Merge pull request #243 from rasika90/master

Adding permissions checking for isAuthorized

components/iot-plugins/androidsense-plugin/org.wso2.carbon.device.mgt.iot.androidsense.api/src/main/java/org/wso2/carbon/device/mgt/iot/androidsense/service/impl/AndroidSenseControllerServiceImpl.java

@@ -26,6 +26,7 @@ import org.wso2.carbon.analytics.datasource.commons.exception.AnalyticsException
 import org.wso2.carbon.context.PrivilegedCarbonContext;
 import org.wso2.carbon.device.mgt.common.DeviceIdentifier;
 import org.wso2.carbon.device.mgt.common.authorization.DeviceAccessAuthorizationException;
+import org.wso2.carbon.device.mgt.common.group.mgt.DeviceGroupConstants;
 import org.wso2.carbon.device.mgt.iot.androidsense.service.impl.transport.AndroidSenseMQTTConnector;
 import org.wso2.carbon.device.mgt.iot.androidsense.service.impl.util.APIUtil;
 import org.wso2.carbon.device.mgt.iot.androidsense.service.impl.util.SensorRecord;
@@ -78,7 +79,7 @@ public class AndroidSenseControllerServiceImpl implements AndroidSenseController
     public Response sendThreshold(@PathParam("deviceId") String deviceId, @QueryParam("threshold") String threshold) {
         try {
             if (!APIUtil.getDeviceAccessAuthorizationService().isUserAuthorized(new DeviceIdentifier(deviceId,
-                    AndroidSenseConstants.DEVICE_TYPE))) {
+                    AndroidSenseConstants.DEVICE_TYPE), DeviceGroupConstants.Permissions.DEFAULT_OPERATOR_PERMISSIONS)) {
                 return Response.status(Response.Status.UNAUTHORIZED.getStatusCode()).build();
             }
             androidSenseMQTTConnector.publishDeviceData(deviceId, "threshold", threshold);
@@ -96,7 +97,7 @@ public class AndroidSenseControllerServiceImpl implements AndroidSenseController
     public Response removeKeyWords(@PathParam("deviceId") String deviceId, @QueryParam("words") String words) {
         try {
             if (!APIUtil.getDeviceAccessAuthorizationService().isUserAuthorized(new DeviceIdentifier(deviceId,
-                AndroidSenseConstants.DEVICE_TYPE))) {
+                AndroidSenseConstants.DEVICE_TYPE), DeviceGroupConstants.Permissions.DEFAULT_OPERATOR_PERMISSIONS)) {
                 return Response.status(Response.Status.UNAUTHORIZED.getStatusCode()).build();
             }
             androidSenseMQTTConnector.publishDeviceData(deviceId, "remove", words);
@@ -127,7 +128,7 @@ public class AndroidSenseControllerServiceImpl implements AndroidSenseController
 
         try {
             if (!APIUtil.getDeviceAccessAuthorizationService().isUserAuthorized(new DeviceIdentifier(deviceId,
-                    AndroidSenseConstants.DEVICE_TYPE))) {
+                    AndroidSenseConstants.DEVICE_TYPE), DeviceGroupConstants.Permissions.DEFAULT_STATS_MONITOR_PERMISSIONS)) {
                 return Response.status(Response.Status.UNAUTHORIZED.getStatusCode()).build();
             }
             List<SensorRecord> sensorDatas;

components/iot-plugins/androidsense-plugin/org.wso2.carbon.device.mgt.iot.androidsense.api/src/main/java/org/wso2/carbon/device/mgt/iot/androidsense/service/impl/AndroidSenseManagerServiceImpl.java

