Address comments.

wso2 · Jan 26, 2025 · 1533048 · 1533048
1 parent 3992a69
commit 1533048
Show file tree

Hide file tree

Showing 8 changed files with 66 additions and 47 deletions.
diff --git a/...ntication-framework/org.wso2.carbon.identity.application.authentication.framework/pom.xml b/...ntication-framework/org.wso2.carbon.identity.application.authentication.framework/pom.xml
@@ -217,6 +217,10 @@
             <groupId>org.wso2.carbon.identity.framework</groupId>
             <artifactId>org.wso2.carbon.identity.role.v2.mgt.core</artifactId>
         </dependency>
+        <dependency>
+            <groupId>org.wso2.carbon.identity.framework</groupId>
+            <artifactId>org.wso2.carbon.identity.action.execution</artifactId>
+        </dependency>
     </dependencies>
 
     <build>

diff --git a/...arbon/identity/application/authentication/framework/ApplicationAuthenticationService.java b/...arbon/identity/application/authentication/framework/ApplicationAuthenticationService.java
@@ -28,8 +28,12 @@
 
 /**
  * Application authentication service. This server only return the system defined authenticators.
- * This service is exposed and currently only being used for API based authenticator implementation which is currently
- * only support for system defined authenticators.
+ * The application authentication service currently returns only system-defined authenticators. This service is publicly
+ * exposed and is presently utilized exclusively for API-based authenticator implementations, which are currently
+ * support only for system-defined authenticators.
+ * To support API-based authentication for custom authentication extensions, the existing methods will need to be
+ * deprecated, and introduce new methods to support custom authenticators.
+ * Issue: https://github.com/wso2/product-is/issues/22462
  */
 public class ApplicationAuthenticationService {
 

diff --git a/...ramework/AuthenticatorAdapterService.java → ...work/UserDefinedAuthenticatorService.java b/...ramework/AuthenticatorAdapterService.java → ...work/UserDefinedAuthenticatorService.java
@@ -18,28 +18,29 @@
 
 package org.wso2.carbon.identity.application.authentication.framework;
 
-import org.wso2.carbon.identity.application.common.model.FederatedAuthenticatorConfig;
-import org.wso2.carbon.identity.application.common.model.LocalAuthenticatorConfig;
+import org.wso2.carbon.identity.application.common.model.UserDefinedFederatedAuthenticatorConfig;
+import org.wso2.carbon.identity.application.common.model.UserDefinedLocalAuthenticatorConfig;
 
 /**
- * Authenticator Adapter Service which responsible for creating ApplicationAuthenticator for the provided user defined
- * authenticator configs.
+ * The UserDefinedAuthenticatorService which responsible for creating ApplicationAuthenticator for the provided user
+ * defined authenticator configs.
  */
-public interface AuthenticatorAdapterService {
+public interface UserDefinedAuthenticatorService {
 
     /**
      * Get the ApplicationAuthenticator for the given user defined federated authenticator config.
      *
      * @param config    Federated Authenticator Config.
      * @return  FederatedApplicationAuthenticator instance.
      */
-    FederatedApplicationAuthenticator getFederatedAuthenticatorAdapter(FederatedAuthenticatorConfig config);
+     FederatedApplicationAuthenticator getUserDefinedFederatedAuthenticator(
+             UserDefinedFederatedAuthenticatorConfig config);
 
     /**
      * Get the ApplicationAuthenticator for the given user defined local authenticator config.
      *
      * @param config    Local Authenticator Config.
      * @return  LocalApplicationAuthenticator instance.
      */
-    LocalApplicationAuthenticator getLocalAuthenticatorAdapter(LocalAuthenticatorConfig config);
+    LocalApplicationAuthenticator getUserDefinedLocalAuthenticator(UserDefinedLocalAuthenticatorConfig config);
 }
diff --git a/...bon/identity/application/authentication/framework/internal/FrameworkServiceComponent.java b/...bon/identity/application/authentication/framework/internal/FrameworkServiceComponent.java
@@ -38,12 +38,12 @@
 import org.wso2.carbon.identity.application.authentication.framework.AuthenticationDataPublisher;
 import org.wso2.carbon.identity.application.authentication.framework.AuthenticationFlowHandler;
 import org.wso2.carbon.identity.application.authentication.framework.AuthenticationMethodNameTranslator;
-import org.wso2.carbon.identity.application.authentication.framework.AuthenticatorAdapterService;
 import org.wso2.carbon.identity.application.authentication.framework.FederatedApplicationAuthenticator;
 import org.wso2.carbon.identity.application.authentication.framework.JsFunctionRegistry;
 import org.wso2.carbon.identity.application.authentication.framework.LocalApplicationAuthenticator;
 import org.wso2.carbon.identity.application.authentication.framework.RequestPathApplicationAuthenticator;
 import org.wso2.carbon.identity.application.authentication.framework.ServerSessionManagementService;
+import org.wso2.carbon.identity.application.authentication.framework.UserDefinedAuthenticatorService;
 import org.wso2.carbon.identity.application.authentication.framework.UserSessionManagementService;
 import org.wso2.carbon.identity.application.authentication.framework.config.ConfigurationFacade;
 import org.wso2.carbon.identity.application.authentication.framework.config.builder.FileBasedConfigurationBuilder;
@@ -1107,23 +1107,24 @@ protected void unsetRoleManagementServiceV2(RoleManagementService roleManagement
         log.debug("RoleManagementServiceV2 unset in FrameworkServiceComponent bundle.");
     }
 
