Skip to content

Commit

Permalink
Add authorized API
Browse files Browse the repository at this point in the history
  • Loading branch information
ThaminduR committed Oct 11, 2023
1 parent 1796eb7 commit 2aae80d
Show file tree
Hide file tree
Showing 18 changed files with 1,411 additions and 2 deletions.
Original file line number Diff line number Diff line change
Expand Up @@ -81,5 +81,10 @@
<artifactId>org.wso2.carbon.identity.auth.attribute.handler</artifactId>
<scope>provided</scope>
</dependency>
<dependency>
<groupId>org.wso2.carbon.identity.framework</groupId>
<artifactId>org.wso2.carbon.identity.api.resource.mgt</artifactId>
<scope>provided</scope>
</dependency>
</dependencies>
</project>
Original file line number Diff line number Diff line change
Expand Up @@ -51,6 +51,8 @@ private ApplicationManagementConstants() {
public static final String NAME = "name";
public static final String CLIENT_ID = "clientId";
public static final String ISSUER = "issuer";
public static final String RBAC = "RBAC";
public static final String NO_POLICY = "NO POLICY";

public static final String NON_EXISTING_USER_CODE = "30007 - ";

Expand Down Expand Up @@ -102,6 +104,21 @@ public enum ErrorMessage {
USE_EXTERNAL_CONSENT_PAGE_NOT_SUPPORTED("60506",
"Unsupported application property.",
"'useExternalConsentPage' is not yet supported for SAML applications in this version of the API."),
API_RESOURCE_NOT_FOUND("60507",
"API resource not found.",
"API resource with id: %s is not found in the tenant domain: %s."),
SCOPES_NOT_FOUND("60508",
"API scopes not found.",
"One or more scopes in the request is not found for the API resource with Id: %s in the " +
"tenant domain: %s."),
API_RESOURCE_ALREADY_AUTHORIZED("60509", "API resource already authorized.",
"API resource with id: %s is already authorized for the application with id: %s."),
AUTHORIZED_API_NOT_FOUND("60510", "API resource not authorized for the application.",
"API resource with id: %s is not authorized for the application with id: %s."),
INVALID_POLICY_VALUE("60511", "Invalid policy id value provided.",
"Invalid policy id value. It should be 'RBAC' or 'No Policy'."),
INVALID_POLICY_TYPE_FOR_API_RESOURCE("60512", "Invalid policy type provided for the API " +
"resource.", "API resource with id: %s doesn't allow the provided policy type: %s."),

// Server Errors.
ERROR_RETRIEVING_SAML_METADATA("65001",
Expand Down
Original file line number Diff line number Diff line change
Expand Up @@ -15,7 +15,9 @@
*/
package org.wso2.carbon.identity.api.server.application.management.common;

import org.wso2.carbon.identity.api.resource.mgt.APIResourceManager;
import org.wso2.carbon.identity.application.mgt.ApplicationManagementService;
import org.wso2.carbon.identity.application.mgt.AuthorizedAPIManagementService;
import org.wso2.carbon.identity.cors.mgt.core.CORSManagementService;
import org.wso2.carbon.identity.oauth.OAuthAdminServiceImpl;
import org.wso2.carbon.identity.oauth.config.OAuthServerConfiguration;
Expand All @@ -37,6 +39,8 @@ public class ApplicationManagementServiceHolder {
private static TemplateManager templateManager;
private static CORSManagementService corsManagementService;
private static RealmService realmService;
private static APIResourceManager apiResourceManager;
private static AuthorizedAPIManagementService authorizedAPIManagementService;

public static ApplicationManagementService getApplicationManagementService() {

Expand Down Expand Up @@ -127,4 +131,45 @@ public static void setRealmService(RealmService realmService) {

ApplicationManagementServiceHolder.realmService = realmService;
}

/**
* Get APIResourceManager.
*
* @return APIResourceManager.
*/
public static APIResourceManager getApiResourceManager() {

return apiResourceManager;
}

/**
* Set APIResourceManager.
*
* @param apiResourceManager APIResourceManager.
*/
public static void setApiResourceManager(APIResourceManager apiResourceManager) {

ApplicationManagementServiceHolder.apiResourceManager = apiResourceManager;
}

/**
* Get AuthorizedAPIManagementService.
*
* @return AuthorizedAPIManagementService.
*/
public static AuthorizedAPIManagementService getAuthorizedAPIManagementService() {

return authorizedAPIManagementService;
}

/**
* Set AuthorizedAPIManagementService.
*
* @param authorizedAPIManagementService AuthorizedAPIManagementService.
*/
public static void setAuthorizedAPIManagementService(AuthorizedAPIManagementService
authorizedAPIManagementService) {

