Examples with ApiAuthenticationException com.bluenimble.platform.api.security.ApiAuthenticationException used on opensource projects

Search in sources :

Example 1 with ApiAuthenticationException

use of com.bluenimble.platform.api.security.ApiAuthenticationException in project serverless by bluenimble.

the class BasicConsumerResolver method authorize.

@Override
public ApiConsumer authorize(Api api, ApiService service, ApiRequest request, ApiConsumer consumer) throws ApiAuthenticationException {
    JsonObject auth = Json.getObject(Json.getObject(Json.getObject(api.getSecurity(), Api.Spec.Security.Schemes), MethodName), Api.Spec.Security.Auth);
    if (auth == null || auth.isEmpty()) {
        return consumer;
    }
    String feature = Json.getString(auth, Spec.Auth.Feature);
    JsonObject query = Json.getObject(auth, Spec.Auth.Query);
    if (query == null || query.isEmpty()) {
        return consumer;
    }
    Map<String, Object> bindings = new HashMap<String, Object>();
    bindings.put(ApiConsumer.Fields.Id, consumer.get(ApiConsumer.Fields.Id));
    bindings.put(ApiConsumer.Fields.Password, consumer.get(ApiConsumer.Fields.Password));
    JsonQuery q = new JsonQuery(query, bindings);
    DatabaseObject odb = null;
    try {
        odb = api.space().feature(Database.class, feature, request).findOne(null, q);
    } catch (Exception ex) {
        throw new ApiAuthenticationException(ex.getMessage(), ex);
    }
    boolean isServiceSecure = Json.getBoolean(service.getSecurity(), ApiService.Spec.Security.Enabled, true);
    if (odb == null) {
        if (isServiceSecure) {
            throw new ApiAuthenticationException("invalid user/password");
        } else {
            return consumer;
        }
    }
    JsonObject oConsumer = odb.toJson(null);
    for (Object k : oConsumer.keySet()) {
        consumer.set(String.valueOf(k), oConsumer.get(k));
    }
    consumer.set(ApiConsumer.Fields.Anonymous, false);
    return consumer;
}
Also used : JsonQuery(com.bluenimble.platform.db.query.impls.JsonQuery) HashMap(java.util.HashMap) ApiAuthenticationException(com.bluenimble.platform.api.security.ApiAuthenticationException) JsonObject(com.bluenimble.platform.json.JsonObject) DatabaseObject(com.bluenimble.platform.db.DatabaseObject) JsonObject(com.bluenimble.platform.json.JsonObject) DatabaseObject(com.bluenimble.platform.db.DatabaseObject) ApiAuthenticationException(com.bluenimble.platform.api.security.ApiAuthenticationException)

Example 2 with ApiAuthenticationException

use of com.bluenimble.platform.api.security.ApiAuthenticationException in project serverless by bluenimble.

the class CookieConsumerResolver method authorize.

