Example 1 with ServiceMethodInfo
use of org.wso2.msf4j.ServiceMethodInfo in project carbon-apimgt by wso2.
the class APIDefinitionFromSwagger20 method getScopeOfResourcePath.
@Override
public String getScopeOfResourcePath(String resourceConfigsJSON, Request request, ServiceMethodInfo serviceMethodInfo) throws APIManagementException {
SwaggerParser swaggerParser = new SwaggerParser();
Swagger swagger = swaggerParser.parse(resourceConfigsJSON);
String basepath = swagger.getBasePath();
String verb = (String) request.getProperty(APIMgtConstants.HTTP_METHOD);
// TODO change to this if msf4j2.3.0-m2 or higher
// Method resourceMethod = (Method) request.getProperty("method");
Method resourceMethod = serviceMethodInfo.getMethod();
if (resourceMethod == null || verb == null) {
String message = "Could not read required properties from HTTP Request. HTTP_METHOD=" + verb + " resourceTemplate=" + resourceMethod;
log.error(message);
throw new APIManagementException(message, ExceptionCodes.SWAGGER_URL_MALFORMED);
}
String apiPrefix = resourceMethod.getDeclaringClass().getAnnotation(javax.ws.rs.ApplicationPath.class).value();
String pathTemplate = "";
if (resourceMethod.getAnnotation(javax.ws.rs.Path.class) != null) {
pathTemplate = resourceMethod.getAnnotation(javax.ws.rs.Path.class).value();
}
String nameSpace = getNamespaceFromBasePath(basepath);
if (basepath.contains(APIMgtConstants.APPType.PUBLISHER)) {
nameSpace = APIMgtConstants.NAMESPACE_PUBLISHER_API;
} else if (basepath.contains(APIMgtConstants.APPType.STORE)) {
nameSpace = APIMgtConstants.NAMESPACE_STORE_API;
} else if (basepath.contains(APIMgtConstants.APPType.ADMIN)) {
nameSpace = APIMgtConstants.NAMESPACE_ADMIN_API;
} else if (basepath.contains(APIMgtConstants.APPType.ANALYTICS)) {
nameSpace = APIMgtConstants.NAMESPACE_ANALYTICS_API;
}
// if namespace is not available in local cache add it.
if (nameSpace != null && !localConfigMap.containsKey(nameSpace)) {
localConfigMap.put(nameSpace, new ConcurrentHashMap<>());
}
if (nameSpace != null && localConfigMap.containsKey(nameSpace) && localConfigMap.get(nameSpace).isEmpty()) {
populateConfigMapForScopes(swagger, nameSpace);
}
String resourceConfig = verb + "_" + apiPrefix + pathTemplate;
if (localConfigMap.get(nameSpace).containsKey(resourceConfig)) {
return localConfigMap.get(nameSpace).get(resourceConfig).toString();
}
return null;
}
Also used :
SwaggerParser(io.swagger.parser.SwaggerParser)
Path(io.swagger.models.Path)
APIManagementException(org.wso2.carbon.apimgt.core.exception.APIManagementException)
Swagger(io.swagger.models.Swagger)
Method(java.lang.reflect.Method)
HttpMethod(io.swagger.models.HttpMethod)
Example 2 with ServiceMethodInfo
use of org.wso2.msf4j.ServiceMethodInfo in project carbon-apimgt by wso2.
the class BasicAuthAuthenticatorTestCase method testAuthenticate.
