forked from community/device-mgt-core
Merge branch 'master' of https://github.com/wso2/carbon-device-mgt
hasuniea
9 years ago
commit
1d578bc7c1
@ -0,0 +1,49 @@
|
||||
/*
|
||||
* Copyright (c) 2015, WSO2 Inc. (http://www.wso2.org) All Rights Reserved.
|
||||
*
|
||||
* WSO2 Inc. licenses this file to you under the Apache License,
|
||||
* Version 2.0 (the "License"); you may not use this file except
|
||||
* in compliance with the License.
|
||||
* you may obtain a copy of the License at
|
||||
*
|
||||
* http://www.apache.org/licenses/LICENSE-2.0
|
||||
*
|
||||
* Unless required by applicable law or agreed to in writing,
|
||||
* software distributed under the License is distributed on an
|
||||
* "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
|
||||
* KIND, either express or implied. See the License for the
|
||||
* specific language governing permissions and limitations
|
||||
* under the License.
|
||||
*/
|
||||
|
||||
package org.wso2.carbon.identity.authenticator.backend.oauth.internal;
|
||||
|
||||
import org.wso2.carbon.identity.oauth2.OAuth2TokenValidationService;
|
||||
|
||||
/**
|
||||
* DataHolder of Backend OAuth Authenticator component.
|
||||
*/
|
||||
public class OAuthAuthenticatorDataHolder {
|
||||
|
||||
private OAuth2TokenValidationService oAuth2TokenValidationService;
|
||||
|
||||
private static OAuthAuthenticatorDataHolder thisInstance = new OAuthAuthenticatorDataHolder();
|
||||
|
||||
private OAuthAuthenticatorDataHolder() {}
|
||||
|
||||
public static OAuthAuthenticatorDataHolder getInstance() {
|
||||
return thisInstance;
|
||||
}
|
||||
|
||||
public OAuth2TokenValidationService getOAuth2TokenValidationService() {
|
||||
if (oAuth2TokenValidationService == null) {
|
||||
throw new IllegalStateException("OAuth2TokenValidation service is not initialized properly");
|
||||
}
|
||||
return oAuth2TokenValidationService;
|
||||
}
|
||||
|
||||
public void setOAuth2TokenValidationService(
|
||||
OAuth2TokenValidationService oAuth2TokenValidationService) {
|
||||
this.oAuth2TokenValidationService = oAuth2TokenValidationService;
|
||||
}
|
||||
}
|
||||
@ -0,0 +1,87 @@
|
||||
/*
|
||||
* Copyright (c) 2015 WSO2 Inc. (http://www.wso2.org) All Rights Reserved.
|
||||
*
|
||||
* WSO2 Inc. licenses this file to you under the Apache License,
|
||||
* Version 2.0 (the "License"); you may not use this file except
|
||||
* in compliance with the License.
|
||||
* You may obtain a copy of the License at
|
||||
*
|
||||
* http://www.apache.org/licenses/LICENSE-2.0
|
||||
*
|
||||
* Unless required by applicable law or agreed to in writing,
|
||||
* software distributed under the License is distributed on an
|
||||
* "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
|
||||
* KIND, either express or implied. See the License for the
|
||||
* specific language governing permissions and limitations
|
||||
* under the License.
