You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@stratos.apache.org by im...@apache.org on 2013/11/11 11:39:16 UTC
git commit: OAuth authentication/authorization
Updated Branches:
refs/heads/master f12cdf121 -> 6c2509184
OAuth authentication/authorization
Signed-off-by: Imesh Gunaratne <im...@apache.org>
Project: http://git-wip-us.apache.org/repos/asf/incubator-stratos/repo
Commit: http://git-wip-us.apache.org/repos/asf/incubator-stratos/commit/6c250918
Tree: http://git-wip-us.apache.org/repos/asf/incubator-stratos/tree/6c250918
Diff: http://git-wip-us.apache.org/repos/asf/incubator-stratos/diff/6c250918
Branch: refs/heads/master
Commit: 6c2509184c4149cc52c185b741cf6c8be3c66bfb
Parents: f12cdf1
Author: Pradeep Fernando <pr...@gmail.com>
Authored: Mon Nov 11 15:34:49 2013 +0530
Committer: Imesh Gunaratne <im...@apache.org>
Committed: Mon Nov 11 16:04:37 2013 +0530
----------------------------------------------------------------------
.../org.apache.stratos.rest.endpoint/pom.xml | 6 ++
.../rest/endpoint/handlers/OAuthHandler.java | 78 ++++++++++++++++++++
.../oauth2/ValidationServiceClient.java | 65 ++++++++++++++++
.../src/main/webapp/WEB-INF/cxf-servlet.xml | 12 +++
4 files changed, 161 insertions(+)
----------------------------------------------------------------------
http://git-wip-us.apache.org/repos/asf/incubator-stratos/blob/6c250918/components/org.apache.stratos.rest.endpoint/pom.xml
----------------------------------------------------------------------
diff --git a/components/org.apache.stratos.rest.endpoint/pom.xml b/components/org.apache.stratos.rest.endpoint/pom.xml
index 626d274..843d381 100644
--- a/components/org.apache.stratos.rest.endpoint/pom.xml
+++ b/components/org.apache.stratos.rest.endpoint/pom.xml
@@ -77,6 +77,12 @@
<scope>provided</scope>
</dependency>
<dependency>
+ <groupId>org.wso2.carbon</groupId>
+ <artifactId>org.wso2.carbon.identity.oauth.stub</artifactId>
+ <version>4.1.0</version>
+ <scope>provided</scope>
+ </dependency>
+ <dependency>
<groupId>org.apache.stratos</groupId>
<artifactId>org.apache.stratos.tenant.mgt</artifactId>
<version>4.0.0-SNAPSHOT</version>
http://git-wip-us.apache.org/repos/asf/incubator-stratos/blob/6c250918/components/org.apache.stratos.rest.endpoint/src/main/java/org/apache/stratos/rest/endpoint/handlers/OAuthHandler.java
----------------------------------------------------------------------
diff --git a/components/org.apache.stratos.rest.endpoint/src/main/java/org/apache/stratos/rest/endpoint/handlers/OAuthHandler.java b/components/org.apache.stratos.rest.endpoint/src/main/java/org/apache/stratos/rest/endpoint/handlers/OAuthHandler.java
new file mode 100644
index 0000000..4bcf6c2
--- /dev/null
+++ b/components/org.apache.stratos.rest.endpoint/src/main/java/org/apache/stratos/rest/endpoint/handlers/OAuthHandler.java
@@ -0,0 +1,78 @@
+/*
+ * Licensed to the Apache Software Foundation (ASF) under one
+ * or more contributor license agreements. See the NOTICE file
+ * distributed with this work for additional information
+ * regarding copyright ownership. The ASF licenses this file
+ * to you under the Apache License, Version 2.0 (the
+ * "License"); you may not use this file except in compliance
+ * with the License. You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing,
+ * software distributed under the License is distributed on an
+ * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+ * KIND, either express or implied. See the License for the
+ * specific language governing permissions and limitations
+ * under the License.
