forked from community/device-mgt-core
Merge branch 'master' of https://github.com/wso2/carbon-device-mgt
commit
441d2e171f
@ -0,0 +1,45 @@
|
||||
/*
|
||||
* Copyright (c) 2016, WSO2 Inc. (http://www.wso2.org) All Rights Reserved.
|
||||
*
|
||||
* WSO2 Inc. licenses this file to you under the Apache License,
|
||||
* Version 2.0 (the "License"); you may not use this file except
|
||||
* in compliance with the License.
|
||||
* You may obtain a copy of the License at
|
||||
*
|
||||
* http://www.apache.org/licenses/LICENSE-2.0
|
||||
*
|
||||
* Unless required by applicable law or agreed to in writing,
|
||||
* software distributed under the License is distributed on an
|
||||
* "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
|
||||
* KIND, either express or implied. See the License for the
|
||||
* specific language governing permissions and limitations
|
||||
* under the License.
|
||||
*/
|
||||
|
||||
package org.wso2.carbon.apimgt.annotations.api;
|
||||
|
||||
import java.lang.annotation.ElementType;
|
||||
import java.lang.annotation.Retention;
|
||||
import java.lang.annotation.RetentionPolicy;
|
||||
import java.lang.annotation.Target;
|
||||
|
||||
/**
|
||||
* This class is the representation of custom developed Permission annotation.
|
||||
*/
|
||||
@Target(ElementType.METHOD)
|
||||
@Retention(RetentionPolicy.RUNTIME)
|
||||
public @interface Permission {
|
||||
|
||||
/**
|
||||
* Represents the scope name.
|
||||
* @return Returns scope name.
|
||||
*/
|
||||
String scope();
|
||||
|
||||
/**
|
||||
* Represents the associated permissions.
|
||||
* @return Returns list of permissions.
|
||||
*/
|
||||
String[] permissions();
|
||||
|
||||
}
|
@ -0,0 +1,45 @@
|
||||
/*
|
||||
* Copyright (c) 2016, WSO2 Inc. (http://www.wso2.org) All Rights Reserved.
|
||||
*
|
||||
* WSO2 Inc. licenses this file to you under the Apache License,
|
||||
* Version 2.0 (the "License"); you may not use this file except
|
||||
* in compliance with the License.
|
||||
* You may obtain a copy of the License at
|
||||
*
|
||||
* http://www.apache.org/licenses/LICENSE-2.0
|
||||
*
|
||||
* Unless required by applicable law or agreed to in writing,
|
||||
* software distributed under the License is distributed on an
|
||||
* "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
|
||||
* KIND, either express or implied. See the License for the
|
||||
* specific language governing permissions and limitations
|
||||
* under the License.
|
||||
*/
|
||||
|
||||
package org.wso2.carbon.apimgt.webapp.publisher.config;
|
||||
|
||||
/**
|
||||
* This class represents the information related to permissions.
|
||||
*/
|
||||
public class PermissionConfiguration {
|
||||
|
||||
private String scopeName;
|
||||
private String[] permissions;
|
||||
|
||||
public String getScopeName() {
|
||||
return scopeName;
|
||||
}
|
||||
|
||||
public void setScopeName(String scope) {
|
||||
this.scopeName = scope;
|
||||
}
|
||||
|
||||
public String[] getPermissions() {
|
||||
return permissions;
|
||||
}
|
||||
|
||||
public void setPermissions(String[] permissions) {
|
||||
this.permissions = permissions;
|
||||
}
|
||||
|
||||
}
|
@ -0,0 +1,60 @@
|
||||
/*
|
||||
* Copyright (c) 2015, WSO2 Inc. (http://www.wso2.org) All Rights Reserved.
|
||||
*
|
||||
* WSO2 Inc. licenses this file to you under the Apache License,
|
||||
* Version 2.0 (the "License"); you may not use this file except
|
||||
* in compliance with the License.
