community/device-mgt-core
1
0
Fork 0
mirror of https://repository.entgra.net/community/device-mgt-core.git synced 2025-10-06 02:01:45 +00:00
Code Issues Packages Projects Releases Wiki Activity

Merge pull request #327 from milanperera/scope-impl

Browse Source 
Merging scope based authorization implementation
This commit is contained in:
Chatura Dilan 2016-08-08 20:02:33 +05:30 committed by GitHub
commit 72d84ebfbe
66 changed files with 2093 additions and 765 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

16
components/apimgt-extensions/org.wso2.carbon.apimgt.annotations/src/main/java/org/wso2/carbon/apimgt/annotations/api/Permission.java → components/apimgt-extensions/org.wso2.carbon.apimgt.annotations/src/main/java/org/wso2/carbon/apimgt/annotations/api/Scope.java
View File

@ -28,18 +28,24 @@ import java.lang.annotation.Target;
*/
@Target(ElementType.METHOD)
@Retention(RetentionPolicy.RUNTIME)
public @interface Permission {
public @interface Scope {
/**
* Represents the scope key which should be unique.
* @return Returns scope key.
*/
String key();
/**
* Represents the scope name.
* @return Returns scope name.
*/
String scope();
String name();
/**
* Represents the associated permissions.
* @return Returns list of permissions.
* Represents the scope description.
* @return Returns scope description.
*/
String[] permissions();
String description();
}

4
components/apimgt-extensions/org.wso2.carbon.apimgt.webapp.publisher/pom.xml
View File

@ -107,6 +107,10 @@
<groupId>javax.ws.rs</groupId>
<artifactId>javax.ws.rs-api</artifactId>
</dependency>
<dependency>
<groupId>org.wso2.carbon.devicemgt</groupId>
<artifactId>org.wso2.carbon.device.mgt.common</artifactId>
</dependency>
</dependencies>

50
components/apimgt-extensions/org.wso2.carbon.apimgt.webapp.publisher/src/main/java/org/wso2/carbon/apimgt/webapp/publisher/APIPublisherUtil.java
View File

@ -18,7 +18,6 @@
package org.wso2.carbon.apimgt.webapp.publisher;
import org.apache.commons.lang.StringUtils;
import org.apache.commons.logging.Log;
import org.apache.commons.logging.LogFactory;
import org.wso2.carbon.apimgt.api.APIManagementException;
@ -30,6 +29,10 @@ import org.wso2.carbon.apimgt.webapp.publisher.config.APIResourceConfiguration;
import org.wso2.carbon.apimgt.webapp.publisher.config.WebappPublisherConfig;
import org.wso2.carbon.base.MultitenantConstants;
import org.wso2.carbon.core.util.Utils;
import org.wso2.carbon.device.mgt.common.scope.mgt.ScopeManagementException;
import org.wso2.carbon.device.mgt.common.scope.mgt.ScopeManagementService;
import org.wso2.carbon.user.api.UserRealm;
import org.wso2.carbon.user.api.UserStoreException;
import javax.servlet.ServletContext;
import java.util.*;
@ -121,16 +124,18 @@ public class APIPublisherUtil {
if (scope != null) {
if (apiScopes.get(scope.getKey()) == null) {
apiScopes.put(scope.getKey(), scope);
} else {
existingScope = apiScopes.get(scope.getKey());
existingPermissions = existingScope.getRoles();
existingPermissions = getDistinctPermissions(existingPermissions + "," + scope.getRoles());
existingScope.setRoles(existingPermissions);
apiScopes.put(scope.getKey(), existingScope);
}
}
}
Set<Scope> scopes = new HashSet<>(apiScopes.values());
// adding existing persisted roles to the scopes
try {
setExistingRoles(scopes);
} catch (ScopeManagementException | UserStoreException e) {
throw new APIManagementException("Error occurred while retrieving roles for the existing scopes");
}
// set current scopes to API
api.setScopes(scopes);
// this has to be done because of the use of pass by reference
@ -307,9 +312,34 @@ public class APIPublisherUtil {
return apiConfig;
}
private static String getDistinctPermissions(String permissions) {
String[] unique = new HashSet<String>(Arrays.asList(permissions.split(","))).toArray(new String[0]);
return StringUtils.join(unique, ",");
/**
* This method is used to set the existing roles of the given scope.
*
* @param scopes List of scopes.
* @throws ScopeManagementException
*/
private static void setExistingRoles(Set<Scope> scopes) throws ScopeManagementException, UserStoreException {
String scopeKey;
String roles;
ScopeManagementService scopeManagementService = WebappPublisherUtil.getScopeManagementService();
UserRealm userRealm = WebappPublisherUtil.getUserRealm();
if (scopeManagementService == null) {
throw new ScopeManagementException("Error occurred while initializing scope management service");
} else if (userRealm == null) {
throw new UserStoreException("Error occurred while initializing realm service");
} else {
String adminRole = userRealm.getRealmConfiguration().getAdminRoleName();
for (Scope scope : scopes) {
scopeKey = scope.getKey();
roles = scopeManagementService.getRolesOfScope(scopeKey);
if (roles == null) {
roles = adminRole;
}
scope.setRoles(roles);
}
}
}
}

41
components/apimgt-extensions/org.wso2.carbon.apimgt.webapp.publisher/src/main/java/org/wso2/carbon/apimgt/webapp/publisher/WebappPublisherUtil.java
View File

@ -18,7 +18,16 @@
package org.wso2.carbon.apimgt.webapp.publisher;
import org.apache.commons.logging.Log;
import org.apache.commons.logging.LogFactory;
import org.w3c.dom.Document;
import org.wso2.carbon.context.CarbonContext;
import org.wso2.carbon.context.PrivilegedCarbonContext;
import org.wso2.carbon.device.mgt.common.scope.mgt.ScopeManagementService;
import org.wso2.carbon.user.api.UserRealm;
import org.wso2.carbon.user.api.UserStoreException;
import org.wso2.carbon.user.api.UserStoreManager;
import org.wso2.carbon.user.core.service.RealmService;
import javax.xml.XMLConstants;
import javax.xml.parsers.DocumentBuilder;
@ -31,6 +40,10 @@ import java.io.File;
*/
public class WebappPublisherUtil {
private static Log log = LogFactory.getLog(WebappPublisherUtil.class);
private static final int CARBON_SUPER = -1234;
public static Document convertToDocument(File file) throws WebappPublisherConfigurationFailedException {
DocumentBuilderFactory factory = DocumentBuilderFactory.newInstance();
factory.setNamespaceAware(true);
@ -44,4 +57,32 @@ public class WebappPublisherUtil {
}
}
public static ScopeManagementService getScopeManagementService() {
PrivilegedCarbonContext ctx = PrivilegedCarbonContext.getThreadLocalCarbonContext();
ScopeManagementService scopeManagementService =
(ScopeManagementService) ctx.getOSGiService(ScopeManagementService.class, null);
if (scopeManagementService == null) {
String msg = "Scope Management Service has not been initialized.";
log.error(msg);
throw new IllegalStateException(msg);
}
return scopeManagementService;
}
/**
* Getting the current tenant's user realm
*/
public static UserRealm getUserRealm() throws UserStoreException {
RealmService realmService;
UserRealm realm;
PrivilegedCarbonContext ctx = PrivilegedCarbonContext.getThreadLocalCarbonContext();
realmService = (RealmService) ctx.getOSGiService(RealmService.class, null);
if (realmService == null) {
throw new IllegalStateException("Realm service not initialized");
}
realm = realmService.getTenantUserRealm(CARBON_SUPER);
return realm;
}
}

45
components/apimgt-extensions/org.wso2.carbon.apimgt.webapp.publisher/src/main/java/org/wso2/carbon/apimgt/webapp/publisher/config/PermissionConfiguration.java
View File

@ -1,45 +0,0 @@
/*
* Copyright (c) 2016, WSO2 Inc. (http://www.wso2.org) All Rights Reserved.
*
* WSO2 Inc. licenses this file to you under the Apache License,
* Version 2.0 (the "License"); you may not use this file except
* in compliance with the License.
* You may obtain a copy of the License at
*
* http://www.apache.org/licenses/LICENSE-2.0
*
* Unless required by applicable law or agreed to in writing,
* software distributed under the License is distributed on an
* "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
* KIND, either express or implied. See the License for the
* specific language governing permissions and limitations
* under the License.
*/
package org.wso2.carbon.apimgt.webapp.publisher.config;
/**
* This class represents the information related to permissions.
*/
public class PermissionConfiguration {
private String scopeName;
private String[] permissions;
public String getScopeName() {
return scopeName;
}
public void setScopeName(String scope) {
this.scopeName = scope;
}
public String[] getPermissions() {
return permissions;
}
public void setPermissions(String[] permissions) {
this.permissions = permissions;
}
}

60
components/apimgt-extensions/org.wso2.carbon.apimgt.webapp.publisher/src/main/java/org/wso2/carbon/apimgt/webapp/publisher/config/PermissionManagementException.java
View File

@ -1,60 +0,0 @@
/*
* Copyright (c) 2015, WSO2 Inc. (http://www.wso2.org) All Rights Reserved.
*
* WSO2 Inc. licenses this file to you under the Apache License,
* Version 2.0 (the "License"); you may not use this file except
* in compliance with the License.
* you may obtain a copy of the License at
*
* http://www.apache.org/licenses/LICENSE-2.0
*
* Unless required by applicable law or agreed to in writing,
* software distributed under the License is distributed on an
* "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
* KIND, either express or implied. See the License for the
* specific language governing permissions and limitations
* under the License.
*/
package org.wso2.carbon.apimgt.webapp.publisher.config;
/**
* Custom exception class of Permission related operations.
*/
public class PermissionManagementException extends Exception {
private static final long serialVersionUID = -3151279311929070298L;
private String errorMessage;
public String getErrorMessage() {
return errorMessage;
}
public void setErrorMessage(String errorMessage) {
this.errorMessage = errorMessage;
}
public PermissionManagementException(String msg, Exception nestedEx) {
super(msg, nestedEx);
setErrorMessage(msg);
}
public PermissionManagementException(String message, Throwable cause) {
super(message, cause);
setErrorMessage(message);
}
public PermissionManagementException(String msg) {
super(msg);
setErrorMessage(msg);
}
public PermissionManagementException() {
super();
}
public PermissionManagementException(Throwable cause) {
super(cause);
}
}

65
components/apimgt-extensions/org.wso2.carbon.apimgt.webapp.publisher/src/main/java/org/wso2/carbon/apimgt/webapp/publisher/lifecycle/util/AnnotationProcessor.java
View File

@ -19,20 +19,13 @@
package org.wso2.carbon.apimgt.webapp.publisher.lifecycle.util;
import org.apache.catalina.core.StandardContext;
import org.apache.commons.lang.ArrayUtils;
import org.apache.commons.lang.StringUtils;
import org.apache.commons.logging.Log;
import org.apache.commons.logging.LogFactory;
import org.scannotation.AnnotationDB;
import org.scannotation.WarUrlFinder;
import org.wso2.carbon.apimgt.annotations.api.API;
import org.wso2.carbon.apimgt.annotations.api.Permission;
import org.wso2.carbon.apimgt.api.model.Scope;
import org.wso2.carbon.apimgt.webapp.publisher.APIPublisherUtil;
import org.wso2.carbon.apimgt.webapp.publisher.config.APIResource;
import org.wso2.carbon.apimgt.webapp.publisher.config.APIResourceConfiguration;
import org.wso2.carbon.apimgt.webapp.publisher.config.PermissionConfiguration;
import org.wso2.carbon.apimgt.webapp.publisher.config.PermissionManagementException;
import javax.servlet.ServletContext;
import javax.ws.rs.*;
@ -61,11 +54,9 @@ public class AnnotationProcessor {
private static final String WILD_CARD = "/*";
private static final String AUTH_TYPE = "Any";
private static final String PROTOCOL_HTTP = "http";
private static final String SERVER_HOST = "carbon.local.ip";
private static final String HTTP_PORT = "httpPort";
private static final String STRING_ARR = "string_arr";
private static final String STRING = "string";
Class<API> apiClazz;
private StandardContext context;
private Method[] pathClazzMethods;
@ -75,7 +66,6 @@ public class AnnotationProcessor {
public AnnotationProcessor(final StandardContext context) {
this.context = context;
servletContext = context.getServletContext();
classLoader = servletContext.getClassLoader();
}
@ -141,7 +131,7 @@ public class AnnotationProcessor {
pathClazzMethods = pathClazz.getMethods();
Annotation rootContectAnno = clazz.getAnnotation(pathClazz);
String subContext = "";
String subContext;
if (rootContectAnno != null) {
subContext = invokeMethod(pathClazzMethods[0], rootContectAnno, STRING);
if (subContext != null && !subContext.isEmpty()) {
@ -150,8 +140,6 @@ public class AnnotationProcessor {
} else {
rootContext = rootContext + "/" + subContext;
}
} else {
subContext = "";
}
if (log.isDebugEnabled()) {
log.debug("API Root Context = " + rootContext);
@ -166,7 +154,7 @@ public class AnnotationProcessor {
}
}
} catch (ClassNotFoundException e) {
log.error("Error when passing the api annotation for device type apis.");
log.error("Error when passing the api annotation for device type apis.", e);
}
return apiResourceConfig;
}
@ -251,15 +239,9 @@ public class AnnotationProcessor {
Annotation producesAnno = method.getAnnotation(producesClass);
resource.setProduces(invokeMethod(producesClassMethods[0], producesAnno, STRING_ARR));
}
if (annotations[i].annotationType().getName().equals(Permission.class.getName())) {
PermissionConfiguration permissionConf = this.getPermission(method);
if (permissionConf != null) {
Scope scope = new Scope();
scope.setKey(permissionConf.getScopeName());
scope.setDescription(permissionConf.getScopeName());
scope.setName(permissionConf.getScopeName());
String roles = StringUtils.join(permissionConf.getPermissions(), ",");
scope.setRoles(roles);
if (annotations[i].annotationType().getName().equals(org.wso2.carbon.apimgt.annotations.api.Scope.class.getName())) {
org.wso2.carbon.apimgt.api.model.Scope scope = this.getScope(method);
if (scope != null) {
resource.setScope(scope);
}
}
@ -357,35 +339,32 @@ public class AnnotationProcessor {
return ((String[]) methodHandler.invoke(annotation, method, null));
}
private PermissionConfiguration getPermission(Method currentMethod) throws Throwable {
Class<Permission> permissionClass = (Class<Permission>) classLoader.loadClass(Permission.class.getName());
Annotation permissionAnnotation = currentMethod.getAnnotation(permissionClass);
if (permissionClass != null) {
Method[] permissionClassMethods = permissionClass.getMethods();
PermissionConfiguration permissionConf = new PermissionConfiguration();
private org.wso2.carbon.apimgt.api.model.Scope getScope(Method currentMethod) throws Throwable {
Class<org.wso2.carbon.apimgt.annotations.api.Scope> scopeClass =
(Class<org.wso2.carbon.apimgt.annotations.api.Scope>) classLoader.
loadClass(org.wso2.carbon.apimgt.annotations.api.Scope.class.getName());
Annotation permissionAnnotation = currentMethod.getAnnotation(scopeClass);
if (scopeClass != null) {
Method[] permissionClassMethods = scopeClass.getMethods();
org.wso2.carbon.apimgt.api.model.Scope scope = new org.wso2.carbon.apimgt.api.model.Scope();
for (Method method : permissionClassMethods) {
switch (method.getName()) {
case "scope":
permissionConf.setScopeName(invokeMethod(method, permissionAnnotation, STRING));
case "key":
scope.setKey(invokeMethod(method, permissionAnnotation, STRING));
break;
case "permissions":
String permissions[] = invokeMethod(method, permissionAnnotation);
this.addPermission(permissions);
permissionConf.setPermissions(permissions);
case "name":
scope.setName(invokeMethod(method, permissionAnnotation, STRING));
break;
case "description":
scope.setDescription(invokeMethod(method, permissionAnnotation, STRING));
break;
}
}
return permissionConf;
return scope;
}
return null;
}
private void addPermission(String[] permissions) throws PermissionManagementException {
for (String permission : permissions) {
PermissionUtils.addPermission(permission);
}
}
/**
* Find the URL pointing to "/WEB-INF/classes" This method may not work in conjunction with IteratorFactory
* if your servlet container does not extract the /WEB-INF/classes into a real file-based directory

1
components/apimgt-extensions/org.wso2.carbon.apimgt.webapp.publisher/src/main/java/org/wso2/carbon/apimgt/webapp/publisher/lifecycle/util/ExtendedIteratorFactory.java
View File

@ -15,6 +15,7 @@
*/
package org.wso2.carbon.apimgt.webapp.publisher.lifecycle.util;
import org.scannotation.archiveiterator.DirectoryIteratorFactory;
import org.scannotation.archiveiterator.Filter;
import org.scannotation.archiveiterator.JarIterator;

91
components/apimgt-extensions/org.wso2.carbon.apimgt.webapp.publisher/src/main/java/org/wso2/carbon/apimgt/webapp/publisher/lifecycle/util/PermissionUtils.java
View File

@ -1,91 +0,0 @@
/*
* Copyright (c) 2015, WSO2 Inc. (http://www.wso2.org) All Rights Reserved.
*
* WSO2 Inc. licenses this file to you under the Apache License,
* Version 2.0 (the "License"); you may not use this file except
* in compliance with the License.
* you may obtain a copy of the License at
*
* http://www.apache.org/licenses/LICENSE-2.0
*
* Unless required by applicable law or agreed to in writing,
* software distributed under the License is distributed on an
* "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
* KIND, either express or implied. See the License for the
* specific language governing permissions and limitations
* under the License.
*/
package org.wso2.carbon.apimgt.webapp.publisher.lifecycle.util;
import org.wso2.carbon.apimgt.webapp.publisher.config.PermissionManagementException;
import org.wso2.carbon.apimgt.webapp.publisher.internal.APIPublisherDataHolder;
import org.wso2.carbon.context.PrivilegedCarbonContext;
import org.wso2.carbon.registry.api.RegistryException;
import org.wso2.carbon.registry.api.Resource;
import org.wso2.carbon.registry.core.Registry;
import java.util.StringTokenizer;
/**
* Utility class which holds necessary utility methods required for persisting permissions in
* registry.
*/
public class PermissionUtils {
public static final String ADMIN_PERMISSION_REGISTRY_PATH = "/permission/admin";
public static final String PERMISSION_PROPERTY_NAME = "name";
public static Registry getGovernanceRegistry() throws PermissionManagementException {
try {
int tenantId = PrivilegedCarbonContext.getThreadLocalCarbonContext().getTenantId();
return APIPublisherDataHolder.getInstance().getRegistryService()
.getGovernanceSystemRegistry(
tenantId);
} catch (RegistryException e) {
throw new PermissionManagementException(
"Error in retrieving governance registry instance: " +
e.getMessage(), e);
}
}
public static void addPermission(String permission) throws PermissionManagementException {
String resourcePermission = getAbsolutePermissionPath(permission);
try {
StringTokenizer tokenizer = new StringTokenizer(resourcePermission, "/");
String lastToken = "", currentToken, tempPath;
while (tokenizer.hasMoreTokens()) {
currentToken = tokenizer.nextToken();
tempPath = lastToken + "/" + currentToken;
if (!checkResourceExists(tempPath)) {
createRegistryCollection(tempPath, currentToken);
}
lastToken = tempPath;
}
} catch (RegistryException e) {
throw new PermissionManagementException("Error occurred while persisting permission : " +
resourcePermission, e);
}
}
public static void createRegistryCollection(String path, String resourceName)
throws PermissionManagementException,
RegistryException {
Resource resource = PermissionUtils.getGovernanceRegistry().newCollection();
resource.addProperty(PERMISSION_PROPERTY_NAME, resourceName);
PermissionUtils.getGovernanceRegistry().beginTransaction();
PermissionUtils.getGovernanceRegistry().put(path, resource);
PermissionUtils.getGovernanceRegistry().commitTransaction();
}
public static boolean checkResourceExists(String path)
throws PermissionManagementException,
org.wso2.carbon.registry.core.exceptions.RegistryException {
return PermissionUtils.getGovernanceRegistry().resourceExists(path);
}
private static String getAbsolutePermissionPath(String permissionPath) {
return PermissionUtils.ADMIN_PERMISSION_REGISTRY_PATH + permissionPath;
}
}

2
components/certificate-mgt/org.wso2.carbon.certificate.mgt.api/pom.xml
View File

