Recomended Changes to Enabling OAuth Authentication for BackEnd Services

components/identity-extensions/backend-oauth-authenticator/pom.xml

@@ -1,4 +1,21 @@
 <?xml version="1.0" encoding="UTF-8"?>
+<!--
+  ~ Copyright (c) 2015, WSO2 Inc. (http://www.wso2.org) All Rights Reserved.
+  ~
+  ~ WSO2 Inc. licenses this file to you under the Apache License,
+  ~ Version 2.0 (the "License"); you may not use this file except
+  ~ in compliance with the License.
+  ~ you may obtain a copy of the License at
+  ~
+  ~   http://www.apache.org/licenses/LICENSE-2.0
+  ~
+  ~ Unless required by applicable law or agreed to in writing,
+  ~ software distributed under the License is distributed on an
+  ~ "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+  ~ KIND, either express or implied.  See the License for the
+  ~ specific language governing permissions and limitations
+  ~ under the License.
+  -->
 <project xmlns="http://maven.apache.org/POM/4.0.0"
          xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
          xsi:schemaLocation="http://maven.apache.org/POM/4.0.0 http://maven.apache.org/xsd/maven-4.0.0.xsd">
@@ -16,48 +33,39 @@
         <dependency>
             <groupId>org.wso2.carbon</groupId>
             <artifactId>org.wso2.carbon.utils</artifactId>
-            <version>${carbon.kernel.version}</version>
-        </dependency>
+             </dependency>
         <dependency>
             <groupId>org.wso2.carbon.identity</groupId>
             <artifactId>org.wso2.carbon.identity.base</artifactId>
-            <version>${carbon.identity.version}</version>
-        </dependency>
+                   </dependency>
         <dependency>
             <groupId>org.wso2.carbon.identity</groupId>
             <artifactId>org.wso2.carbon.identity.core</artifactId>
-            <version>${carbon.identity.version}</version>
-        </dependency>
+                   </dependency>
         <dependency>
             <groupId>org.wso2.carbon</groupId>
             <artifactId>org.wso2.carbon.core</artifactId>
-            <version>${carbon.kernel.version}</version>
-        </dependency>
+                   </dependency>
         <dependency>
             <groupId>org.wso2.carbon</groupId>
             <artifactId>org.wso2.carbon.logging</artifactId>
-            <version>${carbon.kernel.version}</version>
-        </dependency>
+                   </dependency>
         <dependency>
             <groupId>org.wso2.carbon.identity</groupId>
             <artifactId>org.wso2.carbon.identity.application.authentication.framework</artifactId>
-            <version>${carbon.identity.version}</version>
-        </dependency>
+                   </dependency>
         <dependency>
             <groupId>org.wso2.carbon</groupId>
             <artifactId>org.wso2.carbon.core.services</artifactId>
-            <version>${carbon.kernel.version}</version>
-        </dependency>
+                   </dependency>
         <dependency>
             <groupId>org.wso2.carbon.identity</groupId>
             <artifactId>org.wso2.carbon.identity.oauth</artifactId>
-            <version>${carbon.identity.version}</version>
-        </dependency>
+                   </dependency>
         <dependency>
             <groupId>org.wso2.carbon.identity</groupId>
             <artifactId>org.wso2.carbon.identity.application.common</artifactId>
-            <version>${carbon.identity.version}</version>
-        </dependency>
+                   </dependency>
         <dependency>
             <groupId>org.wso2.carbon.identity</groupId>
             <artifactId>org.wso2.carbon.identity.oauth.stub</artifactId>
@@ -98,11 +106,9 @@
                         <Export-Package>
                             org.wso2.carbon.identity.authenticator.backend.oauth.*;
                         </Export-Package>
-                        <DynamicImport-Package>*</DynamicImport-Package>
-                    </instructions>
+                               </instructions>
                 </configuration>
             </plugin>
         </plugins>
     </build>
-
 </project>

components/identity-extensions/backend-oauth-authenticator/src/main/java/org/wso2/carbon/identity/authenticator/backend/oauth/AuthenticatorException.java

@@ -18,7 +18,7 @@
 package org.wso2.carbon.identity.authenticator.backend.oauth;
 
 /**
- *Custom exception for backend OAuth authentication
+ * Custom exception for backend OAuth authentication
  */
 @SuppressWarnings("unused")
 public class AuthenticatorException extends Exception {

components/identity-extensions/backend-oauth-authenticator/src/main/java/org/wso2/carbon/identity/authenticator/backend/oauth/OauthAuthenticator.java

