mirror of
https://repository.entgra.net/community/device-mgt-core.git
synced 2025-10-06 02:01:45 +00:00
Implemented permission based authorization
This commit is contained in:
mharindu
parent
51686dce08
commit
115099c8fe
@ -0,0 +1,42 @@
|
||||
/*
|
||||
* Copyright (c) 2014, WSO2 Inc. (http://www.wso2.org) All Rights Reserved.
|
||||
*
|
||||
* Licensed under the Apache License, Version 2.0 (the "License");
|
||||
* you may not use this file except in compliance with the License.
|
||||
* You may obtain a copy of the License at
|
||||
*
|
||||
* http://www.apache.org/licenses/LICENSE-2.0
|
||||
*
|
||||
* Unless required by applicable law or agreed to in writing, software
|
||||
* distributed under the License is distributed on an "AS IS" BASIS,
|
||||
* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
|
||||
* See the License for the specific language governing permissions and
|
||||
* limitations under the License.
|
||||
*/
|
||||
package org.wso2.carbon.apimgt.annotations.api;
|
||||
|
||||
import java.lang.annotation.ElementType;
|
||||
import java.lang.annotation.Retention;
|
||||
import java.lang.annotation.RetentionPolicy;
|
||||
import java.lang.annotation.Target;
|
||||
|
||||
/**
|
||||
* This class is the representation of custom developed Permission annotation.
|
||||
*/
|
||||
@Target(ElementType.METHOD)
|
||||
@Retention(RetentionPolicy.RUNTIME)
|
||||
public @interface Permission {
|
||||
|
||||
/**
|
||||
* Represents the permission name.
|
||||
* @return Returns permission name.
|
||||
*/
|
||||
String name();
|
||||
|
||||
/**
|
||||
* Represents the permission string.
|
||||
* @return Returns permission string.
|
||||
*/
|
||||
String permission();
|
||||
|
||||
}
|
||||
@ -44,33 +44,33 @@ public class APIPublisherStartupHandler implements ServerStartupObserver {
|
||||
|
||||
@Override
|
||||
public void completedServerStartup() {
|
||||
APIPublisherDataHolder.getInstance().setServerStarted(true);
|
||||
currentAPIsStack = APIPublisherDataHolder.getInstance().getUnpublishedApis();
|
||||
Thread t = new Thread(new Runnable() {
|
||||
@Override
|
||||
public void run() {
|
||||
if (log.isDebugEnabled()) {
|
||||
log.debug("Server has just started, hence started publishing unpublished APIs");
|
||||
log.debug("Total number of unpublished APIs: "
|
||||
+ APIPublisherDataHolder.getInstance().getUnpublishedApis().size());
|
||||
}
|
||||
publisher = APIPublisherDataHolder.getInstance().getApiPublisherService();
|
||||
while (!failedAPIsStack.isEmpty() || !currentAPIsStack.isEmpty()) {
|
||||
try {
|
||||
retryTime = retryTime * CONNECTION_RETRY_FACTOR;
|
||||
Thread.sleep(retryTime);
|
||||
} catch (InterruptedException te) {
|
||||
log.error("Error occurred while sleeping", te);
|
||||
}
|
||||
if (!APIPublisherDataHolder.getInstance().getUnpublishedApis().isEmpty()) {
|
||||
publishAPIs(currentAPIsStack, failedAPIsStack);
|
||||
} else {
|
||||
publishAPIs(failedAPIsStack, currentAPIsStack);
|
||||
}
|
||||
}
|
||||
}
|
||||
});
|
||||
t.start();
|
||||
// APIPublisherDataHolder.getInstance().setServerStarted(true);
|
||||
// currentAPIsStack = APIPublisherDataHolder.getInstance().getUnpublishedApis();
|
||||
// Thread t = new Thread(new Runnable() {
|
||||
// @Override
|
||||
// public void run() {
|
||||
// if (log.isDebugEnabled()) {
|
||||
// log.debug("Server has just started, hence started publishing unpublished APIs");
|
||||
// log.debug("Total number of unpublished APIs: "
|
||||
// + APIPublisherDataHolder.getInstance().getUnpublishedApis().size());
|
||||
// }
|
||||
// publisher = APIPublisherDataHolder.getInstance().getApiPublisherService();
|
||||
// while (!failedAPIsStack.isEmpty() || !currentAPIsStack.isEmpty()) {
|
||||
// try {
|
||||
// retryTime = retryTime * CONNECTION_RETRY_FACTOR;
|
||||
// Thread.sleep(retryTime);
|
||||
// } catch (InterruptedException te) {
|
||||
// log.error("Error occurred while sleeping", te);
|
||||
// }
|
||||
// if (!APIPublisherDataHolder.getInstance().getUnpublishedApis().isEmpty()) {
|
||||
// publishAPIs(currentAPIsStack, failedAPIsStack);
|
||||
// } else {
|
||||
// publishAPIs(failedAPIsStack, currentAPIsStack);
|
||||
// }
|
||||
// }
|
||||
// }
|
||||
// });
|
||||
// t.start();
|
||||
}
|
||||
|
||||
private void publishAPIs(Stack<API> apis, Stack<API> failedStack) {
|
||||
|
||||
@ -49,72 +49,72 @@ public class APIPublisherLifecycleListener implements LifecycleListener {
|
||||
|
||||
@Override
|
||||
public void lifecycleEvent(LifecycleEvent lifecycleEvent) {
|
||||
if (Lifecycle.AFTER_START_EVENT.equals(lifecycleEvent.getType()) && WebappPublisherConfig.getInstance()
|
||||
.isPublished()) {
|
||||
StandardContext context = (StandardContext) lifecycleEvent.getLifecycle();
|
||||
ServletContext servletContext = context.getServletContext();
|
||||
String param = servletContext.getInitParameter(PARAM_MANAGED_API_ENABLED);
|
||||
boolean isManagedApi = (param != null && !param.isEmpty()) && Boolean.parseBoolean(param);
|
||||
|
||||
String profile = System.getProperty(PROPERTY_PROFILE);
|
||||
|
||||
if (WebappPublisherConfig.getInstance().getProfiles().getProfile().contains(profile.toLowerCase())
|
||||
&& isManagedApi) {
|
||||
try {
|
||||
AnnotationProcessor annotationProcessor = new AnnotationProcessor(context);
|
||||
Set<String> annotatedAPIClasses = annotationProcessor.
|
||||
scanStandardContext(org.wso2.carbon.apimgt.annotations.api.API.class.getName());
|
||||
|
||||
List<APIResourceConfiguration> apiDefinitions = annotationProcessor.extractAPIInfo(servletContext,
|
||||
annotatedAPIClasses);
|
||||
|
||||
for (APIResourceConfiguration apiDefinition : apiDefinitions) {
|
||||
|
||||
APIConfig apiConfig = APIPublisherUtil.buildApiConfig(servletContext, apiDefinition);
|
||||
|
||||
try {
|
||||
int tenantId = APIPublisherDataHolder.getInstance().getTenantManager().
|
||||
getTenantId(apiConfig.getTenantDomain());
|
||||
|
||||
boolean isTenantActive = APIPublisherDataHolder.getInstance().
|
||||
getTenantManager().isTenantActive(tenantId);
|
||||
|
||||
if (isTenantActive) {
|
||||
apiConfig.init();
|
||||
API api = APIPublisherUtil.getAPI(apiConfig);
|
||||
boolean isServerStarted = APIPublisherDataHolder.getInstance().isServerStarted();
|
||||
if (isServerStarted) {
|
||||
APIPublisherService apiPublisherService =
|
||||
APIPublisherDataHolder.getInstance().getApiPublisherService();
|
||||
if (apiPublisherService == null) {
|
||||
throw new IllegalStateException(
|
||||
"API Publisher service is not initialized properly");
|
||||
}
|
||||
apiPublisherService.publishAPI(api);
|
||||
} else {
|
||||
if (log.isDebugEnabled()) {
|
||||
log.debug("Server has not started yet. Hence adding API '" +
|
||||
api.getId().getApiName() + "' to the queue");
|
||||
}
|
||||
APIPublisherDataHolder.getInstance().getUnpublishedApis().push(api);
|
||||
}
|
||||
} else {
|
||||
log.error("No tenant [" + apiConfig.getTenantDomain() + "] " +
|
||||
"found when publishing the Web app");
|
||||
}
|
||||
} catch (Throwable e) {
|
||||
log.error("Error occurred while publishing API '" + apiConfig.getName() +
|
||||
"' with the context '" + apiConfig.getContext() +
|
||||
"' and version '" + apiConfig.getVersion() + "'", e);
|
||||
}
|
||||
}
|
||||
} catch (IOException e) {
|
||||
log.error("Error encountered while discovering annotated classes", e);
|
||||
} catch (ClassNotFoundException e) {
|
||||
log.error("Error while scanning class for annotations", e);
|
||||
}
|
||||
}
|
||||
}
|
||||
// if (Lifecycle.AFTER_START_EVENT.equals(lifecycleEvent.getType()) && WebappPublisherConfig.getInstance()
|
||||
// .isPublished()) {
|
||||
// StandardContext context = (StandardContext) lifecycleEvent.getLifecycle();
|
||||
// ServletContext servletContext = context.getServletContext();
|
||||
// String param = servletContext.getInitParameter(PARAM_MANAGED_API_ENABLED);
|
||||
// boolean isManagedApi = (param != null && !param.isEmpty()) && Boolean.parseBoolean(param);
|
||||
//
|
||||
// String profile = System.getProperty(PROPERTY_PROFILE);
|
||||
//
|
||||
// if (WebappPublisherConfig.getInstance().getProfiles().getProfile().contains(profile.toLowerCase())
|
||||
// && isManagedApi) {
|
||||
// try {
|
||||
// AnnotationProcessor annotationProcessor = new AnnotationProcessor(context);
|
||||
// Set<String> annotatedAPIClasses = annotationProcessor.
|
||||
// scanStandardContext(org.wso2.carbon.apimgt.annotations.api.API.class.getName());
|
||||
//
|
||||
// List<APIResourceConfiguration> apiDefinitions = annotationProcessor.extractAPIInfo(servletContext,
|
||||
// annotatedAPIClasses);
|
||||
//
|
||||
// for (APIResourceConfiguration apiDefinition : apiDefinitions) {
|
||||
//
|
||||
// APIConfig apiConfig = APIPublisherUtil.buildApiConfig(servletContext, apiDefinition);
|
||||
//
|
||||
// try {
|
||||
// int tenantId = APIPublisherDataHolder.getInstance().getTenantManager().
|
||||
// getTenantId(apiConfig.getTenantDomain());
|
||||
//
|
||||
// boolean isTenantActive = APIPublisherDataHolder.getInstance().