|
||||
*/
|
||||
|
||||
package org.wso2.carbon.identity.authenticator.backend.oauth.internal;
|
||||
|
||||
import org.apache.commons.logging.Log;
|
||||
import org.apache.commons.logging.LogFactory;
|
||||
import org.osgi.framework.BundleContext;
|
||||
import org.osgi.service.component.ComponentContext;
|
||||
import org.wso2.carbon.core.services.authentication.CarbonServerAuthenticator;
|
||||
import org.wso2.carbon.identity.authenticator.backend.oauth.OauthAuthenticator;
|
||||
import org.wso2.carbon.identity.oauth2.OAuth2TokenValidationService;
|
||||
|
||||
/**
|
||||
* @scr.component name="org.wso2.carbon.identity.backend.oauth.authenticator" immediate="true"
|
||||
* @scr.reference name="identity.oauth2.validation.service"
|
||||
* interface="org.wso2.carbon.identity.oauth2.OAuth2TokenValidationService"
|
||||
* cardinality="1..1"
|
||||
* policy="dynamic"
|
||||
* bind="setOAuth2ValidationService"
|
||||
* unbind="unsetOAuth2ValidationService"
|
||||
*/
|
||||
public class OAuthAuthenticatorServiceComponent {
|
||||
|
||||
private static final Log log = LogFactory.getLog(OAuthAuthenticatorServiceComponent.class);
|
||||
|
||||
@SuppressWarnings("unused")
|
||||
protected void activate(ComponentContext componentContext) {
|
||||
if (log.isDebugEnabled()) {
|
||||
log.debug("Starting Backend OAuthAuthenticator Framework Bundle");
|
||||
}
|
||||
try {
|
||||
/* Registering BackendOAuthAuthenticator Service */
|
||||
BundleContext bundleContext = componentContext.getBundleContext();
|
||||
OauthAuthenticator oAuthAuthenticator = new OauthAuthenticator();
|
||||
bundleContext.registerService(CarbonServerAuthenticator.class.getName(), oAuthAuthenticator, null);
|
||||
} catch (Throwable e) {
|
||||
log.error("Error occurred while initializing the bundle", e);
|
||||
}
|
||||
}
|
||||
|
||||
@SuppressWarnings("unused")
|
||||
protected void deactivate(ComponentContext componentContext) {
|
||||
//do nothing
|
||||
}
|
||||
|
||||
/**
|
||||
* Sets OAuth2TokenValidation Service.
|
||||
*
|
||||
* @param tokenValidationService An instance of OAuth2TokenValidationService.
|
||||
*/
|
||||
@SuppressWarnings("unused")
|
||||
protected void setOAuth2ValidationService(OAuth2TokenValidationService tokenValidationService) {
|
||||
if (log.isDebugEnabled()) {
|
||||
log.debug("Setting OAuth2TokenValidationService Service");
|
||||
}
|
||||
OAuthAuthenticatorDataHolder.getInstance().setOAuth2TokenValidationService(tokenValidationService);
|
||||
}
|
||||
|
||||
/**
|
||||
* Unsets OAuth2TokenValidation Service.
|
||||
*
|
||||
* @param tokenValidationService An instance of OAuth2TokenValidationService
|
||||
*/
|
||||
@SuppressWarnings("unused")
|
||||
protected void unsetOAuth2ValidationService(OAuth2TokenValidationService tokenValidationService) {
|
||||
if (log.isDebugEnabled()) {
|
||||
log.debug("Unsetting OAuth2TokenValidationService Service");
|
||||
}
|
||||
OAuthAuthenticatorDataHolder.getInstance().setOAuth2TokenValidationService(null);
|
||||
}
|
||||
}
|
||||
@ -1,60 +0,0 @@
|
||||
/*
|
||||
* Copyright (c) 2015 WSO2 Inc. (http://www.wso2.org) All Rights Reserved.
|
||||
*
|
||||
* WSO2 Inc. licenses this file to you under the Apache License,
|
||||
* Version 2.0 (the "License"); you may not use this file except
|
||||
* in compliance with the License.
|
||||
* You may obtain a copy of the License at
|
||||
*
|
||||
* http://www.apache.org/licenses/LICENSE-2.0
|
||||
*
|
||||
* Unless required by applicable law or agreed to in writing,
|
||||
* software distributed under the License is distributed on an
|
||||
* "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
|
||||
* KIND, either express or implied. See the License for the
|
||||
* specific language governing permissions and limitations
|
||||
* under the License.
