mirror of
https://repository.entgra.net/community/device-mgt-core.git
synced 2025-10-06 02:01:45 +00:00
Added scope validator and refactored code
This commit is contained in:
harshanl
parent
648d8ec209
commit
77f5f466d6
@ -55,7 +55,7 @@ public class Permission {
|
||||
return scope;
|
||||
}
|
||||
|
||||
@XmlElement(name = "scope", required = true)
|
||||
@XmlElement(name = "scope", required = false)
|
||||
public void setScope(String scope) {
|
||||
this.scope = scope;
|
||||
}
|
||||
|
||||
@ -17,6 +17,9 @@
|
||||
*/
|
||||
package org.wso2.carbon.device.mgt.common.permission.mgt;
|
||||
|
||||
/**
|
||||
* Custom exception class of Permission related operations.
|
||||
*/
|
||||
public class PermissionManagementException extends Exception {
|
||||
|
||||
private static final long serialVersionUID = -3151279311929070298L;
|
||||
|
||||
@ -26,7 +26,7 @@ import org.apache.commons.logging.Log;
|
||||
import org.apache.commons.logging.LogFactory;
|
||||
import org.wso2.carbon.device.mgt.common.permission.mgt.PermissionManagementException;
|
||||
import org.wso2.carbon.device.mgt.core.config.permission.PermissionConfiguration;
|
||||
import org.wso2.carbon.device.mgt.core.permission.mgt.RegistryBasedPermissionManagerServiceImpl;
|
||||
import org.wso2.carbon.device.mgt.core.permission.mgt.PermissionManagerServiceImpl;
|
||||
|
||||
import javax.servlet.ServletContext;
|
||||
import javax.xml.bind.JAXBContext;
|
||||
@ -35,6 +35,10 @@ import javax.xml.bind.Unmarshaller;
|
||||
import java.io.File;
|
||||
import java.io.InputStream;
|
||||
|
||||
/**
|
||||
* This listener class will initiate the permission addition of permissions defined in
|
||||
* permission.xml of any web-app.
|
||||
*/
|
||||
@SuppressWarnings("unused")
|
||||
public class WebAppDeploymentLifecycleListener implements LifecycleListener {
|
||||
|
||||
@ -56,7 +60,7 @@ public class WebAppDeploymentLifecycleListener implements LifecycleListener {
|
||||
unmarshaller.unmarshal(permissionStream);
|
||||
if (permissionConfiguration != null &&
|
||||
permissionConfiguration.getPermissions() != null) {
|
||||
RegistryBasedPermissionManagerServiceImpl.getInstance().addPermissions(
|
||||
PermissionManagerServiceImpl.getInstance().addPermissions(
|
||||
permissionConfiguration.getPermissions());
|
||||
}
|
||||
}
|
||||
|
||||
@ -45,7 +45,7 @@ import org.wso2.carbon.device.mgt.core.notification.mgt.NotificationManagementSe
|
||||
import org.wso2.carbon.device.mgt.core.notification.mgt.dao.NotificationManagementDAOFactory;
|
||||
import org.wso2.carbon.device.mgt.core.operation.mgt.OperationManagerImpl;
|
||||
import org.wso2.carbon.device.mgt.core.operation.mgt.dao.OperationManagementDAOFactory;
|
||||
import org.wso2.carbon.device.mgt.core.permission.mgt.RegistryBasedPermissionManagerServiceImpl;
|
||||
import org.wso2.carbon.device.mgt.core.permission.mgt.PermissionManagerServiceImpl;
|
||||
import org.wso2.carbon.device.mgt.core.service.DeviceManagementProviderService;
|
||||
import org.wso2.carbon.device.mgt.core.service.DeviceManagementProviderServiceImpl;
|
||||
import org.wso2.carbon.device.mgt.core.util.DeviceManagementSchemaInitializer;
|
||||
@ -191,7 +191,7 @@ public class DeviceManagementServiceComponent {
|
||||
|
||||
/* Registering PermissionManager Service */
|
||||
PermissionManagerService permissionManagerService
|
||||
= RegistryBasedPermissionManagerServiceImpl.getInstance();
|
||||
= PermissionManagerServiceImpl.getInstance();
|
||||
bundleContext.registerService(PermissionManagerService.class.getName(), permissionManagerService, null);
|
||||
|
||||
/* Registering App Management service */
|
||||
|
||||
@ -29,21 +29,21 @@ import java.util.Properties;
|
||||
* This class will add, update custom permissions defined in permission.xml in webapps and it will
|
||||
* use Registry as the persistence storage.
