Improve web app authentication

Improve web app authentication to unsecure dynamic context paths and further improve app management APIs

components/application-mgt/org.wso2.carbon.device.application.mgt.api/src/main/java/org/wso2/carbon/device/application/mgt/api/services/ArtifactDownloadAPI.java

@@ -42,7 +42,7 @@ import javax.ws.rs.core.Response;
 @SwaggerDefinition(
         info = @Info(
                 version = "1.0.0",
-                title = "ApplicationDTO Management Common Service",
+                title = "Application Management Artifact Download Service",
                 extensions = {
                         @Extension(properties = {
                                 @ExtensionProperty(name = "name", value = "ApplicationManagementArtifactDownloadService"),

components/application-mgt/org.wso2.carbon.device.application.mgt.api/src/main/java/org/wso2/carbon/device/application/mgt/api/services/ConfigRetrieveAPI.java

@@ -40,17 +40,17 @@ import javax.ws.rs.core.Response;
 @SwaggerDefinition(
         info = @Info(
                 version = "1.0.0",
-                title = "ApplicationDTO Management Common Service",
+                title = "Application Management Config Retrieve Service",
                 extensions = {
                         @Extension(properties = {
-                                @ExtensionProperty(name = "name", value = "ApplicationManagementCommonService"),
+                                @ExtensionProperty(name = "name", value = "ApplicationManagementConfigRetrieveService"),
-                                @ExtensionProperty(name = "context", value = "/api/application-mgt/v1.0/configt"),
+                                @ExtensionProperty(name = "context", value = "/api/application-mgt/v1.0/config"),
                         })
                 }
         )
 )
 @Path("/config")
-@Api(value = "ApplicationDTO Management Common Service", description = "This API carries all application management common services")
+@Api(value = "ApplicationDTO Management Common Service")
 @Produces(MediaType.APPLICATION_JSON)
 public interface ConfigRetrieveAPI {
 

components/application-mgt/org.wso2.carbon.device.application.mgt.api/src/main/webapp/WEB-INF/web.xml

@@ -43,7 +43,7 @@
     </session-config>
     <context-param>
         <param-name>doAuthentication</param-name>
-        <param-value>false</param-value>
+        <param-value>true</param-value>
     </context-param>
 
     <!-- Below configuration is used to redirect http requests to https -->
@@ -117,4 +117,12 @@
         <url-pattern>/*</url-pattern>
     </filter-mapping>
 
+    <context-param>
+        <param-name>nonSecuredEndPoints</param-name>
+        <param-value>
+            /api/application-mgt/v1.0/artifact/.*,
+            /api/application-mgt/v1.0/config/.*
+        </param-value>
+    </context-param>
+
 </web-app>

components/application-mgt/org.wso2.carbon.device.application.mgt.common/src/main/java/org/wso2/carbon/device/application/mgt/common/services/ApplicationManager.java

@@ -30,6 +30,7 @@ import org.wso2.carbon.device.application.mgt.common.exception.RequestValidating
 import org.wso2.carbon.device.application.mgt.common.response.Application;
 import org.wso2.carbon.device.application.mgt.common.response.ApplicationRelease;
 import org.wso2.carbon.device.application.mgt.common.wrapper.ApplicationReleaseWrapper;
+import org.wso2.carbon.device.application.mgt.common.wrapper.ApplicationUpdateWrapper;
 import org.wso2.carbon.device.application.mgt.common.wrapper.ApplicationWrapper;
 
 import java.io.InputStream;
@@ -53,12 +54,12 @@ public interface ApplicationManager {
     /**
      * Updates an already existing application.
      *
-     * @param applicationWrapper Application that need to be updated.
+     * @param applicationUpdateWrapper Application data that need to be updated.
      * @param applicationId ID of the application
      * @return Updated Application
      * @throws ApplicationManagementException ApplicationDTO Management Exception
      */
-    void updateApplication(int applicationId, ApplicationWrapper applicationWrapper)
+    void updateApplication(int applicationId, ApplicationUpdateWrapper applicationUpdateWrapper)
             throws ApplicationManagementException;
 
     /**

components/application-mgt/org.wso2.carbon.device.application.mgt.common/src/main/java/org/wso2/carbon/device/application/mgt/common/wrapper/ApplicationUpdateWrapper.java

