Improve API app registration

fixesInPublisher
tcdlpds 1 year ago
parent 317af213be
commit 088642e7ce

@ -24,6 +24,7 @@ import io.entgra.device.mgt.core.apimgt.application.extension.api.util.Registrat
import io.entgra.device.mgt.core.apimgt.application.extension.constants.ApiApplicationConstants;
import io.entgra.device.mgt.core.apimgt.application.extension.dto.ApiApplicationKey;
import io.entgra.device.mgt.core.apimgt.application.extension.exception.APIManagerException;
import io.entgra.device.mgt.core.apimgt.extension.rest.api.bean.APIMConsumer.ApplicationGrantTypeUpdater;
import io.entgra.device.mgt.core.device.mgt.common.exceptions.DeviceManagementException;
import org.apache.commons.lang.StringUtils;
import org.apache.commons.logging.Log;
@ -65,7 +66,7 @@ public class ApiApplicationRegistrationServiceImpl implements ApiApplicationRegi
applicationName, APIUtil.getDefaultTags(),
ApiApplicationConstants.DEFAULT_TOKEN_TYPE, username, false,
ApiApplicationConstants.DEFAULT_VALIDITY_PERIOD, PrivilegedCarbonContext.getThreadLocalCarbonContext().getUserRealm()
.getRealmConfiguration().getAdminPassword());
.getRealmConfiguration().getAdminPassword(), null, false);
return Response.status(Response.Status.CREATED).entity(apiApplicationKey.toString()).build();
} catch (APIManagerException e) {
String msg = "Error occurred while registering an application '" + applicationName + "'";
@ -108,10 +109,23 @@ public class ApiApplicationRegistrationServiceImpl implements ApiApplicationRegi
if (username.equals(registrationProfile.getUsername())) {
synchronized (ApiApplicationRegistrationServiceImpl.class) {
ApplicationGrantTypeUpdater applicationGrantTypeUpdater = null;
if (registrationProfile.getSupportedGrantTypes() != null && !registrationProfile.getSupportedGrantTypes().isEmpty()) {
applicationGrantTypeUpdater = new ApplicationGrantTypeUpdater();
applicationGrantTypeUpdater.setSupportedGrantTypes(registrationProfile.getSupportedGrantTypes());
} else if (StringUtils.isNotEmpty(registrationProfile.getCallbackUrl())) {
return Response.status(Response.Status.BAD_REQUEST).entity("Callback URL should be Empty when" +
" request does not contain supported grant types to update grant types of the " +
"application."
).build();
}
ApiApplicationKey apiApplicationKey = apiManagementProviderService.generateAndRetrieveApplicationKeys(
applicationName, registrationProfile.getTags(),
ApiApplicationConstants.DEFAULT_TOKEN_TYPE, username,
registrationProfile.isAllowedToAllDomains(), validityPeriod, registrationProfile.getPassword());
registrationProfile.isAllowedToAllDomains(), validityPeriod,
registrationProfile.getPassword(), applicationGrantTypeUpdater, false);
return Response.status(Response.Status.CREATED).entity(apiApplicationKey.toString()).build();
}
}
@ -123,7 +137,8 @@ public class ApiApplicationRegistrationServiceImpl implements ApiApplicationRegi
ApiApplicationKey apiApplicationKey = apiManagementProviderService.generateAndRetrieveApplicationKeys(
applicationName, registrationProfile.getTags(),
ApiApplicationConstants.DEFAULT_TOKEN_TYPE, registrationProfile.getUsername(),
registrationProfile.isAllowedToAllDomains(), validityPeriod, registrationProfile.getPassword());
registrationProfile.isAllowedToAllDomains(), validityPeriod,
registrationProfile.getPassword(), null, false);
return Response.status(Response.Status.CREATED).entity(apiApplicationKey.toString()).build();
}
} catch (APIManagerException e) {

@ -22,6 +22,7 @@ import org.codehaus.jackson.annotate.JsonIgnoreProperties;
import javax.xml.bind.annotation.XmlElement;
import javax.xml.bind.annotation.XmlRootElement;
import java.util.ArrayList;
/**
* DTO class to be used when registering an ApiM application.
@ -43,6 +44,10 @@ public class RegistrationProfile {
@XmlElement(required = false)
private String validityPeriod;
private String callbackUrl;
private ArrayList<String> supportedGrantTypes;
public String getApplicationName() {
return applicationName;
}
@ -90,4 +95,20 @@ public class RegistrationProfile {
public void setPassword(String password) {
this.password = password;
}
public String getCallbackUrl() {
return callbackUrl;
}
public void setCallbackUrl(String callbackUrl) {
this.callbackUrl = callbackUrl;
}
public ArrayList<String> getSupportedGrantTypes() {
return supportedGrantTypes;
}
public void setSupportedGrantTypes(ArrayList<String> supportedGrantTypes) {
this.supportedGrantTypes = supportedGrantTypes;
}
}

