diff --git a/components/device-types/androidsense-plugin/org.wso2.carbon.device.mgt.iot.androidsense.api/src/main/java/org/wso2/carbon/device/mgt/iot/androidsense/service/impl/AndroidSenseServiceImpl.java b/components/device-types/androidsense-plugin/org.wso2.carbon.device.mgt.iot.androidsense.api/src/main/java/org/wso2/carbon/device/mgt/iot/androidsense/service/impl/AndroidSenseServiceImpl.java
index f99f2ed5c7..72ccc6fe8f 100644
--- a/components/device-types/androidsense-plugin/org.wso2.carbon.device.mgt.iot.androidsense.api/src/main/java/org/wso2/carbon/device/mgt/iot/androidsense/service/impl/AndroidSenseServiceImpl.java
+++ b/components/device-types/androidsense-plugin/org.wso2.carbon.device.mgt.iot.androidsense.api/src/main/java/org/wso2/carbon/device/mgt/iot/androidsense/service/impl/AndroidSenseServiceImpl.java
@@ -48,7 +48,7 @@ import java.util.Properties;
public class AndroidSenseServiceImpl implements AndroidSenseService {
private static Log log = LogFactory.getLog(AndroidSenseServiceImpl.class);
- private static String DEFAULT_MQTT_ENDPOINT = "tcp://localhost:1883";
+ private static String DEFAULT_MQTT_ENDPOINT = "tcp://localhost:1886";
@Path("device/{deviceId}/words")
@POST
diff --git a/components/device-types/androidsense-plugin/org.wso2.carbon.device.mgt.iot.androidsense.api/src/main/java/org/wso2/carbon/device/mgt/iot/androidsense/service/impl/constants/AndroidSenseConstants.java b/components/device-types/androidsense-plugin/org.wso2.carbon.device.mgt.iot.androidsense.api/src/main/java/org/wso2/carbon/device/mgt/iot/androidsense/service/impl/constants/AndroidSenseConstants.java
index ea62644b93..e1419844c7 100644
--- a/components/device-types/androidsense-plugin/org.wso2.carbon.device.mgt.iot.androidsense.api/src/main/java/org/wso2/carbon/device/mgt/iot/androidsense/service/impl/constants/AndroidSenseConstants.java
+++ b/components/device-types/androidsense-plugin/org.wso2.carbon.device.mgt.iot.androidsense.api/src/main/java/org/wso2/carbon/device/mgt/iot/androidsense/service/impl/constants/AndroidSenseConstants.java
@@ -40,6 +40,6 @@ public class AndroidSenseConstants {
public static final String HOST_NAME = "HostName";
public static final String LOCALHOST = "localhost";
public static final String CONFIG_TYPE = "general";
- public static final String DEFAULT_ENDPOINT = "tcp://localhost:1883";
+ public static final String DEFAULT_ENDPOINT = "tcp://localhost:1886";
}
diff --git a/components/device-types/raspberrypi-plugin/org.wso2.carbon.device.mgt.iot.raspberrypi.api/src/main/java/org/wso2/carbon/device/mgt/iot/raspberrypi/service/impl/util/ZipUtil.java b/components/device-types/raspberrypi-plugin/org.wso2.carbon.device.mgt.iot.raspberrypi.api/src/main/java/org/wso2/carbon/device/mgt/iot/raspberrypi/service/impl/util/ZipUtil.java
index d12a2df048..d8c955a158 100644
--- a/components/device-types/raspberrypi-plugin/org.wso2.carbon.device.mgt.iot.raspberrypi.api/src/main/java/org/wso2/carbon/device/mgt/iot/raspberrypi/service/impl/util/ZipUtil.java
+++ b/components/device-types/raspberrypi-plugin/org.wso2.carbon.device.mgt.iot.raspberrypi.api/src/main/java/org/wso2/carbon/device/mgt/iot/raspberrypi/service/impl/util/ZipUtil.java
@@ -64,7 +64,7 @@ public class ZipUtil {
private static final String HTTPS_PROTOCOL_APPENDER = "https://";
private static final String HTTP_PROTOCOL_APPENDER = "http://";
private static final String CONFIG_TYPE = "general";
- private static final String DEFAULT_MQTT_ENDPOINT = "tcp://localhost:1883";
+ private static final String DEFAULT_MQTT_ENDPOINT = "tcp://localhost:1886";
public ZipArchive createZipFile(String owner, String tenantDomain, String deviceType,
String deviceId, String deviceName, String token,
diff --git a/components/device-types/virtual-fire-alarm-plugin/org.wso2.carbon.device.mgt.iot.virtualfirealarm.api/src/main/java/org/wso2/carbon/device/mgt/iot/virtualfirealarm/service/impl/util/ZipUtil.java b/components/device-types/virtual-fire-alarm-plugin/org.wso2.carbon.device.mgt.iot.virtualfirealarm.api/src/main/java/org/wso2/carbon/device/mgt/iot/virtualfirealarm/service/impl/util/ZipUtil.java
index feb8135db1..2c6cd28407 100644
--- a/components/device-types/virtual-fire-alarm-plugin/org.wso2.carbon.device.mgt.iot.virtualfirealarm.api/src/main/java/org/wso2/carbon/device/mgt/iot/virtualfirealarm/service/impl/util/ZipUtil.java
+++ b/components/device-types/virtual-fire-alarm-plugin/org.wso2.carbon.device.mgt.iot.virtualfirealarm.api/src/main/java/org/wso2/carbon/device/mgt/iot/virtualfirealarm/service/impl/util/ZipUtil.java
@@ -67,7 +67,7 @@ public class ZipUtil {
private static final String HTTPS_PROTOCOL_APPENDER = "https://";
private static final String HTTP_PROTOCOL_APPENDER = "http://";
private static final String CONFIG_TYPE = "general";
- private static final String DEFAULT_MQTT_ENDPOINT = "tcp://localhost:1883";
+ private static final String DEFAULT_MQTT_ENDPOINT = "tcp://localhost:1886";
public static final String HOST_NAME = "HostName";
public ZipArchive createZipFile(String owner, String deviceType, String deviceId, String deviceName,
diff --git a/components/device-types/virtual-fire-alarm-plugin/org.wso2.carbon.device.mgt.iot.virtualfirealarm.plugin/src/main/java/org/wso2/carbon/device/mgt/iot/virtualfirealarm/plugin/constants/VirtualFireAlarmConstants.java b/components/device-types/virtual-fire-alarm-plugin/org.wso2.carbon.device.mgt.iot.virtualfirealarm.plugin/src/main/java/org/wso2/carbon/device/mgt/iot/virtualfirealarm/plugin/constants/VirtualFireAlarmConstants.java
index b505832e5b..0d163c9fd2 100644
--- a/components/device-types/virtual-fire-alarm-plugin/org.wso2.carbon.device.mgt.iot.virtualfirealarm.plugin/src/main/java/org/wso2/carbon/device/mgt/iot/virtualfirealarm/plugin/constants/VirtualFireAlarmConstants.java
+++ b/components/device-types/virtual-fire-alarm-plugin/org.wso2.carbon.device.mgt.iot.virtualfirealarm.plugin/src/main/java/org/wso2/carbon/device/mgt/iot/virtualfirealarm/plugin/constants/VirtualFireAlarmConstants.java
@@ -46,7 +46,7 @@ public class VirtualFireAlarmConstants {
public static final String CARBON_CONFIG_PORT_OFFSET = "Ports.Offset";
public static final String DEFAULT_CARBON_LOCAL_IP_PROPERTY = "carbon.local.ip";
public static final int CARBON_DEFAULT_PORT_OFFSET = 0;
- public static final int DEFAULT_MQTT_PORT = 1883;
+ public static final int DEFAULT_MQTT_PORT = 1886;
//xmpp transport related constants
public static final String XMPP_ADAPTER_NAME = "virtual_firealarm_xmpp";
diff --git a/components/extensions/cdmf-transport-adapters/input/org.wso2.carbon.device.mgt.input.adapter.mqtt/src/main/java/org/wso2/carbon/device/mgt/input/adapter/mqtt/util/PropertyUtils.java b/components/extensions/cdmf-transport-adapters/input/org.wso2.carbon.device.mgt.input.adapter.mqtt/src/main/java/org/wso2/carbon/device/mgt/input/adapter/mqtt/util/PropertyUtils.java
index 6433bf42bd..5cede58f6f 100644
--- a/components/extensions/cdmf-transport-adapters/input/org.wso2.carbon.device.mgt.input.adapter.mqtt/src/main/java/org/wso2/carbon/device/mgt/input/adapter/mqtt/util/PropertyUtils.java
+++ b/components/extensions/cdmf-transport-adapters/input/org.wso2.carbon.device.mgt.input.adapter.mqtt/src/main/java/org/wso2/carbon/device/mgt/input/adapter/mqtt/util/PropertyUtils.java
@@ -27,7 +27,7 @@ public class PropertyUtils {
private static final String CARBON_CONFIG_PORT_OFFSET = "Ports.Offset";
private static final String DEFAULT_CARBON_LOCAL_IP_PROPERTY = "carbon.local.ip";
private static final int CARBON_DEFAULT_PORT_OFFSET = 0;
- private static final int DEFAULT_MQTT_PORT = 1883;
+ private static final int DEFAULT_MQTT_PORT = 1886;
//This method is only used if the mb features are within DAS.
