master
Amalka Subasinghe 4 years ago
parent 23b25fb540
commit 0162753d6a

@ -123,6 +123,7 @@ public class APIManagementProviderServiceImpl implements APIManagementProviderSe
application = new Application(applicationName, subscriber);
application.setTier(ApiApplicationConstants.DEFAULT_TIER);
application.setGroupId("");
application.setTokenType("OAUTH");
apiConsumer.addApplication(application, username);
application = apiConsumer.getApplicationsByName(username, applicationName, "");
} else {

@ -24,7 +24,6 @@ import com.google.gson.JsonObject;
import com.google.gson.JsonParser;
import com.google.gson.JsonSyntaxException;
import io.entgra.ui.request.interceptor.beans.AuthData;
import io.entgra.ui.request.interceptor.beans.ProxyResponse;
import io.entgra.ui.request.interceptor.exceptions.LoginException;
import io.entgra.ui.request.interceptor.util.HandlerConstants;
import io.entgra.ui.request.interceptor.util.HandlerUtil;
@ -35,12 +34,8 @@ import org.apache.http.HttpStatus;
import org.apache.http.client.methods.HttpPost;
import org.apache.http.entity.ContentType;
import org.apache.http.entity.StringEntity;
import org.wso2.carbon.apimgt.application.extension.APIManagementProviderService;
import org.wso2.carbon.apimgt.application.extension.APIManagementProviderServiceImpl;
import org.wso2.carbon.apimgt.application.extension.constants.ApiApplicationConstants;
import org.wso2.carbon.apimgt.application.extension.dto.ApiApplicationKey;
import org.wso2.carbon.apimgt.application.extension.exception.APIManagerException;
import org.wso2.carbon.context.PrivilegedCarbonContext;
import org.apache.http.protocol.HTTP;
import io.entgra.ui.request.interceptor.beans.ProxyResponse;
import javax.servlet.annotation.MultipartConfig;
import javax.servlet.annotation.WebServlet;
@ -49,9 +44,7 @@ import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;
import javax.servlet.http.HttpSession;
import java.io.IOException;
import java.util.ArrayList;
import java.util.Base64;
import java.util.List;
@MultipartConfig
@WebServlet("/login")
@ -76,38 +69,28 @@ public class LoginHandler extends HttpServlet {
httpSession = req.getSession(true);
//setting session to expiry in 5 minutes
httpSession.setMaxInactiveInterval(Math.toIntExact(HandlerConstants.TIMEOUT));
//todo: amalka do we need this remote call?
JsonObject uiConfigJsonObject = HandlerUtil.getUIConfigAndPersistInSession(
uiConfigUrl, gatewayUrl, httpSession, resp);
JsonArray tags = uiConfigJsonObject.get("appRegistration").getAsJsonObject().get("tags").getAsJsonArray();
JsonArray scopes = uiConfigJsonObject.get("scopes").getAsJsonArray();
List<String> list = new ArrayList<String>();
for(int i=0; i < tags.size(); i++) {
list.add(tags.get(i).getAsString());
}
String[] tagsAsStringArray = list.toArray(new String[list.size()]);
HttpPost apiRegEndpoint = new HttpPost(gatewayUrl + HandlerConstants.APP_REG_ENDPOINT);
apiRegEndpoint.setHeader(HttpHeaders.AUTHORIZATION, HandlerConstants.BASIC + Base64.getEncoder()
.encodeToString((username + HandlerConstants.COLON + password).getBytes()));
apiRegEndpoint.setHeader(HTTP.CONTENT_TYPE, ContentType.APPLICATION_JSON.toString());
apiRegEndpoint.setEntity(HandlerUtil.constructAppRegPayload(
tags, HandlerConstants.PUBLISHER_APPLICATION_NAME, username, password));
String scopeString = HandlerUtil.getScopeString(scopes);
ProxyResponse clientAppResponse = HandlerUtil.execute(apiRegEndpoint);
if (scopeString != null) {
scopeString = scopeString.trim();
} else {
scopeString = "default";
if (clientAppResponse.getCode() == HttpStatus.SC_UNAUTHORIZED) {
HandlerUtil.handleError(resp, clientAppResponse);
return;
}
APIManagementProviderService apiManagementProviderService = new APIManagementProviderServiceImpl();
