Fixes in JWT token generation and sync with upstream apim420 branch

components/analytics-mgt/grafana-mgt/io.entgra.device.mgt.core.analytics.mgt.grafana.proxy.api/pom.xml

@@ -22,7 +22,7 @@
     <parent>
         <groupId>io.entgra.device.mgt.core</groupId>
         <artifactId>grafana-mgt</artifactId>
-        <version>5.0.26-SNAPSHOT</version>
+        <version>5.0.27-SNAPSHOT</version>
         <relativePath>../pom.xml</relativePath>
     </parent>
 
@@ -295,7 +295,7 @@
         </dependency>
         <dependency>
             <groupId>org.powermock</groupId>
-            <artifactId>powermock-api-mockito</artifactId>
+            <artifactId>powermock-api-mockito2</artifactId>
             <scope>test</scope>
         </dependency>
         <dependency>

components/analytics-mgt/grafana-mgt/io.entgra.device.mgt.core.analytics.mgt.grafana.proxy.api/src/main/java/io/entgra/device/mgt/core/analytics/mgt/grafana/proxy/api/impl/GrafanaAPIProxyServiceImpl.java

@@ -22,6 +22,7 @@ import com.google.gson.JsonObject;
 import io.entgra.device.mgt.core.analytics.mgt.grafana.proxy.api.GrafanaAPIProxyService;
 import io.entgra.device.mgt.core.analytics.mgt.grafana.proxy.api.bean.ErrorResponse;
 import io.entgra.device.mgt.core.analytics.mgt.grafana.proxy.api.exception.RefererNotValid;
+import io.entgra.device.mgt.core.analytics.mgt.grafana.proxy.api.impl.util.GrafanaMgtAPIUtils;
 import io.entgra.device.mgt.core.analytics.mgt.grafana.proxy.api.impl.util.GrafanaRequestHandlerUtil;
 import io.entgra.device.mgt.core.analytics.mgt.grafana.proxy.common.exception.GrafanaManagementException;
 import io.entgra.device.mgt.core.analytics.mgt.grafana.proxy.core.bean.GrafanaPanelIdentifier;
@@ -49,8 +50,8 @@ public class GrafanaAPIProxyServiceImpl implements GrafanaAPIProxyService {
     public Response queryDatasource(JsonObject body, @Context HttpHeaders headers, @Context UriInfo requestUriInfo) {
         try {
             GrafanaPanelIdentifier panelIdentifier = GrafanaRequestHandlerUtil.getPanelIdentifier(headers);
-            GrafanaMgtDataHolder.getInstance().getGrafanaQueryService().
+            GrafanaMgtAPIUtils.getGrafanaQueryService().buildSafeQuery(body, panelIdentifier.getDashboardId(),
-                    buildSafeQuery(body,  panelIdentifier.getDashboardId(), panelIdentifier.getPanelId(), requestUriInfo.getRequestUri());
+                    panelIdentifier.getPanelId(), requestUriInfo.getRequestUri());
             return GrafanaRequestHandlerUtil.proxyPassPostRequest(body, requestUriInfo, panelIdentifier.getOrgId());
         } catch (MaliciousQueryAttempt e) {
             return Response.status(Response.Status.BAD_REQUEST).entity(

components/analytics-mgt/grafana-mgt/io.entgra.device.mgt.core.analytics.mgt.grafana.proxy.api/src/main/java/io/entgra/device/mgt/core/analytics/mgt/grafana/proxy/api/impl/util/GrafanaMgtAPIUtils.java

@@ -0,0 +1,52 @@
+/*
+ * Copyright (c) 2018 - 2023, Entgra (Pvt) Ltd. (http://www.entgra.io) All Rights Reserved.
+ *
+ * Entgra (Pvt) Ltd. licenses this file to you under the Apache License,
+ * Version 2.0 (the "License"); you may not use this file except
+ * in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ *    http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing,
+ * software distributed under the License is distributed on an
+ * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+ * KIND, either express or implied. See the License for the
+ * specific language governing permissions and limitations
+ * under the License.
+ */
+
+package io.entgra.device.mgt.core.analytics.mgt.grafana.proxy.api.impl.util;
+
+import io.entgra.device.mgt.core.analytics.mgt.grafana.proxy.core.service.GrafanaQueryService;
+import org.apache.commons.logging.Log;
+import org.apache.commons.logging.LogFactory;
+import org.wso2.carbon.context.PrivilegedCarbonContext;
+
+public class GrafanaMgtAPIUtils {
+
+    private static final Log log = LogFactory.getLog(GrafanaMgtAPIUtils.class);
+    private static volatile GrafanaQueryService grafanaQueryService;
+
+    /**
+     * Accessing GrafanaQueryService from OSGI service context
+     * @return GrafanaQueryService instance
+     */
+    public static GrafanaQueryService getGrafanaQueryService() {
+        if (grafanaQueryService == null) {
+            synchronized (GrafanaMgtAPIUtils.class) {
+                if (grafanaQueryService == null) {
+                    PrivilegedCarbonContext ctx = PrivilegedCarbonContext.getThreadLocalCarbonContext();
+                    grafanaQueryService =
+                            (GrafanaQueryService) ctx.getOSGiService(GrafanaQueryService.class, null);
+                    if (grafanaQueryService == null) {
+                        String msg = "Grafana Query service has not initialized.";
+                        log.error(msg);
+                        throw new IllegalStateException(msg);
+                    }
+                }
+            }
+        }
+        return grafanaQueryService;
+    }
+}

components/analytics-mgt/grafana-mgt/io.entgra.device.mgt.core.analytics.mgt.grafana.proxy.common/pom.xml

@@ -22,7 +22,7 @@
     <parent>
         <groupId>io.entgra.device.mgt.core</groupId>
         <artifactId>grafana-mgt</artifactId>
-        <version>5.0.26-SNAPSHOT</version>
+        <version>5.0.27-SNAPSHOT</version>
         <relativePath>../pom.xml</relativePath>
     </parent>
 

components/analytics-mgt/grafana-mgt/io.entgra.device.mgt.core.analytics.mgt.grafana.proxy.core/pom.xml

@@ -22,7 +22,7 @@
     <parent>
         <groupId>io.entgra.device.mgt.core</groupId>
         <artifactId>grafana-mgt</artifactId>
-        <version>5.0.26-SNAPSHOT</version>
+        <version>5.0.27-SNAPSHOT</version>
         <relativePath>../pom.xml</relativePath>
     </parent>
 
@@ -211,7 +211,7 @@
         </dependency>
         <dependency>
             <groupId>org.powermock</groupId>
-            <artifactId>powermock-api-mockito</artifactId>
+            <artifactId>powermock-api-mockito2</artifactId>
         </dependency>
         <dependency>
             <groupId>org.wso2.carbon</groupId>

components/analytics-mgt/grafana-mgt/pom.xml

@@ -22,7 +22,7 @@
     <parent>
         <groupId>io.entgra.device.mgt.core</groupId>
         <artifactId>analytics-mgt</artifactId>
-        <version>5.0.26-SNAPSHOT</version>
+        <version>5.0.27-SNAPSHOT</version>
         <relativePath>../pom.xml</relativePath>
     </parent>
 

components/analytics-mgt/pom.xml

@@ -21,7 +21,7 @@
     <parent>
         <artifactId>io.entgra.device.mgt.core.parent</artifactId>
         <groupId>io.entgra.device.mgt.core</groupId>
-        <version>5.0.26-SNAPSHOT</version>
+        <version>5.0.27-SNAPSHOT</version>
         <relativePath>../../pom.xml</relativePath>
     </parent>
 

components/apimgt-extensions/io.entgra.device.mgt.core.apimgt.analytics.extension/pom.xml

@@ -20,7 +20,7 @@
     <parent>
         <artifactId>apimgt-extensions</artifactId>
         <groupId>io.entgra.device.mgt.core</groupId>
-        <version>5.0.26-SNAPSHOT</version>
+        <version>5.0.27-SNAPSHOT</version>
     </parent>
 
     <modelVersion>4.0.0</modelVersion>

components/apimgt-extensions/io.entgra.device.mgt.core.apimgt.annotations/pom.xml

@@ -22,7 +22,7 @@
     <parent>
         <artifactId>apimgt-extensions</artifactId>
         <groupId>io.entgra.device.mgt.core</groupId>
-        <version>5.0.26-SNAPSHOT</version>
+        <version>5.0.27-SNAPSHOT</version>
         <relativePath>../pom.xml</relativePath>
     </parent>
 

components/apimgt-extensions/io.entgra.device.mgt.core.apimgt.application.extension.api/pom.xml

@@ -21,7 +21,7 @@
     <parent>
         <artifactId>apimgt-extensions</artifactId>
         <groupId>io.entgra.device.mgt.core</groupId>
-        <version>5.0.26-SNAPSHOT</version>
+        <version>5.0.27-SNAPSHOT</version>
         <relativePath>../pom.xml</relativePath>
     </parent>
 

components/apimgt-extensions/io.entgra.device.mgt.core.apimgt.application.extension/pom.xml

@@ -22,7 +22,7 @@
     <parent>
         <artifactId>apimgt-extensions</artifactId>
         <groupId>io.entgra.device.mgt.core</groupId>
-        <version>5.0.26-SNAPSHOT</version>
+        <version>5.0.27-SNAPSHOT</version>
         <relativePath>../pom.xml</relativePath>
     </parent>
 
@@ -143,6 +143,14 @@
                             org.wso2.carbon.apimgt.impl;version="[9.28,10)",
                             org.wso2.carbon.apimgt.impl.utils;version="[9.28,10)",
                             org.wso2.carbon.context;version="[4.8,5)",
+                            org.wso2.carbon.apimgt.impl;version="${carbon.api.mgt.version.range}",
+                            org.wso2.carbon.apimgt.impl.utils;version="${carbon.api.mgt.version.range}",
+                            org.wso2.carbon.context;version="${carbon.kernel.version.range}",
+                            io.entgra.device.mgt.core.identity.jwt.client.extension,
+                            io.entgra.device.mgt.core.identity.jwt.client.extension.dto,
+                            io.entgra.device.mgt.core.identity.jwt.client.extension.exception,
+                            io.entgra.device.mgt.core.identity.jwt.client.extension.service,
+                            io.entgra.device.mgt.core.apimgt.extension.rest.api,
                             org.wso2.carbon.registry.core.exceptions;version="[1.0,2)",
                             org.wso2.carbon.registry.core.service;version="[1.0,2)",
                             org.wso2.carbon.registry.indexing.service;version="[4.8,5)",

components/apimgt-extensions/io.entgra.device.mgt.core.apimgt.application.extension/src/main/java/io/entgra/device/mgt/core/apimgt/application/extension/APIManagementProviderServiceImpl.java

@@ -41,16 +41,19 @@ import io.entgra.device.mgt.core.apimgt.extension.rest.api.bean.APIMConsumer.App
 import io.entgra.device.mgt.core.apimgt.extension.rest.api.bean.APIMConsumer.Subscription;
 import io.entgra.device.mgt.core.apimgt.extension.rest.api.dto.APIApplicationKey;
 import io.entgra.device.mgt.core.apimgt.extension.rest.api.dto.ApiApplicationInfo;
+import io.entgra.device.mgt.core.apimgt.extension.rest.api.bean.RegistrationProfile;
 import io.entgra.device.mgt.core.apimgt.extension.rest.api.exceptions.APIServicesException;
 import io.entgra.device.mgt.core.apimgt.extension.rest.api.exceptions.BadRequestException;
 import io.entgra.device.mgt.core.apimgt.extension.rest.api.exceptions.UnexpectedResponseException;
 import org.apache.commons.lang.StringUtils;
 import org.apache.commons.logging.Log;
 import org.apache.commons.logging.LogFactory;
+import org.eclipse.jetty.http.MetaData;
 import org.wso2.carbon.apimgt.api.APIAdmin;
 import org.wso2.carbon.apimgt.api.APIConsumer;
 import org.wso2.carbon.apimgt.api.APIManagementException;
 import org.wso2.carbon.apimgt.api.dto.KeyManagerConfigurationDTO;
+import org.wso2.carbon.apimgt.api.model.*;
 import org.wso2.carbon.apimgt.api.model.API;
 import org.wso2.carbon.apimgt.api.model.APIKey;
 import org.wso2.carbon.apimgt.api.model.ApiTypeWrapper;
@@ -119,6 +122,108 @@ public class APIManagementProviderServiceImpl implements APIManagementProviderSe
         return generateAndRetrieveApplicationKeys(applicationName, tags ,keyType, isAllowedAllDomains, validityTime, tokenInfo);
     }
 
+    @Override
+    public synchronized ApiApplicationKey generateAndRetrieveApplicationKeys(String applicationName, String tags[],
+                                                                             String keyType, String username,
+                                                                             boolean isAllowedAllDomains,
+                                                                             String validityTime, String password) throws APIManagerException {
+
+        APIApplicationServices apiApplicationServices = APIApplicationManagerExtensionDataHolder.getInstance().getApiApplicationServices();
+
+        ConsumerRESTAPIServices consumerRESTAPIServices =
+                APIApplicationManagerExtensionDataHolder.getInstance().getConsumerRESTAPIServices();
+
+        try {
+            io.entgra.device.mgt.core.apimgt.extension.rest.api.bean.APIMConsumer.Application[] applications =
+                    consumerRESTAPIServices.getAllApplications(null, null, applicationName);
+
+            List<APIInfo> uniqueApiList = new ArrayList<>();
+
+            String tenantDomain = PrivilegedCarbonContext.getThreadLocalCarbonContext().getTenantDomain(true);
+
+            for (String tag : tags) {
+                Map<String, String> queryParams = new HashMap<>();
+                queryParams.put("tag", tag);
+                if ("carbon.super".equals(tenantDomain)) {
+                    consumerRESTAPIServices.getAllApis(null, null, queryParams);
+                } else {
+                    //call All API getting call with carbon super header param
+                APIInfo[] apiInfos;
+                if (!"carbon.super".equals(tenantDomain)) {
+                    headerParams.put("X-WSO2-Tenant", "carbon.super");
+                }
+                apiInfos = consumerRESTAPIServices.getAllApis(null, null, queryParams, headerParams);
+
+                uniqueApiList.addAll(List.of(apiInfos));
+                Set<APIInfo> taggedAPISet = new HashSet<>(uniqueApiList);
+                uniqueApiList.clear();
+                uniqueApiList.addAll(taggedAPISet);
+            }
+
+            if (applications.length == 0) {
+                io.entgra.device.mgt.core.apimgt.extension.rest.api.bean.APIMConsumer.Application application =
+                        new io.entgra.device.mgt.core.apimgt.extension.rest.api.bean.APIMConsumer.Application();
+
+                application.setName(applicationName);
+                application = consumerRESTAPIServices.createApplication(null, null, application);
+                List<Subscription> subscriptions = new ArrayList<>();
+                for (APIInfo apiInfo : uniqueApiList) {
+                    Subscription subscription = new Subscription();
+                    subscription.setApiId(apiInfo.getId());
+                    subscription.setApplicationId(application.getApplicationId());
+                    subscriptions.add(subscription);
+                }
+                consumerRESTAPIServices.createSubscriptions(null, null, subscriptions);
+            } else {
+                if (applications.length == 1) {
+                    Optional<io.entgra.device.mgt.core.apimgt.extension.rest.api.bean.APIMConsumer.Application> application =
+                            Arrays.stream(applications).findFirst();
+                    Subscription[] subscriptions = consumerRESTAPIServices.getAllSubscriptions(null, null,
+                            application.get().getApplicationId());
+                    for (Subscription subscription : subscriptions) {
+                        if (uniqueApiList.contains(subscription.getApiInfo())) {
+                            uniqueApiList.remove(subscription.getApiInfo());
+                        } else {
+                            uniqueApiList.add(subscription.getApiInfo());
+                        }
+                    }
+
+
+                    //duplicate code block
+                    List<Subscription> subscriptionList = new ArrayList<>();
+                    for (APIInfo apiInfo : uniqueApiList) {
+                        Subscription subscription = new Subscription();
+                        subscription.setApiId(apiInfo.getId());
+                        subscription.setApplicationId(application.get().getApplicationId());
+                        subscriptionList.add(subscription);
+                    }
+                    consumerRESTAPIServices.createSubscriptions(null, null, subscriptionList);
+                } else {
+                    String msg = "Found more than one application for application name: " + applicationName;
+                    log.error(msg);
+                    throw new APIManagerException(msg);
+                }
+
+            }
+
+
+        } catch (APIServicesException e) {
+            e.printStackTrace();
+        } catch (BadRequestException e) {
+            e.printStackTrace();
+        } catch (UnexpectedResponseException e) {
+            e.printStackTrace();
+        }
+
+        return null;
+
+
+    }
+
+
+    /**
+     * {@inheritDoc}
+     */
     @Override
     public synchronized ApiApplicationKey generateAndRetrieveApplicationKeys(String applicationName, String[] tags,
                                                                              String keyType, String username,
@@ -139,9 +244,11 @@ public class APIManagementProviderServiceImpl implements APIManagementProviderSe
                                                                  boolean isAllowedAllDomains,
                                                                  String validityTime, TokenInfo tokenInfo) throws APIManagerException {
 
+
         ConsumerRESTAPIServices consumerRESTAPIServices =
                 APIApplicationManagerExtensionDataHolder.getInstance().getConsumerRESTAPIServices();
 
+        ApiApplicationInfo applicationInfo = getApplicationInfo(username, password);
         try {
             List<APIInfo> uniqueApiList = new ArrayList<>();
 
@@ -208,6 +315,50 @@ public class APIManagementProviderServiceImpl implements APIManagementProviderSe
                     throw new APIManagerException(msg);
                 }
             }
+
+            MetadataManagementService metadataManagementService = APIApplicationManagerExtensionDataHolder.getInstance().getMetadataManagementService();
+            if (isNewApplication) {
+                ApplicationKey applicationKey = consumerRESTAPIServices.generateApplicationKeys(applicationInfo, application);
+                ApiApplicationKey apiApplicationKey = new ApiApplicationKey();
+                apiApplicationKey.setConsumerKey(applicationKey.getConsumerKey());
+                apiApplicationKey.setConsumerSecret(applicationKey.getConsumerSecret());
+
+                Metadata metaData = new Metadata();
+                metaData.setMetaKey(applicationName);
+                String metaValue = application.getApplicationId() + ":" + applicationKey.getKeyMappingId();
+                metaData.setMetaValue(metaValue);
+                try {
+                    metadataManagementService.createMetadata(metaData);
+                    return apiApplicationKey;
+                } catch (MetadataManagementException e) {
+                    String msg = "Error occurred while creating the meta data entry for mata key: " + applicationName;
+                    log.error(msg, e);
+                    throw new APIManagerException(msg, e);
+                } catch (MetadataKeyAlreadyExistsException e) {
+                    String msg = "Found duplicate meta value entry for meta key: " + applicationName;
+                    log.error(msg, e);
+                    throw new APIManagerException(msg, e);
+                }
+            } else {
+                try {
+                    Metadata metaData = metadataManagementService.retrieveMetadata(applicationName);
+                    if (metaData == null) {
+                        String msg =
+                                "Couldn't find application key data from meta data mgt service. Meta key: " + applicationName;
+                        log.error(msg);
+                        throw new APIManagerException(msg);
+                    }
+                    String[] metaValues = metaData.getMetaValue().split(":");
+                    String applicationId = metaValues[0];
+                    String keyMappingId = metaValues[1];
+                    //todo call the API key retrieving call,                     return apiApplicationKey;
+                } catch (MetadataManagementException e) {
+                    String msg = "Error occurred while getting meta data for meta key: " + applicationName;
+                    log.error(msg, e);
+                    throw new APIManagerException(msg, e);
+                }
+                return null;
+            }
         } catch (APIServicesException e) {
             String msg = "Error occurred while processing the response of APIM REST endpoints.";
             log.error(msg, e);
@@ -649,9 +800,14 @@ public class APIManagementProviderServiceImpl implements APIManagementProviderSe
         io.entgra.device.mgt.core.apimgt.extension.rest.api.dto.AccessTokenInfo accessTokenInfo;
         try {
             if (username == null || password == null) {
-                apiApplicationKey = apiApplicationServices.createAndRetrieveApplicationCredentials();
+                apiApplicationKey = apiApplicationServices.createAndRetrieveApplicationCredentials(
+                        "ClientForConsumerRestCalls",
+                        "client_credentials password refresh_token urn:ietf:params:oauth:grant-type:jwt-bearer");
             } else {
-                apiApplicationKey = apiApplicationServices.generateAndRetrieveApplicationKeys(username, password);
+                apiApplicationKey = apiApplicationServices.generateAndRetrieveApplicationKeys(
+                        "ClientForConsumerRestCalls",
+                        username, password,
+                        "client_credentials password refresh_token urn:ietf:params:oauth:grant-type:jwt-bearer");
             }
             accessTokenInfo = apiApplicationServices.generateAccessTokenFromRegisteredApplication(
                     apiApplicationKey.getClientId(), apiApplicationKey.getClientSecret());

components/apimgt-extensions/io.entgra.device.mgt.core.apimgt.application.extension/src/main/java/io/entgra/device/mgt/core/apimgt/application/extension/internal/APIApplicationManagerExtensionDataHolder.java

@@ -41,7 +41,6 @@ public class APIApplicationManagerExtensionDataHolder {
     private ConsumerRESTAPIServices consumerRESTAPIServices;
     private APIApplicationServices apiApplicationServices;
     private MetadataManagementService metadataManagementService;
-
     private APIApplicationManagerExtensionDataHolder() {
     }
 
@@ -68,17 +67,18 @@ public class APIApplicationManagerExtensionDataHolder {
 
     public void setRealmService(RealmService realmService) {
         this.realmService = realmService;
-        this.setTenantManager(realmService);
+        setTenantManager(realmService != null ?
+                realmService.getTenantManager() : null);
     }
 
-    private void setTenantManager(RealmService realmService) {
+    private void setTenantManager(TenantManager tenantManager) {
-        if (realmService == null) {
+        this.tenantManager = tenantManager;
-            throw new IllegalStateException("Realm service is not initialized properly");
-        }
-        this.tenantManager = realmService.getTenantManager();
     }
 
     public TenantManager getTenantManager() {
+        if (tenantManager == null) {
+            throw new IllegalStateException("Tenant manager is not initialized properly");
+        }
         return tenantManager;
     }
 

components/apimgt-extensions/io.entgra.device.mgt.core.apimgt.application.extension/src/main/java/io/entgra/device/mgt/core/apimgt/application/extension/internal/APIApplicationManagerExtensionServiceComponent.java

@@ -34,6 +34,40 @@ import org.wso2.carbon.user.core.service.RealmService;
 @Component(
         name = "io.entgra.device.mgt.core.apimgt.application.extension.internal.APIApplicationManagerExtensionServiceComponent",
         immediate = true)
+/**
+ * @scr.component name="io.entgra.device.mgt.core.apimgt.application.extension.internal.APIApplicationManagerExtensionServiceComponent"
+ * @scr.reference name="tenant.registryloader"
+ * interface="org.wso2.carbon.registry.core.service.TenantRegistryLoader"
+ * cardinality="1..1"
+ * policy="dynamic"
+ * bind="setTenantRegistryLoader"
+ * unbind="unsetTenantRegistryLoader"
+ * @scr.reference name="tenant.indexloader"
+ * interface="org.wso2.carbon.registry.indexing.service.TenantIndexingLoader"
+ * cardinality="1..1"
+ * policy="dynamic"
+ * bind="setIndexLoader"
+ * unbind="unsetIndexLoader"
+ * @scr.reference name="realm.service"
+ * immediate="true"
+ * interface="org.wso2.carbon.user.core.service.RealmService"
+ * cardinality="1..1"
+ * policy="dynamic"
+ * bind="setRealmService"
+ * unbind="unsetRealmService"
+ * @scr.reference name="apimgt.extension.ConsumerRESTAPIServices"
+ * interface="io.entgra.device.mgt.core.apimgt.extension.rest.api.ConsumerRESTAPIServices"
+ * cardinality="0..1"
+ * policy="dynamic"
+ * bind="setConsumerRESTAPIServices"
+ * unbind="unsetConsumerRESTAPIServices"
+ * @scr.reference name="apimgt.extension.APIApplicationService"
+ * interface="io.entgra.device.mgt.core.apimgt.extension.rest.api.APIApplicationServices"
+ * cardinality="0..1"
+ * policy="dynamic"
+ * bind="setAPIApplicationServices"
+ * unbind="unsetAPIApplicationServices"
+ */
 public class APIApplicationManagerExtensionServiceComponent {
 
     private static final Log log = LogFactory.getLog(APIApplicationManagerExtensionServiceComponent.class);

components/apimgt-extensions/io.entgra.device.mgt.core.apimgt.extension.rest.api/pom.xml

@@ -22,7 +22,7 @@
     <parent>
         <artifactId>apimgt-extensions</artifactId>
         <groupId>io.entgra.device.mgt.core</groupId>
-        <version>5.0.26-SNAPSHOT</version>
+        <version>5.0.27-SNAPSHOT</version>
         <relativePath>../pom.xml</relativePath>
     </parent>
 

components/apimgt-extensions/io.entgra.device.mgt.core.apimgt.extension.rest.api/src/main/java/io/entgra/device/mgt/core/apimgt/extension/rest/api/APIApplicationServices.java

@@ -24,9 +24,10 @@ import io.entgra.device.mgt.core.apimgt.extension.rest.api.exceptions.APIService
 
 public interface APIApplicationServices {
 
-    APIApplicationKey createAndRetrieveApplicationCredentials() throws APIServicesException;
+    APIApplicationKey createAndRetrieveApplicationCredentials(String clientName, String grantType)
+            throws APIServicesException;
 
-    APIApplicationKey generateAndRetrieveApplicationKeys(String username, String password)
+    APIApplicationKey generateAndRetrieveApplicationKeys(String clientName, String username, String password, String grantType)
             throws APIServicesException;
 
     AccessTokenInfo generateAccessTokenFromRegisteredApplication(String clientId, String clientSecret) throws APIServicesException;

components/apimgt-extensions/io.entgra.device.mgt.core.apimgt.extension.rest.api/src/main/java/io/entgra/device/mgt/core/apimgt/extension/rest/api/APIApplicationServicesImpl.java

@@ -44,7 +44,7 @@ public class APIApplicationServicesImpl implements APIApplicationServices {
             getAPIManagerConfigurationService().getAPIManagerConfiguration();
 
     @Override
-    public APIApplicationKey createAndRetrieveApplicationCredentials()
+    public APIApplicationKey createAndRetrieveApplicationCredentials(String clientName, String grantType)
             throws APIServicesException {
 
         String applicationEndpoint = config.getFirstProperty(Constants.DCR_END_POINT);
@@ -53,8 +53,8 @@ public class APIApplicationServicesImpl implements APIApplicationServices {
 
         JSONObject jsonObject = new JSONObject();
         jsonObject.put("callbackUrl", Constants.EMPTY_STRING);
-        jsonObject.put("clientName", Constants.CLIENT_NAME);
+        jsonObject.put("clientName", clientName);
-        jsonObject.put("grantType", Constants.GRANT_TYPE);
+        jsonObject.put("grantType", grantType);
         jsonObject.put("owner", serverUser);
         jsonObject.put("saasApp", true);
 
@@ -75,15 +75,15 @@ public class APIApplicationServicesImpl implements APIApplicationServices {
     }
 
     @Override
-    public APIApplicationKey generateAndRetrieveApplicationKeys(String username, String password)
+    public APIApplicationKey generateAndRetrieveApplicationKeys(String clientName, String username, String password, String grantType)
             throws APIServicesException {
 
         String applicationEndpoint = config.getFirstProperty(Constants.DCR_END_POINT);
 
         JSONObject jsonObject = new JSONObject();
         jsonObject.put("callbackUrl", Constants.EMPTY_STRING);
-        jsonObject.put("clientName", username);
+        jsonObject.put("clientName", clientName);
-        jsonObject.put("grantType", Constants.GRANT_TYPE);
+        jsonObject.put("grantType", grantType);
         jsonObject.put("owner", username);
         jsonObject.put("saasApp", true);
 

components/apimgt-extensions/io.entgra.device.mgt.core.apimgt.extension.rest.api/src/main/java/io/entgra/device/mgt/core/apimgt/extension/rest/api/ConsumerRESTAPIServices.java

@@ -23,6 +23,8 @@ import io.entgra.device.mgt.core.apimgt.extension.rest.api.dto.TokenInfo;
 import io.entgra.device.mgt.core.apimgt.extension.rest.api.exceptions.APIServicesException;
 import io.entgra.device.mgt.core.apimgt.extension.rest.api.exceptions.BadRequestException;
 import io.entgra.device.mgt.core.apimgt.extension.rest.api.exceptions.UnexpectedResponseException;
+import io.entgra.device.mgt.core.apimgt.extension.rest.api.bean.APIMConsumer.Application;
+import io.entgra.device.mgt.core.apimgt.extension.rest.api.bean.APIMConsumer.Subscription;
 
 import java.util.List;
 import java.util.Map;

components/apimgt-extensions/io.entgra.device.mgt.core.apimgt.extension.rest.api/src/main/java/io/entgra/device/mgt/core/apimgt/extension/rest/api/ConsumerRESTAPIServicesImpl.java

@@ -24,6 +24,10 @@ import io.entgra.device.mgt.core.apimgt.extension.rest.api.constants.Constants;
 import io.entgra.device.mgt.core.apimgt.extension.rest.api.dto.AccessTokenInfo;
 import io.entgra.device.mgt.core.apimgt.extension.rest.api.dto.ApiApplicationInfo;
 import io.entgra.device.mgt.core.apimgt.extension.rest.api.dto.TokenInfo;
+import io.entgra.device.mgt.core.apimgt.extension.rest.api.bean.APIMConsumer.APIKey;
+import io.entgra.device.mgt.core.apimgt.extension.rest.api.bean.APIMConsumer.Application;
+import io.entgra.device.mgt.core.apimgt.extension.rest.api.bean.APIMConsumer.Subscription;
+import io.entgra.device.mgt.core.apimgt.extension.rest.api.dto.APIApplicationKey;
 import io.entgra.device.mgt.core.apimgt.extension.rest.api.exceptions.APIServicesException;
 import io.entgra.device.mgt.core.apimgt.extension.rest.api.exceptions.BadRequestException;
 import io.entgra.device.mgt.core.apimgt.extension.rest.api.exceptions.UnexpectedResponseException;

components/apimgt-extensions/io.entgra.device.mgt.core.apimgt.extension.rest.api/src/main/java/io/entgra/device/mgt/core/apimgt/extension/rest/api/bean/APIMConsumer/Subscription.java

@@ -18,8 +18,6 @@
 
 package io.entgra.device.mgt.core.apimgt.extension.rest.api.bean.APIMConsumer;
 
-import org.json.JSONObject;
-
 public class Subscription {
 
     private String subscriptionId;

components/apimgt-extensions/io.entgra.device.mgt.core.apimgt.extension.rest.api/src/main/java/io/entgra/device/mgt/core/apimgt/extension/rest/api/constants/Constants.java

@@ -27,10 +27,8 @@ public final class Constants {
     public static final String AMPERSAND = "&";
     public static final String SLASH = "/";
     public static final String EQUAL = "=";
-    public static final String CLIENT_NAME = "rest_api_publisher_code";
     public static final String SERVER_USER = "WorkflowConfigurations.ServerUser";
     public static final String SERVER_PASSWORD = "WorkflowConfigurations.ServerPassword";
-    public static final String GRANT_TYPE = "client_credentials password refresh_token";
     public static final String REFRESH_TOKEN_GRANT_TYPE_PARAM_NAME = "refresh_token";
     public static final String OAUTH_EXPIRES_IN = "expires_in";
     public static final String OAUTH_TOKEN_SCOPE = "scope";

components/apimgt-extensions/io.entgra.device.mgt.core.apimgt.keymgt.extension.api/pom.xml

