Merge pull request #9 from pulasthi7/IDENTITY-4390

IDENTITY-4390 Adding capability to publish Oauth related events
wso2-extensions · Mar 16, 2016 · f2dc54b · f2dc54b
2 parents 5d87fb1 + 3426178
commit f2dc54b
Show file tree

Hide file tree

Showing 14 changed files with 659 additions and 160 deletions.
diff --git a/...carbon.identity.oauth/src/main/java/org/wso2/carbon/identity/oauth/OAuthAdminService.java b/...carbon.identity.oauth/src/main/java/org/wso2/carbon/identity/oauth/OAuthAdminService.java
@@ -27,7 +27,6 @@
 import org.wso2.carbon.core.AbstractAdmin;
 import org.wso2.carbon.identity.application.authentication.framework.model.AuthenticatedUser;
 import org.wso2.carbon.identity.application.common.model.User;
-import org.wso2.carbon.identity.oauth.dao.OAuthAppDO;
 import org.wso2.carbon.identity.core.util.IdentityUtil;
 import org.wso2.carbon.identity.oauth.cache.AppInfoCache;
 import org.wso2.carbon.identity.oauth.cache.OAuthCache;
@@ -37,9 +36,12 @@
 import org.wso2.carbon.identity.oauth.common.exception.InvalidOAuthClientException;
 import org.wso2.carbon.identity.oauth.config.OAuthServerConfiguration;
 import org.wso2.carbon.identity.oauth.dao.OAuthAppDAO;
+import org.wso2.carbon.identity.oauth.dao.OAuthAppDO;
 import org.wso2.carbon.identity.oauth.dto.OAuthConsumerAppDTO;
 import org.wso2.carbon.identity.oauth.dto.OAuthRevocationRequestDTO;
 import org.wso2.carbon.identity.oauth.dto.OAuthRevocationResponseDTO;
+import org.wso2.carbon.identity.oauth.event.OAuthEventListener;
+import org.wso2.carbon.identity.oauth.internal.OAuthComponentServiceHolder;
 import org.wso2.carbon.identity.oauth2.IdentityOAuth2Exception;
 import org.wso2.carbon.identity.oauth2.dao.TokenMgtDAO;
 import org.wso2.carbon.identity.oauth2.model.AccessTokenDO;
@@ -138,6 +140,7 @@ public OAuthConsumerAppDTO[] getAllOAuthApplicationData() throws IdentityOAuthAd
      * @throws Exception Error when reading application information from persistence store.
      */
     public OAuthConsumerAppDTO getOAuthApplicationData(String consumerKey) throws IdentityOAuthAdminException {
+
         OAuthConsumerAppDTO dto = new OAuthConsumerAppDTO();
         OAuthAppDAO dao = new OAuthAppDAO();
         try {
@@ -167,6 +170,7 @@ public OAuthConsumerAppDTO getOAuthApplicationData(String consumerKey) throws Id
      * @throws Exception Error when reading application information from persistence store.
      */
     public OAuthConsumerAppDTO getOAuthApplicationDataByAppName(String appName) throws IdentityOAuthAdminException {
+
         OAuthConsumerAppDTO dto = new OAuthConsumerAppDTO();
         OAuthAppDAO dao = new OAuthAppDAO();
         try {
@@ -182,7 +186,7 @@ public OAuthConsumerAppDTO getOAuthApplicationDataByAppName(String appName) thro
                 dto.setPkceSupportPlain(app.isPkceSupportPlain());
             }
             return dto;
-        }catch (InvalidOAuthClientException | IdentityOAuth2Exception e){
+        } catch (InvalidOAuthClientException | IdentityOAuth2Exception e) {
             throw new IdentityOAuthAdminException("Error while retrieving the app information by app name", e);
         }
     }
@@ -193,7 +197,8 @@ public OAuthConsumerAppDTO getOAuthApplicationDataByAppName(String appName) thro
      * @param application <code>OAuthConsumerAppDTO</code> with application information
