Enabling OAuth Authentication for BackEnd Services

revert-70aa11f8
Kamidu Sachith 9 years ago
parent 69ba3e83ea
commit 97df36842d

@ -0,0 +1,108 @@
<?xml version="1.0" encoding="UTF-8"?>
<project xmlns="http://maven.apache.org/POM/4.0.0"
xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
xsi:schemaLocation="http://maven.apache.org/POM/4.0.0 http://maven.apache.org/xsd/maven-4.0.0.xsd">
<parent>
<artifactId>identity-extensions</artifactId>
<groupId>org.wso2.carbon.devicemgt</groupId>
<version>0.9.2-SNAPSHOT</version>
</parent>
<modelVersion>4.0.0</modelVersion>
<packaging>bundle</packaging>
<name>WSO2 Carbon - OAuth Back End Authenticator </name>
<artifactId>org.wso2.carbon.identity.authenticator.backend.oauth</artifactId>
<dependencies>
<dependency>
<groupId>org.wso2.carbon</groupId>
<artifactId>org.wso2.carbon.utils</artifactId>
<version>${carbon.kernel.version}</version>
</dependency>
<dependency>
<groupId>org.wso2.carbon.identity</groupId>
<artifactId>org.wso2.carbon.identity.base</artifactId>
<version>${carbon.identity.version}</version>
</dependency>
<dependency>
<groupId>org.wso2.carbon.identity</groupId>
<artifactId>org.wso2.carbon.identity.core</artifactId>
<version>${carbon.identity.version}</version>
</dependency>
<dependency>
<groupId>org.wso2.carbon</groupId>
<artifactId>org.wso2.carbon.core</artifactId>
<version>${carbon.kernel.version}</version>
</dependency>
<dependency>
<groupId>org.wso2.carbon</groupId>
<artifactId>org.wso2.carbon.logging</artifactId>
<version>${carbon.kernel.version}</version>
</dependency>
<dependency>
<groupId>org.wso2.carbon.identity</groupId>
<artifactId>org.wso2.carbon.identity.application.authentication.framework</artifactId>
<version>${carbon.identity.version}</version>
</dependency>
<dependency>
<groupId>org.wso2.carbon</groupId>
<artifactId>org.wso2.carbon.core.services</artifactId>
<version>${carbon.kernel.version}</version>
</dependency>
<dependency>
<groupId>org.wso2.carbon.identity</groupId>
<artifactId>org.wso2.carbon.identity.oauth</artifactId>
<version>${carbon.identity.version}</version>
</dependency>
<dependency>
<groupId>org.wso2.carbon.identity</groupId>
<artifactId>org.wso2.carbon.identity.application.common</artifactId>
<version>${carbon.identity.version}</version>
</dependency>
<dependency>
<groupId>org.wso2.carbon.identity</groupId>
<artifactId>org.wso2.carbon.identity.oauth.stub</artifactId>
</dependency>
</dependencies>
<build>
<plugins>
<plugin>
<groupId>org.apache.felix</groupId>
<artifactId>maven-scr-plugin</artifactId>
</plugin>
<plugin>
<groupId>org.apache.felix</groupId>
<artifactId>maven-bundle-plugin</artifactId>
<version>1.4.0</version>
<extensions>true</extensions>
<configuration>
<instructions>
<Bundle-SymbolicName>${pom.artifactId}</Bundle-SymbolicName>
<Bundle-Name>${pom.artifactId}</Bundle-Name>
<Private-Package>
org.wso2.sample.authenticator.internal
</Private-Package>
<Export-Package>
!org.wso2.sample.authenticator.internal,
org.wso2.sample.authenticator.*,
</Export-Package>
<Import-Package>
javax.servlet.http,
org.apache.commons.logging,
org.wso2.carbon.identity.application.authentication.framework.*,
org.wso2.carbon.identity.oauth2,
org.wso2.carbon.identity.oauth2.dto,
org.wso2.carbon.user.core.service,
org.wso2.carbon.utils.multitenancy
</Import-Package>
<Export-Package>
org.wso2.carbon.identity.authenticator.backend.oauth.*;
</Export-Package>
<DynamicImport-Package>*</DynamicImport-Package>
</instructions>
</configuration>
</plugin>
</plugins>
</build>
</project>

