Search in sources :

Example 1 with APIMgtAuthorizationFailedException

use of org.wso2.carbon.apimgt.api.APIMgtAuthorizationFailedException in project carbon-apimgt by wso2.

the class ImportUtils method importApi.

/**
 * This method imports an API.
 *
 * @param extractedFolderPath            Location of the extracted folder of the API
 * @param importedApiDTO                 API DTO of the importing API
 *                                       (This will not be null when importing dependent APIs with API Products)
 * @param preserveProvider               Decision to keep or replace the provider
 * @param overwrite                      Whether to update the API or not
 * @param tokenScopes                    Scopes of the token
 * @param dependentAPIParamsConfigObject Params configuration of an API (this will not be null if a dependent API
 *                                       of an
 *                                       API product wants to override the parameters)
 * @param organization  Identifier of an Organization
 * @throws APIImportExportException If there is an error in importing an API
 * @@return Imported API
 */
public static API importApi(String extractedFolderPath, APIDTO importedApiDTO, Boolean preserveProvider, Boolean rotateRevision, Boolean overwrite, Boolean dependentAPIFromProduct, String[] tokenScopes, JsonObject dependentAPIParamsConfigObject, String organization) throws APIManagementException {
    String userName = RestApiCommonUtil.getLoggedInUsername();
    APIDefinitionValidationResponse validationResponse = null;
    String graphQLSchema = null;
    API importedApi = null;
    String currentStatus;
    String targetStatus;
    String lifecycleAction;
    GraphqlComplexityInfo graphqlComplexityInfo = null;
    int tenantId = 0;
    JsonArray deploymentInfoArray = null;
    JsonObject paramsConfigObject;
    try {
        if (importedApiDTO == null) {
            JsonElement jsonObject = retrieveValidatedDTOObject(extractedFolderPath, preserveProvider, userName, ImportExportConstants.TYPE_API);
            importedApiDTO = new Gson().fromJson(jsonObject, APIDTO.class);
        }
        // If the provided dependent APIs params config is null, it means this happening when importing an API (not
        // because when importing a dependent API of an API Product). Hence, try to retrieve the definition from
        // the API folder path
        paramsConfigObject = (dependentAPIParamsConfigObject != null) ? dependentAPIParamsConfigObject : APIControllerUtil.resolveAPIControllerEnvParams(extractedFolderPath);
        // If above the params configurations are not null, then resolve those
        if (paramsConfigObject != null) {
            importedApiDTO = APIControllerUtil.injectEnvParamsToAPI(importedApiDTO, paramsConfigObject, extractedFolderPath);
            if (!isAdvertiseOnlyAPI(importedApiDTO)) {
                JsonElement deploymentsParam = paramsConfigObject.get(ImportExportConstants.DEPLOYMENT_ENVIRONMENTS);
                if (deploymentsParam != null && !deploymentsParam.isJsonNull()) {
                    deploymentInfoArray = deploymentsParam.getAsJsonArray();
                }
            }
        }
        String apiType = importedApiDTO.getType().toString();
        APIProvider apiProvider = RestApiCommonUtil.getProvider(importedApiDTO.getProvider());
        // Validate swagger content except for streaming APIs
        if (!PublisherCommonUtils.isStreamingAPI(importedApiDTO) && !APIConstants.APITransportType.GRAPHQL.toString().equalsIgnoreCase(apiType)) {
            validationResponse = retrieveValidatedSwaggerDefinitionFromArchive(extractedFolderPath);
        }
        // Validate the GraphQL schema
        if (APIConstants.APITransportType.GRAPHQL.toString().equalsIgnoreCase(apiType)) {
            graphQLSchema = retrieveValidatedGraphqlSchemaFromArchive(extractedFolderPath);
        }
        // Validate the WSDL of SOAP APIs
        if (APIConstants.API_TYPE_SOAP.equalsIgnoreCase(apiType)) {
            validateWSDLFromArchive(extractedFolderPath, importedApiDTO);
        }
        // Validate the AsyncAPI definition of streaming APIs
        if (PublisherCommonUtils.isStreamingAPI(importedApiDTO)) {