      * @throws Exception Error when persisting the application information to the persistence store
      */
-    public void registerOAuthApplicationData(OAuthConsumerAppDTO application) throws IdentityOAuthAdminException{
+    public void registerOAuthApplicationData(OAuthConsumerAppDTO application) throws IdentityOAuthAdminException {
+
         String userName = CarbonContext.getThreadLocalCarbonContext().getUsername();
         if (userName != null) {
             String tenantUser = MultitenantUtils.getTenantAwareUsername(userName);
@@ -246,7 +251,7 @@ public void registerOAuthApplicationData(OAuthConsumerAppDTO application) throws
                     List<String> allowedGrants = new ArrayList<>(Arrays.asList(getAllowedGrantTypes()));
                     String[] requestGrants = application.getGrantTypes().split("\\s");
                     for (String requestedGrant : requestGrants) {
-                        if (StringUtils.isBlank(requestedGrant)){
+                        if (StringUtils.isBlank(requestedGrant)) {
                             continue;
                         }
                         if (!allowedGrants.contains(requestedGrant)) {
@@ -272,6 +277,7 @@ public void registerOAuthApplicationData(OAuthConsumerAppDTO application) throws
      * @throws IdentityOAuthAdminException Error when updating the underlying identity persistence store.
      */
     public void updateConsumerApplication(OAuthConsumerAppDTO consumerAppDTO) throws IdentityOAuthAdminException {
+
         String userName = CarbonContext.getThreadLocalCarbonContext().getUsername();
         String tenantAwareUsername = MultitenantUtils.getTenantAwareUsername(userName);
         int tenantId = CarbonContext.getThreadLocalCarbonContext().getTenantId();
@@ -315,6 +321,7 @@ public void updateConsumerApplication(OAuthConsumerAppDTO consumerAppDTO) throws
      * @throws Exception Error when removing the consumer information from the database.
      */
     public void removeOAuthApplicationData(String consumerKey) throws IdentityOAuthAdminException {
+
         OAuthAppDAO dao = new OAuthAppDAO();
         dao.removeConsumerApplication(consumerKey);
         // remove client credentials from cache
@@ -383,7 +390,7 @@ public OAuthConsumerAppDTO[] getAppsAuthorizedByUser() throws IdentityOAuthAdmin
                     try {
                         scopedToken = tokenMgtDAO.retrieveLatestAccessToken(
                                 clientId, authenticatedUser, userStoreDomain, scopeString, true);
-                        if(scopedToken != null && !distinctClientUserScopeCombo.contains(clientId+":"+username)){
+                        if (scopedToken != null && !distinctClientUserScopeCombo.contains(clientId + ":" + username)) {
                             OAuthConsumerAppDTO appDTO = new OAuthConsumerAppDTO();
                             OAuthAppDO appDO;
                             try {
@@ -405,7 +412,7 @@ public OAuthConsumerAppDTO[] getAppsAuthorizedByUser() throws IdentityOAuthAdmin
                                 log.error(errorMsg, e);
                                 throw new IdentityOAuthAdminException(errorMsg);
                             }
-                            distinctClientUserScopeCombo.add(clientId+":"+username);
+                            distinctClientUserScopeCombo.add(clientId + ":" + username);
 
