Updated Grant Type Implementation

revert-70aa11f8
ayyoob 8 years ago
parent 8eb29a77cc
commit d5e756c205

@ -2,9 +2,9 @@ package org.wso2.carbon.device.mgt.oauth.extensions;
/** /**
* This hold the constants related oauth extensions. * This hold the OAuthConstants related oauth extensions.
*/ */
public class Constants { public class OAuthConstants {
public static final String DEFAULT_DEVICE_ASSERTION = "device"; public static final String DEFAULT_DEVICE_ASSERTION = "device";
public static final String DEFAULT_USERNAME_IDENTIFIER = "username"; public static final String DEFAULT_USERNAME_IDENTIFIER = "username";

@ -301,7 +301,7 @@ public class OAuthExtUtils {
DeviceRequestDTO deviceRequestDTO = null; DeviceRequestDTO deviceRequestDTO = null;
RequestParameter parameters[] = tokReqMsgCtx.getOauth2AccessTokenReqDTO().getRequestParameters(); RequestParameter parameters[] = tokReqMsgCtx.getOauth2AccessTokenReqDTO().getRequestParameters();
for (RequestParameter parameter : parameters) { for (RequestParameter parameter : parameters) {
if (Constants.DEFAULT_DEVICE_ASSERTION.equals(parameter.getKey())) { if (OAuthConstants.DEFAULT_DEVICE_ASSERTION.equals(parameter.getKey())) {
String deviceJson = parameter.getValue()[0]; String deviceJson = parameter.getValue()[0];
Gson gson = new Gson(); Gson gson = new Gson();
deviceRequestDTO = gson.fromJson(new String(Base64.decodeBase64(deviceJson)), deviceRequestDTO = gson.fromJson(new String(Base64.decodeBase64(deviceJson)),
@ -309,12 +309,15 @@ public class OAuthExtUtils {
} }
} }
if (deviceRequestDTO != null) { if (deviceRequestDTO != null) {
String scopeName = deviceRequestDTO.getScope(); String requestScopes = deviceRequestDTO.getScope();
String scopeNames[] = requestScopes.split(" ");
for (String scopeName : scopeNames) {
List<DeviceIdentifier> deviceIdentifiers = deviceRequestDTO.getDeviceIdentifiers(); List<DeviceIdentifier> deviceIdentifiers = deviceRequestDTO.getDeviceIdentifiers();
DeviceAuthorizationResult deviceAuthorizationResult = OAuthExtensionsDataHolder.getInstance() DeviceAuthorizationResult deviceAuthorizationResult = OAuthExtensionsDataHolder.getInstance()
.getDeviceAccessAuthorizationService() .getDeviceAccessAuthorizationService()
.isUserAuthorized(deviceIdentifiers, username, getPermissions(scopeName)); .isUserAuthorized(deviceIdentifiers, username, getPermissions(scopeName));
if (deviceAuthorizationResult != null && deviceAuthorizationResult.getAuthorizedDevices() != null) { if (deviceAuthorizationResult != null &&
deviceAuthorizationResult.getAuthorizedDevices() != null) {
String scopes[] = tokReqMsgCtx.getScope(); String scopes[] = tokReqMsgCtx.getScope();
String authorizedScopes[] = new String[scopes.length + deviceAuthorizationResult String authorizedScopes[] = new String[scopes.length + deviceAuthorizationResult
.getAuthorizedDevices().size()]; .getAuthorizedDevices().size()];
@ -324,13 +327,15 @@ public class OAuthExtUtils {
scopeIndex++; scopeIndex++;
} }
for (DeviceIdentifier deviceIdentifier : deviceAuthorizationResult.getAuthorizedDevices()) { for (DeviceIdentifier deviceIdentifier : deviceAuthorizationResult.getAuthorizedDevices()) {
authorizedScopes[scopeIndex] = DEFAULT_SCOPE_TAG + ":" + deviceIdentifier.getType() + ":" + authorizedScopes[scopeIndex] =
DEFAULT_SCOPE_TAG + ":" + deviceIdentifier.getType() + ":" +
deviceIdentifier.getId() + ":" + scopeName; deviceIdentifier.getId() + ":" + scopeName;
scopeIndex++; scopeIndex++;
} }
tokReqMsgCtx.setScope(authorizedScopes); tokReqMsgCtx.setScope(authorizedScopes);
} }
} }
}
} catch (DeviceAccessAuthorizationException e) { } catch (DeviceAccessAuthorizationException e) {
log.error("Error occurred while checking authorization for the user " + username, e); log.error("Error occurred while checking authorization for the user " + username, e);
} finally { } finally {

