forked from community/device-mgt-core
Refactored backend oauth authenticator component and added logic to validate OAuth token from local & remote servers.
parent
b3e2c856a9
commit
740124136b
@ -0,0 +1,49 @@
|
|||||||
|
/*
|
||||||
|
* Copyright (c) 2015, WSO2 Inc. (http://www.wso2.org) All Rights Reserved.
|
||||||
|
*
|
||||||
|
* WSO2 Inc. licenses this file to you under the Apache License,
|
||||||
|
* Version 2.0 (the "License"); you may not use this file except
|
||||||
|
* in compliance with the License.
|
||||||
|
* you may obtain a copy of the License at
|
||||||
|
*
|
||||||
|
* http://www.apache.org/licenses/LICENSE-2.0
|
||||||
|
*
|
||||||
|
* Unless required by applicable law or agreed to in writing,
|
||||||
|
* software distributed under the License is distributed on an
|
||||||
|
* "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
|
||||||
|
* KIND, either express or implied. See the License for the
|
||||||
|
* specific language governing permissions and limitations
|
||||||
|
* under the License.
|
||||||
|
*/
|
||||||
|
|
||||||
|
package org.wso2.carbon.identity.authenticator.backend.oauth.internal;
|
||||||
|
|
||||||
|
import org.wso2.carbon.identity.oauth2.OAuth2TokenValidationService;
|
||||||
|
|
||||||
|
/**
|
||||||
|
* DataHolder of Backend OAuth Authenticator component.
|
||||||
|
*/
|
||||||
|
public class OAuthAuthenticatorDataHolder {
|
||||||
|
|
||||||
|
private OAuth2TokenValidationService oAuth2TokenValidationService;
|
||||||
|
|
||||||
|
private static OAuthAuthenticatorDataHolder thisInstance = new OAuthAuthenticatorDataHolder();
|
||||||
|
|
||||||
|
private OAuthAuthenticatorDataHolder() {}
|
||||||
|
|
||||||
|
public static OAuthAuthenticatorDataHolder getInstance() {
|
||||||
|
return thisInstance;
|
||||||
|
}
|
||||||
|
|
||||||
|
public OAuth2TokenValidationService getOAuth2TokenValidationService() {
|
||||||
|
if (oAuth2TokenValidationService == null) {
|
||||||
|
throw new IllegalStateException("OAuth2TokenValidation service is not initialized properly");
|
||||||
|
}
|
||||||
|
return oAuth2TokenValidationService;
|
||||||
|
}
|
||||||
|
|
||||||
|
public void setOAuth2TokenValidationService(
|
||||||
|
OAuth2TokenValidationService oAuth2TokenValidationService) {
|
||||||
|
this.oAuth2TokenValidationService = oAuth2TokenValidationService;
|
||||||
|
}
|
||||||
|
}
|
@ -0,0 +1,87 @@
|
|||||||
|
/*
|
||||||
|
* Copyright (c) 2015 WSO2 Inc. (http://www.wso2.org) All Rights Reserved.
|
||||||
|
*
|
||||||
|
* WSO2 Inc. licenses this file to you under the Apache License,
|
||||||
|
* Version 2.0 (the "License"); you may not use this file except
|
||||||
|
* in compliance with the License.
|
||||||
|
* You may obtain a copy of the License at
|
||||||
|
*
|
||||||
|
* http://www.apache.org/licenses/LICENSE-2.0
|
||||||
|
*
|
||||||
|
* Unless required by applicable law or agreed to in writing,
|
||||||
|
* software distributed under the License is distributed on an
|
||||||
|
* "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
|
||||||
|
* KIND, either express or implied. See the License for the
|
||||||
|
* specific language governing permissions and limitations
|
||||||
|
* under the License.
