diff --git a/components/apimgt-extensions/org.wso2.carbon.apimgt.application.extension.api/src/main/java/org/wso2/carbon/apimgt/application/extension/api/ApiApplicationRegistrationServiceImpl.java b/components/apimgt-extensions/org.wso2.carbon.apimgt.application.extension.api/src/main/java/org/wso2/carbon/apimgt/application/extension/api/ApiApplicationRegistrationServiceImpl.java index ca3c77f093e..d0fe4e516da 100644 --- a/components/apimgt-extensions/org.wso2.carbon.apimgt.application.extension.api/src/main/java/org/wso2/carbon/apimgt/application/extension/api/ApiApplicationRegistrationServiceImpl.java +++ b/components/apimgt-extensions/org.wso2.carbon.apimgt.application.extension.api/src/main/java/org/wso2/carbon/apimgt/application/extension/api/ApiApplicationRegistrationServiceImpl.java @@ -37,7 +37,6 @@ import javax.ws.rs.POST; import javax.ws.rs.Path; import javax.ws.rs.QueryParam; import javax.ws.rs.core.Response; -import java.util.ArrayList; import java.util.Arrays; @@ -106,8 +105,13 @@ public class ApiApplicationRegistrationServiceImpl implements ApiApplicationRegi jsonStringObject.put(ApiApplicationConstants.OAUTH_CLIENT_ID, registrationProfile.getConsumerKey()); jsonStringObject.put(ApiApplicationConstants.OAUTH_CLIENT_SECRET, registrationProfile.getConsumerSecret()); - jsonStringObject.put(ApiApplicationConstants.JSONSTRING_VALIDITY_PERIOD_TAG, - ApiApplicationConstants.DEFAULT_VALIDITY_PERIOD); + if (registrationProfile.getValidityPeriod() == 0) { + jsonStringObject.put(ApiApplicationConstants.JSONSTRING_VALIDITY_PERIOD_TAG, + ApiApplicationConstants.DEFAULT_VALIDITY_PERIOD); + } else { + jsonStringObject.put(ApiApplicationConstants.JSONSTRING_VALIDITY_PERIOD_TAG, + registrationProfile.getValidityPeriod()); + } apiManagementProviderService.registerExistingOAuthApplicationToAPIApplication( jsonStringObject.toJSONString(), registrationProfile.getApplicationName(), registrationProfile.getConsumerKey(), username, registrationProfile.isAllowedToAllDomains(), diff --git a/components/apimgt-extensions/org.wso2.carbon.apimgt.application.extension.api/src/main/java/org/wso2/carbon/apimgt/application/extension/api/util/RegistrationProfile.java b/components/apimgt-extensions/org.wso2.carbon.apimgt.application.extension.api/src/main/java/org/wso2/carbon/apimgt/application/extension/api/util/RegistrationProfile.java index c0d231039c3..3efd856cd4b 100644 --- a/components/apimgt-extensions/org.wso2.carbon.apimgt.application.extension.api/src/main/java/org/wso2/carbon/apimgt/application/extension/api/util/RegistrationProfile.java +++ b/components/apimgt-extensions/org.wso2.carbon.apimgt.application.extension.api/src/main/java/org/wso2/carbon/apimgt/application/extension/api/util/RegistrationProfile.java @@ -41,6 +41,8 @@ public class RegistrationProfile { private boolean isMappingAnExistingOAuthApp; private String consumerKey; private String consumerSecret; + @XmlElement(required = false) + private int validityPeriod; public String getApplicationName() { return applicationName; @@ -89,4 +91,12 @@ public class RegistrationProfile { public void setConsumerSecret(String consumerSecret) { this.consumerSecret = consumerSecret; } + + public int getValidityPeriod() { + return validityPeriod; + } + + public void setValidityPeriod(int validityPeriod) { + this.validityPeriod = validityPeriod; + } } diff --git