You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@stratos.apache.org by ud...@apache.org on 2014/12/05 17:23:20 UTC
[1/6] stratos git commit: upgrading sso and adding oauth and
application management feature
Repository: stratos
Updated Branches:
refs/heads/master 3309e9998 -> 7aadf446f
upgrading sso and adding oauth and application management feature
Project: http://git-wip-us.apache.org/repos/asf/stratos/repo
Commit: http://git-wip-us.apache.org/repos/asf/stratos/commit/b766e124
Tree: http://git-wip-us.apache.org/repos/asf/stratos/tree/b766e124
Diff: http://git-wip-us.apache.org/repos/asf/stratos/diff/b766e124
Branch: refs/heads/master
Commit: b766e124e20d97005c3f7122c70df1d8b5d8d3dd
Parents: 3309e99
Author: Udara Liyanage <ud...@wso2.com>
Authored: Sat Nov 22 08:07:15 2014 +0530
Committer: Udara Liyanage <ud...@wso2.com>
Committed: Fri Dec 5 19:31:32 2014 +0530
----------------------------------------------------------------------
products/stratos/modules/p2-profile-gen/pom.xml | 99 +++++++++++++++++---
1 file changed, 86 insertions(+), 13 deletions(-)
----------------------------------------------------------------------
http://git-wip-us.apache.org/repos/asf/stratos/blob/b766e124/products/stratos/modules/p2-profile-gen/pom.xml
----------------------------------------------------------------------
diff --git a/products/stratos/modules/p2-profile-gen/pom.xml b/products/stratos/modules/p2-profile-gen/pom.xml
index 14c6eca..f5cdbfd 100644
--- a/products/stratos/modules/p2-profile-gen/pom.xml
+++ b/products/stratos/modules/p2-profile-gen/pom.xml
@@ -272,9 +272,9 @@
<featureArtifactDef>org.wso2.carbon:org.wso2.carbon.transport.mgt.server.feature:${carbon.version}</featureArtifactDef>
<featureArtifactDef>org.wso2.carbon:org.wso2.carbon.event.common.feature:${carbon.version}</featureArtifactDef>
<featureArtifactDef>org.wso2.carbon:org.wso2.carbon.event.server.feature:${carbon.platform.patch.version.4.2.1}</featureArtifactDef>
- <featureArtifactDef>org.wso2.carbon:org.wso2.carbon.identity.relying.party.feature:${carbon.platform.patch.version.4.2.1}</featureArtifactDef>
+ <!--<featureArtifactDef>org.wso2.carbon:org.wso2.carbon.identity.relying.party.feature:${carbon.platform.patch.version.4.2.1}</featureArtifactDef>-->
<featureArtifactDef>org.wso2.carbon:org.wso2.carbon.identity.core.feature:${carbon.platform.patch.version.4.2.2}</featureArtifactDef>
- <featureArtifactDef>org.wso2.carbon:org.wso2.carbon.identity.sso.saml.feature:${carbon.platform.patch.version.4.2.2}</featureArtifactDef>
+ <featureArtifactDef>org.wso2.carbon:org.wso2.carbon.identity.sso.saml.feature:${carbon.platform.patch.version.4.2.3}</featureArtifactDef>
<featureArtifactDef>org.wso2.carbon:org.wso2.carbon.registry.ui.menu.feature:${carbon.version}</featureArtifactDef>
<featureArtifactDef>org.wso2.carbon:org.wso2.carbon.module.mgt.server.feature:${carbon.version}</featureArtifactDef>
<featureArtifactDef>org.wso2.carbon:org.wso2.carbon.caching.feature:${carbon.version}</featureArtifactDef>
@@ -284,12 +284,20 @@
<featureArtifactDef>org.apache.stratos:org.apache.stratos.metadataservice.feature:${project.version}</featureArtifactDef>
<featureArtifactDef>org.wso2.carbon:org.wso2.carbon.identity.authenticator.saml2.sso.server.feature:${carbon.platform.patch.version.4.2.1}</featureArtifactDef>
<featureArtifactDef>org.wso2.carbon:org.wso2.carbon.identity.authenticator.saml2.sso.ui.feature:${carbon.platform.patch.version.4.2.2}</featureArtifactDef>
- <featureArtifactDef>org.wso2.carbon:org.wso2.carbon.identity.application.authentication.framework.server.feature:${carbon.platform.patch.version.4.2.1}</featureArtifactDef>
+ <featureArtifactDef>org.wso2.carbon:org.wso2.carbon.identity.application.authentication.framework.server.feature:${carbon.platform.patch.version.4.2.2}</featureArtifactDef>
+ <featureArtifactDef>org.wso2.carbon:org.wso2.carbon.identity.oauth.feature:${carbon.platform.patch.version.4.2.3}</featureArtifactDef>
+ <featureArtifactDef>org.wso2.carbon:org.wso2.carbon.identity.provider.server.feature:${carbon.platform.patch.version.4.2.3}</featureArtifactDef>
+ <featureArtifactDef>org.wso2.carbon:org.wso2.carbon.idp.mgt.feature:${carbon.platform.patch.version.4.2.3}</featureArtifactDef>
+ <featureArtifactDef>org.wso2.carbon:org.wso2.carbon.stratos.common.server.feature:2.2.0</featureArtifactDef>
+ <featureArtifactDef>org.wso2.carbon:org.wso2.carbon.as.runtimes.cxf.feature:4.2.2</featureArtifactDef>
+ <featureArtifactDef>org.wso2.carbon:org.wso2.carbon.identity.relying.party.server.feature:4.2.2</featureArtifactDef>
+ <featureArtifactDef>org.wso2.carbon:org.wso2.carbon.identity.application.mgt.feature:4.2.0</featureArtifactDef>
+ <featureArtifactDef>org.wso2.carbon:org.wso2.carbon.identity.core.feature:4.2.3</featureArtifactDef>
+ <featureArtifactDef>org.wso2.carbon:org.wso2.carbon.identity.user.profile.server.feature:${carbon.platform.patch.version.4.2.2}</featureArtifactDef>
<featureArtifactDef>org.jaggeryjs:org.jaggeryjs.feature:0.9.0.ALPHA4.wso2v3</featureArtifactDef>
<featureArtifactDef>caramel:caramel.feature:1.0.1</featureArtifactDef>
<featureArtifactDef>org.wso2.store:org.wso2.store.feature:${store.version}</featureArtifactDef>
<featureArtifactDef>org.wso2.carbon:org.wso2.carbon.identity.application.authenticator.basicauth.server.feature:4.2.1</featureArtifactDef>
- <featureArtifactDef>org.wso2.carbon:org.wso2.carbon.identity.application.authentication.framework.server.feature:4.2.1</featureArtifactDef>
<featureArtifactDef>org.apache.stratos:org.apache.stratos.messaging.feature:${project.version}</featureArtifactDef>
<featureArtifactDef>org.apache.stratos:org.apache.stratos.autoscaler.feature:${project.version}</featureArtifactDef>
<featureArtifactDef>org.wso2.carbon:org.wso2.carbon.registry.ui.menu.feature:${carbon.version}</featureArtifactDef>
@@ -418,7 +426,7 @@
</feature>
<feature>
<id>org.wso2.carbon.identity.sso.saml.feature.group</id>
- <version>${carbon.platform.patch.version.4.2.2}</version>
+ <version>${carbon.platform.patch.version.4.2.3}</version>
</feature>
<feature>
<id>org.apache.stratos.logging.mgt.feature.group</id>
@@ -509,12 +517,44 @@
<version>${store.version}</version>
</feature>
<feature>
- <id>org.wso2.carbon.identity.application.authenticator.basicauth.server.feature.group</id>
- <version>4.2.1</version>
+ <id>org.wso2.carbon.identity.application.authentication.framework.server.feature.group</id>
+ <version>4.2.2</version>
</feature>
<feature>
- <id>org.wso2.carbon.identity.application.authentication.framework.server.feature.group</id>
- <version>4.2.1</version>
+ <id>org.wso2.carbon.identity.oauth.feature.group</id>
+ <version>4.2.3</version>
+ </feature>
+ <feature>
+ <id>org.wso2.carbon.identity.provider.server.feature.group</id>
+ <version>4.2.3</version>
+ </feature>
+ <feature>
+ <id>org.wso2.carbon.idp.mgt.feature.group</id>
+ <version>4.2.3</version>
+ </feature>
+ <feature>
+ <id>org.wso2.carbon.stratos.common.server.feature.group</id>
+ <version>2.2.0</version>
+ </feature>
+ <feature>
+ <id>org.wso2.carbon.as.runtimes.cxf.feature.group</id>
+ <version>4.2.2</version>
+ </feature>
+ <feature>
+ <id>org.wso2.carbon.identity.relying.party.server.feature.group</id>
+ <version>4.2.2</version>
+ </feature>
+ <feature>
+ <id>org.wso2.carbon.identity.application.mgt.feature.group</id>
+ <version>4.2.0</version>
+ </feature>
+ <feature>
+ <id>org.wso2.carbon.identity.core.feature.group</id>
+ <version>4.2.3</version>
+ </feature>
+ <feature>
+ <id>org.wso2.carbon.identity.user.profile.server.feature.group</id>
+ <version>4.2.2</version>
</feature>
<!-- User Management features -->
<feature>
@@ -710,7 +750,7 @@
</feature>
<feature>
<id>org.wso2.carbon.identity.sso.saml.feature.group</id>
- <version>${carbon.platform.patch.version.4.2.2}</version>
+ <version>${carbon.platform.patch.version.4.2.3}</version>
</feature>
<feature>
<id>org.wso2.carbon.databridge.datapublisher.feature.group</id>
@@ -770,12 +810,14 @@
<!-- GApp SSO features -->
<feature>
<id>org.wso2.carbon.identity.core.feature.group</id>
- <version>${carbon.platform.patch.version.4.2.2}</version>
+ <version>${carbon.platform.patch.version.4.2.3}</version>
</feature>
+ <!--
<feature>
<id>org.wso2.carbon.identity.relying.party.feature.group</id>
<version>${carbon.platform.patch.version.4.2.1}</version>
</feature>
+ -->
<!--End GApp SSO features -->
<feature>
@@ -820,9 +862,40 @@
</feature>
<feature>
<id>org.wso2.carbon.identity.application.authentication.framework.server.feature.group</id>
- <version>4.2.1</version>
+ <version>4.2.2</version>
+ </feature>
+ <feature>
+ <id>org.wso2.carbon.identity.oauth.feature.group</id>
+ <version>4.2.3</version>
+ </feature>
+ <feature>
+ <id>org.wso2.carbon.identity.provider.server.feature.group</id>
+ <version>4.2.3</version>
+ </feature>
+ <feature>
+ <id>org.wso2.carbon.idp.mgt.feature.group</id>
+ <version>4.2.3</version>
+ </feature>
+ <feature>
+ <id>org.wso2.carbon.stratos.common.server.feature.group</id>
+ <version>2.2.0</version>
+ </feature>
+ <feature>
+ <id>org.wso2.carbon.as.runtimes.cxf.feature.group</id>
+ <version>4.2.2</version>
+ </feature>
+ <feature>
+ <id>org.wso2.carbon.identity.relying.party.server.feature.group</id>
+ <version>4.2.2</version>
+ </feature>
+ <feature>
+ <id>org.wso2.carbon.identity.application.mgt.feature.group</id>
+ <version>4.2.0</version>
+ </feature>
+ <feature>
+ <id>org.wso2.carbon.identity.core.feature.group</id>
+ <version>4.2.3</version>
</feature>
-
<!--autoscalar-->
<feature>
<id>org.apache.stratos.autoscaler.feature.group</id>
[4/6] stratos git commit: oAuth feature for metadata service
Posted by ud...@apache.org.
oAuth feature for metadata service
Project: http://git-wip-us.apache.org/repos/asf/stratos/repo
Commit: http://git-wip-us.apache.org/repos/asf/stratos/commit/c0651601
Tree: http://git-wip-us.apache.org/repos/asf/stratos/tree/c0651601
Diff: http://git-wip-us.apache.org/repos/asf/stratos/diff/c0651601
Branch: refs/heads/master
Commit: c0651601036d11f619e6ef7d2de27407fd381a73
Parents: b766e12
Author: Udara Liyanage <ud...@wso2.com>
Authored: Wed Dec 3 22:36:53 2014 +0530
Committer: Udara Liyanage <ud...@wso2.com>
Committed: Fri Dec 5 19:31:33 2014 +0530
----------------------------------------------------------------------
.../org.apache.stratos.custom.handlers/pom.xml | 105 ++++++++
.../authentication/SignedJWTAuthenticator.java | 225 +++++++++++++++++
.../ClientCredentialsGrantHandler.java | 242 +++++++++++++++++++
.../SignedJWTAuthenticatorServiceComponent.java | 97 ++++++++
components/org.apache.stratos.manager/pom.xml | 15 ++
...ntityApplicationManagementServiceClient.java | 202 ++++++++++++++++
.../apache/stratos/manager/client/Utility.java | 86 +++++++
.../manager/client/oAuthAdminServiceClient.java | 96 ++++++++
.../manager/utils/CartridgeConstants.java | 1 +
.../metadataservice/handlers/OAuthHandler.java | 147 ++++++-----
.../WEB-INF/cxf-servlet.xml | 3 +-
.../rest/endpoint/api/StratosApiV41Utils.java | 22 ++
components/pom.xml | 2 +
.../pom.xml | 15 +-
features/common/pom.xml | 3 +-
products/stratos/modules/p2-profile-gen/pom.xml | 9 +
16 files changed, 1206 insertions(+), 64 deletions(-)
----------------------------------------------------------------------
http://git-wip-us.apache.org/repos/asf/stratos/blob/c0651601/components/org.apache.stratos.custom.handlers/pom.xml
----------------------------------------------------------------------
diff --git a/components/org.apache.stratos.custom.handlers/pom.xml b/components/org.apache.stratos.custom.handlers/pom.xml
new file mode 100644
index 0000000..24a9454
--- /dev/null
+++ b/components/org.apache.stratos.custom.handlers/pom.xml
@@ -0,0 +1,105 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<project xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
+ xmlns="http://maven.apache.org/POM/4.0.0"
+ xsi:schemaLocation="http://maven.apache.org/POM/4.0.0 http://maven.apache.org/xsd/maven-4.0.0.xsd">
+ <parent>
+ <groupId>org.apache.stratos</groupId>
+ <artifactId>stratos-components-parent</artifactId>
+ <version>4.1.0-SNAPSHOT</version>
+ </parent>
+
+ <modelVersion>4.0.0</modelVersion>
+ <artifactId>org.apache.stratos.custom.handlers</artifactId>
+ <packaging>bundle</packaging>
+ <name>Apache Stratos - Custome Handlers</name>
+ <description>Custome Handlers</description>
+ <url>http://apache.org</url>
+ <dependencies>
+ <dependency>
+ <groupId>org.wso2.carbon</groupId>
+ <artifactId>org.wso2.carbon.identity.oauth</artifactId>
+ <version>4.2.3</version>
+ </dependency>
+
+ <dependency>
+ <groupId>com.nimbusds</groupId>
+ <artifactId>nimbus-jose-jwt</artifactId>
+ <version>2.26.1</version>
+ </dependency>
+ <dependency>
+ <groupId>net.minidev</groupId>
+ <artifactId>json-smart</artifactId>
+ <version>1.3</version>
+ </dependency>
+ <dependency>
+ <groupId>org.wso2.carbon</groupId>
+ <artifactId>org.wso2.carbon.logging</artifactId>
+ <version>4.2.0</version>
+ </dependency>
+
+ <dependency>
+ <groupId>org.wso2.carbon</groupId>
+ <artifactId>org.wso2.carbon.core</artifactId>
+ <version>4.2.0</version>
+ </dependency>
+ <dependency>
+ <groupId>org.wso2.carbon</groupId>
+ <artifactId>org.wso2.carbon.core.common</artifactId>
+ <version>4.2.0</version>
+ </dependency>
+ <dependency>
+ <groupId>org.wso2.carbon</groupId>
+ <artifactId>org.wso2.carbon.core.services</artifactId>
+ <version>4.2.0</version>
+ </dependency>
+ <dependency>
+ <groupId>org.wso2.carbon</groupId>
+ <artifactId>org.wso2.carbon.utils</artifactId>
+ <version>4.2.0</version>
+ </dependency>
+ <dependency>
+ <groupId>opensaml.wso2</groupId>
+ <artifactId>opensaml2</artifactId>
+ <version>2.4.1.wso2v1</version>
+ </dependency>
+ <dependency>
+ <groupId>com.nimbusds.wso2</groupId>
+ <artifactId>nimbus-jose-jwt</artifactId>
+ <version>2.26.1.wso2v2</version>
+ </dependency>
+ </dependencies>
+ <build>
+ <plugins>
+ <plugin>
+ <groupId>org.apache.felix</groupId>
+ <artifactId>maven-scr-plugin</artifactId>
+ </plugin>
+ <plugin>
+ <groupId>org.apache.felix</groupId>
+ <artifactId>maven-bundle-plugin</artifactId>
+ <version>1.4.0</version>
+ <extensions>true</extensions>
+ <configuration>
+ <instructions>
+ <Bundle-SymbolicName>
+ ${project.artifactId}
+ </Bundle-SymbolicName>
+ <Bundle-Name>${project.artifactId}</Bundle-Name>
+ <Import-Package>
+ org.wso2.carbon.identity.oauth2.*; version="4.2.3",
+ *;resolution:=optional,
+ </Import-Package>
+ <Export-Package>
+ !org.wso2.carbon.identity.authenticator.signedjwt.internal,
+ org.apache.stratos.custom.handlers.*,
+ </Export-Package>
+ <Embed-Dependency>
+ nimbus-jose-jwt|json-smart;scope=compile|runtime;inline=false
+ </Embed-Dependency>
+ <!--<DynamicImport-Package>*</DynamicImport-Package>-->
+ </instructions>
+ </configuration>
+ </plugin>
+ </plugins>
+ </build>
+</project>
http://git-wip-us.apache.org/repos/asf/stratos/blob/c0651601/components/org.apache.stratos.custom.handlers/src/main/java/org/apache/stratos/custom/handlers/authentication/SignedJWTAuthenticator.java
----------------------------------------------------------------------
diff --git a/components/org.apache.stratos.custom.handlers/src/main/java/org/apache/stratos/custom/handlers/authentication/SignedJWTAuthenticator.java b/components/org.apache.stratos.custom.handlers/src/main/java/org/apache/stratos/custom/handlers/authentication/SignedJWTAuthenticator.java
new file mode 100644
index 0000000..b98c3aa
--- /dev/null
+++ b/components/org.apache.stratos.custom.handlers/src/main/java/org/apache/stratos/custom/handlers/authentication/SignedJWTAuthenticator.java
@@ -0,0 +1,225 @@
+/*
+ * Copyright (c) WSO2 Inc. (http://wso2.com) All Rights Reserved.
+ *
+ * WSO2 Inc. licenses this file to you under the Apache License,
+ * Version 2.0 (the "License"); you may not use this file except
+ * in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing,
+ * software distributed under the License is distributed on an
+ * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+ * KIND, either express or implied. See the License for the
+ * specific language governing permissions and limitations
+ * under the License.
+ *
+ */
+
+package org.apache.stratos.custom.handlers.authentication;
+
+import com.nimbusds.jose.JWSVerifier;
+import com.nimbusds.jose.crypto.RSASSAVerifier;
+import com.nimbusds.jwt.SignedJWT;
+import org.apache.axiom.util.base64.Base64Utils;
+import org.apache.axis2.context.MessageContext;
+import org.apache.axis2.transport.http.HTTPConstants;
+import org.apache.commons.logging.Log;
+import org.apache.commons.logging.LogFactory;
+import org.apache.stratos.custom.handlers.internal.SignedJWTAuthenticatorServiceComponent;
+import org.osgi.framework.BundleContext;
+import org.osgi.util.tracker.ServiceTracker;
+import org.wso2.carbon.base.MultitenantConstants;
+import org.wso2.carbon.core.security.AuthenticatorsConfiguration;
+import org.wso2.carbon.core.services.authentication.CarbonServerAuthenticator;
+import org.wso2.carbon.core.services.util.CarbonAuthenticationUtil;
+import org.wso2.carbon.core.util.KeyStoreManager;
+import org.wso2.carbon.user.api.TenantManager;
+import org.wso2.carbon.user.api.UserStoreManager;
+import org.wso2.carbon.utils.AuthenticationObserver;
+import org.wso2.carbon.utils.multitenancy.MultitenantUtils;
+
+import javax.servlet.http.HttpServletRequest;
+import java.security.interfaces.RSAPublicKey;
+
+/**
+ * SignedJWTAuthenticator Authenticate a user by a JWT token. JWT token should contains
+ * a username as a claim and that user should be a valid user.
+ */
+public class SignedJWTAuthenticator implements CarbonServerAuthenticator {
+
+ private static final int DEFAULT_PRIORITY_LEVEL = 20;
+ private static final String AUTHENTICATOR_NAME = "SignedJWTAuthenticator";
+ private static final String AUTHORIZATION_HEADER_TYPE = "Bearer";
+ private static final String SIGNED_JWT_AUTH_USERNAME = "Username";
+
+ private static final Log log = LogFactory.getLog(SignedJWTAuthenticator.class);
+
+ @Override
+ public int getPriority() {
+ AuthenticatorsConfiguration authenticatorsConfiguration =
+ AuthenticatorsConfiguration.getInstance();
+ AuthenticatorsConfiguration.AuthenticatorConfig authenticatorConfig =
+ authenticatorsConfiguration.getAuthenticatorConfig(AUTHENTICATOR_NAME);
+ if (authenticatorConfig != null && authenticatorConfig.getPriority() > 0) {
+ return authenticatorConfig.getPriority();
+ }
+ return DEFAULT_PRIORITY_LEVEL;
+ }
+
+ @Override
+ public boolean isDisabled() {
+ AuthenticatorsConfiguration authenticatorsConfiguration =
+ AuthenticatorsConfiguration.getInstance();
+ AuthenticatorsConfiguration.AuthenticatorConfig authenticatorConfig =
+ authenticatorsConfiguration.getAuthenticatorConfig(AUTHENTICATOR_NAME);
+ return authenticatorConfig != null && authenticatorConfig.isDisabled();
+ }
+
+ @Override
+ public boolean authenticateWithRememberMe(MessageContext msgCxt) {
+ return false;
+ }
+
+ @Override
+ public String getAuthenticatorName() {
+ return AUTHENTICATOR_NAME;
+ }
+
+ @Override
+ public boolean isAuthenticated(MessageContext msgCxt) {
+ boolean isAuthenticated = false;
+ HttpServletRequest request =
+ (HttpServletRequest) msgCxt.getProperty(HTTPConstants.MC_HTTP_SERVLETREQUEST);
+ try {
+ //Get the filesystem keystore default primary certificate
+ KeyStoreManager keyStoreManager = KeyStoreManager.getInstance(
+ MultitenantConstants.SUPER_TENANT_ID);
+ keyStoreManager.getDefaultPrimaryCertificate();
+
+ String authorizationHeader = request.getHeader(HTTPConstants.HEADER_AUTHORIZATION);
+ String headerData = decodeAuthorizationHeader(authorizationHeader);
+
+ JWSVerifier verifier =
+ new RSASSAVerifier((RSAPublicKey) keyStoreManager.getDefaultPublicKey());
+ SignedJWT jwsObject = SignedJWT.parse(headerData);
+
+ if (jwsObject.verify(verifier)) {
+ String userName = jwsObject.getJWTClaimsSet().getStringClaim(SIGNED_JWT_AUTH_USERNAME);
+ String tenantDomain = MultitenantUtils.getTenantDomain(userName);
+ userName = MultitenantUtils.getTenantAwareUsername(userName);
+ TenantManager tenantManager = SignedJWTAuthenticatorServiceComponent
+ .getRealmService().getTenantManager();
+ int tenantId = tenantManager.getTenantId(tenantDomain);
+
+ handleAuthenticationStarted(tenantId);
+
+ UserStoreManager userStore = SignedJWTAuthenticatorServiceComponent
+ .getRealmService().getTenantUserRealm(tenantId).getUserStoreManager();
+ if (userStore.isExistingUser(userName)) {
+ isAuthenticated = true;
+ }
+
+ if (isAuthenticated) {
+ CarbonAuthenticationUtil.onSuccessAdminLogin(request.getSession(), userName,
+ tenantId, tenantDomain,
+ "Signed JWT Authentication");
+ handleAuthenticationCompleted(tenantId, true);
+ return true;
+ } else {
+ log.error(
+ "Authentication Request is rejected. User does not exists in UserStore");
+ CarbonAuthenticationUtil
+ .onFailedAdminLogin(request.getSession(), userName, tenantId,
+ "Signed JWT Authentication",
+ "User does not exists in UserStore");
+ handleAuthenticationCompleted(tenantId, false);
+ return false;
+ }
+ }
+ } catch (Exception e) {
+ log.error("Error authenticating the user " + e.getMessage(), e);
+ }
+ return isAuthenticated;
+ }
+
+ @Override
+ public boolean isHandle(MessageContext msgCxt) {
+ HttpServletRequest request =
+ (HttpServletRequest) msgCxt.getProperty(HTTPConstants.MC_HTTP_SERVLETREQUEST);
+ String authorizationHeader = request.getHeader(HTTPConstants.HEADER_AUTHORIZATION);
+ if (authorizationHeader != null) {
+ String authType = getAuthType(authorizationHeader);
+ if (authType != null && authType.equalsIgnoreCase(AUTHORIZATION_HEADER_TYPE)) {
+ return true;
+ }
+ }
+ return false;
+ }
+
+ /**
+ * Gets the authentication type in authorization header.
