mirror of
https://repository.entgra.net/community/device-mgt-plugins.git
synced 2025-09-16 23:42:15 +00:00
Adding group permission checking
This commit is contained in:
Rasika Perera
parent
d211f3e358
commit
7a5acb6f58
@ -26,6 +26,7 @@ import org.wso2.carbon.analytics.datasource.commons.exception.AnalyticsException
|
||||
import org.wso2.carbon.context.PrivilegedCarbonContext;
|
||||
import org.wso2.carbon.device.mgt.common.DeviceIdentifier;
|
||||
import org.wso2.carbon.device.mgt.common.authorization.DeviceAccessAuthorizationException;
|
||||
import org.wso2.carbon.device.mgt.common.group.mgt.DeviceGroupConstants;
|
||||
import org.wso2.carbon.device.mgt.iot.androidsense.service.impl.transport.AndroidSenseMQTTConnector;
|
||||
import org.wso2.carbon.device.mgt.iot.androidsense.service.impl.util.APIUtil;
|
||||
import org.wso2.carbon.device.mgt.iot.androidsense.service.impl.util.SensorRecord;
|
||||
@ -78,7 +79,7 @@ public class AndroidSenseControllerServiceImpl implements AndroidSenseController
|
||||
public Response sendThreshold(@PathParam("deviceId") String deviceId, @QueryParam("threshold") String threshold) {
|
||||
try {
|
||||
if (!APIUtil.getDeviceAccessAuthorizationService().isUserAuthorized(new DeviceIdentifier(deviceId,
|
||||
AndroidSenseConstants.DEVICE_TYPE))) {
|
||||
AndroidSenseConstants.DEVICE_TYPE), DeviceGroupConstants.Permissions.DEFAULT_OPERATOR_PERMISSIONS)) {
|
||||
return Response.status(Response.Status.UNAUTHORIZED.getStatusCode()).build();
|
||||
}
|
||||
androidSenseMQTTConnector.publishDeviceData(deviceId, "threshold", threshold);
|
||||
@ -96,7 +97,7 @@ public class AndroidSenseControllerServiceImpl implements AndroidSenseController
|
||||
public Response removeKeyWords(@PathParam("deviceId") String deviceId, @QueryParam("words") String words) {
|
||||
try {
|
||||
if (!APIUtil.getDeviceAccessAuthorizationService().isUserAuthorized(new DeviceIdentifier(deviceId,
|
||||
AndroidSenseConstants.DEVICE_TYPE))) {
|
||||
AndroidSenseConstants.DEVICE_TYPE), DeviceGroupConstants.Permissions.DEFAULT_OPERATOR_PERMISSIONS)) {
|
||||
return Response.status(Response.Status.UNAUTHORIZED.getStatusCode()).build();
|
||||
}
|
||||
androidSenseMQTTConnector.publishDeviceData(deviceId, "remove", words);
|
||||
@ -127,7 +128,7 @@ public class AndroidSenseControllerServiceImpl implements AndroidSenseController
|
||||
|
||||
try {
|
||||
if (!APIUtil.getDeviceAccessAuthorizationService().isUserAuthorized(new DeviceIdentifier(deviceId,
|
||||
AndroidSenseConstants.DEVICE_TYPE))) {
|
||||
AndroidSenseConstants.DEVICE_TYPE), DeviceGroupConstants.Permissions.DEFAULT_STATS_MONITOR_PERMISSIONS)) {
|
||||
return Response.status(Response.Status.UNAUTHORIZED.getStatusCode()).build();
|
||||
}
|
||||
List<SensorRecord> sensorDatas;
|
||||
|
||||
@ -25,6 +25,7 @@ import org.wso2.carbon.device.mgt.common.DeviceIdentifier;
|
||||
import org.wso2.carbon.device.mgt.common.DeviceManagementException;
|
||||
import org.wso2.carbon.device.mgt.common.EnrolmentInfo;
|
||||
import org.wso2.carbon.device.mgt.common.authorization.DeviceAccessAuthorizationException;
|
||||
import org.wso2.carbon.device.mgt.common.group.mgt.DeviceGroupConstants;
|
||||
import org.wso2.carbon.device.mgt.iot.androidsense.service.impl.util.APIUtil;
|
||||
import org.wso2.carbon.device.mgt.iot.androidsense.plugin.constants.AndroidSenseConstants;
|
||||
import org.wso2.carbon.device.mgt.iot.androidsense.service.impl.util.AndroidConfiguration;
|
||||
@ -108,7 +109,8 @@ public class AndroidSenseManagerServiceImpl implements AndroidSenseManagerServic
|
||||
deviceIdentifier.setId(deviceId);
|
||||
deviceIdentifier.setType(AndroidSenseConstants.DEVICE_TYPE);
|
||||
try {
|
||||
if (!APIUtil.getDeviceAccessAuthorizationService().isUserAuthorized(deviceIdentifier)) {
|
||||
if (!APIUtil.getDeviceAccessAuthorizationService().isUserAuthorized(deviceIdentifier, DeviceGroupConstants.