ApiApplicationKey apiApplicationKey = apiManagementProviderService.generateAndRetrieveApplicationKeys(
HandlerConstants.PUBLISHER_APPLICATION_NAME,
tagsAsStringArray, HandlerConstants.PRODUCTION_KEY, username, false,
ApiApplicationConstants.DEFAULT_VALIDITY_PERIOD);
if (apiApplicationKey != null && getTokenAndPersistInSession(apiApplicationKey.getConsumerKey(),
apiApplicationKey.getConsumerSecret(), req, resp, scopes)) {
log.info("tenantDomain : " + PrivilegedCarbonContext.getThreadLocalCarbonContext().getTenantDomain());
log.info("username : " + PrivilegedCarbonContext.getThreadLocalCarbonContext().getUsername());
if (clientAppResponse.getCode() == HttpStatus.SC_CREATED && getTokenAndPersistInSession(req, resp,
clientAppResponse.getData(), scopes)) {
ProxyResponse proxyResponse = new ProxyResponse();
proxyResponse.setCode(HttpStatus.SC_OK);
HandlerUtil.handleSuccess(resp, proxyResponse);
@ -120,8 +103,6 @@ public class LoginHandler extends HttpServlet {
log.error("Error occurred while parsing the response. ", e);
} catch (LoginException e) {
log.error("Error occurred while getting token data. ", e);
} catch (APIManagerException e) {
log.error("Error occurred while creating application. ", e);
}
}
@ -129,15 +110,19 @@ public class LoginHandler extends HttpServlet {
* Generates token from token endpoint and persists them inside the session
*
* @param req - {@link HttpServletRequest}
// * @param clientAppResult - clientAppResult
* @param clientAppResult - clientAppResult
* @param scopes - scopes defied in the application-mgt.xml
* @throws LoginException - login exception throws when getting token result
*/
private boolean getTokenAndPersistInSession(String clientId, String clientSecret, HttpServletRequest req,
HttpServletResponse resp, JsonArray scopes) throws LoginException {
private boolean getTokenAndPersistInSession(HttpServletRequest req, HttpServletResponse resp,
String clientAppResult, JsonArray scopes) throws LoginException {
JsonParser jsonParser = new JsonParser();
try {
if (clientId != null && clientSecret != null) {
JsonElement jClientAppResult = jsonParser.parse(clientAppResult);
if (jClientAppResult.isJsonObject()) {
JsonObject jClientAppResultAsJsonObject = jClientAppResult.getAsJsonObject();
String clientId = jClientAppResultAsJsonObject.get("client_id").getAsString();
String clientSecret = jClientAppResultAsJsonObject.get("client_secret").getAsString();
String encodedClientApp = Base64.getEncoder()
.encodeToString((clientId + HandlerConstants.COLON + clientSecret).getBytes());
@ -189,9 +174,6 @@ public class LoginHandler extends HttpServlet {
if (HandlerConstants.HTTP_PROTOCOL.equals(req.getScheme())) {
iotsCorePort = System.getProperty("iot.core.http.port");
}
String keyManagerPort = System.getProperty("iot.keymanager.https.port");
username = req.getParameter("username");
password = req.getParameter("password");
gatewayUrl = req.getScheme() + HandlerConstants.SCHEME_SEPARATOR + System.getProperty("iot.gateway.host")
@ -199,8 +181,8 @@ public class LoginHandler extends HttpServlet {
uiConfigUrl = req.getScheme() + HandlerConstants.SCHEME_SEPARATOR + System.getProperty("iot.core.host")
+ HandlerConstants.COLON + iotsCorePort + HandlerConstants.UI_CONFIG_ENDPOINT;
keyManagerUrl = HandlerConstants.HTTPS_PROTOCOL + HandlerConstants.SCHEME_SEPARATOR +
System.getProperty("iot.keymanager.host") + HandlerConstants.COLON + keyManagerPort;
System.getProperty("iot.keymanager.host") + HandlerConstants.COLON
+ System.getProperty("iot.keymanager.https.port");
if (username == null || password == null) {
String msg = "Invalid login request. Username or Password is not received for login request.";
log.error(msg);

