Search in sources :

Example 6 with OAuthTokenInfo

use of org.wso2.carbon.apimgt.api.OAuthTokenInfo in project carbon-apimgt by wso2.

the class OAuthOpaqueAuthenticatorImpl method isAccessTokenExpired.

private boolean isAccessTokenExpired(OAuthTokenInfo accessTokenInfo) {
    APIKeyValidationInfoDTO infoDTO = new APIKeyValidationInfoDTO();
    infoDTO.setValidityPeriod(accessTokenInfo.getValidityPeriod());
    infoDTO.setIssuedTime(accessTokenInfo.getIssuedTime());
    return APIUtil.isAccessTokenExpired(infoDTO);
}
Also used : APIKeyValidationInfoDTO(org.wso2.carbon.apimgt.impl.dto.APIKeyValidationInfoDTO)

Example 7 with OAuthTokenInfo

use of org.wso2.carbon.apimgt.api.OAuthTokenInfo in project carbon-apimgt by wso2.

the class JWTUtil method validateScopes.

/**
 * @param message   CXF message to be validate
 * @param tokenInfo Token information associated with incoming request
 * @return return true if we found matching scope in resource and token information
 * else false(means scope validation failed).
 */
public static boolean validateScopes(HashMap<String, Object> message, OAuthTokenInfo tokenInfo) {
    String basePath = (String) message.get(RestApiConstants.BASE_PATH);
    // path is obtained from Message.REQUEST_URI instead of Message.PATH_INFO, as Message.PATH_INFO contains
    // decoded values of request parameters
    String path = (String) message.get(RestApiConstants.REQUEST_URL);
    String verb = (String) message.get(RestApiConstants.REQUEST_METHOD);
    String resource = path.substring(basePath.length() - 1);
    String[] scopes = tokenInfo.getScopes();
    String version = (String) message.get(RestApiConstants.API_VERSION);
    // get all the URI templates of the REST API from the base path
    Set<URITemplate> uriTemplates = (Set<URITemplate>) message.get(RestApiConstants.URI_TEMPLATES);
    if (uriTemplates.isEmpty()) {
        if (log.isDebugEnabled()) {
            log.debug("No matching scopes found for request with path: " + basePath + ". Skipping scope validation.");
        }
        return true;
    }
    for (Object template : uriTemplates.toArray()) {
        org.wso2.uri.template.URITemplate templateToValidate = null;
        Map<String, String> var = new HashMap<String, String>();
        // check scopes with what we have
        String templateString = ((URITemplate) template).getUriTemplate();
        try {
            templateToValidate = new org.wso2.uri.template.URITemplate(templateString);
        } catch (URITemplateException e) {
            log.error("Error while creating URI Template object to validate request. Template pattern: " + templateString, e);
        }
        if (templateToValidate != null && templateToValidate.matches(resource, var) && scopes != null && verb != null && verb.equalsIgnoreCase(((URITemplate) template).getHTTPVerb())) {
            for (String scope : scopes) {
                Scope scp = ((URITemplate) template).getScope();
                if (scp != null) {
                    if (scope.equalsIgnoreCase(scp.getKey())) {
                        // we found scopes matches
                        if (log.isDebugEnabled()) {
                            log.debug("Scope validation successful for access token: " + message.get(RestApiConstants.MASKED_TOKEN) + " with scope: " + scp.getKey() + " for resource path: " + path + " and verb " + verb);
                        }
                        return true;
                    }
                } else if (!((URITemplate) template).retrieveAllScopes().isEmpty()) {
                    List<Scope> scopesList = ((URITemplate) template).retrieveAllScopes();
                    for (Scope scpObj : scopesList) {
                        if (scope.equalsIgnoreCase(scpObj.getKey())) {
                            // we found scopes matches
                            if (log.isDebugEnabled()) {
                                log.debug("Scope validation successful for access token: " + message.get(RestApiConstants.MASKED_TOKEN) + " with scope: " + scpObj.getKey() + " for resource path: " + path + " and verb " + verb);
                            }
                            return true;
                        }
                    }
                } else {
                    if (log.isDebugEnabled()) {
                        log.debug("Scope not defined in swagger for matching resource " + resource + " and verb " + verb + " . So consider as anonymous permission and let request to continue.");
                    }
                    return true;
                }
            }
        }
    }
    return false;
}
Also used : Set(java.util.Set) HashMap(java.util.HashMap) URITemplate(org.wso2.carbon.apimgt.api.model.URITemplate) URITemplateException(org.wso2.uri.template.URITemplateException) Scope(org.wso2.carbon.apimgt.api.model.Scope) List(java.util.List)

Aggregations

List (java.util.List)4 OAuthTokenInfo (org.wso2.carbon.apimgt.api.OAuthTokenInfo)4 MethodStats (org.wso2.carbon.apimgt.rest.api.util.MethodStats)4 HashMap (java.util.HashMap)3 Log (org.apache.commons.logging.Log)3 LogFactory (org.apache.commons.logging.LogFactory)3 APIManagementException (org.wso2.carbon.apimgt.api.APIManagementException)3 Scope (org.wso2.carbon.apimgt.api.model.Scope)3 URITemplate (org.wso2.carbon.apimgt.api.model.URITemplate)3 APIConstants (org.wso2.carbon.apimgt.impl.APIConstants)3 APIUtil (org.wso2.carbon.apimgt.impl.utils.APIUtil)3 RestApiConstants (org.wso2.carbon.apimgt.rest.api.common.RestApiConstants)3 PrivilegedCarbonContext (org.wso2.carbon.context.PrivilegedCarbonContext)3 UserStoreException (org.wso2.carbon.user.api.UserStoreException)3 RealmService (org.wso2.carbon.user.core.service.RealmService)3 CarbonUtils (org.wso2.carbon.utils.CarbonUtils)3 MultitenantConstants (org.wso2.carbon.utils.multitenancy.MultitenantConstants)3 MultitenantUtils (org.wso2.carbon.utils.multitenancy.MultitenantUtils)3 URITemplateException (org.wso2.uri.template.URITemplateException)3 ParseException (java.text.ParseException)2