Example 6 with ApiAuthenticationException
use of com.bluenimble.platform.api.security.ApiAuthenticationException in project serverless by bluenimble.
the class MgmApiSpi method findConsumer.
@Override
public void findConsumer(Api api, ApiService service, ApiRequest request, ApiConsumer consumer) throws ApiAuthenticationException {
Type type = consumer.type();
if ("container".equals(request.getChannel())) {
consumer.override((ApiConsumer) request.get(ApiRequest.Consumer));
return;
}
if (!this.isSecure(service)) {
return;
}
if (!type.equals(Type.Signature)) {
throw new ApiAuthenticationException("unsupported authentication mechanism");
}
String accessKey = (String) consumer.get(ApiConsumer.Fields.AccessKey);
final JsonObject oConsumer = Json.getObject(consumers, accessKey);
if (oConsumer == null || oConsumer.isEmpty()) {
throw new ApiAuthenticationException("accessKey not found");
}
Iterator<String> keys = oConsumer.keys();
if (keys == null) {
return;
}
while (keys.hasNext()) {
String key = keys.next();
consumer.set(key, oConsumer.get(key));
}
}
Also used :
Type(com.bluenimble.platform.api.security.ApiConsumer.Type)
ApiAuthenticationException(com.bluenimble.platform.api.security.ApiAuthenticationException)
JsonObject(com.bluenimble.platform.json.JsonObject)
Example 7 with ApiAuthenticationException
use of com.bluenimble.platform.api.security.ApiAuthenticationException in project serverless by bluenimble.
the class KeyStoreAwareApiSpi method findConsumer.
@Override
public void findConsumer(Api api, ApiService service, ApiRequest request, ApiConsumer consumer) throws ApiAuthenticationException {
String accessKey = (String) consumer.get(ApiConsumer.Fields.AccessKey);
if ("container".equals(request.getChannel())) {
consumer.override((ApiConsumer) request.get(ApiRequest.Consumer));
return;
}
if (!MgmUtils.isSecure(service)) {
if (root.accessKey().equals(accessKey)) {
consumer.set(ApiConsumer.Fields.SecretKey, root.secretKey());
consumer.set(ApiConsumer.Fields.ExpiryDate, root.expiryDate());
consumer.set(CommonSpec.Role, Role.SUPER.name());
}
return;
}
if (!consumer.type().equals(Type.Signature)) {
throw new ApiAuthenticationException("unsupported authentication scheme");
}
JsonArray roles = Json.getArray(service.getSecurity(), ApiService.Spec.Security.Roles);
if (root.accessKey().equals(accessKey)) {
if (roles == null || roles.isEmpty() || !roles.contains(Role.SUPER.name().toLowerCase())) {
throw new ApiAuthenticationException("insuffisant permissions");
}
consumer.set(ApiConsumer.Fields.SecretKey, root.secretKey());
consumer.set(ApiConsumer.Fields.ExpiryDate, root.expiryDate());
consumer.set(CommonSpec.Role, Role.SUPER.name());
} else {
int indexOfDot = accessKey.indexOf(Lang.DOT);
if (indexOfDot <= 0) {
throw new ApiAuthenticationException("invalid accessKey");
}
String consumerSpaceNs = accessKey.substring(0, indexOfDot);
accessKey = accessKey.substring(indexOfDot + 1);
ApiSpace consumerSpace;
try {
consumerSpace = api.space().space(consumerSpaceNs);
