Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Add capability to manage API authorization to applications #493

Merged
merged 4 commits into from
Oct 13, 2023
Merged
Show file tree
Hide file tree
Changes from 3 commits
Commits
File filter

Filter by extension

Filter by extension


Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
Original file line number Diff line number Diff line change
Expand Up @@ -171,12 +171,17 @@ public APIResourceListResponse getAPIResources(String before, String after, Stri
}

/**
* Get API Resource by ID.
* Get API Resource Response by ID.
*
* @param apiResourceID API Resource ID.
* @param apiResourceId API Resource ID.
* @return API Resource.
*/
public APIResource getAPIResourceById(String apiResourceID) {
public APIResourceResponse getAPIResourceResponseById(String apiResourceId) {

return buildAPIResourceResponse(getAPIResourceById(apiResourceId));
}

private APIResource getAPIResourceById(String apiResourceID) {

try {
APIResource apiResource = APIResourceManagementServiceHolder.getApiResourceManager()
Expand Down Expand Up @@ -341,7 +346,7 @@ private APIResourceResponse buildAPIResourceResponse(APIResource apiResource) {
.description(apiResource.getDescription())
.scopes(apiResource.getScopes().stream().map(this::buildScopeGetResponse)
.collect(Collectors.toList()))
.requiresAuthorization(apiResource.isRequiresAuthorization());
.requiresAuthorization(apiResource.isAuthorizationRequired());
}

/**
Expand Down Expand Up @@ -418,7 +423,7 @@ private APIResourceListItem buildAPIResourceListItem(APIResource apiResource) {
.name(apiResource.getName())
.identifier(apiResource.getIdentifier())
.type(apiResource.getType())
.requiresAuthorization(apiResource.isRequiresAuthorization())
.requiresAuthorization(apiResource.isAuthorizationRequired())
.self(V1_API_PATH_COMPONENT + APIResourceMgtEndpointConstants.API_RESOURCE_PATH_COMPONENT + "/"
+ apiResource.getId());
}
Expand Down
Original file line number Diff line number Diff line change
Expand Up @@ -63,7 +63,8 @@ public Response apiResourcesApiResourceIdDelete(String apiResourceId) {
@Override
public Response apiResourcesApiResourceIdGet(String apiResourceId) {

return Response.ok().entity(serverAPIResourceManagementService.getAPIResourceById(apiResourceId)).build();
return Response.ok().entity(
serverAPIResourceManagementService.getAPIResourceResponseById(apiResourceId)).build();
}

@Override
Expand Down
Original file line number Diff line number Diff line change
Expand Up @@ -81,5 +81,10 @@
<artifactId>org.wso2.carbon.identity.auth.attribute.handler</artifactId>
<scope>provided</scope>
</dependency>
<dependency>
<groupId>org.wso2.carbon.identity.framework</groupId>
<artifactId>org.wso2.carbon.identity.api.resource.mgt</artifactId>
<scope>provided</scope>
</dependency>
</dependencies>
</project>
Original file line number Diff line number Diff line change
Expand Up @@ -51,6 +51,8 @@ private ApplicationManagementConstants() {
public static final String NAME = "name";
public static final String CLIENT_ID = "clientId";
public static final String ISSUER = "issuer";
public static final String RBAC = "RBAC";
public static final String NO_POLICY = "NO POLICY";

public static final String NON_EXISTING_USER_CODE = "30007 - ";

Expand Down Expand Up @@ -102,6 +104,21 @@ public enum ErrorMessage {
USE_EXTERNAL_CONSENT_PAGE_NOT_SUPPORTED("60506",
"Unsupported application property.",
"'useExternalConsentPage' is not yet supported for SAML applications in this version of the API."),
API_RESOURCE_NOT_FOUND("60507",
"API resource not found.",
"API resource with id: %s is not found in the tenant domain: %s."),
SCOPES_NOT_FOUND("60508",
"API scopes not found.",
"One or more scopes in the request is not found for the API resource with Id: %s in the " +
"tenant domain: %s."),
API_RESOURCE_ALREADY_AUTHORIZED("60509", "API resource already authorized.",
"API resource with id: %s is already authorized for the application with id: %s."),
AUTHORIZED_API_NOT_FOUND("60510", "API resource not authorized for the application.",
"API resource with id: %s is not authorized for the application with id: %s."),
INVALID_POLICY_VALUE("60511", "Invalid policy id value provided.",
"Invalid policy id value. It should be 'RBAC' or 'No Policy'."),
INVALID_POLICY_TYPE_FOR_API_RESOURCE("60512", "Invalid policy type provided for the API " +
"resource.", "API resource with id: %s doesn't allow the provided policy type: %s."),

// Server Errors.
ERROR_RETRIEVING_SAML_METADATA("65001",
Expand Down
Original file line number Diff line number Diff line change
Expand Up @@ -15,7 +15,9 @@
*/
package org.wso2.carbon.identity.api.server.application.management.common;

import org.wso2.carbon.identity.api.resource.mgt.APIResourceManager;
import org.wso2.carbon.identity.application.mgt.ApplicationManagementService;
import org.wso2.carbon.identity.application.mgt.AuthorizedAPIManagementService;
import org.wso2.carbon.identity.cors.mgt.core.CORSManagementService;
import org.wso2.carbon.identity.oauth.OAuthAdminServiceImpl;
import org.wso2.carbon.identity.oauth.config.OAuthServerConfiguration;
Expand All @@ -37,6 +39,8 @@ public class ApplicationManagementServiceHolder {
private static TemplateManager templateManager;
private static CORSManagementService corsManagementService;
private static RealmService realmService;
private static APIResourceManager apiResourceManager;
private static AuthorizedAPIManagementService authorizedAPIManagementService;

public static ApplicationManagementService getApplicationManagementService() {

Expand Down Expand Up @@ -127,4 +131,45 @@ public static void setRealmService(RealmService realmService) {

