From 36462e2e4e1ede4166e128e3d89e49dd3965182c Mon Sep 17 00:00:00 2001 From: prabathabey Date: Sat, 19 Dec 2015 12:07:08 +0530 Subject: [PATCH] Improving performance of webapp authenticator valve implementation --- .../pom.xml | 10 +- .../OAuthTokenValidationStubFactory.java | 119 ++++++++++++++++++ .../authenticator/BasicAuthAuthenticator.java | 17 +++ .../CertificateAuthenticator.java | 17 +++ .../authenticator/JWTAuthenticator.java | 17 +++ .../authenticator/OAuthAuthenticator.java | 46 +++++-- .../authenticator/WebappAuthenticator.java | 8 ++ .../oauth/OAuth2TokenValidator.java | 1 + .../oauth/OAuthValidatorFactory.java | 29 ++++- .../oauth/impl/RemoteOAuthValidator.java | 63 +++++----- .../framework/config/AuthenticatorConfig.java | 35 ++++++ ...uthenticatorFrameworkServiceComponent.java | 8 ++ pom.xml | 12 +- 13 files changed, 333 insertions(+), 49 deletions(-) create mode 100644 components/webapp-authenticator-framework/org.wso2.carbon.webapp.authenticator.framework/src/main/java/org/wso2/carbon/webapp/authenticator/framework/Utils/OAuthTokenValidationStubFactory.java diff --git a/components/webapp-authenticator-framework/org.wso2.carbon.webapp.authenticator.framework/pom.xml b/components/webapp-authenticator-framework/org.wso2.carbon.webapp.authenticator.framework/pom.xml index 3dad448cc6..7684fb68e9 100644 --- a/components/webapp-authenticator-framework/org.wso2.carbon.webapp.authenticator.framework/pom.xml +++ b/components/webapp-authenticator-framework/org.wso2.carbon.webapp.authenticator.framework/pom.xml @@ -105,9 +105,15 @@ org.apache.axis2.client, org.apache.commons.codec.binary, org.apache.commons.httpclient, - org.wso2.carbon.core.security + org.wso2.carbon.core.security, + org.apache.axis2.context, + org.apache.commons.httpclient.params, + org.apache.commons.pool, + org.apache.commons.pool.impl, + org.apache.http.client, + org.apache.http.conn, + org.apache.http.impl.client - diff --git a/components/webapp-authenticator-framework/org.wso2.carbon.webapp.authenticator.framework/src/main/java/org/wso2/carbon/webapp/authenticator/framework/Utils/OAuthTokenValidationStubFactory.java b/components/webapp-authenticator-framework/org.wso2.carbon.webapp.authenticator.framework/src/main/java/org/wso2/carbon/webapp/authenticator/framework/Utils/OAuthTokenValidationStubFactory.java new file mode 100644 index 0000000000..85e22d4519 --- /dev/null +++ b/components/webapp-authenticator-framework/org.wso2.carbon.webapp.authenticator.framework/src/main/java/org/wso2/carbon/webapp/authenticator/framework/Utils/OAuthTokenValidationStubFactory.java @@ -0,0 +1,119 @@ +/* + * Copyright (c) 2015, WSO2 Inc. (http://www.wso2.org) All Rights Reserved. + * + * WSO2 Inc. licenses this file to you under the Apache License, + * Version 2.0 (the "License"); you may not use this file except + * in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, + * software distributed under the License is distributed on an + * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY + * KIND, either express or implied. See the License for the + * specific language governing permissions and limitations + * under the License. + * + */ +package org.wso2.carbon.webapp.authenticator.framework.Utils; + +import org.apache.axis2.AxisFault; +import org.apache.axis2.client.Options; +import org.apache.axis2.client.ServiceClient; +import org.apache.axis2.transport.http.HTTPConstants; +import org.apache.commons.codec.binary.Base64; +import org.apache.commons.httpclient.Header; +import org.apache.commons.httpclient.MultiThreadedHttpConnectionManager; +import org.apache.commons.logging.Log; +import org.apache.commons.logging.LogFactory; +import org.apache.commons.pool.PoolableObjectFactory; +import org.apache.http.client.HttpClient; +import org.apache.http.conn.ClientConnectionManager; +import org.apache.http.impl.client.DefaultHttpClient; +import org.wso2.carbon.identity.oauth2.stub.OAuth2TokenValidationServiceStub; +import org.wso2.carbon.webapp.authenticator.framework.authenticator.oauth.OAuthConstants; +import org.wso2.carbon.webapp.authenticator.framework.authenticator.oauth.OAuthTokenValidationException; + +import