Search in sources :

Example 6 with OAuthFlow

use of io.swagger.v3.oas.models.security.OAuthFlow in project carbon-apimgt by wso2.

the class OAS3Parser method getOASDefinitionForPublisher.

/**
 * Update OAS definition for API Publisher
 *
 * @param api           API
 * @param oasDefinition
 * @return OAS definition
 * @throws APIManagementException throws if an error occurred
 */
@Override
public String getOASDefinitionForPublisher(API api, String oasDefinition) throws APIManagementException {
    OpenAPI openAPI = getOpenAPI(oasDefinition);
    if (openAPI.getComponents() == null) {
        openAPI.setComponents(new Components());
    }
    Map<String, SecurityScheme> securitySchemes = openAPI.getComponents().getSecuritySchemes();
    if (securitySchemes == null) {
        securitySchemes = new HashMap<>();
        openAPI.getComponents().setSecuritySchemes(securitySchemes);
    }
    SecurityScheme securityScheme = securitySchemes.get(OPENAPI_SECURITY_SCHEMA_KEY);
    if (securityScheme == null) {
        securityScheme = new SecurityScheme();
        securityScheme.setType(SecurityScheme.Type.OAUTH2);
        securitySchemes.put(OPENAPI_SECURITY_SCHEMA_KEY, securityScheme);
        List<SecurityRequirement> security = new ArrayList<SecurityRequirement>();
        SecurityRequirement secReq = new SecurityRequirement();
        secReq.addList(OPENAPI_SECURITY_SCHEMA_KEY, new ArrayList<String>());
        security.add(secReq);
        openAPI.setSecurity(security);
    }
    if (securityScheme.getFlows() == null) {
        securityScheme.setFlows(new OAuthFlows());
    }
    // setting scopes id if it is null
    // https://github.com/swagger-api/swagger-parser/issues/1202
    OAuthFlow oAuthFlow = securityScheme.getFlows().getImplicit();
    if (oAuthFlow == null) {
        oAuthFlow = new OAuthFlow();
        securityScheme.getFlows().setImplicit(oAuthFlow);
    }
    if (oAuthFlow.getScopes() == null) {
        oAuthFlow.setScopes(new Scopes());
    }
    oAuthFlow.setAuthorizationUrl(OPENAPI_DEFAULT_AUTHORIZATION_URL);
    if (api.getAuthorizationHeader() != null) {
        openAPI.addExtension(APIConstants.X_WSO2_AUTH_HEADER, api.getAuthorizationHeader());
    }
    if (api.getApiLevelPolicy() != null) {
        openAPI.addExtension(APIConstants.X_THROTTLING_TIER, api.getApiLevelPolicy());
    }
    openAPI.addExtension(APIConstants.X_WSO2_CORS, api.getCorsConfiguration());
    Object prodEndpointObj = OASParserUtil.generateOASConfigForEndpoints(api, true);
    if (prodEndpointObj != null) {
        openAPI.addExtension(APIConstants.X_WSO2_PRODUCTION_ENDPOINTS, prodEndpointObj);
    }
    Object sandEndpointObj = OASParserUtil.generateOASConfigForEndpoints(api, false);
    if (sandEndpointObj != null) {
        openAPI.addExtension(APIConstants.X_WSO2_SANDBOX_ENDPOINTS, sandEndpointObj);
    }
    openAPI.addExtension(APIConstants.X_WSO2_BASEPATH, api.getContext());
    if (api.getTransports() != null) {
        openAPI.addExtension(APIConstants.X_WSO2_TRANSPORTS, api.getTransports().split(","));
    }
    String apiSecurity = api.getApiSecurity();
    // set mutual ssl extension if enabled
    if (apiSecurity != null) {
        List<String> securityList = Arrays.asList(apiSecurity.split(","));
        if (securityList.contains(APIConstants.API_SECURITY_MUTUAL_SSL)) {
            String mutualSSLOptional = !securityList.contains(APIConstants.API_SECURITY_MUTUAL_SSL_MANDATORY) ? APIConstants.OPTIONAL : APIConstants.MANDATORY;
            openAPI.addExtension(APIConstants.X_WSO2_MUTUAL_SSL, mutualSSLOptional);
        }
    }
    // This app security is should given in resource level,
    // otherwise the default oauth2 scheme defined at each resouce level will override application securities
    JsonNode appSecurityExtension = OASParserUtil.getAppSecurity(apiSecurity);
    for (String pathKey : openAPI.getPaths().keySet()) {
        PathItem pathItem = openAPI.getPaths().get(pathKey);
        for (Map.Entry<PathItem.HttpMethod, Operation> entry : pathItem.readOperationsMap().entrySet()) {
            Operation operation = entry.getValue();
            operation.addExtension(APIConstants.X_WSO2_APP_SECURITY, appSecurityExtension);
        }
    }
    openAPI.addExtension(APIConstants.X_WSO2_RESPONSE_CACHE, OASParserUtil.getResponseCacheConfig(api.getResponseCache(), api.getCacheTimeout()));
    return Json.pretty(openAPI);
}
Also used : OAuthFlows(io.swagger.v3.oas.models.security.OAuthFlows) ArrayList(java.util.ArrayList) JsonNode(com.fasterxml.jackson.databind.JsonNode) Operation(io.swagger.v3.oas.models.Operation) Components(io.swagger.v3.oas.models.Components) PathItem(io.swagger.v3.oas.models.PathItem) OAuthFlow(io.swagger.v3.oas.models.security.OAuthFlow) Scopes(io.swagger.v3.oas.models.security.Scopes) JSONObject(org.json.simple.JSONObject) OpenAPI(io.swagger.v3.oas.models.OpenAPI) SecurityScheme(io.swagger.v3.oas.models.security.SecurityScheme) Map(java.util.Map) HashMap(java.util.HashMap) LinkedHashMap(java.util.LinkedHashMap) HttpMethod(io.swagger.models.HttpMethod) SecurityRequirement(io.swagger.v3.oas.models.security.SecurityRequirement)

