From 97df36842df27b293716f2d885b570bdf98fe08d Mon Sep 17 00:00:00 2001 From: Kamidu Sachith Date: Thu, 8 Oct 2015 14:02:29 +0530 Subject: [PATCH 1/9] Enabling OAuth Authentication for BackEnd Services --- .../backend-oauth-authenticator/pom.xml | 108 +++++++++++ .../backend/oauth/AuthenticatorException.java | 41 +++++ .../backend/oauth/OauthAuthenticator.java | 170 ++++++++++++++++++ .../oauth/OauthAuthenticatorConstants.java | 28 +++ .../OauthAuthenticatorServiceComponent.java | 56 ++++++ .../oauth/validator/OAuth2TokenValidator.java | 34 ++++ .../validator/OAuthValidationRespond.java | 57 ++++++ .../validator/OAuthValidatorFactory.java | 52 ++++++ .../impl/ExternalOAuthValidator.java | 98 ++++++++++ .../validator/impl/LocalOAuthValidator.java | 69 +++++++ components/identity-extensions/pom.xml | 1 + pom.xml | 21 ++- 12 files changed, 730 insertions(+), 5 deletions(-) create mode 100644 components/identity-extensions/backend-oauth-authenticator/pom.xml create mode 100755 components/identity-extensions/backend-oauth-authenticator/src/main/java/org/wso2/carbon/identity/authenticator/backend/oauth/AuthenticatorException.java create mode 100755 components/identity-extensions/backend-oauth-authenticator/src/main/java/org/wso2/carbon/identity/authenticator/backend/oauth/OauthAuthenticator.java create mode 100755 components/identity-extensions/backend-oauth-authenticator/src/main/java/org/wso2/carbon/identity/authenticator/backend/oauth/OauthAuthenticatorConstants.java create mode 100755 components/identity-extensions/backend-oauth-authenticator/src/main/java/org/wso2/carbon/identity/authenticator/backend/oauth/internal/OauthAuthenticatorServiceComponent.java create mode 100755 components/identity-extensions/backend-oauth-authenticator/src/main/java/org/wso2/carbon/identity/authenticator/backend/oauth/validator/OAuth2TokenValidator.java create mode 100755 components/identity-extensions/backend-oauth-authenticator/src/main/java/org/wso2/carbon/identity/authenticator/backend/oauth/validator/OAuthValidationRespond.java create mode 100755 components/identity-extensions/backend-oauth-authenticator/src/main/java/org/wso2/carbon/identity/authenticator/backend/oauth/validator/OAuthValidatorFactory.java create mode 100755 components/identity-extensions/backend-oauth-authenticator/src/main/java/org/wso2/carbon/identity/authenticator/backend/oauth/validator/impl/ExternalOAuthValidator.java create mode 100755 components/identity-extensions/backend-oauth-authenticator/src/main/java/org/wso2/carbon/identity/authenticator/backend/oauth/validator/impl/LocalOAuthValidator.java diff --git a/components/identity-extensions/backend-oauth-authenticator/pom.xml b/components/identity-extensions/backend-oauth-authenticator/pom.xml new file mode 100644 index 00000000000..ac4bc382e5c --- /dev/null +++ b/components/identity-extensions/backend-oauth-authenticator/pom.xml @@ -0,0 +1,108 @@ + + + + identity-extensions + org.wso2.carbon.devicemgt + 0.9.2-SNAPSHOT + + 4.0.0 + bundle + WSO2 Carbon - OAuth Back End Authenticator + org.wso2.carbon.identity.authenticator.backend.oauth + + + + org.wso2.carbon + org.wso2.carbon.utils + ${carbon.kernel.version} + + + org.wso2.carbon.identity + org.wso2.carbon.identity.base + ${carbon.identity.version} + + + org.wso2.carbon.identity + org.wso2.carbon.identity.core + ${carbon.identity.version} + + + org.wso2.carbon + org.wso2.carbon.core + ${carbon.kernel.version} + + + org.wso2.carbon + org.wso2.carbon.logging + ${carbon.kernel.version} + + + org.wso2.carbon.identity + org.wso2.carbon.identity.application.authentication.framework + ${carbon.identity.version} + + + org.wso2.carbon + org.wso2.carbon.core.services + ${carbon.kernel.version} + + + org.wso2.carbon.identity + org.wso2.carbon.identity.oauth + ${carbon.identity.version} + + + org.wso2.carbon.identity + org.wso2.carbon.identity.application.common + ${carbon.identity.version} + + + org.wso2.carbon.identity + org.wso2.carbon.identity.oauth.stub + + + + + + + org.apache.felix + maven-scr-plugin + + + org.apache.felix + maven-bundle-plugin + 1.4.0 + true + + + ${pom.artifactId} + ${pom.artifactId} + + org.wso2.sample.authenticator.internal + + + !org.wso2.sample.authenticator.internal, + org.wso2.sample.authenticator.*, + + + javax.servlet.http, + org.apache.commons.logging, + org.wso2.carbon.identity.application.authentication.framework.*, + org.wso2.carbon.identity.oauth2, + org.wso2.carbon.identity.oauth2.dto, + org.wso2.carbon.user.core.service, + org.wso2.carbon.utils.multitenancy + + + org.wso2.carbon.identity.authenticator.backend.oauth.*; + + * + + + + + + + \ No newline at end of file diff --git a/components/identity-extensions/backend-oauth-authenticator/src/main/java/org/wso2/carbon/identity/authenticator/backend/oauth/AuthenticatorException.java b/components/identity-extensions/backend-oauth-authenticator/src/main/java/org/wso2/carbon/identity/authenticator/backend/oauth/AuthenticatorException.java new file mode 100755 index 00000000000..05bc3d69f70 --- /dev/null +++ b/components/identity-extensions/backend-oauth-authenticator/src/main/java/org/wso2/carbon/identity/authenticator/backend/oauth/AuthenticatorException.java @@ -0,0 +1,41 @@ +/* +* Copyright (c) 2015 WSO2 Inc. (http://www.wso2.org) All Rights Reserved. +* +* WSO2 Inc. licenses this file to you under the Apache License, +* Version 2.0 (the "License"); you may not use this file except +* in compliance with the License. +* You may obtain a copy of the License at +* +* http://www.apache.org/licenses/LICENSE-2.0 +* +* Unless required by applicable law or agreed to in writing, +* software distributed under the License is distributed on an +* "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY +* KIND, either express or implied. See the License for the +* specific language governing permissions and limitations +* under the License. +*/ +package org.wso2.carbon.identity.authenticator.backend.oauth; + +/** + *Custom exception for backend OAuth authentication + */ +@SuppressWarnings("unused") +public class AuthenticatorException extends Exception { + + private static final long serialVersionUID = 1L; + + public AuthenticatorException(String message) { + super(message); + } + + public AuthenticatorException(Throwable e) { + super(e); + } + + public AuthenticatorException(String message, Throwable e) { + super(message, e); + } + + +} diff --git a/components/identity-extensions/backend-oauth-authenticator/src/main/java/org/wso2/carbon/identity/authenticator/backend/oauth/OauthAuthenticator.java b/components/identity-extensions/backend-oauth-authenticator/src/main/java/org/wso2/carbon/identity/authenticator/backend/oauth/OauthAuthenticator.java new file mode 100755 index 00000000000..43877ba832c --- /dev/null +++ b/components/identity-extensions/backend-oauth-authenticator/src/main/java/org/wso2/carbon/identity/authenticator/backend/oauth/OauthAuthenticator.java @@ -0,0 +1,170 @@ +/* + * Copyright (c) 2015 WSO2 Inc. (http://www.wso2.org) All Rights Reserved. + * + * WSO2 Inc. licenses this file to you under the Apache License, + * Version 2.0 (the "License"); you may not use this file except + * in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, + * software distributed under the License is distributed on an + * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY + * KIND, either express or implied. See the License for the + * specific language governing permissions and limitations + * under the License. + */ +package org.wso2.carbon.identity.authenticator.backend.oauth; + +import org.apache.axis2.context.MessageContext; +import org.apache.axis2.transport.http.HTTPConstants; +import org.apache.commons.logging.Log; +import org.apache.commons.logging.LogFactory; +import org.wso2.carbon.base.MultitenantConstants; +import org.wso2.carbon.core.security.AuthenticatorsConfiguration; +import org.wso2.carbon.core.services.authentication.CarbonServerAuthenticator; +import org.wso2.carbon.utils.ServerConstants; +import org.wso2.carbon.identity.authenticator.backend.oauth.validator.OAuth2TokenValidator; +import org.wso2.carbon.identity.authenticator.backend.oauth.validator.OAuthValidationRespond; +import org.wso2.carbon.identity.authenticator.backend.oauth.validator.OAuthValidatorFactory; + +import javax.servlet.http.HttpServletRequest; +import javax.servlet.http.HttpSession; +import java.rmi.RemoteException; + +/** + * This is a custom back end authenticator for enable OAuth token authentication for admin services + */ +public class OauthAuthenticator implements CarbonServerAuthenticator { + + private static final Log log = LogFactory.getLog(OauthAuthenticator.class); + private static final int PRIORITY = 5; + private static final int ACCESS_TOKEN_INDEX = 1; + + private static String hostUrl = ""; + private static boolean isRemote = false; + + static { + AuthenticatorsConfiguration authenticatorsConfiguration = AuthenticatorsConfiguration.getInstance(); + AuthenticatorsConfiguration.AuthenticatorConfig authenticatorConfig = authenticatorsConfiguration.getAuthenticatorConfig(OauthAuthenticatorConstants.AUTHENTICATOR_NAME); + + if (authenticatorConfig != null) { + isRemote = Boolean.parseBoolean(authenticatorConfig.getParameters().get("isRemote")); + hostUrl = authenticatorConfig.getParameters().get("hostURL"); + + } + } + + /** + * Checks whether the authentication of the context can be handled using this authenticator. + * + * @param messageContext containing the request need to be authenticated. + * @return boolean indicating whether the request can be authenticated by this Authenticator. + */ + public boolean isHandle(MessageContext messageContext) { + HttpServletRequest httpServletRequest = getHttpRequest(messageContext); + String headerValue = httpServletRequest.getHeader(HTTPConstants.HEADER_AUTHORIZATION); + + if (headerValue != null && !headerValue.trim().isEmpty()) { + String[] headerPart = headerValue.trim().split(OauthAuthenticatorConstants.SPLITING_CHARACTOR); + + if (OauthAuthenticatorConstants.AUTHORIZATION_HEADER_PREFIX_BEARER.equals(headerPart[0])) { + return true; + } + } else if (httpServletRequest.getParameter(OauthAuthenticatorConstants.BEARER_TOKEN_IDENTIFIER) != null) { + return true; + } + return false; + } + + /** + * Authenticates the user using the provided OAuth token and returns the status as a boolean. + * Sets the tenant domain and tenant friendly username to the session as attributes. + * + * @param messageContext containing the request need to be authenticated. + * @return boolean indicating the authentication status. + */ + public boolean isAuthenticated(MessageContext messageContext) { + HttpServletRequest httpServletRequest = getHttpRequest(messageContext); + String headerValue = httpServletRequest.getHeader(HTTPConstants.HEADER_AUTHORIZATION); + //split the header value to separate the identity type and the token. + String[] headerPart = headerValue.trim().split(OauthAuthenticatorConstants.SPLITING_CHARACTOR); + String accessToken = headerPart[ACCESS_TOKEN_INDEX]; + OAuth2TokenValidator tokenValidator = OAuthValidatorFactory.getValidator(isRemote,hostUrl); + + if (tokenValidator == null) { + log.error("OAuthValidationFactory failed to return a validator", + new AuthenticatorException("OAuthValidatorFactory Failed to determine the validator")); + return false; + } + + OAuthValidationRespond respond = null; + try { + respond = tokenValidator.validateToken(accessToken); + } catch (RemoteException e) { + log.error("Failed to validate the OAuth token provided.", e); + } + + if (respond != null && respond.isValid()) { + HttpSession session; + + if ((session = httpServletRequest.getSession(false)) != null) { + session.setAttribute(MultitenantConstants.TENANT_DOMAIN, respond.getTenantDomain()); + session.setAttribute(ServerConstants.USER_LOGGED_IN, respond.getUserName()); + + if (log.isDebugEnabled()) { + log.debug("Authentication successful for " + session.getAttribute(ServerConstants.USER_LOGGED_IN)); + } + } + return true; + } + + if (log.isDebugEnabled()) { + log.debug("Authentication failed.Illegal attempt from session " + httpServletRequest.getSession().getId()); + } + return false; + } + + /** + * this method is currently not implemented. + * + * @param messageContext containing the request need to be authenticated. + * @return boolean + */ + public boolean authenticateWithRememberMe(MessageContext messageContext) { + throw new UnsupportedOperationException(); + } + + /** + * @return string Authenticator name. + */ + public String getAuthenticatorName() { + return OauthAuthenticatorConstants.AUTHENTICATOR_NAME; + } + + /** + * @return int priority of the authenticator. + */ + public int getPriority() { + return PRIORITY; + } + + /** + * @return boolean true for enable or otherwise for disable status. + */ + public boolean isDisabled() { + return false; + } + + /** + * Retrieve HTTP Servlet Request form thr Message Context. + * + * @param messageContext Containing the Servlet Request for backend authentication. + * @return HTTPServletRequest. + */ + private HttpServletRequest getHttpRequest(MessageContext messageContext) { + return (HttpServletRequest) messageContext.getProperty(HTTPConstants.MC_HTTP_SERVLETREQUEST); + } + +} diff --git a/components/identity-extensions/backend-oauth-authenticator/src/main/java/org/wso2/carbon/identity/authenticator/backend/oauth/OauthAuthenticatorConstants.java b/components/identity-extensions/backend-oauth-authenticator/src/main/java/org/wso2/carbon/identity/authenticator/backend/oauth/OauthAuthenticatorConstants.java new file mode 100755 index 00000000000..badaf8dbed4 --- /dev/null +++ b/components/identity-extensions/backend-oauth-authenticator/src/main/java/org/wso2/carbon/identity/authenticator/backend/oauth/OauthAuthenticatorConstants.java @@ -0,0 +1,28 @@ +/* +* Copyright (c) 2015 WSO2 Inc. (http://www.wso2.org) All Rights Reserved. +* +* WSO2 Inc. licenses this file to you under the Apache License, +* Version 2.0 (the "License"); you may not use this file except +* in compliance with the License. +* You may obtain a copy of the License at +* +* http://www.apache.org/licenses/LICENSE-2.0 +* +* Unless required by applicable law or agreed to in writing, +* software distributed under the License is distributed on an +* "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY +* KIND, either express or implied. See the License for the +* specific language governing permissions and limitations +* under the License. +*/ +package org.wso2.carbon.identity.authenticator.backend.oauth; + +public class OauthAuthenticatorConstants { + public static final String AUTHORIZATION_HEADER_PREFIX_BEARER = "Bearer"; + public static final String BEARER_TOKEN_TYPE = "bearer"; + public static final String BEARER_TOKEN_IDENTIFIER = "token"; + public static final String AUTHENTICATOR_NAME = "BackEndOAuthAuthenticator"; + public static final String SPLITING_CHARACTOR = " "; + public static String OAUTH_ENDPOINT_POSTFIX = + "/services/OAuth2TokenValidationService.OAuth2TokenValidationServiceHttpsSoap12Endpoint/"; +} diff --git a/components/identity-extensions/backend-oauth-authenticator/src/main/java/org/wso2/carbon/identity/authenticator/backend/oauth/internal/OauthAuthenticatorServiceComponent.java b/components/identity-extensions/backend-oauth-authenticator/src/main/java/org/wso2/carbon/identity/authenticator/backend/oauth/internal/OauthAuthenticatorServiceComponent.java new file mode 100755 index 00000000000..59577ac633b --- /dev/null +++ b/components/identity-extensions/backend-oauth-authenticator/src/main/java/org/wso2/carbon/identity/authenticator/backend/oauth/internal/OauthAuthenticatorServiceComponent.java @@ -0,0 +1,56 @@ +/* +* Copyright (c) 2015 WSO2 Inc. (http://www.wso2.org) All Rights Reserved. +* +* WSO2 Inc. licenses this file to you under the Apache License, +* Version 2.0 (the "License"); you may not use this file except +* in compliance with the License. +* You may obtain a copy of the License at +* +* http://www.apache.org/licenses/LICENSE-2.0 +* +* Unless required by applicable law or agreed to in writing, +* software distributed under the License is distributed on an +* "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY +* KIND, either express or implied. See the License for the +* specific language governing permissions and limitations +* under the License. +*/ + +package org.wso2.carbon.identity.authenticator.backend.oauth.internal; + +import org.apache.commons.logging.Log; +import org.apache.commons.logging.LogFactory; +import org.osgi.service.component.ComponentContext; +import org.wso2.carbon.core.services.authentication.CarbonServerAuthenticator; +import org.wso2.carbon.identity.authenticator.backend.oauth.OauthAuthenticator; + + +/** + * @scr.component component.name="org.wso2.carbon.identity.authenticator.backend.oauth.OauthAuthenticator" immediate="true" + */ +@SuppressWarnings("unused") +public class OauthAuthenticatorServiceComponent { + + private static final Log log = LogFactory.getLog(OauthAuthenticatorServiceComponent + .class); + + protected void activate(ComponentContext ctxt) { + try { + OauthAuthenticator oauthAuthenticator = new OauthAuthenticator(); + ctxt.getBundleContext().registerService(CarbonServerAuthenticator.class.getName(), + oauthAuthenticator, null); + if (log.isDebugEnabled()) { + log.debug("OAuth Authenticator bundle is activated"); + } + } catch (Throwable e) { + log.fatal(" Error while activating OAuth authenticator ", e); + } + } + + protected void deactivate(ComponentContext ctxt) { + if (log.isDebugEnabled()) { + log.debug("OAuth Authenticator bundle is deactivated"); + } + } + +} diff --git a/components/identity-extensions/backend-oauth-authenticator/src/main/java/org/wso2/carbon/identity/authenticator/backend/oauth/validator/OAuth2TokenValidator.java b/components/identity-extensions/backend-oauth-authenticator/src/main/java/org/wso2/carbon/identity/authenticator/backend/oauth/validator/OAuth2TokenValidator.java new file mode 100755 index 00000000000..7382fe1370d --- /dev/null +++ b/components/identity-extensions/backend-oauth-authenticator/src/main/java/org/wso2/carbon/identity/authenticator/backend/oauth/validator/OAuth2TokenValidator.java @@ -0,0 +1,34 @@ +/* +* Copyright (c) 2015 WSO2 Inc. (http://www.wso2.org) All Rights Reserved. +* +* WSO2 Inc. licenses this file to you under the Apache License, +* Version 2.0 (the "License"); you may not use this file except +* in compliance with the License. +* You may obtain a copy of the License at +* +* http://www.apache.org/licenses/LICENSE-2.0 +* +* Unless required by applicable law or agreed to in writing, +* software distributed under the License is distributed on an +* "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY +* KIND, either express or implied. See the License for the +* specific language governing permissions and limitations +* under the License. +*/ +package org.wso2.carbon.identity.authenticator.backend.oauth.validator; + +import java.rmi.RemoteException; + +/** + * Interface for the OAuth@TokenValidators + */ +public interface OAuth2TokenValidator { + /** + * This method gets a string accessToken and validates it and generate the OAuth2ClientApplicationDTO + * containing the validity and user details if valid. + * + * @param accessToken which need to be validated. + * @return OAuthValidationRespond with the validated results. + */ + OAuthValidationRespond validateToken(String accessToken) throws RemoteException; +} diff --git a/components/identity-extensions/backend-oauth-authenticator/src/main/java/org/wso2/carbon/identity/authenticator/backend/oauth/validator/OAuthValidationRespond.java b/components/identity-extensions/backend-oauth-authenticator/src/main/java/org/wso2/carbon/identity/authenticator/backend/oauth/validator/OAuthValidationRespond.java new file mode 100755 index 00000000000..1e45aa59236 --- /dev/null +++ b/components/identity-extensions/backend-oauth-authenticator/src/main/java/org/wso2/carbon/identity/authenticator/backend/oauth/validator/OAuthValidationRespond.java @@ -0,0 +1,57 @@ +/* +* Copyright (c) 2015 WSO2 Inc. (http://www.wso2.org) All Rights Reserved. +* +* WSO2 Inc. licenses this file to you under the Apache License, +* Version 2.0 (the "License"); you may not use this file except +* in compliance with the License. +* You may obtain a copy of the License at +* +* http://www.apache.org/licenses/LICENSE-2.0 +* +* Unless required by applicable law or agreed to in writing, +* software distributed under the License is distributed on an +* "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY +* KIND, either express or implied. See the License for the +* specific language governing permissions and limitations +* under the License. +*/ +package org.wso2.carbon.identity.authenticator.backend.oauth.validator; + +/** + * This class hold the validation information which can be retrieve by both remote and in house IDPs + */ +public class OAuthValidationRespond { + private String userName; + private String tenantDomain; + private boolean isValid; + + public OAuthValidationRespond(String userName, String tenantDomain, boolean isValid) { + this.userName = userName; + this.tenantDomain = tenantDomain; + this.isValid = isValid; + } + + public String getUserName() { + return userName; + } + + public void setUserName(String userName) { + this.userName = userName; + } + + public String getTenantDomain() { + return tenantDomain; + } + + public void setTenantDomain(String tenantDomain) { + this.tenantDomain = tenantDomain; + } + + public boolean isValid() { + return isValid; + } + + public void setIsValid(boolean isValid) { + this.isValid = isValid; + } +} \ No newline at end of file diff --git a/components/identity-extensions/backend-oauth-authenticator/src/main/java/org/wso2/carbon/identity/authenticator/backend/oauth/validator/OAuthValidatorFactory.java b/components/identity-extensions/backend-oauth-authenticator/src/main/java/org/wso2/carbon/identity/authenticator/backend/oauth/validator/OAuthValidatorFactory.java new file mode 100755 index 00000000000..e3dab669c6a --- /dev/null +++ b/components/identity-extensions/backend-oauth-authenticator/src/main/java/org/wso2/carbon/identity/authenticator/backend/oauth/validator/OAuthValidatorFactory.java @@ -0,0 +1,52 @@ +/* +* Copyright (c) 2015 WSO2 Inc. (http://www.wso2.org) All Rights Reserved. +* +* WSO2 Inc. licenses this file to you under the Apache License, +* Version 2.0 (the "License"); you may not use this file except +* in compliance with the License. +* You may obtain a copy of the License at +* +* http://www.apache.org/licenses/LICENSE-2.0 +* +* Unless required by applicable law or agreed to in writing, +* software distributed under the License is distributed on an +* "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY +* KIND, either express or implied. See the License for the +* specific language governing permissions and limitations +* under the License. +*/ +package org.wso2.carbon.identity.authenticator.backend.oauth.validator; + +import org.apache.commons.logging.Log; +import org.apache.commons.logging.LogFactory; +import org.wso2.carbon.identity.authenticator.backend.oauth.AuthenticatorException; +import org.wso2.carbon.identity.authenticator.backend.oauth.OauthAuthenticatorConstants; +import org.wso2.carbon.identity.authenticator.backend.oauth.validator.impl.ExternalOAuthValidator; +import org.wso2.carbon.identity.authenticator.backend.oauth.validator.impl.LocalOAuthValidator; + +/** + * the class validate the configurations and provide the most suitable implementation according to the configuration. + * Factory class for OAuthValidator. + */ +public class OAuthValidatorFactory { + private static Log log = LogFactory.getLog(OAuthValidatorFactory.class); + + /** + * the method check the configuration and provide the appropriate implementation for OAuth2TokenValidator + * + * @return OAuth2TokenValidator + */ + public static OAuth2TokenValidator getValidator(boolean isRemote ,String hostURL) { + if(isRemote){ + if(!(hostURL == null || hostURL.trim().isEmpty())){ + hostURL = hostURL + OauthAuthenticatorConstants.OAUTH_ENDPOINT_POSTFIX; + return new ExternalOAuthValidator(hostURL); + }else { + log.error("IDP Configuration error", + new AuthenticatorException("Remote server name and ip both can't be empty")); + return null; + } + } + return new LocalOAuthValidator(); + } +} diff --git a/components/identity-extensions/backend-oauth-authenticator/src/main/java/org/wso2/carbon/identity/authenticator/backend/oauth/validator/impl/ExternalOAuthValidator.java b/components/identity-extensions/backend-oauth-authenticator/src/main/java/org/wso2/carbon/identity/authenticator/backend/oauth/validator/impl/ExternalOAuthValidator.java new file mode 100755 index 00000000000..4a337e9a9cf --- /dev/null +++ b/components/identity-extensions/backend-oauth-authenticator/src/main/java/org/wso2/carbon/identity/authenticator/backend/oauth/validator/impl/ExternalOAuthValidator.java @@ -0,0 +1,98 @@ +/* +* Copyright (c) 2015 WSO2 Inc. (http://www.wso2.org) All Rights Reserved. +* +* WSO2 Inc. licenses this file to you under the Apache License, +* Version 2.0 (the "License"); you may not use this file except +* in compliance with the License. +* You may obtain a copy of the License at +* +* http://www.apache.org/licenses/LICENSE-2.0 +* +* Unless required by applicable law or agreed to in writing, +* software distributed under the License is distributed on an +* "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY +* KIND, either express or implied. See the License for the +* specific language governing permissions and limitations +* under the License. +*/ +package org.wso2.carbon.identity.authenticator.backend.oauth.validator.impl; + +import org.apache.axis2.client.Options; +import org.apache.axis2.client.ServiceClient; +import org.apache.axis2.transport.http.HTTPConstants; +import org.apache.commons.httpclient.Header; +import org.wso2.carbon.identity.oauth2.stub.OAuth2TokenValidationServiceStub; +import org.wso2.carbon.identity.oauth2.stub.dto.OAuth2ClientApplicationDTO; +import org.wso2.carbon.identity.oauth2.stub.dto.OAuth2TokenValidationRequestDTO; +import org.wso2.carbon.identity.oauth2.stub.dto.OAuth2TokenValidationRequestDTO_OAuth2AccessToken; +import org.wso2.carbon.identity.oauth2.stub.dto.OAuth2TokenValidationRequestDTO_TokenValidationContextParam; +import org.wso2.carbon.utils.multitenancy.MultitenantUtils; +import org.wso2.carbon.identity.authenticator.backend.oauth.OauthAuthenticatorConstants; +import org.wso2.carbon.identity.authenticator.backend.oauth.validator.OAuth2TokenValidator; +import org.wso2.carbon.identity.authenticator.backend.oauth.validator.OAuthValidationRespond; + +import java.rmi.RemoteException; +import java.util.ArrayList; +import java.util.List; + +/** + * Handles the Authentication form external IDP servers. + * Currently only supports WSO2 IS. + * External IDP support is planned for future. + */ +public class ExternalOAuthValidator implements OAuth2TokenValidator{ + protected String hostURL ; + + public ExternalOAuthValidator(String hostURL) { + this.hostURL = hostURL; + } + /** + * This method gets a string accessToken and validates it and generate the OAuth2ClientApplicationDTO + * containing the validity and user details if valid. + * + * @param token which need to be validated. + * @return OAuthValidationRespond with the validated results. + */ + public OAuthValidationRespond validateToken(String token) throws RemoteException { + + // create an OAuth token validating request DTO + OAuth2TokenValidationRequestDTO validationRequest = new OAuth2TokenValidationRequestDTO(); + + // create access token object to validate and populate it + OAuth2TokenValidationRequestDTO_OAuth2AccessToken accessToken = + new OAuth2TokenValidationRequestDTO_OAuth2AccessToken(); + accessToken.setTokenType(OauthAuthenticatorConstants.BEARER_TOKEN_TYPE); + accessToken.setIdentifier(token); + OAuth2TokenValidationRequestDTO_TokenValidationContextParam tokenValidationContextParam[] = + new OAuth2TokenValidationRequestDTO_TokenValidationContextParam[1]; + validationRequest.setContext(tokenValidationContextParam); + + //set the token to the validation request + validationRequest.setAccessToken(accessToken); + OAuth2TokenValidationServiceStub validationService = + new OAuth2TokenValidationServiceStub(hostURL); + ServiceClient client = validationService._getServiceClient(); + Options options = client.getOptions(); + List
