forked from community/device-mgt-core
Improving Invoker Handler See merge request entgra/carbon-device-mgt!145feature/appm-store/pbac
commit
7f541a07e8
@ -1,155 +0,0 @@
|
|||||||
<?xml version="1.0" encoding="UTF-8"?>
|
|
||||||
<!--
|
|
||||||
~ Copyright (c) 2017, WSO2 Inc. (http://www.wso2.org) All Rights Reserved.
|
|
||||||
~
|
|
||||||
~ WSO2 Inc. licenses this file to you under the Apache License,
|
|
||||||
~ Version 2.0 (the "License"); you may not use this file except
|
|
||||||
~ in compliance with the License.
|
|
||||||
~ You may obtain a copy of the License at
|
|
||||||
~
|
|
||||||
~ http://www.apache.org/licenses/LICENSE-2.0
|
|
||||||
~
|
|
||||||
~ Unless required by applicable law or agreed to in writing,
|
|
||||||
~ software distributed under the License is distributed on an
|
|
||||||
~ "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
|
|
||||||
~ KIND, either express or implied. See the License for the
|
|
||||||
~ specific language governing permissions and limitations
|
|
||||||
~ under the License.
|
|
||||||
-->
|
|
||||||
<project xmlns="http://maven.apache.org/POM/4.0.0"
|
|
||||||
xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
|
|
||||||
xsi:schemaLocation="http://maven.apache.org/POM/4.0.0 http://maven.apache.org/xsd/maven-4.0.0.xsd">
|
|
||||||
<modelVersion>4.0.0</modelVersion>
|
|
||||||
|
|
||||||
<parent>
|
|
||||||
<groupId>org.wso2.carbon.devicemgt</groupId>
|
|
||||||
<artifactId>application-mgt</artifactId>
|
|
||||||
<version>3.2.7-SNAPSHOT</version>
|
|
||||||
</parent>
|
|
||||||
|
|
||||||
<artifactId>org.wso2.carbon.device.application.mgt.handler</artifactId>
|
|
||||||
<version>3.2.7-SNAPSHOT</version>
|
|
||||||
<packaging>war</packaging>
|
|
||||||
<name>WSO2 Carbon - Application Management Authentication Handler API</name>
|
|
||||||
<description>Proxy Service for Authentication Handling in WSO2 App Manager.</description>
|
|
||||||
<url>http://wso2.org</url>
|
|
||||||
|
|
||||||
<build>
|
|
||||||
<plugins>
|
|
||||||
<plugin>
|
|
||||||
<artifactId>maven-war-plugin</artifactId>
|
|
||||||
<configuration>
|
|
||||||
<packagingExcludes>WEB-INF/lib/*cxf*.jar</packagingExcludes>
|
|
||||||
<warName>api#application-mgt-handler#v1.0</warName>
|
|
||||||
</configuration>
|
|
||||||
</plugin>
|
|
||||||
</plugins>
|
|
||||||
</build>
|
|
||||||
|
|
||||||
<profiles>
|
|
||||||
<profile>
|
|
||||||
<id>deploy</id>
|
|
||||||
<build>
|
|
||||||
<defaultGoal>compile</defaultGoal>
|
|
||||||
<plugins>
|
|
||||||
<plugin>
|
|
||||||
<groupId>org.apache.maven.plugins</groupId>
|
|
||||||
<artifactId>maven-antrun-plugin</artifactId>
|
|
||||||
<version>1.7</version>
|
|
||||||
<executions>
|
|
||||||
<execution>
|
|
||||||
<phase>compile</phase>
|
|
||||||
<goals>
|
|
||||||
<goal>run</goal>
|
|
||||||
</goals>
|
|
||||||
<configuration>
|
|
||||||
<tasks>
|
|
||||||
<copy todir="${basedir}/../../../repository/deployment/server/webapps" overwrite="true">
|
|
||||||
<fileset dir="${basedir}/target">
|
|
||||||
<include name="api#application-mgt-handler#v1.0.war" />
|
|
||||||
</fileset>
|
|
||||||
</copy>
|
|
||||||
</tasks>
|
|
||||||
</configuration>
|
|
||||||
</execution>
|
|
||||||
</executions>
|
|
||||||
</plugin>
|
|
||||||
</plugins>
|
|
||||||
</build>
|
|
||||||
</profile>
|
|
||||||
<profile>
|
|
||||||
<id>client</id>
|
|
||||||
<build>
|
|
||||||
<defaultGoal>test</defaultGoal>
|
|
||||||
<plugins>
|
|
||||||
<plugin>
|
|
||||||
<groupId>org.codehaus.mojo</groupId>
|
|
||||||
<artifactId>exec-maven-plugin</artifactId>
|
|
||||||
<version>1.2.1</version>
|
|
||||||
<executions>
|
|
||||||
<execution>
|
|
||||||
<phase>test</phase>
|
|
||||||
<goals>
|
|
||||||
<goal>java</goal>
|
|
||||||
</goals>
|
|
||||||
</execution>
|
|
||||||
</executions>
|
|
||||||
</plugin>
|
|
||||||
</plugins>
|
|
||||||
</build>
|
|
||||||
</profile>
|
|
||||||
</profiles>
|
|
||||||
|
|
||||||
<dependencies>
|
|
||||||
<dependency>
|
|
||||||
<groupId>org.apache.cxf</groupId>
|
|
||||||
<artifactId>cxf-rt-frontend-jaxws</artifactId>
|
|
||||||
<scope>provided</scope>
|
|
||||||
</dependency>
|
|
||||||
<dependency>
|
|
||||||
<groupId>org.apache.cxf</groupId>
|
|
||||||
<artifactId>cxf-rt-frontend-jaxrs</artifactId>
|
|
||||||
<scope>provided</scope>
|
|
||||||
</dependency>
|
|
||||||
<dependency>
|
|
||||||
<groupId>org.apache.cxf</groupId>
|
|
||||||
<artifactId>cxf-rt-transports-http</artifactId>
|
|
||||||
<scope>provided</scope>
|
|
||||||
</dependency>
|
|
||||||
<dependency>
|
|
||||||
<groupId>javax.servlet</groupId>
|
|
||||||
<artifactId>javax.servlet-api</artifactId>
|
|
||||||
<scope>provided</scope>
|
|
||||||
</dependency>
|
|
||||||
<dependency>
|
|
||||||
<groupId>junit</groupId>
|
|
||||||
<artifactId>junit</artifactId>
|
|
||||||
<scope>test</scope>
|
|
||||||
</dependency>
|
|
||||||
<dependency>
|
|
||||||
<groupId>commons-logging</groupId>
|
|
||||||
<artifactId>commons-logging</artifactId>
|
|
||||||
</dependency>
|
|
||||||
<!-- https://mvnrepository.com/artifact/org.apache.httpcomponents/httpclient -->
|
|
||||||
<dependency>
|
|
||||||
<groupId>org.apache.httpcomponents</groupId>
|
|
||||||
<artifactId>httpclient</artifactId>
|
|
||||||
</dependency>
|
|
||||||
<!-- https://mvnrepository.com/artifact/com.googlecode.json-simple/json-simple -->
|
|
||||||
<!-- https://mvnrepository.com/artifact/org.apache.httpcomponents/httpcore -->
|
|
||||||
<dependency>
|
|
||||||
<groupId>org.apache.httpcomponents</groupId>
|
|
||||||
<artifactId>httpcore</artifactId>
|
|
||||||
</dependency>
|
|
||||||
<dependency>
|
|
||||||
<groupId>org.wso2.carbon.devicemgt</groupId>
|
|
||||||
<artifactId>org.wso2.carbon.device.application.mgt.core</artifactId>
|
|
||||||
<scope>provided</scope>
|
|
||||||
</dependency>
|
|
||||||
<dependency>
|
|
||||||
<groupId>org.wso2.carbon.devicemgt</groupId>
|
|
||||||
<artifactId>org.wso2.carbon.device.application.mgt.common</artifactId>
|
|
||||||
<scope>provided</scope>
|
|
||||||
</dependency>
|
|
||||||
</dependencies>
|
|
||||||
</project>
|
|
@ -1,239 +0,0 @@
|
|||||||
/* Copyright (c) 2018, Entgra (Pvt) Ltd. (http://www.entgra.io) All Rights Reserved.
|
|
||||||
*
|
|
||||||
* Entgra (Pvt) Ltd. licenses this file to you under the Apache License,
|
|
||||||
* Version 2.0 (the "License"); you may not use this file except
|
|
||||||
* in compliance with the License.
|
|
||||||
* You may obtain a copy of the License at
|
|
||||||
*
|
|
||||||
* http://www.apache.org/licenses/LICENSE-2.0
|
|
||||||
*
|
|
||||||
* Unless required by applicable law or agreed to in writing,
|
|
||||||
* software distributed under the License is distributed on an
|
|
||||||
* "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
|
|
||||||
* KIND, either express or implied. See the License for the
|
|
||||||
* specific language governing permissions and limitations
|
|
||||||
* under the License.
