fixed permission and assigned environment variables for url context

components/apimgt-extensions/org.wso2.carbon.apimgt.application.extension.api/pom.xml

@@ -173,6 +173,11 @@
             <artifactId>org.wso2.carbon.device.mgt.common</artifactId>
             <scope>provided</scope>
         </dependency>
+		<dependency>
+			<groupId>org.wso2.carbon</groupId>
+			<artifactId>org.wso2.carbon.registry.core</artifactId>
+			<scope>provided</scope>
+		</dependency>
     </dependencies>
 
     <build>

components/apimgt-extensions/org.wso2.carbon.apimgt.application.extension.api/src/main/java/org/wso2/carbon/apimgt/application/extension/api/filter/ApiPermissionFilter.java

@@ -56,6 +56,9 @@ public class ApiPermissionFilter implements Filter {
                 PermissionConfiguration permissionConfiguration = (PermissionConfiguration)
                         unmarshaller.unmarshal(permissionStream);
                 permissions = permissionConfiguration.getPermissions();
+                for (Permission permission : permissions) {
+                    APIUtil.putPermission(PERMISSION_PREFIX + permission.getPath());
+                }
             } catch (JAXBException e) {
                 log.error("invalid permissions.xml", e);
             }

components/apimgt-extensions/org.wso2.carbon.apimgt.application.extension.api/src/main/java/org/wso2/carbon/apimgt/application/extension/api/util/APIUtil.java

@@ -21,12 +21,18 @@ package org.wso2.carbon.apimgt.application.extension.api.util;
 import org.apache.commons.logging.Log;
 import org.apache.commons.logging.LogFactory;
 import org.wso2.carbon.apimgt.application.extension.APIManagementProviderService;
+import org.wso2.carbon.base.MultitenantConstants;
 import org.wso2.carbon.context.PrivilegedCarbonContext;
 import org.wso2.carbon.device.mgt.common.DeviceManagementException;
 import org.wso2.carbon.device.mgt.core.service.DeviceManagementProviderService;
+import org.wso2.carbon.registry.api.Resource;
+import org.wso2.carbon.registry.core.Registry;
+import org.wso2.carbon.registry.core.exceptions.RegistryException;
+import org.wso2.carbon.registry.core.service.RegistryService;
 import org.wso2.carbon.user.core.service.RealmService;
 
 import java.util.List;
+import java.util.StringTokenizer;
 
 /**
  * This class provides utility functions used by REST-API.
@@ -35,6 +41,8 @@ public class APIUtil {
 
     private static Log log = LogFactory.getLog(APIUtil.class);
     private static final String DEFAULT_CDMF_API_TAG = "device_management";
+    private static final String DEFAULT_CERT_API_TAG = "scep_management";
+    public static final String PERMISSION_PROPERTY_NAME = "name";
 
     public static String getAuthenticatedUser() {
         PrivilegedCarbonContext threadLocalCarbonContext = PrivilegedCarbonContext.getThreadLocalCarbonContext();
@@ -48,8 +56,7 @@ public class APIUtil {
 
     public static String getTenantDomainOftheUser() {
         PrivilegedCarbonContext threadLocalCarbonContext = PrivilegedCarbonContext.getThreadLocalCarbonContext();
-        String tenantDomain = threadLocalCarbonContext.getTenantDomain();
+        return threadLocalCarbonContext.getTenantDomain();
-        return tenantDomain;
     }
 
