shamalka 1 year ago
commit df14fbab07

@ -732,18 +732,17 @@ public class APIPublisherServiceImpl implements APIPublisherService {
} }
private void updatePermissions(String role, List<String> permissions) throws UserStoreException { private void updatePermissions(String role, List<String> permissions) throws UserStoreException {
if (role == null || permissions == null) return;
AuthorizationManager authorizationManager = APIPublisherDataHolder.getInstance().getUserRealm() AuthorizationManager authorizationManager = APIPublisherDataHolder.getInstance().getUserRealm()
.getAuthorizationManager(); .getAuthorizationManager();
if (log.isDebugEnabled()) { if (log.isDebugEnabled()) {
log.debug("Updating the role '" + role + "'"); log.debug("Updating the role '" + role + "'");
} }
if (permissions != null && !permissions.isEmpty()) {
authorizationManager.clearRoleAuthorization(role); authorizationManager.clearRoleAuthorization(role);
for (String permission : permissions) { for (String permission : permissions) {
authorizationManager.authorizeRole(role, permission, CarbonConstants.UI_PERMISSION_ACTION); authorizationManager.authorizeRole(role, permission, CarbonConstants.UI_PERMISSION_ACTION);
} }
} }
}
private void addRole(String role) throws UserStoreException { private void addRole(String role) throws UserStoreException {
UserStoreManager userStoreManager = APIPublisherDataHolder.getInstance().getUserStoreManager(); UserStoreManager userStoreManager = APIPublisherDataHolder.getInstance().getUserStoreManager();

