From 97df36842df27b293716f2d885b570bdf98fe08d Mon Sep 17 00:00:00 2001 From: Kamidu Sachith Date: Thu, 8 Oct 2015 14:02:29 +0530 Subject: [PATCH] Enabling OAuth Authentication for BackEnd Services --- .../backend-oauth-authenticator/pom.xml | 108 +++++++++++ .../backend/oauth/AuthenticatorException.java | 41 +++++ .../backend/oauth/OauthAuthenticator.java | 170 ++++++++++++++++++ .../oauth/OauthAuthenticatorConstants.java | 28 +++ .../OauthAuthenticatorServiceComponent.java | 56 ++++++ .../oauth/validator/OAuth2TokenValidator.java | 34 ++++ .../validator/OAuthValidationRespond.java | 57 ++++++ .../validator/OAuthValidatorFactory.java | 52 ++++++ .../impl/ExternalOAuthValidator.java | 98 ++++++++++ .../validator/impl/LocalOAuthValidator.java | 69 +++++++ components/identity-extensions/pom.xml | 1 + pom.xml | 21 ++- 12 files changed, 730 insertions(+), 5 deletions(-) create mode 100644 components/identity-extensions/backend-oauth-authenticator/pom.xml create mode 100755 components/identity-extensions/backend-oauth-authenticator/src/main/java/org/wso2/carbon/identity/authenticator/backend/oauth/AuthenticatorException.java create mode 100755 components/identity-extensions/backend-oauth-authenticator/src/main/java/org/wso2/carbon/identity/authenticator/backend/oauth/OauthAuthenticator.java create mode 100755 components/identity-extensions/backend-oauth-authenticator/src/main/java/org/wso2/carbon/identity/authenticator/backend/oauth/OauthAuthenticatorConstants.java create mode 100755 components/identity-extensions/backend-oauth-authenticator/src/main/java/org/wso2/carbon/identity/authenticator/backend/oauth/internal/OauthAuthenticatorServiceComponent.java create mode 100755 components/identity-extensions/backend-oauth-authenticator/src/main/java/org/wso2/carbon/identity/authenticator/backend/oauth/validator/OAuth2TokenValidator.java create mode 100755 components/identity-extensions/backend-oauth-authenticator/src/main/java/org/wso2/carbon/identity/authenticator/backend/oauth/validator/OAuthValidationRespond.java create mode 100755 components/identity-extensions/backend-oauth-authenticator/src/main/java/org/wso2/carbon/identity/authenticator/backend/oauth/validator/OAuthValidatorFactory.java create mode 100755 components/identity-extensions/backend-oauth-authenticator/src/main/java/org/wso2/carbon/identity/authenticator/backend/oauth/validator/impl/ExternalOAuthValidator.java create mode 100755 components/identity-extensions/backend-oauth-authenticator/src/main/java/org/wso2/carbon/identity/authenticator/backend/oauth/validator/impl/LocalOAuthValidator.java diff --git a/components/identity-extensions/backend-oauth-authenticator/pom.xml b/components/identity-extensions/backend-oauth-authenticator/pom.xml new file mode 100644 index 00000000000..ac4bc382e5c --- /dev/null +++ b/components/identity-extensions/backend-oauth-authenticator/pom.xml @@ -0,0 +1,108 @@ + + + + identity-extensions + org.wso2.carbon.devicemgt + 0.9.2-SNAPSHOT + + 4.0.0 + bundle + WSO2 Carbon - OAuth Back End Authenticator + org.wso2.carbon.identity.authenticator.backend.oauth + + + + org.wso2.carbon + org.wso2.carbon.utils + ${carbon.kernel.version} + + + org.wso2.carbon.identity + org.wso2.carbon.identity.base + ${carbon.identity.version} + + + org.wso2.carbon.identity + org.wso2.carbon.identity.core + ${carbon.identity.version} + + + org.wso2.carbon + org.wso2.carbon.core + ${carbon.kernel.version} + + + org.wso2.carbon + org.wso2.carbon.logging + ${carbon.kernel.version} + + + org.wso2.carbon.identity + org.wso2.carbon.identity.application.authentication.framework + ${carbon.identity.version} + + + org.wso2.carbon + org.wso2.carbon.core.services + ${carbon.kernel.version} + + + org.wso2.carbon.identity + org.wso2.carbon.identity.oauth + ${carbon.identity.version} + + + org.wso2.carbon.identity + org.wso2.carbon.identity.application.common + ${carbon.identity.version} + + + org.wso2.carbon.identity + org.wso2.carbon.identity.oauth.stub + + + + + + + org.apache.felix + maven-scr-plugin + + + org.apache.felix + maven-bundle-plugin + 1.4.0 + true + + + ${pom.artifactId} + ${pom.artifactId} + + org.wso2.sample.authenticator.internal + + + !org.wso2.sample.authenticator.internal, + org.wso2.sample.authenticator.