|
||||
* you may obtain a copy of the License at
|
||||
*
|
||||
* http://www.apache.org/licenses/LICENSE-2.0
|
||||
*
|
||||
* Unless required by applicable law or agreed to in writing,
|
||||
* software distributed under the License is distributed on an
|
||||
* "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
|
||||
* KIND, either express or implied. See the License for the
|
||||
* specific language governing permissions and limitations
|
||||
* under the License.
|
||||
*/
|
||||
package org.wso2.carbon.apimgt.webapp.publisher.config;
|
||||
|
||||
/**
|
||||
* Custom exception class of Permission related operations.
|
||||
*/
|
||||
public class PermissionManagementException extends Exception {
|
||||
|
||||
private static final long serialVersionUID = -3151279311929070298L;
|
||||
|
||||
private String errorMessage;
|
||||
|
||||
public String getErrorMessage() {
|
||||
return errorMessage;
|
||||
}
|
||||
|
||||
public void setErrorMessage(String errorMessage) {
|
||||
this.errorMessage = errorMessage;
|
||||
}
|
||||
|
||||
public PermissionManagementException(String msg, Exception nestedEx) {
|
||||
super(msg, nestedEx);
|
||||
setErrorMessage(msg);
|
||||
}
|
||||
|
||||
public PermissionManagementException(String message, Throwable cause) {
|
||||
super(message, cause);
|
||||
setErrorMessage(message);
|
||||
}
|
||||
|
||||
public PermissionManagementException(String msg) {
|
||||
super(msg);
|
||||
setErrorMessage(msg);
|
||||
}
|
||||
|
||||
public PermissionManagementException() {
|
||||
super();
|
||||
}
|
||||
|
||||
public PermissionManagementException(Throwable cause) {
|
||||
super(cause);
|
||||
}
|
||||
|
||||
}
|
@ -0,0 +1,91 @@
|
||||
/*
|
||||
* Copyright (c) 2015, WSO2 Inc. (http://www.wso2.org) All Rights Reserved.
|
||||
*
|
||||
* WSO2 Inc. licenses this file to you under the Apache License,
|
||||
* Version 2.0 (the "License"); you may not use this file except
|
||||
* in compliance with the License.
|
||||
* you may obtain a copy of the License at
|
||||
*
|
||||
* http://www.apache.org/licenses/LICENSE-2.0
|
||||
*
|
||||
* Unless required by applicable law or agreed to in writing,
|
||||
* software distributed under the License is distributed on an
|
||||
* "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
|
||||
* KIND, either express or implied. See the License for the
|
||||
* specific language governing permissions and limitations
|
||||
* under the License.
|
||||
*/
|
||||
|
||||
package org.wso2.carbon.apimgt.webapp.publisher.lifecycle.util;
|
||||
|
||||
import org.wso2.carbon.apimgt.webapp.publisher.config.PermissionManagementException;
|
||||
import org.wso2.carbon.apimgt.webapp.publisher.internal.APIPublisherDataHolder;
|
||||
import org.wso2.carbon.context.PrivilegedCarbonContext;
|
||||
import org.wso2.carbon.registry.api.RegistryException;
|
||||
import org.wso2.carbon.registry.api.Resource;
|
||||
import org.wso2.carbon.registry.core.Registry;
|
||||
|
||||
import java.util.StringTokenizer;
|
||||
|
||||
/**
|
||||
* Utility class which holds necessary utility methods required for persisting permissions in
|
||||
* registry.