            validationResponse = retrieveValidatedAsyncApiDefinitionFromArchive(extractedFolderPath);
        }
        String currentTenantDomain = MultitenantUtils.getTenantDomain(APIUtil.replaceEmailDomainBack(userName));
        // The status of the importing API should be stored separately to do the lifecycle change at the end
        targetStatus = importedApiDTO.getLifeCycleStatus();
        API targetApi = retrieveApiToOverwrite(importedApiDTO.getName(), importedApiDTO.getVersion(), currentTenantDomain, apiProvider, Boolean.TRUE, organization);
        if (isAdvertiseOnlyAPI(importedApiDTO)) {
            processAdvertiseOnlyPropertiesInDTO(importedApiDTO, tokenScopes);
        }
        Map<String, List<OperationPolicy>> extractedPoliciesMap = extractAndDropOperationPoliciesFromURITemplate(importedApiDTO.getOperations());
        // If the overwrite is set to true (which means an update), retrieve the existing API
        if (Boolean.TRUE.equals(overwrite) && targetApi != null) {
            log.info("Existing API found, attempting to update it...");
            currentStatus = targetApi.getStatus();
            // Set the status of imported API to current status of target API when updating
            importedApiDTO.setLifeCycleStatus(currentStatus);
            // when updating an API from the UI there is at least one resource (operation) inside the DTO.
            if (importedApiDTO.getOperations().isEmpty()) {
                setOperationsToDTO(importedApiDTO, validationResponse);
            }
            targetApi.setOrganization(organization);
            importedApi = PublisherCommonUtils.updateApi(targetApi, importedApiDTO, RestApiCommonUtil.getLoggedInUserProvider(), tokenScopes);
        } else {
            if (targetApi == null && Boolean.TRUE.equals(overwrite)) {
                log.info("Cannot find : " + importedApiDTO.getName() + "-" + importedApiDTO.getVersion() + ". Creating it.");
            }
            // Initialize to CREATED when import
            currentStatus = APIStatus.CREATED.toString();
            importedApiDTO.setLifeCycleStatus(currentStatus);
            importedApi = PublisherCommonUtils.addAPIWithGeneratedSwaggerDefinition(importedApiDTO, ImportExportConstants.OAS_VERSION_3, importedApiDTO.getProvider(), organization);
            // Set API definition to validationResponse if the API is imported with sample API definition
            if (validationResponse.isInit()) {
                validationResponse.setContent(importedApi.getSwaggerDefinition());
                validationResponse.setJsonContent(importedApi.getSwaggerDefinition());
            }
        }
        if (!extractedPoliciesMap.isEmpty()) {
            importedApi.setUriTemplates(validateOperationPolicies(importedApi, apiProvider, extractedFolderPath, extractedPoliciesMap, currentTenantDomain));
            apiProvider.updateAPI(importedApi);
        }
        // Retrieving the life cycle action to do the lifecycle state change explicitly later
        lifecycleAction = getLifeCycleAction(currentTenantDomain, currentStatus, targetStatus, apiProvider);
        // Add/update swagger content except for streaming APIs and GraphQL APIs
        if (!PublisherCommonUtils.isStreamingAPI(importedApiDTO) && !APIConstants.APITransportType.GRAPHQL.toString().equalsIgnoreCase(apiType)) {
            // Add the validated swagger separately since the UI does the same procedure
            PublisherCommonUtils.updateSwagger(importedApi.getUuid(), validationResponse, false, organization);
        }
        // Add the GraphQL schema
        if (APIConstants.APITransportType.GRAPHQL.toString().equalsIgnoreCase(apiType)) {
            importedApi.setOrganization(organization);
            PublisherCommonUtils.addGraphQLSchema(importedApi, graphQLSchema, apiProvider);
            graphqlComplexityInfo = retrieveGraphqlComplexityInfoFromArchive(extractedFolderPath, graphQLSchema);
            if (graphqlComplexityInfo != null && graphqlComplexityInfo.getList().size() != 0) {
                apiProvider.addOrUpdateComplexityDetails(importedApi.getUuid(), graphqlComplexityInfo);
            }
        }
