forked from community/device-mgt-core
Merge branch 'master' of https://github.com/wso2/carbon-device-mgt
commit
a0ebec9f3d
@ -0,0 +1,123 @@
|
|||||||
|
<?xml version="1.0" encoding="UTF-8"?>
|
||||||
|
<!--
|
||||||
|
~ Copyright (c) 2015, WSO2 Inc. (http://www.wso2.org) All Rights Reserved.
|
||||||
|
~
|
||||||
|
~ WSO2 Inc. licenses this file to you under the Apache License,
|
||||||
|
~ Version 2.0 (the "License"); you may not use this file except
|
||||||
|
~ in compliance with the License.
|
||||||
|
~ you may obtain a copy of the License at
|
||||||
|
~
|
||||||
|
~ http://www.apache.org/licenses/LICENSE-2.0
|
||||||
|
~
|
||||||
|
~ Unless required by applicable law or agreed to in writing,
|
||||||
|
~ software distributed under the License is distributed on an
|
||||||
|
~ "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
|
||||||
|
~ KIND, either express or implied. See the License for the
|
||||||
|
~ specific language governing permissions and limitations
|
||||||
|
~ under the License.
|
||||||
|
-->
|
||||||
|
<project xmlns="http://maven.apache.org/POM/4.0.0"
|
||||||
|
xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
|
||||||
|
xsi:schemaLocation="http://maven.apache.org/POM/4.0.0 http://maven.apache.org/xsd/maven-4.0.0.xsd">
|
||||||
|
<parent>
|
||||||
|
<artifactId>identity-extensions</artifactId>
|
||||||
|
<groupId>org.wso2.carbon.devicemgt</groupId>
|
||||||
|
<version>0.9.2-SNAPSHOT</version>
|
||||||
|
</parent>
|
||||||
|
<modelVersion>4.0.0</modelVersion>
|
||||||
|
<packaging>bundle</packaging>
|
||||||
|
<name>WSO2 Carbon - OAuth Back End Authenticator </name>
|
||||||
|
<artifactId>org.wso2.carbon.identity.authenticator.backend.oauth</artifactId>
|
||||||
|
|
||||||
|
<dependencies>
|
||||||
|
<dependency>
|
||||||
|
<groupId>org.wso2.carbon</groupId>
|
||||||
|
<artifactId>org.wso2.carbon.utils</artifactId>
|
||||||
|
</dependency>
|
||||||
|
<dependency>
|
||||||
|
<groupId>org.wso2.carbon.identity</groupId>
|
||||||
|
<artifactId>org.wso2.carbon.identity.base</artifactId>
|
||||||
|
</dependency>
|
||||||
|
<dependency>
|
||||||
|
<groupId>org.wso2.carbon.identity</groupId>
|
||||||
|
<artifactId>org.wso2.carbon.identity.core</artifactId>
|
||||||
|
</dependency>
|
||||||
|
<dependency>
|
||||||
|
<groupId>org.wso2.carbon</groupId>
|
||||||
|
<artifactId>org.wso2.carbon.core</artifactId>
|
||||||
|
</dependency>
|
||||||
|
<dependency>
|
||||||
|
<groupId>org.wso2.carbon</groupId>
|
||||||
|
<artifactId>org.wso2.carbon.logging</artifactId>
|
||||||
|
</dependency>
|
||||||
|
<dependency>
|
||||||
|
<groupId>org.wso2.carbon.identity</groupId>
|
||||||
|
<artifactId>org.wso2.carbon.identity.application.authentication.framework</artifactId>
|
||||||
|
</dependency>
|
||||||
|
<dependency>
|
||||||
|
<groupId>org.wso2.carbon</groupId>
|
||||||
|
<artifactId>org.wso2.carbon.core.services</artifactId>
|
||||||
|
</dependency>
|
||||||
|
<dependency>
|
||||||
|
<groupId>org.wso2.carbon.identity</groupId>
|
||||||
|
<artifactId>org.wso2.carbon.identity.oauth</artifactId>
|
||||||
|
</dependency>
|
||||||
|
<dependency>
|
||||||
|
<groupId>org.wso2.carbon.identity</groupId>
|
||||||
|
<artifactId>org.wso2.carbon.identity.application.common</artifactId>
|
||||||
|
</dependency>
|
||||||
|
<dependency>
|
||||||
|
<groupId>org.wso2.carbon.identity</groupId>
|
||||||
|
<artifactId>org.wso2.carbon.identity.oauth.stub</artifactId>
|
||||||
|
</dependency>
|
||||||
|
</dependencies>
|
||||||
|
|
||||||
|
<build>
|
||||||
|
<plugins>
|
||||||
|
<plugin>
|
||||||
|
<groupId>org.apache.felix</groupId>
|
||||||
|
<artifactId>maven-scr-plugin</artifactId>
|
||||||
|
</plugin>
|
||||||
|
<plugin>
|
||||||
|
<groupId>org.apache.felix</groupId>
|
||||||
|
<artifactId>maven-bundle-plugin</artifactId>
|
||||||
|
<version>1.4.0</version>
|
||||||
|
<extensions>true</extensions>
|
||||||
|
<configuration>
|
||||||
|
<instructions>
|
||||||
|
<Bundle-SymbolicName>${pom.artifactId}</Bundle-SymbolicName>
|
||||||
|
<Bundle-Name>${pom.artifactId}</Bundle-Name>
|
||||||
|
<Private-Package>
|
||||||
|
org.wso2.sample.authenticator.internal
|
||||||
|
</Private-Package>
|
||||||
|
<Export-Package>
|
||||||
|
!org.wso2.sample.authenticator.internal,
|
||||||
|
org.wso2.sample.authenticator.*,
|
||||||
|
</Export-Package>
|
||||||
|
<Import-Package>
|
||||||
|
javax.servlet.http,
|
||||||
|
org.apache.commons.logging,
|
||||||
|
org.wso2.carbon.identity.application.authentication.framework.*,
|
||||||
|
org.wso2.carbon.identity.oauth2,
|
||||||
|
org.wso2.carbon.identity.oauth2.dto,
|
||||||
|
org.wso2.carbon.user.core.service,
|
||||||
|
org.wso2.carbon.utils.multitenancy,
|
||||||
|
org.apache.axis2.client,
|
||||||
|
org.apache.axis2.context,
|
||||||
|
org.apache.axis2.transport.http,
|
||||||
|
org.apache.commons.httpclient,
|
||||||
|
org.osgi.framework,
|
||||||
|
org.osgi.service.component,
|
||||||
|
org.wso2.carbon.core.security,
|
||||||
|
org.wso2.carbon.core.services.authentication,
|
||||||
|
org.wso2.carbon.identity.oauth2.stub,
|
||||||
|
org.wso2.carbon.identity.oauth2.stub.dto,
|
||||||
|
org.wso2.carbon.base,
|
||||||
|
org.wso2.carbon.utils
|
||||||
|
</Import-Package>
|
||||||
|
</instructions>
|
||||||
|
</configuration>
|
||||||
|
</plugin>
|
||||||
|
</plugins>
|
||||||
|
</build>
|
||||||
|
</project>
|
@ -0,0 +1,41 @@
|
|||||||
|
/*
|
||||||
|
* Copyright (c) 2015 WSO2 Inc. (http://www.wso2.org) All Rights Reserved.
|
||||||
|
*
|
||||||
|
* WSO2 Inc. licenses this file to you under the Apache License,
|
||||||
|
* Version 2.0 (the "License"); you may not use this file except
|
||||||
|
* in compliance with the License.
|
||||||
|
* You may obtain a copy of the License at
|
||||||
|
*
|
||||||
|
* http://www.apache.org/licenses/LICENSE-2.0
|
||||||
|
*
|
||||||
|
* Unless required by applicable law or agreed to in writing,
|
||||||
|
* software distributed under the License is distributed on an
|
||||||
|
* "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
|
||||||
|
* KIND, either express or implied. See the License for the
|
||||||
|
* specific language governing permissions and limitations
|
||||||
|
* under the License.
