Example 6 with IdentityProviderException
use of org.wso2.carbon.apimgt.core.exception.IdentityProviderException in project carbon-apimgt by wso2.
the class DefaultIdentityProviderImpl method getIdOfUser.
@Override
public String getIdOfUser(String userName) throws IdentityProviderException {
// should not user id outside this domain and should not log that id.
try {
userName = userNameMapper.getLoggedInUserIDFromPseudoName(userName);
} catch (APIManagementException e) {
throw new IdentityProviderException(e.getMessage(), ExceptionCodes.USER_MAPPING_RETRIEVAL_FAILED);
}
Response userResponse = scimServiceStub.searchUsers(FILTER_PREFIX_USER + userName);
String userId;
if (userResponse == null) {
String errorMessage = "Error occurred while retrieving Id of user " + userName + ". Error : Response is null.";
log.error(errorMessage);
throw new IdentityProviderException(errorMessage, ExceptionCodes.RESOURCE_RETRIEVAL_FAILED);
}
if (userResponse.status() == APIMgtConstants.HTTPStatusCodes.SC_200_OK) {
String responseBody = userResponse.body().toString();
JsonParser parser = new JsonParser();
JsonObject parsedResponseBody = (JsonObject) parser.parse(responseBody);
JsonArray user = (JsonArray) parsedResponseBody.get(RESOURCES);
JsonObject scimUser = (JsonObject) user.get(0);
userId = scimUser.get(ID).getAsString();
String message = "Id " + userId + " of user " + scimUser.get(USERNAME).getAsString() + " is successfully retrieved from SCIM endpoint.";
if (log.isDebugEnabled()) {
log.debug(message);
}
} else {
String errorMessage = "Error occurred while retrieving Id of user " + userName + ". Error : " + getErrorMessage(userResponse);
log.error(errorMessage);
throw new IdentityProviderException(errorMessage, ExceptionCodes.RESOURCE_RETRIEVAL_FAILED);
}
return userId;
}
Also used :
Response(feign.Response)
JsonArray(com.google.gson.JsonArray)
APIManagementException(org.wso2.carbon.apimgt.core.exception.APIManagementException)
JsonObject(com.google.gson.JsonObject)
IdentityProviderException(org.wso2.carbon.apimgt.core.exception.IdentityProviderException)
JsonParser(com.google.gson.JsonParser)
Example 7 with IdentityProviderException
use of org.wso2.carbon.apimgt.core.exception.IdentityProviderException in project carbon-apimgt by wso2.
the class DefaultIdentityProviderImpl method getRoleId.
@Override
public String getRoleId(String roleName) throws IdentityProviderException {
Response roleResponse = scimServiceStub.searchGroups(FILTER_PREFIX_ROLE + roleName);
String roleId;
if (roleResponse == null) {
String errorMessage = "Error occurred while retrieving Id of role " + roleName + ". Error : Response is null.";
log.error(errorMessage);
throw new IdentityProviderException(errorMessage, ExceptionCodes.RESOURCE_RETRIEVAL_FAILED);
}
if (roleResponse.status() == APIMgtConstants.HTTPStatusCodes.SC_200_OK) {
String responseBody = roleResponse.body().toString();
JsonParser parser = new JsonParser();
JsonObject parsedResponseBody = (JsonObject) parser.parse(responseBody);
JsonArray role = (JsonArray) parsedResponseBody.get(RESOURCES);
JsonObject scimGroup = (JsonObject) role.get(0);
roleId = scimGroup.get(ID).getAsString();
String message = "Id " + roleId + " of role " + scimGroup.get(GROUPNAME).getAsString() + " is successfully retrieved from SCIM endpoint.";
if (log.isDebugEnabled()) {
log.debug(message);
}
} else {
String errorMessage = "Error occurred while retrieving Id of role " + roleName + ". Error : " + getErrorMessage(roleResponse);
log.error(errorMessage);
throw new IdentityProviderException(errorMessage, ExceptionCodes.RESOURCE_RETRIEVAL_FAILED);
}
return roleId;
}
Also used :
Response(feign.Response)
JsonArray(com.google.gson.JsonArray)
JsonObject(com.google.gson.JsonObject)
IdentityProviderException(org.wso2.carbon.apimgt.core.exception.IdentityProviderException)
JsonParser(com.google.gson.JsonParser)
Example 8 with IdentityProviderException
use of org.wso2.carbon.apimgt.core.exception.IdentityProviderException in project carbon-apimgt by wso2.