*, + + + javax.servlet.http, + org.apache.commons.logging, + org.wso2.carbon.identity.application.authentication.framework.*, + org.wso2.carbon.identity.oauth2, + org.wso2.carbon.identity.oauth2.dto, + org.wso2.carbon.user.core.service, + org.wso2.carbon.utils.multitenancy + + + org.wso2.carbon.identity.authenticator.backend.oauth.*; + + * + + + + + + + \ No newline at end of file diff --git a/components/identity-extensions/backend-oauth-authenticator/src/main/java/org/wso2/carbon/identity/authenticator/backend/oauth/AuthenticatorException.java b/components/identity-extensions/backend-oauth-authenticator/src/main/java/org/wso2/carbon/identity/authenticator/backend/oauth/AuthenticatorException.java new file mode 100755 index 00000000000..05bc3d69f70 --- /dev/null +++ b/components/identity-extensions/backend-oauth-authenticator/src/main/java/org/wso2/carbon/identity/authenticator/backend/oauth/AuthenticatorException.java @@ -0,0 +1,41 @@ +/* +* Copyright (c) 2015 WSO2 Inc. (http://www.wso2.org) All Rights Reserved. +* +* WSO2 Inc. licenses this file to you under the Apache License, +* Version 2.0 (the "License"); you may not use this file except +* in compliance with the License. +* You may obtain a copy of the License at +* +* http://www.apache.org/licenses/LICENSE-2.0 +* +* Unless required by applicable law or agreed to in writing, +* software distributed under the License is distributed on an +* "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY +* KIND, either express or implied. See the License for the +* specific language governing permissions and limitations +* under the License. +*/ +package org.wso2.carbon.identity.authenticator.backend.oauth; + +/** + *Custom exception for backend OAuth authentication + */ +@SuppressWarnings("unused") +public class AuthenticatorException extends Exception { + + private static final long serialVersionUID = 1L; + + public AuthenticatorException(String message) { + super(message); + } + + public AuthenticatorException(Throwable e) { + super(e); + } + + public AuthenticatorException(String message, Throwable e) { + super(message, e); + } + + +} diff --git a/components/identity-extensions/backend-oauth-authenticator/src/main/java/org/wso2/carbon/identity/authenticator/backend/oauth/OauthAuthenticator.java b/components/identity-extensions/backend-oauth-authenticator/src/main/java/org/wso2/carbon/identity/authenticator/backend/oauth/OauthAuthenticator.java new file mode 100755 index 00000000000..43877ba832c --- /dev/null +++ b/components/identity-extensions/backend-oauth-authenticator/src/main/java/org/wso2/carbon/identity/authenticator/backend/oauth/OauthAuthenticator.java @@ -0,0 +1,170 @@ +/* + * Copyright (c) 2015 WSO2 Inc. (http://www.wso2.org) All Rights Reserved. + * + * WSO2 Inc. licenses this file to you under the Apache License, + * Version 2.0 (the "License"); you may not use this file except + * in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, + * software distributed under the License is distributed on an + * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY + * KIND, either express or implied. See the License for the + * specific language governing permissions and limitations + * under the License. + */ +package org.wso2.carbon.identity.authenticator.backend.oauth; + +import org.apache.axis2.context.MessageContext; +import org.apache.axis2.transport.http.HTTPConstants; +import org.apache.commons.logging.Log; +import org.apache.commons.logging.LogFactory; +import org.wso2.carbon.base.MultitenantConstants; +import org.wso2.carbon.core.security.AuthenticatorsConfiguration; +import org.wso2.carbon.core.services.authentication.CarbonServerAuthenticator; +import org.wso2.carbon.utils.ServerConstants; +import org.wso2.carbon.identity.authenticator.backend.oauth.validator.OAuth2TokenValidator; +import org.wso2.carbon.identity.authenticator.backend.oauth.validator.OAuthValidationRespond; +import org.wso2.carbon.identity.authenticator.backend.oauth.validator.OAuthValidatorFactory; + +import javax.servlet.http.HttpServletRequest; +import javax.servlet.http.HttpSession; +import java.rmi.RemoteException; + +/** + * This is a custom back end authenticator for enable OAuth token authentication for admin services + */ +public class OauthAuthenticator implements CarbonServerAuthenticator { + + private static final