Examples with APIKeyValidator org.wso2.carbon.apimgt.gateway.handlers.security.APIKeyValidator used on opensource projects

Search in sources :

Example 1 with APIKeyValidator

use of org.wso2.carbon.apimgt.gateway.handlers.security.APIKeyValidator in project carbon-apimgt by wso2.

the class GatewayUtils method validateAPISubscription.

/**
 * Validate whether the user is subscribed to the invoked API. If subscribed, return a JSON object containing
 * the API information.
 *
 * @param apiContext API context
 * @param apiVersion API version
 * @param payload    The payload of the JWT token
 * @return an JSON object containing subscribed API information retrieved from token payload.
 * If the subscription information is not found, return a null object.
 * @throws APISecurityException if the user is not subscribed to the API
 */
public static JSONObject validateAPISubscription(String apiContext, String apiVersion, JWTClaimsSet payload, String[] splitToken, boolean isOauth) throws APISecurityException {
    JSONObject api = null;
    APIKeyValidator apiKeyValidator = new APIKeyValidator();
    APIKeyValidationInfoDTO apiKeyValidationInfoDTO = null;
    boolean apiKeySubValidationEnabled = isAPIKeySubscriptionValidationEnabled();
    JSONObject application;
    int appId = 0;
    if (payload.getClaim(APIConstants.JwtTokenConstants.APPLICATION) != null) {
        application = (JSONObject) payload.getClaim(APIConstants.JwtTokenConstants.APPLICATION);
        appId = Integer.parseInt(application.getAsString(APIConstants.JwtTokenConstants.APPLICATION_ID));
    }
    // if the appId is equal to 0 then it's a internal key
    if (apiKeySubValidationEnabled && appId != 0) {
        apiKeyValidationInfoDTO = apiKeyValidator.validateSubscription(apiContext, apiVersion, appId, getTenantDomain());
    }
    if (payload.getClaim(APIConstants.JwtTokenConstants.SUBSCRIBED_APIS) != null) {
        // Subscription validation
        JSONArray subscribedAPIs = (JSONArray) payload.getClaim(APIConstants.JwtTokenConstants.SUBSCRIBED_APIS);
        for (Object subscribedAPI : subscribedAPIs) {
            JSONObject subscribedAPIsJSONObject = (JSONObject) subscribedAPI;
            if (apiContext.equals(subscribedAPIsJSONObject.getAsString(APIConstants.JwtTokenConstants.API_CONTEXT)) && apiVersion.equals(subscribedAPIsJSONObject.getAsString(APIConstants.JwtTokenConstants.API_VERSION))) {
                // check whether the subscription is authorized
                if (apiKeySubValidationEnabled && appId != 0) {
                    if (apiKeyValidationInfoDTO.isAuthorized()) {
                        api = subscribedAPIsJSONObject;
                        if (log.isDebugEnabled()) {
                            log.debug("User is subscribed to the API: " + apiContext + ", " + "version: " + apiVersion + ". Token: " + getMaskedToken(splitToken[0]));
                        }
                    }
                } else {
                    api = subscribedAPIsJSONObject;
                    if (log.isDebugEnabled()) {
                        log.debug("User is subscribed to the API: " + apiContext + ", " + "version: " + apiVersion + ". Token: " + getMaskedToken(splitToken[0]));
                    }
                }
                break;
            }
        }
        if (api == null) {
            if (log.isDebugEnabled()) {
                log.debug("User is not subscribed to access the API: " + apiContext + ", version: " + apiVersion + ". Token: " + getMaskedToken(splitToken[0]));
            }
            log.error("User is not subscribed to access the API.");
            throw new APISecurityException(APISecurityConstants.API_AUTH_FORBIDDEN, APISecurityConstants.API_AUTH_FORBIDDEN_MESSAGE);
        }
    } else {
        if (log.isDebugEnabled()) {
            log.debug("No subscription information found in the token.");
        }
        // we perform mandatory authentication for Api Keys
        if (!isOauth) {
            log.error("User is not subscribed to access the API.");
            throw new APISecurityException(APISecurityConstants.API_AUTH_FORBIDDEN, APISecurityConstants.API_AUTH_FORBIDDEN_MESSAGE);
        }
    }
    return api;
}
Also used : APISecurityException(org.wso2.carbon.apimgt.gateway.handlers.security.APISecurityException) JSONObject(net.minidev.json.JSONObject) APIKeyValidator(org.wso2.carbon.apimgt.gateway.handlers.security.APIKeyValidator) JSONArray(net.minidev.json.JSONArray) JSONObject(net.minidev.json.JSONObject) APIKeyValidationInfoDTO(org.wso2.carbon.apimgt.impl.dto.APIKeyValidationInfoDTO)

