Improve web app authentication

Improve web app authentication to unsecure dynamic context paths and further improve app management APIs
feature/appm-store/pbac
lasanthaDLPDS 6 years ago
parent 7703d217f9
commit 5c6a3cba1f

@ -42,7 +42,7 @@ import javax.ws.rs.core.Response;
@SwaggerDefinition( @SwaggerDefinition(
info = @Info( info = @Info(
version = "1.0.0", version = "1.0.0",
title = "ApplicationDTO Management Common Service", title = "Application Management Artifact Download Service",
extensions = { extensions = {
@Extension(properties = { @Extension(properties = {
@ExtensionProperty(name = "name", value = "ApplicationManagementArtifactDownloadService"), @ExtensionProperty(name = "name", value = "ApplicationManagementArtifactDownloadService"),

@ -40,17 +40,17 @@ import javax.ws.rs.core.Response;
@SwaggerDefinition( @SwaggerDefinition(
info = @Info( info = @Info(
version = "1.0.0", version = "1.0.0",
title = "ApplicationDTO Management Common Service", title = "Application Management Config Retrieve Service",
extensions = { extensions = {
@Extension(properties = { @Extension(properties = {
@ExtensionProperty(name = "name", value = "ApplicationManagementCommonService"), @ExtensionProperty(name = "name", value = "ApplicationManagementConfigRetrieveService"),
@ExtensionProperty(name = "context", value = "/api/application-mgt/v1.0/configt"), @ExtensionProperty(name = "context", value = "/api/application-mgt/v1.0/config"),
}) })
} }
) )
) )
@Path("/config") @Path("/config")
@Api(value = "ApplicationDTO Management Common Service", description = "This API carries all application management common services") @Api(value = "ApplicationDTO Management Common Service")
@Produces(MediaType.APPLICATION_JSON) @Produces(MediaType.APPLICATION_JSON)
public interface ConfigRetrieveAPI { public interface ConfigRetrieveAPI {

@ -43,7 +43,7 @@
</session-config> </session-config>
<context-param> <context-param>
<param-name>doAuthentication</param-name> <param-name>doAuthentication</param-name>
<param-value>false</param-value> <param-value>true</param-value>
</context-param> </context-param>
<!-- Below configuration is used to redirect http requests to https --> <!-- Below configuration is used to redirect http requests to https -->
@ -117,4 +117,12 @@
<url-pattern>/*</url-pattern> <url-pattern>/*</url-pattern>
</filter-mapping> </filter-mapping>
<context-param>
<param-name>nonSecuredEndPoints</param-name>
<param-value>
/api/application-mgt/v1.0/artifact/.*,
/api/application-mgt/v1.0/config/.*
</param-value>
</context-param>
</web-app> </web-app>

@ -30,6 +30,7 @@ import org.wso2.carbon.device.application.mgt.common.exception.RequestValidating
import org.wso2.carbon.device.application.mgt.common.response.Application; import org.wso2.carbon.device.application.mgt.common.response.Application;
import org.wso2.carbon.device.application.mgt.common.response.ApplicationRelease; import org.wso2.carbon.device.application.mgt.common.response.ApplicationRelease;
import org.wso2.carbon.device.application.mgt.common.wrapper.ApplicationReleaseWrapper; import org.wso2.carbon.device.application.mgt.common.wrapper.ApplicationReleaseWrapper;
import org.wso2.carbon.device.application.mgt.common.wrapper.ApplicationUpdateWrapper;
import org.wso2.carbon.device.application.mgt.common.wrapper.ApplicationWrapper; import org.wso2.carbon.device.application.mgt.common.wrapper.ApplicationWrapper;
import java.io.InputStream; import java.io.InputStream;
@ -53,12 +54,12 @@ public interface ApplicationManager {
/** /**
* Updates an already existing application. * Updates an already existing application.
* *
* @param applicationWrapper Application that need to be updated. * @param applicationUpdateWrapper Application data that need to be updated.
* @param applicationId ID of the application * @param applicationId ID of the application
* @return Updated Application * @return Updated Application
* @throws ApplicationManagementException ApplicationDTO Management Exception * @throws ApplicationManagementException ApplicationDTO Management Exception
*/ */
void updateApplication(int applicationId, ApplicationWrapper applicationWrapper) void updateApplication(int applicationId, ApplicationUpdateWrapper applicationUpdateWrapper)
throws ApplicationManagementException; throws ApplicationManagementException;
/** /**

@ -0,0 +1,99 @@
/*
* Copyright (c) 2017, WSO2 Inc. (http://www.wso2.org) All Rights Reserved.
*
* WSO2 Inc. licenses this file to you under the Apache License,
* Version 2.0 (the "License"); you may not use this file except
* in compliance with the License.
* You may obtain a copy of the License at
*
* http://www.apache.org/licenses/LICENSE-2.0
*
* Unless required by applicable law or agreed to in writing,
* software distributed under the License is distributed on an
* "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
* KIND, either express or implied. See the License for the
* specific language governing permissions and limitations
* under the License.
*
*/
package org.wso2.carbon.device.application.mgt.common.wrapper;
import io.swagger.annotations.ApiModel;
import io.swagger.annotations.ApiModelProperty;
import java.util.List;
@ApiModel(value = "ApplicationWrapper", description = "ApplicationWrapper represents the an ApplicationDTO in ApplicationDTO Store")
public class ApplicationUpdateWrapper {
@ApiModelProperty(name = "name",
value = "Name of the application",
required = true)
private String name;
@ApiModelProperty(name = "description",
value = "Description of the application",
required = true)
private String description;
@ApiModelProperty(name = "appCategory",
value = "CategoryDTO of the application",
required = true,
example = "Educational, Gaming, Travel, Entertainment etc")
private String appCategory;
@ApiModelProperty(name = "subType",
value = "Subscription type of the application",
required = true,
example = "PAID, FREE")
private String subType;
@ApiModelProperty(name = "paymentCurrency",
value = "Payment currency of the application",
required = true,
example = "$")
private String paymentCurrency;
@ApiModelProperty(name = "tags",
value = "List of application tags")
private List<String> tags;
@ApiModelProperty(name = "unrestrictedRoles",
value = "List of roles that users should have to access the application")
private List<String> unrestrictedRoles;
public String getName() {
return name;
}
public void setName(String name) { this.name = name; }
public String getAppCategory() {
return appCategory;
}
public void setAppCategory(String appCategory) {
this.appCategory = appCategory;
}
public List<String> getTags() { return tags; }
public void setTags(List<String> tags) { this.tags = tags; }
public String getSubType() { return subType; }
public void setSubType(String subType) { this.subType = subType; }
public String getPaymentCurrency() { return paymentCurrency; }
public void setPaymentCurrency(String paymentCurrency) { this.paymentCurrency = paymentCurrency; }
public List<String> getUnrestrictedRoles() { return unrestrictedRoles; }
public void setUnrestrictedRoles(List<String> unrestrictedRoles) { this.unrestrictedRoles = unrestrictedRoles; }
public String getDescription() { return description; }
public void setDescription(String description) { this.description = description; }
}

