Merge pull request #559 from GPrathap/master

changed websocket token retrieval mechanism
revert-dabc3590
Ayyoob Hamza 8 years ago committed by GitHub
commit 66a8b3bbea

@ -702,14 +702,13 @@ function intializeWebsocketUrls() {
.constance.TENANT_INDEX + ApplicationOptions.constance.PATH_SEPARATOR + data.user.domain + .constance.TENANT_INDEX + ApplicationOptions.constance.PATH_SEPARATOR + data.user.domain +
ApplicationOptions.constance.PATH_SEPARATOR + ApplicationOptions.constance ApplicationOptions.constance.PATH_SEPARATOR + ApplicationOptions.constance
.CEP_WEB_SOCKET_OUTPUT_ADAPTOR_NAME + ApplicationOptions.constance.PATH_SEPARATOR + ApplicationOptions.constance.VERSION .CEP_WEB_SOCKET_OUTPUT_ADAPTOR_NAME + ApplicationOptions.constance.PATH_SEPARATOR + ApplicationOptions.constance.VERSION
+ "?deviceId=" + deviceId + "&deviceType=" + deviceType; + "?deviceId=" + deviceId + "&deviceType=" + deviceType + "&websocketToken=" + accessToken;
alertWebSocketURL = 'wss://' + hostname + ':' + port + ApplicationOptions.constance.PATH_SEPARATOR + ApplicationOptions.constance alertWebSocketURL = 'wss://' + hostname + ':' + port + ApplicationOptions.constance.PATH_SEPARATOR + ApplicationOptions.constance
.CEP_WEB_SOCKET_OUTPUT_ADAPTOR_WEBAPP_NAME + ApplicationOptions.constance.PATH_SEPARATOR + ApplicationOptions .CEP_WEB_SOCKET_OUTPUT_ADAPTOR_WEBAPP_NAME + ApplicationOptions.constance.PATH_SEPARATOR + ApplicationOptions
.constance.TENANT_INDEX + ApplicationOptions.constance.PATH_SEPARATOR + data.user.domain + .constance.TENANT_INDEX + ApplicationOptions.constance.PATH_SEPARATOR + data.user.domain +
ApplicationOptions.constance.PATH_SEPARATOR + ApplicationOptions.constance ApplicationOptions.constance.PATH_SEPARATOR + ApplicationOptions.constance
.CEP_ON_ALERT_WEB_SOCKET_OUTPUT_ADAPTOR_NAME + ApplicationOptions.constance.PATH_SEPARATOR + ApplicationOptions.constance.VERSION .CEP_ON_ALERT_WEB_SOCKET_OUTPUT_ADAPTOR_NAME + ApplicationOptions.constance.PATH_SEPARATOR + ApplicationOptions.constance.VERSION
+ "?deviceId=" + deviceId + "&deviceType=" + deviceType; + "?deviceId=" + deviceId + "&deviceType=" + deviceType + "&websocketToken=" + accessToken;
document.cookie = "websocket-token=" + accessToken + "; path=/";
$("#proximity_alert").hide(); $("#proximity_alert").hide();
initializeWebSocket(); initializeWebSocket();
initializeOnAlertWebSocket(); initializeOnAlertWebSocket();