|
||||||
|
*/
|
||||||
|
package org.wso2.carbon.identity.authenticator.backend.oauth;
|
||||||
|
|
||||||
|
/**
|
||||||
|
* Custom exception for backend OAuth authentication
|
||||||
|
*/
|
||||||
|
@SuppressWarnings("unused")
|
||||||
|
public class AuthenticatorException extends Exception {
|
||||||
|
|
||||||
|
private static final long serialVersionUID = 1L;
|
||||||
|
|
||||||
|
public AuthenticatorException(String message) {
|
||||||
|
super(message);
|
||||||
|
}
|
||||||
|
|
||||||
|
public AuthenticatorException(Throwable e) {
|
||||||
|
super(e);
|
||||||
|
}
|
||||||
|
|
||||||
|
public AuthenticatorException(String message, Throwable e) {
|
||||||
|
super(message, e);
|
||||||
|
}
|
||||||
|
|
||||||
|
|
||||||
|
}
|
@ -0,0 +1,161 @@
|
|||||||
|
/*
|
||||||
|
* Copyright (c) 2015 WSO2 Inc. (http://www.wso2.org) All Rights Reserved.
|
||||||
|
*
|
||||||
|
* WSO2 Inc. licenses this file to you under the Apache License,
|
||||||
|
* Version 2.0 (the "License"); you may not use this file except
|
||||||
|
* in compliance with the License.
|
||||||
|
* You may obtain a copy of the License at
|
||||||
|
*
|
||||||
|
* http://www.apache.org/licenses/LICENSE-2.0
|
||||||
|
*
|
||||||
|
* Unless required by applicable law or agreed to in writing,
|
||||||
|
* software distributed under the License is distributed on an
|
||||||
|
* "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
|
||||||
|
* KIND, either express or implied. See the License for the
|
||||||
|
* specific language governing permissions and limitations
|
||||||
|
* under the License.
|
||||||
|
*/
|
||||||
|
package org.wso2.carbon.identity.authenticator.backend.oauth;
|
||||||
|
|
||||||
|
import org.apache.axis2.context.MessageContext;
|
||||||
|
import org.apache.axis2.transport.http.HTTPConstants;
|
||||||
|
import org.apache.commons.logging.Log;
|
||||||
|
import org.apache.commons.logging.LogFactory;
|
||||||
|
import org.wso2.carbon.base.MultitenantConstants;
|
||||||
|
import org.wso2.carbon.core.security.AuthenticatorsConfiguration;
|
||||||
|
import org.wso2.carbon.core.services.authentication.CarbonServerAuthenticator;
|
||||||
|
import org.wso2.carbon.identity.authenticator.backend.oauth.validator.OAuthValidationResponse;
|
||||||
|
import org.wso2.carbon.utils.ServerConstants;
|
||||||
|
import org.wso2.carbon.identity.authenticator.backend.oauth.validator.OAuth2TokenValidator;
|
||||||
|
import org.wso2.carbon.identity.authenticator.backend.oauth.validator.OAuthValidatorFactory;
|
||||||
|
|
||||||
|
import javax.servlet.http.HttpServletRequest;
|
||||||
|
import javax.servlet.http.HttpSession;
|
||||||
|
import java.rmi.RemoteException;
|
||||||
|
|
||||||
|
/**
|
||||||
|
* This is a custom back end authenticator for enable OAuth token authentication for admin services
|
||||||
|
*/
|
||||||
|
public class OauthAuthenticator implements CarbonServerAuthenticator {
|
||||||
|
|
||||||
|
private static final Log log = LogFactory.getLog(OauthAuthenticator.class);
|
||||||
|
private static final int PRIORITY = 5;
|
||||||
|
private static final int ACCESS_TOKEN_INDEX = 1;
|
||||||
|
private OAuth2TokenValidator tokenValidator;
|
||||||
|
|
||||||
|
public OauthAuthenticator() {
|
||||||
|
AuthenticatorsConfiguration authenticatorsConfiguration = AuthenticatorsConfiguration.getInstance();
|
||||||
|
AuthenticatorsConfiguration.AuthenticatorConfig authenticatorConfig = authenticatorsConfiguration.
|
||||||
|
getAuthenticatorConfig(OauthAuthenticatorConstants.AUTHENTICATOR_NAME);
|
||||||
|
boolean isRemote;
|
||||||
|
String hostUrl;
|
||||||
|
if (authenticatorConfig != null) {
|
||||||
|
isRemote = Boolean.parseBoolean(authenticatorConfig.getParameters().get("isRemote"));
|
||||||
|
hostUrl = authenticatorConfig.getParameters().get("hostURL");
|
||||||
|
}else{
|
||||||
|
throw new IllegalArgumentException("Configuration parameters need to be defined in Authenticators.xml");
|
||||||
|
}
|
||||||
|
try {
|
||||||
|
tokenValidator = OAuthValidatorFactory.getValidator(isRemote, hostUrl);
|
||||||
|
} catch (IllegalArgumentException e) {
|
||||||
|
log.error("Failed to initialise Authenticator",e);
|
||||||
|
}
|
||||||
|
}
|
||||||
|
|
||||||
|
/**
|
||||||
|
* Checks whether the authentication of the context can be handled using this authenticator.
|
||||||
|
*
|
||||||
|
* @param messageContext containing the request need to be authenticated.
|
||||||
|
* @return boolean indicating whether the request can be authenticated by this Authenticator.
|
||||||
|
*/
|
||||||
|
public boolean isHandle(MessageContext messageContext) {
|
||||||
|
HttpServletRequest httpServletRequest = getHttpRequest(messageContext);
|
||||||
|
String headerValue = httpServletRequest.getHeader(HTTPConstants.HEADER_AUTHORIZATION);
|
||||||
|
if (headerValue != null && !headerValue.trim().isEmpty()) {
|
||||||
|
String[] headerPart = headerValue.trim().split(OauthAuthenticatorConstants.SPLITING_CHARACTOR);
|
||||||
|
if (OauthAuthenticatorConstants.AUTHORIZATION_HEADER_PREFIX_BEARER.equals(headerPart[0])) {
|
||||||
|
return true;
|
||||||
|
}
|
||||||
|
} else if (httpServletRequest.getParameter(OauthAuthenticatorConstants.BEARER_TOKEN_IDENTIFIER) != null) {
|
||||||
|
return true;
|
||||||
|
}
|
||||||
|
return false;
|
||||||
|
}
|
||||||
|
|
||||||
|
/**
|
||||||
|
* Authenticates the user using the provided OAuth token and returns the status as a boolean.
|
||||||
|
* Sets the tenant domain and tenant friendly username to the session as attributes.
|
||||||
|
*
|
||||||
|
* @param messageContext containing the request need to be authenticated.
|
||||||
|
* @return boolean indicating the authentication status.
|
||||||
|
*/
|
||||||
|
public boolean isAuthenticated(MessageContext messageContext) {
|
||||||
|
HttpServletRequest httpServletRequest = getHttpRequest(messageContext);
|
||||||
|
String headerValue = httpServletRequest.getHeader(HTTPConstants.HEADER_AUTHORIZATION);
|
||||||
|
String[] headerPart = headerValue.trim().split(OauthAuthenticatorConstants.SPLITING_CHARACTOR);
|
||||||
|
String accessToken = headerPart[ACCESS_TOKEN_INDEX];
|
||||||
|
OAuthValidationResponse response = null;
|
||||||
|
try {
|
||||||
|
response = tokenValidator.validateToken(accessToken);
|
||||||
|
} catch (RemoteException e) {
|
||||||
|
log.error("Failed to validate the OAuth token provided.", e);
|
||||||
|
}
|
||||||
|
if (response != null && response.isValid()) {
|
||||||
|
HttpSession session;
|
||||||
|
if ((session = httpServletRequest.getSession(false)) != null) {
|
||||||
|
session.setAttribute(MultitenantConstants.TENANT_DOMAIN, response.getTenantDomain());
|
||||||
|
session.setAttribute(ServerConstants.USER_LOGGED_IN, response.getUserName());
|
||||||
|
if (log.isDebugEnabled()) {
|
||||||
|
log.debug("Authentication successful for " + session.getAttribute(ServerConstants.USER_LOGGED_IN));
|
||||||
|
}
|
||||||
|
}
|
||||||
|
return true;
|
||||||
|
}
|
||||||
|
if (log.isDebugEnabled()) {
|
||||||
|
log.debug("Authentication failed.Illegal attempt from session " + httpServletRequest.getSession().getId());
|
||||||
|
}
|
||||||
|
return false;
|
||||||
|
}
|
||||||
|
|
||||||
|
/**
|
||||||
|
* this method is currently not implemented.
