Example 6 with URLMapping
use of org.wso2.carbon.apimgt.api.model.subscription.URLMapping in project carbon-apimgt by wso2.
the class DefaultKeyValidationHandler method validateScopes.
@Override
public boolean validateScopes(TokenValidationContext validationContext) throws APIKeyMgtException {
if (validationContext.isCacheHit()) {
return true;
}
APIKeyValidationInfoDTO apiKeyValidationInfoDTO = validationContext.getValidationInfoDTO();
if (apiKeyValidationInfoDTO == null) {
throw new APIKeyMgtException("Key Validation information not set");
}
String tenantDomain = PrivilegedCarbonContext.getThreadLocalCarbonContext().getTenantDomain();
String httpVerb = validationContext.getHttpVerb();
String[] scopes;
Set<String> scopesSet = apiKeyValidationInfoDTO.getScopes();
StringBuilder scopeList = new StringBuilder();
if (scopesSet != null && !scopesSet.isEmpty()) {
scopes = scopesSet.toArray(new String[scopesSet.size()]);
if (log.isDebugEnabled() && scopes != null) {
for (String scope : scopes) {
scopeList.append(scope);
scopeList.append(",");
}
scopeList.deleteCharAt(scopeList.length() - 1);
log.debug("Scopes allowed for token : " + validationContext.getAccessToken() + " : " + scopeList.toString());
}
}
String resourceList = validationContext.getMatchingResource();
List<String> resourceArray;
if ((APIConstants.GRAPHQL_QUERY.equalsIgnoreCase(validationContext.getHttpVerb())) || (APIConstants.GRAPHQL_MUTATION.equalsIgnoreCase(validationContext.getHttpVerb())) || (APIConstants.GRAPHQL_SUBSCRIPTION.equalsIgnoreCase(validationContext.getHttpVerb()))) {
resourceArray = new ArrayList<>(Arrays.asList(resourceList.split(",")));
} else {
resourceArray = new ArrayList<>(Arrays.asList(resourceList));
}
String actualVersion = validationContext.getVersion();
// Check if the api version has been prefixed with _default_
if (actualVersion != null && actualVersion.startsWith(APIConstants.DEFAULT_VERSION_PREFIX)) {
// Remove the prefix from the version.
actualVersion = actualVersion.split(APIConstants.DEFAULT_VERSION_PREFIX)[1];
}
SubscriptionDataStore tenantSubscriptionStore = SubscriptionDataHolder.getInstance().getTenantSubscriptionStore(tenantDomain);
API api = tenantSubscriptionStore.getApiByContextAndVersion(validationContext.getContext(), actualVersion);
boolean scopesValidated = false;
if (api != null) {
for (String resource : resourceArray) {
List<URLMapping> resources = api.getResources();
URLMapping urlMapping = null;
for (URLMapping mapping : resources) {
if (Objects.equals(mapping.getHttpMethod(), httpVerb) || "WS".equalsIgnoreCase(api.getApiType())) {
if (isResourcePathMatching(resource, mapping)) {
urlMapping = mapping;
break;
}
}
}
if (urlMapping != null) {
if (urlMapping.getScopes().size() == 0) {
scopesValidated = true;
continue;
}
List<String> mappingScopes = urlMapping.getScopes();
boolean validate = false;
for (String scope : mappingScopes) {
if (scopesSet.contains(scope)) {
scopesValidated = true;
validate = true;
break;
}
}
if (!validate && urlMapping.getScopes().size() > 0) {
scopesValidated = false;
break;
}
}
}
}
if (!scopesValidated) {
apiKeyValidationInfoDTO.setAuthorized(false);
apiKeyValidationInfoDTO.setValidationStatus(APIConstants.KeyValidationStatus.INVALID_SCOPE);
}
return scopesValidated;
}
Also used :
SubscriptionDataStore(org.wso2.carbon.apimgt.keymgt.model.SubscriptionDataStore)
APIKeyMgtException(org.wso2.carbon.apimgt.keymgt.APIKeyMgtException)
URLMapping(org.wso2.carbon.apimgt.api.model.subscription.URLMapping)
API(org.wso2.carbon.apimgt.keymgt.model.entity.API)
APIKeyValidationInfoDTO(org.wso2.carbon.apimgt.impl.dto.APIKeyValidationInfoDTO)
Example 7 with URLMapping
use of org.wso2.carbon.apimgt.api.model.subscription.URLMapping in project carbon-apimgt by wso2.
the class SubscriptionValidationDAO method attachURlMappingDetailsOfApiProduct.
private void attachURlMappingDetailsOfApiProduct(Connection connection, API api) throws SQLException {
String sql = SubscriptionValidationSQLConstants.GET_ALL_API_PRODUCT_URI_TEMPLATES_SQL;
try (PreparedStatement preparedStatement = connection.prepareStatement(sql)) {
preparedStatement.setInt(1, api.getApiId());
try (ResultSet resultSet = preparedStatement.executeQuery()) {
while (resultSet.next()) {
String httpMethod = resultSet.getString("HTTP_METHOD");
String authScheme = resultSet.getString("AUTH_SCHEME");
String urlPattern = resultSet.getString("URL_PATTERN");
String throttlingTier = resultSet.getString("THROTTLING_TIER");
String scopeName = resultSet.getString("SCOPE_NAME");
URLMapping urlMapping = api.getResource(urlPattern, httpMethod);
if (urlMapping == null) {
urlMapping = new URLMapping();
urlMapping.setAuthScheme(authScheme);
urlMapping.setHttpMethod(httpMethod);
urlMapping.setThrottlingPolicy(throttlingTier);
urlMapping.setUrlPattern(urlPattern);
}
if (StringUtils.isNotEmpty(scopeName)) {
urlMapping.addScope(scopeName);
}
api.addResource(urlMapping);
}
}
}
}
Also used :
URLMapping(org.wso2.carbon.apimgt.api.model.subscription.URLMapping)
ResultSet(java.sql.ResultSet)
PreparedStatement(java.sql.PreparedStatement)
Example 8 with URLMapping
use of org.wso2.carbon.apimgt.api.model.subscription.URLMapping in project carbon-apimgt by wso2.