Log log = LogFactory.getLog(OauthAuthenticator.class); + private static final int PRIORITY = 5; + private static final int ACCESS_TOKEN_INDEX = 1; + + private static String hostUrl = ""; + private static boolean isRemote = false; + + static { + AuthenticatorsConfiguration authenticatorsConfiguration = AuthenticatorsConfiguration.getInstance(); + AuthenticatorsConfiguration.AuthenticatorConfig authenticatorConfig = authenticatorsConfiguration.getAuthenticatorConfig(OauthAuthenticatorConstants.AUTHENTICATOR_NAME); + + if (authenticatorConfig != null) { + isRemote = Boolean.parseBoolean(authenticatorConfig.getParameters().get("isRemote")); + hostUrl = authenticatorConfig.getParameters().get("hostURL"); + + } + } + + /** + * Checks whether the authentication of the context can be handled using this authenticator. + * + * @param messageContext containing the request need to be authenticated. + * @return boolean indicating whether the request can be authenticated by this Authenticator. + */ + public boolean isHandle(MessageContext messageContext) { + HttpServletRequest httpServletRequest = getHttpRequest(messageContext); + String headerValue = httpServletRequest.getHeader(HTTPConstants.HEADER_AUTHORIZATION); + + if (headerValue != null && !headerValue.trim().isEmpty()) { + String[] headerPart = headerValue.trim().split(OauthAuthenticatorConstants.SPLITING_CHARACTOR); + + if (OauthAuthenticatorConstants.AUTHORIZATION_HEADER_PREFIX_BEARER.equals(headerPart[0])) { + return true; + } + } else if (httpServletRequest.getParameter(OauthAuthenticatorConstants.BEARER_TOKEN_IDENTIFIER) != null) { + return true; + } + return false; + } + + /** + * Authenticates the user using the provided OAuth token and returns the status as a boolean. + * Sets the tenant domain and tenant friendly username to the session as attributes. + * + * @param messageContext containing the request need to be authenticated. + * @return boolean indicating the authentication status. + */ + public boolean isAuthenticated(MessageContext messageContext) { + HttpServletRequest httpServletRequest = getHttpRequest(messageContext); + String headerValue = httpServletRequest.getHeader(HTTPConstants.HEADER_AUTHORIZATION); + //split the header value to separate the identity type and the token. + String[] headerPart = headerValue.trim().split(OauthAuthenticatorConstants.SPLITING_CHARACTOR); + String accessToken = headerPart[ACCESS_TOKEN_INDEX]; + OAuth2TokenValidator tokenValidator = OAuthValidatorFactory.getValidator(isRemote,hostUrl); + + if (tokenValidator == null) { + log.error("OAuthValidationFactory failed to return a validator", + new AuthenticatorException("OAuthValidatorFactory Failed to determine the validator")); + return false; + } + + OAuthValidationRespond respond = null; + try { + respond = tokenValidator.validateToken(accessToken); + } catch (RemoteException e) { + log.error("Failed to validate the OAuth token provided.", e); + } + + if (respond != null && respond.isValid()) { + HttpSession session; + + if ((session = httpServletRequest.getSession(false)) != null) { + session.setAttribute(MultitenantConstants.TENANT_DOMAIN, respond.getTenantDomain()); + session.setAttribute(ServerConstants.USER_LOGGED_IN, respond.getUserName()); + + if (log.isDebugEnabled()) { + log.debug("Authentication successful for " + session.getAttribute(ServerConstants.USER_LOGGED_IN)); + } + } + return true; + } + + if (log.isDebugEnabled()) { + log.debug("Authentication failed.Illegal attempt from session " + httpServletRequest.getSession().getId()); + } + return false; + } + + /** + * this method is currently not implemented. + * + * @param messageContext containing the request need to be authenticated. + * @return boolean + */ + public boolean authenticateWithRememberMe(MessageContext messageContext) { + throw new UnsupportedOperationException(); + } + + /** + * @return string Authenticator name. + */ + public String getAuthenticatorName() { + return OauthAuthenticatorConstants.AUTHENTICATOR_NAME; + } + + /** + * @return int priority of the authenticator. + */ + public int getPriority() { + return PRIORITY; + } + + /** + * @return boolean true for enable or otherwise for disable status. + */ + public boolean isDisabled() { + return false; + } + + /** + * Retrieve HTTP Servlet