Search in sources :

Example 66 with AuthenticationContext

use of org.wso2.carbon.apimgt.gateway.handlers.security.AuthenticationContext in project carbon-apimgt by wso2.

the class ThrottleConditionEvaluatorTest method testApplicabilityOfNonMatchingIPRangeCondition.

@Test
public void testApplicabilityOfNonMatchingIPRangeCondition() {
    ConditionGroupDTO conditionGroupDTO = new ConditionGroupDTO();
    conditionGroupDTO.setConditionGroupId("IPRangeConditionGroup");
    // 127.0.0.1 is not in 10.10.0.1 - 10.10.0.4 IP range
    ConditionDTO nonMatchingCondition = new ConditionDTO();
    nonMatchingCondition.setConditionType("IPRange");
    nonMatchingCondition.setConditionName("10.10.0.1");
    nonMatchingCondition.setConditionValue("10.10.0.4");
    ConditionDTO[] conditionDTOS = { nonMatchingCondition };
    conditionGroupDTO.setConditions(conditionDTOS);
    ConditionGroupDTO[] conditionGroupDTOS = { conditionGroupDTO };
    List<ConditionGroupDTO> matchingConditionGroups = throttleConditionEvaluator.getApplicableConditions(TestUtils.getMessageContext(apiContext, apiVersion), new AuthenticationContext(), conditionGroupDTOS);
    Assert.assertNull(matchingConditionGroups.get(0));
}
Also used : AuthenticationContext(org.wso2.carbon.apimgt.gateway.handlers.security.AuthenticationContext) ConditionDTO(org.wso2.carbon.apimgt.api.dto.ConditionDTO) ConditionGroupDTO(org.wso2.carbon.apimgt.api.dto.ConditionGroupDTO) Test(org.junit.Test)

Example 67 with AuthenticationContext

use of org.wso2.carbon.apimgt.gateway.handlers.security.AuthenticationContext in project carbon-apimgt by wso2.

the class ThrottleConditionEvaluatorTest method testApplicabilityOfInvertedIPSpecificCondition.

@Test
public void testApplicabilityOfInvertedIPSpecificCondition() {
    ConditionGroupDTO conditionGroupDTO = new ConditionGroupDTO();
    conditionGroupDTO.setConditionGroupId("IPSpecificConditionGroup");
    ConditionDTO invertedIPRangeCondition = new ConditionDTO();
    invertedIPRangeCondition.setConditionType("IPSpecific");
    invertedIPRangeCondition.setConditionValue("127.0.0.1");
    invertedIPRangeCondition.isInverted(true);
    ConditionDTO[] conditionDTOS = { invertedIPRangeCondition };
    conditionGroupDTO.setConditions(conditionDTOS);
    ConditionGroupDTO[] conditionGroupDTOS = { conditionGroupDTO };
    List<ConditionGroupDTO> matchingConditionGroups = throttleConditionEvaluator.getApplicableConditions(TestUtils.getMessageContext(apiContext, apiVersion), new AuthenticationContext(), conditionGroupDTOS);
    Assert.assertNull(matchingConditionGroups.get(0));
}
Also used : AuthenticationContext(org.wso2.carbon.apimgt.gateway.handlers.security.AuthenticationContext) ConditionDTO(org.wso2.carbon.apimgt.api.dto.ConditionDTO) ConditionGroupDTO(org.wso2.carbon.apimgt.api.dto.ConditionGroupDTO) Test(org.junit.Test)

Example 68 with AuthenticationContext

use of org.wso2.carbon.apimgt.gateway.handlers.security.AuthenticationContext in project carbon-apimgt by wso2.

the class ThrottleConditionEvaluatorTest method testGetThrottledInConditionWithJWTConditionInvert.

@Test
public void testGetThrottledInConditionWithJWTConditionInvert() {
    ThrottleProperties throttleProperties = new ThrottleProperties();
    throttleProperties.setEnableJwtConditions(true);
    String jwt = "eyJhbGciOiJIUzI1NiJ9.eyJpc3MiOiJ3c28yLm9yZy9wcm9kdWN0cy9hbSIsImV4cCI6MTM0NTE4MzQ5MjE4MSwiaHR0cDov" + "L3dzbzIub3JnL2NsYWltcy9hYmMiOiJjZGUiLCJodHRwOi8vd3NvMi5vcmcvY2xhaW1zL2JjZCI6Inh5eiJ9.9zGU062DJ5mQ5hne" + "41h4IRpLbaY_b5thRxb3feebOcA";
    AuthenticationContext authenticationContext = new AuthenticationContext();
    authenticationContext.setCallerToken(jwt);
    ServiceReferenceHolder.getInstance().setThrottleProperties(throttleProperties);
    MessageContext messageContext = TestUtils.getMessageContext(apiContext, apiVersion);
    Map<String, List<ConditionDto>> conditionMap = new HashMap<>();
    conditionMap.put("condition1", Arrays.asList(new ConditionDto[] { getJWTCondition(true) }));
    conditionMap.put("default", Arrays.asList(new ConditionDto[] { getJWTCondition(true) }));
    String condition = throttleConditionEvaluator.getThrottledInCondition(messageContext, authenticationContext, conditionMap);
    Assert.assertEquals(condition, "default");
}
Also used : AuthenticationContext(org.wso2.carbon.apimgt.gateway.handlers.security.AuthenticationContext) HashMap(java.util.HashMap) ConditionDto(org.wso2.carbon.apimgt.impl.dto.ConditionDto) List(java.util.List) MessageContext(org.apache.synapse.MessageContext) Axis2MessageContext(org.apache.synapse.core.axis2.Axis2MessageContext) ThrottleProperties(org.wso2.carbon.apimgt.impl.dto.ThrottleProperties) Test(org.junit.Test)

Example 69 with AuthenticationContext

use of org.wso2.carbon.apimgt.gateway.handlers.security.AuthenticationContext in project carbon-apimgt by wso2.

the class InboundWebsocketProcessorUtil method authenticateWSJWTToken.