@ -20,6 +20,8 @@ package io.entgra.device.mgt.core.apimgt.application.extension;
import io.entgra.device.mgt.core.apimgt.application.extension.dto.ApiApplicationKey;
import io.entgra.device.mgt.core.apimgt.application.extension.exception.APIManagerException;
import io.entgra.device.mgt.core.apimgt.extension.rest.api.bean.APIMConsumer.ApplicationGrantTypeUpdater;
import io.entgra.device.mgt.core.apimgt.extension.rest.api.dto.TokenInfo;
import io.entgra.device.mgt.core.identity.jwt.client.extension.dto.AccessTokenInfo;
/**
@ -53,12 +55,16 @@ public interface APIManagementProviderService {
ApiApplicationKey generateAndRetrieveApplicationKeys(String applicationName, String[] tags,
String keyType, String username,
boolean isAllowedAllDomains,
String validityTime, String password) throws APIManagerException;
String validityTime, String password,
ApplicationGrantTypeUpdater applicationGrantTypeUpdater,
boolean isMappingRequired) throws APIManagerException;
ApiApplicationKey generateAndRetrieveApplicationKeys(String applicationName, String[] tags,
String keyType,
boolean isAllowedAllDomains,
String validityTime, String accessToken) throws APIManagerException;
String validityTime, TokenInfo tokenInfo,
ApplicationGrantTypeUpdater applicationGrantTypeUpdater,
boolean isMappingRequired) throws APIManagerException;
// /**
// * Remove APIM Application.

