Example 61 with Scope
use of org.wso2.carbon.apimgt.api.model.Scope in project carbon-apimgt by wso2.
the class APIProviderImpl method addSharedScope.
/**
* Add Shared Scope by registering it in the KM and adding the scope as a Shared Scope in AM DB.
*
* @param scope Shared Scope
* @param tenantDomain Tenant domain
* @return UUId of the added Shared Scope object
* @throws APIManagementException if failed to add a scope
*/
@Override
public String addSharedScope(Scope scope, String tenantDomain) throws APIManagementException {
Set<Scope> scopeSet = new HashSet<>();
scopeSet.add(scope);
int tenantId = APIUtil.getTenantIdFromTenantDomain(tenantDomain);
addScopes(scopeSet, tenantId);
Map<String, KeyManagerDto> tenantKeyManagers = KeyManagerHolder.getTenantKeyManagers(tenantDomain);
for (Map.Entry<String, KeyManagerDto> keyManagerDtoEntry : tenantKeyManagers.entrySet()) {
KeyManager keyManager = keyManagerDtoEntry.getValue().getKeyManager();
if (keyManager != null) {
try {
keyManager.registerScope(scope);
} catch (APIManagementException e) {
log.error("Error occurred while registering Scope in Key Manager " + keyManagerDtoEntry.getKey(), e);
}
}
if (log.isDebugEnabled()) {
log.debug("Adding shared scope mapping: " + scope.getKey() + " to Key Manager : " + keyManagerDtoEntry.getKey());
}
}
return ApiMgtDAO.getInstance().addSharedScope(scope, tenantDomain);
}
Also used :
Scope(org.wso2.carbon.apimgt.api.model.Scope)
APIManagementException(org.wso2.carbon.apimgt.api.APIManagementException)
KeyManagerDto(org.wso2.carbon.apimgt.impl.dto.KeyManagerDto)
Map(java.util.Map)
TreeMap(java.util.TreeMap)
ConcurrentHashMap(java.util.concurrent.ConcurrentHashMap)
HashMap(java.util.HashMap)
KeyManager(org.wso2.carbon.apimgt.api.model.KeyManager)
HashSet(java.util.HashSet)
LinkedHashSet(java.util.LinkedHashSet)
Example 62 with Scope
use of org.wso2.carbon.apimgt.api.model.Scope in project carbon-apimgt by wso2.
the class SubscriptionDataLoaderImpl method loadAllScopes.
@Override
public List<Scope> loadAllScopes(String tenantDomain) throws DataLoadingException {
String scopesEp = APIConstants.SubscriptionValidationResources.SCOPES;
List<Scope> scopes = new ArrayList<>();
String responseString;
try {
responseString = invokeService(scopesEp, tenantDomain);
} catch (IOException e) {
String msg = "Error while executing the HTTP client " + scopesEp;
log.error(msg, e);
throw new DataLoadingException(msg, e);
}
if (responseString != null && !responseString.isEmpty()) {
scopes = new Gson().fromJson(responseString, ScopesList.class).getList();
}
return scopes;
}
Also used :
DataLoadingException(org.wso2.carbon.apimgt.keymgt.model.exception.DataLoadingException)
Scope(org.wso2.carbon.apimgt.keymgt.model.entity.Scope)
ArrayList(java.util.ArrayList)
Gson(com.google.gson.Gson)
IOException(java.io.IOException)
Example 63 with Scope
use of org.wso2.carbon.apimgt.api.model.Scope in project carbon-apimgt by wso2.
the class DefaultKeyValidationHandlerTest method testValidateScopes.
