|
|
|
@ -19,6 +19,7 @@
|
|
|
|
|
package io.entgra.device.mgt.core.ui.request.interceptor;
|
|
|
|
|
|
|
|
|
|
import com.fasterxml.jackson.databind.JsonNode;
|
|
|
|
|
import com.fasterxml.jackson.databind.node.ArrayNode;
|
|
|
|
|
import com.google.gson.*;
|
|
|
|
|
import io.entgra.device.mgt.core.ui.request.interceptor.beans.AuthData;
|
|
|
|
|
import io.entgra.device.mgt.core.ui.request.interceptor.beans.ProxyResponse;
|
|
|
|
@ -30,12 +31,12 @@ import io.entgra.device.mgt.core.ui.request.interceptor.util.HandlerConstants;
|
|
|
|
|
import io.entgra.device.mgt.core.ui.request.interceptor.util.HandlerUtil;
|
|
|
|
|
import org.apache.commons.logging.Log;
|
|
|
|
|
import org.apache.commons.logging.LogFactory;
|
|
|
|
|
import org.apache.http.HttpHeaders;
|
|
|
|
|
import org.apache.http.HttpStatus;
|
|
|
|
|
import org.apache.http.client.methods.HttpPost;
|
|
|
|
|
import org.apache.http.entity.ContentType;
|
|
|
|
|
import org.apache.http.entity.StringEntity;
|
|
|
|
|
import org.apache.http.protocol.HTTP;
|
|
|
|
|
import org.apache.hc.client5.http.entity.UrlEncodedFormEntity;
|
|
|
|
|
import org.apache.hc.core5.http.ClassicHttpRequest;
|
|
|
|
|
import org.apache.hc.core5.http.HttpStatus;
|
|
|
|
|
import org.apache.hc.core5.http.NameValuePair;
|
|
|
|
|
import org.apache.hc.core5.http.io.support.ClassicRequestBuilder;
|
|
|
|
|
import org.apache.hc.core5.http.message.BasicNameValuePair;
|
|
|
|
|
|
|
|
|
|
import javax.servlet.annotation.MultipartConfig;
|
|
|
|
|
import javax.servlet.annotation.WebServlet;
|
|
|
|
@ -44,7 +45,7 @@ import javax.servlet.http.HttpServletRequest;
|
|
|
|
|
import javax.servlet.http.HttpServletResponse;
|
|
|
|
|
import javax.servlet.http.HttpSession;
|
|
|
|
|
import java.io.IOException;
|
|
|
|
|
import java.util.Base64;
|
|
|
|
|
import java.util.*;
|
|
|
|
|
|
|
|
|
|
@MultipartConfig
|
|
|
|
|
@WebServlet("/login")
|
|
|
|
@ -71,8 +72,8 @@ public class LoginHandler extends HttpServlet {
|
|
|
|
|
|
|
|
|
|
JsonNode uiConfigJsonObject = HandlerUtil.getUIConfigAndPersistInSession(uiConfigUrl, gatewayUrl, httpSession,
|
|
|
|
|
resp);
|
|
|
|
|
JsonArray tags = uiConfigJsonObject.get("appRegistration").getAsJsonObject().get("tags").getAsJsonArray();
|
|
|
|
|
JsonArray scopes = uiConfigJsonObject.get("scopes").getAsJsonArray();
|
|
|
|
|
ArrayNode tags = (ArrayNode) uiConfigJsonObject.get("appRegistration").get("tags");
|
|
|
|
|
ArrayNode scopes = (ArrayNode) uiConfigJsonObject.get("scopes");
|
|
|
|
|
int sessionTimeOut = Integer.parseInt(String.valueOf(uiConfigJsonObject.get("sessionTimeOut")));
|
|
|
|
|
|
|
|
|
|
//setting session to expire in 1h
|
|
|
|
@ -84,12 +85,14 @@ public class LoginHandler extends HttpServlet {
|
|
|
|
|
OAuthApp oAuthApp = loginCache.getOAuthAppCache(oAuthAppCacheKey);
|
|
|
|
|
|
|
|
|
|
if (oAuthApp == null) {
|
|
|
|
|
HttpPost apiRegEndpoint = new HttpPost(gatewayUrl + HandlerConstants.APP_REG_ENDPOINT);
|
|
|
|
|
apiRegEndpoint.setHeader(HttpHeaders.AUTHORIZATION, HandlerConstants.BASIC + Base64.getEncoder()
|
|
|
|
|
.encodeToString((username + HandlerConstants.COLON + password).getBytes()));
|
|
|
|
|
apiRegEndpoint.setHeader(HTTP.CONTENT_TYPE, ContentType.APPLICATION_JSON.toString());
|
|
|
|
|
apiRegEndpoint.setEntity(HandlerUtil.constructAppRegPayload(tags, HandlerConstants.PUBLISHER_APPLICATION_NAME,
|
|
|
|
|
username, password, null, null));
|
|
|
|
|
|
|
|
|
|