Example 7 with OAuthFlow

use of io.swagger.v3.oas.models.security.OAuthFlow in project carbon-apimgt by wso2.

the class OAS3Parser method processOtherSchemeScopes.

/**
 * This method will inject scopes of other schemes to the swagger definition
 *
 * @param swaggerContent resource json
 * @return String
 * @throws APIManagementException
 */
@Override
public String processOtherSchemeScopes(String swaggerContent) throws APIManagementException {
    OpenAPI openAPI = getOpenAPI(swaggerContent);
    Set<Scope> legacyScopes = getScopesFromExtensions(openAPI);
    // This is to fix https://github.com/wso2/product-apim/issues/8724
    if (isDefaultGiven(swaggerContent) && !legacyScopes.isEmpty()) {
        SecurityScheme defaultScheme = openAPI.getComponents().getSecuritySchemes().get(OPENAPI_SECURITY_SCHEMA_KEY);
        OAuthFlows oAuthFlows = defaultScheme.getFlows();
        if (oAuthFlows != null) {
            OAuthFlow oAuthFlow = oAuthFlows.getImplicit();
            if (oAuthFlow != null) {
                Scopes defaultScopes = oAuthFlow.getScopes();
                if (defaultScopes != null) {
                    for (Scope legacyScope : legacyScopes) {
                        if (!defaultScopes.containsKey(legacyScope.getKey())) {
                            openAPI = processLegacyScopes(openAPI);
                            return Json.pretty(openAPI);
                        }
                    }
                }
            }
        }
    }
    if (!isDefaultGiven(swaggerContent)) {
        openAPI = processLegacyScopes(openAPI);
        openAPI = injectOtherScopesToDefaultScheme(openAPI);
        openAPI = injectOtherResourceScopesToDefaultScheme(openAPI);
        return Json.pretty(openAPI);
    }
    return swaggerContent;
}
Also used : Scope(org.wso2.carbon.apimgt.api.model.Scope) OAuthFlows(io.swagger.v3.oas.models.security.OAuthFlows) OAuthFlow(io.swagger.v3.oas.models.security.OAuthFlow) Scopes(io.swagger.v3.oas.models.security.Scopes) OpenAPI(io.swagger.v3.oas.models.OpenAPI) SecurityScheme(io.swagger.v3.oas.models.security.SecurityScheme)

Example 8 with OAuthFlow

use of io.swagger.v3.oas.models.security.OAuthFlow in project carbon-apimgt by wso2.

the class OAS3Parser method processLegacyScopes.

