use of org.wso2.carbon.messaging.Header in project carbon-apimgt by wso2.
the class EndpointsApiServiceImpl method endpointsEndpointIdGatewayConfigGet.
@Override
public Response endpointsEndpointIdGatewayConfigGet(String endpointId, String accept, Request request) throws NotFoundException {
try {
APIMgtAdminService apiMgtAdminService = APIManagerFactory.getInstance().getAPIMgtAdminService();
String endpointGatewayConfig = apiMgtAdminService.getEndpointGatewayConfig(endpointId);
if (endpointGatewayConfig != null) {
return Response.ok().entity(endpointGatewayConfig).build();
} else {
String msg = "Endpoint is not found with apiId : " + endpointId;
ErrorDTO errorDTO = RestApiUtil.getErrorDTO(msg, 900314L, msg);
log.error(msg);
return Response.status(Response.Status.NOT_FOUND).header(HttpHeaders.CONTENT_TYPE, MediaType.APPLICATION_JSON).entity(errorDTO).build();
}
} catch (APIManagementException e) {
String errorMessage = "Error while retrieving gateway config of Endpoint : " + endpointId;
Map<String, String> paramList = new HashMap<>();
paramList.put(APIMgtConstants.ExceptionsConstants.ENDPOINT_ID, endpointId);
ErrorDTO errorDTO = RestApiUtil.getErrorDTO(e.getErrorHandler(), paramList);
log.error(errorMessage, e);
return Response.status(e.getErrorHandler().getHttpStatusCode()).header(HttpHeaders.CONTENT_TYPE, MediaType.APPLICATION_JSON).entity(errorDTO).build();
}
}
use of org.wso2.carbon.messaging.Header in project carbon-apimgt by wso2.
the class ExportApiServiceImpl method exportPoliciesThrottleGet.
/**
* Export throttle policies containing zip.
*
* @param accept Accept header value
* @param request msf4j request object
* @return Response object
* @throws NotFoundException if an error occurred when particular resource does not exits in the system.
*/
@Override
public Response exportPoliciesThrottleGet(String accept, Request request) throws NotFoundException {
String archiveName = "exported-policies";
// files will be written to following directory
String exportedPoliciesDirName = "exported-policies";
// archive will be here at following location tmp directory
String archiveDir = System.getProperty("java.io.tmpdir");
if (log.isDebugEnabled()) {
log.debug("Received export policies GET request ");
}
try {
APIMgtAdminService apiMgtAdminService = APIManagerFactory.getInstance().getAPIMgtAdminService();
PolicyExportManager policyExportManager = new PolicyExportManager(apiMgtAdminService);
// create archive and get the archive location
String zippedFilePath = policyExportManager.createArchiveFromExecutionPlans(exportedPoliciesDirName, archiveDir, archiveName);
APIFileUtils.deleteDirectory(exportedPoliciesDirName);
File exportedApiArchiveFile = new File(zippedFilePath);
Response.ResponseBuilder responseBuilder = Response.status(Response.Status.OK).entity(exportedApiArchiveFile);
responseBuilder.header(HttpHeaders.CONTENT_TYPE, MediaType.APPLICATION_OCTET_STREAM).header("Content-Disposition", "attachment; filename=\"" + exportedApiArchiveFile.getName() + "\"");
Response response = responseBuilder.build();
return response;
} catch (APIManagementException e) {
String errorMessage = "Error while exporting policies";
log.error(errorMessage, e);
org.wso2.carbon.apimgt.rest.api.common.dto.ErrorDTO errorDTO = RestApiUtil.getErrorDTO(e.getErrorHandler());
return Response.status(e.getErrorHandler().getHttpStatusCode()).entity(errorDTO).build();
}
}
use of org.wso2.carbon.messaging.Header in project carbon-apimgt by wso2.
the class GatewaysApiServiceImpl method gatewaysRegisterPost.
