Example 21 with Timer
use of org.wso2.carbon.metrics.manager.Timer in project carbon-apimgt by wso2.
the class ThrottleHandlerTest method testMsgThrottleOutWhenResourceLevelIsThrottled.
@Test
public void testMsgThrottleOutWhenResourceLevelIsThrottled() {
ThrottleDataHolder throttleDataHolder = new ThrottleDataHolder();
ThrottleHandler throttleHandler = new ThrottlingHandlerWrapper(timer, throttleDataHolder, throttleEvaluator);
MessageContext messageContext = TestUtils.getMessageContextWithAuthContext(apiContext, apiVersion);
messageContext.setProperty(VERB_INFO_DTO, verbInfoDTO);
((Axis2MessageContext) messageContext).getAxis2MessageContext().getProperty(org.apache.axis2.context.MessageContext.TRANSPORT_HEADERS);
AuthenticationContext authenticationContext = (AuthenticationContext) messageContext.getProperty(API_AUTH_CONTEXT);
authenticationContext.setApiTier("Unlimited");
messageContext.setProperty(API_AUTH_CONTEXT, authenticationContext);
verbInfo.setConditionGroups(conditionGroupDTOs);
ArrayList<ConditionGroupDTO> matchingConditions = new ArrayList<>();
matchingConditions.add(conditionGroupDTO);
String combinedResourceLevelThrottleKey = resourceLevelThrottleKey + conditionGroupDTO.getConditionGroupId();
throttleDataHolder.addThrottledAPIKey(resourceLevelThrottleKey, System.currentTimeMillis() + 10000);
throttleDataHolder.addThrottleData(combinedResourceLevelThrottleKey, System.currentTimeMillis() + 10000);
Mockito.when(throttleEvaluator.getApplicableConditions(messageContext, authenticationContext, conditionGroupDTOs)).thenReturn(matchingConditions);
// Should throttle out and discontinue message flow, when resource level is throttled out
Assert.assertFalse(throttleHandler.handleRequest(messageContext));
}
Also used :
ThrottleDataHolder(org.wso2.carbon.apimgt.gateway.throttling.ThrottleDataHolder)
AuthenticationContext(org.wso2.carbon.apimgt.gateway.handlers.security.AuthenticationContext)
ArrayList(java.util.ArrayList)
MessageContext(org.apache.synapse.MessageContext)
Axis2MessageContext(org.apache.synapse.core.axis2.Axis2MessageContext)
ConditionGroupDTO(org.wso2.carbon.apimgt.api.dto.ConditionGroupDTO)
PrepareForTest(org.powermock.core.classloader.annotations.PrepareForTest)
Test(org.junit.Test)
Example 22 with Timer
use of org.wso2.carbon.metrics.manager.Timer in project carbon-apimgt by wso2.
the class ThrottleHandlerTest method testSubscriptionLevelThrottlingInitWhenThrottleCtxIsNull.
@Test
public void testSubscriptionLevelThrottlingInitWhenThrottleCtxIsNull() {
ThrottleDataHolder throttleDataHolder = new ThrottleDataHolder();
ThrottleHandler throttleHandler = new ThrottlingHandlerWrapper(timer, throttleDataHolder, throttleEvaluator);
MessageContext messageContext = TestUtils.getMessageContextWithAuthContext(apiContext, apiVersion);
messageContext.setProperty(RESPONSE, "true");
// Test subscription level throttle context initialisation when throttle holder is null
Assert.assertTrue(throttleHandler.handleRequest(messageContext));
}
Also used :
ThrottleDataHolder(org.wso2.carbon.apimgt.gateway.throttling.ThrottleDataHolder)
MessageContext(org.apache.synapse.MessageContext)
Axis2MessageContext(org.apache.synapse.core.axis2.Axis2MessageContext)
PrepareForTest(org.powermock.core.classloader.annotations.PrepareForTest)
Test(org.junit.Test)
Example 23 with Timer
use of org.wso2.carbon.metrics.manager.Timer in project carbon-apimgt by wso2.
the class APIThrottleHandlerTest method init.