@@ -0,0 +1,99 @@
+/*
+ *   Copyright (c) 2017, WSO2 Inc. (http://www.wso2.org) All Rights Reserved.
+ *
+ *   WSO2 Inc. licenses this file to you under the Apache License,
+ *   Version 2.0 (the "License"); you may not use this file except
+ *   in compliance with the License.
+ *   You may obtain a copy of the License at
+ *
+ *   http://www.apache.org/licenses/LICENSE-2.0
+ *
+ *   Unless required by applicable law or agreed to in writing,
+ *   software distributed under the License is distributed on an
+ *   "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+ *   KIND, either express or implied.  See the License for the
+ *   specific language governing permissions and limitations
+ *   under the License.
+ *
+ */
+package org.wso2.carbon.device.application.mgt.common.wrapper;
+
+import io.swagger.annotations.ApiModel;
+import io.swagger.annotations.ApiModelProperty;
+
+import java.util.List;
+
+@ApiModel(value = "ApplicationWrapper", description = "ApplicationWrapper represents the an ApplicationDTO in ApplicationDTO Store")
+public class ApplicationUpdateWrapper {
+
+
+    @ApiModelProperty(name = "name",
+            value = "Name of the application",
+            required = true)
+    private String name;
+
+    @ApiModelProperty(name = "description",
+            value = "Description of the application",
+            required = true)
+    private String description;
+
+    @ApiModelProperty(name = "appCategory",
+            value = "CategoryDTO of the application",
+            required = true,
+            example = "Educational, Gaming, Travel, Entertainment etc")
+    private String appCategory;
+
+    @ApiModelProperty(name = "subType",
+            value = "Subscription type of the application",
+            required = true,
+            example = "PAID, FREE")
+    private String subType;
+
+    @ApiModelProperty(name = "paymentCurrency",
+            value = "Payment currency of the application",
+            required = true,
+            example = "$")
+    private String paymentCurrency;
+
+    @ApiModelProperty(name = "tags",
+            value = "List of application tags")
+    private List<String> tags;
+
+    @ApiModelProperty(name = "unrestrictedRoles",
+            value = "List of roles that users should have to access the application")
+    private List<String> unrestrictedRoles;
+
+    public String getName() {
+        return name;
+    }
+
+    public void setName(String name) { this.name = name; }
+
+    public String getAppCategory() {
+        return appCategory;
+    }
+
+    public void setAppCategory(String appCategory) {
+        this.appCategory = appCategory;
+    }
+
+    public List<String> getTags() { return tags; }
+
+    public void setTags(List<String> tags) { this.tags = tags; }
+
+    public String getSubType() { return subType; }
+
+    public void setSubType(String subType) { this.subType = subType; }
+
+    public String getPaymentCurrency() { return paymentCurrency; }
+
+    public void setPaymentCurrency(String paymentCurrency) { this.paymentCurrency = paymentCurrency; }
+
+    public List<String> getUnrestrictedRoles() { return unrestrictedRoles; }
+
+    public void setUnrestrictedRoles(List<String> unrestrictedRoles) { this.unrestrictedRoles = unrestrictedRoles; }
+
+    public String getDescription() { return description; }
+
+    public void setDescription(String description) { this.description = description; }
+}

components/application-mgt/org.wso2.carbon.device.application.mgt.core/src/main/java/org/wso2/carbon/device/application/mgt/core/dao/impl/application/GenericApplicationDAOImpl.java

@@ -507,10 +507,12 @@ public class GenericApplicationDAOImpl extends AbstractDAOImpl implements Applic
                     + "AP_APP_RELEASE.UUID AS RELEASE_UUID, "
                     + "AP_APP_RELEASE.RELEASE_TYPE AS RELEASE_TYPE, "
                     + "AP_APP_RELEASE.INSTALLER_LOCATION AS AP_RELEASE_STORED_LOC, "
+                    + "AP_APP_RELEASE.ICON_LOCATION AS AP_RELEASE_ICON_LOC, "
                     + "AP_APP_RELEASE.BANNER_LOCATION AS AP_RELEASE_BANNER_LOC, "
                     + "AP_APP_RELEASE.SC_1_LOCATION AS AP_RELEASE_SC1, "
                     + "AP_APP_RELEASE.SC_2_LOCATION AS AP_RELEASE_SC2, "
                     + "AP_APP_RELEASE.SC_3_LOCATION AS AP_RELEASE_SC3, "
+                    + "AP_APP_RELEASE.APP_HASH_VALUE AS RELEASE_HASH_VALUE, "
                     + "AP_APP_RELEASE.APP_PRICE AS RELEASE_PRICE, "
                     + "AP_APP_RELEASE.APP_META_INFO AS RELEASE_META_INFO, "
                     + "AP_APP_RELEASE.SUPPORTED_OS_VERSIONS AS RELEASE_SUP_OS_VERSIONS, "

components/application-mgt/org.wso2.carbon.device.application.mgt.core/src/main/java/org/wso2/carbon/device/application/mgt/core/impl/ApplicationManagerImpl.java

@@ -53,6 +53,7 @@ import org.wso2.carbon.device.application.mgt.common.response.ApplicationRelease
 import org.wso2.carbon.device.application.mgt.common.services.ApplicationManager;
 import org.wso2.carbon.device.application.mgt.common.services.ApplicationStorageManager;
 import org.wso2.carbon.device.application.mgt.common.wrapper.ApplicationReleaseWrapper;
+import org.wso2.carbon.device.application.mgt.common.wrapper.ApplicationUpdateWrapper;
 import org.wso2.carbon.device.application.mgt.common.wrapper.ApplicationWrapper;
 import org.wso2.carbon.device.application.mgt.core.config.ConfigurationManager;
 import org.wso2.carbon.device.application.mgt.core.dao.ApplicationDAO;
@@ -1423,7 +1424,7 @@ public class ApplicationManagerImpl implements ApplicationManager {
     }
 