@Override
public ApiConsumer authorize(Api api, ApiService service, ApiRequest request, ApiConsumer consumer) throws ApiAuthenticationException {
    JsonObject auth = Json.getObject(Json.getObject(Json.getObject(api.getSecurity(), Api.Spec.Security.Schemes), MethodName), Api.Spec.Security.Auth);
    if (auth == null || auth.isEmpty()) {
        return consumer;
    }
    String token = (String) consumer.get(ApiConsumer.Fields.Token);
    // decrypt token
    String decrypted = null;
    JsonObject secrets;
    try {
        secrets = api.space().getSecrets(Json.getString(auth, Spec.Auth.Secrets));
    } catch (ApiManagementException e) {
        throw new ApiAuthenticationException(e.getMessage(), e);
    }
    if (secrets != null && secrets.containsKey(ApiSpace.Spec.secrets.Key)) {
        String key = Json.getString(secrets, ApiSpace.Spec.secrets.Key);
        Crypto.Algorithm alg = Crypto.Algorithm.AES;
        try {
            alg = Crypto.Algorithm.valueOf(Json.getString(secrets, ApiSpace.Spec.secrets.Algorithm, Crypto.Algorithm.AES.name()).toUpperCase());
        } catch (Exception ex) {
            api.tracer().log(Tracer.Level.Error, Lang.BLANK, ex);
        // IGNORE - > invalid token
        }
        try {
            decrypted = new String(Crypto.decrypt(Lang.decodeHex(token.toCharArray()), key, alg));
        } catch (Exception ex) {
            api.tracer().log(Tracer.Level.Error, Lang.BLANK, ex);
        // IGNORE - > invalid token
        }
    }
    boolean isServiceSecure = Json.getBoolean(service.getSecurity(), ApiService.Spec.Security.Enabled, true);
    if (decrypted == null) {
        if (isServiceSecure) {
            throw new ApiAuthenticationException("invalid token");
        } else {
            return consumer;
        }
    }
    String[] idAndExpiry = Lang.split(decrypted, Lang.SPACE);
    if (idAndExpiry.length > 1) {
        long expiry = Long.valueOf(idAndExpiry[1]);
        if (expiry < System.currentTimeMillis()) {
            if (isServiceSecure) {
                throw new ApiAuthenticationException("token expired");
            }
        }
        consumer.set(ApiConsumer.Fields.ExpiryDate, Lang.toUTC(new Date(expiry)));
    }
    consumer.set(ApiConsumer.Fields.Id, idAndExpiry[0]);
    consumer.set(ApiConsumer.Fields.Permissions, secrets.get(ApiConsumer.Fields.Permissions));
    consumer.set(ApiConsumer.Fields.Anonymous, false);
    return consumer;
}
Also used : Crypto(com.bluenimble.platform.Crypto) ApiAuthenticationException(com.bluenimble.platform.api.security.ApiAuthenticationException) JsonObject(com.bluenimble.platform.json.JsonObject) ApiManagementException(com.bluenimble.platform.api.ApiManagementException) ApiManagementException(com.bluenimble.platform.api.ApiManagementException) ApiAuthenticationException(com.bluenimble.platform.api.security.ApiAuthenticationException) Date(java.util.Date)

Example 3 with ApiAuthenticationException

use of com.bluenimble.platform.api.security.ApiAuthenticationException in project serverless by bluenimble.

the class SignatureConsumerResolver method authorize.