|
||||
*/
|
||||
public class PermissionUtils {
|
||||
|
||||
public static final String ADMIN_PERMISSION_REGISTRY_PATH = "/permission/admin";
|
||||
public static final String PERMISSION_PROPERTY_NAME = "name";
|
||||
|
||||
public static Registry getGovernanceRegistry() throws PermissionManagementException {
|
||||
try {
|
||||
int tenantId = PrivilegedCarbonContext.getThreadLocalCarbonContext().getTenantId();
|
||||
return APIPublisherDataHolder.getInstance().getRegistryService()
|
||||
.getGovernanceSystemRegistry(
|
||||
tenantId);
|
||||
} catch (RegistryException e) {
|
||||
throw new PermissionManagementException(
|
||||
"Error in retrieving governance registry instance: " +
|
||||
e.getMessage(), e);
|
||||
}
|
||||
}
|
||||
|
||||
public static void addPermission(String permission) throws PermissionManagementException {
|
||||
String resourcePermission = getAbsolutePermissionPath(permission);
|
||||
try {
|
||||
StringTokenizer tokenizer = new StringTokenizer(resourcePermission, "/");
|
||||
String lastToken = "", currentToken, tempPath;
|
||||
while (tokenizer.hasMoreTokens()) {
|
||||
currentToken = tokenizer.nextToken();
|
||||
tempPath = lastToken + "/" + currentToken;
|
||||
if (!checkResourceExists(tempPath)) {
|
||||
createRegistryCollection(tempPath, currentToken);
|
||||
}
|
||||
lastToken = tempPath;
|
||||
}
|
||||
} catch (RegistryException e) {
|
||||
throw new PermissionManagementException("Error occurred while persisting permission : " +
|
||||
resourcePermission, e);
|
||||
}
|
||||
}
|
||||
|
||||
public static void createRegistryCollection(String path, String resourceName)
|
||||
throws PermissionManagementException,
|
||||
RegistryException {
|
||||
Resource resource = PermissionUtils.getGovernanceRegistry().newCollection();
|
||||
resource.addProperty(PERMISSION_PROPERTY_NAME, resourceName);
|
||||
PermissionUtils.getGovernanceRegistry().beginTransaction();
|
||||
PermissionUtils.getGovernanceRegistry().put(path, resource);
|
||||
PermissionUtils.getGovernanceRegistry().commitTransaction();
|
||||
}
|
||||
|
||||
public static boolean checkResourceExists(String path)
|
||||
throws PermissionManagementException,
|
||||
org.wso2.carbon.registry.core.exceptions.RegistryException {
|
||||
return PermissionUtils.getGovernanceRegistry().resourceExists(path);
|
||||
}
|
||||
|
||||
private static String getAbsolutePermissionPath(String permissionPath) {
|
||||
return PermissionUtils.ADMIN_PERMISSION_REGISTRY_PATH + permissionPath;
|
||||
}
|
||||
|
||||
}
|
@ -0,0 +1,328 @@
|
||||
/*
|
||||
* Copyright (c) 2016, WSO2 Inc. (http://www.wso2.org) All Rights Reserved.
|
||||
*
|
||||
* WSO2 Inc. licenses this file to you under the Apache License,
|
||||
* Version 2.0 (the "License"); you may not use this file except
|
||||
* in compliance with the License.
|
||||
* You may obtain a copy of the License at
|
||||
*
|
||||
* http://www.apache.org/licenses/LICENSE-2.0
|
||||
*
|
||||
* Unless required by applicable law or agreed to in writing,
|
||||
* software distributed under the License is distributed on an
|
||||
* "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
|
||||
* KIND, either express or implied. See the License for the
|
||||
* specific language governing permissions and limitations
|
||||
* under the License.