|
||||
*/
|
||||
public class RegistryBasedPermissionManagerServiceImpl implements PermissionManagerService {
|
||||
public class PermissionManagerServiceImpl implements PermissionManagerService {
|
||||
|
||||
public static final String URL_PROPERTY = "URL";
|
||||
public static final String HTTP_METHOD_PROPERTY = "HTTP_METHOD";
|
||||
private static RegistryBasedPermissionManagerServiceImpl registryBasedPermissionManager;
|
||||
private static PermissionManagerServiceImpl registryBasedPermissionManager;
|
||||
private static PermissionTree permissionTree; // holds the permissions at runtime.
|
||||
|
||||
private RegistryBasedPermissionManagerServiceImpl() {
|
||||
private PermissionManagerServiceImpl() {
|
||||
}
|
||||
|
||||
public static RegistryBasedPermissionManagerServiceImpl getInstance() {
|
||||
public static PermissionManagerServiceImpl getInstance() {
|
||||
if (registryBasedPermissionManager == null) {
|
||||
synchronized (RegistryBasedPermissionManagerServiceImpl.class) {
|
||||
synchronized (PermissionManagerServiceImpl.class) {
|
||||
if (registryBasedPermissionManager == null) {
|
||||
registryBasedPermissionManager = new RegistryBasedPermissionManagerServiceImpl();
|
||||
registryBasedPermissionManager = new PermissionManagerServiceImpl();
|
||||
permissionTree = new PermissionTree();
|
||||
}
|
||||
}
|
||||
@ -31,6 +31,7 @@ import org.wso2.carbon.registry.core.Registry;
|
||||
import javax.xml.parsers.DocumentBuilder;
|
||||
import javax.xml.parsers.DocumentBuilderFactory;
|
||||
import java.io.File;
|
||||
import java.util.StringTokenizer;
|
||||
|
||||
/**
|
||||
* Utility class which holds necessary utility methods required for persisting permissions in
|
||||
@ -71,12 +72,16 @@ public class PermissionUtils {
|
||||
throws PermissionManagementException {
|
||||
boolean status;
|
||||
try {
|
||||
Resource resource = PermissionUtils.getGovernanceRegistry().newCollection();
|
||||
resource.addProperty(PERMISSION_PROPERTY_NAME, permission.getName());
|
||||
PermissionUtils.getGovernanceRegistry().beginTransaction();
|
||||
PermissionUtils.getGovernanceRegistry().put(ADMIN_PERMISSION_REGISTRY_PATH +
|
||||
permission.getPath(), resource);
|
||||
PermissionUtils.getGovernanceRegistry().commitTransaction();
|
||||
StringTokenizer tokenizer = new StringTokenizer(permission.getPath(), "/");
|
||||
String lastToken = "", currentToken, tempPath;
|
||||
while(tokenizer.hasMoreTokens()){
|
||||
currentToken = tokenizer.nextToken();
|
||||
tempPath = lastToken + "/" + currentToken;
|
||||
if(!checkResourceExists(tempPath)){
|
||||
createRegistryCollection(tempPath, currentToken.substring(0));
|
||||
}
|
||||
lastToken = tempPath;
|
||||
}
|
||||
status = true;
|
||||
} catch (RegistryException e) {
|
||||
throw new PermissionManagementException(
|
||||
@ -86,10 +91,21 @@ public class PermissionUtils {
|
||||
return status;
|
||||
}
|
||||
|
||||
public static boolean checkPermissionExistence(Permission permission)
|
||||
public static void createRegistryCollection(String path, String resourceName)
|
||||
throws PermissionManagementException,
|
||||
RegistryException {
|
||||
Resource resource = PermissionUtils.getGovernanceRegistry().newCollection();
|
||||
resource.addProperty(PERMISSION_PROPERTY_NAME, resourceName);
|
||||
PermissionUtils.getGovernanceRegistry().beginTransaction();
|
||||
PermissionUtils.getGovernanceRegistry().put(ADMIN_PERMISSION_REGISTRY_PATH +
|
||||
path, resource);
|
||||
PermissionUtils.getGovernanceRegistry().commitTransaction();
|
||||
}
|
||||
|
||||
public static boolean checkResourceExists(String path)
|
||||
throws PermissionManagementException,
|
||||
org.wso2.carbon.registry.core.exceptions.RegistryException {
|
||||
return PermissionUtils.getGovernanceRegistry().resourceExists(permission.getPath());
|
||||
return PermissionUtils.getGovernanceRegistry().resourceExists(path);
|
||||
}
|
||||
|
||||
public static Document convertToDocument(File file) throws PermissionManagementException {
|
||||
|
||||
@ -123,8 +123,8 @@ public class DynamicRegistrationManager {
|
||||
//Check whether this is an already registered application
|
||||
if (!dynamicRegistrationManager.isRegisteredOAuthApplication(webAppName)) {
|
||||
//Construct the RegistrationProfile
|
||||
registrationProfile = DynamicClientWebAppRegistrationUtil
|
||||
.constructRegistrationProfile(servletContext, webAppName);
|
||||
registrationProfile = DynamicClientWebAppRegistrationUtil.