                         }
                     } catch (IdentityOAuth2Exception e) {
@@ -429,6 +436,10 @@ public OAuthConsumerAppDTO[] getAppsAuthorizedByUser() throws IdentityOAuthAdmin
     public OAuthRevocationResponseDTO revokeAuthzForAppsByResoureOwner(
             OAuthRevocationRequestDTO revokeRequestDTO) throws IdentityOAuthAdminException {
 
+        List<OAuthEventListener> oauthListeners = OAuthComponentServiceHolder.getInstance().getoAuthEventListeners();
+
+        triggerPreRevokeListeners(oauthListeners, revokeRequestDTO);
+
         TokenMgtDAO tokenMgtDAO = new TokenMgtDAO();
         if (revokeRequestDTO.getApps() != null && revokeRequestDTO.getApps().length > 0) {
             String tenantDomain = PrivilegedCarbonContext.getThreadLocalCarbonContext().getTenantDomain();
@@ -498,13 +509,15 @@ public OAuthRevocationResponseDTO revokeAuthzForAppsByResoureOwner(
                                     throw new IdentityOAuthAdminException(errorMsg, e);
                                 }
                             }
+                            triggerPostRevokeListeners(oauthListeners, revokeRequestDTO, new OAuthRevocationResponseDTO
+                                    (), accessTokenDOs.toArray(new AccessTokenDO[accessTokenDOs.size()]));
                         }
 
                         try {
                             tokenMgtDAO.revokeOAuthConsentByApplicationAndUser(userName, appName);
                         } catch (IdentityOAuth2Exception e) {
                             String errorMsg = "Error occurred while removing OAuth Consent of Application " + appName +
-                                              " of user " + userName;
+                                    " of user " + userName;
                             log.error(errorMsg, e);
                             throw new IdentityOAuthAdminException(errorMsg, e);
                         }
@@ -516,12 +529,44 @@ public OAuthRevocationResponseDTO revokeAuthzForAppsByResoureOwner(
             revokeRespDTO.setError(true);
             revokeRespDTO.setErrorCode(OAuth2ErrorCodes.INVALID_REQUEST);
             revokeRespDTO.setErrorMsg("Invalid revocation request");
+
+            //passing a single element array with null element to make sure listeners are triggered at least once
+            triggerPostRevokeListeners(oauthListeners, revokeRequestDTO, revokeRespDTO, new AccessTokenDO[]{null});
             return revokeRespDTO;
         }
         return new OAuthRevocationResponseDTO();
     }
 
+    private void triggerPreRevokeListeners(List<OAuthEventListener> oauthListeners, OAuthRevocationRequestDTO
+            revokeRequestDTO) throws IdentityOAuthAdminException {
+
+        for (OAuthEventListener listener : oauthListeners) {
+            try {
+                listener.onPreTokenRevocationByResourceOwner(revokeRequestDTO);
+            } catch (IdentityOAuth2Exception e) {
+                throw new IdentityOAuthAdminException("Error occurred with Oauth pre-revoke listener " + listener
+                        .getClass().getName(), e);
+            }
+        }
+    }
+
+    private void triggerPostRevokeListeners(List<OAuthEventListener> oauthListeners,
+                                            OAuthRevocationRequestDTO revokeRequestDTO,
+                                            OAuthRevocationResponseDTO revokeRespDTO, AccessTokenDO[] accessTokenDOs) {
+
+        for (AccessTokenDO accessTokenDO : accessTokenDOs) {
+            for (OAuthEventListener listener : oauthListeners) {
+                try {
+                    listener.onPostTokenRevocationByResourceOwner(revokeRequestDTO, revokeRespDTO, accessTokenDO);
+                } catch (IdentityOAuth2Exception e) {
+                    log.error("Error occurred with post revocation listener " + listener.getClass().getName(), e);
+                }
+            }
+        }
+    }
+
     public String[] getAllowedGrantTypes() {
+
         if (allowedGrants == null) {
             synchronized (OAuthAdminService.class) {
                 if (allowedGrants == null) {

diff --git a/...2.carbon.identity.oauth/src/main/java/org/wso2/carbon/identity/oauth/dao/OAuthAppDAO.java b/...2.carbon.identity.oauth/src/main/java/org/wso2/carbon/identity/oauth/dao/OAuthAppDAO.java
@@ -143,7 +143,7 @@ public OAuthAppDO[] getOAuthConsumerAppsOfUser(String username, int tenantId) th
         OAuthAppDO[] oauthAppsOfUser;
 
         try {
-            RealmService realmService = OAuthComponentServiceHolder.getRealmService();
+            RealmService realmService = OAuthComponentServiceHolder.getInstance().getRealmService();
             String tenantDomain = realmService.getTenantManager().getDomain(tenantId);
             String tenantAwareUserName = MultitenantUtils.getTenantAwareUsername(username);
             String tenantUnawareUserName = tenantAwareUserName + "@" + tenantDomain;
@@ -461,4 +461,4 @@ private boolean isDuplicateConsumer(String consumerKey) throws IdentityOAuthAdmi
         return isDuplicateConsumer;
     }
 