@ -507,10 +507,12 @@ public class GenericApplicationDAOImpl extends AbstractDAOImpl implements Applic
+ "AP_APP_RELEASE.UUID AS RELEASE_UUID, " + "AP_APP_RELEASE.UUID AS RELEASE_UUID, "
+ "AP_APP_RELEASE.RELEASE_TYPE AS RELEASE_TYPE, " + "AP_APP_RELEASE.RELEASE_TYPE AS RELEASE_TYPE, "
+ "AP_APP_RELEASE.INSTALLER_LOCATION AS AP_RELEASE_STORED_LOC, " + "AP_APP_RELEASE.INSTALLER_LOCATION AS AP_RELEASE_STORED_LOC, "
+ "AP_APP_RELEASE.ICON_LOCATION AS AP_RELEASE_ICON_LOC, "
+ "AP_APP_RELEASE.BANNER_LOCATION AS AP_RELEASE_BANNER_LOC, " + "AP_APP_RELEASE.BANNER_LOCATION AS AP_RELEASE_BANNER_LOC, "
+ "AP_APP_RELEASE.SC_1_LOCATION AS AP_RELEASE_SC1, " + "AP_APP_RELEASE.SC_1_LOCATION AS AP_RELEASE_SC1, "
+ "AP_APP_RELEASE.SC_2_LOCATION AS AP_RELEASE_SC2, " + "AP_APP_RELEASE.SC_2_LOCATION AS AP_RELEASE_SC2, "
+ "AP_APP_RELEASE.SC_3_LOCATION AS AP_RELEASE_SC3, " + "AP_APP_RELEASE.SC_3_LOCATION AS AP_RELEASE_SC3, "
+ "AP_APP_RELEASE.APP_HASH_VALUE AS RELEASE_HASH_VALUE, "
+ "AP_APP_RELEASE.APP_PRICE AS RELEASE_PRICE, " + "AP_APP_RELEASE.APP_PRICE AS RELEASE_PRICE, "
+ "AP_APP_RELEASE.APP_META_INFO AS RELEASE_META_INFO, " + "AP_APP_RELEASE.APP_META_INFO AS RELEASE_META_INFO, "
+ "AP_APP_RELEASE.SUPPORTED_OS_VERSIONS AS RELEASE_SUP_OS_VERSIONS, " + "AP_APP_RELEASE.SUPPORTED_OS_VERSIONS AS RELEASE_SUP_OS_VERSIONS, "