@ -22,13 +22,21 @@ function onRequest(context) {
var device = context.unit.params.device; var device = context.unit.params.device;
var devicemgtProps = require("/app/modules/conf-reader/main.js")["conf"]; var devicemgtProps = require("/app/modules/conf-reader/main.js")["conf"];
var constants = require("/app/modules/constants.js"); var constants = require("/app/modules/constants.js");
var websocketEndpoint = devicemgtProps["wssURL"].replace("https", "wss"); var websocketEndpoint = devicemgtProps["wssURL"].replace("https", "wss");
var tokenPair = session.get(constants["TOKEN_PAIR"]); var jwtService = carbonServer.osgiService(
if (tokenPair) { 'org.wso2.carbon.identity.jwt.client.extension.service.JWTClientManagerService');
var token = parse(tokenPair)["accessToken"]; var jwtClient = jwtService.getJWTClient();
websocketEndpoint = websocketEndpoint + "/secured-websocket/org.wso2.iot.android.sense/1.0.0?" + var encodedClientKeys = session.get(constants["ENCODED_TENANT_BASED_WEB_SOCKET_CLIENT_CREDENTIALS"]);
"token="+ token +"&deviceId=" + device.deviceIdentifier + "&deviceType=" + device.type; var token = "";
} if (encodedClientKeys) {
var tokenUtil = require("/app/modules/oauth/token-handler-utils.js")["utils"];
var resp = tokenUtil.decode(encodedClientKeys).split(":");
var tokenPair = jwtClient.getAccessToken(resp[0], resp[1], context.user.username,"default", {});
if (tokenPair) {
token = tokenPair.accessToken;
}
websocketEndpoint = websocketEndpoint + "/secured-websocket/org.wso2.iot.android.sense/1.0.0?" +
+ "deviceId=" + device.deviceIdentifier + "&deviceType=" + device.type + "&websocketToken=" + token;
}
return {"device": device, "websocketEndpoint": websocketEndpoint}; return {"device": device, "websocketEndpoint": websocketEndpoint};
} }

@ -36,9 +36,7 @@ function onRequest(context) {
token = tokenPair.accessToken; token = tokenPair.accessToken;
} }
websocketEndpoint = websocketEndpoint + "/secured-websocket/org.wso2.iot.devices.temperature/1.0.0?" websocketEndpoint = websocketEndpoint + "/secured-websocket/org.wso2.iot.devices.temperature/1.0.0?"
+ "deviceId=" + device.deviceIdentifier + "&deviceType=" + device.type; + "deviceId=" + device.deviceIdentifier + "&deviceType=" + device.type + "&websocketToken=" + token;
var websocketToken= {'name':'websocket-token','value': token, 'path':'/', "maxAge":18000};
response.addCookie(websocketToken);
} }
return {"device": device, "websocketEndpoint": websocketEndpoint}; return {"device": device, "websocketEndpoint": websocketEndpoint};
} }

@ -36,9 +36,7 @@ function onRequest(context) {
token = tokenPair.accessToken; token = tokenPair.accessToken;
} }
websocketEndpoint = websocketEndpoint + "/secured-websocket/org.wso2.iot.devices.temperature/1.0.0?" websocketEndpoint = websocketEndpoint + "/secured-websocket/org.wso2.iot.devices.temperature/1.0.0?"
+ "deviceId=" + device.deviceIdentifier + "&deviceType=" + device.type; + "deviceId=" + device.deviceIdentifier + "&deviceType=" + device.type + "&websocketToken=" + token;
var websocketToken= {'name':'websocket-token','value': token, 'path':'/', "maxAge":18000};
response.addCookie(websocketToken);
} }
return {"device": device, "websocketEndpoint": websocketEndpoint}; return {"device": device, "websocketEndpoint": websocketEndpoint};
} }

@ -36,9 +36,7 @@ function onRequest(context) {
token = tokenPair.accessToken; token = tokenPair.accessToken;
} }
websocketEndpoint = websocketEndpoint + "/secured-websocket/org.wso2.iot.devices.temperature/1.0.0?" websocketEndpoint = websocketEndpoint + "/secured-websocket/org.wso2.iot.devices.temperature/1.0.0?"
+ "deviceId=" + device.deviceIdentifier + "&deviceType=" + device.type; + "deviceId=" + device.deviceIdentifier + "&deviceType=" + device.type + "&websocketToken=" + token;
var websocketToken= {'name':'websocket-token','value': token, 'path':'/', "maxAge":18000};
response.addCookie(websocketToken);
} }
return {"device": device, "websocketEndpoint": websocketEndpoint}; return {"device": device, "websocketEndpoint": websocketEndpoint};
} }

