changed websocket token retrieval mechanism

revert-dabc3590
GPrathap 8 years ago
parent d54d854c4e
commit 21abaa8270

@ -702,14 +702,13 @@ function intializeWebsocketUrls() {
.constance.TENANT_INDEX + ApplicationOptions.constance.PATH_SEPARATOR + data.user.domain +
ApplicationOptions.constance.PATH_SEPARATOR + ApplicationOptions.constance
.CEP_WEB_SOCKET_OUTPUT_ADAPTOR_NAME + ApplicationOptions.constance.PATH_SEPARATOR + ApplicationOptions.constance.VERSION
+ "?deviceId=" + deviceId + "&deviceType=" + deviceType;
+ "?deviceId=" + deviceId + "&deviceType=" + deviceType + "&websocketToken=" + accessToken;
alertWebSocketURL = 'wss://' + hostname + ':' + port + ApplicationOptions.constance.PATH_SEPARATOR + ApplicationOptions.constance
.CEP_WEB_SOCKET_OUTPUT_ADAPTOR_WEBAPP_NAME + ApplicationOptions.constance.PATH_SEPARATOR + ApplicationOptions
.constance.TENANT_INDEX + ApplicationOptions.constance.PATH_SEPARATOR + data.user.domain +
ApplicationOptions.constance.PATH_SEPARATOR + ApplicationOptions.constance
.CEP_ON_ALERT_WEB_SOCKET_OUTPUT_ADAPTOR_NAME + ApplicationOptions.constance.PATH_SEPARATOR + ApplicationOptions.constance.VERSION
+ "?deviceId=" + deviceId + "&deviceType=" + deviceType;
document.cookie = "websocket-token=" + accessToken + "; path=/";
+ "?deviceId=" + deviceId + "&deviceType=" + deviceType + "&websocketToken=" + accessToken;
$("#proximity_alert").hide();
initializeWebSocket();
initializeOnAlertWebSocket();

@ -22,13 +22,21 @@ function onRequest(context) {
var device = context.unit.params.device;
var devicemgtProps = require("/app/modules/conf-reader/main.js")["conf"];
var constants = require("/app/modules/constants.js");
var websocketEndpoint = devicemgtProps["wssURL"].replace("https", "wss");
var tokenPair = session.get(constants["TOKEN_PAIR"]);
var jwtService = carbonServer.osgiService(
'org.wso2.carbon.identity.jwt.client.extension.service.JWTClientManagerService');
var jwtClient = jwtService.getJWTClient();
var encodedClientKeys = session.get(constants["ENCODED_TENANT_BASED_WEB_SOCKET_CLIENT_CREDENTIALS"]);
var token = "";
if (encodedClientKeys) {
var tokenUtil = require("/app/modules/oauth/token-handler-utils.js")["utils"];
var resp = tokenUtil.decode(encodedClientKeys).split(":");
var tokenPair = jwtClient.getAccessToken(resp[0], resp[1], context.user.username,"default", {});
if (tokenPair) {
var token = parse(tokenPair)["accessToken"];
token = tokenPair.accessToken;
}
websocketEndpoint = websocketEndpoint + "/secured-websocket/org.wso2.iot.android.sense/1.0.0?" +
"token="+ token +"&deviceId=" + device.deviceIdentifier + "&deviceType=" + device.type;
+ "deviceId=" + device.deviceIdentifier + "&deviceType=" + device.type + "&websocketToken=" + token;
}
return {"device": device, "websocketEndpoint": websocketEndpoint};
}

@ -36,9 +36,7 @@ function onRequest(context) {
token = tokenPair.accessToken;
}
websocketEndpoint = websocketEndpoint + "/secured-websocket/org.wso2.iot.devices.temperature/1.0.0?"
+ "deviceId=" + device.deviceIdentifier + "&deviceType=" + device.type;
var websocketToken= {'name':'websocket-token','value': token, 'path':'/', "maxAge":18000};
response.addCookie(websocketToken);
+ "deviceId=" + device.deviceIdentifier + "&deviceType=" + device.type + "&websocketToken=" + token;
}
return {"device": device, "websocketEndpoint": websocketEndpoint};
}

@ -36,9 +36,7 @@ function onRequest(context) {
token = tokenPair.accessToken;
}
websocketEndpoint = websocketEndpoint + "/secured-websocket/org.wso2.iot.devices.temperature/1.0.0?"
+ "deviceId=" + device.deviceIdentifier + "&deviceType=" + device.type;
var websocketToken= {'name':'websocket-token','value': token, 'path':'/', "maxAge":18000};
response.addCookie(websocketToken);
+ "deviceId=" + device.deviceIdentifier + "&deviceType=" + device.type + "&websocketToken=" + token;
}
return {"device": device, "websocketEndpoint": websocketEndpoint};
}

@ -36,9 +36,7 @@ function onRequest(context) {
token = tokenPair.accessToken;
}
websocketEndpoint = websocketEndpoint + "/secured-websocket/org.wso2.iot.devices.temperature/1.0.0?"
+ "deviceId=" + device.deviceIdentifier + "&deviceType=" + device.type;
var websocketToken= {'name':'websocket-token','value': token, 'path':'/', "maxAge":18000};
response.addCookie(websocketToken);
+ "deviceId=" + device.deviceIdentifier + "&deviceType=" + device.type + "&websocketToken=" + token;
}
return {"device": device, "websocketEndpoint": websocketEndpoint};
}