@ -53,6 +53,7 @@ import org.wso2.carbon.device.application.mgt.common.response.ApplicationRelease
import org.wso2.carbon.device.application.mgt.common.services.ApplicationManager; import org.wso2.carbon.device.application.mgt.common.services.ApplicationManager;
import org.wso2.carbon.device.application.mgt.common.services.ApplicationStorageManager; import org.wso2.carbon.device.application.mgt.common.services.ApplicationStorageManager;
import org.wso2.carbon.device.application.mgt.common.wrapper.ApplicationReleaseWrapper; import org.wso2.carbon.device.application.mgt.common.wrapper.ApplicationReleaseWrapper;
import org.wso2.carbon.device.application.mgt.common.wrapper.ApplicationUpdateWrapper;
import org.wso2.carbon.device.application.mgt.common.wrapper.ApplicationWrapper; import org.wso2.carbon.device.application.mgt.common.wrapper.ApplicationWrapper;
import org.wso2.carbon.device.application.mgt.core.config.ConfigurationManager; import org.wso2.carbon.device.application.mgt.core.config.ConfigurationManager;
import org.wso2.carbon.device.application.mgt.core.dao.ApplicationDAO; import org.wso2.carbon.device.application.mgt.core.dao.ApplicationDAO;
@ -1423,7 +1424,7 @@ public class ApplicationManagerImpl implements ApplicationManager {
} }
@Override @Override
public void updateApplication(int applicationId, ApplicationWrapper applicationWrapper) public void updateApplication(int applicationId, ApplicationUpdateWrapper applicationUpdateWrapper)
throws ApplicationManagementException { throws ApplicationManagementException {
int tenantId = PrivilegedCarbonContext.getThreadLocalCarbonContext().getTenantId(true); int tenantId = PrivilegedCarbonContext.getThreadLocalCarbonContext().getTenantId(true);
@ -1441,85 +1442,63 @@ public class ApplicationManagerImpl implements ApplicationManager {
throw new NotFoundException(msg); throw new NotFoundException(msg);
} }
if (!StringUtils.isEmpty(applicationWrapper.getType()) && !applicationDTO.getType() if (!StringUtils.isEmpty(applicationUpdateWrapper.getName())){
.equals(applicationWrapper.getType())) {
String msg = "You are trying to change the application type and it is not "
+ "possible after you create an application. Therefore please remove this application and "
+ "publish new application with type: " + applicationWrapper.getType();
log.error(msg);
throw new BadRequestException(msg);
}
String deviceTypeName = applicationWrapper.getDeviceType();
if (!StringUtils.isEmpty(deviceTypeName)) {
DeviceType deviceType = getDeviceTypeData(deviceTypeName);
if (!deviceType.getName().equals(deviceTypeName)){
String msg = "You are trying to change the compatible device type of the application type and it is "
+ "not possible after you create an application for device type. " + deviceTypeName +
"Therefore please remove this application and publish new application with device type: " +
deviceTypeName;
log.error(msg);
throw new BadRequestException(msg);
}
}
if (!StringUtils.isEmpty(applicationWrapper.getName())){
Filter filter = new Filter(); Filter filter = new Filter();
filter.setFullMatch(true); filter.setFullMatch(true);
filter.setAppName(applicationWrapper.getName().trim()); filter.setAppName(applicationUpdateWrapper.getName().trim());
filter.setOffset(0); filter.setOffset(0);
filter.setLimit(1); filter.setLimit(1);
List<ApplicationDTO> applicationList = applicationDAO List<ApplicationDTO> applicationList = applicationDAO
.getApplications(filter, applicationDTO.getDeviceTypeId(), tenantId); .getApplications(filter, applicationDTO.getDeviceTypeId(), tenantId);
if (!applicationList.isEmpty()) { if (!applicationList.isEmpty()) {
String msg = "Already an application registered with same name " + applicationWrapper.getName() String msg = "Already an application registered with same name " + applicationUpdateWrapper.getName()
+ ". Hence you can't update the application name from " + applicationDTO.getName() + " to " + ". Hence you can't update the application name from " + applicationDTO.getName() + " to "
+ applicationWrapper.getName(); + applicationUpdateWrapper.getName();
log.error(msg); log.error(msg);
throw new BadRequestException(msg); throw new BadRequestException(msg);
} }
applicationDTO.setName(applicationWrapper.getName()); applicationDTO.setName(applicationUpdateWrapper.getName());
} }
if (!StringUtils.isEmpty(applicationWrapper.getSubType()) && !applicationDTO.getSubType() if (!StringUtils.isEmpty(applicationUpdateWrapper.getSubType()) && !applicationDTO.getSubType()
.equals(applicationWrapper.getSubType())) { .equals(applicationUpdateWrapper.getSubType())) {
if (!ApplicationSubscriptionType.PAID.toString().equals(applicationWrapper.getSubType()) if (!ApplicationSubscriptionType.PAID.toString().equals(applicationUpdateWrapper.getSubType())
&& !ApplicationSubscriptionType.FREE.toString().equals(applicationWrapper.getSubType())) { && !ApplicationSubscriptionType.FREE.toString().equals(applicationUpdateWrapper.getSubType())) {
String msg = "Invalid application subscription type is found with application updating request " String msg = "Invalid application subscription type is found with application updating request "
+ applicationWrapper.getSubType(); + applicationUpdateWrapper.getSubType();
log.error(msg); log.error(msg);
throw new BadRequestException(msg); throw new BadRequestException(msg);
} else if (ApplicationSubscriptionType.FREE.toString().equals(applicationWrapper.getSubType()) && !StringUtils } else if (ApplicationSubscriptionType.FREE.toString().equals(applicationUpdateWrapper.getSubType())
.isEmpty(applicationWrapper.getPaymentCurrency())) { && !StringUtils.isEmpty(applicationUpdateWrapper.getPaymentCurrency())) {
String msg = "If you are going to change Non-Free app as Free app, " String msg = "If you are going to change Non-Free app as Free app, "
+ "currency attribute in the application updating payload should be null or \"\""; + "currency attribute in the application updating payload should be null or \"\"";
log.error(msg); log.error(msg);
throw new ApplicationManagementException(msg); throw new ApplicationManagementException(msg);
} else if (ApplicationSubscriptionType.PAID.toString().equals(applicationWrapper.getSubType()) } else if (ApplicationSubscriptionType.PAID.toString().equals(applicationUpdateWrapper.getSubType())
&& StringUtils.isEmpty(applicationWrapper.getPaymentCurrency()) ){ && StringUtils.isEmpty(applicationUpdateWrapper.getPaymentCurrency()) ){
String msg = "If you are going to change Free app as Non-Free app, " String msg = "If you are going to change Free app as Non-Free app, "
+ "currency attribute in the application payload should not be null or \"\""; + "currency attribute in the application payload should not be null or \"\"";
log.error(msg); log.error(msg);
throw new ApplicationManagementException(msg); throw new ApplicationManagementException(msg);
} }
applicationDTO.setSubType(applicationUpdateWrapper.getSubType());
applicationDTO.setSubType(applicationWrapper.getSubType()); applicationDTO.setPaymentCurrency(applicationUpdateWrapper.getPaymentCurrency());
applicationDTO.setPaymentCurrency(applicationWrapper.getPaymentCurrency());
} }
if (!StringUtils.isEmpty(applicationWrapper.getDescription())){ if (!StringUtils.isEmpty(applicationUpdateWrapper.getDescription())){
applicationDTO.setDescription(applicationWrapper.getDescription()); applicationDTO.setDescription(applicationUpdateWrapper.getDescription());
} }
List<String> appUnrestrictedRoles = this.visibilityDAO.getUnrestrictedRoles(applicationId, tenantId); List<String> appUnrestrictedRoles = this.visibilityDAO.getUnrestrictedRoles(applicationId, tenantId);
boolean isExistingAppRestricted = !appUnrestrictedRoles.isEmpty(); boolean isExistingAppRestricted = !appUnrestrictedRoles.isEmpty();
boolean isUpdatingAppRestricted = !applicationWrapper.getUnrestrictedRoles().isEmpty(); boolean isUpdatingAppRestricted = !applicationUpdateWrapper.getUnrestrictedRoles().isEmpty();
if (isExistingAppRestricted && !isUpdatingAppRestricted) { if (isExistingAppRestricted && !isUpdatingAppRestricted) {
visibilityDAO.deleteUnrestrictedRoles(appUnrestrictedRoles, applicationId, tenantId); visibilityDAO.deleteUnrestrictedRoles(appUnrestrictedRoles, applicationId, tenantId);
} else if (isUpdatingAppRestricted) { } else if (isUpdatingAppRestricted) {
if (!hasUserRole(applicationWrapper.getUnrestrictedRoles(), userName)) { if (!hasUserRole(applicationUpdateWrapper.getUnrestrictedRoles(), userName)) {
String msg = String msg =
"You are trying to restrict the visibility of visible application.But you are trying to " "You are trying to restrict the visibility of visible application.But you are trying to "
+ "restrict the visibility to roles that there isn't at least one role is assigned " + "restrict the visibility to roles that there isn't at least one role is assigned "
@ -1532,12 +1511,12 @@ public class ApplicationManagerImpl implements ApplicationManager {
if (!isExistingAppRestricted) { if (!isExistingAppRestricted) {
visibilityDAO visibilityDAO
.addUnrestrictedRoles(applicationWrapper.getUnrestrictedRoles(), applicationId, tenantId); .addUnrestrictedRoles(applicationUpdateWrapper.getUnrestrictedRoles(), applicationId, tenantId);
} else { } else {
List<String> addingRoleList = getDifference(applicationWrapper.getUnrestrictedRoles(), List<String> addingRoleList = getDifference(applicationUpdateWrapper.getUnrestrictedRoles(),
applicationDTO.getUnrestrictedRoles()); applicationDTO.getUnrestrictedRoles());
List<String> removingRoleList = getDifference(applicationDTO.getUnrestrictedRoles(), List<String> removingRoleList = getDifference(applicationDTO.getUnrestrictedRoles(),
applicationWrapper.getUnrestrictedRoles()); applicationUpdateWrapper.getUnrestrictedRoles());
if (!addingRoleList.isEmpty()) { if (!addingRoleList.isEmpty()) {
visibilityDAO.addUnrestrictedRoles(addingRoleList, applicationId, tenantId); visibilityDAO.addUnrestrictedRoles(addingRoleList, applicationId, tenantId);
} }
@ -1546,9 +1525,9 @@ public class ApplicationManagerImpl implements ApplicationManager {
} }
} }
} }
applicationDTO.setUnrestrictedRoles(applicationWrapper.getUnrestrictedRoles()); applicationDTO.setUnrestrictedRoles(applicationUpdateWrapper.getUnrestrictedRoles());
String updatingAppCategory = applicationWrapper.getAppCategory(); String updatingAppCategory = applicationUpdateWrapper.getAppCategory();
if ( updatingAppCategory != null){ if ( updatingAppCategory != null){
List<String> appCategories = this.applicationDAO.getAppCategories(applicationId, tenantId); List<String> appCategories = this.applicationDAO.getAppCategories(applicationId, tenantId);
if (!appCategories.contains(updatingAppCategory)){ if (!appCategories.contains(updatingAppCategory)){
@ -1556,7 +1535,8 @@ public class ApplicationManagerImpl implements ApplicationManager {
List<Integer> categoryIds = allCategories.stream() List<Integer> categoryIds = allCategories.stream()
.filter(category -> category.getCategoryName().equals(updatingAppCategory)) .filter(category -> category.getCategoryName().equals(updatingAppCategory))
.map(CategoryDTO::getId).collect(Collectors.toList()); .map(CategoryDTO::getId).collect(Collectors.toList());
if (!categoryIds.isEmpty()){ if (categoryIds.isEmpty()){
ConnectionManagerUtil.rollbackDBTransaction();
String msg = String msg =
"You are trying to update application category into invalid application category, " "You are trying to update application category into invalid application category, "
+ "it is not registered in the system. Therefore please register the category " + "it is not registered in the system. Therefore please register the category "
@ -1568,7 +1548,7 @@ public class ApplicationManagerImpl implements ApplicationManager {
} }
} }
List<String> updatingAppTags = applicationWrapper.getTags(); List<String> updatingAppTags = applicationUpdateWrapper.getTags();
if ( updatingAppTags!= null){ if ( updatingAppTags!= null){
List<String> appTags = this.applicationDAO.getAppTags(applicationId, tenantId); List<String> appTags = this.applicationDAO.getAppTags(applicationId, tenantId);
List<String> addingTagList = getDifference(appTags, updatingAppTags); List<String> addingTagList = getDifference(appTags, updatingAppTags);
@ -1590,6 +1570,7 @@ public class ApplicationManagerImpl implements ApplicationManager {
} }
} }
if (!applicationDAO.updateApplication(applicationDTO, tenantId)){ if (!applicationDAO.updateApplication(applicationDTO, tenantId)){
ConnectionManagerUtil.rollbackDBTransaction();
String msg = "Any application is not updated for the application ID: " + applicationId; String msg = "Any application is not updated for the application ID: " + applicationId;
log.error(msg); log.error(msg);
throw new ApplicationManagementException(msg); throw new ApplicationManagementException(msg);