|
|
||||||
*/
|
|
||||||
|
|
||||||
|
|
||||||
package org.wso2.carbon.device.application.mgt.handler;
|
|
||||||
|
|
||||||
import com.google.gson.JsonElement;
|
|
||||||
import com.google.gson.JsonObject;
|
|
||||||
import com.google.gson.JsonParser;
|
|
||||||
import org.apache.commons.logging.Log;
|
|
||||||
import org.apache.commons.logging.LogFactory;
|
|
||||||
import org.apache.http.HttpStatus;
|
|
||||||
import org.apache.http.client.methods.HttpDelete;
|
|
||||||
import org.apache.http.client.methods.HttpGet;
|
|
||||||
import org.apache.http.client.methods.HttpPost;
|
|
||||||
import org.apache.http.client.methods.HttpPut;
|
|
||||||
import org.apache.http.client.methods.HttpRequestBase;
|
|
||||||
import org.apache.http.entity.ContentType;
|
|
||||||
import org.apache.http.entity.StringEntity;
|
|
||||||
import org.wso2.carbon.device.application.mgt.common.ProxyResponse;
|
|
||||||
import org.wso2.carbon.device.application.mgt.handler.beans.AuthData;
|
|
||||||
import org.wso2.carbon.device.application.mgt.handler.util.HandlerConstants;
|
|
||||||
import org.wso2.carbon.device.application.mgt.handler.util.HandlerUtil;
|
|
||||||
|
|
||||||
import javax.servlet.annotation.MultipartConfig;
|
|
||||||
import javax.servlet.annotation.WebServlet;
|
|
||||||
import javax.servlet.http.HttpServlet;
|
|
||||||
import javax.servlet.http.HttpServletRequest;
|
|
||||||
import javax.servlet.http.HttpServletResponse;
|
|
||||||
import javax.servlet.http.HttpSession;
|
|
||||||
import java.io.IOException;
|
|
||||||
|
|
||||||
import static java.net.HttpURLConnection.HTTP_BAD_REQUEST;
|
|
||||||
import static org.wso2.carbon.device.application.mgt.handler.util.HandlerUtil.execute;
|
|
||||||
|
|
||||||
@MultipartConfig
|
|
||||||
@WebServlet("/invoke")
|
|
||||||
public class InvokerHandler extends HttpServlet {
|
|
||||||
private static final Log log = LogFactory.getLog(LoginHandler.class);
|
|
||||||
private static final long serialVersionUID = -6508020875358160165L;
|
|
||||||
private static AuthData authData;
|
|
||||||
private static String apiEndpoint;
|
|
||||||
private static String method;
|
|
||||||
private static String serverUrl;
|
|
||||||
private static String platform;
|
|
||||||
|
|
||||||
@Override
|
|
||||||
protected void doPost(HttpServletRequest req, HttpServletResponse resp) {
|
|
||||||
try {
|
|
||||||
if (!validateRequest(req, resp)) {
|
|
||||||
return;
|
|
||||||
}
|
|
||||||
HttpRequestBase executor = constructExecutor(req);
|
|
||||||
if (executor == null) {
|
|
||||||
resp.sendError(HTTP_BAD_REQUEST, "Bad Request, method: " + method + " is not supported");
|
|
||||||
return;
|
|
||||||
}
|
|
||||||
executor.setHeader(HandlerConstants.AUTHORIZATION_HEADER_KEY, "Bearer " + authData.getAccessToken());
|
|
||||||
ProxyResponse proxyResponse = execute(executor);
|
|
||||||
|
|
||||||
if (HandlerConstants.TOKEN_IS_EXPIRED.equals(proxyResponse.getExecutorResponse())) {
|
|
||||||
if (!refreshToken(req, resp)) {
|
|
||||||
return;
|
|
||||||
}
|
|
||||||
executor.setHeader(HandlerConstants.AUTHORIZATION_HEADER_KEY, "Bearer " + authData.getAccessToken());
|
|
||||||
proxyResponse = execute(executor);
|
|
||||||
if (proxyResponse.getExecutorResponse().contains(HandlerConstants.EXECUTOR_EXCEPTION_PREFIX)) {
|
|
||||||
log.error("Error occurred while invoking the API after refreshing the token.");
|
|
||||||
HandlerUtil.handleError(req, resp, serverUrl, platform, proxyResponse);
|
|
||||||
return;
|
|
||||||
}
|
|
||||||
}
|
|
||||||
if (proxyResponse.getExecutorResponse().contains(HandlerConstants.EXECUTOR_EXCEPTION_PREFIX)) {
|
|
||||||
log.error("Error occurred while invoking the API endpoint.");
|
|
||||||
HandlerUtil.handleError(req, resp, serverUrl, platform, proxyResponse);
|
|
||||||
return;
|
|
||||||
}
|
|
||||||
HandlerUtil.handleSuccess(req, resp, serverUrl, platform, proxyResponse);
|
|
||||||
} catch (IOException e) {
|
|
||||||
log.error("Error occured when processing invoke call.", e);
|
|
||||||
}
|
|
||||||
}
|
|
||||||
|
|
||||||
/***
|
|
||||||
*
|
|
||||||
* @param req {@link HttpServletRequest}
|
|
||||||
* @return {@link HttpRequestBase} if method equals to either GET, POST, PUT or DELETE otherwise returns NULL.
|
|
||||||
*/
|
|
||||||
private HttpRequestBase constructExecutor(HttpServletRequest req) {
|
|
||||||
String payload = req.getParameter("payload");
|
|
||||||
String contentType = req.getParameter("content-type");
|
|
||||||
if (contentType == null || contentType.isEmpty()) {
|
|
||||||
contentType = ContentType.APPLICATION_JSON.toString();
|
|
||||||
}
|
|
||||||
|
|
||||||
HttpRequestBase executor;
|
|
||||||
if (HttpGet.METHOD_NAME.equalsIgnoreCase(method)) {
|
|
||||||
executor = new HttpGet(serverUrl + HandlerConstants.API_COMMON_CONTEXT + apiEndpoint);
|
|
||||||
} else if (HttpPost.METHOD_NAME.equalsIgnoreCase(method)) {
|
|
||||||
executor = new HttpPost(serverUrl + HandlerConstants.API_COMMON_CONTEXT + apiEndpoint);
|
|
||||||
StringEntity payloadEntity = new StringEntity(payload, ContentType.create(contentType));
|
|
||||||
((HttpPost) executor).setEntity(payloadEntity);
|
|
||||||
} else if (HttpPut.METHOD_NAME.equalsIgnoreCase(method)) {
|
|
||||||
executor = new HttpPut(serverUrl + HandlerConstants.API_COMMON_CONTEXT + apiEndpoint);
|
|
||||||
StringEntity payloadEntity = new StringEntity(payload, ContentType.create(contentType));
|
|
||||||
((HttpPut) executor).setEntity(payloadEntity);
|
|
||||||
} else if (HttpDelete.METHOD_NAME.equalsIgnoreCase(method)) {
|
|
||||||
executor = new HttpDelete(serverUrl + HandlerConstants.API_COMMON_CONTEXT + apiEndpoint);
|
|
||||||
} else {
|
|
||||||
return null;
|
|
||||||
}
|
|
||||||
return executor;
|
|
||||||
}
|
|
||||||
|
|
||||||
/***
|
|
||||||
*
|
|
||||||
* @param req {@link HttpServletRequest}
|
|
||||||
* @param resp {@link HttpServletResponse}
|
|
||||||
* @return If request is a valid one, returns TRUE, otherwise return FALSE
|
|
||||||
* @throws IOException If and error occurs while witting error response to client side
|
|
||||||
*/
|
|
||||||
private static boolean validateRequest(HttpServletRequest req, HttpServletResponse resp) throws IOException {
|
|
||||||
serverUrl = req.getScheme() + "://" + req.getServerName() + ":" + req.getServerPort();
|
|
||||||
apiEndpoint = req.getParameter("api-endpoint");
|
|
||||||
method = req.getParameter("method");
|
|
||||||
HttpSession session = req.getSession(false);