java.util.ArrayList; +import java.util.List; +import java.util.Properties; + +public class OAuthTokenValidationStubFactory implements PoolableObjectFactory { + + private String url; + private String basicAuthHeader; + private static final Log log = LogFactory.getLog(OAuthTokenValidationStubFactory.class); + + private HttpClient httpClient; + + public OAuthTokenValidationStubFactory(String url, String adminUsername, String adminPassword, + Properties properties) { + this.url = url; + this.basicAuthHeader = new String(Base64.encodeBase64((adminUsername + ":" + adminPassword).getBytes())); + + MultiThreadedHttpConnectionManager connectionManager = new MultiThreadedHttpConnectionManager(); + connectionManager.getParams().setDefaultMaxConnectionsPerHost( + Integer.parseInt(properties.getProperty("MaxConnectionsPerHost"))); + connectionManager.getParams().setMaxTotalConnections( + Integer.parseInt(properties.getProperty("MaxTotalConnections"))); + this.httpClient = new DefaultHttpClient((ClientConnectionManager) connectionManager); + } + + @Override + public Object makeObject() throws Exception { + return this.createStub(); + } + + @Override + public void destroyObject(Object o) throws Exception { + + } + + @Override + public boolean validateObject(Object o) { + return true; + } + + @Override + public void activateObject(Object o) throws Exception { + if (log.isDebugEnabled()) { + log.debug("OAuth token validate stub instance is activated"); + } + } + + @Override + public void passivateObject(Object o) throws Exception { + if (o instanceof OAuth2TokenValidationServiceStub) { + OAuth2TokenValidationServiceStub stub = (OAuth2TokenValidationServiceStub) o; + stub._getServiceClient().cleanupTransport(); + stub._getServiceClient().setOptions(null); + } + } + + private OAuth2TokenValidationServiceStub createStub() throws OAuthTokenValidationException { + OAuth2TokenValidationServiceStub stub; + try { + stub = new OAuth2TokenValidationServiceStub(url); + ServiceClient client = stub._getServiceClient(); + client.getServiceContext().getConfigurationContext().setProperty( + HTTPConstants.CACHED_HTTP_CLIENT, httpClient); + + List
headerList = new ArrayList<>(); + Header header = new Header(); + header.setName(HTTPConstants.HEADER_AUTHORIZATION); + header.setValue(OAuthConstants.AUTHORIZATION_HEADER_PREFIX_BASIC + " " + basicAuthHeader); + headerList.add(header); + + Options options = client.getOptions(); + options.setProperty(HTTPConstants.HTTP_HEADERS, headerList); + options.setProperty(HTTPConstants.REUSE_HTTP_CLIENT, "true"); + client.setOptions(options); + } catch (AxisFault axisFault) { + throw new OAuthTokenValidationException("Exception occurred while creating the " + + "OAuth2TokenValidationServiceStub.", axisFault); + } + return stub; + } + +} diff --git a/components/webapp-authenticator-framework/org.wso2.carbon.webapp.authenticator.framework/src/main/java/org/wso2/carbon/webapp/authenticator/framework/authenticator/BasicAuthAuthenticator.java b/components/webapp-authenticator-framework/org.wso2.carbon.webapp.authenticator.framework/src/main/java/org/wso2/carbon/webapp/authenticator/framework/authenticator/BasicAuthAuthenticator.java index 902c796b55..7b83a90923 100644 --- a/components/webapp-authenticator-framework/org.wso2.carbon.webapp.authenticator.framework/src/main/java/org/wso2/carbon/webapp/authenticator/framework/authenticator/BasicAuthAuthenticator.java +++ b/components/webapp-authenticator-framework/org.wso2.carbon.webapp.authenticator.framework/src/main/java/org/wso2/carbon/webapp/authenticator/framework/authenticator/BasicAuthAuthenticator.java @@ -27,6 +27,8 @@ import org.apache.tomcat.util.buf.MessageBytes; import org.wso2.carbon.webapp.authenticator.framework.Constants; import org.wso2.carbon.webapp.authenticator.framework.AuthenticationInfo; +import java.util.Properties; + public class BasicAuthAuthenticator implements WebappAuthenticator { private static final String BASIC_AUTH_AUTHENTICATOR = "BasicAuth"; @@ -55,6 +57,21 @@ public class BasicAuthAuthenticator implements WebappAuthenticator { return