|
||||
// getTenantManager().isTenantActive(tenantId);
|
||||
//
|
||||
// if (isTenantActive) {
|
||||
// apiConfig.init();
|
||||
// API api = APIPublisherUtil.getAPI(apiConfig);
|
||||
// boolean isServerStarted = APIPublisherDataHolder.getInstance().isServerStarted();
|
||||
// if (isServerStarted) {
|
||||
// APIPublisherService apiPublisherService =
|
||||
// APIPublisherDataHolder.getInstance().getApiPublisherService();
|
||||
// if (apiPublisherService == null) {
|
||||
// throw new IllegalStateException(
|
||||
// "API Publisher service is not initialized properly");
|
||||
// }
|
||||
// apiPublisherService.publishAPI(api);
|
||||
// } else {
|
||||
// if (log.isDebugEnabled()) {
|
||||
// log.debug("Server has not started yet. Hence adding API '" +
|
||||
// api.getId().getApiName() + "' to the queue");
|
||||
// }
|
||||
// APIPublisherDataHolder.getInstance().getUnpublishedApis().push(api);
|
||||
// }
|
||||
// } else {
|
||||
// log.error("No tenant [" + apiConfig.getTenantDomain() + "] " +
|
||||
// "found when publishing the Web app");
|
||||
// }
|
||||
// } catch (Throwable e) {
|
||||
// log.error("Error occurred while publishing API '" + apiConfig.getName() +
|
||||
// "' with the context '" + apiConfig.getContext() +
|
||||
// "' and version '" + apiConfig.getVersion() + "'", e);
|
||||
// }
|
||||
// }
|
||||
// } catch (IOException e) {
|
||||
// log.error("Error encountered while discovering annotated classes", e);
|
||||
// } catch (ClassNotFoundException e) {
|
||||
// log.error("Error while scanning class for annotations", e);
|
||||
// }
|
||||
// }
|
||||
// }
|
||||
}
|
||||
|
||||
//TODO : Need to implemented, to merge API Definitions in cases where implementation of an API Lies in two classes
|
||||
|
||||
@ -4,6 +4,7 @@ import io.swagger.annotations.ApiOperation;
|
||||
import io.swagger.annotations.ApiParam;
|
||||
import io.swagger.annotations.ApiResponse;
|
||||
import io.swagger.annotations.ApiResponses;
|
||||
import org.wso2.carbon.apimgt.annotations.api.Permission;
|
||||
import org.wso2.carbon.apimgt.annotations.api.Scope;
|
||||
import org.wso2.carbon.certificate.mgt.jaxrs.beans.ErrorResponse;
|
||||
|
||||
@ -47,6 +48,7 @@ public interface CertificateMgtService {
|
||||
response = ErrorResponse.class)
|
||||
})
|
||||
@Scope(key = "certificate:sign-csr", name = "Sign CSR", description = "")
|
||||
@Permission(name = "Sign CSR", permission = "/device-mgt/certificates/manage")
|
||||
Response getSignedCertFromCSR(
|
||||
@ApiParam(
|
||||
name = "If-Modified-Since",
|
||||
|
||||
@ -2,6 +2,7 @@ package org.wso2.carbon.certificate.mgt.cert.jaxrs.api;
|
||||
|
||||
import io.swagger.annotations.*;
|
||||
import org.wso2.carbon.apimgt.annotations.api.API;
|
||||
import org.wso2.carbon.apimgt.annotations.api.Permission;
|
||||
import org.wso2.carbon.apimgt.annotations.api.Scope;
|
||||
import org.wso2.carbon.certificate.mgt.cert.jaxrs.api.beans.CertificateList;
|
||||
import org.wso2.carbon.certificate.mgt.cert.jaxrs.api.beans.EnrollmentCertificate;
|
||||
@ -77,7 +78,7 @@ public interface CertificateManagementAdminService {
|
||||
message = "Internal Server Error. \n Server error occurred while adding certificates.",
|
||||
response = ErrorResponse.class)
|
||||
})
|
||||
@Scope(key = "certificate:manage", name = "Add certificates", description = "")
|
||||
@Permission(name = "Manage certificates", permission = "/device-mgt/certificates/manage")
|
||||
Response addCertificate(
|
||||
@ApiParam(
|
||||
name = "enrollmentCertificates",
|
||||
@ -135,7 +136,7 @@ public interface CertificateManagementAdminService {
|
||||
"Server error occurred while retrieving information requested certificate.",
|
||||
response = ErrorResponse.class)
|
||||
})
|
||||
@Scope(key = "certificate:view", name = "View certificates", description = "")
|
||||
@Permission(name = "View certificates", permission = "/device-mgt/certificates/view")
|
||||
Response getCertificate(
|
||||
@ApiParam(name = "serialNumber",
|
||||
value = "Provide the serial number of the certificate that you wish to get the details of",
|
||||
@ -207,7 +208,7 @@ public interface CertificateManagementAdminService {
|
||||
"Server error occurred while retrieving all certificates enrolled in the system.",
|
||||
response = ErrorResponse.class)
|
||||
})
|
||||
@Scope(key = "certificate:view", name = "View certificates", description = "")
|
||||
@Permission(name = "View certificates", permission = "/device-mgt/certificates/view")
|
||||
Response getAllCertificates(
|
||||
@ApiParam(
|
||||
name = "offset",
|
||||
@ -250,7 +251,7 @@ public interface CertificateManagementAdminService {
|
||||
message = "Internal Server Error. \n " +
|
||||
"Server error occurred while removing the certificate.",
|
||||
response = ErrorResponse.class)})
|
||||
@Scope(key = "certificate:manage", name = "Add certificates", description = "")
|
||||
@Permission(name = "Manage certificates", permission = "/device-mgt/certificates/manage")
|
||||
Response removeCertificate(
|
||||
@ApiParam(
|
||||
name = "serialNumber",
|
||||
|
||||
@ -20,6 +20,7 @@ package org.wso2.carbon.device.mgt.jaxrs.beans;
|
||||
|
||||
import io.swagger.annotations.ApiModel;
|
||||
import io.swagger.annotations.ApiModelProperty;
|
||||
import org.wso2.carbon.user.mgt.common.UIPermissionNode;
|
||||
|
||||
import java.util.List;
|
||||
|
||||
@ -29,12 +30,19 @@ public class RoleInfo {
|
||||
|
||||
@ApiModelProperty(name = "roleName", value = "The name of the role.", required = true)
|
||||
private String roleName;
|
||||
@ApiModelProperty(name = "scopes", value = "Lists out all the scopes associated with roles.",
|
||||
@ApiModelProperty(name = "permissions", value = "Lists out all the permissions associated with roles.",
|
||||
required = true, dataType = "List[java.lang.String]")
|
||||
private List<String> scopes;
|
||||
private String[] permissions;
|
||||
@ApiModelProperty(name = "users", value = "The list of users assigned to the selected role.",
|
||||
required = true, dataType = "List[java.lang.String]")
|
||||
private String[] users;
|
||||
@ApiModelProperty(name = "permissionList", value = "This contain the following, " +
|
||||
"\n resourcePath\tThe path related to the API.\n " +
|
||||
"displayName\tThe name of the permission that is shown " +
|
||||
"in the UI.\n" +
|
||||
"nodeList\tLists out the nested permissions.",
|
||||
required = true)
|
||||
private UIPermissionNode permissionList;
|
||||
|
||||
public String getRoleName() {
|
||||
return roleName;
|
||||
@ -44,12 +52,12 @@ public class RoleInfo {
|
||||
this.roleName = roleName;
|
||||
}
|
||||
|
||||
public List<String> getScopes() {
|
||||
return scopes;
|
||||
public String[] getPermissions() {
|
||||
return permissions;
|
||||
}
|
||||
|
||||
public void setScopes(List<String> scopes) {
|
||||
this.scopes = scopes;
|
||||
public void setPermissions(String[] permissions) {
|
||||
this.permissions = permissions;
|
||||
}
|
||||
|
||||
public String[] getUsers() {
|
||||
@ -60,4 +68,12 @@ public class RoleInfo {
|
||||
this.users = users;
|
||||
}
|
||||
|
||||
public UIPermissionNode getPermissionList() {
|
||||
return permissionList;
|
||||
}
|
||||
|
||||
public void setPermissionList(UIPermissionNode permissionList) {
|
||||
this.permissionList = permissionList;
|
||||
}
|
||||
|
||||
}
|
||||
|
||||
@ -20,6 +20,7 @@ package org.wso2.carbon.device.mgt.jaxrs.service.api;
|
||||
|
||||
import io.swagger.annotations.*;
|
||||
import org.wso2.carbon.apimgt.annotations.api.API;
|
||||
import org.wso2.carbon.apimgt.annotations.api.Permission;
|
||||
import org.wso2.carbon.apimgt.annotations.api.Scope;
|
||||
import org.wso2.carbon.device.mgt.common.operation.mgt.Activity;
|
||||
import org.wso2.carbon.device.mgt.jaxrs.beans.ActivityList;
|
||||
@ -92,7 +93,7 @@ public interface ActivityInfoProviderService {
|
||||
message = "Internal Server Error. \n Server error occurred while fetching activity data.",
|
||||
response = ErrorResponse.class)
|
||||
})
|
||||
@Scope(key = "activity:view", name = "View Activities", description = "")
|
||||
@Permission(name = "View Activities", permission = "/device-mgt/activities/view")
|
||||
Response getActivity(
|
||||
@ApiParam(
|
||||
name = "id",
|
||||
@ -153,7 +154,7 @@ public interface ActivityInfoProviderService {
|
||||
message = "Internal Server Error. \n Server error occurred while fetching activity data.",
|
||||
response = ErrorResponse.class)
|
||||
})
|
||||
@Scope(key = "activity:view", name = "View Activities", description = "")
|
||||
@Permission(name = "View Activities", permission = "/device-mgt/activities/view")
|
||||
Response getActivities(
|
||||
@ApiParam(
|
||||
name = "since",
|
||||
|
||||
@ -20,6 +20,7 @@ package org.wso2.carbon.device.mgt.jaxrs.service.api;
|
||||
|
||||
import io.swagger.annotations.*;
|
||||
import org.wso2.carbon.apimgt.annotations.api.API;
|
||||
import org.wso2.carbon.apimgt.annotations.api.Permission;
|
||||
import org.wso2.carbon.apimgt.annotations.api.Scope;
|
||||
import org.wso2.carbon.device.mgt.common.configuration.mgt.PlatformConfiguration;
|
||||
import org.wso2.carbon.device.mgt.jaxrs.beans.ErrorResponse;
|
||||
@ -81,7 +82,7 @@ public interface ConfigurationManagementService {
|
||||
"platform configuration.",
|
||||
response = ErrorResponse.class)
|
||||
})
|
||||
@Scope(key = "configuration:view", name = "View Configurations", description = "")
|
||||
@Permission(name = "View Configurations", permission = "/device-mgt/configuration/view")
|
||||
Response getConfiguration(
|
||||
@ApiParam(
|
||||
name = "If-Modified-Since",
|
||||
@ -127,7 +128,7 @@ public interface ConfigurationManagementService {