|
||||||
|
*
|
||||||
|
* @param messageContext containing the request need to be authenticated.
|
||||||
|
* @return boolean
|
||||||
|
*/
|
||||||
|
public boolean authenticateWithRememberMe(MessageContext messageContext) {
|
||||||
|
throw new UnsupportedOperationException();
|
||||||
|
}
|
||||||
|
|
||||||
|
/**
|
||||||
|
* @return string Authenticator name.
|
||||||
|
*/
|
||||||
|
public String getAuthenticatorName() {
|
||||||
|
return OauthAuthenticatorConstants.AUTHENTICATOR_NAME;
|
||||||
|
}
|
||||||
|
|
||||||
|
/**
|
||||||
|
* @return int priority of the authenticator.
|
||||||
|
*/
|
||||||
|
public int getPriority() {
|
||||||
|
return PRIORITY;
|
||||||
|
}
|
||||||
|
|
||||||
|
/**
|
||||||
|
* @return boolean true for enable or otherwise for disable status.
|
||||||
|
*/
|
||||||
|
public boolean isDisabled() {
|
||||||
|
return false;
|
||||||
|
}
|
||||||
|
|
||||||
|
/**
|
||||||
|
* Retrieve HTTP Servlet Request form thr Message Context.
|
||||||
|
*
|
||||||
|
* @param messageContext Containing the Servlet Request for backend authentication.
|
||||||
|
* @return HTTPServletRequest.
|
||||||
|
*/
|
||||||
|
private HttpServletRequest getHttpRequest(MessageContext messageContext) {
|
||||||
|
return (HttpServletRequest) messageContext.getProperty(HTTPConstants.MC_HTTP_SERVLETREQUEST);
|
||||||
|
}
|
||||||
|
|
||||||
|
}
|
@ -0,0 +1,28 @@
|
|||||||
|
/*
|
||||||
|
* Copyright (c) 2015 WSO2 Inc. (http://www.wso2.org) All Rights Reserved.
|
||||||
|
*
|
||||||
|
* WSO2 Inc. licenses this file to you under the Apache License,
|
||||||
|
* Version 2.0 (the "License"); you may not use this file except
|
||||||
|
* in compliance with the License.
|
||||||
|
* You may obtain a copy of the License at
|
||||||
|
*
|
||||||
|
* http://www.apache.org/licenses/LICENSE-2.0
|
||||||
|
*
|
||||||
|
* Unless required by applicable law or agreed to in writing,
|
||||||
|
* software distributed under the License is distributed on an
|
||||||
|
* "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
|
||||||
|
* KIND, either express or implied. See the License for the
|
||||||
|
* specific language governing permissions and limitations
|
||||||
|
* under the License.
|
||||||
|
*/
|
||||||
|
package org.wso2.carbon.identity.authenticator.backend.oauth;
|
||||||
|
|
||||||
|
public class OauthAuthenticatorConstants {
|
||||||
|
public static final String AUTHORIZATION_HEADER_PREFIX_BEARER = "Bearer";
|
||||||
|
public static final String BEARER_TOKEN_TYPE = "bearer";
|
||||||
|
public static final String BEARER_TOKEN_IDENTIFIER = "token";
|
||||||
|
public static final String AUTHENTICATOR_NAME = "BackEndOAuthAuthenticator";
|
||||||
|
public static final String SPLITING_CHARACTOR = " ";
|
||||||
|
public static String OAUTH_ENDPOINT_POSTFIX =
|
||||||
|
"/services/OAuth2TokenValidationService.OAuth2TokenValidationServiceHttpsSoap12Endpoint/";
|
||||||
|
}
|
@ -0,0 +1,56 @@
|
|||||||
|
/*
|
||||||
|
* Copyright (c) 2015 WSO2 Inc. (http://www.wso2.org) All Rights Reserved.
|
||||||
|
*
|
||||||
|
* WSO2 Inc. licenses this file to you under the Apache License,
|
||||||
|
* Version 2.0 (the "License"); you may not use this file except
|
||||||
|
* in compliance with the License.
|
||||||
|
* You may obtain a copy of the License at
|
||||||
|
*
|
||||||
|
* http://www.apache.org/licenses/LICENSE-2.0
|
||||||
|
*
|
||||||
|
* Unless required by applicable law or agreed to in writing,
|
||||||
|
* software distributed under the License is distributed on an
|
||||||
|
* "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
|
||||||
|
* KIND, either express or implied. See the License for the
|
||||||
|
* specific language governing permissions and limitations
|
||||||
|
* under the License.
|
||||||
|
*/
|
||||||
|
|
||||||
|
package org.wso2.carbon.identity.authenticator.backend.oauth.internal;
|
||||||
|
|
||||||
|
import org.apache.commons.logging.Log;
|
||||||
|
import org.apache.commons.logging.LogFactory;
|
||||||
|
import org.osgi.service.component.ComponentContext;
|
||||||
|
import org.wso2.carbon.core.services.authentication.CarbonServerAuthenticator;
|
||||||
|
import org.wso2.carbon.identity.authenticator.backend.oauth.OauthAuthenticator;
|
||||||
|
|
||||||
|
|
||||||
|
/**
|
||||||
|
* @scr.component component.name="org.wso2.carbon.identity.authenticator.backend.oauth.OauthAuthenticator" immediate="true"
|
||||||
|
*/
|
||||||
|
@SuppressWarnings("unused")
|
||||||
|
public class OauthAuthenticatorServiceComponent {
|
||||||
|
|
||||||
|
private static final Log log = LogFactory.getLog(OauthAuthenticatorServiceComponent
|
||||||
|
.class);
|
||||||
|
|
||||||
|
protected void activate(ComponentContext ctxt) {
|
||||||
|
try {
|
||||||
|
OauthAuthenticator oauthAuthenticator = new OauthAuthenticator();
|
||||||
|
ctxt.getBundleContext().registerService(CarbonServerAuthenticator.class.getName(),
|
||||||
|
oauthAuthenticator, null);
|
||||||
|
if (log.isDebugEnabled()) {
|
||||||
|
log.debug("OAuth Authenticator bundle is activated");
|
||||||
|
}
|
||||||
|
} catch (Throwable e) {
|
||||||
|
log.fatal(" Error while activating OAuth authenticator ", e);
|
||||||
|
}
|
||||||
|
}
|
||||||
|
|
||||||
|
protected void deactivate(ComponentContext ctxt) {
|
||||||
|
if (log.isDebugEnabled()) {
|
||||||
|
log.debug("OAuth Authenticator bundle is deactivated");
|
||||||
|
}
|
||||||
|
}
|
||||||
|
|
||||||
|
}
|
@ -0,0 +1,34 @@
|
|||||||
|
/*
|
||||||
|
* Copyright (c) 2015 WSO2 Inc. (http://www.wso2.org) All Rights Reserved.
|
||||||
|
*
|
||||||
|
* WSO2 Inc. licenses this file to you under the Apache License,
|
||||||
|
* Version 2.0 (the "License"); you may not use this file except
|
||||||
|
* in compliance with the License.
|
||||||
|
* You may obtain a copy of the License at
|
||||||
|
*
|
||||||
|
* http://www.apache.org/licenses/LICENSE-2.0
|
||||||
|
*
|
||||||
|
* Unless required by applicable law or agreed to in writing,
|
||||||
|
* software distributed under the License is distributed on an
|
||||||
|
* "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
|
||||||
|
* KIND, either express or implied. See the License for the
|
||||||
|
* specific language governing permissions and limitations
|
||||||
|
* under the License.
|
||||||
|
*/
|
||||||
|
package org.wso2.carbon.identity.authenticator.backend.oauth.validator;
|
||||||
|
|
||||||
|
import java.rmi.RemoteException;
|
||||||
|
|
||||||
|
/**
|
||||||
|
* Interface for the OAuth@TokenValidators
|
||||||
|
*/
|
||||||
|
public interface OAuth2TokenValidator {
|
||||||
|
/**
|
||||||
|
* This method gets a string accessToken and validates it and generate the OAuth2ClientApplicationDTO
|
||||||
|
* containing the validity and user details if valid.
