From 0162753d6aa3f71d4d503ef300d81788cf03f562 Mon Sep 17 00:00:00 2001 From: Amalka Subasinghe Date: Wed, 19 May 2021 11:16:22 +0530 Subject: [PATCH] Fixed SSO --- .../APIManagementProviderServiceImpl.java | 1 + .../ui/request/interceptor/LoginHandler.java | 68 +++++++------------ .../interceptor/SsoLoginCallbackHandler.java | 5 +- .../request/interceptor/SsoLoginHandler.java | 10 ++- .../interceptor/util/HandlerConstants.java | 4 +- .../src/main/resources/conf/mdm-ui-config.xml | 2 +- .../repository/conf/mdm-ui-config.xml.j2 | 2 +- .../src/main/resources/p2.inf | 1 + .../resources/payloads/get-app-request.xml | 8 +++ .../resources/payloads/update-app-request.xml | 55 +++++++++++++++ 10 files changed, 105 insertions(+), 51 deletions(-) create mode 100644 features/ui-request-interceptor/io.entgra.ui.request.interceptor.feature/src/main/resources/payloads/get-app-request.xml create mode 100644 features/ui-request-interceptor/io.entgra.ui.request.interceptor.feature/src/main/resources/payloads/update-app-request.xml diff --git a/components/apimgt-extensions/org.wso2.carbon.apimgt.application.extension/src/main/java/org/wso2/carbon/apimgt/application/extension/APIManagementProviderServiceImpl.java b/components/apimgt-extensions/org.wso2.carbon.apimgt.application.extension/src/main/java/org/wso2/carbon/apimgt/application/extension/APIManagementProviderServiceImpl.java index 40d13f7eda..99dde8d4b3 100644 --- a/components/apimgt-extensions/org.wso2.carbon.apimgt.application.extension/src/main/java/org/wso2/carbon/apimgt/application/extension/APIManagementProviderServiceImpl.java +++ b/components/apimgt-extensions/org.wso2.carbon.apimgt.application.extension/src/main/java/org/wso2/carbon/apimgt/application/extension/APIManagementProviderServiceImpl.java @@ -123,6 +123,7 @@ public class APIManagementProviderServiceImpl implements APIManagementProviderSe application = new Application(applicationName, subscriber); application.setTier(ApiApplicationConstants.DEFAULT_TIER); application.setGroupId(""); + application.setTokenType("OAUTH"); apiConsumer.addApplication(application, username); application = apiConsumer.getApplicationsByName(username, applicationName, ""); } else { diff --git a/components/ui-request-interceptor/io.entgra.ui.request.interceptor/src/main/java/io/entgra/ui/request/interceptor/LoginHandler.java b/components/ui-request-interceptor/io.entgra.ui.request.interceptor/src/main/java/io/entgra/ui/request/interceptor/LoginHandler.java index 8843f507cc..ed106923b5 100644 --- a/components/ui-request-interceptor/io.entgra.ui.request.interceptor/src/main/java/io/entgra/ui/request/interceptor/LoginHandler.java +++ b/components/ui-request-interceptor/io.entgra.ui.request.interceptor/src/main/java/io/entgra/ui/request/interceptor/LoginHandler.java @@ -24,7 +24,6 @@ import com.google.gson.JsonObject; import com.google.gson.JsonParser; import com.google.gson.JsonSyntaxException; import io.entgra.ui.request.interceptor.beans.AuthData; -import io.entgra.ui.request.interceptor.beans.ProxyResponse; import io.entgra.ui.request.interceptor.exceptions.LoginException; import io.entgra.ui.request.interceptor.util.HandlerConstants; import io.entgra.ui.request.interceptor.util.HandlerUtil; @@ -35,12 +34,8 @@ import org.apache.http.HttpStatus; import org.apache.http.client.methods.HttpPost; import org.apache.http.entity.ContentType; import