@@ -41,18 +41,24 @@ public class OauthAuthenticator implements CarbonServerAuthenticator {
     private static final Log log = LogFactory.getLog(OauthAuthenticator.class);
     private static final int PRIORITY = 5;
     private static final int ACCESS_TOKEN_INDEX = 1;
+    private OAuth2TokenValidator tokenValidator;
 
-    private static String hostUrl = "";
-    private static boolean isRemote = false;
-
-    static {
+    public OauthAuthenticator() {
         AuthenticatorsConfiguration authenticatorsConfiguration = AuthenticatorsConfiguration.getInstance();
-        AuthenticatorsConfiguration.AuthenticatorConfig authenticatorConfig = authenticatorsConfiguration.getAuthenticatorConfig(OauthAuthenticatorConstants.AUTHENTICATOR_NAME);
-
+        AuthenticatorsConfiguration.AuthenticatorConfig authenticatorConfig = authenticatorsConfiguration.
+                getAuthenticatorConfig(OauthAuthenticatorConstants.AUTHENTICATOR_NAME);
+        boolean isRemote;
+        String hostUrl;
         if (authenticatorConfig != null) {
             isRemote = Boolean.parseBoolean(authenticatorConfig.getParameters().get("isRemote"));
             hostUrl = authenticatorConfig.getParameters().get("hostURL");
-
+        }else{
+            throw new IllegalArgumentException("Configuration parameters need to be defined in Authenticators.xml");
+        }
+        try {
+            tokenValidator = OAuthValidatorFactory.getValidator(isRemote, hostUrl);
+        } catch (IllegalArgumentException e) {
+            log.error("Failed to initialise Authenticator",e);
         }
     }
 
@@ -65,10 +71,8 @@ public class OauthAuthenticator implements CarbonServerAuthenticator {
     public boolean isHandle(MessageContext messageContext) {
         HttpServletRequest httpServletRequest = getHttpRequest(messageContext);
         String headerValue = httpServletRequest.getHeader(HTTPConstants.HEADER_AUTHORIZATION);
-
         if (headerValue != null && !headerValue.trim().isEmpty()) {
             String[] headerPart = headerValue.trim().split(OauthAuthenticatorConstants.SPLITING_CHARACTOR);
-
             if (OauthAuthenticatorConstants.AUTHORIZATION_HEADER_PREFIX_BEARER.equals(headerPart[0])) {
                 return true;
             }
@@ -88,38 +92,25 @@ public class OauthAuthenticator implements CarbonServerAuthenticator {
     public boolean isAuthenticated(MessageContext messageContext) {
         HttpServletRequest httpServletRequest = getHttpRequest(messageContext);
         String headerValue = httpServletRequest.getHeader(HTTPConstants.HEADER_AUTHORIZATION);
-        //split the header value to separate the identity type and the token.
         String[] headerPart = headerValue.trim().split(OauthAuthenticatorConstants.SPLITING_CHARACTOR);
         String accessToken = headerPart[ACCESS_TOKEN_INDEX];
-        OAuth2TokenValidator tokenValidator = OAuthValidatorFactory.getValidator(isRemote,hostUrl);
-
-        if (tokenValidator == null) {
-            log.error("OAuthValidationFactory failed to return a validator",
-                    new AuthenticatorException("OAuthValidatorFactory Failed to determine the validator"));
-            return false;
-        }
-
-        OAuthValidationRespond respond = null;
+        OAuthValidationRespond response = null;
         try {
-            respond = tokenValidator.validateToken(accessToken);
+            response = tokenValidator.validateToken(accessToken);
         } catch (RemoteException e) {
             log.error("Failed to validate the OAuth token provided.", e);
         }
-
-        if (respond != null && respond.isValid()) {
+        if (response != null && response.isValid()) {
             HttpSession session;
-
             if ((session = httpServletRequest.getSession(false)) != null) {
-                session.setAttribute(MultitenantConstants.TENANT_DOMAIN, respond.getTenantDomain());
-                session.setAttribute(ServerConstants.USER_LOGGED_IN, respond.getUserName());
-
+                session.setAttribute(MultitenantConstants.TENANT_DOMAIN, response.getTenantDomain());
+                session.setAttribute(ServerConstants.USER_LOGGED_IN, response.getUserName());
                 if (log.isDebugEnabled()) {
                     log.debug("Authentication successful for " + session.getAttribute(ServerConstants.USER_LOGGED_IN));
                 }
             }
             return true;
         }
-
         if (log.isDebugEnabled()) {
             log.debug("Authentication failed.Illegal attempt from session " + httpServletRequest.getSession().getId());
         }

components/identity-extensions/backend-oauth-authenticator/src/main/java/org/wso2/carbon/identity/authenticator/backend/oauth/validator/OAuthValidationRespond.java

