diff --git a/components/application-mgt/org.wso2.carbon.device.application.mgt.handler/pom.xml b/components/application-mgt/org.wso2.carbon.device.application.mgt.handler/pom.xml deleted file mode 100644 index 14560dc7235..00000000000 --- a/components/application-mgt/org.wso2.carbon.device.application.mgt.handler/pom.xml +++ /dev/null @@ -1,155 +0,0 @@ - - - - 4.0.0 - - - org.wso2.carbon.devicemgt - application-mgt - 3.2.7-SNAPSHOT - - - org.wso2.carbon.device.application.mgt.handler - 3.2.7-SNAPSHOT - war - WSO2 Carbon - Application Management Authentication Handler API - Proxy Service for Authentication Handling in WSO2 App Manager. - http://wso2.org - - - - - maven-war-plugin - - WEB-INF/lib/*cxf*.jar - api#application-mgt-handler#v1.0 - - - - - - - - deploy - - compile - - - org.apache.maven.plugins - maven-antrun-plugin - 1.7 - - - compile - - run - - - - - - - - - - - - - - - - - - client - - test - - - org.codehaus.mojo - exec-maven-plugin - 1.2.1 - - - test - - java - - - - - - - - - - - - org.apache.cxf - cxf-rt-frontend-jaxws - provided - - - org.apache.cxf - cxf-rt-frontend-jaxrs - provided - - - org.apache.cxf - cxf-rt-transports-http - provided - - - javax.servlet - javax.servlet-api - provided - - - junit - junit - test - - - commons-logging - commons-logging - - - - org.apache.httpcomponents - httpclient - - - - - org.apache.httpcomponents - httpcore - - - org.wso2.carbon.devicemgt - org.wso2.carbon.device.application.mgt.core - provided - - - org.wso2.carbon.devicemgt - org.wso2.carbon.device.application.mgt.common - provided - - - diff --git a/components/application-mgt/org.wso2.carbon.device.application.mgt.handler/src/main/java/org/wso2/carbon/device/application/mgt/handler/InvokerHandler.java b/components/application-mgt/org.wso2.carbon.device.application.mgt.handler/src/main/java/org/wso2/carbon/device/application/mgt/handler/InvokerHandler.java deleted file mode 100644 index e98346130fd..00000000000 --- a/components/application-mgt/org.wso2.carbon.device.application.mgt.handler/src/main/java/org/wso2/carbon/device/application/mgt/handler/InvokerHandler.java +++ /dev/null @@ -1,239 +0,0 @@ -/* Copyright (c) 2018, Entgra (Pvt) Ltd. (http://www.entgra.io) All Rights Reserved. - * - * Entgra (Pvt) Ltd. licenses this file to you under the Apache License, - * Version 2.0 (the "License"); you may not use this file except - * in compliance with the License. - * You may obtain a copy of the License at - * - * http://www.apache.org/licenses/LICENSE-2.0 - * - * Unless required by applicable law or agreed to in writing, - * software distributed under the License is distributed on an - * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY - * KIND, either express or implied. See the License for the - * specific language governing permissions and limitations - * under the License. - */ - - -package org.wso2.carbon.device.application.mgt.handler; - -import com.google.gson.JsonElement; -import com.google.gson.JsonObject; -import com.google.gson.JsonParser; -import org.apache.commons.logging.Log; -import org.apache.commons.logging.LogFactory; -import org.apache.http.HttpStatus; -import org.apache.http.client.methods.HttpDelete; -import org.apache.http.client.methods.HttpGet; -import org.apache.http.client.methods.HttpPost; -import org.apache.http.client.methods.HttpPut; -import org.apache.http.client.methods.HttpRequestBase; -import org.apache.http.entity.ContentType; -import org.apache.http.entity.StringEntity; -import org.wso2.carbon.device.application.mgt.common.ProxyResponse; -import org.wso2.carbon.device.application.mgt.handler.beans.AuthData; -import org.wso2.carbon.device.application.mgt.handler.util.HandlerConstants; -import org.wso2.carbon.device.application.mgt.handler.util.HandlerUtil; - -import javax.servlet.annotation.MultipartConfig; -import javax.servlet.annotation.WebServlet; -import javax.servlet.http.HttpServlet; -import javax.servlet.http.HttpServletRequest; -import javax.servlet.http.HttpServletResponse; -import javax.servlet.http.HttpSession; -import java.io.IOException; - -import static java.net.HttpURLConnection.HTTP_BAD_REQUEST; -import static org.wso2.carbon.device.application.mgt.handler.util.HandlerUtil.execute; - -@MultipartConfig -@WebServlet("/invoke") -public class InvokerHandler extends HttpServlet { - private static final Log log = LogFactory.getLog(LoginHandler.class); - private static final long serialVersionUID = -6508020875358160165L; - private static AuthData authData; - private static String apiEndpoint; - private static String method; - private static String serverUrl; - private static String platform; - - @Override - protected void doPost(HttpServletRequest req, HttpServletResponse resp) { - try { - if (!validateRequest(req, resp)) { - return; - } - HttpRequestBase executor = constructExecutor(req); - if (executor == null) { - resp.sendError(HTTP_BAD_REQUEST, "Bad Request, method: " + method + " is not supported"); - return; - } - executor.setHeader(HandlerConstants.AUTHORIZATION_HEADER_KEY, "Bearer " + authData.getAccessToken()); - ProxyResponse proxyResponse = execute(executor); - - if (HandlerConstants.TOKEN_IS_EXPIRED.equals(proxyResponse.getExecutorResponse())) { - if (!refreshToken(req, resp)) { - return; - } - executor.setHeader(HandlerConstants.AUTHORIZATION_HEADER_KEY, "Bearer " + authData.getAccessToken()); - proxyResponse = execute(executor); - if (proxyResponse.getExecutorResponse().contains(HandlerConstants.EXECUTOR_EXCEPTION_PREFIX)) { - log.error("Error occurred while invoking the API after refreshing the token."); - HandlerUtil.handleError(req, resp, serverUrl, platform, proxyResponse); - return; - } - } - if (proxyResponse.getExecutorResponse().contains(HandlerConstants.EXECUTOR_EXCEPTION_PREFIX)) { - log.error("Error occurred while invoking the API endpoint."); - HandlerUtil.handleError(req, resp, serverUrl, platform, proxyResponse); - return; - } - HandlerUtil.handleSuccess(req, resp, serverUrl, platform, proxyResponse); - } catch (IOException e) { - log.error("Error occured when processing invoke call.", e); - } - } - - /*** - * - * @param req {@link HttpServletRequest} - * @return {@link HttpRequestBase} if method equals to either GET, POST, PUT or DELETE otherwise returns NULL. - */ - private HttpRequestBase constructExecutor(HttpServletRequest req) { - String payload = req.getParameter("payload"); - String contentType = req.getParameter("content-type"); - if (contentType == null || contentType.isEmpty()) { - contentType = ContentType.APPLICATION_JSON.toString(); - } - - HttpRequestBase executor; - if (HttpGet.METHOD_NAME.equalsIgnoreCase(method)) { - executor = new HttpGet(serverUrl + HandlerConstants.API_COMMON_CONTEXT + apiEndpoint); - } else if (HttpPost.METHOD_NAME.equalsIgnoreCase(method)) { - executor = new HttpPost(serverUrl + HandlerConstants.API_COMMON_CONTEXT + apiEndpoint); - StringEntity payloadEntity = new StringEntity(payload, ContentType.create(contentType)); - ((HttpPost) executor).setEntity(payloadEntity); - } else if (HttpPut.METHOD_NAME.equalsIgnoreCase(method)) { - executor = new HttpPut(serverUrl + HandlerConstants.API_COMMON_CONTEXT + apiEndpoint); - StringEntity payloadEntity = new StringEntity(payload, ContentType.create(contentType)); - ((HttpPut) executor).setEntity(payloadEntity); - } else if (HttpDelete.METHOD_NAME.equalsIgnoreCase(method)) { - executor = new HttpDelete(serverUrl + HandlerConstants.API_COMMON_CONTEXT + apiEndpoint); - } else { - return null; - } - return executor; - } - - /*** - * - * @param req {@link HttpServletRequest} - * @param resp {@link HttpServletResponse} - * @return If request is a valid one, returns TRUE, otherwise return FALSE - * @throws IOException If and error occurs while witting error response to client side - */ - private static boolean validateRequest(HttpServletRequest req, HttpServletResponse resp) throws IOException { - serverUrl = req.getScheme() + "://" + req.getServerName() + ":" + req.getServerPort(); - apiEndpoint = req.getParameter("api-endpoint"); - method = req.getParameter("method"); - HttpSession session = req.getSession(false); - if (session == null) { - log.error("Unauthorized, You are not logged in. Please log in to the portal"); - ProxyResponse proxyResponse = new ProxyResponse(); - proxyResponse.setCode(HttpStatus.SC_UNAUTHORIZED); - proxyResponse.setExecutorResponse( - HandlerConstants.EXECUTOR_EXCEPTION_PREFIX + HandlerUtil.getStatusKey(HttpStatus.SC_UNAUTHORIZED)); - HandlerUtil.handleError(req, resp, serverUrl, platform, proxyResponse); - return false; - } - authData = (AuthData) session.getAttribute(HandlerConstants.SESSION_AUTH_DATA_KEY); - platform = (String) session.getAttribute(HandlerConstants.PLATFORM); - if (authData == null) { - log.error("Unauthorized, Access token couldn't found in the current session"); - ProxyResponse proxyResponse = new ProxyResponse(); - proxyResponse.setCode(HttpStatus.SC_UNAUTHORIZED); - proxyResponse.setExecutorResponse( - HandlerConstants.EXECUTOR_EXCEPTION_PREFIX + HandlerUtil.getStatusKey(HttpStatus.SC_UNAUTHORIZED)); - HandlerUtil.handleError(req, resp, serverUrl, platform, proxyResponse); - return false; - } - - if (apiEndpoint == null || method == null) { - log.error("Bad Request, Either api-endpoint or method is empty"); - ProxyResponse proxyResponse = new ProxyResponse(); - proxyResponse.setCode(HttpStatus.SC_BAD_REQUEST); - proxyResponse.setExecutorResponse( - HandlerConstants.EXECUTOR_EXCEPTION_PREFIX + HandlerUtil.getStatusKey(HttpStatus.SC_BAD_REQUEST)); - HandlerUtil.handleError(req, resp, serverUrl, platform, proxyResponse); - return false; - } - return true; - } - - /*** - * - * @param req {@link HttpServletRequest} - * @param resp {@link HttpServletResponse} - * @return