ApplicationManagementServiceHolder.authorizedAPIManagementService = authorizedAPIManagementService;
}
}
Original file line number Diff line number Diff line change
@@ -0,0 +1,50 @@
/*
* Copyright (c) 2023, WSO2 LLC. (http://www.wso2.com).
*
* WSO2 LLC. licenses this file to you under the Apache License,
* Version 2.0 (the "License"); you may not use this file except
* in compliance with the License.
* You may obtain a copy of the License at
*
* http://www.apache.org/licenses/LICENSE-2.0
*
* Unless required by applicable law or agreed to in writing,
* software distributed under the License is distributed on an
* "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
* KIND, either express or implied. See the License for the
* specific language governing permissions and limitations
* under the License.
*/

package org.wso2.carbon.identity.api.server.application.management.common.factory;

import org.springframework.beans.factory.config.AbstractFactoryBean;
import org.wso2.carbon.context.PrivilegedCarbonContext;
import org.wso2.carbon.identity.api.resource.mgt.APIResourceManager;

/**
* Factory class for APIResourceManagementOSGiService.
*/
public class APIResourceMgtOSGiServiceFactory extends AbstractFactoryBean<APIResourceManager> {

private APIResourceManager apiResourceManager;

@Override
public Class<?> getObjectType() {

return Object.class;
}

@Override
protected APIResourceManager createInstance() throws Exception {

if (this.apiResourceManager == null) {
apiResourceManager = (APIResourceManager) PrivilegedCarbonContext.
getThreadLocalCarbonContext().getOSGiService(APIResourceManager.class, null);
if (apiResourceManager == null) {
throw new Exception("Unable to retrieve APIResourceManager service.");
}
}
return this.apiResourceManager;
}
}
Original file line number Diff line number Diff line change
@@ -0,0 +1,52 @@
/*
* Copyright (c) 2023, WSO2 LLC. (http://www.wso2.com).
*
* WSO2 LLC. licenses this file to you under the Apache License,
* Version 2.0 (the "License"); you may not use this file except
* in compliance with the License.
* You may obtain a copy of the License at
*
* http://www.apache.org/licenses/LICENSE-2.0
*
* Unless required by applicable law or agreed to in writing,
* software distributed under the License is distributed on an
* "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
* KIND, either express or implied. See the License for the
* specific language governing permissions and limitations
* under the License.
*/

package org.wso2.carbon.identity.api.server.application.management.common.factory;

import org.springframework.beans.factory.config.AbstractFactoryBean;
import org.wso2.carbon.context.PrivilegedCarbonContext;
import org.wso2.carbon.identity.application.mgt.AuthorizedAPIManagementService;

/**
* Factory Beans serves as a factory for creating other beans within the IOC container. This factory bean is used to
* instantiate the AuthorizedAPIManagementService type of object inside the container.
*/
public class AuthorizedAPIMgtOSGiServiceFactory extends AbstractFactoryBean<AuthorizedAPIManagementService> {

private AuthorizedAPIManagementService authorizedAPIManagementService;

@Override
public Class<?> getObjectType() {

return Object.class;
}

@Override
protected AuthorizedAPIManagementService createInstance() throws Exception {

if (this.authorizedAPIManagementService == null) {
authorizedAPIManagementService = (AuthorizedAPIManagementService)
PrivilegedCarbonContext.getThreadLocalCarbonContext()
.getOSGiService(AuthorizedAPIManagementService.class, null);
if (authorizedAPIManagementService == null) {
throw new Exception("Unable to retrieve AuthorizedAPIManagement service.");
}
}
return this.authorizedAPIManagementService;
}
}
Original file line number Diff line number Diff line change
Expand Up @@ -129,6 +129,11 @@
<artifactId>org.wso2.carbon.identity.core</artifactId>
<scope>provided</scope>
</dependency>
<dependency>
<groupId>org.wso2.carbon.identity.framework</groupId>
<artifactId>org.wso2.carbon.identity.api.resource.mgt</artifactId>
<scope>provided</scope>
</dependency>