ApplicationManagementServiceHolder.realmService = realmService;
}

/**
* Get APIResourceManager.
*
* @return APIResourceManager.
*/
public static APIResourceManager getApiResourceManager() {

return apiResourceManager;
}

/**
* Set APIResourceManager.
*
* @param apiResourceManager APIResourceManager.
*/
public static void setApiResourceManager(APIResourceManager apiResourceManager) {

ApplicationManagementServiceHolder.apiResourceManager = apiResourceManager;
}

/**
* Get AuthorizedAPIManagementService.
*
* @return AuthorizedAPIManagementService.
*/
public static AuthorizedAPIManagementService getAuthorizedAPIManagementService() {

return authorizedAPIManagementService;
}

/**
* Set AuthorizedAPIManagementService.
*
* @param authorizedAPIManagementService AuthorizedAPIManagementService.
*/
public static void setAuthorizedAPIManagementService(AuthorizedAPIManagementService
authorizedAPIManagementService) {

ApplicationManagementServiceHolder.authorizedAPIManagementService = authorizedAPIManagementService;
}
}
Original file line number Diff line number Diff line change
@@ -0,0 +1,50 @@
/*
* Copyright (c) 2023, WSO2 LLC. (http://www.wso2.com).
*
* WSO2 LLC. licenses this file to you under the Apache License,
* Version 2.0 (the "License"); you may not use this file except
* in compliance with the License.
* You may obtain a copy of the License at
*
* http://www.apache.org/licenses/LICENSE-2.0
*
* Unless required by applicable law or agreed to in writing,
* software distributed under the License is distributed on an
* "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
* KIND, either express or implied. See the License for the
* specific language governing permissions and limitations
* under the License.
*/

package org.wso2.carbon.identity.api.server.application.management.common.factory;

import org.springframework.beans.factory.config.AbstractFactoryBean;
import org.wso2.carbon.context.PrivilegedCarbonContext;
import org.wso2.carbon.identity.api.resource.mgt.APIResourceManager;

/**
* Factory class for APIResourceManagementOSGiService.
*/
public class APIResourceMgtOSGiServiceFactory extends AbstractFactoryBean<APIResourceManager> {

private APIResourceManager apiResourceManager;

@Override
public Class<?> getObjectType() {

return Object.class;
}

@Override
protected APIResourceManager createInstance() throws Exception {

if (this.apiResourceManager == null) {
apiResourceManager = (APIResourceManager) PrivilegedCarbonContext.
getThreadLocalCarbonContext().getOSGiService(APIResourceManager.class, null);
if (apiResourceManager == null) {
throw new Exception("Unable to retrieve APIResourceManager service.");
}
}
return this.apiResourceManager;
}
}
Original file line number Diff line number Diff line change
@@ -0,0 +1,52 @@
/*
* Copyright (c) 2023, WSO2 LLC. (http://www.wso2.com).
*
* WSO2 LLC. licenses this file to you under the Apache License,
* Version 2.0 (the "License"); you may not use this file except
* in compliance with the License.
* You may obtain a copy of the License at
*
* http://www.apache.org/licenses/LICENSE-2.0
*
* Unless required by applicable law or agreed to in writing,
* software distributed under the License is distributed on an
* "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
* KIND, either express or implied. See the License for the
* specific language governing permissions and limitations
* under the License.
*/

package org.wso2.carbon.identity.api.server.application.management.common.factory;

import org.springframework.beans.factory.config.AbstractFactoryBean;
import org.wso2.carbon.context.PrivilegedCarbonContext;
import org.wso2.carbon.identity.application.mgt.AuthorizedAPIManagementService;

/**
* Factory Beans serves as a factory for creating other beans within the IOC container. This factory bean is used to
* instantiate the AuthorizedAPIManagementService type of object inside the container.
*/
public class AuthorizedAPIMgtOSGiServiceFactory extends AbstractFactoryBean<AuthorizedAPIManagementService> {

private AuthorizedAPIManagementService authorizedAPIManagementService;

@Override
public Class<?> getObjectType() {

return Object.class;
}

@Override
protected AuthorizedAPIManagementService createInstance() throws Exception {

if (this.authorizedAPIManagementService == null) {
authorizedAPIManagementService = (AuthorizedAPIManagementService)
PrivilegedCarbonContext.getThreadLocalCarbonContext()
.getOSGiService(AuthorizedAPIManagementService.class, null);
if (authorizedAPIManagementService == null) {
throw new Exception("Unable to retrieve AuthorizedAPIManagement service.");
}
}
return this.authorizedAPIManagementService;
}
}
Original file line number Diff line number Diff line change
Expand Up @@ -129,6 +129,11 @@
<artifactId>org.wso2.carbon.identity.core</artifactId>
<scope>provided</scope>
</dependency>
<dependency>
<groupId>org.wso2.carbon.identity.framework</groupId>
<artifactId>org.wso2.carbon.identity.api.resource.mgt</artifactId>
<scope>provided</scope>
</dependency>

<dependency>
<groupId>org.wso2.carbon.identity.server.api</groupId>
Expand Down
Loading
Loading