@ -0,0 +1,41 @@
/*
* Copyright (c) 2015 WSO2 Inc. (http://www.wso2.org) All Rights Reserved.
*
* WSO2 Inc. licenses this file to you under the Apache License,
* Version 2.0 (the "License"); you may not use this file except
* in compliance with the License.
* You may obtain a copy of the License at
*
* http://www.apache.org/licenses/LICENSE-2.0
*
* Unless required by applicable law or agreed to in writing,
* software distributed under the License is distributed on an
* "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
* KIND, either express or implied. See the License for the
* specific language governing permissions and limitations
* under the License.
*/
package org.wso2.carbon.identity.authenticator.backend.oauth;
/**
*Custom exception for backend OAuth authentication
*/
@SuppressWarnings("unused")
public class AuthenticatorException extends Exception {
private static final long serialVersionUID = 1L;
public AuthenticatorException(String message) {
super(message);
}
public AuthenticatorException(Throwable e) {
super(e);
}
public AuthenticatorException(String message, Throwable e) {
super(message, e);
}
}

@ -0,0 +1,170 @@
/*
* Copyright (c) 2015 WSO2 Inc. (http://www.wso2.org) All Rights Reserved.
*
* WSO2 Inc. licenses this file to you under the Apache License,
* Version 2.0 (the "License"); you may not use this file except
* in compliance with the License.
* You may obtain a copy of the License at
*
* http://www.apache.org/licenses/LICENSE-2.0
*
* Unless required by applicable law or agreed to in writing,
* software distributed under the License is distributed on an
* "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
* KIND, either express or implied. See the License for the
* specific language governing permissions and limitations
* under the License.
*/
package org.wso2.carbon.identity.authenticator.backend.oauth;
import org.apache.axis2.context.MessageContext;
import org.apache.axis2.transport.http.HTTPConstants;
import org.apache.commons.logging.Log;
import org.apache.commons.logging.LogFactory;
import org.wso2.carbon.base.MultitenantConstants;
import org.wso2.carbon.core.security.AuthenticatorsConfiguration;
import org.wso2.carbon.core.services.authentication.CarbonServerAuthenticator;
import org.wso2.carbon.utils.ServerConstants;
import org.wso2.carbon.identity.authenticator.backend.oauth.validator.OAuth2TokenValidator;
import org.wso2.carbon.identity.authenticator.backend.oauth.validator.OAuthValidationRespond;
import org.wso2.carbon.identity.authenticator.backend.oauth.validator.OAuthValidatorFactory;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpSession;
import java.rmi.RemoteException;
/**
* This is a custom back end authenticator for enable OAuth token authentication for admin services
*/
public class OauthAuthenticator implements CarbonServerAuthenticator {
private static final Log log = LogFactory.getLog(OauthAuthenticator.class);
private static final int PRIORITY = 5;
private static final int ACCESS_TOKEN_INDEX = 1;
private static String hostUrl = "";
private static boolean isRemote = false;
static {
AuthenticatorsConfiguration authenticatorsConfiguration = AuthenticatorsConfiguration.getInstance();
AuthenticatorsConfiguration.AuthenticatorConfig authenticatorConfig = authenticatorsConfiguration.getAuthenticatorConfig(OauthAuthenticatorConstants.AUTHENTICATOR_NAME);
if (authenticatorConfig != null) {
isRemote = Boolean.parseBoolean(authenticatorConfig.getParameters().get("isRemote"));
hostUrl = authenticatorConfig.getParameters().get("hostURL");
}
}
/**
* Checks whether the authentication of the context can be handled using this authenticator.
*
* @param messageContext containing the request need to be authenticated.
* @return boolean indicating whether the request can be authenticated by this Authenticator.
*/
public boolean isHandle(MessageContext messageContext) {
HttpServletRequest httpServletRequest = getHttpRequest(messageContext);
String headerValue = httpServletRequest.getHeader(HTTPConstants.HEADER_AUTHORIZATION);
if (headerValue != null && !headerValue.trim().isEmpty()) {
String[] headerPart = headerValue.trim().split(OauthAuthenticatorConstants.SPLITING_CHARACTOR);
if (OauthAuthenticatorConstants.AUTHORIZATION_HEADER_PREFIX_BEARER.equals(headerPart[0])) {
