OAM configuration for OAuth2.0 support [message #657749] |
Mon, 21 November 2016 00:33 |
|
pratapm
Messages: 1 Registered: November 2016
|
Junior Member |
|
|
Requirement :
Our rest services hosted on weblogic server 12.2.1 are secured by basic authentication (userid/password).
We want to secure those RESTful Resources with OAuth2.0 token instead of userid/password.Our requirement is for business to business communication.
Action Taken:
1. Installed OAM 11.1.2.3 which acts as OAUTH provider and enabled OAUTH services by logging into the OAM console.
2. Created one default domain there and registered one Business client. During registration of the client, it gives us a client ID and client secret.
3. Our client app requests for an access token to Oauth server and getting An Access Token issued by OAuth Server using the client ID and secret.
Remaining part:
1. Client again requests to resource server to access REST resources with the token issued by OAUTH provider.
2. Resource server sends request to OAM (OAUTH provider) for token validation.
3. Upon successful validation, OAM should send signal to give access to the rest resources to the client.
The remaining part configuration is not clear to us and need help on the below points.
How to do the configuration between weblogic server (Resource server) and OAM (OAuth Access Provider) for the token validation ?
Does weblogic support any such kind of configuration for OAuth2.0 using weblogic admin console ?
Below is the code for BusinessClient.java that we have written.
package com.examples.client;
import java.io.BufferedReader;
import java.io.DataOutputStream;
import java.io.IOException;
import java.io.InputStreamReader;
import java.io.OutputStream;
import java.net.HttpURLConnection;
import java.net.URL;
import java.nio.charset.Charset;
import javax.servlet.ServletException;
import javax.servlet.http.HttpServlet;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;
import org.codehaus.jettison.json.JSONObject;
import com.sun.jersey.core.util.Base64;
public class BusinessClient extends HttpServlet {
//OAM OAuth Server Token Endpoint
private static String ACCESS_TOKEN_URL = "http://msp00xxx.in.com:7303/ms_oauth/oauth2/endpoints/oauthservice/tokens";
//Business Resource Server Endpoint
private static String BUSINESS_ENDPOINT_URL = "http://mspyyy.in.com:8089/bdi-process-flow/resources/discover";
//Client Credentials
private static String CLIENT_ID = "e8c51f272c17433d855c1de49161e143";
private static String CLIENT_SECRET = "jmjAPxKDYb373F";
private static String BASE_64_CREDENTIALS = "Basic " + new String(Base64.encode(CLIENT_ID + ":" + CLIENT_SECRET));
//Token Grant type and scope
private static String GRANT_TYPE = "grant_type=client_credentials";
private static String OAUTH_SCOPE = "scope=Business.Info";
private static final long serialVersionUID = 1L;
//HTTP GET responds with the Business information for businessClient
protected void doGet(HttpServletRequest request,
HttpServletResponse response) throws ServletException, IOException {
response.getWriter().println(getBusinessData(getAccessToken()));
}
protected void doPost(HttpServletRequest request, HttpServletResponse response) throws ServletException, IOException {}
/**
* Makes a Call to the Resource Service passing the Access Token and the
* Client ID
*
* @param accessToken
* a valid access token issued by OAM OAuth Service
* @return Business Information for the Client ID
*/
private String getBusinessData(String accessToken) {
String businessData = null;
HttpURLConnection connection = null;
try {
// Create the Business Endpoint URL
URL url = new URL(BUSINESS_ENDPOINT_URL);
//String userPassword = "procadm" + ":" + "abcd";
//String encoding = new sun.misc.BASE64Encoder().encode(userPassword.getBytes());
// Create the POST Data
String params = "clientID=" + CLIENT_ID + "&code=" + accessToken;
byte[] postData = params.getBytes(Charset.forName("UTF-8"));
// Opens Connection and sets headers
connection = (HttpURLConnection) url.openConnection();
connection.setRequestMethod("GET");
connection.setRequestProperty("Content-Type", "application/x-www-form-urlencoded;charset=UTF-8");
connection.setRequestProperty("Accept-Charset", "UTF-8");
connection.setRequestProperty("Connection", "Keep-Alive");
connection.setRequestProperty("Content-Length", Integer.toString(params.getBytes().length));
//connection.setRequestProperty("Authorization", "Basic " + encoding);
connection.setDoOutput(true);
// Post data
OutputStream wr = new DataOutputStream(connection.getOutputStream());
wr.write(postData);
wr.flush();
wr.close();
// Reads response
BufferedReader in = new BufferedReader(new InputStreamReader(connection.getInputStream()));
String inputLine;
StringBuffer resp = new StringBuffer();
while ((inputLine = in.readLine()) != null) {
resp.append(inputLine);
}
in.close();
businessData = resp.toString();
} catch (Exception e) {
e.printStackTrace();
throw new RuntimeException(e);
} finally {
if (connection != null) {
connection.disconnect();
}
}
return businessData;
}
/**
* Requests and Access Token from OAuth Server With grant type Client
* Credential and Scope Business.Info
*
* @return An Access Token issued by OAuth Server
*/
private String getAccessToken() {
StringBuffer resp = new StringBuffer();
HttpURLConnection connection = null;
String access_token = null;
// Creates the POST data
String params = GRANT_TYPE + "&" + OAUTH_SCOPE;
byte[] postData = params.getBytes(Charset.forName("UTF-8"));
try {
// Creates the Connection Object and sets Headers
URL url = new URL(ACCESS_TOKEN_URL);
connection = (HttpURLConnection) url.openConnection();
connection.setRequestMethod("POST");
connection.setRequestProperty("Authorization", BASE_64_CREDENTIALS);
connection.setRequestProperty("Content-Type", "application/x-www-form-urlencoded;charset=UTF-8");
connection.setRequestProperty("Accept-Charset", "UTF-8");
connection.setRequestProperty("Connection", "Keep-Alive");
connection.setRequestProperty("Content-Length",Integer.toString(params.getBytes().length));
connection.setDoOutput(true);
// Post Data
OutputStream wr = new DataOutputStream(connection.getOutputStream());
wr.write(postData);
wr.flush();
wr.close();
// Reads the Response
BufferedReader rd = new BufferedReader(new InputStreamReader(
connection.getInputStream(), Charset.forName("UTF-8")));
String line;
while ((line = rd.readLine()) != null) {
resp.append(line);
}
rd.close();
// Extracts the Token from the response
JSONObject obj = new JSONObject(resp.toString());
access_token = obj.getString("access_token");
} catch (Exception e) {
e.printStackTrace();
throw new RuntimeException(e);
} finally {
if (connection != null) {
connection.disconnect();
}
}
return access_token;
}
}
|
|
|