Merge pull request #1715 from Rajith90/enoy_new

Fix #1714 - Issues in apim docker compose file
wso2 · Mar 17, 2021 · e633522 · e633522
2 parents 1f3426c + 55adc38
commit e633522
Show file tree

Hide file tree

Showing 6 changed files with 24 additions and 16 deletions.
diff --git a/adapter/config/parser.go b/adapter/config/parser.go
@@ -51,7 +51,7 @@ const (
 	// RelativeLogConfigPath is the relative file path where the log configuration file is.
 	relativeLogConfigPath = "/conf/log_config.toml"
 	// The prefix used when configs should be read from environment variables.
-	envConfigPrefix = "$env{"
+	envConfigPrefix = "$env"
 )
 
 // ReadConfigs implements adapter configuration read operation. The read operation will happen only once, hence
@@ -98,6 +98,8 @@ func resolveConfigEnvValues(v reflect.Value) {
 			for index := 0; index < field.Len(); index++ {
 				if field.Index(index).Kind() == reflect.Struct {
 					resolveConfigEnvValues(field.Index(index).Addr().Elem())
+				} else if field.Index(index).Kind() == reflect.String && strings.Contains(field.Index(index).String(), envConfigPrefix) {
+					field.Index(index).SetString(resolveEnvValue(field.Index(index).String()))
 				}
 			}
 		}
@@ -113,7 +115,7 @@ func resolveEnvValue(value string) string {
 	if len(m) > 1 {
 		envValue, exists := os.LookupEnv(m[1])
 		if exists {
-			return envValue
+			return strings.ReplaceAll(re.ReplaceAllString(value, envValue), envConfigPrefix, "")
 		}
 	}
 	return value

diff --git a/adapter/internal/mgw/mgw.go b/adapter/internal/mgw/mgw.go
@@ -215,7 +215,7 @@ func Run(conf *config.Config) {
 		// Fetch APIs from control plane
 		fetchAPIsOnStartUp(conf)
 
-		synchronizer.UpdateRevokedTokens()
+		go synchronizer.UpdateRevokedTokens()
 		// Fetch Key Managers from APIM
 		synchronizer.FetchKeyManagersOnStartUp(conf)
 	}

diff --git a/adapter/internal/synchronizer/revoked_tokens_fetcher.go b/adapter/internal/synchronizer/revoked_tokens_fetcher.go
@@ -64,7 +64,7 @@ func RetrieveTokens(c chan SyncAPIResponse) {
 	} else {
 		ehURL += "/" + revokeEndpoint
 	}
-	logger.LoggerSync.Debugf("Fetching APIs from the URL %v: ", ehURL)
+	logger.LoggerSync.Debugf("Fetching revoked tokens from the URL %v: ", ehURL)
 
 	ehUname := ehConfigs.Username
 	ehPass := ehConfigs.Password
@@ -96,12 +96,12 @@ func RetrieveTokens(c chan SyncAPIResponse) {
 	// Setting authorization header
 	req.Header.Set(authorization, basicAuth)
 	// Make the request
-	logger.LoggerSync.Debug("Sending the controle plane request")
+	logger.LoggerSync.Debug("Sending the control plane request")
 	resp, err := client.Do(req)
 	// In the event of a connection error, the error would not be nil, then return the error
 	// If the error is not null, proceed
 	if err != nil {
-		logger.LoggerSync.Errorf("Error occurred while retrieving APIs from API manager: %v", err)
+		logger.LoggerSync.Errorf("Error occurred while retrieving revoked tokens from API manager: %v", err)
 		respSyncAPI.Err = err
 		respSyncAPI.Resp = nil
 		c <- respSyncAPI
@@ -170,10 +170,12 @@ func UpdateRevokedTokens() {
 				logger.LoggerSync.Errorf("Error occurred while unmarshalling tokens %v", err)
 			}
 			pushTokens(tokens)
+			break
 		} else if data.ErrorCode >= 400 && data.ErrorCode < 500 {
-			logger.LoggerSync.Errorf("Error occurred when retrieveing revoked token from control plane: %v", data.Err)
+			logger.LoggerSync.Errorf("Error occurred when retrieving revoked token from control plane: %v", data.Err)
+			break
 		} else {
-			// Keep the iteration still until all the envrionment response properly.
+			// Keep the iteration still until all the environment response properly.
 			logger.LoggerSync.Errorf("Error occurred while fetching revoked tokens from control plane: %v", data.Err)
 			go func() {
 				// Retry fetching from control plane after a configured time interval

diff --git a/enforcer/src/main/java/org/wso2/micro/gateway/enforcer/security/jwt/JWTAuthenticator.java b/enforcer/src/main/java/org/wso2/micro/gateway/enforcer/security/jwt/JWTAuthenticator.java
@@ -399,10 +399,15 @@ private JWTValidationInfo getJwtValidationInfo(SignedJWTInfo signedJWTInfo, Stri
                             + FilterUtils.getMaskedToken(jwtHeader));
                 }
                 log.error("Invalid JWT token. " + FilterUtils.getMaskedToken(jwtHeader));
-
-                jwtValidationInfo = new JWTValidationInfo();
-                jwtValidationInfo.setValidationCode(APISecurityConstants.API_AUTH_INVALID_CREDENTIALS);
-                jwtValidationInfo.setValid(false);
+                if (CacheProvider.getGatewayKeyCache().getIfPresent(jti) != null) {
+                    jwtValidationInfo = (JWTValidationInfo) CacheProvider.getGatewayKeyCache().getIfPresent(jti);
+                } else {
+                    log.warn("Token retrieved from the invalid token cache. But the validation info not found "
+                            + "in the key cache for the Token: " + FilterUtils.getMaskedToken(jwtHeader));
+                    jwtValidationInfo = new JWTValidationInfo();
+                    jwtValidationInfo.setValidationCode(APISecurityConstants.API_AUTH_GENERAL_ERROR);
+                    jwtValidationInfo.setValid(false);
+                }
             }
         }
         if (jwtValidationInfo == null) {
@@ -413,10 +418,10 @@ private JWTValidationInfo getJwtValidationInfo(SignedJWTInfo signedJWTInfo, Stri
                     // Add token to tenant token cache
                     if (jwtValidationInfo.isValid()) {
                         CacheProvider.getGatewayTokenCache().put(jti, true);
-                        CacheProvider.getGatewayKeyCache().put(jti, jwtValidationInfo);
                     } else {
                         CacheProvider.getInvalidTokenCache().put(jti, true);
                     }
+                    CacheProvider.getGatewayKeyCache().put(jti, jwtValidationInfo);
 
                 }
                 return jwtValidationInfo;

diff --git a/resources/apim/docker-compose.yaml b/resources/apim/docker-compose.yaml
@@ -1,4 +1,4 @@
-version: "3.7"
+version: "2.4"
 services:
   router:
     image: wso2/mg-router:4.0.0-m9-SNAPSHOT
@@ -78,7 +78,6 @@ services:
     healthcheck:
       test: ["CMD", "nc", "-z","localhost", "9443"]
       interval: 10s
-      start_period: 120s
       retries: 50
     ports:
       - "9763:9763"

diff --git a/resources/conf/config.toml b/resources/conf/config.toml
@@ -207,4 +207,4 @@
   skipSSLVerification=true
   # Message broker connection URL of the control plane
   [controlPlane.eventHub.jmsConnectionParameters]
-    eventListeningEndpoints = ["amqp://admin:admin@apim:5672?retries='5'&connectdelay='30000'"]
+    eventListeningEndpoints = ["amqp://admin:$env{cp_admin_pwd}@apim:5672?retries='10'&connectdelay='30'"]