|
||||||
|
*
|
||||||
|
* @param accessToken which need to be validated.
|
||||||
|
* @return OAuthValidationResponse with the validated results.
|
||||||
|
*/
|
||||||
|
OAuthValidationResponse validateToken(String accessToken) throws RemoteException;
|
||||||
|
}
|
@ -0,0 +1,58 @@
|
|||||||
|
/*
|
||||||
|
* Copyright (c) 2015 WSO2 Inc. (http://www.wso2.org) All Rights Reserved.
|
||||||
|
*
|
||||||
|
* WSO2 Inc. licenses this file to you under the Apache License,
|
||||||
|
* Version 2.0 (the "License"); you may not use this file except
|
||||||
|
* in compliance with the License.
|
||||||
|
* You may obtain a copy of the License at
|
||||||
|
*
|
||||||
|
* http://www.apache.org/licenses/LICENSE-2.0
|
||||||
|
*
|
||||||
|
* Unless required by applicable law or agreed to in writing,
|
||||||
|
* software distributed under the License is distributed on an
|
||||||
|
* "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
|
||||||
|
* KIND, either express or implied. See the License for the
|
||||||
|
* specific language governing permissions and limitations
|
||||||
|
* under the License.
|
||||||
|
*/
|
||||||
|
package org.wso2.carbon.identity.authenticator.backend.oauth.validator;
|
||||||
|
|
||||||
|
/**
|
||||||
|
* This class hold the validation information which can be retrieve by both remote and in house IDPs
|
||||||
|
*/
|
||||||
|
@SuppressWarnings("unused")
|
||||||
|
public class OAuthValidationResponse {
|
||||||
|
private String userName;
|
||||||
|
private String tenantDomain;
|
||||||
|
private boolean isValid;
|
||||||
|
|
||||||
|
public OAuthValidationResponse(String userName, String tenantDomain, boolean isValid) {
|
||||||
|
this.userName = userName;
|
||||||
|
this.tenantDomain = tenantDomain;
|
||||||
|
this.isValid = isValid;
|
||||||
|
}
|
||||||
|
|
||||||
|
public String getUserName() {
|
||||||
|
return userName;
|
||||||
|
}
|
||||||
|
|
||||||
|
public void setUserName(String userName) {
|
||||||
|
this.userName = userName;
|
||||||
|
}
|
||||||
|
|
||||||
|
public String getTenantDomain() {
|
||||||
|
return tenantDomain;
|
||||||
|
}
|
||||||
|
|
||||||
|
public void setTenantDomain(String tenantDomain) {
|
||||||
|
this.tenantDomain = tenantDomain;
|
||||||
|
}
|
||||||
|
|
||||||
|
public boolean isValid() {
|
||||||
|
return isValid;
|
||||||
|
}
|
||||||
|
|
||||||
|
public void setIsValid(boolean isValid) {
|
||||||
|
this.isValid = isValid;
|
||||||
|
}
|
||||||
|
}
|
@ -0,0 +1,46 @@
|
|||||||
|
/*
|
||||||
|
* Copyright (c) 2015 WSO2 Inc. (http://www.wso2.org) All Rights Reserved.
|
||||||
|
*
|
||||||
|
* WSO2 Inc. licenses this file to you under the Apache License,
|
||||||
|
* Version 2.0 (the "License"); you may not use this file except
|
||||||
|
* in compliance with the License.
|
||||||
|
* You may obtain a copy of the License at
|
||||||
|
*
|
||||||
|
* http://www.apache.org/licenses/LICENSE-2.0
|
||||||
|
*
|
||||||
|
* Unless required by applicable law or agreed to in writing,
|
||||||
|
* software distributed under the License is distributed on an
|
||||||
|
* "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
|
||||||
|
* KIND, either express or implied. See the License for the
|
||||||
|
* specific language governing permissions and limitations
|
||||||
|
* under the License.
|
||||||
|
*/
|
||||||
|
package org.wso2.carbon.identity.authenticator.backend.oauth.validator;
|
||||||
|
|
||||||
|
import org.wso2.carbon.identity.authenticator.backend.oauth.AuthenticatorException;
|
||||||
|
import org.wso2.carbon.identity.authenticator.backend.oauth.OauthAuthenticatorConstants;
|
||||||
|
import org.wso2.carbon.identity.authenticator.backend.oauth.validator.impl.ExternalOAuthValidator;
|
||||||
|
import org.wso2.carbon.identity.authenticator.backend.oauth.validator.impl.LocalOAuthValidator;
|
||||||
|
|
||||||
|
/**
|
||||||
|
* The class validate the configurations and provide the most suitable implementation according to the configuration.
|
||||||
|
* Factory class for OAuthValidator.
|
||||||
|
*/
|
||||||
|
public class OAuthValidatorFactory {
|
||||||
|
|
||||||
|
/**
|
||||||
|
* The method check the configuration and provide the appropriate implementation for OAuth2TokenValidator
|
||||||
|
* @return OAuth2TokenValidator
|
||||||
|
*/
|
||||||
|
public static OAuth2TokenValidator getValidator(boolean isRemote, String hostURL) throws IllegalArgumentException {
|
||||||
|
if (isRemote) {
|
||||||
|
if (!(hostURL == null || hostURL.trim().isEmpty())) {
|
||||||
|
hostURL = hostURL + OauthAuthenticatorConstants.OAUTH_ENDPOINT_POSTFIX;
|
||||||
|
return new ExternalOAuthValidator(hostURL);
|
||||||
|
} else {
|
||||||
|
throw new IllegalArgumentException("Remote server name and ip both can't be empty");
|
||||||
|
}
|
||||||
|
}
|
||||||
|
return new LocalOAuthValidator();
|
||||||
|
}
|
||||||
|
}
|
@ -0,0 +1,85 @@
|
|||||||
|
/*
|
||||||
|
* Copyright (c) 2015 WSO2 Inc. (http://www.wso2.org) All Rights Reserved.
|
||||||
|
*
|
||||||
|
* WSO2 Inc. licenses this file to you under the Apache License,
|
||||||
|
* Version 2.0 (the "License"); you may not use this file except
|
||||||
|
* in compliance with the License.
|
||||||
|
* You may obtain a copy of the License at
|
||||||
|
*
|
||||||
|
* http://www.apache.org/licenses/LICENSE-2.0
|
||||||
|
*
|
||||||
|
* Unless required by applicable law or agreed to in writing,
|
||||||
|
* software distributed under the License is distributed on an
|
||||||
|
* "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
|
||||||
|
* KIND, either express or implied. See the License for the
|
||||||
|
* specific language governing permissions and limitations
|
||||||
|
* under the License.
|
||||||
|
*/
|
||||||
|
package org.wso2.carbon.identity.authenticator.backend.oauth.validator.impl;
|
||||||
|
|
||||||
|
import org.apache.axis2.client.Options;
|
||||||
|
import org.apache.axis2.client.ServiceClient;
|
||||||
|
import org.apache.axis2.transport.http.HTTPConstants;
|
||||||
|
import org.apache.commons.httpclient.Header;
|
||||||
|
import org.wso2.carbon.identity.authenticator.backend.oauth.OauthAuthenticatorConstants;
|
||||||
|
import org.wso2.carbon.identity.authenticator.backend.oauth.validator.OAuth2TokenValidator;
|
||||||
|
import org.wso2.carbon.identity.authenticator.backend.oauth.validator.OAuthValidationResponse;
|
||||||
|
import org.wso2.carbon.identity.oauth2.stub.OAuth2TokenValidationServiceStub;
|
||||||
|
import org.wso2.carbon.identity.oauth2.stub.dto.OAuth2TokenValidationRequestDTO;
|
||||||
|
import org.wso2.carbon.identity.oauth2.stub.dto.OAuth2TokenValidationRequestDTO_OAuth2AccessToken;
|
||||||
|
import org.wso2.carbon.identity.oauth2.stub.dto.OAuth2TokenValidationResponseDTO;
|
||||||
|
import org.wso2.carbon.utils.multitenancy.MultitenantUtils;
|
||||||
|
|
||||||
|
import java.rmi.RemoteException;
|
||||||
|
import java.util.ArrayList;
|
||||||
|
import java.util.List;
|
||||||
|
|
||||||
|
/**
|
||||||
|
* Handles the Authentication form external IDP servers.