|
||||
*/
|
||||
|
||||
package org.wso2.carbon.identity.authenticator.backend.oauth.internal;
|
||||
|
||||
import org.apache.commons.logging.Log;
|
||||
import org.apache.commons.logging.LogFactory;
|
||||
import org.osgi.framework.BundleActivator;
|
||||
import org.osgi.framework.BundleContext;
|
||||
import org.osgi.framework.ServiceRegistration;
|
||||
import org.wso2.carbon.core.services.authentication.CarbonServerAuthenticator;
|
||||
import org.wso2.carbon.identity.authenticator.backend.oauth.OauthAuthenticator;
|
||||
|
||||
|
||||
|
||||
public class OauthAuthenticatorServiceComponent implements BundleActivator {
|
||||
|
||||
private ServiceRegistration pipServiceRegRef;
|
||||
private static final Log log = LogFactory.getLog(OauthAuthenticatorServiceComponent
|
||||
.class);
|
||||
|
||||
@Override
|
||||
public void start(BundleContext bundleContext) throws Exception {
|
||||
log.info("Initiating");
|
||||
try {
|
||||
OauthAuthenticator oauthAuthenticator = new OauthAuthenticator();
|
||||
pipServiceRegRef = bundleContext.registerService(CarbonServerAuthenticator.class.getName(),
|
||||
oauthAuthenticator, null);
|
||||
if (log.isDebugEnabled()) {
|
||||
log.debug("OAuth Authenticator bundle is activated");
|
||||
}
|
||||
} catch (Throwable e) {
|
||||
log.fatal(" Error while activating OAuth authenticator ", e);
|
||||
}
|
||||
}
|
||||
|
||||
@Override
|
||||
public void stop(BundleContext bundleContext) throws Exception {
|
||||
if (log.isDebugEnabled()) {
|
||||
log.debug("OAuth Authenticator bundle is deactivated");
|
||||
}
|
||||
pipServiceRegRef.unregister();
|
||||
}
|
||||
|
||||
}
|
||||
@ -0,0 +1,34 @@
|
||||
/*
|
||||
* Copyright (c) 2015, WSO2 Inc. (http://www.wso2.org) All Rights Reserved.
|
||||
*
|
||||
* WSO2 Inc. licenses this file to you under the Apache License,
|
||||
* Version 2.0 (the "License"); you may not use this file except
|
||||
* in compliance with the License.
|
||||
* you may obtain a copy of the License at
|
||||
*
|
||||
* http://www.apache.org/licenses/LICENSE-2.0
|
||||
*
|
||||
* Unless required by applicable law or agreed to in writing,
|
||||
* software distributed under the License is distributed on an
|
||||
* "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
|
||||
* KIND, either express or implied. See the License for the
|
||||
* specific language governing permissions and limitations
|
||||
* under the License.
|
||||
*/
|
||||
package org.wso2.carbon.webapp.authenticator.framework.authenticator.oauth;
|
||||
|
||||
/**
|
||||
* Declares the contract for OAuth2TokenValidator implementations.
|
||||
*/
|
||||
public interface OAuth2TokenValidator {
|
||||
|
||||
/**
|
||||
* This method gets a string accessToken and validates it and generate the OAuthValidationResponse
|
||||
* containing the validity and user details if valid.
|
||||
*
|
||||
* @param accessToken which need to be validated.
|
||||
* @param resource which need to be validated.
|
||||
* @return OAuthValidationResponse with the validated results.
|
||||
*/
|
||||
OAuthValidationResponse validateToken(String accessToken, String resource) throws OAuthTokenValidationException;
|
||||
}
|
||||
@ -0,0 +1,33 @@
|
||||
/*
|
||||
* Copyright (c) 2015, WSO2 Inc. (http://www.wso2.org) All Rights Reserved.
|
||||
*
|
||||
* WSO2 Inc. licenses this file to you under the Apache License,
|
||||
* Version 2.0 (the "License"); you may not use this file except
|
||||
* in compliance with the License.
|
||||
* you may obtain a copy of the License at
|
||||
*
|
||||
* http://www.apache.org/licenses/LICENSE-2.0
|
||||
*
|
||||
* Unless required by applicable law or agreed to in writing,
|
||||
* software distributed under the License is distributed on an
|
||||
* "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
|
||||
* KIND, either express or implied. See the License for the
|
||||
* specific language governing permissions and limitations
|
||||
* under the License.
|
||||
*/
|
||||
|
||||
package org.wso2.carbon.webapp.authenticator.framework.authenticator.oauth;
|
||||
|
||||
/**
|
||||
* Defines constants to be used inside oauth validators.
|
||||
*/
|
||||
public class OAuthConstants {
|
||||
|
||||
public static final String AUTHORIZATION_HEADER_PREFIX_BEARER = "Bearer";
|
||||
public static final String AUTHORIZATION_HEADER_PREFIX_BASIC = "Basic";
|
||||
public static final String BEARER_TOKEN_TYPE = "bearer";
|
||||
public static final String BEARER_TOKEN_IDENTIFIER = "token";
|
||||
public static final String AUTHENTICATOR_NAME = "OAuthAuthenticator";
|
||||
public static final String RESOURCE_KEY = "resource";
|
||||
|
||||
}
|
||||
@ -0,0 +1,60 @@
|
||||
/*
|
||||
* Copyright (c) 2015, WSO2 Inc. (http://www.wso2.org) All Rights Reserved.