-}
+}
diff --git a/...identity.oauth/src/main/java/org/wso2/carbon/identity/oauth/event/OAuthEventListener.java b/...identity.oauth/src/main/java/org/wso2/carbon/identity/oauth/event/OAuthEventListener.java
@@ -0,0 +1,161 @@
+/*
+ * Copyright (c) 2016, WSO2 Inc. (http://www.wso2.org) All Rights Reserved.
+ *
+ * WSO2 Inc. licenses this file to you under the Apache License,
+ * Version 2.0 (the "License"); you may not use this file except
+ * in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing,
+ * software distributed under the License is distributed on an
+ * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+ * KIND, either express or implied.  See the License for the
+ * specific language governing permissions and limitations
+ * under the License.
+ */
+
+package org.wso2.carbon.identity.oauth.event;
+
+import org.wso2.carbon.identity.oauth2.IdentityOAuth2Exception;
+import org.wso2.carbon.identity.oauth2.authz.OAuthAuthzReqMessageContext;
+import org.wso2.carbon.identity.oauth2.dto.OAuth2AccessTokenReqDTO;
+import org.wso2.carbon.identity.oauth2.dto.OAuth2AccessTokenRespDTO;
+import org.wso2.carbon.identity.oauth2.dto.OAuth2AuthorizeRespDTO;
+import org.wso2.carbon.identity.oauth2.dto.OAuth2TokenValidationRequestDTO;
+import org.wso2.carbon.identity.oauth2.dto.OAuth2TokenValidationResponseDTO;
+import org.wso2.carbon.identity.oauth2.dto.OAuthRevocationRequestDTO;
+import org.wso2.carbon.identity.oauth2.dto.OAuthRevocationResponseDTO;
+import org.wso2.carbon.identity.oauth2.model.AccessTokenDO;
+import org.wso2.carbon.identity.oauth2.model.RefreshTokenValidationDataDO;
+import org.wso2.carbon.identity.oauth2.token.OAuthTokenReqMessageContext;
+
+public interface OAuthEventListener {
+
+    /**
+     * Called prior to issuing tokens.
+     * Note : This won't be called for implicit grant. Use the overloaded method for implicit grant
+     *
+     * @param tokenReqDTO
+     * @param tokReqMsgCtx
+     * @throws IdentityOAuth2Exception
+     */
+    void onPreTokenIssue(OAuth2AccessTokenReqDTO tokenReqDTO, OAuthTokenReqMessageContext tokReqMsgCtx)
+            throws IdentityOAuth2Exception;
+
+    /**
+     * Called after issuing tokens
+     * Note : This won't be called for implicit grant. Use the overloaded method for implicit grant
+     *
+     * @param tokenReqDTO
+     * @param tokenRespDTO
+     * @param tokReqMsgCtx
+     * @throws IdentityOAuth2Exception
+     */
+    void onPostTokenIssue(OAuth2AccessTokenReqDTO tokenReqDTO, OAuth2AccessTokenRespDTO tokenRespDTO,
+                          OAuthTokenReqMessageContext tokReqMsgCtx) throws IdentityOAuth2Exception;
+
+    /**
+     * Called prior to issuing tokens in implicit grant
+     *
+     * @param oauthAuthzMsgCtx
+     * @throws IdentityOAuth2Exception
+     */
+    void onPreTokenIssue(OAuthAuthzReqMessageContext oauthAuthzMsgCtx)
+            throws IdentityOAuth2Exception;
+
+    /**
+     * Called after generating tokens in implicit grant
+     *
+     * @param oauthAuthzMsgCtx
+     * @param respDTO
+     * @throws IdentityOAuth2Exception
+     */