@ -18,6 +18,7 @@
package org.wso2.carbon.device.mgt.output.adapter.websocket.endpoint;
import org.apache.commons.collections.map.HashedMap;
import org.apache.commons.logging.Log;
import org.apache.commons.logging.LogFactory;
import org.wso2.carbon.context.PrivilegedCarbonContext;
@ -38,6 +39,7 @@ import javax.websocket.OnOpen;
import javax.websocket.server.PathParam;
import javax.websocket.server.ServerEndpoint;
import java.io.IOException;
import java.util.LinkedList;
import java.util.List;
import java.util.Map;
@ -63,10 +65,12 @@ public class SuperTenantSubscriptionEndpoint extends SubscriptionEndpoint {
if (log.isDebugEnabled()) {
log.debug("WebSocket opened, for Session id: " + session.getId() + ", for the Stream:" + streamName);
}
Map<String, List<String>> httpHeaders;
httpHeaders = (Map<String, List<String>>) config.getUserProperties().get(Constants.HTTP_HEADERS);
Map<String, List<String>> sessionQueryParam = new HashedMap();
List<String> sessionQueryParamList = new LinkedList<>();
sessionQueryParamList.add(session.getQueryString());
sessionQueryParam.put(Constants.QUERY_STRING, sessionQueryParamList);
Authenticator authenticator = ServiceHolder.getWebsocketValidationService().getAuthenticator();
AuthenticationInfo authenticationInfo = authenticator.isAuthenticated(httpHeaders);
AuthenticationInfo authenticationInfo = authenticator.isAuthenticated(sessionQueryParam);
if (authenticationInfo != null && authenticationInfo.isAuthenticated()) {
Authorizer authorizer = ServiceHolder.getWebsocketValidationService().getAuthorizer();
boolean isAuthorized = authorizer.isAuthorized(authenticationInfo, session, streamName);

@ -18,6 +18,7 @@
package org.wso2.carbon.device.mgt.output.adapter.websocket.endpoint;
import org.apache.commons.collections.map.HashedMap;
import org.apache.commons.logging.Log;
import org.apache.commons.logging.LogFactory;
import org.wso2.carbon.context.PrivilegedCarbonContext;
@ -37,6 +38,7 @@ import javax.websocket.OnOpen;
import javax.websocket.server.PathParam;
import javax.websocket.server.ServerEndpoint;
import java.io.IOException;
import java.util.LinkedList;
import java.util.List;
import java.util.Map;
@ -63,10 +65,12 @@ public class TenantSubscriptionEndpoint extends SubscriptionEndpoint {
if (log.isDebugEnabled()) {
log.debug("WebSocket opened, for Session id: "+session.getId()+", for the Stream:"+streamName);
}
Map<String, List<String>> httpHeaders;
httpHeaders = (Map<String, List<String>>) config.getUserProperties().get(Constants.HTTP_HEADERS);
Map<String, List<String>> sessionQueryParam = new HashedMap();
List<String> sessionQueryParamList = new LinkedList<>();
sessionQueryParamList.add(session.getQueryString());
sessionQueryParam.put(Constants.QUERY_STRING, sessionQueryParamList);
Authenticator authenticator = ServiceHolder.getWebsocketValidationService().getAuthenticator();
AuthenticationInfo authenticationInfo = authenticator.isAuthenticated(httpHeaders);
AuthenticationInfo authenticationInfo = authenticator.isAuthenticated(sessionQueryParam);
if (authenticationInfo != null && authenticationInfo.isAuthenticated()) {
Authorizer authorizer = ServiceHolder.getWebsocketValidationService().getAuthorizer();
boolean isAuthorized = authorizer.isAuthorized(authenticationInfo, session, streamName);

@ -22,4 +22,5 @@ package org.wso2.carbon.device.mgt.output.adapter.websocket.endpoint.constants;
public class Constants {
public static final String HTTP_HEADERS = "HttpHeaders";
public static final String QUERY_STRING = "queryString";
}

@ -45,7 +45,10 @@ public class OAuthTokenValdiator {
private static final String COOKIE_KEYPAIR_SEPERATOR = ";";
private static final String COOKIE = "cookie";
private static final String TOKEN_TYPE = "bearer";
private static final String TOKEN_IDENTIFIER = "websocket-token";
private static final String TOKEN_IDENTIFIER = "websocketToken";
private static final String QUERY_STRING_SEPERATOR = "&";
private static final String QUERY_KEY_VALUE_SEPERATOR = "=";
private static final String QUERY_STRING = "queryString";
private static OAuthTokenValdiator oAuthTokenValdiator;
@ -59,7 +62,7 @@ public class OAuthTokenValdiator {
* @return AuthenticationInfo with the validated results.
*/
public AuthenticationInfo validateToken(Map<String, List<String>> webSocketConnectionProperties) {
String token = getToken(webSocketConnectionProperties);
String token = getTokenFromSession(webSocketConnectionProperties);
if (token == null) {
AuthenticationInfo authenticationInfo = new AuthenticationInfo();
authenticationInfo.setAuthenticated(false);
@ -168,4 +171,27 @@ public class OAuthTokenValdiator {
log.error("WebSocket token should be specified in cookie");
return null;
}
/**
* Retrieving the token from the http session
* @param webSocketConnectionProperties WebSocket connection information including http headers
* @return retrieved token
*/
private String getTokenFromSession(Map<String, List<String>> webSocketConnectionProperties) {
String queryString = webSocketConnectionProperties.get(QUERY_STRING).get(0);
if (queryString != null) {
String[] allQueryParamPairs = queryString.split(QUERY_STRING_SEPERATOR);
for (String keyValuePair : allQueryParamPairs) {
String[] queryParamPair = keyValuePair.split(QUERY_KEY_VALUE_SEPERATOR);
if (queryParamPair.length != 2) {
log.warn("Invalid query string [" + queryString + "] passed in.");
break;
}
if (queryParamPair[0].equals(TOKEN_IDENTIFIER)) {
return queryParamPair[1];
}
}
}
return null;
}
}

Loading…
Cancel
Save