|
||||||
|
*/
|
||||||
|
|
||||||
|
package org.wso2.carbon.identity.authenticator.backend.oauth.internal;
|
||||||
|
|
||||||
|
import org.apache.commons.logging.Log;
|
||||||
|
import org.apache.commons.logging.LogFactory;
|
||||||
|
import org.osgi.framework.BundleContext;
|
||||||
|
import org.osgi.service.component.ComponentContext;
|
||||||
|
import org.wso2.carbon.core.services.authentication.CarbonServerAuthenticator;
|
||||||
|
import org.wso2.carbon.identity.authenticator.backend.oauth.OauthAuthenticator;
|
||||||
|
import org.wso2.carbon.identity.oauth2.OAuth2TokenValidationService;
|
||||||
|
|
||||||
|
/**
|
||||||
|
* @scr.component name="org.wso2.carbon.identity.backend.oauth.authenticator" immediate="true"
|
||||||
|
* @scr.reference name="identity.oauth2.validation.service"
|
||||||
|
* interface="org.wso2.carbon.identity.oauth2.OAuth2TokenValidationService"
|
||||||
|
* cardinality="1..1"
|
||||||
|
* policy="dynamic"
|
||||||
|
* bind="setOAuth2ValidationService"
|
||||||
|
* unbind="unsetOAuth2ValidationService"
|
||||||
|
*/
|
||||||
|
public class OAuthAuthenticatorServiceComponent {
|
||||||
|
|
||||||
|
private static final Log log = LogFactory.getLog(OAuthAuthenticatorServiceComponent.class);
|
||||||
|
|
||||||
|
@SuppressWarnings("unused")
|
||||||
|
protected void activate(ComponentContext componentContext) {
|
||||||
|
if (log.isDebugEnabled()) {
|
||||||
|
log.debug("Starting Backend OAuthAuthenticator Framework Bundle");
|
||||||
|
}
|
||||||
|
try {
|
||||||
|
/* Registering BackendOAuthAuthenticator Service */
|
||||||
|
BundleContext bundleContext = componentContext.getBundleContext();
|
||||||
|
OauthAuthenticator oAuthAuthenticator = new OauthAuthenticator();
|
||||||
|
bundleContext.registerService(CarbonServerAuthenticator.class.getName(), oAuthAuthenticator, null);
|
||||||
|
} catch (Throwable e) {
|
||||||
|
log.error("Error occurred while initializing the bundle", e);
|
||||||
|
}
|
||||||
|
}
|
||||||
|
|
||||||
|
@SuppressWarnings("unused")
|
||||||
|
protected void deactivate(ComponentContext componentContext) {
|
||||||
|
//do nothing
|
||||||
|
}
|
||||||
|
|
||||||
|
/**
|
||||||
|
* Sets OAuth2TokenValidation Service.
|
||||||
|
*
|
||||||
|
* @param tokenValidationService An instance of OAuth2TokenValidationService.
|
||||||
|
*/
|
||||||
|
@SuppressWarnings("unused")
|
||||||
|
protected void setOAuth2ValidationService(OAuth2TokenValidationService tokenValidationService) {
|
||||||
|
if (log.isDebugEnabled()) {
|
||||||
|
log.debug("Setting OAuth2TokenValidationService Service");
|
||||||
|
}
|
||||||
|
OAuthAuthenticatorDataHolder.getInstance().setOAuth2TokenValidationService(tokenValidationService);
|
||||||
|
}
|
||||||
|
|
||||||
|
/**
|
||||||
|
* Unsets OAuth2TokenValidation Service.
|
||||||
|
*
|
||||||
|
* @param tokenValidationService An instance of OAuth2TokenValidationService
|
||||||
|
*/
|
||||||
|
@SuppressWarnings("unused")
|
||||||
|
protected void unsetOAuth2ValidationService(OAuth2TokenValidationService tokenValidationService) {
|
||||||
|
if (log.isDebugEnabled()) {
|
||||||
|
log.debug("Unsetting OAuth2TokenValidationService Service");
|
||||||
|
}
|
||||||
|
OAuthAuthenticatorDataHolder.getInstance().setOAuth2TokenValidationService(null);
|
||||||
|
}
|
||||||
|
}
|
@ -1,60 +0,0 @@
|
|||||||
/*
|
|
||||||
* Copyright (c) 2015 WSO2 Inc. (http://www.wso2.org) All Rights Reserved.
|
|
||||||
*
|
|
||||||
* WSO2 Inc. licenses this file to you under the Apache License,
|
|
||||||
* Version 2.0 (the "License"); you may not use this file except
|
|
||||||
* in compliance with the License.
|
|
||||||
* You may obtain a copy of the License at
|
|
||||||
*
|
|
||||||
* http://www.apache.org/licenses/LICENSE-2.0
|
|
||||||
*
|
|
||||||
* Unless required by applicable law or agreed to in writing,
|
|
||||||
* software distributed under the License is distributed on an
|
|
||||||
* "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
|
|
||||||
* KIND, either express or implied. See the License for the
|
|
||||||
* specific language governing permissions and limitations
|
|
||||||
* under the License.