        // Add/update Async API definition for streaming APIs
        if (PublisherCommonUtils.isStreamingAPI(importedApiDTO)) {
            // Add the validated Async API definition separately since the UI does the same procedure
            PublisherCommonUtils.updateAsyncAPIDefinition(importedApi.getUuid(), validationResponse, organization);
        }
        tenantId = APIUtil.getTenantId(RestApiCommonUtil.getLoggedInUsername());
        // Since Image, documents, sequences and WSDL are optional, exceptions are logged and ignored in
        // implementation
        ApiTypeWrapper apiTypeWrapperWithUpdatedApi = new ApiTypeWrapper(importedApi);
        addThumbnailImage(extractedFolderPath, apiTypeWrapperWithUpdatedApi, apiProvider);
        addDocumentation(extractedFolderPath, apiTypeWrapperWithUpdatedApi, apiProvider, organization);
        addAPIWsdl(extractedFolderPath, importedApi, apiProvider);
        if (StringUtils.equals(importedApi.getType().toLowerCase(), APIConstants.API_TYPE_SOAPTOREST.toLowerCase())) {
            addSOAPToREST(importedApi, validationResponse.getContent(), apiProvider);
        }
        if (!isAdvertiseOnlyAPI(importedApiDTO)) {
            addAPISequences(extractedFolderPath, importedApi, apiProvider);
            addAPISpecificSequences(extractedFolderPath, importedApi, apiProvider);
            addEndpointCertificates(extractedFolderPath, importedApi, apiProvider, tenantId);
            if (log.isDebugEnabled()) {
                log.debug("Mutual SSL enabled. Importing client certificates.");
            }
            addClientCertificates(extractedFolderPath, apiProvider, preserveProvider, importedApi.getId().getProviderName(), organization);
        }
        // Change API lifecycle if state transition is required
        if (StringUtils.isNotEmpty(lifecycleAction)) {
            apiProvider = RestApiCommonUtil.getLoggedInUserProvider();
            log.info("Changing lifecycle from " + currentStatus + " to " + targetStatus);
            if (StringUtils.equals(lifecycleAction, APIConstants.LC_PUBLISH_LC_STATE)) {
                apiProvider.changeAPILCCheckListItems(importedApi.getId(), ImportExportConstants.REFER_REQUIRE_RE_SUBSCRIPTION_CHECK_ITEM, true);
            }
            apiProvider.changeLifeCycleStatus(currentTenantDomain, new ApiTypeWrapper(importedApi), lifecycleAction, new HashMap<>());
        }
        importedApi.setStatus(targetStatus);
        String tenantDomain = RestApiCommonUtil.getLoggedInUserTenantDomain();
        if (deploymentInfoArray == null && !isAdvertiseOnlyAPI(importedApiDTO)) {
            // If the params have not overwritten the deployment environments, yaml file will be read
            deploymentInfoArray = retrieveDeploymentLabelsFromArchive(extractedFolderPath, dependentAPIFromProduct);
        }
        List<APIRevisionDeployment> apiRevisionDeployments = getValidatedDeploymentsList(deploymentInfoArray, tenantDomain, apiProvider, organization);
        if (apiRevisionDeployments.size() > 0) {
            String importedAPIUuid = importedApi.getUuid();
            String revisionId;
            APIRevision apiRevision = new APIRevision();
            apiRevision.setApiUUID(importedAPIUuid);
            apiRevision.setDescription("Revision created after importing the API");
            try {
                revisionId = apiProvider.addAPIRevision(apiRevision, tenantDomain);
                if (log.isDebugEnabled()) {
                    log.debug("A new revision has been created for API " + importedApi.getId().getApiName() + "_" + importedApi.getId().getVersion());
                }
            } catch (APIManagementException e) {
                // enabled, earliest revision will be deleted before creating a revision again
                if (e.getErrorHandler().getErrorCode() == ExceptionCodes.from(ExceptionCodes.MAXIMUM_REVISIONS_REACHED).getErrorCode() && rotateRevision) {
                    String earliestRevisionUuid = apiProvider.getEarliestRevisionUUID(importedAPIUuid);
                    List<APIRevisionDeployment> deploymentsList = apiProvider.getAPIRevisionDeploymentList(earliestRevisionUuid);