@ -0,0 +1,230 @@
<?xml version="1.0" encoding="UTF-8"?>
<!--
~ Copyright (c) 2018 - 2023, Entgra (Pvt) Ltd. (http://www.entgra.io) All Rights Reserved.
~
~ Entgra (Pvt) Ltd. licenses this file to you under the Apache License,
~ Version 2.0 (the "License"); you may not use this file except
~ in compliance with the License.
~ You may obtain a copy of the License at
~
~ http://www.apache.org/licenses/LICENSE-2.0
~
~ Unless required by applicable law or agreed to in writing,
~ software distributed under the License is distributed on an
~ "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
~ KIND, either express or implied. See the License for the
~ specific language governing permissions and limitations
~ under the License.
-->
<project xmlns="http://maven.apache.org/POM/4.0.0" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xsi:schemaLocation="http://maven.apache.org/POM/4.0.0 http://maven.apache.org/xsd/maven-4.0.0.xsd">
<parent>
<artifactId>device-mgt-extensions</artifactId>
<groupId>io.entgra.device.mgt.core</groupId>
<version>5.0.31-SNAPSHOT</version>
<relativePath>../pom.xml</relativePath>
</parent>
<modelVersion>4.0.0</modelVersion>
<artifactId>io.entgra.device.mgt.core.device.mgt.extensions.userstore.role.mapper</artifactId>
<packaging>bundle</packaging>
<name>Entgra IoT - User store role mapping Module</name>
<description>Entgra IoT - User store role mapping Module</description>
<url>http://entgra.io</url>
<build>
<plugins>
<plugin>
<groupId>org.apache.felix</groupId>
<artifactId>maven-scr-plugin</artifactId>
</plugin>
<plugin>
<artifactId>maven-compiler-plugin</artifactId>
<configuration>
<source>1.8</source>
<target>1.8</target>
</configuration>
<version>2.3.2</version>
</plugin>
<plugin>
<groupId>org.apache.felix</groupId>
<artifactId>maven-bundle-plugin</artifactId>
<version>1.4.0</version>
<extensions>true</extensions>
<configuration>
<instructions>
<Bundle-SymbolicName>${project.artifactId}</Bundle-SymbolicName>
<Bundle-Name>${project.artifactId}</Bundle-Name>
<Bundle-Version>${io.entgra.device.mgt.core.version}</Bundle-Version>
<Bundle-Description>IOT - User store role mapping Module</Bundle-Description>
<Private-Package>io.entgra.device.mgt.core.device.mgt.extensions.userstore.role.mapper.internal</Private-Package>
<Import-Package>
org.osgi.framework.*;version="${imp.package.version.osgi.framework}",
org.osgi.service.*;version="${imp.package.version.osgi.service}",
org.apache.commons.logging,
org.apache.axis2.*;version="${axis2.osgi.version.range}",
org.wso2.carbon.core,
org.wso2.carbon.utils.*,
javax.xml.bind;resolution:=optional,
javax.xml.bind.annotation,
javax.xml.parsers,
org.w3c.dom,
org.wso2.carbon,
org.wso2.carbon.context,
org.wso2.carbon.user.api,
org.wso2.carbon.user.core.common,
org.wso2.carbon.user.core.service,
org.wso2.carbon.user.mgt.common,
io.entgra.device.mgt.core.server.bootup.heartbeat.beacon.service,
io.entgra.device.mgt.core.server.bootup.heartbeat.beacon.exception
</Import-Package>
<Export-Package>
!io.entgra.device.mgt.core.device.mgt.extensions.userstore.role.mapper.internal,
io.entgra.device.mgt.core.device.mgt.extensions.userstore.role.mapper.*;version="${project.version}"
</Export-Package>
</instructions>
</configuration>
</plugin>
<plugin>
<groupId>org.jacoco</groupId>
<artifactId>jacoco-maven-plugin</artifactId>
<configuration>
<destFile>${basedir}/target/coverage-reports/jacoco-unit.exec</destFile>
</configuration>
<executions>
<execution>
<id>jacoco-initialize</id>
<goals>
<goal>prepare-agent</goal>
</goals>
</execution>
<execution>
<id>jacoco-site</id>
<phase>test</phase>
<goals>
<goal>report</goal>
</goals>
<configuration>
<dataFile>${basedir}/target/coverage-reports/jacoco-unit.exec</dataFile>
<outputDirectory>${basedir}/target/coverage-reports/site</outputDirectory>
</configuration>
</execution>
</executions>
</plugin>
<!-- <plugin>-->
<!-- <groupId>org.apache.maven.plugins</groupId>-->
<!-- <artifactId>maven-surefire-plugin</artifactId>-->
<!-- <configuration>-->
<!-- <systemPropertyVariables>-->
<!-- <log4j.configuration>file:src/test/resources/carbon-home/repository/conf/log4j.properties-->
<!-- </log4j.configuration>-->
<!-- </systemPropertyVariables>-->
<!-- <suiteXmlFiles>-->
<!-- <file>src/test/resources/testng.xml</file>-->
<!-- </suiteXmlFiles>-->
<!-- </configuration>-->
<!-- </plugin>-->
</plugins>
</build>
<dependencies>
<dependency>
<groupId>org.eclipse.osgi</groupId>
<artifactId>org.eclipse.osgi</artifactId>
</dependency>
<dependency>
<groupId>org.eclipse.osgi</groupId>
<artifactId>org.eclipse.osgi.services</artifactId>
</dependency>
<dependency>
<groupId>org.wso2.carbon</groupId>
<artifactId>org.wso2.carbon.core</artifactId>
</dependency>
<dependency>
<groupId>org.wso2.carbon</groupId>
<artifactId>org.wso2.carbon.logging</artifactId>
</dependency>
<dependency>
<groupId>org.wso2.carbon</groupId>
<artifactId>org.wso2.carbon.utils</artifactId>
<scope>provided</scope>
</dependency>
<dependency>
<groupId>org.wso2.carbon</groupId>
<artifactId>org.wso2.carbon.user.api</artifactId>
<scope>provided</scope>
</dependency>
<dependency>
<groupId>org.wso2.carbon</groupId>
<artifactId>org.wso2.carbon.user.core</artifactId>
<scope>provided</scope>
</dependency>
<dependency>
<groupId>org.wso2.carbon.identity.framework</groupId>
<artifactId>org.wso2.carbon.user.mgt</artifactId>
<scope>provided</scope>
</dependency>
<dependency>
<groupId>org.mockito</groupId>
<artifactId>mockito-inline</artifactId>
<scope>test</scope>
</dependency>
<dependency>
<groupId>org.testng</groupId>
<artifactId>testng</artifactId>
<scope>test</scope>
</dependency>
<dependency>
<groupId>org.wso2.orbit.com.h2database</groupId>
<artifactId>h2</artifactId>
<scope>test</scope>
</dependency>
<dependency>
<groupId>org.apache.httpcomponents.wso2</groupId>
<artifactId>httpcore</artifactId>
<scope>test</scope>
</dependency>
<dependency>
<groupId>org.wso2.apache.httpcomponents</groupId>
<artifactId>httpclient</artifactId>
<scope>test</scope>
</dependency>
<dependency>
<groupId>org.wso2.carbon</groupId>
<artifactId>org.wso2.carbon.securevault</artifactId>
<!--<version>${carbon.kernel.version}</version>-->
<scope>test</scope>
</dependency>
<dependency>
<groupId>org.wso2.securevault</groupId>
<artifactId>org.wso2.securevault</artifactId>
<scope>test</scope>
</dependency>
<dependency>
<groupId>xerces.wso2</groupId>
<artifactId>xercesImpl</artifactId>
<scope>test</scope>
</dependency>
<dependency>
<groupId>org.apache.axis2.wso2</groupId>
<artifactId>axis2</artifactId>
<scope>test</scope>
</dependency>
<dependency>
<groupId>org.wso2.carbon</groupId>
<artifactId>org.wso2.carbon.queuing</artifactId>
<scope>test</scope>
</dependency>
<dependency>
<groupId>javax.xml.bind</groupId>
<artifactId>jaxb-api</artifactId>
<scope>test</scope>
</dependency>
<dependency>
<groupId>io.entgra.device.mgt.core</groupId>
<artifactId>io.entgra.device.mgt.core.server.bootup.heartbeat.beacon</artifactId>
<scope>provided</scope>
</dependency>
</dependencies>
</project>