     @Override
-    public void updateApplication(int applicationId, ApplicationWrapper applicationWrapper)
+    public void updateApplication(int applicationId, ApplicationUpdateWrapper applicationUpdateWrapper)
             throws ApplicationManagementException {
 
         int tenantId = PrivilegedCarbonContext.getThreadLocalCarbonContext().getTenantId(true);
@@ -1441,85 +1442,63 @@ public class ApplicationManagerImpl implements ApplicationManager {
                 throw new NotFoundException(msg);
             }
 
-            if (!StringUtils.isEmpty(applicationWrapper.getType()) && !applicationDTO.getType()
+            if (!StringUtils.isEmpty(applicationUpdateWrapper.getName())){
-                    .equals(applicationWrapper.getType())) {
-                String msg = "You are trying to change the application type and it is not "
-                        + "possible after you create an application. Therefore please remove this application and "
-                        + "publish new application with type: " + applicationWrapper.getType();
-                log.error(msg);
-                throw new BadRequestException(msg);
-            }
-
-            String deviceTypeName = applicationWrapper.getDeviceType();
-            if (!StringUtils.isEmpty(deviceTypeName)) {
-                DeviceType deviceType = getDeviceTypeData(deviceTypeName);
-                if (!deviceType.getName().equals(deviceTypeName)){
-                    String msg = "You are trying to change the compatible device type of the application type and it is "
-                            + "not possible after you create an application for device type. " + deviceTypeName  +
-                            "Therefore please remove this application and publish new application with device type: " +
-                            deviceTypeName;
-                    log.error(msg);
-                    throw new BadRequestException(msg);
-                }
-            }
-            if (!StringUtils.isEmpty(applicationWrapper.getName())){
                 Filter filter = new Filter();
                 filter.setFullMatch(true);
-                filter.setAppName(applicationWrapper.getName().trim());
+                filter.setAppName(applicationUpdateWrapper.getName().trim());
                 filter.setOffset(0);
                 filter.setLimit(1);
 
                 List<ApplicationDTO> applicationList = applicationDAO
                         .getApplications(filter, applicationDTO.getDeviceTypeId(), tenantId);
                 if (!applicationList.isEmpty()) {
-                    String msg = "Already an application registered with same name " + applicationWrapper.getName()
+                    String msg = "Already an application registered with same name " + applicationUpdateWrapper.getName()
                             + ". Hence you can't update the application name from " + applicationDTO.getName() + " to "
-                            + applicationWrapper.getName();
+                            + applicationUpdateWrapper.getName();
                     log.error(msg);
                     throw new BadRequestException(msg);
                 }
-                applicationDTO.setName(applicationWrapper.getName());
+                applicationDTO.setName(applicationUpdateWrapper.getName());
             }
-            if (!StringUtils.isEmpty(applicationWrapper.getSubType()) && !applicationDTO.getSubType()
+            if (!StringUtils.isEmpty(applicationUpdateWrapper.getSubType()) && !applicationDTO.getSubType()
-                    .equals(applicationWrapper.getSubType())) {
+                    .equals(applicationUpdateWrapper.getSubType())) {
-                if (!ApplicationSubscriptionType.PAID.toString().equals(applicationWrapper.getSubType())
+                if (!ApplicationSubscriptionType.PAID.toString().equals(applicationUpdateWrapper.getSubType())
-                        && !ApplicationSubscriptionType.FREE.toString().equals(applicationWrapper.getSubType())) {
+                        && !ApplicationSubscriptionType.FREE.toString().equals(applicationUpdateWrapper.getSubType())) {
                     String msg = "Invalid application subscription type is found with application updating request "
-                            + applicationWrapper.getSubType();
+                            + applicationUpdateWrapper.getSubType();
                     log.error(msg);
                     throw new BadRequestException(msg);
 
-                } else if (ApplicationSubscriptionType.FREE.toString().equals(applicationWrapper.getSubType()) && !StringUtils
+                } else if (ApplicationSubscriptionType.FREE.toString().equals(applicationUpdateWrapper.getSubType())
-                        .isEmpty(applicationWrapper.getPaymentCurrency())) {
+                        && !StringUtils.isEmpty(applicationUpdateWrapper.getPaymentCurrency())) {
                     String msg = "If you are going to change Non-Free app as Free app, "
                             + "currency attribute in the application updating payload should be null or \"\"";
                     log.error(msg);
                     throw new ApplicationManagementException(msg);
-                } else if (ApplicationSubscriptionType.PAID.toString().equals(applicationWrapper.getSubType())
+                } else if (ApplicationSubscriptionType.PAID.toString().equals(applicationUpdateWrapper.getSubType())
-                        && StringUtils.isEmpty(applicationWrapper.getPaymentCurrency()) ){
+                        && StringUtils.isEmpty(applicationUpdateWrapper.getPaymentCurrency()) ){
                     String msg = "If you are going to change Free app as Non-Free app, "
                             + "currency attribute in the application payload should not be null or \"\"";
                     log.error(msg);
                     throw new ApplicationManagementException(msg);
                 }
-
+                applicationDTO.setSubType(applicationUpdateWrapper.getSubType());
-                applicationDTO.setSubType(applicationWrapper.getSubType());
+                applicationDTO.setPaymentCurrency(applicationUpdateWrapper.getPaymentCurrency());
-                applicationDTO.setPaymentCurrency(applicationWrapper.getPaymentCurrency());
             }
 