                    // if the earliest revision is already deployed in gateway environments, it will be undeployed
                    // before deleting
                    apiProvider.undeployAPIRevisionDeployment(importedAPIUuid, earliestRevisionUuid, deploymentsList, organization);
                    apiProvider.deleteAPIRevision(importedAPIUuid, earliestRevisionUuid, tenantDomain);
                    revisionId = apiProvider.addAPIRevision(apiRevision, tenantDomain);
                    if (log.isDebugEnabled()) {
                        log.debug("Revision ID: " + earliestRevisionUuid + " has been undeployed from " + deploymentsList.size() + " gateway environments and created a new revision ID: " + revisionId + " for API " + importedApi.getId().getApiName() + "_" + importedApi.getId().getVersion());
                    }
                } else {
                    throw new APIManagementException("Error occurred while creating a new revision for the API: " + importedApi.getId().getApiName(), e);
                }
            }
            // Once the new revision successfully created, artifacts will be deployed in mentioned gateway
            // environments
            apiProvider.deployAPIRevision(importedAPIUuid, revisionId, apiRevisionDeployments, organization);
            if (log.isDebugEnabled()) {
                log.debug("API: " + importedApi.getId().getApiName() + "_" + importedApi.getId().getVersion() + " was deployed in " + apiRevisionDeployments.size() + " gateway environments.");
            }
        } else {
            log.info("Valid deployment environments were not found for the imported artifact. Only working copy " + "was updated and not deployed in any of the gateway environments.");
        }
        return importedApi;
    } catch (CryptoException | IOException e) {
        throw new APIManagementException("Error while reading API meta information from path: " + extractedFolderPath, e, ExceptionCodes.ERROR_READING_META_DATA);
    } catch (FaultGatewaysException e) {
        throw new APIManagementException("Error while updating API: " + importedApi.getId().getApiName(), e);
    } catch (APIMgtAuthorizationFailedException e) {
        throw new APIManagementException("Please enable preserveProvider property for cross tenant API Import.", e, ExceptionCodes.TENANT_MISMATCH);
    } catch (ParseException e) {
        throw new APIManagementException("Error while parsing the endpoint configuration of the API", ExceptionCodes.JSON_PARSE_ERROR);
    } catch (APIManagementException e) {
        String errorMessage = "Error while importing API: ";
        if (importedApi != null) {
            errorMessage += importedApi.getId().getApiName() + StringUtils.SPACE + APIConstants.API_DATA_VERSION + ": " + importedApi.getId().getVersion();
        }
        throw new APIManagementException(errorMessage + StringUtils.SPACE + e.getMessage(), e);
    }
}
Also used : ApiTypeWrapper(org.wso2.carbon.apimgt.api.model.ApiTypeWrapper) APIMgtAuthorizationFailedException(org.wso2.carbon.apimgt.api.APIMgtAuthorizationFailedException) JsonObject(com.google.gson.JsonObject) Gson(com.google.gson.Gson) APIRevisionDeployment(org.wso2.carbon.apimgt.api.model.APIRevisionDeployment) APIProvider(org.wso2.carbon.apimgt.api.APIProvider) APIManagementException(org.wso2.carbon.apimgt.api.APIManagementException) ArrayList(java.util.ArrayList) List(java.util.List) NodeList(org.w3c.dom.NodeList) GraphqlComplexityInfo(org.wso2.carbon.apimgt.api.model.graphql.queryanalysis.GraphqlComplexityInfo) APIRevision(org.wso2.carbon.apimgt.api.model.APIRevision) FaultGatewaysException(org.wso2.carbon.apimgt.api.FaultGatewaysException) IOException(java.io.IOException) APIDefinitionValidationResponse(org.wso2.carbon.apimgt.api.APIDefinitionValidationResponse) JsonArray(com.google.gson.JsonArray) APIDTO(org.wso2.carbon.apimgt.rest.api.publisher.v1.dto.APIDTO) ProductAPIDTO(org.wso2.carbon.apimgt.rest.api.publisher.v1.dto.ProductAPIDTO) JsonElement(com.google.gson.JsonElement) API(org.wso2.carbon.apimgt.api.model.API) JsonParseException(com.google.gson.JsonParseException) ParseException(org.json.simple.parser.ParseException) CryptoException(org.wso2.carbon.core.util.CryptoException)