@@ -21,7 +21,7 @@
     <parent>
         <artifactId>apimgt-extensions</artifactId>
         <groupId>io.entgra.device.mgt.core</groupId>
-        <version>5.0.26-SNAPSHOT</version>
+        <version>5.0.27-SNAPSHOT</version>
     </parent>
 
     <modelVersion>4.0.0</modelVersion>

components/apimgt-extensions/io.entgra.device.mgt.core.apimgt.keymgt.extension/pom.xml

@@ -21,7 +21,7 @@
     <parent>
         <artifactId>apimgt-extensions</artifactId>
         <groupId>io.entgra.device.mgt.core</groupId>
-        <version>5.0.26-SNAPSHOT</version>
+        <version>5.0.27-SNAPSHOT</version>
         <relativePath>../pom.xml</relativePath>
     </parent>
 

components/apimgt-extensions/io.entgra.device.mgt.core.apimgt.keymgt.extension/src/main/java/io/entgra/device/mgt/core/apimgt/keymgt/extension/service/KeyMgtServiceImpl.java

@@ -344,7 +344,7 @@ public class KeyMgtServiceImpl implements KeyMgtService {
             Response response = client.newCall(request).execute();
             return gson.fromJson(response.body().string(), OAuthApplication.class);
         } catch (IOException e) {
-            msg = "Error occurred while processing the response";
+            msg = "Error occurred while processing the response" + e;
             throw new KeyMgtException(msg);
         }
     }

components/apimgt-extensions/io.entgra.device.mgt.core.apimgt.webapp.publisher/pom.xml

@@ -22,7 +22,7 @@
     <parent>
         <artifactId>apimgt-extensions</artifactId>
         <groupId>io.entgra.device.mgt.core</groupId>
-        <version>5.0.26-SNAPSHOT</version>
+        <version>5.0.27-SNAPSHOT</version>
         <relativePath>../pom.xml</relativePath>
     </parent>
 
@@ -41,7 +41,7 @@
         </dependency>
         <dependency>
             <groupId>org.powermock</groupId>
-            <artifactId>powermock-api-mockito</artifactId>
+            <artifactId>powermock-api-mockito2</artifactId>
             <scope>test</scope>
         </dependency>
         <dependency>

components/apimgt-extensions/io.entgra.device.mgt.core.apimgt.webapp.publisher/src/main/java/io/entgra/device/mgt/core/apimgt/webapp/publisher/APIPublisherServiceImpl.java

@@ -90,7 +90,10 @@ public class APIPublisherServiceImpl implements APIPublisherService {
         APIApplicationKey apiApplicationKey;
         AccessTokenInfo accessTokenInfo;
         try {
-            apiApplicationKey = apiApplicationServices.createAndRetrieveApplicationCredentials();
+            apiApplicationKey = apiApplicationServices.createAndRetrieveApplicationCredentials(
+                    "ClientForPublisherRestCalls",
+                    "client_credentials password refresh_token"
+            );
             accessTokenInfo = apiApplicationServices.generateAccessTokenFromRegisteredApplication(
                     apiApplicationKey.getClientId(), apiApplicationKey.getClientSecret());
         } catch (APIServicesException e) {
@@ -403,7 +406,10 @@ public class APIPublisherServiceImpl implements APIPublisherService {
         APIApplicationKey apiApplicationKey;
         AccessTokenInfo accessTokenInfo;
         try {
-            apiApplicationKey = apiApplicationServices.createAndRetrieveApplicationCredentials();
+            apiApplicationKey = apiApplicationServices.createAndRetrieveApplicationCredentials(
+                    "ClientForPublisherRestCalls",
+                    "client_credentials password refresh_token"
+            );
             accessTokenInfo = apiApplicationServices.generateAccessTokenFromRegisteredApplication(
                     apiApplicationKey.getClientId(), apiApplicationKey.getClientSecret());
         } catch (APIServicesException e) {

components/apimgt-extensions/io.entgra.device.mgt.core.apimgt.webapp.publisher/src/main/java/io/entgra/device/mgt/core/apimgt/webapp/publisher/internal/APIPublisherDataHolder.java

@@ -75,17 +75,18 @@ public class APIPublisherDataHolder {
 
     public void setRealmService(RealmService realmService) {
         this.realmService = realmService;
-        this.setTenantManager(realmService);
+        setTenantManager(realmService != null ?
+                realmService.getTenantManager() : null);
     }
 
-    private void setTenantManager(RealmService realmService) {
+    private void setTenantManager(TenantManager tenantManager) {
-        if (realmService == null) {
+        this.tenantManager = tenantManager;
-            throw new IllegalStateException("Realm service is not initialized properly");
-        }
-        this.tenantManager = realmService.getTenantManager();
     }
 
     public TenantManager getTenantManager() {
+        if (tenantManager == null) {
+            throw new IllegalStateException("Tenant manager is not initialized properly");
+        }
         return tenantManager;
     }
 

components/apimgt-extensions/pom.xml

@@ -22,7 +22,7 @@
     <parent>
         <groupId>io.entgra.device.mgt.core</groupId>
         <artifactId>io.entgra.device.mgt.core.parent</artifactId>
-        <version>5.0.26-SNAPSHOT</version>
+        <version>5.0.27-SNAPSHOT</version>
         <relativePath>../../pom.xml</relativePath>
     </parent>
 

components/application-mgt/io.entgra.device.mgt.core.application.mgt.common/pom.xml

@@ -21,7 +21,7 @@
     <parent>
         <groupId>io.entgra.device.mgt.core</groupId>
         <artifactId>application-mgt</artifactId>
-        <version>5.0.26-SNAPSHOT</version>
+        <version>5.0.27-SNAPSHOT</version>
         <relativePath>../pom.xml</relativePath>
     </parent>
 

components/application-mgt/io.entgra.device.mgt.core.application.mgt.common/src/main/java/io/entgra/device/mgt/core/application/mgt/common/services/ApplicationManager.java

@@ -29,6 +29,11 @@ import io.entgra.device.mgt.core.application.mgt.common.response.Category;
 import io.entgra.device.mgt.core.application.mgt.common.response.Tag;
 import io.entgra.device.mgt.core.application.mgt.common.wrapper.*;
 import io.entgra.device.mgt.core.device.mgt.common.Base64File;
+<<<<<<< HEAD
+=======
+import io.entgra.device.mgt.core.application.mgt.common.dto.ApplicationDTO;
+import io.entgra.device.mgt.core.device.mgt.common.exceptions.MetadataManagementException;
+>>>>>>> 3616245ae6 (Improve app visibility restricting functionality)
 import org.apache.cxf.jaxrs.ext.multipart.Attachment;
 
 import java.util.List;

components/application-mgt/io.entgra.device.mgt.core.application.mgt.core/pom.xml

@@ -21,7 +21,7 @@
     <parent>
         <groupId>io.entgra.device.mgt.core</groupId>
         <artifactId>application-mgt</artifactId>
-        <version>5.0.26-SNAPSHOT</version>
+        <version>5.0.27-SNAPSHOT</version>
         <relativePath>../pom.xml</relativePath>
     </parent>
 
@@ -153,6 +153,10 @@
                 <groupId>org.apache.maven.plugins</groupId>
                 <artifactId>maven-surefire-plugin</artifactId>
                 <configuration>
+                    <argLine>
+                        --add-opens=java.xml/jdk.xml.internal=ALL-UNNAMED
+                        --add-opens=java.base/jdk.internal.loader=ALL-UNNAMED
+                    </argLine>
                     <suiteXmlFiles>
                         <suiteXmlFile>src/test/resources/testng.xml</suiteXmlFile>
                     </suiteXmlFiles>
@@ -160,6 +164,9 @@
                         <jacoco-agent.destfile>${basedir}/target/coverage-reports/jacoco-unit.exec</jacoco-agent.destfile>
                         <log4j.configuration>file:src/test/resources/log4j.properties</log4j.configuration>
                     </systemPropertyVariables>
+                    <classpathDependencyExcludes>
+                        <classpathDependencyExclude>org.ops4j.pax.logging</classpathDependencyExclude>
+                    </classpathDependencyExcludes>
                 </configuration>
             </plugin>
         </plugins>
@@ -404,6 +411,10 @@
             <artifactId>org.wso2.carbon.ntask.core</artifactId>
             <scope>provided</scope>
         </dependency>
+        <dependency>
+            <groupId>io.entgra.device.mgt.core</groupId>
+            <artifactId>io.entgra.device.mgt.core.notification.logger</artifactId>
+        </dependency>
     </dependencies>
 </project>
 

components/application-mgt/io.entgra.device.mgt.core.application.mgt.core/src/main/java/io/entgra/device/mgt/core/application/mgt/core/impl/ApplicationManagerImpl.java

@@ -19,6 +19,16 @@
 package io.entgra.device.mgt.core.application.mgt.core.impl;
 
 import io.entgra.device.mgt.core.application.mgt.common.*;
+import io.entgra.device.mgt.core.application.mgt.core.exception.BadRequestException;
+import io.entgra.device.mgt.core.application.mgt.core.dao.SPApplicationDAO;
+import io.entgra.device.mgt.core.device.mgt.common.exceptions.MetadataManagementException;
+import io.entgra.device.mgt.core.device.mgt.common.metadata.mgt.Metadata;
+import org.json.JSONObject;
+import io.entgra.device.mgt.core.application.mgt.common.ApplicationArtifact;
+import io.entgra.device.mgt.core.application.mgt.common.ApplicationInstaller;
+import io.entgra.device.mgt.core.application.mgt.common.DeviceTypes;
+import io.entgra.device.mgt.core.application.mgt.common.LifecycleChanger;
+import io.entgra.device.mgt.core.application.mgt.common.Pagination;
 import io.entgra.device.mgt.core.application.mgt.common.config.RatingConfiguration;
 import io.entgra.device.mgt.core.application.mgt.common.dto.*;
 import io.entgra.device.mgt.core.application.mgt.common.exception.*;
@@ -57,6 +67,7 @@ import org.wso2.carbon.context.PrivilegedCarbonContext;
 import org.wso2.carbon.user.api.UserRealm;
 import org.wso2.carbon.user.api.UserStoreException;
 
+import javax.ws.rs.core.Response;
 import java.io.ByteArrayInputStream;
 import java.io.IOException;
 import java.io.InputStream;
@@ -1239,13 +1250,13 @@ public class ApplicationManagerImpl implements ApplicationManager {
                             this.changeLifecycleState(applicationReleaseDTO, lifecycleChanger);
                         }
                     }
+                    if (Constants.ENTERPRISE_APP_TYPE.equals(applicationDTO.getType()) || Constants.PUBLIC_APP_TYPE.equals(applicationDTO.getType())) {
+                        persistAppIconInfo(applicationReleaseDTO);
+                    }
                     applicationReleaseEntities.add(applicationReleaseDTO);
                 }
                 applicationDTO.setId(appId);
                 applicationDTO.setApplicationReleaseDTOs(applicationReleaseEntities);
-                if (applicationDTO.getType().equals("ENTERPRISE") || applicationDTO.getType().equals("PUBLIC") ) {
-                    persistAppIconInfo(applicationReleaseDTO);
-                }
                 return APIUtil.appDtoToAppResponse(applicationDTO);
             }
         } catch (LifeCycleManagementDAOException e) {
@@ -1669,6 +1680,31 @@ public class ApplicationManagerImpl implements ApplicationManager {
         }
     }
 
+    /**
+     * Check whether valid metaData value or not
+     *
+     * @return true or false
+     * @throws MetadataManagementException If it is unable to load metaData
+     */
+    private boolean isUserAbleToViewAllRoles() throws MetadataManagementException {
+        List<Metadata> allMetadata;
+        allMetadata = APIUtil.getMetadataManagementService().retrieveAllMetadata();
+        if (allMetadata != null && !allMetadata.isEmpty()) {
+            for (Metadata metadata : allMetadata) {
+                if (Constants.SHOW_ALL_ROLES.equals(metadata.getMetaKey())) {
+                    String metaValue = metadata.getMetaValue();
+                    if (metaValue != null) {
+                        JSONObject jsonObject;
+                        jsonObject = new JSONObject(metaValue);
+                        boolean isUserAbleToViewAllRoles = jsonObject.getBoolean(Constants.IS_USER_ABLE_TO_VIEW_ALL_ROLES);
+                        return isUserAbleToViewAllRoles;
+                    }
+                }
+            }
+        }
+        return false;
+    }
+
     /**
      * Get assigned role list of the given user.
      *
@@ -3442,7 +3478,8 @@ public class ApplicationManagerImpl implements ApplicationManager {
     }
 
     @Override
-    public <T> void validateAppCreatingRequest(T param) throws ApplicationManagementException, RequestValidatingException {
+    public <T> void validateAppCreatingRequest(T param)
+            throws ApplicationManagementException, RequestValidatingException {
         int tenantId = PrivilegedCarbonContext.getThreadLocalCarbonContext().getTenantId(true);
         String userName = PrivilegedCarbonContext.getThreadLocalCarbonContext().getUsername();
         int deviceTypeId = -1;
@@ -3614,12 +3651,14 @@ public class ApplicationManagerImpl implements ApplicationManager {
                     log.error(msg);
                     throw new ApplicationManagementException(msg);
                 }
-                if (!hasUserRole(unrestrictedRoles, userName)) {
+                if (!isUserAbleToViewAllRoles()) {
-                    String msg = "You are trying to restrict the visibility of the application for a role set, but "
+                    if (!hasUserRole(unrestrictedRoles, userName)) {
-                            + "in order to perform the action at least one role should be assigned to user: "
+                        String msg = "You are trying to restrict the visibility of the application for a role set, but "
-                            + userName;
+                                + "in order to perform the action at least one role should be assigned to user: "
-                    log.error(msg);
+                                + userName;
-                    throw new BadRequestException(msg);
+                        log.error(msg);
+                        throw new BadRequestException(msg);
+                    }
                 }
             }
 
@@ -3672,6 +3711,10 @@ public class ApplicationManagerImpl implements ApplicationManager {
             String msg = "Error occurred when validating the unrestricted roles given for the web clip";
             log.error(msg, e);
             throw new ApplicationManagementException(msg, e);
+        } catch (MetadataManagementException e) {
+            String msg = "Error occurred while retrieving metadata list";
+            log.error(msg, e);
+            throw new ApplicationManagementException(msg, e);
         } finally {
             ConnectionManagerUtil.closeDBConnection();
         }

components/application-mgt/io.entgra.device.mgt.core.application.mgt.core/src/main/java/io/entgra/device/mgt/core/application/mgt/core/impl/SubscriptionManagerImpl.java

@@ -19,6 +19,10 @@
 package io.entgra.device.mgt.core.application.mgt.core.impl;
 
 import com.google.gson.Gson;
+import io.entgra.device.mgt.core.application.mgt.core.exception.BadRequestException;
+import io.entgra.device.mgt.core.device.mgt.extensions.logger.spi.EntgraLogger;
+import io.entgra.device.mgt.core.notification.logger.AppInstallLogContext;
+import io.entgra.device.mgt.core.notification.logger.impl.EntgraAppInstallLoggerImpl;
 import io.entgra.device.mgt.core.apimgt.application.extension.dto.ApiApplicationKey;
 import io.entgra.device.mgt.core.apimgt.application.extension.exception.APIManagerException;
 import io.entgra.device.mgt.core.application.mgt.common.*;
@@ -87,8 +91,8 @@ import java.util.stream.Collectors;
  * This is the default implementation for the Subscription Manager.
  */
 public class SubscriptionManagerImpl implements SubscriptionManager {
-
+    AppInstallLogContext.Builder appInstallLogContextBuilder = new AppInstallLogContext.Builder();
-    private static final Log log = LogFactory.getLog(SubscriptionManagerImpl.class);
+    private static final EntgraLogger log = new EntgraAppInstallLoggerImpl(SubscriptionManagerImpl.class);
     private SubscriptionDAO subscriptionDAO;
     private ApplicationDAO applicationDAO;
     private LifecycleStateManager lifecycleStateManager;
@@ -620,7 +624,9 @@ public class SubscriptionManagerImpl implements SubscriptionManager {
                                                               Properties properties,
                                                               boolean isOperationReExecutingDisabled)
             throws ApplicationManagementException {
-
+        String username = PrivilegedCarbonContext.getThreadLocalCarbonContext().getUsername();
+        String tenantId = String.valueOf(PrivilegedCarbonContext.getThreadLocalCarbonContext().getTenantId());
+        String tenantDomain = String.valueOf(PrivilegedCarbonContext.getThreadLocalCarbonContext().getTenantDomain());
         //Get app subscribing info of each device
         SubscribingDeviceIdHolder subscribingDeviceIdHolder = getSubscribingDeviceIdHolder(devices,
                 applicationDTO.getApplicationReleaseDTOs().get(0).getId());
@@ -670,10 +676,36 @@ public class SubscriptionManagerImpl implements SubscriptionManager {
                 Activity activity = addAppOperationOnDevices(applicationDTO, new ArrayList<>(entry.getValue()),
                         entry.getKey(), action, properties);
                 activityList.add(activity);
+                for (DeviceIdentifier identifier : deviceIdentifiers) {
+                    log.info(String.format("Web app %s triggered", action), appInstallLogContextBuilder
+                            .setAppId(String.valueOf(applicationDTO.getId()))
+                            .setAppName(applicationDTO.getName())
+                            .setAppType(applicationDTO.getType())
+                            .setSubType(subType)
+                            .setTenantId(tenantId)
+                            .setTenantDomain(tenantDomain)
+                            .setDevice(String.valueOf(identifier))
+                            .setUserName(username)
+                            .setAction(action)
+                            .build());
+                }
             }
         } else {
             Activity activity = addAppOperationOnDevices(applicationDTO, deviceIdentifiers, deviceType, action, properties);
             activityList.add(activity);
+            for (DeviceIdentifier identifier : deviceIdentifiers) {
+                log.info(String.format("App %s triggered", action), appInstallLogContextBuilder
+                        .setAppId(String.valueOf(applicationDTO.getId()))
+                        .setAppName(applicationDTO.getName())
+                        .setAppType(applicationDTO.getType())
+                        .setSubType(subType)
+                        .setTenantId(tenantId)
+                        .setTenantDomain(tenantDomain)
+                        .setDevice(String.valueOf(identifier))
+                        .setUserName(username)
+                        .setAction(action)
+                        .build());
+            }
         }
 
         ApplicationInstallResponse applicationInstallResponse = new ApplicationInstallResponse();

components/application-mgt/io.entgra.device.mgt.core.application.mgt.core/src/main/java/io/entgra/device/mgt/core/application/mgt/core/util/APIUtil.java

@@ -40,6 +40,7 @@ import io.entgra.device.mgt.core.application.mgt.core.internal.DataHolder;
 import io.entgra.device.mgt.core.application.mgt.core.serviceprovider.ISServiceProviderApplicationService;
 import io.entgra.device.mgt.core.device.mgt.common.exceptions.DeviceManagementException;
 import io.entgra.device.mgt.core.device.mgt.core.dto.DeviceType;
+import io.entgra.device.mgt.core.device.mgt.common.metadata.mgt.MetadataManagementService;
 import org.apache.commons.lang.StringUtils;
 import org.apache.commons.logging.Log;
 import org.apache.commons.logging.LogFactory;
@@ -64,6 +65,7 @@ public class APIUtil {
     private static volatile SubscriptionManager subscriptionManager;
     private static volatile ReviewManager reviewManager;
     private static volatile AppmDataHandler appmDataHandler;
+    private static volatile MetadataManagementService metadataManagementService;
 
     public static SPApplicationManager getSPApplicationManager() {
         if (SPApplicationManager == null) {
@@ -514,7 +516,22 @@ public class APIUtil {
     public static String createAppIconPath(ApplicationReleaseDTO applicationReleaseDTO, int tenantId) throws ApplicationManagementException {
         String basePath = getArtifactDownloadBaseURL() + tenantId + Constants.FORWARD_SLASH + applicationReleaseDTO
                 .getAppHashValue() + Constants.FORWARD_SLASH;
-        String iconPath = basePath + Constants.ICON_ARTIFACT + Constants.FORWARD_SLASH + applicationReleaseDTO.getIconName();
+        return basePath + Constants.ICON_ARTIFACT + Constants.FORWARD_SLASH + applicationReleaseDTO.getIconName();
-        return iconPath;
+    }
+
+    public static MetadataManagementService getMetadataManagementService() {
+        if (metadataManagementService == null) {
+            synchronized (APIUtil.class) {
+                if (metadataManagementService == null) {
+                    PrivilegedCarbonContext ctx = PrivilegedCarbonContext.getThreadLocalCarbonContext();
+                    metadataManagementService = (MetadataManagementService) ctx.getOSGiService(
+                            MetadataManagementService.class, null);
+                    if (metadataManagementService == null) {
+                        throw new IllegalStateException("Metadata Management service not initialized.");
+                    }
+                }
+            }
+        }
+        return metadataManagementService;
     }
 }

components/application-mgt/io.entgra.device.mgt.core.application.mgt.core/src/main/java/io/entgra/device/mgt/core/application/mgt/core/util/Constants.java

@@ -70,7 +70,8 @@ public class Constants {
     public static final String ANY = "ANY";
     public static final String DEFAULT_PCK_NAME = "default.app.com";
     public static final String ALL = "ALL";
-
+    public static final String SHOW_ALL_ROLES = "SHOW_ALL_ROLES";
+    public static final String IS_USER_ABLE_TO_VIEW_ALL_ROLES = "isUserAbleToViewAllRoles";
     public static final String GOOGLE_PLAY_STORE_URL = "https://play.google.com/store/apps/details?id=";
     public static final String APPLE_STORE_URL = "https://itunes.apple.com/country/app/app-name/id";
 
@@ -93,6 +94,9 @@ public class Constants {
     public static final String MSI = "MSI";
     public static final String APPX = "APPX";
 
+    public static final String ENTERPRISE_APP_TYPE = "ENTERPRISE";
+    public static final String PUBLIC_APP_TYPE = "ENTERPRISE";
+
     private static final Map<String, String> AGENT_DATA = new HashMap<>();
     static {
         AGENT_DATA.put("android", "android-agent.apk");

components/application-mgt/io.entgra.device.mgt.core.application.mgt.core/src/test/resources/user-test/user-mgt-registry-test.xml

@@ -27,7 +27,7 @@
 	    <EveryOneRoleName>everyone</EveryOneRoleName>
             <ReadOnly>false</ReadOnly>
             <MaxUserNameListLength>500</MaxUserNameListLength>
-			<Property name="url">jdbc:h2:target/databasetest/CARBON_TEST</Property>
+			<Property name="url">jdbc:h2:./target/databasetest/CARBON_TEST</Property>
 			<Property name="driverName">org.h2.Driver</Property>
 			<Property name="maxActive">50</Property>
 			<Property name="maxWait">60000</Property>

components/application-mgt/pom.xml

@@ -22,7 +22,7 @@
     <parent>
         <groupId>io.entgra.device.mgt.core</groupId>
         <artifactId>io.entgra.device.mgt.core.parent</artifactId>
-        <version>5.0.26-SNAPSHOT</version>
+        <version>5.0.27-SNAPSHOT</version>
         <relativePath>../../pom.xml</relativePath>
     </parent>
 

components/certificate-mgt/io.entgra.device.mgt.core.certificate.mgt.api/pom.xml

@@ -22,7 +22,7 @@
     <parent>
         <artifactId>certificate-mgt</artifactId>
         <groupId>io.entgra.device.mgt.core</groupId>
-        <version>5.0.26-SNAPSHOT</version>
+        <version>5.0.27-SNAPSHOT</version>
         <relativePath>../pom.xml</relativePath>
     </parent>
 

components/certificate-mgt/io.entgra.device.mgt.core.certificate.mgt.cert.admin.api/pom.xml

@@ -22,7 +22,7 @@
     <parent>
         <artifactId>certificate-mgt</artifactId>
         <groupId>io.entgra.device.mgt.core</groupId>
-        <version>5.0.26-SNAPSHOT</version>
+        <version>5.0.27-SNAPSHOT</version>
         <relativePath>../pom.xml</relativePath>
     </parent>
 

components/certificate-mgt/io.entgra.device.mgt.core.certificate.mgt.core/pom.xml

@@ -21,7 +21,7 @@
     <parent>
         <groupId>io.entgra.device.mgt.core</groupId>
         <artifactId>certificate-mgt</artifactId>
-        <version>5.0.26-SNAPSHOT</version>
+        <version>5.0.27-SNAPSHOT</version>
         <relativePath>../pom.xml</relativePath>
     </parent>
 
@@ -111,6 +111,10 @@
                 <groupId>org.apache.maven.plugins</groupId>
                 <artifactId>maven-surefire-plugin</artifactId>
                 <configuration>
+                    <argLine>
+                        --add-opens=java.xml/jdk.xml.internal=ALL-UNNAMED
+                        --add-opens=java.base/jdk.internal.loader=ALL-UNNAMED
+                    </argLine>
                     <suiteXmlFiles>
                         <suiteXmlFile>src/test/resources/testng.xml</suiteXmlFile>
                     </suiteXmlFiles>
@@ -118,6 +122,9 @@
                         <jacoco-agent.destfile>${basedir}/target/coverage-reports/jacoco-unit.exec</jacoco-agent.destfile>
                         <log4j.configuration>file:src/test/resources/log4j.properties</log4j.configuration>
                     </systemPropertyVariables>
+                    <classpathDependencyExcludes>
+                        <classpathDependencyExclude>org.ops4j.pax.logging</classpathDependencyExclude>
+                    </classpathDependencyExcludes>
                 </configuration>
             </plugin>
             <plugin>
@@ -175,7 +182,7 @@
         </dependency>
         <dependency>
             <groupId>org.powermock</groupId>
-            <artifactId>powermock-api-mockito</artifactId>
+            <artifactId>powermock-api-mockito2</artifactId>
             <scope>test</scope>
         </dependency>
         <dependency>

components/certificate-mgt/io.entgra.device.mgt.core.certificate.mgt.core/src/main/java/io/entgra/device/mgt/core/certificate/mgt/core/bean/Certificate.java

@@ -25,6 +25,15 @@ public class Certificate {
     X509Certificate certificate;
     int tenantId;
     String tenantDomain;
+    String deviceIdentifier;
+
+    public String getDeviceIdentifier() {
+        return deviceIdentifier;
+    }
+
+    public void setDeviceIdentifier(String deviceIdentifier) {
+        this.deviceIdentifier = deviceIdentifier;
+    }
 
     public int getTenantId() {
         return tenantId;

components/certificate-mgt/io.entgra.device.mgt.core.certificate.mgt.core/src/main/java/io/entgra/device/mgt/core/certificate/mgt/core/dao/CertificateDAO.java

@@ -41,6 +41,17 @@ public interface CertificateDAO {
     void addCertificate(List<Certificate> certificate)
             throws CertificateManagementDAOException;
 
+    /**
+     * This can be used to store a certificate in the database, where it will be stored against the serial number
+     * of the certificate.
+     *
+     * @param certificate Holds the certificate and relevant details.
+     * @throws CertificateManagementDAOException
+     *
+     */
+    void addCertificate(Certificate certificate)
+            throws CertificateManagementDAOException;
+
     /**
      * Usage is to obtain a certificate stored in the database by providing the common name.
      *
@@ -51,6 +62,16 @@ public interface CertificateDAO {
      */
     CertificateResponse retrieveCertificate(String serialNumber) throws CertificateManagementDAOException;
 
+    /**
+     * Obtain a certificated stored in the database by providing the common name and the tenant ID
+     *
+     * @param serialNumber Serial number (Common name) of the certificate
+     * @param tenantId ID of the certificate owning tenant
+     * @return representation of the certificate.
+     * @throws CertificateManagementDAOException if fails to read the certificate from the database
+     */
+    CertificateResponse retrieveCertificate(String serialNumber, int tenantId) throws CertificateManagementDAOException;
+
     /**
      * Get all the certificates in a paginated manner.
      *

components/certificate-mgt/io.entgra.device.mgt.core.certificate.mgt.core/src/main/java/io/entgra/device/mgt/core/certificate/mgt/core/dao/impl/AbstractCertificateDAOImpl.java

@@ -81,6 +81,40 @@ public abstract class AbstractCertificateDAOImpl implements CertificateDAO{
         }
     }
 
+    @Override
+    public void addCertificate(Certificate certificate)
+            throws CertificateManagementDAOException {
+        Connection conn;
+        PreparedStatement stmt = null;
+        try {
+            conn = this.getConnection();
+            stmt = conn.prepareStatement(
+                    "INSERT INTO DM_DEVICE_CERTIFICATE (SERIAL_NUMBER, CERTIFICATE, TENANT_ID," +
+                            " USERNAME, DEVICE_IDENTIFIER) VALUES (?,?,?,?,?)");
+            PrivilegedCarbonContext threadLocalCarbonContext = PrivilegedCarbonContext.
+                    getThreadLocalCarbonContext();
+            String username = threadLocalCarbonContext.getUsername();
+            // the serial number of the certificate used for its creation is set as its alias.
+            String serialNumber = certificate.getSerial();
+            if (serialNumber == null || serialNumber.isEmpty()) {
+                serialNumber = String.valueOf(certificate.getCertificate().getSerialNumber());
+            }
+            byte[] bytes = Serializer.serialize(certificate.getCertificate());
+
+            stmt.setString(1, serialNumber);
+            stmt.setBytes(2, bytes);
+            stmt.setInt(3, certificate.getTenantId());
+            stmt.setString(4, username);
+            stmt.setString(5, certificate.getDeviceIdentifier());
+            stmt.executeUpdate();
+        } catch (SQLException | IOException e) {
+            throw new CertificateManagementDAOException("Error occurred while saving the " +
+                    "certificate. ", e);
+        } finally {
+            CertificateManagementDAOUtil.cleanupResources(stmt, null);
+        }
+    }
+
     @Override
     public CertificateResponse retrieveCertificate(String serialNumber)
             throws CertificateManagementDAOException {
@@ -119,6 +153,42 @@ public abstract class AbstractCertificateDAOImpl implements CertificateDAO{
         return certificateResponse;
     }
 
+    @Override
+    public CertificateResponse retrieveCertificate(String serialNumber, int tenantId) throws CertificateManagementDAOException {
+        Connection conn;
+        PreparedStatement stmt = null;
+        ResultSet resultSet = null;
+        CertificateResponse certificateResponse = null;
+        try {
+            conn = this.getConnection();
+            String query =
+                    "SELECT CERTIFICATE, SERIAL_NUMBER, TENANT_ID, USERNAME FROM"
+                            + " DM_DEVICE_CERTIFICATE WHERE SERIAL_NUMBER = ? AND TENANT_ID = ? ";
+            stmt = conn.prepareStatement(query);
+            stmt.setString(1, serialNumber);
+            stmt.setInt(2, tenantId);
+            resultSet = stmt.executeQuery();
+
+            if (resultSet.next()) {
+                certificateResponse = new CertificateResponse();
+                byte[] certificateBytes = resultSet.getBytes("CERTIFICATE");
+                certificateResponse.setCertificate(certificateBytes);
+                certificateResponse.setSerialNumber(resultSet.getString("SERIAL_NUMBER"));
+                certificateResponse.setTenantId(resultSet.getInt("TENANT_ID"));
+                certificateResponse.setUsername(resultSet.getString("USERNAME"));
+                CertificateGenerator.extractCertificateDetails(certificateBytes, certificateResponse);
+            }
+        } catch (SQLException e) {
+            String errorMsg =
+                    "Unable to get the read the certificate with serial" + serialNumber;
+            log.error(errorMsg, e);
+            throw new CertificateManagementDAOException(errorMsg, e);
+        } finally {
+            CertificateManagementDAOUtil.cleanupResources(stmt, resultSet);
+        }
+        return certificateResponse;
+    }
+
     @Override
     public List<CertificateResponse> searchCertificate(String serialNumber)
             throws CertificateManagementDAOException {

components/certificate-mgt/io.entgra.device.mgt.core.certificate.mgt.core/src/main/java/io/entgra/device/mgt/core/certificate/mgt/core/impl/CertificateGenerator.java

