Skip to content

Commit

Permalink
Improve authentication mgt
Browse files Browse the repository at this point in the history
  • Loading branch information
@Thisara-Welmilla
Thisara-Welmilla committed Jan 23, 2025
1 parent a9a3a69 commit 18df9c1
Show file tree
Hide file tree
Showing 10 changed files with 187 additions and 52 deletions.
44 changes: 37 additions & 7 deletions ...arbon/identity/application/authentication/framework/ApplicationAuthenticationService.java
View file
Original file line number Diff line number Diff line change
Expand Up @@ -21,7 +21,7 @@
import org.apache.commons.logging.Log;
import org.apache.commons.logging.LogFactory;
import org.wso2.carbon.identity.application.authentication.framework.exception.ApplicationAuthenticationException;
import org.wso2.carbon.identity.application.authentication.framework.internal.FrameworkServiceComponent;
import org.wso2.carbon.identity.application.authentication.framework.internal.core.ApplicationAuthenticatorManager;

import java.util.ArrayList;
import java.util.List;
Expand All @@ -33,6 +33,7 @@ public class ApplicationAuthenticationService {

private static final Log log = LogFactory.getLog(ApplicationAuthenticationService.class);

@Deprecated
public ApplicationAuthenticator getAuthenticator(String name) throws ApplicationAuthenticationException {

if (name == null) {
Expand All @@ -43,7 +44,8 @@ public ApplicationAuthenticator getAuthenticator(String name) throws Application

ApplicationAuthenticator appAuthenticator = null;

for (ApplicationAuthenticator authenticator : FrameworkServiceComponent.getAuthenticators()) {
for (ApplicationAuthenticator authenticator :
ApplicationAuthenticatorManager.getInstance().getSystemDefinedAuthenticators()) {

if (authenticator.getName().equals(name)) {
appAuthenticator = authenticator;
Expand All @@ -53,15 +55,41 @@ public ApplicationAuthenticator getAuthenticator(String name) throws Application
return appAuthenticator;
}

public List<ApplicationAuthenticator> getAllAuthenticators() throws ApplicationAuthenticationException {
return FrameworkServiceComponent.getAuthenticators();
@Deprecated
public ApplicationAuthenticator getAllAuthenticator(
String name, String tenantDomain) throws ApplicationAuthenticationException {

if (name == null) {
String errMsg = "Authenticator name cannot be null";
log.error(errMsg);
throw new ApplicationAuthenticationException(errMsg);
}

ApplicationAuthenticator appAuthenticator = null;

for (ApplicationAuthenticator authenticator :
ApplicationAuthenticatorManager.getInstance().getSystemDefinedAuthenticators()) {

if (authenticator.getName().equals(name)) {
appAuthenticator = authenticator;
}
}

return appAuthenticator;
}

@Deprecated
public List<ApplicationAuthenticator> getAllSystemAuthenticators() throws ApplicationAuthenticationException {

return ApplicationAuthenticatorManager.getInstance().getSystemDefinedAuthenticators();
}

public List<ApplicationAuthenticator> getLocalAuthenticators() throws ApplicationAuthenticationException {

List<ApplicationAuthenticator> localAuthenticators = new ArrayList<ApplicationAuthenticator>();

for (ApplicationAuthenticator authenticator : FrameworkServiceComponent.getAuthenticators()) {
for (ApplicationAuthenticator authenticator :
ApplicationAuthenticatorManager.getInstance().getSystemDefinedAuthenticators()) {

if (authenticator instanceof LocalApplicationAuthenticator) {
localAuthenticators.add(authenticator);
Expand All @@ -75,7 +103,8 @@ public List<ApplicationAuthenticator> getFederatedAuthenticators() throws Applic