ClassicHttpRequest apiRegEndpoint = ClassicRequestBuilder.post(gatewayUrl + HandlerConstants.APP_REG_ENDPOINT)
|
|
|
|
|
.setEntity(HandlerUtil.constructAppRegPayload(tags, HandlerConstants.PUBLISHER_APPLICATION_NAME,
|
|
|
|
|
username, password, null, null))
|
|
|
|
|
.setHeader(org.apache.hc.core5.http.HttpHeaders.CONTENT_TYPE,
|
|
|
|
|
org.apache.hc.core5.http.ContentType.APPLICATION_JSON.toString())
|
|
|
|
|
.setHeader(org.apache.hc.core5.http.HttpHeaders.AUTHORIZATION, HandlerConstants.BASIC + Base64.getEncoder().encodeToString((username + HandlerConstants.COLON + password).getBytes()))
|
|
|
|
|
.build();
|
|
|
|
|
|
|
|
|
|
ProxyResponse clientAppResponse = HandlerUtil.execute(apiRegEndpoint);
|
|
|
|
|
|
|
|
|
@ -99,15 +102,13 @@ public class LoginHandler extends HttpServlet {
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
if (clientAppResponse.getCode() == HttpStatus.SC_CREATED) {
|
|
|
|
|
JsonParser jsonParser = new JsonParser();
|
|
|
|
|
JsonElement jClientAppResult = jsonParser.parse(clientAppResponse.getData());
|
|
|
|
|
JsonNode jsonNode = clientAppResponse.getData();
|
|
|
|
|
String clientId = null;
|
|
|
|
|
String clientSecret = null;
|
|
|
|
|
String encodedClientApp = null;
|
|
|
|
|
if (jClientAppResult.isJsonObject()) {
|
|
|
|
|
JsonObject jClientAppResultAsJsonObject = jClientAppResult.getAsJsonObject();
|
|
|
|
|
clientId = jClientAppResultAsJsonObject.get("client_id").getAsString();
|
|
|
|
|
clientSecret = jClientAppResultAsJsonObject.get("client_secret").getAsString();
|
|
|
|
|
if (jsonNode != null) {
|
|
|
|
|
clientId = jsonNode.get("client_id").textValue();
|
|
|
|
|
clientSecret = jsonNode.get("client_secret").textValue();
|
|
|
|
|
encodedClientApp = Base64.getEncoder()
|
|
|
|
|
.encodeToString((clientId + HandlerConstants.COLON + clientSecret).getBytes());
|
|
|
|
|
oAuthApp = new OAuthApp(
|
|
|
|
@ -155,8 +156,7 @@ public class LoginHandler extends HttpServlet {
|
|
|
|
|
*/
|
|
|
|
|
private boolean getTokenAndPersistInSession(HttpServletRequest req, HttpServletResponse resp,
|
|
|
|
|
String clientId, String clientSecret, String encodedClientApp,
|
|
|
|
|
JsonArray scopes) throws LoginException {
|
|
|
|
|
JsonParser jsonParser = new JsonParser();
|
|
|
|
|
ArrayNode scopes) throws LoginException {
|
|
|
|
|
try {
|
|
|
|
|
|
|
|
|
|
ProxyResponse tokenResultResponse = getTokenResult(encodedClientApp, scopes);
|
|
|
|
@ -166,31 +166,26 @@ public class LoginHandler extends HttpServlet {
|
|
|
|
|
HandlerUtil.handleError(resp, tokenResultResponse);
|
|
|
|
|
return false;
|
|
|
|
|
}
|
|
|
|
|
String tokenResult = tokenResultResponse.getData();
|
|
|
|
|
JsonNode tokenResult = tokenResultResponse.getData();
|
|
|
|
|
if (tokenResult == null) {
|
|
|
|
|
log.error("Invalid token response is received.");
|
|
|
|
|
HandlerUtil.handleError(resp, tokenResultResponse);
|
|
|
|
|
return false;
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
JsonElement jTokenResult = jsonParser.parse(tokenResult);
|
|
|
|
|
if (jTokenResult.isJsonObject()) {
|
|
|
|
|
JsonObject jTokenResultAsJsonObject = jTokenResult.getAsJsonObject();
|
|
|
|
|
HttpSession session = req.getSession(false);
|
|
|
|
|
if (session == null) {
|
|
|
|
|
return false;
|
|
|
|
|
}
|
|
|
|
|
AuthData authData = new AuthData();
|
|
|
|
|
authData.setClientId(clientId);
|
|
|
|
|
authData.setClientSecret(clientSecret);
|
|
|
|
|
authData.setEncodedClientApp(encodedClientApp);
