hasuniea 9 years ago
commit 878d114cf8

@ -60,15 +60,7 @@ public class OAuthEndpointProxy {
int status = serverResponse.getStatusLine().getStatusCode();
String resp = EntityUtils.toString(responseData, Constants.CharSets.CHARSET_UTF_8);
response = Response.status(DCRProxyUtils.getResponseStatus(status)).entity(resp).build();
} catch (URISyntaxException e) {
String msg = "Service invoke error occurred while registering client";
log.error(msg, e);
response = Response.status(javax.ws.rs.core.Response.Status.INTERNAL_SERVER_ERROR).entity(msg).build();
} catch (UnsupportedEncodingException e) {
String msg = "Service invoke error occurred while registering client";
log.error(msg, e);
response = Response.status(javax.ws.rs.core.Response.Status.INTERNAL_SERVER_ERROR).entity(msg).build();
} catch (IOException e) {
} catch (URISyntaxException | IOException e) {
String msg = "Service invoke error occurred while registering client";
log.error(msg, e);
response = Response.status(javax.ws.rs.core.Response.Status.INTERNAL_SERVER_ERROR).entity(msg).build();

@ -105,12 +105,29 @@
org.apache.axis2.client,
org.apache.commons.codec.binary,
org.apache.commons.httpclient,
org.wso2.carbon.core.security
org.wso2.carbon.core.security,
org.apache.axis2.context,
org.apache.commons.httpclient.params,
org.apache.commons.pool,
org.apache.commons.pool.impl,
org.apache.http.conn,
org.apache.http.impl.conn
</Import-Package>
<!--<Fragment-Host>tomcat</Fragment-Host>-->
</instructions>
</configuration>
</plugin>
<plugin>
<groupId>org.apache.maven.plugins</groupId>
<artifactId>maven-surefire-plugin</artifactId>
<configuration>
<systemPropertyVariables>
<log4j.configuration>file:src/test/resources/log4j.properties</log4j.configuration>
</systemPropertyVariables>
<suiteXmlFiles>
<suiteXmlFile>src/test/resources/testng.xml</suiteXmlFile>
</suiteXmlFiles>
</configuration>
</plugin>
</plugins>
</build>
@ -175,6 +192,22 @@
<groupId>org.wso2.carbon.devicemgt</groupId>
<artifactId>org.wso2.carbon.device.mgt.common</artifactId>
</dependency>
<dependency>
<groupId>org.apache.httpcomponents.wso2</groupId>
<artifactId>httpclient</artifactId>
</dependency>
<dependency>
<groupId>commons-httpclient.wso2</groupId>
<artifactId>commons-httpclient</artifactId>
</dependency>
<dependency>
<groupId>org.testng</groupId>
<artifactId>testng</artifactId>
</dependency>
<dependency>
<groupId>commons-pool.wso2</groupId>
<artifactId>commons-pool</artifactId>
</dependency>
</dependencies>
</project>