} catch (ApiAccessDeniedException e) {
throw new ApiAuthenticationException("instance manager can't access requested space");
}
KeyPair skp;
try {
skp = consumerSpace.keystore().get(accessKey, true);
} catch (SpaceKeyStoreException e) {
throw new ApiAuthenticationException("instance manager can't access space keystore");
}
if (skp == null) {
throw new ApiAuthenticationException("accessKey " + accessKey + " not found");
}
String role = (String) skp.property(CommonSpec.Role);
if (Lang.isNullOrEmpty(role)) {
throw new ApiAuthenticationException("no role defined for consumer");
}
if (roles != null && !roles.isEmpty() && !roles.contains(role.toLowerCase())) {
throw new ApiAuthenticationException("insuffisant permissions");
}
consumer.set(ApiConsumer.Fields.Space, consumerSpaceNs);
consumer.set(ApiConsumer.Fields.SecretKey, skp.secretKey());
consumer.set(ApiConsumer.Fields.ExpiryDate, skp.expiryDate());
Iterator<String> props = skp.properties();
if (props != null) {
while (props.hasNext()) {
String p = props.next();
consumer.set(p, skp.property(p));
}
}
}
}
Also used :
JsonArray(com.bluenimble.platform.json.JsonArray)
ApiAccessDeniedException(com.bluenimble.platform.api.ApiAccessDeniedException)
KeyPair(com.bluenimble.platform.security.KeyPair)
ApiSpace(com.bluenimble.platform.api.ApiSpace)
SpaceKeyStoreException(com.bluenimble.platform.security.SpaceKeyStoreException)
ApiAuthenticationException(com.bluenimble.platform.api.security.ApiAuthenticationException)
Example 8 with ApiAuthenticationException
use of com.bluenimble.platform.api.security.ApiAuthenticationException in project serverless by bluenimble.
the class ScriptableApiSpi method findConsumer.
@Override
public void findConsumer(Api api, ApiService service, ApiRequest request, ApiConsumer consumer) throws ApiAuthenticationException {
Object spi = ((SpecAndSpiPair) api.getHelper()).spi();
if (spi == null) {
return;
}
ScriptingEngine engine = api.space().feature(ScriptingEngine.class, ApiSpace.Features.Default, request);
if (!engine.has(spi, Functions.FindConsumer)) {
return;
}
Object jsApi = ((SpecAndSpiPair) api.getHelper()).spec();
if (jsApi == null) {
throw new ApiAuthenticationException("api or spi not attached on Api OnStart");
}
// invoke findConsumer
try {
engine.invoke(spi, Functions.FindConsumer, jsApi, service, request, consumer);
} catch (ScriptingEngineException ex) {
ex.setScript(Json.getString(api.getRuntime(), Api.Spec.Runtime.Function));
throw new ApiAuthenticationException(ex.getMessage(), ex);
}
}
Also used :
ScriptingEngineException(com.bluenimble.platform.scripting.ScriptingEngineException)
ApiAuthenticationException(com.bluenimble.platform.api.security.ApiAuthenticationException)
JsonObject(com.bluenimble.platform.json.JsonObject)
ScriptingEngine(com.bluenimble.platform.scripting.ScriptingEngine)
Example 9 with ApiAuthenticationException
use of com.bluenimble.platform.api.security.ApiAuthenticationException in project serverless by bluenimble.
the class DefaultApiInterceptor method intercept.