org.apache.http.entity.StringEntity; -import org.wso2.carbon.apimgt.application.extension.APIManagementProviderService; -import org.wso2.carbon.apimgt.application.extension.APIManagementProviderServiceImpl; -import org.wso2.carbon.apimgt.application.extension.constants.ApiApplicationConstants; -import org.wso2.carbon.apimgt.application.extension.dto.ApiApplicationKey; -import org.wso2.carbon.apimgt.application.extension.exception.APIManagerException; -import org.wso2.carbon.context.PrivilegedCarbonContext; +import org.apache.http.protocol.HTTP; +import io.entgra.ui.request.interceptor.beans.ProxyResponse; import javax.servlet.annotation.MultipartConfig; import javax.servlet.annotation.WebServlet; @@ -49,9 +44,7 @@ import javax.servlet.http.HttpServletRequest; import javax.servlet.http.HttpServletResponse; import javax.servlet.http.HttpSession; import java.io.IOException; -import java.util.ArrayList; import java.util.Base64; -import java.util.List; @MultipartConfig @WebServlet("/login") @@ -76,38 +69,28 @@ public class LoginHandler extends HttpServlet { httpSession = req.getSession(true); //setting session to expiry in 5 minutes httpSession.setMaxInactiveInterval(Math.toIntExact(HandlerConstants.TIMEOUT)); - //todo: amalka do we need this remote call? + JsonObject uiConfigJsonObject = HandlerUtil.getUIConfigAndPersistInSession( uiConfigUrl, gatewayUrl, httpSession, resp); JsonArray tags = uiConfigJsonObject.get("appRegistration").getAsJsonObject().get("tags").getAsJsonArray(); JsonArray scopes = uiConfigJsonObject.get("scopes").getAsJsonArray(); - List list = new ArrayList(); - for(int i=0; i < tags.size(); i++) { - list.add(tags.get(i).getAsString()); - } - - String[] tagsAsStringArray = list.toArray(new String[list.size()]); + HttpPost apiRegEndpoint = new HttpPost(gatewayUrl + HandlerConstants.APP_REG_ENDPOINT); + apiRegEndpoint.setHeader(HttpHeaders.AUTHORIZATION, HandlerConstants.BASIC + Base64.getEncoder() + .encodeToString((username + HandlerConstants.COLON + password).getBytes())); + apiRegEndpoint.setHeader(HTTP.CONTENT_TYPE, ContentType.APPLICATION_JSON.toString()); + apiRegEndpoint.setEntity(HandlerUtil.constructAppRegPayload( + tags, HandlerConstants.PUBLISHER_APPLICATION_NAME, username, password)); - String scopeString = HandlerUtil.getScopeString(scopes); + ProxyResponse clientAppResponse = HandlerUtil.execute(apiRegEndpoint); - if (scopeString != null) { - scopeString = scopeString.trim(); - } else { - scopeString = "default"; + if (clientAppResponse.getCode() == HttpStatus.SC_UNAUTHORIZED) { + HandlerUtil.handleError(resp, clientAppResponse); + return; } - - APIManagementProviderService apiManagementProviderService = new APIManagementProviderServiceImpl(); - ApiApplicationKey apiApplicationKey = apiManagementProviderService.generateAndRetrieveApplicationKeys( - HandlerConstants.PUBLISHER_APPLICATION_NAME, - tagsAsStringArray, HandlerConstants.PRODUCTION_KEY, username, false, - ApiApplicationConstants.DEFAULT_VALIDITY_PERIOD); - - if (apiApplicationKey != null && getTokenAndPersistInSession(apiApplicationKey.getConsumerKey(), - apiApplicationKey.getConsumerSecret(), req, resp, scopes)) { - log.info("tenantDomain : " + PrivilegedCarbonContext.getThreadLocalCarbonContext().getTenantDomain()); - log.info("username : " + PrivilegedCarbonContext.getThreadLocalCarbonContext().getUsername()); + if (clientAppResponse.getCode() == HttpStatus.SC_CREATED && getTokenAndPersistInSession(req, resp, + clientAppResponse.getData(), scopes)) { ProxyResponse proxyResponse = new ProxyResponse(); proxyResponse.setCode(HttpStatus.SC_OK); HandlerUtil.handleSuccess(resp, proxyResponse); @@ -120,8 +103,6 @@ public class LoginHandler extends HttpServlet { log.error("Error occurred while parsing the response. ", e); } catch (LoginException e) { log.error("Error occurred while getting token data. ", e); - } catch (APIManagerException e) { - log.error("Error occurred while creating application. ", e); } } @@ -129,15 +110,19 @@ public class LoginHandler extends HttpServlet { * Generates token from token endpoint and persists them inside the session * * @param req - {@link HttpServletRequest} -// * @param clientAppResult - clientAppResult + * @param clientAppResult - clientAppResult * @param scopes - scopes defied in the application-mgt.xml * @throws LoginException - login exception throws when getting token result */ - private boolean getTokenAndPersistInSession(String clientId, String clientSecret, HttpServletRequest req, - HttpServletResponse resp, JsonArray scopes) throws LoginException { + private boolean getTokenAndPersistInSession(HttpServletRequest req, HttpServletResponse resp, + String clientAppResult, JsonArray scopes) throws LoginException { JsonParser jsonParser = new JsonParser(); try { - if (clientId != null && clientSecret != null) { + JsonElement jClientAppResult = jsonParser.parse(clientAppResult); + if (jClientAppResult.isJsonObject()) { + JsonObject jClientAppResultAsJsonObject = jClientAppResult.getAsJsonObject(); + String clientId = jClientAppResultAsJsonObject.get("client_id").getAsString(); + String clientSecret = jClientAppResultAsJsonObject.get("client_secret").getAsString(); String encodedClientApp = Base64.getEncoder() .encodeToString((clientId + HandlerConstants.COLON + clientSecret).getBytes()); @@ -189,9 +174,6 @@ public class LoginHandler extends HttpServlet { if (HandlerConstants.HTTP_PROTOCOL.equals(req.getScheme())) { iotsCorePort = System.getProperty("iot.core.http.port"); } - - String keyManagerPort = System.getProperty("iot.keymanager.https.port"); - username = req.getParameter("username"); password = req.getParameter("password"); gatewayUrl = req.getScheme() + HandlerConstants.SCHEME_SEPARATOR + System.getProperty("iot.gateway.host") @@ -199,8 +181,8 @@ public class LoginHandler extends HttpServlet { uiConfigUrl = req.getScheme() + HandlerConstants.SCHEME_SEPARATOR + System.getProperty("iot.core.host") + HandlerConstants.COLON + iotsCorePort + HandlerConstants.UI_CONFIG_ENDPOINT; keyManagerUrl = HandlerConstants.HTTPS_PROTOCOL + HandlerConstants.SCHEME_SEPARATOR + - System.getProperty("iot.keymanager.host") + HandlerConstants.COLON + keyManagerPort; - + System.getProperty("iot.keymanager.host") + HandlerConstants.COLON + + System.getProperty("iot.keymanager.https.port"); if (username == null || password == null) { String msg = "Invalid login request. Username or Password is not received for login request."; log.error(msg); diff --git a/components/ui-request-interceptor/io.entgra.ui.request.interceptor/src/main/java/io/entgra/ui/request/interceptor/SsoLoginCallbackHandler.java b/components/ui-request-interceptor/io.entgra.ui.request.interceptor/src/main/java/io/entgra/ui/request/interceptor/SsoLoginCallbackHandler.java