Merge pull request #915 from charithag/master

Fix issue in remote connect token handling
revert-dabc3590
Charitha Goonetilleke 6 years ago committed by GitHub
commit 556450c24f
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23

@ -42,11 +42,8 @@ import java.io.IOException;
import java.text.SimpleDateFormat; import java.text.SimpleDateFormat;
import java.util.ArrayList; import java.util.ArrayList;
import java.util.Date; import java.util.Date;
import java.util.HashMap;
import java.util.LinkedList;
import java.util.List; import java.util.List;
import java.util.UUID; import java.util.UUID;
import java.util.Map;
/** /**
* Class @{@link RemoteSessionManagementServiceImpl} is the implementation of @{@link RemoteSessionManagementService} * Class @{@link RemoteSessionManagementServiceImpl} is the implementation of @{@link RemoteSessionManagementService}
@ -68,16 +65,13 @@ public class RemoteSessionManagementServiceImpl implements RemoteSessionManageme
} }
// Read Query Parameters for obtain the token // Read Query Parameters for obtain the token
Map<String, List<String>> sessionQueryParam = new HashMap(); String token = getTokenFromSession(session);
List<String> sessionQueryParamList = new LinkedList<>();
sessionQueryParamList.add(session.getQueryString());
sessionQueryParam.put(RemoteSessionConstants.QUERY_STRING, sessionQueryParamList);
// if session initiated using operation id means request came from device. // if session initiated using operation id means request came from device.
if (operationId == null) { if (operationId == null) {
// Validate the token // Validate the token
OAuthAuthenticator oAuthAuthenticator = RemoteSessionManagementDataHolder.getInstance().getOauthAuthenticator(); OAuthAuthenticator oAuthAuthenticator = RemoteSessionManagementDataHolder.getInstance().getOauthAuthenticator();
AuthenticationInfo authenticationInfo = oAuthAuthenticator.isAuthenticated(sessionQueryParam); AuthenticationInfo authenticationInfo = oAuthAuthenticator.isAuthenticated(token);
if (authenticationInfo != null && authenticationInfo.isAuthenticated()) { if (authenticationInfo != null && authenticationInfo.isAuthenticated()) {
try { try {
@ -136,17 +130,20 @@ public class RemoteSessionManagementServiceImpl implements RemoteSessionManageme
session.setMaxTextMessageBufferSize(RemoteSessionManagementDataHolder.getInstance() session.setMaxTextMessageBufferSize(RemoteSessionManagementDataHolder.getInstance()
.getMaxMessageBufferSize()); .getMaxMessageBufferSize());
session.setMaxIdleTimeout(RemoteSessionManagementDataHolder.getInstance().getMaxIdleTimeout()); session.setMaxIdleTimeout(RemoteSessionManagementDataHolder.getInstance().getMaxIdleTimeout());
String uuid = session.getQueryString();
if (uuid != null && uuid.isEmpty()) { if (token == null || token.isEmpty()) {
log.error("Could not find a UUID related to the remote session"); String message = "Could not find a UUID related to the remote session.";
log.error(message);
throw new RemoteSessionManagementException(message);
} else { } else {
String tenantDomain = RemoteSessionManagementDataHolder.getInstance().getUuidToTenantMap().remove(uuid); String tenantDomain = RemoteSessionManagementDataHolder.getInstance().getUuidToTenantMap().remove(token);
if (tenantDomain == null || tenantDomain.isEmpty()) { if (tenantDomain == null || tenantDomain.isEmpty()) {
log.error("Invalid UUID, could not create the remote session"); String message = "Invalid UUID (" + token + "), could not create the remote session.";
log.error(message);
throw new RemoteSessionManagementException(message);
} else { } else {
// create new device session // create new device session
initializeDeviceSession(session, tenantDomain, deviceType, deviceId, operationId, uuid); initializeDeviceSession(session, tenantDomain, deviceType, deviceId, operationId, token);
} }
} }
} }
@ -370,4 +367,33 @@ public class RemoteSessionManagementServiceImpl implements RemoteSessionManageme
} }
} }
/**
* Retrieving the token from the http session
*
* @param session WebSocket session
* @return retrieved token
*/
private String getTokenFromSession(Session session) {
if (session == null) {
return null;
}
String queryString = session.getQueryString();
if (queryString != null) {
String[] allQueryParamPairs = queryString.split(RemoteSessionConstants.OAuthTokenValidator
.QUERY_STRING_SEPERATOR);
for (String keyValuePair : allQueryParamPairs) {
String[] queryParamPair = keyValuePair.split(RemoteSessionConstants.OAuthTokenValidator
.QUERY_KEY_VALUE_SEPERATOR);
if (queryParamPair.length != 2) {
log.warn("Invalid query string [" + queryString + "] passed in.");
break;
}
if (queryParamPair[0].equals(RemoteSessionConstants.OAuthTokenValidator.TOKEN_IDENTIFIER)) {
return queryParamPair[1];
}
}
}
return null;
}
} }