|
||||
*
|
||||
* WSO2 Inc. licenses this file to you under the Apache License,
|
||||
* Version 2.0 (the "License"); you may not use this file except
|
||||
* in compliance with the License.
|
||||
* you may obtain a copy of the License at
|
||||
*
|
||||
* http://www.apache.org/licenses/LICENSE-2.0
|
||||
*
|
||||
* Unless required by applicable law or agreed to in writing,
|
||||
* software distributed under the License is distributed on an
|
||||
* "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
|
||||
* KIND, either express or implied. See the License for the
|
||||
* specific language governing permissions and limitations
|
||||
* under the License.
|
||||
*/
|
||||
|
||||
package org.wso2.carbon.webapp.authenticator.framework.authenticator.oauth;
|
||||
|
||||
/**
|
||||
* Custom exception to be thrown inside OAuthTokenValidation related functionality.
|
||||
*/
|
||||
public class OAuthTokenValidationException extends Exception {
|
||||
|
||||
private static final long serialVersionUID = -3151279311929070297L;
|
||||
|
||||
private String errorMessage;
|
||||
|
||||
public String getErrorMessage() {
|
||||
return errorMessage;
|
||||
}
|
||||
|
||||
public void setErrorMessage(String errorMessage) {
|
||||
this.errorMessage = errorMessage;
|
||||
}
|
||||
|
||||
public OAuthTokenValidationException(String msg, Exception nestedEx) {
|
||||
super(msg, nestedEx);
|
||||
setErrorMessage(msg);
|
||||
}
|
||||
|
||||
public OAuthTokenValidationException(String message, Throwable cause) {
|
||||
super(message, cause);
|
||||
setErrorMessage(message);
|
||||
}
|
||||
|
||||
public OAuthTokenValidationException(String msg) {
|
||||
super(msg);
|
||||
setErrorMessage(msg);
|
||||
}
|
||||
|
||||
public OAuthTokenValidationException() {
|
||||
super();
|
||||
}
|
||||
|
||||
public OAuthTokenValidationException(Throwable cause) {
|
||||
super(cause);
|
||||
}
|
||||
}
|
||||
@ -0,0 +1,70 @@
|
||||
/*
|
||||
* Copyright (c) 2015, WSO2 Inc. (http://www.wso2.org) All Rights Reserved.
|
||||
*
|
||||
* WSO2 Inc. licenses this file to you under the Apache License,
|
||||
* Version 2.0 (the "License"); you may not use this file except
|
||||
* in compliance with the License.
|
||||
* you may obtain a copy of the License at
|
||||
*
|
||||
* http://www.apache.org/licenses/LICENSE-2.0
|
||||
*
|
||||
* Unless required by applicable law or agreed to in writing,
|
||||
* software distributed under the License is distributed on an
|
||||
* "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
|
||||
* KIND, either express or implied. See the License for the
|
||||
* specific language governing permissions and limitations
|
||||
* under the License.
|
||||
*/
|
||||
package org.wso2.carbon.webapp.authenticator.framework.authenticator.oauth;
|
||||
|
||||
/**
|
||||
* This class holds the authenticated user information after the OAuth2 token is validated.
|
||||
*/
|
||||
@SuppressWarnings("unused")
|
||||
public class OAuthValidationResponse {
|
||||
|
||||
private String userName;
|
||||
private String tenantDomain;
|
||||
private boolean isValid;
|
||||
private String errorMsg;
|
||||
|
||||
public OAuthValidationResponse() {}
|
||||
|
||||
public OAuthValidationResponse(String userName, String tenantDomain, boolean isValid) {
|
||||
this.userName = userName;
|
||||
this.tenantDomain = tenantDomain;
|
||||
this.isValid = isValid;
|
||||
}
|
||||
|
||||
public String getUserName() {
|
||||
return userName;
|
||||
}
|
||||
|
||||
public void setUserName(String userName) {
|
||||
this.userName = userName;
|
||||
}
|
||||
|
||||
public String getTenantDomain() {
|
||||
return tenantDomain;
|
||||
}
|
||||
|
||||
public void setTenantDomain(String tenantDomain) {
|
||||
this.tenantDomain = tenantDomain;
|
||||
}
|
||||
|
||||
public boolean isValid() {
|
||||
return isValid;
|
||||
}
|
||||
|
||||
public void setIsValid(boolean isValid) {
|
||||
this.isValid = isValid;
|
||||
}
|
||||
|
||||
public String getErrorMsg() {
|
||||
return errorMsg;
|
||||
}
|
||||
|
||||
public void setErrorMsg(String errorMsg) {
|
||||
this.errorMsg = errorMsg;
|
||||
}
|
||||
}
|
||||
@ -0,0 +1,71 @@
|
||||
/*
|
||||
* Copyright (c) 2015, WSO2 Inc. (http://www.wso2.org) All Rights Reserved.
