Skip to content

Commit

Permalink
Merge pull request #6769 from ChamodDamitha/jwt-authentication
Browse files Browse the repository at this point in the history
JWT Authentication for API Gateway
  • Loading branch information
harsha89 authored Aug 7, 2019
2 parents 6ea36c0 + 380ec16 commit 5ce5e36
Show file tree
Hide file tree
Showing 20 changed files with 1,226 additions and 17 deletions.
7 changes: 6 additions & 1 deletion components/apimgt/org.wso2.carbon.apimgt.gateway/pom.xml
Original file line number Diff line number Diff line change
Expand Up @@ -231,11 +231,15 @@
<groupId>org.wso2.carbon.mediation</groupId>
<artifactId>org.wso2.carbon.localentry.stub</artifactId>
</dependency>
<dependency>
<dependency>
<groupId>org.apache.felix</groupId>
<artifactId>org.apache.felix.scr.ds-annotations</artifactId>
<scope>provided</scope>
</dependency>
<dependency>
<groupId>org.wso2.orbit.org.openapitools.swagger.parser</groupId>
<artifactId>swagger-parser</artifactId>
</dependency>
</dependencies>

<build>
Expand Down Expand Up @@ -345,6 +349,7 @@
org.apache.synapse.endpoints.*,
org.apache.synapse.mediators.base,
org.apache.axis2.transport.base,
io.swagger.parser.*; version="${imp.pkg.version.openapitools.swagger.parser}",
org.wso2.carbon.core; version="${carbon.platform.package.import.version.range}",
org.wso2.carbon.registry.api; version="${carbon.registry.imp.pkg.version}",
org.wso2.carbon.apimgt.impl.*; version="${carbon.apimgt.imp.pkg.version}",
Expand Down
Original file line number Diff line number Diff line change
Expand Up @@ -32,6 +32,7 @@ public class APIMgtGatewayConstants {
public static final String HTTP_METHOD = "api.ut.HTTP_METHOD";
public static final String HOST_NAME = "api.ut.hostName";
public static final String API_PUBLISHER = "api.ut.apiPublisher";
public static final String API_SWAGGER = "API_SWAGGER";
public static final String APPLICATION_NAME = "api.ut.application.name";
public static final String APPLICATION_ID = "api.ut.application.id";
public static final String REQUEST_START_TIME = "api.ut.requestTime";
Expand Down Expand Up @@ -137,5 +138,11 @@ public class APIMgtGatewayConstants {
public static final String CORS_REQUEST_HANDLER_ERROR = "Error in CORS_Request Handler";
public static final String API_KEY_VALIDATOR_ERROR = "Error while accessing backend services for API key validation";
public static final String GOOGLE_ANALYTICS_ERROR = "Error in Google Analytics Handler";

/**
* Constants for trust store access
* */
public static final String TRUST_STORE_PASSWORD = "Security.TrustStore.Password";
public static final String TRUST_STORE_LOCATION = "Security.TrustStore.Location";
}

Original file line number Diff line number Diff line change
Expand Up @@ -16,6 +16,8 @@

package org.wso2.carbon.apimgt.gateway.handlers.security;

import io.swagger.parser.OpenAPIParser;
import io.swagger.v3.oas.models.OpenAPI;
import org.apache.axiom.om.OMAbstractFactory;
import org.apache.axiom.om.OMElement;
import org.apache.axiom.om.OMFactory;
Expand All @@ -30,6 +32,7 @@
import org.apache.synapse.Mediator;
import org.apache.synapse.MessageContext;
import org.apache.synapse.SynapseConstants;
import org.apache.synapse.config.Entry;
import org.apache.synapse.core.SynapseEnvironment;
import org.apache.synapse.core.axis2.Axis2MessageContext;
import org.apache.synapse.rest.AbstractHandler;
Expand Down Expand Up @@ -88,6 +91,7 @@ public class APIAuthenticationHandler extends AbstractHandler implements Managed
private String certificateInformation;
private String apiUUID;
private String apiType = String.valueOf(APIConstants.ApiTypes.API); // Default API Type
private OpenAPI openAPI;