|
||||
"Server error occurred while modifying general platform configuration.",
|
||||
response = ErrorResponse.class)
|
||||
})
|
||||
@Scope(key = "configuration:modify", name = "Modify Configurations", description = "")
|
||||
@Permission(name = "Manage configurations", permission = "/device-mgt/configuration/manage")
|
||||
Response updateConfiguration(
|
||||
@ApiParam(
|
||||
name = "configuration",
|
||||
|
||||
@ -20,6 +20,7 @@ package org.wso2.carbon.device.mgt.jaxrs.service.api;
|
||||
|
||||
import io.swagger.annotations.*;
|
||||
import org.wso2.carbon.apimgt.annotations.api.API;
|
||||
import org.wso2.carbon.apimgt.annotations.api.Permission;
|
||||
import org.wso2.carbon.apimgt.annotations.api.Scope;
|
||||
import org.wso2.carbon.device.mgt.common.Device;
|
||||
import org.wso2.carbon.device.mgt.common.Feature;
|
||||
@ -92,7 +93,7 @@ public interface DeviceManagementService {
|
||||
message = "Internal Server Error. \n Server error occurred while fetching the device list.",
|
||||
response = ErrorResponse.class)
|
||||
})
|
||||
@Scope(key = "device:view", name = "View Devices", description = "")
|
||||
@Permission(name = "View Devices", permission = "/device-mgt/devices/view")
|
||||
Response getDevices(
|
||||
@ApiParam(
|
||||
name = "name",
|
||||
@ -199,7 +200,7 @@ public interface DeviceManagementService {
|
||||
"Server error occurred while retrieving information requested device.",
|
||||
response = ErrorResponse.class)
|
||||
})
|
||||
@Scope(key = "device:view", name = "View Devices", description = "")
|
||||
@Permission(name = "View Devices", permission = "/device-mgt/devices/view")
|
||||
Response getDevice(
|
||||
@ApiParam(
|
||||
name = "type",
|
||||
@ -281,7 +282,7 @@ public interface DeviceManagementService {
|
||||
"Server error occurred while retrieving feature list of the device.",
|
||||
response = ErrorResponse.class)
|
||||
})
|
||||
@Scope(key = "device:view", name = "View Devices", description = "")
|
||||
@Permission(name = "View Devices", permission = "/device-mgt/devices/view")
|
||||
Response getFeaturesOfDevice(
|
||||
@ApiParam(
|
||||
name = "type",
|
||||
@ -357,7 +358,7 @@ public interface DeviceManagementService {
|
||||
"Server error occurred while enrolling the device.",
|
||||
response = ErrorResponse.class)
|
||||
})
|
||||
@Scope(key = "device:view", name = "View Devices", description = "")
|
||||
@Permission(name = "View Devices", permission = "/device-mgt/devices/view")
|
||||
Response searchDevices(
|
||||
@ApiParam(
|
||||
name = "offset",
|
||||
@ -436,8 +437,7 @@ public interface DeviceManagementService {
|
||||
"Server error occurred while retrieving installed application list of the device.",
|
||||
response = ErrorResponse.class)
|
||||
})
|
||||
@Scope(key = "device:view", name = "View Devices", description = "")
|
||||
|
||||
@Permission(name = "View Devices", permission = "/device-mgt/devices/view")
|
||||
Response getInstalledApplications(
|
||||
@ApiParam(
|
||||
name = "type",
|
||||
@ -533,7 +533,7 @@ public interface DeviceManagementService {
|
||||
"Server error occurred while retrieving operation list scheduled for the device.",
|
||||
response = ErrorResponse.class)
|
||||
})
|
||||
@Scope(key = "device:view", name = "View Devices", description = "")
|
||||
@Permission(name = "View Devices", permission = "/device-mgt/devices/view")
|
||||
Response getDeviceOperations(
|
||||
@ApiParam(
|
||||
name = "type",
|
||||
@ -631,7 +631,7 @@ public interface DeviceManagementService {
|
||||
response = ErrorResponse.class)
|
||||
}
|
||||
)
|
||||
@Scope(key = "device:view", name = "View Devices", description = "")
|
||||
@Permission(name = "View Devices", permission = "/device-mgt/devices/view")
|
||||
Response getEffectivePolicyOfDevice(
|
||||
@ApiParam(
|
||||
name = "type",
|
||||
@ -683,7 +683,7 @@ public interface DeviceManagementService {
|
||||
response = ErrorResponse.class)
|
||||
}
|
||||
)
|
||||
@Scope(key = "device:view", name = "View Devices", description = "")
|
||||
@Permission(name = "View Devices", permission = "/device-mgt/devices/view")
|
||||
Response getComplianceDataOfDevice(
|
||||
@ApiParam(
|
||||
name = "type",
|
||||
|
||||
@ -20,6 +20,7 @@ package org.wso2.carbon.device.mgt.jaxrs.service.api;
|
||||
|
||||
import io.swagger.annotations.*;
|
||||
import org.wso2.carbon.apimgt.annotations.api.API;
|
||||
import org.wso2.carbon.apimgt.annotations.api.Permission;
|
||||
import org.wso2.carbon.apimgt.annotations.api.Scope;
|
||||
import org.wso2.carbon.device.mgt.jaxrs.beans.DeviceTypeList;
|
||||
import org.wso2.carbon.device.mgt.jaxrs.beans.ErrorResponse;
|
||||
@ -78,7 +79,7 @@ public interface DeviceTypeManagementService {
|
||||
response = ErrorResponse.class)
|
||||
}
|
||||
)
|
||||
@Scope(key = "device-type:admin:view", name = "View device types", description = "")
|
||||
@Permission(name = "View Device Types", permission = "/device-mgt/devices/view")
|
||||
Response getDeviceTypes(
|
||||
@ApiParam(
|
||||
name = "If-Modified-Since",
|
||||
|
||||
@ -20,6 +20,7 @@ package org.wso2.carbon.device.mgt.jaxrs.service.api;
|
||||
|
||||
import io.swagger.annotations.*;
|
||||
import org.wso2.carbon.apimgt.annotations.api.API;
|
||||
import org.wso2.carbon.apimgt.annotations.api.Permission;
|
||||
import org.wso2.carbon.apimgt.annotations.api.Scope;
|
||||
import org.wso2.carbon.device.mgt.common.notification.mgt.Notification;
|
||||
import org.wso2.carbon.device.mgt.jaxrs.NotificationList;
|
||||
@ -90,7 +91,7 @@ public interface NotificationManagementService {
|
||||
"\n Server error occurred while fetching the notification list.",
|
||||
response = ErrorResponse.class)
|
||||
})
|
||||
@Scope(key = "notification:view", name = "View and manage notifications", description = "")
|
||||
@Permission(name = "View notifications", permission = "/device-mgt/notifications/view")
|
||||
Response getNotifications(
|
||||
@ApiParam(
|
||||
name = "status",
|
||||
@ -142,7 +143,7 @@ public interface NotificationManagementService {
|
||||
message = "Error occurred while updating notification status.")
|
||||
}
|
||||
)
|
||||
@Scope(key = "notification:view", name = "View and manage notifications", description = "")
|
||||
@Permission(name = "View notifications", permission = "/device-mgt/notifications/view")
|
||||
Response updateNotificationStatus(
|
||||
@ApiParam(
|
||||
name = "id",
|
||||
|
||||
@ -20,6 +20,7 @@ package org.wso2.carbon.device.mgt.jaxrs.service.api;
|
||||
|
||||
import io.swagger.annotations.*;
|
||||
import org.wso2.carbon.apimgt.annotations.api.API;
|
||||
import org.wso2.carbon.apimgt.annotations.api.Permission;
|
||||
import org.wso2.carbon.apimgt.annotations.api.Scope;
|
||||
import org.wso2.carbon.device.mgt.jaxrs.beans.ErrorResponse;
|
||||
import org.wso2.carbon.device.mgt.jaxrs.beans.PolicyWrapper;
|
||||
@ -100,7 +101,7 @@ public interface PolicyManagementService {
|
||||
"Server error occurred while adding a new policy.",
|
||||
response = ErrorResponse.class)
|
||||
})
|
||||
@Scope(key = "policy:manage", name = "Add policies", description = "")
|
||||
@Permission(name = "Manage policies", permission = "/device-mgt/policies/manage")
|
||||
Response addPolicy(
|
||||
@ApiParam(
|
||||
name = "policy",
|
||||
@ -154,7 +155,7 @@ public interface PolicyManagementService {
|
||||
"policies."),
|
||||
response = ErrorResponse.class)
|
||||
})
|
||||
@Scope(key = "policy:view", name = "Views policies", description = "")
|
||||
@Permission(name = "View policies", permission = "/device-mgt/policies/view")
|
||||
Response getPolicies(
|
||||
@ApiParam(
|
||||
name = "If-Modified-Since",
|
||||
@ -220,7 +221,7 @@ public interface PolicyManagementService {
|
||||
"policy.",
|
||||
response = ErrorResponse.class)
|
||||
})
|
||||
@Scope(key = "policy:view", name = "View policies", description = "")
|
||||
@Permission(name = "View policies", permission = "/device-mgt/policies/view")
|
||||
Response getPolicy(
|
||||
@ApiParam(
|
||||
name = "id",
|
||||
@ -284,7 +285,7 @@ public interface PolicyManagementService {
|
||||
"Server error occurred while updating the policy.",
|
||||
response = ErrorResponse.class)
|
||||
})
|
||||
@Scope(key = "policy:manage", name = "Add policies", description = "")
|
||||
@Permission(name = "Manage policies", permission = "/device-mgt/policies/manage")
|
||||
Response updatePolicy(
|
||||
@ApiParam(
|
||||
name = "id",
|
||||
@ -330,7 +331,7 @@ public interface PolicyManagementService {
|
||||
"Server error occurred while bulk removing policies.",
|
||||
response = ErrorResponse.class)
|
||||
})
|
||||
@Scope(key = "policy:manage", name = "Add policies", description = "")
|
||||
@Permission(name = "Manage policies", permission = "/device-mgt/policies/manage")
|
||||
Response removePolicies(
|
||||
@ApiParam(
|
||||
name = "policyIds",
|
||||
@ -366,7 +367,7 @@ public interface PolicyManagementService {
|
||||
message = "ErrorResponse in activating policies.",
|
||||
response = ErrorResponse.class)
|
||||
})
|
||||
@Scope(key = "policy:manage", name = "Add policies", description = "")
|
||||
@Permission(name = "Manage policies", permission = "/device-mgt/policies/manage")
|
||||
Response activatePolicies(
|
||||
@ApiParam(
|
||||
name = "policyIds",
|
||||
@ -402,7 +403,7 @@ public interface PolicyManagementService {
|
||||
message = "ErrorResponse in deactivating policies.",
|
||||
response = ErrorResponse.class)
|
||||
})
|
||||
@Scope(key = "policy:manage", name = "Add policies", description = "")
|
||||
@Permission(name = "Manage policies", permission = "/device-mgt/policies/manage")
|
||||
Response deactivatePolicies(
|
||||
@ApiParam(
|
||||
