From dfe957b0193cf2fd8b4f42205f0bcc164405b014 Mon Sep 17 00:00:00 2001
From: inoshperera
Date: Sun, 9 Apr 2023 11:50:14 +0530
Subject: [PATCH 01/29] Add SCEP support
fixes https://roadmap.entgra.net/issues/10042
---
.../mgt/core/impl/CertificateGenerator.java | 117 +++++++++++++++++-
.../service/CertificateManagementService.java | 2 +
.../CertificateManagementServiceImpl.java | 5 +
.../util/CertificateManagementConstants.java | 1 +
4 files changed, 119 insertions(+), 6 deletions(-)
diff --git a/components/certificate-mgt/org.wso2.carbon.certificate.mgt.core/src/main/java/org/wso2/carbon/certificate/mgt/core/impl/CertificateGenerator.java b/components/certificate-mgt/org.wso2.carbon.certificate.mgt.core/src/main/java/org/wso2/carbon/certificate/mgt/core/impl/CertificateGenerator.java
index 2cb6d4098f..20b4833d56 100755
--- a/components/certificate-mgt/org.wso2.carbon.certificate.mgt.core/src/main/java/org/wso2/carbon/certificate/mgt/core/impl/CertificateGenerator.java
+++ b/components/certificate-mgt/org.wso2.carbon.certificate.mgt.core/src/main/java/org/wso2/carbon/certificate/mgt/core/impl/CertificateGenerator.java
@@ -44,12 +44,17 @@ import org.bouncycastle.operator.OperatorCreationException;
import org.bouncycastle.operator.jcajce.JcaContentSignerBuilder;
import org.bouncycastle.pkcs.PKCS10CertificationRequest;
import org.bouncycastle.util.Store;
-import org.jscep.message.*;
+import org.jscep.message.CertRep;
+import org.jscep.message.MessageDecodingException;
+import org.jscep.message.MessageEncodingException;
+import org.jscep.message.PkcsPkiEnvelopeDecoder;
+import org.jscep.message.PkcsPkiEnvelopeEncoder;
+import org.jscep.message.PkiMessage;
+import org.jscep.message.PkiMessageDecoder;
+import org.jscep.message.PkiMessageEncoder;
import org.jscep.transaction.FailInfo;
import org.jscep.transaction.Nonce;
import org.jscep.transaction.TransactionId;
-import org.wso2.carbon.certificate.mgt.core.cache.CertificateCacheManager;
-import org.wso2.carbon.certificate.mgt.core.cache.impl.CertificateCacheManagerImpl;
import org.wso2.carbon.certificate.mgt.core.dao.CertificateDAO;
import org.wso2.carbon.certificate.mgt.core.dao.CertificateManagementDAOException;
import org.wso2.carbon.certificate.mgt.core.dao.CertificateManagementDAOFactory;
@@ -72,13 +77,31 @@ import java.io.ByteArrayInputStream;
import java.io.IOException;
import java.io.InputStream;
import java.math.BigInteger;
-import java.security.*;
+import java.security.InvalidKeyException;
+import java.security.KeyFactory;
+import java.security.KeyPair;
+import java.security.KeyPairGenerator;
+import java.security.NoSuchAlgorithmException;
+import java.security.NoSuchProviderException;
+import java.security.PrivateKey;
+import java.security.PublicKey;
+import java.security.SecureRandom;
+import java.security.Security;
+import java.security.SignatureException;
import java.security.cert.Certificate;
-import java.security.cert.*;
+import java.security.cert.CertificateEncodingException;
+import java.security.cert.CertificateException;
+import java.security.cert.CertificateExpiredException;
+import java.security.cert.CertificateFactory;
+import java.security.cert.CertificateNotYetValidException;
+import java.security.cert.X509Certificate;
+import java.security.spec.InvalidKeySpecException;
+import java.security.spec.X509EncodedKeySpec;
import java.util.ArrayList;
import java.util.Collection;
import java.util.Date;
import java.util.List;
+import java.util.concurrent.TimeUnit;
public class CertificateGenerator {
@@ -757,4 +780,86 @@ public class CertificateGenerator {
return generateCertificateFromCSR(privateKeyCA, certificationRequest,
certCA.getIssuerX500Principal().getName());
}
-}
+
+ public X509Certificate generateAlteredCertificateFromCSR(String csr)
+ throws KeystoreException {
+ byte[] byteArrayBst = DatatypeConverter.parseBase64Binary(csr);
+ PKCS10CertificationRequest certificationRequest;
+ KeyStoreReader keyStoreReader = new KeyStoreReader();
+ PrivateKey privateKeyCA = keyStoreReader.getCAPrivateKey();
+ X509Certificate certCA = (X509Certificate) keyStoreReader.getCACertificate();
+
+ X509Certificate issuedCert;
+ try {
+ certificationRequest = new PKCS10CertificationRequest(byteArrayBst);
+ JcaContentSignerBuilder csBuilder =
+ new JcaContentSignerBuilder(CertificateManagementConstants.SIGNING_ALGORITHM);
+ ContentSigner signer = csBuilder.build(privateKeyCA);
+
+ BigInteger serialNumber = BigInteger.valueOf(System.currentTimeMillis());
+
+ X500Name issuerName = new X500Name(certCA.getSubjectDN().getName());
+
+ String commonName = certificationRequest.getSubject().getRDNs(BCStyle.CN)[0].getFirst()
+ .getValue().toString();
+ X500Name subjectName = new X500Name("O=" + commonName + "O=AndroidDevice,CN=" +
+ serialNumber);
+ Date startDate = new Date(System.currentTimeMillis());
+ Date endDate = new Date(System.currentTimeMillis()
+ + TimeUnit.DAYS.toMillis(365 * 100));
+ PublicKey publicKey = getPublicKeyFromRequest(certificationRequest);
+
+ X509v3CertificateBuilder certBuilder = new JcaX509v3CertificateBuilder(
+ issuerName, serialNumber, startDate, endDate,
+ subjectName, publicKey);
+
+ X509CertificateHolder certHolder = certBuilder.build(signer);
+
+ CertificateFactory certificateFactory = CertificateFactory.getInstance
+ (CertificateManagementConstants.X_509);
+ byte[] encodedCertificate = certHolder.getEncoded();
+ issuedCert = (X509Certificate) certificateFactory
+ .generateCertificate(new ByteArrayInputStream(encodedCertificate));
+
+ org.wso2.carbon.certificate.mgt.core.bean.Certificate certificate =
+ new org.wso2.carbon.certificate.mgt.core.bean.Certificate();
+ List certificates = new ArrayList<>();
+ certificate.setTenantId(PrivilegedCarbonContext.getThreadLocalCarbonContext().getTenantId());
+ certificate.setCertificate(issuedCert);
+ certificates.add(certificate);
+ saveCertInKeyStore(certificates);
+
+ } catch (OperatorCreationException e) {
+ String errorMsg = "Error creating the content signer";
+ log.error(errorMsg);
+ throw new KeystoreException(errorMsg, e);
+ } catch (CertificateException e) {
+ String errorMsg = "Error when opening the newly created certificate";
+ log.error(errorMsg);
+ throw new KeystoreException(errorMsg, e);
+ } catch (InvalidKeySpecException e) {
+ String errorMsg = "Public key is having invalid specification";
+ log.error(errorMsg);
+ throw new KeystoreException(errorMsg, e);
+ } catch (NoSuchAlgorithmException e) {
+ String errorMsg = "Could not find RSA algorithm";
+ log.error(errorMsg);
+ throw new KeystoreException(errorMsg, e);
+ } catch (IOException e) {
+ String errorMsg = "Error while reading the csr";
+ log.error(errorMsg);
+ throw new KeystoreException(errorMsg, e);
+ }
+ return issuedCert;
+ }
+
+ private static PublicKey getPublicKeyFromRequest(PKCS10CertificationRequest request)
+ throws InvalidKeySpecException, NoSuchAlgorithmException, IOException {
+ byte[] publicKeyBytes = request.getSubjectPublicKeyInfo().getEncoded();
+ X509EncodedKeySpec publicKeySpec = new X509EncodedKeySpec(publicKeyBytes);
+ KeyFactory keyFactory = KeyFactory.getInstance("RSA");
+ PublicKey publicKey = keyFactory.generatePublic(publicKeySpec);
+ return publicKey;
+ }
+
+}
\ No newline at end of file
diff --git a/components/certificate-mgt/org.wso2.carbon.certificate.mgt.core/src/main/java/org/wso2/carbon/certificate/mgt/core/service/CertificateManagementService.java b/components/certificate-mgt/org.wso2.carbon.certificate.mgt.core/src/main/java/org/wso2/carbon/certificate/mgt/core/service/CertificateManagementService.java
index becd68720b..393dbdd0ed 100644
--- a/components/certificate-mgt/org.wso2.carbon.certificate.mgt.core/src/main/java/org/wso2/carbon/certificate/mgt/core/service/CertificateManagementService.java
+++ b/components/certificate-mgt/org.wso2.carbon.certificate.mgt.core/src/main/java/org/wso2/carbon/certificate/mgt/core/service/CertificateManagementService.java
@@ -79,4 +79,6 @@ public interface CertificateManagementService {
List searchCertificates(String serialNumber) throws CertificateManagementException;
+ X509Certificate generateAlteredCertificateFromCSR(String csr) throws KeystoreException;
+
}
diff --git a/components/certificate-mgt/org.wso2.carbon.certificate.mgt.core/src/main/java/org/wso2/carbon/certificate/mgt/core/service/CertificateManagementServiceImpl.java b/components/certificate-mgt/org.wso2.carbon.certificate.mgt.core/src/main/java/org/wso2/carbon/certificate/mgt/core/service/CertificateManagementServiceImpl.java
index c47472f35c..67cca297c4 100644
--- a/components/certificate-mgt/org.wso2.carbon.certificate.mgt.core/src/main/java/org/wso2/carbon/certificate/mgt/core/service/CertificateManagementServiceImpl.java
+++ b/components/certificate-mgt/org.wso2.carbon.certificate.mgt.core/src/main/java/org/wso2/carbon/certificate/mgt/core/service/CertificateManagementServiceImpl.java
@@ -234,4 +234,9 @@ public class CertificateManagementServiceImpl implements CertificateManagementSe
}
}
+ @Override
+ public X509Certificate generateAlteredCertificateFromCSR(String csr) throws KeystoreException{
+ return certificateGenerator.generateAlteredCertificateFromCSR(csr);
+ }
+
}
diff --git a/components/certificate-mgt/org.wso2.carbon.certificate.mgt.core/src/main/java/org/wso2/carbon/certificate/mgt/core/util/CertificateManagementConstants.java b/components/certificate-mgt/org.wso2.carbon.certificate.mgt.core/src/main/java/org/wso2/carbon/certificate/mgt/core/util/CertificateManagementConstants.java
index 5e5f02c7f0..96c6cc2148 100644
--- a/components/certificate-mgt/org.wso2.carbon.certificate.mgt.core/src/main/java/org/wso2/carbon/certificate/mgt/core/util/CertificateManagementConstants.java
+++ b/components/certificate-mgt/org.wso2.carbon.certificate.mgt.core/src/main/java/org/wso2/carbon/certificate/mgt/core/util/CertificateManagementConstants.java
@@ -39,6 +39,7 @@ public final class CertificateManagementConstants {
public static final String RSA_PRIVATE_KEY_END_TEXT = "-----END RSA PRIVATE KEY-----";
public static final String EMPTY_TEXT = "";
public static final int RSA_KEY_LENGTH = 2048;
+ public static final String SIGNING_ALGORITHM = "SHA256withRSA";
public static final class DataBaseTypes {
private DataBaseTypes() {
From d34adaae961a2c10eb9a23bb931b802eb2686e2c Mon Sep 17 00:00:00 2001
From: Pahansith Gunathilake
Date: Wed, 19 Apr 2023 06:46:09 +0000
Subject: [PATCH 02/29] Fix issue with Nginx not recognizing the SCEP client
certificate (#105)
Co-authored-by: Pahansith
Reviewed-on: https://repository.entgra.net/community/device-mgt-core/pulls/105
Co-authored-by: Pahansith Gunathilake
Co-committed-by: Pahansith Gunathilake
---
.../mgt/core/impl/CertificateGenerator.java | 17 +++++++++++------
1 file changed, 11 insertions(+), 6 deletions(-)
diff --git a/components/certificate-mgt/org.wso2.carbon.certificate.mgt.core/src/main/java/org/wso2/carbon/certificate/mgt/core/impl/CertificateGenerator.java b/components/certificate-mgt/org.wso2.carbon.certificate.mgt.core/src/main/java/org/wso2/carbon/certificate/mgt/core/impl/CertificateGenerator.java
index 20b4833d56..d686ff5115 100755
--- a/components/certificate-mgt/org.wso2.carbon.certificate.mgt.core/src/main/java/org/wso2/carbon/certificate/mgt/core/impl/CertificateGenerator.java
+++ b/components/certificate-mgt/org.wso2.carbon.certificate.mgt.core/src/main/java/org/wso2/carbon/certificate/mgt/core/impl/CertificateGenerator.java
@@ -97,10 +97,7 @@ import java.security.cert.CertificateNotYetValidException;
import java.security.cert.X509Certificate;
import java.security.spec.InvalidKeySpecException;
import java.security.spec.X509EncodedKeySpec;
-import java.util.ArrayList;
-import java.util.Collection;
-import java.util.Date;
-import java.util.List;
+import java.util.*;
import java.util.concurrent.TimeUnit;
public class CertificateGenerator {
@@ -798,8 +795,16 @@ public class CertificateGenerator {
BigInteger serialNumber = BigInteger.valueOf(System.currentTimeMillis());
- X500Name issuerName = new X500Name(certCA.getSubjectDN().getName());
-
+ //Reversing the order of components of the subject DN due to Nginx not verifying the client certificate
+ //generated by Java using this subject DN.
+ //Ref: https://stackoverflow.com/questions/33769978 & engineering mail SCEP implementation for Android
+ String[] dnParts = certCA.getSubjectDN().getName().split(",");
+ StringJoiner joiner = new StringJoiner(",");
+ for (int i = (dnParts.length - 1); i >= 0; i--) {
+ joiner.add(dnParts[i]);
+ }
+ String subjectDn = joiner.toString();
+ X500Name issuerName = new X500Name(subjectDn);
String commonName = certificationRequest.getSubject().getRDNs(BCStyle.CN)[0].getFirst()
.getValue().toString();
X500Name subjectName = new X500Name("O=" + commonName + "O=AndroidDevice,CN=" +
From 19ce7d6facd56640e010602f494c9982cda00248 Mon Sep 17 00:00:00 2001
From: Lasantha Dharmakeerthi
Date: Mon, 10 Apr 2023 20:25:07 +0530
Subject: [PATCH 03/29] Add try it now feature (#99)
Co-authored-by: Dharmakeerthi Lasantha
Reviewed-on: https://repository.entgra.net/community/device-mgt-core/pulls/99
Co-authored-by: Lasantha Dharmakeerthi
Co-committed-by: Lasantha Dharmakeerthi
---
.../exception/StorageManagementException.java | 32 -------------------
1 file changed, 32 deletions(-)
diff --git a/components/device-mgt/org.wso2.carbon.device.mgt.core/src/main/java/org/wso2/carbon/device/mgt/core/common/exception/StorageManagementException.java b/components/device-mgt/org.wso2.carbon.device.mgt.core/src/main/java/org/wso2/carbon/device/mgt/core/common/exception/StorageManagementException.java
index 38985716de..e69de29bb2 100644
--- a/components/device-mgt/org.wso2.carbon.device.mgt.core/src/main/java/org/wso2/carbon/device/mgt/core/common/exception/StorageManagementException.java
+++ b/components/device-mgt/org.wso2.carbon.device.mgt.core/src/main/java/org/wso2/carbon/device/mgt/core/common/exception/StorageManagementException.java
@@ -1,32 +0,0 @@
-/* Copyright (c) 2023, Entgra (Pvt) Ltd. (http://www.entgra.io) All Rights Reserved.
- *
- * Entgra (Pvt) Ltd. licenses this file to you under the Apache License,
- * Version 2.0 (the "License"); you may not use this file except
- * in compliance with the License.
- * You may obtain a copy of the License at
- *
- * http://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing,
- * software distributed under the License is distributed on an
- * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
- * KIND, either express or implied. See the License for the
- * specific language governing permissions and limitations
- * under the License.
- */
-
-package org.wso2.carbon.device.mgt.core.common.exception;
-
-/**
- * Represents the exception thrown during storing and retrieving the artifacts.
- */
-public class StorageManagementException extends Exception {
- public StorageManagementException(String message, Throwable ex) {
- super(message, ex);
- }
-
- public StorageManagementException(String message) {
- super(message);
- }
-}
-
From 1aafd53d3e7f2a64ebb04369bad048bc796c30b7 Mon Sep 17 00:00:00 2001
From: inoshperera
Date: Wed, 24 May 2023 13:54:10 +0530
Subject: [PATCH 04/29] OTP for enrollment with Mutual TLS
Fixes https://roadmap.entgra.net/issues/10093
---
.../mgt/common/DeviceManagementConstants.java | 2 +
.../common/general/QREnrollmentDetails.java | 9 ++++
.../mgt/common/otp/mgt/OTPEmailTypes.java | 2 +-
.../mgt/common/spi/OTPManagementService.java | 6 +--
.../dao/impl/GenericOTPManagementDAOImpl.java | 6 ++-
.../mgt/service/OTPManagementServiceImpl.java | 51 +++++++++----------
.../authenticator/BasicAuthAuthenticator.java | 31 +++++++++--
.../CertificateAuthenticator.java | 9 ++++
.../OneTimeTokenAuthenticator.java | 14 ++++-
9 files changed, 93 insertions(+), 37 deletions(-)
diff --git a/components/device-mgt/org.wso2.carbon.device.mgt.common/src/main/java/org/wso2/carbon/device/mgt/common/DeviceManagementConstants.java b/components/device-mgt/org.wso2.carbon.device.mgt.common/src/main/java/org/wso2/carbon/device/mgt/common/DeviceManagementConstants.java
index 154594678c..f95a78ed84 100644
--- a/components/device-mgt/org.wso2.carbon.device.mgt.common/src/main/java/org/wso2/carbon/device/mgt/common/DeviceManagementConstants.java
+++ b/components/device-mgt/org.wso2.carbon.device.mgt.common/src/main/java/org/wso2/carbon/device/mgt/common/DeviceManagementConstants.java
@@ -134,6 +134,8 @@ public final class DeviceManagementConstants {
public static final String LAST_NAME = "last-name";
public static final String TENANT_ADMIN_USERNAME = "tenant-admin-username";
public static final String TENANT_ADMIN_PASSWORD = "tenant-admin-password";
+
+ public static final int OTP_DEFAULT_EXPIRY_SECONDS = 3600;
}
public static final class EventServices {
diff --git a/components/device-mgt/org.wso2.carbon.device.mgt.common/src/main/java/org/wso2/carbon/device/mgt/common/general/QREnrollmentDetails.java b/components/device-mgt/org.wso2.carbon.device.mgt.common/src/main/java/org/wso2/carbon/device/mgt/common/general/QREnrollmentDetails.java
index 150fddef09..37e696c206 100644
--- a/components/device-mgt/org.wso2.carbon.device.mgt.common/src/main/java/org/wso2/carbon/device/mgt/common/general/QREnrollmentDetails.java
+++ b/components/device-mgt/org.wso2.carbon.device.mgt.common/src/main/java/org/wso2/carbon/device/mgt/common/general/QREnrollmentDetails.java
@@ -22,6 +22,7 @@ public class QREnrollmentDetails {
String ownershipType;
String username;
String enrollmentMode;
+ int tokenExpiry;
public String getOwnershipType() { return ownershipType; }
@@ -34,4 +35,12 @@ public class QREnrollmentDetails {
public String getEnrollmentMode() { return enrollmentMode; }
public void setEnrollmentMode(String enrollmentMode) { this.enrollmentMode = enrollmentMode; }
+
+ public int getTokenExpiry() {
+ return tokenExpiry;
+ }
+
+ public void setTokenExpiry(int tokenExpiry) {
+ this.tokenExpiry = tokenExpiry;
+ }
}
diff --git a/components/device-mgt/org.wso2.carbon.device.mgt.common/src/main/java/org/wso2/carbon/device/mgt/common/otp/mgt/OTPEmailTypes.java b/components/device-mgt/org.wso2.carbon.device.mgt.common/src/main/java/org/wso2/carbon/device/mgt/common/otp/mgt/OTPEmailTypes.java
index 72bbea982e..9a182a0b14 100644
--- a/components/device-mgt/org.wso2.carbon.device.mgt.common/src/main/java/org/wso2/carbon/device/mgt/common/otp/mgt/OTPEmailTypes.java
+++ b/components/device-mgt/org.wso2.carbon.device.mgt.common/src/main/java/org/wso2/carbon/device/mgt/common/otp/mgt/OTPEmailTypes.java
@@ -18,5 +18,5 @@
package org.wso2.carbon.device.mgt.common.otp.mgt;
public enum OTPEmailTypes {
- USER_VERIFY, DEVICE_ENROLLMENT
+ USER_VERIFY, DEVICE_ENROLLMENT, USER_INVITE
}
diff --git a/components/device-mgt/org.wso2.carbon.device.mgt.common/src/main/java/org/wso2/carbon/device/mgt/common/spi/OTPManagementService.java b/components/device-mgt/org.wso2.carbon.device.mgt.common/src/main/java/org/wso2/carbon/device/mgt/common/spi/OTPManagementService.java
index bf1d112875..ed548499bf 100644
--- a/components/device-mgt/org.wso2.carbon.device.mgt.common/src/main/java/org/wso2/carbon/device/mgt/common/spi/OTPManagementService.java
+++ b/components/device-mgt/org.wso2.carbon.device.mgt.common/src/main/java/org/wso2/carbon/device/mgt/common/spi/OTPManagementService.java
@@ -34,7 +34,8 @@ public interface OTPManagementService {
* @throws OTPManagementException if error occurred whle verifying validity of the OPT
* @throws BadRequestException if found an null value for OTP
*/
- OneTimePinDTO isValidOTP(String oneTimeToken) throws OTPManagementException, BadRequestException;
+ OneTimePinDTO isValidOTP(String oneTimeToken, boolean requireRenewal) throws
+ OTPManagementException, BadRequestException;
/**
* Invalidate the OTP and send welcome mail
@@ -58,8 +59,7 @@ public interface OTPManagementService {
boolean hasEmailRegistered(String email, String emailDomain) throws OTPManagementException,
DeviceManagementException;
- OneTimePinDTO generateOneTimePin(String email, String emailType, String userName, Object metaDataObj,
- int tenantId, boolean persistPin) throws OTPManagementException;
+ OneTimePinDTO generateOneTimePin(OneTimePinDTO oneTimePinData, boolean persistPin) throws OTPManagementException;
OneTimePinDTO getRenewedOtpByEmailAndMailType(String email, String emailType) throws OTPManagementException;
diff --git a/components/device-mgt/org.wso2.carbon.device.mgt.core/src/main/java/org/wso2/carbon/device/mgt/core/otp/mgt/dao/impl/GenericOTPManagementDAOImpl.java b/components/device-mgt/org.wso2.carbon.device.mgt.core/src/main/java/org/wso2/carbon/device/mgt/core/otp/mgt/dao/impl/GenericOTPManagementDAOImpl.java
index 574d6e7904..becea82ede 100644
--- a/components/device-mgt/org.wso2.carbon.device.mgt.core/src/main/java/org/wso2/carbon/device/mgt/core/otp/mgt/dao/impl/GenericOTPManagementDAOImpl.java
+++ b/components/device-mgt/org.wso2.carbon.device.mgt.core/src/main/java/org/wso2/carbon/device/mgt/core/otp/mgt/dao/impl/GenericOTPManagementDAOImpl.java
@@ -19,6 +19,7 @@ package org.wso2.carbon.device.mgt.core.otp.mgt.dao.impl;
import org.apache.commons.logging.Log;
import org.apache.commons.logging.LogFactory;
+import org.wso2.carbon.device.mgt.common.DeviceManagementConstants;
import org.wso2.carbon.device.mgt.common.exceptions.DBConnectionException;
import org.wso2.carbon.device.mgt.common.otp.mgt.dto.OneTimePinDTO;
import org.wso2.carbon.device.mgt.core.otp.mgt.dao.AbstractDAOImpl;
@@ -55,7 +56,8 @@ public class GenericOTPManagementDAOImpl extends AbstractDAOImpl implements OTPM
+ "META_INFO, "
+ "CREATED_AT,"
+ "TENANT_ID,"
- + "USERNAME) VALUES (?, ?, ?, ?, ?, ?, ?)";
+ + "USERNAME, "
+ + "EXPIRY_TIME) VALUES (?, ?, ?, ?, ?, ?, ?, ?)";
try {
Connection conn = this.getDBConnection();
Calendar calendar = Calendar.getInstance();
@@ -69,6 +71,8 @@ public class GenericOTPManagementDAOImpl extends AbstractDAOImpl implements OTPM
stmt.setTimestamp(5, timestamp);
stmt.setInt(6, oneTimePinDTO.getTenantId());
stmt.setString(7, oneTimePinDTO.getUsername());
+ stmt.setInt(8, oneTimePinDTO.getExpiryTime() == 0
+ ? DeviceManagementConstants.OTPProperties.OTP_DEFAULT_EXPIRY_SECONDS : oneTimePinDTO.getExpiryTime());
stmt.addBatch();
}
stmt.executeBatch();
diff --git a/components/device-mgt/org.wso2.carbon.device.mgt.core/src/main/java/org/wso2/carbon/device/mgt/core/otp/mgt/service/OTPManagementServiceImpl.java b/components/device-mgt/org.wso2.carbon.device.mgt.core/src/main/java/org/wso2/carbon/device/mgt/core/otp/mgt/service/OTPManagementServiceImpl.java
index 4c8161e100..2d90dc5727 100644
--- a/components/device-mgt/org.wso2.carbon.device.mgt.core/src/main/java/org/wso2/carbon/device/mgt/core/otp/mgt/service/OTPManagementServiceImpl.java
+++ b/components/device-mgt/org.wso2.carbon.device.mgt.core/src/main/java/org/wso2/carbon/device/mgt/core/otp/mgt/service/OTPManagementServiceImpl.java
@@ -126,7 +126,8 @@ public class OTPManagementServiceImpl implements OTPManagementService {
}
@Override
- public OneTimePinDTO isValidOTP(String oneTimeToken) throws OTPManagementException, BadRequestException {
+ public OneTimePinDTO isValidOTP(String oneTimeToken, boolean requireRenewal) throws OTPManagementException,
+ BadRequestException {
if (StringUtils.isBlank(oneTimeToken)){
String msg = "Received blank OTP to verify. OTP: " + oneTimeToken;
log.error(msg);
@@ -150,17 +151,19 @@ public class OTPManagementServiceImpl implements OTPManagementService {
oneTimePinDTO.getCreatedAt().getTime() + oneTimePinDTO.getExpiryTime() * 1000L);
if (currentTimestamp.after(expiredTimestamp)) {
- String renewedOTP = UUID.randomUUID().toString();
- renewOTP(oneTimePinDTO, renewedOTP);
- Gson gson = new Gson();
- Tenant tenant = gson.fromJson(oneTimePinDTO.getMetaInfo(), Tenant.class);
+ if (requireRenewal) {
+ String renewedOTP = UUID.randomUUID().toString();
+ renewOTP(oneTimePinDTO, renewedOTP);
+ Gson gson = new Gson();
+ Tenant tenant = gson.fromJson(oneTimePinDTO.getMetaInfo(), Tenant.class);
- Properties props = new Properties();
- props.setProperty("first-name", tenant.getAdminFirstName());
- props.setProperty("otp-token", renewedOTP);
- props.setProperty("email", oneTimePinDTO.getEmail());
- props.setProperty("type", oneTimePinDTO.getEmailType());
- sendMail(props, oneTimePinDTO.getEmail(), DeviceManagementConstants.EmailAttributes.USER_VERIFY_TEMPLATE);
+ Properties props = new Properties();
+ props.setProperty("first-name", tenant.getAdminFirstName());
+ props.setProperty("otp-token", renewedOTP);
+ props.setProperty("email", oneTimePinDTO.getEmail());
+ props.setProperty("type", oneTimePinDTO.getEmailType());
+ sendMail(props, oneTimePinDTO.getEmail(), DeviceManagementConstants.EmailAttributes.USER_VERIFY_TEMPLATE);
+ }
return null;
}
return oneTimePinDTO;
@@ -243,8 +246,14 @@ public class OTPManagementServiceImpl implements OTPManagementService {
for (String username : deviceEnrollmentInvitation.getUsernames()) {
String emailAddress = DeviceManagerUtil.getUserClaimValue(
username, DeviceManagementConstants.User.CLAIM_EMAIL_ADDRESS);
- oneTimePinDTO = generateOneTimePin(emailAddress, OTPEmailTypes.DEVICE_ENROLLMENT.toString(), username,
- null, tenantId, false);
+
+ OneTimePinDTO oneTimePinData = new OneTimePinDTO();
+ oneTimePinData.setEmail(emailAddress);
+ oneTimePinData.setTenantId(tenantId);
+ oneTimePinData.setUsername(username);
+ oneTimePinData.setEmailType(OTPEmailTypes.USER_INVITE.toString());
+
+ oneTimePinDTO = generateOneTimePin(oneTimePinData, false);
oneTimePinDTOList.add(oneTimePinDTO);
props.setProperty("first-name", DeviceManagerUtil.