|
||||
*/
|
||||
|
||||
package org.wso2.carbon.device.mgt.oauth.extensions.handlers.grant;
|
||||
|
||||
import org.apache.axiom.om.OMElement;
|
||||
import org.apache.commons.logging.Log;
|
||||
import org.apache.commons.logging.LogFactory;
|
||||
import org.wso2.carbon.device.mgt.oauth.extensions.OAuthExtUtils;
|
||||
import org.wso2.carbon.device.mgt.oauth.extensions.internal.OAuthExtensionsDataHolder;
|
||||
import org.wso2.carbon.identity.application.common.cache.BaseCache;
|
||||
import org.wso2.carbon.identity.core.util.IdentityConfigParser;
|
||||
import org.wso2.carbon.identity.core.util.IdentityCoreConstants;
|
||||
import org.wso2.carbon.identity.core.util.IdentityTenantUtil;
|
||||
import org.wso2.carbon.identity.oauth.common.OAuthConstants;
|
||||
import org.wso2.carbon.identity.oauth2.IdentityOAuth2Exception;
|
||||
import org.wso2.carbon.identity.oauth2.ResponseHeader;
|
||||
import org.wso2.carbon.identity.oauth2.dto.OAuth2AccessTokenReqDTO;
|
||||
import org.wso2.carbon.identity.oauth2.token.OAuthTokenReqMessageContext;
|
||||
import org.wso2.carbon.identity.oauth2.token.handlers.grant.PasswordGrantHandler;
|
||||
import org.wso2.carbon.user.api.Claim;
|
||||
import org.wso2.carbon.user.api.UserStoreException;
|
||||
import org.wso2.carbon.user.api.UserStoreManager;
|
||||
import org.wso2.carbon.user.core.UserRealm;
|
||||
import org.wso2.carbon.user.core.config.RealmConfiguration;
|
||||
import org.wso2.carbon.user.core.service.RealmService;
|
||||
import org.wso2.carbon.user.core.util.UserCoreUtil;
|
||||
|
||||
import javax.xml.namespace.QName;
|
||||
import java.util.*;
|
||||
import java.util.concurrent.ConcurrentHashMap;
|
||||
|
||||
@SuppressWarnings("unused")
|
||||
public class ExtendedPasswordGrantHandler extends PasswordGrantHandler {
|
||||
|
||||
private static Log log = LogFactory.getLog(ExtendedPasswordGrantHandler.class);
|
||||
|
||||
private static final String CONFIG_ELEM_OAUTH = "OAuth";
|
||||
|
||||
// Claims that are set as response headers of access token response
|
||||
private static final String REQUIRED_CLAIM_URIS = "RequiredRespHeaderClaimUris";
|
||||
private BaseCache<String, Claim[]> userClaimsCache;
|
||||
|
||||
// Primary/Secondary Login configuration
|
||||
private static final String CLAIM_URI = "ClaimUri";
|
||||
private static final String LOGIN_CONFIG = "LoginConfig";
|
||||
private static final String USERID_LOGIN = "UserIdLogin";
|
||||
private static final String EMAIL_LOGIN = "EmailLogin";
|
||||
private static final String PRIMARY_LOGIN = "primary";
|
||||
|
||||
private Map<String, Map<String, String>> loginConfiguration = new ConcurrentHashMap<>();
|
||||
|
||||
private List<String> requiredHeaderClaimUris = new ArrayList<>();
|
||||
|
||||
public void init() throws IdentityOAuth2Exception {
|
||||
|
||||
super.init();
|
||||
|
||||
IdentityConfigParser configParser;
|
||||
configParser = IdentityConfigParser.getInstance();
|
||||
OMElement oauthElem = configParser.getConfigElement(CONFIG_ELEM_OAUTH);
|
||||
|
||||
// Get the required claim uris that needs to be included in the response.