|
|
||||||
if (session == null) {
|
|
||||||
log.error("Unauthorized, You are not logged in. Please log in to the portal");
|
|
||||||
ProxyResponse proxyResponse = new ProxyResponse();
|
|
||||||
proxyResponse.setCode(HttpStatus.SC_UNAUTHORIZED);
|
|
||||||
proxyResponse.setExecutorResponse(
|
|
||||||
HandlerConstants.EXECUTOR_EXCEPTION_PREFIX + HandlerUtil.getStatusKey(HttpStatus.SC_UNAUTHORIZED));
|
|
||||||
HandlerUtil.handleError(req, resp, serverUrl, platform, proxyResponse);
|
|
||||||
return false;
|
|
||||||
}
|
|
||||||
authData = (AuthData) session.getAttribute(HandlerConstants.SESSION_AUTH_DATA_KEY);
|
|
||||||
platform = (String) session.getAttribute(HandlerConstants.PLATFORM);
|
|
||||||
if (authData == null) {
|
|
||||||
log.error("Unauthorized, Access token couldn't found in the current session");
|
|
||||||
ProxyResponse proxyResponse = new ProxyResponse();
|
|
||||||
proxyResponse.setCode(HttpStatus.SC_UNAUTHORIZED);
|
|
||||||
proxyResponse.setExecutorResponse(
|
|
||||||
HandlerConstants.EXECUTOR_EXCEPTION_PREFIX + HandlerUtil.getStatusKey(HttpStatus.SC_UNAUTHORIZED));
|
|
||||||
HandlerUtil.handleError(req, resp, serverUrl, platform, proxyResponse);
|
|
||||||
return false;
|
|
||||||
}
|
|
||||||
|
|
||||||
if (apiEndpoint == null || method == null) {
|
|
||||||
log.error("Bad Request, Either api-endpoint or method is empty");
|
|
||||||
ProxyResponse proxyResponse = new ProxyResponse();
|
|
||||||
proxyResponse.setCode(HttpStatus.SC_BAD_REQUEST);
|
|
||||||
proxyResponse.setExecutorResponse(
|
|
||||||
HandlerConstants.EXECUTOR_EXCEPTION_PREFIX + HandlerUtil.getStatusKey(HttpStatus.SC_BAD_REQUEST));
|
|
||||||
HandlerUtil.handleError(req, resp, serverUrl, platform, proxyResponse);
|
|
||||||
return false;
|
|
||||||
}
|
|
||||||
return true;
|
|
||||||
}
|
|
||||||
|
|
||||||
/***
|
|
||||||
*
|
|
||||||
* @param req {@link HttpServletRequest}
|
|
||||||
* @param resp {@link HttpServletResponse}
|
|
||||||
* @return If successfully renew tokens, returns TRUE otherwise return FALSE
|
|
||||||
* @throws IOException If and error occurs while witting error response to client side or invoke token renewal API
|
|
||||||
*/
|
|
||||||
private static boolean refreshToken(HttpServletRequest req, HttpServletResponse resp) throws IOException {
|
|
||||||
log.debug("refreshing the token");
|
|
||||||
HttpPost tokenEndpoint = new HttpPost(
|
|
||||||
serverUrl + HandlerConstants.API_COMMON_CONTEXT + HandlerConstants.TOKEN_ENDPOINT);
|
|
||||||
HttpSession session = req.getSession(false);
|
|
||||||
if (session == null) {
|
|
||||||
log.error("Couldn't find a session, hence it is required to login and proceed.");
|
|
||||||
ProxyResponse proxyResponse = new ProxyResponse();
|
|
||||||
proxyResponse.setCode(HttpStatus.SC_UNAUTHORIZED);
|
|
||||||
proxyResponse.setExecutorResponse(
|
|
||||||
HandlerConstants.EXECUTOR_EXCEPTION_PREFIX + HandlerUtil.getStatusKey(HttpStatus.SC_UNAUTHORIZED));
|
|
||||||
HandlerUtil.handleError(req, resp, serverUrl, platform, proxyResponse);
|
|
||||||
return false;
|
|
||||||
}
|
|
||||||
|
|
||||||
StringEntity tokenEndpointPayload = new StringEntity(
|
|
||||||
"grant_type=refresh_token&refresh_token=" + authData.getRefreshToken() + "&scope=PRODUCTION",
|
|
||||||
ContentType.APPLICATION_FORM_URLENCODED);
|
|
||||||
|
|
||||||
tokenEndpoint.setEntity(tokenEndpointPayload);
|
|
||||||
String encodedClientApp = authData.getEncodedClientApp();
|
|
||||||
tokenEndpoint.setHeader("Authorization", "Basic " + encodedClientApp);
|
|
||||||
tokenEndpoint.setHeader("Content-Type", ContentType.APPLICATION_FORM_URLENCODED.toString());
|
|
||||||
|
|
||||||
ProxyResponse tokenResultResponse = execute(tokenEndpoint);
|
|
||||||
if (tokenResultResponse.getExecutorResponse().contains(HandlerConstants.EXECUTOR_EXCEPTION_PREFIX)) {
|
|
||||||
log.error("Error occurred while refreshing access token.");
|
|
||||||
HandlerUtil.handleError(req, resp, serverUrl, platform, tokenResultResponse);
|
|
||||||
return false;
|
|
||||||
}
|
|
||||||
|
|
||||||
JsonParser jsonParser = new JsonParser();
|
|
||||||
JsonElement jTokenResult = jsonParser.parse(tokenResultResponse.getData());
|
|
||||||
|
|
||||||
if (jTokenResult.isJsonObject()) {
|
|
||||||
JsonObject jTokenResultAsJsonObject = jTokenResult.getAsJsonObject();
|
|
||||||
AuthData newAuthData = new AuthData();
|
|
||||||
|
|
||||||
newAuthData.setAccessToken(jTokenResultAsJsonObject.get("access_token").getAsString());
|
|
||||||
newAuthData.setRefreshToken(jTokenResultAsJsonObject.get("refresh_token").getAsString());
|
|
||||||
newAuthData.setScope(jTokenResultAsJsonObject.get("scope").getAsString());
|
|
||||||
newAuthData.setClientId(authData.getClientId());
|
|
||||||
newAuthData.setClientSecret(authData.getClientSecret());
|
|
||||||
newAuthData.setEncodedClientApp(authData.getEncodedClientApp());
|
|
||||||
newAuthData.setUsername(authData.getUsername());
|
|
||||||
authData = newAuthData;
|
|
||||||
session.setAttribute(HandlerConstants.SESSION_AUTH_DATA_KEY, newAuthData);
|
|
||||||
return true;
|
|
||||||
}
|
|
||||||
|
|
||||||
log.error("Error Occurred in token renewal process.");
|
|
||||||
ProxyResponse proxyResponse = new ProxyResponse();
|
|
||||||
proxyResponse.setCode(HttpStatus.SC_INTERNAL_SERVER_ERROR);
|
|
||||||
proxyResponse.setExecutorResponse(
|
|
||||||
HandlerConstants.EXECUTOR_EXCEPTION_PREFIX + HandlerUtil.getStatusKey(HttpStatus.SC_INTERNAL_SERVER_ERROR));
|
|
||||||
HandlerUtil.handleError(req, resp, serverUrl, platform, proxyResponse);
|
|
||||||
return false;
|
|
||||||
}
|
|
||||||
}
|
|
@ -1,293 +0,0 @@
|
|||||||
/* Copyright (c) 2018, Entgra (Pvt) Ltd. (http://www.entgra.io) All Rights Reserved.
|
|
||||||
*
|
|
||||||
* Entgra (Pvt) Ltd. licenses this file to you under the Apache License,
|
|
||||||
* Version 2.0 (the "License"); you may not use this file except
|
|
||||||
* in compliance with the License.
|
|
||||||
* You may obtain a copy of the License at
|
|
||||||
*
|
|
||||||
* http://www.apache.org/licenses/LICENSE-2.0
|
|
||||||
*
|
|
||||||
* Unless required by applicable law or agreed to in writing,
|
|
||||||
* software distributed under the License is distributed on an
|
|
||||||
* "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
|
|
||||||
* KIND, either express or implied. See the License for the
|
|
||||||
* specific language governing permissions and limitations
|
|
||||||
* under the License.