index 8ee6ec776b..e047b5ba73 100644 --- a/components/ui-request-interceptor/io.entgra.ui.request.interceptor/src/main/java/io/entgra/ui/request/interceptor/SsoLoginCallbackHandler.java +++ b/components/ui-request-interceptor/io.entgra.ui.request.interceptor/src/main/java/io/entgra/ui/request/interceptor/SsoLoginCallbackHandler.java @@ -60,8 +60,11 @@ public class SsoLoginCallbackHandler extends HttpServlet { + HandlerConstants.COLON + HandlerUtil.getGatewayPort(req.getScheme()); String iotsCoreUrl = req.getScheme() + HandlerConstants.SCHEME_SEPARATOR + System.getProperty("iot.core.host") + HandlerConstants.COLON + iotsCorePort; + String keyManagerUrl = req.getScheme() + HandlerConstants.SCHEME_SEPARATOR + + System.getProperty("iot.keymanager.host") + HandlerConstants.COLON + + System.getProperty("iot.keymanager.https.port"); - HttpPost tokenEndpoint = new HttpPost(gatewayUrl + HandlerConstants.TOKEN_ENDPOINT); + HttpPost tokenEndpoint = new HttpPost(keyManagerUrl + HandlerConstants.TOKEN_ENDPOINT); tokenEndpoint.setHeader(HttpHeaders.AUTHORIZATION, HandlerConstants.BASIC + session.getAttribute("encodedClientApp")); tokenEndpoint.setHeader(HttpHeaders.CONTENT_TYPE, ContentType.APPLICATION_FORM_URLENCODED.toString()); diff --git a/components/ui-request-interceptor/io.entgra.ui.request.interceptor/src/main/java/io/entgra/ui/request/interceptor/SsoLoginHandler.java b/components/ui-request-interceptor/io.entgra.ui.request.interceptor/src/main/java/io/entgra/ui/request/interceptor/SsoLoginHandler.java index 1ade046d43..78b874ac68 100644 --- a/components/ui-request-interceptor/io.entgra.ui.request.interceptor/src/main/java/io/entgra/ui/request/interceptor/SsoLoginHandler.java +++ b/components/ui-request-interceptor/io.entgra.ui.request.interceptor/src/main/java/io/entgra/ui/request/interceptor/SsoLoginHandler.java @@ -69,6 +69,7 @@ public class SsoLoginHandler extends HttpServlet { private static String adminPassword; private static String gatewayUrl; private static String iotsCoreUrl; + private static String keyManagerUrl; private static String encodedAdminCredentials; private static String encodedClientApp; private static String applicationId; @@ -101,7 +102,7 @@ public class SsoLoginHandler extends HttpServlet { */ private void dynamicClientRegistration(HttpServletRequest req, HttpServletResponse resp) { try { - File userMgtConf = new File("conf/user-mgt.xml"); + File userMgtConf = new File("repository/conf/user-mgt.xml"); DocumentBuilderFactory dbFactory = DocumentBuilderFactory.newInstance(); DocumentBuilder dBuilder = dbFactory.newDocumentBuilder(); Document doc = dBuilder.parse(userMgtConf); @@ -123,6 +124,9 @@ public class SsoLoginHandler extends HttpServlet { iotsCoreUrl = req.getScheme() + HandlerConstants.SCHEME_SEPARATOR + System.getProperty("iot.core.host") + HandlerConstants.COLON + iotsCorePort; String uiConfigUrl = iotsCoreUrl + HandlerConstants.UI_CONFIG_ENDPOINT; + keyManagerUrl = HandlerConstants.HTTPS_PROTOCOL + HandlerConstants.SCHEME_SEPARATOR + + System.getProperty("iot.keymanager.host") + HandlerConstants.COLON + + System.getProperty("iot.keymanager.https.port"); httpSession = req.getSession(false); if (httpSession != null) { @@ -211,7 +215,7 @@ public class SsoLoginHandler extends HttpServlet { ProxyResponse updateApplicationGrantTypesEndpointResponse = HandlerUtil.execute(updateApplicationGrantTypesEndpoint); // Update app as a SaaS app - this.updateSaasApp(applicationName); + this.updateSaasApp(applicationId); if (updateApplicationGrantTypesEndpointResponse.getCode() == HttpStatus.SC_UNAUTHORIZED) { HandlerUtil.handleError(resp, updateApplicationGrantTypesEndpointResponse); @@ -262,7 +266,7 @@ public class SsoLoginHandler extends HttpServlet { * @throws IOException IO exception throws if an error occurred when invoking token endpoint */ private ProxyResponse getTokenResult(String encodedClientApp) throws IOException { - HttpPost tokenEndpoint = new HttpPost(gatewayUrl + HandlerConstants.TOKEN_ENDPOINT); + HttpPost tokenEndpoint = new HttpPost(keyManagerUrl + HandlerConstants.TOKEN_ENDPOINT); tokenEndpoint.setHeader(HttpHeaders.AUTHORIZATION, HandlerConstants.BASIC + encodedClientApp); tokenEndpoint.setHeader(HttpHeaders.CONTENT_TYPE, ContentType.APPLICATION_FORM_URLENCODED.toString()); diff --git a/components/ui-request-interceptor/io.entgra.ui.request.interceptor/src/main/java/io/entgra/ui/request/interceptor/util/HandlerConstants.java b/components/ui-request-interceptor/io.entgra.ui.request.interceptor/src/main/java/io/entgra/ui/request/interceptor/util/HandlerConstants.java index bedf62385c..636c5aceeb 100644 --- a/components/ui-request-interceptor/io.entgra.ui.request.interceptor/src/main/java/io/entgra/ui/request/interceptor/util/HandlerConstants.java +++ b/components/ui-request-interceptor/io.entgra.ui.request.interceptor/src/main/java/io/entgra/ui/request/interceptor/util/HandlerConstants.java @@ -25,7 +25,7 @@ public class HandlerConstants { public static final String TOKEN_ENDPOINT = "/oauth2/token"; public static final String INTROSPECT_ENDPOINT = "/oauth2/introspect"; public static final String AUTHORIZATION_ENDPOINT = "/oauth2/authorize"; - public static final String APIM_APPLICATIONS_ENDPOINT = "/api/am/store/v0.12/applications/"; + public static final String APIM_APPLICATIONS_ENDPOINT = "/api/am/devportal/v2/applications/"; public static final String IDENTITY_APP_MGT_ENDPOINT = "/services/IdentityApplicationManagementService.IdentityApplicationManagementServiceHttpsSoap11Endpoint"; public static final String LOGIN_PAGE = "/login"; public static final String SSO_LOGIN_CALLBACK = "/ssoLoginCallback"; @@ -67,7 +67,7 @@ public class HandlerConstants { public static final String OTP_HEADER = "one-time-token"; - public static final String AX_PREFIX = "ax2317:"; + public static final String AX_PREFIX = "ax2251:"; public static final String PAYLOADS_DIR = "repository/resources/payloads"; public static final String SOAP_ACTION_HEADER = "SOAPAction"; diff --git a/features/device-mgt/org.wso2.carbon.device.mgt.basics.feature/src/main/resources/conf/mdm-ui-config.xml b/features/device-mgt/org.wso2.carbon.device.mgt.basics.feature/src/main/resources/conf/mdm-ui-config.xml index 5bbf9e040b..a0ba89e8b7 100644 --- a/features/device-mgt/org.wso2.carbon.device.mgt.basics.feature/src/main/resources/conf/mdm-ui-config.xml +++ b/features/device-mgt/org.wso2.carbon.device.mgt.basics.feature/src/main/resources/conf/mdm-ui-config.xml @@ -19,7 +19,7 @@ true - false + true application_management diff --git a/features/device-mgt/org.wso2.carbon.device.mgt.basics.feature/src/main/resources/conf_templates/templates/repository/conf/mdm-ui-config.xml.j2 