|
||||||
|
* Currently only supports WSO@ IS
|
||||||
|
*/
|
||||||
|
public class ExternalOAuthValidator implements OAuth2TokenValidator{
|
||||||
|
protected String hostURL ;
|
||||||
|
|
||||||
|
public ExternalOAuthValidator(String hostURL) {
|
||||||
|
this.hostURL = hostURL;
|
||||||
|
}
|
||||||
|
/**
|
||||||
|
* This method gets a string accessToken and validates it and generate the OAuth2ClientApplicationDTO
|
||||||
|
* containing the validity and user details if valid.
|
||||||
|
*
|
||||||
|
* @param token which need to be validated.
|
||||||
|
* @return OAuthValidationResponse with the validated results.
|
||||||
|
*/
|
||||||
|
public OAuthValidationResponse validateToken(String token) throws RemoteException {
|
||||||
|
OAuth2TokenValidationRequestDTO validationRequest = new OAuth2TokenValidationRequestDTO();
|
||||||
|
OAuth2TokenValidationRequestDTO_OAuth2AccessToken accessToken =
|
||||||
|
new OAuth2TokenValidationRequestDTO_OAuth2AccessToken();
|
||||||
|
accessToken.setTokenType(OauthAuthenticatorConstants.BEARER_TOKEN_TYPE);
|
||||||
|
accessToken.setIdentifier(token);
|
||||||
|
validationRequest.setAccessToken(accessToken);
|
||||||
|
OAuth2TokenValidationServiceStub tokenValidationService =
|
||||||
|
new OAuth2TokenValidationServiceStub(hostURL);
|
||||||
|
ServiceClient client = tokenValidationService._getServiceClient();
|
||||||
|
Options options = client.getOptions();
|
||||||
|
List<Header> headerList = new ArrayList<>();
|
||||||
|
Header header = new Header();
|
||||||
|
header.setName(HTTPConstants.HEADER_AUTHORIZATION);
|
||||||
|
header.setValue(OauthAuthenticatorConstants.AUTHORIZATION_HEADER_PREFIX_BEARER+ " " + token);
|
||||||
|
headerList.add(header);
|
||||||
|
options.setProperty(org.apache.axis2.transport.http.HTTPConstants.HTTP_HEADERS, headerList);
|
||||||
|
client.setOptions(options);
|
||||||
|
OAuth2TokenValidationResponseDTO tokenValidationResponse = tokenValidationService.
|
||||||
|
findOAuthConsumerIfTokenIsValid(validationRequest).getAccessTokenValidationResponse();
|
||||||
|
boolean isValid = tokenValidationResponse.getValid();
|
||||||
|
String userName = null;
|
||||||
|
String tenantDomain = null;
|
||||||
|
if(isValid){
|
||||||
|
userName = MultitenantUtils.getTenantAwareUsername(
|
||||||
|
tokenValidationResponse.getAuthorizedUser());
|
||||||
|
tenantDomain = MultitenantUtils.
|
||||||
|
getTenantDomain(tokenValidationResponse.getAuthorizedUser());
|
||||||
|
}
|
||||||
|
return new OAuthValidationResponse(userName,tenantDomain,isValid);
|
||||||
|
}
|
||||||
|
}
|
@ -0,0 +1,60 @@
|
|||||||
|
/*
|
||||||
|
* Copyright (c) 2015 WSO2 Inc. (http://www.wso2.org) All Rights Reserved.
|
||||||
|
*
|
||||||
|
* WSO2 Inc. licenses this file to you under the Apache License,
|
||||||
|
* Version 2.0 (the "License"); you may not use this file except
|
||||||
|
* in compliance with the License.
|
||||||
|
* You may obtain a copy of the License at
|
||||||
|
*
|
||||||
|
* http://www.apache.org/licenses/LICENSE-2.0
|
||||||
|
*
|
||||||
|
* Unless required by applicable law or agreed to in writing,
|
||||||
|
* software distributed under the License is distributed on an
|
||||||
|
* "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
|
||||||
|
* KIND, either express or implied. See the License for the
|
||||||
|
* specific language governing permissions and limitations
|
||||||
|
* under the License.
|
||||||
|
*/
|
||||||
|
package org.wso2.carbon.identity.authenticator.backend.oauth.validator.impl;
|
||||||
|
|
||||||
|
import org.wso2.carbon.identity.authenticator.backend.oauth.OauthAuthenticatorConstants;
|
||||||
|
import org.wso2.carbon.identity.authenticator.backend.oauth.validator.OAuth2TokenValidator;
|
||||||
|
import org.wso2.carbon.identity.authenticator.backend.oauth.validator.OAuthValidationResponse;
|
||||||
|
import org.wso2.carbon.identity.oauth2.OAuth2TokenValidationService;
|
||||||
|
import org.wso2.carbon.identity.oauth2.dto.OAuth2TokenValidationRequestDTO;
|
||||||
|
import org.wso2.carbon.identity.oauth2.dto.OAuth2TokenValidationResponseDTO;
|
||||||
|
import org.wso2.carbon.utils.multitenancy.MultitenantUtils;
|
||||||
|
|
||||||
|
/**
|
||||||
|
* Handles the authentication using the inbuilt IS features.
|
||||||
|
*/
|
||||||
|
public class LocalOAuthValidator implements OAuth2TokenValidator {
|
||||||
|
/**
|
||||||
|
* This method gets a string accessToken and validates it and generate the OAuth2ClientApplicationDTO
|
||||||
|
* containing the validity and user details if valid.
|
||||||
|
*
|
||||||
|
* @param token which need to be validated.
|
||||||
|
* @return OAuthValidationResponse with the validated results.
|
||||||
|
*/
|
||||||
|
public OAuthValidationResponse validateToken(String token) {
|
||||||
|
OAuth2TokenValidationRequestDTO validationRequest = new OAuth2TokenValidationRequestDTO();
|
||||||
|
OAuth2TokenValidationRequestDTO.OAuth2AccessToken accessToken =
|
||||||
|
validationRequest.new OAuth2AccessToken();
|
||||||
|
accessToken.setTokenType(OauthAuthenticatorConstants.BEARER_TOKEN_TYPE);
|
||||||
|
accessToken.setIdentifier(token);
|
||||||
|
validationRequest.setAccessToken(accessToken);
|
||||||
|
OAuth2TokenValidationService validationService = new OAuth2TokenValidationService();
|
||||||
|
OAuth2TokenValidationResponseDTO tokenValidationResponse = validationService.
|
||||||
|
findOAuthConsumerIfTokenIsValid(validationRequest).getAccessTokenValidationResponse();
|
||||||
|
boolean isValid = tokenValidationResponse.isValid();
|
||||||
|
String userName = null;
|
||||||
|
String tenantDomain = null;
|
||||||
|
if(isValid){
|
||||||
|
userName = MultitenantUtils.getTenantAwareUsername(
|
||||||
|
tokenValidationResponse.getAuthorizedUser());
|
||||||
|
tenantDomain =
|
||||||
|
MultitenantUtils.getTenantDomain(tokenValidationResponse.getAuthorizedUser());
|
||||||
|
}
|
||||||
|
return new OAuthValidationResponse(userName,tenantDomain,isValid);
|
||||||
|
}
|
||||||
|
}
|
129
components/identity-extensions/dynamic-client-registration/org.wso2.carbon.dynamic.client.registration/src/main/java/org/wso2/carbon/dynamic/client/registration/impl/DynamicClientRegistrationImpl.java → components/identity-extensions/dynamic-client-registration/org.wso2.carbon.dynamic.client.registration/src/main/java/org/wso2/carbon/dynamic/client/registration/impl/DynamicClientRegistrationServiceImpl.java
129
components/identity-extensions/dynamic-client-registration/org.wso2.carbon.dynamic.client.registration/src/main/java/org/wso2/carbon/dynamic/client/registration/impl/DynamicClientRegistrationImpl.java → components/identity-extensions/dynamic-client-registration/org.wso2.carbon.dynamic.client.registration/src/main/java/org/wso2/carbon/dynamic/client/registration/impl/DynamicClientRegistrationServiceImpl.java
@ -1,48 +0,0 @@
|
|||||||
/*
|
|
||||||
* Copyright (c) 2015, WSO2 Inc. (http://www.wso2.org) All Rights Reserved.