return true;
}
} else if (httpServletRequest.getParameter(OauthAuthenticatorConstants.BEARER_TOKEN_IDENTIFIER) != null) {
return true;
}
return false;
}
/**
* Authenticates the user using the provided OAuth token and returns the status as a boolean.
* Sets the tenant domain and tenant friendly username to the session as attributes.
*
* @param messageContext containing the request need to be authenticated.
* @return boolean indicating the authentication status.
*/
public boolean isAuthenticated(MessageContext messageContext) {
HttpServletRequest httpServletRequest = getHttpRequest(messageContext);
String headerValue = httpServletRequest.getHeader(HTTPConstants.HEADER_AUTHORIZATION);
//split the header value to separate the identity type and the token.
String[] headerPart = headerValue.trim().split(OauthAuthenticatorConstants.SPLITING_CHARACTOR);
String accessToken = headerPart[ACCESS_TOKEN_INDEX];
OAuth2TokenValidator tokenValidator = OAuthValidatorFactory.getValidator(isRemote,hostUrl);
if (tokenValidator == null) {
log.error("OAuthValidationFactory failed to return a validator",
new AuthenticatorException("OAuthValidatorFactory Failed to determine the validator"));
return false;
}
OAuthValidationRespond respond = null;
try {
respond = tokenValidator.validateToken(accessToken);
} catch (RemoteException e) {
log.error("Failed to validate the OAuth token provided.", e);
}
if (respond != null && respond.isValid()) {
HttpSession session;
if ((session = httpServletRequest.getSession(false)) != null) {
session.setAttribute(MultitenantConstants.TENANT_DOMAIN, respond.getTenantDomain());
session.setAttribute(ServerConstants.USER_LOGGED_IN, respond.getUserName());
if (log.isDebugEnabled()) {
log.debug("Authentication successful for " + session.getAttribute(ServerConstants.USER_LOGGED_IN));
}
}
return true;
}
if (log.isDebugEnabled()) {
log.debug("Authentication failed.Illegal attempt from session " + httpServletRequest.getSession().getId());
}
return false;
}
/**
* this method is currently not implemented.
*
* @param messageContext containing the request need to be authenticated.
* @return boolean
*/
public boolean authenticateWithRememberMe(MessageContext messageContext) {
throw new UnsupportedOperationException();
}
/**
* @return string Authenticator name.
*/
public String getAuthenticatorName() {
return OauthAuthenticatorConstants.AUTHENTICATOR_NAME;
}
/**
* @return int priority of the authenticator.
*/
public int getPriority() {
return PRIORITY;
}
/**
* @return boolean true for enable or otherwise for disable status.
*/
public boolean isDisabled() {
return false;
}
/**
* Retrieve HTTP Servlet Request form thr Message Context.
*
* @param messageContext Containing the Servlet Request for backend authentication.
* @return HTTPServletRequest.
*/
private HttpServletRequest getHttpRequest(MessageContext messageContext) {
return (HttpServletRequest) messageContext.getProperty(HTTPConstants.MC_HTTP_SERVLETREQUEST);
}
}

@ -0,0 +1,28 @@
/*
* Copyright (c) 2015 WSO2 Inc. (http://www.wso2.org) All Rights Reserved.
*
* WSO2 Inc. licenses this file to you under the Apache License,
* Version 2.0 (the "License"); you may not use this file except
* in compliance with the License.
* You may obtain a copy of the License at
*
* http://www.apache.org/licenses/LICENSE-2.0
*
* Unless required by applicable law or agreed to in writing,
* software distributed under the License is distributed on an
* "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
* KIND, either express or implied. See the License for the
* specific language governing permissions and limitations
* under the License.
*/
package org.wso2.carbon.identity.authenticator.backend.oauth;
public class OauthAuthenticatorConstants {
public static final String AUTHORIZATION_HEADER_PREFIX_BEARER = "Bearer";
public static final String BEARER_TOKEN_TYPE = "bearer";
public static final String BEARER_TOKEN_IDENTIFIER = "token";
public static final String AUTHENTICATOR_NAME = "BackEndOAuthAuthenticator";
public static final String SPLITING_CHARACTOR = " ";
public static String OAUTH_ENDPOINT_POSTFIX =
"/services/OAuth2TokenValidationService.OAuth2TokenValidationServiceHttpsSoap12Endpoint/";
}