-            if (!StringUtils.isEmpty(applicationWrapper.getDescription())){
+            if (!StringUtils.isEmpty(applicationUpdateWrapper.getDescription())){
-                applicationDTO.setDescription(applicationWrapper.getDescription());
+                applicationDTO.setDescription(applicationUpdateWrapper.getDescription());
             }
 
             List<String> appUnrestrictedRoles = this.visibilityDAO.getUnrestrictedRoles(applicationId, tenantId);
 
             boolean isExistingAppRestricted = !appUnrestrictedRoles.isEmpty();
-            boolean isUpdatingAppRestricted = !applicationWrapper.getUnrestrictedRoles().isEmpty();
+            boolean isUpdatingAppRestricted = !applicationUpdateWrapper.getUnrestrictedRoles().isEmpty();
 
             if (isExistingAppRestricted && !isUpdatingAppRestricted) {
                 visibilityDAO.deleteUnrestrictedRoles(appUnrestrictedRoles, applicationId, tenantId);
             } else if (isUpdatingAppRestricted) {
-                if (!hasUserRole(applicationWrapper.getUnrestrictedRoles(), userName)) {
+                if (!hasUserRole(applicationUpdateWrapper.getUnrestrictedRoles(), userName)) {
                     String msg =
                             "You are trying to restrict the visibility of visible application.But you are trying to "
                                     + "restrict the visibility to roles that there isn't at least one role is assigned "
@@ -1532,12 +1511,12 @@ public class ApplicationManagerImpl implements ApplicationManager {
 
                 if (!isExistingAppRestricted) {
                     visibilityDAO
-                            .addUnrestrictedRoles(applicationWrapper.getUnrestrictedRoles(), applicationId, tenantId);
+                            .addUnrestrictedRoles(applicationUpdateWrapper.getUnrestrictedRoles(), applicationId, tenantId);
                 } else {
-                    List<String> addingRoleList = getDifference(applicationWrapper.getUnrestrictedRoles(),
+                    List<String> addingRoleList = getDifference(applicationUpdateWrapper.getUnrestrictedRoles(),
                             applicationDTO.getUnrestrictedRoles());
                     List<String> removingRoleList = getDifference(applicationDTO.getUnrestrictedRoles(),
-                            applicationWrapper.getUnrestrictedRoles());
+                            applicationUpdateWrapper.getUnrestrictedRoles());
                     if (!addingRoleList.isEmpty()) {
                         visibilityDAO.addUnrestrictedRoles(addingRoleList, applicationId, tenantId);
                     }
@@ -1546,9 +1525,9 @@ public class ApplicationManagerImpl implements ApplicationManager {
                     }
                 }
             }
-            applicationDTO.setUnrestrictedRoles(applicationWrapper.getUnrestrictedRoles());
+            applicationDTO.setUnrestrictedRoles(applicationUpdateWrapper.getUnrestrictedRoles());
 
-            String updatingAppCategory = applicationWrapper.getAppCategory();
+            String updatingAppCategory = applicationUpdateWrapper.getAppCategory();
             if ( updatingAppCategory != null){
                 List<String> appCategories = this.applicationDAO.getAppCategories(applicationId, tenantId);
                 if (!appCategories.contains(updatingAppCategory)){
@@ -1556,7 +1535,8 @@ public class ApplicationManagerImpl implements ApplicationManager {
                     List<Integer> categoryIds = allCategories.stream()
                             .filter(category -> category.getCategoryName().equals(updatingAppCategory))
                             .map(CategoryDTO::getId).collect(Collectors.toList());
-                    if (!categoryIds.isEmpty()){
+                    if (categoryIds.isEmpty()){
+                        ConnectionManagerUtil.rollbackDBTransaction();
                         String msg =
                                 "You are trying to update application category into invalid application category, "
                                         + "it is not registered in the system. Therefore please register the category "
@@ -1568,7 +1548,7 @@ public class ApplicationManagerImpl implements ApplicationManager {
                 }
             }
 
-            List<String> updatingAppTags = applicationWrapper.getTags();
+            List<String> updatingAppTags = applicationUpdateWrapper.getTags();
             if ( updatingAppTags!= null){
                 List<String> appTags = this.applicationDAO.getAppTags(applicationId, tenantId);
                 List<String> addingTagList = getDifference(appTags, updatingAppTags);
@@ -1590,6 +1570,7 @@ public class ApplicationManagerImpl implements ApplicationManager {
                 }
             }
             if (!applicationDAO.updateApplication(applicationDTO, tenantId)){
+                ConnectionManagerUtil.rollbackDBTransaction();
                 String msg = "Any application is not updated for the application ID: " + applicationId;
                 log.error(msg);
                 throw new ApplicationManagementException(msg);

components/application-mgt/org.wso2.carbon.device.application.mgt.core/src/main/java/org/wso2/carbon/device/application/mgt/core/lifecycle/LifecycleStateManager.java