|
||||
constructRegistrationProfile(servletContext, webAppName);
|
||||
//Register the OAuth application
|
||||
oAuthApp = dynamicRegistrationManager.registerOAuthApplication(
|
||||
registrationProfile);
|
||||
|
||||
@ -1,63 +0,0 @@
|
||||
/*
|
||||
* Copyright (c) 2015, WSO2 Inc. (http://www.wso2.org) All Rights Reserved.
|
||||
*
|
||||
* WSO2 Inc. licenses this file to you under the Apache License,
|
||||
* Version 2.0 (the "License"); you may not use this file except
|
||||
* in compliance with the License.
|
||||
* you may obtain a copy of the License at
|
||||
*
|
||||
* http://www.apache.org/licenses/LICENSE-2.0
|
||||
*
|
||||
* Unless required by applicable law or agreed to in writing,
|
||||
* software distributed under the License is distributed on an
|
||||
* "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
|
||||
* KIND, either express or implied. See the License for the
|
||||
* specific language governing permissions and limitations
|
||||
* under the License.
|
||||
*/
|
||||
|
||||
package org.wso2.carbon.device.mgt.oauth.extensions;
|
||||
|
||||
import org.wso2.carbon.device.mgt.oauth.extensions.internal.OAuthExtensionsDataHolder;
|
||||
import org.wso2.carbon.user.api.AuthorizationManager;
|
||||
import org.wso2.carbon.user.api.UserStoreException;
|
||||
import org.wso2.carbon.user.api.UserStoreManager;
|
||||
import org.wso2.carbon.user.core.service.RealmService;
|
||||
|
||||
/**
|
||||
* Created by harshan on 10/2/15.
|
||||
*/
|
||||
public class OAuthExtensionsUtils {
|
||||
|
||||
public static void getRolePermissions(String role){
|
||||
RealmService realmService = OAuthExtensionsDataHolder.getInstance().getRealmService();
|
||||
try {
|
||||
int tenantId = realmService.getTenantManager().getTenantId("tenant-domain");
|
||||
AuthorizationManager
|
||||
authorizationManager = realmService.getTenantUserRealm(tenantId).getAuthorizationManager();
|
||||
// authorizationManager.is
|
||||
} catch (UserStoreException e) {
|
||||
e.printStackTrace();
|
||||
}
|
||||
}
|
||||
|
||||
public static void getUserPermissions(String userName){
|
||||
|
||||
}
|
||||
|
||||
public static String[] getUserRoles(String userName){
|
||||
RealmService realmService = OAuthExtensionsDataHolder.getInstance().getRealmService();
|
||||
try {
|
||||
int tenantId = realmService.getTenantManager().getTenantId("tenant-domain");
|
||||
UserStoreManager userStoreManager = realmService.getTenantUserRealm(tenantId).getUserStoreManager();
|
||||
return userStoreManager.getRoleListOfUser(userName);
|
||||
} catch (UserStoreException e) {
|
||||
e.printStackTrace();
|
||||
}
|
||||
return new String[0];
|
||||
}
|
||||
|
||||
public static void getScopePermissions(String scopeKey){
|
||||
|
||||
}
|
||||
}
|
||||
@ -27,7 +27,8 @@ import javax.security.auth.callback.UnsupportedCallbackException;
|
||||
import java.io.IOException;
|
||||
|
||||
/**
|
||||
* Created by harshan on 10/1/15.