|
|
||||||
*/
|
|
||||||
|
|
||||||
package org.wso2.carbon.identity.authenticator.backend.oauth.internal;
|
|
||||||
|
|
||||||
import org.apache.commons.logging.Log;
|
|
||||||
import org.apache.commons.logging.LogFactory;
|
|
||||||
import org.osgi.framework.BundleActivator;
|
|
||||||
import org.osgi.framework.BundleContext;
|
|
||||||
import org.osgi.framework.ServiceRegistration;
|
|
||||||
import org.wso2.carbon.core.services.authentication.CarbonServerAuthenticator;
|
|
||||||
import org.wso2.carbon.identity.authenticator.backend.oauth.OauthAuthenticator;
|
|
||||||
|
|
||||||
|
|
||||||
|
|
||||||
public class OauthAuthenticatorServiceComponent implements BundleActivator {
|
|
||||||
|
|
||||||
private ServiceRegistration pipServiceRegRef;
|
|
||||||
private static final Log log = LogFactory.getLog(OauthAuthenticatorServiceComponent
|
|
||||||
.class);
|
|
||||||
|
|
||||||
@Override
|
|
||||||
public void start(BundleContext bundleContext) throws Exception {
|
|
||||||
log.info("Initiating");
|
|
||||||
try {
|
|
||||||
OauthAuthenticator oauthAuthenticator = new OauthAuthenticator();
|
|
||||||
pipServiceRegRef = bundleContext.registerService(CarbonServerAuthenticator.class.getName(),
|
|
||||||
oauthAuthenticator, null);
|
|
||||||
if (log.isDebugEnabled()) {
|
|
||||||
log.debug("OAuth Authenticator bundle is activated");
|
|
||||||
}
|
|
||||||
} catch (Throwable e) {
|
|
||||||
log.fatal(" Error while activating OAuth authenticator ", e);
|
|
||||||
}
|
|
||||||
}
|
|
||||||
|
|
||||||
@Override
|
|
||||||
public void stop(BundleContext bundleContext) throws Exception {
|
|
||||||
if (log.isDebugEnabled()) {
|
|
||||||
log.debug("OAuth Authenticator bundle is deactivated");
|
|
||||||
}
|
|
||||||
pipServiceRegRef.unregister();
|
|
||||||
}
|
|
||||||
|
|
||||||
}
|
|
@ -0,0 +1,34 @@
|
|||||||
|
/*
|
||||||
|
* Copyright (c) 2015, WSO2 Inc. (http://www.wso2.org) All Rights Reserved.
|
||||||
|
*
|
||||||
|
* WSO2 Inc. licenses this file to you under the Apache License,
|
||||||
|
* Version 2.0 (the "License"); you may not use this file except
|
||||||
|
* in compliance with the License.
|
||||||
|
* you may obtain a copy of the License at
|
||||||
|
*
|
||||||
|
* http://www.apache.org/licenses/LICENSE-2.0
|
||||||
|
*
|
||||||
|
* Unless required by applicable law or agreed to in writing,
|
||||||
|
* software distributed under the License is distributed on an
|
||||||
|
* "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
|
||||||
|
* KIND, either express or implied. See the License for the
|
||||||
|
* specific language governing permissions and limitations
|
||||||
|
* under the License.
|
||||||
|
*/
|
||||||
|
package org.wso2.carbon.webapp.authenticator.framework.authenticator.oauth;
|
||||||
|
|
||||||
|
/**
|
||||||
|
* Declares the contract for OAuth2TokenValidator implementations.
|
||||||
|
*/
|
||||||
|
public interface OAuth2TokenValidator {
|
||||||
|
|
||||||
|
/**
|
||||||
|
* This method gets a string accessToken and validates it and generate the OAuthValidationResponse
|
||||||
|
* containing the validity and user details if valid.
|
||||||
|
*
|
||||||
|
* @param accessToken which need to be validated.
|
||||||
|
* @param resource which need to be validated.
|
||||||
|
* @return OAuthValidationResponse with the validated results.
|
||||||
|
*/
|
||||||
|
OAuthValidationResponse validateToken(String accessToken, String resource) throws OAuthTokenValidationException;
|
||||||
|
}
|
@ -0,0 +1,33 @@
|
|||||||
|
/*
|
||||||
|
* Copyright (c) 2015, WSO2 Inc. (http://www.wso2.org) All Rights Reserved.
|
||||||
|
*
|
||||||
|
* WSO2 Inc. licenses this file to you under the Apache License,
|
||||||
|
* Version 2.0 (the "License"); you may not use this file except
|
||||||
|
* in compliance with the License.
|
||||||
|
* you may obtain a copy of the License at
|
||||||
|
*
|
||||||
|
* http://www.apache.org/licenses/LICENSE-2.0
|
||||||
|
*
|
||||||
|
* Unless required by applicable law or agreed to in writing,
|
||||||
|
* software distributed under the License is distributed on an
|
||||||
|
* "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
|
||||||
|
* KIND, either express or implied. See the License for the
|
||||||
|
* specific language governing permissions and limitations
|
||||||
|
* under the License.
|
||||||
|
*/
|
||||||
|
|
||||||
|
package org.wso2.carbon.webapp.authenticator.framework.authenticator.oauth;
|
||||||
|
|
||||||
|
/**
|
||||||
|
* Defines constants to be used inside oauth validators.
|
||||||
|
*/
|
||||||
|
public class OAuthConstants {
|
||||||
|
|
||||||
|
public static final String AUTHORIZATION_HEADER_PREFIX_BEARER = "Bearer";
|
||||||
|
public static final String AUTHORIZATION_HEADER_PREFIX_BASIC = "Basic";
|
||||||
|
public static final String BEARER_TOKEN_TYPE = "bearer";
|
||||||
|
public static final String BEARER_TOKEN_IDENTIFIER = "token";
|
||||||
|
public static final String AUTHENTICATOR_NAME = "OAuthAuthenticator";
|
||||||
|
public static final String RESOURCE_KEY = "resource";
|
||||||
|
|
||||||
|
}
|
@ -0,0 +1,60 @@
|
|||||||
|
/*
|
||||||
|
* Copyright (c) 2015, WSO2 Inc. (http://www.wso2.org) All Rights Reserved.
