diff --git a/components/org.wso2.carbon.identity.conditional.auth.functions.common/src/main/java/org/wso2/carbon/identity/conditional/auth/functions/common/utils/Constants.java b/components/org.wso2.carbon.identity.conditional.auth.functions.common/src/main/java/org/wso2/carbon/identity/conditional/auth/functions/common/utils/Constants.java index e32340d0..6fd62dd0 100644 --- a/components/org.wso2.carbon.identity.conditional.auth.functions.common/src/main/java/org/wso2/carbon/identity/conditional/auth/functions/common/utils/Constants.java +++ b/components/org.wso2.carbon.identity.conditional.auth.functions.common/src/main/java/org/wso2/carbon/identity/conditional/auth/functions/common/utils/Constants.java @@ -23,6 +23,8 @@ public class Constants { public static final String OUTCOME_SUCCESS = "onSuccess"; public static final String OUTCOME_FAIL = "onFail"; public static final String OUTCOME_TIMEOUT = "onTimeout"; + public static final String GET = "GET"; + public static final String POST = "POST"; public static final String RECEIVER_URL = "AdaptiveAuth.EventPublisher.ReceiverURL"; public static final String HTTP_CONNECTION_TIMEOUT = "AdaptiveAuth.HTTPConnectionTimeout"; @@ -61,8 +63,10 @@ public static class LogConstants { */ public static class ActionIDs { - public static final String RECEIVE_TOKEN = "receive-token"; - public static final String RECEIVE_API_RESPONSE = "receive-api-response"; + public static final String REQUEST_TOKEN_HTTP_GET = "request-token-http-get"; + public static final String REQUEST_TOKEN_HTTP_POST = "request-token-http-post"; + public static final String INVOKE_API_HTTP_GET = "invoke-api-http-get"; + public static final String INVOKE_API_HTTP_POST = "invoke-api-http-post"; public static final String VALIDATE_INPUT_PARAMS = "validate-input-parameters"; public static final String UPDATE_USER_PASSWORD = "update-user-password"; } @@ -74,6 +78,7 @@ public static class InputKeys { public static final String TOKEN_ENDPOINT = "token endpoint"; public static final String API = "external api"; + public static final String GRANT_TYPE = "grant type"; } /** @@ -81,8 +86,7 @@ public static class InputKeys { */ public static class ConfigKeys { - public static final String SUPPORTED_GRANT_TYPES = "supported grant types"; - + public static final String MAX_REQUEST_ATTEMPTS = "max request attempts"; } } } diff --git a/components/org.wso2.carbon.identity.conditional.auth.functions.http/src/main/java/org/wso2/carbon/identity/conditional/auth/functions/http/AbstractHTTPFunction.java b/components/org.wso2.carbon.identity.conditional.auth.functions.http/src/main/java/org/wso2/carbon/identity/conditional/auth/functions/http/AbstractHTTPFunction.java index b0971046..0898d09d 100644 --- a/components/org.wso2.carbon.identity.conditional.auth.functions.http/src/main/java/org/wso2/carbon/identity/conditional/auth/functions/http/AbstractHTTPFunction.java +++ b/components/org.wso2.carbon.identity.conditional.auth.functions.http/src/main/java/org/wso2/carbon/identity/conditional/auth/functions/http/AbstractHTTPFunction.java @@ -50,6 +50,7 @@ import java.util.Map; import static org.apache.http.HttpHeaders.ACCEPT; +import static org.wso2.carbon.identity.conditional.auth.functions.http.util.HttpUtil.getInvokeApiActionId; /** * Abstract class for handling http calls. @@ -155,8 +156,9 @@ protected void executeHttpMethod(HttpUriRequest clientRequest, Map> executeRequest(HttpUriRequ if (LoggerUtils.isDiagnosticLogsEnabled()) { DiagnosticLog.DiagnosticLogBuilder diagnosticLogBuilder = new DiagnosticLog.DiagnosticLogBuilder(Constants.LogConstants.ADAPTIVE_AUTH_SERVICE, - Constants.LogConstants.ActionIDs.RECEIVE_API_RESPONSE); + getInvokeApiActionId(request)); diagnosticLogBuilder.inputParam(Constants.LogConstants.InputKeys.API, endpointURL) .resultMessage("Successfully