From dfe957b0193cf2fd8b4f42205f0bcc164405b014 Mon Sep 17 00:00:00 2001 From: inoshperera Date: Sun, 9 Apr 2023 11:50:14 +0530 Subject: [PATCH 01/29] Add SCEP support fixes https://roadmap.entgra.net/issues/10042 --- .../mgt/core/impl/CertificateGenerator.java | 117 +++++++++++++++++- .../service/CertificateManagementService.java | 2 + .../CertificateManagementServiceImpl.java | 5 + .../util/CertificateManagementConstants.java | 1 + 4 files changed, 119 insertions(+), 6 deletions(-) diff --git a/components/certificate-mgt/org.wso2.carbon.certificate.mgt.core/src/main/java/org/wso2/carbon/certificate/mgt/core/impl/CertificateGenerator.java b/components/certificate-mgt/org.wso2.carbon.certificate.mgt.core/src/main/java/org/wso2/carbon/certificate/mgt/core/impl/CertificateGenerator.java index 2cb6d4098f..20b4833d56 100755 --- a/components/certificate-mgt/org.wso2.carbon.certificate.mgt.core/src/main/java/org/wso2/carbon/certificate/mgt/core/impl/CertificateGenerator.java +++ b/components/certificate-mgt/org.wso2.carbon.certificate.mgt.core/src/main/java/org/wso2/carbon/certificate/mgt/core/impl/CertificateGenerator.java @@ -44,12 +44,17 @@ import org.bouncycastle.operator.OperatorCreationException; import org.bouncycastle.operator.jcajce.JcaContentSignerBuilder; import org.bouncycastle.pkcs.PKCS10CertificationRequest; import org.bouncycastle.util.Store; -import org.jscep.message.*; +import org.jscep.message.CertRep; +import org.jscep.message.MessageDecodingException; +import org.jscep.message.MessageEncodingException; +import org.jscep.message.PkcsPkiEnvelopeDecoder; +import org.jscep.message.PkcsPkiEnvelopeEncoder; +import org.jscep.message.PkiMessage; +import org.jscep.message.PkiMessageDecoder; +import org.jscep.message.PkiMessageEncoder; import org.jscep.transaction.FailInfo; import org.jscep.transaction.Nonce; import org.jscep.transaction.TransactionId; -import org.wso2.carbon.certificate.mgt.core.cache.CertificateCacheManager; -import org.wso2.carbon.certificate.mgt.core.cache.impl.CertificateCacheManagerImpl; import org.wso2.carbon.certificate.mgt.core.dao.CertificateDAO; import org.wso2.carbon.certificate.mgt.core.dao.CertificateManagementDAOException; import org.wso2.carbon.certificate.mgt.core.dao.CertificateManagementDAOFactory; @@ -72,13 +77,31 @@ import java.io.ByteArrayInputStream; import java.io.IOException; import java.io.InputStream; import java.math.BigInteger; -import java.security.*; +import java.security.InvalidKeyException; +import java.security.KeyFactory; +import java.security.KeyPair; +import java.security.KeyPairGenerator; +import java.security.NoSuchAlgorithmException; +import java.security.NoSuchProviderException; +import java.security.PrivateKey; +import java.security.PublicKey; +import java.security.SecureRandom; +import java.security.Security; +import java.security.SignatureException; import java.security.cert.Certificate; -import java.security.cert.*; +import java.security.cert.CertificateEncodingException; +import java.security.cert.CertificateException; +import java.security.cert.CertificateExpiredException; +import java.security.cert.CertificateFactory; +import java.security.cert.CertificateNotYetValidException; +import java.security.cert.X509Certificate; +import java.security.spec.InvalidKeySpecException; +import java.security.spec.X509EncodedKeySpec; import java.util.ArrayList; import java.util.Collection; import java.util.Date; import java.util.List; +import java.util.concurrent.TimeUnit; public class CertificateGenerator { @@ -757,4 +780,86 @@ public class CertificateGenerator { return generateCertificateFromCSR(privateKeyCA, certificationRequest, certCA.getIssuerX500Principal().getName()); } -} + + public X509Certificate generateAlteredCertificateFromCSR(String csr) + throws KeystoreException { + byte[] byteArrayBst = DatatypeConverter.parseBase64Binary(csr); + PKCS10CertificationRequest certificationRequest; + KeyStoreReader keyStoreReader = new KeyStoreReader(); + PrivateKey privateKeyCA = keyStoreReader.getCAPrivateKey(); + X509Certificate certCA = (X509Certificate) keyStoreReader.getCACertificate(); + + X509Certificate issuedCert; + try { + certificationRequest = new PKCS10CertificationRequest(byteArrayBst); + JcaContentSignerBuilder csBuilder = + new JcaContentSignerBuilder(CertificateManagementConstants.SIGNING_ALGORITHM); + ContentSigner signer = csBuilder.build(privateKeyCA); + + BigInteger serialNumber = BigInteger.valueOf(System.currentTimeMillis()); + + X500Name issuerName = new X500Name(certCA.getSubjectDN().getName()); + + String commonName = certificationRequest.getSubject().getRDNs(BCStyle.CN)[0].getFirst() + .getValue().toString(); + X500Name subjectName = new X500Name("O=" + commonName + "O=AndroidDevice,CN=" + + serialNumber); + Date startDate = new Date(System.currentTimeMillis()); + Date endDate = new Date(System.currentTimeMillis() + + TimeUnit.DAYS.toMillis(365 * 100)); + PublicKey publicKey = getPublicKeyFromRequest(certificationRequest); + + X509v3CertificateBuilder certBuilder = new JcaX509v3CertificateBuilder( + issuerName, serialNumber, startDate, endDate, + subjectName, publicKey); + + X509CertificateHolder certHolder = certBuilder.build(signer); + + CertificateFactory certificateFactory = CertificateFactory.getInstance + (CertificateManagementConstants.X_509); + byte[] encodedCertificate = certHolder.getEncoded(); + issuedCert = (X509Certificate) certificateFactory + .generateCertificate(new ByteArrayInputStream(encodedCertificate)); + + org.wso2.carbon.certificate.mgt.core.bean.Certificate certificate = + new org.wso2.carbon.certificate.mgt.core.bean.Certificate(); + List certificates = new ArrayList<>(); + certificate.setTenantId(PrivilegedCarbonContext.getThreadLocalCarbonContext().getTenantId()); + certificate.setCertificate(issuedCert); + certificates.add(certificate); + saveCertInKeyStore(certificates); + + } catch (OperatorCreationException e) { + String errorMsg = "Error creating the content signer"; + log.error(errorMsg); + throw new KeystoreException(errorMsg, e); + } catch (CertificateException e) { + String errorMsg = "Error when opening the newly created certificate"; + log.error(errorMsg); + throw new KeystoreException(errorMsg, e); + } catch (InvalidKeySpecException e) { + String errorMsg = "Public key is having invalid specification"; + log.error(errorMsg); + throw new KeystoreException(errorMsg, e); + } catch (NoSuchAlgorithmException e) { + String errorMsg = "Could not find RSA algorithm"; + log.error(errorMsg); + throw new KeystoreException(errorMsg, e); + } catch (IOException e) { + String errorMsg = "Error while reading the csr"; + log.error(errorMsg); + throw new KeystoreException(errorMsg, e); + } + return issuedCert; + } + + private static PublicKey getPublicKeyFromRequest(PKCS10CertificationRequest request) + throws InvalidKeySpecException, NoSuchAlgorithmException, IOException { + byte[] publicKeyBytes = request.getSubjectPublicKeyInfo().getEncoded(); + X509EncodedKeySpec publicKeySpec = new X509EncodedKeySpec(publicKeyBytes); + KeyFactory keyFactory = KeyFactory.getInstance("RSA"); + PublicKey publicKey = keyFactory.generatePublic(publicKeySpec); + return publicKey; + } + +} \ No newline at end of file diff --git a/components/certificate-mgt/org.wso2.carbon.certificate.mgt.core/src/main/java/org/wso2/carbon/certificate/mgt/core/service/CertificateManagementService.java b/components/certificate-mgt/org.wso2.carbon.certificate.mgt.core/src/main/java/org/wso2/carbon/certificate/mgt/core/service/CertificateManagementService.java index becd68720b..393dbdd0ed 100644 --- a/components/certificate-mgt/org.wso2.carbon.certificate.mgt.core/src/main/java/org/wso2/carbon/certificate/mgt/core/service/CertificateManagementService.java +++ b/components/certificate-mgt/org.wso2.carbon.certificate.mgt.core/src/main/java/org/wso2/carbon/certificate/mgt/core/service/CertificateManagementService.java @@ -79,4 +79,6 @@ public interface CertificateManagementService { List searchCertificates(String serialNumber) throws CertificateManagementException; + X509Certificate generateAlteredCertificateFromCSR(String csr) throws KeystoreException; + } diff --git a/components/certificate-mgt/org.wso2.carbon.certificate.mgt.core/src/main/java/org/wso2/carbon/certificate/mgt/core/service/CertificateManagementServiceImpl.java b/components/certificate-mgt/org.wso2.carbon.certificate.mgt.core/src/main/java/org/wso2/carbon/certificate/mgt/core/service/CertificateManagementServiceImpl.java index c47472f35c..67cca297c4 100644 --- a/components/certificate-mgt/org.wso2.carbon.certificate.mgt.core/src/main/java/org/wso2/carbon/certificate/mgt/core/service/CertificateManagementServiceImpl.java +++ b/components/certificate-mgt/org.wso2.carbon.certificate.mgt.core/src/main/java/org/wso2/carbon/certificate/mgt/core/service/CertificateManagementServiceImpl.java @@ -234,4 +234,9 @@ public class CertificateManagementServiceImpl implements CertificateManagementSe } } + @Override + public X509Certificate generateAlteredCertificateFromCSR(String csr) throws KeystoreException{ + return certificateGenerator.generateAlteredCertificateFromCSR(csr); + } + } diff --git a/components/certificate-mgt/org.wso2.carbon.certificate.mgt.core/src/main/java/org/wso2/carbon/certificate/mgt/core/util/CertificateManagementConstants.java b/components/certificate-mgt/org.wso2.carbon.certificate.mgt.core/src/main/java/org/wso2/carbon/certificate/mgt/core/util/CertificateManagementConstants.java index 5e5f02c7f0..96c6cc2148 100644 --- a/components/certificate-mgt/org.wso2.carbon.certificate.mgt.core/src/main/java/org/wso2/carbon/certificate/mgt/core/util/CertificateManagementConstants.java +++ b/components/certificate-mgt/org.wso2.carbon.certificate.mgt.core/src/main/java/org/wso2/carbon/certificate/mgt/core/util/CertificateManagementConstants.java @@ -39,6 +39,7 @@ public final class CertificateManagementConstants { public static final String RSA_PRIVATE_KEY_END_TEXT = "-----END RSA PRIVATE KEY-----"; public static final String EMPTY_TEXT = ""; public static final int RSA_KEY_LENGTH = 2048; + public static final String SIGNING_ALGORITHM = "SHA256withRSA"; public static final class DataBaseTypes { private DataBaseTypes() { From d34adaae961a2c10eb9a23bb931b802eb2686e2c Mon Sep 17 00:00:00 2001 From: Pahansith Gunathilake Date: Wed, 19 Apr 2023 06:46:09 +0000 Subject: [PATCH 02/29] Fix issue with Nginx not recognizing the SCEP client certificate (#105) Co-authored-by: Pahansith Reviewed-on: https://repository.entgra.net/community/device-mgt-core/pulls/105 Co-authored-by: Pahansith Gunathilake Co-committed-by: Pahansith Gunathilake --- .../mgt/core/impl/CertificateGenerator.java | 17 +++++++++++------ 1 file changed, 11 insertions(+), 6 deletions(-) diff --git a/components/certificate-mgt/org.wso2.carbon.certificate.mgt.core/src/main/java/org/wso2/carbon/certificate/mgt/core/impl/CertificateGenerator.java b/components/certificate-mgt/org.wso2.carbon.certificate.mgt.core/src/main/java/org/wso2/carbon/certificate/mgt/core/impl/CertificateGenerator.java index 20b4833d56..d686ff5115 100755 --- a/components/certificate-mgt/org.wso2.carbon.certificate.mgt.core/src/main/java/org/wso2/carbon/certificate/mgt/core/impl/CertificateGenerator.java +++ b/components/certificate-mgt/org.wso2.carbon.certificate.mgt.core/src/main/java/org/wso2/carbon/certificate/mgt/core/impl/CertificateGenerator.java @@ -97,10 +97,7 @@ import java.security.cert.CertificateNotYetValidException; import java.security.cert.X509Certificate; import java.security.spec.InvalidKeySpecException; import java.security.spec.X509EncodedKeySpec; -import java.util.ArrayList; -import java.util.Collection; -import java.util.Date; -import java.util.List; +import java.util.*; import java.util.concurrent.TimeUnit; public class CertificateGenerator { @@ -798,8 +795,16 @@ public class CertificateGenerator { BigInteger serialNumber = BigInteger.valueOf(System.currentTimeMillis()); - X500Name issuerName = new X500Name(certCA.getSubjectDN().getName()); - + //Reversing the order of components of the subject DN due to Nginx not verifying the client certificate + //generated by Java using this subject DN. + //Ref: https://stackoverflow.com/questions/33769978 & engineering mail SCEP implementation for Android + String[] dnParts = certCA.getSubjectDN().getName().split(","); + StringJoiner joiner = new StringJoiner(","); + for (int i = (dnParts.length - 1); i >= 0; i--) { + joiner.add(dnParts[i]); + } + String subjectDn = joiner.toString(); + X500Name issuerName = new X500Name(subjectDn); String commonName = certificationRequest.getSubject().getRDNs(BCStyle.CN)[0].getFirst() .getValue().toString(); X500Name subjectName = new X500Name("O=" + commonName + "O=AndroidDevice,CN=" + From 19ce7d6facd56640e010602f494c9982cda00248 Mon Sep 17 00:00:00 2001 From: Lasantha Dharmakeerthi Date: Mon, 10 Apr 2023 20:25:07 +0530 Subject: [PATCH 03/29] Add try it now feature (#99) Co-authored-by: Dharmakeerthi Lasantha Reviewed-on: https://repository.entgra.net/community/device-mgt-core/pulls/99 Co-authored-by: Lasantha Dharmakeerthi Co-committed-by: Lasantha Dharmakeerthi --- .../exception/StorageManagementException.java | 32 ------------------- 1 file changed, 32 deletions(-) diff --git a/components/device-mgt/org.wso2.carbon.device.mgt.core/src/main/java/org/wso2/carbon/device/mgt/core/common/exception/StorageManagementException.java b/components/device-mgt/org.wso2.carbon.device.mgt.core/src/main/java/org/wso2/carbon/device/mgt/core/common/exception/StorageManagementException.java index 38985716de..e69de29bb2 100644 --- a/components/device-mgt/org.wso2.carbon.device.mgt.core/src/main/java/org/wso2/carbon/device/mgt/core/common/exception/StorageManagementException.java +++ b/components/device-mgt/org.wso2.carbon.device.mgt.core/src/main/java/org/wso2/carbon/device/mgt/core/common/exception/StorageManagementException.java @@ -1,32 +0,0 @@ -/* Copyright (c) 2023, Entgra (Pvt) Ltd. (http://www.entgra.io) All Rights Reserved. - * - * Entgra (Pvt) Ltd. licenses this file to you under the Apache License, - * Version 2.0 (the "License"); you may not use this file except - * in compliance with the License. - * You may obtain a copy of the License at - * - * http://www.apache.org/licenses/LICENSE-2.0 - * - * Unless required by applicable law or agreed to in writing, - * software distributed under the License is distributed on an - * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY - * KIND, either express or implied. See the License for the - * specific language governing permissions and limitations - * under the License. - */ - -package org.wso2.carbon.device.mgt.core.common.exception; - -/** - * Represents the exception thrown during storing and retrieving the artifacts. - */ -public class StorageManagementException extends Exception { - public StorageManagementException(String message, Throwable ex) { - super(message, ex); - } - - public StorageManagementException(String message) { - super(message); - } -} - From 1aafd53d3e7f2a64ebb04369bad048bc796c30b7 Mon Sep 17 00:00:00 2001 From: inoshperera Date: Wed, 24 May 2023 13:54:10 +0530 Subject: [PATCH 04/29] OTP for enrollment with Mutual TLS Fixes https://roadmap.entgra.net/issues/10093 --- .../mgt/common/DeviceManagementConstants.java | 2 + .../common/general/QREnrollmentDetails.java | 9 ++++ .../mgt/common/otp/mgt/OTPEmailTypes.java | 2 +- .../mgt/common/spi/OTPManagementService.java | 6 +-- .../dao/impl/GenericOTPManagementDAOImpl.java | 6 ++- .../mgt/service/OTPManagementServiceImpl.java | 51 +++++++++---------- .../authenticator/BasicAuthAuthenticator.java | 31 +++++++++-- .../CertificateAuthenticator.java | 9 ++++ .../OneTimeTokenAuthenticator.java | 14 ++++- 9 files changed, 93 insertions(+), 37 deletions(-) diff --git a/components/device-mgt/org.wso2.carbon.device.mgt.common/src/main/java/org/wso2/carbon/device/mgt/common/DeviceManagementConstants.java b/components/device-mgt/org.wso2.carbon.device.mgt.common/src/main/java/org/wso2/carbon/device/mgt/common/DeviceManagementConstants.java index 154594678c..f95a78ed84 100644 --- a/components/device-mgt/org.wso2.carbon.device.mgt.common/src/main/java/org/wso2/carbon/device/mgt/common/DeviceManagementConstants.java +++ b/components/device-mgt/org.wso2.carbon.device.mgt.common/src/main/java/org/wso2/carbon/device/mgt/common/DeviceManagementConstants.java @@ -134,6 +134,8 @@ public final class DeviceManagementConstants { public static final String LAST_NAME = "last-name"; public static final String TENANT_ADMIN_USERNAME = "tenant-admin-username"; public static final String TENANT_ADMIN_PASSWORD = "tenant-admin-password"; + + public static final int OTP_DEFAULT_EXPIRY_SECONDS = 3600; } public static final class EventServices { diff --git a/components/device-mgt/org.wso2.carbon.device.mgt.common/src/main/java/org/wso2/carbon/device/mgt/common/general/QREnrollmentDetails.java b/components/device-mgt/org.wso2.carbon.device.mgt.common/src/main/java/org/wso2/carbon/device/mgt/common/general/QREnrollmentDetails.java index 150fddef09..37e696c206 100644 --- a/components/device-mgt/org.wso2.carbon.device.mgt.common/src/main/java/org/wso2/carbon/device/mgt/common/general/QREnrollmentDetails.java +++ b/components/device-mgt/org.wso2.carbon.device.mgt.common/src/main/java/org/wso2/carbon/device/mgt/common/general/QREnrollmentDetails.java @@ -22,6 +22,7 @@ public class QREnrollmentDetails { String ownershipType; String username; String enrollmentMode; + int tokenExpiry; public String getOwnershipType() { return ownershipType; } @@ -34,4 +35,12 @@ public class QREnrollmentDetails { public String getEnrollmentMode() { return enrollmentMode; } public void setEnrollmentMode(String enrollmentMode) { this.enrollmentMode = enrollmentMode; } + + public int getTokenExpiry() { + return tokenExpiry; + } + + public void setTokenExpiry(int tokenExpiry) { + this.tokenExpiry = tokenExpiry; + } } diff --git a/components/device-mgt/org.wso2.carbon.device.mgt.common/src/main/java/org/wso2/carbon/device/mgt/common/otp/mgt/OTPEmailTypes.java b/components/device-mgt/org.wso2.carbon.device.mgt.common/src/main/java/org/wso2/carbon/device/mgt/common/otp/mgt/OTPEmailTypes.java index 72bbea982e..9a182a0b14 100644 --- a/components/device-mgt/org.wso2.carbon.device.mgt.common/src/main/java/org/wso2/carbon/device/mgt/common/otp/mgt/OTPEmailTypes.java +++ b/components/device-mgt/org.wso2.carbon.device.mgt.common/src/main/java/org/wso2/carbon/device/mgt/common/otp/mgt/OTPEmailTypes.java @@ -18,5 +18,5 @@ package org.wso2.carbon.device.mgt.common.otp.mgt; public enum OTPEmailTypes { - USER_VERIFY, DEVICE_ENROLLMENT + USER_VERIFY, DEVICE_ENROLLMENT, USER_INVITE } diff --git a/components/device-mgt/org.wso2.carbon.device.mgt.common/src/main/java/org/wso2/carbon/device/mgt/common/spi/OTPManagementService.java b/components/device-mgt/org.wso2.carbon.device.mgt.common/src/main/java/org/wso2/carbon/device/mgt/common/spi/OTPManagementService.java index bf1d112875..ed548499bf 100644 --- a/components/device-mgt/org.wso2.carbon.device.mgt.common/src/main/java/org/wso2/carbon/device/mgt/common/spi/OTPManagementService.java +++ b/components/device-mgt/org.wso2.carbon.device.mgt.common/src/main/java/org/wso2/carbon/device/mgt/common/spi/OTPManagementService.java @@ -34,7 +34,8 @@ public interface OTPManagementService { * @throws OTPManagementException if error occurred whle verifying validity of the OPT * @throws BadRequestException if found an null value for OTP */ - OneTimePinDTO isValidOTP(String oneTimeToken) throws OTPManagementException, BadRequestException; + OneTimePinDTO isValidOTP(String oneTimeToken, boolean requireRenewal) throws + OTPManagementException, BadRequestException; /** * Invalidate the OTP and send welcome mail @@ -58,8 +59,7 @@ public interface OTPManagementService { boolean hasEmailRegistered(String email, String emailDomain) throws OTPManagementException, DeviceManagementException; - OneTimePinDTO generateOneTimePin(String email, String emailType, String userName, Object metaDataObj, - int tenantId, boolean persistPin) throws OTPManagementException; + OneTimePinDTO generateOneTimePin(OneTimePinDTO oneTimePinData, boolean persistPin) throws OTPManagementException; OneTimePinDTO getRenewedOtpByEmailAndMailType(String email, String emailType) throws OTPManagementException; diff --git a/components/device-mgt/org.wso2.carbon.device.mgt.core/src/main/java/org/wso2/carbon/device/mgt/core/otp/mgt/dao/impl/GenericOTPManagementDAOImpl.java b/components/device-mgt/org.wso2.carbon.device.mgt.core/src/main/java/org/wso2/carbon/device/mgt/core/otp/mgt/dao/impl/GenericOTPManagementDAOImpl.java index 574d6e7904..becea82ede 100644 --- a/components/device-mgt/org.wso2.carbon.device.mgt.core/src/main/java/org/wso2/carbon/device/mgt/core/otp/mgt/dao/impl/GenericOTPManagementDAOImpl.java +++ b/components/device-mgt/org.wso2.carbon.device.mgt.core/src/main/java/org/wso2/carbon/device/mgt/core/otp/mgt/dao/impl/GenericOTPManagementDAOImpl.java @@ -19,6 +19,7 @@ package org.wso2.carbon.device.mgt.core.otp.mgt.dao.impl; import org.apache.commons.logging.Log; import org.apache.commons.logging.LogFactory; +import org.wso2.carbon.device.mgt.common.DeviceManagementConstants; import org.wso2.carbon.device.mgt.common.exceptions.DBConnectionException; import org.wso2.carbon.device.mgt.common.otp.mgt.dto.OneTimePinDTO; import org.wso2.carbon.device.mgt.core.otp.mgt.dao.AbstractDAOImpl; @@ -55,7 +56,8 @@ public class GenericOTPManagementDAOImpl extends AbstractDAOImpl implements OTPM + "META_INFO, " + "CREATED_AT," + "TENANT_ID," - + "USERNAME) VALUES (?, ?, ?, ?, ?, ?, ?)"; + + "USERNAME, " + + "EXPIRY_TIME) VALUES (?, ?, ?, ?, ?, ?, ?, ?)"; try { Connection conn = this.getDBConnection(); Calendar calendar = Calendar.getInstance(); @@ -69,6 +71,8 @@ public class GenericOTPManagementDAOImpl extends AbstractDAOImpl implements OTPM stmt.setTimestamp(5, timestamp); stmt.setInt(6, oneTimePinDTO.getTenantId()); stmt.setString(7, oneTimePinDTO.getUsername()); + stmt.setInt(8, oneTimePinDTO.getExpiryTime() == 0 + ? DeviceManagementConstants.OTPProperties.OTP_DEFAULT_EXPIRY_SECONDS : oneTimePinDTO.getExpiryTime()); stmt.addBatch(); } stmt.executeBatch(); diff --git a/components/device-mgt/org.wso2.carbon.device.mgt.core/src/main/java/org/wso2/carbon/device/mgt/core/otp/mgt/service/OTPManagementServiceImpl.java b/components/device-mgt/org.wso2.carbon.device.mgt.core/src/main/java/org/wso2/carbon/device/mgt/core/otp/mgt/service/OTPManagementServiceImpl.java index 4c8161e100..2d90dc5727 100644 --- a/components/device-mgt/org.wso2.carbon.device.mgt.core/src/main/java/org/wso2/carbon/device/mgt/core/otp/mgt/service/OTPManagementServiceImpl.java +++ b/components/device-mgt/org.wso2.carbon.device.mgt.core/src/main/java/org/wso2/carbon/device/mgt/core/otp/mgt/service/OTPManagementServiceImpl.java @@ -126,7 +126,8 @@ public class OTPManagementServiceImpl implements OTPManagementService { } @Override - public OneTimePinDTO isValidOTP(String oneTimeToken) throws OTPManagementException, BadRequestException { + public OneTimePinDTO isValidOTP(String oneTimeToken, boolean requireRenewal) throws OTPManagementException, + BadRequestException { if (StringUtils.isBlank(oneTimeToken)){ String msg = "Received blank OTP to verify. OTP: " + oneTimeToken; log.error(msg); @@ -150,17 +151,19 @@ public class OTPManagementServiceImpl implements OTPManagementService { oneTimePinDTO.getCreatedAt().getTime() + oneTimePinDTO.getExpiryTime() * 1000L); if (currentTimestamp.after(expiredTimestamp)) { - String renewedOTP = UUID.randomUUID().toString(); - renewOTP(oneTimePinDTO, renewedOTP); - Gson gson = new Gson(); - Tenant tenant = gson.fromJson(oneTimePinDTO.getMetaInfo(), Tenant.class); + if (requireRenewal) { + String renewedOTP = UUID.randomUUID().toString(); + renewOTP(oneTimePinDTO, renewedOTP); + Gson gson = new Gson(); + Tenant tenant = gson.fromJson(oneTimePinDTO.getMetaInfo(), Tenant.class); - Properties props = new Properties(); - props.setProperty("first-name", tenant.getAdminFirstName()); - props.setProperty("otp-token", renewedOTP); - props.setProperty("email", oneTimePinDTO.getEmail()); - props.setProperty("type", oneTimePinDTO.getEmailType()); - sendMail(props, oneTimePinDTO.getEmail(), DeviceManagementConstants.EmailAttributes.USER_VERIFY_TEMPLATE); + Properties props = new Properties(); + props.setProperty("first-name", tenant.getAdminFirstName()); + props.setProperty("otp-token", renewedOTP); + props.setProperty("email", oneTimePinDTO.getEmail()); + props.setProperty("type", oneTimePinDTO.getEmailType()); + sendMail(props, oneTimePinDTO.getEmail(), DeviceManagementConstants.EmailAttributes.USER_VERIFY_TEMPLATE); + } return null; } return oneTimePinDTO; @@ -243,8 +246,14 @@ public class OTPManagementServiceImpl implements OTPManagementService { for (String username : deviceEnrollmentInvitation.getUsernames()) { String emailAddress = DeviceManagerUtil.getUserClaimValue( username, DeviceManagementConstants.User.CLAIM_EMAIL_ADDRESS); - oneTimePinDTO = generateOneTimePin(emailAddress, OTPEmailTypes.DEVICE_ENROLLMENT.toString(), username, - null, tenantId, false); + + OneTimePinDTO oneTimePinData = new OneTimePinDTO(); + oneTimePinData.setEmail(emailAddress); + oneTimePinData.setTenantId(tenantId); + oneTimePinData.setUsername(username); + oneTimePinData.setEmailType(OTPEmailTypes.USER_INVITE.toString()); + + oneTimePinDTO = generateOneTimePin(oneTimePinData, false); oneTimePinDTOList.add(oneTimePinDTO); props.setProperty("first-name", DeviceManagerUtil. getUserClaimValue(username, DeviceManagementConstants.User.CLAIM_FIRST_NAME)); @@ -278,27 +287,17 @@ public class OTPManagementServiceImpl implements OTPManagementService { /** * Create One Time Token - * @param email email - * @param emailType email type - * @param userName username - * @param metaDataObj meta data object - * @param tenantId tenant Id + * @param oneTimePinDTO Data related to the one time pin * @return {@link OneTimePinDTO} */ @Override - public OneTimePinDTO generateOneTimePin(String email, String emailType, String userName, Object metaDataObj, - int tenantId, boolean persistPin) throws OTPManagementException { + public OneTimePinDTO generateOneTimePin(OneTimePinDTO oneTimePinDTO, boolean persistPin) throws OTPManagementException { String otpValue = UUID.randomUUID().toString(); Gson gson = new Gson(); - String metaInfo = gson.toJson(metaDataObj); + String metaInfo = gson.toJson(oneTimePinDTO.getMetaInfo()); - OneTimePinDTO oneTimePinDTO = new OneTimePinDTO(); - oneTimePinDTO.setEmail(email); - oneTimePinDTO.setTenantId(tenantId); - oneTimePinDTO.setUsername(userName); - oneTimePinDTO.setEmailType(emailType); oneTimePinDTO.setMetaInfo(metaInfo); oneTimePinDTO.setOtpToken(otpValue); diff --git a/components/webapp-authenticator-framework/org.wso2.carbon.webapp.authenticator.framework/src/main/java/org/wso2/carbon/webapp/authenticator/framework/authenticator/BasicAuthAuthenticator.java b/components/webapp-authenticator-framework/org.wso2.carbon.webapp.authenticator.framework/src/main/java/org/wso2/carbon/webapp/authenticator/framework/authenticator/BasicAuthAuthenticator.java index 4bd7779dda..f1b0339994 100644 --- a/components/webapp-authenticator-framework/org.wso2.carbon.webapp.authenticator.framework/src/main/java/org/wso2/carbon/webapp/authenticator/framework/authenticator/BasicAuthAuthenticator.java +++ b/components/webapp-authenticator-framework/org.wso2.carbon.webapp.authenticator.framework/src/main/java/org/wso2/carbon/webapp/authenticator/framework/authenticator/BasicAuthAuthenticator.java @@ -36,6 +36,7 @@ import org.wso2.carbon.webapp.authenticator.framework.Utils.Utils; import java.nio.charset.Charset; import java.util.Base64; import java.util.Properties; +import java.util.StringTokenizer; public class BasicAuthAuthenticator implements WebappAuthenticator { @@ -51,15 +52,23 @@ public class BasicAuthAuthenticator implements WebappAuthenticator { @Override public boolean canHandle(Request request) { /* - This is done to avoid every endpoint being able to use basic auth. Add the following to - the required web.xml of the web app. + This is done to avoid every web app being able to use basic auth. Add the following to + the required web.xml of the web app. This is a global config for a web app to allow all + contexts of the web app to use basic auth basicAuth true + + Adding the basicAuthAllowList parameter allows to selectively allow some context paths in a + web app to use basic auth while all the other context remain unavailable with basic auth. + If this parameter is present, any context that requires basic auth must be specially + added as comma separated list to the param-value of basicAuthAllowList. */ - if (!isAuthenticationSupported(request)) { - return false; + if (!isAllowListedForBasicAuth(request)) { + if (!isAuthenticationSupported(request)) { + return false; + } } if (request.getCoyoteRequest() == null || request.getCoyoteRequest().getMimeHeaders() == null) { return false; @@ -76,6 +85,20 @@ public class BasicAuthAuthenticator implements WebappAuthenticator { return false; } + private boolean isAllowListedForBasicAuth(Request request) { + String param = request.getContext().findParameter("basicAuthAllowList"); + if (param != null && !param.isEmpty()) { + //Add the nonSecured end-points to cache + String[] basicAuthAllowList = param.split(","); + for (String contexPath : basicAuthAllowList) { + if (request.getRequestURI().toString().endsWith(contexPath.trim())) { + return true; + } + } + } + return false; + } + @Override public AuthenticationInfo authenticate(Request request, Response response) { AuthenticationInfo authenticationInfo = new AuthenticationInfo(); diff --git a/components/webapp-authenticator-framework/org.wso2.carbon.webapp.authenticator.framework/src/main/java/org/wso2/carbon/webapp/authenticator/framework/authenticator/CertificateAuthenticator.java b/components/webapp-authenticator-framework/org.wso2.carbon.webapp.authenticator.framework/src/main/java/org/wso2/carbon/webapp/authenticator/framework/authenticator/CertificateAuthenticator.java index 4bead3ad4f..6bccefe7ec 100644 --- a/components/webapp-authenticator-framework/org.wso2.carbon.webapp.authenticator.framework/src/main/java/org/wso2/carbon/webapp/authenticator/framework/authenticator/CertificateAuthenticator.java +++ b/components/webapp-authenticator-framework/org.wso2.carbon.webapp.authenticator.framework/src/main/java/org/wso2/carbon/webapp/authenticator/framework/authenticator/CertificateAuthenticator.java @@ -75,21 +75,30 @@ public class CertificateAuthenticator implements WebappAuthenticator { // When there is a load balancer terminating mutual SSL, it should pass this header along and // as the value of this header, the client certificate subject dn should be passed. if (request.getHeader(PROXY_MUTUAL_AUTH_HEADER) != null) { + log.info("PROXY_MUTUAL_AUTH_HEADER " + request.getHeader(PROXY_MUTUAL_AUTH_HEADER)); CertificateResponse certificateResponse = AuthenticatorFrameworkDataHolder.getInstance(). getCertificateManagementService().verifySubjectDN(request.getHeader(PROXY_MUTUAL_AUTH_HEADER)); + log.info("clientCertificate" + certificateResponse.getSerialNumber()); + log.info("clientCertificate" + certificateResponse.getCommonName()); authenticationInfo = checkCertificateResponse(certificateResponse); + log.info("username" + authenticationInfo.getUsername()); } else if (request.getHeader(MUTUAL_AUTH_HEADER) != null) { + log.info("MUTUAL_AUTH_HEADER"); Object object = request.getAttribute(CLIENT_CERTIFICATE_ATTRIBUTE); X509Certificate[] clientCertificate = null; if (object instanceof X509Certificate[]) { + log.info("clientCertificate"); clientCertificate = (X509Certificate[]) request. getAttribute(CLIENT_CERTIFICATE_ATTRIBUTE); } if (clientCertificate != null && clientCertificate[0] != null) { CertificateResponse certificateResponse = AuthenticatorFrameworkDataHolder.getInstance(). getCertificateManagementService().verifyPEMSignature(clientCertificate[0]); + log.info("clientCertificate" + certificateResponse.getSerialNumber()); + log.info("clientCertificate" + certificateResponse.getCommonName()); authenticationInfo = checkCertificateResponse(certificateResponse); + log.info("username" + authenticationInfo.getUsername()); } else { authenticationInfo.setStatus(Status.FAILURE); diff --git a/components/webapp-authenticator-framework/org.wso2.carbon.webapp.authenticator.framework/src/main/java/org/wso2/carbon/webapp/authenticator/framework/authenticator/OneTimeTokenAuthenticator.java b/components/webapp-authenticator-framework/org.wso2.carbon.webapp.authenticator.framework/src/main/java/org/wso2/carbon/webapp/authenticator/framework/authenticator/OneTimeTokenAuthenticator.java index 9d290c51da..539e8be13d 100644 --- a/components/webapp-authenticator-framework/org.wso2.carbon.webapp.authenticator.framework/src/main/java/org/wso2/carbon/webapp/authenticator/framework/authenticator/OneTimeTokenAuthenticator.java +++ b/components/webapp-authenticator-framework/org.wso2.carbon.webapp.authenticator.framework/src/main/java/org/wso2/carbon/webapp/authenticator/framework/authenticator/OneTimeTokenAuthenticator.java @@ -49,8 +49,18 @@ public class OneTimeTokenAuthenticator implements WebappAuthenticator { try { OTPManagementService otpManagementService = AuthenticatorFrameworkDataHolder.getInstance() .getOtpManagementService(); - OneTimePinDTO validOTP = otpManagementService.isValidOTP(request.getHeader(Constants.HTTPHeaders - .ONE_TIME_TOKEN_HEADER)); + OneTimePinDTO validOTP; + if (request.getRequestURI().toString().endsWith("cloud/download-url") + || request.getRequestURI().toString().endsWith("cloud/tenant")) { + validOTP = otpManagementService.isValidOTP(request.getHeader(Constants.HTTPHeaders + .ONE_TIME_TOKEN_HEADER), true); + } else { + log.info("Validating OTP for enrollments PIN: " + request.getHeader(Constants + .HTTPHeaders.ONE_TIME_TOKEN_HEADER)); + validOTP = otpManagementService.isValidOTP(request.getHeader(Constants.HTTPHeaders + .ONE_TIME_TOKEN_HEADER), false); + } + if (validOTP != null) { authenticationInfo.setStatus(Status.CONTINUE); authenticationInfo.setTenantId(validOTP.getTenantId()); From 209f2b66c94cc64c361d19a35feb4b341c4b97b5 Mon Sep 17 00:00:00 2001 From: Pahansith Date: Sat, 13 May 2023 12:56:56 +0530 Subject: [PATCH 05/29] Add tenant based storing and loading SCEP certificates --- .../mgt/core/dao/CertificateDAO.java | 10 +++++ .../dao/impl/AbstractCertificateDAOImpl.java | 36 +++++++++++++++++ .../mgt/core/impl/CertificateGenerator.java | 39 ++++++++++++++----- .../mgt/core/impl/KeyStoreReader.java | 37 ++++++++++++++++++ .../exception/StorageManagementException.java | 32 +++++++++++++++ 5 files changed, 145 insertions(+), 9 deletions(-) diff --git a/components/certificate-mgt/org.wso2.carbon.certificate.mgt.core/src/main/java/org/wso2/carbon/certificate/mgt/core/dao/CertificateDAO.java b/components/certificate-mgt/org.wso2.carbon.certificate.mgt.core/src/main/java/org/wso2/carbon/certificate/mgt/core/dao/CertificateDAO.java index cb97cf8892..fe1d829a82 100644 --- a/components/certificate-mgt/org.wso2.carbon.certificate.mgt.core/src/main/java/org/wso2/carbon/certificate/mgt/core/dao/CertificateDAO.java +++ b/components/certificate-mgt/org.wso2.carbon.certificate.mgt.core/src/main/java/org/wso2/carbon/certificate/mgt/core/dao/CertificateDAO.java @@ -51,6 +51,16 @@ public interface CertificateDAO { */ CertificateResponse retrieveCertificate(String serialNumber) throws CertificateManagementDAOException; + /** + * Obtain a certificated stored in the database by providing the common name and the tenant ID + * + * @param serialNumber Serial number (Common name) of the certificate + * @param tenantId ID of the certificate owning tenant + * @return representation of the certificate. + * @throws CertificateManagementDAOException if fails to read the certificate from the database + */ + CertificateResponse retrieveCertificate(String serialNumber, int tenantId) throws CertificateManagementDAOException; + /** * Get all the certificates in a paginated manner. * diff --git a/components/certificate-mgt/org.wso2.carbon.certificate.mgt.core/src/main/java/org/wso2/carbon/certificate/mgt/core/dao/impl/AbstractCertificateDAOImpl.java b/components/certificate-mgt/org.wso2.carbon.certificate.mgt.core/src/main/java/org/wso2/carbon/certificate/mgt/core/dao/impl/AbstractCertificateDAOImpl.java index 4af136c987..e536eaf646 100644 --- a/components/certificate-mgt/org.wso2.carbon.certificate.mgt.core/src/main/java/org/wso2/carbon/certificate/mgt/core/dao/impl/AbstractCertificateDAOImpl.java +++ b/components/certificate-mgt/org.wso2.carbon.certificate.mgt.core/src/main/java/org/wso2/carbon/certificate/mgt/core/dao/impl/AbstractCertificateDAOImpl.java @@ -119,6 +119,42 @@ public abstract class AbstractCertificateDAOImpl implements CertificateDAO{ return certificateResponse; } + @Override + public CertificateResponse retrieveCertificate(String serialNumber, int tenantId) throws CertificateManagementDAOException { + Connection conn; + PreparedStatement stmt = null; + ResultSet resultSet = null; + CertificateResponse certificateResponse = null; + try { + conn = this.getConnection(); + String query = + "SELECT CERTIFICATE, SERIAL_NUMBER, TENANT_ID, USERNAME FROM" + + " DM_DEVICE_CERTIFICATE WHERE SERIAL_NUMBER = ? AND TENANT_ID = ? "; + stmt = conn.prepareStatement(query); + stmt.setString(1, serialNumber); + stmt.setInt(2, tenantId); + resultSet = stmt.executeQuery(); + + if (resultSet.next()) { + certificateResponse = new CertificateResponse(); + byte[] certificateBytes = resultSet.getBytes("CERTIFICATE"); + certificateResponse.setCertificate(certificateBytes); + certificateResponse.setSerialNumber(resultSet.getString("SERIAL_NUMBER")); + certificateResponse.setTenantId(resultSet.getInt("TENANT_ID")); + certificateResponse.setUsername(resultSet.getString("USERNAME")); + CertificateGenerator.extractCertificateDetails(certificateBytes, certificateResponse); + } + } catch (SQLException e) { + String errorMsg = + "Unable to get the read the certificate with serial" + serialNumber; + log.error(errorMsg, e); + throw new CertificateManagementDAOException(errorMsg, e); + } finally { + CertificateManagementDAOUtil.cleanupResources(stmt, resultSet); + } + return certificateResponse; + } + @Override public List searchCertificate(String serialNumber) throws CertificateManagementDAOException { diff --git a/components/certificate-mgt/org.wso2.carbon.certificate.mgt.core/src/main/java/org/wso2/carbon/certificate/mgt/core/impl/CertificateGenerator.java b/components/certificate-mgt/org.wso2.carbon.certificate.mgt.core/src/main/java/org/wso2/carbon/certificate/mgt/core/impl/CertificateGenerator.java index d686ff5115..5c9bbfad45 100755 --- a/components/certificate-mgt/org.wso2.carbon.certificate.mgt.core/src/main/java/org/wso2/carbon/certificate/mgt/core/impl/CertificateGenerator.java +++ b/components/certificate-mgt/org.wso2.carbon.certificate.mgt.core/src/main/java/org/wso2/carbon/certificate/mgt/core/impl/CertificateGenerator.java @@ -358,15 +358,31 @@ public class CertificateGenerator { CertificateResponse lookUpCertificate = null; KeyStoreReader keyStoreReader = new KeyStoreReader(); if (distinguishedName != null && !distinguishedName.isEmpty()) { - if (distinguishedName.contains("/CN=")) { - String[] dnSplits = distinguishedName.split("/"); - for (String dnPart : dnSplits) { - if (dnPart.contains("CN=")) { - String commonNameExtracted = dnPart.replace("CN=", ""); - lookUpCertificate = keyStoreReader.getCertificateBySerial(commonNameExtracted); - break; + if (distinguishedName.contains("CN=")) { + String[] dnSplits = null; + if (distinguishedName.contains("/")) { + dnSplits = distinguishedName.split("/"); + } else if (distinguishedName.contains(",")) { + //some older versions of nginx will forward the client certificate subject dn separated with commas + dnSplits = distinguishedName.split(","); + } + String commonNameExtracted = null; + int tenantId = 0; + if (dnSplits != null && dnSplits.length >= 1) { + for (String dnPart : dnSplits) { + if (dnPart.contains("CN=")) { + commonNameExtracted = dnPart.replace("CN=", ""); + } else if (dnPart.contains("OU=")) { + //the OU of the certificate will be like OU=tenant_ ex: OU=tenant_-1234 + //splitting by underscore to extract the tenant domain + String[] orgUnitSplits = dnPart.split("_"); + tenantId = Integer.parseInt(orgUnitSplits[1]); + } } } + + lookUpCertificate = keyStoreReader.getCertificateBySerial(commonNameExtracted, tenantId); + } else { LdapName ldapName; try { @@ -807,8 +823,9 @@ public class CertificateGenerator { X500Name issuerName = new X500Name(subjectDn); String commonName = certificationRequest.getSubject().getRDNs(BCStyle.CN)[0].getFirst() .getValue().toString(); - X500Name subjectName = new X500Name("O=" + commonName + "O=AndroidDevice,CN=" + - serialNumber); + int tenantId = PrivilegedCarbonContext.getThreadLocalCarbonContext().getTenantId(); + X500Name subjectName = new X500Name("O=" + commonName + ",CN=" + + serialNumber + ", OU=tenant_"+tenantId); Date startDate = new Date(System.currentTimeMillis()); Date endDate = new Date(System.currentTimeMillis() + TimeUnit.DAYS.toMillis(365 * 100)); @@ -826,6 +843,10 @@ public class CertificateGenerator { issuedCert = (X509Certificate) certificateFactory .generateCertificate(new ByteArrayInputStream(encodedCertificate)); + io.entgra.device.mgt.core.certificate.mgt.core.bean.Certificate certificate = + new io.entgra.device.mgt.core.certificate.mgt.core.bean.Certificate(); + List certificates = new ArrayList<>(); + certificate.setTenantId(tenantId); org.wso2.carbon.certificate.mgt.core.bean.Certificate certificate = new org.wso2.carbon.certificate.mgt.core.bean.Certificate(); List certificates = new ArrayList<>(); diff --git a/components/certificate-mgt/org.wso2.carbon.certificate.mgt.core/src/main/java/org/wso2/carbon/certificate/mgt/core/impl/KeyStoreReader.java b/components/certificate-mgt/org.wso2.carbon.certificate.mgt.core/src/main/java/org/wso2/carbon/certificate/mgt/core/impl/KeyStoreReader.java index 60a7800863..921f11e794 100755 --- a/components/certificate-mgt/org.wso2.carbon.certificate.mgt.core/src/main/java/org/wso2/carbon/certificate/mgt/core/impl/KeyStoreReader.java +++ b/components/certificate-mgt/org.wso2.carbon.certificate.mgt.core/src/main/java/org/wso2/carbon/certificate/mgt/core/impl/KeyStoreReader.java @@ -275,6 +275,43 @@ public class KeyStoreReader { return raPrivateKey; } + public CertificateResponse getCertificateBySerial(String serialNumber, int tenantId) throws KeystoreException { + CertificateResponse certificateResponse = null; + try { + CertificateCacheManager cacheManager = CertificateCacheManagerImpl.getInstance(); + certificateResponse = cacheManager.getCertificateBySerial(serialNumber); + if (certificateResponse == null) { + try { + CertificateManagementDAOFactory.openConnection(); + certificateResponse = certDao.retrieveCertificate(serialNumber, tenantId); + } catch (SQLException e) { + String errorMsg = "Error when making a connection to the database."; + throw new KeystoreException(errorMsg, e); + } finally { + CertificateManagementDAOFactory.closeConnection(); + } + if (certificateResponse != null && certificateResponse.getCertificate() != null) { + Certificate certificate = (Certificate) Serializer.deserialize(certificateResponse.getCertificate()); + if (certificate instanceof X509Certificate) { + X509Certificate x509cert = (X509Certificate) certificate; + String commonName = CertificateGenerator.getCommonName(x509cert); + certificateResponse.setCommonName(commonName); + cacheManager.addCertificateBySerial(serialNumber, certificateResponse); + } + } + } + } catch (CertificateManagementDAOException e) { + String errorMsg = "Error when retrieving certificate from the the database for the serial number: " + + serialNumber; + throw new KeystoreException(errorMsg, e); + + } catch (ClassNotFoundException | IOException e) { + String errorMsg = "Error when de-serializing saved certificate."; + throw new KeystoreException(errorMsg, e); + } + return certificateResponse; + } + public CertificateResponse getCertificateBySerial(String serialNumber) throws KeystoreException { CertificateResponse certificateResponse = null; try { diff --git a/components/device-mgt/org.wso2.carbon.device.mgt.core/src/main/java/org/wso2/carbon/device/mgt/core/common/exception/StorageManagementException.java b/components/device-mgt/org.wso2.carbon.device.mgt.core/src/main/java/org/wso2/carbon/device/mgt/core/common/exception/StorageManagementException.java index e69de29bb2..38985716de 100644 --- a/components/device-mgt/org.wso2.carbon.device.mgt.core/src/main/java/org/wso2/carbon/device/mgt/core/common/exception/StorageManagementException.java +++ b/components/device-mgt/org.wso2.carbon.device.mgt.core/src/main/java/org/wso2/carbon/device/mgt/core/common/exception/StorageManagementException.java @@ -0,0 +1,32 @@ +/* Copyright (c) 2023, Entgra (Pvt) Ltd. (http://www.entgra.io) All Rights Reserved. + * + * Entgra (Pvt) Ltd. licenses this file to you under the Apache License, + * Version 2.0 (the "License"); you may not use this file except + * in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, + * software distributed under the License is distributed on an + * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY + * KIND, either express or implied. See the