@Test
public void testValidateScopes() throws APIKeyMgtException {
API api = new API();
api.setApiId(1);
api.setApiProvider(USER_NAME);
api.setApiName(API_NAME);
api.setApiVersion(API_VERSION);
api.setContext(API_CONTEXT);
URLMapping urlMapping = new URLMapping();
urlMapping.addScope(SCOPES);
urlMapping.setHttpMethod(HTTP_VERB);
urlMapping.setUrlPattern(RESOURCE);
api.addResource(urlMapping);
Map<String, API> apiMap = new HashMap<>();
String key = API_CONTEXT + ":" + API_VERSION;
apiMap.put(key, api);
APIKeyValidationInfoDTO dto = new APIKeyValidationInfoDTO();
dto.setSubscriber(SUBSCRIBER);
dto.setApplicationName(APPLICATION_NAME);
dto.setApplicationId(APPLICATION_ID);
dto.setApplicationTier(TIER);
Set<String> scopeSet = new HashSet<>();
scopeSet.add(SCOPES);
dto.setScopes(scopeSet);
dto.setSubscriberTenantDomain(MultitenantConstants.SUPER_TENANT_DOMAIN_NAME);
dto.setUserType(APIConstants.ACCESS_TOKEN_USER_TYPE_APPLICATION);
// TokenValidationContext for non default API
TokenValidationContext param1 = new TokenValidationContext();
param1.setValidationInfoDTO(dto);
param1.setContext(API_CONTEXT);
param1.setVersion(API_VERSION);
param1.setAccessToken(ACCESS_TOKEN);
param1.setMatchingResource(RESOURCE);
param1.setHttpVerb(HTTP_VERB);
// TokenValidationContext for default API version
TokenValidationContext param2 = new TokenValidationContext();
param2.setValidationInfoDTO(dto);
param2.setContext(API_CONTEXT);
param2.setVersion(DEFAULT_API_VERSION);
param2.setAccessToken(ACCESS_TOKEN);
param2.setMatchingResource(RESOURCE);
param2.setHttpVerb(HTTP_VERB);
Mockito.when(SubscriptionDataHolder.getInstance()).thenReturn(subscriptionDataHolder);
Mockito.when(privilegedCarbonContext.getTenantDomain()).thenReturn(TENANT_DOMAIN);
Mockito.when(subscriptionDataHolder.getTenantSubscriptionStore(eq(TENANT_DOMAIN))).thenReturn(tenantSubscriptionStore);
Mockito.when(tenantSubscriptionStore.getApiByContextAndVersion(eq(API_CONTEXT), eq(API_VERSION))).thenReturn(api);
DefaultKeyValidationHandler defaultKeyValidationHandler = new DefaultKeyValidationHandler();
boolean isScopeValidated = defaultKeyValidationHandler.validateScopes(param1);
boolean isScopeValidated_default = defaultKeyValidationHandler.validateScopes(param2);
Assert.assertTrue("Scope validation fails for API " + API_NAME, isScopeValidated);
Assert.assertTrue("Scope validation fails for default API " + API_NAME, isScopeValidated_default);
}
Also used :
URLMapping(org.wso2.carbon.apimgt.api.model.subscription.URLMapping)
TokenValidationContext(org.wso2.carbon.apimgt.keymgt.service.TokenValidationContext)
HashMap(java.util.HashMap)
API(org.wso2.carbon.apimgt.keymgt.model.entity.API)
APIKeyValidationInfoDTO(org.wso2.carbon.apimgt.impl.dto.APIKeyValidationInfoDTO)
HashSet(java.util.HashSet)
Test(org.junit.Test)
PrepareForTest(org.powermock.core.classloader.annotations.PrepareForTest)
Example 64 with Scope
use of org.wso2.carbon.apimgt.api.model.Scope in project carbon-apimgt by wso2.
the class DefaultKeyValidationHandler method validateScopes.