<dependency>
<groupId>org.wso2.carbon.identity.server.api</groupId>
Expand Down
Original file line number Diff line number Diff line change
Expand Up @@ -34,6 +34,9 @@
import org.wso2.carbon.identity.api.server.application.management.v1.ApplicationTemplateModel;
import org.wso2.carbon.identity.api.server.application.management.v1.ApplicationTemplatesList;
import org.wso2.carbon.identity.api.server.application.management.v1.AuthProtocolMetadata;
import org.wso2.carbon.identity.api.server.application.management.v1.AuthorizedAPICreationModel;
import org.wso2.carbon.identity.api.server.application.management.v1.AuthorizedAPIPatchModel;
import org.wso2.carbon.identity.api.server.application.management.v1.AuthorizedAPIResponse;
import org.wso2.carbon.identity.api.server.application.management.v1.ConfiguredAuthenticatorsModal;
import org.wso2.carbon.identity.api.server.application.management.v1.CustomInboundProtocolConfiguration;
import org.wso2.carbon.identity.api.server.application.management.v1.CustomInboundProtocolMetaData;
Expand Down Expand Up @@ -68,6 +71,30 @@ public class ApplicationsApi {
@Autowired
private ApplicationsApiService delegate;

@Valid
@POST
@Path("/{applicationId}/authorized-apis")
@Consumes({ "application/json" })
@Produces({ "application/json" })
@ApiOperation(value = "Authorized an API to the application ", notes = "This API provides the capability to authorized an API to the application.<br> <b>Permission required:</b> <br> * /permission/admin/manage/identity/applicationmgt/create <br> <b>Scope required:</b> <br> * internal_application_mgt_create ", response = Void.class, authorizations = {
@Authorization(value = "BasicAuth"),
@Authorization(value = "OAuth2", scopes = {

})
}, tags={ "Authorized APIs", })
@ApiResponses(value = {
@ApiResponse(code = 201, message = "Created", response = Void.class),
@ApiResponse(code = 400, message = "Bad Request", response = Error.class),
@ApiResponse(code = 401, message = "Unauthorized", response = Void.class),
@ApiResponse(code = 403, message = "Forbidden", response = Void.class),
@ApiResponse(code = 404, message = "Not Found", response = Void.class),
@ApiResponse(code = 500, message = "Server Error", response = Error.class)
})
public Response addAuthorizedAPI(@ApiParam(value = "ID of the application.",required=true) @PathParam("applicationId") String applicationId, @ApiParam(value = "" ) @Valid AuthorizedAPICreationModel authorizedAPICreationModel) {

return delegate.addAuthorizedAPI(applicationId, authorizedAPICreationModel );
}

@Valid
@PUT
@Path("/{applicationId}/owner")
Expand Down Expand Up @@ -190,6 +217,28 @@ public Response deleteApplicationTemplate(@ApiParam(value = "Application templat
return delegate.deleteApplicationTemplate(templateId );
}

@Valid
@DELETE
@Path("/{applicationId}/authorized-apis/{apiId}")

@Produces({ "application/json" })
@ApiOperation(value = "Remove API authorization from the application ", notes = "This API provides the capability to delete an authorized API of the application.<br> <b>Permission required:</b> <br> * /permission/admin/manage/identity/applicationmgt/delete <br> <b>Scope required:</b> <br> * internal_application_mgt_delete ", response = Void.class, authorizations = {
@Authorization(value = "BasicAuth"),
@Authorization(value = "OAuth2", scopes = {

})
}, tags={ "Authorized APIs", })
@ApiResponses(value = {
@ApiResponse(code = 204, message = "No Content", response = Void.class),
@ApiResponse(code = 401, message = "Unauthorized", response = Void.class),
@ApiResponse(code = 403, message = "Forbidden", response = Void.class),
@ApiResponse(code = 500, message = "Server Error", response = Error.class)
})
public Response deleteAuthorizedAPI(@ApiParam(value = "ID of the application.",required=true) @PathParam("applicationId") String applicationId, @ApiParam(value = "ID of the API resource.",required=true) @PathParam("apiId") String apiId) {

return delegate.deleteAuthorizedAPI(applicationId, apiId );
}

@Valid
@DELETE
@Path("/{applicationId}/inbound-protocols/{inboundProtocolId}")
Expand Down Expand Up @@ -482,6 +531,29 @@ public Response getApplicationTemplate(@ApiParam(value = "Application template I
return delegate.getApplicationTemplate(templateId );
}

@Valid
@GET
@Path("/{applicationId}/authorized-apis")

@Produces({ "application/json" })
@ApiOperation(value = "Get authorized APIs of the application. ", notes = "This API provides the capability to retrieve all the authorized APIs of the application.<br> <b>Permission required:</b> <br> * /permission/admin/manage/identity/applicationmgt/view <br> <b>Scope required:</b> <br> * internal_application_mgt_view ", response = AuthorizedAPIResponse.class, responseContainer = "List", authorizations = {
@Authorization(value = "BasicAuth"),
@Authorization(value = "OAuth2", scopes = {

