Implemented new password grant handler

revert-70aa11f8
mharindu 9 years ago
parent 6db9b21623
commit 04fa0f4874

@ -47,6 +47,14 @@
<groupId>org.wso2.carbon</groupId> <groupId>org.wso2.carbon</groupId>
<artifactId>org.wso2.carbon.user.core</artifactId> <artifactId>org.wso2.carbon.user.core</artifactId>
</dependency> </dependency>
<dependency>
<groupId>org.wso2.carbon.apimgt</groupId>
<artifactId>org.wso2.carbon.apimgt.impl</artifactId>
</dependency>
<dependency>
<groupId>com.googlecode.json-simple.wso2</groupId>
<artifactId>json-simple</artifactId>
</dependency>
</dependencies> </dependencies>
<build> <build>
@ -87,7 +95,24 @@
org.wso2.carbon.user.core.service, org.wso2.carbon.user.core.service,
org.wso2.carbon.identity.application.common.model, org.wso2.carbon.identity.application.common.model,
org.wso2.carbon.identity.application.authentication.framework.model, org.wso2.carbon.identity.application.authentication.framework.model,
org.wso2.carbon.user.core.tenant org.wso2.carbon.user.core.tenant,
org.json.simple,
javax.cache,
javax.xml.namespace,
org.apache.axiom.om,
org.wso2.carbon.apimgt.api,
org.wso2.carbon.apimgt.impl,
org.wso2.carbon.apimgt.impl.dao,
org.wso2.carbon.apimgt.impl.utils,
org.wso2.carbon.identity.application.common.cache,
org.wso2.carbon.identity.core.util,
org.wso2.carbon.identity.oauth2.dto,
org.wso2.carbon.identity.oauth2.token,
org.wso2.carbon.identity.oauth2.token.handlers.grant,
org.wso2.carbon.user.core,
org.wso2.carbon.user.core.config,
org.wso2.carbon.user.core.util,
org.wso2.carbon.utils
</Import-Package> </Import-Package>
</instructions> </instructions>
</configuration> </configuration>

@ -20,9 +20,23 @@ package org.wso2.carbon.device.mgt.oauth.extensions;
import org.apache.commons.logging.Log; import org.apache.commons.logging.Log;
import org.apache.commons.logging.LogFactory; import org.apache.commons.logging.LogFactory;
import org.wso2.carbon.apimgt.api.APIManagementException;
import org.wso2.carbon.apimgt.impl.APIConstants;
import org.wso2.carbon.apimgt.impl.dao.ApiMgtDAO;
import org.wso2.carbon.apimgt.impl.utils.APIUtil;
import org.wso2.carbon.device.mgt.oauth.extensions.internal.OAuthExtensionsDataHolder; import org.wso2.carbon.device.mgt.oauth.extensions.internal.OAuthExtensionsDataHolder;
import org.wso2.carbon.identity.core.util.IdentityTenantUtil;
import org.wso2.carbon.identity.oauth2.token.OAuthTokenReqMessageContext;
import org.wso2.carbon.user.api.TenantManager; import org.wso2.carbon.user.api.TenantManager;
import org.wso2.carbon.user.api.UserRealm;
import org.wso2.carbon.user.api.UserStoreException; import org.wso2.carbon.user.api.UserStoreException;
import org.wso2.carbon.user.core.service.RealmService;
import javax.cache.Caching;
import java.util.ArrayList;
import java.util.Arrays;
import java.util.List;
import java.util.Map;
/** /**
* This class holds util methods used by OAuth extension bundle. * This class holds util methods used by OAuth extension bundle.