License for the + * specific language governing permissions and limitations + * under the License. + */ + +package org.wso2.carbon.device.mgt.core.common.exception; + +/** + * Represents the exception thrown during storing and retrieving the artifacts. + */ +public class StorageManagementException extends Exception { + public StorageManagementException(String message, Throwable ex) { + super(message, ex); + } + + public StorageManagementException(String message) { + super(message); + } +} + From 7100b36e35e0d0ce9f61e4a5dcd25452060a3cc2 Mon Sep 17 00:00:00 2001 From: Pahansith Date: Mon, 29 May 2023 12:27:50 +0530 Subject: [PATCH 06/29] Fix package name issue --- .../certificate/mgt/core/impl/CertificateGenerator.java | 4 ---- 1 file changed, 4 deletions(-) diff --git a/components/certificate-mgt/org.wso2.carbon.certificate.mgt.core/src/main/java/org/wso2/carbon/certificate/mgt/core/impl/CertificateGenerator.java b/components/certificate-mgt/org.wso2.carbon.certificate.mgt.core/src/main/java/org/wso2/carbon/certificate/mgt/core/impl/CertificateGenerator.java index 5c9bbfad45..e3973ed152 100755 --- a/components/certificate-mgt/org.wso2.carbon.certificate.mgt.core/src/main/java/org/wso2/carbon/certificate/mgt/core/impl/CertificateGenerator.java +++ b/components/certificate-mgt/org.wso2.carbon.certificate.mgt.core/src/main/java/org/wso2/carbon/certificate/mgt/core/impl/CertificateGenerator.java @@ -843,10 +843,6 @@ public class CertificateGenerator { issuedCert = (X509Certificate) certificateFactory .generateCertificate(new ByteArrayInputStream(encodedCertificate)); - io.entgra.device.mgt.core.certificate.mgt.core.bean.Certificate certificate = - new io.entgra.device.mgt.core.certificate.mgt.core.bean.Certificate(); - List certificates = new ArrayList<>(); - certificate.setTenantId(tenantId); org.wso2.carbon.certificate.mgt.core.bean.Certificate certificate = new org.wso2.carbon.certificate.mgt.core.bean.Certificate(); List certificates = new ArrayList<>(); From 48be39a96386b5726b6ff5a92b44ea7d76af964d Mon Sep 17 00:00:00 2001 From: inoshperera Date: Sun, 18 Jun 2023 12:22:01 +0530 Subject: [PATCH 07/29] Add the logic to save device id to certificate DB partialy fixes https://roadmap.entgra.net/issues/10145 --- .../mgt/core/bean/Certificate.java | 9 +++++ .../mgt/core/dao/CertificateDAO.java | 11 ++++++ .../dao/impl/AbstractCertificateDAOImpl.java | 34 +++++++++++++++++++ .../mgt/core/impl/CertificateGenerator.java | 29 ++++++++++++++-- 4 files changed, 80 insertions(+), 3 deletions(-) diff --git a/components/certificate-mgt/org.wso2.carbon.certificate.mgt.core/src/main/java/org/wso2/carbon/certificate/mgt/core/bean/Certificate.java b/components/certificate-mgt/org.wso2.carbon.certificate.mgt.core/src/main/java/org/wso2/carbon/certificate/mgt/core/bean/Certificate.java index 5ced778afa..40a9ef1c6c 100644 --- a/components/certificate-mgt/org.wso2.carbon.certificate.mgt.core/src/main/java/org/wso2/carbon/certificate/mgt/core/bean/Certificate.java +++ b/components/certificate-mgt/org.wso2.carbon.certificate.mgt.core/src/main/java/org/wso2/carbon/certificate/mgt/core/bean/Certificate.java @@ -25,6 +25,15 @@ public class Certificate { X509Certificate certificate; int tenantId; String tenantDomain; + String deviceIdentifier; + + public String getDeviceIdentifier() { + return deviceIdentifier; + } + + public void setDeviceIdentifier(String deviceIdentifier) { + this.deviceIdentifier = deviceIdentifier; + } public int getTenantId() { return tenantId; diff --git a/components/certificate-mgt/org.wso2.carbon.certificate.mgt.core/src/main/java/org/wso2/carbon/certificate/mgt/core/dao/CertificateDAO.java b/components/certificate-mgt/org.wso2.carbon.certificate.mgt.core/src/main/java/org/wso2/carbon/certificate/mgt/core/dao/CertificateDAO.java index fe1d829a82..3204b8e7b9 100644 --- a/components/certificate-mgt/org.wso2.carbon.certificate.mgt.core/src/main/java/org/wso2/carbon/certificate/mgt/core/dao/CertificateDAO.java +++ b/components/certificate-mgt/org.wso2.carbon.certificate.mgt.core/src/main/java/org/wso2/carbon/certificate/mgt/core/dao/CertificateDAO.java @@ -41,6 +41,17 @@ public interface CertificateDAO { void addCertificate(List certificate) throws CertificateManagementDAOException; + /** + * This can be used to store a certificate in the database, where it will be stored against the serial number + * of the certificate. + * + * @param certificate Holds the certificate and relevant details. + * @throws CertificateManagementDAOException + * + */ + void addCertificate(Certificate certificate) + throws CertificateManagementDAOException; + /** * Usage is to obtain a certificate stored in the database by providing the common name. * diff --git a/components/certificate-mgt/org.wso2.carbon.certificate.mgt.core/src/main/java/org/wso2/carbon/certificate/mgt/core/dao/impl/AbstractCertificateDAOImpl.java b/components/certificate-mgt/org.wso2.carbon.certificate.mgt.core/src/main/java/org/wso2/carbon/certificate/mgt/core/dao/impl/AbstractCertificateDAOImpl.java index e536eaf646..caa3bf1e19 100644 --- a/components/certificate-mgt/org.wso2.carbon.certificate.mgt.core/src/main/java/org/wso2/carbon/certificate/mgt/core/dao/impl/AbstractCertificateDAOImpl.java +++ b/components/certificate-mgt/org.wso2.carbon.certificate.mgt.core/src/main/java/org/wso2/carbon/certificate/mgt/core/dao/impl/AbstractCertificateDAOImpl.java @@ -81,6 +81,40 @@ public abstract class AbstractCertificateDAOImpl implements CertificateDAO{ } } + @Override + public void addCertificate(Certificate certificate) + throws CertificateManagementDAOException { + Connection conn; + PreparedStatement stmt = null; + try { + conn = this.getConnection(); + stmt = conn.prepareStatement( + "INSERT INTO DM_DEVICE_CERTIFICATE (SERIAL_NUMBER, CERTIFICATE, TENANT_ID," + + " USERNAME, DEVICE_IDENTIFIER) VALUES (?,?,?,?,?)"); + PrivilegedCarbonContext threadLocalCarbonContext = PrivilegedCarbonContext. + getThreadLocalCarbonContext(); + String username = threadLocalCarbonContext.getUsername(); + // the serial number of the certificate used for its creation is set as its alias. + String serialNumber = certificate.getSerial(); + if (serialNumber == null || serialNumber.isEmpty()) { + serialNumber = String.valueOf(certificate.getCertificate().getSerialNumber()); + } + byte[] bytes = Serializer.serialize(certificate.getCertificate()); + + stmt.setString(1, serialNumber); + stmt.setBytes(2, bytes); + stmt.setInt(3, certificate.getTenantId()); + stmt.setString(4, username); + stmt.setString(5, certificate.getDeviceIdentifier()); + stmt.executeUpdate(); + } catch (SQLException | IOException e) { + throw new CertificateManagementDAOException("Error occurred while saving the " + + "certificate. ", e); + } finally { + CertificateManagementDAOUtil.cleanupResources(stmt, null); + } + } + @Override public CertificateResponse retrieveCertificate(String serialNumber) throws CertificateManagementDAOException { diff --git a/components/certificate-mgt/org.wso2.carbon.certificate.mgt.core/src/main/java/org/wso2/carbon/certificate/mgt/core/impl/CertificateGenerator.java b/components/certificate-mgt/org.wso2.carbon.certificate.mgt.core/src/main/java/org/wso2/carbon/certificate/mgt/core/impl/CertificateGenerator.java index e3973ed152..2a43704688 100755 --- a/components/certificate-mgt/org.wso2.carbon.certificate.mgt.core/src/main/java/org/wso2/carbon/certificate/mgt/core/impl/CertificateGenerator.java +++ b/components/certificate-mgt/org.wso2.carbon.certificate.mgt.core/src/main/java/org/wso2/carbon/certificate/mgt/core/impl/CertificateGenerator.java @@ -710,6 +710,30 @@ public class CertificateGenerator { } } + public void saveCertificate(org.wso2.carbon.certificate.mgt.core.bean.Certificate + certificate) throws KeystoreException { + + if (certificate == null) { + return; + } + + try { + CertificateDAO certificateDAO = CertificateManagementDAOFactory.getCertificateDAO(); + CertificateManagementDAOFactory.beginTransaction(); + certificateDAO.addCertificate(certificate); + CertificateManagementDAOFactory.commitTransaction(); + } catch (CertificateManagementDAOException e) { + String errorMsg = "Error occurred when saving the generated certificate in database"; + log.error(errorMsg); + CertificateManagementDAOFactory.rollbackTransaction(); + throw new KeystoreException(errorMsg, e); + } catch (TransactionManagementException e) { + String errorMsg = "Error occurred when saving the generated certificate in database"; + log.error(errorMsg); + throw new KeystoreException(errorMsg, e); + } + } + public void saveCertInKeyStore(List certificate) throws KeystoreException { @@ -845,11 +869,10 @@ public class CertificateGenerator { org.wso2.carbon.certificate.mgt.core.bean.Certificate certificate = new org.wso2.carbon.certificate.mgt.core.bean.Certificate(); - List certificates = new ArrayList<>(); certificate.setTenantId(PrivilegedCarbonContext.getThreadLocalCarbonContext().getTenantId()); certificate.setCertificate(issuedCert); - certificates.add(certificate); - saveCertInKeyStore(certificates); + certificate.setDeviceIdentifier(commonName); + saveCertificate(certificate); } catch (OperatorCreationException e) { String errorMsg = "Error creating the content signer"; From 94408c7ce3f0f6fd4a97ec7bc6878fc147152e85 Mon Sep 17 00:00:00 2001 From: rajitha Date: Thu, 15 Jun 2023 14:08:46 +0530 Subject: [PATCH 08/29] Add otp token --- .../DeviceManagementConfigService.java | 7 +++- .../DeviceManagementConfigServiceImpl.java | 37 ++++++++++++++++++- .../config/jaxrs/util/DeviceMgtAPIUtils.java | 16 ++++++++ 3 files changed, 57 insertions(+), 3 deletions(-) diff --git a/components/device-mgt/io.entgra.carbon.device.mgt.config.api/src/main/java/io/entgra/carbon/device/mgt/config/jaxrs/service/DeviceManagementConfigService.java b/components/device-mgt/io.entgra.carbon.device.mgt.config.api/src/main/java/io/entgra/carbon/device/mgt/config/jaxrs/service/DeviceManagementConfigService.java index d5fe117a63..1adeb44f17 100644 --- a/components/device-mgt/io.entgra.carbon.device.mgt.config.api/src/main/java/io/entgra/carbon/device/mgt/config/jaxrs/service/DeviceManagementConfigService.java +++ b/components/device-mgt/io.entgra.carbon.device.mgt.config.api/src/main/java/io/entgra/carbon/device/mgt/config/jaxrs/service/DeviceManagementConfigService.java @@ -156,7 +156,12 @@ public interface DeviceManagementConfigService { value = "The properties list using for query a device", required = true) @QueryParam("properties") - String properties); + String properties, + @ApiParam( + name = "withAccessToken", + value = "Whether to use access token or otp token for device configuration") + @QueryParam("withAccessToken") + boolean withAccessToken); @PUT @Path("/device/transfer") diff --git a/components/device-mgt/io.entgra.carbon.device.mgt.config.api/src/main/java/io/entgra/carbon/device/mgt/config/jaxrs/service/impl/DeviceManagementConfigServiceImpl.java b/components/device-mgt/io.entgra.carbon.device.mgt.config.api/src/main/java/io/entgra/carbon/device/mgt/config/jaxrs/service/impl/DeviceManagementConfigServiceImpl.java index 8aea316c55..cf2fc9c83a 100644 --- a/components/device-mgt/io.entgra.carbon.device.mgt.config.api/src/main/java/io/entgra/carbon/device/mgt/config/jaxrs/service/impl/DeviceManagementConfigServiceImpl.java +++ b/components/device-mgt/io.entgra.carbon.device.mgt.config.api/src/main/java/io/entgra/carbon/device/mgt/config/jaxrs/service/impl/DeviceManagementConfigServiceImpl.java @@ -35,8 +35,12 @@ import org.wso2.carbon.device.mgt.common.configuration.mgt.AmbiguousConfiguratio import org.wso2.carbon.device.mgt.common.configuration.mgt.DeviceConfiguration; import org.wso2.carbon.device.mgt.common.exceptions.DeviceManagementException; import org.wso2.carbon.device.mgt.common.exceptions.DeviceNotFoundException; +import org.wso2.carbon.device.mgt.common.exceptions.OTPManagementException; import org.wso2.carbon.device.mgt.common.general.TenantDetail; +import org.wso2.carbon.device.mgt.common.otp.mgt.OTPEmailTypes; +import org.wso2.carbon.device.mgt.common.otp.mgt.dto.OneTimePinDTO; import org.wso2.carbon.device.mgt.common.permission.mgt.PermissionManagementException; +import org.wso2.carbon.device.mgt.common.spi.OTPManagementService; import org.wso2.carbon.device.mgt.core.DeviceManagementConstants; import org.wso2.carbon.device.mgt.core.config.DeviceConfigurationManager; import org.wso2.carbon.device.mgt.core.config.DeviceManagementConfig; @@ -77,7 +81,8 @@ public class DeviceManagementConfigServiceImpl implements DeviceManagementConfig @Path("/configurations") @Produces(MediaType.APPLICATION_JSON) public Response getConfiguration(@HeaderParam("token") String token, - @QueryParam("properties") String properties) { + @QueryParam("properties") String properties, + @QueryParam("withAccessToken") boolean withAccessToken) { DeviceManagementProviderService dms = DeviceMgtAPIUtils.getDeviceManagementService(); try { if (token == null || token.isEmpty()) { @@ -102,7 +107,8 @@ public class DeviceManagementConfigServiceImpl implements DeviceManagementConfig deviceProps.put("token", token); DeviceConfiguration devicesConfiguration = dms.getDeviceConfiguration(deviceProps); - setAccessTokenToDeviceConfigurations(devicesConfiguration); + if (withAccessToken) setAccessTokenToDeviceConfigurations(devicesConfiguration); + else setOTPTokenToDeviceConfigurations(devicesConfiguration); return Response.status(Response.Status.OK).entity(devicesConfiguration).build(); } catch (DeviceManagementException e) { String msg = "Error occurred while retrieving configurations"; @@ -214,6 +220,33 @@ public class DeviceManagementConfigServiceImpl implements DeviceManagementConfig } } + private void setOTPTokenToDeviceConfigurations(DeviceConfiguration deviceConfiguration) + throws DeviceManagementException { + OneTimePinDTO oneTimePinData = new OneTimePinDTO(); + oneTimePinData.setEmail(OTPEmailTypes.DEVICE_ENROLLMENT.toString()); + oneTimePinData.setEmailType(OTPEmailTypes.DEVICE_ENROLLMENT.toString()); + oneTimePinData.setUsername(deviceConfiguration.getDeviceOwner()); + PrivilegedCarbonContext.startTenantFlow(); + PrivilegedCarbonContext.getThreadLocalCarbonContext().setTenantDomain( + deviceConfiguration.getTenantDomain(), true); + oneTimePinData.setTenantId(PrivilegedCarbonContext.getThreadLocalCarbonContext().getTenantId()); + PrivilegedCarbonContext.endTenantFlow(); + OTPManagementService otpManagementService = DeviceMgtAPIUtils.getOtpManagementService(); + try { + OneTimePinDTO oneTimePinDTO = otpManagementService.generateOneTimePin(oneTimePinData, true); + if (oneTimePinDTO == null) { + String msg = "Null value returned when generating OTP token for " + oneTimePinData.getOtpToken(); + log.error(msg); + throw new DeviceManagementException(msg); + } + deviceConfiguration.setAccessToken(oneTimePinDTO.getOtpToken()); + } catch (OTPManagementException ex) { + String msg = "Error occurred while generating one time pin: " + ex.getMessage(); + log.error(msg, ex); + throw new DeviceManagementException(msg, ex); + } + } + @Override @Path("/tenants") @GET diff --git a/components/device-mgt/io.entgra.carbon.device.mgt.config.api/src/main/java/io/entgra/carbon/device/mgt/config/jaxrs/util/DeviceMgtAPIUtils.java b/components/device-mgt/io.entgra.carbon.device.mgt.config.api/src/main/java/io/entgra/carbon/device/mgt/config/jaxrs/util/DeviceMgtAPIUtils.java index cf098c6edc..7ad136cd7f 100644 --- a/components/device-mgt/io.entgra.carbon.device.mgt.config.api/src/main/java/io/entgra/carbon/device/mgt/config/jaxrs/util/DeviceMgtAPIUtils.java +++ b/components/device-mgt/io.entgra.carbon.device.mgt.config.api/src/main/java/io/entgra/carbon/device/mgt/config/jaxrs/util/DeviceMgtAPIUtils.java @@ -21,6 +21,7 @@ package io.entgra.carbon.device.mgt.config.jaxrs.util; import org.apache.commons.logging.Log; import org.apache.commons.logging.LogFactory; import org.wso2.carbon.context.PrivilegedCarbonContext; +import org.wso2.carbon.device.mgt.common.spi.OTPManagementService; import org.wso2.carbon.device.mgt.core.service.DeviceManagementProviderService; import org.wso2.carbon.user.core.service.RealmService; @@ -34,6 +35,8 @@ public class DeviceMgtAPIUtils { private static DeviceManagementProviderService deviceManagementProviderService = null; private static RealmService realmService = null; + private static OTPManagementService otpManagementService = null; + public static DeviceManagementProviderService getDeviceManagementService() { if (deviceManagementProviderService == null) { PrivilegedCarbonContext ctx = PrivilegedCarbonContext.getThreadLocalCarbonContext(); @@ -48,6 +51,19 @@ public class DeviceMgtAPIUtils { return deviceManagementProviderService; } + public static OTPManagementService getOtpManagementService() { + if (otpManagementService == null) { + PrivilegedCarbonContext ctx = PrivilegedCarbonContext.getThreadLocalCarbonContext(); + otpManagementService = (OTPManagementService) ctx.getOSGiService(OTPManagementService.class, null); + if (otpManagementService == null) { + String msg = "OTP Management Service has not initialized."; + log.error(msg); + throw new IllegalStateException(msg); + } + } + return otpManagementService; + } + public static RealmService getRealmService() { if (realmService == null) { PrivilegedCarbonContext ctx = PrivilegedCarbonContext.getThreadLocalCarbonContext(); From b18003a1cdcbc84deef9bd6eabeabdb38a05c60a Mon Sep 17 00:00:00 2001 From: Pahansith Date: Wed, 21 Jun 2023 06:20:17 +0530 Subject: [PATCH 09/29] Add OTP based remote session implementation --- .../mgt/common/otp/mgt/OTPEmailTypes.java | 2 +- .../interceptor/DefaultTokenHandler.java | 100 +++++------------- .../ui/request/interceptor/UserHandler.java | 1 + .../interceptor/util/HandlerConstants.java | 1 + .../request/interceptor/util/HandlerUtil.java | 12 +++ 5 files changed, 44 insertions(+), 72 deletions(-) diff --git a/components/device-mgt/org.wso2.carbon.device.mgt.common/src/main/java/org/wso2/carbon/device/mgt/common/otp/mgt/OTPEmailTypes.java b/components/device-mgt/org.wso2.carbon.device.mgt.common/src/main/java/org/wso2/carbon/device/mgt/common/otp/mgt/OTPEmailTypes.java index 9a182a0b14..ecfbc63905 100644 --- a/components/device-mgt/org.wso2.carbon.device.mgt.common/src/main/java/org/wso2/carbon/device/mgt/common/otp/mgt/OTPEmailTypes.java +++ b/components/device-mgt/org.wso2.carbon.device.mgt.common/src/main/java/org/wso2/carbon/device/mgt/common/otp/mgt/OTPEmailTypes.java @@ -18,5 +18,5 @@ package org.wso2.carbon.device.mgt.common.otp.mgt; public enum OTPEmailTypes { - USER_VERIFY, DEVICE_ENROLLMENT, USER_INVITE + USER_VERIFY, DEVICE_ENROLLMENT, USER_INVITE, REMOTE_SESSION } diff --git a/components/ui-request-interceptor/io.entgra.ui.request.interceptor/src/main/java/io/entgra/ui/request/interceptor/DefaultTokenHandler.java b/components/ui-request-interceptor/io.entgra.ui.request.interceptor/src/main/java/io/entgra/ui/request/interceptor/DefaultTokenHandler.java index b244a5ed67..661027d10e 100644 --- a/components/ui-request-interceptor/io.entgra.ui.request.interceptor/src/main/java/io/entgra/ui/request/interceptor/DefaultTokenHandler.java +++ b/components/ui-request-interceptor/io.entgra.ui.request.interceptor/src/main/java/io/entgra/ui/request/interceptor/DefaultTokenHandler.java @@ -18,21 +18,22 @@ package io.entgra.ui.request.interceptor; import com.google.gson.Gson; -import com.google.gson.JsonElement; import com.google.gson.JsonObject; -import com.google.gson.JsonParser; -import io.entgra.ui.request.interceptor.beans.AuthData; import io.entgra.ui.request.interceptor.util.HandlerConstants; import io.entgra.ui.request.interceptor.util.HandlerUtil; -import org.apache.commons.lang.StringUtils; import org.apache.commons.logging.Log; import org.apache.commons.logging.LogFactory; -import org.apache.http.HttpHeaders; import org.apache.http.HttpStatus; -import org.apache.http.client.methods.HttpGet; import org.apache.http.client.utils.URIBuilder; -import org.apache.http.entity.ContentType; import io.entgra.ui.request.interceptor.beans.ProxyResponse; +import org.wso2.carbon.context.PrivilegedCarbonContext; +import org.wso2.carbon.device.mgt.common.DeviceManagementConstants; +import org.wso2.carbon.device.mgt.common.exceptions.OTPManagementException; +import org.wso2.carbon.device.mgt.common.otp.mgt.OTPEmailTypes; +import org.wso2.carbon.device.mgt.common.otp.mgt.dto.OneTimePinDTO; +import org.wso2.carbon.device.mgt.common.spi.OTPManagementService; +import org.wso2.carbon.user.api.UserStoreException; +import org.wso2.carbon.user.core.service.RealmService; import javax.servlet.annotation.MultipartConfig; import javax.servlet.annotation.WebServlet; @@ -54,71 +55,28 @@ public class DefaultTokenHandler extends HttpServlet { HttpSession httpSession = req.getSession(false); if (httpSession != null) { - AuthData authData = (AuthData) httpSession.getAttribute(HandlerConstants.SESSION_AUTH_DATA_KEY); - if (authData == null) { - HandlerUtil.sendUnAuthorizeResponse(resp); - return; + String userWithDomain = (String) httpSession.getAttribute(HandlerConstants.USERNAME_WITH_DOMAIN); + String[] userNameParts = userWithDomain.split("@"); + + OneTimePinDTO oneTimePinData = new OneTimePinDTO(); + oneTimePinData.setEmail(OTPEmailTypes.REMOTE_SESSION.toString()); + oneTimePinData.setEmailType(OTPEmailTypes.REMOTE_SESSION.toString()); + oneTimePinData.setUsername(userNameParts[0]); + PrivilegedCarbonContext ctx = PrivilegedCarbonContext.getThreadLocalCarbonContext(); + RealmService realmService = (RealmService) ctx.getOSGiService(RealmService.class, null); + try { + oneTimePinData.setTenantId(realmService.getTenantManager().getTenantId(userNameParts[1])); + } catch (UserStoreException e) { + throw new RuntimeException(e); } - - AuthData defaultAuthData = (AuthData) httpSession - .getAttribute(HandlerConstants.SESSION_DEFAULT_AUTH_DATA_KEY); - if (defaultAuthData != null) { - HandlerUtil.handleSuccess(resp, constructSuccessProxyResponse(defaultAuthData.getAccessToken())); - return; - } - - String clientId = authData.getClientId(); - String clientSecret = authData.getClientSecret(); - - String queryString = req.getQueryString(); - String scopeString = ""; - if (StringUtils.isNotEmpty(queryString)) { - scopeString = req.getParameter("scopes"); - if (scopeString != null) { - scopeString = "?scopes=" + scopeString; - } - } - - String iotsCoreUrl = req.getScheme() + HandlerConstants.SCHEME_SEPARATOR - + System.getProperty(HandlerConstants.IOT_GW_HOST_ENV_VAR) - + HandlerConstants.COLON + HandlerUtil.getGatewayPort(req.getScheme()); - String tokenUrl = iotsCoreUrl + "/api/device-mgt/v1.0/devices/" + clientId - + "/" + clientSecret + "/default-token" + scopeString; - - HttpGet defaultTokenRequest = new