If successfully renew tokens, returns TRUE otherwise return FALSE - * @throws IOException If and error occurs while witting error response to client side or invoke token renewal API - */ - private static boolean refreshToken(HttpServletRequest req, HttpServletResponse resp) throws IOException { - log.debug("refreshing the token"); - HttpPost tokenEndpoint = new HttpPost( - serverUrl + HandlerConstants.API_COMMON_CONTEXT + HandlerConstants.TOKEN_ENDPOINT); - HttpSession session = req.getSession(false); - if (session == null) { - log.error("Couldn't find a session, hence it is required to login and proceed."); - ProxyResponse proxyResponse = new ProxyResponse(); - proxyResponse.setCode(HttpStatus.SC_UNAUTHORIZED); - proxyResponse.setExecutorResponse( - HandlerConstants.EXECUTOR_EXCEPTION_PREFIX + HandlerUtil.getStatusKey(HttpStatus.SC_UNAUTHORIZED)); - HandlerUtil.handleError(req, resp, serverUrl, platform, proxyResponse); - return false; - } - - StringEntity tokenEndpointPayload = new StringEntity( - "grant_type=refresh_token&refresh_token=" + authData.getRefreshToken() + "&scope=PRODUCTION", - ContentType.APPLICATION_FORM_URLENCODED); - - tokenEndpoint.setEntity(tokenEndpointPayload); - String encodedClientApp = authData.getEncodedClientApp(); - tokenEndpoint.setHeader("Authorization", "Basic " + encodedClientApp); - tokenEndpoint.setHeader("Content-Type", ContentType.APPLICATION_FORM_URLENCODED.toString()); - - ProxyResponse tokenResultResponse = execute(tokenEndpoint); - if (tokenResultResponse.getExecutorResponse().contains(HandlerConstants.EXECUTOR_EXCEPTION_PREFIX)) { - log.error("Error occurred while refreshing access token."); - HandlerUtil.handleError(req, resp, serverUrl, platform, tokenResultResponse); - return false; - } - - JsonParser jsonParser = new JsonParser(); - JsonElement jTokenResult = jsonParser.parse(tokenResultResponse.getData()); - - if (jTokenResult.isJsonObject()) { - JsonObject jTokenResultAsJsonObject = jTokenResult.getAsJsonObject(); - AuthData newAuthData = new AuthData(); - - newAuthData.setAccessToken(jTokenResultAsJsonObject.get("access_token").getAsString()); - newAuthData.setRefreshToken(jTokenResultAsJsonObject.get("refresh_token").getAsString()); - newAuthData.setScope(jTokenResultAsJsonObject.get("scope").getAsString()); - newAuthData.setClientId(authData.getClientId()); - newAuthData.setClientSecret(authData.getClientSecret()); - newAuthData.setEncodedClientApp(authData.getEncodedClientApp()); - newAuthData.setUsername(authData.getUsername()); - authData = newAuthData; - session.setAttribute(HandlerConstants.SESSION_AUTH_DATA_KEY, newAuthData); - return true; - } - - log.error("Error Occurred in token renewal process."); - ProxyResponse proxyResponse = new ProxyResponse(); - proxyResponse.setCode(HttpStatus.SC_INTERNAL_SERVER_ERROR); - proxyResponse.setExecutorResponse( - HandlerConstants.EXECUTOR_EXCEPTION_PREFIX + HandlerUtil.getStatusKey(HttpStatus.SC_INTERNAL_SERVER_ERROR)); - HandlerUtil.handleError(req, resp, serverUrl, platform, proxyResponse); - return false; - } -} diff --git a/components/application-mgt/org.wso2.carbon.device.application.mgt.handler/src/main/java/org/wso2/carbon/device/application/mgt/handler/LoginHandler.java b/components/application-mgt/org.wso2.carbon.device.application.mgt.handler/src/main/java/org/wso2/carbon/device/application/mgt/handler/LoginHandler.java deleted file mode 100644 index 86fae9e66b9..00000000000 --- a/components/application-mgt/org.wso2.carbon.device.application.mgt.handler/src/main/java/org/wso2/carbon/device/application/mgt/handler/LoginHandler.java +++ /dev/null @@ -1,293 +0,0 @@ -/* Copyright (c) 2018, Entgra (Pvt) Ltd. (http://www.entgra.io) All Rights Reserved. - * - * Entgra (Pvt) Ltd. licenses this file to you under the Apache License, - * Version 2.0 (the "License"); you may not use this file except - * in compliance with the License. - * You may obtain a copy of the License at - * - * http://www.apache.org/licenses/LICENSE-2.0 - * - * Unless required by applicable law or agreed to in writing, - * software distributed under the License is distributed on an - * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY - * KIND, either express or implied. See the License for the - * specific language governing permissions and limitations - * under the License. - */ - -package org.wso2.carbon.device.application.mgt.handler; - -import com.google.gson.JsonArray; -import com.google.gson.JsonElement; -import com.google.gson.JsonObject; -import com.google.gson.JsonParser; -import com.google.gson.JsonSyntaxException; -import org.apache.commons.lang.StringUtils; -import org.apache.commons.logging.Log; -import org.apache.commons.logging.LogFactory; -import org.apache.http.HttpStatus; -import org.apache.http.client.methods.HttpGet; -import org.apache.http.client.methods.HttpPost; -import org.apache.http.entity.ContentType; -import org.apache.http.entity.StringEntity; -import org.apache.http.protocol.HTTP; -import org.wso2.carbon.device.application.mgt.common.ProxyResponse; -import org.wso2.carbon.device.application.mgt.handler.beans.AuthData; -import org.wso2.carbon.device.application.mgt.handler.exceptions.LoginException; -import org.wso2.carbon.device.application.mgt.handler.util.HandlerConstants; -import org.wso2.carbon.device.application.mgt.handler.util.HandlerUtil; -import org.wso2.carbon.device.mgt.core.config.DeviceConfigurationManager; -import org.wso2.carbon.device.mgt.core.config.DeviceManagementConfig; - -import javax.servlet.annotation.MultipartConfig; -import javax.servlet.annotation.WebServlet; -import javax.servlet.http.HttpServlet; -import javax.servlet.http.HttpServletRequest; -import javax.servlet.http.HttpServletResponse; -import javax.servlet.http.HttpSession; -import java.io.IOException; -import java.util.Base64; - -import static org.wso2.carbon.device.application.mgt.handler.util.HandlerUtil.execute; - -@MultipartConfig -@WebServlet("/login") -public class LoginHandler extends HttpServlet { - private static final Log log = LogFactory.getLog(LoginHandler.class); - private static final long serialVersionUID = 9050048549140517002L; - - private static String username; - private static String password; - private static String platform; - private static String serverUrl; - private static String uiConfigUrl; - - @Override - protected void doPost(HttpServletRequest req, HttpServletResponse resp) { - try { - validateLoginRequest(req, resp); - DeviceManagementConfig deviceManagementConfig = DeviceConfigurationManager.getInstance() - .getDeviceManagementConfig(); - String adminUsername = deviceManagementConfig.getIdentityConfigurations().getAdminUsername(); - String adminPwd = deviceManagementConfig.getIdentityConfigurations().getAdminPassword(); - - HttpSession httpSession = req.getSession(false); - if (httpSession != null) { - httpSession.invalidate(); - } - httpSession = req.getSession(true); - //setting session to expiry in 5 mins - httpSession.setMaxInactiveInterval(Math.toIntExact(HandlerConstants.TIMEOUT)); - - HttpGet uiConfigEndpoint = new HttpGet(uiConfigUrl); - JsonParser jsonParser = new JsonParser(); - ProxyResponse uiConfigResponse = execute(uiConfigEndpoint); - String executorResponse = uiConfigResponse.getExecutorResponse(); - if (!StringUtils.isEmpty(executorResponse) && executorResponse - .contains(HandlerConstants.EXECUTOR_EXCEPTION_PREFIX)) { - log.error("Error occurred while getting UI configurations by invoking " + uiConfigUrl); - HandlerUtil.handleError(req, resp, serverUrl, platform, uiConfigResponse); - return; - } - - String uiConfig = uiConfigResponse.getData(); - if (uiConfig == null){ - log.error("UI config retrieval is failed, and didn't find UI configuration for App manager."); - HandlerUtil.handleError(req, resp, serverUrl, platform, null); - return; - } - JsonElement uiConfigJsonElement = jsonParser.parse(uiConfigResponse.getData()); - JsonObject uiConfigJsonObject = null; - if (uiConfigJsonElement.isJsonObject()) { - uiConfigJsonObject = uiConfigJsonElement.getAsJsonObject(); - httpSession.setAttribute(HandlerConstants.UI_CONFIG_KEY, uiConfigJsonObject); - httpSession.setAttribute(HandlerConstants.PLATFORM, serverUrl); - } - if (uiConfigJsonObject == null) { - log.error( - "Either UI config json element is not an json object or converting rom json element to json object is failed."); - HandlerUtil.handleError(req, resp, serverUrl, platform, null); - return; - } - - boolean isSsoEnable = uiConfigJsonObject.get("isSsoEnable").getAsBoolean(); - JsonArray tags = uiConfigJsonObject.get("appRegistration").getAsJsonObject().get("tags").getAsJsonArray(); - JsonArray scopes = uiConfigJsonObject.get("scopes").getAsJsonArray(); - - if (isSsoEnable) { - log.debug("SSO is enabled"); - } else { - // default login - HttpPost apiRegEndpoint = new HttpPost(serverUrl + HandlerConstants.APP_REG_ENDPOINT); - apiRegEndpoint.setHeader(HandlerConstants.AUTHORIZATION, HandlerConstants.BASIC + Base64.getEncoder() - .encodeToString((adminUsername + HandlerConstants.COLON + adminPwd).getBytes())); - apiRegEndpoint.setHeader(HTTP.CONTENT_TYPE, ContentType.APPLICATION_JSON.toString()); - apiRegEndpoint.setEntity(constructAppRegPayload(tags)); - - ProxyResponse clientAppResponse = execute(apiRegEndpoint); - String clientAppResult = clientAppResponse.getData(); - - if (!StringUtils.isEmpty(clientAppResult) && getTokenAndPersistInSession(req, resp, - clientAppResponse.getData(), scopes)) { - ProxyResponse proxyResponse = new ProxyResponse(); - proxyResponse.setCode(HttpStatus.SC_OK); - proxyResponse.setUrl(serverUrl + "/" + platform + uiConfigJsonObject.get(HandlerConstants.LOGIN_RESPONSE_KEY) - .getAsJsonObject().get("successCallback").getAsString()); - HandlerUtil.handleSuccess(req, resp, serverUrl, platform, proxyResponse); - return; - } - HandlerUtil.handleError(req, resp, serverUrl, platform, null); - } - } catch (IOException e) { - log.error("Error occured while sending the response into the socket. ", e); - } catch (JsonSyntaxException e) { - log.error("Error occured while parsing the response. ", e); - } catch (LoginException e) { - log.error("Error occured while getting token data. ", e); - } - } - - /*** - * - * @param req - {@link HttpServletRequest} - * @param clientAppResult - clientAppResult - * @param scopes - scopes defied in the application-mgt.xml - * @throws LoginException - login exception throws when getting token result - */ - private boolean getTokenAndPersistInSession(HttpServletRequest req, HttpServletResponse resp, - String clientAppResult, JsonArray scopes) throws LoginException { - JsonParser jsonParser = new JsonParser(); - try { - JsonElement jClientAppResult = jsonParser.parse(clientAppResult); - if (jClientAppResult.isJsonObject()) { - JsonObject jClientAppResultAsJsonObject = jClientAppResult.getAsJsonObject(); - String clientId = jClientAppResultAsJsonObject.get("client_id").getAsString(); - String clientSecret = jClientAppResultAsJsonObject.get("client_secret").getAsString(); - String encodedClientApp = Base64.getEncoder() - .encodeToString((clientId + ":" + clientSecret).getBytes()); - - ProxyResponse tokenResultResponse = getTokenResult(encodedClientApp, scopes); - - if (tokenResultResponse.getExecutorResponse().contains(HandlerConstants.EXECUTOR_EXCEPTION_PREFIX)) { - log.error("Error occurred while invoking the API to get token data."); - HandlerUtil.handleError(req, resp, serverUrl, platform, tokenResultResponse); - return false; - } - String tokenResult = tokenResultResponse.getData(); - if (tokenResult == null){ - log.error("Invalid token response is received."); - HandlerUtil.handleError(req, resp, serverUrl, platform, tokenResultResponse); - return false; - } - - JsonElement jTokenResult = jsonParser.parse(tokenResult); - if (jTokenResult.isJsonObject()) { - JsonObject jTokenResultAsJsonObject = jTokenResult.getAsJsonObject(); - HttpSession session = req.getSession(false); - if (session == null) { - return false; - } - AuthData authData = new AuthData(); - authData.setClientId(clientId); - authData.setClientSecret(clientSecret); - authData.setEncodedClientApp(encodedClientApp); - authData.setAccessToken(jTokenResultAsJsonObject.get("access_token").getAsString()); - authData.setRefreshToken(jTokenResultAsJsonObject.get("refresh_token").getAsString()); - authData.setScope(jTokenResultAsJsonObject.get("scope").getAsString()); - session.setAttribute(HandlerConstants.SESSION_AUTH_DATA_KEY, authData); - return true; - - } - } - return false; - } catch (IOException e) { - throw new LoginException("Error occured while sending the response into the socket", e); - } - } - - /*** - * - * @param scopes - scope Json Array and it is retrieved by reading UI config. - * @return string value of the defined scopes - */ - private String getScopeString(JsonArray scopes) { - if (scopes != null && scopes.size() > 0) { - StringBuilder builder = new StringBuilder(); - for (JsonElement scope : scopes) { - String tmpscope = scope.getAsString() + " "; - builder.append(tmpscope); - } - return builder.toString(); - } else { - return null; - } - } - - /*** - * - * @param req - {@link HttpServletRequest} - * Define username and password static parameters. - */ - private static void validateLoginRequest(HttpServletRequest req, HttpServletResponse resp) throws LoginException { - username = req.getParameter("username"); - password = req.getParameter("password"); - platform = req.getParameter("platform"); - serverUrl = req.getScheme() + "://" + req.getServerName() + ":" + req.getServerPort(); - uiConfigUrl = serverUrl + HandlerConstants.UI_CONFIG_ENDPOINT; - - try { - if (platform == null) { - resp.sendRedirect(serverUrl + HandlerConstants.DEFAULT_ERROR_CALLBACK); - throw new LoginException("Invalid login request. Platform parameter is Null."); - } - if (username == null || password == null) { - resp.sendRedirect(serverUrl + "/" + platform + HandlerConstants.DEFAULT_ERROR_CALLBACK); - throw new LoginException( - " Invalid login request. Username or Password is not received for login request."); - } - } catch (IOException e) { - throw new LoginException("Error Occured while redirecting to default error page.", e); - } - } - - /*** - * - * @param tags - tags which are retrieved by reading app manager configuration - * @return {@link StringEntity} of the payload to create the client application - */ - private StringEntity constructAppRegPayload(JsonArray tags) { - JsonObject jsonObject = new JsonObject(); - jsonObject.addProperty(HandlerConstants.APP_NAME_KEY, HandlerConstants.PUBLISHER_APPLICATION_NAME); - jsonObject.addProperty("isAllowedToAllDomains", "false"); - jsonObject.add(HandlerConstants.TAGS_KEY, tags); - String payload = jsonObject.toString(); - return new StringEntity(payload, ContentType.APPLICATION_JSON); - } - - /*** - * - * @param encodedClientApp - Base64 encoded clientId:clientSecret. - * @param scopes - Scopes which are retrieved by reading application-mgt configuration - * @return Invoke token endpoint and return the response as string. - * @throws IOException IO exception throws if an error occured when invoking token endpoint - */ - private ProxyResponse getTokenResult(String encodedClientApp, JsonArray scopes) throws IOException { - - HttpPost tokenEndpoint = new HttpPost(serverUrl + HandlerConstants.TOKEN_ENDPOINT); - tokenEndpoint.setHeader("Authorization", "Basic " + encodedClientApp); - tokenEndpoint.setHeader("Content-Type", ContentType.APPLICATION_FORM_URLENCODED.toString()); - String scopeString = getScopeString(scopes); - - if (scopeString != null) { - scopeString = scopeString.trim(); - } else { - scopeString = "default"; - } - - StringEntity tokenEPPayload = new StringEntity( - "grant_type=password&username=" + username + "&password=" + password + "&scope=" + scopeString, - ContentType.APPLICATION_FORM_URLENCODED); - tokenEndpoint.setEntity(tokenEPPayload); - return execute(tokenEndpoint); - } -} diff --git a/components/application-mgt/org.wso2.carbon.device.application.mgt.handler/src/main/java/org/wso2/carbon/device/application/mgt/handler/beans/AuthData.java b/components/application-mgt/org.wso2.carbon.device.application.mgt.handler/src/main/java/org/wso2/carbon/device/application/mgt/handler/beans/AuthData.java deleted file mode 100644 index 20cd45a2228..00000000000 --- a/components/application-mgt/org.wso2.carbon.device.application.mgt.handler/src/main/java/org/wso2/carbon/device/application/mgt/handler/beans/AuthData.java +++ /dev/null @@ -1,88 +0,0 @@ -/* Copyright (c) 2019, Entgra (Pvt) Ltd. (http://www.entgra.io) All Rights Reserved. - * - * Entgra (Pvt) Ltd. licenses this file to you under the Apache License, - * Version 2.0 (the "License"); you may not use this file except - * in compliance with the License. - * You may obtain a copy of the License at - * - * http://www.apache.org/licenses/LICENSE-2.0 - * - * Unless required by applicable law or agreed to in writing, - * software distributed under the License is distributed on an - * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY - * KIND, either express or implied. See the License for the - * specific language governing permissions and limitations - * under the License. - */ - -package org.wso2.carbon.device.application.mgt.handler.beans; - - -public class AuthData implements java.io.Serializable { - - private static final long serialVersionUID = -5156750882531944849L; - - private String accessToken; - private String refreshToken; - private String username; - private String clientId; - private String clientSecret; - private String encodedClientApp; - private String scope; - - public String getAccessToken() { - return accessToken; - } - - public void setAccessToken(String accessToken) { - this.accessToken = accessToken; - } - - public String getRefreshToken() { - return refreshToken; - } - - public void setRefreshToken(String refreshToken) { - this.refreshToken = refreshToken; - } - - public String getUsername() { - return username; - } - - public void setUsername(String username) { - this.username = username; - } - - public String getClientId() { - return clientId; - } - - public void setClientId(String clientId) { - this.clientId = clientId; - } - - public String getClientSecret() { - return clientSecret; - } - - public void setClientSecret(String clientSecret) { - this.clientSecret = clientSecret; - } - - public String getEncodedClientApp() { - return encodedClientApp; - } - - public void setEncodedClientApp(String encodedClientApp) { - this.encodedClientApp = encodedClientApp; - } - - public String getScope() { - return scope; - } - - public void setScope(String scope) { - this.scope = scope; - } -} diff --git a/components/application-mgt/org.wso2.carbon.device.application.mgt.handler/src/main/java/org/wso2/carbon/device/application/mgt/handler/exceptions/LoginException.java b/components/application-mgt/org.wso2.carbon.device.application.mgt.handler/src/main/java/org/wso2/carbon/device/application/mgt/handler/exceptions/LoginException.java deleted file mode 100644 index 1deda4add5d..00000000000 --- a/components/application-mgt/org.wso2.carbon.device.application.mgt.handler/src/main/java/org/wso2/carbon/device/application/mgt/handler/exceptions/LoginException.java +++ /dev/null @@ -1,38 +0,0 @@ -/* Copyright (c) 2018, Entgra (Pvt) Ltd. (http://www.entgra.io) All Rights Reserved. - * - * Entgra (Pvt) Ltd. licenses this file to you under the Apache License, - * Version 2.0 (the "License"); you may not use this file