Search in sources :

Example 6 with OAuthConsumerAppDTO

use of org.wso2.carbon.identity.oauth.dto.OAuthConsumerAppDTO in project carbon-apimgt by wso2.

the class SessionDataPublisherImpl method publishSessionTermination.

/**
 * Overridden method which implements the access token revocation
 * @param request termination request
 * @param context termination context
 * @param sessionContext termination sessionContext
 * @param params termination params
 */
@Override
public void publishSessionTermination(HttpServletRequest request, AuthenticationContext context, SessionContext sessionContext, Map<String, Object> params) {
    OAuthConsumerAppDTO[] appDTOs = new OAuthConsumerAppDTO[0];
    List<OAuthConsumerAppDTO> revokeAppList = new ArrayList<>();
    AuthenticatedUser authenticatedUser = (AuthenticatedUser) params.get(user);
    String username = authenticatedUser.getUserName();
    String tenantDomain = authenticatedUser.getTenantDomain();
    String userStoreDomain = authenticatedUser.getUserStoreDomain();
    AuthenticatedUser federatedUser;
    SystemApplicationDTO[] systemApplicationDTOS = new SystemApplicationDTO[0];
    if (authenticatedUser.isFederatedUser()) {
        try {
            federatedUser = buildAuthenticatedUser(authenticatedUser);
            authenticatedUser = federatedUser;
        } catch (IdentityOAuth2Exception e) {
            log.error("Error thrown while building authenticated user in logout flow for user " + authenticatedUser.getUserName(), e);
        }
    }
    SystemApplicationDAO systemApplicationDAO = new SystemApplicationDAO();
    try {
        systemApplicationDTOS = systemApplicationDAO.getApplications(tenantDomain);
        if (systemApplicationDTOS.length < 0) {
            if (log.isDebugEnabled()) {
                log.debug("The tenant: " + tenantDomain + " doesn't have any system apps");
            }
        }
    } catch (APIMgtDAOException e) {
        log.error("Error thrown while retrieving system applications for the tenant domain " + tenantDomain, e);
    }
    try {
        appDTOs = getAppsAuthorizedByUser(authenticatedUser);
        if (appDTOs.length > 0) {
            if (log.isDebugEnabled()) {
                log.debug("The user: " + authenticatedUser.getUserName() + " has " + appDTOs.length + " OAuth apps");
            }
        }
    } catch (IdentityOAuthAdminException e) {
        log.error("Error while retrieving applications authorized for the user " + authenticatedUser.getUserName(), e);
    }
    for (OAuthConsumerAppDTO appDTO : appDTOs) {
        for (SystemApplicationDTO systemApplicationDTO : systemApplicationDTOS) {
            if (StringUtils.equalsIgnoreCase(appDTO.getOauthConsumerKey(), systemApplicationDTO.getConsumerKey())) {
                revokeAppList.add(appDTO);
            }
        }
    }
    for (OAuthConsumerAppDTO appDTO : revokeAppList) {
        Set<AccessTokenDO> accessTokenDOs = null;
        try {
            // Retrieve all ACTIVE or EXPIRED access tokens for particular client authorized by this user
            accessTokenDOs = OAuthTokenPersistenceFactory.getInstance().getAccessTokenDAO().getAccessTokens(appDTO.getOauthConsumerKey(), authenticatedUser, authenticatedUser.getUserStoreDomain(), true);
        } catch (IdentityOAuth2Exception e) {
            log.error("Error while retrieving access tokens for the application " + appDTO.getApplicationName() + "and the for user " + authenticatedUser.getUserName(), e);
        }
