Merge branch 'master' of https://github.com/wso2/carbon-device-mgt into scope-impl

revert-70aa11f8
mharindu 9 years ago
commit 84090fb16c

@ -3,7 +3,6 @@ package org.wso2.carbon.certificate.mgt.cert.jaxrs.api.impl;
import org.apache.commons.logging.Log; import org.apache.commons.logging.Log;
import org.apache.commons.logging.LogFactory; import org.apache.commons.logging.LogFactory;
import org.wso2.carbon.certificate.mgt.cert.jaxrs.api.CertificateManagementAdminService; import org.wso2.carbon.certificate.mgt.cert.jaxrs.api.CertificateManagementAdminService;
import org.wso2.carbon.certificate.mgt.cert.jaxrs.api.UnexpectedServerErrorException;
import org.wso2.carbon.certificate.mgt.cert.jaxrs.api.beans.CertificateList; import org.wso2.carbon.certificate.mgt.cert.jaxrs.api.beans.CertificateList;
import org.wso2.carbon.certificate.mgt.cert.jaxrs.api.beans.EnrollmentCertificate; import org.wso2.carbon.certificate.mgt.cert.jaxrs.api.beans.EnrollmentCertificate;
import org.wso2.carbon.certificate.mgt.cert.jaxrs.api.beans.ErrorResponse; import org.wso2.carbon.certificate.mgt.cert.jaxrs.api.beans.ErrorResponse;
@ -53,8 +52,8 @@ public class CertificateManagementAdminServiceImpl implements CertificateManagem
} catch (KeystoreException e) { } catch (KeystoreException e) {
String msg = "Error occurred while converting PEM file to X509Certificate."; String msg = "Error occurred while converting PEM file to X509Certificate.";
log.error(msg, e); log.error(msg, e);
throw new UnexpectedServerErrorException( return Response.serverError().entity(
new ErrorResponse.ErrorResponseBuilder().setCode(500l).setMessage(msg).build()); new ErrorResponse.ErrorResponseBuilder().setCode(500l).setMessage(msg).build()).build();
} }
} }
@ -79,8 +78,8 @@ public class CertificateManagementAdminServiceImpl implements CertificateManagem
} catch (CertificateManagementException e) { } catch (CertificateManagementException e) {
String msg = "Error occurred while converting PEM file to X509Certificate"; String msg = "Error occurred while converting PEM file to X509Certificate";
log.error(msg, e); log.error(msg, e);
throw new UnexpectedServerErrorException( return Response.serverError().entity(
new ErrorResponse.ErrorResponseBuilder().setCode(500l).setMessage(msg).build()); new ErrorResponse.ErrorResponseBuilder().setCode(500l).setMessage(msg).build()).build();
} }
} }
@ -109,8 +108,8 @@ public class CertificateManagementAdminServiceImpl implements CertificateManagem
} catch (CertificateManagementException e) { } catch (CertificateManagementException e) {
String msg = "Error occurred while fetching all certificates."; String msg = "Error occurred while fetching all certificates.";
log.error(msg, e); log.error(msg, e);
throw new UnexpectedServerErrorException( return Response.serverError().entity(
new ErrorResponse.ErrorResponseBuilder().setCode(500l).setMessage(msg).build()); new ErrorResponse.ErrorResponseBuilder().setMessage(msg).build()).build();
} }
} }
@ -131,8 +130,9 @@ public class CertificateManagementAdminServiceImpl implements CertificateManagem
} catch (CertificateManagementException e) { } catch (CertificateManagementException e) {
String msg = "Error occurred while converting PEM file to X509Certificate"; String msg = "Error occurred while converting PEM file to X509Certificate";
log.error(msg, e); log.error(msg, e);
throw new UnexpectedServerErrorException( return Response.serverError().entity(
new ErrorResponse.ErrorResponseBuilder().setCode(500l).setMessage(msg).build()); new ErrorResponse.ErrorResponseBuilder().setMessage(msg).build()).build();
} }
} }
} }

@ -38,11 +38,16 @@ public class CertificateManagementDAOFactory {
private static DataSource dataSource; private static DataSource dataSource;
private static String databaseEngine; private static String databaseEngine;
private static final Log log = LogFactory.getLog(CertificateManagementDAOFactory.class); private static final Log log = LogFactory.getLog(CertificateManagementDAOFactory.class);
private static ThreadLocal<Connection> currentConnection = new ThreadLocal<Connection>(); private static ThreadLocal<Connection> currentConnection = new ThreadLocal<>();
private static ThreadLocal<TxState> currentTxState = new ThreadLocal<>();
private enum TxState {
CONNECTION_NOT_BORROWED, CONNECTION_BORROWED, CONNECTION_CLOSED
}
public static CertificateDAO getCertificateDAO() { public static CertificateDAO getCertificateDAO() {
return new GenericCertificateDAOImpl(); return new GenericCertificateDAOImpl();
} }
public static void init(DataSourceConfig config) { public static void init(DataSourceConfig config) {
@ -50,7 +55,7 @@ public class CertificateManagementDAOFactory {
try { try {
databaseEngine = dataSource.getConnection().getMetaData().getDatabaseProductName(); databaseEngine = dataSource.getConnection().getMetaData().getDatabaseProductName();
} catch (SQLException e) { } catch (SQLException e) {
log.error( "Error occurred while retrieving config.datasource connection", e); log.error("Error occurred while retrieving config.datasource connection", e);
} }
} }
@ -85,9 +90,11 @@ public class CertificateManagementDAOFactory {
log.warn("Error occurred while closing the borrowed connection. " + log.warn("Error occurred while closing the borrowed connection. " +
"Transaction has ended pre-maturely", e1); "Transaction has ended pre-maturely", e1);
} }
currentTxState.set(TxState.CONNECTION_CLOSED);
throw new TransactionManagementException("Error occurred while setting auto-commit to false", e); throw new TransactionManagementException("Error occurred while setting auto-commit to false", e);
} }
currentConnection.set(conn); currentConnection.set(conn);
currentTxState.set(TxState.CONNECTION_BORROWED);
} }
public static void openConnection() throws SQLException { public static void openConnection() throws SQLException {
@ -97,8 +104,14 @@ public class CertificateManagementDAOFactory {
"this particular thread. Therefore, calling 'beginTransaction/openConnection' while another " + "this particular thread. Therefore, calling 'beginTransaction/openConnection' while another " +
"transaction is already active is a sign of improper transaction handling"); "transaction is already active is a sign of improper transaction handling");
} }
conn = dataSource.getConnection(); try {
conn = dataSource.getConnection();
} catch (SQLException e) {
currentTxState.set(TxState.CONNECTION_NOT_BORROWED);
throw e;
}
currentConnection.set(conn); currentConnection.set(conn);
currentTxState.set(TxState.CONNECTION_BORROWED);
} }
public static Connection getConnection() throws SQLException { public static Connection getConnection() throws SQLException {
@ -144,6 +157,17 @@ public class CertificateManagementDAOFactory {
} }
public static void closeConnection() { public static void closeConnection() {
TxState txState = currentTxState.get();
if (TxState.CONNECTION_NOT_BORROWED == txState) {
if (log.isDebugEnabled()) {
log.debug("No successful connection appears to have been borrowed to perform the underlying " +
"transaction even though the 'openConnection' method has been called. Therefore, " +
"'closeConnection' method is returning silently");
}
currentTxState.remove();
return;
}
Connection conn = currentConnection.get(); Connection conn = currentConnection.get();
if (conn == null) { if (conn == null) {
throw new IllegalTransactionStateException("No connection is associated with the current transaction. " + throw new IllegalTransactionStateException("No connection is associated with the current transaction. " +
@ -156,6 +180,7 @@ public class CertificateManagementDAOFactory {
log.warn("Error occurred while close the connection", e); log.warn("Error occurred while close the connection", e);
} }
currentConnection.remove(); currentConnection.remove();
currentTxState.remove();
} }
@ -170,14 +195,14 @@ public class CertificateManagementDAOFactory {
if (config == null) { if (config == null) {
throw new RuntimeException( throw new RuntimeException(
"Device Management Repository data source configuration " + "is null and " + "Device Management Repository data source configuration " + "is null and " +
"thus, is not initialized" "thus, is not initialized"
); );
} }
JNDILookupDefinition jndiConfig = config.getJndiLookupDefinition(); JNDILookupDefinition jndiConfig = config.getJndiLookupDefinition();
if (jndiConfig != null) { if (jndiConfig != null) {
if (log.isDebugEnabled()) { if (log.isDebugEnabled()) {
log.debug("Initializing Device Management Repository data source using the JNDI " + log.debug("Initializing Device Management Repository data source using the JNDI " +
"Lookup Definition"); "Lookup Definition");
} }
List<JNDILookupDefinition.JNDIProperty> jndiPropertyList = List<JNDILookupDefinition.JNDIProperty> jndiPropertyList =
jndiConfig.getJndiProperties(); jndiConfig.getJndiProperties();

@ -45,6 +45,7 @@ import java.util.ArrayList;
import java.util.List; import java.util.List;
public class GenericCertificateDAOImpl implements CertificateDAO { public class GenericCertificateDAOImpl implements CertificateDAO {
private static final Log log = LogFactory.getLog(GenericCertificateDAOImpl.class); private static final Log log = LogFactory.getLog(GenericCertificateDAOImpl.class);
@Override @Override
@ -103,7 +104,7 @@ public class GenericCertificateDAOImpl implements CertificateDAO {
if (resultSet.next()) { if (resultSet.next()) {
certificateResponse = new CertificateResponse(); certificateResponse = new CertificateResponse();
byte [] certificateBytes = resultSet.getBytes("CERTIFICATE"); byte[] certificateBytes = resultSet.getBytes("CERTIFICATE");
certificateResponse.setCertificate(certificateBytes); certificateResponse.setCertificate(certificateBytes);
certificateResponse.setSerialNumber(resultSet.getString("SERIAL_NUMBER")); certificateResponse.setSerialNumber(resultSet.getString("SERIAL_NUMBER"));
certificateResponse.setTenantId(resultSet.getInt("TENANT_ID")); certificateResponse.setTenantId(resultSet.getInt("TENANT_ID"));
@ -142,7 +143,7 @@ public class GenericCertificateDAOImpl implements CertificateDAO {
while (resultSet.next()) { while (resultSet.next()) {
certificateResponse = new CertificateResponse(); certificateResponse = new CertificateResponse();
byte [] certificateBytes = resultSet.getBytes("CERTIFICATE"); byte[] certificateBytes = resultSet.getBytes("CERTIFICATE");
certificateResponse.setSerialNumber(resultSet.getString("SERIAL_NUMBER")); certificateResponse.setSerialNumber(resultSet.getString("SERIAL_NUMBER"));
certificateResponse.setTenantId(resultSet.getInt("TENANT_ID")); certificateResponse.setTenantId(resultSet.getInt("TENANT_ID"));
certificateResponse.setUsername(resultSet.getString("USERNAME")); certificateResponse.setUsername(resultSet.getString("USERNAME"));
@ -181,7 +182,7 @@ public class GenericCertificateDAOImpl implements CertificateDAO {
int resultCount = 0; int resultCount = 0;
while (resultSet.next()) { while (resultSet.next()) {
certificateResponse = new CertificateResponse(); certificateResponse = new CertificateResponse();
byte [] certificateBytes = resultSet.getBytes("CERTIFICATE"); byte[] certificateBytes = resultSet.getBytes("CERTIFICATE");
certificateResponse.setSerialNumber(resultSet.getString("SERIAL_NUMBER")); certificateResponse.setSerialNumber(resultSet.getString("SERIAL_NUMBER"));
certificateResponse.setTenantId(resultSet.getInt("TENANT_ID")); certificateResponse.setTenantId(resultSet.getInt("TENANT_ID"));
certificateResponse.setUsername(resultSet.getString("USERNAME")); certificateResponse.setUsername(resultSet.getString("USERNAME"));
@ -193,11 +194,11 @@ public class GenericCertificateDAOImpl implements CertificateDAO {
paginationResult.setData(certificates); paginationResult.setData(certificates);
paginationResult.setRecordsTotal(resultCount); paginationResult.setRecordsTotal(resultCount);
} catch (SQLException e) { } catch (SQLException e) {
String errorMsg = "SQL error occurred while retrieving the certificates."; String errorMsg = "SQL error occurred while retrieving the certificates.";
log.error(errorMsg, e); log.error(errorMsg, e);
throw new CertificateManagementDAOException(errorMsg, e); throw new CertificateManagementDAOException(errorMsg, e);
} finally { } finally {
OperationManagementDAOUtil.cleanupResources(stmt, resultSet); CertificateManagementDAOUtil.cleanupResources(stmt, resultSet);
} }
return paginationResult; return paginationResult;
} }
@ -219,7 +220,7 @@ public class GenericCertificateDAOImpl implements CertificateDAO {
while (resultSet.next()) { while (resultSet.next()) {
certificateResponse = new CertificateResponse(); certificateResponse = new CertificateResponse();
byte [] certificateBytes = resultSet.getBytes("CERTIFICATE"); byte[] certificateBytes = resultSet.getBytes("CERTIFICATE");
certificateResponse.setSerialNumber(resultSet.getString("SERIAL_NUMBER")); certificateResponse.setSerialNumber(resultSet.getString("SERIAL_NUMBER"));
certificateResponse.setTenantId(resultSet.getInt("TENANT_ID")); certificateResponse.setTenantId(resultSet.getInt("TENANT_ID"));
certificateResponse.setUsername(resultSet.getString("USERNAME")); certificateResponse.setUsername(resultSet.getString("USERNAME"));
@ -227,11 +228,11 @@ public class GenericCertificateDAOImpl implements CertificateDAO {
certificates.add(certificateResponse); certificates.add(certificateResponse);
} }
} catch (SQLException e) { } catch (SQLException e) {
String errorMsg = "SQL error occurred while retrieving the certificates."; String errorMsg = "SQL error occurred while retrieving the certificates.";
log.error(errorMsg, e); log.error(errorMsg, e);
throw new CertificateManagementDAOException(errorMsg, e); throw new CertificateManagementDAOException(errorMsg, e);
} finally { } finally {
OperationManagementDAOUtil.cleanupResources(stmt, resultSet); CertificateManagementDAOUtil.cleanupResources(stmt, resultSet);
} }
return certificates; return certificates;
} }
@ -246,17 +247,16 @@ public class GenericCertificateDAOImpl implements CertificateDAO {
conn = this.getConnection(); conn = this.getConnection();
String query = String query =
"DELETE FROM DM_DEVICE_CERTIFICATE WHERE SERIAL_NUMBER = ?" + "DELETE FROM DM_DEVICE_CERTIFICATE WHERE SERIAL_NUMBER = ?" +
" AND TENANT_ID = ? "; " AND TENANT_ID = ? ";
stmt = conn.prepareStatement(query); stmt = conn.prepareStatement(query);
stmt.setString(1, serialNumber); stmt.setString(1, serialNumber);
stmt.setInt(2, tenantId); stmt.setInt(2, tenantId);
return stmt.executeUpdate() > 0; return stmt.executeUpdate() > 0;
} catch (SQLException e) { } catch (SQLException e) {
String errorMsg = String msg = "Unable to get the read the certificate with serial" + serialNumber;
"Unable to get the read the certificate with serial" + serialNumber; log.error(msg, e);
log.error(errorMsg, e); throw new CertificateManagementDAOException(msg, e);
throw new CertificateManagementDAOException(errorMsg, e);
} finally { } finally {
CertificateManagementDAOUtil.cleanupResources(stmt, resultSet); CertificateManagementDAOUtil.cleanupResources(stmt, resultSet);
} }

@ -308,6 +308,10 @@ public class CertificateGenerator {
} }
public CertificateResponse verifyPEMSignature(X509Certificate requestCertificate) throws KeystoreException { public CertificateResponse verifyPEMSignature(X509Certificate requestCertificate) throws KeystoreException {
if (requestCertificate == null) {
throw new IllegalArgumentException("Certificate of which the signature needs to be validated cannot " +
"be null");
}
KeyStoreReader keyStoreReader = new KeyStoreReader(); KeyStoreReader keyStoreReader = new KeyStoreReader();
CertificateResponse lookUpCertificate; CertificateResponse lookUpCertificate;

@ -0,0 +1,42 @@
/*
* Copyright (c) 2016, WSO2 Inc. (http://www.wso2.org) All Rights Reserved.
*
* WSO2 Inc. licenses this file to you under the Apache License,
* Version 2.0 (the "License"); you may not use this file except
* in compliance with the License.
* You may obtain a copy of the License at
*
* http://www.apache.org/licenses/LICENSE-2.0
*
* Unless required by applicable law or agreed to in writing,
* software distributed under the License is distributed on an
* "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
* KIND, either express or implied. See the License for the
* specific language governing permissions and limitations
* under the License.
*
*/
package org.wso2.carbon.certificate.mgt.core.impl;
import junit.framework.Assert;
import org.apache.commons.logging.Log;
import org.apache.commons.logging.LogFactory;
import org.testng.annotations.Test;
import org.wso2.carbon.certificate.mgt.core.exception.KeystoreException;
public class CertificateGeneratorTests {
private static final Log log = LogFactory.getLog(CertificateGeneratorTests.class);
@Test(expectedExceptions = IllegalArgumentException.class)
public void testVerifyNullPEMSignature() {
CertificateGenerator certGenerator = new CertificateGenerator();
try {
certGenerator.verifyPEMSignature(null);
} catch (KeystoreException e) {
log.error("Error occurred while verifying PEM signature", e);
Assert.fail();
}
}
}

@ -0,0 +1,25 @@
/*
* Copyright (c) 2016, WSO2 Inc. (http://www.wso2.org) All Rights Reserved.
*
* WSO2 Inc. licenses this file to you under the Apache License,
* Version 2.0 (the "License"); you may not use this file except
* in compliance with the License.
* You may obtain a copy of the License at
*
* http://www.apache.org/licenses/LICENSE-2.0
*
* Unless required by applicable law or agreed to in writing,
* software distributed under the License is distributed on an
* "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
* KIND, either express or implied. See the License for the
* specific language governing permissions and limitations
* under the License.
*
*/
package org.wso2.carbon.certificate.mgt.core.impl;
public class KeyGeneratorTests {
}

@ -5,6 +5,8 @@
<classes> <classes>
<class name="org.wso2.carbon.certificate.mgt.core.impl.CertificateGeneratorTestSuite"/> <class name="org.wso2.carbon.certificate.mgt.core.impl.CertificateGeneratorTestSuite"/>
<class name="org.wso2.carbon.certificate.mgt.core.util.CommonUtil"/> <class name="org.wso2.carbon.certificate.mgt.core.util.CommonUtil"/>
<class name="org.wso2.carbon.certificate.mgt.core.impl.CertificateGeneratorTests"/>
<class name="org.wso2.carbon.certificate.mgt.core.impl.KeyGeneratorTests"/>
</classes> </classes>
</test> </test>
</suite> </suite>

@ -202,18 +202,13 @@ public class DeviceAccessAuthorizationServiceImpl implements DeviceAccessAuthori
throws DeviceAccessAuthorizationException { throws DeviceAccessAuthorizationException {
//Check for device ownership. If the user is the owner of the device we allow the access. //Check for device ownership. If the user is the owner of the device we allow the access.
try { try {
Device device = DeviceManagementDataHolder.getInstance().getDeviceManagementProvider(). return DeviceManagementDataHolder.getInstance().getDeviceManagementProvider().
getDevice(deviceIdentifier); isEnrolled(deviceIdentifier, username);
EnrolmentInfo enrolmentInfo = device.getEnrolmentInfo();
if (enrolmentInfo != null && username.equalsIgnoreCase(enrolmentInfo.getOwner())) {
return true;
}
} catch (DeviceManagementException e) { } catch (DeviceManagementException e) {
throw new DeviceAccessAuthorizationException("Unable to authorize the access to device : " + throw new DeviceAccessAuthorizationException("Unable to authorize the access to device : " +
deviceIdentifier.getId() + " for the user : " + deviceIdentifier.getId() + " for the user : " +
username, e); username, e);
} }
return false;
} }
private boolean isAdminUser(String username, int tenantId) throws UserStoreException { private boolean isAdminUser(String username, int tenantId) throws UserStoreException {

@ -748,7 +748,7 @@ public abstract class AbstractDeviceDAOImpl implements DeviceDAO {
ResultSet rs = null; ResultSet rs = null;
try { try {
conn = this.getConnection(); conn = this.getConnection();
String sql = "SELECT ID AS ENROLMENT_ID FROM DM_ENROLMENT WHERE DEVICE_ID = (SELECT d.ID " + String sql = "SELECT ID AS ENROLMENT_ID FROM DM_ENROLMENT WHERE DEVICE_ID = (SELECT DISTINCT d.ID " +
"FROM DM_DEVICE d, DM_DEVICE_TYPE t WHERE d.DEVICE_TYPE_ID = t.ID " + "FROM DM_DEVICE d, DM_DEVICE_TYPE t WHERE d.DEVICE_TYPE_ID = t.ID " +
"AND d.DEVICE_IDENTIFICATION = ? AND t.NAME = ? AND d.TENANT_ID = ?) " + "AND d.DEVICE_IDENTIFICATION = ? AND t.NAME = ? AND d.TENANT_ID = ?) " +
"AND STATUS = ? AND TENANT_ID = ?"; "AND STATUS = ? AND TENANT_ID = ?";

@ -162,7 +162,6 @@ public class DeviceInformationManagerImpl implements DeviceInformationManager {
deviceDetailsDAO.addDeviceLocation(deviceLocation); deviceDetailsDAO.addDeviceLocation(deviceLocation);
DeviceManagementDAOFactory.commitTransaction(); DeviceManagementDAOFactory.commitTransaction();
} catch (TransactionManagementException e) { } catch (TransactionManagementException e) {
DeviceManagementDAOFactory.rollbackTransaction();
throw new DeviceDetailsMgtException("Transactional error occurred while adding the device location " + throw new DeviceDetailsMgtException("Transactional error occurred while adding the device location " +
"information.", e); "information.", e);
} catch (DeviceDetailsMgtDAOException e) { } catch (DeviceDetailsMgtDAOException e) {
@ -172,6 +171,7 @@ public class DeviceInformationManagerImpl implements DeviceInformationManager {
DeviceManagementDAOFactory.rollbackTransaction(); DeviceManagementDAOFactory.rollbackTransaction();
throw new DeviceDetailsMgtException("Error occurred while getting the device information.", e); throw new DeviceDetailsMgtException("Error occurred while getting the device information.", e);
} catch (DeviceManagementDAOException e) { } catch (DeviceManagementDAOException e) {
DeviceManagementDAOFactory.rollbackTransaction();
throw new DeviceDetailsMgtException("Error occurred while updating the last updated timestamp of " + throw new DeviceDetailsMgtException("Error occurred while updating the last updated timestamp of " +
"the device", e); "the device", e);
} finally { } finally {
@ -225,6 +225,8 @@ public class DeviceInformationManagerImpl implements DeviceInformationManager {
throw new DeviceDetailsMgtException("SQL error occurred while retrieving device from database.", e); throw new DeviceDetailsMgtException("SQL error occurred while retrieving device from database.", e);
} catch (DeviceDetailsMgtDAOException e) { } catch (DeviceDetailsMgtDAOException e) {
throw new DeviceDetailsMgtException("Exception occurred while retrieving device locations.", e); throw new DeviceDetailsMgtException("Exception occurred while retrieving device locations.", e);
} finally{
DeviceManagementDAOFactory.closeConnection();
} }
} }