@ -30,6 +44,8 @@ import org.wso2.carbon.user.api.UserStoreException;
public class OAuthExtUtils { public class OAuthExtUtils {
private static final Log log = LogFactory.getLog(OAuthExtUtils.class); private static final Log log = LogFactory.getLog(OAuthExtUtils.class);
private static final String DEFAULT_SCOPE_NAME = "default";
private static final String UI_EXECUTE = "ui.execute";
public static int getTenantId(String tenantDomain) { public static int getTenantId(String tenantDomain) {
int tenantId = 0; int tenantId = 0;
@ -39,10 +55,175 @@ public class OAuthExtUtils {
tenantId = tenantManager.getTenantId(tenantDomain); tenantId = tenantManager.getTenantId(tenantDomain);
} catch (UserStoreException e) { } catch (UserStoreException e) {
String errorMsg = "Error when getting the tenant id from the tenant domain : " + String errorMsg = "Error when getting the tenant id from the tenant domain : " +
tenantDomain; tenantDomain;
log.error(errorMsg, e); log.error(errorMsg, e);
} }
} }
return tenantId; return tenantId;
} }
public static boolean setScopes(OAuthTokenReqMessageContext tokReqMsgCtx) {
String[] requestedScopes = tokReqMsgCtx.getScope();
String[] defaultScope = new String[]{DEFAULT_SCOPE_NAME};
//If no scopes were requested.
if (requestedScopes == null || requestedScopes.length == 0) {
tokReqMsgCtx.setScope(defaultScope);
return true;
}
String consumerKey = tokReqMsgCtx.getOauth2AccessTokenReqDTO().getClientId();
String username = tokReqMsgCtx.getAuthorizedUser().getUserName();
List<String> reqScopeList = Arrays.asList(requestedScopes);
Map<String, String> restAPIScopesOfCurrentTenant;
try {
Map<String, String> appScopes;
ApiMgtDAO apiMgtDAO = new ApiMgtDAO();
//Get all the scopes and roles against the scopes defined for the APIs subscribed to the application.
appScopes = apiMgtDAO.getScopeRolesOfApplication(consumerKey);
//Add API Manager rest API scopes set. This list should be loaded at server start up and keep
//in memory and add it to each and every request coming.
String tenantDomain = tokReqMsgCtx.getAuthorizedUser().getTenantDomain();
restAPIScopesOfCurrentTenant = (Map) Caching.getCacheManager(APIConstants.API_MANAGER_CACHE_MANAGER)
.getCache("REST_API_SCOPE_CACHE")
.get(tenantDomain);
if (restAPIScopesOfCurrentTenant != null) {
appScopes.putAll(restAPIScopesOfCurrentTenant);
} else {
restAPIScopesOfCurrentTenant = APIUtil.getRESTAPIScopesFromConfig(APIUtil.getTenantRESTAPIScopesConfig(tenantDomain));
//call load tenant config for rest API.
//then put cache
appScopes.putAll(restAPIScopesOfCurrentTenant);
Caching.getCacheManager(APIConstants.API_MANAGER_CACHE_MANAGER)
.getCache("REST_API_SCOPE_CACHE")
.put(tenantDomain, restAPIScopesOfCurrentTenant);
}
//If no scopes can be found in the context of the application
if (appScopes.isEmpty()) {
if (log.isDebugEnabled()) {
log.debug("No scopes defined for the Application " +
tokReqMsgCtx.getOauth2AccessTokenReqDTO().getClientId());
}
String[] allowedScopes = getAllowedScopes(reqScopeList);
tokReqMsgCtx.setScope(allowedScopes);
return true;
}
int tenantId;
RealmService realmService = OAuthExtensionsDataHolder.getInstance().getRealmService();
try {
tenantId = realmService.getTenantManager().getTenantId(tenantDomain);
// If tenant Id is not set in the tokenReqContext, deriving it from username.
if (tenantId == 0 || tenantId == -1) {
tenantId = IdentityTenantUtil.getTenantIdOfUser(username);
}
} catch (UserStoreException e) {
//Log and return since we do not want to stop issuing the token in case of scope validation failures.
log.error("Error when getting the tenant's UserStoreManager or when getting roles of user ", e);
return false;
}
UserRealm userRealm = OAuthExtensionsDataHolder.getInstance().getRealmService().getTenantUserRealm(tenantId);
List<String> authorizedScopes = new ArrayList<>();
boolean status;
//List<String> userRoleList = new ArrayList<>(Arrays.asList(userRoles));
//Iterate the requested scopes list.
for (String scope : reqScopeList) {
status = false;
//Get the set of roles associated with the requested scope.