List<ApplicationAuthenticator> federatedAuthenticators = new ArrayList<ApplicationAuthenticator>();

for (ApplicationAuthenticator authenticator : FrameworkServiceComponent.getAuthenticators()) {
for (ApplicationAuthenticator authenticator :
ApplicationAuthenticatorManager.getInstance().getSystemDefinedAuthenticators()) {

if (authenticator instanceof FederatedApplicationAuthenticator) {
federatedAuthenticators.add(authenticator);
Expand All @@ -89,7 +118,8 @@ public List<ApplicationAuthenticator> getRequestPathAuthenticators() throws Appl

List<ApplicationAuthenticator> reqPathAuthenticators = new ArrayList<ApplicationAuthenticator>();

for (ApplicationAuthenticator authenticator : FrameworkServiceComponent.getAuthenticators()) {
for (ApplicationAuthenticator authenticator :
ApplicationAuthenticatorManager.getInstance().getSystemDefinedAuthenticators()) {

if (authenticator instanceof RequestPathApplicationAuthenticator) {
reqPathAuthenticators.add(authenticator);
Expand Down
34 changes: 19 additions & 15 deletions .../org/wso2/carbon/identity/application/authentication/framework/AuthenticationService.java
View file
Original file line number Diff line number Diff line change
Expand Up @@ -25,6 +25,7 @@
import org.wso2.carbon.identity.application.authentication.framework.cache.AuthenticationResultCacheEntry;
import org.wso2.carbon.identity.application.authentication.framework.exception.auth.service.AuthServiceClientException;
import org.wso2.carbon.identity.application.authentication.framework.exception.auth.service.AuthServiceException;
import org.wso2.carbon.identity.application.authentication.framework.internal.core.ApplicationAuthenticatorManager;
import org.wso2.carbon.identity.application.authentication.framework.model.AuthenticationResult;
import org.wso2.carbon.identity.application.authentication.framework.model.AuthenticatorData;
import org.wso2.carbon.identity.application.authentication.framework.model.auth.service.AuthServiceErrorInfo;
Expand Down Expand Up @@ -140,7 +141,7 @@ private void handleIntermediateAuthResponse(AuthServiceRequestWrapper request, A
List<AuthenticatorData> authenticatorDataList;
if (isMultiOptionsResponse) {
responseData.setAuthenticatorSelectionRequired(true);
authenticatorDataList = getAuthenticatorBasicData(response.getAuthenticators(),
authenticatorDataList = getAuthenticatorBasicData(request, response.getAuthenticators(),
request.getAuthInitiationData());
} else {
authenticatorDataList = request.getAuthInitiationData();
Expand Down Expand Up @@ -274,9 +275,8 @@ private String getErrorMessage(AuthServiceResponseWrapper response) throws AuthS
return queryParams.get(AuthServiceConstants.AUTH_FAILURE_MSG_PARAM);
}

private List<AuthenticatorData> getAuthenticatorBasicData(String authenticatorList,
List<AuthenticatorData> authInitiationData)
throws AuthServiceException {
private List<AuthenticatorData> getAuthenticatorBasicData(AuthServiceRequestWrapper request,
String authenticatorList, List<AuthenticatorData> authInitiationData) throws AuthServiceException {

List<AuthenticatorData> authenticatorDataList = new ArrayList<>();
String[] authenticatorAndIdpsArr = StringUtils.split(authenticatorList,
Expand All @@ -293,7 +293,8 @@ private List<AuthenticatorData> getAuthenticatorBasicData(String authenticatorLi
continue;
}

ApplicationAuthenticator authenticator = FrameworkUtils.getAppAuthenticatorByName(name);
ApplicationAuthenticator authenticator = ApplicationAuthenticatorManager.getInstance()
.getAppAuthenticatorByName(name, getTenantDomain((HttpServletRequest) request.getRequest()));
if (authenticator == null) {
throw new AuthServiceException(AuthServiceConstants.ErrorMessage.ERROR_AUTHENTICATOR_NOT_FOUND.code(),
String.format(AuthServiceConstants.ErrorMessage.ERROR_AUTHENTICATOR_NOT_FOUND.description(),
Expand Down Expand Up @@ -413,7 +414,7 @@ private void validateRequest(AuthServiceRequest authServiceRequest) throws AuthS
}