list = new ArrayList<>(); + Header header = new Header(); + header.setName(HTTPConstants.HEADER_AUTHORIZATION); + header.setValue(OauthAuthenticatorConstants.AUTHORIZATION_HEADER_PREFIX_BEARER+ " " + token); + list.add(header); + options.setProperty(org.apache.axis2.transport.http.HTTPConstants.HTTP_HEADERS, list); + client.setOptions(options); + OAuth2ClientApplicationDTO respond = + validationService.findOAuthConsumerIfTokenIsValid(validationRequest); + boolean isValid = respond.getAccessTokenValidationResponse().getValid(); + String userName = null; + String tenantDomain = null; + + if(isValid){ + userName = MultitenantUtils.getTenantAwareUsername( + respond.getAccessTokenValidationResponse().getAuthorizedUser()); + tenantDomain = + MultitenantUtils.getTenantDomain(respond.getAccessTokenValidationResponse().getAuthorizedUser()); + } + + return new OAuthValidationRespond(userName,tenantDomain,isValid); + } +} diff --git a/components/identity-extensions/backend-oauth-authenticator/src/main/java/org/wso2/carbon/identity/authenticator/backend/oauth/validator/impl/LocalOAuthValidator.java b/components/identity-extensions/backend-oauth-authenticator/src/main/java/org/wso2/carbon/identity/authenticator/backend/oauth/validator/impl/LocalOAuthValidator.java new file mode 100755 index 00000000000..d81e7f3531d --- /dev/null +++ b/components/identity-extensions/backend-oauth-authenticator/src/main/java/org/wso2/carbon/identity/authenticator/backend/oauth/validator/impl/LocalOAuthValidator.java @@ -0,0 +1,69 @@ + +/* +* Copyright (c) 2015 WSO2 Inc. (http://www.wso2.org) All Rights Reserved. +* +* WSO2 Inc. licenses this file to you under the Apache License, +* Version 2.0 (the "License"); you may not use this file except +* in compliance with the License. +* You may obtain a copy of the License at +* +* http://www.apache.org/licenses/LICENSE-2.0 +* +* Unless required by applicable law or agreed to in writing, +* software distributed under the License is distributed on an +* "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY +* KIND, either express or implied. See the License for the +* specific language governing permissions and limitations +* under the License. +*/ +package org.wso2.carbon.identity.authenticator.backend.oauth.validator.impl; + +import org.wso2.carbon.identity.oauth2.OAuth2TokenValidationService; +import org.wso2.carbon.identity.oauth2.dto.OAuth2ClientApplicationDTO; +import org.wso2.carbon.identity.oauth2.dto.OAuth2TokenValidationRequestDTO; +import org.wso2.carbon.utils.multitenancy.MultitenantUtils; +import org.wso2.carbon.identity.authenticator.backend.oauth.OauthAuthenticatorConstants; +import org.wso2.carbon.identity.authenticator.backend.oauth.validator.OAuth2TokenValidator; +import org.wso2.carbon.identity.authenticator.backend.oauth.validator.OAuthValidationRespond; + +/** + * Handles the authentication using the inbuilt IS features. + */ +public class LocalOAuthValidator implements OAuth2TokenValidator { + /** + * This method gets a string accessToken and validates it and generate the OAuth2ClientApplicationDTO + * containing the validity and user details if valid. + * + * @param token which need to be validated. + * @return OAuthValidationRespond with the validated results. + */ + public OAuthValidationRespond validateToken(String token) { + // create an OAuth token validating request DTO + OAuth2TokenValidationRequestDTO validationRequest = new OAuth2TokenValidationRequestDTO(); + // create access token object to validate and populate it + OAuth2TokenValidationRequestDTO.OAuth2AccessToken accessToken = + validationRequest.new OAuth2AccessToken(); + accessToken.setTokenType(OauthAuthenticatorConstants.BEARER_TOKEN_TYPE); + accessToken.setIdentifier(token); + //the workaround till the version is upgraded in both is and EMM to be the same. + OAuth2TokenValidationRequestDTO.TokenValidationContextParam tokenValidationContextParam[] = + new OAuth2TokenValidationRequestDTO.TokenValidationContextParam[1]; + //== + validationRequest.setContext(tokenValidationContextParam); + //set the token to the validation request + validationRequest.setAccessToken(accessToken); + OAuth2TokenValidationService validationService = new OAuth2TokenValidationService(); + OAuth2ClientApplicationDTO respond = validationService. + findOAuthConsumerIfTokenIsValid(validationRequest); + boolean isValid = respond.getAccessTokenValidationResponse().isValid(); + String userName = null; + String tenantDomain = null; + if(isValid){ + userName = MultitenantUtils.getTenantAwareUsername( + respond.getAccessTokenValidationResponse().getAuthorizedUser()); + tenantDomain = + MultitenantUtils.getTenantDomain(respond.getAccessTokenValidationResponse().getAuthorizedUser()); + } + return new OAuthValidationRespond(userName,tenantDomain,isValid); + } +} diff --git a/components/identity-extensions/pom.xml b/components/identity-extensions/pom.xml index 78a24d9adb0..8dbb24619dd 100644 --- a/components/identity-extensions/pom.xml +++ b/components/identity-extensions/pom.xml @@ -37,6 +37,7 @@ org.wso2.carbon.device.mgt.oauth.extensions dynamic-client-registration + backend-oauth-authenticator diff --git a/pom.xml b/pom.xml index 26df26d760a..fbfa9406f04 100644 --- a/pom.xml +++ b/pom.xml @@ -941,6 +941,22 @@ org.wso2.carbon.identity.oauth.stub ${carbon.identity.version} + + org.wso2.carbon.identity + org.wso2.carbon.identity.application.authentication.framework + ${carbon.identity.version} + + + + org.wso2.carbon.identity + org.wso2.carbon.identity.oauth + ${carbon.identity.version} + + + org.wso2.carbon.identity + org.wso2.carbon.identity.application.common + ${carbon.identity.version} + @@ -1126,11 +1142,6 @@ - - org.wso2.carbon.identity - org.wso2.carbon.identity.oauth - ${carbon.identity.version} - org.wso2.carbon.identity org.wso2.carbon.identity.sso.saml From 786728b49b978dd82021e828f49f7010f554082f Mon Sep 17 00:00:00 2001 From: Kamidu Sachith Date: Thu, 8 Oct 2015 17:54:49 +0530 Subject: [PATCH 2/9] Recomended Changes to Enabling OAuth Authentication for BackEnd Services --- .../backend-oauth-authenticator/pom.xml | 48 +++++++++++-------- .../backend/oauth/AuthenticatorException.java | 2 +- .../backend/oauth/OauthAuthenticator.java | 45 +++++++---------- .../validator/OAuthValidationRespond.java | 1 + .../validator/OAuthValidatorFactory.java | 20 +++----- .../impl/ExternalOAuthValidator.java | 21 ++------ .../validator/impl/LocalOAuthValidator.java | 9 ---- 7 files changed, 58 insertions(+), 88 deletions(-) diff --git a/components/identity-extensions/backend-oauth-authenticator/pom.xml b/components/identity-extensions/backend-oauth-authenticator/pom.xml index ac4bc382e5c..37cc5274f67 100644 --- a/components/identity-extensions/backend-oauth-authenticator/pom.xml +++ b/components/identity-extensions/backend-oauth-authenticator/pom.xml @@ -1,4 +1,21 @@ + @@ -16,48 +33,39 @@ org.wso2.carbon org.wso2.carbon.utils - ${carbon.kernel.version} - + org.wso2.carbon.identity org.wso2.carbon.identity.base - ${carbon.identity.version} - + org.wso2.carbon.identity org.wso2.carbon.identity.core - ${carbon.identity.version} - + org.wso2.carbon org.wso2.carbon.core - ${carbon.kernel.version} - + org.wso2.carbon org.wso2.carbon.logging - ${carbon.kernel.version} - + org.wso2.carbon.identity org.wso2.carbon.identity.application.authentication.framework - ${carbon.identity.version} - + org.wso2.carbon org.wso2.carbon.core.services - ${carbon.kernel.version} - + org.wso2.carbon.identity org.wso2.carbon.identity.oauth - ${carbon.identity.version} - + org.wso2.carbon.identity org.wso2.carbon.identity.application.common - ${carbon.identity.version} - + org.wso2.carbon.identity org.wso2.carbon.identity.oauth.stub @@ -98,11 +106,9 @@ org.wso2.carbon.identity.authenticator.backend.oauth.*; - * - + - \ No newline at end of file diff --git a/components/identity-extensions/backend-oauth-authenticator/src/main/java/org/wso2/carbon/identity/authenticator/backend/oauth/AuthenticatorException.java b/components/identity-extensions/backend-oauth-authenticator/src/main/java/org/wso2/carbon/identity/authenticator/backend/oauth/AuthenticatorException.java index 05bc3d69f70..42eafd7888c 100755 --- a/components/identity-extensions/backend-oauth-authenticator/src/main/java/org/wso2/carbon/identity/authenticator/backend/oauth/AuthenticatorException.java +++ b/components/identity-extensions/backend-oauth-authenticator/src/main/java/org/wso2/carbon/identity/authenticator/backend/oauth/AuthenticatorException.java @@ -18,7 +18,7 @@ package org.wso2.carbon.identity.authenticator.backend.oauth; /** - *Custom exception for backend OAuth authentication + * Custom exception for backend OAuth authentication */ @SuppressWarnings("unused") public class AuthenticatorException extends Exception { diff --git a/components/identity-extensions/backend-oauth-authenticator/src/main/java/org/wso2/carbon/identity/authenticator/backend/oauth/OauthAuthenticator.java b/components/identity-extensions/backend-oauth-authenticator/src/main/java/org/wso2/carbon/identity/authenticator/backend/oauth/OauthAuthenticator.java index 43877ba832c..adfcf71214a 100755 --- a/components/identity-extensions/backend-oauth-authenticator/src/main/java/org/wso2/carbon/identity/authenticator/backend/oauth/OauthAuthenticator.java +++ b/components/identity-extensions/backend-oauth-authenticator/src/main/java/org/wso2/carbon/identity/authenticator/backend/oauth/OauthAuthenticator.java @@ -41,18 +41,24 @@ public class OauthAuthenticator implements CarbonServerAuthenticator { private static final Log log = LogFactory.getLog(OauthAuthenticator.class); private static final int PRIORITY = 5; private static final int ACCESS_TOKEN_INDEX = 1; + private OAuth2TokenValidator tokenValidator; - private static String hostUrl = ""; - private static boolean isRemote = false; - - static { + public OauthAuthenticator() { AuthenticatorsConfiguration authenticatorsConfiguration = AuthenticatorsConfiguration.getInstance(); - AuthenticatorsConfiguration.AuthenticatorConfig authenticatorConfig = authenticatorsConfiguration.getAuthenticatorConfig(OauthAuthenticatorConstants.AUTHENTICATOR_NAME); - + AuthenticatorsConfiguration.AuthenticatorConfig authenticatorConfig = authenticatorsConfiguration. + getAuthenticatorConfig(OauthAuthenticatorConstants.AUTHENTICATOR_NAME); + boolean isRemote; + String hostUrl; if (authenticatorConfig != null) { isRemote = Boolean.parseBoolean(authenticatorConfig.getParameters().get("isRemote")); hostUrl = authenticatorConfig.getParameters().get("hostURL"); - + }else{ + throw new IllegalArgumentException("Configuration parameters need to be defined in Authenticators.xml"); + } + try { + tokenValidator = OAuthValidatorFactory.getValidator(isRemote, hostUrl); + } catch (IllegalArgumentException e) { + log.error("Failed to initialise Authenticator",e); } } @@ -65,10 +71,8 @@ public class OauthAuthenticator implements CarbonServerAuthenticator { public boolean isHandle(MessageContext messageContext) { HttpServletRequest httpServletRequest = getHttpRequest(messageContext); String headerValue = httpServletRequest.getHeader(HTTPConstants.HEADER_AUTHORIZATION); - if (headerValue != null && !headerValue.trim().isEmpty()) { String[] headerPart = headerValue.trim().split(OauthAuthenticatorConstants.SPLITING_CHARACTOR); - if (OauthAuthenticatorConstants.AUTHORIZATION_HEADER_PREFIX_BEARER.equals(headerPart[0])) { return true; } @@ -88,38 +92,25 @@ public class OauthAuthenticator implements CarbonServerAuthenticator { public boolean isAuthenticated(MessageContext messageContext) { HttpServletRequest httpServletRequest = getHttpRequest(messageContext); String headerValue = httpServletRequest.getHeader(HTTPConstants.HEADER_AUTHORIZATION); - //split the header value to separate the identity type and the token. String[] headerPart = headerValue.trim().split(OauthAuthenticatorConstants.SPLITING_CHARACTOR); String accessToken = headerPart[ACCESS_TOKEN_INDEX]; - OAuth2TokenValidator tokenValidator = OAuthValidatorFactory.getValidator(isRemote,hostUrl); - - if (tokenValidator == null) { - log.error("OAuthValidationFactory failed to return a validator", - new AuthenticatorException("OAuthValidatorFactory Failed to determine the validator")); - return false; - } - - OAuthValidationRespond respond = null; + OAuthValidationRespond response = null; try { - respond = tokenValidator.validateToken(accessToken); + response = tokenValidator.validateToken(accessToken); } catch (RemoteException e) { log.error("Failed to validate the OAuth token provided.", e); } - - if (respond != null && respond.isValid()) { + if (response != null && response.isValid()) { HttpSession session; - if ((session = httpServletRequest.getSession(false)) != null) { - session.setAttribute(MultitenantConstants.TENANT_DOMAIN, respond.getTenantDomain()); - session.setAttribute(ServerConstants.USER_LOGGED_IN, respond.getUserName()); - + session.setAttribute(MultitenantConstants.TENANT_DOMAIN, response.getTenantDomain()); + session.setAttribute(ServerConstants.USER_LOGGED_IN, response.getUserName()); if (log.isDebugEnabled()) { log.debug("Authentication successful for " + session.getAttribute(ServerConstants.USER_LOGGED_IN)); } } return true; } - if (log.isDebugEnabled()) { log.debug("Authentication failed.Illegal attempt from session " + httpServletRequest.getSession().getId()); } diff --git a/components/identity-extensions/backend-oauth-authenticator/src/main/java/org/wso2/carbon/identity/authenticator/backend/oauth/validator/OAuthValidationRespond.java b/components/identity-extensions/backend-oauth-authenticator/src/main/java/org/wso2/carbon/identity/authenticator/backend/oauth/validator/OAuthValidationRespond.java index 1e45aa59236..346ac2ac303 100755 --- a/components/identity-extensions/backend-oauth-authenticator/src/main/java/org/wso2/carbon/identity/authenticator/backend/oauth/validator/OAuthValidationRespond.java +++ b/components/identity-extensions/backend-oauth-authenticator/src/main/java/org/wso2/carbon/identity/authenticator/backend/oauth/validator/OAuthValidationRespond.java @@ -20,6 +20,7 @@ package org.wso2.carbon.identity.authenticator.backend.oauth.validator; /** * This class hold the validation information which can be retrieve by both remote and in house IDPs */ +@SuppressWarnings("unused") public class OAuthValidationRespond { private String userName; private String tenantDomain; diff --git a/components/identity-extensions/backend-oauth-authenticator/src/main/java/org/wso2/carbon/identity/authenticator/backend/oauth/validator/OAuthValidatorFactory.java b/components/identity-extensions/backend-oauth-authenticator/src/main/java/org/wso2/carbon/identity/authenticator/backend/oauth/validator/OAuthValidatorFactory.java index e3dab669c6a..bb88d98f7e7 100755 --- a/components/identity-extensions/backend-oauth-authenticator/src/main/java/org/wso2/carbon/identity/authenticator/backend/oauth/validator/OAuthValidatorFactory.java +++ b/components/identity-extensions/backend-oauth-authenticator/src/main/java/org/wso2/carbon/identity/authenticator/backend/oauth/validator/OAuthValidatorFactory.java @@ -17,34 +17,28 @@ */ package org.wso2.carbon.identity.authenticator.backend.oauth.validator; -import org.apache.commons.logging.Log; -import org.apache.commons.logging.LogFactory; import org.wso2.carbon.identity.authenticator.backend.oauth.AuthenticatorException; import org.wso2.carbon.identity.authenticator.backend.oauth.OauthAuthenticatorConstants; import org.wso2.carbon.identity.authenticator.backend.oauth.validator.impl.ExternalOAuthValidator; import org.wso2.carbon.identity.authenticator.backend.oauth.validator.impl.LocalOAuthValidator; /** - * the class validate the configurations and provide the most suitable implementation according to the configuration. + * The class validate the configurations and provide the most suitable implementation according to the configuration. * Factory class for OAuthValidator. */ public class OAuthValidatorFactory { - private static Log log = LogFactory.getLog(OAuthValidatorFactory.class); /** - * the method check the configuration and provide the appropriate implementation for OAuth2TokenValidator - * + * The method check the configuration and provide the appropriate implementation for OAuth2TokenValidator * @return OAuth2TokenValidator */ - public static OAuth2TokenValidator getValidator(boolean isRemote ,String hostURL) { - if(isRemote){ - if(!(hostURL == null || hostURL.trim().isEmpty())){ + public static OAuth2TokenValidator getValidator(boolean isRemote, String hostURL) throws IllegalArgumentException { + if (isRemote) { + if (!(hostURL == null || hostURL.trim().isEmpty())) { hostURL = hostURL + OauthAuthenticatorConstants.OAUTH_ENDPOINT_POSTFIX; return new ExternalOAuthValidator(hostURL); - }else { - log.error("IDP Configuration error", - new AuthenticatorException("Remote server name and ip both can't be empty")); - return null; + } else { + throw new IllegalArgumentException("Remote server name and ip both can't be empty"); } } return new LocalOAuthValidator(); diff --git a/components/identity-extensions/backend-oauth-authenticator/src/main/java/org/wso2/carbon/identity/authenticator/backend/oauth/validator/impl/ExternalOAuthValidator.java b/components/identity-extensions/backend-oauth-authenticator/src/main/java/org/wso2/carbon/identity/authenticator/backend/oauth/validator/impl/ExternalOAuthValidator.java index 4a337e9a9cf..0c0836165e2 100755 --- a/components/identity-extensions/backend-oauth-authenticator/src/main/java/org/wso2/carbon/identity/authenticator/backend/oauth/validator/impl/ExternalOAuthValidator.java +++ b/components/identity-extensions/backend-oauth-authenticator/src/main/java/org/wso2/carbon/identity/authenticator/backend/oauth/validator/impl/ExternalOAuthValidator.java @@ -21,15 +21,14 @@ import org.apache.axis2.client.Options; import org.apache.axis2.client.ServiceClient; import org.apache.axis2.transport.http.HTTPConstants; import org.apache.commons.httpclient.Header; +import org.wso2.carbon.identity.authenticator.backend.oauth.OauthAuthenticatorConstants; +import org.wso2.carbon.identity.authenticator.backend.oauth.validator.OAuth2TokenValidator; +import org.wso2.carbon.identity.authenticator.backend.oauth.validator.OAuthValidationRespond; import org.wso2.carbon.identity.oauth2.stub.OAuth2TokenValidationServiceStub; import org.wso2.carbon.identity.oauth2.stub.dto.OAuth2ClientApplicationDTO; import org.wso2.carbon.identity.oauth2.stub.dto.OAuth2TokenValidationRequestDTO; import org.wso2.carbon.identity.oauth2.stub.dto.OAuth2TokenValidationRequestDTO_OAuth2AccessToken; -import org.wso2.carbon.identity.oauth2.stub.dto.OAuth2TokenValidationRequestDTO_TokenValidationContextParam; import org.wso2.carbon.utils.multitenancy.MultitenantUtils; -import org.wso2.carbon.identity.authenticator.backend.oauth.OauthAuthenticatorConstants; -import org.wso2.carbon.identity.authenticator.backend.oauth.validator.OAuth2TokenValidator; -import org.wso2.carbon.identity.authenticator.backend.oauth.validator.OAuthValidationRespond; import java.rmi.RemoteException; import java.util.ArrayList; @@ -37,8 +36,7 @@ import java.util.List; /** * Handles the Authentication form external IDP servers. - * Currently only supports WSO2 IS. - * External IDP support is planned for future. + * Currently only supports WSO@ IS */ public class ExternalOAuthValidator implements OAuth2TokenValidator{ protected String hostURL ; @@ -54,20 +52,11 @@ public class ExternalOAuthValidator implements OAuth2TokenValidator{ * @return OAuthValidationRespond with the validated results. */ public OAuthValidationRespond validateToken(String token) throws RemoteException { - - // create an OAuth token validating request DTO OAuth2TokenValidationRequestDTO validationRequest = new OAuth2TokenValidationRequestDTO(); - - // create access token object to validate and populate it OAuth2TokenValidationRequestDTO_OAuth2AccessToken accessToken = new OAuth2TokenValidationRequestDTO_OAuth2AccessToken(); accessToken.setTokenType(OauthAuthenticatorConstants.BEARER_TOKEN_TYPE); accessToken.setIdentifier(token); - OAuth2TokenValidationRequestDTO_TokenValidationContextParam tokenValidationContextParam[] = - new OAuth2TokenValidationRequestDTO_TokenValidationContextParam[1]; - validationRequest.setContext(tokenValidationContextParam); - - //set the token to the validation request validationRequest.setAccessToken(accessToken); OAuth2TokenValidationServiceStub validationService = new OAuth2TokenValidationServiceStub(hostURL); @@ -85,14 +74,12 @@ public class ExternalOAuthValidator implements OAuth2TokenValidator{ boolean isValid = respond.getAccessTokenValidationResponse().getValid(); String userName = null; String tenantDomain = null; - if(isValid){ userName = MultitenantUtils.getTenantAwareUsername( respond.getAccessTokenValidationResponse().getAuthorizedUser()); tenantDomain = MultitenantUtils.getTenantDomain(respond.getAccessTokenValidationResponse().getAuthorizedUser()); } - return new OAuthValidationRespond(userName,tenantDomain,isValid); } } diff --git a/components/identity-extensions/backend-oauth-authenticator/src/main/java/org/wso2/carbon/identity/authenticator/backend/oauth/validator/impl/LocalOAuthValidator.java