|
||||
Permissions.DEFAULT_ADMIN_PERMISSIONS)) {
|
||||
return Response.status(Response.Status.UNAUTHORIZED.getStatusCode()).build();
|
||||
}
|
||||
boolean removed = APIUtil.getDeviceManagementService().disenrollDevice(deviceIdentifier);
|
||||
@ -133,7 +135,8 @@ public class AndroidSenseManagerServiceImpl implements AndroidSenseManagerServic
|
||||
deviceIdentifier.setId(deviceId);
|
||||
deviceIdentifier.setType(AndroidSenseConstants.DEVICE_TYPE);
|
||||
try {
|
||||
if (!APIUtil.getDeviceAccessAuthorizationService().isUserAuthorized(deviceIdentifier)) {
|
||||
if (!APIUtil.getDeviceAccessAuthorizationService().isUserAuthorized(deviceIdentifier, DeviceGroupConstants.
|
||||
Permissions.DEFAULT_ADMIN_PERMISSIONS)) {
|
||||
return Response.status(Response.Status.UNAUTHORIZED.getStatusCode()).build();
|
||||
}
|
||||
Device device = APIUtil.getDeviceManagementService().getDevice(deviceIdentifier);
|
||||
|
||||
@ -26,6 +26,7 @@ import org.wso2.carbon.analytics.datasource.commons.exception.AnalyticsException
|
||||
import org.wso2.carbon.context.PrivilegedCarbonContext;
|
||||
import org.wso2.carbon.device.mgt.common.DeviceIdentifier;
|
||||
import org.wso2.carbon.device.mgt.common.authorization.DeviceAccessAuthorizationException;
|
||||
import org.wso2.carbon.device.mgt.common.group.mgt.DeviceGroupConstants;
|
||||
import org.wso2.carbon.device.mgt.iot.arduino.service.impl.dto.SensorRecord;
|
||||
import org.wso2.carbon.device.mgt.iot.arduino.service.impl.util.APIUtil;
|
||||
import org.wso2.carbon.device.mgt.iot.arduino.plugin.constants.ArduinoConstants;
|
||||
@ -54,7 +55,8 @@ public class ArduinoControllerServiceImpl implements ArduinoControllerService {
|
||||
public Response switchBulb(@PathParam("deviceId") String deviceId, @QueryParam("state") String state) {
|
||||
try {
|
||||
if (!APIUtil.getDeviceAccessAuthorizationService().isUserAuthorized(new DeviceIdentifier(deviceId,
|
||||
ArduinoConstants.DEVICE_TYPE))) {
|
||||
ArduinoConstants.DEVICE_TYPE),
|
||||
DeviceGroupConstants.Permissions.DEFAULT_OPERATOR_PERMISSIONS)) {
|
||||
return Response.status(Response.Status.UNAUTHORIZED.getStatusCode()).build();
|
||||
}
|
||||
LinkedList<String> deviceControlList = internalControlsQueue.get(deviceId);
|
||||
@ -79,7 +81,7 @@ public class ArduinoControllerServiceImpl implements ArduinoControllerService {
|
||||
public Response readControls(@PathParam("deviceId") String deviceId) {
|
||||
try {
|
||||
if (!APIUtil.getDeviceAccessAuthorizationService().isUserAuthorized(new DeviceIdentifier(deviceId,
|
||||
ArduinoConstants.DEVICE_TYPE))) {
|
||||
ArduinoConstants.DEVICE_TYPE), DeviceGroupConstants.Permissions.DEFAULT_OPERATOR_PERMISSIONS)) {
|
||||
return Response.status(Response.Status.UNAUTHORIZED.getStatusCode()).build();
|
||||
}
|
||||
String result;
|
||||
@ -121,7 +123,7 @@ public class ArduinoControllerServiceImpl implements ArduinoControllerService {
|
||||
@QueryParam("to") long to) {
|
||||
try {
|
||||
if (!APIUtil.getDeviceAccessAuthorizationService().isUserAuthorized(new DeviceIdentifier(deviceId,
|
||||
ArduinoConstants.DEVICE_TYPE))) {
|
||||
ArduinoConstants.DEVICE_TYPE), DeviceGroupConstants.Permissions.DEFAULT_STATS_MONITOR_PERMISSIONS)) {
