Merge branch 'release-2.0.x' of https://github.com/wso2/carbon-device-mgt into release-2.0.x

components/apimgt-extensions/org.wso2.carbon.apimgt.annotations/pom.xml

@@ -22,13 +22,13 @@
     <parent>
         <artifactId>apimgt-extensions</artifactId>
         <groupId>org.wso2.carbon.devicemgt</groupId>
-        <version>2.0.7-SNAPSHOT</version>
+        <version>2.0.8-SNAPSHOT</version>
         <relativePath>../pom.xml</relativePath>
     </parent>
 
     <modelVersion>4.0.0</modelVersion>
     <artifactId>org.wso2.carbon.apimgt.annotations</artifactId>
-    <version>2.0.7-SNAPSHOT</version>
+    <version>2.0.8-SNAPSHOT</version>
     <packaging>bundle</packaging>
     <name>WSO2 Carbon - API Management Annotations</name>
     <description>WSO2 Carbon - API Management Custom Annotation Module</description>

components/apimgt-extensions/org.wso2.carbon.apimgt.application.extension.api/pom.xml

@@ -21,12 +21,12 @@
     <parent>
         <artifactId>apimgt-extensions</artifactId>
         <groupId>org.wso2.carbon.devicemgt</groupId>
-        <version>2.0.7-SNAPSHOT</version>
+        <version>2.0.8-SNAPSHOT</version>
         <relativePath>../pom.xml</relativePath>
     </parent>
 
     <modelVersion>4.0.0</modelVersion>
-    <version>2.0.7-SNAPSHOT</version>
+    <version>2.0.8-SNAPSHOT</version>
     <artifactId>org.wso2.carbon.apimgt.application.extension.api</artifactId>
     <packaging>war</packaging>
     <name>WSO2 Carbon - API Application Management API</name>
@@ -173,6 +173,11 @@
             <artifactId>org.wso2.carbon.device.mgt.common</artifactId>
             <scope>provided</scope>
         </dependency>
+		<dependency>
+			<groupId>org.wso2.carbon</groupId>
+			<artifactId>org.wso2.carbon.registry.core</artifactId>
+			<scope>provided</scope>
+		</dependency>
     </dependencies>
 
     <build>

components/apimgt-extensions/org.wso2.carbon.apimgt.application.extension.api/src/main/java/org/wso2/carbon/apimgt/application/extension/api/filter/ApiPermissionFilter.java

@@ -56,6 +56,9 @@ public class ApiPermissionFilter implements Filter {
                 PermissionConfiguration permissionConfiguration = (PermissionConfiguration)
                         unmarshaller.unmarshal(permissionStream);
                 permissions = permissionConfiguration.getPermissions();
+                for (Permission permission : permissions) {
+                    APIUtil.putPermission(PERMISSION_PREFIX + permission.getPath());
+                }
             } catch (JAXBException e) {
                 log.error("invalid permissions.xml", e);
             }

components/apimgt-extensions/org.wso2.carbon.apimgt.application.extension.api/src/main/java/org/wso2/carbon/apimgt/application/extension/api/util/APIUtil.java

@@ -21,12 +21,18 @@ package org.wso2.carbon.apimgt.application.extension.api.util;
 import org.apache.commons.logging.Log;
 import org.apache.commons.logging.LogFactory;
 import org.wso2.carbon.apimgt.application.extension.APIManagementProviderService;
+import org.wso2.carbon.base.MultitenantConstants;
 import org.wso2.carbon.context.PrivilegedCarbonContext;
 import org.wso2.carbon.device.mgt.common.DeviceManagementException;
 import org.wso2.carbon.device.mgt.core.service.DeviceManagementProviderService;
+import org.wso2.carbon.registry.api.Resource;
+import org.wso2.carbon.registry.core.Registry;
+import org.wso2.carbon.registry.core.exceptions.RegistryException;
+import org.wso2.carbon.registry.core.service.RegistryService;
 import org.wso2.carbon.user.core.service.RealmService;
 
 import java.util.List;
+import java.util.StringTokenizer;
 
 /**
  * This class provides utility functions used by REST-API.
@@ -35,6 +41,8 @@ public class APIUtil {
 
     private static Log log = LogFactory.getLog(APIUtil.class);
     private static final String DEFAULT_CDMF_API_TAG = "device_management";
+    private static final String DEFAULT_CERT_API_TAG = "scep_management";
+    public static final String PERMISSION_PROPERTY_NAME = "name";
 
     public static String getAuthenticatedUser() {
         PrivilegedCarbonContext threadLocalCarbonContext = PrivilegedCarbonContext.getThreadLocalCarbonContext();
@@ -48,8 +56,7 @@ public class APIUtil {
 
     public static String getTenantDomainOftheUser() {
         PrivilegedCarbonContext threadLocalCarbonContext = PrivilegedCarbonContext.getThreadLocalCarbonContext();
-        String tenantDomain = threadLocalCarbonContext.getTenantDomain();
+        return threadLocalCarbonContext.getTenantDomain();
-        return tenantDomain;
     }
 
     public static APIManagementProviderService getAPIManagementProviderService() {
@@ -92,6 +99,55 @@ public class APIUtil {
         //Todo get allowed cdmf service tags from config.
         List<String> allowedApisTags = getDeviceManagementProviderService().getAvailableDeviceTypes();
         allowedApisTags.add(DEFAULT_CDMF_API_TAG);
+        allowedApisTags.add(DEFAULT_CERT_API_TAG);
         return allowedApisTags;
     }
+
+    public static void putPermission(String permission) {
+        try {
+            StringTokenizer tokenizer = new StringTokenizer(permission, "/");
+            String lastToken = "", currentToken, tempPath;
+            while (tokenizer.hasMoreTokens()) {
+                currentToken = tokenizer.nextToken();
+                tempPath = lastToken + "/" + currentToken;
+                if (!checkResourceExists(tempPath)) {
+                    createRegistryCollection(tempPath, currentToken);
+
+                }
+                lastToken = tempPath;
+            }
+        } catch (org.wso2.carbon.registry.api.RegistryException e) {
+            log.error("Failed to creation permission in registry" + permission, e);
+        }
+    }
+
+    public static void createRegistryCollection(String path, String resourceName)
+            throws org.wso2.carbon.registry.api.RegistryException {
+        Resource resource = getGovernanceRegistry().newCollection();
+        resource.addProperty(PERMISSION_PROPERTY_NAME, resourceName);
+        getGovernanceRegistry().beginTransaction();
+        getGovernanceRegistry().put(path, resource);
+        getGovernanceRegistry().commitTransaction();
+    }
+
+    public static boolean checkResourceExists(String path)
+            throws RegistryException {
+        return getGovernanceRegistry().resourceExists(path);
+    }
+
+    public static Registry getGovernanceRegistry() throws RegistryException {
+        return getRegistryService().getGovernanceSystemRegistry(MultitenantConstants.SUPER_TENANT_ID);
+    }
+
+    public static RegistryService getRegistryService() {
+        PrivilegedCarbonContext ctx = PrivilegedCarbonContext.getThreadLocalCarbonContext();
+        RegistryService registryService =
+                (RegistryService) ctx.getOSGiService(RegistryService.class, null);
+        if (registryService == null) {
+            String msg = "registry service has not initialized.";
+            log.error(msg);
+            throw new IllegalStateException(msg);
+        }
+        return registryService;
+    }
 }

components/apimgt-extensions/org.wso2.carbon.apimgt.application.extension.api/src/main/webapp/META-INF/permissions.xml

@@ -37,14 +37,14 @@
     </Permission>
     <Permission>
         <name>Register application</name>
-        <path>/device-mgt/user/api/application</path>
+        <path>/device-mgt/api/application</path>
         <url>/register</url>
         <method>POST</method>
         <scope>application_user</scope>
     </Permission>
     <Permission>
         <name>Delete application</name>
-        <path>/device-mgt/user/api/application</path>
+        <path>/device-mgt/api/application</path>
         <url>/unregister</url>
         <method>DELETE</method>
         <scope>application_user</scope>

components/apimgt-extensions/org.wso2.carbon.apimgt.application.extension.api/src/main/webapp/WEB-INF/web.xml

@@ -35,10 +35,6 @@
         <servlet-name>CXFServlet</servlet-name>
         <url-pattern>/*</url-pattern>
     </servlet-mapping>
-    <context-param>
-        <param-name>isAdminService</param-name>
-        <param-value>false</param-value>
-    </context-param>
     <context-param>
         <param-name>doAuthentication</param-name>
         <param-value>true</param-value>

components/apimgt-extensions/org.wso2.carbon.apimgt.application.extension/pom.xml

@@ -22,12 +22,12 @@
     <parent>
         <artifactId>apimgt-extensions</artifactId>
         <groupId>org.wso2.carbon.devicemgt</groupId>
-        <version>2.0.7-SNAPSHOT</version>
+        <version>2.0.8-SNAPSHOT</version>
         <relativePath>../pom.xml</relativePath>
     </parent>
 
     <modelVersion>4.0.0</modelVersion>
-    <version>2.0.7-SNAPSHOT</version>
+    <version>2.0.8-SNAPSHOT</version>
     <artifactId>org.wso2.carbon.apimgt.application.extension</artifactId>
     <packaging>bundle</packaging>
     <name>WSO2 Carbon - API Application Management</name>

components/apimgt-extensions/org.wso2.carbon.apimgt.handlers/pom.xml

@@ -21,13 +21,13 @@
     <parent>
         <artifactId>apimgt-extensions</artifactId>
         <groupId>org.wso2.carbon.devicemgt</groupId>
-        <version>2.0.7-SNAPSHOT</version>
+        <version>2.0.8-SNAPSHOT</version>
         <relativePath>../pom.xml</relativePath>
     </parent>
 
     <modelVersion>4.0.0</modelVersion>
     <artifactId>org.wso2.carbon.apimgt.handlers</artifactId>
-    <version>2.0.7-SNAPSHOT</version>
+    <version>2.0.8-SNAPSHOT</version>
     <packaging>bundle</packaging>
     <name>WSO2 Carbon - API Security Handler Component</name>
     <description>WSO2 Carbon - API Management Security Handler Module</description>

components/apimgt-extensions/org.wso2.carbon.apimgt.handlers/src/main/java/org/wso2/carbon/apimgt/handlers/AuthenticationHandler.java

@@ -38,6 +38,7 @@ import java.net.URI;
 import java.net.URISyntaxException;
 import java.util.HashMap;
 import java.util.Map;
+import java.util.StringTokenizer;
 
 /**
  * Synapse gateway handler for API authentication.
@@ -48,6 +49,12 @@ public class AuthenticationHandler extends AbstractHandler {
     private HandlerDescription handlerDesc;
     private RESTInvoker restInvoker;
 
+    private static final String X_JWT_ASSERTION  = "X-JWT-Assertion";
+    private static final String JWTTOKEN = "JWTToken";
+    private static final String AUTHORIZATION = "Authorization";
+    private static final String BEARER = "Bearer ";
+    private static final String CONTENT_TYPE = "Content-Type";
+
     private IOTServerConfiguration iotServerConfiguration;
 
     /**
@@ -62,6 +69,7 @@ public class AuthenticationHandler extends AbstractHandler {
 
     /**
      * Handling the message and checking the security.
+     *
      * @param messageContext
      * @return
      */
@@ -84,14 +92,9 @@ public class AuthenticationHandler extends AbstractHandler {
                 if (log.isDebugEnabled()) {
                     log.debug("Verify Cert:\n" + mdmSignature);
                 }
-                String accessToken = Utils.getAccessToken(iotServerConfiguration);
-
                 String deviceType = this.getDeviceType(messageContext.getTo().getAddress().trim());
                 URI certVerifyUrl = new URI(iotServerConfiguration.getVerificationEndpoint() + deviceType);
-
+                Map<String, String> certVerifyHeaders = this.setHeaders();
-                Map<String, String> certVerifyHeaders = new HashMap<>();
-                certVerifyHeaders.put("Authorization", "Bearer " + accessToken);
-                certVerifyHeaders.put("Content-Type", "application/json");
 
                 Certificate certificate = new Certificate();
                 certificate.setPem(mdmSignature);
@@ -104,15 +107,16 @@ public class AuthenticationHandler extends AbstractHandler {
                         null, certVerifyContent);
 
                 String str = response.getContent();
-                if (str.contains("JWTToken")) {
-                    ValidationResponce validationResponce = gson.fromJson(str, ValidationResponce.class);
-                    // TODO: send the JWT token with user details.
-                    // headers.put("X-JWT-Assertion", validationResponce.getJWTToken());
-                }
                 if (log.isDebugEnabled()) {
                     log.debug("Verify response:" + response.getContent());
                     log.debug("Response String : " + str);
                 }
+                if (response.getHttpStatus() == 200 && str.contains(JWTTOKEN)) {
+                    ValidationResponce validationResponce = gson.fromJson(str, ValidationResponce.class);
+                    headers.put(X_JWT_ASSERTION, validationResponce.getJWTToken());
+                } else {
+                    return false;
+                }
 
             } else if (headers.containsKey(AuthConstants.PROXY_MUTUAL_AUTH_HEADER)) {
                 String subjectDN = headers.get(AuthConstants.PROXY_MUTUAL_AUTH_HEADER).toString();
@@ -120,12 +124,10 @@ public class AuthenticationHandler extends AbstractHandler {
                 if (log.isDebugEnabled()) {
                     log.debug("Verify subject DN: " + subjectDN);
                 }
-                String accessToken = Utils.getAccessToken(iotServerConfiguration);
+
                 String deviceType = this.getDeviceType(messageContext.getTo().getAddress().trim());
                 URI certVerifyUrl = new URI(iotServerConfiguration.getVerificationEndpoint() + deviceType);
-                Map<String, String> certVerifyHeaders = new HashMap<>();
+                Map<String, String> certVerifyHeaders = this.setHeaders();
-                certVerifyHeaders.put("Authorization", "Bearer " + accessToken);
-                certVerifyHeaders.put("Content-Type", "application/json");
                 Certificate certificate = new Certificate();
                 certificate.setPem(subjectDN);
                 certificate.setTenantId(tenantId);
@@ -143,11 +145,9 @@ public class AuthenticationHandler extends AbstractHandler {
                 if (log.isDebugEnabled()) {
                     log.debug("Verify Cert:\n" + encodedPem);
                 }
-                String accessToken = Utils.getAccessToken(iotServerConfiguration);
+                String deviceType = this.getDeviceType(messageContext.getTo().getAddress().trim());
-                URI certVerifyUrl = new URI(iotServerConfiguration.getVerificationEndpoint() + "android");
+                URI certVerifyUrl = new URI(iotServerConfiguration.getVerificationEndpoint() + deviceType);
-                Map<String, String> certVerifyHeaders = new HashMap<>();
+                Map<String, String> certVerifyHeaders = this.setHeaders();
-                certVerifyHeaders.put("Authorization", "Bearer " + accessToken);
-                certVerifyHeaders.put("Content-Type", "application/json");
 