HttpGet(tokenUrl); - defaultTokenRequest - .setHeader(HttpHeaders.AUTHORIZATION, HandlerConstants.BEARER + authData.getAccessToken()); - defaultTokenRequest - .setHeader(HttpHeaders.CONTENT_TYPE, ContentType.APPLICATION_FORM_URLENCODED.toString()); - ProxyResponse tokenResultResponse = HandlerUtil.execute(defaultTokenRequest); - - if (tokenResultResponse.getExecutorResponse().contains(HandlerConstants.EXECUTOR_EXCEPTION_PREFIX)) { - log.error("Error occurred while invoking the API to get default token data."); - HandlerUtil.handleError(resp, tokenResultResponse); - return; - } - String tokenResult = tokenResultResponse.getData(); - if (tokenResult == null) { - log.error("Invalid default token response is received."); - HandlerUtil.handleError(resp, tokenResultResponse); - return; - } - - JsonParser jsonParser = new JsonParser(); - JsonElement jTokenResult = jsonParser.parse(tokenResult); - if (jTokenResult.isJsonObject()) { - JsonObject jTokenResultAsJsonObject = jTokenResult.getAsJsonObject(); - AuthData newDefaultAuthData = new AuthData(); - newDefaultAuthData.setClientId(clientId); - newDefaultAuthData.setClientSecret(clientSecret); - - String defaultToken = jTokenResultAsJsonObject.get("accessToken").getAsString(); - newDefaultAuthData.setAccessToken(defaultToken); - newDefaultAuthData.setRefreshToken(jTokenResultAsJsonObject.get("refreshToken").getAsString()); - newDefaultAuthData.setScope(jTokenResultAsJsonObject.get("scopes").getAsString()); - httpSession.setAttribute(HandlerConstants.SESSION_DEFAULT_AUTH_DATA_KEY, newDefaultAuthData); - - HandlerUtil.handleSuccess(resp, constructSuccessProxyResponse(defaultToken)); + oneTimePinData.setExpiryTime(DeviceManagementConstants.OTPProperties.OTP_DEFAULT_EXPIRY_SECONDS); + OTPManagementService otpManagementService = HandlerUtil.getOTPManagementService(); + try { + oneTimePinData = otpManagementService.generateOneTimePin(oneTimePinData, true); + HandlerUtil.handleSuccess(resp, constructSuccessProxyResponse(oneTimePinData.getOtpToken())); + } catch (OTPManagementException e) { + log.error("Failed while generating remote session OTP for user " + userWithDomain, e); + HandlerUtil.handleError(resp, HttpStatus.SC_INTERNAL_SERVER_ERROR); } } else { HandlerUtil.sendUnAuthorizeResponse(resp); diff --git a/components/ui-request-interceptor/io.entgra.ui.request.interceptor/src/main/java/io/entgra/ui/request/interceptor/UserHandler.java b/components/ui-request-interceptor/io.entgra.ui.request.interceptor/src/main/java/io/entgra/ui/request/interceptor/UserHandler.java index 53be11141e..0061865583 100644 --- a/components/ui-request-interceptor/io.entgra.ui.request.interceptor/src/main/java/io/entgra/ui/request/interceptor/UserHandler.java +++ b/components/ui-request-interceptor/io.entgra.ui.request.interceptor/src/main/java/io/entgra/ui/request/interceptor/UserHandler.java @@ -120,6 +120,7 @@ public class UserHandler extends HttpServlet { proxyResponse.setData( jTokenResultAsJsonObject.get("username").getAsString().replaceAll("@carbon.super", "")); HandlerUtil.handleSuccess(resp, proxyResponse); + httpSession.setAttribute(HandlerConstants.USERNAME_WITH_DOMAIN, jTokenResultAsJsonObject.get("username").getAsString()); log.info("Customer login", userLogContextBuilder.setUserName(proxyResponse.getData()).setUserRegistered(true).build()); } } catch (IOException e) { diff --git a/components/ui-request-interceptor/io.entgra.ui.request.interceptor/src/main/java/io/entgra/ui/request/interceptor/util/HandlerConstants.java b/components/ui-request-interceptor/io.entgra.ui.request.interceptor/src/main/java/io/entgra/ui/request/interceptor/util/HandlerConstants.java index 27d6afaadc..a6aa8d6bff 100644 --- a/components/ui-request-interceptor/io.entgra.ui.request.interceptor/src/main/java/io/entgra/ui/request/interceptor/util/HandlerConstants.java +++ b/components/ui-request-interceptor/io.entgra.ui.request.interceptor/src/main/java/io/entgra/ui/request/interceptor/util/HandlerConstants.java @@ -106,4 +106,5 @@ public class HandlerConstants { public static final String IOT_REPORTING_WEBAPP_HOST_ENV_VAR = "iot.reporting.webapp.host"; public static final String USER_SCOPES = "userScopes"; public static final String HUBSPOT_CHAT_URL = "api.hubapi.com"; + public static final String USERNAME_WITH_DOMAIN = "usernameWithDomain"; } diff --git a/components/ui-request-interceptor/io.entgra.ui.request.interceptor/src/main/java/io/entgra/ui/request/interceptor/util/HandlerUtil.java b/components/ui-request-interceptor/io.entgra.ui.request.interceptor/src/main/java/io/entgra/ui/request/interceptor/util/HandlerUtil.java index b7376abddc..ab09718a04 100644 --- a/components/ui-request-interceptor/io.entgra.ui.request.interceptor/src/main/java/io/entgra/ui/request/interceptor/util/HandlerUtil.java +++ b/components/ui-request-interceptor/io.entgra.ui.request.interceptor/src/main/java/io/entgra/ui/request/interceptor/util/HandlerUtil.java @@ -55,6 +55,8 @@ import org.json.JSONException; import org.json.JSONObject; import org.w3c.dom.Document; import io.entgra.ui.request.interceptor.beans.ProxyResponse; +import org.wso2.carbon.context.PrivilegedCarbonContext; +import org.wso2.carbon.device.mgt.common.spi.OTPManagementService; import org.xml.sax.SAXException; import javax.servlet.http.HttpServletRequest; @@ -79,6 +81,8 @@ public class HandlerUtil { private static boolean isLoginCacheInitialized = false; private static AuthData authData; + private static OTPManagementService otpManagementService; + /*** * * @param httpRequest - httpMethod e.g:- HttpPost, HttpGet @@ -751,4 +755,12 @@ public class HandlerUtil { public static boolean isPropertyDefined(String property) { return StringUtils.isEmpty(System.getProperty(property)); } + + public static OTPManagementService getOTPManagementService() { + if (otpManagementService == null) { + otpManagementService = (OTPManagementService) PrivilegedCarbonContext + .getThreadLocalCarbonContext().getOSGiService(OTPManagementService.class, null); + } + return otpManagementService; + } } From 577e3e938414a1d9fe60680104d83e1e72f75cba Mon Sep 17 00:00:00 2001 From: Pahansith Date: Fri, 23 Jun 2023 20:39:12 +0530 Subject: [PATCH 10/29] Remove unnecessary logs --- .../CertificateAuthenticator.java | 18 ++++++++---------- 1 file changed, 8 insertions(+), 10 deletions(-) diff --git a/components/webapp-authenticator-framework/org.wso2.carbon.webapp.authenticator.framework/src/main/java/org/wso2/carbon/webapp/authenticator/framework/authenticator/CertificateAuthenticator.java b/components/webapp-authenticator-framework/org.wso2.carbon.webapp.authenticator.framework/src/main/java/org/wso2/carbon/webapp/authenticator/framework/authenticator/CertificateAuthenticator.java index 6bccefe7ec..031a195007 100644 --- a/components/webapp-authenticator-framework/org.wso2.carbon.webapp.authenticator.framework/src/main/java/org/wso2/carbon/webapp/authenticator/framework/authenticator/CertificateAuthenticator.java +++ b/components/webapp-authenticator-framework/org.wso2.carbon.webapp.authenticator.framework/src/main/java/org/wso2/carbon/webapp/authenticator/framework/authenticator/CertificateAuthenticator.java @@ -75,31 +75,29 @@ public class CertificateAuthenticator implements WebappAuthenticator { // When there is a load balancer terminating mutual SSL, it should pass this header along and // as the value of this header, the client certificate subject dn should be passed. if (request.getHeader(PROXY_MUTUAL_AUTH_HEADER) != null) { - log.info("PROXY_MUTUAL_AUTH_HEADER " + request.getHeader(PROXY_MUTUAL_AUTH_HEADER)); + if (log.isDebugEnabled()) { + log.debug("PROXY_MUTUAL_AUTH_HEADER " + request.getHeader(PROXY_MUTUAL_AUTH_HEADER)); + } CertificateResponse certificateResponse = AuthenticatorFrameworkDataHolder.getInstance(). getCertificateManagementService().verifySubjectDN(request.getHeader(PROXY_MUTUAL_AUTH_HEADER)); - log.info("clientCertificate" + certificateResponse.getSerialNumber()); - log.info("clientCertificate" + certificateResponse.getCommonName()); authenticationInfo = checkCertificateResponse(certificateResponse); - log.info("username" + authenticationInfo.getUsername()); + if (log.isDebugEnabled()) { + log.debug("Certificate Serial : " + certificateResponse.getSerialNumber() + + ", CN : " + certificateResponse.getCommonName() + + " , username" + authenticationInfo.getUsername()); + } } else if (request.getHeader(MUTUAL_AUTH_HEADER) != null) { - log.info("MUTUAL_AUTH_HEADER"); Object object = request.getAttribute(CLIENT_CERTIFICATE_ATTRIBUTE); X509Certificate[] clientCertificate = null; if (object instanceof X509Certificate[]) { - log.info("clientCertificate"); clientCertificate = (X509Certificate[]) request. getAttribute(CLIENT_CERTIFICATE_ATTRIBUTE); } if (clientCertificate != null && clientCertificate[0] != null) { CertificateResponse certificateResponse = AuthenticatorFrameworkDataHolder.getInstance(). getCertificateManagementService().verifyPEMSignature(clientCertificate[0]); - log.info("clientCertificate" + certificateResponse.getSerialNumber()); - log.info("clientCertificate" + certificateResponse.getCommonName()); authenticationInfo = checkCertificateResponse(certificateResponse); - log.info("username" + authenticationInfo.getUsername()); - } else { authenticationInfo.setStatus(Status.FAILURE); authenticationInfo.setMessage("No client certificate is present"); From 389eb05084034a1b2920e274dd2a27872c71ca8a Mon Sep 17 00:00:00 2001 From: prathabanKavin Date: Sun, 25 Jun 2023 20:04:36 +0530 Subject: [PATCH 11/29] Add device enrolment log for modifyenrolment --- .../mgt/core/service/DeviceManagementProviderServiceImpl.java | 3 +++ 1 file changed, 3 insertions(+) diff --git a/components/device-mgt/io.entgra.device.mgt.core.device.mgt.core/src/main/java/io/entgra/device/mgt/core/device/mgt/core/service/DeviceManagementProviderServiceImpl.java b/components/device-mgt/io.entgra.device.mgt.core.device.mgt.core/src/main/java/io/entgra/device/mgt/core/device/mgt/core/service/DeviceManagementProviderServiceImpl.java index 8dcaf1ebca..8043fbe567 100644 --- a/components/device-mgt/io.entgra.device.mgt.core.device.mgt.core/src/main/java/io/entgra/device/mgt/core/device/mgt/core/service/DeviceManagementProviderServiceImpl.java +++ b/components/device-mgt/io.entgra.device.mgt.core.device.mgt.core/src/main/java/io/entgra/device/mgt/core/device/mgt/core/service/DeviceManagementProviderServiceImpl.java @@ -466,6 +466,8 @@ public class DeviceManagementProviderServiceImpl implements DeviceManagementProv if (log.isDebugEnabled()) { log.debug("Modifying enrollment for device: " + device.getId() + " of type '" + device.getType() + "'"); } + String tenantDomain = PrivilegedCarbonContext.getThreadLocalCarbonContext().getTenantDomain(); + String userName = PrivilegedCarbonContext.getThreadLocalCarbonContext().getUsername(); DeviceManager deviceManager = this.getDeviceManager(device.getType()); DeviceIdentifier deviceIdentifier = new DeviceIdentifier(device.getDeviceIdentifier(), device.getType()); if (deviceManager == null) { @@ -494,6 +496,7 @@ public class DeviceManagementProviderServiceImpl implements DeviceManagementProv enrollmentDAO.updateEnrollment(device.getEnrolmentInfo(), tenantId); DeviceManagementDAOFactory.commitTransaction(); + log.info("Device enrolled successfully", deviceEnrolmentLogContextBuilder.setDeviceId(String.valueOf(currentDevice.getId())).setDeviceType(String.valueOf(currentDevice.getType())).setOwner(currentDevice.getEnrolmentInfo().getOwner()).setOwnership(String.valueOf(currentDevice.getEnrolmentInfo().getOwnership())).setTenantID(String.valueOf(tenantId)).setTenantDomain(tenantDomain).setUserName(userName).build()); this.removeDeviceFromCache(deviceIdentifier); } catch (DeviceManagementDAOException e) { DeviceManagementDAOFactory.rollbackTransaction(); From 6109f58c49d420b868bf827ca809f67e6da86328 Mon Sep 17 00:00:00 2001 From: Oshani Silva Date: Sun, 25 Jun 2023 19:14:59 +0000 Subject: [PATCH 12/29] Remove unwanted check in billing logic Co-authored-by: Oshani Silva Co-committed-by: Oshani Silva --- .../DeviceManagementProviderServiceImpl.java | 25 +++++++++++++------ 1 file changed, 18 insertions(+), 7 deletions(-) diff --git a/components/device-mgt/io.entgra.device.mgt.core.device.mgt.core/src/main/java/io/entgra/device/mgt/core/device/mgt/core/service/DeviceManagementProviderServiceImpl.java b/components/device-mgt/io.entgra.device.mgt.core.device.mgt.core/src/main/java/io/entgra/device/mgt/core/device/mgt/core/service/DeviceManagementProviderServiceImpl.java index 8dcaf1ebca..0d2a3fb42c 100644 --- a/components/device-mgt/io.entgra.device.mgt.core.device.mgt.core/src/main/java/io/entgra/device/mgt/core/device/mgt/core/service/DeviceManagementProviderServiceImpl.java +++ b/components/device-mgt/io.entgra.device.mgt.core.device.mgt.core/src/main/java/io/entgra/device/mgt/core/device/mgt/core/service/DeviceManagementProviderServiceImpl.java @@ -156,6 +156,7 @@ import java.lang.reflect.Type; import java.sql.SQLException; import java.sql.Timestamp; import java.time.LocalDateTime; +import java.time.LocalTime; import java.util.ArrayList; import java.util.Calendar; import java.util.Collection; @@ -1069,7 +1070,15 @@ public class DeviceManagementProviderServiceImpl implements DeviceManagementProv dateDiff = endDate.getTime() - device.getEnrolmentInfo().getDateOfEnrolment(); } } - long dateInDays = TimeUnit.DAYS.convert(dateDiff, TimeUnit.MILLISECONDS); + + // Convert dateDiff to days as a decimal value + double dateDiffInDays = (double) dateDiff / (24 * 60 * 60 * 1000); + + if (dateDiffInDays % 1 >= 0.9) { + dateDiffInDays = Math.ceil(dateDiffInDays); + } + + long dateInDays = (long) dateDiffInDays; double cost = (tenantCost.getCost() / 365) * dateInDays; totalCost += cost; device.setCost(Math.round(cost * 100.0) / 100.0); @@ -1136,9 +1145,13 @@ public class DeviceManagementProviderServiceImpl implements DeviceManagementProv long difference_In_Days = (difference_In_Time / (1000 * 60 * 60 * 24)) % 365; + if (difference_In_Time % (1000 * 60 * 60 * 24) >= 0.9 * (1000 * 60 * 60 * 24)) { + difference_In_Days++; + } + for (int i = 1; i <= difference_In_Years; i++) { List allDevicesPerYear = new ArrayList<>(); - LocalDateTime oneYearAfterStart = startDate.toLocalDateTime().plusYears(1); + LocalDateTime oneYearAfterStart = startDate.toLocalDateTime().plusYears(1).with(LocalTime.of(23, 59, 59));; Timestamp newStartDate; Timestamp newEndDate; @@ -1147,14 +1160,12 @@ public class DeviceManagementProviderServiceImpl implements DeviceManagementProv remainingDaysConsidered = true; oneYearAfterStart = startDate.toLocalDateTime(); newEndDate = endDate; - } else if (Timestamp.valueOf(oneYearAfterStart).getTime() >= endDate.getTime()) { - newEndDate = Timestamp.valueOf(oneYearAfterStart); } else { - oneYearAfterStart = startDate.toLocalDateTime().plusYears(1); + oneYearAfterStart = startDate.toLocalDateTime().plusYears(1).with(LocalTime.of(23, 59, 59));; newEndDate = Timestamp.valueOf(oneYearAfterStart); } } else { - oneYearAfterStart = startDate.toLocalDateTime().plusYears(1); + oneYearAfterStart = startDate.toLocalDateTime().plusYears(1).with(LocalTime.of(23, 59, 59));; newEndDate = Timestamp.valueOf(oneYearAfterStart); } @@ -1177,7 +1188,7 @@ public class DeviceManagementProviderServiceImpl implements DeviceManagementProv allDevices.addAll(billingResponse.getDevice()); totalCost = totalCost + billingResponse.getTotalCostPerYear(); deviceCount = deviceCount + billingResponse.getDeviceCount(); - LocalDateTime nextStartDate = oneYearAfterStart.plusDays(1); + LocalDateTime nextStartDate = oneYearAfterStart.plusDays(1).with(LocalTime.of(00, 00, 00)); startDate = Timestamp.valueOf(nextStartDate); } From 4a31d80660d687f97d48a119a9340b326a28ef8b Mon Sep 17 00:00:00 2001 From: nishan Date: Thu, 15 Jun 2023 14:12:56 +0530 Subject: [PATCH 13/29] add api for get visible roles --- .../service/api/RoleManagementService.java | 98 +++++++++++++++++++ .../impl/RoleManagementServiceImpl.java | 93 +++++++++++++++++- 2 files changed, 190 insertions(+), 1 deletion(-) diff --git a/components/device-mgt/io.entgra.device.mgt.core.device.mgt.api/src/main/java/io/entgra/device/mgt/core/device/mgt/api/jaxrs/service/api/RoleManagementService.java b/components/device-mgt/io.entgra.device.mgt.core.device.mgt.api/src/main/java/io/entgra/device/mgt/core/device/mgt/api/jaxrs/service/api/RoleManagementService.java index 07c2fe962f..8a3e4242cd 100644 --- a/components/device-mgt/io.entgra.device.mgt.core.device.mgt.api/src/main/java/io/entgra/device/mgt/core/device/mgt/api/jaxrs/service/api/RoleManagementService.java +++ b/components/device-mgt/io.entgra.device.mgt.core.device.mgt.api/src/main/java/io/entgra/device/mgt/core/device/mgt/api/jaxrs/service/api/RoleManagementService.java @@ -187,6 +187,104 @@ public interface RoleManagementService { defaultValue = "5") @QueryParam("limit") int limit); + @GET + @Path("/visible/{metaKey}") + @ApiOperation( + produces = MediaType.APPLICATION_JSON, + httpMethod = "GET", + value = "Getting the List of Visible Roles", + notes = "WSO2 IoTS supports role-based access control (RBAC) and role management. Using this API you can the list of roles that are in WSO2 IoTS.\n" + + "Note: Internal roles, roles created for service-providers, and application related roles will not be given in the output.", + tags = "Role Management", + extensions = { + @Extension(properties = { + @ExtensionProperty(name = Constants.SCOPE, value = "perm:roles:view") + }) + } + ) + @ApiResponses(value = { + @ApiResponse( + code = 200, + message = "OK. \n Successfully fetched the list of roles in WSO2 IoTS.", + response = RoleList.class, + responseHeaders = { + @ResponseHeader( + name = "Content-Type", + description = "The content type of the body"), + @ResponseHeader( + name = "ETag", + description = "Entity Tag of the response resource.\n" + + "Used by caches, or in conditional requests."), + @ResponseHeader( + name = "Last-Modified", + description = "Date and time the resource has been modified the last time.\n" + + "Used by caches, or in conditional requests."), + }), + @ApiResponse( + code = 304, + message = "Not Modified. \n Empty body because the client already has the latest version of the " + + "requested resource."), + @ApiResponse( + code = 404, + message = "Not Found. \n The specified resource does not exist.\n", + response = ErrorResponse.class), + @ApiResponse( + code = 406, + message = "Not Acceptable.\n The requested media type is not supported", + response = ErrorResponse.class), + @ApiResponse( + code = 500, + message = "Internal Server Error. \n Server error occurred while fetching the list of roles" + + " assigned to the specified user.", + response = ErrorResponse.class) + }) + Response getVisibleRole( + @ApiParam( + name = "filter", + value = "Provide a character or a few characters in the role name.", + required = false) + @QueryParam("filter") String filter, + @ApiParam( + name = "user-store", + value = "The name of the UserStore you wish to get the list of roles.", + required = false) + @QueryParam("user-store") String userStoreName, + @ApiParam( + name = "If-Modified-Since", + value = "Checks if the requested variant was modified, since the specified date-time." + + "Provide the value in the following format: EEE, d MMM yyyy HH:mm:ss Z.\n" + + "Example: Mon, 05 Jan 2014 15:10:00 +0200", + required = false) + @HeaderParam("If-Modified-Since") String ifModifiedSince, + @ApiParam( + name = "offset", + value = "The starting pagination index for the complete list of qualified items.", + required = false, + defaultValue = "0") + @QueryParam("offset") int offset, + @ApiParam( + name = "limit", + value = "Provide how many role details you require from the starting pagination index/offset.", + required = false, + defaultValue = "5") + @QueryParam("limit") int limit, + @ApiParam( + name = "username", + value = "The username of the user.", + required = true, + defaultValue = "admin") + @QueryParam("username") String username, + @ApiParam( + name = "domain", + value = "The domain name of the user store.", + required = false) + @QueryParam("domain") String domain, + @ApiParam( + name = "metaKey", + value = "Key of the metadata", + required = true) + @PathParam("metaKey") String metaKey); + @GET @Path("/filter/{prefix}") @ApiOperation( diff --git a/components/device-mgt/io.entgra.device.mgt.core.device.mgt.api/src/main/java/io/entgra/device/mgt/core/device/mgt/api/jaxrs/service/impl/RoleManagementServiceImpl.java b/components/device-mgt/io.entgra.device.mgt.core.device.mgt.api/src/main/java/io/entgra/device/mgt/core/device/mgt/api/jaxrs/service/impl/RoleManagementServiceImpl.java index 635d89afde..12b0b810da 100644 --- a/components/device-mgt/io.entgra.device.mgt.core.device.mgt.api/src/main/java/io/entgra/device/mgt/core/device/mgt/api/jaxrs/service/impl/RoleManagementServiceImpl.java +++ b/components/device-mgt/io.entgra.device.mgt.core.device.mgt.api/src/main/java/io/entgra/device/mgt/core/device/mgt/api/jaxrs/service/impl/RoleManagementServiceImpl.java @@ -17,7 +17,13 @@ */ package io.entgra.device.mgt.core.device.mgt.api.jaxrs.service.impl; +import io.entgra.device.mgt.core.device.mgt.common.exceptions.MetadataManagementException; +import io.entgra.device.mgt.core.device.mgt.common.metadata.mgt.Metadata; +import org.apache.axis2.databinding.types.xsd._boolean; import org.apache.commons.logging.Log; +import org.json.simple.JSONObject; +import org.json.simple.parser.JSONParser; +import org.json.simple.parser.ParseException; import org.apache.commons.logging.LogFactory; import org.wso2.carbon.CarbonConstants; import org.wso2.carbon.base.MultitenantConstants; @@ -97,6 +103,91 @@ public class RoleManagementServiceImpl implements RoleManagementService { } } + @GET + @Path("/visible/{metaKey}") + @Override + public Response getVisibleRole( + @QueryParam("filter") String filter, + @QueryParam("user-store") String userStore, + @HeaderParam("If-Modified-Since") String ifModifiedSince, + @QueryParam("offset") int offset, @QueryParam("limit") int limit, + @QueryParam("username") String username, @QueryParam("domain") String domain, + @PathParam("metaKey") String metaKey) { + RequestValidationUtil.validatePaginationParameters(offset, limit); + if (limit == 0){ + limit = Constants.DEFAULT_PAGE_LIMIT; + } + if (domain != null && !domain.isEmpty()) { + username = domain + '/' + username; + } + Metadata metadata; + List visibleRoles; + RoleList visibleRoleList = new RoleList(); + try { + metadata = DeviceMgtAPIUtils.getMetadataManagementService().retrieveMetadata(metaKey); + String metaValue = metadata.getMetaValue(); + JSONParser parser = new JSONParser(); + JSONObject jsonObject = (JSONObject) parser.parse(metaValue); + boolean decision = (boolean) jsonObject.get("isUserAbleToViewAllRoles"); + if (decision) { + if(userStore == null || "".equals(userStore)){ + userStore = PRIMARY_USER_STORE; + } + try{ + visibleRoles =getRolesFromUserStore(filter, userStore); + visibleRoleList.setList(visibleRoles); + + visibleRoles = FilteringUtil.getFilteredList(getRolesFromUserStore(filter, userStore), offset, limit); + visibleRoleList.setList(visibleRoles); + + return Response.status(Response.Status.OK).entity(visibleRoleList).build(); + } catch (UserStoreException e) { + String msg = "Error occurred while retrieving roles from the underlying user stores"; + log.error(msg, e); + return Response.serverError().entity( + new ErrorResponse.ErrorResponseBuilder().setMessage(msg).build()).build(); + } + } else { + try{UserStoreManager userStoreManager = DeviceMgtAPIUtils.getUserStoreManager(); + if (!userStoreManager.isExistingUser(username)) { + if (log.isDebugEnabled()) { + log.debug("User by username: " + username + " does not exist for role retrieval."); + } + String msg = "User by username: " + username + " does not exist for role retrieval."; + return Response.status(Response.Status.NOT_FOUND).entity(msg).build(); + } + visibleRoleList.setList(getFilteredVisibleRoles(userStoreManager, username)); + + return Response.status(Response.Status.OK).entity(visibleRoleList).build(); + }catch (UserStoreException e) { + String msg = "Error occurred while trying to retrieve roles of the user '" + username + "'"; + log.error(msg, e); + return Response.serverError().entity( + new ErrorResponse.ErrorResponseBuilder().setMessage(msg).build()).build(); + } + } + } catch (MetadataManagementException e) { + String msg = "Error occurred while getting the metadata entry for metaKey:" + metaKey; + log.error(msg, e); + return Response.status(Response.Status.INTERNAL_SERVER_ERROR).entity(msg).build(); + } catch (ParseException e) { + throw new RuntimeException(e); + } + } + + private List getFilteredVisibleRoles(UserStoreManager userStoreManager, String username) + throws UserStoreException { + String[] roleListOfUser; + roleListOfUser = userStoreManager.getRoleListOfUser(username); + List filteredRoles = new ArrayList<>(); + for (String role : roleListOfUser) { + if (!