|
||||
return Response.status(Response.Status.UNAUTHORIZED.getStatusCode()).build();
|
||||
}
|
||||
String fromDate = String.valueOf(from);
|
||||
|
||||
@ -25,6 +25,7 @@ import org.wso2.carbon.analytics.dataservice.commons.SortByField;
|
||||
import org.wso2.carbon.analytics.datasource.commons.exception.AnalyticsException;
|
||||
import org.wso2.carbon.device.mgt.common.DeviceIdentifier;
|
||||
import org.wso2.carbon.device.mgt.common.authorization.DeviceAccessAuthorizationException;
|
||||
import org.wso2.carbon.device.mgt.common.group.mgt.DeviceGroupConstants;
|
||||
import org.wso2.carbon.device.mgt.iot.controlqueue.mqtt.MqttConfig;
|
||||
import org.wso2.carbon.device.mgt.iot.raspberrypi.service.impl.dto.SensorRecord;
|
||||
import org.wso2.carbon.device.mgt.iot.raspberrypi.service.impl.transport.RaspberryPiMQTTConnector;
|
||||
@ -56,7 +57,7 @@ public class RaspberryPiControllerServiceImpl implements RaspberryPiControllerSe
|
||||
public Response switchBulb(@PathParam("deviceId") String deviceId, @QueryParam("state") String state) {
|
||||
try {
|
||||
if (!APIUtil.getDeviceAccessAuthorizationService().isUserAuthorized(new DeviceIdentifier(deviceId,
|
||||
RaspberrypiConstants.DEVICE_TYPE))) {
|
||||
RaspberrypiConstants.DEVICE_TYPE), DeviceGroupConstants.Permissions.DEFAULT_OPERATOR_PERMISSIONS)) {
|
||||
return Response.status(Response.Status.UNAUTHORIZED.getStatusCode()).build();
|
||||
}
|
||||
String switchToState = state.toUpperCase();
|
||||
@ -90,7 +91,7 @@ public class RaspberryPiControllerServiceImpl implements RaspberryPiControllerSe
|
||||
String sensorTableName = RaspberrypiConstants.TEMPERATURE_EVENT_TABLE;
|
||||
try {
|
||||
if (!APIUtil.getDeviceAccessAuthorizationService().isUserAuthorized(new DeviceIdentifier(deviceId,
|
||||
RaspberrypiConstants.DEVICE_TYPE))) {
|
||||
RaspberrypiConstants.DEVICE_TYPE), DeviceGroupConstants.Permissions.DEFAULT_STATS_MONITOR_PERMISSIONS)) {
|
||||
return Response.status(Response.Status.UNAUTHORIZED.getStatusCode()).build();
|
||||
}
|
||||
List<SortByField> sortByFields = new ArrayList<>();
|
||||
|
||||
@ -44,6 +44,7 @@ import org.wso2.carbon.device.mgt.iot.virtualfirealarm.agent.advanced.core.Agent
|
||||
import org.wso2.carbon.device.mgt.iot.virtualfirealarm.agent.advanced.exception.AgentCoreOperationException;
|
||||
import sun.security.x509.X509CertImpl;
|
||||
|
||||
import java.io.IOException;
|
||||
import java.math.BigInteger;
|
||||
import java.net.MalformedURLException;
|
||||
import java.net.URL;
|
||||
@ -82,6 +83,7 @@ public class EnrollmentManager {
|
||||
private static final String KEY_PAIR_ALGORITHM = "RSA";
|
||||
private static final String PROVIDER = "BC";
|
||||
private static final String SIGNATURE_ALG = "SHA1withRSA";
|
||||
private static final String CERT_IS_CA_EXTENSION = "is_ca";
|
||||
private static final int KEY_SIZE = 2048;
|
||||
|
||||
// Seed to our PRNG. Make sure this is initialised randomly, NOT LIKE THIS
|
||||
@ -376,9 +378,9 @@ public class EnrollmentManager {
|
||||
log.debug(((X509Certificate) cert).getIssuerDN().getName());
|
||||
}
|
||||
|
||||
//TODO: Need to identify the correct certificate.