@Override
public ApiConsumer authorize(Api api, ApiService service, ApiRequest request, ApiConsumer consumer) throws ApiAuthenticationException {
    JsonObject oResolver = Json.getObject(Json.getObject(api.getSecurity(), Api.Spec.Security.Schemes), MethodName);
    long validity = Json.getLong(oResolver, Spec.Validity, Defaults.Validity) * 1000;
    String timestampHeader = Json.getString(oResolver, Spec.TimestampHeader, Defaults.TimestampHeader);
    String accessKey = (String) consumer.get(ApiConsumer.Fields.AccessKey);
    if (Lang.isNullOrEmpty(accessKey)) {
        throw new ApiAuthenticationException("Invalid request. Invalid consumer " + accessKey);
    }
    String timestamp = (String) request.get(timestampHeader, Scope.Header);
    if (Lang.isNullOrEmpty(timestamp)) {
        throw new ApiAuthenticationException("No timestamp specified");
    }
    String signature = (String) consumer.get(ApiConsumer.Fields.Signature);
    if (Lang.isNullOrEmpty(signature)) {
        throw new ApiAuthenticationException("Unsigned request");
    }
    String secretKey = (String) consumer.get(ApiConsumer.Fields.SecretKey);
    if (Lang.isNullOrEmpty(secretKey)) {
        secretKey = getSecretKey(api, request, consumer, accessKey);
    }
    if (Lang.isNullOrEmpty(secretKey)) {
        throw new ApiAuthenticationException("Invalid consumer " + accessKey);
    }
    Object oExpiryDate = consumer.get(ApiConsumer.Fields.ExpiryDate);
    if (oExpiryDate != null) {
        Date expiryDate = null;
        if (oExpiryDate instanceof Date) {
            expiryDate = (Date) oExpiryDate;
        } else if (oExpiryDate instanceof String) {
            try {
                expiryDate = Lang.toDate((String) oExpiryDate, Lang.DEFAULT_DATE_FORMAT);
            } catch (Exception ex) {
                throw new ApiAuthenticationException(ex.getMessage(), ex);
            }
        } else {
            throw new ApiAuthenticationException("unsupported expiry date format found on cunsumer " + oExpiryDate.getClass());
        }
        if (expiryDate.before(new Date())) {
            throw new ApiAuthenticationException("No timestamp specified");
        }
    }
    Date time;
    try {
        time = Lang.toUTC(timestamp);
    } catch (ParseException e) {
        throw new ApiAuthenticationException("Bad timestamp format. Use UTC [" + Lang.UTC_DATE_FORMAT + "]");
    }
    if (time == null) {
        throw new ApiAuthenticationException("Bad timestamp format. Use UTC [" + Lang.UTC_DATE_FORMAT + "]");
    }
    long elapsed = System.currentTimeMillis() - time.getTime();
    if (elapsed > validity) {
        throw new ApiAuthenticationException("Invalid request. Elapsed time must not exceed " + (validity / 1000) + " seconds");
    }
    String calculated = null;
    try {
        calculated = api.space().sign(request, timestamp, accessKey, (String) consumer.get(ApiConsumer.Fields.SecretKey), false);
    } catch (Exception ex) {
        throw new ApiAuthenticationException(ex.getMessage(), ex);
    }
    api.tracer().log(Tracer.Level.Info, "{0} -> caldulated signature: {1}", request.getId(), calculated);
    if (!signature.equals(calculated)) {
        throw new ApiAuthenticationException("Invalid signature");
    }
    consumer.set(ApiConsumer.Fields.Anonymous, false);
    return consumer;
}
Also used : ApiAuthenticationException(com.bluenimble.platform.api.security.ApiAuthenticationException) JsonObject(com.bluenimble.platform.json.JsonObject) JsonObject(com.bluenimble.platform.json.JsonObject) DatabaseObject(com.bluenimble.platform.db.DatabaseObject) ParseException(java.text.ParseException) Date(java.util.Date) ApiAuthenticationException(com.bluenimble.platform.api.security.ApiAuthenticationException) ParseException(java.text.ParseException)

Example 4 with ApiAuthenticationException

use of com.bluenimble.platform.api.security.ApiAuthenticationException in project serverless by bluenimble.

the class SignatureConsumerResolver method getSecretKey.

