From b2bdc0b6c8e60e0834289a58d8ac54d388d2fa7c Mon Sep 17 00:00:00 2001 From: Janak Amarasena Date: Mon, 12 Jun 2017 17:50:04 +0530 Subject: [PATCH] Add token validation classes to the same bundle --- .../pom.xml | 5 -- .../grant/AccessTokenGrantHandler.java | 9 +-- .../oauth/validator/LocalOAuthValidator.java | 60 +++++++++++++++ .../validator/OAuthValidationResponse.java | 59 ++++++++++++++ .../OAuthAuthenticatorDataHolder.java | 49 ++++++++++++ .../OAuthAuthenticatorServiceComponent.java | 76 +++++++++++++++++++ 6 files changed, 248 insertions(+), 10 deletions(-) create mode 100755 components/identity-extensions/org.wso2.carbon.device.mgt.oauth.extensions/src/main/java/org/wso2/carbon/device/mgt/oauth/extensions/handlers/grant/oauth/validator/LocalOAuthValidator.java create mode 100755 components/identity-extensions/org.wso2.carbon.device.mgt.oauth.extensions/src/main/java/org/wso2/carbon/device/mgt/oauth/extensions/handlers/grant/oauth/validator/OAuthValidationResponse.java create mode 100644 components/identity-extensions/org.wso2.carbon.device.mgt.oauth.extensions/src/main/java/org/wso2/carbon/device/mgt/oauth/extensions/handlers/grant/oauth/validator/internal/OAuthAuthenticatorDataHolder.java create mode 100755 components/identity-extensions/org.wso2.carbon.device.mgt.oauth.extensions/src/main/java/org/wso2/carbon/device/mgt/oauth/extensions/handlers/grant/oauth/validator/internal/OAuthAuthenticatorServiceComponent.java diff --git a/components/identity-extensions/org.wso2.carbon.device.mgt.oauth.extensions/pom.xml b/components/identity-extensions/org.wso2.carbon.device.mgt.oauth.extensions/pom.xml index f9d9b773ce..a9c498bd0c 100644 --- a/components/identity-extensions/org.wso2.carbon.device.mgt.oauth.extensions/pom.xml +++ b/components/identity-extensions/org.wso2.carbon.device.mgt.oauth.extensions/pom.xml @@ -34,10 +34,6 @@ http://wso2.org - - org.wso2.carbon.devicemgt - org.wso2.carbon.identity.authenticator.backend.oauth - commons-codec.wso2 commons-codec @@ -91,7 +87,6 @@ org.wso2.carbon.device.mgt.oauth.extensions.* - org.wso2.carbon.identity.authenticator.backend.oauth.*, org.wso2.carbon.identity.oauth2.grant.jwt;version="${carbon.identity.jwt.grant.version.range}", org.apache.commons.lang, org.apache.commons.logging, diff --git a/components/identity-extensions/org.wso2.carbon.device.mgt.oauth.extensions/src/main/java/org/wso2/carbon/device/mgt/oauth/extensions/handlers/grant/AccessTokenGrantHandler.java b/components/identity-extensions/org.wso2.carbon.device.mgt.oauth.extensions/src/main/java/org/wso2/carbon/device/mgt/oauth/extensions/handlers/grant/AccessTokenGrantHandler.java index 40d87a17ec..090a6f0f1b 100644 --- a/components/identity-extensions/org.wso2.carbon.device.mgt.oauth.extensions/src/main/java/org/wso2/carbon/device/mgt/oauth/extensions/handlers/grant/AccessTokenGrantHandler.java +++ b/components/identity-extensions/org.wso2.carbon.device.mgt.oauth.extensions/src/main/java/org/wso2/carbon/device/mgt/oauth/extensions/handlers/grant/AccessTokenGrantHandler.java @@ -22,12 +22,11 @@ import org.apache.commons.lang.StringUtils; import org.apache.commons.logging.Log; import org.apache.commons.logging.LogFactory; import org.wso2.carbon.apimgt.keymgt.ScopesIssuer; +import org.wso2.carbon.device.mgt.oauth.extensions.handlers.grant.oauth.validator.LocalOAuthValidator; +import org.wso2.carbon.device.mgt.oauth.extensions.handlers.grant.oauth.validator.OAuthValidationResponse; import org.wso2.carbon.identity.application.authentication.framework.model.AuthenticatedUser; import org.wso2.carbon.identity.application.common.IdentityApplicationManagementException; import org.wso2.carbon.identity.application.common.model.ServiceProvider; -import org.wso2.carbon.identity.authenticator.backend.oauth.validator.OAuth2TokenValidator; -import org.wso2.carbon.identity.authenticator.backend.oauth.validator.OAuthValidationResponse; -import org.wso2.carbon.identity.authenticator.backend.oauth.validator.OAuthValidatorFactory; import org.wso2.carbon.identity.oauth2.IdentityOAuth2Exception; import