@@ -55,10 +55,28 @@ import org.bouncycastle.operator.OperatorCreationException;
 import org.bouncycastle.operator.jcajce.JcaContentSignerBuilder;
 import org.bouncycastle.pkcs.PKCS10CertificationRequest;
 import org.bouncycastle.util.Store;
-import org.jscep.message.*;
+import org.jscep.message.CertRep;
+import org.jscep.message.MessageDecodingException;
+import org.jscep.message.MessageEncodingException;
+import org.jscep.message.PkcsPkiEnvelopeDecoder;
+import org.jscep.message.PkcsPkiEnvelopeEncoder;
+import org.jscep.message.PkiMessage;
+import org.jscep.message.PkiMessageDecoder;
+import org.jscep.message.PkiMessageEncoder;
 import org.jscep.transaction.FailInfo;
 import org.jscep.transaction.Nonce;
 import org.jscep.transaction.TransactionId;
+import org.wso2.carbon.certificate.mgt.core.dao.CertificateDAO;
+import org.wso2.carbon.certificate.mgt.core.dao.CertificateManagementDAOException;
+import org.wso2.carbon.certificate.mgt.core.dao.CertificateManagementDAOFactory;
+import org.wso2.carbon.certificate.mgt.core.dto.CAStatus;
+import org.wso2.carbon.certificate.mgt.core.dto.CertificateResponse;
+import org.wso2.carbon.certificate.mgt.core.dto.SCEPResponse;
+import org.wso2.carbon.certificate.mgt.core.exception.KeystoreException;
+import org.wso2.carbon.certificate.mgt.core.exception.TransactionManagementException;
+import org.wso2.carbon.certificate.mgt.core.util.CertificateManagementConstants;
+import org.wso2.carbon.certificate.mgt.core.util.CommonUtil;
+import org.wso2.carbon.certificate.mgt.core.util.Serializer;
 import org.wso2.carbon.context.PrivilegedCarbonContext;
 
 import javax.naming.InvalidNameException;
@@ -70,12 +88,34 @@ import java.io.ByteArrayInputStream;
 import java.io.IOException;
 import java.io.InputStream;
 import java.math.BigInteger;
-import java.security.*;
+import java.security.InvalidKeyException;
+import java.security.KeyFactory;
+import java.security.KeyPair;
+import java.security.KeyPairGenerator;
+import java.security.NoSuchAlgorithmException;
+import java.security.NoSuchProviderException;
+import java.security.PrivateKey;
+import java.security.PublicKey;
+import java.security.SecureRandom;
+import java.security.Security;
+import java.security.SignatureException;
 import java.security.cert.Certificate;
 import java.security.cert.*;
 import java.security.spec.InvalidKeySpecException;
 import java.security.spec.X509EncodedKeySpec;
 import java.util.*;
+import java.security.cert.CertificateEncodingException;
+import java.security.cert.CertificateException;
+import java.security.cert.CertificateExpiredException;
+import java.security.cert.CertificateFactory;
+import java.security.cert.CertificateNotYetValidException;
+import java.security.cert.X509Certificate;
+import java.security.spec.InvalidKeySpecException;
+import java.security.spec.X509EncodedKeySpec;
+import java.util.ArrayList;
+import java.util.Collection;
+import java.util.Date;
+import java.util.List;
 import java.util.concurrent.TimeUnit;
 
 public class CertificateGenerator {
@@ -336,15 +376,31 @@ public class CertificateGenerator {
         CertificateResponse lookUpCertificate = null;
         KeyStoreReader keyStoreReader = new KeyStoreReader();
         if (distinguishedName != null && !distinguishedName.isEmpty()) {
-            if (distinguishedName.contains("/CN=")) {
+            if (distinguishedName.contains("CN=")) {
-                String[] dnSplits = distinguishedName.split("/");
+                String[] dnSplits = null;
-                for (String dnPart : dnSplits) {
+                if (distinguishedName.contains("/")) {
-                    if (dnPart.contains("CN=")) {
+                    dnSplits = distinguishedName.split("/");
-                        String commonNameExtracted = dnPart.replace("CN=", "");
+                } else if (distinguishedName.contains(",")) {
-                        lookUpCertificate = keyStoreReader.getCertificateBySerial(commonNameExtracted);
+                    //some older versions of nginx will forward the client certificate subject dn separated with commas
-                        break;
+                    dnSplits = distinguishedName.split(",");
+                }
+                String commonNameExtracted = null;
+                int tenantId = 0;
+                if (dnSplits != null && dnSplits.length >= 1) {
+                    for (String dnPart : dnSplits) {
+                        if (dnPart.contains("CN=")) {
+                            commonNameExtracted = dnPart.replace("CN=", "");
+                        } else if (dnPart.contains("OU=")) {
+                            //the OU of the certificate will be like OU=tenant_<TENANT_ID> ex: OU=tenant_-1234
+                            //splitting by underscore to extract the tenant domain
+                            String[] orgUnitSplits = dnPart.split("_");
+                            tenantId = Integer.parseInt(orgUnitSplits[1]);
+                        }
                     }
                 }
+
+                lookUpCertificate = keyStoreReader.getCertificateBySerial(commonNameExtracted, tenantId);
+
             } else {
                 LdapName ldapName;
                 try {
@@ -671,6 +727,29 @@ public class CertificateGenerator {
             throw new KeystoreException(errorMsg, e);
         }
     }
+    public void saveCertificate(org.wso2.carbon.certificate.mgt.core.bean.Certificate
+                                     certificate) throws KeystoreException {
+
+        if (certificate == null) {
+            return;
+        }
+
+        try {
+            CertificateDAO certificateDAO = CertificateManagementDAOFactory.getCertificateDAO();
+            CertificateManagementDAOFactory.beginTransaction();
+            certificateDAO.addCertificate(certificate);
+            CertificateManagementDAOFactory.commitTransaction();
+        } catch (CertificateManagementDAOException e) {
+            String errorMsg = "Error occurred when saving the generated certificate in database";
+            log.error(errorMsg);
+            CertificateManagementDAOFactory.rollbackTransaction();
+            throw new KeystoreException(errorMsg, e);
+        } catch (TransactionManagementException e) {
+            String errorMsg = "Error occurred when saving the generated certificate in database";
+            log.error(errorMsg);
+            throw new KeystoreException(errorMsg, e);
+        }
+    }
 
     public void saveCertInKeyStore(List<io.entgra.device.mgt.core.certificate.mgt.core.bean.Certificate> certificate)
             throws KeystoreException {
@@ -785,8 +864,9 @@ public class CertificateGenerator {
             X500Name issuerName = new X500Name(subjectDn);
             String commonName = certificationRequest.getSubject().getRDNs(BCStyle.CN)[0].getFirst()
                     .getValue().toString();
-            X500Name subjectName = new X500Name("O=" + commonName + "O=AndroidDevice,CN=" +
+            int tenantId = PrivilegedCarbonContext.getThreadLocalCarbonContext().getTenantId();
-                    serialNumber);
+            X500Name subjectName = new X500Name("O=" + commonName + ",CN=" +
+                    serialNumber + ", OU=tenant_"+tenantId);
             Date startDate = new Date(System.currentTimeMillis());
             Date endDate = new Date(System.currentTimeMillis()
                     + TimeUnit.DAYS.toMillis(365 * 100));
@@ -809,8 +889,8 @@ public class CertificateGenerator {
             List<io.entgra.device.mgt.core.certificate.mgt.core.bean.Certificate> certificates = new ArrayList<>();
             certificate.setTenantId(PrivilegedCarbonContext.getThreadLocalCarbonContext().getTenantId());
             certificate.setCertificate(issuedCert);
-            certificates.add(certificate);
+            certificate.setDeviceIdentifier(commonName);
-            saveCertInKeyStore(certificates);
+            saveCertificate(certificate);
 
         } catch (OperatorCreationException e) {
             String errorMsg = "Error creating the content signer";

components/certificate-mgt/io.entgra.device.mgt.core.certificate.mgt.core/src/main/java/io/entgra/device/mgt/core/certificate/mgt/core/impl/KeyStoreReader.java

@@ -271,6 +271,43 @@ public class KeyStoreReader {
         return raPrivateKey;
     }
 
+    public CertificateResponse getCertificateBySerial(String serialNumber, int tenantId) throws KeystoreException {
+        CertificateResponse certificateResponse = null;
+        try {
+            CertificateCacheManager cacheManager = CertificateCacheManagerImpl.getInstance();
+            certificateResponse = cacheManager.getCertificateBySerial(serialNumber);
+            if (certificateResponse == null) {
+                try {
+                    CertificateManagementDAOFactory.openConnection();
+                    certificateResponse = certDao.retrieveCertificate(serialNumber, tenantId);
+                } catch (SQLException e) {
+                    String errorMsg = "Error when making a connection to the database.";
+                    throw new KeystoreException(errorMsg, e);
+                } finally {
+                    CertificateManagementDAOFactory.closeConnection();
+                }
+                if (certificateResponse != null && certificateResponse.getCertificate() != null) {
+                    Certificate certificate = (Certificate) Serializer.deserialize(certificateResponse.getCertificate());
+                    if (certificate instanceof X509Certificate) {
+                        X509Certificate x509cert = (X509Certificate) certificate;
+                        String commonName = CertificateGenerator.getCommonName(x509cert);
+                        certificateResponse.setCommonName(commonName);
+                        cacheManager.addCertificateBySerial(serialNumber, certificateResponse);
+                    }
+                }
+            }
+        } catch (CertificateManagementDAOException e) {
+            String errorMsg = "Error when retrieving certificate from the the database for the serial number: " +
+                    serialNumber;
+            throw new KeystoreException(errorMsg, e);
+
+        } catch (ClassNotFoundException | IOException e) {
+            String errorMsg = "Error when de-serializing saved certificate.";
+            throw new KeystoreException(errorMsg, e);
+        }
+        return certificateResponse;
+    }
+
     public CertificateResponse getCertificateBySerial(String serialNumber) throws KeystoreException {
         CertificateResponse certificateResponse = null;
         try {

components/certificate-mgt/io.entgra.device.mgt.core.certificate.mgt.core/src/test/resources/data-source-config.xml

@@ -18,7 +18,7 @@
   -->
 
 <DataSourceConfig>
-    <Url>jdbc:h2:mem:cdm-test-db;DB_CLOSE_ON_EXIT=FALSE;MVCC=true</Url>
+    <Url>jdbc:h2:mem:cdm-test-db;DB_CLOSE_ON_EXIT=FALSE</Url>
     <DriverClassName>org.h2.Driver</DriverClassName>
     <User>wso2carbon</User>
     <Password>wso2carbon</Password>

components/certificate-mgt/pom.xml

@@ -22,7 +22,7 @@
     <parent>
         <groupId>io.entgra.device.mgt.core</groupId>
         <artifactId>io.entgra.device.mgt.core.parent</artifactId>
-        <version>5.0.26-SNAPSHOT</version>
+        <version>5.0.27-SNAPSHOT</version>
         <relativePath>../../pom.xml</relativePath>
     </parent>
 

components/device-mgt-extensions/io.entgra.device.mgt.core.device.mgt.extensions.defaultrole.manager/pom.xml

@@ -22,7 +22,7 @@
     <parent>
         <artifactId>device-mgt-extensions</artifactId>
         <groupId>io.entgra.device.mgt.core</groupId>
-        <version>5.0.26-SNAPSHOT</version>
+        <version>5.0.27-SNAPSHOT</version>
         <relativePath>../pom.xml</relativePath>
     </parent>
 
@@ -106,13 +106,19 @@
                 <groupId>org.apache.maven.plugins</groupId>
                 <artifactId>maven-surefire-plugin</artifactId>
                 <configuration>
+                    <argLine>
+                        --add-opens=java.xml/jdk.xml.internal=ALL-UNNAMED
+                        --add-opens=java.base/jdk.internal.loader=ALL-UNNAMED
+                    </argLine>
                     <systemPropertyVariables>
-                        <log4j.configuration>file:src/test/resources/carbon-home/repository/conf/log4j.properties
+                        <log4j.configuration>file:src/test/resources/log4j.properties</log4j.configuration>
-                        </log4j.configuration>
                     </systemPropertyVariables>
                     <suiteXmlFiles>
                         <file>src/test/resources/testng.xml</file>
                     </suiteXmlFiles>
+                    <classpathDependencyExcludes>
+                        <classpathDependencyExclude>org.ops4j.pax.logging</classpathDependencyExclude>
+                    </classpathDependencyExcludes>
                 </configuration>
             </plugin>
         </plugins>
@@ -207,5 +213,15 @@
             <groupId>org.wso2.orbit.javax.xml.bind</groupId>
             <artifactId>jaxb-api</artifactId>
         </dependency>
+        <dependency>
+            <groupId>com.sun.xml.bind</groupId>
+            <artifactId>jaxb-core</artifactId>
+            <scope>test</scope>
+        </dependency>
+        <dependency>
+            <groupId>com.sun.xml.bind</groupId>
+            <artifactId>jaxb-impl</artifactId>
+            <scope>test</scope>
+        </dependency>
     </dependencies>
 </project>

components/device-mgt-extensions/io.entgra.device.mgt.core.device.mgt.extensions.device.type.deployer/pom.xml

@@ -22,7 +22,7 @@
     <parent>
         <artifactId>device-mgt-extensions</artifactId>
         <groupId>io.entgra.device.mgt.core</groupId>
-        <version>5.0.26-SNAPSHOT</version>
+        <version>5.0.27-SNAPSHOT</version>
         <relativePath>../pom.xml</relativePath>
     </parent>
 
@@ -104,6 +104,21 @@
             <artifactId>io.entgra.device.mgt.core.device.mgt.core</artifactId>
             <scope>test</scope>
         </dependency>
+        <dependency>
+            <groupId>org.mockito</groupId>
+            <artifactId>mockito-core</artifactId>
+            <scope>test</scope>
+        </dependency>
+        <dependency>
+            <groupId>com.sun.xml.bind</groupId>
+            <artifactId>jaxb-core</artifactId>
+            <scope>test</scope>
+        </dependency>
+        <dependency>
+            <groupId>com.sun.xml.bind</groupId>
+            <artifactId>jaxb-impl</artifactId>
+            <scope>test</scope>
+        </dependency>
     </dependencies>
 
     <build>
@@ -157,6 +172,25 @@
                     </instructions>
                 </configuration>
             </plugin>
+            <plugin>
+                <groupId>org.apache.maven.plugins</groupId>
+                <artifactId>maven-surefire-plugin</artifactId>
+                <configuration>
+                    <argLine>
+                        --add-opens=java.xml/jdk.xml.internal=ALL-UNNAMED
+                        --add-opens=java.base/jdk.internal.loader=ALL-UNNAMED
+                    </argLine>
+                    <systemPropertyVariables>
+                        <log4j.configuration>file:src/test/resources/log4j.properties</log4j.configuration>
+                    </systemPropertyVariables>
+                    <suiteXmlFiles>
+                        <file>src/test/resources/testng.xml</file>
+                    </suiteXmlFiles>
+                    <classpathDependencyExcludes>
+                        <classpathDependencyExclude>org.ops4j.pax.logging</classpathDependencyExclude>
+                    </classpathDependencyExcludes>
+                </configuration>
+            </plugin>
             <plugin>
                 <groupId>org.jacoco</groupId>
                 <artifactId>jacoco-maven-plugin</artifactId>

components/device-mgt-extensions/io.entgra.device.mgt.core.device.mgt.extensions.logger/pom.xml

@@ -21,7 +21,7 @@
     <parent>
         <artifactId>device-mgt-extensions</artifactId>
         <groupId>io.entgra.device.mgt.core</groupId>
-        <version>5.0.26-SNAPSHOT</version>
+        <version>5.0.27-SNAPSHOT</version>
         <relativePath>../pom.xml</relativePath>
     </parent>
 

components/device-mgt-extensions/io.entgra.device.mgt.core.device.mgt.extensions.pull.notification/pom.xml

@@ -22,7 +22,7 @@
     <parent>
         <artifactId>device-mgt-extensions</artifactId>
         <groupId>io.entgra.device.mgt.core</groupId>
-        <version>5.0.26-SNAPSHOT</version>
+        <version>5.0.27-SNAPSHOT</version>
         <relativePath>../pom.xml</relativePath>
     </parent>
 

components/device-mgt-extensions/io.entgra.device.mgt.core.device.mgt.extensions.push.notification.provider.fcm/pom.xml

@@ -22,7 +22,7 @@
     <parent>
         <artifactId>device-mgt-extensions</artifactId>
         <groupId>io.entgra.device.mgt.core</groupId>
-        <version>5.0.26-SNAPSHOT</version>
+        <version>5.0.27-SNAPSHOT</version>
         <relativePath>../pom.xml</relativePath>
     </parent>
 

components/device-mgt-extensions/io.entgra.device.mgt.core.device.mgt.extensions.push.notification.provider.http/pom.xml

@@ -22,7 +22,7 @@
     <parent>
         <artifactId>device-mgt-extensions</artifactId>
         <groupId>io.entgra.device.mgt.core</groupId>
-        <version>5.0.26-SNAPSHOT</version>
+        <version>5.0.27-SNAPSHOT</version>
         <relativePath>../pom.xml</relativePath>
     </parent>
 

components/device-mgt-extensions/io.entgra.device.mgt.core.device.mgt.extensions.push.notification.provider.mqtt/pom.xml

@@ -22,7 +22,7 @@
     <parent>
         <artifactId>device-mgt-extensions</artifactId>
         <groupId>io.entgra.device.mgt.core</groupId>
-        <version>5.0.26-SNAPSHOT</version>
+        <version>5.0.27-SNAPSHOT</version>
         <relativePath>../pom.xml</relativePath>
     </parent>
 
@@ -122,6 +122,16 @@
             <artifactId>powermock-module-testng</artifactId>
             <scope>test</scope>
         </dependency>
+        <dependency>
+            <groupId>org.wso2.carbon</groupId>
+            <artifactId>org.wso2.carbon.securevault</artifactId>
+            <scope>test</scope>
+        </dependency>
+        <dependency>
+            <groupId>org.mockito</groupId>
+            <artifactId>mockito-core</artifactId>
+            <scope>test</scope>
+        </dependency>
     </dependencies>
     <build>
         <plugins>
@@ -189,6 +199,25 @@
                     </execution>
                 </executions>
             </plugin>
+            <plugin>
+                <groupId>org.apache.maven.plugins</groupId>
+                <artifactId>maven-surefire-plugin</artifactId>
+                <configuration>
+                    <argLine>
+                        --add-opens=java.xml/jdk.xml.internal=ALL-UNNAMED
+                        --add-opens=java.base/jdk.internal.loader=ALL-UNNAMED
+                    </argLine>
+                    <systemPropertyVariables>
+                        <log4j.configuration>file:src/test/resources/log4j.properties</log4j.configuration>
+                    </systemPropertyVariables>
+                    <suiteXmlFiles>
+                        <file>src/test/resources/testng.xml</file>
+                    </suiteXmlFiles>
+                    <classpathDependencyExcludes>
+                        <classpathDependencyExclude>org.ops4j.pax.logging</classpathDependencyExclude>
+                    </classpathDependencyExcludes>
+                </configuration>
+            </plugin>
         </plugins>
     </build>
     

components/device-mgt-extensions/io.entgra.device.mgt.core.device.mgt.extensions.push.notification.provider.mqtt/src/test/resources/conf/carbon.xml

