use of io.swagger.v3.oas.models.security.OAuthFlow in project carbon-apimgt by wso2.
the class OAS3Parser method getOASDefinitionForPublisher.
/**
* Update OAS definition for API Publisher
*
* @param api API
* @param oasDefinition
* @return OAS definition
* @throws APIManagementException throws if an error occurred
*/
@Override
public String getOASDefinitionForPublisher(API api, String oasDefinition) throws APIManagementException {
OpenAPI openAPI = getOpenAPI(oasDefinition);
if (openAPI.getComponents() == null) {
openAPI.setComponents(new Components());
}
Map<String, SecurityScheme> securitySchemes = openAPI.getComponents().getSecuritySchemes();
if (securitySchemes == null) {
securitySchemes = new HashMap<>();
openAPI.getComponents().setSecuritySchemes(securitySchemes);
}
SecurityScheme securityScheme = securitySchemes.get(OPENAPI_SECURITY_SCHEMA_KEY);
if (securityScheme == null) {
securityScheme = new SecurityScheme();
securityScheme.setType(SecurityScheme.Type.OAUTH2);
securitySchemes.put(OPENAPI_SECURITY_SCHEMA_KEY, securityScheme);
List<SecurityRequirement> security = new ArrayList<SecurityRequirement>();
SecurityRequirement secReq = new SecurityRequirement();
secReq.addList(OPENAPI_SECURITY_SCHEMA_KEY, new ArrayList<String>());
security.add(secReq);
openAPI.setSecurity(security);
}
if (securityScheme.getFlows() == null) {
securityScheme.setFlows(new OAuthFlows());
}
// setting scopes id if it is null
// https://github.com/swagger-api/swagger-parser/issues/1202
OAuthFlow oAuthFlow = securityScheme.getFlows().getImplicit();
if (oAuthFlow == null) {
oAuthFlow = new OAuthFlow();
securityScheme.getFlows().setImplicit(oAuthFlow);
}
if (oAuthFlow.getScopes() == null) {
oAuthFlow.setScopes(new Scopes());
}
oAuthFlow.setAuthorizationUrl(OPENAPI_DEFAULT_AUTHORIZATION_URL);
if (api.getAuthorizationHeader() != null) {
openAPI.addExtension(APIConstants.X_WSO2_AUTH_HEADER, api.getAuthorizationHeader());
}
if (api.getApiLevelPolicy() != null) {
openAPI.addExtension(APIConstants.X_THROTTLING_TIER, api.getApiLevelPolicy());
}
openAPI.addExtension(APIConstants.X_WSO2_CORS, api.getCorsConfiguration());
Object prodEndpointObj = OASParserUtil.generateOASConfigForEndpoints(api, true);
if (prodEndpointObj != null) {
openAPI.addExtension(APIConstants.X_WSO2_PRODUCTION_ENDPOINTS, prodEndpointObj);
}
Object sandEndpointObj = OASParserUtil.generateOASConfigForEndpoints(api, false);
if (sandEndpointObj != null) {
openAPI.addExtension(APIConstants.X_WSO2_SANDBOX_ENDPOINTS, sandEndpointObj);
}
openAPI.addExtension(APIConstants.X_WSO2_BASEPATH, api.getContext());
if (api.getTransports() != null) {
openAPI.addExtension(APIConstants.X_WSO2_TRANSPORTS, api.getTransports().split(","));
}
String apiSecurity = api.getApiSecurity();
// set mutual ssl extension if enabled
if (apiSecurity != null) {
List<String> securityList = Arrays.asList(apiSecurity.split(","));
if (securityList.contains(APIConstants.API_SECURITY_MUTUAL_SSL)) {
String mutualSSLOptional = !securityList.contains(APIConstants.API_SECURITY_MUTUAL_SSL_MANDATORY) ? APIConstants.OPTIONAL : APIConstants.MANDATORY;
openAPI.addExtension(APIConstants.X_WSO2_MUTUAL_SSL, mutualSSLOptional);
}
}
// This app security is should given in resource level,
// otherwise the default oauth2 scheme defined at each resouce level will override application securities
JsonNode appSecurityExtension = OASParserUtil.getAppSecurity(apiSecurity);
for (String pathKey : openAPI.getPaths().keySet()) {
PathItem pathItem = openAPI.getPaths().get(pathKey);
for (Map.Entry<PathItem.HttpMethod, Operation> entry : pathItem.readOperationsMap().entrySet()) {
Operation operation = entry.getValue();
operation.addExtension(APIConstants.X_WSO2_APP_SECURITY, appSecurityExtension);
}
}
openAPI.addExtension(APIConstants.X_WSO2_RESPONSE_CACHE, OASParserUtil.getResponseCacheConfig(api.getResponseCache(), api.getCacheTimeout()));
return Json.pretty(openAPI);
}
use of io.swagger.v3.oas.models.security.OAuthFlow in project carbon-apimgt by wso2.