called the external api. Status code: " + responseCode) .logDetailLevel(DiagnosticLog.LogDetailLevel.APPLICATION) @@ -216,7 +218,7 @@ private Pair> executeRequest(HttpUriRequ if (LoggerUtils.isDiagnosticLogsEnabled()) { DiagnosticLog.DiagnosticLogBuilder diagnosticLogBuilder = new DiagnosticLog.DiagnosticLogBuilder(Constants.LogConstants.ADAPTIVE_AUTH_SERVICE, - Constants.LogConstants.ActionIDs.RECEIVE_API_RESPONSE); + getInvokeApiActionId(request)); diagnosticLogBuilder.inputParam(Constants.LogConstants.InputKeys.API, endpointURL) .resultMessage("External api invocation returned a redirection. Status code: " + responseCode) @@ -232,7 +234,7 @@ private Pair> executeRequest(HttpUriRequ if (LoggerUtils.isDiagnosticLogsEnabled()) { DiagnosticLog.DiagnosticLogBuilder diagnosticLogBuilder = new DiagnosticLog.DiagnosticLogBuilder(Constants.LogConstants.ADAPTIVE_AUTH_SERVICE, - Constants.LogConstants.ActionIDs.RECEIVE_API_RESPONSE); + getInvokeApiActionId(request)); diagnosticLogBuilder.inputParam(Constants.LogConstants.InputKeys.API, endpointURL) .resultMessage("External api invocation returned a client error. Status code: " + responseCode) @@ -248,7 +250,7 @@ private Pair> executeRequest(HttpUriRequ if (LoggerUtils.isDiagnosticLogsEnabled()) { DiagnosticLog.DiagnosticLogBuilder diagnosticLogBuilder = new DiagnosticLog.DiagnosticLogBuilder(Constants.LogConstants.ADAPTIVE_AUTH_SERVICE, - Constants.LogConstants.ActionIDs.RECEIVE_API_RESPONSE); + getInvokeApiActionId(request)); diagnosticLogBuilder.inputParam(Constants.LogConstants.InputKeys.API, endpointURL) .resultMessage("Received unknown response from external API call. Status code: " + responseCode) @@ -267,7 +269,7 @@ private Pair> executeRequest(HttpUriRequ if (LoggerUtils.isDiagnosticLogsEnabled()) { DiagnosticLog.DiagnosticLogBuilder diagnosticLogBuilder = new DiagnosticLog.DiagnosticLogBuilder(Constants.LogConstants.ADAPTIVE_AUTH_SERVICE, - Constants.LogConstants.ActionIDs.RECEIVE_API_RESPONSE); + getInvokeApiActionId(request)); diagnosticLogBuilder.inputParam(Constants.LogConstants.InputKeys.API, endpointURL) .resultMessage("Invalid Url for external API call.") .logDetailLevel(DiagnosticLog.LogDetailLevel.APPLICATION) @@ -280,7 +282,7 @@ private Pair> executeRequest(HttpUriRequ if (LoggerUtils.isDiagnosticLogsEnabled()) { DiagnosticLog.DiagnosticLogBuilder diagnosticLogBuilder = new DiagnosticLog.DiagnosticLogBuilder(Constants.LogConstants.ADAPTIVE_AUTH_SERVICE, - Constants.LogConstants.ActionIDs.RECEIVE_API_RESPONSE); + getInvokeApiActionId(request)); diagnosticLogBuilder.inputParam(Constants.LogConstants.InputKeys.API, endpointURL) .resultMessage("Request for the external API timed out.") .logDetailLevel(DiagnosticLog.LogDetailLevel.APPLICATION) @@ -297,7 +299,7 @@ private Pair> executeRequest(HttpUriRequ if (LoggerUtils.isDiagnosticLogsEnabled()) { DiagnosticLog.DiagnosticLogBuilder diagnosticLogBuilder = new DiagnosticLog.DiagnosticLogBuilder(Constants.LogConstants.ADAPTIVE_AUTH_SERVICE, - Constants.LogConstants.ActionIDs.RECEIVE_API_RESPONSE); + getInvokeApiActionId(request)); diagnosticLogBuilder.inputParam(Constants.LogConstants.InputKeys.API, endpointURL) .resultMessage("Failed to parse the response from the external API.") .logDetailLevel(DiagnosticLog.LogDetailLevel.APPLICATION) @@ -310,7 +312,7 @@ private Pair> executeRequest(HttpUriRequ if (LoggerUtils.isDiagnosticLogsEnabled()) { DiagnosticLog.DiagnosticLogBuilder diagnosticLogBuilder = new DiagnosticLog.DiagnosticLogBuilder(Constants.LogConstants.ADAPTIVE_AUTH_SERVICE, - Constants.LogConstants.ActionIDs.RECEIVE_API_RESPONSE); + getInvokeApiActionId(request)); diagnosticLogBuilder.inputParam(Constants.LogConstants.InputKeys.API, endpointURL) .resultMessage("Received