@@ -1,658 +0,0 @@
-<?xml version="1.0" encoding="ISO-8859-1"?>
-
-<!--
-  ~ Copyright (c) 2018 - 2023, Entgra (Pvt) Ltd. (http://www.entgra.io) All Rights Reserved.
-  ~
-  ~ Entgra (Pvt) Ltd. licenses this file to you under the Apache License,
-  ~ Version 2.0 (the "License"); you may not use this file except
-  ~ in compliance with the License.
-  ~ You may obtain a copy of the License at
-  ~
-  ~    http://www.apache.org/licenses/LICENSE-2.0
-  ~
-  ~ Unless required by applicable law or agreed to in writing,
-  ~ software distributed under the License is distributed on an
-  ~ "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
-  ~ KIND, either express or implied. See the License for the
-  ~ specific language governing permissions and limitations
-  ~ under the License.
-  -->
-
-<!--
-    This is the main server configuration file
-
-    ${carbon.home} represents the carbon.home system property.
-    Other system properties can be specified in a similar manner.
--->
-<Server xmlns="http://wso2.org/projects/carbon/carbon.xml">
-
-    <!--
-       Product Name
-    -->
-    <Name>${product.name}</Name>
-
-    <!--
-       machine readable unique key to identify each product
-    -->
-    <ServerKey>${product.key}</ServerKey>
-
-    <!--
-       Product Version
-    -->
-    <Version>${product.version}</Version>
-
-    <!--
-       Host name or IP address of the machine hosting this server
-       e.g. www.wso2.org, 192.168.1.10
-       This is will become part of the End Point Reference of the
-       services deployed on this server instance.
-    -->
-    <!--HostName>www.wso2.org</HostName-->
-
-    <!--
-    Host name to be used for the Carbon management console
-    -->
-    <!--MgtHostName>mgt.wso2.org</MgtHostName-->
-
-    <!--
-        The URL of the back end server. This is where the admin services are hosted and
-        will be used by the clients in the front end server.
-        This is required only for the Front-end server. This is used when seperating BE server from FE server
-       -->
-    <ServerURL>local:/${carbon.context}/services/</ServerURL>
-    <!--
-    <ServerURL>https://${carbon.local.ip}:${carbon.management.port}${carbon.context}/services/</ServerURL>
-    -->
-     <!--
-     The URL of the index page. This is where the user will be redirected after signing in to the
-     carbon server.
-     -->
-    <!-- IndexPageURL>/carbon/admin/index.jsp</IndexPageURL-->
-
-    <!--
-    For cApp deployment, we have to identify the roles that can be acted by the current server.
-    The following property is used for that purpose. Any number of roles can be defined here.
-    Regular expressions can be used in the role.
-    Ex : <Role>.*</Role> means this server can act any role
-    -->
-    <ServerRoles>
-        <Role>${default.server.role}</Role>
-    </ServerRoles>
-
-    <!-- uncommnet this line to subscribe to a bam instance automatically -->
-    <!--<BamServerURL>https://bamhost:bamport/services/</BamServerURL>-->
-
-    <!--
-       The fully qualified name of the server
-    -->
-    <Package>org.wso2.carbon</Package>
-
-    <!--
-       Webapp context root of WSO2 Carbon management console.
-    -->
-    <WebContextRoot>/</WebContextRoot>
-
-    <!--
-    	Proxy context path is a useful parameter to add a proxy path when a Carbon server is fronted by reverse proxy. In addtion
-        to the proxy host and proxy port this parameter allows you add a path component to external URLs. e.g.
-     		URL of the Carbon server -> https://10.100.1.1:9443/carbon
-   		URL of the reverse proxy -> https://prod.abc.com/appserver/carbon
-
-   	appserver - proxy context path. This specially required whenever you are generating URLs to displace in
-   	Carbon UI components.
-    -->
-    <!--
-    	<MgtProxyContextPath></MgtProxyContextPath>
-    	<ProxyContextPath></ProxyContextPath>
-    -->
-
-    <!-- In-order to  get the registry http Port from the back-end when the default http transport is not the same-->
-    <!--RegistryHttpPort>9763</RegistryHttpPort-->
-
-    <!--
-    Number of items to be displayed on a management console page. This is used at the
-    backend server for pagination of various items.
-    -->
-    <ItemsPerPage>15</ItemsPerPage>
-
-    <!-- The endpoint URL of the cloud instance management Web service -->
-    <!--<InstanceMgtWSEndpoint>https://ec2.amazonaws.com/</InstanceMgtWSEndpoint>-->
-
-    <!--
-       Ports used by this server
-    -->
-    <Ports>
-
-        <!-- Ports offset. This entry will set the value of the ports defined below to
-         the define value + Offset.
-         e.g. Offset=2 and HTTPS port=9443 will set the effective HTTPS port to 9445
-         -->
-        <Offset>0</Offset>
-
-        <!-- The JMX Ports -->
-        <JMX>
-            <!--The port RMI registry is exposed-->
-            <RMIRegistryPort>9999</RMIRegistryPort>
-            <!--The port RMI server should be exposed-->
-            <RMIServerPort>11111</RMIServerPort>
-        </JMX>
-
-        <!-- Embedded LDAP server specific ports -->
-        <EmbeddedLDAP>
-            <!-- Port which embedded LDAP server runs -->
-            <LDAPServerPort>10389</LDAPServerPort>
-            <!-- Port which KDC (Kerberos Key Distribution Center) server runs -->
-            <KDCServerPort>8000</KDCServerPort>
-        </EmbeddedLDAP>
-	
-	<!-- 
-             Override datasources JNDIproviderPort defined in bps.xml and datasources.properties files
-	-->
-	<!--<JNDIProviderPort>2199</JNDIProviderPort>-->
-	<!--Override receive port of thrift based entitlement service.-->
-	<ThriftEntitlementReceivePort>10500</ThriftEntitlementReceivePort>
-
-    </Ports>
-
-    <!--
-        JNDI Configuration
-    -->
-    <JNDI>
-        <!-- 
-             The fully qualified name of the default initial context factory
-        -->
-        <DefaultInitialContextFactory>org.wso2.carbon.tomcat.jndi.CarbonJavaURLContextFactory</DefaultInitialContextFactory>
-        <!-- 
-             The restrictions that are done to various JNDI Contexts in a Multi-tenant environment 
-        -->
-        <Restrictions>
-            <!--
-                Contexts that will be available only to the super-tenant
-            -->
-            <!-- <SuperTenantOnly>
-                <UrlContexts>
-                    <UrlContext>
-                        <Scheme>foo</Scheme>
-                    </UrlContext>
-                    <UrlContext>
-                        <Scheme>bar</Scheme>
-                    </UrlContext>
-                </UrlContexts>
-            </SuperTenantOnly> -->
-            <!-- 
-                Contexts that are common to all tenants
-            -->
-            <AllTenants>
-                <UrlContexts>
-                    <UrlContext>
-                        <Scheme>java</Scheme>
-                    </UrlContext>
-                    <!-- <UrlContext>
-                        <Scheme>foo</Scheme>
-                    </UrlContext> -->
-                </UrlContexts>
-            </AllTenants>
-            <!-- 
-                 All other contexts not mentioned above will be available on a per-tenant basis 
-                 (i.e. will not be shared among tenants)
-            -->
-        </Restrictions>
-    </JNDI>
-
-    <!--
-        Property to determine if the server is running an a cloud deployment environment.
-        This property should only be used to determine deployment specific details that are
-        applicable only in a cloud deployment, i.e when the server deployed *-as-a-service.
-    -->
-    <IsCloudDeployment>false</IsCloudDeployment>
-
-    <!--
-	Property to determine whether usage data should be collected for metering purposes
-    -->
-    <EnableMetering>false</EnableMetering>
-
-    <!-- The Max time a thread should take for execution in seconds -->
-    <MaxThreadExecutionTime>600</MaxThreadExecutionTime>
-
-    <!--
-        A flag to enable or disable Ghost Deployer. By default this is set to false. That is
-        because the Ghost Deployer works only with the HTTP/S transports. If you are using
-        other transports, don't enable Ghost Deployer.
-    -->
-    <GhostDeployment>
-        <Enabled>false</Enabled>
-    </GhostDeployment>
-
-
-    <!--
-        Eager loading or lazy loading is a design pattern commonly used in computer programming which
-        will initialize an object upon creation or load on-demand. In carbon, lazy loading is used to
-        load tenant when a request is received only. Similarly Eager loading is used to enable load
-        existing tenants after carbon server starts up. Using this feature, you will be able to include
-        or exclude tenants which are to be loaded when server startup.
-
-        We can enable only one LoadingPolicy at a given time.
-
-        1. Tenant Lazy Loading
-           This is the default behaviour and enabled by default. With this policy, tenants are not loaded at
-           server startup, but loaded based on-demand (i.e when a request is received for a tenant).
-           The default tenant idle time is 30 minutes.
-
-        2. Tenant Eager Loading
-           This is by default not enabled. It can be be enabled by un-commenting the <EagerLoading> section.
-           The eager loading configurations supported are as below. These configurations can be given as the
-           value for <Include> element with eager loading.
-                (i)Load all tenants when server startup             -   *
-                (ii)Load all tenants except foo.com & bar.com       -   *,!foo.com,!bar.com
-                (iii)Load only foo.com &  bar.com to be included    -   foo.com,bar.com
-    -->
-    <Tenant>
-        <LoadingPolicy>
-            <LazyLoading>
-                <IdleTime>30</IdleTime>
-            </LazyLoading>
-            <!-- <EagerLoading>
-                   <Include>*,!foo.com,!bar.com</Include>
-            </EagerLoading>-->
-        </LoadingPolicy>
-    </Tenant>
-
-    <!--
-     Caching related configurations
-    -->
-    <Cache>
-        <!-- Default cache timeout in minutes -->
-        <DefaultCacheTimeout>15</DefaultCacheTimeout>
-    </Cache>
-
-    <!--
-    Axis2 related configurations
-    -->
-    <Axis2Config>
-        <!--
-             Location of the Axis2 Services & Modules repository
-
-             This can be a directory in the local file system, or a URL.
-
-             e.g.
-             1. /home/wso2wsas/repository/ - An absolute path
-             2. repository - In this case, the path is relative to CARBON_HOME
-             3. file:///home/wso2wsas/repository/
-             4. http://wso2wsas/repository/
-        -->
-        <RepositoryLocation>${carbon.home}/repository/deployment/server/</RepositoryLocation>
-
-        <!--
-         Deployment update interval in seconds. This is the interval between repository listener
-         executions. 
-        -->
-        <DeploymentUpdateInterval>15</DeploymentUpdateInterval>
-
-        <!--
-            Location of the main Axis2 configuration descriptor file, a.k.a. axis2.xml file
-
-            This can be a file on the local file system, or a URL
-
-            e.g.
-            1. /home/repository/axis2.xml - An absolute path
-            2. conf/axis2.xml - In this case, the path is relative to CARBON_HOME
-            3. file:///home/carbon/repository/axis2.xml
-            4. http://repository/conf/axis2.xml
-        -->
-        <ConfigurationFile>${carbon.home}/repository/conf/axis2/axis2.xml</ConfigurationFile>
-
-        <!--
-          ServiceGroupContextIdleTime, which will be set in ConfigurationContex
-          for multiple clients which are going to access the same ServiceGroupContext
-          Default Value is 30 Sec.
-        -->
-        <ServiceGroupContextIdleTime>30000</ServiceGroupContextIdleTime>
-
-        <!--
-          This repository location is used to crete the client side configuration
-          context used by the server when calling admin services.
-        -->
-        <ClientRepositoryLocation>${carbon.home}/repository/deployment/client/</ClientRepositoryLocation>
-        <!-- This axis2 xml is used in createing the configuration context by the FE server
-         calling to BE server -->
-        <clientAxis2XmlLocation>${carbon.home}/repository/conf/axis2/axis2_client.xml</clientAxis2XmlLocation>
-        <!-- If this parameter is set, the ?wsdl on an admin service will not give the admin service wsdl. -->
-        <HideAdminServiceWSDLs>true</HideAdminServiceWSDLs>
-	
-	<!--WARNING-Use With Care! Uncommenting bellow parameter would expose all AdminServices in HTTP transport.
-	With HTTP transport your credentials and data routed in public channels are vulnerable for sniffing attacks. 
-	Use bellow parameter ONLY if your communication channels are confirmed to be secured by other means -->
-        <!--HttpAdminServices>*</HttpAdminServices-->
-
-    </Axis2Config>
-
-    <!--
-       The default user roles which will be created when the server
-       is started up for the first time.
-    -->
-    <ServiceUserRoles>
-        <Role>
-            <Name>admin</Name>
-            <Description>Default Administrator Role</Description>
-        </Role>
-        <Role>
-            <Name>user</Name>
-            <Description>Default User Role</Description>
-        </Role>
-    </ServiceUserRoles>
-    
-    <!-- 
-      Enable following config to allow Emails as usernames. 	
-    -->	    	
-    <!--EnableEmailUserName>true</EnableEmailUserName-->	
-
-    <!--
-      Security configurations
-    -->
-    <Security>
-        <!--
-            KeyStore which will be used for encrypting/decrypting passwords
-            and other sensitive information.
-        -->
-        <KeyStore>
-            <!-- Keystore file location-->
-            <Location>${carbon.home}/repository/resources/security/wso2carbon.jks</Location>
-            <!-- Keystore type (JKS/PKCS12 etc.)-->
-            <Type>JKS</Type>
-            <!-- Keystore password-->
-            <Password>wso2carbon</Password>
-            <!-- Private Key alias-->
-            <KeyAlias>wso2carbon</KeyAlias>
-            <!-- Private Key password-->
-            <KeyPassword>wso2carbon</KeyPassword>
-        </KeyStore>
-
-        <!--
-            System wide trust-store which is used to maintain the certificates of all
-            the trusted parties.
-        -->
-        <TrustStore>
-            <!-- trust-store file location -->
-            <Location>${carbon.home}/repository/resources/security/client-truststore.jks</Location>
-            <!-- trust-store type (JKS/PKCS12 etc.) -->
-            <Type>JKS</Type>
-            <!-- trust-store password -->
-            <Password>wso2carbon</Password>
-        </TrustStore>
-
-        <!--
-            The Authenticator configuration to be used at the JVM level. We extend the
-            java.net.Authenticator to make it possible to authenticate to given servers and 
-            proxies.
-        -->
-        <NetworkAuthenticatorConfig>
-            <!-- 
-                Below is a sample configuration for a single authenticator. Please note that
-                all child elements are mandatory. Not having some child elements would lead to
-                exceptions at runtime.
-            -->
-            <!-- <Credential> -->
-                <!-- 
-                    the pattern that would match a subset of URLs for which this authenticator
-                    would be used
-                -->
-                <!-- <Pattern>regularExpression</Pattern> -->
-                <!-- 
-                    the type of this authenticator. Allowed values are:
-                    1. server
-                    2. proxy
-                -->
-                <!-- <Type>proxy</Type> -->
-                <!-- the username used to log in to server/proxy -->
-                <!-- <Username>username</Username> -->
-                <!-- the password used to log in to server/proxy -->
-                <!-- <Password>password</Password> -->
-            <!-- </Credential> -->
-        </NetworkAuthenticatorConfig>
-
-        <!--
-         The Tomcat realm to be used for hosted Web applications. Allowed values are;
-         1. UserManager
-         2. Memory
-
-         If this is set to 'UserManager', the realm will pick users & roles from the system's
-         WSO2 User Manager. If it is set to 'memory', the realm will pick users & roles from
-         CARBON_HOME/repository/conf/tomcat/tomcat-users.xml
-        -->
-        <TomcatRealm>UserManager</TomcatRealm>
-
-	<!--Option to disable storing of tokens issued by STS-->
-	<DisableTokenStore>false</DisableTokenStore>
-
-	<!--
-	 Security token store class name. If this is not set, default class will be
-	 org.wso2.carbon.security.util.SecurityTokenStore
-	-->
-	<!--TokenStoreClassName>org.wso2.carbon.identity.sts.store.DBTokenStore</TokenStoreClassName-->
-    </Security>
-
-    <!--
-       The temporary work directory
-    -->
-    <WorkDirectory>${carbon.home}/tmp/work</WorkDirectory>
-
-    <!--
-       House-keeping configuration
-    -->
-    <HouseKeeping>
-
-        <!--
-           true  - Start House-keeping thread on server startup
-           false - Do not start House-keeping thread on server startup.
-                   The user will run it manually as and when he wishes.
-        -->
-        <AutoStart>true</AutoStart>
-
-        <!--
-           The interval in *minutes*, between house-keeping runs
-        -->
-        <Interval>10</Interval>
-
-        <!--
-          The maximum time in *minutes*, temp files are allowed to live
-          in the system. Files/directories which were modified more than
-          "MaxTempFileLifetime" minutes ago will be removed by the
-          house-keeping task
-        -->
-        <MaxTempFileLifetime>30</MaxTempFileLifetime>
-    </HouseKeeping>
-
-    <!--
-       Configuration for handling different types of file upload & other file uploading related
-       config parameters.
-       To map all actions to a particular FileUploadExecutor, use
-       <Action>*</Action>
-    -->
-    <FileUploadConfig>
-        <!--
-           The total file upload size limit in MB
-        -->
-        <TotalFileSizeLimit>100</TotalFileSizeLimit>
-
-        <Mapping>
-            <Actions>
-                <Action>keystore</Action>
-                <Action>certificate</Action>
-                <Action>*</Action>
-            </Actions>
-            <Class>org.wso2.carbon.ui.transports.fileupload.AnyFileUploadExecutor</Class>
-        </Mapping>
-
-        <Mapping>
-            <Actions>
-                <Action>jarZip</Action>
-            </Actions>
-            <Class>org.wso2.carbon.ui.transports.fileupload.JarZipUploadExecutor</Class>
-        </Mapping>
-        <Mapping>
-            <Actions>
-                <Action>dbs</Action>
-            </Actions>
-            <Class>org.wso2.carbon.ui.transports.fileupload.DBSFileUploadExecutor</Class>
-        </Mapping>
-        <Mapping>
-            <Actions>
-                <Action>tools</Action>
-            </Actions>
-            <Class>org.wso2.carbon.ui.transports.fileupload.ToolsFileUploadExecutor</Class>
-        </Mapping>
-        <Mapping>
-            <Actions>
-                <Action>toolsAny</Action>
-            </Actions>
-            <Class>org.wso2.carbon.ui.transports.fileupload.ToolsAnyFileUploadExecutor</Class>
-        </Mapping>
-    </FileUploadConfig>
-
-    <!--
-       Processors which process special HTTP GET requests such as ?wsdl, ?policy etc.
-
-       In order to plug in a processor to handle a special request, simply add an entry to this
-       section.
-
-       The value of the Item element is the first parameter in the query string(e.g. ?wsdl)
-       which needs special processing
-       
-       The value of the Class element is a class which implements
-       org.wso2.carbon.transport.HttpGetRequestProcessor
-    -->
-    <HttpGetRequestProcessors>
-        <Processor>
-            <Item>info</Item>
-            <Class>org.wso2.carbon.core.transports.util.InfoProcessor</Class>
-        </Processor>
-        <Processor>
-            <Item>wsdl</Item>
-            <Class>org.wso2.carbon.core.transports.util.Wsdl11Processor</Class>
-        </Processor>
-        <Processor>
-            <Item>wsdl2</Item>
-            <Class>org.wso2.carbon.core.transports.util.Wsdl20Processor</Class>
-        </Processor>
-        <Processor>
-            <Item>xsd</Item>
-            <Class>org.wso2.carbon.core.transports.util.XsdProcessor</Class>
-        </Processor>
-    </HttpGetRequestProcessors>
-
-    <!-- Deployment Synchronizer Configuration. t Enabled value to true when running with "svn based" dep sync.
-	In master nodes you need to set both AutoCommit and AutoCheckout to true
-	and in  worker nodes set only AutoCheckout to true.
-    -->
-    <DeploymentSynchronizer>
-        <Enabled>false</Enabled>
-        <AutoCommit>false</AutoCommit>
-        <AutoCheckout>true</AutoCheckout>
-        <RepositoryType>svn</RepositoryType>
-        <SvnUrl>http://svnrepo.example.com/repos/</SvnUrl>
-        <SvnUser>username</SvnUser>
-        <SvnPassword>password</SvnPassword>
-        <SvnUrlAppendTenantId>true</SvnUrlAppendTenantId>
-    </DeploymentSynchronizer>
-
-    <!-- Deployment Synchronizer Configuration. Uncomment the following section when running with "registry based" dep sync.
-        In master nodes you need to set both AutoCommit and AutoCheckout to true
-        and in  worker nodes set only AutoCheckout to true.
-    -->
-    <!--<DeploymentSynchronizer>
-        <Enabled>true</Enabled>
-        <AutoCommit>false</AutoCommit>
-        <AutoCheckout>true</AutoCheckout>
-    </DeploymentSynchronizer>-->
-
-    <!-- Mediation persistence configurations. Only valid if mediation features are available i.e. ESB -->
-    <!--<MediationConfig>
-        <LoadFromRegistry>false</LoadFromRegistry>
-        <SaveToFile>false</SaveToFile>
-        <Persistence>enabled</Persistence>
-        <RegistryPersistence>enabled</RegistryPersistence>
-    </MediationConfig>-->
-
-    <!--
-    Server intializing code, specified as implementation classes of org.wso2.carbon.core.ServerInitializer.
-    This code will be run when the Carbon server is initialized
-    -->
-    <ServerInitializers>
-        <!--<Initializer></Initializer>-->
-    </ServerInitializers>
-    
-    <!--
-    Indicates whether the Carbon Servlet is required by the system, and whether it should be
-    registered
-    -->
-    <RequireCarbonServlet>${require.carbon.servlet}</RequireCarbonServlet>
-
-    <!--
-    Carbon H2 OSGI Configuration
-    By default non of the servers start.
-        name="web" - Start the web server with the H2 Console
-        name="webPort" - The port (default: 8082)
-        name="webAllowOthers" - Allow other computers to connect
-        name="webSSL" - Use encrypted (HTTPS) connections
-        name="tcp" - Start the TCP server
-        name="tcpPort" - The port (default: 9092)
-        name="tcpAllowOthers" - Allow other computers to connect
-        name="tcpSSL" - Use encrypted (SSL) connections
-        name="pg" - Start the PG server
-        name="pgPort"  - The port (default: 5435)
-        name="pgAllowOthers"  - Allow other computers to connect
-        name="trace" - Print additional trace information; for all servers
-        name="baseDir" - The base directory for H2 databases; for all servers  
-    -->
-    <!--H2DatabaseConfiguration>
-        <property name="web" />
-        <property name="webPort">8082</property>
-        <property name="webAllowOthers" />
-        <property name="webSSL" />
-        <property name="tcp" />
-        <property name="tcpPort">9092</property>
-        <property name="tcpAllowOthers" />
-        <property name="tcpSSL" />
-        <property name="pg" />
-        <property name="pgPort">5435</property>
-        <property name="pgAllowOthers" />
-        <property name="trace" />
-        <property name="baseDir">${carbon.home}</property>
-    </H2DatabaseConfiguration-->
-    <!--Disabling statistics reporter by default-->
-    <StatisticsReporterDisabled>true</StatisticsReporterDisabled>
-
-    <!-- Enable accessing Admin Console via HTTP -->
-    <!-- EnableHTTPAdminConsole>true</EnableHTTPAdminConsole -->
-
-    <!--
-       Default Feature Repository of WSO2 Carbon.
-    -->
-    <FeatureRepository>
-	    <RepositoryName>default repository</RepositoryName>
-	    <RepositoryURL>${p2.repo.url}</RepositoryURL>
-    </FeatureRepository>
-
-    <!--
-	Configure API Management
-   -->
-   <APIManagement>
-	
-	<!--Uses the embedded API Manager by default. If you want to use an external 
-	API Manager instance to manage APIs, configure below  externalAPIManager-->
-	
-	<Enabled>true</Enabled>
-	
-	<!--Uncomment and configure API Gateway and 
-	Publisher URLs to use external API Manager instance-->
-	
-	<!--ExternalAPIManager>
-
-		<APIGatewayURL>http://localhost:8281</APIGatewayURL>
-		<APIPublisherURL>http://localhost:8281/publisher</APIPublisherURL>
-
-	</ExternalAPIManager-->
-	
-	<LoadAPIContextsInServerStartup>true</LoadAPIContextsInServerStartup>
-   </APIManagement>
-</Server>

components/device-mgt-extensions/io.entgra.device.mgt.core.device.mgt.extensions.push.notification.provider.xmpp/pom.xml

@@ -22,7 +22,7 @@
     <parent>
         <artifactId>device-mgt-extensions</artifactId>
         <groupId>io.entgra.device.mgt.core</groupId>
-        <version>5.0.26-SNAPSHOT</version>
+        <version>5.0.27-SNAPSHOT</version>
         <relativePath>../pom.xml</relativePath>
     </parent>
 

components/device-mgt-extensions/io.entgra.device.mgt.core.device.mgt.extensions.stateengine/pom.xml

@@ -22,7 +22,7 @@
     <parent>
         <artifactId>device-mgt-extensions</artifactId>
         <groupId>io.entgra.device.mgt.core</groupId>
-        <version>5.0.26-SNAPSHOT</version>
+        <version>5.0.27-SNAPSHOT</version>
         <relativePath>../pom.xml</relativePath>
     </parent>
 

components/device-mgt-extensions/pom.xml

@@ -22,7 +22,7 @@
     <parent>
         <artifactId>io.entgra.device.mgt.core.parent</artifactId>
         <groupId>io.entgra.device.mgt.core</groupId>
-        <version>5.0.26-SNAPSHOT</version>
+        <version>5.0.27-SNAPSHOT</version>
         <relativePath>../../pom.xml</relativePath>
     </parent>
 

components/device-mgt/io.entgra.device.mgt.core.device.mgt.api/pom.xml

@@ -22,7 +22,7 @@
     <parent>
         <artifactId>device-mgt</artifactId>
         <groupId>io.entgra.device.mgt.core</groupId>
-        <version>5.0.26-SNAPSHOT</version>
+        <version>5.0.27-SNAPSHOT</version>
         <relativePath>../pom.xml</relativePath>
     </parent>
 
@@ -364,7 +364,7 @@
         </dependency>
         <dependency>
             <groupId>org.powermock</groupId>
-            <artifactId>powermock-api-mockito</artifactId>
+            <artifactId>powermock-api-mockito2</artifactId>
             <scope>test</scope>
         </dependency>
         <dependency>

components/device-mgt/io.entgra.device.mgt.core.device.mgt.api/src/main/java/io/entgra/device/mgt/core/device/mgt/api/jaxrs/service/api/GroupManagementService.java

@@ -26,6 +26,24 @@ import io.entgra.device.mgt.core.device.mgt.common.DeviceIdentifier;
 import io.entgra.device.mgt.core.device.mgt.common.group.mgt.DeviceGroup;
 import io.swagger.annotations.*;
 import org.apache.axis2.transport.http.HTTPConstants;
+import io.entgra.device.mgt.core.device.mgt.api.jaxrs.beans.DeviceGroupList;
+import io.entgra.device.mgt.core.device.mgt.api.jaxrs.beans.DeviceList;
+import io.entgra.device.mgt.core.device.mgt.api.jaxrs.beans.DeviceToGroupsAssignment;
+import io.entgra.device.mgt.core.device.mgt.api.jaxrs.beans.ErrorResponse;
+import io.entgra.device.mgt.core.device.mgt.api.jaxrs.beans.RoleList;
+import io.entgra.device.mgt.core.device.mgt.api.jaxrs.util.Constants;
+import io.entgra.device.mgt.core.device.mgt.common.group.mgt.DeviceGroupRoleWrapper;
+import io.swagger.annotations.Api;
+import io.swagger.annotations.ApiOperation;
+import io.swagger.annotations.ApiParam;
+import io.swagger.annotations.ApiResponse;
+import io.swagger.annotations.ApiResponses;
+import io.swagger.annotations.Extension;
+import io.swagger.annotations.ExtensionProperty;
+import io.swagger.annotations.Info;
+import io.swagger.annotations.ResponseHeader;
+import io.swagger.annotations.SwaggerDefinition;
+import io.swagger.annotations.Tag;
 
 import javax.validation.Valid;
 import javax.ws.rs.*;
@@ -159,6 +177,13 @@ import java.util.List;
                         key = "perm:groups:devices-types",
                         roles = {"Internal/devicemgt-user"},
                         permissions = {"/device-mgt/groups/devices/types"}
+                ),
+                @Scope(
+                        name = "View whether the groups has relevant device types",
+                        description = "View whether the groups has relevant device types",
+                        key = "perm:groups:add",
+                        roles = {"Internal/devicemgt-user"},
+                        permissions = {"/device-mgt/groups/device-types"}
                 )
         }
 )
@@ -1206,4 +1231,77 @@ public interface GroupManagementService {
                     required = true)
             List<String> identifiers);
 
+
+    @POST
+    @Path("/roles/share")
+    @ApiOperation(
+            produces = MediaType.APPLICATION_JSON,
+            httpMethod = HTTPConstants.HEADER_POST,
+            value = "Consolidated API for Creating a Device Group, Adding Devices, and Sharing",
+            notes = "This API can be used to create a new device group, add devices to the group, and share the group with user roles.",
+            tags = "Device Group Management",
+            extensions = {
+                    @Extension(properties = {
+                            @ExtensionProperty(name = Constants.SCOPE, value = "perm:groups:add")
+                    })
+            }
+    )
+    @ApiResponses(
+            value = {
+                    @ApiResponse(
+                            code = 201,
+                            message = "Created. \n Device group has successfully been created.",
+                            responseHeaders = {
+                                    @ResponseHeader(
+                                            name = "Content-Location",
+                                            description = "The URL of the created group."),
+                                    @ResponseHeader(
+                                            name = "Content-Type",
+                                            description = "The content type of the body."),
+                                    @ResponseHeader(
+                                            name = "ETag",
+                                            description = "Entity Tag of the response resource.\n" +
+                                                    "Used by caches, or in conditional requests."),
+                                    @ResponseHeader(
+                                            name = "Last-Modified",
+                                            description = "Date and time the resource has been modified the last time.\n" +
+                                                    "Used by caches, or in conditional requests.")
+                            }
+                    ),
+                    @ApiResponse(
+                            code = 303,
+                            message = "See Other. \n Source can be retrieved from the URL specified at the Location " +
+                                    "header.",
+                            responseHeaders = {
+                                    @ResponseHeader(
+                                            name = "Content-Location",
+                                            description = "The Source URL of the document.")}),
+                    @ApiResponse(
+                            code = 400,
+                            message = "Bad Request. \n Invalid request or validation error.",
+                            response = ErrorResponse.class),
+                    @ApiResponse(
+                            code = 401,
+                            message = "Unauthorized. \n Current logged in user is not authorized to perform the operation.",
+                            response = ErrorResponse.class),
+                    @ApiResponse(
+                            code = 404,
+                            message = "Group not found.",
+                            response = ErrorResponse.class),
+                    @ApiResponse(
+                            code = 406,
+                            message = "Not Acceptable.\n The requested media type is not supported."),
+                    @ApiResponse(
+                            code = 500,
+                            message = "Internal Server Error. \n " +
+                                    "Server error occurred while creating the group or adding devices or sharing the group.",
+                            response = ErrorResponse.class)
+            })
+    Response createGroupWithRoles(
+            @ApiParam(
+                    name = "group",
+                    value = "Define the group object with data.",
+                    required = true)
+            @Valid DeviceGroupRoleWrapper group
+    );
 }

components/device-mgt/io.entgra.device.mgt.core.device.mgt.api/src/main/java/io/entgra/device/mgt/core/device/mgt/api/jaxrs/service/api/RoleManagementService.java

@@ -187,6 +187,104 @@ public interface RoleManagementService {
                     defaultValue = "5")
             @QueryParam("limit") int limit);
 
+    @GET
+    @Path("/visible/{metaKey}")
+    @ApiOperation(
+            produces = MediaType.APPLICATION_JSON,
+            httpMethod = "GET",
+            value = "Getting the List of Visible Roles",
+            notes = "WSO2 IoTS supports role-based access control (RBAC) and role management. Using this API you can the list of roles that are in WSO2 IoTS.\n" +
+                    "Note: Internal roles, roles created for service-providers, and application related roles will not be given in the output.",
+            tags = "Role Management",
+            extensions = {
+                    @Extension(properties = {
+                            @ExtensionProperty(name = Constants.SCOPE, value = "perm:roles:view")
+                    })
+            }
+    )
+    @ApiResponses(value = {
+            @ApiResponse(
+                    code = 200,
+                    message = "OK. \n Successfully fetched the list of roles in WSO2 IoTS.",
+                    response = RoleList.class,
+                    responseHeaders = {
+                            @ResponseHeader(
+                                    name = "Content-Type",
+                                    description = "The content type of the body"),
+                            @ResponseHeader(
+                                    name = "ETag",
+                                    description = "Entity Tag of the response resource.\n" +
+                                            "Used by caches, or in conditional requests."),
+                            @ResponseHeader(
+                                    name = "Last-Modified",
+                                    description = "Date and time the resource has been modified the last time.\n" +
+                                            "Used by caches, or in conditional requests."),
+                    }),
+            @ApiResponse(
+                    code = 304,
+                    message = "Not Modified. \n Empty body because the client already has the latest version of the " +
+                            "requested resource."),
+            @ApiResponse(
+                    code = 404,
+                    message = "Not Found. \n The specified resource does not exist.\n",
+                    response = ErrorResponse.class),
+            @ApiResponse(
+                    code = 406,
+                    message = "Not Acceptable.\n The requested media type is not supported",
+                    response = ErrorResponse.class),
+            @ApiResponse(
+                    code = 500,
+                    message = "Internal Server Error. \n Server error occurred while fetching the list of roles" +
+                            " assigned to the specified user.",
+                    response = ErrorResponse.class)
+    })
+    Response getVisibleRole(
+            @ApiParam(
+                    name = "filter",
+                    value = "Provide a character or a few characters in the role name.",
+                    required = false)
+            @QueryParam("filter") String filter,
+            @ApiParam(
+                    name = "user-store",
+                    value = "The name of the UserStore you wish to get the list of roles.",
+                    required = false)
+            @QueryParam("user-store") String userStoreName,
+            @ApiParam(
+                    name = "If-Modified-Since",
+                    value = "Checks if the requested variant was modified, since the specified date-time." +
+                            "Provide the value in the following format: EEE, d MMM yyyy HH:mm:ss Z.\n" +
+                            "Example: Mon, 05 Jan 2014 15:10:00 +0200",
+                    required = false)
+            @HeaderParam("If-Modified-Since") String ifModifiedSince,
+            @ApiParam(
+                    name = "offset",
+                    value = "The starting pagination index for the complete list of qualified items.",
+                    required = false,
+                    defaultValue = "0")
+            @QueryParam("offset") int offset,
+            @ApiParam(
+                    name = "limit",
+                    value = "Provide how many role details you require from the starting pagination index/offset.",
+                    required = false,
+                    defaultValue = "5")
+            @QueryParam("limit") int limit,
+            @ApiParam(
+                    name = "username",
+                    value = "The username of the user.",
+                    required = true,
+                    defaultValue = "admin")
+            @QueryParam("username") String username,
+            @ApiParam(
+                    name = "domain",
+                    value = "The domain name of the user store.",
+                    required = false)
+            @QueryParam("domain") String domain,
+            @ApiParam(
+                    name = "metaKey",
+                    value = "Key of the metadata",
+                    required = true)
+            @PathParam("metaKey") String metaKey);
+
         @GET
         @Path("/filter/{prefix}")
         @ApiOperation(

components/device-mgt/io.entgra.device.mgt.core.device.mgt.api/src/main/java/io/entgra/device/mgt/core/device/mgt/api/jaxrs/service/api/admin/GroupManagementAdminService.java

@@ -27,8 +27,16 @@ import io.entgra.device.mgt.core.device.mgt.common.group.mgt.DeviceGroup;
 import io.swagger.annotations.*;
 import org.apache.axis2.transport.http.HTTPConstants;
 
+import io.entgra.device.mgt.core.device.mgt.common.group.mgt.DeviceGroupRoleWrapper;
 import javax.validation.Valid;
-import javax.ws.rs.*;
+
+import javax.ws.rs.Consumes;
+import javax.ws.rs.DefaultValue;
+import javax.ws.rs.GET;
+import javax.ws.rs.POST;
+import javax.ws.rs.Path;
+import javax.ws.rs.Produces;
+import javax.ws.rs.QueryParam;
 import javax.ws.rs.core.MediaType;
 import javax.ws.rs.core.Response;
 
@@ -358,4 +366,79 @@ public interface GroupManagementAdminService {
             required = true)
                          @Valid DeviceGroup group);
 
+
+
+    @POST
+    @Path("/roles/share")
+    @ApiOperation(
+            produces = MediaType.APPLICATION_JSON,
+            httpMethod = HTTPConstants.HEADER_POST,
+            value = "Consolidated API for Creating a Device Group, Adding Devices, and Sharing",
+            notes = "This API can be used to create a new device group, add devices to the group, and share the group with user roles.",
+            tags = "Device Group Management",
+            extensions = {
+                    @Extension(properties = {
+                            @ExtensionProperty(name = Constants.SCOPE, value = "perm:groups:add")
+                    })
+            }
+    )
+    @ApiResponses(
+            value = {
+                    @ApiResponse(
+                            code = 201,
+                            message = "Created. \n Device group has successfully been created.",
+                            responseHeaders = {
+                                    @ResponseHeader(
+                                            name = "Content-Location",
+                                            description = "The URL of the created group."),
+                                    @ResponseHeader(
+                                            name = "Content-Type",
+                                            description = "The content type of the body."),
+                                    @ResponseHeader(
+                                            name = "ETag",
+                                            description = "Entity Tag of the response resource.\n" +
+                                                    "Used by caches, or in conditional requests."),
+                                    @ResponseHeader(
+                                            name = "Last-Modified",
+                                            description = "Date and time the resource has been modified the last time.\n" +
+                                                    "Used by caches, or in conditional requests.")
+                            }
+                    ),
+                    @ApiResponse(
+                            code = 303,
+                            message = "See Other. \n Source can be retrieved from the URL specified at the Location " +
+                                    "header.",
+                            responseHeaders = {
+                                    @ResponseHeader(
+                                            name = "Content-Location",
+                                            description = "The Source URL of the document.")}),
+                    @ApiResponse(
+                            code = 400,
+                            message = "Bad Request. \n Invalid request or validation error.",
+                            response = ErrorResponse.class),
+                    @ApiResponse(
+                            code = 401,
+                            message = "Unauthorized. \n Current logged in user is not authorized to perform the operation.",
+                            response = ErrorResponse.class),
+                    @ApiResponse(
+                            code = 404,
+                            message = "Group not found.",
+                            response = ErrorResponse.class),
+                    @ApiResponse(
+                            code = 406,
+                            message = "Not Acceptable.\n The requested media type is not supported."),
+                    @ApiResponse(
+                            code = 500,
+                            message = "Internal Server Error. \n " +
+                                    "Server error occurred while creating the group or adding devices or sharing the group.",
+                            response = ErrorResponse.class)
+            })
+    Response createGroupWithRoles(@ApiParam(
+            name = "group",
+            value = "Define the group object with data.",
+            required = true)
+                                  @Valid DeviceGroupRoleWrapper group
+
+    );
+
 }

components/device-mgt/io.entgra.device.mgt.core.device.mgt.api/src/main/java/io/entgra/device/mgt/core/device/mgt/api/jaxrs/service/impl/DeviceManagementServiceImpl.java

@@ -23,6 +23,11 @@ import io.entgra.device.mgt.core.apimgt.application.extension.APIManagementProvi
 import io.entgra.device.mgt.core.apimgt.application.extension.APIManagementProviderServiceImpl;
 import io.entgra.device.mgt.core.apimgt.application.extension.dto.ApiApplicationKey;
 import io.entgra.device.mgt.core.apimgt.application.extension.exception.APIManagerException;
+import io.entgra.device.mgt.core.apimgt.application.extension.internal.APIApplicationManagerExtensionDataHolder;
+import io.entgra.device.mgt.core.apimgt.extension.rest.api.APIApplicationServices;
+import io.entgra.device.mgt.core.apimgt.extension.rest.api.APIApplicationServicesImpl;
+import io.entgra.device.mgt.core.apimgt.extension.rest.api.dto.APIApplicationKey;
+import io.entgra.device.mgt.core.apimgt.extension.rest.api.exceptions.APIServicesException;
 import io.entgra.device.mgt.core.apimgt.keymgt.extension.DCRResponse;
 import io.entgra.device.mgt.core.apimgt.keymgt.extension.TokenRequest;
 import io.entgra.device.mgt.core.apimgt.keymgt.extension.TokenResponse;
@@ -804,11 +809,12 @@ public class DeviceManagementServiceImpl implements DeviceManagementService {
             //todo - lasantha - can't get password from here
             ApiApplicationKey apiApplicationKey;
             try {
-                DCRResponse adminDCRResponse = keyMgtService.dynamicClientRegistration(applicationName,
+
-                        PrivilegedCarbonContext.getThreadLocalCarbonContext().getUserRealm()
+                APIApplicationServices apiApplicationServices = DeviceMgtAPIUtils.getApiApplicationServices();
-                                .getRealmConfiguration().getAdminUserName(),
+                APIApplicationKey adminDCRResponse = apiApplicationServices.createAndRetrieveApplicationCredentials(
-                        "client_credentials", null, new String[] {"device_management"}, false, validityTime, PrivilegedCarbonContext.getThreadLocalCarbonContext().getUserRealm()
+                        "ClientForJWTTokenGeneration",
-                                .getRealmConfiguration().getAdminPassword());
+                        "client_credentials password refresh_token urn:ietf:params:oauth:grant-type:jwt-bearer"
+                );
 
                 PrivilegedCarbonContext ctx = PrivilegedCarbonContext.getThreadLocalCarbonContext();
                 JWTClientManagerService jwtClientManagerService = (JWTClientManagerService) ctx.
@@ -816,11 +822,14 @@ public class DeviceManagementServiceImpl implements DeviceManagementService {
                 JWTClient jwtClient = jwtClientManagerService.getJWTClient();
                 AccessTokenInfo accessTokenInfo = jwtClient.getAccessToken(adminDCRResponse.getClientId(),
                         adminDCRResponse.getClientSecret(),
-                        username, "appm:subscribe");
+                        username, "appm:subscribe apim:admin apim:api_key apim:app_import_export apim:app_manage" +
+                                " apim:store_settings apim:sub_alert_manage apim:sub_manage apim:subscribe openid perm:device:enroll " +
+                                "perm:devices:details perm:devices:features perm:devices:search perm:devices:view perm:groups:groups " +
+                                "perm:users:send-invitation");
 
