Skip to content

Commit

Permalink
feat: publish Lock message on id_token issue/revoke (#7271)
Browse files Browse the repository at this point in the history 
* chore: move token entry to core-service to allow reuse

Signed-off-by: Yuriy Movchan <Yuriy.Movchan@gmail.com>

* chore: remove unused reference and method

Signed-off-by: Yuriy Movchan <Yuriy.Movchan@gmail.com>

* feat: publish Lock message on id_token issue/revoke #7244

Signed-off-by: Yuriy Movchan <Yuriy.Movchan@gmail.com>

* feat: publish Lock message on id_token issue/revoke #7244

Signed-off-by: Yuriy Movchan <Yuriy.Movchan@gmail.com>

---------

Signed-off-by: Yuriy Movchan <Yuriy.Movchan@gmail.com>
  • Loading branch information
@yurem
yurem committed Jan 5, 2024
1 parent 8b5a9ab commit 7963dce
Show file tree
Hide file tree
Showing 11 changed files with 115 additions and 21 deletions.
30 changes: 18 additions & 12 deletions jans-auth-server/server/src/main/java/io/jans/as/server/service/GrantService.java
View file
Original file line number Diff line number Diff line change
Expand Up @@ -6,7 +6,18 @@

package io.jans.as.server.service;

import static org.apache.commons.lang.BooleanUtils.isTrue;

import java.util.ArrayList;
import java.util.Collections;
import java.util.List;
import java.util.UUID;

import org.apache.commons.lang.StringUtils;
import org.slf4j.Logger;

import com.google.common.collect.Lists;

import io.jans.as.model.config.StaticConfiguration;
import io.jans.as.model.configuration.AppConfiguration;
import io.jans.as.model.configuration.LockMessageConfig;
Expand All @@ -24,15 +35,6 @@
import jakarta.ejb.Stateless;
import jakarta.inject.Inject;
import jakarta.inject.Named;
import org.apache.commons.lang.StringUtils;
import org.slf4j.Logger;

import java.util.ArrayList;
import java.util.Collections;
import java.util.List;
import java.util.UUID;

import static org.apache.commons.lang.BooleanUtils.isTrue;

/**
* @author Yuriy Zabrovarnyy
Expand Down Expand Up @@ -94,14 +96,18 @@ public void mergeSilently(TokenEntity token) {
public void persist(TokenEntity token) {
persistenceEntryManager.persist(token);

publishIdTokenLockMessage(token, "add");
if (TokenType.ID_TOKEN.equals(token.getTokenType())) {
publishIdTokenLockMessage(token, "add");
}
}

public void remove(TokenEntity token) {
persistenceEntryManager.remove(token);
log.trace("Removed token from LDAP, code: {}", token.getTokenCode());

publishIdTokenLockMessage(token, "del");
if (TokenType.ID_TOKEN.equals(token.getTokenType())) {
publishIdTokenLockMessage(token, "del");
}
}

protected void publishIdTokenLockMessage(TokenEntity token, String opearation) {
Expand All @@ -111,7 +117,7 @@ protected void publishIdTokenLockMessage(TokenEntity token, String opearation) {
}

if (Boolean.TRUE.equals(lockMessageConfig.getEnableIdTokenMessages()) && StringHelper.isNotEmpty(lockMessageConfig.getIdTokenMessagesChannel())) {
String jsonMessage = String.format("{\"tknTyp\" : %s, \"tknCde\" : %s, \"tknOp\" : %s}", token.getTokenType(), token.getTokenCode(), opearation);
String jsonMessage = String.format("{\"tknTyp\" : \"%s\", \"tknCde\" : \"%s\", \"tknOp\" : \"%s\"}", token.getTokenType(), token.getTokenCode(), opearation);
messageService.publish(lockMessageConfig.getIdTokenMessagesChannel(), jsonMessage);
}
}
Expand Down
3 changes: 2 additions & 1 deletion ...-core/message/src/main/java/io/jans/service/message/provider/PostgresMessageProvider.java
View file
Original file line number Diff line number Diff line change
Expand Up @@ -6,6 +6,7 @@

package io.jans.service.message.provider;

import java.nio.charset.StandardCharsets;
import java.sql.Connection;
import java.sql.SQLException;
import java.sql.Statement;
Expand Down Expand Up @@ -297,7 +298,7 @@ public void run() {

if (notifications != null) {
for (int i = 0; i < notifications.length; i++) {
pubSub.onMessage(notifications[i].getName(), notifications[i].getParameter());
pubSub.onMessage(notifications[i].getName(), new String(Base64.decodeBase64(notifications[i].getParameter()), StandardCharsets.UTF_8));
}
}

