In WSO2 Carbon platform, there is a concept call admin services which are a set of secured SOAP web services used to handle administrative tasks. There are certain cases where you might want to directly interact with these services to get your work done.
How do you find the list of available Admin Services?
You can start the carbon product with
-DosgiConsole option. This is because all carbon products are based on OSGi../wso2server.sh -DosgiConsole
You can list the admin services with "listAdminServices" command in OSGi console.
By default the wsdl files are inaccessible via Management Console url. But you can set "HideAdminServices" value to false in carbon.xml to view these wsdl files easily as follows (If the port offset is set to 0 in carbon.xml the url is as follows).
https://localhost:9443/services/AuthenticationAdmin?wsdl
Usecase:
Think that you have a requirement to get permission set for each role you have defined through Management Console. In order to full fill this requirement you can write a client with the help of "AuthenticationAdmin" and "UserAdmin" admin services.
Steps:
1. Get yourself authenticated with AuthenticationAdmin service and retrieve the session cookie
2. Using the session cookie access other services.
Sample Code:
I am using a maven project to write this client. The repositories and dependencies used in pom.xml are as follows:
<project xmlns="http://maven.apache.org/POM/4.0.0" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
xsi:schemaLocation="http://maven.apache.org/POM/4.0.0 http://maven.apache.org/xsd/maven-4.0.0.xsd">
<modelVersion>4.0.0</modelVersion>
<groupId>Aloo</groupId>
<artifactId>AdminServicesInvoker</artifactId>
<version>0.0.1-SNAPSHOT</version>
<repositories>
<repository>
<id>wso2-nexus</id>
<name>WSO2 internal Repository</name>
<url>http://maven.wso2.org/nexus/content/groups/wso2-public/</url>
<releases>
<enabled>true</enabled>
<updatePolicy>daily</updatePolicy>
<checksumPolicy>fail</checksumPolicy>
</releases>
</repository>
</repositories>
<dependencies>
<dependency>
<groupId>org.wso2.carbon</groupId>
<artifactId>org.wso2.carbon.authenticator.stub</artifactId>
<version>4.2.0</version>
</dependency>
<dependency>
<groupId>org.wso2.carbon</groupId>
<artifactId>org.wso2.carbon.user.mgt.stub</artifactId>
<version>4.2.0</version>
</dependency>
<dependency>
<groupId>org.apache.axis2.wso2</groupId>
<artifactId>axis2-client</artifactId>
<version>1.6.1.wso2v5</version>
</dependency>
</dependencies>
</project><pre class="brush: csharp">import java.rmi.RemoteException;
import org.apache.axis2.AxisFault;
import org.apache.axis2.context.ServiceContext;
import org.apache.axis2.transport.http.HTTPConstants;
import org.wso2.carbon.authenticator.stub.AuthenticationAdminStub;
import org.wso2.carbon.authenticator.stub.LoginAuthenticationExceptionException;
import org.wso2.carbon.authenticator.stub.LogoutAuthenticationExceptionException;
public class LoginAdminServiceClient {
private final String serviceName = "AuthenticationAdmin";
private AuthenticationAdminStub authenticationAdminStub;
private String endPoint;
public LoginAdminServiceClient(String backEndUrl) throws AxisFault {
this.endPoint = backEndUrl + "/services/" + serviceName;
authenticationAdminStub = new AuthenticationAdminStub(endPoint);
}
public String authenticate(String userName, String password)
throws RemoteException, LoginAuthenticationExceptionException {
String sessionCookie = null;
if (authenticationAdminStub.login(userName, password, "localhost")) {
System.out.println("Login Successful");
ServiceContext serviceContext = authenticationAdminStub
._getServiceClient().getLastOperationContext()
.getServiceContext();
sessionCookie = (String) serviceContext
.getProperty(HTTPConstants.COOKIE_STRING);