     public static APIManagementProviderService getAPIManagementProviderService() {
@@ -92,6 +99,55 @@ public class APIUtil {
         //Todo get allowed cdmf service tags from config.
         List<String> allowedApisTags = getDeviceManagementProviderService().getAvailableDeviceTypes();
         allowedApisTags.add(DEFAULT_CDMF_API_TAG);
+        allowedApisTags.add(DEFAULT_CERT_API_TAG);
         return allowedApisTags;
     }
+
+    public static void putPermission(String permission) {
+        try {
+            StringTokenizer tokenizer = new StringTokenizer(permission, "/");
+            String lastToken = "", currentToken, tempPath;
+            while (tokenizer.hasMoreTokens()) {
+                currentToken = tokenizer.nextToken();
+                tempPath = lastToken + "/" + currentToken;
+                if (!checkResourceExists(tempPath)) {
+                    createRegistryCollection(tempPath, currentToken);
+
+                }
+                lastToken = tempPath;
+            }
+        } catch (org.wso2.carbon.registry.api.RegistryException e) {
+            log.error("Failed to creation permission in registry" + permission, e);
+        }
+    }
+
+    public static void createRegistryCollection(String path, String resourceName)
+            throws org.wso2.carbon.registry.api.RegistryException {
+        Resource resource = getGovernanceRegistry().newCollection();
+        resource.addProperty(PERMISSION_PROPERTY_NAME, resourceName);
+        getGovernanceRegistry().beginTransaction();
+        getGovernanceRegistry().put(path, resource);
+        getGovernanceRegistry().commitTransaction();
+    }
+
+    public static boolean checkResourceExists(String path)
+            throws RegistryException {
+        return getGovernanceRegistry().resourceExists(path);
+    }
+
+    public static Registry getGovernanceRegistry() throws RegistryException {
+        return getRegistryService().getGovernanceSystemRegistry(MultitenantConstants.SUPER_TENANT_ID);
+    }
+
+    public static RegistryService getRegistryService() {
+        PrivilegedCarbonContext ctx = PrivilegedCarbonContext.getThreadLocalCarbonContext();
+        RegistryService registryService =
+                (RegistryService) ctx.getOSGiService(RegistryService.class, null);
+        if (registryService == null) {
+            String msg = "registry service has not initialized.";
+            log.error(msg);
+            throw new IllegalStateException(msg);
+        }
+        return registryService;
+    }
 }

components/apimgt-extensions/org.wso2.carbon.apimgt.application.extension.api/src/main/webapp/META-INF/permissions.xml

@@ -37,14 +37,14 @@
     </Permission>
     <Permission>
         <name>Register application</name>
-        <path>/device-mgt/user/api/application</path>
+        <path>/device-mgt/api/application</path>
         <url>/register</url>
         <method>POST</method>
         <scope>application_user</scope>
     </Permission>
     <Permission>
         <name>Delete application</name>
-        <path>/device-mgt/user/api/application</path>
+        <path>/device-mgt/api/application</path>
         <url>/unregister</url>
         <method>DELETE</method>
         <scope>application_user</scope>

components/certificate-mgt/org.wso2.carbon.certificate.mgt.cert.admin.api/src/main/java/org/wso2/carbon/certificate/mgt/cert/jaxrs/api/CertificateManagementAdminService.java

@@ -64,6 +64,12 @@ import javax.ws.rs.core.Response;
                 description = "Deleting an SSL Certificate",
                 key = "perm:admin:certificates:delete",
                 permissions = {"/device-mgt/admin/certificates/delete"}
+        ),
+        @Scope(
+                name = "Verify SSL certificate",
+                description = "Verify SSL certificate",
+                key = "perm:admin:certificates:verify",
+                permissions = {"/device-mgt/admin/certificates/verify"}
         )
 }
 )
@@ -428,7 +434,12 @@ public interface CertificateManagementAdminService {
             httpMethod = "POST",
             value = "Verify Android SSL certificate",
             notes = "Verify Android Certificate for the API security filter.\n",
-            tags = "Certificate Management")
+            tags = "Certificate Management",
+            extensions = {
+                    @Extension(properties = {
+                            @ExtensionProperty(name = SCOPE, value = "perm:admin:certificates:add")
+                    })
+            })
     @ApiResponses(
             value = {
                     @ApiResponse(

components/device-mgt/org.wso2.carbon.device.mgt.api/src/main/java/org/wso2/carbon/device/mgt/jaxrs/service/api/DeviceManagementService.java

@@ -29,7 +29,6 @@ import io.swagger.annotations.ApiParam;
 import io.swagger.annotations.ApiResponse;
 import io.swagger.annotations.ApiResponses;
 import io.swagger.annotations.ResponseHeader;
-import org.json.JSONObject;
 import org.wso2.carbon.apimgt.annotations.api.Scope;
 import org.wso2.carbon.apimgt.annotations.api.Scopes;
 import org.wso2.carbon.device.mgt.common.Device;

components/device-mgt/org.wso2.carbon.device.mgt.api/src/main/java/org/wso2/carbon/device/mgt/jaxrs/service/api/admin/DeviceAccessAuthorizationAdminService.java