@@ -25,6 +25,7 @@ import org.wso2.carbon.device.mgt.common.DeviceIdentifier;
 import org.wso2.carbon.device.mgt.common.DeviceManagementException;
 import org.wso2.carbon.device.mgt.common.EnrolmentInfo;
 import org.wso2.carbon.device.mgt.common.authorization.DeviceAccessAuthorizationException;
+import org.wso2.carbon.device.mgt.common.group.mgt.DeviceGroupConstants;
 import org.wso2.carbon.device.mgt.iot.androidsense.service.impl.util.APIUtil;
 import org.wso2.carbon.device.mgt.iot.androidsense.plugin.constants.AndroidSenseConstants;
 import org.wso2.carbon.device.mgt.iot.androidsense.service.impl.util.AndroidConfiguration;
@@ -108,7 +109,8 @@ public class AndroidSenseManagerServiceImpl implements AndroidSenseManagerServic
         deviceIdentifier.setId(deviceId);
         deviceIdentifier.setType(AndroidSenseConstants.DEVICE_TYPE);
         try {
-            if (!APIUtil.getDeviceAccessAuthorizationService().isUserAuthorized(deviceIdentifier)) {
+            if (!APIUtil.getDeviceAccessAuthorizationService().isUserAuthorized(deviceIdentifier, DeviceGroupConstants.
+                    Permissions.DEFAULT_ADMIN_PERMISSIONS)) {
                 return Response.status(Response.Status.UNAUTHORIZED.getStatusCode()).build();
             }
             boolean removed = APIUtil.getDeviceManagementService().disenrollDevice(deviceIdentifier);
@@ -133,7 +135,8 @@ public class AndroidSenseManagerServiceImpl implements AndroidSenseManagerServic
         deviceIdentifier.setId(deviceId);
         deviceIdentifier.setType(AndroidSenseConstants.DEVICE_TYPE);
         try {
-            if (!APIUtil.getDeviceAccessAuthorizationService().isUserAuthorized(deviceIdentifier)) {
+            if (!APIUtil.getDeviceAccessAuthorizationService().isUserAuthorized(deviceIdentifier, DeviceGroupConstants.
+                    Permissions.DEFAULT_ADMIN_PERMISSIONS)) {
                 return Response.status(Response.Status.UNAUTHORIZED.getStatusCode()).build();
             }
             Device device = APIUtil.getDeviceManagementService().getDevice(deviceIdentifier);

components/iot-plugins/arduino-plugin/org.wso2.carbon.device.mgt.iot.arduino.api/src/main/java/org/wso2/carbon/device/mgt/iot/arduino/service/impl/ArduinoControllerServiceImpl.java

@@ -26,6 +26,7 @@ import org.wso2.carbon.analytics.datasource.commons.exception.AnalyticsException
 import org.wso2.carbon.context.PrivilegedCarbonContext;
 import org.wso2.carbon.device.mgt.common.DeviceIdentifier;
 import org.wso2.carbon.device.mgt.common.authorization.DeviceAccessAuthorizationException;
+import org.wso2.carbon.device.mgt.common.group.mgt.DeviceGroupConstants;
 import org.wso2.carbon.device.mgt.iot.arduino.service.impl.dto.SensorRecord;
 import org.wso2.carbon.device.mgt.iot.arduino.service.impl.util.APIUtil;
 import org.wso2.carbon.device.mgt.iot.arduino.plugin.constants.ArduinoConstants;
@@ -54,7 +55,8 @@ public class ArduinoControllerServiceImpl implements ArduinoControllerService {
     public Response switchBulb(@PathParam("deviceId") String deviceId, @QueryParam("state") String state) {
         try {
             if (!APIUtil.getDeviceAccessAuthorizationService().isUserAuthorized(new DeviceIdentifier(deviceId,
-                                                                            ArduinoConstants.DEVICE_TYPE))) {
+                                                                            ArduinoConstants.DEVICE_TYPE),
+                                                                                DeviceGroupConstants.Permissions.DEFAULT_OPERATOR_PERMISSIONS)) {
                 return Response.status(Response.Status.UNAUTHORIZED.getStatusCode()).build();
             }
             LinkedList<String> deviceControlList = internalControlsQueue.get(deviceId);
@@ -79,7 +81,7 @@ public class ArduinoControllerServiceImpl implements ArduinoControllerService {
     public Response readControls(@PathParam("deviceId") String deviceId) {
         try {
             if (!APIUtil.getDeviceAccessAuthorizationService().isUserAuthorized(new DeviceIdentifier(deviceId,
-                    ArduinoConstants.DEVICE_TYPE))) {
+                    ArduinoConstants.DEVICE_TYPE), DeviceGroupConstants.Permissions.DEFAULT_OPERATOR_PERMISSIONS)) {
                 return Response.status(Response.Status.UNAUTHORIZED.getStatusCode()).build();
             }
             String result;
@@ -121,7 +123,7 @@ public class ArduinoControllerServiceImpl implements ArduinoControllerService {
                                                @QueryParam("to") long to) {
         try {
             if (!APIUtil.getDeviceAccessAuthorizationService().isUserAuthorized(new DeviceIdentifier(deviceId,
-                   ArduinoConstants.DEVICE_TYPE))) {
+                   ArduinoConstants.DEVICE_TYPE), DeviceGroupConstants.Permissions.DEFAULT_STATS_MONITOR_PERMISSIONS)) {
                 return Response.status(Response.Status.UNAUTHORIZED.getStatusCode()).build();
             }
             String fromDate = String.valueOf(from);