@ -141,7 +141,6 @@ public class OperationManagerImpl implements OperationManager {
} finally { } finally {
OperationManagementDAOFactory.closeConnection(); OperationManagementDAOFactory.closeConnection();
} }
} }
private List<DeviceIdentifier> getAuthorizedDevices( private List<DeviceIdentifier> getAuthorizedDevices(
@ -161,26 +160,6 @@ public class OperationManagerImpl implements OperationManager {
return authorizedDeviceList; return authorizedDeviceList;
} }
private List<EnrolmentInfo> getEnrollmentsByStatus(
List<DeviceIdentifier> deviceIds) throws OperationManagementException {
List<EnrolmentInfo> enrolments;
int tenantId = CarbonContext.getThreadLocalCarbonContext().getTenantId();
try {
DeviceManagementDAOFactory.openConnection();
enrolments = deviceDAO.getEnrolmentsByStatus(deviceIds, EnrolmentInfo.Status.ACTIVE, tenantId);
} catch (SQLException e) {
throw new OperationManagementException("Error occurred while opening a connection the data " +
"source", e);
} catch (DeviceManagementDAOException e) {
OperationManagementDAOFactory.rollbackTransaction();
throw new OperationManagementException(
"Error occurred while retrieving enrollments by status", e);
} finally {
DeviceManagementDAOFactory.closeConnection();
}
return enrolments;
}
private Device getDevice(DeviceIdentifier deviceId) throws OperationManagementException { private Device getDevice(DeviceIdentifier deviceId) throws OperationManagementException {
int tenantId = CarbonContext.getThreadLocalCarbonContext().getTenantId(); int tenantId = CarbonContext.getThreadLocalCarbonContext().getTenantId();
try { try {
@ -200,39 +179,19 @@ public class OperationManagerImpl implements OperationManager {
@Override @Override
public List<? extends Operation> getOperations(DeviceIdentifier deviceId) throws OperationManagementException { public List<? extends Operation> getOperations(DeviceIdentifier deviceId) throws OperationManagementException {
int enrolmentId;
List<Operation> operations = null; List<Operation> operations = null;
try {
boolean isUserAuthorized = DeviceManagementDataHolder.getInstance().getDeviceAccessAuthorizationService(). if (!isActionAuthorized(deviceId)) {
isUserAuthorized(deviceId, DeviceGroupConstants.Permissions.DEFAULT_OPERATOR_PERMISSIONS); throw new OperationManagementException("User '" + getUser() + "' is not authorized to access the '" +
if (!isUserAuthorized) { deviceId.getType() + "' device, which carries the identifier '" + deviceId.getId() + "'");
throw new UnauthorizedDeviceAccessException("User '" + getUser() + "' is not authorized to " +
"fetch operations on device '" + deviceId.getId() + "'");
}
} catch (DeviceAccessAuthorizationException e) {
throw new OperationManagementException("Error occurred while authorizing access to the devices for user : " +
this.getUser(), e);
} }
try { int enrolmentId = this.getEnrolmentByStatus(deviceId, EnrolmentInfo.Status.ACTIVE);
DeviceManagementDAOFactory.openConnection(); if (enrolmentId < 0) {
int tenantId = CarbonContext.getThreadLocalCarbonContext().getTenantId(); return null;
enrolmentId = deviceDAO.getEnrolmentByStatus(deviceId, EnrolmentInfo.Status.ACTIVE, tenantId);
} catch (DeviceManagementDAOException e) {
throw new OperationManagementException("Error occurred while retrieving metadata of '" +
deviceId.getType() + "' device carrying the identifier '" +
deviceId.getId() + "'");
} catch (SQLException e) {
throw new OperationManagementException(
"Error occurred while opening a connection to the data source", e);
} finally {
DeviceManagementDAOFactory.closeConnection();
} }
try { try {
if (enrolmentId < 0) {
return null;
}
OperationManagementDAOFactory.openConnection(); OperationManagementDAOFactory.openConnection();
List<? extends org.wso2.carbon.device.mgt.core.dto.operation.mgt.Operation> operationList = List<? extends org.wso2.carbon.device.mgt.core.dto.operation.mgt.Operation> operationList =
operationDAO.getOperationsForDevice(enrolmentId); operationDAO.getOperationsForDevice(enrolmentId);
@ -259,42 +218,22 @@ public class OperationManagerImpl implements OperationManager {
public PaginationResult getOperations(DeviceIdentifier deviceId, PaginationRequest request) public PaginationResult getOperations(DeviceIdentifier deviceId, PaginationRequest request)
throws OperationManagementException { throws OperationManagementException {
PaginationResult paginationResult = null; PaginationResult paginationResult = null;
int enrolmentId;
List<Operation> operations = new ArrayList<>(); List<Operation> operations = new ArrayList<>();
try {
boolean isUserAuthorized = DeviceManagementDataHolder.getInstance().getDeviceAccessAuthorizationService(). if (!isActionAuthorized(deviceId)) {
isUserAuthorized(deviceId, DeviceGroupConstants.Permissions.DEFAULT_OPERATOR_PERMISSIONS); throw new OperationManagementException("User '" + getUser() + "' is not authorized to access the '" +
if (!isUserAuthorized) { deviceId.getType() + "' device, which carries the identifier '" + deviceId.getId() + "'");
log.error("User : " + getUser() + " is not authorized to fetch operations on device : " +
deviceId.getId());
}
} catch (DeviceAccessAuthorizationException e) {
throw new OperationManagementException("Error occurred while authorizing access to the devices for user : " +
this.getUser(), e);
} }
try { int enrolmentId = this.getEnrolmentByStatus(deviceId, EnrolmentInfo.Status.ACTIVE);
DeviceManagementDAOFactory.openConnection(); if (enrolmentId < 0) {
int tenantId = CarbonContext.getThreadLocalCarbonContext().getTenantId(); throw new OperationManagementException("Device not found for given device " +
enrolmentId = deviceDAO.getEnrolmentByStatus(deviceId, EnrolmentInfo.Status.ACTIVE, tenantId); "Identifier:" + deviceId.getId() + " and given type" +
} catch (SQLException e) { deviceId.getType());
throw new OperationManagementException(
"Error occurred while opening a connection to the data source", e);
} catch (DeviceManagementDAOException e) {
throw new OperationManagementException("Error occurred while retrieving metadata of '" +
deviceId.getType() + "' device carrying the identifier '" +
deviceId.getId() + "'");
} finally {
DeviceManagementDAOFactory.closeConnection();
} }
try { try {
OperationManagementDAOFactory.openConnection(); OperationManagementDAOFactory.openConnection();
if (enrolmentId < 0) {
throw new OperationManagementException("Device not found for given device " +
"Identifier:" + deviceId.getId() + " and given type" +
deviceId.getType());
}
List<? extends org.wso2.carbon.device.mgt.core.dto.operation.mgt.Operation> operationList = List<? extends org.wso2.carbon.device.mgt.core.dto.operation.mgt.Operation> operationList =
operationDAO.getOperationsForDevice(enrolmentId, request); operationDAO.getOperationsForDevice(enrolmentId, request);
for (org.wso2.carbon.device.mgt.core.dto.operation.mgt.Operation dtoOperation : operationList) { for (org.wso2.carbon.device.mgt.core.dto.operation.mgt.Operation dtoOperation : operationList) {
@ -326,43 +265,23 @@ public class OperationManagerImpl implements OperationManager {
if (log.isDebugEnabled()) { if (log.isDebugEnabled()) {
log.debug("Device identifier id:[" + deviceId.getId() + "] type:[" + deviceId.getType() + "]"); log.debug("Device identifier id:[" + deviceId.getId() + "] type:[" + deviceId.getType() + "]");
} }
int enrolmentId;
List<Operation> operations = new ArrayList<>(); List<Operation> operations = new ArrayList<>();
List<org.wso2.carbon.device.mgt.core.dto.operation.mgt.Operation> dtoOperationList = new ArrayList<>(); List<org.wso2.carbon.device.mgt.core.dto.operation.mgt.Operation> dtoOperationList = new ArrayList<>();
try {
boolean isUserAuthorized = DeviceManagementDataHolder.getInstance().getDeviceAccessAuthorizationService(). if (!isActionAuthorized(deviceId)) {
isUserAuthorized(deviceId, DeviceGroupConstants.Permissions.DEFAULT_OPERATOR_PERMISSIONS); throw new OperationManagementException("User '" + getUser() + "' is not authorized to access the '" +
if (!isUserAuthorized) { deviceId.getType() + "' device, which carries the identifier '" + deviceId.getId() + "'");
log.error("User : " + getUser() + " is not authorized to fetch operations on device : "
+ deviceId.getId());
}
} catch (DeviceAccessAuthorizationException e) {
throw new OperationManagementException("Error occurred while authorizing access to the devices for user :" +
this.getUser(), e);
} }
try { int enrolmentId = this.getEnrolmentByStatus(deviceId, EnrolmentInfo.Status.ACTIVE);
DeviceManagementDAOFactory.openConnection(); if (enrolmentId < 0) {
int tenantId = CarbonContext.getThreadLocalCarbonContext().getTenantId(); throw new OperationManagementException("Device not found for the given device Identifier:" +
enrolmentId = deviceDAO.getEnrolmentByStatus(deviceId, EnrolmentInfo.Status.ACTIVE, tenantId); deviceId.getId() + " and given type:" +
} catch (SQLException e) { deviceId.getType());
throw new OperationManagementException(
"Error occurred while opening a connection to the data source", e);
} catch (DeviceManagementDAOException e) {
throw new OperationManagementException("Error occurred while retrieving the device " +
"for device Identifier type -'" + deviceId.getType() +
"' and device Id '" + deviceId.getId() + "'", e);
} finally {
DeviceManagementDAOFactory.closeConnection();
} }
try { try {
OperationManagementDAOFactory.openConnection(); OperationManagementDAOFactory.openConnection();
if (enrolmentId < 0) {
throw new OperationManagementException("Device not found for the given device Identifier:" +
deviceId.getId() + " and given type:" +
deviceId.getType());
}
dtoOperationList.addAll(commandOperationDAO.getOperationsByDeviceAndStatus( dtoOperationList.addAll(commandOperationDAO.getOperationsByDeviceAndStatus(
enrolmentId, org.wso2.carbon.device.mgt.core.dto.operation.mgt.Operation.Status.PENDING)); enrolmentId, org.wso2.carbon.device.mgt.core.dto.operation.mgt.Operation.Status.PENDING));
dtoOperationList.addAll(configOperationDAO.getOperationsByDeviceAndStatus( dtoOperationList.addAll(configOperationDAO.getOperationsByDeviceAndStatus(
@ -396,41 +315,21 @@ public class OperationManagerImpl implements OperationManager {
log.debug("device identifier id:[" + deviceId.getId() + "] type:[" + deviceId.getType() + "]"); log.debug("device identifier id:[" + deviceId.getId() + "] type:[" + deviceId.getType() + "]");
} }
Operation operation = null; Operation operation = null;
int enrolmentId;
try { if (!isActionAuthorized(deviceId)) {
boolean isUserAuthorized = DeviceManagementDataHolder.getInstance().getDeviceAccessAuthorizationService(). throw new OperationManagementException("User '" + getUser() + "' is not authorized to access the '" +
isUserAuthorized(deviceId, DeviceGroupConstants.Permissions.DEFAULT_OPERATOR_PERMISSIONS); deviceId.getType() + "' device, which carries the identifier '" + deviceId.getId() + "'");
if (!isUserAuthorized) {
log.error("User : " + getUser() + " is not authorized to fetch operations on device : "
+ deviceId.getId());
}
} catch (DeviceAccessAuthorizationException e) {
throw new OperationManagementException("Error occurred while authorizing access to the devices for user : " +
this.getUser(), e);
} }
try { int enrolmentId = this.getEnrolmentByStatus(deviceId, EnrolmentInfo.Status.ACTIVE);
DeviceManagementDAOFactory.openConnection(); if (enrolmentId < 0) {
int tenantId = CarbonContext.getThreadLocalCarbonContext().getTenantId(); throw new OperationManagementException("Device not found for given device " +
enrolmentId = deviceDAO.getEnrolmentByStatus(deviceId, EnrolmentInfo.Status.ACTIVE, tenantId); "Identifier:" + deviceId.getId() + " and given type" +
} catch (DeviceManagementDAOException e) { deviceId.getType());
throw new OperationManagementException("Error occurred while retrieving the device " +
"for device Identifier type -'" + deviceId.getType() +
"' and device Id '" + deviceId.getId(), e);
} catch (SQLException e) {
throw new OperationManagementException(
"Error occurred while opening a connection to the data source", e);
} finally {
DeviceManagementDAOFactory.closeConnection();
} }
try { try {
OperationManagementDAOFactory.openConnection(); OperationManagementDAOFactory.openConnection();
if (enrolmentId < 0) {
throw new OperationManagementException("Device not found for given device " +
"Identifier:" + deviceId.getId() + " and given type" +
deviceId.getType());
}
org.wso2.carbon.device.mgt.core.dto.operation.mgt.Operation dtoOperation = operationDAO. org.wso2.carbon.device.mgt.core.dto.operation.mgt.Operation dtoOperation = operationDAO.
getNextOperation(enrolmentId); getNextOperation(enrolmentId);
if (dtoOperation != null) { if (dtoOperation != null) {
@ -470,35 +369,14 @@ public class OperationManagerImpl implements OperationManager {
if (log.isDebugEnabled()) { if (log.isDebugEnabled()) {
log.debug("operation Id:" + operationId + " status:" + operation.getStatus()); log.debug("operation Id:" + operationId + " status:" + operation.getStatus());
} }
int enrolmentId;
try {
boolean isUserAuthorized = DeviceManagementDataHolder.getInstance().getDeviceAccessAuthorizationService().
isUserAuthorized(deviceId, DeviceGroupConstants.Permissions.DEFAULT_OPERATOR_PERMISSIONS);
if (!isUserAuthorized) {
log.error("User : " + getUser() + " is not authorized to update operations on device : "
+ deviceId.getId());
}
} catch (DeviceAccessAuthorizationException e) {
throw new OperationManagementException("Error occurred while authorizing access to the devices for user :" +
this.getUser(), e);
}
try { if (!isActionAuthorized(deviceId)) {
DeviceManagementDAOFactory.openConnection(); throw new OperationManagementException("User '" + getUser() + "' is not authorized to access the '" +
int tenantId = CarbonContext.getThreadLocalCarbonContext().getTenantId(); deviceId.getType() + "' device, which carries the identifier '" + deviceId.getId() + "'");
enrolmentId = deviceDAO.getEnrolmentByStatus(deviceId, EnrolmentInfo.Status.ACTIVE, tenantId);
} catch (SQLException e) {
throw new OperationManagementException("Error occurred while opening a connection to the" +
" data source", e);
} catch (DeviceManagementDAOException e) {
OperationManagementDAOFactory.rollbackTransaction();
throw new OperationManagementException(
"Error occurred while fetching the device for device identifier: " + deviceId.getId() +
"type:" + deviceId.getType(), e);
} finally {
DeviceManagementDAOFactory.closeConnection();
} }
int enrolmentId = this.getEnrolmentByStatus(deviceId, EnrolmentInfo.Status.ACTIVE);
try { try {
OperationManagementDAOFactory.beginTransaction(); OperationManagementDAOFactory.beginTransaction();
boolean isUpdated = false; boolean isUpdated = false;
@ -547,45 +425,25 @@ public class OperationManagerImpl implements OperationManager {
@Override @Override
public Operation getOperationByDeviceAndOperationId(DeviceIdentifier deviceId, int operationId) public Operation getOperationByDeviceAndOperationId(DeviceIdentifier deviceId, int operationId)
throws OperationManagementException { throws OperationManagementException {
int enrolmentId;
Operation operation = null; Operation operation = null;
if (log.isDebugEnabled()) { if (log.isDebugEnabled()) {
log.debug("Operation Id: " + operationId + " Device Type: " + deviceId.getType() + " Device Identifier: " + log.debug("Operation Id: " + operationId + " Device Type: " + deviceId.getType() + " Device Identifier: " +
deviceId.getId()); deviceId.getId());
} }
try {
boolean isUserAuthorized = DeviceManagementDataHolder.getInstance().getDeviceAccessAuthorizationService(). if (!isActionAuthorized(deviceId)) {
isUserAuthorized(deviceId, DeviceGroupConstants.Permissions.DEFAULT_OPERATOR_PERMISSIONS); throw new OperationManagementException("User '" + getUser() + "' is not authorized to access the '" +
if (!isUserAuthorized) { deviceId.getType() + "' device, which carries the identifier '" + deviceId.getId() + "'");
log.error("User : " + getUser() + " is not authorized to fetch operations on device : "
+ deviceId.getId());
}
} catch (DeviceAccessAuthorizationException e) {
throw new OperationManagementException("Error occurred while authorizing access to the devices for user :" +
this.getUser(), e);
} }
try { int enrolmentId = this.getEnrolmentByStatus(deviceId, EnrolmentInfo.Status.ACTIVE);
DeviceManagementDAOFactory.openConnection(); if (enrolmentId < 0) {
int tenantId = CarbonContext.getThreadLocalCarbonContext().getTenantId(); throw new OperationManagementException("Device not found for given device identifier: " +
enrolmentId = deviceDAO.getEnrolmentByStatus(deviceId, EnrolmentInfo.Status.ACTIVE, tenantId); deviceId.getId() + " type: " + deviceId.getType());
} catch (DeviceManagementDAOException e) {
throw new OperationManagementException("Error occurred while retrieving the device " +
"for device Identifier type -'" + deviceId.getType() +
"' and device Id '" + deviceId.getId() + "'", e);
} catch (SQLException e) {
throw new OperationManagementException("Error occurred while opening connection to the data source",
e);
} finally {
DeviceManagementDAOFactory.closeConnection();
} }
try { try {
OperationManagementDAOFactory.openConnection(); OperationManagementDAOFactory.openConnection();
if (enrolmentId < 0) {
throw new OperationManagementException("Device not found for given device identifier: " +
deviceId.getId() + " type: " + deviceId.getType());
}
org.wso2.carbon.device.mgt.core.dto.operation.mgt.Operation dtoOperation = operationDAO. org.wso2.carbon.device.mgt.core.dto.operation.mgt.Operation dtoOperation = operationDAO.
getOperationByDeviceAndId(enrolmentId, operationId); getOperationByDeviceAndId(enrolmentId, operationId);
if (dtoOperation.getType(). if (dtoOperation.getType().
@ -630,43 +488,21 @@ public class OperationManagerImpl implements OperationManager {
DeviceIdentifier deviceId, Operation.Status status) throws OperationManagementException { DeviceIdentifier deviceId, Operation.Status status) throws OperationManagementException {
List<Operation> operations = new ArrayList<>(); List<Operation> operations = new ArrayList<>();
List<org.wso2.carbon.device.mgt.core.dto.operation.mgt.Operation> dtoOperationList = new ArrayList<>(); List<org.wso2.carbon.device.mgt.core.dto.operation.mgt.Operation> dtoOperationList = new ArrayList<>();
int enrolmentId;
try { if (!isActionAuthorized(deviceId)) {
boolean isUserAuthorized = DeviceManagementDataHolder.getInstance().getDeviceAccessAuthorizationService(). throw new OperationManagementException("User '" + getUser() + "' is not authorized to access the '" +
isUserAuthorized(deviceId, DeviceGroupConstants.Permissions.DEFAULT_OPERATOR_PERMISSIONS); deviceId.getType() + "' device, which carries the identifier '" + deviceId.getId() + "'");
if (!isUserAuthorized) {
log.info("User : " + getUser() + " is not authorized to fetch operations on device : "
+ deviceId.getId());
}
} catch (DeviceAccessAuthorizationException e) {
throw new OperationManagementException("Error occurred while authorizing access to the devices for user :" +
this.getUser(), e);
} }
try { int enrolmentId = this.getEnrolmentByStatus(deviceId, EnrolmentInfo.Status.ACTIVE);
DeviceManagementDAOFactory.openConnection(); if (enrolmentId < 0) {
int tenantId = CarbonContext.getThreadLocalCarbonContext().getTenantId();
enrolmentId = deviceDAO.getEnrolmentByStatus(deviceId, EnrolmentInfo.Status.ACTIVE, tenantId);
} catch (DeviceManagementDAOException e) {
throw new OperationManagementException("Error occurred while retrieving the device " +
"for device Identifier type -'" + deviceId.getType() +
"' and device Id '" + deviceId.getId(), e);
} catch (SQLException e) {
throw new OperationManagementException( throw new OperationManagementException(
"Error occurred while opening a connection to the data source", e); "Device not found for device id:" + deviceId.getId() + " " + "type:" +
} finally { deviceId.getType());
DeviceManagementDAOFactory.closeConnection();
} }
try { try {
OperationManagementDAOFactory.openConnection(); OperationManagementDAOFactory.openConnection();
if (enrolmentId < 0) {
throw new OperationManagementException(
"Device not found for device id:" + deviceId.getId() + " " + "type:" +
deviceId.getType());
}
org.wso2.carbon.device.mgt.core.dto.operation.mgt.Operation.Status dtoOpStatus = org.wso2.carbon.device.mgt.core.dto.operation.mgt.Operation.Status dtoOpStatus =
org.wso2.carbon.device.mgt.core.dto.operation.mgt.Operation.Status.valueOf(status.toString()); org.wso2.carbon.device.mgt.core.dto.operation.mgt.Operation.Status.valueOf(status.toString());
dtoOperationList.addAll(commandOperationDAO.getOperationsByDeviceAndStatus(enrolmentId, dtoOpStatus)); dtoOperationList.addAll(commandOperationDAO.getOperationsByDeviceAndStatus(enrolmentId, dtoOpStatus));
@ -920,4 +756,36 @@ public class OperationManagerImpl implements OperationManager {
return status; return status;
} }
private boolean isActionAuthorized(DeviceIdentifier deviceId) {
boolean isUserAuthorized;
try {
isUserAuthorized = DeviceManagementDataHolder.getInstance().getDeviceAccessAuthorizationService().
isUserAuthorized(deviceId, DeviceGroupConstants.Permissions.DEFAULT_OPERATOR_PERMISSIONS);
} catch (DeviceAccessAuthorizationException e) {
log.error("Error occurred while trying to authorize current user upon the invoked operation", e);
return false;
}
return isUserAuthorized;
}
private int getEnrolmentByStatus(DeviceIdentifier deviceId,
EnrolmentInfo.Status status) throws OperationManagementException {
int enrolmentId;
try {
DeviceManagementDAOFactory.openConnection();
int tenantId = CarbonContext.getThreadLocalCarbonContext().getTenantId();
enrolmentId = deviceDAO.getEnrolmentByStatus(deviceId, status, tenantId);
} catch (DeviceManagementDAOException e) {
throw new OperationManagementException("Error occurred while retrieving metadata of '" +
deviceId.getType() + "' device carrying the identifier '" +
deviceId.getId() + "'", e);
} catch (SQLException e) {
throw new OperationManagementException(
"Error occurred while opening a connection to the data source", e);
} finally {
DeviceManagementDAOFactory.closeConnection();
}
return enrolmentId;
}
} }