@@ -22,9 +22,17 @@ import io.swagger.annotations.Api;
 import io.swagger.annotations.ApiOperation;
 import io.swagger.annotations.ApiResponse;
 import io.swagger.annotations.ApiResponses;
+import io.swagger.annotations.Extension;
+import io.swagger.annotations.ExtensionProperty;
+import io.swagger.annotations.Info;
+import io.swagger.annotations.SwaggerDefinition;
+import io.swagger.annotations.Tag;
+import org.wso2.carbon.apimgt.annotations.api.Scope;
+import org.wso2.carbon.apimgt.annotations.api.Scopes;
 import org.wso2.carbon.device.mgt.common.authorization.DeviceAuthorizationResult;
 import org.wso2.carbon.device.mgt.jaxrs.beans.AuthorizationRequest;
 import org.wso2.carbon.device.mgt.jaxrs.beans.ErrorResponse;
+import org.wso2.carbon.device.mgt.jaxrs.util.Constants;
 
 import javax.ws.rs.Consumes;
 import javax.ws.rs.POST;
@@ -37,6 +45,32 @@ import javax.ws.rs.core.Response;
 @Api(value = "Device Authorization Administrative Service", description = "This an  API intended to be used by " +
         "'internal' components to log in as an admin user and validate whether the user/device are trusted entity." +
         "Further, this is strictly restricted to admin users only ")
+
+@SwaggerDefinition(
+        info = @Info(
+                version = "1.0.0",
+                title = "",
+                extensions = {
+                        @Extension(properties = {
+                                @ExtensionProperty(name = "name", value = "DeviceAccessAuthorizationAdminService"),
+                                @ExtensionProperty(name = "context", value = "/api/device-mgt/v1.0/admin/authorization"),
+                        })
+                }
+        ),
+        tags = {
+                @Tag(name = "device_management", description = "")
+        }
+)
+@Scopes(
+        scopes = {
+                @Scope(
+                        name = "Verify device authorization",
+                        description = "Verify device authorization",
+                        key = "perm:authorization:verify",
+                        permissions = {"/device-mgt/authorization/verify"}
+                )
+        }
+)
 @Produces(MediaType.APPLICATION_JSON)
 @Consumes(MediaType.APPLICATION_JSON)
 /**
@@ -52,7 +86,13 @@ public interface DeviceAccessAuthorizationAdminService {
             value = "Check for device access authorization\n",
             notes = "This is an internal API that can be used to check for authorization.",
             response = DeviceAuthorizationResult.class,
-            tags = "Authorization Administrative Service")
+            tags = "Authorization Administrative Service",
+            extensions = {
+                    @Extension(properties = {
+                            @ExtensionProperty(name = Constants.SCOPE, value = "perm:authorization:verify")
+                    })
+            })
+
     @ApiResponses(value = {
             @ApiResponse(
                     code = 200,

components/device-mgt/org.wso2.carbon.device.mgt.ui/src/main/resources/jaggeryapps/devicemgt/app/conf/config.json

@@ -1,7 +1,7 @@
 {
     "appContext": "/devicemgt/",
-    "httpsURL" : "https://localhost:8243",
+    "httpsURL" : "https://%server.ip%:8243",
-    "httpURL" : "http://localhost:8280",
+    "httpURL" : "http://%server.ip%:8280",
     "wssURL" : "https://localhost:9445",
     "wsURL" : "%http.ip%",
     "portalURL": "https://%server.ip%:9445",

components/webapp-authenticator-framework/org.wso2.carbon.webapp.authenticator.framework/src/main/java/org/wso2/carbon/webapp/authenticator/framework/Utils/Utils.java

@@ -35,6 +35,8 @@ import org.wso2.carbon.utils.multitenancy.MultitenantUtils;
 import org.wso2.carbon.webapp.authenticator.framework.AuthenticationException;
 
 import java.util.Properties;
+import java.util.regex.Matcher;
+import java.util.regex.Pattern;
 