b/components/identity-extensions/backend-oauth-authenticator/src/main/java/org/wso2/carbon/identity/authenticator/backend/oauth/validator/impl/LocalOAuthValidator.java index d81e7f3531d..ea7edf1d13a 100755 --- a/components/identity-extensions/backend-oauth-authenticator/src/main/java/org/wso2/carbon/identity/authenticator/backend/oauth/validator/impl/LocalOAuthValidator.java +++ b/components/identity-extensions/backend-oauth-authenticator/src/main/java/org/wso2/carbon/identity/authenticator/backend/oauth/validator/impl/LocalOAuthValidator.java @@ -1,4 +1,3 @@ - /* * Copyright (c) 2015 WSO2 Inc. (http://www.wso2.org) All Rights Reserved. * @@ -38,19 +37,11 @@ public class LocalOAuthValidator implements OAuth2TokenValidator { * @return OAuthValidationRespond with the validated results. */ public OAuthValidationRespond validateToken(String token) { - // create an OAuth token validating request DTO OAuth2TokenValidationRequestDTO validationRequest = new OAuth2TokenValidationRequestDTO(); - // create access token object to validate and populate it OAuth2TokenValidationRequestDTO.OAuth2AccessToken accessToken = validationRequest.new OAuth2AccessToken(); accessToken.setTokenType(OauthAuthenticatorConstants.BEARER_TOKEN_TYPE); accessToken.setIdentifier(token); - //the workaround till the version is upgraded in both is and EMM to be the same. - OAuth2TokenValidationRequestDTO.TokenValidationContextParam tokenValidationContextParam[] = - new OAuth2TokenValidationRequestDTO.TokenValidationContextParam[1]; - //== - validationRequest.setContext(tokenValidationContextParam); - //set the token to the validation request validationRequest.setAccessToken(accessToken); OAuth2TokenValidationService validationService = new OAuth2TokenValidationService(); OAuth2ClientApplicationDTO respond = validationService. From 831fed6d3817332db640f6f3f0eed2232492a309 Mon Sep 17 00:00:00 2001 From: Kamidu Sachith Date: Mon, 12 Oct 2015 17:42:10 +0530 Subject: [PATCH 3/9] Resolving imports --- .../backend-oauth-authenticator/pom.xml | 12 +++++++++++- 1 file changed, 11 insertions(+), 1 deletion(-) diff --git a/components/identity-extensions/backend-oauth-authenticator/pom.xml b/components/identity-extensions/backend-oauth-authenticator/pom.xml index 37cc5274f67..fdf8334f830 100644 --- a/components/identity-extensions/backend-oauth-authenticator/pom.xml +++ b/components/identity-extensions/backend-oauth-authenticator/pom.xml @@ -101,7 +101,17 @@ org.wso2.carbon.identity.oauth2, org.wso2.carbon.identity.oauth2.dto, org.wso2.carbon.user.core.service, - org.wso2.carbon.utils.multitenancy + org.wso2.carbon.utils.multitenancy, + org.apache.axis2.client, + org.apache.axis2.context, + org.apache.axis2.transport.http, + org.apache.commons.httpclient, + org.osgi.framework, + org.osgi.service.component, + org.wso2.carbon.core.security, + org.wso2.carbon.core.services.authentication, + org.wso2.carbon.identity.oauth2.stub, + org.wso2.carbon.identity.oauth2.stub.dto org.wso2.carbon.identity.authenticator.backend.oauth.*; From 8cc38c87f5b511443ec30cefb1d9d884899dbaa0 Mon Sep 17 00:00:00 2001 From: Kamidu Sachith Date: Mon, 12 Oct 2015 17:57:43 +0530 Subject: [PATCH 4/9] requested modification --- .../framework/authenticator/OAuthAuthenticator.java | 7 ++++--- pom.xml | 1 - 2 files changed, 4 insertions(+), 4 deletions(-) diff --git a/components/webapp-authenticator-framework/org.wso2.carbon.webapp.authenticator.framework/src/main/java/org/wso2/carbon/webapp/authenticator/framework/authenticator/OAuthAuthenticator.java b/components/webapp-authenticator-framework/org.wso2.carbon.webapp.authenticator.framework/src/main/java/org/wso2/carbon/webapp/authenticator/framework/authenticator/OAuthAuthenticator.java index 3fd3027592c..61867b9c9b7 100644 --- a/components/webapp-authenticator-framework/org.wso2.carbon.webapp.authenticator.framework/src/main/java/org/wso2/carbon/webapp/authenticator/framework/authenticator/OAuthAuthenticator.java +++ b/components/webapp-authenticator-framework/org.wso2.carbon.webapp.authenticator.framework/src/main/java/org/wso2/carbon/webapp/authenticator/framework/authenticator/OAuthAuthenticator.java @@ -84,9 +84,10 @@ public class OAuthAuthenticator implements WebappAuthenticator { return Status.CONTINUE; } String apiVersion = tokenizer.nextToken(); - String authLevel = authenticator.getResourceAuthenticationScheme(context, apiVersion, - requestUri, - requestMethod); + String authLevel = "any"; +// String authLevel = authenticator.getResourceAuthenticationScheme(context, apiVersion, +// requestUri, +// requestMethod); try { if (Constants.NO_MATCHING_AUTH_SCHEME.equals(authLevel)) { AuthenticationFrameworkUtil diff --git a/pom.xml b/pom.xml index fbfa9406f04..356b7883479 100644 --- a/pom.xml +++ b/pom.xml @@ -946,7 +946,6 @@ org.wso2.carbon.identity.application.authentication.framework ${carbon.identity.version} - org.wso2.carbon.identity org.wso2.carbon.identity.oauth From d932522d375a4cd3ef032a143ef9c0b4a43aee90 Mon Sep 17 00:00:00 2001 From: Kamidu Sachith Date: Mon, 12 Oct 2015 18:03:13 +0530 Subject: [PATCH 5/9] refactoring class --- .../authenticator/backend/oauth/OauthAuthenticator.java | 4 ++-- .../backend/oauth/validator/OAuth2TokenValidator.java | 4 ++-- ...alidationRespond.java => OAuthValidationResponse.java} | 4 ++-- .../oauth/validator/impl/ExternalOAuthValidator.java | 8 ++++---- .../backend/oauth/validator/impl/LocalOAuthValidator.java | 8 ++++---- 5 files changed, 14 insertions(+), 14 deletions(-) rename components/identity-extensions/backend-oauth-authenticator/src/main/java/org/wso2/carbon/identity/authenticator/backend/oauth/validator/{OAuthValidationRespond.java => OAuthValidationResponse.java} (92%) diff --git a/components/identity-extensions/backend-oauth-authenticator/src/main/java/org/wso2/carbon/identity/authenticator/backend/oauth/OauthAuthenticator.java b/components/identity-extensions/backend-oauth-authenticator/src/main/java/org/wso2/carbon/identity/authenticator/backend/oauth/OauthAuthenticator.java index adfcf71214a..beaf5c70b07 100755 --- a/components/identity-extensions/backend-oauth-authenticator/src/main/java/org/wso2/carbon/identity/authenticator/backend/oauth/OauthAuthenticator.java +++ b/components/identity-extensions/backend-oauth-authenticator/src/main/java/org/wso2/carbon/identity/authenticator/backend/oauth/OauthAuthenticator.java @@ -24,9 +24,9 @@ import org.apache.commons.logging.LogFactory; import org.wso2.carbon.base.MultitenantConstants; import org.wso2.carbon.core.security.AuthenticatorsConfiguration; import org.wso2.carbon.core.services.authentication.CarbonServerAuthenticator; +import org.wso2.carbon.identity.authenticator.backend.oauth.validator.OAuthValidationResponse; import org.wso2.carbon.utils.ServerConstants; import org.wso2.carbon.identity.authenticator.backend.oauth.validator.OAuth2TokenValidator; -import org.wso2.carbon.identity.authenticator.backend.oauth.validator.OAuthValidationRespond; import org.wso2.carbon.identity.authenticator.backend.oauth.validator.OAuthValidatorFactory; import javax.servlet.http.HttpServletRequest; @@ -94,7 +94,7 @@ public class OauthAuthenticator implements CarbonServerAuthenticator { String headerValue = httpServletRequest.getHeader(HTTPConstants.HEADER_AUTHORIZATION); String[] headerPart = headerValue.trim().split(OauthAuthenticatorConstants.SPLITING_CHARACTOR); String accessToken = headerPart[ACCESS_TOKEN_INDEX]; - OAuthValidationRespond response = null; + OAuthValidationResponse response = null; try { response = tokenValidator.validateToken(accessToken); } catch (RemoteException e) { diff --git a/components/identity-extensions/backend-oauth-authenticator/src/main/java/org/wso2/carbon/identity/authenticator/backend/oauth/validator/OAuth2TokenValidator.java b/components/identity-extensions/backend-oauth-authenticator/src/main/java/org/wso2/carbon/identity/authenticator/backend/oauth/validator/OAuth2TokenValidator.java index 7382fe1370d..c0c5c8662a6 100755 --- a/components/identity-extensions/backend-oauth-authenticator/src/main/java/org/wso2/carbon/identity/authenticator/backend/oauth/validator/OAuth2TokenValidator.java +++ b/components/identity-extensions/backend-oauth-authenticator/src/main/java/org/wso2/carbon/identity/authenticator/backend/oauth/validator/OAuth2TokenValidator.java @@ -28,7 +28,7 @@ public interface OAuth2TokenValidator { * containing the validity and user details if valid. * * @param accessToken which need to be validated. - * @return OAuthValidationRespond with the validated results. + * @return OAuthValidationResponse with the validated results. */ - OAuthValidationRespond validateToken(String accessToken) throws RemoteException; + OAuthValidationResponse validateToken(String accessToken) throws RemoteException; } diff --git a/components/identity-extensions/backend-oauth-authenticator/src/main/java/org/wso2/carbon/identity/authenticator/backend/oauth/validator/OAuthValidationRespond.java b/components/identity-extensions/backend-oauth-authenticator/src/main/java/org/wso2/carbon/identity/authenticator/backend/oauth/validator/OAuthValidationResponse.java similarity index 92% rename from components/identity-extensions/backend-oauth-authenticator/src/main/java/org/wso2/carbon/identity/authenticator/backend/oauth/validator/OAuthValidationRespond.java rename to components/identity-extensions/backend-oauth-authenticator/src/main/java/org/wso2/carbon/identity/authenticator/backend/oauth/validator/OAuthValidationResponse.java index 346ac2ac303..b794a22424e 100755 --- a/components/identity-extensions/backend-oauth-authenticator/src/main/java/org/wso2/carbon/identity/authenticator/backend/oauth/validator/OAuthValidationRespond.java +++ b/components/identity-extensions/backend-oauth-authenticator/src/main/java/org/wso2/carbon/identity/authenticator/backend/oauth/validator/OAuthValidationResponse.java @@ -21,12 +21,12 @@ package org.wso2.carbon.identity.authenticator.backend.oauth.validator; * This class hold the validation information which can be