org.wso2.carbon.identity.oauth2.dto.OAuth2AccessTokenReqDTO; import org.wso2.carbon.identity.oauth2.internal.OAuth2ServiceComponentHolder; @@ -47,12 +46,12 @@ public class AccessTokenGrantHandler extends AbstractAuthorizationGrantHandler { private static Log log = LogFactory.getLog(AccessTokenGrantHandler.class); private static final String TENANT_DOMAIN_KEY = "tenantDomain"; - private OAuth2TokenValidator tokenValidator; + private LocalOAuthValidator tokenValidator; public static final String TOKEN_GRANT_PARAM = "admin_access_token"; public AccessTokenGrantHandler() { try { - tokenValidator = OAuthValidatorFactory.getValidator(); + tokenValidator = new LocalOAuthValidator(); } catch (IllegalArgumentException e) { log.error("Failed to initialise Authenticator", e); } diff --git a/components/identity-extensions/org.wso2.carbon.device.mgt.oauth.extensions/src/main/java/org/wso2/carbon/device/mgt/oauth/extensions/handlers/grant/oauth/validator/LocalOAuthValidator.java b/components/identity-extensions/org.wso2.carbon.device.mgt.oauth.extensions/src/main/java/org/wso2/carbon/device/mgt/oauth/extensions/handlers/grant/oauth/validator/LocalOAuthValidator.java new file mode 100755 index 0000000000..dd7872da35 --- /dev/null +++ b/components/identity-extensions/org.wso2.carbon.device.mgt.oauth.extensions/src/main/java/org/wso2/carbon/device/mgt/oauth/extensions/handlers/grant/oauth/validator/LocalOAuthValidator.java @@ -0,0 +1,60 @@ +/* +* Copyright (c) 2015 WSO2 Inc. (http://www.wso2.org) All Rights Reserved. +* +* WSO2 Inc. licenses this file to you under the Apache License, +* Version 2.0 (the "License"); you may not use this file except +* in compliance with the License. +* You may obtain a copy of the License at +* +* http://www.apache.org/licenses/LICENSE-2.0 +* +* Unless required by applicable law or agreed to in writing, +* software distributed under the License is distributed on an +* "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY +* KIND, either express or implied. See the License for the +* specific language governing permissions and limitations +* under the License. +*/ +package org.wso2.carbon.device.mgt.oauth.extensions.handlers.grant.oauth.validator; + +import org.wso2.carbon.device.mgt.oauth.extensions.handlers.grant.oauth.validator.internal.OAuthAuthenticatorDataHolder; +import org.wso2.carbon.identity.oauth2.dto.OAuth2TokenValidationRequestDTO; +import org.wso2.carbon.identity.oauth2.dto.OAuth2TokenValidationResponseDTO; +import org.wso2.carbon.utils.multitenancy.MultitenantUtils; + +import java.rmi.RemoteException; + +/** + * Handles the authentication using the inbuilt IS features. + */ +public class LocalOAuthValidator { + private static final String BEARER_TOKEN_TYPE = "bearer"; + + /** + * This method gets a string accessToken and validates it and generate the OAuth2ClientApplicationDTO + * containing the validity and user details if valid. + * + * @param token which need to be validated. + * @return OAuthValidationResponse with the validated results. + */ + public OAuthValidationResponse validateToken(String token) throws RemoteException{ + OAuth2TokenValidationRequestDTO validationRequest = new OAuth2TokenValidationRequestDTO(); + OAuth2TokenValidationRequestDTO.OAuth2AccessToken accessToken = + validationRequest.new OAuth2AccessToken(); + accessToken.setTokenType(BEARER_TOKEN_TYPE); + accessToken.setIdentifier(token); + validationRequest.setAccessToken(accessToken); + OAuth2TokenValidationResponseDTO tokenValidationResponse = OAuthAuthenticatorDataHolder.getInstance(). + getOAuth2TokenValidationService().findOAuthConsumerIfTokenIsValid(validationRequest).getAccessTokenValidationResponse(); + boolean isValid = tokenValidationResponse.isValid(); + String userName = null; + String tenantDomain = null; + if (isValid) { + userName = MultitenantUtils.getTenantAwareUsername( + tokenValidationResponse.getAuthorizedUser()); + tenantDomain = + MultitenantUtils.getTenantDomain(tokenValidationResponse.getAuthorizedUser()); + } + return new OAuthValidationResponse(userName, tenantDomain, isValid); + } +} diff --git