From c0d0d9750daa74152f96c11c6fc450298503ec1e Mon Sep 17 00:00:00 2001 From: Viraj Salaka Date: Tue, 19 Dec 2023 08:38:19 +0530 Subject: [PATCH 1/2] Remove additional Deployment Type validation based on keytype included in JWT claims. This is unnecessary because the choreo should always depend on the keytype assigned based on the application key entry --- .../connect/enforcer/security/jwt/JWTAuthenticator.java | 7 ------- 1 file changed, 7 deletions(-) diff --git a/enforcer-parent/enforcer/src/main/java/org/wso2/choreo/connect/enforcer/security/jwt/JWTAuthenticator.java b/enforcer-parent/enforcer/src/main/java/org/wso2/choreo/connect/enforcer/security/jwt/JWTAuthenticator.java index fefc3392a6..5e831b9c54 100644 --- a/enforcer-parent/enforcer/src/main/java/org/wso2/choreo/connect/enforcer/security/jwt/JWTAuthenticator.java +++ b/enforcer-parent/enforcer/src/main/java/org/wso2/choreo/connect/enforcer/security/jwt/JWTAuthenticator.java @@ -300,13 +300,6 @@ public AuthenticationContext authenticate(RequestContext requestContext) throws AuthenticationContext authenticationContext = FilterUtils .generateAuthenticationContext(requestContext, jwtTokenIdentifier, validationInfo, apiKeyValidationInfoDTO, endUserToken, jwtToken, true); - //TODO: (VirajSalaka) Place the keytype population logic properly for self contained token - if (claims.getClaim("keytype") != null) { - authenticationContext.setKeyType(claims.getClaim("keytype").toString()); - } - // Check if the token has access to the gateway configured environment. - checkTokenEnvAgainstDeploymentType(requestContext.getAuthenticationContext().getKeyType(), - requestContext.getMatchedAPI()); if (!"Unlimited".equals(authenticationContext.getTier())) { // For subscription rate limiting, it is required to populate dynamic metadata String subscriptionId = authenticationContext.getApiUUID() + ":" + From 5d66316bdae39740f3524bbb81fc5bacd655cb03 Mon Sep 17 00:00:00 2001 From: Viraj Salaka Date: Tue, 19 Dec 2023 11:51:24 +0530 Subject: [PATCH 2/2] Add a log to indicate subscription validation failures --- .../connect/enforcer/security/KeyValidator.java | 16 ++++++++-------- 1 file changed, 8 insertions(+), 8 deletions(-) diff --git a/enforcer-parent/enforcer/src/main/java/org/wso2/choreo/connect/enforcer/security/KeyValidator.java b/enforcer-parent/enforcer/src/main/java/org/wso2/choreo/connect/enforcer/security/KeyValidator.java index c1d4896956..7436f3171e 100644 --- a/enforcer-parent/enforcer/src/main/java/org/wso2/choreo/connect/enforcer/security/KeyValidator.java +++ b/enforcer-parent/enforcer/src/main/java/org/wso2/choreo/connect/enforcer/security/KeyValidator.java @@ -160,20 +160,20 @@ public static APIKeyValidationInfoDTO validateSubscription(APIConfig apiConfig, String apiContextTemplate = apiContext.substring(0, lastIndexOfVersion); sub = datastore.getSubscriptionByAppIdApiContextVersionRange(app.getUUID(), apiContextTemplate, "v" + apiSemVersion.getMajor()); - if (sub == null) { - log.info( - "Valid subscription not found for oauth access token. application:" + - " {} app_UUID: {} API_Context:API_Version: {} API_UUID : {}", - app.getName(), app.getUUID(), apiContext + ":" + apiVersion, uuid); - } else { - log.debug("All information is retrieved from the in-memory data store."); - } } catch (EnforcerException e) { log.debug("API version: {} is not a valid semantic version", apiVersion); } } else { log.debug("All information is retrieved from the in-memory data store."); } + if (sub == null) { + log.info( + "Valid subscription not found for oauth access token. application:" + + " {} app_UUID: {} API_Context:API_Version: {} API_UUID : {}", + app.getName(), app.getUUID(), apiContext + ":" + apiVersion, uuid); + } else { + log.debug("All information is retrieved from the in-memory data store."); + } } else { log.info("Application not found in the data store for uuid " + key.getApplicationUUID()); }