@ -0,0 +1,211 @@
/*
* Copyright (c) 2015, WSO2 Inc. (http://www.wso2.org) All Rights Reserved.
*
* WSO2 Inc. licenses this file to you under the Apache License,
* Version 2.0 (the "License"); you may not use this file except
* in compliance with the License.
* You may obtain a copy of the License at
*
* http://www.apache.org/licenses/LICENSE-2.0
*
* Unless required by applicable law or agreed to in writing,
* software distributed under the License is distributed on an
* "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
* KIND, either express or implied. See the License for the
* specific language governing permissions and limitations
* under the License.
*
*/
package org.wso2.carbon.webapp.authenticator.framework.Utils;
import org.apache.axis2.AxisFault;
import org.apache.axis2.client.Options;
import org.apache.axis2.client.ServiceClient;
import org.apache.axis2.transport.http.HTTPConstants;
import org.apache.commons.codec.binary.Base64;
import org.apache.commons.httpclient.Header;
import org.apache.commons.httpclient.HttpClient;
import org.apache.commons.httpclient.HttpConnectionManager;
import org.apache.commons.httpclient.MultiThreadedHttpConnectionManager;
import org.apache.commons.httpclient.params.HttpConnectionManagerParams;
import org.apache.commons.logging.Log;
import org.apache.commons.logging.LogFactory;
import org.apache.commons.pool.PoolableObjectFactory;
import org.apache.http.conn.HttpClientConnectionManager;
import org.apache.http.impl.conn.PoolingHttpClientConnectionManager;
import org.wso2.carbon.identity.oauth2.stub.OAuth2TokenValidationServiceStub;
import org.wso2.carbon.webapp.authenticator.framework.authenticator.oauth.OAuthConstants;
import org.wso2.carbon.webapp.authenticator.framework.authenticator.oauth.OAuthTokenValidationException;
import java.util.ArrayList;
import java.util.List;
import java.util.Properties;
public class OAuthTokenValidationStubFactory implements PoolableObjectFactory {
private String url;
private String basicAuthHeader;
private HttpClient httpClient;
private static final Log log = LogFactory.getLog(OAuthTokenValidationStubFactory.class);
public OAuthTokenValidationStubFactory(String url, String adminUsername, String adminPassword,
Properties properties) {
this.validateUrl(url);
this.url = url;
this.validateCredentials(adminUsername, adminPassword);
this.basicAuthHeader = new String(Base64.encodeBase64((adminUsername + ":" + adminPassword).getBytes()));
HttpConnectionManager connectionManager = this.createConnectionManager(properties);
this.httpClient = new HttpClient(connectionManager);
}
/**
* Creates an instance of MultiThreadedHttpConnectionManager using HttpClient 3.x APIs
*
* @param properties Properties to configure MultiThreadedHttpConnectionManager
* @return An instance of properly configured MultiThreadedHttpConnectionManager
*/
private HttpConnectionManager createConnectionManager(Properties properties) {
HttpConnectionManagerParams params = new HttpConnectionManagerParams();
if (properties == null || properties.isEmpty()) {
throw new IllegalArgumentException("Parameters required to initialize HttpClient instances " +
"associated with OAuth token validation service stub are not provided");
}
String maxConnectionsPerHostParam = properties.getProperty("MaxConnectionsPerHost");
if (maxConnectionsPerHostParam == null || maxConnectionsPerHostParam.isEmpty()) {
if (log.isDebugEnabled()) {
log.debug("MaxConnectionsPerHost parameter is not explicitly defined. Therefore, the default, " +
"which is 2, will be used");
}
} else {
params.setDefaultMaxConnectionsPerHost(Integer.parseInt(maxConnectionsPerHostParam));
}
String maxTotalConnectionsParam = properties.getProperty("MaxTotalConnections");
if (maxTotalConnectionsParam == null || maxTotalConnectionsParam.isEmpty()) {
if (log.isDebugEnabled()) {
log.debug("MaxTotalConnections parameter is not explicitly defined. Therefore, the default, " +
"which is 10, will be used");
}
} else {
params.setMaxTotalConnections(Integer.parseInt(maxTotalConnectionsParam));
}
HttpConnectionManager connectionManager = new MultiThreadedHttpConnectionManager();
connectionManager.setParams(params);
return connectionManager;
}
/**
* Creates an instance of PoolingHttpClientConnectionManager using HttpClient 4.x APIs
*
* @param properties Properties to configure PoolingHttpClientConnectionManager
* @return An instance of properly configured PoolingHttpClientConnectionManager
*/
private HttpClientConnectionManager createClientConnectionManager(Properties properties) {
PoolingHttpClientConnectionManager connectionManager = new PoolingHttpClientConnectionManager();
if (properties != null) {
String maxConnectionsPerHostParam = properties.getProperty("MaxConnectionsPerHost");
if (maxConnectionsPerHostParam == null || maxConnectionsPerHostParam.isEmpty()) {
if (log.isDebugEnabled()) {
log.debug("MaxConnectionsPerHost parameter is not explicitly defined. Therefore, the default, " +
"which is 2, will be used");
}
} else {
connectionManager.setDefaultMaxPerRoute(Integer.parseInt(maxConnectionsPerHostParam));
}
String maxTotalConnectionsParam = properties.getProperty("MaxTotalConnections");
if (maxTotalConnectionsParam == null || maxTotalConnectionsParam.isEmpty()) {
if (log.isDebugEnabled()) {
log.debug("MaxTotalConnections parameter is not explicitly defined. Therefore, the default, " +
"which is 10, will be used");
}
} else {
connectionManager.setMaxTotal(Integer.parseInt(maxTotalConnectionsParam));
}
} else {
if (log.isDebugEnabled()) {
log.debug("Properties, i.e. MaxTotalConnections/MaxConnectionsPerHost, required to tune the " +
"HttpClient used in OAuth token validation service stub instances are not provided. " +
"Therefore, the defaults, 2/10 respectively, will be used");
}
}
return connectionManager;
}
@Override
public Object makeObject() throws Exception {
return this.createStub();
}
@Override
public void destroyObject(Object o) throws Exception {
}
@Override
public boolean validateObject(Object o) {
return true;
}
@Override
public void activateObject(Object o) throws Exception {
if (log.isDebugEnabled()) {
log.debug("OAuth token validate stub instance is activated");
}
}
@Override
public void passivateObject(Object o) throws Exception {
if (o instanceof OAuth2TokenValidationServiceStub) {
OAuth2TokenValidationServiceStub stub = (OAuth2TokenValidationServiceStub) o;
stub._getServiceClient().cleanupTransport();
}
}
private OAuth2TokenValidationServiceStub createStub() throws OAuthTokenValidationException {
OAuth2TokenValidationServiceStub stub;
try {
stub = new OAuth2TokenValidationServiceStub(url);
ServiceClient client = stub._getServiceClient();
client.getServiceContext().getConfigurationContext().setProperty(
HTTPConstants.CACHED_HTTP_CLIENT, httpClient);
List<Header> headerList = new ArrayList<>();
Header header = new Header();
header.setName(HTTPConstants.HEADER_AUTHORIZATION);
header.setValue(OAuthConstants.AUTHORIZATION_HEADER_PREFIX_BASIC + " " + basicAuthHeader);
headerList.add(header);
Options options = client.getOptions();
options.setProperty(HTTPConstants.HTTP_HEADERS, headerList);
options.setProperty(HTTPConstants.REUSE_HTTP_CLIENT, "true");
client.setOptions(options);
} catch (AxisFault axisFault) {
throw new OAuthTokenValidationException("Error occurred while creating the " +
"OAuth2TokenValidationServiceStub.", axisFault);
}
return stub;
}
private void validateUrl(String url) {
if (url == null || url.isEmpty()) {
throw new IllegalArgumentException("Url provided as the endpoint of the OAuth token validation service " +
"is null");
}
}
private void validateCredentials(String adminUsername, String adminPassword) {
if (adminUsername == null || adminUsername.isEmpty()) {
throw new IllegalArgumentException("An appropriate username required to initialize OAuth token " +
"validation service stub factory hasn't been provided");
}
if (adminPassword == null || adminPassword.isEmpty()) {
throw new IllegalArgumentException("An appropriate password required to initialize OAuth token " +
"validation service stub factory hasn't been provided");
}
}
}

@ -26,7 +26,8 @@ import java.util.Map;
public class WebappAuthenticatorFactory {
public static WebappAuthenticator getAuthenticator(String authScheme) {
return AuthenticatorFrameworkDataHolder.getInstance().getWebappAuthenticatorRepository().getAuthenticator(authScheme);
return AuthenticatorFrameworkDataHolder.getInstance().getWebappAuthenticatorRepository().
getAuthenticator(authScheme);
}
public static WebappAuthenticator getAuthenticator(Request request) {

@ -27,10 +27,17 @@ import org.apache.tomcat.util.buf.MessageBytes;
import org.wso2.carbon.webapp.authenticator.framework.Constants;
import org.wso2.carbon.webapp.authenticator.framework.AuthenticationInfo;
import java.util.Properties;
public class BasicAuthAuthenticator implements WebappAuthenticator {
private static final String BASIC_AUTH_AUTHENTICATOR = "BasicAuth";
@Override
public void init() {
}
@Override
public boolean canHandle(Request request) {
MessageBytes authorization =
@ -55,6 +62,21 @@ public class BasicAuthAuthenticator implements WebappAuthenticator {
return BasicAuthAuthenticator.BASIC_AUTH_AUTHENTICATOR;
}
@Override
public void setProperties(Properties properties) {
}
@Override
public Properties getProperties() {
return null;
}
@Override
public String getProperty(String name) {
return null;
}
private Credentials getCredentials(Request request) {
Credentials credentials = null;
MessageBytes authorization =