Expand Down
4 changes: 4 additions & 0 deletions jans-linux-setup/jans_setup/templates/jans-auth/jans-auth-config.json
View file
Original file line number Diff line number Diff line change
Expand Up @@ -528,5 +528,9 @@
"blockWebviewAuthorizationEnabled": false,
"dateFormatterPatterns": {
"birthdate": "yyyy-MM-dd"
},
"lockMessageConfig": {
"enableIdTokenMessages" : false,
"idTokenMessagesChannel": "id_token"
}
}
4 changes: 2 additions & 2 deletions jans-linux-setup/jans_setup/templates/jans-lock/dynamic-conf.json
View file
Original file line number Diff line number Diff line change
Expand Up @@ -21,6 +21,6 @@
"opaConfiguration": {
"baseUrl" : "http://localhost:8181/v1/"
},
"messageConsumerType": "DISABLED",
"policyDecisionPointType": "DISABLED"
"messageConsumerType": "OPA",
"policyDecisionPointType": "OPA"
}
1 change: 1 addition & 0 deletions jans-linux-setup/jans_setup/templates/jans-lock/static-conf.json
View file
Original file line number Diff line number Diff line change
Expand Up @@ -4,6 +4,7 @@
"people":"ou=people,o=jans",
"scripts": "ou=scripts,o=jans",
"attributes":"ou=attributes,o=jans",
"tokens":"ou=tokens,o=jans",
"sessions":"ou=sessions,o=jans",
"metric":"ou=statistic,o=metric"
}
Expand Down
10 changes: 10 additions & 0 deletions jans-lock/service/src/main/java/io/jans/lock/model/config/BaseDnConfiguration.java
View file
Original file line number Diff line number Diff line change
Expand Up @@ -9,6 +9,7 @@
import com.fasterxml.jackson.annotation.JsonIgnoreProperties;

import jakarta.enterprise.inject.Vetoed;
import jakarta.xml.bind.annotation.XmlElement;

/**
*
Expand All @@ -22,6 +23,7 @@ public class BaseDnConfiguration {
private String people;
private String attributes;
private String sessions;
private String tokens;
private String scripts;
private String metric;

Expand Down Expand Up @@ -49,6 +51,14 @@ public void setSessions(String sessions) {
this.sessions = sessions;
}

public String getTokens() {
return tokens;
}

public void setTokens(String tokens) {
this.tokens = tokens;
}

public String getScripts() {
return scripts;
}
Expand Down
48 changes: 48 additions & 0 deletions jans-lock/service/src/main/java/io/jans/lock/service/TokenService.java
View file
Original file line number Diff line number Diff line change
@@ -0,0 +1,48 @@
/*
* Janssen Project software is available under the Apache License (2004). See http://www.apache.org/licenses/ for full text.
*
* Copyright (c) 2020, Janssen Project
*/

package io.jans.lock.service;

import org.slf4j.Logger;

import io.jans.lock.model.config.StaticConfiguration;
import io.jans.model.token.TokenEntity;
import io.jans.orm.PersistenceEntryManager;
import jakarta.enterprise.context.ApplicationScoped;
import jakarta.inject.Inject;

/**
*
* Token service
*
* @author Yuriy Movchan Date: 01/05/2024
*/
@ApplicationScoped
public class TokenService {

@Inject
private Logger log;

@Inject
private PersistenceEntryManager persistenceEntryManager;

@Inject
private StaticConfiguration staticConfiguration;

public String buildDn(String hashedToken) {
return String.format("tknCde=%s,", hashedToken) + tokenBaseDn();
}

private String tokenBaseDn() {
return staticConfiguration.getBaseDn().getTokens(); // ou=tokens,o=jans
}

public TokenEntity findToken(String tokenCode) {
String tokenDn = buildDn(tokenCode);
return persistenceEntryManager.find(TokenEntity.class, tokenDn);
}

}
3 changes: 2 additions & 1 deletion ...k/service/src/main/java/io/jans/lock/service/consumer/message/MessageConsumerFactory.java
View file
Original file line number Diff line number Diff line change
Expand Up @@ -70,8 +70,9 @@ private void recreateMessageConsumer() {
// Force to create new bean
for (MessageConsumer messageConsumer : messageConsumerProviderInstances) {
messageConsumerProviderInstances.destroy(messageConsumer);
log.info("Recreated messageConsumer instance '{}'", messageConsumer);
log.info("Destroyed messageConsumer instance '{}'", messageConsumer);
}
produceMessageConsumer();
}