@ -23,7 +23,7 @@ var uri = request.getRequestURI();
var uriMatcher = new URIMatcher(String(uri)); var uriMatcher = new URIMatcher(String(uri));
var devicemgtProps = require("/app/conf/reader/main.js")["conf"]; var devicemgtProps = require("/app/conf/reader/main.js")["conf"];
var serviceInvokers = require("/app/modules/backend-service-invoker.js")["backendServiceInvoker"]; var serviceInvokers = require("/app/modules/backend-service-invoker.js")["invokers"];
function appendQueryParam (url, queryParam , value) { function appendQueryParam (url, queryParam , value) {
if (url.indexOf("?") > 0) { if (url.indexOf("?") > 0) {

@ -26,7 +26,7 @@ var deviceModule = require("/app/modules/device.js").deviceModule;
var utility = require("/app/modules/utility.js").utility; var utility = require("/app/modules/utility.js").utility;
var devicemgtProps = require("/app/conf/reader/main.js")["conf"]; var devicemgtProps = require("/app/conf/reader/main.js")["conf"];
var userModule = require("/app/modules/user.js").userModule; var userModule = require("/app/modules/user.js").userModule;
var serviceInvokers = require("/app/modules/backend-service-invoker.js").backendServiceInvoker; var serviceInvokers = require("/app/modules/backend-service-invoker.js")["invokers"];
var user = session.get(constants.USER_SESSION_KEY); var user = session.get(constants.USER_SESSION_KEY);
var result; var result;

@ -24,7 +24,7 @@ var log = new Log("api/device-api.jag");
var constants = require("/app/modules/constants.js"); var constants = require("/app/modules/constants.js");
var utility = require("/app/modules/utility.js").utility; var utility = require("/app/modules/utility.js").utility;
var devicemgtProps = require("/app/conf/reader/main.js")["conf"]; var devicemgtProps = require("/app/conf/reader/main.js")["conf"];
var serviceInvokers = require("/app/modules/backend-service-invoker.js").backendServiceInvoker; var serviceInvokers = require("/app/modules/backend-service-invoker.js")["invokers"];
var user = session.get(constants.USER_SESSION_KEY); var user = session.get(constants.USER_SESSION_KEY);
var result; var result;

@ -24,7 +24,7 @@ var uriMatcher = new URIMatcher(String(uri));
var constants = require("/app/modules/constants.js"); var constants = require("/app/modules/constants.js");
var devicemgtProps = require("/app/conf/reader/main.js")["conf"]; var devicemgtProps = require("/app/conf/reader/main.js")["conf"];
var serviceInvokers = require("/app/modules/backend-service-invoker.js")["backendServiceInvoker"]; var serviceInvokers = require("/app/modules/backend-service-invoker.js")["invokers"];
if (uriMatcher.match("/{context}/api/invoker/execute/")) { if (uriMatcher.match("/{context}/api/invoker/execute/")) {
var restAPIRequestDetails = request.getContent(); var restAPIRequestDetails = request.getContent();

@ -22,7 +22,7 @@ var uriMatcher = new URIMatcher(String(uri));
var log = new Log("api/operation-api.jag"); var log = new Log("api/operation-api.jag");
var serviceInvokers = require("/app/modules/backend-service-invoker.js")["backendServiceInvoker"]; var serviceInvokers = require("/app/modules/backend-service-invoker.js")["invokers"];
var devicemgtProps = require("/app/conf/reader/main.js")["conf"]; var devicemgtProps = require("/app/conf/reader/main.js")["conf"];
if (uriMatcher.match("/{context}/api/operation/paginate")) { if (uriMatcher.match("/{context}/api/operation/paginate")) {

@ -21,7 +21,7 @@
@Deprecated - new @Deprecated - new
*/ */
// var apiWrapperUtil = require("/app/modules/api-wrapper-util.js").apiWrapperUtil; // var apiWrapperUtil = require("/app/modules/api-wrapper-util.js")["handlers"];
// var tokenCookie = apiWrapperUtil.refreshToken(); // var tokenCookie = apiWrapperUtil.refreshToken();
// print(tokenCookie); // print(tokenCookie);
%> %>

@ -27,7 +27,7 @@ var devicemgtProps = require("/app/conf/reader/main.js")["conf"];
var userModule = require("/app/modules/user.js").userModule; var userModule = require("/app/modules/user.js").userModule;
var deviceModule = require("/app/modules/device.js").deviceModule; var deviceModule = require("/app/modules/device.js").deviceModule;
var utility = require("/app/modules/utility.js").utility; var utility = require("/app/modules/utility.js").utility;
var apiWrapperUtil = require("/app/modules/api-wrapper-util.js").apiWrapperUtil; var apiWrapperUtil = require("/app/modules/api-wrapper-util.js")["handlers"];
var util = require("/app/modules/util.js").util; var util = require("/app/modules/util.js").util;
var responseProcessor = require('utils').response; var responseProcessor = require('utils').response;

@ -16,8 +16,15 @@
* under the License. * under the License.
*/ */
var apiWrapperUtil = function () { /**
var log = new Log("/app/modules/api-wrapper-util.js"); * ----------------------------------------------------------------------------
* Following module includes invokers
* at Jaggery Layer for calling Backend Services, protected by OAuth Tokens.
* These Services include both REST and SOAP Services.
* ----------------------------------------------------------------------------
*/
var handlers = function () {
var log = new Log("/app/modules/token-handlers.js");
var tokenUtil = require("/app/modules/util.js")["util"]; var tokenUtil = require("/app/modules/util.js")["util"];
var constants = require("/app/modules/constants.js"); var constants = require("/app/modules/constants.js");
@ -28,23 +35,27 @@ var apiWrapperUtil = function () {
privateMethods.setUpEncodedTenantBasedClientCredentials = function (username) { privateMethods.setUpEncodedTenantBasedClientCredentials = function (username) {
if (!username) { if (!username) {
log.error("Could not set up encoded tenant based client credentials " + throw new Error("{/app/modules/token-handlers.js} Could not set up encoded tenant based " +
"to session context. No username is found as input."); "client credentials to session context. No username is found as " +
"input - setUpEncodedTenantBasedClientCredentials(x)");
} else { } else {
var dynamicClientCredentials = tokenUtil.getDyanmicClientCredentials(); var dynamicClientCredentials = tokenUtil.getDynamicClientCredentials();
if (!dynamicClientCredentials) { if (!dynamicClientCredentials) {
log.error("Could not set up encoded tenant based client credentials " + throw new Error("{/app/modules/token-handlers.js} Could not set up encoded tenant based " +
"to session context as the server is unable to obtain dynamic client credentials."); "client credentials to session context as the server is unable to obtain " +
"dynamic client credentials - setUpEncodedTenantBasedClientCredentials(x)");
} else { } else {
var jwtToken = tokenUtil.getTokenWithJWTGrantType(dynamicClientCredentials); var jwtToken = tokenUtil.getTokenWithJWTGrantType(dynamicClientCredentials);
if (!jwtToken) { if (!jwtToken) {
log.error("Could not set up encoded tenant based client credentials " + throw new Error("{/app/modules/token-handlers.js} Could not set up encoded tenant based " +
"to session context as the server is unable to obtain a jwt token."); "client credentials to session context as the server is unable to obtain " +
"a jwt token - setUpEncodedTenantBasedClientCredentials(x)");
} else { } else {
var tenantBasedClientCredentials = tokenUtil.getTenantBasedAppCredentials(username, jwtToken); var tenantBasedClientCredentials = tokenUtil.getTenantBasedAppCredentials(username, jwtToken);
if (!tenantBasedClientCredentials) { if (!tenantBasedClientCredentials) {
log.error("Could not set up encoded tenant based client credentials " + throw new Error("{/app/modules/token-handlers.js} Could not set up encoded tenant " +
"to session context as the server is unable to obtain such credentials."); "based client credentials to session context as the server is unable " +
"to obtain such credentials - setUpEncodedTenantBasedClientCredentials(x)");
} else { } else {
var encodedTenantBasedClientCredentials = var encodedTenantBasedClientCredentials =
tokenUtil.encode(tenantBasedClientCredentials["clientId"] + ":" + tokenUtil.encode(tenantBasedClientCredentials["clientId"] + ":" +
@ -57,34 +68,18 @@ var apiWrapperUtil = function () {
} }
}; };
publicMethods.refreshToken = function () {
var accessTokenPair = parse(session.get(constants["ACCESS_TOKEN_PAIR_IDENTIFIER"]));
// accessTokenPair includes current access token as well as current refresh token
var encodedClientCredentials = session.get(constants["ENCODED_CLIENT_KEYS_IDENTIFIER"]);
if (!accessTokenPair || !encodedClientCredentials) {
log.error("Error in refreshing tokens. Either the access token pair, " +
"encoded client credentials or both input are not found under session context.");
} else {
var newAccessTokenPair = tokenUtil.refreshToken(accessTokenPair, encodedClientCredentials);
if (!newAccessTokenPair) {
log.error("Error in refreshing tokens. Unable to update " +
"session context with new access token pair.");
} else {
session.put(constants["ACCESS_TOKEN_PAIR_IDENTIFIER"], stringify(newAccessTokenPair));
}
}
};
publicMethods.setupAccessTokenPairByPasswordGrantType = function (username, password) { publicMethods.setupAccessTokenPairByPasswordGrantType = function (username, password) {
if (!username || !password) { if (!username || !password) {
log.error("Could not set up access token pair by password grant type. " + throw new Error("{/app/modules/token-handlers.js} Could not set up access token pair by " +
"Either username, password or both are missing as input."); "password grant type. Either username, password or both are missing as " +
"input - setupAccessTokenPairByPasswordGrantType(x, y)");
} else { } else {
privateMethods.setUpEncodedTenantBasedClientCredentials(username); privateMethods.setUpEncodedTenantBasedClientCredentials(username);
var encodedClientCredentials = session.get(constants["ENCODED_CLIENT_KEYS_IDENTIFIER"]); var encodedClientCredentials = session.get(constants["ENCODED_CLIENT_KEYS_IDENTIFIER"]);
if (!encodedClientCredentials) { if (!encodedClientCredentials) {
log.error("Could not set up access token pair by password grant type. " + throw new Error("{/app/modules/token-handlers.js} Could not set up access token pair by " +
"Encoded client credentials are missing."); "password grant type. Encoded client credentials are " +
"missing - setupAccessTokenPairByPasswordGrantType(x, y)");
} else { } else {
var accessTokenPair; var accessTokenPair;
// accessTokenPair will include current access token as well as current refresh token // accessTokenPair will include current access token as well as current refresh token
@ -97,7 +92,9 @@ var apiWrapperUtil = function () {
getTokenWithPasswordGrantType(username, getTokenWithPasswordGrantType(username,
encodeURIComponent(password), encodedClientCredentials, stringOfScopes); encodeURIComponent(password), encodedClientCredentials, stringOfScopes);
if (!accessTokenPair) { if (!accessTokenPair) {
log.error("Could not set up access token pair by password grant type. Error in token retrieval."); throw new Error("{/app/modules/token-handlers.js} Could not set up access " +
"token pair by password grant type. Error in token " +
"retrieval - setupAccessTokenPairByPasswordGrantType(x, y)");
} else { } else {
// setting up access token pair into session context as a string // setting up access token pair into session context as a string
session.put(constants["ACCESS_TOKEN_PAIR_IDENTIFIER"], stringify(accessTokenPair)); session.put(constants["ACCESS_TOKEN_PAIR_IDENTIFIER"], stringify(accessTokenPair));
@ -108,21 +105,25 @@ var apiWrapperUtil = function () {
publicMethods.setupAccessTokenPairBySamlGrantType = function (username, samlToken) { publicMethods.setupAccessTokenPairBySamlGrantType = function (username, samlToken) {
if (!username || !samlToken) { if (!username || !samlToken) {
log.error("Could not set up access token pair by saml grant type. " + throw new Error("{/app/modules/token-handlers.js} Could not set up access token pair by " +
"Either username, samlToken or both are missing as input."); "saml grant type. Either username, samlToken or both are missing as " +
"input - setupAccessTokenPairByPasswordGrantType(x, y)");
} else { } else {
privateMethods.setUpEncodedTenantBasedClientCredentials(username); privateMethods.setUpEncodedTenantBasedClientCredentials(username);
var encodedClientCredentials = session.get(constants["ENCODED_CLIENT_KEYS_IDENTIFIER"]); var encodedClientCredentials = session.get(constants["ENCODED_CLIENT_KEYS_IDENTIFIER"]);
if (!encodedClientCredentials) { if (!encodedClientCredentials) {
log.error("Could not set up access token pair by saml grant type. " + throw new Error("{/app/modules/token-handlers.js} Could not set up access token pair " +
"Encoded client credentials are missing."); "by saml grant type. Encoded client credentials are " +
"missing - setupAccessTokenPairByPasswordGrantType(x, y)");
} else { } else {
var accessTokenPair; var accessTokenPair;
// accessTokenPair will include current access token as well as current refresh token // accessTokenPair will include current access token as well as current refresh token
accessTokenPair = tokenUtil. accessTokenPair = tokenUtil.
getTokenWithSAMLGrantType(samlToken, encodedClientCredentials, "PRODUCTION"); getTokenWithSAMLGrantType(samlToken, encodedClientCredentials, "PRODUCTION");
if (!accessTokenPair) { if (!accessTokenPair) {
log.error("Could not set up access token pair by password grant type. Error in token retrieval."); throw new Error("{/app/modules/token-handlers.js} Could not set up access token " +
"pair by password grant type. Error in token " +
"retrieval - setupAccessTokenPairByPasswordGrantType(x, y)");
} else { } else {
// setting up access token pair into session context as a string // setting up access token pair into session context as a string
session.put(constants["ACCESS_TOKEN_PAIR_IDENTIFIER"], stringify(accessTokenPair)); session.put(constants["ACCESS_TOKEN_PAIR_IDENTIFIER"], stringify(accessTokenPair));
@ -131,5 +132,24 @@ var apiWrapperUtil = function () {
} }
}; };
publicMethods.refreshToken = function () {
var accessTokenPair = parse(session.get(constants["ACCESS_TOKEN_PAIR_IDENTIFIER"]));
// accessTokenPair includes current access token as well as current refresh token
var encodedClientCredentials = session.get(constants["ENCODED_CLIENT_KEYS_IDENTIFIER"]);
if (!accessTokenPair || !encodedClientCredentials) {
throw new Error("{/app/modules/token-handlers.js} Error in refreshing tokens. Either the access " +
"token pair, encoded client credentials or both input are not found under " +
"session context - refreshToken()");
} else {
var newAccessTokenPair = tokenUtil.refreshToken(accessTokenPair, encodedClientCredentials);
if (!newAccessTokenPair) {
log.error("{/app/modules/token-handlers.js} Error in refreshing tokens. Unable to update " +
"session context with new access token pair - refreshToken()");
} else {
session.put(constants["ACCESS_TOKEN_PAIR_IDENTIFIER"], stringify(newAccessTokenPair));
}
}
};
return publicMethods; return publicMethods;
}(); }();

@ -17,9 +17,13 @@
*/ */
/** /**
* This backendServiceInvoker contains the wrappers for back end jaggery calls. * ----------------------------------------------------------------------------
* Following module includes invokers
* at Jaggery Layer for calling Backend Services, protected by OAuth Tokens.
* These Services include both REST and SOAP Services.
* ----------------------------------------------------------------------------
*/ */
var backendServiceInvoker = function () { var invokers = function () {
var log = new Log("/app/modules/backend-service-invoker.js"); var log = new Log("/app/modules/backend-service-invoker.js");
var publicXMLHTTPInvokers = {}; var publicXMLHTTPInvokers = {};
@ -34,7 +38,7 @@ var backendServiceInvoker = function () {
var devicemgtProps = require("/app/conf/reader/main.js")["conf"]; var devicemgtProps = require("/app/conf/reader/main.js")["conf"];
var constants = require("/app/modules/constants.js"); var constants = require("/app/modules/constants.js");
var userModule = require("/app/modules/user.js")["userModule"]; var userModule = require("/app/modules/user.js")["userModule"];
var tokenUtil = require("/app/modules/api-wrapper-util.js")["apiWrapperUtil"]; var tokenUtil = require("/app/modules/api-wrapper-util.js")["handlers"];
/** /**
* This method reads the token pair from the session and return the access token. * This method reads the token pair from the session and return the access token.
@ -43,7 +47,7 @@ var backendServiceInvoker = function () {
privateMethods.getAccessToken = function () { privateMethods.getAccessToken = function () {
var tokenPair = parse(session.get(constants["ACCESS_TOKEN_PAIR_IDENTIFIER"])); var tokenPair = parse(session.get(constants["ACCESS_TOKEN_PAIR_IDENTIFIER"]));
if (tokenPair) { if (tokenPair) {
return tokenPair.accessToken; return tokenPair["accessToken"];
} else { } else {
return null; return null;
} }
@ -78,7 +82,7 @@ var backendServiceInvoker = function () {
}); });
} else { } else {
xmlHttpRequest. xmlHttpRequest.
setRequestHeader(constants["AUTHORIZATION_HEADER"], constants["BEARER_PREFIX"] + accessToken); setRequestHeader(constants["AUTHORIZATION_HEADER"], constants["BEARER_PREFIX"] + accessToken);
} }
} }
@ -307,7 +311,7 @@ var backendServiceInvoker = function () {
publicHTTPClientInvokers.get = function (url, successCallback, errorCallback) { publicHTTPClientInvokers.get = function (url, successCallback, errorCallback) {
var requestPayload = null; var requestPayload = null;
return privateMethods. return privateMethods.
initiateHTTPClientRequest(constants["HTTP_GET"], url, successCallback, errorCallback, requestPayload); initiateHTTPClientRequest(constants["HTTP_GET"], url, successCallback, errorCallback, requestPayload);
}; };
/** /**
@ -319,7 +323,7 @@ var backendServiceInvoker = function () {
*/ */
publicHTTPClientInvokers.post = function (url, payload, successCallback, errorCallback) { publicHTTPClientInvokers.post = function (url, payload, successCallback, errorCallback) {
return privateMethods. return privateMethods.
initiateHTTPClientRequest(constants["HTTP_POST"], url, successCallback, errorCallback, payload); initiateHTTPClientRequest(constants["HTTP_POST"], url, successCallback, errorCallback, payload);
}; };
/** /**
@ -331,7 +335,7 @@ var backendServiceInvoker = function () {
*/ */
publicHTTPClientInvokers.put = function (url, payload, successCallback, errorCallback) { publicHTTPClientInvokers.put = function (url, payload, successCallback, errorCallback) {
return privateMethods. return privateMethods.
initiateHTTPClientRequest(constants["HTTP_PUT"], url, successCallback, errorCallback, payload); initiateHTTPClientRequest(constants["HTTP_PUT"], url, successCallback, errorCallback, payload);
}; };
/** /**
@ -343,7 +347,7 @@ var backendServiceInvoker = function () {
publicHTTPClientInvokers.delete = function (url, successCallback, errorCallback) { publicHTTPClientInvokers.delete = function (url, successCallback, errorCallback) {
var requestPayload = null; var requestPayload = null;
return privateMethods. return privateMethods.
initiateHTTPClientRequest(constants["HTTP_DELETE"], url, successCallback, errorCallback, requestPayload); initiateHTTPClientRequest(constants["HTTP_DELETE"], url, successCallback, errorCallback, requestPayload);
}; };
var publicMethods = {}; var publicMethods = {};

@ -23,7 +23,7 @@ deviceModule = function () {
var utility = require('/app/modules/utility.js').utility; var utility = require('/app/modules/utility.js').utility;
var constants = require('/app/modules/constants.js'); var constants = require('/app/modules/constants.js');
var devicemgtProps = require("/app/conf/reader/main.js")["conf"]; var devicemgtProps = require("/app/conf/reader/main.js")["conf"];
var serviceInvokers = require("/app/modules/backend-service-invoker.js").backendServiceInvoker; var serviceInvokers = require("/app/modules/backend-service-invoker.js")["invokers"];
var ArrayList = Packages.java.util.ArrayList; var ArrayList = Packages.java.util.ArrayList;
var Properties = Packages.java.util.Properties; var Properties = Packages.java.util.Properties;

@ -24,7 +24,7 @@ var groupModule = {};
var constants = require('/app/modules/constants.js'); var constants = require('/app/modules/constants.js');
var devicemgtProps = require("/app/conf/reader/main.js")["conf"]; var devicemgtProps = require("/app/conf/reader/main.js")["conf"];
var utility = require("/app/modules/utility.js").utility; var utility = require("/app/modules/utility.js").utility;
var serviceInvokers = require("/app/modules/backend-service-invoker.js").backendServiceInvoker; var serviceInvokers = require("/app/modules/backend-service-invoker.js")["invokers"];
var groupServiceEndpoint = devicemgtProps["httpsURL"] + constants.ADMIN_SERVICE_CONTEXT + "/groups"; var groupServiceEndpoint = devicemgtProps["httpsURL"] + constants.ADMIN_SERVICE_CONTEXT + "/groups";

@ -24,7 +24,7 @@ var onFail;
var constants = require("/app/modules/constants.js"); var constants = require("/app/modules/constants.js");
onSuccess = function (context) { onSuccess = function (context) {
var utility = require("/app/modules/utility.js").utility; var utility = require("/app/modules/utility.js").utility;
var apiWrapperUtil = require("/app/modules/api-wrapper-util.js").apiWrapperUtil; var apiWrapperUtil = require("/app/modules/api-wrapper-util.js")["handlers"];
if (context.input.samlToken) { if (context.input.samlToken) {
apiWrapperUtil.setupAccessTokenPairBySamlGrantType(context.input.username, context.input.samlToken); apiWrapperUtil.setupAccessTokenPairBySamlGrantType(context.input.username, context.input.samlToken);
} else { } else {

