Example 86 with Header
use of org.wso2.carbon.messaging.Header in project carbon-apimgt by wso2.
the class EndpointsApiServiceImpl method endpointsEndpointIdGatewayConfigGet.
@Override
public Response endpointsEndpointIdGatewayConfigGet(String endpointId, String accept, Request request) throws NotFoundException {
try {
APIMgtAdminService apiMgtAdminService = APIManagerFactory.getInstance().getAPIMgtAdminService();
String endpointGatewayConfig = apiMgtAdminService.getEndpointGatewayConfig(endpointId);
if (endpointGatewayConfig != null) {
return Response.ok().entity(endpointGatewayConfig).build();
} else {
String msg = "Endpoint is not found with apiId : " + endpointId;
ErrorDTO errorDTO = RestApiUtil.getErrorDTO(msg, 900314L, msg);
log.error(msg);
return Response.status(Response.Status.NOT_FOUND).header(HttpHeaders.CONTENT_TYPE, MediaType.APPLICATION_JSON).entity(errorDTO).build();
}
} catch (APIManagementException e) {
String errorMessage = "Error while retrieving gateway config of Endpoint : " + endpointId;
Map<String, String> paramList = new HashMap<>();
paramList.put(APIMgtConstants.ExceptionsConstants.ENDPOINT_ID, endpointId);
ErrorDTO errorDTO = RestApiUtil.getErrorDTO(e.getErrorHandler(), paramList);
log.error(errorMessage, e);
return Response.status(e.getErrorHandler().getHttpStatusCode()).header(HttpHeaders.CONTENT_TYPE, MediaType.APPLICATION_JSON).entity(errorDTO).build();
}
}
Also used :
APIMgtAdminService(org.wso2.carbon.apimgt.core.api.APIMgtAdminService)
APIManagementException(org.wso2.carbon.apimgt.core.exception.APIManagementException)
ErrorDTO(org.wso2.carbon.apimgt.rest.api.common.dto.ErrorDTO)
HashMap(java.util.HashMap)
Map(java.util.Map)
Example 87 with Header
use of org.wso2.carbon.messaging.Header in project carbon-apimgt by wso2.
the class ExportApiServiceImpl method exportPoliciesThrottleGet.
/**
* Export throttle policies containing zip.
*
* @param accept Accept header value
* @param request msf4j request object
* @return Response object
* @throws NotFoundException if an error occurred when particular resource does not exits in the system.
*/
@Override
public Response exportPoliciesThrottleGet(String accept, Request request) throws NotFoundException {
String archiveName = "exported-policies";
// files will be written to following directory
String exportedPoliciesDirName = "exported-policies";
// archive will be here at following location tmp directory
String archiveDir = System.getProperty("java.io.tmpdir");
if (log.isDebugEnabled()) {
log.debug("Received export policies GET request ");
}
try {
APIMgtAdminService apiMgtAdminService = APIManagerFactory.getInstance().getAPIMgtAdminService();
PolicyExportManager policyExportManager = new PolicyExportManager(apiMgtAdminService);
// create archive and get the archive location
String zippedFilePath = policyExportManager.createArchiveFromExecutionPlans(exportedPoliciesDirName, archiveDir, archiveName);
APIFileUtils.deleteDirectory(exportedPoliciesDirName);
File exportedApiArchiveFile = new File(zippedFilePath);
Response.ResponseBuilder responseBuilder = Response.status(Response.Status.OK).entity(exportedApiArchiveFile);
responseBuilder.header(HttpHeaders.CONTENT_TYPE, MediaType.APPLICATION_OCTET_STREAM).header("Content-Disposition", "attachment; filename=\"" + exportedApiArchiveFile.getName() + "\"");
Response response = responseBuilder.build();
return response;
} catch (APIManagementException e) {
String errorMessage = "Error while exporting policies";
log.error(errorMessage, e);
org.wso2.carbon.apimgt.rest.api.common.dto.ErrorDTO errorDTO = RestApiUtil.getErrorDTO(e.getErrorHandler());
return Response.status(e.getErrorHandler().getHttpStatusCode()).entity(errorDTO).build();
}
}
Also used :
Response(javax.ws.rs.core.Response)
APIMgtAdminService(org.wso2.carbon.apimgt.core.api.APIMgtAdminService)
APIManagementException(org.wso2.carbon.apimgt.core.exception.APIManagementException)
PolicyExportManager(org.wso2.carbon.apimgt.rest.api.core.utils.PolicyExportManager)
File(java.io.File)
Example 88 with Header
use of org.wso2.carbon.messaging.Header in project carbon-apimgt by wso2.
the class GatewaysApiServiceImpl method gatewaysRegisterPost.