/**
 * This method will extract scopes from legacy x-wso2-security and add them to default scheme
 * @param openAPI openAPI definition
 * @return
 * @throws APIManagementException
 */
private OpenAPI processLegacyScopes(OpenAPI openAPI) throws APIManagementException {
    Set<Scope> scopes = getScopesFromExtensions(openAPI);
    if (!scopes.isEmpty()) {
        if (openAPI.getComponents() == null) {
            openAPI.setComponents(new Components());
        }
        Map<String, SecurityScheme> securitySchemes = openAPI.getComponents().getSecuritySchemes();
        if (securitySchemes == null) {
            securitySchemes = new HashMap<>();
            openAPI.getComponents().setSecuritySchemes(securitySchemes);
        }
        SecurityScheme securityScheme = securitySchemes.get(OPENAPI_SECURITY_SCHEMA_KEY);
        if (securityScheme == null) {
            securityScheme = new SecurityScheme();
            securityScheme.setType(SecurityScheme.Type.OAUTH2);
            securitySchemes.put(OPENAPI_SECURITY_SCHEMA_KEY, securityScheme);
            List<SecurityRequirement> security = new ArrayList<SecurityRequirement>();
            SecurityRequirement secReq = new SecurityRequirement();
            secReq.addList(OPENAPI_SECURITY_SCHEMA_KEY, new ArrayList<String>());
            security.add(secReq);
            openAPI.setSecurity(security);
        }
        if (securityScheme.getFlows() == null) {
            securityScheme.setFlows(new OAuthFlows());
        }
        OAuthFlow oAuthFlow = securityScheme.getFlows().getImplicit();
        if (oAuthFlow == null) {
            oAuthFlow = new OAuthFlow();
            securityScheme.getFlows().setImplicit(oAuthFlow);
        }
        oAuthFlow.setAuthorizationUrl(OPENAPI_DEFAULT_AUTHORIZATION_URL);
        Scopes oas3Scopes = oAuthFlow.getScopes() != null ? oAuthFlow.getScopes() : new Scopes();
        if (scopes != null && !scopes.isEmpty()) {
            Map<String, String> scopeBindings = new HashMap<>();
            if (oAuthFlow.getExtensions() != null) {
                scopeBindings = (Map<String, String>) oAuthFlow.getExtensions().get(APIConstants.SWAGGER_X_SCOPES_BINDINGS) != null ? (Map<String, String>) oAuthFlow.getExtensions().get(APIConstants.SWAGGER_X_SCOPES_BINDINGS) : new HashMap<>();
            }
            for (Scope scope : scopes) {
                oas3Scopes.put(scope.getKey(), scope.getDescription());
                String roles = (StringUtils.isNotBlank(scope.getRoles()) && scope.getRoles().trim().split(",").length > 0) ? scope.getRoles() : StringUtils.EMPTY;
                scopeBindings.put(scope.getKey(), roles);
            }
            oAuthFlow.addExtension(APIConstants.SWAGGER_X_SCOPES_BINDINGS, scopeBindings);
        }
        oAuthFlow.setScopes(oas3Scopes);
    }
    return openAPI;
}
Also used : OAuthFlows(io.swagger.v3.oas.models.security.OAuthFlows) HashMap(java.util.HashMap) LinkedHashMap(java.util.LinkedHashMap) ArrayList(java.util.ArrayList) Components(io.swagger.v3.oas.models.Components) Scope(org.wso2.carbon.apimgt.api.model.Scope) OAuthFlow(io.swagger.v3.oas.models.security.OAuthFlow) Scopes(io.swagger.v3.oas.models.security.Scopes) SecurityScheme(io.swagger.v3.oas.models.security.SecurityScheme) Map(java.util.Map) HashMap(java.util.HashMap) LinkedHashMap(java.util.LinkedHashMap) SecurityRequirement(io.swagger.v3.oas.models.security.SecurityRequirement)

Example 9 with OAuthFlow

use of io.swagger.v3.oas.models.security.OAuthFlow in project carbon-apimgt by wso2.

the class OAS3Parser method extractAndInjectScopesFromFlow.