@@ -211,6 +211,23 @@ public class LifecycleStateManager {
         return endState;
     }
 
+    public String getInstallableState() throws LifecycleManagementException {
+        String installableState = null;
+        for (Map.Entry<String, State> stringStateEntry : lifecycleStates.entrySet()) {
+            if (stringStateEntry.getValue().isAppInstallable()) {
+                installableState = stringStateEntry.getKey();
+                break;
+            }
+        }
+        if (installableState == null){
+            String msg = "Haven't defined the installable state in the application-manager.xml. Please add installable "
+                    + "state to the <LifecycleStates> section in the app-manager.xml";
+            log.error(msg);
+            throw  new LifecycleManagementException(msg);
+        }
+        return installableState;
+    }
+
     public boolean isStateExist(String currentState) {
         for (Map.Entry<String, State> stringStateEntry : lifecycleStates.entrySet()) {
             if (stringStateEntry.getKey().equalsIgnoreCase(currentState)) {
@@ -220,22 +237,6 @@ public class LifecycleStateManager {
         return false;
     }
 
-    public boolean isUpdatable(String state) {
-        State currentState = getMatchingState(state);
-        if (currentState.isAppUpdatable()) {
-            return true;
-        }
-        return false;
-    }
-
-    public boolean isInstallable(String state) {
-        State currentState = getMatchingState(state);
-        if (currentState.isAppInstallable()) {
-            return true;
-        }
-        return false;
-    }
-
 
     public void setLifecycleStates(Map<String, State> lifecycleStates) {
         this.lifecycleStates = lifecycleStates;

components/application-mgt/org.wso2.carbon.device.application.mgt.core/src/test/java/org.wso2.carbon.device.application.mgt.core/LifecycleManagementTest.java

@@ -53,26 +53,26 @@ public class LifecycleManagementTest {
 
     @Test
     public void CheckUpdatableState() throws LifecycleManagementException {
-        boolean isUpdatable = lifecycleStateManager.isUpdatable(UPDATABLE_STATE);
+        boolean isUpdatable = lifecycleStateManager.isUpdatableState(UPDATABLE_STATE);
         System.out.println(isUpdatable);
         Assert.assertTrue("Updatable state: " + UPDATABLE_STATE, isUpdatable);
     }
 
     @Test
     public void CheckNonUpdatableState() throws LifecycleManagementException {
-        boolean isUpdatable = lifecycleStateManager.isUpdatable(NON_UPDATABLE_STATE);
+        boolean isUpdatable = lifecycleStateManager.isUpdatableState(NON_UPDATABLE_STATE);
         Assert.assertFalse("Non Updatable state: " + NON_UPDATABLE_STATE, isUpdatable);
     }
 
     @Test
     public void CheckInstallableState() throws LifecycleManagementException {
-        boolean isInstallable = lifecycleStateManager.isInstallable(INSTALLABLE_STATE);
+        boolean isInstallable = lifecycleStateManager.isInstallableState(INSTALLABLE_STATE);
         Assert.assertTrue("Installable state: " + INSTALLABLE_STATE, isInstallable);
     }
 
     @Test
     public void CheckUnInstallableState() throws LifecycleManagementException {
-        boolean isInstallable = lifecycleStateManager.isInstallable(UNINSTALlABLE_STATE);
+        boolean isInstallable = lifecycleStateManager.isInstallableState(UNINSTALlABLE_STATE);
         Assert.assertFalse("UnInstallable state: " + UNINSTALlABLE_STATE, isInstallable);
     }
 

components/application-mgt/org.wso2.carbon.device.application.mgt.publisher.api/src/main/java/org/wso2/carbon/device/application/mgt/publisher/api/services/ApplicationManagementPublisherAPI.java

@@ -32,12 +32,14 @@ import org.apache.cxf.jaxrs.ext.multipart.Attachment;
 import org.apache.cxf.jaxrs.ext.multipart.Multipart;
 import org.wso2.carbon.apimgt.annotations.api.Scope;
 import org.wso2.carbon.apimgt.annotations.api.Scopes;
-import org.wso2.carbon.device.application.mgt.common.*;
+import org.wso2.carbon.device.application.mgt.common.ApplicationList;
 import org.wso2.carbon.device.application.mgt.common.ErrorResponse;
+import org.wso2.carbon.device.application.mgt.common.Filter;
 import org.wso2.carbon.device.application.mgt.common.dto.ApplicationDTO;
 import org.wso2.carbon.device.application.mgt.common.dto.ApplicationReleaseDTO;
 import org.wso2.carbon.device.application.mgt.common.response.ApplicationRelease;
 import org.wso2.carbon.device.application.mgt.common.wrapper.ApplicationReleaseWrapper;
+import org.wso2.carbon.device.application.mgt.common.wrapper.ApplicationUpdateWrapper;
 import org.wso2.carbon.device.application.mgt.common.wrapper.ApplicationWrapper;
 