})
}, tags={ "Authorized APIs", })
@ApiResponses(value = {
@ApiResponse(code = 200, message = "OK", response = AuthorizedAPIResponse.class, responseContainer = "List"),
@ApiResponse(code = 401, message = "Unauthorized", response = Void.class),
@ApiResponse(code = 403, message = "Forbidden", response = Void.class),
@ApiResponse(code = 404, message = "Not Found", response = Void.class),
@ApiResponse(code = 500, message = "Server Error", response = Error.class)
})
public Response getAuthorizedAPIs(@ApiParam(value = "ID of the application.",required=true) @PathParam("applicationId") String applicationId) {

return delegate.getAuthorizedAPIs(applicationId );
}

@Valid
@GET
@Path("/{applicationId}/authenticators")
Expand Down Expand Up @@ -862,6 +934,30 @@ public Response patchApplication(@ApiParam(value = "ID of the application.",requ
return delegate.patchApplication(applicationId, applicationPatchModel );
}

@Valid
@PATCH
@Path("/{applicationId}/authorized-apis/{apiId}")
@Consumes({ "application/json" })
@Produces({ "application/json" })
@ApiOperation(value = "Update authorized API scopes ", notes = "This API provides the capability to update an authorized API of the application.<br> <b>Permission required:</b> <br> * /permission/admin/manage/identity/applicationmgt/update <br> <b>Scope required:</b> <br> * internal_application_mgt_update ", response = Void.class, authorizations = {
@Authorization(value = "BasicAuth"),
@Authorization(value = "OAuth2", scopes = {

})
}, tags={ "Authorized APIs", })
@ApiResponses(value = {
@ApiResponse(code = 200, message = "OK", response = Void.class),
@ApiResponse(code = 400, message = "Bad Request", response = Error.class),
@ApiResponse(code = 401, message = "Unauthorized", response = Void.class),
@ApiResponse(code = 403, message = "Forbidden", response = Void.class),
@ApiResponse(code = 404, message = "Not Found", response = Void.class),
@ApiResponse(code = 500, message = "Server Error", response = Error.class)
})
public Response patchAuthorizedAPI(@ApiParam(value = "ID of the application.",required=true) @PathParam("applicationId") String applicationId, @ApiParam(value = "ID of the API resource.",required=true) @PathParam("apiId") String apiId, @ApiParam(value = "" ) @Valid AuthorizedAPIPatchModel authorizedAPIPatchModel) {

return delegate.patchAuthorizedAPI(applicationId, apiId, authorizedAPIPatchModel );
}

@Valid
@POST
@Path("/{applicationId}/inbound-protocols/oidc/regenerate-secret")
Expand Down
Original file line number Diff line number Diff line change
Expand Up @@ -23,6 +23,7 @@
import org.wso2.carbon.identity.api.server.application.management.v1.*;
import org.apache.cxf.jaxrs.ext.multipart.Attachment;
import org.apache.cxf.jaxrs.ext.multipart.Multipart;

import java.io.InputStream;
import java.util.List;
import org.wso2.carbon.identity.api.server.application.management.v1.AdaptiveAuthTemplates;
Expand Down Expand Up @@ -55,6 +56,8 @@

public interface ApplicationsApiService {

public Response addAuthorizedAPI(String applicationId, AuthorizedAPICreationModel authorizedAPICreationModel);

public Response changeApplicationOwner(String applicationId, ApplicationOwner applicationOwner);

public Response createApplication(ApplicationModel applicationModel, String template);
Expand All @@ -65,6 +68,8 @@ public interface ApplicationsApiService {

public Response deleteApplicationTemplate(String templateId);

public Response deleteAuthorizedAPI(String applicationId, String apiId);

public Response deleteCustomInboundConfiguration(String applicationId, String inboundProtocolId);

public Response deleteInboundOAuthConfiguration(String applicationId);
Expand All @@ -89,6 +94,8 @@ public interface ApplicationsApiService {

public Response getApplicationTemplate(String templateId);

public Response getAuthorizedAPIs(String applicationId);

public Response getConfiguredAuthenticators(String applicationId);

public Response getCustomInboundConfiguration(String applicationId, String inboundProtocolId);
Expand Down Expand Up @@ -121,6 +128,8 @@ public interface ApplicationsApiService {

public Response patchApplication(String applicationId, ApplicationPatchModel applicationPatchModel);

public Response patchAuthorizedAPI(String applicationId, String apiId, AuthorizedAPIPatchModel authorizedAPIPatchModel);

public Response regenerateOAuthClientSecret(String applicationId);

public Response revokeOAuthClient(String applicationId);
Expand Down
Loading

0 comments on commit 2aae80d

Please sign in to comment.