|
||||
*
|
||||
* WSO2 Inc. licenses this file to you under the Apache License,
|
||||
* Version 2.0 (the "License"); you may not use this file except
|
||||
* in compliance with the License.
|
||||
* you may obtain a copy of the License at
|
||||
*
|
||||
* http://www.apache.org/licenses/LICENSE-2.0
|
||||
*
|
||||
* Unless required by applicable law or agreed to in writing,
|
||||
* software distributed under the License is distributed on an
|
||||
* "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
|
||||
* KIND, either express or implied. See the License for the
|
||||
* specific language governing permissions and limitations
|
||||
* under the License.
|
||||
*/
|
||||
package org.wso2.carbon.webapp.authenticator.framework.authenticator.oauth;
|
||||
|
||||
import org.wso2.carbon.core.security.AuthenticatorsConfiguration;
|
||||
import org.wso2.carbon.webapp.authenticator.framework.authenticator.oauth.impl.RemoteOAuthValidator;
|
||||
import org.wso2.carbon.webapp.authenticator.framework.authenticator.oauth.impl.LocalOAuthValidator;
|
||||
|
||||
/**
|
||||
* The class validate the configurations and provide the most suitable implementation according to the configuration.
|
||||
* Factory class for OAuthValidator.
|
||||
*/
|
||||
public class OAuthValidatorFactory {
|
||||
|
||||
private static final String AUTHENTICATOR_CONFIG_IS_REMOTE = "isRemote";
|
||||
private static final String AUTHENTICATOR_CONFIG_HOST_URL = "hostURL";
|
||||
private static final String AUTHENTICATOR_CONFIG_ADMIN_USERNAME = "adminUsername";
|
||||
private static final String AUTHENTICATOR_CONFIG_ADMIN_PASSWORD = "adminPassword";
|
||||
private static final String AUTHENTICATOR_CONFIG_OAUTH_AUTHENTICATOR_NAME = "OAuthAuthenticator";
|
||||
private static String OAUTH_ENDPOINT_POSTFIX =
|
||||
"/services/OAuth2TokenValidationService.OAuth2TokenValidationServiceHttpsSoap12Endpoint/";
|
||||
|
||||
/**
|
||||
* This factory method checks the authenticators.xml configuration file and provides an appropriate implementation
|
||||
* of OAuth2TokenValidator.
|
||||
* @return OAuth2TokenValidator
|
||||
*/
|
||||
public static OAuth2TokenValidator getValidator() throws IllegalArgumentException {
|
||||
AuthenticatorsConfiguration authenticatorsConfiguration = AuthenticatorsConfiguration.getInstance();
|
||||
AuthenticatorsConfiguration.AuthenticatorConfig authenticatorConfig = authenticatorsConfiguration.