getUserClaimValue(username, DeviceManagementConstants.User.CLAIM_FIRST_NAME));
@@ -278,27 +287,17 @@ public class OTPManagementServiceImpl implements OTPManagementService {
/**
* Create One Time Token
- * @param email email
- * @param emailType email type
- * @param userName username
- * @param metaDataObj meta data object
- * @param tenantId tenant Id
+ * @param oneTimePinDTO Data related to the one time pin
* @return {@link OneTimePinDTO}
*/
@Override
- public OneTimePinDTO generateOneTimePin(String email, String emailType, String userName, Object metaDataObj,
- int tenantId, boolean persistPin) throws OTPManagementException {
+ public OneTimePinDTO generateOneTimePin(OneTimePinDTO oneTimePinDTO, boolean persistPin) throws OTPManagementException {
String otpValue = UUID.randomUUID().toString();
Gson gson = new Gson();
- String metaInfo = gson.toJson(metaDataObj);
+ String metaInfo = gson.toJson(oneTimePinDTO.getMetaInfo());
- OneTimePinDTO oneTimePinDTO = new OneTimePinDTO();
- oneTimePinDTO.setEmail(email);
- oneTimePinDTO.setTenantId(tenantId);
- oneTimePinDTO.setUsername(userName);
- oneTimePinDTO.setEmailType(emailType);
oneTimePinDTO.setMetaInfo(metaInfo);
oneTimePinDTO.setOtpToken(otpValue);
diff --git a/components/webapp-authenticator-framework/org.wso2.carbon.webapp.authenticator.framework/src/main/java/org/wso2/carbon/webapp/authenticator/framework/authenticator/BasicAuthAuthenticator.java b/components/webapp-authenticator-framework/org.wso2.carbon.webapp.authenticator.framework/src/main/java/org/wso2/carbon/webapp/authenticator/framework/authenticator/BasicAuthAuthenticator.java
index 4bd7779dda..f1b0339994 100644
--- a/components/webapp-authenticator-framework/org.wso2.carbon.webapp.authenticator.framework/src/main/java/org/wso2/carbon/webapp/authenticator/framework/authenticator/BasicAuthAuthenticator.java
+++ b/components/webapp-authenticator-framework/org.wso2.carbon.webapp.authenticator.framework/src/main/java/org/wso2/carbon/webapp/authenticator/framework/authenticator/BasicAuthAuthenticator.java
@@ -36,6 +36,7 @@ import org.wso2.carbon.webapp.authenticator.framework.Utils.Utils;
import java.nio.charset.Charset;
import java.util.Base64;
import java.util.Properties;
+import java.util.StringTokenizer;
public class BasicAuthAuthenticator implements WebappAuthenticator {
@@ -51,15 +52,23 @@ public class BasicAuthAuthenticator implements WebappAuthenticator {
@Override
public boolean canHandle(Request request) {
/*
- This is done to avoid every endpoint being able to use basic auth. Add the following to
- the required web.xml of the web app.
+ This is done to avoid every web app being able to use basic auth. Add the following to
+ the required web.xml of the web app. This is a global config for a web app to allow all
+ contexts of the web app to use basic auth
basicAuth
true
+
+ Adding the basicAuthAllowList parameter allows to selectively allow some context paths in a
+ web app to use basic auth while all the other context remain unavailable with basic auth.
+ If this parameter is present, any context that requires basic auth must be specially
+ added as comma separated list to the param-value of basicAuthAllowList.
*/
- if (!isAuthenticationSupported(request)) {
- return false;
+ if (!isAllowListedForBasicAuth(request)) {
+ if (!isAuthenticationSupported(request)) {
+ return false;
+ }
}
if (request.getCoyoteRequest() == null || request.getCoyoteRequest().getMimeHeaders() == null) {
return false;
@@ -76,6 +85,20 @@ public class BasicAuthAuthenticator implements WebappAuthenticator {
return false;
}
+ private boolean isAllowListedForBasicAuth(Request request) {
+ String param = request.getContext().findParameter("basicAuthAllowList");
+ if (param != null && !param.isEmpty()) {
+ //Add the nonSecured end-points to cache
+ String[] basicAuthAllowList = param.split(",");
+ for (String contexPath : basicAuthAllowList) {
+ if (request.getRequestURI().toString().endsWith(contexPath.trim())) {
+ return true;
+ }
+ }
+ }
+ return false;
+ }
+
@Override
public AuthenticationInfo authenticate(Request request, Response response) {
AuthenticationInfo authenticationInfo = new AuthenticationInfo();
diff --git a/components/webapp-authenticator-framework/org.wso2.carbon.webapp.authenticator.framework/src/main/java/org/wso2/carbon/webapp/authenticator/framework/authenticator/CertificateAuthenticator.java b/components/webapp-authenticator-framework/org.wso2.carbon.webapp.authenticator.framework/src/main/java/org/wso2/carbon/webapp/authenticator/framework/authenticator/CertificateAuthenticator.java
index 4bead3ad4f..6bccefe7ec 100644
--- a/components/webapp-authenticator-framework/org.wso2.carbon.webapp.authenticator.framework/src/main/java/org/wso2/carbon/webapp/authenticator/framework/authenticator/CertificateAuthenticator.java
+++ b/components/webapp-authenticator-framework/org.wso2.carbon.webapp.authenticator.framework/src/main/java/org/wso2/carbon/webapp/authenticator/framework/authenticator/CertificateAuthenticator.java
@@ -75,21 +75,30 @@ public class CertificateAuthenticator implements WebappAuthenticator {
// When there is a load balancer terminating mutual SSL, it should pass this header along and
// as the value of this header, the client certificate subject dn should be passed.
if (request.getHeader(PROXY_MUTUAL_AUTH_HEADER) != null) {
+ log.info("PROXY_MUTUAL_AUTH_HEADER " + request.getHeader(PROXY_MUTUAL_AUTH_HEADER));
CertificateResponse certificateResponse = AuthenticatorFrameworkDataHolder.getInstance().
getCertificateManagementService().verifySubjectDN(request.getHeader(PROXY_MUTUAL_AUTH_HEADER));
+ log.info("clientCertificate" + certificateResponse.getSerialNumber());
+ log.info("clientCertificate" + certificateResponse.getCommonName());
authenticationInfo = checkCertificateResponse(certificateResponse);
+ log.info("username" + authenticationInfo.getUsername());
}
else if (request.getHeader(MUTUAL_AUTH_HEADER) != null) {
+ log.info("MUTUAL_AUTH_HEADER");
Object object = request.getAttribute(CLIENT_CERTIFICATE_ATTRIBUTE);
X509Certificate[] clientCertificate = null;
if (object instanceof X509Certificate[]) {
+ log.info("clientCertificate");
clientCertificate = (X509Certificate[]) request.
getAttribute(CLIENT_CERTIFICATE_ATTRIBUTE);
}
if (clientCertificate != null && clientCertificate[0] != null) {
CertificateResponse certificateResponse = AuthenticatorFrameworkDataHolder.getInstance().
getCertificateManagementService().verifyPEMSignature(clientCertificate[0]);
+ log.info("clientCertificate" + certificateResponse.getSerialNumber());
+ log.info("clientCertificate" + certificateResponse.getCommonName());
authenticationInfo = checkCertificateResponse(certificateResponse);
+ log.info("username" + authenticationInfo.getUsername());
} else {
authenticationInfo.setStatus(Status.FAILURE);
diff --git a/components/webapp-authenticator-framework/org.wso2.carbon.webapp.authenticator.framework/src/main/java/org/wso2/carbon/webapp/authenticator/framework/authenticator/OneTimeTokenAuthenticator.java b/components/webapp-authenticator-framework/org.wso2.carbon.webapp.authenticator.framework/src/main/java/org/wso2/carbon/webapp/authenticator/framework/authenticator/OneTimeTokenAuthenticator.java
index 9d290c51da..539e8be13d 100644
--- a/components/webapp-authenticator-framework/org.wso2.carbon.webapp.authenticator.framework/src/main/java/org/wso2/carbon/webapp/authenticator/framework/authenticator/OneTimeTokenAuthenticator.java
+++ b/components/webapp-authenticator-framework/org.wso2.carbon.webapp.authenticator.framework/src/main/java/org/wso2/carbon/webapp/authenticator/framework/authenticator/OneTimeTokenAuthenticator.java
@@ -49,8 +49,18 @@ public class OneTimeTokenAuthenticator implements WebappAuthenticator {
try {
OTPManagementService otpManagementService = AuthenticatorFrameworkDataHolder.getInstance()
.getOtpManagementService();
- OneTimePinDTO validOTP = otpManagementService.isValidOTP(request.getHeader(Constants.HTTPHeaders
- .ONE_TIME_TOKEN_HEADER));
+ OneTimePinDTO validOTP;
+ if (request.getRequestURI().toString().endsWith("cloud/download-url")
+ || request.getRequestURI().toString().endsWith("cloud/tenant")) {
+ validOTP = otpManagementService.isValidOTP(request.getHeader(Constants.HTTPHeaders
+ .ONE_TIME_TOKEN_HEADER), true);
+ } else {
+ log.info("Validating OTP for enrollments PIN: " + request.getHeader(Constants
+ .HTTPHeaders.ONE_TIME_TOKEN_HEADER));
+ validOTP = otpManagementService.isValidOTP(request.getHeader(Constants.HTTPHeaders
+ .ONE_TIME_TOKEN_HEADER), false);
+ }
+
if (validOTP != null) {
authenticationInfo.setStatus(Status.CONTINUE);
authenticationInfo.setTenantId(validOTP.getTenantId());
From 209f2b66c94cc64c361d19a35feb4b341c4b97b5 Mon Sep 17 00:00:00 2001
From: Pahansith
Date: Sat, 13 May 2023 12:56:56 +0530
Subject: [PATCH 05/29] Add tenant based storing and loading SCEP certificates
---
.../mgt/core/dao/CertificateDAO.java | 10 +++++
.../dao/impl/AbstractCertificateDAOImpl.java | 36 +++++++++++++++++
.../mgt/core/impl/CertificateGenerator.java | 39 ++++++++++++++-----
.../mgt/core/impl/KeyStoreReader.java | 37 ++++++++++++++++++
.../exception/StorageManagementException.java | 32 +++++++++++++++
5 files changed, 145 insertions(+), 9 deletions(-)
diff --git a/components/certificate-mgt/org.wso2.carbon.certificate.mgt.core/src/main/java/org/wso2/carbon/certificate/mgt/core/dao/CertificateDAO.java b/components/certificate-mgt/org.wso2.carbon.certificate.mgt.core/src/main/java/org/wso2/carbon/certificate/mgt/core/dao/CertificateDAO.java
index cb97cf8892..fe1d829a82 100644
--- a/components/certificate-mgt/org.wso2.carbon.certificate.mgt.core/src/main/java/org/wso2/carbon/certificate/mgt/core/dao/CertificateDAO.java
+++ b/components/certificate-mgt/org.wso2.carbon.certificate.mgt.core/src/main/java/org/wso2/carbon/certificate/mgt/core/dao/CertificateDAO.java
@@ -51,6 +51,16 @@ public interface CertificateDAO {
*/
CertificateResponse retrieveCertificate(String serialNumber) throws CertificateManagementDAOException;
+ /**
+ * Obtain a certificated stored in the database by providing the common name and the tenant ID
+ *
+ * @param serialNumber Serial number (Common name) of the certificate
+ * @param tenantId ID of the certificate owning tenant
+ * @return representation of the certificate.
+ * @throws CertificateManagementDAOException if fails to read the certificate from the database
+ */
+ CertificateResponse retrieveCertificate(String serialNumber, int tenantId) throws CertificateManagementDAOException;
+
/**
* Get all the certificates in a paginated manner.
*
diff --git a/components/certificate-mgt/org.wso2.carbon.certificate.mgt.core/src/main/java/org/wso2/carbon/certificate/mgt/core/dao/impl/AbstractCertificateDAOImpl.java b/components/certificate-mgt/org.wso2.carbon.certificate.mgt.core/src/main/java/org/wso2/carbon/certificate/mgt/core/dao/impl/AbstractCertificateDAOImpl.java
index 4af136c987..e536eaf646 100644
--- a/components/certificate-mgt/org.wso2.carbon.certificate.mgt.core/src/main/java/org/wso2/carbon/certificate/mgt/core/dao/impl/AbstractCertificateDAOImpl.java
+++ b/components/certificate-mgt/org.wso2.carbon.certificate.mgt.core/src/main/java/org/wso2/carbon/certificate/mgt/core/dao/impl/AbstractCertificateDAOImpl.java
@@ -119,6 +119,42 @@ public abstract class AbstractCertificateDAOImpl implements CertificateDAO{
return certificateResponse;
}
+ @Override
+ public CertificateResponse retrieveCertificate(String serialNumber, int tenantId) throws CertificateManagementDAOException {
+ Connection conn;
+ PreparedStatement stmt = null;
+ ResultSet resultSet = null;
+ CertificateResponse certificateResponse = null;
+ try {
+ conn = this.getConnection();
+ String query =
+ "SELECT CERTIFICATE, SERIAL_NUMBER, TENANT_ID, USERNAME FROM"
+ + " DM_DEVICE_CERTIFICATE WHERE SERIAL_NUMBER = ? AND TENANT_ID = ? ";
+ stmt = conn.prepareStatement(query);
+ stmt.setString(1, serialNumber);
+ stmt.setInt(2, tenantId);
+ resultSet = stmt.executeQuery();
+
+ if (resultSet.next()) {
+ certificateResponse = new CertificateResponse();
+ byte[] certificateBytes = resultSet.getBytes("CERTIFICATE");
+ certificateResponse.setCertificate(certificateBytes);
+ certificateResponse.setSerialNumber(resultSet.getString("SERIAL_NUMBER"));
+ certificateResponse.setTenantId(resultSet.getInt("TENANT_ID"));
+ certificateResponse.setUsername(resultSet.getString("USERNAME"));
+ CertificateGenerator.extractCertificateDetails(certificateBytes, certificateResponse);
+ }
+ } catch (SQLException e) {
+ String errorMsg =
+ "Unable to get the read the certificate with serial" + serialNumber;
+ log.error(errorMsg, e);
+ throw new CertificateManagementDAOException(errorMsg, e);
+ } finally {
+ CertificateManagementDAOUtil.cleanupResources(stmt, resultSet);
+ }
+ return certificateResponse;
+ }
+
@Override
public List searchCertificate(String serialNumber)
throws CertificateManagementDAOException {
diff --git a/components/certificate-mgt/org.wso2.carbon.certificate.mgt.core/src/main/java/org/wso2/carbon/certificate/mgt/core/impl/CertificateGenerator.java b/components/certificate-mgt/org.wso2.carbon.certificate.mgt.core/src/main/java/org/wso2/carbon/certificate/mgt/core/impl/CertificateGenerator.java
index d686ff5115..5c9bbfad45 100755
--- a/components/certificate-mgt/org.wso2.carbon.certificate.mgt.core/src/main/java/org/wso2/carbon/certificate/mgt/core/impl/CertificateGenerator.java
+++ b/components/certificate-mgt/org.wso2.carbon.certificate.mgt.core/src/main/java/org/wso2/carbon/certificate/mgt/core/impl/CertificateGenerator.java
@@ -358,15 +358,31 @@ public class CertificateGenerator {
CertificateResponse lookUpCertificate = null;
KeyStoreReader keyStoreReader = new KeyStoreReader();
if (distinguishedName != null && !distinguishedName.isEmpty()) {
- if (distinguishedName.contains("/CN=")) {
- String[] dnSplits = distinguishedName.split("/");
- for (String dnPart : dnSplits) {
- if (dnPart.contains("CN=")) {
- String commonNameExtracted = dnPart.replace("CN=", "");
- lookUpCertificate = keyStoreReader.getCertificateBySerial(commonNameExtracted);
- break;
+ if (distinguishedName.contains("CN=")) {
+ String[] dnSplits = null;
+ if (distinguishedName.contains("/")) {
+ dnSplits = distinguishedName.split("/");
+ } else if (distinguishedName.contains(",")) {
+ //some older versions of nginx will forward the client certificate subject dn separated with commas
+ dnSplits = distinguishedName.split(",");
+ }
+ String commonNameExtracted = null;
+ int tenantId = 0;
+ if (dnSplits != null && dnSplits.length >= 1) {
+ for (String dnPart : dnSplits) {
+ if (dnPart.contains("CN=")) {
+ commonNameExtracted = dnPart.replace("CN=", "");
+ } else if (dnPart.contains("OU=")) {
+ //the OU of the certificate will be like OU=tenant_ ex: OU=tenant_-1234
+ //splitting by underscore to extract the tenant domain
+ String[] orgUnitSplits = dnPart.split("_");
+ tenantId = Integer.parseInt(orgUnitSplits[1]);
+ }
}
}
+
+ lookUpCertificate = keyStoreReader.getCertificateBySerial(commonNameExtracted, tenantId);
+
} else {
LdapName ldapName;
try {
@@ -807,8 +823,9 @@ public class CertificateGenerator {
X500Name issuerName = new X500Name(subjectDn);
String commonName = certificationRequest.getSubject().getRDNs(BCStyle.CN)[0].getFirst()
.getValue().toString();
- X500Name subjectName = new X500Name("O=" + commonName + "O=AndroidDevice,CN=" +
- serialNumber);
+ int tenantId = PrivilegedCarbonContext.getThreadLocalCarbonContext().getTenantId();
+ X500Name subjectName = new X500Name("O=" + commonName + ",CN=" +
+ serialNumber + ", OU=tenant_"+tenantId);
Date startDate = new Date(System.currentTimeMillis());
Date endDate = new Date(System.currentTimeMillis()
+ TimeUnit.DAYS.toMillis(365 * 100));
@@ -826,6 +843,10 @@ public class CertificateGenerator {
issuedCert = (X509Certificate) certificateFactory
.generateCertificate(new ByteArrayInputStream(encodedCertificate));
+ io.entgra.device.mgt.core.certificate.mgt.core.bean.Certificate certificate =
+ new io.entgra.device.mgt.core.certificate.mgt.core.bean.Certificate();
+ List certificates = new ArrayList<>();
+ certificate.setTenantId(tenantId);
org.wso2.carbon.certificate.mgt.core.bean.Certificate certificate =
new org.wso2.carbon.certificate.mgt.core.bean.Certificate();
List certificates = new ArrayList<>();
diff --git a/components/certificate-mgt/org.wso2.carbon.certificate.mgt.core/src/main/java/org/wso2/carbon/certificate/mgt/core/impl/KeyStoreReader.java b/components/certificate-mgt/org.wso2.carbon.certificate.mgt.core/src/main/java/org/wso2/carbon/certificate/mgt/core/impl/KeyStoreReader.java
index 60a7800863..921f11e794 100755
--- a/components/certificate-mgt/org.wso2.carbon.certificate.mgt.core/src/main/java/org/wso2/carbon/certificate/mgt/core/impl/KeyStoreReader.java
+++ b/components/certificate-mgt/org.wso2.carbon.certificate.mgt.core/src/main/java/org/wso2/carbon/certificate/mgt/core/impl/KeyStoreReader.java
@@ -275,6 +275,43 @@ public class KeyStoreReader {
return raPrivateKey;
}
+ public CertificateResponse getCertificateBySerial(String serialNumber, int tenantId) throws KeystoreException {
+ CertificateResponse certificateResponse = null;
+ try {
+ CertificateCacheManager cacheManager = CertificateCacheManagerImpl.getInstance();
+ certificateResponse = cacheManager.getCertificateBySerial(serialNumber);
+ if (certificateResponse == null) {
+ try {
+ CertificateManagementDAOFactory.openConnection();
+ certificateResponse = certDao.retrieveCertificate(serialNumber, tenantId);
+ } catch (SQLException e) {
+ String errorMsg = "Error when making a connection to the database.";
+ throw new KeystoreException(errorMsg, e);
+ } finally {
+ CertificateManagementDAOFactory.closeConnection();
+ }
+ if (certificateResponse != null && certificateResponse.getCertificate() != null) {
+ Certificate certificate = (Certificate) Serializer.deserialize(certificateResponse.getCertificate());
+ if (certificate instanceof X509Certificate) {
+ X509Certificate x509cert = (X509Certificate) certificate;
+ String commonName = CertificateGenerator.getCommonName(x509cert);
+ certificateResponse.setCommonName(commonName);
+ cacheManager.addCertificateBySerial(serialNumber, certificateResponse);
+ }
+ }
+ }
+ } catch (CertificateManagementDAOException e) {
+ String errorMsg = "Error when retrieving certificate from the the database for the serial number: " +
+ serialNumber;
+ throw new KeystoreException(errorMsg, e);
+
+ } catch (ClassNotFoundException | IOException e) {
+ String errorMsg = "Error when de-serializing saved certificate.";
+ throw new KeystoreException(errorMsg, e);
+ }
+ return certificateResponse;
+ }
+
public CertificateResponse getCertificateBySerial(String serialNumber) throws KeystoreException {
CertificateResponse certificateResponse = null;
try {
diff --git a/components/device-mgt/org.wso2.carbon.device.mgt.core/src/main/java/org/wso2/carbon/device/mgt/core/common/exception/StorageManagementException.java b/components/device-mgt/org.wso2.carbon.device.mgt.core/src/main/java/org/wso2/carbon/device/mgt/core/common/exception/StorageManagementException.java
index e69de29bb2..38985716de 100644
--- a/components/device-mgt/org.wso2.carbon.device.mgt.core/src/main/java/org/wso2/carbon/device/mgt/core/common/exception/StorageManagementException.java
+++ b/components/device-mgt/org.wso2.carbon.device.mgt.core/src/main/java/org/wso2/carbon/device/mgt/core/common/exception/StorageManagementException.java
@@ -0,0 +1,32 @@
+/* Copyright (c) 2023, Entgra (Pvt) Ltd. (http://www.entgra.io) All Rights Reserved.