@Before
public void init() {
throttleContext = Mockito.mock(ThrottleContext.class);
timer = Mockito.mock(Timer.class);
context = Mockito.mock(Timer.Context.class);
throttleConfiguration = Mockito.mock(ThrottleConfiguration.class);
callerConfiguration = Mockito.mock(CallerConfiguration.class);
Mockito.when(timer.start()).thenReturn(context);
messageContext = TestUtils.getMessageContextWithAuthContext(apiContext, apiVersion);
axisConfiguration = new AxisConfiguration();
configurationContext = new ConfigurationContext(axisConfiguration);
throttleKey = "throttle_" + throttleID + "_cac_key";
verbInfoDTO = new VerbInfoDTO();
verbInfoDTO.setThrottling("Silver");
verbInfoDTO.setRequestKey("/weather");
verbInfoDTO.setHttpVerb("GET");
apiThrottleHandler = new APIThrottleHandlerWrapper(timer, throttleContext);
}
Also used :
ThrottleContext(org.apache.synapse.commons.throttle.core.ThrottleContext)
RoleBaseThrottleContext(org.apache.synapse.commons.throttle.core.impl.rolebase.RoleBaseThrottleContext)
ConfigurationContext(org.apache.axis2.context.ConfigurationContext)
AuthenticationContext(org.wso2.carbon.apimgt.gateway.handlers.security.AuthenticationContext)
ThrottleContext(org.apache.synapse.commons.throttle.core.ThrottleContext)
MessageContext(org.apache.synapse.MessageContext)
RoleBaseThrottleContext(org.apache.synapse.commons.throttle.core.impl.rolebase.RoleBaseThrottleContext)
Axis2MessageContext(org.apache.synapse.core.axis2.Axis2MessageContext)
AxisConfiguration(org.apache.axis2.engine.AxisConfiguration)
ConfigurationContext(org.apache.axis2.context.ConfigurationContext)
CallerConfiguration(org.apache.synapse.commons.throttle.core.CallerConfiguration)
Timer(org.wso2.carbon.metrics.manager.Timer)
VerbInfoDTO(org.wso2.carbon.apimgt.impl.dto.VerbInfoDTO)
ThrottleConfiguration(org.apache.synapse.commons.throttle.core.ThrottleConfiguration)
Before(org.junit.Before)
Example 24 with Timer
use of org.wso2.carbon.metrics.manager.Timer in project carbon-apimgt by wso2.
the class OAuthAuthenticator method authenticate.
@MethodStats
public AuthenticationResponse authenticate(MessageContext synCtx) throws APIManagementException {
boolean isJwtToken = false;
String accessToken = null;
String remainingAuthHeader = "";
boolean defaultVersionInvoked = false;
Map headers = (Map) ((Axis2MessageContext) synCtx).getAxis2MessageContext().getProperty(org.apache.axis2.context.MessageContext.TRANSPORT_HEADERS);
String tenantDomain = GatewayUtils.getTenantDomain();
keyManagerList = GatewayUtils.getKeyManagers(synCtx);
if (keyValidator == null) {
this.keyValidator = new APIKeyValidator();
}
if (jwtValidator == null) {
this.jwtValidator = new JWTValidator(this.keyValidator, tenantDomain);
}
config = getApiManagerConfiguration();
removeOAuthHeadersFromOutMessage = isRemoveOAuthHeadersFromOutMessage();
securityContextHeader = getSecurityContextHeader();
if (headers != null) {
requestOrigin = (String) headers.get("Origin");
// Extract the access token from auth header
// From 1.0.7 version of this component onwards remove the OAuth authorization header from
// the message is configurable. So we dont need to remove headers at this point.