@Produces
Expand Down
13 changes: 11 additions & 2 deletions ...k/service/src/main/java/io/jans/lock/service/consumer/message/opa/OpaMessageConsumer.java
View file
Original file line number Diff line number Diff line change
Expand Up @@ -15,8 +15,10 @@
import com.fasterxml.jackson.databind.node.ObjectNode;

import io.jans.lock.model.config.AppConfiguration;
import io.jans.lock.service.TokenService;
import io.jans.lock.service.external.ExternalLockService;
import io.jans.lock.service.external.context.ExternalLockContext;
import io.jans.model.token.TokenEntity;
import io.jans.service.cdi.async.Asynchronous;
import io.jans.service.cdi.qualifier.Implementation;
import io.jans.service.message.consumer.MessageConsumer;
Expand Down Expand Up @@ -48,6 +50,9 @@ public class OpaMessageConsumer extends MessageConsumer {

@Inject
private BaseHttpService httpService;

@Inject
private TokenService tokenService;

private ObjectMapper objectMapper;

Expand Down Expand Up @@ -103,6 +108,12 @@ public String getMessageConsumerType() {
private boolean putData(JsonNode messageNode) {
ExternalLockContext lockContext = new ExternalLockContext();

String tknTyp = messageNode.get("tknTyp").asText();
String tknCde = messageNode.get("tknCde").asText();

TokenEntity tokenEntity = tokenService.findToken(tknCde);
log.debug("Token {} loaded successfully", tokenEntity);

/*
* Data: {token_entry_as_json}
*/
Expand All @@ -117,8 +128,6 @@ private boolean putData(JsonNode messageNode) {
}

// Send rest request to OPA
String tknTyp = messageNode.get("tknTyp").asText();
String tknCde = messageNode.get("tknCde").asText();

String baseUrl = appConfiguration.getOpaConfiguration().getBaseUrl();

Expand Down
4 changes: 3 additions & 1 deletion ...ock/service/src/main/java/io/jans/lock/service/consumer/policy/PolicyConsumerFactory.java
View file
Original file line number Diff line number Diff line change
Expand Up @@ -58,8 +58,10 @@ private void recreatePolicyConsumer() {
// Force to create new bean
for (PolicyConsumer policyConsumer : policyConsumerProviderInstances) {
policyConsumerProviderInstances.destroy(policyConsumer);
log.info("Recreated policyConsumer instance '{}'", policyConsumer);
log.info("Destroyed policyConsumer instance '{}'", policyConsumer);
}

producePolicyConsumer();
}

@Produces
Expand Down
16 changes: 14 additions & 2 deletions ...lock/service/src/main/java/io/jans/lock/service/external/context/ExternalLockContext.java
View file
Original file line number Diff line number Diff line change
@@ -1,6 +1,7 @@
package io.jans.lock.service.external.context;

import io.jans.model.custom.script.conf.CustomScriptConfiguration;
import io.jans.model.token.TokenEntity;

/**
* External lock context
Expand All @@ -10,6 +11,9 @@
public class ExternalLockContext {

private CustomScriptConfiguration script;

private TokenEntity tokenEntity;

private boolean cancelPdpOperation;
private boolean cancelNextScriptOperation;

Expand All @@ -26,6 +30,14 @@ public void setScript(CustomScriptConfiguration script) {
this.script = script;
}

public TokenEntity getTokenEntity() {
return tokenEntity;
}

public void setTokenEntity(TokenEntity tokenEntity) {
this.tokenEntity = tokenEntity;
}

public boolean isCancelPdpOperation() {
return cancelPdpOperation;
}
Expand All @@ -44,8 +56,8 @@ public void setCancelNextScriptOperation(boolean cancelNextScriptOperation) {

@Override
public String toString() {
return "ExternalLockContext [script=" + script + ", cancelPdpOperation=" + cancelPdpOperation
+ ", cancelNextScriptOperation=" + cancelNextScriptOperation + "]";
return "ExternalLockContext [script=" + script + ", tokenEntity=" + tokenEntity + ", cancelPdpOperation="
+ cancelPdpOperation + ", cancelNextScriptOperation=" + cancelNextScriptOperation + "]";
}

}

0 comments on commit 7963dce

Please sign in to comment.