String appPermissions = appScopes.get(scope);
//If the scope has been defined in the context of the App and if roles have been defined for the scope
if (appPermissions != null && appPermissions.length() != 0) {
List<String> permissions = new ArrayList<>(Arrays.asList(appPermissions.replaceAll(" ", "").split(",")));
//Check if user has at least one of the roles associated with the scope
if (!permissions.isEmpty()) {
for (String permission : permissions) {
if (userRealm != null && userRealm.getAuthorizationManager() != null) {
String userStore = tokReqMsgCtx.getAuthorizedUser().getUserStoreDomain();
if (userStore != null) {
status = userRealm.getAuthorizationManager()
.isUserAuthorized(userStore + "/" + username, permission, UI_EXECUTE);
} else {
status = userRealm.getAuthorizationManager()
.isUserAuthorized(username, permission, UI_EXECUTE);
}
if (status) {
break;
}
}
}
if (status) {
authorizedScopes.add(scope);
}
}
}
//The requested scope is defined for the context of the App but no roles have been associated with the scope
//OR
//The scope string starts with 'device_'.
else if (appScopes.containsKey(scope) || isWhiteListedScope(scope)) {
authorizedScopes.add(scope);
}
}
if (!authorizedScopes.isEmpty()) {
String[] authScopesArr = authorizedScopes.toArray(new String[authorizedScopes.size()]);
tokReqMsgCtx.setScope(authScopesArr);
} else {
tokReqMsgCtx.setScope(defaultScope);
}
} catch (APIManagementException e) {
log.error("Error while getting scopes of application " + e.getMessage());
return false;
} catch (UserStoreException e) {
e.printStackTrace();
}
return true;
}
/**
* Determines if the scope is specified in the whitelist.
*
* @param scope - The scope key to check
* @return - 'true' if the scope is white listed. 'false' if not.
*/
public static boolean isWhiteListedScope(String scope) {
// load white listed scopes
List<String> scopeSkipList = OAuthExtensionsDataHolder.getInstance().getWhitelistedScopes();
for (String scopeTobeSkipped : scopeSkipList) {
if (scope.matches(scopeTobeSkipped)) {
return true;
}
}
return false;
}
/**
* Get the set of default scopes. If a requested scope is matches with the patterns specified in the whitelist,
* then such scopes will be issued without further validation. If the scope list is empty,
* token will be issued for default scope.
*
* @param requestedScopes - The set of requested scopes
* @return - The subset of scopes that are allowed
*/
private static String[] getAllowedScopes(List<String> requestedScopes) {
List<String> authorizedScopes = new ArrayList<String>();
//Iterate the requested scopes list.
for (String scope : requestedScopes) {
if (isWhiteListedScope(scope)) {
authorizedScopes.add(scope);
}
}
if (authorizedScopes.isEmpty()) {
authorizedScopes.add(DEFAULT_SCOPE_NAME);
}
return authorizedScopes.toArray(new String[authorizedScopes.size()]);
}
} }

@ -0,0 +1,340 @@
/*
* Copyright (c) 2016, WSO2 Inc. (http://www.wso2.org) All Rights Reserved.
*
* WSO2 Inc. licenses this file to you under the Apache License,
* Version 2.0 (the "License"); you may not use this file except
* in compliance with the License.
* You may obtain a copy of the License at
*
* http://www.apache.org/licenses/LICENSE-2.0
*
* Unless required by applicable law or agreed to in writing,
* software distributed under the License is distributed on an
* "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
* KIND, either express or implied. See the License for the
* specific language governing permissions and limitations
* under the License.
