Search in sources :

Example 16 with TokenInfo

use of org.wso2.carbon.apimgt.impl.kmclient.model.TokenInfo in project carbon-apimgt by wso2.

the class APIConsumerImpl method mapExistingOAuthClient.

/**
 * @param jsonString this string will contain oAuth app details
 * @param userName user name of logged in user.
 * @param clientId this is the consumer key of oAuthApplication
 * @param applicationName this is the APIM appication name.
 * @param keyType
 * @param tokenType this is theApplication Token Type. This can be either default or jwt.
 * @param keyManagerName key Manager name
 * @return
 * @throws APIManagementException
 */
@Override
public Map<String, Object> mapExistingOAuthClient(String jsonString, String userName, String clientId, String applicationName, String keyType, String tokenType, String keyManagerName, String tenantDomain) throws APIManagementException {
    String callBackURL = null;
    if (StringUtils.isEmpty(tenantDomain)) {
        tenantDomain = MultitenantUtils.getTenantDomain(userName);
    }
    String keyManagerId = null;
    KeyManagerConfigurationDTO keyManagerConfiguration = null;
    if (keyManagerName != null) {
        keyManagerConfiguration = apiMgtDAO.getKeyManagerConfigurationByName(tenantDomain, keyManagerName);
        if (keyManagerConfiguration == null) {
            keyManagerConfiguration = apiMgtDAO.getKeyManagerConfigurationByUUID(keyManagerName);
            if (keyManagerConfiguration != null) {
                keyManagerId = keyManagerName;
                keyManagerName = keyManagerConfiguration.getName();
            }
        } else {
            keyManagerId = keyManagerConfiguration.getUuid();
        }
    } else {
        keyManagerName = APIConstants.KeyManager.DEFAULT_KEY_MANAGER;
        keyManagerConfiguration = apiMgtDAO.getKeyManagerConfigurationByName(tenantDomain, keyManagerName);
        keyManagerId = keyManagerConfiguration.getUuid();
    }
    if (keyManagerConfiguration == null || !keyManagerConfiguration.isEnabled()) {
        throw new APIManagementException("Key Manager " + keyManagerName + " doesn't exist in Tenant " + tenantDomain, ExceptionCodes.KEY_MANAGER_NOT_REGISTERED);
    }
    if (KeyManagerConfiguration.TokenType.EXCHANGED.toString().equals(keyManagerConfiguration.getTokenType())) {
        throw new APIManagementException("Key Manager " + keyManagerName + " doesn't support to generate" + " Client Application", ExceptionCodes.KEY_MANAGER_NOT_SUPPORT_OAUTH_APP_CREATION);
    }
    OAuthAppRequest oauthAppRequest = ApplicationUtils.createOauthAppRequest(applicationName, clientId, callBackURL, "default", jsonString, tokenType, tenantDomain, keyManagerName);
    // if clientId is null in the argument `ApplicationUtils#createOauthAppRequest` will set it using
    // the props in `jsonString`. Hence we are taking the updated `clientId` here
    clientId = oauthAppRequest.getOAuthApplicationInfo().getClientId();
    KeyManager keyManager = KeyManagerHolder.getKeyManagerInstance(tenantDomain, keyManagerName);
    if (keyManager == null) {
        throw new APIManagementException("Key Manager " + keyManagerName + "Couldn't initialized in tenant " + tenantDomain + ".", ExceptionCodes.KEY_MANAGER_NOT_REGISTERED);
    }
    // Get application ID
    int applicationId = apiMgtDAO.getApplicationId(applicationName, userName);