the class APIPublisherImpl method replaceGroupIdWithName.
/**
* This method replaces the groupId field's value of the api permissions string to the role name before sending to
* frontend
*
* @param permissionString - permissions string containing role ids in the groupId field
* @return the permission string replacing the groupId field's value to role name
* @throws ParseException - if there is an error parsing the permission json
* @throws APIManagementException - if there is an error getting the IdentityProvider instance
*/
private String replaceGroupIdWithName(String permissionString) throws ParseException, APIManagementException {
JSONArray updatedPermissionArray = new JSONArray();
JSONParser jsonParser = new JSONParser();
JSONArray originalPermissionArray = (JSONArray) jsonParser.parse(permissionString);
for (Object permissionObj : originalPermissionArray) {
JSONObject jsonObject = (JSONObject) permissionObj;
String groupId = (String) jsonObject.get(APIMgtConstants.Permission.GROUP_ID);
try {
String groupName = getIdentityProvider().getRoleName(groupId);
JSONObject updatedPermissionJsonObj = new JSONObject();
updatedPermissionJsonObj.put(APIMgtConstants.Permission.GROUP_ID, groupName);
updatedPermissionJsonObj.put(APIMgtConstants.Permission.PERMISSION, jsonObject.get(APIMgtConstants.Permission.PERMISSION));
updatedPermissionArray.add(updatedPermissionJsonObj);
} catch (IdentityProviderException e) {
// lets the execution continue after logging the exception
String errorMessage = "Error occurred while calling SCIM endpoint to retrieve role name of role " + "with Id " + groupId;
log.warn(errorMessage, e);
}
}
return updatedPermissionArray.toJSONString();
}
Also used :
JSONObject(org.json.simple.JSONObject)
JSONArray(org.json.simple.JSONArray)
JSONParser(org.json.simple.parser.JSONParser)
JSONObject(org.json.simple.JSONObject)
IdentityProviderException(org.wso2.carbon.apimgt.core.exception.IdentityProviderException)
Example 9 with IdentityProviderException
use of org.wso2.carbon.apimgt.core.exception.IdentityProviderException in project carbon-apimgt by wso2.
the class AuthenticatorService method getTokens.
/**
* This method returns the access tokens for a given application.