+ *
+ * @param authorizationHeader The authorization header - Authorization: Bearer QWxhZGRpbjpvcGVuIHNlc2FtZQ=="
+ * @return The authentication type mentioned in authorization header.
+ */
+ private String getAuthType(String authorizationHeader) {
+ String[] splitValues = null;
+ if (authorizationHeader != null) {
+ splitValues = authorizationHeader.trim().split(" ");
+ }
+ if (splitValues == null || splitValues.length == 0) {
+ return null;
+ }
+ return splitValues[0].trim();
+ }
+
+ private String decodeAuthorizationHeader(String authorizationHeader) {
+ String[] splitValues = authorizationHeader.trim().split(" ");
+ byte[] decodedBytes = Base64Utils.decode(splitValues[1].trim());
+ if (decodedBytes != null) {
+ return new String(decodedBytes);
+ } else {
+ log.debug(
+ "Error decoding authorization header. Could not retrieve user name and password.");
+ return null;
+ }
+ }
+
+ private void handleAuthenticationStarted(int tenantId) {
+ BundleContext bundleContext = SignedJWTAuthenticatorServiceComponent.getBundleContext();
+ if (bundleContext != null) {
+ ServiceTracker tracker =
+ new ServiceTracker(bundleContext,
+ AuthenticationObserver.class.getName(), null);
+ tracker.open();
+ Object[] services = tracker.getServices();
+ if (services != null) {
+ for (Object service : services) {
+ ((AuthenticationObserver) service).startedAuthentication(tenantId);
+ }
+ }
+ tracker.close();
+ }
+ }
+
+ private void handleAuthenticationCompleted(int tenantId, boolean isSuccessful) {
+ BundleContext bundleContext = SignedJWTAuthenticatorServiceComponent.getBundleContext();
+ if (bundleContext != null) {
+ ServiceTracker tracker =
+ new ServiceTracker(bundleContext,
+ AuthenticationObserver.class.getName(), null);
+ tracker.open();
+ Object[] services = tracker.getServices();
+ if (services != null) {
+ for (Object service : services) {
+ ((AuthenticationObserver) service).completedAuthentication(
+ tenantId, isSuccessful);
+ }
+ }
+ tracker.close();
+ }
+ }
+
+}
http://git-wip-us.apache.org/repos/asf/stratos/blob/c0651601/components/org.apache.stratos.custom.handlers/src/main/java/org/apache/stratos/custom/handlers/granttype/ClientCredentialsGrantHandler.java
----------------------------------------------------------------------
diff --git a/components/org.apache.stratos.custom.handlers/src/main/java/org/apache/stratos/custom/handlers/granttype/ClientCredentialsGrantHandler.java b/components/org.apache.stratos.custom.handlers/src/main/java/org/apache/stratos/custom/handlers/granttype/ClientCredentialsGrantHandler.java
new file mode 100644
index 0000000..843186c
--- /dev/null
+++ b/components/org.apache.stratos.custom.handlers/src/main/java/org/apache/stratos/custom/handlers/granttype/ClientCredentialsGrantHandler.java
@@ -0,0 +1,242 @@
+/*
+ * Licensed to the Apache Software Foundation (ASF) under one
+ * or more contributor license agreements. See the NOTICE file
+ * distributed with this work for additional information
+ * regarding copyright ownership. The ASF licenses this file
+ * to you under the Apache License, Version 2.0 (the
+ * "License"); you may not use this file except in compliance
+ * with the License. You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing,
+ * software distributed under the License is distributed on an
+ * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+ * KIND, either express or implied. See the License for the
+ * specific language governing permissions and limitations
+ * under the License.
+ */
+package org.apache.stratos.custom.handlers.granttype;
+
+import com.nimbusds.jose.JOSEException;
+import com.nimbusds.jose.JWSAlgorithm;
+import com.nimbusds.jose.JWSHeader;
+import com.nimbusds.jose.JWSSigner;
+import com.nimbusds.jose.crypto.RSASSASigner;
+import com.nimbusds.jwt.PlainJWT;
+import com.nimbusds.jwt.SignedJWT;
+import org.apache.commons.logging.Log;
+import org.apache.commons.logging.LogFactory;
+import org.apache.oltu.openidconnect.as.messages.IDTokenBuilder;
+import org.apache.oltu.openidconnect.as.messages.IDTokenException;
+import org.wso2.carbon.base.MultitenantConstants;
+import org.wso2.carbon.core.util.KeyStoreManager;
+import org.wso2.carbon.identity.oauth.config.OAuthServerConfiguration;
+import org.wso2.carbon.identity.oauth2.IdentityOAuth2Exception;
+import org.wso2.carbon.identity.oauth2.dto.OAuth2AccessTokenRespDTO;
+import org.wso2.carbon.identity.oauth2.token.OAuthTokenReqMessageContext;
+import org.wso2.carbon.identity.oauth2.token.handlers.grant.AbstractAuthorizationGrantHandler;
+
+import java.security.Key;
+import java.security.KeyStore;
+import java.security.KeyStoreException;
+import java.security.cert.Certificate;
+import java.security.interfaces.RSAPrivateKey;
+import java.text.ParseException;
+import java.util.Calendar;
+import java.util.concurrent.ConcurrentHashMap;
+
+/**
+ * Grant Handler for Grant Type : client_credentials
+ */
+public class ClientCredentialsGrantHandler extends AbstractAuthorizationGrantHandler {
+
+ private static Log log = LogFactory.getLog(ClientCredentialsGrantHandler.class);
+ private static ConcurrentHashMap<Integer, Key> privateKeys =
+ new ConcurrentHashMap<Integer, Key>();
+ private static ConcurrentHashMap<Integer, Certificate> publicCerts =
+ new ConcurrentHashMap<Integer, Certificate>();
+
+ @Override
+ public boolean validateGrant(OAuthTokenReqMessageContext tokReqMsgCtx)
+ throws IdentityOAuth2Exception {
+ // By this time, we have already validated client credentials.
+ tokReqMsgCtx.setScope(tokReqMsgCtx.getOauth2AccessTokenReqDTO().getScope());
+ return true;
+ }
+
+ public boolean issueRefreshToken() throws IdentityOAuth2Exception {
+ return false;
+ }
+
+ public boolean isOfTypeApplicationUser() throws IdentityOAuth2Exception {
+ return false;
+ }
+
+ public OAuth2AccessTokenRespDTO issue(OAuthTokenReqMessageContext tokReqMsgCtx) throws IdentityOAuth2Exception {
+
+ OAuthServerConfiguration config = OAuthServerConfiguration.getInstance();
+ String issuer = config.getOpenIDConnectIDTokenIssuerIdentifier();
+ String subject = tokReqMsgCtx.getAuthorizedUser();
+ String audience = tokReqMsgCtx.getOauth2AccessTokenReqDTO().getClientId();
+ String authorizedParty = tokReqMsgCtx.getOauth2AccessTokenReqDTO().getClientId();
+
+ OAuth2AccessTokenRespDTO tokenRespDTO = getTokenDTO(tokReqMsgCtx);
+ int lifetime = Integer.parseInt(config.getOpenIDConnectIDTokenExpiration()) * 1000;
+ int curTime = (int) Calendar.getInstance().getTimeInMillis();
+
+ String applicationId = tokReqMsgCtx.getScope()[0];
+
+ IDTokenBuilder builder =
+ new IDTokenBuilder().setIssuer(issuer)
+ .setSubject(subject)
+ .setAudience(audience)
+ .setAuthorizedParty(authorizedParty)
+ .setExpiration(curTime + lifetime)
+ .setIssuedAt((int) Calendar.getInstance().getTimeInMillis())
+ .setClaim("appId", applicationId);
+
+ String plainIDToken;
+ try {
+ plainIDToken = builder.buildIDToken();
+ } catch (IDTokenException e) {
+ String message = "Error while building ID token";
+ throw new RuntimeException(message, e);
+ }
+
+ String signedJwtKey;
+ try {
+ PlainJWT plainJWT = PlainJWT.parse(plainIDToken);
+ plainIDToken = plainJWT.serialize();
+ signedJwtKey = signJWT(plainIDToken, tokReqMsgCtx);
+ } catch (ParseException e) {
+ String message = "Error while passing ID token";
+ throw new RuntimeException(message, e);
+ }
+
+ tokenRespDTO.setIDToken(signedJwtKey);
+ return tokenRespDTO;
+ }
+
+ private OAuth2AccessTokenRespDTO getTokenDTO(OAuthTokenReqMessageContext tokReqMsgCtx) throws IdentityOAuth2Exception {
+ return super.issue(tokReqMsgCtx);
+ }
+
+ protected String signJWT(String payLoad, OAuthTokenReqMessageContext request)
+ throws IdentityOAuth2Exception {
+ JWSAlgorithm jwsAlgorithm =
+ mapSignatureAlgorithm(OAuthServerConfiguration.getInstance()
+ .getSignatureAlgorithm());
+ if (JWSAlgorithm.RS256.equals(jwsAlgorithm) || JWSAlgorithm.RS384.equals(jwsAlgorithm) ||
+ JWSAlgorithm.RS512.equals(jwsAlgorithm)) {
+ return signJWTWithRSA(payLoad, jwsAlgorithm, request);
+ }
+ log.error("UnSupported Signature Algorithm");
+ throw new IdentityOAuth2Exception("UnSupported Signature Algorithm");
+ }
+
+ protected String signJWTWithRSA(String payLoad, JWSAlgorithm jwsAlgorithm,
+ OAuthTokenReqMessageContext request)
+ throws IdentityOAuth2Exception {
+ try {
+ String tenantDomain = request.getOauth2AccessTokenReqDTO().getTenantDomain();
+ int tenantId = request.getTenantID();
+ if (tenantDomain == null) {
+ tenantDomain = MultitenantConstants.SUPER_TENANT_DOMAIN_NAME;
+ }
+ if (tenantId == 0) {
+ tenantId = MultitenantConstants.SUPER_TENANT_ID;
+ }
+ Key privateKey = null;
+
+ if (!(privateKeys.containsKey(tenantId))) {
+ // get tenant's key store manager
+ KeyStoreManager tenantKSM = KeyStoreManager.getInstance(tenantId);
+
+ if (!tenantDomain.equals(MultitenantConstants.SUPER_TENANT_DOMAIN_NAME)) {
+ // derive key store name
+ String ksName = tenantDomain.trim().replace(".", "-");
+ String jksName = ksName + ".jks";
+ // obtain private key
+ privateKey = tenantKSM.getPrivateKey(jksName, tenantDomain);
+
+ } else {
+ try {
+ privateKey = tenantKSM.getDefaultPrivateKey();
+ } catch (Exception e) {
+ log.error("Error while obtaining private key for super tenant", e);
+ }
+ }
+ if (privateKey != null) {
+ privateKeys.put(tenantId, privateKey);
+ }
+ } else {
+ privateKey = privateKeys.get(tenantId);
+ }
+
+ Certificate publicCert;
+
+ if (!(publicCerts.containsKey(tenantId))) {
+ // get tenant's key store manager
+ KeyStoreManager tenantKSM = KeyStoreManager.getInstance(tenantId);
+
+ KeyStore keyStore;
+ if (!tenantDomain.equals(MultitenantConstants.SUPER_TENANT_DOMAIN_NAME)) {
+ // derive key store name
+ String ksName = tenantDomain.trim().replace(".", "-");
+ String jksName = ksName + ".jks";
+ keyStore = tenantKSM.getKeyStore(jksName);
+ publicCert = keyStore.getCertificate(tenantDomain);
+ } else {
+ publicCert = tenantKSM.getDefaultPrimaryCertificate();
+ }
+ if (publicCert != null) {
+ publicCerts.put(tenantId, publicCert);
+ }
+ } else {
+ publicCert = publicCerts.get(tenantId);
+ }
+
+ JWSSigner signer = new RSASSASigner((RSAPrivateKey) privateKey);
+ SignedJWT signedJWT =
+ new SignedJWT(new JWSHeader(jwsAlgorithm),
+ PlainJWT.parse(payLoad).getJWTClaimsSet());
+ signedJWT.sign(signer);
+ return signedJWT.serialize();
+ } catch (KeyStoreException e) {
+ log.error("Error in obtaining tenant's keystore", e);
+ throw new IdentityOAuth2Exception("Error in obtaining tenant's keystore", e);
+ } catch (JOSEException e) {
+ log.error("Error in obtaining tenant's keystore", e);
+ throw new IdentityOAuth2Exception("Error in obtaining tenant's keystore", e);
+ } catch (Exception e) {
+ log.error("Error in obtaining tenant's keystore", e);
+ throw new IdentityOAuth2Exception("Error in obtaining tenant's keystore", e);
+ }
+ }
+
+ protected JWSAlgorithm mapSignatureAlgorithm(String signatureAlgorithm)
+ throws IdentityOAuth2Exception {
+ if ("SHA256withRSA".equals(signatureAlgorithm)) {
+ return JWSAlgorithm.RS256;
+ } else if ("SHA384withRSA".equals(signatureAlgorithm)) {
+ return JWSAlgorithm.RS384;
+ } else if ("SHA512withRSA".equals(signatureAlgorithm)) {
+ return JWSAlgorithm.RS512;
+ } else if ("SHA256withHMAC".equals(signatureAlgorithm)) {
+ return JWSAlgorithm.HS256;
+ } else if ("SHA384withHMAC".equals(signatureAlgorithm)) {
+ return JWSAlgorithm.HS384;
+ } else if ("SHA512withHMAC".equals(signatureAlgorithm)) {
+ return JWSAlgorithm.HS512;
+ } else if ("SHA256withEC".equals(signatureAlgorithm)) {
+ return JWSAlgorithm.ES256;
+ } else if ("SHA384withEC".equals(signatureAlgorithm)) {
+ return JWSAlgorithm.ES384;
+ } else if ("SHA512withEC".equals(signatureAlgorithm)) {
+ return JWSAlgorithm.ES512;
+ }
+ log.error("Unsupported Signature Algorithm in identity.xml");
+ throw new IdentityOAuth2Exception("Unsupported Signature Algorithm in identity.xml");
+ }
+}
http://git-wip-us.apache.org/repos/asf/stratos/blob/c0651601/components/org.apache.stratos.custom.handlers/src/main/java/org/apache/stratos/custom/handlers/internal/SignedJWTAuthenticatorServiceComponent.java
----------------------------------------------------------------------
diff --git a/components/org.apache.stratos.custom.handlers/src/main/java/org/apache/stratos/custom/handlers/internal/SignedJWTAuthenticatorServiceComponent.java b/components/org.apache.stratos.custom.handlers/src/main/java/org/apache/stratos/custom/handlers/internal/SignedJWTAuthenticatorServiceComponent.java
new file mode 100644
index 0000000..390368b
--- /dev/null
+++ b/components/org.apache.stratos.custom.handlers/src/main/java/org/apache/stratos/custom/handlers/internal/SignedJWTAuthenticatorServiceComponent.java
@@ -0,0 +1,97 @@
+/*
+ * Copyright (c) WSO2 Inc. (http://wso2.com) All Rights Reserved.
+ *
+ * WSO2 Inc. licenses this file to you under the Apache License,
+ * Version 2.0 (the "License"); you may not use this file except
+ * in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing,
+ * software distributed under the License is distributed on an
+ * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+ * KIND, either express or implied. See the License for the
+ * specific language governing permissions and limitations
+ * under the License.
+ *
+ */
+
+package org.apache.stratos.custom.handlers.internal;
+
+import org.apache.commons.logging.Log;
+import org.apache.commons.logging.LogFactory;
+import org.apache.stratos.custom.handlers.authentication.SignedJWTAuthenticator;
+import org.osgi.framework.BundleContext;
+import org.osgi.service.component.ComponentContext;
+import org.wso2.carbon.CarbonConstants;
+import org.wso2.carbon.core.services.authentication.CarbonServerAuthenticator;
+import org.wso2.carbon.user.core.service.RealmService;
+
+import java.util.Hashtable;
+
+
+/**
+ * @scr.component name=
+ * "signedjwt.SignedJWTAuthenticatorServiceComponent"
+ * immediate="true"
+ * @scr.reference name="user.realmservice.default"
+ * interface="org.wso2.carbon.user.core.service.RealmService"
+ * cardinality="1..1" policy="dynamic"
+ * bind="setRealmService"
+ * unbind="unsetRealmService"
+ */
+public class SignedJWTAuthenticatorServiceComponent {
+
+ private static final Log log = LogFactory.getLog(SignedJWTAuthenticatorServiceComponent.class);
+ private static RealmService realmService = null;
+ private static BundleContext bundleContext = null;
+
+ public static RealmService getRealmService() {
+ return realmService;
+ }
+
+ protected void setRealmService(RealmService realmService) {
+ if (log.isDebugEnabled()) {
+ log.debug("RealmService acquired");
+ }
+ SignedJWTAuthenticatorServiceComponent.realmService = realmService;
+ }
+
+ public static BundleContext getBundleContext() {
+ return bundleContext;
+ }
+
+ public static void setBundleContext(BundleContext bundleContext) {
+ SignedJWTAuthenticatorServiceComponent.bundleContext = bundleContext;
+ }
+
+ protected void activate(ComponentContext cxt) {
+ try {
+ SignedJWTAuthenticator authenticator = new SignedJWTAuthenticator();
+ SignedJWTAuthenticatorServiceComponent.setBundleContext(cxt.getBundleContext());
+ Hashtable<String, String> props = new Hashtable<String, String>();
+ props.put(CarbonConstants.AUTHENTICATOR_TYPE, authenticator.getAuthenticatorName());
+ cxt.getBundleContext().registerService(CarbonServerAuthenticator.class.getName(),
+ authenticator, props);
+ } catch (Exception e) {
+ log.error(e.getMessage(), e);
+ // throwing so that server will not start
+ throw new RuntimeException("Failed to start the Signed JWT Authenticator Bundle" +
+ e.getMessage(), e);
+ }
+ log.debug("Signed JWT Authenticator is activated");
+ }
+
+ protected void deactivate(ComponentContext context) {
+ if (log.isDebugEnabled()) {
+ log.debug("Signed JWT Authenticator is deactivated");
+ }
+ }
+
+ protected void unsetRealmService(RealmService realmService) {
+ SignedJWTAuthenticatorServiceComponent.realmService = null;
+ }
+
+}
+
http://git-wip-us.apache.org/repos/asf/stratos/blob/c0651601/components/org.apache.stratos.manager/pom.xml
----------------------------------------------------------------------
diff --git a/components/org.apache.stratos.manager/pom.xml b/components/org.apache.stratos.manager/pom.xml
index 9e1386f..1f3d82a 100644
--- a/components/org.apache.stratos.manager/pom.xml
+++ b/components/org.apache.stratos.manager/pom.xml
@@ -126,6 +126,21 @@
<artifactId>mqtt-client</artifactId>
<version>0.4.0</version>
</dependency>
+ <dependency>
+ <groupId>org.wso2.carbon</groupId>
+ <artifactId>org.wso2.carbon.identity.oauth</artifactId>
+ <version>4.2.3</version>
+ </dependency>
+ <dependency>
+ <groupId>org.wso2.carbon</groupId>
+ <artifactId>org.wso2.carbon.identity.oauth.stub</artifactId>
+ <version>4.2.3</version>
+ </dependency>
+ <dependency>
+ <groupId>org.wso2.carbon</groupId>
+ <artifactId>org.wso2.carbon.identity.application.mgt.stub</artifactId>
+ <version>4.2.0</version>
+ </dependency>
</dependencies>
<build>
http://git-wip-us.apache.org/repos/asf/stratos/blob/c0651601/components/org.apache.stratos.manager/src/main/java/org/apache/stratos/manager/client/IdentityApplicationManagementServiceClient.java
----------------------------------------------------------------------
diff --git a/components/org.apache.stratos.manager/src/main/java/org/apache/stratos/manager/client/IdentityApplicationManagementServiceClient.java b/components/org.apache.stratos.manager/src/main/java/org/apache/stratos/manager/client/IdentityApplicationManagementServiceClient.java
new file mode 100644
index 0000000..7dccc7c
--- /dev/null
+++ b/components/org.apache.stratos.manager/src/main/java/org/apache/stratos/manager/client/IdentityApplicationManagementServiceClient.java
@@ -0,0 +1,202 @@
+/*
+ * Licensed to the Apache Software Foundation (ASF) under one
+ * or more contributor license agreements. See the NOTICE file
+ * distributed with this work for additional information
+ * regarding copyright ownership. The ASF licenses this file
+ * to you under the Apache License, Version 2.0 (the
+ * "License"); you may not use this file except in compliance
+ * with the License. You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing,
+ * software distributed under the License is distributed on an
+ * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+ * KIND, either express or implied. See the License for the
+ * specific language governing permissions and limitations
+ * under the License.