@ -24,7 +24,11 @@ import io.entgra.device.mgt.core.apimgt.application.extension.dto.ApiApplication
import io.entgra.device.mgt.core.apimgt.application.extension.exception.APIManagerException;
import io.entgra.device.mgt.core.apimgt.application.extension.internal.APIApplicationManagerExtensionDataHolder;
import io.entgra.device.mgt.core.apimgt.application.extension.util.APIManagerUtil;
import io.entgra.device.mgt.core.apimgt.extension.rest.api.bean.APIMConsumer.*;
import io.entgra.device.mgt.core.apimgt.extension.rest.api.bean.APIMConsumer.APIInfo;
import io.entgra.device.mgt.core.apimgt.extension.rest.api.bean.APIMConsumer.ApplicationGrantTypeUpdater;
import io.entgra.device.mgt.core.apimgt.extension.rest.api.bean.APIMConsumer.ApplicationKey;
import io.entgra.device.mgt.core.apimgt.extension.rest.api.bean.APIMConsumer.KeyManager;
import io.entgra.device.mgt.core.apimgt.extension.rest.api.bean.APIMConsumer.Subscription;
import io.entgra.device.mgt.core.apimgt.extension.rest.api.dto.TokenInfo;
import io.entgra.device.mgt.core.device.mgt.common.exceptions.MetadataKeyAlreadyExistsException;
import io.entgra.device.mgt.core.device.mgt.common.exceptions.MetadataManagementException;
@ -106,35 +110,42 @@ public class APIManagementProviderServiceImpl implements APIManagementProviderSe
//
// }
@Override
public synchronized ApiApplicationKey generateAndRetrieveApplicationKeys(String applicationName, String[] tags,
String keyType,
boolean isAllowedAllDomains,
String validityTime, String accessToken) throws APIManagerException {
TokenInfo tokenInfo = new TokenInfo();
tokenInfo.setApiApplicationInfo(null);
tokenInfo.setAccessToken(accessToken);
return generateAndRetrieveApplicationKeys(applicationName, tags, keyType, isAllowedAllDomains, validityTime, tokenInfo);
}
// @Override
// public synchronized ApiApplicationKey generateAndRetrieveApplicationKeys(String applicationName, String[] tags,
// String keyType,
// boolean isAllowedAllDomains,
// String validityTime, String accessToken) throws APIManagerException {
// TokenInfo tokenInfo = new TokenInfo();
// tokenInfo.setApiApplicationInfo(null);
// tokenInfo.setAccessToken(accessToken);
// return generateAndRetrieveApplicationKeys(applicationName, tags, keyType, isAllowedAllDomains, validityTime,
// tokenInfo, null, false);
// }
@Override
public synchronized ApiApplicationKey generateAndRetrieveApplicationKeys(String applicationName, String[] tags,
String keyType, String username,
boolean isAllowedAllDomains,
String validityTime, String password)
String validityTime, String password,
ApplicationGrantTypeUpdater applicationGrantTypeUpdater,
boolean isMappingRequired)
throws APIManagerException {
ApiApplicationInfo applicationInfo = getApplicationInfo(username, password);
TokenInfo tokenInfo = new TokenInfo();
tokenInfo.setApiApplicationInfo(applicationInfo);
tokenInfo.setAccessToken(null);
return generateAndRetrieveApplicationKeys(applicationName, tags, keyType, isAllowedAllDomains, validityTime, tokenInfo);
return generateAndRetrieveApplicationKeys(applicationName, tags, keyType, isAllowedAllDomains, validityTime,
tokenInfo, applicationGrantTypeUpdater, isMappingRequired);
}
private ApiApplicationKey generateAndRetrieveApplicationKeys(String applicationName, String[] tags,
@Override
public synchronized ApiApplicationKey generateAndRetrieveApplicationKeys(String applicationName, String[] tags,
String keyType,
boolean isAllowedAllDomains,
String validityTime, TokenInfo tokenInfo) throws APIManagerException {
String validityTime, TokenInfo tokenInfo,
ApplicationGrantTypeUpdater applicationGrantTypeUpdater,
boolean isMappingRequired) throws APIManagerException {
ConsumerRESTAPIServices consumerRESTAPIServices =
APIApplicationManagerExtensionDataHolder.getInstance().getConsumerRESTAPIServices();
@ -160,7 +171,7 @@ public class APIManagementProviderServiceImpl implements APIManagementProviderSe
consumerRESTAPIServices.getAllApplications(tokenInfo, applicationName);
if (applications.length == 0) {
return handleNewAPIApplication(applicationName, uniqueApiList, tokenInfo, keyType,
validityTime);
validityTime, applicationGrantTypeUpdater, isMappingRequired);
} else {
if (applications.length == 1) {
Optional<io.entgra.device.mgt.core.apimgt.extension.rest.api.bean.APIMConsumer.Application> applicationOpt =
@ -173,7 +184,8 @@ public class APIManagementProviderServiceImpl implements APIManagementProviderSe
if (metaData == null) {
// Todo add a comment
consumerRESTAPIServices.deleteApplication(tokenInfo, application.getApplicationId());
return handleNewAPIApplication(applicationName, uniqueApiList, tokenInfo, keyType, validityTime);
return handleNewAPIApplication(applicationName, uniqueApiList, tokenInfo, keyType,
validityTime, applicationGrantTypeUpdater, isMappingRequired);
} else {
Subscription[] subscriptions = consumerRESTAPIServices.getAllSubscriptions(tokenInfo, application.getApplicationId());
for (Subscription subscription : subscriptions) {
@ -265,6 +277,14 @@ public class APIManagementProviderServiceImpl implements APIManagementProviderSe
applicationKey = consumerRESTAPIServices.generateApplicationKeys(tokenInfo, application.getApplicationId(),
keyManager.getName(), validityTime, keyType);
}
// ApplicationKey updateGrantType(TokenInfo tokenInfo, String applicationId, String keyMapId, String keyManager,
// String supportedGrantTypes, String callbackUrl)
if (applicationGrantTypeUpdater != null) {
applicationKey = consumerRESTAPIServices.updateGrantType(tokenInfo, application.getApplicationId(),
applicationKey.getKeyMappingId(), keyManager.getName(),
applicationGrantTypeUpdater.getSupportedGrantTypes(),
applicationGrantTypeUpdater.getCallbackUrl());
}
// ApplicationKey applicationKey = consumerRESTAPIServices.mapApplicationKeys(tokenInfo, application,
@ -651,7 +671,7 @@ public class APIManagementProviderServiceImpl implements APIManagementProviderSe
registrationProfile.getTags(), tokenType, PrivilegedCarbonContext.getThreadLocalCarbonContext().getUserRealm()
.getRealmConfiguration().getAdminUserName(),
registrationProfile.isAllowedToAllDomains(), validityPeriod, PrivilegedCarbonContext.getThreadLocalCarbonContext().getUserRealm()
.getRealmConfiguration().getAdminPassword());
.getRealmConfiguration().getAdminPassword(), null, false);
} finally {
PrivilegedCarbonContext.endTenantFlow();
}