String authHeader = (String) headers.get(getSecurityHeader());
if (authHeader == null) {
if (log.isDebugEnabled()) {
log.debug("OAuth2 Authentication: Expected authorization header with the name '".concat(getSecurityHeader()).concat("' was not found."));
}
} else {
ArrayList<String> remainingAuthHeaders = new ArrayList<>();
boolean consumerkeyFound = false;
String[] splitHeaders = authHeader.split(oauthHeaderSplitter);
if (splitHeaders != null) {
for (int i = 0; i < splitHeaders.length; i++) {
String[] elements = splitHeaders[i].split(consumerKeySegmentDelimiter);
if (elements != null && elements.length > 1) {
int j = 0;
boolean isConsumerKeyHeaderAvailable = false;
for (String element : elements) {
if (!"".equals(element.trim())) {
if (consumerKeyHeaderSegment.equals(elements[j].trim())) {
isConsumerKeyHeaderAvailable = true;
} else if (isConsumerKeyHeaderAvailable) {
accessToken = removeLeadingAndTrailing(elements[j].trim());
consumerkeyFound = true;
}
}
j++;
}
}
if (!consumerkeyFound) {
remainingAuthHeaders.add(splitHeaders[i]);
} else {
consumerkeyFound = false;
}
}
}
remainingAuthHeader = String.join(oauthHeaderSplitter, remainingAuthHeaders);
}
if (log.isDebugEnabled()) {
log.debug(accessToken != null ? "Received Token ".concat(accessToken) : "No valid Authorization header found");
}
// Check if client invoked the default version API (accessing API without version).
defaultVersionInvoked = headers.containsKey(defaultAPIHeader);
}
if (log.isDebugEnabled()) {
log.debug("Default Version API invoked");
}
if (removeOAuthHeadersFromOutMessage) {
// Remove authorization headers sent for authentication at the gateway and pass others to the backend
if (StringUtils.isNotBlank(remainingAuthHeader)) {
if (log.isDebugEnabled()) {
log.debug("Removing OAuth key from Authorization header");
}
headers.put(getSecurityHeader(), remainingAuthHeader);
} else {
if (log.isDebugEnabled()) {
log.debug("Removing Authorization header from headers");
}
headers.remove(getSecurityHeader());
}
}
if (removeDefaultAPIHeaderFromOutMessage) {
headers.remove(defaultAPIHeader);
}
String apiContext = (String) synCtx.getProperty(RESTConstants.REST_API_CONTEXT);
String apiVersion = (String) synCtx.getProperty(RESTConstants.SYNAPSE_REST_API_VERSION);
String httpMethod = (String) ((Axis2MessageContext) synCtx).getAxis2MessageContext().getProperty(Constants.Configuration.HTTP_METHOD);
String matchingResource = (String) synCtx.getProperty(APIConstants.API_ELECTED_RESOURCE);
SignedJWTInfo signedJWTInfo = null;
// If the matching resource does not require authentication
Timer timer = getTimer(MetricManager.name(APIConstants.METRICS_PREFIX, this.getClass().getSimpleName(), "GET_RESOURCE_AUTH"));
Timer.Context context = timer.start();
org.apache.axis2.context.MessageContext axis2MessageCtx = ((Axis2MessageContext) synCtx).getAxis2MessageContext();
org.apache.axis2.context.MessageContext.setCurrentMessageContext(axis2MessageCtx);
String authenticationScheme;
try {
// Initial guess of a JWT token using the presence of a DOT.
if (StringUtils.isNotEmpty(accessToken) && accessToken.contains(APIConstants.DOT)) {
try {
if (StringUtils.countMatches(accessToken, APIConstants.DOT) != 2) {
log.debug("Invalid JWT token. The expected token format is <header.payload.signature>");
throw new APISecurityException(APISecurityConstants.API_AUTH_INVALID_CREDENTIALS, "Invalid JWT token");
}
signedJWTInfo = getSignedJwt(accessToken);
if (GatewayUtils.isInternalKey(signedJWTInfo.getJwtClaimsSet()) || GatewayUtils.isAPIKey(signedJWTInfo.getJwtClaimsSet())) {
log.debug("Invalid Token Provided");
return new AuthenticationResponse(false, isMandatory, true, APISecurityConstants.API_AUTH_INVALID_CREDENTIALS, APISecurityConstants.API_AUTH_INVALID_CREDENTIALS_MESSAGE);