*/
package org.wso2.carbon.device.mgt.oauth.extensions.handlers.grant;
import org.apache.axiom.om.OMElement;
import org.apache.commons.logging.Log;
import org.apache.commons.logging.LogFactory;
import org.wso2.carbon.device.mgt.oauth.extensions.OAuthExtUtils;
import org.wso2.carbon.device.mgt.oauth.extensions.internal.OAuthExtensionsDataHolder;
import org.wso2.carbon.identity.application.common.cache.BaseCache;
import org.wso2.carbon.identity.core.util.IdentityConfigParser;
import org.wso2.carbon.identity.core.util.IdentityCoreConstants;
import org.wso2.carbon.identity.core.util.IdentityTenantUtil;
import org.wso2.carbon.identity.oauth.common.OAuthConstants;
import org.wso2.carbon.identity.oauth2.IdentityOAuth2Exception;
import org.wso2.carbon.identity.oauth2.ResponseHeader;
import org.wso2.carbon.identity.oauth2.dto.OAuth2AccessTokenReqDTO;
import org.wso2.carbon.identity.oauth2.token.OAuthTokenReqMessageContext;
import org.wso2.carbon.identity.oauth2.token.handlers.grant.PasswordGrantHandler;
import org.wso2.carbon.user.api.Claim;
import org.wso2.carbon.user.api.UserStoreException;
import org.wso2.carbon.user.api.UserStoreManager;
import org.wso2.carbon.user.core.UserRealm;
import org.wso2.carbon.user.core.config.RealmConfiguration;
import org.wso2.carbon.user.core.service.RealmService;
import org.wso2.carbon.user.core.util.UserCoreUtil;
import javax.xml.namespace.QName;
import java.util.ArrayList;
import java.util.HashMap;
import java.util.Iterator;
import java.util.List;
import java.util.Map;
import java.util.concurrent.ConcurrentHashMap;
@SuppressWarnings("unused")
public class ExtendedPasswordGrantHandler extends PasswordGrantHandler {
private static Log log = LogFactory.getLog(ExtendedPasswordGrantHandler.class);
private static final String CONFIG_ELEM_OAUTH = "OAuth";
// Claims that are set as response headers of access token response
private static final String REQUIRED_CLAIM_URIS = "RequiredRespHeaderClaimUris";
private BaseCache<String, Claim[]> userClaimsCache;
// Primary/Secondary Login configuration
private static final String CLAIM_URI = "ClaimUri";
private static final String LOGIN_CONFIG = "LoginConfig";
private static final String USERID_LOGIN = "UserIdLogin";
private static final String EMAIL_LOGIN = "EmailLogin";
private static final String PRIMARY_LOGIN = "primary";
private Map<String,Map<String,String>> loginConfiguration = new ConcurrentHashMap<>();
private List<String> requiredHeaderClaimUris = new ArrayList<>();
public void init() throws IdentityOAuth2Exception {
super.init();
IdentityConfigParser configParser;
configParser = IdentityConfigParser.getInstance();
OMElement oauthElem = configParser.getConfigElement(CONFIG_ELEM_OAUTH);
// Get the required claim uris that needs to be included in the response.
parseRequiredHeaderClaimUris(oauthElem.getFirstChildWithName(getQNameWithIdentityNS(REQUIRED_CLAIM_URIS)));
// read login config
parseLoginConfig(oauthElem);
userClaimsCache = new BaseCache<>("UserClaimsCache");
if (log.isDebugEnabled()) {
log.debug("Successfully created UserClaimsCache under " + OAuthConstants.OAUTH_CACHE_MANAGER);
}
}
@Override
public boolean validateGrant(OAuthTokenReqMessageContext tokReqMsgCtx)
throws IdentityOAuth2Exception {
OAuth2AccessTokenReqDTO oAuth2AccessTokenReqDTO = tokReqMsgCtx.getOauth2AccessTokenReqDTO();
String username = oAuth2AccessTokenReqDTO.getResourceOwnerUsername();
String loginUserName = getLoginUserName(username);
tokReqMsgCtx.getOauth2AccessTokenReqDTO().setResourceOwnerUsername(loginUserName);
boolean isValidated = super.validateGrant(tokReqMsgCtx);
if(isValidated){
int tenantId;
tenantId = IdentityTenantUtil.getTenantIdOfUser(username);
RealmService realmService = OAuthExtensionsDataHolder.getInstance().getRealmService();
UserStoreManager userStoreManager;
try {
userStoreManager = realmService.getTenantUserRealm(tenantId).getUserStoreManager();
} catch (UserStoreException e) {
log.error("Error when getting the tenant's UserStoreManager", e);
return false;
}
List<ResponseHeader> respHeaders = new ArrayList<>();
if (oAuth2AccessTokenReqDTO.getResourceOwnerUsername() != null) {
try {
if (requiredHeaderClaimUris != null && !requiredHeaderClaimUris.isEmpty()) {
// Get user's claim values from the default profile.