@ -60,8 +60,11 @@ public class SsoLoginCallbackHandler extends HttpServlet {
+ HandlerConstants.COLON + HandlerUtil.getGatewayPort(req.getScheme());
String iotsCoreUrl = req.getScheme() + HandlerConstants.SCHEME_SEPARATOR + System.getProperty("iot.core.host")
+ HandlerConstants.COLON + iotsCorePort;
String keyManagerUrl = req.getScheme() + HandlerConstants.SCHEME_SEPARATOR
+ System.getProperty("iot.keymanager.host") + HandlerConstants.COLON
+ System.getProperty("iot.keymanager.https.port");
HttpPost tokenEndpoint = new HttpPost(gatewayUrl + HandlerConstants.TOKEN_ENDPOINT);
HttpPost tokenEndpoint = new HttpPost(keyManagerUrl + HandlerConstants.TOKEN_ENDPOINT);
tokenEndpoint.setHeader(HttpHeaders.AUTHORIZATION, HandlerConstants.BASIC + session.getAttribute("encodedClientApp"));
tokenEndpoint.setHeader(HttpHeaders.CONTENT_TYPE, ContentType.APPLICATION_FORM_URLENCODED.toString());

@ -69,6 +69,7 @@ public class SsoLoginHandler extends HttpServlet {
private static String adminPassword;
private static String gatewayUrl;
private static String iotsCoreUrl;
private static String keyManagerUrl;
private static String encodedAdminCredentials;
private static String encodedClientApp;
private static String applicationId;
@ -101,7 +102,7 @@ public class SsoLoginHandler extends HttpServlet {
*/
private void dynamicClientRegistration(HttpServletRequest req, HttpServletResponse resp) {
try {
File userMgtConf = new File("conf/user-mgt.xml");
File userMgtConf = new File("repository/conf/user-mgt.xml");
DocumentBuilderFactory dbFactory = DocumentBuilderFactory.newInstance();
DocumentBuilder dBuilder = dbFactory.newDocumentBuilder();
Document doc = dBuilder.parse(userMgtConf);
@ -123,6 +124,9 @@ public class SsoLoginHandler extends HttpServlet {
iotsCoreUrl = req.getScheme() + HandlerConstants.SCHEME_SEPARATOR + System.getProperty("iot.core.host")
+ HandlerConstants.COLON + iotsCorePort;
String uiConfigUrl = iotsCoreUrl + HandlerConstants.UI_CONFIG_ENDPOINT;
keyManagerUrl = HandlerConstants.HTTPS_PROTOCOL + HandlerConstants.SCHEME_SEPARATOR +
System.getProperty("iot.keymanager.host") + HandlerConstants.COLON
+ System.getProperty("iot.keymanager.https.port");
httpSession = req.getSession(false);
if (httpSession != null) {
@ -211,7 +215,7 @@ public class SsoLoginHandler extends HttpServlet {
ProxyResponse updateApplicationGrantTypesEndpointResponse = HandlerUtil.execute(updateApplicationGrantTypesEndpoint);
// Update app as a SaaS app
this.updateSaasApp(applicationName);
this.updateSaasApp(applicationId);
if (updateApplicationGrantTypesEndpointResponse.getCode() == HttpStatus.SC_UNAUTHORIZED) {
HandlerUtil.handleError(resp, updateApplicationGrantTypesEndpointResponse);
@ -262,7 +266,7 @@ public class SsoLoginHandler extends HttpServlet {
* @throws IOException IO exception throws if an error occurred when invoking token endpoint
*/
private ProxyResponse getTokenResult(String encodedClientApp) throws IOException {
HttpPost tokenEndpoint = new HttpPost(gatewayUrl + HandlerConstants.TOKEN_ENDPOINT);
HttpPost tokenEndpoint = new HttpPost(keyManagerUrl + HandlerConstants.TOKEN_ENDPOINT);
tokenEndpoint.setHeader(HttpHeaders.AUTHORIZATION, HandlerConstants.BASIC + encodedClientApp);
tokenEndpoint.setHeader(HttpHeaders.CONTENT_TYPE, ContentType.APPLICATION_FORM_URLENCODED.toString());