/**
* Register gateway
*
* @param body RegistrationDTO
* @param contentType Content-Type header value
* @return Registration summary details
* @throws NotFoundException If failed to register gateway
*/
@Override
public Response gatewaysRegisterPost(RegistrationDTO body, String contentType, Request request) throws NotFoundException {
try {
LabelInfoDTO labelInfoDTO = body.getLabelInfo();
if (labelInfoDTO != null) {
APIMgtAdminService adminService = RestApiUtil.getAPIMgtAdminService();
String overwriteLabels = labelInfoDTO.getOverwriteLabels();
List<Label> labels = MappingUtil.convertToLabels(labelInfoDTO.getLabelList());
adminService.registerGatewayLabels(labels, overwriteLabels);
RegistrationSummary registrationSummary = adminService.getRegistrationSummary();
return Response.ok().entity(MappingUtil.toRegistrationSummaryDTO(registrationSummary)).build();
} else {
String errorMessage = "Label information cannot be null";
APIMgtResourceNotFoundException e = new APIMgtResourceNotFoundException(errorMessage, ExceptionCodes.LABEL_INFORMATION_CANNOT_BE_NULL);
HashMap<String, String> paramList = new HashMap<String, String>();
org.wso2.carbon.apimgt.rest.api.common.dto.ErrorDTO errorDTO = RestApiUtil.getErrorDTO(e.getErrorHandler(), paramList);
log.error(errorMessage, e);
return Response.status(e.getErrorHandler().getHttpStatusCode()).entity(errorDTO).build();
}
} catch (APIManagementException e) {
String errorMessage = "Error while registering the gateway";
HashMap<String, String> paramList = new HashMap<String, String>();
org.wso2.carbon.apimgt.rest.api.common.dto.ErrorDTO errorDTO = RestApiUtil.getErrorDTO(e.getErrorHandler(), paramList);
log.error(errorMessage, e);
return Response.status(e.getErrorHandler().getHttpStatusCode()).entity(errorDTO).build();
}
}
Also used :
HashMap(java.util.HashMap)
Label(org.wso2.carbon.apimgt.core.models.Label)
APIMgtResourceNotFoundException(org.wso2.carbon.apimgt.core.exception.APIMgtResourceNotFoundException)
LabelInfoDTO(org.wso2.carbon.apimgt.rest.api.core.dto.LabelInfoDTO)
APIMgtAdminService(org.wso2.carbon.apimgt.core.api.APIMgtAdminService)
APIManagementException(org.wso2.carbon.apimgt.core.exception.APIManagementException)
RegistrationSummary(org.wso2.carbon.apimgt.core.models.RegistrationSummary)
Example 89 with Header
use of org.wso2.carbon.messaging.Header in project carbon-apimgt by wso2.
the class RESTAPISecurityInterceptor method preCall.
/**
* preCall is run before a handler method call is made. If any of the preCalls throw exception or return false then
* no other subsequent preCalls will be called and the request processing will be terminated,
* also no postCall interceptors will be called.
*
* @param request HttpRequest being processed.
* @param response HttpResponder to send response.
* @param serviceMethodInfo Info on handler method that will be called.
* @return true if the request processing can continue, otherwise the hook should send response and return false to
* stop further processing.
* @throws APIMgtSecurityException if error occurs while executing the preCall
*/
@Override
public boolean preCall(Request request, Response response, ServiceMethodInfo serviceMethodInfo) throws APIMgtSecurityException {
ErrorHandler errorHandler = null;
boolean isAuthenticated = false;
// CORS for Environments - Add allowed Origin when User-Agent sent 'Origin' header.