the class OAS3Parser method processOtherSchemeScopes.
/**
* This method will inject scopes of other schemes to the swagger definition
*
* @param swaggerContent resource json
* @return String
* @throws APIManagementException
*/
@Override
public String processOtherSchemeScopes(String swaggerContent) throws APIManagementException {
OpenAPI openAPI = getOpenAPI(swaggerContent);
Set<Scope> legacyScopes = getScopesFromExtensions(openAPI);
// This is to fix https://github.com/wso2/product-apim/issues/8724
if (isDefaultGiven(swaggerContent) && !legacyScopes.isEmpty()) {
SecurityScheme defaultScheme = openAPI.getComponents().getSecuritySchemes().get(OPENAPI_SECURITY_SCHEMA_KEY);
OAuthFlows oAuthFlows = defaultScheme.getFlows();
if (oAuthFlows != null) {
OAuthFlow oAuthFlow = oAuthFlows.getImplicit();
if (oAuthFlow != null) {
Scopes defaultScopes = oAuthFlow.getScopes();
if (defaultScopes != null) {
for (Scope legacyScope : legacyScopes) {
if (!defaultScopes.containsKey(legacyScope.getKey())) {
openAPI = processLegacyScopes(openAPI);
return Json.pretty(openAPI);
}
}
}
}
}
}
if (!isDefaultGiven(swaggerContent)) {
openAPI = processLegacyScopes(openAPI);
openAPI = injectOtherScopesToDefaultScheme(openAPI);
openAPI = injectOtherResourceScopesToDefaultScheme(openAPI);
return Json.pretty(openAPI);
}
return swaggerContent;
}
use of io.swagger.v3.oas.models.security.OAuthFlow in project carbon-apimgt by wso2.
the class OAS3Parser method processLegacyScopes.
/**
* This method will extract scopes from legacy x-wso2-security and add them to default scheme
* @param openAPI openAPI definition
* @return
* @throws APIManagementException
*/
private OpenAPI processLegacyScopes(OpenAPI openAPI) throws APIManagementException {
Set<Scope> scopes = getScopesFromExtensions(openAPI);
if (!scopes.isEmpty()) {
if (openAPI.getComponents() == null) {
openAPI.setComponents(new Components());
}
Map<String, SecurityScheme> securitySchemes = openAPI.getComponents().getSecuritySchemes();
if (securitySchemes == null) {
securitySchemes = new HashMap<>();
openAPI.getComponents().setSecuritySchemes(securitySchemes);
}
SecurityScheme securityScheme = securitySchemes.get(OPENAPI_SECURITY_SCHEMA_KEY);
if (securityScheme == null) {
securityScheme = new SecurityScheme();
securityScheme.setType(SecurityScheme.Type.OAUTH2);
securitySchemes.put(OPENAPI_SECURITY_SCHEMA_KEY, securityScheme);
List<SecurityRequirement> security = new ArrayList<SecurityRequirement>();
SecurityRequirement secReq = new SecurityRequirement();
secReq.addList(OPENAPI_SECURITY_SCHEMA_KEY, new ArrayList<String>());
security.add(secReq);
openAPI.setSecurity(security);
}
if (securityScheme.getFlows() == null) {
securityScheme.setFlows(new OAuthFlows());
}
OAuthFlow oAuthFlow = securityScheme.getFlows().getImplicit();
if (oAuthFlow == null) {
oAuthFlow = new OAuthFlow();
securityScheme.getFlows().setImplicit(oAuthFlow);
}
