Search in sources :

Example 81 with ErrorDTO

use of org.wso2.carbon.apimgt.rest.api.authenticator.dto.ErrorDTO in project carbon-apimgt by wso2.

the class RESTAPISecurityInterceptor method preCall.

/**
 * preCall is run before a handler method call is made. If any of the preCalls throw exception or return false then
 * no other subsequent preCalls will be called and the request processing will be terminated,
 * also no postCall interceptors will be called.
 *
 * @param request           HttpRequest being processed.
 * @param response          HttpResponder to send response.
 * @param serviceMethodInfo Info on handler method that will be called.
 * @return true if the request processing can continue, otherwise the hook should send response and return false to
 * stop further processing.
 * @throws APIMgtSecurityException if error occurs while executing the preCall
 */
@Override
public boolean preCall(Request request, Response response, ServiceMethodInfo serviceMethodInfo) throws APIMgtSecurityException {
    ErrorHandler errorHandler = null;
    boolean isAuthenticated = false;
    // CORS for Environments - Add allowed Origin when User-Agent sent 'Origin' header.
    String origin = request.getHeader(RestApiConstants.ORIGIN_HEADER);
    String allowedOrigin = EnvironmentUtils.getAllowedOrigin(origin);
    if (allowedOrigin != null) {
        response.setHeader(RestApiConstants.ACCESS_CONTROL_ALLOW_ORIGIN_HEADER, allowedOrigin).setHeader(RestApiConstants.ACCESS_CONTROL_ALLOW_CREDENTIALS_HEADER, "true");
    }
    // CORS for Environments - Add allowed Methods and Headers when 'OPTIONS' method is called.
    if (request.getHttpMethod().equalsIgnoreCase(APIConstants.HTTP_OPTIONS)) {
        try {
            String definedHttpMethods = RestApiUtil.getDefinedMethodHeadersInSwaggerContent(request, serviceMethodInfo);
            if (definedHttpMethods != null) {
                response.setHeader(RestApiConstants.ACCESS_CONTROL_ALLOW_METHODS_HEADER, definedHttpMethods).setHeader(RestApiConstants.ACCESS_CONTROL_ALLOW_HEADERS_HEADER, RestApiConstants.ACCESS_CONTROL_ALLOW_HEADERS_LIST).setStatus(javax.ws.rs.core.Response.Status.OK.getStatusCode()).send();
                return false;
            }
        } catch (APIManagementException e) {
            String msg = "Couldn't find declared HTTP methods in swagger.yaml";
            ErrorDTO errorDTO = RestApiUtil.getErrorDTO(e.getErrorHandler());
            log.error(msg, e);
            response.setStatus(javax.ws.rs.core.Response.Status.INTERNAL_SERVER_ERROR.getStatusCode()).setEntity(errorDTO).send();
            return false;
        }
    }
    /* TODO: Following string contains check is done to avoid checking security headers in non API requests.
         * Consider this as a temporary fix until MSF4J support context based interceptor registration */
    String requestURI = request.getUri().toLowerCase(Locale.ENGLISH);
    if (!requestURI.contains("/api/am/")) {
        return true;
    }
    if (requestURI.contains("/login/token")) {
        return true;
    }
    String yamlContent = null;
    String protocol = (String) request.getProperty(PROTOCOL);
    Swagger swagger = null;
    if (requestURI.contains("/api/am/publisher")) {
        if (requestURI.contains("swagger.yaml")) {
            try {
                yamlContent = RestApiUtil.getPublisherRestAPIResource();
                response.setStatus(javax.ws.rs.core.Response.Status.OK.getStatusCode()).setEntity(yamlContent).setMediaType("text/x-yaml").send();
            } catch (APIManagementException e) {
                String msg = "Couldn't find swagger.yaml for publisher";
                ErrorDTO errorDTO = RestApiUtil.getErrorDTO(e.getErrorHandler());
                log.error(msg, e);
                response.setStatus(javax.ws.rs.core.Response.Status.INTERNAL_SERVER_ERROR.getStatusCode()).setEntity(errorDTO).send();
            }
            return false;
        }
    } else if (requestURI.contains("/api/am/store")) {
        if (requestURI.contains("swagger.json")) {
            try {
                yamlContent = RestApiUtil.getStoreRestAPIResource();
                swagger = new SwaggerParser().parse(yamlContent);
                swagger.setBasePath(RestApiUtil.getContext(RestApiConstants.APPType.STORE));
                swagger.setHost(RestApiUtil.getHost(protocol.toLowerCase(Locale.ENGLISH)));
                response.setStatus(javax.ws.rs.core.Response.Status.OK.getStatusCode()).setEntity(Json.pretty(swagger)).setMediaType(MediaType.APPLICATION_JSON).send();
            } catch (APIManagementException e) {
                String msg = "Couldn't find swagger.json for store";
                ErrorDTO errorDTO = RestApiUtil.getErrorDTO(e.getErrorHandler());
                log.error(msg, e);
                response.setStatus(javax.ws.rs.core.Response.Status.INTERNAL_SERVER_ERROR.getStatusCode()).setEntity(errorDTO).send();
            }
            return false;
        } else if (requestURI.contains("swagger.yaml")) {