|
|
||||||
*
|
|
||||||
* WSO2 Inc. licenses this file to you under the Apache License,
|
|
||||||
* Version 2.0 (the "License"); you may not use this file except
|
|
||||||
* in compliance with the License.
|
|
||||||
* you may obtain a copy of the License at
|
|
||||||
*
|
|
||||||
* http://www.apache.org/licenses/LICENSE-2.0
|
|
||||||
*
|
|
||||||
* Unless required by applicable law or agreed to in writing,
|
|
||||||
* software distributed under the License is distributed on an
|
|
||||||
* "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
|
|
||||||
* KIND, either express or implied. See the License for the
|
|
||||||
* specific language governing permissions and limitations
|
|
||||||
* under the License.
|
|
||||||
*/
|
|
||||||
|
|
||||||
package org.wso2.carbon.dynamic.client.registration.internal;
|
|
||||||
|
|
||||||
import org.apache.commons.logging.Log;
|
|
||||||
import org.apache.commons.logging.LogFactory;
|
|
||||||
import org.osgi.framework.BundleActivator;
|
|
||||||
import org.osgi.framework.BundleContext;
|
|
||||||
import org.wso2.carbon.dynamic.client.registration.DynamicClientRegistrationService;
|
|
||||||
import org.wso2.carbon.dynamic.client.registration.impl.DynamicClientRegistrationImpl;
|
|
||||||
|
|
||||||
/**
|
|
||||||
* BundleActivator class of DynamicClientRegistration component.
|
|
||||||
*/
|
|
||||||
public class DynamicClientRegistrationBundleActivator implements BundleActivator{
|
|
||||||
|
|
||||||
private static final Log log = LogFactory.getLog(DynamicClientRegistrationBundleActivator.class);
|
|
||||||
|
|
||||||
@Override
|
|
||||||
public void start(BundleContext bundleContext) throws Exception {
|
|
||||||
DynamicClientRegistrationService dynamicClientRegistrationService =
|
|
||||||
new DynamicClientRegistrationImpl();
|
|
||||||
bundleContext.registerService(DynamicClientRegistrationService.class.getName(),
|
|
||||||
dynamicClientRegistrationService, null);
|
|
||||||
}
|
|
||||||
|
|
||||||
@Override
|
|
||||||
public void stop(BundleContext bundleContext) throws Exception {
|
|
||||||
|
|
||||||
}
|
|
||||||
|
|
||||||
}
|
|
@ -0,0 +1,51 @@
|
|||||||
|
/*
|
||||||
|
* Copyright (c) 2015, WSO2 Inc. (http://www.wso2.org) All Rights Reserved.
|
||||||
|
*
|
||||||
|
* WSO2 Inc. licenses this file to you under the Apache License,
|
||||||
|
* Version 2.0 (the "License"); you may not use this file except
|
||||||
|
* in compliance with the License.
|
||||||
|
* you may obtain a copy of the License at
|
||||||
|
*
|
||||||
|
* http://www.apache.org/licenses/LICENSE-2.0
|
||||||
|
*
|
||||||
|
* Unless required by applicable law or agreed to in writing,
|
||||||
|
* software distributed under the License is distributed on an
|
||||||
|
* "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
|
||||||
|
* KIND, either express or implied. See the License for the
|
||||||
|
* specific language governing permissions and limitations
|
||||||
|
* under the License.
|
||||||
|
*/
|
||||||
|
|
||||||
|
package org.wso2.carbon.dynamic.client.registration.internal;
|
||||||
|
|
||||||
|
import org.wso2.carbon.identity.application.mgt.ApplicationManagementService;
|
||||||
|
|
||||||
|
/**
|
||||||
|
* DataHolder class of DynamicClientRegistration bundle. This hold a reference to
|
||||||
|
* ApplicationManagementService.
|
||||||
|
*/
|
||||||
|
public class DynamicClientRegistrationDataHolder {
|
||||||
|
|
||||||
|
private ApplicationManagementService applicationManagementService;
|
||||||
|
|
||||||
|
private static DynamicClientRegistrationDataHolder thisInstance =
|
||||||
|
new DynamicClientRegistrationDataHolder();
|
||||||
|
|
||||||
|
private DynamicClientRegistrationDataHolder() {
|
||||||
|
}
|
||||||
|
|
||||||
|
public static DynamicClientRegistrationDataHolder getInstance() {
|
||||||
|
return thisInstance;
|
||||||
|
}
|
||||||
|
|
||||||
|
public ApplicationManagementService getApplicationManagementService() {
|
||||||
|
if (applicationManagementService == null) {
|
||||||
|
throw new IllegalStateException("ApplicationManagementService is not initialized properly");
|
||||||
|
}
|
||||||
|
return applicationManagementService;
|
||||||
|
}
|
||||||
|
|
||||||
|
public void setApplicationManagementService(ApplicationManagementService applicationManagementService) {
|
||||||
|
this.applicationManagementService = applicationManagementService;
|
||||||
|
}
|
||||||
|
}
|
@ -0,0 +1,87 @@
|
|||||||
|
/*
|
||||||
|
* Copyright (c) 2015, WSO2 Inc. (http://www.wso2.org) All Rights Reserved.
|
||||||
|
*
|
||||||
|
* WSO2 Inc. licenses this file to you under the Apache License,
|
||||||
|
* Version 2.0 (the "License"); you may not use this file except
|
||||||
|
* in compliance with the License.
|
||||||
|
* you may obtain a copy of the License at
|
||||||
|
*
|
||||||
|
* http://www.apache.org/licenses/LICENSE-2.0
|
||||||
|
*
|
||||||
|
* Unless required by applicable law or agreed to in writing,
|
||||||
|
* software distributed under the License is distributed on an
|
||||||
|
* "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
|
||||||
|
* KIND, either express or implied. See the License for the
|
||||||
|
* specific language governing permissions and limitations
|
||||||
|
* under the License.
|
||||||
|
*/
|
||||||
|
|
||||||
|
package org.wso2.carbon.dynamic.client.registration.internal;
|
||||||
|
|
||||||
|
import org.apache.commons.logging.Log;
|
||||||
|
import org.apache.commons.logging.LogFactory;
|
||||||
|
import org.osgi.framework.ServiceRegistration;
|
||||||
|
import org.osgi.service.component.ComponentContext;
|
||||||
|
import org.wso2.carbon.dynamic.client.registration.DynamicClientRegistrationService;
|
||||||
|
import org.wso2.carbon.dynamic.client.registration.impl.DynamicClientRegistrationServiceImpl;
|
||||||
|
import org.wso2.carbon.identity.application.mgt.ApplicationManagementService;
|
||||||
|
|
||||||
|
/**
|
||||||
|
* @scr.component name="org.wso2.carbon.dynamic.client.registration" immediate="true"
|
||||||
|
* @scr.reference name="identity.application.management.service"
|
||||||
|
* interface="org.wso2.carbon.identity.application.mgt.ApplicationManagementService"
|
||||||
|
* cardinality="1..1"
|
||||||
|
* policy="dynamic"
|
||||||
|
* bind="setApplicationManagementService"
|
||||||
|
* unbind="unsetApplicationManagementService"
|
||||||
|
*/
|
||||||
|
public class DynamicClientRegistrationServiceComponent {
|
||||||
|
|
||||||
|
private static final Log log = LogFactory.getLog(DynamicClientRegistrationServiceComponent.class);
|
||||||
|
|
||||||
|
@SuppressWarnings("unused")
|
||||||
|
protected void activate(ComponentContext componentContext) {
|
||||||
|
if(log.isDebugEnabled()){
|
||||||
|
log.debug("Starting DynamicClientRegistrationServiceComponent");
|
||||||
|
}
|
||||||
|
DynamicClientRegistrationService dynamicClientRegistrationService =
|
||||||
|
new DynamicClientRegistrationServiceImpl();
|
||||||
|
componentContext.getBundleContext().registerService(
|
||||||
|
DynamicClientRegistrationService.class.getName(), dynamicClientRegistrationService, null);
|
||||||
|
}
|
||||||
|
|
||||||
|
@SuppressWarnings("unused")
|
||||||
|
protected void deactivate(ComponentContext componentContext) {
|
||||||
|
if(log.isDebugEnabled()){
|
||||||
|
log.debug("Stopping DynamicClientRegistrationServiceComponent");
|
||||||
|
}
|
||||||
|
}
|
||||||
|
|
||||||
|
/**
|
||||||
|
* Sets ApplicationManagement Service.