|
|
||||||
*/
|
|
||||||
|
|
||||||
package org.wso2.carbon.device.application.mgt.handler;
|
|
||||||
|
|
||||||
import com.google.gson.JsonArray;
|
|
||||||
import com.google.gson.JsonElement;
|
|
||||||
import com.google.gson.JsonObject;
|
|
||||||
import com.google.gson.JsonParser;
|
|
||||||
import com.google.gson.JsonSyntaxException;
|
|
||||||
import org.apache.commons.lang.StringUtils;
|
|
||||||
import org.apache.commons.logging.Log;
|
|
||||||
import org.apache.commons.logging.LogFactory;
|
|
||||||
import org.apache.http.HttpStatus;
|
|
||||||
import org.apache.http.client.methods.HttpGet;
|
|
||||||
import org.apache.http.client.methods.HttpPost;
|
|
||||||
import org.apache.http.entity.ContentType;
|
|
||||||
import org.apache.http.entity.StringEntity;
|
|
||||||
import org.apache.http.protocol.HTTP;
|
|
||||||
import org.wso2.carbon.device.application.mgt.common.ProxyResponse;
|
|
||||||
import org.wso2.carbon.device.application.mgt.handler.beans.AuthData;
|
|
||||||
import org.wso2.carbon.device.application.mgt.handler.exceptions.LoginException;
|
|
||||||
import org.wso2.carbon.device.application.mgt.handler.util.HandlerConstants;
|
|
||||||
import org.wso2.carbon.device.application.mgt.handler.util.HandlerUtil;
|
|
||||||
import org.wso2.carbon.device.mgt.core.config.DeviceConfigurationManager;
|
|
||||||
import org.wso2.carbon.device.mgt.core.config.DeviceManagementConfig;
|
|
||||||
|
|
||||||
import javax.servlet.annotation.MultipartConfig;
|
|
||||||
import javax.servlet.annotation.WebServlet;
|
|
||||||
import javax.servlet.http.HttpServlet;
|
|
||||||
import javax.servlet.http.HttpServletRequest;
|
|
||||||
import javax.servlet.http.HttpServletResponse;
|
|
||||||
import javax.servlet.http.HttpSession;
|
|
||||||
import java.io.IOException;
|
|
||||||
import java.util.Base64;
|
|
||||||
|
|
||||||
import static org.wso2.carbon.device.application.mgt.handler.util.HandlerUtil.execute;
|
|
||||||
|
|
||||||
@MultipartConfig
|
|
||||||
@WebServlet("/login")
|
|
||||||
public class LoginHandler extends HttpServlet {
|
|
||||||
private static final Log log = LogFactory.getLog(LoginHandler.class);
|
|
||||||
private static final long serialVersionUID = 9050048549140517002L;
|
|
||||||
|
|
||||||
private static String username;
|
|
||||||
private static String password;
|
|
||||||
private static String platform;
|
|
||||||
private static String serverUrl;
|
|
||||||
private static String uiConfigUrl;
|
|
||||||
|
|
||||||
@Override
|
|
||||||
protected void doPost(HttpServletRequest req, HttpServletResponse resp) {
|
|
||||||
try {
|
|
||||||
validateLoginRequest(req, resp);
|
|
||||||
DeviceManagementConfig deviceManagementConfig = DeviceConfigurationManager.getInstance()
|
|
||||||
.getDeviceManagementConfig();
|
|
||||||
String adminUsername = deviceManagementConfig.getIdentityConfigurations().getAdminUsername();
|
|
||||||
String adminPwd = deviceManagementConfig.getIdentityConfigurations().getAdminPassword();
|
|
||||||
|
|
||||||
HttpSession httpSession = req.getSession(false);
|
|
||||||
if (httpSession != null) {
|
|
||||||
httpSession.invalidate();
|
|
||||||
}
|
|
||||||
httpSession = req.getSession(true);
|
|
||||||
//setting session to expiry in 5 mins
|
|
||||||
httpSession.setMaxInactiveInterval(Math.toIntExact(HandlerConstants.TIMEOUT));
|
|
||||||
|
|
||||||
HttpGet uiConfigEndpoint = new HttpGet(uiConfigUrl);
|
|
||||||
JsonParser jsonParser = new JsonParser();
|
|
||||||
ProxyResponse uiConfigResponse = execute(uiConfigEndpoint);
|
|
||||||
String executorResponse = uiConfigResponse.getExecutorResponse();
|
|
||||||
if (!StringUtils.isEmpty(executorResponse) && executorResponse
|
|
||||||
.contains(HandlerConstants.EXECUTOR_EXCEPTION_PREFIX)) {
|
|
||||||
log.error("Error occurred while getting UI configurations by invoking " + uiConfigUrl);
|
|
||||||
HandlerUtil.handleError(req, resp, serverUrl, platform, uiConfigResponse);
|
|
||||||
return;
|
|
||||||
}
|
|
||||||
|
|
||||||
String uiConfig = uiConfigResponse.getData();
|
|
||||||
if (uiConfig == null){
|
|
||||||
log.error("UI config retrieval is failed, and didn't find UI configuration for App manager.");
|
|
||||||
HandlerUtil.handleError(req, resp, serverUrl, platform, null);
|
|
||||||
return;
|
|
||||||
}
|
|
||||||
JsonElement uiConfigJsonElement = jsonParser.parse(uiConfigResponse.getData());
|
|
||||||
JsonObject uiConfigJsonObject = null;
|
|
||||||
if (uiConfigJsonElement.isJsonObject()) {
|
|
||||||
uiConfigJsonObject = uiConfigJsonElement.getAsJsonObject();
|
|
||||||
httpSession.setAttribute(HandlerConstants.UI_CONFIG_KEY, uiConfigJsonObject);
|
|
||||||
httpSession.setAttribute(HandlerConstants.PLATFORM, serverUrl);
|
|
||||||
}
|
|
||||||
if (uiConfigJsonObject == null) {
|
|
||||||
log.error(
|
|
||||||
"Either UI config json element is not an json object or converting rom json element to json object is failed.");
|
|
||||||
HandlerUtil.handleError(req, resp, serverUrl, platform, null);
|
|
||||||
return;
|
|
||||||
}
|
|
||||||
|
|
||||||
boolean isSsoEnable = uiConfigJsonObject.get("isSsoEnable").getAsBoolean();
|
|
||||||
JsonArray tags = uiConfigJsonObject.get("appRegistration").getAsJsonObject().get("tags").getAsJsonArray();
|
|
||||||
JsonArray scopes = uiConfigJsonObject.get("scopes").getAsJsonArray();
|
|
||||||
|
|
||||||
if (isSsoEnable) {
|
|
||||||
log.debug("SSO is enabled");
|
|
||||||
} else {
|
|
||||||
// default login
|
|
||||||
HttpPost apiRegEndpoint = new HttpPost(serverUrl + HandlerConstants.APP_REG_ENDPOINT);
|
|
||||||
apiRegEndpoint.setHeader(HandlerConstants.AUTHORIZATION, HandlerConstants.BASIC + Base64.getEncoder()
|
|
||||||
.encodeToString((adminUsername + HandlerConstants.COLON + adminPwd).getBytes()));
|
|
||||||
apiRegEndpoint.setHeader(HTTP.CONTENT_TYPE, ContentType.APPLICATION_JSON.toString());
|
|
||||||
apiRegEndpoint.setEntity(constructAppRegPayload(tags));
|
|
||||||
|
|
||||||
ProxyResponse clientAppResponse = execute(apiRegEndpoint);
|
|
||||||
String clientAppResult = clientAppResponse.getData();
|
|
||||||
|
|
||||||
if (!StringUtils.isEmpty(clientAppResult) && getTokenAndPersistInSession(req, resp,
|
|
||||||
clientAppResponse.getData(), scopes)) {
|
|
||||||
ProxyResponse proxyResponse = new ProxyResponse();
|
|
||||||
proxyResponse.setCode(HttpStatus.SC_OK);
|
|
||||||
proxyResponse.setUrl(serverUrl + "/" + platform + uiConfigJsonObject.get(HandlerConstants.LOGIN_RESPONSE_KEY)
|
|
||||||
.getAsJsonObject().get("successCallback").getAsString());
|
|
||||||
HandlerUtil.handleSuccess(req, resp, serverUrl, platform, proxyResponse);
|
|
||||||
return;
|
|
||||||
}
|
|
||||||
HandlerUtil.handleError(req, resp, serverUrl, platform, null);
|
|
||||||
}
|
|
||||||
} catch (IOException e) {
|
|
||||||
log.error("Error occured while sending the response into the socket. ", e);
|
|
||||||
} catch (JsonSyntaxException e) {
|
|
||||||
log.error("Error occured while parsing the response. ", e);
|
|
||||||
} catch (LoginException e) {
|
|
||||||
log.error("Error occured while getting token data. ", e);
|
|
||||||
}
|
|
||||||
}
|
|
||||||
|
|
||||||
/***
|
|
||||||
*
|
|
||||||
* @param req - {@link HttpServletRequest}
|
|
||||||
* @param clientAppResult - clientAppResult
|
|
||||||
* @param scopes - scopes defied in the application-mgt.xml
|
|
||||||
* @throws LoginException - login exception throws when getting token result
|
|
||||||
*/
|
|
||||||
private boolean getTokenAndPersistInSession(HttpServletRequest req, HttpServletResponse resp,
|
|
||||||
String clientAppResult, JsonArray scopes) throws LoginException {
|
|
||||||
JsonParser jsonParser = new JsonParser();
|
|
||||||
try {
|
|
||||||
JsonElement jClientAppResult = jsonParser.parse(clientAppResult);
|
|
||||||
if (jClientAppResult.isJsonObject()) {
|
|
||||||
JsonObject jClientAppResultAsJsonObject = jClientAppResult.getAsJsonObject();
|
|
||||||
String clientId = jClientAppResultAsJsonObject.get("client_id").getAsString();
|
|
||||||
String clientSecret = jClientAppResultAsJsonObject.get("client_secret").getAsString();
|
|
||||||
String encodedClientApp = Base64.getEncoder()
|
|
||||||
.encodeToString((clientId + ":" + clientSecret).getBytes());
|
|
||||||
|
|
||||||
ProxyResponse tokenResultResponse = getTokenResult(encodedClientApp, scopes);
|
|
||||||
|
|
||||||
if (tokenResultResponse.getExecutorResponse().contains(HandlerConstants.EXECUTOR_EXCEPTION_PREFIX)) {
|
|
||||||
log.error("Error occurred while invoking the API to get token data.");
|
|
||||||
HandlerUtil.handleError(req, resp, serverUrl, platform, tokenResultResponse);
|
|
||||||
return false;
|
|
||||||
}
|
|
||||||
String tokenResult = tokenResultResponse.getData();
|
|
||||||
if (tokenResult == null){
|
|
||||||
log.error("Invalid token response is received.");
|
|
||||||
HandlerUtil.handleError(req, resp, serverUrl, platform, tokenResultResponse);
|
|
||||||
return false;
|
|
||||||
}
|
|
||||||
|
|
||||||
JsonElement jTokenResult = jsonParser.parse(tokenResult);
|
|
||||||
if (jTokenResult.isJsonObject()) {
|
|
||||||
JsonObject jTokenResultAsJsonObject = jTokenResult.getAsJsonObject();
|
|
||||||
HttpSession session = req.getSession(false);
|
|
||||||
if (session == null) {
|
|
||||||
return false;
|
|
||||||
}
|
|
||||||
AuthData authData = new AuthData();
|
|
||||||
authData.setClientId(clientId);
|
|
||||||
authData.setClientSecret(clientSecret);
|
|
||||||
authData.setEncodedClientApp(encodedClientApp);
|
|
||||||
authData.setAccessToken(jTokenResultAsJsonObject.get("access_token").getAsString());
|
|
||||||
authData.setRefreshToken(jTokenResultAsJsonObject.get("refresh_token").getAsString());
|
|
||||||
authData.setScope(jTokenResultAsJsonObject.get("scope").getAsString());
|
|
||||||
session.setAttribute(HandlerConstants.SESSION_AUTH_DATA_KEY, authData);
|
|
||||||
return true;
|
|
||||||
|
|
||||||
}
|
|
||||||
}
|
|
||||||
return false;
|
|
||||||
} catch (IOException e) {
|
|
||||||
throw new LoginException("Error occured while sending the response into the socket", e);
|
|
||||||
}
|
|
||||||
}
|
|
||||||
|
|
||||||
/***
|
|
||||||
*
|
|
||||||
* @param scopes - scope Json Array and it is retrieved by reading UI config.