private String getSecretKey(Api api, ApiRequest request, ApiConsumer consumer, String accessKey) throws ApiAuthenticationException {
    JsonObject auth = Json.getObject(Json.getObject(Json.getObject(api.getSecurity(), Api.Spec.Security.Schemes), MethodName), Api.Spec.Security.Auth);
    if (auth == null || auth.isEmpty()) {
        return null;
    }
    String feature = Json.getString(auth, Spec.Auth.Feature);
    String secretKeyField = Json.getString(auth, Spec.Auth.SecretKeyField, Defaults.SecretKey);
    JsonObject query = Json.getObject(auth, Spec.Auth.Query);
    JsonArray parameters = Json.getArray(auth, Spec.Auth.Parameters);
    if (query == null || query.isEmpty()) {
        return null;
    }
    Map<String, Object> bindings = new HashMap<String, Object>();
    bindings.put(ApiConsumer.Fields.AccessKey, accessKey);
    // addt params
    if (parameters != null && !parameters.isEmpty()) {
        for (int i = 0; i < parameters.count(); i++) {
            String key = String.valueOf(parameters.get(i));
            Object o = request.get(key);
            if (o != null) {
                bindings.put(key, o);
            }
        }
    }
    JsonQuery q = new JsonQuery(query, bindings);
    DatabaseObject odb = null;
    try {
        odb = api.space().feature(Database.class, feature, request).findOne(null, q);
    } catch (Exception ex) {
        throw new ApiAuthenticationException(ex.getMessage(), ex);
    }
    if (odb == null) {
        throw new ApiAuthenticationException("invalid accessKey " + accessKey);
    }
    JsonObject oRecord = odb.toJson(null);
    String[] secretKeyProps = Lang.split(secretKeyField, Lang.DOT);
    Object oSecretKey = Json.find(oRecord, secretKeyProps);
    if (oSecretKey == null) {
        throw new ApiAuthenticationException("secret key not found for accessKey " + accessKey);
    }
    if (!(oSecretKey instanceof String)) {
        throw new ApiAuthenticationException("secret key should be a valid String");
    }
    consumer.set(ApiConsumer.Fields.AccessKey, accessKey);
    consumer.set(ApiConsumer.Fields.SecretKey, oSecretKey);
    JsonObject oConsumer = oRecord;
    for (Object k : oConsumer.keySet()) {
        consumer.set(String.valueOf(k), oConsumer.get(k));
    }
    consumer.set(ApiConsumer.Fields.Anonymous, false);
    return (String) oSecretKey;
}
Also used : JsonArray(com.bluenimble.platform.json.JsonArray) JsonQuery(com.bluenimble.platform.db.query.impls.JsonQuery) HashMap(java.util.HashMap) ApiAuthenticationException(com.bluenimble.platform.api.security.ApiAuthenticationException) JsonObject(com.bluenimble.platform.json.JsonObject) DatabaseObject(com.bluenimble.platform.db.DatabaseObject) JsonObject(com.bluenimble.platform.json.JsonObject) DatabaseObject(com.bluenimble.platform.db.DatabaseObject) ApiAuthenticationException(com.bluenimble.platform.api.security.ApiAuthenticationException) ParseException(java.text.ParseException)

Example 5 with ApiAuthenticationException

use of com.bluenimble.platform.api.security.ApiAuthenticationException in project serverless by bluenimble.

the class TokenConsumerResolver method authorize.

@Override
public ApiConsumer authorize(Api api, ApiService service, ApiRequest request, ApiConsumer consumer) throws ApiAuthenticationException {
    JsonObject auth = Json.getObject(Json.getObject(Json.getObject(api.getSecurity(), Api.Spec.Security.Schemes), MethodName), Api.Spec.Security.Auth);
    if (auth == null || auth.isEmpty()) {
        return consumer;
    }
    String token = (String) consumer.get(ApiConsumer.Fields.Token);
    // decrypt token
    String decrypted = null;
    JsonObject secrets;
    try {
        secrets = api.space().getSecrets(Json.getString(auth, Spec.Auth.Secrets));
    } catch (ApiManagementException e) {
        throw new ApiAuthenticationException(e.getMessage(), e);
    }
    if (secrets != null && secrets.containsKey(ApiSpace.Spec.secrets.Key)) {
        String key = Json.getString(secrets, ApiSpace.Spec.secrets.Key);
        Crypto.Algorithm alg = Crypto.Algorithm.AES;
        try {
            alg = Crypto.Algorithm.valueOf(Json.getString(secrets, ApiSpace.Spec.secrets.Algorithm, Crypto.Algorithm.AES.name()).toUpperCase());
        } catch (Exception ex) {
            api.tracer().log(Tracer.Level.Error, Lang.BLANK, ex);
        // IGNORE - > invalid token
        }
        try {
            decrypted = new String(Crypto.decrypt(Lang.decodeHex(token.toCharArray()), key, alg));
        } catch (Exception ex) {
            api.tracer().log(Tracer.Level.Error, Lang.BLANK, ex);
        // IGNORE - > invalid token
        }
    }
    boolean isServiceSecure = Json.getBoolean(service.getSecurity(), ApiService.Spec.Security.Enabled, true);
    if (decrypted == null) {
        if (isServiceSecure) {
            throw new ApiAuthenticationException("invalid token");
        } else {
            return consumer;
        }
    }
    int indexOfSpace = decrypted.indexOf(Lang.SPACE);
    if (indexOfSpace < 0) {
        if (isServiceSecure) {
            throw new ApiAuthenticationException("invalid token");
        } else {
            return consumer;
        }
    }
    String sExpiry = decrypted.substring(0, indexOfSpace);
    long expiry = Long.valueOf(sExpiry);
    if (expiry < System.currentTimeMillis()) {
        if (isServiceSecure) {
            throw new ApiAuthenticationException("token expired");
        }
    }
    consumer.set(ApiConsumer.Fields.ExpiryDate, Lang.toUTC(new Date(expiry)));
    String sInfo = decrypted.substring(indexOfSpace + 1);
    JsonArray fields = Json.getArray(api.getSecurity(), Api.Spec.Security.Encrypt);
    if (fields == null || fields.isEmpty()) {
        consumer.set(ApiConsumer.Fields.Id, sInfo);
    } else {
        String[] values = Lang.split(sInfo, Lang.SEMICOLON);
        for (int i = 0; i < fields.count(); i++) {
            if (i >= values.length) {
                break;
            }
            consumer.set((String) fields.get(i), values[i]);
        }
    }
    consumer.set(ApiConsumer.Fields.Permissions, secrets.get(ApiConsumer.Fields.Permissions));
    consumer.set(ApiConsumer.Fields.Anonymous, false);
    return consumer;
}
Also used : JsonObject(com.bluenimble.platform.json.JsonObject) ApiManagementException(com.bluenimble.platform.api.ApiManagementException) ApiManagementException(com.bluenimble.platform.api.ApiManagementException) ApiAuthenticationException(com.bluenimble.platform.api.security.ApiAuthenticationException) Date(java.util.Date) JsonArray(com.bluenimble.platform.json.JsonArray) Crypto(com.bluenimble.platform.Crypto) ApiAuthenticationException(com.bluenimble.platform.api.security.ApiAuthenticationException)