Example 2 with APIMgtAuthorizationFailedException

use of org.wso2.carbon.apimgt.api.APIMgtAuthorizationFailedException in project carbon-apimgt by wso2.

the class SubscriptionsApiServiceImpl method subscriptionsSubscriptionIdPut.

/**
 * Update already created subscriptions with the details specified in the body parameter
 *
 * @param body new subscription details
 * @return newly added subscription as a SubscriptionDTO if successful
 */
@Override
public Response subscriptionsSubscriptionIdPut(String subscriptionId, SubscriptionDTO body, String xWSO2Tenant, MessageContext messageContext) {
    String username = RestApiCommonUtil.getLoggedInUsername();
    APIConsumer apiConsumer;
    try {
        String organization = RestApiUtil.getValidatedOrganization(messageContext);
        apiConsumer = RestApiCommonUtil.getConsumer(username);
        String applicationId = body.getApplicationId();
        String currentThrottlingPolicy = body.getThrottlingPolicy();
        String requestedThrottlingPolicy = body.getRequestedThrottlingPolicy();
        SubscribedAPI subscribedAPI = apiConsumer.getSubscriptionByUUID(subscriptionId);
        // Check whether the subscription status is not empty and also not blocked
        if (body.getStatus() != null && subscribedAPI != null) {
            if ("BLOCKED".equals(body.getStatus().value()) || "ON_HOLD".equals(body.getStatus().value()) || "REJECTED".equals(body.getStatus().value()) || "BLOCKED".equals(subscribedAPI.getSubStatus()) || "ON_HOLD".equals(subscribedAPI.getSubStatus()) || "REJECTED".equals(subscribedAPI.getSubStatus())) {
                RestApiUtil.handleBadRequest("Cannot update subscriptions with provided or existing status", log);
                return null;
            }
        } else {
            RestApiUtil.handleBadRequest("Request must contain status of the subscription", log);
            return null;
        }
        // this will throw a APIMgtResourceNotFoundException
        if (body.getApiId() != null) {
            if (!RestAPIStoreUtils.isUserAccessAllowedForAPIByUUID(body.getApiId(), organization)) {
                RestApiUtil.handleAuthorizationFailure(RestApiConstants.RESOURCE_API, body.getApiId(), log);
            }
        } else {
            RestApiUtil.handleBadRequest("Request must contain either apiIdentifier or apiProductIdentifier and the relevant type", log);
            return null;
        }
        Application application = apiConsumer.getApplicationByUUID(applicationId);
        if (application == null) {
            // required application not found
            RestApiUtil.handleResourceNotFoundError(RestApiConstants.RESOURCE_APPLICATION, applicationId, log);
            return null;
        }
        if (!RestAPIStoreUtils.isUserAccessAllowedForApplication(application)) {
            // application access failure occurred
            RestApiUtil.handleAuthorizationFailure(RestApiConstants.RESOURCE_APPLICATION, applicationId, log);
        }
        ApiTypeWrapper apiTypeWrapper = apiConsumer.getAPIorAPIProductByUUID(body.getApiId(), organization);
        apiTypeWrapper.setTier(body.getThrottlingPolicy());
        SubscriptionResponse subscriptionResponse = apiConsumer.updateSubscription(apiTypeWrapper, username, application, subscriptionId, currentThrottlingPolicy, requestedThrottlingPolicy);
        SubscribedAPI addedSubscribedAPI = apiConsumer.getSubscriptionByUUID(subscriptionResponse.getSubscriptionUUID());
        SubscriptionDTO addedSubscriptionDTO = SubscriptionMappingUtil.fromSubscriptionToDTO(addedSubscribedAPI, organization);
        WorkflowResponse workflowResponse = subscriptionResponse.getWorkflowResponse();
        if (workflowResponse instanceof HttpWorkflowResponse) {
            String payload = workflowResponse.getJSONPayload();
            addedSubscriptionDTO.setRedirectionParams(payload);
        }
        return Response.ok(new URI(RestApiConstants.RESOURCE_PATH_SUBSCRIPTIONS + "/" + addedSubscribedAPI.getUUID())).entity(addedSubscriptionDTO).build();
    } catch (APIMgtAuthorizationFailedException e) {
        // this occurs when the api:application:tier mapping is not allowed. The reason for the message is taken from
        // the message of the exception e
        RestApiUtil.handleAuthorizationFailure(e.getMessage(), e, log);
    } catch (SubscriptionAlreadyExistingException e) {
        RestApiUtil.handleResourceAlreadyExistsError("Specified subscription already exists for API " + body.getApiId() + ", for application " + body.getApplicationId(), e, log);
    } catch (APIManagementException | URISyntaxException e) {
        if (RestApiUtil.isDueToResourceNotFound(e)) {
            // this happens when the specified API identifier does not exist
            RestApiUtil.handleResourceNotFoundError(RestApiConstants.RESOURCE_API, body.getApiId(), e, log);
        } else {
            // unhandled exception
            RestApiUtil.handleInternalServerError("Error while adding the subscription API:" + body.getApiId() + ", application:" + body.getApplicationId() + ", tier:" + body.getThrottlingPolicy(), e, log);
        }
    }
    return null;
}
Also used : ApiTypeWrapper(org.wso2.carbon.apimgt.api.model.ApiTypeWrapper) APIMgtAuthorizationFailedException(org.wso2.carbon.apimgt.api.APIMgtAuthorizationFailedException) URISyntaxException(java.net.URISyntaxException) URI(java.net.URI) APIManagementException(org.wso2.carbon.apimgt.api.APIManagementException) HttpWorkflowResponse(org.wso2.carbon.apimgt.impl.workflow.HttpWorkflowResponse) SubscriptionAlreadyExistingException(org.wso2.carbon.apimgt.api.SubscriptionAlreadyExistingException) SubscribedAPI(org.wso2.carbon.apimgt.api.model.SubscribedAPI) WorkflowResponse(org.wso2.carbon.apimgt.api.WorkflowResponse) HttpWorkflowResponse(org.wso2.carbon.apimgt.impl.workflow.HttpWorkflowResponse) SubscriptionResponse(org.wso2.carbon.apimgt.api.model.SubscriptionResponse) APIConsumer(org.wso2.carbon.apimgt.api.APIConsumer) Application(org.wso2.carbon.apimgt.api.model.Application) SubscriptionDTO(org.wso2.carbon.apimgt.rest.api.store.v1.dto.SubscriptionDTO)