a/components/device-mgt/org.wso2.carbon.device.mgt.ui/src/main/resources/jaggeryapps/devicemgt/app/modules/constants.js b/components/device-mgt/org.wso2.carbon.device.mgt.ui/src/main/resources/jaggeryapps/devicemgt/app/modules/constants.js index ed2dc01a8ec..a71495851f8 100644 --- a/components/device-mgt/org.wso2.carbon.device.mgt.ui/src/main/resources/jaggeryapps/devicemgt/app/modules/constants.js +++ b/components/device-mgt/org.wso2.carbon.device.mgt.ui/src/main/resources/jaggeryapps/devicemgt/app/modules/constants.js @@ -60,6 +60,8 @@ var WEB_SERVICE_ADDRESSING_VERSION = 1.0; var TOKEN_PAIR = "tokenPair"; var ENCODED_TENANT_BASED_CLIENT_APP_CREDENTIALS = "encodedTenantBasedClientAppCredentials"; var CONTENT_TYPE_IDENTIFIER = "Content-Type"; +var ENCODED_TENANT_BASED_WEB_SOCKET_CLIENT_CREDENTIALS = "encodedTenantBasedWebSocketClientCredentials"; + var CONTENT_DISPOSITION_IDENTIFIER = "Content-Disposition"; var APPLICATION_JSON = "application/json"; var APPLICATION_ZIP = "application/zip"; @@ -76,4 +78,6 @@ var HTTP_CONFLICT = 409; var HTTP_CREATED = 201; var CACHED_CREDENTIALS = "tenantBasedCredentials"; +var CACHED_CREDENTIALS_FOR_WEBSOCKET_APP = "tenantBasedWebSocketClientCredentials"; + var ALLOWED_SCOPES = "scopes"; diff --git a/components/device-mgt/org.wso2.carbon.device.mgt.ui/src/main/resources/jaggeryapps/devicemgt/app/modules/oauth/token-handler-utils.js b/components/device-mgt/org.wso2.carbon.device.mgt.ui/src/main/resources/jaggeryapps/devicemgt/app/modules/oauth/token-handler-utils.js index e6cecaeba62..50cdb7f76fc 100644 --- a/components/device-mgt/org.wso2.carbon.device.mgt.ui/src/main/resources/jaggeryapps/devicemgt/app/modules/oauth/token-handler-utils.js +++ b/components/device-mgt/org.wso2.carbon.device.mgt.ui/src/main/resources/jaggeryapps/devicemgt/app/modules/oauth/token-handler-utils.js @@ -138,6 +138,63 @@ var utils = function () { } }; + publicMethods["getTenantBasedWebSocketClientAppCredentials"] = function (username) { + if (!username) { + log.error("{/app/modules/oauth/token-handler-utils.js} Error in retrieving tenant " + + "based client app credentials. No username " + + "as input - getTenantBasedWebSocketClientAppCredentials(x)"); + return null; + } else { + //noinspection JSUnresolvedFunction, JSUnresolvedVariable + var tenantDomain = carbon.server.tenantDomain({username: username}); + if (!tenantDomain) { + log.error("{/app/modules/oauth/token-handler-utils.js} Error in retrieving tenant " + + "based client application credentials. Unable to obtain a valid tenant domain for provided " + + "username - getTenantBasedWebSocketClientAppCredentials(x, y)"); + return null; + } else { + var cachedBasedWebsocketClientAppCredentials = privateMethods. + getCachedBasedWebSocketClientAppCredentials(tenantDomain); + if (cachedBasedWebsocketClientAppCredentials) { + return cachedBasedWebsocketClientAppCredentials; + } else { + var adminUsername = deviceMgtProps["adminUser"]; + var adminUserTenantId = deviceMgtProps["adminUserTenantId"]; + //claims required for jwtAuthenticator. + var claims = {"http://wso2.org/claims/enduserTenantId": adminUserTenantId, + "http://wso2.org/claims/enduser": adminUsername}; + var jwtToken = publicMethods.getJwtToken(adminUsername, claims); + + // register a tenant based app at API Manager + var applicationName = "websocket_webapp_" + tenantDomain; + var requestURL = deviceMgtProps["oauthProvider"]["appRegistration"] + ["apiManagerClientAppRegistrationServiceURL"] + + "?tenantDomain=" + tenantDomain + "&applicationName=" + applicationName; + var xhr = new XMLHttpRequest(); + xhr.open("POST", requestURL, false); + xhr.setRequestHeader("Content-Type", "application/json"); + xhr.setRequestHeader("X-JWT-Assertion", "" + jwtToken); + xhr.send(); + if (xhr["status"] == 201 && xhr["responseText"]) { + var responsePayload = parse(xhr["responseText"]); + var tenantTenantBasedWebsocketClientAppCredentials = {}; + tenantTenantBasedWebsocketClientAppCredentials["clientId"] = responsePayload["client_id"]; + tenantTenantBasedWebsocketClientAppCredentials["clientSecret"] = + responsePayload["client_secret"]; + privateMethods.setCachedBasedWebSocketClientAppCredentials(tenantDomain, + tenantTenantBasedWebsocketClientAppCredentials); + return tenantTenantBasedWebsocketClientAppCredentials; + } else { + log.error("{/app/modules/oauth/token-handler-utils.js} Error in retrieving tenant " + + "based client application credentials from API " + + "Manager - getTenantBasedWebSocketClientAppCredentials(x, y)"); + return null; + } + } + } + } + }; + privateMethods["setCachedTenantBasedClientAppCredentials"] = function (tenantDomain, clientAppCredentials) { var cachedTenantBasedClientAppCredentialsMap = application.get(constants["CACHED_CREDENTIALS"]); if (!cachedTenantBasedClientAppCredentialsMap) { @@ -159,7 +216,32 @@ var utils = function () { } }; - publicMethods["getTokenPairAndScopesByPasswordGrantType"] = function (username, password, encodedClientAppCredentials, scopes) { + privateMethods["getCachedBasedWebSocketClientAppCredentials"] = function (tenantDomain) { + var cachedBasedWebSocketClientAppCredentialsMap + = application.get(constants["CACHED_CREDENTIALS_FOR_WEBSOCKET_APP"]); + if (!cachedBasedWebSocketClientAppCredentialsMap || + !cachedBasedWebSocketClientAppCredentialsMap[tenantDomain]) { + return null; + } else { + return cachedBasedWebSocketClientAppCredentialsMap[tenantDomain]; + } + }; + + privateMethods["setCachedBasedWebSocketClientAppCredentials"] = function (tenantDomain, clientAppCredentials) { + var cachedBasedWebSocketClientAppCredentialsMap + = application.get(constants["CACHED_CREDENTIALS_FOR_WEBSOCKET_APP"]); + if (!cachedBasedWebSocketClientAppCredentialsMap) { + cachedBasedWebSocketClientAppCredentialsMap = {}; + cachedBasedWebSocketClientAppCredentialsMap[tenantDomain] = clientAppCredentials; + application.put(constants["CACHED_CREDENTIALS_FOR_WEBSOCKET_APP"] + , cachedBasedWebSocketClientAppCredentialsMap); + } else if (!cachedBasedWebSocketClientAppCredentialsMap[tenantDomain]) { + cachedBasedWebSocketClientAppCredentialsMap[tenantDomain] = clientAppCredentials; + } + }; + + publicMethods["getTokenPairAndScopesByPasswordGrantType"] = function (username, password + , encodedClientAppCredentials, scopes) { if (!username || !password || !encodedClientAppCredentials || !scopes) { log.error("{/app/modules/oauth/token-handler-utils.js} Error in retrieving access token by password " + "grant type. No username, password, encoded client app credentials or scopes are " + diff --git a/components/device-mgt/org.wso2.carbon.device.mgt.ui/src/main/resources/jaggeryapps/devicemgt/app/modules/oauth/token-handlers.js b/components/device-mgt/org.wso2.carbon.device.mgt.ui/src/main/resources/jaggeryapps/devicemgt/app/modules/oauth/token-handlers.js index d5154711980..9c969f4ab16 100644 --- a/components/device-mgt/org.wso2.carbon.device.mgt.ui/src/main/resources/jaggeryapps/devicemgt/app/modules/oauth/token-handlers.js +++ b/components/device-mgt/org.wso2.carbon.device.mgt.ui/src/main/resources/jaggeryapps/devicemgt/app/modules/oauth/token-handlers.js @@ -39,6 +39,7 @@ var handlers = function () { "as input - setupTokenPairByPasswordGrantType(x, y)"); } else { privateMethods.setUpEncodedTenantBasedClientAppCredentials(username); + privateMethods.setUpEncodedTenantBasedWebSocketClientAppCredentials(username); var encodedClientAppCredentials = session.get(constants["ENCODED_TENANT_BASED_CLIENT_APP_CREDENTIALS"]); if (!encodedClientAppCredentials) { throw new Error("{/app/modules/oauth/token-handlers.js} Could not set up access token pair by " + @@ -81,6 +82,7 @@ var handlers = function () { "as input - setupTokenPairByPasswordGrantType(x, y)"); } else { privateMethods.setUpEncodedTenantBasedClientAppCredentials(username); + privateMethods.setUpEncodedTenantBasedWebSocketClientAppCredentials(username); var encodedClientAppCredentials = session.get(constants["ENCODED_TENANT_BASED_CLIENT_APP_CREDENTIALS"]); if (!encodedClientAppCredentials) { throw new Error("{/app/modules/oauth/token-handlers.js} Could not set up access token pair " + @@ -168,5 +170,44 @@ var handlers = function () { } }; + privateMethods["setUpEncodedTenantBasedWebSocketClientAppCredentials"] = function (username) { + if (!username) { + throw new Error("{/app/modules/oauth/token-handlers.js} Could not set up encoded tenant based " + + "client credentials to session context. No username of logged in user is found as " + + "input - setUpEncodedTenantBasedWebSocketClientAppCredentials(x)"); + } else { + if (devicemgtProps["apimgt-gateway"]) { + var tenantBasedWebSocketClientAppCredentials + = tokenUtil.getTenantBasedWebSocketClientAppCredentials(username); + if (!tenantBasedWebSocketClientAppCredentials) { + throw new Error("{/app/modules/oauth/token-handlers.js} Could not set up encoded tenant " + + "based client credentials to session context as the server is unable " + + "to obtain such credentials - setUpEncodedTenantBasedWebSocketClientAppCredentials(x)"); + } else { + var encodedTenantBasedWebSocketClientAppCredentials = + tokenUtil.encode(tenantBasedWebSocketClientAppCredentials["clientId"] + ":" + + tenantBasedWebSocketClientAppCredentials["clientSecret"]); + // setting up encoded tenant based client credentials to session context. + session.put(constants["ENCODED_TENANT_BASED_WEB_SOCKET_CLIENT_CREDENTIALS"], + encodedTenantBasedWebSocketClientAppCredentials); + } + } else { + var dynamicClientAppCredentials = tokenUtil.getDynamicClientAppCredentials(); + if (!dynamicClientAppCredentials) { + throw new Error("{/app/modules/oauth/token-handlers.js} Could not set up encoded tenant based " + + "client credentials to session context as the server is unable to obtain " + + "dynamic client credentials - setUpEncodedTenantBasedWebSocketClientAppCredentials(x)"); + } + var encodedTenantBasedWebSocketClientAppCredentials = + tokenUtil.encode(dynamicClientAppCredentials["clientId"] + ":" + + dynamicClientAppCredentials["clientSecret"]); + // setting up encoded tenant based client credentials to session context. + session.put(constants["ENCODED_TENANT_BASED_WEB_SOCKET_CLIENT_CREDENTIALS"], + encodedTenantBasedWebSocketClientAppCredentials); + } + + } + }; + return publicMethods; }(); \ No newline at end of file