String userStoreDomain = tokReqMsgCtx.getAuthorizedUser().getUserStoreDomain();
String endUsernameWithDomain = UserCoreUtil.addDomainToName
(oAuth2AccessTokenReqDTO.getResourceOwnerUsername(),
userStoreDomain);
Claim[] mapClaimValues = getUserClaimValues(endUsernameWithDomain,userStoreManager);
if(mapClaimValues != null && mapClaimValues.length > 0){
ResponseHeader header;
for (String claimUri : requiredHeaderClaimUris) {
for (Claim claim : mapClaimValues) {
if (claimUri.equals(claim.getClaimUri())) {
header = new ResponseHeader();
header.setKey(claim.getDisplayTag());
header.setValue(claim.getValue());
respHeaders.add(header);
break;
}
}
}
}
else if(log.isDebugEnabled()){
log.debug("No claim values for user : "+endUsernameWithDomain);
}
}
} catch (Exception e) {
throw new IdentityOAuth2Exception(e.getMessage(), e);
}
}
tokReqMsgCtx.addProperty("RESPONSE_HEADERS", respHeaders.toArray(
new ResponseHeader[respHeaders.size()]));
}
return isValidated;
}
@Override
public boolean validateScope(OAuthTokenReqMessageContext tokReqMsgCtx){
return OAuthExtUtils.setScopes(tokReqMsgCtx);
}
private String getLoginUserName(String userID) {
String loginUserName = userID;
if (isSecondaryLogin(userID)) {
loginUserName = getPrimaryFromSecondary(userID);
}
return loginUserName;
}
/**
* Identify whether the logged in user used his Primary Login name or
* Secondary login name
*
* @param userId - The username used to login.
* @return <code>true</code> if secondary login name is used,
* <code>false</code> if primary login name has been used
*/
private boolean isSecondaryLogin(String userId) {
if (loginConfiguration.get(EMAIL_LOGIN) != null) {
Map<String, String> emailConf = loginConfiguration.get(EMAIL_LOGIN);
if ("true".equalsIgnoreCase(emailConf.get(PRIMARY_LOGIN))) {
return !isUserLoggedInEmail(userId);
}
else if ("false".equalsIgnoreCase(emailConf.get(PRIMARY_LOGIN))) {
return isUserLoggedInEmail(userId);
}
}
else if (loginConfiguration.get(USERID_LOGIN) != null) {
Map<String, String> userIdConf = loginConfiguration.get(USERID_LOGIN);
if ("true".equalsIgnoreCase(userIdConf.get(PRIMARY_LOGIN))) {
return isUserLoggedInEmail(userId);
}
else if ("false".equalsIgnoreCase(userIdConf.get(PRIMARY_LOGIN))) {
return !isUserLoggedInEmail(userId);
}
}
return false;
}
/**
* Identify whether the logged in user used his ordinal username or email
*
* @param userId - username used to login.
* @return - <code>true</code> if userId contains '@'. <code>false</code> otherwise
*/
private boolean isUserLoggedInEmail(String userId) {
return userId.contains("@");
}
/**
* Get the primaryLogin name using secondary login name. Primary secondary
* Configuration is provided in the identitiy.xml. In the userstore, it is
* users responsibility TO MAINTAIN THE SECONDARY LOGIN NAME AS UNIQUE for
* each and every users. If it is not unique, we will pick the very first
* entry from the userlist.
*
* @param login - username used to login.