    // Checking if clientId is mapped with another application.
    if (apiMgtDAO.isKeyMappingExistsForConsumerKeyOrApplication(applicationId, keyManagerName, keyManagerId, keyType, clientId)) {
        throw new APIManagementException("Key Mappings already exists for application " + applicationName + " or consumer key " + clientId, ExceptionCodes.KEY_MAPPING_ALREADY_EXIST);
    }
    if (log.isDebugEnabled()) {
        log.debug("Client ID " + clientId + " not mapped previously with another application. No existing " + "key mappings available for application " + applicationName);
    }
    // createApplication on oAuthorization server.
    OAuthApplicationInfo oAuthApplication = isOauthAppValidation() ? keyManager.mapOAuthApplication(oauthAppRequest) : oauthAppRequest.getOAuthApplicationInfo();
    // Do application mapping with consumerKey.
    String keyMappingId = UUID.randomUUID().toString();
    apiMgtDAO.createApplicationKeyTypeMappingForManualClients(keyType, applicationId, clientId, keyManagerId, keyMappingId);
    Object enableTokenGeneration = keyManager.getKeyManagerConfiguration().getParameter(APIConstants.KeyManager.ENABLE_TOKEN_GENERATION);
    AccessTokenInfo tokenInfo;
    if (enableTokenGeneration != null && (Boolean) enableTokenGeneration && oAuthApplication.getJsonString().contains(APIConstants.GRANT_TYPE_CLIENT_CREDENTIALS)) {
        AccessTokenRequest tokenRequest = ApplicationUtils.createAccessTokenRequest(keyManager, oAuthApplication, null);
        tokenInfo = keyManager.getNewApplicationAccessToken(tokenRequest);
    } else {
        tokenInfo = new AccessTokenInfo();
        tokenInfo.setAccessToken("");
        tokenInfo.setValidityPeriod(0L);
        String[] noScopes = new String[] { "N/A" };
        tokenInfo.setScope(noScopes);
        oAuthApplication.addParameter("tokenScope", Arrays.toString(noScopes));
    }
    Map<String, Object> keyDetails = new HashMap<String, Object>();
    if (tokenInfo != null) {
        keyDetails.put("validityTime", tokenInfo.getValidityPeriod());
        keyDetails.put("accessToken", tokenInfo.getAccessToken());
        keyDetails.put("tokenDetails", tokenInfo.getJSONString());
    }
    keyDetails.put(APIConstants.FrontEndParameterNames.CONSUMER_KEY, oAuthApplication.getClientId());
    keyDetails.put(APIConstants.FrontEndParameterNames.CONSUMER_SECRET, oAuthApplication.getParameter("client_secret"));
    keyDetails.put(APIConstants.FrontEndParameterNames.CLIENT_DETAILS, oAuthApplication.getJsonString());
    keyDetails.put(APIConstants.FrontEndParameterNames.KEY_MAPPING_ID, keyMappingId);
    keyDetails.put(APIConstants.FrontEndParameterNames.MODE, APIConstants.OAuthAppMode.MAPPED.name());
    return keyDetails;
}
Also used : KeyManagerConfigurationDTO(org.wso2.carbon.apimgt.api.dto.KeyManagerConfigurationDTO) ConcurrentHashMap(java.util.concurrent.ConcurrentHashMap) HashMap(java.util.HashMap) AccessTokenInfo(org.wso2.carbon.apimgt.api.model.AccessTokenInfo) APIManagementException(org.wso2.carbon.apimgt.api.APIManagementException) OAuthAppRequest(org.wso2.carbon.apimgt.api.model.OAuthAppRequest) OAuthApplicationInfo(org.wso2.carbon.apimgt.api.model.OAuthApplicationInfo) JSONObject(org.json.simple.JSONObject) AccessTokenRequest(org.wso2.carbon.apimgt.api.model.AccessTokenRequest) KeyManager(org.wso2.carbon.apimgt.api.model.KeyManager)