public static String replaceMqttProperty (String urlWithPlaceholders) {
diff --git a/components/extensions/cdmf-transport-adapters/input/org.wso2.carbon.device.mgt.input.adapter.mqtt/src/main/resources/org/wso2/carbon/device/mgt/input/adapter/mqtt/i18n/Resources.properties b/components/extensions/cdmf-transport-adapters/input/org.wso2.carbon.device.mgt.input.adapter.mqtt/src/main/resources/org/wso2/carbon/device/mgt/input/adapter/mqtt/i18n/Resources.properties
index acc6cfd33a..f75e4075c8 100644
--- a/components/extensions/cdmf-transport-adapters/input/org.wso2.carbon.device.mgt.input.adapter.mqtt/src/main/resources/org/wso2/carbon/device/mgt/input/adapter/mqtt/i18n/Resources.properties
+++ b/components/extensions/cdmf-transport-adapters/input/org.wso2.carbon.device.mgt.input.adapter.mqtt/src/main/resources/org/wso2/carbon/device/mgt/input/adapter/mqtt/i18n/Resources.properties
@@ -29,7 +29,7 @@ dcrUrl=dcrUrl
dcrUrl.hint=dynamic client registration endpoint URL to create application (if required) eg: https://localhost:9443/dynamic-client-web/register
contentValidator=contentValidation
contentValidator.hint=Class Name of the content Validation or 'default' to set default class, required to implement (if required)
-url.hint=MQTT broker url tcp://localhost:1883
+url.hint=MQTT broker url tcp://localhost:1886
cleanSession=Clean Session
cleanSession.hint=Persist topic subscriptions and ack positions across client sessions
keepAlive=Keep Alive (In seconds)
diff --git a/components/extensions/mb-extensions/org.wso2.carbon.andes.extensions.device.mgt.mqtt.authorization/pom.xml b/components/extensions/mb-extensions/org.wso2.carbon.andes.extensions.device.mgt.mqtt.authorization/pom.xml
new file mode 100644
index 0000000000..3ba0ed3cf5
--- /dev/null
+++ b/components/extensions/mb-extensions/org.wso2.carbon.andes.extensions.device.mgt.mqtt.authorization/pom.xml
@@ -0,0 +1,109 @@
+
+
+
+
+
+
+ org.wso2.carbon.devicemgt-plugins
+ mb-extensions
+ 2.2.6-SNAPSHOT
+ ../pom.xml
+
+
+ 4.0.0
+ org.wso2.carbon.andes.extensions.device.mgt.mqtt.authorization
+ bundle
+ WSO2 Carbon - Component - MQTT - Authorization Manager
+ MQTT authorization manager based on Carbon device manager
+ http://wso2.org
+
+
+
+ org.wso2.carbon
+ org.wso2.carbon.utils
+
+
+ org.wso2.carbon
+ org.wso2.carbon.core
+
+
+ org.wso2.andes.wso2
+ andes
+
+
+ org.wso2.carbon
+ org.wso2.carbon.user.api
+
+
+ org.wso2.carbon
+ org.wso2.carbon.user.core
+
+
+ commons-lang
+ commons-lang
+
+
+
+
+
+
+ org.apache.felix
+ maven-scr-plugin
+
+
+ org.apache.felix
+ maven-bundle-plugin
+ true
+
+
+ ${project.artifactId}
+ ${project.artifactId}
+
+ org.wso2.carbon.andes.extensions.device.mgt.mqtt.authorization.internal
+
+
+ !org.wso2.carbon.andes.extensions.device.mgt.mqtt.authorization.internal,
+ org.wso2.carbon.andes.extensions.device.mgt.mqtt.authorization.*
+
+
+ org.apache.log4j,
+ org.dna.mqtt.moquette.server,
+ org.wso2.andes.configuration.enums,
+ org.wso2.andes.mqtt,
+ org.wso2.carbon.context,
+ org.jaxen,
+ org.apache.axiom.*,
+ org.wso2.securevault,
+ org.apache.commons.*,
+ org.osgi.service.component,
+ org.wso2.carbon.user.core.service,
+ org.wso2.carbon.user.core.tenant,
+ org.wso2.carbon.user.api,
+ *;resolution:=optional
+
+ *
+
+
+
+
+
+
+
+
diff --git a/components/extensions/mb-extensions/org.wso2.carbon.andes.extensions.device.mgt.mqtt.authorization/src/main/java/org/wso2/carbon/andes/extensions/device/mgt/mqtt/authorization/DeviceAccessBasedMQTTAuthorizer.java b/components/extensions/mb-extensions/org.wso2.carbon.andes.extensions.device.mgt.mqtt.authorization/src/main/java/org/wso2/carbon/andes/extensions/device/mgt/mqtt/authorization/DeviceAccessBasedMQTTAuthorizer.java
new file mode 100644
index 0000000000..effd878ab0
--- /dev/null
+++ b/components/extensions/mb-extensions/org.wso2.carbon.andes.extensions.device.mgt.mqtt.authorization/src/main/java/org/wso2/carbon/andes/extensions/device/mgt/mqtt/authorization/DeviceAccessBasedMQTTAuthorizer.java
@@ -0,0 +1,125 @@
+/*
+ * Copyright (c) 2016, WSO2 Inc. (http://www.wso2.org) All Rights Reserved.
+ *
+ * WSO2 Inc. licenses this file to you under the Apache License,
+ * Version 2.0 (the "License"); you may not use this file except
+ * in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing,
+ * software distributed under the License is distributed on an
+ * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+ * KIND, either express or implied. See the License for the
+ * specific language governing permissions and limitations
+ * under the License.
+ */
+
+package org.wso2.carbon.andes.extensions.device.mgt.mqtt.authorization;
+
+import org.apache.commons.logging.Log;
+import org.apache.commons.logging.LogFactory;
+import org.dna.mqtt.moquette.server.IAuthorizer;
+import org.wso2.andes.configuration.enums.MQTTAuthoriztionPermissionLevel;
+import org.wso2.andes.mqtt.MQTTAuthorizationSubject;
+import org.wso2.carbon.andes.extensions.device.mgt.mqtt.authorization.config.AuthorizationConfigurationManager;
+import org.wso2.carbon.andes.extensions.device.mgt.mqtt.authorization.internal.AuthorizationDataHolder;
+import org.wso2.carbon.context.PrivilegedCarbonContext;
+import org.wso2.carbon.user.api.UserRealm;
+import org.wso2.carbon.user.api.UserStoreException;
+
+import java.util.List;
+
+/**
+ * Authorize the connecting users against Carbon Permission Model. Intended usage is
+ * via providing fully qualified class name in broker.xml
+ *
+ * This is just a simple authorization model. For dynamic topics use an implementation based on IAuthorizer
+ */
+public class DeviceAccessBasedMQTTAuthorizer implements IAuthorizer {
+
+ private static final String SCOPE_IDENTIFIER = "scope";
+ private static final String UI_EXECUTE = "ui.execute";
+ private static Log logger = LogFactory.getLog(DeviceAccessBasedMQTTAuthorizer.class);
+ AuthorizationConfigurationManager MQTTAuthorizationConfiguration;
+
+ public DeviceAccessBasedMQTTAuthorizer() {
+ this.MQTTAuthorizationConfiguration = AuthorizationConfigurationManager.getInstance();
+ }
+
+ /**
+ * {@inheritDoc} Authorize the user against carbon device mgt model.