                 APIManagementProviderService apiManagementProviderService = DeviceMgtAPIUtils.getAPIManagementService();
                 apiApplicationKey = apiManagementProviderService.generateAndRetrieveApplicationKeys(applicationName,
-                        new String[] {"device_management"}, null, false, String.valueOf(validityTime),
+                        new String[] {"device_management"}, "PRODUCTION", false, String.valueOf(validityTime),
                         accessTokenInfo.getAccessToken());
 
             } catch (JWTClientException e) {
@@ -828,8 +837,8 @@ public class DeviceManagementServiceImpl implements DeviceManagementService {
                 log.error(msg, e);
                 return Response.serverError().entity(
                         new ErrorResponse.ErrorResponseBuilder().setMessage(msg).build()).build();
-            } catch (UserStoreException e) {
+            } catch (APIServicesException e) {
-                String msg = "Error while getting user credentials.";
+                String msg = "Error while generating api Application";
                 log.error(msg, e);
                 return Response.serverError().entity(
                         new ErrorResponse.ErrorResponseBuilder().setMessage(msg).build()).build();

components/device-mgt/io.entgra.device.mgt.core.device.mgt.api/src/main/java/io/entgra/device/mgt/core/device/mgt/api/jaxrs/service/impl/GroupManagementServiceImpl.java

@@ -18,6 +18,28 @@
 
 package io.entgra.device.mgt.core.device.mgt.api.jaxrs.service.impl;
 
+import io.entgra.device.mgt.core.device.mgt.common.group.mgt.DeviceGroup;
+import io.entgra.device.mgt.core.device.mgt.common.group.mgt.DeviceGroupConstants;
+import io.entgra.device.mgt.core.device.mgt.common.group.mgt.DeviceGroupRoleWrapper;
+import io.entgra.device.mgt.core.device.mgt.common.group.mgt.DeviceTypesOfGroups;
+import io.entgra.device.mgt.core.device.mgt.common.group.mgt.GroupAlreadyExistException;
+import io.entgra.device.mgt.core.device.mgt.common.group.mgt.GroupManagementException;
+import io.entgra.device.mgt.core.device.mgt.common.group.mgt.GroupNotExistException;
+import io.entgra.device.mgt.core.device.mgt.common.group.mgt.RoleDoesNotExistException;
+import org.apache.commons.logging.Log;
+import org.apache.commons.logging.LogFactory;
+import org.wso2.carbon.CarbonConstants;
+import org.wso2.carbon.context.CarbonContext;
+import org.wso2.carbon.context.PrivilegedCarbonContext;
+import io.entgra.device.mgt.core.device.mgt.common.Device;
+import io.entgra.device.mgt.core.device.mgt.common.DeviceIdentifier;
+import io.entgra.device.mgt.core.device.mgt.common.EnrolmentInfo;
+import io.entgra.device.mgt.core.device.mgt.common.GroupPaginationRequest;
+import io.entgra.device.mgt.core.device.mgt.common.PaginationResult;
+import io.entgra.device.mgt.core.device.mgt.common.exceptions.DeviceManagementException;
+import io.entgra.device.mgt.core.device.mgt.common.exceptions.DeviceNotFoundException;
+import io.entgra.device.mgt.core.device.mgt.core.service.DeviceManagementProviderService;
+import io.entgra.device.mgt.core.device.mgt.core.service.GroupManagementProviderService;
 import io.entgra.device.mgt.core.device.mgt.api.jaxrs.beans.DeviceGroupList;
 import io.entgra.device.mgt.core.device.mgt.api.jaxrs.beans.DeviceList;
 import io.entgra.device.mgt.core.device.mgt.api.jaxrs.beans.DeviceToGroupsAssignment;
@@ -37,10 +59,21 @@ import org.apache.commons.logging.Log;
 import org.apache.commons.logging.LogFactory;
 import org.wso2.carbon.CarbonConstants;
 import org.wso2.carbon.context.PrivilegedCarbonContext;
+import org.wso2.carbon.user.api.UserRealm;
+import org.wso2.carbon.user.api.UserStoreException;
 
 import javax.ws.rs.*;
+import javax.naming.InitialContext;
+import javax.naming.NamingException;
+import javax.transaction.UserTransaction;
+import javax.ws.rs.DefaultValue;
+import javax.ws.rs.GET;
+import javax.ws.rs.POST;
+import javax.ws.rs.Path;
+import javax.ws.rs.QueryParam;
 import javax.ws.rs.core.Response;
 import java.util.ArrayList;
+import java.util.Arrays;
 import java.util.List;
 
 public class GroupManagementServiceImpl implements GroupManagementService {
@@ -94,8 +127,18 @@ public class GroupManagementServiceImpl implements GroupManagementService {
             request.setGroupName(name);
             request.setOwner(owner);
             request.setDepth(depth);
-            PaginationResult deviceGroupsResult = DeviceMgtAPIUtils.getGroupManagementProviderService()
+            int tenantId = CarbonContext.getThreadLocalCarbonContext().getTenantId();
-                    .getGroupsWithHierarchy(currentUser, request, requireGroupProps);
+            UserRealm realmService = DeviceMgtAPIUtils.getRealmService().getTenantUserRealm(tenantId);
+            String[] roles = realmService.getUserStoreManager().getRoleListOfUser(currentUser);
+            boolean hasAdminRole = Arrays.asList(roles).contains(DEFAULT_ADMIN_ROLE);
+            PaginationResult deviceGroupsResult;
+            if (hasAdminRole) {
+                deviceGroupsResult = DeviceMgtAPIUtils.getGroupManagementProviderService()
+                        .getGroupsWithHierarchy(null, request, requireGroupProps);
+            } else{
+                deviceGroupsResult = DeviceMgtAPIUtils.getGroupManagementProviderService()
+                        .getGroupsWithHierarchy(currentUser, request, requireGroupProps);
+            }
             DeviceGroupList deviceGroupList = new DeviceGroupList();
             deviceGroupList.setList(deviceGroupsResult.getData());
             deviceGroupList.setCount(deviceGroupsResult.getRecordsTotal());
@@ -104,6 +147,10 @@ public class GroupManagementServiceImpl implements GroupManagementService {
             String error = "Error occurred while retrieving groups with hierarchy.";
             log.error(error, e);
             return Response.status(Response.Status.INTERNAL_SERVER_ERROR).entity(error).build();
+        } catch (UserStoreException e) {
+            String msg = "Error occurred while getting user realm.";
+            log.error(msg, e);
+            return Response.status(Response.Status.INTERNAL_SERVER_ERROR).entity(msg).build();
         }
     }
 
@@ -416,4 +463,38 @@ public class GroupManagementServiceImpl implements GroupManagementService {
         }
     }
 
+    @POST
+    @Path("/roles/share")
+    @Override
+    public Response createGroupWithRoles(DeviceGroupRoleWrapper groups) {
+        if (groups == null) {
+            return Response.status(Response.Status.BAD_REQUEST).build();
+        }
+        groups.setOwner(PrivilegedCarbonContext.getThreadLocalCarbonContext().getUsername());
+        groups.setStatus(DeviceGroupConstants.GroupStatus.ACTIVE);
+        try {
+            DeviceMgtAPIUtils.getGroupManagementProviderService().createGroupWithRoles(groups, DEFAULT_ADMIN_ROLE, DEFAULT_ADMIN_PERMISSIONS);
+            DeviceGroup group = DeviceMgtAPIUtils.getGroupManagementProviderService().getGroup(groups.getName(),
+                    PrivilegedCarbonContext.getThreadLocalCarbonContext().getUsername().isEmpty());
+            if (group != null) {
+                DeviceMgtAPIUtils.getGroupManagementProviderService().manageGroupSharing(group.getGroupId(), groups.getUserRoles());
+                return Response.status(Response.Status.CREATED).entity(group.getGroupId()).build();
+            } else {
+                String msg = "Error occurred while retrieving newly created group.";
+                log.error(msg);
+                return Response.status(Response.Status.INTERNAL_SERVER_ERROR).entity(msg).build();
+            }
+        } catch (GroupManagementException e) {
+            String msg = "Error occurred while adding " + groups.getName() + " group";
+            log.error(msg, e);
+            return Response.status(Response.Status.INTERNAL_SERVER_ERROR).entity(msg).build();
+        } catch (GroupAlreadyExistException e) {
+            String msg = "Group already exists with name : " + groups.getName() + " Try with another group name.";
+            log.error(msg, e);
+            return Response.status(Response.Status.CONFLICT).entity(msg).build();
+        } catch (RoleDoesNotExistException e) {
+            return Response.status(Response.Status.BAD_REQUEST).entity(e.getMessage()).build();
+        }
+    }
+
 }

components/device-mgt/io.entgra.device.mgt.core.device.mgt.api/src/main/java/io/entgra/device/mgt/core/device/mgt/api/jaxrs/service/impl/RoleManagementServiceImpl.java

@@ -17,6 +17,14 @@
  */
 package io.entgra.device.mgt.core.device.mgt.api.jaxrs.service.impl;
 
+import com.google.common.base.Strings;
+import io.entgra.device.mgt.core.device.mgt.common.exceptions.MetadataManagementException;
+import io.entgra.device.mgt.core.device.mgt.common.group.mgt.GroupManagementException;
+import io.entgra.device.mgt.core.device.mgt.common.metadata.mgt.Metadata;
+import org.apache.axis2.databinding.types.xsd._boolean;
+import org.json.simple.JSONObject;
+import org.json.simple.parser.JSONParser;
+import org.json.simple.parser.ParseException;
 import io.entgra.device.mgt.core.device.mgt.api.jaxrs.beans.ErrorResponse;
 import io.entgra.device.mgt.core.device.mgt.api.jaxrs.beans.RoleInfo;
 import io.entgra.device.mgt.core.device.mgt.api.jaxrs.beans.RoleList;
@@ -28,6 +36,7 @@ import io.entgra.device.mgt.core.device.mgt.api.jaxrs.util.DeviceMgtAPIUtils;
 import io.entgra.device.mgt.core.device.mgt.api.jaxrs.util.SetReferenceTransformer;
 import org.apache.commons.logging.Log;
 import org.apache.commons.logging.LogFactory;
+import org.springframework.util.StringUtils;
 import org.wso2.carbon.CarbonConstants;
 import org.wso2.carbon.base.MultitenantConstants;
 import org.wso2.carbon.context.CarbonContext;
@@ -50,6 +59,12 @@ import java.net.URI;
 import java.net.URISyntaxException;
 import java.net.URLEncoder;
 import java.util.*;
+import java.util.ArrayList;
+import java.util.Arrays;
+import java.util.HashSet;
+import java.util.List;
+import java.util.Optional;
+import java.util.Set;
 
 import static io.entgra.device.mgt.core.device.mgt.api.jaxrs.util.Constants.PRIMARY_USER_STORE;
 
@@ -97,6 +112,96 @@ public class RoleManagementServiceImpl implements RoleManagementService {
         }
     }
 
+    @GET
+    @Path("/visible/{metaKey}")
+    @Override
+    public Response getVisibleRole(
+            @QueryParam("filter") String filter,
+            @QueryParam("user-store") String userStore,
+            @HeaderParam("If-Modified-Since") String ifModifiedSince,
+            @QueryParam("offset") int offset,
+            @QueryParam("limit") int limit,
+            @QueryParam("username") String username,
+            @QueryParam("domain") String domain,
+            @PathParam("metaKey") String metaKey) {
+        RequestValidationUtil.validatePaginationParameters(offset, limit);
+        if (limit == 0){
+            limit = Constants.DEFAULT_PAGE_LIMIT;
+        }
+        if (!Strings.isNullOrEmpty(domain)) {
+            username = domain + '/' + username;
+        }
+        Metadata metadata;
+        List<String> visibleRoles;
+        RoleList visibleRoleList = new RoleList();
+        try {
+            metadata = DeviceMgtAPIUtils.getMetadataManagementService().retrieveMetadata(metaKey);
+            String metaValue = metadata.getMetaValue();
+            JSONParser parser = new JSONParser();
+            JSONObject jsonObject = (JSONObject) parser.parse(metaValue);
+            boolean decision = (boolean) jsonObject.get(Constants.IS_USER_ABLE_TO_VIEW_ALL_ROLES);
+            if (decision) {
+                if (Strings.isNullOrEmpty(userStore)){
+                    userStore = PRIMARY_USER_STORE;
+                }
+                try {
+                    visibleRoles = getRolesFromUserStore(filter, userStore);
+                    visibleRoleList.setList(visibleRoles);
+
+                    visibleRoles = FilteringUtil.getFilteredList(getRolesFromUserStore(filter, userStore), offset, limit);
+                    visibleRoleList.setList(visibleRoles);
+
+                    return Response.status(Response.Status.OK).entity(visibleRoleList).build();
+                } catch (UserStoreException e) {
+                    String msg = "Error occurred while retrieving roles from the underlying user stores";
+                    log.error(msg, e);
+                    return Response.serverError().entity(
+                            new ErrorResponse.ErrorResponseBuilder().setMessage(msg).build()).build();
+                }
+            } else {
+                try {
+                    UserStoreManager userStoreManager = DeviceMgtAPIUtils.getUserStoreManager();
+                    if (!userStoreManager.isExistingUser(username)) {
+                        if (log.isDebugEnabled()) {
+                            log.debug("User by username: " + username + " does not exist for role retrieval.");
+                        }
+                        String msg = "User by username: " + username + " does not exist for role retrieval.";
+                        return Response.status(Response.Status.NOT_FOUND).entity(msg).build();
+                    }
+                    visibleRoleList.setList(getFilteredVisibleRoles(userStoreManager, username));
+
+                    return Response.status(Response.Status.OK).entity(visibleRoleList).build();
+                } catch (UserStoreException e) {
+                    String msg = "Error occurred while trying to retrieve roles of the user '" + username + "'";
+                    log.error(msg, e);
+                    return Response.serverError().entity(
+                            new ErrorResponse.ErrorResponseBuilder().setMessage(msg).build()).build();
+                }
+            }
+        } catch (MetadataManagementException e) {
+            String msg = "Error occurred while getting the metadata entry for metaKey:" + metaKey;
+            log.error(msg, e);
+            return Response.status(Response.Status.INTERNAL_SERVER_ERROR).entity(msg).build();
+        } catch (ParseException e) {
+            String msg = "Error occurred while parsing JSON metadata: " + e.getMessage();
+            log.error(msg, e);
+            return Response.status(Response.Status.BAD_REQUEST).entity(msg).build();
+        }
+    }
+
+    private List<String> getFilteredVisibleRoles(UserStoreManager userStoreManager, String username)
+            throws UserStoreException {
+        String[] roleListOfUser;
+        roleListOfUser = userStoreManager.getRoleListOfUser(username);
+        List<String> filteredRoles = new ArrayList<>();
+        for (String role : roleListOfUser) {
+            if (!(role.startsWith("Internal/") || role.startsWith("Authentication/"))) {
+                filteredRoles.add(role);
+            }
+        }
+        return filteredRoles;
+    }
+
     @GET
     @Path("/filter/{prefix}")
     @Override
@@ -542,6 +647,7 @@ public class RoleManagementServiceImpl implements RoleManagementService {
     @Consumes(MediaType.WILDCARD)
     @Override
     public Response deleteRole(@PathParam("roleName") String roleName, @QueryParam("user-store") String userStoreName) {
+        String roleToDelete = roleName;
         if (userStoreName != null && !userStoreName.isEmpty()) {
             roleName = userStoreName + "/" + roleName;
         }
@@ -549,6 +655,7 @@ public class RoleManagementServiceImpl implements RoleManagementService {
         try {
             final UserRealm userRealm = DeviceMgtAPIUtils.getUserRealm();
             final UserStoreManager userStoreManager = userRealm.getUserStoreManager();
+            int tenantId = CarbonContext.getThreadLocalCarbonContext().getTenantId();
             if (!userStoreManager.isExistingRole(roleName)) {
                 String msg = "No role exists with the name : " + roleName ;
                 return Response.status(404).entity(msg).build();
@@ -558,16 +665,18 @@ public class RoleManagementServiceImpl implements RoleManagementService {
             if (log.isDebugEnabled()) {
                 log.debug("Deleting the role in user store");
             }
-            userStoreManager.deleteRole(roleName);
+            DeviceMgtAPIUtils.getGroupManagementProviderService().deleteRoleAndRoleGroupMapping(roleName, roleToDelete, tenantId, userStoreManager, authorizationManager);
-            // Delete all authorizations for the current role before deleting
-            authorizationManager.clearRoleAuthorization(roleName);
-
             return Response.status(Response.Status.OK).build();
         } catch (UserStoreException e) {
             String msg = "Error occurred while deleting the role '" + roleName + "'";
             log.error(msg, e);
             return Response.serverError().entity(
                     new ErrorResponse.ErrorResponseBuilder().setMessage(msg).build()).build();
+        } catch (GroupManagementException e) {
+            String msg = "Error occurred while deleting group-role mapping records";
+            log.error(msg, e);
+            return Response.serverError().entity(
+                    new ErrorResponse.ErrorResponseBuilder().setMessage(msg).build()).build();
         }
     }
 
@@ -597,7 +706,7 @@ public class RoleManagementServiceImpl implements RoleManagementService {
             userStoreManager.updateUserListOfRole(roleName, usersToDelete, usersToAdd);
 
             return Response.status(Response.Status.OK).entity("Role '" + roleName + "' has " +
-                    "successfully been updated with the user list")
+                            "successfully been updated with the user list")
                     .build();
         } catch (UserStoreException e) {
             String msg = "Error occurred while updating the users of the role '" + roleName + "'";

components/device-mgt/io.entgra.device.mgt.core.device.mgt.api/src/main/java/io/entgra/device/mgt/core/device/mgt/api/jaxrs/service/impl/UserManagementServiceImpl.java

@@ -424,6 +424,9 @@ public class UserManagementServiceImpl implements UserManagementService {
             userList = new ArrayList<>(users.size());
             BasicUserInfo user;
             for (String username : users) {
+                if (Constants.APIM_RESERVED_USER.equals(username) || Constants.RESERVED_USER.equals(username)) {
+                    continue;
+                }
                 user = getBasicUserInfo(username);
                 userList.add(user);
             }
@@ -484,6 +487,10 @@ public class UserManagementServiceImpl implements UserManagementService {
             if (StringUtils.isNotEmpty(username)) {
                 commonUsers = getUserList(null, username);
             }
+            if (commonUsers != null) {
+                commonUsers.remove(Constants.APIM_RESERVED_USER);
+                commonUsers.remove(Constants.RESERVED_USER);
+            }
 
             if (!skipSearch(commonUsers) && StringUtils.isNotEmpty(firstName)) {
                 tempList = getUserList(Constants.USER_CLAIM_FIRST_NAME, firstName);
@@ -658,6 +665,9 @@ public class UserManagementServiceImpl implements UserManagementService {
             userList = new ArrayList<>();
             UserInfo user;
             for (String username : users) {
+                if (Constants.APIM_RESERVED_USER.equals(username) || Constants.RESERVED_USER.equals(username)) {
+                    continue;
+                }
                 user = new UserInfo();
                 user.setUsername(username);
                 user.setEmailAddress(getClaimValue(username, Constants.USER_CLAIM_EMAIL_ADDRESS));

components/device-mgt/io.entgra.device.mgt.core.device.mgt.api/src/main/java/io/entgra/device/mgt/core/device/mgt/api/jaxrs/service/impl/admin/GroupManagementAdminServiceImpl.java

@@ -29,13 +29,34 @@ import io.entgra.device.mgt.core.device.mgt.common.group.mgt.GroupAlreadyExistEx
 import io.entgra.device.mgt.core.device.mgt.common.group.mgt.GroupManagementException;
 import org.apache.commons.logging.Log;
 import org.apache.commons.logging.LogFactory;
+import io.entgra.device.mgt.core.device.mgt.common.group.mgt.DeviceGroup;
+import io.entgra.device.mgt.core.device.mgt.common.group.mgt.DeviceGroupConstants;
+import io.entgra.device.mgt.core.device.mgt.common.group.mgt.DeviceGroupRoleWrapper;
+import io.entgra.device.mgt.core.device.mgt.common.group.mgt.GroupAlreadyExistException;
+import io.entgra.device.mgt.core.device.mgt.common.group.mgt.GroupManagementException;
+import io.entgra.device.mgt.core.device.mgt.common.group.mgt.RoleDoesNotExistException;
+import org.apache.commons.logging.Log;
+import org.apache.commons.logging.LogFactory;
+import io.entgra.device.mgt.core.device.mgt.common.GroupPaginationRequest;
+import io.entgra.device.mgt.core.device.mgt.common.PaginationResult;
+import io.entgra.device.mgt.core.device.mgt.api.jaxrs.beans.DeviceGroupList;
+import io.entgra.device.mgt.core.device.mgt.api.jaxrs.service.api.admin.GroupManagementAdminService;
+import io.entgra.device.mgt.core.device.mgt.api.jaxrs.service.impl.util.RequestValidationUtil;
+import io.entgra.device.mgt.core.device.mgt.api.jaxrs.util.DeviceMgtAPIUtils;
+import org.wso2.carbon.context.CarbonContext;
+import org.wso2.carbon.context.PrivilegedCarbonContext;
+import org.apache.commons.lang.StringUtils;
+import org.wso2.carbon.user.api.UserRealm;
+import org.wso2.carbon.user.api.UserStoreException;
 
 import javax.ws.rs.DefaultValue;
 import javax.ws.rs.GET;
+import javax.ws.rs.POST;
 import javax.ws.rs.Path;
 import javax.ws.rs.QueryParam;
 import javax.ws.rs.core.Response;
 import java.util.ArrayList;
+import java.util.Arrays;
 
 public class GroupManagementAdminServiceImpl implements GroupManagementAdminService {
 
@@ -90,13 +111,25 @@ public class GroupManagementAdminServiceImpl implements GroupManagementAdminServ
             @DefaultValue("5") @QueryParam("limit") int limit) {
         try {
             RequestValidationUtil.validatePaginationParameters(offset, limit);
+            String currentUser = PrivilegedCarbonContext.getThreadLocalCarbonContext().getUsername();
             GroupPaginationRequest request = new GroupPaginationRequest(offset, limit);
             request.setGroupName(name);
             request.setOwner(owner);
             request.setStatus(status);
             request.setDepth(depth);
-            PaginationResult deviceGroupsResult = DeviceMgtAPIUtils.getGroupManagementProviderService()
+            int tenantId = CarbonContext.getThreadLocalCarbonContext().getTenantId();
-                    .getGroupsWithHierarchy(null, request, requireGroupProps);
+            UserRealm realmService = DeviceMgtAPIUtils.getRealmService().getTenantUserRealm(tenantId);
+            String[] roles = realmService.getUserStoreManager().getRoleListOfUser(currentUser);
+            boolean isAdmin = DEFAULT_ADMIN_ROLE.equals(currentUser);
+            boolean hasAdminRole = Arrays.asList(roles).contains(DEFAULT_ADMIN_ROLE);
+            PaginationResult deviceGroupsResult;
+            if (StringUtils.isBlank(currentUser) || isAdmin || hasAdminRole) {
+                deviceGroupsResult = DeviceMgtAPIUtils.getGroupManagementProviderService()
+                        .getGroupsWithHierarchy(null, request, requireGroupProps);
+            } else {
+                deviceGroupsResult = DeviceMgtAPIUtils.getGroupManagementProviderService()
+                        .getGroupsWithHierarchy(currentUser, request, requireGroupProps);
+            }
             DeviceGroupList deviceGroupList = new DeviceGroupList();
             deviceGroupList.setList(deviceGroupsResult.getData());
             deviceGroupList.setCount(deviceGroupsResult.getRecordsTotal());
@@ -105,6 +138,10 @@ public class GroupManagementAdminServiceImpl implements GroupManagementAdminServ
             String error = "Error occurred while retrieving groups with hierarchy.";
             log.error(error, e);
             return Response.status(Response.Status.INTERNAL_SERVER_ERROR).entity(error).build();
+        } catch (UserStoreException e) {
+            String msg = "Error occurred while getting user realm.";
+            log.error(msg, e);
+            return Response.status(Response.Status.INTERNAL_SERVER_ERROR).entity(msg).build();
         }
     }
 
@@ -144,4 +181,30 @@ public class GroupManagementAdminServiceImpl implements GroupManagementAdminServ
             return Response.status(Response.Status.CONFLICT).entity(msg).build();
         }
     }
+    @POST
+    @Path("/roles/share")
+    @Override
+    public Response createGroupWithRoles(DeviceGroupRoleWrapper group) {
+        if (group == null) {
+            return Response.status(Response.Status.BAD_REQUEST).build();
+        }
+        group.setOwner(PrivilegedCarbonContext.getThreadLocalCarbonContext().getUsername());
+        group.setStatus(DeviceGroupConstants.GroupStatus.ACTIVE);
+        try {
+            DeviceMgtAPIUtils.getGroupManagementProviderService().createGroupWithRoles(group, DEFAULT_ADMIN_ROLE, DEFAULT_ADMIN_PERMISSIONS);
+            DeviceMgtAPIUtils.getGroupManagementProviderService().manageGroupSharing(group.getGroupId(), group.getUserRoles());
+            return Response.status(Response.Status.CREATED).build();
+        } catch (GroupManagementException e) {
+            String msg = "Error occurred while adding " + group.getName() + " group";
+            log.error(msg, e);
+            return Response.status(Response.Status.INTERNAL_SERVER_ERROR).entity(msg).build();
+        } catch (GroupAlreadyExistException e) {
+            String msg = "Group already exists with name : " + group.getName() + " Try with another group name.";
+            log.error(msg, e);
+            return Response.status(Response.Status.CONFLICT).entity(msg).build();
+        } catch (RoleDoesNotExistException e) {
+            return Response.status(Response.Status.BAD_REQUEST).entity(e.getMessage()).build();
+        }
+    }
+
 }

components/device-mgt/io.entgra.device.mgt.core.device.mgt.api/src/main/java/io/entgra/device/mgt/core/device/mgt/api/jaxrs/util/Constants.java

@@ -30,13 +30,16 @@ public class Constants {
 	public static final String USER_CLAIM_MODIFIED = "http://wso2.org/claims/modified";
 	public static final String USER_CLAIM_DEVICES = "http://wso2.org/claims/devices";
 	public static final String PRIMARY_USER_STORE = "PRIMARY";
-    public static final String DEFAULT_STREAM_VERSION = "1.0.0";
+	public static final String APIM_RESERVED_USER = "apim_reserved_user";
+	public static final String RESERVED_USER = "reserved_user";
+	public static final String DEFAULT_STREAM_VERSION = "1.0.0";
 	public static final String SCOPE = "scope";
 	public static final String JDBC_USERSTOREMANAGER = "org.wso2.carbon.user.core.jdbc.JDBCUserStoreManager";
 	public static final String DEFAULT_SIMPLE_DATE_FORMAT = "EEE, d MMM yyyy HH:mm:ss Z";
 	public static final int DEFAULT_PAGE_LIMIT = 50;
 	public static final String FORWARD_SLASH = "/";
 	public static final String ANDROID = "android";
+	public static final String IS_USER_ABLE_TO_VIEW_ALL_ROLES = "isUserAbleToViewAllRoles";
 	public static final String ANDROID_POLICY_VALIDATOR = "io.entgra.proprietary.uem.platform.android." +
 			"core.polcy.AndroidPolicyPayloadValidator";
 	public static final String IOS = "ios";

components/device-mgt/io.entgra.device.mgt.core.device.mgt.api/src/main/java/io/entgra/device/mgt/core/device/mgt/api/jaxrs/util/DeviceMgtAPIUtils.java

@@ -19,6 +19,7 @@
 package io.entgra.device.mgt.core.device.mgt.api.jaxrs.util;
 
 import io.entgra.device.mgt.core.apimgt.application.extension.APIManagementProviderService;
+import io.entgra.device.mgt.core.apimgt.extension.rest.api.APIApplicationServices;
 import io.entgra.device.mgt.core.apimgt.extension.rest.api.ConsumerRESTAPIServices;
 import io.entgra.device.mgt.core.application.mgt.common.services.ApplicationManager;
 import io.entgra.device.mgt.core.application.mgt.common.services.SubscriptionManager;
@@ -157,6 +158,7 @@ public class DeviceMgtAPIUtils {
     private static volatile SubscriptionManager subscriptionManager;
     private static volatile ApplicationManager applicationManager;
     private static volatile ConsumerRESTAPIServices consumerRESTAPIServices;
+    private static volatile APIApplicationServices apiApplicationServices;
     private static volatile APIManagementProviderService apiManagementProviderService;
 
     static {
@@ -410,6 +412,25 @@ public class DeviceMgtAPIUtils {
         return consumerRESTAPIServices;
     }
 
+    /**
+     * Initializing and accessing method for APIM API application REST API.
+     *
+     * @return APIApplicationServices instance
+     * @throws IllegalStateException if APIApplicationServices cannot be initialized
+     */
+    public static synchronized APIApplicationServices getApiApplicationServices() {
+        if (apiApplicationServices == null) {
+            PrivilegedCarbonContext ctx = PrivilegedCarbonContext.getThreadLocalCarbonContext();
+            apiApplicationServices = (APIApplicationServices) ctx.getOSGiService(APIApplicationServices.class, null);
+            if (apiApplicationServices == null) {
+                String msg = "API application service has not initialized.";
+                log.error(msg);
+                throw new IllegalStateException(msg);
+            }
+        }
+        return apiApplicationServices;
+    }
+
     /**
      * Initializing and accessing method for API management Provider Service.
      *

components/device-mgt/io.entgra.device.mgt.core.device.mgt.common/pom.xml

@@ -21,7 +21,7 @@
     <parent>
         <artifactId>device-mgt</artifactId>
         <groupId>io.entgra.device.mgt.core</groupId>
-        <version>5.0.26-SNAPSHOT</version>
+        <version>5.0.27-SNAPSHOT</version>
         <relativePath>../pom.xml</relativePath>
     </parent>
 

components/device-mgt/io.entgra.device.mgt.core.device.mgt.common/src/main/java/io/entgra/device/mgt/core/device/mgt/common/DeviceManagementConstants.java

@@ -134,6 +134,8 @@ public final class DeviceManagementConstants {
         public static final String LAST_NAME = "last-name";
         public static final String TENANT_ADMIN_USERNAME = "tenant-admin-username";
         public static final String TENANT_ADMIN_PASSWORD = "tenant-admin-password";
+
+        public static final int OTP_DEFAULT_EXPIRY_SECONDS = 3600;
     }
 
     public static final class EventServices {

components/device-mgt/io.entgra.device.mgt.core.device.mgt.common/src/main/java/io/entgra/device/mgt/core/device/mgt/common/general/QREnrollmentDetails.java

@@ -18,10 +18,22 @@
 
 package io.entgra.device.mgt.core.device.mgt.common.general;
 
+import java.util.Map;
+
 public class QREnrollmentDetails {
     String ownershipType;
     String username;
     String enrollmentMode;
+    Map<String, String> customValues;
+
+    public Map<String, String> getCustomValues() {
+        return customValues;
+    }
+
+    public void setCustomValues(Map<String, String> customValues) {
+        this.customValues = customValues;
+    }
+    int tokenExpiry;
 
     public String getOwnershipType() { return ownershipType; }
 
@@ -34,4 +46,12 @@ public class QREnrollmentDetails {
     public String getEnrollmentMode() { return enrollmentMode; }
 
     public void setEnrollmentMode(String enrollmentMode) { this.enrollmentMode = enrollmentMode; }
+
+    public int getTokenExpiry() {
+        return tokenExpiry;
+    }
+
+    public void setTokenExpiry(int tokenExpiry) {
+        this.tokenExpiry = tokenExpiry;
+    }
 }

components/device-mgt/io.entgra.device.mgt.core.device.mgt.common/src/main/java/io/entgra/device/mgt/core/device/mgt/common/group/mgt/DeviceGroupRoleWrapper.java