(role.startsWith("Internal/") || role.startsWith("Authentication/"))) { + filteredRoles.add(role); + } + } + return filteredRoles; + } + @GET @Path("/filter/{prefix}") @Override @@ -597,7 +688,7 @@ public class RoleManagementServiceImpl implements RoleManagementService { userStoreManager.updateUserListOfRole(roleName, usersToDelete, usersToAdd); return Response.status(Response.Status.OK).entity("Role '" + roleName + "' has " + - "successfully been updated with the user list") + "successfully been updated with the user list") .build(); } catch (UserStoreException e) { String msg = "Error occurred while updating the users of the role '" + roleName + "'"; From cd962b8d24b9f02c1475d9e9b5c2bbdfa72c5f87 Mon Sep 17 00:00:00 2001 From: nishan Date: Mon, 26 Jun 2023 07:28:53 +0530 Subject: [PATCH 14/29] Remove the user has role validation --- .../application/mgt/core/impl/ApplicationManagerImpl.java | 7 ------- 1 file changed, 7 deletions(-) diff --git a/components/application-mgt/io.entgra.device.mgt.core.application.mgt.core/src/main/java/io/entgra/device/mgt/core/application/mgt/core/impl/ApplicationManagerImpl.java b/components/application-mgt/io.entgra.device.mgt.core.application.mgt.core/src/main/java/io/entgra/device/mgt/core/application/mgt/core/impl/ApplicationManagerImpl.java index b7fd8f23b5..1b718fa9d7 100644 --- a/components/application-mgt/io.entgra.device.mgt.core.application.mgt.core/src/main/java/io/entgra/device/mgt/core/application/mgt/core/impl/ApplicationManagerImpl.java +++ b/components/application-mgt/io.entgra.device.mgt.core.application.mgt.core/src/main/java/io/entgra/device/mgt/core/application/mgt/core/impl/ApplicationManagerImpl.java @@ -3658,13 +3658,6 @@ public class ApplicationManagerImpl implements ApplicationManager { log.error(msg); throw new ApplicationManagementException(msg); } - if (!hasUserRole(unrestrictedRoles, userName)) { - String msg = "You are trying to restrict the visibility of the application for a role set, but " - + "in order to perform the action at least one role should be assigned to user: " - + userName; - log.error(msg); - throw new BadRequestException(msg); - } } Filter filter = new Filter(); From 763cd7df25ed0b1c299a07056f3adfdb4cdfbf87 Mon Sep 17 00:00:00 2001 From: Pahansith Date: Mon, 26 Jun 2023 13:43:13 +0530 Subject: [PATCH 15/29] Fix missing imports --- .../api/service/impl/DeviceManagementConfigServiceImpl.java | 4 ++++ .../core/otp/mgt/dao/impl/GenericOTPManagementDAOImpl.java | 1 + 2 files changed, 5 insertions(+) diff --git a/components/device-mgt/io.entgra.device.mgt.core.device.mgt.config.api/src/main/java/io/entgra/device/mgt/core/device/mgt/config/api/service/impl/DeviceManagementConfigServiceImpl.java b/components/device-mgt/io.entgra.device.mgt.core.device.mgt.config.api/src/main/java/io/entgra/device/mgt/core/device/mgt/config/api/service/impl/DeviceManagementConfigServiceImpl.java index 556baf75e0..c7b191704e 100644 --- a/components/device-mgt/io.entgra.device.mgt.core.device.mgt.config.api/src/main/java/io/entgra/device/mgt/core/device/mgt/config/api/service/impl/DeviceManagementConfigServiceImpl.java +++ b/components/device-mgt/io.entgra.device.mgt.core.device.mgt.config.api/src/main/java/io/entgra/device/mgt/core/device/mgt/config/api/service/impl/DeviceManagementConfigServiceImpl.java @@ -21,6 +21,10 @@ import com.fasterxml.jackson.core.JsonParseException; import com.fasterxml.jackson.core.type.TypeReference; import com.fasterxml.jackson.databind.JsonMappingException; import com.fasterxml.jackson.databind.ObjectMapper; +import io.entgra.device.mgt.core.device.mgt.common.exceptions.OTPManagementException; +import io.entgra.device.mgt.core.device.mgt.common.otp.mgt.OTPEmailTypes; +import io.entgra.device.mgt.core.device.mgt.common.otp.mgt.dto.OneTimePinDTO; +import io.entgra.device.mgt.core.device.mgt.common.spi.OTPManagementService; import io.entgra.device.mgt.core.device.mgt.config.api.beans.ErrorResponse; import io.entgra.device.mgt.core.device.mgt.config.api.service.DeviceManagementConfigService; import io.entgra.device.mgt.core.device.mgt.config.api.util.DeviceMgtAPIUtils; diff --git a/components/device-mgt/io.entgra.device.mgt.core.device.mgt.core/src/main/java/io/entgra/device/mgt/core/device/mgt/core/otp/mgt/dao/impl/GenericOTPManagementDAOImpl.java b/components/device-mgt/io.entgra.device.mgt.core.device.mgt.core/src/main/java/io/entgra/device/mgt/core/device/mgt/core/otp/mgt/dao/impl/GenericOTPManagementDAOImpl.java index 419a72549b..e5755cd999 100644 --- a/components/device-mgt/io.entgra.device.mgt.core.device.mgt.core/src/main/java/io/entgra/device/mgt/core/device/mgt/core/otp/mgt/dao/impl/GenericOTPManagementDAOImpl.java +++ b/components/device-mgt/io.entgra.device.mgt.core.device.mgt.core/src/main/java/io/entgra/device/mgt/core/device/mgt/core/otp/mgt/dao/impl/GenericOTPManagementDAOImpl.java @@ -18,6 +18,7 @@ package io.entgra.device.mgt.core.device.mgt.core.otp.mgt.dao.impl; +import io.entgra.device.mgt.core.device.mgt.common.DeviceManagementConstants; import org.apache.commons.logging.Log; import org.apache.commons.logging.LogFactory; import io.entgra.device.mgt.core.device.mgt.common.exceptions.DBConnectionException; From 7073deb4619c601b52b4487df5d5560c780e818c Mon Sep 17 00:00:00 2001 From: navodzoysa Date: Mon, 26 Jun 2023 14:15:29 +0530 Subject: [PATCH 16/29] Fix skip app release error --- .../application/mgt/core/impl/ApplicationManagerImpl.java | 6 +++--- .../device/mgt/core/application/mgt/core/util/APIUtil.java | 3 +-- 2 files changed, 4 insertions(+), 5 deletions(-) diff --git a/components/application-mgt/io.entgra.device.mgt.core.application.mgt.core/src/main/java/io/entgra/device/mgt/core/application/mgt/core/impl/ApplicationManagerImpl.java b/components/application-mgt/io.entgra.device.mgt.core.application.mgt.core/src/main/java/io/entgra/device/mgt/core/application/mgt/core/impl/ApplicationManagerImpl.java index b7fd8f23b5..51dc57868d 100644 --- a/components/application-mgt/io.entgra.device.mgt.core.application.mgt.core/src/main/java/io/entgra/device/mgt/core/application/mgt/core/impl/ApplicationManagerImpl.java +++ b/components/application-mgt/io.entgra.device.mgt.core.application.mgt.core/src/main/java/io/entgra/device/mgt/core/application/mgt/core/impl/ApplicationManagerImpl.java @@ -1283,13 +1283,13 @@ public class ApplicationManagerImpl implements ApplicationManager { this.changeLifecycleState(applicationReleaseDTO, lifecycleChanger); } } + if (applicationDTO.getType().equals("ENTERPRISE") || applicationDTO.getType().equals("PUBLIC") ) { + persistAppIconInfo(applicationReleaseDTO); + } applicationReleaseEntities.add(applicationReleaseDTO); } applicationDTO.setId(appId); applicationDTO.setApplicationReleaseDTOs(applicationReleaseEntities); - if (applicationDTO.getType().equals("ENTERPRISE") || applicationDTO.getType().equals("PUBLIC") ) { - persistAppIconInfo(applicationReleaseDTO); - } return APIUtil.appDtoToAppResponse(applicationDTO); } } catch (LifeCycleManagementDAOException e) { diff --git a/components/application-mgt/io.entgra.device.mgt.core.application.mgt.core/src/main/java/io/entgra/device/mgt/core/application/mgt/core/util/APIUtil.java b/components/application-mgt/io.entgra.device.mgt.core.application.mgt.core/src/main/java/io/entgra/device/mgt/core/application/mgt/core/util/APIUtil.java index 407b4ebcac..b33fce5bf2 100644 --- a/components/application-mgt/io.entgra.device.mgt.core.application.mgt.core/src/main/java/io/entgra/device/mgt/core/application/mgt/core/util/APIUtil.java +++ b/components/application-mgt/io.entgra.device.mgt.core.application.mgt.core/src/main/java/io/entgra/device/mgt/core/application/mgt/core/util/APIUtil.java @@ -521,7 +521,6 @@ public class APIUtil { public static String createAppIconPath(ApplicationReleaseDTO applicationReleaseDTO, int tenantId) throws ApplicationManagementException { String basePath = getArtifactDownloadBaseURL() + tenantId + Constants.FORWARD_SLASH + applicationReleaseDTO .getAppHashValue() + Constants.FORWARD_SLASH; - String iconPath = basePath + Constants.ICON_ARTIFACT + Constants.FORWARD_SLASH + applicationReleaseDTO.getIconName(); - return iconPath; + return basePath + Constants.ICON_ARTIFACT + Constants.FORWARD_SLASH + applicationReleaseDTO.getIconName(); } } From d5270c720c394df20484b0f2b8936ffc49453d95 Mon Sep 17 00:00:00 2001 From: rajitha Date: Tue, 27 Jun 2023 13:26:05 +0530 Subject: [PATCH 17/29] Update invite link --- .../mgt/service/OTPManagementServiceImpl.java | 19 ------------------- .../email/templates/user-enrollment.vm | 2 +- 2 files changed, 1 insertion(+), 20 deletions(-) diff --git a/components/device-mgt/io.entgra.device.mgt.core.device.mgt.core/src/main/java/io/entgra/device/mgt/core/device/mgt/core/otp/mgt/service/OTPManagementServiceImpl.java b/components/device-mgt/io.entgra.device.mgt.core.device.mgt.core/src/main/java/io/entgra/device/mgt/core/device/mgt/core/otp/mgt/service/OTPManagementServiceImpl.java index ebf75b841e..d8872be921 100644 --- a/components/device-mgt/io.entgra.device.mgt.core.device.mgt.core/src/main/java/io/entgra/device/mgt/core/device/mgt/core/otp/mgt/service/OTPManagementServiceImpl.java +++ b/components/device-mgt/io.entgra.device.mgt.core.device.mgt.core/src/main/java/io/entgra/device/mgt/core/device/mgt/core/otp/mgt/service/OTPManagementServiceImpl.java @@ -237,9 +237,6 @@ public class OTPManagementServiceImpl implements OTPManagementService { } } } - int tenantId = CarbonContext.getThreadLocalCarbonContext().getTenantId(); - OneTimePinDTO oneTimePinDTO; - List oneTimePinDTOList = new ArrayList<>(); Properties props = new Properties(); props.setProperty("enrollment-steps", enrollmentSteps.toString()); try { @@ -247,22 +244,11 @@ public class OTPManagementServiceImpl implements OTPManagementService { for (String username : deviceEnrollmentInvitation.getUsernames()) { String emailAddress = DeviceManagerUtil.getUserClaimValue( username, DeviceManagementConstants.User.CLAIM_EMAIL_ADDRESS); - - OneTimePinDTO oneTimePinData = new OneTimePinDTO(); - oneTimePinData.setEmail(emailAddress); - oneTimePinData.setTenantId(tenantId); - oneTimePinData.setUsername(username); - oneTimePinData.setEmailType(OTPEmailTypes.USER_INVITE.toString()); - - oneTimePinDTO = generateOneTimePin(oneTimePinData, false); - oneTimePinDTOList.add(oneTimePinDTO); props.setProperty("first-name", DeviceManagerUtil. getUserClaimValue(username, DeviceManagementConstants.User.CLAIM_FIRST_NAME)); props.setProperty("username", username); - props.setProperty("otp-token", oneTimePinDTO.getOtpToken()); sendMail(props, emailAddress, DeviceManagementConstants.EmailAttributes.USER_ENROLLMENT_TEMPLATE); } - this.otpManagementDAO.addOTPData(oneTimePinDTOList); ConnectionManagerUtil.commitDBTransaction(); } catch (UserStoreException e) { String msg = "Error occurred while getting claim values to invite user"; @@ -276,11 +262,6 @@ public class OTPManagementServiceImpl implements OTPManagementService { String msg = "SQL Error occurred when adding OPT data to send device enrollment Invitation."; log.error(msg, e); throw new OTPManagementException(msg, e); - } catch (OTPManagementDAOException e) { - ConnectionManagerUtil.rollbackDBTransaction(); - String msg = "Error occurred while saving the OTP data."; - log.error(msg, e); - throw new OTPManagementException(msg, e); } finally { ConnectionManagerUtil.closeDBConnection(); } diff --git a/features/transport-mgt/email-sender/io.entgra.device.mgt.core.email.sender.feature/src/main/resources/email/templates/user-enrollment.vm b/features/transport-mgt/email-sender/io.entgra.device.mgt.core.email.sender.feature/src/main/resources/email/templates/user-enrollment.vm index 7765bcdda2..ef5307de33 100644 --- a/features/transport-mgt/email-sender/io.entgra.device.mgt.core.email.sender.feature/src/main/resources/email/templates/user-enrollment.vm +++ b/features/transport-mgt/email-sender/io.entgra.device.mgt.core.email.sender.feature/src/main/resources/email/templates/user-enrollment.vm @@ -37,7 +37,7 @@

You have been invited to enrol your device in Entgra IoT Server. - Click here to begin device enrolment.

+ Click here to begin device enrolment.

Enrollment Steps are as below, From 498dc7ae340c6c864905484f6103515485c82584 Mon Sep 17 00:00:00 2001 From: Thilina Sandaruwan Date: Tue, 27 Jun 2023 08:57:23 +0000 Subject: [PATCH 18/29] HierarchicalGrouping (#153) Goals Complete hierarchical grouping task https://roadmap.entgra.net/issues/9528 and https://roadmap.entgra.net/issues/9529 Approach Fix the encountered issues Co-authored-by: ThilinaPremachandra Co-authored-by: Pahansith Gunathilake Reviewed-on: https://repository.entgra.net/community/device-mgt-core/pulls/153 Co-authored-by: Thilina Sandaruwan Co-committed-by: Thilina Sandaruwan --- .../core/device/mgt/core/dao/GroupDAO.java | 13 ++++ .../core/dao/impl/AbstractGroupDAOImpl.java | 78 +++++++++++++++++-- .../GroupManagementProviderServiceImpl.java | 14 +++- 3 files changed, 97 insertions(+), 8 deletions(-) diff --git a/components/device-mgt/io.entgra.device.mgt.core.device.mgt.core/src/main/java/io/entgra/device/mgt/core/device/mgt/core/dao/GroupDAO.java b/components/device-mgt/io.entgra.device.mgt.core.device.mgt.core/src/main/java/io/entgra/device/mgt/core/device/mgt/core/dao/GroupDAO.java index e1639e6262..fe639e63e1 100644 --- a/components/device-mgt/io.entgra.device.mgt.core.device.mgt.core/src/main/java/io/entgra/device/mgt/core/device/mgt/core/dao/GroupDAO.java +++ b/components/device-mgt/io.entgra.device.mgt.core.device.mgt.core/src/main/java/io/entgra/device/mgt/core/device/mgt/core/dao/GroupDAO.java @@ -212,6 +212,19 @@ public interface GroupDAO { */ List getGroups(GroupPaginationRequest paginationRequest, int tenantId) throws GroupManagementDAOException; + /** + * Get paginated list of Device Groups in tenant with specified device group ids. + * + * @param paginationRequest to filter results. + * @param deviceGroupIds of groups required. + * @param tenantId of user's tenant. + * @param isWithParentPath of user's ParentPath. + * @return List of all Device Groups in tenant. + * @throws GroupManagementDAOException + */ + List getGroups(GroupPaginationRequest paginationRequest, List deviceGroupIds, + int tenantId, boolean isWithParentPath) throws GroupManagementDAOException; + /** * Get paginated list of Device Groups in tenant with specified device group ids. * diff --git a/components/device-mgt/io.entgra.device.mgt.core.device.mgt.core/src/main/java/io/entgra/device/mgt/core/device/mgt/core/dao/impl/AbstractGroupDAOImpl.java b/components/device-mgt/io.entgra.device.mgt.core.device.mgt.core/src/main/java/io/entgra/device/mgt/core/device/mgt/core/dao/impl/AbstractGroupDAOImpl.java index 937b975259..480bc735b0 100644 --- a/components/device-mgt/io.entgra.device.mgt.core.device.mgt.core/src/main/java/io/entgra/device/mgt/core/device/mgt/core/dao/impl/AbstractGroupDAOImpl.java +++ b/components/device-mgt/io.entgra.device.mgt.core.device.mgt.core/src/main/java/io/entgra/device/mgt/core/device/mgt/core/dao/impl/AbstractGroupDAOImpl.java @@ -108,7 +108,7 @@ public abstract class AbstractGroupDAOImpl implements GroupDAO { @Override public List getGroups(GroupPaginationRequest request, List deviceGroupIds, - int tenantId) throws GroupManagementDAOException { + int tenantId) throws GroupManagementDAOException { int deviceGroupIdsCount = deviceGroupIds.size(); if (deviceGroupIdsCount == 0) { return new ArrayList<>(); @@ -169,6 +169,73 @@ public abstract class AbstractGroupDAOImpl implements GroupDAO { throw new GroupManagementDAOException(msg, e); } } + @Override + public List getGroups(GroupPaginationRequest request, List deviceGroupIds, + int tenantId, boolean isWithParentPath) throws GroupManagementDAOException { + int deviceGroupIdsCount = deviceGroupIds.size(); + if (deviceGroupIdsCount == 0) { + return new ArrayList<>(); + } + + try { + Connection conn = GroupManagementDAOFactory.getConnection(); + String sql = "SELECT ID, DESCRIPTION, GROUP_NAME, OWNER, STATUS, PARENT_PATH, PARENT_GROUP_ID FROM DM_GROUP WHERE TENANT_ID = ?"; + if (StringUtils.isNotBlank(request.getGroupName())) { + sql += " AND GROUP_NAME LIKE ?"; + } + if (StringUtils.isNotBlank(request.getOwner())) { + sql += " AND OWNER LIKE ?"; + } + if (StringUtils.isNotBlank(request.getParentPath())) { + if(isWithParentPath){ + sql += " AND PARENT_PATH LIKE ?"; + } + } + sql += " AND ID IN ("; + for (int i = 0; i < deviceGroupIdsCount; i++) { + sql += (deviceGroupIdsCount - 1 != i) ? "?," : "?"; + } + sql += ")"; + if (request.getRowCount() != 0) { + sql += " LIMIT ? OFFSET ?"; + } + + try (PreparedStatement stmt = conn.prepareStatement(sql)) { + int paramIndex = 1; + stmt.setInt(paramIndex++, tenantId); + if (StringUtils.isNotBlank(request.getGroupName())) { + stmt.setString(paramIndex++, request.getGroupName() + "%"); + } + if (StringUtils.isNotBlank(request.getOwner())) { + stmt.setString(paramIndex++, request.getOwner() + "%"); + } + if (StringUtils.isNotBlank(request.getParentPath())) { + if(isWithParentPath){ + stmt.setString(paramIndex++, request.getParentPath()); + } + } + for (Integer deviceGroupId : deviceGroupIds) { + stmt.setInt(paramIndex++, deviceGroupId); + } + if (request.getRowCount() != 0) { + stmt.setInt(paramIndex++, request.getRowCount()); + stmt.setInt(paramIndex, request.getStartIndex()); + } + List deviceGroupList = new ArrayList<>(); + try (ResultSet resultSet = stmt.executeQuery()) { + while (resultSet.next()) { + deviceGroupList.add(GroupManagementDAOUtil.loadGroup(resultSet)); + } + } + return deviceGroupList; + } + } catch (SQLException e) { + String msg = "Error occurred while retrieving groups of groups IDs " + deviceGroupIds.toString() + + " in tenant: " + tenantId; + log.error(msg); + throw new GroupManagementDAOException(msg, e); + } + } @Override public int addGroup(DeviceGroup deviceGroup, int tenantId) throws GroupManagementDAOException { @@ -376,7 +443,7 @@ public abstract class AbstractGroupDAOImpl implements GroupDAO { try { Connection conn = GroupManagementDAOFactory.getConnection(); String sql = "UPDATE DM_GROUP SET DESCRIPTION = ?, GROUP_NAME = ?, OWNER = ?, STATUS = ?, " - + "PARENT_PATH = ? WHERE ID = ? AND TENANT_ID = ?"; + + "PARENT_PATH = ?, PARENT_GROUP_ID = ? WHERE ID = ? AND TENANT_ID = ?"; try (PreparedStatement stmt = conn.prepareStatement(sql)){ for (DeviceGroup deviceGroup : deviceGroups) { stmt.setString(1, deviceGroup.getDescription()); @@ -384,8 +451,9 @@ public abstract class AbstractGroupDAOImpl implements GroupDAO { stmt.setString(3, deviceGroup.getOwner()); stmt.setString(4, deviceGroup.getStatus()); stmt.setString(5, deviceGroup.getParentPath()); - stmt.setInt(6, deviceGroup.getGroupId()); - stmt.setInt(7, tenantId); + stmt.setInt(6, deviceGroup.getParentGroupId()); + stmt.setInt(7, deviceGroup.getGroupId()); + stmt.setInt(8, tenantId); stmt.addBatch(); } stmt.executeBatch(); @@ -1201,7 +1269,7 @@ public abstract class AbstractGroupDAOImpl implements GroupDAO { } - @Override + @Override public List getAllDevicesOfGroup(String groupName, int tenantId) throws GroupManagementDAOException { Connection conn; List devices; diff --git a/components/device-mgt/io.entgra.device.mgt.core.device.mgt.core/src/main/java/io/entgra/device/mgt/core/device/mgt/core/service/GroupManagementProviderServiceImpl.java b/components/device-mgt/io.entgra.device.mgt.core.device.mgt.core/src/main/java/io/entgra/device/mgt/core/device/mgt/core/service/GroupManagementProviderServiceImpl.java index be1ad0d545..3b83d49c01 100644 --- a/components/device-mgt/io.entgra.device.mgt.core.device.mgt.core/src/main/java/io/entgra/device/mgt/core/device/mgt/core/service/GroupManagementProviderServiceImpl.java +++ b/components/device-mgt/io.entgra.device.mgt.core.device.mgt.core/src/main/java/io/entgra/device/mgt/core/device/mgt/core/service/GroupManagementProviderServiceImpl.java @@ -312,6 +312,13 @@ public class GroupManagementProviderServiceImpl implements GroupManagementProvid newParentPath = DeviceGroupConstants.HierarchicalGroup.SEPERATOR; } childrenGroup.setParentPath(newParentPath); + if (!newParentPath.equals(DeviceGroupConstants.HierarchicalGroup.SEPERATOR)) { + String[] groupIds = newParentPath.split(DeviceGroupConstants.HierarchicalGroup.SEPERATOR); + int latestGroupId = Integer.parseInt(groupIds[groupIds.length - 1]); + childrenGroup.setParentGroupId(latestGroupId); + } else { + childrenGroup.setParentGroupId(0); + } } } } @@ -518,7 +525,7 @@ public class GroupManagementProviderServiceImpl implements