+ *
+ * Entgra (Pvt) Ltd. licenses this file to you under the Apache License,
+ * Version 2.0 (the "License"); you may not use this file except
+ * in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing,
+ * software distributed under the License is distributed on an
+ * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+ * KIND, either express or implied. See the License for the
+ * specific language governing permissions and limitations
+ * under the License.
+ */
+
+package org.wso2.carbon.device.mgt.core.common.exception;
+
+/**
+ * Represents the exception thrown during storing and retrieving the artifacts.
+ */
+public class StorageManagementException extends Exception {
+ public StorageManagementException(String message, Throwable ex) {
+ super(message, ex);
+ }
+
+ public StorageManagementException(String message) {
+ super(message);
+ }
+}
+
From 7100b36e35e0d0ce9f61e4a5dcd25452060a3cc2 Mon Sep 17 00:00:00 2001
From: Pahansith
Date: Mon, 29 May 2023 12:27:50 +0530
Subject: [PATCH 06/29] Fix package name issue
---
.../certificate/mgt/core/impl/CertificateGenerator.java | 4 ----
1 file changed, 4 deletions(-)
diff --git a/components/certificate-mgt/org.wso2.carbon.certificate.mgt.core/src/main/java/org/wso2/carbon/certificate/mgt/core/impl/CertificateGenerator.java b/components/certificate-mgt/org.wso2.carbon.certificate.mgt.core/src/main/java/org/wso2/carbon/certificate/mgt/core/impl/CertificateGenerator.java
index 5c9bbfad45..e3973ed152 100755
--- a/components/certificate-mgt/org.wso2.carbon.certificate.mgt.core/src/main/java/org/wso2/carbon/certificate/mgt/core/impl/CertificateGenerator.java
+++ b/components/certificate-mgt/org.wso2.carbon.certificate.mgt.core/src/main/java/org/wso2/carbon/certificate/mgt/core/impl/CertificateGenerator.java
@@ -843,10 +843,6 @@ public class CertificateGenerator {
issuedCert = (X509Certificate) certificateFactory
.generateCertificate(new ByteArrayInputStream(encodedCertificate));
- io.entgra.device.mgt.core.certificate.mgt.core.bean.Certificate certificate =
- new io.entgra.device.mgt.core.certificate.mgt.core.bean.Certificate();
- List certificates = new ArrayList<>();
- certificate.setTenantId(tenantId);
org.wso2.carbon.certificate.mgt.core.bean.Certificate certificate =
new org.wso2.carbon.certificate.mgt.core.bean.Certificate();
List certificates = new ArrayList<>();
From 48be39a96386b5726b6ff5a92b44ea7d76af964d Mon Sep 17 00:00:00 2001
From: inoshperera
Date: Sun, 18 Jun 2023 12:22:01 +0530
Subject: [PATCH 07/29] Add the logic to save device id to certificate DB
partialy fixes https://roadmap.entgra.net/issues/10145
---
.../mgt/core/bean/Certificate.java | 9 +++++
.../mgt/core/dao/CertificateDAO.java | 11 ++++++
.../dao/impl/AbstractCertificateDAOImpl.java | 34 +++++++++++++++++++
.../mgt/core/impl/CertificateGenerator.java | 29 ++++++++++++++--
4 files changed, 80 insertions(+), 3 deletions(-)
diff --git a/components/certificate-mgt/org.wso2.carbon.certificate.mgt.core/src/main/java/org/wso2/carbon/certificate/mgt/core/bean/Certificate.java b/components/certificate-mgt/org.wso2.carbon.certificate.mgt.core/src/main/java/org/wso2/carbon/certificate/mgt/core/bean/Certificate.java
index 5ced778afa..40a9ef1c6c 100644
--- a/components/certificate-mgt/org.wso2.carbon.certificate.mgt.core/src/main/java/org/wso2/carbon/certificate/mgt/core/bean/Certificate.java
+++ b/components/certificate-mgt/org.wso2.carbon.certificate.mgt.core/src/main/java/org/wso2/carbon/certificate/mgt/core/bean/Certificate.java
@@ -25,6 +25,15 @@ public class Certificate {
X509Certificate certificate;
int tenantId;
String tenantDomain;
+ String deviceIdentifier;
+
+ public String getDeviceIdentifier() {
+ return deviceIdentifier;
+ }
+
+ public void setDeviceIdentifier(String deviceIdentifier) {
+ this.deviceIdentifier = deviceIdentifier;
+ }
public int getTenantId() {
return tenantId;
diff --git a/components/certificate-mgt/org.wso2.carbon.certificate.mgt.core/src/main/java/org/wso2/carbon/certificate/mgt/core/dao/CertificateDAO.java b/components/certificate-mgt/org.wso2.carbon.certificate.mgt.core/src/main/java/org/wso2/carbon/certificate/mgt/core/dao/CertificateDAO.java
index fe1d829a82..3204b8e7b9 100644
--- a/components/certificate-mgt/org.wso2.carbon.certificate.mgt.core/src/main/java/org/wso2/carbon/certificate/mgt/core/dao/CertificateDAO.java
+++ b/components/certificate-mgt/org.wso2.carbon.certificate.mgt.core/src/main/java/org/wso2/carbon/certificate/mgt/core/dao/CertificateDAO.java
@@ -41,6 +41,17 @@ public interface CertificateDAO {
void addCertificate(List certificate)
throws CertificateManagementDAOException;
+ /**
+ * This can be used to store a certificate in the database, where it will be stored against the serial number
+ * of the certificate.
+ *
+ * @param certificate Holds the certificate and relevant details.
+ * @throws CertificateManagementDAOException
+ *
+ */
+ void addCertificate(Certificate certificate)
+ throws CertificateManagementDAOException;
+
/**
* Usage is to obtain a certificate stored in the database by providing the common name.
*
diff --git a/components/certificate-mgt/org.wso2.carbon.certificate.mgt.core/src/main/java/org/wso2/carbon/certificate/mgt/core/dao/impl/AbstractCertificateDAOImpl.java b/components/certificate-mgt/org.wso2.carbon.certificate.mgt.core/src/main/java/org/wso2/carbon/certificate/mgt/core/dao/impl/AbstractCertificateDAOImpl.java
index e536eaf646..caa3bf1e19 100644
--- a/components/certificate-mgt/org.wso2.carbon.certificate.mgt.core/src/main/java/org/wso2/carbon/certificate/mgt/core/dao/impl/AbstractCertificateDAOImpl.java
+++ b/components/certificate-mgt/org.wso2.carbon.certificate.mgt.core/src/main/java/org/wso2/carbon/certificate/mgt/core/dao/impl/AbstractCertificateDAOImpl.java
@@ -81,6 +81,40 @@ public abstract class AbstractCertificateDAOImpl implements CertificateDAO{
}
}
+ @Override
+ public void addCertificate(Certificate certificate)
+ throws CertificateManagementDAOException {
+ Connection conn;
+ PreparedStatement stmt = null;
+ try {
+ conn = this.getConnection();
+ stmt = conn.prepareStatement(
+ "INSERT INTO DM_DEVICE_CERTIFICATE (SERIAL_NUMBER, CERTIFICATE, TENANT_ID," +
+ " USERNAME, DEVICE_IDENTIFIER) VALUES (?,?,?,?,?)");
+ PrivilegedCarbonContext threadLocalCarbonContext = PrivilegedCarbonContext.
+ getThreadLocalCarbonContext();
+ String username = threadLocalCarbonContext.getUsername();
+ // the serial number of the certificate used for its creation is set as its alias.
+ String serialNumber = certificate.getSerial();
+ if (serialNumber == null || serialNumber.isEmpty()) {
+ serialNumber = String.valueOf(certificate.getCertificate().getSerialNumber());
+ }
+ byte[] bytes = Serializer.serialize(certificate.getCertificate());
+
+ stmt.setString(1, serialNumber);
+ stmt.setBytes(2, bytes);
+ stmt.setInt(3, certificate.getTenantId());
+ stmt.setString(4, username);
+ stmt.setString(5, certificate.getDeviceIdentifier());
+ stmt.executeUpdate();
+ } catch (SQLException | IOException e) {
+ throw new CertificateManagementDAOException("Error occurred while saving the " +
+ "certificate. ", e);
+ } finally {
+ CertificateManagementDAOUtil.cleanupResources(stmt, null);
+ }
+ }
+
@Override
public CertificateResponse retrieveCertificate(String serialNumber)
throws CertificateManagementDAOException {
diff --git a/components/certificate-mgt/org.wso2.carbon.certificate.mgt.core/src/main/java/org/wso2/carbon/certificate/mgt/core/impl/CertificateGenerator.java b/components/certificate-mgt/org.wso2.carbon.certificate.mgt.core/src/main/java/org/wso2/carbon/certificate/mgt/core/impl/CertificateGenerator.java
index e3973ed152..2a43704688 100755
--- a/components/certificate-mgt/org.wso2.carbon.certificate.mgt.core/src/main/java/org/wso2/carbon/certificate/mgt/core/impl/CertificateGenerator.java
+++ b/components/certificate-mgt/org.wso2.carbon.certificate.mgt.core/src/main/java/org/wso2/carbon/certificate/mgt/core/impl/CertificateGenerator.java
@@ -710,6 +710,30 @@ public class CertificateGenerator {
}
}
+ public void saveCertificate(org.wso2.carbon.certificate.mgt.core.bean.Certificate
+ certificate) throws KeystoreException {
+
+ if (certificate == null) {
+ return;
+ }
+
+ try {
+ CertificateDAO certificateDAO = CertificateManagementDAOFactory.getCertificateDAO();
+ CertificateManagementDAOFactory.beginTransaction();
+ certificateDAO.addCertificate(certificate);
+ CertificateManagementDAOFactory.commitTransaction();
+ } catch (CertificateManagementDAOException e) {
+ String errorMsg = "Error occurred when saving the generated certificate in database";
+ log.error(errorMsg);
+ CertificateManagementDAOFactory.rollbackTransaction();
+ throw new KeystoreException(errorMsg, e);
+ } catch (TransactionManagementException e) {
+ String errorMsg = "Error occurred when saving the generated certificate in database";
+ log.error(errorMsg);
+ throw new KeystoreException(errorMsg, e);
+ }
+ }
+
public void saveCertInKeyStore(List certificate)
throws KeystoreException {
@@ -845,11 +869,10 @@ public class CertificateGenerator {
org.wso2.carbon.certificate.mgt.core.bean.Certificate certificate =
new org.wso2.carbon.certificate.mgt.core.bean.Certificate();
- List certificates = new ArrayList<>();
certificate.setTenantId(PrivilegedCarbonContext.getThreadLocalCarbonContext().getTenantId());
certificate.setCertificate(issuedCert);
- certificates.add(certificate);
- saveCertInKeyStore(certificates);
+ certificate.setDeviceIdentifier(commonName);
+ saveCertificate(certificate);
} catch (OperatorCreationException e) {
String errorMsg = "Error creating the content signer";
From 94408c7ce3f0f6fd4a97ec7bc6878fc147152e85 Mon Sep 17 00:00:00 2001
From: rajitha
Date: Thu, 15 Jun 2023 14:08:46 +0530
Subject: [PATCH 08/29] Add otp token
---
.../DeviceManagementConfigService.java | 7 +++-
.../DeviceManagementConfigServiceImpl.java | 37 ++++++++++++++++++-
.../config/jaxrs/util/DeviceMgtAPIUtils.java | 16 ++++++++
3 files changed, 57 insertions(+), 3 deletions(-)
diff --git a/components/device-mgt/io.entgra.carbon.device.mgt.config.api/src/main/java/io/entgra/carbon/device/mgt/config/jaxrs/service/DeviceManagementConfigService.java b/components/device-mgt/io.entgra.carbon.device.mgt.config.api/src/main/java/io/entgra/carbon/device/mgt/config/jaxrs/service/DeviceManagementConfigService.java
index d5fe117a63..1adeb44f17 100644
--- a/components/device-mgt/io.entgra.carbon.device.mgt.config.api/src/main/java/io/entgra/carbon/device/mgt/config/jaxrs/service/DeviceManagementConfigService.java
+++ b/components/device-mgt/io.entgra.carbon.device.mgt.config.api/src/main/java/io/entgra/carbon/device/mgt/config/jaxrs/service/DeviceManagementConfigService.java
@@ -156,7 +156,12 @@ public interface DeviceManagementConfigService {
value = "The properties list using for query a device",
required = true)
@QueryParam("properties")
- String properties);
+ String properties,
+ @ApiParam(
+ name = "withAccessToken",
+ value = "Whether to use access token or otp token for device configuration")
+ @QueryParam("withAccessToken")
+ boolean withAccessToken);
@PUT
@Path("/device/transfer")
diff --git a/components/device-mgt/io.entgra.carbon.device.mgt.config.api/src/main/java/io/entgra/carbon/device/mgt/config/jaxrs/service/impl/DeviceManagementConfigServiceImpl.java b/components/device-mgt/io.entgra.carbon.device.mgt.config.api/src/main/java/io/entgra/carbon/device/mgt/config/jaxrs/service/impl/DeviceManagementConfigServiceImpl.java
index 8aea316c55..cf2fc9c83a 100644
--- a/components/device-mgt/io.entgra.carbon.device.mgt.config.api/src/main/java/io/entgra/carbon/device/mgt/config/jaxrs/service/impl/DeviceManagementConfigServiceImpl.java
+++ b/components/device-mgt/io.entgra.carbon.device.mgt.config.api/src/main/java/io/entgra/carbon/device/mgt/config/jaxrs/service/impl/DeviceManagementConfigServiceImpl.java
@@ -35,8 +35,12 @@ import org.wso2.carbon.device.mgt.common.configuration.mgt.AmbiguousConfiguratio
import org.wso2.carbon.device.mgt.common.configuration.mgt.DeviceConfiguration;
import org.wso2.carbon.device.mgt.common.exceptions.DeviceManagementException;
import org.wso2.carbon.device.mgt.common.exceptions.DeviceNotFoundException;
+import org.wso2.carbon.device.mgt.common.exceptions.OTPManagementException;
import org.wso2.carbon.device.mgt.common.general.TenantDetail;
+import org.wso2.carbon.device.mgt.common.otp.mgt.OTPEmailTypes;
+import org.wso2.carbon.device.mgt.common.otp.mgt.dto.OneTimePinDTO;
import org.wso2.carbon.device.mgt.common.permission.mgt.PermissionManagementException;
+import org.wso2.carbon.device.mgt.common.spi.OTPManagementService;
import org.wso2.carbon.device.mgt.core.DeviceManagementConstants;
import org.wso2.carbon.device.mgt.core.config.DeviceConfigurationManager;
import org.wso2.carbon.device.mgt.core.config.DeviceManagementConfig;
@@ -77,7 +81,8 @@ public class DeviceManagementConfigServiceImpl implements DeviceManagementConfig
@Path("/configurations")
@Produces(MediaType.APPLICATION_JSON)
public Response getConfiguration(@HeaderParam("token") String token,
- @QueryParam("properties") String properties) {
+ @QueryParam("properties") String properties,
+ @QueryParam("withAccessToken") boolean withAccessToken) {
DeviceManagementProviderService dms = DeviceMgtAPIUtils.getDeviceManagementService();
try {
if (token == null || token.isEmpty()) {
@@ -102,7 +107,8 @@ public class DeviceManagementConfigServiceImpl implements DeviceManagementConfig
deviceProps.put("token", token);
DeviceConfiguration devicesConfiguration =
dms.getDeviceConfiguration(deviceProps);
- setAccessTokenToDeviceConfigurations(devicesConfiguration);
+ if (withAccessToken) setAccessTokenToDeviceConfigurations(devicesConfiguration);
+ else setOTPTokenToDeviceConfigurations(devicesConfiguration);
return Response.status(Response.Status.OK).entity(devicesConfiguration).build();
} catch (DeviceManagementException e) {
String msg = "Error occurred while retrieving configurations";
@@ -214,6 +220,33 @@ public class DeviceManagementConfigServiceImpl implements DeviceManagementConfig
}
}
+ private void setOTPTokenToDeviceConfigurations(DeviceConfiguration deviceConfiguration)
+ throws DeviceManagementException {
+ OneTimePinDTO oneTimePinData = new OneTimePinDTO();
+ oneTimePinData.setEmail(OTPEmailTypes.DEVICE_ENROLLMENT.toString());
+ oneTimePinData.setEmailType(OTPEmailTypes.DEVICE_ENROLLMENT.toString());
+ oneTimePinData.setUsername(deviceConfiguration.getDeviceOwner());
+ PrivilegedCarbonContext.startTenantFlow();
+ PrivilegedCarbonContext.getThreadLocalCarbonContext().setTenantDomain(
+ deviceConfiguration.getTenantDomain(), true);
+ oneTimePinData.setTenantId(PrivilegedCarbonContext.getThreadLocalCarbonContext().getTenantId());
+ PrivilegedCarbonContext.endTenantFlow();
+ OTPManagementService otpManagementService = DeviceMgtAPIUtils.getOtpManagementService();
+ try {
+ OneTimePinDTO oneTimePinDTO = otpManagementService.generateOneTimePin(oneTimePinData, true);
+ if (oneTimePinDTO == null) {
+ String msg = "Null value returned when generating OTP token for " + oneTimePinData.getOtpToken();
+ log.error(msg);
+ throw new DeviceManagementException(msg);
+ }
+ deviceConfiguration.setAccessToken(oneTimePinDTO.getOtpToken());
+ } catch (OTPManagementException ex) {
+ String msg = "Error occurred while generating one time pin: " + ex.getMessage();
+ log.error(msg, ex);
+ throw new DeviceManagementException(msg, ex);
+ }
+ }
+
@Override
@Path("/tenants")
@GET
diff --git a/components/device-mgt/io.entgra.carbon.device.mgt.config.api/src/main/java/io/entgra/carbon/device/mgt/config/jaxrs/util/DeviceMgtAPIUtils.java b/components/device-mgt/io.entgra.carbon.device.mgt.config.api/src/main/java/io/entgra/carbon/device/mgt/config/jaxrs/util/DeviceMgtAPIUtils.java
index cf098c6edc..7ad136cd7f 100644
--- a/components/device-mgt/io.entgra.carbon.device.mgt.config.api/src/main/java/io/entgra/carbon/device/mgt/config/jaxrs/util/DeviceMgtAPIUtils.java