            try {
                yamlContent = RestApiUtil.getStoreRestAPIResource();
                response.setStatus(javax.ws.rs.core.Response.Status.OK.getStatusCode()).setEntity(yamlContent).setMediaType("text/x-yaml").send();
            } catch (APIManagementException e) {
                String msg = "Couldn't find swagger.yaml for store";
                ErrorDTO errorDTO = RestApiUtil.getErrorDTO(e.getErrorHandler());
                log.error(msg, e);
                response.setStatus(javax.ws.rs.core.Response.Status.INTERNAL_SERVER_ERROR.getStatusCode()).setEntity(errorDTO).send();
            }
            return false;
        }
    } else if (requestURI.contains("/api/am/analytics")) {
        if (requestURI.contains("swagger.json")) {
            try {
                yamlContent = RestApiUtil.getAnalyticsRestAPIResource();
                swagger = new SwaggerParser().parse(yamlContent);
                swagger.setBasePath(RestApiUtil.getContext(RestApiConstants.APPType.ANALYTICS));
                swagger.setHost(RestApiUtil.getHost(protocol.toLowerCase(Locale.ENGLISH)));
            } catch (APIManagementException e) {
                log.error("Couldn't find swagger.json for analytics", e);
            }
            response.setStatus(javax.ws.rs.core.Response.Status.OK.getStatusCode()).setEntity(Json.pretty(swagger)).setMediaType(MediaType.APPLICATION_JSON).send();
            return false;
        }
    } else if (requestURI.contains("/editor") || requestURI.contains("keyserver") || requestURI.contains("core") || requestURI.contains("/api/am/config")) {
        return true;
    } else if (requestURI.contains("/api/am/admin")) {
        if (requestURI.contains("swagger.json")) {
            try {
                yamlContent = RestApiUtil.getAdminRestAPIResource();
                swagger = new SwaggerParser().parse(yamlContent);
                swagger.setBasePath(RestApiUtil.getContext(RestApiConstants.APPType.ADMIN));
                swagger.setHost(RestApiUtil.getHost(protocol.toLowerCase(Locale.ENGLISH)));
                response.setStatus(javax.ws.rs.core.Response.Status.OK.getStatusCode()).setEntity(Json.pretty(swagger)).setMediaType(MediaType.APPLICATION_JSON).send();
            } catch (APIManagementException e) {
                String msg = "Couldn't find swagger.yaml for admin";
                ErrorDTO errorDTO = RestApiUtil.getErrorDTO(e.getErrorHandler());
                log.error(msg, e);
                response.setStatus(javax.ws.rs.core.Response.Status.INTERNAL_SERVER_ERROR.getStatusCode()).setEntity(errorDTO).send();
            }
            return false;
        } else if (requestURI.contains("swagger.yaml")) {
            try {
                yamlContent = RestApiUtil.getAdminRestAPIResource();
                response.setStatus(javax.ws.rs.core.Response.Status.OK.getStatusCode()).setEntity(yamlContent).setMediaType("text/x-yaml").send();
            } catch (APIManagementException e) {
                String msg = "Couldn't find swagger.yaml for admin";
                ErrorDTO errorDTO = RestApiUtil.getErrorDTO(e.getErrorHandler());
                log.error(msg, e);
                response.setStatus(javax.ws.rs.core.Response.Status.INTERNAL_SERVER_ERROR.getStatusCode()).setEntity(errorDTO).send();
            }
            return false;
        }
    }
    try {
        if (authenticatorImplClass == null) {
            Class<?> implClass = null;
            try {
                implClass = Class.forName(authenticatorName);
            } catch (ClassNotFoundException e) {
                throw new APIMgtSecurityException("Error while loading class " + authenticatorName, e);
            }
            authenticatorImplClass = (RESTAPIAuthenticator) implClass.newInstance();
        }
        isAuthenticated = authenticatorImplClass.authenticate(request, response, serviceMethodInfo);
    } catch (APIMgtSecurityException e) {
        errorHandler = e.getErrorHandler();
        log.error(e.getMessage() + " Requested Path: " + request.getUri());
    } catch (InstantiationException e) {
        log.error(e.getMessage() + " Error while instantiating authenticator: " + authenticatorName);
        isAuthenticated = false;
        errorHandler = ExceptionCodes.AUTH_GENERAL_ERROR;
    } catch (IllegalAccessException e) {
        log.error(e.getMessage() + " Error while accessing resource : " + authenticatorName);
        isAuthenticated = false;
        errorHandler = ExceptionCodes.AUTH_GENERAL_ERROR;
    }
    if (!isAuthenticated) {
        handleSecurityError(errorHandler, response);
    }
    return isAuthenticated;
}
Also used : SwaggerParser(io.swagger.parser.SwaggerParser) ErrorHandler(org.wso2.carbon.apimgt.core.exception.ErrorHandler) APIManagementException(org.wso2.carbon.apimgt.core.exception.APIManagementException) APIMgtSecurityException(org.wso2.carbon.apimgt.rest.api.common.exception.APIMgtSecurityException) ErrorDTO(org.wso2.carbon.apimgt.rest.api.common.dto.ErrorDTO) Swagger(io.swagger.models.Swagger)