BasicAuthAuthenticator.BASIC_AUTH_AUTHENTICATOR; } + @Override + public String getProperty(String name) { + return null; + } + + @Override + public Properties getProperties() { + return null; + } + + @Override + public void setProperties(Properties properties) { + + } + private Credentials getCredentials(Request request) { Credentials credentials = null; MessageBytes authorization = diff --git a/components/webapp-authenticator-framework/org.wso2.carbon.webapp.authenticator.framework/src/main/java/org/wso2/carbon/webapp/authenticator/framework/authenticator/CertificateAuthenticator.java b/components/webapp-authenticator-framework/org.wso2.carbon.webapp.authenticator.framework/src/main/java/org/wso2/carbon/webapp/authenticator/framework/authenticator/CertificateAuthenticator.java index 2dd530c16f..cb59559ad5 100644 --- a/components/webapp-authenticator-framework/org.wso2.carbon.webapp.authenticator.framework/src/main/java/org/wso2/carbon/webapp/authenticator/framework/authenticator/CertificateAuthenticator.java +++ b/components/webapp-authenticator-framework/org.wso2.carbon.webapp.authenticator.framework/src/main/java/org/wso2/carbon/webapp/authenticator/framework/authenticator/CertificateAuthenticator.java @@ -15,6 +15,7 @@ import org.wso2.carbon.webapp.authenticator.framework.AuthenticatorFrameworkData import org.wso2.carbon.webapp.authenticator.framework.AuthenticationInfo; import java.security.cert.X509Certificate; +import java.util.Properties; /** * This authenticator authenticates HTTP requests using certificates. @@ -93,4 +94,20 @@ public class CertificateAuthenticator implements WebappAuthenticator { public String getName() { return CERTIFICATE_AUTHENTICATOR; } + + @Override + public String getProperty(String name) { + return null; + } + + @Override + public Properties getProperties() { + return null; + } + + @Override + public void setProperties(Properties properties) { + + } + } diff --git a/components/webapp-authenticator-framework/org.wso2.carbon.webapp.authenticator.framework/src/main/java/org/wso2/carbon/webapp/authenticator/framework/authenticator/JWTAuthenticator.java b/components/webapp-authenticator-framework/org.wso2.carbon.webapp.authenticator.framework/src/main/java/org/wso2/carbon/webapp/authenticator/framework/authenticator/JWTAuthenticator.java index 6e8439368a..a174fb09cb 100644 --- a/components/webapp-authenticator-framework/org.wso2.carbon.webapp.authenticator.framework/src/main/java/org/wso2/carbon/webapp/authenticator/framework/authenticator/JWTAuthenticator.java +++ b/components/webapp-authenticator-framework/org.wso2.carbon.webapp.authenticator.framework/src/main/java/org/wso2/carbon/webapp/authenticator/framework/authenticator/JWTAuthenticator.java @@ -39,6 +39,7 @@ import org.wso2.carbon.webapp.authenticator.framework.AuthenticatorFrameworkData import java.security.interfaces.RSAPublicKey; import java.text.ParseException; +import java.util.Properties; import java.util.StringTokenizer; /** @@ -141,4 +142,20 @@ public class JWTAuthenticator implements WebappAuthenticator { public String getName() { return JWTAuthenticator.JWT_AUTHENTICATOR; } + + @Override + public String getProperty(String name) { + return null; + } + + @Override + public Properties getProperties() { + return null; + } + + @Override + public void setProperties(Properties properties) { + + } + } diff --git a/components/webapp-authenticator-framework/org.wso2.carbon.webapp.authenticator.framework/src/main/java/org/wso2/carbon/webapp/authenticator/framework/authenticator/OAuthAuthenticator.java b/components/webapp-authenticator-framework/org.wso2.carbon.webapp.authenticator.framework/src/main/java/org/wso2/carbon/webapp/authenticator/framework/authenticator/OAuthAuthenticator.java index c82a57646b..095d70e578 100644 --- a/components/webapp-authenticator-framework/org.wso2.carbon.webapp.authenticator.framework/src/main/java/org/wso2/carbon/webapp/authenticator/framework/authenticator/OAuthAuthenticator.java +++ b/components/webapp-authenticator-framework/org.wso2.carbon.webapp.authenticator.framework/src/main/java/org/wso2/carbon/webapp/authenticator/framework/authenticator/OAuthAuthenticator.java @@ -24,16 +24,17 @@ import org.apache.commons.logging.Log; import org.apache.commons.logging.LogFactory; import org.apache.tomcat.util.buf.ByteChunk; import org.apache.tomcat.util.buf.MessageBytes; -import org.wso2.carbon.identity.oauth2.dto.OAuth2TokenValidationRequestDTO; -import org.wso2.carbon.identity.oauth2.dto.OAuth2TokenValidationResponseDTO; -import org.wso2.carbon.utils.multitenancy.MultitenantUtils; -import org.wso2.carbon.webapp.authenticator.framework.