@ -76,7 +76,7 @@
<tasks>
<copy todir="${basedir}/../../../repository/deployment/server/webapps" overwrite="true">
<fileset dir="${basedir}/target">
<include name="api#scep-mgt#v1.0.war" />
<include name="api-scep-mgt-v1.0.war"/>
</fileset>
</copy>
</tasks>

4
components/certificate-mgt/org.wso2.carbon.certificate.mgt.api/src/main/java/org/wso2/carbon/certificate/mgt/jaxrs/api/CertificateMgtService.java
View File

@ -4,7 +4,7 @@ import io.swagger.annotations.ApiOperation;
import io.swagger.annotations.ApiParam;
import io.swagger.annotations.ApiResponse;
import io.swagger.annotations.ApiResponses;
import org.wso2.carbon.apimgt.annotations.api.Permission;
import org.wso2.carbon.apimgt.annotations.api.Scope;
import org.wso2.carbon.certificate.mgt.jaxrs.beans.ErrorResponse;
import javax.ws.rs.*;
@ -46,7 +46,7 @@ public interface CertificateMgtService {
message = "Internal Server Error. \n Error occurred while retrieving signed certificate.",
response = ErrorResponse.class)
})
@Permission(scope = "sign-csr", permissions = {"/permission/admin/device-mgt/scep/sign-csr"})
@Scope(key = "certificate:sign-csr", name = "Sign CSR", description = "")
Response getSignedCertFromCSR(
@ApiParam(
name = "If-Modified-Since",

2
components/certificate-mgt/org.wso2.carbon.certificate.mgt.cert.admin.api/pom.xml
View File

@ -72,7 +72,7 @@
<tasks>
<copy todir="${basedir}/../../../repository/deployment/server/webapps" overwrite="true">
<fileset dir="${basedir}/target">
<include name="api#certificate-mgt#v1.0.war" />
<include name="api#certificate-mgt#v1.0.war"/>
</fileset>
</copy>
</tasks>

15
components/certificate-mgt/org.wso2.carbon.certificate.mgt.cert.admin.api/src/main/java/org/wso2/carbon/certificate/mgt/cert/jaxrs/api/CertificateManagementAdminService.java
View File

@ -1,7 +1,8 @@
package org.wso2.carbon.certificate.mgt.cert.jaxrs.api;
import io.swagger.annotations.*;
import org.wso2.carbon.apimgt.annotations.api.Permission;
import org.wso2.carbon.apimgt.annotations.api.API;
import org.wso2.carbon.apimgt.annotations.api.Scope;
import org.wso2.carbon.certificate.mgt.cert.jaxrs.api.beans.CertificateList;
import org.wso2.carbon.certificate.mgt.cert.jaxrs.api.beans.EnrollmentCertificate;
import org.wso2.carbon.certificate.mgt.cert.jaxrs.api.beans.ErrorResponse;
@ -11,6 +12,10 @@ import javax.ws.rs.*;
import javax.ws.rs.core.MediaType;
import javax.ws.rs.core.Response;
@API(name = "Certificate Management", version = "1.0.0",
context = "api/certificate-mgt/v1.0/admin/certificates",
tags = {"devicemgt_admin"})
@Api(value = "Certificate Management", description = "This API carries all certificate management related operations " +
"such as get all the available devices, etc.")
@Path("/admin/certificates")
@ -72,7 +77,7 @@ public interface CertificateManagementAdminService {
message = "Internal Server Error. \n Server error occurred while adding certificates.",
response = ErrorResponse.class)
})
@Permission(scope = "certificate-modify", permissions = {"/permission/admin/device-mgt/certificate/save"})
@Scope(key = "certificate:manage", name = "Add certificates", description = "")
Response addCertificate(
@ApiParam(
name = "enrollmentCertificates",
@ -130,7 +135,7 @@ public interface CertificateManagementAdminService {
"Server error occurred while retrieving information requested certificate.",
response = ErrorResponse.class)
})
@Permission(scope = "certificate-view", permissions = {"/permission/admin/device-mgt/certificate/view"})
@Scope(key = "certificate:view", name = "View certificates", description = "")
Response getCertificate(
@ApiParam(name = "serialNumber",
value = "Provide the serial number of the certificate that you wish to get the details of",
@ -202,7 +207,7 @@ public interface CertificateManagementAdminService {
"Server error occurred while retrieving all certificates enrolled in the system.",
response = ErrorResponse.class)
})
@Permission(scope = "certificate-view", permissions = {"/permission/admin/device-mgt/certificate/view"})
@Scope(key = "certificate:view", name = "View certificates", description = "")
Response getAllCertificates(
@ApiParam(
name = "offset",
@ -245,7 +250,7 @@ public interface CertificateManagementAdminService {
message = "Internal Server Error. \n " +
"Server error occurred while removing the certificate.",
response = ErrorResponse.class)})
@Permission(scope = "certificate-modify", permissions = {"/permission/admin/device-mgt/certificate/remove"})
@Scope(key = "certificate:manage", name = "Add certificates", description = "")
Response removeCertificate(
@ApiParam(
name = "serialNumber",

2
components/certificate-mgt/org.wso2.carbon.certificate.mgt.cert.admin.api/src/main/webapp/WEB-INF/cxf-servlet.xml
View File

@ -44,7 +44,7 @@
<property name="version" value="1.0.0"/>
<property name="host" value="localhost:9443"/>
<property name="schemes" value="https" />
<property name="basePath" value="/api/certificate-mgt/v1.0"/>
<property name="basePath" value="/api-certificate-mgt-v1.0"/>
<property name="title" value="Certificate Management Admin Service API Definitions"/>
<property name="contact" value="dev@wso2.org"/>
<property name="license" value="Apache 2.0"/>

4
components/device-mgt/org.wso2.carbon.device.mgt.api/pom.xml
View File

@ -110,14 +110,17 @@
<dependency>
<groupId>org.apache.cxf</groupId>
<artifactId>cxf-rt-frontend-jaxws</artifactId>
<scope>provided</scope>
</dependency>
<dependency>
<groupId>org.apache.cxf</groupId>
<artifactId>cxf-rt-frontend-jaxrs</artifactId>
<scope>provided</scope>
</dependency>
<dependency>
<groupId>org.apache.cxf</groupId>
<artifactId>cxf-rt-transports-http</artifactId>
<scope>provided</scope>
</dependency>
<dependency>
<groupId>junit</groupId>
@ -237,6 +240,7 @@
<dependency>
<groupId>org.wso2.carbon.devicemgt</groupId>
<artifactId>org.wso2.carbon.apimgt.annotations</artifactId>
<scope>provided</scope>
</dependency>
<dependency>
<groupId>org.wso2.carbon.devicemgt</groupId>

31
components/device-mgt/org.wso2.carbon.device.mgt.api/src/main/java/org/wso2/carbon/device/mgt/jaxrs/beans/RoleInfo.java
View File

@ -20,7 +20,8 @@ package org.wso2.carbon.device.mgt.jaxrs.beans;
import io.swagger.annotations.ApiModel;
import io.swagger.annotations.ApiModelProperty;
import org.wso2.carbon.user.mgt.common.UIPermissionNode;
import java.util.List;
@ApiModel(value = "RoleInfo", description = "Role details including permission and the users in the roles are " +
"wrapped here.")
@ -28,19 +29,12 @@ public class RoleInfo {
@ApiModelProperty(name = "roleName", value = "The name of the role.", required = true)
private String roleName;
@ApiModelProperty(name = "permissions", value = "Lists out all the permissions associated with roles.",
required = true, dataType = "List[java.lang.String]")
private String[] permissions;
@ApiModelProperty(name = "scopes", value = "Lists out all the scopes associated with roles.",
required = true, dataType = "List[org.wso2.carbon.device.mgt.jaxrs.beans.Scope]")
private List<Scope> scopes;
@ApiModelProperty(name = "users", value = "The list of users assigned to the selected role.",
required = true, dataType = "List[java.lang.String]")
private String[] users;
@ApiModelProperty(name = "permissionList", value = "This contain the following, " +
"\n resourcePath\tThe path related to the API.\n " +
"displayName\tThe name of the permission that is shown " +
"in the UI.\n" +
"nodeList\tLists out the nested permissions.",
required = true)
private UIPermissionNode permissionList;
public String getRoleName() {
return roleName;
@ -50,12 +44,12 @@ public class RoleInfo {
this.roleName = roleName;
}
public String[] getPermissions() {
return permissions;
public List<Scope> getScopes() {
return scopes;
}
public void setPermissions(String[] permissions) {
this.permissions = permissions;
public void setScopes(List<Scope> scopes) {
this.scopes = scopes;
}
public String[] getUsers() {
@ -66,11 +60,4 @@ public class RoleInfo {
this.users = users;
}
public UIPermissionNode getPermissionList() {
return permissionList;
}
public void setPermissionList(UIPermissionNode permissionList) {
this.permissionList = permissionList;
}
}

71
components/device-mgt/org.wso2.carbon.device.mgt.api/src/main/java/org/wso2/carbon/device/mgt/jaxrs/beans/Scope.java Normal file
View File

@ -0,0 +1,71 @@
/*
* Copyright (c) 2014, WSO2 Inc. (http://www.wso2.org) All Rights Reserved.
*
* Licensed under the Apache License, Version 2.0 (the "License");
* you may not use this file except in compliance with the License.
* You may obtain a copy of the License at
*
* http://www.apache.org/licenses/LICENSE-2.0
*
* Unless required by applicable law or agreed to in writing, software
* distributed under the License is distributed on an "AS IS" BASIS,
* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
* See the License for the specific language governing permissions and
* limitations under the License.
*/
package org.wso2.carbon.device.mgt.jaxrs.beans;
import io.swagger.annotations.ApiModel;
import io.swagger.annotations.ApiModelProperty;
@ApiModel(value = "Scope", description = "Template of the authorization scope")
public class Scope {
@ApiModelProperty(name = "scope key", value = "An unique string as a key.", required = true)
private String key;
@ApiModelProperty(name = "scope name", value = "Scope name.", required = true)
private String name;
@ApiModelProperty(name = "roles", value = "List of roles to be associated with the scope", required = true)
private String roles;
@ApiModelProperty(name = "scope description", value = "A description of the scope", required = true)
private String description;
public Scope() {
}
public String getKey() {
return this.key;
}
public void setKey(String key) {
this.key = key;
}
public String getName() {
return this.name;
}
public void setName(String name) {
this.name = name;
}
public String getRoles() {
return this.roles;
}
public void setRoles(String roles) {
this.roles = roles;
}
public String getDescription() {
return this.description;
}
public void setDescription(String description) {
this.description = description;
}
}

14
components/device-mgt/org.wso2.carbon.device.mgt.api/src/main/java/org/wso2/carbon/device/mgt/jaxrs/service/api/ActivityInfoProviderService.java
View File

@ -20,7 +20,7 @@ package org.wso2.carbon.device.mgt.jaxrs.service.api;
import io.swagger.annotations.*;
import org.wso2.carbon.apimgt.annotations.api.API;
import org.wso2.carbon.apimgt.annotations.api.Permission;
import org.wso2.carbon.apimgt.annotations.api.Scope;
import org.wso2.carbon.device.mgt.common.operation.mgt.Activity;
import org.wso2.carbon.device.mgt.jaxrs.beans.ActivityList;
import org.wso2.carbon.device.mgt.jaxrs.beans.ErrorResponse;
@ -33,7 +33,7 @@ import javax.ws.rs.core.Response;
/**
* Activity related REST-API implementation.
*/
@API(name = "Activities", version = "1.0.0", context = "/devicemgt_admin/activities", tags = {"devicemgt_admin"})
@API(name = "Activity Info Provider", version = "1.0.0", context = "/api/device-mgt/v1.0/activities", tags = {"devicemgt_admin"})
@Path("/activities")
@Api(value = "Activity Info Provider", description = "Activity related information manipulation. For example operation details " +
@ -92,10 +92,7 @@ public interface ActivityInfoProviderService {
message = "Internal Server Error. \n Server error occurred while fetching activity data.",
response = ErrorResponse.class)
})
@Permission(
scope = "activity-view",
permissions = {"/permission/admin/device-mgt/admin/activities/view"}
)
@Scope(key = "activity:view", name = "View Activities", description = "")
Response getActivity(
@ApiParam(
name = "id",
@ -156,10 +153,7 @@ public interface ActivityInfoProviderService {
message = "Internal Server Error. \n Server error occurred while fetching activity data.",
response = ErrorResponse.class)
})
@Permission(
scope = "activity-view",
permissions = {"/permission/admin/device-mgt/admin/activities/view"}
)
@Scope(key = "activity:view", name = "View Activities", description = "")
Response getActivities(
@ApiParam(
name = "since",

20
components/device-mgt/org.wso2.carbon.device.mgt.api/src/main/java/org/wso2/carbon/device/mgt/jaxrs/service/api/ConfigurationManagementService.java
View File

@ -20,7 +20,7 @@ package org.wso2.carbon.device.mgt.jaxrs.service.api;
import io.swagger.annotations.*;
import org.wso2.carbon.apimgt.annotations.api.API;
import org.wso2.carbon.apimgt.annotations.api.Permission;
import org.wso2.carbon.apimgt.annotations.api.Scope;
import org.wso2.carbon.device.mgt.common.configuration.mgt.PlatformConfiguration;
import org.wso2.carbon.device.mgt.jaxrs.beans.ErrorResponse;
@ -31,7 +31,7 @@ import javax.ws.rs.core.Response;
/**
* General Tenant Configuration REST-API.
*/
@API(name = "Configuration", version = "1.0.0", context = "/devicemgt_admin/configuration", tags = {"devicemgt_admin"})
@API(name = "Configuration Management", version = "1.0.0", context = "/api/device-mgt/v1.0/configuration", tags = {"devicemgt_admin"})
@Path("/configuration")
@Api(value = "Configuration Management", description = "General Tenant Configuration management capabilities are exposed " +
@ -80,12 +80,8 @@ public interface ConfigurationManagementService {
message = "Internal Server Error. \n Server error occurred while fetching the general " +
"platform configuration.",
response = ErrorResponse.class)
}
)
@Permission(
scope = "configuration-view",
permissions = {"/permission/admin/device-mgt/admin/platform-configs/view"}
)
})
@Scope(key = "configuration:view", name = "View Configurations", description = "")
Response getConfiguration(
@ApiParam(
name = "If-Modified-Since",
@ -130,12 +126,8 @@ public interface ConfigurationManagementService {
message = "Internal Server Error. \n " +
"Server error occurred while modifying general platform configuration.",
response = ErrorResponse.class)
}
)
@Permission(
scope = "configuration-modify",
permissions = {"/permission/admin/device-mgt/admin/platform-configs/modify"}
)
})
@Scope(key = "configuration:modify", name = "Modify Configurations", description = "")
Response updateConfiguration(
@ApiParam(
name = "configuration",

48
components/device-mgt/org.wso2.carbon.device.mgt.api/src/main/java/org/wso2/carbon/device/mgt/jaxrs/service/api/DeviceManagementService.java
View File

@ -20,7 +20,7 @@ package org.wso2.carbon.device.mgt.jaxrs.service.api;
import io.swagger.annotations.*;
import org.wso2.carbon.apimgt.annotations.api.API;
import org.wso2.carbon.apimgt.annotations.api.Permission;
import org.wso2.carbon.apimgt.annotations.api.Scope;
import org.wso2.carbon.device.mgt.common.Device;
import org.wso2.carbon.device.mgt.common.Feature;
import org.wso2.carbon.device.mgt.common.app.mgt.Application;
@ -39,7 +39,7 @@ import javax.ws.rs.core.Response;
/**
* Device related REST-API. This can be used to manipulated device related details.
*/
@API(name = "Device", version = "1.0.0", context = "/api/device-mgt/admin/devices", tags = {"devicemgt_admin"})
@API(name = "Device Management", version = "1.0.0", context = "/api/device-mgt/v1.0/devices", tags = {"devicemgt_admin"})
@Path("/devices")
@Api(value = "Device Management", description = "This API carries all device management related operations " +
@ -92,10 +92,7 @@ public interface DeviceManagementService {
message = "Internal Server Error. \n Server error occurred while fetching the device list.",
response = ErrorResponse.class)
})
@Permission(
scope = "device-list",
permissions = {"/permission/admin/device-mgt/admin/devices/list"}
)
@Scope(key = "device:view", name = "View Devices", description = "")
Response getDevices(
@ApiParam(
name = "name",
@ -210,13 +207,7 @@ public interface DeviceManagementService {
"Server error occurred while retrieving information requested device.",
response = ErrorResponse.class)
})
@Permission(
scope = "device-view",
permissions = {
"/permission/admin/device-mgt/admin/devices/view",
"/permission/admin/device-mgt/user/devices/view"
}
)
@Scope(key = "device:view", name = "View Devices", description = "")
Response getDevice(
@ApiParam(
name = "type",
@ -298,12 +289,7 @@ public interface DeviceManagementService {
"Server error occurred while retrieving feature list of the device.",
response = ErrorResponse.class)
})
@Permission(
scope = "device-search",
permissions = {"/permission/admin/device-mgt/admin/devices/view",
"/permission/admin/device-mgt/user/devices/view"
}
)
@Scope(key = "device:view", name = "View Devices", description = "")
Response getFeaturesOfDevice(
@ApiParam(
name = "type",
@ -379,10 +365,7 @@ public interface DeviceManagementService {
"Server error occurred while enrolling the device.",
response = ErrorResponse.class)
})
@Permission(
scope = "device-search",
permissions = {"/permission/admin/device-mgt/admin/devices/list"}
)
@Scope(key = "device:view", name = "View Devices", description = "")
Response searchDevices(
@ApiParam(
name = "offset",
@ -461,13 +444,8 @@ public interface DeviceManagementService {
"Server error occurred while retrieving installed application list of the device.",
response = ErrorResponse.class)
})
@Permission(
scope = "operation-view",
permissions = {
"/permission/admin/device-mgt/admin/devices/view",
"/permission/admin/device-mgt/user/devices/view"
}
)
@Scope(key = "device:view", name = "View Devices", description = "")
Response getInstalledApplications(
@ApiParam(
name = "type",
@ -563,13 +541,7 @@ public interface DeviceManagementService {
"Server error occurred while retrieving operation list scheduled for the device.",
response = ErrorResponse.class)
})
@Permission(
scope = "operation-view",
permissions = {
"/permission/admin/device-mgt/admin/devices/view",
"/permission/admin/device-mgt/user/devices/view"
}
)
@Scope(key = "device:view", name = "View Devices", description = "")
Response getDeviceOperations(
@ApiParam(
name = "type",
@ -667,6 +639,7 @@ public interface DeviceManagementService {
response = ErrorResponse.class)
}
)
@Scope(key = "device:view", name = "View Devices", description = "")
Response getEffectivePolicyOfDevice(
@ApiParam(
name = "type",
@ -718,6 +691,7 @@ public interface DeviceManagementService {
response = ErrorResponse.class)
}
)
@Scope(key = "device:view", name = "View Devices", description = "")
Response getComplianceDataOfDevice(
@ApiParam(
name = "type",

2
components/device-mgt/org.wso2.carbon.device.mgt.api/src/main/java/org/wso2/carbon/device/mgt/jaxrs/service/api/GroupManagementService.java
View File

@ -18,7 +18,7 @@
*/
package org.wso2.carbon.device.mgt.jaxrs.service.api;
import org.wso2.carbon.apimgt.annotations.api.Permission;
import org.wso2.carbon.apimgt.annotations.api.Scope;
import org.wso2.carbon.device.mgt.common.DeviceIdentifier;
import org.wso2.carbon.device.mgt.common.group.mgt.DeviceGroup;

19
components/device-mgt/org.wso2.carbon.device.mgt.api/src/main/java/org/wso2/carbon/device/mgt/jaxrs/service/api/NotificationManagementService.java
View File