        AuthenticatedUser authzUser;
        if (accessTokenDOs != null) {
            for (AccessTokenDO accessTokenDO : accessTokenDOs) {
                // Clear cache with AccessTokenDO
                authzUser = accessTokenDO.getAuthzUser();
                OAuthUtil.clearOAuthCache(accessTokenDO.getConsumerKey(), authzUser, OAuth2Util.buildScopeString(accessTokenDO.getScope()), "NONE");
                OAuthUtil.clearOAuthCache(accessTokenDO.getConsumerKey(), authzUser, OAuth2Util.buildScopeString(accessTokenDO.getScope()));
                OAuthUtil.clearOAuthCache(accessTokenDO.getConsumerKey(), authzUser);
                OAuthUtil.clearOAuthCache(accessTokenDO.getAccessToken());
                Cache restApiTokenCache = CacheProvider.getRESTAPITokenCache();
                if (restApiTokenCache != null) {
                    restApiTokenCache.remove(accessTokenDO.getAccessToken());
                }
                AccessTokenDO scopedToken = null;
                try {
                    // Retrieve latest access token for particular client, user and scope combination if
                    // its ACTIVE or EXPIRED.
                    scopedToken = OAuthTokenPersistenceFactory.getInstance().getAccessTokenDAO().getLatestAccessToken(appDTO.getOauthConsumerKey(), authenticatedUser, userStoreDomain, OAuth2Util.buildScopeString(accessTokenDO.getScope()), true);
                } catch (IdentityOAuth2Exception e) {
                    log.error("Error while retrieving scoped access tokens for the application " + appDTO.getApplicationName() + "and the for user " + authenticatedUser.getUserName(), e);
                }
                if (scopedToken != null) {
                    // Revoking token from database
                    try {
                        OAuthTokenPersistenceFactory.getInstance().getAccessTokenDAO().revokeAccessTokens(new String[] { scopedToken.getAccessToken() });
                    } catch (IdentityOAuth2Exception e) {
                        log.error("Error while revoking access tokens related for the application " + appDTO.getApplicationName() + "and the for user " + authenticatedUser.getUserName(), e);
                    }
                    // Revoking the oauth consent from database.
                    try {
                        OAuthTokenPersistenceFactory.getInstance().getTokenManagementDAO().revokeOAuthConsentByApplicationAndUser(authzUser.getAuthenticatedSubjectIdentifier(), tenantDomain, username);
                    } catch (IdentityOAuth2Exception e) {
                        log.error("Error while revoking access tokens related for the application " + appDTO.getApplicationName() + "and the for user " + authenticatedUser.getUserName(), e);
                    }
                }
            }
        }
    }
}
Also used : IdentityOAuthAdminException(org.wso2.carbon.identity.oauth.IdentityOAuthAdminException) APIMgtDAOException(org.wso2.carbon.apimgt.api.APIMgtDAOException) OAuthConsumerAppDTO(org.wso2.carbon.identity.oauth.dto.OAuthConsumerAppDTO) AuthenticatedUser(org.wso2.carbon.identity.application.authentication.framework.model.AuthenticatedUser) AccessTokenDO(org.wso2.carbon.identity.oauth2.model.AccessTokenDO) IdentityOAuth2Exception(org.wso2.carbon.identity.oauth2.IdentityOAuth2Exception) SystemApplicationDTO(org.wso2.carbon.apimgt.impl.dto.SystemApplicationDTO) SystemApplicationDAO(org.wso2.carbon.apimgt.impl.dao.SystemApplicationDAO) Cache(javax.cache.Cache)