@ -18,13 +18,10 @@
package org.wso2.carbon.device.mgt.oauth.extensions.handlers.grant; package org.wso2.carbon.device.mgt.oauth.extensions.handlers.grant;
import com.google.gson.Gson;
import org.apache.commons.codec.binary.Base64;
import org.apache.commons.logging.Log; import org.apache.commons.logging.Log;
import org.apache.commons.logging.LogFactory; import org.apache.commons.logging.LogFactory;
import org.wso2.carbon.apimgt.keymgt.handlers.ExtendedPasswordGrantHandler; import org.wso2.carbon.apimgt.keymgt.handlers.ExtendedPasswordGrantHandler;
import org.wso2.carbon.device.mgt.oauth.extensions.Constants; import org.wso2.carbon.device.mgt.oauth.extensions.OAuthConstants;
import org.wso2.carbon.device.mgt.oauth.extensions.DeviceRequestDTO;
import org.wso2.carbon.device.mgt.oauth.extensions.OAuthExtUtils; import org.wso2.carbon.device.mgt.oauth.extensions.OAuthExtUtils;
import org.wso2.carbon.identity.oauth2.IdentityOAuth2Exception; import org.wso2.carbon.identity.oauth2.IdentityOAuth2Exception;
import org.wso2.carbon.identity.oauth2.model.RequestParameter; import org.wso2.carbon.identity.oauth2.model.RequestParameter;
@ -40,12 +37,12 @@ public class ExtendedDeviceMgtPasswordGrantHandler extends ExtendedPasswordGrant
RequestParameter parameters[] = tokReqMsgCtx.getOauth2AccessTokenReqDTO().getRequestParameters(); RequestParameter parameters[] = tokReqMsgCtx.getOauth2AccessTokenReqDTO().getRequestParameters();
for (RequestParameter parameter : parameters) { for (RequestParameter parameter : parameters) {
switch (parameter.getKey()) { switch (parameter.getKey()) {
case Constants.DEFAULT_USERNAME_IDENTIFIER: case OAuthConstants.DEFAULT_USERNAME_IDENTIFIER:
String username = parameter.getValue()[0]; String username = parameter.getValue()[0];
tokReqMsgCtx.getOauth2AccessTokenReqDTO().setResourceOwnerUsername(username); tokReqMsgCtx.getOauth2AccessTokenReqDTO().setResourceOwnerUsername(username);
break; break;
case Constants.DEFAULT_PASSWORD_IDENTIFIER: case OAuthConstants.DEFAULT_PASSWORD_IDENTIFIER:
String password = parameter.getValue()[0]; String password = parameter.getValue()[0];
tokReqMsgCtx.getOauth2AccessTokenReqDTO().setResourceOwnerPassword(password); tokReqMsgCtx.getOauth2AccessTokenReqDTO().setResourceOwnerPassword(password);
break; break;

@ -20,7 +20,7 @@ package org.wso2.carbon.device.mgt.oauth.extensions.validators;
import org.apache.oltu.oauth2.common.OAuth; import org.apache.oltu.oauth2.common.OAuth;
import org.apache.oltu.oauth2.common.validators.AbstractValidator; import org.apache.oltu.oauth2.common.validators.AbstractValidator;
import org.wso2.carbon.device.mgt.oauth.extensions.Constants; import org.wso2.carbon.device.mgt.oauth.extensions.OAuthConstants;
import javax.servlet.http.HttpServletRequest; import javax.servlet.http.HttpServletRequest;
@ -34,6 +34,5 @@ public class ExtendedDeviceJWTGrantValidator extends AbstractValidator<HttpServl
public ExtendedDeviceJWTGrantValidator() { public ExtendedDeviceJWTGrantValidator() {
requiredParams.add(OAuth.OAUTH_GRANT_TYPE); requiredParams.add(OAuth.OAUTH_GRANT_TYPE);
requiredParams.add(OAuth.OAUTH_ASSERTION); requiredParams.add(OAuth.OAUTH_ASSERTION);
requiredParams.add(Constants.DEFAULT_DEVICE_ASSERTION);
} }
} }