@ -15,6 +15,7 @@ import org.wso2.carbon.webapp.authenticator.framework.AuthenticatorFrameworkData
import org.wso2.carbon.webapp.authenticator.framework.AuthenticationInfo;
import java.security.cert.X509Certificate;
import java.util.Properties;
/**
* This authenticator authenticates HTTP requests using certificates.
@ -25,6 +26,11 @@ public class CertificateAuthenticator implements WebappAuthenticator {
private static final String CERTIFICATE_AUTHENTICATOR = "CertificateAuth";
private static final String CERTIFICATE_VERIFICATION_HEADER = "certificate-verification-header";
@Override
public void init() {
}
@Override
public boolean canHandle(Request request) {
String certVerificationHeader = request.getContext().findParameter(CERTIFICATE_VERIFICATION_HEADER);
@ -93,4 +99,20 @@ public class CertificateAuthenticator implements WebappAuthenticator {
public String getName() {
return CERTIFICATE_AUTHENTICATOR;
}
@Override
public void setProperties(Properties properties) {
}
@Override
public Properties getProperties() {
return null;
}
@Override
public String getProperty(String name) {
return null;
}
}

@ -39,6 +39,7 @@ import org.wso2.carbon.webapp.authenticator.framework.AuthenticatorFrameworkData
import java.security.interfaces.RSAPublicKey;
import java.text.ParseException;
import java.util.Properties;
import java.util.StringTokenizer;
/**
@ -51,6 +52,11 @@ public class JWTAuthenticator implements WebappAuthenticator {
private static final String JWT_AUTHENTICATOR = "JWT";
private static final String JWT_ASSERTION_HEADER = "X-JWT-Assertion";
@Override
public void init() {
}
@Override
public boolean canHandle(Request request) {
String authorizationHeader = request.getHeader(JWTAuthenticator.JWT_ASSERTION_HEADER);
@ -137,4 +143,19 @@ public class JWTAuthenticator implements WebappAuthenticator {
public String getName() {
return JWTAuthenticator.JWT_AUTHENTICATOR;
}
@Override
public void setProperties(Properties properties) {
}
@Override
public Properties getProperties() {
return null;
}
@Override
public String getProperty(String name) {
return null;
}
}