*; +import org.wso2.carbon.webapp.authenticator.framework.AuthenticationException; +import org.wso2.carbon.webapp.authenticator.framework.AuthenticationFrameworkUtil; +import org.wso2.carbon.webapp.authenticator.framework.AuthenticationInfo; +import org.wso2.carbon.webapp.authenticator.framework.Constants; import org.wso2.carbon.webapp.authenticator.framework.Utils.Utils; import org.wso2.carbon.webapp.authenticator.framework.authenticator.oauth.OAuth2TokenValidator; import org.wso2.carbon.webapp.authenticator.framework.authenticator.oauth.OAuthTokenValidationException; import org.wso2.carbon.webapp.authenticator.framework.authenticator.oauth.OAuthValidationResponse; import org.wso2.carbon.webapp.authenticator.framework.authenticator.oauth.OAuthValidatorFactory; +import java.util.Properties; import java.util.StringTokenizer; import java.util.regex.Matcher; import java.util.regex.Pattern; @@ -46,9 +47,23 @@ public class OAuthAuthenticator implements WebappAuthenticator { private static final String BEARER_TOKEN_TYPE = "bearer"; private static final String RESOURCE_KEY = "resource"; + private Properties properties; + private OAuth2TokenValidator tokenValidator; private static final Log log = LogFactory.getLog(OAuthAuthenticator.class); + public OAuthAuthenticator() { + String url = properties.getProperty("TokenValidationEndpointUrl"); + String adminUsername = properties.getProperty("Username"); + String adminPassword = properties.getProperty("Password"); + boolean isRemote = Boolean.parseBoolean(properties.getProperty("IsRemote")); + + Properties validatorProperties = new Properties(); + validatorProperties.setProperty("MaxTotalConnections", properties.getProperty("MaxTotalConnections")); + validatorProperties.setProperty("MaxConnectionsPerHost", properties.getProperty("MaxTotalConnectionsPerHost")); + this.tokenValidator = OAuthValidatorFactory.getNewValidator(url, adminUsername, adminPassword, isRemote, validatorProperties); + } + @Override public boolean canHandle(Request request) { MessageBytes authorization = @@ -93,9 +108,8 @@ public class OAuthAuthenticator implements WebappAuthenticator { String bearerToken = this.getBearerToken(request); //Set the resource context param. This will be used in scope validation. String resource = requestUri + ":" + requestMethod; - //Get the appropriate OAuth validator from OAuthValidatorFactory. - OAuth2TokenValidator oAuth2TokenValidator = OAuthValidatorFactory.getValidator(); - OAuthValidationResponse oAuthValidationResponse = oAuth2TokenValidator.validateToken(bearerToken, resource); + + OAuthValidationResponse oAuthValidationResponse = tokenValidator.validateToken(bearerToken, resource); if (oAuthValidationResponse.isValid()) { String username = oAuthValidationResponse.getUserName(); @@ -127,6 +141,24 @@ public class OAuthAuthenticator implements WebappAuthenticator { return OAuthAuthenticator.OAUTH_AUTHENTICATOR; } + @Override + public String getProperty(String name) { + if (properties == null) { + return null; + } + return properties.getProperty(name); + } + + @Override + public Properties getProperties() { + return properties; + } + + @Override + public void setProperties(Properties properties) { + this.properties = properties; + } + private String getBearerToken(Request request) { MessageBytes authorization = request.getCoyoteRequest().getMimeHeaders(). diff --git a/components/webapp-authenticator-framework/org.wso2.carbon.webapp.authenticator.framework/src/main/java/org/wso2/carbon/webapp/authenticator/framework/authenticator/WebappAuthenticator.java