                 Certificate certificate = new Certificate();
                 certificate.setPem(encodedPem);
@@ -188,13 +188,21 @@ public class AuthenticationHandler extends AbstractHandler {
     }
 
 
-    // TODO : take this from the url.
     private String getDeviceType(String url) {
-        if (url.contains("ios")) {
+        StringTokenizer parts = new StringTokenizer(url, "/");
-            return "ios";
+        while (parts.hasMoreElements()) {
-        } else if (url.contains("android")) {
+            if (parts.nextElement().equals("api")) {
-            return "android";
+                return (String) parts.nextElement();
-        } else return null;
+            }
+        }
+        return null;
+    }
 
+    private Map<String, String> setHeaders() throws APIMCertificateMGTException {
+        Map<String, String> map = new HashMap<>();
+        String accessToken = Utils.getAccessToken(iotServerConfiguration);
+        map.put(AUTHORIZATION, BEARER + accessToken);
+        map.put(CONTENT_TYPE, "application/json");
+        return map;
     }
 }

components/apimgt-extensions/org.wso2.carbon.apimgt.webapp.publisher/pom.xml

@@ -22,13 +22,13 @@
     <parent>
         <artifactId>apimgt-extensions</artifactId>
         <groupId>org.wso2.carbon.devicemgt</groupId>
-        <version>2.0.7-SNAPSHOT</version>
+        <version>2.0.8-SNAPSHOT</version>
         <relativePath>../pom.xml</relativePath>
     </parent>
 
     <modelVersion>4.0.0</modelVersion>
     <artifactId>org.wso2.carbon.apimgt.webapp.publisher</artifactId>
-    <version>2.0.7-SNAPSHOT</version>
+    <version>2.0.8-SNAPSHOT</version>
     <packaging>bundle</packaging>
     <name>WSO2 Carbon - API Management Webapp Publisher</name>
     <description>WSO2 Carbon - API Management Webapp Publisher</description>

components/apimgt-extensions/org.wso2.carbon.apimgt.webapp.publisher/src/main/java/org/wso2/carbon/apimgt/webapp/publisher/lifecycle/util/AnnotationProcessor.java

@@ -73,6 +73,10 @@ public class AnnotationProcessor {
     private static final String SWAGGER_ANNOTATIONS_PROPERTIES_CONTEXT = "context";
     private static final String SWAGGER_ANNOTATIONS_PROPERTIES_VALUE = "value";
     private static final String ANNOTATIONS_SCOPES = "scopes";
+    private static final String ANNOTATIONS_SCOPE = "scope";
+    private static final String DEFAULT_SCOPE_NAME = "default admin scope";
+    private static final String DEFAULT_SCOPE_KEY = "perm:admin";
+    private static final String DEFAULT_SCOPE_PERMISSION = "/permision/device-mgt";
 
     private static final String PERMISSION_PREFIX = "/permission/admin";
 
@@ -273,7 +277,19 @@ public class AnnotationProcessor {
                         resource.setProduces(invokeMethod(producesClassMethods[0], producesAnno, STRING_ARR));
                     }
                     if (annotations[i].annotationType().getName().equals(ApiOperation.class.getName())) {
-                        resource.setScope(this.getScope(annotations[i]));
+                        Scope scope = this.getScope(annotations[i]);
+                        if (scope != null) {
+                            resource.setScope(scope);
+                        } else {
+                            log.warn("Scope is not defined for '" + makeContextURLReady(resourceRootContext) +
+                                    makeContextURLReady(subCtx) + "' endpoint, hence assigning the default scope");
+                            scope = new Scope();
+                            scope.setName(DEFAULT_SCOPE_NAME);
+                            scope.setDescription(DEFAULT_SCOPE_NAME);
+                            scope.setKey(DEFAULT_SCOPE_KEY);
+                            scope.setRoles(DEFAULT_SCOPE_PERMISSION);
+                            resource.setScope(scope);
+                        }
                     }
                 }
                 resourceList.add(resource);
@@ -444,19 +460,26 @@ public class AnnotationProcessor {
         InvocationHandler methodHandler = Proxy.getInvocationHandler(currentMethod);
         Annotation[] extensions = (Annotation[]) methodHandler.invoke(currentMethod,
                 apiOperation.getMethod(SWAGGER_ANNOTATIONS_EXTENSIONS, null), null);
+        if (extensions != null) {
             methodHandler = Proxy.getInvocationHandler(extensions[0]);
-        Annotation[] properties =  (Annotation[])methodHandler.invoke(extensions[0], extensionClass
+            Annotation[] properties = (Annotation[]) methodHandler.invoke(extensions[0], extensionClass
-                .getMethod(SWAGGER_ANNOTATIONS_PROPERTIES,null), null);
+                    .getMethod(SWAGGER_ANNOTATIONS_PROPERTIES, null), null);
-
+            String scopeKey;
+            String propertyName;
             for (Annotation property : properties) {
                 methodHandler = Proxy.getInvocationHandler(property);
-            String scopeKey = (String) methodHandler.invoke(property, extensionPropertyClass
+                propertyName = (String) methodHandler.invoke(property, extensionPropertyClass
-                    .getMethod(SWAGGER_ANNOTATIONS_PROPERTIES_VALUE, null),null);
+                        .getMethod(SWAGGER_ANNOTATIONS_PROPERTIES_NAME, null), null);
+                if (ANNOTATIONS_SCOPE.equals(propertyName)) {
+                    scopeKey = (String) methodHandler.invoke(property, extensionPropertyClass
+                            .getMethod(SWAGGER_ANNOTATIONS_PROPERTIES_VALUE, null), null);
                     if (scopeKey.isEmpty()) {
                         return null;
                     }
                     return apiScopes.get(scopeKey);
                 }
+            }
+        }
         return null;
     }
 }

components/apimgt-extensions/pom.xml

@@ -22,13 +22,13 @@
     <parent>
         <groupId>org.wso2.carbon.devicemgt</groupId>
         <artifactId>carbon-devicemgt</artifactId>
-        <version>2.0.7-SNAPSHOT</version>
+        <version>2.0.8-SNAPSHOT</version>
         <relativePath>../../pom.xml</relativePath>
     </parent>
 
     <modelVersion>4.0.0</modelVersion>
     <artifactId>apimgt-extensions</artifactId>
-    <version>2.0.7-SNAPSHOT</version>
+    <version>2.0.8-SNAPSHOT</version>
     <packaging>pom</packaging>
     <name>WSO2 Carbon - API Management Extensions Component</name>
     <url>http://wso2.org</url>

components/certificate-mgt/org.wso2.carbon.certificate.mgt.api/pom.xml

@@ -22,7 +22,7 @@
     <parent>
         <artifactId>certificate-mgt</artifactId>
         <groupId>org.wso2.carbon.devicemgt</groupId>
-        <version>2.0.7-SNAPSHOT</version>
+        <version>2.0.8-SNAPSHOT</version>
         <relativePath>../pom.xml</relativePath>
     </parent>
 

components/certificate-mgt/org.wso2.carbon.certificate.mgt.api/src/main/webapp/WEB-INF/web.xml

@@ -33,11 +33,6 @@
     <session-config>
         <session-timeout>60</session-timeout>
     </session-config>
-
-    <context-param>
-        <param-name>isAdminService</param-name>
-        <param-value>false</param-value>
-    </context-param>
     <context-param>
         <param-name>doAuthentication</param-name>
         <param-value>true</param-value>

components/certificate-mgt/org.wso2.carbon.certificate.mgt.cert.admin.api/pom.xml

@@ -22,7 +22,7 @@
     <parent>
         <artifactId>certificate-mgt</artifactId>
         <groupId>org.wso2.carbon.devicemgt</groupId>
-        <version>2.0.7-SNAPSHOT</version>
+        <version>2.0.8-SNAPSHOT</version>
         <relativePath>../pom.xml</relativePath>
     </parent>
 

components/certificate-mgt/org.wso2.carbon.certificate.mgt.cert.admin.api/src/main/java/org/wso2/carbon/certificate/mgt/cert/jaxrs/api/CertificateManagementAdminService.java

@@ -64,6 +64,12 @@ import javax.ws.rs.core.Response;
                 description = "Deleting an SSL Certificate",
                 key = "perm:admin:certificates:delete",
                 permissions = {"/device-mgt/admin/certificates/delete"}
+        ),
+        @Scope(
+                name = "Verify SSL certificate",
+                description = "Verify SSL certificate",
+                key = "perm:admin:certificates:verify",
+                permissions = {"/device-mgt/admin/certificates/verify"}
         )
 }
 )
@@ -338,84 +344,8 @@ public interface CertificateManagementAdminService {
                     defaultValue = "12438035315552875930")
             @PathParam("serialNumber") String serialNumber);
 
-//    /**
-//     * Verify IOS Certificate for the API security filter
-//     *
-//     * @param certificate to be verified as a String
-//     * @return Status of the certificate verification.
-//     */
-//    @POST
-//    @Path("/verify/ios")
-//    @ApiOperation(
-//            consumes = MediaType.APPLICATION_JSON,
-//            produces = MediaType.APPLICATION_JSON,
-//            httpMethod = "POST",
-//            value = "Verify IOS SSL certificate",
-//            notes = "Verify IOS Certificate for the API security filter.\n",
-//            tags = "Certificate Management")
-//    @ApiResponses(
-//            value = {
-//                    @ApiResponse(
-//                            code = 200,
-//                            message = "Return the status of the IOS certificate verification.",
-//                            responseHeaders = {
-//                                    @ResponseHeader(
-//                                            name = "Content-Type",
-//                                            description = "The content type of the body")}),
-//                    @ApiResponse(
-//                            code = 400,
-//                            message = "Bad Request. \n Invalid request or validation error.",
-//                            response = ErrorResponse.class)
-//            })
-//    Response verifyIOSCertificate(
-//            @ApiParam(
-//                    name = "certificate",
-//                    value = "The properties to verify certificate. It includes the following: \n" +
-//                            "serial: The unique ID of the certificate. (optional) \n" +
-//                            "pem: mdm-signature of the certificate",
-//                    required = true) EnrollmentCertificate certificate);
-//
-//    /**
-//     * Verify Android Certificate for the API security filter
-//     *
-//     * @param certificate to be verified as a String
-//     * @return Status of the certificate verification.
-//     */
-//    @POST
-//    @Path("/verify/android")
-//    @ApiOperation(
-//            consumes = MediaType.APPLICATION_JSON,
-//            produces = MediaType.APPLICATION_JSON,
-//            httpMethod = "POST",
-//            value = "Verify Android SSL certificate",
-//            notes = "Verify Android Certificate for the API security filter.\n",
-//            tags = "Certificate Management")
-//    @ApiResponses(
-//            value = {
-//                    @ApiResponse(
-//                            code = 200,
-//                            message = "Return the status of the Android certificate verification.",
-//                            responseHeaders = {
-//                                    @ResponseHeader(
-//                                            name = "Content-Type",
-//                                            description = "The content type of the body")}),
-//                    @ApiResponse(
-//                            code = 400,
-//                            message = "Bad Request. \n Invalid request or validation error.",
-//                            response = ErrorResponse.class)
-//            })
-//    Response verifyAndroidCertificate(
-//            @ApiParam(
-//                    name = "certificate",
-//                    value = "The properties to verify certificate. It includes the following: \n" +
-//                            "serial: The unique ID of the certificate. (optional) \n" +
-//                            "pem: pem String of the certificate",
-//                    required = true) EnrollmentCertificate certificate);
-//
-
-
     /**
-     * Verify Android Certificate for the API security filter
+     * Verify Certificate for the API security filter
      *
      * @param certificate to be verified as a String
      * @return Status of the certificate verification.
@@ -426,14 +356,20 @@ public interface CertificateManagementAdminService {
             consumes = MediaType.APPLICATION_JSON,
             produces = MediaType.APPLICATION_JSON,
             httpMethod = "POST",
-            value = "Verify Android SSL certificate",
+            value = "Verify SSL certificate",
-            notes = "Verify Android Certificate for the API security filter.\n",
+            notes = "Verify Certificate for the API security filter.\n",
-            tags = "Certificate Management")
+            tags = "Certificate Management",
+            extensions = {
+            @Extension(properties = {
+                    @ExtensionProperty(name = SCOPE, value = "perm:admin:certificates:verify")
+            })
+            }
+    )
     @ApiResponses(
             value = {
                     @ApiResponse(
                             code = 200,
-                            message = "Return the status of the Android certificate verification.",
+                            message = "Return the status of the certificate verification.",
                             responseHeaders = {
                                     @ResponseHeader(
                                             name = "Content-Type",

components/certificate-mgt/org.wso2.carbon.certificate.mgt.cert.admin.api/src/main/java/org/wso2/carbon/certificate/mgt/cert/jaxrs/api/impl/CertificateManagementAdminServiceImpl.java

@@ -27,7 +27,9 @@ import javax.ws.rs.*;
 import javax.ws.rs.core.Response;
 import java.security.cert.X509Certificate;
 import java.util.ArrayList;
+import java.util.HashMap;
 import java.util.List;
+import java.util.Map;
 
 @Path("/admin/certificates")
 public class CertificateManagementAdminServiceImpl implements CertificateManagementAdminService {
@@ -230,10 +232,20 @@ public class CertificateManagementAdminServiceImpl implements CertificateManagem
                     deviceIdentifier.setId(challengeToken);
                     deviceIdentifier.setType(DeviceManagementConstants.MobileDeviceTypes.MOBILE_DEVICE_TYPE_IOS);
                     TenantedDeviceWrapper tenantedDeviceWrapper = scepManager.getValidatedDevice(deviceIdentifier);
+//
+//                    var claims = {"http://wso2.org/claims/enduserTenantId": adminUserTenantId,
+//                            "http://wso2.org/claims/enduser": adminUsername};
+
+                    Map<String, String> claims = new HashMap<>();
+
+                    claims.put("http://wso2.org/claims/enduserTenantId", String.valueOf(tenantedDeviceWrapper.getTenantId()));
+                    claims.put("http://wso2.org/claims/enduser", tenantedDeviceWrapper.getDevice().getEnrolmentInfo().getOwner());
+                    claims.put("http://wso2.org/claims/deviceIdentifier", tenantedDeviceWrapper.getDevice().getDeviceIdentifier());
+                    claims.put("http://wso2.org/claims/deviceIdType", tenantedDeviceWrapper.getDevice().getType());
 
                     JWTClientManagerService jwtClientManagerService = CertificateMgtAPIUtils.getJwtClientManagerService();
                     String jwdToken = jwtClientManagerService.getJWTClient().getJwtToken(
-                            tenantedDeviceWrapper.getDevice().getEnrolmentInfo().getOwner());
+                            tenantedDeviceWrapper.getDevice().getEnrolmentInfo().getOwner(), claims);
 
                     ValidationResponce validationResponce = new ValidationResponce();
                     validationResponce.setDeviceId(challengeToken);

components/certificate-mgt/org.wso2.carbon.certificate.mgt.cert.admin.api/src/main/webapp/WEB-INF/web.xml