|
||||||
|
*
|
||||||
|
* @param applicationManagementService An instance of ApplicationManagementService
|
||||||
|
*/
|
||||||
|
protected void setApplicationManagementService(ApplicationManagementService
|
||||||
|
applicationManagementService) {
|
||||||
|
if (log.isDebugEnabled()) {
|
||||||
|
log.debug("Setting ApplicationManagement Service");
|
||||||
|
}
|
||||||
|
DynamicClientRegistrationDataHolder.getInstance().
|
||||||
|
setApplicationManagementService(applicationManagementService);
|
||||||
|
}
|
||||||
|
|
||||||
|
/**
|
||||||
|
* Unsets ApplicationManagement Service.
|
||||||
|
*
|
||||||
|
* @param applicationManagementService An instance of ApplicationManagementService
|
||||||
|
*/
|
||||||
|
protected void unsetApplicationManagementService(ApplicationManagementService
|
||||||
|
applicationManagementService) {
|
||||||
|
if (log.isDebugEnabled()) {
|
||||||
|
log.debug("Unsetting ApplicationManagement Service");
|
||||||
|
}
|
||||||
|
DynamicClientRegistrationDataHolder.getInstance().setApplicationManagementService(null);
|
||||||
|
}
|
||||||
|
|
||||||
|
}
|
@ -0,0 +1,38 @@
|
|||||||
|
/*
|
||||||
|
* Copyright (c) 2015, WSO2 Inc. (http://www.wso2.org) All Rights Reserved.
|
||||||
|
*
|
||||||
|
* WSO2 Inc. licenses this file to you under the Apache License,
|
||||||
|
* Version 2.0 (the "License"); you may not use this file except
|
||||||
|
* in compliance with the License.
|
||||||
|
* you may obtain a copy of the License at
|
||||||
|
*
|
||||||
|
* http://www.apache.org/licenses/LICENSE-2.0
|
||||||
|
*
|
||||||
|
* Unless required by applicable law or agreed to in writing,
|
||||||
|
* software distributed under the License is distributed on an
|
||||||
|
* "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
|
||||||
|
* KIND, either express or implied. See the License for the
|
||||||
|
* specific language governing permissions and limitations
|
||||||
|
* under the License.
|
||||||
|
*/
|
||||||
|
|
||||||
|
package org.wso2.carbon.dynamic.client.web.app.registration;
|
||||||
|
|
||||||
|
import org.wso2.carbon.core.ServerStartupObserver;
|
||||||
|
|
||||||
|
/**
|
||||||
|
* ServerStartupObserver implementation to initiate the DynamicClientRegistration process for web
|
||||||
|
* apps after the Carbon server is up and ready.
|
||||||
|
*/
|
||||||
|
public class WebAppRegistrationServerStartupObserver implements ServerStartupObserver {
|
||||||
|
|
||||||
|
@Override
|
||||||
|
public void completingServerStartup() {
|
||||||
|
|
||||||
|
}
|
||||||
|
|
||||||
|
@Override
|
||||||
|
public void completedServerStartup() {
|
||||||
|
DynamicClientWebAppRegistrationManager.getInstance().initiateDynamicClientRegistration();
|
||||||
|
}
|
||||||
|
}
|
36
components/identity-extensions/dynamic-client-registration/org.wso2.carbon.dynamic.client.web.app.registration/src/main/java/org/wso2/carbon/dynamic/client/web/app/registration/OAuthSettings.java → components/identity-extensions/dynamic-client-registration/org.wso2.carbon.dynamic.client.web.app.registration/src/main/java/org/wso2/carbon/dynamic/client/web/app/registration/dto/JaggeryOAuthConfigurationSettings.java
36
components/identity-extensions/dynamic-client-registration/org.wso2.carbon.dynamic.client.web.app.registration/src/main/java/org/wso2/carbon/dynamic/client/web/app/registration/OAuthSettings.java → components/identity-extensions/dynamic-client-registration/org.wso2.carbon.dynamic.client.web.app.registration/src/main/java/org/wso2/carbon/dynamic/client/web/app/registration/dto/JaggeryOAuthConfigurationSettings.java
8
components/identity-extensions/dynamic-client-registration/org.wso2.carbon.dynamic.client.web.app.registration/src/main/java/org/wso2/carbon/dynamic/client/web/app/registration/OAuthApp.java → components/identity-extensions/dynamic-client-registration/org.wso2.carbon.dynamic.client.web.app.registration/src/main/java/org/wso2/carbon/dynamic/client/web/app/registration/dto/OAuthAppDetails.java
8
components/identity-extensions/dynamic-client-registration/org.wso2.carbon.dynamic.client.web.app.registration/src/main/java/org/wso2/carbon/dynamic/client/web/app/registration/OAuthApp.java → components/identity-extensions/dynamic-client-registration/org.wso2.carbon.dynamic.client.web.app.registration/src/main/java/org/wso2/carbon/dynamic/client/web/app/registration/dto/OAuthAppDetails.java
12
components/identity-extensions/org.wso2.carbon.device.mgt.oauth.extensions/src/main/java/org/wso2/carbon/device/mgt/oauth/extensions/validators/ScopeValidator.java → components/identity-extensions/org.wso2.carbon.device.mgt.oauth.extensions/src/main/java/org/wso2/carbon/device/mgt/oauth/extensions/validators/PermissionBasedScopeValidator.java
12
components/identity-extensions/org.wso2.carbon.device.mgt.oauth.extensions/src/main/java/org/wso2/carbon/device/mgt/oauth/extensions/validators/ScopeValidator.java → components/identity-extensions/org.wso2.carbon.device.mgt.oauth.extensions/src/main/java/org/wso2/carbon/device/mgt/oauth/extensions/validators/PermissionBasedScopeValidator.java
@ -0,0 +1,42 @@
|
|||||||
|
package org.wso2.carbon.policy.mgt.core.util;
|
||||||
|
|
||||||
|
import java.util.ArrayList;
|
||||||
|
import java.util.List;
|
||||||
|
import java.util.TreeSet;
|
||||||
|
|
||||||
|
public class SetReferenceTransformer<T>{
|
||||||
|
private List<T> objectsToRemove;
|
||||||
|
private List<T> objectsToAdd;
|
||||||
|
|
||||||
|
/**
|
||||||
|
* Use the Set theory to find the objects to delete and objects to add
|
||||||
|
|
||||||
|
The difference of objects in existingSet and newSet needed to be deleted
|
||||||
|
|
||||||
|
new roles to add = newSet - The intersection of roles in existingSet and newSet
|
||||||
|
* @param currentList
|
||||||
|
* @param nextList
|
||||||
|
*/
|
||||||
|
public void transform(List<T> currentList, List<T> nextList){
|
||||||
|
TreeSet<T> existingSet = new TreeSet<T>(currentList);
|
||||||
|
TreeSet<T> newSet = new TreeSet<T>(nextList);;
|
||||||
|
|
||||||
|
existingSet.removeAll(newSet);
|
||||||
|
|
||||||
|
objectsToRemove = new ArrayList<>(existingSet);
|
||||||
|
|
||||||
|
// Clearing and re-initializing the set
|
||||||
|
existingSet = new TreeSet<T>(currentList);
|
||||||
|
|
||||||
|
newSet.removeAll(existingSet);
|
||||||
|
objectsToAdd = new ArrayList<T>(newSet);
|
||||||
|
}
|
||||||
|
|
||||||
|
public List<T> getObjectsToRemove() {
|
||||||
|
return objectsToRemove;
|
||||||
|
}
|
||||||
|
|
||||||
|
public List<T> getObjectsToAdd() {
|
||||||
|
return objectsToAdd;
|
||||||
|
}
|
||||||
|
}
|
@ -0,0 +1,65 @@
|
|||||||
|
/*
|
||||||
|
* Copyright (c) 2015, WSO2 Inc. (http://www.wso2.org) All Rights Reserved.