@ -0,0 +1,56 @@
/*
* Copyright (c) 2015 WSO2 Inc. (http://www.wso2.org) All Rights Reserved.
*
* WSO2 Inc. licenses this file to you under the Apache License,
* Version 2.0 (the "License"); you may not use this file except
* in compliance with the License.
* You may obtain a copy of the License at
*
* http://www.apache.org/licenses/LICENSE-2.0
*
* Unless required by applicable law or agreed to in writing,
* software distributed under the License is distributed on an
* "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
* KIND, either express or implied. See the License for the
* specific language governing permissions and limitations
* under the License.
*/
package org.wso2.carbon.identity.authenticator.backend.oauth.internal;
import org.apache.commons.logging.Log;
import org.apache.commons.logging.LogFactory;
import org.osgi.service.component.ComponentContext;
import org.wso2.carbon.core.services.authentication.CarbonServerAuthenticator;
import org.wso2.carbon.identity.authenticator.backend.oauth.OauthAuthenticator;
/**
* @scr.component component.name="org.wso2.carbon.identity.authenticator.backend.oauth.OauthAuthenticator" immediate="true"
*/
@SuppressWarnings("unused")
public class OauthAuthenticatorServiceComponent {
private static final Log log = LogFactory.getLog(OauthAuthenticatorServiceComponent
.class);
protected void activate(ComponentContext ctxt) {
try {
OauthAuthenticator oauthAuthenticator = new OauthAuthenticator();
ctxt.getBundleContext().registerService(CarbonServerAuthenticator.class.getName(),
oauthAuthenticator, null);
if (log.isDebugEnabled()) {
log.debug("OAuth Authenticator bundle is activated");
}
} catch (Throwable e) {
log.fatal(" Error while activating OAuth authenticator ", e);
}
}
protected void deactivate(ComponentContext ctxt) {
if (log.isDebugEnabled()) {
log.debug("OAuth Authenticator bundle is deactivated");
}
}
}

@ -0,0 +1,34 @@
/*
* Copyright (c) 2015 WSO2 Inc. (http://www.wso2.org) All Rights Reserved.
*
* WSO2 Inc. licenses this file to you under the Apache License,
* Version 2.0 (the "License"); you may not use this file except
* in compliance with the License.
* You may obtain a copy of the License at
*
* http://www.apache.org/licenses/LICENSE-2.0
*
* Unless required by applicable law or agreed to in writing,
* software distributed under the License is distributed on an
* "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
* KIND, either express or implied. See the License for the
* specific language governing permissions and limitations
* under the License.
*/
package org.wso2.carbon.identity.authenticator.backend.oauth.validator;
import java.rmi.RemoteException;
/**
* Interface for the OAuth@TokenValidators
*/
public interface OAuth2TokenValidator {
/**
* This method gets a string accessToken and validates it and generate the OAuth2ClientApplicationDTO
* containing the validity and user details if valid.
*
* @param accessToken which need to be validated.
* @return OAuthValidationRespond with the validated results.
*/
OAuthValidationRespond validateToken(String accessToken) throws RemoteException;
}