 import java.util.List;
@@ -60,17 +62,16 @@ import javax.ws.rs.core.Response;
 @SwaggerDefinition(
         info = @Info(
                 version = "1.0.0",
-                title = "ApplicationDTO Management Service",
+                title = "ApplicationDTO Management Publisher Service",
                 extensions = {
                         @Extension(properties = {
-                                @ExtensionProperty(name = "name", value = "ApplicationManagementService"),
+                                @ExtensionProperty(name = "name", value = "ApplicationManagementPublisherService"),
-                                @ExtensionProperty(name = "context", value = "/api/application-mgt/v1.0/applications"),
+                                @ExtensionProperty(name = "context", value = "/api/application-mgt-publisher/v1.0/applications"),
                         })
                 }
         ),
         tags = {
-                @Tag(name = "application_management, device_management", description = "ApplicationDTO Management related "
+                @Tag(name = "application_management, device_management", description = "App publisher related APIs")
-                        + "APIs")
         }
 )
 @Scopes(
@@ -79,21 +80,21 @@ import javax.ws.rs.core.Response;
                         name = "Get ApplicationDTO Details",
                         description = "Get application details",
                         key = "perm:app:publisher:view",
-                        permissions = {"/device-mgt/application/view"}
+                        permissions = {"/app-mgt/publisher/application/update"}
                 ),
                 @Scope(
                         name = "Update an ApplicationDTO",
                         description = "Update an application",
                         key = "perm:app:publisher:update",
-                        permissions = {"/device-mgt/application/update"}
+                        permissions = {"/app-mgt/publisher/application/update"}
                 )
         }
 )
-@Path("/publisher/applications")
+@Path("/applications")
 @Api(value = "ApplicationDTO Management", description = "This API carries all application management related operations " +
         "such as get all the applications, add application, etc.")
 @Produces(MediaType.APPLICATION_JSON)
-public interface ApplicationManagementAPI {
+public interface ApplicationManagementPublisherAPI {
 
     String SCOPE = "scope";
 
@@ -193,7 +194,7 @@ public interface ApplicationManagementAPI {
             tags = "ApplicationDTO Management",
             extensions = {
                     @Extension(properties = {
-                            @ExtensionProperty(name = SCOPE, value = "perm:app:publisher:update")
+                            @ExtensionProperty(name = SCOPE, value = "perm:app:update")
                     })
             }
     )
@@ -220,9 +221,9 @@ public interface ApplicationManagementAPI {
             @PathParam("appId") int appId,
             @ApiParam(
                     name = "application",
-                    value = "The application that need to be edited.",
+                    value = "Application data that need to be edited.",
                     required = true)
-            @Valid ApplicationWrapper applicationWrapper
+            @Valid ApplicationUpdateWrapper applicationUpdateWrapper
     );
 
     @POST
@@ -237,7 +238,7 @@ public interface ApplicationManagementAPI {
             tags = "ApplicationDTO Management",
             extensions = {
                     @Extension(properties = {
-                            @ExtensionProperty(name = SCOPE, value = "perm:app:publisher:update")
+                            @ExtensionProperty(name = SCOPE, value = "perm:app:update")
                     })
             }
     )
@@ -307,7 +308,7 @@ public interface ApplicationManagementAPI {
             tags = "ApplicationDTO Management",
             extensions = {
                     @Extension(properties = {
-                            @ExtensionProperty(name = SCOPE, value = "perm:app:publisher:update")
+                            @ExtensionProperty(name = SCOPE, value = "perm:app:update")
                     })
             }
     )
@@ -386,7 +387,7 @@ public interface ApplicationManagementAPI {
             tags = "ApplicationDTO Management",
             extensions = {
                     @Extension(properties = {
-                            @ExtensionProperty(name = SCOPE, value = "perm:app:publisher:update")
+                            @ExtensionProperty(name = SCOPE, value = "perm:app:update")
                     })
             }
     )
@@ -398,7 +399,7 @@ public interface ApplicationManagementAPI {
                             response = List.class),
                     @ApiResponse(
                             code = 500,
-                            message = "Internal Server Error. \n Error occurred while deleteing the application.",
+                            message = "Internal Server Error. \n Error occurred while deleting the application.",
                             response = ErrorResponse.class)
             })
     Response deleteApplication(
@@ -422,7 +423,7 @@ public interface ApplicationManagementAPI {
             tags = "ApplicationDTO Management",
             extensions = {
                     @Extension(properties = {
-                            @ExtensionProperty(name = SCOPE, value = "perm:app:publisher:update")
+                            @ExtensionProperty(name = SCOPE, value = "perm:app:update")
                     })
             }
     )
@@ -493,7 +494,7 @@ public interface ApplicationManagementAPI {
             tags = "ApplicationDTO Management",
             extensions = {
                     @Extension(properties = {
-                            @ExtensionProperty(name = SCOPE, value = "perm:app:publisher:update")
+                            @ExtensionProperty(name = SCOPE, value = "perm:app:update")
                     })
             }
     )
@@ -546,7 +547,7 @@ public interface ApplicationManagementAPI {
             tags = "ApplicationDTO Management",
             extensions = {
                     @Extension(properties = {
-                            @ExtensionProperty(name = SCOPE, value = "perm:app:publisher:update")
+                            @ExtensionProperty(name = SCOPE, value = "perm:app:update")
                     })
             }
     )
@@ -594,7 +595,7 @@ public interface ApplicationManagementAPI {
             tags = "Lifecycle Management",
             extensions = {
                     @Extension(properties = {
-                            @ExtensionProperty(name = SCOPE, value = "perm:app:publisher:view")
+                            @ExtensionProperty(name = SCOPE, value = "perm:app:update")
                     })
             }
     )
@@ -626,7 +627,7 @@ public interface ApplicationManagementAPI {
             tags = "Lifecycle Management",
             extensions = {
                     @Extension(properties = {
-                            @ExtensionProperty(name = SCOPE, value = "perm:app:publisher:update")
+                            @ExtensionProperty(name = SCOPE, value = "perm:app:update")
                     })
             }
     )