|
||||
getAuthenticatorConfig(AUTHENTICATOR_CONFIG_OAUTH_AUTHENTICATOR_NAME);
|
||||
boolean isRemote;
|
||||
String hostUrl;
|
||||
String adminUserName;
|
||||
String adminPassword;
|
||||
if (authenticatorConfig != null && authenticatorConfig.getParameters() != null) {
|
||||
isRemote = Boolean.parseBoolean(authenticatorConfig.getParameters().get(
|
||||
AUTHENTICATOR_CONFIG_IS_REMOTE));
|
||||
hostUrl = authenticatorConfig.getParameters().get(AUTHENTICATOR_CONFIG_HOST_URL);
|
||||
adminUserName = authenticatorConfig.getParameters().get(AUTHENTICATOR_CONFIG_ADMIN_USERNAME);
|
||||
adminPassword = authenticatorConfig.getParameters().get(AUTHENTICATOR_CONFIG_ADMIN_PASSWORD);
|
||||
}else{
|
||||
throw new IllegalArgumentException("OAuth Authenticator configuration parameters need to be defined in " +
|
||||
"Authenticators.xml.");
|
||||
}
|
||||
if (isRemote) {
|
||||
if (!(hostUrl == null || hostUrl.trim().isEmpty())) {
|
||||
hostUrl = hostUrl + OAUTH_ENDPOINT_POSTFIX;
|
||||
return new RemoteOAuthValidator(hostUrl, adminUserName, adminPassword);
|
||||
} else {
|
||||
throw new IllegalArgumentException("Remote server host can't be empty in authenticators.xml.");
|
||||
}
|
||||
}
|
||||
return new LocalOAuthValidator();
|
||||
}
|
||||
}
|
||||
@ -0,0 +1,74 @@
|
||||
/*
|
||||
* Copyright (c) 2015, WSO2 Inc. (http://www.wso2.org) All Rights Reserved.
|
||||
*
|
||||
* WSO2 Inc. licenses this file to you under the Apache License,
|
||||
* Version 2.0 (the "License"); you may not use this file except
|
||||
* in compliance with the License.
|
||||
* you may obtain a copy of the License at
|
||||
*
|
||||
* http://www.apache.org/licenses/LICENSE-2.0
|
||||
*
|
||||
* Unless required by applicable law or agreed to in writing,
|
||||
* software distributed under the License is distributed on an
|
||||
* "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
|
||||
* KIND, either express or implied. See the License for the
|
||||
* specific language governing permissions and limitations
|
||||
* under the License.
|
||||
*/
|
||||
package org.wso2.carbon.webapp.authenticator.framework.authenticator.oauth.impl;
|
||||
|
||||
import org.wso2.carbon.identity.oauth2.dto.OAuth2TokenValidationRequestDTO;
|
||||
import org.wso2.carbon.identity.oauth2.dto.OAuth2TokenValidationResponseDTO;
|
||||
import org.wso2.carbon.utils.multitenancy.MultitenantUtils;
|
||||
import org.wso2.carbon.webapp.authenticator.framework.AuthenticatorFrameworkDataHolder;
|
||||
import org.wso2.carbon.webapp.authenticator.framework.authenticator.oauth.OAuth2TokenValidator;
|
||||
import org.wso2.carbon.webapp.authenticator.framework.authenticator.oauth.OAuthConstants;
|
||||
import org.wso2.carbon.webapp.authenticator.framework.authenticator.oauth.OAuthTokenValidationException;
|
||||
import org.wso2.carbon.webapp.authenticator.framework.authenticator.oauth.OAuthValidationResponse;
|
||||
|
||||
/**
|
||||
* Handles the OAuth2 token validation from the same server using OSGi services.
|
||||
*/
|
||||
public class LocalOAuthValidator implements OAuth2TokenValidator {
|
||||
|
||||
@Override
|
||||
public OAuthValidationResponse validateToken(String accessToken, String resource)
|
||||
throws OAuthTokenValidationException {
|
||||
OAuth2TokenValidationRequestDTO validationRequest = new OAuth2TokenValidationRequestDTO();
|
||||
OAuth2TokenValidationRequestDTO.OAuth2AccessToken oauthToken =
|
||||
validationRequest.new OAuth2AccessToken();
|
||||
oauthToken.setTokenType(OAuthConstants.BEARER_TOKEN_TYPE);
|
||||
oauthToken.setIdentifier(accessToken);
|
||||
validationRequest.setAccessToken(oauthToken);
|
||||
|
||||
//Set the resource context param. This will be used in scope validation.
|
||||
OAuth2TokenValidationRequestDTO.TokenValidationContextParam
|
||||
resourceContextParam = validationRequest.new TokenValidationContextParam();
|
||||
resourceContextParam.setKey(OAuthConstants.RESOURCE_KEY);
|
||||
resourceContextParam.setValue(resource);
|
||||
|
||||
OAuth2TokenValidationRequestDTO.TokenValidationContextParam[]
|
||||
tokenValidationContextParams =
|
||||
new OAuth2TokenValidationRequestDTO.TokenValidationContextParam[1];
|
||||
tokenValidationContextParams[0] = resourceContextParam;
|
||||
validationRequest.setContext(tokenValidationContextParams);
|
||||
|
||||
OAuth2TokenValidationResponseDTO tokenValidationResponse = AuthenticatorFrameworkDataHolder.getInstance().