an error while invoking the external API.") .logDetailLevel(DiagnosticLog.LogDetailLevel.APPLICATION) diff --git a/components/org.wso2.carbon.identity.conditional.auth.functions.http/src/main/java/org/wso2/carbon/identity/conditional/auth/functions/http/util/ClientCredentialAuthConfig.java b/components/org.wso2.carbon.identity.conditional.auth.functions.http/src/main/java/org/wso2/carbon/identity/conditional/auth/functions/http/util/ClientCredentialAuthConfig.java index 8217c0d1..ee025008 100644 --- a/components/org.wso2.carbon.identity.conditional.auth.functions.http/src/main/java/org/wso2/carbon/identity/conditional/auth/functions/http/util/ClientCredentialAuthConfig.java +++ b/components/org.wso2.carbon.identity.conditional.auth.functions.http/src/main/java/org/wso2/carbon/identity/conditional/auth/functions/http/util/ClientCredentialAuthConfig.java @@ -61,6 +61,7 @@ import static org.apache.http.HttpHeaders.ACCEPT; import static org.apache.http.HttpHeaders.CONTENT_TYPE; import static org.wso2.carbon.identity.conditional.auth.functions.common.utils.Constants.OUTCOME_FAIL; +import static org.wso2.carbon.identity.conditional.auth.functions.http.util.HttpUtil.getRequestTokenActionId; /** * Implementation of the {@link AuthConfig} @@ -92,6 +93,7 @@ public class ClientCredentialAuthConfig implements AuthConfig { private String tokenEndpoint; private AuthenticationContext authenticationContext; private AsyncReturn asyncReturn; + private HttpUriRequest request; public void setAuthenticationContext(AuthenticationContext authenticationContext) { this.authenticationContext = authenticationContext; @@ -129,6 +131,14 @@ public String getConsumerSecret() { return consumerSecret; } + public HttpUriRequest getRequest() { + return request; + } + + public void setRequest(HttpUriRequest request) { + this.request = request; + } + public String getScopes() { return scopes; } @@ -146,6 +156,7 @@ public boolean shouldRetry() { public HttpUriRequest applyAuth(HttpUriRequest request, AuthConfigModel authConfigModel) throws FrameworkException { + setRequest(request); maxRequestAttemptsForAPIEndpointTimeout = ConfigProvider.getInstance(). getRequestRetryCount(); this.apiAccessTokenCache = APIAccessTokenCache.getInstance(); @@ -163,10 +174,11 @@ public HttpUriRequest applyAuth(HttpUriRequest request, AuthConfigModel authConf if (LoggerUtils.isDiagnosticLogsEnabled()) { DiagnosticLog.DiagnosticLogBuilder diagnosticLogBuilder = new DiagnosticLog.DiagnosticLogBuilder(Constants.LogConstants.ADAPTIVE_AUTH_SERVICE, - Constants.LogConstants.ActionIDs.RECEIVE_TOKEN); + getRequestTokenActionId(getRequest())); diagnosticLogBuilder.inputParam(Constants.LogConstants.InputKeys.TOKEN_ENDPOINT, getTokenEndpoint()) - .configParam(Constants.LogConstants.ConfigKeys.SUPPORTED_GRANT_TYPES, - GRANT_TYPE_CLIENT_CREDENTIALS) + .inputParam(Constants.LogConstants.InputKeys.GRANT_TYPE, GRANT_TYPE_CLIENT_CREDENTIALS) + .configParam(Constants.LogConstants.ConfigKeys.MAX_REQUEST_ATTEMPTS, + maxRequestAttemptsForAPIEndpointTimeout) .resultMessage("Failed to retrieve access token for the provided token endpoint.") .logDetailLevel(DiagnosticLog.LogDetailLevel.APPLICATION) .resultStatus(DiagnosticLog.ResultStatus.FAILED); @@ -241,7 +253,7 @@ private String getAccessToken() throws FrameworkException { if (LoggerUtils.isDiagnosticLogsEnabled()) { DiagnosticLog.DiagnosticLogBuilder diagnosticLogBuilder = new DiagnosticLog.DiagnosticLogBuilder(Constants.LogConstants.ADAPTIVE_AUTH_SERVICE, - Constants.LogConstants.ActionIDs.RECEIVE_API_RESPONSE); + getRequestTokenActionId(getRequest())); diagnosticLogBuilder.inputParam(Constants.LogConstants.InputKeys.TOKEN_ENDPOINT, getTokenEndpoint()) .resultMessage("Failed to parse token