+ */
+package org.apache.stratos.manager.client;
+
+import org.apache.amber.oauth2.client.OAuthClient;
+import org.apache.amber.oauth2.client.URLConnectionClient;
+import org.apache.amber.oauth2.client.request.OAuthClientRequest;
+import org.apache.amber.oauth2.client.response.OAuthClientResponse;
+import org.apache.amber.oauth2.common.exception.OAuthProblemException;
+import org.apache.amber.oauth2.common.exception.OAuthSystemException;
+import org.apache.amber.oauth2.common.message.types.GrantType;
+import org.apache.axis2.AxisFault;
+import org.apache.axis2.context.ConfigurationContext;
+import org.apache.axis2.transport.http.HTTPConstants;
+import org.apache.commons.logging.Log;
+import org.apache.commons.logging.LogFactory;
+import org.apache.stratos.manager.internal.DataHolder;
+import org.apache.stratos.manager.utils.CartridgeConstants;
+import org.wso2.carbon.base.ServerConfiguration;
+import org.wso2.carbon.identity.application.common.model.xsd.InboundAuthenticationRequestConfig;
+import org.wso2.carbon.identity.application.common.model.xsd.OutboundProvisioningConfig;
+import org.wso2.carbon.identity.application.common.model.xsd.Property;
+import org.wso2.carbon.identity.application.common.model.xsd.ServiceProvider;
+import org.wso2.carbon.identity.application.mgt.stub.IdentityApplicationManagementServiceIdentityApplicationManagementException;
+import org.wso2.carbon.identity.application.mgt.stub.IdentityApplicationManagementServiceStub;
+import org.wso2.carbon.identity.oauth.stub.OAuthAdminServiceException;
+import org.wso2.carbon.identity.oauth.stub.dto.OAuthConsumerAppDTO;
+import org.wso2.carbon.utils.CarbonUtils;
+
+import java.rmi.RemoteException;
+import java.util.ArrayList;
+import java.util.List;
+
+public class IdentityApplicationManagementServiceClient {
+
+ private static final Log log = LogFactory.getLog(IdentityApplicationManagementServiceClient.class);
+ private static final String ID_TOKEN = "id_token";
+
+ private static IdentityApplicationManagementServiceClient serviceClient;
+ private final IdentityApplicationManagementServiceStub stub;
+
+ public IdentityApplicationManagementServiceClient(String epr) throws AxisFault {
+
+
+ String autosclaerSocketTimeout =
+ System.getProperty(CartridgeConstants.AUTOSCALER_SOCKET_TIMEOUT) == null ? "300000" : System.getProperty(CartridgeConstants.AUTOSCALER_SOCKET_TIMEOUT);
+ String autosclaerConnectionTimeout =
+ System.getProperty(CartridgeConstants.AUTOSCALER_CONNECTION_TIMEOUT) == null ? "300000" : System.getProperty(CartridgeConstants.AUTOSCALER_CONNECTION_TIMEOUT);
+
+ ConfigurationContext clientConfigContext = DataHolder.getClientConfigContext();
+ try {
+ ServerConfiguration serverConfig = CarbonUtils.getServerConfiguration();
+ String trustStorePath = serverConfig.getFirstProperty("Security.TrustStore.Location");
+ String trustStorePassword = serverConfig.getFirstProperty("Security.TrustStore.Password");
+ String type = serverConfig.getFirstProperty("Security.TrustStore.Type");
+
+ System.setProperty("javax.net.ssl.trustStore", trustStorePath);
+ System.setProperty("javax.net.ssl.trustStorePassword", trustStorePassword);
+ System.setProperty("javax.net.ssl.trustStoreType", type);
+
+ stub = new IdentityApplicationManagementServiceStub(clientConfigContext, epr);
+ stub._getServiceClient().getOptions().setProperty(HTTPConstants.SO_TIMEOUT, new Integer(autosclaerSocketTimeout));
+ stub._getServiceClient().getOptions().setProperty(HTTPConstants.CONNECTION_TIMEOUT, new Integer(autosclaerConnectionTimeout));
+ Utility.setAuthHeaders(stub._getServiceClient(), "admin");
+
+ } catch (AxisFault axisFault) {
+ String msg = "Failed to initiate identity service client. " + axisFault.getMessage();
+ log.error(msg, axisFault);
+ throw new AxisFault(msg, axisFault);
+ }
+ }
+
+ public static IdentityApplicationManagementServiceClient getServiceClient() throws AxisFault {
+ if (serviceClient == null) {
+ synchronized (IdentityApplicationManagementServiceClient.class) {
+ if (serviceClient == null) {
+ serviceClient = new IdentityApplicationManagementServiceClient(System.getProperty(CartridgeConstants.IDENTITY_SERVICE_URL) + "/services/IdentityApplicationManagementService");
+ }
+ }
+ }
+ return serviceClient;
+ }
+
+ public String createServiceProvider(String appName, String spName, String compositeAppId) throws RemoteException, OAuthAdminServiceException {
+ OAuthConsumerAppDTO oAuthApplication = null;
+ String accessToken = null;
+
+ oAuthApplication = oAuthAdminServiceClient.getServiceClient().getOAuthApplication(appName);
+
+ if(oAuthApplication == null){
+ return null;
+ }
+
+ String consumerKey = oAuthApplication.getOauthConsumerKey();
+ String consumerSecret = oAuthApplication.getOauthConsumerSecret();
+
+ ServiceProvider serviceProvider = new ServiceProvider();
+ serviceProvider.setApplicationName(spName);
+
+ try {
+ stub.createApplication(serviceProvider);
+ } catch (IdentityApplicationManagementServiceIdentityApplicationManagementException e) {
+ e.printStackTrace();
+ }
+ try {
+ serviceProvider = stub.getApplication(spName);
+ } catch (IdentityApplicationManagementServiceIdentityApplicationManagementException e) {
+ e.printStackTrace();
+ }
+
+ serviceProvider.setOutboundProvisioningConfig(new OutboundProvisioningConfig());
+
+ List<InboundAuthenticationRequestConfig> authRequestList = new ArrayList<InboundAuthenticationRequestConfig>();
+
+
+ if (consumerKey != null) {
+ InboundAuthenticationRequestConfig opicAuthenticationRequest =
+ new InboundAuthenticationRequestConfig();
+ opicAuthenticationRequest.setInboundAuthKey(consumerKey);
+ opicAuthenticationRequest.setInboundAuthType("oauth2");
+ if (consumerSecret != null && !consumerSecret.isEmpty()) {
+ Property property = new Property();
+ property.setName("oauthConsumerSecret");
+ property.setValue(consumerSecret);
+ Property[] properties = {property};
+ opicAuthenticationRequest.setProperties(properties);
+ }
+ authRequestList.add(opicAuthenticationRequest);
+ }
+
+ String passiveSTSRealm = spName;
+ if (passiveSTSRealm != null) {
+ InboundAuthenticationRequestConfig opicAuthenticationRequest =
+ new InboundAuthenticationRequestConfig();
+ opicAuthenticationRequest.setInboundAuthKey(passiveSTSRealm);
+ opicAuthenticationRequest.setInboundAuthType("passivests");
+ authRequestList.add(opicAuthenticationRequest);
+ }
+
+ String openidRealm = spName;
+ if (openidRealm != null) {
+ InboundAuthenticationRequestConfig opicAuthenticationRequest =
+ new InboundAuthenticationRequestConfig();
+ opicAuthenticationRequest.setInboundAuthKey(openidRealm);
+ opicAuthenticationRequest.setInboundAuthType("openid");
+ authRequestList.add(opicAuthenticationRequest);
+ }
+
+ if (authRequestList.size() > 0) {
+ serviceProvider.getInboundAuthenticationConfig()
+ .setInboundAuthenticationRequestConfigs(authRequestList.toArray(new InboundAuthenticationRequestConfig[authRequestList.size()]));
+ }
+
+ try {
+ stub.updateApplication(serviceProvider);
+ } catch (IdentityApplicationManagementServiceIdentityApplicationManagementException e) {
+ e.printStackTrace();
+ }
+
+ accessToken = getIdToken(compositeAppId, accessToken, consumerKey, consumerSecret);
+ return accessToken;
+ }
+
+ private String getIdToken(String compositeAppId, String accessToken, String consumerKey, String consumerSecret) {
+ String tokenEndpoint = System.getProperty(CartridgeConstants.IDENTITY_SERVICE_URL) + "oauth2/token";
+ try {
+ OAuthClientRequest accessRequest = OAuthClientRequest.tokenLocation(tokenEndpoint)
+ .setGrantType(GrantType.CLIENT_CREDENTIALS)
+ .setClientId(consumerKey)
+ .setClientSecret(consumerSecret)
+ .setScope(compositeAppId)
+ .buildBodyMessage();
+ OAuthClient oAuthClient = new OAuthClient(new URLConnectionClient());
+
+ OAuthClientResponse oAuthResponse = oAuthClient.accessToken(accessRequest);
+ accessToken = oAuthResponse.getParam(ID_TOKEN);
+
+ } catch (OAuthSystemException e) {
+ e.printStackTrace();
+ } catch (OAuthProblemException e) {
+ e.printStackTrace();
+ }
+ return accessToken;
+ }
+
+}
http://git-wip-us.apache.org/repos/asf/stratos/blob/c0651601/components/org.apache.stratos.manager/src/main/java/org/apache/stratos/manager/client/Utility.java
----------------------------------------------------------------------
diff --git a/components/org.apache.stratos.manager/src/main/java/org/apache/stratos/manager/client/Utility.java b/components/org.apache.stratos.manager/src/main/java/org/apache/stratos/manager/client/Utility.java
new file mode 100644
index 0000000..59f4230
--- /dev/null
+++ b/components/org.apache.stratos.manager/src/main/java/org/apache/stratos/manager/client/Utility.java
@@ -0,0 +1,86 @@
+/*
+ * Licensed to the Apache Software Foundation (ASF) under one
+ * or more contributor license agreements. See the NOTICE file
+ * distributed with this work for additional information
+ * regarding copyright ownership. The ASF licenses this file
+ * to you under the Apache License, Version 2.0 (the
+ * "License"); you may not use this file except in compliance
+ * with the License. You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing,
+ * software distributed under the License is distributed on an
+ * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+ * KIND, either express or implied. See the License for the
+ * specific language governing permissions and limitations
+ * under the License.
+ */
+package org.apache.stratos.manager.client;
+
+import com.nimbusds.jose.JWSAlgorithm;
+import com.nimbusds.jose.JWSHeader;
+import com.nimbusds.jose.JWSSigner;
+import com.nimbusds.jose.crypto.RSASSASigner;
+import com.nimbusds.jwt.JWTClaimsSet;
+import com.nimbusds.jwt.SignedJWT;
+import org.apache.axiom.util.base64.Base64Utils;
+import org.apache.axis2.client.ServiceClient;
+import org.apache.axis2.transport.http.HTTPConstants;
+import org.apache.commons.httpclient.Header;
+import org.apache.commons.logging.Log;
+import org.apache.commons.logging.LogFactory;
+import org.wso2.carbon.base.MultitenantConstants;
+import org.wso2.carbon.core.util.KeyStoreManager;
+
+import java.security.SignatureException;
+import java.security.interfaces.RSAPrivateKey;
+import java.util.ArrayList;
+import java.util.List;
+
+public class Utility {
+ public static final String SIGNED_JWT_AUTH_USERNAME = "Username";
+ public static final String BEARER = "Bearer";
+ private static final Log log = LogFactory.getLog(Utility.class);
+
+ /**
+ * Set Auth headers to service client. Singed JWT authentication handler expect username
+ * as a claim in order to validate the user. This is an alternative to mutual auth.
+ *
+ * @param serviceClient Service client.
+ * @param username username which is set in header.
+ */
+
+ public static void setAuthHeaders(ServiceClient serviceClient, String username) {
+ List headerList = new ArrayList();
+ Header header = new Header();
+ header.setName(HTTPConstants.HEADER_AUTHORIZATION);
+ header.setValue(getAuthHeader(username));
+ headerList.add(header);
+ serviceClient.getOptions().setProperty(HTTPConstants.HTTP_HEADERS, headerList);
+ }
+
+ public static String getAuthHeader(String username) throws RuntimeException {
+
+ KeyStoreManager keyStoreManager;
+ keyStoreManager = KeyStoreManager.getInstance(MultitenantConstants.SUPER_TENANT_ID);
+ try {
+ keyStoreManager.getDefaultPrimaryCertificate();
+ JWSSigner signer = new RSASSASigner((RSAPrivateKey) keyStoreManager.getDefaultPrivateKey());
+ JWTClaimsSet claimsSet = new JWTClaimsSet();
+ claimsSet.setClaim(SIGNED_JWT_AUTH_USERNAME, username);
+ SignedJWT signedJWT = new SignedJWT(new JWSHeader(JWSAlgorithm.RS512), claimsSet);
+ signedJWT.sign(signer);
+
+ return BEARER + " " + Base64Utils.encode(signedJWT.serialize().getBytes());
+ } catch (SignatureException e) {
+ String msg = "Failed to sign with signature instance";
+ log.error(msg, e);
+ throw new RuntimeException(msg, e);
+ } catch (Exception e) {
+ String msg = "Failed to get primary default certificate";
+ log.error(msg, e);
+ throw new RuntimeException(msg, e);
+ }
+ }
+}
http://git-wip-us.apache.org/repos/asf/stratos/blob/c0651601/components/org.apache.stratos.manager/src/main/java/org/apache/stratos/manager/client/oAuthAdminServiceClient.java
----------------------------------------------------------------------
diff --git a/components/org.apache.stratos.manager/src/main/java/org/apache/stratos/manager/client/oAuthAdminServiceClient.java b/components/org.apache.stratos.manager/src/main/java/org/apache/stratos/manager/client/oAuthAdminServiceClient.java
new file mode 100644
index 0000000..febf8c7
--- /dev/null
+++ b/components/org.apache.stratos.manager/src/main/java/org/apache/stratos/manager/client/oAuthAdminServiceClient.java
@@ -0,0 +1,96 @@
+/*
+ * Licensed to the Apache Software Foundation (ASF) under one
+ * or more contributor license agreements. See the NOTICE file
+ * distributed with this work for additional information
+ * regarding copyright ownership. The ASF licenses this file
+ * to you under the Apache License, Version 2.0 (the
+ * "License"); you may not use this file except in compliance
+ * with the License. You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing,
+ * software distributed under the License is distributed on an
+ * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+ * KIND, either express or implied. See the License for the
+ * specific language governing permissions and limitations
+ * under the License.
+ */
+package org.apache.stratos.manager.client;
+
+import org.apache.axis2.AxisFault;
+import org.apache.axis2.context.ConfigurationContext;
+import org.apache.axis2.transport.http.HTTPConstants;
+import org.apache.commons.logging.Log;
+import org.apache.commons.logging.LogFactory;
+import org.apache.stratos.manager.internal.DataHolder;
+import org.apache.stratos.manager.utils.CartridgeConstants;
+import org.wso2.carbon.base.ServerConfiguration;
+import org.wso2.carbon.identity.oauth.stub.OAuthAdminServiceException;
+import org.wso2.carbon.identity.oauth.stub.OAuthAdminServiceStub;
+import org.wso2.carbon.identity.oauth.stub.dto.OAuthConsumerAppDTO;
+import org.wso2.carbon.utils.CarbonUtils;
+
+import java.rmi.RemoteException;
+
+public class oAuthAdminServiceClient {
+
+ public static final String GRANT_TYPE = "client-credentials";
+ private static final Log log = LogFactory.getLog(oAuthAdminServiceClient.class);
+ private static final String OAUTH_2_0 = "oauth-2.0";
+ private static oAuthAdminServiceClient serviceClient;
+ private final OAuthAdminServiceStub stub;
+
+ public oAuthAdminServiceClient(String epr) throws AxisFault {
+
+ String autosclaerSocketTimeout =
+ System.getProperty(CartridgeConstants.AUTOSCALER_SOCKET_TIMEOUT) == null ? "300000" : System.getProperty(CartridgeConstants.AUTOSCALER_SOCKET_TIMEOUT);
+ String autosclaerConnectionTimeout =
+ System.getProperty(CartridgeConstants.AUTOSCALER_CONNECTION_TIMEOUT) == null ? "300000" : System.getProperty(CartridgeConstants.AUTOSCALER_CONNECTION_TIMEOUT);
+
+ ConfigurationContext clientConfigContext = DataHolder.getClientConfigContext();
+ try {
+ ServerConfiguration serverConfig = CarbonUtils.getServerConfiguration();
+ String trustStorePath = serverConfig.getFirstProperty("Security.TrustStore.Location");
+ String trustStorePassword = serverConfig.getFirstProperty("Security.TrustStore.Password");
+ String type = serverConfig.getFirstProperty("Security.TrustStore.Type");
+ System.setProperty("javax.net.ssl.trustStore", trustStorePath);
+ System.setProperty("javax.net.ssl.trustStorePassword", trustStorePassword);
+ System.setProperty("javax.net.ssl.trustStoreType", type);
+
+ stub = new OAuthAdminServiceStub(clientConfigContext, epr);
+ stub._getServiceClient().getOptions().setProperty(HTTPConstants.SO_TIMEOUT, new Integer(autosclaerSocketTimeout));
+ stub._getServiceClient().getOptions().setProperty(HTTPConstants.CONNECTION_TIMEOUT, new Integer(autosclaerConnectionTimeout));
+ Utility.setAuthHeaders(stub._getServiceClient(), "admin");
+
+ } catch (AxisFault axisFault) {
+ String msg = "Failed to initiate identity service client. " + axisFault.getMessage();
+ log.error(msg, axisFault);
+ throw new AxisFault(msg, axisFault);
+ }
+ }
+
+ public static oAuthAdminServiceClient getServiceClient() throws AxisFault {
+ if (serviceClient == null) {
+ synchronized (oAuthAdminServiceClient.class) {
+ if (serviceClient == null) {
+ serviceClient = new oAuthAdminServiceClient(System.getProperty(CartridgeConstants.IDENTITY_SERVICE_URL) + "/services/OAuthAdminService");
+ }
+ }
+ }
+ return serviceClient;
+ }
+
+ public void registerOauthApplication(String appName) throws RemoteException, OAuthAdminServiceException {
+ OAuthConsumerAppDTO oAuthConsumerDTO = new OAuthConsumerAppDTO();
+ oAuthConsumerDTO.setApplicationName(appName);
+ oAuthConsumerDTO.setOAuthVersion(OAUTH_2_0);
+ oAuthConsumerDTO.setGrantTypes(GRANT_TYPE);
+ stub.registerOAuthApplicationData(oAuthConsumerDTO);
+ }
+
+ public OAuthConsumerAppDTO getOAuthApplication(String name) throws RemoteException, OAuthAdminServiceException {
+ return stub.getOAuthApplicationDataByAppName(name);
+ }
+
+}
http://git-wip-us.apache.org/repos/asf/stratos/blob/c0651601/components/org.apache.stratos.manager/src/main/java/org/apache/stratos/manager/utils/CartridgeConstants.java
----------------------------------------------------------------------
diff --git a/components/org.apache.stratos.manager/src/main/java/org/apache/stratos/manager/utils/CartridgeConstants.java b/components/org.apache.stratos.manager/src/main/java/org/apache/stratos/manager/utils/CartridgeConstants.java
index 2c6014e..89a41ca 100644
--- a/components/org.apache.stratos.manager/src/main/java/org/apache/stratos/manager/utils/CartridgeConstants.java
+++ b/components/org.apache.stratos.manager/src/main/java/org/apache/stratos/manager/utils/CartridgeConstants.java
@@ -21,6 +21,7 @@ package org.apache.stratos.manager.utils;
public class CartridgeConstants {
public static final String AUTOSCALER_SERVICE_URL = "autoscaler.service.url";
+ public static final String IDENTITY_SERVICE_URL = "identity.service.url";
public static final String CLOUD_CONTROLLER_SERVICE_URL = "cloud.controller.service.url";
public static final String ALIAS_NAMESPACE ="http://org.wso2.securevault/configuration";
public static final String ALIAS_LOCALPART ="secretAlias";
http://git-wip-us.apache.org/repos/asf/stratos/blob/c0651601/components/org.apache.stratos.metadataservice/src/main/java/org/apache/stratos/metadataservice/handlers/OAuthHandler.java
----------------------------------------------------------------------
diff --git a/components/org.apache.stratos.metadataservice/src/main/java/org/apache/stratos/metadataservice/handlers/OAuthHandler.java b/components/org.apache.stratos.metadataservice/src/main/java/org/apache/stratos/metadataservice/handlers/OAuthHandler.java
index 4dc5573..39ab236 100644
--- a/components/org.apache.stratos.metadataservice/src/main/java/org/apache/stratos/metadataservice/handlers/OAuthHandler.java
+++ b/components/org.apache.stratos.metadataservice/src/main/java/org/apache/stratos/metadataservice/handlers/OAuthHandler.java
@@ -18,17 +18,22 @@
*/
package org.apache.stratos.metadataservice.handlers;
-import javax.ws.rs.core.HttpHeaders;
-import javax.ws.rs.core.Response;
-
+import com.nimbusds.jose.JWSVerifier;
+import com.nimbusds.jose.crypto.RSASSAVerifier;
+import com.nimbusds.jwt.SignedJWT;
import org.apache.commons.logging.Log;
import org.apache.commons.logging.LogFactory;
import org.apache.cxf.jaxrs.impl.HttpHeadersImpl;
import org.apache.cxf.jaxrs.model.ClassResourceInfo;
import org.apache.cxf.message.Message;
import org.apache.stratos.metadataservice.context.AuthenticationContext;
-import org.apache.stratos.metadataservice.oauth2.ValidationServiceClient;
-import org.wso2.carbon.identity.oauth2.stub.dto.OAuth2TokenValidationResponseDTO;
+import org.wso2.carbon.base.MultitenantConstants;
+import org.wso2.carbon.core.util.KeyStoreManager;
+
+import javax.ws.rs.core.HttpHeaders;
+import javax.ws.rs.core.Response;
+import java.security.interfaces.RSAPublicKey;
+
/**
* This class responsible for OAuth based authentication/authorization. A client
@@ -37,59 +42,91 @@ import org.wso2.carbon.identity.oauth2.stub.dto.OAuth2TokenValidationResponseDTO
* OAuthTokenValidation endpoint of the provider.
*/
public class OAuthHandler extends AbstractAuthenticationAuthorizationHandler {
- private static Log log = LogFactory.getLog(OAuthHandler.class);
- private static String SUPPORTED_AUTHENTICATION_TYPE = "Bearer";
- private static String oauthValidationEndpoint;
- private static String username;
- private static String password;
+ public static final String BEARER = "Bearer ";
+ public static final String APPLICATION = "application";
+ private static Log log = LogFactory.getLog(OAuthHandler.class);
+ private static String SUPPORTED_AUTHENTICATION_TYPE = "Bearer";
+ private static String oauthValidationEndpoint;
+ private static String username;
+ private static String password;
+
+ public void setOauthValidationEndpoint(String oauthValidationEndpoint) {
+ OAuthHandler.oauthValidationEndpoint = oauthValidationEndpoint;
+ }
+
+ public void setUsername(String username) {
+ OAuthHandler.username = username;
+ }
+
+ public void setPassword(String password) {
+ OAuthHandler.password = password;
+ }
+
+ @Override
+ public boolean canHandle(String authHeaderPrefix) {
+ return SUPPORTED_AUTHENTICATION_TYPE.equals(authHeaderPrefix);
+ }
+
+ @Override
+ public Response handle(Message message, ClassResourceInfo classResourceInfo) {
+ try {
+ HttpHeaders httpHeaders = new HttpHeadersImpl(message);
+ String header = httpHeaders.getRequestHeaders().getFirst("Authorization");
+ // if the authorization token has Bearer..
+ if (header.startsWith(BEARER)) {
+ String accessToken = header.substring(7).trim();
+ boolean valid;
+ String appId = extractAppIdFromIdToken(accessToken);
+ String requestUrl = (String) message.get(Message.REQUEST_URI);
+ String basePath = (String) message.get(Message.BASE_PATH);
+ String requestedAppId = extractApplicationIdFromUrl(requestUrl, basePath);
+
+ if(org.apache.commons.lang3.StringUtils.isEmpty(appId) || org.apache.commons.lang3.StringUtils.isEmpty(requestedAppId)){
+ valid = false;
+ }else{
+ valid = appId.equals(requestedAppId);
+ }
- public void setOauthValidationEndpoint(String oauthValidationEndpoint) {
- OAuthHandler.oauthValidationEndpoint = oauthValidationEndpoint;
- }
+ if (!valid) {
+ return Response.status(Response.Status.FORBIDDEN).build();
+ }
+ }
+ } catch (Exception e) {
+ log.error("Error while validating access token", e);
+ return Response.status(Response.Status.FORBIDDEN).build();
+ }
- public void setUsername(String username) {
- OAuthHandler.username = username;
- }
+ AuthenticationContext.setAuthenticated(true);
+ return null;
+ }
- public void setPassword(String password) {
- OAuthHandler.password = password;
- }
+ private String extractApplicationIdFromUrl(String url, String basePath) {
+ String appId = null;
+ String segments[] = url.split("/");
+ for (int i = 0; i < segments.length; i++) {
+ if (APPLICATION.equals(segments[i])) {
+ appId = segments[i + 1];
+ break;
+ }
+ }
+ return appId;
+ }
- @Override
- public boolean canHandle(String authHeaderPrefix) {
- return SUPPORTED_AUTHENTICATION_TYPE.equals(authHeaderPrefix);
- }
+ private String extractAppIdFromIdToken(String token) {
+ String appId = null;
+ KeyStoreManager keyStoreManager = KeyStoreManager.getInstance(MultitenantConstants.SUPER_TENANT_ID);
+ try {
+ keyStoreManager.getDefaultPrimaryCertificate();
+ JWSVerifier verifier =
+ new RSASSAVerifier((RSAPublicKey) keyStoreManager.getDefaultPublicKey());
+ SignedJWT jwsObject = SignedJWT.parse(token);
+ if (jwsObject.verify(verifier)) {
+ appId = jwsObject.getJWTClaimsSet().getStringClaim("appId");
+ }
- @Override
- public Response handle(Message message, ClassResourceInfo classResourceInfo) {
- try {
- OAuth2TokenValidationResponseDTO respDTO;
- ValidationServiceClient validationServiceClient =
- new ValidationServiceClient(
- oauthValidationEndpoint,
- username,
- password);
- HttpHeaders httpHeaders = new HttpHeadersImpl(message);
- String header = httpHeaders.getRequestHeaders().getFirst("Authorization");
- // if the authorization token has Bearer..
- if (header.startsWith("Bearer ")) {
- String accessToken = header.substring(7).trim();
- respDTO = validationServiceClient.validateAuthenticationRequest(accessToken); // TODO
- // :
- // send
- // scope
- // params
- boolean valid = respDTO.getValid();
- if (!valid) {
- // authorization failure..
