Implemented token fetch using CloudSDK

Author: t-bonk

cds-feature-advanced-event-mesh/src/main/java/com/sap/cds/feature/messaging/aem/client/binding/AemEndpointView.java

@@ -41,7 +41,7 @@ public Optional<String> getUri() {
 	 * @return an {@link Optional} containing the AMQP URI if present, otherwise an
 	 *         empty {@link Optional}.
 	 */
-	public Optional<String> getAmqpUriKey() {
+	public Optional<String> getAmqpUri() {
 		return Optional.ofNullable((String) getAemEndpoint().get(AMQP_URI_KEY));
 	}
 
@@ -75,4 +75,4 @@ private Map<String, Object> getAemEndpoint() {
 		}
 	}
 
-}
+}

cds-feature-advanced-event-mesh/src/main/java/com/sap/cds/feature/messaging/aem/client/binding/AemTokenFetchClient.java

@@ -1,22 +1,27 @@
 package com.sap.cds.feature.messaging.aem.jms;
 
-import java.io.IOException;
 import java.net.URI;
 import java.util.Map;
+import java.util.Optional;
 import java.util.function.BiFunction;
 
 import org.apache.qpid.jms.JmsConnectionExtensions;
 import org.apache.qpid.jms.JmsConnectionFactory;
 import org.slf4j.Logger;
 import org.slf4j.LoggerFactory;
-
-import com.sap.cds.feature.messaging.aem.client.binding.AemAuthorizationServiceView;
 import com.sap.cds.feature.messaging.aem.client.binding.AemEndpointView;
-import com.sap.cds.feature.messaging.aem.client.binding.AemTokenFetchClient;
+import com.sap.cds.feature.messaging.aem.client.binding.AemOauth2PropertySupplier;
 import com.sap.cds.services.ServiceException;
 import com.sap.cds.services.messaging.jms.BrokerConnection;
 import com.sap.cds.services.messaging.jms.BrokerConnectionProvider;
 import com.sap.cloud.environment.servicebinding.api.ServiceBinding;
+import com.sap.cloud.sdk.cloudplatform.connectivity.AuthenticationType;
+import com.sap.cloud.sdk.cloudplatform.connectivity.Destination;
+import com.sap.cloud.sdk.cloudplatform.connectivity.OAuth2DestinationBuilder;
+import com.sap.cloud.sdk.cloudplatform.connectivity.OAuth2PropertySupplier;
+import com.sap.cloud.sdk.cloudplatform.connectivity.OnBehalfOf;
+import com.sap.cloud.sdk.cloudplatform.connectivity.ServiceBindingDestinationOptions;
+import com.sap.cloud.security.xsuaa.http.HttpHeaders;
 
 import jakarta.jms.Connection;
 
@@ -28,34 +33,36 @@ public class AemMessagingConnectionProvider extends BrokerConnectionProvider {
 
 	private final ServiceBinding binding;
 	private final AemEndpointView endpointView;
-	private final AemTokenFetchClient tokenFetchClient;
+	private final Destination destination;
 
 	public AemMessagingConnectionProvider(ServiceBinding binding) {
 		super(binding.getName().get());
 		this.binding = binding;
 		this.endpointView = new AemEndpointView(binding);
-		this.tokenFetchClient = new AemTokenFetchClient(new AemAuthorizationServiceView(binding));
+		OAuth2PropertySupplier supplier = new AemOauth2PropertySupplier(ServiceBindingDestinationOptions.forService(binding).build());
+		this.destination = OAuth2DestinationBuilder
+				.forTargetUrl(this.endpointView.getAmqpUri().get())
+				.withTokenEndpoint(supplier.getTokenUri().toString())
+				.withClient(supplier.getClientIdentity(), OnBehalfOf.TECHNICAL_USER_CURRENT_TENANT)
+				.authenticationType(AuthenticationType.OAUTH2_CLIENT_CREDENTIALS)
+				.build();
 	}
 
 	@Override
 	protected BrokerConnection createBrokerConnection(String name, Map<String, String> clientProperties) throws Exception {
 		// see https://solace.community/discussion/1677/how-oauth-can-be-used-with-apache-qpid-jms-2-0-amqp
 		logger.debug("Retrieving credentials for Basic Auth from	service binding '{}'", binding.getName().get());
 
-		String amqpUri = this.endpointView.getAmqpUriKey().orElseThrow(() -> new ServiceException(
+		String amqpUri = this.endpointView.getAmqpUri().orElseThrow(() -> new ServiceException(
 				"AMQP URI key is missing in the service binding. Please check the service binding configuration."));
 		amqpUri = amqpUri + SASL_MECHANISM_URI_PARAMETER;
 
 		final BiFunction<Connection, URI, Object> tokenExtension = new BiFunction<>() {
 			@Override
 			public Object apply(final Connection connection, final URI uri) {
-				try {
-					String token = tokenFetchClient.fetchToken().orElseThrow(() -> new ServiceException("Token is missing"));
+				String token = fetchToken().orElseThrow(() -> new ServiceException("Token is missing"));
 
-					return token;
-				} catch (IOException e) {
-					throw new ServiceException(e);
-				}
+				return token;
 			}
 		};
 
@@ -68,4 +75,24 @@ public Object apply(final Connection connection, final URI uri) {
 		return new BrokerConnection(name, factory);
 	}
 
+	private Optional<String> fetchToken() {
+		Optional<String> token = this.destination.asHttp()
+				.getHeaders()
+				.stream()
+				.filter(h -> h.getName().equals(HttpHeaders.AUTHORIZATION))
+				.findFirst()
+				.map(h -> getToken(h.getValue()));
+		return token;
+	}
+
+	private String getToken(String value) {
+		String token = null;
+		if (value != null) {
+			String[] parts = value.split(" ");
+			token = parts.length > 1 ? parts[1] : null;
+		}
+
+		return token;
+	}
+
 }

cds-feature-advanced-event-mesh/src/main/java/com/sap/cds/feature/messaging/aem/jms/AemMessagingConnectionProvider.java

@@ -49,24 +49,24 @@ void testGetUri_NotPresent() {
     }
 
     @Test
-    void testGetAmqpUriKey() {
+    void testGetAmqpUri() {
         Map<String, Object> credentials = Map.of(
             "endpoints", Map.of(
                 "advanced-event-mesh", Map.of("amqp_uri", "amqp://example.com")
             )
         );
         when(serviceBinding.getCredentials()).thenReturn(credentials);
 
-        Optional<String> amqpUri = endpointView.getAmqpUriKey();
+        Optional<String> amqpUri = endpointView.getAmqpUri();
         assertTrue(amqpUri.isPresent());
         assertEquals("amqp://example.com", amqpUri.get());
     }
 
     @Test
-    void testGetAmqpUriKey_NotPresent() {
+    void testGetAmqpUri_NotPresent() {
         when(serviceBinding.getCredentials()).thenReturn(Map.of());
 
-        Optional<String> amqpUri = endpointView.getAmqpUriKey();
+        Optional<String> amqpUri = endpointView.getAmqpUri();
         assertFalse(amqpUri.isPresent());
     }