Updated Grant Type Implementation

4.x.x
ayyoob 8 years ago
parent 8eb29a77cc
commit d5e756c205

@ -2,9 +2,9 @@ package org.wso2.carbon.device.mgt.oauth.extensions;
/**
* This hold the constants related oauth extensions.
* This hold the OAuthConstants related oauth extensions.
*/
public class Constants {
public class OAuthConstants {
public static final String DEFAULT_DEVICE_ASSERTION = "device";
public static final String DEFAULT_USERNAME_IDENTIFIER = "username";

@ -301,7 +301,7 @@ public class OAuthExtUtils {
DeviceRequestDTO deviceRequestDTO = null;
RequestParameter parameters[] = tokReqMsgCtx.getOauth2AccessTokenReqDTO().getRequestParameters();
for (RequestParameter parameter : parameters) {
if (Constants.DEFAULT_DEVICE_ASSERTION.equals(parameter.getKey())) {
if (OAuthConstants.DEFAULT_DEVICE_ASSERTION.equals(parameter.getKey())) {
String deviceJson = parameter.getValue()[0];
Gson gson = new Gson();
deviceRequestDTO = gson.fromJson(new String(Base64.decodeBase64(deviceJson)),
@ -309,26 +309,31 @@ public class OAuthExtUtils {
}
}
if (deviceRequestDTO != null) {
String scopeName = deviceRequestDTO.getScope();
List<DeviceIdentifier> deviceIdentifiers = deviceRequestDTO.getDeviceIdentifiers();
DeviceAuthorizationResult deviceAuthorizationResult = OAuthExtensionsDataHolder.getInstance()
.getDeviceAccessAuthorizationService()
.isUserAuthorized(deviceIdentifiers, username, getPermissions(scopeName));
if (deviceAuthorizationResult != null && deviceAuthorizationResult.getAuthorizedDevices() != null) {
String scopes[] = tokReqMsgCtx.getScope();
String authorizedScopes[] = new String[scopes.length + deviceAuthorizationResult
.getAuthorizedDevices().size()];
int scopeIndex = 0;
for (String scope : scopes) {
authorizedScopes[scopeIndex] = scope;
scopeIndex++;
}
for (DeviceIdentifier deviceIdentifier : deviceAuthorizationResult.getAuthorizedDevices()) {
authorizedScopes[scopeIndex] = DEFAULT_SCOPE_TAG + ":" + deviceIdentifier.getType() + ":" +
deviceIdentifier.getId() + ":" + scopeName;
scopeIndex++;
String requestScopes = deviceRequestDTO.getScope();
String scopeNames[] = requestScopes.split(" ");
for (String scopeName : scopeNames) {
List<DeviceIdentifier> deviceIdentifiers = deviceRequestDTO.getDeviceIdentifiers();
DeviceAuthorizationResult deviceAuthorizationResult = OAuthExtensionsDataHolder.getInstance()
.getDeviceAccessAuthorizationService()
.isUserAuthorized(deviceIdentifiers, username, getPermissions(scopeName));
if (deviceAuthorizationResult != null &&
deviceAuthorizationResult.getAuthorizedDevices() != null) {
String scopes[] = tokReqMsgCtx.getScope();
String authorizedScopes[] = new String[scopes.length + deviceAuthorizationResult
.getAuthorizedDevices().size()];
int scopeIndex = 0;
for (String scope : scopes) {
authorizedScopes[scopeIndex] = scope;
scopeIndex++;
}
for (DeviceIdentifier deviceIdentifier : deviceAuthorizationResult.getAuthorizedDevices()) {
authorizedScopes[scopeIndex] =
DEFAULT_SCOPE_TAG + ":" + deviceIdentifier.getType() + ":" +
deviceIdentifier.getId() + ":" + scopeName;
scopeIndex++;
}
tokReqMsgCtx.setScope(authorizedScopes);
}
tokReqMsgCtx.setScope(authorizedScopes);
}
}
} catch (DeviceAccessAuthorizationException e) {