b/features/device-mgt/org.wso2.carbon.device.mgt.basics.feature/src/main/resources/conf_templates/templates/repository/conf/mdm-ui-config.xml.j2 index 64ccc89949..d15f23de86 100644 --- a/features/device-mgt/org.wso2.carbon.device.mgt.basics.feature/src/main/resources/conf_templates/templates/repository/conf/mdm-ui-config.xml.j2 +++ b/features/device-mgt/org.wso2.carbon.device.mgt.basics.feature/src/main/resources/conf_templates/templates/repository/conf/mdm-ui-config.xml.j2 @@ -26,7 +26,7 @@ {% if mdm_ui_conf.enable_sso is defined %} {{mdm_ui_conf.enable_sso}} {% else %} - false + true {% endif %} diff --git a/features/ui-request-interceptor/io.entgra.ui.request.interceptor.feature/src/main/resources/p2.inf b/features/ui-request-interceptor/io.entgra.ui.request.interceptor.feature/src/main/resources/p2.inf index 7887868228..d44e4112ef 100644 --- a/features/ui-request-interceptor/io.entgra.ui.request.interceptor.feature/src/main/resources/p2.inf +++ b/features/ui-request-interceptor/io.entgra.ui.request.interceptor.feature/src/main/resources/p2.inf @@ -4,3 +4,4 @@ org.eclipse.equinox.p2.touchpoint.natives.copy(source:${installFolder}/../featur org.eclipse.equinox.p2.touchpoint.natives.copy(source:${installFolder}/../features/io.entgra.ui.request.interceptor_${feature.version}/webapps/ui-request-handler.war,target:${installFolder}/../../deployment/server/webapps/store-ui-request-handler.war,overwrite:true);\ org.eclipse.equinox.p2.touchpoint.natives.copy(source:${installFolder}/../features/io.entgra.ui.request.interceptor_${feature.version}/webapps/ui-request-handler.war,target:${installFolder}/../../deployment/server/webapps/entgra-ui-request-handler.war,overwrite:true);\ org.eclipse.equinox.p2.touchpoint.natives.copy(source:${installFolder}/../features/io.entgra.ui.request.interceptor_${feature.version}/webapps/ui-request-handler.war,target:${installFolder}/../../deployment/server/webapps/mdm-reports-ui-request-handler.war,overwrite:true);\ +org.eclipse.equinox.p2.touchpoint.natives.copy(source:${installFolder}/../features/io.entgra.ui.request.interceptor_${feature.version}/payloads/,target:${installFolder}/../../resources/payloads/,overwrite:true);\ diff --git a/features/ui-request-interceptor/io.entgra.ui.request.interceptor.feature/src/main/resources/payloads/get-app-request.xml b/features/ui-request-interceptor/io.entgra.ui.request.interceptor.feature/src/main/resources/payloads/get-app-request.xml new file mode 100644 index 0000000000..45c2042031 --- /dev/null +++ b/features/ui-request-interceptor/io.entgra.ui.request.interceptor.feature/src/main/resources/payloads/get-app-request.xml @@ -0,0 +1,8 @@ + + + + + ${applicationName} + + + diff --git a/features/ui-request-interceptor/io.entgra.ui.request.interceptor.feature/src/main/resources/payloads/update-app-request.xml b/features/ui-request-interceptor/io.entgra.ui.request.interceptor.feature/src/main/resources/payloads/update-app-request.xml new file mode 100644 index 0000000000..4f608a9e55 --- /dev/null +++ b/features/ui-request-interceptor/io.entgra.ui.request.interceptor.feature/src/main/resources/payloads/update-app-request.xml @@ -0,0 +1,55 @@ + + + + + + + ${applicationId} + ${applicationName} + + ${description} + + + + ${inboundAuthKey} + ${inboundAuthType} + ${inboundConfigType} + + + + + + ${tenantDomain} + ${userName} + ${userStoreDomain} + + ${saasApp} + + + displayName + ${displayName} + + + + + + +