@ -21,7 +21,7 @@ var operationModule = function () {
var utility = require('/app/modules/utility.js').utility; var utility = require('/app/modules/utility.js').utility;
var constants = require('/app/modules/constants.js'); var constants = require('/app/modules/constants.js');
var devicemgtProps = require("/app/conf/reader/main.js")["conf"]; var devicemgtProps = require("/app/conf/reader/main.js")["conf"];
var serviceInvokers = require("/app/modules/backend-service-invoker.js").backendServiceInvoker; var serviceInvokers = require("/app/modules/backend-service-invoker.js")["invokers"];;
var publicMethods = {}; var publicMethods = {};
var privateMethods = {}; var privateMethods = {};

@ -26,7 +26,7 @@ policyModule = function () {
var constants = require('/app/modules/constants.js'); var constants = require('/app/modules/constants.js');
var utility = require("/app/modules/utility.js")["utility"]; var utility = require("/app/modules/utility.js")["utility"];
var devicemgtProps = require("/app/conf/reader/main.js")["conf"]; var devicemgtProps = require("/app/conf/reader/main.js")["conf"];
var serviceInvokers = require("/app/modules/backend-service-invoker.js").backendServiceInvoker; var serviceInvokers = require("/app/modules/backend-service-invoker.js")["invokers"];
var publicMethods = {}; var publicMethods = {};
var privateMethods = {}; var privateMethods = {};

@ -16,55 +16,59 @@
* under the License. * under the License.
*/ */
var serverAddress = function () { /*
var log = new Log("serverAddress.js"); @Deprecated - new
var process = require("process"), */
host = process.getProperty('server.host'),
ip = process.getProperty('carbon.local.ip'); //var serverAddress = function () {
var publicMethods = {}; // var log = new Log("serverAddress.js");
publicMethods.getHTTPSAddress = function () { // var process = require("process"),
var port = process.getProperty('mgt.transport.https.proxyPort'); // host = process.getProperty('server.host'),
if (!port) { // ip = process.getProperty('carbon.local.ip');
port = process.getProperty('mgt.transport.https.port'); // var publicMethods = {};
} // publicMethods.getHTTPSAddress = function () {
if (host === "localhost") { // var port = process.getProperty('mgt.transport.https.proxyPort');
return "https://" + ip + ":" + port; // if (!port) {
} else { // port = process.getProperty('mgt.transport.https.port');
return "https://" + host + ":" + port; // }
} // if (host === "localhost") {
}; // return "https://" + ip + ":" + port;
publicMethods.getHPPTAddress = function () { // } else {
var port = process.getProperty('mgt.transport.http.proxyPort'); // return "https://" + host + ":" + port;
if (!port) { // }
port = process.getProperty('mgt.transport.http.port'); // };
} // publicMethods.getHPPTAddress = function () {
if (host === "localhost") { // var port = process.getProperty('mgt.transport.http.proxyPort');
return "http://" + ip + ":" + port; // if (!port) {
} else { // port = process.getProperty('mgt.transport.http.port');
return "http://" + host + ":" + port; // }
} // if (host === "localhost") {
}; // return "http://" + ip + ":" + port;
publicMethods.getWSSAddress = function () { // } else {
var port = process.getProperty('mgt.transport.https.proxyPort'); // return "http://" + host + ":" + port;
if (!port) { // }
port = process.getProperty('mgt.transport.https.port'); // };
} // publicMethods.getWSSAddress = function () {
if (host === "localhost") { // var port = process.getProperty('mgt.transport.https.proxyPort');
return "wss://" + ip + ":" + port; // if (!port) {
} else { // port = process.getProperty('mgt.transport.https.port');
return "wss://" + host + ":" + port; // }
} // if (host === "localhost") {
}; // return "wss://" + ip + ":" + port;
publicMethods.getWSAddress = function () { // } else {
var port = process.getProperty('mgt.transport.http.proxyPort'); // return "wss://" + host + ":" + port;
if (!port) { // }
port = process.getProperty('mgt.transport.http.port'); // };
} // publicMethods.getWSAddress = function () {
if (host === "localhost") { // var port = process.getProperty('mgt.transport.http.proxyPort');
return "ws://" + ip + ":" + port; // if (!port) {
} else { // port = process.getProperty('mgt.transport.http.port');
return "ws://" + host + ":" + port; // }
} // if (host === "localhost") {
}; // return "ws://" + ip + ":" + port;
return publicMethods; // } else {
}(); // return "ws://" + host + ":" + port;
// }
// };
// return publicMethods;
//}();

@ -25,7 +25,7 @@ var userModule = function () {
var constants = require("/app/modules/constants.js"); var constants = require("/app/modules/constants.js");
var utility = require("/app/modules/utility.js")["utility"]; var utility = require("/app/modules/utility.js")["utility"];
var devicemgtProps = require("/app/conf/reader/main.js")["conf"]; var devicemgtProps = require("/app/conf/reader/main.js")["conf"];
var serviceInvokers = require("/app/modules/backend-service-invoker.js")["backendServiceInvoker"]; var serviceInvokers = require("/app/modules/backend-service-invoker.js")["invokers"];
/* Initializing user manager */ /* Initializing user manager */
var carbon = require("carbon"); var carbon = require("carbon");

@ -27,7 +27,7 @@ var util = function () {
var adminUser = devicemgtProps["adminUser"]; var adminUser = devicemgtProps["adminUser"];
var clientName = devicemgtProps["clientName"]; var clientName = devicemgtProps["clientName"];
module.getDyanmicCredentials = function (owner) { module.getDynamicClientCredentials = function () {
var payload = { var payload = {
"callbackUrl": devicemgtProps.callBackUrl, "callbackUrl": devicemgtProps.callBackUrl,
"clientName": clientName, "clientName": clientName,

@ -16,12 +16,11 @@
under the License. under the License.
}} }}
{{unit "cdmf.unit.ui.title" pageTitle="Dashboard"}} {{unit "cdmf.unit.ui.title" pageTitle="Dashboard"}}
{{unit "cdmf.unit.ui.content.title" pageHeader="Dashboard"}}
{{#zone "breadcrumbs"}} {{#zone "breadcrumbs"}}
<li> <li>
<a href="{{@app.context}}/"> <a href="{{@app.context}}/">
<i class="icon fw fw-home"></i> Dashboard
</a> </a>
</li> </li>
{{/zone}} {{/zone}}

@ -16,8 +16,8 @@
under the License. under the License.
}} }}
{{#zone "bottomJs"}} {{#zone "bottomJs"}}
{{js "js/jquery.qrcode.min.js"}} {{js "js/jquery.qrcode.min.js"}}
<script type="text/javascript"> <script type="text/javascript">
var modalPopup = '.wr-modalpopup', var modalPopup = '.wr-modalpopup',
modalPopupContainer = modalPopup + ' .modalpopup-container', modalPopupContainer = modalPopup + ' .modalpopup-container',
modalPopupContent = modalPopup + ' .modalpopup-content'; modalPopupContent = modalPopup + ' .modalpopup-content';
@ -30,7 +30,6 @@
}); });
} }
/* /*
* set popup maximum height function. * set popup maximum height function.
*/ */
@ -38,14 +37,13 @@
var maxHeight = "max-height"; var maxHeight = "max-height";
var marginTop = "margin-top"; var marginTop = "margin-top";
var body = "body"; var body = "body";
$(modalPopupContent).css(maxHeight, ($(body).height() - ($(body).height()/100 * 30))); $(modalPopupContainer).css(marginTop, (-($(modalPopupContainer).height() / 2)));
$(modalPopupContainer).css(marginTop, (-($(modalPopupContainer).height()/2)));
} }
/* /*
* show popup function. * show popup function.
*/ */
function showPopup() { function showQRCodePopup() {
$(modalPopup).show(); $(modalPopup).show();
setPopupMaxHeight(); setPopupMaxHeight();
} }
@ -67,5 +65,12 @@
height: 200 height: 200
}); });
} }
</script> </script>
<script type="text/javascript">
function toggleEnrollment(){
$(".modalpopup-content").html($("#qr-code-modal").html());
generateQRCode(".modalpopup-content .qr-code");
showQRCodePopup();
}
</script>
{{/zone}} {{/zone}}

@ -30,13 +30,22 @@
</a> </a>
</li> </li>
{{/if}} {{/if}}
{{#if permissions.LIST_OWN_DEVICES}} {{#if permissions.LIST_DEVICES_ADMIN}}
<li> <li>
<a href="{{@app.context}}/devices"> <a href="{{@app.context}}/devices">
<i class="fw fw-mobile"></i> <i class="fw fw-mobile"></i>
Device Management Device Management
</a> </a>
</li> </li>
{{else}}
{{#if permissions.LIST_OWN_DEVICES}}
<li>
<a href="{{@app.context}}/devices">
<i class="fw fw-mobile"></i>
Device Management
</a>
</li>
{{/if}}
{{/if}} {{/if}}
{{#if permissions.LIST_GROUPS}} {{#if permissions.LIST_GROUPS}}
<li> <li>
@ -46,35 +55,63 @@
</a> </a>
</li> </li>
{{/if}} {{/if}}
{{#if permissions.ADD_USER}} <li><a><i class="fw fw-user"></i>User Management</a>
<li> <ul>
<a href="{{@app.context}}/users"> {{#if permissions.LIST_USERS}}
<i class="fw fw-user"></i> <li><a href="{{@app.context}}/users"><i class="fw fw-user"></i>Users</a></li>
User Management {{/if}}
</a>
</li> {{#if permissions.LIST_ROLES}}
{{/if}} <li><a href="{{@app.context}}/roles"><i class="fw fw-bookmark"></i>Roles</a></li>
{{#if permissions.ADD_ROLE}} {{/if}}
<li> </ul>
<a href="{{@app.context}}/roles"> </li>
<i class="fw fw-bookmark"></i> {{#if permissions.LIST_POLICIES}}
Role Management <li><a href="{{@app.context}}/policies"><i class="fw fw-policy"></i>Policy Management</a></li>
</a>
</li>
{{/if}}
{{#if permissions.ADD_POLICY}}
<li>
<a href="{{@app.context}}/policies">
<i class="fw fw-policy"></i>
Policy Management
</a>
</li>
{{/if}} {{/if}}
{{#if permissions.TENANT_CONFIGURATION}} <li><a><i class="fw fw-settings"></i>Configuration Management</a>
<li> <ul>
<a href="{{@app.context}}/platform-configuration"> {{#if permissions.TENANT_CONFIGURATION}}
<i class="fw fw-settings"></i>Platform Configurations <li><a href="{{@app.context}}/platform-configuration"><i class="fw fw-service"></i>Platform Configurations</a>
</li>
{{/if}}
<!-- todo change the permission and get the related permission -->
{{#if permissions.TENANT_CONFIGURATION}}
<li><a href="{{@app.context}}/certificates"><i class="fw fw-security-policy"></i>Certificate Configurations</a>
</li>
{{/if}}
</ul>
</li>
{{/zone}}
{{#zone "navbarCollapsableRightItems"}}
<ul id="notification-bubble-wrapper" class="nav navbar-nav navbar-right">
<li class="visible-inline-block">
<!--<a href="{{appContext}}notification-listing" title="Failures of operations on the device side will be listed here">-->
<a data-toggle="sidebar" data-target="#right-sidebar" data-container=".page-content"
aria-expanded="false" rel="notifications-sidebar">
<span class="icon fw-stack">
<i class="fw fw-notification fw-stack-1x"></i>
</span>
<span class="hidden-xs">Notifications</span>
<span class="badge notifications" id="notification-bubble"></span>
</a> </a>
</li> </li>
{{/if}} </ul>
{{/zone}} {{/zone}}
{{#zone "sidePanes"}}
<div class="sidebar-wrapper" id="right-sidebar" is-authorized="{{isAuthorizedForNotifications}}"
data-side="right" data-width="320" data-sidebar-fixed="true" data-fixed-offset="50" data-spy="affix"
data-offset-top="80">
<ul class="sidebar-messages">
</ul>
<h4 class="text-center"><a href="{{appContext}}notification-listing" class="text-center">Show all notifications</a>
</h4>
</div>
{{/zone}}
{{#zone "bottomJs"}}
<script id="notifications" data-current-user="{{currentUser.username}}"
data-image-resource="{{self.publicURL}}/images/" src="{{self.publicURL}}/templates/notifications.hbs"
type="text/x-handlebars-template"></script>
{{js "js/nav-menu.js"}}
{{/zone}}

@ -1,28 +1,56 @@
/* /*
* Copyright (c) 2016, WSO2 Inc. (http://www.wso2.org) All Rights Reserved. * Copyright (c) 2015, WSO2 Inc. (http://www.wso2.org) All Rights Reserved.
* *
* WSO2 Inc. licenses this file to you under the Apache License, * WSO2 Inc. licenses this file to you under the Apache License,
* Version 2.0 (the "License"); you may not use this file except * Version 2.0 (the "License"); you may not use this file except
* in compliance with the License. * in compliance with the License.
* You may obtain a copy of the License at * You may obtain a copy of the License at
* *
* http://www.apache.org/licenses/LICENSE-2.0 * http://www.apache.org/licenses/LICENSE-2.0
* *
* Unless required by applicable law or agreed to in writing, * Unless required by applicable law or agreed to in writing,
* software distributed under the License is distributed on an * software distributed under the License is distributed on an
* "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND,
* KIND, either express or implied. See the License for the * either express or implied. See the License for the
* specific language governing permissions and limitations * specific language governing permissions and limitations
* under the License. * under the License.
*/ */
function onRequest(context) { function onRequest(context) {
var userModule = require("/app/modules/user.js").userModule; context.handlebars.registerHelper('equal', function (lvalue, rvalue, options) {
if (arguments.length < 3) {
throw new Error("Handlebars Helper equal needs 2 parameters");
}
if (lvalue != rvalue) {
return options.inverse(this);
} else {
return options.fn(this);
}
});
var userModule = require("/app/modules/user.js")["userModule"];
var mdmProps = require('/app/conf/reader/main.js')["conf"];
var constants = require("/app/modules/constants.js"); var constants = require("/app/modules/constants.js");
var carbonUser = session.get(constants.USER_SESSION_KEY); var uiPermissions = userModule.getUIPermissions();
var page_data = {}; context["permissions"] = uiPermissions;
if (carbonUser){
page_data.permissions = userModule.getUIPermissions(); var links = {
} "user-mgt": [],
return page_data; "role-mgt": [],
"policy-mgt": [],
"device-mgt": []
};
// following context.link value comes here based on the value passed at the point
// where units are attached to a page zone.
// eg: {{unit "appbar" pageLink="users" title="User Management"}}
context["currentActions"] = links[context["pageLink"]];
context["enrollmentURL"] = mdmProps["generalConfig"]["host"] + mdmProps["enrollmentDir"];
var isAuthorizedForNotifications =
userModule.isAuthorized("/permission/admin/device-mgt/emm-admin/notifications/view");
var currentUser = session.get(constants["USER_SESSION_KEY"]);
context["isAuthorizedForNotifications"] = isAuthorizedForNotifications;
context["currentUser"] = currentUser;
context["appContext"] = mdmProps["appContext"];
return context;
} }

