Refactored permission authorizer module

components/device-mgt/org.wso2.carbon.device.mgt.core/src/main/java/org/wso2/carbon/device/mgt/core/config/permission/Permission.java

@@ -21,37 +21,40 @@ package org.wso2.carbon.device.mgt.core.config.permission;
 import javax.xml.bind.annotation.XmlElement;
 import javax.xml.bind.annotation.XmlRootElement;
 
-@XmlRootElement(name = "Permission")
-public class Permission{
+/**
+ * This class represents the information related to permission.
+ */
+@XmlRootElement (name = "Permission")
+public class Permission {
 
-	private String name; // permission name
-	private String path; // permission string
+    private String name; // permission name
+    private String path; // permission string
     private String url; // url of the resource
     private String method; // http method
 
-	public String getName() {
-		return name;
-	}
+    public String getName() {
+        return name;
+    }
 
-	@XmlElement(name = "name", required = true)
-	public void setName(String name) {
-		this.name = name;
-	}
+    @XmlElement (name = "name", required = true)
+    public void setName(String name) {
+        this.name = name;
+    }
 
-	public String getPath() {
-		return path;
-	}
+    public String getPath() {
+        return path;
+    }
 
-	@XmlElement(name = "path", required = true)
-	public void setPath(String path) {
-		this.path = path;
-	}
+    @XmlElement (name = "path", required = true)
+    public void setPath(String path) {
+        this.path = path;
+    }
 
     public String getUrl() {
         return url;
     }
 
-    @XmlElement(name = "url", required = true)
+    @XmlElement (name = "url", required = true)
     public void setUrl(String url) {
         this.url = url;
     }
@@ -60,7 +63,7 @@ public class Permission{
         return method;
     }
 
-    @XmlElement(name = "method", required = true)
+    @XmlElement (name = "method", required = true)
     public void setMethod(String method) {
         this.method = method;
     }

components/device-mgt/org.wso2.carbon.device.mgt.core/src/main/java/org/wso2/carbon/device/mgt/core/config/permission/PermissionConfiguration.java

@@ -22,17 +22,20 @@ import javax.xml.bind.annotation.XmlElement;
 import javax.xml.bind.annotation.XmlRootElement;
 import java.util.List;
 
-@XmlRootElement(name = "PermissionConfiguration")
+/**
+ * This class represents the information related to permission configuration.
+ */
+@XmlRootElement (name = "PermissionConfiguration")
 public class PermissionConfiguration {
 
-	private List<Permission> permissions;
+    private List<Permission> permissions;
 
-	public List<Permission> getPermissions() {
-		return permissions;
-	}
+    public List<Permission> getPermissions() {
+        return permissions;
+    }
 
-	@XmlElement(name = "Permission", required = true)
-	public void setPermissions(List<Permission> permissions) {
-		this.permissions = permissions;
-	}
+    @XmlElement (name = "Permission", required = true)
+    public void setPermissions(List<Permission> permissions) {
+        this.permissions = permissions;
+    }
 }

components/device-mgt/org.wso2.carbon.device.mgt.core/src/main/java/org/wso2/carbon/device/mgt/core/config/permission/PermissionManager.java

@@ -32,96 +32,59 @@ import java.util.StringTokenizer;
  */
 public class PermissionManager {
 
-	private static PermissionManager permissionManager;
-    private static PermissionHolder rootNode;
+    private static PermissionManager permissionManager;
+    private static PermissionTree permissionTree; // holds the permissions at runtime.
 