@ -25,7 +25,7 @@ public class HandlerConstants {
public static final String TOKEN_ENDPOINT = "/oauth2/token";
public static final String INTROSPECT_ENDPOINT = "/oauth2/introspect";
public static final String AUTHORIZATION_ENDPOINT = "/oauth2/authorize";
public static final String APIM_APPLICATIONS_ENDPOINT = "/api/am/store/v0.12/applications/";
public static final String APIM_APPLICATIONS_ENDPOINT = "/api/am/devportal/v2/applications/";
public static final String IDENTITY_APP_MGT_ENDPOINT = "/services/IdentityApplicationManagementService.IdentityApplicationManagementServiceHttpsSoap11Endpoint";
public static final String LOGIN_PAGE = "/login";
public static final String SSO_LOGIN_CALLBACK = "/ssoLoginCallback";
@ -67,7 +67,7 @@ public class HandlerConstants {
public static final String OTP_HEADER = "one-time-token";
public static final String AX_PREFIX = "ax2317:";
public static final String AX_PREFIX = "ax2251:";
public static final String PAYLOADS_DIR = "repository/resources/payloads";
public static final String SOAP_ACTION_HEADER = "SOAPAction";

@ -19,7 +19,7 @@
<UIConfiguration>
<EnableOAuth>true</EnableOAuth>
<EnableSSO>false</EnableSSO>
<EnableSSO>true</EnableSSO>
<AppRegistration>
<Tags>
<Tag>application_management</Tag>

@ -26,7 +26,7 @@
{% if mdm_ui_conf.enable_sso is defined %}
<EnableSSO>{{mdm_ui_conf.enable_sso}}</EnableSSO>
{% else %}
<EnableSSO>false</EnableSSO>
<EnableSSO>true</EnableSSO>
{% endif %}
<AppRegistration>
<Tags>

@ -4,3 +4,4 @@ org.eclipse.equinox.p2.touchpoint.natives.copy(source:${installFolder}/../featur
org.eclipse.equinox.p2.touchpoint.natives.copy(source:${installFolder}/../features/io.entgra.ui.request.interceptor_${feature.version}/webapps/ui-request-handler.war,target:${installFolder}/../../deployment/server/webapps/store-ui-request-handler.war,overwrite:true);\
org.eclipse.equinox.p2.touchpoint.natives.copy(source:${installFolder}/../features/io.entgra.ui.request.interceptor_${feature.version}/webapps/ui-request-handler.war,target:${installFolder}/../../deployment/server/webapps/entgra-ui-request-handler.war,overwrite:true);\
org.eclipse.equinox.p2.touchpoint.natives.copy(source:${installFolder}/../features/io.entgra.ui.request.interceptor_${feature.version}/webapps/ui-request-handler.war,target:${installFolder}/../../deployment/server/webapps/mdm-reports-ui-request-handler.war,overwrite:true);\
org.eclipse.equinox.p2.touchpoint.natives.copy(source:${installFolder}/../features/io.entgra.ui.request.interceptor_${feature.version}/payloads/,target:${installFolder}/../../resources/payloads/,overwrite:true);\