+++ b/components/device-mgt/io.entgra.carbon.device.mgt.config.api/src/main/java/io/entgra/carbon/device/mgt/config/jaxrs/util/DeviceMgtAPIUtils.java
@@ -21,6 +21,7 @@ package io.entgra.carbon.device.mgt.config.jaxrs.util;
import org.apache.commons.logging.Log;
import org.apache.commons.logging.LogFactory;
import org.wso2.carbon.context.PrivilegedCarbonContext;
+import org.wso2.carbon.device.mgt.common.spi.OTPManagementService;
import org.wso2.carbon.device.mgt.core.service.DeviceManagementProviderService;
import org.wso2.carbon.user.core.service.RealmService;
@@ -34,6 +35,8 @@ public class DeviceMgtAPIUtils {
private static DeviceManagementProviderService deviceManagementProviderService = null;
private static RealmService realmService = null;
+ private static OTPManagementService otpManagementService = null;
+
public static DeviceManagementProviderService getDeviceManagementService() {
if (deviceManagementProviderService == null) {
PrivilegedCarbonContext ctx = PrivilegedCarbonContext.getThreadLocalCarbonContext();
@@ -48,6 +51,19 @@ public class DeviceMgtAPIUtils {
return deviceManagementProviderService;
}
+ public static OTPManagementService getOtpManagementService() {
+ if (otpManagementService == null) {
+ PrivilegedCarbonContext ctx = PrivilegedCarbonContext.getThreadLocalCarbonContext();
+ otpManagementService = (OTPManagementService) ctx.getOSGiService(OTPManagementService.class, null);
+ if (otpManagementService == null) {
+ String msg = "OTP Management Service has not initialized.";
+ log.error(msg);
+ throw new IllegalStateException(msg);
+ }
+ }
+ return otpManagementService;
+ }
+
public static RealmService getRealmService() {
if (realmService == null) {
PrivilegedCarbonContext ctx = PrivilegedCarbonContext.getThreadLocalCarbonContext();
From b18003a1cdcbc84deef9bd6eabeabdb38a05c60a Mon Sep 17 00:00:00 2001
From: Pahansith
Date: Wed, 21 Jun 2023 06:20:17 +0530
Subject: [PATCH 09/29] Add OTP based remote session implementation
---
.../mgt/common/otp/mgt/OTPEmailTypes.java | 2 +-
.../interceptor/DefaultTokenHandler.java | 100 +++++-------------
.../ui/request/interceptor/UserHandler.java | 1 +
.../interceptor/util/HandlerConstants.java | 1 +
.../request/interceptor/util/HandlerUtil.java | 12 +++
5 files changed, 44 insertions(+), 72 deletions(-)
diff --git a/components/device-mgt/org.wso2.carbon.device.mgt.common/src/main/java/org/wso2/carbon/device/mgt/common/otp/mgt/OTPEmailTypes.java b/components/device-mgt/org.wso2.carbon.device.mgt.common/src/main/java/org/wso2/carbon/device/mgt/common/otp/mgt/OTPEmailTypes.java
index 9a182a0b14..ecfbc63905 100644
--- a/components/device-mgt/org.wso2.carbon.device.mgt.common/src/main/java/org/wso2/carbon/device/mgt/common/otp/mgt/OTPEmailTypes.java
+++ b/components/device-mgt/org.wso2.carbon.device.mgt.common/src/main/java/org/wso2/carbon/device/mgt/common/otp/mgt/OTPEmailTypes.java
@@ -18,5 +18,5 @@
package org.wso2.carbon.device.mgt.common.otp.mgt;
public enum OTPEmailTypes {
- USER_VERIFY, DEVICE_ENROLLMENT, USER_INVITE
+ USER_VERIFY, DEVICE_ENROLLMENT, USER_INVITE, REMOTE_SESSION
}
diff --git a/components/ui-request-interceptor/io.entgra.ui.request.interceptor/src/main/java/io/entgra/ui/request/interceptor/DefaultTokenHandler.java b/components/ui-request-interceptor/io.entgra.ui.request.interceptor/src/main/java/io/entgra/ui/request/interceptor/DefaultTokenHandler.java
index b244a5ed67..661027d10e 100644
--- a/components/ui-request-interceptor/io.entgra.ui.request.interceptor/src/main/java/io/entgra/ui/request/interceptor/DefaultTokenHandler.java
+++ b/components/ui-request-interceptor/io.entgra.ui.request.interceptor/src/main/java/io/entgra/ui/request/interceptor/DefaultTokenHandler.java
@@ -18,21 +18,22 @@
package io.entgra.ui.request.interceptor;
import com.google.gson.Gson;
-import com.google.gson.JsonElement;
import com.google.gson.JsonObject;
-import com.google.gson.JsonParser;
-import io.entgra.ui.request.interceptor.beans.AuthData;
import io.entgra.ui.request.interceptor.util.HandlerConstants;
import io.entgra.ui.request.interceptor.util.HandlerUtil;
-import org.apache.commons.lang.StringUtils;
import org.apache.commons.logging.Log;
import org.apache.commons.logging.LogFactory;
-import org.apache.http.HttpHeaders;
import org.apache.http.HttpStatus;
-import org.apache.http.client.methods.HttpGet;
import org.apache.http.client.utils.URIBuilder;
-import org.apache.http.entity.ContentType;
import io.entgra.ui.request.interceptor.beans.ProxyResponse;
+import org.wso2.carbon.context.PrivilegedCarbonContext;
+import org.wso2.carbon.device.mgt.common.DeviceManagementConstants;
+import org.wso2.carbon.device.mgt.common.exceptions.OTPManagementException;
+import org.wso2.carbon.device.mgt.common.otp.mgt.OTPEmailTypes;
+import org.wso2.carbon.device.mgt.common.otp.mgt.dto.OneTimePinDTO;
+import org.wso2.carbon.device.mgt.common.spi.OTPManagementService;
+import org.wso2.carbon.user.api.UserStoreException;
+import org.wso2.carbon.user.core.service.RealmService;
import javax.servlet.annotation.MultipartConfig;
import javax.servlet.annotation.WebServlet;
@@ -54,71 +55,28 @@ public class DefaultTokenHandler extends HttpServlet {
HttpSession httpSession = req.getSession(false);
if (httpSession != null) {
- AuthData authData = (AuthData) httpSession.getAttribute(HandlerConstants.SESSION_AUTH_DATA_KEY);
- if (authData == null) {
- HandlerUtil.sendUnAuthorizeResponse(resp);
- return;
+ String userWithDomain = (String) httpSession.getAttribute(HandlerConstants.USERNAME_WITH_DOMAIN);
+ String[] userNameParts = userWithDomain.split("@");
+
+ OneTimePinDTO oneTimePinData = new OneTimePinDTO();
+ oneTimePinData.setEmail(OTPEmailTypes.REMOTE_SESSION.toString());
+ oneTimePinData.setEmailType(OTPEmailTypes.REMOTE_SESSION.toString());
+ oneTimePinData.setUsername(userNameParts[0]);
+ PrivilegedCarbonContext ctx = PrivilegedCarbonContext.getThreadLocalCarbonContext();
+ RealmService realmService = (RealmService) ctx.getOSGiService(RealmService.class, null);
+ try {
+ oneTimePinData.setTenantId(realmService.getTenantManager().getTenantId(userNameParts[1]));
+ } catch (UserStoreException e) {
+ throw new RuntimeException(e);
}
-
- AuthData defaultAuthData = (AuthData) httpSession
- .getAttribute(HandlerConstants.SESSION_DEFAULT_AUTH_DATA_KEY);
- if (defaultAuthData != null) {
- HandlerUtil.handleSuccess(resp, constructSuccessProxyResponse(defaultAuthData.getAccessToken()));
- return;
- }
-
- String clientId = authData.getClientId();
- String clientSecret = authData.getClientSecret();
-
- String queryString = req.getQueryString();
- String scopeString = "";
- if (StringUtils.isNotEmpty(queryString)) {
- scopeString = req.getParameter("scopes");
- if (scopeString != null) {
- scopeString = "?scopes=" + scopeString;
- }
- }
-
- String iotsCoreUrl = req.getScheme() + HandlerConstants.SCHEME_SEPARATOR
- + System.getProperty(HandlerConstants.IOT_GW_HOST_ENV_VAR)
- + HandlerConstants.COLON + HandlerUtil.getGatewayPort(req.getScheme());
- String tokenUrl = iotsCoreUrl + "/api/device-mgt/v1.0/devices/" + clientId
- + "/" + clientSecret + "/default-token" + scopeString;
-
- HttpGet defaultTokenRequest = new HttpGet(tokenUrl);
- defaultTokenRequest
- .setHeader(HttpHeaders.AUTHORIZATION, HandlerConstants.BEARER + authData.getAccessToken());
- defaultTokenRequest
- .setHeader(HttpHeaders.CONTENT_TYPE, ContentType.APPLICATION_FORM_URLENCODED.toString());
- ProxyResponse tokenResultResponse = HandlerUtil.execute(defaultTokenRequest);
-
- if (tokenResultResponse.getExecutorResponse().contains(HandlerConstants.EXECUTOR_EXCEPTION_PREFIX)) {
- log.error("Error occurred while invoking the API to get default token data.");
- HandlerUtil.handleError(resp, tokenResultResponse);
- return;
- }
- String tokenResult = tokenResultResponse.getData();
- if (tokenResult == null) {
- log.error("Invalid default token response is received.");
- HandlerUtil.handleError(resp, tokenResultResponse);
- return;
- }
-
- JsonParser jsonParser = new JsonParser();
- JsonElement jTokenResult = jsonParser.parse(tokenResult);
- if (jTokenResult.isJsonObject()) {
- JsonObject jTokenResultAsJsonObject = jTokenResult.getAsJsonObject();
- AuthData newDefaultAuthData = new AuthData();
- newDefaultAuthData.setClientId(clientId);
- newDefaultAuthData.setClientSecret(clientSecret);
-
- String defaultToken = jTokenResultAsJsonObject.get("accessToken").getAsString();
- newDefaultAuthData.setAccessToken(defaultToken);
- newDefaultAuthData.setRefreshToken(jTokenResultAsJsonObject.get("refreshToken").getAsString());
- newDefaultAuthData.setScope(jTokenResultAsJsonObject.get("scopes").getAsString());
- httpSession.setAttribute(HandlerConstants.SESSION_DEFAULT_AUTH_DATA_KEY, newDefaultAuthData);
-
- HandlerUtil.handleSuccess(resp, constructSuccessProxyResponse(defaultToken));
+ oneTimePinData.setExpiryTime(DeviceManagementConstants.OTPProperties.OTP_DEFAULT_EXPIRY_SECONDS);
+ OTPManagementService otpManagementService = HandlerUtil.getOTPManagementService();
+ try {
+ oneTimePinData = otpManagementService.generateOneTimePin(oneTimePinData, true);
+ HandlerUtil.handleSuccess(resp, constructSuccessProxyResponse(oneTimePinData.getOtpToken()));
+ } catch (OTPManagementException e) {
+ log.error("Failed while generating remote session OTP for user " + userWithDomain, e);
+ HandlerUtil.handleError(resp, HttpStatus.SC_INTERNAL_SERVER_ERROR);
}
} else {
HandlerUtil.sendUnAuthorizeResponse(resp);
diff --git a/components/ui-request-interceptor/io.entgra.ui.request.interceptor/src/main/java/io/entgra/ui/request/interceptor/UserHandler.java b/components/ui-request-interceptor/io.entgra.ui.request.interceptor/src/main/java/io/entgra/ui/request/interceptor/UserHandler.java
index 53be11141e..0061865583 100644
--- a/components/ui-request-interceptor/io.entgra.ui.request.interceptor/src/main/java/io/entgra/ui/request/interceptor/UserHandler.java
+++ b/components/ui-request-interceptor/io.entgra.ui.request.interceptor/src/main/java/io/entgra/ui/request/interceptor/UserHandler.java
@@ -120,6 +120,7 @@ public class UserHandler extends HttpServlet {
proxyResponse.setData(
jTokenResultAsJsonObject.get("username").getAsString().replaceAll("@carbon.super", ""));
HandlerUtil.handleSuccess(resp, proxyResponse);
+ httpSession.setAttribute(HandlerConstants.USERNAME_WITH_DOMAIN, jTokenResultAsJsonObject.get("username").getAsString());
log.info("Customer login", userLogContextBuilder.setUserName(proxyResponse.getData()).setUserRegistered(true).build());
}
} catch (IOException e) {
diff --git a/components/ui-request-interceptor/io.entgra.ui.request.interceptor/src/main/java/io/entgra/ui/request/interceptor/util/HandlerConstants.java b/components/ui-request-interceptor/io.entgra.ui.request.interceptor/src/main/java/io/entgra/ui/request/interceptor/util/HandlerConstants.java
index 27d6afaadc..a6aa8d6bff 100644
--- a/components/ui-request-interceptor/io.entgra.ui.request.interceptor/src/main/java/io/entgra/ui/request/interceptor/util/HandlerConstants.java
+++ b/components/ui-request-interceptor/io.entgra.ui.request.interceptor/src/main/java/io/entgra/ui/request/interceptor/util/HandlerConstants.java
@@ -106,4 +106,5 @@ public class HandlerConstants {
public static final String IOT_REPORTING_WEBAPP_HOST_ENV_VAR = "iot.reporting.webapp.host";
public static final String USER_SCOPES = "userScopes";
public static final String HUBSPOT_CHAT_URL = "api.hubapi.com";
+ public static final String USERNAME_WITH_DOMAIN = "usernameWithDomain";
}
diff --git a/components/ui-request-interceptor/io.entgra.ui.request.interceptor/src/main/java/io/entgra/ui/request/interceptor/util/HandlerUtil.java b/components/ui-request-interceptor/io.entgra.ui.request.interceptor/src/main/java/io/entgra/ui/request/interceptor/util/HandlerUtil.java
index b7376abddc..ab09718a04 100644
--- a/components/ui-request-interceptor/io.entgra.ui.request.interceptor/src/main/java/io/entgra/ui/request/interceptor/util/HandlerUtil.java
+++ b/components/ui-request-interceptor/io.entgra.ui.request.interceptor/src/main/java/io/entgra/ui/request/interceptor/util/HandlerUtil.java
@@ -55,6 +55,8 @@ import org.json.JSONException;
import org.json.JSONObject;
import org.w3c.dom.Document;
import io.entgra.ui.request.interceptor.beans.ProxyResponse;
+import org.wso2.carbon.context.PrivilegedCarbonContext;
+import org.wso2.carbon.device.mgt.common.spi.OTPManagementService;
import org.xml.sax.SAXException;
import javax.servlet.http.HttpServletRequest;
@@ -79,6 +81,8 @@ public class HandlerUtil {
private static boolean isLoginCacheInitialized = false;
private static AuthData authData;
+ private static OTPManagementService otpManagementService;
+
/***
*
* @param httpRequest - httpMethod e.g:- HttpPost, HttpGet
@@ -751,4 +755,12 @@ public class HandlerUtil {
public static boolean isPropertyDefined(String property) {
return StringUtils.isEmpty(System.getProperty(property));
}
+
+ public static OTPManagementService getOTPManagementService() {
+ if (otpManagementService == null) {
+ otpManagementService = (OTPManagementService) PrivilegedCarbonContext
+ .getThreadLocalCarbonContext().getOSGiService(OTPManagementService.class, null);
+ }
+ return otpManagementService;
+ }
}
From 577e3e938414a1d9fe60680104d83e1e72f75cba Mon Sep 17 00:00:00 2001
From: Pahansith
Date: Fri, 23 Jun 2023 20:39:12 +0530
Subject: [PATCH 10/29] Remove unnecessary logs
---
.../CertificateAuthenticator.java | 18 ++++++++----------
1 file changed, 8 insertions(+), 10 deletions(-)
diff --git a/components/webapp-authenticator-framework/org.wso2.carbon.webapp.authenticator.framework/src/main/java/org/wso2/carbon/webapp/authenticator/framework/authenticator/CertificateAuthenticator.java b/components/webapp-authenticator-framework/org.wso2.carbon.webapp.authenticator.framework/src/main/java/org/wso2/carbon/webapp/authenticator/framework/authenticator/CertificateAuthenticator.java
index 6bccefe7ec..031a195007 100644
--- a/components/webapp-authenticator-framework/org.wso2.carbon.webapp.authenticator.framework/src/main/java/org/wso2/carbon/webapp/authenticator/framework/authenticator/CertificateAuthenticator.java
+++ b/components/webapp-authenticator-framework/org.wso2.carbon.webapp.authenticator.framework/src/main/java/org/wso2/carbon/webapp/authenticator/framework/authenticator/CertificateAuthenticator.java
@@ -75,31 +75,29 @@ public class CertificateAuthenticator implements WebappAuthenticator {
// When there is a load balancer terminating mutual SSL, it should pass this header along and
// as the value of this header, the client certificate subject dn should be passed.
if (request.getHeader(PROXY_MUTUAL_AUTH_HEADER) != null) {
- log.info("PROXY_MUTUAL_AUTH_HEADER " + request.getHeader(PROXY_MUTUAL_AUTH_HEADER));
+ if (log.isDebugEnabled()) {
+ log.debug("PROXY_MUTUAL_AUTH_HEADER " + request.getHeader(PROXY_MUTUAL_AUTH_HEADER));
+ }
CertificateResponse certificateResponse = AuthenticatorFrameworkDataHolder.getInstance().
getCertificateManagementService().verifySubjectDN(request.getHeader(PROXY_MUTUAL_AUTH_HEADER));
- log.info("clientCertificate" + certificateResponse.getSerialNumber());
- log.info("clientCertificate" + certificateResponse.getCommonName());
authenticationInfo = checkCertificateResponse(certificateResponse);
- log.info("username" + authenticationInfo.getUsername());
+ if (log.isDebugEnabled()) {
+ log.debug("Certificate Serial : " + certificateResponse.getSerialNumber()
+ + ", CN : " + certificateResponse.getCommonName()
+ + " , username" + authenticationInfo.getUsername());
+ }
}
else if (request.getHeader(MUTUAL_AUTH_HEADER) != null) {
- log.info("MUTUAL_AUTH_HEADER");
Object object = request.getAttribute(CLIENT_CERTIFICATE_ATTRIBUTE);
X509Certificate[] clientCertificate = null;
if (object instanceof X509Certificate[]) {
- log.info("clientCertificate");
clientCertificate = (X509Certificate[]) request.
getAttribute(CLIENT_CERTIFICATE_ATTRIBUTE);
}
if (clientCertificate != null && clientCertificate[0] != null) {
CertificateResponse certificateResponse = AuthenticatorFrameworkDataHolder.getInstance().