// Validate all configured authenticators support API based authentication.
Set<ApplicationAuthenticator> authenticators = getConfiguredAuthenticators(serviceProvider);
Set<ApplicationAuthenticator> authenticators = getConfiguredAuthenticators(serviceProvider, tenantDomain);
for (ApplicationAuthenticator authenticator : authenticators) {
if (!authenticator.isAPIBasedAuthenticationSupported()) {
throw new AuthServiceClientException(
Expand All @@ -425,7 +426,8 @@ private void validateRequest(AuthServiceRequest authServiceRequest) throws AuthS

}

private Set<ApplicationAuthenticator> getConfiguredAuthenticators(ServiceProvider serviceProvider) {
private Set<ApplicationAuthenticator> getConfiguredAuthenticators(ServiceProvider serviceProvider,
String tenantDomain) {

LocalAndOutboundAuthenticationConfig authenticationConfig = serviceProvider
.getLocalAndOutBoundAuthenticationConfig();
Expand All @@ -435,40 +437,42 @@ private Set<ApplicationAuthenticator> getConfiguredAuthenticators(ServiceProvide

Set<ApplicationAuthenticator> authenticators = new HashSet<>();
for (AuthenticationStep authenticationStep : authenticationConfig.getAuthenticationSteps()) {
processLocalAuthenticators(authenticationStep, authenticators);
processFederatedAuthenticators(authenticationStep, authenticators);
processLocalAuthenticators(authenticationStep, authenticators, tenantDomain);
processFederatedAuthenticators(authenticationStep, authenticators, tenantDomain);
}

return authenticators;
}

private void processLocalAuthenticators(AuthenticationStep authenticationStep,
Set<ApplicationAuthenticator> authenticators) {
Set<ApplicationAuthenticator> authenticators, String tenantDomain) {

if (authenticationStep.getLocalAuthenticatorConfigs() != null) {
for (LocalAuthenticatorConfig localAuthenticatorConfig :
authenticationStep.getLocalAuthenticatorConfigs()) {
addAuthenticator(authenticators, localAuthenticatorConfig.getName());
addAuthenticator(authenticators, localAuthenticatorConfig.getName(), tenantDomain);
}
}
}

private void processFederatedAuthenticators(AuthenticationStep authenticationStep,
Set<ApplicationAuthenticator> authenticators) {
Set<ApplicationAuthenticator> authenticators, String tenantDomain) {

if (authenticationStep.getFederatedIdentityProviders() != null) {
for (IdentityProvider federatedIdP : authenticationStep.getFederatedIdentityProviders()) {
FederatedAuthenticatorConfig fedAuthenticatorConfig = federatedIdP.getDefaultAuthenticatorConfig();
if (fedAuthenticatorConfig != null) {
addAuthenticator(authenticators, fedAuthenticatorConfig.getName());
addAuthenticator(authenticators, fedAuthenticatorConfig.getName(), tenantDomain);
}
}
}
}

private void addAuthenticator(Set<ApplicationAuthenticator> authenticators, String authenticatorName) {
private void addAuthenticator(Set<ApplicationAuthenticator> authenticators, String authenticatorName,
String tenantDomain) {