|
||||||
|
*
|
||||||
|
* WSO2 Inc. licenses this file to you under the Apache License,
|
||||||
|
* Version 2.0 (the "License"); you may not use this file except
|
||||||
|
* in compliance with the License.
|
||||||
|
* you may obtain a copy of the License at
|
||||||
|
*
|
||||||
|
* http://www.apache.org/licenses/LICENSE-2.0
|
||||||
|
*
|
||||||
|
* Unless required by applicable law or agreed to in writing,
|
||||||
|
* software distributed under the License is distributed on an
|
||||||
|
* "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
|
||||||
|
* KIND, either express or implied. See the License for the
|
||||||
|
* specific language governing permissions and limitations
|
||||||
|
* under the License.
|
||||||
|
*/
|
||||||
|
|
||||||
|
package org.wso2.carbon.webapp.authenticator.framework;
|
||||||
|
|
||||||
|
import org.wso2.carbon.webapp.authenticator.framework.authenticator.WebappAuthenticator;
|
||||||
|
|
||||||
|
/**
|
||||||
|
* DTO class to hold the information of authenticated user AND STATUS.
|
||||||
|
*/
|
||||||
|
public class AuthenticationInfo {
|
||||||
|
|
||||||
|
private WebappAuthenticator.Status status = WebappAuthenticator.Status.FAILURE;
|
||||||
|
private String username;
|
||||||
|
private String tenantDomain;
|
||||||
|
private int tenantId = -1;
|
||||||
|
|
||||||
|
public WebappAuthenticator.Status getStatus() {
|
||||||
|
return status;
|
||||||
|
}
|
||||||
|
|
||||||
|
public void setStatus(
|
||||||
|
WebappAuthenticator.Status status) {
|
||||||
|
this.status = status;
|
||||||
|
}
|
||||||
|
|
||||||
|
public String getUsername() {
|
||||||
|
return username;
|
||||||
|
}
|
||||||
|
|
||||||
|
public void setUsername(String username) {
|
||||||
|
this.username = username;
|
||||||
|
}
|
||||||
|
|
||||||
|
public String getTenantDomain() {
|
||||||
|
return tenantDomain;
|
||||||
|
}
|
||||||
|
|
||||||
|
public void setTenantDomain(String tenantDomain) {
|
||||||
|
this.tenantDomain = tenantDomain;
|
||||||
|
}
|
||||||
|
|
||||||
|
public int getTenantId() {
|
||||||
|
return tenantId;
|
||||||
|
}
|
||||||
|
|
||||||
|
public void setTenantId(int tenantId) {
|
||||||
|
this.tenantId = tenantId;
|
||||||
|
}
|
||||||
|
}
|
9
components/webapp-authenticator-framework/org.wso2.carbon.webapp.authenticator.framework/src/main/java/org/wso2/carbon/webapp/authenticator/framework/DataHolder.java → components/webapp-authenticator-framework/org.wso2.carbon.webapp.authenticator.framework/src/main/java/org/wso2/carbon/webapp/authenticator/framework/AuthenticatorFrameworkDataHolder.java
9
components/webapp-authenticator-framework/org.wso2.carbon.webapp.authenticator.framework/src/main/java/org/wso2/carbon/webapp/authenticator/framework/DataHolder.java → components/webapp-authenticator-framework/org.wso2.carbon.webapp.authenticator.framework/src/main/java/org/wso2/carbon/webapp/authenticator/framework/AuthenticatorFrameworkDataHolder.java
33
components/webapp-authenticator-framework/org.wso2.carbon.webapp.authenticator.framework/src/main/java/org/wso2/carbon/webapp/authenticator/framework/WebappAuthenticationHandler.java → components/webapp-authenticator-framework/org.wso2.carbon.webapp.authenticator.framework/src/main/java/org/wso2/carbon/webapp/authenticator/framework/WebappAuthenticationValve.java
33
components/webapp-authenticator-framework/org.wso2.carbon.webapp.authenticator.framework/src/main/java/org/wso2/carbon/webapp/authenticator/framework/WebappAuthenticationHandler.java → components/webapp-authenticator-framework/org.wso2.carbon.webapp.authenticator.framework/src/main/java/org/wso2/carbon/webapp/authenticator/framework/WebappAuthenticationValve.java
@ -1,71 +0,0 @@
|
|||||||
/*
|
|
||||||
* Copyright (c) 2015, WSO2 Inc. (http://www.wso2.org) All Rights Reserved.
|
|
||||||
*
|
|
||||||
* WSO2 Inc. licenses this file to you under the Apache License,
|
|
||||||
* Version 2.0 (the "License"); you may not use this file except
|
|
||||||
* in compliance with the License.
|
|
||||||
* You may obtain a copy of the License at
|
|
||||||
*
|
|
||||||
* http://www.apache.org/licenses/LICENSE-2.0
|
|
||||||
*
|
|
||||||
* Unless required by applicable law or agreed to in writing,
|
|
||||||
* software distributed under the License is distributed on an
|
|
||||||
* "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
|
|
||||||
* KIND, either express or implied. See the License for the
|
|
||||||
* specific language governing permissions and limitations
|
|
||||||
* under the License.
|
|
||||||
*
|
|
||||||
*/
|
|
||||||
package org.wso2.carbon.webapp.authenticator.framework;
|
|
||||||
|
|
||||||
import org.apache.catalina.connector.Request;
|
|
||||||
import org.apache.catalina.connector.Response;
|
|
||||||
import org.apache.commons.logging.Log;
|
|
||||||
import org.apache.commons.logging.LogFactory;
|
|
||||||
import org.wso2.carbon.tomcat.ext.valves.CarbonTomcatValve;
|
|
||||||
import org.wso2.carbon.tomcat.ext.valves.CompositeValve;
|
|
||||||
import org.wso2.carbon.webapp.authenticator.framework.authenticator.WebappAuthenticator;
|
|
||||||
|
|
||||||
import javax.servlet.http.HttpServletResponse;
|
|
||||||
|
|
||||||
public class WebappAuthenticatorFrameworkValve extends CarbonTomcatValve {
|
|
||||||
|
|
||||||
private static final String AUTHENTICATION_SCHEME = "authentication-scheme";
|
|
||||||
private static final Log log = LogFactory.getLog(WebappAuthenticatorFrameworkValve.class);
|
|
||||||
|
|
||||||
@Override
|
|
||||||
public void invoke(Request request, Response response, CompositeValve compositeValve) {
|
|
||||||
|
|
||||||
String authScheme = request.getContext().findParameter(WebappAuthenticatorFrameworkValve.AUTHENTICATION_SCHEME);
|
|
||||||
|
|
||||||
if (authScheme == null || authScheme.isEmpty()) {
|
|
||||||
this.getNext().invoke(request, response, compositeValve);
|
|
||||||
return;
|
|
||||||
}
|
|
||||||
|
|
||||||
WebappAuthenticator authenticator = WebappAuthenticatorFactory.getAuthenticator(authScheme);
|
|
||||||
if (authenticator == null) {
|
|
||||||
String msg = "Failed to load an appropriate authenticator to authenticate the request";
|
|
||||||
AuthenticationFrameworkUtil.handleResponse(request, response, HttpServletResponse.SC_UNAUTHORIZED, msg);
|
|
||||||
return;
|
|
||||||
}
|
|
||||||
WebappAuthenticator.Status status = authenticator.authenticate(request, response);
|
|
||||||
this.processResponse(request, response, compositeValve, status);
|
|
||||||
}
|
|
||||||
|
|
||||||
private void processResponse(Request request, Response response, CompositeValve compositeValve,
|
|
||||||
WebappAuthenticator.Status status) {
|
|
||||||
switch (status) {
|
|
||||||
case SUCCESS:
|
|
||||||
case CONTINUE:
|
|
||||||
this.getNext().invoke(request, response, compositeValve);
|
|
||||||
break;
|
|
||||||
case FAILURE:
|
|
||||||
String msg = "Failed to authorize incoming request";
|
|
||||||
log.error(msg);
|
|
||||||
AuthenticationFrameworkUtil.handleResponse(request, response, HttpServletResponse.SC_UNAUTHORIZED, msg);
|
|
||||||
break;
|
|
||||||
}
|
|
||||||
}
|
|
||||||
|
|
||||||
}
|
|
Loading…
Reference in new issue