@ -0,0 +1,139 @@
/*
* Copyright (c) 2018 - 2023, Entgra (Pvt) Ltd. (http://www.entgra.io) All Rights Reserved.
*
* Entgra (Pvt) Ltd. licenses this file to you under the Apache License,
* Version 2.0 (the "License"); you may not use this file except
* in compliance with the License.
* You may obtain a copy of the License at
*
* http://www.apache.org/licenses/LICENSE-2.0
*
* Unless required by applicable law or agreed to in writing,
* software distributed under the License is distributed on an
* "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
* KIND, either express or implied. See the License for the
* specific language governing permissions and limitations
* under the License.
*/
package io.entgra.device.mgt.core.device.mgt.extensions.userstore.role.mapper;
import io.entgra.device.mgt.core.device.mgt.extensions.userstore.role.mapper.bean.RoleMapping;
import io.entgra.device.mgt.core.device.mgt.extensions.userstore.role.mapper.bean.UserStoreRoleMappingConfig;
import io.entgra.device.mgt.core.device.mgt.extensions.userstore.role.mapper.internal.UserStoreRoleMappingDataHolder;
import io.entgra.device.mgt.core.server.bootup.heartbeat.beacon.exception.HeartBeatManagementException;
import org.apache.commons.logging.Log;
import org.apache.commons.logging.LogFactory;
import org.wso2.carbon.context.PrivilegedCarbonContext;
import org.wso2.carbon.core.ServerStartupObserver;
import org.wso2.carbon.user.api.UserStoreException;
import org.wso2.carbon.user.api.UserStoreManager;
import org.wso2.carbon.utils.multitenancy.MultitenantConstants;
import java.util.ArrayList;
import java.util.Arrays;
import java.util.List;
import java.util.concurrent.Executors;
import java.util.concurrent.ScheduledExecutorService;
import java.util.concurrent.TimeUnit;
public class UserStoreRoleMapper implements ServerStartupObserver {
private static final Log log = LogFactory.getLog(UserStoreRoleMapper.class);
private UserStoreRoleMappingConfig config = null;
@Override
public void completingServerStartup() {
}
@Override
public void completedServerStartup() {
config = UserStoreRoleMappingDataHolder.getInstance()
.getUserStoreRoleMappingConfigManager().getUserStoreRoleMappingConfig();
try {
if ((config.isEnabled() &&
UserStoreRoleMappingDataHolder.getInstance().getHeartBeatService().isTaskPartitioningEnabled() &&
UserStoreRoleMappingDataHolder.getInstance().getHeartBeatService().isQualifiedToExecuteTask())
|| (config.isEnabled() &&
!UserStoreRoleMappingDataHolder.getInstance().getHeartBeatService().isTaskPartitioningEnabled())) {
Runnable periodicTask = new Runnable() {
public void run() {
updateRoleMapping();
log.info("UserStoreRoleMapper executed....");
}
};
ScheduledExecutorService executor =
Executors.newSingleThreadScheduledExecutor();
executor.scheduleAtFixedRate(periodicTask, config.getInitialDelayInSeconds(), config.getPeriodInSeconds(), TimeUnit.SECONDS);
}
} catch (HeartBeatManagementException e) {
log.error("Error while accessing heart beat service " + e.getMessage());
}
}
private void updateRoleMapping() {
try {
PrivilegedCarbonContext.startTenantFlow();
PrivilegedCarbonContext.getThreadLocalCarbonContext().setTenantId(
MultitenantConstants.SUPER_TENANT_ID);
PrivilegedCarbonContext.getThreadLocalCarbonContext().setTenantDomain(
MultitenantConstants.SUPER_TENANT_DOMAIN_NAME);
List<RoleMapping> roleMappings = config.getMappings();
if (!roleMappings.isEmpty()) {
UserStoreManager userStoreManager =
UserStoreRoleMappingDataHolder.getInstance().getRealmService()
.getTenantUserRealm(MultitenantConstants.SUPER_TENANT_ID).getUserStoreManager();
for (RoleMapping mapping : roleMappings) {
if (userStoreManager.isExistingRole(mapping.getSecondaryRole())) {
String[] users = userStoreManager.getUserListOfRole(mapping.getSecondaryRole());
if (users != null && users.length > 0) {
List<String> primaryRoles = mapping.getInternalRoles();
for (String role : primaryRoles) {
if (userStoreManager.isExistingRole(role)) {
String[] existingUsers = userStoreManager.getUserListOfRole(role);
List<String> existingUserList = new ArrayList<>(Arrays.asList(existingUsers));
List<String> newUserList = new ArrayList<>();
for (String user : users) {
if (existingUserList.contains(user)) {
// if contains, remove from existing list
existingUserList.remove(user);
} else {
// new user
newUserList.add(user);
}
}
List<String> deleteUserList = new ArrayList<>();
if (!existingUserList.isEmpty()) {
String domain = mapping.getSecondaryRole().substring(0, mapping.getSecondaryRole().indexOf("/"));
for (String user : existingUserList) {
if (user.startsWith(domain.toUpperCase())) {
deleteUserList.add(user);
}
}
}
// update user list of given role
if (!newUserList.isEmpty() || !deleteUserList.isEmpty()) {
userStoreManager.updateUserListOfRole(role, deleteUserList.toArray(new String[0]), newUserList.toArray(new String[0]));
log.info("update user role mapping executed.....");
}
}
}
}
}
}
}
} catch (UserStoreException e) {
log.error("Error while getting user store..." + e.getMessage());
} finally {
PrivilegedCarbonContext.endTenantFlow();
}
}
}