getCertificateManagementService().verifyPEMSignature(clientCertificate[0]);
- log.info("clientCertificate" + certificateResponse.getSerialNumber());
- log.info("clientCertificate" + certificateResponse.getCommonName());
authenticationInfo = checkCertificateResponse(certificateResponse);
- log.info("username" + authenticationInfo.getUsername());
-
} else {
authenticationInfo.setStatus(Status.FAILURE);
authenticationInfo.setMessage("No client certificate is present");
From 389eb05084034a1b2920e274dd2a27872c71ca8a Mon Sep 17 00:00:00 2001
From: prathabanKavin
Date: Sun, 25 Jun 2023 20:04:36 +0530
Subject: [PATCH 11/29] Add device enrolment log for modifyenrolment
---
.../mgt/core/service/DeviceManagementProviderServiceImpl.java | 3 +++
1 file changed, 3 insertions(+)
diff --git a/components/device-mgt/io.entgra.device.mgt.core.device.mgt.core/src/main/java/io/entgra/device/mgt/core/device/mgt/core/service/DeviceManagementProviderServiceImpl.java b/components/device-mgt/io.entgra.device.mgt.core.device.mgt.core/src/main/java/io/entgra/device/mgt/core/device/mgt/core/service/DeviceManagementProviderServiceImpl.java
index 8dcaf1ebca..8043fbe567 100644
--- a/components/device-mgt/io.entgra.device.mgt.core.device.mgt.core/src/main/java/io/entgra/device/mgt/core/device/mgt/core/service/DeviceManagementProviderServiceImpl.java
+++ b/components/device-mgt/io.entgra.device.mgt.core.device.mgt.core/src/main/java/io/entgra/device/mgt/core/device/mgt/core/service/DeviceManagementProviderServiceImpl.java
@@ -466,6 +466,8 @@ public class DeviceManagementProviderServiceImpl implements DeviceManagementProv
if (log.isDebugEnabled()) {
log.debug("Modifying enrollment for device: " + device.getId() + " of type '" + device.getType() + "'");
}
+ String tenantDomain = PrivilegedCarbonContext.getThreadLocalCarbonContext().getTenantDomain();
+ String userName = PrivilegedCarbonContext.getThreadLocalCarbonContext().getUsername();
DeviceManager deviceManager = this.getDeviceManager(device.getType());
DeviceIdentifier deviceIdentifier = new DeviceIdentifier(device.getDeviceIdentifier(), device.getType());
if (deviceManager == null) {
@@ -494,6 +496,7 @@ public class DeviceManagementProviderServiceImpl implements DeviceManagementProv
enrollmentDAO.updateEnrollment(device.getEnrolmentInfo(), tenantId);
DeviceManagementDAOFactory.commitTransaction();
+ log.info("Device enrolled successfully", deviceEnrolmentLogContextBuilder.setDeviceId(String.valueOf(currentDevice.getId())).setDeviceType(String.valueOf(currentDevice.getType())).setOwner(currentDevice.getEnrolmentInfo().getOwner()).setOwnership(String.valueOf(currentDevice.getEnrolmentInfo().getOwnership())).setTenantID(String.valueOf(tenantId)).setTenantDomain(tenantDomain).setUserName(userName).build());
this.removeDeviceFromCache(deviceIdentifier);
} catch (DeviceManagementDAOException e) {
DeviceManagementDAOFactory.rollbackTransaction();
From 6109f58c49d420b868bf827ca809f67e6da86328 Mon Sep 17 00:00:00 2001
From: Oshani Silva
Date: Sun, 25 Jun 2023 19:14:59 +0000
Subject: [PATCH 12/29] Remove unwanted check in billing logic Co-authored-by:
Oshani Silva Co-committed-by: Oshani Silva
---
.../DeviceManagementProviderServiceImpl.java | 25 +++++++++++++------
1 file changed, 18 insertions(+), 7 deletions(-)
diff --git a/components/device-mgt/io.entgra.device.mgt.core.device.mgt.core/src/main/java/io/entgra/device/mgt/core/device/mgt/core/service/DeviceManagementProviderServiceImpl.java b/components/device-mgt/io.entgra.device.mgt.core.device.mgt.core/src/main/java/io/entgra/device/mgt/core/device/mgt/core/service/DeviceManagementProviderServiceImpl.java
index 8dcaf1ebca..0d2a3fb42c 100644
--- a/components/device-mgt/io.entgra.device.mgt.core.device.mgt.core/src/main/java/io/entgra/device/mgt/core/device/mgt/core/service/DeviceManagementProviderServiceImpl.java
+++ b/components/device-mgt/io.entgra.device.mgt.core.device.mgt.core/src/main/java/io/entgra/device/mgt/core/device/mgt/core/service/DeviceManagementProviderServiceImpl.java
@@ -156,6 +156,7 @@ import java.lang.reflect.Type;
import java.sql.SQLException;
import java.sql.Timestamp;
import java.time.LocalDateTime;
+import java.time.LocalTime;
import java.util.ArrayList;
import java.util.Calendar;
import java.util.Collection;
@@ -1069,7 +1070,15 @@ public class DeviceManagementProviderServiceImpl implements DeviceManagementProv
dateDiff = endDate.getTime() - device.getEnrolmentInfo().getDateOfEnrolment();
}
}
- long dateInDays = TimeUnit.DAYS.convert(dateDiff, TimeUnit.MILLISECONDS);
+
+ // Convert dateDiff to days as a decimal value
+ double dateDiffInDays = (double) dateDiff / (24 * 60 * 60 * 1000);
+
+ if (dateDiffInDays % 1 >= 0.9) {
+ dateDiffInDays = Math.ceil(dateDiffInDays);
+ }
+
+ long dateInDays = (long) dateDiffInDays;
double cost = (tenantCost.getCost() / 365) * dateInDays;
totalCost += cost;
device.setCost(Math.round(cost * 100.0) / 100.0);
@@ -1136,9 +1145,13 @@ public class DeviceManagementProviderServiceImpl implements DeviceManagementProv
long difference_In_Days = (difference_In_Time / (1000 * 60 * 60 * 24)) % 365;
+ if (difference_In_Time % (1000 * 60 * 60 * 24) >= 0.9 * (1000 * 60 * 60 * 24)) {
+ difference_In_Days++;
+ }
+
for (int i = 1; i <= difference_In_Years; i++) {
List allDevicesPerYear = new ArrayList<>();
- LocalDateTime oneYearAfterStart = startDate.toLocalDateTime().plusYears(1);
+ LocalDateTime oneYearAfterStart = startDate.toLocalDateTime().plusYears(1).with(LocalTime.of(23, 59, 59));;
Timestamp newStartDate;
Timestamp newEndDate;
@@ -1147,14 +1160,12 @@ public class DeviceManagementProviderServiceImpl implements DeviceManagementProv
remainingDaysConsidered = true;
oneYearAfterStart = startDate.toLocalDateTime();
newEndDate = endDate;
- } else if (Timestamp.valueOf(oneYearAfterStart).getTime() >= endDate.getTime()) {
- newEndDate = Timestamp.valueOf(oneYearAfterStart);
} else {
- oneYearAfterStart = startDate.toLocalDateTime().plusYears(1);
+ oneYearAfterStart = startDate.toLocalDateTime().plusYears(1).with(LocalTime.of(23, 59, 59));;
newEndDate = Timestamp.valueOf(oneYearAfterStart);
}
} else {
- oneYearAfterStart = startDate.toLocalDateTime().plusYears(1);
+ oneYearAfterStart = startDate.toLocalDateTime().plusYears(1).with(LocalTime.of(23, 59, 59));;
newEndDate = Timestamp.valueOf(oneYearAfterStart);
}
@@ -1177,7 +1188,7 @@ public class DeviceManagementProviderServiceImpl implements DeviceManagementProv
allDevices.addAll(billingResponse.getDevice());
totalCost = totalCost + billingResponse.getTotalCostPerYear();
deviceCount = deviceCount + billingResponse.getDeviceCount();
- LocalDateTime nextStartDate = oneYearAfterStart.plusDays(1);
+ LocalDateTime nextStartDate = oneYearAfterStart.plusDays(1).with(LocalTime.of(00, 00, 00));
startDate = Timestamp.valueOf(nextStartDate);
}
From 4a31d80660d687f97d48a119a9340b326a28ef8b Mon Sep 17 00:00:00 2001
From: nishan
Date: Thu, 15 Jun 2023 14:12:56 +0530
Subject: [PATCH 13/29] add api for get visible roles
---
.../service/api/RoleManagementService.java | 98 +++++++++++++++++++
.../impl/RoleManagementServiceImpl.java | 93 +++++++++++++++++-
2 files changed, 190 insertions(+), 1 deletion(-)
diff --git a/components/device-mgt/io.entgra.device.mgt.core.device.mgt.api/src/main/java/io/entgra/device/mgt/core/device/mgt/api/jaxrs/service/api/RoleManagementService.java b/components/device-mgt/io.entgra.device.mgt.core.device.mgt.api/src/main/java/io/entgra/device/mgt/core/device/mgt/api/jaxrs/service/api/RoleManagementService.java
index 07c2fe962f..8a3e4242cd 100644
--- a/components/device-mgt/io.entgra.device.mgt.core.device.mgt.api/src/main/java/io/entgra/device/mgt/core/device/mgt/api/jaxrs/service/api/RoleManagementService.java
+++ b/components/device-mgt/io.entgra.device.mgt.core.device.mgt.api/src/main/java/io/entgra/device/mgt/core/device/mgt/api/jaxrs/service/api/RoleManagementService.java
@@ -187,6 +187,104 @@ public interface RoleManagementService {
defaultValue = "5")
@QueryParam("limit") int limit);
+ @GET
+ @Path("/visible/{metaKey}")
+ @ApiOperation(
+ produces = MediaType.APPLICATION_JSON,
+ httpMethod = "GET",
+ value = "Getting the List of Visible Roles",
+ notes = "WSO2 IoTS supports role-based access control (RBAC) and role management. Using this API you can the list of roles that are in WSO2 IoTS.\n" +
+ "Note: Internal roles, roles created for service-providers, and application related roles will not be given in the output.",
+ tags = "Role Management",
+ extensions = {
+ @Extension(properties = {
+ @ExtensionProperty(name = Constants.SCOPE, value = "perm:roles:view")
+ })
+ }
+ )
+ @ApiResponses(value = {
+ @ApiResponse(
+ code = 200,
+ message = "OK. \n Successfully fetched the list of roles in WSO2 IoTS.",
+ response = RoleList.class,
+ responseHeaders = {
+ @ResponseHeader(
+ name = "Content-Type",
+ description = "The content type of the body"),
+ @ResponseHeader(
+ name = "ETag",
+ description = "Entity Tag of the response resource.\n" +
+ "Used by caches, or in conditional requests."),
+ @ResponseHeader(
+ name = "Last-Modified",
+ description = "Date and time the resource has been modified the last time.\n" +
+ "Used by caches, or in conditional requests."),
+ }),
+ @ApiResponse(
+ code = 304,
+ message = "Not Modified. \n Empty body because the client already has the latest version of the " +
+ "requested resource."),
+ @ApiResponse(
+ code = 404,
+ message = "Not Found. \n The specified resource does not exist.\n",
+ response = ErrorResponse.class),
+ @ApiResponse(
+ code = 406,
+ message = "Not Acceptable.\n The requested media type is not supported",
+ response = ErrorResponse.class),
+ @ApiResponse(
+ code = 500,
+ message = "Internal Server Error. \n Server error occurred while fetching the list of roles" +
+ " assigned to the specified user.",
+ response = ErrorResponse.class)
+ })
+ Response getVisibleRole(
+ @ApiParam(
+ name = "filter",
+ value = "Provide a character or a few characters in the role name.",
+ required = false)
+ @QueryParam("filter") String filter,
+ @ApiParam(
+ name = "user-store",
+ value = "The name of the UserStore you wish to get the list of roles.",
+ required = false)
+ @QueryParam("user-store") String userStoreName,
+ @ApiParam(
+ name = "If-Modified-Since",
+ value = "Checks if the requested variant was modified, since the specified date-time." +
+ "Provide the value in the following format: EEE, d MMM yyyy HH:mm:ss Z.\n" +
+ "Example: Mon, 05 Jan 2014 15:10:00 +0200",
+ required = false)
+ @HeaderParam("If-Modified-Since") String ifModifiedSince,
+ @ApiParam(
+ name = "offset",
+ value = "The starting pagination index for the complete list of qualified items.",
+ required = false,
+ defaultValue = "0")
+ @QueryParam("offset") int offset,
+ @ApiParam(
+ name = "limit",
+ value = "Provide how many role details you require from the starting pagination index/offset.",
+ required = false,
+ defaultValue = "5")
+ @QueryParam("limit") int limit,
+ @ApiParam(
+ name = "username",
+ value = "The username of the user.",
+ required = true,
+ defaultValue = "admin")
+ @QueryParam("username") String username,
+ @ApiParam(
+ name = "domain",
+ value = "The domain name of the user store.",
+ required = false)
+ @QueryParam("domain") String domain,
+ @ApiParam(
+ name = "metaKey",
+ value = "Key of the metadata",
+ required = true)
+ @PathParam("metaKey") String metaKey);
+
@GET
@Path("/filter/{prefix}")
@ApiOperation(
diff --git a/components/device-mgt/io.entgra.device.mgt.core.device.mgt.api/src/main/java/io/entgra/device/mgt/core/device/mgt/api/jaxrs/service/impl/RoleManagementServiceImpl.java b/components/device-mgt/io.entgra.device.mgt.core.device.mgt.api/src/main/java/io/entgra/device/mgt/core/device/mgt/api/jaxrs/service/impl/RoleManagementServiceImpl.java
index 635d89afde..12b0b810da 100644
--- a/components/device-mgt/io.entgra.device.mgt.core.device.mgt.api/src/main/java/io/entgra/device/mgt/core/device/mgt/api/jaxrs/service/impl/RoleManagementServiceImpl.java
+++ b/components/device-mgt/io.entgra.device.mgt.core.device.mgt.api/src/main/java/io/entgra/device/mgt/core/device/mgt/api/jaxrs/service/impl/RoleManagementServiceImpl.java
@@ -17,7 +17,13 @@
*/
package io.entgra.device.mgt.core.device.mgt.api.jaxrs.service.impl;
+import io.entgra.device.mgt.core.device.mgt.common.exceptions.MetadataManagementException;
+import io.entgra.device.mgt.core.device.mgt.common.metadata.mgt.Metadata;
+import org.apache.axis2.databinding.types.xsd._boolean;
import org.apache.commons.logging.Log;
+import org.json.simple.JSONObject;
+import org.json.simple.parser.JSONParser;
+import org.json.simple.parser.ParseException;
import org.apache.commons.logging.LogFactory;
import org.wso2.carbon.CarbonConstants;
import org.wso2.carbon.base.MultitenantConstants;
@@ -97,6 +103,91 @@ public class RoleManagementServiceImpl implements RoleManagementService {
}
}
+ @GET
+ @Path("/visible/{metaKey}")
+ @Override
+ public Response getVisibleRole(
+ @QueryParam("filter") String filter,
+ @QueryParam("user-store") String userStore,
+ @HeaderParam("If-Modified-Since") String ifModifiedSince,
+ @QueryParam("offset") int offset, @QueryParam("limit") int limit,
+ @QueryParam("username") String username, @QueryParam("domain") String domain,
+ @PathParam("metaKey") String metaKey) {
+ RequestValidationUtil.validatePaginationParameters(offset, limit);
+ if (limit == 0){
+ limit = Constants.DEFAULT_PAGE_LIMIT;
+ }
+ if (domain != null && !domain.isEmpty()) {
+ username = domain + '/' + username;
+ }
+ Metadata metadata;
+ List visibleRoles;
+ RoleList visibleRoleList = new RoleList();
+ try {
+ metadata = DeviceMgtAPIUtils.getMetadataManagementService().retrieveMetadata(metaKey);
+ String metaValue = metadata.getMetaValue();
+ JSONParser parser = new JSONParser();
+ JSONObject jsonObject = (JSONObject) parser.parse(metaValue);
+ boolean decision = (boolean) jsonObject.get("isUserAbleToViewAllRoles");
+ if (decision) {
+ if(userStore == null || "".equals(userStore)){
+ userStore = PRIMARY_USER_STORE;
+ }
+ try{
+ visibleRoles =getRolesFromUserStore(filter, userStore);
+ visibleRoleList.setList(visibleRoles);
+
+ visibleRoles = FilteringUtil.getFilteredList(getRolesFromUserStore(filter, userStore), offset, limit);
+ visibleRoleList.setList(visibleRoles);
+
+ return Response.status(Response.Status.OK).entity(visibleRoleList).build();
+ } catch (UserStoreException e) {
+ String msg = "Error occurred while retrieving roles from the underlying user stores";
+ log.error(msg, e);
+ return Response.serverError().entity(
+ new ErrorResponse.ErrorResponseBuilder().setMessage(msg).build()).build();
+ }
+ } else {
+ try{UserStoreManager userStoreManager = DeviceMgtAPIUtils.getUserStoreManager();
+ if (!userStoreManager.isExistingUser(username)) {
+ if (log.isDebugEnabled()) {
+ log.debug("User by username: " + username + " does not exist for role retrieval.");
+ }
+ String msg = "User by username: " + username + " does not exist for role retrieval.";
+ return Response.status(Response.Status.NOT_FOUND).entity(msg).build();
+ }
+ visibleRoleList.setList(getFilteredVisibleRoles(userStoreManager, username));
+
+ return Response.status(Response.Status.OK).entity(visibleRoleList).build();
+ }catch (UserStoreException e) {
+ String msg = "Error occurred while trying to retrieve roles of the user '" + username + "'";
+ log.error(msg, e);
+ return Response.serverError().entity(
+ new ErrorResponse.ErrorResponseBuilder().setMessage(msg).build()).build();
+ }
+ }
+ } catch (MetadataManagementException e) {
+ String msg = "Error occurred while getting the metadata entry for metaKey:" + metaKey;
+ log.error(msg, e);
+ return Response.status(Response.Status.INTERNAL_SERVER_ERROR).entity(msg).build();
+ } catch (ParseException e) {
+ throw new RuntimeException(e);
+ }
+ }
+
+ private List getFilteredVisibleRoles(UserStoreManager userStoreManager, String username)
+ throws UserStoreException {
+ String[] roleListOfUser;
+ roleListOfUser = userStoreManager.getRoleListOfUser(username);
+ List filteredRoles = new ArrayList<>();
+ for (String role : roleListOfUser) {
+ if (!(role.startsWith("Internal/") || role.startsWith("Authentication/"))) {
+ filteredRoles.add(role);
+ }
+ }
+ return filteredRoles;
+ }
+
@GET
@Path("/filter/{prefix}")
@Override
@@ -597,7 +688,7 @@ public class RoleManagementServiceImpl implements RoleManagementService {
userStoreManager.updateUserListOfRole(roleName, usersToDelete, usersToAdd);
return Response.status(Response.Status.OK).entity("Role '" + roleName + "' has " +
- "successfully been updated with the user list")
+ "successfully been updated with the user list")
.build();
} catch (UserStoreException e) {
String msg = "Error occurred while updating the users of the role '" + roleName + "'";
From cd962b8d24b9f02c1475d9e9b5c2bbdfa72c5f87 Mon Sep 17 00:00:00 2001
From: nishan
Date: Mon, 26 Jun 2023 07:28:53 +0530
Subject: [PATCH 14/29] Remove the user has role validation
---
.../application/mgt/core/impl/ApplicationManagerImpl.java | 7 -------
1 file changed, 7 deletions(-)
diff --git a/components/application-mgt/io.entgra.device.mgt.core.application.mgt.core/src/main/java/io/entgra/device/mgt/core/application/mgt/core/impl/ApplicationManagerImpl.java b/components/application-mgt/io.entgra.device.mgt.core.application.mgt.core/src/main/java/io/entgra/device/mgt/core/application/mgt/core/impl/ApplicationManagerImpl.java
index b7fd8f23b5..1b718fa9d7 100644
--- a/components/application-mgt/io.entgra.device.mgt.core.application.mgt.core/src/main/java/io/entgra/device/mgt/core/application/mgt/core/impl/ApplicationManagerImpl.java
+++ b/components/application-mgt/io.entgra.device.mgt.core.application.mgt.core/src/main/java/io/entgra/device/mgt/core/application/mgt/core/impl/ApplicationManagerImpl.java
@@ -3658,13 +3658,6 @@ public class ApplicationManagerImpl implements ApplicationManager {
log.error(msg);
throw new ApplicationManagementException(msg);
}
- if (!hasUserRole(unrestrictedRoles, userName)) {
- String msg = "You are trying to restrict the visibility of the application for a role set, but "
- + "in order to perform the action at least one role should be assigned to user: "
- + userName;
- log.error(msg);
- throw new BadRequestException(msg);
- }
}
Filter filter = new Filter();
From 763cd7df25ed0b1c299a07056f3adfdb4cdfbf87 Mon Sep 17 00:00:00 2001
From: Pahansith
Date: Mon, 26 Jun 2023 13:43:13 +0530
Subject: [PATCH 15/29] Fix missing imports
---
.../api/service/impl/DeviceManagementConfigServiceImpl.java | 4 ++++
.../core/otp/mgt/dao/impl/GenericOTPManagementDAOImpl.java | 1 +
2 files changed, 5 insertions(+)
diff --git a/components/device-mgt/io.entgra.device.mgt.core.device.mgt.config.api/src/main/java/io/entgra/device/mgt/core/device/mgt/config/api/service/impl/DeviceManagementConfigServiceImpl.java b/components/device-mgt/io.entgra.device.mgt.core.device.mgt.config.api/src/main/java/io/entgra/device/mgt/core/device/mgt/config/api/service/impl/DeviceManagementConfigServiceImpl.java
index 556baf75e0..c7b191704e 100644
--- a/components/device-mgt/io.entgra.device.mgt.core.device.mgt.config.api/src/main/java/io/entgra/device/mgt/core/device/mgt/config/api/service/impl/DeviceManagementConfigServiceImpl.java
+++ b/components/device-mgt/io.entgra.device.mgt.core.device.mgt.config.api/src/main/java/io/entgra/device/mgt/core/device/mgt/config/api/service/impl/DeviceManagementConfigServiceImpl.java
@@ -21,6 +21,10 @@ import com.fasterxml.jackson.core.JsonParseException;
import com.fasterxml.jackson.core.type.TypeReference;
import com.fasterxml.jackson.databind.JsonMappingException;
import com.fasterxml.jackson.databind.ObjectMapper;
+import io.entgra.device.mgt.core.device.mgt.common.exceptions.OTPManagementException;
+import io.entgra.device.mgt.core.device.mgt.common.otp.mgt.OTPEmailTypes;
+import io.entgra.device.mgt.core.device.mgt.common.otp.mgt.dto.OneTimePinDTO;
+import io.entgra.device.mgt.core.device.mgt.common.spi.OTPManagementService;
import io.entgra.device.mgt.core.device.mgt.config.api.beans.ErrorResponse;
import io.entgra.device.mgt.core.device.mgt.config.api.service.DeviceManagementConfigService;
import io.entgra.device.mgt.core.device.mgt.config.api.util.DeviceMgtAPIUtils;
diff --git a/components/device-mgt/io.entgra.device.mgt.core.device.mgt.core/src/main/java/io/entgra/device/mgt/core/device/mgt/core/otp/mgt/dao/impl/GenericOTPManagementDAOImpl.java b/components/device-mgt/io.entgra.device.mgt.core.device.mgt.core/src/main/java/io/entgra/device/mgt/core/device/mgt/core/otp/mgt/dao/impl/GenericOTPManagementDAOImpl.java
index 419a72549b..e5755cd999 100644
--- a/components/device-mgt/io.entgra.device.mgt.core.device.mgt.core/src/main/java/io/entgra/device/mgt/core/device/mgt/core/otp/mgt/dao/impl/GenericOTPManagementDAOImpl.java
+++ b/components/device-mgt/io.entgra.device.mgt.core.device.mgt.core/src/main/java/io/entgra/device/mgt/core/device/mgt/core/otp/mgt/dao/impl/GenericOTPManagementDAOImpl.java
@@ -18,6 +18,7 @@
package io.entgra.device.mgt.core.device.mgt.core.otp.mgt.dao.impl;
+import io.entgra.device.mgt.core.device.mgt.common.DeviceManagementConstants;
import org.apache.commons.logging.Log;
import org.apache.commons.logging.LogFactory;
import io.entgra.device.mgt.core.device.mgt.common.exceptions.DBConnectionException;
From 7073deb4619c601b52b4487df5d5560c780e818c Mon Sep 17 00:00:00 2001
From: navodzoysa
Date: Mon, 26 Jun 2023 14:15:29 +0530
Subject: [PATCH 16/29] Fix skip app release error
---
.../application/mgt/core/impl/ApplicationManagerImpl.java | 6 +++---
.../device/mgt/core/application/mgt/core/util/APIUtil.java | 3 +--
2 files changed, 4 insertions(+), 5 deletions(-)
diff --git a/components/application-mgt/io.entgra.device.mgt.core.application.mgt.core/src/main/java/io/entgra/device/mgt/core/application/mgt/core/impl/ApplicationManagerImpl.java b/components/application-mgt/io.entgra.device.mgt.core.application.mgt.core/src/main/java/io/entgra/device/mgt/core/application/mgt/core/impl/ApplicationManagerImpl.java
index b7fd8f23b5..51dc57868d 100644
--- a/components/application-mgt/io.entgra.device.mgt.core.application.mgt.core/src/main/java/io/entgra/device/mgt/core/application/mgt/core/impl/ApplicationManagerImpl.java
+++ b/components/application-mgt/io.entgra.device.mgt.core.application.mgt.core/src/main/java/io/entgra/device/mgt/core/application/mgt/core/impl/ApplicationManagerImpl.java
@@ -1283,13 +1283,13 @@ public class ApplicationManagerImpl implements ApplicationManager {
this.changeLifecycleState(applicationReleaseDTO, lifecycleChanger);
}
}
+ if (applicationDTO.getType().equals("ENTERPRISE") || applicationDTO.getType().equals("PUBLIC") ) {
+ persistAppIconInfo(applicationReleaseDTO);
+ }
applicationReleaseEntities.add(applicationReleaseDTO);
}
applicationDTO.setId(appId);
applicationDTO.setApplicationReleaseDTOs(applicationReleaseEntities);
- if (applicationDTO.getType().equals("ENTERPRISE") || applicationDTO.getType().equals("PUBLIC") ) {
- persistAppIconInfo(applicationReleaseDTO);
- }
return APIUtil.appDtoToAppResponse(applicationDTO);
}
} catch (LifeCycleManagementDAOException e) {
diff --git a/components/application-mgt/io.entgra.device.mgt.core.application.mgt.core/src/main/java/io/entgra/device/mgt/core/application/mgt/core/util/APIUtil.java b/components/application-mgt/io.entgra.device.mgt.core.application.mgt.core/src/main/java/io/entgra/device/mgt/core/application/mgt/core/util/APIUtil.java
index 407b4ebcac..b33fce5bf2 100644
--- a/components/application-mgt/io.entgra.device.mgt.core.application.mgt.core/src/main/java/io/entgra/device/mgt/core/application/mgt/core/util/APIUtil.java
+++ b/components/application-mgt/io.entgra.device.mgt.core.application.mgt.core/src/main/java/io/entgra/device/mgt/core/application/mgt/core/util/APIUtil.java
@@ -521,7 +521,6 @@ public class APIUtil {
public static String createAppIconPath(ApplicationReleaseDTO applicationReleaseDTO, int tenantId) throws ApplicationManagementException {
String basePath = getArtifactDownloadBaseURL() + tenantId + Constants.FORWARD_SLASH + applicationReleaseDTO
.getAppHashValue() + Constants.FORWARD_SLASH;
- String iconPath = basePath + Constants.ICON_ARTIFACT + Constants.FORWARD_SLASH + applicationReleaseDTO.getIconName();
- return iconPath;
+ return basePath + Constants.ICON_ARTIFACT + Constants.FORWARD_SLASH + applicationReleaseDTO.getIconName();
}
}
From d5270c720c394df20484b0f2b8936ffc49453d95 Mon Sep 17 00:00:00 2001
From: rajitha
Date: Tue, 27 Jun 2023 13:26:05 +0530
Subject: [PATCH 17/29] Update invite link
---
.../mgt/service/OTPManagementServiceImpl.java | 19 -------------------
.../email/templates/user-enrollment.vm | 2 +-
2 files changed, 1 insertion(+), 20 deletions(-)
diff --git a/components/device-mgt/io.entgra.device.mgt.core.device.mgt.core/src/main/java/io/entgra/device/mgt/core/device/mgt/core/otp/mgt/service/OTPManagementServiceImpl.java b/components/device-mgt/io.entgra.device.mgt.core.device.mgt.core/src/main/java/io/entgra/device/mgt/core/device/mgt/core/otp/mgt/service/OTPManagementServiceImpl.java
index ebf75b841e..d8872be921 100644
--- a/components/device-mgt/io.entgra.device.mgt.core.device.mgt.core/src/main/java/io/entgra/device/mgt/core/device/mgt/core/otp/mgt/service/OTPManagementServiceImpl.java
+++ b/components/device-mgt/io.entgra.device.mgt.core.device.mgt.core/src/main/java/io/entgra/device/mgt/core/device/mgt/core/otp/mgt/service/OTPManagementServiceImpl.java
@@ -237,9 +237,6 @@ public class OTPManagementServiceImpl implements OTPManagementService {
}
}
}
- int tenantId = CarbonContext.getThreadLocalCarbonContext().getTenantId();
- OneTimePinDTO oneTimePinDTO;
- List oneTimePinDTOList = new ArrayList<>();
Properties props = new Properties();
props.setProperty("enrollment-steps", enrollmentSteps.toString());
try {
@@ -247,22 +244,11 @@ public class OTPManagementServiceImpl implements OTPManagementService {
for (String username : deviceEnrollmentInvitation.getUsernames()) {
String emailAddress = DeviceManagerUtil.getUserClaimValue(
username, DeviceManagementConstants.User.CLAIM_EMAIL_ADDRESS);
-
- OneTimePinDTO oneTimePinData = new OneTimePinDTO();
- oneTimePinData.setEmail(emailAddress);
- oneTimePinData.setTenantId(tenantId);
- oneTimePinData.setUsername(username);
- oneTimePinData.setEmailType(OTPEmailTypes.USER_INVITE.toString());
-
- oneTimePinDTO = generateOneTimePin(oneTimePinData, false);
- oneTimePinDTOList.add(oneTimePinDTO);
props.setProperty("first-name", DeviceManagerUtil.