|
||||
// I have chosen the CA cert based on its BasicConstraint criticality being set to "true"
|
||||
if (((X509CertImpl) cert).getBasicConstraintsExtension().isCritical()) {
|
||||
// I have chosen the CA cert based on its BasicConstraintExtension "is_ca" being set to "true"
|
||||
// This is because the returned keystore may contain many certificates including RAs.
|
||||
if (((Boolean) ((X509CertImpl) cert).getBasicConstraintsExtension().get(CERT_IS_CA_EXTENSION))) {
|
||||
serverCertPublicKey = cert.getPublicKey();
|
||||
}
|
||||
}
|
||||
@ -396,6 +398,10 @@ public class EnrollmentManager {
|
||||
String errorMsg = "Could not retrieve [Server-Certificates] from the response message from SCEP-Server.";
|
||||
log.error(errorMsg);
|
||||
throw new AgentCoreOperationException(errorMsg, e);
|
||||
} catch (IOException e) {
|
||||
String errorMsg = "Error occurred whilst trying to get property ['is_ca'] from the retreived Certificates";
|
||||
log.error(errorMsg);
|
||||
throw new AgentCoreOperationException(errorMsg, e);
|
||||
}
|
||||
|
||||
return serverCertPublicKey;
|
||||
|
||||
@ -142,7 +142,7 @@ public class VirtualFireAlarmControllerServiceImpl implements VirtualFireAlarmCo
|
||||
}
|
||||
|
||||
@PUT
|
||||
@Path("device/update-policy")
|
||||
@Path("device/{deviceId}/policy")
|
||||
public Response updatePolicy(@PathParam("deviceId") String deviceId, @QueryParam("protocol") String protocol,
|
||||
@FormParam("policy") String policy) {
|
||||
String protocolString = protocol.toUpperCase();
|
||||
|
||||
@ -30,13 +30,14 @@ import org.wso2.carbon.device.mgt.common.DeviceIdentifier;
|
||||
import org.wso2.carbon.device.mgt.common.DeviceManagementException;
|
||||
import org.wso2.carbon.device.mgt.common.EnrolmentInfo;
|
||||
import org.wso2.carbon.device.mgt.common.authorization.DeviceAccessAuthorizationException;
|
||||
import org.wso2.carbon.device.mgt.common.group.mgt.DeviceGroupConstants;
|
||||
import org.wso2.carbon.device.mgt.iot.controlqueue.xmpp.XmppAccount;
|
||||
import org.wso2.carbon.device.mgt.iot.controlqueue.xmpp.XmppConfig;
|
||||
import org.wso2.carbon.device.mgt.iot.controlqueue.xmpp.XmppServerClient;
|
||||
import org.wso2.carbon.device.mgt.iot.exception.DeviceControllerException;
|
||||
import org.wso2.carbon.device.mgt.iot.util.ZipArchive;
|
||||
import org.wso2.carbon.device.mgt.iot.virtualfirealarm.service.impl.util.APIUtil;
|
||||
import org.wso2.carbon.device.mgt.iot.virtualfirealarm.plugin.constants.VirtualFireAlarmConstants;
|
||||
import org.wso2.carbon.device.mgt.iot.virtualfirealarm.service.impl.util.APIUtil;
|
||||
import org.wso2.carbon.device.mgt.iot.virtualfirealarm.service.impl.util.ZipUtil;
|
||||
import org.wso2.carbon.identity.jwt.client.extension.JWTClient;
|
||||
import org.wso2.carbon.identity.jwt.client.extension.dto.AccessTokenInfo;
|
||||
@ -75,7 +76,8 @@ public class VirtualFireAlarmManagerServiceImpl implements VirtualFireAlarmManag
|
||||
DeviceIdentifier deviceIdentifier = new DeviceIdentifier();
|
||||
deviceIdentifier.setId(deviceId);
|
||||
deviceIdentifier.setType(VirtualFireAlarmConstants.DEVICE_TYPE);
|
||||
if (!APIUtil.getDeviceAccessAuthorizationService().isUserAuthorized(deviceIdentifier)) {
|
||||
if (!APIUtil.getDeviceAccessAuthorizationService().isUserAuthorized(deviceIdentifier, DeviceGroupConstants.
