mirror of
https://repository.entgra.net/community/device-mgt-core.git
synced 2025-10-06 02:01:45 +00:00
Fixed issues of API publishing to gateway
This commit is contained in:
mharindu
parent
50d35a90f8
commit
106be76118
@ -42,9 +42,9 @@ import javax.ws.rs.core.Response;
|
|||||||
public class ApiApplicationRegistrationServiceImpl implements ApiApplicationRegistrationService {
|
public class ApiApplicationRegistrationServiceImpl implements ApiApplicationRegistrationService {
|
||||||
private static final Log log = LogFactory.getLog(ApiApplicationRegistrationServiceImpl.class);
|
private static final Log log = LogFactory.getLog(ApiApplicationRegistrationServiceImpl.class);
|
||||||
|
|
||||||
@Path("register/tenants/{tenantDomain}")
|
@Path("register/tenants")
|
||||||
@POST
|
@POST
|
||||||
public Response register(@PathParam("tenantDomain") String tenantDomain,
|
public Response register(@QueryParam("tenantDomain") String tenantDomain,
|
||||||
@QueryParam("applicationName") String applicationName) {
|
@QueryParam("applicationName") String applicationName) {
|
||||||
String authenticatedTenantDomain = PrivilegedCarbonContext.getThreadLocalCarbonContext().getTenantDomain();
|
String authenticatedTenantDomain = PrivilegedCarbonContext.getThreadLocalCarbonContext().getTenantDomain();
|
||||||
if (!authenticatedTenantDomain.equals(MultitenantConstants.SUPER_TENANT_DOMAIN_NAME)) {
|
if (!authenticatedTenantDomain.equals(MultitenantConstants.SUPER_TENANT_DOMAIN_NAME)) {
|
||||||
|
|||||||
@ -53,17 +53,10 @@ public class ApiPermissionFilter implements Filter{
|
|||||||
if (servletRequest instanceof HttpServletRequest) {
|
if (servletRequest instanceof HttpServletRequest) {
|
||||||
String uri = ((HttpServletRequest)servletRequest).getRequestURI();
|
String uri = ((HttpServletRequest)servletRequest).getRequestURI();
|
||||||
boolean status = false;
|
boolean status = false;
|
||||||
if (uri.contains("register/tenants")) {
|
|
||||||
String urlPermission = getPermission("/register/tenants/*");
|
|
||||||
if (urlPermission != null) {
|
|
||||||
status = isUserAuthorized(PERMISSION_PREFIX + urlPermission, UI_EXECUTE);
|
|
||||||
}
|
|
||||||
} else {
|
|
||||||
String urlPermission = getPermission(uri);
|
String urlPermission = getPermission(uri);
|
||||||
if (urlPermission != null) {
|
if (urlPermission != null) {
|
||||||
status = isUserAuthorized(PERMISSION_PREFIX + urlPermission, UI_EXECUTE);
|
status = isUserAuthorized(PERMISSION_PREFIX + urlPermission, UI_EXECUTE);
|
||||||
}
|
}
|
||||||
}
|
|
||||||
if (status) {
|
if (status) {
|
||||||
filterChain.doFilter(servletRequest, servletResponse);
|
filterChain.doFilter(servletRequest, servletResponse);
|
||||||
} else {
|
} else {
|
||||||
|
|||||||
@ -31,7 +31,7 @@
|
|||||||
<Permission>
|
<Permission>
|
||||||
<name>Register tenant specific application</name>
|
<name>Register tenant specific application</name>
|
||||||
<path>/device-mgt/admin</path>
|
<path>/device-mgt/admin</path>
|
||||||
<url>/register/tenants/*</url>
|
<url>/register/tenants</url>
|
||||||
<method>POST</method>
|
<method>POST</method>
|
||||||
<scope>super_admin_user</scope>
|
<scope>super_admin_user</scope>
|
||||||
</Permission>
|
</Permission>
|
||||||
|
|||||||
@ -63,6 +63,10 @@
|
|||||||
<groupId>com.googlecode.json-simple.wso2</groupId>
|
<groupId>com.googlecode.json-simple.wso2</groupId>
|
||||||
<artifactId>json-simple</artifactId>
|
<artifactId>json-simple</artifactId>
|
||||||
</dependency>
|
</dependency>
|
||||||
|
<dependency>
|
||||||
|
<groupId>org.wso2.carbon.registry</groupId>
|
||||||
|
<artifactId>org.wso2.carbon.registry.indexing</artifactId>
|
||||||
|
</dependency>
|
||||||
</dependencies>
|
</dependencies>
|
||||||
|
|
||||||
<build>
|
<build>
|
||||||
@ -103,7 +107,9 @@
|
|||||||
org.wso2.carbon.utils.multitenancy,
|
org.wso2.carbon.utils.multitenancy,
|
||||||
org.json.simple,
|
org.json.simple,
|
||||||
org.wso2.carbon.context,
|
org.wso2.carbon.context,
|
||||||
org.wso2.carbon.base
|
org.wso2.carbon.base,
|
||||||
|
org.wso2.carbon.registry.core.*;resolution:=optional,
|
||||||
|
org.wso2.carbon.registry.indexing.*; version="${carbon.registry.imp.pkg.version.range}"
|
||||||
</Import-Package>
|
</Import-Package>
|
||||||
<Export-Package>
|
<Export-Package>
|
||||||
!org.wso2.carbon.apimgt.application.extension.internal,
|
!org.wso2.carbon.apimgt.application.extension.internal,
|
||||||
|
|||||||
@ -35,6 +35,7 @@ import org.wso2.carbon.apimgt.application.extension.exception.APIManagerExceptio
|
|||||||
import org.wso2.carbon.apimgt.application.extension.util.APIManagerUtil;
|
import org.wso2.carbon.apimgt.application.extension.util.APIManagerUtil;
|
||||||
import org.wso2.carbon.apimgt.impl.APIConstants;
|
import org.wso2.carbon.apimgt.impl.APIConstants;
|
||||||
