/src/main/java/io/entgra/ui/request/interceptor/SsoLogoutCallbackHandler.java @@ -1,5 +1,5 @@ /* - * Copyright (c) 2019, Entgra (Pvt) Ltd. (http://www.entgra.io) All Rights Reserved. + * Copyright (c) 2023, Entgra (Pvt) Ltd. (http://www.entgra.io) All Rights Reserved. * * Entgra (Pvt) Ltd. licenses this file to you under the Apache License, * Version 2.0 (the "License"); you may not use this file except diff --git a/components/ui-request-interceptor/io.entgra.ui.request.interceptor/src/main/java/io/entgra/ui/request/interceptor/SsoLogoutHandler.java b/components/ui-request-interceptor/io.entgra.ui.request.interceptor/src/main/java/io/entgra/ui/request/interceptor/SsoLogoutHandler.java index 38f553c81c5..8e89ae268a8 100644 --- a/components/ui-request-interceptor/io.entgra.ui.request.interceptor/src/main/java/io/entgra/ui/request/interceptor/SsoLogoutHandler.java +++ b/components/ui-request-interceptor/io.entgra.ui.request.interceptor/src/main/java/io/entgra/ui/request/interceptor/SsoLogoutHandler.java @@ -51,7 +51,10 @@ public class SsoLogoutHandler extends HttpServlet { String logoutRedirect = ""; if (applicationName.equals("entgra")) { logoutRedirect = iotsCoreUrl + "/endpoint-mgt"; - } else { + } else if(applicationName.equals("publisher")) { + logoutRedirect = iotsCoreUrl + "/app-publisher"; + } + else{ logoutRedirect = (iotsCoreUrl + "/" + applicationName); } @@ -68,6 +71,9 @@ public class SsoLogoutHandler extends HttpServlet { resp.sendRedirect(redirect); } catch (IOException e) { log.error("Error occured while redirecting"); + } catch (NullPointerException e) { + log.error("Invalid Session"); + resp.setStatus(401); } } } diff --git a/components/ui-request-interceptor/io.entgra.ui.request.interceptor/src/main/java/io/entgra/ui/request/interceptor/util/HandlerConstants.java b/components/ui-request-interceptor/io.entgra.ui.request.interceptor/src/main/java/io/entgra/ui/request/interceptor/util/HandlerConstants.java index bf9947a9af1..f1062d7d53e 100644 --- a/components/ui-request-interceptor/io.entgra.ui.request.interceptor/src/main/java/io/entgra/ui/request/interceptor/util/HandlerConstants.java +++ b/components/ui-request-interceptor/io.entgra.ui.request.interceptor/src/main/java/io/entgra/ui/request/interceptor/util/HandlerConstants.java @@ -30,6 +30,10 @@ public class HandlerConstants { public static final String IDENTITY_APP_MGT_ENDPOINT = "/services/IdentityApplicationManagementService.IdentityApplicationManagementServiceHttpsSoap11Endpoint"; public static final String LOGIN_PAGE = "/login"; public static final String SSO_LOGIN_CALLBACK = "/ssoLoginCallback"; + public static final String SSO_LOGOUT_CALLBACK = "/ssoLogoutCallback"; + public static final String IDENTITY_DCR_ENDPOINT = "/api/identity/oauth2/dcr/v1.1/register/"; + public static final String BACKCHANNEL_LOGOUT_URI = "backchannel_logout_uri"; + public static final String BACKCHANNEL_LOGOUT_SESSION_REQUIRED= "backchannel_logout_session_required"; public static final String BASIC = "Basic "; public static final String BEARER = "Bearer "; public static final String X_FRAME_OPTIONS = "X-Frame-Options";