Example 17 with TokenInfo

use of org.wso2.carbon.apimgt.impl.kmclient.model.TokenInfo in project carbon-apimgt by wso2.

the class APIConsumerImpl method requestApprovalForApplicationRegistration.

/**
 * This method specifically implemented for REST API by removing application and data access logic
 * from host object layer. So as per new implementation we need to pass requested scopes to this method
 * as tokenScope. So we will do scope related other logic here in this method.
 * So host object should only pass required 9 parameters.
 */
@Override
public Map<String, Object> requestApprovalForApplicationRegistration(String userId, Application application, String tokenType, String callbackUrl, String[] allowedDomains, String validityTime, String tokenScope, String jsonString, String keyManagerName, String tenantDomain, boolean isImportMode) throws APIManagementException {
    boolean isTenantFlowStarted = false;
    if (StringUtils.isEmpty(tenantDomain)) {
        tenantDomain = MultitenantUtils.getTenantDomain(userId);
    } else {
        int tenantId = APIUtil.getInternalOrganizationId(tenantDomain);
        // To handle choreo scenario.
        if (tenantId == MultitenantConstants.SUPER_TENANT_ID) {
            tenantDomain = MultitenantConstants.SUPER_TENANT_DOMAIN_NAME;
        }
    }
    String keyManagerId = null;
    if (keyManagerName != null) {
        KeyManagerConfigurationDTO keyManagerConfiguration = apiMgtDAO.getKeyManagerConfigurationByName(tenantDomain, keyManagerName);
        if (keyManagerConfiguration == null) {
            keyManagerConfiguration = apiMgtDAO.getKeyManagerConfigurationByUUID(keyManagerName);
            if (keyManagerConfiguration != null) {
                keyManagerId = keyManagerName;
                keyManagerName = keyManagerConfiguration.getName();
            }
        } else {
            keyManagerId = keyManagerConfiguration.getUuid();
        }
        if (keyManagerConfiguration == null || !keyManagerConfiguration.isEnabled()) {
            throw new APIManagementException("Key Manager " + keyManagerName + " doesn't exist in Tenant " + tenantDomain, ExceptionCodes.KEY_MANAGER_NOT_REGISTERED);
        }
        if (KeyManagerConfiguration.TokenType.EXCHANGED.toString().equals(keyManagerConfiguration.getTokenType())) {
            throw new APIManagementException("Key Manager " + keyManagerName + " doesn't support to generate" + " Client Application", ExceptionCodes.KEY_MANAGER_NOT_SUPPORT_OAUTH_APP_CREATION);
        }
        Object enableOauthAppCreation = keyManagerConfiguration.getProperty(APIConstants.KeyManager.ENABLE_OAUTH_APP_CREATION);
        if (enableOauthAppCreation != null && !(Boolean) enableOauthAppCreation) {
            if (isImportMode) {
                log.debug("Importing application when KM OAuth App creation is disabled. Trying to map keys");
                // in the `jsonString` and ApplicationUtils#createOauthAppRequest logic handles it.
                return mapExistingOAuthClient(jsonString, userId, null, application.getName(), tokenType, APIConstants.DEFAULT_TOKEN_TYPE, keyManagerName, tenantDomain);
            } else {
                throw new APIManagementException("Key Manager " + keyManagerName + " doesn't support to generate" + " Client Application", ExceptionCodes.KEY_MANAGER_NOT_SUPPORT_OAUTH_APP_CREATION);
            }
        }
    }
    try {
        if (tenantDomain != null && !MultitenantConstants.SUPER_TENANT_DOMAIN_NAME.equals(tenantDomain)) {
            isTenantFlowStarted = startTenantFlowForTenantDomain(tenantDomain);
        }
        // check if there are any existing key mappings set for the application and the key manager.