getUserClaimValue(username, DeviceManagementConstants.User.CLAIM_FIRST_NAME));
props.setProperty("username", username);
- props.setProperty("otp-token", oneTimePinDTO.getOtpToken());
sendMail(props, emailAddress, DeviceManagementConstants.EmailAttributes.USER_ENROLLMENT_TEMPLATE);
}
- this.otpManagementDAO.addOTPData(oneTimePinDTOList);
ConnectionManagerUtil.commitDBTransaction();
} catch (UserStoreException e) {
String msg = "Error occurred while getting claim values to invite user";
@@ -276,11 +262,6 @@ public class OTPManagementServiceImpl implements OTPManagementService {
String msg = "SQL Error occurred when adding OPT data to send device enrollment Invitation.";
log.error(msg, e);
throw new OTPManagementException(msg, e);
- } catch (OTPManagementDAOException e) {
- ConnectionManagerUtil.rollbackDBTransaction();
- String msg = "Error occurred while saving the OTP data.";
- log.error(msg, e);
- throw new OTPManagementException(msg, e);
} finally {
ConnectionManagerUtil.closeDBConnection();
}
diff --git a/features/transport-mgt/email-sender/io.entgra.device.mgt.core.email.sender.feature/src/main/resources/email/templates/user-enrollment.vm b/features/transport-mgt/email-sender/io.entgra.device.mgt.core.email.sender.feature/src/main/resources/email/templates/user-enrollment.vm
index 7765bcdda2..ef5307de33 100644
--- a/features/transport-mgt/email-sender/io.entgra.device.mgt.core.email.sender.feature/src/main/resources/email/templates/user-enrollment.vm
+++ b/features/transport-mgt/email-sender/io.entgra.device.mgt.core.email.sender.feature/src/main/resources/email/templates/user-enrollment.vm
@@ -37,7 +37,7 @@
You have been invited to enrol your device in Entgra IoT Server.
- Click here to begin device enrolment.
+ Click here to begin device enrolment.
Enrollment Steps are as below,
From 498dc7ae340c6c864905484f6103515485c82584 Mon Sep 17 00:00:00 2001
From: Thilina Sandaruwan
Date: Tue, 27 Jun 2023 08:57:23 +0000
Subject: [PATCH 18/29] HierarchicalGrouping (#153)
Goals
Complete hierarchical grouping task
https://roadmap.entgra.net/issues/9528 and https://roadmap.entgra.net/issues/9529
Approach
Fix the encountered issues
Co-authored-by: ThilinaPremachandra
Co-authored-by: Pahansith Gunathilake
Reviewed-on: https://repository.entgra.net/community/device-mgt-core/pulls/153
Co-authored-by: Thilina Sandaruwan
Co-committed-by: Thilina Sandaruwan
---
.../core/device/mgt/core/dao/GroupDAO.java | 13 ++++
.../core/dao/impl/AbstractGroupDAOImpl.java | 78 +++++++++++++++++--
.../GroupManagementProviderServiceImpl.java | 14 +++-
3 files changed, 97 insertions(+), 8 deletions(-)
diff --git a/components/device-mgt/io.entgra.device.mgt.core.device.mgt.core/src/main/java/io/entgra/device/mgt/core/device/mgt/core/dao/GroupDAO.java b/components/device-mgt/io.entgra.device.mgt.core.device.mgt.core/src/main/java/io/entgra/device/mgt/core/device/mgt/core/dao/GroupDAO.java
index e1639e6262..fe639e63e1 100644
--- a/components/device-mgt/io.entgra.device.mgt.core.device.mgt.core/src/main/java/io/entgra/device/mgt/core/device/mgt/core/dao/GroupDAO.java
+++ b/components/device-mgt/io.entgra.device.mgt.core.device.mgt.core/src/main/java/io/entgra/device/mgt/core/device/mgt/core/dao/GroupDAO.java
@@ -212,6 +212,19 @@ public interface GroupDAO {
*/
List getGroups(GroupPaginationRequest paginationRequest, int tenantId) throws GroupManagementDAOException;
+ /**
+ * Get paginated list of Device Groups in tenant with specified device group ids.
+ *
+ * @param paginationRequest to filter results.
+ * @param deviceGroupIds of groups required.
+ * @param tenantId of user's tenant.
+ * @param isWithParentPath of user's ParentPath.
+ * @return List of all Device Groups in tenant.
+ * @throws GroupManagementDAOException
+ */
+ List getGroups(GroupPaginationRequest paginationRequest, List deviceGroupIds,
+ int tenantId, boolean isWithParentPath) throws GroupManagementDAOException;
+
/**
* Get paginated list of Device Groups in tenant with specified device group ids.
*
diff --git a/components/device-mgt/io.entgra.device.mgt.core.device.mgt.core/src/main/java/io/entgra/device/mgt/core/device/mgt/core/dao/impl/AbstractGroupDAOImpl.java b/components/device-mgt/io.entgra.device.mgt.core.device.mgt.core/src/main/java/io/entgra/device/mgt/core/device/mgt/core/dao/impl/AbstractGroupDAOImpl.java
index 937b975259..480bc735b0 100644
--- a/components/device-mgt/io.entgra.device.mgt.core.device.mgt.core/src/main/java/io/entgra/device/mgt/core/device/mgt/core/dao/impl/AbstractGroupDAOImpl.java
+++ b/components/device-mgt/io.entgra.device.mgt.core.device.mgt.core/src/main/java/io/entgra/device/mgt/core/device/mgt/core/dao/impl/AbstractGroupDAOImpl.java
@@ -108,7 +108,7 @@ public abstract class AbstractGroupDAOImpl implements GroupDAO {
@Override
public List getGroups(GroupPaginationRequest request, List deviceGroupIds,
- int tenantId) throws GroupManagementDAOException {
+ int tenantId) throws GroupManagementDAOException {
int deviceGroupIdsCount = deviceGroupIds.size();
if (deviceGroupIdsCount == 0) {
return new ArrayList<>();
@@ -169,6 +169,73 @@ public abstract class AbstractGroupDAOImpl implements GroupDAO {
throw new GroupManagementDAOException(msg, e);
}
}
+ @Override
+ public List getGroups(GroupPaginationRequest request, List deviceGroupIds,
+ int tenantId, boolean isWithParentPath) throws GroupManagementDAOException {
+ int deviceGroupIdsCount = deviceGroupIds.size();
+ if (deviceGroupIdsCount == 0) {
+ return new ArrayList<>();
+ }
+
+ try {
+ Connection conn = GroupManagementDAOFactory.getConnection();
+ String sql = "SELECT ID, DESCRIPTION, GROUP_NAME, OWNER, STATUS, PARENT_PATH, PARENT_GROUP_ID FROM DM_GROUP WHERE TENANT_ID = ?";
+ if (StringUtils.isNotBlank(request.getGroupName())) {
+ sql += " AND GROUP_NAME LIKE ?";
+ }
+ if (StringUtils.isNotBlank(request.getOwner())) {
+ sql += " AND OWNER LIKE ?";
+ }
+ if (StringUtils.isNotBlank(request.getParentPath())) {
+ if(isWithParentPath){
+ sql += " AND PARENT_PATH LIKE ?";
+ }
+ }
+ sql += " AND ID IN (";
+ for (int i = 0; i < deviceGroupIdsCount; i++) {
+ sql += (deviceGroupIdsCount - 1 != i) ? "?," : "?";
+ }
+ sql += ")";
+ if (request.getRowCount() != 0) {
+ sql += " LIMIT ? OFFSET ?";
+ }
+
+ try (PreparedStatement stmt = conn.prepareStatement(sql)) {
+ int paramIndex = 1;
+ stmt.setInt(paramIndex++, tenantId);
+ if (StringUtils.isNotBlank(request.getGroupName())) {
+ stmt.setString(paramIndex++, request.getGroupName() + "%");
+ }
+ if (StringUtils.isNotBlank(request.getOwner())) {
+ stmt.setString(paramIndex++, request.getOwner() + "%");
+ }
+ if (StringUtils.isNotBlank(request.getParentPath())) {
+ if(isWithParentPath){
+ stmt.setString(paramIndex++, request.getParentPath());
+ }
+ }
+ for (Integer deviceGroupId : deviceGroupIds) {
+ stmt.setInt(paramIndex++, deviceGroupId);
+ }
+ if (request.getRowCount() != 0) {
+ stmt.setInt(paramIndex++, request.getRowCount());
+ stmt.setInt(paramIndex, request.getStartIndex());
+ }
+ List deviceGroupList = new ArrayList<>();
+ try (ResultSet resultSet = stmt.executeQuery()) {
+ while (resultSet.next()) {
+ deviceGroupList.add(GroupManagementDAOUtil.loadGroup(resultSet));
+ }
+ }
+ return deviceGroupList;
+ }
+ } catch (SQLException e) {
+ String msg = "Error occurred while retrieving groups of groups IDs " + deviceGroupIds.toString()
+ + " in tenant: " + tenantId;
+ log.error(msg);
+ throw new GroupManagementDAOException(msg, e);
+ }
+ }
@Override
public int addGroup(DeviceGroup deviceGroup, int tenantId) throws GroupManagementDAOException {
@@ -376,7 +443,7 @@ public abstract class AbstractGroupDAOImpl implements GroupDAO {
try {
Connection conn = GroupManagementDAOFactory.getConnection();
String sql = "UPDATE DM_GROUP SET DESCRIPTION = ?, GROUP_NAME = ?, OWNER = ?, STATUS = ?, "
- + "PARENT_PATH = ? WHERE ID = ? AND TENANT_ID = ?";
+ + "PARENT_PATH = ?, PARENT_GROUP_ID = ? WHERE ID = ? AND TENANT_ID = ?";
try (PreparedStatement stmt = conn.prepareStatement(sql)){
for (DeviceGroup deviceGroup : deviceGroups) {
stmt.setString(1, deviceGroup.getDescription());
@@ -384,8 +451,9 @@ public abstract class AbstractGroupDAOImpl implements GroupDAO {
stmt.setString(3, deviceGroup.getOwner());
stmt.setString(4, deviceGroup.getStatus());
stmt.setString(5, deviceGroup.getParentPath());
- stmt.setInt(6, deviceGroup.getGroupId());
- stmt.setInt(7, tenantId);
+ stmt.setInt(6, deviceGroup.getParentGroupId());
+ stmt.setInt(7, deviceGroup.getGroupId());
+ stmt.setInt(8, tenantId);
stmt.addBatch();
}
stmt.executeBatch();
@@ -1201,7 +1269,7 @@ public abstract class AbstractGroupDAOImpl implements GroupDAO {
}
- @Override
+ @Override
public List getAllDevicesOfGroup(String groupName, int tenantId) throws GroupManagementDAOException {
Connection conn;
List devices;
diff --git a/components/device-mgt/io.entgra.device.mgt.core.device.mgt.core/src/main/java/io/entgra/device/mgt/core/device/mgt/core/service/GroupManagementProviderServiceImpl.java b/components/device-mgt/io.entgra.device.mgt.core.device.mgt.core/src/main/java/io/entgra/device/mgt/core/device/mgt/core/service/GroupManagementProviderServiceImpl.java
index be1ad0d545..3b83d49c01 100644
--- a/components/device-mgt/io.entgra.device.mgt.core.device.mgt.core/src/main/java/io/entgra/device/mgt/core/device/mgt/core/service/GroupManagementProviderServiceImpl.java
+++ b/components/device-mgt/io.entgra.device.mgt.core.device.mgt.core/src/main/java/io/entgra/device/mgt/core/device/mgt/core/service/GroupManagementProviderServiceImpl.java
@@ -312,6 +312,13 @@ public class GroupManagementProviderServiceImpl implements GroupManagementProvid
newParentPath = DeviceGroupConstants.HierarchicalGroup.SEPERATOR;
}
childrenGroup.setParentPath(newParentPath);
+ if (!newParentPath.equals(DeviceGroupConstants.HierarchicalGroup.SEPERATOR)) {
+ String[] groupIds = newParentPath.split(DeviceGroupConstants.HierarchicalGroup.SEPERATOR);
+ int latestGroupId = Integer.parseInt(groupIds[groupIds.length - 1]);
+ childrenGroup.setParentGroupId(latestGroupId);
+ } else {
+ childrenGroup.setParentGroupId(0);
+ }
}
}
}
@@ -518,7 +525,7 @@ public class GroupManagementProviderServiceImpl implements GroupManagementProvid
@Override
public PaginationResult getGroupsWithHierarchy(String username, GroupPaginationRequest request,
- boolean requireGroupProps) throws GroupManagementException {
+ boolean requireGroupProps) throws GroupManagementException {
if (request == null) {
String msg = "Received incomplete data for retrieve groups with hierarchy";
log.error(msg);
@@ -527,6 +534,7 @@ public class GroupManagementProviderServiceImpl implements GroupManagementProvid
if (log.isDebugEnabled()) {
log.debug("Get groups with hierarchy " + request.toString());
}
+ boolean isWithParentPath = false;
DeviceManagerUtil.validateGroupListPageSize(request);
List rootGroups;
try {
@@ -538,7 +546,7 @@ public class GroupManagementProviderServiceImpl implements GroupManagementProvid
} else {
List allDeviceGroupIdsOfUser = getGroupIds(username);
GroupManagementDAOFactory.openConnection();
- rootGroups = this.groupDAO.getGroups(request, allDeviceGroupIdsOfUser, tenantId);
+ rootGroups = this.groupDAO.getGroups(request, allDeviceGroupIdsOfUser, tenantId, isWithParentPath);
}
String parentPath;
List childrenGroups;
@@ -1359,7 +1367,7 @@ public class GroupManagementProviderServiceImpl implements GroupManagementProvid
* @throws GroupManagementDAOException on error during population of group properties.
*/
private void createGroupWithChildren(DeviceGroup parentGroup, List childrenGroups,
- boolean requireGroupProps, int tenantId, int depth, int counter) throws GroupManagementDAOException {
+ boolean requireGroupProps, int tenantId, int depth, int counter) throws GroupManagementDAOException {
if (childrenGroups.isEmpty() || depth == counter) {
return;
}
From 3616245ae65dbcacf762ad8f14a9a887eed3f7f9 Mon Sep 17 00:00:00 2001
From: Nishan Sangeeth
Date: Wed, 28 Jun 2023 16:00:53 +0000
Subject: [PATCH 19/29] Improve app visibility restricting functionality
Co-authored-by: Nishan Sangeeth Co-committed-by: Nishan
Sangeeth
---
.../common/services/ApplicationManager.java | 1 +
.../mgt/core/impl/ApplicationManagerImpl.java | 45 ++++++++++++++++++-
.../application/mgt/core/util/APIUtil.java | 18 ++++++++
.../application/mgt/core/util/Constants.java | 3 +-
.../impl/RoleManagementServiceImpl.java | 24 +++++-----
.../device/mgt/api/jaxrs/util/Constants.java | 1 +
6 files changed, 80 insertions(+), 12 deletions(-)
diff --git a/components/application-mgt/io.entgra.device.mgt.core.application.mgt.common/src/main/java/io/entgra/device/mgt/core/application/mgt/common/services/ApplicationManager.java b/components/application-mgt/io.entgra.device.mgt.core.application.mgt.common/src/main/java/io/entgra/device/mgt/core/application/mgt/common/services/ApplicationManager.java
index 88a6912a7d..0c75b3b284 100644
--- a/components/application-mgt/io.entgra.device.mgt.core.application.mgt.common/src/main/java/io/entgra/device/mgt/core/application/mgt/common/services/ApplicationManager.java
+++ b/components/application-mgt/io.entgra.device.mgt.core.application.mgt.common/src/main/java/io/entgra/device/mgt/core/application/mgt/common/services/ApplicationManager.java
@@ -27,6 +27,7 @@ import io.entgra.device.mgt.core.application.mgt.common.response.Category;
import io.entgra.device.mgt.core.application.mgt.common.response.Tag;
import io.entgra.device.mgt.core.device.mgt.common.Base64File;
import io.entgra.device.mgt.core.application.mgt.common.dto.ApplicationDTO;
+import io.entgra.device.mgt.core.device.mgt.common.exceptions.MetadataManagementException;
import org.apache.cxf.jaxrs.ext.multipart.Attachment;
import io.entgra.device.mgt.core.application.mgt.common.ApplicationArtifact;
import io.entgra.device.mgt.core.application.mgt.common.LifecycleChanger;
diff --git a/components/application-mgt/io.entgra.device.mgt.core.application.mgt.core/src/main/java/io/entgra/device/mgt/core/application/mgt/core/impl/ApplicationManagerImpl.java b/components/application-mgt/io.entgra.device.mgt.core.application.mgt.core/src/main/java/io/entgra/device/mgt/core/application/mgt/core/impl/ApplicationManagerImpl.java
index 09644ff733..3bb8ba8260 100644
--- a/components/application-mgt/io.entgra.device.mgt.core.application.mgt.core/src/main/java/io/entgra/device/mgt/core/application/mgt/core/impl/ApplicationManagerImpl.java
+++ b/components/application-mgt/io.entgra.device.mgt.core.application.mgt.core/src/main/java/io/entgra/device/mgt/core/application/mgt/core/impl/ApplicationManagerImpl.java
@@ -22,6 +22,8 @@ import io.entgra.device.mgt.core.application.mgt.core.exception.BadRequestExcept
import io.entgra.device.mgt.core.device.mgt.common.Base64File;
import io.entgra.device.mgt.core.application.mgt.core.dao.SPApplicationDAO;
import io.entgra.device.mgt.core.application.mgt.core.util.ApplicationManagementUtil;
+import io.entgra.device.mgt.core.device.mgt.common.exceptions.MetadataManagementException;
+import io.entgra.device.mgt.core.device.mgt.common.metadata.mgt.Metadata;
import org.apache.commons.codec.digest.DigestUtils;
import org.apache.commons.io.IOUtils;
import org.apache.commons.lang.StringEscapeUtils;
@@ -30,6 +32,7 @@ import org.apache.commons.validator.routines.UrlValidator;
import org.apache.cxf.jaxrs.ext.multipart.Attachment;
import org.apache.commons.logging.Log;
import org.apache.commons.logging.LogFactory;
+import org.json.JSONObject;
import org.wso2.carbon.context.CarbonContext;
import org.wso2.carbon.context.PrivilegedCarbonContext;
import io.entgra.device.mgt.core.application.mgt.common.ApplicationArtifact;
@@ -95,6 +98,7 @@ import io.entgra.device.mgt.core.device.mgt.core.service.DeviceManagementProvide
import org.wso2.carbon.user.api.UserRealm;
import org.wso2.carbon.user.api.UserStoreException;
+import javax.ws.rs.core.Response;
import java.io.ByteArrayInputStream;
import java.io.IOException;
import java.io.InputStream;
@@ -1713,6 +1717,31 @@ public class ApplicationManagerImpl implements ApplicationManager {
}
}
+ /**
+ * Check whether valid metaData value or not
+ *
+ * @return true or false
+ * @throws MetadataManagementException If it is unable to load metaData
+ */
+ private boolean isUserAbleToViewAllRoles() throws MetadataManagementException {
+ List allMetadata;
+ allMetadata = APIUtil.getMetadataManagementService().retrieveAllMetadata();
+ if (allMetadata != null && !allMetadata.isEmpty()) {
+ for(Metadata metadata : allMetadata){
+ if(Constants.SHOW_ALL_ROLES.equals(metadata.getMetaKey())){
+ String metaValue = metadata.getMetaValue();
+ if (metaValue != null) {
+ JSONObject jsonObject;
+ jsonObject = new JSONObject(metaValue);
+ boolean isUserAbleToViewAllRoles = jsonObject.getBoolean(Constants.IS_USER_ABLE_TO_VIEW_ALL_ROLES);
+ return isUserAbleToViewAllRoles;
+ }
+ }
+ }
+ }
+ return false;
+ }
+
/**
* Get assigned role list of the given user.