|
|
||||||
* @return string value of the defined scopes
|
|
||||||
*/
|
|
||||||
private String getScopeString(JsonArray scopes) {
|
|
||||||
if (scopes != null && scopes.size() > 0) {
|
|
||||||
StringBuilder builder = new StringBuilder();
|
|
||||||
for (JsonElement scope : scopes) {
|
|
||||||
String tmpscope = scope.getAsString() + " ";
|
|
||||||
builder.append(tmpscope);
|
|
||||||
}
|
|
||||||
return builder.toString();
|
|
||||||
} else {
|
|
||||||
return null;
|
|
||||||
}
|
|
||||||
}
|
|
||||||
|
|
||||||
/***
|
|
||||||
*
|
|
||||||
* @param req - {@link HttpServletRequest}
|
|
||||||
* Define username and password static parameters.
|
|
||||||
*/
|
|
||||||
private static void validateLoginRequest(HttpServletRequest req, HttpServletResponse resp) throws LoginException {
|
|
||||||
username = req.getParameter("username");
|
|
||||||
password = req.getParameter("password");
|
|
||||||
platform = req.getParameter("platform");
|
|
||||||
serverUrl = req.getScheme() + "://" + req.getServerName() + ":" + req.getServerPort();
|
|
||||||
uiConfigUrl = serverUrl + HandlerConstants.UI_CONFIG_ENDPOINT;
|
|
||||||
|
|
||||||
try {
|
|
||||||
if (platform == null) {
|
|
||||||
resp.sendRedirect(serverUrl + HandlerConstants.DEFAULT_ERROR_CALLBACK);
|
|
||||||
throw new LoginException("Invalid login request. Platform parameter is Null.");
|
|
||||||
}
|
|
||||||
if (username == null || password == null) {
|
|
||||||
resp.sendRedirect(serverUrl + "/" + platform + HandlerConstants.DEFAULT_ERROR_CALLBACK);
|
|
||||||
throw new LoginException(
|
|
||||||
" Invalid login request. Username or Password is not received for login request.");
|
|
||||||
}
|
|
||||||
} catch (IOException e) {
|
|
||||||
throw new LoginException("Error Occured while redirecting to default error page.", e);
|
|
||||||
}
|
|
||||||
}
|
|
||||||
|
|
||||||
/***
|
|
||||||
*
|
|
||||||
* @param tags - tags which are retrieved by reading app manager configuration
|
|
||||||
* @return {@link StringEntity} of the payload to create the client application
|
|
||||||
*/
|
|
||||||
private StringEntity constructAppRegPayload(JsonArray tags) {
|
|
||||||
JsonObject jsonObject = new JsonObject();
|
|
||||||
jsonObject.addProperty(HandlerConstants.APP_NAME_KEY, HandlerConstants.PUBLISHER_APPLICATION_NAME);
|
|
||||||
jsonObject.addProperty("isAllowedToAllDomains", "false");
|
|
||||||
jsonObject.add(HandlerConstants.TAGS_KEY, tags);
|
|
||||||
String payload = jsonObject.toString();
|
|
||||||
return new StringEntity(payload, ContentType.APPLICATION_JSON);
|
|
||||||
}
|
|
||||||
|
|
||||||
/***
|
|
||||||
*
|
|
||||||
* @param encodedClientApp - Base64 encoded clientId:clientSecret.
|
|
||||||
* @param scopes - Scopes which are retrieved by reading application-mgt configuration
|
|
||||||
* @return Invoke token endpoint and return the response as string.
|
|
||||||
* @throws IOException IO exception throws if an error occured when invoking token endpoint
|
|
||||||
*/
|
|
||||||
private ProxyResponse getTokenResult(String encodedClientApp, JsonArray scopes) throws IOException {
|
|
||||||
|
|
||||||
HttpPost tokenEndpoint = new HttpPost(serverUrl + HandlerConstants.TOKEN_ENDPOINT);
|
|
||||||
tokenEndpoint.setHeader("Authorization", "Basic " + encodedClientApp);
|
|
||||||
tokenEndpoint.setHeader("Content-Type", ContentType.APPLICATION_FORM_URLENCODED.toString());
|
|
||||||
String scopeString = getScopeString(scopes);
|
|
||||||
|
|
||||||
if (scopeString != null) {
|
|
||||||
scopeString = scopeString.trim();
|
|
||||||
} else {
|
|
||||||
scopeString = "default";
|
|
||||||
}
|
|
||||||
|
|
||||||
StringEntity tokenEPPayload = new StringEntity(
|
|
||||||
"grant_type=password&username=" + username + "&password=" + password + "&scope=" + scopeString,
|
|
||||||
ContentType.APPLICATION_FORM_URLENCODED);
|
|
||||||
tokenEndpoint.setEntity(tokenEPPayload);
|
|
||||||
return execute(tokenEndpoint);
|
|
||||||
}
|
|
||||||
}
|
|
@ -1,88 +0,0 @@
|
|||||||
/* Copyright (c) 2019, Entgra (Pvt) Ltd. (http://www.entgra.io) All Rights Reserved.
|
|
||||||
*
|
|
||||||
* Entgra (Pvt) Ltd. licenses this file to you under the Apache License,
|
|
||||||
* Version 2.0 (the "License"); you may not use this file except
|
|
||||||
* in compliance with the License.
|
|
||||||
* You may obtain a copy of the License at
|
|
||||||
*
|
|
||||||
* http://www.apache.org/licenses/LICENSE-2.0
|
|
||||||
*
|
|
||||||
* Unless required by applicable law or agreed to in writing,
|
|
||||||
* software distributed under the License is distributed on an
|
|
||||||
* "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
|
|
||||||
* KIND, either express or implied. See the License for the
|
|
||||||
* specific language governing permissions and limitations
|
|
||||||
* under the License.
|
|
||||||
*/
|
|
||||||
|
|
||||||
package org.wso2.carbon.device.application.mgt.handler.beans;
|
|
||||||
|
|
||||||
|
|
||||||
public class AuthData implements java.io.Serializable {
|
|
||||||
|
|
||||||
private static final long serialVersionUID = -5156750882531944849L;
|
|
||||||
|
|
||||||
private String accessToken;
|
|
||||||
private String refreshToken;
|
|
||||||
private String username;
|
|
||||||
private String clientId;
|
|
||||||
private String clientSecret;
|
|
||||||
private String encodedClientApp;
|
|
||||||
private String scope;
|
|
||||||
|
|
||||||
public String getAccessToken() {
|
|
||||||
return accessToken;
|
|
||||||
}
|
|
||||||
|
|
||||||
public void setAccessToken(String accessToken) {
|
|
||||||
this.accessToken = accessToken;
|
|
||||||
}
|
|
||||||
|
|
||||||
public String getRefreshToken() {
|
|
||||||
return refreshToken;
|
|
||||||
}
|
|
||||||
|
|
||||||
public void setRefreshToken(String refreshToken) {
|
|
||||||
this.refreshToken = refreshToken;
|
|
||||||
}
|
|
||||||
|
|
||||||
public String getUsername() {
|
|
||||||
return username;
|
|
||||||
}
|
|
||||||
|
|
||||||
public void setUsername(String username) {
|
|
||||||
this.username = username;
|
|
||||||
}
|
|
||||||
|
|
||||||
public String getClientId() {
|
|
||||||
return clientId;
|
|
||||||
}
|
|
||||||
|
|
||||||
public void setClientId(String clientId) {
|
|
||||||
this.clientId = clientId;
|
|
||||||
}
|
|
||||||
|
|
||||||
public String getClientSecret() {
|
|
||||||
return clientSecret;
|
|
||||||
}
|
|
||||||
|
|
||||||
public void setClientSecret(String clientSecret) {
|
|
||||||
this.clientSecret = clientSecret;
|
|
||||||
}
|
|
||||||
|
|
||||||
public String getEncodedClientApp() {
|
|
||||||
return encodedClientApp;
|
|
||||||
}
|
|
||||||
|
|
||||||
public void setEncodedClientApp(String encodedClientApp) {
|
|
||||||
this.encodedClientApp = encodedClientApp;
|
|
||||||
}
|
|
||||||
|
|
||||||
public String getScope() {
|
|
||||||
return scope;
|
|
||||||
}
|
|
||||||
|
|
||||||
public void setScope(String scope) {
|
|
||||||
this.scope = scope;
|
|
||||||
}
|
|
||||||
}
|
|
@ -1,38 +0,0 @@
|
|||||||
/* Copyright (c) 2018, Entgra (Pvt) Ltd. (http://www.entgra.io) All Rights Reserved.