oAuthFlow.setAuthorizationUrl(OPENAPI_DEFAULT_AUTHORIZATION_URL);
Scopes oas3Scopes = oAuthFlow.getScopes() != null ? oAuthFlow.getScopes() : new Scopes();
if (scopes != null && !scopes.isEmpty()) {
Map<String, String> scopeBindings = new HashMap<>();
if (oAuthFlow.getExtensions() != null) {
scopeBindings = (Map<String, String>) oAuthFlow.getExtensions().get(APIConstants.SWAGGER_X_SCOPES_BINDINGS) != null ? (Map<String, String>) oAuthFlow.getExtensions().get(APIConstants.SWAGGER_X_SCOPES_BINDINGS) : new HashMap<>();
}
for (Scope scope : scopes) {
oas3Scopes.put(scope.getKey(), scope.getDescription());
String roles = (StringUtils.isNotBlank(scope.getRoles()) && scope.getRoles().trim().split(",").length > 0) ? scope.getRoles() : StringUtils.EMPTY;
scopeBindings.put(scope.getKey(), roles);
}
oAuthFlow.addExtension(APIConstants.SWAGGER_X_SCOPES_BINDINGS, scopeBindings);
}
oAuthFlow.setScopes(oas3Scopes);
}
return openAPI;
}
use of io.swagger.v3.oas.models.security.OAuthFlow in project carbon-apimgt by wso2.
the class OAS3Parser method extractAndInjectScopesFromFlow.
/**
* This method returns the oauth scopes of Oauthflows according to the given swagger(version 3)
*
* @param noneDefaultTypeFlow , OAuthflow
* @param defaultTypeFlow, OAuthflow
* @return OAuthFlow
*/
private OAuthFlow extractAndInjectScopesFromFlow(OAuthFlow noneDefaultTypeFlow, OAuthFlow defaultTypeFlow) {
Scopes noneDefaultFlowScopes = noneDefaultTypeFlow.getScopes();
Scopes defaultFlowScopes = defaultTypeFlow.getScopes();
Map<String, String> defaultScopeBindings = null;
if (defaultFlowScopes == null) {
defaultFlowScopes = new Scopes();
}
for (Map.Entry<String, String> input : noneDefaultFlowScopes.entrySet()) {
// Inject scopes set into default scheme
defaultFlowScopes.addString(input.getKey(), input.getValue());
}
defaultTypeFlow.setScopes(defaultFlowScopes);
// Check X-Scope Bindings
Map<String, String> noneDefaultScopeBindings = null;
Map<String, Object> defaultTypeExtension = defaultTypeFlow.getExtensions();
if (defaultTypeExtension == null) {
defaultTypeExtension = new HashMap<>();
}
if (noneDefaultTypeFlow.getExtensions() != null && (noneDefaultScopeBindings = (Map<String, String>) noneDefaultTypeFlow.getExtensions().get(APIConstants.SWAGGER_X_SCOPES_BINDINGS)) != null) {
defaultScopeBindings = (Map<String, String>) defaultTypeExtension.get(APIConstants.SWAGGER_X_SCOPES_BINDINGS);
if (defaultScopeBindings == null) {
defaultScopeBindings = new HashMap<>();
}
for (Map.Entry<String, String> roleInUse : noneDefaultScopeBindings.entrySet()) {
defaultScopeBindings.put(roleInUse.getKey(), roleInUse.getValue());
}
}
defaultTypeExtension.put(APIConstants.SWAGGER_X_SCOPES_BINDINGS, defaultScopeBindings);
defaultTypeFlow.setExtensions(defaultTypeExtension);
return defaultTypeFlow;
}
use of io.swagger.v3.oas.models.security.OAuthFlow in project carbon-apimgt by wso2.
the class OAS3Parser method injectOtherScopesToDefaultScheme.