@ -0,0 +1,57 @@
/*
* Copyright (c) 2015 WSO2 Inc. (http://www.wso2.org) All Rights Reserved.
*
* WSO2 Inc. licenses this file to you under the Apache License,
* Version 2.0 (the "License"); you may not use this file except
* in compliance with the License.
* You may obtain a copy of the License at
*
* http://www.apache.org/licenses/LICENSE-2.0
*
* Unless required by applicable law or agreed to in writing,
* software distributed under the License is distributed on an
* "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
* KIND, either express or implied. See the License for the
* specific language governing permissions and limitations
* under the License.
*/
package org.wso2.carbon.identity.authenticator.backend.oauth.validator;
/**
* This class hold the validation information which can be retrieve by both remote and in house IDPs
*/
public class OAuthValidationRespond {
private String userName;
private String tenantDomain;
private boolean isValid;
public OAuthValidationRespond(String userName, String tenantDomain, boolean isValid) {
this.userName = userName;
this.tenantDomain = tenantDomain;
this.isValid = isValid;
}
public String getUserName() {
return userName;
}
public void setUserName(String userName) {
this.userName = userName;
}
public String getTenantDomain() {
return tenantDomain;
}
public void setTenantDomain(String tenantDomain) {
this.tenantDomain = tenantDomain;
}
public boolean isValid() {
return isValid;
}
public void setIsValid(boolean isValid) {
this.isValid = isValid;
}
}

@ -0,0 +1,52 @@
/*
* Copyright (c) 2015 WSO2 Inc. (http://www.wso2.org) All Rights Reserved.
*
* WSO2 Inc. licenses this file to you under the Apache License,
* Version 2.0 (the "License"); you may not use this file except
* in compliance with the License.
* You may obtain a copy of the License at
*
* http://www.apache.org/licenses/LICENSE-2.0
*
* Unless required by applicable law or agreed to in writing,
* software distributed under the License is distributed on an
* "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
* KIND, either express or implied. See the License for the
* specific language governing permissions and limitations
* under the License.
*/
package org.wso2.carbon.identity.authenticator.backend.oauth.validator;
import org.apache.commons.logging.Log;
import org.apache.commons.logging.LogFactory;
import org.wso2.carbon.identity.authenticator.backend.oauth.AuthenticatorException;
import org.wso2.carbon.identity.authenticator.backend.oauth.OauthAuthenticatorConstants;
import org.wso2.carbon.identity.authenticator.backend.oauth.validator.impl.ExternalOAuthValidator;
import org.wso2.carbon.identity.authenticator.backend.oauth.validator.impl.LocalOAuthValidator;
/**
* the class validate the configurations and provide the most suitable implementation according to the configuration.
* Factory class for OAuthValidator.
*/
public class OAuthValidatorFactory {
private static Log log = LogFactory.getLog(OAuthValidatorFactory.class);
/**
* the method check the configuration and provide the appropriate implementation for OAuth2TokenValidator
*
* @return OAuth2TokenValidator
*/
public static OAuth2TokenValidator getValidator(boolean isRemote ,String hostURL) {
if(isRemote){
if(!(hostURL == null || hostURL.trim().isEmpty())){
hostURL = hostURL + OauthAuthenticatorConstants.OAUTH_ENDPOINT_POSTFIX;
return new ExternalOAuthValidator(hostURL);
}else {
log.error("IDP Configuration error",
new AuthenticatorException("Remote server name and ip both can't be empty"));
return null;
}
}
return new LocalOAuthValidator();
}
}