@ -20,7 +20,7 @@ package org.wso2.carbon.device.mgt.oauth.extensions.validators;
import org.apache.oltu.oauth2.common.OAuth; import org.apache.oltu.oauth2.common.OAuth;
import org.apache.oltu.oauth2.common.validators.AbstractValidator; import org.apache.oltu.oauth2.common.validators.AbstractValidator;
import org.wso2.carbon.device.mgt.oauth.extensions.Constants; import org.wso2.carbon.device.mgt.oauth.extensions.OAuthConstants;
import javax.servlet.http.HttpServletRequest; import javax.servlet.http.HttpServletRequest;
@ -32,6 +32,6 @@ public class ExtendedDevicePasswordGrantValidator extends AbstractValidator<Http
public ExtendedDevicePasswordGrantValidator() { public ExtendedDevicePasswordGrantValidator() {
requiredParams.add(OAuth.OAUTH_USERNAME); requiredParams.add(OAuth.OAUTH_USERNAME);
requiredParams.add(OAuth.OAUTH_PASSWORD); requiredParams.add(OAuth.OAUTH_PASSWORD);
requiredParams.add(Constants.DEFAULT_DEVICE_ASSERTION); requiredParams.add(OAuthConstants.DEFAULT_DEVICE_ASSERTION);
} }
} }

@ -44,6 +44,7 @@ import java.security.KeyStoreException;
import java.security.NoSuchAlgorithmException; import java.security.NoSuchAlgorithmException;
import java.util.ArrayList; import java.util.ArrayList;
import java.util.List; import java.util.List;
import java.util.Map;
/** /**
* this class represents an implementation of Token Client which is based on JWT * this class represents an implementation of Token Client which is based on JWT
@ -63,14 +64,10 @@ public class JWTClient {
this.isDefaultJWTClient = isDefaultJWTClient; this.isDefaultJWTClient = isDefaultJWTClient;
} }
/**
* {@inheritDoc}
*/
public AccessTokenInfo getAccessToken(String consumerKey, String consumerSecret, String username, String scopes) public AccessTokenInfo getAccessToken(String consumerKey, String consumerSecret, String username, String scopes)
throws JWTClientException { throws JWTClientException {
List<NameValuePair> params = new ArrayList<>(); List<NameValuePair> params = new ArrayList<>();
params.add(new BasicNameValuePair(JWTConstants.GRANT_TYPE_PARAM_NAME, JWTConstants.JWT_GRANT_TYPE)); params.add(new BasicNameValuePair(JWTConstants.GRANT_TYPE_PARAM_NAME, jwtConfig.getJwtGrantType()));
String assertion = JWTClientUtil.generateSignedJWTAssertion(username, jwtConfig, isDefaultJWTClient); String assertion = JWTClientUtil.generateSignedJWTAssertion(username, jwtConfig, isDefaultJWTClient);
if (assertion == null) { if (assertion == null) {
throw new JWTClientException("JWT is not configured properly for user : " + username); throw new JWTClientException("JWT is not configured properly for user : " + username);
@ -80,9 +77,26 @@ public class JWTClient {
return getTokenInfo(params, consumerKey, consumerSecret); return getTokenInfo(params, consumerKey, consumerSecret);
} }
/** public AccessTokenInfo getAccessToken(String consumerKey, String consumerSecret, String username, String scopes,
* {@inheritDoc} Map<String, String> paramsMap)
*/ throws JWTClientException {
List<NameValuePair> params = new ArrayList<>();
params.add(new BasicNameValuePair(JWTConstants.GRANT_TYPE_PARAM_NAME, jwtConfig.getJwtGrantType()));
String assertion = JWTClientUtil.generateSignedJWTAssertion(username, jwtConfig, isDefaultJWTClient);
if (assertion == null) {
throw new JWTClientException("JWT is not configured properly for user : " + username);
}
params.add(new BasicNameValuePair(JWTConstants.JWT_PARAM_NAME, assertion));
params.add(new BasicNameValuePair(JWTConstants.SCOPE_PARAM_NAME, scopes));
if (paramsMap != null) {
for (String key : paramsMap.keySet()) {
params.add(new BasicNameValuePair(key, paramsMap.get(key)));
}
}
return getTokenInfo(params, consumerKey, consumerSecret);
}
public AccessTokenInfo getAccessTokenFromRefreshToken(String refreshToken, String username, String scopes, public AccessTokenInfo getAccessTokenFromRefreshToken(String refreshToken, String username, String scopes,
String consumerKey, String consumerSecret) String consumerKey, String consumerSecret)
throws JWTClientException { throws JWTClientException {