/**
* This method returns the oauth scopes according to the given swagger(version 3)
*
* @param openAPI - OpenApi object
* @return OpenAPI
* @throws APIManagementException
*/
private OpenAPI injectOtherScopesToDefaultScheme(OpenAPI openAPI) throws APIManagementException {
Map<String, SecurityScheme> securitySchemes;
Components component = openAPI.getComponents();
List<String> otherSetOfSchemes = new ArrayList<>();
if (openAPI.getComponents() != null && (securitySchemes = openAPI.getComponents().getSecuritySchemes()) != null) {
// If there is no default type schemes set a one
SecurityScheme defaultScheme = securitySchemes.get(OPENAPI_SECURITY_SCHEMA_KEY);
if (defaultScheme == null) {
SecurityScheme newDefault = new SecurityScheme();
newDefault.setType(SecurityScheme.Type.OAUTH2);
// Populating the default security scheme with default values
OAuthFlows newDefaultFlows = new OAuthFlows();
OAuthFlow newDefaultFlow = new OAuthFlow();
newDefaultFlow.setAuthorizationUrl(OPENAPI_DEFAULT_AUTHORIZATION_URL);
Scopes newDefaultScopes = new Scopes();
newDefaultFlow.setScopes(newDefaultScopes);
newDefaultFlows.setImplicit(newDefaultFlow);
newDefault.setFlows(newDefaultFlows);
securitySchemes.put(OPENAPI_SECURITY_SCHEMA_KEY, newDefault);
}
for (Map.Entry<String, SecurityScheme> entry : securitySchemes.entrySet()) {
if (!OPENAPI_SECURITY_SCHEMA_KEY.equals(entry.getKey()) && "oauth2".equals(entry.getValue().getType().toString())) {
otherSetOfSchemes.add(entry.getKey());
// Check for default one
SecurityScheme defaultType = securitySchemes.get(OPENAPI_SECURITY_SCHEMA_KEY);
OAuthFlows defaultTypeFlows = defaultType.getFlows();
if (defaultTypeFlows == null) {
defaultTypeFlows = new OAuthFlows();
}
OAuthFlow defaultTypeFlow = defaultTypeFlows.getImplicit();
if (defaultTypeFlow == null) {
defaultTypeFlow = new OAuthFlow();
}
SecurityScheme noneDefaultType = entry.getValue();
OAuthFlows noneDefaultTypeFlows = noneDefaultType.getFlows();
// Get Implicit Flows
OAuthFlow noneDefaultTypeFlowImplicit = noneDefaultTypeFlows.getImplicit();
if (noneDefaultTypeFlowImplicit != null) {
defaultTypeFlow = extractAndInjectScopesFromFlow(noneDefaultTypeFlowImplicit, defaultTypeFlow);
defaultTypeFlows.setImplicit(defaultTypeFlow);
}
// Get AuthorizationCode Flow
OAuthFlow noneDefaultTypeFlowAuthorizationCode = noneDefaultTypeFlows.getAuthorizationCode();
if (noneDefaultTypeFlowAuthorizationCode != null) {
defaultTypeFlow = extractAndInjectScopesFromFlow(noneDefaultTypeFlowAuthorizationCode, defaultTypeFlow);
defaultTypeFlows.setImplicit(defaultTypeFlow);
}
// Get ClientCredentials Flow
OAuthFlow noneDefaultTypeFlowClientCredentials = noneDefaultTypeFlows.getClientCredentials();
if (noneDefaultTypeFlowClientCredentials != null) {
defaultTypeFlow = extractAndInjectScopesFromFlow(noneDefaultTypeFlowClientCredentials, defaultTypeFlow);
defaultTypeFlows.setImplicit(defaultTypeFlow);
}
// Get Password Flow
OAuthFlow noneDefaultTypeFlowPassword = noneDefaultTypeFlows.getPassword();
if (noneDefaultTypeFlowPassword != null) {
defaultTypeFlow = extractAndInjectScopesFromFlow(noneDefaultTypeFlowPassword, defaultTypeFlow);
defaultTypeFlows.setImplicit(defaultTypeFlow);
}
defaultType.setFlows(defaultTypeFlows);
}
}
component.setSecuritySchemes(securitySchemes);
openAPI.setComponents(component);
}
setOtherSchemes(otherSetOfSchemes);
return openAPI;
}
Aggregations