+ */
+package org.apache.stratos.rest.endpoint.handlers;
+
+import org.apache.commons.logging.Log;
+import org.apache.commons.logging.LogFactory;
+import org.apache.cxf.jaxrs.ext.RequestHandler;
+import org.apache.cxf.jaxrs.impl.HttpHeadersImpl;
+import org.apache.cxf.jaxrs.model.ClassResourceInfo;
+import org.apache.cxf.message.Message;
+import org.apache.stratos.rest.endpoint.oauth2.ValidationServiceClient;
+import org.wso2.carbon.identity.oauth2.stub.dto.OAuth2TokenValidationResponseDTO;
+
+import javax.ws.rs.core.HttpHeaders;
+import javax.ws.rs.core.Response;
+
+/**
+ * This class responsible for OAuth based authentication/authorization. A client has to bring a valid OAuth token from a
+ * a OAuth provider. This class intercept the request and calls the OAuthTokenValidation endpoint of the provider.
+ */
+public class OAuthHandler implements RequestHandler {
+ private static Log log = LogFactory.getLog(OAuthHandler.class);
+ private static String oauthValidationEndpoint;
+ private static String username;
+ private static String password;
+
+ public void setOauthValidationEndpoint(String oauthValidationEndpoint) {
+ OAuthHandler.oauthValidationEndpoint = oauthValidationEndpoint;
+ }
+
+ public void setUsername(String username) {
+ OAuthHandler.username = username;
+ }
+
+ public void setPassword(String password) {
+ OAuthHandler.password = password;
+ }
+
+ public Response handleRequest(Message message, ClassResourceInfo classResourceInfo) {
+ try {
+ OAuth2TokenValidationResponseDTO respDTO;
+ ValidationServiceClient validationServiceClient = new
+ ValidationServiceClient(oauthValidationEndpoint, username, password);
+ HttpHeaders httpHeaders = new HttpHeadersImpl(message);
+ String header = httpHeaders.getRequestHeaders().getFirst("Authorization");
+ // if the authorization token has Bearer..
+ if (header.startsWith("Bearer ")) {
+ String accessToken = header.substring(7).trim();
+ respDTO = validationServiceClient.validateAuthenticationRequest(accessToken); //TODO : send scope params
+ boolean valid = respDTO.getValid();
+ if (!valid) {
+ // authorization failure..
+ return Response.status(Response.Status.FORBIDDEN).build();
+ }
+ }
+ } catch (Exception e) {
+ log.error("Error while validating access token", e);
+ return Response.status(Response.Status.FORBIDDEN).build();
+ }
+ return null;
+ }
+}
http://git-wip-us.apache.org/repos/asf/incubator-stratos/blob/6c250918/components/org.apache.stratos.rest.endpoint/src/main/java/org/apache/stratos/rest/endpoint/oauth2/ValidationServiceClient.java
----------------------------------------------------------------------
diff --git a/components/org.apache.stratos.rest.endpoint/src/main/java/org/apache/stratos/rest/endpoint/oauth2/ValidationServiceClient.java b/components/org.apache.stratos.rest.endpoint/src/main/java/org/apache/stratos/rest/endpoint/oauth2/ValidationServiceClient.java
new file mode 100644
index 0000000..2826009
--- /dev/null
+++ b/components/org.apache.stratos.rest.endpoint/src/main/java/org/apache/stratos/rest/endpoint/oauth2/ValidationServiceClient.java
@@ -0,0 +1,65 @@
+/*
+ * Licensed to the Apache Software Foundation (ASF) under one
+ * or more contributor license agreements. See the NOTICE file
+ * distributed with this work for additional information
+ * regarding copyright ownership. The ASF licenses this file
+ * to you under the Apache License, Version 2.0 (the
+ * "License"); you may not use this file except in compliance
+ * with the License. You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing,
+ * software distributed under the License is distributed on an
+ * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+ * KIND, either express or implied. See the License for the
+ * specific language governing permissions and limitations
+ * under the License.