@ -18,13 +18,10 @@
package org.wso2.carbon.device.mgt.oauth.extensions.handlers.grant;
import com.google.gson.Gson;
import org.apache.commons.codec.binary.Base64;
import org.apache.commons.logging.Log;
import org.apache.commons.logging.LogFactory;
import org.wso2.carbon.apimgt.keymgt.handlers.ExtendedPasswordGrantHandler;
import org.wso2.carbon.device.mgt.oauth.extensions.Constants;
import org.wso2.carbon.device.mgt.oauth.extensions.DeviceRequestDTO;
import org.wso2.carbon.device.mgt.oauth.extensions.OAuthConstants;
import org.wso2.carbon.device.mgt.oauth.extensions.OAuthExtUtils;
import org.wso2.carbon.identity.oauth2.IdentityOAuth2Exception;
import org.wso2.carbon.identity.oauth2.model.RequestParameter;
@ -40,12 +37,12 @@ public class ExtendedDeviceMgtPasswordGrantHandler extends ExtendedPasswordGrant
RequestParameter parameters[] = tokReqMsgCtx.getOauth2AccessTokenReqDTO().getRequestParameters();
for (RequestParameter parameter : parameters) {
switch (parameter.getKey()) {
case Constants.DEFAULT_USERNAME_IDENTIFIER:
case OAuthConstants.DEFAULT_USERNAME_IDENTIFIER:
String username = parameter.getValue()[0];
tokReqMsgCtx.getOauth2AccessTokenReqDTO().setResourceOwnerUsername(username);
break;
case Constants.DEFAULT_PASSWORD_IDENTIFIER:
case OAuthConstants.DEFAULT_PASSWORD_IDENTIFIER:
String password = parameter.getValue()[0];
tokReqMsgCtx.getOauth2AccessTokenReqDTO().setResourceOwnerPassword(password);
break;

@ -20,7 +20,7 @@ package org.wso2.carbon.device.mgt.oauth.extensions.validators;
import org.apache.oltu.oauth2.common.OAuth;
import org.apache.oltu.oauth2.common.validators.AbstractValidator;
import org.wso2.carbon.device.mgt.oauth.extensions.Constants;
import org.wso2.carbon.device.mgt.oauth.extensions.OAuthConstants;
import javax.servlet.http.HttpServletRequest;
@ -34,6 +34,5 @@ public class ExtendedDeviceJWTGrantValidator extends AbstractValidator<HttpServl
public ExtendedDeviceJWTGrantValidator() {
requiredParams.add(OAuth.OAUTH_GRANT_TYPE);
requiredParams.add(OAuth.OAUTH_ASSERTION);
requiredParams.add(Constants.DEFAULT_DEVICE_ASSERTION);
}
}

@ -20,7 +20,7 @@ package org.wso2.carbon.device.mgt.oauth.extensions.validators;
import org.apache.oltu.oauth2.common.OAuth;
import org.apache.oltu.oauth2.common.validators.AbstractValidator;
import org.wso2.carbon.device.mgt.oauth.extensions.Constants;
import org.wso2.carbon.device.mgt.oauth.extensions.OAuthConstants;
import javax.servlet.http.HttpServletRequest;
@ -32,6 +32,6 @@ public class ExtendedDevicePasswordGrantValidator extends AbstractValidator<Http
public ExtendedDevicePasswordGrantValidator() {
requiredParams.add(OAuth.OAUTH_USERNAME);
requiredParams.add(OAuth.OAUTH_PASSWORD);
requiredParams.add(Constants.DEFAULT_DEVICE_ASSERTION);
requiredParams.add(OAuthConstants.DEFAULT_DEVICE_ASSERTION);
}
}