b/components/webapp-authenticator-framework/org.wso2.carbon.webapp.authenticator.framework/src/main/java/org/wso2/carbon/webapp/authenticator/framework/authenticator/WebappAuthenticator.java index d3493e329d..7817ba10d3 100644 --- a/components/webapp-authenticator-framework/org.wso2.carbon.webapp.authenticator.framework/src/main/java/org/wso2/carbon/webapp/authenticator/framework/authenticator/WebappAuthenticator.java +++ b/components/webapp-authenticator-framework/org.wso2.carbon.webapp.authenticator.framework/src/main/java/org/wso2/carbon/webapp/authenticator/framework/authenticator/WebappAuthenticator.java @@ -22,6 +22,8 @@ import org.apache.catalina.connector.Request; import org.apache.catalina.connector.Response; import org.wso2.carbon.webapp.authenticator.framework.AuthenticationInfo; +import java.util.Properties; + public interface WebappAuthenticator { enum Status { @@ -34,4 +36,10 @@ public interface WebappAuthenticator { String getName(); + String getProperty(String name); + + Properties getProperties(); + + void setProperties(Properties properties); + } diff --git a/components/webapp-authenticator-framework/org.wso2.carbon.webapp.authenticator.framework/src/main/java/org/wso2/carbon/webapp/authenticator/framework/authenticator/oauth/OAuth2TokenValidator.java b/components/webapp-authenticator-framework/org.wso2.carbon.webapp.authenticator.framework/src/main/java/org/wso2/carbon/webapp/authenticator/framework/authenticator/oauth/OAuth2TokenValidator.java index 50ef34081c..760058dbe3 100755 --- a/components/webapp-authenticator-framework/org.wso2.carbon.webapp.authenticator.framework/src/main/java/org/wso2/carbon/webapp/authenticator/framework/authenticator/oauth/OAuth2TokenValidator.java +++ b/components/webapp-authenticator-framework/org.wso2.carbon.webapp.authenticator.framework/src/main/java/org/wso2/carbon/webapp/authenticator/framework/authenticator/oauth/OAuth2TokenValidator.java @@ -31,4 +31,5 @@ public interface OAuth2TokenValidator { * @return OAuthValidationResponse with the validated results. */ OAuthValidationResponse validateToken(String accessToken, String resource) throws OAuthTokenValidationException; + } diff --git a/components/webapp-authenticator-framework/org.wso2.carbon.webapp.authenticator.framework/src/main/java/org/wso2/carbon/webapp/authenticator/framework/authenticator/oauth/OAuthValidatorFactory.java b/components/webapp-authenticator-framework/org.wso2.carbon.webapp.authenticator.framework/src/main/java/org/wso2/carbon/webapp/authenticator/framework/authenticator/oauth/OAuthValidatorFactory.java index 44fefdf9bc..7bc293bbb3 100755 --- a/components/webapp-authenticator-framework/org.wso2.carbon.webapp.authenticator.framework/src/main/java/org/wso2/carbon/webapp/authenticator/framework/authenticator/oauth/OAuthValidatorFactory.java +++ b/components/webapp-authenticator-framework/org.wso2.carbon.webapp.authenticator.framework/src/main/java/org/wso2/carbon/webapp/authenticator/framework/authenticator/oauth/OAuthValidatorFactory.java @@ -21,6 +21,8 @@ import org.wso2.carbon.core.security.AuthenticatorsConfiguration; import org.wso2.carbon.webapp.authenticator.framework.authenticator.oauth.impl.RemoteOAuthValidator; import org.wso2.carbon.webapp.authenticator.framework.authenticator.oauth.impl.LocalOAuthValidator; +import java.util.Properties; + /** * The class validate the configurations and provide the most suitable implementation according to the configuration. * Factory class for OAuthValidator. @@ -32,18 +34,19 @@ public class OAuthValidatorFactory { private static final String AUTHENTICATOR_CONFIG_ADMIN_USERNAME = "adminUsername"; private static final String AUTHENTICATOR_CONFIG_ADMIN_PASSWORD = "adminPassword"; private static final String AUTHENTICATOR_CONFIG_OAUTH_AUTHENTICATOR_NAME = "OAuthAuthenticator"; - private static String OAUTH_ENDPOINT_POSTFIX = + private static final String OAUTH_ENDPOINT_POSTFIX = "/services/OAuth2TokenValidationService.OAuth2TokenValidationServiceHttpsSoap12Endpoint/"; /** * This factory method checks the authenticators.xml configuration file and provides an appropriate implementation * of OAuth2TokenValidator. + * * @return OAuth2TokenValidator */ public static