Example 7 with OAuthConsumerAppDTO

use of org.wso2.carbon.identity.oauth.dto.OAuthConsumerAppDTO in project carbon-apimgt by wso2.

the class SessionDataPublisherImpl method getAppsAuthorizedByUser.

/**
 * Method to retrieve applications authorized for user
 * @param authenticatedUser authenticated user info
 * @return array of authorized applications
 * @throws IdentityOAuthAdminException exception
 */
private OAuthConsumerAppDTO[] getAppsAuthorizedByUser(AuthenticatedUser authenticatedUser) throws IdentityOAuthAdminException {
    OAuthAppDAO appDAO = new OAuthAppDAO();
    String tenantAwareusername = authenticatedUser.getUserName();
    String tenantDomain = authenticatedUser.getTenantDomain();
    String username = UserCoreUtil.addTenantDomainToEntry(tenantAwareusername, tenantDomain);
    String userStoreDomain = authenticatedUser.getUserStoreDomain();
    Set<String> clientIds;
    SystemApplicationDTO[] systemApplicationDTOS;
    SystemApplicationDAO systemApplicationDAO = new SystemApplicationDAO();
    Set<String> systemAppClientIds = new HashSet<>();
    try {
        systemApplicationDTOS = systemApplicationDAO.getApplications(tenantDomain);
        if (systemApplicationDTOS.length < 0) {
            if (log.isDebugEnabled()) {
                log.debug("The tenant: " + tenantDomain + " doesn't have any system apps");
            }
        } else {
            for (SystemApplicationDTO applicationDTO : systemApplicationDTOS) {
                try {
                    if (ApplicationMgtUtil.isUserAuthorized(applicationDTO.getName(), tenantAwareusername)) {
                        systemAppClientIds.add(applicationDTO.getConsumerKey());
                    }
                } catch (IdentityApplicationManagementException e) {
                    log.error("Error occurred while checking the authorization of the application " + applicationDTO.getName(), e);
                }
            }
        }
    } catch (APIMgtDAOException e) {
        log.error("Error thrown while retrieving system applications for the tenant domain " + tenantDomain, e);
    }
    clientIds = systemAppClientIds;
    Set<OAuthConsumerAppDTO> appDTOs = new HashSet<>();
    for (String clientId : clientIds) {
        Set<AccessTokenDO> accessTokenDOs;
        try {
            accessTokenDOs = OAuthTokenPersistenceFactory.getInstance().getAccessTokenDAO().getAccessTokens(clientId, authenticatedUser, userStoreDomain, true);
        } catch (IdentityOAuth2Exception e) {
            throw handleError("Error occurred while retrieving access tokens issued for " + "Client ID : " + clientId + ", User ID : " + username, e);
        }
        if (!accessTokenDOs.isEmpty()) {
            Set<String> distinctClientUserScopeCombo = new HashSet<>();
            for (AccessTokenDO accessTokenDO : accessTokenDOs) {
                AccessTokenDO scopedToken;
                String scopeString = OAuth2Util.buildScopeString(accessTokenDO.getScope());
                try {
                    scopedToken = OAuthTokenPersistenceFactory.getInstance().getAccessTokenDAO().getLatestAccessToken(clientId, authenticatedUser, userStoreDomain, scopeString, true);
                    if (scopedToken != null && !distinctClientUserScopeCombo.contains(clientId + ":" + username)) {
                        OAuthAppDO appDO;
                        try {
                            appDO = appDAO.getAppInformation(scopedToken.getConsumerKey());
                            appDTOs.add(buildConsumerAppDTO(appDO));
                            if (log.isDebugEnabled()) {
                                log.debug("Found App: " + appDO.getApplicationName() + " for user: " + username);
                            }
                        } catch (InvalidOAuthClientException e) {
                            String errorMsg = "Invalid Client ID : " + scopedToken.getConsumerKey();
                            log.error(errorMsg, e);
                            throw new IdentityOAuthAdminException(errorMsg);
                        } catch (IdentityOAuth2Exception e) {
                            String errorMsg = "Error occurred while retrieving app information " + "for Client ID : " + scopedToken.getConsumerKey();
                            log.error(errorMsg, e);
                            throw new IdentityOAuthAdminException(errorMsg);
                        }
                        distinctClientUserScopeCombo.add(clientId + ":" + username);
                    }
                } catch (IdentityOAuth2Exception e) {
                    String errorMsg = "Error occurred while retrieving latest access token issued for Client ID :" + " " + clientId + ", User ID : " + username + " and Scope : " + scopeString;
                    throw handleError(errorMsg, e);
                }
            }
        }
    }
    return appDTOs.toArray(new OAuthConsumerAppDTO[0]);
}
Also used : IdentityOAuthAdminException(org.wso2.carbon.identity.oauth.IdentityOAuthAdminException) APIMgtDAOException(org.wso2.carbon.apimgt.api.APIMgtDAOException) IdentityApplicationManagementException(org.wso2.carbon.identity.application.common.IdentityApplicationManagementException) OAuthConsumerAppDTO(org.wso2.carbon.identity.oauth.dto.OAuthConsumerAppDTO) AccessTokenDO(org.wso2.carbon.identity.oauth2.model.AccessTokenDO) OAuthAppDAO(org.wso2.carbon.identity.oauth.dao.OAuthAppDAO) OAuthAppDO(org.wso2.carbon.identity.oauth.dao.OAuthAppDO) IdentityOAuth2Exception(org.wso2.carbon.identity.oauth2.IdentityOAuth2Exception) SystemApplicationDTO(org.wso2.carbon.apimgt.impl.dto.SystemApplicationDTO) SystemApplicationDAO(org.wso2.carbon.apimgt.impl.dao.SystemApplicationDAO) InvalidOAuthClientException(org.wso2.carbon.identity.oauth.common.exception.InvalidOAuthClientException)