@ -20,7 +20,7 @@ package org.wso2.carbon.device.mgt.jaxrs.service.api;
import io.swagger.annotations.*;
import org.wso2.carbon.apimgt.annotations.api.API;
import org.wso2.carbon.apimgt.annotations.api.Permission;
import org.wso2.carbon.apimgt.annotations.api.Scope;
import org.wso2.carbon.device.mgt.common.notification.mgt.Notification;
import org.wso2.carbon.device.mgt.jaxrs.NotificationList;
import org.wso2.carbon.device.mgt.jaxrs.beans.ErrorResponse;
@ -34,7 +34,7 @@ import javax.ws.rs.core.Response;
/**
* Notifications related REST-API.
*/
@API(name = "Device Notification Management API", version = "1.0.0", context = "/devicemgt_admin/notifications",
@API(name = "Device Notification Management", version = "1.0.0", context = "/api/device-mgt/v1.0/notifications",
tags = {"devicemgt_admin"})
@Api(value = "Device Notification Management", description = "Device notification related operations can be found here.")
@Path("/notifications")
@ -89,14 +89,8 @@ public interface NotificationManagementService {
message = "Internal Server Error. " +
"\n Server error occurred while fetching the notification list.",
response = ErrorResponse.class)
}
)
@Permission(
scope = "device-notification-view",
permissions = {
"/permission/admin/device-mgt/admin/notifications/view",
"/permission/admin/device-mgt/user/notifications/view" }
)
})
@Scope(key = "notification:view", name = "View and manage notifications", description = "")
Response getNotifications(
@ApiParam(
name = "status",
@ -148,10 +142,7 @@ public interface NotificationManagementService {
message = "Error occurred while updating notification status.")
}
)
@Permission(
scope = "",
permissions = { "" }
)
@Scope(key = "notification:view", name = "View and manage notifications", description = "")
Response updateNotificationStatus(
@ApiParam(
name = "id",

77
components/device-mgt/org.wso2.carbon.device.mgt.api/src/main/java/org/wso2/carbon/device/mgt/jaxrs/service/api/PolicyManagementService.java
View File

@ -19,7 +19,8 @@
package org.wso2.carbon.device.mgt.jaxrs.service.api;
import io.swagger.annotations.*;
import org.wso2.carbon.apimgt.annotations.api.Permission;
import org.wso2.carbon.apimgt.annotations.api.API;
import org.wso2.carbon.apimgt.annotations.api.Scope;
import org.wso2.carbon.device.mgt.jaxrs.beans.ErrorResponse;
import org.wso2.carbon.device.mgt.jaxrs.beans.PolicyWrapper;
import org.wso2.carbon.device.mgt.jaxrs.beans.PriorityUpdatedPolicyWrapper;
@ -35,6 +36,9 @@ import java.util.List;
* Policy related REST-API. This can be used to manipulated policies and associate them with devices, users, roles,
* groups.
*/
@API(name = "Device Policy Management", version = "1.0.0", context = "/api/device-mgt/v1.0/policies",
tags = {"devicemgt_admin"})
@Api(value = "Device Policy Management", description = "This API carries all the necessary functionalities " +
"around device policy management")
@Path("/policies")
@ -95,12 +99,8 @@ public interface PolicyManagementService {
message = "Internal Server Error. \n " +
"Server error occurred while adding a new policy.",
response = ErrorResponse.class)
}
)
@Permission(
scope = "policy-modify",
permissions = {"/permission/admin/device-mgt/admin/policies/add"}
)
})
@Scope(key = "policy:manage", name = "Add policies", description = "")
Response addPolicy(
@ApiParam(
name = "policy",
@ -153,12 +153,8 @@ public interface PolicyManagementService {
message = ("Internal Server Error. \n Server error occurred while fetching " +
"policies."),
response = ErrorResponse.class)
}
)
@Permission(
scope = "policy-view",
permissions = {"/permission/admin/device-mgt/admin/policies/list"}
)
})
@Scope(key = "policy:view", name = "Views policies", description = "")
Response getPolicies(
@ApiParam(
name = "If-Modified-Since",
@ -224,10 +220,7 @@ public interface PolicyManagementService {
"policy.",
response = ErrorResponse.class)
})
@Permission(
scope = "policy-view",
permissions = {"/permission/admin/device-mgt/admin/policies/list"}
)
@Scope(key = "policy:view", name = "View policies", description = "")
Response getPolicy(
@ApiParam(
name = "id",
@ -290,12 +283,8 @@ public interface PolicyManagementService {
message = "Internal Server Error. \n " +
"Server error occurred while updating the policy.",
response = ErrorResponse.class)
}
)
@Permission(
scope = "policy-modify",
permissions = {"/permission/admin/device-mgt/admin/policies/update"}
)
})
@Scope(key = "policy:manage", name = "Add policies", description = "")
Response updatePolicy(
@ApiParam(
name = "id",
@ -340,12 +329,8 @@ public interface PolicyManagementService {
message = "Internal Server Error. \n " +
"Server error occurred while bulk removing policies.",
response = ErrorResponse.class)
}
)
@Permission(
scope = "policy-modify",
permissions = {"/permission/admin/device-mgt/admin/policies/remove"}
)
})
@Scope(key = "policy:manage", name = "Add policies", description = "")
Response removePolicies(
@ApiParam(
name = "policyIds",
@ -380,13 +365,8 @@ public interface PolicyManagementService {
code = 500,
message = "ErrorResponse in activating policies.",
response = ErrorResponse.class)
}
)
@Permission(
scope = "policy-modify", permissions = {
"/permission/admin/device-mgt/admin/policies/update",
"/permission/admin/device-mgt/admin/policies/add"}
)
})
@Scope(key = "policy:manage", name = "Add policies", description = "")
Response activatePolicies(
@ApiParam(
name = "policyIds",
@ -421,14 +401,8 @@ public interface PolicyManagementService {
code = 500,
message = "ErrorResponse in deactivating policies.",
response = ErrorResponse.class)
}
)
@Permission(
scope = "policy-modify",
permissions = {
"/permission/admin/device-mgt/admin/policies/update",
"/permission/admin/device-mgt/admin/policies/add"}
)
})
@Scope(key = "policy:manage", name = "Add policies", description = "")
Response deactivatePolicies(
@ApiParam(
name = "policyIds",
@ -460,12 +434,8 @@ public interface PolicyManagementService {
code = 500,
message = "ErrorResponse in deactivating policies.",
response = ErrorResponse.class)
}
)
@Permission(
scope = "policy-modify",
permissions = {"/permission/admin/device-mgt/admin/policies/update"}
)
})
@Scope(key = "policy:manage", name = "Add policies", description = "")
Response applyChanges();
@ -493,11 +463,8 @@ public interface PolicyManagementService {
code = 500,
message = "Exception in updating policy priorities.",
response = ErrorResponse.class)
}
)
@Permission(
scope = "",
permissions = {})
})
@Scope(key = "policy:manage", name = "Add policies", description = "")
Response updatePolicyPriorities(
@ApiParam(
name = "priorityUpdatedPolicies",

99
components/device-mgt/org.wso2.carbon.device.mgt.api/src/main/java/org/wso2/carbon/device/mgt/jaxrs/service/api/RoleManagementService.java
View File

@ -20,18 +20,17 @@ package org.wso2.carbon.device.mgt.jaxrs.service.api;
import io.swagger.annotations.*;
import org.wso2.carbon.apimgt.annotations.api.API;
import org.wso2.carbon.apimgt.annotations.api.Permission;
import org.wso2.carbon.device.mgt.jaxrs.beans.ErrorResponse;
import org.wso2.carbon.device.mgt.jaxrs.beans.RoleInfo;
import org.wso2.carbon.device.mgt.jaxrs.beans.RoleList;
import org.wso2.carbon.user.mgt.common.UIPermissionNode;
import org.wso2.carbon.device.mgt.jaxrs.beans.Scope;
import javax.ws.rs.*;
import javax.ws.rs.core.MediaType;
import javax.ws.rs.core.Response;
import java.util.List;
@API(name = "Role", version = "1.0.0", context = "/devicemgt_admin/roles", tags = {"devicemgt_admin"})
@API(name = "Role Management", version = "1.0.0", context = "/api/device-mgt/v1.0/roles", tags = {"devicemgt_admin"})
@Path("/roles")
@Api(value = "Role Management", description = "Role management related operations can be found here.")
@ -77,11 +76,7 @@ public interface RoleManagementService {
message = "Internal Server Error. \n Server error occurred while fetching requested list of roles.",
response = ErrorResponse.class)
})
@Permission(scope = "roles-view", permissions = {
"/permission/admin/device-mgt/admin/roles/list",
"/permission/admin/device-mgt/admin/users/view",
"/permission/admin/device-mgt/admin/policies/add",
"/permission/admin/device-mgt/admin/policies/update"})
@org.wso2.carbon.apimgt.annotations.api.Scope(key = "role:view", name = "View roles", description = "")
Response getRoles(
@ApiParam(
name = "filter",
@ -110,16 +105,16 @@ public interface RoleManagementService {
@QueryParam("limit") int limit);
@GET
@Path("/{roleName}/permissions")
@Path("/scopes")
@ApiOperation(
produces = MediaType.APPLICATION_JSON,
httpMethod = "GET",
value = "Getting permission details of a role.",
value = "Getting authorization scopes.",
notes = "In an organization an individual is associated a with set of responsibilities based on their " +
"role. In EMM you are able to configure permissions based on the responsibilities carried " +
"out by a role. Therefore if you wish to retrieve the permission details of a role, you can do " +
"role. In EMM you are able to configure scopes based on the responsibilities carried " +
"out by a role. Therefore if you wish to retrieve the scopes details of roles, you can do " +
"so using this REST API.",
response = UIPermissionNode.class,
response = List.class,
responseContainer = "List",
tags = "Role Management"
)
@ -127,8 +122,8 @@ public interface RoleManagementService {
value = {
@ApiResponse(
code = 200,
message = "OK. \n Successfully fetched the permission list of the given role.",
response = UIPermissionNode.class,
message = "OK. \n Successfully fetched the scopes list.",
response = List.class,
responseContainer = "List",
responseHeaders = {
@ResponseHeader(
@ -163,19 +158,63 @@ public interface RoleManagementService {
message = "Internal Server ErrorResponse. \n Server error occurred while fetching the permission list of the requested role.",
response = ErrorResponse.class)
})
@Permission(scope = "roles-view", permissions = {"/permission/admin/device-mgt/admin/roles/list"})
Response getPermissionsOfRole(
@ApiParam(
name = "roleName",
value = "Name of the role.",
required = true)
@PathParam("roleName") String roleName,
@org.wso2.carbon.apimgt.annotations.api.Scope(key = "role:view", name = "View roles", description = "")
Response getScopes(
@ApiParam(
name = "If-Modified-Since",
value = "Validates if the requested variant has not been modified since the time specified",
required = false)
@HeaderParam("If-Modified-Since") String ifModifiedSince);
@PUT
@Path("/scopes")
@ApiOperation(
produces = MediaType.APPLICATION_JSON,
httpMethod = "PUT",
value = "Updating authorization scopes.",
notes = "This REST API can be used to update the associated roles of the scopes",
tags = "Role Management"
)
@ApiResponses(value = {
@ApiResponse(
code = 200,
message = "OK. \n Scopes has been updated successfully",
responseHeaders = {
@ResponseHeader(
name = "Content-Type",
description = "Content type of the body"),
@ResponseHeader(
name = "ETag",
description = "Entity Tag of the response resource.\n" +
"Used by caches, or in conditional requests."),
@ResponseHeader(
name = "Last-Modified",
description = "Date and time the resource has been modified the last time.\n" +
"Used by caches, or in conditional requests.")}),
@ApiResponse(
code = 400,
message = "Bad Request. \n Invalid request or validation error.",
response = ErrorResponse.class),
@ApiResponse(
code = 404,
message = "Not Found. \n Scopes to be updated does not exist.",
response = ErrorResponse.class),
@ApiResponse(
code = 415,
message = "Unsupported media type. \n The entity of the request was in a not supported format.",
response = ErrorResponse.class),
@ApiResponse(
code = 500,
message = "Internal Server Error. \n Server error occurred while updating the scopes.",
response = ErrorResponse.class)
})
@org.wso2.carbon.apimgt.annotations.api.Scope(key = "role:manage", name = "Add roles", description = "")
Response updateScopes(
@ApiParam(
name = "Scopes",
value = "List of scopes to be updated",
required = true) List<Scope> scopes);
@GET
@Path("/{roleName}")
@ApiOperation(
@ -226,7 +265,7 @@ public interface RoleManagementService {
"requested role.",
response = ErrorResponse.class)
})
@Permission(scope = "roles-view", permissions = {"/permission/admin/device-mgt/admin/roles/list"})
@org.wso2.carbon.apimgt.annotations.api.Scope(key = "role:view", name = "View roles", description = "")
Response getRole(
@ApiParam(
name = "roleName",
@ -286,7 +325,7 @@ public interface RoleManagementService {
message = "Internal Server Error. \n Server error occurred while adding a new role.",
response = ErrorResponse.class)
})
@Permission(scope = "roles-modify", permissions = {"/permission/admin/device-mgt/admin/roles/add"})
@org.wso2.carbon.apimgt.annotations.api.Scope(key = "role:manage", name = "Add roles", description = "")
Response addRole(
@ApiParam(
name = "role",
@ -336,7 +375,7 @@ public interface RoleManagementService {
message = "Internal Server Error. \n Server error occurred while updating the role.",
response = ErrorResponse.class)
})
@Permission(scope = "roles-modify", permissions = {"/permission/admin/device-mgt/admin/roles/update"})
@org.wso2.carbon.apimgt.annotations.api.Scope(key = "role:manage", name = "Add roles", description = "")
Response updateRole(
@ApiParam(
name = "roleName",
@ -373,13 +412,17 @@ public interface RoleManagementService {
message = "Internal Server Error. \n Server error occurred while removing the role.",
response = ErrorResponse.class)
})
@Permission(scope = "roles-modify", permissions = {"/permission/admin/device-mgt/admin/roles/remove"})
@org.wso2.carbon.apimgt.annotations.api.Scope(key = "role:manage", name = "Add roles", description = "")
Response deleteRole(
@ApiParam(
name = "roleName",
value = "Name of the role to de deleted.",
required = true)
@PathParam("roleName") String roleName);
@PathParam("roleName") String roleName,
@ApiParam(
name = "role",
value = "Details about the role to be added.",
required = true) RoleInfo role);
@PUT
@Path("/{roleName}/users")
@ -431,7 +474,7 @@ public interface RoleManagementService {
"Server error occurred while updating the user list of the role.",
response = ErrorResponse.class)
})
@Permission(scope = "roles-modify", permissions = {"/permission/admin/device-mgt/admin/roles/update"})
@org.wso2.carbon.apimgt.annotations.api.Scope(key = "role:manage", name = "Add roles", description = "")
Response updateUsersOfRole(
@ApiParam(
name = "roleName",

22
components/device-mgt/org.wso2.carbon.device.mgt.api/src/main/java/org/wso2/carbon/device/mgt/jaxrs/service/api/UserManagementService.java
View File

@ -20,7 +20,7 @@ package org.wso2.carbon.device.mgt.jaxrs.service.api;
import io.swagger.annotations.*;
import org.wso2.carbon.apimgt.annotations.api.API;
import org.wso2.carbon.apimgt.annotations.api.Permission;
import org.wso2.carbon.apimgt.annotations.api.Scope;
import org.wso2.carbon.device.mgt.jaxrs.beans.*;
import javax.ws.rs.*;
@ -29,7 +29,7 @@ import javax.ws.rs.core.Response;
import java.util.List;
@API(name = "User Management API", version = "1.0.0", context = "/devicemgt_admin/users", tags = {"devicemgt_admin"})
@API(name = "User Management", version = "1.0.0", context = "/api/device-mgt/v1.0/users", tags = {"devicemgt_admin"})
@Path("/users")
@Api(value = "User Management", description = "User management related operations can be found here.")
@ -83,7 +83,7 @@ public interface UserManagementService {
message = "Internal Server Error. \n Server error occurred while adding a new user.",
response = ErrorResponse.class)
})
@Permission(scope = "user-modify", permissions = {"/permission/admin/device-mgt/admin/user/add"})
@Scope(key = "user:manage", name = "Add users", description = "")
Response addUser(
@ApiParam(
name = "user",
@ -135,7 +135,7 @@ public interface UserManagementService {
" fetching the requested user.",
response = ErrorResponse.class)
})
@Permission(scope = "user-view", permissions = {"/permission/admin/device-mgt/admin/user/view"})
@Scope(key = "user:view", name = "View users", description = "")
Response getUser(
@ApiParam(
name = "username",
@ -192,7 +192,7 @@ public interface UserManagementService {
"Server error occurred while updating the user.",
response = ErrorResponse.class)
})
@Permission(scope = "user-modify", permissions = {"/permission/admin/device-mgt/admin/user/update"})
@Scope(key = "user:manage", name = "Add users", description = "")
Response updateUser(
@ApiParam(
name = "username",
@ -227,7 +227,7 @@ public interface UserManagementService {
response = ErrorResponse.class
)
})
@Permission(scope = "user-modify", permissions = {"/permission/admin/device-mgt/admin/user/remove"})
@Scope(key = "user:manage", name = "Add users", description = "")
Response removeUser(
@ApiParam(name = "username", value = "Username of the user to be deleted.", required = true)
@PathParam("username") String username);
@ -276,7 +276,7 @@ public interface UserManagementService {
" assigned to the user.",
response = ErrorResponse.class)
})
@Permission(scope = "user-view", permissions = {"/permission/admin/device-mgt/admin/user/view"})
@Scope(key = "user:view", name = "View users", description = "")
Response getRolesOfUser(
@ApiParam(name = "username", value = "Username of the user.", required = true)
@PathParam("username") String username);
@ -319,7 +319,7 @@ public interface UserManagementService {
message = "Internal Server Error. \n Server error occurred while fetching the user list.",
response = ErrorResponse.class)
})
@Permission(scope = "user-view", permissions = {"/permission/admin/device-mgt/admin/user/list"})
@Scope(key = "user:view", name = "View users", description = "")
Response getUsers(
@ApiParam(
name = "filter",
@ -386,7 +386,7 @@ public interface UserManagementService {
"list that matches the given filter.",
response = ErrorResponse.class)
})
@Permission(scope = "user-view", permissions = {"/permission/admin/device-mgt/admin/user/list"})
@Scope(key = "user:view", name = "View users", description = "")
Response getUserNames(
@ApiParam(
name = "filter",
@ -440,7 +440,7 @@ public interface UserManagementService {
"Server error occurred while updating credentials of the user.",
response = ErrorResponse.class)
})
@Permission(scope = "user-modify", permissions = {"/permission/admin/login"})
@Scope(key = "user:view", name = "View users", description = "")
Response resetPassword(
@ApiParam(
name = "username",
@ -483,7 +483,7 @@ public interface UserManagementService {
"Server error occurred while updating credentials of the user.",
response = ErrorResponse.class)
})
@Permission(scope = "user-invite", permissions = {"/permission/admin/device-mgt/admin/user/invite"})
@Scope(key = "user:manage", name = "Add users", description = "")
Response inviteExistingUsersToEnrollDevice(
@ApiParam(
name = "users",

5
components/device-mgt/org.wso2.carbon.device.mgt.api/src/main/java/org/wso2/carbon/device/mgt/jaxrs/service/api/admin/ApplicationManagementAdminService.java
View File

@ -20,6 +20,7 @@ package org.wso2.carbon.device.mgt.jaxrs.service.api.admin;
import io.swagger.annotations.*;
import org.wso2.carbon.apimgt.annotations.api.API;
import org.wso2.carbon.apimgt.annotations.api.Scope;
import org.wso2.carbon.device.mgt.common.operation.mgt.Activity;
import org.wso2.carbon.device.mgt.jaxrs.beans.ApplicationWrapper;
import org.wso2.carbon.device.mgt.jaxrs.beans.ErrorResponse;
@ -31,7 +32,7 @@ import javax.ws.rs.Produces;
import javax.ws.rs.core.MediaType;
import javax.ws.rs.core.Response;
@API(name = "Application", version = "1.0.0", context = "/devicemgt_admin/applications", tags = {"devicemgt_admin"})
@API(name = "Application Management Admin", version = "1.0.0", context = "/api/device-mgt/v1.0/admin/applications", tags = {"devicemgt_admin"})
@Path("/admin/applications")
@Api(value = "Application Management Administrative Service", description = "This an API intended to be used by " +
@ -73,6 +74,7 @@ public interface ApplicationManagementAdminService {
"a given set of devices.",
response = ErrorResponse.class)
})
@Scope(key = "application:manage", name = "Install/Uninstall applications", description = "")
Response installApplication(
@ApiParam(
name = "applicationWrapper",
@ -111,6 +113,7 @@ public interface ApplicationManagementAdminService {
"a given set of devices.",
response = ErrorResponse.class)
})
@Scope(key = "application:manage", name = "Install/Uninstall applications", description = "")
Response uninstallApplication(
@ApiParam(
name = "applicationWrapper",

4
components/device-mgt/org.wso2.carbon.device.mgt.api/src/main/java/org/wso2/carbon/device/mgt/jaxrs/service/api/admin/DeviceManagementAdminService.java
View File