retrieve by both remote and in house IDPs */ @SuppressWarnings("unused") -public class OAuthValidationRespond { +public class OAuthValidationResponse { private String userName; private String tenantDomain; private boolean isValid; - public OAuthValidationRespond(String userName, String tenantDomain, boolean isValid) { + public OAuthValidationResponse(String userName, String tenantDomain, boolean isValid) { this.userName = userName; this.tenantDomain = tenantDomain; this.isValid = isValid; diff --git a/components/identity-extensions/backend-oauth-authenticator/src/main/java/org/wso2/carbon/identity/authenticator/backend/oauth/validator/impl/ExternalOAuthValidator.java b/components/identity-extensions/backend-oauth-authenticator/src/main/java/org/wso2/carbon/identity/authenticator/backend/oauth/validator/impl/ExternalOAuthValidator.java index 0c0836165e2..be05c37fc8d 100755 --- a/components/identity-extensions/backend-oauth-authenticator/src/main/java/org/wso2/carbon/identity/authenticator/backend/oauth/validator/impl/ExternalOAuthValidator.java +++ b/components/identity-extensions/backend-oauth-authenticator/src/main/java/org/wso2/carbon/identity/authenticator/backend/oauth/validator/impl/ExternalOAuthValidator.java @@ -23,7 +23,7 @@ import org.apache.axis2.transport.http.HTTPConstants; import org.apache.commons.httpclient.Header; import org.wso2.carbon.identity.authenticator.backend.oauth.OauthAuthenticatorConstants; import org.wso2.carbon.identity.authenticator.backend.oauth.validator.OAuth2TokenValidator; -import org.wso2.carbon.identity.authenticator.backend.oauth.validator.OAuthValidationRespond; +import org.wso2.carbon.identity.authenticator.backend.oauth.validator.OAuthValidationResponse; import org.wso2.carbon.identity.oauth2.stub.OAuth2TokenValidationServiceStub; import org.wso2.carbon.identity.oauth2.stub.dto.OAuth2ClientApplicationDTO; import org.wso2.carbon.identity.oauth2.stub.dto.OAuth2TokenValidationRequestDTO; @@ -49,9 +49,9 @@ public class ExternalOAuthValidator implements OAuth2TokenValidator{ * containing the validity and user details if valid. * * @param token which need to be validated. - * @return OAuthValidationRespond with the validated results. + * @return OAuthValidationResponse with the validated results. */ - public OAuthValidationRespond validateToken(String token) throws RemoteException { + public OAuthValidationResponse validateToken(String token) throws RemoteException { OAuth2TokenValidationRequestDTO validationRequest = new OAuth2TokenValidationRequestDTO(); OAuth2TokenValidationRequestDTO_OAuth2AccessToken accessToken = new OAuth2TokenValidationRequestDTO_OAuth2AccessToken(); @@ -80,6 +80,6 @@ public class ExternalOAuthValidator implements OAuth2TokenValidator{ tenantDomain = MultitenantUtils.getTenantDomain(respond.getAccessTokenValidationResponse().getAuthorizedUser()); } - return new OAuthValidationRespond(userName,tenantDomain,isValid); + return new OAuthValidationResponse(userName,tenantDomain,isValid); } } diff --git a/components/identity-extensions/backend-oauth-authenticator/src/main/java/org/wso2/carbon/identity/authenticator/backend/oauth/validator/impl/LocalOAuthValidator.java b/components/identity-extensions/backend-oauth-authenticator/src/main/java/org/wso2/carbon/identity/authenticator/backend/oauth/validator/impl/LocalOAuthValidator.java index ea7edf1d13a..fb6eb4b3b90 100755 --- a/components/identity-extensions/backend-oauth-authenticator/src/main/java/org/wso2/carbon/identity/authenticator/backend/oauth/validator/impl/LocalOAuthValidator.java +++ b/components/identity-extensions/backend-oauth-authenticator/src/main/java/org/wso2/carbon/identity/authenticator/backend/oauth/validator/impl/LocalOAuthValidator.java @@ -17,13 +17,13 @@ */ package org.wso2.carbon.identity.authenticator.backend.oauth.validator.impl; +import org.wso2.carbon.identity.authenticator.backend.oauth.validator.OAuthValidationResponse; import org.wso2.carbon.identity.oauth2.OAuth2TokenValidationService; import org.wso2.carbon.identity.oauth2.dto.OAuth2ClientApplicationDTO; import org.wso2.carbon.identity.oauth2.dto.OAuth2TokenValidationRequestDTO; import org.wso2.carbon.utils.multitenancy.MultitenantUtils; import org.wso2.carbon.identity.authenticator.backend.oauth.OauthAuthenticatorConstants; import org.wso2.carbon.identity.authenticator.backend.oauth.validator.OAuth2TokenValidator; -import org.wso2.carbon.identity.authenticator.backend.oauth.validator.OAuthValidationRespond; /** * Handles the authentication using the inbuilt IS features. @@ -34,9 +34,9 @@ public class LocalOAuthValidator implements OAuth2TokenValidator { * containing the validity and user details if valid. * * @param token which need to be validated. - * @return OAuthValidationRespond with the validated results. + * @return OAuthValidationResponse with the validated results. */ - public OAuthValidationRespond validateToken(String token) { + public OAuthValidationResponse validateToken(String token) { OAuth2TokenValidationRequestDTO validationRequest = new OAuth2TokenValidationRequestDTO(); OAuth2TokenValidationRequestDTO.OAuth2AccessToken accessToken = validationRequest.new OAuth2AccessToken(); @@ -55,6 +55,6 @@ public class LocalOAuthValidator implements OAuth2TokenValidator { tenantDomain = MultitenantUtils.getTenantDomain(respond.getAccessTokenValidationResponse().getAuthorizedUser()); } - return new OAuthValidationRespond(userName,tenantDomain,isValid); + return new OAuthValidationResponse(userName,tenantDomain,isValid); } } From 743f394fb98485840968a26fd4fdc49979c33f6e Mon Sep 17 00:00:00 2001 From: Kamidu Sachith Date: Mon, 12 Oct 2015 18:11:44 +0530 Subject: [PATCH 6/9] Requested Modifications --- .../impl/ExternalOAuthValidator.java | 20 +++++++++---------- .../validator/impl/LocalOAuthValidator.java | 8 ++++---- 2 files changed, 14 insertions(+), 14 deletions(-) diff --git a/components/identity-extensions/backend-oauth-authenticator/src/main/java/org/wso2/carbon/identity/authenticator/backend/oauth/validator/impl/ExternalOAuthValidator.java b/components/identity-extensions/backend-oauth-authenticator/src/main/java/org/wso2/carbon/identity/authenticator/backend/oauth/validator/impl/ExternalOAuthValidator.java index be05c37fc8d..f05bd7dea06 100755 --- a/components/identity-extensions/backend-oauth-authenticator/src/main/java/org/wso2/carbon/identity/authenticator/backend/oauth/validator/impl/ExternalOAuthValidator.java +++ b/components/identity-extensions/backend-oauth-authenticator/src/main/java/org/wso2/carbon/identity/authenticator/backend/oauth/validator/impl/ExternalOAuthValidator.java @@ -58,27 +58,27 @@ public class ExternalOAuthValidator implements OAuth2TokenValidator{ accessToken.setTokenType(OauthAuthenticatorConstants.BEARER_TOKEN_TYPE); accessToken.setIdentifier(token); validationRequest.setAccessToken(accessToken); - OAuth2TokenValidationServiceStub validationService = + OAuth2TokenValidationServiceStub tokenValidationService = new OAuth2TokenValidationServiceStub(hostURL); - ServiceClient client = validationService._getServiceClient(); + ServiceClient client = tokenValidationService._getServiceClient(); Options options = client.getOptions(); - List
list = new ArrayList<>(); + List
headerList = new ArrayList<>(); Header header = new Header(); header.setName(HTTPConstants.HEADER_AUTHORIZATION); header.setValue(OauthAuthenticatorConstants.AUTHORIZATION_HEADER_PREFIX_BEARER+ " " + token); - list.add(header); - options.setProperty(org.apache.axis2.transport.http.HTTPConstants.HTTP_HEADERS, list); + headerList.add(header); + options.setProperty(org.apache.axis2.transport.http.HTTPConstants.HTTP_HEADERS, headerList); client.setOptions(options); - OAuth2ClientApplicationDTO respond = - validationService.findOAuthConsumerIfTokenIsValid(validationRequest); - boolean isValid = respond.getAccessTokenValidationResponse().getValid(); + OAuth2ClientApplicationDTO clientApplicationDTO = + tokenValidationService.findOAuthConsumerIfTokenIsValid(validationRequest); + boolean isValid = clientApplicationDTO.getAccessTokenValidationResponse().getValid(); String userName = null; String tenantDomain = null; if(isValid){ userName = MultitenantUtils.getTenantAwareUsername( - respond.getAccessTokenValidationResponse().getAuthorizedUser()); + clientApplicationDTO.getAccessTokenValidationResponse().getAuthorizedUser()); tenantDomain = - MultitenantUtils.getTenantDomain(respond.getAccessTokenValidationResponse().getAuthorizedUser()); + MultitenantUtils.getTenantDomain(clientApplicationDTO.getAccessTokenValidationResponse().getAuthorizedUser()); } return new OAuthValidationResponse(userName,tenantDomain,isValid); } diff --git a/components/identity-extensions/backend-oauth-authenticator/src/main/java/org/wso2/carbon/identity/authenticator/backend/oauth/validator/impl/LocalOAuthValidator.java b/components/identity-extensions/backend-oauth-authenticator/src/main/java/org/wso2/carbon/identity/authenticator/backend/oauth/validator/impl/LocalOAuthValidator.java index fb6eb4b3b90..5595b19d434 100755 --- a/components/identity-extensions/backend-oauth-authenticator/src/main/java/org/wso2/carbon/identity/authenticator/backend/oauth/validator/impl/LocalOAuthValidator.java +++ b/components/identity-extensions/backend-oauth-authenticator/src/main/java/org/wso2/carbon/identity/authenticator/backend/oauth/validator/impl/LocalOAuthValidator.java @@ -44,16 +44,16 @@ public class LocalOAuthValidator implements OAuth2TokenValidator { accessToken.setIdentifier(token); validationRequest.setAccessToken(accessToken); OAuth2TokenValidationService validationService = new OAuth2TokenValidationService(); - OAuth2ClientApplicationDTO respond = validationService. + OAuth2ClientApplicationDTO clientApplicationDTO = validationService. findOAuthConsumerIfTokenIsValid(validationRequest); - boolean isValid = respond.getAccessTokenValidationResponse().isValid(); + boolean isValid = clientApplicationDTO.getAccessTokenValidationResponse().isValid(); String