a/components/identity-extensions/org.wso2.carbon.device.mgt.oauth.extensions/src/main/java/org/wso2/carbon/device/mgt/oauth/extensions/handlers/grant/oauth/validator/OAuthValidationResponse.java b/components/identity-extensions/org.wso2.carbon.device.mgt.oauth.extensions/src/main/java/org/wso2/carbon/device/mgt/oauth/extensions/handlers/grant/oauth/validator/OAuthValidationResponse.java new file mode 100755 index 0000000000..75042177fb --- /dev/null +++ b/components/identity-extensions/org.wso2.carbon.device.mgt.oauth.extensions/src/main/java/org/wso2/carbon/device/mgt/oauth/extensions/handlers/grant/oauth/validator/OAuthValidationResponse.java @@ -0,0 +1,59 @@ +/* +* Copyright (c) 2015 WSO2 Inc. (http://www.wso2.org) All Rights Reserved. +* +* WSO2 Inc. licenses this file to you under the Apache License, +* Version 2.0 (the "License"); you may not use this file except +* in compliance with the License. +* You may obtain a copy of the License at +* +* http://www.apache.org/licenses/LICENSE-2.0 +* +* Unless required by applicable law or agreed to in writing, +* software distributed under the License is distributed on an +* "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY +* KIND, either express or implied. See the License for the +* specific language governing permissions and limitations +* under the License. +*/ +package org.wso2.carbon.device.mgt.oauth.extensions.handlers.grant.oauth.validator; + +/** + * This class holds the authenticated user information after the OAuth2 token is validated. + */ +@SuppressWarnings("unused") +public class OAuthValidationResponse { + + private String userName; + private String tenantDomain; + private boolean isValid; + + public OAuthValidationResponse(String userName, String tenantDomain, boolean isValid) { + this.userName = userName; + this.tenantDomain = tenantDomain; + this.isValid = isValid; + } + + public String getUserName() { + return userName; + } + + public void setUserName(String userName) { + this.userName = userName; + } + + public String getTenantDomain() { + return tenantDomain; + } + + public void setTenantDomain(String tenantDomain) { + this.tenantDomain = tenantDomain; + } + + public boolean isValid() { + return isValid; + } + + public void setIsValid(boolean isValid) { + this.isValid = isValid; + } +} \ No newline at end of file diff --git a/components/identity-extensions/org.wso2.carbon.device.mgt.oauth.extensions/src/main/java/org/wso2/carbon/device/mgt/oauth/extensions/handlers/grant/oauth/validator/internal/OAuthAuthenticatorDataHolder.java b/components/identity-extensions/org.wso2.carbon.device.mgt.oauth.extensions/src/main/java/org/wso2/carbon/device/mgt/oauth/extensions/handlers/grant/oauth/validator/internal/OAuthAuthenticatorDataHolder.java new file mode 100644 index 0000000000..85b32c04c5 --- /dev/null +++ b/components/identity-extensions/org.wso2.carbon.device.mgt.oauth.extensions/src/main/java/org/wso2/carbon/device/mgt/oauth/extensions/handlers/grant/oauth/validator/internal/OAuthAuthenticatorDataHolder.java @@ -0,0 +1,49 @@ +/* + * Copyright (c) 2015, WSO2 Inc. (http://www.wso2.org) All Rights Reserved. + * + * WSO2 Inc. licenses this file to you under the Apache License, + * Version 2.0 (the "License"); you may not use this file except + * in compliance with the License. + * you may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, + * software distributed under the License is distributed on an + * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY + * KIND, either express or implied. See the License for the + * specific language governing permissions and limitations + * under the License. + */ + +package org.wso2.carbon.device.mgt.oauth.extensions.handlers.grant.oauth.validator.internal; + +import org.wso2.carbon.identity.oauth2.OAuth2TokenValidationService; + +/** + * DataHolder of Backend OAuth Authenticator component. + */ +public class OAuthAuthenticatorDataHolder { + + private OAuth2TokenValidationService oAuth2TokenValidationService; + + private static OAuthAuthenticatorDataHolder thisInstance = new OAuthAuthenticatorDataHolder(); + + private