@ -0,0 +1,98 @@
/*
* Copyright (c) 2015 WSO2 Inc. (http://www.wso2.org) All Rights Reserved.
*
* WSO2 Inc. licenses this file to you under the Apache License,
* Version 2.0 (the "License"); you may not use this file except
* in compliance with the License.
* You may obtain a copy of the License at
*
* http://www.apache.org/licenses/LICENSE-2.0
*
* Unless required by applicable law or agreed to in writing,
* software distributed under the License is distributed on an
* "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
* KIND, either express or implied. See the License for the
* specific language governing permissions and limitations
* under the License.
*/
package org.wso2.carbon.identity.authenticator.backend.oauth.validator.impl;
import org.apache.axis2.client.Options;
import org.apache.axis2.client.ServiceClient;
import org.apache.axis2.transport.http.HTTPConstants;
import org.apache.commons.httpclient.Header;
import org.wso2.carbon.identity.oauth2.stub.OAuth2TokenValidationServiceStub;
import org.wso2.carbon.identity.oauth2.stub.dto.OAuth2ClientApplicationDTO;
import org.wso2.carbon.identity.oauth2.stub.dto.OAuth2TokenValidationRequestDTO;
import org.wso2.carbon.identity.oauth2.stub.dto.OAuth2TokenValidationRequestDTO_OAuth2AccessToken;
import org.wso2.carbon.identity.oauth2.stub.dto.OAuth2TokenValidationRequestDTO_TokenValidationContextParam;
import org.wso2.carbon.utils.multitenancy.MultitenantUtils;
import org.wso2.carbon.identity.authenticator.backend.oauth.OauthAuthenticatorConstants;
import org.wso2.carbon.identity.authenticator.backend.oauth.validator.OAuth2TokenValidator;
import org.wso2.carbon.identity.authenticator.backend.oauth.validator.OAuthValidationRespond;
import java.rmi.RemoteException;
import java.util.ArrayList;
import java.util.List;
/**
* Handles the Authentication form external IDP servers.
* Currently only supports WSO2 IS.
* External IDP support is planned for future.
*/
public class ExternalOAuthValidator implements OAuth2TokenValidator{
protected String hostURL ;
public ExternalOAuthValidator(String hostURL) {
this.hostURL = hostURL;
}
/**
* This method gets a string accessToken and validates it and generate the OAuth2ClientApplicationDTO
* containing the validity and user details if valid.
*
* @param token which need to be validated.
* @return OAuthValidationRespond with the validated results.
*/
public OAuthValidationRespond validateToken(String token) throws RemoteException {
// create an OAuth token validating request DTO
OAuth2TokenValidationRequestDTO validationRequest = new OAuth2TokenValidationRequestDTO();
// create access token object to validate and populate it
OAuth2TokenValidationRequestDTO_OAuth2AccessToken accessToken =
new OAuth2TokenValidationRequestDTO_OAuth2AccessToken();
accessToken.setTokenType(OauthAuthenticatorConstants.BEARER_TOKEN_TYPE);
accessToken.setIdentifier(token);
OAuth2TokenValidationRequestDTO_TokenValidationContextParam tokenValidationContextParam[] =
new OAuth2TokenValidationRequestDTO_TokenValidationContextParam[1];
validationRequest.setContext(tokenValidationContextParam);
//set the token to the validation request
validationRequest.setAccessToken(accessToken);
OAuth2TokenValidationServiceStub validationService =
new OAuth2TokenValidationServiceStub(hostURL);
ServiceClient client = validationService._getServiceClient();
Options options = client.getOptions();
List<Header> list = new ArrayList<>();
Header header = new Header();
header.setName(HTTPConstants.HEADER_AUTHORIZATION);
header.setValue(OauthAuthenticatorConstants.AUTHORIZATION_HEADER_PREFIX_BEARER+ " " + token);
list.add(header);
options.setProperty(org.apache.axis2.transport.http.HTTPConstants.HTTP_HEADERS, list);
client.setOptions(options);
OAuth2ClientApplicationDTO respond =
validationService.findOAuthConsumerIfTokenIsValid(validationRequest);
boolean isValid = respond.getAccessTokenValidationResponse().getValid();
String userName = null;
String tenantDomain = null;
if(isValid){
userName = MultitenantUtils.getTenantAwareUsername(
respond.getAccessTokenValidationResponse().getAuthorizedUser());
tenantDomain =
MultitenantUtils.getTenantDomain(respond.getAccessTokenValidationResponse().getAuthorizedUser());
}
return new OAuthValidationRespond(userName,tenantDomain,isValid);
}
}