-    /* TODO: The cardinality is set to OPTIONAL until AuthenticatorAdapterService implements. Update it to MANDATORY,
-        one adapter service implementation done. */
+    /* TODO: The cardinality is set to OPTIONAL until UserDefinedAuthenticatorService implements. Update it to
+        MANDATORY, one adapter service implementation done. */
     @Reference(
-            name = "org.wso2.carbon.identity.application.authentication.framework.AuthenticatorAdapterService",
-            service = org.wso2.carbon.identity.application.authentication.framework.AuthenticatorAdapterService.class,
+            name = "org.wso2.carbon.identity.application.authentication.framework.UserDefinedAuthenticatorService",
+            service =
+                    org.wso2.carbon.identity.application.authentication.framework.UserDefinedAuthenticatorService.class,
             cardinality = ReferenceCardinality.OPTIONAL,
             policy = ReferencePolicy.DYNAMIC,
-            unbind = "unsetAuthenticatorAdapterService")
-    protected void setAuthenticatorAdapterService(AuthenticatorAdapterService adapterService) {
+            unbind = "unsetUserDefinedAuthenticatorService")
+    protected void setUserDefinedAuthenticatorService(UserDefinedAuthenticatorService authenticatorService) {
 
-        FrameworkServiceDataHolder.getInstance().setAuthenticatorAdapterService(adapterService);
-        log.debug("AuthenticatorAdapterService set in FrameworkServiceComponent bundle.");
+        FrameworkServiceDataHolder.getInstance().setUserDefinedAuthenticatorService(authenticatorService);
+        log.debug("UserDefinedAuthenticatorService set in FrameworkServiceComponent bundle.");
     }
 
-    protected void unsetAuthenticatorAdapterService(AuthenticatorAdapterService adapterService) {
+    protected void unsetUserDefinedAuthenticatorService(UserDefinedAuthenticatorService authenticatorService) {
 
-        FrameworkServiceDataHolder.getInstance().setAuthenticatorAdapterService(adapterService);
-        log.debug("AuthenticatorAdapterService unset in FrameworkServiceComponent bundle.");
+        FrameworkServiceDataHolder.getInstance().setUserDefinedAuthenticatorService(authenticatorService);
+        log.debug("UserDefinedAuthenticatorService unset in FrameworkServiceComponent bundle.");
     }
 }
diff --git a/...on/identity/application/authentication/framework/internal/FrameworkServiceDataHolder.java b/...on/identity/application/authentication/framework/internal/FrameworkServiceDataHolder.java
@@ -25,9 +25,9 @@
 import org.wso2.carbon.consent.mgt.core.ConsentManager;
 import org.wso2.carbon.identity.application.authentication.framework.AuthenticationDataPublisher;
 import org.wso2.carbon.identity.application.authentication.framework.AuthenticationMethodNameTranslator;
-import org.wso2.carbon.identity.application.authentication.framework.AuthenticatorAdapterService;
 import org.wso2.carbon.identity.application.authentication.framework.JsFunctionRegistry;
 import org.wso2.carbon.identity.application.authentication.framework.ServerSessionManagementService;
+import org.wso2.carbon.identity.application.authentication.framework.UserDefinedAuthenticatorService;
 import org.wso2.carbon.identity.application.authentication.framework.config.loader.SequenceLoader;
 import org.wso2.carbon.identity.application.authentication.framework.config.model.graph.JSExecutionSupervisor;
 import org.wso2.carbon.identity.application.authentication.framework.config.model.graph.JsBaseGraphBuilderFactory;
@@ -124,7 +124,7 @@ public class FrameworkServiceDataHolder {
     private OrganizationManager organizationManager;
     private RoleManagementService roleManagementServiceV2;
     private SecretResolveManager secretConfigManager;
-    private AuthenticatorAdapterService authenticatorAdapterService;
+    private UserDefinedAuthenticatorService userDefinedAuthenticatorService;
 
     private FrameworkServiceDataHolder() {
 
@@ -824,22 +824,22 @@ public void setRoleManagementServiceV2(RoleManagementService roleManagementServi
     }
 