Example 2 with APIKeyValidator

use of org.wso2.carbon.apimgt.gateway.handlers.security.APIKeyValidator in project carbon-apimgt by wso2.

the class APIKeyValidatorTestCase method testGetVerbInfoDTOFromAPIDataWithRequestPath.

@Test
public void testGetVerbInfoDTOFromAPIDataWithRequestPath() throws Exception {
    String context = "/";
    String apiVersion = "1.0";
    String requestPath = "/menu";
    String httpMethod = "GET";
    VerbInfoDTO verbDTO = getDefaultVerbInfoDTO();
    verbDTO.setRequestKey("//1.0/:https");
    APIKeyValidator apiKeyValidator = createAPIKeyValidator(true, getDefaultURITemplates("/menu", "GET"), verbDTO);
    // If isAPIResourceValidationEnabled==true
    apiKeyValidator.setGatewayAPIResourceValidationEnabled(true);
    PowerMockito.mockStatic(Cache.class);
    Cache cache = Mockito.mock(Cache.class);
    PowerMockito.mockStatic(org.wso2.carbon.apimgt.impl.internal.ServiceReferenceHolder.class);
    PowerMockito.mockStatic(APIManagerConfigurationService.class);
    PowerMockito.mockStatic(CacheProvider.class);
    org.wso2.carbon.apimgt.impl.internal.ServiceReferenceHolder serviceReferenceHolder = Mockito.mock(org.wso2.carbon.apimgt.impl.internal.ServiceReferenceHolder.class);
    final APIManagerConfiguration apiManagerConfiguration = Mockito.mock(APIManagerConfiguration.class);
    PowerMockito.when(org.wso2.carbon.apimgt.impl.internal.ServiceReferenceHolder.getInstance()).thenReturn(serviceReferenceHolder);
    APIManagerConfigurationService apiManagerConfigurationService = Mockito.mock(APIManagerConfigurationService.class);
    PowerMockito.when(serviceReferenceHolder.getAPIManagerConfigurationService()).thenReturn(apiManagerConfigurationService);
    PowerMockito.when(apiManagerConfigurationService.getAPIManagerConfiguration()).thenReturn(apiManagerConfiguration);
    CacheProvider cacheProvider = Mockito.mock(CacheProvider.class);
    PowerMockito.when(cacheProvider.getDefaultCacheTimeout()).thenReturn((long) 900);
    Mockito.when(CacheProvider.getResourceCache()).thenReturn(cache);
    VerbInfoDTO verbInfoDTO1 = new VerbInfoDTO();
    verbInfoDTO1.setHttpVerb("get");
    Mockito.when(APIUtil.getAPIInfoDTOCacheKey("", "1.0")).thenReturn("abc");
    Mockito.when((VerbInfoDTO) CacheProvider.getResourceCache().get("abc")).thenReturn(verbInfoDTO1);
    MessageContext messageContext = Mockito.mock(MessageContext.class);
    Assert.assertEquals("", verbDTO, apiKeyValidator.getVerbInfoDTOFromAPIData(messageContext, context, apiVersion, requestPath, httpMethod));
}
Also used : APIManagerConfiguration(org.wso2.carbon.apimgt.impl.APIManagerConfiguration) APIManagerConfigurationService(org.wso2.carbon.apimgt.impl.APIManagerConfigurationService) VerbInfoDTO(org.wso2.carbon.apimgt.impl.dto.VerbInfoDTO) MessageContext(org.apache.synapse.MessageContext) Axis2MessageContext(org.apache.synapse.core.axis2.Axis2MessageContext) CacheProvider(org.wso2.carbon.apimgt.impl.caching.CacheProvider) Cache(javax.cache.Cache) PrepareForTest(org.powermock.core.classloader.annotations.PrepareForTest) Test(org.junit.Test)

Example 3 with APIKeyValidator

use of org.wso2.carbon.apimgt.gateway.handlers.security.APIKeyValidator in project carbon-apimgt by wso2.

the class APIKeyValidatorTestCase method testFindMatchingVerbFails.