expiry.") .logDetailLevel(DiagnosticLog.LogDetailLevel.APPLICATION) @@ -272,10 +284,10 @@ private String attemptAccessTokenRequest(int maxAttempts) { if (LoggerUtils.isDiagnosticLogsEnabled()) { DiagnosticLog.DiagnosticLogBuilder diagnosticLogBuilder = new DiagnosticLog.DiagnosticLogBuilder(Constants.LogConstants.ADAPTIVE_AUTH_SERVICE, - Constants.LogConstants.ActionIDs.RECEIVE_TOKEN); + getRequestTokenActionId(getRequest())); diagnosticLogBuilder.inputParam(Constants.LogConstants.InputKeys.TOKEN_ENDPOINT, getTokenEndpoint()) - .configParam(Constants.LogConstants.ConfigKeys.SUPPORTED_GRANT_TYPES, - GRANT_TYPE_CLIENT_CREDENTIALS) + .inputParam(Constants.LogConstants.InputKeys.GRANT_TYPE, GRANT_TYPE_CLIENT_CREDENTIALS) + .configParam(Constants.LogConstants.ConfigKeys.MAX_REQUEST_ATTEMPTS, maxAttempts) .resultMessage("Retrying token request for the provided token endpoint. Attempt: " + attemptCount + ".") .logDetailLevel(DiagnosticLog.LogDetailLevel.APPLICATION) @@ -340,7 +352,7 @@ private Pair requestAccessToken() throws IOException { if (LoggerUtils.isDiagnosticLogsEnabled()) { DiagnosticLog.DiagnosticLogBuilder diagnosticLogBuilder = new DiagnosticLog.DiagnosticLogBuilder(Constants.LogConstants.ADAPTIVE_AUTH_SERVICE, - Constants.LogConstants.ActionIDs.RECEIVE_API_RESPONSE); + getRequestTokenActionId(getRequest())); diagnosticLogBuilder.inputParam(Constants.LogConstants.InputKeys.TOKEN_ENDPOINT, getTokenEndpoint()) .resultMessage("Token endpoint returned a redirection. Status code: " + responseCode) .logDetailLevel(DiagnosticLog.LogDetailLevel.APPLICATION) @@ -354,7 +366,7 @@ private Pair requestAccessToken() throws IOException { if (LoggerUtils.isDiagnosticLogsEnabled()) { DiagnosticLog.DiagnosticLogBuilder diagnosticLogBuilder = new DiagnosticLog.DiagnosticLogBuilder(Constants.LogConstants.ADAPTIVE_AUTH_SERVICE, - Constants.LogConstants.ActionIDs.RECEIVE_API_RESPONSE); + getRequestTokenActionId(getRequest())); diagnosticLogBuilder.inputParam(Constants.LogConstants.InputKeys.TOKEN_ENDPOINT, getTokenEndpoint()) .resultMessage("Token endpoint returned a client error. Status code: " + responseCode) .logDetailLevel(DiagnosticLog.LogDetailLevel.APPLICATION) @@ -368,7 +380,7 @@ private Pair requestAccessToken() throws IOException { if (LoggerUtils.isDiagnosticLogsEnabled()) { DiagnosticLog.DiagnosticLogBuilder diagnosticLogBuilder = new DiagnosticLog.DiagnosticLogBuilder(Constants.LogConstants.ADAPTIVE_AUTH_SERVICE, - Constants.LogConstants.ActionIDs.RECEIVE_API_RESPONSE); + getRequestTokenActionId(getRequest())); diagnosticLogBuilder.inputParam(Constants.LogConstants.InputKeys.TOKEN_ENDPOINT, getTokenEndpoint()) .resultMessage("Received unknown response from token endpoint. Status code: " + responseCode) @@ -386,7 +398,7 @@ private Pair requestAccessToken() throws IOException { if (LoggerUtils.isDiagnosticLogsEnabled()) { DiagnosticLog.DiagnosticLogBuilder diagnosticLogBuilder = new DiagnosticLog.DiagnosticLogBuilder(Constants.LogConstants.ADAPTIVE_AUTH_SERVICE, - Constants.LogConstants.ActionIDs.RECEIVE_API_RESPONSE); + getRequestTokenActionId(getRequest())); diagnosticLogBuilder.inputParam(Constants.LogConstants.InputKeys.TOKEN_ENDPOINT, getTokenEndpoint()) .resultMessage("Invalid Url for token endpoint.") .logDetailLevel(DiagnosticLog.LogDetailLevel.APPLICATION) @@ -398,7 +410,7 @@ private Pair requestAccessToken() throws IOException { if (LoggerUtils.isDiagnosticLogsEnabled()) { DiagnosticLog.DiagnosticLogBuilder diagnosticLogBuilder = new DiagnosticLog.DiagnosticLogBuilder(Constants.LogConstants.ADAPTIVE_AUTH_SERVICE, - Constants.LogConstants.ActionIDs.RECEIVE_API_RESPONSE); + getRequestTokenActionId(getRequest())); diagnosticLogBuilder.inputParam(Constants.LogConstants.InputKeys.TOKEN_ENDPOINT, getTokenEndpoint()) .resultMessage("Request