@ -0,0 +1,47 @@
//---------------------------------------------------------------------
// QRCode for JavaScript
//
// Copyright (c) 2009 Kazuhiko Arase
//
// URL: http://www.d-project.com/
//
// Licensed under the MIT license:
// http://www.opensource.org/licenses/mit-license.php
//
// The word "QR Code" is registered trademark of
// DENSO WAVE INCORPORATED
// http://www.denso-wave.com/qrcode/faqpatent-e.html
//
//---------------------------------------------------------------------
//---------------------------------------------------------------------
// QR8bitByte
//---------------------------------------------------------------------
(function(r){r.fn.qrcode=function(h){var s;function u(a){this.mode=s;this.data=a}function o(a,c){this.typeNumber=a;this.errorCorrectLevel=c;this.modules=null;this.moduleCount=0;this.dataCache=null;this.dataList=[]}function q(a,c){if(void 0==a.length)throw Error(a.length+"/"+c);for(var d=0;d<a.length&&0==a[d];)d++;this.num=Array(a.length-d+c);for(var b=0;b<a.length-d;b++)this.num[b]=a[b+d]}function p(a,c){this.totalCount=a;this.dataCount=c}function t(){this.buffer=[];this.length=0}u.prototype={getLength:function(){return this.data.length},
write:function(a){for(var c=0;c<this.data.length;c++)a.put(this.data.charCodeAt(c),8)}};o.prototype={addData:function(a){this.dataList.push(new u(a));this.dataCache=null},isDark:function(a,c){if(0>a||this.moduleCount<=a||0>c||this.moduleCount<=c)throw Error(a+","+c);return this.modules[a][c]},getModuleCount:function(){return this.moduleCount},make:function(){if(1>this.typeNumber){for(var a=1,a=1;40>a;a++){for(var c=p.getRSBlocks(a,this.errorCorrectLevel),d=new t,b=0,e=0;e<c.length;e++)b+=c[e].dataCount;
for(e=0;e<this.dataList.length;e++)c=this.dataList[e],d.put(c.mode,4),d.put(c.getLength(),j.getLengthInBits(c.mode,a)),c.write(d);if(d.getLengthInBits()<=8*b)break}this.typeNumber=a}this.makeImpl(!1,this.getBestMaskPattern())},makeImpl:function(a,c){this.moduleCount=4*this.typeNumber+17;this.modules=Array(this.moduleCount);for(var d=0;d<this.moduleCount;d++){this.modules[d]=Array(this.moduleCount);for(var b=0;b<this.moduleCount;b++)this.modules[d][b]=null}this.setupPositionProbePattern(0,0);this.setupPositionProbePattern(this.moduleCount-
7,0);this.setupPositionProbePattern(0,this.moduleCount-7);this.setupPositionAdjustPattern();this.setupTimingPattern();this.setupTypeInfo(a,c);7<=this.typeNumber&&this.setupTypeNumber(a);null==this.dataCache&&(this.dataCache=o.createData(this.typeNumber,this.errorCorrectLevel,this.dataList));this.mapData(this.dataCache,c)},setupPositionProbePattern:function(a,c){for(var d=-1;7>=d;d++)if(!(-1>=a+d||this.moduleCount<=a+d))for(var b=-1;7>=b;b++)-1>=c+b||this.moduleCount<=c+b||(this.modules[a+d][c+b]=
0<=d&&6>=d&&(0==b||6==b)||0<=b&&6>=b&&(0==d||6==d)||2<=d&&4>=d&&2<=b&&4>=b?!0:!1)},getBestMaskPattern:function(){for(var a=0,c=0,d=0;8>d;d++){this.makeImpl(!0,d);var b=j.getLostPoint(this);if(0==d||a>b)a=b,c=d}return c},createMovieClip:function(a,c,d){a=a.createEmptyMovieClip(c,d);this.make();for(c=0;c<this.modules.length;c++)for(var d=1*c,b=0;b<this.modules[c].length;b++){var e=1*b;this.modules[c][b]&&(a.beginFill(0,100),a.moveTo(e,d),a.lineTo(e+1,d),a.lineTo(e+1,d+1),a.lineTo(e,d+1),a.endFill())}return a},
setupTimingPattern:function(){for(var a=8;a<this.moduleCount-8;a++)null==this.modules[a][6]&&(this.modules[a][6]=0==a%2);for(a=8;a<this.moduleCount-8;a++)null==this.modules[6][a]&&(this.modules[6][a]=0==a%2)},setupPositionAdjustPattern:function(){for(var a=j.getPatternPosition(this.typeNumber),c=0;c<a.length;c++)for(var d=0;d<a.length;d++){var b=a[c],e=a[d];if(null==this.modules[b][e])for(var f=-2;2>=f;f++)for(var i=-2;2>=i;i++)this.modules[b+f][e+i]=-2==f||2==f||-2==i||2==i||0==f&&0==i?!0:!1}},setupTypeNumber:function(a){for(var c=
j.getBCHTypeNumber(this.typeNumber),d=0;18>d;d++){var b=!a&&1==(c>>d&1);this.modules[Math.floor(d/3)][d%3+this.moduleCount-8-3]=b}for(d=0;18>d;d++)b=!a&&1==(c>>d&1),this.modules[d%3+this.moduleCount-8-3][Math.floor(d/3)]=b},setupTypeInfo:function(a,c){for(var d=j.getBCHTypeInfo(this.errorCorrectLevel<<3|c),b=0;15>b;b++){var e=!a&&1==(d>>b&1);6>b?this.modules[b][8]=e:8>b?this.modules[b+1][8]=e:this.modules[this.moduleCount-15+b][8]=e}for(b=0;15>b;b++)e=!a&&1==(d>>b&1),8>b?this.modules[8][this.moduleCount-
b-1]=e:9>b?this.modules[8][15-b-1+1]=e:this.modules[8][15-b-1]=e;this.modules[this.moduleCount-8][8]=!a},mapData:function(a,c){for(var d=-1,b=this.moduleCount-1,e=7,f=0,i=this.moduleCount-1;0<i;i-=2)for(6==i&&i--;;){for(var g=0;2>g;g++)if(null==this.modules[b][i-g]){var n=!1;f<a.length&&(n=1==(a[f]>>>e&1));j.getMask(c,b,i-g)&&(n=!n);this.modules[b][i-g]=n;e--; -1==e&&(f++,e=7)}b+=d;if(0>b||this.moduleCount<=b){b-=d;d=-d;break}}}};o.PAD0=236;o.PAD1=17;o.createData=function(a,c,d){for(var c=p.getRSBlocks(a,
c),b=new t,e=0;e<d.length;e++){var f=d[e];b.put(f.mode,4);b.put(f.getLength(),j.getLengthInBits(f.mode,a));f.write(b)}for(e=a=0;e<c.length;e++)a+=c[e].dataCount;if(b.getLengthInBits()>8*a)throw Error("code length overflow. ("+b.getLengthInBits()+">"+8*a+")");for(b.getLengthInBits()+4<=8*a&&b.put(0,4);0!=b.getLengthInBits()%8;)b.putBit(!1);for(;!(b.getLengthInBits()>=8*a);){b.put(o.PAD0,8);if(b.getLengthInBits()>=8*a)break;b.put(o.PAD1,8)}return o.createBytes(b,c)};o.createBytes=function(a,c){for(var d=
0,b=0,e=0,f=Array(c.length),i=Array(c.length),g=0;g<c.length;g++){var n=c[g].dataCount,h=c[g].totalCount-n,b=Math.max(b,n),e=Math.max(e,h);f[g]=Array(n);for(var k=0;k<f[g].length;k++)f[g][k]=255&a.buffer[k+d];d+=n;k=j.getErrorCorrectPolynomial(h);n=(new q(f[g],k.getLength()-1)).mod(k);i[g]=Array(k.getLength()-1);for(k=0;k<i[g].length;k++)h=k+n.getLength()-i[g].length,i[g][k]=0<=h?n.get(h):0}for(k=g=0;k<c.length;k++)g+=c[k].totalCount;d=Array(g);for(k=n=0;k<b;k++)for(g=0;g<c.length;g++)k<f[g].length&&
(d[n++]=f[g][k]);for(k=0;k<e;k++)for(g=0;g<c.length;g++)k<i[g].length&&(d[n++]=i[g][k]);return d};s=4;for(var j={PATTERN_POSITION_TABLE:[[],[6,18],[6,22],[6,26],[6,30],[6,34],[6,22,38],[6,24,42],[6,26,46],[6,28,50],[6,30,54],[6,32,58],[6,34,62],[6,26,46,66],[6,26,48,70],[6,26,50,74],[6,30,54,78],[6,30,56,82],[6,30,58,86],[6,34,62,90],[6,28,50,72,94],[6,26,50,74,98],[6,30,54,78,102],[6,28,54,80,106],[6,32,58,84,110],[6,30,58,86,114],[6,34,62,90,118],[6,26,50,74,98,122],[6,30,54,78,102,126],[6,26,52,
78,104,130],[6,30,56,82,108,134],[6,34,60,86,112,138],[6,30,58,86,114,142],[6,34,62,90,118,146],[6,30,54,78,102,126,150],[6,24,50,76,102,128,154],[6,28,54,80,106,132,158],[6,32,58,84,110,136,162],[6,26,54,82,110,138,166],[6,30,58,86,114,142,170]],G15:1335,G18:7973,G15_MASK:21522,getBCHTypeInfo:function(a){for(var c=a<<10;0<=j.getBCHDigit(c)-j.getBCHDigit(j.G15);)c^=j.G15<<j.getBCHDigit(c)-j.getBCHDigit(j.G15);return(a<<10|c)^j.G15_MASK},getBCHTypeNumber:function(a){for(var c=a<<12;0<=j.getBCHDigit(c)-
j.getBCHDigit(j.G18);)c^=j.G18<<j.getBCHDigit(c)-j.getBCHDigit(j.G18);return a<<12|c},getBCHDigit:function(a){for(var c=0;0!=a;)c++,a>>>=1;return c},getPatternPosition:function(a){return j.PATTERN_POSITION_TABLE[a-1]},getMask:function(a,c,d){switch(a){case 0:return 0==(c+d)%2;case 1:return 0==c%2;case 2:return 0==d%3;case 3:return 0==(c+d)%3;case 4:return 0==(Math.floor(c/2)+Math.floor(d/3))%2;case 5:return 0==c*d%2+c*d%3;case 6:return 0==(c*d%2+c*d%3)%2;case 7:return 0==(c*d%3+(c+d)%2)%2;default:throw Error("bad maskPattern:"+
a);}},getErrorCorrectPolynomial:function(a){for(var c=new q([1],0),d=0;d<a;d++)c=c.multiply(new q([1,l.gexp(d)],0));return c},getLengthInBits:function(a,c){if(1<=c&&10>c)switch(a){case 1:return 10;case 2:return 9;case s:return 8;case 8:return 8;default:throw Error("mode:"+a);}else if(27>c)switch(a){case 1:return 12;case 2:return 11;case s:return 16;case 8:return 10;default:throw Error("mode:"+a);}else if(41>c)switch(a){case 1:return 14;case 2:return 13;case s:return 16;case 8:return 12;default:throw Error("mode:"+
a);}else throw Error("type:"+c);},getLostPoint:function(a){for(var c=a.getModuleCount(),d=0,b=0;b<c;b++)for(var e=0;e<c;e++){for(var f=0,i=a.isDark(b,e),g=-1;1>=g;g++)if(!(0>b+g||c<=b+g))for(var h=-1;1>=h;h++)0>e+h||c<=e+h||0==g&&0==h||i==a.isDark(b+g,e+h)&&f++;5<f&&(d+=3+f-5)}for(b=0;b<c-1;b++)for(e=0;e<c-1;e++)if(f=0,a.isDark(b,e)&&f++,a.isDark(b+1,e)&&f++,a.isDark(b,e+1)&&f++,a.isDark(b+1,e+1)&&f++,0==f||4==f)d+=3;for(b=0;b<c;b++)for(e=0;e<c-6;e++)a.isDark(b,e)&&!a.isDark(b,e+1)&&a.isDark(b,e+
2)&&a.isDark(b,e+3)&&a.isDark(b,e+4)&&!a.isDark(b,e+5)&&a.isDark(b,e+6)&&(d+=40);for(e=0;e<c;e++)for(b=0;b<c-6;b++)a.isDark(b,e)&&!a.isDark(b+1,e)&&a.isDark(b+2,e)&&a.isDark(b+3,e)&&a.isDark(b+4,e)&&!a.isDark(b+5,e)&&a.isDark(b+6,e)&&(d+=40);for(e=f=0;e<c;e++)for(b=0;b<c;b++)a.isDark(b,e)&&f++;a=Math.abs(100*f/c/c-50)/5;return d+10*a}},l={glog:function(a){if(1>a)throw Error("glog("+a+")");return l.LOG_TABLE[a]},gexp:function(a){for(;0>a;)a+=255;for(;256<=a;)a-=255;return l.EXP_TABLE[a]},EXP_TABLE:Array(256),
LOG_TABLE:Array(256)},m=0;8>m;m++)l.EXP_TABLE[m]=1<<m;for(m=8;256>m;m++)l.EXP_TABLE[m]=l.EXP_TABLE[m-4]^l.EXP_TABLE[m-5]^l.EXP_TABLE[m-6]^l.EXP_TABLE[m-8];for(m=0;255>m;m++)l.LOG_TABLE[l.EXP_TABLE[m]]=m;q.prototype={get:function(a){return this.num[a]},getLength:function(){return this.num.length},multiply:function(a){for(var c=Array(this.getLength()+a.getLength()-1),d=0;d<this.getLength();d++)for(var b=0;b<a.getLength();b++)c[d+b]^=l.gexp(l.glog(this.get(d))+l.glog(a.get(b)));return new q(c,0)},mod:function(a){if(0>
this.getLength()-a.getLength())return this;for(var c=l.glog(this.get(0))-l.glog(a.get(0)),d=Array(this.getLength()),b=0;b<this.getLength();b++)d[b]=this.get(b);for(b=0;b<a.getLength();b++)d[b]^=l.gexp(l.glog(a.get(b))+c);return(new q(d,0)).mod(a)}};p.RS_BLOCK_TABLE=[[1,26,19],[1,26,16],[1,26,13],[1,26,9],[1,44,34],[1,44,28],[1,44,22],[1,44,16],[1,70,55],[1,70,44],[2,35,17],[2,35,13],[1,100,80],[2,50,32],[2,50,24],[4,25,9],[1,134,108],[2,67,43],[2,33,15,2,34,16],[2,33,11,2,34,12],[2,86,68],[4,43,27],
[4,43,19],[4,43,15],[2,98,78],[4,49,31],[2,32,14,4,33,15],[4,39,13,1,40,14],[2,121,97],[2,60,38,2,61,39],[4,40,18,2,41,19],[4,40,14,2,41,15],[2,146,116],[3,58,36,2,59,37],[4,36,16,4,37,17],[4,36,12,4,37,13],[2,86,68,2,87,69],[4,69,43,1,70,44],[6,43,19,2,44,20],[6,43,15,2,44,16],[4,101,81],[1,80,50,4,81,51],[4,50,22,4,51,23],[3,36,12,8,37,13],[2,116,92,2,117,93],[6,58,36,2,59,37],[4,46,20,6,47,21],[7,42,14,4,43,15],[4,133,107],[8,59,37,1,60,38],[8,44,20,4,45,21],[12,33,11,4,34,12],[3,145,115,1,146,
116],[4,64,40,5,65,41],[11,36,16,5,37,17],[11,36,12,5,37,13],[5,109,87,1,110,88],[5,65,41,5,66,42],[5,54,24,7,55,25],[11,36,12],[5,122,98,1,123,99],[7,73,45,3,74,46],[15,43,19,2,44,20],[3,45,15,13,46,16],[1,135,107,5,136,108],[10,74,46,1,75,47],[1,50,22,15,51,23],[2,42,14,17,43,15],[5,150,120,1,151,121],[9,69,43,4,70,44],[17,50,22,1,51,23],[2,42,14,19,43,15],[3,141,113,4,142,114],[3,70,44,11,71,45],[17,47,21,4,48,22],[9,39,13,16,40,14],[3,135,107,5,136,108],[3,67,41,13,68,42],[15,54,24,5,55,25],[15,
43,15,10,44,16],[4,144,116,4,145,117],[17,68,42],[17,50,22,6,51,23],[19,46,16,6,47,17],[2,139,111,7,140,112],[17,74,46],[7,54,24,16,55,25],[34,37,13],[4,151,121,5,152,122],[4,75,47,14,76,48],[11,54,24,14,55,25],[16,45,15,14,46,16],[6,147,117,4,148,118],[6,73,45,14,74,46],[11,54,24,16,55,25],[30,46,16,2,47,17],[8,132,106,4,133,107],[8,75,47,13,76,48],[7,54,24,22,55,25],[22,45,15,13,46,16],[10,142,114,2,143,115],[19,74,46,4,75,47],[28,50,22,6,51,23],[33,46,16,4,47,17],[8,152,122,4,153,123],[22,73,45,
3,74,46],[8,53,23,26,54,24],[12,45,15,28,46,16],[3,147,117,10,148,118],[3,73,45,23,74,46],[4,54,24,31,55,25],[11,45,15,31,46,16],[7,146,116,7,147,117],[21,73,45,7,74,46],[1,53,23,37,54,24],[19,45,15,26,46,16],[5,145,115,10,146,116],[19,75,47,10,76,48],[15,54,24,25,55,25],[23,45,15,25,46,16],[13,145,115,3,146,116],[2,74,46,29,75,47],[42,54,24,1,55,25],[23,45,15,28,46,16],[17,145,115],[10,74,46,23,75,47],[10,54,24,35,55,25],[19,45,15,35,46,16],[17,145,115,1,146,116],[14,74,46,21,75,47],[29,54,24,19,
55,25],[11,45,15,46,46,16],[13,145,115,6,146,116],[14,74,46,23,75,47],[44,54,24,7,55,25],[59,46,16,1,47,17],[12,151,121,7,152,122],[12,75,47,26,76,48],[39,54,24,14,55,25],[22,45,15,41,46,16],[6,151,121,14,152,122],[6,75,47,34,76,48],[46,54,24,10,55,25],[2,45,15,64,46,16],[17,152,122,4,153,123],[29,74,46,14,75,47],[49,54,24,10,55,25],[24,45,15,46,46,16],[4,152,122,18,153,123],[13,74,46,32,75,47],[48,54,24,14,55,25],[42,45,15,32,46,16],[20,147,117,4,148,118],[40,75,47,7,76,48],[43,54,24,22,55,25],[10,
45,15,67,46,16],[19,148,118,6,149,119],[18,75,47,31,76,48],[34,54,24,34,55,25],[20,45,15,61,46,16]];p.getRSBlocks=function(a,c){var d=p.getRsBlockTable(a,c);if(void 0==d)throw Error("bad rs block @ typeNumber:"+a+"/errorCorrectLevel:"+c);for(var b=d.length/3,e=[],f=0;f<b;f++)for(var h=d[3*f+0],g=d[3*f+1],j=d[3*f+2],l=0;l<h;l++)e.push(new p(g,j));return e};p.getRsBlockTable=function(a,c){switch(c){case 1:return p.RS_BLOCK_TABLE[4*(a-1)+0];case 0:return p.RS_BLOCK_TABLE[4*(a-1)+1];case 3:return p.RS_BLOCK_TABLE[4*
(a-1)+2];case 2:return p.RS_BLOCK_TABLE[4*(a-1)+3]}};t.prototype={get:function(a){return 1==(this.buffer[Math.floor(a/8)]>>>7-a%8&1)},put:function(a,c){for(var d=0;d<c;d++)this.putBit(1==(a>>>c-d-1&1))},getLengthInBits:function(){return this.length},putBit:function(a){var c=Math.floor(this.length/8);this.buffer.length<=c&&this.buffer.push(0);a&&(this.buffer[c]|=128>>>this.length%8);this.length++}};"string"===typeof h&&(h={text:h});h=r.extend({},{render:"canvas",width:256,height:256,typeNumber:-1,
correctLevel:2,background:"#ffffff",foreground:"#000000"},h);return this.each(function(){var a;if("canvas"==h.render){a=new o(h.typeNumber,h.correctLevel);a.addData(h.text);a.make();var c=document.createElement("canvas");c.width=h.width;c.height=h.height;for(var d=c.getContext("2d"),b=h.width/a.getModuleCount(),e=h.height/a.getModuleCount(),f=0;f<a.getModuleCount();f++)for(var i=0;i<a.getModuleCount();i++){d.fillStyle=a.isDark(f,i)?h.foreground:h.background;var g=Math.ceil((i+1)*b)-Math.floor(i*b),
j=Math.ceil((f+1)*b)-Math.floor(f*b);d.fillRect(Math.round(i*b),Math.round(f*e),g,j)}}else{a=new o(h.typeNumber,h.correctLevel);a.addData(h.text);a.make();c=r("<table></table>").css("width",h.width+"px").css("height",h.height+"px").css("border","0px").css("border-collapse","collapse").css("background-color",h.background);d=h.width/a.getModuleCount();b=h.height/a.getModuleCount();for(e=0;e<a.getModuleCount();e++){f=r("<tr></tr>").css("height",b+"px").appendTo(c);for(i=0;i<a.getModuleCount();i++)r("<td></td>").css("width",
d+"px").css("background-color",a.isDark(e,i)?h.foreground:h.background).appendTo(f)}}a=c;jQuery(a).appendTo(this)})}})(jQuery);

@ -0,0 +1,351 @@
/*
* Copyright (c) 2015, WSO2 Inc. (http://www.wso2.org) All Rights Reserved.
*
* WSO2 Inc. licenses this file to you under the Apache License,
* Version 2.0 (the "License"); you may not use this file except
* in compliance with the License.
* You may obtain a copy of the License at
*
* http://www.apache.org/licenses/LICENSE-2.0
*
* Unless required by applicable law or agreed to in writing,
* software distributed under the License is distributed on an
* "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND,
* either express or implied. See the License for the
* specific language governing permissions and limitations
* under the License.
*/
var modalPopup = ".wr-modalpopup",
modalPopupContainer = modalPopup + " .modalpopup-container",
modalPopupContent = modalPopup + " .modalpopup-content";
var emmAdminBasePath = "/api/device-mgt/v1.0";
/*
* set popup maximum height function.
*/
function setPopupMaxHeight() {
var maxHeight = "max-height";
var marginTop = "margin-top";
var body = "body";
$(modalPopupContent).css(maxHeight, ($(body).height() - ($(body).height() / 100 * 30)));
$(modalPopupContainer).css(marginTop, (-($(modalPopupContainer).height() / 2)));
}
/*
* show popup function.
*/
function showPopup() {
$(modalPopup).show();
setPopupMaxHeight();
}
/*
* hide popup function.
*/
function hidePopup() {
$(modalPopupContent).html("");
$(modalPopupContent).removeClass("operation-data");
$(modalPopup).hide();
}
var updateNotificationCount = function (data, textStatus, jqXHR) {
if (jqXHR.status == 200 && data) {
var responsePayload = JSON.parse(data);
var newNotificationsCount = responsePayload.count;
if (newNotificationsCount > 0) {
$("#notification-bubble").html(newNotificationsCount);
}
// } else {
// $("#notification-bubble").html("Error");
// }
}
};
function loadNotificationsPanel() {
if ("true" == $("#right-sidebar").attr("is-authorized")) {
var serviceURL = emmAdminBasePath + "/notifications?status=NEW";
invokerUtil.get(serviceURL, updateNotificationCount, hideNotificationCount);
loadNewNotifications();
} else {
$("#notification-bubble-wrapper").remove();
}
}
function hideNotificationCount(jqXHR) {
if (jqXHR.status == 404) {
// this means "no new notifications to show"
$("#notification-bubble").hide();
} else {
$("#notification-bubble").html("Error");
}
}
function loadNewNotifications() {
var messageSideBar = ".sidebar-messages";
if ($("#right-sidebar").attr("is-authorized") == "true") {
var notifications = $("#notifications");
var currentUser = notifications.data("currentUser");
$.template("notification-listing", notifications.attr("src"), function (template) {
var serviceURL = emmAdminBasePath + "/notifications?status=NEW";
var successCallback = function (data, textStatus, jqXHR) {
if (jqXHR.status == 200 && data) {
var viewModel = {};
var responsePayload = JSON.parse(data);
if (responsePayload.notifications) {
viewModel.notifications = responsePayload.notifications;
if (responsePayload.count > 0) {
$(messageSideBar).html(template(viewModel));
} else {
$(messageSideBar).html("<h4 class='text-center'>No new notifications found...</h4>");
}
} else {
$(messageSideBar).html("<h4 class ='message-danger'>Unexpected error occurred while loading new notifications.</h4>");
}
}
};
var errorCallback = function (jqXHR) {
if (jqXHR.status = 500) {
$(messageSideBar).html("<h4 class ='message-danger'>Unexpected error occurred while trying " +
"to retrieve any new notifications.</h4>");
}
};
invokerUtil.get(serviceURL, successCallback, errorCallback);
});
} else {
$(messageSideBar).html("<h4 class ='message-danger'>You are not authorized to view notifications</h4>");
}
}
/**
* Toggle function for
* notification listing sidebar.
* @return {Null}
*/
$.sidebar_toggle = function (action, target, container) {
var elem = '[data-toggle=sidebar]',
button,
containerOffsetLeft,
containerOffsetRight,
targetOffsetLeft,
targetOffsetRight,
targetWidth,
targetSide,
relationship,
pushType,
buttonParent;
var sidebar_window = {
update: function (target, container, button) {
containerOffsetLeft = $(container).data('offset-left') ? $(container).data('offset-left') : 0;
containerOffsetRight = $(container).data('offset-right') ? $(container).data('offset-right') : 0;
targetOffsetLeft = $(target).data('offset-left') ? $(target).data('offset-left') : 0;
targetOffsetRight = $(target).data('offset-right') ? $(target).data('offset-right') : 0;
targetWidth = $(target).data('width');
targetSide = $(target).data("side");
pushType = $(container).parent().is('body') == true ? 'padding' : 'margin';
if (button !== undefined) {
relationship = button.attr('rel') ? button.attr('rel') : '';
buttonParent = $(button).parent();
}
},
show: function () {
if ($(target).data('sidebar-fixed') == true) {
$(target).height($(window).height() - $(target).data('fixed-offset'));
}
$(target).trigger('show.sidebar');
if (targetWidth !== undefined) {
$(target).css('width', targetWidth);
}
$(target).addClass('toggled');
if (button !== undefined) {
if (relationship !== '') {
// Removing active class from all relative buttons
$(elem + '[rel=' + relationship + ']:not([data-handle=close])').removeClass("active");
$(elem + '[rel=' + relationship + ']:not([data-handle=close])').attr('aria-expanded', 'false');
}
// Adding active class to button
if (button.attr('data-handle') !== 'close') {
button.addClass("active");
button.attr('aria-expanded', 'true');
}
if (buttonParent.is('li')) {
if (relationship !== '') {
$(elem + '[rel=' + relationship + ']:not([data-handle=close])').parent().removeClass("active");
$(elem + '[rel=' + relationship + ']:not([data-handle=close])').parent().
attr('aria-expanded', 'false');
}
buttonParent.addClass("active");
buttonParent.attr('aria-expanded', 'true');
}
}
// Sidebar open function
if (targetSide == 'left') {
if ((button !== undefined) && (button.attr('data-container-divide'))) {
$(container).css(pushType + '-' + targetSide, targetWidth + targetOffsetLeft);
}
$(target).css(targetSide, targetOffsetLeft);
} else if (targetSide == 'right') {
if ((button !== undefined) && (button.attr('data-container-divide'))) {
$(container).css(pushType + '-' + targetSide, targetWidth + targetOffsetRight);
}
$(target).css(targetSide, targetOffsetRight);
}
$(target).trigger('shown.sidebar');
},
hide: function () {
$(target).trigger('hide.sidebar');
$(target).removeClass('toggled');
if (button !== undefined) {
if (relationship !== '') {
// Removing active class from all relative buttons
$(elem + '[rel=' + relationship + ']:not([data-handle=close])').removeClass("active");
$(elem + '[rel=' + relationship + ']:not([data-handle=close])').attr('aria-expanded', 'false');
}
// Removing active class from button
if (button.attr('data-handle') !== 'close') {
button.removeClass("active");
button.attr('aria-expanded', 'false');
}
if ($(button).parent().is('li')) {
if (relationship !== '') {
$(elem + '[rel=' + relationship + ']:not([data-handle=close])').parent().removeClass("active");
$(elem + '[rel=' + relationship + ']:not([data-handle=close])').parent().
attr('aria-expanded', 'false');
}
}
}
// Sidebar close function
if (targetSide == 'left') {
if ((button !== undefined) && (button.attr('data-container-divide'))) {
$(container).css(pushType + '-' + targetSide, targetOffsetLeft);
}
$(target).css(targetSide, -Math.abs(targetWidth + targetOffsetLeft));
} else if (targetSide == 'right') {
if ((button !== undefined) && (button.attr('data-container-divide'))) {
$(container).css(pushType + '-' + targetSide, targetOffsetRight);
}
$(target).css(targetSide, -Math.abs(targetWidth + targetOffsetRight));
}
$(target).trigger('hidden.sidebar');
}
};
if (action === 'show') {
sidebar_window.update(target, container);
sidebar_window.show();
}
if (action === 'hide') {
sidebar_window.update(target, container);
sidebar_window.hide();
}
// binding click function
var body = 'body';
$(body).off('click', elem);
$(body).on('click', elem, function (e) {
e.preventDefault();
button = $(this);
container = button.data('container');
target = button.data('target');
sidebar_window.update(target, container, button);
/**
* Sidebar function on data container divide
* @return {Null}
*/
if (button.attr('aria-expanded') == 'false') {
sidebar_window.show();
} else if (button.attr('aria-expanded') == 'true') {
sidebar_window.hide();
}
});
};
$.fn.collapse_nav_sub = function () {
var navSelector = 'ul.nav';
if (!$(navSelector).hasClass('collapse-nav-sub')) {
$(navSelector + ' > li', this).each(function () {
var position = $(this).offset().left - $(this).parent().scrollLeft();
$(this).attr('data-absolute-position', (position + 5));
});
$(navSelector + ' li', this).each(function () {
if ($('ul', this).length !== 0) {
$(this).addClass('has-sub');
}
});
$(navSelector + ' > li', this).each(function () {
$(this).css({
'left': $(this).data('absolute-position'),
'position': 'absolute'
});
});
$(navSelector + ' li.has-sub', this).on('click', function () {
var elem = $(this);
if (elem.attr('aria-expanded') !== 'true') {
elem.siblings().fadeOut(100, function () {
elem.animate({'left': '15'}, 200, function () {
$(elem).first().children('ul').fadeIn(200);
});
});
elem.siblings().attr('aria-expanded', 'false');
elem.attr('aria-expanded', 'true');
} else {
$(elem).first().children('ul').fadeOut(100, function () {
elem.animate({'left': $(elem).data('absolute-position')}, 200, function () {
elem.siblings().fadeIn(100);
});
});
elem.siblings().attr('aria-expanded', 'false');
elem.attr('aria-expanded', 'false');
}
});
$(navSelector + ' > li.has-sub ul', this).on('click', function (e) {
e.stopPropagation();
});
$(navSelector).addClass('collapse-nav-sub');
}
};
$(document).ready(function () {
loadNotificationsPanel();
$.sidebar_toggle();
$("#right-sidebar").on("click", ".new-notification", function () {
var notificationId = $(this).data("id");
var redirectUrl = $(this).data("url");
var markAsReadNotificationsAPI = "/mdm-admin/notifications/" + notificationId + "/CHECKED";
var messageSideBar = ".sidebar-messages";
invokerUtil.put(
markAsReadNotificationsAPI,
null,
function (data) {
data = JSON.parse(data);
if (data.statusCode == responseCodes["ACCEPTED"]) {
location.href = redirectUrl;
}
}, function () {
var content = "<li class='message message-danger'><h4><i class='icon fw fw-error'></i>Warning</h4>" +
"<p>Unexpected error occurred while loading notification. Please refresh the page and" +
" try again</p></li>";
$(messageSideBar).html(content);
}
);
});
if (typeof $.fn.collapse == 'function') {
$('.navbar-collapse.tiles').on('shown.bs.collapse', function () {
$(this).collapse_nav_sub();
});
}
});