@ -20,6 +20,7 @@ package org.wso2.carbon.device.mgt.jaxrs.service.api.admin;
import io.swagger.annotations.*;
import org.wso2.carbon.apimgt.annotations.api.API;
import org.wso2.carbon.apimgt.annotations.api.Scope;
import org.wso2.carbon.device.mgt.common.Device;
import org.wso2.carbon.device.mgt.jaxrs.beans.ErrorResponse;
@ -28,7 +29,7 @@ import javax.ws.rs.*;
import javax.ws.rs.core.MediaType;
import javax.ws.rs.core.Response;
@API(name = "DeviceManagementAdmin", version = "1.0.0", context = "/devicemgt_admin/applications",
@API(name = "Device Management Admin", version = "1.0.0", context = "/api/device-mgt/v1.0/admin/devices",
tags = {"devicemgt_admin"})
@Path("/admin/devices")
@Api(value = "Device Management Administrative Service", description = "This an API intended to be used by " +
@ -84,6 +85,7 @@ public interface DeviceManagementAdminService {
message = "Internal Server Error. \n Server error occurred while fetching the device list.",
response = ErrorResponse.class)
})
@Scope(key = "device:admin:view", name = "View Devices", description = "")
Response getDevicesByName(
@ApiParam(
name = "name",

9
components/device-mgt/org.wso2.carbon.device.mgt.api/src/main/java/org/wso2/carbon/device/mgt/jaxrs/service/api/admin/DeviceTypeManagementService.java
View File

@ -20,7 +20,7 @@ package org.wso2.carbon.device.mgt.jaxrs.service.api.admin;
import io.swagger.annotations.*;
import org.wso2.carbon.apimgt.annotations.api.API;
import org.wso2.carbon.apimgt.annotations.api.Permission;
import org.wso2.carbon.apimgt.annotations.api.Scope;
import org.wso2.carbon.device.mgt.jaxrs.beans.DeviceTypeList;
import org.wso2.carbon.device.mgt.jaxrs.beans.ErrorResponse;
@ -28,7 +28,7 @@ import javax.ws.rs.*;
import javax.ws.rs.core.MediaType;
import javax.ws.rs.core.Response;
@API(name = "Device Type Management", version = "1.0.0", context = "/admin/device-types", tags = {"devicemgt_admin"})
@API(name = "Device Type Management", version = "1.0.0", context = "/api/device-mgt/v1.0/admin/device-types", tags = {"devicemgt_admin"})
@Path("/admin/device-types")
@Api(value = "Device Type Management", description = "This API corresponds to all tasks related to device " +
@ -78,10 +78,7 @@ public interface DeviceTypeManagementService {
response = ErrorResponse.class)
}
)
@Permission(
scope = "read:device-types",
permissions = {"/permission/admin/device-mgt/admin/device-types/view"}
)
@Scope(key = "device-type:admin:view", name = "View device types", description = "")
Response getDeviceTypes(
@ApiParam(
name = "If-Modified-Since",

2
components/device-mgt/org.wso2.carbon.device.mgt.api/src/main/java/org/wso2/carbon/device/mgt/jaxrs/service/api/admin/GroupManagementAdminService.java
View File

@ -19,7 +19,7 @@
package org.wso2.carbon.device.mgt.jaxrs.service.api.admin;
import io.swagger.annotations.*;
import org.wso2.carbon.apimgt.annotations.api.Permission;
import org.wso2.carbon.apimgt.annotations.api.Scope;
import org.wso2.carbon.policy.mgt.common.DeviceGroupWrapper;
import javax.ws.rs.*;

7
components/device-mgt/org.wso2.carbon.device.mgt.api/src/main/java/org/wso2/carbon/device/mgt/jaxrs/service/api/admin/UserManagementAdminService.java
View File

@ -19,7 +19,8 @@
package org.wso2.carbon.device.mgt.jaxrs.service.api.admin;
import io.swagger.annotations.*;
import org.wso2.carbon.apimgt.annotations.api.Permission;
import org.wso2.carbon.apimgt.annotations.api.API;
import org.wso2.carbon.apimgt.annotations.api.Scope;
import org.wso2.carbon.device.mgt.jaxrs.beans.ErrorResponse;
import org.wso2.carbon.device.mgt.jaxrs.beans.PasswordResetWrapper;
@ -28,6 +29,8 @@ import javax.ws.rs.*;
import javax.ws.rs.core.MediaType;
import javax.ws.rs.core.Response;
@API(name = "User Management Admin", version = "1.0.0", context = "/api/device-mgt/v1.0/admin/users", tags = {"devicemgt_admin"})
@Path("/admin/users")
@Produces(MediaType.APPLICATION_JSON)
@Consumes(MediaType.APPLICATION_JSON)
@ -65,7 +68,7 @@ public interface UserManagementAdminService {
"Server error occurred while updating credentials of the user.",
response = ErrorResponse.class)
})
@Permission(scope = "user-modify", permissions = {"/permission/admin/login"})
@Scope(key = "user:admin:reset-password", name = "View users", description = "")
Response resetUserPassword(
@ApiParam(
name = "username",

156
components/device-mgt/org.wso2.carbon.device.mgt.api/src/main/java/org/wso2/carbon/device/mgt/jaxrs/service/impl/RoleManagementServiceImpl.java
View File

@ -20,21 +20,23 @@ package org.wso2.carbon.device.mgt.jaxrs.service.impl;
import org.apache.commons.logging.Log;
import org.apache.commons.logging.LogFactory;
import org.wso2.carbon.CarbonConstants;
import org.wso2.carbon.base.MultitenantConstants;
import org.wso2.carbon.device.mgt.common.scope.mgt.ScopeManagementException;
import org.wso2.carbon.device.mgt.common.scope.mgt.ScopeManagementService;
import org.wso2.carbon.device.mgt.jaxrs.beans.ErrorResponse;
import org.wso2.carbon.device.mgt.jaxrs.beans.RoleInfo;
import org.wso2.carbon.device.mgt.jaxrs.beans.RoleList;
import org.wso2.carbon.device.mgt.jaxrs.beans.Scope;
import org.wso2.carbon.device.mgt.jaxrs.service.api.RoleManagementService;
import org.wso2.carbon.device.mgt.jaxrs.service.impl.util.FilteringUtil;
import org.wso2.carbon.device.mgt.jaxrs.service.impl.util.RequestValidationUtil;
import org.wso2.carbon.device.mgt.jaxrs.util.DeviceMgtAPIUtils;
import org.wso2.carbon.device.mgt.jaxrs.util.DeviceMgtUtil;
import org.wso2.carbon.device.mgt.jaxrs.util.SetReferenceTransformer;
import org.wso2.carbon.user.api.*;
import org.wso2.carbon.user.api.AuthorizationManager;
import org.wso2.carbon.user.api.UserRealm;
import org.wso2.carbon.user.api.UserStoreException;
import org.wso2.carbon.user.api.UserStoreManager;
import org.wso2.carbon.user.core.common.AbstractUserStoreManager;
import org.wso2.carbon.user.mgt.UserRealmProxy;
import org.wso2.carbon.user.mgt.common.UIPermissionNode;
import org.wso2.carbon.user.mgt.common.UserAdminException;
import javax.ws.rs.*;
import javax.ws.rs.core.MediaType;
@ -88,64 +90,47 @@ public class RoleManagementServiceImpl implements RoleManagementService {
}
@GET
@Path("/{roleName}/permissions")
@Path("/scopes")
@Override
public Response getPermissionsOfRole(
@PathParam("roleName") String roleName,
public Response getScopes(
@HeaderParam("If-Modified-Since") String ifModifiedSince) {
RequestValidationUtil.validateRoleName(roleName);
try {
final UserRealm userRealm = DeviceMgtAPIUtils.getUserRealm();
if (!userRealm.getUserStoreManager().isExistingRole(roleName)) {
return Response.status(Response.Status.NOT_FOUND).entity(new ErrorResponse.ErrorResponseBuilder().setMessage(
"No role exists with the name '" + roleName + "'").build()).build();
}
final UIPermissionNode rolePermissions = this.getUIPermissionNode(roleName, userRealm);
if (rolePermissions == null) {
if (log.isDebugEnabled()) {
log.debug("No permissions found for the role '" + roleName + "'");
}
List<Scope> scopes = new ArrayList<>();
try {
ScopeManagementService scopeManagementService = DeviceMgtAPIUtils.getScopeManagementService();
if (scopeManagementService == null) {
log.error("Scope management service initialization is failed, hence scopes will not be retrieved");
} else {
scopes = DeviceMgtUtil.convertAPIScopestoScopes(scopeManagementService.getAllScopes());
}
return Response.status(Response.Status.OK).entity(rolePermissions).build();
} catch (UserAdminException e) {
String msg = "Error occurred while retrieving the permissions of role '" + roleName + "'";
log.error(msg, e);
return Response.serverError().entity(
new ErrorResponse.ErrorResponseBuilder().setMessage(msg).build()).build();
} catch (UserStoreException e) {
String msg = "Error occurred while retrieving the underlying user realm attached to the " +
"current logged in user";
return Response.status(Response.Status.OK).entity(scopes).build();
} catch (ScopeManagementException e) {
String msg = "Error occurred while retrieving the scopes";
log.error(msg, e);
return Response.serverError().entity(
new ErrorResponse.ErrorResponseBuilder().setMessage(msg).build()).build();
}
}
private UIPermissionNode getUIPermissionNode(String roleName, UserRealm userRealm)
throws UserAdminException {
org.wso2.carbon.user.core.UserRealm userRealmCore = null;
if (userRealm instanceof org.wso2.carbon.user.core.UserRealm) {
userRealmCore = (org.wso2.carbon.user.core.UserRealm) userRealm;
}
final UserRealmProxy userRealmProxy = new UserRealmProxy(userRealmCore);
final UIPermissionNode rolePermissions =
userRealmProxy.getRolePermissions(roleName, MultitenantConstants.SUPER_TENANT_ID);
UIPermissionNode[] deviceMgtPermissions = new UIPermissionNode[2];
for (UIPermissionNode permissionNode : rolePermissions.getNodeList()) {
if ("/permission/admin".equals(permissionNode.getResourcePath())) {
for (UIPermissionNode node : permissionNode.getNodeList()) {
if ("/permission/admin/device-mgt".equals(node.getResourcePath())) {
deviceMgtPermissions[0] = node;
} else if ("/permission/admin/login".equals(node.getResourcePath())) {
deviceMgtPermissions[1] = node;
}
}
@PUT
@Path("/scopes")
@Override
public Response updateScopes(List<Scope> scopes) {
RequestValidationUtil.validateScopes(scopes);
try {
ScopeManagementService scopeManagementService = DeviceMgtAPIUtils.getScopeManagementService();
if (scopeManagementService == null) {
log.error("Scope management service initialization is failed, hence scopes will not be retrieved");
} else {
scopeManagementService.updateScopes(DeviceMgtUtil.convertScopestoAPIScopes(scopes));
}
return Response.status(Response.Status.OK).entity("Scopes has been successfully updated").build();
} catch (ScopeManagementException e) {
String msg = "Error occurred while updating the scopes";
log.error(msg, e);
return Response.serverError().entity(
new ErrorResponse.ErrorResponseBuilder().setMessage(msg).build()).build();
}
rolePermissions.setNodeList(deviceMgtPermissions);
return rolePermissions;
}
@GET
@ -160,7 +145,6 @@ public class RoleManagementServiceImpl implements RoleManagementService {
RoleInfo roleInfo = new RoleInfo();
try {
final UserStoreManager userStoreManager = DeviceMgtAPIUtils.getUserStoreManager();
final UserRealm userRealm = DeviceMgtAPIUtils.getUserRealm();
if (!userStoreManager.isExistingRole(roleName)) {
return Response.status(Response.Status.NOT_FOUND).entity(
new ErrorResponse.ErrorResponseBuilder().setMessage("No role exists with the name '" +
@ -168,16 +152,9 @@ public class RoleManagementServiceImpl implements RoleManagementService {
}
roleInfo.setRoleName(roleName);
roleInfo.setUsers(userStoreManager.getUserListOfRole(roleName));
// Get the permission nodes and hand picking only device management and login perms
final UIPermissionNode rolePermissions = this.getUIPermissionNode(roleName, userRealm);
List<String> permList = new ArrayList<>();
this.iteratePermissions(rolePermissions, permList);
roleInfo.setPermissionList(rolePermissions);
String[] permListAr = new String[permList.size()];
roleInfo.setPermissions(permList.toArray(permListAr));
return Response.status(Response.Status.OK).entity(roleInfo).build();
} catch (UserStoreException | UserAdminException e) {
} catch (UserStoreException e) {
String msg = "Error occurred while retrieving the user role '" + roleName + "'";
log.error(msg, e);
return Response.serverError().entity(
@ -185,35 +162,18 @@ public class RoleManagementServiceImpl implements RoleManagementService {
}
}
private List<String> iteratePermissions(UIPermissionNode uiPermissionNode, List<String> list) {
for (UIPermissionNode permissionNode : uiPermissionNode.getNodeList()) {
list.add(permissionNode.getResourcePath());
if (permissionNode.getNodeList() != null && permissionNode.getNodeList().length > 0) {
iteratePermissions(permissionNode, list);
}
}
return list;
}
@POST
@Override
public Response addRole(RoleInfo roleInfo) {
RequestValidationUtil.validateRoleDetails(roleInfo);
RequestValidationUtil.validateRoleName(roleInfo.getRoleName());
try {
UserStoreManager userStoreManager = DeviceMgtAPIUtils.getUserStoreManager();
if (log.isDebugEnabled()) {
log.debug("Persisting the role in the underlying user store");
}
Permission[] permissions = null;
if (roleInfo.getPermissions() != null && roleInfo.getPermissions().length > 0) {
permissions = new Permission[roleInfo.getPermissions().length];
for (int i = 0; i < permissions.length; i++) {
String permission = roleInfo.getPermissions()[i];
permissions[i] = new Permission(permission, CarbonConstants.UI_PERMISSION_ACTION);
}
}
userStoreManager.addRole(roleInfo.getRoleName(), roleInfo.getUsers(), permissions);
userStoreManager.addRole(roleInfo.getRoleName(), roleInfo.getUsers(), null);
//TODO fix what's returned in the entity
return Response.created(new URI(API_BASE_PATH + "/" + roleInfo.getRoleName())).entity(
@ -269,14 +229,12 @@ public class RoleManagementServiceImpl implements RoleManagementService {
userStoreManager.updateUserListOfRole(newRoleName, usersToDelete, usersToAdd);
}
if (roleInfo.getPermissions() != null) {
// Delete all authorizations for the current role before authorizing the permission tree
authorizationManager.clearRoleAuthorization(roleName);
if (roleInfo.getPermissions().length > 0) {
for (int i = 0; i < roleInfo.getPermissions().length; i++) {
String permission = roleInfo.getPermissions()[i];
authorizationManager.authorizeRole(roleName, permission, CarbonConstants.UI_PERMISSION_ACTION);
}
if (roleInfo.getScopes() != null) {
ScopeManagementService scopeManagementService = DeviceMgtAPIUtils.getScopeManagementService();
if (scopeManagementService == null) {
log.error("Scope management service initialization is failed, hence scopes will not be updated");
} else {
scopeManagementService.updateScopes(DeviceMgtUtil.convertScopestoAPIScopes(roleInfo.getScopes()));
}
}
//TODO: Need to send the updated role information in the entity back to the client
@ -287,14 +245,21 @@ public class RoleManagementServiceImpl implements RoleManagementService {
log.error(msg, e);
return Response.serverError().entity(
new ErrorResponse.ErrorResponseBuilder().setMessage(msg).build()).build();
} catch (ScopeManagementException e) {
String msg = "Error occurred while updating scopes of role '" + roleName + "'";
log.error(msg, e);
return Response.serverError().entity(
new ErrorResponse.ErrorResponseBuilder().setMessage(msg).build()).build();
}
}
@DELETE
@Path("/{roleName}")
@Override
public Response deleteRole(@PathParam("roleName") String roleName) {
public Response deleteRole(@PathParam("roleName") String roleName, RoleInfo roleInfo) {
RequestValidationUtil.validateRoleName(roleName);
RequestValidationUtil.validateScopes(roleInfo.getScopes());
try {
final UserRealm userRealm = DeviceMgtAPIUtils.getUserRealm();
final UserStoreManager userStoreManager = userRealm.getUserStoreManager();
@ -312,12 +277,25 @@ public class RoleManagementServiceImpl implements RoleManagementService {
// Delete all authorizations for the current role before deleting
authorizationManager.clearRoleAuthorization(roleName);
//updating scopes
ScopeManagementService scopeManagementService = DeviceMgtAPIUtils.getScopeManagementService();
if (scopeManagementService == null) {
log.error("Scope management service initialization is failed, hence scopes will not be updated");
} else {
scopeManagementService.updateScopes(DeviceMgtUtil.convertScopestoAPIScopes(roleInfo.getScopes()));
}
return Response.status(Response.Status.OK).build();
} catch (UserStoreException e) {
String msg = "Error occurred while deleting the role '" + roleName + "'";
log.error(msg, e);
return Response.serverError().entity(
new ErrorResponse.ErrorResponseBuilder().setMessage(msg).build()).build();
} catch (ScopeManagementException e) {
String msg = "Error occurred while updating scopes of role '" + roleName + "'";
log.error(msg, e);
return Response.serverError().entity(
new ErrorResponse.ErrorResponseBuilder().setMessage(msg).build()).build();
}
}

9
components/device-mgt/org.wso2.carbon.device.mgt.api/src/main/java/org/wso2/carbon/device/mgt/jaxrs/service/impl/util/RequestValidationUtil.java
View File

@ -18,6 +18,7 @@
*/
package org.wso2.carbon.device.mgt.jaxrs.service.impl.util;
import org.wso2.carbon.device.mgt.jaxrs.beans.Scope;
import org.wso2.carbon.device.mgt.common.DeviceIdentifier;
import org.wso2.carbon.device.mgt.common.configuration.mgt.PlatformConfiguration;
import org.wso2.carbon.device.mgt.common.notification.mgt.Notification;
@ -313,6 +314,14 @@ public class RequestValidationUtil {
}
}
public static void validateScopes(List<Scope> scopes) {
if (scopes == null || scopes.isEmpty()) {
throw new InputValidationException(
new ErrorResponse.ErrorResponseBuilder().setCode(400l).setMessage("Scope details of the request body" +
" is incorrect or empty").build());
}
}
public static void validatePaginationParameters(int offset, int limit) {
if (offset < 0) {
throw new InputValidationException(

2
components/device-mgt/org.wso2.carbon.device.mgt.api/src/main/java/org/wso2/carbon/device/mgt/jaxrs/swagger/extension/SecurityDefinitionConfigurator.java
View File

@ -29,7 +29,7 @@ import java.util.HashMap;
import java.util.Map;
@SwaggerDefinition(
basePath = "/api/device-mgt/v1.0",
basePath = "/api-device-mgt-v1.0",
host = "localhost:9443"
)
public class SecurityDefinitionConfigurator implements ReaderListener {

11
components/device-mgt/org.wso2.carbon.device.mgt.api/src/main/java/org/wso2/carbon/device/mgt/jaxrs/util/DeviceMgtAPIUtils.java
View File

@ -28,6 +28,7 @@ import org.wso2.carbon.device.mgt.common.configuration.mgt.ConfigurationEntry;
import org.wso2.carbon.device.mgt.common.configuration.mgt.PlatformConfiguration;
import org.wso2.carbon.device.mgt.common.configuration.mgt.PlatformConfigurationManagementService;
import org.wso2.carbon.device.mgt.common.notification.mgt.NotificationManagementService;
import org.wso2.carbon.device.mgt.common.scope.mgt.ScopeManagementService;
import org.wso2.carbon.device.mgt.core.app.mgt.ApplicationManagementProviderService;
import org.wso2.carbon.device.mgt.core.device.details.mgt.DeviceInformationManager;
import org.wso2.carbon.device.mgt.core.search.mgt.SearchManagerService;
@ -248,6 +249,16 @@ public class DeviceMgtAPIUtils {
return gadgetDataService;
}
public static ScopeManagementService getScopeManagementService() {
PrivilegedCarbonContext ctx = PrivilegedCarbonContext.getThreadLocalCarbonContext();
ScopeManagementService scopeManagementService =
(ScopeManagementService) ctx.getOSGiService(ScopeManagementService.class, null);
if (scopeManagementService == null) {
throw new IllegalStateException("Scope Management Service has not been initialized.");
}
return scopeManagementService;
}
public static int getTenantId(String tenantDomain) throws DeviceManagementException {
RealmService realmService =
(RealmService) PrivilegedCarbonContext.getThreadLocalCarbonContext().getOSGiService(RealmService.class, null);