+ */
+ @Override
+ public boolean isAuthorizedForTopic(MQTTAuthorizationSubject authorizationSubject, String topic,
+ MQTTAuthoriztionPermissionLevel permissionLevel) {
+ if (isUserAuthorized(authorizationSubject, MQTTAuthorizationConfiguration.getAdminPermission(), UI_EXECUTE)) {
+ return true;
+ }
+ String topics[] = topic.split("/");
+ if (topics.length < 3) {
+ return false;
+ }
+ String tenantIdFromTopic = topics[0];
+ if (!tenantIdFromTopic.equals(authorizationSubject.getTenantDomain())) {
+ return false;
+ }
+ String deviceType = topics[1];
+ String deviceId = topics[2];
+ Object scopeObject = authorizationSubject.getProperties().get(SCOPE_IDENTIFIER);
+
+ if (!deviceId.isEmpty() && !deviceType.isEmpty() && scopeObject != null) {
+ List scopes = (List) scopeObject;
+ String permissionScope = MQTTAuthorizationConfiguration.getMQTTPublisherScopeIdentifier();
+ if (permissionLevel == MQTTAuthoriztionPermissionLevel.SUBSCRIBE) {
+ permissionScope = MQTTAuthorizationConfiguration.getMQTTSubscriberScopeIdentifier();
+ }
+ String requiredScope = MQTTAuthorizationConfiguration.getDevicemgtScopeIdentifier() + ":" + deviceType + ":"
+ + deviceId + ":" + permissionScope;
+ for (String scope : scopes) {
+ if (requiredScope.equals(scope)) {
+ return true;
+ }
+ }
+ }
+ return false;
+ }
+
+ /**
+ * {@inheritDoc} Authorized the user against carbon device mgt model.
+ */
+ @Override
+ public boolean isAuthorizedToConnect(MQTTAuthorizationSubject authorizationSubject) {
+ return isUserAuthorized(authorizationSubject, MQTTAuthorizationConfiguration.getConnectionPermission()
+ , UI_EXECUTE);
+ }
+
+ /**
+ * Check whether the client is authorized with the given permission and action.
+ *
+ * @param authorizationSubject this contains the client information
+ * @param permission Carbon permission that requires for the use
+ * @param action Carbon permission action that requires for the given permission.
+ * @return boolean - true if user is authorized else return false.
+ */
+ private boolean isUserAuthorized(MQTTAuthorizationSubject authorizationSubject, String permission, String action) {
+ String username = authorizationSubject.getUsername();
+ try {
+ PrivilegedCarbonContext.startTenantFlow();
+ PrivilegedCarbonContext.getThreadLocalCarbonContext().setTenantDomain(
+ authorizationSubject.getTenantDomain(), true);
+ int tenantId = PrivilegedCarbonContext.getThreadLocalCarbonContext().getTenantId();
+ UserRealm userRealm = AuthorizationDataHolder.getInstance().getRealmService()
+ .getTenantUserRealm(tenantId);
+ return userRealm != null && userRealm.getAuthorizationManager() != null &&
+ userRealm.getAuthorizationManager().isUserAuthorized(username, permission, action);
+ } catch (UserStoreException e) {
+ String errorMsg = String.format("Unable to authorize the user : %s", username);
+ logger.error(errorMsg, e);
+ return false;
+ } finally {
+ PrivilegedCarbonContext.endTenantFlow();
+ }
+ }
+}
\ No newline at end of file
diff --git a/components/extensions/mb-extensions/org.wso2.carbon.andes.extensions.device.mgt.mqtt.authorization/src/main/java/org/wso2/carbon/andes/extensions/device/mgt/mqtt/authorization/config/AuthorizationConfiguration.java b/components/extensions/mb-extensions/org.wso2.carbon.andes.extensions.device.mgt.mqtt.authorization/src/main/java/org/wso2/carbon/andes/extensions/device/mgt/mqtt/authorization/config/AuthorizationConfiguration.java
new file mode 100644
index 0000000000..1a417a9245
--- /dev/null
+++ b/components/extensions/mb-extensions/org.wso2.carbon.andes.extensions.device.mgt.mqtt.authorization/src/main/java/org/wso2/carbon/andes/extensions/device/mgt/mqtt/authorization/config/AuthorizationConfiguration.java
@@ -0,0 +1,246 @@
+/*
+ * Copyright (c) 2016, WSO2 Inc. (http://www.wso2.org) All Rights Reserved.
+ *
+ * WSO2 Inc. licenses this file to you under the Apache License,
+ * Version 2.0 (the "License"); you may not use this file except
+ * in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing,
+ * software distributed under the License is distributed on an
+ * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+ * KIND, either express or implied. See the License for the
+ * specific language governing permissions and limitations
+ * under the License.
+ */
+
+package org.wso2.carbon.andes.extensions.device.mgt.mqtt.authorization.config;
+
+import org.apache.axiom.om.OMElement;
+import org.apache.axiom.om.impl.builder.StAXOMBuilder;
+import org.apache.axiom.om.xpath.AXIOMXPath;
+import org.apache.commons.configuration.CompositeConfiguration;
+import org.apache.commons.configuration.ConfigurationException;
+import org.apache.commons.configuration.XMLConfiguration;
+import org.apache.commons.configuration.tree.xpath.XPathExpressionEngine;
+import org.apache.commons.lang.StringUtils;
+import org.apache.commons.logging.Log;
+import org.apache.commons.logging.LogFactory;
+import org.jaxen.JaxenException;
+import org.wso2.carbon.andes.extensions.device.mgt.mqtt.authorization.exception.AuthorizationException;
+import org.wso2.carbon.utils.ServerConstants;
+import org.wso2.securevault.SecretResolver;
+import org.wso2.securevault.SecretResolverFactory;
+
+import javax.xml.namespace.QName;
+import javax.xml.stream.XMLStreamException;
+import java.io.File;
+import java.io.FileInputStream;
+import java.io.FileNotFoundException;
+import java.lang.reflect.InvocationTargetException;
+import java.text.MessageFormat;
+import java.util.ArrayList;
+import java.util.Arrays;
+import java.util.Iterator;
+import java.util.List;
+import java.util.concurrent.ConcurrentHashMap;
+
+/**
+ * This class acts as a access point to retrieve config parameters used within the authorization.
+ * this configuration is read from broker.xml
+ */
+public class AuthorizationConfiguration {
+ /**
+ * Reserved Prefixes that activate different processing logic.
+ */
+ private static final String LIST_TYPE = "LIST_";
+ private static final QName SECURE_VAULT_QNAME = new QName("http://org.wso2.securevault/configuration"
+ , "secretAlias");
+ /**
+ * Common Error states
+ */
+ private static final String GENERIC_CONFIGURATION_PARSE_ERROR = "Error occurred when trying to parse " +
+ "configuration value {0}.";
+ private static final String NO_CHILD_FOR_KEY_IN_PROPERTY = "There was no child at the given key {0} for the " +
+ "parent property {1}.";
+ private static final String PROPERTY_NOT_A_LIST = "The input property {0} does not contain a list of child " +
+ "properties.";
+ /**
+ * location to broker.xml
+ */
+ private static final String ROOT_CONFIG_FILE_PATH = System.getProperty(ServerConstants.CARBON_HOME)
+ + "/repository/conf/";
+ /**
+ * File name of the main configuration file.