@ -0,0 +1,69 @@
/*
* Copyright (c) 2015 WSO2 Inc. (http://www.wso2.org) All Rights Reserved.
*
* WSO2 Inc. licenses this file to you under the Apache License,
* Version 2.0 (the "License"); you may not use this file except
* in compliance with the License.
* You may obtain a copy of the License at
*
* http://www.apache.org/licenses/LICENSE-2.0
*
* Unless required by applicable law or agreed to in writing,
* software distributed under the License is distributed on an
* "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
* KIND, either express or implied. See the License for the
* specific language governing permissions and limitations
* under the License.
*/
package org.wso2.carbon.identity.authenticator.backend.oauth.validator.impl;
import org.wso2.carbon.identity.oauth2.OAuth2TokenValidationService;
import org.wso2.carbon.identity.oauth2.dto.OAuth2ClientApplicationDTO;
import org.wso2.carbon.identity.oauth2.dto.OAuth2TokenValidationRequestDTO;
import org.wso2.carbon.utils.multitenancy.MultitenantUtils;
import org.wso2.carbon.identity.authenticator.backend.oauth.OauthAuthenticatorConstants;
import org.wso2.carbon.identity.authenticator.backend.oauth.validator.OAuth2TokenValidator;
import org.wso2.carbon.identity.authenticator.backend.oauth.validator.OAuthValidationRespond;
/**
* Handles the authentication using the inbuilt IS features.
*/
public class LocalOAuthValidator implements OAuth2TokenValidator {
/**
* This method gets a string accessToken and validates it and generate the OAuth2ClientApplicationDTO
* containing the validity and user details if valid.
*
* @param token which need to be validated.
* @return OAuthValidationRespond with the validated results.
*/
public OAuthValidationRespond validateToken(String token) {
// create an OAuth token validating request DTO
OAuth2TokenValidationRequestDTO validationRequest = new OAuth2TokenValidationRequestDTO();
// create access token object to validate and populate it
OAuth2TokenValidationRequestDTO.OAuth2AccessToken accessToken =
validationRequest.new OAuth2AccessToken();
accessToken.setTokenType(OauthAuthenticatorConstants.BEARER_TOKEN_TYPE);
accessToken.setIdentifier(token);
//the workaround till the version is upgraded in both is and EMM to be the same.
OAuth2TokenValidationRequestDTO.TokenValidationContextParam tokenValidationContextParam[] =
new OAuth2TokenValidationRequestDTO.TokenValidationContextParam[1];
//==
validationRequest.setContext(tokenValidationContextParam);
//set the token to the validation request
validationRequest.setAccessToken(accessToken);
OAuth2TokenValidationService validationService = new OAuth2TokenValidationService();
OAuth2ClientApplicationDTO respond = validationService.
findOAuthConsumerIfTokenIsValid(validationRequest);
boolean isValid = respond.getAccessTokenValidationResponse().isValid();
String userName = null;
String tenantDomain = null;
if(isValid){
userName = MultitenantUtils.getTenantAwareUsername(
respond.getAccessTokenValidationResponse().getAuthorizedUser());
tenantDomain =
MultitenantUtils.getTenantDomain(respond.getAccessTokenValidationResponse().getAuthorizedUser());
}
return new OAuthValidationRespond(userName,tenantDomain,isValid);
}
}

@ -37,6 +37,7 @@
<modules>
<module>org.wso2.carbon.device.mgt.oauth.extensions</module>
<module>dynamic-client-registration</module>
<module>backend-oauth-authenticator</module>
</modules>
</project>

@ -941,6 +941,22 @@
<artifactId>org.wso2.carbon.identity.oauth.stub</artifactId>
<version>${carbon.identity.version}</version>
</dependency>
<dependency>
<groupId>org.wso2.carbon.identity</groupId>
<artifactId>org.wso2.carbon.identity.application.authentication.framework</artifactId>
<version>${carbon.identity.version}</version>
</dependency>
<dependency>
<groupId>org.wso2.carbon.identity</groupId>
<artifactId>org.wso2.carbon.identity.oauth</artifactId>
<version>${carbon.identity.version}</version>
</dependency>
<dependency>
<groupId>org.wso2.carbon.identity</groupId>
<artifactId>org.wso2.carbon.identity.application.common</artifactId>
<version>${carbon.identity.version}</version>
</dependency>
<!-- End of Carbon Identity dependencies -->
<!-- CXF dependencies -->
@ -1126,11 +1142,6 @@
</exclusion>
</exclusions>
</dependency>
<dependency>
<groupId>org.wso2.carbon.identity</groupId>
<artifactId>org.wso2.carbon.identity.oauth</artifactId>
<version>${carbon.identity.version}</version>
</dependency>
<dependency>
<groupId>org.wso2.carbon.identity</groupId>
<artifactId>org.wso2.carbon.identity.sso.saml</artifactId>

Loading…
Cancel
Save