@@ -38,11 +38,6 @@
     <session-config>
         <session-timeout>60</session-timeout>
     </session-config>
-
-    <context-param>
-        <param-name>isAdminService</param-name>
-        <param-value>false</param-value>
-    </context-param>
     <context-param>
         <param-name>doAuthentication</param-name>
         <param-value>true</param-value>

components/certificate-mgt/org.wso2.carbon.certificate.mgt.core/pom.xml

@@ -21,13 +21,13 @@
     <parent>
         <groupId>org.wso2.carbon.devicemgt</groupId>
         <artifactId>certificate-mgt</artifactId>
-        <version>2.0.7-SNAPSHOT</version>
+        <version>2.0.8-SNAPSHOT</version>
         <relativePath>../pom.xml</relativePath>
     </parent>
 
     <modelVersion>4.0.0</modelVersion>
     <artifactId>org.wso2.carbon.certificate.mgt.core</artifactId>
-    <version>2.0.7-SNAPSHOT</version>
+    <version>2.0.8-SNAPSHOT</version>
     <packaging>bundle</packaging>
     <name>WSO2 Carbon - Certificate Management Core</name>
     <description>WSO2 Carbon - Certificate Management Core</description>

components/certificate-mgt/pom.xml

@@ -22,14 +22,14 @@
     <parent>
         <groupId>org.wso2.carbon.devicemgt</groupId>
         <artifactId>carbon-devicemgt</artifactId>
-        <version>2.0.7-SNAPSHOT</version>
+        <version>2.0.8-SNAPSHOT</version>
         <relativePath>../../pom.xml</relativePath>
     </parent>
 
     <modelVersion>4.0.0</modelVersion>
     <groupId>org.wso2.carbon.devicemgt</groupId>
     <artifactId>certificate-mgt</artifactId>
-    <version>2.0.7-SNAPSHOT</version>
+    <version>2.0.8-SNAPSHOT</version>
     <packaging>pom</packaging>
     <name>WSO2 Carbon - Certificate Management Component</name>
     <url>http://wso2.org</url>

components/device-mgt-extensions/org.wso2.carbon.device.mgt.extensions.device.type.deployer/pom.xml

@@ -22,7 +22,7 @@
     <parent>
         <artifactId>device-mgt-extensions</artifactId>
         <groupId>org.wso2.carbon.devicemgt</groupId>
-        <version>2.0.7-SNAPSHOT</version>
+        <version>2.0.8-SNAPSHOT</version>
         <relativePath>../pom.xml</relativePath>
     </parent>
 

components/device-mgt-extensions/org.wso2.carbon.device.mgt.extensions.push.notification.provider.gcm/pom.xml

@@ -22,7 +22,7 @@
     <parent>
         <artifactId>device-mgt-extensions</artifactId>
         <groupId>org.wso2.carbon.devicemgt</groupId>
-        <version>2.0.7-SNAPSHOT</version>
+        <version>2.0.8-SNAPSHOT</version>
         <relativePath>../pom.xml</relativePath>
     </parent>
 

components/device-mgt-extensions/org.wso2.carbon.device.mgt.extensions.push.notification.provider.mqtt/pom.xml

@@ -22,7 +22,7 @@
     <parent>
         <artifactId>device-mgt-extensions</artifactId>
         <groupId>org.wso2.carbon.devicemgt</groupId>
-        <version>2.0.7-SNAPSHOT</version>
+        <version>2.0.8-SNAPSHOT</version>
         <relativePath>../pom.xml</relativePath>
     </parent>
 

components/device-mgt-extensions/org.wso2.carbon.device.mgt.extensions.push.notification.provider.xmpp/pom.xml

@@ -22,7 +22,7 @@
     <parent>
         <artifactId>device-mgt-extensions</artifactId>
         <groupId>org.wso2.carbon.devicemgt</groupId>
-        <version>2.0.7-SNAPSHOT</version>
+        <version>2.0.8-SNAPSHOT</version>
         <relativePath>../pom.xml</relativePath>
     </parent>
 

components/device-mgt-extensions/pom.xml

@@ -22,7 +22,7 @@
     <parent>
         <artifactId>carbon-devicemgt</artifactId>
         <groupId>org.wso2.carbon.devicemgt</groupId>
-        <version>2.0.7-SNAPSHOT</version>
+        <version>2.0.8-SNAPSHOT</version>
         <relativePath>../../pom.xml</relativePath>
     </parent>
 

components/device-mgt/org.wso2.carbon.device.mgt.analytics.dashboard/pom.xml

@@ -3,7 +3,7 @@
     <parent>
         <groupId>org.wso2.carbon.devicemgt</groupId>
         <artifactId>device-mgt</artifactId>
-        <version>2.0.7-SNAPSHOT</version>
+        <version>2.0.8-SNAPSHOT</version>
         <relativePath>../pom.xml</relativePath>
     </parent>
 

components/device-mgt/org.wso2.carbon.device.mgt.analytics.data.publisher/pom.xml

@@ -22,7 +22,7 @@
     <parent>
         <groupId>org.wso2.carbon.devicemgt</groupId>
         <artifactId>device-mgt</artifactId>
-        <version>2.0.7-SNAPSHOT</version>
+        <version>2.0.8-SNAPSHOT</version>
         <relativePath>../pom.xml</relativePath>
     </parent>
 

components/device-mgt/org.wso2.carbon.device.mgt.api/pom.xml

@@ -22,7 +22,7 @@
     <parent>
         <artifactId>device-mgt</artifactId>
         <groupId>org.wso2.carbon.devicemgt</groupId>
-        <version>2.0.7-SNAPSHOT</version>
+        <version>2.0.8-SNAPSHOT</version>
         <relativePath>../pom.xml</relativePath>
     </parent>
 

components/device-mgt/org.wso2.carbon.device.mgt.api/src/main/java/org/wso2/carbon/device/mgt/jaxrs/service/api/DeviceManagementService.java

@@ -29,7 +29,6 @@ import io.swagger.annotations.ApiParam;
 import io.swagger.annotations.ApiResponse;
 import io.swagger.annotations.ApiResponses;
 import io.swagger.annotations.ResponseHeader;
-import org.json.JSONObject;
 import org.wso2.carbon.apimgt.annotations.api.Scope;
 import org.wso2.carbon.apimgt.annotations.api.Scopes;
 import org.wso2.carbon.device.mgt.common.Device;
@@ -80,6 +79,12 @@ import javax.ws.rs.core.Response;
                         key = "perm:devices:details",
                         permissions = {"/device-mgt/devices/owning-device/view"}
                 ),
+                @Scope(
+                        name = "Update the device specified by device id",
+                        description = "Update the device specified by device id",
+                        key = "perm:devices:update",
+                        permissions = {"/device-mgt/devices/owning-device/view"}
+                ),
                 @Scope(
                         name = "Delete the device specified by device id",
                         description = "Delete the device specified by device id",

components/device-mgt/org.wso2.carbon.device.mgt.api/src/main/java/org/wso2/carbon/device/mgt/jaxrs/service/api/PolicyManagementService.java

@@ -18,27 +18,36 @@
  */
 package org.wso2.carbon.device.mgt.jaxrs.service.api;
 
-import io.swagger.annotations.SwaggerDefinition;
-import io.swagger.annotations.Info;
-import io.swagger.annotations.ExtensionProperty;
-import io.swagger.annotations.Extension;
-import io.swagger.annotations.Tag;
 import io.swagger.annotations.Api;
 import io.swagger.annotations.ApiOperation;
 import io.swagger.annotations.ApiParam;
 import io.swagger.annotations.ApiResponse;
 import io.swagger.annotations.ApiResponses;
+import io.swagger.annotations.Extension;
+import io.swagger.annotations.ExtensionProperty;
+import io.swagger.annotations.Info;
 import io.swagger.annotations.ResponseHeader;
+import io.swagger.annotations.SwaggerDefinition;
+import io.swagger.annotations.Tag;
 import org.wso2.carbon.apimgt.annotations.api.Scope;
 import org.wso2.carbon.apimgt.annotations.api.Scopes;
+import org.wso2.carbon.device.mgt.common.policy.mgt.Policy;
 import org.wso2.carbon.device.mgt.jaxrs.beans.ErrorResponse;
 import org.wso2.carbon.device.mgt.jaxrs.beans.PolicyWrapper;
 import org.wso2.carbon.device.mgt.jaxrs.beans.PriorityUpdatedPolicyWrapper;
 import org.wso2.carbon.device.mgt.jaxrs.util.Constants;
-import org.wso2.carbon.device.mgt.common.policy.mgt.Policy;
 
 import javax.validation.Valid;
-import javax.ws.rs.*;
+import javax.validation.constraints.Size;
+import javax.ws.rs.Consumes;
+import javax.ws.rs.GET;
+import javax.ws.rs.HeaderParam;
+import javax.ws.rs.POST;
+import javax.ws.rs.PUT;
+import javax.ws.rs.Path;
+import javax.ws.rs.PathParam;
+import javax.ws.rs.Produces;
+import javax.ws.rs.QueryParam;
 import javax.ws.rs.core.MediaType;
 import javax.ws.rs.core.Response;
 import java.util.List;
@@ -118,6 +127,12 @@ import java.util.List;
                         description = "Updating the Policy Priorities",
                         key = "perm:policies:priorities",
                         permissions = {"/device-mgt/policies/manage"}
+                ),
+                @Scope(
+                        name = "Fetching the Effective Policy",
+                        description = "Fetching the Effective Policy",
+                        key = "perm:policies:effective-policy",
+                        permissions = {"/device-mgt/policies/view"}
                 )
         }
 )
@@ -605,6 +620,69 @@ public interface PolicyManagementService {
 
     @GET
     @Path("/effective-policy/{deviceType}/{deviceId}")
-    Response getEffectivePolicy(@PathParam("deviceId") String deviceId, @PathParam("deviceType") String deviceType);
+    @ApiOperation(
-
+            consumes = MediaType.APPLICATION_JSON,
+            produces = MediaType.APPLICATION_JSON,
+            httpMethod = "GET",
+            value = "Getting the Effective Policy",
+            notes = "Retrieve the effective policy of a device using this API.",
+            tags = "Device Policy Management",
+            extensions = {
+                    @Extension(properties = {
+                            @ExtensionProperty(name = Constants.SCOPE, value = "perm:policies:effective-policy")
+                    })
+            }
+    )
+    @ApiResponses(
+            value = {
+                    @ApiResponse(
+                            code = 200,
+                            message = "OK. \n Successfully fetched the policy.",
+                            response = Policy.class,
+                            responseHeaders = {
+                                    @ResponseHeader(
+                                            name = "Content-Type",
+                                            description = "The content type of the body"),
+                                    @ResponseHeader(
+                                            name = "ETag",
+                                            description = "Entity Tag of the response resource.\n" +
+                                                    "Used by caches, or in conditional requests."),
+                                    @ResponseHeader(
+                                            name = "Last-Modified",
+                                            description = "Date and time the resource was last modified.\n" +
+                                                    "Used by caches, or in conditional requests."),
+                            }
+                    ),
+                    @ApiResponse(
+                            code = 304,
+                            message = "Not Modified. \n Empty body because the client already has the latest version of the requested resource.\n"),
+                    @ApiResponse(
+                            code = 404,
+                            message = "Not Found. \n A specified policy was not found.",
+                            response = ErrorResponse.class),
+                    @ApiResponse(
+                            code = 406,
+                            message = "Not Acceptable.\n The requested media type is not supported."),
+                    @ApiResponse(
+                            code = 500,
+                            message = "Internal Server Error. \n Server error occurred while fetching the " +
+                                    "policy.",
+                            response = ErrorResponse.class)
+            })
+    Response getEffectivePolicy(
+            @ApiParam(
+                    name = "deviceType",
+                    value = "The device type, such as ios, android or windows.",
+                    required = true,
+                    allowableValues = "android, ios, windows")
+            @PathParam("deviceType")
+            @Size(max = 45)
+                    String deviceType,
+            @ApiParam(
+                    name = "deviceId",
+                    value = "The device identifier of the device you want ot get details.",
+                    required = true)
+            @PathParam("deviceId")
+            @Size(max = 45)
+                    String deviceId);
 }

components/device-mgt/org.wso2.carbon.device.mgt.api/src/main/java/org/wso2/carbon/device/mgt/jaxrs/service/api/UserManagementService.java

@@ -771,11 +771,10 @@ public interface UserManagementService {
             value = "Sending Enrollment Invitations to email address",
             notes = "Send the a mail inviting recipients to enroll devices.",
             tags = "User Management",
-            authorizations = {
+            extensions = {
-                    @Authorization(
+                    @Extension(properties = {
-                            value = "permission",
+                            @ExtensionProperty(name = Constants.SCOPE, value = "perm:users:send-invitation")
-                            scopes = {@AuthorizationScope(scope = "/device-mgt/users/invite", description = "Invite Users")}
+                    })
-                    )
             }
     )
     @ApiResponses(value = {

components/device-mgt/org.wso2.carbon.device.mgt.api/src/main/java/org/wso2/carbon/device/mgt/jaxrs/service/api/admin/DeviceAccessAuthorizationAdminService.java

@@ -22,9 +22,17 @@ import io.swagger.annotations.Api;
 import io.swagger.annotations.ApiOperation;
 import io.swagger.annotations.ApiResponse;
 import io.swagger.annotations.ApiResponses;
+import io.swagger.annotations.Extension;
+import io.swagger.annotations.ExtensionProperty;
+import io.swagger.annotations.Info;
+import io.swagger.annotations.SwaggerDefinition;
+import io.swagger.annotations.Tag;
+import org.wso2.carbon.apimgt.annotations.api.Scope;
+import org.wso2.carbon.apimgt.annotations.api.Scopes;
 import org.wso2.carbon.device.mgt.common.authorization.DeviceAuthorizationResult;
 import org.wso2.carbon.device.mgt.jaxrs.beans.AuthorizationRequest;
 import org.wso2.carbon.device.mgt.jaxrs.beans.ErrorResponse;
+import org.wso2.carbon.device.mgt.jaxrs.util.Constants;
 
 import javax.ws.rs.Consumes;
 import javax.ws.rs.POST;
@@ -37,6 +45,32 @@ import javax.ws.rs.core.Response;
 @Api(value = "Device Authorization Administrative Service", description = "This an  API intended to be used by " +
         "'internal' components to log in as an admin user and validate whether the user/device are trusted entity." +
         "Further, this is strictly restricted to admin users only ")
+
+@SwaggerDefinition(
+        info = @Info(
+                version = "1.0.0",
+                title = "",
+                extensions = {
+                        @Extension(properties = {
+                                @ExtensionProperty(name = "name", value = "DeviceAccessAuthorizationAdminService"),
+                                @ExtensionProperty(name = "context", value = "/api/device-mgt/v1.0/admin/authorization"),
+                        })
+                }
+        ),
+        tags = {
+                @Tag(name = "device_management", description = "")
+        }
+)
+@Scopes(
+        scopes = {
+                @Scope(
+                        name = "Verify device authorization",
+                        description = "Verify device authorization",
+                        key = "perm:authorization:verify",
+                        permissions = {"/device-mgt/authorization/verify"}
+                )
+        }
+)
 @Produces(MediaType.APPLICATION_JSON)
 @Consumes(MediaType.APPLICATION_JSON)
 /**
@@ -52,7 +86,13 @@ public interface DeviceAccessAuthorizationAdminService {
             value = "Check for device access authorization\n",
             notes = "This is an internal API that can be used to check for authorization.",
             response = DeviceAuthorizationResult.class,
-            tags = "Authorization Administrative Service")
+            tags = "Authorization Administrative Service",
+            extensions = {
+                    @Extension(properties = {
+                            @ExtensionProperty(name = Constants.SCOPE, value = "perm:authorization:verify")
+                    })
+            })
+
     @ApiResponses(value = {
             @ApiResponse(
                     code = 200,

components/device-mgt/org.wso2.carbon.device.mgt.api/src/main/java/org/wso2/carbon/device/mgt/jaxrs/service/impl/PolicyManagementServiceImpl.java