@ -0,0 +1,76 @@
/*
* Copyright (c) 2018 - 2023, Entgra (Pvt) Ltd. (http://www.entgra.io) All Rights Reserved.
*
* Entgra (Pvt) Ltd. licenses this file to you under the Apache License,
* Version 2.0 (the "License"); you may not use this file except
* in compliance with the License.
* You may obtain a copy of the License at
*
* http://www.apache.org/licenses/LICENSE-2.0
*
* Unless required by applicable law or agreed to in writing,
* software distributed under the License is distributed on an
* "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
* KIND, either express or implied. See the License for the
* specific language governing permissions and limitations
* under the License.
*/
package io.entgra.device.mgt.core.device.mgt.extensions.userstore.role.mapper;
import io.entgra.device.mgt.core.device.mgt.extensions.userstore.role.mapper.bean.UserStoreRoleMappingConfig;
import io.entgra.device.mgt.core.device.mgt.extensions.userstore.role.mapper.exception.UserStoreRoleMapperException;
import org.apache.commons.logging.Log;
import org.apache.commons.logging.LogFactory;
import org.w3c.dom.Document;
import org.wso2.carbon.utils.CarbonUtils;
import javax.xml.bind.JAXBContext;
import javax.xml.bind.JAXBException;
import javax.xml.bind.Unmarshaller;
import javax.xml.parsers.DocumentBuilder;
import javax.xml.parsers.DocumentBuilderFactory;
import java.io.File;
public class UserStoreRoleMappingConfigManager {
private static final Log log = LogFactory.getLog(UserStoreRoleMappingConfigManager.class);
private static final String USERSTORE_ROLE_MAPPING_CONFIG_PATH = CarbonUtils.getCarbonConfigDirPath() +
File.separator + "user-store-role-mapping-config.xml";
private final UserStoreRoleMappingConfig userStoreRoleMappingConfig;
public UserStoreRoleMappingConfigManager() throws UserStoreRoleMapperException {
try {
File UserStoreRoleMappingConfig = new File(USERSTORE_ROLE_MAPPING_CONFIG_PATH);
Document doc = convertToDocument(UserStoreRoleMappingConfig);
JAXBContext smsContext = JAXBContext.newInstance(UserStoreRoleMappingConfig.class);
Unmarshaller unmarshaller = smsContext.createUnmarshaller();
this.userStoreRoleMappingConfig = (UserStoreRoleMappingConfig) unmarshaller.unmarshal(doc);
} catch (JAXBException e) {
String msg = "Error occurred while initializing config '" + USERSTORE_ROLE_MAPPING_CONFIG_PATH + "'";
log.error(msg, e);
throw new UserStoreRoleMapperException(msg, e);
}
}
private static Document convertToDocument(File file) throws UserStoreRoleMapperException {
DocumentBuilderFactory factory = DocumentBuilderFactory.newInstance();
factory.setNamespaceAware(true);
try {
factory.setFeature("http://apache.org/xml/features/disallow-doctype-decl", true);
factory.setFeature("http://javax.xml.XMLConstants/feature/secure-processing", true);
DocumentBuilder docBuilder = factory.newDocumentBuilder();
return docBuilder.parse(file);
} catch (Exception e) {
throw new UserStoreRoleMapperException("Error occurred while parsing " + USERSTORE_ROLE_MAPPING_CONFIG_PATH +
" file, while converting to a org.w3c.dom.Document", e);
}
}
public UserStoreRoleMappingConfig getUserStoreRoleMappingConfig() {
return this.userStoreRoleMappingConfig;
}
}

@ -0,0 +1,58 @@
/*
* Copyright (c) 2018 - 2023, Entgra (Pvt) Ltd. (http://www.entgra.io) All Rights Reserved.
*
* Entgra (Pvt) Ltd. licenses this file to you under the Apache License,
* Version 2.0 (the "License"); you may not use this file except
* in compliance with the License.
* You may obtain a copy of the License at
*
* http://www.apache.org/licenses/LICENSE-2.0
*
* Unless required by applicable law or agreed to in writing,
* software distributed under the License is distributed on an
* "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
* KIND, either express or implied. See the License for the
* specific language governing permissions and limitations
* under the License.
*/
package io.entgra.device.mgt.core.device.mgt.extensions.userstore.role.mapper.bean;
import javax.xml.bind.annotation.XmlAttribute;
import javax.xml.bind.annotation.XmlElement;
import javax.xml.bind.annotation.XmlElementWrapper;
import javax.xml.bind.annotation.XmlRootElement;
import java.util.List;
@XmlRootElement(
name = "mapping"
)
public class RoleMapping {
private String secondaryRole;
private List<String> internalRoles;
@XmlAttribute(
name = "secondaryRole"
)
public String getSecondaryRole() {
return secondaryRole;
}
public void setSecondaryRole(String secondaryRole) {
this.secondaryRole = secondaryRole;
}
@XmlElementWrapper(
name = "internalRoles"
)
@XmlElement(
name = "role"
)
public List<String> getInternalRoles() {
return internalRoles;
}
public void setInternalRoles(List<String> internalRoles) {
this.internalRoles = internalRoles;
}
}

