From e1c9f1c6025622d649536f23bbe40124a180843f Mon Sep 17 00:00:00 2001 From: harshanl Date: Wed, 21 Oct 2015 12:55:44 +0530 Subject: [PATCH 1/4] Added url param support to permission tree. --- .../extensions/validators/PermissionBasedScopeValidator.java | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/components/identity-extensions/org.wso2.carbon.device.mgt.oauth.extensions/src/main/java/org/wso2/carbon/device/mgt/oauth/extensions/validators/PermissionBasedScopeValidator.java b/components/identity-extensions/org.wso2.carbon.device.mgt.oauth.extensions/src/main/java/org/wso2/carbon/device/mgt/oauth/extensions/validators/PermissionBasedScopeValidator.java index 67b944dc16..71138525c9 100644 --- a/components/identity-extensions/org.wso2.carbon.device.mgt.oauth.extensions/src/main/java/org/wso2/carbon/device/mgt/oauth/extensions/validators/PermissionBasedScopeValidator.java +++ b/components/identity-extensions/org.wso2.carbon.device.mgt.oauth.extensions/src/main/java/org/wso2/carbon/device/mgt/oauth/extensions/validators/PermissionBasedScopeValidator.java @@ -65,7 +65,8 @@ public class PermissionBasedScopeValidator extends OAuth2ScopeValidator { int idx = resource.lastIndexOf(':'); String url = resource.substring(0, idx); String method = resource.substring(++idx, resource.length()); - + //This is to remove the url params + url = url.substring(0, url.indexOf('?')); Properties properties = new Properties(); properties.put(PermissionBasedScopeValidator.URL_PROPERTY, url); properties.put(PermissionBasedScopeValidator.HTTP_METHOD_PROPERTY, method); From 52fab37c61232afb1f0104d824b1645b39191ace Mon Sep 17 00:00:00 2001 From: harshanl Date: Wed, 21 Oct 2015 15:43:26 +0530 Subject: [PATCH 2/4] Fixed issue in permission validator --- .../validators/PermissionBasedScopeValidator.java | 6 +++++- 1 file changed, 5 insertions(+), 1 deletion(-) diff --git a/components/identity-extensions/org.wso2.carbon.device.mgt.oauth.extensions/src/main/java/org/wso2/carbon/device/mgt/oauth/extensions/validators/PermissionBasedScopeValidator.java b/components/identity-extensions/org.wso2.carbon.device.mgt.oauth.extensions/src/main/java/org/wso2/carbon/device/mgt/oauth/extensions/validators/PermissionBasedScopeValidator.java index 71138525c9..f419362f2e 100644 --- a/components/identity-extensions/org.wso2.carbon.device.mgt.oauth.extensions/src/main/java/org/wso2/carbon/device/mgt/oauth/extensions/validators/PermissionBasedScopeValidator.java +++ b/components/identity-extensions/org.wso2.carbon.device.mgt.oauth.extensions/src/main/java/org/wso2/carbon/device/mgt/oauth/extensions/validators/PermissionBasedScopeValidator.java @@ -66,7 +66,11 @@ public class PermissionBasedScopeValidator extends OAuth2ScopeValidator { String url = resource.substring(0, idx); String method = resource.substring(++idx, resource.length()); //This is to remove the url params - url = url.substring(0, url.indexOf('?')); + int urlParamIndex = url.indexOf('?'); + if(urlParamIndex > 0) { + url = url.substring(0, urlParamIndex); + } + Properties properties = new Properties(); properties.put(PermissionBasedScopeValidator.URL_PROPERTY, url); properties.put(PermissionBasedScopeValidator.HTTP_METHOD_PROPERTY, method); From b3e0f804b078a29a33cf690551fc269bdba88e23 Mon Sep 17 00:00:00 2001 From: harshanl Date: Wed, 21 Oct 2015 17:19:49 +0530 Subject: [PATCH 3/4] Added comments. --- .../extensions/validators/PermissionBasedScopeValidator.java | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/components/identity-extensions/org.wso2.carbon.device.mgt.oauth.extensions/src/main/java/org/wso2/carbon/device/mgt/oauth/extensions/validators/PermissionBasedScopeValidator.java b/components/identity-extensions/org.wso2.carbon.device.mgt.oauth.extensions/src/main/java/org/wso2/carbon/device/mgt/oauth/extensions/validators/PermissionBasedScopeValidator.java index f419362f2e..e8e27b1263 100644 --- a/components/identity-extensions/org.wso2.carbon.device.mgt.oauth.extensions/src/main/java/org/wso2/carbon/device/mgt/oauth/extensions/validators/PermissionBasedScopeValidator.java +++ b/components/identity-extensions/org.wso2.carbon.device.mgt.oauth.extensions/src/main/java/org/wso2/carbon/device/mgt/oauth/extensions/validators/PermissionBasedScopeValidator.java @@ -65,7 +65,7 @@ public