mirror of
https://repository.entgra.net/community/device-mgt-core.git
synced 2025-10-06 02:01:45 +00:00
Merge branch 'master' of https://github.com/wso2/carbon-device-mgt into 330-release
This commit is contained in:
geethkokila
commit
366ee009b4
@ -110,7 +110,8 @@
|
|||||||
org.wso2.carbon.identity.base;version="${carbon.identity.framework.version.range}",
|
org.wso2.carbon.identity.base;version="${carbon.identity.framework.version.range}",
|
||||||
org.wso2.carbon.identity.oauth2.*;version="${carbon.identity.framework.version.range}",
|
org.wso2.carbon.identity.oauth2.*;version="${carbon.identity.framework.version.range}",
|
||||||
org.wso2.carbon.utils.multitenancy,
|
org.wso2.carbon.utils.multitenancy,
|
||||||
org.apache.oltu.oauth2.common.validators
|
org.apache.oltu.oauth2.common.validators,
|
||||||
|
org.apache.commons.lang3.tuple,
|
||||||
</Import-Package>
|
</Import-Package>
|
||||||
</instructions>
|
</instructions>
|
||||||
</configuration>
|
</configuration>
|
||||||
|
|||||||
@ -28,11 +28,9 @@ import org.wso2.carbon.identity.core.util.IdentityTenantUtil;
|
|||||||
import org.wso2.carbon.identity.oauth.cache.CacheEntry;
|
import org.wso2.carbon.identity.oauth.cache.CacheEntry;
|
||||||
import org.wso2.carbon.identity.oauth.cache.OAuthCache;
|
import org.wso2.carbon.identity.oauth.cache.OAuthCache;
|
||||||
import org.wso2.carbon.identity.oauth.cache.OAuthCacheKey;
|
import org.wso2.carbon.identity.oauth.cache.OAuthCacheKey;
|
||||||
import org.wso2.carbon.identity.oauth.config.OAuthServerConfiguration;
|
|
||||||
import org.wso2.carbon.identity.oauth2.IdentityOAuth2Exception;
|
import org.wso2.carbon.identity.oauth2.IdentityOAuth2Exception;
|
||||||
import org.wso2.carbon.identity.oauth2.dao.OAuthScopeDAO;
|
|
||||||
import org.wso2.carbon.identity.oauth2.dao.OAuthScopeDAOImpl;
|
import org.wso2.carbon.identity.oauth2.dao.OAuthScopeDAOImpl;
|
||||||
import org.wso2.carbon.identity.oauth2.dao.TokenMgtDAO;
|
import org.wso2.carbon.identity.oauth2.dao.TokenManagementDAOImpl;
|
||||||
import org.wso2.carbon.identity.oauth2.model.AccessTokenDO;
|
import org.wso2.carbon.identity.oauth2.model.AccessTokenDO;
|
||||||
import org.wso2.carbon.identity.oauth2.model.ResourceScopeCacheEntry;
|
import org.wso2.carbon.identity.oauth2.model.ResourceScopeCacheEntry;
|
||||||
import org.wso2.carbon.identity.oauth2.validators.OAuth2ScopeValidator;
|
import org.wso2.carbon.identity.oauth2.validators.OAuth2ScopeValidator;
|
||||||
@ -64,12 +62,12 @@ public class ExtendedJDBCScopeValidator extends OAuth2ScopeValidator {
|
|||||||
}
|
}
|
||||||
|
|
||||||
String resourceScope = null;
|
String resourceScope = null;
|
||||||
// TokenMgtDAO tokenMgtDAO = new TokenMgtDAO();
|
|
||||||
OAuthScopeDAOImpl scopeDAO = new OAuthScopeDAOImpl();
|
OAuthScopeDAOImpl scopeDAO = new OAuthScopeDAOImpl();
|
||||||
|
TokenManagementDAOImpl tokenManagementDAO = new TokenManagementDAOImpl();
|
||||||
boolean cacheHit = false;
|
boolean cacheHit = false;
|
||||||
|
|
||||||
// Check the cache, if caching is enabled.
|
// Check the cache, if caching is enabled.