@ -211,28 +211,29 @@ public class LifecycleStateManager {
return endState; return endState;
} }
public boolean isStateExist(String currentState) { public String getInstallableState() throws LifecycleManagementException {
String installableState = null;
for (Map.Entry<String, State> stringStateEntry : lifecycleStates.entrySet()) { for (Map.Entry<String, State> stringStateEntry : lifecycleStates.entrySet()) {
if (stringStateEntry.getKey().equalsIgnoreCase(currentState)) { if (stringStateEntry.getValue().isAppInstallable()) {
return true; installableState = stringStateEntry.getKey();
break;
} }
} }
return false; if (installableState == null){
} String msg = "Haven't defined the installable state in the application-manager.xml. Please add installable "
+ "state to the <LifecycleStates> section in the app-manager.xml";
public boolean isUpdatable(String state) { log.error(msg);
State currentState = getMatchingState(state); throw new LifecycleManagementException(msg);
if (currentState.isAppUpdatable()) {
return true;
} }
return false; return installableState;
} }
public boolean isInstallable(String state) { public boolean isStateExist(String currentState) {
State currentState = getMatchingState(state); for (Map.Entry<String, State> stringStateEntry : lifecycleStates.entrySet()) {
if (currentState.isAppInstallable()) { if (stringStateEntry.getKey().equalsIgnoreCase(currentState)) {
return true; return true;
} }
}
return false; return false;
} }