Example 3 with APIMgtAuthorizationFailedException

use of org.wso2.carbon.apimgt.api.APIMgtAuthorizationFailedException in project carbon-apimgt by wso2.

the class RestApiUtilTest method testIsDueToResourceNotFoundWithInvalidException.

@Test
public void testIsDueToResourceNotFoundWithInvalidException() throws Exception {
    APIMgtAuthorizationFailedException testAPIMgtAuthorizationFailedException = new APIMgtAuthorizationFailedException("New Sample exception");
    Throwable testThrowable = new Throwable();
    PowerMockito.spy(RestApiUtil.class);
    PowerMockito.doReturn(testAPIMgtAuthorizationFailedException).when(RestApiUtil.class, "getPossibleErrorCause", testThrowable);
    Assert.assertFalse("Invalid exception has been passed.", RestApiUtil.isDueToResourceNotFound(testThrowable));
}
Also used : APIMgtAuthorizationFailedException(org.wso2.carbon.apimgt.api.APIMgtAuthorizationFailedException) PrepareForTest(org.powermock.core.classloader.annotations.PrepareForTest) Test(org.junit.Test)

Example 4 with APIMgtAuthorizationFailedException

use of org.wso2.carbon.apimgt.api.APIMgtAuthorizationFailedException in project carbon-apimgt by wso2.

the class APIConsumerImpl method checkSubscriptionAllowed.

/**
 * Check if the specified subscription is allowed for the logged in user
 *
 * @param apiTypeWrapper Api Type wrapper that contains either an API or API Product
 * @throws APIManagementException if the subscription allow check was failed. If the user is not allowed to add the
 *                                subscription, this will throw an instance of APIMgtAuthorizationFailedException with the reason as the message
 */
private void checkSubscriptionAllowed(ApiTypeWrapper apiTypeWrapper) throws APIManagementException {
    Set<Tier> tiers;
    String subscriptionAvailability;
    String subscriptionAllowedTenants;
    if (apiTypeWrapper.isAPIProduct()) {
        APIProduct product = apiTypeWrapper.getApiProduct();
        tiers = product.getAvailableTiers();
        subscriptionAvailability = product.getSubscriptionAvailability();
        subscriptionAllowedTenants = product.getSubscriptionAvailableTenants();
    } else {
        API api = apiTypeWrapper.getApi();
        String apiSecurity = api.getApiSecurity();
        if (apiSecurity != null && !apiSecurity.contains(APIConstants.DEFAULT_API_SECURITY_OAUTH2) && !apiSecurity.contains(APIConstants.API_SECURITY_API_KEY)) {
            String msg = "Subscription is not allowed for API " + apiTypeWrapper.toString() + ". To access the API, " + "please use the client certificate";
            throw new APIMgtAuthorizationFailedException(msg);
        }
        tiers = api.getAvailableTiers();
        subscriptionAvailability = api.getSubscriptionAvailability();
        subscriptionAllowedTenants = api.getSubscriptionAvailableTenants();
    }
    String apiOrganization = apiTypeWrapper.getOrganization();
    // Tenant based validation for subscription
    boolean subscriptionAllowed = false;
    if (!organization.equals(apiOrganization)) {
        if (APIConstants.SUBSCRIPTION_TO_ALL_TENANTS.equals(subscriptionAvailability)) {
            subscriptionAllowed = true;
        } else if (APIConstants.SUBSCRIPTION_TO_SPECIFIC_TENANTS.equals(subscriptionAvailability)) {
            if (subscriptionAllowedTenants != null) {
                String[] allowedTenants = subscriptionAllowedTenants.split(",");
                for (String tenant : allowedTenants) {
                    if (tenant != null && tenantDomain.equals(tenant.trim())) {
                        subscriptionAllowed = true;
                        break;
                    }
                }
            }
        }
    } else {
        subscriptionAllowed = true;
    }
    if (!subscriptionAllowed) {
        throw new APIMgtAuthorizationFailedException("Subscription is not allowed for " + userNameWithoutChange);
    }
    // check whether the specified tier is within the allowed tiers for the API
    Iterator<Tier> iterator = tiers.iterator();
    boolean isTierAllowed = false;
    List<String> allowedTierList = new ArrayList<>();
    while (iterator.hasNext()) {
        Tier t = iterator.next();
        if (t.getName() != null && (t.getName()).equals(apiTypeWrapper.getTier())) {
            isTierAllowed = true;
        }
        allowedTierList.add(t.getName());
    }
    if (!isTierAllowed) {
        String msg = "Tier " + apiTypeWrapper.getTier() + " is not allowed for API/API Product " + apiTypeWrapper + ". Only " + Arrays.toString(allowedTierList.toArray()) + " Tiers are allowed.";
        throw new APIManagementException(msg, ExceptionCodes.from(ExceptionCodes.SUBSCRIPTION_TIER_NOT_ALLOWED, apiTypeWrapper.getTier(), username));
    }
}
Also used : APIProduct(org.wso2.carbon.apimgt.api.model.APIProduct) APIManagementException(org.wso2.carbon.apimgt.api.APIManagementException) Tier(org.wso2.carbon.apimgt.api.model.Tier) APIMgtAuthorizationFailedException(org.wso2.carbon.apimgt.api.APIMgtAuthorizationFailedException) ArrayList(java.util.ArrayList) SubscribedAPI(org.wso2.carbon.apimgt.api.model.SubscribedAPI) DevPortalAPI(org.wso2.carbon.apimgt.persistence.dto.DevPortalAPI) API(org.wso2.carbon.apimgt.api.model.API)