@ -0,0 +1,83 @@
/*
* Copyright (c) 2018 - 2023, Entgra (Pvt) Ltd. (http://www.entgra.io) All Rights Reserved.
*
* Entgra (Pvt) Ltd. licenses this file to you under the Apache License,
* Version 2.0 (the "License"); you may not use this file except
* in compliance with the License.
* You may obtain a copy of the License at
*
* http://www.apache.org/licenses/LICENSE-2.0
*
* Unless required by applicable law or agreed to in writing,
* software distributed under the License is distributed on an
* "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
* KIND, either express or implied. See the License for the
* specific language governing permissions and limitations
* under the License.
*/
package io.entgra.device.mgt.core.device.mgt.extensions.userstore.role.mapper.bean;
import javax.xml.bind.annotation.XmlElement;
import javax.xml.bind.annotation.XmlElementWrapper;
import javax.xml.bind.annotation.XmlRootElement;
import java.util.List;
@XmlRootElement(
name = "UserStoreRoleMappingConfig"
)
public class UserStoreRoleMappingConfig {
private boolean enabled;
private List<RoleMapping> mappings;
private long initialDelayInSeconds;
private long periodInSeconds;
@XmlElement(
name = "enabled"
)
public boolean isEnabled() {
return enabled;
}
public void setEnabled(boolean enabled) {
this.enabled = enabled;
}
@XmlElementWrapper(
name = "mappings"
)
@XmlElement(
name = "mapping"
)
public List<RoleMapping> getMappings() {
return mappings;
}
public void setMappings(List<RoleMapping> mappings) {
this.mappings = mappings;
}
@XmlElement(
name = "initialDelayInSeconds"
)
public long getInitialDelayInSeconds() {
return initialDelayInSeconds;
}
public void setInitialDelayInSeconds(long initialDelayInSeconds) {
this.initialDelayInSeconds = initialDelayInSeconds;
}
@XmlElement(
name = "periodInSeconds"
)
public long getPeriodInSeconds() {
return periodInSeconds;
}
public void setPeriodInSeconds(long periodInSeconds) {
this.periodInSeconds = periodInSeconds;
}
}

@ -0,0 +1,26 @@
/*
* Copyright (c) 2018 - 2023, Entgra (Pvt) Ltd. (http://www.entgra.io) All Rights Reserved.
*
* Entgra (Pvt) Ltd. licenses this file to you under the Apache License,
* Version 2.0 (the "License"); you may not use this file except
* in compliance with the License.
* You may obtain a copy of the License at
*
* http://www.apache.org/licenses/LICENSE-2.0
*
* Unless required by applicable law or agreed to in writing,
* software distributed under the License is distributed on an
* "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
* KIND, either express or implied. See the License for the
* specific language governing permissions and limitations
* under the License.
*/
package io.entgra.device.mgt.core.device.mgt.extensions.userstore.role.mapper.exception;
public class UserStoreRoleMapperException extends Exception {
public UserStoreRoleMapperException(String msg, Exception e) {
super(msg, e);
}
}

@ -0,0 +1,94 @@
/*
* Copyright (c) 2018 - 2023, Entgra (Pvt) Ltd. (http://www.entgra.io) All Rights Reserved.
*
* Entgra (Pvt) Ltd. licenses this file to you under the Apache License,
* Version 2.0 (the "License"); you may not use this file except
* in compliance with the License.
* You may obtain a copy of the License at
*
* http://www.apache.org/licenses/LICENSE-2.0
*
* Unless required by applicable law or agreed to in writing,
* software distributed under the License is distributed on an
* "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
* KIND, either express or implied. See the License for the
* specific language governing permissions and limitations
* under the License.
*/
package io.entgra.device.mgt.core.device.mgt.extensions.userstore.role.mapper.internal;
import io.entgra.device.mgt.core.device.mgt.extensions.userstore.role.mapper.UserStoreRoleMappingConfigManager;
import io.entgra.device.mgt.core.server.bootup.heartbeat.beacon.service.HeartBeatManagementService;
import org.wso2.carbon.context.CarbonContext;
import org.wso2.carbon.context.PrivilegedCarbonContext;
import org.wso2.carbon.user.api.UserRealm;
import org.wso2.carbon.user.api.UserStoreException;
import org.wso2.carbon.user.api.UserStoreManager;
import org.wso2.carbon.user.core.service.RealmService;
import org.wso2.carbon.utils.ConfigurationContextService;
public class UserStoreRoleMappingDataHolder {
private ConfigurationContextService configurationContextService;
private RealmService realmService;
private UserStoreRoleMappingConfigManager userStoreRoleMappingConfigManager;
private HeartBeatManagementService heartBeatService;
private static final UserStoreRoleMappingDataHolder thisInstance = new UserStoreRoleMappingDataHolder();
private UserStoreRoleMappingDataHolder() {}
public static UserStoreRoleMappingDataHolder getInstance() {
return thisInstance;
}
public ConfigurationContextService getConfigurationContextService() {
return configurationContextService;
}
public void setConfigurationContextService(ConfigurationContextService configurationContextService) {
this.configurationContextService = configurationContextService;
}
public UserStoreManager getUserStoreManager() throws UserStoreException {
if (realmService == null) {
String msg = "Realm service has not initialized.";
throw new IllegalStateException(msg);
}
int tenantId = PrivilegedCarbonContext.getThreadLocalCarbonContext().getTenantId();
return realmService.getTenantUserRealm(tenantId).getUserStoreManager();
}
public UserRealm getUserRealm() throws UserStoreException {
UserRealm realm;
if (realmService == null) {
throw new IllegalStateException("Realm service not initialized");
}
int tenantId = CarbonContext.getThreadLocalCarbonContext().getTenantId();
realm = realmService.getTenantUserRealm(tenantId);
return realm;
}
public RealmService getRealmService() {
return realmService;
}
public void setRealmService(RealmService realmService) {
this.realmService = realmService;
}
public UserStoreRoleMappingConfigManager getUserStoreRoleMappingConfigManager() {
return userStoreRoleMappingConfigManager;
}
public void setUserStoreRoleMappingConfigManager(UserStoreRoleMappingConfigManager userStoreRoleMappingConfigManager) {
this.userStoreRoleMappingConfigManager = userStoreRoleMappingConfigManager;
}
public HeartBeatManagementService getHeartBeatService() {
return heartBeatService;
}
public void setHeartBeatService(HeartBeatManagementService heartBeatService) {
this.heartBeatService = heartBeatService;
}
}