@ -18,22 +18,21 @@
*/
package org.wso2.carbon.webapp.authenticator.framework.authenticator;
import org.apache.catalina.connector.Request;
import org.apache.catalina.connector.Response;
import org.apache.commons.logging.Log;
import org.apache.commons.logging.LogFactory;
import org.apache.tomcat.util.buf.ByteChunk;
import org.apache.tomcat.util.buf.MessageBytes;
import org.wso2.carbon.identity.oauth2.dto.OAuth2TokenValidationRequestDTO;
import org.wso2.carbon.identity.oauth2.dto.OAuth2TokenValidationResponseDTO;
import org.wso2.carbon.utils.multitenancy.MultitenantUtils;
import org.wso2.carbon.webapp.authenticator.framework.*;
import org.wso2.carbon.webapp.authenticator.framework.AuthenticationException;
import org.wso2.carbon.webapp.authenticator.framework.AuthenticationFrameworkUtil;
import org.wso2.carbon.webapp.authenticator.framework.AuthenticationInfo;
import org.wso2.carbon.webapp.authenticator.framework.Utils.Utils;
import org.wso2.carbon.webapp.authenticator.framework.authenticator.oauth.OAuth2TokenValidator;
import org.wso2.carbon.webapp.authenticator.framework.authenticator.oauth.OAuthTokenValidationException;
import org.wso2.carbon.webapp.authenticator.framework.authenticator.oauth.OAuthValidationResponse;
import org.wso2.carbon.webapp.authenticator.framework.authenticator.oauth.OAuthValidatorFactory;
import java.util.Properties;
import java.util.StringTokenizer;
import java.util.regex.Matcher;
import java.util.regex.Pattern;
@ -42,22 +41,51 @@ public class OAuthAuthenticator implements WebappAuthenticator {
private static final String OAUTH_AUTHENTICATOR = "OAuth";
private static final String REGEX_BEARER_PATTERN = "[B|b]earer\\s";
private static final Pattern PATTERN = Pattern.compile(REGEX_BEARER_PATTERN);
private static final Pattern PATTERN = Pattern.compile("[B|b]earer\\s");
private static final String BEARER_TOKEN_TYPE = "bearer";
private static final String RESOURCE_KEY = "resource";
private Properties properties;
private OAuth2TokenValidator tokenValidator;
private static final Log log = LogFactory.getLog(OAuthAuthenticator.class);
public void init() {
if (this.properties == null) {
throw new IllegalArgumentException("Required properties needed to initialize OAuthAuthenticator " +
"are not provided");
}
private static final Log log = LogFactory.getLog(OAuthAuthenticator.class);
String url = this.properties.getProperty("TokenValidationEndpointUrl");
if ((url == null) || (url.isEmpty())) {
throw new IllegalArgumentException("OAuth token validation endpoint url is not provided");
}
String adminUsername = this.properties.getProperty("Username");
if (adminUsername == null) {
throw new IllegalArgumentException("Username to connect to the OAuth token validation endpoint " +
"is not provided");
}
String adminPassword = this.properties.getProperty("Password");
if (adminPassword == null) {
throw new IllegalArgumentException("Password to connect to the OAuth token validation endpoint " +
"is not provided");
}
boolean isRemote = Boolean.parseBoolean(this.properties.getProperty("IsRemote"));
Properties validatorProperties = new Properties();
validatorProperties.setProperty("MaxTotalConnections", this.properties.getProperty("MaxTotalConnections"));
validatorProperties.setProperty("MaxConnectionsPerHost", this.properties.getProperty("MaxConnectionsPerHost"));
this.tokenValidator =
OAuthValidatorFactory.getValidator(url, adminUsername, adminPassword, isRemote, validatorProperties);
}
public boolean canHandle(org.apache.catalina.connector.Request request) {
MessageBytes authorization = request.getCoyoteRequest().getMimeHeaders().getValue("Authorization");
@Override
public boolean canHandle(Request request) {
MessageBytes authorization =
request.getCoyoteRequest().getMimeHeaders().getValue(Constants.HTTPHeaders.HEADER_HTTP_AUTHORIZATION);
String tokenValue;
if (authorization != null) {
authorization.toBytes();
ByteChunk authBC = authorization.getByteChunk();
tokenValue = authBC.toString();
String tokenValue = authBC.toString();
Matcher matcher = PATTERN.matcher(tokenValue);
if (matcher.find()) {
return true;
@ -66,50 +94,46 @@ public class OAuthAuthenticator implements WebappAuthenticator {
return false;
}
@Override
public AuthenticationInfo authenticate(Request request, Response response) {
public AuthenticationInfo authenticate(org.apache.catalina.connector.Request request, Response response) {
String requestUri = request.getRequestURI();
String requestMethod = request.getMethod();
AuthenticationInfo authenticationInfo = new AuthenticationInfo();
if (requestUri == null || "".equals(requestUri)) {
authenticationInfo.setStatus(Status.CONTINUE);
if ((requestUri == null) || ("".equals(requestUri))) {
authenticationInfo.setStatus(WebappAuthenticator.Status.CONTINUE);
return authenticationInfo;
}
StringTokenizer tokenizer = new StringTokenizer(requestUri, "/");
String context = tokenizer.nextToken();
if (context == null || "".equals(context)) {
authenticationInfo.setStatus(Status.CONTINUE);
if ((context == null) || ("".equals(context))) {
authenticationInfo.setStatus(WebappAuthenticator.Status.CONTINUE);
}
String apiVersion = tokenizer.nextToken();
//String authLevel = authenticator.getResourceAuthenticationScheme(context, apiVersion, requestUri, requestMethod);
String authLevel = "any";
try {
if (Constants.NO_MATCHING_AUTH_SCHEME.equals(authLevel)) {
AuthenticationFrameworkUtil.handleNoMatchAuthScheme(request, response, requestMethod, apiVersion,
context);
authenticationInfo.setStatus(Status.CONTINUE);
if ("noMatchedAuthScheme".equals(authLevel)) {
AuthenticationFrameworkUtil.handleNoMatchAuthScheme(
request, response, requestMethod, apiVersion, context);
authenticationInfo.setStatus(WebappAuthenticator.Status.CONTINUE);
} else {
String bearerToken = this.getBearerToken(request);
//Set the resource context param. This will be used in scope validation.
String bearerToken = getBearerToken(request);
String resource = requestUri + ":" + requestMethod;
//Get the appropriate OAuth validator from OAuthValidatorFactory.
OAuth2TokenValidator oAuth2TokenValidator = OAuthValidatorFactory.getValidator();
OAuthValidationResponse oAuthValidationResponse = oAuth2TokenValidator.validateToken(bearerToken, resource);
OAuthValidationResponse oAuthValidationResponse =
this.tokenValidator.validateToken(bearerToken, resource);
if (oAuthValidationResponse.isValid()) {
String username = oAuthValidationResponse.getUserName();
String tenantDomain = oAuthValidationResponse.getTenantDomain();
//Remove the userstore domain from username
/*if (username.contains("/")) {
username = username.substring(username.indexOf('/') + 1);
}*/
authenticationInfo.setUsername(username);
authenticationInfo.setTenantDomain(tenantDomain);
authenticationInfo.setTenantId(Utils.getTenantIdOFUser(username + "@" + tenantDomain));
if (oAuthValidationResponse.isValid()) {
authenticationInfo.setStatus(Status.CONTINUE);
}
if (oAuthValidationResponse.isValid())
authenticationInfo.setStatus(WebappAuthenticator.Status.CONTINUE);
} else {
authenticationInfo.setMessage(oAuthValidationResponse.getErrorMsg());
}
@ -122,15 +146,28 @@ public class OAuthAuthenticator implements WebappAuthenticator {
return authenticationInfo;
}
@Override
public String getName() {
return OAuthAuthenticator.OAUTH_AUTHENTICATOR;
return "OAuth";
}
public String getProperty(String name) {
if (this.properties == null) {
return null;
}
return this.properties.getProperty(name);
}
public Properties getProperties() {
return this.properties;
}
public void setProperties(Properties properties) {
this.properties = properties;
}
private String getBearerToken(org.apache.catalina.connector.Request request) {
MessageBytes authorization = request.getCoyoteRequest().getMimeHeaders().getValue("Authorization");
private String getBearerToken(Request request) {
MessageBytes authorization =
request.getCoyoteRequest().getMimeHeaders().
getValue(Constants.HTTPHeaders.HEADER_HTTP_AUTHORIZATION);
String tokenValue = null;
if (authorization != null) {
authorization.toBytes();

@ -22,16 +22,26 @@ import org.apache.catalina.connector.Request;
import org.apache.catalina.connector.Response;
import org.wso2.carbon.webapp.authenticator.framework.AuthenticationInfo;
import java.util.Properties;
public interface WebappAuthenticator {
enum Status {
SUCCESS, FAILURE, CONTINUE
}
void init();
boolean canHandle(Request request);
AuthenticationInfo authenticate(Request request, Response response);
String getName();
void setProperties(Properties properties);
Properties getProperties();
String getProperty(String name);
}

