Merge pull request #493 from ThaminduR/add-authorized-api

Add capability to manage API authorization to applications
wso2 · Oct 13, 2023 · f5984ef · f5984ef
2 parents 9d9b423 + 629a38e
commit f5984ef
Show file tree

Hide file tree

Showing 20 changed files with 1,422 additions and 7 deletions.
diff --git a/...2/carbon/identity/api/server/api/resource/v1/core/ServerAPIResourceManagementService.java b/...2/carbon/identity/api/server/api/resource/v1/core/ServerAPIResourceManagementService.java
@@ -171,12 +171,17 @@ public APIResourceListResponse getAPIResources(String before, String after, Stri
     }
 
     /**
-     * Get API Resource by ID.
+     * Get API Resource Response by ID.
      *
-     * @param apiResourceID API Resource ID.
+     * @param apiResourceId API Resource ID.
      * @return API Resource.
      */
-    public APIResource getAPIResourceById(String apiResourceID) {
+    public APIResourceResponse getAPIResourceResponseById(String apiResourceId) {
+
+        return buildAPIResourceResponse(getAPIResourceById(apiResourceId));
+    }
+
+    private APIResource getAPIResourceById(String apiResourceID) {
 
         try {
             APIResource apiResource = APIResourceManagementServiceHolder.getApiResourceManager()
@@ -341,7 +346,7 @@ private APIResourceResponse buildAPIResourceResponse(APIResource apiResource) {
                 .description(apiResource.getDescription())
                 .scopes(apiResource.getScopes().stream().map(this::buildScopeGetResponse)
                         .collect(Collectors.toList()))
-                .requiresAuthorization(apiResource.isRequiresAuthorization());
+                .requiresAuthorization(apiResource.isAuthorizationRequired());
     }
 
     /**
@@ -418,7 +423,7 @@ private APIResourceListItem buildAPIResourceListItem(APIResource apiResource) {
                 .name(apiResource.getName())
                 .identifier(apiResource.getIdentifier())
                 .type(apiResource.getType())
-                .requiresAuthorization(apiResource.isRequiresAuthorization())
+                .requiresAuthorization(apiResource.isAuthorizationRequired())
                 .self(V1_API_PATH_COMPONENT + APIResourceMgtEndpointConstants.API_RESOURCE_PATH_COMPONENT + "/"
                         + apiResource.getId());
     }

diff --git a/.../org/wso2/carbon/identity/api/server/api/resource/v1/impl/ApiResourcesApiServiceImpl.java b/.../org/wso2/carbon/identity/api/server/api/resource/v1/impl/ApiResourcesApiServiceImpl.java
@@ -63,7 +63,8 @@ public Response apiResourcesApiResourceIdDelete(String apiResourceId) {
     @Override
     public Response apiResourcesApiResourceIdGet(String apiResourceId) {
 
-        return Response.ok().entity(serverAPIResourceManagementService.getAPIResourceById(apiResourceId)).build();
+        return Response.ok().entity(
+                serverAPIResourceManagementService.getAPIResourceResponseById(apiResourceId)).build();
     }
 
     @Override

diff --git a/...tion.management/org.wso2.carbon.identity.api.server.application.management.common/pom.xml b/...tion.management/org.wso2.carbon.identity.api.server.application.management.common/pom.xml
@@ -81,5 +81,10 @@
             <artifactId>org.wso2.carbon.identity.auth.attribute.handler</artifactId>
             <scope>provided</scope>
         </dependency>
+        <dependency>
+            <groupId>org.wso2.carbon.identity.framework</groupId>
+            <artifactId>org.wso2.carbon.identity.api.resource.mgt</artifactId>
+            <scope>provided</scope>
+        </dependency>
     </dependencies>
 </project>
diff --git a/...bon/identity/api/server/application/management/common/ApplicationManagementConstants.java b/...bon/identity/api/server/application/management/common/ApplicationManagementConstants.java
@@ -51,6 +51,8 @@ private ApplicationManagementConstants() {
     public static final String NAME = "name";
     public static final String CLIENT_ID = "clientId";
     public static final String ISSUER = "issuer";
+    public static final String RBAC = "RBAC";
+    public static final String NO_POLICY = "NO POLICY";
 
     public static final String NON_EXISTING_USER_CODE = "30007 - ";
 