@ -53,26 +53,26 @@ public class LifecycleManagementTest {
@Test @Test
public void CheckUpdatableState() throws LifecycleManagementException { public void CheckUpdatableState() throws LifecycleManagementException {
boolean isUpdatable = lifecycleStateManager.isUpdatable(UPDATABLE_STATE); boolean isUpdatable = lifecycleStateManager.isUpdatableState(UPDATABLE_STATE);
System.out.println(isUpdatable); System.out.println(isUpdatable);
Assert.assertTrue("Updatable state: " + UPDATABLE_STATE, isUpdatable); Assert.assertTrue("Updatable state: " + UPDATABLE_STATE, isUpdatable);
} }
@Test @Test
public void CheckNonUpdatableState() throws LifecycleManagementException { public void CheckNonUpdatableState() throws LifecycleManagementException {
boolean isUpdatable = lifecycleStateManager.isUpdatable(NON_UPDATABLE_STATE); boolean isUpdatable = lifecycleStateManager.isUpdatableState(NON_UPDATABLE_STATE);
Assert.assertFalse("Non Updatable state: " + NON_UPDATABLE_STATE, isUpdatable); Assert.assertFalse("Non Updatable state: " + NON_UPDATABLE_STATE, isUpdatable);
} }
@Test @Test
public void CheckInstallableState() throws LifecycleManagementException { public void CheckInstallableState() throws LifecycleManagementException {
boolean isInstallable = lifecycleStateManager.isInstallable(INSTALLABLE_STATE); boolean isInstallable = lifecycleStateManager.isInstallableState(INSTALLABLE_STATE);
Assert.assertTrue("Installable state: " + INSTALLABLE_STATE, isInstallable); Assert.assertTrue("Installable state: " + INSTALLABLE_STATE, isInstallable);
} }
@Test @Test
public void CheckUnInstallableState() throws LifecycleManagementException { public void CheckUnInstallableState() throws LifecycleManagementException {
boolean isInstallable = lifecycleStateManager.isInstallable(UNINSTALlABLE_STATE); boolean isInstallable = lifecycleStateManager.isInstallableState(UNINSTALlABLE_STATE);
Assert.assertFalse("UnInstallable state: " + UNINSTALlABLE_STATE, isInstallable); Assert.assertFalse("UnInstallable state: " + UNINSTALlABLE_STATE, isInstallable);
} }