name = "policyIds",
|
||||
@ -435,7 +436,7 @@ public interface PolicyManagementService {
|
||||
message = "ErrorResponse in deactivating policies.",
|
||||
response = ErrorResponse.class)
|
||||
})
|
||||
@Scope(key = "policy:manage", name = "Add policies", description = "")
|
||||
@Permission(name = "Manage policies", permission = "/device-mgt/policies/manage")
|
||||
Response applyChanges();
|
||||
|
||||
|
||||
@ -464,7 +465,7 @@ public interface PolicyManagementService {
|
||||
message = "Exception in updating policy priorities.",
|
||||
response = ErrorResponse.class)
|
||||
})
|
||||
@Scope(key = "policy:manage", name = "Add policies", description = "")
|
||||
@Permission(name = "Manage policies", permission = "/device-mgt/policies/manage")
|
||||
Response updatePolicyPriorities(
|
||||
@ApiParam(
|
||||
name = "priorityUpdatedPolicies",
|
||||
|
||||
@ -20,10 +20,12 @@ package org.wso2.carbon.device.mgt.jaxrs.service.api;
|
||||
|
||||
import io.swagger.annotations.*;
|
||||
import org.wso2.carbon.apimgt.annotations.api.API;
|
||||
import org.wso2.carbon.apimgt.annotations.api.Permission;
|
||||
import org.wso2.carbon.device.mgt.jaxrs.beans.ErrorResponse;
|
||||
import org.wso2.carbon.device.mgt.jaxrs.beans.RoleInfo;
|
||||
import org.wso2.carbon.device.mgt.jaxrs.beans.RoleList;
|
||||
import org.wso2.carbon.device.mgt.jaxrs.beans.Scope;
|
||||
import org.wso2.carbon.user.mgt.common.UIPermissionNode;
|
||||
|
||||
import javax.ws.rs.*;
|
||||
import javax.ws.rs.core.MediaType;
|
||||
@ -76,7 +78,7 @@ public interface RoleManagementService {
|
||||
message = "Internal Server Error. \n Server error occurred while fetching requested list of roles.",
|
||||
response = ErrorResponse.class)
|
||||
})
|
||||
@org.wso2.carbon.apimgt.annotations.api.Scope(key = "role:view", name = "View roles", description = "")
|
||||
@Permission(name = "View Roles", permission = "/device-mgt/roles/view")
|
||||
Response getRoles(
|
||||
@ApiParam(
|
||||
name = "filter",
|
||||
@ -105,16 +107,16 @@ public interface RoleManagementService {
|
||||
@QueryParam("limit") int limit);
|
||||
|
||||
@GET
|
||||
@Path("/scopes")
|
||||
@Path("/{roleName}/permissions")
|
||||
@ApiOperation(
|
||||
produces = MediaType.APPLICATION_JSON,
|
||||
httpMethod = "GET",
|
||||
value = "Getting authorization scopes.",
|
||||
value = "Getting permission details of a role.",
|
||||
notes = "In an organization an individual is associated a with set of responsibilities based on their " +
|
||||
"role. In EMM you are able to configure scopes based on the responsibilities carried " +
|
||||
"out by a role. Therefore if you wish to retrieve the scopes details of roles, you can do " +
|
||||
"role. In EMM you are able to configure permissions based on the responsibilities carried " +
|
||||
"out by a role. Therefore if you wish to retrieve the permission details of a role, you can do " +
|
||||
"so using this REST API.",
|
||||
response = List.class,
|
||||
response = UIPermissionNode.class,
|
||||
responseContainer = "List",
|
||||
tags = "Role Management"
|
||||
)
|
||||
@ -122,8 +124,8 @@ public interface RoleManagementService {
|
||||
value = {
|
||||
@ApiResponse(
|
||||
code = 200,
|
||||
message = "OK. \n Successfully fetched the scopes list.",
|
||||
response = List.class,
|
||||
message = "OK. \n Successfully fetched the permission list of the given role.",
|
||||
response = UIPermissionNode.class,
|
||||
responseContainer = "List",
|
||||
responseHeaders = {
|
||||
@ResponseHeader(
|
||||
@ -158,8 +160,13 @@ public interface RoleManagementService {
|
||||
message = "Internal Server ErrorResponse. \n Server error occurred while fetching the permission list of the requested role.",
|
||||
response = ErrorResponse.class)
|
||||
})
|
||||
@org.wso2.carbon.apimgt.annotations.api.Scope(key = "role:view", name = "View roles", description = "")
|
||||
Response getScopes(
|
||||
@Permission(name = "View Roles", permission = "/device-mgt/roles/view")
|
||||
Response getPermissionsOfRole(
|
||||
@ApiParam(
|
||||
name = "roleName",
|
||||
value = "Name of the role.",
|
||||
required = true)
|
||||
@PathParam("roleName") String roleName,
|
||||
@ApiParam(
|
||||
name = "If-Modified-Since",
|
||||
value = "Validates if the requested variant has not been modified since the time specified",
|
||||
@ -216,7 +223,7 @@ public interface RoleManagementService {
|
||||
"requested role.",
|
||||
response = ErrorResponse.class)
|
||||
})
|
||||
@org.wso2.carbon.apimgt.annotations.api.Scope(key = "role:view", name = "View roles", description = "")
|
||||
@Permission(name = "View Roles", permission = "/device-mgt/roles/view")
|
||||
Response getRole(
|
||||
@ApiParam(
|
||||
name = "roleName",
|
||||
@ -276,7 +283,7 @@ public interface RoleManagementService {
|
||||
message = "Internal Server Error. \n Server error occurred while adding a new role.",
|
||||
response = ErrorResponse.class)
|
||||
})
|
||||
@org.wso2.carbon.apimgt.annotations.api.Scope(key = "role:manage", name = "Add roles", description = "")
|
||||
@Permission(name = "Manage Roles", permission = "/device-mgt/roles/manage")
|
||||
Response addRole(
|
||||
@ApiParam(
|
||||
name = "role",
|
||||
@ -326,7 +333,7 @@ public interface RoleManagementService {
|
||||
message = "Internal Server Error. \n Server error occurred while updating the role.",
|
||||
response = ErrorResponse.class)
|
||||
})
|
||||
@org.wso2.carbon.apimgt.annotations.api.Scope(key = "role:manage", name = "Add roles", description = "")
|
||||
@Permission(name = "Manage Roles", permission = "/device-mgt/roles/manage")
|
||||
Response updateRole(
|
||||
@ApiParam(
|
||||
name = "roleName",
|
||||
@ -363,7 +370,7 @@ public interface RoleManagementService {
|
||||
message = "Internal Server Error. \n Server error occurred while removing the role.",
|
||||
response = ErrorResponse.class)
|
||||
})
|
||||
@org.wso2.carbon.apimgt.annotations.api.Scope(key = "role:manage", name = "Add roles", description = "")
|
||||
@Permission(name = "Manage Roles", permission = "/device-mgt/roles/manage")
|
||||
Response deleteRole(
|
||||
@ApiParam(
|
||||
name = "roleName",
|
||||
@ -421,7 +428,7 @@ public interface RoleManagementService {
|
||||
"Server error occurred while updating the user list of the role.",
|
||||
response = ErrorResponse.class)
|
||||
})
|
||||
@org.wso2.carbon.apimgt.annotations.api.Scope(key = "role:manage", name = "Add roles", description = "")
|
||||
@Permission(name = "Manage Roles", permission = "/device-mgt/roles/manage")
|
||||
Response updateUsersOfRole(
|
||||
@ApiParam(
|
||||
name = "roleName",
|
||||
|
||||
@ -20,6 +20,7 @@ package org.wso2.carbon.device.mgt.jaxrs.service.api;
|
||||
|
||||
import io.swagger.annotations.*;
|
||||
import org.wso2.carbon.apimgt.annotations.api.API;
|
||||
import org.wso2.carbon.apimgt.annotations.api.Permission;
|
||||
import org.wso2.carbon.apimgt.annotations.api.Scope;
|
||||
import org.wso2.carbon.device.mgt.jaxrs.beans.*;
|
||||
|
||||
@ -83,7 +84,7 @@ public interface UserManagementService {
|
||||
message = "Internal Server Error. \n Server error occurred while adding a new user.",
|
||||
response = ErrorResponse.class)
|
||||
})
|
||||
@Scope(key = "user:manage", name = "Add users", description = "")
|
||||
@Permission(name = "Manage Users", permission = "/device-mgt/users/manage")
|
||||
Response addUser(
|
||||
@ApiParam(
|
||||
name = "user",
|
||||
@ -135,7 +136,7 @@ public interface UserManagementService {
|
||||
" fetching the requested user.",
|
||||
response = ErrorResponse.class)
|
||||
})
|
||||
@Scope(key = "user:view", name = "View users", description = "")
|
||||
@Permission(name = "View Users", permission = "/device-mgt/users/view")
|
||||
Response getUser(
|
||||
@ApiParam(
|
||||
name = "username",
|
||||
@ -192,7 +193,7 @@ public interface UserManagementService {
|
||||
"Server error occurred while updating the user.",
|
||||
response = ErrorResponse.class)
|
||||
})
|
||||
@Scope(key = "user:manage", name = "Add users", description = "")
|
||||
@Permission(name = "Manage Users", permission = "/device-mgt/users/manage")
|
||||
Response updateUser(
|
||||
@ApiParam(
|
||||
name = "username",
|
||||
@ -227,7 +228,7 @@ public interface UserManagementService {
|
||||
response = ErrorResponse.class
|
||||
)
|
||||
})
|
||||
@Scope(key = "user:manage", name = "Add users", description = "")
|
||||
@Permission(name = "Manage Users", permission = "/device-mgt/users/manage")
|
||||
Response removeUser(
|
||||
@ApiParam(name = "username", value = "Username of the user to be deleted.", required = true)
|
||||
@PathParam("username") String username);
|
||||
@ -276,7 +277,7 @@ public interface UserManagementService {
|
||||
" assigned to the user.",
|
||||
response = ErrorResponse.class)
|
||||
})
|
||||
@Scope(key = "user:view", name = "View users", description = "")
|
||||
@Permission(name = "View Users", permission = "/device-mgt/users/view")
|
||||
Response getRolesOfUser(
|
||||
@ApiParam(name = "username", value = "Username of the user.", required = true)
|
||||
@PathParam("username") String username);
|
||||
@ -319,7 +320,7 @@ public interface UserManagementService {
|
||||
message = "Internal Server Error. \n Server error occurred while fetching the user list.",
|
||||
response = ErrorResponse.class)
|
||||
})
|
||||
@Scope(key = "user:view", name = "View users", description = "")
|
||||
@Permission(name = "View Users", permission = "/device-mgt/users/view")
|
||||
Response getUsers(
|
||||
@ApiParam(
|
||||
name = "filter",
|
||||
@ -386,7 +387,7 @@ public interface UserManagementService {
|
||||
"list that matches the given filter.",
|
||||