String origin = request.getHeader(RestApiConstants.ORIGIN_HEADER);
String allowedOrigin = EnvironmentUtils.getAllowedOrigin(origin);
if (allowedOrigin != null) {
response.setHeader(RestApiConstants.ACCESS_CONTROL_ALLOW_ORIGIN_HEADER, allowedOrigin).setHeader(RestApiConstants.ACCESS_CONTROL_ALLOW_CREDENTIALS_HEADER, "true");
}
// CORS for Environments - Add allowed Methods and Headers when 'OPTIONS' method is called.
if (request.getHttpMethod().equalsIgnoreCase(APIConstants.HTTP_OPTIONS)) {
try {
String definedHttpMethods = RestApiUtil.getDefinedMethodHeadersInSwaggerContent(request, serviceMethodInfo);
if (definedHttpMethods != null) {
response.setHeader(RestApiConstants.ACCESS_CONTROL_ALLOW_METHODS_HEADER, definedHttpMethods).setHeader(RestApiConstants.ACCESS_CONTROL_ALLOW_HEADERS_HEADER, RestApiConstants.ACCESS_CONTROL_ALLOW_HEADERS_LIST).setStatus(javax.ws.rs.core.Response.Status.OK.getStatusCode()).send();
return false;
}
} catch (APIManagementException e) {
String msg = "Couldn't find declared HTTP methods in swagger.yaml";
ErrorDTO errorDTO = RestApiUtil.getErrorDTO(e.getErrorHandler());
log.error(msg, e);
response.setStatus(javax.ws.rs.core.Response.Status.INTERNAL_SERVER_ERROR.getStatusCode()).setEntity(errorDTO).send();
return false;
}
}
/* TODO: Following string contains check is done to avoid checking security headers in non API requests.
* Consider this as a temporary fix until MSF4J support context based interceptor registration */
String requestURI = request.getUri().toLowerCase(Locale.ENGLISH);
if (!requestURI.contains("/api/am/")) {
return true;
}
if (requestURI.contains("/login/token")) {
return true;
}
String yamlContent = null;
String protocol = (String) request.getProperty(PROTOCOL);
Swagger swagger = null;
if (requestURI.contains("/api/am/publisher")) {
if (requestURI.contains("swagger.yaml")) {
try {
yamlContent = RestApiUtil.getPublisherRestAPIResource();
response.setStatus(javax.ws.rs.core.Response.Status.OK.getStatusCode()).setEntity(yamlContent).setMediaType("text/x-yaml").send();
} catch (APIManagementException e) {
String msg = "Couldn't find swagger.yaml for publisher";
ErrorDTO errorDTO = RestApiUtil.getErrorDTO(e.getErrorHandler());
log.error(msg, e);
response.setStatus(javax.ws.rs.core.Response.Status.INTERNAL_SERVER_ERROR.getStatusCode()).setEntity(errorDTO).send();
}
return false;
}
} else if (requestURI.contains("/api/am/store")) {
if (requestURI.contains("swagger.json")) {
try {
yamlContent = RestApiUtil.getStoreRestAPIResource();
swagger = new SwaggerParser().parse(yamlContent);
swagger.setBasePath(RestApiUtil.getContext(RestApiConstants.APPType.STORE));
swagger.setHost(RestApiUtil.getHost(protocol.toLowerCase(Locale.ENGLISH)));
response.setStatus(javax.ws.rs.core.Response.Status.OK.getStatusCode()).setEntity(Json.pretty(swagger)).setMediaType(MediaType.APPLICATION_JSON).send();
} catch (APIManagementException e) {
String msg = "Couldn't find swagger.json for store";
ErrorDTO errorDTO = RestApiUtil.getErrorDTO(e.getErrorHandler());
log.error(msg, e);
response.setStatus(javax.ws.rs.core.Response.Status.INTERNAL_SERVER_ERROR.getStatusCode()).setEntity(errorDTO).send();
}
return false;
} else if (requestURI.contains("swagger.yaml")) {
try {
yamlContent = RestApiUtil.getStoreRestAPIResource();
response.setStatus(javax.ws.rs.core.Response.Status.OK.getStatusCode()).setEntity(yamlContent).setMediaType("text/x-yaml").send();
} catch (APIManagementException e) {
String msg = "Couldn't find swagger.yaml for store";
ErrorDTO errorDTO = RestApiUtil.getErrorDTO(e.getErrorHandler());
log.error(msg, e);
response.setStatus(javax.ws.rs.core.Response.Status.INTERNAL_SERVER_ERROR.getStatusCode()).setEntity(errorDTO).send();
}
return false;
}
} else if (requestURI.contains("/api/am/analytics")) {