Request form thr Message Context. + * + * @param messageContext Containing the Servlet Request for backend authentication. + * @return HTTPServletRequest. + */ + private HttpServletRequest getHttpRequest(MessageContext messageContext) { + return (HttpServletRequest) messageContext.getProperty(HTTPConstants.MC_HTTP_SERVLETREQUEST); + } + +} diff --git a/components/identity-extensions/backend-oauth-authenticator/src/main/java/org/wso2/carbon/identity/authenticator/backend/oauth/OauthAuthenticatorConstants.java b/components/identity-extensions/backend-oauth-authenticator/src/main/java/org/wso2/carbon/identity/authenticator/backend/oauth/OauthAuthenticatorConstants.java new file mode 100755 index 00000000000..badaf8dbed4 --- /dev/null +++ b/components/identity-extensions/backend-oauth-authenticator/src/main/java/org/wso2/carbon/identity/authenticator/backend/oauth/OauthAuthenticatorConstants.java @@ -0,0 +1,28 @@ +/* +* Copyright (c) 2015 WSO2 Inc. (http://www.wso2.org) All Rights Reserved. +* +* WSO2 Inc. licenses this file to you under the Apache License, +* Version 2.0 (the "License"); you may not use this file except +* in compliance with the License. +* You may obtain a copy of the License at +* +* http://www.apache.org/licenses/LICENSE-2.0 +* +* Unless required by applicable law or agreed to in writing, +* software distributed under the License is distributed on an +* "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY +* KIND, either express or implied. See the License for the +* specific language governing permissions and limitations +* under the License. +*/ +package org.wso2.carbon.identity.authenticator.backend.oauth; + +public class OauthAuthenticatorConstants { + public static final String AUTHORIZATION_HEADER_PREFIX_BEARER = "Bearer"; + public static final String BEARER_TOKEN_TYPE = "bearer"; + public static final String BEARER_TOKEN_IDENTIFIER = "token"; + public static final String AUTHENTICATOR_NAME = "BackEndOAuthAuthenticator"; + public static final String SPLITING_CHARACTOR = " "; + public static String OAUTH_ENDPOINT_POSTFIX = + "/services/OAuth2TokenValidationService.OAuth2TokenValidationServiceHttpsSoap12Endpoint/"; +} diff --git a/components/identity-extensions/backend-oauth-authenticator/src/main/java/org/wso2/carbon/identity/authenticator/backend/oauth/internal/OauthAuthenticatorServiceComponent.java b/components/identity-extensions/backend-oauth-authenticator/src/main/java/org/wso2/carbon/identity/authenticator/backend/oauth/internal/OauthAuthenticatorServiceComponent.java new file mode 100755 index 00000000000..59577ac633b --- /dev/null +++ b/components/identity-extensions/backend-oauth-authenticator/src/main/java/org/wso2/carbon/identity/authenticator/backend/oauth/internal/OauthAuthenticatorServiceComponent.java @@ -0,0 +1,56 @@ +/* +* Copyright (c) 2015 WSO2 Inc. (http://www.wso2.org) All Rights Reserved. +* +* WSO2 Inc. licenses this file to you under the Apache License, +* Version 2.0 (the "License"); you may not use this file except +* in compliance with the License. +* You may obtain a copy of the License at +* +* http://www.apache.org/licenses/LICENSE-2.0 +* +* Unless required by applicable law or agreed to in writing, +* software distributed under the License is distributed on an +* "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY +* KIND, either express or implied. See the License for the +* specific language governing permissions and limitations +* under the License. +*/ + +package org.wso2.carbon.identity.authenticator.backend.oauth.internal; + +import org.apache.commons.logging.Log; +import org.apache.commons.logging.LogFactory; +import org.osgi.service.component.ComponentContext; +import org.wso2.carbon.core.services.authentication.CarbonServerAuthenticator; +import org.wso2.carbon.identity.authenticator.backend.oauth.OauthAuthenticator; + + +/** + * @scr.component component.name="org.wso2.carbon.identity.authenticator.backend.oauth.OauthAuthenticator" immediate="true" + */ +@SuppressWarnings("unused") +public class OauthAuthenticatorServiceComponent { + + private static final Log log = LogFactory.getLog(OauthAuthenticatorServiceComponent + .class); + + protected void activate(ComponentContext ctxt) { + try { + OauthAuthenticator oauthAuthenticator = new