few fixes in JWT client after testing with multi tenancy

4.x.x
ayyoob 9 years ago
parent 3d870786ae
commit c0240c5cbc

@ -147,7 +147,7 @@ if (uriMatcher.match("/{context}/api/user/authenticate")) {
lastname = addUserFormData.lastname; lastname = addUserFormData.lastname;
emailAddress = addUserFormData.emailAddress; emailAddress = addUserFormData.emailAddress;
password = addUserFormData.password; password = addUserFormData.password;
userRoles = ["devicemgt-user"]; userRoles = ["internal/devicemgt-user"];
try { try {
result = userModule.registerUser(username, firstname, lastname, emailAddress, password, result = userModule.registerUser(username, firstname, lastname, emailAddress, password,

@ -28,6 +28,7 @@ var userModule = require("/app/modules/user.js")["userModule"];
var utility = require("/app/modules/utility.js")["utility"]; var utility = require("/app/modules/utility.js")["utility"];
var permissions = { var permissions = {
'/permission/admin/device-mgt/user': ['ui.execute'] '/permission/admin/device-mgt/user': ['ui.execute'],
'/permission/admin/device-mgt/api/application': ['ui.execute']
}; };
userModule.addRole("devicemgt-user", ["admin"], permissions); userModule.addRole("internal/devicemgt-user", ["admin"], permissions);

@ -52,11 +52,18 @@ public class JWTClient {
private static Log log = LogFactory.getLog(JWTClient.class); private static Log log = LogFactory.getLog(JWTClient.class);
private JWTConfig jwtConfig; private JWTConfig jwtConfig;
private boolean isDefaultJWTClient;
public JWTClient(JWTConfig jwtConfig) { public JWTClient(JWTConfig jwtConfig) {
this.jwtConfig = jwtConfig; this.jwtConfig = jwtConfig;
} }
public JWTClient(JWTConfig jwtConfig, boolean isDefaultJWTClient) {
this.jwtConfig = jwtConfig;
this.isDefaultJWTClient = isDefaultJWTClient;
}
/** /**
* {@inheritDoc} * {@inheritDoc}
*/ */
@ -64,7 +71,7 @@ public class JWTClient {
throws JWTClientException { throws JWTClientException {
List<NameValuePair> params = new ArrayList<>(); List<NameValuePair> params = new ArrayList<>();
params.add(new BasicNameValuePair(JWTConstants.GRANT_TYPE_PARAM_NAME, JWTConstants.JWT_GRANT_TYPE)); params.add(new BasicNameValuePair(JWTConstants.GRANT_TYPE_PARAM_NAME, JWTConstants.JWT_GRANT_TYPE));
String assertion = JWTClientUtil.generateSignedJWTAssertion(username, jwtConfig); String assertion = JWTClientUtil.generateSignedJWTAssertion(username, jwtConfig, isDefaultJWTClient);
if (assertion == null) { if (assertion == null) {
throw new JWTClientException("JWT is not configured properly for user : " + username); throw new JWTClientException("JWT is not configured properly for user : " + username);
} }

@ -106,7 +106,7 @@ public class JWTClientManagerServiceImpl implements JWTClientManagerService{
if (isDefaultJwtClient) { if (isDefaultJwtClient) {
try { try {
JWTConfig jwtConfig = new JWTConfig(properties); JWTConfig jwtConfig = new JWTConfig(properties);
defaultJWTClient = new JWTClient(jwtConfig); defaultJWTClient = new JWTClient(jwtConfig, true);
addJWTClient(MultitenantConstants.SUPER_TENANT_DOMAIN_NAME, defaultJWTClient); addJWTClient(MultitenantConstants.SUPER_TENANT_DOMAIN_NAME, defaultJWTClient);
} catch (JWTClientAlreadyExistsException e) { } catch (JWTClientAlreadyExistsException e) {
log.warn("Attempting to register a jwt client for the super tenant" + log.warn("Attempting to register a jwt client for the super tenant" +