|
|
|
|
|
authData.setAccessToken(jTokenResultAsJsonObject.get("access_token").getAsString());
|
|
|
|
|
authData.setRefreshToken(jTokenResultAsJsonObject.get("refresh_token").getAsString());
|
|
|
|
|
authData.setScope(jTokenResultAsJsonObject.get("scope").getAsString());
|
|
|
|
|
session.setAttribute(HandlerConstants.SESSION_AUTH_DATA_KEY, authData);
|
|
|
|
|
return true;
|
|
|
|
|
HttpSession session = req.getSession(false);
|
|
|
|
|
if (session == null) {
|
|
|
|
|
return false;
|
|
|
|
|
}
|
|
|
|
|
return false;
|
|
|
|
|
AuthData authData = new AuthData();
|
|
|
|
|
authData.setClientId(clientId);
|
|
|
|
|
authData.setClientSecret(clientSecret);
|
|
|
|
|
authData.setEncodedClientApp(encodedClientApp);
|
|
|
|
|
authData.setAccessToken(tokenResult.get("access_token").textValue());
|
|
|
|
|
authData.setRefreshToken(tokenResult.get("refresh_token").textValue());
|
|
|
|
|
authData.setScope(tokenResult.get("scope").textValue());
|
|
|
|
|
session.setAttribute(HandlerConstants.SESSION_AUTH_DATA_KEY, authData);
|
|
|
|
|
return true;
|
|
|
|
|
} catch (IOException e) {
|
|
|
|
|
throw new LoginException("Error occurred while sending the response into the socket", e);
|
|
|
|
|
}
|
|
|
|
@ -228,22 +223,26 @@ public class LoginHandler extends HttpServlet {
|
|
|
|
|
* @throws IOException IO exception throws if an error occurred when invoking token endpoint
|
|
|
|
|
*/
|
|
|
|
|
private ProxyResponse getTokenResult(String encodedClientApp, JsonNode scopes) throws IOException {
|
|
|
|
|
HttpPost tokenEndpoint = new HttpPost(gatewayUrl + HandlerConstants.INTERNAL_TOKEN_ENDPOINT);
|
|
|
|
|
tokenEndpoint.setHeader(HttpHeaders.AUTHORIZATION, HandlerConstants.BASIC + encodedClientApp);
|
|
|
|
|
tokenEndpoint.setHeader(HttpHeaders.CONTENT_TYPE, ContentType.APPLICATION_FORM_URLENCODED.toString());
|
|
|
|
|
String scopeString = HandlerUtil.getScopeString(scopes);
|
|
|
|
|
|
|
|
|
|
if (scopeString != null) {
|
|
|
|
|
scopeString = scopeString.trim();
|
|
|
|
|
} else {
|
|
|
|
|
scopeString = "default";
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
StringEntity tokenEPPayload = new StringEntity(
|
|
|
|
|
"grant_type=" + HandlerConstants.PASSWORD_GRANT_TYPE + "&username=" + username + "&password=" +
|
|
|
|
|
password + "&scope=" + scopeString,
|
|
|
|
|
ContentType.APPLICATION_FORM_URLENCODED);
|
|
|
|
|
tokenEndpoint.setEntity(tokenEPPayload);
|
|
|
|
|
List<NameValuePair> nameValuePairs = new ArrayList<>();
|
|
|
|
|
nameValuePairs.add(new BasicNameValuePair("grant_type", HandlerConstants.PASSWORD_GRANT_TYPE));
|
|
|
|
|
nameValuePairs.add(new BasicNameValuePair("username", username));
|
|
|
|
|
nameValuePairs.add(new BasicNameValuePair("password", password));
|
|
|
|
|
nameValuePairs.add(new BasicNameValuePair("scope", scopeString));
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
ClassicHttpRequest tokenEndpoint = ClassicRequestBuilder.post(gatewayUrl + HandlerConstants.INTERNAL_TOKEN_ENDPOINT)
|
|
|
|
|
.setEntity(new UrlEncodedFormEntity(nameValuePairs))
|
|
|
|
|
.setHeader(org.apache.hc.core5.http.HttpHeaders.CONTENT_TYPE,
|
|
|
|
|
org.apache.hc.core5.http.ContentType.APPLICATION_FORM_URLENCODED.toString())
|
|
|
|
|
.setHeader(org.apache.hc.core5.http.HttpHeaders.AUTHORIZATION, HandlerConstants.BASIC + encodedClientApp)
|
|
|
|
|
.build();
|
|
|
|
|
return HandlerUtil.execute(tokenEndpoint);
|
|
|
|
|
}
|
|
|
|
|
}
|
|
|
|
|