* @return -
*/
private String getPrimaryFromSecondary(String login) {
String claimURI, username = null;
if (isUserLoggedInEmail(login)) {
Map<String, String> emailConf = loginConfiguration.get(EMAIL_LOGIN);
claimURI = emailConf.get(CLAIM_URI);
} else {
Map<String, String> userIdConf = loginConfiguration.get(USERID_LOGIN);
claimURI = userIdConf.get(CLAIM_URI);
}
try {
RealmService realmSvc = OAuthExtensionsDataHolder.getInstance().getRealmService();
RealmConfiguration config = new RealmConfiguration();
UserRealm realm = realmSvc.getUserRealm(config);
org.wso2.carbon.user.core.UserStoreManager storeManager = realm.getUserStoreManager();
String[] user = storeManager.getUserList(claimURI, login, null);
if (user.length > 0) {
username = user[0];
}
} catch (UserStoreException e) {
log.error("Error while retrieving the primaryLogin name using secondary login name : " + login, e);
}
return username;
}
private Claim[] getUserClaimValues(String authorizedUser, UserStoreManager userStoreManager)
throws
UserStoreException {
Claim[] userClaims = userClaimsCache.getValueFromCache(authorizedUser);
if(userClaims != null){
return userClaims;
}else{
if(log.isDebugEnabled()){
log.debug("Cache miss for user claims. Username :" + authorizedUser);
}
userClaims = userStoreManager.getUserClaimValues(
authorizedUser, null);
userClaimsCache.addToCache(authorizedUser,userClaims);
return userClaims;
}
}
// Read the required claim configuration from identity.xml
private void parseRequiredHeaderClaimUris(OMElement requiredClaimUrisElem) {
if (requiredClaimUrisElem == null) {
return;
}
Iterator claimUris = requiredClaimUrisElem.getChildrenWithLocalName(CLAIM_URI);
if (claimUris != null) {
while (claimUris.hasNext()) {
OMElement claimUri = (OMElement) claimUris.next();
if (claimUri != null) {
requiredHeaderClaimUris.add(claimUri.getText());
}
}
}
}
/**
* Read the primary/secondary login configuration
* <OAuth>
* ....
* <LoginConfig>
* <UserIdLogin primary="true">
* <ClaimUri></ClaimUri>
* </UserIdLogin>
* <EmailLogin primary="false">
* <ClaimUri>http://wso2.org/claims/emailaddress</ClaimUri>
* </EmailLogin>
* </LoginConfig>
* .....
* </OAuth>
* @param oauthConfigElem - The '<LoginConfig>' xml configuration element in the api-manager.xml
*/
private void parseLoginConfig(OMElement oauthConfigElem) {
OMElement loginConfigElem = oauthConfigElem.getFirstChildWithName(getQNameWithIdentityNS(LOGIN_CONFIG));
if (loginConfigElem != null) {
if (log.isDebugEnabled()) {
log.debug("Login configuration is set ");
}
// Primary/Secondary supported login mechanisms
OMElement emailConfigElem = loginConfigElem.getFirstChildWithName(getQNameWithIdentityNS(EMAIL_LOGIN));
OMElement userIdConfigElem = loginConfigElem.getFirstChildWithName(getQNameWithIdentityNS(USERID_LOGIN));
Map<String, String> emailConf = new HashMap<String, String>(2);
emailConf.put(PRIMARY_LOGIN,
emailConfigElem.getAttributeValue(new QName(PRIMARY_LOGIN)));
emailConf.put(CLAIM_URI,
emailConfigElem.getFirstChildWithName(getQNameWithIdentityNS(CLAIM_URI))
.getText());
Map<String, String> userIdConf = new HashMap<String, String>(2);
userIdConf.put(PRIMARY_LOGIN,
userIdConfigElem.getAttributeValue(new QName(PRIMARY_LOGIN)));
userIdConf.put(CLAIM_URI,
userIdConfigElem.getFirstChildWithName(getQNameWithIdentityNS(CLAIM_URI))
.getText());
loginConfiguration.put(EMAIL_LOGIN, emailConf);
loginConfiguration.put(USERID_LOGIN, userIdConf);
}
}
private QName getQNameWithIdentityNS(String localPart) {
return new QName(IdentityCoreConstants.IDENTITY_DEFAULT_NAMESPACE, localPart);
}
}

@ -21,9 +21,17 @@ package org.wso2.carbon.device.mgt.oauth.extensions.internal;
import org.apache.commons.logging.Log; import org.apache.commons.logging.Log;
import org.apache.commons.logging.LogFactory; import org.apache.commons.logging.LogFactory;
import org.osgi.service.component.ComponentContext; import org.osgi.service.component.ComponentContext;
import org.wso2.carbon.apimgt.api.APIManagementException;
import org.wso2.carbon.apimgt.impl.APIConstants;
import org.wso2.carbon.apimgt.impl.APIManagerConfiguration;
import org.wso2.carbon.device.mgt.common.permission.mgt.PermissionManagerService; import org.wso2.carbon.device.mgt.common.permission.mgt.PermissionManagerService;