|
||||||
|
*
|
||||||
|
* WSO2 Inc. licenses this file to you under the Apache License,
|
||||||
|
* Version 2.0 (the "License"); you may not use this file except
|
||||||
|
* in compliance with the License.
|
||||||
|
* you may obtain a copy of the License at
|
||||||
|
*
|
||||||
|
* http://www.apache.org/licenses/LICENSE-2.0
|
||||||
|
*
|
||||||
|
* Unless required by applicable law or agreed to in writing,
|
||||||
|
* software distributed under the License is distributed on an
|
||||||
|
* "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
|
||||||
|
* KIND, either express or implied. See the License for the
|
||||||
|
* specific language governing permissions and limitations
|
||||||
|
* under the License.
|
||||||
|
*/
|
||||||
|
|
||||||
|
package org.wso2.carbon.webapp.authenticator.framework.authenticator.oauth;
|
||||||
|
|
||||||
|
/**
|
||||||
|
* Custom exception to be thrown inside OAuthTokenValidation related functionality.
|
||||||
|
*/
|
||||||
|
public class OAuthTokenValidationException extends Exception {
|
||||||
|
|
||||||
|
private static final long serialVersionUID = -3151279311929070297L;
|
||||||
|
|
||||||
|
private String errorMessage;
|
||||||
|
|
||||||
|
public String getErrorMessage() {
|
||||||
|
return errorMessage;
|
||||||
|
}
|
||||||
|
|
||||||
|
public void setErrorMessage(String errorMessage) {
|
||||||
|
this.errorMessage = errorMessage;
|
||||||
|
}
|
||||||
|
|
||||||
|
public OAuthTokenValidationException(String msg, Exception nestedEx) {
|
||||||
|
super(msg, nestedEx);
|
||||||
|
setErrorMessage(msg);
|
||||||
|
}
|
||||||
|
|
||||||
|
public OAuthTokenValidationException(String message, Throwable cause) {
|
||||||
|
super(message, cause);
|
||||||
|
setErrorMessage(message);
|
||||||
|
}
|
||||||
|
|
||||||
|
public OAuthTokenValidationException(String msg) {
|
||||||
|
super(msg);
|
||||||
|
setErrorMessage(msg);
|
||||||
|
}
|
||||||
|
|
||||||
|
public OAuthTokenValidationException() {
|
||||||
|
super();
|
||||||
|
}
|
||||||
|
|
||||||
|
public OAuthTokenValidationException(Throwable cause) {
|
||||||
|
super(cause);
|
||||||
|
}
|
||||||
|
}
|
@ -0,0 +1,70 @@
|
|||||||
|
/*
|
||||||
|
* Copyright (c) 2015, WSO2 Inc. (http://www.wso2.org) All Rights Reserved.
|
||||||
|
*
|
||||||
|
* WSO2 Inc. licenses this file to you under the Apache License,
|
||||||
|
* Version 2.0 (the "License"); you may not use this file except
|
||||||
|
* in compliance with the License.
|
||||||
|
* you may obtain a copy of the License at
|
||||||
|
*
|
||||||
|
* http://www.apache.org/licenses/LICENSE-2.0
|
||||||
|
*
|
||||||
|
* Unless required by applicable law or agreed to in writing,
|
||||||
|
* software distributed under the License is distributed on an
|
||||||
|
* "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
|
||||||
|
* KIND, either express or implied. See the License for the
|
||||||
|
* specific language governing permissions and limitations
|
||||||
|
* under the License.
|
||||||
|
*/
|
||||||
|
package org.wso2.carbon.webapp.authenticator.framework.authenticator.oauth;
|
||||||
|
|
||||||
|
/**
|
||||||
|
* This class holds the authenticated user information after the OAuth2 token is validated.