}
String keyManager = ServiceReferenceHolder.getInstance().getJwtValidationService().getKeyManagerNameIfJwtValidatorExist(signedJWTInfo);
if (StringUtils.isNotEmpty(keyManager)) {
if (log.isDebugEnabled()) {
log.debug("KeyManager " + keyManager + "found for authenticate token " + GatewayUtils.getMaskedToken(accessToken));
}
if (keyManagerList.contains(APIConstants.KeyManager.API_LEVEL_ALL_KEY_MANAGERS) || keyManagerList.contains(keyManager)) {
if (log.isDebugEnabled()) {
log.debug("Elected KeyManager " + keyManager + "found in API level list " + String.join(",", keyManagerList));
}
isJwtToken = true;
} else {
if (log.isDebugEnabled()) {
log.debug("Elected KeyManager " + keyManager + " not found in API level list " + String.join(",", keyManagerList));
}
return new AuthenticationResponse(false, isMandatory, true, APISecurityConstants.API_AUTH_INVALID_CREDENTIALS, APISecurityConstants.API_AUTH_INVALID_CREDENTIALS_MESSAGE);
}
} else {
if (log.isDebugEnabled()) {
log.debug("KeyManager not found for accessToken " + GatewayUtils.getMaskedToken(accessToken));
}
}
} catch (ParseException | IllegalArgumentException e) {
log.debug("Not a JWT token. Failed to decode the token header.", e);
} catch (APIManagementException e) {
log.error("error while check validation of JWt", e);
return new AuthenticationResponse(false, isMandatory, true, APISecurityConstants.API_AUTH_INVALID_CREDENTIALS, APISecurityConstants.API_AUTH_INVALID_CREDENTIALS_MESSAGE);
}
}
authenticationScheme = getAPIKeyValidator().getResourceAuthenticationScheme(synCtx);
} catch (APISecurityException ex) {
return new AuthenticationResponse(false, isMandatory, true, ex.getErrorCode(), ex.getMessage());
}
context.stop();
APIKeyValidationInfoDTO info;
if (APIConstants.NO_MATCHING_AUTH_SCHEME.equals(authenticationScheme)) {
info = new APIKeyValidationInfoDTO();
info.setAuthorized(false);
info.setValidationStatus(900906);
} else if (accessToken == null || apiContext == null || apiVersion == null) {
if (log.isDebugEnabled()) {
if (accessToken == null) {
log.debug("OAuth headers not found");
} else if (apiContext == null) {
log.debug("Couldn't find API Context");
} else {
log.debug("Could not find api version");
}
}
return new AuthenticationResponse(false, isMandatory, true, APISecurityConstants.API_AUTH_MISSING_CREDENTIALS, "Required OAuth credentials not provided");
} else {
// Start JWT token validation
if (isJwtToken) {
try {
AuthenticationContext authenticationContext = jwtValidator.authenticate(signedJWTInfo, synCtx);
APISecurityUtils.setAuthenticationContext(synCtx, authenticationContext, securityContextHeader);
log.debug("User is authorized using JWT token to access the resource.");
synCtx.setProperty(APIMgtGatewayConstants.END_USER_NAME, authenticationContext.getUsername());
return new AuthenticationResponse(true, isMandatory, false, 0, null);
} catch (APISecurityException ex) {
return new AuthenticationResponse(false, isMandatory, true, ex.getErrorCode(), ex.getMessage());
}
}
if (log.isDebugEnabled()) {
log.debug("Matching resource is: ".concat(matchingResource));
}
timer = getTimer(MetricManager.name(APIConstants.METRICS_PREFIX, this.getClass().getSimpleName(), "GET_KEY_VALIDATION_INFO"));
context = timer.start();
try {
info = getAPIKeyValidator().getKeyValidationInfo(apiContext, accessToken, apiVersion, authenticationScheme, matchingResource, httpMethod, defaultVersionInvoked, keyManagerList);
} catch (APISecurityException ex) {
return new AuthenticationResponse(false, isMandatory, true, ex.getErrorCode(), ex.getMessage());
}
context.stop();
synCtx.setProperty(APIMgtGatewayConstants.APPLICATION_NAME, info.getApplicationName());
synCtx.setProperty(APIMgtGatewayConstants.END_USER_NAME, info.getEndUserName());