@ -44,6 +44,7 @@ import java.security.KeyStoreException;
import java.security.NoSuchAlgorithmException;
import java.util.ArrayList;
import java.util.List;
import java.util.Map;
/**
* this class represents an implementation of Token Client which is based on JWT
@ -63,14 +64,10 @@ public class JWTClient {
this.isDefaultJWTClient = isDefaultJWTClient;
}
/**
* {@inheritDoc}
*/
public AccessTokenInfo getAccessToken(String consumerKey, String consumerSecret, String username, String scopes)
throws JWTClientException {
List<NameValuePair> params = new ArrayList<>();
params.add(new BasicNameValuePair(JWTConstants.GRANT_TYPE_PARAM_NAME, JWTConstants.JWT_GRANT_TYPE));
params.add(new BasicNameValuePair(JWTConstants.GRANT_TYPE_PARAM_NAME, jwtConfig.getJwtGrantType()));
String assertion = JWTClientUtil.generateSignedJWTAssertion(username, jwtConfig, isDefaultJWTClient);
if (assertion == null) {
throw new JWTClientException("JWT is not configured properly for user : " + username);
@ -80,9 +77,26 @@ public class JWTClient {
return getTokenInfo(params, consumerKey, consumerSecret);
}
/**
* {@inheritDoc}
*/
public AccessTokenInfo getAccessToken(String consumerKey, String consumerSecret, String username, String scopes,
Map<String, String> paramsMap)
throws JWTClientException {
List<NameValuePair> params = new ArrayList<>();
params.add(new BasicNameValuePair(JWTConstants.GRANT_TYPE_PARAM_NAME, jwtConfig.getJwtGrantType()));
String assertion = JWTClientUtil.generateSignedJWTAssertion(username, jwtConfig, isDefaultJWTClient);
if (assertion == null) {
throw new JWTClientException("JWT is not configured properly for user : " + username);
}
params.add(new BasicNameValuePair(JWTConstants.JWT_PARAM_NAME, assertion));
params.add(new BasicNameValuePair(JWTConstants.SCOPE_PARAM_NAME, scopes));
if (paramsMap != null) {
for (String key : paramsMap.keySet()) {
params.add(new BasicNameValuePair(key, paramsMap.get(key)));
}
}
return getTokenInfo(params, consumerKey, consumerSecret);
}
public AccessTokenInfo getAccessTokenFromRefreshToken(String refreshToken, String username, String scopes,
String consumerKey, String consumerSecret)
throws JWTClientException {

@ -23,7 +23,7 @@ package org.wso2.carbon.identity.jwt.client.extension.constant;
public class JWTConstants {
public static final String OAUTH_EXPIRES_IN = "expires_in";
public static final String OAUTH_TOKEN_TYPE = "token_type";
public static final String JWT_GRANT_TYPE = "urn:ietf:params:oauth:grant-type:device-mgt:jwt-bearer";
public static final String JWT_GRANT_TYPE = "urn:ietf:params:oauth:grant-type:jwt-bearer";
public static final String GRANT_TYPE_PARAM_NAME = "grant_type";
public static final String REFRESH_TOKEN_GRANT_TYPE = "refresh_token";
public static final String REFRESH_TOKEN_GRANT_TYPE_PARAM_NAME = "refresh_token";

@ -1,6 +1,7 @@
package org.wso2.carbon.identity.jwt.client.extension.dto;
import org.wso2.carbon.core.util.Utils;
import org.wso2.carbon.identity.jwt.client.extension.constant.JWTConstants;
import java.util.ArrayList;
import java.util.List;
@ -20,6 +21,7 @@ public class JWTConfig {
private static final String JKS_PASSWORD ="KeyStorePassword";
private static final String JKA_PRIVATE_KEY_PASSWORD = "PrivateKeyPassword";
private static final String TOKEN_ENDPOINT = "TokenEndpoint";
private static final String JWT_GRANT_TYPE_NAME = "GrantType";
/**
* issuer of the JWT
@ -69,6 +71,11 @@ public class JWTConfig {
private String privateKeyAlias;
private String privateKeyPassword;
/**
* Jwt Grant Type Name
*/
private String jwtGrantType;
/**
* @param properties load the config from the properties file.
*/
@ -89,6 +96,8 @@ public class JWTConfig {
privateKeyAlias = properties.getProperty(JKS_PRIVATE_KEY_ALIAS);
privateKeyPassword = properties.getProperty(JKA_PRIVATE_KEY_PASSWORD);
tokenEndpoint = properties.getProperty(TOKEN_ENDPOINT, "");
jwtGrantType = properties.getProperty(JWT_GRANT_TYPE_NAME, JWTConstants.JWT_GRANT_TYPE);
}
private static List<String> getAudience(String audience){
@ -146,4 +155,8 @@ public class JWTConfig {
public String getTokenEndpoint() {
return Utils.replaceSystemProperty(tokenEndpoint);
}
public String getJwtGrantType() {
return jwtGrantType;
}
}

@ -780,6 +780,11 @@
<artifactId>org.wso2.carbon.apimgt.keymgt.client</artifactId>
<version>${carbon.api.mgt.version}</version>
</dependency>
<dependency>
<groupId>org.wso2.carbon.apimgt</groupId>
<artifactId>org.wso2.carbon.apimgt.keymgt</artifactId>
<version>${carbon.api.mgt.version}</version>
</dependency>
<dependency>
<groupId>org.wso2.carbon.apimgt</groupId>
<artifactId>org.wso2.carbon.apimgt.impl</artifactId>

Loading…
Cancel
Save