|
|
||||||
*
|
|
||||||
* Entgra (Pvt) Ltd. licenses this file to you under the Apache License,
|
|
||||||
* Version 2.0 (the "License"); you may not use this file except
|
|
||||||
* in compliance with the License.
|
|
||||||
* You may obtain a copy of the License at
|
|
||||||
*
|
|
||||||
* http://www.apache.org/licenses/LICENSE-2.0
|
|
||||||
*
|
|
||||||
* Unless required by applicable law or agreed to in writing,
|
|
||||||
* software distributed under the License is distributed on an
|
|
||||||
* "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
|
|
||||||
* KIND, either express or implied. See the License for the
|
|
||||||
* specific language governing permissions and limitations
|
|
||||||
* under the License.
|
|
||||||
*/
|
|
||||||
|
|
||||||
package org.wso2.carbon.device.application.mgt.handler.exceptions;
|
|
||||||
|
|
||||||
public class LoginException extends Exception {
|
|
||||||
public LoginException(String message) {
|
|
||||||
super(message);
|
|
||||||
}
|
|
||||||
|
|
||||||
public LoginException(String message, Throwable cause) {
|
|
||||||
super(message, cause);
|
|
||||||
}
|
|
||||||
|
|
||||||
public LoginException(Throwable cause) {
|
|
||||||
super(cause);
|
|
||||||
}
|
|
||||||
|
|
||||||
public LoginException(String message, Throwable cause,
|
|
||||||
boolean enableSuppression,
|
|
||||||
boolean writableStackTrace) {
|
|
||||||
super(message, cause, enableSuppression, writableStackTrace);
|
|
||||||
}
|
|
||||||
}
|
|
@ -1,44 +0,0 @@
|
|||||||
/* Copyright (c) 2018, Entgra (Pvt) Ltd. (http://www.entgra.io) All Rights Reserved.
|
|
||||||
*
|
|
||||||
* Entgra (Pvt) Ltd. licenses this file to you under the Apache License,
|
|
||||||
* Version 2.0 (the "License"); you may not use this file except
|
|
||||||
* in compliance with the License.
|
|
||||||
* You may obtain a copy of the License at
|
|
||||||
*
|
|
||||||
* http://www.apache.org/licenses/LICENSE-2.0
|
|
||||||
*
|
|
||||||
* Unless required by applicable law or agreed to in writing,
|
|
||||||
* software distributed under the License is distributed on an
|
|
||||||
* "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
|
|
||||||
* KIND, either express or implied. See the License for the
|
|
||||||
* specific language governing permissions and limitations
|
|
||||||
* under the License.
|
|
||||||
*/
|
|
||||||
|
|
||||||
package org.wso2.carbon.device.application.mgt.handler.util;
|
|
||||||
|
|
||||||
public class HandlerConstants {
|
|
||||||
public static final String PUBLISHER_APPLICATION_NAME = "application-mgt-publisher";
|
|
||||||
public static final String APP_REG_ENDPOINT = "/api-application-registration/register";
|
|
||||||
public static final String UI_CONFIG_ENDPOINT = "/api/application-mgt/v1.0/config/ui-config";
|
|
||||||
public static final String TOKEN_ENDPOINT = "/oauth2/token";
|
|
||||||
public static final String AUTHORIZATION = "Authorization";
|
|
||||||
public static final String BASIC = "Basic ";
|
|
||||||
public static final String COLON = ":";
|
|
||||||
public static final String TAGS_KEY = "tags";
|
|
||||||
public static final String APP_NAME_KEY = "applicationName";
|
|
||||||
public static final String SESSION_AUTH_DATA_KEY = "application-mgt";
|
|
||||||
public static final String AUTHORIZATION_HEADER_KEY = "Authorization";
|
|
||||||
public static final String UI_CONFIG_KEY = "ui-config";
|
|
||||||
public static final String PLATFORM = "platform";
|
|
||||||
public static final String SERVER_HOST = "server-host";
|
|
||||||
public static final String DEFAULT_ERROR_CALLBACK = "/pages/error/default";
|
|
||||||
public static final String LOGIN_RESPONSE_KEY = "loginResponse";
|
|
||||||
public static final String FAILURE_CALLBACK_KEY = "failureCallback";
|
|
||||||
public static final String API_COMMON_CONTEXT = "/api";
|
|
||||||
public static final String EXECUTOR_EXCEPTION_PREFIX = "ExecutorException-";
|
|
||||||
public static final String TOKEN_IS_EXPIRED = "ACCESS_TOKEN_IS_EXPIRED";
|
|
||||||
|
|
||||||
public static final int INTERNAL_ERROR_CODE = 500;
|
|
||||||
public static final long TIMEOUT = 1200;
|
|
||||||
}
|
|
@ -1,241 +0,0 @@
|
|||||||
/* Copyright (c) 2019, Entgra (Pvt) Ltd. (http://www.entgra.io) All Rights Reserved.
|
|
||||||
*
|
|
||||||
* Entgra (Pvt) Ltd. licenses this file to you under the Apache License,
|
|
||||||
* Version 2.0 (the "License"); you may not use this file except
|
|
||||||
* in compliance with the License.
|
|
||||||
* You may obtain a copy of the License at
|
|
||||||
*
|
|
||||||
* http://www.apache.org/licenses/LICENSE-2.0
|
|
||||||
*
|
|
||||||
* Unless required by applicable law or agreed to in writing,
|
|
||||||
* software distributed under the License is distributed on an
|
|
||||||
* "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
|
|
||||||
* KIND, either express or implied. See the License for the
|
|
||||||
* specific language governing permissions and limitations
|
|
||||||
* under the License.