Example 82 with ErrorDTO

use of org.wso2.carbon.apimgt.rest.api.authenticator.dto.ErrorDTO in project carbon-apimgt by wso2.

the class RestApiUtil method getErrorDTO.

/**
 * Returns a generic errorDTO
 *
 * @param errorHandler The error handler object.
 * @param paramList    map of parameters specific to the error.
 * @return A generic errorDTO with the specified details
 */
public static ErrorDTO getErrorDTO(ErrorHandler errorHandler, Map<String, String> paramList) {
    ErrorDTO errorDTO = new ErrorDTO();
    errorDTO.setCode(errorHandler.getErrorCode());
    errorDTO.setMoreInfo(paramList);
    errorDTO.setMessage(errorHandler.getErrorMessage());
    errorDTO.setDescription(errorHandler.getErrorDescription());
    return errorDTO;
}
Also used : ErrorDTO(org.wso2.carbon.apimgt.rest.api.common.dto.ErrorDTO)

Example 83 with ErrorDTO

use of org.wso2.carbon.apimgt.rest.api.authenticator.dto.ErrorDTO in project carbon-apimgt by wso2.

the class RestApiUtil method getErrorDTO.

/**
 * Return errorDTO object. This method accept APIMGTException as a parameter so we can set the e.getMessage
 * directly to the errorDTO.
 *
 * @param errorHandler Error Handler object.
 * @param paramList    Parameter list
 * @param e            APIMGTException object.
 * @return ErrorDTO Object.
 */
public static ErrorDTO getErrorDTO(ErrorHandler errorHandler, HashMap<String, String> paramList, APIManagementException e) {
    ErrorDTO errorDTO = new ErrorDTO();
    errorDTO.setCode(errorHandler.getErrorCode());
    errorDTO.setMoreInfo(paramList);
    if (e.getMessage() == null) {
        errorDTO.setMessage(errorHandler.getErrorMessage());
    } else {
        errorDTO.setMessage(e.getMessage());
    }
    errorDTO.setDescription(errorHandler.getErrorDescription());
    return errorDTO;
}
Also used : ErrorDTO(org.wso2.carbon.apimgt.rest.api.common.dto.ErrorDTO)

Example 84 with ErrorDTO

use of org.wso2.carbon.apimgt.rest.api.authenticator.dto.ErrorDTO in project carbon-apimgt by wso2.

the class RestApiUtil method getErrorDTO.