Example 8 with OAuthConsumerAppDTO

use of org.wso2.carbon.identity.oauth.dto.OAuthConsumerAppDTO in project core-util by WSO2Telco.

the class OAuthApplicationData method getApplicationData.

public OAuthConsumerAppDTO getApplicationData(String appId) throws PCRException {
    OAuthConsumerAppDTO apps = null;
    OAuthAdminServiceStub oAuthAdminServiceStub;
    try {
        if (DEBUG)
            log.debug("initializing the o Auth Admin Service stub");
        Object stub = this.stubs.borrowObject();
        if (stub != null) {
            oAuthAdminServiceStub = (OAuthAdminServiceStub) stub;
            if (cookie != null) {
                oAuthAdminServiceStub._getServiceClient().getOptions().setProperty(HTTPConstants.COOKIE_STRING, cookie);
            }
            apps = oAuthAdminServiceStub.getOAuthApplicationData(appId);
            // apps = oAuthAdminServiceStub.getAllOAuthApplicationData();
            ServiceContext serviceContext = oAuthAdminServiceStub._getServiceClient().getLastOperationContext().getServiceContext();
            cookie = (String) serviceContext.getProperty(HTTPConstants.COOKIE_STRING);
        } else {
            log.warn("Stub initialization failed.");
        }
    } catch (Exception e) {
        log.error("error initializing the stub", e);
        throw new PCRException("error initializing the stub");
    }
    return apps;
}
Also used : OAuthAdminServiceStub(org.wso2.carbon.identity.oauth.stub.OAuthAdminServiceStub) ServiceContext(org.apache.axis2.context.ServiceContext) PCRException(com.wso2telco.core.pcrservice.exception.PCRException) OAuthConsumerAppDTO(org.wso2.carbon.identity.oauth.stub.dto.OAuthConsumerAppDTO) PCRException(com.wso2telco.core.pcrservice.exception.PCRException)

Example 9 with OAuthConsumerAppDTO

use of org.wso2.carbon.identity.oauth.dto.OAuthConsumerAppDTO in project airavata by apache.

the class OAuthAppRegisteringClient method registerApplication.

public OAuthConsumerAppDTO registerApplication(String appName, String consumerId, String consumerSecret) throws AiravataSecurityException {
    try {
        OAuthConsumerAppDTO consumerAppDTO = new OAuthConsumerAppDTO();
        consumerAppDTO.setApplicationName(appName);
        // consumer key and secret is set by the application.
        consumerAppDTO.setOauthConsumerKey(consumerId);
        consumerAppDTO.setOauthConsumerSecret(consumerSecret);
        // consumerAppDTO.setUsername(adminUserName);
        // initialize trust store for SSL handshake
        TrustStoreManager trustStoreManager = new TrustStoreManager();
        trustStoreManager.initializeTrustStoreManager(Properties.TRUST_STORE_PATH, Properties.TRUST_STORE_PASSWORD);
        stub.registerOAuthApplicationData(consumerAppDTO);
        // After registration application is retrieve
        return stub.getOAuthApplicationDataByAppName(appName);
    } catch (AxisFault axisFault) {
        axisFault.printStackTrace();
        throw new AiravataSecurityException("Error in registering the OAuth application.");
    } catch (RemoteException e) {
        e.printStackTrace();
        throw new AiravataSecurityException("Error in registering the OAuth application.");
    } catch (OAuthAdminServiceException e) {
        e.printStackTrace();
        throw new AiravataSecurityException("Error in registering the OAuth application.");
    }
}
Also used : AxisFault(org.apache.axis2.AxisFault) OAuthAdminServiceException(org.wso2.carbon.identity.oauth.stub.OAuthAdminServiceException) OAuthConsumerAppDTO(org.wso2.carbon.identity.oauth.stub.dto.OAuthConsumerAppDTO) TrustStoreManager(org.apache.airavata.security.util.TrustStoreManager) RemoteException(java.rmi.RemoteException) AiravataSecurityException(org.apache.airavata.security.AiravataSecurityException)

Example 10 with OAuthConsumerAppDTO

use of org.wso2.carbon.identity.oauth.dto.OAuthConsumerAppDTO in project carbon-apimgt by wso2.

the class RegistrationServiceImpl method createOAuthApp.