if (requestURI.contains("swagger.json")) {
try {
yamlContent = RestApiUtil.getAnalyticsRestAPIResource();
swagger = new SwaggerParser().parse(yamlContent);
swagger.setBasePath(RestApiUtil.getContext(RestApiConstants.APPType.ANALYTICS));
swagger.setHost(RestApiUtil.getHost(protocol.toLowerCase(Locale.ENGLISH)));
} catch (APIManagementException e) {
log.error("Couldn't find swagger.json for analytics", e);
}
response.setStatus(javax.ws.rs.core.Response.Status.OK.getStatusCode()).setEntity(Json.pretty(swagger)).setMediaType(MediaType.APPLICATION_JSON).send();
return false;
}
} else if (requestURI.contains("/editor") || requestURI.contains("keyserver") || requestURI.contains("core") || requestURI.contains("/api/am/config")) {
return true;
} else if (requestURI.contains("/api/am/admin")) {
if (requestURI.contains("swagger.json")) {
try {
yamlContent = RestApiUtil.getAdminRestAPIResource();
swagger = new SwaggerParser().parse(yamlContent);
swagger.setBasePath(RestApiUtil.getContext(RestApiConstants.APPType.ADMIN));
swagger.setHost(RestApiUtil.getHost(protocol.toLowerCase(Locale.ENGLISH)));
response.setStatus(javax.ws.rs.core.Response.Status.OK.getStatusCode()).setEntity(Json.pretty(swagger)).setMediaType(MediaType.APPLICATION_JSON).send();
} catch (APIManagementException e) {
String msg = "Couldn't find swagger.yaml for admin";
ErrorDTO errorDTO = RestApiUtil.getErrorDTO(e.getErrorHandler());
log.error(msg, e);
response.setStatus(javax.ws.rs.core.Response.Status.INTERNAL_SERVER_ERROR.getStatusCode()).setEntity(errorDTO).send();
}
return false;
} else if (requestURI.contains("swagger.yaml")) {
try {
yamlContent = RestApiUtil.getAdminRestAPIResource();
response.setStatus(javax.ws.rs.core.Response.Status.OK.getStatusCode()).setEntity(yamlContent).setMediaType("text/x-yaml").send();
} catch (APIManagementException e) {
String msg = "Couldn't find swagger.yaml for admin";
ErrorDTO errorDTO = RestApiUtil.getErrorDTO(e.getErrorHandler());
log.error(msg, e);
response.setStatus(javax.ws.rs.core.Response.Status.INTERNAL_SERVER_ERROR.getStatusCode()).setEntity(errorDTO).send();
}
return false;
}
}
try {
if (authenticatorImplClass == null) {
Class<?> implClass = null;
try {
implClass = Class.forName(authenticatorName);
} catch (ClassNotFoundException e) {
throw new APIMgtSecurityException("Error while loading class " + authenticatorName, e);
}
authenticatorImplClass = (RESTAPIAuthenticator) implClass.newInstance();
}
isAuthenticated = authenticatorImplClass.authenticate(request, response, serviceMethodInfo);
} catch (APIMgtSecurityException e) {
errorHandler = e.getErrorHandler();
log.error(e.getMessage() + " Requested Path: " + request.getUri());
} catch (InstantiationException e) {
log.error(e.getMessage() + " Error while instantiating authenticator: " + authenticatorName);
isAuthenticated = false;
errorHandler = ExceptionCodes.AUTH_GENERAL_ERROR;
} catch (IllegalAccessException e) {
log.error(e.getMessage() + " Error while accessing resource : " + authenticatorName);
isAuthenticated = false;
errorHandler = ExceptionCodes.AUTH_GENERAL_ERROR;
}
if (!isAuthenticated) {
handleSecurityError(errorHandler, response);
}
return isAuthenticated;
}
Also used :
SwaggerParser(io.swagger.parser.SwaggerParser)
ErrorHandler(org.wso2.carbon.apimgt.core.exception.ErrorHandler)
APIManagementException(org.wso2.carbon.apimgt.core.exception.APIManagementException)
APIMgtSecurityException(org.wso2.carbon.apimgt.rest.api.common.exception.APIMgtSecurityException)
ErrorDTO(org.wso2.carbon.apimgt.rest.api.common.dto.ErrorDTO)
Swagger(io.swagger.models.Swagger)
Example 90 with Header
use of org.wso2.carbon.messaging.Header in project carbon-apimgt by wso2.
the class OAuth2Authenticator method authenticate.