@@ -376,7 +376,7 @@ public class PolicyManagementServiceImpl implements PolicyManagementService {
     @GET
     @Path("/effective-policy/{deviceType}/{deviceId}")
     @Override
-    public Response getEffectivePolicy(@PathParam("deviceId") String deviceId, @PathParam("deviceType") String deviceType) {
+    public Response getEffectivePolicy(@PathParam("deviceType") String deviceType, @PathParam("deviceId") String deviceId) {
         PolicyManagerService policyManagementService = DeviceMgtAPIUtils.getPolicyManagementService();
         final Policy policy;
         try {

components/device-mgt/org.wso2.carbon.device.mgt.api/src/main/webapp/WEB-INF/web.xml

@@ -40,30 +40,10 @@
         <session-timeout>60</session-timeout>
     </session-config>
 
-    <context-param>
-        <param-name>isAdminService</param-name>
-        <param-value>false</param-value>
-    </context-param>
     <context-param>
         <param-name>doAuthentication</param-name>
         <param-value>true</param-value>
     </context-param>
-    <!--context-param>
-        <param-name>managed-api-enabled</param-name>
-        <param-value>true</param-value>
-    </context-param>
-    <context-param>
-        <param-name>managed-api-owner</param-name>
-        <param-value>admin</param-value>
-    </context-param>
-    <context-param>
-        <param-name>managed-api-version</param-name>
-        <param-value>1.0.0</param-value>
-    </context-param>
-    <context-param>
-        <param-name>managed-api-isSecured</param-name>
-        <param-value>true</param-value>
-    </context-param-->
 
     <!--publish to apim-->
     <context-param>

components/device-mgt/org.wso2.carbon.device.mgt.common/pom.xml

@@ -21,7 +21,7 @@
     <parent>
         <artifactId>device-mgt</artifactId>
         <groupId>org.wso2.carbon.devicemgt</groupId>
-        <version>2.0.7-SNAPSHOT</version>
+        <version>2.0.8-SNAPSHOT</version>
         <relativePath>../pom.xml</relativePath>
     </parent>
 

components/device-mgt/org.wso2.carbon.device.mgt.core/pom.xml

@@ -22,7 +22,7 @@
     <parent>
         <groupId>org.wso2.carbon.devicemgt</groupId>
         <artifactId>device-mgt</artifactId>
-        <version>2.0.7-SNAPSHOT</version>
+        <version>2.0.8-SNAPSHOT</version>
         <relativePath>../pom.xml</relativePath>
     </parent>
 

components/device-mgt/org.wso2.carbon.device.mgt.core/src/main/java/org/wso2/carbon/device/mgt/core/config/permission/AnnotationProcessor.java

@@ -70,7 +70,9 @@ public class AnnotationProcessor {
     private static final String SWAGGER_ANNOTATIONS_PROPERTIES_KEY = "key";
     private static final String SWAGGER_ANNOTATIONS_PROPERTIES_PERMISSIONS = "permissions";
     private static final String ANNOTATIONS_SCOPES = "scopes";
-
+    private static final String ANNOTATIONS_SCOPE = "scope";
+    private static final String DEFAULT_PERM_NAME = "default";
+    private static final String DEFAULT_PERM = "/device-mgt";
     private static final String PERMISSION_PREFIX = "/permission/admin";
 
     private StandardContext context;
@@ -251,9 +253,14 @@ public class AnnotationProcessor {
                         this.setPermission(annotations[i], permission);
                     }
                 }
+                if (permission.getName() == null || permission.getPath() == null) {
+                    log.warn("Permission not assigned to the resource url - " + permission.getMethod() + ":"
+                                     + permission.getUrl());
+                } else {
                     permissions.add(permission);
                 }
             }
+        }
         return permissions;
     }
 
@@ -375,19 +382,33 @@ public class AnnotationProcessor {
         InvocationHandler methodHandler = Proxy.getInvocationHandler(currentMethod);
         Annotation[] extensions = (Annotation[]) methodHandler.invoke(currentMethod,
                 apiOperation.getMethod(SWAGGER_ANNOTATIONS_EXTENSIONS, null), null);
+        if (extensions != null) {
             methodHandler = Proxy.getInvocationHandler(extensions[0]);
-        Annotation[] properties =  (Annotation[])methodHandler.invoke(extensions[0], extensionClass
+            Annotation[] properties = (Annotation[]) methodHandler.invoke(extensions[0], extensionClass
-                .getMethod(SWAGGER_ANNOTATIONS_PROPERTIES,null), null);
+                    .getMethod(SWAGGER_ANNOTATIONS_PROPERTIES, null), null);
             Scope scope;
+            String scopeKey;
+            String propertyName;
             for (Annotation property : properties) {
                 methodHandler = Proxy.getInvocationHandler(property);
-            String scopeKey = (String) methodHandler.invoke(property, extensionPropertyClass
+                propertyName = (String) methodHandler.invoke(property, extensionPropertyClass
-                    .getMethod(SWAGGER_ANNOTATIONS_PROPERTIES_VALUE, null),null);
+                        .getMethod(SWAGGER_ANNOTATIONS_PROPERTIES_NAME, null), null);
+                if (ANNOTATIONS_SCOPE.equals(propertyName)) {
+                     scopeKey = (String) methodHandler.invoke(property, extensionPropertyClass
+                            .getMethod(SWAGGER_ANNOTATIONS_PROPERTIES_VALUE, null), null);
                     if (!scopeKey.isEmpty()) {
                         scope = apiScopes.get(scopeKey);
+                        if (scope != null) {
                             permission.setName(scope.getName());
                             //TODO: currently permission tree supports only adding one permission per API point.
                             permission.setPath(scope.getRoles().split(" ")[0]);
+                        } else {
+                            log.warn("No Scope mapping is done for scope key: " + scopeKey);
+                            permission.setName(DEFAULT_PERM_NAME);
+                            permission.setPath(DEFAULT_PERM);
+                        }
+                    }
+                }
             }
         }
     }

components/device-mgt/org.wso2.carbon.device.mgt.core/src/main/java/org/wso2/carbon/device/mgt/core/permission/mgt/PermissionManagerServiceImpl.java

@@ -55,7 +55,7 @@ public class PermissionManagerServiceImpl implements PermissionManagerService {
     @Override
     public boolean addPermission(Permission permission) throws PermissionManagementException {
         // adding a permission to the tree
-        permission.setPath(PermissionUtils.getAbsolutePermissionPath(permission.getPath()));
+        permission.setPath(permission.getPath());
         permissionTree.addPermission(permission);
         return PermissionUtils.putPermission(permission);
     }

components/device-mgt/org.wso2.carbon.device.mgt.extensions/pom.xml

@@ -22,7 +22,7 @@
     <parent>
         <artifactId>device-mgt</artifactId>
         <groupId>org.wso2.carbon.devicemgt</groupId>
-        <version>2.0.7-SNAPSHOT</version>
+        <version>2.0.8-SNAPSHOT</version>
         <relativePath>../pom.xml</relativePath>
     </parent>
 

components/device-mgt/org.wso2.carbon.device.mgt.ui/pom.xml

@@ -22,7 +22,7 @@
     <parent>
         <artifactId>device-mgt</artifactId>
         <groupId>org.wso2.carbon.devicemgt</groupId>
-        <version>2.0.7-SNAPSHOT</version>
+        <version>2.0.8-SNAPSHOT</version>
         <relativePath>../pom.xml</relativePath>
     </parent>
 

components/device-mgt/org.wso2.carbon.device.mgt.ui/src/main/resources/jaggeryapps/devicemgt/app/conf/config.json

@@ -1,7 +1,7 @@
 {
     "appContext": "/devicemgt/",
-    "httpsURL" : "https://localhost:8243",
+    "httpsURL" : "https://%server.ip%:8243",
-    "httpURL" : "http://localhost:8280",
+    "httpURL" : "http://%server.ip%:8280",
     "wssURL" : "https://localhost:9445",
     "wsURL" : "%http.ip%",
     "portalURL": "https://%server.ip%:9445",
@@ -139,7 +139,9 @@
         "perm:admin:certificates:delete",
         "perm:admin:certificates:details",
         "perm:admin:certificates:view",
-        "perm:admin:certificates:add"
+        "perm:admin:certificates:add",
+        "perm:admin:certificates:verify",
+        "perm:admin"
     ],
     "isOAuthEnabled" : true,
     "backendRestEndpoints" : {

components/device-mgt/org.wso2.carbon.device.mgt.ui/src/main/resources/jaggeryapps/devicemgt/app/modules/oauth/token-handlers.js

@@ -28,6 +28,7 @@ var handlers = function () {
     var tokenUtil = require("/app/modules/oauth/token-handler-utils.js")["utils"];
     var constants = require("/app/modules/constants.js");
     var devicemgtProps = require("/app/modules/conf-reader/main.js")["conf"];
+    var utility = require("/app/modules/utility.js")["utility"];
 
     var publicMethods = {};
     var privateMethods = {};
@@ -49,6 +50,7 @@ var handlers = function () {
                 var tokenData;
                 // tokenPair will include current access token as well as current refresh token
                 var arrayOfScopes = devicemgtProps["scopes"];
+                arrayOfScopes = arrayOfScopes.concat(utility.getDeviceTypesScopesList());
                 var stringOfScopes = "";
                 arrayOfScopes.forEach(function (entry) {
                     stringOfScopes += entry + " ";
@@ -79,7 +81,7 @@ var handlers = function () {
         if (!username || !samlToken) {
             throw new Error("{/app/modules/oauth/token-handlers.js} Could not set up access token pair by " +
                             "saml grant type. Either username of logged in user, samlToken or both are missing " +
-                    "as input - setupTokenPairByPasswordGrantType(x, y)");
+                            "as input - setupTokenPairBySamlGrantType(x, y)");
         } else {
             privateMethods.setUpEncodedTenantBasedClientAppCredentials(username);
             privateMethods.setUpEncodedTenantBasedWebSocketClientAppCredentials(username);
@@ -87,10 +89,11 @@ var handlers = function () {
             if (!encodedClientAppCredentials) {
                 throw new Error("{/app/modules/oauth/token-handlers.js} Could not set up access token pair " +
                                 "by saml grant type. Encoded client credentials are " +
-                        "missing - setupTokenPairByPasswordGrantType(x, y)");
+                                "missing - setupTokenPairBySamlGrantType(x, y)");
             } else {
                 var tokenData;
                 var arrayOfScopes = devicemgtProps["scopes"];
+                arrayOfScopes = arrayOfScopes.concat(utility.getDeviceTypesScopesList());
                 var stringOfScopes = "";
                 arrayOfScopes.forEach(function (entry) {
                     stringOfScopes += entry + " ";
@@ -102,7 +105,7 @@ var handlers = function () {
                 if (!tokenData) {
                     throw new Error("{/app/modules/oauth/token-handlers.js} Could not set up token " +
                                     "pair by password grant type. Error in token " +
-                            "retrieval - setupTokenPairByPasswordGrantType(x, y)");
+                                    "retrieval - setupTokenPairBySamlGrantType(x, y)");
                 } else {
                     var tokenPair = {};
                     tokenPair["accessToken"] = tokenData["accessToken"];

components/device-mgt/org.wso2.carbon.device.mgt.ui/src/main/resources/jaggeryapps/devicemgt/app/modules/utility.js

@@ -125,5 +125,33 @@ utility = function () {
         return null;
     };
 
+    publicMethods.getDeviceTypesScopesList = function () {
+        var dirs = new File("/app/units/").listFiles();
+        var scopesList = [];
+        for (var i = 0; i < dirs.length; i++) {
+            var unitName = dirs[i].getName();
+            if (unitName.match(/^cdmf\.unit\.device\.type\..*\.type-view$/g)) {
+                var deviceTypeConfigFile = new File("/app/units/" + unitName + "/private/config.json");
+                if (deviceTypeConfigFile.isExists()) {
+                    try {
+                        deviceTypeConfigFile.open("r");
+                        var config = deviceTypeConfigFile.readAll();
+                        config = config.replace("%https.ip%", server.address("https"));
+                        config = config.replace("%http.ip%", server.address("http"));
+                        var deviceTypeConfig = parse(config);
+                        if (deviceTypeConfig.deviceType && deviceTypeConfig.deviceType.scopes) {
+                            scopesList = scopesList.concat(deviceTypeConfig.deviceType.scopes);
+                        }
+                    } catch (err) {
+                        log.error("Error while reading device config file for `" + deviceType + "`: " + err);
+                    } finally {
+                        deviceTypeConfigFile.close();
+                    }
+                }
+            }
+        }
+        return scopesList;
+    };
+
     return publicMethods;
 }();

components/device-mgt/org.wso2.carbon.device.mgt.ui/src/main/resources/jaggeryapps/devicemgt/app/pages/cdmf.page.device.search/public/templates/device-listing.hbs

@@ -20,7 +20,7 @@
                 </td>
                 <td class="remove-padding-top" data-search="{{enrolmentInfo.owner}}" data-display="{{enrolmentInfo.owner}}" data-grid-label="Owner">{{enrolmentInfo.owner}}</td>
                 <td class="remove-padding-top" data-search="{{enrolmentInfo.status}}" data-display="{{enrolmentInfo.status}}" data-grid-label="Status">
-                    {{#equal enrolmentInfo.status "ACTIVE"}}<span><i class="fw fw-ok icon-success"></i> Active</span>{{/equal}}
+                    {{#equal enrolmentInfo.status "ACTIVE"}}<span><i class="fw fw-success icon-success"></i> Active</span>{{/equal}}
                     {{#equal enrolmentInfo.status "INACTIVE"}}<span><i class="fw fw-warning icon-warning"></i> Inactive</span>{{/equal}}
                     {{#equal enrolmentInfo.status "BLOCKED"}}<span><i class="fw fw-remove icon-danger"></i> Blocked</span>{{/equal}}
                     {{#equal enrolmentInfo.status "REMOVED"}}<span><i class="fw fw-delete icon-danger"></i> Removed</span>{{/equal}}

components/device-mgt/org.wso2.carbon.device.mgt.ui/src/main/resources/jaggeryapps/devicemgt/app/pages/cdmf.page.devices/public/js/listing.js