@ -21,51 +21,27 @@ import org.wso2.carbon.core.security.AuthenticatorsConfiguration;
import org.wso2.carbon.webapp.authenticator.framework.authenticator.oauth.impl.RemoteOAuthValidator;
import org.wso2.carbon.webapp.authenticator.framework.authenticator.oauth.impl.LocalOAuthValidator;
import java.util.Properties;
/**
* The class validate the configurations and provide the most suitable implementation according to the configuration.
* Factory class for OAuthValidator.
*/
public class OAuthValidatorFactory {
private static final String AUTHENTICATOR_CONFIG_IS_REMOTE = "isRemote";
private static final String AUTHENTICATOR_CONFIG_HOST_URL = "hostURL";
private static final String AUTHENTICATOR_CONFIG_ADMIN_USERNAME = "adminUsername";
private static final String AUTHENTICATOR_CONFIG_ADMIN_PASSWORD = "adminPassword";
private static final String AUTHENTICATOR_CONFIG_OAUTH_AUTHENTICATOR_NAME = "OAuthAuthenticator";
private static String OAUTH_ENDPOINT_POSTFIX =
"/services/OAuth2TokenValidationService.OAuth2TokenValidationServiceHttpsSoap12Endpoint/";
/**
* This factory method checks the authenticators.xml configuration file and provides an appropriate implementation
* of OAuth2TokenValidator.
* @return OAuth2TokenValidator
*/
public static OAuth2TokenValidator getValidator() throws IllegalArgumentException {
AuthenticatorsConfiguration authenticatorsConfiguration = AuthenticatorsConfiguration.getInstance();
AuthenticatorsConfiguration.AuthenticatorConfig authenticatorConfig = authenticatorsConfiguration.
getAuthenticatorConfig(AUTHENTICATOR_CONFIG_OAUTH_AUTHENTICATOR_NAME);
boolean isRemote;
String hostUrl;
String adminUserName;
String adminPassword;
if (authenticatorConfig != null && authenticatorConfig.getParameters() != null) {
isRemote = Boolean.parseBoolean(authenticatorConfig.getParameters().get(
AUTHENTICATOR_CONFIG_IS_REMOTE));
hostUrl = authenticatorConfig.getParameters().get(AUTHENTICATOR_CONFIG_HOST_URL);
adminUserName = authenticatorConfig.getParameters().get(AUTHENTICATOR_CONFIG_ADMIN_USERNAME);
adminPassword = authenticatorConfig.getParameters().get(AUTHENTICATOR_CONFIG_ADMIN_PASSWORD);
}else{
throw new IllegalArgumentException("OAuth Authenticator configuration parameters need to be defined in " +
"Authenticators.xml.");
}
public static OAuth2TokenValidator getValidator(String url, String adminUsername, String adminPassword,
boolean isRemote, Properties properties)
throws IllegalArgumentException
{
if (isRemote) {
if (!(hostUrl == null || hostUrl.trim().isEmpty())) {
hostUrl = hostUrl + OAUTH_ENDPOINT_POSTFIX;
return new RemoteOAuthValidator(hostUrl, adminUserName, adminPassword);
} else {
throw new IllegalArgumentException("Remote server host can't be empty in authenticators.xml.");
if ((url != null) && (!url.trim().isEmpty())) {
url = url + "/services/OAuth2TokenValidationService.OAuth2TokenValidationServiceHttpsSoap12Endpoint/";
return new RemoteOAuthValidator(url, adminUsername, adminPassword, properties);
}
throw new IllegalArgumentException("Remote server host can't be empty in OAuthAuthenticator configuration.");
}
return new LocalOAuthValidator();
}
}