@Test
public void testFindMatchingVerbFails() {
    MessageContext synCtx = Mockito.mock(Axis2MessageContext.class);
    Mockito.when(synCtx.getProperty(RESTConstants.SYNAPSE_REST_API_VERSION_STRATEGY)).thenReturn(null);
    Mockito.when(synCtx.getProperty(APIConstants.API_RESOURCE_CACHE_KEY)).thenReturn("xyz");
    Mockito.when(synCtx.getProperty(RESTConstants.REST_FULL_REQUEST_PATH)).thenReturn("abc");
    Mockito.when(synCtx.getProperty(RESTConstants.REST_API_CONTEXT)).thenReturn("");
    Mockito.when(synCtx.getProperty(RESTConstants.SYNAPSE_REST_API_VERSION)).thenReturn("1.0");
    org.apache.axis2.context.MessageContext axis2MsgCntxt = Mockito.mock(org.apache.axis2.context.MessageContext.class);
    Mockito.when(axis2MsgCntxt.getProperty(Constants.Configuration.HTTP_METHOD)).thenReturn("GET");
    Mockito.when(((Axis2MessageContext) synCtx).getAxis2MessageContext()).thenReturn(axis2MsgCntxt);
    SynapseConfiguration synapseConfiguration = Mockito.mock(SynapseConfiguration.class);
    Mockito.when(synapseConfiguration.getAPI("abc")).thenReturn(new API("abc", "/"));
    Mockito.when(synCtx.getConfiguration()).thenReturn(synapseConfiguration);
    Mockito.when(synCtx.getProperty(Constants.Configuration.HTTP_METHOD)).thenReturn("GET");
    Mockito.when(synCtx.getProperty(APIConstants.API_ELECTED_RESOURCE)).thenReturn("/menu");
    VerbInfoDTO verbInfoDTO = getDefaultVerbInfoDTO();
    APIKeyValidator apiKeyValidator = createAPIKeyValidator(true, getDefaultURITemplates("/wrong-resource", "GET"), verbInfoDTO);
    Mockito.when(apiManagerConfiguration.getFirstProperty(APIConstants.GATEWAY_RESOURCE_CACHE_ENABLED)).thenReturn("true");
    try {
        // Test for matching verb is Not found path
        PowerMockito.mockStatic(Cache.class);
        Cache cache = Mockito.mock(Cache.class);
        PowerMockito.mockStatic(org.wso2.carbon.apimgt.impl.internal.ServiceReferenceHolder.class);
        PowerMockito.mockStatic(APIManagerConfigurationService.class);
        PowerMockito.mockStatic(CacheProvider.class);
        org.wso2.carbon.apimgt.impl.internal.ServiceReferenceHolder serviceReferenceHolder = Mockito.mock(org.wso2.carbon.apimgt.impl.internal.ServiceReferenceHolder.class);
        final APIManagerConfiguration apiManagerConfiguration = Mockito.mock(APIManagerConfiguration.class);
        PowerMockito.when(org.wso2.carbon.apimgt.impl.internal.ServiceReferenceHolder.getInstance()).thenReturn(serviceReferenceHolder);
        APIManagerConfigurationService apiManagerConfigurationService = Mockito.mock(APIManagerConfigurationService.class);
        PowerMockito.when(serviceReferenceHolder.getAPIManagerConfigurationService()).thenReturn(apiManagerConfigurationService);
        PowerMockito.when(apiManagerConfigurationService.getAPIManagerConfiguration()).thenReturn(apiManagerConfiguration);
        CacheProvider cacheProvider = Mockito.mock(CacheProvider.class);
        PowerMockito.when(cacheProvider.getDefaultCacheTimeout()).thenReturn((long) 900);
        Mockito.when(CacheProvider.getResourceCache()).thenReturn(cache);
        assertNull(apiKeyValidator.findMatchingVerb(synCtx));
    } catch (ResourceNotFoundException e) {
        fail("ResourceNotFoundException exception is thrown " + e);
    } catch (APISecurityException e) {
        fail("APISecurityException is thrown " + e);
    }
}
Also used : APIManagerConfiguration(org.wso2.carbon.apimgt.impl.APIManagerConfiguration) APIManagerConfigurationService(org.wso2.carbon.apimgt.impl.APIManagerConfigurationService) SynapseConfiguration(org.apache.synapse.config.SynapseConfiguration) CacheProvider(org.wso2.carbon.apimgt.impl.caching.CacheProvider) VerbInfoDTO(org.wso2.carbon.apimgt.impl.dto.VerbInfoDTO) API(org.apache.synapse.api.API) MessageContext(org.apache.synapse.MessageContext) Axis2MessageContext(org.apache.synapse.core.axis2.Axis2MessageContext) Axis2MessageContext(org.apache.synapse.core.axis2.Axis2MessageContext) Cache(javax.cache.Cache) PrepareForTest(org.powermock.core.classloader.annotations.PrepareForTest) Test(org.junit.Test)