     /**
-     * Set {@link AuthenticatorAdapterService}.
+     * Set {@link UserDefinedAuthenticatorService}.
      *
-     * @param authenticatorAdapterService   Instance of {@link AuthenticatorAdapterService}.
+     * @param userDefinedAuthenticatorService   Instance of {@link UserDefinedAuthenticatorService}.
      */
-    public void setAuthenticatorAdapterService(AuthenticatorAdapterService authenticatorAdapterService) {
+    public void setUserDefinedAuthenticatorService(UserDefinedAuthenticatorService userDefinedAuthenticatorService) {
 
-        this.authenticatorAdapterService = authenticatorAdapterService;
+        this.userDefinedAuthenticatorService = userDefinedAuthenticatorService;
     }
 
     /**
-     * Get {@link AuthenticatorAdapterService}.
+     * Get {@link UserDefinedAuthenticatorService}.
      *
-     * @return Instance of {@link AuthenticatorAdapterService}.
+     * @return Instance of {@link UserDefinedAuthenticatorService}.
      */
-    public AuthenticatorAdapterService getAuthenticatorAdapterService() {
+    public UserDefinedAuthenticatorService getUserDefinedAuthenticatorService() {
 
-        return authenticatorAdapterService;
+        return userDefinedAuthenticatorService;
     }
 }
diff --git a/...y/application/authentication/framework/internal/core/ApplicationAuthenticatorManager.java b/...y/application/authentication/framework/internal/core/ApplicationAuthenticatorManager.java
@@ -18,11 +18,14 @@
 
 package org.wso2.carbon.identity.application.authentication.framework.internal.core;
 
+import org.wso2.carbon.identity.action.execution.model.ActionType;
+import org.wso2.carbon.identity.action.execution.util.ActionExecutorConfig;
 import org.wso2.carbon.identity.application.authentication.framework.ApplicationAuthenticator;
 import org.wso2.carbon.identity.application.authentication.framework.internal.FrameworkServiceDataHolder;
 import org.wso2.carbon.identity.application.common.ApplicationAuthenticatorService;
 import org.wso2.carbon.identity.application.common.model.FederatedAuthenticatorConfig;
-import org.wso2.carbon.identity.application.common.model.LocalAuthenticatorConfig;
+import org.wso2.carbon.identity.application.common.model.UserDefinedFederatedAuthenticatorConfig;
+import org.wso2.carbon.identity.application.common.model.UserDefinedLocalAuthenticatorConfig;
 import org.wso2.carbon.idp.mgt.IdentityProviderManager;
 
 import java.util.ArrayList;
@@ -97,22 +100,25 @@ public List<ApplicationAuthenticator> getAllAuthenticators(String tenantDomain)
 
         List<ApplicationAuthenticator> allAuthenticators = new ArrayList<>(systemDefinedAuthenticators);
 
-        if (FrameworkServiceDataHolder.getInstance().getAuthenticatorAdapterService() == null) {
+        if (!ActionExecutorConfig.getInstance().isExecutionForActionTypeEnabled(ActionType.AUTHENTICATION) ||
+                FrameworkServiceDataHolder.getInstance().getUserDefinedAuthenticatorService() == null) {
             return allAuthenticators;
         }
 
         try {
-            for (LocalAuthenticatorConfig localConfig : ApplicationAuthenticatorService.getInstance()
+            for (UserDefinedLocalAuthenticatorConfig localConfig : ApplicationAuthenticatorService.getInstance()
                     .getAllUserDefinedLocalAuthenticators(tenantDomain)) {
-                allAuthenticators.add(FrameworkServiceDataHolder.getInstance().getAuthenticatorAdapterService()
-                        .getLocalAuthenticatorAdapter(localConfig));
+                allAuthenticators.add(FrameworkServiceDataHolder.getInstance().getUserDefinedAuthenticatorService()
+                        .getUserDefinedLocalAuthenticator(localConfig));
             }
 