|
||||||
|
*/
|
||||||
|
@SuppressWarnings("unused")
|
||||||
|
public class OAuthValidationResponse {
|
||||||
|
|
||||||
|
private String userName;
|
||||||
|
private String tenantDomain;
|
||||||
|
private boolean isValid;
|
||||||
|
private String errorMsg;
|
||||||
|
|
||||||
|
public OAuthValidationResponse() {}
|
||||||
|
|
||||||
|
public OAuthValidationResponse(String userName, String tenantDomain, boolean isValid) {
|
||||||
|
this.userName = userName;
|
||||||
|
this.tenantDomain = tenantDomain;
|
||||||
|
this.isValid = isValid;
|
||||||
|
}
|
||||||
|
|
||||||
|
public String getUserName() {
|
||||||
|
return userName;
|
||||||
|
}
|
||||||
|
|
||||||
|
public void setUserName(String userName) {
|
||||||
|
this.userName = userName;
|
||||||
|
}
|
||||||
|
|
||||||
|
public String getTenantDomain() {
|
||||||
|
return tenantDomain;
|
||||||
|
}
|
||||||
|
|
||||||
|
public void setTenantDomain(String tenantDomain) {
|
||||||
|
this.tenantDomain = tenantDomain;
|
||||||
|
}
|
||||||
|
|
||||||
|
public boolean isValid() {
|
||||||
|
return isValid;
|
||||||
|
}
|
||||||
|
|
||||||
|
public void setIsValid(boolean isValid) {
|
||||||
|
this.isValid = isValid;
|
||||||
|
}
|
||||||
|
|
||||||
|
public String getErrorMsg() {
|
||||||
|
return errorMsg;
|
||||||
|
}
|
||||||
|
|
||||||
|
public void setErrorMsg(String errorMsg) {
|
||||||
|
this.errorMsg = errorMsg;
|
||||||
|
}
|
||||||
|
}
|
@ -0,0 +1,71 @@
|
|||||||
|
/*
|
||||||
|
* Copyright (c) 2015, WSO2 Inc. (http://www.wso2.org) All Rights Reserved.
|
||||||
|
*
|
||||||
|
* WSO2 Inc. licenses this file to you under the Apache License,
|
||||||
|
* Version 2.0 (the "License"); you may not use this file except
|
||||||
|
* in compliance with the License.
|
||||||
|
* you may obtain a copy of the License at
|
||||||
|
*
|
||||||
|
* http://www.apache.org/licenses/LICENSE-2.0
|
||||||
|
*
|
||||||
|
* Unless required by applicable law or agreed to in writing,
|
||||||
|
* software distributed under the License is distributed on an
|
||||||
|
* "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
|
||||||
|
* KIND, either express or implied. See the License for the
|
||||||
|
* specific language governing permissions and limitations
|
||||||
|
* under the License.
|
||||||
|
*/
|
||||||
|
package org.wso2.carbon.webapp.authenticator.framework.authenticator.oauth;
|
||||||
|
|
||||||
|
import org.wso2.carbon.core.security.AuthenticatorsConfiguration;
|
||||||
|
import org.wso2.carbon.webapp.authenticator.framework.authenticator.oauth.impl.RemoteOAuthValidator;
|
||||||
|
import org.wso2.carbon.webapp.authenticator.framework.authenticator.oauth.impl.LocalOAuthValidator;
|
||||||
|
|
||||||
|
/**
|
||||||
|
* The class validate the configurations and provide the most suitable implementation according to the configuration.
|
||||||
|
* Factory class for OAuthValidator.
|
||||||
|
*/
|
||||||
|
public class OAuthValidatorFactory {
|
||||||
|
|
||||||
|
private static final String AUTHENTICATOR_CONFIG_IS_REMOTE = "isRemote";
|
||||||
|
private static final String AUTHENTICATOR_CONFIG_HOST_URL = "hostURL";
|
||||||
|
private static final String AUTHENTICATOR_CONFIG_ADMIN_USERNAME = "adminUsername";
|
||||||
|
private static final String AUTHENTICATOR_CONFIG_ADMIN_PASSWORD = "adminPassword";
|
||||||
|
private static final String AUTHENTICATOR_CONFIG_OAUTH_AUTHENTICATOR_NAME = "OAuthAuthenticator";
|
||||||
|
private static String OAUTH_ENDPOINT_POSTFIX =
|
||||||
|
"/services/OAuth2TokenValidationService.OAuth2TokenValidationServiceHttpsSoap12Endpoint/";
|
||||||
|
|
||||||
|
/**
|
||||||
|
* This factory method checks the authenticators.xml configuration file and provides an appropriate implementation
|
||||||
|
* of OAuth2TokenValidator.
|
||||||
|
* @return OAuth2TokenValidator
|
||||||
|
*/
|
||||||
|
public static OAuth2TokenValidator getValidator() throws IllegalArgumentException {
|
||||||
|
AuthenticatorsConfiguration authenticatorsConfiguration = AuthenticatorsConfiguration.getInstance();
|
||||||
|
AuthenticatorsConfiguration.AuthenticatorConfig authenticatorConfig = authenticatorsConfiguration.