OauthAuthenticator(); + ctxt.getBundleContext().registerService(CarbonServerAuthenticator.class.getName(), + oauthAuthenticator, null); + if (log.isDebugEnabled()) { + log.debug("OAuth Authenticator bundle is activated"); + } + } catch (Throwable e) { + log.fatal(" Error while activating OAuth authenticator ", e); + } + } + + protected void deactivate(ComponentContext ctxt) { + if (log.isDebugEnabled()) { + log.debug("OAuth Authenticator bundle is deactivated"); + } + } + +} diff --git a/components/identity-extensions/backend-oauth-authenticator/src/main/java/org/wso2/carbon/identity/authenticator/backend/oauth/validator/OAuth2TokenValidator.java b/components/identity-extensions/backend-oauth-authenticator/src/main/java/org/wso2/carbon/identity/authenticator/backend/oauth/validator/OAuth2TokenValidator.java new file mode 100755 index 00000000000..7382fe1370d --- /dev/null +++ b/components/identity-extensions/backend-oauth-authenticator/src/main/java/org/wso2/carbon/identity/authenticator/backend/oauth/validator/OAuth2TokenValidator.java @@ -0,0 +1,34 @@ +/* +* Copyright (c) 2015 WSO2 Inc. (http://www.wso2.org) All Rights Reserved. +* +* WSO2 Inc. licenses this file to you under the Apache License, +* Version 2.0 (the "License"); you may not use this file except +* in compliance with the License. +* You may obtain a copy of the License at +* +* http://www.apache.org/licenses/LICENSE-2.0 +* +* Unless required by applicable law or agreed to in writing, +* software distributed under the License is distributed on an +* "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY +* KIND, either express or implied. See the License for the +* specific language governing permissions and limitations +* under the License. +*/ +package org.wso2.carbon.identity.authenticator.backend.oauth.validator; + +import java.rmi.RemoteException; + +/** + * Interface for the OAuth@TokenValidators + */ +public interface OAuth2TokenValidator { + /** + * This method gets a string accessToken and validates it and generate the OAuth2ClientApplicationDTO + * containing the validity and user details if valid. + * + * @param accessToken which need to be validated. + * @return OAuthValidationRespond with the validated results. + */ + OAuthValidationRespond validateToken(String accessToken) throws RemoteException; +} diff --git a/components/identity-extensions/backend-oauth-authenticator/src/main/java/org/wso2/carbon/identity/authenticator/backend/oauth/validator/OAuthValidationRespond.java b/components/identity-extensions/backend-oauth-authenticator/src/main/java/org/wso2/carbon/identity/authenticator/backend/oauth/validator/OAuthValidationRespond.java new file mode 100755 index 00000000000..1e45aa59236 --- /dev/null +++ b/components/identity-extensions/backend-oauth-authenticator/src/main/java/org/wso2/carbon/identity/authenticator/backend/oauth/validator/OAuthValidationRespond.java @@ -0,0 +1,57 @@ +/* +* Copyright (c) 2015 WSO2 Inc. (http://www.wso2.org) All Rights Reserved. +* +* WSO2 Inc. licenses this file to you under the Apache License, +* Version 2.0 (the "License"); you may not use this file except +* in compliance with the License. +* You may obtain a copy of the License at +* +* http://www.apache.org/licenses/LICENSE-2.0 +* +* Unless required by applicable law or agreed to in writing, +* software distributed under the License is distributed on an +* "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY +* KIND, either express or implied. See the License for the +* specific language governing permissions and limitations +* under the License. +*/ +package org.wso2.carbon.identity.authenticator.backend.oauth.validator; + +/** + * This class hold the validation information which can be retrieve by both remote and in house IDPs + */ +public class OAuthValidationRespond { + private String userName; + private String tenantDomain; + private boolean isValid; + + public OAuthValidationRespond(String userName, String tenantDomain, boolean isValid) { + this.userName = userName; + this.tenantDomain = tenantDomain; + this.isValid = isValid; + } + + public String getUserName() { + return userName; + } + + public void setUserName(String userName) { + this.userName = userName; + } + + public String getTenantDomain() { + return tenantDomain; + } + + public void