@@ -20,6 +20,7 @@ package org.wso2.carbon.identity.authenticator.backend.oauth.validator;
 /**
  * This class hold the validation information which can be retrieve by both remote and in house IDPs
  */
+@SuppressWarnings("unused")
 public class OAuthValidationRespond {
     private String userName;
     private String tenantDomain;

components/identity-extensions/backend-oauth-authenticator/src/main/java/org/wso2/carbon/identity/authenticator/backend/oauth/validator/OAuthValidatorFactory.java

@@ -17,34 +17,28 @@
 */
 package org.wso2.carbon.identity.authenticator.backend.oauth.validator;
 
-import org.apache.commons.logging.Log;
-import org.apache.commons.logging.LogFactory;
 import org.wso2.carbon.identity.authenticator.backend.oauth.AuthenticatorException;
 import org.wso2.carbon.identity.authenticator.backend.oauth.OauthAuthenticatorConstants;
 import org.wso2.carbon.identity.authenticator.backend.oauth.validator.impl.ExternalOAuthValidator;
 import org.wso2.carbon.identity.authenticator.backend.oauth.validator.impl.LocalOAuthValidator;
 
 /**
- * the class validate the configurations and provide the most suitable implementation according to the configuration.
+ * The class validate the configurations and provide the most suitable implementation according to the configuration.
  * Factory class for OAuthValidator.
  */
 public class OAuthValidatorFactory {
-    private static Log log = LogFactory.getLog(OAuthValidatorFactory.class);
 
     /**
-     * the method check the configuration and provide the appropriate implementation for OAuth2TokenValidator
-     *
+     * The method check the configuration and provide the appropriate implementation for OAuth2TokenValidator
      * @return OAuth2TokenValidator
      */
-    public static OAuth2TokenValidator getValidator(boolean isRemote ,String hostURL) {
-       if(isRemote){
-            if(!(hostURL == null || hostURL.trim().isEmpty())){
+    public static OAuth2TokenValidator getValidator(boolean isRemote, String hostURL) throws IllegalArgumentException {
+        if (isRemote) {
+            if (!(hostURL == null || hostURL.trim().isEmpty())) {
                 hostURL = hostURL + OauthAuthenticatorConstants.OAUTH_ENDPOINT_POSTFIX;
                 return new ExternalOAuthValidator(hostURL);
-            }else {
-                log.error("IDP Configuration error",
-                        new AuthenticatorException("Remote server name and ip both can't be empty"));
-                return null;
+            } else {
+                throw new IllegalArgumentException("Remote server name and ip both can't be empty");
             }
         }
         return new LocalOAuthValidator();

components/identity-extensions/backend-oauth-authenticator/src/main/java/org/wso2/carbon/identity/authenticator/backend/oauth/validator/impl/ExternalOAuthValidator.java

@@ -21,15 +21,14 @@ import org.apache.axis2.client.Options;
 import org.apache.axis2.client.ServiceClient;
 import org.apache.axis2.transport.http.HTTPConstants;
 import org.apache.commons.httpclient.Header;
+import org.wso2.carbon.identity.authenticator.backend.oauth.OauthAuthenticatorConstants;
+import org.wso2.carbon.identity.authenticator.backend.oauth.validator.OAuth2TokenValidator;
+import org.wso2.carbon.identity.authenticator.backend.oauth.validator.OAuthValidationRespond;
 import org.wso2.carbon.identity.oauth2.stub.OAuth2TokenValidationServiceStub;
 import org.wso2.carbon.identity.oauth2.stub.dto.OAuth2ClientApplicationDTO;
 import org.wso2.carbon.identity.oauth2.stub.dto.OAuth2TokenValidationRequestDTO;
 import org.wso2.carbon.identity.oauth2.stub.dto.OAuth2TokenValidationRequestDTO_OAuth2AccessToken;
-import org.wso2.carbon.identity.oauth2.stub.dto.OAuth2TokenValidationRequestDTO_TokenValidationContextParam;
 import org.wso2.carbon.utils.multitenancy.MultitenantUtils;
-import org.wso2.carbon.identity.authenticator.backend.oauth.OauthAuthenticatorConstants;
-import org.wso2.carbon.identity.authenticator.backend.oauth.validator.OAuth2TokenValidator;
-import org.wso2.carbon.identity.authenticator.backend.oauth.validator.OAuthValidationRespond;
 
 import java.rmi.RemoteException;
 import java.util.ArrayList;
@@ -37,8 +36,7 @@ import java.util.List;
 