response = ErrorResponse.class)
|
||||
})
|
||||
@Scope(key = "user:view", name = "View users", description = "")
|
||||
@Permission(name = "View Users", permission = "/device-mgt/users/view")
|
||||
Response getUserNames(
|
||||
@ApiParam(
|
||||
name = "filter",
|
||||
@ -440,7 +441,7 @@ public interface UserManagementService {
|
||||
"Server error occurred while updating credentials of the user.",
|
||||
response = ErrorResponse.class)
|
||||
})
|
||||
@Scope(key = "user:view", name = "View users", description = "")
|
||||
@Permission(name = "View Users", permission = "/device-mgt/users/view")
|
||||
Response resetPassword(
|
||||
@ApiParam(
|
||||
name = "username",
|
||||
@ -483,7 +484,7 @@ public interface UserManagementService {
|
||||
"Server error occurred while updating credentials of the user.",
|
||||
response = ErrorResponse.class)
|
||||
})
|
||||
@Scope(key = "user:manage", name = "Add users", description = "")
|
||||
@Permission(name = "Manage Users", permission = "/device-mgt/users/manage")
|
||||
Response inviteExistingUsersToEnrollDevice(
|
||||
@ApiParam(
|
||||
name = "users",
|
||||
|
||||
@ -20,6 +20,7 @@ package org.wso2.carbon.device.mgt.jaxrs.service.api.admin;
|
||||
|
||||
import io.swagger.annotations.*;
|
||||
import org.wso2.carbon.apimgt.annotations.api.API;
|
||||
import org.wso2.carbon.apimgt.annotations.api.Permission;
|
||||
import org.wso2.carbon.apimgt.annotations.api.Scope;
|
||||
import org.wso2.carbon.device.mgt.common.operation.mgt.Activity;
|
||||
import org.wso2.carbon.device.mgt.jaxrs.beans.ApplicationWrapper;
|
||||
@ -74,7 +75,7 @@ public interface ApplicationManagementAdminService {
|
||||
"a given set of devices.",
|
||||
response = ErrorResponse.class)
|
||||
})
|
||||
@Scope(key = "application:manage", name = "Install/Uninstall applications", description = "")
|
||||
@Permission(name = "Install/Uninstall applications", permission = "/device-mgt/applications/manage")
|
||||
Response installApplication(
|
||||
@ApiParam(
|
||||
name = "applicationWrapper",
|
||||
@ -113,7 +114,7 @@ public interface ApplicationManagementAdminService {
|
||||
"a given set of devices.",
|
||||
response = ErrorResponse.class)
|
||||
})
|
||||
@Scope(key = "application:manage", name = "Install/Uninstall applications", description = "")
|
||||
@Permission(name = "Install/Uninstall applications", permission = "/device-mgt/applications/manage")
|
||||
Response uninstallApplication(
|
||||
@ApiParam(
|
||||
name = "applicationWrapper",
|
||||
|
||||
@ -20,6 +20,7 @@ package org.wso2.carbon.device.mgt.jaxrs.service.api.admin;
|
||||
|
||||
import io.swagger.annotations.*;
|
||||
import org.wso2.carbon.apimgt.annotations.api.API;
|
||||
import org.wso2.carbon.apimgt.annotations.api.Permission;
|
||||
import org.wso2.carbon.apimgt.annotations.api.Scope;
|
||||
import org.wso2.carbon.device.mgt.common.Device;
|
||||
import org.wso2.carbon.device.mgt.jaxrs.beans.ErrorResponse;
|
||||
@ -85,7 +86,7 @@ public interface DeviceManagementAdminService {
|
||||
message = "Internal Server Error. \n Server error occurred while fetching the device list.",
|
||||
response = ErrorResponse.class)
|
||||
})
|
||||
@Scope(key = "device:admin:view", name = "View Devices", description = "")
|
||||
@Permission(name = "View Devices", permission = "/device-mgt/admin/devices/view")
|
||||
Response getDevicesByName(
|
||||
@ApiParam(
|
||||
name = "name",
|
||||
|
||||
@ -20,6 +20,7 @@ package org.wso2.carbon.device.mgt.jaxrs.service.api.admin;
|
||||
|
||||
import io.swagger.annotations.*;
|
||||
import org.wso2.carbon.apimgt.annotations.api.API;
|
||||
import org.wso2.carbon.apimgt.annotations.api.Permission;
|
||||
import org.wso2.carbon.apimgt.annotations.api.Scope;
|
||||
import org.wso2.carbon.device.mgt.jaxrs.beans.ErrorResponse;
|
||||
import org.wso2.carbon.device.mgt.jaxrs.beans.PasswordResetWrapper;
|
||||
@ -68,7 +69,7 @@ public interface UserManagementAdminService {
|
||||
"Server error occurred while updating credentials of the user.",
|
||||
response = ErrorResponse.class)
|
||||
})
|
||||
@Scope(key = "user:admin:reset-password", name = "View users", description = "")
|
||||
@Permission(name = "View Users", permission = "/device-mgt/admin/users/view")
|
||||
Response resetUserPassword(
|
||||
@ApiParam(
|
||||
name = "username",
|
||||
|
||||
@ -20,6 +20,8 @@ package org.wso2.carbon.device.mgt.jaxrs.service.impl;
|
||||
|
||||
import org.apache.commons.logging.Log;
|
||||
import org.apache.commons.logging.LogFactory;
|
||||
import org.wso2.carbon.CarbonConstants;
|
||||
import org.wso2.carbon.base.MultitenantConstants;
|
||||
import org.wso2.carbon.device.mgt.common.scope.mgt.ScopeManagementException;
|
||||
import org.wso2.carbon.device.mgt.common.scope.mgt.ScopeManagementService;
|
||||
import org.wso2.carbon.device.mgt.jaxrs.beans.ErrorResponse;
|
||||
@ -32,11 +34,11 @@ import org.wso2.carbon.device.mgt.jaxrs.service.impl.util.RequestValidationUtil;
|
||||
import org.wso2.carbon.device.mgt.jaxrs.util.DeviceMgtAPIUtils;
|
||||
import org.wso2.carbon.device.mgt.jaxrs.util.DeviceMgtUtil;
|
||||
import org.wso2.carbon.device.mgt.jaxrs.util.SetReferenceTransformer;
|
||||
import org.wso2.carbon.user.api.AuthorizationManager;
|
||||
import org.wso2.carbon.user.api.UserRealm;
|
||||
import org.wso2.carbon.user.api.UserStoreException;
|
||||
import org.wso2.carbon.user.api.UserStoreManager;
|
||||
import org.wso2.carbon.user.api.*;
|
||||
import org.wso2.carbon.user.core.common.AbstractUserStoreManager;
|
||||
import org.wso2.carbon.user.mgt.UserRealmProxy;
|
||||
import org.wso2.carbon.user.mgt.common.UIPermissionNode;
|
||||
import org.wso2.carbon.user.mgt.common.UserAdminException;
|
||||
|
||||
import javax.ws.rs.*;
|
||||
import javax.ws.rs.core.MediaType;
|
||||
@ -90,28 +92,66 @@ public class RoleManagementServiceImpl implements RoleManagementService {
|
||||
}
|
||||
|
||||
@GET
|
||||
@Path("/scopes")
|
||||
@Path("/{roleName}/permissions")
|
||||
@Override
|
||||
public Response getScopes(
|
||||
public Response getPermissionsOfRole(
|
||||
@PathParam("roleName") String roleName,
|
||||
@HeaderParam("If-Modified-Since") String ifModifiedSince) {
|
||||
|
||||
List<Scope> scopes = new ArrayList<>();
|
||||
RequestValidationUtil.validateRoleName(roleName);
|
||||
try {
|
||||
ScopeManagementService scopeManagementService = DeviceMgtAPIUtils.getScopeManagementService();
|
||||
if (scopeManagementService == null) {
|
||||
log.error("Scope management service initialization is failed, hence scopes will not be retrieved");
|
||||
} else {
|
||||
scopes = DeviceMgtUtil.convertAPIScopestoScopes(scopeManagementService.getAllScopes());
|
||||
final UserRealm userRealm = DeviceMgtAPIUtils.getUserRealm();
|
||||
if (!userRealm.getUserStoreManager().isExistingRole(roleName)) {
|
||||
return Response.status(404).entity(new ErrorResponse.ErrorResponseBuilder().setMessage(
|
||||
"No role exists with the name '" + roleName + "'").build()).build();
|
||||
}
|
||||
return Response.status(Response.Status.OK).entity(scopes).build();
|
||||
} catch (ScopeManagementException e) {
|
||||
String msg = "Error occurred while retrieving the scopes";
|
||||
|
||||
final UIPermissionNode rolePermissions = this.getUIPermissionNode(roleName, userRealm);
|
||||
if (rolePermissions == null) {
|
||||
if (log.isDebugEnabled()) {
|
||||
log.debug("No permissions found for the role '" + roleName + "'");
|
||||
}
|
||||
}
|
||||
return Response.status(Response.Status.OK).entity(rolePermissions).build();
|
||||
} catch (UserAdminException e) {
|
||||
String msg = "Error occurred while retrieving the permissions of role '" + roleName + "'";
|
||||
log.error(msg, e);
|
||||
return Response.serverError().entity(
|
||||
new ErrorResponse.ErrorResponseBuilder().setMessage(msg).build()).build();
|
||||
} catch (UserStoreException e) {
|
||||
String msg = "Error occurred while retrieving the underlying user realm attached to the " +
|
||||
"current logged in user";
|
||||
log.error(msg, e);
|
||||
return Response.serverError().entity(
|
||||
new ErrorResponse.ErrorResponseBuilder().setMessage(msg).build()).build();
|
||||
}
|
||||
}
|
||||
|
||||
private UIPermissionNode getUIPermissionNode(String roleName, UserRealm userRealm)
|
||||
throws UserAdminException {
|
||||
org.wso2.carbon.user.core.UserRealm userRealmCore = null;
|
||||
if (userRealm instanceof org.wso2.carbon.user.core.UserRealm) {
|
||||
userRealmCore = (org.wso2.carbon.user.core.UserRealm) userRealm;
|
||||
}
|
||||
final UserRealmProxy userRealmProxy = new UserRealmProxy(userRealmCore);
|
||||
final UIPermissionNode rolePermissions =
|
||||
userRealmProxy.getRolePermissions(roleName, MultitenantConstants.SUPER_TENANT_ID);
|
||||
UIPermissionNode[] deviceMgtPermissions = new UIPermissionNode[2];
|
||||
|
||||
for (UIPermissionNode permissionNode : rolePermissions.getNodeList()) {
|
||||
if (permissionNode.getResourcePath().equals("/permission/admin")) {
|
||||
for (UIPermissionNode node : permissionNode.getNodeList()) {
|
||||
if (node.getResourcePath().equals("/permission/admin/device-mgt")) {
|
||||
deviceMgtPermissions[0] = node;
|
||||
} else if (node.getResourcePath().equals("/permission/admin/login")) {
|
||||
deviceMgtPermissions[1] = node;
|
||||
}
|
||||
}
|
||||
}
|
||||
}
|
||||
rolePermissions.setNodeList(deviceMgtPermissions);
|
||||
return rolePermissions;
|
||||
}
|
||||
|
||||
@GET
|
||||
@Path("/{roleName}")
|
||||
@Override
|
||||
@ -122,49 +162,62 @@ public class RoleManagementServiceImpl implements RoleManagementService {
|
||||
}
|
||||
RequestValidationUtil.validateRoleName(roleName);
|
||||
RoleInfo roleInfo = new RoleInfo();
|
||||