import org.wso2.carbon.apimgt.impl.APIManagerFactory;
|
import org.wso2.carbon.apimgt.impl.APIManagerFactory;
|
||||||
|
import org.wso2.carbon.registry.core.exceptions.RegistryException;
|
||||||
import org.wso2.carbon.utils.multitenancy.MultitenantConstants;
|
import org.wso2.carbon.utils.multitenancy.MultitenantConstants;
|
||||||
import org.wso2.carbon.utils.multitenancy.MultitenantUtils;
|
import org.wso2.carbon.utils.multitenancy.MultitenantUtils;
|
||||||
|
|
||||||
@ -57,6 +58,7 @@ public class APIManagementProviderServiceImpl implements APIManagementProviderSe
|
|||||||
String username, boolean isAllowedAllDomains)
|
String username, boolean isAllowedAllDomains)
|
||||||
throws APIManagerException {
|
throws APIManagerException {
|
||||||
try {
|
try {
|
||||||
|
APIManagerUtil.loadTenantRegistry();
|
||||||
APIConsumer apiConsumer = APIManagerFactory.getInstance().getAPIConsumer(username);
|
APIConsumer apiConsumer = APIManagerFactory.getInstance().getAPIConsumer(username);
|
||||||
String groupId = getLoggedInUserGroupId(username, APIManagerUtil.getTenantDomain());
|
String groupId = getLoggedInUserGroupId(username, APIManagerUtil.getTenantDomain());
|
||||||
int applicationId = createApplicationAndSubscribeToAllAPIs(apiApplicationName, username);
|
int applicationId = createApplicationAndSubscribeToAllAPIs(apiApplicationName, username);
|
||||||
@ -121,6 +123,7 @@ public class APIManagementProviderServiceImpl implements APIManagementProviderSe
|
|||||||
boolean isAllowedAllDomains, String keyType)
|
boolean isAllowedAllDomains, String keyType)
|
||||||
throws APIManagerException {
|
throws APIManagerException {
|
||||||
try {
|
try {
|
||||||
|
APIManagerUtil.loadTenantRegistry();
|
||||||
APIConsumer apiConsumer = APIManagerFactory.getInstance().getAPIConsumer(username);
|
APIConsumer apiConsumer = APIManagerFactory.getInstance().getAPIConsumer(username);
|
||||||
if (apiConsumer != null) {
|
if (apiConsumer != null) {
|
||||||
String groupId = getLoggedInUserGroupId(username, APIManagerUtil.getTenantDomain());
|
String groupId = getLoggedInUserGroupId(username, APIManagerUtil.getTenantDomain());
|
||||||
@ -177,6 +180,7 @@ public class APIManagementProviderServiceImpl implements APIManagementProviderSe
|
|||||||
@Override
|
@Override
|
||||||
public void removeAPIApplication(String applicationName, String username) throws APIManagerException {
|
public void removeAPIApplication(String applicationName, String username) throws APIManagerException {
|
||||||
try {
|
try {
|
||||||
|
APIManagerUtil.loadTenantRegistry();
|
||||||
APIConsumer apiConsumer = APIManagerFactory.getInstance().getAPIConsumer(username);
|
APIConsumer apiConsumer = APIManagerFactory.getInstance().getAPIConsumer(username);
|
||||||
if (apiConsumer != null) {
|
if (apiConsumer != null) {
|
||||||
String groupId = getLoggedInUserGroupId(username, APIManagerUtil.getTenantDomain());
|
String groupId = getLoggedInUserGroupId(username, APIManagerUtil.getTenantDomain());
|
||||||
@ -203,6 +207,7 @@ public class APIManagementProviderServiceImpl implements APIManagementProviderSe
|
|||||||
boolean isAllowedAllDomains)
|
boolean isAllowedAllDomains)
|
||||||
throws APIManagerException {
|
throws APIManagerException {
|
||||||
try {
|
try {
|
||||||
|
APIManagerUtil.loadTenantRegistry();
|
||||||
APIConsumer apiConsumer = APIManagerFactory.getInstance().getAPIConsumer(username);
|
APIConsumer apiConsumer = APIManagerFactory.getInstance().getAPIConsumer(username);
|
||||||
String groupId = getLoggedInUserGroupId(username, APIManagerUtil.getTenantDomain());
|
String groupId = getLoggedInUserGroupId(username, APIManagerUtil.getTenantDomain());
|
||||||
int applicationId = createApplicationAndSubscribeToAPIs(apiApplicationName, tags, username);
|
int applicationId = createApplicationAndSubscribeToAPIs(apiApplicationName, tags, username);
|
||||||
@ -441,4 +446,5 @@ public class APIManagementProviderServiceImpl implements APIManagementProviderSe
|
|||||||
throw new APIManagerException("Unable to get groupIds of user " + username, e);
|
throw new APIManagerException("Unable to get groupIds of user " + username, e);
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
|
||||||
}
|
}
|
||||||
|
|||||||
@ -18,6 +18,8 @@
|
|||||||
package org.wso2.carbon.apimgt.application.extension.internal;
|
package org.wso2.carbon.apimgt.application.extension.internal;
|
||||||
|
|
||||||
import org.wso2.carbon.apimgt.application.extension.APIManagementProviderService;
|
import org.wso2.carbon.apimgt.application.extension.APIManagementProviderService;
|
||||||
|
import org.wso2.carbon.registry.core.service.TenantRegistryLoader;
|
||||||
|
import org.wso2.carbon.registry.indexing.service.TenantIndexingLoader;
|
||||||
import org.wso2.carbon.user.core.service.RealmService;
|
import org.wso2.carbon.user.core.service.RealmService;