except - * in compliance with the License. - * You may obtain a copy of the License at - * - * http://www.apache.org/licenses/LICENSE-2.0 - * - * Unless required by applicable law or agreed to in writing, - * software distributed under the License is distributed on an - * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY - * KIND, either express or implied. See the License for the - * specific language governing permissions and limitations - * under the License. - */ - -package org.wso2.carbon.device.application.mgt.handler.exceptions; - -public class LoginException extends Exception { - public LoginException(String message) { - super(message); - } - - public LoginException(String message, Throwable cause) { - super(message, cause); - } - - public LoginException(Throwable cause) { - super(cause); - } - - public LoginException(String message, Throwable cause, - boolean enableSuppression, - boolean writableStackTrace) { - super(message, cause, enableSuppression, writableStackTrace); - } -} diff --git a/components/application-mgt/org.wso2.carbon.device.application.mgt.handler/src/main/java/org/wso2/carbon/device/application/mgt/handler/util/HandlerConstants.java b/components/application-mgt/org.wso2.carbon.device.application.mgt.handler/src/main/java/org/wso2/carbon/device/application/mgt/handler/util/HandlerConstants.java deleted file mode 100644 index d8804ca834b..00000000000 --- a/components/application-mgt/org.wso2.carbon.device.application.mgt.handler/src/main/java/org/wso2/carbon/device/application/mgt/handler/util/HandlerConstants.java +++ /dev/null @@ -1,44 +0,0 @@ -/* Copyright (c) 2018, Entgra (Pvt) Ltd. (http://www.entgra.io) All Rights Reserved. - * - * Entgra (Pvt) Ltd. licenses this file to you under the Apache License, - * Version 2.0 (the "License"); you may not use this file except - * in compliance with the License. - * You may obtain a copy of the License at - * - * http://www.apache.org/licenses/LICENSE-2.0 - * - * Unless required by applicable law or agreed to in writing, - * software distributed under the License is distributed on an - * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY - * KIND, either express or implied. See the License for the - * specific language governing permissions and limitations - * under the License. - */ - -package org.wso2.carbon.device.application.mgt.handler.util; - -public class HandlerConstants { - public static final String PUBLISHER_APPLICATION_NAME = "application-mgt-publisher"; - public static final String APP_REG_ENDPOINT = "/api-application-registration/register"; - public static final String UI_CONFIG_ENDPOINT = "/api/application-mgt/v1.0/config/ui-config"; - public static final String TOKEN_ENDPOINT = "/oauth2/token"; - public static final String AUTHORIZATION = "Authorization"; - public static final String BASIC = "Basic "; - public static final String COLON = ":"; - public static final String TAGS_KEY = "tags"; - public static final String APP_NAME_KEY = "applicationName"; - public static final String SESSION_AUTH_DATA_KEY = "application-mgt"; - public static final String AUTHORIZATION_HEADER_KEY = "Authorization"; - public static final String UI_CONFIG_KEY = "ui-config"; - public static final String PLATFORM = "platform"; - public static final String SERVER_HOST = "server-host"; - public static final String DEFAULT_ERROR_CALLBACK = "/pages/error/default"; - public static final String LOGIN_RESPONSE_KEY = "loginResponse"; - public static final String FAILURE_CALLBACK_KEY = "failureCallback"; - public static final String API_COMMON_CONTEXT = "/api"; - public static final String EXECUTOR_EXCEPTION_PREFIX = "ExecutorException-"; - public static final String TOKEN_IS_EXPIRED = "ACCESS_TOKEN_IS_EXPIRED"; - - public static final int INTERNAL_ERROR_CODE = 500; - public static final long TIMEOUT = 1200; -} diff --git a/components/application-mgt/org.wso2.carbon.device.application.mgt.handler/src/main/java/org/wso2/carbon/device/application/mgt/handler/util/HandlerUtil.java b/components/application-mgt/org.wso2.carbon.device.application.mgt.handler/src/main/java/org/wso2/carbon/device/application/mgt/handler/util/HandlerUtil.java deleted file mode 100644 index e49659c9809..00000000000 --- a/components/application-mgt/org.wso2.carbon.device.application.mgt.handler/src/main/java/org/wso2/carbon/device/application/mgt/handler/util/HandlerUtil.java +++ /dev/null @@ -1,241 +0,0 @@ -/* Copyright (c) 2019, Entgra (Pvt) Ltd. (http://www.entgra.io) All Rights Reserved. - * - * Entgra (Pvt) Ltd. licenses this file to you under the Apache License, - * Version 2.0 (the "License"); you may not use this file except - * in compliance with the License. - * You may obtain a copy of the License at - * - * http://www.apache.org/licenses/LICENSE-2.0 - * - * Unless required by applicable law or agreed to in writing, - * software distributed under the License is distributed on an - * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY - * KIND, either express or implied. See the License for the - * specific language governing permissions and limitations - * under the License. - */ - -package org.wso2.carbon.device.application.mgt.handler.util; - -import com.google.gson.Gson; -import com.google.gson.JsonObject; -import org.apache.commons.lang.StringUtils; -import org.apache.commons.logging.Log; -import org.apache.commons.logging.LogFactory; -import org.apache.http.HttpResponse; -import org.apache.http.HttpStatus; -import org.apache.http.client.methods.HttpDelete; -import org.apache.http.client.methods.HttpGet; -import org.apache.http.client.methods.HttpPost; -import org.apache.http.client.methods.HttpPut; -import org.apache.http.impl.client.CloseableHttpClient; -import org.apache.http.impl.client.HttpClients; -import org.json.JSONException; -import org.json.JSONObject; -import org.wso2.carbon.device.application.mgt.common.ProxyResponse; - -import javax.servlet.http.HttpServletRequest; -import javax.servlet.http.HttpServletResponse; -import javax.servlet.http.HttpSession; -import java.io.BufferedReader; -import java.io.IOException; -import java.io.InputStreamReader; -import java.io.PrintWriter; - -public class HandlerUtil { - - private static final Log log = LogFactory.getLog(HandlerUtil.class); - - /*** - * - * @param httpMethod - httpMethod e.g:- HttpPost, HttpGet - * @param - HttpPost or HttpGet class - * @return response as string - * @throws IOException IO exception returns if error occurs when executing the httpMethod - */ - public static ProxyResponse execute(T httpMethod) throws IOException { - try (CloseableHttpClient client = HttpClients.createDefault()) { - HttpResponse response = null; - if (httpMethod instanceof HttpPost) { - HttpPost method = (HttpPost) httpMethod; - response = client.execute(method); - } else if (httpMethod instanceof HttpGet) { - HttpGet method = (HttpGet) httpMethod; - response = client.execute(method); - } else if (httpMethod instanceof HttpPut) { - HttpPut method = (HttpPut) httpMethod; - response = client.execute(method); - } else if (httpMethod instanceof HttpDelete) { - HttpDelete method = (HttpDelete) httpMethod; - response = client.execute(method); - } - - ProxyResponse proxyResponse = new ProxyResponse(); - if (response == null) { - proxyResponse.setCode(HandlerConstants.INTERNAL_ERROR_CODE); - proxyResponse.setExecutorResponse(HandlerConstants.EXECUTOR_EXCEPTION_PREFIX + getStatusKey( - HandlerConstants.INTERNAL_ERROR_CODE)); - return proxyResponse; - } else { - int statusCode = response.getStatusLine().getStatusCode(); - try (BufferedReader rd = new BufferedReader(new InputStreamReader(response.getEntity().getContent()))) { - StringBuilder result = new StringBuilder(); - String line; - while ((line = rd.readLine()) != null) { - result.append(line); - } - - String jsonString = result.toString(); - if (statusCode == HttpStatus.SC_OK || statusCode == HttpStatus.SC_CREATED) { - proxyResponse.setCode(statusCode); - proxyResponse.setData(jsonString); - proxyResponse.setExecutorResponse("SUCCESS"); - return proxyResponse; - } else if (statusCode == HttpStatus.SC_UNAUTHORIZED) { - if (jsonString.contains("Access token expired") || jsonString - .contains("Invalid input. Access token validation failed")) { - proxyResponse.setCode(statusCode); - proxyResponse.setExecutorResponse("ACCESS_TOKEN_IS_EXPIRED"); - return proxyResponse; - } else { - proxyResponse.setCode(statusCode); - proxyResponse.setData(jsonString); - proxyResponse.setExecutorResponse( - HandlerConstants.EXECUTOR_EXCEPTION_PREFIX + getStatusKey(statusCode)); - return proxyResponse; - } - } - proxyResponse.setCode(statusCode); - proxyResponse.setData(jsonString); - proxyResponse - .setExecutorResponse(HandlerConstants.EXECUTOR_EXCEPTION_PREFIX + getStatusKey(statusCode)); - return proxyResponse; - } - } - } - } - - /*** - * - * @param statusCode Provide status code, e.g:- 400, 401, 500 etc - * @return relative status code key for given status code. - */ - public static String getStatusKey (int statusCode){ - String statusCodeKey; - - switch (statusCode) { - case HttpStatus.SC_INTERNAL_SERVER_ERROR: - statusCodeKey = "internalServerError"; - break; - case HttpStatus.SC_BAD_REQUEST: - statusCodeKey = "badRequest"; - break; - case HttpStatus.SC_UNAUTHORIZED: - statusCodeKey = "unauthorized"; - break; - case HttpStatus.SC_FORBIDDEN: - statusCodeKey = "forbidden"; - break; - case HttpStatus.SC_NOT_FOUND: - statusCodeKey = "notFound"; - break; - case HttpStatus.SC_METHOD_NOT_ALLOWED: - statusCodeKey = "methodNotAllowed"; - break; - case HttpStatus.SC_NOT_ACCEPTABLE: - statusCodeKey = "notAcceptable"; - break; - case HttpStatus.SC_UNSUPPORTED_MEDIA_TYPE: - statusCodeKey = "unsupportedMediaType"; - break; - default: - statusCodeKey = "defaultPage"; - break; - } - return statusCodeKey; - } - - - /*** - * - * @param resp {@link HttpServletResponse} - * Return Error Response. - */ - public static void handleError(HttpServletRequest req, HttpServletResponse resp, String serverUrl, - String platform, ProxyResponse proxyResponse) throws IOException { - - HttpSession httpSession = req.getSession(true); - Gson gson = new Gson(); - if (proxyResponse == null){ - proxyResponse = new ProxyResponse(); - proxyResponse.setCode(HttpStatus.SC_INTERNAL_SERVER_ERROR); - proxyResponse.setExecutorResponse(HandlerConstants.EXECUTOR_EXCEPTION_PREFIX + HandlerUtil - .getStatusKey(HandlerConstants.INTERNAL_ERROR_CODE)); - } - if (platform == null){ - platform = "default"; - } - - resp.setStatus(proxyResponse.getCode()); - resp.setContentType("application/json"); - resp.setCharacterEncoding("UTF-8"); - - if (httpSession != null) { - JsonObject uiConfig = (JsonObject) httpSession.getAttribute(HandlerConstants.UI_CONFIG_KEY); - if (uiConfig == null){ - proxyResponse.setUrl(serverUrl + "/" + platform + HandlerConstants.DEFAULT_ERROR_CALLBACK); - } else{ - proxyResponse.setUrl(serverUrl + uiConfig.get(HandlerConstants.LOGIN_RESPONSE_KEY).getAsJsonObject() - .get(HandlerConstants.FAILURE_CALLBACK_KEY).getAsJsonObject() - .get(proxyResponse.getExecutorResponse().split(HandlerConstants.EXECUTOR_EXCEPTION_PREFIX)[1]) - .getAsString()); - } - } else { - proxyResponse.setUrl(serverUrl + "/" + platform + HandlerConstants.DEFAULT_ERROR_CALLBACK); - } - - proxyResponse.setExecutorResponse(null); - try (PrintWriter writer = resp.getWriter()) { - writer.write(gson.toJson(proxyResponse)); - } - } - - /*** - * - * @param resp {@link HttpServletResponse} - * Return Success Response. - */ - public static void handleSuccess(HttpServletRequest req, HttpServletResponse resp, String serverUrl, - String platform, ProxyResponse proxyResponse) throws IOException { - if (proxyResponse == null){ - handleError(req,resp,serverUrl,platform,proxyResponse); - return; - } - - resp.setStatus(proxyResponse.getCode()); - resp.setContentType("application/json"); - resp.setCharacterEncoding("UTF-8"); - - JSONObject response = new JSONObject(); - String redirectUrl = proxyResponse.getUrl(); - String responseData = proxyResponse.getData(); - - if (!StringUtils.isEmpty(redirectUrl)){ - response.put("url", redirectUrl); - } - if (!StringUtils.isEmpty(responseData)){ - try { - JSONObject responseDataJsonObj = new JSONObject(responseData); - response.put("data", responseDataJsonObj); - } catch (JSONException e) { - log.debug("Response data is not valid json string"); - response.put("data", responseData); - } - } - - try (PrintWriter writer = resp.getWriter()) { - writer.write(response.toString()); - } - } - -} diff --git a/components/application-mgt/org.wso2.carbon.device.application.mgt.handler/src/main/webapp/META-INF/webapp-classloading.xml b/components/application-mgt/org.wso2.carbon.device.application.mgt.handler/src/main/webapp/META-INF/webapp-classloading.xml deleted file mode 100644 index cc5b3c66d7c..00000000000 --- a/components/application-mgt/org.wso2.carbon.device.application.mgt.handler/src/main/webapp/META-INF/webapp-classloading.xml +++ /dev/null @@ -1,35 +0,0 @@ - - - - - - - - - false - - - Carbon - diff --git a/components/application-mgt/org.wso2.carbon.device.application.mgt.handler/src/main/webapp/WEB-INF/web.xml b/components/application-mgt/org.wso2.carbon.device.application.mgt.handler/src/main/webapp/WEB-INF/web.xml deleted file mode 100644 index 76d16ffb080..00000000000 --- a/components/application-mgt/org.wso2.carbon.device.application.mgt.handler/src/main/webapp/WEB-INF/web.xml +++ /dev/null @@ -1,103 +0,0 @@ - - - - Application Management Auth Webapp - - 60 - - - doAuthentication - false - - - - - managed-api-enabled - false - - - managed-api-owner - admin - - - isSharedWithAllTenants - true - - - - CorsFilter - org.apache.catalina.filters.CorsFilter - - cors.allowed.origins - * - - - cors.allowed.methods - GET,POST,DELETE,PUT - - - cors.allowed.headers - Content-Type - - - - - HttpHeaderSecurityFilter - org.apache.catalina.filters.HttpHeaderSecurityFilter - - hstsEnabled - false - - - - - ContentTypeBasedCachePreventionFilter - org.wso2.carbon.ui.filters.cache.ContentTypeBasedCachePreventionFilter - - patterns - text/html" ,application/json" ,text/plain - - - filterAction - enforce - - - httpHeaders - Cache-Control: no-store, no-cache, must-revalidate, private - - - - - HttpHeaderSecurityFilter - /* - - - - ContentTypeBasedCachePreventionFilter - /* - - - - CorsFilter - /* - - - \ No newline at end of file diff --git a/components/application-mgt/org.wso2.carbon.device.application.mgt.publisher.api/src/main/java/org/wso2/carbon/device/application/mgt/publisher/api/services/ApplicationManagementPublisherAPI.java b/components/application-mgt/org.wso2.carbon.device.application.mgt.publisher.api/src/main/java/org/wso2/carbon/device/application/mgt/publisher/api/services/ApplicationManagementPublisherAPI.java index 99355e5c960..699a97f78ac 100644 --- a/components/application-mgt/org.wso2.carbon.device.application.mgt.publisher.api/src/main/java/org/wso2/carbon/device/application/mgt/publisher/api/services/ApplicationManagementPublisherAPI.java +++ b/components/application-mgt/org.wso2.carbon.device.application.mgt.publisher.api/src/main/java/org/wso2/carbon/device/application/mgt/publisher/api/services/ApplicationManagementPublisherAPI.java @@ -273,7 +273,7 @@ public interface ApplicationManagementPublisherAPI { @POST @Path("/ent-app") @Produces(MediaType.APPLICATION_JSON) - @Consumes("multipart/mixed") + @Consumes({"multipart/mixed", MediaType.MULTIPART_FORM_DATA}) @ApiOperation( consumes = MediaType.APPLICATION_JSON, produces = MediaType.APPLICATION_JSON, @@ -342,7 +342,7 @@ public interface ApplicationManagementPublisherAPI { @POST @Path("/web-app") @Produces(MediaType.APPLICATION_JSON) - @Consumes("multipart/mixed") + @Consumes({"multipart/mixed", MediaType.MULTIPART_FORM_DATA}) @ApiOperation( consumes = MediaType.APPLICATION_JSON, produces = MediaType.APPLICATION_JSON, @@ -406,7 +406,7 @@ public interface ApplicationManagementPublisherAPI { @POST @Path("/public-app") @Produces(MediaType.APPLICATION_JSON) - @Consumes("multipart/mixed") + @Consumes({"multipart/mixed", MediaType.MULTIPART_FORM_DATA}) @ApiOperation( consumes = MediaType.APPLICATION_JSON, produces = MediaType.APPLICATION_JSON, @@ -467,7 +467,7 @@ public interface ApplicationManagementPublisherAPI { @POST @Produces(MediaType.APPLICATION_JSON) - @Consumes("multipart/mixed") + @Consumes({"multipart/mixed", MediaType.MULTIPART_FORM_DATA}) @Path("/ent-app/{appId}") @ApiOperation( consumes = MediaType.APPLICATION_JSON, @@ -583,7 +583,7 @@ public interface ApplicationManagementPublisherAPI { @PUT @Path("/image-artifacts/{uuid}") @Produces(MediaType.APPLICATION_JSON) - @Consumes("multipart/mixed") + @Consumes({"multipart/mixed", MediaType.MULTIPART_FORM_DATA}) @ApiOperation( consumes = MediaType.MULTIPART_FORM_DATA, produces = MediaType.APPLICATION_JSON, @@ -653,7 +653,7 @@ public interface ApplicationManagementPublisherAPI { @PUT @Path("/app-artifacts/{deviceType}/{appType}/{appId}/{uuid}") @Produces(MediaType.APPLICATION_JSON) - @Consumes("multipart/mixed") + @Consumes({"multipart/mixed", MediaType.MULTIPART_FORM_DATA}) @ApiOperation( consumes = MediaType.MULTIPART_FORM_DATA, produces = MediaType.APPLICATION_JSON, diff --git a/components/application-mgt/org.wso2.carbon.device.application.mgt.publisher.api/src/main/java/org/wso2/carbon/device/application/mgt/publisher/api/services/impl/ApplicationManagementPublisherAPIImpl.java b/components/application-mgt/org.wso2.carbon.device.application.mgt.publisher.api/src/main/java/org/wso2/carbon/device/application/mgt/publisher/api/services/impl/ApplicationManagementPublisherAPIImpl.java index d0d091df032..f3669c09790 100644 --- a/components/application-mgt/org.wso2.carbon.device.application.mgt.publisher.api/src/main/java/org/wso2/carbon/device/application/mgt/publisher/api/services/impl/ApplicationManagementPublisherAPIImpl.java +++ b/components/application-mgt/org.wso2.carbon.device.application.mgt.publisher.api/src/main/java/org/wso2/carbon/device/application/mgt/publisher/api/services/impl/ApplicationManagementPublisherAPIImpl.java @@ -164,7 +164,7 @@ public class ApplicationManagementPublisherAPIImpl implements ApplicationManagem } @POST - @Consumes("multipart/mixed") + @Consumes({"multipart/mixed", MediaType.MULTIPART_FORM_DATA}) @Path("/ent-app") public Response createEntApp( @Multipart("application") ApplicationWrapper applicationWrapper, @@ -204,7 +204,7 @@ public class ApplicationManagementPublisherAPIImpl implements ApplicationManagem } @POST - @Consumes("multipart/mixed") + @Consumes({"multipart/mixed", MediaType.MULTIPART_FORM_DATA}) @Path("/web-app") public Response createWebApp( @Multipart("webapp") WebAppWrapper webAppWrapper, @@ -242,7 +242,7 @@ public class ApplicationManagementPublisherAPIImpl implements ApplicationManagem } @POST - @Consumes("multipart/mixed") + @Consumes({"multipart/mixed", MediaType.MULTIPART_FORM_DATA}) @Path("/public-app") public Response createPubApp( @Multipart("public-app") PublicAppWrapper publicAppWrapper, @@ -280,7 +280,7 @@ public class ApplicationManagementPublisherAPIImpl implements ApplicationManagem } @POST - @Consumes("multipart/mixed") + @Consumes({"multipart/mixed", MediaType.MULTIPART_FORM_DATA}) @Path("/ent-app/{appId}") public Response createEntAppRelease( @PathParam("appId") int appId, @@ -320,7 +320,7 @@ public class ApplicationManagementPublisherAPIImpl implements ApplicationManagem @Override @PUT - @Consumes("multipart/mixed") + @Consumes({"multipart/mixed", MediaType.MULTIPART_FORM_DATA}) @Produces(MediaType.APPLICATION_JSON) @Path("/image-artifacts/{uuid}") public Response updateApplicationImageArtifacts( @@ -357,7 +357,7 @@ public class ApplicationManagementPublisherAPIImpl implements ApplicationManagem @Override @PUT - @Consumes("multipart/mixed") + @Consumes({"multipart/mixed", MediaType.MULTIPART_FORM_DATA}) @Path("/app-artifact/{deviceType}/{appType}/{uuid}") public Response updateApplicationArtifact( @PathParam("deviceType") String deviceType, diff --git a/components/application-mgt/pom.xml b/components/application-mgt/pom.xml index 2e4899beb4a..dd201be3c45 100644 --- a/components/application-mgt/pom.xml +++ b/components/application-mgt/pom.xml @@ -42,7 +42,6 @@ org.wso2.carbon.device.application.mgt.store.api org.wso2.carbon.device.application.mgt.publisher.ui org.wso2.carbon.device.application.mgt.store.ui - org.wso2.carbon.device.application.mgt.handler org.wso2.carbon.device.application.mgt.api diff --git a/components/ui-request-interceptor/io.entgra.ui.request.interceptor/pom.xml b/components/ui-request-interceptor/io.entgra.ui.request.interceptor/pom.xml index 2fe4013823a..d2cc394427a 100644 --- a/components/ui-request-interceptor/io.entgra.ui.request.interceptor/pom.xml +++ b/components/ui-request-interceptor/io.entgra.ui.request.interceptor/pom.xml @@ -151,5 +151,10 @@ org.wso2.carbon.device.application.mgt.common provided + + org.apache.httpcomponents + httpmime + compile + \ No newline at end of file diff --git a/components/ui-request-interceptor/io.entgra.ui.request.interceptor/src/main/java/io/entgra/ui/request/interceptor/InvokerHandler.java b/components/ui-request-interceptor/io.entgra.ui.request.interceptor/src/main/java/io/entgra/ui/request/interceptor/InvokerHandler.java index 1dd968ecd58..8acf32b2f6d 100644 --- a/components/ui-request-interceptor/io.entgra.ui.request.interceptor/src/main/java/io/entgra/ui/request/interceptor/InvokerHandler.java +++ b/components/ui-request-interceptor/io.entgra.ui.request.interceptor/src/main/java/io/entgra/ui/request/interceptor/InvokerHandler.java @@ -24,12 +24,17 @@ import com.google.gson.JsonParser; import io.entgra.ui.request.interceptor.beans.AuthData; import io.entgra.ui.request.interceptor.util.HandlerConstants; import io.entgra.ui.request.interceptor.util.HandlerUtil; +import org.apache.commons.fileupload.FileItem; +import org.apache.commons.fileupload.FileUploadException; +import org.apache.commons.fileupload.disk.DiskFileItemFactory; +import org.apache.commons.fileupload.servlet.ServletFileUpload; import org.apache.commons.lang.StringUtils; import org.apache.commons.logging.Log; import org.apache.commons.logging.LogFactory; import org.apache.http.HttpHeaders; import org.apache.http.HttpStatus; import org.apache.http.client.methods.HttpDelete; +import org.apache.http.client.methods.HttpEntityEnclosingRequestBase; import org.apache.http.client.methods.HttpGet; import org.apache.http.client.methods.HttpPost; import org.apache.http.client.methods.HttpPut; @@ -38,6 +43,9 @@ import org.apache.http.cookie.SM; import org.apache.http.entity.ContentType; import org.apache.http.entity.InputStreamEntity; import org.apache.http.entity.StringEntity; +import org.apache.http.entity.mime.HttpMultipartMode; +import org.apache.http.entity.mime.MultipartEntityBuilder; +import org.apache.http.entity.mime.content.InputStreamBody; import org.wso2.carbon.device.application.mgt.common.ProxyResponse; import javax.servlet.annotation.MultipartConfig; @@ -48,8 +56,7 @@ import javax.servlet.http.HttpServletResponse; import javax.servlet.http.HttpSession; import java.io.IOException; import java.util.Enumeration; - -import static io.entgra.ui.request.interceptor.util.HandlerUtil.execute; +import java.util.List; @MultipartConfig @WebServlet( @@ -61,38 +68,21 @@ import static io.entgra.ui.request.interceptor.util.HandlerUtil.execute; } ) public class InvokerHandler extends HttpServlet { - private static final Log log = LogFactory.getLog(LoginHandler.class); + private static final Log log = LogFactory.getLog(InvokerHandler.class); private static final long serialVersionUID = -6508020875358160165L; -// private static final HeaderGroup nonForwardingHeaders = new HeaderGroup(); - private static AuthData authData; - private static String apiEndpoint; - private static String serverUrl; - private static String platform; - -// static { -// // Initializing hop-by-hop headers to omit them from forwarding to the backend -// String[] headers = {HttpHeaders.CONNECTION, HttpHeaders.TRANSFER_ENCODING, HttpHeaders.PROXY_AUTHENTICATE, -// HttpHeaders.PROXY_AUTHORIZATION, HttpHeaders.UPGRADE, HttpHeaders.TE, HttpHeaders.TRAILER, -// HandlerConstants.KEEP_ALIVE, HandlerConstants.PUBLIC}; -// for (String header : headers) { -// nonForwardingHeaders.addHeader(new BasicHeader(header, null)); -// } -// } + private AuthData authData; + private String apiEndpoint; + private String serverUrl; + private String platform; @Override protected void doPost(HttpServletRequest req, HttpServletResponse resp) { try { if (validateRequest(req, resp)) { HttpPost postRequest = new HttpPost(generateBackendRequestURL(req)); - if (StringUtils.isNotEmpty(req.getHeader(HttpHeaders.CONTENT_LENGTH)) || - StringUtils.isNotEmpty(req.getHeader(HttpHeaders.TRANSFER_ENCODING))) { - InputStreamEntity entity = new InputStreamEntity(req.getInputStream(), - Long.parseLong(req.getHeader(HttpHeaders.CONTENT_LENGTH))); - postRequest.setEntity(entity); - } - copyRequestHeaders(req, postRequest); + generateRequestEntity(req, postRequest); postRequest.setHeader(HttpHeaders.AUTHORIZATION, HandlerConstants.BEARER + authData.getAccessToken()); - ProxyResponse proxyResponse = execute(postRequest); + ProxyResponse proxyResponse = HandlerUtil.execute(postRequest); if (HandlerConstants.TOKEN_IS_EXPIRED.equals(proxyResponse.getExecutorResponse())) { proxyResponse = retryRequestWithRefreshedToken(req, resp, postRequest); @@ -107,6 +97,8 @@ public class InvokerHandler extends HttpServlet { } HandlerUtil.handleSuccess(req, resp, serverUrl, platform, proxyResponse); } + } catch (FileUploadException e) { + log.error("Error occurred when processing Multipart POST request.", e); } catch (IOException e) { log.error("Error occurred when processing POST request.", e); } @@ -117,9 +109,9 @@ public class InvokerHandler extends HttpServlet { try { if (validateRequest(req, resp)) { HttpGet getRequest = new HttpGet(generateBackendRequestURL(req)); - copyRequestHeaders(req, getRequest); + copyRequestHeaders(req, getRequest, false); getRequest.setHeader(HttpHeaders.AUTHORIZATION, HandlerConstants.BEARER + authData.getAccessToken()); - ProxyResponse proxyResponse = execute(getRequest); + ProxyResponse proxyResponse = HandlerUtil.execute(getRequest); if (HandlerConstants.TOKEN_IS_EXPIRED.equals(proxyResponse.getExecutorResponse())) { proxyResponse = retryRequestWithRefreshedToken(req, resp, getRequest); if (proxyResponse == null) { @@ -143,16 +135,9 @@ public class InvokerHandler extends HttpServlet { try { if (validateRequest(req, resp)) { HttpPut putRequest = new HttpPut(generateBackendRequestURL(req)); - if ((StringUtils.isNotEmpty(req.getHeader(HttpHeaders.CONTENT_LENGTH)) && - Double.parseDouble(req.getHeader(HttpHeaders.CONTENT_LENGTH)) > 0) || - StringUtils.isNotEmpty(req.getHeader(HttpHeaders.TRANSFER_ENCODING))) { - InputStreamEntity entity = new InputStreamEntity(req.getInputStream(), - Long.parseLong(req.getHeader(HttpHeaders.CONTENT_LENGTH))); - putRequest.setEntity(entity); - } - copyRequestHeaders(req, putRequest); + generateRequestEntity(req, putRequest); putRequest.setHeader(HttpHeaders.AUTHORIZATION, HandlerConstants.BEARER + authData.getAccessToken()); - ProxyResponse proxyResponse = execute(putRequest); + ProxyResponse proxyResponse = HandlerUtil.execute(putRequest); if (HandlerConstants.TOKEN_IS_EXPIRED.equals(proxyResponse.getExecutorResponse())) { proxyResponse = retryRequestWithRefreshedToken(req, resp, putRequest); @@ -167,6 +152,8 @@ public class InvokerHandler extends HttpServlet { } HandlerUtil.handleSuccess(req, resp, serverUrl, platform, proxyResponse); } + } catch (FileUploadException e) { + log.error("Error occurred when processing Multipart PUT request.", e); } catch (IOException e) { log.error("Error occurred when processing PUT request.", e); } @@ -177,9 +164,9 @@ public class InvokerHandler extends HttpServlet { try { if (validateRequest(req, resp)) { HttpDelete deleteRequest = new HttpDelete(generateBackendRequestURL(req)); - copyRequestHeaders(req, deleteRequest); + copyRequestHeaders(req, deleteRequest, false); deleteRequest.setHeader(HttpHeaders.AUTHORIZATION, HandlerConstants.BEARER + authData.getAccessToken()); - ProxyResponse proxyResponse = execute(deleteRequest); + ProxyResponse proxyResponse = HandlerUtil.execute(deleteRequest); if (HandlerConstants.TOKEN_IS_EXPIRED.equals(proxyResponse.getExecutorResponse())) { proxyResponse = retryRequestWithRefreshedToken(req, resp, deleteRequest); if (proxyResponse == null) { @@ -198,6 +185,49 @@ public class InvokerHandler extends HttpServlet { } } + /** + * Generate te request entity for POST and PUT requests from the incoming request. + * + * @param req incoming {@link HttpServletRequest}. + * @param proxyRequest proxy request instance. + * @throws FileUploadException If unable to parse the incoming request for multipart content extraction. + * @throws IOException If error occurred while generating the request body. + */ + private void generateRequestEntity(HttpServletRequest req, HttpEntityEnclosingRequestBase proxyRequest) + throws FileUploadException, IOException { + if (ServletFileUpload.isMultipartContent(req)) { + ServletFileUpload servletFileUpload = new ServletFileUpload(new DiskFileItemFactory()); + List