@ -32,12 +32,14 @@ import org.apache.cxf.jaxrs.ext.multipart.Attachment;
import org.apache.cxf.jaxrs.ext.multipart.Multipart; import org.apache.cxf.jaxrs.ext.multipart.Multipart;
import org.wso2.carbon.apimgt.annotations.api.Scope; import org.wso2.carbon.apimgt.annotations.api.Scope;
import org.wso2.carbon.apimgt.annotations.api.Scopes; import org.wso2.carbon.apimgt.annotations.api.Scopes;
import org.wso2.carbon.device.application.mgt.common.*; import org.wso2.carbon.device.application.mgt.common.ApplicationList;
import org.wso2.carbon.device.application.mgt.common.ErrorResponse; import org.wso2.carbon.device.application.mgt.common.ErrorResponse;
import org.wso2.carbon.device.application.mgt.common.Filter;
import org.wso2.carbon.device.application.mgt.common.dto.ApplicationDTO; import org.wso2.carbon.device.application.mgt.common.dto.ApplicationDTO;
import org.wso2.carbon.device.application.mgt.common.dto.ApplicationReleaseDTO; import org.wso2.carbon.device.application.mgt.common.dto.ApplicationReleaseDTO;
import org.wso2.carbon.device.application.mgt.common.response.ApplicationRelease; import org.wso2.carbon.device.application.mgt.common.response.ApplicationRelease;
import org.wso2.carbon.device.application.mgt.common.wrapper.ApplicationReleaseWrapper; import org.wso2.carbon.device.application.mgt.common.wrapper.ApplicationReleaseWrapper;
import org.wso2.carbon.device.application.mgt.common.wrapper.ApplicationUpdateWrapper;
import org.wso2.carbon.device.application.mgt.common.wrapper.ApplicationWrapper; import org.wso2.carbon.device.application.mgt.common.wrapper.ApplicationWrapper;
import java.util.List; import java.util.List;
@ -60,17 +62,16 @@ import javax.ws.rs.core.Response;
@SwaggerDefinition( @SwaggerDefinition(
info = @Info( info = @Info(
version = "1.0.0", version = "1.0.0",
title = "ApplicationDTO Management Service", title = "ApplicationDTO Management Publisher Service",
extensions = { extensions = {
@Extension(properties = { @Extension(properties = {
@ExtensionProperty(name = "name", value = "ApplicationManagementService"), @ExtensionProperty(name = "name", value = "ApplicationManagementPublisherService"),
@ExtensionProperty(name = "context", value = "/api/application-mgt/v1.0/applications"), @ExtensionProperty(name = "context", value = "/api/application-mgt-publisher/v1.0/applications"),
}) })
} }
), ),
tags = { tags = {
@Tag(name = "application_management, device_management", description = "ApplicationDTO Management related " @Tag(name = "application_management, device_management", description = "App publisher related APIs")
+ "APIs")
} }
) )
@Scopes( @Scopes(
@ -79,21 +80,21 @@ import javax.ws.rs.core.Response;
name = "Get ApplicationDTO Details", name = "Get ApplicationDTO Details",
description = "Get application details", description = "Get application details",
key = "perm:app:publisher:view", key = "perm:app:publisher:view",
permissions = {"/device-mgt/application/view"} permissions = {"/app-mgt/publisher/application/update"}
), ),
@Scope( @Scope(
name = "Update an ApplicationDTO", name = "Update an ApplicationDTO",
description = "Update an application", description = "Update an application",
key = "perm:app:publisher:update", key = "perm:app:publisher:update",
permissions = {"/device-mgt/application/update"} permissions = {"/app-mgt/publisher/application/update"}
) )
} }
) )
@Path("/publisher/applications") @Path("/applications")
@Api(value = "ApplicationDTO Management", description = "This API carries all application management related operations " + @Api(value = "ApplicationDTO Management", description = "This API carries all application management related operations " +
"such as get all the applications, add application, etc.") "such as get all the applications, add application, etc.")
@Produces(MediaType.APPLICATION_JSON) @Produces(MediaType.APPLICATION_JSON)
public interface ApplicationManagementAPI { public interface ApplicationManagementPublisherAPI {
String SCOPE = "scope"; String SCOPE = "scope";
@ -193,7 +194,7 @@ public interface ApplicationManagementAPI {
tags = "ApplicationDTO Management", tags = "ApplicationDTO Management",
extensions = { extensions = {
@Extension(properties = { @Extension(properties = {
@ExtensionProperty(name = SCOPE, value = "perm:app:publisher:update") @ExtensionProperty(name = SCOPE, value = "perm:app:update")
}) })
} }
) )
@ -220,9 +221,9 @@ public interface ApplicationManagementAPI {
@PathParam("appId") int appId, @PathParam("appId") int appId,
@ApiParam( @ApiParam(
name = "application", name = "application",
value = "The application that need to be edited.", value = "Application data that need to be edited.",
required = true) required = true)
@Valid ApplicationWrapper applicationWrapper @Valid ApplicationUpdateWrapper applicationUpdateWrapper
); );
@POST @POST
@ -237,7 +238,7 @@ public interface ApplicationManagementAPI {
tags = "ApplicationDTO Management", tags = "ApplicationDTO Management",
extensions = { extensions = {
@Extension(properties = { @Extension(properties = {
@ExtensionProperty(name = SCOPE, value = "perm:app:publisher:update") @ExtensionProperty(name = SCOPE, value = "perm:app:update")
}) })
} }
) )
@ -307,7 +308,7 @@ public interface ApplicationManagementAPI {
tags = "ApplicationDTO Management", tags = "ApplicationDTO Management",
extensions = { extensions = {
@Extension(properties = { @Extension(properties = {
@ExtensionProperty(name = SCOPE, value = "perm:app:publisher:update") @ExtensionProperty(name = SCOPE, value = "perm:app:update")
}) })
} }
) )
@ -386,7 +387,7 @@ public interface ApplicationManagementAPI {
tags = "ApplicationDTO Management", tags = "ApplicationDTO Management",
extensions = { extensions = {
@Extension(properties = { @Extension(properties = {
@ExtensionProperty(name = SCOPE, value = "perm:app:publisher:update") @ExtensionProperty(name = SCOPE, value = "perm:app:update")
}) })
} }
) )
@ -398,7 +399,7 @@ public interface ApplicationManagementAPI {
response = List.class), response = List.class),
@ApiResponse( @ApiResponse(
code = 500, code = 500,
message = "Internal Server Error. \n Error occurred while deleteing the application.", message = "Internal Server Error. \n Error occurred while deleting the application.",
response = ErrorResponse.class) response = ErrorResponse.class)
}) })
Response deleteApplication( Response deleteApplication(
@ -422,7 +423,7 @@ public interface ApplicationManagementAPI {
tags = "ApplicationDTO Management", tags = "ApplicationDTO Management",
extensions = { extensions = {
@Extension(properties = { @Extension(properties = {
@ExtensionProperty(name = SCOPE, value = "perm:app:publisher:update") @ExtensionProperty(name = SCOPE, value = "perm:app:update")
}) })
} }
) )
@ -493,7 +494,7 @@ public interface ApplicationManagementAPI {
tags = "ApplicationDTO Management", tags = "ApplicationDTO Management",
extensions = { extensions = {
@Extension(properties = { @Extension(properties = {
@ExtensionProperty(name = SCOPE, value = "perm:app:publisher:update") @ExtensionProperty(name = SCOPE, value = "perm:app:update")
}) })
} }
) )
@ -546,7 +547,7 @@ public interface ApplicationManagementAPI {
tags = "ApplicationDTO Management", tags = "ApplicationDTO Management",
extensions = { extensions = {
@Extension(properties = { @Extension(properties = {
@ExtensionProperty(name = SCOPE, value = "perm:app:publisher:update") @ExtensionProperty(name = SCOPE, value = "perm:app:update")
}) })
} }
) )
@ -594,7 +595,7 @@ public interface ApplicationManagementAPI {
tags = "Lifecycle Management", tags = "Lifecycle Management",
extensions = { extensions = {
@Extension(properties = { @Extension(properties = {
@ExtensionProperty(name = SCOPE, value = "perm:app:publisher:view") @ExtensionProperty(name = SCOPE, value = "perm:app:update")
}) })
} }
) )
@ -626,7 +627,7 @@ public interface ApplicationManagementAPI {
tags = "Lifecycle Management", tags = "Lifecycle Management",
extensions = { extensions = {
@Extension(properties = { @Extension(properties = {
@ExtensionProperty(name = SCOPE, value = "perm:app:publisher:update") @ExtensionProperty(name = SCOPE, value = "perm:app:update")
}) })
} }
) )