@Override
public void intercept(Api api, ApiRequest request, ApiResponse response) {
logDebug(api, "<" + request.getId() + "> Process Request \n" + request.toString());
ServerRequestTrack track = server.getRequestTracker(Json.getString(api.getTracking(), Api.Spec.Tracking.Tracker)).create(api, request);
request.track(track);
response.set(ApiHeaders.NodeID, Json.getString(request.getNode(), ApiRequest.Fields.Node.Id));
response.set(ApiHeaders.NodeType, Json.getString(request.getNode(), ApiRequest.Fields.Node.Type));
response.set(ApiHeaders.NodeVersion, Json.getString(request.getNode(), ApiRequest.Fields.Node.Version));
ApiMediaProcessor mediaProcessor = null;
ApiConsumer consumer = null;
ApiService service = null;
try {
// api life cycle - onRequest
api.getSpi().onRequest(api, request, response);
// resolve service
service = ((ApiImpl) api).lockup(request);
ApiResponse.Status notFoundStatus = null;
String notFoundMessage = null;
if (service == null) {
notFoundStatus = ApiResponse.NOT_FOUND;
notFoundMessage = api.message(request.getLang(), Messages.ServiceNotFound, request.getVerb().name() + Lang.SPACE + request.getPath());
} else if (service.status() != ApiStatus.Running) {
notFoundStatus = ApiResponse.SERVICE_UNAVAILABLE;
notFoundMessage = api.message(request.getLang(), Messages.ServiceNotAvailable, service.getName());
}
if (notFoundStatus != null) {
if (response instanceof ContainerApiResponse) {
((ContainerApiResponse) response).setException(new ApiServiceExecutionException(notFoundMessage).status(notFoundStatus));
} else {
response.error(notFoundStatus, notFoundMessage);
writeError(mediaProcessor, api, null, null, request, response);
}
track.finish((JsonObject) new JsonObject().set(ApiResponse.Error.Code, notFoundStatus.getCode()).set(ApiResponse.Error.Message, notFoundMessage));
return;
}
((AbstractApiRequest) request).setService(service);
// Lookup media processor
mediaProcessor = api.lockupMediaProcessor(request, service);
track.update(service);
logInfo(api, "<" + request.getId() + "> Using service " + service.getVerb() + Lang.SPACE + Json.getString(service.toJson(), ApiService.Spec.Endpoint) + Lang.SPACE + Lang.PARENTH_OPEN + service.getName() + Lang.PARENTH_CLOSE);
// api life cycle - onService
api.getSpi().onService(api, service, request, response);
logInfo(api, "<" + request.getId() + "> Interceptor will use media.processor [" + mediaProcessor.getClass().getSimpleName() + "]");
JsonObject apiSecMethods = Json.getObject(api.getSecurity(), Api.Spec.Security.Schemes);
if (apiSecMethods == null) {
apiSecMethods = JsonObject.Blank;
}
JsonArray serviceSecMethods = Json.getArray(service.getSecurity(), ApiService.Spec.Security.Schemes);
ApiConsumerResolver resolver = null;
try {
Iterator<String> rKeys = apiSecMethods.keys();
if (rKeys != null) {
while (rKeys.hasNext()) {
String resolverName = rKeys.next();
if (serviceSecMethods != null && !serviceSecMethods.contains(resolverName)) {
continue;
}
ApiConsumerResolver r = server.getConsumerResolver(resolverName);
if (r == null) {
continue;
}
consumer = r.resolve(api, service, request);
if (consumer != null) {
resolver = r;
break;
}
}
}
if (consumer == null) {
consumer = new DefaultApiConsumer(ApiConsumer.Type.Unknown);
}
api.getSpi().findConsumer(api, service, request, consumer);
if (resolver != null) {
resolver.authorize(api, service, request, consumer);
}
} catch (ApiAuthenticationException e) {
if (response instanceof ContainerApiResponse) {
((ContainerApiResponse) response).setException(new ApiServiceExecutionException(e.getMessage(), e).status(ApiResponse.UNAUTHORIZED));
} else {
response.error(ApiResponse.UNAUTHORIZED, e.getMessage());
writeError(mediaProcessor, api, consumer, service, request, response);