+ */
+ private static final String ROOT_CONFIG_FILE_NAME = "broker.xml";
+ private static Log log = LogFactory.getLog(AuthorizationConfigurationManager.class);
+ private static CompositeConfiguration compositeConfiguration;
+ /**
+ * This hashmap is used to maintain any properties that were read from broker.xml
+ */
+ private static ConcurrentHashMap propertyList;
+
+ public static void initialize() throws AuthorizationException {
+ String brokerConfigFilePath = ROOT_CONFIG_FILE_PATH + ROOT_CONFIG_FILE_NAME;
+ if (log.isDebugEnabled()) {
+ log.debug("Configuration located at : " + brokerConfigFilePath);
+ }
+ try {
+ compositeConfiguration = new CompositeConfiguration();
+ compositeConfiguration.setDelimiterParsingDisabled(true);
+ XMLConfiguration rootConfiguration = new XMLConfiguration();
+ rootConfiguration.setDelimiterParsingDisabled(true);
+ rootConfiguration.setFileName(brokerConfigFilePath);
+ rootConfiguration.setExpressionEngine(new XPathExpressionEngine());
+ rootConfiguration.load();
+ readConfigurationFromFile(brokerConfigFilePath);
+ compositeConfiguration.addConfiguration(rootConfiguration);
+ } catch (FileNotFoundException e) {
+ String error = "Error occurred when trying to read the configuration file : " + brokerConfigFilePath;
+ log.error(error, e);
+ throw new AuthorizationException(error, e);
+ } catch (JaxenException e) {
+ String error = "Error occurred when trying to process file : " + brokerConfigFilePath;
+ log.error(error, e);
+ throw new AuthorizationException(error, e);
+ } catch (XMLStreamException e) {
+ String error = "Error occurred when trying to process file : " + brokerConfigFilePath;
+ log.error(error, e);
+ throw new AuthorizationException(error, e);
+ } catch (ConfigurationException e) {
+ String error = "Error occurred when trying to process file :" + brokerConfigFilePath;
+ log.error(error, e);
+ throw new AuthorizationException(error, e);
+ }
+ }
+
+
+ private static void readConfigurationFromFile(String filePath) throws FileNotFoundException, JaxenException
+ , XMLStreamException {
+ propertyList = new ConcurrentHashMap();
+ StAXOMBuilder stAXOMBuilder = new StAXOMBuilder(new FileInputStream(new File(filePath)));
+ OMElement dom = stAXOMBuilder.getDocumentElement();
+ SecretResolver secretResolver = SecretResolverFactory.create(dom, false);
+ AXIOMXPath xpathExpression = new AXIOMXPath("//*[@*[local-name() = \'secretAlias\']]");
+ List nodeList = xpathExpression.selectNodes(dom);
+ String propertyKey;
+ String propertyValue;
+ for (Iterator i$ = nodeList.iterator(); i$.hasNext(); propertyList.put(propertyKey, propertyValue)) {
+ Object o = i$.next();
+ propertyKey = ((OMElement) o).getAttributeValue(SECURE_VAULT_QNAME);
+ propertyValue = "";
+ if (secretResolver != null && secretResolver.isInitialized()) {
+ if (secretResolver.isTokenProtected(propertyKey)) {
+ propertyValue = secretResolver.resolve(propertyKey);
+ }
+ } else {
+ log.warn("Error while reading properties form file");
+ }
+ }
+
+ }
+
+ /**
+ * Using this method, you can access a singular property of a child.
+ * example,
+ *
+ * /permission/admin/device-mgt/user
+ * /permission/admin/device-mgt/admin
+ * mqtt-subscriber
+ * mqtt-subscriber
+ * device-mgt
+ * scenario.
+ *
+ * @param configurationProperty relevant enum value (e.g.- above scenario -> org.wso2.carbon.andes.extensions
+ * .device.mgt.mqtt.authorization.config.TRANSPORT_MQTT_AUTHORIZATION_PROPERTIES)
+ * @param key key of the child of whom you seek the value (e.g. above scenario -> "property list")
+ */
+ static T readValueOfChildByKey(MQTTConfiguration configurationProperty, String key) {
+
+ String constructedKey = configurationProperty.get().getKeyInFile().replace("{key}",
+ key);
+ try {
+ return (T) deriveValidConfigurationValue(constructedKey,
+ configurationProperty.get().getDataType(),
+ configurationProperty.get().getDefaultValue());
+ } catch (ConfigurationException e) {
+ log.error(MessageFormat.format(NO_CHILD_FOR_KEY_IN_PROPERTY, key, configurationProperty), e);
+ return null;
+ }
+ }
+
+
+ /**
+ * Use this method when you need to acquire a list of properties of same group.
+ *
+ * @param configurationProperty relevant enum value (e.g.- org.wso2.carbon.andes.extensions
+ * .device.mgt.mqtt.authorization.config.LIST_TRANSPORT_MQTT_AUTHORIZATION_PROPERTIES)
+ * @return String list of required property values
+ */
+ static List readValueList(MQTTConfiguration configurationProperty) {
+
+ if (configurationProperty.toString().startsWith(LIST_TYPE)) {
+ return Arrays.asList(compositeConfiguration.getStringArray(configurationProperty.get().getKeyInFile()));
+ } else {
+ log.error(MessageFormat.format(PROPERTY_NOT_A_LIST, configurationProperty));
+ return new ArrayList<>();
+ }
+ }
+
+
+ /**
+ * Given the data type and the value read from a config, this returns the parsed value
+ * of the property.
+ *
+ * @param key The Key to the property being read (n xpath format as contained in file.)
+ * @param dataType Expected data type of the property
+ * @param defaultValue This parameter should NEVER be null since we assign a default value to
+ * every config property.
+ * @param Expected data type of the property
+ * @return Value of config in the expected data type.
+ * @throws ConfigurationException if there are any configuration issues
+ */
+ private static T deriveValidConfigurationValue(String key, Class dataType,
+ String defaultValue) throws ConfigurationException {
+ if (log.isDebugEnabled()) {
+ log.debug("Reading configuration value " + key);
+ }
+ String readValue = compositeConfiguration.getString(key);
+ String validValue = defaultValue;
+ if (StringUtils.isBlank(readValue)) {
+ log.warn("Error when trying to read property : " + key + ". Switching to " + "default value : " +
+ defaultValue);
+ } else {
+ validValue = overrideWithDecryptedValue(key, readValue);
+ }
+ if (log.isDebugEnabled()) {
+ log.debug("Valid value read for andes configuration property " + key + " is : " + validValue);
+ }
+ try {
+ return dataType.getConstructor(String.class).newInstance(validValue);
+ } catch (NoSuchMethodException | IllegalAccessException | InvocationTargetException | InstantiationException e) {
+ throw new ConfigurationException(MessageFormat.format(GENERIC_CONFIGURATION_PARSE_ERROR, key), e);
+ }
+ }
+
+ /**
+ * If the property is contained in the propertyList, replace the raw value with that value.
+ *
+ * @param keyInFile xpath expression used to extract the value from file.
+ * @param rawValue The value read from the file without any processing.
+ * @return the value with corresponding to actual value.
+ */
+ private static String overrideWithDecryptedValue(String keyInFile, String rawValue) {
+ if (!StringUtils.isBlank(keyInFile)) {
+ String key = keyInFile.replaceAll("/", ".");
+ if (propertyList.containsKey(key)) {
+ return propertyList.get(key);
+ }
+ }
+ return rawValue;
+ }
+}
diff --git a/components/extensions/mb-extensions/org.wso2.carbon.andes.extensions.device.mgt.mqtt.authorization/src/main/java/org/wso2/carbon/andes/extensions/device/mgt/mqtt/authorization/config/AuthorizationConfigurationManager.java b/components/extensions/mb-extensions/org.wso2.carbon.andes.extensions.device.mgt.mqtt.authorization/src/main/java/org/wso2/carbon/andes/extensions/device/mgt/mqtt/authorization/config/AuthorizationConfigurationManager.java
new file mode 100644
index 0000000000..c477af77a6
--- /dev/null
+++ b/components/extensions/mb-extensions/org.wso2.carbon.andes.extensions.device.mgt.mqtt.authorization/src/main/java/org/wso2/carbon/andes/extensions/device/mgt/mqtt/authorization/config/AuthorizationConfigurationManager.java
@@ -0,0 +1,140 @@
+/*
+ * Copyright (c) 2016, WSO2 Inc. (http://www.wso2.org) All Rights Reserved.