29
components/device-mgt/org.wso2.carbon.device.mgt.api/src/main/java/org/wso2/carbon/device/mgt/jaxrs/util/DeviceMgtUtil.java
View File

@ -18,6 +18,7 @@
package org.wso2.carbon.device.mgt.jaxrs.util;
import org.wso2.carbon.apimgt.api.model.Scope;
import org.wso2.carbon.device.mgt.jaxrs.beans.ErrorListItem;
import org.wso2.carbon.device.mgt.jaxrs.beans.ErrorResponse;
import org.wso2.carbon.device.mgt.jaxrs.beans.ProfileFeature;
@ -64,6 +65,34 @@ public class DeviceMgtUtil {
}
public static List<Scope> convertScopestoAPIScopes(List<org.wso2.carbon.device.mgt.jaxrs.beans.Scope> scopes) {
List<Scope> convertedScopes = new ArrayList<>();
Scope convertedScope;
for (org.wso2.carbon.device.mgt.jaxrs.beans.Scope scope : scopes) {
convertedScope = new Scope();
convertedScope.setKey(scope.getKey());
convertedScope.setName(scope.getName());
convertedScope.setDescription(scope.getDescription());
convertedScope.setRoles(scope.getRoles());
convertedScopes.add(convertedScope);
}
return convertedScopes;
}
public static List<org.wso2.carbon.device.mgt.jaxrs.beans.Scope> convertAPIScopestoScopes(List<Scope> scopes) {
List<org.wso2.carbon.device.mgt.jaxrs.beans.Scope> convertedScopes = new ArrayList<>();
org.wso2.carbon.device.mgt.jaxrs.beans.Scope convertedScope;
for (Scope scope : scopes) {
convertedScope = new org.wso2.carbon.device.mgt.jaxrs.beans.Scope();
convertedScope.setKey(scope.getKey());
convertedScope.setName(scope.getName());
convertedScope.setDescription(scope.getDescription());
convertedScope.setRoles(scope.getRoles());
convertedScopes.add(convertedScope);
}
return convertedScopes;
}
/**
* Returns a new BadRequestException
*

5
components/device-mgt/org.wso2.carbon.device.mgt.common/pom.xml
View File

@ -50,6 +50,7 @@
<Import-Package>
javax.xml.bind.annotation,
com.fasterxml.jackson.annotation,
org.wso2.carbon.apimgt.api.model,
io.swagger.annotations.*;resolution:=optional
</Import-Package>
</instructions>
@ -68,6 +69,10 @@
<groupId>com.fasterxml.jackson.core</groupId>
<artifactId>jackson-annotations</artifactId>
</dependency>
<dependency>
<groupId>org.wso2.carbon.apimgt</groupId>
<artifactId>org.wso2.carbon.apimgt.api</artifactId>
</dependency>
</dependencies>
</project>

43
components/device-mgt/org.wso2.carbon.device.mgt.common/src/main/java/org/wso2/carbon/device/mgt/common/permission/mgt/Permission.java
View File

@ -24,47 +24,25 @@ import javax.xml.bind.annotation.XmlRootElement;
/**
* This class represents the information related to permission.
*/
@XmlRootElement (name = "Permission")
public class Permission {
private String name; // permission name
private String path; // permission string
private String url; // url of the resource
private String urlTemplate; // resource template
private String method; // http method
private String scope; //scope of the resource
private String context;
public String getName() {
return name;
public String getContext() {
return context;
}
@XmlElement (name = "name", required = true)
public void setName(String name) {
this.name = name;
public void setContext(String context) {
this.context = context;
}
public String getPath() {
return path;
}
@XmlElement (name = "path", required = true)
public void setPath(String path) {
this.path = path;
}
public String getScope() {
return scope;
}
@XmlElement(name = "scope", required = false)
public void setScope(String scope) {
this.scope = scope;
}
public String getUrl() {
return url;
}
@XmlElement (name = "url", required = true)
public void setUrl(String url) {
this.url = url;
}
@ -73,8 +51,15 @@ public class Permission {
return method;
}
@XmlElement (name = "method", required = true)
public void setMethod(String method) {
this.method = method;
}
public String getUrlTemplate() {
return urlTemplate;
}
public void setUrlTemplate(String urlTemplate) {
this.urlTemplate = urlTemplate;
}
}

3
components/device-mgt/org.wso2.carbon.device.mgt.common/src/main/java/org/wso2/carbon/device/mgt/common/permission/mgt/PermissionManagerService.java
View File

@ -29,11 +29,10 @@ public interface PermissionManagerService {
/**
*
* @param permission - Permission to be added
* @return The status of the operation.
* @throws PermissionManagementException If some unusual behaviour is observed while adding the
* permission.
*/
boolean addPermission(Permission permission) throws PermissionManagementException;
void addPermission(Permission permission) throws PermissionManagementException;
/**
*

57
components/device-mgt/org.wso2.carbon.device.mgt.common/src/main/java/org/wso2/carbon/device/mgt/common/scope/mgt/ScopeManagementException.java Normal file
View File

@ -0,0 +1,57 @@
/*
* Copyright (c) 2014, WSO2 Inc. (http://www.wso2.org) All Rights Reserved.
*
* Licensed under the Apache License, Version 2.0 (the "License");
* you may not use this file except in compliance with the License.
* You may obtain a copy of the License at
*
* http://www.apache.org/licenses/LICENSE-2.0
*
* Unless required by applicable law or agreed to in writing, software
* distributed under the License is distributed on an "AS IS" BASIS,
* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
* See the License for the specific language governing permissions and
* limitations under the License.
*/
package org.wso2.carbon.device.mgt.common.scope.mgt;
/**
* This exception is used to throw when there is an issue in scope management service.
*/
public class ScopeManagementException extends Exception {
private static final long serialVersionUID = -315127931137779899L;
private String errorMessage;
public String getErrorMessage() {
return errorMessage;
}
public void setErrorMessage(String errorMessage) {
this.errorMessage = errorMessage;
}
public ScopeManagementException(String msg, Exception nestedEx) {
super(msg, nestedEx);
setErrorMessage(msg);
}
public ScopeManagementException(String message, Throwable cause) {
super(message, cause);
setErrorMessage(message);
}
public ScopeManagementException(String msg) {
super(msg);
setErrorMessage(msg);
}
public ScopeManagementException() {
super();
}
public ScopeManagementException(Throwable cause) {
super(cause);
}
}

53
components/device-mgt/org.wso2.carbon.device.mgt.common/src/main/java/org/wso2/carbon/device/mgt/common/scope/mgt/ScopeManagementService.java Normal file
View File

@ -0,0 +1,53 @@
/*
* Copyright (c) 2016 WSO2 Inc. (http://www.wso2.org) All Rights Reserved.
*
* WSO2 Inc. licenses this file to you under the Apache License,
* Version 2.0 (the "License"); you may not use this file except
* in compliance with the License.
* You may obtain a copy of the License at
*
* http://www.apache.org/licenses/LICENSE-2.0
*
* Unless required by applicable law or agreed to in writing,
* software distributed under the License is distributed on an
* "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
* KIND, either express or implied. See the License for the
* specific language governing permissions and limitations
* under the License.
*/
package org.wso2.carbon.device.mgt.common.scope.mgt;
import java.util.List;
import org.wso2.carbon.apimgt.api.model.Scope;
/**
* This interface contains the basic operations related to scope management.
*/
public interface ScopeManagementService {
/**
* This method is used to update the given list of scopes.
*
* @param scopes List of scopes to be updated.
* @throws ScopeManagementException
*/
void updateScopes(List<Scope> scopes) throws ScopeManagementException;
/**
* This method is used to retrieve all the scopes.
*
* @return List of scopes.
* @throws ScopeManagementException
*/
List<Scope> getAllScopes() throws ScopeManagementException;
/**
* This method is to retrieve the roles of the given scope
* @param scopeKey key of the scope
* @return List of roles
* @throws ScopeManagementException
*/
String getRolesOfScope(String scopeKey) throws ScopeManagementException;
}

28
components/device-mgt/org.wso2.carbon.device.mgt.core/pom.xml
View File

@ -91,6 +91,10 @@
!org.wso2.carbon.device.mgt.core.internal,
org.wso2.carbon.device.mgt.core.*
</Export-Package>
<Embed-Dependency>
javax.ws.rs-api,
scribe;scope=compile|runtime;inline=false;
</Embed-Dependency>
<DynamicImport-Package>*</DynamicImport-Package>
</instructions>
</configuration>
@ -228,6 +232,7 @@
<groupId>commons-collections.wso2</groupId>
<artifactId>commons-collections</artifactId>
</dependency>
<dependency>
<groupId>org.wso2.carbon.devicemgt</groupId>
<artifactId>org.wso2.carbon.email.sender.core</artifactId>
@ -236,15 +241,12 @@
<dependency>
<groupId>mysql</groupId>
<artifactId>mysql-connector-java</artifactId>
<version>5.1.34</version>
<scope>test</scope>
</dependency>
<dependency>
<groupId>com.google.code.gson</groupId>
<artifactId>gson</artifactId>
<version>1.7.1</version>
</dependency>
<dependency>
@ -253,6 +255,26 @@
<scope>provided</scope>
</dependency>
<dependency>
<groupId>org.wso2.orbit.org.scannotation</groupId>
<artifactId>scannotation</artifactId>
</dependency>
<dependency>
<groupId>org.wso2.carbon.devicemgt</groupId>
<artifactId>org.wso2.carbon.apimgt.annotations</artifactId>
</dependency>
<dependency>
<groupId>javax.ws.rs</groupId>
<artifactId>javax.ws.rs-api</artifactId>
</dependency>
<dependency>
<groupId>javax.ws.rs</groupId>
<artifactId>jsr311-api</artifactId>
</dependency>
</dependencies>
</project>

4
components/device-mgt/org.wso2.carbon.device.mgt.core/src/main/java/org/wso2/carbon/device/mgt/core/authorization/DeviceAccessAuthorizationServiceImpl.java
View File

@ -243,9 +243,7 @@ public class DeviceAccessAuthorizationServiceImpl implements DeviceAccessAuthori
}
private boolean addAdminPermissionToRegistry() throws PermissionManagementException {
Permission permission = new Permission();
permission.setPath(PermissionUtils.getAbsolutePermissionPath(CDM_ADMIN_PERMISSION));
return PermissionUtils.putPermission(permission);
return PermissionUtils.putPermission(PermissionUtils.getAbsolutePermissionPath(CDM_ADMIN_PERMISSION));
}
private Map<String, String> getOwnershipOfDevices(List<Device> devices) {

332
components/device-mgt/org.wso2.carbon.device.mgt.core/src/main/java/org/wso2/carbon/device/mgt/core/config/permission/AnnotationProcessor.java Normal file
View File

@ -0,0 +1,332 @@
/*
* Copyright (c) 2015, WSO2 Inc. (http://www.wso2.org) All Rights Reserved.
*
* WSO2 Inc. licenses this file to you under the Apache License,
* Version 2.0 (the "License"); you may not use this file except
* in compliance with the License.
* You may obtain a copy of the License at
*
* http://www.apache.org/licenses/LICENSE-2.0
*
* Unless required by applicable law or agreed to in writing,
* software distributed under the License is distributed on an
* "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
* KIND, either express or implied. See the License for the
* specific language governing permissions and limitations
* under the License.
*/
package org.wso2.carbon.device.mgt.core.config.permission;
import org.apache.catalina.core.StandardContext;
import org.apache.commons.logging.Log;
import org.apache.commons.logging.LogFactory;
import org.scannotation.AnnotationDB;
import org.wso2.carbon.apimgt.annotations.api.API;
import javax.servlet.ServletContext;
import javax.ws.rs.*;
import java.io.File;
import java.io.IOException;
import java.lang.annotation.Annotation;
import java.lang.reflect.InvocationHandler;
import java.lang.reflect.Method;
import java.lang.reflect.Proxy;
import java.net.MalformedURLException;
import java.net.URI;
import java.net.URL;
import java.security.AccessController;
import java.security.PrivilegedAction;
import java.util.ArrayList;
import java.util.List;
import java.util.Set;
import java.util.StringTokenizer;
public class AnnotationProcessor {
private static final Log log = LogFactory.getLog(AnnotationProcessor.class);
private static final String PACKAGE_ORG_APACHE = "org.apache";
private static final String PACKAGE_ORG_CODEHAUS = "org.codehaus";
private static final String PACKAGE_ORG_SPRINGFRAMEWORK = "org.springframework";
private static final String WILD_CARD = "/*";
private static final String URL_SEPARATOR = "/";
private static final String STRING_ARR = "string_arr";
private static final String STRING = "string";
private Method[] pathClazzMethods;
private Class<Path> pathClazz;
Class<API> apiClazz;
private ClassLoader classLoader;
private ServletContext servletContext;
public AnnotationProcessor(final StandardContext context) {
servletContext = context.getServletContext();
classLoader = servletContext.getClassLoader();
}
/**
* Scan the context for classes with annotations
*
* @return
* @throws IOException
*/
public Set<String> scanStandardContext(String className) throws IOException {
ExtendedAnnotationDB db = new ExtendedAnnotationDB();
db.addIgnoredPackages(PACKAGE_ORG_APACHE);
db.addIgnoredPackages(PACKAGE_ORG_CODEHAUS);
db.addIgnoredPackages(PACKAGE_ORG_SPRINGFRAMEWORK);
URL classPath = findWebInfClassesPath(servletContext);
db.scanArchives(classPath);
//Returns a list of classes with given Annotation
return db.getAnnotationIndex().get(className);
}
/**
* Method identifies the URL templates and context by reading the annotations of a class
*
* @param entityClasses
* @return
*/
public List<org.wso2.carbon.device.mgt.common.permission.mgt.Permission>
extractPermissions(Set<String> entityClasses) {
List<org.wso2.carbon.device.mgt.common.permission.mgt.Permission> permissions = new ArrayList<>();
if (entityClasses != null && !entityClasses.isEmpty()) {
for (final String className : entityClasses) {
List<org.wso2.carbon.device.mgt.common.permission.mgt.Permission> resourcePermissions =
AccessController.doPrivileged(new PrivilegedAction<List<org.wso2.carbon.device.mgt.common.permission.mgt.Permission>>() {
public List<org.wso2.carbon.device.mgt.common.permission.mgt.Permission> run() {
Class<?> clazz;
List<org.wso2.carbon.device.mgt.common.permission.mgt.Permission> apiPermissions =
new ArrayList<>();
try {
clazz = classLoader.loadClass(className);
apiClazz = (Class<API>)
classLoader.loadClass(org.wso2.carbon.apimgt.annotations.api.API
.class.getName());
Annotation apiAnno = clazz.getAnnotation(apiClazz);
List<org.wso2.carbon.device.mgt.common.permission.mgt.Permission> resourceList;
if (apiAnno != null) {
if (log.isDebugEnabled()) {
log.debug("Application Context root = " + servletContext.getContextPath());
}
try {
String rootContext = servletContext.getContextPath();
pathClazz = (Class<Path>) classLoader.loadClass(Path.class.getName());
pathClazzMethods = pathClazz.getMethods();
Annotation rootContectAnno = clazz.getAnnotation(pathClazz);
String subContext = "";
if (rootContectAnno != null) {
subContext = invokeMethod(pathClazzMethods[0], rootContectAnno, STRING);
if (subContext != null && !subContext.isEmpty()) {
if (subContext.trim().startsWith("/")) {
rootContext = rootContext + subContext;
} else {
rootContext = rootContext + "/" + subContext;
}
}
if (log.isDebugEnabled()) {
log.debug("API Root Context = " + rootContext);
}
}
Method[] annotatedMethods = clazz.getDeclaredMethods();
apiPermissions = getApiResources(rootContext, annotatedMethods);
} catch (Throwable throwable) {
log.error("Error encountered while scanning for annotations", throwable);
}
}
} catch (ClassNotFoundException e) {
log.error("Error when passing the api annotation for device type apis.");
}
return apiPermissions;
}
});
permissions.addAll(resourcePermissions);
}
}
return permissions;
}
/**
* Get Resources for each API
*
* @param resourceRootContext
* @param annotatedMethods
* @return
* @throws Throwable
*/
private List<org.wso2.carbon.device.mgt.common.permission.mgt.Permission>
getApiResources(String resourceRootContext, Method[] annotatedMethods) throws Throwable {
List<org.wso2.carbon.device.mgt.common.permission.mgt.Permission> permissions = new ArrayList<>();
String subCtx;
for (Method method : annotatedMethods) {
Annotation[] annotations = method.getDeclaredAnnotations();
org.wso2.carbon.device.mgt.common.permission.mgt.Permission permission =
new org.wso2.carbon.device.mgt.common.permission.mgt.Permission();
if (isHttpMethodAvailable(annotations)) {
Annotation methodContextAnno = method.getAnnotation(pathClazz);
if (methodContextAnno != null) {
subCtx = invokeMethod(pathClazzMethods[0], methodContextAnno, STRING);
} else {
subCtx = WILD_CARD;
}
permission.setContext(makeContextURLReady(resourceRootContext));
permission.setUrlTemplate(makeContextURLReady(subCtx));
// this check is added to avoid url resolving conflict which happens due
// to adding of '*' notation for dynamic path variables.
if (WILD_CARD.equals(subCtx)) {
subCtx = makeContextURLReady(resourceRootContext);
} else {
subCtx = makeContextURLReady(resourceRootContext) + makeContextURLReady(subCtx);
}
permission.setUrl(replaceDynamicPathVariables(subCtx));
String httpMethod;
for (int i = 0; i < annotations.length; i++) {
httpMethod = getHTTPMethodAnnotation(annotations[i]);
if (httpMethod != null) {
permission.setMethod(httpMethod);
break;
}
}
permissions.add(permission);
}
}
return permissions;
}
/**
* Read Method annotations indicating HTTP Methods
* @param annotation
*/
private String getHTTPMethodAnnotation(Annotation annotation) {
if (annotation.annotationType().getName().equals(GET.class.getName())) {
return HttpMethod.GET;
} else if (annotation.annotationType().getName().equals(POST.class.getName())) {
return HttpMethod.POST;
} else if (annotation.annotationType().getName().equals(OPTIONS.class.getName())) {
return HttpMethod.OPTIONS;
} else if (annotation.annotationType().getName().equals(DELETE.class.getName())) {
return HttpMethod.DELETE;
} else if (annotation.annotationType().getName().equals(PUT.class.getName())) {
return HttpMethod.PUT;
}
return null;
}
private boolean isHttpMethodAvailable(Annotation[] annotations) {
for (Annotation annotation : annotations) {
if (annotation.annotationType().getName().equals(GET.class.getName())) {
return true;
} else if (annotation.annotationType().getName().equals(POST.class.getName())) {
return true;
} else if (annotation.annotationType().getName().equals(OPTIONS.class.getName())) {
return true;
} else if (annotation.annotationType().getName().equals(DELETE.class.getName())) {
return true;
} else if (annotation.annotationType().getName().equals(PUT.class.getName())) {
return true;
}
}
return false;
}
/**
* Append '/' to the context and make it URL ready
*
* @param context
* @return
*/
private String makeContextURLReady(String context) {
if (context != null && ! context.isEmpty()) {
if (context.startsWith("/")) {
return context;
} else {
return "/" + context;
}
}
return "";
}
/**
* When an annotation and method is passed, this method invokes that executes said method against the annotation
*
* @param method
* @param annotation
* @param returnType
* @return
* @throws Throwable
*/
private String invokeMethod(Method method, Annotation annotation, String returnType) throws Throwable {
InvocationHandler methodHandler = Proxy.getInvocationHandler(annotation);
switch (returnType) {
case STRING:
return (String) methodHandler.invoke(annotation, method, null);
case STRING_ARR:
return ((String[]) methodHandler.invoke(annotation, method, null))[0];
default:
return null;
}
}
/**
* Find the URL pointing to "/WEB-INF/classes" This method may not work in conjunction with IteratorFactory
* if your servlet container does not extract the /WEB-INF/classes into a real file-based directory
*
* @param servletContext
* @return null if cannot determin /WEB-INF/classes
*/
public static URL findWebInfClassesPath(ServletContext servletContext)
{
String path = servletContext.getRealPath("/WEB-INF/classes");
if (path == null) return null;
File fp = new File(path);
if (fp.exists() == false) return null;
try
{
URI uri = fp.toURI();
return uri.toURL();
}
catch (MalformedURLException e)
{
throw new RuntimeException(e);
}
}
private String replaceDynamicPathVariables(String path) {
StringBuilder replacedPath = new StringBuilder();
StringTokenizer st = new StringTokenizer(path, URL_SEPARATOR);
String currentToken;
while (st.hasMoreTokens()) {
currentToken = st.nextToken();
if (currentToken.charAt(0) == '{') {
if (currentToken.charAt(currentToken.length() - 1) == '}') {
replacedPath.append(WILD_CARD);
}
} else {
replacedPath.append(URL_SEPARATOR);
replacedPath.append(currentToken);
}
}
return replacedPath.toString();
}
}