components/iot-plugins/raspberrypi-plugin/org.wso2.carbon.device.mgt.iot.raspberrypi.api/src/main/java/org/wso2/carbon/device/mgt/iot/raspberrypi/service/impl/RaspberryPiControllerServiceImpl.java

@@ -25,6 +25,7 @@ import org.wso2.carbon.analytics.dataservice.commons.SortByField;
 import org.wso2.carbon.analytics.datasource.commons.exception.AnalyticsException;
 import org.wso2.carbon.device.mgt.common.DeviceIdentifier;
 import org.wso2.carbon.device.mgt.common.authorization.DeviceAccessAuthorizationException;
+import org.wso2.carbon.device.mgt.common.group.mgt.DeviceGroupConstants;
 import org.wso2.carbon.device.mgt.iot.controlqueue.mqtt.MqttConfig;
 import org.wso2.carbon.device.mgt.iot.raspberrypi.service.impl.dto.SensorRecord;
 import org.wso2.carbon.device.mgt.iot.raspberrypi.service.impl.transport.RaspberryPiMQTTConnector;
@@ -56,7 +57,7 @@ public class RaspberryPiControllerServiceImpl implements RaspberryPiControllerSe
     public Response switchBulb(@PathParam("deviceId") String deviceId, @QueryParam("state") String state) {
         try {
             if (!APIUtil.getDeviceAccessAuthorizationService().isUserAuthorized(new DeviceIdentifier(deviceId,
-                RaspberrypiConstants.DEVICE_TYPE))) {
+                RaspberrypiConstants.DEVICE_TYPE), DeviceGroupConstants.Permissions.DEFAULT_OPERATOR_PERMISSIONS)) {
                 return Response.status(Response.Status.UNAUTHORIZED.getStatusCode()).build();
             }
             String switchToState = state.toUpperCase();
@@ -90,7 +91,7 @@ public class RaspberryPiControllerServiceImpl implements RaspberryPiControllerSe
         String sensorTableName = RaspberrypiConstants.TEMPERATURE_EVENT_TABLE;
         try {
             if (!APIUtil.getDeviceAccessAuthorizationService().isUserAuthorized(new DeviceIdentifier(deviceId,
-                    RaspberrypiConstants.DEVICE_TYPE))) {
+                    RaspberrypiConstants.DEVICE_TYPE), DeviceGroupConstants.Permissions.DEFAULT_STATS_MONITOR_PERMISSIONS)) {
                 return Response.status(Response.Status.UNAUTHORIZED.getStatusCode()).build();
             }
             List<SortByField> sortByFields = new ArrayList<>();

components/iot-plugins/virtual-fire-alarm-plugin/org.wso2.carbon.device.mgt.iot.virtualfirealarm.agent.advanced.impl/src/main/java/org/wso2/carbon/device/mgt/iot/virtualfirealarm/agent/advanced/enrollment/EnrollmentManager.java

@@ -44,6 +44,7 @@ import org.wso2.carbon.device.mgt.iot.virtualfirealarm.agent.advanced.core.Agent
 import org.wso2.carbon.device.mgt.iot.virtualfirealarm.agent.advanced.exception.AgentCoreOperationException;
 import sun.security.x509.X509CertImpl;
 
+import java.io.IOException;
 import java.math.BigInteger;
 import java.net.MalformedURLException;
 import java.net.URL;
@@ -82,6 +83,7 @@ public class EnrollmentManager {
     private static final String KEY_PAIR_ALGORITHM = "RSA";
     private static final String PROVIDER = "BC";
     private static final String SIGNATURE_ALG = "SHA1withRSA";
+    private static final String CERT_IS_CA_EXTENSION = "is_ca";
     private static final int KEY_SIZE = 2048;
 