class PermissionBasedScopeValidator extends OAuth2ScopeValidator { int idx = resource.lastIndexOf(':'); String url = resource.substring(0, idx); String method = resource.substring(++idx, resource.length()); - //This is to remove the url params + //This is to remove the url params for request path. int urlParamIndex = url.indexOf('?'); if(urlParamIndex > 0) { url = url.substring(0, urlParamIndex); From 168a01137615cdc970780cd27aa7fd4052e9524f Mon Sep 17 00:00:00 2001 From: geethkokila Date: Thu, 22 Oct 2015 16:27:40 +0530 Subject: [PATCH 4/4] Fixing the issue of identity snapshot change --- .../AuthenticationFrameworkUtil.java | 17 +++---- .../authenticator/framework/Utils/Utils.java | 50 +++++++++++++++++++ .../authenticator/OAuthAuthenticator.java | 18 ++++--- pom.xml | 2 +- 4 files changed, 68 insertions(+), 19 deletions(-) create mode 100644 components/webapp-authenticator-framework/org.wso2.carbon.webapp.authenticator.framework/src/main/java/org/wso2/carbon/webapp/authenticator/framework/Utils/Utils.java diff --git a/components/webapp-authenticator-framework/org.wso2.carbon.webapp.authenticator.framework/src/main/java/org/wso2/carbon/webapp/authenticator/framework/AuthenticationFrameworkUtil.java b/components/webapp-authenticator-framework/org.wso2.carbon.webapp.authenticator.framework/src/main/java/org/wso2/carbon/webapp/authenticator/framework/AuthenticationFrameworkUtil.java index 6ca33feb7a..72fe8c958d 100644 --- a/components/webapp-authenticator-framework/org.wso2.carbon.webapp.authenticator.framework/src/main/java/org/wso2/carbon/webapp/authenticator/framework/AuthenticationFrameworkUtil.java +++ b/components/webapp-authenticator-framework/org.wso2.carbon.webapp.authenticator.framework/src/main/java/org/wso2/carbon/webapp/authenticator/framework/AuthenticationFrameworkUtil.java @@ -27,9 +27,7 @@ import org.wso2.carbon.apimgt.core.authenticate.APITokenValidator; import org.wso2.carbon.apimgt.impl.APIConstants; import org.wso2.carbon.apimgt.impl.dto.APIKeyValidationInfoDTO; import org.wso2.carbon.context.PrivilegedCarbonContext; -import org.wso2.carbon.identity.base.IdentityException; -import org.wso2.carbon.identity.core.util.IdentityUtil; -import org.wso2.carbon.identity.oauth2.dto.OAuth2TokenValidationRequestDTO; +import org.wso2.carbon.webapp.authenticator.framework.Utils.Utils; import javax.servlet.http.HttpServletResponse; import javax.xml.parsers.DocumentBuilder; @@ -61,13 +59,12 @@ public class AuthenticationFrameworkUtil { if (apiKeyValidationDTO.isAuthorized()) { String username = apiKeyValidationDTO.getEndUserName(); PrivilegedCarbonContext.getThreadLocalCarbonContext().setUsername(username); - try { - PrivilegedCarbonContext.getThreadLocalCarbonContext().setTenantId(IdentityUtil. - getTenantIdOFUser(username)); - } catch (IdentityException e) { - throw new AuthenticationException("Error occurred while retrieving the tenant ID of user '" + - username + "'", e); - } +// try { + PrivilegedCarbonContext.getThreadLocalCarbonContext().setTenantId(Utils.getTenantIdOFUser(username)); +// } catch (IdentityException e) { +// throw new AuthenticationException("Error occurred while retrieving the tenant ID of user '" + +// username + "'", e); +// } return true; } else { throw new AuthenticationException(apiKeyValidationDTO.getValidationStatus(), diff --git a/components/webapp-authenticator-framework/org.wso2.carbon.webapp.authenticator.framework/src/main/java/org/wso2/carbon/webapp/authenticator/framework/Utils/Utils.java b/components/webapp-authenticator-framework/org.wso2.carbon.webapp.authenticator.framework/src/main/java/org/wso2/carbon/webapp/authenticator/framework/Utils/Utils.java new file mode 100644 index 0000000000..92dcaee3aa --- /dev/null +++ b/components/webapp-authenticator-framework/org.wso2.carbon.webapp.authenticator.framework/src/main/java/org/wso2/carbon/webapp/authenticator/framework/Utils/Utils.java @@ -0,0 +1,50 @@ +/* + * Copyright (c) 2015, WSO2 Inc. (http://www.wso2.org) All Rights Reserved. + * + * WSO2 Inc. licenses this file to you under the Apache License, + * Version 2.0 (the "License"); you may not use this file except + * in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, + * software distributed under the License is distributed on an + * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY + * KIND, either express or implied. See the License for the + * specific language governing permissions and limitations + * under the License. + */ + + +package org.wso2.carbon.webapp.authenticator.framework.Utils; + +import org.apache.commons.logging.Log; +import org.apache.commons.logging.LogFactory; +import org.wso2.carbon.identity.core.util.IdentityTenantUtil; +import org.wso2.carbon.user.api.TenantManager; +import org.wso2.carbon.user.api.UserStoreException; +import org.wso2.carbon.utils.multitenancy.MultitenantUtils; +import org.wso2.carbon.webapp.authenticator.framework.AuthenticationException; + +public class Utils { + + private static final Log log = LogFactory.getLog(Utils.class); + + public static int getTenantIdOFUser(String username) throws AuthenticationException { + int tenantId = 0; + String domainName = MultitenantUtils.getTenantDomain(username); + if (domainName != null) { + try { + TenantManager tenantManager = IdentityTenantUtil.getRealmService().getTenantManager(); + tenantId = tenantManager.getTenantId(domainName); + } catch (UserStoreException e) { + String errorMsg = "Error when getting the tenant id from the tenant domain : " + + domainName; + log.error(errorMsg, e); + throw new AuthenticationException(errorMsg, e); + } + } + return tenantId; + } +} diff --git a/components/webapp-authenticator-framework/org.wso2.carbon.webapp.authenticator.framework/src/main/java/org/wso2/carbon/webapp/authenticator/framework/authenticator/OAuthAuthenticator.java b/components/webapp-authenticator-framework/org.wso2.carbon.webapp.authenticator.framework/src/main/java/org/wso2/carbon/webapp/authenticator/framework/authenticator/OAuthAuthenticator.java index 1119f3ac60..da7734a046 100644 --- a/components/webapp-authenticator-framework/org.wso2.carbon.webapp.authenticator.framework/src/main/java/org/wso2/carbon/webapp/authenticator/framework/authenticator/OAuthAuthenticator.java +++ b/components/webapp-authenticator-framework/org.wso2.carbon.webapp.authenticator.framework/src/main/java/org/wso2/carbon/webapp/authenticator/framework/authenticator/OAuthAuthenticator.java @@ -25,12 +25,11 @@ import org.apache.commons.logging.LogFactory; import org.apache.tomcat.util.buf.ByteChunk; import org.apache.tomcat.util.buf.MessageBytes; import org.wso2.carbon.apimgt.core.gateway.APITokenAuthenticator; -import org.wso2.carbon.identity.base.IdentityException; -import org.wso2.carbon.identity.core.util.IdentityUtil; import org.wso2.carbon.identity.oauth2.dto.OAuth2TokenValidationRequestDTO; import org.wso2.carbon.identity.oauth2.dto.OAuth2TokenValidationResponseDTO; import org.wso2.carbon.utils.multitenancy.MultitenantUtils; import org.wso2.carbon.webapp.authenticator.framework.*; +import org.wso2.carbon.webapp.authenticator.framework.Utils.Utils; import java.util.StringTokenizer; import java.util.regex.Matcher; @@ -111,14 +110,14 @@ public class OAuthAuthenticator implements WebappAuthenticator { AuthenticatorFrameworkDataHolder.getInstance().getoAuth2TokenValidationService().validate(dto); if (oAuth2TokenValidationResponseDTO.isValid()) { String username = oAuth2TokenValidationResponseDTO.getAuthorizedUser(); - try { + // try { authenticationInfo.setUsername(username); authenticationInfo.setTenantDomain(MultitenantUtils.getTenantDomain(username)); - authenticationInfo.setTenantId(IdentityUtil.getTenantIdOFUser(username)); - } catch (IdentityException e) { - throw new AuthenticationException( - "Error occurred while retrieving the tenant ID of user '" + username + "'", e); - } + authenticationInfo.setTenantId(Utils.getTenantIdOFUser(username)); +// } catch (AuthenticationException e) { +// throw new AuthenticationException( +// "Error occurred while retrieving the tenant ID of user '" + username + "'", e); +// } if (oAuth2TokenValidationResponseDTO.isValid()) { authenticationInfo.setStatus(Status.CONTINUE); } @@ -149,6 +148,9 @@ public class OAuthAuthenticator implements WebappAuthenticator { tokenValue = tokenValue.substring(matcher.end()); } } + if(log.isDebugEnabled()) { + log.debug("Oauth Token : " + tokenValue); + } return tokenValue; } diff --git a/pom.xml b/pom.xml index ca47a56a5c..40d1b95b4b 100644 --- a/pom.xml +++ b/pom.xml @@ -1468,7 +1468,7 @@ 4.5.2 - 4.6.0-M2 + 4.6.0-SNAPSHOT 4.5.0-m1