        if (apiMgtDAO.isKeyMappingExistsForApplication(application.getId(), keyManagerName, keyManagerId, tokenType)) {
            throw new APIManagementException("Key Mappings already exists for application " + application.getName(), ExceptionCodes.KEY_MAPPING_ALREADY_EXIST);
        }
        // initiate WorkflowExecutor
        WorkflowExecutor appRegistrationWorkflow = null;
        // initiate ApplicationRegistrationWorkflowDTO
        ApplicationRegistrationWorkflowDTO appRegWFDto = null;
        ApplicationKeysDTO appKeysDto = new ApplicationKeysDTO();
        boolean isCaseInsensitiveComparisons = Boolean.parseBoolean(getAPIManagerConfiguration().getFirstProperty(APIConstants.API_STORE_FORCE_CI_COMPARISIONS));
        boolean isUserAppOwner;
        if (isCaseInsensitiveComparisons) {
            isUserAppOwner = application.getSubscriber().getName().equalsIgnoreCase(userId);
        } else {
            isUserAppOwner = application.getSubscriber().getName().equals(userId);
        }
        if (!isUserAppOwner) {
            throw new APIManagementException("user: " + application.getSubscriber().getName() + ", " + "attempted to generate tokens for application owned by: " + userId);
        }
        // if its a PRODUCTION application.
        if (APIConstants.API_KEY_TYPE_PRODUCTION.equals(tokenType)) {
            // initiate workflow type. By default simple work flow will be
            // executed.
            appRegistrationWorkflow = getWorkflowExecutor(WorkflowConstants.WF_TYPE_AM_APPLICATION_REGISTRATION_PRODUCTION);
            appRegWFDto = (ApplicationRegistrationWorkflowDTO) WorkflowExecutorFactory.getInstance().createWorkflowDTO(WorkflowConstants.WF_TYPE_AM_APPLICATION_REGISTRATION_PRODUCTION);
        } else // if it is a sandBox application.
        if (APIConstants.API_KEY_TYPE_SANDBOX.equals(tokenType)) {
            // if its a SANDBOX application.
            appRegistrationWorkflow = getWorkflowExecutor(WorkflowConstants.WF_TYPE_AM_APPLICATION_REGISTRATION_SANDBOX);
            appRegWFDto = (ApplicationRegistrationWorkflowDTO) WorkflowExecutorFactory.getInstance().createWorkflowDTO(WorkflowConstants.WF_TYPE_AM_APPLICATION_REGISTRATION_SANDBOX);
        } else {
            throw new APIManagementException("Invalid Token Type '" + tokenType + "' requested.");
        }
        // check whether callback url is empty and set null
        if (StringUtils.isBlank(callbackUrl)) {
            callbackUrl = null;
        }
        String applicationTokenType = application.getTokenType();
        if (StringUtils.isEmpty(application.getTokenType())) {
            applicationTokenType = APIConstants.DEFAULT_TOKEN_TYPE;
        }
        // Build key manager instance and create oAuthAppRequest by jsonString.
        OAuthAppRequest request = ApplicationUtils.createOauthAppRequest(application.getName(), null, callbackUrl, tokenScope, jsonString, applicationTokenType, tenantDomain, keyManagerName);
        request.getOAuthApplicationInfo().addParameter(ApplicationConstants.VALIDITY_PERIOD, validityTime);
        request.getOAuthApplicationInfo().addParameter(ApplicationConstants.APP_KEY_TYPE, tokenType);
        request.getOAuthApplicationInfo().addParameter(ApplicationConstants.APP_CALLBACK_URL, callbackUrl);
        request.getOAuthApplicationInfo().setApplicationUUID(application.getUUID());
        // Setting request values in WorkflowDTO - In future we should keep
        // Application/OAuthApplication related
        // information in the respective entities not in the workflowDTO.
        appRegWFDto.setStatus(WorkflowStatus.CREATED);
        appRegWFDto.setCreatedTime(System.currentTimeMillis());
        appRegWFDto.setTenantDomain(tenantDomain);
        appRegWFDto.setTenantId(tenantId);