|
||||
getOAuth2TokenValidationService().findOAuthConsumerIfTokenIsValid(
|
||||
validationRequest).getAccessTokenValidationResponse();
|
||||
boolean isValid = tokenValidationResponse.isValid();
|
||||
String userName;
|
||||
String tenantDomain;
|
||||
if (isValid) {
|
||||
userName = MultitenantUtils.getTenantAwareUsername(
|
||||
tokenValidationResponse.getAuthorizedUser());
|
||||
tenantDomain =
|
||||
MultitenantUtils.getTenantDomain(tokenValidationResponse.getAuthorizedUser());
|
||||
} else {
|
||||
OAuthValidationResponse oAuthValidationResponse = new OAuthValidationResponse();
|
||||
oAuthValidationResponse.setErrorMsg(tokenValidationResponse.getErrorMsg());
|
||||
return oAuthValidationResponse;
|
||||
}
|
||||
return new OAuthValidationResponse(userName,tenantDomain,isValid);
|
||||
}
|
||||
}
|
||||
@ -0,0 +1,120 @@
|
||||
/*
|
||||
* Copyright (c) 2015, WSO2 Inc. (http://www.wso2.org) All Rights Reserved.
|
||||
*
|
||||
* WSO2 Inc. licenses this file to you under the Apache License,
|
||||
* Version 2.0 (the "License"); you may not use this file except
|
||||
* in compliance with the License.
|
||||
* you may obtain a copy of the License at
|
||||
*
|
||||
* http://www.apache.org/licenses/LICENSE-2.0
|
||||
*
|
||||
* Unless required by applicable law or agreed to in writing,
|
||||
* software distributed under the License is distributed on an
|
||||
* "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
|
||||
* KIND, either express or implied. See the License for the
|
||||
* specific language governing permissions and limitations
|
||||
* under the License.
|
||||
*/
|
||||
package org.wso2.carbon.webapp.authenticator.framework.authenticator.oauth.impl;
|
||||
|
||||
import org.apache.axis2.AxisFault;
|
||||
import org.apache.axis2.client.Options;
|
||||
import org.apache.axis2.client.ServiceClient;
|
||||
import org.apache.axis2.transport.http.HTTPConstants;
|
||||
import org.apache.commons.codec.binary.Base64;
|
||||
import org.apache.commons.httpclient.Header;
|
||||
import org.wso2.carbon.identity.oauth2.stub.OAuth2TokenValidationServiceStub;
|
||||
import org.wso2.carbon.identity.oauth2.stub.dto.OAuth2TokenValidationRequestDTO;
|
||||
import org.wso2.carbon.identity.oauth2.stub.dto.OAuth2TokenValidationRequestDTO_OAuth2AccessToken;
|
||||
import org.wso2.carbon.identity.oauth2.stub.dto.OAuth2TokenValidationRequestDTO_TokenValidationContextParam;
|
||||
import org.wso2.carbon.identity.oauth2.stub.dto.OAuth2TokenValidationResponseDTO;
|
||||
import org.wso2.carbon.utils.multitenancy.MultitenantUtils;
|
||||
import org.wso2.carbon.webapp.authenticator.framework.authenticator.oauth.OAuth2TokenValidator;
|
||||
import org.wso2.carbon.webapp.authenticator.framework.authenticator.oauth.OAuthConstants;
|
||||
import org.wso2.carbon.webapp.authenticator.framework.authenticator.oauth.OAuthTokenValidationException;
|
||||
import org.wso2.carbon.webapp.authenticator.framework.authenticator.oauth.OAuthValidationResponse;
|
||||
|
||||
import java.rmi.RemoteException;
|
||||
import java.util.ArrayList;
|
||||
import java.util.List;
|
||||
|
||||
/**
|
||||
* Handles the OAuth2 token validation from remote IS servers using remote OAuthValidation service-stub.