@ -18,6 +18,7 @@
package org.wso2.carbon.device.mgt.output.adapter.websocket.endpoint; package org.wso2.carbon.device.mgt.output.adapter.websocket.endpoint;
import org.apache.commons.collections.map.HashedMap;
import org.apache.commons.logging.Log; import org.apache.commons.logging.Log;
import org.apache.commons.logging.LogFactory; import org.apache.commons.logging.LogFactory;
import org.wso2.carbon.context.PrivilegedCarbonContext; import org.wso2.carbon.context.PrivilegedCarbonContext;
@ -38,6 +39,7 @@ import javax.websocket.OnOpen;
import javax.websocket.server.PathParam; import javax.websocket.server.PathParam;
import javax.websocket.server.ServerEndpoint; import javax.websocket.server.ServerEndpoint;
import java.io.IOException; import java.io.IOException;
import java.util.LinkedList;
import java.util.List; import java.util.List;
import java.util.Map; import java.util.Map;
@ -63,10 +65,12 @@ public class SuperTenantSubscriptionEndpoint extends SubscriptionEndpoint {
if (log.isDebugEnabled()) { if (log.isDebugEnabled()) {
log.debug("WebSocket opened, for Session id: " + session.getId() + ", for the Stream:" + streamName); log.debug("WebSocket opened, for Session id: " + session.getId() + ", for the Stream:" + streamName);
} }
Map<String, List<String>> httpHeaders; Map<String, List<String>> sessionQueryParam = new HashedMap();
httpHeaders = (Map<String, List<String>>) config.getUserProperties().get(Constants.HTTP_HEADERS); List<String> sessionQueryParamList = new LinkedList<>();
sessionQueryParamList.add(session.getQueryString());
sessionQueryParam.put(Constants.QUERY_STRING, sessionQueryParamList);
Authenticator authenticator = ServiceHolder.getWebsocketValidationService().getAuthenticator(); Authenticator authenticator = ServiceHolder.getWebsocketValidationService().getAuthenticator();
AuthenticationInfo authenticationInfo = authenticator.isAuthenticated(httpHeaders); AuthenticationInfo authenticationInfo = authenticator.isAuthenticated(sessionQueryParam);
if (authenticationInfo != null && authenticationInfo.isAuthenticated()) { if (authenticationInfo != null && authenticationInfo.isAuthenticated()) {
Authorizer authorizer = ServiceHolder.getWebsocketValidationService().getAuthorizer(); Authorizer authorizer = ServiceHolder.getWebsocketValidationService().getAuthorizer();
boolean isAuthorized = authorizer.isAuthorized(authenticationInfo, session, streamName); boolean isAuthorized = authorizer.isAuthorized(authenticationInfo, session, streamName);

@ -18,6 +18,7 @@
package org.wso2.carbon.device.mgt.output.adapter.websocket.endpoint; package org.wso2.carbon.device.mgt.output.adapter.websocket.endpoint;
import org.apache.commons.collections.map.HashedMap;
import org.apache.commons.logging.Log; import org.apache.commons.logging.Log;
import org.apache.commons.logging.LogFactory; import org.apache.commons.logging.LogFactory;
import org.wso2.carbon.context.PrivilegedCarbonContext; import org.wso2.carbon.context.PrivilegedCarbonContext;
@ -37,6 +38,7 @@ import javax.websocket.OnOpen;
import javax.websocket.server.PathParam; import javax.websocket.server.PathParam;
import javax.websocket.server.ServerEndpoint; import javax.websocket.server.ServerEndpoint;
import java.io.IOException; import java.io.IOException;
import java.util.LinkedList;
import java.util.List; import java.util.List;
import java.util.Map; import java.util.Map;
@ -63,10 +65,12 @@ public class TenantSubscriptionEndpoint extends SubscriptionEndpoint {
if (log.isDebugEnabled()) { if (log.isDebugEnabled()) {
log.debug("WebSocket opened, for Session id: "+session.getId()+", for the Stream:"+streamName); log.debug("WebSocket opened, for Session id: "+session.getId()+", for the Stream:"+streamName);
} }
Map<String, List<String>> httpHeaders; Map<String, List<String>> sessionQueryParam = new HashedMap();
httpHeaders = (Map<String, List<String>>) config.getUserProperties().get(Constants.HTTP_HEADERS); List<String> sessionQueryParamList = new LinkedList<>();
sessionQueryParamList.add(session.getQueryString());
sessionQueryParam.put(Constants.QUERY_STRING, sessionQueryParamList);
Authenticator authenticator = ServiceHolder.getWebsocketValidationService().getAuthenticator(); Authenticator authenticator = ServiceHolder.getWebsocketValidationService().getAuthenticator();
AuthenticationInfo authenticationInfo = authenticator.isAuthenticated(httpHeaders); AuthenticationInfo authenticationInfo = authenticator.isAuthenticated(sessionQueryParam);
if (authenticationInfo != null && authenticationInfo.isAuthenticated()) { if (authenticationInfo != null && authenticationInfo.isAuthenticated()) {
Authorizer authorizer = ServiceHolder.getWebsocketValidationService().getAuthorizer(); Authorizer authorizer = ServiceHolder.getWebsocketValidationService().getAuthorizer();
boolean isAuthorized = authorizer.isAuthorized(authenticationInfo, session, streamName); boolean isAuthorized = authorizer.isAuthorized(authenticationInfo, session, streamName);