- return Response.status(Response.Status.FORBIDDEN).build();
- }
- }
- } catch (Exception e) {
- log.error("Error while validating access token", e);
- return Response.status(Response.Status.FORBIDDEN).build();
- }
- AuthenticationContext.setAuthenticated(true);
- return null;
- }
+ } catch (Exception e) {
+ e.printStackTrace();
+ }
+ return appId;
+ }
}
http://git-wip-us.apache.org/repos/asf/stratos/blob/c0651601/components/org.apache.stratos.metadataservice/src/main/webapp/stratosmetadataservice/WEB-INF/cxf-servlet.xml
----------------------------------------------------------------------
diff --git a/components/org.apache.stratos.metadataservice/src/main/webapp/stratosmetadataservice/WEB-INF/cxf-servlet.xml b/components/org.apache.stratos.metadataservice/src/main/webapp/stratosmetadataservice/WEB-INF/cxf-servlet.xml
index e015301..25e97fb 100644
--- a/components/org.apache.stratos.metadataservice/src/main/webapp/stratosmetadataservice/WEB-INF/cxf-servlet.xml
+++ b/components/org.apache.stratos.metadataservice/src/main/webapp/stratosmetadataservice/WEB-INF/cxf-servlet.xml
@@ -35,9 +35,10 @@
<ref bean="genericExceptionHandler"/>
<ref bean="jsonProvider"/>
<ref bean="exceptionHandler"/>
+ <ref bean="OAuthFilter"/>
<ref bean="basicAuthenticationFilter"/>
<ref bean="sessionAuthenticationFilter"/>
- <ref bean="authorizationFilter"/>
+ <!--<ref bean="authorizationFilter"/>-->
</jaxrs:providers>
</jaxrs:server>
http://git-wip-us.apache.org/repos/asf/stratos/blob/c0651601/components/org.apache.stratos.rest.endpoint/src/main/java/org/apache/stratos/rest/endpoint/api/StratosApiV41Utils.java
----------------------------------------------------------------------
diff --git a/components/org.apache.stratos.rest.endpoint/src/main/java/org/apache/stratos/rest/endpoint/api/StratosApiV41Utils.java b/components/org.apache.stratos.rest.endpoint/src/main/java/org/apache/stratos/rest/endpoint/api/StratosApiV41Utils.java
index fe7b997..6290500 100644
--- a/components/org.apache.stratos.rest.endpoint/src/main/java/org/apache/stratos/rest/endpoint/api/StratosApiV41Utils.java
+++ b/components/org.apache.stratos.rest.endpoint/src/main/java/org/apache/stratos/rest/endpoint/api/StratosApiV41Utils.java
@@ -34,6 +34,8 @@ import org.apache.stratos.cloud.controller.stub.domain.CartridgeInfo;
import org.apache.stratos.common.Property;
import org.apache.stratos.manager.client.AutoscalerServiceClient;
import org.apache.stratos.manager.client.CloudControllerServiceClient;
+import org.apache.stratos.manager.client.IdentityApplicationManagementServiceClient;
+import org.apache.stratos.manager.client.oAuthAdminServiceClient;
import org.apache.stratos.manager.composite.application.beans.ApplicationDefinition;
import org.apache.stratos.manager.deploy.cartridge.CartridgeDeploymentManager;
import org.apache.stratos.manager.deploy.service.Service;
@@ -79,6 +81,7 @@ import org.apache.stratos.rest.endpoint.bean.repositoryNotificationInfoBean.Payl
import org.apache.stratos.rest.endpoint.bean.subscription.domain.SubscriptionDomainBean;
import org.apache.stratos.rest.endpoint.bean.util.converter.PojoConverter;
import org.apache.stratos.rest.endpoint.exception.RestAPIException;
+import org.wso2.carbon.identity.oauth.stub.OAuthAdminServiceException;
import javax.ws.rs.core.Response;
import javax.ws.rs.core.Response.Status;
@@ -1964,4 +1967,23 @@ public class StratosApiV41Utils {
}
}
+
+ public static void createToken() throws RestAPIException {
+ String appName = "testudara" + Math.random();
+ String compositeAppId = "app1";
+ try {
+ oAuthAdminServiceClient.getServiceClient().registerOauthApplication(appName);
+ } catch (RemoteException e) {
+ throw new RestAPIException(e);
+ } catch (OAuthAdminServiceException e) {
+ throw new RestAPIException(e);
+ }
+ try {
+ IdentityApplicationManagementServiceClient.getServiceClient().createServiceProvider(appName, appName, compositeAppId);
+ } catch (RemoteException e) {
+ throw new RestAPIException(e);
+ } catch (OAuthAdminServiceException e) {
+ e.printStackTrace();
+ }
+ }
}
http://git-wip-us.apache.org/repos/asf/stratos/blob/c0651601/components/pom.xml
----------------------------------------------------------------------
diff --git a/components/pom.xml b/components/pom.xml
index ce08ffc..997588a 100644
--- a/components/pom.xml
+++ b/components/pom.xml
@@ -104,6 +104,8 @@
<module>org.apache.stratos.rest.endpoint</module>
<!-- Stratos manager styles bundle -->
<module>org.apache.stratos.manager.styles</module>
+
+ <module>org.apache.stratos.custom.handlers</module>
<module>org.apache.stratos.metadataservice</module>
<!-- meta data client -->
http://git-wip-us.apache.org/repos/asf/stratos/blob/c0651601/features/common/org.apache.stratos.metadata.client.feature/pom.xml
----------------------------------------------------------------------
diff --git a/features/common/org.apache.stratos.metadata.client.feature/pom.xml b/features/common/org.apache.stratos.metadata.client.feature/pom.xml
index 09857d0..19c679c 100644
--- a/features/common/org.apache.stratos.metadata.client.feature/pom.xml
+++ b/features/common/org.apache.stratos.metadata.client.feature/pom.xml
@@ -19,7 +19,8 @@
-->
-<project xmlns="http://maven.apache.org/POM/4.0.0" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xsi:schemaLocation="http://maven.apache.org/POM/4.0.0 http://maven.apache.org/maven-v4_0_0.xsd">
+<project xmlns="http://maven.apache.org/POM/4.0.0" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
+ xsi:schemaLocation="http://maven.apache.org/POM/4.0.0 http://maven.apache.org/maven-v4_0_0.xsd">
<parent>
<groupId>org.apache.stratos</groupId>
@@ -32,7 +33,7 @@
<packaging>pom</packaging>
<name>Apache Stratos - Metadata client Feature</name>
<url>http://apache.org</url>
- <description />
+ <description/>
<dependencies>
<dependency>
@@ -40,7 +41,7 @@
<artifactId>gson</artifactId>
<version>${gson2.version}</version>
</dependency>
-<dependency>
+ <dependency>
<groupId>org.apache.httpcomponents</groupId>
<artifactId>httpasyncclient</artifactId>
<version>4.0-beta3</version>
@@ -50,13 +51,12 @@
<artifactId>httpclient-osgi</artifactId>
<version>4.3.5</version>
</dependency>
- <dependency>
+ <dependency>
<groupId>org.apache.httpcomponents</groupId>
<artifactId>httpclient</artifactId>
<version>4.3.5</version>
</dependency>
-
- <dependency>
+ <dependency>
<groupId>org.apache.httpcomponents</groupId>
<artifactId>httpcore</artifactId>
<version>4.3.2</version>
@@ -96,7 +96,8 @@
</properties>
</adviceFile>
<bundles>
- <bundleDef>org.apache.stratos:org.apache.stratos.metadata.client:${project.version}</bundleDef>
+ <bundleDef>org.apache.stratos:org.apache.stratos.metadata.client:${project.version}
+ </bundleDef>
<bundleDef>com.google.code.gson:gson:${gson2.version}</bundleDef>
<bundleDef>org.apache.commons:commons-lang3:3.1</bundleDef>
<bundleDef>org.apache.httpcomponents:httpclient-osgi:4.3.5</bundleDef>
http://git-wip-us.apache.org/repos/asf/stratos/blob/c0651601/features/common/pom.xml
----------------------------------------------------------------------
diff --git a/features/common/pom.xml b/features/common/pom.xml
index b2a4481..1f9ab37 100644
--- a/features/common/pom.xml
+++ b/features/common/pom.xml
@@ -27,11 +27,12 @@
<modelVersion>4.0.0</modelVersion>
<artifactId>common.features</artifactId>
<packaging>pom</packaging>
- <name>Apache Stratos - Metadata Client Module</name>
+ <name>Apache Stratos - Common Module</name>
<url>http://apache.org</url>
<modules>
<module>org.apache.stratos.metadata.client.feature</module>
+ <module>org.apache.stratos.custom.handlers.feature</module>
</modules>
</project>
http://git-wip-us.apache.org/repos/asf/stratos/blob/c0651601/products/stratos/modules/p2-profile-gen/pom.xml
----------------------------------------------------------------------
diff --git a/products/stratos/modules/p2-profile-gen/pom.xml b/products/stratos/modules/p2-profile-gen/pom.xml
index f5cdbfd..35c4b48 100644
--- a/products/stratos/modules/p2-profile-gen/pom.xml
+++ b/products/stratos/modules/p2-profile-gen/pom.xml
@@ -333,6 +333,7 @@
<featureArtifactDef>org.wso2.carbon:org.wso2.carbon.cassandra.common.feature:${carbon.platform.version}</featureArtifactDef>
<!-- Common features -->
<featureArtifactDef>org.apache.stratos:org.apache.stratos.metadata.client.feature:${project.version}</featureArtifactDef>
+ <featureArtifactDef>org.apache.stratos:org.apache.stratos.custom.handlers.feature:${project.version}</featureArtifactDef>
</featureArtifacts>
</configuration>
</execution>
@@ -561,6 +562,10 @@
<id>org.wso2.carbon.user.mgt.feature.group</id>
<version>${carbon.platform.patch.version.4.2.1}</version>
</feature>
+ <feature>
+ <id>org.apache.stratos.custom.handlers.feature.group</id>
+ <version>${project.version}</version>
+ </feature>
</features>
</configuration>
</execution>
@@ -997,6 +1002,10 @@
<id>org.apache.stratos.metadata.client.feature.group</id>
<version>${project.version}</version>
</feature>
+ <feature>
+ <id>org.apache.stratos.custom.handlers.feature.group</id>
+ <version>${project.version}</version>
+ </feature>
</features>
</configuration>
[3/6] stratos git commit: creating token at application deployment
Posted by ud...@apache.org.
creating token at application deployment
Project: http://git-wip-us.apache.org/repos/asf/stratos/repo
Commit: http://git-wip-us.apache.org/repos/asf/stratos/commit/96146274
Tree: http://git-wip-us.apache.org/repos/asf/stratos/tree/96146274
Diff: http://git-wip-us.apache.org/repos/asf/stratos/diff/96146274
Branch: refs/heads/master
Commit: 96146274841a2b6f2a63dbc0a0b6ac5225ff95ba
Parents: 61b1d31
Author: Udara Liyanage <ud...@wso2.com>
Authored: Thu Dec 4 21:07:08 2014 +0530
Committer: Udara Liyanage <ud...@wso2.com>
Committed: Fri Dec 5 19:31:33 2014 +0530
----------------------------------------------------------------------
.../org.apache.stratos.autoscaler/pom.xml | 16 +-
.../apache/stratos/autoscaler/Constants.java | 4 +
.../parser/DefaultApplicationParser.java | 49 ++++-
...ntityApplicationManagementServiceClient.java | 196 ++++++++++++++++++
.../stratos/autoscaler/client/Utility.java | 86 ++++++++
.../client/oAuthAdminServiceClient.java | 97 +++++++++
components/org.apache.stratos.manager/pom.xml | 15 --
...ntityApplicationManagementServiceClient.java | 202 -------------------
.../apache/stratos/manager/client/Utility.java | 86 --------
.../manager/client/oAuthAdminServiceClient.java | 96 ---------
.../org.apache.stratos.metadataservice/pom.xml | 7 +-
.../rest/endpoint/api/StratosApiV41Utils.java | 29 +--
.../config/all/repository/conf/autoscaler.xml | 5 +
13 files changed, 451 insertions(+), 437 deletions(-)
----------------------------------------------------------------------
http://git-wip-us.apache.org/repos/asf/stratos/blob/96146274/components/org.apache.stratos.autoscaler/pom.xml
----------------------------------------------------------------------
diff --git a/components/org.apache.stratos.autoscaler/pom.xml b/components/org.apache.stratos.autoscaler/pom.xml
index 394784e..7ae4dd2 100644
--- a/components/org.apache.stratos.autoscaler/pom.xml
+++ b/components/org.apache.stratos.autoscaler/pom.xml
@@ -188,7 +188,21 @@
<artifactId>org.apache.stratos.metadata.client</artifactId>
<version>${project.version}</version>
</dependency>
-
+ <dependency>
+ <groupId>org.wso2.carbon</groupId>
+ <artifactId>org.wso2.carbon.identity.oauth</artifactId>
+ <version>4.2.3</version>
+ </dependency>
+ <dependency>
+ <groupId>org.wso2.carbon</groupId>
+ <artifactId>org.wso2.carbon.identity.oauth.stub</artifactId>
+ <version>4.2.3</version>
+ </dependency>
+ <dependency>
+ <groupId>org.wso2.carbon</groupId>
+ <artifactId>org.wso2.carbon.identity.application.mgt.stub</artifactId>
+ <version>4.2.0</version>
+ </dependency>
</dependencies>
http://git-wip-us.apache.org/repos/asf/stratos/blob/96146274/components/org.apache.stratos.autoscaler/src/main/java/org/apache/stratos/autoscaler/Constants.java
----------------------------------------------------------------------
diff --git a/components/org.apache.stratos.autoscaler/src/main/java/org/apache/stratos/autoscaler/Constants.java b/components/org.apache.stratos.autoscaler/src/main/java/org/apache/stratos/autoscaler/Constants.java
index 7ca6282..837e504 100644
--- a/components/org.apache.stratos.autoscaler/src/main/java/org/apache/stratos/autoscaler/Constants.java
+++ b/components/org.apache.stratos.autoscaler/src/main/java/org/apache/stratos/autoscaler/Constants.java
@@ -84,4 +84,8 @@ public class Constants {
public static final String CARTRIDGE = "cartridge";
+ public static final int IS_DEFAULT_PORT = 9443;
+ public static final String OAUTH_SERVICE_SFX = "services/OAuthAdminService";
+ public static final String IDENTITY_APPLICATION_SERVICE_SFX = "services/IdentityApplicationManagementService";
+ public static final String TOKEN_ENDPOINT_SFX = "oauth2/token";
}
http://git-wip-us.apache.org/repos/asf/stratos/blob/96146274/components/org.apache.stratos.autoscaler/src/main/java/org/apache/stratos/autoscaler/applications/parser/DefaultApplicationParser.java
----------------------------------------------------------------------
diff --git a/components/org.apache.stratos.autoscaler/src/main/java/org/apache/stratos/autoscaler/applications/parser/DefaultApplicationParser.java b/components/org.apache.stratos.autoscaler/src/main/java/org/apache/stratos/autoscaler/applications/parser/DefaultApplicationParser.java
index 8078ebd..5472163 100644
--- a/components/org.apache.stratos.autoscaler/src/main/java/org/apache/stratos/autoscaler/applications/parser/DefaultApplicationParser.java
+++ b/components/org.apache.stratos.autoscaler/src/main/java/org/apache/stratos/autoscaler/applications/parser/DefaultApplicationParser.java
@@ -19,6 +19,9 @@
package org.apache.stratos.autoscaler.applications.parser;
+import org.apache.amber.oauth2.common.exception.OAuthProblemException;
+import org.apache.amber.oauth2.common.exception.OAuthSystemException;
+import org.apache.commons.codec.binary.Base64;
import org.apache.commons.lang.StringUtils;
import org.apache.commons.logging.Log;
import org.apache.commons.logging.LogFactory;
@@ -26,27 +29,30 @@ import org.apache.stratos.autoscaler.applications.ApplicationUtils;
import org.apache.stratos.autoscaler.applications.ClusterInformation;
import org.apache.stratos.autoscaler.applications.MTClusterInformation;
import org.apache.stratos.autoscaler.applications.STClusterInformation;
+import org.apache.stratos.autoscaler.applications.payload.PayloadData;
import org.apache.stratos.autoscaler.applications.pojo.*;
import org.apache.stratos.autoscaler.client.CloudControllerClient;
+import org.apache.stratos.autoscaler.client.IdentityApplicationManagementServiceClient;
+import org.apache.stratos.autoscaler.client.oAuthAdminServiceClient;
+import org.apache.stratos.autoscaler.exception.AutoScalerException;
import org.apache.stratos.autoscaler.exception.application.ApplicationDefinitionException;
import org.apache.stratos.autoscaler.exception.cartridge.CartridgeInformationException;
import org.apache.stratos.autoscaler.pojo.ServiceGroup;
import org.apache.stratos.autoscaler.registry.RegistryManager;
import org.apache.stratos.cloud.controller.stub.domain.CartridgeInfo;
+import org.apache.stratos.common.Properties;
import org.apache.stratos.common.Property;
import org.apache.stratos.messaging.domain.applications.Application;
import org.apache.stratos.messaging.domain.applications.ClusterDataHolder;
import org.apache.stratos.messaging.domain.applications.DependencyOrder;
import org.apache.stratos.messaging.domain.applications.Group;
-import org.apache.stratos.common.Properties;
-
-import java.util.*;
+import org.wso2.carbon.identity.oauth.stub.OAuthAdminServiceException;
import javax.crypto.Cipher;
import javax.crypto.SecretKey;
import javax.crypto.spec.SecretKeySpec;
-
-import org.apache.commons.codec.binary.Base64;
+import java.rmi.RemoteException;
+import java.util.*;
/**
* Default implementation of the Application Parser. One Application should be processed by one
@@ -750,7 +756,6 @@ public class DefaultApplicationParser implements ApplicationParser {
ApplicationClusterContext appClusterCtxt = createApplicationClusterContext(appId, groupName, cartridgeInfo,
key, tenantId, subscribableInfoCtxt.getRepoUrl(), subscribableCtxt.getAlias(),
clusterId, hostname, subscribableInfoCtxt.getDeploymentPolicy(), false, subscribableInfoCtxt.getDependencyAliases(), subscribableInfoCtxt.getProperties());
-
appClusterCtxt.setAutoscalePolicyName(subscribableInfoCtxt.getAutoscalingPolicy());
appClusterCtxt.setProperties(subscribableInfoCtxt.getProperties());
this.applicationClusterContexts.add(appClusterCtxt);
@@ -787,12 +792,40 @@ public class DefaultApplicationParser implements ApplicationParser {
throws ApplicationDefinitionException {
// Create text payload
- String textPayload = ApplicationUtils.createPayload(appId, groupName, cartridgeInfo, subscriptionKey, tenantId, clusterId,
- hostname, repoUrl, alias, null, dependencyAliases, properties).toString();
+ PayloadData payloadData = ApplicationUtils.createPayload(appId, groupName, cartridgeInfo, subscriptionKey, tenantId, clusterId,
+ hostname, repoUrl, alias, null, dependencyAliases, properties);
+ payloadData.add("TOKEN", createToken(appId));
+ String textPayload = payloadData.toString();
return new ApplicationClusterContext(cartridgeInfo.getType(), clusterId, hostname, textPayload, deploymentPolicy, isLB);
}
+ public String createToken(String appid) throws AutoScalerException {
+ String token = null;
+ String ouathAppName = appid + Math.random();
+ String serviceProviderName = ouathAppName;
+
+ try {
+ oAuthAdminServiceClient.getServiceClient().registerOauthApplication(ouathAppName);
+ } catch (RemoteException e) {
+ throw new AutoScalerException(e);
+ } catch (OAuthAdminServiceException e) {
+ throw new AutoScalerException(e);
+ }
+ try {
+ token = IdentityApplicationManagementServiceClient.getServiceClient().createServiceProvider(ouathAppName, serviceProviderName, appid);
+ } catch (RemoteException e) {
+ throw new AutoScalerException(e);
+ } catch (OAuthAdminServiceException e) {
+ e.printStackTrace();
+ } catch (OAuthProblemException e) {
+ throw new AutoScalerException(e);
+ } catch (OAuthSystemException e) {
+ throw new AutoScalerException(e);
+ }
+
+ return token;
+ }
private CartridgeInfo getCartridge (String cartridgeType) throws ApplicationDefinitionException {
try {
http://git-wip-us.apache.org/repos/asf/stratos/blob/96146274/components/org.apache.stratos.autoscaler/src/main/java/org/apache/stratos/autoscaler/client/IdentityApplicationManagementServiceClient.java
----------------------------------------------------------------------
diff --git a/components/org.apache.stratos.autoscaler/src/main/java/org/apache/stratos/autoscaler/client/IdentityApplicationManagementServiceClient.java b/components/org.apache.stratos.autoscaler/src/main/java/org/apache/stratos/autoscaler/client/IdentityApplicationManagementServiceClient.java
new file mode 100644
index 0000000..deccaf3
--- /dev/null
+++ b/components/org.apache.stratos.autoscaler/src/main/java/org/apache/stratos/autoscaler/client/IdentityApplicationManagementServiceClient.java
@@ -0,0 +1,196 @@
+/*
+ * Licensed to the Apache Software Foundation (ASF) under one
+ * or more contributor license agreements. See the NOTICE file
+ * distributed with this work for additional information
+ * regarding copyright ownership. The ASF licenses this file
+ * to you under the Apache License, Version 2.0 (the
+ * "License"); you may not use this file except in compliance
+ * with the License. You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing,
+ * software distributed under the License is distributed on an
+ * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+ * KIND, either express or implied. See the License for the
+ * specific language governing permissions and limitations
+ * under the License.
+ */
+package org.apache.stratos.autoscaler.client;
+
+import org.apache.amber.oauth2.client.OAuthClient;
+import org.apache.amber.oauth2.client.URLConnectionClient;
+import org.apache.amber.oauth2.client.request.OAuthClientRequest;
+import org.apache.amber.oauth2.client.response.OAuthClientResponse;
+import org.apache.amber.oauth2.common.exception.OAuthProblemException;
+import org.apache.amber.oauth2.common.exception.OAuthSystemException;
+import org.apache.amber.oauth2.common.message.types.GrantType;
+import org.apache.axis2.AxisFault;
+import org.apache.axis2.transport.http.HTTPConstants;
+import org.apache.commons.configuration.XMLConfiguration;
+import org.apache.commons.logging.Log;
+import org.apache.commons.logging.LogFactory;
+import org.apache.stratos.autoscaler.Constants;
+import org.apache.stratos.autoscaler.util.ConfUtil;
+import org.wso2.carbon.base.ServerConfiguration;
+import org.wso2.carbon.identity.application.common.model.xsd.InboundAuthenticationRequestConfig;
+import org.wso2.carbon.identity.application.common.model.xsd.OutboundProvisioningConfig;
+import org.wso2.carbon.identity.application.common.model.xsd.Property;
+import org.wso2.carbon.identity.application.common.model.xsd.ServiceProvider;
+import org.wso2.carbon.identity.application.mgt.stub.IdentityApplicationManagementServiceIdentityApplicationManagementException;
+import org.wso2.carbon.identity.application.mgt.stub.IdentityApplicationManagementServiceStub;
+import org.wso2.carbon.identity.oauth.stub.OAuthAdminServiceException;
+import org.wso2.carbon.identity.oauth.stub.dto.OAuthConsumerAppDTO;
+import org.wso2.carbon.utils.CarbonUtils;
+
+import java.rmi.RemoteException;
+import java.util.ArrayList;
+import java.util.List;
+
+public class IdentityApplicationManagementServiceClient {
+
+ private static final Log log = LogFactory.getLog(IdentityApplicationManagementServiceClient.class);
+ private static final String ID_TOKEN = "id_token";
+
+ private static IdentityApplicationManagementServiceClient serviceClient;
+ private final IdentityApplicationManagementServiceStub stub;
+
+ public IdentityApplicationManagementServiceClient(String epr) throws AxisFault {
+
+ XMLConfiguration conf = ConfUtil.getInstance(null).getConfiguration();
+ int autosclaerSocketTimeout = conf.getInt("autoscaler.identity.clientTimeout", 180000);
+ try {
+ ServerConfiguration serverConfig = CarbonUtils.getServerConfiguration();
+ String trustStorePath = serverConfig.getFirstProperty("Security.TrustStore.Location");
+ String trustStorePassword = serverConfig.getFirstProperty("Security.TrustStore.Password");
+ String type = serverConfig.getFirstProperty("Security.TrustStore.Type");
+
+ System.setProperty("javax.net.ssl.trustStore", trustStorePath);
+ System.setProperty("javax.net.ssl.trustStorePassword", trustStorePassword);
+ System.setProperty("javax.net.ssl.trustStoreType", type);
+
+ stub = new IdentityApplicationManagementServiceStub(epr);
+ stub._getServiceClient().getOptions().setProperty(HTTPConstants.SO_TIMEOUT, autosclaerSocketTimeout);
+ stub._getServiceClient().getOptions().setProperty(HTTPConstants.CONNECTION_TIMEOUT, autosclaerSocketTimeout);
+ Utility.setAuthHeaders(stub._getServiceClient(), "admin");
+
+ } catch (AxisFault axisFault) {
+ String msg = "Failed to initiate identity service client. " + axisFault.getMessage();
+ log.error(msg, axisFault);
+ throw new AxisFault(msg, axisFault);
+ }
+ }
+
+ public static IdentityApplicationManagementServiceClient getServiceClient() throws AxisFault {
+ if (serviceClient == null) {
+ synchronized (IdentityApplicationManagementServiceClient.class) {
+ if (serviceClient == null) {
+ XMLConfiguration conf = ConfUtil.getInstance(null).getConfiguration();
+ String hostname = conf.getString("autoscaler.identity.hostname", "localhost");
+ int port = conf.getInt("autoscaler.cloudController.port", Constants.IS_DEFAULT_PORT);
+ String epr = "https://" + hostname + ":" + port + "/" + Constants.IDENTITY_APPLICATION_SERVICE_SFX;
+ serviceClient = new IdentityApplicationManagementServiceClient(epr);
+ }
+ }
+ }
+ return serviceClient;
+ }
+
+ public String createServiceProvider(String appName, String spName, String compositeAppId) throws RemoteException, OAuthAdminServiceException, OAuthProblemException, OAuthSystemException {
+ OAuthConsumerAppDTO oAuthApplication = null;
+ String accessToken;
+
+ oAuthApplication = oAuthAdminServiceClient.getServiceClient().getOAuthApplication(appName);
+
+ if(oAuthApplication == null){
+ return null;
+ }
+
+ String consumerKey = oAuthApplication.getOauthConsumerKey();
+ String consumerSecret = oAuthApplication.getOauthConsumerSecret();
+
+ ServiceProvider serviceProvider = new ServiceProvider();
+ serviceProvider.setApplicationName(spName);
+
+ try {
+ stub.createApplication(serviceProvider);
+ } catch (IdentityApplicationManagementServiceIdentityApplicationManagementException e) {
+ throw new RuntimeException(e);
+ }
+ try {
+ serviceProvider = stub.getApplication(spName);
+ } catch (IdentityApplicationManagementServiceIdentityApplicationManagementException e) {
+ throw new RuntimeException(e);
+ }
+
+ serviceProvider.setOutboundProvisioningConfig(new OutboundProvisioningConfig());
+
+ List<InboundAuthenticationRequestConfig> authRequestList = new ArrayList<InboundAuthenticationRequestConfig>();
+
+
+ if (consumerKey != null) {
+ InboundAuthenticationRequestConfig opicAuthenticationRequest =
+ new InboundAuthenticationRequestConfig();
+ opicAuthenticationRequest.setInboundAuthKey(consumerKey);
+ opicAuthenticationRequest.setInboundAuthType("oauth2");
+ if (consumerSecret != null && !consumerSecret.isEmpty()) {
+ Property property = new Property();
+ property.setName("oauthConsumerSecret");
+ property.setValue(consumerSecret);
+ Property[] properties = {property};
+ opicAuthenticationRequest.setProperties(properties);
+ }
+ authRequestList.add(opicAuthenticationRequest);
+ }
+
+ String passiveSTSRealm = spName;
+ if (passiveSTSRealm != null) {
+ InboundAuthenticationRequestConfig opicAuthenticationRequest =
+ new InboundAuthenticationRequestConfig();
+ opicAuthenticationRequest.setInboundAuthKey(passiveSTSRealm);
+ opicAuthenticationRequest.setInboundAuthType("passivests");
+ authRequestList.add(opicAuthenticationRequest);
+ }
+
+ String openidRealm = spName;
+ if (openidRealm != null) {
+ InboundAuthenticationRequestConfig opicAuthenticationRequest =
+ new InboundAuthenticationRequestConfig();
+ opicAuthenticationRequest.setInboundAuthKey(openidRealm);
+ opicAuthenticationRequest.setInboundAuthType("openid");
+ authRequestList.add(opicAuthenticationRequest);
+ }
+
+ if (authRequestList.size() > 0) {
+ serviceProvider.getInboundAuthenticationConfig()
+ .setInboundAuthenticationRequestConfigs(authRequestList.toArray(new InboundAuthenticationRequestConfig[authRequestList.size()]));
+ }
+
+ try {
+ stub.updateApplication(serviceProvider);
+ } catch (IdentityApplicationManagementServiceIdentityApplicationManagementException e) {
+ throw new RuntimeException(e);
+ }
+
+ accessToken = getIdToken(compositeAppId, consumerKey, consumerSecret);
+ return accessToken;
+ }
+
+
+ private String getIdToken(String compositeAppId, String consumerKey, String consumerSecret) throws OAuthSystemException, OAuthProblemException {
+ XMLConfiguration conf = ConfUtil.getInstance(null).getConfiguration();
+ String hostname = conf.getString("autoscaler.identity.hostname", "localhost");
+ int port = conf.getInt("autoscaler.cloudController.port", Constants.IS_DEFAULT_PORT);
+ String tokenEndpoint = "https://" + hostname + ":" + port + "/" + Constants.TOKEN_ENDPOINT_SFX;
+ OAuthClientRequest accessRequest = OAuthClientRequest.tokenLocation(tokenEndpoint)
+ .setGrantType(GrantType.CLIENT_CREDENTIALS)
+ .setClientId(consumerKey)
+ .setClientSecret(consumerSecret)
+ .setScope(compositeAppId)
+ .buildBodyMessage();
+ OAuthClient oAuthClient = new OAuthClient(new URLConnectionClient());
+
+ OAuthClientResponse oAuthResponse = oAuthClient.accessToken(accessRequest);
+ return oAuthResponse.getParam(ID_TOKEN);
+ }
+}
http://git-wip-us.apache.org/repos/asf/stratos/blob/96146274/components/org.apache.stratos.autoscaler/src/main/java/org/apache/stratos/autoscaler/client/Utility.java
----------------------------------------------------------------------
diff --git a/components/org.apache.stratos.autoscaler/src/main/java/org/apache/stratos/autoscaler/client/Utility.java b/components/org.apache.stratos.autoscaler/src/main/java/org/apache/stratos/autoscaler/client/Utility.java
new file mode 100644
index 0000000..5e13139
--- /dev/null
+++ b/components/org.apache.stratos.autoscaler/src/main/java/org/apache/stratos/autoscaler/client/Utility.java
@@ -0,0 +1,86 @@
+/*
+ * Licensed to the Apache Software Foundation (ASF) under one
+ * or more contributor license agreements. See the NOTICE file
+ * distributed with this work for additional information
+ * regarding copyright ownership. The ASF licenses this file
+ * to you under the Apache License, Version 2.0 (the
+ * "License"); you may not use this file except in compliance
+ * with the License. You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing,
+ * software distributed under the License is distributed on an
+ * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+ * KIND, either express or implied. See the License for the
+ * specific language governing permissions and limitations
+ * under the License.