|
||||||
|
getAuthenticatorConfig(AUTHENTICATOR_CONFIG_OAUTH_AUTHENTICATOR_NAME);
|
||||||
|
boolean isRemote;
|
||||||
|
String hostUrl;
|
||||||
|
String adminUserName;
|
||||||
|
String adminPassword;
|
||||||
|
if (authenticatorConfig != null && authenticatorConfig.getParameters() != null) {
|
||||||
|
isRemote = Boolean.parseBoolean(authenticatorConfig.getParameters().get(
|
||||||
|
AUTHENTICATOR_CONFIG_IS_REMOTE));
|
||||||
|
hostUrl = authenticatorConfig.getParameters().get(AUTHENTICATOR_CONFIG_HOST_URL);
|
||||||
|
adminUserName = authenticatorConfig.getParameters().get(AUTHENTICATOR_CONFIG_ADMIN_USERNAME);
|
||||||
|
adminPassword = authenticatorConfig.getParameters().get(AUTHENTICATOR_CONFIG_ADMIN_PASSWORD);
|
||||||
|
}else{
|
||||||
|
throw new IllegalArgumentException("OAuth Authenticator configuration parameters need to be defined in " +
|
||||||
|
"Authenticators.xml.");
|
||||||
|
}
|
||||||
|
if (isRemote) {
|
||||||
|
if (!(hostUrl == null || hostUrl.trim().isEmpty())) {
|
||||||
|
hostUrl = hostUrl + OAUTH_ENDPOINT_POSTFIX;
|
||||||
|
return new RemoteOAuthValidator(hostUrl, adminUserName, adminPassword);
|
||||||
|
} else {
|
||||||
|
throw new IllegalArgumentException("Remote server host can't be empty in authenticators.xml.");
|
||||||
|
}
|
||||||
|
}
|
||||||
|
return new LocalOAuthValidator();
|
||||||
|
}
|
||||||
|
}
|
@ -0,0 +1,74 @@
|
|||||||
|
/*
|
||||||
|
* Copyright (c) 2015, WSO2 Inc. (http://www.wso2.org) All Rights Reserved.
|
||||||
|
*
|
||||||
|
* WSO2 Inc. licenses this file to you under the Apache License,
|
||||||
|
* Version 2.0 (the "License"); you may not use this file except
|
||||||
|
* in compliance with the License.
|
||||||
|
* you may obtain a copy of the License at
|
||||||
|
*
|
||||||
|
* http://www.apache.org/licenses/LICENSE-2.0
|
||||||
|
*
|
||||||
|
* Unless required by applicable law or agreed to in writing,
|
||||||
|
* software distributed under the License is distributed on an
|
||||||
|
* "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
|
||||||
|
* KIND, either express or implied. See the License for the
|
||||||
|
* specific language governing permissions and limitations
|
||||||
|
* under the License.
|
||||||
|
*/
|
||||||
|
package org.wso2.carbon.webapp.authenticator.framework.authenticator.oauth.impl;
|
||||||
|
|
||||||
|
import org.wso2.carbon.identity.oauth2.dto.OAuth2TokenValidationRequestDTO;
|
||||||
|
import org.wso2.carbon.identity.oauth2.dto.OAuth2TokenValidationResponseDTO;
|
||||||
|
import org.wso2.carbon.utils.multitenancy.MultitenantUtils;
|
||||||
|
import org.wso2.carbon.webapp.authenticator.framework.AuthenticatorFrameworkDataHolder;
|
||||||
|
import org.wso2.carbon.webapp.authenticator.framework.authenticator.oauth.OAuth2TokenValidator;
|
||||||
|
import org.wso2.carbon.webapp.authenticator.framework.authenticator.oauth.OAuthConstants;
|
||||||
|
import org.wso2.carbon.webapp.authenticator.framework.authenticator.oauth.OAuthTokenValidationException;
|
||||||
|
import org.wso2.carbon.webapp.authenticator.framework.authenticator.oauth.OAuthValidationResponse;
|
||||||
|
|
||||||
|
/**
|
||||||
|
* Handles the OAuth2 token validation from the same server using OSGi services.
|
||||||
|
*/
|
||||||
|
public class LocalOAuthValidator implements OAuth2TokenValidator {
|
||||||
|
|
||||||
|
@Override
|
||||||
|
public OAuthValidationResponse validateToken(String accessToken, String resource)
|
||||||
|
throws OAuthTokenValidationException {
|
||||||
|
OAuth2TokenValidationRequestDTO validationRequest = new OAuth2TokenValidationRequestDTO();
|
||||||
|
OAuth2TokenValidationRequestDTO.OAuth2AccessToken oauthToken =
|
||||||
|
validationRequest.new OAuth2AccessToken();
|
||||||
|
oauthToken.setTokenType(OAuthConstants.BEARER_TOKEN_TYPE);
|
||||||
|
oauthToken.setIdentifier(accessToken);
|
||||||
|
validationRequest.setAccessToken(oauthToken);
|
||||||
|
|
||||||
|
//Set the resource context param. This will be used in scope validation.
|
||||||
|
OAuth2TokenValidationRequestDTO.TokenValidationContextParam
|
||||||
|
resourceContextParam = validationRequest.new TokenValidationContextParam();
|
||||||
|
resourceContextParam.setKey(OAuthConstants.RESOURCE_KEY);
|
||||||
|
resourceContextParam.setValue(resource);
|
||||||
|
|
||||||
|
OAuth2TokenValidationRequestDTO.TokenValidationContextParam[]
|
||||||
|
tokenValidationContextParams =
|
||||||
|
new OAuth2TokenValidationRequestDTO.TokenValidationContextParam[1];
|
||||||
|
tokenValidationContextParams[0] = resourceContextParam;
|
||||||
|
validationRequest.setContext(tokenValidationContextParams);
|
||||||
|
|
||||||
|
OAuth2TokenValidationResponseDTO tokenValidationResponse = AuthenticatorFrameworkDataHolder.getInstance().