OAuth2TokenValidator getValidator() throws IllegalArgumentException { AuthenticatorsConfiguration authenticatorsConfiguration = AuthenticatorsConfiguration.getInstance(); AuthenticatorsConfiguration.AuthenticatorConfig authenticatorConfig = authenticatorsConfiguration. - getAuthenticatorConfig(AUTHENTICATOR_CONFIG_OAUTH_AUTHENTICATOR_NAME); + getAuthenticatorConfig(AUTHENTICATOR_CONFIG_OAUTH_AUTHENTICATOR_NAME); boolean isRemote; String hostUrl; String adminUserName; @@ -54,18 +57,34 @@ public class OAuthValidatorFactory { hostUrl = authenticatorConfig.getParameters().get(AUTHENTICATOR_CONFIG_HOST_URL); adminUserName = authenticatorConfig.getParameters().get(AUTHENTICATOR_CONFIG_ADMIN_USERNAME); adminPassword = authenticatorConfig.getParameters().get(AUTHENTICATOR_CONFIG_ADMIN_PASSWORD); - }else{ + } else { throw new IllegalArgumentException("OAuth Authenticator configuration parameters need to be defined in " + - "Authenticators.xml."); + "Authenticators.xml."); } if (isRemote) { if (!(hostUrl == null || hostUrl.trim().isEmpty())) { hostUrl = hostUrl + OAUTH_ENDPOINT_POSTFIX; - return new RemoteOAuthValidator(hostUrl, adminUserName, adminPassword); + return new RemoteOAuthValidator(hostUrl, adminUserName, adminPassword, null); } else { throw new IllegalArgumentException("Remote server host can't be empty in authenticators.xml."); } } return new LocalOAuthValidator(); } + + public static OAuth2TokenValidator getNewValidator( + String url, String adminUsername, String adminPassword, boolean isRemote, + Properties properties) throws IllegalArgumentException { + if (isRemote) { + if (!(url == null || url.trim().isEmpty())) { + url = url + OAUTH_ENDPOINT_POSTFIX; + return new RemoteOAuthValidator(url, adminUsername, adminPassword, properties); + } else { + throw new IllegalArgumentException("Remote server host can't be empty in OAuthAuthenticator " + + "configuration."); + } + } + return new LocalOAuthValidator(); + } + } diff --git a/components/webapp-authenticator-framework/org.wso2.carbon.webapp.authenticator.framework/src/main/java/org/wso2/carbon/webapp/authenticator/framework/authenticator/oauth/impl/RemoteOAuthValidator.java b/components/webapp-authenticator-framework/org.wso2.carbon.webapp.authenticator.framework/src/main/java/org/wso2/carbon/webapp/authenticator/framework/authenticator/oauth/impl/RemoteOAuthValidator.java index 1a6142f390..58eb3a0611 100755 --- a/components/webapp-authenticator-framework/org.wso2.carbon.webapp.authenticator.framework/src/main/java/org/wso2/carbon/webapp/authenticator/framework/authenticator/oauth/impl/RemoteOAuthValidator.java +++ b/components/webapp-authenticator-framework/org.wso2.carbon.webapp.authenticator.framework/src/main/java/org/wso2/carbon/webapp/authenticator/framework/authenticator/oauth/impl/RemoteOAuthValidator.java @@ -23,12 +23,17 @@ import org.apache.axis2.client.ServiceClient; import org.apache.axis2.transport.http.HTTPConstants; import org.apache.commons.codec.binary.Base64; import org.apache.commons.httpclient.Header; +import org.apache.commons.logging.Log; +import org.apache.commons.logging.LogFactory; +import org.apache.commons.pool.ObjectPool; +import org.apache.commons.pool.impl.GenericObjectPool; import org.wso2.carbon.identity.oauth2.stub.OAuth2TokenValidationServiceStub; import org.wso2.carbon.identity.oauth2.stub.dto.OAuth2TokenValidationRequestDTO; import org.wso2.carbon.identity.oauth2.stub.dto.OAuth2TokenValidationRequestDTO_OAuth2AccessToken; import org.wso2.carbon.identity.oauth2.stub.dto.OAuth2TokenValidationRequestDTO_TokenValidationContextParam; import org.wso2.carbon.identity.oauth2.stub.dto.OAuth2TokenValidationResponseDTO; import org.wso2.carbon.utils.multitenancy.MultitenantUtils; +import org.wso2.carbon.webapp.authenticator.framework.Utils.OAuthTokenValidationStubFactory; import org.wso2.carbon.webapp.authenticator.framework.authenticator.oauth.OAuth2TokenValidator; import org.wso2.carbon.webapp.authenticator.framework.authenticator.oauth.OAuthConstants; import org.wso2.carbon.webapp.authenticator.framework.authenticator.oauth.OAuthTokenValidationException; @@ -37,30 +42,25 @@ import org.wso2.carbon.webapp.authenticator.framework.authenticator.oauth.OAuthV import java.rmi.RemoteException; import java.util.ArrayList; import java.util.List; +import java.util.Properties; /** * Handles the OAuth2 token validation from remote IS servers using remote OAuthValidation service-stub. */ public class RemoteOAuthValidator implements OAuth2TokenValidator { - private String hostURL; - private String adminUserName; - private String adminPassword; + private GenericObjectPool stubs; - public RemoteOAuthValidator(String hostURL, String adminUserName, String adminPassword) { - this.hostURL = hostURL; - this.adminUserName = adminUserName; - this.adminPassword = adminPassword; - } + private static final Log log = LogFactory.getLog(RemoteOAuthValidator.class); - private String getBasicAuthCredentials() { - byte[] bytesEncoded = Base64.encodeBase64((adminUserName + ":" + adminPassword).getBytes()); - return new String(bytesEncoded); + public RemoteOAuthValidator(String hostURL, String adminUserName, String adminPassword, Properties properties) { + this.stubs = new GenericObjectPool( + new OAuthTokenValidationStubFactory(hostURL, adminUserName, adminPassword, properties)); } @Override public OAuthValidationResponse validateToken(String accessToken, String resource) throws - OAuthTokenValidationException { + OAuthTokenValidationException { OAuth2TokenValidationRequestDTO validationRequest = new OAuth2TokenValidationRequestDTO(); OAuth2TokenValidationRequestDTO_OAuth2AccessToken oauthToken = new OAuth2TokenValidationRequestDTO_OAuth2AccessToken(); @@ -79,29 +79,25 @@ public class RemoteOAuthValidator implements OAuth2TokenValidator { tokenValidationContextParams[0] = resourceContextParam; validationRequest.setContext(tokenValidationContextParams); - OAuth2TokenValidationServiceStub tokenValidationService; - try { - tokenValidationService = new OAuth2TokenValidationServiceStub(hostURL); - } catch (AxisFault axisFault) { - throw new OAuthTokenValidationException("Exception occurred while obtaining the " + - "OAuth2TokenValidationServiceStub.", axisFault); - } - ServiceClient client = tokenValidationService._getServiceClient(); - Options options = client.getOptions(); - List
headerList = new ArrayList<>(); - Header header = new Header(); - header.setName(HTTPConstants.HEADER_AUTHORIZATION); - header.setValue(OAuthConstants.AUTHORIZATION_HEADER_PREFIX_BASIC + " " + getBasicAuthCredentials()); - headerList.add(header); - options.setProperty(HTTPConstants.HTTP_HEADERS, headerList); - client.setOptions(options); OAuth2TokenValidationResponseDTO tokenValidationResponse; + OAuth2TokenValidationServiceStub stub = null; try { - tokenValidationResponse = tokenValidationService. - findOAuthConsumerIfTokenIsValid(validationRequest).getAccessTokenValidationResponse(); + stub = (OAuth2TokenValidationServiceStub) stubs.borrowObject(); + tokenValidationResponse = stub. + findOAuthConsumerIfTokenIsValid(validationRequest).getAccessTokenValidationResponse(); } catch (RemoteException e) { - throw new OAuthTokenValidationException("Remote Exception occurred while invoking the Remote IS server for " + - "OAuth2 token validation.", e); + throw new OAuthTokenValidationException("Remote Exception occurred while invoking the Remote " + + "IS server for OAuth2 token validation.", e); + } catch (Exception e) { + throw new OAuthTokenValidationException("Error occurred while borrowing an oauth token validation " + + "service stub from the pool", e); + } finally { + try { + stubs.returnObject(stub); + } catch (Exception e) { + log.warn("Error occurred while returning the object back to the oauth token validation service " + + " stub pool", e); + } } boolean isValid = tokenValidationResponse.getValid(); String userName; @@ -115,6 +111,7 @@ public class RemoteOAuthValidator implements OAuth2TokenValidator { oAuthValidationResponse.setErrorMsg(tokenValidationResponse.getErrorMsg()); return oAuthValidationResponse; } - return new OAuthValidationResponse(userName,tenantDomain,isValid); + return new OAuthValidationResponse(userName, tenantDomain, isValid); } + } diff --git