GroupManagementProvid @Override public PaginationResult getGroupsWithHierarchy(String username, GroupPaginationRequest request, - boolean requireGroupProps) throws GroupManagementException { + boolean requireGroupProps) throws GroupManagementException { if (request == null) { String msg = "Received incomplete data for retrieve groups with hierarchy"; log.error(msg); @@ -527,6 +534,7 @@ public class GroupManagementProviderServiceImpl implements GroupManagementProvid if (log.isDebugEnabled()) { log.debug("Get groups with hierarchy " + request.toString()); } + boolean isWithParentPath = false; DeviceManagerUtil.validateGroupListPageSize(request); List rootGroups; try { @@ -538,7 +546,7 @@ public class GroupManagementProviderServiceImpl implements GroupManagementProvid } else { List allDeviceGroupIdsOfUser = getGroupIds(username); GroupManagementDAOFactory.openConnection(); - rootGroups = this.groupDAO.getGroups(request, allDeviceGroupIdsOfUser, tenantId); + rootGroups = this.groupDAO.getGroups(request, allDeviceGroupIdsOfUser, tenantId, isWithParentPath); } String parentPath; List childrenGroups; @@ -1359,7 +1367,7 @@ public class GroupManagementProviderServiceImpl implements GroupManagementProvid * @throws GroupManagementDAOException on error during population of group properties. */ private void createGroupWithChildren(DeviceGroup parentGroup, List childrenGroups, - boolean requireGroupProps, int tenantId, int depth, int counter) throws GroupManagementDAOException { + boolean requireGroupProps, int tenantId, int depth, int counter) throws GroupManagementDAOException { if (childrenGroups.isEmpty() || depth == counter) { return; } From 3616245ae65dbcacf762ad8f14a9a887eed3f7f9 Mon Sep 17 00:00:00 2001 From: Nishan Sangeeth Date: Wed, 28 Jun 2023 16:00:53 +0000 Subject: [PATCH 19/29] Improve app visibility restricting functionality Co-authored-by: Nishan Sangeeth Co-committed-by: Nishan Sangeeth --- .../common/services/ApplicationManager.java | 1 + .../mgt/core/impl/ApplicationManagerImpl.java | 45 ++++++++++++++++++- .../application/mgt/core/util/APIUtil.java | 18 ++++++++ .../application/mgt/core/util/Constants.java | 3 +- .../impl/RoleManagementServiceImpl.java | 24 +++++----- .../device/mgt/api/jaxrs/util/Constants.java | 1 + 6 files changed, 80 insertions(+), 12 deletions(-) diff --git a/components/application-mgt/io.entgra.device.mgt.core.application.mgt.common/src/main/java/io/entgra/device/mgt/core/application/mgt/common/services/ApplicationManager.java b/components/application-mgt/io.entgra.device.mgt.core.application.mgt.common/src/main/java/io/entgra/device/mgt/core/application/mgt/common/services/ApplicationManager.java index 88a6912a7d..0c75b3b284 100644 --- a/components/application-mgt/io.entgra.device.mgt.core.application.mgt.common/src/main/java/io/entgra/device/mgt/core/application/mgt/common/services/ApplicationManager.java +++ b/components/application-mgt/io.entgra.device.mgt.core.application.mgt.common/src/main/java/io/entgra/device/mgt/core/application/mgt/common/services/ApplicationManager.java @@ -27,6 +27,7 @@ import io.entgra.device.mgt.core.application.mgt.common.response.Category; import io.entgra.device.mgt.core.application.mgt.common.response.Tag; import io.entgra.device.mgt.core.device.mgt.common.Base64File; import io.entgra.device.mgt.core.application.mgt.common.dto.ApplicationDTO; +import io.entgra.device.mgt.core.device.mgt.common.exceptions.MetadataManagementException; import org.apache.cxf.jaxrs.ext.multipart.Attachment; import io.entgra.device.mgt.core.application.mgt.common.ApplicationArtifact; import io.entgra.device.mgt.core.application.mgt.common.LifecycleChanger; diff --git a/components/application-mgt/io.entgra.device.mgt.core.application.mgt.core/src/main/java/io/entgra/device/mgt/core/application/mgt/core/impl/ApplicationManagerImpl.java b/components/application-mgt/io.entgra.device.mgt.core.application.mgt.core/src/main/java/io/entgra/device/mgt/core/application/mgt/core/impl/ApplicationManagerImpl.java index 09644ff733..3bb8ba8260 100644 --- a/components/application-mgt/io.entgra.device.mgt.core.application.mgt.core/src/main/java/io/entgra/device/mgt/core/application/mgt/core/impl/ApplicationManagerImpl.java +++ b/components/application-mgt/io.entgra.device.mgt.core.application.mgt.core/src/main/java/io/entgra/device/mgt/core/application/mgt/core/impl/ApplicationManagerImpl.java @@ -22,6 +22,8 @@ import io.entgra.device.mgt.core.application.mgt.core.exception.BadRequestExcept import io.entgra.device.mgt.core.device.mgt.common.Base64File; import io.entgra.device.mgt.core.application.mgt.core.dao.SPApplicationDAO; import io.entgra.device.mgt.core.application.mgt.core.util.ApplicationManagementUtil; +import io.entgra.device.mgt.core.device.mgt.common.exceptions.MetadataManagementException; +import io.entgra.device.mgt.core.device.mgt.common.metadata.mgt.Metadata; import org.apache.commons.codec.digest.DigestUtils; import org.apache.commons.io.IOUtils; import org.apache.commons.lang.StringEscapeUtils; @@ -30,6 +32,7 @@ import org.apache.commons.validator.routines.UrlValidator; import org.apache.cxf.jaxrs.ext.multipart.Attachment; import org.apache.commons.logging.Log; import org.apache.commons.logging.LogFactory; +import org.json.JSONObject; import org.wso2.carbon.context.CarbonContext; import org.wso2.carbon.context.PrivilegedCarbonContext; import io.entgra.device.mgt.core.application.mgt.common.ApplicationArtifact; @@ -95,6 +98,7 @@ import io.entgra.device.mgt.core.device.mgt.core.service.DeviceManagementProvide import org.wso2.carbon.user.api.UserRealm; import org.wso2.carbon.user.api.UserStoreException; +import javax.ws.rs.core.Response; import java.io.ByteArrayInputStream; import java.io.IOException; import java.io.InputStream; @@ -1713,6 +1717,31 @@ public class ApplicationManagerImpl implements ApplicationManager { } } + /** + * Check whether valid metaData value or not + * + * @return true or false + * @throws MetadataManagementException If it is unable to load metaData + */ + private boolean isUserAbleToViewAllRoles() throws MetadataManagementException { + List allMetadata; + allMetadata = APIUtil.getMetadataManagementService().retrieveAllMetadata(); + if (allMetadata != null && !allMetadata.isEmpty()) { + for(Metadata metadata : allMetadata){ + if(Constants.SHOW_ALL_ROLES.equals(metadata.getMetaKey())){ + String metaValue = metadata.getMetaValue(); + if (metaValue != null) { + JSONObject jsonObject; + jsonObject = new JSONObject(metaValue); + boolean isUserAbleToViewAllRoles = jsonObject.getBoolean(Constants.IS_USER_ABLE_TO_VIEW_ALL_ROLES); + return isUserAbleToViewAllRoles; + } + } + } + } + return false; + } + /** * Get assigned role list of the given user. * @@ -3486,7 +3515,8 @@ public class ApplicationManagerImpl implements ApplicationManager { } @Override - public void validateAppCreatingRequest(T param) throws ApplicationManagementException, RequestValidatingException { + public void validateAppCreatingRequest(T param) + throws ApplicationManagementException, RequestValidatingException { int tenantId = PrivilegedCarbonContext.getThreadLocalCarbonContext().getTenantId(true); String userName = PrivilegedCarbonContext.getThreadLocalCarbonContext().getUsername(); int deviceTypeId = -1; @@ -3658,6 +3688,15 @@ public class ApplicationManagerImpl implements ApplicationManager { log.error(msg); throw new ApplicationManagementException(msg); } + if (!isUserAbleToViewAllRoles()) { + if (!hasUserRole(unrestrictedRoles, userName)) { + String msg = "You are trying to restrict the visibility of the application for a role set, but " + + "in order to perform the action at least one role should be assigned to user: " + + userName; + log.error(msg); + throw new BadRequestException(msg); + } + } } Filter filter = new Filter(); @@ -3709,6 +3748,10 @@ public class ApplicationManagerImpl implements ApplicationManager { String msg = "Error occurred when validating the unrestricted roles given for the web clip"; log.error(msg, e); throw new ApplicationManagementException(msg, e); + } catch (MetadataManagementException e) { + String msg = "Error occurred while retrieving metadata list"; + log.error(msg, e); + throw new ApplicationManagementException(msg, e); } finally { ConnectionManagerUtil.closeDBConnection(); } diff --git a/components/application-mgt/io.entgra.device.mgt.core.application.mgt.core/src/main/java/io/entgra/device/mgt/core/application/mgt/core/util/APIUtil.java b/components/application-mgt/io.entgra.device.mgt.core.application.mgt.core/src/main/java/io/entgra/device/mgt/core/application/mgt/core/util/APIUtil.java index b33fce5bf2..955a642b6f 100644 --- a/components/application-mgt/io.entgra.device.mgt.core.application.mgt.core/src/main/java/io/entgra/device/mgt/core/application/mgt/core/util/APIUtil.java +++ b/components/application-mgt/io.entgra.device.mgt.core.application.mgt.core/src/main/java/io/entgra/device/mgt/core/application/mgt/core/util/APIUtil.java @@ -26,6 +26,7 @@ import io.entgra.device.mgt.core.application.mgt.core.config.IdentityServiceProv import io.entgra.device.mgt.core.application.mgt.core.serviceprovider.ISServiceProviderApplicationService; import io.entgra.device.mgt.core.application.mgt.core.exception.BadRequestException; import io.entgra.device.mgt.core.application.mgt.core.exception.UnexpectedServerErrorException; +import io.entgra.device.mgt.core.device.mgt.common.metadata.mgt.MetadataManagementService; import org.apache.commons.lang.StringUtils; import org.apache.commons.logging.Log; import org.apache.commons.logging.LogFactory; @@ -71,6 +72,7 @@ public class APIUtil { private static volatile SubscriptionManager subscriptionManager; private static volatile ReviewManager reviewManager; private static volatile AppmDataHandler appmDataHandler; + private static volatile MetadataManagementService metadataManagementService; public static SPApplicationManager getSPApplicationManager() { if (SPApplicationManager == null) { @@ -523,4 +525,20 @@ public class APIUtil { .getAppHashValue() + Constants.FORWARD_SLASH; return basePath + Constants.ICON_ARTIFACT + Constants.FORWARD_SLASH + applicationReleaseDTO.getIconName(); } + + public static MetadataManagementService getMetadataManagementService() { + if (metadataManagementService == null) { + synchronized (APIUtil.class) { + if (metadataManagementService == null) { + PrivilegedCarbonContext ctx = PrivilegedCarbonContext.getThreadLocalCarbonContext(); + metadataManagementService = (MetadataManagementService) ctx.getOSGiService( + MetadataManagementService.class, null); + if (metadataManagementService == null) { + throw new IllegalStateException("Metadata Management service not initialized."); + } + } + } + } + return metadataManagementService; + } } diff --git a/components/application-mgt/io.entgra.device.mgt.core.application.mgt.core/src/main/java/io/entgra/device/mgt/core/application/mgt/core/util/Constants.java b/components/application-mgt/io.entgra.device.mgt.core.application.mgt.core/src/main/java/io/entgra/device/mgt/core/application/mgt/core/util/Constants.java index 5864242acf..efd848cdb1 100644 --- a/components/application-mgt/io.entgra.device.mgt.core.application.mgt.core/src/main/java/io/entgra/device/mgt/core/application/mgt/core/util/Constants.java +++ b/components/application-mgt/io.entgra.device.mgt.core.application.mgt.core/src/main/java/io/entgra/device/mgt/core/application/mgt/core/util/Constants.java @@ -70,7 +70,8 @@ public class Constants { public static final String ANY = "ANY"; public static final String DEFAULT_PCK_NAME = "default.app.com"; public static final String ALL = "ALL"; - + public static final String SHOW_ALL_ROLES = "SHOW_ALL_ROLES"; + public static final String IS_USER_ABLE_TO_VIEW_ALL_ROLES = "isUserAbleToViewAllRoles"; public static final String GOOGLE_PLAY_STORE_URL = "https://play.google.com/store/apps/details?id="; public static final String APPLE_STORE_URL = "https://itunes.apple.com/country/app/app-name/id"; diff --git a/components/device-mgt/io.entgra.device.mgt.core.device.mgt.api/src/main/java/io/entgra/device/mgt/core/device/mgt/api/jaxrs/service/impl/RoleManagementServiceImpl.java b/components/device-mgt/io.entgra.device.mgt.core.device.mgt.api/src/main/java/io/entgra/device/mgt/core/device/mgt/api/jaxrs/service/impl/RoleManagementServiceImpl.java index 12b0b810da..099473ad0d 100644 --- a/components/device-mgt/io.entgra.device.mgt.core.device.mgt.api/src/main/java/io/entgra/device/mgt/core/device/mgt/api/jaxrs/service/impl/RoleManagementServiceImpl.java +++ b/components/device-mgt/io.entgra.device.mgt.core.device.mgt.api/src/main/java/io/entgra/device/mgt/core/device/mgt/api/jaxrs/service/impl/RoleManagementServiceImpl.java @@ -19,7 +19,6 @@ package io.entgra.device.mgt.core.device.mgt.api.jaxrs.service.impl; import io.entgra.device.mgt.core.device.mgt.common.exceptions.MetadataManagementException; import io.entgra.device.mgt.core.device.mgt.common.metadata.mgt.Metadata; -import org.apache.axis2.databinding.types.xsd._boolean; import org.apache.commons.logging.Log; import org.json.simple.JSONObject; import org.json.simple.parser.JSONParser; @@ -110,8 +109,10 @@ public class RoleManagementServiceImpl implements RoleManagementService { @QueryParam("filter") String filter, @QueryParam("user-store") String userStore, @HeaderParam("If-Modified-Since") String ifModifiedSince, - @QueryParam("offset") int offset, @QueryParam("limit") int limit, - @QueryParam("username") String username, @QueryParam("domain") String domain, + @QueryParam("offset") int offset, + @QueryParam("limit") int limit, + @QueryParam("username") String username, + @QueryParam("domain") String domain, @PathParam("metaKey") String metaKey) { RequestValidationUtil.validatePaginationParameters(offset, limit); if (limit == 0){ @@ -128,13 +129,13 @@ public class RoleManagementServiceImpl implements RoleManagementService { String metaValue = metadata.getMetaValue(); JSONParser parser = new JSONParser(); JSONObject jsonObject = (JSONObject) parser.parse(metaValue); - boolean decision = (boolean) jsonObject.get("isUserAbleToViewAllRoles"); + boolean decision = (boolean) jsonObject.get(Constants.IS_USER_ABLE_TO_VIEW_ALL_ROLES); if (decision) { - if(userStore == null || "".equals(userStore)){ + if (userStore == null || "".equals(userStore)){ userStore = PRIMARY_USER_STORE; } - try{ - visibleRoles =getRolesFromUserStore(filter, userStore); + try { + visibleRoles = getRolesFromUserStore(filter, userStore); visibleRoleList.setList(visibleRoles); visibleRoles = FilteringUtil.getFilteredList(getRolesFromUserStore(filter, userStore), offset, limit); @@ -148,7 +149,8 @@ public class RoleManagementServiceImpl implements RoleManagementService { new ErrorResponse.ErrorResponseBuilder().setMessage(msg).build()).build(); } } else { - try{UserStoreManager userStoreManager = DeviceMgtAPIUtils.getUserStoreManager(); + try { + UserStoreManager userStoreManager = DeviceMgtAPIUtils.getUserStoreManager(); if (!userStoreManager.isExistingUser(username)) { if (log.isDebugEnabled()) { log.debug("User by username: " + username + " does not exist for role retrieval."); @@ -159,7 +161,7 @@ public class RoleManagementServiceImpl implements RoleManagementService { visibleRoleList.setList(getFilteredVisibleRoles(userStoreManager, username)); return Response.status(Response.Status.OK).entity(visibleRoleList).build(); - }catch (UserStoreException e) { + } catch (UserStoreException e) { String msg = "Error occurred while trying to retrieve roles of the user '" + username + "'"; log.error(msg, e); return Response.serverError().entity( @@ -171,7 +173,9 @@ public class RoleManagementServiceImpl implements RoleManagementService { log.error(msg, e); return Response.status(Response.Status.INTERNAL_SERVER_ERROR).entity(msg).build(); } catch (ParseException e) { - throw new RuntimeException(e); + String msg = "Error occurred while parsing JSON metadata: " + e.getMessage(); + log.error(msg, e); + return Response.status(Response.Status.BAD_REQUEST).entity(msg).build(); } } diff --git a/components/device-mgt/io.entgra.device.mgt.core.device.mgt.api/src/main/java/io/entgra/device/mgt/core/device/mgt/api/jaxrs/util/Constants.java b/components/device-mgt/io.entgra.device.mgt.core.device.mgt.api/src/main/java/io/entgra/device/mgt/core/device/mgt/api/jaxrs/util/Constants.java index c9ad2e182e..02d332baf2 100644 --- a/components/device-mgt/io.entgra.device.mgt.core.device.mgt.api/src/main/java/io/entgra/device/mgt/core/device/mgt/api/jaxrs/util/Constants.java +++ b/components/device-mgt/io.entgra.device.mgt.core.device.mgt.api/src/main/java/io/entgra/device/mgt/core/device/mgt/api/jaxrs/util/Constants.java @@ -38,6 +38,7 @@ public class Constants { public static final int DEFAULT_PAGE_LIMIT = 50; public static final String FORWARD_SLASH = "/"; public static final String ANDROID = "android"; + public static final String IS_USER_ABLE_TO_VIEW_ALL_ROLES = "isUserAbleToViewAllRoles"; public static final String ANDROID_POLICY_VALIDATOR = "io.entgra.proprietary.uem.platform.android." + "core.polcy.AndroidPolicyPayloadValidator"; public static final String IOS = "ios"; From 8d9e3c8f5140da840cd9af841f38619b4b0bbdcc Mon Sep 17 00:00:00 2001 From: navodzoysa Date: Thu, 29 Jun 2023 00:28:34 +0530 Subject: [PATCH 20/29] Remove reserved_user when fetching users --- .../api/jaxrs/service/impl/UserManagementServiceImpl.java | 5 +++-- .../device/mgt/core/device/mgt/api/jaxrs/util/Constants.java | 3 ++- 2 files changed, 5 insertions(+), 3 deletions(-) diff --git a/components/device-mgt/io.entgra.device.mgt.core.device.mgt.api/src/main/java/io/entgra/device/mgt/core/device/mgt/api/jaxrs/service/impl/UserManagementServiceImpl.java b/components/device-mgt/io.entgra.device.mgt.core.device.mgt.api/src/main/java/io/entgra/device/mgt/core/device/mgt/api/jaxrs/service/impl/UserManagementServiceImpl.java index 29a64a9238..71528bf32d 100644 --- a/components/device-mgt/io.entgra.device.mgt.core.device.mgt.api/src/main/java/io/entgra/device/mgt/core/device/mgt/api/jaxrs/service/impl/UserManagementServiceImpl.java +++ b/components/device-mgt/io.entgra.device.mgt.core.device.mgt.api/src/main/java/io/entgra/device/mgt/core/device/mgt/api/jaxrs/service/impl/UserManagementServiceImpl.java @@ -455,7 +455,7 @@ public class UserManagementServiceImpl implements UserManagementService { userList = new ArrayList<>(users.size()); BasicUserInfo user; for (String username : users) { - if (Constants.APIM_RESERVED_USER.equals(username)) { + if (Constants.APIM_RESERVED_USER.equals(username) || Constants.RESERVED_USER.equals(username)) { continue; } user = getBasicUserInfo(username); @@ -520,6 +520,7 @@ public class UserManagementServiceImpl implements UserManagementService { } if (commonUsers != null) { commonUsers.remove(Constants.APIM_RESERVED_USER); + commonUsers.remove(Constants.RESERVED_USER); } if (!skipSearch(commonUsers) && StringUtils.isNotEmpty(firstName)) { @@ -695,7 +696,7 @@ public class UserManagementServiceImpl implements UserManagementService { userList = new ArrayList<>(); UserInfo user; for (String username : users) { - if (Constants.APIM_RESERVED_USER.equals(username)) { + if (Constants.APIM_RESERVED_USER.equals(username) || Constants.RESERVED_USER.equals(username)) { continue; } user = new UserInfo(); diff --git a/components/device-mgt/io.entgra.device.mgt.core.device.mgt.api/src/main/java/io/entgra/device/mgt/core/device/mgt/api/jaxrs/util/Constants.java b/components/device-mgt/io.entgra.device.mgt.core.device.mgt.api/src/main/java/io/entgra/device/mgt/core/device/mgt/api/jaxrs/util/Constants.java index 02d332baf2..0a9b6efa26 100644 --- a/components/device-mgt/io.entgra.device.mgt.core.device.mgt.api/src/main/java/io/entgra/device/mgt/core/device/mgt/api/jaxrs/util/Constants.java +++ b/components/device-mgt/io.entgra.device.mgt.core.device.mgt.api/src/main/java/io/entgra/device/mgt/core/device/mgt/api/jaxrs/util/Constants.java @@ -31,7 +31,8 @@ public class Constants { public static final String USER_CLAIM_DEVICES = "http://wso2.org/claims/devices"; public static final String PRIMARY_USER_STORE = "PRIMARY"; public static final String APIM_RESERVED_USER = "apim_reserved_user"; - public static final String DEFAULT_STREAM_VERSION = "1.0.0"; + public static final String RESERVED_USER = "reserved_user"; + public static final String DEFAULT_STREAM_VERSION = "1.0.0"; public static final String SCOPE = "scope"; public static final String JDBC_USERSTOREMANAGER = "org.wso2.carbon.user.core.jdbc.JDBCUserStoreManager"; public static final String DEFAULT_SIMPLE_DATE_FORMAT = "EEE, d MMM yyyy HH:mm:ss Z"; From 87de656571a7d78284cd1e7baa837c9a2759dedf Mon Sep 17 00:00:00 2001 From: Kavin Prathaban Date: Fri, 30 Jun 2023 06:32:38 +0000 Subject: [PATCH 21/29] Add footer config template ## Purpose * Fixes https://roadmap.entgra.net/issues/10180 ## Description * cdm-config.xml.j2, cdm-config.xml templates are updated from hardcoded values to retrieve values from deployment.toml * server_name, server_version and current_year are added as variables * **Usage:** change deployment.toml values when a new version released. This will update the footer ## Related PRs * https://repository.entgra.net/proprietary/product-uem/pulls/15 Co-authored-by: prathabanKavin Reviewed-on: https://repository.entgra.net/community/device-mgt-core/pulls/160 Co-authored-by: Kavin Prathaban Co-committed-by: Kavin Prathaban --- .../src/main/resources/conf/cdm-config.xml | 2 +- .../templates/repository/conf/cdm-config.xml.j2 | 16 ++++++++++------ 2 files changed, 11 insertions(+), 7 deletions(-) diff --git a/features/device-mgt/io.entgra.device.mgt.core.device.mgt.basics.feature/src/main/resources/conf/cdm-config.xml b/features/device-mgt/io.entgra.device.mgt.core.device.mgt.basics.feature/src/main/resources/conf/cdm-config.xml index 3ce48daefe..c40cefc413 100644 --- a/features/device-mgt/io.entgra.device.mgt.core.device.mgt.basics.feature/src/main/resources/conf/cdm-config.xml +++ b/features/device-mgt/io.entgra.device.mgt.core.device.mgt.basics.feature/src/main/resources/conf/cdm-config.xml @@ -189,7 +189,7 @@ <a href='https://entgra.io' target='_blank'> Entgra </a> - IoT Server 5.2.0 | © 2023 + UEM Server 5.3.0 | © 2023 , All Rights Reserved. Entgra diff --git a/features/device-mgt/io.entgra.device.mgt.core.device.mgt.basics.feature/src/main/resources/conf_templates/templates/repository/conf/cdm-config.xml.j2 b/features/device-mgt/io.entgra.device.mgt.core.device.mgt.basics.feature/src/main/resources/conf_templates/templates/repository/conf/cdm-config.xml.j2 index 262761caec..2152b1814f 100644 --- a/features/device-mgt/io.entgra.device.mgt.core.device.mgt.basics.feature/src/main/resources/conf_templates/templates/repository/conf/cdm-config.xml.j2 +++ b/features/device-mgt/io.entgra.device.mgt.core.device.mgt.basics.feature/src/main/resources/conf_templates/templates/repository/conf/cdm-config.xml.j2 @@ -325,12 +325,16 @@ - <a href='https://entgra.io' target='_blank'> - Entgra - </a> - IoT Server 5.2.0 | © 2023 - , All Rights Reserved. - + <a href='https://entgra.io' target='_blank'> + Entgra + </a> + {% if product_conf is defined %} + {{product_conf.server_name}} {{product_conf.server_version}} | © {{product_conf.current_year}} + {% else %} + Entgra UEM Server + {% endif %} + , All Rights Reserved. + Entgra repository/resources/whitelabel From 39f5ee8ca391ce1bc45b909a2931c56ba213d7e7 Mon Sep 17 00:00:00 2001 From: ThilinaPremachandra Date: Sat, 1 Jul 2023 21:06:29 +0530 Subject: [PATCH 22/29] fix: sub tenants grouping issue --- .../admin/GroupManagementAdminServiceImpl.java | 14 ++++++++++++-- 1 file changed, 12 insertions(+), 2 deletions(-) diff --git a/components/device-mgt/io.entgra.device.mgt.core.device.mgt.api/src/main/java/io/entgra/device/mgt/core/device/mgt/api/jaxrs/service/impl/admin/GroupManagementAdminServiceImpl.java b/components/device-mgt/io.entgra.device.mgt.core.device.mgt.api/src/main/java/io/entgra/device/mgt/core/device/mgt/api/jaxrs/service/impl/admin/GroupManagementAdminServiceImpl.java index 4495a3fe9c..656eb857bc 100644 --- a/components/device-mgt/io.entgra.device.mgt.core.device.mgt.api/src/main/java/io/entgra/device/mgt/core/device/mgt/api/jaxrs/service/impl/admin/GroupManagementAdminServiceImpl.java +++ b/components/device-mgt/io.entgra.device.mgt.core.device.mgt.api/src/main/java/io/entgra/device/mgt/core/device/mgt/api/jaxrs/service/impl/admin/GroupManagementAdminServiceImpl.java @@ -32,6 +32,7 @@ import io.entgra.device.mgt.core.device.mgt.api.jaxrs.service.api.admin.GroupMan import io.entgra.device.mgt.core.device.mgt.api.jaxrs.service.impl.util.RequestValidationUtil; import io.entgra.device.mgt.core.device.mgt.api.jaxrs.util.DeviceMgtAPIUtils; import org.wso2.carbon.context.PrivilegedCarbonContext; +import org.apache.commons.lang.StringUtils; import javax.ws.rs.DefaultValue; import javax.ws.rs.GET; @@ -94,13 +95,22 @@ public class GroupManagementAdminServiceImpl implements GroupManagementAdminServ @DefaultValue("5") @QueryParam("limit") int limit) { try { RequestValidationUtil.validatePaginationParameters(offset, limit); + String currentUser = PrivilegedCarbonContext.getThreadLocalCarbonContext().getUsername(); GroupPaginationRequest request = new GroupPaginationRequest(offset, limit); request.setGroupName(name); request.setOwner(owner); request.setStatus(status); request.setDepth(depth); - PaginationResult deviceGroupsResult = DeviceMgtAPIUtils.getGroupManagementProviderService() - .getGroupsWithHierarchy(null, request, requireGroupProps); + + PaginationResult deviceGroupsResult; + if (StringUtils.isBlank(currentUser)) { + deviceGroupsResult = DeviceMgtAPIUtils.getGroupManagementProviderService() + .getGroupsWithHierarchy(null, request, requireGroupProps); + } else { + deviceGroupsResult = DeviceMgtAPIUtils.getGroupManagementProviderService() + .getGroupsWithHierarchy(currentUser, request, requireGroupProps); + } + DeviceGroupList deviceGroupList = new DeviceGroupList(); deviceGroupList.setList(deviceGroupsResult.getData()); deviceGroupList.setCount(deviceGroupsResult.getRecordsTotal()); From aecc106f95319fb73d216c6ff0197b94f8a540b1 Mon Sep 17 00:00:00 2001 From: ThilinaPremachandra Date: Sun, 2 Jul 2023 01:23:13 +0530 Subject: [PATCH 23/29] add: super-tenant admin check --- .../service/impl/admin/GroupManagementAdminServiceImpl.java | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/components/device-mgt/io.entgra.device.mgt.core.device.mgt.api/src/main/java/io/entgra/device/mgt/core/device/mgt/api/jaxrs/service/impl/admin/GroupManagementAdminServiceImpl.java b/components/device-mgt/io.entgra.device.mgt.core.device.mgt.api/src/main/java/io/entgra/device/mgt/core/device/mgt/api/jaxrs/service/impl/admin/GroupManagementAdminServiceImpl.java index 656eb857bc..3e8df2c98a 100644 --- a/components/device-mgt/io.entgra.device.mgt.core.device.mgt.api/src/main/java/io/entgra/device/mgt/core/device/mgt/api/jaxrs/service/impl/admin/GroupManagementAdminServiceImpl.java +++ b/components/device-mgt/io.entgra.device.mgt.core.device.mgt.api/src/main/java/io/entgra/device/mgt/core/device/mgt/api/jaxrs/service/impl/admin/GroupManagementAdminServiceImpl.java @@ -101,9 +101,10 @@ public class GroupManagementAdminServiceImpl implements GroupManagementAdminServ request.setOwner(owner); request.setStatus(status); request.setDepth(depth); + boolean isAdmin = DEFAULT_ADMIN_ROLE.equals(currentUser); PaginationResult deviceGroupsResult; - if (StringUtils.isBlank(currentUser)) { + if (StringUtils.isBlank(currentUser) || isAdmin) { deviceGroupsResult = DeviceMgtAPIUtils.getGroupManagementProviderService() .getGroupsWithHierarchy(null, request, requireGroupProps); } else { From 6d012bc614a7a31d72d948fd0bc65325f2ece7c3 Mon Sep 17 00:00:00 2001 From: ThilinaPremachandra Date: Mon, 3 Jul 2023 18:53:34 +0530 Subject: [PATCH 24/29] fix: group assigned role issue --- .../impl/GroupManagementServiceImpl.java | 22 +++++++++++++++++-- .../GroupManagementAdminServiceImpl.java | 16 +++++++++++--- 2 files changed, 33 insertions(+), 5 deletions(-) diff --git a/components/device-mgt/io.entgra.device.mgt.core.device.mgt.api/src/main/java/io/entgra/device/mgt/core/device/mgt/api/jaxrs/service/impl/GroupManagementServiceImpl.java b/components/device-mgt/io.entgra.device.mgt.core.device.mgt.api/src/main/java/io/entgra/device/mgt/core/device/mgt/api/jaxrs/service/impl/GroupManagementServiceImpl.java index 1c077c00a5..6c75b3fb5e 100644 --- a/components/device-mgt/io.entgra.device.mgt.core.device.mgt.api/src/main/java/io/entgra/device/mgt/core/device/mgt/api/jaxrs/service/impl/GroupManagementServiceImpl.java +++ b/components/device-mgt/io.entgra.device.mgt.core.device.mgt.api/src/main/java/io/entgra/device/mgt/core/device/mgt/api/jaxrs/service/impl/GroupManagementServiceImpl.java @@ -29,6 +29,7 @@ import io.entgra.device.mgt.core.device.mgt.common.group.mgt.RoleDoesNotExistExc import org.apache.commons.logging.Log; import org.apache.commons.logging.LogFactory; import org.wso2.carbon.CarbonConstants; +import org.wso2.carbon.context.CarbonContext; import org.wso2.carbon.context.PrivilegedCarbonContext; import io.entgra.device.mgt.core.device.mgt.common.Device; import io.entgra.device.mgt.core.device.mgt.common.DeviceIdentifier; @@ -48,6 +49,8 @@ import io.entgra.device.mgt.core.device.mgt.api.jaxrs.service.impl.util.RequestV import io.entgra.device.mgt.core.device.mgt.api.jaxrs.util.DeviceMgtAPIUtils; import io.entgra.device.mgt.core.policy.mgt.common.PolicyAdministratorPoint; import io.entgra.device.mgt.core.policy.mgt.common.PolicyManagementException; +import org.wso2.carbon.user.api.UserRealm; +import org.wso2.carbon.user.api.UserStoreException; import javax.ws.rs.DefaultValue; import javax.ws.rs.GET; @@ -56,6 +59,7 @@ import javax.ws.rs.Path; import javax.ws.rs.QueryParam; import javax.ws.rs.core.Response; import java.util.ArrayList; +import java.util.Arrays; import java.util.List; public class GroupManagementServiceImpl implements GroupManagementService { @@ -109,8 +113,18 @@ public class GroupManagementServiceImpl implements GroupManagementService { request.setGroupName(name); request.setOwner(owner); request.setDepth(depth); - PaginationResult deviceGroupsResult = DeviceMgtAPIUtils.getGroupManagementProviderService() - .getGroupsWithHierarchy(currentUser, request, requireGroupProps); + int tenantId = CarbonContext.getThreadLocalCarbonContext().getTenantId(); + UserRealm realmService = DeviceMgtAPIUtils.getRealmService().getTenantUserRealm(tenantId); + String[] roles = realmService.getUserStoreManager().getRoleListOfUser(currentUser); + boolean hasAdminRole = Arrays.asList(roles).contains(DEFAULT_ADMIN_ROLE); + PaginationResult deviceGroupsResult; + if (hasAdminRole) { + deviceGroupsResult = DeviceMgtAPIUtils.getGroupManagementProviderService() + .getGroupsWithHierarchy(null, request, requireGroupProps); + } else{ + deviceGroupsResult = DeviceMgtAPIUtils.getGroupManagementProviderService() + .getGroupsWithHierarchy(currentUser, request, requireGroupProps); + } DeviceGroupList deviceGroupList = new DeviceGroupList(); deviceGroupList.setList(deviceGroupsResult.getData()); deviceGroupList.setCount(deviceGroupsResult.getRecordsTotal()); @@ -119,6 +133,10 @@ public class GroupManagementServiceImpl implements GroupManagementService { String error = "Error occurred while retrieving groups with hierarchy."; log.error(error, e); return Response.status(Response.Status.INTERNAL_SERVER_ERROR).entity(error).build(); + } catch (UserStoreException e) { + String msg = "Error occurred while getting user realm."; + log.error(msg, e); + return Response.status(Response.Status.INTERNAL_SERVER_ERROR).entity(msg).build(); } } diff --git a/components/device-mgt/io.entgra.device.mgt.core.device.mgt.api/src/main/java/io/entgra/device/mgt/core/device/mgt/api/jaxrs/service/impl/admin/GroupManagementAdminServiceImpl.java b/components/device-mgt/io.entgra.device.mgt.core.device.mgt.api/src/main/java/io/entgra/device/mgt/core/device/mgt/api/jaxrs/service/impl/admin/GroupManagementAdminServiceImpl.java index 3e8df2c98a..e9277825ed 100644 --- a/components/device-mgt/io.entgra.device.mgt.core.device.mgt.api/src/main/java/io/entgra/device/mgt/core/device/mgt/api/jaxrs/service/impl/admin/GroupManagementAdminServiceImpl.java +++ b/components/device-mgt/io.entgra.device.mgt.core.device.mgt.api/src/main/java/io/entgra/device/mgt/core/device/mgt/api/jaxrs/service/impl/admin/GroupManagementAdminServiceImpl.java @@ -31,8 +31,11 @@ import io.entgra.device.mgt.core.device.mgt.api.jaxrs.beans.DeviceGroupList; import io.entgra.device.mgt.core.device.mgt.api.jaxrs.service.api.admin.GroupManagementAdminService; import io.entgra.device.mgt.core.device.mgt.api.jaxrs.service.impl.util.RequestValidationUtil; import io.entgra.device.mgt.core.device.mgt.api.jaxrs.util.DeviceMgtAPIUtils; +import org.wso2.carbon.context.CarbonContext; import org.wso2.carbon.context.PrivilegedCarbonContext; import org.apache.commons.lang.StringUtils; +import org.wso2.carbon.user.api.UserRealm; +import org.wso2.carbon.user.api.UserStoreException; import javax.ws.rs.DefaultValue; import javax.ws.rs.GET; @@ -41,6 +44,7 @@ import javax.ws.rs.Path; import javax.ws.rs.QueryParam; import javax.ws.rs.core.Response; import java.util.ArrayList; +import java.util.Arrays; public class GroupManagementAdminServiceImpl implements GroupManagementAdminService { @@ -101,17 +105,19 @@ public class GroupManagementAdminServiceImpl implements GroupManagementAdminServ request.setOwner(owner); request.setStatus(status); request.setDepth(depth); + int tenantId = CarbonContext.getThreadLocalCarbonContext().getTenantId(); + UserRealm realmService = DeviceMgtAPIUtils.getRealmService().getTenantUserRealm(tenantId); + String[] roles = realmService.getUserStoreManager().getRoleListOfUser(currentUser); boolean isAdmin = DEFAULT_ADMIN_ROLE.equals(currentUser); - + boolean hasAdminRole = Arrays.asList(roles).contains(DEFAULT_ADMIN_ROLE); PaginationResult deviceGroupsResult; - if (StringUtils.isBlank(currentUser) || isAdmin) { + if (StringUtils.isBlank(currentUser) || isAdmin || hasAdminRole) { deviceGroupsResult = DeviceMgtAPIUtils.getGroupManagementProviderService() .getGroupsWithHierarchy(null, request, requireGroupProps); } else { deviceGroupsResult = DeviceMgtAPIUtils.getGroupManagementProviderService() .getGroupsWithHierarchy(currentUser, request, requireGroupProps); } - DeviceGroupList deviceGroupList = new DeviceGroupList(); deviceGroupList.setList(deviceGroupsResult.getData()); deviceGroupList.setCount(deviceGroupsResult.getRecordsTotal()); @@ -120,6 +126,10 @@ public class GroupManagementAdminServiceImpl implements GroupManagementAdminServ String error = "Error occurred while retrieving groups with hierarchy."; log.error(error, e); return Response.status(Response.Status.INTERNAL_SERVER_ERROR).entity(error).build(); + } catch (UserStoreException e) { + String msg = "Error occurred while getting user realm."; + log.error(msg, e); + return Response.status(Response.Status.INTERNAL_SERVER_ERROR).entity(msg).build(); } } From 5818a5eaed7123c95ab824feb25f7b1e58cc8f33 Mon Sep 17 00:00:00 2001 From: rajitha Date: Tue, 4 Jul 2023 18:37:39 +0530 Subject: [PATCH 25/29] Fix transaction initiating issue --- .../device/mgt/core/operation/mgt/OperationManagerImpl.java | 6 ++++++ 1 file changed, 6 insertions(+) diff --git a/components/device-mgt/io.entgra.device.mgt.core.device.mgt.core/src/main/java/io/entgra/device/mgt/core/device/mgt/core/operation/mgt/OperationManagerImpl.java b/components/device-mgt/io.entgra.device.mgt.core.device.mgt.core/src/main/java/io/entgra/device/mgt/core/device/mgt/core/operation/mgt/OperationManagerImpl.java index 51b93d5fdd..d3137c006f 100644 --- a/components/device-mgt/io.entgra.device.mgt.core.device.mgt.core/src/main/java/io/entgra/device/mgt/core/device/mgt/core/operation/mgt/OperationManagerImpl.java +++ b/components/device-mgt/io.entgra.device.mgt.core.device.mgt.core/src/main/java/io/entgra/device/mgt/core/device/mgt/core/operation/mgt/OperationManagerImpl.java @@ -480,6 +480,7 @@ public class OperationManagerImpl implements OperationManager { int failAttempts = 0; while (true) { try { + OperationManagementDAOFactory.beginTransaction(); operationMappingDAO.updateOperationMapping(operation.getId(), device.getEnrolmentInfo().getId(), io.entgra.device.mgt.core.device.mgt.core.dto.operation.mgt.Operation.PushNotificationStatus.SCHEDULED); OperationManagementDAOFactory.commitTransaction(); @@ -502,6 +503,11 @@ public class OperationManagerImpl implements OperationManager { } catch (InterruptedException ignore) { break; } + } catch (TransactionManagementException ex) { + log.error("Error occurred while initiating the transaction", ex); + break; + } finally { + OperationManagementDAOFactory.closeConnection(); } } } catch (Exception e) { From 67cdcede699fa541495557db32a6cb5a6f091570 Mon Sep 17 00:00:00 2001 From: rajitha Date: Wed, 5 Jul 2023 20:01:06 +0530 Subject: [PATCH 26/29] Fix realm service unbinding issues --- .../APIApplicationManagerExtensionDataHolder.java | 13 +++++++------ .../publisher/internal/APIPublisherDataHolder.java | 13 +++++++------ .../internal/JWTClientExtensionDataHolder.java | 13 +++++++------ 3 files changed, 21 insertions(+), 18 deletions(-) diff --git a/components/apimgt-extensions/io.entgra.device.mgt.core.apimgt.application.extension/src/main/java/io/entgra/device/mgt/core/apimgt/application/extension/internal/APIApplicationManagerExtensionDataHolder.java b/components/apimgt-extensions/io.entgra.device.mgt.core.apimgt.application.extension/src/main/java/io/entgra/device/mgt/core/apimgt/application/extension/internal/APIApplicationManagerExtensionDataHolder.java index 8a4cf4f1a6..299184c946 100644 --- a/components/apimgt-extensions/io.entgra.device.mgt.core.apimgt.application.extension/src/main/java/io/entgra/device/mgt/core/apimgt/application/extension/internal/APIApplicationManagerExtensionDataHolder.java +++ b/components/apimgt-extensions/io.entgra.device.mgt.core.apimgt.application.extension/src/main/java/io/entgra/device/mgt/core/apimgt/application/extension/internal/APIApplicationManagerExtensionDataHolder.java @@ -62,17 +62,18 @@ public class APIApplicationManagerExtensionDataHolder { public void setRealmService(RealmService realmService) { this.realmService = realmService; - this.setTenantManager(realmService); + setTenantManager(realmService != null ? + realmService.getTenantManager() : null); } - private void setTenantManager(RealmService realmService) { - if (realmService == null) { - throw new IllegalStateException("Realm service is not initialized properly"); - } - this.tenantManager = realmService.getTenantManager(); + private void setTenantManager(TenantManager tenantManager) { + this.tenantManager = tenantManager; } public TenantManager getTenantManager() { + if (tenantManager == null) { + throw new IllegalStateException("Tenant manager is not initialized properly"); + } return tenantManager; } diff --git a/components/apimgt-extensions/io.entgra.device.mgt.core.apimgt.webapp.publisher/src/main/java/io/entgra/device/mgt/core/apimgt/webapp/publisher/internal/APIPublisherDataHolder.java b/components/apimgt-extensions/io.entgra.device.mgt.core.apimgt.webapp.publisher/src/main/java/io/entgra/device/mgt/core/apimgt/webapp/publisher/internal/APIPublisherDataHolder.java index baff1848ed..bc7b8af32c 100644 --- a/components/apimgt-extensions/io.entgra.device.mgt.core.apimgt.webapp.publisher/src/main/java/io/entgra/device/mgt/core/apimgt/webapp/publisher/internal/APIPublisherDataHolder.java +++ b/components/apimgt-extensions/io.entgra.device.mgt.core.apimgt.webapp.publisher/src/main/java/io/entgra/device/mgt/core/apimgt/webapp/publisher/internal/APIPublisherDataHolder.java @@ -75,17 +75,18 @@ public class APIPublisherDataHolder { public void setRealmService(RealmService realmService) { this.realmService = realmService; - this.setTenantManager(realmService); + setTenantManager(realmService != null ? + realmService.getTenantManager() : null); } - private void setTenantManager(RealmService realmService) { - if (realmService == null) { - throw new IllegalStateException("Realm service is not initialized properly"); - } - this.tenantManager = realmService.getTenantManager(); + private void setTenantManager(TenantManager tenantManager) { + this.tenantManager = tenantManager; } public TenantManager getTenantManager() { + if (tenantManager == null) { + throw new IllegalStateException("Tenant manager is not initialized properly"); + } return tenantManager; } diff --git a/components/identity-extensions/io.entgra.device.mgt.core.identity.jwt.client.extension/src/main/java/io/entgra/device/mgt/core/identity/jwt/client/extension/internal/JWTClientExtensionDataHolder.java b/components/identity-extensions/io.entgra.device.mgt.core.identity.jwt.client.extension/src/main/java/io/entgra/device/mgt/core/identity/jwt/client/extension/internal/JWTClientExtensionDataHolder.java index 7d253b2333..cd3999c9bf 100644 --- a/components/identity-extensions/io.entgra.device.mgt.core.identity.jwt.client.extension/src/main/java/io/entgra/device/mgt/core/identity/jwt/client/extension/internal/JWTClientExtensionDataHolder.java +++ b/components/identity-extensions/io.entgra.device.mgt.core.identity.jwt.client.extension/src/main/java/io/entgra/device/mgt/core/identity/jwt/client/extension/internal/JWTClientExtensionDataHolder.java @@ -74,17 +74,18 @@ public class JWTClientExtensionDataHolder { public void setRealmService(RealmService realmService) { this.realmService = realmService; - this.setTenantManager(realmService); + setTenantManager(realmService != null ? + realmService.getTenantManager() : null); } - private void setTenantManager(RealmService realmService) { - if (realmService == null) { - throw new IllegalStateException("Realm service is not initialized properly"); - } - this.tenantManager = realmService.getTenantManager(); + private void setTenantManager(TenantManager tenantManager) { + this.tenantManager = tenantManager; } public TenantManager getTenantManager() { + if (tenantManager == null) { + throw new IllegalStateException("Tenant manager is not initialized properly"); + } return tenantManager; } } From 38b8c8d7b18009171cd00538ccb151de1e3b1a2c Mon Sep 17 00:00:00 2001 From: Thilina Sandaruwan Date: Mon, 10 Jul 2023 07:46:21 +0000 Subject: [PATCH 27/29] Grouping Improvements (#169) Purpose After deleting a role, delete relevant records from DM_ROLE_GROUP_MAP table Related tickets: https://roadmap.entgra.net/issues/9528 and https://roadmap.entgra.net/issues/9529 Co-authored-by: ThilinaPremachandra Reviewed-on: https://repository.entgra.net/community/device-mgt-core/pulls/169 Co-authored-by: Thilina Sandaruwan Co-committed-by: Thilina Sandaruwan --- .../impl/GroupManagementServiceImpl.java | 4 +- .../impl/RoleManagementServiceImpl.java | 13 ++++-- .../GroupManagementAdminServiceImpl.java | 4 +- .../core/device/mgt/core/dao/GroupDAO.java | 9 ++++ .../core/dao/impl/AbstractGroupDAOImpl.java | 17 ++++++++ .../GroupManagementProviderService.java | 16 ++++++- .../GroupManagementProviderServiceImpl.java | 42 ++++++++++++++++--- 7 files changed, 91 insertions(+), 14 deletions(-) diff --git a/components/device-mgt/io.entgra.device.mgt.core.device.mgt.api/src/main/java/io/entgra/device/mgt/core/device/mgt/api/jaxrs/service/impl/GroupManagementServiceImpl.java b/components/device-mgt/io.entgra.device.mgt.core.device.mgt.api/src/main/java/io/entgra/device/mgt/core/device/mgt/api/jaxrs/service/impl/GroupManagementServiceImpl.java index 6c75b3fb5e..de2991e7a7 100644 --- a/components/device-mgt/io.entgra.device.mgt.core.device.mgt.api/src/main/java/io/entgra/device/mgt/core/device/mgt/api/jaxrs/service/impl/GroupManagementServiceImpl.java +++ b/components/device-mgt/io.entgra.device.mgt.core.device.mgt.api/src/main/java/io/entgra/device/mgt/core/device/mgt/api/jaxrs/service/impl/GroupManagementServiceImpl.java @@ -475,8 +475,8 @@ public class GroupManagementServiceImpl implements GroupManagementService { log.error(msg, e); return Response.status(Response.Status.INTERNAL_SERVER_ERROR).entity(msg).build(); } catch (GroupAlreadyExistException e) { - String msg = "Group already exists with name : " + groups.getName() + "."; - log.warn(msg); + String msg = "Group already exists with name : " + groups.getName() + " Try with another group name."; + log.error(msg, e); return Response.status(Response.Status.CONFLICT).entity(msg).build(); } catch (RoleDoesNotExistException e) { return Response.status(Response.Status.BAD_REQUEST).entity(e.getMessage()).build(); diff --git a/components/device-mgt/io.entgra.device.mgt.core.device.mgt.api/src/main/java/io/entgra/device/mgt/core/device/mgt/api/jaxrs/service/impl/RoleManagementServiceImpl.java b/components/device-mgt/io.entgra.device.mgt.core.device.mgt.api/src/main/java/io/entgra/device/mgt/core/device/mgt/api/jaxrs/service/impl/RoleManagementServiceImpl.java index 099473ad0d..077e814fe7 100644 --- a/components/device-mgt/io.entgra.device.mgt.core.device.mgt.api/src/main/java/io/entgra/device/mgt/core/device/mgt/api/jaxrs/service/impl/RoleManagementServiceImpl.java +++ b/components/device-mgt/io.entgra.device.mgt.core.device.mgt.api/src/main/java/io/entgra/device/mgt/core/device/mgt/api/jaxrs/service/impl/RoleManagementServiceImpl.java @@ -18,6 +18,7 @@ package io.entgra.device.mgt.core.device.mgt.api.jaxrs.service.impl; import io.entgra.device.mgt.core.device.mgt.common.exceptions.MetadataManagementException; +import