|
||||||
import org.wso2.carbon.user.core.tenant.TenantManager;
|
import org.wso2.carbon.user.core.tenant.TenantManager;
|
||||||
|
|
||||||
@ -26,6 +28,8 @@ public class APIApplicationManagerExtensionDataHolder {
|
|||||||
private APIManagementProviderService apiManagementProviderService;
|
private APIManagementProviderService apiManagementProviderService;
|
||||||
private RealmService realmService;
|
private RealmService realmService;
|
||||||
private TenantManager tenantManager;
|
private TenantManager tenantManager;
|
||||||
|
private TenantRegistryLoader tenantRegistryLoader;
|
||||||
|
private TenantIndexingLoader indexLoader;
|
||||||
|
|
||||||
private APIApplicationManagerExtensionDataHolder() {
|
private APIApplicationManagerExtensionDataHolder() {
|
||||||
}
|
}
|
||||||
@ -66,4 +70,20 @@ public class APIApplicationManagerExtensionDataHolder {
|
|||||||
public TenantManager getTenantManager() {
|
public TenantManager getTenantManager() {
|
||||||
return tenantManager;
|
return tenantManager;
|
||||||
}
|
}
|
||||||
|
|
||||||
|
public void setTenantRegistryLoader(TenantRegistryLoader tenantRegistryLoader){
|
||||||
|
this.tenantRegistryLoader = tenantRegistryLoader;
|
||||||
|
}
|
||||||
|
|
||||||
|
public TenantRegistryLoader getTenantRegistryLoader(){
|
||||||
|
return tenantRegistryLoader;
|
||||||
|
}
|
||||||
|
|
||||||
|
public void setIndexLoaderService(TenantIndexingLoader indexLoader) {
|
||||||
|
this.indexLoader = indexLoader;
|
||||||
|
}
|
||||||
|
|
||||||
|
public TenantIndexingLoader getIndexLoaderService(){
|
||||||
|
return indexLoader;
|
||||||
|
}
|
||||||
}
|
}
|
||||||
|
|||||||
@ -23,10 +23,24 @@ import org.osgi.framework.BundleContext;
|
|||||||
import org.osgi.service.component.ComponentContext;;
|
import org.osgi.service.component.ComponentContext;;
|
||||||
import org.wso2.carbon.apimgt.application.extension.APIManagementProviderService;
|
import org.wso2.carbon.apimgt.application.extension.APIManagementProviderService;
|
||||||
import org.wso2.carbon.apimgt.application.extension.APIManagementProviderServiceImpl;
|
import org.wso2.carbon.apimgt.application.extension.APIManagementProviderServiceImpl;
|
||||||
|
import org.wso2.carbon.registry.core.service.TenantRegistryLoader;
|
||||||
|
import org.wso2.carbon.registry.indexing.service.TenantIndexingLoader;
|
||||||
import org.wso2.carbon.user.core.service.RealmService;
|
import org.wso2.carbon.user.core.service.RealmService;
|
||||||
|
|
||||||
/**
|
/**
|
||||||
* @scr.component name="org.wso2.carbon.apimgt.application.extension.internal.APIApplicationManagerExtensionServiceComponent"
|
* @scr.component name="org.wso2.carbon.apimgt.application.extension.internal.APIApplicationManagerExtensionServiceComponent"
|
||||||
|
* @scr.reference name="tenant.registryloader"
|
||||||
|
* interface="org.wso2.carbon.registry.core.service.TenantRegistryLoader"
|
||||||
|
* cardinality="1..1"
|
||||||
|
* policy="dynamic"
|
||||||
|
* bind="setTenantRegistryLoader"
|
||||||
|
* unbind="unsetTenantRegistryLoader"
|
||||||
|
* @scr.reference name="tenant.indexloader"
|
||||||
|
* interface="org.wso2.carbon.registry.indexing.service.TenantIndexingLoader"
|
||||||
|
* cardinality="1..1"
|
||||||
|
* policy="dynamic"
|
||||||
|
* bind="setIndexLoader"
|
||||||
|
* unbind="unsetIndexLoader"
|
||||||
* @scr.reference name="realm.service"
|
* @scr.reference name="realm.service"
|
||||||
* immediate="true"
|
* immediate="true"
|
||||||
* interface="org.wso2.carbon.user.core.service.RealmService"
|
* interface="org.wso2.carbon.user.core.service.RealmService"
|
||||||
@ -53,6 +67,25 @@ public class APIApplicationManagerExtensionServiceComponent {
|
|||||||
//do nothing
|
//do nothing
|
||||||
}
|
}
|
||||||
|
|
||||||
|
protected void setTenantRegistryLoader(TenantRegistryLoader tenantRegistryLoader) {
|
||||||
|
APIApplicationManagerExtensionDataHolder.getInstance().setTenantRegistryLoader(tenantRegistryLoader);
|
||||||
|
}
|
||||||
|
|
||||||
|
protected void unsetTenantRegistryLoader(TenantRegistryLoader tenantRegistryLoader) {
|
||||||
|
APIApplicationManagerExtensionDataHolder.getInstance().setTenantRegistryLoader(null);
|
||||||
|
}
|
||||||
|
|
||||||
|
protected void setIndexLoader(TenantIndexingLoader indexLoader) {
|
||||||
|
if (indexLoader != null && log.isDebugEnabled()) {
|
||||||
|
log.debug("IndexLoader service initialized");
|
||||||
|
}
|
||||||
|
APIApplicationManagerExtensionDataHolder.getInstance().setIndexLoaderService(indexLoader);
|
||||||
|
}
|
||||||
|
|
||||||
|
protected void unsetIndexLoader(TenantIndexingLoader indexLoader) {
|
||||||
|
APIApplicationManagerExtensionDataHolder.getInstance().setIndexLoaderService(null);
|
||||||
|
}
|
||||||
|
|
||||||
/**
|
/**
|
||||||
* Sets Realm Service.
|
* Sets Realm Service.