@ -30,11 +30,12 @@ import org.wso2.carbon.device.application.mgt.common.exception.RequestValidating
import org.wso2.carbon.device.application.mgt.common.response.Application; import org.wso2.carbon.device.application.mgt.common.response.Application;
import org.wso2.carbon.device.application.mgt.common.response.ApplicationRelease; import org.wso2.carbon.device.application.mgt.common.response.ApplicationRelease;
import org.wso2.carbon.device.application.mgt.common.wrapper.ApplicationReleaseWrapper; import org.wso2.carbon.device.application.mgt.common.wrapper.ApplicationReleaseWrapper;
import org.wso2.carbon.device.application.mgt.common.wrapper.ApplicationUpdateWrapper;
import org.wso2.carbon.device.application.mgt.common.wrapper.ApplicationWrapper; import org.wso2.carbon.device.application.mgt.common.wrapper.ApplicationWrapper;
import org.wso2.carbon.device.application.mgt.core.exception.BadRequestException; import org.wso2.carbon.device.application.mgt.core.exception.BadRequestException;
import org.wso2.carbon.device.application.mgt.core.exception.ForbiddenException; import org.wso2.carbon.device.application.mgt.core.exception.ForbiddenException;
import org.wso2.carbon.device.application.mgt.core.util.APIUtil; import org.wso2.carbon.device.application.mgt.core.util.APIUtil;
import org.wso2.carbon.device.application.mgt.publisher.api.services.ApplicationManagementAPI; import org.wso2.carbon.device.application.mgt.publisher.api.services.ApplicationManagementPublisherAPI;
import org.wso2.carbon.device.application.mgt.common.exception.ApplicationManagementException; import org.wso2.carbon.device.application.mgt.common.exception.ApplicationManagementException;
import org.wso2.carbon.device.application.mgt.common.services.ApplicationManager; import org.wso2.carbon.device.application.mgt.common.services.ApplicationManager;
import org.wso2.carbon.device.application.mgt.common.services.ApplicationStorageManager; import org.wso2.carbon.device.application.mgt.common.services.ApplicationStorageManager;
@ -50,7 +51,6 @@ import javax.activation.DataHandler;
import javax.validation.Valid; import javax.validation.Valid;
import javax.ws.rs.Consumes; import javax.ws.rs.Consumes;
import javax.ws.rs.DELETE; import javax.ws.rs.DELETE;
import javax.ws.rs.DefaultValue;
import javax.ws.rs.GET; import javax.ws.rs.GET;
import javax.ws.rs.POST; import javax.ws.rs.POST;
import javax.ws.rs.PUT; import javax.ws.rs.PUT;
@ -66,9 +66,7 @@ import javax.ws.rs.core.Response;
*/ */
@Produces({"application/json"}) @Produces({"application/json"})
@Path("/applications") @Path("/applications")
public class ApplicationManagementAPIImpl implements ApplicationManagementAPI { public class ApplicationManagementPublisherAPIImpl implements ApplicationManagementPublisherAPI {
private static Log log = LogFactory.getLog(ApplicationManagementAPIImpl.class);
@POST @POST
@Override @Override
@ -319,10 +317,10 @@ public class ApplicationManagementAPIImpl implements ApplicationManagementAPI {
@Path("/{appId}") @Path("/{appId}")
public Response updateApplication( public Response updateApplication(
@PathParam("appId") int applicationId, @PathParam("appId") int applicationId,
@Valid ApplicationWrapper applicationWrapper) { @Valid ApplicationUpdateWrapper applicationUpdateWrapper) {
ApplicationManager applicationManager = APIUtil.getApplicationManager(); ApplicationManager applicationManager = APIUtil.getApplicationManager();
try { try {
applicationManager.updateApplication(applicationId, applicationWrapper); applicationManager.updateApplication(applicationId, applicationUpdateWrapper);
return Response.status(Response.Status.OK) return Response.status(Response.Status.OK)
.entity("Application was updated successfully for ApplicationID: " + applicationId).build(); .entity("Application was updated successfully for ApplicationID: " + applicationId).build();
} catch (NotFoundException e) { } catch (NotFoundException e) {

@ -52,7 +52,7 @@
<bean id="swaggerWriter" class="io.swagger.jaxrs.listing.SwaggerSerializers" /> <bean id="swaggerWriter" class="io.swagger.jaxrs.listing.SwaggerSerializers" />
<bean id="swaggerResource" class="io.swagger.jaxrs.listing.ApiListingResource" /> <bean id="swaggerResource" class="io.swagger.jaxrs.listing.ApiListingResource" />
<bean id="applicationMgtServiceBean" class="org.wso2.carbon.device.application.mgt.publisher.api.services.impl.ApplicationManagementAPIImpl"/> <bean id="applicationMgtServiceBean" class="org.wso2.carbon.device.application.mgt.publisher.api.services.impl.ApplicationManagementPublisherAPIImpl"/>
<bean id="jsonProvider" class="org.wso2.carbon.device.application.mgt.addons.JSONMessageHandler"/> <bean id="jsonProvider" class="org.wso2.carbon.device.application.mgt.addons.JSONMessageHandler"/>
<bean id="multipartProvider" class="org.wso2.carbon.device.application.mgt.addons.MultipartCustomProvider"/> <bean id="multipartProvider" class="org.wso2.carbon.device.application.mgt.addons.MultipartCustomProvider"/>