*
@@ -3486,7 +3515,8 @@ public class ApplicationManagerImpl implements ApplicationManager {
}
@Override
- public void validateAppCreatingRequest(T param) throws ApplicationManagementException, RequestValidatingException {
+ public void validateAppCreatingRequest(T param)
+ throws ApplicationManagementException, RequestValidatingException {
int tenantId = PrivilegedCarbonContext.getThreadLocalCarbonContext().getTenantId(true);
String userName = PrivilegedCarbonContext.getThreadLocalCarbonContext().getUsername();
int deviceTypeId = -1;
@@ -3658,6 +3688,15 @@ public class ApplicationManagerImpl implements ApplicationManager {
log.error(msg);
throw new ApplicationManagementException(msg);
}
+ if (!isUserAbleToViewAllRoles()) {
+ if (!hasUserRole(unrestrictedRoles, userName)) {
+ String msg = "You are trying to restrict the visibility of the application for a role set, but "
+ + "in order to perform the action at least one role should be assigned to user: "
+ + userName;
+ log.error(msg);
+ throw new BadRequestException(msg);
+ }
+ }
}
Filter filter = new Filter();
@@ -3709,6 +3748,10 @@ public class ApplicationManagerImpl implements ApplicationManager {
String msg = "Error occurred when validating the unrestricted roles given for the web clip";
log.error(msg, e);
throw new ApplicationManagementException(msg, e);
+ } catch (MetadataManagementException e) {
+ String msg = "Error occurred while retrieving metadata list";
+ log.error(msg, e);
+ throw new ApplicationManagementException(msg, e);
} finally {
ConnectionManagerUtil.closeDBConnection();
}
diff --git a/components/application-mgt/io.entgra.device.mgt.core.application.mgt.core/src/main/java/io/entgra/device/mgt/core/application/mgt/core/util/APIUtil.java b/components/application-mgt/io.entgra.device.mgt.core.application.mgt.core/src/main/java/io/entgra/device/mgt/core/application/mgt/core/util/APIUtil.java
index b33fce5bf2..955a642b6f 100644
--- a/components/application-mgt/io.entgra.device.mgt.core.application.mgt.core/src/main/java/io/entgra/device/mgt/core/application/mgt/core/util/APIUtil.java
+++ b/components/application-mgt/io.entgra.device.mgt.core.application.mgt.core/src/main/java/io/entgra/device/mgt/core/application/mgt/core/util/APIUtil.java
@@ -26,6 +26,7 @@ import io.entgra.device.mgt.core.application.mgt.core.config.IdentityServiceProv
import io.entgra.device.mgt.core.application.mgt.core.serviceprovider.ISServiceProviderApplicationService;
import io.entgra.device.mgt.core.application.mgt.core.exception.BadRequestException;
import io.entgra.device.mgt.core.application.mgt.core.exception.UnexpectedServerErrorException;
+import io.entgra.device.mgt.core.device.mgt.common.metadata.mgt.MetadataManagementService;
import org.apache.commons.lang.StringUtils;
import org.apache.commons.logging.Log;
import org.apache.commons.logging.LogFactory;
@@ -71,6 +72,7 @@ public class APIUtil {
private static volatile SubscriptionManager subscriptionManager;
private static volatile ReviewManager reviewManager;
private static volatile AppmDataHandler appmDataHandler;
+ private static volatile MetadataManagementService metadataManagementService;
public static SPApplicationManager getSPApplicationManager() {
if (SPApplicationManager == null) {
@@ -523,4 +525,20 @@ public class APIUtil {
.getAppHashValue() + Constants.FORWARD_SLASH;
return basePath + Constants.ICON_ARTIFACT + Constants.FORWARD_SLASH + applicationReleaseDTO.getIconName();
}
+
+ public static MetadataManagementService getMetadataManagementService() {
+ if (metadataManagementService == null) {
+ synchronized (APIUtil.class) {
+ if (metadataManagementService == null) {
+ PrivilegedCarbonContext ctx = PrivilegedCarbonContext.getThreadLocalCarbonContext();
+ metadataManagementService = (MetadataManagementService) ctx.getOSGiService(
+ MetadataManagementService.class, null);
+ if (metadataManagementService == null) {
+ throw new IllegalStateException("Metadata Management service not initialized.");
+ }
+ }
+ }
+ }
+ return metadataManagementService;
+ }
}
diff --git a/components/application-mgt/io.entgra.device.mgt.core.application.mgt.core/src/main/java/io/entgra/device/mgt/core/application/mgt/core/util/Constants.java b/components/application-mgt/io.entgra.device.mgt.core.application.mgt.core/src/main/java/io/entgra/device/mgt/core/application/mgt/core/util/Constants.java
index 5864242acf..efd848cdb1 100644
--- a/components/application-mgt/io.entgra.device.mgt.core.application.mgt.core/src/main/java/io/entgra/device/mgt/core/application/mgt/core/util/Constants.java
+++ b/components/application-mgt/io.entgra.device.mgt.core.application.mgt.core/src/main/java/io/entgra/device/mgt/core/application/mgt/core/util/Constants.java
@@ -70,7 +70,8 @@ public class Constants {
public static final String ANY = "ANY";
public static final String DEFAULT_PCK_NAME = "default.app.com";
public static final String ALL = "ALL";
-
+ public static final String SHOW_ALL_ROLES = "SHOW_ALL_ROLES";
+ public static final String IS_USER_ABLE_TO_VIEW_ALL_ROLES = "isUserAbleToViewAllRoles";
public static final String GOOGLE_PLAY_STORE_URL = "https://play.google.com/store/apps/details?id=";
public static final String APPLE_STORE_URL = "https://itunes.apple.com/country/app/app-name/id";
diff --git a/components/device-mgt/io.entgra.device.mgt.core.device.mgt.api/src/main/java/io/entgra/device/mgt/core/device/mgt/api/jaxrs/service/impl/RoleManagementServiceImpl.java b/components/device-mgt/io.entgra.device.mgt.core.device.mgt.api/src/main/java/io/entgra/device/mgt/core/device/mgt/api/jaxrs/service/impl/RoleManagementServiceImpl.java
index 12b0b810da..099473ad0d 100644
--- a/components/device-mgt/io.entgra.device.mgt.core.device.mgt.api/src/main/java/io/entgra/device/mgt/core/device/mgt/api/jaxrs/service/impl/RoleManagementServiceImpl.java
+++ b/components/device-mgt/io.entgra.device.mgt.core.device.mgt.api/src/main/java/io/entgra/device/mgt/core/device/mgt/api/jaxrs/service/impl/RoleManagementServiceImpl.java
@@ -19,7 +19,6 @@ package io.entgra.device.mgt.core.device.mgt.api.jaxrs.service.impl;
import io.entgra.device.mgt.core.device.mgt.common.exceptions.MetadataManagementException;
import io.entgra.device.mgt.core.device.mgt.common.metadata.mgt.Metadata;
-import org.apache.axis2.databinding.types.xsd._boolean;
import org.apache.commons.logging.Log;
import org.json.simple.JSONObject;
import org.json.simple.parser.JSONParser;
@@ -110,8 +109,10 @@ public class RoleManagementServiceImpl implements RoleManagementService {
@QueryParam("filter") String filter,
@QueryParam("user-store") String userStore,
@HeaderParam("If-Modified-Since") String ifModifiedSince,
- @QueryParam("offset") int offset, @QueryParam("limit") int limit,
- @QueryParam("username") String username, @QueryParam("domain") String domain,
+ @QueryParam("offset") int offset,
+ @QueryParam("limit") int limit,
+ @QueryParam("username") String username,
+ @QueryParam("domain") String domain,
@PathParam("metaKey") String metaKey) {
RequestValidationUtil.validatePaginationParameters(offset, limit);
if (limit == 0){
@@ -128,13 +129,13 @@ public class RoleManagementServiceImpl implements RoleManagementService {
String metaValue = metadata.getMetaValue();
JSONParser parser = new JSONParser();
JSONObject jsonObject = (JSONObject) parser.parse(metaValue);
- boolean decision = (boolean) jsonObject.get("isUserAbleToViewAllRoles");
+ boolean decision = (boolean) jsonObject.get(Constants.IS_USER_ABLE_TO_VIEW_ALL_ROLES);
if (decision) {
- if(userStore == null || "".equals(userStore)){
+ if (userStore == null || "".equals(userStore)){
userStore = PRIMARY_USER_STORE;
}
- try{
- visibleRoles =getRolesFromUserStore(filter, userStore);
+ try {
+ visibleRoles = getRolesFromUserStore(filter, userStore);
visibleRoleList.setList(visibleRoles);
visibleRoles = FilteringUtil.getFilteredList(getRolesFromUserStore(filter, userStore), offset, limit);
@@ -148,7 +149,8 @@ public class RoleManagementServiceImpl implements RoleManagementService {
new ErrorResponse.ErrorResponseBuilder().setMessage(msg).build()).build();
}
} else {
- try{UserStoreManager userStoreManager = DeviceMgtAPIUtils.getUserStoreManager();
+ try {
+ UserStoreManager userStoreManager = DeviceMgtAPIUtils.getUserStoreManager();
if (!userStoreManager.isExistingUser(username)) {
if (log.isDebugEnabled()) {
log.debug("User by username: " + username + " does not exist for role retrieval.");
@@ -159,7 +161,7 @@ public class RoleManagementServiceImpl implements RoleManagementService {
visibleRoleList.setList(getFilteredVisibleRoles(userStoreManager, username));
return Response.status(Response.Status.OK).entity(visibleRoleList).build();
- }catch (UserStoreException e) {
+ } catch (UserStoreException e) {
String msg = "Error occurred while trying to retrieve roles of the user '" + username + "'";
log.error(msg, e);
return Response.serverError().entity(
@@ -171,7 +173,9 @@ public class RoleManagementServiceImpl implements RoleManagementService {
log.error(msg, e);
return Response.status(Response.Status.INTERNAL_SERVER_ERROR).entity(msg).build();
} catch (ParseException e) {
- throw new RuntimeException(e);
+ String msg = "Error occurred while parsing JSON metadata: " + e.getMessage();
+ log.error(msg, e);
+ return Response.status(Response.Status.BAD_REQUEST).entity(msg).build();
}
}
diff --git a/components/device-mgt/io.entgra.device.mgt.core.device.mgt.api/src/main/java/io/entgra/device/mgt/core/device/mgt/api/jaxrs/util/Constants.java b/components/device-mgt/io.entgra.device.mgt.core.device.mgt.api/src/main/java/io/entgra/device/mgt/core/device/mgt/api/jaxrs/util/Constants.java
index c9ad2e182e..02d332baf2 100644
--- a/components/device-mgt/io.entgra.device.mgt.core.device.mgt.api/src/main/java/io/entgra/device/mgt/core/device/mgt/api/jaxrs/util/Constants.java
+++ b/components/device-mgt/io.entgra.device.mgt.core.device.mgt.api/src/main/java/io/entgra/device/mgt/core/device/mgt/api/jaxrs/util/Constants.java
@@ -38,6 +38,7 @@ public class Constants {
public static final int DEFAULT_PAGE_LIMIT = 50;
public static final String FORWARD_SLASH = "/";
public static final String ANDROID = "android";
+ public static final String IS_USER_ABLE_TO_VIEW_ALL_ROLES = "isUserAbleToViewAllRoles";
public static final String ANDROID_POLICY_VALIDATOR = "io.entgra.proprietary.uem.platform.android." +
"core.polcy.AndroidPolicyPayloadValidator";
public static final String IOS = "ios";
From 8d9e3c8f5140da840cd9af841f38619b4b0bbdcc Mon Sep 17 00:00:00 2001
From: navodzoysa
Date: Thu, 29 Jun 2023 00:28:34 +0530
Subject: [PATCH 20/29] Remove reserved_user when fetching users
---
.../api/jaxrs/service/impl/UserManagementServiceImpl.java | 5 +++--
.../device/mgt/core/device/mgt/api/jaxrs/util/Constants.java | 3 ++-
2 files changed, 5 insertions(+), 3 deletions(-)
diff --git a/components/device-mgt/io.entgra.device.mgt.core.device.mgt.api/src/main/java/io/entgra/device/mgt/core/device/mgt/api/jaxrs/service/impl/UserManagementServiceImpl.java b/components/device-mgt/io.entgra.device.mgt.core.device.mgt.api/src/main/java/io/entgra/device/mgt/core/device/mgt/api/jaxrs/service/impl/UserManagementServiceImpl.java
index 29a64a9238..71528bf32d 100644
--- a/components/device-mgt/io.entgra.device.mgt.core.device.mgt.api/src/main/java/io/entgra/device/mgt/core/device/mgt/api/jaxrs/service/impl/UserManagementServiceImpl.java
+++ b/components/device-mgt/io.entgra.device.mgt.core.device.mgt.api/src/main/java/io/entgra/device/mgt/core/device/mgt/api/jaxrs/service/impl/UserManagementServiceImpl.java
@@ -455,7 +455,7 @@ public class UserManagementServiceImpl implements UserManagementService {
userList = new ArrayList<>(users.size());
BasicUserInfo user;
for (String username : users) {
- if (Constants.APIM_RESERVED_USER.equals(username)) {
+ if (Constants.APIM_RESERVED_USER.equals(username) || Constants.RESERVED_USER.equals(username)) {
continue;
}
user = getBasicUserInfo(username);
@@ -520,6 +520,7 @@ public class UserManagementServiceImpl implements UserManagementService {
}
if (commonUsers != null) {
commonUsers.remove(Constants.APIM_RESERVED_USER);
+ commonUsers.remove(Constants.RESERVED_USER);
}
if (!skipSearch(commonUsers) && StringUtils.isNotEmpty(firstName)) {
@@ -695,7 +696,7 @@ public class UserManagementServiceImpl implements UserManagementService {
userList = new ArrayList<>();
UserInfo user;
for (String username : users) {
- if (Constants.APIM_RESERVED_USER.equals(username)) {
+ if (Constants.APIM_RESERVED_USER.equals(username) || Constants.RESERVED_USER.equals(username)) {
continue;
}
user = new UserInfo();
diff --git a/components/device-mgt/io.entgra.device.mgt.core.device.mgt.api/src/main/java/io/entgra/device/mgt/core/device/mgt/api/jaxrs/util/Constants.java b/components/device-mgt/io.entgra.device.mgt.core.device.mgt.api/src/main/java/io/entgra/device/mgt/core/device/mgt/api/jaxrs/util/Constants.java
index 02d332baf2..0a9b6efa26 100644
--- a/components/device-mgt/io.entgra.device.mgt.core.device.mgt.api/src/main/java/io/entgra/device/mgt/core/device/mgt/api/jaxrs/util/Constants.java
+++ b/components/device-mgt/io.entgra.device.mgt.core.device.mgt.api/src/main/java/io/entgra/device/mgt/core/device/mgt/api/jaxrs/util/Constants.java
@@ -31,7 +31,8 @@ public class Constants {
public static final String USER_CLAIM_DEVICES = "http://wso2.org/claims/devices";
public static final String PRIMARY_USER_STORE = "PRIMARY";
public static final String APIM_RESERVED_USER = "apim_reserved_user";
- public static final String DEFAULT_STREAM_VERSION = "1.0.0";
+ public static final String RESERVED_USER = "reserved_user";
+ public static final String DEFAULT_STREAM_VERSION = "1.0.0";
public static final String SCOPE = "scope";
public static final String JDBC_USERSTOREMANAGER = "org.wso2.carbon.user.core.jdbc.JDBCUserStoreManager";
public static final String DEFAULT_SIMPLE_DATE_FORMAT = "EEE, d MMM yyyy HH:mm:ss Z";
From 87de656571a7d78284cd1e7baa837c9a2759dedf Mon Sep 17 00:00:00 2001
From: Kavin Prathaban
Date: Fri, 30 Jun 2023 06:32:38 +0000
Subject: [PATCH 21/29] Add footer config template
## Purpose
* Fixes https://roadmap.entgra.net/issues/10180
## Description
* cdm-config.xml.j2, cdm-config.xml templates are updated from hardcoded values to retrieve values from deployment.toml
* server_name, server_version and current_year are added as variables
* **Usage:** change deployment.toml values when a new version released. This will update the footer
## Related PRs
* https://repository.entgra.net/proprietary/product-uem/pulls/15
Co-authored-by: prathabanKavin
Reviewed-on: https://repository.entgra.net/community/device-mgt-core/pulls/160
Co-authored-by: Kavin Prathaban
Co-committed-by: Kavin Prathaban
---
.../src/main/resources/conf/cdm-config.xml | 2 +-
.../templates/repository/conf/cdm-config.xml.j2 | 16 ++++++++++------
2 files changed, 11 insertions(+), 7 deletions(-)
diff --git a/features/device-mgt/io.entgra.device.mgt.core.device.mgt.basics.feature/src/main/resources/conf/cdm-config.xml b/features/device-mgt/io.entgra.device.mgt.core.device.mgt.basics.feature/src/main/resources/conf/cdm-config.xml
index 3ce48daefe..c40cefc413 100644
--- a/features/device-mgt/io.entgra.device.mgt.core.device.mgt.basics.feature/src/main/resources/conf/cdm-config.xml
+++ b/features/device-mgt/io.entgra.device.mgt.core.device.mgt.basics.feature/src/main/resources/conf/cdm-config.xml
@@ -189,7 +189,7 @@
<a href='https://entgra.io' target='_blank'>
Entgra
</a>
- IoT Server 5.2.0 | © 2023
+ UEM Server 5.3.0 | © 2023
, All Rights Reserved.
Entgra
diff --git a/features/device-mgt/io.entgra.device.mgt.core.device.mgt.basics.feature/src/main/resources/conf_templates/templates/repository/conf/cdm-config.xml.j2 b/features/device-mgt/io.entgra.device.mgt.core.device.mgt.basics.feature/src/main/resources/conf_templates/templates/repository/conf/cdm-config.xml.j2
index 262761caec..2152b1814f 100644
--- a/features/device-mgt/io.entgra.device.mgt.core.device.mgt.basics.feature/src/main/resources/conf_templates/templates/repository/conf/cdm-config.xml.j2
+++ b/features/device-mgt/io.entgra.device.mgt.core.device.mgt.basics.feature/src/main/resources/conf_templates/templates/repository/conf/cdm-config.xml.j2
@@ -325,12 +325,16 @@
- <a href='https://entgra.io' target='_blank'>
- Entgra
- </a>
- IoT Server 5.2.0 | © 2023
- , All Rights Reserved.
-
+ <a href='https://entgra.io' target='_blank'>
+ Entgra
+ </a>
+ {% if product_conf is defined %}
+ {{product_conf.server_name}} {{product_conf.server_version}} | © {{product_conf.current_year}}
+ {% else %}
+ Entgra UEM Server
+ {% endif %}
+ , All Rights Reserved.