|
||||||
*
|
*
|
||||||
|
|||||||
@ -23,6 +23,8 @@ import org.wso2.carbon.apimgt.application.extension.exception.APIManagerExceptio
|
|||||||
import org.wso2.carbon.apimgt.application.extension.internal.APIApplicationManagerExtensionDataHolder;
|
import org.wso2.carbon.apimgt.application.extension.internal.APIApplicationManagerExtensionDataHolder;
|
||||||
import org.wso2.carbon.base.MultitenantConstants;
|
import org.wso2.carbon.base.MultitenantConstants;
|
||||||
import org.wso2.carbon.context.PrivilegedCarbonContext;
|
import org.wso2.carbon.context.PrivilegedCarbonContext;
|
||||||
|
import org.wso2.carbon.registry.core.exceptions.RegistryException;
|
||||||
|
import org.wso2.carbon.registry.core.service.TenantRegistryLoader;
|
||||||
import org.wso2.carbon.user.api.TenantManager;
|
import org.wso2.carbon.user.api.TenantManager;
|
||||||
import org.wso2.carbon.user.api.UserStoreException;
|
import org.wso2.carbon.user.api.UserStoreException;
|
||||||
|
|
||||||
@ -52,4 +54,18 @@ public final class APIManagerUtil {
|
|||||||
public static String getTenantDomain() {
|
public static String getTenantDomain() {
|
||||||
return PrivilegedCarbonContext.getThreadLocalCarbonContext().getTenantDomain();
|
return PrivilegedCarbonContext.getThreadLocalCarbonContext().getTenantDomain();
|
||||||
}
|
}
|
||||||
|
|
||||||
|
public static void loadTenantRegistry() throws APIManagerException {
|
||||||
|
String tenantDomain = getTenantDomain();
|
||||||
|
try {
|
||||||
|
int tenantId = getTenantId(tenantDomain);
|
||||||
|
TenantRegistryLoader tenantRegistryLoader =
|
||||||
|
APIApplicationManagerExtensionDataHolder.getInstance().getTenantRegistryLoader();
|
||||||
|
APIApplicationManagerExtensionDataHolder.getInstance().getIndexLoaderService().loadTenantIndex(tenantId);
|
||||||
|
tenantRegistryLoader.loadTenantRegistry(tenantId);
|
||||||
|
} catch (RegistryException e) {
|
||||||
|
throw new APIManagerException("Error occured while loading registry for tenant '" + tenantDomain + "'");
|
||||||
|
}
|
||||||
|
}
|
||||||
|
|
||||||
}
|
}
|
||||||
|
|||||||
@ -289,8 +289,7 @@ public class APIPublisherUtil {
|
|||||||
apiConfig.setTransports(transports);
|
apiConfig.setTransports(transports);
|
||||||
|
|
||||||
String sharingValueParam = servletContext.getInitParameter(PARAM_SHARED_WITH_ALL_TENANTS);
|
String sharingValueParam = servletContext.getInitParameter(PARAM_SHARED_WITH_ALL_TENANTS);
|
||||||
boolean isSharedWithAllTenants = (sharingValueParam == null || (!sharingValueParam.isEmpty())
|
boolean isSharedWithAllTenants = Boolean.parseBoolean(sharingValueParam);
|
||||||
&& Boolean.parseBoolean(sharingValueParam));
|
|
||||||
apiConfig.setSharedWithAllTenants(isSharedWithAllTenants);
|
apiConfig.setSharedWithAllTenants(isSharedWithAllTenants);
|
||||||
|
|
||||||
Set<URITemplate> uriTemplates = new LinkedHashSet<>();
|
Set<URITemplate> uriTemplates = new LinkedHashSet<>();
|
||||||
|
|||||||
@ -117,7 +117,7 @@ public interface Device {
|
|||||||
*/
|
*/
|
||||||
@GET
|
@GET
|
||||||
@Path("user/{user}/count")
|
@Path("user/{user}/count")
|
||||||
@Permission(scope = "device-count-own", permissions = {
|
@Permission(scope = "device-view-own", permissions = {
|
||||||
"/permission/admin/device-mgt/user/devices/list",
|
"/permission/admin/device-mgt/user/devices/list",
|
||||||
"/permission/admin/device-mgt/admin/devices/list"})
|
"/permission/admin/device-mgt/admin/devices/list"})
|
||||||
Response getDeviceCountOfUser(@PathParam("user") String user);
|
Response getDeviceCountOfUser(@PathParam("user") String user);
|
||||||
|
|||||||
@ -28,7 +28,7 @@ import javax.ws.rs.core.Response;
|
|||||||
/**
|
/**
|
||||||
* Features
|
* Features
|
||||||
*/
|
*/
|
||||||
@API(name = "Device Search", version = "1.0.0", context = "/devicemgt_admin/features", tags = {"devicemgt_admin"})
|
@API(name = "Feature", version = "1.0.0", context = "/devicemgt_admin/features", tags = {"devicemgt_admin"})
|
||||||
|
|
||||||
// Below Api is for swagger annotations
|
// Below Api is for swagger annotations
|
||||||
@Api(value = "Feature", description = "Feature management related operations can be found here.")
|
@Api(value = "Feature", description = "Feature management related operations can be found here.")
|
||||||
@ -58,7 +58,7 @@ public interface Feature {
|
|||||||
@ApiResponses(value = { @ApiResponse(code = 200, message = "List of Features"),
|
@ApiResponses(value = { @ApiResponse(code = 200, message = "List of Features"),
|
||||||
@ApiResponse(code = 500, message = "Error occurred while retrieving the list of features" +
|
@ApiResponse(code = 500, message = "Error occurred while retrieving the list of features" +
|
||||||
".") })
|
".") })
|
||||||
@Permission(scope = "device-search", permissions = {"/permission/admin/device-mgt/admin/devices/view",
|
@Permission(scope = "feature-view", permissions = {"/permission/admin/device-mgt/admin/devices/view",
|
||||||
"/permission/admin/device-mgt/user/devices/view"})
|
"/permission/admin/device-mgt/user/devices/view"})
|
||||||
Response getFeatures(@ApiParam(name = "type", value = "Provide the device type, such as ios, android or windows",
|
Response getFeatures(@ApiParam(name = "type", value = "Provide the device type, such as ios, android or windows",
|
||||||
required = true) @PathParam("type") String type);
|
required = true) @PathParam("type") String type);
|
||||||
|
|||||||
@ -146,7 +146,7 @@ public interface Role {
|
|||||||
notes = "You are able to add a new role to WSO2 EMM using the REST API.")
|
notes = "You are able to add a new role to WSO2 EMM using the REST API.")