@@ -102,6 +104,21 @@ public enum ErrorMessage {
         USE_EXTERNAL_CONSENT_PAGE_NOT_SUPPORTED("60506",
                 "Unsupported application property.",
                 "'useExternalConsentPage' is not yet supported for SAML applications in this version of the API."),
+        API_RESOURCE_NOT_FOUND("60507",
+                "API resource not found.",
+                "API resource with id: %s is not found in the tenant domain: %s."),
+        SCOPES_NOT_FOUND("60508",
+                "API scopes not found.",
+                "One or more scopes in the request is not found for the API resource with Id: %s in the " +
+                        "tenant domain: %s."),
+        API_RESOURCE_ALREADY_AUTHORIZED("60509", "API resource already authorized.",
+                "API resource with id: %s is already authorized for the application with id: %s."),
+        AUTHORIZED_API_NOT_FOUND("60510", "API resource not authorized for the application.",
+                "API resource with id: %s is not authorized for the application with id: %s."),
+        INVALID_POLICY_VALUE("60511", "Invalid policy id value provided.",
+                "Invalid policy id value. It should be 'RBAC' or 'No Policy'."),
+        INVALID_POLICY_TYPE_FOR_API_RESOURCE("60512", "Invalid policy type provided for the API " +
+                "resource.", "API resource with id: %s doesn't allow the provided policy type: %s."),
 
         // Server Errors.
         ERROR_RETRIEVING_SAML_METADATA("65001",

diff --git a/...identity/api/server/application/management/common/ApplicationManagementServiceHolder.java b/...identity/api/server/application/management/common/ApplicationManagementServiceHolder.java
@@ -15,7 +15,9 @@
  */
 package org.wso2.carbon.identity.api.server.application.management.common;
 
+import org.wso2.carbon.identity.api.resource.mgt.APIResourceManager;
 import org.wso2.carbon.identity.application.mgt.ApplicationManagementService;
+import org.wso2.carbon.identity.application.mgt.AuthorizedAPIManagementService;
 import org.wso2.carbon.identity.cors.mgt.core.CORSManagementService;
 import org.wso2.carbon.identity.oauth.OAuthAdminServiceImpl;
 import org.wso2.carbon.identity.oauth.config.OAuthServerConfiguration;
@@ -37,6 +39,8 @@ public class ApplicationManagementServiceHolder {
     private static TemplateManager templateManager;
     private static CORSManagementService corsManagementService;
     private static RealmService realmService;
+    private static APIResourceManager apiResourceManager;
+    private static AuthorizedAPIManagementService authorizedAPIManagementService;
 
     public static ApplicationManagementService getApplicationManagementService() {
 
@@ -127,4 +131,45 @@ public static void setRealmService(RealmService realmService) {
 