List<String> scopes = new ArrayList<>();
|
||||
try {
|
||||
final UserStoreManager userStoreManager = DeviceMgtAPIUtils.getUserStoreManager();
|
||||
final UserRealm userRealm = DeviceMgtAPIUtils.getUserRealm();
|
||||
if (!userStoreManager.isExistingRole(roleName)) {
|
||||
return Response.status(Response.Status.NOT_FOUND).entity(
|
||||
return Response.status(404).entity(
|
||||
new ErrorResponse.ErrorResponseBuilder().setMessage("No role exists with the name '" +
|
||||
roleName + "'").build()).build();
|
||||
}
|
||||
ScopeManagementService scopeManagementService = DeviceMgtAPIUtils.getScopeManagementService();
|
||||
if (scopeManagementService == null) {
|
||||
log.error("Scope management service initialization is failed, hence scopes will not be retrieved");
|
||||
} else {
|
||||
scopes = DeviceMgtUtil.convertAPIScopesToScopeKeys(scopeManagementService.getScopesOfRole(roleName));
|
||||
}
|
||||
roleInfo.setRoleName(roleName);
|
||||
roleInfo.setUsers(userStoreManager.getUserListOfRole(roleName));
|
||||
roleInfo.setScopes(scopes);
|
||||
// Get the permission nodes and hand picking only device management and login perms
|
||||
final UIPermissionNode rolePermissions = this.getUIPermissionNode(roleName, userRealm);
|
||||
List<String> permList = new ArrayList<>();
|
||||
this.iteratePermissions(rolePermissions, permList);
|
||||
roleInfo.setPermissionList(rolePermissions);
|
||||
String[] permListAr = new String[permList.size()];
|
||||
roleInfo.setPermissions(permList.toArray(permListAr));
|
||||
|
||||
return Response.status(Response.Status.OK).entity(roleInfo).build();
|
||||
} catch (UserStoreException e) {
|
||||
} catch (UserStoreException | UserAdminException e) {
|
||||
String msg = "Error occurred while retrieving the user role '" + roleName + "'";
|
||||
log.error(msg, e);
|
||||
return Response.serverError().entity(
|
||||
new ErrorResponse.ErrorResponseBuilder().setMessage(msg).build()).build();
|
||||
} catch (ScopeManagementException e) {
|
||||
String msg = "Error occurred while retrieving the scopes";
|
||||
log.error(msg, e);
|
||||
return Response.serverError().entity(
|
||||
new ErrorResponse.ErrorResponseBuilder().setMessage(msg).build()).build();
|
||||
}
|
||||
}
|
||||
|
||||
private List<String> iteratePermissions(UIPermissionNode uiPermissionNode, List<String> list) {
|
||||
for (UIPermissionNode permissionNode : uiPermissionNode.getNodeList()) {
|
||||
list.add(permissionNode.getResourcePath());
|
||||
if (permissionNode.getNodeList() != null && permissionNode.getNodeList().length > 0) {
|
||||
iteratePermissions(permissionNode, list);
|
||||
}
|
||||
}
|
||||
return list;
|
||||
}
|
||||
|
||||
@POST
|
||||
@Override
|
||||
public Response addRole(RoleInfo roleInfo) {
|
||||
RequestValidationUtil.validateRoleDetails(roleInfo);
|
||||
RequestValidationUtil.validateRoleName(roleInfo.getRoleName());
|
||||
|
||||
try {
|
||||
UserStoreManager userStoreManager = DeviceMgtAPIUtils.getUserStoreManager();
|
||||
if (log.isDebugEnabled()) {
|
||||
log.debug("Persisting the role in the underlying user store");
|
||||
}
|
||||
userStoreManager.addRole(roleInfo.getRoleName(), roleInfo.getUsers(), null);
|
||||
Permission[] permissions = null;
|
||||
if (roleInfo.getPermissions() != null && roleInfo.getPermissions().length > 0) {
|
||||
permissions = new Permission[roleInfo.getPermissions().length];
|
||||
for (int i = 0; i < permissions.length; i++) {
|
||||
String permission = roleInfo.getPermissions()[i];
|
||||
permissions[i] = new Permission(permission, CarbonConstants.UI_PERMISSION_ACTION);
|
||||
}
|
||||
}
|
||||
userStoreManager.addRole(roleInfo.getRoleName(), roleInfo.getUsers(), permissions);
|
||||
|
||||
//TODO fix what's returned in the entity
|
||||
return Response.created(new URI(API_BASE_PATH + "/" + roleInfo.getRoleName())).entity(
|
||||
@ -194,7 +247,7 @@ public class RoleManagementServiceImpl implements RoleManagementService {
|
||||
final UserRealm userRealm = DeviceMgtAPIUtils.getUserRealm();
|
||||
final UserStoreManager userStoreManager = userRealm.getUserStoreManager();
|
||||
if (!userStoreManager.isExistingRole(roleName)) {
|
||||
return Response.status(Response.Status.NOT_FOUND).entity(
|
||||
return Response.status(404).entity(
|
||||
new ErrorResponse.ErrorResponseBuilder().setMessage("No role exists with the name '" +
|
||||
roleName + "'").build()).build();
|
||||
}
|
||||
@ -220,12 +273,14 @@ public class RoleManagementServiceImpl implements RoleManagementService {
|
||||
userStoreManager.updateUserListOfRole(newRoleName, usersToDelete, usersToAdd);
|
||||
}
|
||||
|
||||
if (roleInfo.getScopes() != null) {
|
||||
ScopeManagementService scopeManagementService = DeviceMgtAPIUtils.getScopeManagementService();
|
||||
if (scopeManagementService == null) {
|
||||
log.error("Scope management service initialization is failed, hence scopes will not be updated");
|
||||
} else {
|
||||
scopeManagementService.updateScopes(roleInfo.getScopes(), roleName);
|
||||
if (roleInfo.getPermissions() != null) {
|
||||
// Delete all authorizations for the current role before authorizing the permission tree
|
||||
authorizationManager.clearRoleAuthorization(roleName);
|
||||
if (roleInfo.getPermissions().length > 0) {
|
||||
for (int i = 0; i < roleInfo.getPermissions().length; i++) {
|
||||
String permission = roleInfo.getPermissions()[i];
|
||||
authorizationManager.authorizeRole(roleName, permission, CarbonConstants.UI_PERMISSION_ACTION);
|
||||
}
|
||||
}
|
||||
}
|
||||
//TODO: Need to send the updated role information in the entity back to the client
|
||||
@ -236,11 +291,6 @@ public class RoleManagementServiceImpl implements RoleManagementService {
|
||||
log.error(msg, e);
|
||||
return Response.serverError().entity(
|
||||
new ErrorResponse.ErrorResponseBuilder().setMessage(msg).build()).build();
|
||||
} catch (ScopeManagementException e) {
|
||||
String msg = "Error occurred while updating scopes of role '" + roleName + "'";
|
||||
log.error(msg, e);
|
||||
return Response.serverError().entity(
|
||||
new ErrorResponse.ErrorResponseBuilder().setMessage(msg).build()).build();
|
||||
}
|
||||
}
|
||||
|
||||
@ -249,12 +299,11 @@ public class RoleManagementServiceImpl implements RoleManagementService {
|
||||
@Override
|
||||
public Response deleteRole(@PathParam("roleName") String roleName) {
|
||||
RequestValidationUtil.validateRoleName(roleName);
|
||||
|
||||
try {
|
||||
final UserRealm userRealm = DeviceMgtAPIUtils.getUserRealm();
|
||||
final UserStoreManager userStoreManager = userRealm.getUserStoreManager();
|
||||
if (!userStoreManager.isExistingRole(roleName)) {
|
||||
return Response.status(Response.Status.NOT_FOUND).entity(
|
||||
return Response.status(404).entity(
|
||||
new ErrorResponse.ErrorResponseBuilder().setMessage("No role exists with the name '" +
|
||||
roleName + "'").build()).build();
|
||||
}
|
||||
@ -267,26 +316,12 @@ public class RoleManagementServiceImpl implements RoleManagementService {
|
||||
// Delete all authorizations for the current role before deleting
|
||||
authorizationManager.clearRoleAuthorization(roleName);
|
||||
|
||||
//removing scopes
|
||||
ScopeManagementService scopeManagementService = DeviceMgtAPIUtils.getScopeManagementService();
|
||||
if (scopeManagementService == null) {
|
||||
log.error("Scope management service initialization is failed, hence scopes will not be updated");
|
||||
} else {
|
||||
scopeManagementService.removeScopes(roleName);
|
||||
}
|
||||
|
||||
return Response.status(Response.Status.OK).entity("Role '" + roleName + "' has " +
|
||||
"successfully been deleted").build();
|
||||
return Response.status(Response.Status.OK).build();
|
||||
} catch (UserStoreException e) {
|
||||
String msg = "Error occurred while deleting the role '" + roleName + "'";
|
||||
log.error(msg, e);
|
||||
return Response.serverError().entity(
|
||||
new ErrorResponse.ErrorResponseBuilder().setMessage(msg).build()).build();
|
||||
} catch (ScopeManagementException e) {
|
||||
String msg = "Error occurred while deleting scopes of role '" + roleName + "'";
|
||||
log.error(msg, e);
|
||||
return Response.serverError().entity(
|
||||
new ErrorResponse.ErrorResponseBuilder().setMessage(msg).build()).build();
|
||||
}
|
||||
}
|
||||
|
||||
|
||||
@ -26,18 +26,10 @@ import javax.xml.bind.annotation.XmlRootElement;
|
||||
*/
|
||||
public class Permission {
|
||||
|
||||
private String name; // permission name
|
||||
private String path; // permission string
|
||||
private String url; // url of the resource
|
||||
private String urlTemplate; // resource template
|
||||
private String method; // http method
|
||||
private String context;
|
||||
|
||||
public String getContext() {
|
||||
return context;
|
||||
}
|
||||
|
||||
public void setContext(String context) {
|
||||
this.context = context;
|
||||
}
|
||||
|
||||
public String getUrl() {
|
||||
return url;
|
||||
@ -55,11 +47,19 @@ public class Permission {
|
||||
this.method = method;
|
||||
}
|
||||
|
||||
public String getUrlTemplate() {
|
||||
return urlTemplate;
|
||||
public String getName() {
|
||||
return name;
|
||||
}
|
||||
|
||||
public void setUrlTemplate(String urlTemplate) {
|
||||
this.urlTemplate = urlTemplate;
|
||||
public void setName(String name) {
|
||||
this.name = name;
|
||||
}
|
||||
|
||||
public String getPath() {
|
||||
return path;
|
||||
}
|
||||
|
||||
public void setPath(String path) {
|
||||
this.path = path;
|
||||
}
|
||||
}
|
||||
|
||||
@ -32,7 +32,7 @@ public interface PermissionManagerService {
|
||||
* @throws PermissionManagementException If some unusual behaviour is observed while adding the
|
||||
* permission.