|
||||||
@ApiResponses(value = { @ApiResponse(code = 200, message = "Added the role."),
|
@ApiResponses(value = { @ApiResponse(code = 200, message = "Added the role."),
|
||||||
@ApiResponse(code = 500, message = "Error occurred while adding the user role.") })
|
@ApiResponse(code = 500, message = "Error occurred while adding the user role.") })
|
||||||
@Permission(scope = "roles-modify", permissions = {"/permission/admin/device-mgt/admin/roles/add"})
|
@Permission(scope = "roles-add", permissions = {"/permission/admin/device-mgt/admin/roles/add"})
|
||||||
Response addRole(@ApiParam(name = "roleWrapper", value = "Role and permission details.",
|
Response addRole(@ApiParam(name = "roleWrapper", value = "Role and permission details.",
|
||||||
required = true) RoleWrapper roleWrapper);
|
required = true) RoleWrapper roleWrapper);
|
||||||
|
|
||||||
@ -180,7 +180,7 @@ public interface Role {
|
|||||||
@ApiResponses(value = { @ApiResponse(code = 200, message = "Deleted the role."),
|
@ApiResponses(value = { @ApiResponse(code = 200, message = "Deleted the role."),
|
||||||
@ApiResponse(code = 500, message = "Error occurred while deleting the user role details" +
|
@ApiResponse(code = 500, message = "Error occurred while deleting the user role details" +
|
||||||
".") })
|
".") })
|
||||||
@Permission(scope = "roles-modify", permissions = {"/permission/admin/device-mgt/admin/roles/remove"})
|
@Permission(scope = "roles-remove", permissions = {"/permission/admin/device-mgt/admin/roles/remove"})
|
||||||
Response deleteRole(@ApiParam(name = "rolename", value = "Provide the name of the role you wish to delete.",
|
Response deleteRole(@ApiParam(name = "rolename", value = "Provide the name of the role you wish to delete.",
|
||||||
required = true) @QueryParam("rolename") String roleName);
|
required = true) @QueryParam("rolename") String roleName);
|
||||||
|
|
||||||
@ -217,7 +217,7 @@ public interface Role {
|
|||||||
notes = "Get the number of roles in WSO2 EMM.")
|
notes = "Get the number of roles in WSO2 EMM.")
|
||||||
@ApiResponses(value = { @ApiResponse(code = 200, message = "Retrieved the role count."),
|
@ApiResponses(value = { @ApiResponse(code = 200, message = "Retrieved the role count."),
|
||||||
@ApiResponse(code = 500, message = "Error occurred while retrieving the role count.") })
|
@ApiResponse(code = 500, message = "Error occurred while retrieving the role count.") })
|
||||||
@Permission(scope = "roles-modify", permissions = {"/permission/admin/device-mgt/admin/roles/list"})
|
@Permission(scope = "roles-view", permissions = {"/permission/admin/device-mgt/admin/roles/list"})
|
||||||
Response getRoleCount();
|
Response getRoleCount();
|
||||||
|
|
||||||
}
|
}
|
||||||
|
|||||||
@ -52,7 +52,7 @@ public interface User {
|
|||||||
@ApiResponse(code = 201, message = "Created"),
|
@ApiResponse(code = 201, message = "Created"),
|
||||||
@ApiResponse(code = 500, message = "Exception in trying to add user by username: 'username'")
|
@ApiResponse(code = 500, message = "Exception in trying to add user by username: 'username'")
|
||||||
})
|
})
|
||||||
@Permission(scope = "user-modify", permissions = {"/permission/admin/device-mgt/admin/user/add"})
|
@Permission(scope = "user-add", permissions = {"/permission/admin/device-mgt/admin/user/add"})
|
||||||
Response addUser(@ApiParam(name = "userWrapper", value = "Includes the required properties to add a user"
|
Response addUser(@ApiParam(name = "userWrapper", value = "Includes the required properties to add a user"
|
||||||
+ " as the <JSON_PAYLOAD> value", required = true) UserWrapper userWrapper);
|
+ " as the <JSON_PAYLOAD> value", required = true) UserWrapper userWrapper);
|
||||||
|
|
||||||
@ -113,7 +113,7 @@ public interface User {
|
|||||||
@ApiResponse(code = 400, message = "User by username: 'username' does not exist for removal"),
|
@ApiResponse(code = 400, message = "User by username: 'username' does not exist for removal"),
|
||||||
@ApiResponse(code = 500, message = "Exception in trying to remove user by username: 'username'")
|
@ApiResponse(code = 500, message = "Exception in trying to remove user by username: 'username'")
|
||||||
})
|
})
|
||||||
@Permission(scope = "user-modify", permissions = {"/permission/admin/device-mgt/admin/user/remove"})
|
@Permission(scope = "user-remove", permissions = {"/permission/admin/device-mgt/admin/user/remove"})
|
||||||
Response removeUser(@ApiParam(name = "username", value = "Provide the name of the user you wish to delete"
|
Response removeUser(@ApiParam(name = "username", value = "Provide the name of the user you wish to delete"
|
||||||
+ " as the value for {username}", required = true)
|
+ " as the value for {username}", required = true)
|
||||||
@QueryParam("username") String username);
|
@QueryParam("username") String username);
|
||||||
@ -220,7 +220,7 @@ public interface User {
|
|||||||
@ApiResponse(code = 200, message = "Email invitation was successfully sent to user"),
|
@ApiResponse(code = 200, message = "Email invitation was successfully sent to user"),
|
||||||
@ApiResponse(code = 500, message = "Error occurred while retrieving the list of users")
|
@ApiResponse(code = 500, message = "Error occurred while retrieving the list of users")
|
||||||
})
|
})
|
||||||
@Permission(scope = "user-modify", permissions = {"/permission/admin/device-mgt/admin/users/invite"})
|
@Permission(scope = "user-invite", permissions = {"/permission/admin/device-mgt/admin/users/invite"})
|
||||||
Response inviteExistingUsersToEnrollDevice(@ApiParam(name = "usernames", value = "List of the users to be"
|
Response inviteExistingUsersToEnrollDevice(@ApiParam(name = "usernames", value = "List of the users to be"
|
||||||
+ " invited as the <JSON_PAYLOAD>", required = true)
|
+ " invited as the <JSON_PAYLOAD>", required = true)
|
||||||
List<String> usernames);
|
List<String> usernames);
|
||||||
@ -291,7 +291,7 @@ public interface User {
|
|||||||
+ " Character Encoding is not supported"),
|
+ " Character Encoding is not supported"),
|
||||||
@ApiResponse(code = 500, message = "Internal Server Error")
|
@ApiResponse(code = 500, message = "Internal Server Error")
|
||||||
})
|
})
|
||||||
@Permission(scope = "user-modify", permissions = {"/permission/admin/login"})
|
@Permission(scope = "user-password-modify", permissions = {"/permission/admin/login"})
|
||||||
Response resetPassword(@ApiParam(name = "credentials", value = "Include the required properties to change"