@ -22,6 +22,7 @@ import org.codehaus.jackson.annotate.JsonIgnoreProperties;
import javax.xml.bind.annotation.XmlElement;
import javax.xml.bind.annotation.XmlRootElement;
import java.util.ArrayList;
@XmlRootElement
@ -45,6 +46,10 @@ public class DCRRequest {
@XmlElement
private int validityPeriod;
private String callbackUrl;
private ArrayList<String> supportedGrantTypes;
public String getApplicationName() {
return applicationName;
}
@ -104,4 +109,20 @@ public class DCRRequest {
public String getPassword() { return password; }
public void setPassword(String password) { this.password = password; }
public String getCallbackUrl() {
return callbackUrl;
}
public void setCallbackUrl(String callbackUrl) {
this.callbackUrl = callbackUrl;
}
public ArrayList<String> getSupportedGrantTypes() {
return supportedGrantTypes;
}
public void setSupportedGrantTypes(ArrayList<String> supportedGrantTypes) {
this.supportedGrantTypes = supportedGrantTypes;
}
}

@ -49,7 +49,8 @@ public class KeyManagerServiceImpl implements KeyManagerService {
//todo lasantha - can pass password from here - modify DCRRequest object
DCRResponse resp = keyMgtService.dynamicClientRegistration(dcrRequest.getApplicationName(), dcrRequest.getUsername(),
dcrRequest.getGrantTypes(), dcrRequest.getCallBackUrl(), dcrRequest.getTags(),
dcrRequest.getIsSaasApp(), dcrRequest.getValidityPeriod(), dcrRequest.getPassword());
dcrRequest.getIsSaasApp(), dcrRequest.getValidityPeriod(), dcrRequest.getPassword(),
dcrRequest.getSupportedGrantTypes(), dcrRequest.getCallbackUrl());
return Response.status(Response.Status.CREATED).entity(gson.toJson(resp)).build();
} catch (KeyMgtException e) {
return Response.status(Response.Status.INTERNAL_SERVER_ERROR).entity(e.getMessage()).build();

@ -24,6 +24,8 @@ import io.entgra.device.mgt.core.apimgt.keymgt.extension.TokenResponse;
import io.entgra.device.mgt.core.apimgt.keymgt.extension.exception.BadRequestException;
import io.entgra.device.mgt.core.apimgt.keymgt.extension.exception.KeyMgtException;
import java.util.List;
public interface KeyMgtService {
/***
@ -40,7 +42,8 @@ public interface KeyMgtService {
* @throws KeyMgtException if any error occurs during DCR process
*/
DCRResponse dynamicClientRegistration(String clientName, String owner, String grantTypes, String callBackUrl,
String[] tags, boolean isSaasApp, int validityPeriod, String password) throws KeyMgtException;
String[] tags, boolean isSaasApp, int validityPeriod, String password,
List<String> supportedGrantTypes, String callbackUrl) throws KeyMgtException;
/***
* This method will handle the access token requests

