Skip to content

Provide support to add named configs map for authenticators #4363

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Draft
sahandilshan wants to merge 3 commits into
base: 4.10.x
Choose a base branch
from
+100 −34
Draft

Provide support to add named configs map for authenticators #4363

Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
3 commits
Select commit Hold shift + click to select a range
e61d02b
Provide support to add named configs map for authenticators
sahandilshan Aug 24, 2025
71bd4c0
Modify authenticators.xml.j2 with new names config support
sahandilshan Aug 24, 2025
fb89b14
Fix formatting
sahandilshan Aug 25, 2025
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
119 changes: 87 additions & 32 deletions ....carbon.core/src/main/java/org/wso2/carbon/core/security/AuthenticatorsConfiguration.java
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -78,16 +78,26 @@ public static class AuthenticatorConfig {

private Map<String, String> parameters = new Hashtable<String, String>();

private final Map<String, Map<String, String>> parameterMap;

private List<String> authenticationSkippingUrls = new ArrayList<String>();

private List<String> sessionValidationSkippingUrls = new ArrayList<String>();

private AuthenticatorConfig(String name, int priority, boolean disabled, Map<String,
String> params) {
String> params, Map<String, Map<String, String>> paramMap) {
this.name = name;
this.priority = priority;
this.disabled = disabled;
this.parameters = params;

// Make sure that outer map and inner maps are unmodifiable.
Map<String, Map<String, String>> unmodifiableParamMap = new HashMap<>();
for (Map.Entry<String, Map<String, String>> entry : paramMap.entrySet()) {
unmodifiableParamMap.put(entry.getKey(),
Collections.unmodifiableMap(new HashMap<>(entry.getValue())));
}
this.parameterMap = Collections.unmodifiableMap(unmodifiableParamMap);
}

public String getName() {
Expand All @@ -106,6 +116,14 @@ public Map<String, String> getParameters() {
return parameters;
}

public Map<String, Map<String, String>> getParameterMap() {
return parameterMap;
}

public Map<String, String> getConfigFromParameterMap(String configName) {
return parameterMap.get(configName);
}

public void addAuthenticationSkippingUrl(String url) {
this.authenticationSkippingUrls.add(url);
}
Expand Down Expand Up @@ -178,62 +196,99 @@ private void initialize() {
}

/**
* Create AuthenticatorConfig elements for each authenticator entry
* @param authenticatorElem OMElement for Authenticator
* @return AuthenticatorConfig object
* Create AuthenticatorConfig elements for each authenticator entry.
*
* @param authenticatorElem OMElement for Authenticator.
* @return AuthenticatorConfig object.
*/
private AuthenticatorConfig processAuthenticatorElement(OMElement authenticatorElem) {
// read the name of the authenticator. this is a mandatory attribute.
OMAttribute nameAttr = authenticatorElem.getAttribute(new QName(ATTR_NAME));
// if the name is not given, do not register this authenticator
if(nameAttr == null){
if (nameAttr == null) {
log.warn("Each Authenticator Configuration should have a unique name attribute. +" +
"This Authenticator will not be registered.");
"This Authenticator will not be registered.");
return null;
}
String authenticatorName = nameAttr.getAttributeValue();

// check whether the disabled attribute is set
boolean disabled = false;
if(authenticatorElem.getAttribute(new QName(ATTR_DISABLED)) != null){
if (authenticatorElem.getAttribute(new QName(ATTR_DISABLED)) != null) {
disabled = Boolean.parseBoolean(authenticatorElem.getAttribute(
new QName(ATTR_DISABLED)).getAttributeValue());
}

// read the priority
int priority = 0;
for(Iterator priorityElemItr = authenticatorElem.getChildrenWithLocalName(ELEM_PRIORITY);
priorityElemItr.hasNext();){
priority = Integer.parseInt(((OMElement)priorityElemItr.next()).getText());
for (Iterator priorityElemItr = authenticatorElem.getChildrenWithLocalName(ELEM_PRIORITY);
priorityElemItr.hasNext(); ) {
priority = Integer.parseInt(((OMElement) priorityElemItr.next()).getText());
}

// read the config parameters
Map<String, String> parameterMap = new Hashtable<String, String>();
for(Iterator configElemItr = authenticatorElem.getChildrenWithLocalName(ELEM_CONFIG);
configElemItr.hasNext();){
OMElement configElement = (OMElement)configElemItr.next();
for(Iterator paramIterator = configElement.getChildrenWithLocalName(ELEM_PARAMETER);
paramIterator.hasNext();){
OMElement paramElem = (OMElement)paramIterator.next();
Map<String, String> parameterMap = new Hashtable<>();
Map<String, Map<String, String>> nestedParameterMap = new HashMap<>();

for (Iterator configElemItr = authenticatorElem.getChildrenWithLocalName(ELEM_CONFIG);
configElemItr.hasNext(); ) {
OMElement configElement = (OMElement) configElemItr.next();