        appRegWFDto.setExternalWorkflowReference(appRegistrationWorkflow.generateUUID());
        appRegWFDto.setWorkflowReference(appRegWFDto.getExternalWorkflowReference());
        appRegWFDto.setApplication(application);
        appRegWFDto.setKeyManager(keyManagerId);
        request.setMappingId(appRegWFDto.getWorkflowReference());
        if (!application.getSubscriber().getName().equals(userId)) {
            appRegWFDto.setUserName(application.getSubscriber().getName());
        } else {
            appRegWFDto.setUserName(userId);
        }
        appRegWFDto.setCallbackUrl(appRegistrationWorkflow.getCallbackURL());
        appRegWFDto.setAppInfoDTO(request);
        appRegWFDto.setDomainList(allowedDomains);
        appRegWFDto.setKeyDetails(appKeysDto);
        appRegistrationWorkflow.execute(appRegWFDto);
        Map<String, Object> keyDetails = new HashMap<String, Object>();
        keyDetails.put(APIConstants.FrontEndParameterNames.KEY_STATE, appRegWFDto.getStatus().toString());
        OAuthApplicationInfo applicationInfo = appRegWFDto.getApplicationInfo();
        String keyMappingId = apiMgtDAO.getKeyMappingIdFromApplicationIdKeyTypeAndKeyManager(application.getId(), tokenType, keyManagerId);
        keyDetails.put(APIConstants.FrontEndParameterNames.KEY_MAPPING_ID, keyMappingId);
        if (applicationInfo != null) {
            keyDetails.put(APIConstants.FrontEndParameterNames.CONSUMER_KEY, applicationInfo.getClientId());
            keyDetails.put(APIConstants.FrontEndParameterNames.CONSUMER_SECRET, applicationInfo.getClientSecret());
            keyDetails.put(ApplicationConstants.OAUTH_APP_DETAILS, applicationInfo.getJsonString());
            keyDetails.put(APIConstants.FrontEndParameterNames.MODE, APIConstants.OAuthAppMode.CREATED.name());
        }
        // There can be instances where generating the Application Token is
        // not required. In those cases,
        // token info will have nothing.
        AccessTokenInfo tokenInfo = appRegWFDto.getAccessTokenInfo();
        if (tokenInfo != null) {
            keyDetails.put("accessToken", tokenInfo.getAccessToken());
            keyDetails.put("validityTime", tokenInfo.getValidityPeriod());
            keyDetails.put("tokenDetails", tokenInfo.getJSONString());
            keyDetails.put("tokenScope", tokenInfo.getScopes());
        }
        JSONObject appLogObject = new JSONObject();
        appLogObject.put("Generated keys for application", application.getName());
        APIUtil.logAuditMessage(APIConstants.AuditLogConstants.APPLICATION, appLogObject.toString(), APIConstants.AuditLogConstants.UPDATED, this.username);
        // if its a PRODUCTION application.
        if (APIConstants.API_KEY_TYPE_PRODUCTION.equals(tokenType)) {
            // get the workflow state once the executor is executed.
            WorkflowDTO wfDTO = apiMgtDAO.retrieveWorkflowFromInternalReference(appRegWFDto.getExternalWorkflowReference(), WorkflowConstants.WF_TYPE_AM_APPLICATION_REGISTRATION_PRODUCTION);
            // wfDTO is null when simple wf executor is used because wf state is not stored in the db and is always approved.
            if (wfDTO != null) {
                if (WorkflowStatus.APPROVED.equals(wfDTO.getStatus())) {
                    ApplicationRegistrationEvent applicationRegistrationEvent = new ApplicationRegistrationEvent(UUID.randomUUID().toString(), System.currentTimeMillis(), APIConstants.EventType.APPLICATION_REGISTRATION_CREATE.name(), tenantId, tenantDomain, application.getId(), application.getUUID(), applicationInfo.getClientId(), tokenType, keyManagerName);
                    APIUtil.sendNotification(applicationRegistrationEvent, APIConstants.NotifierType.APPLICATION_REGISTRATION.name());