@ -17,104 +17,103 @@
*/
package org.wso2.carbon.webapp.authenticator.framework.authenticator.oauth.impl;
import org.apache.axis2.AxisFault;
import org.apache.axis2.client.Options;
import org.apache.axis2.client.ServiceClient;
import org.apache.axis2.transport.http.HTTPConstants;
import org.apache.commons.codec.binary.Base64;
import org.apache.commons.httpclient.Header;
import org.apache.commons.logging.Log;
import org.apache.commons.logging.LogFactory;
import org.apache.commons.pool.impl.GenericObjectPool;
import org.wso2.carbon.identity.oauth2.stub.OAuth2TokenValidationServiceStub;
import org.wso2.carbon.identity.oauth2.stub.dto.OAuth2TokenValidationRequestDTO;
import org.wso2.carbon.identity.oauth2.stub.dto.OAuth2TokenValidationRequestDTO_OAuth2AccessToken;
import org.wso2.carbon.identity.oauth2.stub.dto.OAuth2TokenValidationRequestDTO_TokenValidationContextParam;
import org.wso2.carbon.identity.oauth2.stub.dto.OAuth2TokenValidationResponseDTO;
import org.wso2.carbon.utils.multitenancy.MultitenantUtils;
import org.wso2.carbon.webapp.authenticator.framework.Utils.OAuthTokenValidationStubFactory;
import org.wso2.carbon.webapp.authenticator.framework.authenticator.oauth.OAuth2TokenValidator;
import org.wso2.carbon.webapp.authenticator.framework.authenticator.oauth.OAuthConstants;
import org.wso2.carbon.webapp.authenticator.framework.authenticator.oauth.OAuthTokenValidationException;
import org.wso2.carbon.webapp.authenticator.framework.authenticator.oauth.OAuthValidationResponse;
import java.rmi.RemoteException;
import java.util.ArrayList;
import java.util.List;
import java.util.Properties;
/**
* Handles the OAuth2 token validation from remote IS servers using remote OAuthValidation service-stub.
*/
public class RemoteOAuthValidator implements OAuth2TokenValidator {
private String hostURL;
private String adminUserName;
private String adminPassword;
private GenericObjectPool stubs;
private static final Log log = LogFactory.getLog(RemoteOAuthValidator.class);
public RemoteOAuthValidator(String hostURL, String adminUserName, String adminPassword) {
this.hostURL = hostURL;
this.adminUserName = adminUserName;
this.adminPassword = adminPassword;
public RemoteOAuthValidator(String hostURL, String adminUserName, String adminPassword, Properties properties) {
this.stubs =
new GenericObjectPool(new OAuthTokenValidationStubFactory(
hostURL, adminUserName, adminPassword, properties));
}
private String getBasicAuthCredentials() {
byte[] bytesEncoded = Base64.encodeBase64((adminUserName + ":" + adminPassword).getBytes());
return new String(bytesEncoded);
public OAuthValidationResponse validateToken(String accessToken,
String resource) throws OAuthTokenValidationException {
OAuth2TokenValidationServiceStub stub = null;
OAuth2TokenValidationResponseDTO validationResponse;
try {
OAuth2TokenValidationRequestDTO validationRequest = createValidationRequest(accessToken, resource);
stub = (OAuth2TokenValidationServiceStub) this.stubs.borrowObject();
validationResponse =
stub.findOAuthConsumerIfTokenIsValid(validationRequest).getAccessTokenValidationResponse();
} catch (RemoteException e) {
throw new OAuthTokenValidationException("Remote Exception occurred while invoking the Remote " +
"IS server for OAuth2 token validation.", e);
} catch (Exception e) {
throw new OAuthTokenValidationException("Error occurred while borrowing an oauth token validation " +
"service stub from the pool", e);
} finally {
try {
this.stubs.returnObject(stub);
} catch (Exception e) {
log.warn("Error occurred while returning the object back to the oauth token validation service " +
"stub pool", e);
}
}
if (validationResponse == null) {
if (log.isDebugEnabled()) {
log.debug("Response returned by the OAuth token validation service is null");
}
return null;
}
boolean isValid = validationResponse.getValid();
String tenantDomain;
String username;
if (isValid) {
username = MultitenantUtils.getTenantAwareUsername(validationResponse.getAuthorizedUser());
tenantDomain = MultitenantUtils.getTenantDomain(validationResponse.getAuthorizedUser());
} else {
OAuthValidationResponse oAuthValidationResponse = new OAuthValidationResponse();
oAuthValidationResponse.setErrorMsg(validationResponse.getErrorMsg());
return oAuthValidationResponse;
}
return new OAuthValidationResponse(username, tenantDomain, isValid);
}
@Override
public OAuthValidationResponse validateToken(String accessToken, String resource) throws
OAuthTokenValidationException {
private OAuth2TokenValidationRequestDTO createValidationRequest(String accessToken, String resource) {
OAuth2TokenValidationRequestDTO validationRequest = new OAuth2TokenValidationRequestDTO();
OAuth2TokenValidationRequestDTO_OAuth2AccessToken oauthToken =
new OAuth2TokenValidationRequestDTO_OAuth2AccessToken();
oauthToken.setTokenType(OAuthConstants.BEARER_TOKEN_TYPE);
oauthToken.setTokenType("bearer");
oauthToken.setIdentifier(accessToken);
validationRequest.setAccessToken(oauthToken);
//Set the resource context param. This will be used in scope validation.
OAuth2TokenValidationRequestDTO_TokenValidationContextParam resourceContextParam = new
OAuth2TokenValidationRequestDTO_TokenValidationContextParam();
resourceContextParam.setKey(OAuthConstants.RESOURCE_KEY);
OAuth2TokenValidationRequestDTO_TokenValidationContextParam resourceContextParam =
new OAuth2TokenValidationRequestDTO_TokenValidationContextParam();
resourceContextParam.setKey("resource");
resourceContextParam.setValue(resource);
OAuth2TokenValidationRequestDTO_TokenValidationContextParam[] tokenValidationContextParams =
new OAuth2TokenValidationRequestDTO_TokenValidationContextParam[1];
tokenValidationContextParams[0] = resourceContextParam;
validationRequest.setContext(tokenValidationContextParams);
OAuth2TokenValidationServiceStub tokenValidationService;
try {
tokenValidationService = new OAuth2TokenValidationServiceStub(hostURL);
} catch (AxisFault axisFault) {
throw new OAuthTokenValidationException("Exception occurred while obtaining the " +
"OAuth2TokenValidationServiceStub.", axisFault);
}
ServiceClient client = tokenValidationService._getServiceClient();
Options options = client.getOptions();
List<Header> headerList = new ArrayList<>();
Header header = new Header();
header.setName(HTTPConstants.HEADER_AUTHORIZATION);
header.setValue(OAuthConstants.AUTHORIZATION_HEADER_PREFIX_BASIC + " " + getBasicAuthCredentials());
headerList.add(header);
options.setProperty(HTTPConstants.HTTP_HEADERS, headerList);
client.setOptions(options);
OAuth2TokenValidationResponseDTO tokenValidationResponse;
try {
tokenValidationResponse = tokenValidationService.
findOAuthConsumerIfTokenIsValid(validationRequest).getAccessTokenValidationResponse();
} catch (RemoteException e) {
throw new OAuthTokenValidationException("Remote Exception occurred while invoking the Remote IS server for " +
"OAuth2 token validation.", e);
}
boolean isValid = tokenValidationResponse.getValid();
String userName;
String tenantDomain;
if (isValid) {
userName = MultitenantUtils.getTenantAwareUsername(
tokenValidationResponse.getAuthorizedUser());
tenantDomain = MultitenantUtils.getTenantDomain(tokenValidationResponse.getAuthorizedUser());
} else {
OAuthValidationResponse oAuthValidationResponse = new OAuthValidationResponse();
oAuthValidationResponse.setErrorMsg(tokenValidationResponse.getErrorMsg());
return oAuthValidationResponse;
}
return new OAuthValidationResponse(userName,tenantDomain,isValid);
return validationRequest;
}
}

@ -18,14 +18,15 @@
*/
package org.wso2.carbon.webapp.authenticator.framework.config;
import javax.xml.bind.annotation.XmlElement;
import javax.xml.bind.annotation.XmlRootElement;
import javax.xml.bind.annotation.*;
import java.util.List;
@XmlRootElement(name = "Authenticator")
public class AuthenticatorConfig {
private String name;
private String className;
private List<Parameter> params;
@XmlElement(name = "Name", required = true)
public String getName() {
@ -45,4 +46,37 @@ public class AuthenticatorConfig {
this.className = className;
}
@XmlElementWrapper(name="Parameters", nillable=true)
@XmlElement(name="Parameter", nillable=false)
public List<Parameter> getParams() {
return this.params;
}
public void setParams(List<Parameter> params) {
this.params = params;
}
@XmlRootElement(name="Parameter")
public static class Parameter {
private String name;
private String value;
@XmlAttribute(name="Name")
public String getName() {
return this.name;
}
public void setName(String name) {
this.name = name;
}
@XmlValue
public String getValue() {
return this.value;
}
public void setValue(String value) {
this.value = value;
}
}
}

@ -36,6 +36,7 @@ import org.wso2.carbon.webapp.authenticator.framework.config.WebappAuthenticator
import java.util.ArrayList;
import java.util.List;
import java.util.Properties;
/**
* @scr.component name="org.wso2.carbon.webapp.authenticator" immediate="true"
@ -77,8 +78,16 @@ public class WebappAuthenticatorFrameworkServiceComponent {
WebappAuthenticatorConfig.init();
WebappAuthenticatorRepository repository = new WebappAuthenticatorRepository();
for (AuthenticatorConfig config : WebappAuthenticatorConfig.getInstance().getAuthenticators()) {
WebappAuthenticator authenticator = (WebappAuthenticator) Class.forName(config.getClassName()).
newInstance();
WebappAuthenticator authenticator = (WebappAuthenticator)Class.forName(config.getClassName()).newInstance();
if ((config.getParams() != null) && (!config.getParams().isEmpty())) {
Properties properties = new Properties();
for (AuthenticatorConfig.Parameter param : config.getParams()) {
properties.setProperty(param.getName(), param.getValue());
}
authenticator.setProperties(properties);
}
authenticator.init();
repository.addAuthenticator(authenticator);
}
AuthenticatorFrameworkDataHolder.getInstance().setWebappAuthenticatorRepository(repository);