/**
* Register gateway
*
* @param body RegistrationDTO
* @param contentType Content-Type header value
* @return Registration summary details
* @throws NotFoundException If failed to register gateway
*/
@Override
public Response gatewaysRegisterPost(RegistrationDTO body, String contentType, Request request) throws NotFoundException {
try {
LabelInfoDTO labelInfoDTO = body.getLabelInfo();
if (labelInfoDTO != null) {
APIMgtAdminService adminService = RestApiUtil.getAPIMgtAdminService();
String overwriteLabels = labelInfoDTO.getOverwriteLabels();
List<Label> labels = MappingUtil.convertToLabels(labelInfoDTO.getLabelList());
adminService.registerGatewayLabels(labels, overwriteLabels);
RegistrationSummary registrationSummary = adminService.getRegistrationSummary();
return Response.ok().entity(MappingUtil.toRegistrationSummaryDTO(registrationSummary)).build();
} else {
String errorMessage = "Label information cannot be null";
APIMgtResourceNotFoundException e = new APIMgtResourceNotFoundException(errorMessage, ExceptionCodes.LABEL_INFORMATION_CANNOT_BE_NULL);
HashMap<String, String> paramList = new HashMap<String, String>();
org.wso2.carbon.apimgt.rest.api.common.dto.ErrorDTO errorDTO = RestApiUtil.getErrorDTO(e.getErrorHandler(), paramList);
log.error(errorMessage, e);
return Response.status(e.getErrorHandler().getHttpStatusCode()).entity(errorDTO).build();
}
} catch (APIManagementException e) {
String errorMessage = "Error while registering the gateway";
HashMap<String, String> paramList = new HashMap<String, String>();
org.wso2.carbon.apimgt.rest.api.common.dto.ErrorDTO errorDTO = RestApiUtil.getErrorDTO(e.getErrorHandler(), paramList);
log.error(errorMessage, e);
return Response.status(e.getErrorHandler().getHttpStatusCode()).entity(errorDTO).build();
}
}
use of org.wso2.carbon.messaging.Header in project carbon-apimgt by wso2.
the class RESTAPISecurityInterceptor method preCall.
/**
* preCall is run before a handler method call is made. If any of the preCalls throw exception or return false then
* no other subsequent preCalls will be called and the request processing will be terminated,
* also no postCall interceptors will be called.
*
* @param request HttpRequest being processed.
* @param response HttpResponder to send response.
* @param serviceMethodInfo Info on handler method that will be called.
* @return true if the request processing can continue, otherwise the hook should send response and return false to
* stop further processing.
* @throws APIMgtSecurityException if error occurs while executing the preCall
*/
@Override
public boolean preCall(Request request, Response response, ServiceMethodInfo serviceMethodInfo) throws APIMgtSecurityException {
ErrorHandler errorHandler = null;
boolean isAuthenticated = false;
// CORS for Environments - Add allowed Origin when User-Agent sent 'Origin' header.
String origin = request.getHeader(RestApiConstants.ORIGIN_HEADER);
String allowedOrigin = EnvironmentUtils.getAllowedOrigin(origin);
if (allowedOrigin != null) {
response.setHeader(RestApiConstants.ACCESS_CONTROL_ALLOW_ORIGIN_HEADER, allowedOrigin).setHeader(RestApiConstants.ACCESS_CONTROL_ALLOW_CREDENTIALS_HEADER, "true");
}
// CORS for Environments - Add allowed Methods and Headers when 'OPTIONS' method is called.
if (request.getHttpMethod().equalsIgnoreCase(APIConstants.HTTP_OPTIONS)) {
try {
String definedHttpMethods = RestApiUtil.getDefinedMethodHeadersInSwaggerContent(request, serviceMethodInfo);
if (definedHttpMethods != null) {
response.setHeader(RestApiConstants.ACCESS_CONTROL_ALLOW_METHODS_HEADER, definedHttpMethods).setHeader(RestApiConstants.ACCESS_CONTROL_ALLOW_HEADERS_HEADER, RestApiConstants.ACCESS_CONTROL_ALLOW_HEADERS_LIST).setStatus(javax.ws.rs.core.Response.Status.OK.getStatusCode()).send();
return false;
}
} catch (APIManagementException e) {
String msg = "Couldn't find declared HTTP methods in swagger.yaml";
ErrorDTO errorDTO = RestApiUtil.getErrorDTO(e.getErrorHandler());
log.error(msg, e);
response.setStatus(javax.ws.rs.core.Response.Status.INTERNAL_SERVER_ERROR.getStatusCode()).setEntity(errorDTO).send();
return false;
}
}
/* TODO: Following string contains check is done to avoid checking security headers in non API requests.