System.out.println(sessionCookie);
}
return sessionCookie;
}
public void logOut() throws RemoteException,
LogoutAuthenticationExceptionException {
authenticationAdminStub.logout();
}
} </pre><pre class="brush: csharp"> import java.rmi.RemoteException;
import java.util.ArrayList;
import java.util.List;
import org.apache.axis2.AxisFault;
import org.apache.axis2.client.Options;
import org.apache.axis2.client.ServiceClient;
import org.wso2.carbon.user.mgt.stub.UserAdminStub;
import org.wso2.carbon.user.mgt.stub.UserAdminUserAdminException;
import org.wso2.carbon.user.mgt.stub.types.carbon.UIPermissionNode;
public class ServiceAdminClient {
private final String serviceName = "UserAdmin";
private UserAdminStub userAdminStub;
private String endPoint;
public ServiceAdminClient(String backEndUrl, String sessionCookie)
throws AxisFault {
this.endPoint = backEndUrl + "/services/" + serviceName;
userAdminStub = new UserAdminStub(endPoint);
// Authenticate Your stub from sessionCooke
ServiceClient serviceClient;
Options option;
serviceClient = userAdminStub._getServiceClient();
option = serviceClient.getOptions();
option.setManageSession(true);
option.setProperty(
org.apache.axis2.transport.http.HTTPConstants.COOKIE_STRING,
sessionCookie);
}
public void getRolePermissions(String role) throws RemoteException,
UserAdminUserAdminException {
List allowedPermissions = new ArrayList();
UIPermissionNode uiPermissionNode = userAdminStub
.getRolePermissions(role);
getResourcePath(uiPermissionNode, allowedPermissions);
System.out.println(allowedPermissions);
}
public void getResourcePath(UIPermissionNode uiPermissionNode,
List allowedPermissions) {
if (uiPermissionNode.getNodeList() != null) {
UIPermissionNode[] uiPermissionNodes = uiPermissionNode
.getNodeList();
for (int i = 0; i < uiPermissionNodes.length; i++) {
UIPermissionNode uPermissionNode1 = uiPermissionNodes[i];
if (uPermissionNode1.getSelected()) {
allowedPermissions.add(uPermissionNode1.getResourcePath());
}
getResourcePath(uPermissionNode1, allowedPermissions);
}
}
return;
}
} </pre> The below class act as the invoker: Note: Change the path variable accordingly by pointing the certificate of your carbon product. <pre class="brush: csharp">import java.rmi.RemoteException;
import org.wso2.carbon.authenticator.stub.LoginAuthenticationExceptionException;
import org.wso2.carbon.authenticator.stub.LogoutAuthenticationExceptionException;
import org.wso2.carbon.user.mgt.stub.UserAdminUserAdminException;
public class ServiceInvoker {
public static void main(String[] args) throws RemoteException,
LoginAuthenticationExceptionException,
LogoutAuthenticationExceptionException {
String path = "/home/punnadi/wso2is-4.5.0/repository/resources/security/"
+ "wso2carbon.jks";
System.setProperty("javax.net.ssl.trustStore", path);
System.setProperty("javax.net.ssl.trustStorePassword", "wso2carbon");
String backEndUrl = "https://localhost:9443";
LoginAdminServiceClient login = new LoginAdminServiceClient(backEndUrl);
String sessionCookie = login.authenticate("admin", "admin");
ServiceAdminClient serviceAdminClient = new ServiceAdminClient(
backEndUrl, sessionCookie);
try {
serviceAdminClient.getRolePermissions("admin");
} catch (UserAdminUserAdminException e) {
// TODO Auto-generated catch block
e.printStackTrace();
}
login.logOut();
}
}</pre> 
2 comments:
AuthenticationAdmin service is not listed by getting a list of services in Wso2 DAS (by giving listAdminServices command in osgi console). But still I can use that service and I can't understand why. If that service is available, why is it not listed there?
Hi Punnadi,
Do you have any sample code using the Raw Soap calls to AuthenticationAdmin server to authenticate a user? We have a client that can only make Soap / REST calls.
Thanks,
Saqib
Post a Comment