@ -0,0 +1,14 @@
{{#each notifications}}
<li class="message message-info" data-type="selectable" >
<h4>
<i class="icon fw fw-info"></i>
<a href="device?type={{deviceIdentifier.type}}&id={{deviceIdentifier.id}}"
data-id="{{notificationId}}"
data-url="device?type={{deviceIdentifier.type}}&id={{deviceIdentifier.id}}"
class="new-notification" data-click-event="remove-form">
Device Type : {{deviceIdentifier.type}}
</a>
</h4>
<p>{{description}}</p>
</li>
{{/each}}

@ -50,6 +50,10 @@
<groupId>org.wso2.carbon.apimgt</groupId> <groupId>org.wso2.carbon.apimgt</groupId>
<artifactId>org.wso2.carbon.apimgt.impl</artifactId> <artifactId>org.wso2.carbon.apimgt.impl</artifactId>
</dependency> </dependency>
<dependency>
<groupId>org.wso2.carbon.apimgt</groupId>
<artifactId>org.wso2.carbon.apimgt.keymgt</artifactId>
</dependency>
<dependency> <dependency>
<groupId>com.googlecode.json-simple.wso2</groupId> <groupId>com.googlecode.json-simple.wso2</groupId>
<artifactId>json-simple</artifactId> <artifactId>json-simple</artifactId>
@ -95,40 +99,41 @@
org.wso2.carbon.device.mgt.*, org.wso2.carbon.device.mgt.*,
org.wso2.carbon.identity.application.common.model, org.wso2.carbon.identity.application.common.model,
org.wso2.carbon.identity.oauth.callback, org.wso2.carbon.identity.oauth.callback,
org.wso2.carbon.identity.oauth.common,
org.wso2.carbon.identity.oauth2, org.wso2.carbon.identity.oauth2,
org.wso2.carbon.identity.oauth2.model, org.wso2.carbon.identity.oauth2.model,
org.wso2.carbon.identity.oauth2.validators, org.wso2.carbon.identity.oauth2.validators,
org.wso2.carbon.user.api, org.wso2.carbon.user.api,
org.wso2.carbon.user.core.service, org.wso2.carbon.user.core.service,
org.wso2.carbon.identity.application.common.model,
org.wso2.carbon.identity.application.authentication.framework.model,
org.wso2.carbon.user.core.tenant, org.wso2.carbon.user.core.tenant,
org.json.simple, org.json.simple,
javax.cache, javax.cache,
javax.xml.namespace,
org.apache.axiom.om,
org.wso2.carbon.apimgt.api, org.wso2.carbon.apimgt.api,
org.wso2.carbon.apimgt.impl, org.wso2.carbon.apimgt.impl,
org.wso2.carbon.apimgt.impl.dao, org.wso2.carbon.apimgt.impl.dao,
org.wso2.carbon.apimgt.impl.utils, org.wso2.carbon.apimgt.impl.utils,
org.wso2.carbon.identity.application.common.cache,
org.wso2.carbon.identity.core.util, org.wso2.carbon.identity.core.util,
org.wso2.carbon.identity.oauth2.dto, org.wso2.carbon.identity.oauth2.dto,
org.wso2.carbon.identity.oauth2.token, org.wso2.carbon.identity.oauth2.token,
org.wso2.carbon.identity.oauth2.token.handlers.grant, org.apache.oltu.oauth2.common.validators,
org.wso2.carbon.user.core,
org.wso2.carbon.user.core.config,
org.wso2.carbon.user.core.util,
org.wso2.carbon.utils, org.wso2.carbon.utils,
org.wso2.carbon.context, org.wso2.carbon.context,
org.wso2.carbon.identity.oauth.cache, org.wso2.carbon.identity.oauth.cache,
org.wso2.carbon.identity.oauth.config, org.wso2.carbon.identity.oauth.config,
org.wso2.carbon.identity.oauth2.dao, org.wso2.carbon.identity.oauth2.dao,
org.wso2.carbon.utils.multitenancy, org.wso2.carbon.utils.multitenancy,
org.wso2.carbon.base,
org.wso2.carbon.identity.oauth2.grant.jwt.*, org.wso2.carbon.identity.oauth2.grant.jwt.*,
org.wso2.carbon.device.mgt.core.* org.wso2.carbon.device.mgt.core.*,
javax.xml.bind,
javax.xml.bind.annotation,
javax.xml.parsers,
org.w3c.dom,
org.wso2.carbon.apimgt.keymgt,
org.wso2.carbon.apimgt.keymgt.handlers,
com.google.gson,
org.apache.commons.codec.binary,
org.wso2.carbon.identity.application.authentication.framework.model,
org.apache.oltu.oauth2.common,
org.wso2.carbon.base
</Import-Package> </Import-Package>
</instructions> </instructions>
</configuration> </configuration>

@ -0,0 +1,30 @@
package org.wso2.carbon.device.mgt.oauth.extensions;
import org.wso2.carbon.device.mgt.common.DeviceIdentifier;
import java.util.List;
/**
* This class holds the request format for device for grant type.
*/
public class DeviceRequestDTO {
private List<DeviceIdentifier> deviceIdentifiers;
private String scope;
public List<DeviceIdentifier> getDeviceIdentifiers() {
return deviceIdentifiers;
}
public void setDeviceIdentifiers(List<DeviceIdentifier> deviceIdentifiers) {
this.deviceIdentifiers = deviceIdentifiers;
}
public String getScope() {
return scope;
}
public void setScope(String scope) {
this.scope = scope;
}
}

@ -0,0 +1,13 @@
package org.wso2.carbon.device.mgt.oauth.extensions;
/**
* This hold the OAuthConstants related oauth extensions.
*/
public class OAuthConstants {
public static final String DEFAULT_DEVICE_ASSERTION = "device";
public static final String DEFAULT_USERNAME_IDENTIFIER = "username";
public static final String DEFAULT_PASSWORD_IDENTIFIER = "password";
}

@ -18,17 +18,25 @@
package org.wso2.carbon.device.mgt.oauth.extensions; package org.wso2.carbon.device.mgt.oauth.extensions;
import com.google.gson.Gson;
import org.apache.commons.codec.binary.Base64;
import org.apache.commons.logging.Log; import org.apache.commons.logging.Log;
import org.apache.commons.logging.LogFactory; import org.apache.commons.logging.LogFactory;
import org.w3c.dom.Document;
import org.wso2.carbon.apimgt.api.APIManagementException; import org.wso2.carbon.apimgt.api.APIManagementException;
import org.wso2.carbon.apimgt.impl.APIConstants; import org.wso2.carbon.apimgt.impl.APIConstants;
import org.wso2.carbon.apimgt.impl.dao.ApiMgtDAO; import org.wso2.carbon.apimgt.impl.dao.ApiMgtDAO;
import org.wso2.carbon.apimgt.impl.utils.APIUtil; import org.wso2.carbon.apimgt.impl.utils.APIUtil;
import org.wso2.carbon.apimgt.keymgt.ScopesIssuer;
import org.wso2.carbon.context.PrivilegedCarbonContext; import org.wso2.carbon.context.PrivilegedCarbonContext;
import org.wso2.carbon.device.mgt.common.DeviceIdentifier; import org.wso2.carbon.device.mgt.common.DeviceIdentifier;
import org.wso2.carbon.device.mgt.common.DeviceManagementException; import org.wso2.carbon.device.mgt.common.authorization.DeviceAccessAuthorizationException;
import org.wso2.carbon.device.mgt.common.authorization.DeviceAuthorizationResult;
import org.wso2.carbon.device.mgt.oauth.extensions.config.DeviceMgtScopesConfig;
import org.wso2.carbon.device.mgt.oauth.extensions.config.DeviceMgtScopesConfigurationFailedException;
import org.wso2.carbon.device.mgt.oauth.extensions.internal.OAuthExtensionsDataHolder; import org.wso2.carbon.device.mgt.oauth.extensions.internal.OAuthExtensionsDataHolder;
import org.wso2.carbon.identity.core.util.IdentityTenantUtil; import org.wso2.carbon.identity.core.util.IdentityTenantUtil;
import org.wso2.carbon.identity.oauth2.model.RequestParameter;
import org.wso2.carbon.identity.oauth2.token.OAuthTokenReqMessageContext; import org.wso2.carbon.identity.oauth2.token.OAuthTokenReqMessageContext;
import org.wso2.carbon.user.api.TenantManager; import org.wso2.carbon.user.api.TenantManager;
import org.wso2.carbon.user.api.UserRealm; import org.wso2.carbon.user.api.UserRealm;
@ -36,6 +44,9 @@ import org.wso2.carbon.user.api.UserStoreException;
import org.wso2.carbon.user.core.service.RealmService; import org.wso2.carbon.user.core.service.RealmService;
import javax.cache.Caching; import javax.cache.Caching;
import javax.xml.parsers.DocumentBuilder;
import javax.xml.parsers.DocumentBuilderFactory;
import java.io.File;
import java.util.ArrayList; import java.util.ArrayList;
import java.util.Arrays; import java.util.Arrays;
import java.util.List; import java.util.List;
@ -51,7 +62,8 @@ public class OAuthExtUtils {
private static final String UI_EXECUTE = "ui.execute"; private static final String UI_EXECUTE = "ui.execute";
private static final String REST_API_SCOPE_CACHE = "REST_API_SCOPE_CACHE"; private static final String REST_API_SCOPE_CACHE = "REST_API_SCOPE_CACHE";
private static final int START_INDEX = 0; private static final int START_INDEX = 0;
private static final String CDMF_SCOPE_SEPERATOR = "/"; private static final String DEFAULT_SCOPE_TAG = "device-mgt";
/** /**
* This method is used to get the tenant id when given tenant domain. * This method is used to get the tenant id when given tenant domain.
* *
@ -114,7 +126,7 @@ public class OAuthExtUtils {
restAPIScopesOfCurrentTenant = APIUtil. restAPIScopesOfCurrentTenant = APIUtil.
getRESTAPIScopesFromConfig(APIUtil.getTenantRESTAPIScopesConfig(tenantDomain)); getRESTAPIScopesFromConfig(APIUtil.getTenantRESTAPIScopesConfig(tenantDomain));
//call load tenant config for rest API. //call load tenant org.wso2.carbon.device.mgt.iot.output.adapter.ui.config for rest API.
//then put cache //then put cache
appScopes.putAll(restAPIScopesOfCurrentTenant); appScopes.putAll(restAPIScopesOfCurrentTenant);
Caching.getCacheManager(APIConstants.API_MANAGER_CACHE_MANAGER) Caching.getCacheManager(APIConstants.API_MANAGER_CACHE_MANAGER)
@ -166,20 +178,6 @@ public class OAuthExtUtils {
return false; return false;
} }
/**
* Determines if the scope is specified with CDMF device scope prefix.
*
* @param scope - The scope key to check
* @return - 'true' if the scope has the prefix. 'false' if not.
*/
private static boolean isCDMFDeviceSpecificScope(String scope) {
// load white listed scopes
if (scope.startsWith(OAuthExtensionsDataHolder.getInstance().getDeviceScope())) {
return true;
}
return false;
}
/** /**
* Get the set of default scopes. If a requested scope is matches with the patterns specified in the white list, * Get the set of default scopes. If a requested scope is matches with the patterns specified in the white list,
* then such scopes will be issued without further validation. If the scope list is empty, * then such scopes will be issued without further validation. If the scope list is empty,
@ -275,27 +273,6 @@ public class OAuthExtUtils {
else if (appScopes.containsKey(scope) || isWhiteListedScope(scope)) { else if (appScopes.containsKey(scope) || isWhiteListedScope(scope)) {
authorizedScopes.add(scope); authorizedScopes.add(scope);
} }
//check whether is device specific scope (CDMF)
else if (isCDMFDeviceSpecificScope(scope)) {
PrivilegedCarbonContext.startTenantFlow();
PrivilegedCarbonContext.getThreadLocalCarbonContext().setTenantId(tenantId, true);
try {
String deviceId[] = scope.split(CDMF_SCOPE_SEPERATOR);
DeviceIdentifier deviceIdentifier = new DeviceIdentifier(deviceId[2], deviceId[1]);
boolean enrolled = OAuthExtensionsDataHolder.getInstance().getDeviceManagementService().isEnrolled(
deviceIdentifier, tokReqMsgCtx.getAuthorizedUser().getUserName());
if (enrolled) {
authorizedScopes.add(scope);
}
} catch (DeviceManagementException e) {
log.error("Error occurred while checking device scope with CDMF", e);
} catch (ArrayIndexOutOfBoundsException e) {
log.error("Invalid scope format, have to adhere [prefix/devicetype/deviceId]", e);
}finally {
PrivilegedCarbonContext.endTenantFlow();
}
}
} }
} catch (UserStoreException e) { } catch (UserStoreException e) {
log.error("Error occurred while initializing user store.", e); log.error("Error occurred while initializing user store.", e);
@ -311,4 +288,82 @@ public class OAuthExtUtils {
return trimmedName.substring(START_INDEX, trimmedName.lastIndexOf('@')); return trimmedName.substring(START_INDEX, trimmedName.lastIndexOf('@'));
} }
public static boolean validateScope(OAuthTokenReqMessageContext tokReqMsgCtx) {
boolean isScopesSet = ScopesIssuer.getInstance().setScopes(tokReqMsgCtx);
if (isScopesSet) {
PrivilegedCarbonContext.startTenantFlow();
PrivilegedCarbonContext.getThreadLocalCarbonContext().setTenantDomain(
tokReqMsgCtx.getAuthorizedUser().getTenantDomain(), true);
String username = tokReqMsgCtx.getAuthorizedUser().getUserName();
PrivilegedCarbonContext.getThreadLocalCarbonContext().setUsername(username);
try {
DeviceRequestDTO deviceRequestDTO = null;
RequestParameter parameters[] = tokReqMsgCtx.getOauth2AccessTokenReqDTO().getRequestParameters();
for (RequestParameter parameter : parameters) {
if (OAuthConstants.DEFAULT_DEVICE_ASSERTION.equals(parameter.getKey())) {
String deviceJson = parameter.getValue()[0];
Gson gson = new Gson();
deviceRequestDTO = gson.fromJson(new String(Base64.decodeBase64(deviceJson)),
DeviceRequestDTO.class);
}
}
if (deviceRequestDTO != null) {
String requestScopes = deviceRequestDTO.getScope();
String scopeNames[] = requestScopes.split(" ");
for (String scopeName : scopeNames) {
List<DeviceIdentifier> deviceIdentifiers = deviceRequestDTO.getDeviceIdentifiers();
DeviceAuthorizationResult deviceAuthorizationResult = OAuthExtensionsDataHolder.getInstance()
.getDeviceAccessAuthorizationService()
.isUserAuthorized(deviceIdentifiers, username, getPermissions(scopeName));
if (deviceAuthorizationResult != null &&
deviceAuthorizationResult.getAuthorizedDevices() != null) {
String scopes[] = tokReqMsgCtx.getScope();
String authorizedScopes[] = new String[scopes.length + deviceAuthorizationResult
.getAuthorizedDevices().size()];
int scopeIndex = 0;
for (String scope : scopes) {
authorizedScopes[scopeIndex] = scope;
scopeIndex++;
}
for (DeviceIdentifier deviceIdentifier : deviceAuthorizationResult.getAuthorizedDevices()) {
authorizedScopes[scopeIndex] =
DEFAULT_SCOPE_TAG + ":" + deviceIdentifier.getType() + ":" +
deviceIdentifier.getId() + ":" + scopeName;
scopeIndex++;
}
tokReqMsgCtx.setScope(authorizedScopes);
}
}
}
} catch (DeviceAccessAuthorizationException e) {
log.error("Error occurred while checking authorization for the user " + username, e);
} finally {
PrivilegedCarbonContext.endTenantFlow();
}
}
return isScopesSet;
}
/**
* retrieve the permission related to given scope.
* @param scopeName requested scope action
* @return set of permission associated with the given scope.
*/
private static String[] getPermissions(String scopeName) {
return DeviceMgtScopesConfig.getInstance().getDeviceMgtScopePermissionMap().get(scopeName);
}
public static Document convertToDocument(File file) throws DeviceMgtScopesConfigurationFailedException {
DocumentBuilderFactory factory = DocumentBuilderFactory.newInstance();
factory.setNamespaceAware(true);
try {
DocumentBuilder docBuilder = factory.newDocumentBuilder();
return docBuilder.parse(file);
} catch (Exception e) {
throw new DeviceMgtScopesConfigurationFailedException("Error occurred while parsing file, while converting " +
"to a org.w3c.dom.Document", e);
}
}
} }

@ -0,0 +1,90 @@
package org.wso2.carbon.device.mgt.oauth.extensions.config;
import javax.xml.bind.annotation.XmlAccessType;
import javax.xml.bind.annotation.XmlAccessorType;
import javax.xml.bind.annotation.XmlAttribute;
import javax.xml.bind.annotation.XmlElement;
import javax.xml.bind.annotation.XmlType;
/**
* <p>Java class for Action complex type.
*
* <p>The following schema fragment specifies the expected content contained within this class.
*
* <pre>
* &lt;complexType name="Action">
* &lt;complexContent>
* &lt;restriction base="{http://www.w3.org/2001/XMLSchema}anyType">
* &lt;sequence>
* &lt;element name="Permissions" type="{}Permissions"/>
* &lt;/sequence>
* &lt;attribute name="name" type="{http://www.w3.org/2001/XMLSchema}string" />
* &lt;/restriction>
* &lt;/complexContent>
* &lt;/complexType>
* </pre>
*
*
*/
@XmlAccessorType(XmlAccessType.FIELD)
@XmlType(name = "Action", propOrder = {
"permissions"
})
public class Action {
@XmlElement(name = "Permissions", required = true)
protected Permissions permissions;
@XmlAttribute(name = "name")
protected String name;
/**
* Gets the value of the permissions property.
*
* @return
* possible object is
* {@link Permissions }
*
*/
public Permissions getPermissions() {
return permissions;
}
/**
* Sets the value of the permissions property.
*
* @param value
* allowed object is
* {@link Permissions }
*
*/
public void setPermissions(Permissions value) {
this.permissions = value;
}
/**
* Gets the value of the name property.
*
* @return
* possible object is
* {@link String }
*
*/
public String getName() {
return name;
}
/**
* Sets the value of the name property.
*
* @param value
* allowed object is
* {@link String }
*
*/
public void setName(String value) {
this.name = value;
}
}

@ -0,0 +1,67 @@
package org.wso2.carbon.device.mgt.oauth.extensions.config;
import java.util.ArrayList;
import java.util.List;
import javax.xml.bind.annotation.XmlAccessType;
import javax.xml.bind.annotation.XmlAccessorType;
import javax.xml.bind.annotation.XmlElement;
import javax.xml.bind.annotation.XmlRootElement;
import javax.xml.bind.annotation.XmlType;
/**
* <p>Java class for DeviceMgtScopes complex type.
*
* <p>The following schema fragment specifies the expected content contained within this class.
*
* <pre>
* &lt;complexType name="DeviceMgtScopes">
* &lt;complexContent>
* &lt;restriction base="{http://www.w3.org/2001/XMLSchema}anyType">
* &lt;sequence>
* &lt;element name="Action" type="{}Action" maxOccurs="unbounded" minOccurs="0"/>
* &lt;/sequence>
* &lt;/restriction>
* &lt;/complexContent>
* &lt;/complexType>
* </pre>
*
*
*/
@XmlRootElement(name = "DeviceMgtScopes")
public class DeviceMgtScopes {
@XmlElement(name = "Action")
protected List<Action> action;
/**
* Gets the value of the action property.
*
* <p>
* This accessor method returns a reference to the live list,
* not a snapshot. Therefore any modification you make to the
* returned list will be present inside the JAXB object.
* This is why there is not a <CODE>set</CODE> method for the action property.
*
* <p>
* For example, to add a new item, do as follows:
* <pre>
* getAction().add(newItem);
* </pre>
*
*
* <p>
* Objects of the following type(s) are allowed in the list
* {@link Action }
*
*
*/
public List<Action> getAction() {
if (action == null) {
action = new ArrayList<Action>();
}
return this.action;
}
}

@ -0,0 +1,67 @@
package org.wso2.carbon.device.mgt.oauth.extensions.config;
import org.w3c.dom.Document;
import org.wso2.carbon.device.mgt.oauth.extensions.OAuthExtUtils;
import org.wso2.carbon.utils.CarbonUtils;
import javax.xml.bind.JAXBContext;
import javax.xml.bind.JAXBException;
import javax.xml.bind.Unmarshaller;
import java.io.File;
import java.util.HashMap;
import java.util.Map;
/**
* This class represents the configuration that are needed for scopes to permission map.
*/
public class DeviceMgtScopesConfig {
private static DeviceMgtScopesConfig config = new DeviceMgtScopesConfig();
private static Map<String, String[]> actionPermissionMap = new HashMap<>();
private static final String DEVICE_MGT_SCOPES_CONFIG_PATH =
CarbonUtils.getEtcCarbonConfigDirPath() + File.separator + "device-mgt-scopes.xml";
private DeviceMgtScopesConfig() {
}
public static DeviceMgtScopesConfig getInstance() {
return config;
}
public static void init() throws DeviceMgtScopesConfigurationFailedException {
try {
File deviceMgtConfig = new File(DEVICE_MGT_SCOPES_CONFIG_PATH);
Document doc = OAuthExtUtils.convertToDocument(deviceMgtConfig);
/* Un-marshaling DeviceMGtScope configuration */
JAXBContext ctx = JAXBContext.newInstance(DeviceMgtScopes.class);
Unmarshaller unmarshaller = ctx.createUnmarshaller();
//unmarshaller.setSchema(getSchema());
DeviceMgtScopes deviceMgtScopes = (DeviceMgtScopes) unmarshaller.unmarshal(doc);
if (deviceMgtScopes != null) {
for (Action action : deviceMgtScopes.getAction()) {
Permissions permissions = action.getPermissions();
if (permissions != null) {
String permission[] = new String[permissions.getPermission().size()];
int i = 0;
for (String perm : permissions.getPermission()) {
permission[i] = perm;
i++;
}
actionPermissionMap.put(action.getName(), permission);
}
}
}
} catch (JAXBException e) {
throw new DeviceMgtScopesConfigurationFailedException("Error occurred while un-marshalling Device Scope" +
" Config", e);
}
}
public Map<String, String[]> getDeviceMgtScopePermissionMap() {
return actionPermissionMap;
}
}