@ -0,0 +1,64 @@
/*
* Copyright (c) 2015, WSO2 Inc. (http://www.wso2.org) All Rights Reserved.
*
* WSO2 Inc. licenses this file to you under the Apache License,
* Version 2.0 (the "License"); you may not use this file except
* in compliance with the License.
* You may obtain a copy of the License at
*
* http://www.apache.org/licenses/LICENSE-2.0
*
* Unless required by applicable law or agreed to in writing,
* software distributed under the License is distributed on an
* "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
* KIND, either express or implied. See the License for the
* specific language governing permissions and limitations
* under the License.
*
*/
package org.wso2.carbon.webapp.authenticator.framework.test;
import org.apache.commons.logging.Log;
import org.apache.commons.logging.LogFactory;
import org.testng.Assert;
import org.testng.annotations.AfterClass;
import org.testng.annotations.BeforeClass;
import org.testng.annotations.Test;
import org.wso2.carbon.utils.ServerConstants;
import org.wso2.carbon.webapp.authenticator.framework.AuthenticatorFrameworkException;
import org.wso2.carbon.webapp.authenticator.framework.config.AuthenticatorConfig;
import org.wso2.carbon.webapp.authenticator.framework.config.WebappAuthenticatorConfig;
import java.util.List;
public class WebappAuthenticatorConfigTest {
@BeforeClass
public void init() {
System.setProperty(ServerConstants.CARBON_CONFIG_DIR_PATH, "src/test/resources/config");
}
@Test
public void testConfigInitialization() {
try {
WebappAuthenticatorConfig.init();
WebappAuthenticatorConfig config = WebappAuthenticatorConfig.getInstance();
Assert.assertNotNull(config);
List<AuthenticatorConfig> authConfigs = config.getAuthenticators();
Assert.assertNotNull(authConfigs);
} catch (AuthenticatorFrameworkException e) {
Assert.fail("Error occurred while testing webapp authenticator config initialization", e);
} catch (Throwable e) {
Assert.fail("Unexpected error has been encountered while testing webapp authenticator config " +
"initialization", e);
}
}
@AfterClass
public void cleanup() {
System.setProperty(ServerConstants.CARBON_CONFIG_DIR_PATH, "");
}
}

@ -0,0 +1,106 @@
/*
* Copyright (c) 2015, WSO2 Inc. (http://www.wso2.org) All Rights Reserved.
*
* WSO2 Inc. licenses this file to you under the Apache License,
* Version 2.0 (the "License"); you may not use this file except
* in compliance with the License.
* You may obtain a copy of the License at
*
* http://www.apache.org/licenses/LICENSE-2.0
*
* Unless required by applicable law or agreed to in writing,
* software distributed under the License is distributed on an
* "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
* KIND, either express or implied. See the License for the
* specific language governing permissions and limitations
* under the License.
*
*/
package org.wso2.carbon.webapp.authenticator.framework.test;
import org.apache.commons.logging.Log;
import org.apache.commons.logging.LogFactory;
import org.apache.commons.pool.ObjectPool;
import org.apache.commons.pool.impl.GenericObjectPool;
import org.testng.Assert;
import org.testng.annotations.Test;
import org.wso2.carbon.identity.oauth2.stub.OAuth2TokenValidationServiceStub;
import org.wso2.carbon.webapp.authenticator.framework.Utils.OAuthTokenValidationStubFactory;
import java.util.Properties;
public class WebappAuthenticatorFrameworkUtilTest {
private static final Log log = LogFactory.getLog(WebappAuthenticatorFrameworkUtilTest.class);
private static final String TOKEN_VALIDATION_SERVICE_URL = "https://localhost:9443";
private static final String ADMIN_USERNAME = "admin";
private static final String ADMIN_PASSWORD = "admin";
private static final Properties PROPERTIES = new Properties();
static {
PROPERTIES.setProperty("MaxTotalConnections", "100");
PROPERTIES.setProperty("MaxConnectionsPerHost", "100");
}
@Test
public void testOAuthTokenValidatorStubPool() {
ObjectPool stubs = null;
OAuth2TokenValidationServiceStub stub = null;
try {
stubs = new GenericObjectPool(
new OAuthTokenValidationStubFactory(
TOKEN_VALIDATION_SERVICE_URL, ADMIN_USERNAME, ADMIN_PASSWORD, PROPERTIES));
stub = (OAuth2TokenValidationServiceStub) stubs.borrowObject();
Assert.assertNotNull(stub);
} catch (Exception e) {
String msg = "Error occurred while borrowing an oauth validator service stub instance from the pool";
log.error(msg, e);
Assert.fail(msg, e);
} finally {
if (stubs != null) {
try {
if (stub != null) {
stubs.returnObject(stub);
}
} catch (Exception e) {
log.warn("Error occurred while returning oauth validator service stub instance to the pool", e);
}
/* Checks if the stub instance used above has been properly returned to the pool */
Assert.assertEquals(stubs.getNumIdle(), 1);
/* Verifies that there's no hanging connections after the operation performed above */
Assert.assertEquals(stubs.getNumActive(), 0);
try {
stubs.close();
} catch (Exception e) {
log.warn("Error occurred while closing the object pool", e);
}
}
}
}
@Test(expectedExceptions = IllegalArgumentException.class)
public void testStubFactoryInitWithInvalidHttpClientProperties() {
new OAuthTokenValidationStubFactory(TOKEN_VALIDATION_SERVICE_URL, null, ADMIN_PASSWORD, PROPERTIES);
}
@Test(expectedExceptions = IllegalArgumentException.class)
public void testStubFactoryInitWithInvalidUsername() {
new OAuthTokenValidationStubFactory(TOKEN_VALIDATION_SERVICE_URL, null, ADMIN_PASSWORD, PROPERTIES);
}
@Test(expectedExceptions = IllegalArgumentException.class)
public void testStubFactoryInitWithInvalidPassword() {
new OAuthTokenValidationStubFactory(TOKEN_VALIDATION_SERVICE_URL, ADMIN_USERNAME, null, PROPERTIES);
}
@Test(expectedExceptions = IllegalArgumentException.class)
public void testStubFactoryInitWithInvalidUrl() {
new OAuthTokenValidationStubFactory(null, ADMIN_USERNAME, ADMIN_PASSWORD, PROPERTIES);
}
}