synCtx.setProperty(APIMgtGatewayConstants.SCOPES, info.getScopes() == null ? null : info.getScopes().toString());
}
if (info.isAuthorized()) {
AuthenticationContext authContext = new AuthenticationContext();
authContext.setAuthenticated(true);
authContext.setTier(info.getTier());
authContext.setApiKey(accessToken);
authContext.setKeyType(info.getType());
if (info.getEndUserName() != null) {
authContext.setUsername(info.getEndUserName());
} else {
authContext.setUsername(APIConstants.END_USER_ANONYMOUS);
}
authContext.setCallerToken(info.getEndUserToken());
authContext.setApplicationId(info.getApplicationId());
authContext.setApplicationUUID(info.getApplicationUUID());
authContext.setApplicationName(info.getApplicationName());
authContext.setApplicationTier(info.getApplicationTier());
authContext.setSubscriber(info.getSubscriber());
authContext.setConsumerKey(info.getConsumerKey());
authContext.setApiTier(info.getApiTier());
authContext.setThrottlingDataList(info.getThrottlingDataList());
authContext.setSubscriberTenantDomain(info.getSubscriberTenantDomain());
authContext.setSpikeArrestLimit(info.getSpikeArrestLimit());
authContext.setSpikeArrestUnit(info.getSpikeArrestUnit());
authContext.setStopOnQuotaReach(info.isStopOnQuotaReach());
authContext.setIsContentAware(info.isContentAware());
APISecurityUtils.setAuthenticationContext(synCtx, authContext, securityContextHeader);
if (info.getProductName() != null && info.getProductProvider() != null) {
authContext.setProductName(info.getProductName());
authContext.setProductProvider(info.getProductProvider());
}
/* Synapse properties required for BAM Mediator*/
// String tenantDomain = MultitenantUtils.getTenantDomain(info.getApiPublisher());
synCtx.setProperty("api.ut.apiPublisher", info.getApiPublisher());
synCtx.setProperty("API_NAME", info.getApiName());
/* GraphQL Query Analysis Information */
if (APIConstants.GRAPHQL_API.equals(synCtx.getProperty(APIConstants.API_TYPE))) {
synCtx.setProperty(APIConstants.MAXIMUM_QUERY_DEPTH, info.getGraphQLMaxDepth());
synCtx.setProperty(APIConstants.MAXIMUM_QUERY_COMPLEXITY, info.getGraphQLMaxComplexity());
}
if (log.isDebugEnabled()) {
log.debug("User is authorized to access the Resource");
}
return new AuthenticationResponse(true, isMandatory, false, 0, null);
} else {
if (log.isDebugEnabled()) {
log.debug("User is NOT authorized to access the Resource");
}
return new AuthenticationResponse(false, isMandatory, true, info.getValidationStatus(), "Access failure for API: " + apiContext + ", version: " + apiVersion + " status: (" + info.getValidationStatus() + ") - " + APISecurityConstants.getAuthenticationFailureMessage(info.getValidationStatus()));
}
}
Also used :
APISecurityException(org.wso2.carbon.apimgt.gateway.handlers.security.APISecurityException)
AuthenticationContext(org.wso2.carbon.apimgt.gateway.handlers.security.AuthenticationContext)
APIKeyValidator(org.wso2.carbon.apimgt.gateway.handlers.security.APIKeyValidator)
ArrayList(java.util.ArrayList)
AuthenticationResponse(org.wso2.carbon.apimgt.gateway.handlers.security.AuthenticationResponse)
Timer(org.wso2.carbon.metrics.manager.Timer)
APIManagementException(org.wso2.carbon.apimgt.api.APIManagementException)
ParseException(java.text.ParseException)
JWTValidator(org.wso2.carbon.apimgt.gateway.handlers.security.jwt.JWTValidator)
SignedJWTInfo(org.wso2.carbon.apimgt.impl.jwt.SignedJWTInfo)
Map(java.util.Map)
TreeMap(java.util.TreeMap)
APIKeyValidationInfoDTO(org.wso2.carbon.apimgt.impl.dto.APIKeyValidationInfoDTO)
Axis2MessageContext(org.apache.synapse.core.axis2.Axis2MessageContext)
MethodStats(org.wso2.carbon.apimgt.gateway.MethodStats)
Example 25 with Timer
use of org.wso2.carbon.metrics.manager.Timer in project siddhi by wso2.