@ -33,6 +33,7 @@ import org.apache.http.conn.ssl.SSLContextBuilder;
import org.apache.http.conn.ssl.TrustSelfSignedStrategy; import org.apache.http.conn.ssl.TrustSelfSignedStrategy;
import org.apache.http.impl.client.HttpClients; import org.apache.http.impl.client.HttpClients;
import org.apache.http.util.EntityUtils; import org.apache.http.util.EntityUtils;
import org.wso2.carbon.base.MultitenantConstants;
import org.wso2.carbon.context.PrivilegedCarbonContext; import org.wso2.carbon.context.PrivilegedCarbonContext;
import org.wso2.carbon.core.util.KeyStoreManager; import org.wso2.carbon.core.util.KeyStoreManager;
import org.wso2.carbon.identity.jwt.client.extension.service.JWTClientManagerService; import org.wso2.carbon.identity.jwt.client.extension.service.JWTClientManagerService;
@ -193,7 +194,8 @@ public class JWTClientUtil {
tenantRegistryLoader.loadTenantRegistry(tenantId); tenantRegistryLoader.loadTenantRegistry(tenantId);
} }
public static String generateSignedJWTAssertion(String username, JWTConfig jwtConfig) throws JWTClientException { public static String generateSignedJWTAssertion(String username, JWTConfig jwtConfig, boolean isDefaultJWTClient)
throws JWTClientException {
try { try {
String subject = username; String subject = username;
long currentTimeMillis = System.currentTimeMillis(); long currentTimeMillis = System.currentTimeMillis();
@ -227,15 +229,27 @@ public class JWTClientUtil {
String privateKeyAlias = jwtConfig.getPrivateKeyAlias(); String privateKeyAlias = jwtConfig.getPrivateKeyAlias();
String privateKeyPassword = jwtConfig.getPrivateKeyPassword(); String privateKeyPassword = jwtConfig.getPrivateKeyPassword();
KeyStore keyStore; KeyStore keyStore;
RSAPrivateKey rsaPrivateKey; RSAPrivateKey rsaPrivateKey = null;
if (keyStorePath != null && !keyStorePath.isEmpty()) { if (keyStorePath != null && !keyStorePath.isEmpty()) {
String keyStorePassword = jwtConfig.getKeyStorePassword(); String keyStorePassword = jwtConfig.getKeyStorePassword();
keyStore = loadKeyStore(new File(keyStorePath), keyStorePassword, "JKS"); keyStore = loadKeyStore(new File(keyStorePath), keyStorePassword, "JKS");
rsaPrivateKey = (RSAPrivateKey) keyStore.getKey(privateKeyAlias, privateKeyPassword.toCharArray()); rsaPrivateKey = (RSAPrivateKey) keyStore.getKey(privateKeyAlias, privateKeyPassword.toCharArray());
} else { } else {
int tenantId = PrivilegedCarbonContext.getThreadLocalCarbonContext().getTenantId(true); int tenantId = PrivilegedCarbonContext.getThreadLocalCarbonContext().getTenantId(true);
KeyStoreManager tenantKeyStoreManager = KeyStoreManager.getInstance(tenantId); JWTClientUtil.loadTenantRegistry(tenantId);
rsaPrivateKey = (RSAPrivateKey) tenantKeyStoreManager.getDefaultPrivateKey(); if (!(MultitenantConstants.SUPER_TENANT_ID == tenantId) && !isDefaultJWTClient) {
KeyStoreManager tenantKeyStoreManager = KeyStoreManager.getInstance(tenantId);
String tenantDomain = PrivilegedCarbonContext.getThreadLocalCarbonContext().getTenantDomain(true);
String ksName = tenantDomain.trim().replace('.', '-');
String jksName = ksName + ".jks";
rsaPrivateKey = (RSAPrivateKey) tenantKeyStoreManager.getPrivateKey(jksName, tenantDomain);
} else {
PrivilegedCarbonContext.startTenantFlow();
PrivilegedCarbonContext.getThreadLocalCarbonContext().setTenantId(MultitenantConstants.SUPER_TENANT_ID);
KeyStoreManager tenantKeyStoreManager = KeyStoreManager.getInstance(MultitenantConstants.SUPER_TENANT_ID);
rsaPrivateKey = (RSAPrivateKey) tenantKeyStoreManager.getDefaultPrivateKey();
PrivilegedCarbonContext.endTenantFlow();
}
} }
JWSSigner signer = new RSASSASigner(rsaPrivateKey); JWSSigner signer = new RSASSASigner(rsaPrivateKey);
SignedJWT signedJWT = new SignedJWT(new JWSHeader(JWSAlgorithm.RS256), claimsSet); SignedJWT signedJWT = new SignedJWT(new JWSHeader(JWSAlgorithm.RS256), claimsSet);

Loading…
Cancel
Save