|
||||||
|
getOAuth2TokenValidationService().findOAuthConsumerIfTokenIsValid(
|
||||||
|
validationRequest).getAccessTokenValidationResponse();
|
||||||
|
boolean isValid = tokenValidationResponse.isValid();
|
||||||
|
String userName;
|
||||||
|
String tenantDomain;
|
||||||
|
if (isValid) {
|
||||||
|
userName = MultitenantUtils.getTenantAwareUsername(
|
||||||
|
tokenValidationResponse.getAuthorizedUser());
|
||||||
|
tenantDomain =
|
||||||
|
MultitenantUtils.getTenantDomain(tokenValidationResponse.getAuthorizedUser());
|
||||||
|
} else {
|
||||||
|
OAuthValidationResponse oAuthValidationResponse = new OAuthValidationResponse();
|
||||||
|
oAuthValidationResponse.setErrorMsg(tokenValidationResponse.getErrorMsg());
|
||||||
|
return oAuthValidationResponse;
|
||||||
|
}
|
||||||
|
return new OAuthValidationResponse(userName,tenantDomain,isValid);
|
||||||
|
}
|
||||||
|
}
|
@ -0,0 +1,120 @@
|
|||||||
|
/*
|
||||||
|
* Copyright (c) 2015, WSO2 Inc. (http://www.wso2.org) All Rights Reserved.
|
||||||
|
*
|
||||||
|
* WSO2 Inc. licenses this file to you under the Apache License,
|
||||||
|
* Version 2.0 (the "License"); you may not use this file except
|
||||||
|
* in compliance with the License.
|
||||||
|
* you may obtain a copy of the License at
|
||||||
|
*
|
||||||
|
* http://www.apache.org/licenses/LICENSE-2.0
|
||||||
|
*
|
||||||
|
* Unless required by applicable law or agreed to in writing,
|
||||||
|
* software distributed under the License is distributed on an
|
||||||
|
* "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
|
||||||
|
* KIND, either express or implied. See the License for the
|
||||||
|
* specific language governing permissions and limitations
|
||||||
|
* under the License.
|
||||||
|
*/
|
||||||
|
package org.wso2.carbon.webapp.authenticator.framework.authenticator.oauth.impl;
|
||||||
|
|
||||||
|
import org.apache.axis2.AxisFault;
|
||||||
|
import org.apache.axis2.client.Options;
|
||||||
|
import org.apache.axis2.client.ServiceClient;
|
||||||
|
import org.apache.axis2.transport.http.HTTPConstants;
|
||||||
|
import org.apache.commons.codec.binary.Base64;
|
||||||
|
import org.apache.commons.httpclient.Header;
|
||||||
|
import org.wso2.carbon.identity.oauth2.stub.OAuth2TokenValidationServiceStub;
|
||||||
|
import org.wso2.carbon.identity.oauth2.stub.dto.OAuth2TokenValidationRequestDTO;
|
||||||
|
import org.wso2.carbon.identity.oauth2.stub.dto.OAuth2TokenValidationRequestDTO_OAuth2AccessToken;
|
||||||
|
import org.wso2.carbon.identity.oauth2.stub.dto.OAuth2TokenValidationRequestDTO_TokenValidationContextParam;
|
||||||
|
import org.wso2.carbon.identity.oauth2.stub.dto.OAuth2TokenValidationResponseDTO;
|
||||||
|
import org.wso2.carbon.utils.multitenancy.MultitenantUtils;
|
||||||
|
import org.wso2.carbon.webapp.authenticator.framework.authenticator.oauth.OAuth2TokenValidator;
|
||||||
|
import org.wso2.carbon.webapp.authenticator.framework.authenticator.oauth.OAuthConstants;
|
||||||
|
import org.wso2.carbon.webapp.authenticator.framework.authenticator.oauth.OAuthTokenValidationException;
|
||||||
|
import org.wso2.carbon.webapp.authenticator.framework.authenticator.oauth.OAuthValidationResponse;
|
||||||
|
|
||||||
|
import java.rmi.RemoteException;
|
||||||
|
import java.util.ArrayList;
|
||||||
|
import java.util.List;
|
||||||
|
|
||||||
|
/**
|
||||||
|
* Handles the OAuth2 token validation from remote IS servers using remote OAuthValidation service-stub.