@ -0,0 +1,44 @@
/*
* Copyright (c) 2016, WSO2 Inc. (http://www.wso2.org) All Rights Reserved.
*
* WSO2 Inc. licenses this file to you under the Apache License,
* Version 2.0 (the "License"); you may not use this file except
* in compliance with the License.
* You may obtain a copy of the License at
*
* http://www.apache.org/licenses/LICENSE-2.0
*
* Unless required by applicable law or agreed to in writing,
* software distributed under the License is distributed on an
* "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
* KIND, either express or implied. See the License for the
* specific language governing permissions and limitations
* under the License.
*/
package org.wso2.carbon.device.mgt.oauth.extensions.config;
public class DeviceMgtScopesConfigurationFailedException extends Exception {
private static final long serialVersionUID = -3151279312929070398L;
public DeviceMgtScopesConfigurationFailedException(String msg, Exception nestedEx) {
super(msg, nestedEx);
}
public DeviceMgtScopesConfigurationFailedException(String message, Throwable cause) {
super(message, cause);
}
public DeviceMgtScopesConfigurationFailedException(String msg) {
super(msg);
}
public DeviceMgtScopesConfigurationFailedException() {
super();
}
public DeviceMgtScopesConfigurationFailedException(Throwable cause) {
super(cause);
}
}

@ -0,0 +1,78 @@
package org.wso2.carbon.device.mgt.oauth.extensions.config;
import java.util.ArrayList;
import java.util.List;
import javax.xml.bind.annotation.XmlAccessType;
import javax.xml.bind.annotation.XmlAccessorType;
import javax.xml.bind.annotation.XmlElement;
import javax.xml.bind.annotation.XmlType;
/**
* <p>Java class for Permissions complex type.
*
* <p>The following schema fragment specifies the expected content contained within this class.
*
* <pre>
* &lt;complexType name="Permissions">
* &lt;complexContent>
* &lt;restriction base="{http://www.w3.org/2001/XMLSchema}anyType">
* &lt;sequence>
* &lt;element name="Permission" maxOccurs="unbounded" minOccurs="0">
* &lt;simpleType>
* &lt;restriction base="{http://www.w3.org/2001/XMLSchema}string">
* &lt;enumeration value="/permission/device-mgt/user/groups/device_operation"/>
* &lt;enumeration value="/permission/device-mgt/admin/groups"/>
* &lt;enumeration value="/permission/device-mgt/user/groups"/>
* &lt;enumeration value="/permission/device-mgt/user/groups/device_monitor"/>
* &lt;/restriction>
* &lt;/simpleType>
* &lt;/element>
* &lt;/sequence>
* &lt;/restriction>
* &lt;/complexContent>
* &lt;/complexType>
* </pre>
*
*
*/
@XmlAccessorType(XmlAccessType.FIELD)
@XmlType(name = "Permissions", propOrder = {
"permission"
})
public class Permissions {
@XmlElement(name = "Permission")
protected List<String> permission;
/**
* Gets the value of the permission property.
*
* <p>
* This accessor method returns a reference to the live list,
* not a snapshot. Therefore any modification you make to the
* returned list will be present inside the JAXB object.
* This is why there is not a <CODE>set</CODE> method for the permission property.
*
* <p>
* For example, to add a new item, do as follows:
* <pre>
* getPermission().add(newItem);
* </pre>
*
*
* <p>
* Objects of the following type(s) are allowed in the list
* {@link String }
*
*
*/
public List<String> getPermission() {
if (permission == null) {
permission = new ArrayList<String>();
}
return this.permission;
}
}

@ -5,10 +5,10 @@ import org.wso2.carbon.identity.oauth2.IdentityOAuth2Exception;
import org.wso2.carbon.identity.oauth2.grant.jwt.JWTBearerGrantHandler; import org.wso2.carbon.identity.oauth2.grant.jwt.JWTBearerGrantHandler;
import org.wso2.carbon.identity.oauth2.token.OAuthTokenReqMessageContext; import org.wso2.carbon.identity.oauth2.token.OAuthTokenReqMessageContext;
public class ExtendedJWTBearerGrantHandler extends JWTBearerGrantHandler { public class ExtendedDeviceMgtJWTBearerGrantHandler extends JWTBearerGrantHandler {
@Override @Override
public boolean validateScope(OAuthTokenReqMessageContext tokReqMsgCtx) throws IdentityOAuth2Exception { public boolean validateScope(OAuthTokenReqMessageContext tokReqMsgCtx) throws IdentityOAuth2Exception {
return OAuthExtUtils.setScopes(tokReqMsgCtx); return OAuthExtUtils.validateScope(tokReqMsgCtx);
} }
} }

@ -0,0 +1,59 @@
/*
* Copyright (c) 2016, WSO2 Inc. (http://www.wso2.org) All Rights Reserved.
*
* WSO2 Inc. licenses this file to you under the Apache License,
* Version 2.0 (the "License"); you may not use this file except
* in compliance with the License.
* You may obtain a copy of the License at
*
* http://www.apache.org/licenses/LICENSE-2.0
*
* Unless required by applicable law or agreed to in writing,
* software distributed under the License is distributed on an
* "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
* KIND, either express or implied. See the License for the
* specific language governing permissions and limitations
* under the License.
*/
package org.wso2.carbon.device.mgt.oauth.extensions.handlers.grant;
import org.apache.commons.logging.Log;
import org.apache.commons.logging.LogFactory;
import org.wso2.carbon.apimgt.keymgt.handlers.ExtendedPasswordGrantHandler;
import org.wso2.carbon.device.mgt.oauth.extensions.OAuthConstants;
import org.wso2.carbon.device.mgt.oauth.extensions.OAuthExtUtils;
import org.wso2.carbon.identity.oauth2.IdentityOAuth2Exception;
import org.wso2.carbon.identity.oauth2.model.RequestParameter;
import org.wso2.carbon.identity.oauth2.token.OAuthTokenReqMessageContext;
@SuppressWarnings("unused")
public class ExtendedDeviceMgtPasswordGrantHandler extends ExtendedPasswordGrantHandler {
private static Log log = LogFactory.getLog(ExtendedDeviceMgtPasswordGrantHandler.class);
@Override
public boolean validateGrant(OAuthTokenReqMessageContext tokReqMsgCtx) throws IdentityOAuth2Exception {
RequestParameter parameters[] = tokReqMsgCtx.getOauth2AccessTokenReqDTO().getRequestParameters();
for (RequestParameter parameter : parameters) {
switch (parameter.getKey()) {
case OAuthConstants.DEFAULT_USERNAME_IDENTIFIER:
String username = parameter.getValue()[0];
tokReqMsgCtx.getOauth2AccessTokenReqDTO().setResourceOwnerUsername(username);
break;
case OAuthConstants.DEFAULT_PASSWORD_IDENTIFIER:
String password = parameter.getValue()[0];
tokReqMsgCtx.getOauth2AccessTokenReqDTO().setResourceOwnerPassword(password);
break;
}
}
return super.validateGrant(tokReqMsgCtx);
}
@Override
public boolean validateScope(OAuthTokenReqMessageContext tokReqMsgCtx) {
return OAuthExtUtils.validateScope(tokReqMsgCtx);
}
}

@ -1,328 +0,0 @@
/*
* Copyright (c) 2016, WSO2 Inc. (http://www.wso2.org) All Rights Reserved.
*
* WSO2 Inc. licenses this file to you under the Apache License,
* Version 2.0 (the "License"); you may not use this file except
* in compliance with the License.
* You may obtain a copy of the License at
*
* http://www.apache.org/licenses/LICENSE-2.0
*
* Unless required by applicable law or agreed to in writing,
* software distributed under the License is distributed on an
* "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
* KIND, either express or implied. See the License for the
* specific language governing permissions and limitations
* under the License.
*/
package org.wso2.carbon.device.mgt.oauth.extensions.handlers.grant;
import org.apache.axiom.om.OMElement;
import org.apache.commons.logging.Log;
import org.apache.commons.logging.LogFactory;
import org.wso2.carbon.device.mgt.oauth.extensions.OAuthExtUtils;
import org.wso2.carbon.device.mgt.oauth.extensions.internal.OAuthExtensionsDataHolder;
import org.wso2.carbon.identity.application.common.cache.BaseCache;
import org.wso2.carbon.identity.core.util.IdentityConfigParser;
import org.wso2.carbon.identity.core.util.IdentityCoreConstants;
import org.wso2.carbon.identity.core.util.IdentityTenantUtil;
import org.wso2.carbon.identity.oauth.common.OAuthConstants;
import org.wso2.carbon.identity.oauth2.IdentityOAuth2Exception;
import org.wso2.carbon.identity.oauth2.ResponseHeader;
import org.wso2.carbon.identity.oauth2.dto.OAuth2AccessTokenReqDTO;
import org.wso2.carbon.identity.oauth2.token.OAuthTokenReqMessageContext;
import org.wso2.carbon.identity.oauth2.token.handlers.grant.PasswordGrantHandler;
import org.wso2.carbon.user.api.Claim;
import org.wso2.carbon.user.api.UserStoreException;
import org.wso2.carbon.user.api.UserStoreManager;
import org.wso2.carbon.user.core.UserRealm;
import org.wso2.carbon.user.core.config.RealmConfiguration;
import org.wso2.carbon.user.core.service.RealmService;
import org.wso2.carbon.user.core.util.UserCoreUtil;
import javax.xml.namespace.QName;
import java.util.*;
import java.util.concurrent.ConcurrentHashMap;
@SuppressWarnings("unused")
public class ExtendedPasswordGrantHandler extends PasswordGrantHandler {
private static Log log = LogFactory.getLog(ExtendedPasswordGrantHandler.class);
private static final String CONFIG_ELEM_OAUTH = "OAuth";
// Claims that are set as response headers of access token response
private static final String REQUIRED_CLAIM_URIS = "RequiredRespHeaderClaimUris";
private BaseCache<String, Claim[]> userClaimsCache;
// Primary/Secondary Login configuration
private static final String CLAIM_URI = "ClaimUri";
private static final String LOGIN_CONFIG = "LoginConfig";
private static final String USERID_LOGIN = "UserIdLogin";
private static final String EMAIL_LOGIN = "EmailLogin";
private static final String PRIMARY_LOGIN = "primary";
private Map<String, Map<String, String>> loginConfiguration = new ConcurrentHashMap<>();
private List<String> requiredHeaderClaimUris = new ArrayList<>();
public void init() throws IdentityOAuth2Exception {
super.init();
IdentityConfigParser configParser;
configParser = IdentityConfigParser.getInstance();
OMElement oauthElem = configParser.getConfigElement(CONFIG_ELEM_OAUTH);
// Get the required claim uris that needs to be included in the response.
parseRequiredHeaderClaimUris(oauthElem.getFirstChildWithName(getQNameWithIdentityNS(REQUIRED_CLAIM_URIS)));
// read login config
parseLoginConfig(oauthElem);
userClaimsCache = new BaseCache<>("UserClaimsCache");
if (log.isDebugEnabled()) {
log.debug("Successfully created UserClaimsCache under " + OAuthConstants.OAUTH_CACHE_MANAGER);
}
}
@Override
public boolean validateGrant(OAuthTokenReqMessageContext tokReqMsgCtx)
throws IdentityOAuth2Exception {
OAuth2AccessTokenReqDTO oAuth2AccessTokenReqDTO = tokReqMsgCtx.getOauth2AccessTokenReqDTO();
String username = oAuth2AccessTokenReqDTO.getResourceOwnerUsername();
String loginUserName = getLoginUserName(username);
tokReqMsgCtx.getOauth2AccessTokenReqDTO().setResourceOwnerUsername(loginUserName);
boolean isValidated = super.validateGrant(tokReqMsgCtx);
if (isValidated) {
int tenantId;
tenantId = IdentityTenantUtil.getTenantIdOfUser(username);
RealmService realmService = OAuthExtensionsDataHolder.getInstance().getRealmService();
UserStoreManager userStoreManager;
try {
userStoreManager = realmService.getTenantUserRealm(tenantId).getUserStoreManager();
} catch (UserStoreException e) {
log.error("Error when getting the tenant's UserStoreManager", e);
return false;
}
List<ResponseHeader> respHeaders = new ArrayList<>();
if (oAuth2AccessTokenReqDTO.getResourceOwnerUsername() != null) {
try {
if (requiredHeaderClaimUris != null && !requiredHeaderClaimUris.isEmpty()) {
// Get user's claim values from the default profile.
String userStoreDomain = tokReqMsgCtx.getAuthorizedUser().getUserStoreDomain();
String endUsernameWithDomain = UserCoreUtil.
addDomainToName(oAuth2AccessTokenReqDTO.getResourceOwnerUsername(), userStoreDomain);
Claim[] mapClaimValues = getUserClaimValues(endUsernameWithDomain, userStoreManager);
if (mapClaimValues != null && mapClaimValues.length > 0) {
ResponseHeader header;
for (String claimUri : requiredHeaderClaimUris) {
for (Claim claim : mapClaimValues) {
if (claimUri.equals(claim.getClaimUri())) {
header = new ResponseHeader();
header.setKey(claim.getDisplayTag());
header.setValue(claim.getValue());
respHeaders.add(header);
break;
}
}
}
} else if (log.isDebugEnabled()) {
log.debug("No claim values for user : " + endUsernameWithDomain);
}
}
} catch (Exception e) {
throw new IdentityOAuth2Exception("Error occurred while retrieving user claims", e);
}
}
tokReqMsgCtx.addProperty("RESPONSE_HEADERS", respHeaders.toArray(new ResponseHeader[respHeaders.size()]));
}
return isValidated;
}
@Override
public boolean validateScope(OAuthTokenReqMessageContext tokReqMsgCtx) {
return OAuthExtUtils.setScopes(tokReqMsgCtx);
}
private String getLoginUserName(String userID) {
String loginUserName = userID;
if (isSecondaryLogin(userID)) {
loginUserName = getPrimaryFromSecondary(userID);
}
return loginUserName;
}
/**
* Identify whether the logged in user used his Primary Login name or
* Secondary login name
*
* @param userId - The username used to login.
* @return <code>true</code> if secondary login name is used,
* <code>false</code> if primary login name has been used
*/
private boolean isSecondaryLogin(String userId) {
if (loginConfiguration.get(EMAIL_LOGIN) != null) {
Map<String, String> emailConf = loginConfiguration.get(EMAIL_LOGIN);
if ("true".equalsIgnoreCase(emailConf.get(PRIMARY_LOGIN))) {
return !isUserLoggedInEmail(userId);
} else if ("false".equalsIgnoreCase(emailConf.get(PRIMARY_LOGIN))) {
return isUserLoggedInEmail(userId);
}
} else if (loginConfiguration.get(USERID_LOGIN) != null) {
Map<String, String> userIdConf = loginConfiguration.get(USERID_LOGIN);
if ("true".equalsIgnoreCase(userIdConf.get(PRIMARY_LOGIN))) {
return isUserLoggedInEmail(userId);
} else if ("false".equalsIgnoreCase(userIdConf.get(PRIMARY_LOGIN))) {
return !isUserLoggedInEmail(userId);
}
}
return false;
}
/**
* Identify whether the logged in user used his ordinal username or email
*
* @param userId - username used to login.
* @return - <code>true</code> if userId contains '@'. <code>false</code> otherwise
*/
private boolean isUserLoggedInEmail(String userId) {
return userId.contains("@");
}
/**
* Get the primaryLogin name using secondary login name. Primary secondary
* Configuration is provided in the identitiy.xml. In the userstore, it is
* users responsibility TO MAINTAIN THE SECONDARY LOGIN NAME AS UNIQUE for
* each and every users. If it is not unique, we will pick the very first
* entry from the userlist.
*
* @param login - username used to login.
* @return -
*/
private String getPrimaryFromSecondary(String login) {
String claimURI, username = null;
if (isUserLoggedInEmail(login)) {
Map<String, String> emailConf = loginConfiguration.get(EMAIL_LOGIN);
claimURI = emailConf.get(CLAIM_URI);
} else {
Map<String, String> userIdConf = loginConfiguration.get(USERID_LOGIN);
claimURI = userIdConf.get(CLAIM_URI);
}
try {
RealmService realmSvc = OAuthExtensionsDataHolder.getInstance().getRealmService();
RealmConfiguration config = new RealmConfiguration();
UserRealm realm = realmSvc.getUserRealm(config);
org.wso2.carbon.user.core.UserStoreManager storeManager = realm.getUserStoreManager();
String[] user = storeManager.getUserList(claimURI, login, null);
if (user.length > 0) {
username = user[0];
}
} catch (UserStoreException e) {
log.error("Error while retrieving the primaryLogin name using secondary login name : " + login, e);
}
return username;
}
private Claim[] getUserClaimValues(String authorizedUser, UserStoreManager userStoreManager)
throws
UserStoreException {
Claim[] userClaims = userClaimsCache.getValueFromCache(authorizedUser);
if (userClaims != null) {
return userClaims;
} else {
if (log.isDebugEnabled()) {
log.debug("Cache miss for user claims. Username :" + authorizedUser);
}
userClaims = userStoreManager.getUserClaimValues(
authorizedUser, null);
userClaimsCache.addToCache(authorizedUser, userClaims);
return userClaims;
}
}
/**
* Read the required claim configuration from identity.xml
*/
private void parseRequiredHeaderClaimUris(OMElement requiredClaimUrisElem) {
if (requiredClaimUrisElem == null) {
return;
}
Iterator claimUris = requiredClaimUrisElem.getChildrenWithLocalName(CLAIM_URI);
if (claimUris != null) {
while (claimUris.hasNext()) {
OMElement claimUri = (OMElement) claimUris.next();
if (claimUri != null) {
requiredHeaderClaimUris.add(claimUri.getText());
}
}
}
}
/**
* Read the primary/secondary login configuration
* <OAuth>
* ....
* <LoginConfig>
* <UserIdLogin primary="true">
* <ClaimUri></ClaimUri>
* </UserIdLogin>
* <EmailLogin primary="false">
* <ClaimUri>http://wso2.org/claims/emailaddress</ClaimUri>
* </EmailLogin>
* </LoginConfig>
* .....
* </OAuth>
*
* @param oauthConfigElem - The '<LoginConfig>' xml configuration element in the api-manager.xml
*/
private void parseLoginConfig(OMElement oauthConfigElem) {
OMElement loginConfigElem = oauthConfigElem.getFirstChildWithName(getQNameWithIdentityNS(LOGIN_CONFIG));
if (loginConfigElem != null) {
if (log.isDebugEnabled()) {
log.debug("Login configuration is set ");
}
// Primary/Secondary supported login mechanisms
OMElement emailConfigElem = loginConfigElem.getFirstChildWithName(getQNameWithIdentityNS(EMAIL_LOGIN));
OMElement userIdConfigElem = loginConfigElem.getFirstChildWithName(getQNameWithIdentityNS(USERID_LOGIN));
Map<String, String> emailConf = new HashMap<String, String>(2);
emailConf.put(PRIMARY_LOGIN,
emailConfigElem.getAttributeValue(new QName(PRIMARY_LOGIN)));
emailConf.put(CLAIM_URI,
emailConfigElem.getFirstChildWithName(getQNameWithIdentityNS(CLAIM_URI))
.getText());
Map<String, String> userIdConf = new HashMap<String, String>(2);
userIdConf.put(PRIMARY_LOGIN,
userIdConfigElem.getAttributeValue(new QName(PRIMARY_LOGIN)));
userIdConf.put(CLAIM_URI,
userIdConfigElem.getFirstChildWithName(getQNameWithIdentityNS(CLAIM_URI))
.getText());
loginConfiguration.put(EMAIL_LOGIN, emailConf);
loginConfiguration.put(USERID_LOGIN, userIdConf);
}
}
private QName getQNameWithIdentityNS(String localPart) {
return new QName(IdentityCoreConstants.IDENTITY_DEFAULT_NAMESPACE, localPart);
}
}