+ */
+package org.apache.stratos.autoscaler.client;
+
+import com.nimbusds.jose.JWSAlgorithm;
+import com.nimbusds.jose.JWSHeader;
+import com.nimbusds.jose.JWSSigner;
+import com.nimbusds.jose.crypto.RSASSASigner;
+import com.nimbusds.jwt.JWTClaimsSet;
+import com.nimbusds.jwt.SignedJWT;
+import org.apache.axiom.util.base64.Base64Utils;
+import org.apache.axis2.client.ServiceClient;
+import org.apache.axis2.transport.http.HTTPConstants;
+import org.apache.commons.httpclient.Header;
+import org.apache.commons.logging.Log;
+import org.apache.commons.logging.LogFactory;
+import org.wso2.carbon.base.MultitenantConstants;
+import org.wso2.carbon.core.util.KeyStoreManager;
+
+import java.security.SignatureException;
+import java.security.interfaces.RSAPrivateKey;
+import java.util.ArrayList;
+import java.util.List;
+
+public class Utility {
+ public static final String SIGNED_JWT_AUTH_USERNAME = "Username";
+ public static final String BEARER = "Bearer";
+ private static final Log log = LogFactory.getLog(Utility.class);
+
+ /**
+ * Set Auth headers to service client. Singed JWT authentication handler expect username
+ * as a claim in order to validate the user. This is an alternative to mutual auth.
+ *
+ * @param serviceClient Service client.
+ * @param username username which is set in header.
+ */
+
+ public static void setAuthHeaders(ServiceClient serviceClient, String username) {
+ List headerList = new ArrayList();
+ Header header = new Header();
+ header.setName(HTTPConstants.HEADER_AUTHORIZATION);
+ header.setValue(getAuthHeader(username));
+ headerList.add(header);
+ serviceClient.getOptions().setProperty(HTTPConstants.HTTP_HEADERS, headerList);
+ }
+
+ public static String getAuthHeader(String username) throws RuntimeException {
+
+ KeyStoreManager keyStoreManager;
+ keyStoreManager = KeyStoreManager.getInstance(MultitenantConstants.SUPER_TENANT_ID);
+ try {
+ keyStoreManager.getDefaultPrimaryCertificate();
+ JWSSigner signer = new RSASSASigner((RSAPrivateKey) keyStoreManager.getDefaultPrivateKey());
+ JWTClaimsSet claimsSet = new JWTClaimsSet();
+ claimsSet.setClaim(SIGNED_JWT_AUTH_USERNAME, username);
+ SignedJWT signedJWT = new SignedJWT(new JWSHeader(JWSAlgorithm.RS512), claimsSet);
+ signedJWT.sign(signer);
+
+ return BEARER + " " + Base64Utils.encode(signedJWT.serialize().getBytes());
+ } catch (SignatureException e) {
+ String msg = "Failed to sign with signature instance";
+ log.error(msg, e);
+ throw new RuntimeException(msg, e);
+ } catch (Exception e) {
+ String msg = "Failed to get primary default certificate";
+ log.error(msg, e);
+ throw new RuntimeException(msg, e);
+ }
+ }
+}
http://git-wip-us.apache.org/repos/asf/stratos/blob/96146274/components/org.apache.stratos.autoscaler/src/main/java/org/apache/stratos/autoscaler/client/oAuthAdminServiceClient.java
----------------------------------------------------------------------
diff --git a/components/org.apache.stratos.autoscaler/src/main/java/org/apache/stratos/autoscaler/client/oAuthAdminServiceClient.java b/components/org.apache.stratos.autoscaler/src/main/java/org/apache/stratos/autoscaler/client/oAuthAdminServiceClient.java
new file mode 100644
index 0000000..3cddaed
--- /dev/null
+++ b/components/org.apache.stratos.autoscaler/src/main/java/org/apache/stratos/autoscaler/client/oAuthAdminServiceClient.java
@@ -0,0 +1,97 @@
+/*
+ * Licensed to the Apache Software Foundation (ASF) under one
+ * or more contributor license agreements. See the NOTICE file
+ * distributed with this work for additional information
+ * regarding copyright ownership. The ASF licenses this file
+ * to you under the Apache License, Version 2.0 (the
+ * "License"); you may not use this file except in compliance
+ * with the License. You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing,
+ * software distributed under the License is distributed on an
+ * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+ * KIND, either express or implied. See the License for the
+ * specific language governing permissions and limitations
+ * under the License.
+ */
+package org.apache.stratos.autoscaler.client;
+
+import org.apache.axis2.AxisFault;
+import org.apache.axis2.transport.http.HTTPConstants;
+import org.apache.commons.configuration.XMLConfiguration;
+import org.apache.commons.logging.Log;
+import org.apache.commons.logging.LogFactory;
+import org.apache.stratos.autoscaler.Constants;
+import org.apache.stratos.autoscaler.util.ConfUtil;
+import org.wso2.carbon.base.ServerConfiguration;
+import org.wso2.carbon.identity.oauth.stub.OAuthAdminServiceException;
+import org.wso2.carbon.identity.oauth.stub.OAuthAdminServiceStub;
+import org.wso2.carbon.identity.oauth.stub.dto.OAuthConsumerAppDTO;
+import org.wso2.carbon.utils.CarbonUtils;
+
+import java.rmi.RemoteException;
+
+public class oAuthAdminServiceClient {
+
+ public static final String GRANT_TYPE = "client-credentials";
+ private static final Log log = LogFactory.getLog(oAuthAdminServiceClient.class);
+ private static final String OAUTH_2_0 = "oauth-2.0";
+ private static oAuthAdminServiceClient serviceClient;
+ private final OAuthAdminServiceStub stub;
+
+ public oAuthAdminServiceClient(String epr) throws AxisFault {
+
+ XMLConfiguration conf = ConfUtil.getInstance(null).getConfiguration();
+ int autosclaerSocketTimeout = conf.getInt("autoscaler.identity.clientTimeout", 180000);
+
+ try {
+ ServerConfiguration serverConfig = CarbonUtils.getServerConfiguration();
+ String trustStorePath = serverConfig.getFirstProperty("Security.TrustStore.Location");
+ String trustStorePassword = serverConfig.getFirstProperty("Security.TrustStore.Password");
+ String type = serverConfig.getFirstProperty("Security.TrustStore.Type");
+ System.setProperty("javax.net.ssl.trustStore", trustStorePath);
+ System.setProperty("javax.net.ssl.trustStorePassword", trustStorePassword);
+ System.setProperty("javax.net.ssl.trustStoreType", type);
+
+ stub = new OAuthAdminServiceStub(epr);
+ stub._getServiceClient().getOptions().setProperty(HTTPConstants.SO_TIMEOUT, autosclaerSocketTimeout);
+ stub._getServiceClient().getOptions().setProperty(HTTPConstants.CONNECTION_TIMEOUT, autosclaerSocketTimeout);
+ Utility.setAuthHeaders(stub._getServiceClient(), "admin");
+
+ } catch (AxisFault axisFault) {
+ String msg = "Failed to initiate identity service client. " + axisFault.getMessage();
+ log.error(msg, axisFault);
+ throw new AxisFault(msg, axisFault);
+ }
+ }
+
+ public static oAuthAdminServiceClient getServiceClient() throws AxisFault {
+ if (serviceClient == null) {
+ synchronized (oAuthAdminServiceClient.class) {
+ if (serviceClient == null) {
+ XMLConfiguration conf = ConfUtil.getInstance(null).getConfiguration();
+ String hostname = conf.getString("autoscaler.identity.hostname", "localhost");
+ int port = conf.getInt("autoscaler.cloudController.port", Constants.IS_DEFAULT_PORT);
+ String epr = "https://" + hostname + ":" + port + "/" + Constants.OAUTH_SERVICE_SFX;
+ serviceClient = new oAuthAdminServiceClient(epr);
+ }
+ }
+ }
+ return serviceClient;
+ }
+
+ public void registerOauthApplication(String appName) throws RemoteException, OAuthAdminServiceException {
+ OAuthConsumerAppDTO oAuthConsumerDTO = new OAuthConsumerAppDTO();
+ oAuthConsumerDTO.setApplicationName(appName);
+ oAuthConsumerDTO.setOAuthVersion(OAUTH_2_0);
+ oAuthConsumerDTO.setGrantTypes(GRANT_TYPE);
+ stub.registerOAuthApplicationData(oAuthConsumerDTO);
+ }
+
+ public OAuthConsumerAppDTO getOAuthApplication(String name) throws RemoteException, OAuthAdminServiceException {
+ return stub.getOAuthApplicationDataByAppName(name);
+ }
+
+}
http://git-wip-us.apache.org/repos/asf/stratos/blob/96146274/components/org.apache.stratos.manager/pom.xml
----------------------------------------------------------------------
diff --git a/components/org.apache.stratos.manager/pom.xml b/components/org.apache.stratos.manager/pom.xml
index 1f3d82a..9e1386f 100644
--- a/components/org.apache.stratos.manager/pom.xml
+++ b/components/org.apache.stratos.manager/pom.xml
@@ -126,21 +126,6 @@
<artifactId>mqtt-client</artifactId>
<version>0.4.0</version>
</dependency>
- <dependency>
- <groupId>org.wso2.carbon</groupId>
- <artifactId>org.wso2.carbon.identity.oauth</artifactId>
- <version>4.2.3</version>
- </dependency>
- <dependency>
- <groupId>org.wso2.carbon</groupId>
- <artifactId>org.wso2.carbon.identity.oauth.stub</artifactId>
- <version>4.2.3</version>
- </dependency>
- <dependency>
- <groupId>org.wso2.carbon</groupId>
- <artifactId>org.wso2.carbon.identity.application.mgt.stub</artifactId>
- <version>4.2.0</version>
- </dependency>
</dependencies>
<build>
http://git-wip-us.apache.org/repos/asf/stratos/blob/96146274/components/org.apache.stratos.manager/src/main/java/org/apache/stratos/manager/client/IdentityApplicationManagementServiceClient.java
----------------------------------------------------------------------
diff --git a/components/org.apache.stratos.manager/src/main/java/org/apache/stratos/manager/client/IdentityApplicationManagementServiceClient.java b/components/org.apache.stratos.manager/src/main/java/org/apache/stratos/manager/client/IdentityApplicationManagementServiceClient.java
deleted file mode 100644
index 7dccc7c..0000000
--- a/components/org.apache.stratos.manager/src/main/java/org/apache/stratos/manager/client/IdentityApplicationManagementServiceClient.java
+++ /dev/null
@@ -1,202 +0,0 @@
-/*
- * Licensed to the Apache Software Foundation (ASF) under one
- * or more contributor license agreements. See the NOTICE file
- * distributed with this work for additional information
- * regarding copyright ownership. The ASF licenses this file
- * to you under the Apache License, Version 2.0 (the
- * "License"); you may not use this file except in compliance
- * with the License. You may obtain a copy of the License at
- *
- * http://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing,
- * software distributed under the License is distributed on an
- * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
- * KIND, either express or implied. See the License for the
- * specific language governing permissions and limitations
- * under the License.
- */
-package org.apache.stratos.manager.client;
-
-import org.apache.amber.oauth2.client.OAuthClient;
-import org.apache.amber.oauth2.client.URLConnectionClient;
-import org.apache.amber.oauth2.client.request.OAuthClientRequest;
-import org.apache.amber.oauth2.client.response.OAuthClientResponse;
-import org.apache.amber.oauth2.common.exception.OAuthProblemException;
-import org.apache.amber.oauth2.common.exception.OAuthSystemException;
-import org.apache.amber.oauth2.common.message.types.GrantType;
-import org.apache.axis2.AxisFault;
-import org.apache.axis2.context.ConfigurationContext;
-import org.apache.axis2.transport.http.HTTPConstants;
-import org.apache.commons.logging.Log;
-import org.apache.commons.logging.LogFactory;
-import org.apache.stratos.manager.internal.DataHolder;
-import org.apache.stratos.manager.utils.CartridgeConstants;
-import org.wso2.carbon.base.ServerConfiguration;
-import org.wso2.carbon.identity.application.common.model.xsd.InboundAuthenticationRequestConfig;
-import org.wso2.carbon.identity.application.common.model.xsd.OutboundProvisioningConfig;
-import org.wso2.carbon.identity.application.common.model.xsd.Property;
-import org.wso2.carbon.identity.application.common.model.xsd.ServiceProvider;
-import org.wso2.carbon.identity.application.mgt.stub.IdentityApplicationManagementServiceIdentityApplicationManagementException;
-import org.wso2.carbon.identity.application.mgt.stub.IdentityApplicationManagementServiceStub;
-import org.wso2.carbon.identity.oauth.stub.OAuthAdminServiceException;
-import org.wso2.carbon.identity.oauth.stub.dto.OAuthConsumerAppDTO;
-import org.wso2.carbon.utils.CarbonUtils;
-
-import java.rmi.RemoteException;
-import java.util.ArrayList;
-import java.util.List;
-
-public class IdentityApplicationManagementServiceClient {
-
- private static final Log log = LogFactory.getLog(IdentityApplicationManagementServiceClient.class);
- private static final String ID_TOKEN = "id_token";
-
- private static IdentityApplicationManagementServiceClient serviceClient;
- private final IdentityApplicationManagementServiceStub stub;
-
- public IdentityApplicationManagementServiceClient(String epr) throws AxisFault {
-
-
- String autosclaerSocketTimeout =
- System.getProperty(CartridgeConstants.AUTOSCALER_SOCKET_TIMEOUT) == null ? "300000" : System.getProperty(CartridgeConstants.AUTOSCALER_SOCKET_TIMEOUT);
- String autosclaerConnectionTimeout =
- System.getProperty(CartridgeConstants.AUTOSCALER_CONNECTION_TIMEOUT) == null ? "300000" : System.getProperty(CartridgeConstants.AUTOSCALER_CONNECTION_TIMEOUT);
-
- ConfigurationContext clientConfigContext = DataHolder.getClientConfigContext();
- try {
- ServerConfiguration serverConfig = CarbonUtils.getServerConfiguration();
- String trustStorePath = serverConfig.getFirstProperty("Security.TrustStore.Location");
- String trustStorePassword = serverConfig.getFirstProperty("Security.TrustStore.Password");
- String type = serverConfig.getFirstProperty("Security.TrustStore.Type");
-
- System.setProperty("javax.net.ssl.trustStore", trustStorePath);
- System.setProperty("javax.net.ssl.trustStorePassword", trustStorePassword);
- System.setProperty("javax.net.ssl.trustStoreType", type);
-
- stub = new IdentityApplicationManagementServiceStub(clientConfigContext, epr);
- stub._getServiceClient().getOptions().setProperty(HTTPConstants.SO_TIMEOUT, new Integer(autosclaerSocketTimeout));
- stub._getServiceClient().getOptions().setProperty(HTTPConstants.CONNECTION_TIMEOUT, new Integer(autosclaerConnectionTimeout));
- Utility.setAuthHeaders(stub._getServiceClient(), "admin");
-
- } catch (AxisFault axisFault) {
- String msg = "Failed to initiate identity service client. " + axisFault.getMessage();
- log.error(msg, axisFault);
- throw new AxisFault(msg, axisFault);
- }
- }
-
- public static IdentityApplicationManagementServiceClient getServiceClient() throws AxisFault {
- if (serviceClient == null) {
- synchronized (IdentityApplicationManagementServiceClient.class) {
- if (serviceClient == null) {
- serviceClient = new IdentityApplicationManagementServiceClient(System.getProperty(CartridgeConstants.IDENTITY_SERVICE_URL) + "/services/IdentityApplicationManagementService");
- }
- }
- }
- return serviceClient;
- }
-
- public String createServiceProvider(String appName, String spName, String compositeAppId) throws RemoteException, OAuthAdminServiceException {
- OAuthConsumerAppDTO oAuthApplication = null;
- String accessToken = null;
-
- oAuthApplication = oAuthAdminServiceClient.getServiceClient().getOAuthApplication(appName);
-
- if(oAuthApplication == null){
- return null;
- }
-
- String consumerKey = oAuthApplication.getOauthConsumerKey();
- String consumerSecret = oAuthApplication.getOauthConsumerSecret();
-
- ServiceProvider serviceProvider = new ServiceProvider();
- serviceProvider.setApplicationName(spName);
-
- try {
- stub.createApplication(serviceProvider);
- } catch (IdentityApplicationManagementServiceIdentityApplicationManagementException e) {
- e.printStackTrace();
- }
- try {
- serviceProvider = stub.getApplication(spName);
- } catch (IdentityApplicationManagementServiceIdentityApplicationManagementException e) {
- e.printStackTrace();
- }
-
- serviceProvider.setOutboundProvisioningConfig(new OutboundProvisioningConfig());
-
- List<InboundAuthenticationRequestConfig> authRequestList = new ArrayList<InboundAuthenticationRequestConfig>();
-
-
- if (consumerKey != null) {
- InboundAuthenticationRequestConfig opicAuthenticationRequest =
- new InboundAuthenticationRequestConfig();
- opicAuthenticationRequest.setInboundAuthKey(consumerKey);
- opicAuthenticationRequest.setInboundAuthType("oauth2");
- if (consumerSecret != null && !consumerSecret.isEmpty()) {
- Property property = new Property();
- property.setName("oauthConsumerSecret");
- property.setValue(consumerSecret);
- Property[] properties = {property};
- opicAuthenticationRequest.setProperties(properties);
- }
- authRequestList.add(opicAuthenticationRequest);
- }
-
- String passiveSTSRealm = spName;
- if (passiveSTSRealm != null) {
- InboundAuthenticationRequestConfig opicAuthenticationRequest =
- new InboundAuthenticationRequestConfig();
- opicAuthenticationRequest.setInboundAuthKey(passiveSTSRealm);
- opicAuthenticationRequest.setInboundAuthType("passivests");
- authRequestList.add(opicAuthenticationRequest);
- }
-
- String openidRealm = spName;
- if (openidRealm != null) {
- InboundAuthenticationRequestConfig opicAuthenticationRequest =
- new InboundAuthenticationRequestConfig();
- opicAuthenticationRequest.setInboundAuthKey(openidRealm);
- opicAuthenticationRequest.setInboundAuthType("openid");
- authRequestList.add(opicAuthenticationRequest);
- }
-
- if (authRequestList.size() > 0) {
- serviceProvider.getInboundAuthenticationConfig()
- .setInboundAuthenticationRequestConfigs(authRequestList.toArray(new InboundAuthenticationRequestConfig[authRequestList.size()]));
- }
-
- try {
- stub.updateApplication(serviceProvider);
- } catch (IdentityApplicationManagementServiceIdentityApplicationManagementException e) {
- e.printStackTrace();
- }
-
- accessToken = getIdToken(compositeAppId, accessToken, consumerKey, consumerSecret);
- return accessToken;
- }
-
- private String getIdToken(String compositeAppId, String accessToken, String consumerKey, String consumerSecret) {
- String tokenEndpoint = System.getProperty(CartridgeConstants.IDENTITY_SERVICE_URL) + "oauth2/token";
- try {
- OAuthClientRequest accessRequest = OAuthClientRequest.tokenLocation(tokenEndpoint)
- .setGrantType(GrantType.CLIENT_CREDENTIALS)
- .setClientId(consumerKey)
- .setClientSecret(consumerSecret)
- .setScope(compositeAppId)
- .buildBodyMessage();
- OAuthClient oAuthClient = new OAuthClient(new URLConnectionClient());
-
- OAuthClientResponse oAuthResponse = oAuthClient.accessToken(accessRequest);
- accessToken = oAuthResponse.getParam(ID_TOKEN);
-
- } catch (OAuthSystemException e) {
- e.printStackTrace();
- } catch (OAuthProblemException e) {
- e.printStackTrace();
- }
- return accessToken;
- }
-
-}
http://git-wip-us.apache.org/repos/asf/stratos/blob/96146274/components/org.apache.stratos.manager/src/main/java/org/apache/stratos/manager/client/Utility.java
----------------------------------------------------------------------
diff --git a/components/org.apache.stratos.manager/src/main/java/org/apache/stratos/manager/client/Utility.java b/components/org.apache.stratos.manager/src/main/java/org/apache/stratos/manager/client/Utility.java
deleted file mode 100644
index 59f4230..0000000
--- a/components/org.apache.stratos.manager/src/main/java/org/apache/stratos/manager/client/Utility.java
+++ /dev/null
@@ -1,86 +0,0 @@
-/*
- * Licensed to the Apache Software Foundation (ASF) under one
- * or more contributor license agreements. See the NOTICE file
- * distributed with this work for additional information
- * regarding copyright ownership. The ASF licenses this file
- * to you under the Apache License, Version 2.0 (the
- * "License"); you may not use this file except in compliance
- * with the License. You may obtain a copy of the License at
- *
- * http://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing,
- * software distributed under the License is distributed on an
- * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
- * KIND, either express or implied. See the License for the
- * specific language governing permissions and limitations
- * under the License.
- */
-package org.apache.stratos.manager.client;
-
-import com.nimbusds.jose.JWSAlgorithm;
-import com.nimbusds.jose.JWSHeader;
-import com.nimbusds.jose.JWSSigner;
-import com.nimbusds.jose.crypto.RSASSASigner;
-import com.nimbusds.jwt.JWTClaimsSet;
-import com.nimbusds.jwt.SignedJWT;
-import org.apache.axiom.util.base64.Base64Utils;
-import org.apache.axis2.client.ServiceClient;
-import org.apache.axis2.transport.http.HTTPConstants;
-import org.apache.commons.httpclient.Header;
-import org.apache.commons.logging.Log;
-import org.apache.commons.logging.LogFactory;
-import org.wso2.carbon.base.MultitenantConstants;
-import org.wso2.carbon.core.util.KeyStoreManager;
-
-import java.security.SignatureException;
-import java.security.interfaces.RSAPrivateKey;
-import java.util.ArrayList;
-import java.util.List;
-
-public class Utility {
- public static final String SIGNED_JWT_AUTH_USERNAME = "Username";
- public static final String BEARER = "Bearer";
- private static final Log log = LogFactory.getLog(Utility.class);
-
- /**
- * Set Auth headers to service client. Singed JWT authentication handler expect username
- * as a claim in order to validate the user. This is an alternative to mutual auth.