+ *
+ * WSO2 Inc. licenses this file to you under the Apache License,
+ * Version 2.0 (the "License"); you may not use this file except
+ * in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing,
+ * software distributed under the License is distributed on an
+ * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+ * KIND, either express or implied. See the License for the
+ * specific language governing permissions and limitations
+ * under the License.
+ */
+
+package org.wso2.carbon.andes.extensions.device.mgt.mqtt.authorization.config;
+
+import org.apache.commons.logging.Log;
+import org.apache.commons.logging.LogFactory;
+
+import java.util.List;
+
+public class AuthorizationConfigurationManager {
+
+ private static final String CONNECTION_PERMISSION = "connectionPermission";
+ private static final String ADMIN_PERMISSION = "adminPermission";
+ private static final String MQTT_PUBLISHER_SCOPE_IDENTIFIER = "MQTTPublisherScopeIdentifier";
+ private static final String MQTT_SUBSCRIBER_SCOPE_IDENTIFIER = "MQTTSubscriberScopeIdentifier";
+ private static final String DEVICE_MGT_SCOPE_IDENTIFIER = "devicemgtScopeIdentifier";
+ private static final AuthorizationConfigurationManager oAuthConfigurationManager
+ = new AuthorizationConfigurationManager();
+ private static Log logger = LogFactory.getLog(AuthorizationConfigurationManager.class);
+ private String connectionPermission;
+ private String adminPermission;
+ private String MQTTPublisherScopeIdentifier;
+ private String MQTTSubscriberScopeIdentifier;
+ private String devicemgtScopeIdentifier;
+
+ private AuthorizationConfigurationManager() {
+
+ }
+
+ public static AuthorizationConfigurationManager getInstance() {
+ return oAuthConfigurationManager;
+ }
+
+ public String getConnectionPermission() {
+ return connectionPermission;
+ }
+
+ public void setConnectionPermission(String connectionPermission) {
+ if (connectionPermission != null) {
+ this.connectionPermission = connectionPermission;
+ } else {
+ logger.error("Connection permission can't be null ");
+ }
+ }
+
+ public String getAdminPermission() {
+ return adminPermission;
+ }
+
+ public void setAdminPermission(String adminPermission) {
+ if (adminPermission != null) {
+ this.adminPermission = adminPermission;
+ } else {
+ logger.error("admin permission can't be null ");
+ }
+ }
+
+ public String getMQTTPublisherScopeIdentifier() {
+ return MQTTPublisherScopeIdentifier;
+ }
+
+ public void setMQTTPublisherScopeIdentifier(String MQTTPublisherScopeIdentifier) {
+ if (MQTTPublisherScopeIdentifier != null) {
+ this.MQTTPublisherScopeIdentifier = MQTTPublisherScopeIdentifier;
+ } else {
+ logger.error("MQTT publisher scope identifier can't be null ");
+ }
+ }
+
+ public String getMQTTSubscriberScopeIdentifier() {
+ return MQTTSubscriberScopeIdentifier;
+ }
+
+ public void setMQTTSubscriberScopeIdentifier(String MQTTSubscriberScopeIdentifier) {
+ if (MQTTSubscriberScopeIdentifier != null) {
+ this.MQTTSubscriberScopeIdentifier = MQTTSubscriberScopeIdentifier;
+ } else {
+ logger.error("MQTT subscriber scope identifier can't be null ");
+ }
+ }
+
+ public String getDevicemgtScopeIdentifier() {
+ return devicemgtScopeIdentifier;
+ }
+
+ public void setDevicemgtScopeIdentifier(String devicemgtScopeIdentifier) {
+ if (devicemgtScopeIdentifier != null) {
+ this.devicemgtScopeIdentifier = devicemgtScopeIdentifier;
+ } else {
+ logger.error("Device management scope identifier can't be null ");
+ }
+ }
+
+ /**
+ * Initialize the configuration properties that required for MQTT Authorization
+ */
+ public synchronized void initConfig() {
+ List mqttTransportAuthorizationProperties = AuthorizationConfiguration.readValueList(MQTTConfiguration
+ .LIST_TRANSPORT_MQTT_AUTHORIZATION_PROPERTIES);
+ for (String property : mqttTransportAuthorizationProperties) {
+ String propertyValue = AuthorizationConfiguration.readValueOfChildByKey(
+ MQTTConfiguration.TRANSPORT_MQTT_AUTHORIZATION_PROPERTIES, property);
+ switch (property) {
+ case CONNECTION_PERMISSION:
+ setConnectionPermission(propertyValue);
+ break;
+ case ADMIN_PERMISSION:
+ setAdminPermission(propertyValue);
+ break;
+ case MQTT_PUBLISHER_SCOPE_IDENTIFIER:
+ setMQTTPublisherScopeIdentifier(propertyValue);
+ break;
+ case MQTT_SUBSCRIBER_SCOPE_IDENTIFIER:
+ setMQTTSubscriberScopeIdentifier(propertyValue);
+ break;
+ case DEVICE_MGT_SCOPE_IDENTIFIER:
+ setDevicemgtScopeIdentifier(propertyValue);
+ break;
+ default:
+ break;
+ }
+ }
+ }
+}
diff --git a/components/extensions/mb-extensions/org.wso2.carbon.andes.extensions.device.mgt.mqtt.authorization/src/main/java/org/wso2/carbon/andes/extensions/device/mgt/mqtt/authorization/config/MQTTConfiguration.java b/components/extensions/mb-extensions/org.wso2.carbon.andes.extensions.device.mgt.mqtt.authorization/src/main/java/org/wso2/carbon/andes/extensions/device/mgt/mqtt/authorization/config/MQTTConfiguration.java
new file mode 100644
index 0000000000..9e56118da6
--- /dev/null
+++ b/components/extensions/mb-extensions/org.wso2.carbon.andes.extensions.device.mgt.mqtt.authorization/src/main/java/org/wso2/carbon/andes/extensions/device/mgt/mqtt/authorization/config/MQTTConfiguration.java
@@ -0,0 +1,62 @@
+/*
+ * Copyright (c) 2016, WSO2 Inc. (http://www.wso2.org) All Rights Reserved.
+ *
+ * WSO2 Inc. licenses this file to you under the Apache License,
+ * Version 2.0 (the "License"); you may not use this file except
+ * in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing,
+ * software distributed under the License is distributed on an
+ * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+ * KIND, either express or implied. See the License for the
+ * specific language governing permissions and limitations
+ * under the License.
+ */
+
+package org.wso2.carbon.andes.extensions.device.mgt.mqtt.authorization.config;
+
+import org.wso2.carbon.andes.extensions.device.mgt.mqtt.authorization.util.ImmutableMetaProperties;
+import org.wso2.carbon.andes.extensions.device.mgt.mqtt.authorization.util.MetaProperties;
+
+import java.util.List;
+
+public enum MQTTConfiguration {
+
+ /**
+ * List of properties that can define how the server will authenticate the user with the authentication service.
+ */
+ LIST_TRANSPORT_MQTT_AUTHORIZATION_PROPERTIES("transports/mqtt/security/authorizer/property/@name", "", List.class),
+
+ /**
+ * This can be used to access a property by giving its key. e.g. hosturl
+ */
+ TRANSPORT_MQTT_AUTHORIZATION_PROPERTIES("transports/mqtt/security/authorizer/property[@name = '{key}']", ""
+ , String.class);
+
+ /**
+ * Meta data about configuration.
+ */
+ private final MetaProperties metaProperties;
+
+ /**
+ * Constructor to define a configuration in broker.
+ *
+ * @param keyInFile Xpath (or any key value) which can be used to identify the configuration in the file.