             FederatedAuthenticatorConfig[] fedConfig = IdentityProviderManager.getInstance()
                     .getAllFederatedAuthenticators(tenantDomain);
             for (FederatedAuthenticatorConfig fedAuth : fedConfig) {
-                allAuthenticators.add(FrameworkServiceDataHolder.getInstance().getAuthenticatorAdapterService()
-                        .getFederatedAuthenticatorAdapter(fedAuth));
+                if (fedAuth instanceof UserDefinedFederatedAuthenticatorConfig) {
+                    allAuthenticators.add(FrameworkServiceDataHolder.getInstance().getUserDefinedAuthenticatorService()
+                            .getUserDefinedFederatedAuthenticator((UserDefinedFederatedAuthenticatorConfig) fedAuth));
+                }
             }
 
             return allAuthenticators;
@@ -137,26 +143,28 @@ public ApplicationAuthenticator getApplicationAuthenticatorByName(String authent
             }
         }
 
-        if (FrameworkServiceDataHolder.getInstance().getAuthenticatorAdapterService() == null) {
+        if (!ActionExecutorConfig.getInstance().isExecutionForActionTypeEnabled(ActionType.AUTHENTICATION) ||
+                FrameworkServiceDataHolder.getInstance().getUserDefinedAuthenticatorService() == null) {
             return null;
         }
 
         // Check whether the authenticator config is the user defined local authenticator config, if so resolve it.
         try {
-            LocalAuthenticatorConfig localConfig = ApplicationAuthenticatorService.getInstance()
+            UserDefinedLocalAuthenticatorConfig localConfig = ApplicationAuthenticatorService.getInstance()
                     .getUserDefinedLocalAuthenticator(tenantDomain, authenticatorName);
             if (localConfig != null) {
-                return FrameworkServiceDataHolder.getInstance().getAuthenticatorAdapterService()
-                        .getLocalAuthenticatorAdapter(localConfig);
+                return FrameworkServiceDataHolder.getInstance().getUserDefinedAuthenticatorService()
+                        .getUserDefinedLocalAuthenticator(localConfig);
             }
 
             // Check whether the authenticator config is the user defined fed authenticator config, if so resolve it.
             FederatedAuthenticatorConfig[] fedConfig = IdentityProviderManager.getInstance()
                     .getAllFederatedAuthenticators(tenantDomain);
             for (FederatedAuthenticatorConfig fedAuth : fedConfig) {
-                if (fedAuth.getName().equals(authenticatorName)) {
-                    return FrameworkServiceDataHolder.getInstance().getAuthenticatorAdapterService()
-                            .getFederatedAuthenticatorAdapter(fedAuth);
+                if (fedAuth instanceof UserDefinedFederatedAuthenticatorConfig &&
+                        fedAuth.getName().equals(authenticatorName)) {
+                    return FrameworkServiceDataHolder.getInstance().getUserDefinedAuthenticatorService()
+                            .getUserDefinedFederatedAuthenticator((UserDefinedFederatedAuthenticatorConfig) fedAuth);
                 }
             }
             return null;

diff --git a/...ures/identity-core/org.wso2.carbon.identity.core.server.feature/resources/identity.xml.j2 b/...ures/identity-core/org.wso2.carbon.identity.core.server.feature/resources/identity.xml.j2
@@ -2132,7 +2132,7 @@
                 </ActionRequest>
             </PreIssueAccessToken>
             <Authentication>
-                <Enable>{{actions.authentication.enable}}</Enable>
+                <Enable>{{actions.types.authentication.enable}}</Enable>
                 <ActionRequest>
                     <ExcludedHeaders>
                          {% for header in actions.types.authentication.action_request.excluded_headers %}

diff --git a/...y.core.server.feature/resources/org.wso2.carbon.identity.core.server.feature.default.json b/...y.core.server.feature/resources/org.wso2.carbon.identity.core.server.feature.default.json
@@ -1744,6 +1744,7 @@
     "x-forwarded-uri"
   ],
   "actions.types.pre_issue_access_token.enable": true,
+
   "actions.types.pre_issue_access_token.action_request.excluded_headers": [
     "dpop"
   ],
@@ -1760,7 +1761,7 @@
     "client_assertion_type",
     "client_assertion"
   ],
-  "actions.types.authentication.enable": true,
+  "actions.types.authentication.enable": false,
 
   "oauth.authorize_all_scopes": false,
   "oauth.enable_rich_authorization_requests" : false,