                }
            } else {
                ApplicationRegistrationEvent applicationRegistrationEvent = new ApplicationRegistrationEvent(UUID.randomUUID().toString(), System.currentTimeMillis(), APIConstants.EventType.APPLICATION_REGISTRATION_CREATE.name(), tenantId, tenantDomain, application.getId(), application.getUUID(), applicationInfo.getClientId(), tokenType, keyManagerName);
                APIUtil.sendNotification(applicationRegistrationEvent, APIConstants.NotifierType.APPLICATION_REGISTRATION.name());
            }
        } else if (APIConstants.API_KEY_TYPE_SANDBOX.equals(tokenType)) {
            // get the workflow state once the executor is executed.
            WorkflowDTO wfDTO = apiMgtDAO.retrieveWorkflowFromInternalReference(appRegWFDto.getExternalWorkflowReference(), WorkflowConstants.WF_TYPE_AM_APPLICATION_REGISTRATION_SANDBOX);
            // wfDTO is null when simple wf executor is used because wf state is not stored in the db and is always approved.
            if (wfDTO != null) {
                if (WorkflowStatus.APPROVED.equals(wfDTO.getStatus())) {
                    ApplicationRegistrationEvent applicationRegistrationEvent = new ApplicationRegistrationEvent(UUID.randomUUID().toString(), System.currentTimeMillis(), APIConstants.EventType.APPLICATION_REGISTRATION_CREATE.name(), tenantId, tenantDomain, application.getId(), application.getUUID(), applicationInfo.getClientId(), tokenType, keyManagerName);
                    APIUtil.sendNotification(applicationRegistrationEvent, APIConstants.NotifierType.APPLICATION_REGISTRATION.name());
                }
            } else {
                ApplicationRegistrationEvent applicationRegistrationEvent = new ApplicationRegistrationEvent(UUID.randomUUID().toString(), System.currentTimeMillis(), APIConstants.EventType.APPLICATION_REGISTRATION_CREATE.name(), tenantId, tenantDomain, application.getId(), application.getUUID(), applicationInfo.getClientId(), tokenType, keyManagerName);
                APIUtil.sendNotification(applicationRegistrationEvent, APIConstants.NotifierType.APPLICATION_REGISTRATION.name());
            }
        }
        return keyDetails;
    } catch (WorkflowException e) {
        log.error("Could not execute Workflow", e);
        throw new APIManagementException(e);
    } finally {
        if (isTenantFlowStarted) {
            endTenantFlow();
        }
    }
}
Also used : KeyManagerConfigurationDTO(org.wso2.carbon.apimgt.api.dto.KeyManagerConfigurationDTO) ApplicationRegistrationWorkflowDTO(org.wso2.carbon.apimgt.impl.dto.ApplicationRegistrationWorkflowDTO) ApplicationWorkflowDTO(org.wso2.carbon.apimgt.impl.dto.ApplicationWorkflowDTO) WorkflowDTO(org.wso2.carbon.apimgt.impl.dto.WorkflowDTO) ApplicationRegistrationWorkflowDTO(org.wso2.carbon.apimgt.impl.dto.ApplicationRegistrationWorkflowDTO) SubscriptionWorkflowDTO(org.wso2.carbon.apimgt.impl.dto.SubscriptionWorkflowDTO) ConcurrentHashMap(java.util.concurrent.ConcurrentHashMap) HashMap(java.util.HashMap) WorkflowException(org.wso2.carbon.apimgt.impl.workflow.WorkflowException) ApplicationRegistrationEvent(org.wso2.carbon.apimgt.impl.notifier.events.ApplicationRegistrationEvent) AccessTokenInfo(org.wso2.carbon.apimgt.api.model.AccessTokenInfo) ApplicationKeysDTO(org.wso2.carbon.apimgt.api.model.ApplicationKeysDTO) APIManagementException(org.wso2.carbon.apimgt.api.APIManagementException) JSONObject(org.json.simple.JSONObject) OAuthAppRequest(org.wso2.carbon.apimgt.api.model.OAuthAppRequest) OAuthApplicationInfo(org.wso2.carbon.apimgt.api.model.OAuthApplicationInfo) JSONObject(org.json.simple.JSONObject) WorkflowExecutor(org.wso2.carbon.apimgt.impl.workflow.WorkflowExecutor)