+ * @param defaultValue the default value
+ * @param dataType data type of the config ( e.g. boolean, string )
+ */
+ MQTTConfiguration(String keyInFile, String defaultValue, Class> dataType) {
+ // We need to pass the enum name as the identifier : therefore this.name()
+ this.metaProperties = new ImmutableMetaProperties(this.name(), keyInFile, defaultValue, dataType);
+ }
+
+ public MetaProperties get() {
+ return metaProperties;
+ }
+
+
+}
+
diff --git a/components/extensions/mb-extensions/org.wso2.carbon.andes.extensions.device.mgt.mqtt.authorization/src/main/java/org/wso2/carbon/andes/extensions/device/mgt/mqtt/authorization/exception/AuthorizationException.java b/components/extensions/mb-extensions/org.wso2.carbon.andes.extensions.device.mgt.mqtt.authorization/src/main/java/org/wso2/carbon/andes/extensions/device/mgt/mqtt/authorization/exception/AuthorizationException.java
new file mode 100644
index 0000000000..4343886350
--- /dev/null
+++ b/components/extensions/mb-extensions/org.wso2.carbon.andes.extensions.device.mgt.mqtt.authorization/src/main/java/org/wso2/carbon/andes/extensions/device/mgt/mqtt/authorization/exception/AuthorizationException.java
@@ -0,0 +1,84 @@
+/*
+ * Copyright (c) 2016, WSO2 Inc. (http://www.wso2.org) All Rights Reserved.
+ *
+ * WSO2 Inc. licenses this file to you under the Apache License,
+ * Version 2.0 (the "License"); you may not use this file except
+ * in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing,
+ * software distributed under the License is distributed on an
+ * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+ * KIND, either express or implied. See the License for the
+ * specific language governing permissions and limitations
+ * under the License.
+ */
+
+package org.wso2.carbon.andes.extensions.device.mgt.mqtt.authorization.exception;
+
+public class AuthorizationException extends Exception {
+ /**
+ * Default Serialization UID
+ */
+ private static final long serialVersionUID = 1L;
+
+ /**
+ * error code for our custom exception type to identify specific scenarios and handle them properly.
+ */
+ private String errorCode = "";
+
+ public AuthorizationException() {
+ }
+
+ public AuthorizationException(String message) {
+ super(message);
+ }
+
+ /***
+ * Constructor
+ * @param message descriptive message
+ * @param errorCode one of the above defined constants that classifies the error.
+ */
+ public AuthorizationException(String message, String errorCode) {
+ super(message);
+ this.errorCode = errorCode;
+ }
+
+ /***
+ * Constructor
+ * @param message descriptive message
+ * @param cause reference to the exception for reference.
+ */
+ public AuthorizationException(String message, Throwable cause) {
+ super(message, cause);
+ }
+
+ /***
+ * Constructor
+ * @param message descriptive message
+ * @param errorCode one of the above defined constants that classifies the error.
+ * @param cause reference to the exception for reference.
+ */
+ public AuthorizationException(String message, String errorCode, Throwable cause) {
+ super(message, cause);
+ this.errorCode = errorCode;
+ }
+
+ /***
+ * Constructor
+ * @param cause reference to the exception for reference.
+ */
+ public AuthorizationException(Throwable cause) {
+ super(cause);
+ }
+
+ /***
+ * One of the above defined constants that classifies the error. e.g.- MESSAGE_CONTENT_OBSOLETE
+ * @return
+ */
+ public String getErrorCode() {
+ return errorCode;
+ }
+}
diff --git a/components/extensions/mb-extensions/org.wso2.carbon.andes.extensions.device.mgt.mqtt.authorization/src/main/java/org/wso2/carbon/andes/extensions/device/mgt/mqtt/authorization/internal/AuthorizationDataHolder.java b/components/extensions/mb-extensions/org.wso2.carbon.andes.extensions.device.mgt.mqtt.authorization/src/main/java/org/wso2/carbon/andes/extensions/device/mgt/mqtt/authorization/internal/AuthorizationDataHolder.java
new file mode 100644
index 0000000000..f36ac6d458
--- /dev/null
+++ b/components/extensions/mb-extensions/org.wso2.carbon.andes.extensions.device.mgt.mqtt.authorization/src/main/java/org/wso2/carbon/andes/extensions/device/mgt/mqtt/authorization/internal/AuthorizationDataHolder.java
@@ -0,0 +1,57 @@
+/*
+ * Copyright (c) 2016, WSO2 Inc. (http://www.wso2.org) All Rights Reserved.
+ *
+ * WSO2 Inc. licenses this file to you under the Apache License,
+ * Version 2.0 (the "License"); you may not use this file except
+ * in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing,
+ * software distributed under the License is distributed on an
+ * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+ * KIND, either express or implied. See the License for the
+ * specific language governing permissions and limitations
+ * under the License.
+ */
+
+package org.wso2.carbon.andes.extensions.device.mgt.mqtt.authorization.internal;
+
+import org.wso2.carbon.user.core.service.RealmService;
+import org.wso2.carbon.user.core.tenant.TenantManager;
+
+public class AuthorizationDataHolder {
+
+ private static AuthorizationDataHolder thisInstance = new AuthorizationDataHolder();
+ private RealmService realmService;
+ private TenantManager tenantManager;
+
+ private AuthorizationDataHolder() {
+ }
+
+ public static AuthorizationDataHolder getInstance() {
+ return thisInstance;
+ }
+
+ public RealmService getRealmService() {
+ return realmService;
+ }
+
+ public void setRealmService(RealmService realmService) {
+ this.realmService = realmService;
+ this.setTenantManager(realmService);
+ }
+
+ public TenantManager getTenantManager() {
+ return tenantManager;
+ }
+
+ private void setTenantManager(RealmService realmService) {
+ if (realmService == null) {
+ throw new IllegalStateException("Realm service is not initialized properly");
+ }
+ this.tenantManager = realmService.getTenantManager();
+ }
+
+}
diff --git a/components/extensions/mb-extensions/org.wso2.carbon.andes.extensions.device.mgt.mqtt.authorization/src/main/java/org/wso2/carbon/andes/extensions/device/mgt/mqtt/authorization/internal/AuthorizationServiceComponent.java b/components/extensions/mb-extensions/org.wso2.carbon.andes.extensions.device.mgt.mqtt.authorization/src/main/java/org/wso2/carbon/andes/extensions/device/mgt/mqtt/authorization/internal/AuthorizationServiceComponent.java
new file mode 100644
index 0000000000..7a72d5969a
--- /dev/null
+++ b/components/extensions/mb-extensions/org.wso2.carbon.andes.extensions.device.mgt.mqtt.authorization/src/main/java/org/wso2/carbon/andes/extensions/device/mgt/mqtt/authorization/internal/AuthorizationServiceComponent.java
@@ -0,0 +1,81 @@
+/*
+ * Copyright (c) 2016, WSO2 Inc. (http://www.wso2.org) All Rights Reserved.
+ *
+ * WSO2 Inc. licenses this file to you under the Apache License,
+ * Version 2.0 (the "License"); you may not use this file except
+ * in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing,
+ * software distributed under the License is distributed on an
+ * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+ * KIND, either express or implied. See the License for the
+ * specific language governing permissions and limitations
+ * under the License.