/**
 * This method returns the oauth scopes of Oauthflows according to the given swagger(version 3)
 *
 * @param noneDefaultTypeFlow , OAuthflow
 * @param defaultTypeFlow,    OAuthflow
 * @return OAuthFlow
 */
private OAuthFlow extractAndInjectScopesFromFlow(OAuthFlow noneDefaultTypeFlow, OAuthFlow defaultTypeFlow) {
    Scopes noneDefaultFlowScopes = noneDefaultTypeFlow.getScopes();
    Scopes defaultFlowScopes = defaultTypeFlow.getScopes();
    Map<String, String> defaultScopeBindings = null;
    if (defaultFlowScopes == null) {
        defaultFlowScopes = new Scopes();
    }
    for (Map.Entry<String, String> input : noneDefaultFlowScopes.entrySet()) {
        // Inject scopes set into default scheme
        defaultFlowScopes.addString(input.getKey(), input.getValue());
    }
    defaultTypeFlow.setScopes(defaultFlowScopes);
    // Check X-Scope Bindings
    Map<String, String> noneDefaultScopeBindings = null;
    Map<String, Object> defaultTypeExtension = defaultTypeFlow.getExtensions();
    if (defaultTypeExtension == null) {
        defaultTypeExtension = new HashMap<>();
    }
    if (noneDefaultTypeFlow.getExtensions() != null && (noneDefaultScopeBindings = (Map<String, String>) noneDefaultTypeFlow.getExtensions().get(APIConstants.SWAGGER_X_SCOPES_BINDINGS)) != null) {
        defaultScopeBindings = (Map<String, String>) defaultTypeExtension.get(APIConstants.SWAGGER_X_SCOPES_BINDINGS);
        if (defaultScopeBindings == null) {
            defaultScopeBindings = new HashMap<>();
        }
        for (Map.Entry<String, String> roleInUse : noneDefaultScopeBindings.entrySet()) {
            defaultScopeBindings.put(roleInUse.getKey(), roleInUse.getValue());
        }
    }
    defaultTypeExtension.put(APIConstants.SWAGGER_X_SCOPES_BINDINGS, defaultScopeBindings);
    defaultTypeFlow.setExtensions(defaultTypeExtension);
    return defaultTypeFlow;
}
Also used : Scopes(io.swagger.v3.oas.models.security.Scopes) JSONObject(org.json.simple.JSONObject) Map(java.util.Map) HashMap(java.util.HashMap) LinkedHashMap(java.util.LinkedHashMap)

Example 10 with OAuthFlow

use of io.swagger.v3.oas.models.security.OAuthFlow in project carbon-apimgt by wso2.

the class OAS3Parser method injectOtherScopesToDefaultScheme.