import org.wso2.carbon.identity.oauth2.OAuth2TokenValidationService; import org.wso2.carbon.identity.oauth2.OAuth2TokenValidationService;
import org.wso2.carbon.user.core.service.RealmService; import org.wso2.carbon.user.core.service.RealmService;
import org.wso2.carbon.utils.CarbonUtils;
import java.io.File;
import java.util.ArrayList;
import java.util.List;
/** /**
* @scr.component name="org.wso2.carbon.device.mgt.oauth.extensions" immediate="true" * @scr.component name="org.wso2.carbon.device.mgt.oauth.extensions" immediate="true"
@ -49,17 +57,51 @@ import org.wso2.carbon.user.core.service.RealmService;
public class OAuthExtensionServiceComponent { public class OAuthExtensionServiceComponent {
private static final Log log = LogFactory.getLog(OAuthExtensionServiceComponent.class); private static final Log log = LogFactory.getLog(OAuthExtensionServiceComponent.class);
private static final String REPOSITORY = "repository";
private static final String CONFIGURATION = "conf";
private static final String APIM_CONF_FILE = "api-manager.xml";
@SuppressWarnings("unused") @SuppressWarnings("unused")
protected void activate(ComponentContext componentContext) { protected void activate(ComponentContext componentContext) {
if(log.isDebugEnabled()){ if (log.isDebugEnabled()) {
log.debug("Starting OAuthExtensionBundle"); log.debug("Starting OAuthExtensionBundle");
} }
try {
APIManagerConfiguration configuration = new APIManagerConfiguration();
String filePath = new StringBuilder().
append(CarbonUtils.getCarbonHome()).
append(File.separator).
append(REPOSITORY).
append(File.separator).
append(CONFIGURATION).
append(File.separator).
append(APIM_CONF_FILE).toString();
configuration.load(filePath);
// loading white listed scopes
List<String> whiteList;
// Read scope whitelist from Configuration.
whiteList = configuration.getProperty(APIConstants.API_KEY_MANGER_SCOPE_WHITELIST);
// If whitelist is null, default scopes will be put.
if (whiteList == null) {
whiteList = new ArrayList<String>();
whiteList.add(APIConstants.OPEN_ID_SCOPE_NAME);
whiteList.add(APIConstants.DEVICE_SCOPE_PATTERN);
}
OAuthExtensionsDataHolder.getInstance().setWhitelistedScopes(whiteList);
} catch (APIManagementException e) {
log.error("Error occurred while loading APIM configurations", e);
}
} }
@SuppressWarnings("unused") @SuppressWarnings("unused")
protected void deactivate(ComponentContext componentContext) { protected void deactivate(ComponentContext componentContext) {
if(log.isDebugEnabled()){ if (log.isDebugEnabled()) {
log.debug("Stopping OAuthExtensionBundle"); log.debug("Stopping OAuthExtensionBundle");
} }
} }

@ -22,6 +22,8 @@ import org.wso2.carbon.device.mgt.common.permission.mgt.PermissionManagerService
import org.wso2.carbon.identity.oauth2.OAuth2TokenValidationService; import org.wso2.carbon.identity.oauth2.OAuth2TokenValidationService;
import org.wso2.carbon.user.core.service.RealmService; import org.wso2.carbon.user.core.service.RealmService;
import java.util.List;
/** /**
* This holds the OSGi service references required for oauth extensions bundle. * This holds the OSGi service references required for oauth extensions bundle.
*/ */
@ -30,6 +32,7 @@ public class OAuthExtensionsDataHolder {
private RealmService realmService; private RealmService realmService;
private OAuth2TokenValidationService oAuth2TokenValidationService; private OAuth2TokenValidationService oAuth2TokenValidationService;
private PermissionManagerService permissionManagerService; private PermissionManagerService permissionManagerService;
private List<String> whitelistedScopes;
private static OAuthExtensionsDataHolder thisInstance = new OAuthExtensionsDataHolder(); private static OAuthExtensionsDataHolder thisInstance = new OAuthExtensionsDataHolder();
@ -72,4 +75,12 @@ public class OAuthExtensionsDataHolder {
} }
return permissionManagerService; return permissionManagerService;
} }
public List<String> getWhitelistedScopes() {
return whitelistedScopes;
}
public void setWhitelistedScopes(List<String> whitelistedScopes) {
this.whitelistedScopes = whitelistedScopes;
}
} }

Loading…
Cancel
Save