|
||||
*/
|
||||
void addPermission(Permission permission) throws PermissionManagementException;
|
||||
boolean addPermission(Permission permission) throws PermissionManagementException;
|
||||
|
||||
/**
|
||||
*
|
||||
|
||||
@ -48,6 +48,7 @@ import java.util.Map;
|
||||
public class DeviceAccessAuthorizationServiceImpl implements DeviceAccessAuthorizationService {
|
||||
|
||||
private final static String CDM_ADMIN_PERMISSION = "/device-mgt/admin";
|
||||
private final static String CDM_ADMIN = "Device Management Administrator";
|
||||
private static Log log = LogFactory.getLog(DeviceAccessAuthorizationServiceImpl.class);
|
||||
|
||||
public DeviceAccessAuthorizationServiceImpl() {
|
||||
@ -243,7 +244,10 @@ public class DeviceAccessAuthorizationServiceImpl implements DeviceAccessAuthori
|
||||
}
|
||||
|
||||
private boolean addAdminPermissionToRegistry() throws PermissionManagementException {
|
||||
return PermissionUtils.putPermission(PermissionUtils.getAbsolutePermissionPath(CDM_ADMIN_PERMISSION));
|
||||
Permission permission = new Permission();
|
||||
permission.setName(CDM_ADMIN);
|
||||
permission.setPath(CDM_ADMIN_PERMISSION);
|
||||
return PermissionUtils.putPermission(permission);
|
||||
}
|
||||
|
||||
private Map<String, String> getOwnershipOfDevices(List<Device> devices) {
|
||||
|
||||
@ -21,8 +21,8 @@ package org.wso2.carbon.device.mgt.core.config.permission;
|
||||
import org.apache.catalina.core.StandardContext;
|
||||
import org.apache.commons.logging.Log;
|
||||
import org.apache.commons.logging.LogFactory;
|
||||
import org.scannotation.AnnotationDB;
|
||||
import org.wso2.carbon.apimgt.annotations.api.API;
|
||||
import org.wso2.carbon.device.mgt.common.permission.mgt.Permission;
|
||||
|
||||
import javax.servlet.ServletContext;
|
||||
import javax.ws.rs.*;
|
||||
@ -91,21 +91,20 @@ public class AnnotationProcessor {
|
||||
* @param entityClasses
|
||||
* @return
|
||||
*/
|
||||
public List<org.wso2.carbon.device.mgt.common.permission.mgt.Permission>
|
||||
public List<Permission>
|
||||
extractPermissions(Set<String> entityClasses) {
|
||||
|
||||
List<org.wso2.carbon.device.mgt.common.permission.mgt.Permission> permissions = new ArrayList<>();
|
||||
List<Permission> permissions = new ArrayList<>();
|
||||
|
||||
if (entityClasses != null && !entityClasses.isEmpty()) {
|
||||
|
||||
for (final String className : entityClasses) {
|
||||
|
||||
List<org.wso2.carbon.device.mgt.common.permission.mgt.Permission> resourcePermissions =
|
||||
List<Permission> resourcePermissions =
|
||||
AccessController.doPrivileged(new PrivilegedAction<List<org.wso2.carbon.device.mgt.common.permission.mgt.Permission>>() {
|
||||
public List<org.wso2.carbon.device.mgt.common.permission.mgt.Permission> run() {
|
||||
Class<?> clazz;
|
||||
List<org.wso2.carbon.device.mgt.common.permission.mgt.Permission> apiPermissions =
|
||||
new ArrayList<>();
|
||||
List<Permission> apiPermissions = new ArrayList<>();
|
||||
try {
|
||||
clazz = classLoader.loadClass(className);
|
||||
|
||||
@ -114,7 +113,7 @@ public class AnnotationProcessor {
|
||||
.class.getName());
|
||||
|
||||
Annotation apiAnno = clazz.getAnnotation(apiClazz);
|
||||
List<org.wso2.carbon.device.mgt.common.permission.mgt.Permission> resourceList;
|
||||
List<Permission> resourceList;
|
||||
|
||||
if (apiAnno != null) {
|
||||
|
||||
@ -170,15 +169,13 @@ public class AnnotationProcessor {
|
||||
* @return
|
||||
* @throws Throwable
|
||||
*/
|
||||
private List<org.wso2.carbon.device.mgt.common.permission.mgt.Permission>
|
||||
getApiResources(String resourceRootContext, Method[] annotatedMethods) throws Throwable {
|
||||
private List<Permission> getApiResources(String resourceRootContext, Method[] annotatedMethods) throws Throwable {
|
||||
|
||||
List<org.wso2.carbon.device.mgt.common.permission.mgt.Permission> permissions = new ArrayList<>();
|
||||
List<Permission> permissions = new ArrayList<>();
|
||||
Permission permission;
|
||||
String subCtx;
|
||||
for (Method method : annotatedMethods) {
|
||||
Annotation[] annotations = method.getDeclaredAnnotations();
|
||||
org.wso2.carbon.device.mgt.common.permission.mgt.Permission permission =
|
||||
new org.wso2.carbon.device.mgt.common.permission.mgt.Permission();
|
||||
|
||||
if (isHttpMethodAvailable(annotations)) {
|
||||
Annotation methodContextAnno = method.getAnnotation(pathClazz);
|
||||
@ -187,9 +184,7 @@ public class AnnotationProcessor {
|
||||
} else {
|
||||
subCtx = WILD_CARD;
|
||||
}
|
||||
permission.setContext(makeContextURLReady(resourceRootContext));
|
||||
permission.setUrlTemplate(makeContextURLReady(subCtx));
|
||||
|
||||
permission = new Permission();
|
||||
// this check is added to avoid url resolving conflict which happens due
|
||||
// to adding of '*' notation for dynamic path variables.
|
||||
if (WILD_CARD.equals(subCtx)) {
|
||||
@ -203,10 +198,14 @@ public class AnnotationProcessor {
|
||||
httpMethod = getHTTPMethodAnnotation(annotations[i]);
|
||||
if (httpMethod != null) {
|
||||
permission.setMethod(httpMethod);
|
||||
break;
|
||||
}
|
||||
if (annotations[i].annotationType().getName().
|
||||
equals(org.wso2.carbon.apimgt.annotations.api.Permission.class.getName())) {
|
||||
this.setPermission(method, permission);
|
||||
}
|
||||
}
|
||||
permissions.add(permission);
|
||||
|
||||
}
|
||||
}
|
||||
return permissions;
|
||||
@ -214,6 +213,7 @@ public class AnnotationProcessor {
|
||||
|
||||
/**
|
||||
* Read Method annotations indicating HTTP Methods
|
||||
*
|
||||
* @param annotation
|
||||
*/
|
||||
private String getHTTPMethodAnnotation(Annotation annotation) {
|
||||
@ -294,19 +294,15 @@ public class AnnotationProcessor {
|
||||
* @param servletContext
|
||||
* @return null if cannot determin /WEB-INF/classes
|
||||
*/
|
||||
public static URL findWebInfClassesPath(ServletContext servletContext)
|
||||
{
|
||||
public static URL findWebInfClassesPath(ServletContext servletContext) {
|
||||
String path = servletContext.getRealPath("/WEB-INF/classes");
|
||||
if (path == null) return null;
|
||||
File fp = new File(path);
|
||||
if (fp.exists() == false) return null;
|
||||
try
|
||||
{
|
||||
try {
|
||||
URI uri = fp.toURI();
|
||||
return uri.toURL();
|
||||
}
|
||||
catch (MalformedURLException e)
|
||||
{
|
||||
} catch (MalformedURLException e) {
|
||||
throw new RuntimeException(e);
|
||||
}
|
||||
}
|
||||
@ -329,4 +325,24 @@ public class AnnotationProcessor {
|
||||
return replacedPath.toString();
|
||||
}
|
||||
|
||||
private void setPermission(Method currentMethod, Permission permission) throws Throwable {
|
||||
Class<org.wso2.carbon.apimgt.annotations.api.Permission> permissionClass =
|
||||
(Class<org.wso2.carbon.apimgt.annotations.api.Permission>) classLoader.
|
||||
loadClass(org.wso2.carbon.apimgt.annotations.api.Permission.class.getName());
|
||||
Annotation permissionAnnotation = currentMethod.getAnnotation(permissionClass);
|
||||
if (permissionClass != null) {
|
||||
Method[] permissionClassMethods = permissionClass.getMethods();
|
||||
for (Method method : permissionClassMethods) {
|
||||
switch (method.getName()) {
|
||||
case "name":
|
||||
permission.setName(invokeMethod(method, permissionAnnotation, STRING));
|
||||
break;
|
||||
case "permission":
|
||||
permission.setPath(invokeMethod(method, permissionAnnotation, STRING));
|
||||
break;
|
||||
}
|
||||
}
|
||||
}
|
||||
}
|
||||
|
||||
}
|
||||
|
||||
@ -1,51 +0,0 @@
|
||||
/*
|
||||
* Copyright (c) 2015, WSO2 Inc. (http://www.wso2.org) All Rights Reserved.
|
||||
*
|
||||
* WSO2 Inc. licenses this file to you under the Apache License,
|
||||
* Version 2.0 (the "License"); you may not use this file except
|
||||
* in compliance with the License.
|
||||
* you may obtain a copy of the License at
|
||||
*
|
||||
* http://www.apache.org/licenses/LICENSE-2.0
|
||||
*
|
||||
* Unless required by applicable law or agreed to in writing,
|
||||
* software distributed under the License is distributed on an
|
||||
* "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
|
||||
* KIND, either express or implied. See the License for the
|
||||
* specific language governing permissions and limitations
|
||||
* under the License.
|
||||
*/
|
||||
|
||||
package org.wso2.carbon.device.mgt.core.config.permission;
|
||||
|
||||
import org.wso2.carbon.device.mgt.common.permission.mgt.Permission;
|
||||
|
||||
import javax.xml.bind.annotation.XmlElement;
|
||||
import javax.xml.bind.annotation.XmlRootElement;
|
||||
import java.util.List;
|
||||
|
||||
/**
|
||||
* This class represents the information related to permissions.