@@ -277,7 +277,7 @@ function loadDevices(searchType, searchParam) {
                 var html;
                 switch (status) {
                     case 'ACTIVE' :
-                        html = '<span><i class="fw fw-ok icon-success"></i> Active</span>';
+                        html = '<span><i class="fw fw-success icon-success"></i> Active</span>';
                         break;
                     case 'INACTIVE' :
                         html = '<span><i class="fw fw-warning icon-warning"></i> Inactive</span>';

components/device-mgt/org.wso2.carbon.device.mgt.ui/src/main/resources/jaggeryapps/devicemgt/app/pages/cdmf.page.policies/policies.hbs

@@ -182,9 +182,9 @@
             {{#each policyListToView}}
                 <tr data-type="selectable" data-id="{{id}}" data-status="{{status}}">
                     <td class="remove-padding icon-only content-fill viewEnabledIcon"
-                        data-url="{{@app.context}}/policy/view?id={{id}}" data-id="{{id}}">
+                        data-url="{{@app.context}}/policy/view?id={{id}}&deviceType={{platform}}" data-id="{{id}}">
-                        <div class="thumbnail icon" style="padding-top: 30px; padding-bottom: 30px;">
+                        <div class="thumbnail icon">
-                            <i class="fw fw-{{deviceTypeIcon}}" style="font-size: 59px"></i>
+                            <img src="{{icon}}">
                         </div>
                     </td>
                     <td
@@ -196,7 +196,7 @@
                             <span><i class="fw fw-warning icon-success"></i> Active/Updated</span>
                         {{/equal}}
                         {{#equal status "Active"}}
-                            <span><i class="fw fw-ok icon-success"></i> Active</span>
+                            <span><i class="fw fw-success icon-success"></i> Active</span>
                         {{/equal}}
                         {{#equal status "Inactive/Updated"}}
                             <span><i class="fw fw-warning icon-warning"></i> Inactive/Updated</span>
@@ -239,7 +239,7 @@
                     </td>
                     <td class="text-right content-fill text-left-on-grid-view no-wrap">
                         <!--suppress HtmlUnknownTarget -->
-                        <a href="{{@app.context}}/policy/edit?id={{id}}"
+                        <a href="{{@app.context}}/policy/edit?id={{id}}&deviceType={{platform}}"
                            data-id="{{id}}"
                            data-click-event="remove-form"
                            class="btn padding-reduce-on-grid-view policy-update-link">

components/device-mgt/org.wso2.carbon.device.mgt.ui/src/main/resources/jaggeryapps/devicemgt/app/pages/cdmf.page.policies/policies.js

@@ -30,9 +30,15 @@ function onRequest(context) {
     var page = {};
     var policyModule = require("/app/modules/business-controllers/policy.js")["policyModule"];
     var userModule = require("/app/modules/business-controllers/user.js")["userModule"];
+    var utility = require("/app/modules/utility.js")["utility"];
     var response = policyModule.getAllPolicies();
     if (response["status"] == "success") {
         var policyListToView = response["content"];
+        for(var index in policyListToView) {
+            if(policyListToView.hasOwnProperty(index)) {
+                policyListToView[index]["icon"] = utility.getDeviceThumb(policyListToView[index]["platform"]);
+            }
+        }
         page["policyListToView"] = policyListToView;
         var policyCount = policyListToView.length;
         if (policyCount == 0) {

components/device-mgt/org.wso2.carbon.device.mgt.ui/src/main/resources/jaggeryapps/devicemgt/app/pages/cdmf.page.register/public/js/validate-register.js

@@ -121,12 +121,12 @@ $(document).ready(function(){
                            $("#add-user-btn").prop('disabled', false);
                            if (data == 200) {
                                $('.wr-validation-summary strong').html(
-                                       "<i class=\"icon fw fw-ok\"></i> Successfully Submitted.");
+                                       "<i class=\"icon fw fw-success\"></i> Successfully Submitted.");
                                $('.wr-validation-summary').removeClass("alert-danger");
                                $('.wr-validation-summary').addClass("alert-success");
                            } else if (data == 201) {
                                $('.wr-validation-summary strong').html(
-                                       "<i class=\"icon fw fw-ok\"></i> User created succssfully. You will be " +
+                                       "<i class=\"icon fw fw-success\"></i> User created succssfully. You will be " +
                                        "redirected to login page.");
                                $('.wr-validation-summary').removeClass("alert-danger");
                                $('.wr-validation-summary').addClass("alert-success");

components/device-mgt/org.wso2.carbon.device.mgt.ui/src/main/resources/jaggeryapps/devicemgt/app/units/cdmf.unit.device.overview-section/overview-section.hbs

@@ -51,7 +51,7 @@
         <td class="sorting_1" style="padding:10px 15px;">Status</td>
         <td style="padding:10px 15px;">
             {{#equal device.status "ACTIVE"}}<span><i
-                    class="fw fw-ok icon-success"></i> Active</span>{{/equal}}
+                    class="fw fw-success icon-success"></i> Active</span>{{/equal}}
             {{#equal device.status "INACTIVE"}}<span><i
                     class="fw fw-warning icon-warning"></i> Inactive</span>{{/equal}}
             {{#equal device.status "BLOCKED"}}<span><i class="fw fw-remove icon-danger"></i> Blocked</span>{{/equal}}

components/device-mgt/org.wso2.carbon.device.mgt.ui/src/main/resources/jaggeryapps/devicemgt/app/units/cdmf.unit.device.types.listing/listing.hbs

@@ -16,7 +16,7 @@
   under the License.
 }}
 
-{{#if virtualDeviceTypesList}}
+{{#if deviceTypesList}}
     <div class="row wr-device-board">
         <div class="col-lg-12 wr-secondary-bar">
             <span class="page-sub-title">Device Types</span>

components/device-mgt/org.wso2.carbon.device.mgt.ui/src/main/resources/jaggeryapps/devicemgt/app/units/cdmf.unit.device.view/public/js/device-view.js

@@ -81,7 +81,7 @@
                         var html;
                         switch (status) {
                             case "COMPLETED" :
-                                html = "<span><i class='fw fw-ok icon-success'></i> Completed</span>";
+                                html = "<span><i class='fw fw-success icon-success'></i> Completed</span>";
                                 break;
                             case "PENDING" :
                                 html = "<span><i class='fw fw-warning icon-warning'></i> Pending</span>";
@@ -90,10 +90,10 @@
                                 html = "<span><i class='fw fw-error icon-danger'></i> Error</span>";
                                 break;
                             case "IN_PROGRESS" :
-                                html = "<span><i class='fw fw-ok icon-warning'></i> In Progress</span>";
+                                html = "<span><i class='fw fw-success icon-warning'></i> In Progress</span>";
                                 break;
                             case "REPEATED" :
-                                html = "<span><i class='fw fw-ok icon-warning'></i> Repeated</span>";
+                                html = "<span><i class='fw fw-success icon-warning'></i> Repeated</span>";
                                 break;
                         }
                         return html;

components/device-mgt/org.wso2.carbon.device.mgt.ui/src/main/resources/jaggeryapps/devicemgt/app/units/cdmf.unit.device.view/public/templates/policy-compliance.hbs

@@ -26,7 +26,7 @@
                     <div>
                         <b>Compliance :</b>
                         {{#equal compliance "COMPLIANT"}}
-                            <span><i class="fw fw-ok icon-success"></i> Compliant</span>
+                            <span><i class="fw fw-success icon-success"></i> Compliant</span>
                         {{/equal}}
                         {{#equal compliance "NON-COMPLIANT"}}
                             <span><i class="fw fw-warning icon-danger"></i> Not Compliant</span>
@@ -62,7 +62,7 @@
         <tr data-type="selectable">
             <td data-display="{{featureCode}}" data-grid-label="Feature Code">{{featureCode}}</td>
             <td data-display="{{compliance}}" data-grid-label="Status">
-                {{#equal compliance true}}<span><i class="fw fw-ok icon-success"></i> Compliant</span>{{/equal}}
+                {{#equal compliance true}}<span><i class="fw fw-success icon-success"></i> Compliant</span>{{/equal}}
                 {{#equal compliance false}}<span><i class="fw fw-warning icon-danger"></i> Not Compliant</span>{{/equal}}
             </td>
         </tr>

components/device-mgt/org.wso2.carbon.device.mgt.ui/src/main/resources/jaggeryapps/devicemgt/app/units/cdmf.unit.device.view/public/templates/policy-list.hbs

@@ -15,7 +15,7 @@
                     <i class="fw fw-warning icon-success"></i> Active/Updated</span>
                 {{/equal}}
                 {{#equal status "Active"}}
-                    <i class="fw fw-ok icon-success"></i> Active</span>
+                    <i class="fw fw-success icon-success"></i> Active</span>
                 {{/equal}}
                 {{#equal status "Inactive/Updated"}}
                     <i class="fw fw-warning icon-warning"></i> Inactive/Updated</span>

components/device-mgt/org.wso2.carbon.device.mgt.ui/src/main/resources/jaggeryapps/devicemgt/app/units/cdmf.unit.effective-policy.view/public/js/view.js

@@ -30,7 +30,7 @@ var displayPolicy = function (policyPayloadObj) {
     if (policyPayloadObj["active"] == true && policyPayloadObj["updated"] == true) {
         policyStatus = '<i class="fw fw-warning icon-success"></i> Active/Updated</span>';
     } else if (policyPayloadObj["active"] == true && policyPayloadObj["updated"] == false) {
-        policyStatus = '<i class="fw fw-ok icon-success"></i> Active</span>';
+        policyStatus = '<i class="fw fw-success icon-success"></i> Active</span>';
     } else if (policyPayloadObj["active"] == false && policyPayloadObj["updated"] == true) {
         policyStatus = '<i class="fw fw-warning icon-warning"></i> Inactive/Updated</span>';
     } else if (policyPayloadObj["active"] == false && policyPayloadObj["updated"] == false) {

components/device-mgt/org.wso2.carbon.device.mgt.ui/src/main/resources/jaggeryapps/devicemgt/app/units/cdmf.unit.policy.edit/edit.hbs

@@ -2,6 +2,8 @@
     {{#if isAuthorized }}
         <span id="logged-in-user" class="hidden" data-username="{{user.username}}" data-domain="{{user.domain}}"
               data-tenant-id="{{user.tenantId}}"></span>
+        <span id="policy-operations" class="hidden" data-template="{{policyOperations.template}}"
+              data-script="{{policyOperations.script}}" data-style="{{policyOperations.style}}"></span>
         <div class="row">
             <div class="col-md-12">
 

components/device-mgt/org.wso2.carbon.device.mgt.ui/src/main/resources/jaggeryapps/devicemgt/app/units/cdmf.unit.policy.edit/edit.js

@@ -17,8 +17,8 @@
  */
 
 function onRequest(context) {
-    var log = new Log("policy-view-edit-unit backend js");
+    var deviceType = request.getParameter("deviceType");
-
+    var utility = require("/app/modules/utility.js").utility;
     var userModule = require("/app/modules/business-controllers/user.js")["userModule"];
     var groupModule = require("/app/modules/business-controllers/group.js")["groupModule"];
 
@@ -31,12 +31,30 @@ function onRequest(context) {
     if (usersResult.status == "success") {
         context.users = usersResult.content;
     }
-
     context["groups"] = groupModule.getGroups();
-
     var user = userModule.getCarbonUser();
     context["user"] = {username: user.username, domain: user.domain, tenantId: user.tenantId};
 
+    context["policyOperations"] = {};
+    var policyEditSrc = "/app/units/" + utility.getTenantedDeviceUnitName(deviceType, "policy-edit");
+    if (new File(policyEditSrc).isExists()) {
+        var policyOperationsTemplateSrc = policyEditSrc + "/public/templates/" + deviceType + "-policy-edit.hbs";
+        if (new File(policyOperationsTemplateSrc).isExists()) {
+            context["policyOperations"].template = "/public/cdmf.unit.device.type." + deviceType +
+                ".policy-edit/templates/" + deviceType + "-policy-edit.hbs";
+        }
+        var policyOperationsScriptSrc = policyEditSrc + "/public/js/" + deviceType + "-policy-edit.js";
+        if (new File(policyOperationsScriptSrc).isExists()) {
+            context["policyOperations"].script = "/public/cdmf.unit.device.type." + deviceType + ".policy-edit/js/" +
+                deviceType + "-policy-edit.js";
+        }
+        var policyOperationsStylesSrc = policyEditSrc + "/public/css/" + deviceType + "-policy-edit.css";
+        if (new File(policyOperationsStylesSrc).isExists()) {
+            context["policyOperations"].style = "/public/cdmf.unit.device.type." + deviceType + ".policy-edit/css/" +
+                deviceType + "-policy-edit.css";
+        }
+    }
+
     context.isAuthorized = userModule.isAuthorized("/permission/admin/device-mgt/policies/manage");
     context.isAuthorizedViewUsers = userModule.isAuthorized("/permission/admin/device-mgt/roles/view");
     context.isAuthorizedViewRoles = userModule.isAuthorized("/permission/admin/device-mgt/users/view");

components/device-mgt/org.wso2.carbon.device.mgt.ui/src/main/resources/jaggeryapps/devicemgt/app/units/cdmf.unit.policy.edit/public/js/policy-edit.js

@@ -179,27 +179,27 @@ skipStep["policy-platform"] = function (policyPayloadObj) {
     $("#policy-profile-page-wizard-title").text("EDIT " + policy["platform"] + " POLICY - " + policy["name"]);
 
     var deviceType = policy["platform"];
-    var policyOperationsTemplateSrc = context + '/public/cdmf.unit.device.type.' + deviceType +
+    var policyOperations = $("#policy-operations");
-        '.policy-edit/templates/' + deviceType + '-policy-edit.hbs';
+    var policyEditTemplateSrc = $(policyOperations).data("template");
-    var policyOperationsScriptSrc = context + '/public/cdmf.unit.device.type.' + deviceType +
+    var policyEditScriptSrc = $(policyOperations).data("script");
-        '.policy-edit/js/' + deviceType + '-policy-edit.js';
+    var policyEditStylesSrc = $(policyOperations).data("style");
-    var policyOperationsStylesSrc = context + '/public/cdmf.unit.device.type.' + deviceType +
+    var policyEditTemplateCacheKey = deviceType + '-policy-edit';
-        '.policy-edit/css/' + deviceType + '-policy-edit.css';
-    var policyOperationsTemplateCacheKey = deviceType + '-policy-operations';
 