userName = null; String tenantDomain = null; if(isValid){ userName = MultitenantUtils.getTenantAwareUsername( - respond.getAccessTokenValidationResponse().getAuthorizedUser()); + clientApplicationDTO.getAccessTokenValidationResponse().getAuthorizedUser()); tenantDomain = - MultitenantUtils.getTenantDomain(respond.getAccessTokenValidationResponse().getAuthorizedUser()); + MultitenantUtils.getTenantDomain(clientApplicationDTO.getAccessTokenValidationResponse().getAuthorizedUser()); } return new OAuthValidationResponse(userName,tenantDomain,isValid); } From fe355b3184828d6c9f3932a00ee5d8b59f301778 Mon Sep 17 00:00:00 2001 From: Kamidu Sachith Date: Mon, 12 Oct 2015 18:13:46 +0530 Subject: [PATCH 7/9] Romoving Temporary Solutions --- .../framework/authenticator/OAuthAuthenticator.java | 7 +++---- 1 file changed, 3 insertions(+), 4 deletions(-) diff --git a/components/webapp-authenticator-framework/org.wso2.carbon.webapp.authenticator.framework/src/main/java/org/wso2/carbon/webapp/authenticator/framework/authenticator/OAuthAuthenticator.java b/components/webapp-authenticator-framework/org.wso2.carbon.webapp.authenticator.framework/src/main/java/org/wso2/carbon/webapp/authenticator/framework/authenticator/OAuthAuthenticator.java index 61867b9c9b7..3fd3027592c 100644 --- a/components/webapp-authenticator-framework/org.wso2.carbon.webapp.authenticator.framework/src/main/java/org/wso2/carbon/webapp/authenticator/framework/authenticator/OAuthAuthenticator.java +++ b/components/webapp-authenticator-framework/org.wso2.carbon.webapp.authenticator.framework/src/main/java/org/wso2/carbon/webapp/authenticator/framework/authenticator/OAuthAuthenticator.java @@ -84,10 +84,9 @@ public class OAuthAuthenticator implements WebappAuthenticator { return Status.CONTINUE; } String apiVersion = tokenizer.nextToken(); - String authLevel = "any"; -// String authLevel = authenticator.getResourceAuthenticationScheme(context, apiVersion, -// requestUri, -// requestMethod); + String authLevel = authenticator.getResourceAuthenticationScheme(context, apiVersion, + requestUri, + requestMethod); try { if (Constants.NO_MATCHING_AUTH_SCHEME.equals(authLevel)) { AuthenticationFrameworkUtil From 824f57b5d2491818edeea9960bb4941e5c0f86bc Mon Sep 17 00:00:00 2001 From: Kamidu Sachith Date: Mon, 12 Oct 2015 18:36:59 +0530 Subject: [PATCH 8/9] Change the code for better performance --- .../validator/impl/ExternalOAuthValidator.java | 14 +++++++------- .../validator/impl/LocalOAuthValidator.java | 16 ++++++++-------- 2 files changed, 15 insertions(+), 15 deletions(-) diff --git a/components/identity-extensions/backend-oauth-authenticator/src/main/java/org/wso2/carbon/identity/authenticator/backend/oauth/validator/impl/ExternalOAuthValidator.java b/components/identity-extensions/backend-oauth-authenticator/src/main/java/org/wso2/carbon/identity/authenticator/backend/oauth/validator/impl/ExternalOAuthValidator.java index f05bd7dea06..e68088fe63f 100755 --- a/components/identity-extensions/backend-oauth-authenticator/src/main/java/org/wso2/carbon/identity/authenticator/backend/oauth/validator/impl/ExternalOAuthValidator.java +++ b/components/identity-extensions/backend-oauth-authenticator/src/main/java/org/wso2/carbon/identity/authenticator/backend/oauth/validator/impl/ExternalOAuthValidator.java @@ -25,9 +25,9 @@ import org.wso2.carbon.identity.authenticator.backend.oauth.OauthAuthenticatorCo import org.wso2.carbon.identity.authenticator.backend.oauth.validator.OAuth2TokenValidator; import org.wso2.carbon.identity.authenticator.backend.oauth.validator.OAuthValidationResponse; import org.wso2.carbon.identity.oauth2.stub.OAuth2TokenValidationServiceStub; -import org.wso2.carbon.identity.oauth2.stub.dto.OAuth2ClientApplicationDTO; import org.wso2.carbon.identity.oauth2.stub.dto.OAuth2TokenValidationRequestDTO; import org.wso2.carbon.identity.oauth2.stub.dto.OAuth2TokenValidationRequestDTO_OAuth2AccessToken; +import org.wso2.carbon.identity.oauth2.stub.dto.OAuth2TokenValidationResponseDTO; import org.wso2.carbon.utils.multitenancy.MultitenantUtils; import java.rmi.RemoteException; @@ -69,16 +69,16 @@ public class ExternalOAuthValidator implements OAuth2TokenValidator{ headerList.add(header); options.setProperty(org.apache.axis2.transport.http.HTTPConstants.HTTP_HEADERS, headerList); client.setOptions(options); - OAuth2ClientApplicationDTO clientApplicationDTO = - tokenValidationService.findOAuthConsumerIfTokenIsValid(validationRequest); - boolean isValid = clientApplicationDTO.getAccessTokenValidationResponse().getValid(); + OAuth2TokenValidationResponseDTO tokenValidationResponse = + tokenValidationService.findOAuthConsumerIfTokenIsValid(validationRequest).getAccessTokenValidationResponse(); + boolean isValid = tokenValidationResponse.getValid(); String userName = null; String tenantDomain = null; if(isValid){ userName = MultitenantUtils.getTenantAwareUsername( - clientApplicationDTO.getAccessTokenValidationResponse().getAuthorizedUser()); - tenantDomain = - MultitenantUtils.getTenantDomain(clientApplicationDTO.getAccessTokenValidationResponse().getAuthorizedUser()); + tokenValidationResponse.getAuthorizedUser()); + tenantDomain = MultitenantUtils. + getTenantDomain(tokenValidationResponse.getAuthorizedUser()); } return new OAuthValidationResponse(userName,tenantDomain,isValid); } diff --git a/components/identity-extensions/backend-oauth-authenticator/src/main/java/org/wso2/carbon/identity/authenticator/backend/oauth/validator/impl/LocalOAuthValidator.java b/components/identity-extensions/backend-oauth-authenticator/src/main/java/org/wso2/carbon/identity/authenticator/backend/oauth/validator/impl/LocalOAuthValidator.java index 5595b19d434..2deb2b3b36d 100755 --- a/components/identity-extensions/backend-oauth-authenticator/src/main/java/org/wso2/carbon/identity/authenticator/backend/oauth/validator/impl/LocalOAuthValidator.java +++ b/components/identity-extensions/backend-oauth-authenticator/src/main/java/org/wso2/carbon/identity/authenticator/backend/oauth/validator/impl/LocalOAuthValidator.java @@ -17,13 +17,13 @@ */ package org.wso2.carbon.identity.authenticator.backend.oauth.validator.impl; +import org.wso2.carbon.identity.authenticator.backend.oauth.OauthAuthenticatorConstants; +import org.wso2.carbon.identity.authenticator.backend.oauth.validator.OAuth2TokenValidator; import org.wso2.carbon.identity.authenticator.backend.oauth.validator.OAuthValidationResponse; import org.wso2.carbon.identity.oauth2.OAuth2TokenValidationService; -import org.wso2.carbon.identity.oauth2.dto.OAuth2ClientApplicationDTO; import org.wso2.carbon.identity.oauth2.dto.OAuth2TokenValidationRequestDTO; +import org.wso2.carbon.identity.oauth2.dto.OAuth2TokenValidationResponseDTO; import org.wso2.carbon.utils.multitenancy.MultitenantUtils; -import org.wso2.carbon.identity.authenticator.backend.oauth.OauthAuthenticatorConstants; -import org.wso2.carbon.identity.authenticator.backend.oauth.validator.OAuth2TokenValidator; /** * Handles the authentication using the inbuilt IS features. @@ -44,16 +44,16 @@ public class LocalOAuthValidator implements OAuth2TokenValidator { accessToken.setIdentifier(token); validationRequest.setAccessToken(accessToken); OAuth2TokenValidationService validationService = new OAuth2TokenValidationService(); - OAuth2ClientApplicationDTO clientApplicationDTO = validationService. - findOAuthConsumerIfTokenIsValid(validationRequest); - boolean isValid = clientApplicationDTO.getAccessTokenValidationResponse().isValid(); + OAuth2TokenValidationResponseDTO tokenValidationResponse = validationService. + findOAuthConsumerIfTokenIsValid(validationRequest).getAccessTokenValidationResponse(); + boolean isValid = tokenValidationResponse.isValid(); String userName = null; String tenantDomain = null; if(isValid){ userName = MultitenantUtils.getTenantAwareUsername( - clientApplicationDTO.getAccessTokenValidationResponse().getAuthorizedUser()); + tokenValidationResponse.getAuthorizedUser()); tenantDomain = - MultitenantUtils.getTenantDomain(clientApplicationDTO.getAccessTokenValidationResponse().getAuthorizedUser()); + MultitenantUtils.getTenantDomain(tokenValidationResponse.getAuthorizedUser()); } return new OAuthValidationResponse(userName,tenantDomain,isValid); } From a66949c7e0f599dada46cf390fb9b0e399522da7 Mon Sep 17 00:00:00 2001 From: Kamidu Sachith Date: Mon, 12 Oct 2015 18:45:32 +0530 Subject: [PATCH 9/9] Code Fixing --- .../backend/oauth/validator/impl/ExternalOAuthValidator.java | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/components/identity-extensions/backend-oauth-authenticator/src/main/java/org/wso2/carbon/identity/authenticator/backend/oauth/validator/impl/ExternalOAuthValidator.java b/components/identity-extensions/backend-oauth-authenticator/src/main/java/org/wso2/carbon/identity/authenticator/backend/oauth/validator/impl/ExternalOAuthValidator.java index e68088fe63f..8d8a1015376 100755 --- a/components/identity-extensions/backend-oauth-authenticator/src/main/java/org/wso2/carbon/identity/authenticator/backend/oauth/validator/impl/ExternalOAuthValidator.java +++ b/components/identity-extensions/backend-oauth-authenticator/src/main/java/org/wso2/carbon/identity/authenticator/backend/oauth/validator/impl/ExternalOAuthValidator.java @@ -69,8 +69,8 @@ public class ExternalOAuthValidator implements OAuth2TokenValidator{ headerList.add(header); options.setProperty(org.apache.axis2.transport.http.HTTPConstants.HTTP_HEADERS, headerList); client.setOptions(options); - OAuth2TokenValidationResponseDTO tokenValidationResponse = - tokenValidationService.findOAuthConsumerIfTokenIsValid(validationRequest).getAccessTokenValidationResponse(); + OAuth2TokenValidationResponseDTO tokenValidationResponse = tokenValidationService. + findOAuthConsumerIfTokenIsValid(validationRequest).getAccessTokenValidationResponse(); boolean isValid = tokenValidationResponse.getValid(); String userName = null; String tenantDomain = null;