io.entgra.device.mgt.core.device.mgt.common.group.mgt.GroupManagementException; import io.entgra.device.mgt.core.device.mgt.common.metadata.mgt.Metadata; import org.apache.commons.logging.Log; import org.json.simple.JSONObject; @@ -637,6 +638,7 @@ public class RoleManagementServiceImpl implements RoleManagementService { @Consumes(MediaType.WILDCARD) @Override public Response deleteRole(@PathParam("roleName") String roleName, @QueryParam("user-store") String userStoreName) { + String roleToDelete = roleName; if (userStoreName != null && !userStoreName.isEmpty()) { roleName = userStoreName + "/" + roleName; } @@ -644,6 +646,7 @@ public class RoleManagementServiceImpl implements RoleManagementService { try { final UserRealm userRealm = DeviceMgtAPIUtils.getUserRealm(); final UserStoreManager userStoreManager = userRealm.getUserStoreManager(); + int tenantId = CarbonContext.getThreadLocalCarbonContext().getTenantId(); if (!userStoreManager.isExistingRole(roleName)) { String msg = "No role exists with the name : " + roleName ; return Response.status(404).entity(msg).build(); @@ -653,16 +656,18 @@ public class RoleManagementServiceImpl implements RoleManagementService { if (log.isDebugEnabled()) { log.debug("Deleting the role in user store"); } - userStoreManager.deleteRole(roleName); - // Delete all authorizations for the current role before deleting - authorizationManager.clearRoleAuthorization(roleName); - + DeviceMgtAPIUtils.getGroupManagementProviderService().deleteRoleAndRoleGroupMapping(roleName, roleToDelete, tenantId, userStoreManager, authorizationManager); return Response.status(Response.Status.OK).build(); } catch (UserStoreException e) { String msg = "Error occurred while deleting the role '" + roleName + "'"; log.error(msg, e); return Response.serverError().entity( new ErrorResponse.ErrorResponseBuilder().setMessage(msg).build()).build(); + } catch (GroupManagementException e) { + String msg = "Error occurred while deleting group-role mapping records"; + log.error(msg, e); + return Response.serverError().entity( + new ErrorResponse.ErrorResponseBuilder().setMessage(msg).build()).build(); } } diff --git a/components/device-mgt/io.entgra.device.mgt.core.device.mgt.api/src/main/java/io/entgra/device/mgt/core/device/mgt/api/jaxrs/service/impl/admin/GroupManagementAdminServiceImpl.java b/components/device-mgt/io.entgra.device.mgt.core.device.mgt.api/src/main/java/io/entgra/device/mgt/core/device/mgt/api/jaxrs/service/impl/admin/GroupManagementAdminServiceImpl.java index e9277825ed..00d2e1cbaf 100644 --- a/components/device-mgt/io.entgra.device.mgt.core.device.mgt.api/src/main/java/io/entgra/device/mgt/core/device/mgt/api/jaxrs/service/impl/admin/GroupManagementAdminServiceImpl.java +++ b/components/device-mgt/io.entgra.device.mgt.core.device.mgt.api/src/main/java/io/entgra/device/mgt/core/device/mgt/api/jaxrs/service/impl/admin/GroupManagementAdminServiceImpl.java @@ -187,8 +187,8 @@ public class GroupManagementAdminServiceImpl implements GroupManagementAdminServ log.error(msg, e); return Response.status(Response.Status.INTERNAL_SERVER_ERROR).entity(msg).build(); } catch (GroupAlreadyExistException e) { - String msg = "Group already exists with name : " + group.getName() + "."; - log.warn(msg); + String msg = "Group already exists with name : " + group.getName() + " Try with another group name."; + log.error(msg, e); return Response.status(Response.Status.CONFLICT).entity(msg).build(); } catch (RoleDoesNotExistException e) { return Response.status(Response.Status.BAD_REQUEST).entity(e.getMessage()).build(); diff --git a/components/device-mgt/io.entgra.device.mgt.core.device.mgt.core/src/main/java/io/entgra/device/mgt/core/device/mgt/core/dao/GroupDAO.java b/components/device-mgt/io.entgra.device.mgt.core.device.mgt.core/src/main/java/io/entgra/device/mgt/core/device/mgt/core/dao/GroupDAO.java index fe639e63e1..e339437cb7 100644 --- a/components/device-mgt/io.entgra.device.mgt.core.device.mgt.core/src/main/java/io/entgra/device/mgt/core/device/mgt/core/dao/GroupDAO.java +++ b/components/device-mgt/io.entgra.device.mgt.core.device.mgt.core/src/main/java/io/entgra/device/mgt/core/device/mgt/core/dao/GroupDAO.java @@ -156,6 +156,15 @@ public interface GroupDAO { */ void deleteGroupsMapping(List groupIds, int tenantId) throws GroupManagementDAOException; + /** + * Delete mappings of Device Groups. + * + * @param role of Device Groups. + * @param tenantId of the role. + * @throws GroupManagementDAOException on error during deletion of mappings of groups + */ + void deleteGroupsMapping(String role, int tenantId) throws GroupManagementDAOException; + /** * Delete existing Device Groups. * diff --git a/components/device-mgt/io.entgra.device.mgt.core.device.mgt.core/src/main/java/io/entgra/device/mgt/core/device/mgt/core/dao/impl/AbstractGroupDAOImpl.java b/components/device-mgt/io.entgra.device.mgt.core.device.mgt.core/src/main/java/io/entgra/device/mgt/core/device/mgt/core/dao/impl/AbstractGroupDAOImpl.java index 480bc735b0..1dddaa093c 100644 --- a/components/device-mgt/io.entgra.device.mgt.core.device.mgt.core/src/main/java/io/entgra/device/mgt/core/device/mgt/core/dao/impl/AbstractGroupDAOImpl.java +++ b/components/device-mgt/io.entgra.device.mgt.core.device.mgt.core/src/main/java/io/entgra/device/mgt/core/device/mgt/core/dao/impl/AbstractGroupDAOImpl.java @@ -544,6 +544,23 @@ public abstract class AbstractGroupDAOImpl implements GroupDAO { } } + @Override + public void deleteGroupsMapping(String role, int tenantId) throws GroupManagementDAOException { + + try { + Connection conn = GroupManagementDAOFactory.getConnection(); + String sql = "DELETE FROM DM_ROLE_GROUP_MAP WHERE ROLE = ? AND TENANT_ID = ?"; + try (PreparedStatement stmt = conn.prepareStatement(sql)) { + stmt.setString(1, role); + stmt.setInt(2, tenantId); + stmt.executeUpdate(); + } + } catch (SQLException e) { + String msg = "Error occurred while removing record from group-role mapping."; + log.error(msg); + throw new GroupManagementDAOException(msg, e); + } + } @Override public void deleteGroups(List groupIds, int tenantId) throws GroupManagementDAOException { try { diff --git a/components/device-mgt/io.entgra.device.mgt.core.device.mgt.core/src/main/java/io/entgra/device/mgt/core/device/mgt/core/service/GroupManagementProviderService.java b/components/device-mgt/io.entgra.device.mgt.core.device.mgt.core/src/main/java/io/entgra/device/mgt/core/device/mgt/core/service/GroupManagementProviderService.java index 153b97b5bf..20d9bbd386 100644 --- a/components/device-mgt/io.entgra.device.mgt.core.device.mgt.core/src/main/java/io/entgra/device/mgt/core/device/mgt/core/service/GroupManagementProviderService.java +++ b/components/device-mgt/io.entgra.device.mgt.core.device.mgt.core/src/main/java/io/entgra/device/mgt/core/device/mgt/core/service/GroupManagementProviderService.java @@ -30,6 +30,8 @@ import io.entgra.device.mgt.core.device.mgt.common.group.mgt.GroupAlreadyExistEx import io.entgra.device.mgt.core.device.mgt.common.group.mgt.GroupManagementException; import io.entgra.device.mgt.core.device.mgt.common.group.mgt.GroupNotExistException; import io.entgra.device.mgt.core.device.mgt.common.group.mgt.RoleDoesNotExistException; +import org.wso2.carbon.user.api.AuthorizationManager; +import org.wso2.carbon.user.api.UserStoreManager; import java.util.List; @@ -57,7 +59,7 @@ public interface GroupManagementProviderService { * @param defaultPermissions of the default role * @throws GroupManagementException */ - void createGroupWithRoles(DeviceGroupRoleWrapper groups, String defaultRole, String[] defaultPermissions) throws GroupManagementException, GroupAlreadyExistException, RoleDoesNotExistException; + void createGroupWithRoles(DeviceGroupRoleWrapper groups, String defaultRole, String[] defaultPermissions) throws GroupAlreadyExistException,GroupManagementException, RoleDoesNotExistException; /** * Update existing device group. @@ -79,6 +81,18 @@ public interface GroupManagementProviderService { */ boolean deleteGroup(int groupId, boolean isDeleteChildren) throws GroupManagementException; + /** + * Delete existing device group. + * + * @param role to be deleted with the userStore name. + * @param roleToDelete to delete the role. + * @param tenantId to belongs to roles. + * @param userStoreManager with details. + * @param authorizationManager with details. + * @throws GroupManagementException + */ + void deleteRoleAndRoleGroupMapping(String role, String roleToDelete, int tenantId, UserStoreManager userStoreManager, AuthorizationManager authorizationManager) throws GroupManagementException; + /** * Get the device group provided the device group id. * diff --git a/components/device-mgt/io.entgra.device.mgt.core.device.mgt.core/src/main/java/io/entgra/device/mgt/core/device/mgt/core/service/GroupManagementProviderServiceImpl.java b/components/device-mgt/io.entgra.device.mgt.core.device.mgt.core/src/main/java/io/entgra/device/mgt/core/device/mgt/core/service/GroupManagementProviderServiceImpl.java index 3b83d49c01..ee489dedc3 100644 --- a/components/device-mgt/io.entgra.device.mgt.core.device.mgt.core/src/main/java/io/entgra/device/mgt/core/device/mgt/core/service/GroupManagementProviderServiceImpl.java +++ b/components/device-mgt/io.entgra.device.mgt.core.device.mgt.core/src/main/java/io/entgra/device/mgt/core/device/mgt/core/service/GroupManagementProviderServiceImpl.java @@ -35,7 +35,6 @@ import io.entgra.device.mgt.core.device.mgt.core.dao.GroupManagementDAOFactory; import org.apache.commons.lang.StringUtils; import org.apache.commons.logging.Log; import org.apache.commons.logging.LogFactory; -import org.netbeans.lib.cvsclient.commandLine.command.status; import org.wso2.carbon.CarbonConstants; import org.wso2.carbon.context.CarbonContext; import org.wso2.carbon.context.PrivilegedCarbonContext; @@ -46,14 +45,13 @@ import io.entgra.device.mgt.core.device.mgt.common.exceptions.DeviceManagementEx import io.entgra.device.mgt.core.device.mgt.common.exceptions.DeviceNotFoundException; import io.entgra.device.mgt.core.device.mgt.common.GroupPaginationRequest; import io.entgra.device.mgt.core.device.mgt.common.PaginationResult; -import io.entgra.device.mgt.core.device.mgt.common.exceptions.TrackerAlreadyExistException; import io.entgra.device.mgt.core.device.mgt.common.exceptions.TransactionManagementException; import io.entgra.device.mgt.core.device.mgt.core.event.config.GroupAssignmentEventOperationExecutor; import io.entgra.device.mgt.core.device.mgt.core.geo.task.GeoFenceEventOperationManager; import io.entgra.device.mgt.core.device.mgt.core.internal.DeviceManagementDataHolder; import io.entgra.device.mgt.core.device.mgt.core.operation.mgt.OperationMgtConstants; import io.entgra.device.mgt.core.device.mgt.core.util.DeviceManagerUtil; -import io.entgra.device.mgt.core.device.mgt.core.util.HttpReportingUtil; +import org.wso2.carbon.user.api.AuthorizationManager; import org.wso2.carbon.user.api.UserRealm; import org.wso2.carbon.user.api.UserStoreException; import org.wso2.carbon.user.api.UserStoreManager; @@ -148,7 +146,7 @@ public class GroupManagementProviderServiceImpl implements GroupManagementProvid } } - public void createGroupWithRoles(DeviceGroupRoleWrapper groups, String defaultRole, String[] defaultPermissions) throws GroupManagementException { + public void createGroupWithRoles(DeviceGroupRoleWrapper groups, String defaultRole, String[] defaultPermissions) throws GroupAlreadyExistException, GroupManagementException { if (groups == null) { String msg = "Received incomplete data for createGroup"; log.error(msg); @@ -181,7 +179,7 @@ public class GroupManagementProviderServiceImpl implements GroupManagementProvid } GroupManagementDAOFactory.commitTransaction(); } else { - throw new GroupManagementException("Group exist with name " + groups.getName()); + throw new GroupAlreadyExistException("Group already exists with name : " + groups.getName() + " Try with another group name."); } } catch (GroupManagementDAOException e) { GroupManagementDAOFactory.rollbackTransaction(); @@ -359,6 +357,40 @@ public class GroupManagementProviderServiceImpl implements GroupManagementProvid } } + /** + * {@inheritDoc} + */ + @Override + public void deleteRoleAndRoleGroupMapping(String roleName, String roleToDelete, int tenantId, UserStoreManager userStoreManager, AuthorizationManager authorizationManager) throws GroupManagementException { + if (log.isDebugEnabled()) { + log.debug("Delete roles"); + } + try { + GroupManagementDAOFactory.beginTransaction(); + groupDAO.deleteGroupsMapping(roleToDelete, tenantId); + userStoreManager.deleteRole(roleName); + // Delete all authorizations for the current role before deleting + authorizationManager.clearRoleAuthorization(roleName); + GroupManagementDAOFactory.commitTransaction(); + } catch (UserStoreException e) { + GroupManagementDAOFactory.rollbackTransaction(); + String msg = "Error occurred while deleting the role '" + roleName + "'"; + log.error(msg, e); + throw new GroupManagementException(msg, e); + } catch (TransactionManagementException e) { + String msg = "Error occurred while initiating transaction."; + log.error(msg, e); + throw new GroupManagementException(msg, e); + } catch (GroupManagementDAOException e) { + GroupManagementDAOFactory.rollbackTransaction(); + String msg = "Error occurred while deleting the role"; + log.error(msg, e); + throw new GroupManagementException(msg, e); + } finally { + GroupManagementDAOFactory.closeConnection(); + } + } + /** * {@inheritDoc} */ From a0d6c2bd213b5e49d1714a3136d448acb8b7f74c Mon Sep 17 00:00:00 2001 From: prathabanKavin Date: Tue, 11 Jul 2023 15:53:09 +0530 Subject: [PATCH 28/29] Add missing ios scopes in mdm-ui-config --- .../src/main/resources/conf/mdm-ui-config.xml | 13 +++++++++++++ 1 file changed, 13 insertions(+) diff --git a/features/device-mgt/io.entgra.device.mgt.core.device.mgt.basics.feature/src/main/resources/conf/mdm-ui-config.xml b/features/device-mgt/io.entgra.device.mgt.core.device.mgt.basics.feature/src/main/resources/conf/mdm-ui-config.xml index 809c856038..b16935562d 100644 --- a/features/device-mgt/io.entgra.device.mgt.core.device.mgt.basics.feature/src/main/resources/conf/mdm-ui-config.xml +++ b/features/device-mgt/io.entgra.device.mgt.core.device.mgt.basics.feature/src/main/resources/conf/mdm-ui-config.xml @@ -227,6 +227,19 @@ perm:android:clear-application perm:android:suspend-package perm:android:alternate-install + perm:ios:lock + perm:ios:location + perm:ios:ring + perm:ios:clear-passcode + perm:ios:enterprise-wipe + perm:ios:notification + perm:ios:wipe-data + perm:ios:boolean-setting + perm:ios:wallpaper + perm:ios:app-attributes + perm:ios:app-configurations + perm:mac-os:restart + perm:mac-os:shut-down device-mgt From 90741dc502a0c02f3a31346ca1003a0f968bfe50 Mon Sep 17 00:00:00 2001 From: navodzoysa Date: Tue, 11 Jul 2023 23:08:33 +0530 Subject: [PATCH 29/29] Fix class not found error in analytics component --- .../api/impl/GrafanaAPIProxyServiceImpl.java | 6 +-- .../api/impl/util/GrafanaMgtAPIUtils.java | 52 +++++++++++++++++++ .../pom.xml | 2 +- .../GrafanaManagementServiceComponent.java | 1 - 4 files changed, 56 insertions(+), 5 deletions(-) create mode 100644 components/analytics-mgt/grafana-mgt/io.entgra.device.mgt.core.analytics.mgt.grafana.proxy.api/src/main/java/io/entgra/device/mgt/core/analytics/mgt/grafana/proxy/api/impl/util/GrafanaMgtAPIUtils.java diff --git a/components/analytics-mgt/grafana-mgt/io.entgra.device.mgt.core.analytics.mgt.grafana.proxy.api/src/main/java/io/entgra/device/mgt/core/analytics/mgt/grafana/proxy/api/impl/GrafanaAPIProxyServiceImpl.java b/components/analytics-mgt/grafana-mgt/io.entgra.device.mgt.core.analytics.mgt.grafana.proxy.api/src/main/java/io/entgra/device/mgt/core/analytics/mgt/grafana/proxy/api/impl/GrafanaAPIProxyServiceImpl.java index 9c91a23e2b..8ed6fe1ca1 100644 --- a/components/analytics-mgt/grafana-mgt/io.entgra.device.mgt.core.analytics.mgt.grafana.proxy.api/src/main/java/io/entgra/device/mgt/core/analytics/mgt/grafana/proxy/api/impl/GrafanaAPIProxyServiceImpl.java +++ b/components/analytics-mgt/grafana-mgt/io.entgra.device.mgt.core.analytics.mgt.grafana.proxy.api/src/main/java/io/entgra/device/mgt/core/analytics/mgt/grafana/proxy/api/impl/GrafanaAPIProxyServiceImpl.java @@ -22,11 +22,11 @@ import com.google.gson.JsonObject; import io.entgra.device.mgt.core.analytics.mgt.grafana.proxy.api.GrafanaAPIProxyService; import io.entgra.device.mgt.core.analytics.mgt.grafana.proxy.api.bean.ErrorResponse; import io.entgra.device.mgt.core.analytics.mgt.grafana.proxy.api.exception.RefererNotValid; +import io.entgra.device.mgt.core.analytics.mgt.grafana.proxy.api.impl.util.GrafanaMgtAPIUtils; import io.entgra.device.mgt.core.analytics.mgt.grafana.proxy.api.impl.util.GrafanaRequestHandlerUtil; import io.entgra.device.mgt.core.analytics.mgt.grafana.proxy.common.exception.GrafanaManagementException; import io.entgra.device.mgt.core.analytics.mgt.grafana.proxy.core.bean.GrafanaPanelIdentifier; import io.entgra.device.mgt.core.analytics.mgt.grafana.proxy.core.exception.MaliciousQueryAttempt; -import io.entgra.device.mgt.core.analytics.mgt.grafana.proxy.core.internal.GrafanaMgtDataHolder; import org.apache.commons.logging.Log; import org.apache.commons.logging.LogFactory; import io.entgra.device.mgt.core.device.mgt.common.exceptions.DBConnectionException; @@ -57,8 +57,8 @@ public class GrafanaAPIProxyServiceImpl implements GrafanaAPIProxyService { public Response queryDatasource(JsonObject body, @Context HttpHeaders headers, @Context UriInfo requestUriInfo) { try { GrafanaPanelIdentifier panelIdentifier = GrafanaRequestHandlerUtil.getPanelIdentifier(headers); - GrafanaMgtDataHolder.getInstance().getGrafanaQueryService(). - buildSafeQuery(body, panelIdentifier.getDashboardId(), panelIdentifier.getPanelId(), requestUriInfo.getRequestUri()); + GrafanaMgtAPIUtils.getGrafanaQueryService().buildSafeQuery(body, panelIdentifier.getDashboardId(), + panelIdentifier.getPanelId(), requestUriInfo.getRequestUri()); return GrafanaRequestHandlerUtil.proxyPassPostRequest(body, requestUriInfo, panelIdentifier.getOrgId()); } catch (MaliciousQueryAttempt e) { return Response.status(Response.Status.BAD_REQUEST).entity( diff --git a/components/analytics-mgt/grafana-mgt/io.entgra.device.mgt.core.analytics.mgt.grafana.proxy.api/src/main/java/io/entgra/device/mgt/core/analytics/mgt/grafana/proxy/api/impl/util/GrafanaMgtAPIUtils.java b/components/analytics-mgt/grafana-mgt/io.entgra.device.mgt.core.analytics.mgt.grafana.proxy.api/src/main/java/io/entgra/device/mgt/core/analytics/mgt/grafana/proxy/api/impl/util/GrafanaMgtAPIUtils.java new file mode 100644 index 0000000000..07a4293b49 --- /dev/null +++ b/components/analytics-mgt/grafana-mgt/io.entgra.device.mgt.core.analytics.mgt.grafana.proxy.api/src/main/java/io/entgra/device/mgt/core/analytics/mgt/grafana/proxy/api/impl/util/GrafanaMgtAPIUtils.java @@ -0,0 +1,52 @@ +/* + * Copyright (c) 2018 - 2023, Entgra (Pvt) Ltd. (http://www.entgra.io) All Rights Reserved. + * + * Entgra (Pvt) Ltd. licenses this file to you under the Apache License, + * Version 2.0 (the "License"); you may not use this file except + * in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, + * software distributed under the License is distributed on an + * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY + * KIND, either express or implied. See the License for the + * specific language governing permissions and limitations + * under the License. + */ + +package io.entgra.device.mgt.core.analytics.mgt.grafana.proxy.api.impl.util; + +import io.entgra.device.mgt.core.analytics.mgt.grafana.proxy.core.service.GrafanaQueryService; +import org.apache.commons.logging.Log; +import org.apache.commons.logging.LogFactory; +import org.wso2.carbon.context.PrivilegedCarbonContext; + +public class GrafanaMgtAPIUtils { + + private static final Log log = LogFactory.getLog(GrafanaMgtAPIUtils.class); + private static volatile GrafanaQueryService grafanaQueryService; + + /** + * Accessing GrafanaQueryService from OSGI service context + * @return GrafanaQueryService instance + */ + public static GrafanaQueryService getGrafanaQueryService() { + if (grafanaQueryService == null) { + synchronized (GrafanaMgtAPIUtils.class) { + if (grafanaQueryService == null) { + PrivilegedCarbonContext ctx = PrivilegedCarbonContext.getThreadLocalCarbonContext(); + grafanaQueryService = + (GrafanaQueryService) ctx.getOSGiService(GrafanaQueryService.class, null); + if (grafanaQueryService == null) { + String msg = "Grafana Query service has not initialized."; + log.error(msg); + throw new IllegalStateException(msg); + } + } + } + } + return grafanaQueryService; + } +} diff --git a/components/analytics-mgt/grafana-mgt/io.entgra.device.mgt.core.analytics.mgt.grafana.proxy.core/pom.xml b/components/analytics-mgt/grafana-mgt/io.entgra.device.mgt.core.analytics.mgt.grafana.proxy.core/pom.xml index 5ccdb13257..24f5dbdcab 100644 --- a/components/analytics-mgt/grafana-mgt/io.entgra.device.mgt.core.analytics.mgt.grafana.proxy.core/pom.xml +++ b/components/analytics-mgt/grafana-mgt/io.entgra.device.mgt.core.analytics.mgt.grafana.proxy.core/pom.xml @@ -88,7 +88,7 @@ io.entgra.device.mgt.core.application.mgt.core.* - !io.entgra.device.mgt.core.transport.mgt.email.sender.core.internal, + !io.entgra.device.mgt.core.analytics.mgt.grafana.proxy.core.internal, io.entgra.device.mgt.core.analytics.mgt.grafana.proxy.core.* diff --git a/components/analytics-mgt/grafana-mgt/io.entgra.device.mgt.core.analytics.mgt.grafana.proxy.core/src/main/java/io/entgra/device/mgt/core/analytics/mgt/grafana/proxy/core/internal/GrafanaManagementServiceComponent.java b/components/analytics-mgt/grafana-mgt/io.entgra.device.mgt.core.analytics.mgt.grafana.proxy.core/src/main/java/io/entgra/device/mgt/core/analytics/mgt/grafana/proxy/core/internal/GrafanaManagementServiceComponent.java index 8438c61156..cc4ab33920 100644 --- a/components/analytics-mgt/grafana-mgt/io.entgra.device.mgt.core.analytics.mgt.grafana.proxy.core/src/main/java/io/entgra/device/mgt/core/analytics/mgt/grafana/proxy/core/internal/GrafanaManagementServiceComponent.java +++ b/components/analytics-mgt/grafana-mgt/io.entgra.device.mgt.core.analytics.mgt.grafana.proxy.core/src/main/java/io/entgra/device/mgt/core/analytics/mgt/grafana/proxy/core/internal/GrafanaManagementServiceComponent.java @@ -26,7 +26,6 @@ import org.apache.commons.logging.Log; import org.apache.commons.logging.LogFactory; import org.osgi.framework.BundleContext; import org.osgi.service.component.ComponentContext; -import org.wso2.carbon.context.PrivilegedCarbonContext; /** * @scr.component name="io.entgra.analytics.mgt.grafana.proxy.grafanamanagementservicecomponent" immediate="true"