Search in sources :

Example 66 with Scope

use of org.wso2.ballerinalang.compiler.semantics.model.Scope in project carbon-apimgt by wso2.

the class OAuth2Authenticator method validateScopes.

/*
    * This method validates the given scope against scopes defined in the api resource
    * @param Request
    * @param ServiceMethodInfo
    * @param scopesToValidate scopes extracted from the access token
    * @return true if scope validation successful
    * */
@SuppressFBWarnings({ "DLS_DEAD_LOCAL_STORE" })
private boolean validateScopes(Request request, ServiceMethodInfo serviceMethodInfo, String scopesToValidate, String restAPIResource) throws APIMgtSecurityException {
    final boolean[] authorized = { false };
    String path = (String) request.getProperty(APIConstants.REQUEST_URL);
    String verb = (String) request.getProperty(APIConstants.HTTP_METHOD);
    if (log.isDebugEnabled()) {
        log.debug("Invoking rest api resource path " + verb + " " + path + " ");
        log.debug("LoggedIn user scopes " + scopesToValidate);
    }
    String[] scopesArr = new String[0];
    if (scopesToValidate != null) {
        scopesArr = scopesToValidate.split(" ");
    }
    if (scopesToValidate != null && scopesArr.length > 0) {
        final List<String> scopes = Arrays.asList(scopesArr);
        if (restAPIResource != null) {
            APIDefinition apiDefinition = new APIDefinitionFromSwagger20();
            try {
                String apiResourceDefinitionScopes = apiDefinition.getScopeOfResourcePath(restAPIResource, request, serviceMethodInfo);
                if (StringUtils.isEmpty(apiResourceDefinitionScopes)) {
                    if (log.isDebugEnabled()) {
                        log.debug("Scope not defined in swagger for matching resource " + path + " and verb " + verb + " . Hence consider as anonymous permission and let request to continue.");
                    }
                    // scope validation gets through if no scopes found in the api definition
                    authorized[0] = true;
                } else {
                    Arrays.stream(apiResourceDefinitionScopes.split(" ")).forEach(scopeKey -> {
                        Optional<String> key = scopes.stream().filter(scp -> {
                            return scp.equalsIgnoreCase(scopeKey);
                        }).findAny();
                        if (key.isPresent()) {
                            // scope validation success if one of the
                            authorized[0] = true;
                        // apiResourceDefinitionScopes found.
                        }
                    });
                }
            } catch (APIManagementException e) {
                String message = "Error while validating scopes";
                log.error(message, e);
                throw new APIMgtSecurityException(message, ExceptionCodes.INVALID_SCOPE);
            }
        } else {
            if (log.isDebugEnabled()) {
                log.debug("Rest API resource could not be found for request path '" + path + "'");
            }
        }
    } else {
        // scope validation gets through if access token does not contain scopes to validate
        authorized[0] = true;
    }
    if (!authorized[0]) {
        String message = "Scope validation fails for the scopes " + scopesToValidate;
        throw new APIMgtSecurityException(message, ExceptionCodes.INVALID_SCOPE);
    }
    return authorized[0];
}
Also used : Arrays(java.util.Arrays) TypeToken(com.google.gson.reflect.TypeToken) ErrorHandler(org.wso2.carbon.apimgt.core.exception.ErrorHandler) RESTAPIAuthenticator(org.wso2.carbon.apimgt.rest.api.common.api.RESTAPIAuthenticator) LoggerFactory(org.slf4j.LoggerFactory) Request(org.wso2.msf4j.Request) APIMConfigurationService(org.wso2.carbon.apimgt.core.configuration.APIMConfigurationService) APIManagerFactory(org.wso2.carbon.apimgt.core.impl.APIManagerFactory) APIDefinitionFromSwagger20(org.wso2.carbon.apimgt.core.impl.APIDefinitionFromSwagger20) StringUtils(org.apache.commons.lang3.StringUtils) APIManagementException(org.wso2.carbon.apimgt.core.exception.APIManagementException) AccessTokenInfo(org.wso2.carbon.apimgt.core.models.AccessTokenInfo) RestApiUtil(org.wso2.carbon.apimgt.rest.api.common.util.RestApiUtil) RestApiConstants(org.wso2.carbon.apimgt.rest.api.common.RestApiConstants) Response(org.wso2.msf4j.Response) Locale(java.util.Locale) APIDefinition(org.wso2.carbon.apimgt.core.api.APIDefinition) ServiceMethodInfo(org.wso2.msf4j.ServiceMethodInfo) Logger(org.slf4j.Logger) APIConstants(org.wso2.carbon.apimgt.rest.api.common.APIConstants) APIMgtSecurityException(org.wso2.carbon.apimgt.rest.api.common.exception.APIMgtSecurityException) SystemVariableUtil(org.wso2.msf4j.util.SystemVariableUtil) ExceptionCodes(org.wso2.carbon.apimgt.core.exception.ExceptionCodes) List(java.util.List) HttpHeaders(javax.ws.rs.core.HttpHeaders) Optional(java.util.Optional) SuppressFBWarnings(edu.umd.cs.findbugs.annotations.SuppressFBWarnings) APIManagementException(org.wso2.carbon.apimgt.core.exception.APIManagementException) APIMgtSecurityException(org.wso2.carbon.apimgt.rest.api.common.exception.APIMgtSecurityException) APIDefinition(org.wso2.carbon.apimgt.core.api.APIDefinition) APIDefinitionFromSwagger20(org.wso2.carbon.apimgt.core.impl.APIDefinitionFromSwagger20) SuppressFBWarnings(edu.umd.cs.findbugs.annotations.SuppressFBWarnings)