-	private PermissionManager(){};
-
-	public static PermissionManager getInstance() {
-		if (permissionManager == null) {
-			synchronized (PermissionManager.class) {
-				if (permissionManager == null) {
-					permissionManager = new PermissionManager();
-                    rootNode = new PermissionHolder("/"); // initializing the root node.
-				}
-			}
-		}
-		return permissionManager;
-	}
+    private PermissionManager() {
+    }
 
-	public boolean addPermission(Permission permission) throws DeviceManagementException {
-        StringTokenizer st = new StringTokenizer(permission.getUrl(), "/");
-        PermissionHolder tempRoot = rootNode;
-        PermissionHolder tempChild;
-        while(st.hasMoreTokens()) {
-            tempChild = new PermissionHolder(st.nextToken());
-            tempRoot = addPermissionNode(tempRoot, tempChild);
+    public static PermissionManager getInstance() {
+        if (permissionManager == null) {
+            synchronized (PermissionManager.class) {
+                if (permissionManager == null) {
+                    permissionManager = new PermissionManager();
+                    permissionTree = new PermissionTree();
+                }
+            }
         }
-        tempRoot.addPermission(permission.getMethod(), permission); //setting permission to the vertex
-		try {
-			return PermissionUtils.putPermission(permission);
-		} catch (DeviceManagementException e) {
-			throw new DeviceManagementException("Error occurred while adding the permission : " +
-			                                    permission.getName(), e);
-		}
-	}
-
-	public boolean addPermissions(List<Permission> permissions) throws DeviceManagementException{
-		for(Permission permission:permissions){
-			this.addPermission(permission);
-		}
-		return true;
-	}
+        return permissionManager;
+    }
 
-	public void initializePermissions(InputStream permissionStream) throws DeviceManagementException {
-		try {
-			if(permissionStream != null){
-				/* Un-marshaling Device Management configuration */
-				JAXBContext cdmContext = JAXBContext.newInstance(PermissionConfiguration.class);
-				Unmarshaller unmarshaller = cdmContext.createUnmarshaller();
-				PermissionConfiguration permissionConfiguration = (PermissionConfiguration)
-						unmarshaller.unmarshal(permissionStream);
-				if((permissionConfiguration != null) && (permissionConfiguration.getPermissions() != null)){
-					this.addPermissions(permissionConfiguration.getPermissions());
-				}
-			}
-		} catch (JAXBException e) {
-			throw new DeviceManagementException("Error occurred while initializing Data Source config", e);
-		}
-	}
+    public boolean addPermission(Permission permission) throws DeviceManagementException {
+        permissionTree.addPermission(permission); // adding a permission to the tree
+        try {
+            return PermissionUtils.putPermission(permission);
+        } catch (DeviceManagementException e) {
+            throw new DeviceManagementException("Error occurred while adding the permission : " +
+                    permission.getName(), e);
+        }
+    }
 
-    private PermissionHolder addPermissionNode(PermissionHolder parent, PermissionHolder child) {
-        PermissionHolder existChild = parent.getChild(child.getPathName());
-        if (existChild == null) {
-            parent.addChild(child);
-            return child;
+    public boolean addPermissions(List<Permission> permissions) throws DeviceManagementException {
+        for (Permission permission : permissions) {
+            this.addPermission(permission);
         }
-        return existChild;
+        return true;
     }
 
-    public Permission getPermission(String url, String httpMethod) {
-        StringTokenizer st = new StringTokenizer(url, "/");
-        PermissionHolder tempRoot = rootNode;
-        PermissionHolder previousRoot;
-        while (st.hasMoreTokens()) {
-            String currentToken = st.nextToken();
-            previousRoot = tempRoot;
-            tempRoot = tempRoot.getChild(currentToken);
-            if (tempRoot == null) {
-                tempRoot = previousRoot;
-                int leftTokens = st.countTokens();
-                for (int i = 0; i <= leftTokens; i++) {
-                    if (tempRoot == null) {
-                        return null;
-                    }
-                    tempRoot = tempRoot.getChild("*");
+    public void initializePermissions(InputStream permissionStream) throws DeviceManagementException {
+        try {
+            if (permissionStream != null) {
+                /* Un-marshaling Device Management configuration */
+                JAXBContext cdmContext = JAXBContext.newInstance(PermissionConfiguration.class);
+                Unmarshaller unmarshaller = cdmContext.createUnmarshaller();
+                PermissionConfiguration permissionConfiguration = (PermissionConfiguration)
+                        unmarshaller.unmarshal(permissionStream);
+                if (permissionConfiguration != null && permissionConfiguration.getPermissions() != null) {
+                    this.addPermissions(permissionConfiguration.getPermissions());
                 }
-                break;
             }
+        } catch (JAXBException e) {
+            throw new DeviceManagementException("Error occurred while initializing Data Source config", e);
         }
-        if (tempRoot == null) {
-            return null;
-        }
-        return tempRoot.getPermission(httpMethod);
+    }
+
+    public Permission getPermission(String url, String httpMethod) {
+        return permissionTree.getPermission(url, httpMethod);
     }
 }