- *
- * @param serviceClient Service client.
- * @param username username which is set in header.
- */
-
- public static void setAuthHeaders(ServiceClient serviceClient, String username) {
- List headerList = new ArrayList();
- Header header = new Header();
- header.setName(HTTPConstants.HEADER_AUTHORIZATION);
- header.setValue(getAuthHeader(username));
- headerList.add(header);
- serviceClient.getOptions().setProperty(HTTPConstants.HTTP_HEADERS, headerList);
- }
-
- public static String getAuthHeader(String username) throws RuntimeException {
-
- KeyStoreManager keyStoreManager;
- keyStoreManager = KeyStoreManager.getInstance(MultitenantConstants.SUPER_TENANT_ID);
- try {
- keyStoreManager.getDefaultPrimaryCertificate();
- JWSSigner signer = new RSASSASigner((RSAPrivateKey) keyStoreManager.getDefaultPrivateKey());
- JWTClaimsSet claimsSet = new JWTClaimsSet();
- claimsSet.setClaim(SIGNED_JWT_AUTH_USERNAME, username);
- SignedJWT signedJWT = new SignedJWT(new JWSHeader(JWSAlgorithm.RS512), claimsSet);
- signedJWT.sign(signer);
-
- return BEARER + " " + Base64Utils.encode(signedJWT.serialize().getBytes());
- } catch (SignatureException e) {
- String msg = "Failed to sign with signature instance";
- log.error(msg, e);
- throw new RuntimeException(msg, e);
- } catch (Exception e) {
- String msg = "Failed to get primary default certificate";
- log.error(msg, e);
- throw new RuntimeException(msg, e);
- }
- }
-}
http://git-wip-us.apache.org/repos/asf/stratos/blob/96146274/components/org.apache.stratos.manager/src/main/java/org/apache/stratos/manager/client/oAuthAdminServiceClient.java
----------------------------------------------------------------------
diff --git a/components/org.apache.stratos.manager/src/main/java/org/apache/stratos/manager/client/oAuthAdminServiceClient.java b/components/org.apache.stratos.manager/src/main/java/org/apache/stratos/manager/client/oAuthAdminServiceClient.java
deleted file mode 100644
index febf8c7..0000000
--- a/components/org.apache.stratos.manager/src/main/java/org/apache/stratos/manager/client/oAuthAdminServiceClient.java
+++ /dev/null
@@ -1,96 +0,0 @@
-/*
- * Licensed to the Apache Software Foundation (ASF) under one
- * or more contributor license agreements. See the NOTICE file
- * distributed with this work for additional information
- * regarding copyright ownership. The ASF licenses this file
- * to you under the Apache License, Version 2.0 (the
- * "License"); you may not use this file except in compliance
- * with the License. You may obtain a copy of the License at
- *
- * http://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing,
- * software distributed under the License is distributed on an
- * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
- * KIND, either express or implied. See the License for the
- * specific language governing permissions and limitations
- * under the License.
- */
-package org.apache.stratos.manager.client;
-
-import org.apache.axis2.AxisFault;
-import org.apache.axis2.context.ConfigurationContext;
-import org.apache.axis2.transport.http.HTTPConstants;
-import org.apache.commons.logging.Log;
-import org.apache.commons.logging.LogFactory;
-import org.apache.stratos.manager.internal.DataHolder;
-import org.apache.stratos.manager.utils.CartridgeConstants;
-import org.wso2.carbon.base.ServerConfiguration;
-import org.wso2.carbon.identity.oauth.stub.OAuthAdminServiceException;
-import org.wso2.carbon.identity.oauth.stub.OAuthAdminServiceStub;
-import org.wso2.carbon.identity.oauth.stub.dto.OAuthConsumerAppDTO;
-import org.wso2.carbon.utils.CarbonUtils;
-
-import java.rmi.RemoteException;
-
-public class oAuthAdminServiceClient {
-
- public static final String GRANT_TYPE = "client-credentials";
- private static final Log log = LogFactory.getLog(oAuthAdminServiceClient.class);
- private static final String OAUTH_2_0 = "oauth-2.0";
- private static oAuthAdminServiceClient serviceClient;
- private final OAuthAdminServiceStub stub;
-
- public oAuthAdminServiceClient(String epr) throws AxisFault {
-
- String autosclaerSocketTimeout =
- System.getProperty(CartridgeConstants.AUTOSCALER_SOCKET_TIMEOUT) == null ? "300000" : System.getProperty(CartridgeConstants.AUTOSCALER_SOCKET_TIMEOUT);
- String autosclaerConnectionTimeout =
- System.getProperty(CartridgeConstants.AUTOSCALER_CONNECTION_TIMEOUT) == null ? "300000" : System.getProperty(CartridgeConstants.AUTOSCALER_CONNECTION_TIMEOUT);
-
- ConfigurationContext clientConfigContext = DataHolder.getClientConfigContext();
- try {
- ServerConfiguration serverConfig = CarbonUtils.getServerConfiguration();
- String trustStorePath = serverConfig.getFirstProperty("Security.TrustStore.Location");
- String trustStorePassword = serverConfig.getFirstProperty("Security.TrustStore.Password");
- String type = serverConfig.getFirstProperty("Security.TrustStore.Type");
- System.setProperty("javax.net.ssl.trustStore", trustStorePath);
- System.setProperty("javax.net.ssl.trustStorePassword", trustStorePassword);
- System.setProperty("javax.net.ssl.trustStoreType", type);
-
- stub = new OAuthAdminServiceStub(clientConfigContext, epr);
- stub._getServiceClient().getOptions().setProperty(HTTPConstants.SO_TIMEOUT, new Integer(autosclaerSocketTimeout));
- stub._getServiceClient().getOptions().setProperty(HTTPConstants.CONNECTION_TIMEOUT, new Integer(autosclaerConnectionTimeout));
- Utility.setAuthHeaders(stub._getServiceClient(), "admin");
-
- } catch (AxisFault axisFault) {
- String msg = "Failed to initiate identity service client. " + axisFault.getMessage();
- log.error(msg, axisFault);
- throw new AxisFault(msg, axisFault);
- }
- }
-
- public static oAuthAdminServiceClient getServiceClient() throws AxisFault {
- if (serviceClient == null) {
- synchronized (oAuthAdminServiceClient.class) {
- if (serviceClient == null) {
- serviceClient = new oAuthAdminServiceClient(System.getProperty(CartridgeConstants.IDENTITY_SERVICE_URL) + "/services/OAuthAdminService");
- }
- }
- }
- return serviceClient;
- }
-
- public void registerOauthApplication(String appName) throws RemoteException, OAuthAdminServiceException {
- OAuthConsumerAppDTO oAuthConsumerDTO = new OAuthConsumerAppDTO();
- oAuthConsumerDTO.setApplicationName(appName);
- oAuthConsumerDTO.setOAuthVersion(OAUTH_2_0);
- oAuthConsumerDTO.setGrantTypes(GRANT_TYPE);
- stub.registerOAuthApplicationData(oAuthConsumerDTO);
- }
-
- public OAuthConsumerAppDTO getOAuthApplication(String name) throws RemoteException, OAuthAdminServiceException {
- return stub.getOAuthApplicationDataByAppName(name);
- }
-
-}
http://git-wip-us.apache.org/repos/asf/stratos/blob/96146274/components/org.apache.stratos.metadataservice/pom.xml
----------------------------------------------------------------------
diff --git a/components/org.apache.stratos.metadataservice/pom.xml b/components/org.apache.stratos.metadataservice/pom.xml
index 9e0b6d2..93b12e9 100644
--- a/components/org.apache.stratos.metadataservice/pom.xml
+++ b/components/org.apache.stratos.metadataservice/pom.xml
@@ -73,7 +73,7 @@
<directory>src/main/webapp/${appName}</directory>
</resource>
</webResources>
- <warName>stratosmetadataservice</warName>
+ <warName>metadataapi</warName>
@@ -158,6 +158,11 @@
<version>4.2.0</version>
<scope>provided</scope>
</dependency>
+ <dependency>
+ <groupId>com.nimbusds.wso2</groupId>
+ <artifactId>nimbus-jose-jwt</artifactId>
+ <version>2.26.1.wso2v2</version>
+ </dependency>
</dependencies>
http://git-wip-us.apache.org/repos/asf/stratos/blob/96146274/components/org.apache.stratos.rest.endpoint/src/main/java/org/apache/stratos/rest/endpoint/api/StratosApiV41Utils.java
----------------------------------------------------------------------
diff --git a/components/org.apache.stratos.rest.endpoint/src/main/java/org/apache/stratos/rest/endpoint/api/StratosApiV41Utils.java b/components/org.apache.stratos.rest.endpoint/src/main/java/org/apache/stratos/rest/endpoint/api/StratosApiV41Utils.java
index 6290500..6282901 100644
--- a/components/org.apache.stratos.rest.endpoint/src/main/java/org/apache/stratos/rest/endpoint/api/StratosApiV41Utils.java
+++ b/components/org.apache.stratos.rest.endpoint/src/main/java/org/apache/stratos/rest/endpoint/api/StratosApiV41Utils.java
@@ -23,19 +23,14 @@ import org.apache.axis2.context.ConfigurationContext;
import org.apache.commons.lang.StringUtils;
import org.apache.commons.logging.Log;
import org.apache.commons.logging.LogFactory;
-import org.apache.stratos.autoscaler.stub.Properties;
-import org.apache.stratos.autoscaler.stub.pojo.ApplicationContext;
import org.apache.stratos.autoscaler.stub.*;
import org.apache.stratos.autoscaler.stub.deployment.policy.DeploymentPolicy;
-import org.apache.stratos.autoscaler.stub.exception.InvalidKubernetesGroupException;
+import org.apache.stratos.autoscaler.stub.pojo.ApplicationContext;
import org.apache.stratos.cloud.controller.stub.*;
import org.apache.stratos.cloud.controller.stub.domain.CartridgeConfig;
import org.apache.stratos.cloud.controller.stub.domain.CartridgeInfo;
-import org.apache.stratos.common.Property;
import org.apache.stratos.manager.client.AutoscalerServiceClient;
import org.apache.stratos.manager.client.CloudControllerServiceClient;
-import org.apache.stratos.manager.client.IdentityApplicationManagementServiceClient;
-import org.apache.stratos.manager.client.oAuthAdminServiceClient;
import org.apache.stratos.manager.composite.application.beans.ApplicationDefinition;
import org.apache.stratos.manager.deploy.cartridge.CartridgeDeploymentManager;
import org.apache.stratos.manager.deploy.service.Service;
@@ -81,11 +76,9 @@ import org.apache.stratos.rest.endpoint.bean.repositoryNotificationInfoBean.Payl
import org.apache.stratos.rest.endpoint.bean.subscription.domain.SubscriptionDomainBean;
import org.apache.stratos.rest.endpoint.bean.util.converter.PojoConverter;
import org.apache.stratos.rest.endpoint.exception.RestAPIException;
-import org.wso2.carbon.identity.oauth.stub.OAuthAdminServiceException;
import javax.ws.rs.core.Response;
import javax.ws.rs.core.Response.Status;
-
import java.rmi.RemoteException;
import java.util.*;
import java.util.regex.Pattern;
@@ -1965,25 +1958,5 @@ public class StratosApiV41Utils {
throw new RestAPIException(e.getMessage(), e);
}
}
-
- }
-
- public static void createToken() throws RestAPIException {
- String appName = "testudara" + Math.random();
- String compositeAppId = "app1";
- try {
- oAuthAdminServiceClient.getServiceClient().registerOauthApplication(appName);
- } catch (RemoteException e) {
- throw new RestAPIException(e);
- } catch (OAuthAdminServiceException e) {
- throw new RestAPIException(e);
- }
- try {
- IdentityApplicationManagementServiceClient.getServiceClient().createServiceProvider(appName, appName, compositeAppId);
- } catch (RemoteException e) {
- throw new RestAPIException(e);
- } catch (OAuthAdminServiceException e) {
- e.printStackTrace();
- }
}
}
http://git-wip-us.apache.org/repos/asf/stratos/blob/96146274/tools/stratos-installer/config/all/repository/conf/autoscaler.xml
----------------------------------------------------------------------
diff --git a/tools/stratos-installer/config/all/repository/conf/autoscaler.xml b/tools/stratos-installer/config/all/repository/conf/autoscaler.xml
index c2579ef..7a73300 100755
--- a/tools/stratos-installer/config/all/repository/conf/autoscaler.xml
+++ b/tools/stratos-installer/config/all/repository/conf/autoscaler.xml
@@ -37,6 +37,11 @@
<!--SM client timeout in ms-->
<clientTimeout>300000</clientTimeout>
</stratosManager>
+ <identity>
+ <hostname>localhost</hostname>
+ <port>9443</port>
+ <clientTimeout>300000</clientTimeout>
+ </identity>
<member>
<vm>
<!-- this is the maximum time(ms) a vm member can be in pending member state -->
[5/6] stratos git commit: stoping AS publihing to metadata service
Posted by ud...@apache.org.
stoping AS publihing to metadata service
Project: http://git-wip-us.apache.org/repos/asf/stratos/repo
Commit: http://git-wip-us.apache.org/repos/asf/stratos/commit/7ca80c9d
Tree: http://git-wip-us.apache.org/repos/asf/stratos/tree/7ca80c9d
Diff: http://git-wip-us.apache.org/repos/asf/stratos/diff/7ca80c9d
Branch: refs/heads/master
Commit: 7ca80c9d1f440a0322e087b85273524a92a35ab6
Parents: 9614627
Author: Udara Liyanage <ud...@wso2.com>
Authored: Thu Dec 4 22:28:13 2014 +0530
Committer: Udara Liyanage <ud...@wso2.com>
Committed: Fri Dec 5 19:31:33 2014 +0530
----------------------------------------------------------------------
.../org/apache/stratos/autoscaler/api/AutoScalerServiceImpl.java | 3 +--
1 file changed, 1 insertion(+), 2 deletions(-)
----------------------------------------------------------------------
http://git-wip-us.apache.org/repos/asf/stratos/blob/7ca80c9d/components/org.apache.stratos.autoscaler/src/main/java/org/apache/stratos/autoscaler/api/AutoScalerServiceImpl.java
----------------------------------------------------------------------
diff --git a/components/org.apache.stratos.autoscaler/src/main/java/org/apache/stratos/autoscaler/api/AutoScalerServiceImpl.java b/components/org.apache.stratos.autoscaler/src/main/java/org/apache/stratos/autoscaler/api/AutoScalerServiceImpl.java
index 64016fc..66fcffd 100644
--- a/components/org.apache.stratos.autoscaler/src/main/java/org/apache/stratos/autoscaler/api/AutoScalerServiceImpl.java
+++ b/components/org.apache.stratos.autoscaler/src/main/java/org/apache/stratos/autoscaler/api/AutoScalerServiceImpl.java
@@ -45,7 +45,6 @@ import org.apache.stratos.autoscaler.pojo.policy.deployment.ChildPolicy;
import org.apache.stratos.autoscaler.pojo.policy.deployment.DeploymentPolicy;
import org.apache.stratos.autoscaler.pojo.policy.deployment.partition.network.ApplicationLevelNetworkPartition;
import org.apache.stratos.autoscaler.pojo.policy.deployment.partition.network.ChildLevelNetworkPartition;
-import org.apache.stratos.autoscaler.pojo.policy.deployment.partition.network.ChildLevelPartition;
import org.apache.stratos.autoscaler.pojo.policy.deployment.partition.network.Partition;
import org.apache.stratos.autoscaler.registry.RegistryManager;
import org.apache.stratos.autoscaler.util.AutoscalerUtil;
@@ -391,7 +390,7 @@ public class AutoScalerServiceImpl implements AutoScalerServiceInterface {
ApplicationParser applicationParser = new DefaultApplicationParser();
Application application = applicationParser.parse(applicationContext);
- publishMetadata(applicationParser, application.getUniqueIdentifier());
+ // publishMetadata(applicationParser, application.getUniqueIdentifier());
ApplicationBuilder.handleApplicationCreated(application,
applicationParser.getApplicationClusterContexts());
}
[2/6] stratos git commit: add identity.xml and
application-authentication.xml to product
Posted by ud...@apache.org.
add identity.xml and application-authentication.xml to product
Project: http://git-wip-us.apache.org/repos/asf/stratos/repo
Commit: http://git-wip-us.apache.org/repos/asf/stratos/commit/7aadf446
Tree: http://git-wip-us.apache.org/repos/asf/stratos/tree/7aadf446
Diff: http://git-wip-us.apache.org/repos/asf/stratos/diff/7aadf446
Branch: refs/heads/master
Commit: 7aadf446fc1c272b41e7219860cb8bda8ef084c1
Parents: 7ca80c9
Author: Udara Liyanage <ud...@wso2.com>
Authored: Fri Dec 5 19:24:58 2014 +0530
Committer: Udara Liyanage <ud...@wso2.com>
Committed: Fri Dec 5 19:31:33 2014 +0530
----------------------------------------------------------------------
.../modules/distribution/src/assembly/bin.xml | 14 +-
.../distribution/src/main/conf/identity.xml | 258 +++++++++++++++++++
.../security/application-authentication.xml | 123 +++++++++
products/stratos/pom.xml | 18 +-
.../config/all/repository/conf/identity.xml | 245 ++++++++++++++++++
.../security/application-authentication.xml | 123 +++++++++
tools/stratos-installer/setup.sh | 7 +
7 files changed, 778 insertions(+), 10 deletions(-)
----------------------------------------------------------------------
http://git-wip-us.apache.org/repos/asf/stratos/blob/7aadf446/products/stratos/modules/distribution/src/assembly/bin.xml
----------------------------------------------------------------------
diff --git a/products/stratos/modules/distribution/src/assembly/bin.xml b/products/stratos/modules/distribution/src/assembly/bin.xml
index a9ce001..07b7de4 100755
--- a/products/stratos/modules/distribution/src/assembly/bin.xml
+++ b/products/stratos/modules/distribution/src/assembly/bin.xml
@@ -316,7 +316,6 @@
<directory>../p2-profile-gen/target/wso2carbon-core-${carbon.kernel.version}/repository/conf/</directory>
<outputDirectory>${pom.artifactId}-${pom.version}/repository/conf/</outputDirectory>
<includes>
- <include>**/identity.xml</include>
<include>**/rule-engine-config.xml</include>
</includes>
</fileSet>
@@ -663,6 +662,19 @@
<filtered>true</filtered>
<fileMode>755</fileMode>
</file>
+ <!--iindentity.xml and application-authentication.xml for oAuth feature -->
+ <file>
+ <source>src/main/conf/identity.xml</source>
+ <outputDirectory>${pom.artifactId}-${pom.version}/repository/conf</outputDirectory>
+ <filtered>true</filtered>
+ <fileMode>755</fileMode>
+ </file>
+ <file>
+ <source>src/main/conf/security/application-authentication.xml</source>
+ <outputDirectory>${pom.artifactId}-${pom.version}/repository/conf/security/</outputDirectory>
+ <filtered>true</filtered>
+ <fileMode>755</fileMode>
+ </file>
<file>
<source>src/main/conf/metadataservice.xml</source>
<outputDirectory>${pom.artifactId}-${pom.version}/repository/conf</outputDirectory>
http://git-wip-us.apache.org/repos/asf/stratos/blob/7aadf446/products/stratos/modules/distribution/src/main/conf/identity.xml
----------------------------------------------------------------------
diff --git a/products/stratos/modules/distribution/src/main/conf/identity.xml b/products/stratos/modules/distribution/src/main/conf/identity.xml
new file mode 100644
index 0000000..a63f8e6
--- /dev/null
+++ b/products/stratos/modules/distribution/src/main/conf/identity.xml
@@ -0,0 +1,258 @@
+<?xml version="1.0" encoding="ISO-8859-1"?>
+<!-- ~ Copyright (c) 2005-2011, WSO2 Inc. (http://www.wso2.org) All Rights
+ Reserved. ~ ~ WSO2 Inc. licenses this file to you under the Apache License,
+ ~ Version 2.0 (the "License"); you may not use this file except ~ in compliance
+ with the License. ~ You may obtain a copy of the License at ~ ~ http://www.apache.org/licenses/LICENSE-2.0
+ ~ ~ Unless required by applicable law or agreed to in writing, ~ software
+ distributed under the License is distributed on an ~ "AS IS" BASIS, WITHOUT
+ WARRANTIES OR CONDITIONS OF ANY ~ KIND, either express or implied. See the
+ License for the ~ specific language governing permissions and limitations
+ ~ under the License. -->
+
+<Server xmlns="http://wso2.org/projects/carbon/carbon.xml">
+
+ <JDBCPersistenceManager>
+ <DataSource>
+ <!-- Include a data source name (jndiConfigName) from the set of data
+ sources defined in master-datasources.xml -->
+ <Name>jdbc/WSO2CarbonDB</Name>
+ </DataSource>
+ <!-- If the identity database is created from another place and if it is