* Consider this as a temporary fix until MSF4J support context based interceptor registration */
String requestURI = request.getUri().toLowerCase(Locale.ENGLISH);
if (!requestURI.contains("/api/am/")) {
return true;
}
if (requestURI.contains("/login/token")) {
return true;
}
String yamlContent = null;
String protocol = (String) request.getProperty(PROTOCOL);
Swagger swagger = null;
if (requestURI.contains("/api/am/publisher")) {
if (requestURI.contains("swagger.yaml")) {
try {
yamlContent = RestApiUtil.getPublisherRestAPIResource();
response.setStatus(javax.ws.rs.core.Response.Status.OK.getStatusCode()).setEntity(yamlContent).setMediaType("text/x-yaml").send();
} catch (APIManagementException e) {
String msg = "Couldn't find swagger.yaml for publisher";
ErrorDTO errorDTO = RestApiUtil.getErrorDTO(e.getErrorHandler());
log.error(msg, e);
response.setStatus(javax.ws.rs.core.Response.Status.INTERNAL_SERVER_ERROR.getStatusCode()).setEntity(errorDTO).send();
}
return false;
}
} else if (requestURI.contains("/api/am/store")) {
if (requestURI.contains("swagger.json")) {
try {
yamlContent = RestApiUtil.getStoreRestAPIResource();
swagger = new SwaggerParser().parse(yamlContent);
swagger.setBasePath(RestApiUtil.getContext(RestApiConstants.APPType.STORE));
swagger.setHost(RestApiUtil.getHost(protocol.toLowerCase(Locale.ENGLISH)));
response.setStatus(javax.ws.rs.core.Response.Status.OK.getStatusCode()).setEntity(Json.pretty(swagger)).setMediaType(MediaType.APPLICATION_JSON).send();
} catch (APIManagementException e) {
String msg = "Couldn't find swagger.json for store";
ErrorDTO errorDTO = RestApiUtil.getErrorDTO(e.getErrorHandler());
log.error(msg, e);
response.setStatus(javax.ws.rs.core.Response.Status.INTERNAL_SERVER_ERROR.getStatusCode()).setEntity(errorDTO).send();
}
return false;
} else if (requestURI.contains("swagger.yaml")) {
try {
yamlContent = RestApiUtil.getStoreRestAPIResource();
response.setStatus(javax.ws.rs.core.Response.Status.OK.getStatusCode()).setEntity(yamlContent).setMediaType("text/x-yaml").send();
} catch (APIManagementException e) {
String msg = "Couldn't find swagger.yaml for store";
ErrorDTO errorDTO = RestApiUtil.getErrorDTO(e.getErrorHandler());
log.error(msg, e);
response.setStatus(javax.ws.rs.core.Response.Status.INTERNAL_SERVER_ERROR.getStatusCode()).setEntity(errorDTO).send();
}
return false;
}
} else if (requestURI.contains("/api/am/analytics")) {
if (requestURI.contains("swagger.json")) {
try {
yamlContent = RestApiUtil.getAnalyticsRestAPIResource();
swagger = new SwaggerParser().parse(yamlContent);
swagger.setBasePath(RestApiUtil.getContext(RestApiConstants.APPType.ANALYTICS));
swagger.setHost(RestApiUtil.getHost(protocol.toLowerCase(Locale.ENGLISH)));
} catch (APIManagementException e) {
log.error("Couldn't find swagger.json for analytics", e);
}
response.setStatus(javax.ws.rs.core.Response.Status.OK.getStatusCode()).setEntity(Json.pretty(swagger)).setMediaType(MediaType.APPLICATION_JSON).send();
return false;
}
} else if (requestURI.contains("/editor") || requestURI.contains("keyserver") || requestURI.contains("core") || requestURI.contains("/api/am/config")) {
return true;
} else if (requestURI.contains("/api/am/admin")) {
if (requestURI.contains("swagger.json")) {
try {
yamlContent = RestApiUtil.getAdminRestAPIResource();
swagger = new SwaggerParser().parse(yamlContent);
swagger.setBasePath(RestApiUtil.getContext(RestApiConstants.APPType.ADMIN));
swagger.setHost(RestApiUtil.getHost(protocol.toLowerCase(Locale.ENGLISH)));
response.setStatus(javax.ws.rs.core.Response.Status.OK.getStatusCode()).setEntity(Json.pretty(swagger)).setMediaType(MediaType.APPLICATION_JSON).send();
} catch (APIManagementException e) {
String msg = "Couldn't find swagger.yaml for admin";
ErrorDTO errorDTO = RestApiUtil.getErrorDTO(e.getErrorHandler());
log.error(msg, e);