/**
 * Returns a generic errorDTO
 *
 * @param errorHandler The error handler object.
 * @return A generic errorDTO with the specified details
 */
public static ErrorDTO getErrorDTO(ErrorHandler errorHandler) {
    ErrorDTO errorDTO = new ErrorDTO();
    errorDTO.setCode(errorHandler.getErrorCode());
    errorDTO.setMessage(errorHandler.getErrorMessage());
    errorDTO.setDescription(errorHandler.getErrorDescription());
    return errorDTO;
}
Also used : ErrorDTO(org.wso2.carbon.apimgt.rest.api.common.dto.ErrorDTO)

Example 85 with ErrorDTO

use of org.wso2.carbon.apimgt.rest.api.authenticator.dto.ErrorDTO in project carbon-apimgt by wso2.

the class ResourcesApiServiceImpl method resourcesGet.

@Override
public Response resourcesGet(String apiContext, String apiVersion, String accept, Request request) throws NotFoundException {
    try {
        APIMgtAdminService apiMgtAdminService = APIManagerFactory.getInstance().getAPIMgtAdminService();
        List<UriTemplate> resourcesOfApi = new ArrayList<>();
        if (!StringUtils.isEmpty(apiContext) && !StringUtils.isEmpty(apiVersion)) {
            resourcesOfApi = apiMgtAdminService.getAllResourcesForApi(apiContext, apiVersion);
        }
        ResourcesListDTO resourcesListDTO = new ResourcesListDTO();
        resourcesListDTO.setList(MappingUtil.convertToResourceListDto(resourcesOfApi));
        return Response.ok(resourcesListDTO).build();
    } catch (APIManagementException e) {
        String errorMessage = "Error while retrieving resources.";
        Map<String, String> paramList = new HashMap<String, String>();
        if (!StringUtils.isEmpty(apiContext)) {
            paramList.put(APIMgtConstants.ExceptionsConstants.API_CONTEXT, apiContext);
        }
        if (!StringUtils.isEmpty(apiVersion)) {
            paramList.put(APIMgtConstants.ExceptionsConstants.API_VERSION, apiVersion);
        }
        org.wso2.carbon.apimgt.rest.api.common.dto.ErrorDTO errorDTO = RestApiUtil.getErrorDTO(e.getErrorHandler(), paramList);
        log.error(errorMessage, e);
        return Response.status(e.getErrorHandler().getHttpStatusCode()).entity(errorDTO).build();
    }
}
Also used : ArrayList(java.util.ArrayList) UriTemplate(org.wso2.carbon.apimgt.core.models.UriTemplate) APIMgtAdminService(org.wso2.carbon.apimgt.core.api.APIMgtAdminService) APIManagementException(org.wso2.carbon.apimgt.core.exception.APIManagementException) HashMap(java.util.HashMap) Map(java.util.Map) ResourcesListDTO(org.wso2.carbon.apimgt.rest.api.core.dto.ResourcesListDTO)

Aggregations

ErrorDTO (org.wso2.carbon.apimgt.rest.api.common.dto.ErrorDTO)155 APIManagementException (org.wso2.carbon.apimgt.core.exception.APIManagementException)154 HashMap (java.util.HashMap)106 APIStore (org.wso2.carbon.apimgt.core.api.APIStore)48 APIPublisher (org.wso2.carbon.apimgt.core.api.APIPublisher)45 APIMgtAdminService (org.wso2.carbon.apimgt.core.api.APIMgtAdminService)40 Map (java.util.Map)25 APIMgtResourceNotFoundException (org.wso2.carbon.apimgt.core.exception.APIMgtResourceNotFoundException)15 ErrorHandler (org.wso2.carbon.apimgt.core.exception.ErrorHandler)15 IOException (java.io.IOException)11 Application (org.wso2.carbon.apimgt.core.models.Application)11 URI (java.net.URI)10 URISyntaxException (java.net.URISyntaxException)10 DocumentInfo (org.wso2.carbon.apimgt.core.models.DocumentInfo)9 Subscription (org.wso2.carbon.apimgt.core.models.Subscription)7 ArrayList (java.util.ArrayList)6 API (org.wso2.carbon.apimgt.core.models.API)6 Endpoint (org.wso2.carbon.apimgt.core.models.Endpoint)6 Label (org.wso2.carbon.apimgt.core.models.Label)6 ErrorDTO (org.wso2.carbon.apimgt.rest.api.authenticator.dto.ErrorDTO)6