Example 67 with Scope

use of org.wso2.ballerinalang.compiler.semantics.model.Scope in project carbon-apimgt by wso2.

the class WSO2ISScopeRegistrationImpl method getScope.

private Scope getScope(Response response) throws IOException {
    Scope scope = new Scope();
    ScopeInfo scopeInfoResponse = (ScopeInfo) new GsonDecoder().decode(response, ScopeInfo.class);
    scope.setName(scopeInfoResponse.getName());
    scope.setDescription(scopeInfoResponse.getDescription());
    if (scopeInfoResponse.getBindings() != null) {
        scope.setBindings(scopeInfoResponse.getBindings());
    } else {
        scope.setBindings(Collections.emptyList());
    }
    return scope;
}
Also used : Scope(org.wso2.carbon.apimgt.core.models.Scope) GsonDecoder(feign.gson.GsonDecoder) ScopeInfo(org.wso2.carbon.apimgt.core.auth.dto.ScopeInfo)

Example 68 with Scope

use of org.wso2.ballerinalang.compiler.semantics.model.Scope in project carbon-apimgt by wso2.

the class WSO2ISScopeRegistrationImpl method updateScope.

@Override
public boolean updateScope(Scope scope) throws KeyManagementException {
    ScopeInfo scopeInfo = getScopeInfoForUpdate(scope);
    Response response = wso2ISScopeRegistrationServiceStub.updateScope(scopeInfo, scope.getName());
    if (response.status() == APIMgtConstants.HTTPStatusCodes.SC_200_OK) {
        return true;
    } else {
        throw new KeyManagementException("Scope Couldn't get updated", ExceptionCodes.INTERNAL_ERROR);
    }
}
Also used : Response(feign.Response) ScopeInfo(org.wso2.carbon.apimgt.core.auth.dto.ScopeInfo) KeyManagementException(org.wso2.carbon.apimgt.core.exception.KeyManagementException)

Example 69 with Scope

use of org.wso2.ballerinalang.compiler.semantics.model.Scope in project carbon-apimgt by wso2.

the class WSO2ISScopeRegistrationImpl method registerScope.

@Override
public boolean registerScope(Scope scope) throws KeyManagementException {
    ScopeInfo scopeInfo = getScopeInfo(scope);
    Response response = wso2ISScopeRegistrationServiceStub.registerScope(scopeInfo);
    if (response.status() == APIMgtConstants.HTTPStatusCodes.SC_201_CREATED) {
        return true;
    } else {
        throw new KeyManagementException("Scope Registration Failed", ExceptionCodes.SCOPE_REGISTRATION_FAILED);
    }
}
Also used : Response(feign.Response) ScopeInfo(org.wso2.carbon.apimgt.core.auth.dto.ScopeInfo) KeyManagementException(org.wso2.carbon.apimgt.core.exception.KeyManagementException)

Example 70 with Scope

use of org.wso2.ballerinalang.compiler.semantics.model.Scope in project carbon-apimgt by wso2.

the class DefaultScopeRegistrationImpl method getScope.

private Scope getScope(Response response) throws IOException {
    Scope scope = new Scope();
    ScopeInfo scopeInfoResponse = (ScopeInfo) new GsonDecoder().decode(response, ScopeInfo.class);
    scope.setName(scopeInfoResponse.getName());
    scope.setDescription(scopeInfoResponse.getDescription());
    if (scopeInfoResponse.getBindings() != null) {
        scope.setBindings(scopeInfoResponse.getBindings());
    } else {
        scope.setBindings(Collections.emptyList());
    }
    return scope;
}
Also used : Scope(org.wso2.carbon.apimgt.core.models.Scope) GsonDecoder(feign.gson.GsonDecoder) ScopeInfo(org.wso2.carbon.apimgt.core.auth.dto.ScopeInfo)

Aggregations

Scope (org.wso2.carbon.apimgt.core.models.Scope)41 HashMap (java.util.HashMap)25 RestVariable (org.wso2.carbon.bpmn.rest.engine.variable.RestVariable)25 Test (org.testng.annotations.Test)23 APIManagementException (org.wso2.carbon.apimgt.core.exception.APIManagementException)19 Response (javax.ws.rs.core.Response)16 ScopeInfo (org.wso2.carbon.apimgt.core.auth.dto.ScopeInfo)15 FileInputStream (java.io.FileInputStream)14 API (org.wso2.carbon.apimgt.core.models.API)14 ArrayList (java.util.ArrayList)13 KeyManager (org.wso2.carbon.apimgt.core.api.KeyManager)13 ApiDAO (org.wso2.carbon.apimgt.core.dao.ApiDAO)13 Map (java.util.Map)12 APIGateway (org.wso2.carbon.apimgt.core.api.APIGateway)12 APIPublisher (org.wso2.carbon.apimgt.core.api.APIPublisher)12 GatewaySourceGenerator (org.wso2.carbon.apimgt.core.api.GatewaySourceGenerator)12 IdentityProvider (org.wso2.carbon.apimgt.core.api.IdentityProvider)11 RestResponseFactory (org.wso2.carbon.bpmn.rest.common.RestResponseFactory)11 ActivitiObjectNotFoundException (org.activiti.engine.ActivitiObjectNotFoundException)10 Scope (org.wso2.ballerinalang.compiler.semantics.model.Scope)10