@ -0,0 +1,135 @@
/*
* Copyright (c) 2018 - 2023, Entgra (Pvt) Ltd. (http://www.entgra.io) All Rights Reserved.
*
* Entgra (Pvt) Ltd. licenses this file to you under the Apache License,
* Version 2.0 (the "License"); you may not use this file except
* in compliance with the License.
* You may obtain a copy of the License at
*
* http://www.apache.org/licenses/LICENSE-2.0
*
* Unless required by applicable law or agreed to in writing,
* software distributed under the License is distributed on an
* "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
* KIND, either express or implied. See the License for the
* specific language governing permissions and limitations
* under the License.
*/
package io.entgra.device.mgt.core.device.mgt.extensions.userstore.role.mapper.internal;
import io.entgra.device.mgt.core.device.mgt.extensions.userstore.role.mapper.UserStoreRoleMapper;
import io.entgra.device.mgt.core.device.mgt.extensions.userstore.role.mapper.UserStoreRoleMappingConfigManager;
import io.entgra.device.mgt.core.server.bootup.heartbeat.beacon.service.HeartBeatManagementService;
import org.apache.commons.logging.Log;
import org.apache.commons.logging.LogFactory;
import org.osgi.framework.BundleContext;
import org.osgi.service.component.ComponentContext;
import org.wso2.carbon.core.ServerStartupObserver;
import org.wso2.carbon.user.core.service.RealmService;
import org.wso2.carbon.utils.ConfigurationContextService;
/**
* @scr.component name="io.entgra.device.mgt.core.device.mgt.extensions.userstore.role.mapper.internal.UserStoreRoleMappingServiceComponent"
* immediate="true"
* @scr.reference name="user.realmservice.default"
* interface="org.wso2.carbon.user.core.service.RealmService"
* cardinality="1..1"
* policy="dynamic"
* bind="setRealmService"
* unbind="unsetRealmService"
* @scr.reference name="config.context.service"
* interface="org.wso2.carbon.utils.ConfigurationContextService"
* cardinality="0..1"
* policy="dynamic"
* bind="setConfigurationContextService"
* unbind="unsetConfigurationContextService"
* @scr.reference name="entgra.heart.beat.service"
* interface="io.entgra.device.mgt.core.server.bootup.heartbeat.beacon.service.HeartBeatManagementService"
* cardinality="0..1"
* policy="dynamic"
* bind="setHeartBeatService"
* unbind="unsetHeartBeatService"
*/
public class UserStoreRoleMappingServiceComponent {
private static final Log log = LogFactory.getLog(UserStoreRoleMappingServiceComponent.class);
protected void activate(ComponentContext ctx) {
if (log.isDebugEnabled()) {
log.debug("Activating Role Management Service Component");
}
try {
BundleContext bundleContext = ctx.getBundleContext();
UserStoreRoleMapper mapper = new UserStoreRoleMapper();
bundleContext.registerService(ServerStartupObserver.class.getName(), mapper, null);
UserStoreRoleMappingDataHolder.getInstance().setUserStoreRoleMappingConfigManager(new UserStoreRoleMappingConfigManager());
if (log.isDebugEnabled()) {
log.debug("Role Management Service Component has been successfully activated");
}
} catch (Throwable e) {
log.error("Error occurred while activating Role Management Service Component", e);
}
}
protected void deactivate(ComponentContext ctx) {
if (log.isDebugEnabled()) {
log.debug("De-activating Role Manager Service Component");
}
}
protected void setConfigurationContextService(ConfigurationContextService configurationContextService) {
if (log.isDebugEnabled()) {
log.debug("Setting ConfigurationContextService");
}
UserStoreRoleMappingDataHolder.getInstance().setConfigurationContextService(configurationContextService);
}
protected void unsetConfigurationContextService(ConfigurationContextService configurationContextService) {
if (log.isDebugEnabled()) {
log.debug("Un-setting ConfigurationContextService");
}
UserStoreRoleMappingDataHolder.getInstance().setConfigurationContextService(null);
}
/**
* Sets Realm Service.
*
* @param realmService An instance of RealmService
*/
protected void setRealmService(RealmService realmService) {
if (log.isDebugEnabled()) {
log.debug("Setting Realm Service");
}
UserStoreRoleMappingDataHolder.getInstance().setRealmService(realmService);
}
/**
* Unsets Realm Service.
*
* @param realmService An instance of RealmService
*/
protected void unsetRealmService(RealmService realmService) {
if (log.isDebugEnabled()) {
log.debug("Unsetting Realm Service");
}
UserStoreRoleMappingDataHolder.getInstance().setRealmService(null);
}
@SuppressWarnings("unused")
protected void setHeartBeatService(HeartBeatManagementService heartBeatService) {
if (log.isDebugEnabled()) {
log.debug("Setting heart beat service");
}
UserStoreRoleMappingDataHolder.getInstance().setHeartBeatService(heartBeatService);
}
@SuppressWarnings("unused")
protected void unsetHeartBeatService(HeartBeatManagementService heartBeatManagementService) {
if (log.isDebugEnabled()) {
log.debug("Removing heart beat service");
}
UserStoreRoleMappingDataHolder.getInstance().setHeartBeatService(null);
}
}