|
||||
*/
|
||||
public class PermissionConfiguration {
|
||||
|
||||
private String scopeName;
|
||||
private String[] permissions;
|
||||
|
||||
public String getScopeName() {
|
||||
return scopeName;
|
||||
}
|
||||
|
||||
public void setScopeName(String scope) {
|
||||
this.scopeName = scope;
|
||||
}
|
||||
|
||||
public String[] getPermissions() {
|
||||
return permissions;
|
||||
}
|
||||
|
||||
public void setPermissions(String[] permissions) {
|
||||
this.permissions = permissions;
|
||||
}
|
||||
|
||||
}
|
||||
@ -28,17 +28,10 @@ import org.wso2.carbon.device.mgt.common.permission.mgt.Permission;
|
||||
import org.wso2.carbon.device.mgt.common.permission.mgt.PermissionManagementException;
|
||||
import org.wso2.carbon.device.mgt.common.permission.mgt.PermissionManagerService;
|
||||
import org.wso2.carbon.device.mgt.core.config.permission.AnnotationProcessor;
|
||||
import org.wso2.carbon.device.mgt.core.config.permission.PermissionConfiguration;
|
||||
import org.wso2.carbon.device.mgt.core.permission.mgt.PermissionManagerServiceImpl;
|
||||
import org.wso2.carbon.device.mgt.core.permission.mgt.PermissionUtils;
|
||||
|
||||
import javax.servlet.ServletContext;
|
||||
import javax.xml.bind.JAXBContext;
|
||||
import javax.xml.bind.JAXBException;
|
||||
import javax.xml.bind.Unmarshaller;
|
||||
import java.io.File;
|
||||
import java.io.IOException;
|
||||
import java.io.InputStream;
|
||||
import java.util.List;
|
||||
import java.util.Set;
|
||||
|
||||
|
||||
@ -31,7 +31,6 @@ import org.wso2.carbon.device.mgt.common.notification.mgt.NotificationManagement
|
||||
import org.wso2.carbon.device.mgt.common.operation.mgt.OperationManagementException;
|
||||
import org.wso2.carbon.device.mgt.common.operation.mgt.OperationManager;
|
||||
import org.wso2.carbon.device.mgt.common.permission.mgt.PermissionManagerService;
|
||||
import org.wso2.carbon.device.mgt.common.scope.mgt.ScopeManagementService;
|
||||
import org.wso2.carbon.device.mgt.common.spi.DeviceManagementService;
|
||||
import org.wso2.carbon.device.mgt.core.DeviceManagementConstants;
|
||||
import org.wso2.carbon.device.mgt.core.DeviceManagementPluginRepository;
|
||||
@ -52,7 +51,6 @@ import org.wso2.carbon.device.mgt.core.operation.mgt.OperationManagerImpl;
|
||||
import org.wso2.carbon.device.mgt.core.operation.mgt.dao.OperationManagementDAOFactory;
|
||||
import org.wso2.carbon.device.mgt.core.permission.mgt.PermissionManagerServiceImpl;
|
||||
import org.wso2.carbon.device.mgt.core.push.notification.mgt.PushNotificationProviderRepository;
|
||||
import org.wso2.carbon.device.mgt.core.scope.mgt.ScopeManagementServiceImpl;
|
||||
import org.wso2.carbon.device.mgt.core.scope.mgt.dao.ScopeManagementDAOFactory;
|
||||
import org.wso2.carbon.device.mgt.core.service.DeviceManagementProviderService;
|
||||
import org.wso2.carbon.device.mgt.core.service.DeviceManagementProviderServiceImpl;
|
||||
@ -243,9 +241,10 @@ public class DeviceManagementServiceComponent {
|
||||
= new NotificationManagementServiceImpl();
|
||||
bundleContext.registerService(NotificationManagementService.class.getName(), notificationManagementService, null);
|
||||
|
||||
/* Registering Scope Management Service */
|
||||
ScopeManagementService scopeManagementService = new ScopeManagementServiceImpl();
|
||||
bundleContext.registerService(ScopeManagementService.class.getName(), scopeManagementService, null);
|
||||
/* Registering PermissionManager Service */
|
||||
PermissionManagerService permissionManagerService
|
||||
= PermissionManagerServiceImpl.getInstance();
|
||||
bundleContext.registerService(PermissionManagerService.class.getName(), permissionManagerService, null);
|
||||
|
||||
/* Registering DeviceAccessAuthorization Service */
|
||||
DeviceAccessAuthorizationService deviceAccessAuthorizationService = new DeviceAccessAuthorizationServiceImpl();
|
||||
|
||||
@ -53,9 +53,11 @@ public class PermissionManagerServiceImpl implements PermissionManagerService {
|
||||
}
|
||||
|
||||
@Override
|
||||
public void addPermission(Permission permission) throws PermissionManagementException {
|
||||
public boolean addPermission(Permission permission) throws PermissionManagementException {
|
||||
// adding a permission to the tree
|
||||
permission.setPath(PermissionUtils.getAbsolutePermissionPath(permission.getPath()));
|
||||
permissionTree.addPermission(permission);
|
||||
return PermissionUtils.putPermission(permission);
|
||||
}
|
||||
|
||||
@Override
|
||||
|
||||
@ -66,24 +66,23 @@ public class PermissionUtils {
|
||||
return contextPath + url;
|
||||
}
|
||||
|
||||
// public static Permission getPermission(String path) throws PermissionManagementException {
|
||||
// try {
|
||||
// Resource resource = PermissionUtils.getGovernanceRegistry().get(path);
|
||||
// Permission permission = new Permission();
|
||||
// permission.setName(resource.getProperty(PERMISSION_PROPERTY_NAME));
|
||||
// permission.setPath(resource.getPath());
|
||||
// return permission;
|
||||
// } catch (RegistryException e) {
|
||||
// throw new PermissionManagementException("Error in retrieving registry resource : " +
|
||||
// e.getMessage(), e);
|
||||
// }
|
||||
// }
|
||||
//
|
||||
public static boolean putPermission(String permissionPath)
|
||||
throws PermissionManagementException {
|
||||
public static Permission getPermission(String path) throws PermissionManagementException {
|
||||
try {
|
||||
Resource resource = PermissionUtils.getGovernanceRegistry().get(path);
|
||||
Permission permission = new Permission();
|
||||
permission.setName(resource.getProperty(PERMISSION_PROPERTY_NAME));
|
||||
permission.setPath(resource.getPath());
|
||||
return permission;
|
||||
} catch (RegistryException e) {
|
||||
throw new PermissionManagementException("Error in retrieving registry resource : " +
|
||||
e.getMessage(), e);
|
||||
}
|
||||
}
|
||||
|
||||
public static boolean putPermission(Permission permission) throws PermissionManagementException {
|
||||
boolean status;
|
||||
try {
|
||||
StringTokenizer tokenizer = new StringTokenizer(permissionPath, "/");
|
||||
StringTokenizer tokenizer = new StringTokenizer(permission.getPath(), "/");
|
||||
String lastToken = "", currentToken, tempPath;
|
||||
while (tokenizer.hasMoreTokens()) {
|
||||
currentToken = tokenizer.nextToken();
|
||||
@ -95,7 +94,8 @@ public class PermissionUtils {
|
||||
}
|
||||
status = true;
|
||||
} catch (RegistryException e) {
|
||||
throw new PermissionManagementException("Error occurred while persisting permission", e);
|
||||
throw new PermissionManagementException("Error occurred while persisting permission : " +
|
||||
permission.getName(), e);
|
||||
}
|
||||
return status;
|
||||
}
|
||||
|
||||
@ -60,7 +60,7 @@ public class PermissionBasedScopeValidator extends OAuth2ScopeValidator {
|
||||
@Override
|
||||
public boolean validateScope(AccessTokenDO accessTokenDO, String resource)
|
||||
throws IdentityOAuth2Exception {
|
||||
boolean status = false;
|
||||
boolean status = true;
|
||||
//Extract the url & http method
|
||||
int idx = resource.lastIndexOf(':');
|
||||
String url = resource.substring(0, idx);
|
||||
@ -80,6 +80,12 @@ public class PermissionBasedScopeValidator extends OAuth2ScopeValidator {
|
||||
Permission permission = permissionManagerService.getPermission(properties);
|
||||
User authzUser = accessTokenDO.getAuthzUser();
|
||||
if ((permission != null) && (authzUser != null)) {
|
||||
if (permission.getPath() == null) {
|
||||
if (log.isDebugEnabled()) {
|
||||
log.debug("Permission is not defined for the resource '" + resource + "'");
|
||||
}
|
||||
return true;
|
||||
}
|
||||
String username = authzUser.getUserName();
|
||||
String userStore = authzUser.getUserStoreDomain();
|
||||
int tenantId = OAuthExtUtils.getTenantId(authzUser.getTenantDomain());
|
||||
@ -87,11 +93,11 @@ public class PermissionBasedScopeValidator extends OAuth2ScopeValidator {
|
||||
if (userRealm != null && userRealm.getAuthorizationManager() != null) {
|
||||
if (userStore != null) {
|
||||
status = userRealm.getAuthorizationManager()
|
||||
.isUserAuthorized(userStore + "/" + username, permission.getUrl(),
|
||||
.isUserAuthorized(userStore + "/" + username, permission.getPath(),
|
||||
PermissionMethod.UI_EXECUTE);
|
||||
} else {
|
||||
status = userRealm.getAuthorizationManager()
|
||||
.isUserAuthorized(username, permission.getUrl(), PermissionMethod.UI_EXECUTE);
|
||||
.isUserAuthorized(username, permission.getPath(), PermissionMethod.UI_EXECUTE);
|
||||
}
|
||||
}
|
||||
}
|
||||
|
||||
@ -86,15 +86,4 @@ public class Utils {
|
||||
}
|
||||
}
|
||||
|
||||
public static String getResourceUri(String url, String httpMethod) throws PermissionManagementException {
|
||||
properties = new Properties();
|
||||
properties.put(URL_PROPERTY, url);
|
||||
properties.put(HTTP_METHOD_PROPERTY, httpMethod);
|
||||
permission = permissionManagerService.getPermission(properties);
|
||||
if (permission != null) {
|
||||
return permission.getContext() + "/1.0.0/1.0.0" + permission.getUrlTemplate() + ":" + permission.getMethod();
|
||||
}
|
||||
return null;
|
||||
}
|
||||
|
||||
}
|
||||
|
||||
@ -121,17 +121,7 @@ public class OAuthAuthenticator implements WebappAuthenticator {
|
||||
} else {
|
||||
String bearerToken = getBearerToken(request);
|
||||
|
||||
int urlParamIndex = requestUri.indexOf('?');
|
||||
if(urlParamIndex > 0) {
|
||||
requestUri = requestUri.substring(0, urlParamIndex);
|
||||
}
|
||||
String resource = Utils.getResourceUri(requestUri, requestMethod);
|
||||
|
||||
if (resource == null || resource.isEmpty()) {
|
||||
authenticationInfo.setStatus(Status.FAILURE);
|
||||
authenticationInfo.setMessage("Authorization failed. Requested API resource does not exist");
|
||||
return authenticationInfo;
|
||||
}
|
||||
String resource = requestUri + ":" + requestMethod;
|
||||
|
||||
OAuthValidationResponse oAuthValidationResponse =
|
||||
this.tokenValidator.validateToken(bearerToken, resource);
|
||||
@ -153,8 +143,6 @@ public class OAuthAuthenticator implements WebappAuthenticator {
|
||||
log.error("Failed to authenticate the incoming request", e);
|
||||
} catch (OAuthTokenValidationException e) {
|
||||
log.error("Failed to authenticate the incoming request due to oauth token validation error.", e);
|
||||
} catch (PermissionManagementException e) {
|
||||
log.error("Failed to authenticate the incoming request due to error in permission initialization", e);
|
||||
}
|
||||
return authenticationInfo;
|
||||
}
|
||||
|
||||
Loading…
Reference in New Issue
Block a user