|
Response resetPassword(@ApiParam(name = "credentials", value = "Include the required properties to change"
|
||||||
+ " the user password as <JSON_PAYLOAD> value", required = true)
|
+ " the user password as <JSON_PAYLOAD> value", required = true)
|
||||||
UserCredentialWrapper credentials);
|
UserCredentialWrapper credentials);
|
||||||
@ -317,7 +317,7 @@ public interface User {
|
|||||||
+ " Character Encoding is not supported"),
|
+ " Character Encoding is not supported"),
|
||||||
@ApiResponse(code = 500, message = "Internal Server Error")
|
@ApiResponse(code = 500, message = "Internal Server Error")
|
||||||
})
|
})
|
||||||
@Permission(scope = "user-modify", permissions = {"/permission/admin/device-mgt/admin/users/password-reset"})
|
@Permission(scope = "user-password-reset", permissions = {"/permission/admin/device-mgt/admin/users/password-reset"})
|
||||||
Response resetPasswordByAdmin(@ApiParam(name = "credentials", value = "Include the required properties "
|
Response resetPasswordByAdmin(@ApiParam(name = "credentials", value = "Include the required properties "
|
||||||
+ "to change a user password as <JSON_PAYLOAD> value",
|
+ "to change a user password as <JSON_PAYLOAD> value",
|
||||||
required = true) UserCredentialWrapper credentials);
|
required = true) UserCredentialWrapper credentials);
|
||||||
|
|||||||
@ -79,6 +79,10 @@
|
|||||||
<param-name>managed-api-owner</param-name>
|
<param-name>managed-api-owner</param-name>
|
||||||
<param-value>admin</param-value>
|
<param-value>admin</param-value>
|
||||||
</context-param>
|
</context-param>
|
||||||
|
<context-param>
|
||||||
|
<param-name>isSharedWithAllTenants</param-name>
|
||||||
|
<param-value>true</param-value>
|
||||||
|
</context-param>
|
||||||
|
|
||||||
<!-- Below configuration is used to redirect http requests to https -->
|
<!-- Below configuration is used to redirect http requests to https -->
|
||||||
<security-constraint>
|
<security-constraint>
|
||||||
|
|||||||
@ -9,9 +9,9 @@
|
|||||||
"iOSAPIRoot" : "%https.ip%/ios/",
|
"iOSAPIRoot" : "%https.ip%/ios/",
|
||||||
"dynamicClientRegistrationEndPoint" : "%https.ip%/dynamic-client-web/register/",
|
"dynamicClientRegistrationEndPoint" : "%https.ip%/dynamic-client-web/register/",
|
||||||
"adminService":"%https.ip%",
|
"adminService":"%https.ip%",
|
||||||
"idPServer":"%https.ip%",
|
"idPServer":"https://localhost:8243",
|
||||||
"callBackUrl":"%https.ip%/devicemgt_admin",
|
"callBackUrl":"%https.ip%/devicemgt_admin",
|
||||||
"adminUser":"admin",
|
"adminUser":"admin@carbon.super",
|
||||||
"adminRole":"admin",
|
"adminRole":"admin",
|
||||||
"usernameLength":30,
|
"usernameLength":30,
|
||||||
"ssoConfiguration" : {
|
"ssoConfiguration" : {
|
||||||
@ -48,5 +48,12 @@
|
|||||||
"copyrightOwner" : "WSO2 Inc.",
|
"copyrightOwner" : "WSO2 Inc.",
|
||||||
"copyrightOwnersSite" : "http://www.wso2.org",
|
"copyrightOwnersSite" : "http://www.wso2.org",
|
||||||
"copyrightSuffix" : " All Rights Reserved."
|
"copyrightSuffix" : " All Rights Reserved."
|
||||||
}
|
},
|
||||||
|
"scopes" : ["license-add", "license-view", "device-view", "device-info", "device-list", "device-view-own",
|
||||||
|
"device-modify", "device-search", "operation-install", "operation-view", "operation-modify", "operation-uninstall",
|
||||||
|
"group-add", "group-share", "group-modify", "group-view", "group-remove", "certificate-modify", "certificate-view",
|
||||||
|
"configuration-view", "configuration-modify", "policy-view", "policy-modify", "device-notification-view",
|
||||||
|
"device-notification-modify", "feature-view", "arduino_device", "arduino_user", " android_sense_user",
|
||||||
|
"virtual_firealarm_user", "raspberrypi_user", "roles-view", "roles-modify", "roles-remove", "roles-add",
|
||||||
|
"user-password-reset", "user-password-modify", "user-modify", "user-view", "user-invite", "user-remove", "user-add"]
|
||||||
}
|
}
|
||||||
@ -20,7 +20,7 @@ var apiWrapperUtil = function () {
|
|||||||
var module = {};
|
var module = {};
|
||||||
var tokenUtil = require("/app/modules/util.js").util;
|
var tokenUtil = require("/app/modules/util.js").util;
|
||||||
var constants = require("/app/modules/constants.js");
|
var constants = require("/app/modules/constants.js");
|
||||||
var constants = require("/app/modules/constants.js");
|
var devicemgtProps = require('/app/conf/devicemgt-props.js').config();
|
||||||
var log = new Log("/app/modules/api-wrapper-util.js");
|
var log = new Log("/app/modules/api-wrapper-util.js");
|
||||||
|
|
||||||
module.refreshToken = function () {
|
module.refreshToken = function () {
|
||||||
@ -32,15 +32,19 @@ var apiWrapperUtil = function () {
|
|||||||
module.setupAccessTokenPair = function (type, properties) {
|
module.setupAccessTokenPair = function (type, properties) {
|
||||||
var tokenPair;
|
var tokenPair;
|
||||||
var clientData = tokenUtil.getDyanmicCredentials(properties);
|
var clientData = tokenUtil.getDyanmicCredentials(properties);
|
||||||
log.info(">>>>>>>>>>>>>>>>>>>>");
|
|
||||||
var jwtToken = tokenUtil.getTokenWithJWTGrantType(clientData);
|
var jwtToken = tokenUtil.getTokenWithJWTGrantType(clientData);
|
||||||
tokenUtil.getTenantBasedAppCredentials(jwtToken);
|
clientData = tokenUtil.getTenantBasedAppCredentials(properties.username, jwtToken);
|
||||||
log.info("*******************");
|
|
||||||
var encodedClientKeys = tokenUtil.encode(clientData.clientId + ":" + clientData.clientSecret);
|
var encodedClientKeys = tokenUtil.encode(clientData.clientId + ":" + clientData.clientSecret);
|
||||||
session.put(constants.ENCODED_CLIENT_KEYS_IDENTIFIER, encodedClientKeys);
|
session.put(constants.ENCODED_CLIENT_KEYS_IDENTIFIER, encodedClientKeys);
|
||||||
if (type == constants.GRANT_TYPE_PASSWORD) {
|
if (type == constants.GRANT_TYPE_PASSWORD) {
|
||||||
|
var scopes = devicemgtProps.scopes;
|
||||||
|
var scope = "";
|
||||||
|
scopes.forEach(function(entry) {
|
||||||
|
scope += entry + " ";
|
||||||
|
});
|
||||||
tokenPair =
|
tokenPair =
|
||||||
tokenUtil.getTokenWithPasswordGrantType(properties.username, encodeURIComponent(properties.password), encodedClientKeys);
|
tokenUtil.getTokenWithPasswordGrantType(properties.username, encodeURIComponent(properties.password),
|
||||||
|
encodedClientKeys, scope);
|
||||||
} else if (type == constants.GRANT_TYPE_SAML) {
|
} else if (type == constants.GRANT_TYPE_SAML) {
|
||||||
tokenPair = tokenUtil.