/**
 * Authenticates JWT token in incoming Websocket handshake requests.
 *
 * @param inboundMessageContext InboundMessageContext
 * @return true if authenticated
 * @throws APIManagementException if an internal error occurs
 * @throws APISecurityException   if authentication fails
 */
public static boolean authenticateWSJWTToken(InboundMessageContext inboundMessageContext) throws APIManagementException, APISecurityException {
    AuthenticationContext authenticationContext;
    JWTValidator jwtValidator = new JWTValidator(new APIKeyValidator(), inboundMessageContext.getTenantDomain());
    authenticationContext = jwtValidator.authenticateForWebSocket(inboundMessageContext.getSignedJWTInfo(), inboundMessageContext.getApiContext(), inboundMessageContext.getVersion(), inboundMessageContext.getMatchingResource());
    return validateAuthenticationContext(authenticationContext, inboundMessageContext);
}
Also used : AuthenticationContext(org.wso2.carbon.apimgt.gateway.handlers.security.AuthenticationContext) APIKeyValidator(org.wso2.carbon.apimgt.gateway.handlers.security.APIKeyValidator) JWTValidator(org.wso2.carbon.apimgt.gateway.handlers.security.jwt.JWTValidator)

Example 70 with AuthenticationContext

use of org.wso2.carbon.apimgt.gateway.handlers.security.AuthenticationContext in project carbon-apimgt by wso2.

the class InboundWebsocketProcessorUtil method authenticateGraphQLJWTToken.

/**
 * Authenticates JWT token in incoming GraphQL subscription requests.
 *
 * @param inboundMessageContext InboundMessageContext
 * @return true if authenticated
 * @throws APIManagementException if an internal error occurs
 * @throws APISecurityException   if authentication fails
 */
public static boolean authenticateGraphQLJWTToken(InboundMessageContext inboundMessageContext) throws APIManagementException, APISecurityException {
    AuthenticationContext authenticationContext;
    PrivilegedCarbonContext.startTenantFlow();
    PrivilegedCarbonContext.getThreadLocalCarbonContext().setTenantDomain(inboundMessageContext.getTenantDomain(), true);
    JWTValidator jwtValidator = new JWTValidator(new APIKeyValidator(), inboundMessageContext.getTenantDomain());
    authenticationContext = jwtValidator.authenticateForGraphQLSubscription(inboundMessageContext.getSignedJWTInfo(), inboundMessageContext.getApiContext(), inboundMessageContext.getVersion());
    return validateAuthenticationContext(authenticationContext, inboundMessageContext);
}
Also used : AuthenticationContext(org.wso2.carbon.apimgt.gateway.handlers.security.AuthenticationContext) APIKeyValidator(org.wso2.carbon.apimgt.gateway.handlers.security.APIKeyValidator) JWTValidator(org.wso2.carbon.apimgt.gateway.handlers.security.jwt.JWTValidator)

Aggregations

AuthenticationContext (org.wso2.carbon.apimgt.gateway.handlers.security.AuthenticationContext)96 Axis2MessageContext (org.apache.synapse.core.axis2.Axis2MessageContext)69 Test (org.junit.Test)69 MessageContext (org.apache.synapse.MessageContext)56 PrepareForTest (org.powermock.core.classloader.annotations.PrepareForTest)49 ArrayList (java.util.ArrayList)31 ConditionGroupDTO (org.wso2.carbon.apimgt.api.dto.ConditionGroupDTO)31 TreeMap (java.util.TreeMap)22 VerbInfoDTO (org.wso2.carbon.apimgt.impl.dto.VerbInfoDTO)22 API (org.wso2.carbon.apimgt.keymgt.model.entity.API)21 HashMap (java.util.HashMap)19 Cache (javax.cache.Cache)18 Test (org.testng.annotations.Test)18 AuthenticationContext (org.wso2.carbon.identity.application.authentication.framework.context.AuthenticationContext)18 ThrottleProperties (org.wso2.carbon.apimgt.impl.dto.ThrottleProperties)17 SignedJWT (com.nimbusds.jwt.SignedJWT)16 ConditionDTO (org.wso2.carbon.apimgt.api.dto.ConditionDTO)16 ThrottleDataHolder (org.wso2.carbon.apimgt.gateway.throttling.ThrottleDataHolder)16 APISecurityException (org.wso2.carbon.apimgt.gateway.handlers.security.APISecurityException)15 APIKeyValidationInfoDTO (org.wso2.carbon.apimgt.impl.dto.APIKeyValidationInfoDTO)14