@ -23,7 +23,7 @@ package org.wso2.carbon.identity.jwt.client.extension.constant;
public class JWTConstants { public class JWTConstants {
public static final String OAUTH_EXPIRES_IN = "expires_in"; public static final String OAUTH_EXPIRES_IN = "expires_in";
public static final String OAUTH_TOKEN_TYPE = "token_type"; public static final String OAUTH_TOKEN_TYPE = "token_type";
public static final String JWT_GRANT_TYPE = "urn:ietf:params:oauth:grant-type:device-mgt:jwt-bearer"; public static final String JWT_GRANT_TYPE = "urn:ietf:params:oauth:grant-type:jwt-bearer";
public static final String GRANT_TYPE_PARAM_NAME = "grant_type"; public static final String GRANT_TYPE_PARAM_NAME = "grant_type";
public static final String REFRESH_TOKEN_GRANT_TYPE = "refresh_token"; public static final String REFRESH_TOKEN_GRANT_TYPE = "refresh_token";
public static final String REFRESH_TOKEN_GRANT_TYPE_PARAM_NAME = "refresh_token"; public static final String REFRESH_TOKEN_GRANT_TYPE_PARAM_NAME = "refresh_token";

@ -1,6 +1,7 @@
package org.wso2.carbon.identity.jwt.client.extension.dto; package org.wso2.carbon.identity.jwt.client.extension.dto;
import org.wso2.carbon.core.util.Utils; import org.wso2.carbon.core.util.Utils;
import org.wso2.carbon.identity.jwt.client.extension.constant.JWTConstants;
import java.util.ArrayList; import java.util.ArrayList;
import java.util.List; import java.util.List;
@ -20,6 +21,7 @@ public class JWTConfig {
private static final String JKS_PASSWORD ="KeyStorePassword"; private static final String JKS_PASSWORD ="KeyStorePassword";
private static final String JKA_PRIVATE_KEY_PASSWORD = "PrivateKeyPassword"; private static final String JKA_PRIVATE_KEY_PASSWORD = "PrivateKeyPassword";
private static final String TOKEN_ENDPOINT = "TokenEndpoint"; private static final String TOKEN_ENDPOINT = "TokenEndpoint";
private static final String JWT_GRANT_TYPE_NAME = "GrantType";
/** /**
* issuer of the JWT * issuer of the JWT
@ -69,6 +71,11 @@ public class JWTConfig {
private String privateKeyAlias; private String privateKeyAlias;
private String privateKeyPassword; private String privateKeyPassword;
/**
* Jwt Grant Type Name
*/
private String jwtGrantType;
/** /**
* @param properties load the config from the properties file. * @param properties load the config from the properties file.
*/ */
@ -89,6 +96,8 @@ public class JWTConfig {
privateKeyAlias = properties.getProperty(JKS_PRIVATE_KEY_ALIAS); privateKeyAlias = properties.getProperty(JKS_PRIVATE_KEY_ALIAS);
privateKeyPassword = properties.getProperty(JKA_PRIVATE_KEY_PASSWORD); privateKeyPassword = properties.getProperty(JKA_PRIVATE_KEY_PASSWORD);
tokenEndpoint = properties.getProperty(TOKEN_ENDPOINT, ""); tokenEndpoint = properties.getProperty(TOKEN_ENDPOINT, "");
jwtGrantType = properties.getProperty(JWT_GRANT_TYPE_NAME, JWTConstants.JWT_GRANT_TYPE);
} }
private static List<String> getAudience(String audience){ private static List<String> getAudience(String audience){
@ -146,4 +155,8 @@ public class JWTConfig {
public String getTokenEndpoint() { public String getTokenEndpoint() {
return Utils.replaceSystemProperty(tokenEndpoint); return Utils.replaceSystemProperty(tokenEndpoint);
} }
public String getJwtGrantType() {
return jwtGrantType;
}
} }

@ -780,6 +780,11 @@
<artifactId>org.wso2.carbon.apimgt.keymgt.client</artifactId> <artifactId>org.wso2.carbon.apimgt.keymgt.client</artifactId>
<version>${carbon.api.mgt.version}</version> <version>${carbon.api.mgt.version}</version>
</dependency> </dependency>
<dependency>
<groupId>org.wso2.carbon.apimgt</groupId>
<artifactId>org.wso2.carbon.apimgt.keymgt</artifactId>
<version>${carbon.api.mgt.version}</version>
</dependency>
<dependency> <dependency>
<groupId>org.wso2.carbon.apimgt</groupId> <groupId>org.wso2.carbon.apimgt</groupId>
<artifactId>org.wso2.carbon.apimgt.impl</artifactId> <artifactId>org.wso2.carbon.apimgt.impl</artifactId>

Loading…
Cancel
Save