@ -0,0 +1,8 @@
<soapenv:Envelope xmlns:soapenv="http://schemas.xmlsoap.org/soap/envelope/" xmlns:xsd="http://org.apache.axis2/xsd">
<soapenv:Header/>
<soapenv:Body>
<xsd:getApplication>
<xsd:applicationName>${applicationName}</xsd:applicationName>
</xsd:getApplication>
</soapenv:Body>
</soapenv:Envelope>

@ -0,0 +1,55 @@
<?xml version="1.0" encoding="UTF-8"?>
<soapenv:Envelope xmlns:soapenv="http://schemas.xmlsoap.org/soap/envelope/" xmlns:xsd="http://org.apache.axis2/xsd" xmlns:xsd1="http://model.common.application.identity.carbon.wso2.org/xsd" xmlns:xsd2="http://script.model.common.application.identity.carbon.wso2.org/xsd">
<soapenv:Header />
<soapenv:Body>
<xsd:updateApplication>
<xsd:serviceProvider>
<xsd1:applicationID>${applicationId}</xsd1:applicationID>
<xsd1:applicationName>${applicationName}</xsd1:applicationName>
<!-- <xsd1:certificateContent>?</xsd1:certificateContent> -->
<xsd1:description>${description}</xsd1:description>
<xsd1:inboundAuthenticationConfig>
<xsd1:inboundAuthenticationRequestConfigs>
<!-- <xsd1:friendlyName>?</xsd1:friendlyName> -->
<xsd1:inboundAuthKey>${inboundAuthKey}</xsd1:inboundAuthKey>
<xsd1:inboundAuthType>${inboundAuthType}</xsd1:inboundAuthType>
<xsd1:inboundConfigType>${inboundConfigType}</xsd1:inboundConfigType>
<!-- <xsd1:properties>
<xsd1:advanced>?</xsd1:advanced>
<xsd1:confidential>?</xsd1:confidential>
<xsd1:defaultValue>?</xsd1:defaultValue>
<xsd1:description>?</xsd1:description>
<xsd1:displayName>?</xsd1:displayName>
<xsd1:displayOrder>?</xsd1:displayOrder>
<xsd1:name>?</xsd1:name>
<xsd1:required>false</xsd1:required>
<xsd1:type>?</xsd1:type>
<xsd1:value>?</xsd1:value>
</xsd1:properties> -->
</xsd1:inboundAuthenticationRequestConfigs>
</xsd1:inboundAuthenticationConfig>
<!-- <xsd1:inboundProvisioningConfig>
<xsd1:dumbMode>?</xsd1:dumbMode>
<xsd1:provisioningEnabled>?</xsd1:provisioningEnabled>
<xsd1:provisioningUserStore>?</xsd1:provisioningUserStore>
</xsd1:inboundProvisioningConfig>
<xsd1:outboundProvisioningConfig>
<xsd1:provisionByRoleList>?</xsd1:provisionByRoleList>
</xsd1:outboundProvisioningConfig> -->
<xsd1:owner>
<xsd1:tenantDomain>${tenantDomain}</xsd1:tenantDomain>
<xsd1:userName>${userName}</xsd1:userName>
<xsd1:userStoreDomain>${userStoreDomain}</xsd1:userStoreDomain>
</xsd1:owner>
<xsd1:saasApp>${saasApp}</xsd1:saasApp>
<xsd1:spProperties>
<!-- <xsd1:displayName>?</xsd1:displayName> -->
<xsd1:name>displayName</xsd1:name>
<xsd1:value>${displayName}</xsd1:value>
</xsd1:spProperties>
<xsd1:permissionAndRoleConfig></xsd1:permissionAndRoleConfig>
</xsd:serviceProvider>
</xsd:updateApplication>
</soapenv:Body>
</soapenv:Envelope>
Loading…
Cancel
Save