*
* @param appName Name of the application which needs to get tokens
* @param grantType Grant type of the application
* @param userName User name of the user
* @param password Password of the user
* @param refreshToken Refresh token
* @param validityPeriod Validity period of tokens
* @param authorizationCode Authorization Code
* @return AccessTokenInfo - An object with the generated access token information
* @throws APIManagementException When receiving access tokens fails
*/
public AccessTokenInfo getTokens(String appName, String grantType, String userName, String password, String refreshToken, long validityPeriod, String authorizationCode, String assertion, IdentityProvider identityProvider) throws APIManagementException {
AccessTokenInfo accessTokenInfo = new AccessTokenInfo();
AccessTokenRequest accessTokenRequest = new AccessTokenRequest();
MultiEnvironmentOverview multiEnvironmentOverviewConfigs = apimConfigurationService.getEnvironmentConfigurations().getMultiEnvironmentOverview();
boolean isMultiEnvironmentOverviewEnabled = multiEnvironmentOverviewConfigs.isEnabled();
// Get scopes of the application
String scopes = getApplicationScopes(appName);
log.debug("Set scopes for {} application using swagger definition.", appName);
// TODO: Get Consumer Key & Secret without creating a new app, from the IS side
Map<String, String> consumerKeySecretMap = getConsumerKeySecret(appName);
log.debug("Received consumer key & secret for {} application.", appName);
try {
if (KeyManagerConstants.AUTHORIZATION_CODE_GRANT_TYPE.equals(grantType)) {
// Access token for authorization code grant type
APIMAppConfigurations appConfigs = apimAppConfigurationService.getApimAppConfigurations();
String callBackURL = appConfigs.getApimBaseUrl() + AuthenticatorConstants.AUTHORIZATION_CODE_CALLBACK_URL + appName;
if (authorizationCode != null) {
// Get Access & Refresh Tokens
accessTokenRequest.setClientId(consumerKeySecretMap.get("CONSUMER_KEY"));
accessTokenRequest.setClientSecret(consumerKeySecretMap.get("CONSUMER_SECRET"));
accessTokenRequest.setGrantType(grantType);
accessTokenRequest.setAuthorizationCode(authorizationCode);
accessTokenRequest.setScopes(scopes);
accessTokenRequest.setValidityPeriod(validityPeriod);
accessTokenRequest.setCallbackURI(callBackURL);
accessTokenInfo = getKeyManager().getNewAccessToken(accessTokenRequest);
} else {
String errorMsg = "No Authorization Code available.";
log.error(errorMsg, ExceptionCodes.ACCESS_TOKEN_GENERATION_FAILED);
throw new APIManagementException(errorMsg, ExceptionCodes.ACCESS_TOKEN_GENERATION_FAILED);
}
} else if (KeyManagerConstants.PASSWORD_GRANT_TYPE.equals(grantType)) {
// Access token for password code grant type
accessTokenRequest = AuthUtil.createAccessTokenRequest(userName, password, grantType, refreshToken, null, validityPeriod, scopes, consumerKeySecretMap.get("CONSUMER_KEY"), consumerKeySecretMap.get("CONSUMER_SECRET"));
accessTokenInfo = getKeyManager().getNewAccessToken(accessTokenRequest);
} else if (KeyManagerConstants.REFRESH_GRANT_TYPE.equals(grantType)) {
accessTokenRequest = AuthUtil.createAccessTokenRequest(userName, password, grantType, refreshToken, null, validityPeriod, scopes, consumerKeySecretMap.get("CONSUMER_KEY"), consumerKeySecretMap.get("CONSUMER_SECRET"));
accessTokenInfo = getKeyManager().getNewAccessToken(accessTokenRequest);
} else if (isMultiEnvironmentOverviewEnabled) {
// JWT or Custom grant type
accessTokenRequest.setClientId(consumerKeySecretMap.get("CONSUMER_KEY"));
accessTokenRequest.setClientSecret(consumerKeySecretMap.get("CONSUMER_SECRET"));
accessTokenRequest.setAssertion(assertion);
// Pass grant type to extend a custom grant instead of JWT grant in the future
accessTokenRequest.setGrantType(KeyManagerConstants.JWT_GRANT_TYPE);
accessTokenRequest.setScopes(scopes);
accessTokenRequest.setValidityPeriod(validityPeriod);
accessTokenInfo = getKeyManager().getNewAccessToken(accessTokenRequest);
String usernameFromJWT = getUsernameFromJWT(accessTokenInfo.getIdToken());
try {
identityProvider.getIdOfUser(usernameFromJWT);
} catch (IdentityProviderException e) {
String errorMsg = "User " + usernameFromJWT + " does not exists in this environment.";
throw new APIManagementException(errorMsg, e, ExceptionCodes.USER_NOT_AUTHENTICATED);
}
}
} catch (KeyManagementException e) {
String errorMsg = "Error while receiving tokens for OAuth application : " + appName;
log.error(errorMsg, e, ExceptionCodes.ACCESS_TOKEN_GENERATION_FAILED);
throw new APIManagementException(errorMsg, e, ExceptionCodes.ACCESS_TOKEN_GENERATION_FAILED);
}
log.debug("Received access token for {} application.", appName);
return accessTokenInfo;
}
Also used :
AccessTokenInfo(org.wso2.carbon.apimgt.core.models.AccessTokenInfo)
APIManagementException(org.wso2.carbon.apimgt.core.exception.APIManagementException)
APIMAppConfigurations(org.wso2.carbon.apimgt.rest.api.authenticator.configuration.models.APIMAppConfigurations)
AccessTokenRequest(org.wso2.carbon.apimgt.core.models.AccessTokenRequest)
MultiEnvironmentOverview(org.wso2.carbon.apimgt.core.configuration.models.MultiEnvironmentOverview)
IdentityProviderException(org.wso2.carbon.apimgt.core.exception.IdentityProviderException)
KeyManagementException(org.wso2.carbon.apimgt.core.exception.KeyManagementException)
Example 10 with IdentityProviderException
use of org.wso2.carbon.apimgt.core.exception.IdentityProviderException in project carbon-apimgt by wso2.