|
|
||||||
*/
|
|
||||||
|
|
||||||
package org.wso2.carbon.device.application.mgt.handler.util;
|
|
||||||
|
|
||||||
import com.google.gson.Gson;
|
|
||||||
import com.google.gson.JsonObject;
|
|
||||||
import org.apache.commons.lang.StringUtils;
|
|
||||||
import org.apache.commons.logging.Log;
|
|
||||||
import org.apache.commons.logging.LogFactory;
|
|
||||||
import org.apache.http.HttpResponse;
|
|
||||||
import org.apache.http.HttpStatus;
|
|
||||||
import org.apache.http.client.methods.HttpDelete;
|
|
||||||
import org.apache.http.client.methods.HttpGet;
|
|
||||||
import org.apache.http.client.methods.HttpPost;
|
|
||||||
import org.apache.http.client.methods.HttpPut;
|
|
||||||
import org.apache.http.impl.client.CloseableHttpClient;
|
|
||||||
import org.apache.http.impl.client.HttpClients;
|
|
||||||
import org.json.JSONException;
|
|
||||||
import org.json.JSONObject;
|
|
||||||
import org.wso2.carbon.device.application.mgt.common.ProxyResponse;
|
|
||||||
|
|
||||||
import javax.servlet.http.HttpServletRequest;
|
|
||||||
import javax.servlet.http.HttpServletResponse;
|
|
||||||
import javax.servlet.http.HttpSession;
|
|
||||||
import java.io.BufferedReader;
|
|
||||||
import java.io.IOException;
|
|
||||||
import java.io.InputStreamReader;
|
|
||||||
import java.io.PrintWriter;
|
|
||||||
|
|
||||||
public class HandlerUtil {
|
|
||||||
|
|
||||||
private static final Log log = LogFactory.getLog(HandlerUtil.class);
|
|
||||||
|
|
||||||
/***
|
|
||||||
*
|
|
||||||
* @param httpMethod - httpMethod e.g:- HttpPost, HttpGet
|
|
||||||
* @param <T> - HttpPost or HttpGet class
|
|
||||||
* @return response as string
|
|
||||||
* @throws IOException IO exception returns if error occurs when executing the httpMethod
|
|
||||||
*/
|
|
||||||
public static <T> ProxyResponse execute(T httpMethod) throws IOException {
|
|
||||||
try (CloseableHttpClient client = HttpClients.createDefault()) {
|
|
||||||
HttpResponse response = null;
|
|
||||||
if (httpMethod instanceof HttpPost) {
|
|
||||||
HttpPost method = (HttpPost) httpMethod;
|
|
||||||
response = client.execute(method);
|
|
||||||
} else if (httpMethod instanceof HttpGet) {
|
|
||||||
HttpGet method = (HttpGet) httpMethod;
|
|
||||||
response = client.execute(method);
|
|
||||||
} else if (httpMethod instanceof HttpPut) {
|
|
||||||
HttpPut method = (HttpPut) httpMethod;
|
|
||||||
response = client.execute(method);
|
|
||||||
} else if (httpMethod instanceof HttpDelete) {
|
|
||||||
HttpDelete method = (HttpDelete) httpMethod;
|
|
||||||
response = client.execute(method);
|
|
||||||
}
|
|
||||||
|
|
||||||
ProxyResponse proxyResponse = new ProxyResponse();
|
|
||||||
if (response == null) {
|
|
||||||
proxyResponse.setCode(HandlerConstants.INTERNAL_ERROR_CODE);
|
|
||||||
proxyResponse.setExecutorResponse(HandlerConstants.EXECUTOR_EXCEPTION_PREFIX + getStatusKey(
|
|
||||||
HandlerConstants.INTERNAL_ERROR_CODE));
|
|
||||||
return proxyResponse;
|
|
||||||
} else {
|
|
||||||
int statusCode = response.getStatusLine().getStatusCode();
|
|
||||||
try (BufferedReader rd = new BufferedReader(new InputStreamReader(response.getEntity().getContent()))) {
|
|
||||||
StringBuilder result = new StringBuilder();
|
|
||||||
String line;
|
|
||||||
while ((line = rd.readLine()) != null) {
|
|
||||||
result.append(line);
|
|
||||||
}
|
|
||||||
|
|
||||||
String jsonString = result.toString();
|
|
||||||
if (statusCode == HttpStatus.SC_OK || statusCode == HttpStatus.SC_CREATED) {
|
|
||||||
proxyResponse.setCode(statusCode);
|
|
||||||
proxyResponse.setData(jsonString);
|
|
||||||
proxyResponse.setExecutorResponse("SUCCESS");
|
|
||||||
return proxyResponse;
|
|
||||||
} else if (statusCode == HttpStatus.SC_UNAUTHORIZED) {
|
|
||||||
if (jsonString.contains("Access token expired") || jsonString
|
|
||||||
.contains("Invalid input. Access token validation failed")) {
|
|
||||||
proxyResponse.setCode(statusCode);
|
|
||||||
proxyResponse.setExecutorResponse("ACCESS_TOKEN_IS_EXPIRED");
|
|
||||||
return proxyResponse;
|
|
||||||
} else {
|
|
||||||
proxyResponse.setCode(statusCode);
|
|
||||||
proxyResponse.setData(jsonString);
|
|
||||||
proxyResponse.setExecutorResponse(
|
|
||||||
HandlerConstants.EXECUTOR_EXCEPTION_PREFIX + getStatusKey(statusCode));
|
|
||||||
return proxyResponse;
|
|
||||||
}
|
|
||||||
}
|
|
||||||
proxyResponse.setCode(statusCode);
|
|
||||||
proxyResponse.setData(jsonString);
|
|
||||||
proxyResponse
|
|
||||||
.setExecutorResponse(HandlerConstants.EXECUTOR_EXCEPTION_PREFIX + getStatusKey(statusCode));
|
|
||||||
return proxyResponse;
|
|
||||||
}
|
|
||||||
}
|
|
||||||
}
|
|
||||||
}
|
|
||||||
|
|
||||||
/***
|
|
||||||
*
|
|
||||||
* @param statusCode Provide status code, e.g:- 400, 401, 500 etc
|
|
||||||
* @return relative status code key for given status code.
|
|
||||||
*/
|
|
||||||
public static String getStatusKey (int statusCode){
|
|
||||||
String statusCodeKey;
|
|
||||||
|
|
||||||
switch (statusCode) {
|
|
||||||
case HttpStatus.SC_INTERNAL_SERVER_ERROR:
|
|
||||||
statusCodeKey = "internalServerError";
|
|
||||||
break;
|
|
||||||
case HttpStatus.SC_BAD_REQUEST:
|
|
||||||
statusCodeKey = "badRequest";
|
|
||||||
break;
|
|
||||||
case HttpStatus.SC_UNAUTHORIZED:
|
|
||||||
statusCodeKey = "unauthorized";
|
|
||||||
break;
|
|
||||||
case HttpStatus.SC_FORBIDDEN:
|
|
||||||
statusCodeKey = "forbidden";
|
|
||||||
break;
|
|
||||||
case HttpStatus.SC_NOT_FOUND:
|
|
||||||
statusCodeKey = "notFound";
|
|
||||||
break;
|
|
||||||
case HttpStatus.SC_METHOD_NOT_ALLOWED:
|
|
||||||
statusCodeKey = "methodNotAllowed";
|
|
||||||
break;
|
|
||||||
case HttpStatus.SC_NOT_ACCEPTABLE:
|
|
||||||
statusCodeKey = "notAcceptable";
|
|
||||||
break;
|
|
||||||
case HttpStatus.SC_UNSUPPORTED_MEDIA_TYPE:
|
|
||||||
statusCodeKey = "unsupportedMediaType";
|
|
||||||
break;
|
|
||||||
default:
|
|
||||||
statusCodeKey = "defaultPage";
|
|
||||||
break;
|
|
||||||
}
|
|
||||||
return statusCodeKey;
|
|
||||||
}
|
|
||||||
|
|
||||||
|
|
||||||
/***
|
|
||||||
*
|
|
||||||
* @param resp {@link HttpServletResponse}
|
|
||||||
* Return Error Response.
|
|
||||||
*/
|
|
||||||
public static void handleError(HttpServletRequest req, HttpServletResponse resp, String serverUrl,
|
|
||||||
String platform, ProxyResponse proxyResponse) throws IOException {
|
|
||||||
|
|
||||||
HttpSession httpSession = req.getSession(true);
|
|
||||||
Gson gson = new Gson();
|
|
||||||
if (proxyResponse == null){
|
|
||||||
proxyResponse = new ProxyResponse();
|
|
||||||
proxyResponse.setCode(HttpStatus.SC_INTERNAL_SERVER_ERROR);
|
|
||||||
proxyResponse.setExecutorResponse(HandlerConstants.EXECUTOR_EXCEPTION_PREFIX + HandlerUtil
|
|
||||||
.getStatusKey(HandlerConstants.INTERNAL_ERROR_CODE));
|
|
||||||
}
|
|
||||||
if (platform == null){
|
|
||||||
platform = "default";
|
|
||||||
}
|
|
||||||
|
|
||||||
resp.setStatus(proxyResponse.getCode());
|
|
||||||
resp.setContentType("application/json");
|
|
||||||
resp.setCharacterEncoding("UTF-8");
|
|
||||||
|
|
||||||
if (httpSession != null) {
|
|
||||||
JsonObject uiConfig = (JsonObject) httpSession.getAttribute(HandlerConstants.UI_CONFIG_KEY);
|
|
||||||
if (uiConfig == null){
|
|
||||||
proxyResponse.setUrl(serverUrl + "/" + platform + HandlerConstants.DEFAULT_ERROR_CALLBACK);
|
|
||||||
} else{
|
|
||||||
proxyResponse.setUrl(serverUrl + uiConfig.get(HandlerConstants.LOGIN_RESPONSE_KEY).getAsJsonObject()
|
|
||||||
.get(HandlerConstants.FAILURE_CALLBACK_KEY).getAsJsonObject()
|
|
||||||
.get(proxyResponse.getExecutorResponse().split(HandlerConstants.EXECUTOR_EXCEPTION_PREFIX)[1])
|
|
||||||
.getAsString());
|
|
||||||
}
|
|
||||||
} else {
|
|
||||||
proxyResponse.setUrl(serverUrl + "/" + platform + HandlerConstants.DEFAULT_ERROR_CALLBACK);
|
|
||||||
}
|
|
||||||
|
|
||||||
proxyResponse.setExecutorResponse(null);
|
|
||||||
try (PrintWriter writer = resp.getWriter()) {
|
|
||||||
writer.write(gson.toJson(proxyResponse));
|
|
||||||
}
|
|
||||||
}
|
|
||||||
|
|
||||||
/***
|
|
||||||
*
|
|
||||||
* @param resp {@link HttpServletResponse}
|
|
||||||
* Return Success Response.