@@ -0,0 +1,151 @@
+/*
+ * Copyright (c) 2018 - 2023, Entgra (Pvt) Ltd. (http://www.entgra.io) All Rights Reserved.
+ *
+ * Entgra (Pvt) Ltd. licenses this file to you under the Apache License,
+ * Version 2.0 (the "License"); you may not use this file except
+ * in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ *    http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing,
+ * software distributed under the License is distributed on an
+ * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+ * KIND, either express or implied. See the License for the
+ * specific language governing permissions and limitations
+ * under the License.
+ */
+
+package io.entgra.device.mgt.core.device.mgt.common.group.mgt;
+
+import io.swagger.annotations.ApiModel;
+import io.swagger.annotations.ApiModelProperty;
+import io.swagger.annotations.ApiParam;
+
+import java.io.Serializable;
+import java.util.List;
+import java.util.Map;
+
+/**
+ * Holds Device Group details and expose to external access
+ */
+@ApiModel(value = "DeviceGroupRoleWrapper", description = "This class carries all information related to a managed device group.")
+public class DeviceGroupRoleWrapper implements Serializable {
+
+    private static final long serialVersionUID = 1998121711L;
+
+    @ApiModelProperty(name = "id", value = "ID of the device group in the device group information database.")
+    private int id;
+
+    @ApiModelProperty(name = "description", value = "The device group description that can be set on the device group by the user.", required = true)
+    private String description;
+
+    @ApiModelProperty(name = "name", value = "The device group name that can be set on the device group by the user.", required = true)
+    private String name;
+
+    private String owner;
+
+    @ApiModelProperty(name = "status", value = "The status of group that needs updating/retrieval.")
+    private String status;
+
+    @ApiModelProperty(name = "parentGroupId", value = "Group ID of parent group")
+    private int parentGroupId;
+
+    @ApiModelProperty(name = "parentPath", value = "Path of parent group")
+    private String parentPath;
+
+    @ApiModelProperty(name = "childrenGroups", value = "Children groups")
+    private List<DeviceGroup> childrenGroups;
+
+    @ApiModelProperty(name = "userRoles", value = "User roles")
+    private List<String> userRoles;
+
+    public DeviceGroupRoleWrapper() {
+    }
+
+    public DeviceGroupRoleWrapper(String name) {
+        this.name = name;
+    }
+
+    public String getStatus() {
+        return status;
+    }
+
+    public void setStatus(String status) {
+        this.status = status;
+    }
+
+    private Map<String, String> groupProperties;
+
+    public int getGroupId() {
+        return id;
+    }
+
+    public void setGroupId(int id) {
+        this.id = id;
+    }
+
+    public String getDescription() {
+        return description;
+    }
+
+    public void setDescription(String description) {
+        this.description = description;
+    }
+
+    public String getName() {
+        return name;
+    }
+
+    public void setName(String name) {
+        this.name = name;
+    }
+
+    public String getOwner() {
+        return owner;
+    }
+
+    public void setOwner(String owner) {
+        this.owner = owner;
+    }
+
+    public Map<String, String> getGroupProperties() {
+        return groupProperties;
+    }
+
+    public void setGroupProperties(Map<String, String> groupProperties) {
+        this.groupProperties = groupProperties;
+    }
+
+    public int getParentGroupId() {
+        return parentGroupId;
+    }
+
+    public void setParentGroupId(int parentGroupId) {
+        this.parentGroupId = parentGroupId;
+    }
+
+    public String getParentPath() {
+        return parentPath;
+    }
+
+    public void setParentPath(String parentPath) {
+        this.parentPath = parentPath;
+    }
+
+    public List<DeviceGroup> getChildrenGroups() {
+        return childrenGroups;
+    }
+
+    public void setChildrenGroups(List<DeviceGroup> childrenGroups) {
+        this.childrenGroups = childrenGroups;
+    }
+
+    public List<String> getUserRoles() {
+        return userRoles;
+    }
+
+    public void setUserRoles(List<String> userRoles) {
+        this.userRoles = userRoles;
+    }
+}

components/device-mgt/io.entgra.device.mgt.core.device.mgt.common/src/main/java/io/entgra/device/mgt/core/device/mgt/common/otp/mgt/OTPEmailTypes.java

@@ -19,5 +19,5 @@
 package io.entgra.device.mgt.core.device.mgt.common.otp.mgt;
 
 public enum OTPEmailTypes {
-    USER_VERIFY, DEVICE_ENROLLMENT
+    USER_VERIFY, DEVICE_ENROLLMENT, USER_INVITE, REMOTE_SESSION
 }

components/device-mgt/io.entgra.device.mgt.core.device.mgt.common/src/main/java/io/entgra/device/mgt/core/device/mgt/common/spi/OTPManagementService.java

@@ -35,7 +35,8 @@ public interface OTPManagementService {
      * @throws OTPManagementException if error occurred whle verifying validity of the OPT
      * @throws BadRequestException if found an null value for OTP
      */
-    OneTimePinDTO isValidOTP(String oneTimeToken) throws OTPManagementException, BadRequestException;
+    OneTimePinDTO isValidOTP(String oneTimeToken, boolean requireRenewal) throws
+            OTPManagementException, BadRequestException;
 
     /**
      * Invalidate the OTP and send welcome mail
@@ -59,8 +60,7 @@ public interface OTPManagementService {
     boolean hasEmailRegistered(String email, String emailDomain) throws OTPManagementException,
             DeviceManagementException;
 
-    OneTimePinDTO generateOneTimePin(String email, String emailType, String userName, Object metaDataObj,
+    OneTimePinDTO generateOneTimePin(OneTimePinDTO oneTimePinData, boolean persistPin) throws OTPManagementException;
-                                     int tenantId, boolean persistPin) throws OTPManagementException;
 
     OneTimePinDTO getRenewedOtpByEmailAndMailType(String email, String emailType) throws OTPManagementException;
 

components/device-mgt/io.entgra.device.mgt.core.device.mgt.config.api/pom.xml

@@ -22,7 +22,7 @@
     <parent>
         <artifactId>device-mgt</artifactId>
         <groupId>io.entgra.device.mgt.core</groupId>
-        <version>5.0.26-SNAPSHOT</version>
+        <version>5.0.27-SNAPSHOT</version>
         <relativePath>../pom.xml</relativePath>
     </parent>
 
@@ -76,12 +76,20 @@
                 <groupId>org.apache.maven.plugins</groupId>
                 <artifactId>maven-surefire-plugin</artifactId>
                 <configuration>
-                    <systemPropertyVariables>
+                    <argLine>
-                        <log4j.configuration>file:src/test/resources/log4j.properties</log4j.configuration>
+                        --add-opens=java.xml/jdk.xml.internal=ALL-UNNAMED
-                    </systemPropertyVariables>
+                        --add-opens=java.base/jdk.internal.loader=ALL-UNNAMED
+                    </argLine>
                     <suiteXmlFiles>
                         <suiteXmlFile>src/test/resources/testng.xml</suiteXmlFile>
                     </suiteXmlFiles>
+                    <systemPropertyVariables>
+                        <jacoco-agent.destfile>${basedir}/target/coverage-reports/jacoco-unit.exec</jacoco-agent.destfile>
+                        <log4j.configuration>file:src/test/resources/log4j.properties</log4j.configuration>
+                    </systemPropertyVariables>
+                    <classpathDependencyExcludes>
+                        <classpathDependencyExclude>org.ops4j.pax.logging</classpathDependencyExclude>
+                    </classpathDependencyExcludes>
                 </configuration>
             </plugin>
         </plugins>
@@ -255,7 +263,7 @@
         </dependency>
         <dependency>
             <groupId>org.powermock</groupId>
-            <artifactId>powermock-api-mockito</artifactId>
+            <artifactId>powermock-api-mockito2</artifactId>
             <scope>test</scope>
         </dependency>
         <dependency>

components/device-mgt/io.entgra.device.mgt.core.device.mgt.config.api/src/main/java/io/entgra/device/mgt/core/device/mgt/config/api/service/DeviceManagementConfigService.java

@@ -139,7 +139,12 @@ public interface DeviceManagementConfigService {
                     value = "The properties list using for query a device",
                     required = true)
             @QueryParam("properties")
-                    String properties);
+                    String properties,
+            @ApiParam(
+                    name = "withAccessToken",
+                    value = "Whether to use access token or otp token for device configuration")
+            @QueryParam("withAccessToken")
+                    boolean withAccessToken);
 
     @PUT
     @Path("/device/transfer")

components/device-mgt/io.entgra.device.mgt.core.device.mgt.config.api/src/main/java/io/entgra/device/mgt/core/device/mgt/config/api/service/impl/DeviceManagementConfigServiceImpl.java

@@ -21,6 +21,10 @@ import com.fasterxml.jackson.core.JsonParseException;
 import com.fasterxml.jackson.core.type.TypeReference;
 import com.fasterxml.jackson.databind.JsonMappingException;
 import com.fasterxml.jackson.databind.ObjectMapper;
+import io.entgra.device.mgt.core.device.mgt.common.exceptions.OTPManagementException;
+import io.entgra.device.mgt.core.device.mgt.common.otp.mgt.OTPEmailTypes;
+import io.entgra.device.mgt.core.device.mgt.common.otp.mgt.dto.OneTimePinDTO;
+import io.entgra.device.mgt.core.device.mgt.common.spi.OTPManagementService;
 import io.entgra.device.mgt.core.device.mgt.common.AppRegistrationCredentials;
 import io.entgra.device.mgt.core.device.mgt.common.ApplicationRegistrationException;
 import io.entgra.device.mgt.core.device.mgt.common.DeviceTransferRequest;
@@ -48,6 +52,30 @@ import org.apache.commons.logging.Log;
 import org.apache.commons.logging.LogFactory;
 import org.wso2.carbon.base.MultitenantConstants;
 import org.wso2.carbon.context.PrivilegedCarbonContext;
+import org.wso2.carbon.device.mgt.common.AppRegistrationCredentials;
+import org.wso2.carbon.device.mgt.common.ApplicationRegistrationException;
+import org.wso2.carbon.device.mgt.common.DeviceTransferRequest;
+import org.wso2.carbon.device.mgt.common.configuration.mgt.AmbiguousConfigurationException;
+import org.wso2.carbon.device.mgt.common.configuration.mgt.DeviceConfiguration;
+import org.wso2.carbon.device.mgt.common.exceptions.DeviceManagementException;
+import org.wso2.carbon.device.mgt.common.exceptions.DeviceNotFoundException;
+import org.wso2.carbon.device.mgt.common.exceptions.OTPManagementException;
+import org.wso2.carbon.device.mgt.common.general.TenantDetail;
+import org.wso2.carbon.device.mgt.common.otp.mgt.OTPEmailTypes;
+import org.wso2.carbon.device.mgt.common.otp.mgt.dto.OneTimePinDTO;
+import org.wso2.carbon.device.mgt.common.permission.mgt.PermissionManagementException;
+import org.wso2.carbon.device.mgt.common.spi.OTPManagementService;
+import org.wso2.carbon.device.mgt.core.DeviceManagementConstants;
+import org.wso2.carbon.device.mgt.core.config.DeviceConfigurationManager;
+import org.wso2.carbon.device.mgt.core.config.DeviceManagementConfig;
+import org.wso2.carbon.device.mgt.core.config.keymanager.KeyManagerConfigurations;
+import org.wso2.carbon.device.mgt.core.config.ui.UIConfiguration;
+import org.wso2.carbon.device.mgt.core.config.ui.UIConfigurationManager;
+import org.wso2.carbon.device.mgt.core.permission.mgt.PermissionUtils;
+import org.wso2.carbon.device.mgt.core.service.DeviceManagementProviderService;
+import org.wso2.carbon.device.mgt.core.util.DeviceManagerUtil;
+import org.wso2.carbon.identity.jwt.client.extension.dto.AccessTokenInfo;
+import org.wso2.carbon.identity.jwt.client.extension.exception.JWTClientException;
 import org.wso2.carbon.user.api.Tenant;
 import org.wso2.carbon.user.api.UserStoreException;
 import org.wso2.carbon.user.core.service.RealmService;
@@ -70,7 +98,8 @@ public class DeviceManagementConfigServiceImpl implements DeviceManagementConfig
     @Path("/configurations")
     @Produces(MediaType.APPLICATION_JSON)
     public Response getConfiguration(@HeaderParam("token") String token,
-                                     @QueryParam("properties") String properties) {
+                                     @QueryParam("properties") String properties,
+                                     @QueryParam("withAccessToken") boolean withAccessToken) {
         DeviceManagementProviderService dms = DeviceMgtAPIUtils.getDeviceManagementService();
         try {
             if (token == null || token.isEmpty()) {
@@ -95,7 +124,8 @@ public class DeviceManagementConfigServiceImpl implements DeviceManagementConfig
             deviceProps.put("token", token);
             DeviceConfiguration devicesConfiguration =
                     dms.getDeviceConfiguration(deviceProps);
-            setAccessTokenToDeviceConfigurations(devicesConfiguration);
+            if (withAccessToken) setAccessTokenToDeviceConfigurations(devicesConfiguration);
+                else setOTPTokenToDeviceConfigurations(devicesConfiguration);
             return Response.status(Response.Status.OK).entity(devicesConfiguration).build();
         } catch (DeviceManagementException e) {
             String msg = "Error occurred while retrieving configurations";
@@ -207,6 +237,33 @@ public class DeviceManagementConfigServiceImpl implements DeviceManagementConfig
         }
     }
 
+    private void setOTPTokenToDeviceConfigurations(DeviceConfiguration deviceConfiguration)
+            throws DeviceManagementException {
+        OneTimePinDTO oneTimePinData = new OneTimePinDTO();
+        oneTimePinData.setEmail(OTPEmailTypes.DEVICE_ENROLLMENT.toString());
+        oneTimePinData.setEmailType(OTPEmailTypes.DEVICE_ENROLLMENT.toString());
+        oneTimePinData.setUsername(deviceConfiguration.getDeviceOwner());
+        PrivilegedCarbonContext.startTenantFlow();
+        PrivilegedCarbonContext.getThreadLocalCarbonContext().setTenantDomain(
+                deviceConfiguration.getTenantDomain(), true);
+        oneTimePinData.setTenantId(PrivilegedCarbonContext.getThreadLocalCarbonContext().getTenantId());
+        PrivilegedCarbonContext.endTenantFlow();
+        OTPManagementService otpManagementService = DeviceMgtAPIUtils.getOtpManagementService();
+        try {
+            OneTimePinDTO oneTimePinDTO = otpManagementService.generateOneTimePin(oneTimePinData, true);
+            if (oneTimePinDTO == null) {
+                String msg = "Null value returned when generating OTP token for " + oneTimePinData.getOtpToken();
+                log.error(msg);
+                throw new DeviceManagementException(msg);
+            }
+            deviceConfiguration.setAccessToken(oneTimePinDTO.getOtpToken());
+        } catch (OTPManagementException ex) {
+            String msg = "Error occurred while generating one time pin: " + ex.getMessage();
+            log.error(msg, ex);
+            throw new DeviceManagementException(msg, ex);
+        }
+    }
+
     @Override
     @Path("/tenants")
     @GET

components/device-mgt/io.entgra.device.mgt.core.device.mgt.config.api/src/main/java/io/entgra/device/mgt/core/device/mgt/config/api/util/DeviceMgtAPIUtils.java

@@ -22,6 +22,8 @@ import io.entgra.device.mgt.core.device.mgt.core.service.DeviceManagementProvide
 import org.apache.commons.logging.Log;
 import org.apache.commons.logging.LogFactory;
 import org.wso2.carbon.context.PrivilegedCarbonContext;
+import org.wso2.carbon.device.mgt.common.spi.OTPManagementService;
+import org.wso2.carbon.device.mgt.core.service.DeviceManagementProviderService;
 import org.wso2.carbon.user.core.service.RealmService;
 
 /**
@@ -34,6 +36,8 @@ public class DeviceMgtAPIUtils {
     private static DeviceManagementProviderService deviceManagementProviderService = null;
     private static RealmService realmService = null;
 
+    private static OTPManagementService otpManagementService = null;
+
     public static DeviceManagementProviderService getDeviceManagementService() {
         if (deviceManagementProviderService == null) {
             PrivilegedCarbonContext ctx = PrivilegedCarbonContext.getThreadLocalCarbonContext();
@@ -48,6 +52,19 @@ public class DeviceMgtAPIUtils {
         return deviceManagementProviderService;
     }
 
+    public static OTPManagementService getOtpManagementService() {
+        if (otpManagementService == null) {
+            PrivilegedCarbonContext ctx = PrivilegedCarbonContext.getThreadLocalCarbonContext();
+            otpManagementService = (OTPManagementService) ctx.getOSGiService(OTPManagementService.class, null);
+            if (otpManagementService == null) {
+                String msg = "OTP Management Service has not initialized.";
+                log.error(msg);
+                throw new IllegalStateException(msg);
+            }
+        }
+        return otpManagementService;
+    }
+
     public static RealmService getRealmService() {
         if (realmService == null) {
             PrivilegedCarbonContext ctx = PrivilegedCarbonContext.getThreadLocalCarbonContext();

components/device-mgt/io.entgra.device.mgt.core.device.mgt.core/pom.xml

@@ -22,7 +22,7 @@
     <parent>
         <groupId>io.entgra.device.mgt.core</groupId>
         <artifactId>device-mgt</artifactId>
-        <version>5.0.26-SNAPSHOT</version>
+        <version>5.0.27-SNAPSHOT</version>
         <relativePath>../pom.xml</relativePath>
     </parent>
 
@@ -473,7 +473,7 @@
         </dependency>
         <dependency>
             <groupId>org.powermock</groupId>
-            <artifactId>powermock-api-mockito</artifactId>
+            <artifactId>powermock-api-mockito2</artifactId>
         </dependency>
         <dependency>
             <groupId>org.wso2.carbon.multitenancy</groupId>

components/device-mgt/io.entgra.device.mgt.core.device.mgt.core/src/main/java/io/entgra/device/mgt/core/device/mgt/core/dao/GroupDAO.java

@@ -22,6 +22,7 @@ import io.entgra.device.mgt.core.device.mgt.common.Device;
 import io.entgra.device.mgt.core.device.mgt.common.GroupPaginationRequest;
 import io.entgra.device.mgt.core.device.mgt.common.PaginationRequest;
 import io.entgra.device.mgt.core.device.mgt.common.group.mgt.DeviceGroup;
+import io.entgra.device.mgt.core.device.mgt.common.group.mgt.DeviceGroupRoleWrapper;
 
 import java.util.List;
 import java.util.Map;
@@ -40,6 +41,18 @@ public interface GroupDAO {
      */
     int addGroup(DeviceGroup deviceGroup, int tenantId) throws GroupManagementDAOException;
 
+    /**
+     * Add properties for device group.
+     * Note that groupId parameter is considered seperately due to the groupId parameter passed with
+     * device group Payload is ignored in the add/update logic instead the internal groupId reference is used.
+     *
+     * @param groups to be added.
+     * @param tenantId    of the group.
+     * @return sql execution result.
+     * @throws GroupManagementDAOException
+     */
+    int addGroupWithRoles(DeviceGroupRoleWrapper groups, int tenantId) throws GroupManagementDAOException;
+
     /**
      * Add properties for device group.
      * Note that groupId parameter is considered seperately due to the groupId parameter passed with
@@ -52,6 +65,18 @@ public interface GroupDAO {
      */
     boolean addGroupProperties(DeviceGroup deviceGroup, int groupId, int tenantId) throws GroupManagementDAOException;
 
+    /**
+     * Update properties for device group.
+     * Note that groupId parameter is considered seperately due to the groupId parameter passed with
+     * device group Payload is ignored in the add/update logic instead the internal groupId reference is used.
+     *
+     * @param groups to be updated.
+     * @param tenantId    of the group.
+     * @return sql execution result.
+     * @throws GroupManagementDAOException
+     */
+    boolean addGroupPropertiesWithRoles(DeviceGroupRoleWrapper groups, int groupId, int tenantId) throws GroupManagementDAOException;
+
     /**
      * Update properties for device group.
      * Note that groupId parameter is considered seperately due to the groupId parameter passed with
@@ -130,6 +155,15 @@ public interface GroupDAO {
      */
     void deleteGroupsMapping(List<Integer> groupIds, int tenantId) throws GroupManagementDAOException;
 
+    /**
+     * Delete mappings of Device Groups.
+     *
+     * @param role of Device Groups.
+     * @param tenantId  of the role.
+     * @throws GroupManagementDAOException on error during deletion of mappings of groups
+     */
+    void deleteGroupsMapping(String role, int tenantId) throws GroupManagementDAOException;
+
     /**
      * Delete existing Device Groups.
      *
@@ -186,6 +220,19 @@ public interface GroupDAO {
      */
     List<DeviceGroup> getGroups(GroupPaginationRequest paginationRequest, int tenantId) throws GroupManagementDAOException;
 
+    /**
+     * Get paginated list of Device Groups in tenant with specified device group ids.
+     *
+     * @param paginationRequest to filter results.
+     * @param deviceGroupIds    of groups required.
+     * @param tenantId          of user's tenant.
+     * @param isWithParentPath      of user's ParentPath.
+     * @return List of all Device Groups in tenant.
+     * @throws GroupManagementDAOException
+     */
+    List<DeviceGroup> getGroups(GroupPaginationRequest paginationRequest, List<Integer> deviceGroupIds,
+                                int tenantId, boolean isWithParentPath) throws GroupManagementDAOException;
+
     /**
      * Get paginated list of Device Groups in tenant with specified device group ids.
      *
@@ -412,4 +459,4 @@ public interface GroupDAO {
                                            List<String> groupNames)
             throws GroupManagementDAOException;
 
-}
+}

components/device-mgt/io.entgra.device.mgt.core.device.mgt.core/src/main/java/io/entgra/device/mgt/core/device/mgt/core/dao/impl/AbstractGroupDAOImpl.java

@@ -18,6 +18,7 @@
 
 package io.entgra.device.mgt.core.device.mgt.core.dao.impl;
 
+import io.entgra.device.mgt.core.device.mgt.common.group.mgt.DeviceGroupRoleWrapper;
 import io.entgra.device.mgt.core.device.mgt.common.Device;
 import io.entgra.device.mgt.core.device.mgt.common.GroupPaginationRequest;
 import io.entgra.device.mgt.core.device.mgt.common.PaginationRequest;
@@ -49,7 +50,7 @@ public abstract class AbstractGroupDAOImpl implements GroupDAO {
             throws GroupManagementDAOException {
         try {
             Connection conn = GroupManagementDAOFactory.getConnection();
-            String sql = "SELECT ID, DESCRIPTION, GROUP_NAME, OWNER, STATUS, PARENT_PATH FROM DM_GROUP "
+            String sql = "SELECT ID, DESCRIPTION, GROUP_NAME, OWNER, STATUS, PARENT_PATH, PARENT_GROUP_ID FROM DM_GROUP "
                     + "WHERE TENANT_ID = ?";
             if (StringUtils.isNotBlank(request.getGroupName())) {
                 sql += " AND GROUP_NAME LIKE ?";
@@ -103,7 +104,7 @@ public abstract class AbstractGroupDAOImpl implements GroupDAO {
 
     @Override
     public List<DeviceGroup> getGroups(GroupPaginationRequest request, List<Integer> deviceGroupIds,
-            int tenantId) throws GroupManagementDAOException {
+                                       int tenantId) throws GroupManagementDAOException {
         int deviceGroupIdsCount = deviceGroupIds.size();
         if (deviceGroupIdsCount == 0) {
             return new ArrayList<>();
@@ -111,7 +112,7 @@ public abstract class AbstractGroupDAOImpl implements GroupDAO {
 
         try {
             Connection conn = GroupManagementDAOFactory.getConnection();
-            String sql = "SELECT ID, DESCRIPTION, GROUP_NAME, OWNER, STATUS, PARENT_PATH FROM DM_GROUP WHERE TENANT_ID = ?";
+            String sql = "SELECT ID, DESCRIPTION, GROUP_NAME, OWNER, STATUS, PARENT_PATH, PARENT_GROUP_ID FROM DM_GROUP WHERE TENANT_ID = ?";
             if (StringUtils.isNotBlank(request.getGroupName())) {
                 sql += " AND GROUP_NAME LIKE ?";
             }
@@ -164,6 +165,73 @@ public abstract class AbstractGroupDAOImpl implements GroupDAO {
             throw new GroupManagementDAOException(msg, e);
         }
     }
+    @Override
+    public List<DeviceGroup> getGroups(GroupPaginationRequest request, List<Integer> deviceGroupIds,
+                                       int tenantId, boolean isWithParentPath) throws GroupManagementDAOException {
+        int deviceGroupIdsCount = deviceGroupIds.size();
+        if (deviceGroupIdsCount == 0) {
+            return new ArrayList<>();
+        }
+
+        try {
+            Connection conn = GroupManagementDAOFactory.getConnection();
+            String sql = "SELECT ID, DESCRIPTION, GROUP_NAME, OWNER, STATUS, PARENT_PATH, PARENT_GROUP_ID FROM DM_GROUP WHERE TENANT_ID = ?";
+            if (StringUtils.isNotBlank(request.getGroupName())) {
+                sql += " AND GROUP_NAME LIKE ?";
+            }
+            if (StringUtils.isNotBlank(request.getOwner())) {
+                sql += " AND OWNER LIKE ?";
+            }
+            if (StringUtils.isNotBlank(request.getParentPath())) {
+                if(isWithParentPath){
+                    sql += " AND PARENT_PATH LIKE ?";
+                }
+            }
+            sql += " AND ID IN (";
+            for (int i = 0; i < deviceGroupIdsCount; i++) {
+                sql += (deviceGroupIdsCount - 1 != i) ? "?," : "?";
+            }
+            sql += ")";
+            if (request.getRowCount() != 0) {
+                sql += " LIMIT ? OFFSET ?";
+            }
+
+            try (PreparedStatement stmt = conn.prepareStatement(sql)) {
+                int paramIndex = 1;
+                stmt.setInt(paramIndex++, tenantId);
+                if (StringUtils.isNotBlank(request.getGroupName())) {
+                    stmt.setString(paramIndex++, request.getGroupName() + "%");
+                }
+                if (StringUtils.isNotBlank(request.getOwner())) {
+                    stmt.setString(paramIndex++, request.getOwner() + "%");
+                }
+                if (StringUtils.isNotBlank(request.getParentPath())) {
+                    if(isWithParentPath){
+                        stmt.setString(paramIndex++, request.getParentPath());
+                    }
+                }
+                for (Integer deviceGroupId : deviceGroupIds) {
+                    stmt.setInt(paramIndex++, deviceGroupId);
+                }
+                if (request.getRowCount() != 0) {
+                    stmt.setInt(paramIndex++, request.getRowCount());
+                    stmt.setInt(paramIndex, request.getStartIndex());
+                }
+                List<DeviceGroup> deviceGroupList = new ArrayList<>();
+                try (ResultSet resultSet = stmt.executeQuery()) {
+                    while (resultSet.next()) {
+                        deviceGroupList.add(GroupManagementDAOUtil.loadGroup(resultSet));
+                    }
+                }
+                return deviceGroupList;
+            }
+        } catch (SQLException e) {
+            String msg = "Error occurred while retrieving groups of groups IDs " + deviceGroupIds.toString()
+                    +  " in tenant: " + tenantId;
+            log.error(msg);
+            throw new GroupManagementDAOException(msg, e);
+        }
+    }
 
     @Override
     public int addGroup(DeviceGroup deviceGroup, int tenantId) throws GroupManagementDAOException {
@@ -175,11 +243,11 @@ public abstract class AbstractGroupDAOImpl implements GroupDAO {
             Connection conn = GroupManagementDAOFactory.getConnection();
             String sql;
             if (deviceGroup.getStatus() == null || deviceGroup.getStatus().isEmpty()) {
-                sql = "INSERT INTO DM_GROUP(DESCRIPTION, GROUP_NAME, OWNER, TENANT_ID, PARENT_PATH) "
+                sql = "INSERT INTO DM_GROUP(DESCRIPTION, GROUP_NAME, OWNER, TENANT_ID, PARENT_PATH, PARENT_GROUP_ID) "
-                        + "VALUES (?, ?, ?, ?, ?)";
-            } else {
-                sql = "INSERT INTO DM_GROUP(DESCRIPTION, GROUP_NAME, OWNER, TENANT_ID, PARENT_PATH, STATUS) "
                         + "VALUES (?, ?, ?, ?, ?, ?)";
+            } else {
+                sql = "INSERT INTO DM_GROUP(DESCRIPTION, GROUP_NAME, OWNER, TENANT_ID, PARENT_PATH, PARENT_GROUP_ID, STATUS) "
+                        + "VALUES (?, ?, ?, ?, ?, ?, ?)";
                 hasStatus = true;
             }
             stmt = conn.prepareStatement(sql, new String[]{"ID"});
@@ -188,8 +256,9 @@ public abstract class AbstractGroupDAOImpl implements GroupDAO {
             stmt.setString(3, deviceGroup.getOwner());
             stmt.setInt(4, tenantId);
             stmt.setString(5, deviceGroup.getParentPath());
+            stmt.setInt(6, deviceGroup.getParentGroupId());
             if (hasStatus) {
-                stmt.setString(6, deviceGroup.getStatus());
+                stmt.setString(7, deviceGroup.getStatus());
             }
 
             stmt.executeUpdate();
@@ -206,6 +275,47 @@ public abstract class AbstractGroupDAOImpl implements GroupDAO {
         }
     }
 
+    @Override
+    public int addGroupWithRoles(DeviceGroupRoleWrapper groups, int tenantId) throws GroupManagementDAOException {
+        int groupId = -1;
+        boolean hasStatus = false;
+        try {
+            Connection conn = GroupManagementDAOFactory.getConnection();
+            String sql;
+            if (groups.getStatus() == null || groups.getStatus().isEmpty()) {
+                sql = "INSERT INTO DM_GROUP(DESCRIPTION, GROUP_NAME, OWNER, TENANT_ID, PARENT_PATH, PARENT_GROUP_ID) "
+                        + "VALUES (?, ?, ?, ?, ?, ?)";
+            } else {
+                sql = "INSERT INTO DM_GROUP(DESCRIPTION, GROUP_NAME, OWNER, TENANT_ID, PARENT_PATH, PARENT_GROUP_ID, STATUS) "
+                        + "VALUES (?, ?, ?, ?, ?, ?, ?)";
+                hasStatus = true;
+            }
+            try (PreparedStatement stmt = conn.prepareStatement(sql, new String[]{"ID"})) {
+                stmt.setString(1, groups.getDescription());
+                stmt.setString(2, groups.getName());
+                stmt.setString(3, groups.getOwner());
+                stmt.setInt(4, tenantId);
+                stmt.setString(5, groups.getParentPath());
+                stmt.setInt(6, groups.getParentGroupId());
+                if (hasStatus) {
+                    stmt.setString(7, groups.getStatus());
+                }
+                stmt.executeUpdate();
+                try (ResultSet rs = stmt.getGeneratedKeys();) {
+                    if (rs.next()) {
+                        groupId = rs.getInt(1);
+                    }
+                    return groupId;
+                }
+            }
+        } catch (SQLException e) {
+            String msg = "Error occurred while adding deviceGroup '" +
+                    groups.getName() + "'";
+            log.error(msg);
+            throw new GroupManagementDAOException(msg, e);
+        }
+    }
+
     public boolean addGroupProperties(DeviceGroup deviceGroup, int groupId, int tenantId)
             throws GroupManagementDAOException {
         boolean status;
@@ -234,6 +344,33 @@ public abstract class AbstractGroupDAOImpl implements GroupDAO {
         return status;
     }
 