|
||||
parseRequiredHeaderClaimUris(oauthElem.getFirstChildWithName(getQNameWithIdentityNS(REQUIRED_CLAIM_URIS)));
|
||||
|
||||
// read login config
|
||||
parseLoginConfig(oauthElem);
|
||||
|
||||
userClaimsCache = new BaseCache<>("UserClaimsCache");
|
||||
if (log.isDebugEnabled()) {
|
||||
log.debug("Successfully created UserClaimsCache under " + OAuthConstants.OAUTH_CACHE_MANAGER);
|
||||
}
|
||||
}
|
||||
|
||||
@Override
|
||||
public boolean validateGrant(OAuthTokenReqMessageContext tokReqMsgCtx)
|
||||
throws IdentityOAuth2Exception {
|
||||
|
||||
OAuth2AccessTokenReqDTO oAuth2AccessTokenReqDTO = tokReqMsgCtx.getOauth2AccessTokenReqDTO();
|
||||
String username = oAuth2AccessTokenReqDTO.getResourceOwnerUsername();
|
||||
String loginUserName = getLoginUserName(username);
|
||||
tokReqMsgCtx.getOauth2AccessTokenReqDTO().setResourceOwnerUsername(loginUserName);
|
||||
|
||||
boolean isValidated = super.validateGrant(tokReqMsgCtx);
|
||||
|
||||
if (isValidated) {
|
||||
|
||||
int tenantId;
|
||||
tenantId = IdentityTenantUtil.getTenantIdOfUser(username);
|
||||
|
||||
RealmService realmService = OAuthExtensionsDataHolder.getInstance().getRealmService();
|
||||
UserStoreManager userStoreManager;
|
||||
try {
|
||||
userStoreManager = realmService.getTenantUserRealm(tenantId).getUserStoreManager();
|
||||
} catch (UserStoreException e) {
|
||||
log.error("Error when getting the tenant's UserStoreManager", e);
|
||||
return false;
|
||||
}
|
||||
|
||||
List<ResponseHeader> respHeaders = new ArrayList<>();
|
||||
|
||||
if (oAuth2AccessTokenReqDTO.getResourceOwnerUsername() != null) {
|
||||
try {
|
||||
if (requiredHeaderClaimUris != null && !requiredHeaderClaimUris.isEmpty()) {
|
||||
// Get user's claim values from the default profile.
|
||||
String userStoreDomain = tokReqMsgCtx.getAuthorizedUser().getUserStoreDomain();
|
||||
|
||||
String endUsernameWithDomain = UserCoreUtil.
|
||||
addDomainToName(oAuth2AccessTokenReqDTO.getResourceOwnerUsername(), userStoreDomain);
|
||||
|
||||
Claim[] mapClaimValues = getUserClaimValues(endUsernameWithDomain, userStoreManager);
|
||||
|
||||
if (mapClaimValues != null && mapClaimValues.length > 0) {
|
||||
ResponseHeader header;
|
||||
for (String claimUri : requiredHeaderClaimUris) {
|
||||
for (Claim claim : mapClaimValues) {
|
||||
if (claimUri.equals(claim.getClaimUri())) {
|
||||
header = new ResponseHeader();
|
||||
header.setKey(claim.getDisplayTag());
|
||||
header.setValue(claim.getValue());
|
||||
respHeaders.add(header);
|
||||
break;
|
||||
}
|
||||
}
|
||||
}
|
||||
} else if (log.isDebugEnabled()) {
|
||||
log.debug("No claim values for user : " + endUsernameWithDomain);
|
||||
}
|
||||
}
|
||||
} catch (Exception e) {
|
||||
throw new IdentityOAuth2Exception("Error occurred while retrieving user claims", e);
|
||||
}
|
||||
}
|
||||
tokReqMsgCtx.addProperty("RESPONSE_HEADERS", respHeaders.toArray(new ResponseHeader[respHeaders.size()]));
|
||||
}
|
||||
|
||||
return isValidated;
|
||||
}
|
||||
|
||||
@Override
|
||||
public boolean validateScope(OAuthTokenReqMessageContext tokReqMsgCtx) {
|
||||
return OAuthExtUtils.setScopes(tokReqMsgCtx);
|
||||
}
|
||||
|
||||
private String getLoginUserName(String userID) {
|
||||
String loginUserName = userID;
|
||||
if (isSecondaryLogin(userID)) {
|
||||
loginUserName = getPrimaryFromSecondary(userID);
|
||||
}
|
||||
return loginUserName;
|
||||
}
|
||||
|
||||
/**
|
||||
* Identify whether the logged in user used his Primary Login name or
|
||||
* Secondary login name
|
||||
*
|
||||
* @param userId - The username used to login.