|
||||||
|
*/
|
||||||
|
public class RemoteOAuthValidator implements OAuth2TokenValidator {
|
||||||
|
|
||||||
|
private String hostURL;
|
||||||
|
private String adminUserName;
|
||||||
|
private String adminPassword;
|
||||||
|
|
||||||
|
public RemoteOAuthValidator(String hostURL, String adminUserName, String adminPassword) {
|
||||||
|
this.hostURL = hostURL;
|
||||||
|
this.adminUserName = adminUserName;
|
||||||
|
this.adminPassword = adminPassword;
|
||||||
|
}
|
||||||
|
|
||||||
|
private String getBasicAuthCredentials() {
|
||||||
|
byte[] bytesEncoded = Base64.encodeBase64((adminUserName + ":" + adminPassword).getBytes());
|
||||||
|
return new String(bytesEncoded);
|
||||||
|
}
|
||||||
|
|
||||||
|
@Override
|
||||||
|
public OAuthValidationResponse validateToken(String accessToken, String resource) throws
|
||||||
|
OAuthTokenValidationException {
|
||||||
|
OAuth2TokenValidationRequestDTO validationRequest = new OAuth2TokenValidationRequestDTO();
|
||||||
|
OAuth2TokenValidationRequestDTO_OAuth2AccessToken oauthToken =
|
||||||
|
new OAuth2TokenValidationRequestDTO_OAuth2AccessToken();
|
||||||
|
oauthToken.setTokenType(OAuthConstants.BEARER_TOKEN_TYPE);
|
||||||
|
oauthToken.setIdentifier(accessToken);
|
||||||
|
validationRequest.setAccessToken(oauthToken);
|
||||||
|
|
||||||
|
//Set the resource context param. This will be used in scope validation.
|
||||||
|
OAuth2TokenValidationRequestDTO_TokenValidationContextParam resourceContextParam = new
|
||||||
|
OAuth2TokenValidationRequestDTO_TokenValidationContextParam();
|
||||||
|
resourceContextParam.setKey(OAuthConstants.RESOURCE_KEY);
|
||||||
|
resourceContextParam.setValue(resource);
|
||||||
|
|
||||||
|
OAuth2TokenValidationRequestDTO_TokenValidationContextParam[] tokenValidationContextParams =
|
||||||
|
new OAuth2TokenValidationRequestDTO_TokenValidationContextParam[1];
|
||||||
|
tokenValidationContextParams[0] = resourceContextParam;
|
||||||
|
validationRequest.setContext(tokenValidationContextParams);
|
||||||
|
|
||||||
|
OAuth2TokenValidationServiceStub tokenValidationService;
|
||||||
|
try {
|
||||||
|
tokenValidationService = new OAuth2TokenValidationServiceStub(hostURL);
|
||||||
|
} catch (AxisFault axisFault) {
|
||||||
|
throw new OAuthTokenValidationException("Exception occurred while obtaining the " +
|
||||||
|
"OAuth2TokenValidationServiceStub.", axisFault);
|
||||||
|
}
|
||||||
|
ServiceClient client = tokenValidationService._getServiceClient();
|
||||||
|
Options options = client.getOptions();
|
||||||
|
List<Header> headerList = new ArrayList<>();
|
||||||
|
Header header = new Header();
|
||||||
|
header.setName(HTTPConstants.HEADER_AUTHORIZATION);
|
||||||
|
header.setValue(OAuthConstants.AUTHORIZATION_HEADER_PREFIX_BASIC + " " + getBasicAuthCredentials());
|
||||||
|
headerList.add(header);
|
||||||
|
options.setProperty(HTTPConstants.HTTP_HEADERS, headerList);
|
||||||
|
client.setOptions(options);
|
||||||
|
OAuth2TokenValidationResponseDTO tokenValidationResponse;
|
||||||
|
try {
|
||||||
|
tokenValidationResponse = tokenValidationService.
|
||||||
|
findOAuthConsumerIfTokenIsValid(validationRequest).getAccessTokenValidationResponse();
|
||||||
|
} catch (RemoteException e) {
|
||||||
|
throw new OAuthTokenValidationException("Remote Exception occurred while invoking the Remote IS server for " +
|
||||||
|
"OAuth2 token validation.", e);
|
||||||
|
}
|
||||||
|
boolean isValid = tokenValidationResponse.getValid();
|
||||||
|
String userName;
|
||||||
|
String tenantDomain;
|
||||||
|
if (isValid) {
|
||||||
|
userName = MultitenantUtils.getTenantAwareUsername(
|
||||||
|
tokenValidationResponse.getAuthorizedUser());
|
||||||
|
tenantDomain = MultitenantUtils.getTenantDomain(tokenValidationResponse.getAuthorizedUser());
|
||||||
|
} else {
|
||||||
|
OAuthValidationResponse oAuthValidationResponse = new OAuthValidationResponse();
|
||||||
|
oAuthValidationResponse.setErrorMsg(tokenValidationResponse.getErrorMsg());
|
||||||
|
return oAuthValidationResponse;
|
||||||
|
}
|
||||||
|
return new OAuthValidationResponse(userName,tenantDomain,isValid);
|
||||||
|
}
|
||||||
|
}
|
Loading…
Reference in new issue