+    public boolean addGroupPropertiesWithRoles(DeviceGroupRoleWrapper groups, int groupId, int tenantId)
+            throws GroupManagementDAOException {
+        boolean status;
+        try {
+            Connection conn = GroupManagementDAOFactory.getConnection();
+            try (PreparedStatement stmt = conn.prepareStatement(
+                    "INSERT INTO GROUP_PROPERTIES(GROUP_ID, PROPERTY_NAME, " +
+                            "PROPERTY_VALUE, TENANT_ID) VALUES (?, ?, ?, ?)")) {
+                for (Map.Entry<String, String> entry : groups.getGroupProperties().entrySet()) {
+                    stmt.setInt(1, groupId);
+                    stmt.setString(2, entry.getKey());
+                    stmt.setString(3, entry.getValue());
+                    stmt.setInt(4, tenantId);
+                    stmt.addBatch();
+                }
+                stmt.executeBatch();
+                status = true;
+            }
+        } catch (SQLException e) {
+            String msg = "Error occurred while adding properties for group '" +
+                    groups.getName() + "' values : " + groups.getGroupProperties();
+            log.error(msg);
+            throw new GroupManagementDAOException(msg, e);
+        }
+        return status;
+    }
+
     public boolean updateGroupProperties(DeviceGroup deviceGroup, int groupId, int tenantId)
             throws GroupManagementDAOException {
         boolean status;
@@ -303,7 +440,7 @@ public abstract class AbstractGroupDAOImpl implements GroupDAO {
         try {
             Connection conn = GroupManagementDAOFactory.getConnection();
             String sql = "UPDATE DM_GROUP SET DESCRIPTION = ?, GROUP_NAME = ?, OWNER = ?, STATUS = ?, "
-                    + "PARENT_PATH = ? WHERE ID = ? AND TENANT_ID = ?";
+                    + "PARENT_PATH = ?, PARENT_GROUP_ID = ? WHERE ID = ? AND TENANT_ID = ?";
             try (PreparedStatement stmt = conn.prepareStatement(sql)){
                 for (DeviceGroup deviceGroup : deviceGroups) {
                     stmt.setString(1, deviceGroup.getDescription());
@@ -311,8 +448,9 @@ public abstract class AbstractGroupDAOImpl implements GroupDAO {
                     stmt.setString(3, deviceGroup.getOwner());
                     stmt.setString(4, deviceGroup.getStatus());
                     stmt.setString(5, deviceGroup.getParentPath());
-                    stmt.setInt(6, deviceGroup.getGroupId());
+                    stmt.setInt(6, deviceGroup.getParentGroupId());
-                    stmt.setInt(7, tenantId);
+                    stmt.setInt(7, deviceGroup.getGroupId());
+                    stmt.setInt(8, tenantId);
                     stmt.addBatch();
                 }
                 stmt.executeBatch();
@@ -403,6 +541,23 @@ public abstract class AbstractGroupDAOImpl implements GroupDAO {
         }
     }
 
+    @Override
+    public void deleteGroupsMapping(String role, int tenantId) throws GroupManagementDAOException {
+
+        try {
+            Connection conn = GroupManagementDAOFactory.getConnection();
+            String sql = "DELETE FROM DM_ROLE_GROUP_MAP WHERE ROLE = ? AND TENANT_ID = ?";
+            try (PreparedStatement stmt = conn.prepareStatement(sql)) {
+                stmt.setString(1, role);
+                stmt.setInt(2, tenantId);
+                stmt.executeUpdate();
+            }
+        } catch (SQLException e) {
+            String msg = "Error occurred while removing record from group-role mapping.";
+            log.error(msg);
+            throw new GroupManagementDAOException(msg, e);
+        }
+    }
     @Override
     public void deleteGroups(List<Integer> groupIds, int tenantId) throws GroupManagementDAOException {
         try {
@@ -491,7 +646,7 @@ public abstract class AbstractGroupDAOImpl implements GroupDAO {
         ResultSet resultSet = null;
         try {
             Connection conn = GroupManagementDAOFactory.getConnection();
-            String sql = "SELECT ID, DESCRIPTION, GROUP_NAME, OWNER, STATUS, PARENT_PATH FROM DM_GROUP WHERE ID = ? "
+            String sql = "SELECT ID, DESCRIPTION, GROUP_NAME, OWNER, STATUS, PARENT_PATH, PARENT_GROUP_ID FROM DM_GROUP WHERE ID = ? "
                     + "AND TENANT_ID = ?";
             stmt = conn.prepareStatement(sql);
             stmt.setInt(1, groupId);
@@ -514,7 +669,7 @@ public abstract class AbstractGroupDAOImpl implements GroupDAO {
     public List<DeviceGroup> getChildrenGroups(String parentPath, int tenantId) throws GroupManagementDAOException {
         try {
             Connection conn = GroupManagementDAOFactory.getConnection();
-            String sql = "SELECT ID, DESCRIPTION, GROUP_NAME, OWNER, STATUS, PARENT_PATH FROM DM_GROUP "
+            String sql = "SELECT ID, DESCRIPTION, GROUP_NAME, OWNER, STATUS, PARENT_PATH, PARENT_GROUP_ID FROM DM_GROUP "
                     + "WHERE PARENT_PATH LIKE ? AND TENANT_ID = ?";
             try (PreparedStatement stmt = conn.prepareStatement(sql)) {
                 stmt.setString(1, parentPath + "%");
@@ -539,7 +694,7 @@ public abstract class AbstractGroupDAOImpl implements GroupDAO {
     public List<DeviceGroup> getRootGroups(int tenantId) throws GroupManagementDAOException {
         try {
             Connection conn = GroupManagementDAOFactory.getConnection();
-            String sql = "SELECT ID, DESCRIPTION, GROUP_NAME, OWNER, STATUS, PARENT_PATH FROM DM_GROUP "
+            String sql = "SELECT ID, DESCRIPTION, GROUP_NAME, OWNER, STATUS, PARENT_PATH, PARENT_GROUP_ID FROM DM_GROUP "
                     + "WHERE PARENT_PATH LIKE ? AND TENANT_ID = ?";
             try (PreparedStatement stmt = conn.prepareStatement(sql)) {
                 stmt.setString(1, "/");
@@ -567,7 +722,7 @@ public abstract class AbstractGroupDAOImpl implements GroupDAO {
         List<DeviceGroup> deviceGroupBuilders = new ArrayList<>();
         try {
             Connection conn = GroupManagementDAOFactory.getConnection();
-            String sql = "SELECT G.ID, G.GROUP_NAME, G.DESCRIPTION, G.OWNER, G.STATUS, G.PARENT_PATH FROM DM_GROUP G " +
+            String sql = "SELECT G.ID, G.GROUP_NAME, G.DESCRIPTION, G.OWNER, G.STATUS, G.PARENT_PATH, G.PARENT_GROUP_ID FROM DM_GROUP G " +
                     "INNER JOIN DM_DEVICE_GROUP_MAP GM ON G.ID = GM.GROUP_ID " +
                     "WHERE GM.DEVICE_ID = ? AND GM.TENANT_ID = ?";
             stmt = conn.prepareStatement(sql);
@@ -705,7 +860,7 @@ public abstract class AbstractGroupDAOImpl implements GroupDAO {
         try {
             Connection conn = GroupManagementDAOFactory.getConnection();
             String sql =
-                    "SELECT ID, DESCRIPTION, GROUP_NAME, OWNER, STATUS, PARENT_PATH FROM DM_GROUP "
+                    "SELECT ID, DESCRIPTION, GROUP_NAME, OWNER, STATUS, PARENT_PATH, PARENT_GROUP_ID FROM DM_GROUP "
                             + "WHERE LOWER(GROUP_NAME) = LOWER(?) AND TENANT_ID = ?";
             stmt = conn.prepareStatement(sql);
             stmt.setString(1, groupName);
@@ -876,7 +1031,7 @@ public abstract class AbstractGroupDAOImpl implements GroupDAO {
         List<DeviceGroup> deviceGroupList = null;
         try {
             Connection conn = GroupManagementDAOFactory.getConnection();
-            String sql = "SELECT ID, DESCRIPTION, GROUP_NAME, OWNER, STATUS, PARENT_PATH FROM DM_GROUP g, " +
+            String sql = "SELECT ID, DESCRIPTION, GROUP_NAME, OWNER, STATUS, PARENT_PATH, PARENT_GROUP_ID P FROM DM_GROUP g, " +
                     "(SELECT GROUP_ID FROM DM_ROLE_GROUP_MAP WHERE ROLE IN (";
 
             int index = 0;
@@ -990,7 +1145,7 @@ public abstract class AbstractGroupDAOImpl implements GroupDAO {
         List<DeviceGroup> deviceGroupList = null;
         try {
             Connection conn = GroupManagementDAOFactory.getConnection();
-            String sql = "SELECT ID, DESCRIPTION, GROUP_NAME, OWNER, STATUS, PARENT_PATH FROM DM_GROUP "
+            String sql = "SELECT ID, DESCRIPTION, GROUP_NAME, OWNER, STATUS, PARENT_PATH, PARENT_GROUP_ID FROM DM_GROUP "
                     + "WHERE OWNER = ? AND TENANT_ID = ?";
             stmt = conn.prepareStatement(sql);
             stmt.setString(1, username);
@@ -1128,7 +1283,7 @@ public abstract class AbstractGroupDAOImpl implements GroupDAO {
     }
 
 
-        @Override
+    @Override
     public List<Device> getAllDevicesOfGroup(String groupName, int tenantId) throws GroupManagementDAOException {
         Connection conn;
         List<Device> devices;

components/device-mgt/io.entgra.device.mgt.core.device.mgt.core/src/main/java/io/entgra/device/mgt/core/device/mgt/core/dao/impl/group/PostgreSQLGroupDAOImpl.java

@@ -18,6 +18,9 @@
 
 package io.entgra.device.mgt.core.device.mgt.core.dao.impl.group;
 
+import io.entgra.device.mgt.core.device.mgt.common.group.mgt.DeviceGroupRoleWrapper;
+import org.apache.commons.logging.Log;
+import org.apache.commons.logging.LogFactory;
 import io.entgra.device.mgt.core.device.mgt.common.Device;
 import io.entgra.device.mgt.core.device.mgt.common.group.mgt.DeviceGroup;
 import io.entgra.device.mgt.core.device.mgt.core.dao.GroupManagementDAOException;
@@ -39,6 +42,7 @@ import java.util.List;
  */
 public class PostgreSQLGroupDAOImpl extends AbstractGroupDAOImpl {
 
+    private static final Log log = LogFactory.getLog(PostgreSQLGroupDAOImpl.class);
     @Override
     public int addGroup(DeviceGroup deviceGroup, int tenantId) throws GroupManagementDAOException {
         PreparedStatement stmt = null;
@@ -49,7 +53,7 @@ public class PostgreSQLGroupDAOImpl extends AbstractGroupDAOImpl {
             Connection conn = GroupManagementDAOFactory.getConnection();
             String sql;
             if(StringUtils.isEmpty(deviceGroup.getStatus())) {
-                sql = "INSERT INTO DM_GROUP(DESCRIPTION, GROUP_NAME, OWNER, TENANT_ID, PARENT_PATH) " +
+                sql = "INSERT INTO DM_GROUP(DESCRIPTION, GROUP_NAME, OWNER, TENANT_ID, PARENT_PATH, PARENT_GROUP_ID) " +
                       "VALUES (?, ?, ?, ?) RETURNING ID";
             } else {
                 sql = "INSERT INTO DM_GROUP(DESCRIPTION, GROUP_NAME, OWNER, TENANT_ID, PARENT_PATH, STATUS) " +
@@ -79,6 +83,46 @@ public class PostgreSQLGroupDAOImpl extends AbstractGroupDAOImpl {
         }
     }
 
+    @Override
+    public int addGroupWithRoles(DeviceGroupRoleWrapper groups, int tenantId) throws GroupManagementDAOException {
+        int groupId = -1;
+        boolean hasStatus = false;
+        try {
+            Connection conn = GroupManagementDAOFactory.getConnection();
+            String sql;
+            if (StringUtils.isEmpty(groups.getStatus())) {
+                sql = "INSERT INTO DM_GROUP(DESCRIPTION, GROUP_NAME, OWNER, TENANT_ID, PARENT_PATH) " +
+                        "VALUES (?, ?, ?, ?) RETURNING ID";
+            } else {
+                sql = "INSERT INTO DM_GROUP(DESCRIPTION, GROUP_NAME, OWNER, TENANT_ID, PARENT_PATH, STATUS) " +
+                        "VALUES (?, ?, ?, ?, ?) RETURNING ID";
+                hasStatus = true;
+            }
+            try (PreparedStatement stmt = conn.prepareStatement(sql)) {
+                stmt.setString(1, groups.getDescription());
+                stmt.setString(2, groups.getName());
+                stmt.setString(3, groups.getOwner());
+                stmt.setInt(4, tenantId);
+                stmt.setString(5, groups.getParentPath());
+                if (hasStatus) {
+                    stmt.setString(6, groups.getStatus());
+                }
+                stmt.execute();
+                try (ResultSet rs = stmt.getGeneratedKeys()) {
+                    if (rs.next()) {
+                        groupId = rs.getInt(1);
+                    }
+                    return groupId;
+                }
+            }
+        } catch (SQLException e) {
+            String msg = "Error occurred while adding deviceGroup '" +
+                    groups.getName() + "'";
+            log.error(msg);
+            throw new GroupManagementDAOException(msg, e);
+        }
+    }
+
     @Override
     public List<Device> getDevices(int groupId, int startIndex, int rowCount, int tenantId)
             throws GroupManagementDAOException {

components/device-mgt/io.entgra.device.mgt.core.device.mgt.core/src/main/java/io/entgra/device/mgt/core/device/mgt/core/dao/util/GroupManagementDAOUtil.java

@@ -87,6 +87,7 @@ public final class GroupManagementDAOUtil {
         group.setOwner(resultSet.getString("OWNER"));
         group.setStatus(resultSet.getString("STATUS"));
         group.setParentPath(resultSet.getString("PARENT_PATH"));
+        group.setParentGroupId(resultSet.getInt("PARENT_GROUP_ID"));
         return group;
     }
 

components/device-mgt/io.entgra.device.mgt.core.device.mgt.core/src/main/java/io/entgra/device/mgt/core/device/mgt/core/internal/DeviceManagementDataHolder.java

@@ -118,18 +118,18 @@ public class DeviceManagementDataHolder {
 
     public void setRealmService(RealmService realmService) {
         this.realmService = realmService;
-        this.setTenantManager(realmService);
+        setTenantManager(realmService != null ?
+                realmService.getTenantManager() : null);
     }
 
     public TenantManager getTenantManager() {
-        return tenantManager;
+        if (tenantManager == null) {
-    }
+            throw new IllegalStateException("Tenant manager is not initialized properly");
-
-    private void setTenantManager(RealmService realmService) {
-        if (realmService == null) {
-            throw new IllegalStateException("Realm service is not initialized properly");
         }
-        this.tenantManager = realmService.getTenantManager();
+        return tenantManager;    }
+
+    private void setTenantManager(TenantManager tenantManager) {
+        this.tenantManager = tenantManager;
     }
 
     public DeviceManagementProviderService getDeviceManagementProvider() {

components/device-mgt/io.entgra.device.mgt.core.device.mgt.core/src/main/java/io/entgra/device/mgt/core/device/mgt/core/operation/mgt/OperationManagerImpl.java

@@ -19,6 +19,23 @@
 package io.entgra.device.mgt.core.device.mgt.core.operation.mgt;
 
 import io.entgra.device.mgt.core.device.mgt.common.*;
+import com.google.gson.Gson;
+import io.entgra.device.mgt.core.device.mgt.extensions.logger.spi.EntgraLogger;
+import io.entgra.device.mgt.core.notification.logger.DeviceConnectivityLogContext;
+import io.entgra.device.mgt.core.notification.logger.impl.EntgraDeviceConnectivityLoggerImpl;
+import io.entgra.device.mgt.core.notification.logger.impl.EntgraPolicyLoggerImpl;
+import org.apache.commons.lang.StringUtils;
+import org.wso2.carbon.context.CarbonContext;
+import org.wso2.carbon.context.PrivilegedCarbonContext;
+import io.entgra.device.mgt.core.device.mgt.common.ActivityPaginationRequest;
+import io.entgra.device.mgt.core.device.mgt.common.Device;
+import io.entgra.device.mgt.core.device.mgt.common.DeviceIdentifier;
+import io.entgra.device.mgt.core.device.mgt.common.DynamicTaskContext;
+import io.entgra.device.mgt.core.device.mgt.common.EnrolmentInfo;
+import io.entgra.device.mgt.core.device.mgt.common.MonitoringOperation;
+import io.entgra.device.mgt.core.device.mgt.common.OperationMonitoringTaskConfig;
+import io.entgra.device.mgt.core.device.mgt.common.PaginationRequest;
+import io.entgra.device.mgt.core.device.mgt.common.PaginationResult;
 import io.entgra.device.mgt.core.device.mgt.common.authorization.DeviceAccessAuthorizationException;
 import io.entgra.device.mgt.core.device.mgt.common.exceptions.DeviceManagementException;
 import io.entgra.device.mgt.core.device.mgt.common.exceptions.InvalidDeviceException;
@@ -68,7 +85,8 @@ import java.util.concurrent.ThreadPoolExecutor;
  */
 public class OperationManagerImpl implements OperationManager {
 
-    private static final Log log = LogFactory.getLog(OperationManagerImpl.class);
+    DeviceConnectivityLogContext.Builder deviceConnectivityLogContextBuilder = new DeviceConnectivityLogContext.Builder();
+    private static final EntgraLogger log = new EntgraDeviceConnectivityLoggerImpl(OperationManagerImpl.class);
     private static final int CACHE_VALIDITY_PERIOD = 5 * 60 * 1000;
     private static final String NOTIFIER_TYPE_LOCAL = "LOCAL";
     private static final String SYSTEM = "system";
@@ -151,6 +169,8 @@ public class OperationManagerImpl implements OperationManager {
             }
         }
 
+        String tenantId = String.valueOf(PrivilegedCarbonContext.getThreadLocalCarbonContext().getTenantId());
+        String tenantDomain = PrivilegedCarbonContext.getThreadLocalCarbonContext().getTenantDomain();
         DeviceIDHolder deviceValidationResult = DeviceManagerUtil.validateDeviceIdentifiers(deviceIds);
         List<DeviceIdentifier> validDeviceIds = deviceValidationResult.getValidDeviceIDList();
         if (!validDeviceIds.isEmpty()) {
@@ -227,6 +247,10 @@ public class OperationManagerImpl implements OperationManager {
                     activity.setActivityStatus(
                             this.getActivityStatus(deviceValidationResult, deviceAuthorizationResult));
                 }
+                for (DeviceIdentifier deviceId : authorizedDeviceIds) {
+                    device = getDevice(deviceId);
+                    log.info("Operation added", deviceConnectivityLogContextBuilder.setDeviceId(String.valueOf(device.getId())).setDeviceType(deviceType).setActionTag("ADD_OPERATION").setTenantDomain(tenantDomain).setTenantId(tenantId).setUserName(initiatedBy).setOperationCode(operationCode).build());
+                }
                 return activity;
             } catch (OperationManagementDAOException e) {
                 OperationManagementDAOFactory.rollbackTransaction();
@@ -448,6 +472,7 @@ public class OperationManagerImpl implements OperationManager {
                     int failAttempts = 0;
                     while (true) {
                         try {
+                            OperationManagementDAOFactory.beginTransaction();
                             operationMappingDAO.updateOperationMapping(operation.getId(), device.getEnrolmentInfo().getId(),
                                     io.entgra.device.mgt.core.device.mgt.core.dto.operation.mgt.Operation.PushNotificationStatus.SCHEDULED);
                             OperationManagementDAOFactory.commitTransaction();
@@ -470,6 +495,11 @@ public class OperationManagerImpl implements OperationManager {
                             } catch (InterruptedException ignore) {
                                 break;
                             }
+                        } catch (TransactionManagementException ex) {
+                            log.error("Error occurred while initiating the transaction", ex);
+                            break;
+                        } finally {
+                            OperationManagementDAOFactory.closeConnection();
                         }
                     }
                 } catch (Exception e) {
@@ -673,7 +703,9 @@ public class OperationManagerImpl implements OperationManager {
         if (log.isDebugEnabled()) {
             log.debug("Device identifier id:[" + deviceId.getId() + "] type:[" + deviceId.getType() + "]");
         }
-
+        int tenantId = PrivilegedCarbonContext.getThreadLocalCarbonContext().getTenantId();
+        String tenantDomain = PrivilegedCarbonContext.getThreadLocalCarbonContext().getTenantDomain();
+        String userName = PrivilegedCarbonContext.getThreadLocalCarbonContext().getUsername();
         EnrolmentInfo enrolmentInfo = this.getActiveEnrolmentInfo(deviceId);
         if (enrolmentInfo == null) {
             throw new OperationManagementException("Device not found for the given device Identifier:" +
@@ -686,16 +718,25 @@ public class OperationManagerImpl implements OperationManager {
             case INACTIVE:
             case UNREACHABLE:
                 this.setEnrolmentStatus(enrolmentId, EnrolmentInfo.Status.ACTIVE);
-                int tenantId = CarbonContext.getThreadLocalCarbonContext().getTenantId();
                 DeviceCacheManagerImpl.getInstance().removeDeviceFromCache(deviceId, tenantId);
                 break;
         }
-
+        log.info("Device Connected", deviceConnectivityLogContextBuilder
+                .setDeviceId(deviceId.getId())
+                .setDeviceType(deviceId.getType())
+                .setActionTag("PENDING_OPERATION")
+                .setTenantDomain(tenantDomain)
+                .setTenantId(String.valueOf(tenantId))
+                .setUserName(userName)
+                .build());
         return getOperations(deviceId, Operation.Status.PENDING, enrolmentId);
     }
 
     @Override
     public List<? extends Operation> getPendingOperations(Device device) throws OperationManagementException {
+        int tenantId = PrivilegedCarbonContext.getThreadLocalCarbonContext().getTenantId();
+        String tenantDomain = PrivilegedCarbonContext.getThreadLocalCarbonContext().getTenantDomain();
+        String userName = PrivilegedCarbonContext.getThreadLocalCarbonContext().getUsername();
         EnrolmentInfo enrolmentInfo = device.getEnrolmentInfo();
         if (enrolmentInfo == null) {
             throw new OperationManagementException("Device not found for the given device Identifier:" +
@@ -713,10 +754,10 @@ public class OperationManagerImpl implements OperationManager {
                 this.setEnrolmentStatus(enrolmentId, EnrolmentInfo.Status.ACTIVE);
                 enrolmentInfo.setStatus(EnrolmentInfo.Status.ACTIVE);
                 device.setEnrolmentInfo(enrolmentInfo);
-                int tenantId = CarbonContext.getThreadLocalCarbonContext().getTenantId();
                 DeviceCacheManagerImpl.getInstance().addDeviceToCache(deviceIdentifier, device, tenantId);
                 break;
         }
+        log.info("Device Connected", deviceConnectivityLogContextBuilder.setDeviceId(device.getDeviceIdentifier()).setDeviceType(device.getType()).setActionTag("PENDING_OPERATION").setTenantDomain(tenantDomain).setTenantId(String.valueOf(tenantId)).setUserName(userName).build());
         return getOperations(deviceIdentifier, Operation.Status.PENDING, enrolmentId);
     }
 

components/device-mgt/io.entgra.device.mgt.core.device.mgt.core/src/main/java/io/entgra/device/mgt/core/device/mgt/core/otp/mgt/dao/impl/GenericOTPManagementDAOImpl.java

@@ -18,6 +18,7 @@
 
 package io.entgra.device.mgt.core.device.mgt.core.otp.mgt.dao.impl;
 
+import io.entgra.device.mgt.core.device.mgt.common.DeviceManagementConstants;
 import io.entgra.device.mgt.core.device.mgt.common.exceptions.DBConnectionException;
 import io.entgra.device.mgt.core.device.mgt.common.otp.mgt.dto.OneTimePinDTO;
 import io.entgra.device.mgt.core.device.mgt.core.otp.mgt.dao.AbstractDAOImpl;
@@ -25,7 +26,12 @@ import io.entgra.device.mgt.core.device.mgt.core.otp.mgt.dao.OTPManagementDAO;
 import io.entgra.device.mgt.core.device.mgt.core.otp.mgt.exception.OTPManagementDAOException;
 import org.apache.commons.logging.Log;
 import org.apache.commons.logging.LogFactory;
-
+import org.wso2.carbon.device.mgt.common.DeviceManagementConstants;
+import org.wso2.carbon.device.mgt.common.exceptions.DBConnectionException;
+import org.wso2.carbon.device.mgt.common.otp.mgt.dto.OneTimePinDTO;
+import org.wso2.carbon.device.mgt.core.otp.mgt.dao.AbstractDAOImpl;
+import org.wso2.carbon.device.mgt.core.otp.mgt.dao.OTPManagementDAO;
+import org.wso2.carbon.device.mgt.core.otp.mgt.exception.OTPManagementDAOException;
 import java.sql.*;
 import java.util.Calendar;
 import java.util.List;
@@ -51,7 +57,8 @@ public class GenericOTPManagementDAOImpl extends AbstractDAOImpl implements OTPM
                 + "META_INFO, "
                 + "CREATED_AT,"
                 + "TENANT_ID,"
-                + "USERNAME) VALUES (?, ?, ?, ?, ?, ?, ?)";
+                + "USERNAME, "
+                + "EXPIRY_TIME) VALUES (?, ?, ?, ?, ?, ?, ?, ?)";
         try {
             Connection conn = this.getDBConnection();
             Calendar calendar = Calendar.getInstance();
@@ -65,6 +72,8 @@ public class GenericOTPManagementDAOImpl extends AbstractDAOImpl implements OTPM
                     stmt.setTimestamp(5, timestamp);
                     stmt.setInt(6, oneTimePinDTO.getTenantId());
                     stmt.setString(7, oneTimePinDTO.getUsername());
+                    stmt.setInt(8, oneTimePinDTO.getExpiryTime() == 0
+                            ? DeviceManagementConstants.OTPProperties.OTP_DEFAULT_EXPIRY_SECONDS : oneTimePinDTO.getExpiryTime());
                     stmt.addBatch();
                 }
                 stmt.executeBatch();

components/device-mgt/io.entgra.device.mgt.core.device.mgt.core/src/main/java/io/entgra/device/mgt/core/device/mgt/core/otp/mgt/service/OTPManagementServiceImpl.java

@@ -117,7 +117,8 @@ public class OTPManagementServiceImpl implements OTPManagementService {
     }
 
     @Override
-    public OneTimePinDTO isValidOTP(String oneTimeToken) throws OTPManagementException, BadRequestException {
+    public OneTimePinDTO isValidOTP(String oneTimeToken, boolean requireRenewal) throws OTPManagementException,
+            BadRequestException {
         if (StringUtils.isBlank(oneTimeToken)){
             String msg = "Received blank OTP to verify. OTP: " + oneTimeToken;
             log.error(msg);
@@ -141,17 +142,19 @@ public class OTPManagementServiceImpl implements OTPManagementService {
                 oneTimePinDTO.getCreatedAt().getTime() + oneTimePinDTO.getExpiryTime() * 1000L);
 
         if (currentTimestamp.after(expiredTimestamp)) {
-            String renewedOTP = UUID.randomUUID().toString();
+            if (requireRenewal) {
-            renewOTP(oneTimePinDTO, renewedOTP);
+                String renewedOTP = UUID.randomUUID().toString();
-            Gson gson = new Gson();
+                renewOTP(oneTimePinDTO, renewedOTP);
-            Tenant tenant = gson.fromJson(oneTimePinDTO.getMetaInfo(), Tenant.class);
+                Gson gson = new Gson();
+                Tenant tenant = gson.fromJson(oneTimePinDTO.getMetaInfo(), Tenant.class);
 
-            Properties props = new Properties();
+                Properties props = new Properties();
-            props.setProperty("first-name", tenant.getAdminFirstName());
+                props.setProperty("first-name", tenant.getAdminFirstName());
-            props.setProperty("otp-token", renewedOTP);
+                props.setProperty("otp-token", renewedOTP);
-            props.setProperty("email", oneTimePinDTO.getEmail());
+                props.setProperty("email", oneTimePinDTO.getEmail());
-            props.setProperty("type", oneTimePinDTO.getEmailType());
+                props.setProperty("type", oneTimePinDTO.getEmailType());
-            sendMail(props, oneTimePinDTO.getEmail(), DeviceManagementConstants.EmailAttributes.USER_VERIFY_TEMPLATE);
+                sendMail(props, oneTimePinDTO.getEmail(), DeviceManagementConstants.EmailAttributes.USER_VERIFY_TEMPLATE);
+            }
             return null;
         }
         return oneTimePinDTO;
@@ -224,9 +227,6 @@ public class OTPManagementServiceImpl implements OTPManagementService {
                 }
             }
         }
-        int tenantId = CarbonContext.getThreadLocalCarbonContext().getTenantId();
-        OneTimePinDTO oneTimePinDTO;
-        List<OneTimePinDTO> oneTimePinDTOList = new ArrayList<>();
         Properties props = new Properties();
         props.setProperty("enrollment-steps", enrollmentSteps.toString());
         try {
@@ -234,16 +234,11 @@ public class OTPManagementServiceImpl implements OTPManagementService {
             for (String username : deviceEnrollmentInvitation.getUsernames()) {
                 String emailAddress = DeviceManagerUtil.getUserClaimValue(
                         username, DeviceManagementConstants.User.CLAIM_EMAIL_ADDRESS);
-                oneTimePinDTO = generateOneTimePin(emailAddress, OTPEmailTypes.DEVICE_ENROLLMENT.toString(), username,
-                        null, tenantId, false);
-                oneTimePinDTOList.add(oneTimePinDTO);
                 props.setProperty("first-name", DeviceManagerUtil.
                         getUserClaimValue(username, DeviceManagementConstants.User.CLAIM_FIRST_NAME));
                 props.setProperty("username", username);
-                props.setProperty("otp-token", oneTimePinDTO.getOtpToken());
                 sendMail(props, emailAddress, DeviceManagementConstants.EmailAttributes.USER_ENROLLMENT_TEMPLATE);
             }
-            this.otpManagementDAO.addOTPData(oneTimePinDTOList);
             ConnectionManagerUtil.commitDBTransaction();
         } catch (UserStoreException e) {
             String msg = "Error occurred while getting claim values to invite user";
@@ -257,11 +252,6 @@ public class OTPManagementServiceImpl implements OTPManagementService {
             String msg = "SQL Error occurred when adding OPT data to send device enrollment Invitation.";
             log.error(msg, e);
             throw new OTPManagementException(msg, e);
-        } catch (OTPManagementDAOException e) {
-            ConnectionManagerUtil.rollbackDBTransaction();
-            String msg = "Error occurred while saving the OTP data.";
-            log.error(msg, e);
-            throw new OTPManagementException(msg, e);
         } finally {
             ConnectionManagerUtil.closeDBConnection();
         }
@@ -269,27 +259,17 @@ public class OTPManagementServiceImpl implements OTPManagementService {
 