-    $.isResourceExists(policyOperationsTemplateSrc, function (status) {
+    if (policyEditTemplateSrc) {
-        if (status) {
+        if (policyEditScriptSrc) {
-            $.template(policyOperationsTemplateCacheKey, policyOperationsTemplateSrc, function (template) {
+            var script = document.createElement('script');
+            script.type = 'text/javascript';
+            script.src = context + policyEditScriptSrc;
+            $(".wr-advance-operations").prepend(script);
+            hasPolicyProfileScript = true;
+        } else {
+            hasPolicyProfileScript = false;
+        }
+        $.template(policyEditTemplateCacheKey, context + policyEditTemplateSrc, function (template) {
             var content = template();
             $("#device-type-policy-operations").html(content).removeClass("hidden");
             $(".policy-platform").addClass("hidden");
-                $.isResourceExists(policyOperationsScriptSrc, function (status) {
+            if (hasPolicyProfileScript) {
-                    if (status) {
-                        hasPolicyProfileScript = true;
-                        var script = document.createElement('script');
-                        script.type = 'text/javascript';
-                        script.src = policyOperationsScriptSrc;
-                        $(".wr-advance-operations").prepend(script);
                 /*
                  This method should be implemented in the relevant plugin side and should include the logic to
                  populate the policy profile in the plugin specific UI.
@@ -207,24 +207,19 @@ skipStep["policy-platform"] = function (policyPayloadObj) {
                 polulateProfileOperations(policyPayloadObj["profile"]["profileFeaturesList"]);
             }
         });
-            });
-
-            $.isResourceExists(policyOperationsStylesSrc, function (status) {
-                if (status) {
-                    var style = document.createElement('link');
-                    style.type = 'text/css';
-                    style.rel = 'stylesheet';
-                    style.href = policyOperationsStylesSrc;
-                    $(".wr-advance-operations").prepend(style);
-                }
-            });
     } else {
         $("#generic-policy-operations").removeClass("hidden");
     }
+    if (policyEditStylesSrc) {
+        var style = document.createElement('link');
+        style.type = 'text/css';
+        style.rel = 'stylesheet';
+        style.href = context + policyEditStylesSrc;
+        $(".wr-advance-operations").prepend(style);
+    }
     $(".wr-advance-operations-init").addClass("hidden");
-    });
 
-    if(!hasPolicyProfileScript) {
+    if (!hasPolicyProfileScript) {
         populateGenericProfileOperations(policyPayloadObj["profile"]["profileFeaturesList"]);
     }
 };

components/device-mgt/org.wso2.carbon.device.mgt.ui/src/main/resources/jaggeryapps/devicemgt/app/units/cdmf.unit.policy.view/public/js/view.js

@@ -32,7 +32,7 @@ var displayPolicy = function (policyPayloadObj) {
     if (policyPayloadObj["active"] == true && policyPayloadObj["updated"] == true) {
         policyStatus = '<i class="fw fw-warning icon-success"></i> Active/Updated</span>';
     } else if (policyPayloadObj["active"] == true && policyPayloadObj["updated"] == false) {
-        policyStatus = '<i class="fw fw-ok icon-success"></i> Active</span>';
+        policyStatus = '<i class="fw fw-success icon-success"></i> Active</span>';
     } else if (policyPayloadObj["active"] == false && policyPayloadObj["updated"] == true) {
         policyStatus = '<i class="fw fw-warning icon-warning"></i> Inactive/Updated</span>';
     } else if (policyPayloadObj["active"] == false && policyPayloadObj["updated"] == false) {
@@ -67,27 +67,27 @@ var displayPolicy = function (policyPayloadObj) {
     }
 
     var deviceType = policy["platform"];
-    var policyOperationsTemplateSrc = context + '/public/cdmf.unit.device.type.' + deviceType +
+    var policyOperations = $("#policy-operations");
-        '.policy-view/templates/' + deviceType + '-policy-view.hbs';
+    var policyViewTemplateSrc = $(policyOperations).data("template");
-    var policyOperationsScriptSrc = context + '/public/cdmf.unit.device.type.' + deviceType +
+    var policyViewScriptSrc = $(policyOperations).data("script");
-        '.policy-view/js/' + deviceType + '-policy-view.js';
+    var policyViewStylesSrc = $(policyOperations).data("style");
-    var policyOperationsStylesSrc = context + '/public/cdmf.unit.device.type.' + deviceType +
+    var policyViewTemplateCacheKey = deviceType + '-policy-view';
-        '.policy-view/css/' + deviceType + '-policy-view.css';
-    var policyOperationsTemplateCacheKey = deviceType + '-policy-operations';
 
-    $.isResourceExists(policyOperationsTemplateSrc, function (status) {
+    if (policyViewTemplateSrc) {
-        if (status) {
+        if (policyViewScriptSrc) {
-            $.template(policyOperationsTemplateCacheKey, policyOperationsTemplateSrc, function (template) {
+            var script = document.createElement('script');
+            script.type = 'text/javascript';
+            script.src = context + policyViewScriptSrc;
+            $(".wr-advance-operations").prepend(script);
+            hasPolicyProfileScript = true;
+        } else {
+            hasPolicyProfileScript = false;
+        }
+        $.template(policyViewTemplateCacheKey, context + policyViewTemplateSrc, function (template) {
             var content = template();
             $("#device-type-policy-operations").html(content).removeClass("hidden");
             $(".policy-platform").addClass("hidden");
-                $.isResourceExists(policyOperationsScriptSrc, function (status) {
+            if (hasPolicyProfileScript) {
-                    if (status) {
-                        hasPolicyProfileScript = true;
-                        var script = document.createElement('script');
-                        script.type = 'text/javascript';
-                        script.src = policyOperationsScriptSrc;
-                        $(".wr-advance-operations").prepend(script);
                 /*
                  This method should be implemented in the relevant plugin side and should include the logic to
                  populate the policy profile in the plugin specific UI.
@@ -95,24 +95,19 @@ var displayPolicy = function (policyPayloadObj) {
                 polulateProfileOperations(policyPayloadObj["profile"]["profileFeaturesList"]);
             }
         });
-            });
-
-            $.isResourceExists(policyOperationsStylesSrc, function (status) {
-                if (status) {
-                    var style = document.createElement('link');
-                    style.type = 'text/css';
-                    style.rel = 'stylesheet';
-                    style.href = policyOperationsStylesSrc;
-                    $(".wr-advance-operations").prepend(style);
-                }
-            });
     } else {
         $("#generic-policy-operations").removeClass("hidden");
     }
+    if (policyViewStylesSrc) {
+        var style = document.createElement('link');
+        style.type = 'text/css';
+        style.rel = 'stylesheet';
+        style.href = context + policyViewStylesSrc;
+        $(".wr-advance-operations").prepend(style);
+    }
     $(".wr-advance-operations-init").addClass("hidden");
-    });
 
-    if(!hasPolicyProfileScript) {
+    if (!hasPolicyProfileScript) {
         populateGenericProfileOperations(policyPayloadObj["profile"]["profileFeaturesList"]);
     }
 };

components/device-mgt/org.wso2.carbon.device.mgt.ui/src/main/resources/jaggeryapps/devicemgt/app/units/cdmf.unit.policy.view/view.hbs

@@ -8,7 +8,8 @@
                 </div>
             </div>
         {{/defineZone}}
-
+        <span id="policy-operations" class="hidden" data-template="{{template}}" data-script="{{script}}"
+              data-style="{{style}}"></span>
         <!-- #page-content-wrapper -->
         <div class="page-content-wrapper">
             <div class="row no-gutter add-padding-5x add-margin-top-5x" style="border: 1px solid #e4e4e4;">

components/device-mgt/org.wso2.carbon.device.mgt.ui/src/main/resources/jaggeryapps/devicemgt/app/units/cdmf.unit.policy.view/view.js

@@ -17,10 +17,27 @@
  */
 
 function onRequest(context) {
-//    var log = new Log("policy-view-edit-unit backend js");
+    var utility = require("/app/modules/utility.js").utility;
-
+    var page = {};
-//    var userModule = require("/app/modules/business-controllers/user.js")["userModule"];
+    var deviceType = request.getParameter("deviceType");
-//    context.roles = userModule.getRoles();
+    var policyViewSrc = "/app/units/" + utility.getTenantedDeviceUnitName(deviceType, "policy-view");
-    context.isAuthorized = userModule.isAuthorized("/permission/admin/device-mgt/policies/view");
+    if (new File(policyViewSrc).isExists()) {
-    return context;
+        var policyOperationsTemplateSrc = policyViewSrc + "/public/templates/" + deviceType + "-policy-view.hbs";
+        if (new File(policyOperationsTemplateSrc).isExists()) {
+            page.template = "/public/cdmf.unit.device.type." + deviceType + ".policy-view/templates/" + deviceType +
+                "-policy-view.hbs";
+        }
+        var policyOperationsScriptSrc = policyViewSrc + "/public/js/" + deviceType + "-policy-view.js";
+        if (new File(policyOperationsScriptSrc).isExists()) {
+            page.script = "/public/cdmf.unit.device.type." + deviceType + ".policy-view/js/" + deviceType +
+                "-policy-view.js";
+        }
+        var policyOperationsStylesSrc = policyViewSrc + "/public/css/" + deviceType + "-policy-view.css";
+        if (new File(policyOperationsStylesSrc).isExists()) {
+            page.style = "/public/cdmf.unit.device.type." + deviceType + ".policy-view/css/" + deviceType +
+                "-policy-view.css";
+        }
+    }
+    page.isAuthorized = userModule.isAuthorized("/permission/admin/device-mgt/policies/view");
+    return page;
 }

components/device-mgt/org.wso2.carbon.device.mgt.url.printer/pom.xml

@@ -23,7 +23,7 @@
     <parent>
         <artifactId>device-mgt</artifactId>
         <groupId>org.wso2.carbon.devicemgt</groupId>
-        <version>2.0.7-SNAPSHOT</version>
+        <version>2.0.8-SNAPSHOT</version>
         <relativePath>../pom.xml</relativePath>
     </parent>
 
@@ -59,7 +59,7 @@
                         <Bundle-Name>${project.artifactId}</Bundle-Name>
                         <Bundle-Version>${carbon.device.mgt.version}</Bundle-Version>
                         <Bundle-Description>IoT Server Impl Bundle</Bundle-Description>
-                        <Private-Package>org.wso2.carbon.device.mgt.iot.url.printer.internal</Private-Package>
+                        <Private-Package>org.wso2.carbon.device.mgt.url.printer.internal</Private-Package>
                         <Import-Package>
                             org.osgi.framework,
                             org.osgi.service.component,
@@ -69,8 +69,8 @@
                             org.wso2.carbon.utils.*,
                         </Import-Package>
                         <Export-Package>
-                            !org.wso2.carbon.device.mgt.iot.url.printer.internal,
+                            !org.wso2.carbon.device.mgt.url.printer.internal,
-                            org.wso2.carbon.device.mgt.iot.url.printer.*;version="${project.version}"
+                            org.wso2.carbon.device.mgt.url.printer.*;version="${project.version}"
                         </Export-Package>
                     </instructions>
                 </configuration>

components/device-mgt/pom.xml

@@ -22,7 +22,7 @@
     <parent>
         <groupId>org.wso2.carbon.devicemgt</groupId>
         <artifactId>carbon-devicemgt</artifactId>
-        <version>2.0.7-SNAPSHOT</version>
+        <version>2.0.8-SNAPSHOT</version>
         <relativePath>../../pom.xml</relativePath>
     </parent>
 

components/email-sender/org.wso2.carbon.email.sender.core/pom.xml

@@ -22,7 +22,7 @@
     <parent>
         <groupId>org.wso2.carbon.devicemgt</groupId>
         <artifactId>email-sender</artifactId>
-        <version>2.0.7-SNAPSHOT</version>
+        <version>2.0.8-SNAPSHOT</version>
         <relativePath>../pom.xml</relativePath>
     </parent>
 

components/email-sender/pom.xml

@@ -22,7 +22,7 @@
     <parent>
         <groupId>org.wso2.carbon.devicemgt</groupId>
         <artifactId>carbon-devicemgt</artifactId>
-        <version>2.0.7-SNAPSHOT</version>
+        <version>2.0.8-SNAPSHOT</version>
         <relativePath>../../pom.xml</relativePath>
     </parent>
 

components/identity-extensions/dynamic-client-registration/dynamic-client-web-proxy/pom.xml

@@ -21,7 +21,7 @@
     <parent>
         <artifactId>dynamic-client-registration</artifactId>
         <groupId>org.wso2.carbon.devicemgt</groupId>
-        <version>2.0.7-SNAPSHOT</version>
+        <version>2.0.8-SNAPSHOT</version>
         <relativePath>../pom.xml</relativePath>
     </parent>
 

components/identity-extensions/dynamic-client-registration/dynamic-client-web/pom.xml

@@ -21,7 +21,7 @@
     <parent>
         <artifactId>dynamic-client-registration</artifactId>
         <groupId>org.wso2.carbon.devicemgt</groupId>
-        <version>2.0.7-SNAPSHOT</version>
+        <version>2.0.8-SNAPSHOT</version>
         <relativePath>../pom.xml</relativePath>
     </parent>
 

components/identity-extensions/dynamic-client-registration/org.wso2.carbon.dynamic.client.registration/pom.xml

@@ -21,13 +21,13 @@
     <parent>
         <artifactId>dynamic-client-registration</artifactId>
         <groupId>org.wso2.carbon.devicemgt</groupId>
-        <version>2.0.7-SNAPSHOT</version>
+        <version>2.0.8-SNAPSHOT</version>
         <relativePath>../pom.xml</relativePath>
     </parent>
 
     <modelVersion>4.0.0</modelVersion>
     <artifactId>org.wso2.carbon.dynamic.client.registration</artifactId>
-    <version>2.0.7-SNAPSHOT</version>
+    <version>2.0.8-SNAPSHOT</version>
     <packaging>bundle</packaging>
     <name>WSO2 Carbon - Dynamic client registration service</name>
     <description>WSO2 Carbon - Dynamic Client Registration Service</description>

components/identity-extensions/dynamic-client-registration/org.wso2.carbon.dynamic.client.web.app.registration/pom.xml

@@ -21,13 +21,13 @@
     <parent>
         <artifactId>dynamic-client-registration</artifactId>
         <groupId>org.wso2.carbon.devicemgt</groupId>
-        <version>2.0.7-SNAPSHOT</version>
+        <version>2.0.8-SNAPSHOT</version>
         <relativePath>../pom.xml</relativePath>
     </parent>
 
     <modelVersion>4.0.0</modelVersion>
     <artifactId>org.wso2.carbon.dynamic.client.web.app.registration</artifactId>
-    <version>2.0.7-SNAPSHOT</version>
+    <version>2.0.8-SNAPSHOT</version>
     <packaging>bundle</packaging>
     <name>WSO2 Carbon - Dynamic client web app registration</name>
     <description>WSO2 Carbon - Dynamic Client Web-app Registration Service</description>

components/identity-extensions/dynamic-client-registration/pom.xml

@@ -22,14 +22,14 @@
     <parent>
         <groupId>org.wso2.carbon.devicemgt</groupId>
         <artifactId>identity-extensions</artifactId>
-        <version>2.0.7-SNAPSHOT</version>
+        <version>2.0.8-SNAPSHOT</version>
         <relativePath>../pom.xml</relativePath>
     </parent>
 