|
||||||
if (OAuthServerConfiguration.getInstance().isCacheEnabled()) {
|
if (OAuthCache.getInstance().isEnabled()) {
|
||||||
OAuthCache oauthCache = OAuthCache.getInstance();
|
OAuthCache oauthCache = OAuthCache.getInstance();
|
||||||
OAuthCacheKey cacheKey = new OAuthCacheKey(resource);
|
OAuthCacheKey cacheKey = new OAuthCacheKey(resource);
|
||||||
CacheEntry result = oauthCache.getValueFromCache(cacheKey);
|
CacheEntry result = oauthCache.getValueFromCache(cacheKey);
|
||||||
@ -82,9 +80,9 @@ public class ExtendedJDBCScopeValidator extends OAuth2ScopeValidator {
|
|||||||
}
|
}
|
||||||
|
|
||||||
if (!cacheHit) {
|
if (!cacheHit) {
|
||||||
resourceScope = scopeDAO.findScopeOfResource(resource);
|
resourceScope = tokenManagementDAO.findTenantAndScopeOfResource(resource).getKey();
|
||||||
|
|
||||||
if (OAuthServerConfiguration.getInstance().isCacheEnabled()) {
|
if (OAuthCache.getInstance().isEnabled()) {
|
||||||
OAuthCache oauthCache = OAuthCache.getInstance();
|
OAuthCache oauthCache = OAuthCache.getInstance();
|
||||||
OAuthCacheKey cacheKey = new OAuthCacheKey(resource);
|
OAuthCacheKey cacheKey = new OAuthCacheKey(resource);
|
||||||
ResourceScopeCacheEntry cacheEntry = new ResourceScopeCacheEntry(resourceScope);
|
ResourceScopeCacheEntry cacheEntry = new ResourceScopeCacheEntry(resourceScope);
|
||||||
@ -114,8 +112,12 @@ public class ExtendedJDBCScopeValidator extends OAuth2ScopeValidator {
|
|||||||
}
|
}
|
||||||
|
|
||||||
try {
|
try {
|
||||||
|
User authorizedUser = accessTokenDO.getAuthzUser();
|
||||||
|
RealmService realmService = OAuthExtensionsDataHolder.getInstance().getRealmService();
|
||||||
|
int tenantId = realmService.getTenantManager().getTenantId(authorizedUser.getTenantDomain());
|
||||||
|
|
||||||
//Get the permissions associated with the scope, if any
|
//Get the permissions associated with the scope, if any
|
||||||
Set<String> permissionsOfScope = scopeDAO.getBindingsOfScopeByScopeName(resourceScope);
|
Set<String> permissionsOfScope = scopeDAO.getBindingsOfScopeByScopeName(resourceScope, tenantId);
|
||||||
|
|
||||||
//If the scope doesn't have any permissions associated with it.
|
//If the scope doesn't have any permissions associated with it.
|
||||||
if (permissionsOfScope == null || permissionsOfScope.isEmpty()) {
|
if (permissionsOfScope == null || permissionsOfScope.isEmpty()) {
|
||||||
@ -134,10 +136,6 @@ public class ExtendedJDBCScopeValidator extends OAuth2ScopeValidator {
|
|||||||
log.debug(logMessage.toString());
|
log.debug(logMessage.toString());
|
||||||
}
|
}
|
||||||
|
|
||||||
User authorizedUser = accessTokenDO.getAuthzUser();
|
|
||||||
RealmService realmService = OAuthExtensionsDataHolder.getInstance().getRealmService();
|
|
||||||
|
|
||||||
int tenantId = realmService.getTenantManager().getTenantId(authorizedUser.getTenantDomain());
|
|
||||||
|
|
||||||
if (tenantId == 0 || tenantId == -1) {
|
if (tenantId == 0 || tenantId == -1) {
|
||||||
tenantId = IdentityTenantUtil.getTenantIdOfUser(authorizedUser.getUserName());
|
tenantId = IdentityTenantUtil.getTenantIdOfUser(authorizedUser.getUserName());
|
||||||
|
|||||||
@ -27,9 +27,7 @@ import org.wso2.carbon.identity.application.common.model.User;
|
|||||||
import org.wso2.carbon.identity.core.util.IdentityTenantUtil;
|
import org.wso2.carbon.identity.core.util.IdentityTenantUtil;
|
||||||
import org.wso2.carbon.identity.oauth2.IdentityOAuth2Exception;
|
import org.wso2.carbon.identity.oauth2.IdentityOAuth2Exception;
|
||||||
import org.wso2.carbon.identity.oauth2.dao.OAuthScopeDAO;
|
import org.wso2.carbon.identity.oauth2.dao.OAuthScopeDAO;
|
||||||
import org.wso2.carbon.identity.oauth2.dao.OAuthScopeDAOImpl;