}
track.finish((JsonObject) new JsonObject().set(ApiResponse.Error.Code, ApiResponse.UNAUTHORIZED.getCode()).set(ApiResponse.Error.Message, e.getMessage()));
return;
}
try {
server.getServiceValidator().validate(api, Json.getObject(service.toJson(), ApiService.Spec.Spec), consumer, request);
} catch (ApiServiceValidatorException e) {
if (response instanceof ContainerApiResponse) {
((ContainerApiResponse) response).setException(new ApiServiceExecutionException(e.getMessage(), e));
} else {
writeValidationError(api, consumer, service, request, response, mediaProcessor, e);
}
Object error = null;
if (e.getFeedback() != null) {
error = e.getFeedback();
} else {
error = e.getMessage();
}
track.finish((JsonObject) new JsonObject().set(ApiResponse.Error.Code, ApiResponse.UNPROCESSABLE_ENTITY.getCode()).set(ApiResponse.Error.Message, error));
return;
}
ApiOutput output = null;
JsonObject mock = Json.getObject(service.toJson(), ApiService.Spec.Mock);
if (mock != null && Json.getBoolean(mock, ConfigKeys.Enabled, false)) {
output = new JsonApiOutput(Json.getObject(mock, ApiService.Spec.Output));
logInfo(api, "<" + request.getId() + "> Service using mock output");
} else {
// api life cycle - onExecute
api.getSpi().onExecute(api, consumer, service, request, response);
output = service.getSpi().execute(api, consumer, request, response);
// api life cycle - afterExecute
api.getSpi().afterExecute(api, consumer, service, request, response);
}
if (request instanceof ContainerApiRequest) {
request.set(ApiRequest.Output, output);
} else {
response.set(ApiHeaders.ExecutionTime, (System.currentTimeMillis() - request.getTimestamp().getTime()));
if (response.isCommitted()) {
logInfo(api, "<" + request.getId() + "> Response already committed. No media processing required");
long time = System.currentTimeMillis() - request.getTimestamp().getTime();
track.finish((JsonObject) new JsonObject().set(ApiResponse.Error.Code, ApiResponse.OK.getCode()).set(ApiResponse.Error.Message, time));
logInfo(api, " <" + request.getId() + "> ExecTime-Cancel: Service " + Json.getString(service.toJson(), ApiService.Spec.Endpoint) + " - Time " + time + " millis");
return;
}
mediaProcessor.process(api, service, consumer, output, request, response);
}
int iStatus = ApiResponse.OK.getCode();
ApiResponse.Status status = response.getStatus();
if (status != null) {
iStatus = status.getCode();
}
long time = System.currentTimeMillis() - request.getTimestamp().getTime();
track.finish((JsonObject) new JsonObject().set(ApiResponse.Error.Code, iStatus).set(ApiResponse.Error.Message, time));
logInfo(api, "<" + request.getId() + "> ExecTime-Success: Service " + Json.getString(service.toJson(), ApiService.Spec.Endpoint) + " - Time " + time + " millis");
} catch (Throwable th) {
if (response instanceof ContainerApiResponse) {
if (th instanceof ApiServiceExecutionException) {
((ContainerApiResponse) response).setException((ApiServiceExecutionException) th);
} else {
((ContainerApiResponse) response).setException(new ApiServiceExecutionException(th.getMessage(), th));
}
// String [] msg = Lang.toMessage (th);
track.finish((JsonObject) Lang.toError(th).set(ApiResponse.Error.Code, ApiResponse.INTERNAL_SERVER_ERROR.getCode()));
} else {
ApiResponse.Status status = null;
if (th instanceof ApiServiceExecutionException) {
status = ((ApiServiceExecutionException) th).status();
}
if (status == null) {
status = ApiResponse.INTERNAL_SERVER_ERROR;
}
boolean isValidationError = false;
if (th instanceof ApiServiceExecutionException) {
Throwable rootCause = ((ApiServiceExecutionException) th).getRootCause();
if (rootCause instanceof ApiServiceValidatorException) {