|
||||
* This class represents a Custom OAuthCallback Handler implementation. This should be implemented
|
||||
* if there's any necessity of custom logic to authorize OAuthCallbacks.
|
||||
*/
|
||||
public class DeviceMgtOAuthCallbackHandler extends AbstractOAuthCallbackHandler {
|
||||
|
||||
@ -55,7 +56,7 @@ public class DeviceMgtOAuthCallbackHandler extends AbstractOAuthCallbackHandler
|
||||
String[] scopes = oauthCallback.getRequestedScope();
|
||||
oauthCallback.setApprovedScope(scopes);
|
||||
oauthCallback.setValidScope(true);
|
||||
//TODO Need to write the necessary logic to validate the scope
|
||||
//Add the necessary logic if we are doing the scope validation upon token issue
|
||||
}
|
||||
}
|
||||
|
||||
|
||||
@ -23,7 +23,7 @@ import org.wso2.carbon.identity.oauth2.OAuth2TokenValidationService;
|
||||
import org.wso2.carbon.user.core.service.RealmService;
|
||||
|
||||
/**
|
||||
* Created by harshan on 10/2/15.
|
||||
* This holds the OSGi service references required for oauth extensions bundle.
|
||||
*/
|
||||
public class OAuthExtensionsDataHolder {
|
||||
|
||||
|
||||
@ -1,37 +0,0 @@
|
||||
/*
|
||||
* Copyright (c) 2015, WSO2 Inc. (http://www.wso2.org) All Rights Reserved.
|
||||
*
|
||||
* WSO2 Inc. licenses this file to you under the Apache License,
|
||||
* Version 2.0 (the "License"); you may not use this file except
|
||||
* in compliance with the License.
|
||||
* you may obtain a copy of the License at
|
||||
*
|
||||
* http://www.apache.org/licenses/LICENSE-2.0
|
||||
*
|
||||
* Unless required by applicable law or agreed to in writing,
|
||||
* software distributed under the License is distributed on an
|
||||
* "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
|
||||
* KIND, either express or implied. See the License for the
|
||||
* specific language governing permissions and limitations
|
||||
* under the License.
|
||||
*/
|
||||
|
||||
package org.wso2.carbon.device.mgt.oauth.extensions.validators;
|
||||
|
||||
import org.wso2.carbon.identity.oauth2.IdentityOAuth2Exception;
|
||||
import org.wso2.carbon.identity.oauth2.validators.DefaultOAuth2TokenValidator;
|
||||
import org.wso2.carbon.identity.oauth2.validators.OAuth2TokenValidationMessageContext;
|
||||
|
||||
/**
|
||||
* OAuth2 Token validator implementation which supports custom token validation logic specific
|
||||
* to MDM.
|
||||
*/
|
||||
public class OAuth2TokenValidator extends DefaultOAuth2TokenValidator {
|
||||
|
||||
@Override
|
||||
public boolean validateAccessToken(
|
||||
OAuth2TokenValidationMessageContext validationReqDTO) throws IdentityOAuth2Exception {
|
||||
//for now there's no specific logic to handle in token validation
|
||||
return true;
|
||||
}
|
||||
}
|
||||
@ -28,12 +28,14 @@ import org.wso2.carbon.device.mgt.oauth.extensions.internal.OAuthExtensionsDataH
|
||||
import org.wso2.carbon.identity.oauth2.IdentityOAuth2Exception;
|
||||
import org.wso2.carbon.identity.oauth2.model.AccessTokenDO;
|
||||
import org.wso2.carbon.identity.oauth2.validators.OAuth2ScopeValidator;
|
||||
import org.wso2.carbon.user.api.UserRealm;
|
||||
import org.wso2.carbon.user.api.UserStoreException;
|
||||
|
||||
import java.util.Properties;
|
||||
|
||||
/**
|
||||
* Custom OAuth2Token Scope validation implementation.