     // Seed to our PRNG. Make sure this is initialised randomly, NOT LIKE THIS
@@ -376,9 +378,9 @@ public class EnrollmentManager {
                         log.debug(((X509Certificate) cert).getIssuerDN().getName());
                     }
 
-                    //TODO: Need to identify the correct certificate.
+                    // I have chosen the CA cert based on its BasicConstraintExtension "is_ca" being set to "true"
-                    // I have chosen the CA cert based on its BasicConstraint criticality being set to "true"
+                    // This is because the returned keystore may contain many certificates including RAs.
-                    if (((X509CertImpl) cert).getBasicConstraintsExtension().isCritical()) {
+                    if (((Boolean) ((X509CertImpl) cert).getBasicConstraintsExtension().get(CERT_IS_CA_EXTENSION))) {
                         serverCertPublicKey = cert.getPublicKey();
                     }
                 }
@@ -396,6 +398,10 @@ public class EnrollmentManager {
             String errorMsg = "Could not retrieve [Server-Certificates] from the response message from SCEP-Server.";
             log.error(errorMsg);
             throw new AgentCoreOperationException(errorMsg, e);
+        } catch (IOException e) {
+            String errorMsg = "Error occurred whilst trying to get property ['is_ca'] from the retreived Certificates";
+            log.error(errorMsg);
+            throw new AgentCoreOperationException(errorMsg, e);
         }
 
         return serverCertPublicKey;

components/iot-plugins/virtual-fire-alarm-plugin/org.wso2.carbon.device.mgt.iot.virtualfirealarm.api/src/main/java/org/wso2/carbon/device/mgt/iot/virtualfirealarm/service/impl/VirtualFireAlarmControllerServiceImpl.java

@@ -27,24 +27,26 @@ import org.wso2.carbon.apimgt.annotations.api.Permission;
 import org.wso2.carbon.device.mgt.common.DeviceIdentifier;
 import org.wso2.carbon.device.mgt.common.DeviceManagementException;
 import org.wso2.carbon.device.mgt.common.authorization.DeviceAccessAuthorizationException;
+import org.wso2.carbon.device.mgt.common.group.mgt.DeviceGroupConstants;
 import org.wso2.carbon.device.mgt.iot.controlqueue.mqtt.MqttConfig;
 import org.wso2.carbon.device.mgt.iot.controlqueue.xmpp.XmppConfig;
 import org.wso2.carbon.device.mgt.iot.service.IoTServerStartupListener;
 import org.wso2.carbon.device.mgt.iot.transport.TransportHandlerException;
+import org.wso2.carbon.device.mgt.iot.virtualfirealarm.plugin.constants.VirtualFireAlarmConstants;
 import org.wso2.carbon.device.mgt.iot.virtualfirealarm.service.impl.dto.DeviceData;
-import org.wso2.carbon.device.mgt.iot.virtualfirealarm.service.impl.transport.VirtualFireAlarmXMPPConnector;
-import org.wso2.carbon.device.mgt.iot.virtualfirealarm.service.impl.util.SecurityManager;
 import org.wso2.carbon.device.mgt.iot.virtualfirealarm.service.impl.dto.SensorRecord;
 import org.wso2.carbon.device.mgt.iot.virtualfirealarm.service.impl.transport.VirtualFireAlarmMQTTConnector;
+import org.wso2.carbon.device.mgt.iot.virtualfirealarm.service.impl.transport.VirtualFireAlarmXMPPConnector;
 import org.wso2.carbon.device.mgt.iot.virtualfirealarm.service.impl.util.APIUtil;
+import org.wso2.carbon.device.mgt.iot.virtualfirealarm.service.impl.util.SecurityManager;
 import org.wso2.carbon.device.mgt.iot.virtualfirealarm.service.impl.util.VirtualFireAlarmServiceUtils;
-import org.wso2.carbon.device.mgt.iot.virtualfirealarm.plugin.constants.VirtualFireAlarmConstants;
 
 import javax.servlet.http.HttpServletRequest;
 import javax.ws.rs.Consumes;
 import javax.ws.rs.FormParam;
 import javax.ws.rs.GET;
 import javax.ws.rs.POST;
+import javax.ws.rs.PUT;
 import javax.ws.rs.Path;
 import javax.ws.rs.PathParam;
 import javax.ws.rs.Produces;
@@ -72,7 +74,7 @@ public class VirtualFireAlarmControllerServiceImpl implements VirtualFireAlarmCo
     // holds a mapping of the IP addresses to Device-IDs for HTTP communication
     private ConcurrentHashMap<String, String> deviceToIpMap = new ConcurrentHashMap<>();
 