+ */
+
+package org.wso2.carbon.andes.extensions.device.mgt.mqtt.authorization.internal;
+
+import org.apache.commons.logging.Log;
+import org.apache.commons.logging.LogFactory;
+import org.osgi.service.component.ComponentContext;
+import org.wso2.carbon.andes.extensions.device.mgt.mqtt.authorization.config.AuthorizationConfiguration;
+import org.wso2.carbon.andes.extensions.device.mgt.mqtt.authorization.config.AuthorizationConfigurationManager;
+import org.wso2.carbon.user.core.service.RealmService;
+
+/**
+ * @scr.component name="org.wso2.carbon.devicemgt.policy.manager" immediate="true"
+ * @scr.reference name="user.realmservice.default"
+ * interface="org.wso2.carbon.user.core.service.RealmService"
+ * cardinality="1..1"
+ * policy="dynamic"
+ * bind="setRealmService"
+ * unbind="unsetRealmService"
+ */
+@SuppressWarnings("unused")
+public class AuthorizationServiceComponent {
+
+ private static Log log = LogFactory.getLog(AuthorizationServiceComponent.class);
+
+ protected void activate(ComponentContext componentContext) {
+ try {
+ AuthorizationConfiguration.initialize();
+ AuthorizationConfigurationManager.getInstance().initConfig();
+ } catch (Throwable e) {
+ log.error("Failed to activate org.wso2.carbon.andes.authorization.internal." +
+ "AuthorizationServiceComponent : " + e);
+ }
+ }
+
+ @SuppressWarnings("unused")
+ protected void deactivate(ComponentContext componentContext) {
+
+ }
+
+ /**
+ * Sets Realm Service
+ *
+ * @param realmService An instance of RealmService
+ */
+ protected void setRealmService(RealmService realmService) {
+ if (log.isDebugEnabled()) {
+ log.debug("Setting Realm Service");
+ }
+ AuthorizationDataHolder.getInstance().setRealmService(realmService);
+ }
+
+ /**
+ * Unsets Realm Service
+ *
+ * @param realmService An instance of RealmService
+ */
+ protected void unsetRealmService(RealmService realmService) {
+ if (log.isDebugEnabled()) {
+ log.debug("Unsetting Realm Service");
+ }
+ AuthorizationDataHolder.getInstance().setRealmService(null);
+ }
+
+}
diff --git a/components/extensions/mb-extensions/org.wso2.carbon.andes.extensions.device.mgt.mqtt.authorization/src/main/java/org/wso2/carbon/andes/extensions/device/mgt/mqtt/authorization/util/ImmutableMetaProperties.java b/components/extensions/mb-extensions/org.wso2.carbon.andes.extensions.device.mgt.mqtt.authorization/src/main/java/org/wso2/carbon/andes/extensions/device/mgt/mqtt/authorization/util/ImmutableMetaProperties.java
new file mode 100644
index 0000000000..5ff2b92dab
--- /dev/null
+++ b/components/extensions/mb-extensions/org.wso2.carbon.andes.extensions.device.mgt.mqtt.authorization/src/main/java/org/wso2/carbon/andes/extensions/device/mgt/mqtt/authorization/util/ImmutableMetaProperties.java
@@ -0,0 +1,86 @@
+/*
+ * Copyright (c) 2016, WSO2 Inc. (http://www.wso2.org) All Rights Reserved.
+ *
+ * WSO2 Inc. licenses this file to you under the Apache License,
+ * Version 2.0 (the "License"); you may not use this file except
+ * in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing,
+ * software distributed under the License is distributed on an
+ * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+ * KIND, either express or implied. See the License for the
+ * specific language governing permissions and limitations
+ * under the License.
+ */
+
+package org.wso2.carbon.andes.extensions.device.mgt.mqtt.authorization.util;
+
+/**
+ * This class contains the immutable meta attributes of a config property. These are
+ * immutable so that enums can contain them.
+ */
+public final class ImmutableMetaProperties implements MetaProperties {
+
+ private final String keyInFile;
+ private final String defaultValue;
+ private final Class> dataType;
+ private final String name;
+
+ /**
+ * constructor
+ *
+ * @param keyInFile xpath expression to the property in the config file
+ * @param defaultValue default value of property in case its not specified or found in config files.
+ * @param dataType expected data type of the property
+ */
+ public ImmutableMetaProperties(String name, String keyInFile, String defaultValue, Class> dataType) {
+ this.name = name;
+ this.keyInFile = keyInFile;
+ this.defaultValue = defaultValue;
+ this.dataType = dataType;
+ }
+
+ /**
+ * {@inheritDoc}
+ */
+ @Override
+ public String getKeyInFile() {
+ return keyInFile;
+ }
+
+ /**
+ * {@inheritDoc}
+ */
+ @Override
+ public String getDefaultValue() {
+ return defaultValue;
+ }
+
+ /**
+ * {@inheritDoc}
+ */
+ @Override
+ public Class> getDataType() {
+ return dataType;
+ }
+
+ /**
+ * {@inheritDoc}
+ */
+ @Override
+ public String getName() {
+ return name;
+ }
+
+ /**
+ * {@inheritDoc}
+ */
+ @Override
+ public String toString() {
+ return "Property : " + keyInFile + " data-type : " + dataType.getName() + " default value" +
+ " : " + defaultValue;
+ }
+}
diff --git a/components/extensions/mb-extensions/org.wso2.carbon.andes.extensions.device.mgt.mqtt.authorization/src/main/java/org/wso2/carbon/andes/extensions/device/mgt/mqtt/authorization/util/MetaProperties.java b/components/extensions/mb-extensions/org.wso2.carbon.andes.extensions.device.mgt.mqtt.authorization/src/main/java/org/wso2/carbon/andes/extensions/device/mgt/mqtt/authorization/util/MetaProperties.java
new file mode 100644
index 0000000000..003dcd12f2
--- /dev/null
+++ b/components/extensions/mb-extensions/org.wso2.carbon.andes.extensions.device.mgt.mqtt.authorization/src/main/java/org/wso2/carbon/andes/extensions/device/mgt/mqtt/authorization/util/MetaProperties.java
@@ -0,0 +1,48 @@
+/*
+ * Copyright (c) 2016, WSO2 Inc. (http://www.wso2.org) All Rights Reserved.
+ *
+ * WSO2 Inc. licenses this file to you under the Apache License,
+ * Version 2.0 (the "License"); you may not use this file except
+ * in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing,
+ * software distributed under the License is distributed on an
+ * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+ * KIND, either express or implied. See the License for the
+ * specific language governing permissions and limitations
+ * under the License.
+ */
+
+package org.wso2.carbon.andes.extensions.device.mgt.mqtt.authorization.util;
+
+/**
+ * Contains methods that should be implemented to access meta properties of a config
+ * property.
+ */
+public interface MetaProperties {
+
+ /**
+ * @return actual key with which the property is set in relevant config file.
+ */
+ String getKeyInFile();
+
+ /**
+ * @return Default value specified for the config property,
+ * in case it is not set in file.
+ */
+ String getDefaultValue();
+
+ /**
+ * @return Datatype of the property. (There could be numeric,date or boolean values.)
+ */
+ Class> getDataType();
+
+ /**
+ * @return Name of the property (e.g. TRANSPORTS_AMQP_DEFAULT_CONNECTION_PORT)
+ */
+ String getName();
+
+}
diff --git a/components/extensions/mb-extensions/pom.xml b/components/extensions/mb-extensions/pom.xml
new file mode 100644
index 0000000000..eb13c05718
--- /dev/null
+++ b/components/extensions/mb-extensions/pom.xml
@@ -0,0 +1,58 @@
+
+
+
+
+
+
+ org.wso2.carbon.devicemgt-plugins
+ extensions
+ 2.2.6-SNAPSHOT
+ ../pom.xml
+
+
+ 4.0.0
+ mb-extensions
+ pom
+ WSO2 Carbon - MB Extension
+ http://wso2.org
+
+
+ org.wso2.carbon.andes.extensions.device.mgt.mqtt.authorization
+
+
+
+
+
+
+ org.apache.felix
+ maven-scr-plugin
+ 1.7.2
+
+
+ generate-scr-scrdescriptor
+
+ scr
+
+
+
+
+
+
+
+
diff --git a/components/extensions/pom.xml b/components/extensions/pom.xml
index b8d2076d76..1e3c2c3d4b 100644
--- a/components/extensions/pom.xml