components/device-mgt/org.wso2.carbon.device.mgt.core/src/main/java/org/wso2/carbon/device/mgt/core/config/permission/PermissionNode.java

@@ -25,15 +25,15 @@ import java.util.List;
 import java.util.Map;
 
 /**
- * This class represents the node of a permission graph.
+ * This class represents the node of a permission tree.
  */
-public class PermissionHolder {
+public class PermissionNode {
 
-    String pathName;
-    Map<String, Permission> permissions = new HashMap<String, Permission>();
-    List<PermissionHolder> children = new ArrayList<PermissionHolder>();
+    private String pathName;
+    private Map<String, Permission> permissions = new HashMap<String, Permission>();
+    private List<PermissionNode> children = new ArrayList<PermissionNode>();
 
-    public PermissionHolder(String pathName) {
+    public PermissionNode(String pathName) {
         this.pathName = pathName;
     }
 
@@ -45,13 +45,13 @@ public class PermissionHolder {
         this.pathName = pathName;
     }
 
-    public List<PermissionHolder> getChildren() {
+    public List<PermissionNode> getChildren() {
         return children;
     }
 
-    public PermissionHolder getChild(String pathName) {
-        PermissionHolder child = null;
-        for (PermissionHolder node : children) {
+    public PermissionNode getChild(String pathName) {
+        PermissionNode child = null;
+        for (PermissionNode node : children) {
             if (node.getPathName().equals(pathName)) {
                 return node;
             }
@@ -59,7 +59,7 @@ public class PermissionHolder {
         return child;
     }
 
-    public void addChild(PermissionHolder node) {
+    public void addChild(PermissionNode node) {
         children.add(node);
     }
 

components/device-mgt/org.wso2.carbon.device.mgt.core/src/main/java/org/wso2/carbon/device/mgt/core/config/permission/PermissionUtils.java

@@ -84,7 +84,7 @@ public class PermissionUtils {
 		return status;
 	}
 
-	public static boolean checkPermissionExistance(Permission permission)
+	public static boolean checkPermissionExistence(Permission permission)
 			throws DeviceManagementException,
 			       org.wso2.carbon.registry.core.exceptions.RegistryException {
 		return PermissionUtils.getGovernanceRegistry().resourceExists(permission.getPath());

components/webapp-authenticator-framework/org.wso2.carbon.webapp.authenticator.framework/src/main/java/org/wso2/carbon/webapp/authenticator/framework/authorizer/PermissionAuthorizationValve.java

@@ -29,9 +29,9 @@ import org.wso2.carbon.webapp.authenticator.framework.authenticator.WebappAuthen
 
 import javax.servlet.http.HttpServletResponse;
 
-public class PermissionAuthorizerValve extends CarbonTomcatValve {
+public class PermissionAuthorizationValve extends CarbonTomcatValve {
 
-    private static final Log log = LogFactory.getLog(PermissionAuthorizerValve.class);
+    private static final Log log = LogFactory.getLog(PermissionAuthorizationValve.class);
     private static final String AUTHORIZATION_ENABLED = "authorization-enabled";
 