fileItemList = servletFileUpload.parseRequest(req); + MultipartEntityBuilder entityBuilder = MultipartEntityBuilder.create(); + entityBuilder.setMode(HttpMultipartMode.BROWSER_COMPATIBLE); + for (FileItem item: fileItemList) { + if (!item.isFormField()) { + entityBuilder.addPart(item.getFieldName(), new InputStreamBody(item.getInputStream(), + ContentType.create(item.getContentType()), item.getName())); + } else { + entityBuilder.addTextBody(item.getFieldName(), item.getString(), + ContentType.create(item.getContentType())); + } + } + proxyRequest.setEntity(entityBuilder.build()); + copyRequestHeaders(req, proxyRequest, false); + } else { + if (StringUtils.isNotEmpty(req.getHeader(HttpHeaders.CONTENT_LENGTH)) || + StringUtils.isNotEmpty(req.getHeader(HttpHeaders.TRANSFER_ENCODING))) { + InputStreamEntity entity = new InputStreamEntity(req.getInputStream(), + Long.parseLong(req.getHeader(HttpHeaders.CONTENT_LENGTH))); + proxyRequest.setEntity(entity); + } + copyRequestHeaders(req, proxyRequest, true); + } + } + + /** + * Generates the target URL for the proxy request. + * + * @param req incoming {@link HttpServletRequest} + * @return Target URL + */ private String generateBackendRequestURL(HttpServletRequest req) { StringBuilder urlBuilder = new StringBuilder(); urlBuilder.append(serverUrl).append(HandlerConstants.API_COMMON_CONTEXT).append(apiEndpoint); @@ -207,12 +237,22 @@ public class InvokerHandler extends HttpServlet { return urlBuilder.toString(); } - private void copyRequestHeaders(HttpServletRequest req, HttpRequestBase httpRequest) { + /** + * Copy incoming request headers to the proxy request. + * + * @param req incoming {@link HttpServletRequest} + * @param httpRequest proxy request instance. + * @param preserveContentType true if content type header needs to be preserved. + * This should be set to false when handling multipart requests as Http + * client will generate the Content-Type header automatically. + */ + private void copyRequestHeaders(HttpServletRequest req, HttpRequestBase httpRequest, boolean preserveContentType) { Enumeration headerNames = req.getHeaderNames(); while (headerNames.hasMoreElements()) { String headerName = headerNames.nextElement(); if (headerName.equalsIgnoreCase(HttpHeaders.CONTENT_LENGTH) || - headerName.equalsIgnoreCase(SM.COOKIE)) { + headerName.equalsIgnoreCase(SM.COOKIE) || + (!preserveContentType && headerName.equalsIgnoreCase(HttpHeaders.CONTENT_TYPE))) { continue; } Enumeration headerValues = req.getHeaders(headerName); @@ -221,46 +261,46 @@ public class InvokerHandler extends HttpServlet { } } } + /*** + * Validates the incoming request. * * @param req {@link HttpServletRequest} * @param resp {@link HttpServletResponse} * @return If request is a valid one, returns TRUE, otherwise return FALSE * @throws IOException If and error occurs while witting error response to client side */ - private static boolean validateRequest(HttpServletRequest req, HttpServletResponse resp) + private boolean validateRequest(HttpServletRequest req, HttpServletResponse resp) throws IOException { serverUrl = req.getScheme() + "://" + req.getServerName() + ":" + req.getServerPort(); apiEndpoint = req.getPathInfo(); + platform = req.getHeader(HandlerConstants.X_PLATFORM_HEADER); HttpSession session = req.getSession(false); + if (session == null) { log.error("Unauthorized, You are not logged in. Please log in to the portal"); - ProxyResponse proxyResponse = new ProxyResponse(); - proxyResponse.setCode(HttpStatus.SC_UNAUTHORIZED); - proxyResponse.setExecutorResponse( - HandlerConstants.EXECUTOR_EXCEPTION_PREFIX + HandlerUtil.getStatusKey(HttpStatus.SC_UNAUTHORIZED)); - HandlerUtil.handleError(req, resp, serverUrl, platform, proxyResponse); + handleError(req, resp, HttpStatus.SC_UNAUTHORIZED); + return false; + } + + if (StringUtils.isEmpty(platform)) { + log.error("\"X-Platform\" header is empty in the request. Header is required to obtain the auth data from" + + " session."); + handleError(req, resp, HttpStatus.SC_BAD_REQUEST); return false; } - authData = (AuthData) session.getAttribute(HandlerConstants.SESSION_AUTH_DATA_KEY); - platform = (String) session.getAttribute(HandlerConstants.PLATFORM); + + authData = (AuthData) session.getAttribute(platform); + if (authData == null) { log.error("Unauthorized, Access token not found in the current session"); - ProxyResponse proxyResponse = new ProxyResponse(); - proxyResponse.setCode(HttpStatus.SC_UNAUTHORIZED); - proxyResponse.setExecutorResponse( - HandlerConstants.EXECUTOR_EXCEPTION_PREFIX + HandlerUtil.getStatusKey(HttpStatus.SC_UNAUTHORIZED)); - HandlerUtil.handleError(req, resp, serverUrl, platform, proxyResponse); + handleError(req, resp, HttpStatus.SC_UNAUTHORIZED); return false; } if (apiEndpoint == null || req.getMethod() == null) { log.error("Bad Request, Either destination api-endpoint or method is empty"); - ProxyResponse proxyResponse = new ProxyResponse(); - proxyResponse.setCode(HttpStatus.SC_BAD_REQUEST); - proxyResponse.setExecutorResponse( - HandlerConstants.EXECUTOR_EXCEPTION_PREFIX + HandlerUtil.getStatusKey(HttpStatus.SC_BAD_REQUEST)); - HandlerUtil.handleError(req, resp, serverUrl, platform, proxyResponse); + handleError(req, resp, HttpStatus.SC_BAD_REQUEST); return false; } return true; @@ -275,11 +315,11 @@ public class InvokerHandler extends HttpServlet { * @return {@link ProxyResponse} if successful and null if failed. * @throws IOException If an error occurs when try to retry the request. */ - private static ProxyResponse retryRequestWithRefreshedToken(HttpServletRequest req, HttpServletResponse resp, + private ProxyResponse retryRequestWithRefreshedToken(HttpServletRequest req, HttpServletResponse resp, HttpRequestBase httpRequest) throws IOException { if (refreshToken(req, resp)) { httpRequest.setHeader(HttpHeaders.AUTHORIZATION, HandlerConstants.BEARER + authData.getAccessToken()); - ProxyResponse proxyResponse = execute(httpRequest); + ProxyResponse proxyResponse = HandlerUtil.execute(httpRequest); if (proxyResponse.getExecutorResponse().contains(HandlerConstants.EXECUTOR_EXCEPTION_PREFIX)) { log.error("Error occurred while invoking the API after refreshing the token."); HandlerUtil.handleError(req, resp, serverUrl, platform, proxyResponse); @@ -297,7 +337,7 @@ public class InvokerHandler extends HttpServlet { * @return If successfully renew tokens, returns TRUE otherwise return FALSE * @throws IOException If an error occurs while witting error response to client side or invoke token renewal API */ - private static boolean refreshToken(HttpServletRequest req, HttpServletResponse resp) + private boolean refreshToken(HttpServletRequest req, HttpServletResponse resp) throws IOException { if (log.isDebugEnabled()) { log.debug("refreshing the token"); @@ -307,11 +347,7 @@ public class InvokerHandler extends HttpServlet { HttpSession session = req.getSession(false); if (session == null) { log.error("Couldn't find a session, hence it is required to login and proceed."); - ProxyResponse proxyResponse = new ProxyResponse(); - proxyResponse.setCode(HttpStatus.SC_UNAUTHORIZED); - proxyResponse.setExecutorResponse( - HandlerConstants.EXECUTOR_EXCEPTION_PREFIX + HandlerUtil.getStatusKey(HttpStatus.SC_UNAUTHORIZED)); - HandlerUtil.handleError(req, resp, serverUrl, platform, proxyResponse); + handleError(req, resp, HttpStatus.SC_UNAUTHORIZED); return false; } @@ -325,7 +361,7 @@ public class InvokerHandler extends HttpServlet { encodedClientApp); tokenEndpoint.setHeader(HttpHeaders.CONTENT_TYPE, ContentType.APPLICATION_FORM_URLENCODED.toString()); - ProxyResponse tokenResultResponse = execute(tokenEndpoint); + ProxyResponse tokenResultResponse = HandlerUtil.execute(tokenEndpoint); if (tokenResultResponse.getExecutorResponse().contains(HandlerConstants.EXECUTOR_EXCEPTION_PREFIX)) { log.error("Error occurred while refreshing access token."); HandlerUtil.handleError(req, resp, serverUrl, platform, tokenResultResponse); @@ -352,11 +388,24 @@ public class InvokerHandler extends HttpServlet { } log.error("Error Occurred in token renewal process."); + handleError(req, resp, HttpStatus.SC_INTERNAL_SERVER_ERROR); + return false; + } + + /** + * Handle error requests + * + * @param req {@link HttpServletRequest} + * @param resp {@link HttpServletResponse} + * @param errorCode HTTP error status code + * @throws IOException If error occurred when trying to send the error response. + */ + private void handleError(HttpServletRequest req, HttpServletResponse resp, int errorCode) + throws IOException { ProxyResponse proxyResponse = new ProxyResponse(); - proxyResponse.setCode(HttpStatus.SC_INTERNAL_SERVER_ERROR); + proxyResponse.setCode(errorCode); proxyResponse.setExecutorResponse( - HandlerConstants.EXECUTOR_EXCEPTION_PREFIX + HandlerUtil.getStatusKey(HttpStatus.SC_INTERNAL_SERVER_ERROR)); + HandlerConstants.EXECUTOR_EXCEPTION_PREFIX + HandlerUtil.getStatusKey(errorCode)); HandlerUtil.handleError(req, resp, serverUrl, platform, proxyResponse); - return false; } } diff --git a/components/ui-request-interceptor/io.entgra.ui.request.interceptor/src/main/java/io/entgra/ui/request/interceptor/LoginHandler.java b/components/ui-request-interceptor/io.entgra.ui.request.interceptor/src/main/java/io/entgra/ui/request/interceptor/LoginHandler.java index 5f1167073d7..f35f0151e18 100644 --- a/components/ui-request-interceptor/io.entgra.ui.request.interceptor/src/main/java/io/entgra/ui/request/interceptor/LoginHandler.java +++ b/components/ui-request-interceptor/io.entgra.ui.request.interceptor/src/main/java/io/entgra/ui/request/interceptor/LoginHandler.java @@ -50,8 +50,6 @@ import javax.servlet.http.HttpSession; import java.io.IOException; import java.util.Base64; -import static