+ required to skip schema initialization during the server start up, set the
+ following property to "true". -->
+ <!-- <SkipDBSchemaCreation>false</SkipDBSchemaCreation> -->
+ </JDBCPersistenceManager>
+
+ <!-- Security configurations -->
+ <Security>
+ <UserTrustedRPStore>
+ <Location>${carbon.home}/repository/resources/security/userRP.jks
+ </Location>
+ <!-- Keystore type (JKS/PKCS12 etc.) -->
+ <Type>JKS</Type>
+ <!-- Keystore password -->
+ <Password>wso2carbon</Password>
+ <!-- Private Key password -->
+ <KeyPassword>wso2carbon</KeyPassword>
+ </UserTrustedRPStore>
+
+ <!-- The directory under which all other KeyStore files will be stored -->
+ <KeyStoresDir>${carbon.home}/conf/keystores</KeyStoresDir>
+ </Security>
+
+ <Identity>
+ <IssuerPolicy>SelfAndManaged</IssuerPolicy>
+ <TokenValidationPolicy>CertValidate</TokenValidationPolicy>
+ <BlackList></BlackList>
+ <WhiteList></WhiteList>
+ <System>
+ <KeyStore></KeyStore>
+ <StorePass></StorePass>
+ </System>
+ </Identity>
+
+ <OpenID>
+ <OpenIDServerUrl>https://localhost:9443/openidserver</OpenIDServerUrl>
+ <OpenIDUserPattern>https://localhost:9443/openid/</OpenIDUserPattern>
+ <!-- If the users must be prompted for approval -->
+ <OpenIDSkipUserConsent>false</OpenIDSkipUserConsent>
+ <!-- Expiry time of the OpenID RememberMe token in minutes -->
+ <OpenIDRememberMeExpiry>7200</OpenIDRememberMeExpiry>
+ <!-- Multifactor Authentication configuration -->
+ <UseMultifactorAuthentication>false</UseMultifactorAuthentication>
+ <!-- To enable or disable openid dumb mode -->
+ <DisableOpenIDDumbMode>false</DisableOpenIDDumbMode>
+ <!-- remember me session timeout in seconds -->
+ <SessionTimeout>36000</SessionTimeout>
+ <!-- skips authentication if valid SAML2 Web SSO browser session available -->
+ <AcceptSAMLSSOLogin>false</AcceptSAMLSSOLogin>
+ <ClaimsRetrieverImplClass>org.wso2.carbon.identity.provider.openid.claims.DefaultClaimsRetriever</ClaimsRetrieverImplClass>
+ </OpenID>
+
+ <OAuth>
+ <RequestTokenUrl>https://localhost:9443/oauth/request-token</RequestTokenUrl>
+ <AccessTokenUrl>https://localhost:9443/oauth/access-token</AccessTokenUrl>
+ <AuthorizeUrl>https://localhost:9443/oauth/authorize-url</AuthorizeUrl>
+ <!-- Default validity period for Authorization Code in seconds -->
+ <AuthorizationCodeDefaultValidityPeriod>300</AuthorizationCodeDefaultValidityPeriod>
+ <!-- Default validity period for user access tokens in seconds -->
+ <AccessTokenDefaultValidityPeriod>3602</AccessTokenDefaultValidityPeriod>
+ <!-- Default validity period for application access tokens in seconds -->
+ <UserAccessTokenDefaultValidityPeriod>3603</UserAccessTokenDefaultValidityPeriod>
+ <!-- Validity period for refresh token -->
+ <RefreshTokenValidityPeriod>84600</RefreshTokenValidityPeriod>
+ <!-- Timestamp skew in seconds -->
+ <TimestampSkew>300</TimestampSkew>
+ <!-- Enable OAuth caching -->
+ <EnableOAuthCache>true</EnableOAuthCache>
+ <!-- Enable renewal of refresh token for refresh_token grant -->
+ <RenewRefreshTokenForRefreshGrant>true</RenewRefreshTokenForRefreshGrant>
+ <!-- Process the token before storing it in database, e.g. encrypting -->
+ <TokenPersistenceProcessor>org.wso2.carbon.identity.oauth.tokenprocessor.PlainTextPersistenceProcessor</TokenPersistenceProcessor>
+ <!-- Supported Client Autnetication Methods -->
+ <ClientAuthHandlers>
+ <ClientAuthHandlerImplClass>org.wso2.carbon.identity.oauth2.token.handlers.clientauth.BasicAuthClientAuthHandler</ClientAuthHandlerImplClass>
+ </ClientAuthHandlers>
+ <!-- Supported Response Types -->
+ <SupportedResponseTypes>
+ <SupportedResponseType>
+ <ResponseTypeName>token</ResponseTypeName>
+ <ResponseTypeHandlerImplClass>org.wso2.carbon.identity.oauth2.authz.handlers.TokenResponseTypeHandler</ResponseTypeHandlerImplClass>
+ </SupportedResponseType>
+ <SupportedResponseType>
+ <ResponseTypeName>code</ResponseTypeName>
+ <ResponseTypeHandlerImplClass>org.wso2.carbon.identity.oauth2.authz.handlers.CodeResponseTypeHandler</ResponseTypeHandlerImplClass>
+ </SupportedResponseType>
+ </SupportedResponseTypes>
+ <!-- Supported Grant Types -->
+ <SupportedGrantTypes>
+ <SupportedGrantType>
+ <GrantTypeName>authorization_code</GrantTypeName>
+ <GrantTypeHandlerImplClass>org.wso2.carbon.identity.oauth2.token.handlers.grant.AuthorizationCodeGrantHandler</GrantTypeHandlerImplClass>
+ </SupportedGrantType>
+ <SupportedGrantType>
+ <GrantTypeName>password</GrantTypeName>
+ <GrantTypeHandlerImplClass>org.wso2.carbon.identity.oauth2.token.handlers.grant.PasswordGrantHandler</GrantTypeHandlerImplClass>
+ </SupportedGrantType>
+ <!--
+ <SupportedGrantType>
+ <GrantTypeName>password</GrantTypeName>
+ <GrantTypeHandlerImplClass>org.udara.handlers.MyPasswordGrantHandler</GrantTypeHandlerImplClass>
+ </SupportedGrantType>
+ -->
+ <SupportedGrantType>
+ <GrantTypeName>refresh_token</GrantTypeName>
+ <GrantTypeHandlerImplClass>org.wso2.carbon.identity.oauth2.token.handlers.grant.RefreshGrantHandler</GrantTypeHandlerImplClass>
+ </SupportedGrantType>
+ <SupportedGrantType>
+ <GrantTypeName>client_credentials</GrantTypeName>
+ <!--<GrantTypeHandlerImplClass>org.wso2.carbon.identity.oauth2.token.handlers.grant.ClientCredentialsGrantHandler</GrantTypeHandlerImplClass>-->
+ <GrantTypeHandlerImplClass>org.udara.handlers.ClientCredentialsGrantHandler</GrantTypeHandlerImplClass>
+ </SupportedGrantType>
+ <SupportedGrantType>
+ <GrantTypeName>urn:ietf:params:oauth:grant-type:saml2-bearer</GrantTypeName>
+ <GrantTypeHandlerImplClass>org.wso2.carbon.identity.oauth2.token.handlers.grant.saml.SAML2BearerGrantHandler</GrantTypeHandlerImplClass>
+ </SupportedGrantType>
+ <SupportedGrantType>
+ <GrantTypeName>iwa:ntlm</GrantTypeName>
+ <GrantTypeHandlerImplClass>org.wso2.carbon.identity.oauth2.token.handlers.grant.iwa.ntlm.NTLMAuthenticationGrantHandler</GrantTypeHandlerImplClass>
+ </SupportedGrantType>
+ </SupportedGrantTypes>
+ <OAuthCallbackHandlers>
+ <OAuthCallbackHandler Class="org.wso2.carbon.identity.oauth.callback.DefaultCallbackHandler" />
+ </OAuthCallbackHandlers>
+ <!--TokenValidators>
+ <TokenValidator type="bearer" class="org.wso2.carbon.identity.oauth2.validators.DefaultOAuth2TokenValidator"/>
+ </TokenValidators-->
+ <!-- Assertions can be used to embedd parameters into access token. -->
+ <EnableAssertions>
+ <UserName>false</UserName>
+ </EnableAssertions>
+
+ <!-- This should be set to true when using multiple user stores and keys
+ should saved into different tables according to the user store. By default
+ all the application keys are saved in to the same table. UserName Assertion
+ should be 'true' to use this. -->
+ <EnableAccessTokenPartitioning>false</EnableAccessTokenPartitioning>
+ <!-- user store domain names and mapping to new table name. eg: if you
+ provide 'A:foo.com', foo.com should be the user store domain name and 'A'
+ represent the relavant mapping of token store table, i.e. tokens will be
+ added to a table called IDN_OAUTH2_ACCESS_TOKEN_A. -->
+ <AccessTokenPartitioningDomains><!-- A:foo.com, B:bar.com -->
+ </AccessTokenPartitioningDomains>
+ <AuthorizationContextTokenGeneration>
+ <Enabled>false</Enabled>
+ <TokenGeneratorImplClass>org.wso2.carbon.identity.oauth2.authcontext.JWTTokenGenerator</TokenGeneratorImplClass>
+ <ClaimsRetrieverImplClass>org.wso2.carbon.identity.oauth2.authcontext.DefaultClaimsRetriever</ClaimsRetrieverImplClass>
+ <ConsumerDialectURI>http://wso2.org/claims</ConsumerDialectURI>
+ <SignatureAlgorithm>SHA256withRSA</SignatureAlgorithm>
+ <AuthorizationContextTTL>15</AuthorizationContextTTL>
+ </AuthorizationContextTokenGeneration>
+ <SAML2Grant>
+ <!--SAML2TokenHandler></SAML2TokenHandler-->
+ </SAML2Grant>
+ <OpenIDConnect>
+ <IDTokenBuilder>org.wso2.carbon.identity.openidconnect.DefaultIDTokenBuilder</IDTokenBuilder>
+ <IDTokenIssuerID>https://localhost:9443/oauth2endpoints/token</IDTokenIssuerID>
+ <IDTokenSubjectClaim>http://wso2.org/claims/givenname</IDTokenSubjectClaim>
+ <IDTokenCustomClaimsCallBackHandler>org.wso2.carbon.identity.openidconnect.SAMLAssertionClaimsCallback</IDTokenCustomClaimsCallBackHandler>
+ <IDTokenExpiration>-1</IDTokenExpiration>
+ <UserInfoEndpointClaimDialect>http://wso2.org/claims</UserInfoEndpointClaimDialect>
+ <UserInfoEndpointClaimRetriever>org.wso2.carbon.identity.oauth.endpoint.user.impl.UserInfoUserStoreClaimRetriever</UserInfoEndpointClaimRetriever>
+ <UserInfoEndpointRequestValidator>org.wso2.carbon.identity.oauth.endpoint.user.impl.UserInforRequestDefaultValidator</UserInfoEndpointRequestValidator>
+ <UserInfoEndpointAccessTokenValidator>org.wso2.carbon.identity.oauth.endpoint.user.impl.UserInfoISAccessTokenValidator</UserInfoEndpointAccessTokenValidator>
+ <UserInfoEndpointResponseBuilder>org.wso2.carbon.identity.oauth.endpoint.user.impl.UserInfoJSONResponseBuilder</UserInfoEndpointResponseBuilder>
+ <SkipUserConsent>false</SkipUserConsent>
+ </OpenIDConnect>
+ </OAuth>
+
+ <MultifactorAuthentication>
+ <XMPPSettings>
+ <XMPPConfig>
+ <XMPPProvider>gtalk</XMPPProvider>
+ <XMPPServer>talk.google.com</XMPPServer>
+ <XMPPPort>5222</XMPPPort>
+ <XMPPExt>gmail.com</XMPPExt>
+ <XMPPUserName>multifactor1@gmail.com</XMPPUserName>
+ <XMPPPassword>wso2carbon</XMPPPassword>
+ </XMPPConfig>
+ </XMPPSettings>
+ </MultifactorAuthentication>
+
+ <SSOService>
+ <EntityId>localhost</EntityId>
+ <IdentityProviderURL>https://localhost:9443/samlsso</IdentityProviderURL>
+ <SingleLogoutRetryCount>5</SingleLogoutRetryCount>
+ <SingleLogoutRetryInterval>60000</SingleLogoutRetryInterval> <!-- in milli seconds -->
+ <TenantPartitioningEnabled>false</TenantPartitioningEnabled>
+ <SessionTimeout>36000</SessionTimeout> <!-- remember me session timeout in seconds -->
+ <!-- skips authentication if valid SAML2 Web SSO browser session available -->
+ <AttributeStatementBuilder>org.wso2.carbon.identity.sso.saml.attributes.UserAttributeStatementBuilder</AttributeStatementBuilder>
+ <AttributesClaimDialect>http://wso2.org/claims</AttributesClaimDialect>
+ <AcceptOpenIDLogin>false</AcceptOpenIDLogin>
+ <ClaimsRetrieverImplClass>org.wso2.carbon.identity.sso.saml.builders.claims.DefaultClaimsRetriever</ClaimsRetrieverImplClass>
+ <SAMLSSOEncrypter>org.wso2.carbon.identity.sso.saml.builders.encryption.DefaultSSOEncrypter</SAMLSSOEncrypter>
+ <SAMLSSOSigner>org.wso2.carbon.identity.sso.saml.builders.signature.DefaultSSOSigner</SAMLSSOSigner>
+ <SAML2HTTPRedirectSignatureValidator>org.wso2.carbon.identity.sso.saml.validators.SAML2HTTPRedirectDeflateSignatureValidator</SAML2HTTPRedirectSignatureValidator>
+ <!--SAMLSSOResponseBuilder>org.wso2.carbon.identity.sso.saml.builders.DefaultResponseBuilder</SAMLSSOResponseBuilder-->
+
+ <!-- SAML Token validity period in minutes -->
+ <SAMLResponseValidityPeriod>5</SAMLResponseValidityPeriod>
+ <UseAuthenticatedUserDomain>false</UseAuthenticatedUserDomain>
+ </SSOService>
+
+ <EntitlementSettings>
+ <!-- Uncomment this to enable on-demand policy loading -->
+ <!--OnDemandPolicyLoading> <Enable>true</Enable> <MaxInMemoryPolicies>100</MaxInMemoryPolicies>
+ </OnDemandPolicyLoading -->
+ <DecisionCaching>
+ <Enable>true</Enable>
+ <CachingInterval>36000</CachingInterval>
+ </DecisionCaching>
+ <AttributeCaching>
+ <Enable>true</Enable>
+ </AttributeCaching>
+ <ThirftBasedEntitlementConfig>
+ <EnableThriftService>true</EnableThriftService>
+ <ReceivePort>${Ports.ThriftEntitlementReceivePort}</ReceivePort>
+ <ClientTimeout>10000</ClientTimeout>
+ <KeyStore>
+ <Location>${carbon.home}/repository/resources/security/wso2carbon.jks</Location>
+ <Password>wso2carbon</Password>
+ </KeyStore>
+ </ThirftBasedEntitlementConfig>
+ </EntitlementSettings>
+
+ <SCIMAuthenticators>
+ <Authenticator class="org.wso2.carbon.identity.scim.provider.auth.BasicAuthHandler">
+ <Property name="Priority">5</Property>
+ </Authenticator>
+ <Authenticator class="org.wso2.carbon.identity.scim.provider.auth.OAuthHandler">
+ <Property name="Priority">10</Property>
+ <Property name="AuthorizationServer">local://services</Property>
+ <!--Property name="AuthorizationServer">https://localhost:9443/services</Property>
+ <Property name="UserName">admin</Property>
+ <Property name="Password">admin</Property-->
+ </Authenticator>
+ </SCIMAuthenticators>
+</Server>
http://git-wip-us.apache.org/repos/asf/stratos/blob/7aadf446/products/stratos/modules/distribution/src/main/conf/security/application-authentication.xml
----------------------------------------------------------------------
diff --git a/products/stratos/modules/distribution/src/main/conf/security/application-authentication.xml b/products/stratos/modules/distribution/src/main/conf/security/application-authentication.xml
new file mode 100644
index 0000000..695711c
--- /dev/null
+++ b/products/stratos/modules/distribution/src/main/conf/security/application-authentication.xml
@@ -0,0 +1,123 @@
+<?xml version="1.0" encoding="ISO-8859-1"?>
+<!-- ~ Copyright (c) 2005-2014, WSO2 Inc. (http://www.wso2.org) All Rights
+ Reserved. ~ ~ WSO2 Inc. licenses this file to you under the Apache License,
+ ~ Version 2.0 (the "License"); you may not use this file except ~ in compliance
+ with the License. ~ You may obtain a copy of the License at ~ ~ http://www.apache.org/licenses/LICENSE-2.0
+ ~ ~ Unless required by applicable law or agreed to in writing, ~ software
+ distributed under the License is distributed on an ~ "AS IS" BASIS, WITHOUT
+ WARRANTIES OR CONDITIONS OF ANY ~ KIND, either express or implied. See the
+ License for the ~ specific language governing permissions and limitations
+ ~ under the License. -->
+
+<ApplicationAuthentication xmlns="http://wso2.org/projects/carbon/application-authentication.xml">
+
+ <JDBCPersistenceManager>
+ <DataSource>
+ <!-- Include a data source name (jndiConfigName) from the set of data
+ sources defined in master-datasources.xml -->
+ <!--Name>jdbc/WSO2_IDP_DB</Name-->
+ <Name>jdbc/WSO2CarbonDB</Name>
+ </DataSource>
+ </JDBCPersistenceManager>
+
+ <!--
+ ProxyMode allows framework to operate in either 'smart' mode
+ or 'dumb' mode.
+ smart = both local and federated authentication is supported
+ dumb = only federated authentication is supported
+ -->
+ <ProxyMode>smart</ProxyMode>
+
+ <!--
+ AuthenticationEndpointURL is location of the web app containing
+ the authentication related pages
+ -->
+ <AuthenticationEndpointURL>/authenticationendpoint/login.do</AuthenticationEndpointURL>
+
+ <!--
+ Extensions allow extending the default behaviour of the authentication
+ process.
+ -->
+ <Extensions>
+ <RequestCoordinator>org.wso2.carbon.identity.application.authentication.framework.handler.request.impl.DefaultRequestCoordinator</RequestCoordinator>
+ <AuthenticationRequestHandler>org.wso2.carbon.identity.application.authentication.framework.handler.request.impl.DefaultAuthenticationRequestHandler</AuthenticationRequestHandler>
+ <LogoutRequestHandler>org.wso2.carbon.identity.application.authentication.framework.handler.request.impl.DefaultLogoutRequestHandler</LogoutRequestHandler>
+ <StepBasedSequenceHandler>org.wso2.carbon.identity.application.authentication.framework.handler.sequence.impl.DefaultStepBasedSequenceHandler</StepBasedSequenceHandler>
+ <RequestPathBasedSequenceHandler>org.wso2.carbon.identity.application.authentication.framework.handler.sequence.impl.DefaultRequestPathBasedSequenceHandler</RequestPathBasedSequenceHandler>
+ <StepHandler>org.wso2.carbon.identity.application.authentication.framework.handler.step.impl.DefaultStepHandler</StepHandler>
+ <HomeRealmDiscoverer>org.wso2.carbon.identity.application.authentication.framework.handler.hrd.impl.DefaultHomeRealmDiscoverer</HomeRealmDiscoverer>
+ <ClaimHandler>org.wso2.carbon.identity.application.authentication.framework.handler.claims.impl.DefaultClaimHandler</ClaimHandler>
+ <ProvisioningHandler>org.wso2.carbon.identity.application.authentication.framework.handler.provisioning.impl.DefaultProvisioningHandler</ProvisioningHandler>
+ </Extensions>
+
+ <!--
+ AuthenticatorNameMappings allow specifying an authenticator
+ against a pre-defined alias (which will be used by other components.
+ E.g. Application Mgt component). This enables the usage of a custom
+ authenticator in place of an authenticator that gets packed with the
+ distribution.
+ -->
+ <AuthenticatorNameMappings>
+ <AuthenticatorNameMapping name="BasicAuthenticator" alias="basic" />
+ <AuthenticatorNameMapping name="OAuthRequestPathAuthenticator" alias="oauth-bearer" />
+ <AuthenticatorNameMapping name="BasicAuthRequestPathAuthenticator" alias="basic-auth" />
+ <AuthenticatorNameMapping name="IWAAuthenticator" alias="iwa" />
+ <AuthenticatorNameMapping name="SAMLSSOAuthenticator" alias="samlsso" />
+ <AuthenticatorNameMapping name="OpenIDConnectAuthenticator" alias="openidconnect" />
+ <AuthenticatorNameMapping name="OpenIDAuthenticator" alias="openid" />
+ <AuthenticatorNameMapping name="PassiveSTSAuthenticator" alias="passive-sts" />
+ </AuthenticatorNameMappings>
+
+ <!--
+ AuthenticatorConfigs allow specifying various configurations needed
+ by the authenticators by using any number of \'Parameter\' elements
+ E.g.
+ <AuthenticatorConfig name="CustomAuthenticator" enabled="true" />
+ <Parameter name="paramName1">paramValue</Parameter>
+ <Parameter name="paramName2">paramValue</Parameter>
+ </AuthenticatorConfig>
+ -->
+ <AuthenticatorConfigs>
+ <AuthenticatorConfig name="BasicAuthenticator" enabled="true" />
+ <AuthenticatorConfig name="OAuthRequestPathAuthenticator" enabled="true" />
+ <AuthenticatorConfig name="BasicAuthRequestPathAuthenticator" enabled="true" />
+ <AuthenticatorConfig name="SAMLSSOAuthenticator" enabled="true">
+ <!--Parameter name="SAMLSSOManager">org.wso2.carbon.identity.application.authenticator.samlsso.manager.DefaultSAMLSSOManager</Parameter-->
+ </AuthenticatorConfig>
+ <AuthenticatorConfig name="OpenIDConnectAuthenticator" enabled="true">
+ <!--Parameter name="IDTokenHandler">org.wso2.carbon.identity.application.authenticator.oidc.DefaultIDTokenHandler</Parameter-->
+ <!--Parameter name="ClaimsRetriever">org.wso2.carbon.identity.application.authenticator.oidc.OIDCUserInfoClaimsRetriever</Parameter-->
+ </AuthenticatorConfig>
+ <AuthenticatorConfig name="OpenIDAuthenticator" enabled="true">
+ <Parameter name="LoginPage">/authenticationendpoint/login.do</Parameter>
+ <Parameter name="TrustStorePath">/repository/resources/security/client-truststore.jks</Parameter>
+ <Parameter name="TrustStorePassword">wso2carbon</Parameter>
+ <!--Parameter name="OpenIDManager">org.wso2.carbon.identity.application.authenticator.openid.manager.DefaultOpenIDManager</Parameter>
+ <Parameter name="AttributesRequestor">org.wso2.carbon.identity.application.authenticator.openid.manager.SampleAttributesRequestor</Parameter-->
+ </AuthenticatorConfig>
+ </AuthenticatorConfigs>
+
+ <!--
+ Sequences allow specifying authentication flows for different
+ registered applications. \'default\' sequence is taken if an
+ application specific sequence doesn't exist in this file or
+ in the Application Mgt module.