-    @Permission(scope = "virtual_firealarm_user", permissions = {"device-mgt/virtual_firealarm/user"})
+    @Permission(scope = "virtual_firealarm_user", permissions = { "device-mgt/virtual_firealarm/user" })
     @POST
     @Path("device/register/{deviceId}/{ip}/{port}")
     public Response registerDeviceIP(@PathParam("deviceId") String deviceId, @PathParam("ip") String deviceIP,
@@ -107,8 +109,9 @@ public class VirtualFireAlarmControllerServiceImpl implements VirtualFireAlarmCo
                       protocolString);
         }
         try {
-            if (!APIUtil.getDeviceAccessAuthorizationService().isUserAuthorized(new DeviceIdentifier(deviceId,
+            if (!APIUtil.getDeviceAccessAuthorizationService().isUserAuthorized(
-                                                                VirtualFireAlarmConstants.DEVICE_TYPE))) {
+                    new DeviceIdentifier(deviceId, VirtualFireAlarmConstants.DEVICE_TYPE),
+                    DeviceGroupConstants.Permissions.DEFAULT_OPERATOR_PERMISSIONS)) {
                 return Response.status(Response.Status.UNAUTHORIZED.getStatusCode()).build();
             }
             switch (protocolString) {
@@ -138,6 +141,44 @@ public class VirtualFireAlarmControllerServiceImpl implements VirtualFireAlarmCo
         }
     }
 