the class SubscriptionValidationDAO method attachURLMappingDetails.
private void attachURLMappingDetails(Connection connection, String revisionId, API api) throws SQLException {
try (PreparedStatement preparedStatement = connection.prepareStatement(SubscriptionValidationSQLConstants.GET_URI_TEMPLATES_BY_API_SQL)) {
preparedStatement.setInt(1, api.getApiId());
preparedStatement.setString(2, revisionId);
try (ResultSet resultSet = preparedStatement.executeQuery()) {
while (resultSet.next()) {
String httpMethod = resultSet.getString("HTTP_METHOD");
String authScheme = resultSet.getString("AUTH_SCHEME");
String urlPattern = resultSet.getString("URL_PATTERN");
String throttlingTier = resultSet.getString("THROTTLING_TIER");
String scopeName = resultSet.getString("SCOPE_NAME");
URLMapping urlMapping = api.getResource(urlPattern, httpMethod);
if (urlMapping == null) {
urlMapping = new URLMapping();
urlMapping.setAuthScheme(authScheme);
urlMapping.setHttpMethod(httpMethod);
urlMapping.setThrottlingPolicy(throttlingTier);
urlMapping.setUrlPattern(urlPattern);
}
if (StringUtils.isNotEmpty(scopeName)) {
urlMapping.addScope(scopeName);
}
api.addResource(urlMapping);
}
}
}
}
Also used :
URLMapping(org.wso2.carbon.apimgt.api.model.subscription.URLMapping)
ResultSet(java.sql.ResultSet)
PreparedStatement(java.sql.PreparedStatement)
Example 9 with URLMapping
use of org.wso2.carbon.apimgt.api.model.subscription.URLMapping in project carbon-apimgt by wso2.
the class GatewayUtils method convertUriTemplate.
private static List<URLMappingDTO> convertUriTemplate(List<URLMapping> resources) {
List<URLMappingDTO> urlMappingDTOList = new ArrayList<>();
for (URLMapping resource : resources) {
URLMappingDTO urlMappingDTO = new URLMappingDTO().urlPattern(resource.getUrlPattern()).authScheme(resource.getAuthScheme()).httpMethod(resource.getHttpMethod()).throttlingPolicy(resource.getThrottlingPolicy()).scopes(resource.getScopes());
urlMappingDTOList.add(urlMappingDTO);
}
return urlMappingDTOList;
}
Also used :
URLMapping(org.wso2.carbon.apimgt.api.model.subscription.URLMapping)
ArrayList(java.util.ArrayList)
URLMappingDTO(org.wso2.carbon.apimgt.rest.api.gateway.dto.URLMappingDTO)
Example 10 with URLMapping
use of org.wso2.carbon.apimgt.api.model.subscription.URLMapping in project carbon-apimgt by wso2.
the class CacheInvalidationServiceImpl method invalidateResourceCache.
public void invalidateResourceCache(String context, String version, String organization, List<URLMapping> urlMappings) {
boolean isTenantFlowStarted = false;
try {
isTenantFlowStarted = startTenantFlow(organization);
Cache cache = CacheProvider.getResourceCache();
String apiCacheKey = APIUtil.getAPIInfoDTOCacheKey(context, version);
if (cache.containsKey(apiCacheKey)) {
cache.remove(apiCacheKey);
}
for (URLMapping uriTemplate : urlMappings) {
String resourceVerbCacheKey = APIUtil.getResourceInfoDTOCacheKey(context, version, uriTemplate.getUrlPattern(), uriTemplate.getHttpMethod());
if (cache.containsKey(resourceVerbCacheKey)) {
cache.remove(resourceVerbCacheKey);
}
}
} finally {
if (isTenantFlowStarted) {
endTenantFlow();
}
}
}
Also used :
URLMapping(org.wso2.carbon.apimgt.api.model.subscription.URLMapping)
Cache(javax.cache.Cache)
Aggregations
URLMapping (org.wso2.carbon.apimgt.api.model.subscription.URLMapping)12
ArrayList (java.util.ArrayList)9
PreparedStatement (java.sql.PreparedStatement)7
ResultSet (java.sql.ResultSet)7
HashMap (java.util.HashMap)6
URITemplate (org.wso2.carbon.apimgt.api.model.URITemplate)6
Gson (com.google.gson.Gson)5
ByteArrayInputStream (java.io.ByteArrayInputStream)5
InputStream (java.io.InputStream)5
SQLException (java.sql.SQLException)5
LinkedHashMap (java.util.LinkedHashMap)5
OperationPolicy (org.wso2.carbon.apimgt.api.model.OperationPolicy)5
Scope (org.wso2.carbon.apimgt.api.model.Scope)5
API (org.wso2.carbon.apimgt.keymgt.model.entity.API)5
Connection (java.sql.Connection)4
HashSet (java.util.HashSet)4
ClientCertificateDTO (org.wso2.carbon.apimgt.api.dto.ClientCertificateDTO)4
CustomComplexityDetails (org.wso2.carbon.apimgt.api.model.graphql.queryanalysis.CustomComplexityDetails)4
LinkedHashSet (java.util.LinkedHashSet)3
Test (org.junit.Test)3