OAuthAuthenticatorDataHolder() {} + + public static OAuthAuthenticatorDataHolder getInstance() { + return thisInstance; + } + + public OAuth2TokenValidationService getOAuth2TokenValidationService() { + if (oAuth2TokenValidationService == null) { + throw new IllegalStateException("OAuth2TokenValidation service is not initialized properly"); + } + return oAuth2TokenValidationService; + } + + public void setOAuth2TokenValidationService( + OAuth2TokenValidationService oAuth2TokenValidationService) { + this.oAuth2TokenValidationService = oAuth2TokenValidationService; + } +} \ No newline at end of file diff --git a/components/identity-extensions/org.wso2.carbon.device.mgt.oauth.extensions/src/main/java/org/wso2/carbon/device/mgt/oauth/extensions/handlers/grant/oauth/validator/internal/OAuthAuthenticatorServiceComponent.java b/components/identity-extensions/org.wso2.carbon.device.mgt.oauth.extensions/src/main/java/org/wso2/carbon/device/mgt/oauth/extensions/handlers/grant/oauth/validator/internal/OAuthAuthenticatorServiceComponent.java new file mode 100755 index 0000000000..63407083b7 --- /dev/null +++ b/components/identity-extensions/org.wso2.carbon.device.mgt.oauth.extensions/src/main/java/org/wso2/carbon/device/mgt/oauth/extensions/handlers/grant/oauth/validator/internal/OAuthAuthenticatorServiceComponent.java @@ -0,0 +1,76 @@ +/* +* Copyright (c) 2015 WSO2 Inc. (http://www.wso2.org) All Rights Reserved. +* +* WSO2 Inc. licenses this file to you under the Apache License, +* Version 2.0 (the "License"); you may not use this file except +* in compliance with the License. +* You may obtain a copy of the License at +* +* http://www.apache.org/licenses/LICENSE-2.0 +* +* Unless required by applicable law or agreed to in writing, +* software distributed under the License is distributed on an +* "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY +* KIND, either express or implied. See the License for the +* specific language governing permissions and limitations +* under the License. +*/ + +package org.wso2.carbon.device.mgt.oauth.extensions.handlers.grant.oauth.validator.internal; + +import org.apache.commons.logging.Log; +import org.apache.commons.logging.LogFactory; +import org.osgi.service.component.ComponentContext; +import org.wso2.carbon.identity.oauth2.OAuth2TokenValidationService; + +/** + * @scr.component name="org.wso2.carbon.device.mgt.oauth.extensions.authenticator" immediate="true" + * @scr.reference name="identity.oauth2.validation.service" + * interface="org.wso2.carbon.identity.oauth2.OAuth2TokenValidationService" + * cardinality="1..1" + * policy="dynamic" + * bind="setOAuth2ValidationService" + * unbind="unsetOAuth2ValidationService" + */ +public class OAuthAuthenticatorServiceComponent { + + private static final Log log = LogFactory.getLog(OAuthAuthenticatorServiceComponent.class); + + @SuppressWarnings("unused") + protected void activate(ComponentContext componentContext) { + if (log.isDebugEnabled()) { + log.debug("Starting Backend OAuthAuthenticator Framework Bundle"); + } + } + + @SuppressWarnings("unused") + protected void deactivate(ComponentContext componentContext) { + //do nothing + } + + /** + * Sets OAuth2TokenValidation Service. + * + * @param tokenValidationService An instance of OAuth2TokenValidationService. + */ + @SuppressWarnings("unused") + protected void setOAuth2ValidationService(OAuth2TokenValidationService tokenValidationService) { + if (log.isDebugEnabled()) { + log.debug("Setting OAuth2TokenValidationService Service"); + } + OAuthAuthenticatorDataHolder.getInstance().setOAuth2TokenValidationService(tokenValidationService); + } + + /** + * Unsets OAuth2TokenValidation Service. + * + * @param tokenValidationService An instance of OAuth2TokenValidationService + */ + @SuppressWarnings("unused") + protected void unsetOAuth2ValidationService(OAuth2TokenValidationService tokenValidationService) { + if (log.isDebugEnabled()) { + log.debug("Unsetting OAuth2TokenValidationService Service"); + } + OAuthAuthenticatorDataHolder.getInstance().setOAuth2TokenValidationService(null); + } +} \ No newline at end of file