io.entgra.ui.request.interceptor.util.HandlerUtil.execute; - @MultipartConfig @WebServlet("/login") public class LoginHandler extends HttpServlet { @@ -78,12 +76,12 @@ public class LoginHandler extends HttpServlet { httpSession.invalidate(); } httpSession = req.getSession(true); - //setting session to expiry in 5 mins + //setting session to expiry in 5 minutes httpSession.setMaxInactiveInterval(Math.toIntExact(HandlerConstants.TIMEOUT)); HttpGet uiConfigEndpoint = new HttpGet(uiConfigUrl); JsonParser jsonParser = new JsonParser(); - ProxyResponse uiConfigResponse = execute(uiConfigEndpoint); + ProxyResponse uiConfigResponse = HandlerUtil.execute(uiConfigEndpoint); String executorResponse = uiConfigResponse.getExecutorResponse(); if (!StringUtils.isEmpty(executorResponse) && executorResponse .contains(HandlerConstants.EXECUTOR_EXCEPTION_PREFIX)) { @@ -126,7 +124,7 @@ public class LoginHandler extends HttpServlet { apiRegEndpoint.setHeader(HTTP.CONTENT_TYPE, ContentType.APPLICATION_JSON.toString()); apiRegEndpoint.setEntity(constructAppRegPayload(tags)); - ProxyResponse clientAppResponse = execute(apiRegEndpoint); + ProxyResponse clientAppResponse = HandlerUtil.execute(apiRegEndpoint); String clientAppResult = clientAppResponse.getData(); if (!StringUtils.isEmpty(clientAppResult) && getTokenAndPersistInSession(req, resp, @@ -141,11 +139,11 @@ public class LoginHandler extends HttpServlet { HandlerUtil.handleError(req, resp, serverUrl, platform, null); } } catch (IOException e) { - log.error("Error occured while sending the response into the socket. ", e); + log.error("Error occurred while sending the response into the socket. ", e); } catch (JsonSyntaxException e) { - log.error("Error occured while parsing the response. ", e); + log.error("Error occurred while parsing the response. ", e); } catch (LoginException e) { - log.error("Error occured while getting token data. ", e); + log.error("Error occurred while getting token data. ", e); } } @@ -196,14 +194,14 @@ public class LoginHandler extends HttpServlet { authData.setAccessToken(jTokenResultAsJsonObject.get("access_token").getAsString()); authData.setRefreshToken(jTokenResultAsJsonObject.get("refresh_token").getAsString()); authData.setScope(jTokenResultAsJsonObject.get("scope").getAsString()); - session.setAttribute(HandlerConstants.SESSION_AUTH_DATA_KEY, authData); + session.setAttribute(platform, authData); return true; } } return false; } catch (IOException e) { - throw new LoginException("Error occured while sending the response into the socket", e); + throw new LoginException("Error occurred while sending the response into the socket", e); } } @@ -216,8 +214,8 @@ public class LoginHandler extends HttpServlet { if (scopes != null && scopes.size() > 0) { StringBuilder builder = new StringBuilder(); for (JsonElement scope : scopes) { - String tmpscope = scope.getAsString() + " "; - builder.append(tmpscope); + String tmpScope = scope.getAsString() + " "; + builder.append(tmpScope); } return builder.toString(); } else { @@ -248,7 +246,7 @@ public class LoginHandler extends HttpServlet { " Invalid login request. Username or Password is not received for login request."); } } catch (IOException e) { - throw new LoginException("Error Occured while redirecting to default error page.", e); + throw new LoginException("Error occurred while redirecting to default error page.", e); } } @@ -271,13 +269,13 @@ public class LoginHandler extends HttpServlet { * @param encodedClientApp - Base64 encoded clientId:clientSecret. * @param scopes - Scopes which are retrieved by reading application-mgt configuration * @return Invoke token endpoint and return the response as string. - * @throws IOException IO exception throws if an error occured when invoking token endpoint + * @throws IOException IO exception throws if an error occurred when invoking token endpoint */ private ProxyResponse getTokenResult(String encodedClientApp, JsonArray scopes) throws IOException { HttpPost tokenEndpoint = new HttpPost(serverUrl + HandlerConstants.TOKEN_ENDPOINT); - tokenEndpoint.setHeader("Authorization", "Basic " + encodedClientApp); - tokenEndpoint.setHeader("Content-Type", ContentType.APPLICATION_FORM_URLENCODED.toString()); + tokenEndpoint.setHeader(HttpHeaders.AUTHORIZATION, HandlerConstants.BASIC + encodedClientApp); + tokenEndpoint.setHeader(HttpHeaders.CONTENT_TYPE, ContentType.APPLICATION_FORM_URLENCODED.toString()); String scopeString = getScopeString(scopes); if (scopeString != null) { @@ -290,6 +288,6 @@ public class LoginHandler extends HttpServlet { "grant_type=password&username=" + username + "&password=" + password + "&scope=" + scopeString, ContentType.APPLICATION_FORM_URLENCODED); tokenEndpoint.setEntity(tokenEPPayload); - return execute(tokenEndpoint); + return HandlerUtil.execute(tokenEndpoint); } } diff --git a/components/ui-request-interceptor/io.entgra.ui.request.interceptor/src/main/java/io/entgra/ui/request/interceptor/util/HandlerConstants.java b/components/ui-request-interceptor/io.entgra.ui.request.interceptor/src/main/java/io/entgra/ui/request/interceptor/util/HandlerConstants.java index aa80d7fd668..cf2cb4db601 100644 --- a/components/ui-request-interceptor/io.entgra.ui.request.interceptor/src/main/java/io/entgra/ui/request/interceptor/util/HandlerConstants.java +++ b/components/ui-request-interceptor/io.entgra.ui.request.interceptor/src/main/java/io/entgra/ui/request/interceptor/util/HandlerConstants.java @@ -23,8 +23,6 @@ public class HandlerConstants { public static final String APP_REG_ENDPOINT = "/api-application-registration/register"; public static final String UI_CONFIG_ENDPOINT = "/api/application-mgt/v1.0/config/ui-config"; public static final String TOKEN_ENDPOINT = "/oauth2/token"; - public static final String PUBLIC = "Public"; - public static final String KEEP_ALIVE = "Keep-Alive"; public static final String BASIC = "Basic "; public static final String BEARER = "Bearer "; public static final String COLON = ":"; @@ -33,7 +31,6 @@ public class HandlerConstants { public static final String SESSION_AUTH_DATA_KEY = "application-mgt"; public static final String UI_CONFIG_KEY = "ui-config"; public static final String PLATFORM = "platform"; - public static final String SERVER_HOST = "server-host"; public static final String DEFAULT_ERROR_CALLBACK = "/pages/error/default"; public static final String LOGIN_RESPONSE_KEY = "loginResponse"; public static final String FAILURE_CALLBACK_KEY = "failureCallback"; @@ -41,6 +38,8 @@ public class HandlerConstants { public static final String EXECUTOR_EXCEPTION_PREFIX = "ExecutorException-"; public static final String TOKEN_IS_EXPIRED = "ACCESS_TOKEN_IS_EXPIRED"; + public static final String X_PLATFORM_HEADER = "X-Platform"; + public static final int INTERNAL_ERROR_CODE = 500; public static final long TIMEOUT = 1200; } diff --git a/components/ui-request-interceptor/io.entgra.ui.request.interceptor/src/main/java/io/entgra/ui/request/interceptor/util/HandlerUtil.java b/components/ui-request-interceptor/io.entgra.ui.request.interceptor/src/main/java/io/entgra/ui/request/interceptor/util/HandlerUtil.java index f3baea315fa..399655ae0aa 100644 --- a/components/ui-request-interceptor/io.entgra.ui.request.interceptor/src/main/java/io/entgra/ui/request/interceptor/util/HandlerUtil.java +++ b/components/ui-request-interceptor/io.entgra.ui.request.interceptor/src/main/java/io/entgra/ui/request/interceptor/util/HandlerUtil.java @@ -23,9 +23,11 @@ import com.google.gson.JsonObject; import org.apache.commons.lang.StringUtils; import org.apache.commons.logging.Log; import org.apache.commons.logging.LogFactory; +import org.apache.http.Consts; import org.apache.http.HttpResponse; import org.apache.http.HttpStatus; import org.apache.http.client.methods.HttpRequestBase; +import org.apache.http.entity.ContentType; import org.apache.http.impl.client.CloseableHttpClient; import org.apache.http.impl.client.HttpClients; import org.json.JSONException; @@ -79,7 +81,7 @@ public class HandlerUtil { if (jsonString.contains("Access token expired") || jsonString .contains("Invalid input. Access token validation failed")) { proxyResponse.setCode(statusCode); - proxyResponse.setExecutorResponse("ACCESS_TOKEN_IS_EXPIRED"); + proxyResponse.setExecutorResponse(HandlerConstants.TOKEN_IS_EXPIRED); return proxyResponse; } else { proxyResponse.setCode(statusCode); @@ -161,8 +163,8 @@ public class HandlerUtil { } resp.setStatus(proxyResponse.getCode()); - resp.setContentType("application/json"); - resp.setCharacterEncoding("UTF-8"); + resp.setContentType(ContentType.APPLICATION_JSON.getMimeType()); + resp.setCharacterEncoding(Consts.UTF_8.name()); if (httpSession != null) { JsonObject uiConfig = (JsonObject) httpSession.getAttribute(HandlerConstants.UI_CONFIG_KEY); @@ -192,13 +194,13 @@ public class HandlerUtil { public static void handleSuccess(HttpServletRequest req, HttpServletResponse resp, String serverUrl, String platform, ProxyResponse proxyResponse) throws IOException { if (proxyResponse == null){ - handleError(req,resp,serverUrl,platform,proxyResponse); + handleError(req, resp, serverUrl, platform, null); return; } resp.setStatus(proxyResponse.getCode()); - resp.setContentType("application/json"); - resp.setCharacterEncoding("UTF-8"); + resp.setContentType(ContentType.APPLICATION_JSON.getMimeType()); + resp.setCharacterEncoding(Consts.UTF_8.name()); JSONObject response = new JSONObject(); String redirectUrl = proxyResponse.getUrl(); diff --git a/pom.xml b/pom.xml index f3b33c70e1b..736ce68f984 100644 --- a/pom.xml +++ b/pom.xml @@ -1310,6 +1310,11 @@ httpcore ${apache.http.core.version} + + org.apache.httpcomponents + httpmime + ${apache.http.mime.version} + commons-lang.wso2 commons-lang @@ -2137,6 +2142,7 @@ 4.5.6 4.4.10 + 4.5.8 1.9