a/components/webapp-authenticator-framework/org.wso2.carbon.webapp.authenticator.framework/src/main/java/org/wso2/carbon/webapp/authenticator/framework/config/AuthenticatorConfig.java b/components/webapp-authenticator-framework/org.wso2.carbon.webapp.authenticator.framework/src/main/java/org/wso2/carbon/webapp/authenticator/framework/config/AuthenticatorConfig.java index 6db4b46b03..d1669bed88 100644 --- a/components/webapp-authenticator-framework/org.wso2.carbon.webapp.authenticator.framework/src/main/java/org/wso2/carbon/webapp/authenticator/framework/config/AuthenticatorConfig.java +++ b/components/webapp-authenticator-framework/org.wso2.carbon.webapp.authenticator.framework/src/main/java/org/wso2/carbon/webapp/authenticator/framework/config/AuthenticatorConfig.java @@ -18,14 +18,18 @@ */ package org.wso2.carbon.webapp.authenticator.framework.config; +import javax.xml.bind.annotation.XmlAttribute; import javax.xml.bind.annotation.XmlElement; +import javax.xml.bind.annotation.XmlElementWrapper; import javax.xml.bind.annotation.XmlRootElement; +import java.util.List; @XmlRootElement(name = "Authenticator") public class AuthenticatorConfig { private String name; private String className; + private List params; @XmlElement(name = "Name", required = true) public String getName() { @@ -45,4 +49,35 @@ public class AuthenticatorConfig { this.className = className; } + @XmlElementWrapper(name = "Parameters", nillable = true) + @XmlElement(name = "Parameter", nillable = false) + public List getParams() { + return params; + } + + @XmlRootElement(name = "Parameter") + public static class Parameter { + private String name; + private String value; + + @XmlAttribute(name = "Name") + public String getName() { + return name; + } + + public void setName(String name) { + this.name = name; + } + + @XmlElement(name = "Value") + public String getValue() { + return value; + } + + public void setValue(String value) { + this.value = value; + } + + } + } diff --git a/components/webapp-authenticator-framework/org.wso2.carbon.webapp.authenticator.framework/src/main/java/org/wso2/carbon/webapp/authenticator/framework/internal/WebappAuthenticatorFrameworkServiceComponent.java b/components/webapp-authenticator-framework/org.wso2.carbon.webapp.authenticator.framework/src/main/java/org/wso2/carbon/webapp/authenticator/framework/internal/WebappAuthenticatorFrameworkServiceComponent.java index 1fcb7a58c8..eef67ebaf7 100644 --- a/components/webapp-authenticator-framework/org.wso2.carbon.webapp.authenticator.framework/src/main/java/org/wso2/carbon/webapp/authenticator/framework/internal/WebappAuthenticatorFrameworkServiceComponent.java +++ b/components/webapp-authenticator-framework/org.wso2.carbon.webapp.authenticator.framework/src/main/java/org/wso2/carbon/webapp/authenticator/framework/internal/WebappAuthenticatorFrameworkServiceComponent.java @@ -36,6 +36,7 @@ import org.wso2.carbon.webapp.authenticator.framework.config.WebappAuthenticator import java.util.ArrayList; import java.util.List; +import java.util.Properties; /** * @scr.component name="org.wso2.carbon.webapp.authenticator" immediate="true" @@ -79,6 +80,13 @@ public class WebappAuthenticatorFrameworkServiceComponent { for (AuthenticatorConfig config : WebappAuthenticatorConfig.getInstance().getAuthenticators()) { WebappAuthenticator authenticator = (WebappAuthenticator) Class.forName(config.getClassName()). newInstance(); + if (config.getParams() != null || !config.getParams().isEmpty()) { + Properties properties = new Properties(); + for (AuthenticatorConfig.Parameter param : config.getParams()) { + properties.setProperty(param.getName(), param.getValue()); + } + authenticator.setProperties(properties); + } repository.addAuthenticator(authenticator); } AuthenticatorFrameworkDataHolder.getInstance().setWebappAuthenticatorRepository(repository); diff --git a/pom.xml b/pom.xml index 15c69fe23d..238e9a596d 100644 --- a/pom.xml +++ b/pom.xml @@ -1263,6 +1263,12 @@ neethi ${neethi.version} + + + commons-pool.wso2 + commons-pool + ${commons.pool.wso2.version} + @@ -1554,8 +1560,10 @@ 2.0.4 2.0.4.wso2v4 - - github-scm + + github-scm + + 1.5.6.wso2v1