for the token endpoint timed out.") .logDetailLevel(DiagnosticLog.LogDetailLevel.APPLICATION) @@ -413,7 +425,7 @@ private Pair requestAccessToken() throws IOException { if (LoggerUtils.isDiagnosticLogsEnabled()) { DiagnosticLog.DiagnosticLogBuilder diagnosticLogBuilder = new DiagnosticLog.DiagnosticLogBuilder(Constants.LogConstants.ADAPTIVE_AUTH_SERVICE, - Constants.LogConstants.ActionIDs.RECEIVE_API_RESPONSE); + getRequestTokenActionId(getRequest())); diagnosticLogBuilder.inputParam(Constants.LogConstants.InputKeys.TOKEN_ENDPOINT, getTokenEndpoint()) .resultMessage("Received an error while invoking the token endpoint.") .logDetailLevel(DiagnosticLog.LogDetailLevel.APPLICATION) @@ -444,7 +456,7 @@ private Pair processSuccessfulResponse(CloseableHttpRespo if (LoggerUtils.isDiagnosticLogsEnabled()) { DiagnosticLog.DiagnosticLogBuilder diagnosticLogBuilder = new DiagnosticLog.DiagnosticLogBuilder(Constants.LogConstants.ADAPTIVE_AUTH_SERVICE, - Constants.LogConstants.ActionIDs.RECEIVE_API_RESPONSE); + getRequestTokenActionId(getRequest())); diagnosticLogBuilder.inputParam(Constants.LogConstants.InputKeys.TOKEN_ENDPOINT, getTokenEndpoint()) .resultMessage("Received access token from the token endpoint.") .logDetailLevel(DiagnosticLog.LogDetailLevel.APPLICATION) diff --git a/components/org.wso2.carbon.identity.conditional.auth.functions.http/src/main/java/org/wso2/carbon/identity/conditional/auth/functions/http/util/HttpUtil.java b/components/org.wso2.carbon.identity.conditional.auth.functions.http/src/main/java/org/wso2/carbon/identity/conditional/auth/functions/http/util/HttpUtil.java new file mode 100644 index 00000000..b6a1c792 --- /dev/null +++ b/components/org.wso2.carbon.identity.conditional.auth.functions.http/src/main/java/org/wso2/carbon/identity/conditional/auth/functions/http/util/HttpUtil.java @@ -0,0 +1,66 @@ +/* + * Copyright (c) 2024, WSO2 LLC. (http://www.wso2.com). + * + * WSO2 LLC. licenses this file to you under the Apache License, + * Version 2.0 (the "License"); you may not use this file except + * in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, + * software distributed under the License is distributed on an + * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY + * KIND, either express or implied. See the License for the + * specific language governing permissions and limitations + * under the License. + */ +package org.wso2.carbon.identity.conditional.auth.functions.http.util; + +import org.apache.http.client.methods.HttpUriRequest; +import org.wso2.carbon.identity.conditional.auth.functions.common.utils.Constants; + +/** + * Utility class for HTTP related operations. + */ +public class HttpUtil { + + /** + * Get the invoke API Action ID based on the HTTP method. + * + * @param request HttpUriRequest + * @return String + */ + public static String getInvokeApiActionId(HttpUriRequest request) { + + String invokeApi; + + if (request.getMethod().equals(Constants.GET)) { + invokeApi = Constants.LogConstants.ActionIDs.INVOKE_API_HTTP_GET; + } else if (request.getMethod().equals(Constants.POST)) { + invokeApi = Constants.LogConstants.ActionIDs.INVOKE_API_HTTP_POST; + } else { + invokeApi = "invoke-api"; + } + + return invokeApi; + } + + /** + * Get the request token Action ID based on the HTTP method. + * + * @param request HttpUriRequest + * @return String + */ + public static String getRequestTokenActionId(HttpUriRequest request) { + String requestToken; + if (request.getMethod().equals(Constants.GET)) { + requestToken = Constants.LogConstants.ActionIDs.REQUEST_TOKEN_HTTP_GET; + } else if (request.getMethod().equals(Constants.POST)) { + requestToken = Constants.LogConstants.ActionIDs.REQUEST_TOKEN_HTTP_POST; + } else { + requestToken = "request-token"; + } + return requestToken; + } +}