+ */
+package org.apache.stratos.rest.endpoint.oauth2;
+
+import org.apache.axis2.AxisFault;
+import org.apache.commons.logging.Log;
+import org.apache.commons.logging.LogFactory;
+import org.apache.cxf.rs.security.oauth2.utils.OAuthConstants;
+import org.wso2.carbon.identity.oauth2.stub.OAuth2TokenValidationServiceStub;
+import org.wso2.carbon.identity.oauth2.stub.dto.OAuth2TokenValidationRequestDTO;
+import org.wso2.carbon.identity.oauth2.stub.dto.OAuth2TokenValidationResponseDTO;
+import org.wso2.carbon.utils.CarbonUtils;
+
+import java.rmi.RemoteException;
+
+/**
+ * Service class wrapper for OAuthTokenValidation endpoint.
+ */
+public class ValidationServiceClient {
+ private OAuth2TokenValidationServiceStub stub = null;
+ private static final Log log = LogFactory.getLog(OAuth2TokenValidationServiceStub.class);
+
+
+ public ValidationServiceClient(String backendServerURL, String username, String password) throws Exception{
+ String serviceURL = backendServerURL + "OAuth2TokenValidationService";
+ try {
+ stub = new OAuth2TokenValidationServiceStub(serviceURL);
+ CarbonUtils.setBasicAccessSecurityHeaders(username, password, true, stub._getServiceClient());
+ } catch (AxisFault e) {
+ log.error("Error initializing OAuth2 Client");
+ throw new Exception("Error initializing OAuth Client", e);
+ }
+ }
+
+
+ public OAuth2TokenValidationResponseDTO validateAuthenticationRequest(String accessToken) throws Exception{
+ OAuth2TokenValidationRequestDTO oauthReq = new OAuth2TokenValidationRequestDTO();
+ oauthReq.setAccessToken(accessToken);
+ oauthReq.setTokenType(OAuthConstants.BEARER_TOKEN_TYPE);
+ try {
+ return stub.validate(oauthReq);
+ } catch (RemoteException e) {
+ log.error("Error while validating OAuth2 request");
+ throw new Exception("Error while validating OAuth2 request", e);
+ }
+ }
+
+
+}
http://git-wip-us.apache.org/repos/asf/incubator-stratos/blob/6c250918/components/org.apache.stratos.rest.endpoint/src/main/webapp/WEB-INF/cxf-servlet.xml
----------------------------------------------------------------------
diff --git a/components/org.apache.stratos.rest.endpoint/src/main/webapp/WEB-INF/cxf-servlet.xml b/components/org.apache.stratos.rest.endpoint/src/main/webapp/WEB-INF/cxf-servlet.xml
index 4c1de15..32164e2 100644
--- a/components/org.apache.stratos.rest.endpoint/src/main/webapp/WEB-INF/cxf-servlet.xml
+++ b/components/org.apache.stratos.rest.endpoint/src/main/webapp/WEB-INF/cxf-servlet.xml
@@ -34,6 +34,11 @@
<ref bean="authenticationFilter"/>
<ref bean="authorizationFilter"/>
</jaxrs:providers>
+
+ <!--The below config enables OAuth based authentication/authorization for REST API-->
+ <!--jaxrs:providers>
+ <ref bean="OAuthFilter"/>
+ </jaxrs:providers-->
</jaxrs:server>
<bean id="stratosRestEndpointBean" class="org.apache.stratos.rest.endpoint.services.StratosAdmin"/>
@@ -42,4 +47,11 @@
<property name="securedObject" ref="stratosRestEndpointBean"/>
</bean>
+ <!--The below config enables OAuth based authentication/authorization for REST API-->
+ <!--bean id="OAuthFilter" class="org.apache.stratos.rest.endpoint.handlers.OAuthHandler">
+ <property name="password" value="admin"/>
+ <property name="username" value="admin"/>
+ <property name="oauthValidationEndpoint" value="https://localhost:9443/services/"/>
+ </bean-->
+
</beans>