Example 5 with APIMgtAuthorizationFailedException

use of org.wso2.carbon.apimgt.api.APIMgtAuthorizationFailedException in project carbon-apimgt by wso2.

the class SubscriptionsApiServiceImpl method subscriptionsPost.

/**
 * Creates a new subscriptions with the details specified in the body parameter
 *
 * @param body new subscription details
 * @return newly added subscription as a SubscriptionDTO if successful
 */
@Override
public Response subscriptionsPost(SubscriptionDTO body, String xWSO2Tenant, MessageContext messageContext) throws APIManagementException {
    String username = RestApiCommonUtil.getLoggedInUsername();
    APIConsumer apiConsumer;
    try {
        String organization = RestApiUtil.getValidatedOrganization(messageContext);
        String userOrganization = RestApiUtil.getValidatedSubjectOrganization(messageContext);
        apiConsumer = RestApiCommonUtil.getConsumer(username, userOrganization);
        String applicationId = body.getApplicationId();
        // this will throw a APIMgtResourceNotFoundException
        if (body.getApiId() != null) {
            if (!RestAPIStoreUtils.isUserAccessAllowedForAPIByUUID(body.getApiId(), organization)) {
                RestApiUtil.handleAuthorizationFailure(RestApiConstants.RESOURCE_API, body.getApiId(), log);
            }
        } else {
            RestApiUtil.handleBadRequest("Request must contain either apiIdentifier or apiProductIdentifier and the relevant type", log);
            return null;
        }
        Application application = apiConsumer.getApplicationByUUID(applicationId);
        if (application == null) {
            // required application not found
            RestApiUtil.handleResourceNotFoundError(RestApiConstants.RESOURCE_APPLICATION, applicationId, log);
            return null;
        }
        // If application creation workflow status is pending or rejected, throw a Bad request exception
        if (application.getStatus().equals(WorkflowStatus.REJECTED.toString()) || application.getStatus().equals(WorkflowStatus.CREATED.toString())) {
            RestApiUtil.handleBadRequest("Workflow status is not Approved", log);
            return null;
        }
        if (!RestAPIStoreUtils.isUserAccessAllowedForApplication(application)) {
            // application access failure occurred
            RestApiUtil.handleAuthorizationFailure(RestApiConstants.RESOURCE_APPLICATION, applicationId, log);
        }
        ApiTypeWrapper apiTypeWrapper = apiConsumer.getAPIorAPIProductByUUID(body.getApiId(), organization);
        apiTypeWrapper.setTier(body.getThrottlingPolicy());
        SubscriptionResponse subscriptionResponse = apiConsumer.addSubscription(apiTypeWrapper, username, application);
        SubscribedAPI addedSubscribedAPI = apiConsumer.getSubscriptionByUUID(subscriptionResponse.getSubscriptionUUID());
        SubscriptionDTO addedSubscriptionDTO = SubscriptionMappingUtil.fromSubscriptionToDTO(addedSubscribedAPI, apiTypeWrapper, organization);
        WorkflowResponse workflowResponse = subscriptionResponse.getWorkflowResponse();
        if (workflowResponse instanceof HttpWorkflowResponse) {
            String payload = workflowResponse.getJSONPayload();
            addedSubscriptionDTO.setRedirectionParams(payload);
        }