components/application-mgt/org.wso2.carbon.device.application.mgt.publisher.api/src/main/java/org/wso2/carbon/device/application/mgt/publisher/api/services/impl/ApplicationManagementPublisherAPIImpl.java

@@ -30,11 +30,12 @@ import org.wso2.carbon.device.application.mgt.common.exception.RequestValidating
 import org.wso2.carbon.device.application.mgt.common.response.Application;
 import org.wso2.carbon.device.application.mgt.common.response.ApplicationRelease;
 import org.wso2.carbon.device.application.mgt.common.wrapper.ApplicationReleaseWrapper;
+import org.wso2.carbon.device.application.mgt.common.wrapper.ApplicationUpdateWrapper;
 import org.wso2.carbon.device.application.mgt.common.wrapper.ApplicationWrapper;
 import org.wso2.carbon.device.application.mgt.core.exception.BadRequestException;
 import org.wso2.carbon.device.application.mgt.core.exception.ForbiddenException;
 import org.wso2.carbon.device.application.mgt.core.util.APIUtil;
-import org.wso2.carbon.device.application.mgt.publisher.api.services.ApplicationManagementAPI;
+import org.wso2.carbon.device.application.mgt.publisher.api.services.ApplicationManagementPublisherAPI;
 import org.wso2.carbon.device.application.mgt.common.exception.ApplicationManagementException;
 import org.wso2.carbon.device.application.mgt.common.services.ApplicationManager;
 import org.wso2.carbon.device.application.mgt.common.services.ApplicationStorageManager;
@@ -50,7 +51,6 @@ import javax.activation.DataHandler;
 import javax.validation.Valid;
 import javax.ws.rs.Consumes;
 import javax.ws.rs.DELETE;
-import javax.ws.rs.DefaultValue;
 import javax.ws.rs.GET;
 import javax.ws.rs.POST;
 import javax.ws.rs.PUT;
@@ -66,9 +66,7 @@ import javax.ws.rs.core.Response;
  */
 @Produces({"application/json"})
 @Path("/applications")
-public class ApplicationManagementAPIImpl implements ApplicationManagementAPI {
+public class ApplicationManagementPublisherAPIImpl implements ApplicationManagementPublisherAPI {
-
-    private static Log log = LogFactory.getLog(ApplicationManagementAPIImpl.class);
 
     @POST
     @Override
@@ -319,10 +317,10 @@ public class ApplicationManagementAPIImpl implements ApplicationManagementAPI {
     @Path("/{appId}")
     public Response updateApplication(
             @PathParam("appId") int applicationId,
-            @Valid ApplicationWrapper applicationWrapper) {
+            @Valid ApplicationUpdateWrapper applicationUpdateWrapper) {
         ApplicationManager applicationManager = APIUtil.getApplicationManager();
         try {
-            applicationManager.updateApplication(applicationId, applicationWrapper);
+            applicationManager.updateApplication(applicationId, applicationUpdateWrapper);
             return Response.status(Response.Status.OK)
                     .entity("Application was updated successfully for ApplicationID: " + applicationId).build();
         } catch (NotFoundException e) {

components/application-mgt/org.wso2.carbon.device.application.mgt.publisher.api/src/main/webapp/WEB-INF/cxf-servlet.xml

@@ -52,7 +52,7 @@
     <bean id="swaggerWriter" class="io.swagger.jaxrs.listing.SwaggerSerializers" />
     <bean id="swaggerResource" class="io.swagger.jaxrs.listing.ApiListingResource" />
 
-    <bean id="applicationMgtServiceBean" class="org.wso2.carbon.device.application.mgt.publisher.api.services.impl.ApplicationManagementAPIImpl"/>
+    <bean id="applicationMgtServiceBean" class="org.wso2.carbon.device.application.mgt.publisher.api.services.impl.ApplicationManagementPublisherAPIImpl"/>
     <bean id="jsonProvider" class="org.wso2.carbon.device.application.mgt.addons.JSONMessageHandler"/>
     <bean id="multipartProvider" class="org.wso2.carbon.device.application.mgt.addons.MultipartCustomProvider"/>
 

components/application-mgt/org.wso2.carbon.device.application.mgt.store.api/src/main/java/org/wso2/carbon/device/application/mgt/store/api/services/ApplicationManagementAPI.java