|
||||
* Custom OAuth2Token Scope validation implementation for DeviceManagement. This will validate the
|
||||
* user permissions before dispatching the HTTP request to the actual endpoint.
|
||||
*/
|
||||
public class ScopeValidator extends OAuth2ScopeValidator {
|
||||
|
||||
@ -72,6 +74,11 @@ public class ScopeValidator extends OAuth2ScopeValidator {
|
||||
status = CarbonContext.getThreadLocalCarbonContext().getUserRealm().
|
||||
getAuthorizationManager().isUserAuthorized(username, permission.getPath(),
|
||||
ScopeValidator.PermissionMethod.READ);
|
||||
UserRealm userRealm = CarbonContext.getThreadLocalCarbonContext().getUserRealm();
|
||||
if(userRealm != null && userRealm.getAuthorizationManager() != null){
|
||||
status = userRealm.getAuthorizationManager().isUserAuthorized(username, permission.getPath(),
|
||||
ScopeValidator.PermissionMethod.READ);
|
||||
}
|
||||
|
||||
} catch (PermissionManagementException e) {
|
||||
log.error("Error occurred while validating the resource scope for : " + resource +
|
||||
|
||||
@ -30,6 +30,7 @@ import org.wso2.carbon.identity.base.IdentityException;
|
||||
import org.wso2.carbon.identity.core.util.IdentityUtil;
|
||||
import org.wso2.carbon.identity.oauth2.dto.OAuth2TokenValidationRequestDTO;
|
||||
import org.wso2.carbon.identity.oauth2.dto.OAuth2TokenValidationResponseDTO;
|
||||
import org.wso2.carbon.utils.multitenancy.MultitenantUtils;
|
||||
import org.wso2.carbon.webapp.authenticator.framework.AuthenticationException;
|
||||
import org.wso2.carbon.webapp.authenticator.framework.AuthenticationFrameworkUtil;
|
||||
import org.wso2.carbon.webapp.authenticator.framework.Constants;
|
||||
@ -122,6 +123,8 @@ public class OAuthAuthenticator implements WebappAuthenticator {
|
||||
PrivilegedCarbonContext.getThreadLocalCarbonContext().setTenantId(
|
||||
IdentityUtil.getTenantIdOFUser(username));
|
||||
PrivilegedCarbonContext.getThreadLocalCarbonContext().setUsername(username);
|
||||
PrivilegedCarbonContext.getThreadLocalCarbonContext().setTenantDomain(
|
||||
MultitenantUtils.getTenantDomain(username));
|
||||
} catch (IdentityException e) {
|
||||
throw new AuthenticationException(
|
||||
"Error occurred while retrieving the tenant ID of user '" +
|
||||
|
||||
@ -25,7 +25,7 @@ import org.apache.commons.logging.LogFactory;
|
||||
import org.wso2.carbon.context.CarbonContext;
|
||||
import org.wso2.carbon.device.mgt.common.permission.mgt.Permission;
|
||||
import org.wso2.carbon.device.mgt.common.permission.mgt.PermissionManagementException;
|
||||
import org.wso2.carbon.device.mgt.core.permission.mgt.RegistryBasedPermissionManagerServiceImpl;
|
||||
import org.wso2.carbon.device.mgt.core.permission.mgt.PermissionManagerServiceImpl;
|
||||
import org.wso2.carbon.user.api.UserStoreException;
|
||||
import org.wso2.carbon.webapp.authenticator.framework.Constants;
|
||||
import org.wso2.carbon.webapp.authenticator.framework.authenticator.WebappAuthenticator;
|
||||
@ -49,7 +49,8 @@ public class PermissionAuthorizer {
|
||||
return WebappAuthenticator.Status.CONTINUE;
|
||||
}
|
||||
|
||||
RegistryBasedPermissionManagerServiceImpl registryBasedPermissionManager = RegistryBasedPermissionManagerServiceImpl.getInstance();
|
||||
PermissionManagerServiceImpl
|
||||
registryBasedPermissionManager = PermissionManagerServiceImpl.getInstance();
|
||||
Properties properties = new Properties();
|
||||
properties.put("",requestUri);
|
||||
properties.put("",requestMethod);
|
||||
|
||||
Loading…
Reference in New Issue
Block a user