@ -65,7 +65,8 @@ public class KeyMgtServiceImpl implements KeyMgtService {
String subTenantUserUsername, subTenantUserPassword, keyManagerName, msg = null;
public DCRResponse dynamicClientRegistration(String clientName, String owner, String grantTypes, String callBackUrl,
String[] tags, boolean isSaasApp, int validityPeriod, String password) throws KeyMgtException {
String[] tags, boolean isSaasApp, int validityPeriod,
String password, List<String> supportedGrantTypes, String callbackUrl) throws KeyMgtException {
if (owner == null) {
PrivilegedCarbonContext threadLocalCarbonContext = PrivilegedCarbonContext.getThreadLocalCarbonContext();
@ -94,13 +95,14 @@ public class KeyMgtServiceImpl implements KeyMgtService {
if (KeyMgtConstants.SUPER_TENANT.equals(tenantDomain)) {
OAuthApplication dcrApplication = createOauthApplication(clientName, kmConfig.getAdminUsername(), tags,
validityPeriod, kmConfig.getAdminPassword());
validityPeriod, kmConfig.getAdminPassword(), supportedGrantTypes, callbackUrl);
return new DCRResponse(dcrApplication.getClientId(), dcrApplication.getClientSecret());
} else {
// super-tenant admin dcr and token generation
//todo lasantha null passed in last two params
OAuthApplication superTenantOauthApp = createOauthApplication(
KeyMgtConstants.RESERVED_OAUTH_APP_NAME_PREFIX + KeyMgtConstants.SUPER_TENANT,
kmConfig.getAdminUsername(), null, validityPeriod, kmConfig.getAdminPassword());
kmConfig.getAdminUsername(), null, validityPeriod, kmConfig.getAdminPassword(), null, null);
String superAdminAccessToken = createAccessToken(superTenantOauthApp);
// create new key manager for the tenant, under super-tenant space
@ -123,7 +125,10 @@ public class KeyMgtServiceImpl implements KeyMgtService {
// DCR for the requesting user
//todo lasantha -> need to pass password of user
OAuthApplication dcrApplication = createOauthApplication(clientName, owner, tags, validityPeriod, password);
//todo lasantha null passed in last two params
OAuthApplication dcrApplication = createOauthApplication(clientName, owner, tags, validityPeriod,
password, null, null);
String requestingUserAccessToken = createAccessToken(dcrApplication);
// get application id
@ -317,9 +322,11 @@ public class KeyMgtServiceImpl implements KeyMgtService {
* @throws KeyMgtException if any error occurs while creating response object
*/
private OAuthApplication createOauthApplication (String clientName, String owner, String[] tags,
int validityPeriod, String ownerPassword) throws KeyMgtException {
int validityPeriod, String ownerPassword,
List<String> supportedGrantTypes, String callbackUrl) throws KeyMgtException {
//todo modify this to pass the password as well
String oauthAppCreationPayloadStr = createOauthAppCreationPayload(clientName, owner, tags, validityPeriod, ownerPassword);
String oauthAppCreationPayloadStr = createOauthAppCreationPayload(clientName, owner, tags, validityPeriod,
ownerPassword, supportedGrantTypes, callbackUrl);
RequestBody oauthAppCreationPayload = RequestBody.Companion.create(oauthAppCreationPayloadStr, JSON);
kmConfig = getKeyManagerConfig();
String dcrEndpoint = kmConfig.getServerUrl() + KeyMgtConstants.DCR_ENDPOINT;
@ -462,13 +469,15 @@ public class KeyMgtServiceImpl implements KeyMgtService {
}
private String createOauthAppCreationPayload(String clientName, String owner, String[] tags, int validityPeriod,
String password) {
String password, List<String> supportedGrantTypes, String callbackUrl) {
JSONObject jsonObject = new JSONObject();
jsonObject.put("applicationName", clientName);
jsonObject.put("username", owner);
jsonObject.put("tags", tags);
jsonObject.put("validityPeriod", validityPeriod);
jsonObject.put("password", password);
jsonObject.put("supportedGrantTypes", supportedGrantTypes);
jsonObject.put("callbackUrl", callbackUrl);
return jsonObject.toString();
}

@ -66,7 +66,7 @@ public class OAuthUtils {
registrationProfile.getTags(), Constants.ApplicationInstall.DEFAULT_TOKEN_TYPE,
username, registrationProfile.isAllowedToAllDomains(),
Constants.ApplicationInstall.DEFAULT_VALIDITY_PERIOD, PrivilegedCarbonContext.getThreadLocalCarbonContext().getUserRealm()
.getRealmConfiguration().getAdminPassword());
.getRealmConfiguration().getAdminPassword(), null, false);
} finally {
PrivilegedCarbonContext.endTenantFlow();
}

@ -27,6 +27,7 @@ import io.entgra.device.mgt.core.apimgt.application.extension.internal.APIApplic
import io.entgra.device.mgt.core.apimgt.extension.rest.api.APIApplicationServices;
import io.entgra.device.mgt.core.apimgt.extension.rest.api.APIApplicationServicesImpl;
import io.entgra.device.mgt.core.apimgt.extension.rest.api.dto.APIApplicationKey;
import io.entgra.device.mgt.core.apimgt.extension.rest.api.dto.TokenInfo;
import io.entgra.device.mgt.core.apimgt.extension.rest.api.exceptions.APIServicesException;
import io.entgra.device.mgt.core.apimgt.keymgt.extension.DCRResponse;
import io.entgra.device.mgt.core.apimgt.keymgt.extension.TokenRequest;
@ -827,9 +828,11 @@ public class DeviceManagementServiceImpl implements DeviceManagementService {
"perm:users:send-invitation");
APIManagementProviderService apiManagementProviderService = DeviceMgtAPIUtils.getAPIManagementService();
TokenInfo tokenInfo = new TokenInfo();
tokenInfo.setAccessToken(accessTokenInfo.getAccessToken());
apiApplicationKey = apiManagementProviderService.generateAndRetrieveApplicationKeys(applicationName,
new String[] {"device_management"}, "PRODUCTION", false, String.valueOf(validityTime),
accessTokenInfo.getAccessToken());
tokenInfo, null, true);
} catch (JWTClientException e) {
String msg = "Error while generating an application tokens for Tenant Admin.";

Loading…
Cancel
Save