@@ -68,7 +68,7 @@ import javax.ws.rs.core.Response;
                         name = "Get ApplicationDTO Details",
                         description = "Get application details",
                         key = "perm:app:store:view",
-                        permissions = {"/device-mgt/application/get"}
+                        permissions = {"/app-mgt/store/application/view"}
                 )
         }
 )
@@ -92,7 +92,7 @@ public interface ApplicationManagementAPI {
             tags = "ApplicationDTO Management",
             extensions = {
                     @Extension(properties = {
-                            @ExtensionProperty(name = SCOPE, value = "perm:application:get")
+                            @ExtensionProperty(name = SCOPE, value = "perm:app:store:view")
                     })
             }
     )
@@ -155,7 +155,7 @@ public interface ApplicationManagementAPI {
             tags = "ApplicationDTO Management",
             extensions = {
                     @Extension(properties = {
-                            @ExtensionProperty(name = SCOPE, value = "perm:application:get")
+                            @ExtensionProperty(name = SCOPE, value = "perm:app:store:view")
                     })
             }
     )

components/application-mgt/org.wso2.carbon.device.application.mgt.store.api/src/main/java/org/wso2/carbon/device/application/mgt/store/api/services/ReviewManagementAPI.java

@@ -72,13 +72,13 @@ import java.util.List;
                         name = "Get Review Details",
                         description = "Get review details",
                         key = "perm:app:review:view",
-                        permissions = {"/device-mgt/review/view"}
+                        permissions = {"/app-mgt/store/review/view"}
                 ),
                 @Scope(
                         name = "Update a Review",
                         description = "Update a comment",
                         key = "perm:app:review:update",
-                        permissions = {"/device-mgt/review/update"}
+                        permissions = {"/app-mgt/store/review/update"}
                 ),
         }
 )

components/webapp-authenticator-framework/org.wso2.carbon.webapp.authenticator.framework/src/main/java/org/wso2/carbon/webapp/authenticator/framework/WebappAuthenticationValve.java

@@ -31,13 +31,14 @@ import org.wso2.carbon.webapp.authenticator.framework.authenticator.WebappAuthen
 import org.wso2.carbon.webapp.authenticator.framework.authorizer.WebappTenantAuthorizer;
 
 import javax.servlet.http.HttpServletResponse;
-import java.util.HashMap;
 import java.util.StringTokenizer;
+import java.util.TreeMap;
+import java.util.regex.Pattern;
 
 public class WebappAuthenticationValve extends CarbonTomcatValve {
 
     private static final Log log = LogFactory.getLog(WebappAuthenticationValve.class);
-    private static HashMap<String, String> nonSecuredEndpoints = new HashMap<>();
+    private static TreeMap<String, String> nonSecuredEndpoints = new TreeMap<>();
 
     @Override
     public void invoke(Request request, Response response, CompositeValve compositeValve) {
@@ -126,6 +127,7 @@ public class WebappAuthenticationValve extends CarbonTomcatValve {
         if (!nonSecuredEndpoints.containsKey(contextPath)) {
             String param = request.getContext().findParameter("nonSecuredEndPoints");
             String skippedEndPoint;
+            boolean isUriUnsecured = false;
             if (param != null && !param.isEmpty()) {
                 //Add the nonSecured end-points to cache
                 StringTokenizer tokenizer = new StringTokenizer(param, ",");
@@ -137,10 +139,23 @@ public class WebappAuthenticationValve extends CarbonTomcatValve {
                         skippedEndPoint = skippedEndPoint + "/";
                     }
                     nonSecuredEndpoints.put(skippedEndPoint, "true");
+                    if (uri.equals(skippedEndPoint) || Pattern.matches(skippedEndPoint, uri)){
+                        isUriUnsecured = true;
+                    }
+                }
+                return isUriUnsecured;
+            }
+        } else {
+            if (nonSecuredEndpoints.containsKey(uri)) {
+                return true;
+            }
+            for (String endpoint : nonSecuredEndpoints.keySet()) {
+                if (Pattern.matches(endpoint, uri)) {
+                    return true;
                 }
             }
         }
-        return nonSecuredEndpoints.containsKey(uri);
+        return false;
     }
 
     private void processRequest(Request request, Response response, CompositeValve compositeValve,

features/application-mgt/org.wso2.carbon.device.application.mgt.server.feature/src/main/resources/conf/application-mgt.xml

@@ -149,6 +149,7 @@
             <Scope>perm:app:review:update</Scope>
             <Scope>perm:app:publisher:view</Scope>
             <Scope>perm:app:publisher:update</Scope>
+            <Scope>perm:app:store:view</Scope>
         </Scopes>
         <SSOConfiguration>
             <Issuer>app-mgt</Issuer>