|
|
||||||
import org.wso2.carbon.identity.oauth2.dao.OAuthTokenPersistenceFactory;
|
import org.wso2.carbon.identity.oauth2.dao.OAuthTokenPersistenceFactory;
|
||||||
import org.wso2.carbon.identity.oauth2.dao.TokenMgtDAO;
|
|
||||||
import org.wso2.carbon.identity.oauth2.model.AccessTokenDO;
|
import org.wso2.carbon.identity.oauth2.model.AccessTokenDO;
|
||||||
import org.wso2.carbon.identity.oauth2.validators.OAuth2ScopeValidator;
|
import org.wso2.carbon.identity.oauth2.validators.OAuth2ScopeValidator;
|
||||||
import org.wso2.carbon.user.api.AuthorizationManager;
|
import org.wso2.carbon.user.api.AuthorizationManager;
|
||||||
@ -59,12 +57,7 @@ public class PermissionBasedScopeValidator extends OAuth2ScopeValidator {
|
|||||||
return true;
|
return true;
|
||||||
}
|
}
|
||||||
|
|
||||||
OAuthScopeDAO pp = OAuthTokenPersistenceFactory.getInstance().getOAuthScopeDAO();
|
OAuthScopeDAO authScopeDAO = OAuthTokenPersistenceFactory.getInstance().getOAuthScopeDAO();
|
||||||
int tid = PrivilegedCarbonContext.getThreadLocalCarbonContext().getTenantId();
|
|
||||||
|
|
||||||
// TokenMgtDAO tokenMgtDAO = new TokenMgtDAO();
|
|
||||||
OAuthScopeDAOImpl nn = new OAuthScopeDAOImpl();
|
|
||||||
|
|
||||||
List<String> scopeList = new ArrayList<>(Arrays.asList(scopes));
|
List<String> scopeList = new ArrayList<>(Arrays.asList(scopes));
|
||||||
|
|
||||||
//If the access token does not bear the scope required for accessing the Resource.
|
//If the access token does not bear the scope required for accessing the Resource.
|
||||||
@ -77,8 +70,16 @@ public class PermissionBasedScopeValidator extends OAuth2ScopeValidator {
|
|||||||
}
|
}
|
||||||
|
|
||||||
try {
|
try {
|
||||||
|
User authorizedUser = accessTokenDO.getAuthzUser();
|
||||||
|
RealmService realmService = OAuthExtensionsDataHolder.getInstance().getRealmService();
|
||||||
|
|
||||||
|
int tenantId = realmService.getTenantManager().getTenantId(authorizedUser.getTenantDomain());
|
||||||
|
|
||||||
|
if (tenantId == 0 || tenantId == -1) {
|
||||||
|
tenantId = IdentityTenantUtil.getTenantIdOfUser(authorizedUser.getUserName());
|
||||||
|
}
|
||||||
//Get the permissions associated with the scope, if any
|
//Get the permissions associated with the scope, if any
|
||||||
Set<String> permissionsOfScope = pp.getBindingsOfScopeByScopeName(resourceScope, tid);
|
Set<String> permissionsOfScope = authScopeDAO.getBindingsOfScopeByScopeName(resourceScope, tenantId);
|
||||||
|
|
||||||
//If the scope doesn't have any permissions associated with it.
|
//If the scope doesn't have any permissions associated with it.
|
||||||
if (permissionsOfScope == null || permissionsOfScope.isEmpty()) {
|
if (permissionsOfScope == null || permissionsOfScope.isEmpty()) {
|
||||||
@ -97,15 +98,6 @@ public class PermissionBasedScopeValidator extends OAuth2ScopeValidator {
|
|||||||
log.debug(logMessage.toString());
|
log.debug(logMessage.toString());
|
||||||
}
|
}
|
||||||
|
|
||||||
User authorizedUser = accessTokenDO.getAuthzUser();
|
|
||||||
RealmService realmService = OAuthExtensionsDataHolder.getInstance().getRealmService();
|
|
||||||
|
|
||||||
int tenantId = realmService.getTenantManager().getTenantId(authorizedUser.getTenantDomain());
|
|
||||||
|
|
||||||
if (tenantId == 0 || tenantId == -1) {
|
|
||||||
tenantId = IdentityTenantUtil.getTenantIdOfUser(authorizedUser.getUserName());
|
|
||||||
}
|
|
||||||
|
|
||||||
AuthorizationManager authorizationManager;
|
AuthorizationManager authorizationManager;
|
||||||
String[] userRoles;
|
String[] userRoles;
|
||||||
boolean tenantFlowStarted = false;
|
boolean tenantFlowStarted = false;
|
||||||
