diff --git a/gateway/enforcer/org.wso2.apk.enforcer.commons/src/main/java/org/wso2/apk/enforcer/commons/model/JWTAuthenticationConfig.java b/gateway/enforcer/org.wso2.apk.enforcer.commons/src/main/java/org/wso2/apk/enforcer/commons/model/JWTAuthenticationConfig.java index ddc5db695f..bf9973f4d8 100644 --- a/gateway/enforcer/org.wso2.apk.enforcer.commons/src/main/java/org/wso2/apk/enforcer/commons/model/JWTAuthenticationConfig.java +++ b/gateway/enforcer/org.wso2.apk.enforcer.commons/src/main/java/org/wso2/apk/enforcer/commons/model/JWTAuthenticationConfig.java @@ -18,18 +18,21 @@ package org.wso2.apk.enforcer.commons.model; -import java.util.ArrayList; +import java.util.List; +/** + * Defines JWT authentication config structure. + */ public class JWTAuthenticationConfig { - private String Header; + private String header; private boolean sendTokenToUpstream; - private ArrayList audience; + private List audience; public String getHeader() { - return Header; + return header; } public void setHeader(String header) { - Header = header; + this.header = header; } public boolean isSendTokenToUpstream() { @@ -40,11 +43,11 @@ public void setSendTokenToUpstream(boolean sendTokenToUpstream) { this.sendTokenToUpstream = sendTokenToUpstream; } - public ArrayList getAudience() { + public List getAudience() { return audience; } - public void setAudience(ArrayList audience) { + public void setAudience(List audience) { this.audience = audience; } } diff --git a/gateway/enforcer/org.wso2.apk.enforcer.commons/src/main/java/org/wso2/apk/enforcer/commons/model/Oauth2AuthenticationConfig.java b/gateway/enforcer/org.wso2.apk.enforcer.commons/src/main/java/org/wso2/apk/enforcer/commons/model/Oauth2AuthenticationConfig.java index 0631c5c895..c58d008451 100644 --- a/gateway/enforcer/org.wso2.apk.enforcer.commons/src/main/java/org/wso2/apk/enforcer/commons/model/Oauth2AuthenticationConfig.java +++ b/gateway/enforcer/org.wso2.apk.enforcer.commons/src/main/java/org/wso2/apk/enforcer/commons/model/Oauth2AuthenticationConfig.java @@ -18,16 +18,19 @@ package org.wso2.apk.enforcer.commons.model; +/** + * Defines OAuth2 authentication config structure. + */ public class Oauth2AuthenticationConfig { - private String Header; + private String header; private boolean sendTokenToUpstream; public String getHeader() { - return Header; + return header; } public void setHeader(String header) { - Header = header; + this.header = header; } public boolean isSendTokenToUpstream() { diff --git a/gateway/enforcer/org.wso2.apk.enforcer/src/main/java/org/wso2/apk/enforcer/api/Utils.java b/gateway/enforcer/org.wso2.apk.enforcer/src/main/java/org/wso2/apk/enforcer/api/Utils.java index b8b879d1cc..6c86a593ce 100644 --- a/gateway/enforcer/org.wso2.apk.enforcer/src/main/java/org/wso2/apk/enforcer/api/Utils.java +++ b/gateway/enforcer/org.wso2.apk.enforcer/src/main/java/org/wso2/apk/enforcer/api/Utils.java @@ -128,7 +128,7 @@ private static JWTAuthenticationConfig getJwtAuthenticationConfig(Operation oper jwtAuthenticationConfig.setHeader(operation.getApiAuthentication().getJwt().getHeader()); jwtAuthenticationConfig.setSendTokenToUpstream(operation.getApiAuthentication().getJwt() .getSendTokenToUpstream()); - ArrayList audience = new ArrayList<>(); + List audience = new ArrayList<>(); for (int i = 0; i < operation.getApiAuthentication().getJwt().getAudienceCount(); i++) { audience.add(operation.getApiAuthentication().getJwt().getAudience(i)); } diff --git a/gateway/enforcer/org.wso2.apk.enforcer/src/main/java/org/wso2/apk/enforcer/security/jwt/JWTAuthenticator.java b/gateway/enforcer/org.wso2.apk.enforcer/src/main/java/org/wso2/apk/enforcer/security/jwt/JWTAuthenticator.java index a38c0e2922..be6d11f0b0 100644 --- a/gateway/enforcer/org.wso2.apk.enforcer/src/main/java/org/wso2/apk/enforcer/security/jwt/JWTAuthenticator.java +++ b/gateway/enforcer/org.wso2.apk.enforcer/src/main/java/org/wso2/apk/enforcer/security/jwt/JWTAuthenticator.java @@ -131,9 +131,9 @@ public AuthenticationContext authenticate(RequestContext requestContext) throws if (validationInfo.isValid()) { List audFromAPI = getAudience(requestContext.getMatchedResourcePaths()); List audFromToken = validationInfo.getAudience(); - if (!checkAllExist(audFromAPI, audFromToken)) { + if (!checkAnyExist(audFromAPI, audFromToken)) { throw new APISecurityException(APIConstants.StatusCodes.UNAUTHENTICATED.getCode(), - APISecurityConstants.API_AUTH_INVALID_CREDENTIALS, "Required audience not available in the JWT aud."); + APISecurityConstants.API_AUTH_INVALID_CREDENTIALS, APISecurityConstants.API_AUTH_INVALID_CREDENTIALS_MESSAGE); } Map claims = validationInfo.getClaims(); // Validate token type @@ -267,8 +267,8 @@ private String getTokenHeader(ArrayList matchedResourceConfigs) return ""; } - private ArrayList getAudience(ArrayList matchedResourceConfigs) { - ArrayList audience = new ArrayList<>(); + private List getAudience(ArrayList matchedResourceConfigs) { + List audience = new ArrayList<>(); for (ResourceConfig resourceConfig : matchedResourceConfigs) { if (resourceConfig.getAuthenticationConfig() != null && resourceConfig.getAuthenticationConfig().getJwtAuthenticationConfig() != null) { @@ -519,12 +519,13 @@ private Boolean isJWTExpired(JWTValidationInfo payload) { } /** - * Checks if all elements in the first list are present in the second list. - * @param list1 The list of elements to check. - * @param list2 The list in which to check for the elements. - * @return True if all elements in list1 are present in list2, false otherwise. + * Checks if at least one element from list1 exists in list2. + * + * @param list1 The first list to check. + * @param list2 The second list to check against. + * @return true if at least one element from list1 exists in list2, otherwise false. */ - public static boolean checkAllExist(List list1, List list2) { - return list1.stream().allMatch(list2::contains); + public static boolean checkAnyExist(List list1, List list2) { + return list1.stream().anyMatch(list2::contains); } }