setTenantDomain(String tenantDomain) { + this.tenantDomain = tenantDomain; + } + + public boolean isValid() { + return isValid; + } + + public void setIsValid(boolean isValid) { + this.isValid = isValid; + } +} \ No newline at end of file diff --git a/components/identity-extensions/backend-oauth-authenticator/src/main/java/org/wso2/carbon/identity/authenticator/backend/oauth/validator/OAuthValidatorFactory.java b/components/identity-extensions/backend-oauth-authenticator/src/main/java/org/wso2/carbon/identity/authenticator/backend/oauth/validator/OAuthValidatorFactory.java new file mode 100755 index 00000000000..e3dab669c6a --- /dev/null +++ b/components/identity-extensions/backend-oauth-authenticator/src/main/java/org/wso2/carbon/identity/authenticator/backend/oauth/validator/OAuthValidatorFactory.java @@ -0,0 +1,52 @@ +/* +* Copyright (c) 2015 WSO2 Inc. (http://www.wso2.org) All Rights Reserved. +* +* WSO2 Inc. licenses this file to you under the Apache License, +* Version 2.0 (the "License"); you may not use this file except +* in compliance with the License. +* You may obtain a copy of the License at +* +* http://www.apache.org/licenses/LICENSE-2.0 +* +* Unless required by applicable law or agreed to in writing, +* software distributed under the License is distributed on an +* "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY +* KIND, either express or implied. See the License for the +* specific language governing permissions and limitations +* under the License. +*/ +package org.wso2.carbon.identity.authenticator.backend.oauth.validator; + +import org.apache.commons.logging.Log; +import org.apache.commons.logging.LogFactory; +import org.wso2.carbon.identity.authenticator.backend.oauth.AuthenticatorException; +import org.wso2.carbon.identity.authenticator.backend.oauth.OauthAuthenticatorConstants; +import org.wso2.carbon.identity.authenticator.backend.oauth.validator.impl.ExternalOAuthValidator; +import org.wso2.carbon.identity.authenticator.backend.oauth.validator.impl.LocalOAuthValidator; + +/** + * the class validate the configurations and provide the most suitable implementation according to the configuration. + * Factory class for OAuthValidator. + */ +public class OAuthValidatorFactory { + private static Log log = LogFactory.getLog(OAuthValidatorFactory.class); + + /** + * the method check the configuration and provide the appropriate implementation for OAuth2TokenValidator + * + * @return OAuth2TokenValidator + */ + public static OAuth2TokenValidator getValidator(boolean isRemote ,String hostURL) { + if(isRemote){ + if(!(hostURL == null || hostURL.trim().isEmpty())){ + hostURL = hostURL + OauthAuthenticatorConstants.OAUTH_ENDPOINT_POSTFIX; + return new ExternalOAuthValidator(hostURL); + }else { + log.error("IDP Configuration error", + new AuthenticatorException("Remote server name and ip both can't be empty")); + return null; + } + } + return new LocalOAuthValidator(); + } +} diff --git a/components/identity-extensions/backend-oauth-authenticator/src/main/java/org/wso2/carbon/identity/authenticator/backend/oauth/validator/impl/ExternalOAuthValidator.java b/components/identity-extensions/backend-oauth-authenticator/src/main/java/org/wso2/carbon/identity/authenticator/backend/oauth/validator/impl/ExternalOAuthValidator.java new file mode 100755 index 00000000000..4a337e9a9cf --- /dev/null +++ b/components/identity-extensions/backend-oauth-authenticator/src/main/java/org/wso2/carbon/identity/authenticator/backend/oauth/validator/impl/ExternalOAuthValidator.java @@ -0,0 +1,98 @@ +/* +* Copyright (c) 2015 WSO2 Inc. (http://www.wso2.org) All Rights Reserved. +* +* WSO2 Inc. licenses this file to you under the Apache License, +* Version 2.0 (the "License"); you may not use this file except +* in compliance with the License. +* You may obtain a copy of the License at +* +* http://www.apache.org/licenses/LICENSE-2.0 +* +* Unless required by applicable law or agreed to in writing, +* software distributed under the License is distributed on an +* "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY +* KIND, either express or implied. See the License for the +* specific language governing permissions and limitations +* under the License. +*/ +package org.wso2.carbon.identity.authenticator.backend.oauth.validator.impl; + +import