|
||||
* @return <code>true</code> if secondary login name is used,
|
||||
* <code>false</code> if primary login name has been used
|
||||
*/
|
||||
private boolean isSecondaryLogin(String userId) {
|
||||
|
||||
if (loginConfiguration.get(EMAIL_LOGIN) != null) {
|
||||
Map<String, String> emailConf = loginConfiguration.get(EMAIL_LOGIN);
|
||||
if ("true".equalsIgnoreCase(emailConf.get(PRIMARY_LOGIN))) {
|
||||
return !isUserLoggedInEmail(userId);
|
||||
} else if ("false".equalsIgnoreCase(emailConf.get(PRIMARY_LOGIN))) {
|
||||
return isUserLoggedInEmail(userId);
|
||||
}
|
||||
} else if (loginConfiguration.get(USERID_LOGIN) != null) {
|
||||
Map<String, String> userIdConf = loginConfiguration.get(USERID_LOGIN);
|
||||
if ("true".equalsIgnoreCase(userIdConf.get(PRIMARY_LOGIN))) {
|
||||
return isUserLoggedInEmail(userId);
|
||||
} else if ("false".equalsIgnoreCase(userIdConf.get(PRIMARY_LOGIN))) {
|
||||
return !isUserLoggedInEmail(userId);
|
||||
}
|
||||
}
|
||||
return false;
|
||||
}
|
||||
|
||||
/**
|
||||
* Identify whether the logged in user used his ordinal username or email
|
||||
*
|
||||
* @param userId - username used to login.
|
||||
* @return - <code>true</code> if userId contains '@'. <code>false</code> otherwise
|
||||
*/
|
||||
private boolean isUserLoggedInEmail(String userId) {
|
||||
return userId.contains("@");
|
||||
}
|
||||
|
||||
/**
|
||||
* Get the primaryLogin name using secondary login name. Primary secondary
|
||||
* Configuration is provided in the identitiy.xml. In the userstore, it is
|
||||
* users responsibility TO MAINTAIN THE SECONDARY LOGIN NAME AS UNIQUE for
|
||||
* each and every users. If it is not unique, we will pick the very first
|
||||
* entry from the userlist.
|
||||
*
|
||||
* @param login - username used to login.
|
||||
* @return -
|
||||
*/
|
||||
private String getPrimaryFromSecondary(String login) {
|
||||
|
||||
String claimURI, username = null;
|
||||
if (isUserLoggedInEmail(login)) {
|
||||
Map<String, String> emailConf = loginConfiguration.get(EMAIL_LOGIN);
|
||||
claimURI = emailConf.get(CLAIM_URI);
|
||||
} else {
|
||||
Map<String, String> userIdConf = loginConfiguration.get(USERID_LOGIN);
|
||||
claimURI = userIdConf.get(CLAIM_URI);
|
||||
}
|
||||
|
||||
try {
|
||||
RealmService realmSvc = OAuthExtensionsDataHolder.getInstance().getRealmService();
|
||||
RealmConfiguration config = new RealmConfiguration();
|
||||
UserRealm realm = realmSvc.getUserRealm(config);
|
||||
org.wso2.carbon.user.core.UserStoreManager storeManager = realm.getUserStoreManager();
|
||||
String[] user = storeManager.getUserList(claimURI, login, null);
|
||||
if (user.length > 0) {
|
||||
username = user[0];
|
||||
}
|
||||
} catch (UserStoreException e) {
|
||||
log.error("Error while retrieving the primaryLogin name using secondary login name : " + login, e);
|
||||
}
|
||||
return username;
|
||||
}
|
||||
|
||||
private Claim[] getUserClaimValues(String authorizedUser, UserStoreManager userStoreManager)
|
||||
throws
|
||||
UserStoreException {
|
||||
Claim[] userClaims = userClaimsCache.getValueFromCache(authorizedUser);
|
||||
if (userClaims != null) {
|
||||
return userClaims;
|
||||
} else {
|
||||
if (log.isDebugEnabled()) {
|
||||
log.debug("Cache miss for user claims. Username :" + authorizedUser);
|
||||
}
|
||||
userClaims = userStoreManager.getUserClaimValues(
|
||||
authorizedUser, null);
|
||||
userClaimsCache.addToCache(authorizedUser, userClaims);
|
||||
return userClaims;
|
||||
}
|
||||
}
|
||||
|
||||
/**
|
||||
* Read the required claim configuration from identity.xml
|
||||
*/
|
||||
private void parseRequiredHeaderClaimUris(OMElement requiredClaimUrisElem) {
|
||||
if (requiredClaimUrisElem == null) {
|
||||
return;
|
||||
}
|
||||
|
||||
Iterator claimUris = requiredClaimUrisElem.getChildrenWithLocalName(CLAIM_URI);
|
||||
if (claimUris != null) {
|
||||
while (claimUris.hasNext()) {
|
||||
OMElement claimUri = (OMElement) claimUris.next();
|
||||
if (claimUri != null) {
|
||||
requiredHeaderClaimUris.add(claimUri.getText());
|
||||
}
|
||||
}
|
||||
}
|
||||
}
|
||||
|
||||
/**
|
||||
* Read the primary/secondary login configuration
|
||||
* <OAuth>
|
||||
* ....