|
||||
*/
|
||||
public class RemoteOAuthValidator implements OAuth2TokenValidator {
|
||||
|
||||
private String hostURL;
|
||||
private String adminUserName;
|
||||
private String adminPassword;
|
||||
|
||||
public RemoteOAuthValidator(String hostURL, String adminUserName, String adminPassword) {
|
||||
this.hostURL = hostURL;
|
||||
this.adminUserName = adminUserName;
|
||||
this.adminPassword = adminPassword;
|
||||
}
|
||||
|
||||
private String getBasicAuthCredentials() {
|
||||
byte[] bytesEncoded = Base64.encodeBase64((adminUserName + ":" + adminPassword).getBytes());
|
||||
return new String(bytesEncoded);
|
||||
}
|
||||
|
||||
@Override
|
||||
public OAuthValidationResponse validateToken(String accessToken, String resource) throws
|
||||
OAuthTokenValidationException {
|
||||
OAuth2TokenValidationRequestDTO validationRequest = new OAuth2TokenValidationRequestDTO();
|
||||
OAuth2TokenValidationRequestDTO_OAuth2AccessToken oauthToken =
|
||||
new OAuth2TokenValidationRequestDTO_OAuth2AccessToken();
|
||||
oauthToken.setTokenType(OAuthConstants.BEARER_TOKEN_TYPE);
|
||||
oauthToken.setIdentifier(accessToken);
|
||||
validationRequest.setAccessToken(oauthToken);
|
||||
|
||||
//Set the resource context param. This will be used in scope validation.
|
||||
OAuth2TokenValidationRequestDTO_TokenValidationContextParam resourceContextParam = new
|
||||
OAuth2TokenValidationRequestDTO_TokenValidationContextParam();
|
||||
resourceContextParam.setKey(OAuthConstants.RESOURCE_KEY);
|
||||
resourceContextParam.setValue(resource);
|
||||
|
||||
OAuth2TokenValidationRequestDTO_TokenValidationContextParam[] tokenValidationContextParams =
|
||||
new OAuth2TokenValidationRequestDTO_TokenValidationContextParam[1];
|
||||
tokenValidationContextParams[0] = resourceContextParam;
|
||||
validationRequest.setContext(tokenValidationContextParams);
|
||||
|
||||
OAuth2TokenValidationServiceStub tokenValidationService;
|
||||
try {
|
||||
tokenValidationService = new OAuth2TokenValidationServiceStub(hostURL);
|
||||
} catch (AxisFault axisFault) {
|
||||
throw new OAuthTokenValidationException("Exception occurred while obtaining the " +
|
||||
"OAuth2TokenValidationServiceStub.", axisFault);
|
||||
}
|
||||
ServiceClient client = tokenValidationService._getServiceClient();
|
||||
Options options = client.getOptions();
|
||||
List<Header> headerList = new ArrayList<>();
|
||||
Header header = new Header();
|
||||
header.setName(HTTPConstants.HEADER_AUTHORIZATION);
|
||||
header.setValue(OAuthConstants.AUTHORIZATION_HEADER_PREFIX_BASIC + " " + getBasicAuthCredentials());
|
||||
headerList.add(header);
|
||||
options.setProperty(HTTPConstants.HTTP_HEADERS, headerList);
|
||||
client.setOptions(options);
|
||||
OAuth2TokenValidationResponseDTO tokenValidationResponse;
|
||||
try {
|
||||
tokenValidationResponse = tokenValidationService.
|
||||
findOAuthConsumerIfTokenIsValid(validationRequest).getAccessTokenValidationResponse();
|
||||
} catch (RemoteException e) {
|
||||
throw new OAuthTokenValidationException("Remote Exception occurred while invoking the Remote IS server for " +
|
||||
"OAuth2 token validation.", e);
|
||||
}
|
||||
boolean isValid = tokenValidationResponse.getValid();
|
||||
String userName;
|
||||
String tenantDomain;
|
||||
if (isValid) {
|
||||
userName = MultitenantUtils.getTenantAwareUsername(
|
||||
tokenValidationResponse.getAuthorizedUser());
|
||||
tenantDomain = MultitenantUtils.getTenantDomain(tokenValidationResponse.getAuthorizedUser());
|
||||
} else {
|
||||
OAuthValidationResponse oAuthValidationResponse = new OAuthValidationResponse();
|
||||
oAuthValidationResponse.setErrorMsg(tokenValidationResponse.getErrorMsg());
|
||||
return oAuthValidationResponse;
|
||||
}
|
||||
return new OAuthValidationResponse(userName,tenantDomain,isValid);
|
||||
}
|
||||
}
|
||||
Loading…
Reference in new issue