         ApplicationManagementServiceHolder.realmService = realmService;
     }
+
+    /**
+     * Get APIResourceManager.
+     *
+     * @return APIResourceManager.
+     */
+    public static APIResourceManager getApiResourceManager() {
+
+        return apiResourceManager;
+    }
+
+    /**
+     * Set APIResourceManager.
+     *
+     * @param apiResourceManager APIResourceManager.
+     */
+    public static void setApiResourceManager(APIResourceManager apiResourceManager) {
+
+        ApplicationManagementServiceHolder.apiResourceManager = apiResourceManager;
+    }
+
+    /**
+     * Get AuthorizedAPIManagementService.
+     *
+     * @return AuthorizedAPIManagementService.
+     */
+    public static AuthorizedAPIManagementService getAuthorizedAPIManagementService() {
+
+        return authorizedAPIManagementService;
+    }
+
+    /**
+     * Set AuthorizedAPIManagementService.
+     *
+     * @param authorizedAPIManagementService AuthorizedAPIManagementService.
+     */
+    public static void setAuthorizedAPIManagementService(AuthorizedAPIManagementService
+                                                                 authorizedAPIManagementService) {
+
+        ApplicationManagementServiceHolder.authorizedAPIManagementService = authorizedAPIManagementService;
+    }
 }
diff --git a/...ty/api/server/application/management/common/factory/APIResourceMgtOSGiServiceFactory.java b/...ty/api/server/application/management/common/factory/APIResourceMgtOSGiServiceFactory.java
@@ -0,0 +1,50 @@
+/*
+ * Copyright (c) 2023, WSO2 LLC. (http://www.wso2.com).
+ *
+ * WSO2 LLC. licenses this file to you under the Apache License,
+ * Version 2.0 (the "License"); you may not use this file except
+ * in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing,
+ * software distributed under the License is distributed on an
+ * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+ * KIND, either express or implied.  See the License for the
+ * specific language governing permissions and limitations
+ * under the License.
+ */
+
+package org.wso2.carbon.identity.api.server.application.management.common.factory;
+
+import org.springframework.beans.factory.config.AbstractFactoryBean;
+import org.wso2.carbon.context.PrivilegedCarbonContext;
+import org.wso2.carbon.identity.api.resource.mgt.APIResourceManager;
+
+/**
+ * Factory class for APIResourceManagementOSGiService.
+ */
+public class APIResourceMgtOSGiServiceFactory extends AbstractFactoryBean<APIResourceManager> {
+
+    private APIResourceManager apiResourceManager;
+
+    @Override
+    public Class<?> getObjectType() {
+
+        return Object.class;
+    }
+
+    @Override
+    protected APIResourceManager createInstance() throws Exception {
+
+        if (this.apiResourceManager == null) {
+            apiResourceManager = (APIResourceManager) PrivilegedCarbonContext.
+                    getThreadLocalCarbonContext().getOSGiService(APIResourceManager.class, null);
+            if (apiResourceManager == null) {
+                throw new Exception("Unable to retrieve APIResourceManager service.");
+            }
+        }
+        return this.apiResourceManager;
+    }
+}
diff --git a/.../api/server/application/management/common/factory/AuthorizedAPIMgtOSGiServiceFactory.java b/.../api/server/application/management/common/factory/AuthorizedAPIMgtOSGiServiceFactory.java
@@ -0,0 +1,52 @@
+/*
+ * Copyright (c) 2023, WSO2 LLC. (http://www.wso2.com).
+ *
+ * WSO2 LLC. licenses this file to you under the Apache License,
+ * Version 2.0 (the "License"); you may not use this file except
+ * in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing,
+ * software distributed under the License is distributed on an
+ * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+ * KIND, either express or implied.  See the License for the
+ * specific language governing permissions and limitations
+ * under the License.
+ */
+
+package org.wso2.carbon.identity.api.server.application.management.common.factory;
+
+import org.springframework.beans.factory.config.AbstractFactoryBean;
+import org.wso2.carbon.context.PrivilegedCarbonContext;
+import org.wso2.carbon.identity.application.mgt.AuthorizedAPIManagementService;
+
+/**
+ * Factory Beans serves as a factory for creating other beans within the IOC container. This factory bean is used to
+ * instantiate the AuthorizedAPIManagementService type of object inside the container.
+ */
+public class AuthorizedAPIMgtOSGiServiceFactory extends AbstractFactoryBean<AuthorizedAPIManagementService> {
+
+    private AuthorizedAPIManagementService authorizedAPIManagementService;
+
+    @Override
+    public Class<?> getObjectType() {
+
+        return Object.class;
+    }
+
+    @Override
+    protected AuthorizedAPIManagementService createInstance() throws Exception {
+
+        if (this.authorizedAPIManagementService == null) {
+            authorizedAPIManagementService = (AuthorizedAPIManagementService)
+                    PrivilegedCarbonContext.getThreadLocalCarbonContext()
+                            .getOSGiService(AuthorizedAPIManagementService.class, null);
+            if (authorizedAPIManagementService == null) {
+                throw new Exception("Unable to retrieve AuthorizedAPIManagement service.");
+            }
+        }
+        return this.authorizedAPIManagementService;
+    }
+}
diff --git a/...lication.management/org.wso2.carbon.identity.api.server.application.management.v1/pom.xml b/...lication.management/org.wso2.carbon.identity.api.server.application.management.v1/pom.xml
@@ -129,6 +129,11 @@
             <artifactId>org.wso2.carbon.identity.core</artifactId>
             <scope>provided</scope>
         </dependency>
+        <dependency>
+            <groupId>org.wso2.carbon.identity.framework</groupId>
+            <artifactId>org.wso2.carbon.identity.api.resource.mgt</artifactId>
+            <scope>provided</scope>
+        </dependency>
 
         <dependency>
             <groupId>org.wso2.carbon.identity.server.api</groupId>