Saturday, November 19, 2016

Authentication & Authorization Common Service Layer for WSO2 Carbon Platform

Here we are concerning about a common authentication & authorization layer in OSGi level. So in order to use it for REST APIs, we have introduce tomcat valves to intercept all the request that come to the wso2 product and use this service to authenticate and authorize the request.

Following digram explain the service details.



There are two OSGi services that provide the authentication and authorization service based on its own handlers. Anyone can write their own handlers for both and register in OSGi.
OOB, we have three authentication handlers,

1. OAuth2AccessTokenHandler
2. ClientCertificateBasedAuthenticationHandler
3. BasicAuthenticationHandler

Authorization handler based on our permission store against the user role. But anyone can write their own authorization handlers as well.

As an one of usage this services was to secure rest services in WSO2 IS itself. In order to do that, we have to intercept the request by using two valves,

org.wso2.carbon.identity.auth.valve.AuthenticationValve
org.wso2.carbon.identity.authz.valve.AuthorizationValve

So if you open the  catalina-server.xml , you can see the following content

<Engine name="Catalina" defaultHost="localhost">

            <!--Realm className="org.apache.catalina.realm.MemoryRealm" pathname="${carbon.home}/repository/conf/tomcat/tomcat-users.xml"/-->

            <Realm className="org.wso2.carbon.tomcat.ext.realms.CarbonTomcatRealm"/>

            <Host name="localhost" unpackWARs="true" deployOnStartup="false" autoDeploy="false"
                  appBase="${carbon.home}/repository/deployment/server/webapps/">

                <Valve className="org.wso2.carbon.tomcat.ext.valves.CarbonContextCreatorValve"/>
                <Valve className="org.apache.catalina.valves.AccessLogValve" directory="${carbon.home}/repository/logs"
                       prefix="http_access_" suffix=".log"
                       pattern="combined"/>
                <Valve className="org.wso2.carbon.tomcat.ext.valves.CarbonStuckThreadDetectionValve" threshold="600"/>
                <Valve className="org.wso2.carbon.tomcat.ext.valves.CompositeValve"/>

                <!-- Authentication and Authorization valve for the rest apis and we can configure context for this in identity.xml  -->
                <!--Valve className="org.wso2.carbon.identity.auth.valve.AuthenticationValve"/>
                <Valve className="org.wso2.carbon.identity.authz.valve.AuthorizationValve"/-->

            </Host>
        </Engine>

Here you can enable above valves to each service to intercept the request.

Then you have to specify which resource that you want to secure. To do that, you have to put the details as follows in identity.xml file.

<ResourceAccessControl>
        <Resource context="/api/identity/*" secured="true" http-method="all">
            <Permissions>/permission/admin/login</Permissions>
        </Resource>
    </ResourceAccessControl>



As in here, you can define which resource context(relative to the root context) must be secure under which http-methods. You can define either "all" or "post,get" like wise. And you can enable /disable the security on this context.

Then you can define which permission string should be under your role to authorize this resource by specifying Permission string in comma separated list.



Tuesday, August 6, 2013

Data Source create on WSO2 products in remote manner




In WSO2 products , we can configured DataSources with lot of features. We can do it using Admin Console in those products.

But sometimes we want to do it remotely like in automated deployment enlivenment. Then we can use a service to that provided by the Admin Services.

Using curl command.


curl -k -u admin:admin -d @datasourceconfig.xml -H "Content-Type: application/xml action=addDataSource" https://hostname:9443/services/NDataSourceAdmin


datasourceconfig.xml


 <xsd:addDataSource xmlns:xsd="http://org.apache.axis2/xsd"
    xmlns:xsd1="http://services.core.ndatasource.carbon.wso2.org/xsd"
    xmlns:xsd2="http://core.ndatasource.carbon.wso2.org/xsd">
    <xsd:dsmInfo>
        <xsd1:definition>
            <xsd1:dsXMLConfiguration>
                   <![CDATA[<configuration>
                  <url>jdbc:mysql://localhost:3306/dbname</url>
                  <username>root</username>
                  <password>root</password>
                  <driverClassName>com.mysql.jdbc.Driver</driverClassName>
                  <maxActive>50</maxActive>
                  <maxWait>60000</maxWait>
                  <testOnBorrow>true</testOnBorrow>
                  <validationQuery>SELECT 1</validationQuery>
                  <validationInterval>30000</validationInterval>
                  </configuration>]]>
            </xsd1:dsXMLConfiguration>
            <xsd1:type>RDBMS</xsd1:type>
        </xsd1:definition>
        <xsd1:description>description</xsd1:description>
        <xsd1:jndiConfig>
            <xsd2:name>... JNDI Name here ..</xsd2:name>
            <xsd2:useDataSourceFactory>false</xsd2:useDataSourceFactory>
        </xsd1:jndiConfig>
        <xsd1:name>... DataSourceName Here ..</xsd1:name>
        <xsd1:system>false</xsd1:system>
    </xsd:dsmInfo>
</xsd:addDataSource> 


Monday, August 5, 2013

Generic Queue & Consumer Implementation using Java


Here I have implemented a generic queue and consumer using Java.

Java Implementation Source Code
https://github.com/harsha1979/lightweightqueue.git


 //Create an ExecutionEngine and start.

boolean isAutoStart = false ;
boolean isAutoRestart = false ;


//Time Delay in Millisecond
int timeDelay = 100 ;
int queueLength - 100 ;

//ExecutorImpl is an implementation of the Executor to do the task when the executor do execute.

Executor executor = new ExecutorImpl();

ExecutionEngine executionEngine =  new ExecutionEngine<CustomBean>(executor,isAutoStart,        isAutoRestart,timeDelay,queueLength);

executionEngine.startEngine();

//Put an element to the queue
CustomBean customBean = new CustomBean();
executionEngine.getSynchQueue().put(customBean);