the class AuthenticatorAPIFactory method getService.
/**
* Get an instance of AuthenticatorService
*
* @return AuthenticatorService
* @throws APIMgtDAOException if failed to initialize SystemApplicationDao
* @throws IdentityProviderException if failed to initialize IdentityProvider
*/
public synchronized AuthenticatorService getService() throws APIMgtDAOException, IdentityProviderException {
if (service == null) {
IdentityProvider identityProvider = APIManagerFactory.getInstance().getIdentityProvider();
SystemApplicationDao systemApplicationDao = DAOFactory.getSystemApplicationDao();
APIMConfigurationService apimConfigurationService = APIMConfigurationService.getInstance();
APIMAppConfigurationService apimAppConfigurationService = APIMAppConfigurationService.getInstance();
service = new AuthenticatorService(identityProvider, systemApplicationDao, apimConfigurationService, apimAppConfigurationService);
}
return service;
}
Also used :
AuthenticatorService(org.wso2.carbon.apimgt.rest.api.authenticator.AuthenticatorService)
SystemApplicationDao(org.wso2.carbon.apimgt.core.dao.SystemApplicationDao)
IdentityProvider(org.wso2.carbon.apimgt.core.api.IdentityProvider)
APIMAppConfigurationService(org.wso2.carbon.apimgt.rest.api.authenticator.configuration.APIMAppConfigurationService)
APIMConfigurationService(org.wso2.carbon.apimgt.core.configuration.APIMConfigurationService)
Aggregations
IdentityProviderException (org.wso2.carbon.apimgt.core.exception.IdentityProviderException)19
Response (feign.Response)13
Test (org.testng.annotations.Test)9
APIManagementException (org.wso2.carbon.apimgt.core.exception.APIManagementException)8
ArrayList (java.util.ArrayList)7
UserNameMapper (org.wso2.carbon.apimgt.core.api.UserNameMapper)6
SCIMServiceStub (org.wso2.carbon.apimgt.core.auth.SCIMServiceStub)6
IdentityProvider (org.wso2.carbon.apimgt.core.api.IdentityProvider)4
SCIMUser (org.wso2.carbon.apimgt.core.auth.dto.SCIMUser)4
JsonObject (com.google.gson.JsonObject)3
JsonParser (com.google.gson.JsonParser)3
GsonDecoder (feign.gson.GsonDecoder)3
IOException (java.io.IOException)3
ApiDAO (org.wso2.carbon.apimgt.core.dao.ApiDAO)3
API (org.wso2.carbon.apimgt.core.models.API)3
JsonArray (com.google.gson.JsonArray)2
HashMap (java.util.HashMap)2
HashSet (java.util.HashSet)2
JSONArray (org.json.simple.JSONArray)2
JSONObject (org.json.simple.JSONObject)2