|
|
||||||
*/
|
|
||||||
public static void handleSuccess(HttpServletRequest req, HttpServletResponse resp, String serverUrl,
|
|
||||||
String platform, ProxyResponse proxyResponse) throws IOException {
|
|
||||||
if (proxyResponse == null){
|
|
||||||
handleError(req,resp,serverUrl,platform,proxyResponse);
|
|
||||||
return;
|
|
||||||
}
|
|
||||||
|
|
||||||
resp.setStatus(proxyResponse.getCode());
|
|
||||||
resp.setContentType("application/json");
|
|
||||||
resp.setCharacterEncoding("UTF-8");
|
|
||||||
|
|
||||||
JSONObject response = new JSONObject();
|
|
||||||
String redirectUrl = proxyResponse.getUrl();
|
|
||||||
String responseData = proxyResponse.getData();
|
|
||||||
|
|
||||||
if (!StringUtils.isEmpty(redirectUrl)){
|
|
||||||
response.put("url", redirectUrl);
|
|
||||||
}
|
|
||||||
if (!StringUtils.isEmpty(responseData)){
|
|
||||||
try {
|
|
||||||
JSONObject responseDataJsonObj = new JSONObject(responseData);
|
|
||||||
response.put("data", responseDataJsonObj);
|
|
||||||
} catch (JSONException e) {
|
|
||||||
log.debug("Response data is not valid json string");
|
|
||||||
response.put("data", responseData);
|
|
||||||
}
|
|
||||||
}
|
|
||||||
|
|
||||||
try (PrintWriter writer = resp.getWriter()) {
|
|
||||||
writer.write(response.toString());
|
|
||||||
}
|
|
||||||
}
|
|
||||||
|
|
||||||
}
|
|
@ -1,35 +0,0 @@
|
|||||||
<?xml version="1.0" encoding="ISO-8859-1"?>
|
|
||||||
|
|
||||||
<!--
|
|
||||||
* Copyright (c) 2019, Entgra (Pvt) Ltd. (http://www.entgra.io) All Rights Reserved.
|
|
||||||
*
|
|
||||||
* Entgra (Pvt) Ltd. licenses this file to you under the Apache License,
|
|
||||||
* Version 2.0 (the "License"); you may not use this file except
|
|
||||||
* in compliance with the License.
|
|
||||||
* You may obtain a copy of the License at
|
|
||||||
*
|
|
||||||
* http://www.apache.org/licenses/LICENSE-2.0
|
|
||||||
*
|
|
||||||
* Unless required by applicable law or agreed to in writing,
|
|
||||||
* software distributed under the License is distributed on an
|
|
||||||
* "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
|
|
||||||
* KIND, either express or implied. See the License for the
|
|
||||||
* specific language governing permissions and limitations
|
|
||||||
* under the License.
|
|
||||||
-->
|
|
||||||
|
|
||||||
<!--
|
|
||||||
This file defines class loading policy of the whole container. But this behaviour can be overridden by individual webapps by putting this file into the META-INF/ directory.
|
|
||||||
-->
|
|
||||||
<Classloading xmlns="http://wso2.org/projects/as/classloading">
|
|
||||||
|
|
||||||
<!-- Parent-first or child-first. Default behaviour is child-first.-->
|
|
||||||
<ParentFirst>false</ParentFirst>
|
|
||||||
|
|
||||||
<!--
|
|
||||||
Default environments that contains provides to all the webapps. This can be overridden by individual webapps by specifing required environments
|
|
||||||
Tomcat environment is the default and every webapps gets it even if they didn't specify it.
|
|
||||||
e.g. If a webapps requires CXF, they will get both Tomcat and CXF.
|
|
||||||
-->
|
|
||||||
<Environments>Carbon</Environments>
|
|
||||||
</Classloading>
|
|
@ -1,103 +0,0 @@
|
|||||||
<?xml version="1.0" encoding="UTF-8"?>
|
|
||||||
<!--
|
|
||||||
~ Copyright (c) 2016, WSO2 Inc. (http://www.wso2.org) All Rights Reserved.
|
|
||||||
~
|
|
||||||
~ WSO2 Inc. licenses this file to you under the Apache License,
|
|
||||||
~ Version 2.0 (the "License"); you may not use this file except
|
|
||||||
~ in compliance with the License.
|
|
||||||
~ You may obtain a copy of the License at
|
|
||||||
~
|
|
||||||
~ http://www.apache.org/licenses/LICENSE-2.0
|
|
||||||
~
|
|
||||||
~ Unless required by applicable law or agreed to in writing,
|
|
||||||
~ software distributed under the License is distributed on an
|
|
||||||
~ "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
|
|
||||||
~ KIND, either express or implied. See the License for the
|
|
||||||
~ specific language governing permissions and limitations
|
|
||||||
~ under the License.
|
|
||||||
-->
|
|
||||||
<web-app xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xmlns="http://java.sun.com/xml/ns/javaee"
|
|
||||||
xsi:schemaLocation="http://java.sun.com/xml/ns/javaee http://java.sun.com/xml/ns/javaee/web-app_2_5.xsd"
|
|
||||||
version="2.5">
|
|
||||||
<display-name>Application Management Auth Webapp</display-name>
|
|
||||||
<session-config>
|
|
||||||
<session-timeout>60</session-timeout>
|
|
||||||
</session-config>
|
|
||||||
<context-param>
|
|
||||||
<param-name>doAuthentication</param-name>
|
|
||||||
<param-value>false</param-value>
|
|
||||||
</context-param>
|
|
||||||
|
|
||||||
<!--publish to apim-->
|
|
||||||
<context-param>
|
|
||||||
<param-name>managed-api-enabled</param-name>
|
|
||||||
<param-value>false</param-value>
|
|
||||||
</context-param>
|
|
||||||
<context-param>
|
|
||||||
<param-name>managed-api-owner</param-name>
|
|
||||||
<param-value>admin</param-value>
|
|
||||||
</context-param>
|
|
||||||
<context-param>
|
|
||||||
<param-name>isSharedWithAllTenants</param-name>
|
|
||||||
<param-value>true</param-value>
|
|
||||||
</context-param>
|
|
||||||
|
|
||||||
<filter>
|
|
||||||
<filter-name>CorsFilter</filter-name>
|
|
||||||
<filter-class>org.apache.catalina.filters.CorsFilter</filter-class>
|
|
||||||
<init-param>
|
|
||||||
<param-name>cors.allowed.origins</param-name>
|
|
||||||
<param-value>*</param-value>
|
|
||||||
</init-param>
|
|
||||||
<init-param>
|
|
||||||
<param-name>cors.allowed.methods</param-name>
|
|
||||||
<param-value>GET,POST,DELETE,PUT</param-value>
|
|
||||||
</init-param>
|
|
||||||
<init-param>
|
|
||||||
<param-name>cors.allowed.headers</param-name>
|
|
||||||
<param-value>Content-Type</param-value>
|
|
||||||
</init-param>
|
|
||||||
</filter>
|
|
||||||
|
|
||||||
<filter>
|
|
||||||
<filter-name>HttpHeaderSecurityFilter</filter-name>
|
|
||||||
<filter-class>org.apache.catalina.filters.HttpHeaderSecurityFilter</filter-class>
|
|
||||||
<init-param>
|
|
||||||
<param-name>hstsEnabled</param-name>
|
|
||||||
<param-value>false</param-value>
|
|
||||||
</init-param>
|
|
||||||
</filter>
|
|
||||||
|
|
||||||
<filter>
|
|
||||||
<filter-name>ContentTypeBasedCachePreventionFilter</filter-name>
|
|
||||||
<filter-class>org.wso2.carbon.ui.filters.cache.ContentTypeBasedCachePreventionFilter</filter-class>
|
|
||||||
<init-param>
|
|
||||||
<param-name>patterns</param-name>
|
|
||||||
<param-value>text/html" ,application/json" ,text/plain</param-value>
|
|
||||||
</init-param>
|
|
||||||
<init-param>
|
|
||||||
<param-name>filterAction</param-name>
|
|
||||||
<param-value>enforce</param-value>
|
|
||||||
</init-param>
|
|
||||||
<init-param>
|
|
||||||
<param-name>httpHeaders</param-name>
|
|
||||||
<param-value>Cache-Control: no-store, no-cache, must-revalidate, private</param-value>
|
|
||||||
</init-param>
|
|
||||||
</filter>
|
|
||||||
|
|
||||||
<filter-mapping>
|
|
||||||
<filter-name>HttpHeaderSecurityFilter</filter-name>
|
|
||||||
<url-pattern>/*</url-pattern>
|
|
||||||
</filter-mapping>
|
|
||||||
|
|
||||||
<filter-mapping>
|
|
||||||
<filter-name>ContentTypeBasedCachePreventionFilter</filter-name>
|
|
||||||
<url-pattern>/*</url-pattern>
|
|
||||||
</filter-mapping>
|
|
||||||
|
|
||||||
<filter-mapping>
|
|
||||||
<filter-name>CorsFilter</filter-name>
|
|
||||||
<url-pattern>/*</url-pattern>
|
|
||||||
</filter-mapping>
|
|
||||||
|
|
||||||
</web-app>
|
|
Loading…
Reference in new issue