@ -0,0 +1,28 @@
<WebappAuthenticatorConfig>
<Authenticators>
<Authenticator>
<Name>OAuth</Name>
<ClassName>org.wso2.carbon.webapp.authenticator.framework.authenticator.OAuthAuthenticator</ClassName>
<Parameters>
<Parameter Name="TokenValidationEndpointUrl">https://localhost:9443</Parameter>
<Parameter Name="Username">admin</Parameter>
<Parameter Name="Password">admin</Parameter>
<Parameter Name="IsRemote">true</Parameter>
<Parameter Name="MaxConnectionsPerHost">10000</Parameter>
<Parameter Name="MaxTotalConnections">10000</Parameter>
</Parameters>
</Authenticator>
<Authenticator>
<Name>BasicAuth</Name>
<ClassName>org.wso2.carbon.webapp.authenticator.framework.authenticator.BasicAuthAuthenticator</ClassName>
</Authenticator>
<Authenticator>
<Name>JWT</Name>
<ClassName>org.wso2.carbon.webapp.authenticator.framework.authenticator.JWTAuthenticator</ClassName>
</Authenticator>
<Authenticator>
<Name>CertificateAuth</Name>
<ClassName>org.wso2.carbon.webapp.authenticator.framework.authenticator.CertificateAuthenticator</ClassName>
</Authenticator>
</Authenticators>
</WebappAuthenticatorConfig>

@ -0,0 +1,32 @@
#
# Copyright 2009 WSO2, Inc. (http://wso2.com)
#
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
# You may obtain a copy of the License at
#
# http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS,
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
# See the License for the specific language governing permissions and
# limitations under the License.
#
#
# This is the log4j configuration file used by WSO2 Carbon
#
# IMPORTANT : Please do not remove or change the names of any
# of the Appenders defined here. The layout pattern & log file
# can be changed using the WSO2 Carbon Management Console, and those
# settings will override the settings in this file.
#
log4j.rootLogger=ERROR, STD_OUT
# Redirect log messages to console
log4j.appender.STD_OUT=org.apache.log4j.ConsoleAppender
log4j.appender.STD_OUT.Target=System.out
log4j.appender.STD_OUT.layout=org.apache.log4j.PatternLayout
log4j.appender.STD_OUT.layout.ConversionPattern=%d{yyyy-MM-dd HH:mm:ss} %-5p %c{1}:%L - %m%n

@ -0,0 +1,37 @@
<!--
~ Copyright (c) 2014, WSO2 Inc. (http://www.wso2.org) All Rights Reserved.
~
~ WSO2 Inc. licenses this file to you under the Apache License,
~ Version 2.0 (the "License"); you may not use this file except
~ in compliance with the License.
~ you may obtain a copy of the License at
~
~ http://www.apache.org/licenses/LICENSE-2.0
~
~ Unless required by applicable law or agreed to in writing,
~ software distributed under the License is distributed on an
~ "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
~ KIND, either express or implied. See the License for the
~ specific language governing permissions and limitations
~ under the License.
-->
<!DOCTYPE suite SYSTEM "http://testng.org/testng-1.0.dtd" >
<suite name="WebappAuthenticatorFramework">
<parameter name="useDefaultListeners" value="false"/>
<test name="WebappAuthenticatorConfigTests" preserve-order="true">
<classes>
<class name="org.wso2.carbon.webapp.authenticator.framework.test.WebappAuthenticatorConfigTest"/>
</classes>
</test>
<test name="WebappAuthenticatorUtilTests" preserve-order="true">
<classes>
<class name="org.wso2.carbon.webapp.authenticator.framework.test.WebappAuthenticatorFrameworkUtilTest"/>
</classes>
</test>
</suite>

@ -3,6 +3,14 @@
<Authenticator>
<Name>OAuth</Name>
<ClassName>org.wso2.carbon.webapp.authenticator.framework.authenticator.OAuthAuthenticator</ClassName>
<Parameters>
<Parameter name="IsRemote">true</Parameter>
<Parameter name="TokenValidationEndpointUrl">https://localhost:9443</Parameter>
<Parameter name="Username">admin</Parameter>
<Parameter name="Password">admin</Parameter>
<Parameter name="MaxTotalConnections">100</Parameter>
<Parameter name="MaxConnectionsPerHost">100</Parameter>
</Parameters>
</Authenticator>
<Authenticator>
<Name>BasicAuth</Name>

@ -1263,6 +1263,23 @@
<artifactId>neethi</artifactId>
<version>${neethi.version}</version>
</dependency>
<dependency>
<groupId>commons-pool.wso2</groupId>
<artifactId>commons-pool</artifactId>
<version>${commons.pool.wso2.version}</version>
</dependency>
<dependency>
<groupId>org.apache.httpcomponents.wso2</groupId>
<artifactId>httpclient</artifactId>
<version>${httpcomponents.httpclient.version}</version>
</dependency>
<dependency>
<groupId>commons-httpclient.wso2</groupId>
<artifactId>commons-httpclient</artifactId>
<version>${commons.httpclient.version}</version>
</dependency>
</dependencies>
</dependencyManagement>
@ -1374,6 +1391,11 @@
<artifactId>build-helper-maven-plugin</artifactId>
<version>1.8</version>
</plugin>
<plugin>
<groupId>org.apache.maven.plugins</groupId>
<artifactId>maven-surefire-plugin</artifactId>
<version>2.18</version>
</plugin>
</plugins>
</pluginManagement>
</build>
@ -1556,6 +1578,11 @@
<!-- Release plugin ID for github-->
<project.scm.id>github-scm</project.scm.id>
<commons.pool.wso2.version>1.5.6.wso2v1</commons.pool.wso2.version>
<httpcomponents.httpclient.version>4.2.3.wso2v1</httpcomponents.httpclient.version>
<commons.httpclient.version>3.1.0.wso2v2</commons.httpclient.version>
</properties>
</project>

Loading…
Cancel
Save