|
||||
* <LoginConfig>
|
||||
* <UserIdLogin primary="true">
|
||||
* <ClaimUri></ClaimUri>
|
||||
* </UserIdLogin>
|
||||
* <EmailLogin primary="false">
|
||||
* <ClaimUri>http://wso2.org/claims/emailaddress</ClaimUri>
|
||||
* </EmailLogin>
|
||||
* </LoginConfig>
|
||||
* .....
|
||||
* </OAuth>
|
||||
*
|
||||
* @param oauthConfigElem - The '<LoginConfig>' xml configuration element in the api-manager.xml
|
||||
*/
|
||||
private void parseLoginConfig(OMElement oauthConfigElem) {
|
||||
OMElement loginConfigElem = oauthConfigElem.getFirstChildWithName(getQNameWithIdentityNS(LOGIN_CONFIG));
|
||||
if (loginConfigElem != null) {
|
||||
if (log.isDebugEnabled()) {
|
||||
log.debug("Login configuration is set ");
|
||||
}
|
||||
// Primary/Secondary supported login mechanisms
|
||||
OMElement emailConfigElem = loginConfigElem.getFirstChildWithName(getQNameWithIdentityNS(EMAIL_LOGIN));
|
||||
|
||||
OMElement userIdConfigElem = loginConfigElem.getFirstChildWithName(getQNameWithIdentityNS(USERID_LOGIN));
|
||||
|
||||
Map<String, String> emailConf = new HashMap<String, String>(2);
|
||||
emailConf.put(PRIMARY_LOGIN,
|
||||
emailConfigElem.getAttributeValue(new QName(PRIMARY_LOGIN)));
|
||||
emailConf.put(CLAIM_URI,
|
||||
emailConfigElem.getFirstChildWithName(getQNameWithIdentityNS(CLAIM_URI))
|
||||
.getText());
|
||||
|
||||
Map<String, String> userIdConf = new HashMap<String, String>(2);
|
||||
userIdConf.put(PRIMARY_LOGIN,
|
||||
userIdConfigElem.getAttributeValue(new QName(PRIMARY_LOGIN)));
|
||||
userIdConf.put(CLAIM_URI,
|
||||
userIdConfigElem.getFirstChildWithName(getQNameWithIdentityNS(CLAIM_URI))
|
||||
.getText());
|
||||
|
||||
loginConfiguration.put(EMAIL_LOGIN, emailConf);
|
||||
loginConfiguration.put(USERID_LOGIN, userIdConf);
|
||||
}
|
||||
}
|
||||
|
||||
private QName getQNameWithIdentityNS(String localPart) {
|
||||
return new QName(IdentityCoreConstants.IDENTITY_DEFAULT_NAMESPACE, localPart);
|
||||
}
|
||||
}
|
Loading…
Reference in new issue