Add SSO feature for Store application #4316
Conversation
| @@ -124,7 +124,7 @@ private static void executeSQL(String sql, Connection connection) { | |||
|
|
|||
| String q = "select index_name,index_type,status,domidx_status,domidx_opstatus from user_indexes " | |||
| + "where index_type like '%DOMAIN%' and (domidx_status <> 'VALID' or domidx_opstatus <> 'VALID')"; | |||
| try (Statement statement = connection.createStatement(); ResultSet rs = statement.executeQuery(q);) { | |||
| try (Statement statement = connection.createStatement(); ResultSet rs = statement.executeQuery(q)) { | |||
| while (rs.next()) { | |||
| if (rs.getString("index_name").equals("API_INDEX")) { // re build index if it has failed. | |||
There was a problem hiding this comment.
Do the equals other way around to avoid null pointer exception. i.e "API_INDEX".equals(rs.getString("index_name")). Check equals operations in other places as well.
| return true; | ||
| } | ||
| return false; | ||
| return hostname.equals("localhost"); |
There was a problem hiding this comment.
the equals should be otherway around "localhost".equals(hostname)
| if (configProvider != null) { | ||
| config = configProvider.getConfigurationObject(APIMStoreConfigurations.class); | ||
| } else { | ||
| log.error("Configuration provider is null"); |
There was a problem hiding this comment.
Because configiProvider null means config is becoming null which you then set the default configurationss
There was a problem hiding this comment.
Here configProvider is getting null due to an osgi error.
Default configurations has set in line 61.
| log.debug("Received consumer key & secret for " + appName + " application."); | ||
| } | ||
| try { | ||
| if (grantType.equals(KeyManagerConstants.AUTHORIZATION_CODE_GRANT_TYPE)) { |
| String errorMsg = "No Authorization Code available."; | ||
| log.error(errorMsg, ExceptionCodes.ACCESS_TOKEN_GENERATION_FAILED); | ||
| } | ||
| } else if (grantType.equals(KeyManagerConstants.PASSWORD_GRANT_TYPE)) { |
| .createAccessTokenRequest(userName, password, grantType, refreshToken, | ||
| null, validityPeriod, scopes, | ||
| consumerKeySecretMap.get("CONSUMER_KEY"), consumerKeySecretMap.get("CONSUMER_SECRET")); | ||
| accessTokenInfo = getKeyManager().getNewAccessToken(accessTokenRequest); |
There was a problem hiding this comment.
since we dont have a else statement is there any possibility that it can effect the follow because accessTokenInfo is getting null?
There was a problem hiding this comment.
When accessTokenInfo is null, it will be handled when calling getTokens() method at AuthenticatorAPI class.
| * Represents Payload of JWT. | ||
| */ | ||
| private class JWTTokenPayload { | ||
| private String sub; |
There was a problem hiding this comment.
Github issue created at,
#4324 [C5][Authenticator] Handle JWT
| // for the oAuthAppRequest constructor argument. | ||
| // This value is not related to DCR application creation. | ||
| OAuthAppRequest oAuthAppRequest = new OAuthAppRequest(clientName, | ||
| callBackURL, "Application", grantTypes); |
| oAuthData.addProperty(KeyManagerConstants.TOKEN_SCOPES, scopes); | ||
| oAuthData.addProperty(KeyManagerConstants.AUTHORIZATION_ENDPOINT, | ||
| storeConfigs.getAuthorizationEndpoint()); | ||
| oAuthData.addProperty("is_sso_enabled", storeConfigs.isSsoEnabled()); |
There was a problem hiding this comment.
can we move this ti a constant?
| storeConfigs.getAuthorizationEndpoint()); | ||
| oAuthData.addProperty("is_sso_enabled", storeConfigs.isSsoEnabled()); | ||
| } else { | ||
| String errorMsg = "No information available in OAuth application."; |
There was a problem hiding this comment.
Do we need to throw a exception here?
| } else { | ||
| restAPIContext = AuthenticatorConstants.REST_CONTEXT + appContext; | ||
| } | ||
| String requestURL = (String) request.getProperty("REQUEST_URL"); |
| oAuthData.addProperty(KeyManagerConstants.TOKEN_SCOPES, scopes); | ||
| oAuthData.addProperty(KeyManagerConstants.AUTHORIZATION_ENDPOINT, | ||
| storeConfigs.getAuthorizationEndpoint()); | ||
| oAuthData.addProperty("is_sso_enabled", storeConfigs.isSsoEnabled()); |
There was a problem hiding this comment.
Let's move 'is_sso_enabled' to a constant.
| AuthResponseBean authResponseBean = new AuthResponseBean(); | ||
| String appContext = AuthUtil.getAppContext(request); | ||
| String restAPIContext; | ||
| if (appContext.contains("editor") || request.getUri().contains("publisher")) { | ||
| restAPIContext = AuthenticatorConstants.REST_CONTEXT + "/publisher"; | ||
| if (appContext.contains(AuthenticatorConstants.EDITOR_APPLICATION) || |
There was a problem hiding this comment.
I don't think we can compare application contexts in this manner since they can change. Please create a Github issue for this, we need to fix it properly in all places.
There was a problem hiding this comment.
Github issue created at,
#4319 [C5][Authenticator] Compare application contexts
| if (log.isDebugEnabled()) { | ||
| log.debug("Set scopes for " + appName + " application using swagger definition."); | ||
| } | ||
| // TODO: Get Consumer Key & Secret without creating a new app, from the IS side |
There was a problem hiding this comment.
Please create Github issues for TODOs, we'll forget them for sure otherwise :)
There was a problem hiding this comment.
Github issue created at,
#4299 [C5][Authenticator] Getting details of an already existing DCR application
| private String getUsernameFromJWT(String jwt) throws KeyManagementException { | ||
| if (jwt != null && jwt.contains(".")) { | ||
| String[] jwtParts = jwt.split("\\."); | ||
| JWTTokenPayload jwtHeader = new Gson().fromJson(new String(Base64.getDecoder().decode(jwtParts[1]), |
There was a problem hiding this comment.
Shall we use a standard JWT library like Nimbus to handle JWT? If its hard to incorporate along with this feature please create a Github issue so that it doesn't get forgotten.
There was a problem hiding this comment.
Github issue created at,
#4324 [C5][Authenticator] Handle JWT
| @@ -56,7 +56,7 @@ public static String getHttpOnlyCookieHeader(Cookie cookie) { | |||
|
|
|||
| public static String getAppContext(Request request) { | |||
| //TODO this method should provide uuf app context. Consider the scenarios of reverse proxy as well. | |||
| return "/" + request.getProperty("REQUEST_URL").toString().split("/")[1]; | |||
| return "/" + request.getProperty("REQUEST_URL").toString().split("/")[3]; | |||
There was a problem hiding this comment.
I don't think this code will work when you reverse proxy the application. If you have a custom URL this logic will fail.
There was a problem hiding this comment.
Related to the Github issue at,
#4319 [C5][Authenticator] Compare application contexts
| return true; | ||
| } | ||
| return false; | ||
| return username.equals(password); |
There was a problem hiding this comment.
What's this? Do we have an idea to implement this? If so please create relevant GitHub issue.
There was a problem hiding this comment.
Here we need to implement the authentication logic when the user name and password are provided.
Need to check for an API from IS.
Issue created. #4323
Proposed changes in this pull request
When should this PR be merged
ASAP
Follow up actions
[List any possible follow-up actions here; for instance, testing data
migrations, software that we need to install on staging and production
environments.]
Checklist (for reviewing)
General
Functionality
Code
Tests
Security
Documentation