        return Response.created(new URI(RestApiConstants.RESOURCE_PATH_SUBSCRIPTIONS + "/" + addedSubscribedAPI.getUUID())).entity(addedSubscriptionDTO).build();
    } catch (APIMgtAuthorizationFailedException e) {
        // this occurs when the api:application:tier mapping is not allowed. The reason for the message is taken from
        // the message of the exception e
        RestApiUtil.handleAuthorizationFailure(e.getMessage(), e, log);
    } catch (SubscriptionAlreadyExistingException e) {
        RestApiUtil.handleResourceAlreadyExistsError("Specified subscription already exists for API " + body.getApiId() + ", for application " + body.getApplicationId(), e, log);
    } catch (URISyntaxException e) {
        if (RestApiUtil.isDueToResourceNotFound(e)) {
            // this happens when the specified API identifier does not exist
            RestApiUtil.handleResourceNotFoundError(RestApiConstants.RESOURCE_API, body.getApiId(), e, log);
        } else {
            // unhandled exception
            RestApiUtil.handleInternalServerError("Error while adding the subscription API:" + body.getApiId() + ", application:" + body.getApplicationId() + ", tier:" + body.getThrottlingPolicy(), e, log);
        }
    }
    return null;
}
Also used : ApiTypeWrapper(org.wso2.carbon.apimgt.api.model.ApiTypeWrapper) APIMgtAuthorizationFailedException(org.wso2.carbon.apimgt.api.APIMgtAuthorizationFailedException) URISyntaxException(java.net.URISyntaxException) URI(java.net.URI) HttpWorkflowResponse(org.wso2.carbon.apimgt.impl.workflow.HttpWorkflowResponse) SubscriptionAlreadyExistingException(org.wso2.carbon.apimgt.api.SubscriptionAlreadyExistingException) SubscribedAPI(org.wso2.carbon.apimgt.api.model.SubscribedAPI) WorkflowResponse(org.wso2.carbon.apimgt.api.WorkflowResponse) HttpWorkflowResponse(org.wso2.carbon.apimgt.impl.workflow.HttpWorkflowResponse) SubscriptionResponse(org.wso2.carbon.apimgt.api.model.SubscriptionResponse) APIConsumer(org.wso2.carbon.apimgt.api.APIConsumer) Application(org.wso2.carbon.apimgt.api.model.Application) SubscriptionDTO(org.wso2.carbon.apimgt.rest.api.store.v1.dto.SubscriptionDTO)

Aggregations

APIMgtAuthorizationFailedException (org.wso2.carbon.apimgt.api.APIMgtAuthorizationFailedException)7 APIManagementException (org.wso2.carbon.apimgt.api.APIManagementException)4 ApiTypeWrapper (org.wso2.carbon.apimgt.api.model.ApiTypeWrapper)4 SubscribedAPI (org.wso2.carbon.apimgt.api.model.SubscribedAPI)4 ArrayList (java.util.ArrayList)3 APIConsumer (org.wso2.carbon.apimgt.api.APIConsumer)3 SubscriptionAlreadyExistingException (org.wso2.carbon.apimgt.api.SubscriptionAlreadyExistingException)3 Application (org.wso2.carbon.apimgt.api.model.Application)3 SubscriptionResponse (org.wso2.carbon.apimgt.api.model.SubscriptionResponse)3 SubscriptionDTO (org.wso2.carbon.apimgt.rest.api.store.v1.dto.SubscriptionDTO)3 URI (java.net.URI)2 URISyntaxException (java.net.URISyntaxException)2 Test (org.junit.Test)2 PrepareForTest (org.powermock.core.classloader.annotations.PrepareForTest)2 WorkflowResponse (org.wso2.carbon.apimgt.api.WorkflowResponse)2 API (org.wso2.carbon.apimgt.api.model.API)2 HttpWorkflowResponse (org.wso2.carbon.apimgt.impl.workflow.HttpWorkflowResponse)2 Gson (com.google.gson.Gson)1 JsonArray (com.google.gson.JsonArray)1 JsonElement (com.google.gson.JsonElement)1