Example 4 with APIKeyValidator

use of org.wso2.carbon.apimgt.gateway.handlers.security.APIKeyValidator in project carbon-apimgt by wso2.

the class APIKeyValidatorTestCase method testGetKeyValidationInfo.

/*
     * Test method fpr getKeyValidationInfo()
     * */
@Test
public void testGetKeyValidationInfo() throws Exception {
    String context = "/";
    String apiKey = "abc";
    String apiVersion = "1.0";
    String authenticationScheme = "";
    String clientDomain = "abc.com";
    String matchingResource = "/menu";
    String httpVerb = "get";
    boolean defaultVersionInvoked = true;
    APIKeyValidator apiKeyValidator = createAPIKeyValidator(false, getDefaultURITemplates("/menu", "GET"), getDefaultVerbInfoDTO());
    APIKeyValidationInfoDTO apiKeyValidationInfoDTO = new APIKeyValidationInfoDTO();
    apiKeyValidationInfoDTO.setApiName(apiKey);
    PowerMockito.mockStatic(CacheProvider.class);
    PowerMockito.mockStatic(Cache.class);
    Cache cache = Mockito.mock(Cache.class);
    PowerMockito.mockStatic(org.wso2.carbon.apimgt.impl.internal.ServiceReferenceHolder.class);
    PowerMockito.mockStatic(APIManagerConfigurationService.class);
    PowerMockito.mockStatic(CacheProvider.class);
    org.wso2.carbon.apimgt.impl.internal.ServiceReferenceHolder MockServiceReferenceHolder = Mockito.mock(org.wso2.carbon.apimgt.impl.internal.ServiceReferenceHolder.class);
    final APIManagerConfiguration MockApiManagerConfiguration = Mockito.mock(APIManagerConfiguration.class);
    PowerMockito.when(org.wso2.carbon.apimgt.impl.internal.ServiceReferenceHolder.getInstance()).thenReturn(MockServiceReferenceHolder);
    APIManagerConfigurationService MockApiManagerConfigurationService = Mockito.mock(APIManagerConfigurationService.class);
    PowerMockito.when(MockServiceReferenceHolder.getAPIManagerConfigurationService()).thenReturn(MockApiManagerConfigurationService);
    PowerMockito.when(MockApiManagerConfigurationService.getAPIManagerConfiguration()).thenReturn(MockApiManagerConfiguration);
    PowerMockito.when(CacheProvider.getDefaultCacheTimeout()).thenReturn((long) 900);
    Mockito.when(CacheProvider.getGatewayKeyCache()).thenReturn(cache);
    Mockito.when(CacheProvider.getResourceCache()).thenReturn(cache);
    Mockito.when(CacheProvider.getGatewayTokenCache()).thenReturn(cache);
    Mockito.when(CacheProvider.getInvalidTokenCache()).thenReturn(cache);
    Assert.assertEquals(apiKeyValidationInfoDTO.getApiName(), apiKeyValidator.getKeyValidationInfo(context, apiKey, apiVersion, authenticationScheme, matchingResource, httpVerb, defaultVersionInvoked, new ArrayList<>()).getApiName());
    // Test for token cache is found in token cache
    AxisConfiguration axisConfig = Mockito.mock(AxisConfiguration.class);
    APIKeyValidator newApiKeyValidator = new APIKeyValidator() {