// Only process configs that have an explicit name attribute.
OMAttribute configNameAttr = configElement.getAttribute(new QName(ATTR_NAME));
if (configNameAttr == null) {
// Skip configs without name attribute - process parameters for flat map only.
for (Iterator paramIterator = configElement.getChildrenWithLocalName(ELEM_PARAMETER);
paramIterator.hasNext(); ) {
OMElement paramElem = (OMElement) paramIterator.next();
OMAttribute paramNameAttr = paramElem.getAttribute(new QName(ATTR_NAME));
if (paramNameAttr == null) {
log.warn("An Authenticator Parameter should have a name attribute. Skipping the parameter.");
continue;
}
// Add to flat map for backward compatibility.
parameterMap.put(paramNameAttr.getAttributeValue(), paramElem.getText());
}
continue;
}

String configName = configNameAttr.getAttributeValue();

// Create a map for this config's parameters.
Map<String, String> configParametersMap = new HashMap<>();

for (Iterator paramIterator = configElement.getChildrenWithLocalName(ELEM_PARAMETER);
paramIterator.hasNext(); ) {
OMElement paramElem = (OMElement) paramIterator.next();
OMAttribute paramNameAttr = paramElem.getAttribute(new QName(ATTR_NAME));
if(paramNameAttr == null){
if (paramNameAttr == null) {
log.warn("An Authenticator Parameter should have a name attribute. Skipping the parameter.");
continue;
}
parameterMap.put(paramNameAttr.getAttributeValue(), paramElem.getText());
String paramName = paramNameAttr.getAttributeValue();
String paramValue = paramElem.getText();

// Add to both the flat map (for backward compatibility) and the nested map.
parameterMap.put(paramName, paramValue);
configParametersMap.put(paramName, paramValue);
}

// Add the config parameters to the nested parameterMap if it has any parameters.
if (!configParametersMap.isEmpty()) {
nestedParameterMap.put(configName, configParametersMap);
}
}

AuthenticatorConfig authenticatorConfig = new AuthenticatorConfig(authenticatorName,
priority, disabled, parameterMap);
priority, disabled, parameterMap, nestedParameterMap);

// read authentication skipping urls
for(Iterator configElemItr = authenticatorElem.getChildrenWithLocalName(ELEM_SKIP_AUTHENTICATION);
configElemItr.hasNext();){
OMElement configElement = (OMElement)configElemItr.next();
for(Iterator paramIterator = configElement.getChildrenWithLocalName(ELEM_URL_CONTAINS);
paramIterator.hasNext();){
OMElement urlElement = (OMElement)paramIterator.next();
for (Iterator configElemItr = authenticatorElem.getChildrenWithLocalName(ELEM_SKIP_AUTHENTICATION);
configElemItr.hasNext(); ) {
OMElement configElement = (OMElement) configElemItr.next();
for (Iterator paramIterator = configElement.getChildrenWithLocalName(ELEM_URL_CONTAINS);
paramIterator.hasNext(); ) {
OMElement urlElement = (OMElement) paramIterator.next();

if (urlElement.getText() != null && !urlElement.getText().isEmpty()) {
authenticatorConfig.addAuthenticationSkippingUrl(urlElement.getText().trim());
Expand All @@ -242,12 +297,12 @@ private AuthenticatorConfig processAuthenticatorElement(OMElement authenticatorE
}

// read session validation skipping urls
for(Iterator configElemItr = authenticatorElem.getChildrenWithLocalName(ELEM_SKIP_SESSION_VALIDATION);
configElemItr.hasNext();){
OMElement configElement = (OMElement)configElemItr.next();
for(Iterator paramIterator = configElement.getChildrenWithLocalName(ELEM_URL_CONTAINS);
paramIterator.hasNext();){
OMElement urlElement = (OMElement)paramIterator.next();
for (Iterator configElemItr = authenticatorElem.getChildrenWithLocalName(ELEM_SKIP_SESSION_VALIDATION);
configElemItr.hasNext(); ) {
OMElement configElement = (OMElement) configElemItr.next();
for (Iterator paramIterator = configElement.getChildrenWithLocalName(ELEM_URL_CONTAINS);
paramIterator.hasNext(); ) {
OMElement urlElement = (OMElement) paramIterator.next();

if (urlElement.getText() != null && !urlElement.getText().isEmpty()) {
authenticatorConfig.addSessionValidationSkippingUrl(urlElement.getText().trim());
Expand Down
15 changes: 13 additions & 2 deletions ...n-home/repository/resources/conf/templates/repository/conf/security/authenticators.xml.j2
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -67,8 +67,19 @@
{% for key,value in admin_console.authenticator.mutual_ssl_authenticator.config.items() %}
<Parameter name="{{key}}">{{value}}</Parameter>
{% endfor %}
</Config>
</Authenticator>
</Config>

<!-- Named configurations for new nested parameter map -->
{% if admin_console.authenticator.mutual_ssl_authenticator.named_configs is defined %}
{% for config_name, config_params in admin_console.authenticator.mutual_ssl_authenticator.named_configs.items() %}
<Config name="{{config_name}}">
{% for key, value in config_params.items() %}
<Parameter name="{{key}}">{{value}}</Parameter>
{% endfor %}
</Config>
{% endfor %}
{% endif %}
</Authenticator>

{% if admin_console.authenticator.iwa_ui_authenticator is defined %}
<Authenticator
Expand Down