org.apache.axis2.client.Options; +import org.apache.axis2.client.ServiceClient; +import org.apache.axis2.transport.http.HTTPConstants; +import org.apache.commons.httpclient.Header; +import org.wso2.carbon.identity.oauth2.stub.OAuth2TokenValidationServiceStub; +import org.wso2.carbon.identity.oauth2.stub.dto.OAuth2ClientApplicationDTO; +import org.wso2.carbon.identity.oauth2.stub.dto.OAuth2TokenValidationRequestDTO; +import org.wso2.carbon.identity.oauth2.stub.dto.OAuth2TokenValidationRequestDTO_OAuth2AccessToken; +import org.wso2.carbon.identity.oauth2.stub.dto.OAuth2TokenValidationRequestDTO_TokenValidationContextParam; +import org.wso2.carbon.utils.multitenancy.MultitenantUtils; +import org.wso2.carbon.identity.authenticator.backend.oauth.OauthAuthenticatorConstants; +import org.wso2.carbon.identity.authenticator.backend.oauth.validator.OAuth2TokenValidator; +import org.wso2.carbon.identity.authenticator.backend.oauth.validator.OAuthValidationRespond; + +import java.rmi.RemoteException; +import java.util.ArrayList; +import java.util.List; + +/** + * Handles the Authentication form external IDP servers. + * Currently only supports WSO2 IS. + * External IDP support is planned for future. + */ +public class ExternalOAuthValidator implements OAuth2TokenValidator{ + protected String hostURL ; + + public ExternalOAuthValidator(String hostURL) { + this.hostURL = hostURL; + } + /** + * This method gets a string accessToken and validates it and generate the OAuth2ClientApplicationDTO + * containing the validity and user details if valid. + * + * @param token which need to be validated. + * @return OAuthValidationRespond with the validated results. + */ + public OAuthValidationRespond validateToken(String token) throws RemoteException { + + // create an OAuth token validating request DTO + OAuth2TokenValidationRequestDTO validationRequest = new OAuth2TokenValidationRequestDTO(); + + // create access token object to validate and populate it + OAuth2TokenValidationRequestDTO_OAuth2AccessToken accessToken = + new OAuth2TokenValidationRequestDTO_OAuth2AccessToken(); + accessToken.setTokenType(OauthAuthenticatorConstants.BEARER_TOKEN_TYPE); + accessToken.setIdentifier(token); + OAuth2TokenValidationRequestDTO_TokenValidationContextParam tokenValidationContextParam[] = + new OAuth2TokenValidationRequestDTO_TokenValidationContextParam[1]; + validationRequest.setContext(tokenValidationContextParam); + + //set the token to the validation request + validationRequest.setAccessToken(accessToken); + OAuth2TokenValidationServiceStub validationService = + new OAuth2TokenValidationServiceStub(hostURL); + ServiceClient client = validationService._getServiceClient(); + Options options = client.getOptions(); + List
list = new ArrayList<>(); + Header header = new Header(); + header.setName(HTTPConstants.HEADER_AUTHORIZATION); + header.setValue(OauthAuthenticatorConstants.AUTHORIZATION_HEADER_PREFIX_BEARER+ " " + token); + list.add(header); + options.setProperty(org.apache.axis2.transport.http.HTTPConstants.HTTP_HEADERS, list); + client.setOptions(options); + OAuth2ClientApplicationDTO respond = + validationService.findOAuthConsumerIfTokenIsValid(validationRequest); + boolean isValid = respond.getAccessTokenValidationResponse().getValid(); + String userName = null; + String tenantDomain = null; + + if(isValid){ + userName = MultitenantUtils.getTenantAwareUsername( + respond.getAccessTokenValidationResponse().getAuthorizedUser()); + tenantDomain = + MultitenantUtils.getTenantDomain(respond.getAccessTokenValidationResponse().getAuthorizedUser()); + } + + return new OAuthValidationRespond(userName,tenantDomain,isValid); + } +} diff --git a/components/identity-extensions/backend-oauth-authenticator/src/main/java/org/wso2/carbon/identity/authenticator/backend/oauth/validator/impl/LocalOAuthValidator.java b/components/identity-extensions/backend-oauth-authenticator/src/main/java/org/wso2/carbon/identity/authenticator/backend/oauth/validator/impl/LocalOAuthValidator.java new file mode 100755 index 00000000000..d81e7f3531d --- /dev/null +++ b/components/identity-extensions/backend-oauth-authenticator/src/main/java/org/wso2/carbon/identity/authenticator/backend/oauth/validator/impl/LocalOAuthValidator.java @@ -0,0 +1,69 @@ + +/* +* Copyright (c) 2015 WSO2 Inc. (http://www.wso2.org) All Rights Reserved. +* +* WSO2 Inc. licenses this file to you under the Apache License, +* Version 2.0 (the "License"); you may not use this file except +* in compliance with the License. +* You may obtain a copy of the License at +* +* http://www.apache.org/licenses/LICENSE-2.0 +* +* Unless required by applicable law or agreed to in writing, +* software distributed under the License is distributed on an +* "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY +* KIND, either express or implied. See the License for the +* specific language governing permissions and limitations +* under the License. +*/ +package org.wso2.carbon.identity.authenticator.backend.oauth.validator.impl; + +import org.wso2.carbon.identity.oauth2.OAuth2TokenValidationService; +import org.wso2.carbon.identity.oauth2.dto.OAuth2ClientApplicationDTO; +import org.wso2.carbon.identity.oauth2.dto.OAuth2TokenValidationRequestDTO; +import org.wso2.carbon.utils.multitenancy.MultitenantUtils; +import org.wso2.carbon.identity.authenticator.backend.oauth.OauthAuthenticatorConstants; +import org.wso2.carbon.identity.authenticator.backend.oauth.validator.OAuth2TokenValidator; +import org.wso2.carbon.identity.authenticator.backend.oauth.validator.OAuthValidationRespond; + +/** + * Handles the authentication using the inbuilt IS features. + */ +public class LocalOAuthValidator implements OAuth2TokenValidator { + /** + * This method gets a string accessToken and validates it and generate the OAuth2ClientApplicationDTO + * containing the validity and user details if valid. + * + * @param token which need to be validated. + * @return OAuthValidationRespond with the validated results. + */ + public OAuthValidationRespond validateToken(String token) { + // create an OAuth token validating request DTO + OAuth2TokenValidationRequestDTO validationRequest = new OAuth2TokenValidationRequestDTO(); + // create access token object to validate and populate it + OAuth2TokenValidationRequestDTO.OAuth2AccessToken accessToken = + validationRequest.new OAuth2AccessToken(); + accessToken.setTokenType(OauthAuthenticatorConstants.BEARER_TOKEN_TYPE); + accessToken.setIdentifier(token); + //the workaround till the version is upgraded in both is and EMM to be the same. + OAuth2TokenValidationRequestDTO.TokenValidationContextParam tokenValidationContextParam[] = + new OAuth2TokenValidationRequestDTO.TokenValidationContextParam[1]; + //== + validationRequest.setContext(tokenValidationContextParam); + //set the token to the validation request + validationRequest.setAccessToken(accessToken); + OAuth2TokenValidationService validationService = new OAuth2TokenValidationService(); + OAuth2ClientApplicationDTO respond = validationService. + findOAuthConsumerIfTokenIsValid(validationRequest); + boolean isValid = respond.getAccessTokenValidationResponse().isValid(); + String userName = null; + String tenantDomain = null; + if(isValid){ + userName = MultitenantUtils.getTenantAwareUsername( + respond.getAccessTokenValidationResponse().getAuthorizedUser()); + tenantDomain = + MultitenantUtils.getTenantDomain(respond.getAccessTokenValidationResponse().getAuthorizedUser()); + } + return new OAuthValidationRespond(userName,tenantDomain,isValid); + } +} diff --git a/components/identity-extensions/pom.xml b/components/identity-extensions/pom.xml index 78a24d9adb0..8dbb24619dd 100644 --- a/components/identity-extensions/pom.xml +++ b/components/identity-extensions/pom.xml @@ -37,6 +37,7 @@ org.wso2.carbon.device.mgt.oauth.extensions dynamic-client-registration + backend-oauth-authenticator diff --git a/pom.xml b/pom.xml index 26df26d760a..fbfa9406f04 100644 --- a/pom.xml +++ b/pom.xml @@ -941,6 +941,22 @@ org.wso2.carbon.identity.oauth.stub ${carbon.identity.version} + + org.wso2.carbon.identity + org.wso2.carbon.identity.application.authentication.framework + ${carbon.identity.version} + + + + org.wso2.carbon.identity + org.wso2.carbon.identity.oauth + ${carbon.identity.version} + + + org.wso2.carbon.identity + org.wso2.carbon.identity.application.common + ${carbon.identity.version} + @@ -1126,11 +1142,6 @@ - - org.wso2.carbon.identity - org.wso2.carbon.identity.oauth - ${carbon.identity.version} - org.wso2.carbon.identity org.wso2.carbon.identity.sso.saml