ApplicationAuthenticator authenticator = FrameworkUtils.getAppAuthenticatorByName(authenticatorName);
ApplicationAuthenticator authenticator = ApplicationAuthenticatorManager.getInstance()
.getAppAuthenticatorByName(authenticatorName, tenantDomain);
if (authenticator != null) {
authenticators.add(authenticator);
}
Expand Down
6 changes: 3 additions & 3 deletions ...rbon/identity/application/authentication/framework/cache/AuthenticationContextLoader.java
View file
Original file line number Diff line number Diff line change
Expand Up @@ -32,7 +32,7 @@
import org.wso2.carbon.identity.application.authentication.framework.exception.session.storage.SessionDataStorageOptimizationException;
import org.wso2.carbon.identity.application.authentication.framework.exception.session.storage.SessionDataStorageOptimizationServerException;
import org.wso2.carbon.identity.application.authentication.framework.internal.FrameworkServiceDataHolder;
import org.wso2.carbon.identity.application.authentication.framework.util.FrameworkUtils;
import org.wso2.carbon.identity.application.authentication.framework.internal.core.ApplicationAuthenticatorManager;
import org.wso2.carbon.identity.application.common.IdentityApplicationManagementClientException;
import org.wso2.carbon.identity.application.common.IdentityApplicationManagementException;
import org.wso2.carbon.identity.application.common.IdentityApplicationManagementServerException;
Expand Down Expand Up @@ -175,8 +175,8 @@ private void loadAuthenticatorConfig(AuthenticationContext context)
StepConfig stepConfig = entry.getValue();
for (AuthenticatorConfig authenticatorConfig : stepConfig.getAuthenticatorList()) {
if (authenticatorConfig.getApplicationAuthenticator() == null) {
authenticatorConfig.setApplicationAuthenticator(FrameworkUtils.
getAppAuthenticatorByName(authenticatorConfig.getName()));
authenticatorConfig.setApplicationAuthenticator(ApplicationAuthenticatorManager.getInstance()
.getAppAuthenticatorByName(authenticatorConfig.getName(), context.getTenantDomain()));
}
if (authenticatorConfig.getIdps() == null && authenticatorConfig.getIdpNames() == null) {
authenticatorConfig.setIdPs(Collections.emptyMap());
Expand Down
5 changes: 3 additions & 2 deletions ...ty/application/authentication/framework/config/builder/FileBasedConfigurationBuilder.java
View file
Original file line number Diff line number Diff line change
Expand Up @@ -28,8 +28,8 @@
import org.wso2.carbon.identity.application.authentication.framework.config.model.ExternalIdPConfig;
import org.wso2.carbon.identity.application.authentication.framework.config.model.SequenceConfig;
import org.wso2.carbon.identity.application.authentication.framework.config.model.StepConfig;
import org.wso2.carbon.identity.application.authentication.framework.internal.core.ApplicationAuthenticatorManager;
import org.wso2.carbon.identity.application.authentication.framework.util.FrameworkConstants;
import org.wso2.carbon.identity.application.authentication.framework.util.FrameworkUtils;
import org.wso2.carbon.identity.application.common.model.IdentityProvider;
import org.wso2.carbon.identity.application.common.util.IdentityApplicationConstants;
import org.wso2.carbon.identity.application.common.util.IdentityApplicationManagementUtil;
Expand Down Expand Up @@ -901,7 +901,8 @@ private AuthenticatorConfig processAuthenticatorConfigElement(OMElement authenti
}

AuthenticatorConfig authenticatorConfig = new AuthenticatorConfig(authenticatorName, enabled, parameterMap);
authenticatorConfig.setApplicationAuthenticator(FrameworkUtils.getAppAuthenticatorByName(authenticatorName));
authenticatorConfig.setApplicationAuthenticator(ApplicationAuthenticatorManager.getInstance()
.getSystemDefinedAuthenticatorByName(authenticatorName));