response.setStatus(javax.ws.rs.core.Response.Status.INTERNAL_SERVER_ERROR.getStatusCode()).setEntity(errorDTO).send();
}
return false;
} else if (requestURI.contains("swagger.yaml")) {
try {
yamlContent = RestApiUtil.getAdminRestAPIResource();
response.setStatus(javax.ws.rs.core.Response.Status.OK.getStatusCode()).setEntity(yamlContent).setMediaType("text/x-yaml").send();
} catch (APIManagementException e) {
String msg = "Couldn't find swagger.yaml for admin";
ErrorDTO errorDTO = RestApiUtil.getErrorDTO(e.getErrorHandler());
log.error(msg, e);
response.setStatus(javax.ws.rs.core.Response.Status.INTERNAL_SERVER_ERROR.getStatusCode()).setEntity(errorDTO).send();
}
return false;
}
}
try {
if (authenticatorImplClass == null) {
Class<?> implClass = null;
try {
implClass = Class.forName(authenticatorName);
} catch (ClassNotFoundException e) {
throw new APIMgtSecurityException("Error while loading class " + authenticatorName, e);
}
authenticatorImplClass = (RESTAPIAuthenticator) implClass.newInstance();
}
isAuthenticated = authenticatorImplClass.authenticate(request, response, serviceMethodInfo);
} catch (APIMgtSecurityException e) {
errorHandler = e.getErrorHandler();
log.error(e.getMessage() + " Requested Path: " + request.getUri());
} catch (InstantiationException e) {
log.error(e.getMessage() + " Error while instantiating authenticator: " + authenticatorName);
isAuthenticated = false;
errorHandler = ExceptionCodes.AUTH_GENERAL_ERROR;
} catch (IllegalAccessException e) {
log.error(e.getMessage() + " Error while accessing resource : " + authenticatorName);
isAuthenticated = false;
errorHandler = ExceptionCodes.AUTH_GENERAL_ERROR;
}
if (!isAuthenticated) {
handleSecurityError(errorHandler, response);
}
return isAuthenticated;
}
use of org.wso2.carbon.messaging.Header in project carbon-apimgt by wso2.
the class OAuth2Authenticator method authenticate.
/*
* This method performs authentication and authorization
* @param Request
* @param Response
* @param ServiceMethodInfo
* throws Exception
* */
@Override
public boolean authenticate(Request request, Response responder, ServiceMethodInfo serviceMethodInfo) throws APIMgtSecurityException {
ErrorHandler errorHandler = null;
boolean isTokenValid = false;
HttpHeaders headers = request.getHeaders();
boolean isCookieHeaderPresent = false;
boolean isAuthorizationHeaderPresent = false;
if (request.getHeader(RestApiConstants.COOKIE_HEADER) != null) {
isCookieHeaderPresent = true;
}
if (request.getHeader(RestApiConstants.AUTHORIZATION_HTTP_HEADER) != null) {
isAuthorizationHeaderPresent = true;
}
if (headers != null && isCookieHeaderPresent && isCookieExists(request, APIConstants.AccessTokenConstants.AM_TOKEN_MSF4J)) {
String accessToken = null;
String cookies = request.getHeader(RestApiConstants.COOKIE_HEADER);
String partialTokenFromCookie = extractPartialAccessTokenFromCookie(cookies);
if (partialTokenFromCookie != null && isAuthorizationHeaderPresent) {
String authHeader = request.getHeader(RestApiConstants.AUTHORIZATION_HTTP_HEADER);
String partialTokenFromHeader = extractAccessToken(authHeader);
accessToken = (partialTokenFromHeader != null) ? partialTokenFromHeader + partialTokenFromCookie : partialTokenFromCookie;
}
isTokenValid = validateTokenAndScopes(request, serviceMethodInfo, accessToken);
request.setProperty(LOGGED_IN_USER, getEndUserName(accessToken));
} else if (headers != null && isAuthorizationHeaderPresent) {
String authHeader = request.getHeader(RestApiConstants.AUTHORIZATION_HTTP_HEADER);
String accessToken = extractAccessToken(authHeader);
if (accessToken != null) {
isTokenValid = validateTokenAndScopes(request, serviceMethodInfo, accessToken);
request.setProperty(LOGGED_IN_USER, getEndUserName(accessToken));
}
} else {
throw new APIMgtSecurityException("Missing Authorization header in the request.`", ExceptionCodes.MALFORMED_AUTHORIZATION_HEADER_OAUTH);
}
return isTokenValid;
}
Aggregations