@ -43,6 +43,7 @@
<module>io.entgra.device.mgt.core.device.mgt.extensions.logger</module> <module>io.entgra.device.mgt.core.device.mgt.extensions.logger</module>
<module>io.entgra.device.mgt.core.device.mgt.extensions.defaultrole.manager</module> <module>io.entgra.device.mgt.core.device.mgt.extensions.defaultrole.manager</module>
<module>io.entgra.device.mgt.core.device.mgt.extensions.stateengine</module> <module>io.entgra.device.mgt.core.device.mgt.extensions.stateengine</module>
<module>io.entgra.device.mgt.core.device.mgt.extensions.userstore.role.mapper</module>
</modules> </modules>
</project> </project>

@ -75,7 +75,7 @@ import javax.ws.rs.core.Response;
description = "Add, Edit or View a Device Type", description = "Add, Edit or View a Device Type",
key = "dm:admin:device-type:modify", key = "dm:admin:device-type:modify",
roles = {"Internal/devicemgt-admin"}, roles = {"Internal/devicemgt-admin"},
permissions = {"/device-mgt/admin/device-type"} permissions = {"/device-mgt/admin/device-type/modify"}
), ),
@Scope( @Scope(
name = "Getting Details of a Device Type", name = "Getting Details of a Device Type",

@ -340,7 +340,8 @@ public class RoleManagementServiceImpl implements RoleManagementService {
for (UIPermissionNode node : permissionNode.getNodeList()) { for (UIPermissionNode node : permissionNode.getNodeList()) {
if (Constants.Permission.LOGIN.equals(node.getResourcePath()) || if (Constants.Permission.LOGIN.equals(node.getResourcePath()) ||
Constants.Permission.DEVICE_MGT.equals(node.getResourcePath()) || Constants.Permission.DEVICE_MGT.equals(node.getResourcePath()) ||
Constants.Permission.APP_MGT.equals(node.getResourcePath())) { Constants.Permission.APP_MGT.equals(node.getResourcePath()) ||
Constants.Permission.TENANT.equals(node.getResourcePath())) {
deviceMgtPermissionsList.add(node); deviceMgtPermissionsList.add(node);
} }
} }

@ -84,6 +84,7 @@ public class Constants {
public static final String LOGIN = "/permission/admin/login"; public static final String LOGIN = "/permission/admin/login";
public static final String DEVICE_MGT = "/permission/admin/device-mgt"; public static final String DEVICE_MGT = "/permission/admin/device-mgt";
public static final String APP_MGT = "/permission/admin/app-mgt"; public static final String APP_MGT = "/permission/admin/app-mgt";
public static final String TENANT = "/permission/admin/tenants";
} }
} }

@ -0,0 +1,105 @@
<?xml version="1.0" encoding="UTF-8"?>
<!--
~ Copyright (c) 2018 - 2023, Entgra (Pvt) Ltd. (http://www.entgra.io) All Rights Reserved.
~
~ Entgra (Pvt) Ltd. licenses this file to you under the Apache License,
~ Version 2.0 (the "License"); you may not use this file except
~ in compliance with the License.
~ You may obtain a copy of the License at
~
~ http://www.apache.org/licenses/LICENSE-2.0
~
~ Unless required by applicable law or agreed to in writing,
~ software distributed under the License is distributed on an
~ "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
~ KIND, either express or implied. See the License for the
~ specific language governing permissions and limitations
~ under the License.
-->
<project xmlns="http://maven.apache.org/POM/4.0.0" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xsi:schemaLocation="http://maven.apache.org/POM/4.0.0 http://maven.apache.org/xsd/maven-4.0.0.xsd">
<parent>
<groupId>io.entgra.device.mgt.core</groupId>
<artifactId>device-mgt-extensions-feature</artifactId>
<version>5.0.31-SNAPSHOT</version>
<relativePath>../pom.xml</relativePath>
</parent>
<modelVersion>4.0.0</modelVersion>
<artifactId>io.entgra.device.mgt.core.device.mgt.extensions.userstore.role.mapper.feature</artifactId>
<packaging>pom</packaging>
<name>Entgra IoT - User store role mapper feature</name>
<url>http://entgra.io</url>
<description>
This feature contains the core bundles required for user store role mapping functionality
</description>
<dependencies>
<dependency>
<groupId>io.entgra.device.mgt.core</groupId>
<artifactId>io.entgra.device.mgt.core.device.mgt.extensions.userstore.role.mapper</artifactId>
</dependency>
</dependencies>
<build>
<plugins>
<plugin>
<artifactId>maven-resources-plugin</artifactId>
<version>2.6</version>
<executions>
<execution>
<id>copy-resources</id>
<phase>generate-resources</phase>
<goals>
<goal>copy-resources</goal>
</goals>
<configuration>
<outputDirectory>src/main/resources</outputDirectory>
<resources>
<resource>
<directory>resources</directory>
<includes>
<include>build.properties</include>
<include>p2.inf</include>
</includes>
</resource>
</resources>
</configuration>
</execution>
</executions>
</plugin>
<plugin>
<groupId>org.wso2.maven</groupId>
<artifactId>carbon-p2-plugin</artifactId>
<version>${carbon.p2.plugin.version}</version>
<executions>
<execution>
<id>p2-feature-generation</id>
<phase>package</phase>
<goals>
<goal>p2-feature-gen</goal>
</goals>
<configuration>
<id>io.entgra.device.mgt.core.device.mgt.extensions.userstore.role.mapper</id>
<propertiesFile>../../etc/feature.properties</propertiesFile>
<adviceFile>
<properties>
<propertyDef>org.wso2.carbon.p2.category.type:server
</propertyDef>
<propertyDef>org.eclipse.equinox.p2.type.group:true
</propertyDef>
</properties>
</adviceFile>
<bundles>
<bundleDef>
io.entgra.device.mgt.core:io.entgra.device.mgt.core.device.mgt.extensions.userstore.role.mapper:${io.entgra.device.mgt.core.version}
</bundleDef>
</bundles>
</configuration>
</execution>
</executions>
</plugin>
</plugins>
</build>
</project>