 /**
  * Handles the Authentication form external IDP servers.
- * Currently only supports WSO2 IS.
- * External IDP support is planned for future.
+ * Currently only supports WSO@ IS
  */
 public class ExternalOAuthValidator implements OAuth2TokenValidator{
     protected String hostURL ;
@@ -54,20 +52,11 @@ public class ExternalOAuthValidator implements OAuth2TokenValidator{
      * @return OAuthValidationRespond with the validated results.
      */
     public OAuthValidationRespond validateToken(String token) throws RemoteException {
-
-        // create an OAuth token validating request DTO
         OAuth2TokenValidationRequestDTO validationRequest = new OAuth2TokenValidationRequestDTO();
-
-        // create access token object to validate and populate it
         OAuth2TokenValidationRequestDTO_OAuth2AccessToken accessToken =
                 new OAuth2TokenValidationRequestDTO_OAuth2AccessToken();
         accessToken.setTokenType(OauthAuthenticatorConstants.BEARER_TOKEN_TYPE);
         accessToken.setIdentifier(token);
-        OAuth2TokenValidationRequestDTO_TokenValidationContextParam tokenValidationContextParam[] =
-                new OAuth2TokenValidationRequestDTO_TokenValidationContextParam[1];
-        validationRequest.setContext(tokenValidationContextParam);
-
-        //set the token to the validation request
         validationRequest.setAccessToken(accessToken);
         OAuth2TokenValidationServiceStub validationService =
                 new OAuth2TokenValidationServiceStub(hostURL);
@@ -85,14 +74,12 @@ public class ExternalOAuthValidator implements OAuth2TokenValidator{
         boolean isValid = respond.getAccessTokenValidationResponse().getValid();
         String userName = null;
         String tenantDomain = null;
-
         if(isValid){
             userName = MultitenantUtils.getTenantAwareUsername(
                     respond.getAccessTokenValidationResponse().getAuthorizedUser());
             tenantDomain =
                     MultitenantUtils.getTenantDomain(respond.getAccessTokenValidationResponse().getAuthorizedUser());
         }
-
         return new OAuthValidationRespond(userName,tenantDomain,isValid);
     }
 }

components/identity-extensions/backend-oauth-authenticator/src/main/java/org/wso2/carbon/identity/authenticator/backend/oauth/validator/impl/LocalOAuthValidator.java

@@ -1,4 +1,3 @@
-
 /*
 *  Copyright (c) 2015 WSO2 Inc. (http://www.wso2.org) All Rights Reserved.
 *
@@ -38,19 +37,11 @@ public class LocalOAuthValidator implements OAuth2TokenValidator {
      * @return OAuthValidationRespond with the validated results.
      */
     public OAuthValidationRespond validateToken(String token) {
-        // create an OAuth token validating request DTO
         OAuth2TokenValidationRequestDTO validationRequest = new OAuth2TokenValidationRequestDTO();
-        // create access token object to validate and populate it
         OAuth2TokenValidationRequestDTO.OAuth2AccessToken accessToken =
                 validationRequest.new OAuth2AccessToken();
         accessToken.setTokenType(OauthAuthenticatorConstants.BEARER_TOKEN_TYPE);
         accessToken.setIdentifier(token);
-        //the workaround till the version is upgraded in both is and EMM to be the same.
-        OAuth2TokenValidationRequestDTO.TokenValidationContextParam tokenValidationContextParam[] =
-                new OAuth2TokenValidationRequestDTO.TokenValidationContextParam[1];
-        //==
-        validationRequest.setContext(tokenValidationContextParam);
-        //set the token to the validation request
         validationRequest.setAccessToken(accessToken);
         OAuth2TokenValidationService validationService = new OAuth2TokenValidationService();
         OAuth2ClientApplicationDTO respond =  validationService.