@Override
public boolean validateScopes(TokenValidationContext validationContext) throws APIKeyMgtException {
if (validationContext.isCacheHit()) {
return true;
}
APIKeyValidationInfoDTO apiKeyValidationInfoDTO = validationContext.getValidationInfoDTO();
if (apiKeyValidationInfoDTO == null) {
throw new APIKeyMgtException("Key Validation information not set");
}
String tenantDomain = PrivilegedCarbonContext.getThreadLocalCarbonContext().getTenantDomain();
String httpVerb = validationContext.getHttpVerb();
String[] scopes;
Set<String> scopesSet = apiKeyValidationInfoDTO.getScopes();
StringBuilder scopeList = new StringBuilder();
if (scopesSet != null && !scopesSet.isEmpty()) {
scopes = scopesSet.toArray(new String[scopesSet.size()]);
if (log.isDebugEnabled() && scopes != null) {
for (String scope : scopes) {
scopeList.append(scope);
scopeList.append(",");
}
scopeList.deleteCharAt(scopeList.length() - 1);
log.debug("Scopes allowed for token : " + validationContext.getAccessToken() + " : " + scopeList.toString());
}
}
String resourceList = validationContext.getMatchingResource();
List<String> resourceArray;
if ((APIConstants.GRAPHQL_QUERY.equalsIgnoreCase(validationContext.getHttpVerb())) || (APIConstants.GRAPHQL_MUTATION.equalsIgnoreCase(validationContext.getHttpVerb())) || (APIConstants.GRAPHQL_SUBSCRIPTION.equalsIgnoreCase(validationContext.getHttpVerb()))) {
resourceArray = new ArrayList<>(Arrays.asList(resourceList.split(",")));
} else {
resourceArray = new ArrayList<>(Arrays.asList(resourceList));
}
String actualVersion = validationContext.getVersion();
// Check if the api version has been prefixed with _default_
if (actualVersion != null && actualVersion.startsWith(APIConstants.DEFAULT_VERSION_PREFIX)) {
// Remove the prefix from the version.
actualVersion = actualVersion.split(APIConstants.DEFAULT_VERSION_PREFIX)[1];
}
SubscriptionDataStore tenantSubscriptionStore = SubscriptionDataHolder.getInstance().getTenantSubscriptionStore(tenantDomain);
API api = tenantSubscriptionStore.getApiByContextAndVersion(validationContext.getContext(), actualVersion);
boolean scopesValidated = false;
if (api != null) {
for (String resource : resourceArray) {
List<URLMapping> resources = api.getResources();
URLMapping urlMapping = null;
for (URLMapping mapping : resources) {
if (Objects.equals(mapping.getHttpMethod(), httpVerb) || "WS".equalsIgnoreCase(api.getApiType())) {
if (isResourcePathMatching(resource, mapping)) {
urlMapping = mapping;
break;
}
}
}
if (urlMapping != null) {
if (urlMapping.getScopes().size() == 0) {
scopesValidated = true;
continue;
}
List<String> mappingScopes = urlMapping.getScopes();
boolean validate = false;
for (String scope : mappingScopes) {
if (scopesSet.contains(scope)) {
scopesValidated = true;
validate = true;
break;
}
}
if (!validate && urlMapping.getScopes().size() > 0) {
scopesValidated = false;
break;
}
}
}
}
if (!scopesValidated) {
apiKeyValidationInfoDTO.setAuthorized(false);
apiKeyValidationInfoDTO.setValidationStatus(APIConstants.KeyValidationStatus.INVALID_SCOPE);
}
return scopesValidated;
}
Also used :
SubscriptionDataStore(org.wso2.carbon.apimgt.keymgt.model.SubscriptionDataStore)
APIKeyMgtException(org.wso2.carbon.apimgt.keymgt.APIKeyMgtException)
URLMapping(org.wso2.carbon.apimgt.api.model.subscription.URLMapping)
API(org.wso2.carbon.apimgt.keymgt.model.entity.API)
APIKeyValidationInfoDTO(org.wso2.carbon.apimgt.impl.dto.APIKeyValidationInfoDTO)
Example 65 with Scope
use of org.wso2.carbon.apimgt.api.model.Scope in project carbon-apimgt by wso2.
the class BasicAuthAuthenticatorTest method setup.