@ -14,7 +14,6 @@
package org.wso2.carbon.device.mgt.extensions.remote.session.authentication; package org.wso2.carbon.device.mgt.extensions.remote.session.authentication;
import org.wso2.carbon.device.mgt.extensions.remote.session.authentication.oauth.OAuthTokenValidator; import org.wso2.carbon.device.mgt.extensions.remote.session.authentication.oauth.OAuthTokenValidator;
import java.util.List; import java.util.List;
@ -30,7 +29,7 @@ public class OAuthAuthenticator {
oAuthTokenValidator = new OAuthTokenValidator(globalProperties); oAuthTokenValidator = new OAuthTokenValidator(globalProperties);
} }
public AuthenticationInfo isAuthenticated(Map<String, List<String>> webSocketConnectionProperties) { public AuthenticationInfo isAuthenticated(String token) {
return oAuthTokenValidator.validateToken(webSocketConnectionProperties); return oAuthTokenValidator.validateToken(token);
} }
} }

@ -40,8 +40,6 @@ public class OAuthTokenValidator {
private static String cookie; private static String cookie;
private GenericObjectPool stubs; private GenericObjectPool stubs;
private static Log log = LogFactory.getLog(OAuthTokenValidator.class); private static Log log = LogFactory.getLog(OAuthTokenValidator.class);
private static OAuthTokenValidator oAuthTokenValidator;
public OAuthTokenValidator(Map<String, String> globalProperties) { public OAuthTokenValidator(Map<String, String> globalProperties) {
this.stubs = new GenericObjectPool(new OAuthTokenValidatorStubFactory(globalProperties)); this.stubs = new GenericObjectPool(new OAuthTokenValidatorStubFactory(globalProperties));
@ -50,11 +48,10 @@ public class OAuthTokenValidator {
/** /**
* This method gets a string accessToken and validates it * This method gets a string accessToken and validates it
* *
* @param webSocketConnectionProperties WebSocket connection information including http headers * @param token oauth token
* @return AuthenticationInfo with the validated results. * @return AuthenticationInfo with the validated results.
*/ */
public AuthenticationInfo validateToken(Map<String, List<String>> webSocketConnectionProperties) { public AuthenticationInfo validateToken(String token) {
String token = getTokenFromSession(webSocketConnectionProperties);
if (token == null) { if (token == null) {
AuthenticationInfo authenticationInfo = new AuthenticationInfo(); AuthenticationInfo authenticationInfo = new AuthenticationInfo();
authenticationInfo.setAuthenticated(false); authenticationInfo.setAuthenticated(false);
@ -65,10 +62,6 @@ public class OAuthTokenValidator {
Object stub = this.stubs.borrowObject(); Object stub = this.stubs.borrowObject();
if (stub != null) { if (stub != null) {
tokenValidationServiceStub = (OAuth2TokenValidationServiceStub) stub; tokenValidationServiceStub = (OAuth2TokenValidationServiceStub) stub;
if (cookie != null) {
tokenValidationServiceStub._getServiceClient().getOptions().setProperty(
HTTPConstants.COOKIE_STRING, cookie);
}
return getAuthenticationInfo(token, tokenValidationServiceStub); return getAuthenticationInfo(token, tokenValidationServiceStub);
} else { } else {
log.warn("Stub initialization failed."); log.warn("Stub initialization failed.");
@ -145,53 +138,4 @@ public class OAuthTokenValidator {
return authenticationInfo; return authenticationInfo;
} }
/**
* Retrieving the token from the http header
*
* @param webSocketConnectionProperties WebSocket connection information including http headers
* @return retrieved token
*/
private String getToken(Map<String, List<String>> webSocketConnectionProperties) {
String cookieString = webSocketConnectionProperties.get(RemoteSessionConstants.OAuthTokenValidator.COOKIE)
.get(0);
String[] properties = cookieString.split(RemoteSessionConstants.OAuthTokenValidator.COOKIE_KEYPAIR_SEPERATOR);
String token;
for (String keyValuePair : properties) {
if (RemoteSessionConstants.OAuthTokenValidator.TOKEN_IDENTIFIER.equals((keyValuePair.
split(RemoteSessionConstants.OAuthTokenValidator.COOKIE_KEY_VALUE_SEPERATOR)[0]).trim())) {
token = (keyValuePair.split(RemoteSessionConstants.OAuthTokenValidator.COOKIE_KEY_VALUE_SEPERATOR)
[1]).trim();
return token;
}
}
log.error("WebSocket token should be specified in cookie");
return null;
}
/**
* Retrieving the token from the http session
*
* @param webSocketConnectionProperties WebSocket connection information including http headers
* @return retrieved token
*/
private String getTokenFromSession(Map<String, List<String>> webSocketConnectionProperties) {
String queryString = webSocketConnectionProperties.get(RemoteSessionConstants.OAuthTokenValidator
.QUERY_STRING).get(0);
if (queryString != null) {
String[] allQueryParamPairs = queryString.split(RemoteSessionConstants.OAuthTokenValidator
.QUERY_STRING_SEPERATOR);
for (String keyValuePair : allQueryParamPairs) {
String[] queryParamPair = keyValuePair.split(RemoteSessionConstants.OAuthTokenValidator
.QUERY_KEY_VALUE_SEPERATOR);
if (queryParamPair.length != 2) {
log.warn("Invalid query string [" + queryString + "] passed in.");
break;
}
if (queryParamPair[0].equals(RemoteSessionConstants.OAuthTokenValidator.TOKEN_IDENTIFIER)) {
return queryParamPair[1];
}
}
}
return null;
}
} }

Loading…
Cancel
Save