the class QuerySelector method processInBatchGroupBy.
private ComplexEventChunk processInBatchGroupBy(ComplexEventChunk complexEventChunk) {
Map<String, ComplexEvent> groupedEvents = new LinkedHashMap<String, ComplexEvent>();
complexEventChunk.reset();
synchronized (this) {
while (complexEventChunk.hasNext()) {
ComplexEvent event = complexEventChunk.next();
switch(event.getType()) {
case CURRENT:
case EXPIRED:
eventPopulator.populateStateEvent(event);
String groupByKey = groupByKeyGenerator.constructEventKey(event);
GroupByAggregationAttributeExecutor.getKeyThreadLocal().set(groupByKey);
for (AttributeProcessor attributeProcessor : attributeProcessorList) {
attributeProcessor.process(event);
}
if (!(havingConditionExecutor != null && !havingConditionExecutor.execute(event))) {
if ((event.getType() == StreamEvent.Type.CURRENT && currentOn) || (event.getType() == StreamEvent.Type.EXPIRED && expiredOn)) {
complexEventChunk.remove();
groupedEvents.put(groupByKey, event);
}
}
GroupByAggregationAttributeExecutor.getKeyThreadLocal().remove();
break;
case TIMER:
break;
case RESET:
for (AttributeProcessor attributeProcessor : attributeProcessorList) {
attributeProcessor.process(event);
}
break;
}
}
}
if (groupedEvents.size() != 0) {
complexEventChunk.clear();
for (Map.Entry<String, ComplexEvent> groupedEventEntry : groupedEvents.entrySet()) {
complexEventChunk.add(new GroupedComplexEvent(groupedEventEntry.getKey(), groupedEventEntry.getValue()));
}
if (isOrderBy) {
orderEventChunk(complexEventChunk);
}
if (limit != SiddhiConstants.UNKNOWN_STATE) {
limitEventChunk(complexEventChunk);
}
complexEventChunk.reset();
return complexEventChunk;
}
return null;
}
Also used :
GroupedComplexEvent(org.wso2.siddhi.core.event.GroupedComplexEvent)
ComplexEvent(org.wso2.siddhi.core.event.ComplexEvent)
GroupedComplexEvent(org.wso2.siddhi.core.event.GroupedComplexEvent)
AttributeProcessor(org.wso2.siddhi.core.query.selector.attribute.processor.AttributeProcessor)
LinkedHashMap(java.util.LinkedHashMap)
Map(java.util.Map)
LinkedHashMap(java.util.LinkedHashMap)
Aggregations
Axis2MessageContext (org.apache.synapse.core.axis2.Axis2MessageContext)25
MessageContext (org.apache.synapse.MessageContext)22
Test (org.junit.Test)22
PrepareForTest (org.powermock.core.classloader.annotations.PrepareForTest)22
ThrottleDataHolder (org.wso2.carbon.apimgt.gateway.throttling.ThrottleDataHolder)21
AuthenticationContext (org.wso2.carbon.apimgt.gateway.handlers.security.AuthenticationContext)20
ArrayList (java.util.ArrayList)16
ConditionGroupDTO (org.wso2.carbon.apimgt.api.dto.ConditionGroupDTO)14
Timer (org.wso2.carbon.metrics.manager.Timer)12
SynapseEnvironment (org.apache.synapse.core.SynapseEnvironment)6
ComplexEvent (org.wso2.siddhi.core.event.ComplexEvent)5
GroupedComplexEvent (org.wso2.siddhi.core.event.GroupedComplexEvent)5
Map (java.util.Map)4
AttributeProcessor (org.wso2.siddhi.core.query.selector.attribute.processor.AttributeProcessor)4
SimpleDateFormat (java.text.SimpleDateFormat)3
Date (java.util.Date)3
Before (org.junit.Before)3
APIKeyValidationInfoDTO (org.wso2.carbon.apimgt.impl.dto.APIKeyValidationInfoDTO)3
VerbInfoDTO (org.wso2.carbon.apimgt.impl.dto.VerbInfoDTO)3
TracingSpan (org.wso2.carbon.apimgt.tracing.TracingSpan)3