+    @PUT
+    @Path("device/{deviceId}/policy")
+    public Response updatePolicy(@PathParam("deviceId") String deviceId, @QueryParam("protocol") String protocol,
+                                 @FormParam("policy") String policy) {
+        String protocolString = protocol.toUpperCase();
+        if (log.isDebugEnabled()) {
+            log.debug("Sending request to update-policy of device [" + deviceId + "] via " +
+                              protocolString);
+        }
+        try {
+            if (!APIUtil.getDeviceAccessAuthorizationService().isUserAuthorized(
+                    new DeviceIdentifier(deviceId, VirtualFireAlarmConstants.DEVICE_TYPE),
+                    DeviceGroupConstants.Permissions.DEFAULT_MANAGE_POLICIES_PERMISSIONS)) {
+                return Response.status(Response.Status.UNAUTHORIZED.getStatusCode()).build();
+            }
+            switch (protocolString) {
+            case HTTP_PROTOCOL:
+                throw new UnsupportedOperationException(
+                        "Sending request to update-policy via HTTP protocol not supported.");
+            case XMPP_PROTOCOL:
+                String xmppResource = VirtualFireAlarmConstants.POLICY_CONTEXT.replace("/", "");
+                virtualFireAlarmXMPPConnector.publishDeviceData(deviceId, xmppResource, policy);
+                break;
+            default:
+                String mqttResource = VirtualFireAlarmConstants.POLICY_CONTEXT.replace("/", "");
+                virtualFireAlarmMQTTConnector.publishDeviceData(deviceId, mqttResource, policy);
+                break;
+            }
+            return Response.ok().build();
+        } catch (TransportHandlerException e) {
+            log.error("Failed to send update-policy request to device [" + deviceId + "] via " + protocolString);
+            return Response.status(Response.Status.INTERNAL_SERVER_ERROR).build();
+        } catch (DeviceAccessAuthorizationException e) {
+            log.error(e.getErrorMessage(), e);
+            return Response.status(Response.Status.INTERNAL_SERVER_ERROR).build();
+        }
+    }
+
     @POST
     @Path("device/temperature")
     @Consumes(MediaType.APPLICATION_JSON)
@@ -155,8 +196,8 @@ public class VirtualFireAlarmControllerServiceImpl implements VirtualFireAlarmCo
             return Response.status(Response.Status.CONFLICT).build();
         }
         try {
-            if (!APIUtil.getDeviceAccessAuthorizationService().isUserAuthorized(new DeviceIdentifier(deviceId,
+            if (!APIUtil.getDeviceAccessAuthorizationService().isUserAuthorized(
-                VirtualFireAlarmConstants.DEVICE_TYPE))) {
+                    new DeviceIdentifier(deviceId, VirtualFireAlarmConstants.DEVICE_TYPE))) {
                 return Response.status(Response.Status.UNAUTHORIZED.getStatusCode()).build();
             }
             if (!VirtualFireAlarmServiceUtils.publishToDAS(dataMsg.deviceId, dataMsg.value)) {
@@ -175,33 +216,34 @@ public class VirtualFireAlarmControllerServiceImpl implements VirtualFireAlarmCo
     @Produces("application/json")
     public Response getVirtualFirealarmStats(@PathParam("deviceId") String deviceId, @QueryParam("from") long from,
                                              @QueryParam("to") long to) {
-            String fromDate = String.valueOf(from);
+        String fromDate = String.valueOf(from);
-            String toDate = String.valueOf(to);
+        String toDate = String.valueOf(to);
-            String query = "deviceId:" + deviceId + " AND deviceType:" +
+        String query = "deviceId:" + deviceId + " AND deviceType:" +
-                           VirtualFireAlarmConstants.DEVICE_TYPE + " AND time : [" + fromDate + " TO " + toDate + "]";
+                VirtualFireAlarmConstants.DEVICE_TYPE + " AND time : [" + fromDate + " TO " + toDate + "]";
-            String sensorTableName = VirtualFireAlarmConstants.TEMPERATURE_EVENT_TABLE;
+        String sensorTableName = VirtualFireAlarmConstants.TEMPERATURE_EVENT_TABLE;
-            try {
+        try {
-                if (!APIUtil.getDeviceAccessAuthorizationService().isUserAuthorized(new DeviceIdentifier(deviceId,
+            if (!APIUtil.getDeviceAccessAuthorizationService().isUserAuthorized(
-                        VirtualFireAlarmConstants.DEVICE_TYPE))) {
+                    new DeviceIdentifier(deviceId, VirtualFireAlarmConstants.DEVICE_TYPE),
-                    return Response.status(Response.Status.UNAUTHORIZED.getStatusCode()).build();
+                    DeviceGroupConstants.Permissions.DEFAULT_STATS_MONITOR_PERMISSIONS)) {
-                }
+                return Response.status(Response.Status.UNAUTHORIZED.getStatusCode()).build();
-                if (sensorTableName != null) {
-                    List<SortByField> sortByFields = new ArrayList<>();
-                    SortByField sortByField = new SortByField("time", SORT.ASC, false);
-                    sortByFields.add(sortByField);
-                    List<SensorRecord> sensorRecords = APIUtil.getAllEventsForDevice(sensorTableName, query, sortByFields);
-                    return Response.status(Response.Status.OK.getStatusCode()).entity(sensorRecords).build();
-                }
-            } catch (AnalyticsException e) {
-                String errorMsg = "Error on retrieving stats on table " + sensorTableName + " with query " + query;
-                log.error(errorMsg);
-                return Response.status(Response.Status.INTERNAL_SERVER_ERROR.getStatusCode()).entity(errorMsg).build();
-            } catch (DeviceAccessAuthorizationException e) {
-                log.error(e.getErrorMessage(), e);
-                return Response.status(Response.Status.INTERNAL_SERVER_ERROR).build();
             }
-            return Response.status(Response.Status.BAD_REQUEST).build();
+            if (sensorTableName != null) {
+                List<SortByField> sortByFields = new ArrayList<>();
+                SortByField sortByField = new SortByField("time", SORT.ASC, false);
+                sortByFields.add(sortByField);
+                List<SensorRecord> sensorRecords = APIUtil.getAllEventsForDevice(sensorTableName, query, sortByFields);
+                return Response.status(Response.Status.OK.getStatusCode()).entity(sensorRecords).build();
+            }
+        } catch (AnalyticsException e) {
+            String errorMsg = "Error on retrieving stats on table " + sensorTableName + " with query " + query;
+            log.error(errorMsg);
+            return Response.status(Response.Status.INTERNAL_SERVER_ERROR.getStatusCode()).entity(errorMsg).build();
+        } catch (DeviceAccessAuthorizationException e) {
+            log.error(e.getErrorMessage(), e);
+            return Response.status(Response.Status.INTERNAL_SERVER_ERROR).build();
         }
+        return Response.status(Response.Status.BAD_REQUEST).build();
+    }
 