ApiServiceValidatorException vex = (ApiServiceValidatorException) rootCause;
isValidationError = true;
writeValidationError(api, consumer, service, request, response, mediaProcessor, vex);
Object error = null;
if (vex.getFeedback() != null) {
error = vex.getFeedback();
} else {
error = vex.getMessage();
}
track.finish((JsonObject) new JsonObject().set(ApiResponse.Error.Code, ApiResponse.UNPROCESSABLE_ENTITY.getCode()).set(ApiResponse.Error.Message, error));
}
}
if (!isValidationError) {
JsonObject oError = Lang.toError(th);
// logError (api, "<" + request.getId () + "> - Execute Service / Media Processing - caused an error\n" + oError.toString (), null);
response.error(status, new Object[] { oError.get(ApiResponse.Error.Message), oError.get(ApiResponse.Error.Trace) });
writeError(mediaProcessor, api, consumer, service, request, response);
track.finish((JsonObject) oError.set(ApiResponse.Error.Code, status.getCode()));
}
}
} finally {
request.destroy();
}
}
Also used :
JsonObject(com.bluenimble.platform.json.JsonObject)
ContainerApiResponse(com.bluenimble.platform.api.impls.ContainerApiResponse)
AbstractApiRequest(com.bluenimble.platform.api.impls.AbstractApiRequest)
ContainerApiResponse(com.bluenimble.platform.api.impls.ContainerApiResponse)
ApiResponse(com.bluenimble.platform.api.ApiResponse)
ApiOutput(com.bluenimble.platform.api.ApiOutput)
JsonApiOutput(com.bluenimble.platform.api.impls.JsonApiOutput)
DefaultApiConsumer(com.bluenimble.platform.server.security.impls.DefaultApiConsumer)
ApiConsumer(com.bluenimble.platform.api.security.ApiConsumer)
ApiAuthenticationException(com.bluenimble.platform.api.security.ApiAuthenticationException)
ApiServiceValidatorException(com.bluenimble.platform.api.validation.ApiServiceValidatorException)
ServerRequestTrack(com.bluenimble.platform.server.tracking.ServerRequestTrack)
ApiStatus(com.bluenimble.platform.api.ApiStatus)
ApiMediaProcessor(com.bluenimble.platform.api.media.ApiMediaProcessor)
ContainerApiRequest(com.bluenimble.platform.api.impls.ContainerApiRequest)
JsonArray(com.bluenimble.platform.json.JsonArray)
ApiService(com.bluenimble.platform.api.ApiService)
ApiServiceExecutionException(com.bluenimble.platform.api.ApiServiceExecutionException)
ApiConsumerResolver(com.bluenimble.platform.api.security.ApiConsumerResolver)
JsonObject(com.bluenimble.platform.json.JsonObject)
JsonApiOutput(com.bluenimble.platform.api.impls.JsonApiOutput)
DefaultApiConsumer(com.bluenimble.platform.server.security.impls.DefaultApiConsumer)
Aggregations
ApiAuthenticationException (com.bluenimble.platform.api.security.ApiAuthenticationException)9
JsonObject (com.bluenimble.platform.json.JsonObject)8
JsonArray (com.bluenimble.platform.json.JsonArray)4
DatabaseObject (com.bluenimble.platform.db.DatabaseObject)3
Date (java.util.Date)3
Crypto (com.bluenimble.platform.Crypto)2
ApiManagementException (com.bluenimble.platform.api.ApiManagementException)2
JsonQuery (com.bluenimble.platform.db.query.impls.JsonQuery)2
ParseException (java.text.ParseException)2
HashMap (java.util.HashMap)2
ApiAccessDeniedException (com.bluenimble.platform.api.ApiAccessDeniedException)1
ApiOutput (com.bluenimble.platform.api.ApiOutput)1
ApiResponse (com.bluenimble.platform.api.ApiResponse)1
ApiService (com.bluenimble.platform.api.ApiService)1
ApiServiceExecutionException (com.bluenimble.platform.api.ApiServiceExecutionException)1
ApiSpace (com.bluenimble.platform.api.ApiSpace)1
ApiStatus (com.bluenimble.platform.api.ApiStatus)1
AbstractApiRequest (com.bluenimble.platform.api.impls.AbstractApiRequest)1
ContainerApiRequest (com.bluenimble.platform.api.impls.ContainerApiRequest)1
ContainerApiResponse (com.bluenimble.platform.api.impls.ContainerApiResponse)1