     /**
      * Create One Time Token
-     * @param email email
+     * @param oneTimePinDTO Data related to the one time pin
-     * @param emailType email type
-     * @param userName username
-     * @param metaDataObj meta data object
-     * @param tenantId tenant Id
      * @return {@link OneTimePinDTO}
      */
     @Override
-    public OneTimePinDTO generateOneTimePin(String email, String emailType, String userName, Object metaDataObj,
+    public OneTimePinDTO generateOneTimePin(OneTimePinDTO oneTimePinDTO, boolean persistPin) throws OTPManagementException {
-                                            int tenantId, boolean persistPin) throws OTPManagementException {
 
         String otpValue = UUID.randomUUID().toString();
 
         Gson gson = new Gson();
-        String metaInfo = gson.toJson(metaDataObj);
+        String metaInfo = gson.toJson(oneTimePinDTO.getMetaInfo());
 
-        OneTimePinDTO oneTimePinDTO = new OneTimePinDTO();
-        oneTimePinDTO.setEmail(email);
-        oneTimePinDTO.setTenantId(tenantId);
-        oneTimePinDTO.setUsername(userName);
-        oneTimePinDTO.setEmailType(emailType);
         oneTimePinDTO.setMetaInfo(metaInfo);
         oneTimePinDTO.setOtpToken(otpValue);
 

components/device-mgt/io.entgra.device.mgt.core.device.mgt.core/src/main/java/io/entgra/device/mgt/core/device/mgt/core/service/DeviceManagementProviderServiceImpl.java

@@ -21,6 +21,30 @@ package io.entgra.device.mgt.core.device.mgt.core.service;
 import com.google.common.reflect.TypeToken;
 import com.google.gson.Gson;
 import io.entgra.device.mgt.core.device.mgt.common.*;
+import io.entgra.device.mgt.core.device.mgt.extensions.logger.spi.EntgraLogger;
+import io.entgra.device.mgt.core.notification.logger.DeviceEnrolmentLogContext;
+import io.entgra.device.mgt.core.notification.logger.impl.EntgraDeviceEnrolmentLoggerImpl;
+import org.apache.commons.collections.map.SingletonMap;
+import org.apache.commons.lang.StringUtils;
+import io.entgra.device.mgt.core.device.mgt.common.ActivityPaginationRequest;
+import io.entgra.device.mgt.core.device.mgt.common.Billing;
+import io.entgra.device.mgt.core.device.mgt.common.Device;
+import io.entgra.device.mgt.core.device.mgt.common.DeviceEnrollmentInfoNotification;
+import io.entgra.device.mgt.core.device.mgt.common.DeviceIdentifier;
+import io.entgra.device.mgt.core.device.mgt.common.DeviceManager;
+import io.entgra.device.mgt.core.device.mgt.common.DeviceNotification;
+import io.entgra.device.mgt.core.device.mgt.common.DevicePropertyNotification;
+import io.entgra.device.mgt.core.device.mgt.common.DeviceTransferRequest;
+import io.entgra.device.mgt.core.device.mgt.common.DynamicTaskContext;
+import io.entgra.device.mgt.core.device.mgt.common.EnrolmentInfo;
+import io.entgra.device.mgt.core.device.mgt.common.FeatureManager;
+import io.entgra.device.mgt.core.device.mgt.common.InitialOperationConfig;
+import io.entgra.device.mgt.core.device.mgt.common.MonitoringOperation;
+import io.entgra.device.mgt.core.device.mgt.common.OperationMonitoringTaskConfig;
+import io.entgra.device.mgt.core.device.mgt.common.PaginationRequest;
+import io.entgra.device.mgt.core.device.mgt.common.PaginationResult;
+import io.entgra.device.mgt.core.device.mgt.common.StartupOperationConfig;
+import io.entgra.device.mgt.core.device.mgt.common.BillingResponse;
 import io.entgra.device.mgt.core.device.mgt.common.app.mgt.Application;
 import io.entgra.device.mgt.core.device.mgt.common.app.mgt.ApplicationManagementException;
 import io.entgra.device.mgt.core.device.mgt.common.configuration.mgt.*;
@@ -111,13 +135,27 @@ import java.sql.SQLException;
 import java.sql.Timestamp;
 import java.time.LocalDateTime;
 import java.util.*;
+import java.time.LocalTime;
+import java.util.ArrayList;
+import java.util.Calendar;
+import java.util.Collection;
+import java.util.Collections;
+import java.util.Date;
+import java.util.Enumeration;
+import java.util.HashMap;
+import java.util.HashSet;
+import java.util.List;
+import java.util.Map;
+import java.util.Properties;
 import java.util.concurrent.TimeUnit;
 import java.util.stream.Collectors;
 
 public class DeviceManagementProviderServiceImpl implements DeviceManagementProviderService,
         PluginInitializationListener {
 
-    private static final Log log = LogFactory.getLog(DeviceManagementProviderServiceImpl.class);
+    DeviceEnrolmentLogContext.Builder deviceEnrolmentLogContextBuilder = new DeviceEnrolmentLogContext.Builder();
+
+    private static final EntgraLogger log = new EntgraDeviceEnrolmentLoggerImpl(DeviceManagementProviderServiceImpl.class);
 
     private static final String OPERATION_RESPONSE_EVENT_STREAM_DEFINITION = "org.wso2.iot.OperationResponseStream";
     private final DeviceManagementPluginRepository pluginRepository;
@@ -205,6 +243,8 @@ public class DeviceManagementProviderServiceImpl implements DeviceManagementProv
             }
             return false;
         }
+        String tenantDomain = PrivilegedCarbonContext.getThreadLocalCarbonContext().getTenantDomain();
+        String userName = PrivilegedCarbonContext.getThreadLocalCarbonContext().getUsername();
         EnrollmentConfiguration enrollmentConfiguration = DeviceManagerUtil.getEnrollmentConfigurationEntry();
         String deviceSerialNumber = null;
         if (enrollmentConfiguration != null) {
@@ -291,6 +331,15 @@ public class DeviceManagementProviderServiceImpl implements DeviceManagementProv
                                         device.getType() + " upon the user '" + device.getEnrolmentInfo().getOwner() +
                                         "'");
                             }
+                            log.info("Device enrolled successfully", deviceEnrolmentLogContextBuilder
+                                    .setDeviceId(String.valueOf(existingDevice.getId()))
+                                    .setDeviceType(String.valueOf(existingDevice.getType()))
+                                    .setOwner(newEnrolmentInfo.getOwner())
+                                    .setOwnership(String.valueOf(newEnrolmentInfo.getOwnership()))
+                                    .setTenantID(String.valueOf(tenantId))
+                                    .setTenantDomain(tenantDomain)
+                                    .setUserName(userName)
+                                    .build());
                             status = true;
                         } else {
                             log.warn("Unable to update device enrollment for device : " + device.getDeviceIdentifier() +
@@ -327,6 +376,7 @@ public class DeviceManagementProviderServiceImpl implements DeviceManagementProv
                     }
                     device.setEnrolmentInfo(enrollment);
                     DeviceManagementDAOFactory.commitTransaction();
+                    log.info("Device enrolled successfully", deviceEnrolmentLogContextBuilder.setDeviceId(String.valueOf(device.getId())).setDeviceType(String.valueOf(device.getType())).setOwner(enrollment.getOwner()).setOwnership(String.valueOf(enrollment.getOwnership())).setTenantID(String.valueOf(tenantId)).setTenantDomain(tenantDomain).setUserName(userName).build());
                 } else {
                     DeviceManagementDAOFactory.rollbackTransaction();
                     throw new DeviceManagementException("No device type registered with name - " + device.getType()
@@ -404,6 +454,8 @@ public class DeviceManagementProviderServiceImpl implements DeviceManagementProv
         if (log.isDebugEnabled()) {
             log.debug("Modifying enrollment for device: " + device.getId() + " of type '" + device.getType() + "'");
         }
+        String tenantDomain = PrivilegedCarbonContext.getThreadLocalCarbonContext().getTenantDomain();
+        String userName = PrivilegedCarbonContext.getThreadLocalCarbonContext().getUsername();
         DeviceManager deviceManager = this.getDeviceManager(device.getType());
         DeviceIdentifier deviceIdentifier = new DeviceIdentifier(device.getDeviceIdentifier(), device.getType());
         if (deviceManager == null) {
@@ -432,6 +484,7 @@ public class DeviceManagementProviderServiceImpl implements DeviceManagementProv
             enrollmentDAO.updateEnrollment(device.getEnrolmentInfo(), tenantId);
 
             DeviceManagementDAOFactory.commitTransaction();
+            log.info("Device enrolled successfully", deviceEnrolmentLogContextBuilder.setDeviceId(String.valueOf(currentDevice.getId())).setDeviceType(String.valueOf(currentDevice.getType())).setOwner(currentDevice.getEnrolmentInfo().getOwner()).setOwnership(String.valueOf(currentDevice.getEnrolmentInfo().getOwnership())).setTenantID(String.valueOf(tenantId)).setTenantDomain(tenantDomain).setUserName(userName).build());
             this.removeDeviceFromCache(deviceIdentifier);
         } catch (DeviceManagementDAOException e) {
             DeviceManagementDAOFactory.rollbackTransaction();
@@ -515,7 +568,8 @@ public class DeviceManagementProviderServiceImpl implements DeviceManagementProv
         }
 
         int tenantId = this.getTenantId();
-
+        String tenantDomain = PrivilegedCarbonContext.getThreadLocalCarbonContext().getTenantDomain();
+        String userName = PrivilegedCarbonContext.getThreadLocalCarbonContext().getUsername();
         Device device = this.getDevice(deviceId, false);
         if (device == null) {
             if (log.isDebugEnabled()) {
@@ -549,7 +603,7 @@ public class DeviceManagementProviderServiceImpl implements DeviceManagementProv
                 }
             }
             //procees to dis-enroll a device from traccar ends
-
+            log.info("Device disenrolled successfully", deviceEnrolmentLogContextBuilder.setDeviceId(String.valueOf(device.getId())).setDeviceType(String.valueOf(device.getType())).setOwner(device.getEnrolmentInfo().getOwner()).setOwnership(String.valueOf(device.getEnrolmentInfo().getOwnership())).setTenantID(String.valueOf(tenantId)).setTenantDomain(tenantDomain).setUserName(userName).build());
         } catch (DeviceManagementDAOException e) {
             DeviceManagementDAOFactory.rollbackTransaction();
             String msg = "Error occurred while dis-enrolling '" + deviceId.getType() +
@@ -1006,7 +1060,15 @@ public class DeviceManagementProviderServiceImpl implements DeviceManagementProv
                                     dateDiff = endDate.getTime() - device.getEnrolmentInfo().getDateOfEnrolment();
                                 }
                             }
-                            long dateInDays = TimeUnit.DAYS.convert(dateDiff, TimeUnit.MILLISECONDS);
+
+                            // Convert dateDiff to days as a decimal value
+                            double dateDiffInDays = (double) dateDiff / (24 * 60 * 60 * 1000);
+
+                            if (dateDiffInDays % 1 >= 0.9) {
+                                dateDiffInDays = Math.ceil(dateDiffInDays);
+                            }
+
+                            long dateInDays = (long) dateDiffInDays;
                             double cost = (tenantCost.getCost() / 365) * dateInDays;
                             totalCost += cost;
                             device.setCost(Math.round(cost * 100.0) / 100.0);
@@ -1073,9 +1135,13 @@ public class DeviceManagementProviderServiceImpl implements DeviceManagementProv
 
                 long difference_In_Days = (difference_In_Time / (1000 * 60 * 60 * 24)) % 365;
 
+                if (difference_In_Time % (1000 * 60 * 60 * 24) >= 0.9 * (1000 * 60 * 60 * 24)) {
+                    difference_In_Days++;
+                }
+
                 for (int i = 1; i <= difference_In_Years; i++) {
                     List<Device> allDevicesPerYear = new ArrayList<>();
-                    LocalDateTime oneYearAfterStart = startDate.toLocalDateTime().plusYears(1);
+                    LocalDateTime oneYearAfterStart = startDate.toLocalDateTime().plusYears(1).with(LocalTime.of(23, 59, 59));;
                     Timestamp newStartDate;
                     Timestamp newEndDate;
 
@@ -1084,14 +1150,12 @@ public class DeviceManagementProviderServiceImpl implements DeviceManagementProv
                             remainingDaysConsidered = true;
                             oneYearAfterStart = startDate.toLocalDateTime();
                             newEndDate = endDate;
-                        } else if (Timestamp.valueOf(oneYearAfterStart).getTime() >= endDate.getTime()) {
-                            newEndDate = Timestamp.valueOf(oneYearAfterStart);
                         } else {
-                            oneYearAfterStart = startDate.toLocalDateTime().plusYears(1);
+                            oneYearAfterStart = startDate.toLocalDateTime().plusYears(1).with(LocalTime.of(23, 59, 59));;
                             newEndDate = Timestamp.valueOf(oneYearAfterStart);
                         }
                     } else {
-                        oneYearAfterStart = startDate.toLocalDateTime().plusYears(1);
+                        oneYearAfterStart = startDate.toLocalDateTime().plusYears(1).with(LocalTime.of(23, 59, 59));;
                         newEndDate = Timestamp.valueOf(oneYearAfterStart);
                     }
 
@@ -1114,7 +1178,7 @@ public class DeviceManagementProviderServiceImpl implements DeviceManagementProv
                     allDevices.addAll(billingResponse.getDevice());
                     totalCost = totalCost + billingResponse.getTotalCostPerYear();
                     deviceCount = deviceCount + billingResponse.getDeviceCount();
-                    LocalDateTime nextStartDate = oneYearAfterStart.plusDays(1);
+                    LocalDateTime nextStartDate = oneYearAfterStart.plusDays(1).with(LocalTime.of(00, 00, 00));
                     startDate = Timestamp.valueOf(nextStartDate);
                 }
 

components/device-mgt/io.entgra.device.mgt.core.device.mgt.core/src/main/java/io/entgra/device/mgt/core/device/mgt/core/service/GroupManagementProviderService.java

@@ -24,6 +24,15 @@ import io.entgra.device.mgt.core.device.mgt.common.GroupPaginationRequest;
 import io.entgra.device.mgt.core.device.mgt.common.PaginationResult;
 import io.entgra.device.mgt.core.device.mgt.common.exceptions.DeviceNotFoundException;
 import io.entgra.device.mgt.core.device.mgt.common.group.mgt.*;
+import io.entgra.device.mgt.core.device.mgt.common.group.mgt.DeviceGroup;
+import io.entgra.device.mgt.core.device.mgt.common.group.mgt.DeviceGroupRoleWrapper;
+import io.entgra.device.mgt.core.device.mgt.common.group.mgt.DeviceTypesOfGroups;
+import io.entgra.device.mgt.core.device.mgt.common.group.mgt.GroupAlreadyExistException;
+import io.entgra.device.mgt.core.device.mgt.common.group.mgt.GroupManagementException;
+import io.entgra.device.mgt.core.device.mgt.common.group.mgt.GroupNotExistException;
+import io.entgra.device.mgt.core.device.mgt.common.group.mgt.RoleDoesNotExistException;
+import org.wso2.carbon.user.api.AuthorizationManager;
+import org.wso2.carbon.user.api.UserStoreManager;
 
 import java.util.List;
 
@@ -43,6 +52,16 @@ public interface GroupManagementProviderService {
     void createGroup(DeviceGroup deviceGroup, String defaultRole,
                      String[] defaultPermissions) throws GroupManagementException, GroupAlreadyExistException;
 
+    /**
+     * Add new device group and create default role with default permissions.
+     *
+     * @param groups             to add
+     * @param defaultRole        of the deviceGroup
+     * @param defaultPermissions of the default role
+     * @throws GroupManagementException
+     */
+    void createGroupWithRoles(DeviceGroupRoleWrapper groups, String defaultRole, String[] defaultPermissions) throws  GroupAlreadyExistException,GroupManagementException, RoleDoesNotExistException;
+
     /**
      * Update existing device group.
      *
@@ -63,6 +82,18 @@ public interface GroupManagementProviderService {
      */
     boolean deleteGroup(int groupId, boolean isDeleteChildren) throws GroupManagementException;
 
+    /**
+     * Delete existing device group.
+     *
+     * @param role                 to be deleted with the userStore name.
+     * @param roleToDelete       to delete the role.
+     * @param tenantId             to belongs to roles.
+     * @param userStoreManager     with details.
+     * @param authorizationManager with details.
+     * @throws GroupManagementException
+     */
+    void deleteRoleAndRoleGroupMapping(String role, String roleToDelete, int tenantId, UserStoreManager userStoreManager, AuthorizationManager authorizationManager) throws GroupManagementException;
+
     /**
      * Get the device group provided the device group id.
      *

components/device-mgt/io.entgra.device.mgt.core.device.mgt.core/src/main/java/io/entgra/device/mgt/core/device/mgt/core/service/GroupManagementProviderServiceImpl.java

@@ -19,6 +19,23 @@
 package io.entgra.device.mgt.core.device.mgt.core.service;
 
 import io.entgra.device.mgt.core.device.mgt.common.*;
+import io.entgra.device.mgt.core.device.mgt.common.group.mgt.DeviceGroup;
+import io.entgra.device.mgt.core.device.mgt.common.group.mgt.DeviceGroupConstants;
+import io.entgra.device.mgt.core.device.mgt.common.group.mgt.DeviceGroupRoleWrapper;
+import io.entgra.device.mgt.core.device.mgt.common.group.mgt.DeviceTypesOfGroups;
+import io.entgra.device.mgt.core.device.mgt.common.group.mgt.GroupAlreadyExistException;
+import io.entgra.device.mgt.core.device.mgt.common.group.mgt.GroupManagementException;
+import io.entgra.device.mgt.core.device.mgt.common.group.mgt.GroupNotExistException;
+import io.entgra.device.mgt.core.device.mgt.common.group.mgt.RoleDoesNotExistException;
+import io.entgra.device.mgt.core.device.mgt.core.dao.DeviceDAO;
+import io.entgra.device.mgt.core.device.mgt.core.dao.DeviceManagementDAOException;
+import io.entgra.device.mgt.core.device.mgt.core.dao.DeviceManagementDAOFactory;
+import io.entgra.device.mgt.core.device.mgt.core.dao.GroupDAO;
+import io.entgra.device.mgt.core.device.mgt.core.dao.GroupManagementDAOException;
+import io.entgra.device.mgt.core.device.mgt.core.dao.GroupManagementDAOFactory;
+import io.entgra.device.mgt.core.device.mgt.common.Device;
+import io.entgra.device.mgt.core.device.mgt.common.DeviceIdentifier;
+import io.entgra.device.mgt.core.device.mgt.common.DeviceManagementConstants;
 import io.entgra.device.mgt.core.device.mgt.common.exceptions.DeviceManagementException;
 import io.entgra.device.mgt.core.device.mgt.common.exceptions.DeviceNotFoundException;
 import io.entgra.device.mgt.core.device.mgt.common.exceptions.TransactionManagementException;
@@ -35,12 +52,20 @@ import org.apache.commons.logging.LogFactory;
 import org.wso2.carbon.CarbonConstants;
 import org.wso2.carbon.context.CarbonContext;
 import org.wso2.carbon.context.PrivilegedCarbonContext;
+import io.entgra.device.mgt.core.device.mgt.common.GroupPaginationRequest;
+import io.entgra.device.mgt.core.device.mgt.common.PaginationResult;
+import org.wso2.carbon.user.api.AuthorizationManager;
 import org.wso2.carbon.user.api.UserRealm;
 import org.wso2.carbon.user.api.UserStoreException;
 import org.wso2.carbon.user.api.UserStoreManager;
 
 import java.sql.SQLException;
 import java.util.*;
+import java.util.ArrayList;
+import java.util.HashMap;
+import java.util.Iterator;
+import java.util.List;
+import java.util.Map;
 import java.util.concurrent.ExecutorService;
 import java.util.stream.Collectors;
 
@@ -125,6 +150,59 @@ public class GroupManagementProviderServiceImpl implements GroupManagementProvid
         }
     }
 
+    public void createGroupWithRoles(DeviceGroupRoleWrapper groups, String defaultRole, String[] defaultPermissions) throws GroupAlreadyExistException, GroupManagementException {
+        if (groups == null) {
+            String msg = "Received incomplete data for createGroup";
+            log.error(msg);
+            throw new GroupManagementException(msg);
+        }
+        if (log.isDebugEnabled()) {
+            log.debug("Creating group '" + groups.getName() + "'");
+        }
+        int tenantId = CarbonContext.getThreadLocalCarbonContext().getTenantId();
+        try {
+            GroupManagementDAOFactory.beginTransaction();
+            DeviceGroup existingGroup = this.groupDAO.getGroup(groups.getName(), tenantId);
+            if (existingGroup == null) {
+                if (groups.getParentGroupId() == 0) {
+                    groups.setParentPath(DeviceGroupConstants.HierarchicalGroup.SEPERATOR);
+                } else {
+                    DeviceGroup immediateParentGroup = groupDAO.getGroup(groups.getParentGroupId(), tenantId);
+                    if (immediateParentGroup == null) {
+                        GroupManagementDAOFactory.rollbackTransaction();
+                        String msg = "Parent group with group ID '" + groups.getParentGroupId() + "' does not exist.  Hence creating of group '" + groups.getName() + "' was not success";
+                        log.error(msg);
+                        throw new GroupManagementException(msg);
+                    }
+                    String parentPath = DeviceManagerUtil.createParentPath(immediateParentGroup);
+                    groups.setParentPath(parentPath);
+                }
+                int updatedGroupID = this.groupDAO.addGroupWithRoles(groups, tenantId);
+                if (groups.getGroupProperties() != null && groups.getGroupProperties().size() > 0) {
+                    this.groupDAO.addGroupPropertiesWithRoles(groups, updatedGroupID, tenantId);
+                }
+                GroupManagementDAOFactory.commitTransaction();
+            } else {
+                throw new GroupAlreadyExistException("Group already exists with name : " + groups.getName() + " Try with another group name.");
+            }
+        } catch (GroupManagementDAOException e) {
+            GroupManagementDAOFactory.rollbackTransaction();
+            String msg = e.getMessage();
+            log.error(msg, e);
+            throw new GroupManagementException(msg, e);
+        } catch (TransactionManagementException e) {
+            String msg = "Error occurred while initiating transaction.";
+            log.error(msg, e);
+            throw new GroupManagementException(msg, e);
+        } finally {
+            GroupManagementDAOFactory.closeConnection();
+        }
+
+        if (log.isDebugEnabled()) {
+            log.debug("DeviceGroup added: " + groups.getName());
+        }
+    }
+
     /**
      * {@inheritDoc}
      */
@@ -236,6 +314,13 @@ public class GroupManagementProviderServiceImpl implements GroupManagementProvid
                             newParentPath = DeviceGroupConstants.HierarchicalGroup.SEPERATOR;
                         }
                         childrenGroup.setParentPath(newParentPath);
+                        if (!DeviceGroupConstants.HierarchicalGroup.SEPERATOR.equals(newParentPath)) {
+                            String[] groupIds = newParentPath.split(DeviceGroupConstants.HierarchicalGroup.SEPERATOR);
+                            int latestGroupId = Integer.parseInt(groupIds[groupIds.length - 1]);
+                            childrenGroup.setParentGroupId(latestGroupId);
+                        } else {
+                            childrenGroup.setParentGroupId(0);
+                        }
                     }
                 }
             }
@@ -276,6 +361,40 @@ public class GroupManagementProviderServiceImpl implements GroupManagementProvid
         }
     }
 
+    /**
+     * {@inheritDoc}
+     */
+    @Override
+    public void deleteRoleAndRoleGroupMapping(String roleName, String roleToDelete, int tenantId, UserStoreManager userStoreManager, AuthorizationManager authorizationManager) throws GroupManagementException {
+        if (log.isDebugEnabled()) {
+            log.debug("Delete roles");
+        }
+        try {
+            GroupManagementDAOFactory.beginTransaction();
+            groupDAO.deleteGroupsMapping(roleToDelete, tenantId);
+            userStoreManager.deleteRole(roleName);
+            // Delete all authorizations for the current role before deleting
+            authorizationManager.clearRoleAuthorization(roleName);
+            GroupManagementDAOFactory.commitTransaction();
+        } catch (UserStoreException e) {
+            GroupManagementDAOFactory.rollbackTransaction();
+            String msg = "Error occurred while deleting the role '" + roleName + "'";
+            log.error(msg, e);
+            throw new GroupManagementException(msg, e);
+        } catch (TransactionManagementException e) {
+            String msg = "Error occurred while initiating transaction.";
+            log.error(msg, e);
+            throw new GroupManagementException(msg, e);
+        } catch (GroupManagementDAOException e) {
+            GroupManagementDAOFactory.rollbackTransaction();
+            String msg = "Error occurred while deleting the role";
+            log.error(msg, e);
+            throw new GroupManagementException(msg, e);
+        } finally {
+            GroupManagementDAOFactory.closeConnection();
+        }
+    }
+
     /**
      * {@inheritDoc}
      */
@@ -442,7 +561,7 @@ public class GroupManagementProviderServiceImpl implements GroupManagementProvid
 
     @Override
     public PaginationResult getGroupsWithHierarchy(String username, GroupPaginationRequest request,
-            boolean requireGroupProps) throws GroupManagementException {
+                                                   boolean requireGroupProps) throws GroupManagementException {
         if (request == null) {
             String msg = "Received incomplete data for retrieve groups with hierarchy";
             log.error(msg);
@@ -451,6 +570,7 @@ public class GroupManagementProviderServiceImpl implements GroupManagementProvid
         if (log.isDebugEnabled()) {
             log.debug("Get groups with hierarchy " + request.toString());
         }
+        boolean isWithParentPath = false;
         DeviceManagerUtil.validateGroupListPageSize(request);
         List<DeviceGroup> rootGroups;
         try {
@@ -462,7 +582,7 @@ public class GroupManagementProviderServiceImpl implements GroupManagementProvid
             } else {
                 List<Integer> allDeviceGroupIdsOfUser = getGroupIds(username);
                 GroupManagementDAOFactory.openConnection();
-                rootGroups = this.groupDAO.getGroups(request, allDeviceGroupIdsOfUser, tenantId);
+                rootGroups = this.groupDAO.getGroups(request, allDeviceGroupIdsOfUser, tenantId, isWithParentPath);
             }
             String parentPath;
             List<DeviceGroup> childrenGroups;
@@ -1283,7 +1403,7 @@ public class GroupManagementProviderServiceImpl implements GroupManagementProvid
      * @throws GroupManagementDAOException on error during population of group properties.
      */
     private void createGroupWithChildren(DeviceGroup parentGroup, List<DeviceGroup> childrenGroups,
-            boolean requireGroupProps, int tenantId, int depth, int counter) throws GroupManagementDAOException {
+                                         boolean requireGroupProps, int tenantId, int depth, int counter) throws GroupManagementDAOException {
         if (childrenGroups.isEmpty() || depth == counter) {
             return;
         }

components/device-mgt/io.entgra.device.mgt.core.device.mgt.core/src/test/resources/sql/h2.sql

@@ -16,6 +16,7 @@ CREATE TABLE IF NOT EXISTS DM_GROUP (
   OWNER               VARCHAR(45)  DEFAULT NULL,
   PARENT_PATH VARCHAR(255) DEFAULT NULL,
   TENANT_ID           INTEGER      DEFAULT 0,
+  PARENT_GROUP_ID     INTEGER      DEFAULT 0,
   PRIMARY KEY (ID)
 );
 

components/device-mgt/io.entgra.device.mgt.core.device.mgt.extensions/pom.xml

@@ -22,7 +22,7 @@
     <parent>
         <artifactId>device-mgt</artifactId>
         <groupId>io.entgra.device.mgt.core</groupId>
-        <version>5.0.26-SNAPSHOT</version>
+        <version>5.0.27-SNAPSHOT</version>
         <relativePath>../pom.xml</relativePath>
     </parent>
 
@@ -78,7 +78,7 @@
         </dependency>
         <dependency>
             <groupId>org.powermock</groupId>
-            <artifactId>powermock-api-mockito</artifactId>
+            <artifactId>powermock-api-mockito2</artifactId>
             <scope>test</scope>
         </dependency>
         <dependency>

components/device-mgt/io.entgra.device.mgt.core.device.mgt.url.printer/pom.xml

@@ -23,7 +23,7 @@
     <parent>
         <artifactId>device-mgt</artifactId>
         <groupId>io.entgra.device.mgt.core</groupId>
-        <version>5.0.26-SNAPSHOT</version>
+        <version>5.0.27-SNAPSHOT</version>
         <relativePath>../pom.xml</relativePath>
     </parent>
 

components/device-mgt/org.wso2.carbon.device.mgt.core/src/main/java/org/wso2/carbon/device/mgt/core/common/exception/StorageManagementException.java

@@ -0,0 +1,32 @@
+/* Copyright (c) 2023, Entgra (Pvt) Ltd. (http://www.entgra.io) All Rights Reserved.
+ *
+ * Entgra (Pvt) Ltd. licenses this file to you under the Apache License,
+ * Version 2.0 (the "License"); you may not use this file except
+ * in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ *    http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing,
+ * software distributed under the License is distributed on an
+ * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+ * KIND, either express or implied. See the License for the
+ * specific language governing permissions and limitations
+ * under the License.
+ */
+
+package org.wso2.carbon.device.mgt.core.common.exception;
+
+/**
+ * Represents the exception thrown during storing and retrieving the artifacts.
+ */
+public class StorageManagementException extends Exception {
+    public StorageManagementException(String message, Throwable ex) {
+        super(message, ex);
+    }
+
+    public StorageManagementException(String message) {
+        super(message);
+    }
+}
+

components/device-mgt/pom.xml

@@ -22,7 +22,7 @@
     <parent>
         <groupId>io.entgra.device.mgt.core</groupId>
         <artifactId>io.entgra.device.mgt.core.parent</artifactId>
-        <version>5.0.26-SNAPSHOT</version>
+        <version>5.0.27-SNAPSHOT</version>
         <relativePath>../../pom.xml</relativePath>
     </parent>
 

components/heartbeat-management/io.entgra.device.mgt.core.server.bootup.heartbeat.beacon/pom.xml

@@ -22,7 +22,7 @@
     <parent>
         <groupId>io.entgra.device.mgt.core</groupId>
         <artifactId>heartbeat-management</artifactId>
-        <version>5.0.26-SNAPSHOT</version>
+        <version>5.0.27-SNAPSHOT</version>
         <relativePath>../pom.xml</relativePath>
     </parent>
 

components/heartbeat-management/pom.xml

@@ -22,7 +22,7 @@
     <parent>
         <groupId>io.entgra.device.mgt.core</groupId>
         <artifactId>io.entgra.device.mgt.core.parent</artifactId>
-        <version>5.0.26-SNAPSHOT</version>
+        <version>5.0.27-SNAPSHOT</version>
         <relativePath>../../pom.xml</relativePath>
     </parent>
 

components/identity-extensions/io.entgra.device.mgt.core.device.mgt.oauth.extensions/pom.xml

@@ -22,7 +22,7 @@
     <parent>
         <groupId>io.entgra.device.mgt.core</groupId>
         <artifactId>identity-extensions</artifactId>
-        <version>5.0.26-SNAPSHOT</version>
+        <version>5.0.27-SNAPSHOT</version>
         <relativePath>../pom.xml</relativePath>
     </parent>