     <modelVersion>4.0.0</modelVersion>
     <groupId>org.wso2.carbon.devicemgt</groupId>
     <artifactId>dynamic-client-registration</artifactId>
-    <version>2.0.7-SNAPSHOT</version>
+    <version>2.0.8-SNAPSHOT</version>
     <packaging>pom</packaging>
     <name>WSO2 Carbon - Dynamic client registration</name>
     <url>http://wso2.org</url>

components/identity-extensions/org.wso2.carbon.device.mgt.oauth.extensions/pom.xml

@@ -22,13 +22,13 @@
     <parent>
         <groupId>org.wso2.carbon.devicemgt</groupId>
         <artifactId>identity-extensions</artifactId>
-        <version>2.0.7-SNAPSHOT</version>
+        <version>2.0.8-SNAPSHOT</version>
         <relativePath>../pom.xml</relativePath>
     </parent>
 
     <modelVersion>4.0.0</modelVersion>
     <artifactId>org.wso2.carbon.device.mgt.oauth.extensions</artifactId>
-    <version>2.0.7-SNAPSHOT</version>
+    <version>2.0.8-SNAPSHOT</version>
     <packaging>bundle</packaging>
     <name>WSO2 Carbon - OAuth Extensions</name>
     <url>http://wso2.org</url>

components/identity-extensions/org.wso2.carbon.identity.authenticator.backend.oauth/pom.xml

@@ -21,7 +21,7 @@
     <parent>
         <artifactId>identity-extensions</artifactId>
         <groupId>org.wso2.carbon.devicemgt</groupId>
-        <version>2.0.7-SNAPSHOT</version>
+        <version>2.0.8-SNAPSHOT</version>
     </parent>
 
     <modelVersion>4.0.0</modelVersion>

components/identity-extensions/org.wso2.carbon.identity.jwt.client.extension/pom.xml

@@ -22,7 +22,7 @@
     <parent>
         <groupId>org.wso2.carbon.devicemgt</groupId>
         <artifactId>identity-extensions</artifactId>
-        <version>2.0.7-SNAPSHOT</version>
+        <version>2.0.8-SNAPSHOT</version>
         <relativePath>../pom.xml</relativePath>
     </parent>
 

components/identity-extensions/pom.xml

@@ -22,7 +22,7 @@
     <parent>
         <groupId>org.wso2.carbon.devicemgt</groupId>
         <artifactId>carbon-devicemgt</artifactId>
-        <version>2.0.7-SNAPSHOT</version>
+        <version>2.0.8-SNAPSHOT</version>
         <relativePath>../../pom.xml</relativePath>
     </parent>
 

components/policy-mgt/org.wso2.carbon.complex.policy.decision.point/pom.xml

@@ -22,14 +22,14 @@
     <parent>
         <groupId>org.wso2.carbon.devicemgt</groupId>
         <artifactId>policy-mgt</artifactId>
-        <version>2.0.7-SNAPSHOT</version>
+        <version>2.0.8-SNAPSHOT</version>
         <relativePath>../pom.xml</relativePath>
     </parent>
 
     <modelVersion>4.0.0</modelVersion>
     <groupId>org.wso2.carbon.devicemgt</groupId>
     <artifactId>org.wso2.carbon.complex.policy.decision.point</artifactId>
-    <version>2.0.7-SNAPSHOT</version>
+    <version>2.0.8-SNAPSHOT</version>
     <packaging>bundle</packaging>
     <name>WSO2 Carbon - Policy Decision Point</name>
     <description>WSO2 Carbon - Policy Decision Point</description>

components/policy-mgt/org.wso2.carbon.policy.decision.point/pom.xml

@@ -3,14 +3,14 @@
     <parent>
         <groupId>org.wso2.carbon.devicemgt</groupId>
         <artifactId>policy-mgt</artifactId>
-        <version>2.0.7-SNAPSHOT</version>
+        <version>2.0.8-SNAPSHOT</version>
         <relativePath>../pom.xml</relativePath>
     </parent>
 
     <modelVersion>4.0.0</modelVersion>
     <groupId>org.wso2.carbon.devicemgt</groupId>
     <artifactId>org.wso2.carbon.policy.decision.point</artifactId>
-    <version>2.0.7-SNAPSHOT</version>
+    <version>2.0.8-SNAPSHOT</version>
     <packaging>bundle</packaging>
     <name>WSO2 Carbon - Policy Decision Point</name>
     <description>WSO2 Carbon - Policy Decision Point</description>

components/policy-mgt/org.wso2.carbon.policy.information.point/pom.xml

@@ -3,7 +3,7 @@
     <parent>
         <groupId>org.wso2.carbon.devicemgt</groupId>
         <artifactId>policy-mgt</artifactId>
-        <version>2.0.7-SNAPSHOT</version>
+        <version>2.0.8-SNAPSHOT</version>
         <relativePath>../pom.xml</relativePath>
     </parent>
 
@@ -11,7 +11,7 @@
     <modelVersion>4.0.0</modelVersion>
     <groupId>org.wso2.carbon.devicemgt</groupId>
     <artifactId>org.wso2.carbon.policy.information.point</artifactId>
-    <version>2.0.7-SNAPSHOT</version>
+    <version>2.0.8-SNAPSHOT</version>
     <packaging>bundle</packaging>
     <name>WSO2 Carbon - Policy Information Point</name>
     <description>WSO2 Carbon - Policy Information Point</description>

components/policy-mgt/org.wso2.carbon.policy.mgt.common/pom.xml

@@ -22,14 +22,14 @@
     <parent>
         <groupId>org.wso2.carbon.devicemgt</groupId>
         <artifactId>policy-mgt</artifactId>
-        <version>2.0.7-SNAPSHOT</version>
+        <version>2.0.8-SNAPSHOT</version>
         <relativePath>../pom.xml</relativePath>
     </parent>
 
     <modelVersion>4.0.0</modelVersion>
     <groupId>org.wso2.carbon.devicemgt</groupId>
     <artifactId>org.wso2.carbon.policy.mgt.common</artifactId>
-    <version>2.0.7-SNAPSHOT</version>
+    <version>2.0.8-SNAPSHOT</version>
     <packaging>bundle</packaging>
     <name>WSO2 Carbon - Policy Management Common</name>
     <description>WSO2 Carbon - Policy Management Common</description>

components/policy-mgt/org.wso2.carbon.policy.mgt.core/pom.xml

@@ -22,14 +22,14 @@
     <parent>
         <groupId>org.wso2.carbon.devicemgt</groupId>
         <artifactId>policy-mgt</artifactId>
-        <version>2.0.7-SNAPSHOT</version>
+        <version>2.0.8-SNAPSHOT</version>
         <relativePath>../pom.xml</relativePath>
     </parent>
 
     <modelVersion>4.0.0</modelVersion>
     <groupId>org.wso2.carbon.devicemgt</groupId>
     <artifactId>org.wso2.carbon.policy.mgt.core</artifactId>
-    <version>2.0.7-SNAPSHOT</version>
+    <version>2.0.8-SNAPSHOT</version>
     <packaging>bundle</packaging>
     <name>WSO2 Carbon - Policy Management Core</name>
     <description>WSO2 Carbon - Policy Management Core</description>

components/policy-mgt/pom.xml

@@ -23,13 +23,13 @@
     <parent>
         <groupId>org.wso2.carbon.devicemgt</groupId>
         <artifactId>carbon-devicemgt</artifactId>
-        <version>2.0.7-SNAPSHOT</version>
+        <version>2.0.8-SNAPSHOT</version>
         <relativePath>../../pom.xml</relativePath>
     </parent>
 
     <modelVersion>4.0.0</modelVersion>
     <artifactId>policy-mgt</artifactId>
-    <version>2.0.7-SNAPSHOT</version>
+    <version>2.0.8-SNAPSHOT</version>
     <packaging>pom</packaging>
     <name>WSO2 Carbon - Policy Management Component</name>
     <url>http://wso2.org</url>

components/webapp-authenticator-framework/org.wso2.carbon.webapp.authenticator.framework/pom.xml

@@ -21,14 +21,14 @@
     <parent>
         <groupId>org.wso2.carbon.devicemgt</groupId>
         <artifactId>webapp-authenticator-framework</artifactId>
-        <version>2.0.7-SNAPSHOT</version>
+        <version>2.0.8-SNAPSHOT</version>
         <relativePath>../pom.xml</relativePath>
     </parent>
 
     <modelVersion>4.0.0</modelVersion>
     <groupId>org.wso2.carbon.devicemgt</groupId>
     <artifactId>org.wso2.carbon.webapp.authenticator.framework</artifactId>
-    <version>2.0.7-SNAPSHOT</version>
+    <version>2.0.8-SNAPSHOT</version>
     <packaging>bundle</packaging>
     <name>WSO2 Carbon - Web Application Authenticator Framework Bundle</name>
     <description>WSO2 Carbon - Web Application Authenticator Framework Bundle</description>

components/webapp-authenticator-framework/org.wso2.carbon.webapp.authenticator.framework/src/main/java/org/wso2/carbon/webapp/authenticator/framework/Utils/Utils.java

@@ -35,6 +35,8 @@ import org.wso2.carbon.utils.multitenancy.MultitenantUtils;
 import org.wso2.carbon.webapp.authenticator.framework.AuthenticationException;
 
 import java.util.Properties;
+import java.util.regex.Matcher;
+import java.util.regex.Pattern;
 
 public class Utils {
 
@@ -86,4 +88,18 @@ public class Utils {
         }
     }
 
+    public static String replaceSystemProperty(String urlWithPlaceholders)  {
+        String regex = "\\$\\{(.*?)\\}";
+        Pattern pattern = Pattern.compile(regex);
+        Matcher matchPattern = pattern.matcher(urlWithPlaceholders);
+        while (matchPattern.find()) {
+            String sysPropertyName = matchPattern.group(1);
+            String sysPropertyValue = System.getProperty(sysPropertyName);
+            if (sysPropertyValue != null && !sysPropertyName.isEmpty()) {
+                urlWithPlaceholders = urlWithPlaceholders.replaceAll("\\$\\{(" + sysPropertyName + ")\\}", sysPropertyValue);
+            }
+        }
+        return urlWithPlaceholders;
+    }
+
 }

components/webapp-authenticator-framework/org.wso2.carbon.webapp.authenticator.framework/src/main/java/org/wso2/carbon/webapp/authenticator/framework/WebappAuthenticationValve.java

@@ -41,7 +41,7 @@ public class WebappAuthenticationValve extends CarbonTomcatValve {
     @Override
     public void invoke(Request request, Response response, CompositeValve compositeValve) {
 
-        if (this.isContextSkipped(request) || (!this.isAdminService(request) && this.skipAuthentication(request))) {
+        if (this.isContextSkipped(request) ||  this.skipAuthentication(request)) {
             this.getNext().invoke(request, response, compositeValve);
             return;
         }
@@ -74,11 +74,6 @@ public class WebappAuthenticationValve extends CarbonTomcatValve {
         }
     }
 
-    private boolean isAdminService(Request request) {
-        String param = request.getContext().findParameter("isAdminService");
-        return (param != null && Boolean.parseBoolean(param));
-    }
-
     private boolean skipAuthentication(Request request) {
         String param = request.getContext().findParameter("doAuthentication");
         return (param == null || !Boolean.parseBoolean(param) || isNonSecuredEndPoint(request));

components/webapp-authenticator-framework/org.wso2.carbon.webapp.authenticator.framework/src/main/java/org/wso2/carbon/webapp/authenticator/framework/authenticator/BSTAuthenticator.java

@@ -66,7 +66,7 @@ public class BSTAuthenticator implements WebappAuthenticator {
                     "are not provided");
         }
 
-        String url = this.properties.getProperty("TokenValidationEndpointUrl");
+        String url = Utils.replaceSystemProperty(this.properties.getProperty("TokenValidationEndpointUrl"));
         if ((url == null) || (url.isEmpty())) {
             throw new IllegalArgumentException("OAuth token validation endpoint url is not provided");
         }

components/webapp-authenticator-framework/org.wso2.carbon.webapp.authenticator.framework/src/main/java/org/wso2/carbon/webapp/authenticator/framework/authenticator/JWTAuthenticator.java

@@ -62,7 +62,7 @@ public class JWTAuthenticator implements WebappAuthenticator {
     private static final String DEFAULT_TRUST_STORE_LOCATION = "Security.TrustStore.Location";
     private static final String DEFAULT_TRUST_STORE_PASSWORD = "Security.TrustStore.Password";
 
-    private static final Map<String, PublicKey> publicKeyHolder = new HashMap<>();
+    private static final Map<IssuerAlias, PublicKey> publicKeyHolder = new HashMap<>();
     private Properties properties;
 
     private static void loadTenantRegistry(int tenantId) throws RegistryException {
@@ -106,21 +106,17 @@ public class JWTAuthenticator implements WebappAuthenticator {
             String username = jwsObject.getJWTClaimsSet().getStringClaim(SIGNED_JWT_AUTH_USERNAME);
             String tenantDomain = MultitenantUtils.getTenantDomain(username);
             int tenantId = Integer.parseInt(jwsObject.getJWTClaimsSet().getStringClaim(SIGNED_JWT_AUTH_TENANT_ID));
+            String issuer = jwsObject.getJWTClaimsSet().getIssuer();
             PrivilegedCarbonContext.startTenantFlow();
             PrivilegedCarbonContext.getThreadLocalCarbonContext().setTenantDomain(tenantDomain);
             PrivilegedCarbonContext.getThreadLocalCarbonContext().setTenantId(tenantId);
-            PublicKey publicKey =  publicKeyHolder.get(tenantDomain);
+            IssuerAlias issuerAlias = new IssuerAlias(issuer, tenantDomain);
+            PublicKey publicKey =  publicKeyHolder.get(issuerAlias);
             if (publicKey == null) {
                 loadTenantRegistry(tenantId);
                 KeyStoreManager keyStoreManager = KeyStoreManager.getInstance(tenantId);
                 if (MultitenantConstants.SUPER_TENANT_DOMAIN_NAME.equals(tenantDomain)) {
-                    String defaultPublicKey = properties.getProperty("DefaultPublicKey");
+                    String alias = properties.getProperty(issuer);
-                    if (defaultPublicKey != null && !defaultPublicKey.isEmpty()) {
-                        boolean isDefaultPublicKey = Boolean.parseBoolean(defaultPublicKey);
-                        if (isDefaultPublicKey) {
-                            publicKey = keyStoreManager.getDefaultPublicKey();
-                        } else {
-                            String alias = properties.getProperty("KeyAlias");
                     if (alias != null && !alias.isEmpty()) {
                         ServerConfiguration serverConfig = CarbonUtils.getServerConfiguration();
                         KeyStore keyStore = KeyStore.getInstance(KeyStore.getDefaultType());
@@ -133,19 +129,14 @@ public class JWTAuthenticator implements WebappAuthenticator {
                         authenticationInfo.setStatus(Status.FAILURE);
                         return  authenticationInfo;
                     }
-                        }
-
-                    } else {
-                        publicKey = keyStoreManager.getDefaultPublicKey();
-                    }
-
                 } else {
                     String ksName = tenantDomain.trim().replace('.', '-');
                     String jksName = ksName + ".jks";
                     publicKey = keyStoreManager.getKeyStore(jksName).getCertificate(tenantDomain).getPublicKey();
                 }
                 if (publicKey != null) {
-                    publicKeyHolder.put(tenantDomain, publicKey);
+                    issuerAlias = new IssuerAlias(tenantDomain);
+                    publicKeyHolder.put(issuerAlias, publicKey);
                 }
             }
 