|
tokenPair = tokenUtil.
|
||||||
getTokenWithSAMLGrantType(properties.samlToken, encodedClientKeys, "PRODUCTION");
|
getTokenWithSAMLGrantType(properties.samlToken, encodedClientKeys, "PRODUCTION");
|
||||||
|
|||||||
@ -65,6 +65,7 @@ var backendServiceInvoker = function () {
|
|||||||
}
|
}
|
||||||
xmlHttpRequest.setRequestHeader(constants.CONTENT_TYPE_IDENTIFIER, contentType);
|
xmlHttpRequest.setRequestHeader(constants.CONTENT_TYPE_IDENTIFIER, contentType);
|
||||||
xmlHttpRequest.setRequestHeader(constants.ACCEPT_IDENTIFIER, acceptType);
|
xmlHttpRequest.setRequestHeader(constants.ACCEPT_IDENTIFIER, acceptType);
|
||||||
|
xmlHttpRequest.setRequestHeader(constants.REFERER, String(privateMethods.getClientDomain()));
|
||||||
if (IS_OAUTH_ENABLED) {
|
if (IS_OAUTH_ENABLED) {
|
||||||
var accessToken = privateMethods.getAccessToken();
|
var accessToken = privateMethods.getAccessToken();
|
||||||
if (!accessToken) {
|
if (!accessToken) {
|
||||||
@ -150,6 +151,10 @@ var backendServiceInvoker = function () {
|
|||||||
header.setName(constants.ACCEPT_IDENTIFIER);
|
header.setName(constants.ACCEPT_IDENTIFIER);
|
||||||
header.setValue(acceptType);
|
header.setValue(acceptType);
|
||||||
httpMethodObject.addRequestHeader(header);
|
httpMethodObject.addRequestHeader(header);
|
||||||
|
header = new Header();
|
||||||
|
header.setName(constants.REFERER);
|
||||||
|
header.setValue(String(privateMethods.getClientDomain()));
|
||||||
|
httpMethodObject.addRequestHeader(header);
|
||||||
if (IS_OAUTH_ENABLED) {
|
if (IS_OAUTH_ENABLED) {
|
||||||
var accessToken = privateMethods.getAccessToken();
|
var accessToken = privateMethods.getAccessToken();
|
||||||
if (accessToken) {
|
if (accessToken) {
|
||||||
@ -210,6 +215,12 @@ var backendServiceInvoker = function () {
|
|||||||
oAuthAuthenticationData.name = authenticationHeaderName;
|
oAuthAuthenticationData.name = authenticationHeaderName;
|
||||||
oAuthAuthenticationData.value = authenticationHeaderValue;
|
oAuthAuthenticationData.value = authenticationHeaderValue;
|
||||||
headers.push(oAuthAuthenticationData);
|
headers.push(oAuthAuthenticationData);
|
||||||
|
|
||||||
|
var referrerData = {};
|
||||||
|
referrerData.name = constants.REFERER;
|
||||||
|
referrerData.value = String(privateMethods.getClientDomain());
|
||||||
|
headers.push(referrerData);
|
||||||
|
|
||||||
options.HTTPHeaders = headers;
|
options.HTTPHeaders = headers;
|
||||||
} else {
|
} else {
|
||||||
response.sendRedirect(devicemgtProps["httpsURL"] + "/devicemgt/login");
|
response.sendRedirect(devicemgtProps["httpsURL"] + "/devicemgt/login");
|
||||||
@ -331,6 +342,16 @@ var backendServiceInvoker = function () {
|
|||||||
return privateMethods.initiateHTTPClientRequest(constants.HTTP_DELETE, url, successCallback, errorCallback, contentType, acceptType);
|
return privateMethods.initiateHTTPClientRequest(constants.HTTP_DELETE, url, successCallback, errorCallback, contentType, acceptType);
|
||||||
};
|
};
|
||||||
|
|
||||||
|
/**
|
||||||
|
* This method fetch the current logged user from the session and returns
|
||||||
|
* the tenant domain name of the user
|
||||||
|
* @returns {tenantDomain}
|
||||||
|
*/
|
||||||
|
privateMethods.getClientDomain = function () {
|
||||||
|
var user = session.get(constants.USER_SESSION_KEY);
|
||||||
|
return user.domain;
|
||||||
|
}
|
||||||
|
|
||||||
var publicInvokers = {};
|
var publicInvokers = {};
|
||||||
publicInvokers.XMLHttp = publicXMLHTTPInvokers;
|
publicInvokers.XMLHttp = publicXMLHTTPInvokers;
|
||||||
publicInvokers.WS = publicWSInvokers;
|
publicInvokers.WS = publicWSInvokers;
|
||||||
|
|||||||
@ -70,6 +70,7 @@ var HTTP_GET = "GET";
|
|||||||
var HTTP_POST = "POST";
|
var HTTP_POST = "POST";
|
||||||
var HTTP_PUT = "PUT";
|
var HTTP_PUT = "PUT";
|
||||||
var HTTP_DELETE = "DELETE";
|
var HTTP_DELETE = "DELETE";
|
||||||
|
var REFERER = "referer"
|
||||||
|
|
||||||
var GRANT_TYPE_PASSWORD = "password";
|
var GRANT_TYPE_PASSWORD = "password";
|
||||||
var GRANT_TYPE_SAML = "saml";
|
var GRANT_TYPE_SAML = "saml";
|
||||||
@ -78,3 +79,5 @@ var MQTT_QUEUE_CONFIG_NAME = "MQTT";
|
|||||||
|
|
||||||
var HTTP_CONFLICT = 409;
|
var HTTP_CONFLICT = 409;
|
||||||
var HTTP_CREATED = 201;
|
var HTTP_CREATED = 201;
|