|
||||
Permissions.DEFAULT_ADMIN_PERMISSIONS)) {
|
||||
return Response.status(Response.Status.UNAUTHORIZED.getStatusCode()).build();
|
||||
}
|
||||
boolean removed = APIUtil.getDeviceManagementService().disenrollDevice(
|
||||
@ -101,7 +103,8 @@ public class VirtualFireAlarmManagerServiceImpl implements VirtualFireAlarmManag
|
||||
DeviceIdentifier deviceIdentifier = new DeviceIdentifier();
|
||||
deviceIdentifier.setId(deviceId);
|
||||
deviceIdentifier.setType(VirtualFireAlarmConstants.DEVICE_TYPE);
|
||||
if (!APIUtil.getDeviceAccessAuthorizationService().isUserAuthorized(deviceIdentifier)) {
|
||||
if (!APIUtil.getDeviceAccessAuthorizationService().isUserAuthorized(deviceIdentifier, DeviceGroupConstants.
|
||||
Permissions.DEFAULT_ADMIN_PERMISSIONS)) {
|
||||
return Response.status(Response.Status.UNAUTHORIZED.getStatusCode()).build();
|
||||
}
|
||||
Device device = APIUtil.getDeviceManagementService().getDevice(deviceIdentifier);
|
||||
@ -239,7 +242,8 @@ public class VirtualFireAlarmManagerServiceImpl implements VirtualFireAlarmManag
|
||||
//create new device id
|
||||
String deviceId = shortUUID();
|
||||
if (apiApplicationKey == null) {
|
||||
String applicationUsername = PrivilegedCarbonContext.getThreadLocalCarbonContext().getUserRealm().getRealmConfiguration()
|
||||
String applicationUsername =
|
||||
PrivilegedCarbonContext.getThreadLocalCarbonContext().getUserRealm().getRealmConfiguration()
|
||||
.getAdminUserName();
|
||||
APIManagementProviderService apiManagementProviderService = APIUtil.getAPIManagementProviderService();
|
||||
String[] tags = {VirtualFireAlarmConstants.DEVICE_TYPE};
|
||||
@ -249,7 +253,8 @@ public class VirtualFireAlarmManagerServiceImpl implements VirtualFireAlarmManag
|
||||
JWTClient jwtClient = APIUtil.getJWTClientManagerService().getJWTClient();
|
||||
String scopes = "device_type_" + VirtualFireAlarmConstants.DEVICE_TYPE + " device_" + deviceId;
|
||||
AccessTokenInfo accessTokenInfo = jwtClient.getAccessToken(apiApplicationKey.getConsumerKey(),
|
||||
apiApplicationKey.getConsumerSecret(), owner, scopes);
|
||||
apiApplicationKey.getConsumerSecret(), owner,
|
||||
scopes);
|
||||
String accessToken = accessTokenInfo.getAccessToken();
|
||||
String refreshToken = accessTokenInfo.getRefreshToken();
|
||||
//adding registering data
|
||||
|
||||
Loading…
Reference in New Issue
Block a user