@ -24,8 +24,12 @@ import org.osgi.service.component.ComponentContext;
import org.wso2.carbon.apimgt.api.APIManagementException; import org.wso2.carbon.apimgt.api.APIManagementException;
import org.wso2.carbon.apimgt.impl.APIConstants; import org.wso2.carbon.apimgt.impl.APIConstants;
import org.wso2.carbon.apimgt.impl.APIManagerConfiguration; import org.wso2.carbon.apimgt.impl.APIManagerConfiguration;
import org.wso2.carbon.device.mgt.common.authorization.DeviceAccessAuthorizationException;
import org.wso2.carbon.device.mgt.common.authorization.DeviceAccessAuthorizationService;
import org.wso2.carbon.device.mgt.common.permission.mgt.PermissionManagerService; import org.wso2.carbon.device.mgt.common.permission.mgt.PermissionManagerService;
import org.wso2.carbon.device.mgt.core.service.DeviceManagementProviderService; import org.wso2.carbon.device.mgt.core.service.DeviceManagementProviderService;
import org.wso2.carbon.device.mgt.oauth.extensions.config.DeviceMgtScopesConfig;
import org.wso2.carbon.device.mgt.oauth.extensions.config.DeviceMgtScopesConfigurationFailedException;
import org.wso2.carbon.identity.oauth2.OAuth2TokenValidationService; import org.wso2.carbon.identity.oauth2.OAuth2TokenValidationService;
import org.wso2.carbon.user.core.service.RealmService; import org.wso2.carbon.user.core.service.RealmService;
import org.wso2.carbon.utils.CarbonUtils; import org.wso2.carbon.utils.CarbonUtils;
@ -54,12 +58,12 @@ import java.util.List;
* policy="dynamic" * policy="dynamic"
* bind="setPermissionManagerService" * bind="setPermissionManagerService"
* unbind="unsetPermissionManagerService" * unbind="unsetPermissionManagerService"
* @scr.reference name="org.wso2.carbon.device.manager" * @scr.reference name="org.wso2.carbon.device.authorization"
* interface="org.wso2.carbon.device.mgt.core.service.DeviceManagementProviderService" * interface="org.wso2.carbon.device.mgt.common.authorization.DeviceAccessAuthorizationService"
* cardinality="1..1" * cardinality="1..1"
* policy="dynamic" * policy="dynamic"
* bind="setDeviceManagementService" * bind="setDeviceAccessAuthorizationService"
* unbind="unsetDeviceManagementService" * unbind="unsetDeviceAccessAuthorizationService"
*/ */
public class OAuthExtensionServiceComponent { public class OAuthExtensionServiceComponent {
@ -67,8 +71,6 @@ public class OAuthExtensionServiceComponent {
private static final String REPOSITORY = "repository"; private static final String REPOSITORY = "repository";
private static final String CONFIGURATION = "conf"; private static final String CONFIGURATION = "conf";
private static final String APIM_CONF_FILE = "api-manager.xml"; private static final String APIM_CONF_FILE = "api-manager.xml";
private static final String API_KEY_MANGER_DEVICE_SCOPE = "APIKeyValidator.DeviceScope";
private static final String CDMF_DEVICE_SCOPE_PREFIX = "cdmf_";
@SuppressWarnings("unused") @SuppressWarnings("unused")
@ -77,6 +79,8 @@ public class OAuthExtensionServiceComponent {
log.debug("Starting OAuthExtensionBundle"); log.debug("Starting OAuthExtensionBundle");
} }
try { try {
DeviceMgtScopesConfig.init();
APIManagerConfiguration configuration = new APIManagerConfiguration(); APIManagerConfiguration configuration = new APIManagerConfiguration();
String filePath = new StringBuilder(). String filePath = new StringBuilder().
append(CarbonUtils.getCarbonHome()). append(CarbonUtils.getCarbonHome()).
@ -102,18 +106,10 @@ public class OAuthExtensionServiceComponent {
} }
OAuthExtensionsDataHolder.getInstance().setWhitelistedScopes(whiteList); OAuthExtensionsDataHolder.getInstance().setWhitelistedScopes(whiteList);
// Read device scope(Specific to CDMF) from Configuration.
String deviceScope = configuration.getFirstProperty(API_KEY_MANGER_DEVICE_SCOPE);
if (deviceScope == null) {
deviceScope = CDMF_DEVICE_SCOPE_PREFIX;
}
OAuthExtensionsDataHolder.getInstance().setDeviceScope(deviceScope);
} catch (APIManagementException e) { } catch (APIManagementException e) {
log.error("Error occurred while loading APIM configurations", e); log.error("Error occurred while loading DeviceMgtConfig configurations", e);
} catch (DeviceMgtScopesConfigurationFailedException e) {
log.error("Failed to initialize device scope configuration.", e);
} }
} }
@ -198,24 +194,24 @@ public class OAuthExtensionServiceComponent {
/** /**
* Set DeviceManagementProviderService * Set DeviceManagementProviderService
* @param deviceManagerService An instance of PermissionManagerService * @param deviceAccessAuthorizationService An instance of deviceAccessAuthorizationService
*/ */
protected void setDeviceManagementService(DeviceManagementProviderService deviceManagerService) { protected void setDeviceAccessAuthorizationService(DeviceAccessAuthorizationService deviceAccessAuthorizationService) {
if (log.isDebugEnabled()) { if (log.isDebugEnabled()) {
log.debug("Setting Device Management Service"); log.debug("Setting Device Management Service");
} }
OAuthExtensionsDataHolder.getInstance().setDeviceManagementService(deviceManagerService); OAuthExtensionsDataHolder.getInstance().setDeviceAccessAuthorizationService(deviceAccessAuthorizationService);
} }
/** /**
* unset DeviceManagementProviderService * unset DeviceManagementProviderService
* @param deviceManagementService An instance of PermissionManagerService * @param deviceAccessAuthorizationService An instance of deviceAccessAuthorizationService
*/ */
protected void unsetDeviceManagementService(DeviceManagementProviderService deviceManagementService) { protected void unsetDeviceAccessAuthorizationService(DeviceAccessAuthorizationService deviceAccessAuthorizationService) {
if (log.isDebugEnabled()) { if (log.isDebugEnabled()) {
log.debug("Removing Device Management Service"); log.debug("Removing Device Management Service");
} }
OAuthExtensionsDataHolder.getInstance().setDeviceManagementService(null); OAuthExtensionsDataHolder.getInstance().setDeviceAccessAuthorizationService(null);
} }
} }

@ -18,6 +18,7 @@
package org.wso2.carbon.device.mgt.oauth.extensions.internal; package org.wso2.carbon.device.mgt.oauth.extensions.internal;
import org.wso2.carbon.device.mgt.common.authorization.DeviceAccessAuthorizationService;
import org.wso2.carbon.device.mgt.common.permission.mgt.PermissionManagerService; import org.wso2.carbon.device.mgt.common.permission.mgt.PermissionManagerService;
import org.wso2.carbon.device.mgt.core.service.DeviceManagementProviderService; import org.wso2.carbon.device.mgt.core.service.DeviceManagementProviderService;
import org.wso2.carbon.identity.oauth2.OAuth2TokenValidationService; import org.wso2.carbon.identity.oauth2.OAuth2TokenValidationService;
@ -35,7 +36,7 @@ public class OAuthExtensionsDataHolder {
private PermissionManagerService permissionManagerService; private PermissionManagerService permissionManagerService;
private List<String> whitelistedScopes; private List<String> whitelistedScopes;
private String deviceScope; private String deviceScope;
private DeviceManagementProviderService deviceManagementService; private DeviceAccessAuthorizationService deviceAccessAuthorizationService;
private static OAuthExtensionsDataHolder thisInstance = new OAuthExtensionsDataHolder(); private static OAuthExtensionsDataHolder thisInstance = new OAuthExtensionsDataHolder();
@ -87,19 +88,15 @@ public class OAuthExtensionsDataHolder {
this.whitelistedScopes = whitelistedScopes; this.whitelistedScopes = whitelistedScopes;
} }
public void setDeviceScope(String deviceScope) {
this.deviceScope = deviceScope;
}
public String getDeviceScope() { public String getDeviceScope() {
return deviceScope; return deviceScope;
} }
public DeviceManagementProviderService getDeviceManagementService() { public DeviceAccessAuthorizationService getDeviceAccessAuthorizationService() {
return deviceManagementService; return deviceAccessAuthorizationService;
} }
public void setDeviceManagementService(DeviceManagementProviderService deviceManagementService) { public void setDeviceAccessAuthorizationService(DeviceAccessAuthorizationService deviceAccessAuthorizationService) {
this.deviceManagementService = deviceManagementService; this.deviceAccessAuthorizationService = deviceAccessAuthorizationService;
} }
} }

@ -0,0 +1,38 @@
/*
* Copyright (c) 2016, WSO2 Inc. (http://www.wso2.org) All Rights Reserved.
*
* WSO2 Inc. licenses this file to you under the Apache License,
* Version 2.0 (the "License"); you may not use this file except
* in compliance with the License.
* You may obtain a copy of the License at
*
* http://www.apache.org/licenses/LICENSE-2.0
*
* Unless required by applicable law or agreed to in writing,
* software distributed under the License is distributed on an
* "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
* KIND, either express or implied. See the License for the
* specific language governing permissions and limitations
* under the License
*/
package org.wso2.carbon.device.mgt.oauth.extensions.validators;
import org.apache.oltu.oauth2.common.OAuth;
import org.apache.oltu.oauth2.common.validators.AbstractValidator;
import org.wso2.carbon.device.mgt.oauth.extensions.OAuthConstants;
import javax.servlet.http.HttpServletRequest;
/**
* Grant validator for JSON Web Tokens
* For JWT Grant to be valid the required parameters are
* grant_type and assertion
*/
public class ExtendedDeviceJWTGrantValidator extends AbstractValidator<HttpServletRequest> {
public ExtendedDeviceJWTGrantValidator() {
requiredParams.add(OAuth.OAUTH_GRANT_TYPE);
requiredParams.add(OAuth.OAUTH_ASSERTION);
}
}

@ -0,0 +1,37 @@
/*
* Copyright (c) 2016, WSO2 Inc. (http://www.wso2.org) All Rights Reserved.
*
* WSO2 Inc. licenses this file to you under the Apache License,
* Version 2.0 (the "License"); you may not use this file except
* in compliance with the License.
* You may obtain a copy of the License at
*
* http://www.apache.org/licenses/LICENSE-2.0
*
* Unless required by applicable law or agreed to in writing,
* software distributed under the License is distributed on an
* "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
* KIND, either express or implied. See the License for the
* specific language governing permissions and limitations
* under the License
*/
package org.wso2.carbon.device.mgt.oauth.extensions.validators;
import org.apache.oltu.oauth2.common.OAuth;
import org.apache.oltu.oauth2.common.validators.AbstractValidator;
import org.wso2.carbon.device.mgt.oauth.extensions.OAuthConstants;
import javax.servlet.http.HttpServletRequest;
/**
* Grant validator for Device Object with Password Grant type
*/
public class ExtendedDevicePasswordGrantValidator extends AbstractValidator<HttpServletRequest> {
public ExtendedDevicePasswordGrantValidator() {
requiredParams.add(OAuth.OAUTH_USERNAME);
requiredParams.add(OAuth.OAUTH_PASSWORD);
requiredParams.add(OAuthConstants.DEFAULT_DEVICE_ASSERTION);
}
}

@ -44,6 +44,7 @@ import java.security.KeyStoreException;
import java.security.NoSuchAlgorithmException; import java.security.NoSuchAlgorithmException;
import java.util.ArrayList; import java.util.ArrayList;
import java.util.List; import java.util.List;
import java.util.Map;
/** /**
* this class represents an implementation of Token Client which is based on JWT * this class represents an implementation of Token Client which is based on JWT
@ -63,14 +64,10 @@ public class JWTClient {
this.isDefaultJWTClient = isDefaultJWTClient; this.isDefaultJWTClient = isDefaultJWTClient;
} }
/**
* {@inheritDoc}
*/
public AccessTokenInfo getAccessToken(String consumerKey, String consumerSecret, String username, String scopes) public AccessTokenInfo getAccessToken(String consumerKey, String consumerSecret, String username, String scopes)
throws JWTClientException { throws JWTClientException {
List<NameValuePair> params = new ArrayList<>(); List<NameValuePair> params = new ArrayList<>();
params.add(new BasicNameValuePair(JWTConstants.GRANT_TYPE_PARAM_NAME, JWTConstants.JWT_GRANT_TYPE)); params.add(new BasicNameValuePair(JWTConstants.GRANT_TYPE_PARAM_NAME, jwtConfig.getJwtGrantType()));
String assertion = JWTClientUtil.generateSignedJWTAssertion(username, jwtConfig, isDefaultJWTClient); String assertion = JWTClientUtil.generateSignedJWTAssertion(username, jwtConfig, isDefaultJWTClient);
if (assertion == null) { if (assertion == null) {
throw new JWTClientException("JWT is not configured properly for user : " + username); throw new JWTClientException("JWT is not configured properly for user : " + username);
@ -80,9 +77,26 @@ public class JWTClient {
return getTokenInfo(params, consumerKey, consumerSecret); return getTokenInfo(params, consumerKey, consumerSecret);
} }
/** public AccessTokenInfo getAccessToken(String consumerKey, String consumerSecret, String username, String scopes,
* {@inheritDoc} Map<String, String> paramsMap)
*/ throws JWTClientException {
List<NameValuePair> params = new ArrayList<>();
params.add(new BasicNameValuePair(JWTConstants.GRANT_TYPE_PARAM_NAME, jwtConfig.getJwtGrantType()));
String assertion = JWTClientUtil.generateSignedJWTAssertion(username, jwtConfig, isDefaultJWTClient);
if (assertion == null) {
throw new JWTClientException("JWT is not configured properly for user : " + username);
}
params.add(new BasicNameValuePair(JWTConstants.JWT_PARAM_NAME, assertion));
params.add(new BasicNameValuePair(JWTConstants.SCOPE_PARAM_NAME, scopes));
if (paramsMap != null) {
for (String key : paramsMap.keySet()) {
params.add(new BasicNameValuePair(key, paramsMap.get(key)));
}
}
return getTokenInfo(params, consumerKey, consumerSecret);
}
public AccessTokenInfo getAccessTokenFromRefreshToken(String refreshToken, String username, String scopes, public AccessTokenInfo getAccessTokenFromRefreshToken(String refreshToken, String username, String scopes,
String consumerKey, String consumerSecret) String consumerKey, String consumerSecret)
throws JWTClientException { throws JWTClientException {

@ -1,6 +1,7 @@
package org.wso2.carbon.identity.jwt.client.extension.dto; package org.wso2.carbon.identity.jwt.client.extension.dto;
import org.wso2.carbon.core.util.Utils; import org.wso2.carbon.core.util.Utils;
import org.wso2.carbon.identity.jwt.client.extension.constant.JWTConstants;
import java.util.ArrayList; import java.util.ArrayList;
import java.util.List; import java.util.List;
@ -20,6 +21,7 @@ public class JWTConfig {
private static final String JKS_PASSWORD ="KeyStorePassword"; private static final String JKS_PASSWORD ="KeyStorePassword";
private static final String JKA_PRIVATE_KEY_PASSWORD = "PrivateKeyPassword"; private static final String JKA_PRIVATE_KEY_PASSWORD = "PrivateKeyPassword";
private static final String TOKEN_ENDPOINT = "TokenEndpoint"; private static final String TOKEN_ENDPOINT = "TokenEndpoint";
private static final String JWT_GRANT_TYPE_NAME = "GrantType";
/** /**
* issuer of the JWT * issuer of the JWT
@ -69,6 +71,11 @@ public class JWTConfig {
private String privateKeyAlias; private String privateKeyAlias;
private String privateKeyPassword; private String privateKeyPassword;
/**
* Jwt Grant Type Name
*/
private String jwtGrantType;
/** /**
* @param properties load the config from the properties file. * @param properties load the config from the properties file.
*/ */
@ -89,6 +96,8 @@ public class JWTConfig {
privateKeyAlias = properties.getProperty(JKS_PRIVATE_KEY_ALIAS); privateKeyAlias = properties.getProperty(JKS_PRIVATE_KEY_ALIAS);
privateKeyPassword = properties.getProperty(JKA_PRIVATE_KEY_PASSWORD); privateKeyPassword = properties.getProperty(JKA_PRIVATE_KEY_PASSWORD);
tokenEndpoint = properties.getProperty(TOKEN_ENDPOINT, ""); tokenEndpoint = properties.getProperty(TOKEN_ENDPOINT, "");
jwtGrantType = properties.getProperty(JWT_GRANT_TYPE_NAME, JWTConstants.JWT_GRANT_TYPE);
} }
private static List<String> getAudience(String audience){ private static List<String> getAudience(String audience){
@ -146,4 +155,8 @@ public class JWTConfig {
public String getTokenEndpoint() { public String getTokenEndpoint() {
return Utils.replaceSystemProperty(tokenEndpoint); return Utils.replaceSystemProperty(tokenEndpoint);
} }
public String getJwtGrantType() {
return jwtGrantType;
}
} }

@ -245,7 +245,7 @@ public class FeatureManagerImpl implements FeatureManager {
@Override @Override
public List<ProfileFeature> getFeaturesForProfile(int profileId) throws FeatureManagementException { public List<ProfileFeature> getFeaturesForProfile(int profileId) throws FeatureManagementException {
try { try {
DeviceManagementDAOFactory.openConnection(); PolicyManagementDAOFactory.openConnection();
return featureDAO.getFeaturesForProfile(profileId); return featureDAO.getFeaturesForProfile(profileId);
} catch (FeatureManagerDAOException e) { } catch (FeatureManagerDAOException e) {
throw new FeatureManagementException("Error occurred while getting the features", e); throw new FeatureManagementException("Error occurred while getting the features", e);

@ -25,29 +25,16 @@ public class OAuthTokenValidationException extends Exception {
private static final long serialVersionUID = -3151279311929070297L; private static final long serialVersionUID = -3151279311929070297L;
private String errorMessage;
public String getErrorMessage() {
return errorMessage;
}
public void setErrorMessage(String errorMessage) {
this.errorMessage = errorMessage;
}
public OAuthTokenValidationException(String msg, Exception nestedEx) { public OAuthTokenValidationException(String msg, Exception nestedEx) {
super(msg, nestedEx); super(msg, nestedEx);
setErrorMessage(msg);
} }
public OAuthTokenValidationException(String message, Throwable cause) { public OAuthTokenValidationException(String message, Throwable cause) {
super(message, cause); super(message, cause);
setErrorMessage(message);
} }
public OAuthTokenValidationException(String msg) { public OAuthTokenValidationException(String msg) {
super(msg); super(msg);
setErrorMessage(msg);
} }
public OAuthTokenValidationException() { public OAuthTokenValidationException() {

@ -26,8 +26,9 @@ CREATE TABLE IF NOT EXISTS DM_DEVICE (
LAST_UPDATED_TIMESTAMP TIMESTAMP NOT NULL, LAST_UPDATED_TIMESTAMP TIMESTAMP NOT NULL,
TENANT_ID INTEGER DEFAULT 0, TENANT_ID INTEGER DEFAULT 0,
PRIMARY KEY (ID), PRIMARY KEY (ID),
CONSTRAINT fk_DM_DEVICE_DM_DEVICE_TYPE2 FOREIGN KEY (DEVICE_TYPE_ID ) CONSTRAINT fk_DM_DEVICE_DM_DEVICE_TYPE2 FOREIGN KEY (DEVICE_TYPE_ID)
REFERENCES DM_DEVICE_TYPE (ID) ON DELETE NO ACTION ON UPDATE NO ACTION REFERENCES DM_DEVICE_TYPE (ID) ON DELETE NO ACTION ON UPDATE NO ACTION,
CONSTRAINT uk_DM_DEVICE UNIQUE (NAME, DEVICE_TYPE_ID, DEVICE_IDENTIFICATION, TENANT_ID)
); );
CREATE TABLE IF NOT EXISTS DM_DEVICE_GROUP_MAP ( CREATE TABLE IF NOT EXISTS DM_DEVICE_GROUP_MAP (
@ -96,7 +97,8 @@ CREATE TABLE IF NOT EXISTS DM_ENROLMENT (
TENANT_ID INT NOT NULL, TENANT_ID INT NOT NULL,
PRIMARY KEY (ID), PRIMARY KEY (ID),
CONSTRAINT fk_dm_device_enrolment FOREIGN KEY (DEVICE_ID) REFERENCES CONSTRAINT fk_dm_device_enrolment FOREIGN KEY (DEVICE_ID) REFERENCES
DM_DEVICE (ID) ON DELETE NO ACTION ON UPDATE NO ACTION DM_DEVICE (ID) ON DELETE NO ACTION ON UPDATE NO ACTION,
CONSTRAINT uk_dm_device_enrolment UNIQUE (DEVICE_ID, OWNER, OWNERSHIP, TENANT_ID)
); );
CREATE TABLE IF NOT EXISTS DM_ENROLMENT_OP_MAPPING ( CREATE TABLE IF NOT EXISTS DM_ENROLMENT_OP_MAPPING (

@ -0,0 +1,19 @@
#
# Copyright (c) 2016, WSO2 Inc. (http://www.wso2.org) All Rights Reserved.
#
# WSO2 Inc. licenses this file to you under the Apache License,
# Version 2.0 (the "License"); you may not use this file except
# in compliance with the License.
# You may obtain a copy of the License at
#
# http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing,
# software distributed under the License is distributed on an
# "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
# KIND, either express or implied. See the License for the
# specific language governing permissions and limitations
# under the License.
#
custom = true

@ -0,0 +1,51 @@
<?xml version="1.0" encoding="ISO-8859-1"?>
<!--
~ Copyright (c) 2016, WSO2 Inc. (http://www.wso2.org) All Rights Reserved.
~
~ WSO2 Inc. licenses this file to you under the Apache License,
~ Version 2.0 (the "License"); you may not use this file except
~ in compliance with the License.
~ you may obtain a copy of the License at
~
~ http://www.apache.org/licenses/LICENSE-2.0
~
~ Unless required by applicable law or agreed to in writing,
~ software distributed under the License is distributed on an
~ "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
~ KIND, either express or implied. See the License for the
~ specific language governing permissions and limitations
~ under the License.
-->
<!--This holds the scopes that are allowed by the device-mgt, The user require below permission to get the required scope-->
<!--These scopes are assigned after validating with device-mgt specific grant types-->
<DeviceMgtScopes>
<Action name="mqtt-publisher">
<Permissions>
<Permission>/permission/device-mgt/user/groups/device_operation</Permission>
<Permission>/permission/device-mgt/admin/groups</Permission>
<Permission>/permission/device-mgt/user/groups</Permission>
</Permissions>
</Action>
<Action name="mqtt-subscriber">
<Permissions>
<Permission>/permission/device-mgt/user/groups/device_monitor</Permission>
<Permission>/permission/device-mgt/admin/groups</Permission>
<Permission>/permission/device-mgt/user/groups</Permission>
</Permissions>
</Action>
<Action name="stats">
<Permissions>
<Permission>/permission/device-mgt/user/groups/device_monitor</Permission>
<Permission>/permission/device-mgt/admin/groups</Permission>
<Permission>/permission/device-mgt/user/groups</Permission>
</Permissions>
</Action>
<Action name="operation">
<Permissions>
<Permission>/permission/device-mgt/user/groups/device_operation</Permission>
<Permission>/permission/device-mgt/admin/groups</Permission>
<Permission>/permission/device-mgt/user/groups</Permission>
</Permissions>
</Action>
</DeviceMgtScopes>

@ -0,0 +1,2 @@
instructions.configure = \
org.eclipse.equinox.p2.touchpoint.natives.copy(source:${installFolder}/../features/org.wso2.carbon.device.mgt.oauth.extensions_${feature.version}/device-mgt-scopes.xml,target:${installFolder}/../../conf/etc/device-mgt-scopes.xml,overwrite:true);\

@ -780,6 +780,11 @@
<artifactId>org.wso2.carbon.apimgt.keymgt.client</artifactId> <artifactId>org.wso2.carbon.apimgt.keymgt.client</artifactId>
<version>${carbon.api.mgt.version}</version> <version>${carbon.api.mgt.version}</version>
</dependency> </dependency>
<dependency>
<groupId>org.wso2.carbon.apimgt</groupId>
<artifactId>org.wso2.carbon.apimgt.keymgt</artifactId>
<version>${carbon.api.mgt.version}</version>
</dependency>
<dependency> <dependency>
<groupId>org.wso2.carbon.apimgt</groupId> <groupId>org.wso2.carbon.apimgt</groupId>
<artifactId>org.wso2.carbon.apimgt.impl</artifactId> <artifactId>org.wso2.carbon.apimgt.impl</artifactId>

Loading…
Cancel
Save