||||||
|
|
||||||
|
var CACHED_CREDENTIALS = "tenantBasedCredentials";
|
||||||
|
|||||||
@ -79,7 +79,7 @@ var util = function () {
|
|||||||
*/
|
*/
|
||||||
module.getTokenWithPasswordGrantType = function (username, password, encodedClientKeys, scope) {
|
module.getTokenWithPasswordGrantType = function (username, password, encodedClientKeys, scope) {
|
||||||
var xhr = new XMLHttpRequest();
|
var xhr = new XMLHttpRequest();
|
||||||
var tokenEndpoint = devicemgtProps.idPServer + "/oauth2/token";
|
var tokenEndpoint = devicemgtProps.idPServer + "/token";
|
||||||
xhr.open("POST", tokenEndpoint, false);
|
xhr.open("POST", tokenEndpoint, false);
|
||||||
xhr.setRequestHeader("Content-Type", "application/x-www-form-urlencoded");
|
xhr.setRequestHeader("Content-Type", "application/x-www-form-urlencoded");
|
||||||
xhr.setRequestHeader("Authorization", "Basic " + encodedClientKeys);
|
xhr.setRequestHeader("Authorization", "Basic " + encodedClientKeys);
|
||||||
@ -172,29 +172,54 @@ var util = function () {
|
|||||||
return jwtToken;
|
return jwtToken;
|
||||||
};
|
};
|
||||||
|
|
||||||
module.getTenantBasedAppCredentials = function (token) {
|
module.getTenantBasedAppCredentials = function (uname, token) {
|
||||||
var tenantDomain = "carbon.super";
|
var tenantDomain = carbonModule.server.tenantDomain({
|
||||||
|
username: uname
|
||||||
|
});
|
||||||
|
var clientData = this.getCachedCredentials(tenantDomain);
|
||||||
|
if (!clientData) {
|
||||||
var applicationName = "webapp_" + tenantDomain;
|
var applicationName = "webapp_" + tenantDomain;
|
||||||
var xhr = new XMLHttpRequest();
|
var xhr = new XMLHttpRequest();
|
||||||
var endpoint = devicemgtProps["adminService"] + "/register/tenants/" + tenantDomain + "?applicationName=" +
|
var endpoint = devicemgtProps["adminService"] + "/api-application-registration/register/tenants?tenantDomain=" +
|
||||||
applicationName;
|
tenantDomain + "&applicationName=" + applicationName;
|
||||||
log.info(">>>>>>>>>>>>>>>>>>>>>>>>>APIM App Register endpoint: " + endpoint);
|
|
||||||
xhr.open("POST", endpoint, false);
|
xhr.open("POST", endpoint, false);
|
||||||
xhr.setRequestHeader("Content-Type", "application/json");
|
xhr.setRequestHeader("Content-Type", "application/json");
|
||||||
xhr.setRequestHeader("Authorization", "X-JWT-Assertion " + token.accessToken);
|
xhr.setRequestHeader("Authorization", "Bearer " + token.accessToken);
|
||||||
xhr.send();
|
xhr.send();
|
||||||
var clientData = {};
|
|
||||||
if (xhr.status == 201) {
|
if (xhr.status == 201) {
|
||||||
var data = parse(xhr.responseText);
|
var data = parse(xhr.responseText);
|
||||||
log.info(">>>>>>>>>>>>>>>>>>>>>>>>>lllllllllllllllllll: " + stringify(data));
|
clientData = {};
|
||||||
//clientData.clientId = data.client_id;
|
clientData.clientId = data.client_id;
|
||||||
//clientData.clientSecret = data.client_secret;
|
clientData.clientSecret = data.client_secret;
|
||||||
|
this.setTenantBasedAppCredentials(tenantDomain, clientData);
|
||||||
} else if (xhr.status == 400) {
|
} else if (xhr.status == 400) {
|
||||||
throw "Invalid client meta data";
|
throw "Invalid client meta data";
|
||||||
} else {
|
} else {
|
||||||
throw "Error in obtaining client id and secret from APIM";
|
throw "Error in obtaining client id and secret from APIM";
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
return clientData;
|
||||||
|
};
|
||||||
|
|
||||||
|
module.setTenantBasedAppCredentials = function (tenantDomain, clientData) {
|
||||||
|
var cachedMap = application.get(constants.CACHED_CREDENTIALS);
|
||||||
|
if (!cachedMap) {
|
||||||
|
cachedMap = new Object();
|
||||||
|
cachedMap[tenantDomain] = clientData;
|
||||||
|
application.put(constants.CACHED_CREDENTIALS, cachedMap);
|
||||||
|
} else {
|
||||||
|
cachedMap[tenantDomain] = clientData;
|
||||||
|
}
|
||||||
|
};
|
||||||
|
|
||||||
|
module.getCachedCredentials = function(tenantDomain) {
|
||||||
|
var cachedMap = application.get(constants.CACHED_CREDENTIALS);
|
||||||
|
if (cachedMap) {
|
||||||
|
return cachedMap[tenantDomain];
|
||||||
|
}
|
||||||
|
return null;
|
||||||
|
};
|
||||||
|
|
||||||
return module;
|
return module;
|
||||||
}();
|
}();
|
||||||
|
|||||||
Loading…
Reference in New Issue
Block a user