        @Override
        protected String getTenantDomain() {
            return "zyx";
        }

        @Override
        protected APIManagerConfiguration getApiManagerConfiguration() {
            APIManagerConfiguration configuration = Mockito.mock(APIManagerConfiguration.class);
            Mockito.when(configuration.getFirstProperty(APIConstants.TOKEN_CACHE_EXPIRY)).thenReturn("900");
            Mockito.when(configuration.getFirstProperty(APIConstants.GATEWAY_TOKEN_CACHE_ENABLED)).thenReturn("true");
            return configuration;
        }

        @Override
        protected Cache getCache(String cacheManagerName, String cacheName, long modifiedExp, long accessExp) {
            return Mockito.mock(Cache.class);
        }

        @Override
        protected APIKeyValidationInfoDTO doGetKeyValidationInfo(String context, String apiVersion, String apiKey, String authenticationScheme, String matchingResource, String httpVerb, String tenantDomain, List<String> keyManagers) throws APISecurityException {
            APIKeyValidationInfoDTO apiKeyValidationInfoDTO = Mockito.mock(APIKeyValidationInfoDTO.class);
            Mockito.when(apiKeyValidationInfoDTO.getApiName()).thenReturn(apiKey);
            return apiKeyValidationInfoDTO;
        }
    };
    Assert.assertEquals(apiKeyValidationInfoDTO.getApiName(), newApiKeyValidator.getKeyValidationInfo(context, apiKey, apiVersion, authenticationScheme, matchingResource, httpVerb, defaultVersionInvoked, new ArrayList<>()).getApiName());
}
Also used : AxisConfiguration(org.apache.axis2.engine.AxisConfiguration) APIManagerConfiguration(org.wso2.carbon.apimgt.impl.APIManagerConfiguration) APIManagerConfigurationService(org.wso2.carbon.apimgt.impl.APIManagerConfigurationService) ArrayList(java.util.ArrayList) List(java.util.List) APIKeyValidationInfoDTO(org.wso2.carbon.apimgt.impl.dto.APIKeyValidationInfoDTO) Cache(javax.cache.Cache) PrepareForTest(org.powermock.core.classloader.annotations.PrepareForTest) Test(org.junit.Test)

Example 5 with APIKeyValidator

use of org.wso2.carbon.apimgt.gateway.handlers.security.APIKeyValidator in project carbon-apimgt by wso2.

the class APIKeyValidatorTestCase method testGetVerbInfoDTOFromAPIDataWithInvalidRequestPath.

@Test
public void testGetVerbInfoDTOFromAPIDataWithInvalidRequestPath() throws Exception {
    String context = "/";
    String apiVersion = "1.0";
    String requestPath = "";
    String httpMethod = "https";
    APIKeyValidator apiKeyValidator = createAPIKeyValidator(true, getDefaultURITemplates("/menu", "GET"), getDefaultVerbInfoDTO());
    // If isAPIResourceValidationEnabled==true
    apiKeyValidator.setGatewayAPIResourceValidationEnabled(true);
    PowerMockito.mockStatic(Cache.class);
    Cache cache = Mockito.mock(Cache.class);
    PowerMockito.mockStatic(org.wso2.carbon.apimgt.impl.internal.ServiceReferenceHolder.class);
    PowerMockito.mockStatic(APIManagerConfigurationService.class);
    PowerMockito.mockStatic(CacheProvider.class);
    org.wso2.carbon.apimgt.impl.internal.ServiceReferenceHolder serviceReferenceHolder = Mockito.mock(org.wso2.carbon.apimgt.impl.internal.ServiceReferenceHolder.class);
    final APIManagerConfiguration apiManagerConfiguration = Mockito.mock(APIManagerConfiguration.class);
    PowerMockito.when(org.wso2.carbon.apimgt.impl.internal.ServiceReferenceHolder.getInstance()).thenReturn(serviceReferenceHolder);
    APIManagerConfigurationService apiManagerConfigurationService = Mockito.mock(APIManagerConfigurationService.class);
    PowerMockito.when(serviceReferenceHolder.getAPIManagerConfigurationService()).thenReturn(apiManagerConfigurationService);
    PowerMockito.when(apiManagerConfigurationService.getAPIManagerConfiguration()).thenReturn(apiManagerConfiguration);
    CacheProvider cacheProvider = Mockito.mock(CacheProvider.class);
    PowerMockito.when(cacheProvider.getDefaultCacheTimeout()).thenReturn((long) 900);
    Mockito.when(CacheProvider.getResourceCache()).thenReturn(cache);
    MessageContext messageContext = Mockito.mock(MessageContext.class);
    Assert.assertEquals("", null, apiKeyValidator.getVerbInfoDTOFromAPIData(messageContext, context, apiVersion, requestPath, httpMethod));
}
Also used : APIManagerConfiguration(org.wso2.carbon.apimgt.impl.APIManagerConfiguration) APIManagerConfigurationService(org.wso2.carbon.apimgt.impl.APIManagerConfigurationService) MessageContext(org.apache.synapse.MessageContext) Axis2MessageContext(org.apache.synapse.core.axis2.Axis2MessageContext) CacheProvider(org.wso2.carbon.apimgt.impl.caching.CacheProvider) Cache(javax.cache.Cache) PrepareForTest(org.powermock.core.classloader.annotations.PrepareForTest) Test(org.junit.Test)