@Test
public void testAuthenticate() throws Exception {
final String authorizationHttpHeader = "Basic YWRtaW46YWRtaW4=";
final String authorizationHttpHeader1 = "DummyHeader YWRtaW46YWRtaW4=";
HTTPCarbonMessage carbonMessage = Mockito.mock(HTTPCarbonMessage.class);
Request requestObj = new Request(carbonMessage);
try {
PowerMockito.whenNew(Request.class).withArguments(carbonMessage).thenReturn(requestObj);
} catch (Exception e) {
throw new APIMgtSecurityException("Error while mocking Request Object ", e);
}
try {
BasicAuthAuthenticator basicAuthAuthenticator = new BasicAuthAuthenticator();
basicAuthAuthenticator.authenticate(requestObj, null, null);
} catch (APIMgtSecurityException e) {
Assert.assertEquals(e.getMessage(), "Missing Authorization header in the request.`");
}
when(requestObj.getHeader(RestApiConstants.AUTHORIZATION_HTTP_HEADER)).thenReturn(authorizationHttpHeader1);
Response responseObj = Mockito.mock(Response.class);
ServiceMethodInfo serviceMethodInfoObj = Mockito.mock(ServiceMethodInfo.class);
try {
BasicAuthAuthenticator basicAuthAuthenticator = new BasicAuthAuthenticator();
basicAuthAuthenticator.authenticate(requestObj, responseObj, serviceMethodInfoObj);
} catch (APIMgtSecurityException e) {
Assert.assertEquals(e.getMessage(), "Missing 'Authorization : Basic' header in the request.`");
}
when(requestObj.getHeader(RestApiConstants.AUTHORIZATION_HTTP_HEADER)).thenReturn(authorizationHttpHeader);
BasicAuthAuthenticator basicAuthAuthenticator = new BasicAuthAuthenticator();
boolean isAuthenticated = basicAuthAuthenticator.authenticate(requestObj, responseObj, serviceMethodInfoObj);
if (isAuthenticated) {
Assert.assertEquals(isAuthenticated, true);
} else {
Assert.assertEquals(isAuthenticated, false);
}
}
Also used :
Response(org.wso2.msf4j.Response)
HTTPCarbonMessage(org.wso2.transport.http.netty.message.HTTPCarbonMessage)
BasicAuthAuthenticator(org.wso2.carbon.apimgt.rest.api.common.impl.BasicAuthAuthenticator)
APIMgtSecurityException(org.wso2.carbon.apimgt.rest.api.common.exception.APIMgtSecurityException)
ServiceMethodInfo(org.wso2.msf4j.ServiceMethodInfo)
Request(org.wso2.msf4j.Request)
APIMgtSecurityException(org.wso2.carbon.apimgt.rest.api.common.exception.APIMgtSecurityException)
Test(org.testng.annotations.Test)
Example 3 with ServiceMethodInfo
use of org.wso2.msf4j.ServiceMethodInfo in project carbon-apimgt by wso2.
the class OAuth2AuthenticatorTestCase method testOauthAuthenticate.
@Test
public void testOauthAuthenticate() throws Exception {
HTTPCarbonMessage carbonMessage = Mockito.mock(HTTPCarbonMessage.class);
Request requestObj = new Request(carbonMessage);
Response responseObj = Mockito.mock(Response.class);
ServiceMethodInfo serviceMethodInfoObj = Mockito.mock(ServiceMethodInfo.class);
final String authorizationHttpHeader = "Bearer 7d33e3cd-60f0-3484-9651-cc31f2e09fb4";
final String accessToken = "7d33e3cd-60f0-3484-9651-cc31f2e09fb4";
Mockito.when(requestObj.getHeader(RestApiConstants.AUTHORIZATION_HTTP_HEADER)).thenReturn(authorizationHttpHeader);
AccessTokenInfo accessTokenInfo = new AccessTokenInfo();
accessTokenInfo.setTokenValid(true);
accessTokenInfo.setEndUserName("admin@carbon.super");
IdentityProvider identityProvider = Mockito.mock(IdentityProvider.class);
APIManagerFactory instance = Mockito.mock(APIManagerFactory.class);
PowerMockito.mockStatic(APIManagerFactory.class);
PowerMockito.when(APIManagerFactory.getInstance()).thenReturn(instance);
Mockito.when(instance.getIdentityProvider()).thenReturn(identityProvider);
Mockito.when(identityProvider.getTokenMetaData(accessToken)).thenReturn(accessTokenInfo);
when((String) requestObj.getProperty(APIConstants.REQUEST_URL)).thenReturn("/api/am/publisher/");
OAuth2Authenticator oAuth2Authenticator = new OAuth2Authenticator();
oAuth2Authenticator.authenticate(requestObj, responseObj, serviceMethodInfoObj);
Assert.assertEquals(0, responseObj.getStatusCode());
}
Also used :
Response(org.wso2.msf4j.Response)
AccessTokenInfo(org.wso2.carbon.apimgt.core.models.AccessTokenInfo)
APIManagerFactory(org.wso2.carbon.apimgt.core.impl.APIManagerFactory)
HTTPCarbonMessage(org.wso2.transport.http.netty.message.HTTPCarbonMessage)
ServiceMethodInfo(org.wso2.msf4j.ServiceMethodInfo)
OAuth2Authenticator(org.wso2.carbon.apimgt.rest.api.common.impl.OAuth2Authenticator)
Request(org.wso2.msf4j.Request)
IdentityProvider(org.wso2.carbon.apimgt.core.api.IdentityProvider)
Test(org.junit.Test)
PrepareForTest(org.powermock.core.classloader.annotations.PrepareForTest)
Example 4 with ServiceMethodInfo
use of org.wso2.msf4j.ServiceMethodInfo in project carbon-apimgt by wso2.
the class RESTAPISecurityInterceptorTestCase method testGetApisSuccess.