+ -->
+ <Sequences>
+ <!-- Default Sequence. This is mandatory -->
+ <Sequence appId="default">
+ <Step order="1">
+ <Authenticator name="BasicAuthenticator"/>
+ </Step>
+ </Sequence>
+ </Sequences>
+
+ <ServiceProvidersManagement>
+ <ApplicationDAO>org.wso2.carbon.identity.application.mgt.dao.impl.ApplicationDAOImpl</ApplicationDAO>
+ <OAuthOIDCClientDAO>org.wso2.carbon.identity.application.mgt.dao.impl.OAuthApplicationDAOImpl</OAuthOIDCClientDAO>
+ <SAMLClientDAO>org.wso2.carbon.identity.application.mgt.dao.impl.SAMLApplicationDAOImpl</SAMLClientDAO>
+ <SystemIDPDAO>org.wso2.carbon.identity.application.mgt.dao.impl.IdentityProviderDAOImpl</SystemIDPDAO>
+ <ClaimDialect>http://wso2.org/claims</ClaimDialect>
+ </ServiceProvidersManagement>
+
+</ApplicationAuthentication>
http://git-wip-us.apache.org/repos/asf/stratos/blob/7aadf446/products/stratos/pom.xml
----------------------------------------------------------------------
diff --git a/products/stratos/pom.xml b/products/stratos/pom.xml
index abb2334..fcc5034 100755
--- a/products/stratos/pom.xml
+++ b/products/stratos/pom.xml
@@ -194,19 +194,19 @@
<version>${stratos.component.version}</version>
</dependency>
<dependency>
- <groupId>org.apache.stratos</groupId>
- <artifactId>org.apache.stratos.tenant.mgt</artifactId>
- <version>${project.version}</version>
+ <groupId>org.wso2.carbon</groupId>
+ <artifactId>org.wso2.carbon.tenant.mgt</artifactId>
+ <version>2.2.2</version>
</dependency>
<dependency>
- <groupId>org.apache.stratos</groupId>
- <artifactId>org.apache.stratos.tenant.mgt.email.sender</artifactId>
- <version>${project.version}</version>
+ <groupId>org.wso2.carbon</groupId>
+ <artifactId>org.wso2.carbon.tenant.mgt.email.sender</artifactId>
+ <version>2.2.0</version>
</dependency>
<dependency>
- <groupId>org.apache.stratos</groupId>
- <artifactId>org.apache.stratos.tenant.mgt.core</artifactId>
- <version>${project.version}</version>
+ <groupId>org.wso2.carbon</groupId>
+ <artifactId>org.wso2.carbon.tenant.mgt.core</artifactId>
+ <version>2.2.0</version>
</dependency>
<dependency>
<groupId>org.wso2.carbon</groupId>
http://git-wip-us.apache.org/repos/asf/stratos/blob/7aadf446/tools/stratos-installer/config/all/repository/conf/identity.xml
----------------------------------------------------------------------
diff --git a/tools/stratos-installer/config/all/repository/conf/identity.xml b/tools/stratos-installer/config/all/repository/conf/identity.xml
new file mode 100755
index 0000000..42bd801
--- /dev/null
+++ b/tools/stratos-installer/config/all/repository/conf/identity.xml
@@ -0,0 +1,245 @@
+<?xml version="1.0" encoding="ISO-8859-1"?>
+<!-- ~ Copyright (c) 2005-2011, WSO2 Inc. (http://www.wso2.org) All Rights
+ Reserved. ~ ~ WSO2 Inc. licenses this file to you under the Apache License,
+ ~ Version 2.0 (the "License"); you may not use this file except ~ in compliance
+ with the License. ~ You may obtain a copy of the License at ~ ~ http://www.apache.org/licenses/LICENSE-2.0
+ ~ ~ Unless required by applicable law or agreed to in writing, ~ software
+ distributed under the License is distributed on an ~ "AS IS" BASIS, WITHOUT
+ WARRANTIES OR CONDITIONS OF ANY ~ KIND, either express or implied. See the
+ License for the ~ specific language governing permissions and limitations
+ ~ under the License. -->
+
+<Server xmlns="http://wso2.org/projects/carbon/carbon.xml">
+
+ <JDBCPersistenceManager>
+ <DataSource>
+ <!-- Include a data source name (jndiConfigName) from the set of data
+ sources defined in master-datasources.xml -->
+ <Name>jdbc/WSO2CarbonDB</Name>
+ </DataSource>
+ <!-- If the identity database is created from another place and if it is
+ required to skip schema initialization during the server start up, set the
+ following property to "true". -->
+ <!-- <SkipDBSchemaCreation>false</SkipDBSchemaCreation> -->
+ </JDBCPersistenceManager>
+
+ <!-- Security configurations -->
+ <Security>
+ <UserTrustedRPStore>
+ <Location>${carbon.home}/repository/resources/security/userRP.jks
+ </Location>
+ <!-- Keystore type (JKS/PKCS12 etc.) -->
+ <Type>JKS</Type>
+ <!-- Keystore password -->
+ <Password>wso2carbon</Password>
+ <!-- Private Key password -->
+ <KeyPassword>wso2carbon</KeyPassword>
+ </UserTrustedRPStore>
+
+ <!-- The directory under which all other KeyStore files will be stored -->
+ <KeyStoresDir>${carbon.home}/conf/keystores</KeyStoresDir>
+ </Security>
+
+ <Identity>
+ <IssuerPolicy>SelfAndManaged</IssuerPolicy>
+ <TokenValidationPolicy>CertValidate</TokenValidationPolicy>
+ <BlackList></BlackList>
+ <WhiteList></WhiteList>
+ <System>
+ <KeyStore></KeyStore>
+ <StorePass></StorePass>
+ </System>
+ </Identity>
+
+ <OpenID>
+ <OpenIDServerUrl>https://localhost:9443/openidserver</OpenIDServerUrl>
+ <OpenIDUserPattern>https://localhost:9443/openid/</OpenIDUserPattern>
+ <!-- If the users must be prompted for approval -->
+ <OpenIDSkipUserConsent>false</OpenIDSkipUserConsent>
+ <!-- Expiry time of the OpenID RememberMe token in minutes -->
+ <OpenIDRememberMeExpiry>7200</OpenIDRememberMeExpiry>
+ <!-- Multifactor Authentication configuration -->
+ <UseMultifactorAuthentication>false</UseMultifactorAuthentication>
+ <!-- To enable or disable openid dumb mode -->
+ <DisableOpenIDDumbMode>false</DisableOpenIDDumbMode>
+ <!-- remember me session timeout in seconds -->
+ <SessionTimeout>36000</SessionTimeout>
+ <!-- skips authentication if valid SAML2 Web SSO browser session available -->
+ <AcceptSAMLSSOLogin>false</AcceptSAMLSSOLogin>
+ <ClaimsRetrieverImplClass>org.wso2.carbon.identity.provider.openid.claims.DefaultClaimsRetriever</ClaimsRetrieverImplClass>
+ </OpenID>
+
+ <OAuth>
+ <RequestTokenUrl>https://localhost:9443/oauth/request-token</RequestTokenUrl>
+ <AccessTokenUrl>https://localhost:9443/oauth/access-token</AccessTokenUrl>
+ <AuthorizeUrl>https://localhost:9443/oauth/authorize-url</AuthorizeUrl>
+ <!-- Default validity period for Authorization Code in seconds -->
+ <AuthorizationCodeDefaultValidityPeriod>300</AuthorizationCodeDefaultValidityPeriod>
+ <!-- Default validity period for user access tokens in seconds -->
+ <AccessTokenDefaultValidityPeriod>3600</AccessTokenDefaultValidityPeriod>
+ <!-- Default validity period for application access tokens in seconds -->
+ <UserAccessTokenDefaultValidityPeriod>3600</UserAccessTokenDefaultValidityPeriod>
+ <!-- Validity period for refresh token -->
+ <RefreshTokenValidityPeriod>84600</RefreshTokenValidityPeriod>
+ <!-- Timestamp skew in seconds -->
+ <TimestampSkew>300</TimestampSkew>
+ <!-- Enable OAuth caching -->
+ <EnableOAuthCache>true</EnableOAuthCache>
+ <!-- Enable renewal of refresh token for refresh_token grant -->
+ <RenewRefreshTokenForRefreshGrant>true</RenewRefreshTokenForRefreshGrant>
+ <!-- Process the token before storing it in database, e.g. encrypting -->
+ <TokenPersistenceProcessor>org.wso2.carbon.identity.oauth.tokenprocessor.PlainTextPersistenceProcessor</TokenPersistenceProcessor>
+ <!-- Supported Client Autnetication Methods -->
+ <ClientAuthHandlers>
+ <ClientAuthHandlerImplClass>org.wso2.carbon.identity.oauth2.token.handlers.clientauth.BasicAuthClientAuthHandler</ClientAuthHandlerImplClass>
+ </ClientAuthHandlers>
+ <!-- Supported Response Types -->
+ <SupportedResponseTypes>
+ <SupportedResponseType>
+ <ResponseTypeName>token</ResponseTypeName>
+ <ResponseTypeHandlerImplClass>org.wso2.carbon.identity.oauth2.authz.handlers.TokenResponseTypeHandler</ResponseTypeHandlerImplClass>
+ </SupportedResponseType>
+ <SupportedResponseType>
+ <ResponseTypeName>code</ResponseTypeName>
+ <ResponseTypeHandlerImplClass>org.wso2.carbon.identity.oauth2.authz.handlers.CodeResponseTypeHandler</ResponseTypeHandlerImplClass>
+ </SupportedResponseType>
+ </SupportedResponseTypes>
+ <!-- Supported Grant Types -->
+ <SupportedGrantTypes>
+ <SupportedGrantType>
+ <GrantTypeName>authorization_code</GrantTypeName>
+ <GrantTypeHandlerImplClass>org.wso2.carbon.identity.oauth2.token.handlers.grant.AuthorizationCodeGrantHandler</GrantTypeHandlerImplClass>
+ </SupportedGrantType>
+ <SupportedGrantType>
+ <GrantTypeName>password</GrantTypeName>
+ <GrantTypeHandlerImplClass>org.wso2.carbon.identity.oauth2.token.handlers.grant.PasswordGrantHandler</GrantTypeHandlerImplClass>
+ </SupportedGrantType>
+ <SupportedGrantType>
+ <GrantTypeName>refresh_token</GrantTypeName>
+ <GrantTypeHandlerImplClass>org.wso2.carbon.identity.oauth2.token.handlers.grant.RefreshGrantHandler</GrantTypeHandlerImplClass>
+ </SupportedGrantType>
+ <SupportedGrantType>
+ <GrantTypeName>client_credentials</GrantTypeName>
+ <!--<GrantTypeHandlerImplClass>org.wso2.carbon.identity.oauth2.token.handlers.grant.ClientCredentialsGrantHandler</GrantTypeHandlerImplClass>-->
+ <GrantTypeHandlerImplClass>org.apache.stratos.custom.handlers.granttype.ClientCredentialsGrantHandler</GrantTypeHandlerImplClass>
+ </SupportedGrantType>
+ <SupportedGrantType>
+ <GrantTypeName>urn:ietf:params:oauth:grant-type:saml2-bearer</GrantTypeName>
+ <GrantTypeHandlerImplClass>org.wso2.carbon.identity.oauth2.token.handlers.grant.saml.SAML2BearerGrantHandler</GrantTypeHandlerImplClass>
+ </SupportedGrantType>
+ <SupportedGrantType>
+ <GrantTypeName>iwa:ntlm</GrantTypeName>
+ <GrantTypeHandlerImplClass>org.wso2.carbon.identity.oauth2.token.handlers.grant.iwa.ntlm.NTLMAuthenticationGrantHandler</GrantTypeHandlerImplClass>
+ </SupportedGrantType>
+ </SupportedGrantTypes>
+ <OAuthCallbackHandlers>
+ <OAuthCallbackHandler Class="org.wso2.carbon.identity.oauth.callback.DefaultCallbackHandler" />
+ </OAuthCallbackHandlers>
+ <!--TokenValidators>
+ <TokenValidator type="bearer" class="org.wso2.carbon.identity.oauth2.validators.DefaultOAuth2TokenValidator"/>
+ </TokenValidators-->
+ <!-- Assertions can be used to embedd parameters into access token. -->
+ <EnableAssertions>
+ <UserName>false</UserName>
+ </EnableAssertions>
+
+ <!-- This should be set to true when using multiple user stores and keys
+ should saved into different tables according to the user store. By default
+ all the application keys are saved in to the same table. UserName Assertion
+ should be 'true' to use this. -->
+ <EnableAccessTokenPartitioning>false</EnableAccessTokenPartitioning>
+ <!-- user store domain names and mapping to new table name. eg: if you
+ provide 'A:foo.com', foo.com should be the user store domain name and 'A'
+ represent the relavant mapping of token store table, i.e. tokens will be
+ added to a table called IDN_OAUTH2_ACCESS_TOKEN_A. -->
+ <AccessTokenPartitioningDomains><!-- A:foo.com, B:bar.com -->
+ </AccessTokenPartitioningDomains>
+ <AuthorizationContextTokenGeneration>
+ <Enabled>false</Enabled>
+ <TokenGeneratorImplClass>org.wso2.carbon.identity.oauth2.authcontext.JWTTokenGenerator</TokenGeneratorImplClass>
+ <ClaimsRetrieverImplClass>org.wso2.carbon.identity.oauth2.authcontext.DefaultClaimsRetriever</ClaimsRetrieverImplClass>
+ <ConsumerDialectURI>http://wso2.org/claims</ConsumerDialectURI>
+ <SignatureAlgorithm>SHA256withRSA</SignatureAlgorithm>
+ <AuthorizationContextTTL>15</AuthorizationContextTTL>
+ </AuthorizationContextTokenGeneration>
+ <SAML2Grant>
+ <!--SAML2TokenHandler></SAML2TokenHandler-->
+ </SAML2Grant>
+ <OpenIDConnect>
+ <IDTokenBuilder>org.wso2.carbon.identity.openidconnect.DefaultIDTokenBuilder</IDTokenBuilder>
+ <IDTokenIssuerID>https://localhost:9443/oauth2endpoints/token</IDTokenIssuerID>
+ <IDTokenSubjectClaim>http://wso2.org/claims/givenname</IDTokenSubjectClaim>
+ <IDTokenCustomClaimsCallBackHandler>org.wso2.carbon.identity.openidconnect.SAMLAssertionClaimsCallback</IDTokenCustomClaimsCallBackHandler>
+ <IDTokenExpiration>3600</IDTokenExpiration>
+ <UserInfoEndpointClaimDialect>http://wso2.org/claims</UserInfoEndpointClaimDialect>
+ <UserInfoEndpointClaimRetriever>org.wso2.carbon.identity.oauth.endpoint.user.impl.UserInfoUserStoreClaimRetriever</UserInfoEndpointClaimRetriever>
+ <UserInfoEndpointRequestValidator>org.wso2.carbon.identity.oauth.endpoint.user.impl.UserInforRequestDefaultValidator</UserInfoEndpointRequestValidator>
+ <UserInfoEndpointAccessTokenValidator>org.wso2.carbon.identity.oauth.endpoint.user.impl.UserInfoISAccessTokenValidator</UserInfoEndpointAccessTokenValidator>
+ <UserInfoEndpointResponseBuilder>org.wso2.carbon.identity.oauth.endpoint.user.impl.UserInfoJSONResponseBuilder</UserInfoEndpointResponseBuilder>
+ <SkipUserConsent>false</SkipUserConsent>
+ </OpenIDConnect>
+ </OAuth>
+
+
+ <MultifactorAuthentication>
+ <XMPPSettings>
+ <XMPPConfig>
+ <XMPPProvider>gtalk</XMPPProvider>
+ <XMPPServer>talk.google.com</XMPPServer>
+ <XMPPPort>5222</XMPPPort>
+ <XMPPExt>gmail.com</XMPPExt>
+ <XMPPUserName>multifactor1@gmail.com</XMPPUserName>
+ <XMPPPassword>wso2carbon</XMPPPassword>
+ </XMPPConfig>
+ </XMPPSettings>
+ </MultifactorAuthentication>
+
+ <SSOService>
+ <IdentityProviderURL>https://localhost:9443/samlsso</IdentityProviderURL>
+ <SingleLogoutRetryCount>5</SingleLogoutRetryCount>
+ <SingleLogoutRetryInterval>60000</SingleLogoutRetryInterval> <!-- in milli seconds -->
+ <TenantPartitioningEnabled>false</TenantPartitioningEnabled>
+ <SessionTimeout>36000</SessionTimeout> <!-- remember me session timeout in seconds -->
+ <!-- skips authentication if valid SAML2 Web SSO browser session available -->
+ <AttributeStatementBuilder>org.wso2.carbon.identity.sso.saml.attributes.UserAttributeStatementBuilder</AttributeStatementBuilder>
+ <AttributesClaimDialect>http://wso2.org/claims</AttributesClaimDialect>
+ <AcceptOpenIDLogin>false</AcceptOpenIDLogin>
+ <ClaimsRetrieverImplClass>org.wso2.carbon.identity.sso.saml.builders.claims.DefaultClaimsRetriever</ClaimsRetrieverImplClass>
+ <!-- SAML Token validity period in minutes -->
+ <SAMLResponseValidityPeriod>5</SAMLResponseValidityPeriod>
+ </SSOService>
+
+ <EntitlementSettings>
+ <!-- Uncomment this to enable on-demand policy loading -->
+ <!--OnDemandPolicyLoading> <Enable>true</Enable> <MaxInMemoryPolicies>100</MaxInMemoryPolicies>
+ </OnDemandPolicyLoading -->
+ <DecisionCaching>
+ <Enable>true</Enable>
+ <CachingInterval>36000</CachingInterval>
+ </DecisionCaching>
+ <AttributeCaching>
+ <Enable>true</Enable>
+ </AttributeCaching>
+ <ThirftBasedEntitlementConfig>
+ <EnableThriftService>true</EnableThriftService>
+ <ReceivePort>${Ports.ThriftEntitlementReceivePort}</ReceivePort>
+ <ClientTimeout>10000</ClientTimeout>
+ <KeyStore>
+ <Location>${carbon.home}/repository/resources/security/wso2carbon.jks</Location>
+ <Password>wso2carbon</Password>
+ </KeyStore>
+ </ThirftBasedEntitlementConfig>
+ </EntitlementSettings>
+ <SCIMAuthenticators>
+ <Authenticator class="org.wso2.carbon.identity.scim.provider.auth.BasicAuthHandler">
+ <Property name="Priority">5</Property>
+ </Authenticator>
+ <Authenticator class="org.wso2.carbon.identity.scim.provider.auth.OAuthHandler">
+ <Property name="Priority">10</Property>
+ <Property name="AuthorizationServer">local://services</Property>
+ <!--Property name="AuthorizationServer">https://localhost:9443/services</Property>
+ <Property name="UserName">admin</Property>
+ <Property name="Password">admin</Property-->
+ </Authenticator>
+ </SCIMAuthenticators>
+</Server>
http://git-wip-us.apache.org/repos/asf/stratos/blob/7aadf446/tools/stratos-installer/config/all/repository/conf/security/application-authentication.xml
----------------------------------------------------------------------
diff --git a/tools/stratos-installer/config/all/repository/conf/security/application-authentication.xml b/tools/stratos-installer/config/all/repository/conf/security/application-authentication.xml
new file mode 100644
index 0000000..695711c
--- /dev/null
+++ b/tools/stratos-installer/config/all/repository/conf/security/application-authentication.xml
@@ -0,0 +1,123 @@
+<?xml version="1.0" encoding="ISO-8859-1"?>
+<!-- ~ Copyright (c) 2005-2014, WSO2 Inc. (http://www.wso2.org) All Rights
+ Reserved. ~ ~ WSO2 Inc. licenses this file to you under the Apache License,
+ ~ Version 2.0 (the "License"); you may not use this file except ~ in compliance
+ with the License. ~ You may obtain a copy of the License at ~ ~ http://www.apache.org/licenses/LICENSE-2.0
+ ~ ~ Unless required by applicable law or agreed to in writing, ~ software
+ distributed under the License is distributed on an ~ "AS IS" BASIS, WITHOUT
+ WARRANTIES OR CONDITIONS OF ANY ~ KIND, either express or implied. See the
+ License for the ~ specific language governing permissions and limitations
+ ~ under the License. -->
+
+<ApplicationAuthentication xmlns="http://wso2.org/projects/carbon/application-authentication.xml">
+
+ <JDBCPersistenceManager>
+ <DataSource>
+ <!-- Include a data source name (jndiConfigName) from the set of data
+ sources defined in master-datasources.xml -->
+ <!--Name>jdbc/WSO2_IDP_DB</Name-->
+ <Name>jdbc/WSO2CarbonDB</Name>
+ </DataSource>
+ </JDBCPersistenceManager>
+
+ <!--
+ ProxyMode allows framework to operate in either 'smart' mode
+ or 'dumb' mode.
+ smart = both local and federated authentication is supported
+ dumb = only federated authentication is supported
+ -->
+ <ProxyMode>smart</ProxyMode>
+
+ <!--
+ AuthenticationEndpointURL is location of the web app containing
+ the authentication related pages
+ -->
+ <AuthenticationEndpointURL>/authenticationendpoint/login.do</AuthenticationEndpointURL>
+
+ <!--
+ Extensions allow extending the default behaviour of the authentication
+ process.
+ -->
+ <Extensions>
+ <RequestCoordinator>org.wso2.carbon.identity.application.authentication.framework.handler.request.impl.DefaultRequestCoordinator</RequestCoordinator>
+ <AuthenticationRequestHandler>org.wso2.carbon.identity.application.authentication.framework.handler.request.impl.DefaultAuthenticationRequestHandler</AuthenticationRequestHandler>
+ <LogoutRequestHandler>org.wso2.carbon.identity.application.authentication.framework.handler.request.impl.DefaultLogoutRequestHandler</LogoutRequestHandler>
+ <StepBasedSequenceHandler>org.wso2.carbon.identity.application.authentication.framework.handler.sequence.impl.DefaultStepBasedSequenceHandler</StepBasedSequenceHandler>
+ <RequestPathBasedSequenceHandler>org.wso2.carbon.identity.application.authentication.framework.handler.sequence.impl.DefaultRequestPathBasedSequenceHandler</RequestPathBasedSequenceHandler>
+ <StepHandler>org.wso2.carbon.identity.application.authentication.framework.handler.step.impl.DefaultStepHandler</StepHandler>
+ <HomeRealmDiscoverer>org.wso2.carbon.identity.application.authentication.framework.handler.hrd.impl.DefaultHomeRealmDiscoverer</HomeRealmDiscoverer>
+ <ClaimHandler>org.wso2.carbon.identity.application.authentication.framework.handler.claims.impl.DefaultClaimHandler</ClaimHandler>
+ <ProvisioningHandler>org.wso2.carbon.identity.application.authentication.framework.handler.provisioning.impl.DefaultProvisioningHandler</ProvisioningHandler>
+ </Extensions>
+
+ <!--
+ AuthenticatorNameMappings allow specifying an authenticator
+ against a pre-defined alias (which will be used by other components.
+ E.g. Application Mgt component). This enables the usage of a custom
+ authenticator in place of an authenticator that gets packed with the
+ distribution.
+ -->
+ <AuthenticatorNameMappings>
+ <AuthenticatorNameMapping name="BasicAuthenticator" alias="basic" />
+ <AuthenticatorNameMapping name="OAuthRequestPathAuthenticator" alias="oauth-bearer" />
+ <AuthenticatorNameMapping name="BasicAuthRequestPathAuthenticator" alias="basic-auth" />
+ <AuthenticatorNameMapping name="IWAAuthenticator" alias="iwa" />
+ <AuthenticatorNameMapping name="SAMLSSOAuthenticator" alias="samlsso" />
+ <AuthenticatorNameMapping name="OpenIDConnectAuthenticator" alias="openidconnect" />
+ <AuthenticatorNameMapping name="OpenIDAuthenticator" alias="openid" />
+ <AuthenticatorNameMapping name="PassiveSTSAuthenticator" alias="passive-sts" />
+ </AuthenticatorNameMappings>
+
+ <!--
+ AuthenticatorConfigs allow specifying various configurations needed
+ by the authenticators by using any number of \'Parameter\' elements
+ E.g.
+ <AuthenticatorConfig name="CustomAuthenticator" enabled="true" />
+ <Parameter name="paramName1">paramValue</Parameter>
+ <Parameter name="paramName2">paramValue</Parameter>
+ </AuthenticatorConfig>
+ -->
+ <AuthenticatorConfigs>
+ <AuthenticatorConfig name="BasicAuthenticator" enabled="true" />
+ <AuthenticatorConfig name="OAuthRequestPathAuthenticator" enabled="true" />
+ <AuthenticatorConfig name="BasicAuthRequestPathAuthenticator" enabled="true" />
+ <AuthenticatorConfig name="SAMLSSOAuthenticator" enabled="true">
+ <!--Parameter name="SAMLSSOManager">org.wso2.carbon.identity.application.authenticator.samlsso.manager.DefaultSAMLSSOManager</Parameter-->
+ </AuthenticatorConfig>
+ <AuthenticatorConfig name="OpenIDConnectAuthenticator" enabled="true">
+ <!--Parameter name="IDTokenHandler">org.wso2.carbon.identity.application.authenticator.oidc.DefaultIDTokenHandler</Parameter-->
+ <!--Parameter name="ClaimsRetriever">org.wso2.carbon.identity.application.authenticator.oidc.OIDCUserInfoClaimsRetriever</Parameter-->
+ </AuthenticatorConfig>
+ <AuthenticatorConfig name="OpenIDAuthenticator" enabled="true">
+ <Parameter name="LoginPage">/authenticationendpoint/login.do</Parameter>
+ <Parameter name="TrustStorePath">/repository/resources/security/client-truststore.jks</Parameter>
+ <Parameter name="TrustStorePassword">wso2carbon</Parameter>
+ <!--Parameter name="OpenIDManager">org.wso2.carbon.identity.application.authenticator.openid.manager.DefaultOpenIDManager</Parameter>
+ <Parameter name="AttributesRequestor">org.wso2.carbon.identity.application.authenticator.openid.manager.SampleAttributesRequestor</Parameter-->
+ </AuthenticatorConfig>
+ </AuthenticatorConfigs>
+
+ <!--
+ Sequences allow specifying authentication flows for different
+ registered applications. \'default\' sequence is taken if an
+ application specific sequence doesn't exist in this file or
+ in the Application Mgt module.
+ -->
+ <Sequences>
+ <!-- Default Sequence. This is mandatory -->
+ <Sequence appId="default">
+ <Step order="1">
+ <Authenticator name="BasicAuthenticator"/>
+ </Step>
+ </Sequence>
+ </Sequences>
+
+ <ServiceProvidersManagement>
+ <ApplicationDAO>org.wso2.carbon.identity.application.mgt.dao.impl.ApplicationDAOImpl</ApplicationDAO>
+ <OAuthOIDCClientDAO>org.wso2.carbon.identity.application.mgt.dao.impl.OAuthApplicationDAOImpl</OAuthOIDCClientDAO>
+ <SAMLClientDAO>org.wso2.carbon.identity.application.mgt.dao.impl.SAMLApplicationDAOImpl</SAMLClientDAO>
+ <SystemIDPDAO>org.wso2.carbon.identity.application.mgt.dao.impl.IdentityProviderDAOImpl</SystemIDPDAO>
+ <ClaimDialect>http://wso2.org/claims</ClaimDialect>
+ </ServiceProvidersManagement>
+
+</ApplicationAuthentication>
http://git-wip-us.apache.org/repos/asf/stratos/blob/7aadf446/tools/stratos-installer/setup.sh
----------------------------------------------------------------------
diff --git a/tools/stratos-installer/setup.sh b/tools/stratos-installer/setup.sh
index ae88b32..39ddf29 100755
--- a/tools/stratos-installer/setup.sh
+++ b/tools/stratos-installer/setup.sh
@@ -436,10 +436,14 @@ function sm_setup() {
pushd $resource_path
${SED} -i "s@USERSTORE_DB_SCHEMA@$userstore_db_schema@g" mysql.sql
+ ${SED} -i "s@USERSTORE_DB_SCHEMA@$userstore_db_schema@g" security-mysql.sql
+ ${SED} -i "s@USERSTORE_DB_SCHEMA@$userstore_db_schema@g" application-mysql.sql
popd
mysql -u$userstore_db_user -p$userstore_db_pass < $resource_path/mysql.sql
+ mysql -u$userstore_db_user -p$userstore_db_pass < $resource_path/security-mysql.sql
+ mysql -u$userstore_db_user -p$userstore_db_pass < $resource_path/application-mysql.sql
echo "End configuring the SM"
}
@@ -629,6 +633,9 @@ mv -f ./hosts.tmp /etc/hosts
echo 'Changing owner of '$stratos_path' to '$host_user:$host_user
chown -R $host_user:$host_user $stratos_path
+cp -f ./config/all/repository/conf/identity.xml $stratos_extract_path/repository/conf/
+cp -f ./config/all/repository/conf/security/application-authentication.xml $stratos_extract_path/repository/conf/security/
+
echo "Apache Stratos configuration completed successfully"
if [[ $auto_start_servers != "true" ]]; then
[6/6] stratos git commit: add oAuth war s to product
Posted by ud...@apache.org.
add oAuth war s to product
Project: http://git-wip-us.apache.org/repos/asf/stratos/repo
Commit: http://git-wip-us.apache.org/repos/asf/stratos/commit/61b1d31a
Tree: http://git-wip-us.apache.org/repos/asf/stratos/tree/61b1d31a
Diff: http://git-wip-us.apache.org/repos/asf/stratos/diff/61b1d31a
Branch: refs/heads/master
Commit: 61b1d31a8c4aa427c1cf1acdfa35bf60f31c35e8
Parents: c065160
Author: Udara Liyanage <ud...@wso2.com>
Authored: Thu Dec 4 13:36:54 2014 +0530
Committer: Udara Liyanage <ud...@wso2.com>
Committed: Fri Dec 5 19:31:33 2014 +0530
----------------------------------------------------------------------
.../stratos/modules/distribution/src/assembly/bin.xml | 11 +++++++++++
1 file changed, 11 insertions(+)
----------------------------------------------------------------------
http://git-wip-us.apache.org/repos/asf/stratos/blob/61b1d31a/products/stratos/modules/distribution/src/assembly/bin.xml
----------------------------------------------------------------------
diff --git a/products/stratos/modules/distribution/src/assembly/bin.xml b/products/stratos/modules/distribution/src/assembly/bin.xml
index 26bc3dc..a9ce001 100755
--- a/products/stratos/modules/distribution/src/assembly/bin.xml
+++ b/products/stratos/modules/distribution/src/assembly/bin.xml
@@ -929,6 +929,17 @@
<outputDirectory>${pom.artifactId}-${pom.version}/repository/deployment/server/webapps/</outputDirectory>
<fileMode>644</fileMode>
</file>
+ <!--oauth2.war and authenticationendpoint.war is related to oAuth feature -->
+ <file>
+ <source>../p2-profile-gen/target/wso2carbon-core-${carbon.kernel.version}/repository/deployment/server/webapps/oauth2.war</source>
+ <outputDirectory>${pom.artifactId}-${pom.version}/repository/deployment/server/webapps/</outputDirectory>
+ <fileMode>644</fileMode>
+ </file>
+ <file>
+ <source>../p2-profile-gen/target/wso2carbon-core-${carbon.kernel.version}/repository/deployment/server/webapps/authenticationendpoint.war</source>
+ <outputDirectory>${pom.artifactId}-${pom.version}/repository/deployment/server/webapps/</outputDirectory>
+ <fileMode>644</fileMode>
+ </file>
<!-- End of REST endpoint webapp -->
<!-- Meta data service webapp -->