     private boolean waitForServerStartup() {
         while (!IoTServerStartupListener.isServerReady()) {

components/iot-plugins/virtual-fire-alarm-plugin/org.wso2.carbon.device.mgt.iot.virtualfirealarm.api/src/main/java/org/wso2/carbon/device/mgt/iot/virtualfirealarm/service/impl/VirtualFireAlarmManagerServiceImpl.java

@@ -30,13 +30,14 @@ import org.wso2.carbon.device.mgt.common.DeviceIdentifier;
 import org.wso2.carbon.device.mgt.common.DeviceManagementException;
 import org.wso2.carbon.device.mgt.common.EnrolmentInfo;
 import org.wso2.carbon.device.mgt.common.authorization.DeviceAccessAuthorizationException;
+import org.wso2.carbon.device.mgt.common.group.mgt.DeviceGroupConstants;
 import org.wso2.carbon.device.mgt.iot.controlqueue.xmpp.XmppAccount;
 import org.wso2.carbon.device.mgt.iot.controlqueue.xmpp.XmppConfig;
 import org.wso2.carbon.device.mgt.iot.controlqueue.xmpp.XmppServerClient;
 import org.wso2.carbon.device.mgt.iot.exception.DeviceControllerException;
 import org.wso2.carbon.device.mgt.iot.util.ZipArchive;
-import org.wso2.carbon.device.mgt.iot.virtualfirealarm.service.impl.util.APIUtil;
 import org.wso2.carbon.device.mgt.iot.virtualfirealarm.plugin.constants.VirtualFireAlarmConstants;
+import org.wso2.carbon.device.mgt.iot.virtualfirealarm.service.impl.util.APIUtil;
 import org.wso2.carbon.device.mgt.iot.virtualfirealarm.service.impl.util.ZipUtil;
 import org.wso2.carbon.identity.jwt.client.extension.JWTClient;
 import org.wso2.carbon.identity.jwt.client.extension.dto.AccessTokenInfo;
@@ -75,7 +76,8 @@ public class VirtualFireAlarmManagerServiceImpl implements VirtualFireAlarmManag
             DeviceIdentifier deviceIdentifier = new DeviceIdentifier();
             deviceIdentifier.setId(deviceId);
             deviceIdentifier.setType(VirtualFireAlarmConstants.DEVICE_TYPE);
-            if (!APIUtil.getDeviceAccessAuthorizationService().isUserAuthorized(deviceIdentifier)) {
+            if (!APIUtil.getDeviceAccessAuthorizationService().isUserAuthorized(deviceIdentifier, DeviceGroupConstants.
+                    Permissions.DEFAULT_ADMIN_PERMISSIONS)) {
                 return Response.status(Response.Status.UNAUTHORIZED.getStatusCode()).build();
             }
             boolean removed = APIUtil.getDeviceManagementService().disenrollDevice(
@@ -101,7 +103,8 @@ public class VirtualFireAlarmManagerServiceImpl implements VirtualFireAlarmManag
             DeviceIdentifier deviceIdentifier = new DeviceIdentifier();
             deviceIdentifier.setId(deviceId);
             deviceIdentifier.setType(VirtualFireAlarmConstants.DEVICE_TYPE);
-            if (!APIUtil.getDeviceAccessAuthorizationService().isUserAuthorized(deviceIdentifier)) {
+            if (!APIUtil.getDeviceAccessAuthorizationService().isUserAuthorized(deviceIdentifier, DeviceGroupConstants.
+                    Permissions.DEFAULT_ADMIN_PERMISSIONS)) {
                 return Response.status(Response.Status.UNAUTHORIZED.getStatusCode()).build();
             }
             Device device = APIUtil.getDeviceManagementService().getDevice(deviceIdentifier);
@@ -158,7 +161,7 @@ public class VirtualFireAlarmManagerServiceImpl implements VirtualFireAlarmManag
             ArrayList<Device> userDevicesforFirealarm = new ArrayList<>();
             for (Device device : userDevices) {
                 if (device.getType().equals(VirtualFireAlarmConstants.DEVICE_TYPE) &&
-                    device.getEnrolmentInfo().getStatus().equals(EnrolmentInfo.Status.ACTIVE)) {
+                        device.getEnrolmentInfo().getStatus().equals(EnrolmentInfo.Status.ACTIVE)) {
                     userDevicesforFirealarm.add(device);
                 }
             }
@@ -239,8 +242,9 @@ public class VirtualFireAlarmManagerServiceImpl implements VirtualFireAlarmManag
         //create new device id
         String deviceId = shortUUID();
         if (apiApplicationKey == null) {
-            String applicationUsername = PrivilegedCarbonContext.getThreadLocalCarbonContext().getUserRealm().getRealmConfiguration()
+            String applicationUsername =
-                    .getAdminUserName();
+                    PrivilegedCarbonContext.getThreadLocalCarbonContext().getUserRealm().getRealmConfiguration()
+                            .getAdminUserName();
             APIManagementProviderService apiManagementProviderService = APIUtil.getAPIManagementProviderService();
             String[] tags = {VirtualFireAlarmConstants.DEVICE_TYPE};
             apiApplicationKey = apiManagementProviderService.generateAndRetrieveApplicationKeys(
@@ -249,7 +253,8 @@ public class VirtualFireAlarmManagerServiceImpl implements VirtualFireAlarmManag
         JWTClient jwtClient = APIUtil.getJWTClientManagerService().getJWTClient();
         String scopes = "device_type_" + VirtualFireAlarmConstants.DEVICE_TYPE + " device_" + deviceId;
         AccessTokenInfo accessTokenInfo = jwtClient.getAccessToken(apiApplicationKey.getConsumerKey(),
-                                                                   apiApplicationKey.getConsumerSecret(), owner, scopes);
+                                                                   apiApplicationKey.getConsumerSecret(), owner,
+                                                                   scopes);
         String accessToken = accessTokenInfo.getAccessToken();
         String refreshToken = accessTokenInfo.getRefreshToken();
         //adding registering data
@@ -266,8 +271,8 @@ public class VirtualFireAlarmManagerServiceImpl implements VirtualFireAlarmManag
             if (!status) {
                 String msg =
                         "XMPP Account was not created for device - " + deviceId + " of owner - " + owner +
-                        ".XMPP might have been disabled in org.wso2.carbon.device.mgt.iot" +
+                                ".XMPP might have been disabled in org.wso2.carbon.device.mgt.iot" +
-                        ".common.config.server.configs";
+                                ".common.config.server.configs";
                 throw new DeviceManagementException(msg);
             }
         }