/*
* This method performs authentication and authorization
* @param Request
* @param Response
* @param ServiceMethodInfo
* throws Exception
* */
@Override
public boolean authenticate(Request request, Response responder, ServiceMethodInfo serviceMethodInfo) throws APIMgtSecurityException {
ErrorHandler errorHandler = null;
boolean isTokenValid = false;
HttpHeaders headers = request.getHeaders();
boolean isCookieHeaderPresent = false;
boolean isAuthorizationHeaderPresent = false;
if (request.getHeader(RestApiConstants.COOKIE_HEADER) != null) {
isCookieHeaderPresent = true;
}
if (request.getHeader(RestApiConstants.AUTHORIZATION_HTTP_HEADER) != null) {
isAuthorizationHeaderPresent = true;
}
if (headers != null && isCookieHeaderPresent && isCookieExists(request, APIConstants.AccessTokenConstants.AM_TOKEN_MSF4J)) {
String accessToken = null;
String cookies = request.getHeader(RestApiConstants.COOKIE_HEADER);
String partialTokenFromCookie = extractPartialAccessTokenFromCookie(cookies);
if (partialTokenFromCookie != null && isAuthorizationHeaderPresent) {
String authHeader = request.getHeader(RestApiConstants.AUTHORIZATION_HTTP_HEADER);
String partialTokenFromHeader = extractAccessToken(authHeader);
accessToken = (partialTokenFromHeader != null) ? partialTokenFromHeader + partialTokenFromCookie : partialTokenFromCookie;
}
isTokenValid = validateTokenAndScopes(request, serviceMethodInfo, accessToken);
request.setProperty(LOGGED_IN_USER, getEndUserName(accessToken));
} else if (headers != null && isAuthorizationHeaderPresent) {
String authHeader = request.getHeader(RestApiConstants.AUTHORIZATION_HTTP_HEADER);
String accessToken = extractAccessToken(authHeader);
if (accessToken != null) {
isTokenValid = validateTokenAndScopes(request, serviceMethodInfo, accessToken);
request.setProperty(LOGGED_IN_USER, getEndUserName(accessToken));
}
} else {
throw new APIMgtSecurityException("Missing Authorization header in the request.`", ExceptionCodes.MALFORMED_AUTHORIZATION_HEADER_OAUTH);
}
return isTokenValid;
}
Also used :
ErrorHandler(org.wso2.carbon.apimgt.core.exception.ErrorHandler)
HttpHeaders(javax.ws.rs.core.HttpHeaders)
APIMgtSecurityException(org.wso2.carbon.apimgt.rest.api.common.exception.APIMgtSecurityException)
Aggregations
APIManagementException (org.wso2.carbon.apimgt.core.exception.APIManagementException)103
HashMap (java.util.HashMap)95
ErrorDTO (org.wso2.carbon.apimgt.rest.api.common.dto.ErrorDTO)95
Test (org.testng.annotations.Test)36
APIStore (org.wso2.carbon.apimgt.core.api.APIStore)35
HTTPCarbonMessage (org.wso2.transport.http.netty.message.HTTPCarbonMessage)33
APIPublisher (org.wso2.carbon.apimgt.core.api.APIPublisher)30
HTTPTestRequest (org.ballerinalang.test.services.testutils.HTTPTestRequest)28
APIMgtAdminService (org.wso2.carbon.apimgt.core.api.APIMgtAdminService)24
ArrayList (java.util.ArrayList)23
BadRequestException (org.wso2.charon3.core.exceptions.BadRequestException)19
CharonException (org.wso2.charon3.core.exceptions.CharonException)19
SCIMResponse (org.wso2.charon3.core.protocol.SCIMResponse)19
NotFoundException (org.wso2.charon3.core.exceptions.NotFoundException)18
SCIMResourceTypeSchema (org.wso2.charon3.core.schema.SCIMResourceTypeSchema)18
Header (org.wso2.carbon.messaging.Header)17
InternalErrorException (org.wso2.charon3.core.exceptions.InternalErrorException)16
IOException (java.io.IOException)15
JSONEncoder (org.wso2.charon3.core.encoder.JSONEncoder)15
Map (java.util.Map)14