92
components/device-mgt/org.wso2.carbon.device.mgt.core/src/main/java/org/wso2/carbon/device/mgt/core/config/permission/ExtendedAnnotationDB.java Normal file
View File

@ -0,0 +1,92 @@
/*
* Copyright (c) 2014, WSO2 Inc. (http://www.wso2.org) All Rights Reserved.
*
* Licensed under the Apache License, Version 2.0 (the "License");
* you may not use this file except in compliance with the License.
* You may obtain a copy of the License at
*
* http://www.apache.org/licenses/LICENSE-2.0
*
* Unless required by applicable law or agreed to in writing, software
* distributed under the License is distributed on an "AS IS" BASIS,
* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
* See the License for the specific language governing permissions and
* limitations under the License.
*/
package org.wso2.carbon.device.mgt.core.config.permission;
import org.scannotation.AnnotationDB;
import org.scannotation.archiveiterator.Filter;
import org.scannotation.archiveiterator.StreamIterator;
import java.io.IOException;
import java.io.InputStream;
import java.net.URL;
public class ExtendedAnnotationDB extends AnnotationDB {
public ExtendedAnnotationDB() {
super();
}
public void scanArchives(URL... urls) throws IOException {
URL[] arr$ = urls;
int len$ = urls.length;
for(int i$ = 0; i$ < len$; ++i$) {
URL url = arr$[i$];
Filter filter = new Filter() {
public boolean accepts(String filename) {
if(filename.endsWith(".class")) {
if(filename.startsWith("/") || filename.startsWith("\\")) {
filename = filename.substring(1);
}
if(!ExtendedAnnotationDB.this.ignoreScan(filename.replace('/', '.'))) {
return true;
}
}
return false;
}
};
StreamIterator it = ExtendedIteratorFactory.create(url, filter);
InputStream stream;
while((stream = it.next()) != null) {
this.scanClass(stream);
}
}
}
private boolean ignoreScan(String intf) {
String[] arr$;
int len$;
int i$;
String ignored;
if(this.scanPackages != null) {
arr$ = this.scanPackages;
len$ = arr$.length;
for(i$ = 0; i$ < len$; ++i$) {
ignored = arr$[i$];
if(intf.startsWith(ignored + ".")) {
return false;
}
}
return true;
} else {
arr$ = this.ignoredPackages;
len$ = arr$.length;
for(i$ = 0; i$ < len$; ++i$) {
ignored = arr$[i$];
if(intf.startsWith(ignored + ".")) {
return true;
}
}
return false;
}
}
}

32
components/device-mgt/org.wso2.carbon.device.mgt.core/src/main/java/org/wso2/carbon/device/mgt/core/config/permission/ExtendedFileProtocolIteratorFactory.java Normal file
View File

@ -0,0 +1,32 @@
/*
* Copyright (c) 2014, WSO2 Inc. (http://www.wso2.org) All Rights Reserved.
*
* Licensed under the Apache License, Version 2.0 (the "License");
* you may not use this file except in compliance with the License.
* You may obtain a copy of the License at
*
* http://www.apache.org/licenses/LICENSE-2.0
*
* Unless required by applicable law or agreed to in writing, software
* distributed under the License is distributed on an "AS IS" BASIS,
* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
* See the License for the specific language governing permissions and
* limitations under the License.
*/
package org.wso2.carbon.device.mgt.core.config.permission;
import org.scannotation.archiveiterator.*;
import java.io.File;
import java.io.IOException;
import java.net.URL;
public class ExtendedFileProtocolIteratorFactory implements DirectoryIteratorFactory {
@Override
public StreamIterator create(URL url, Filter filter) throws IOException {
File f = new File(java.net.URLDecoder.decode(url.getPath(), "UTF-8"));
return f.isDirectory()?new FileIterator(f, filter):new JarIterator(url.openStream(), filter);
}
}

54
components/device-mgt/org.wso2.carbon.device.mgt.core/src/main/java/org/wso2/carbon/device/mgt/core/config/permission/ExtendedIteratorFactory.java Normal file
View File

@ -0,0 +1,54 @@
/*
* Copyright (c) 2014, WSO2 Inc. (http://www.wso2.org) All Rights Reserved.
*
* Licensed under the Apache License, Version 2.0 (the "License");
* you may not use this file except in compliance with the License.
* You may obtain a copy of the License at
*
* http://www.apache.org/licenses/LICENSE-2.0
*
* Unless required by applicable law or agreed to in writing, software
* distributed under the License is distributed on an "AS IS" BASIS,
* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
* See the License for the specific language governing permissions and
* limitations under the License.
*/
package org.wso2.carbon.device.mgt.core.config.permission;
import org.scannotation.archiveiterator.DirectoryIteratorFactory;
import org.scannotation.archiveiterator.Filter;
import org.scannotation.archiveiterator.JarIterator;
import org.scannotation.archiveiterator.StreamIterator;
import java.io.IOException;
import java.net.URL;
import java.util.concurrent.ConcurrentHashMap;
public class ExtendedIteratorFactory {
private static final ConcurrentHashMap<String, DirectoryIteratorFactory> registry = new ConcurrentHashMap();
public static StreamIterator create(URL url, Filter filter) throws IOException {
String urlString = url.toString();
if(urlString.endsWith("!/")) {
urlString = urlString.substring(4);
urlString = urlString.substring(0, urlString.length() - 2);
url = new URL(urlString);
}
if(!urlString.endsWith("/")) {
return new JarIterator(url.openStream(), filter);
} else {
DirectoryIteratorFactory factory = registry.get(url.getProtocol());
if(factory == null) {
throw new IOException("Unable to scan directory of protocol: " + url.getProtocol());
} else {
return factory.create(url, filter);
}
}
}
static {
registry.put("file", new ExtendedFileProtocolIteratorFactory());
}
}

22
components/device-mgt/org.wso2.carbon.device.mgt.core/src/main/java/org/wso2/carbon/device/mgt/core/config/permission/PermissionConfiguration.java
View File

@ -25,29 +25,27 @@ import javax.xml.bind.annotation.XmlRootElement;
import java.util.List;
/**
* This class represents the information related to permission configuration.
* This class represents the information related to permissions.
*/
@XmlRootElement (name = "PermissionConfiguration")
public class PermissionConfiguration {
private List<Permission> permissions;
private String apiVersion;
private String scopeName;
private String[] permissions;
public String getApiVersion() {
return apiVersion;
public String getScopeName() {
return scopeName;
}
@XmlElement (name = "APIVersion", required = true)
public void setApiVersion(String apiVersion) {
this.apiVersion = apiVersion;
public void setScopeName(String scope) {
this.scopeName = scope;
}
public List<Permission> getPermissions() {
public String[] getPermissions() {
return permissions;
}
@XmlElement (name = "Permission", required = true)
public void setPermissions(List<Permission> permissions) {
public void setPermissions(String[] permissions) {
this.permissions = permissions;
}
}

48
components/device-mgt/org.wso2.carbon.device.mgt.core/src/main/java/org/wso2/carbon/device/mgt/core/config/permission/lifecycle/WebAppDeploymentLifecycleListener.java
View File

@ -26,6 +26,8 @@ import org.apache.commons.logging.Log;
import org.apache.commons.logging.LogFactory;
import org.wso2.carbon.device.mgt.common.permission.mgt.Permission;
import org.wso2.carbon.device.mgt.common.permission.mgt.PermissionManagementException;
import org.wso2.carbon.device.mgt.common.permission.mgt.PermissionManagerService;
import org.wso2.carbon.device.mgt.core.config.permission.AnnotationProcessor;
import org.wso2.carbon.device.mgt.core.config.permission.PermissionConfiguration;
import org.wso2.carbon.device.mgt.core.permission.mgt.PermissionManagerServiceImpl;
import org.wso2.carbon.device.mgt.core.permission.mgt.PermissionUtils;
@ -35,8 +37,10 @@ import javax.xml.bind.JAXBContext;
import javax.xml.bind.JAXBException;
import javax.xml.bind.Unmarshaller;
import java.io.File;
import java.io.IOException;
import java.io.InputStream;
import java.util.List;
import java.util.Set;
/**
* This listener class will initiate the permission addition of permissions defined in
@ -45,7 +49,8 @@ import java.util.List;
@SuppressWarnings("unused")
public class WebAppDeploymentLifecycleListener implements LifecycleListener {
private static final String PERMISSION_CONFIG_PATH = "META-INF" + File.separator + "permissions.xml";
private static final String PARAM_MANAGED_API_ENABLED = "managed-api-enabled";
private static final Log log = LogFactory.getLog(WebAppDeploymentLifecycleListener.class);
@Override
@ -54,34 +59,27 @@ public class WebAppDeploymentLifecycleListener implements LifecycleListener {
StandardContext context = (StandardContext) lifecycleEvent.getLifecycle();
ServletContext servletContext = context.getServletContext();
String contextPath = context.getServletContext().getContextPath();
try {
InputStream permissionStream = servletContext.getResourceAsStream(PERMISSION_CONFIG_PATH);
if (permissionStream != null) {
/* Un-marshaling Device Management configuration */
JAXBContext cdmContext = JAXBContext.newInstance(PermissionConfiguration.class);
Unmarshaller unmarshaller = cdmContext.createUnmarshaller();
PermissionConfiguration permissionConfiguration = (PermissionConfiguration)
unmarshaller.unmarshal(permissionStream);
List<Permission> permissions = permissionConfiguration.getPermissions();
String apiVersion = permissionConfiguration.getApiVersion();
if (permissionConfiguration != null && permissions != null) {
String param = servletContext.getInitParameter(PARAM_MANAGED_API_ENABLED);
boolean isManagedApi = (param != null && !param.isEmpty()) && Boolean.parseBoolean(param);
if (isManagedApi) {
try {
AnnotationProcessor annotationProcessor = new AnnotationProcessor(context);
Set<String> annotatedAPIClasses = annotationProcessor.
scanStandardContext(org.wso2.carbon.apimgt.annotations.api.API.class.getName());
List<Permission> permissions = annotationProcessor.extractPermissions(annotatedAPIClasses);
PermissionManagerService permissionManagerService = PermissionManagerServiceImpl.getInstance();
if (permissions != null) {
for (Permission permission : permissions) {
// update the permission path to absolute permission path
permission.setPath(PermissionUtils.getAbsolutePermissionPath(permission.getPath()));
permission.setUrl(PermissionUtils.getAbsoluteContextPathOfAPI(contextPath, apiVersion,
permission.getUrl()).toLowerCase());
permission.setMethod(permission.getMethod().toUpperCase());
PermissionManagerServiceImpl.getInstance().addPermission(permission);
permissionManagerService.addPermission(permission);
}
}
} catch (PermissionManagementException e) {
log.error("Exception occurred while adding the permissions from webapp : "
+ servletContext.getContextPath(), e);
} catch (IOException e) {
log.error("Cannot find API annotation Class in the webapp '" + contextPath + "' class path", e);
}
} catch (JAXBException e) {
log.error(
"Exception occurred while parsing the permission configuration of webapp : "
+ context.getServletContext().getContextPath(), e);
} catch (PermissionManagementException e) {
log.error("Exception occurred while adding the permissions from webapp : "
+ servletContext.getContextPath(), e);
}
}

11
components/device-mgt/org.wso2.carbon.device.mgt.core/src/main/java/org/wso2/carbon/device/mgt/core/internal/DeviceManagementDataHolder.java
View File

@ -18,6 +18,7 @@
package org.wso2.carbon.device.mgt.core.internal;
import org.wso2.carbon.apimgt.impl.APIManagerConfiguration;
import org.wso2.carbon.device.mgt.common.app.mgt.ApplicationManager;
import org.wso2.carbon.device.mgt.common.authorization.DeviceAccessAuthorizationService;
import org.wso2.carbon.device.mgt.common.license.mgt.LicenseManager;
@ -56,6 +57,16 @@ public class DeviceManagementDataHolder {
private EmailSenderService emailSenderService;
private PushNotificationProviderRepository pushNotificationProviderRepository;
public APIManagerConfiguration getApiManagerConfiguration() {
return apiManagerConfiguration;
}
public void setApiManagerConfiguration(APIManagerConfiguration apiManagerConfiguration) {
this.apiManagerConfiguration = apiManagerConfiguration;
}
private APIManagerConfiguration apiManagerConfiguration;
private DeviceManagementDataHolder() {}
public static DeviceManagementDataHolder getInstance() {

25
components/device-mgt/org.wso2.carbon.device.mgt.core/src/main/java/org/wso2/carbon/device/mgt/core/internal/DeviceManagementServiceComponent.java
View File

@ -21,6 +21,7 @@ import org.apache.commons.logging.Log;
import org.apache.commons.logging.LogFactory;
import org.osgi.framework.BundleContext;
import org.osgi.service.component.ComponentContext;
import org.wso2.carbon.apimgt.impl.APIManagerConfiguration;
import org.wso2.carbon.apimgt.impl.APIManagerConfigurationService;
import org.wso2.carbon.device.mgt.common.DeviceManagementException;
import org.wso2.carbon.device.mgt.common.app.mgt.ApplicationManagementException;
@ -30,6 +31,7 @@ import org.wso2.carbon.device.mgt.common.notification.mgt.NotificationManagement
import org.wso2.carbon.device.mgt.common.operation.mgt.OperationManagementException;
import org.wso2.carbon.device.mgt.common.operation.mgt.OperationManager;
import org.wso2.carbon.device.mgt.common.permission.mgt.PermissionManagerService;
import org.wso2.carbon.device.mgt.common.scope.mgt.ScopeManagementService;
import org.wso2.carbon.device.mgt.common.spi.DeviceManagementService;
import org.wso2.carbon.device.mgt.core.DeviceManagementConstants;
import org.wso2.carbon.device.mgt.core.DeviceManagementPluginRepository;
@ -50,6 +52,8 @@ import org.wso2.carbon.device.mgt.core.operation.mgt.OperationManagerImpl;
import org.wso2.carbon.device.mgt.core.operation.mgt.dao.OperationManagementDAOFactory;
import org.wso2.carbon.device.mgt.core.permission.mgt.PermissionManagerServiceImpl;
import org.wso2.carbon.device.mgt.core.push.notification.mgt.PushNotificationProviderRepository;
import org.wso2.carbon.device.mgt.core.scope.mgt.ScopeManagementServiceImpl;
import org.wso2.carbon.device.mgt.core.scope.mgt.dao.ScopeManagementDAOFactory;
import org.wso2.carbon.device.mgt.core.service.DeviceManagementProviderService;
import org.wso2.carbon.device.mgt.core.service.DeviceManagementProviderServiceImpl;
import org.wso2.carbon.device.mgt.core.service.GroupManagementProviderService;
@ -59,8 +63,10 @@ import org.wso2.carbon.email.sender.core.service.EmailSenderService;
import org.wso2.carbon.ndatasource.core.DataSourceService;
import org.wso2.carbon.registry.core.service.RegistryService;
import org.wso2.carbon.user.core.service.RealmService;
import org.wso2.carbon.utils.CarbonUtils;
import org.wso2.carbon.utils.ConfigurationContextService;
import java.io.File;
import java.util.ArrayList;
import java.util.List;
@ -117,6 +123,9 @@ public class DeviceManagementServiceComponent {
private static List<DeviceManagementService> deviceManagers = new ArrayList<>();
private static List<DeviceManagerStartupListener> startupListeners = new ArrayList<>();
private DeviceManagementPluginRepository pluginRepository = new DeviceManagementPluginRepository();
private static final String APIM_CONFIGURATION_PATH = CarbonUtils.getCarbonHome() + File.separator + "repository" +
File.separator + "conf" + File.separator + "api-manager.xml";
private static final String DATA_SOURCE_NAME = "DataSourceName";
public static void registerPluginInitializationListener(PluginInitializationListener listener) {
synchronized (LOCK) {
@ -149,12 +158,19 @@ public class DeviceManagementServiceComponent {
DeviceConfigurationManager.getInstance().getDeviceManagementConfig();
DataSourceConfig dsConfig = config.getDeviceManagementConfigRepository().getDataSourceConfig();
APIManagerConfiguration apiManagerConfiguration = new APIManagerConfiguration();
apiManagerConfiguration.load(APIM_CONFIGURATION_PATH);
DeviceManagementDataHolder.getInstance().setApiManagerConfiguration(apiManagerConfiguration);
DeviceManagementDAOFactory.init(dsConfig);
GroupManagementDAOFactory.init(dsConfig);
NotificationManagementDAOFactory.init(dsConfig);
OperationManagementDAOFactory.init(dsConfig);
String apiManagerDataSource = apiManagerConfiguration.getFirstProperty(DATA_SOURCE_NAME);
ScopeManagementDAOFactory.init(apiManagerDataSource);
/* Initialize Operation Manager */
this.initOperationsManager();
@ -227,10 +243,9 @@ public class DeviceManagementServiceComponent {
= new NotificationManagementServiceImpl();
bundleContext.registerService(NotificationManagementService.class.getName(), notificationManagementService, null);
/* Registering PermissionManager Service */
PermissionManagerService permissionManagerService
= PermissionManagerServiceImpl.getInstance();
bundleContext.registerService(PermissionManagerService.class.getName(), permissionManagerService, null);
/* Registering Scope Management Service */
ScopeManagementService scopeManagementService = new ScopeManagementServiceImpl();
bundleContext.registerService(ScopeManagementService.class.getName(), scopeManagementService, null);
/* Registering DeviceAccessAuthorization Service */
DeviceAccessAuthorizationService deviceAccessAuthorizationService = new DeviceAccessAuthorizationServiceImpl();

10
components/device-mgt/org.wso2.carbon.device.mgt.core/src/main/java/org/wso2/carbon/device/mgt/core/permission/mgt/PermissionManagerServiceImpl.java
View File

@ -22,8 +22,9 @@ import org.wso2.carbon.device.mgt.common.permission.mgt.Permission;
import org.wso2.carbon.device.mgt.common.permission.mgt.PermissionManagementException;
import org.wso2.carbon.device.mgt.common.permission.mgt.PermissionManagerService;
import java.util.List;
import java.util.HashSet;
import java.util.Properties;
import java.util.Set;
/**
* This class will add, update custom permissions defined in permission.xml in webapps and it will
@ -52,16 +53,19 @@ public class PermissionManagerServiceImpl implements PermissionManagerService {
}
@Override
public boolean addPermission(Permission permission) throws PermissionManagementException {
public void addPermission(Permission permission) throws PermissionManagementException {
// adding a permission to the tree
permissionTree.addPermission(permission);
return PermissionUtils.putPermission(permission);
}
@Override
public Permission getPermission(Properties properties) throws PermissionManagementException {
String url = (String) properties.get(URL_PROPERTY);
String httpMethod = (String) properties.get(HTTP_METHOD_PROPERTY);
if (url == null || url.isEmpty() || httpMethod == null || httpMethod.isEmpty()) {
throw new PermissionManagementException("Resource URI/HTTP method is empty");
}
return permissionTree.getPermission(url, httpMethod);
}
}

3
components/device-mgt/org.wso2.carbon.device.mgt.core/src/main/java/org/wso2/carbon/device/mgt/core/permission/mgt/PermissionTree.java
View File

@ -54,9 +54,6 @@ public class PermissionTree {
tempRoot = addPermissionNode(tempRoot, tempChild);
}
tempRoot.addPermission(permission.getMethod(), permission); //setting permission to the vertex
if (log.isDebugEnabled()) {
log.debug("Added permission '" + permission.getName() + "'");
}
}
/**

132
components/device-mgt/org.wso2.carbon.device.mgt.core/src/main/java/org/wso2/carbon/device/mgt/core/permission/mgt/PermissionUtils.java
View File