Aggregations

ApiAuthenticationException (com.bluenimble.platform.api.security.ApiAuthenticationException)9 JsonObject (com.bluenimble.platform.json.JsonObject)8 JsonArray (com.bluenimble.platform.json.JsonArray)4 DatabaseObject (com.bluenimble.platform.db.DatabaseObject)3 Date (java.util.Date)3 Crypto (com.bluenimble.platform.Crypto)2 ApiManagementException (com.bluenimble.platform.api.ApiManagementException)2 JsonQuery (com.bluenimble.platform.db.query.impls.JsonQuery)2 ParseException (java.text.ParseException)2 HashMap (java.util.HashMap)2 ApiAccessDeniedException (com.bluenimble.platform.api.ApiAccessDeniedException)1 ApiOutput (com.bluenimble.platform.api.ApiOutput)1 ApiResponse (com.bluenimble.platform.api.ApiResponse)1 ApiService (com.bluenimble.platform.api.ApiService)1 ApiServiceExecutionException (com.bluenimble.platform.api.ApiServiceExecutionException)1 ApiSpace (com.bluenimble.platform.api.ApiSpace)1 ApiStatus (com.bluenimble.platform.api.ApiStatus)1 AbstractApiRequest (com.bluenimble.platform.api.impls.AbstractApiRequest)1 ContainerApiRequest (com.bluenimble.platform.api.impls.ContainerApiRequest)1 ContainerApiResponse (com.bluenimble.platform.api.impls.ContainerApiResponse)1
About Me
UseOf

Java Tutorials :

Simple Java RabbitMQ Example with Spring
Simple Springboot JPA Eclipeslink Example
Simple SpringBoot JPA Hibernate Example
Jackson JSON @JsonIgnore and @JsonIgnoreProperties Examples
Java Infinite recursion (StackOverflowError) Jackson solutions
Simple Java Jackson Serialize Objects to JSON and convert them back To Object
ElasticSearch 5 - Upload files using Java API in binary field Example
Java JAXB marshall unmarshall Examples from String and Stream
Java 8 forEach List and Map examples
ElasticSearch 5 Java API SearchRequestBuilder examples
Java ElasticSearch 5 examples with node index and mapping - running local
Convert String to int or Integer Java 8
Java 9 in action - JShell - Ubuntu
Java - removing invalid characters from a file name
Hello world!? or Hello Tutorial