@ -0,0 +1,19 @@
#
# Copyright (c) 2018 - 2023, Entgra (Pvt) Ltd. (http://www.entgra.io) All Rights Reserved.
#
# Entgra (Pvt) Ltd. licenses this file to you under the Apache License,
# Version 2.0 (the "License"); you may not use this file except
# in compliance with the License.
# You may obtain a copy of the License at
#
# http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing,
# software distributed under the License is distributed on an
# "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
# KIND, either express or implied. See the License for the
# specific language governing permissions and limitations
# under the License.
#
custom = true

@ -0,0 +1,35 @@
<?xml version="1.0" encoding="ISO-8859-1"?>
<!--
~ Copyright (c) 2018 - 2023, Entgra (Pvt) Ltd. (http://www.entgra.io) All Rights Reserved.
~
~ Entgra (Pvt) Ltd. licenses this file to you under the Apache License,
~ Version 2.0 (the "License"); you may not use this file except
~ in compliance with the License.
~ You may obtain a copy of the License at
~
~ http://www.apache.org/licenses/LICENSE-2.0
~
~ Unless required by applicable law or agreed to in writing,
~ software distributed under the License is distributed on an
~ "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
~ KIND, either express or implied. See the License for the
~ specific language governing permissions and limitations
~ under the License.
-->
<UserStoreRoleMappingConfig>
<enabled>false</enabled>
<initialDelayInSeconds>30</initialDelayInSeconds>
<periodInSeconds>3600</periodInSeconds>
<mappings>
<mapping secondaryRole="ENTGRA.IO/css_galle">
<internalRoles>
<role>Internal/branch_css</role>
</internalRoles>
</mapping>
<mapping secondaryRole="ENTGRA.IO/css_nugegoda">
<internalRoles>
<role>Internal/branch_css</role>
</internalRoles>
</mapping>
</mappings>
</UserStoreRoleMappingConfig>

@ -0,0 +1,2 @@
instructions.configure = \
org.eclipse.equinox.p2.touchpoint.natives.copy(source:${installFolder}/../features/io.entgra.device.mgt.core.device.mgt.extensions.userstore.role.mapper_${feature.version}/conf/user-store-role-mapping-config.xml,target:${installFolder}/../../../repository/conf/user-store-role-mapping-config.xml,overwrite:true);\

@ -41,6 +41,7 @@
<module>io.entgra.device.mgt.core.device.mgt.extensions.defaultrole.manager.feature</module> <module>io.entgra.device.mgt.core.device.mgt.extensions.defaultrole.manager.feature</module>
<module>io.entgra.device.mgt.core.device.mgt.extensions.logger.feature</module> <module>io.entgra.device.mgt.core.device.mgt.extensions.logger.feature</module>
<module>io.entgra.device.mgt.core.device.mgt.extensions.stateengine.feature</module> <module>io.entgra.device.mgt.core.device.mgt.extensions.stateengine.feature</module>
<module>io.entgra.device.mgt.core.device.mgt.extensions.userstore.role.mapper</module>
</modules> </modules>
</project> </project>

@ -318,6 +318,7 @@
<Scope>dm:metadata:create</Scope> <Scope>dm:metadata:create</Scope>
<Scope>dm:metadata:update</Scope> <Scope>dm:metadata:update</Scope>
<Scope>and:ops:add-google-acc</Scope> <Scope>and:ops:add-google-acc</Scope>
<Scope>and:ops:authenticate-acc</Scope>
<Scope>and:ops:update-default-sim</Scope> <Scope>and:ops:update-default-sim</Scope>
<Scope>and:ops:add-google-acc</Scope> <Scope>and:ops:add-google-acc</Scope>
<Scope>and:ops:device-info</Scope> <Scope>and:ops:device-info</Scope>

@ -1631,6 +1631,11 @@
<artifactId>io.entgra.device.mgt.core.device.mgt.extensions.defaultrole.manager</artifactId> <artifactId>io.entgra.device.mgt.core.device.mgt.extensions.defaultrole.manager</artifactId>
<version>${io.entgra.device.mgt.core.version}</version> <version>${io.entgra.device.mgt.core.version}</version>
</dependency> </dependency>
<dependency>
<groupId>io.entgra.device.mgt.core</groupId>
<artifactId>io.entgra.device.mgt.core.device.mgt.extensions.userstore.role.mapper</artifactId>
<version>${io.entgra.device.mgt.core.version}</version>
</dependency>
<dependency> <dependency>
<groupId>io.entgra.device.mgt.core</groupId> <groupId>io.entgra.device.mgt.core</groupId>
<artifactId>io.entgra.device.mgt.core.device.mgt.extensions.logger</artifactId> <artifactId>io.entgra.device.mgt.core.device.mgt.extensions.logger</artifactId>

Loading…
Cancel
Save