@ -39,84 +39,82 @@ import java.util.StringTokenizer;
*/
public class PermissionUtils {
public static final String ADMIN_PERMISSION_REGISTRY_PATH = "/permission/admin";
public static final String PERMISSION_PROPERTY_NAME = "name";
public static final String ADMIN_PERMISSION_REGISTRY_PATH = "/permission/admin";
public static final String PERMISSION_PROPERTY_NAME = "name";
public static Registry getGovernanceRegistry() throws PermissionManagementException {
try {
int tenantId = PrivilegedCarbonContext.getThreadLocalCarbonContext().getTenantId();
return DeviceManagementDataHolder.getInstance().getRegistryService()
.getGovernanceSystemRegistry(
tenantId);
} catch (RegistryException e) {
throw new PermissionManagementException(
"Error in retrieving governance registry instance: " +
e.getMessage(), e);
}
}
public static Registry getGovernanceRegistry() throws PermissionManagementException {
try {
int tenantId = PrivilegedCarbonContext.getThreadLocalCarbonContext().getTenantId();
return DeviceManagementDataHolder.getInstance().getRegistryService()
.getGovernanceSystemRegistry(
tenantId);
} catch (RegistryException e) {
throw new PermissionManagementException(
"Error in retrieving governance registry instance: " +
e.getMessage(), e);
}
}
public static String getAbsolutePermissionPath(String permissionPath) {
return PermissionUtils.ADMIN_PERMISSION_REGISTRY_PATH + permissionPath;
}
public static String getAbsolutePermissionPath(String permissionPath) {
return PermissionUtils.ADMIN_PERMISSION_REGISTRY_PATH + permissionPath;
}
public static String getAbsoluteContextPathOfAPI(String contextPath, String version, String url) {
if((version != null) && !version.isEmpty()) {
return contextPath + "/" + version + url;
if ((version != null) && !version.isEmpty()) {
return contextPath + "/" + version + url;
}
return contextPath + url;
}
public static Permission getPermission(String path) throws PermissionManagementException {
try {
Resource resource = PermissionUtils.getGovernanceRegistry().get(path);
Permission permission = new Permission();
permission.setName(resource.getProperty(PERMISSION_PROPERTY_NAME));
permission.setPath(resource.getPath());
return permission;
} catch (RegistryException e) {
throw new PermissionManagementException("Error in retrieving registry resource : " +
e.getMessage(), e);
}
}
public static boolean putPermission(Permission permission)
throws PermissionManagementException {
boolean status;
try {
StringTokenizer tokenizer = new StringTokenizer(permission.getPath(), "/");
String lastToken = "", currentToken, tempPath;
while(tokenizer.hasMoreTokens()) {
currentToken = tokenizer.nextToken();
tempPath = lastToken + "/" + currentToken;
if(!checkResourceExists(tempPath)) {
// public static Permission getPermission(String path) throws PermissionManagementException {
// try {
// Resource resource = PermissionUtils.getGovernanceRegistry().get(path);
// Permission permission = new Permission();
// permission.setName(resource.getProperty(PERMISSION_PROPERTY_NAME));
// permission.setPath(resource.getPath());
// return permission;
// } catch (RegistryException e) {
// throw new PermissionManagementException("Error in retrieving registry resource : " +
// e.getMessage(), e);
// }
// }
//
public static boolean putPermission(String permissionPath)
throws PermissionManagementException {
boolean status;
try {
StringTokenizer tokenizer = new StringTokenizer(permissionPath, "/");
String lastToken = "", currentToken, tempPath;
while (tokenizer.hasMoreTokens()) {
currentToken = tokenizer.nextToken();
tempPath = lastToken + "/" + currentToken;
if (!checkResourceExists(tempPath)) {
createRegistryCollection(tempPath, currentToken);
}
lastToken = tempPath;
}
status = true;
} catch (RegistryException e) {
throw new PermissionManagementException(
"Error occurred while persisting permission : " +
permission.getName(), e);
}
return status;
}
}
lastToken = tempPath;
}
status = true;
} catch (RegistryException e) {
throw new PermissionManagementException("Error occurred while persisting permission", e);
}
return status;
}
public static void createRegistryCollection(String path, String resourceName)
throws PermissionManagementException,
RegistryException {
Resource resource = PermissionUtils.getGovernanceRegistry().newCollection();
resource.addProperty(PERMISSION_PROPERTY_NAME, resourceName);
PermissionUtils.getGovernanceRegistry().beginTransaction();
PermissionUtils.getGovernanceRegistry().put(path, resource);
PermissionUtils.getGovernanceRegistry().commitTransaction();
}
public static void createRegistryCollection(String path, String resourceName)
throws PermissionManagementException,
RegistryException {
Resource resource = PermissionUtils.getGovernanceRegistry().newCollection();
resource.addProperty(PERMISSION_PROPERTY_NAME, resourceName);
PermissionUtils.getGovernanceRegistry().beginTransaction();
PermissionUtils.getGovernanceRegistry().put(path, resource);
PermissionUtils.getGovernanceRegistry().commitTransaction();
}
public static boolean checkResourceExists(String path)
throws PermissionManagementException,
org.wso2.carbon.registry.core.exceptions.RegistryException {
return PermissionUtils.getGovernanceRegistry().resourceExists(path);
}
public static boolean checkResourceExists(String path)
throws PermissionManagementException,
org.wso2.carbon.registry.core.exceptions.RegistryException {
return PermissionUtils.getGovernanceRegistry().resourceExists(path);
}
public static Document convertToDocument(File file) throws PermissionManagementException {
DocumentBuilderFactory factory = DocumentBuilderFactory.newInstance();

97
components/device-mgt/org.wso2.carbon.device.mgt.core/src/main/java/org/wso2/carbon/device/mgt/core/scope/mgt/ScopeManagementServiceImpl.java Normal file
View File

@ -0,0 +1,97 @@
/*
* Copyright (c) 2016 WSO2 Inc. (http://www.wso2.org) All Rights Reserved.
*
* WSO2 Inc. licenses this file to you under the Apache License,
* Version 2.0 (the "License"); you may not use this file except
* in compliance with the License.
* You may obtain a copy of the License at
*
* http://www.apache.org/licenses/LICENSE-2.0
*
* Unless required by applicable law or agreed to in writing,
* software distributed under the License is distributed on an
* "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
* KIND, either express or implied. See the License for the
* specific language governing permissions and limitations
* under the License.
*/
package org.wso2.carbon.device.mgt.core.scope.mgt;
import org.wso2.carbon.apimgt.api.model.Scope;
import org.wso2.carbon.device.mgt.common.TransactionManagementException;
import org.wso2.carbon.device.mgt.common.scope.mgt.ScopeManagementException;
import org.wso2.carbon.device.mgt.common.scope.mgt.ScopeManagementService;
import org.wso2.carbon.device.mgt.core.scope.mgt.dao.ScopeManagementDAO;
import org.wso2.carbon.device.mgt.core.scope.mgt.dao.ScopeManagementDAOException;
import org.wso2.carbon.device.mgt.core.scope.mgt.dao.ScopeManagementDAOFactory;
import java.lang.annotation.Inherited;
import java.sql.SQLException;
import java.util.ArrayList;
import java.util.List;
/**
* This is an implementation of a Scope Management Service.
*/
public class ScopeManagementServiceImpl implements ScopeManagementService {
private ScopeManagementDAO scopeManagementDAO;
public ScopeManagementServiceImpl() {
this.scopeManagementDAO = ScopeManagementDAOFactory.getScopeManagementDAO();
}
@Override
public void updateScopes(List<Scope> scopes) throws ScopeManagementException {
try{
ScopeManagementDAOFactory.beginTransaction();
scopeManagementDAO.updateScopes(scopes);
ScopeManagementDAOFactory.commitTransaction();
} catch (TransactionManagementException e) {
ScopeManagementDAOFactory.rollbackTransaction();
throw new ScopeManagementException("Transactional error occurred while adding the scopes.", e);
} catch (ScopeManagementDAOException e) {
ScopeManagementDAOFactory.rollbackTransaction();
throw new ScopeManagementException("Error occurred while adding the scopes to database.", e);
} finally {
ScopeManagementDAOFactory.closeConnection();
}
}
@Override
public List<Scope> getAllScopes() throws ScopeManagementException {
List<Scope> scopes = new ArrayList<>();
try{
ScopeManagementDAOFactory.openConnection();
scopes = scopeManagementDAO.getAllScopes();
} catch (SQLException e) {
throw new ScopeManagementException("SQL error occurred while retrieving scopes from database.", e);
} catch (ScopeManagementDAOException e) {
throw new ScopeManagementException("Error occurred while retrieving scopes from database.", e);
} finally {
ScopeManagementDAOFactory.closeConnection();
}
return scopes;
}
@Override
public String getRolesOfScope(String scopeKey) throws ScopeManagementException {
String roles;
if (scopeKey == null || scopeKey.isEmpty()) {
throw new ScopeManagementException("Scope key is null or empty");
}
try {
ScopeManagementDAOFactory.openConnection();
roles = scopeManagementDAO.getRolesOfScope(scopeKey);
} catch (SQLException e) {
throw new ScopeManagementException("SQL error occurred while retrieving roles of scope from database.", e);
} catch (ScopeManagementDAOException e) {
throw new ScopeManagementException("Error occurred while retrieving roles of scope from database.", e);
} finally {
ScopeManagementDAOFactory.closeConnection();
}
return roles;
}
}

54
components/device-mgt/org.wso2.carbon.device.mgt.core/src/main/java/org/wso2/carbon/device/mgt/core/scope/mgt/dao/ScopeManagementDAO.java Normal file
View File

@ -0,0 +1,54 @@
/*
* Copyright (c) 2016 WSO2 Inc. (http://www.wso2.org) All Rights Reserved.
*
* WSO2 Inc. licenses this file to you under the Apache License,
* Version 2.0 (the "License"); you may not use this file except
* in compliance with the License.
* You may obtain a copy of the License at
*
* http://www.apache.org/licenses/LICENSE-2.0
*
* Unless required by applicable law or agreed to in writing,
* software distributed under the License is distributed on an
* "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
* KIND, either express or implied. See the License for the
* specific language governing permissions and limitations
* under the License.
*/
package org.wso2.carbon.device.mgt.core.scope.mgt.dao;
import org.wso2.carbon.apimgt.api.model.Scope;
import java.util.List;
/**
* This interface contains the basic database operations related to scope management.
*/
public interface ScopeManagementDAO {
/**
* This method is used to update the list of scopes.
*
* @param scopes List of scopes to be updated.
* @throws ScopeManagementDAOException
*/
void updateScopes(List<Scope> scopes) throws ScopeManagementDAOException;
/**
* This method is used to retrieve all the scopes.
*
* @return List of scopes.
* @throws ScopeManagementDAOException
*/
List<Scope> getAllScopes() throws ScopeManagementDAOException;
/**
* This method is to retrieve the roles of the given scope
* @param scopeKey key of the scope
* @return List of roles
* @throws ScopeManagementDAOException
*/
String getRolesOfScope(String scopeKey) throws ScopeManagementDAOException;
}

57
components/device-mgt/org.wso2.carbon.device.mgt.core/src/main/java/org/wso2/carbon/device/mgt/core/scope/mgt/dao/ScopeManagementDAOException.java Normal file
View File

@ -0,0 +1,57 @@
/*
* Copyright (c) 2016 WSO2 Inc. (http://www.wso2.org) All Rights Reserved.
*
* WSO2 Inc. licenses this file to you under the Apache License,
* Version 2.0 (the "License"); you may not use this file except
* in compliance with the License.
* You may obtain a copy of the License at
*
* http://www.apache.org/licenses/LICENSE-2.0
*
* Unless required by applicable law or agreed to in writing,
* software distributed under the License is distributed on an
* "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
* KIND, either express or implied. See the License for the
* specific language governing permissions and limitations
* under the License.
*/
package org.wso2.carbon.device.mgt.core.scope.mgt.dao;
public class ScopeManagementDAOException extends Exception {
private static final long serialVersionUID = -315127931137771199L;
private String errorMessage;
public String getErrorMessage() {
return errorMessage;
}
public void setErrorMessage(String errorMessage) {
this.errorMessage = errorMessage;
}
public ScopeManagementDAOException(String msg, Exception nestedEx) {
super(msg, nestedEx);
setErrorMessage(msg);
}
public ScopeManagementDAOException(String message, Throwable cause) {
super(message, cause);
setErrorMessage(message);
}
public ScopeManagementDAOException(String msg) {
super(msg);
setErrorMessage(msg);
}
public ScopeManagementDAOException() {
super();
}
public ScopeManagementDAOException(Throwable cause) {
super(cause);
}
}

139
components/device-mgt/org.wso2.carbon.device.mgt.core/src/main/java/org/wso2/carbon/device/mgt/core/scope/mgt/dao/ScopeManagementDAOFactory.java Normal file
View File

@ -0,0 +1,139 @@
/*
* Copyright (c) 2016, WSO2 Inc. (http://www.wso2.org) All Rights Reserved.
*
* WSO2 Inc. licenses this file to you under the Apache License,
* Version 2.0 (the "License"); you may not use this file except
* in compliance with the License.
* You may obtain a copy of the License at
*
* http://www.apache.org/licenses/LICENSE-2.0
*
* Unless required by applicable law or agreed to in writing,
* software distributed under the License is distributed on an
* "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
* KIND, either express or implied. See the License for the
* specific language governing permissions and limitations
* under the License.
*/
package org.wso2.carbon.device.mgt.core.scope.mgt.dao;
import org.apache.commons.logging.Log;
import org.apache.commons.logging.LogFactory;
import org.wso2.carbon.device.mgt.common.IllegalTransactionStateException;
import org.wso2.carbon.device.mgt.common.TransactionManagementException;
import org.wso2.carbon.device.mgt.core.dao.util.DeviceManagementDAOUtil;
import org.wso2.carbon.device.mgt.core.scope.mgt.dao.impl.ScopeManagementDAOImpl;
import javax.sql.DataSource;
import java.sql.Connection;
import java.sql.SQLException;
public class ScopeManagementDAOFactory {
private static final Log log = LogFactory.getLog(ScopeManagementDAOFactory.class);
private static DataSource dataSource;
private static String databaseEngine;
private static ThreadLocal<Connection> currentConnection = new ThreadLocal<Connection>();
public static ScopeManagementDAO getScopeManagementDAO() {
return new ScopeManagementDAOImpl();
}
public static void init(String dataSourceName) {
dataSource = resolveDataSource(dataSourceName);
try {
databaseEngine = dataSource.getConnection().getMetaData().getDatabaseProductName();
} catch (SQLException e) {
log.error("Error occurred while retrieving config.datasource connection", e);
}
}
public static void beginTransaction() throws TransactionManagementException {
try {
Connection conn = dataSource.getConnection();
conn.setAutoCommit(false);
currentConnection.set(conn);
} catch (SQLException e) {
throw new TransactionManagementException(
"Error occurred while retrieving config.datasource connection", e);
}
}
public static void openConnection() throws SQLException {
currentConnection.set(dataSource.getConnection());
}
public static Connection getConnection() throws SQLException {
if (currentConnection.get() == null) {
throw new IllegalTransactionStateException("No connection is associated with the current transaction. " +
"This might have ideally caused by not properly initiating the transaction via " +
"'beginTransaction'/'openConnection' methods");
}
return currentConnection.get();
}
public static void closeConnection() {
Connection con = currentConnection.get();
if (con != null) {
try {
con.close();
} catch (SQLException e) {
log.error("Error occurred while close the connection");
}
currentConnection.remove();
}
}
public static void commitTransaction() {
try {
Connection conn = currentConnection.get();
if (conn != null) {
conn.commit();
} else {
if (log.isDebugEnabled()) {
log.debug("Datasource connection associated with the current thread is null, hence commit " +
"has not been attempted");
}
}
} catch (SQLException e) {
log.error("Error occurred while committing the transaction", e);
}
}
public static void rollbackTransaction() {
try {
Connection conn = currentConnection.get();
if (conn != null) {
conn.rollback();
} else {
if (log.isDebugEnabled()) {
log.debug("Datasource connection associated with the current thread is null, hence rollback " +
"has not been attempted");
}
}
} catch (SQLException e) {
log.error("Error occurred while roll-backing the transaction", e);
}
}
/**
* Resolve data source from the data source name.
*
* @param dataSourceName data source name
* @return data source resolved from the data source definition
*/
private static DataSource resolveDataSource(String dataSourceName) {
DataSource dataSource;
if (dataSourceName == null || dataSourceName.isEmpty()) {
throw new RuntimeException("Scope Management Repository data source configuration is null and " +
"thus, is not initialized");
}
if (log.isDebugEnabled()) {
log.debug("Initializing Scope Management Repository data source using the JNDI Lookup Definition");
}
dataSource = DeviceManagementDAOUtil.lookupDataSource(dataSourceName, null);
return dataSource;
}
}

57
components/device-mgt/org.wso2.carbon.device.mgt.core/src/main/java/org/wso2/carbon/device/mgt/core/scope/mgt/dao/ScopeManagementDAOUtil.java Normal file
View File

@ -0,0 +1,57 @@
/*
* Copyright (c) 2016, WSO2 Inc. (http://www.wso2.org) All Rights Reserved.
*
* WSO2 Inc. licenses this file to you under the Apache License,
* Version 2.0 (the "License"); you may not use this file except
* in compliance with the License.
* You may obtain a copy of the License at
*
* http://www.apache.org/licenses/LICENSE-2.0
*
* Unless required by applicable law or agreed to in writing,
* software distributed under the License is distributed on an
* "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
* KIND, either express or implied. See the License for the
* specific language governing permissions and limitations
* under the License.
*
*/
package org.wso2.carbon.device.mgt.core.scope.mgt.dao;
import org.apache.commons.logging.Log;
import org.apache.commons.logging.LogFactory;
import java.sql.ResultSet;
import java.sql.SQLException;
import java.sql.Statement;
public class ScopeManagementDAOUtil {
private static final Log log = LogFactory.getLog(ScopeManagementDAOUtil.class);
public static void cleanupResources(Statement stmt, ResultSet rs) {
if (rs != null) {
try {
rs.close();
} catch (SQLException e) {
log.warn("Error occurred while closing the result set", e);
}
}
if (stmt != null) {
try {
stmt.close();
} catch (SQLException e) {
log.warn("Error occurred while closing the statement", e);
}
}
}
public static void cleanupResources(Statement stmt) {
if (stmt != null) {
try {
stmt.close();
} catch (SQLException e) {
log.warn("Error occurred while closing the statement", e);
}
}
}
}

121
components/device-mgt/org.wso2.carbon.device.mgt.core/src/main/java/org/wso2/carbon/device/mgt/core/scope/mgt/dao/impl/ScopeManagementDAOImpl.java Normal file
View File

@ -0,0 +1,121 @@
/*
* Copyright (c) 2016 WSO2 Inc. (http://www.wso2.org) All Rights Reserved.
*
* WSO2 Inc. licenses this file to you under the Apache License,
* Version 2.0 (the "License"); you may not use this file except
* in compliance with the License.
* You may obtain a copy of the License at
*
* http://www.apache.org/licenses/LICENSE-2.0
*
* Unless required by applicable law or agreed to in writing,
* software distributed under the License is distributed on an
* "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
* KIND, either express or implied. See the License for the
* specific language governing permissions and limitations
* under the License.
*/
package org.wso2.carbon.device.mgt.core.scope.mgt.dao.impl;
import org.wso2.carbon.apimgt.api.model.Scope;
import org.wso2.carbon.device.mgt.core.scope.mgt.dao.ScopeManagementDAO;
import org.wso2.carbon.device.mgt.core.scope.mgt.dao.ScopeManagementDAOException;
import org.wso2.carbon.device.mgt.core.scope.mgt.dao.ScopeManagementDAOFactory;
import org.wso2.carbon.device.mgt.core.scope.mgt.dao.ScopeManagementDAOUtil;
import java.sql.Connection;
import java.sql.PreparedStatement;
import java.sql.ResultSet;
import java.sql.SQLException;
import java.util.ArrayList;
import java.util.List;
public class ScopeManagementDAOImpl implements ScopeManagementDAO {
@Override
public void updateScopes(List<Scope> scopes) throws ScopeManagementDAOException {
Connection conn;
PreparedStatement stmt = null;
ResultSet rs = null;
try {
conn = this.getConnection();
String sql = "UPDATE IDN_OAUTH2_SCOPE SET ROLES=? WHERE SCOPE_KEY=?";
stmt = conn.prepareStatement(sql);
// creating a batch request
for (Scope scope : scopes) {
stmt.setString(1, scope.getRoles());
stmt.setString(2, scope.getKey());
stmt.addBatch();
}
stmt.executeBatch();
} catch (SQLException e) {
throw new ScopeManagementDAOException("Error occurred while updating the details of the scopes.", e);
} finally {
ScopeManagementDAOUtil.cleanupResources(stmt, rs);
}
}
public List<Scope> getAllScopes() throws ScopeManagementDAOException {
Connection conn;
PreparedStatement stmt = null;
ResultSet rs = null;
List<Scope> scopes = new ArrayList<>();
Scope scope;
try {
conn = this.getConnection();
String sql = "SELECT * FROM IDN_OAUTH2_SCOPE";
stmt = conn.prepareStatement(sql);
rs = stmt.executeQuery();
while (rs.next()) {
scope = new Scope();
scope.setKey(rs.getString("SCOPE_KEY"));
scope.setName(rs.getString("NAME"));
scope.setDescription(rs.getString("DESCRIPTION"));
scope.setRoles(rs.getString("ROLES"));
scopes.add(scope);
}
return scopes;
} catch (SQLException e) {
throw new ScopeManagementDAOException("Error occurred while fetching the details of the scopes.", e);
} finally {
ScopeManagementDAOUtil.cleanupResources(stmt, rs);
}
}
@Override
public String getRolesOfScope(String scopeKey) throws ScopeManagementDAOException {
Connection conn;
PreparedStatement stmt = null;
ResultSet rs = null;
String roles = null;
try {
conn = this.getConnection();
String sql = "SELECT ROLES FROM IDN_OAUTH2_SCOPE WHERE SCOPE_KEY = ?";
stmt = conn.prepareStatement(sql);
stmt.setString(1, scopeKey);
rs = stmt.executeQuery();
if (rs.next()) {
roles = rs.getString("ROLES");
}
return roles;
} catch (SQLException e) {
throw new ScopeManagementDAOException("Error occurred while fetching the details of the scopes.", e);
} finally {
ScopeManagementDAOUtil.cleanupResources(stmt, rs);
}
}
private Connection getConnection() throws SQLException {
return ScopeManagementDAOFactory.getConnection();
}
}