@Before
public void setup() throws Exception {
PowerMockito.mockStatic(OpenAPIUtils.class);
PowerMockito.when(OpenAPIUtils.getResourceAuthenticationScheme(Mockito.any(), Mockito.any())).thenReturn(APIConstants.AUTH_APPLICATION_OR_USER_LEVEL_TOKEN);
messageContext = Mockito.mock(Axis2MessageContext.class);
axis2MsgCntxt = Mockito.mock(org.apache.axis2.context.MessageContext.class);
Mockito.when(axis2MsgCntxt.getProperty(APIMgtGatewayConstants.REQUEST_RECEIVED_TIME)).thenReturn("1506576365");
Mockito.when(((Axis2MessageContext) messageContext).getAxis2MessageContext()).thenReturn(axis2MsgCntxt);
Mockito.when((messageContext.getProperty(APIMgtGatewayConstants.OPEN_API_OBJECT))).thenReturn(Mockito.mock(OpenAPI.class));
basicAuthAuthenticator = new BasicAuthAuthenticator(CUSTOM_AUTH_HEADER, true, UNLIMITED_THROTTLE_POLICY);
BasicAuthCredentialValidator basicAuthCredentialValidator = Mockito.mock(BasicAuthCredentialValidator.class);
BasicAuthValidationInfoDTO basicAuthValidationInfoDTO = new BasicAuthValidationInfoDTO();
Mockito.when(basicAuthCredentialValidator.validate(Mockito.anyString(), Mockito.anyString())).thenAnswer(invocationOnMock -> {
Object argument1 = invocationOnMock.getArguments()[0];
Object argument2 = invocationOnMock.getArguments()[1];
if ((argument1.equals("test_username@carbon.super") || argument1.equals("test_username_blocked@carbon.super")) && argument2.equals("test_password")) {
basicAuthValidationInfoDTO.setAuthenticated(true);
basicAuthValidationInfoDTO.setHashedPassword("hashed_test_password");
if ("test_username@carbon.super".equals(argument1)) {
basicAuthValidationInfoDTO.setDomainQualifiedUsername("test_username@carbon.super");
} else if ("test_username_blocked@carbon.super".equals(argument1)) {
basicAuthValidationInfoDTO.setDomainQualifiedUsername("test_username_blocked@carbon.super");
}
String[] userRoleList = { "roleQ", "roleX" };
basicAuthValidationInfoDTO.setUserRoleList(userRoleList);
return basicAuthValidationInfoDTO;
}
return basicAuthValidationInfoDTO;
});
Mockito.when(basicAuthCredentialValidator.validateScopes(Mockito.anyString(), Mockito.any(OpenAPI.class), Mockito.any(MessageContext.class), Mockito.anyObject())).thenAnswer(invocationOnMock -> {
Object argument = invocationOnMock.getArguments()[0];
if (argument.equals("test_username@carbon.super")) {
return true;
} else if (argument.equals("test_username_blocked@carbon.super")) {
throw new APISecurityException(APISecurityConstants.INVALID_SCOPE, "Scope validation failed");
}
return false;
});
PowerMockito.whenNew(BasicAuthCredentialValidator.class).withNoArguments().thenReturn(basicAuthCredentialValidator);
Mockito.when(messageContext.getProperty(BasicAuthAuthenticator.PUBLISHER_TENANT_DOMAIN)).thenReturn("carbon.super");
}
Also used :
APISecurityException(org.wso2.carbon.apimgt.gateway.handlers.security.APISecurityException)
BasicAuthValidationInfoDTO(org.wso2.carbon.apimgt.impl.dto.BasicAuthValidationInfoDTO)
MessageContext(org.apache.synapse.MessageContext)
Axis2MessageContext(org.apache.synapse.core.axis2.Axis2MessageContext)
OpenAPI(io.swagger.v3.oas.models.OpenAPI)
Axis2MessageContext(org.apache.synapse.core.axis2.Axis2MessageContext)
Before(org.junit.Before)
Aggregations
Scope (org.wso2.carbon.apimgt.api.model.Scope)97
HashMap (java.util.HashMap)76
ArrayList (java.util.ArrayList)58
APIManagementException (org.wso2.carbon.apimgt.api.APIManagementException)50
Scope (org.wso2.carbon.apimgt.core.models.Scope)41
Map (java.util.Map)39
URITemplate (org.wso2.carbon.apimgt.api.model.URITemplate)39
LinkedHashSet (java.util.LinkedHashSet)32
LinkedHashMap (java.util.LinkedHashMap)29
HashSet (java.util.HashSet)26
RestVariable (org.wso2.carbon.bpmn.rest.engine.variable.RestVariable)25
List (java.util.List)24
Test (org.testng.annotations.Test)23
JSONObject (org.json.simple.JSONObject)22
APIManagementException (org.wso2.carbon.apimgt.core.exception.APIManagementException)19
PreparedStatement (java.sql.PreparedStatement)17
APIIdentifier (org.wso2.carbon.apimgt.api.model.APIIdentifier)17
SQLException (java.sql.SQLException)16
Gson (com.google.gson.Gson)15
Connection (java.sql.Connection)15