@Test
public void testGetApisSuccess() throws APIManagementException {
HTTPCarbonMessage carbonMessage = Mockito.mock(HTTPCarbonMessage.class);
Request requestObj = Mockito.mock(Request.class);
try {
PowerMockito.whenNew(Request.class).withArguments(carbonMessage).thenReturn(requestObj);
} catch (Exception e) {
throw new APIMgtSecurityException("Error while mocking Request Object ", e);
}
Response responseObj = Mockito.mock(Response.class);
Mockito.when(requestObj.getHeader(RestApiConstants.AUTHORIZATION_HTTP_HEADER)).thenReturn("Authorization: 053d68ee-12bc-36b0-ab9c-31752ef5bda9");
Mockito.when(requestObj.getHeader("REQUEST_URL")).thenReturn("http://localhost:9090/api/am/publisher/v1/api");
ServiceMethodInfo serviceMethodInfoObj = Mockito.mock(ServiceMethodInfo.class);
RESTAPISecurityInterceptor interceptor = Mockito.mock(RESTAPISecurityInterceptor.class);
boolean isAuthorized = interceptor.preCall(requestObj, responseObj, serviceMethodInfoObj);
if (isAuthorized) {
Assert.assertEquals(isAuthorized, true);
} else {
Assert.assertEquals(isAuthorized, false);
}
}
Also used :
Response(org.wso2.msf4j.Response)
HTTPCarbonMessage(org.wso2.transport.http.netty.message.HTTPCarbonMessage)
APIMgtSecurityException(org.wso2.carbon.apimgt.rest.api.common.exception.APIMgtSecurityException)
ServiceMethodInfo(org.wso2.msf4j.ServiceMethodInfo)
Request(org.wso2.msf4j.Request)
RESTAPISecurityInterceptor(org.wso2.carbon.apimgt.rest.api.common.interceptors.RESTAPISecurityInterceptor)
APIManagementException(org.wso2.carbon.apimgt.core.exception.APIManagementException)
APIMgtSecurityException(org.wso2.carbon.apimgt.rest.api.common.exception.APIMgtSecurityException)
Test(org.junit.Test)
Example 5 with ServiceMethodInfo
use of org.wso2.msf4j.ServiceMethodInfo in project carbon-apimgt by wso2.
the class OAuth2Authenticator method validateTokenAndScopes.
private boolean validateTokenAndScopes(Request request, ServiceMethodInfo serviceMethodInfo, String accessToken) throws APIMgtSecurityException {
// Map<String, String> tokenInfo = validateToken(accessToken);
AccessTokenInfo accessTokenInfo = validateToken(accessToken);
String restAPIResource = getRestAPIResource(request);
// scope validation
return validateScopes(request, serviceMethodInfo, accessTokenInfo.getScopes(), restAPIResource);
}
Also used :
AccessTokenInfo(org.wso2.carbon.apimgt.core.models.AccessTokenInfo)
Aggregations
APIManagementException (org.wso2.carbon.apimgt.core.exception.APIManagementException)5
APIMgtSecurityException (org.wso2.carbon.apimgt.rest.api.common.exception.APIMgtSecurityException)5
Request (org.wso2.msf4j.Request)4
Response (org.wso2.msf4j.Response)4
ServiceMethodInfo (org.wso2.msf4j.ServiceMethodInfo)4
Swagger (io.swagger.models.Swagger)3
ErrorHandler (org.wso2.carbon.apimgt.core.exception.ErrorHandler)3
AccessTokenInfo (org.wso2.carbon.apimgt.core.models.AccessTokenInfo)3
HTTPCarbonMessage (org.wso2.transport.http.netty.message.HTTPCarbonMessage)3
Path (io.swagger.models.Path)2
SwaggerParser (io.swagger.parser.SwaggerParser)2
Method (java.lang.reflect.Method)2
HttpHeaders (javax.ws.rs.core.HttpHeaders)2
Test (org.junit.Test)2
APIManagerFactory (org.wso2.carbon.apimgt.core.impl.APIManagerFactory)2
TypeToken (com.google.gson.reflect.TypeToken)1
SuppressFBWarnings (edu.umd.cs.findbugs.annotations.SuppressFBWarnings)1
HttpMethod (io.swagger.models.HttpMethod)1
Arrays (java.util.Arrays)1
List (java.util.List)1