/**
 * Method to create a OAuth App with client credentials
 *
 * @param appName    application name
 * @param grantTypes grant types
 * @param userName   username of the application
 * @return created Oauth App
 */
private OAuthConsumerAppDTO createOAuthApp(String appName, OAuthApplicationInfo applicationInfo, String grantTypes, String userName) {
    OAuthConsumerAppDTO createdApp = null;
    OAuthAdminService oauthAdminService = new OAuthAdminService();
    OAuthConsumerAppDTO oauthConsumerAppDTO = new OAuthConsumerAppDTO();
    oauthConsumerAppDTO.setApplicationName(appName);
    if (StringUtils.isNotBlank(applicationInfo.getCallBackURL())) {
        oauthConsumerAppDTO.setCallbackUrl(applicationInfo.getCallBackURL());
    }
    oauthConsumerAppDTO.setUsername(userName);
    oauthConsumerAppDTO.setOAuthVersion(OAuthConstants.OAuthVersions.VERSION_2);
    oauthConsumerAppDTO.setGrantTypes(grantTypes.trim());
    try {
        boolean isHashDisabled = OAuth2Util.isHashDisabled();
        if (isHashDisabled) {
            // Creating the Oauth app
            oauthAdminService.registerOAuthApplicationData(oauthConsumerAppDTO);
            // Retrieving the created OAuth application
            createdApp = oauthAdminService.getOAuthApplicationDataByAppName(oauthConsumerAppDTO.getApplicationName());
        } else {
            createdApp = oauthAdminService.registerAndRetrieveOAuthApplicationData(oauthConsumerAppDTO);
        }
    } catch (IdentityOAuthAdminException e) {
        log.error("Error occurred while creating the OAuth app", e);
    }
    if (log.isDebugEnabled()) {
        log.debug("Created OAuth App " + appName);
    }
    return createdApp;
}
Also used : IdentityOAuthAdminException(org.wso2.carbon.identity.oauth.IdentityOAuthAdminException) OAuthAdminService(org.wso2.carbon.identity.oauth.OAuthAdminService) OAuthConsumerAppDTO(org.wso2.carbon.identity.oauth.dto.OAuthConsumerAppDTO)

Aggregations

OAuthConsumerAppDTO (org.wso2.carbon.identity.oauth.dto.OAuthConsumerAppDTO)6 OAuthConsumerAppDTO (org.wso2.carbon.identity.oauth.stub.dto.OAuthConsumerAppDTO)5 IdentityOAuthAdminException (org.wso2.carbon.identity.oauth.IdentityOAuthAdminException)4 HashMap (java.util.HashMap)3 PCRException (com.wso2telco.core.pcrservice.exception.PCRException)2 AiravataSecurityException (org.apache.airavata.security.AiravataSecurityException)2 APIMgtDAOException (org.wso2.carbon.apimgt.api.APIMgtDAOException)2 OAuthApplicationInfo (org.wso2.carbon.apimgt.api.model.OAuthApplicationInfo)2 SystemApplicationDAO (org.wso2.carbon.apimgt.impl.dao.SystemApplicationDAO)2 SystemApplicationDTO (org.wso2.carbon.apimgt.impl.dto.SystemApplicationDTO)2 IdentityApplicationManagementException (org.wso2.carbon.identity.application.common.IdentityApplicationManagementException)2 OAuthAdminService (org.wso2.carbon.identity.oauth.OAuthAdminService)2 IdentityOAuth2Exception (org.wso2.carbon.identity.oauth2.IdentityOAuth2Exception)2 AccessTokenDO (org.wso2.carbon.identity.oauth2.model.AccessTokenDO)2 KeyValueBasedPcrDAOImpl (com.wso2telco.core.pcrservice.dao.impl.KeyValueBasedPcrDAOImpl)1 RemoteException (java.rmi.RemoteException)1 List (java.util.List)1 Scanner (java.util.Scanner)1 Cache (javax.cache.Cache)1 Airavata (org.apache.airavata.api.Airavata)1