Aggregations

Cache (javax.cache.Cache)25 Test (org.junit.Test)25 PrepareForTest (org.powermock.core.classloader.annotations.PrepareForTest)25 APIKeyValidationInfoDTO (org.wso2.carbon.apimgt.impl.dto.APIKeyValidationInfoDTO)20 Axis2MessageContext (org.apache.synapse.core.axis2.Axis2MessageContext)17 APIManagerConfiguration (org.wso2.carbon.apimgt.impl.APIManagerConfiguration)17 MessageContext (org.apache.synapse.MessageContext)16 APIKeyValidator (org.wso2.carbon.apimgt.gateway.handlers.security.APIKeyValidator)15 AuthenticationContext (org.wso2.carbon.apimgt.gateway.handlers.security.AuthenticationContext)12 SignedJWTInfo (org.wso2.carbon.apimgt.impl.jwt.SignedJWTInfo)11 AxisConfiguration (org.apache.axis2.engine.AxisConfiguration)10 ExtendedJWTConfigurationDto (org.wso2.carbon.apimgt.impl.dto.ExtendedJWTConfigurationDto)10 JWTValidationService (org.wso2.carbon.apimgt.impl.jwt.JWTValidationService)10 SignedJWT (com.nimbusds.jwt.SignedJWT)9 HashMap (java.util.HashMap)9 JWTValidationInfo (org.wso2.carbon.apimgt.common.gateway.dto.JWTValidationInfo)9 APISecurityException (org.wso2.carbon.apimgt.gateway.handlers.security.APISecurityException)9 WSAPIKeyDataStore (org.wso2.carbon.apimgt.gateway.handlers.security.keys.WSAPIKeyDataStore)8 APIManagerConfigurationService (org.wso2.carbon.apimgt.impl.APIManagerConfigurationService)8 TokenValidationContext (org.wso2.carbon.apimgt.keymgt.service.TokenValidationContext)8
About Me
UseOf

Java Tutorials :

Simple Java RabbitMQ Example with Spring
Simple Springboot JPA Eclipeslink Example
Simple SpringBoot JPA Hibernate Example
Jackson JSON @JsonIgnore and @JsonIgnoreProperties Examples
Java Infinite recursion (StackOverflowError) Jackson solutions
Simple Java Jackson Serialize Objects to JSON and convert them back To Object
ElasticSearch 5 - Upload files using Java API in binary field Example
Java JAXB marshall unmarshall Examples from String and Stream
Java 8 forEach List and Map examples
ElasticSearch 5 Java API SearchRequestBuilder examples
Java ElasticSearch 5 examples with node index and mapping - running local
Convert String to int or Integer Java 8
Java 9 in action - JShell - Ubuntu
Java - removing invalid characters from a file name
Hello world!? or Hello Tutorial