/**
 * This method returns the oauth scopes according to the given swagger(version 3)
 *
 * @param openAPI - OpenApi object
 * @return OpenAPI
 * @throws APIManagementException
 */
private OpenAPI injectOtherScopesToDefaultScheme(OpenAPI openAPI) throws APIManagementException {
    Map<String, SecurityScheme> securitySchemes;
    Components component = openAPI.getComponents();
    List<String> otherSetOfSchemes = new ArrayList<>();
    if (openAPI.getComponents() != null && (securitySchemes = openAPI.getComponents().getSecuritySchemes()) != null) {
        // If there is no default type schemes set a one
        SecurityScheme defaultScheme = securitySchemes.get(OPENAPI_SECURITY_SCHEMA_KEY);
        if (defaultScheme == null) {
            SecurityScheme newDefault = new SecurityScheme();
            newDefault.setType(SecurityScheme.Type.OAUTH2);
            // Populating the default security scheme with default values
            OAuthFlows newDefaultFlows = new OAuthFlows();
            OAuthFlow newDefaultFlow = new OAuthFlow();
            newDefaultFlow.setAuthorizationUrl(OPENAPI_DEFAULT_AUTHORIZATION_URL);
            Scopes newDefaultScopes = new Scopes();
            newDefaultFlow.setScopes(newDefaultScopes);
            newDefaultFlows.setImplicit(newDefaultFlow);
            newDefault.setFlows(newDefaultFlows);
            securitySchemes.put(OPENAPI_SECURITY_SCHEMA_KEY, newDefault);
        }
        for (Map.Entry<String, SecurityScheme> entry : securitySchemes.entrySet()) {
            if (!OPENAPI_SECURITY_SCHEMA_KEY.equals(entry.getKey()) && "oauth2".equals(entry.getValue().getType().toString())) {
                otherSetOfSchemes.add(entry.getKey());
                // Check for default one
                SecurityScheme defaultType = securitySchemes.get(OPENAPI_SECURITY_SCHEMA_KEY);
                OAuthFlows defaultTypeFlows = defaultType.getFlows();
                if (defaultTypeFlows == null) {
                    defaultTypeFlows = new OAuthFlows();
                }
                OAuthFlow defaultTypeFlow = defaultTypeFlows.getImplicit();
                if (defaultTypeFlow == null) {
                    defaultTypeFlow = new OAuthFlow();
                }
                SecurityScheme noneDefaultType = entry.getValue();
                OAuthFlows noneDefaultTypeFlows = noneDefaultType.getFlows();
                // Get Implicit Flows
                OAuthFlow noneDefaultTypeFlowImplicit = noneDefaultTypeFlows.getImplicit();
                if (noneDefaultTypeFlowImplicit != null) {
                    defaultTypeFlow = extractAndInjectScopesFromFlow(noneDefaultTypeFlowImplicit, defaultTypeFlow);
                    defaultTypeFlows.setImplicit(defaultTypeFlow);
                }
                // Get AuthorizationCode Flow
                OAuthFlow noneDefaultTypeFlowAuthorizationCode = noneDefaultTypeFlows.getAuthorizationCode();
                if (noneDefaultTypeFlowAuthorizationCode != null) {
                    defaultTypeFlow = extractAndInjectScopesFromFlow(noneDefaultTypeFlowAuthorizationCode, defaultTypeFlow);
                    defaultTypeFlows.setImplicit(defaultTypeFlow);
                }
                // Get ClientCredentials Flow
                OAuthFlow noneDefaultTypeFlowClientCredentials = noneDefaultTypeFlows.getClientCredentials();
                if (noneDefaultTypeFlowClientCredentials != null) {
                    defaultTypeFlow = extractAndInjectScopesFromFlow(noneDefaultTypeFlowClientCredentials, defaultTypeFlow);
                    defaultTypeFlows.setImplicit(defaultTypeFlow);
                }
                // Get Password Flow
                OAuthFlow noneDefaultTypeFlowPassword = noneDefaultTypeFlows.getPassword();
                if (noneDefaultTypeFlowPassword != null) {
                    defaultTypeFlow = extractAndInjectScopesFromFlow(noneDefaultTypeFlowPassword, defaultTypeFlow);
                    defaultTypeFlows.setImplicit(defaultTypeFlow);
                }
                defaultType.setFlows(defaultTypeFlows);
            }
        }
        component.setSecuritySchemes(securitySchemes);
        openAPI.setComponents(component);
    }
    setOtherSchemes(otherSetOfSchemes);
    return openAPI;
}
Also used : Components(io.swagger.v3.oas.models.Components) OAuthFlows(io.swagger.v3.oas.models.security.OAuthFlows) OAuthFlow(io.swagger.v3.oas.models.security.OAuthFlow) Scopes(io.swagger.v3.oas.models.security.Scopes) ArrayList(java.util.ArrayList) SecurityScheme(io.swagger.v3.oas.models.security.SecurityScheme) Map(java.util.Map) HashMap(java.util.HashMap) LinkedHashMap(java.util.LinkedHashMap)

Aggregations

OAuthFlow (io.swagger.v3.oas.models.security.OAuthFlow)15 Scopes (io.swagger.v3.oas.models.security.Scopes)13 SecurityScheme (io.swagger.v3.oas.models.security.SecurityScheme)12 OAuthFlows (io.swagger.v3.oas.models.security.OAuthFlows)10 OpenAPI (io.swagger.v3.oas.models.OpenAPI)8 HashMap (java.util.HashMap)7 LinkedHashMap (java.util.LinkedHashMap)7 Components (io.swagger.v3.oas.models.Components)6 Map (java.util.Map)6 SecurityRequirement (io.swagger.v3.oas.models.security.SecurityRequirement)4 ArrayList (java.util.ArrayList)4 Scope (org.wso2.carbon.apimgt.api.model.Scope)4 Operation (io.swagger.v3.oas.models.Operation)3 PathItem (io.swagger.v3.oas.models.PathItem)3 Info (io.swagger.v3.oas.models.info.Info)3 Server (io.swagger.v3.oas.models.servers.Server)3 JsonNode (com.fasterxml.jackson.databind.JsonNode)2 Contact (io.swagger.v3.oas.models.info.Contact)2 HashSet (java.util.HashSet)2 JSONObject (org.json.simple.JSONObject)2