@ -22,4 +22,5 @@ package org.wso2.carbon.device.mgt.output.adapter.websocket.endpoint.constants;
public class Constants { public class Constants {
public static final String HTTP_HEADERS = "HttpHeaders"; public static final String HTTP_HEADERS = "HttpHeaders";
public static final String QUERY_STRING = "queryString";
} }

@ -45,7 +45,10 @@ public class OAuthTokenValdiator {
private static final String COOKIE_KEYPAIR_SEPERATOR = ";"; private static final String COOKIE_KEYPAIR_SEPERATOR = ";";
private static final String COOKIE = "cookie"; private static final String COOKIE = "cookie";
private static final String TOKEN_TYPE = "bearer"; private static final String TOKEN_TYPE = "bearer";
private static final String TOKEN_IDENTIFIER = "websocket-token"; private static final String TOKEN_IDENTIFIER = "websocketToken";
private static final String QUERY_STRING_SEPERATOR = "&";
private static final String QUERY_KEY_VALUE_SEPERATOR = "=";
private static final String QUERY_STRING = "queryString";
private static OAuthTokenValdiator oAuthTokenValdiator; private static OAuthTokenValdiator oAuthTokenValdiator;
@ -59,7 +62,7 @@ public class OAuthTokenValdiator {
* @return AuthenticationInfo with the validated results. * @return AuthenticationInfo with the validated results.
*/ */
public AuthenticationInfo validateToken(Map<String, List<String>> webSocketConnectionProperties) { public AuthenticationInfo validateToken(Map<String, List<String>> webSocketConnectionProperties) {
String token = getToken(webSocketConnectionProperties); String token = getTokenFromSession(webSocketConnectionProperties);
if (token == null) { if (token == null) {
AuthenticationInfo authenticationInfo = new AuthenticationInfo(); AuthenticationInfo authenticationInfo = new AuthenticationInfo();
authenticationInfo.setAuthenticated(false); authenticationInfo.setAuthenticated(false);
@ -168,4 +171,27 @@ public class OAuthTokenValdiator {
log.error("WebSocket token should be specified in cookie"); log.error("WebSocket token should be specified in cookie");
return null; return null;
} }
/**
* Retrieving the token from the http session
* @param webSocketConnectionProperties WebSocket connection information including http headers
* @return retrieved token
*/
private String getTokenFromSession(Map<String, List<String>> webSocketConnectionProperties) {
String queryString = webSocketConnectionProperties.get(QUERY_STRING).get(0);
if (queryString != null) {
String[] allQueryParamPairs = queryString.split(QUERY_STRING_SEPERATOR);
for (String keyValuePair : allQueryParamPairs) {
String[] queryParamPair = keyValuePair.split(QUERY_KEY_VALUE_SEPERATOR);
if (queryParamPair.length != 2) {
log.warn("Invalid query string [" + queryString + "] passed in.");
break;
}
if (queryParamPair[0].equals(TOKEN_IDENTIFIER)) {
return queryParamPair[1];
}
}
}
return null;
}
} }

Loading…
Cancel
Save