+++ b/components/extensions/pom.xml
@@ -35,6 +35,7 @@
appm-connector
cdmf-transport-adapters
+ mb-extensions
diff --git a/features/device-types-feature/androidsense-plugin-feature/org.wso2.carbon.device.mgt.iot.androidsense.feature/src/main/resources/devicetypes/android_sense.xml b/features/device-types-feature/androidsense-plugin-feature/org.wso2.carbon.device.mgt.iot.androidsense.feature/src/main/resources/devicetypes/android_sense.xml
index 3a0eafe7ff..c4e70a7684 100644
--- a/features/device-types-feature/androidsense-plugin-feature/org.wso2.carbon.device.mgt.iot.androidsense.feature/src/main/resources/devicetypes/android_sense.xml
+++ b/features/device-types-feature/androidsense-plugin-feature/org.wso2.carbon.device.mgt.iot.androidsense.feature/src/main/resources/devicetypes/android_sense.xml
@@ -57,7 +57,7 @@
androidsense.mqtt.adapter
- tcp://localhost:1883
+ tcp://localhost:1886
admin
https://localhost:9443/dynamic-client-web/register
0
diff --git a/features/device-types-feature/raspberrypi-plugin-feature/org.wso2.carbon.device.mgt.iot.raspberrypi.feature/src/main/resources/devicetypes/raspberrypi.xml b/features/device-types-feature/raspberrypi-plugin-feature/org.wso2.carbon.device.mgt.iot.raspberrypi.feature/src/main/resources/devicetypes/raspberrypi.xml
index d9fcb23ab7..5829b24d65 100644
--- a/features/device-types-feature/raspberrypi-plugin-feature/org.wso2.carbon.device.mgt.iot.raspberrypi.feature/src/main/resources/devicetypes/raspberrypi.xml
+++ b/features/device-types-feature/raspberrypi-plugin-feature/org.wso2.carbon.device.mgt.iot.raspberrypi.feature/src/main/resources/devicetypes/raspberrypi.xml
@@ -39,7 +39,7 @@
raspberrypi.mqtt.adapter
- tcp://localhost:1883
+ tcp://localhost:1886
admin
https://localhost:9443/dynamic-client-web/register
0
diff --git a/features/device-types-feature/virtual-fire-alarm-plugin-feature/org.wso2.carbon.device.mgt.iot.virtualfirealarm.feature/src/main/resources/conf/virtual_firealarm.xml b/features/device-types-feature/virtual-fire-alarm-plugin-feature/org.wso2.carbon.device.mgt.iot.virtualfirealarm.feature/src/main/resources/conf/virtual_firealarm.xml
index 6481df82cd..9cef7c1387 100644
--- a/features/device-types-feature/virtual-fire-alarm-plugin-feature/org.wso2.carbon.device.mgt.iot.virtualfirealarm.feature/src/main/resources/conf/virtual_firealarm.xml
+++ b/features/device-types-feature/virtual-fire-alarm-plugin-feature/org.wso2.carbon.device.mgt.iot.virtualfirealarm.feature/src/main/resources/conf/virtual_firealarm.xml
@@ -23,7 +23,7 @@
MQTT
virtualfirealarm.mqtt.adapter
- tcp://localhost:1883
+ tcp://localhost:1886
admin
https://localhost:9443/dynamic-client-web/register
0
diff --git a/features/device-types-feature/virtual-fire-alarm-plugin-feature/org.wso2.carbon.device.mgt.iot.virtualfirealarm.feature/src/main/resources/devicetypes/virtual_firealarm.xml b/features/device-types-feature/virtual-fire-alarm-plugin-feature/org.wso2.carbon.device.mgt.iot.virtualfirealarm.feature/src/main/resources/devicetypes/virtual_firealarm.xml
index d95c194bf5..a92d4e0c1d 100644
--- a/features/device-types-feature/virtual-fire-alarm-plugin-feature/org.wso2.carbon.device.mgt.iot.virtualfirealarm.feature/src/main/resources/devicetypes/virtual_firealarm.xml
+++ b/features/device-types-feature/virtual-fire-alarm-plugin-feature/org.wso2.carbon.device.mgt.iot.virtualfirealarm.feature/src/main/resources/devicetypes/virtual_firealarm.xml
@@ -39,7 +39,7 @@
virtualfirealarm.mqtt.adapter
- tcp://localhost:1883
+ tcp://localhost:1886
admin
https://localhost:9443/dynamic-client-web/register
0
diff --git a/features/extensions-feature/org.wso2.carbon.andes.extensions.device.mgt.mqtt.authorization.feature/pom.xml b/features/extensions-feature/org.wso2.carbon.andes.extensions.device.mgt.mqtt.authorization.feature/pom.xml
new file mode 100644
index 0000000000..d3118d5f2f
--- /dev/null
+++ b/features/extensions-feature/org.wso2.carbon.andes.extensions.device.mgt.mqtt.authorization.feature/pom.xml
@@ -0,0 +1,79 @@
+
+
+
+
+
+
+
+ org.wso2.carbon.devicemgt-plugins
+ extensions-feature
+ 2.2.6-SNAPSHOT
+ ../pom.xml
+
+
+ 4.0.0
+ org.wso2.carbon.andes.extensions.device.mgt.mqtt.authorization.feature
+ pom
+ WSO2 Carbon - MQTT Authorization Feature
+ http://wso2.org
+ This feature contains the bundles required for mqtt authorization
+
+
+
+ org.wso2.carbon.devicemgt-plugins
+ org.wso2.carbon.andes.extensions.device.mgt.mqtt.authorization
+
+
+
+
+
+ org.wso2.maven
+ carbon-p2-plugin
+ ${carbon.p2.plugin.version}
+
+
+ 4-p2-feature-generation
+ package
+
+ p2-feature-gen
+
+
+ org.wso2.carbon.andes.extensions.device.mgt.mqtt.authorization
+ ../../etc/feature.properties
+
+
+ org.wso2.carbon.p2.category.type:server
+ org.eclipse.equinox.p2.type.group:true
+
+
+
+
+ org.wso2.carbon.devicemgt-plugins:org.wso2.carbon.andes.extensions.device.mgt.mqtt.authorization:${carbon.devicemgt.plugins.version}
+
+
+
+ org.wso2.carbon.core.server:4.4.9
+
+
+
+
+
+
+
+
diff --git a/features/extensions-feature/org.wso2.carbon.andes.extensions.device.mgt.mqtt.authorization.feature/src/main/resources/build.properties b/features/extensions-feature/org.wso2.carbon.andes.extensions.device.mgt.mqtt.authorization.feature/src/main/resources/build.properties
new file mode 100644
index 0000000000..ddedd58dc4
--- /dev/null
+++ b/features/extensions-feature/org.wso2.carbon.andes.extensions.device.mgt.mqtt.authorization.feature/src/main/resources/build.properties
@@ -0,0 +1,19 @@
+#
+# Copyright (c) 2005-2014, WSO2 Inc. (http://www.wso2.org) All Rights Reserved.
+#
+# WSO2 Inc. licenses this file to you under the Apache License,
+# Version 2.0 (the "License"); you may not use this file except
+# in compliance with the License.
+# You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing,
+# software distributed under the License is distributed on an
+# "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+# KIND, either express or implied. See the License for the
+# specific language governing permissions and limitations
+# under the License.
+#
+
+custom = true
diff --git a/features/extensions-feature/org.wso2.carbon.andes.extensions.device.mgt.mqtt.authorization.feature/src/main/resources/p2.inf b/features/extensions-feature/org.wso2.carbon.andes.extensions.device.mgt.mqtt.authorization.feature/src/main/resources/p2.inf
new file mode 100644
index 0000000000..7ab37b9d7d
--- /dev/null
+++ b/features/extensions-feature/org.wso2.carbon.andes.extensions.device.mgt.mqtt.authorization.feature/src/main/resources/p2.inf
@@ -0,0 +1 @@
+instructions.configure = \
\ No newline at end of file
diff --git a/features/extensions-feature/pom.xml b/features/extensions-feature/pom.xml
index dd2de92bbd..8b3e4aed41 100644
--- a/features/extensions-feature/pom.xml
+++ b/features/extensions-feature/pom.xml
@@ -36,6 +36,7 @@
org.wso2.carbon.appmgt.mdm.osgiconnector.feature
org.wso2.carbon.device.mgt.adapter.feature
+ org.wso2.carbon.andes.extensions.device.mgt.mqtt.authorization.feature
diff --git a/pom.xml b/pom.xml
index 248afa466b..27724bdbbf 100644
--- a/pom.xml
+++ b/pom.xml
@@ -1139,6 +1139,22 @@
org.wso2.carbon.apimgt.keymgt.client
${carbon.api.mgt.version}
+
+
+ org.wso2.andes.wso2
+ andes
+ ${carbon.messaging.version}
+
+
+ org.wso2.carbon.devicemgt-plugins
+ org.wso2.carbon.andes.extensions.device.mgt.mqtt.authorization
+ ${carbon.devicemgt.plugins.version}
+
+
+ commons-lang
+ commons-lang
+ ${commons.lang.version}
+
@@ -1245,6 +1261,7 @@
1.0.8
1.8
0.9.1
+ 2.2
3.1.0.wso2v2
@@ -1297,6 +1314,9 @@
5.0.2.Final
[0.0.0,1.0.0)
+
+
+ 3.1.11