public String getApiUUID() {
return apiUUID;
Expand Down Expand Up @@ -280,7 +284,8 @@ protected void initializeAuthenticators() {
authenticators.add(authenticator);
}
if (isOAuthProtected) {
authenticator = new OAuthAuthenticator(authorizationHeader, isOAuthBasicAuthMandatory, removeOAuthHeadersFromOutMessage);
authenticator = new OAuthAuthenticator(authorizationHeader, isOAuthBasicAuthMandatory,
removeOAuthHeadersFromOutMessage, apiLevelPolicy);
authenticator.init(synapseEnvironment);
authenticators.add(authenticator);
}
Expand All @@ -302,6 +307,26 @@ public int compare(Authenticator o1, Authenticator o2) {
@edu.umd.cs.findbugs.annotations.SuppressWarnings(value = "EXS_EXCEPTION_SOFTENING_RETURN_FALSE",
justification = "Error is sent through payload")
public boolean handleRequest(MessageContext messageContext) {
// Read OpenAPI from local entry
if (openAPI == null && apiUUID != null) {
synchronized (this) {
if (openAPI == null) {
long startTime = System.currentTimeMillis();
Entry localEntryObj = (Entry) messageContext.getConfiguration().getLocalRegistry().get(apiUUID);
if (localEntryObj != null) {
OpenAPIParser parser = new OpenAPIParser();
openAPI = parser.readContents(localEntryObj.getValue().toString(), null, null).getOpenAPI();
}
long endTime = System.currentTimeMillis();
if (log.isDebugEnabled()) {
log.debug("Time to parse the swagger(ms) : " + (endTime - startTime));
}
}
}
}
// Add OpenAPI to message context
messageContext.setProperty(APIMgtGatewayConstants.API_SWAGGER, openAPI);

TracingSpan keySpan = null;
if (Util.tracingEnabled()) {
TracingSpan responseLatencySpan =
Expand Down Expand Up @@ -493,7 +518,8 @@ private void handleAuthFailure(MessageContext messageContext, APISecurityExcepti
}
axis2MC.setProperty(Constants.Configuration.MESSAGE_TYPE, "application/soap+xml");
int status;
if (e.getErrorCode() == APISecurityConstants.API_AUTH_GENERAL_ERROR) {
if (e.getErrorCode() == APISecurityConstants.API_AUTH_GENERAL_ERROR ||
e.getErrorCode() == APISecurityConstants.API_AUTH_MISSING_SWAGGER) {
status = HttpStatus.SC_INTERNAL_SERVER_ERROR;
} else if (e.getErrorCode() == APISecurityConstants.API_AUTH_INCORRECT_API_RESOURCE ||
e.getErrorCode() == APISecurityConstants.API_AUTH_FORBIDDEN ||
Expand Down
Original file line number Diff line number Diff line change
Expand Up @@ -78,6 +78,8 @@ public class APISecurityConstants {
public static final int MULTI_AUTHENTICATION_FAILURE_AND_MISSING_BASIC_AUTH_CREDENTIALS = 900916;
public static final int MULTI_AUTHENTICATION_FAILURE_AND_MISSING_OAUTH_AND_BASIC_AUTH_CREDENTIALS = 900917;

public static final int API_AUTH_MISSING_SWAGGER = 900918;
public static final String API_AUTH_MISSING_SWAGGER_ERROR_MESSAGE = "Internal Server Error";

// We have added this because we need to add an additional description to the original one and we need to
// separate the 2 messages
Expand All @@ -100,6 +102,9 @@ public static final String getAuthenticationFailureMessage(int errorCode) {
case API_AUTH_GENERAL_ERROR:
errorMessage = API_AUTH_GENERAL_ERROR_MESSAGE;
break;
case API_AUTH_MISSING_SWAGGER:
errorMessage = API_AUTH_MISSING_SWAGGER_ERROR_MESSAGE;
break;
case API_AUTH_INVALID_CREDENTIALS:
errorMessage = API_AUTH_INVALID_CREDENTIALS_MESSAGE;
break;
Expand Down
Loading

0 comments on commit 5ce5e36

Please sign in to comment.