Example 18 with TokenInfo

use of org.wso2.carbon.apimgt.impl.kmclient.model.TokenInfo in project carbon-apimgt by wso2.

the class JWTUtil method validateScopes.

/**
 * @param message   CXF message to be validate
 * @param tokenInfo Token information associated with incoming request
 * @return return true if we found matching scope in resource and token information
 * else false(means scope validation failed).
 */
public static boolean validateScopes(HashMap<String, Object> message, OAuthTokenInfo tokenInfo) {
    String basePath = (String) message.get(RestApiConstants.BASE_PATH);
    // path is obtained from Message.REQUEST_URI instead of Message.PATH_INFO, as Message.PATH_INFO contains
    // decoded values of request parameters
    String path = (String) message.get(RestApiConstants.REQUEST_URL);
    String verb = (String) message.get(RestApiConstants.REQUEST_METHOD);
    String resource = path.substring(basePath.length() - 1);
    String[] scopes = tokenInfo.getScopes();
    String version = (String) message.get(RestApiConstants.API_VERSION);
    // get all the URI templates of the REST API from the base path
    Set<URITemplate> uriTemplates = (Set<URITemplate>) message.get(RestApiConstants.URI_TEMPLATES);
    if (uriTemplates.isEmpty()) {
        if (log.isDebugEnabled()) {
            log.debug("No matching scopes found for request with path: " + basePath + ". Skipping scope validation.");
        }
        return true;
    }
    for (Object template : uriTemplates.toArray()) {
        org.wso2.uri.template.URITemplate templateToValidate = null;
        Map<String, String> var = new HashMap<String, String>();
        // check scopes with what we have
        String templateString = ((URITemplate) template).getUriTemplate();
        try {
            templateToValidate = new org.wso2.uri.template.URITemplate(templateString);
        } catch (URITemplateException e) {
            log.error("Error while creating URI Template object to validate request. Template pattern: " + templateString, e);
        }
        if (templateToValidate != null && templateToValidate.matches(resource, var) && scopes != null && verb != null && verb.equalsIgnoreCase(((URITemplate) template).getHTTPVerb())) {
            for (String scope : scopes) {
                Scope scp = ((URITemplate) template).getScope();
                if (scp != null) {
                    if (scope.equalsIgnoreCase(scp.getKey())) {
                        // we found scopes matches
                        if (log.isDebugEnabled()) {
                            log.debug("Scope validation successful for access token: " + message.get(RestApiConstants.MASKED_TOKEN) + " with scope: " + scp.getKey() + " for resource path: " + path + " and verb " + verb);
                        }
                        return true;
                    }
                } else if (!((URITemplate) template).retrieveAllScopes().isEmpty()) {
                    List<Scope> scopesList = ((URITemplate) template).retrieveAllScopes();
                    for (Scope scpObj : scopesList) {
                        if (scope.equalsIgnoreCase(scpObj.getKey())) {
                            // we found scopes matches
                            if (log.isDebugEnabled()) {
                                log.debug("Scope validation successful for access token: " + message.get(RestApiConstants.MASKED_TOKEN) + " with scope: " + scpObj.getKey() + " for resource path: " + path + " and verb " + verb);
                            }
                            return true;
                        }
                    }
                } else {
                    if (log.isDebugEnabled()) {
                        log.debug("Scope not defined in swagger for matching resource " + resource + " and verb " + verb + " . So consider as anonymous permission and let request to continue.");
                    }
                    return true;
                }
            }
        }
    }
    return false;
}
Also used : Set(java.util.Set) HashMap(java.util.HashMap) URITemplate(org.wso2.carbon.apimgt.api.model.URITemplate) URITemplateException(org.wso2.uri.template.URITemplateException) Scope(org.wso2.carbon.apimgt.api.model.Scope) List(java.util.List)

Aggregations

APIManagementException (org.wso2.carbon.apimgt.api.APIManagementException)9 AccessTokenInfo (org.wso2.carbon.apimgt.api.model.AccessTokenInfo)9 HashMap (java.util.HashMap)4 KeyManagerConfigurationDTO (org.wso2.carbon.apimgt.api.dto.KeyManagerConfigurationDTO)4 KeyManager (org.wso2.carbon.apimgt.api.model.KeyManager)4 OAuthApplicationInfo (org.wso2.carbon.apimgt.api.model.OAuthApplicationInfo)4 KeyManagementException (org.wso2.carbon.apimgt.core.exception.KeyManagementException)3 AccessTokenInfo (org.wso2.carbon.apimgt.core.models.AccessTokenInfo)3 APIKeyValidationInfoDTO (org.wso2.carbon.apimgt.impl.dto.APIKeyValidationInfoDTO)3 Response (feign.Response)2 GsonDecoder (feign.gson.GsonDecoder)2 IOException (java.io.IOException)2 HashSet (java.util.HashSet)2 List (java.util.List)2 ConcurrentHashMap (java.util.concurrent.ConcurrentHashMap)2 JSONObject (org.json.simple.JSONObject)2 OAuthTokenInfo (org.wso2.carbon.apimgt.api.OAuthTokenInfo)2 AccessTokenRequest (org.wso2.carbon.apimgt.api.model.AccessTokenRequest)2 OAuthAppRequest (org.wso2.carbon.apimgt.api.model.OAuthAppRequest)2 Scope (org.wso2.carbon.apimgt.api.model.Scope)2