 
@@ -44,7 +44,7 @@ public class PermissionAuthorizerValve extends CarbonTomcatValve {
             this.processResponse(request, response, compositeValve, WebappAuthenticator.Status.CONTINUE);
             return;
         }
-        // check whether the permission checking function is enabled
+        // check whether the permission checking function is enabled in web.xml
         boolean isEnabled = new Boolean(permissionStatus);
         if (!isEnabled) {
             this.processResponse(request, response, compositeValve, WebappAuthenticator.Status.CONTINUE);

components/webapp-authenticator-framework/org.wso2.carbon.webapp.authenticator.framework/src/main/java/org/wso2/carbon/webapp/authenticator/framework/authorizer/PermissionAuthorizer.java

@@ -39,12 +39,11 @@ public class PermissionAuthorizer {
 
     public WebappAuthenticator.Status authorize(Request request, Response response) {
 
-        // contextOperation is used to get defined operation type from the web.xml
         String requestUri = request.getRequestURI();
         String requestMethod = request.getMethod();
 
         if (requestUri == null || requestUri.isEmpty() ||
-            requestMethod == null || requestMethod.isEmpty()) {
+                requestMethod == null || requestMethod.isEmpty()) {
             return WebappAuthenticator.Status.CONTINUE;
         }
 
@@ -61,7 +60,10 @@ public class PermissionAuthorizer {
         String permissionString = requestPermission.getPath();
 
         // This is added temporarily until authentication works.
+        // TODO remove below line.
         String username = "admin";
+        // TODO uncomment this once the authentication works.
+        //String username = CarbonContext.getThreadLocalCarbonContext().getUsername();
 
         boolean isUserAuthorized;
         try {

components/webapp-authenticator-framework/org.wso2.carbon.webapp.authenticator.framework/src/main/java/org/wso2/carbon/webapp/authenticator/framework/internal/WebappAuthenticatorFrameworkServiceComponent.java

@@ -23,7 +23,6 @@ import org.apache.commons.logging.LogFactory;
 import org.osgi.service.component.ComponentContext;
 import org.wso2.carbon.certificate.mgt.core.service.CertificateManagementService;
 import org.wso2.carbon.device.mgt.core.scep.SCEPManager;
-import org.wso2.carbon.device.mgt.core.service.DeviceManagementProviderService;
 import org.wso2.carbon.tomcat.ext.valves.CarbonTomcatValve;
 import org.wso2.carbon.tomcat.ext.valves.TomcatValveContainer;
 import org.wso2.carbon.user.core.service.RealmService;
@@ -31,7 +30,7 @@ import org.wso2.carbon.webapp.authenticator.framework.DataHolder;
 import org.wso2.carbon.webapp.authenticator.framework.WebappAuthenticationHandler;
 import org.wso2.carbon.webapp.authenticator.framework.authenticator.WebappAuthenticator;
 import org.wso2.carbon.webapp.authenticator.framework.WebappAuthenticatorRepository;
-import org.wso2.carbon.webapp.authenticator.framework.authorizer.PermissionAuthorizerValve;
+import org.wso2.carbon.webapp.authenticator.framework.authorizer.PermissionAuthorizationValve;
 import org.wso2.carbon.webapp.authenticator.framework.config.AuthenticatorConfig;
 import org.wso2.carbon.webapp.authenticator.framework.config.WebappAuthenticatorConfig;
 
@@ -87,7 +86,7 @@ public class WebappAuthenticatorFrameworkServiceComponent {
 
             List<CarbonTomcatValve> valves = new ArrayList<CarbonTomcatValve>();
             valves.add(new WebappAuthenticationHandler());
-            valves.add(new PermissionAuthorizerValve());
+            valves.add(new PermissionAuthorizationValve());
             TomcatValveContainer.addValves(valves);
 
             if (log.isDebugEnabled()) {