|
|||||||
@ -29,7 +29,6 @@ import org.wso2.carbon.identity.core.util.IdentityTenantUtil;
|
|||||||
import org.wso2.carbon.identity.core.util.IdentityUtil;
|
import org.wso2.carbon.identity.core.util.IdentityUtil;
|
||||||
import org.wso2.carbon.identity.oauth2.IdentityOAuth2Exception;
|
import org.wso2.carbon.identity.oauth2.IdentityOAuth2Exception;
|
||||||
import org.wso2.carbon.identity.oauth2.dao.OAuthScopeDAOImpl;
|
import org.wso2.carbon.identity.oauth2.dao.OAuthScopeDAOImpl;
|
||||||
import org.wso2.carbon.identity.oauth2.dao.TokenMgtDAO;
|
|
||||||
import org.wso2.carbon.identity.oauth2.model.AccessTokenDO;
|
import org.wso2.carbon.identity.oauth2.model.AccessTokenDO;
|
||||||
import org.wso2.carbon.identity.oauth2.validators.OAuth2ScopeValidator;
|
import org.wso2.carbon.identity.oauth2.validators.OAuth2ScopeValidator;
|
||||||
import org.wso2.carbon.user.api.UserStoreException;
|
import org.wso2.carbon.user.api.UserStoreException;
|
||||||
@ -62,9 +61,7 @@ public class RoleBasedScopeValidator extends OAuth2ScopeValidator {
|
|||||||
return true;
|
return true;
|
||||||
}
|
}
|
||||||
|
|
||||||
// TokenMgtDAO tokenMgtDAO = new TokenMgtDAO();
|
|
||||||
OAuthScopeDAOImpl scopeDAO = new OAuthScopeDAOImpl();
|
OAuthScopeDAOImpl scopeDAO = new OAuthScopeDAOImpl();
|
||||||
|
|
||||||
List<String> scopeList = new ArrayList<>(Arrays.asList(scopes));
|
List<String> scopeList = new ArrayList<>(Arrays.asList(scopes));
|
||||||
|
|
||||||
//If the access token does not bear the scope required for accessing the Resource.
|
//If the access token does not bear the scope required for accessing the Resource.
|
||||||
@ -77,8 +74,15 @@ public class RoleBasedScopeValidator extends OAuth2ScopeValidator {
|
|||||||
}
|
}
|
||||||
|
|
||||||
try {
|
try {
|
||||||
|
User authzUser = accessTokenDO.getAuthzUser();
|
||||||
|
RealmService realmService = OAuthExtensionsDataHolder.getInstance().getRealmService();
|
||||||
|
int tenantId = realmService.getTenantManager().getTenantId(authzUser.getTenantDomain());
|
||||||
|
if (tenantId == 0 || tenantId == -1) {
|
||||||
|
tenantId = IdentityTenantUtil.getTenantIdOfUser(authzUser.getUserName());
|
||||||
|
}
|
||||||
|
|
||||||
//Get the roles associated with the scope, if any
|
//Get the roles associated with the scope, if any
|
||||||
Set<String> rolesOfScope = scopeDAO.getBindingsOfScopeByScopeName(resourceScope);
|
Set<String> rolesOfScope = scopeDAO.getBindingsOfScopeByScopeName(resourceScope, tenantId);
|
||||||
|
|
||||||
//If the scope doesn't have any roles associated with it.
|
//If the scope doesn't have any roles associated with it.
|
||||||
if(rolesOfScope == null || rolesOfScope.isEmpty()){
|
if(rolesOfScope == null || rolesOfScope.isEmpty()){
|
||||||
@ -97,16 +101,6 @@ public class RoleBasedScopeValidator extends OAuth2ScopeValidator {
|
|||||||
log.debug(logMessage.toString());
|
log.debug(logMessage.toString());
|
||||||
}
|
}
|
||||||
|
|
||||||
User authzUser = accessTokenDO.getAuthzUser();
|
|
||||||
RealmService realmService = OAuthExtensionsDataHolder.getInstance().getRealmService();
|
|
||||||
|
|
||||||
int tenantId = realmService.getTenantManager().
|
|
||||||
getTenantId(authzUser.getTenantDomain());
|
|
||||||
|
|
||||||
if (tenantId == 0 || tenantId == -1) {
|
|
||||||
tenantId = IdentityTenantUtil.getTenantIdOfUser(authzUser.getUserName());
|
|
||||||
}
|
|
||||||
|
|
||||||
UserStoreManager userStoreManager;
|
UserStoreManager userStoreManager;
|
||||||
String[] userRoles;
|
String[] userRoles;
|
||||||
boolean tenantFlowStarted = false;
|
boolean tenantFlowStarted = false;
|
||||||
|
|||||||
Loading…
Reference in New Issue
Block a user