4
components/identity-extensions/org.wso2.carbon.device.mgt.oauth.extensions/src/main/java/org/wso2/carbon/device/mgt/oauth/extensions/validators/PermissionBasedScopeValidator.java
View File

@ -87,11 +87,11 @@ public class PermissionBasedScopeValidator extends OAuth2ScopeValidator {
if (userRealm != null && userRealm.getAuthorizationManager() != null) {
if (userStore != null) {
status = userRealm.getAuthorizationManager()
.isUserAuthorized(userStore + "/" + username, permission.getPath(),
.isUserAuthorized(userStore + "/" + username, permission.getUrl(),
PermissionMethod.UI_EXECUTE);
} else {
status = userRealm.getAuthorizationManager()
.isUserAuthorized(username, permission.getPath(), PermissionMethod.UI_EXECUTE);
.isUserAuthorized(username, permission.getUrl(), PermissionMethod.UI_EXECUTE);
}
}
}

23
components/webapp-authenticator-framework/org.wso2.carbon.webapp.authenticator.framework/src/main/java/org/wso2/carbon/webapp/authenticator/framework/Utils/Utils.java
View File

@ -23,6 +23,10 @@ import org.apache.commons.logging.Log;
import org.apache.commons.logging.LogFactory;
import org.wso2.carbon.base.MultitenantConstants;
import org.wso2.carbon.context.PrivilegedCarbonContext;
import org.wso2.carbon.device.mgt.common.permission.mgt.Permission;
import org.wso2.carbon.device.mgt.common.permission.mgt.PermissionManagementException;
import org.wso2.carbon.device.mgt.common.permission.mgt.PermissionManagerService;
import org.wso2.carbon.device.mgt.core.permission.mgt.PermissionManagerServiceImpl;
import org.wso2.carbon.identity.core.util.IdentityTenantUtil;
import org.wso2.carbon.user.api.TenantManager;
import org.wso2.carbon.user.api.UserStoreException;
@ -30,9 +34,17 @@ import org.wso2.carbon.user.core.service.RealmService;
import org.wso2.carbon.utils.multitenancy.MultitenantUtils;
import org.wso2.carbon.webapp.authenticator.framework.AuthenticationException;
import java.util.Properties;
public class Utils {
private static final Log log = LogFactory.getLog(Utils.class);
private static PermissionManagerService permissionManagerService = PermissionManagerServiceImpl.getInstance();
private static Properties properties;
private static Permission permission;
public static final String URL_PROPERTY = "URL";
public static final String HTTP_METHOD_PROPERTY = "HTTP_METHOD";
public static int getTenantIdOFUser(String username) throws AuthenticationException {
int tenantId = 0;
@ -74,4 +86,15 @@ public class Utils {
}
}
public static String getResourceUri(String url, String httpMethod) throws PermissionManagementException {
properties = new Properties();
properties.put(URL_PROPERTY, url);
properties.put(HTTP_METHOD_PROPERTY, httpMethod);
permission = permissionManagerService.getPermission(properties);
if (permission != null) {
return permission.getContext() + "/1.0.0/1.0.0" + permission.getUrlTemplate() + ":" + permission.getMethod();
}
return null;
}
}

17
components/webapp-authenticator-framework/org.wso2.carbon.webapp.authenticator.framework/src/main/java/org/wso2/carbon/webapp/authenticator/framework/authenticator/OAuthAuthenticator.java
View File

@ -23,6 +23,7 @@ import org.apache.commons.logging.Log;
import org.apache.commons.logging.LogFactory;
import org.apache.tomcat.util.buf.ByteChunk;
import org.apache.tomcat.util.buf.MessageBytes;
import org.wso2.carbon.device.mgt.common.permission.mgt.PermissionManagementException;
import org.wso2.carbon.webapp.authenticator.framework.AuthenticationException;
import org.wso2.carbon.webapp.authenticator.framework.AuthenticationFrameworkUtil;
import org.wso2.carbon.webapp.authenticator.framework.AuthenticationInfo;
@ -105,7 +106,7 @@ public class OAuthAuthenticator implements WebappAuthenticator {
StringTokenizer tokenizer = new StringTokenizer(requestUri, "/");
String context = tokenizer.nextToken();
if ((context == null) || ("".equals(context))) {
if ((context == null) || (context.isEmpty())) {
authenticationInfo.setStatus(WebappAuthenticator.Status.CONTINUE);
}
String apiVersion = tokenizer.nextToken();
@ -120,7 +121,17 @@ public class OAuthAuthenticator implements WebappAuthenticator {
} else {
String bearerToken = getBearerToken(request);
String resource = requestUri + ":" + requestMethod;
int urlParamIndex = requestUri.indexOf('?');
if(urlParamIndex > 0) {
requestUri = requestUri.substring(0, urlParamIndex);
}
String resource = Utils.getResourceUri(requestUri, requestMethod);
if (resource == null || resource.isEmpty()) {
authenticationInfo.setStatus(Status.FAILURE);
authenticationInfo.setMessage("Requested resource does not exist");
return authenticationInfo;
}
OAuthValidationResponse oAuthValidationResponse =
this.tokenValidator.validateToken(bearerToken, resource);
@ -142,6 +153,8 @@ public class OAuthAuthenticator implements WebappAuthenticator {
log.error("Failed to authenticate the incoming request", e);
} catch (OAuthTokenValidationException e) {
log.error("Failed to authenticate the incoming request due to oauth token validation error.", e);
} catch (PermissionManagementException e) {
log.error("Failed to authenticate the incoming request due to error in permission initialization", e);
}
return authenticationInfo;
}

51
components/webapp-authenticator-framework/org.wso2.carbon.webapp.authenticator.framework/src/main/java/org/wso2/carbon/webapp/authenticator/framework/authorizer/PermissionAuthorizer.java
View File

@ -42,56 +42,7 @@ public class PermissionAuthorizer {
public WebappAuthenticator.Status authorize(Request request, Response response) {
String requestUri = request.getRequestURI();
String requestMethod = request.getMethod();
if (requestUri == null || requestUri.isEmpty() || requestMethod == null || requestMethod.isEmpty()) {
return WebappAuthenticator.Status.CONTINUE;
}
PermissionManagerServiceImpl registryBasedPermissionManager = PermissionManagerServiceImpl.getInstance();
Properties properties = new Properties();
properties.put("",requestUri);
properties.put("",requestMethod);
Permission requestPermission = null;
try {
requestPermission = registryBasedPermissionManager.getPermission(properties);
} catch (PermissionManagementException e) {
log.error(
"Error occurred while fetching the permission for URI : " + Encode.forJava(requestUri) + " ," +
" METHOD : " + requestMethod + ", msg = " + e.getMessage());
}
if (requestPermission == null) {
if (log.isDebugEnabled()) {
log.debug("Permission to request '" + Encode.forJava(requestUri) + "' is not defined in the configuration");
}
return WebappAuthenticator.Status.FAILURE;
}
String permissionString = requestPermission.getPath();
// This is added temporarily until authentication works.
// TODO remove below line.
String username = "admin";
// TODO uncomment this once the authentication works.
//String username = CarbonContext.getThreadLocalCarbonContext().getUsername();
boolean isUserAuthorized;
try {
isUserAuthorized = CarbonContext.getThreadLocalCarbonContext().getUserRealm().
getAuthorizationManager().isUserAuthorized(username, permissionString,
Constants.PermissionMethod.READ);
} catch (UserStoreException e) {
log.error("Error occurred while retrieving user store. " + e.getMessage());
return WebappAuthenticator.Status.FAILURE;
}
if (isUserAuthorized) {
return WebappAuthenticator.Status.SUCCESS;
} else {
return WebappAuthenticator.Status.FAILURE;
}
return WebappAuthenticator.Status.SUCCESS;
}
}

2
features/apimgt-extensions/org.wso2.carbon.apimgt.application.extension.feature/pom.xml
View File

@ -111,7 +111,7 @@
<adviceFile>
<properties>
<propertyDef>org.wso2.carbon.p2.category.type:server</propertyDef>
<propertyDef>org.eclipse.equinox.p2.type.group:false</propertyDef>
<propertyDef>org.eclipse.equinox.p2.type.group:true</propertyDef>
</properties>
</adviceFile>
<bundles>

2
features/dynamic-client-registration/org.wso2.carbon.dynamic.client.registration.server.feature/pom.xml
View File

@ -127,7 +127,7 @@
<adviceFile>
<properties>
<propertyDef>org.wso2.carbon.p2.category.type:server</propertyDef>
<propertyDef>org.eclipse.equinox.p2.type.group:false</propertyDef>
<propertyDef>org.eclipse.equinox.p2.type.group:true</propertyDef>
</properties>
</adviceFile>
<bundles>

241
features/etc/feature.properties Normal file
View File

@ -0,0 +1,241 @@
################################################################################
# Copyright 2015 WSO2, Inc. (http://wso2.com)
#
# WSO2 Inc. Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
# You may obtain a copy of the License at
#
# http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS,
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
# See the License for the specific language governing permissions and
# limitations under the License.
################################################################################
providerName=WSO2 Inc.
########################## license properties ##################################
licenseURL=http://www.apache.org/licenses/LICENSE-2.0
license=\
Apache License\n\
Version 2.0, January 2004\n\
http://www.apache.org/licenses/\n\
\n\
TERMS AND CONDITIONS FOR USE, REPRODUCTION, AND DISTRIBUTION\n\
\n\
1. Definitions.\n\
\n\
"License" shall mean the terms and conditions for use, reproduction,\n\
and distribution as defined by Sections 1 through 9 of this document.\n\
\n\
"Licensor" shall mean the copyright owner or entity authorized by\n\
the copyright owner that is granting the License.\n\
\n\
"Legal Entity" shall mean the union of the acting entity and all\n\
other entities that control, are controlled by, or are under common\n\
control with that entity. For the purposes of this definition,\n\
"control" means (i) the power, direct or indirect, to cause the\n\
direction or management of such entity, whether by contract or\n\
otherwise, or (ii) ownership of fifty percent (50%) or more of the\n\
outstanding shares, or (iii) beneficial ownership of such entity.\n\
\n\
"You" (or "Your") shall mean an individual or Legal Entity\n\
exercising permissions granted by this License.\n\
\n\
"Source" form shall mean the preferred form for making modifications,\n\
including but not limited to software source code, documentation\n\
source, and configuration files.\n\
\n\
"Object" form shall mean any form resulting from mechanical\n\
transformation or translation of a Source form, including but\n\
not limited to compiled object code, generated documentation,\n\
and conversions to other media types.\n\
\n\
"Work" shall mean the work of authorship, whether in Source or\n\
Object form, made available under the License, as indicated by a\n\
copyright notice that is included in or attached to the work\n\
(an example is provided in the Appendix below).\n\
\n\
"Derivative Works" shall mean any work, whether in Source or Object\n\
form, that is based on (or derived from) the Work and for which the\n\
editorial revisions, annotations, elaborations, or other modifications\n\
represent, as a whole, an original work of authorship. For the purposes\n\
of this License, Derivative Works shall not include works that remain\n\
separable from, or merely link (or bind by name) to the interfaces of,\n\
the Work and Derivative Works thereof.\n\
\n\
"Contribution" shall mean any work of authorship, including\n\
the original version of the Work and any modifications or additions\n\
to that Work or Derivative Works thereof, that is intentionally\n\
submitted to Licensor for inclusion in the Work by the copyright owner\n\
or by an individual or Legal Entity authorized to submit on behalf of\n\
the copyright owner. For the purposes of this definition, "submitted"\n\
means any form of electronic, verbal, or written communication sent\n\
to the Licensor or its representatives, including but not limited to\n\
communication on electronic mailing lists, source code control systems,\n\
and issue tracking systems that are managed by, or on behalf of, the\n\
Licensor for the purpose of discussing and improving the Work, but\n\
excluding communication that is conspicuously marked or otherwise\n\
designated in writing by the copyright owner as "Not a Contribution."\n\
\n\
"Contributor" shall mean Licensor and any individual or Legal Entity\n\
on behalf of whom a Contribution has been received by Licensor and\n\
subsequently incorporated within the Work.\n\
\n\
2. Grant of Copyright License. Subject to the terms and conditions of\n\
this License, each Contributor hereby grants to You a perpetual,\n\
worldwide, non-exclusive, no-charge, royalty-free, irrevocable\n\
copyright license to reproduce, prepare Derivative Works of,\n\
publicly display, publicly perform, sublicense, and distribute the\n\
Work and such Derivative Works in Source or Object form.\n\
\n\
3. Grant of Patent License. Subject to the terms and conditions of\n\
this License, each Contributor hereby grants to You a perpetual,\n\
worldwide, non-exclusive, no-charge, royalty-free, irrevocable\n\
(except as stated in this section) patent license to make, have made,\n\
use, offer to sell, sell, import, and otherwise transfer the Work,\n\
where such license applies only to those patent claims licensable\n\
by such Contributor that are necessarily infringed by their\n\
Contribution(s) alone or by combination of their Contribution(s)\n\
with the Work to which such Contribution(s) was submitted. If You\n\
institute patent litigation against any entity (including a\n\
cross-claim or counterclaim in a lawsuit) alleging that the Work\n\
or a Contribution incorporated within the Work constitutes direct\n\
or contributory patent infringement, then any patent licenses\n\
granted to You under this License for that Work shall terminate\n\
as of the date such litigation is filed.\n\
\n\
4. Redistribution. You may reproduce and distribute copies of the\n\
Work or Derivative Works thereof in any medium, with or without\n\
modifications, and in Source or Object form, provided that You\n\
meet the following conditions:\n\
\n\
(a) You must give any other recipients of the Work or\n\
Derivative Works a copy of this License; and\n\
\n\
(b) You must cause any modified files to carry prominent notices\n\
stating that You changed the files; and\n\
\n\
(c) You must retain, in the Source form of any Derivative Works\n\
that You distribute, all copyright, patent, trademark, and\n\
attribution notices from the Source form of the Work,\n\
excluding those notices that do not pertain to any part of\n\
the Derivative Works; and\n\
\n\
(d) If the Work includes a "NOTICE" text file as part of its\n\
distribution, then any Derivative Works that You distribute must\n\
include a readable copy of the attribution notices contained\n\
within such NOTICE file, excluding those notices that do not\n\
pertain to any part of the Derivative Works, in at least one\n\
of the following places: within a NOTICE text file distributed\n\
as part of the Derivative Works; within the Source form or\n\
documentation, if provided along with the Derivative Works; or,\n\
within a display generated by the Derivative Works, if and\n\
wherever such third-party notices normally appear. The contents\n\
of the NOTICE file are for informational purposes only and\n\
do not modify the License. You may add Your own attribution\n\
notices within Derivative Works that You distribute, alongside\n\
or as an addendum to the NOTICE text from the Work, provided\n\
that such additional attribution notices cannot be construed\n\
as modifying the License.\n\
\n\
You may add Your own copyright statement to Your modifications and\n\
may provide additional or different license terms and conditions\n\
for use, reproduction, or distribution of Your modifications, or\n\
for any such Derivative Works as a whole, provided Your use,\n\
reproduction, and distribution of the Work otherwise complies with\n\
the conditions stated in this License.\n\
\n\
5. Submission of Contributions. Unless You explicitly state otherwise,\n\
any Contribution intentionally submitted for inclusion in the Work\n\
by You to the Licensor shall be under the terms and conditions of\n\
this License, without any additional terms or conditions.\n\
Notwithstanding the above, nothing herein shall supersede or modify\n\
the terms of any separate license agreement you may have executed\n\
with Licensor regarding such Contributions.\n\
\n\
6. Trademarks. This License does not grant permission to use the trade\n\
names, trademarks, service marks, or product names of the Licensor,\n\
except as required for reasonable and customary use in describing the\n\
origin of the Work and reproducing the content of the NOTICE file.\n\
\n\
7. Disclaimer of Warranty. Unless required by applicable law or\n\
agreed to in writing, Licensor provides the Work (and each\n\
Contributor provides its Contributions) on an "AS IS" BASIS,\n\
WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or\n\
implied, including, without limitation, any warranties or conditions\n\
of TITLE, NON-INFRINGEMENT, MERCHANTABILITY, or FITNESS FOR A\n\
PARTICULAR PURPOSE. You are solely responsible for determining the\n\
appropriateness of using or redistributing the Work and assume any\n\
risks associated with Your exercise of permissions under this License.\n\
\n\
8. Limitation of Liability. In no event and under no legal theory,\n\
whether in tort (including negligence), contract, or otherwise,\n\
unless required by applicable law (such as deliberate and grossly\n\
negligent acts) or agreed to in writing, shall any Contributor be\n\
liable to You for damages, including any direct, indirect, special,\n\
incidental, or consequential damages of any character arising as a\n\
result of this License or out of the use or inability to use the\n\
Work (including but not limited to damages for loss of goodwill,\n\
work stoppage, computer failure or malfunction, or any and all\n\
other commercial damages or losses), even if such Contributor\n\
has been advised of the possibility of such damages.\n\
\n\
9. Accepting Warranty or Additional Liability. While redistributing\n\
the Work or Derivative Works thereof, You may choose to offer,\n\
and charge a fee for, acceptance of support, warranty, indemnity,\n\
or other liability obligations and/or rights consistent with this\n\
License. However, in accepting such obligations, You may act only\n\
on Your own behalf and on Your sole responsibility, not on behalf\n\
of any other Contributor, and only if You agree to indemnify,\n\
defend, and hold each Contributor harmless for any liability\n\
incurred by, or claims asserted against, such Contributor by reason\n\
of your accepting any such warranty or additional liability.\n\
\n\
END OF TERMS AND CONDITIONS\n\
\n\
APPENDIX: How to apply the Apache License to your work.\n\
\n\
To apply the Apache License to your work, attach the following\n\
boilerplate notice, with the fields enclosed by brackets "[]"\n\
replaced with your own identifying information. (Don't include\n\
the brackets!) The text should be enclosed in the appropriate\n\
comment syntax for the file format. We also recommend that a\n\
file or class name and description of purpose be included on the\n\
same "printed page" as the copyright notice for easier\n\
identification within third-party archives.\n\
\n\
Copyright [yyyy] [name of copyright owner]\n\
\n\
Licensed under the Apache License, Version 2.0 (the "License");\n\
you may not use this file except in compliance with the License.\n\
You may obtain a copy of the License at\n\
\n\
http://www.apache.org/licenses/LICENSE-2.0\n\
\n\
Unless required by applicable law or agreed to in writing, software\n\
distributed under the License is distributed on an "AS IS" BASIS,\n\
WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.\n\
See the License for the specific language governing permissions and\n\
limitations under the License.\n
######################### copyright properties #################################
copyrightURL=TODO
copyright=\
Copyright (c) WSO2 Inc. (http://wso2.com)\n\
\n\
WSO2 Inc. Licensed under the Apache License, Version 2.0 (the "License");\n\
you may not use this file except in compliance with the License.\n\
You may obtain a copy of the License at\n\
\n\
http://www.apache.org/licenses/LICENSE-2.0\n\
\n\
Unless required by applicable law or agreed to in writing, software\n\
distributed under the License is distributed on an "AS IS" BASIS,\n\
WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.\n\
See the License for the specific language governing permissions and\n\
limitations under the License.\n