@@ -205,4 +196,34 @@ public class JWTAuthenticator implements WebappAuthenticator {
         }
         return this.properties.getProperty(name);
     }
+
+    private class IssuerAlias {
+
+        private String issuer;
+        private String tenantDomain;
+        private final String DEFAULT_ISSUER = "default";
+
+        public  IssuerAlias(String tenantDomain) {
+            this.issuer = DEFAULT_ISSUER;
+            this.tenantDomain = tenantDomain;
+        }
+
+        public  IssuerAlias(String issuer, String tenantDomain) {
+            this.issuer = issuer;
+            this.tenantDomain = tenantDomain;
+        }
+
+        @Override
+        public int hashCode() {
+            int result = this.issuer.hashCode();
+            result = 31 * result + ("@" + this.tenantDomain).hashCode();
+            return result;
+        }
+
+        @Override
+        public boolean equals(Object obj) {
+            return (obj instanceof IssuerAlias) && issuer.equals(
+                    ((IssuerAlias) obj).issuer) && tenantDomain == ((IssuerAlias) obj).tenantDomain;
+        }
+    }
 }

components/webapp-authenticator-framework/org.wso2.carbon.webapp.authenticator.framework/src/main/java/org/wso2/carbon/webapp/authenticator/framework/authenticator/OAuthAuthenticator.java

@@ -55,7 +55,7 @@ public class OAuthAuthenticator implements WebappAuthenticator {
                     "are not provided");
         }
 
-        String url = this.properties.getProperty("TokenValidationEndpointUrl");
+        String url = Utils.replaceSystemProperty(this.properties.getProperty("TokenValidationEndpointUrl"));
         if ((url == null) || (url.isEmpty())) {
             throw new IllegalArgumentException("OAuth token validation endpoint url is not provided");
         }

components/webapp-authenticator-framework/pom.xml

@@ -22,14 +22,14 @@
     <parent>
         <groupId>org.wso2.carbon.devicemgt</groupId>
         <artifactId>carbon-devicemgt</artifactId>
-        <version>2.0.7-SNAPSHOT</version>
+        <version>2.0.8-SNAPSHOT</version>
         <relativePath>../../pom.xml</relativePath>
     </parent>
 
     <modelVersion>4.0.0</modelVersion>
     <groupId>org.wso2.carbon.devicemgt</groupId>
     <artifactId>webapp-authenticator-framework</artifactId>
-    <version>2.0.7-SNAPSHOT</version>
+    <version>2.0.8-SNAPSHOT</version>
     <packaging>pom</packaging>
     <name>WSO2 Carbon - Webapp Authenticator Framework</name>
     <url>http://wso2.org</url>

features/apimgt-extensions/org.wso2.carbon.apimgt.application.extension.feature/pom.xml

@@ -21,14 +21,14 @@
     <parent>
         <groupId>org.wso2.carbon.devicemgt</groupId>
         <artifactId>apimgt-extensions-feature</artifactId>
-        <version>2.0.7-SNAPSHOT</version>
+        <version>2.0.8-SNAPSHOT</version>
         <relativePath>../pom.xml</relativePath>
     </parent>
 
     <modelVersion>4.0.0</modelVersion>
     <artifactId>org.wso2.carbon.apimgt.application.extension.feature</artifactId>
     <packaging>pom</packaging>
-    <version>2.0.7-SNAPSHOT</version>
+    <version>2.0.8-SNAPSHOT</version>
     <name>WSO2 Carbon - API Management Application Extension Feature</name>
     <url>http://wso2.org</url>
     <description>This feature contains an implementation of a api application registration, which takes care of subscription

features/apimgt-extensions/org.wso2.carbon.apimgt.handler.server.feature/pom.xml

@@ -22,14 +22,14 @@
     <parent>
         <groupId>org.wso2.carbon.devicemgt</groupId>
         <artifactId>apimgt-extensions-feature</artifactId>
-        <version>2.0.7-SNAPSHOT</version>
+        <version>2.0.8-SNAPSHOT</version>
         <relativePath>../pom.xml</relativePath>
     </parent>
 
     <modelVersion>4.0.0</modelVersion>
     <artifactId>org.wso2.carbon.apimgt.handler.server.feature</artifactId>
     <packaging>pom</packaging>
-    <version>2.0.7-SNAPSHOT</version>
+    <version>2.0.8-SNAPSHOT</version>
     <name>WSO2 Carbon - Device Management - APIM handler Server Feature</name>
     <url>http://wso2.org</url>
     <description>This feature contains the handler for the api authentications

features/apimgt-extensions/org.wso2.carbon.apimgt.webapp.publisher.feature/pom.xml

@@ -21,14 +21,14 @@
     <parent>
         <groupId>org.wso2.carbon.devicemgt</groupId>
         <artifactId>apimgt-extensions-feature</artifactId>
-        <version>2.0.7-SNAPSHOT</version>
+        <version>2.0.8-SNAPSHOT</version>
         <relativePath>../pom.xml</relativePath>
     </parent>
 
     <modelVersion>4.0.0</modelVersion>
     <artifactId>org.wso2.carbon.apimgt.webapp.publisher.feature</artifactId>
     <packaging>pom</packaging>
-    <version>2.0.7-SNAPSHOT</version>
+    <version>2.0.8-SNAPSHOT</version>
     <name>WSO2 Carbon - API Management Webapp Publisher Feature</name>
     <url>http://wso2.org</url>
     <description>This feature contains an implementation of a Tomcat lifecycle listener, which takes care of publishing

features/apimgt-extensions/org.wso2.carbon.apimgt.webapp.publisher.feature/src/main/resources/conf/webapp-publisher-config.xml

@@ -24,7 +24,7 @@
 <WebappPublisherConfigs>
 
     <!-- This host is used to define the host address which is used to publish APIs -->
-    <Host>https://localhost:${carbon.https.port}</Host>
+    <Host>https://${iot.core.host}:${iot.core.https.port}</Host>
 
     <!-- If it is true, the APIs of this instance will be published to the defined host -->
     <PublishAPI>true</PublishAPI>

features/apimgt-extensions/pom.xml

@@ -22,14 +22,14 @@
     <parent>
         <groupId>org.wso2.carbon.devicemgt</groupId>
         <artifactId>carbon-devicemgt</artifactId>
-        <version>2.0.7-SNAPSHOT</version>
+        <version>2.0.8-SNAPSHOT</version>
         <relativePath>../../pom.xml</relativePath>
     </parent>
 
     <modelVersion>4.0.0</modelVersion>
     <groupId>org.wso2.carbon.devicemgt</groupId>
     <artifactId>apimgt-extensions-feature</artifactId>
-    <version>2.0.7-SNAPSHOT</version>
+    <version>2.0.8-SNAPSHOT</version>
     <packaging>pom</packaging>
     <name>WSO2 Carbon - API Management Extensions Feature</name>
     <url>http://wso2.org</url>

features/certificate-mgt/org.wso2.carbon.certificate.mgt.api.feature/pom.xml

@@ -22,7 +22,7 @@
     <parent>
         <groupId>org.wso2.carbon.devicemgt</groupId>
         <artifactId>certificate-mgt-feature</artifactId>
-        <version>2.0.7-SNAPSHOT</version>
+        <version>2.0.8-SNAPSHOT</version>
         <relativePath>../pom.xml</relativePath>
     </parent>
 

features/certificate-mgt/org.wso2.carbon.certificate.mgt.cert.admin.api.feature/pom.xml

@@ -22,7 +22,7 @@
     <parent>
         <groupId>org.wso2.carbon.devicemgt</groupId>
         <artifactId>certificate-mgt-feature</artifactId>
-        <version>2.0.7-SNAPSHOT</version>
+        <version>2.0.8-SNAPSHOT</version>
         <relativePath>../pom.xml</relativePath>
     </parent>
 

features/certificate-mgt/org.wso2.carbon.certificate.mgt.server.feature/pom.xml

@@ -22,14 +22,14 @@
     <parent>
         <groupId>org.wso2.carbon.devicemgt</groupId>
         <artifactId>certificate-mgt-feature</artifactId>
-        <version>2.0.7-SNAPSHOT</version>
+        <version>2.0.8-SNAPSHOT</version>
         <relativePath>../pom.xml</relativePath>
     </parent>
 
     <modelVersion>4.0.0</modelVersion>
     <artifactId>org.wso2.carbon.certificate.mgt.server.feature</artifactId>
     <packaging>pom</packaging>
-    <version>2.0.7-SNAPSHOT</version>
+    <version>2.0.8-SNAPSHOT</version>
     <name>WSO2 Carbon - Certificate Management Server Feature</name>
     <url>http://wso2.org</url>
     <description>This feature contains the core bundles required for back-end Certificate Management functionality

features/certificate-mgt/pom.xml

@@ -22,14 +22,14 @@
     <parent>
         <groupId>org.wso2.carbon.devicemgt</groupId>
         <artifactId>carbon-devicemgt</artifactId>
-        <version>2.0.7-SNAPSHOT</version>
+        <version>2.0.8-SNAPSHOT</version>
         <relativePath>../../pom.xml</relativePath>
     </parent>
 
     <modelVersion>4.0.0</modelVersion>
     <groupId>org.wso2.carbon.devicemgt</groupId>
     <artifactId>certificate-mgt-feature</artifactId>
-    <version>2.0.7-SNAPSHOT</version>
+    <version>2.0.8-SNAPSHOT</version>
     <packaging>pom</packaging>
     <name>WSO2 Carbon - Certificate Management Feature</name>
     <url>http://wso2.org</url>

features/device-mgt-extensions/org.wso2.carbon.device.mgt.extensions.device.type.deployer.feature/pom.xml

@@ -22,14 +22,14 @@
     <parent>
         <groupId>org.wso2.carbon.devicemgt</groupId>
         <artifactId>device-mgt-extensions-feature</artifactId>
-        <version>2.0.7-SNAPSHOT</version>
+        <version>2.0.8-SNAPSHOT</version>
         <relativePath>../pom.xml</relativePath>
     </parent>
 
     <modelVersion>4.0.0</modelVersion>
     <artifactId>org.wso2.carbon.device.mgt.extensions.device.type.deployer.feature</artifactId>
     <packaging>pom</packaging>
-    <version>2.0.7-SNAPSHOT</version>
+    <version>2.0.8-SNAPSHOT</version>
     <name>WSO2 Carbon - Device Type Deployer Feature</name>
     <url>http://wso2.org</url>
     <description>WSO2 Carbon - Device Type Deployer Feature</description>

features/device-mgt-extensions/org.wso2.carbon.device.mgt.extensions.push.notification.provider.gcm.feature/pom.xml

@@ -22,14 +22,14 @@
     <parent>
         <groupId>org.wso2.carbon.devicemgt</groupId>
         <artifactId>device-mgt-extensions-feature</artifactId>
-        <version>2.0.7-SNAPSHOT</version>
+        <version>2.0.8-SNAPSHOT</version>
         <relativePath>../pom.xml</relativePath>
     </parent>
 
     <modelVersion>4.0.0</modelVersion>
     <artifactId>org.wso2.carbon.device.mgt.extensions.push.notification.provider.gcm.feature</artifactId>
     <packaging>pom</packaging>
-    <version>2.0.7-SNAPSHOT</version>
+    <version>2.0.8-SNAPSHOT</version>
     <name>WSO2 Carbon - GCM Based Push Notification Provider Feature</name>
     <url>http://wso2.org</url>
     <description>WSO2 Carbon - MQTT Based Push Notification Provider Feature</description>

features/device-mgt-extensions/org.wso2.carbon.device.mgt.extensions.push.notification.provider.mqtt.feature/pom.xml

@@ -22,14 +22,14 @@
     <parent>
         <groupId>org.wso2.carbon.devicemgt</groupId>
         <artifactId>device-mgt-extensions-feature</artifactId>
-        <version>2.0.7-SNAPSHOT</version>
+        <version>2.0.8-SNAPSHOT</version>
         <relativePath>../pom.xml</relativePath>
     </parent>
 
     <modelVersion>4.0.0</modelVersion>
     <artifactId>org.wso2.carbon.device.mgt.extensions.push.notification.provider.mqtt.feature</artifactId>
     <packaging>pom</packaging>
-    <version>2.0.7-SNAPSHOT</version>
+    <version>2.0.8-SNAPSHOT</version>
     <name>WSO2 Carbon - MQTT Based Push Notification Provider Feature</name>
     <url>http://wso2.org</url>
     <description>WSO2 Carbon - MQTT Based Push Notification Provider Feature</description>

features/device-mgt-extensions/org.wso2.carbon.device.mgt.extensions.push.notification.provider.xmpp.feature/pom.xml

@@ -22,14 +22,14 @@
     <parent>
         <groupId>org.wso2.carbon.devicemgt</groupId>
         <artifactId>device-mgt-extensions-feature</artifactId>
-        <version>2.0.7-SNAPSHOT</version>
+        <version>2.0.8-SNAPSHOT</version>
         <relativePath>../pom.xml</relativePath>
     </parent>
 
     <modelVersion>4.0.0</modelVersion>
     <artifactId>org.wso2.carbon.device.mgt.extensions.push.notification.provider.xmpp.feature</artifactId>
     <packaging>pom</packaging>
-    <version>2.0.7-SNAPSHOT</version>
+    <version>2.0.8-SNAPSHOT</version>
     <name>WSO2 Carbon - XMPP Based Push Notification Provider Feature</name>
     <url>http://wso2.org</url>
     <description>WSO2 Carbon - XMPP Based Push Notification Provider Feature</description>

features/device-mgt-extensions/pom.xml

@@ -22,7 +22,7 @@
     <parent>
         <groupId>org.wso2.carbon.devicemgt</groupId>
         <artifactId>carbon-devicemgt</artifactId>
-        <version>2.0.7-SNAPSHOT</version>
+        <version>2.0.8-SNAPSHOT</version>
         <relativePath>../../pom.xml</relativePath>
     </parent>