@ -68,7 +68,7 @@ import javax.ws.rs.core.Response;
name = "Get ApplicationDTO Details", name = "Get ApplicationDTO Details",
description = "Get application details", description = "Get application details",
key = "perm:app:store:view", key = "perm:app:store:view",
permissions = {"/device-mgt/application/get"} permissions = {"/app-mgt/store/application/view"}
) )
} }
) )
@ -92,7 +92,7 @@ public interface ApplicationManagementAPI {
tags = "ApplicationDTO Management", tags = "ApplicationDTO Management",
extensions = { extensions = {
@Extension(properties = { @Extension(properties = {
@ExtensionProperty(name = SCOPE, value = "perm:application:get") @ExtensionProperty(name = SCOPE, value = "perm:app:store:view")
}) })
} }
) )
@ -155,7 +155,7 @@ public interface ApplicationManagementAPI {
tags = "ApplicationDTO Management", tags = "ApplicationDTO Management",
extensions = { extensions = {
@Extension(properties = { @Extension(properties = {
@ExtensionProperty(name = SCOPE, value = "perm:application:get") @ExtensionProperty(name = SCOPE, value = "perm:app:store:view")
}) })
} }
) )

@ -72,13 +72,13 @@ import java.util.List;
name = "Get Review Details", name = "Get Review Details",
description = "Get review details", description = "Get review details",
key = "perm:app:review:view", key = "perm:app:review:view",
permissions = {"/device-mgt/review/view"} permissions = {"/app-mgt/store/review/view"}
), ),
@Scope( @Scope(
name = "Update a Review", name = "Update a Review",
description = "Update a comment", description = "Update a comment",
key = "perm:app:review:update", key = "perm:app:review:update",
permissions = {"/device-mgt/review/update"} permissions = {"/app-mgt/store/review/update"}
), ),
} }
) )

@ -31,13 +31,14 @@ import org.wso2.carbon.webapp.authenticator.framework.authenticator.WebappAuthen
import org.wso2.carbon.webapp.authenticator.framework.authorizer.WebappTenantAuthorizer; import org.wso2.carbon.webapp.authenticator.framework.authorizer.WebappTenantAuthorizer;
import javax.servlet.http.HttpServletResponse; import javax.servlet.http.HttpServletResponse;
import java.util.HashMap;
import java.util.StringTokenizer; import java.util.StringTokenizer;
import java.util.TreeMap;
import java.util.regex.Pattern;
public class WebappAuthenticationValve extends CarbonTomcatValve { public class WebappAuthenticationValve extends CarbonTomcatValve {
private static final Log log = LogFactory.getLog(WebappAuthenticationValve.class); private static final Log log = LogFactory.getLog(WebappAuthenticationValve.class);
private static HashMap<String, String> nonSecuredEndpoints = new HashMap<>(); private static TreeMap<String, String> nonSecuredEndpoints = new TreeMap<>();
@Override @Override
public void invoke(Request request, Response response, CompositeValve compositeValve) { public void invoke(Request request, Response response, CompositeValve compositeValve) {
@ -126,6 +127,7 @@ public class WebappAuthenticationValve extends CarbonTomcatValve {
if (!nonSecuredEndpoints.containsKey(contextPath)) { if (!nonSecuredEndpoints.containsKey(contextPath)) {
String param = request.getContext().findParameter("nonSecuredEndPoints"); String param = request.getContext().findParameter("nonSecuredEndPoints");
String skippedEndPoint; String skippedEndPoint;
boolean isUriUnsecured = false;
if (param != null && !param.isEmpty()) { if (param != null && !param.isEmpty()) {
//Add the nonSecured end-points to cache //Add the nonSecured end-points to cache
StringTokenizer tokenizer = new StringTokenizer(param, ","); StringTokenizer tokenizer = new StringTokenizer(param, ",");
@ -137,10 +139,23 @@ public class WebappAuthenticationValve extends CarbonTomcatValve {
skippedEndPoint = skippedEndPoint + "/"; skippedEndPoint = skippedEndPoint + "/";
} }
nonSecuredEndpoints.put(skippedEndPoint, "true"); nonSecuredEndpoints.put(skippedEndPoint, "true");
if (uri.equals(skippedEndPoint) || Pattern.matches(skippedEndPoint, uri)){
isUriUnsecured = true;
} }
} }
return isUriUnsecured;
} }
return nonSecuredEndpoints.containsKey(uri); } else {
if (nonSecuredEndpoints.containsKey(uri)) {
return true;
}
for (String endpoint : nonSecuredEndpoints.keySet()) {
if (Pattern.matches(endpoint, uri)) {
return true;
}
}
}
return false;
} }
private void processRequest(Request request, Response response, CompositeValve compositeValve, private void processRequest(Request request, Response response, CompositeValve compositeValve,

@ -149,6 +149,7 @@
<Scope>perm:app:review:update</Scope> <Scope>perm:app:review:update</Scope>
<Scope>perm:app:publisher:view</Scope> <Scope>perm:app:publisher:view</Scope>
<Scope>perm:app:publisher:update</Scope> <Scope>perm:app:publisher:update</Scope>
<Scope>perm:app:store:view</Scope>
</Scopes> </Scopes>
<SSOConfiguration> <SSOConfiguration>
<Issuer>app-mgt</Issuer> <Issuer>app-mgt</Issuer>

Loading…
Cancel
Save