return authenticatorConfig;
}
Expand Down
8 changes: 5 additions & 3 deletions ...entity/application/authentication/framework/config/loader/UIBasedConfigurationLoader.java
View file
Original file line number Diff line number Diff line change
Expand Up @@ -31,8 +31,8 @@
import org.wso2.carbon.identity.application.authentication.framework.config.model.graph.JsGenericGraphBuilderFactory;
import org.wso2.carbon.identity.application.authentication.framework.context.AuthenticationContext;
import org.wso2.carbon.identity.application.authentication.framework.exception.FrameworkException;
import org.wso2.carbon.identity.application.authentication.framework.internal.FrameworkServiceComponent;
import org.wso2.carbon.identity.application.authentication.framework.internal.FrameworkServiceDataHolder;
import org.wso2.carbon.identity.application.authentication.framework.internal.core.ApplicationAuthenticatorManager;
import org.wso2.carbon.identity.application.authentication.framework.util.FrameworkConstants;
import org.wso2.carbon.identity.application.authentication.framework.util.FrameworkUtils;
import org.wso2.carbon.identity.application.common.ApplicationAuthenticatorService;
Expand Down Expand Up @@ -228,7 +228,8 @@ protected void loadRequestPathAuthenticators(SequenceConfig sequenceConfig, Serv
authConfig.setEnabled(true);

// iterate through each system authentication config
for (ApplicationAuthenticator appAuthenticator : FrameworkServiceComponent.getAuthenticators()) {
for (ApplicationAuthenticator appAuthenticator :
ApplicationAuthenticatorManager.getInstance().getSystemDefinedAuthenticators()) {

if (authenticatorName.equalsIgnoreCase(appAuthenticator.getName())) {
authConfig.setApplicationAuthenticator(appAuthenticator);
Expand Down Expand Up @@ -308,7 +309,8 @@ private void loadStepAuthenticator(StepConfig stepConfig, IdentityProvider idp,
authenticatorConfig.setName(authenticatorName);

ApplicationAuthenticator appAuthenticatorForConfig = null;
for (ApplicationAuthenticator appAuthenticator : FrameworkServiceComponent.getAuthenticators()) {
for (ApplicationAuthenticator appAuthenticator :
ApplicationAuthenticatorManager.getInstance().getSystemDefinedAuthenticators()) {

if (authenticatorName.equalsIgnoreCase(appAuthenticator.getName())) {
appAuthenticatorForConfig = appAuthenticator;
Expand Down
5 changes: 3 additions & 2 deletions ...ntity/application/authentication/framework/config/model/OptimizedAuthenticatorConfig.java
View file
Original file line number Diff line number Diff line change
Expand Up @@ -26,7 +26,7 @@
import org.wso2.carbon.identity.application.authentication.framework.exception.session.storage.SessionDataStorageOptimizationException;
import org.wso2.carbon.identity.application.authentication.framework.exception.session.storage.SessionDataStorageOptimizationServerException;
import org.wso2.carbon.identity.application.authentication.framework.internal.FrameworkServiceDataHolder;
import org.wso2.carbon.identity.application.authentication.framework.util.FrameworkUtils;
import org.wso2.carbon.identity.application.authentication.framework.internal.core.ApplicationAuthenticatorManager;
import org.wso2.carbon.identity.application.common.model.IdentityProvider;
import org.wso2.carbon.idp.mgt.IdentityProviderManagementClientException;
import org.wso2.carbon.idp.mgt.IdentityProviderManagementException;
Expand Down Expand Up @@ -80,7 +80,8 @@ public AuthenticatorConfig getAuthenticatorConfig() throws
AuthenticatorConfig authenticatorConfig = new AuthenticatorConfig();
authenticatorConfig.setName(this.name);
authenticatorConfig.setEnabled(this.enabled);
authenticatorConfig.setApplicationAuthenticator(FrameworkUtils.getAppAuthenticatorByName(this.name));
authenticatorConfig.setApplicationAuthenticator(ApplicationAuthenticatorManager.getInstance()
.getAppAuthenticatorByName(this.name, tenantDomain));
authenticatorConfig.setAuthenticatorStateInfo(this.authenticatorStateInfo);
authenticatorConfig.setParameterMap(this.parameterMap);
Map<String, IdentityProvider> idps = new HashMap<>();
Expand Down
Loading

0 comments on commit 18df9c1

Please sign in to comment.