components/iot-plugins/virtual-fire-alarm-plugin/org.wso2.carbon.device.mgt.iot.virtualfirealarm.plugin/src/main/java/org/wso2/carbon/device/mgt/iot/virtualfirealarm/plugin/constants/VirtualFireAlarmConstants.java

@@ -27,6 +27,7 @@ public class VirtualFireAlarmConstants {
 
 	public static final String URL_PREFIX = "http://";
 	public static final String BULB_CONTEXT = "/BULB/";
+	public static final String POLICY_CONTEXT = "/POLICY/";
 	public static final String HUMIDITY_CONTEXT = "/HUMIDITY/";
 	public static final String TEMPERATURE_CONTEXT = "/TEMPERATURE/";
 

features/iot-plugins-feature/virtual-fire-alarm-plugin-feature/org.wso2.carbon.device.mgt.iot.virtualfirealarm.feature/src/main/resources/advanced_agent/cep_query.txt

@@ -0,0 +1,11 @@
+define stream fireAlarmEventStream (deviceID string, temp int);
+from fireAlarmEventStream#window.time(7886776 sec)
+select deviceID, max(temp) as maxValue
+group by deviceID
+insert into analyzeStream for expired-events;
+from analyzeStream[maxValue < 88]
+select maxValue
+insert into bulbOnStream;
+from fireAlarmEventStream[temp > 1093]
+select deviceID, temp
+insert into bulbOffStream;