 public class Utils {
 
@@ -86,4 +88,18 @@ public class Utils {
         }
     }
 
+    public static String replaceSystemProperty(String urlWithPlaceholders)  {
+        String regex = "\\$\\{(.*?)\\}";
+        Pattern pattern = Pattern.compile(regex);
+        Matcher matchPattern = pattern.matcher(urlWithPlaceholders);
+        while (matchPattern.find()) {
+            String sysPropertyName = matchPattern.group(1);
+            String sysPropertyValue = System.getProperty(sysPropertyName);
+            if (sysPropertyValue != null && !sysPropertyName.isEmpty()) {
+                urlWithPlaceholders = urlWithPlaceholders.replaceAll("\\$\\{(" + sysPropertyName + ")\\}", sysPropertyValue);
+            }
+        }
+        return urlWithPlaceholders;
+    }
+
 }

components/webapp-authenticator-framework/org.wso2.carbon.webapp.authenticator.framework/src/main/java/org/wso2/carbon/webapp/authenticator/framework/authenticator/BSTAuthenticator.java

@@ -66,7 +66,7 @@ public class BSTAuthenticator implements WebappAuthenticator {
                     "are not provided");
         }
 
-        String url = this.properties.getProperty("TokenValidationEndpointUrl");
+        String url = Utils.replaceSystemProperty(this.properties.getProperty("TokenValidationEndpointUrl"));
         if ((url == null) || (url.isEmpty())) {
             throw new IllegalArgumentException("OAuth token validation endpoint url is not provided");
         }

components/webapp-authenticator-framework/org.wso2.carbon.webapp.authenticator.framework/src/main/java/org/wso2/carbon/webapp/authenticator/framework/authenticator/OAuthAuthenticator.java

@@ -55,7 +55,7 @@ public class OAuthAuthenticator implements WebappAuthenticator {
                     "are not provided");
         }
 
-        String url = this.properties.getProperty("TokenValidationEndpointUrl");
+        String url = Utils.replaceSystemProperty(this.properties.getProperty("TokenValidationEndpointUrl"));
         if ((url == null) || (url.isEmpty())) {
             throw new IllegalArgumentException("OAuth token validation endpoint url is not provided");
         }

features/apimgt-extensions/org.wso2.carbon.apimgt.webapp.publisher.feature/src/main/resources/conf/webapp-publisher-config.xml

@@ -24,7 +24,7 @@
 <WebappPublisherConfigs>
 
     <!-- This host is used to define the host address which is used to publish APIs -->
-    <Host>https://localhost:${carbon.https.port}</Host>
+    <Host>https://${iot.core.host}:${iot.core.https.port}</Host>
 
     <!-- If it is true, the APIs of this instance will be published to the defined host -->
     <PublishAPI>true</PublishAPI>

features/webapp-authenticator-framework/org.wso2.carbon.webapp.authenticator.framework.server.feature/src/main/resources/conf/webapp-authenticator-config.xml

@@ -5,7 +5,7 @@
 			<ClassName>org.wso2.carbon.webapp.authenticator.framework.authenticator.OAuthAuthenticator</ClassName>
             <Parameters>
                 <Parameter Name="IsRemote">false</Parameter>
-                <Parameter Name="TokenValidationEndpointUrl">https://localhost:9443</Parameter>
+                <Parameter Name="TokenValidationEndpointUrl">https://${iot.keymanager.host}:${iot.keymanager.https.port}</Parameter>
                 <Parameter Name="Username">admin</Parameter>
                 <Parameter Name="Password">admin</Parameter>
                 <Parameter Name="MaxTotalConnections">100</Parameter>
@@ -23,6 +23,7 @@
 				<!--Issuers list and corresponding cert alias-->
                 <Parameter Name="wso2.org/products/am">wso2carbon</Parameter>
 				<Parameter Name="wso2.org/products/iot">wso2carbon</Parameter>
+				<Parameter Name="wso2.org/products/analytics">wso2carbon</Parameter>
             </Parameters>
         </Authenticator>
         <Authenticator>
@@ -34,7 +35,7 @@
             <ClassName>org.wso2.carbon.webapp.authenticator.framework.authenticator.BSTAuthenticator</ClassName>
             <Parameters>
                 <Parameter Name="IsRemote">false</Parameter>
-                <Parameter Name="TokenValidationEndpointUrl">https://localhost:9443</Parameter>
+                <Parameter Name="TokenValidationEndpointUrl">https://${iot.keymanager.host}:${iot.keymanager.https.port}</Parameter>
                 <Parameter Name="Username">admin</Parameter>
                 <Parameter Name="Password">admin</Parameter>
                 <Parameter Name="MaxTotalConnections">100</Parameter>