+    void onPostTokenIssue(OAuthAuthzReqMessageContext oauthAuthzMsgCtx, AccessTokenDO tokenDO, OAuth2AuthorizeRespDTO
+            respDTO) throws IdentityOAuth2Exception;
+
+
+    /**
+     * Called prior to renewing tokens (Refresh grant)
+     *
+     * @param tokenReqDTO
+     * @param tokReqMsgCtx
+     * @throws IdentityOAuth2Exception
+     */
+    void onPreTokenRenewal(OAuth2AccessTokenReqDTO tokenReqDTO, OAuthTokenReqMessageContext tokReqMsgCtx)
+            throws IdentityOAuth2Exception;
+
+    /**
+     * Called after renewing a token
+     *
+     * @param tokenReqDTO
+     * @param tokenRespDTO
+     * @param tokReqMsgCtx
+     * @throws IdentityOAuth2Exception
+     */
+    void onPostTokenRenewal(OAuth2AccessTokenReqDTO tokenReqDTO, OAuth2AccessTokenRespDTO tokenRespDTO,
+                            OAuthTokenReqMessageContext tokReqMsgCtx) throws IdentityOAuth2Exception;
+
+    /**
+     * Called prior to revoking a token by oauth client
+     *
+     * @param revokeRequestDTO
+     * @throws IdentityOAuth2Exception
+     */
+    void onPreTokenRevocationByClient(OAuthRevocationRequestDTO revokeRequestDTO) throws IdentityOAuth2Exception;
+
+    /**
+     * Called after revoking a token by oauth client
+     *
+     * @param revokeRequestDTO
+     * @param revokeResponseDTO
+     * @param accessTokenDO
+     * @param refreshTokenDO
+     * @throws IdentityOAuth2Exception
+     */
+    void onPostTokenRevocationByClient(OAuthRevocationRequestDTO revokeRequestDTO,
+                                       OAuthRevocationResponseDTO revokeResponseDTO, AccessTokenDO accessTokenDO,
+                                       RefreshTokenValidationDataDO refreshTokenDO) throws IdentityOAuth2Exception;
+
+
+    /**
+     * Called prior to revoking a token by oauth client
+     *
+     * @param revokeRequestDTO
+     * @throws IdentityOAuth2Exception
+     */
+    void onPreTokenRevocationByResourceOwner(
+            org.wso2.carbon.identity.oauth.dto.OAuthRevocationRequestDTO revokeRequestDTO) throws
+            IdentityOAuth2Exception;
+
+    /**
+     * Called after to revoking a token by oauth client
+     *
+     * @param revokeRequestDTO
+     * @throws IdentityOAuth2Exception
+     */
+    void onPostTokenRevocationByResourceOwner(
+            org.wso2.carbon.identity.oauth.dto.OAuthRevocationRequestDTO revokeRequestDTO,
+            org.wso2.carbon.identity.oauth.dto.OAuthRevocationResponseDTO revokeRespDTO, AccessTokenDO accessTokenDO)
+            throws IdentityOAuth2Exception;
+
+    /**
+     * Called prior to validate an issued token
+     *
+     * @param validationReqDTO
+     * @throws IdentityOAuth2Exception
+     */
+    void onPreTokenValidation(OAuth2TokenValidationRequestDTO validationReqDTO) throws IdentityOAuth2Exception;
+
+    /**
+     * Called after validating an issued token
+     *
+     * @param validationReqDTO
+     * @param validationResponseDTO
+     * @throws IdentityOAuth2Exception
+     */
+    void onPostTokenValidation(OAuth2TokenValidationRequestDTO validationReqDTO,
+                               OAuth2TokenValidationResponseDTO validationResponseDTO) throws IdentityOAuth2Exception;
+
+}