+
Entgra
repository/resources/whitelabel
From 39f5ee8ca391ce1bc45b909a2931c56ba213d7e7 Mon Sep 17 00:00:00 2001
From: ThilinaPremachandra
Date: Sat, 1 Jul 2023 21:06:29 +0530
Subject: [PATCH 22/29] fix: sub tenants grouping issue
---
.../admin/GroupManagementAdminServiceImpl.java | 14 ++++++++++++--
1 file changed, 12 insertions(+), 2 deletions(-)
diff --git a/components/device-mgt/io.entgra.device.mgt.core.device.mgt.api/src/main/java/io/entgra/device/mgt/core/device/mgt/api/jaxrs/service/impl/admin/GroupManagementAdminServiceImpl.java b/components/device-mgt/io.entgra.device.mgt.core.device.mgt.api/src/main/java/io/entgra/device/mgt/core/device/mgt/api/jaxrs/service/impl/admin/GroupManagementAdminServiceImpl.java
index 4495a3fe9c..656eb857bc 100644
--- a/components/device-mgt/io.entgra.device.mgt.core.device.mgt.api/src/main/java/io/entgra/device/mgt/core/device/mgt/api/jaxrs/service/impl/admin/GroupManagementAdminServiceImpl.java
+++ b/components/device-mgt/io.entgra.device.mgt.core.device.mgt.api/src/main/java/io/entgra/device/mgt/core/device/mgt/api/jaxrs/service/impl/admin/GroupManagementAdminServiceImpl.java
@@ -32,6 +32,7 @@ import io.entgra.device.mgt.core.device.mgt.api.jaxrs.service.api.admin.GroupMan
import io.entgra.device.mgt.core.device.mgt.api.jaxrs.service.impl.util.RequestValidationUtil;
import io.entgra.device.mgt.core.device.mgt.api.jaxrs.util.DeviceMgtAPIUtils;
import org.wso2.carbon.context.PrivilegedCarbonContext;
+import org.apache.commons.lang.StringUtils;
import javax.ws.rs.DefaultValue;
import javax.ws.rs.GET;
@@ -94,13 +95,22 @@ public class GroupManagementAdminServiceImpl implements GroupManagementAdminServ
@DefaultValue("5") @QueryParam("limit") int limit) {
try {
RequestValidationUtil.validatePaginationParameters(offset, limit);
+ String currentUser = PrivilegedCarbonContext.getThreadLocalCarbonContext().getUsername();
GroupPaginationRequest request = new GroupPaginationRequest(offset, limit);
request.setGroupName(name);
request.setOwner(owner);
request.setStatus(status);
request.setDepth(depth);
- PaginationResult deviceGroupsResult = DeviceMgtAPIUtils.getGroupManagementProviderService()
- .getGroupsWithHierarchy(null, request, requireGroupProps);
+
+ PaginationResult deviceGroupsResult;
+ if (StringUtils.isBlank(currentUser)) {
+ deviceGroupsResult = DeviceMgtAPIUtils.getGroupManagementProviderService()
+ .getGroupsWithHierarchy(null, request, requireGroupProps);
+ } else {
+ deviceGroupsResult = DeviceMgtAPIUtils.getGroupManagementProviderService()
+ .getGroupsWithHierarchy(currentUser, request, requireGroupProps);
+ }
+
DeviceGroupList deviceGroupList = new DeviceGroupList();
deviceGroupList.setList(deviceGroupsResult.getData());
deviceGroupList.setCount(deviceGroupsResult.getRecordsTotal());
From aecc106f95319fb73d216c6ff0197b94f8a540b1 Mon Sep 17 00:00:00 2001
From: ThilinaPremachandra
Date: Sun, 2 Jul 2023 01:23:13 +0530
Subject: [PATCH 23/29] add: super-tenant admin check
---
.../service/impl/admin/GroupManagementAdminServiceImpl.java | 3 ++-
1 file changed, 2 insertions(+), 1 deletion(-)
diff --git a/components/device-mgt/io.entgra.device.mgt.core.device.mgt.api/src/main/java/io/entgra/device/mgt/core/device/mgt/api/jaxrs/service/impl/admin/GroupManagementAdminServiceImpl.java b/components/device-mgt/io.entgra.device.mgt.core.device.mgt.api/src/main/java/io/entgra/device/mgt/core/device/mgt/api/jaxrs/service/impl/admin/GroupManagementAdminServiceImpl.java
index 656eb857bc..3e8df2c98a 100644
--- a/components/device-mgt/io.entgra.device.mgt.core.device.mgt.api/src/main/java/io/entgra/device/mgt/core/device/mgt/api/jaxrs/service/impl/admin/GroupManagementAdminServiceImpl.java
+++ b/components/device-mgt/io.entgra.device.mgt.core.device.mgt.api/src/main/java/io/entgra/device/mgt/core/device/mgt/api/jaxrs/service/impl/admin/GroupManagementAdminServiceImpl.java
@@ -101,9 +101,10 @@ public class GroupManagementAdminServiceImpl implements GroupManagementAdminServ
request.setOwner(owner);
request.setStatus(status);
request.setDepth(depth);
+ boolean isAdmin = DEFAULT_ADMIN_ROLE.equals(currentUser);
PaginationResult deviceGroupsResult;
- if (StringUtils.isBlank(currentUser)) {
+ if (StringUtils.isBlank(currentUser) || isAdmin) {
deviceGroupsResult = DeviceMgtAPIUtils.getGroupManagementProviderService()
.getGroupsWithHierarchy(null, request, requireGroupProps);
} else {
From 6d012bc614a7a31d72d948fd0bc65325f2ece7c3 Mon Sep 17 00:00:00 2001
From: ThilinaPremachandra
Date: Mon, 3 Jul 2023 18:53:34 +0530
Subject: [PATCH 24/29] fix: group assigned role issue
---
.../impl/GroupManagementServiceImpl.java | 22 +++++++++++++++++--
.../GroupManagementAdminServiceImpl.java | 16 +++++++++++---
2 files changed, 33 insertions(+), 5 deletions(-)
diff --git a/components/device-mgt/io.entgra.device.mgt.core.device.mgt.api/src/main/java/io/entgra/device/mgt/core/device/mgt/api/jaxrs/service/impl/GroupManagementServiceImpl.java b/components/device-mgt/io.entgra.device.mgt.core.device.mgt.api/src/main/java/io/entgra/device/mgt/core/device/mgt/api/jaxrs/service/impl/GroupManagementServiceImpl.java
index 1c077c00a5..6c75b3fb5e 100644
--- a/components/device-mgt/io.entgra.device.mgt.core.device.mgt.api/src/main/java/io/entgra/device/mgt/core/device/mgt/api/jaxrs/service/impl/GroupManagementServiceImpl.java
+++ b/components/device-mgt/io.entgra.device.mgt.core.device.mgt.api/src/main/java/io/entgra/device/mgt/core/device/mgt/api/jaxrs/service/impl/GroupManagementServiceImpl.java
@@ -29,6 +29,7 @@ import io.entgra.device.mgt.core.device.mgt.common.group.mgt.RoleDoesNotExistExc
import org.apache.commons.logging.Log;
import org.apache.commons.logging.LogFactory;
import org.wso2.carbon.CarbonConstants;
+import org.wso2.carbon.context.CarbonContext;
import org.wso2.carbon.context.PrivilegedCarbonContext;
import io.entgra.device.mgt.core.device.mgt.common.Device;
import io.entgra.device.mgt.core.device.mgt.common.DeviceIdentifier;
@@ -48,6 +49,8 @@ import io.entgra.device.mgt.core.device.mgt.api.jaxrs.service.impl.util.RequestV
import io.entgra.device.mgt.core.device.mgt.api.jaxrs.util.DeviceMgtAPIUtils;
import io.entgra.device.mgt.core.policy.mgt.common.PolicyAdministratorPoint;
import io.entgra.device.mgt.core.policy.mgt.common.PolicyManagementException;
+import org.wso2.carbon.user.api.UserRealm;
+import org.wso2.carbon.user.api.UserStoreException;
import javax.ws.rs.DefaultValue;
import javax.ws.rs.GET;
@@ -56,6 +59,7 @@ import javax.ws.rs.Path;
import javax.ws.rs.QueryParam;
import javax.ws.rs.core.Response;
import java.util.ArrayList;
+import java.util.Arrays;
import java.util.List;
public class GroupManagementServiceImpl implements GroupManagementService {
@@ -109,8 +113,18 @@ public class GroupManagementServiceImpl implements GroupManagementService {
request.setGroupName(name);
request.setOwner(owner);
request.setDepth(depth);
- PaginationResult deviceGroupsResult = DeviceMgtAPIUtils.getGroupManagementProviderService()
- .getGroupsWithHierarchy(currentUser, request, requireGroupProps);
+ int tenantId = CarbonContext.getThreadLocalCarbonContext().getTenantId();
+ UserRealm realmService = DeviceMgtAPIUtils.getRealmService().getTenantUserRealm(tenantId);
+ String[] roles = realmService.getUserStoreManager().getRoleListOfUser(currentUser);
+ boolean hasAdminRole = Arrays.asList(roles).contains(DEFAULT_ADMIN_ROLE);
+ PaginationResult deviceGroupsResult;
+ if (hasAdminRole) {
+ deviceGroupsResult = DeviceMgtAPIUtils.getGroupManagementProviderService()
+ .getGroupsWithHierarchy(null, request, requireGroupProps);
+ } else{
+ deviceGroupsResult = DeviceMgtAPIUtils.getGroupManagementProviderService()
+ .getGroupsWithHierarchy(currentUser, request, requireGroupProps);
+ }
DeviceGroupList deviceGroupList = new DeviceGroupList();
deviceGroupList.setList(deviceGroupsResult.getData());
deviceGroupList.setCount(deviceGroupsResult.getRecordsTotal());
@@ -119,6 +133,10 @@ public class GroupManagementServiceImpl implements GroupManagementService {
String error = "Error occurred while retrieving groups with hierarchy.";
log.error(error, e);
return Response.status(Response.Status.INTERNAL_SERVER_ERROR).entity(error).build();
+ } catch (UserStoreException e) {
+ String msg = "Error occurred while getting user realm.";
+ log.error(msg, e);
+ return Response.status(Response.Status.INTERNAL_SERVER_ERROR).entity(msg).build();
}
}
diff --git a/components/device-mgt/io.entgra.device.mgt.core.device.mgt.api/src/main/java/io/entgra/device/mgt/core/device/mgt/api/jaxrs/service/impl/admin/GroupManagementAdminServiceImpl.java b/components/device-mgt/io.entgra.device.mgt.core.device.mgt.api/src/main/java/io/entgra/device/mgt/core/device/mgt/api/jaxrs/service/impl/admin/GroupManagementAdminServiceImpl.java
index 3e8df2c98a..e9277825ed 100644
--- a/components/device-mgt/io.entgra.device.mgt.core.device.mgt.api/src/main/java/io/entgra/device/mgt/core/device/mgt/api/jaxrs/service/impl/admin/GroupManagementAdminServiceImpl.java
+++ b/components/device-mgt/io.entgra.device.mgt.core.device.mgt.api/src/main/java/io/entgra/device/mgt/core/device/mgt/api/jaxrs/service/impl/admin/GroupManagementAdminServiceImpl.java
@@ -31,8 +31,11 @@ import io.entgra.device.mgt.core.device.mgt.api.jaxrs.beans.DeviceGroupList;
import io.entgra.device.mgt.core.device.mgt.api.jaxrs.service.api.admin.GroupManagementAdminService;
import io.entgra.device.mgt.core.device.mgt.api.jaxrs.service.impl.util.RequestValidationUtil;
import io.entgra.device.mgt.core.device.mgt.api.jaxrs.util.DeviceMgtAPIUtils;
+import org.wso2.carbon.context.CarbonContext;
import org.wso2.carbon.context.PrivilegedCarbonContext;
import org.apache.commons.lang.StringUtils;
+import org.wso2.carbon.user.api.UserRealm;
+import org.wso2.carbon.user.api.UserStoreException;
import javax.ws.rs.DefaultValue;
import javax.ws.rs.GET;
@@ -41,6 +44,7 @@ import javax.ws.rs.Path;
import javax.ws.rs.QueryParam;
import javax.ws.rs.core.Response;
import java.util.ArrayList;
+import java.util.Arrays;
public class GroupManagementAdminServiceImpl implements GroupManagementAdminService {
@@ -101,17 +105,19 @@ public class GroupManagementAdminServiceImpl implements GroupManagementAdminServ
request.setOwner(owner);
request.setStatus(status);
request.setDepth(depth);
+ int tenantId = CarbonContext.getThreadLocalCarbonContext().getTenantId();
+ UserRealm realmService = DeviceMgtAPIUtils.getRealmService().getTenantUserRealm(tenantId);
+ String[] roles = realmService.getUserStoreManager().getRoleListOfUser(currentUser);
boolean isAdmin = DEFAULT_ADMIN_ROLE.equals(currentUser);
-
+ boolean hasAdminRole = Arrays.asList(roles).contains(DEFAULT_ADMIN_ROLE);
PaginationResult deviceGroupsResult;
- if (StringUtils.isBlank(currentUser) || isAdmin) {
+ if (StringUtils.isBlank(currentUser) || isAdmin || hasAdminRole) {
deviceGroupsResult = DeviceMgtAPIUtils.getGroupManagementProviderService()
.getGroupsWithHierarchy(null, request, requireGroupProps);
} else {
deviceGroupsResult = DeviceMgtAPIUtils.getGroupManagementProviderService()
.getGroupsWithHierarchy(currentUser, request, requireGroupProps);
}
-
DeviceGroupList deviceGroupList = new DeviceGroupList();
deviceGroupList.setList(deviceGroupsResult.getData());
deviceGroupList.setCount(deviceGroupsResult.getRecordsTotal());
@@ -120,6 +126,10 @@ public class GroupManagementAdminServiceImpl implements GroupManagementAdminServ
String error = "Error occurred while retrieving groups with hierarchy.";
log.error(error, e);
return Response.status(Response.Status.INTERNAL_SERVER_ERROR).entity(error).build();
+ } catch (UserStoreException e) {
+ String msg = "Error occurred while getting user realm.";
+ log.error(msg, e);
+ return Response.status(Response.Status.INTERNAL_SERVER_ERROR).entity(msg).build();
}
}
From 5818a5eaed7123c95ab824feb25f7b1e58cc8f33 Mon Sep 17 00:00:00 2001
From: rajitha
Date: Tue, 4 Jul 2023 18:37:39 +0530
Subject: [PATCH 25/29] Fix transaction initiating issue
---
.../device/mgt/core/operation/mgt/OperationManagerImpl.java | 6 ++++++
1 file changed, 6 insertions(+)
diff --git a/components/device-mgt/io.entgra.device.mgt.core.device.mgt.core/src/main/java/io/entgra/device/mgt/core/device/mgt/core/operation/mgt/OperationManagerImpl.java b/components/device-mgt/io.entgra.device.mgt.core.device.mgt.core/src/main/java/io/entgra/device/mgt/core/device/mgt/core/operation/mgt/OperationManagerImpl.java
index 51b93d5fdd..d3137c006f 100644
--- a/components/device-mgt/io.entgra.device.mgt.core.device.mgt.core/src/main/java/io/entgra/device/mgt/core/device/mgt/core/operation/mgt/OperationManagerImpl.java
+++ b/components/device-mgt/io.entgra.device.mgt.core.device.mgt.core/src/main/java/io/entgra/device/mgt/core/device/mgt/core/operation/mgt/OperationManagerImpl.java
@@ -480,6 +480,7 @@ public class OperationManagerImpl implements OperationManager {
int failAttempts = 0;
while (true) {
try {
+ OperationManagementDAOFactory.beginTransaction();
operationMappingDAO.updateOperationMapping(operation.getId(), device.getEnrolmentInfo().getId(),
io.entgra.device.mgt.core.device.mgt.core.dto.operation.mgt.Operation.PushNotificationStatus.SCHEDULED);
OperationManagementDAOFactory.commitTransaction();
@@ -502,6 +503,11 @@ public class OperationManagerImpl implements OperationManager {
} catch (InterruptedException ignore) {
break;
}
+ } catch (TransactionManagementException ex) {
+ log.error("Error occurred while initiating the transaction", ex);
+ break;
+ } finally {
+ OperationManagementDAOFactory.closeConnection();
}
}
} catch (Exception e) {
From 67cdcede699fa541495557db32a6cb5a6f091570 Mon Sep 17 00:00:00 2001
From: rajitha
Date: Wed, 5 Jul 2023 20:01:06 +0530
Subject: [PATCH 26/29] Fix realm service unbinding issues
---
.../APIApplicationManagerExtensionDataHolder.java | 13 +++++++------
.../publisher/internal/APIPublisherDataHolder.java | 13 +++++++------
.../internal/JWTClientExtensionDataHolder.java | 13 +++++++------
3 files changed, 21 insertions(+), 18 deletions(-)
diff --git a/components/apimgt-extensions/io.entgra.device.mgt.core.apimgt.application.extension/src/main/java/io/entgra/device/mgt/core/apimgt/application/extension/internal/APIApplicationManagerExtensionDataHolder.java b/components/apimgt-extensions/io.entgra.device.mgt.core.apimgt.application.extension/src/main/java/io/entgra/device/mgt/core/apimgt/application/extension/internal/APIApplicationManagerExtensionDataHolder.java
index 8a4cf4f1a6..299184c946 100644
--- a/components/apimgt-extensions/io.entgra.device.mgt.core.apimgt.application.extension/src/main/java/io/entgra/device/mgt/core/apimgt/application/extension/internal/APIApplicationManagerExtensionDataHolder.java
+++ b/components/apimgt-extensions/io.entgra.device.mgt.core.apimgt.application.extension/src/main/java/io/entgra/device/mgt/core/apimgt/application/extension/internal/APIApplicationManagerExtensionDataHolder.java
@@ -62,17 +62,18 @@ public class APIApplicationManagerExtensionDataHolder {
public void setRealmService(RealmService realmService) {
this.realmService = realmService;
- this.setTenantManager(realmService);
+ setTenantManager(realmService != null ?
+ realmService.getTenantManager() : null);
}
- private void setTenantManager(RealmService realmService) {
- if (realmService == null) {
- throw new IllegalStateException("Realm service is not initialized properly");
- }
- this.tenantManager = realmService.getTenantManager();
+ private void setTenantManager(TenantManager tenantManager) {
+ this.tenantManager = tenantManager;
}
public TenantManager getTenantManager() {
+ if (tenantManager == null) {
+ throw new IllegalStateException("Tenant manager is not initialized properly");
+ }
return tenantManager;
}
diff --git a/components/apimgt-extensions/io.entgra.device.mgt.core.apimgt.webapp.publisher/src/main/java/io/entgra/device/mgt/core/apimgt/webapp/publisher/internal/APIPublisherDataHolder.java b/components/apimgt-extensions/io.entgra.device.mgt.core.apimgt.webapp.publisher/src/main/java/io/entgra/device/mgt/core/apimgt/webapp/publisher/internal/APIPublisherDataHolder.java
index baff1848ed..bc7b8af32c 100644
--- a/components/apimgt-extensions/io.entgra.device.mgt.core.apimgt.webapp.publisher/src/main/java/io/entgra/device/mgt/core/apimgt/webapp/publisher/internal/APIPublisherDataHolder.java
+++ b/components/apimgt-extensions/io.entgra.device.mgt.core.apimgt.webapp.publisher/src/main/java/io/entgra/device/mgt/core/apimgt/webapp/publisher/internal/APIPublisherDataHolder.java
@@ -75,17 +75,18 @@ public class APIPublisherDataHolder {
public void setRealmService(RealmService realmService) {
this.realmService = realmService;
- this.setTenantManager(realmService);
+ setTenantManager(realmService != null ?
+ realmService.getTenantManager() : null);
}
- private void setTenantManager(RealmService realmService) {
- if (realmService == null) {
- throw new IllegalStateException("Realm service is not initialized properly");
- }
- this.tenantManager = realmService.getTenantManager();
+ private void setTenantManager(TenantManager tenantManager) {
+ this.tenantManager = tenantManager;
}
public TenantManager getTenantManager() {
+ if (tenantManager == null) {
+ throw new IllegalStateException("Tenant manager is not initialized properly");
+ }
return tenantManager;
}
diff --git a/components/identity-extensions/io.entgra.device.mgt.core.identity.jwt.client.extension/src/main/java/io/entgra/device/mgt/core/identity/jwt/client/extension/internal/JWTClientExtensionDataHolder.java b/components/identity-extensions/io.entgra.device.mgt.core.identity.jwt.client.extension/src/main/java/io/entgra/device/mgt/core/identity/jwt/client/extension/internal/JWTClientExtensionDataHolder.java
index 7d253b2333..cd3999c9bf 100644
--- a/components/identity-extensions/io.entgra.device.mgt.core.identity.jwt.client.extension/src/main/java/io/entgra/device/mgt/core/identity/jwt/client/extension/internal/JWTClientExtensionDataHolder.java
+++ b/components/identity-extensions/io.entgra.device.mgt.core.identity.jwt.client.extension/src/main/java/io/entgra/device/mgt/core/identity/jwt/client/extension/internal/JWTClientExtensionDataHolder.java
@@ -74,17 +74,18 @@ public class JWTClientExtensionDataHolder {
public void setRealmService(RealmService realmService) {
this.realmService = realmService;
- this.setTenantManager(realmService);
+ setTenantManager(realmService != null ?
+ realmService.getTenantManager() : null);
}
- private void setTenantManager(RealmService realmService) {
- if (realmService == null) {
- throw new IllegalStateException("Realm service is not initialized properly");
- }
- this.tenantManager = realmService.getTenantManager();
+ private void setTenantManager(TenantManager tenantManager) {
+ this.tenantManager = tenantManager;
}
public TenantManager getTenantManager() {
+ if (tenantManager == null) {
+ throw new IllegalStateException("Tenant manager is not initialized properly");
+ }
return tenantManager;
}
}
From 38b8c8d7b18009171cd00538ccb151de1e3b1a2c Mon Sep 17 00:00:00 2001
From: Thilina Sandaruwan
Date: Mon, 10 Jul 2023 07:46:21 +0000
Subject: [PATCH 27/29] Grouping Improvements (#169)
Purpose
After deleting a role, delete relevant records from DM_ROLE_GROUP_MAP table
Related tickets: https://roadmap.entgra.net/issues/9528 and https://roadmap.entgra.net/issues/9529
Co-authored-by: ThilinaPremachandra
Reviewed-on: https://repository.entgra.net/community/device-mgt-core/pulls/169
Co-authored-by: Thilina Sandaruwan
Co-committed-by: Thilina Sandaruwan
---
.../impl/GroupManagementServiceImpl.java | 4 +-
.../impl/RoleManagementServiceImpl.java | 13 ++++--
.../GroupManagementAdminServiceImpl.java | 4 +-
.../core/device/mgt/core/dao/GroupDAO.java | 9 ++++
.../core/dao/impl/AbstractGroupDAOImpl.java | 17 ++++++++
.../GroupManagementProviderService.java | 16 ++++++-
.../GroupManagementProviderServiceImpl.java | 42 ++++++++++++++++---
7 files changed, 91 insertions(+), 14 deletions(-)
diff --git a/components/device-mgt/io.entgra.device.mgt.core.device.mgt.api/src/main/java/io/entgra/device/mgt/core/device/mgt/api/jaxrs/service/impl/GroupManagementServiceImpl.java b/components/device-mgt/io.entgra.device.mgt.core.device.mgt.api/src/main/java/io/entgra/device/mgt/core/device/mgt/api/jaxrs/service/impl/GroupManagementServiceImpl.java
index 6c75b3fb5e..de2991e7a7 100644
--- a/components/device-mgt/io.entgra.device.mgt.core.device.mgt.api/src/main/java/io/entgra/device/mgt/core/device/mgt/api/jaxrs/service/impl/GroupManagementServiceImpl.java
+++ b/components/device-mgt/io.entgra.device.mgt.core.device.mgt.api/src/main/java/io/entgra/device/mgt/core/device/mgt/api/jaxrs/service/impl/GroupManagementServiceImpl.java
@@ -475,8 +475,8 @@ public class GroupManagementServiceImpl implements GroupManagementService {
log.error(msg, e);
return Response.status(Response.Status.INTERNAL_SERVER_ERROR).entity(msg).build();
} catch (GroupAlreadyExistException e) {
- String msg = "Group already exists with name : " + groups.getName() + ".";
- log.warn(msg);
+ String msg = "Group already exists with name : " + groups.getName() + " Try with another group name.";
+ log.error(msg, e);
return Response.status(Response.Status.CONFLICT).entity(msg).build();
} catch (RoleDoesNotExistException e) {
return Response.status(Response.Status.BAD_REQUEST).entity(e.getMessage()).build();
diff --git a/components/device-mgt/io.entgra.device.mgt.core.device.mgt.api/src/main/java/io/entgra/device/mgt/core/device/mgt/api/jaxrs/service/impl/RoleManagementServiceImpl.java b/components/device-mgt/io.entgra.device.mgt.core.device.mgt.api/src/main/java/io/entgra/device/mgt/core/device/mgt/api/jaxrs/service/impl/RoleManagementServiceImpl.java
index 099473ad0d..077e814fe7 100644
--- a/components/device-mgt/io.entgra.device.mgt.core.device.mgt.api/src/main/java/io/entgra/device/mgt/core/device/mgt/api/jaxrs/service/impl/RoleManagementServiceImpl.java
+++ b/components/device-mgt/io.entgra.device.mgt.core.device.mgt.api/src/main/java/io/entgra/device/mgt/core/device/mgt/api/jaxrs/service/impl/RoleManagementServiceImpl.java
@@ -18,6 +18,7 @@
package io.entgra.device.mgt.core.device.mgt.api.jaxrs.service.impl;
import io.entgra.device.mgt.core.device.mgt.common.exceptions.MetadataManagementException;
+import io.entgra.device.mgt.core.device.mgt.common.group.mgt.GroupManagementException;
import io.entgra.device.mgt.core.device.mgt.common.metadata.mgt.Metadata;
import org.apache.commons.logging.Log;
import org.json.simple.JSONObject;
@@ -637,6 +638,7 @@ public class RoleManagementServiceImpl implements RoleManagementService {
@Consumes(MediaType.WILDCARD)
@Override
public Response deleteRole(@PathParam("roleName") String roleName, @QueryParam("user-store") String userStoreName) {
+ String roleToDelete = roleName;
if (userStoreName != null && !userStoreName.isEmpty()) {
roleName = userStoreName + "/" + roleName;
}
@@ -644,6 +646,7 @@ public class RoleManagementServiceImpl implements RoleManagementService {
try {
final UserRealm userRealm = DeviceMgtAPIUtils.getUserRealm();
final UserStoreManager userStoreManager = userRealm.getUserStoreManager();
+ int tenantId = CarbonContext.getThreadLocalCarbonContext().getTenantId();
if (!userStoreManager.isExistingRole(roleName)) {
String msg = "No role exists with the name : " + roleName ;
return Response.status(404).entity(msg).build();
@@ -653,16 +656,18 @@ public class RoleManagementServiceImpl implements RoleManagementService {
if (log.isDebugEnabled()) {
log.debug("Deleting the role in user store");
}
- userStoreManager.deleteRole(roleName);
- // Delete all authorizations for the current role before deleting
- authorizationManager.clearRoleAuthorization(roleName);
-
+ DeviceMgtAPIUtils.getGroupManagementProviderService().deleteRoleAndRoleGroupMapping(roleName, roleToDelete, tenantId, userStoreManager, authorizationManager);
return Response.status(Response.Status.OK).build();
} catch (UserStoreException e) {
String msg = "Error occurred while deleting the role '" + roleName + "'";
log.error(msg, e);
return Response.serverError().entity(
new ErrorResponse.ErrorResponseBuilder().setMessage(msg).build()).build();
+ } catch (GroupManagementException e) {
+ String msg = "Error occurred while deleting group-role mapping records";
+ log.error(msg, e);
+ return Response.serverError().entity(
+ new ErrorResponse.ErrorResponseBuilder().setMessage(msg).build()).build();
}
}
diff --git a/components/device-mgt/io.entgra.device.mgt.core.device.mgt.api/src/main/java/io/entgra/device/mgt/core/device/mgt/api/jaxrs/service/impl/admin/GroupManagementAdminServiceImpl.java b/components/device-mgt/io.entgra.device.mgt.core.device.mgt.api/src/main/java/io/entgra/device/mgt/core/device/mgt/api/jaxrs/service/impl/admin/GroupManagementAdminServiceImpl.java
index e9277825ed..00d2e1cbaf 100644
--- a/components/device-mgt/io.entgra.device.mgt.core.device.mgt.api/src/main/java/io/entgra/device/mgt/core/device/mgt/api/jaxrs/service/impl/admin/GroupManagementAdminServiceImpl.java
+++ b/components/device-mgt/io.entgra.device.mgt.core.device.mgt.api/src/main/java/io/entgra/device/mgt/core/device/mgt/api/jaxrs/service/impl/admin/GroupManagementAdminServiceImpl.java
@@ -187,8 +187,8 @@ public class GroupManagementAdminServiceImpl implements GroupManagementAdminServ
log.error(msg, e);
return Response.status(Response.Status.INTERNAL_SERVER_ERROR).entity(msg).build();
} catch (GroupAlreadyExistException e) {
- String msg = "Group already exists with name : " + group.getName() + ".";
- log.warn(msg);
+ String msg = "Group already exists with name : " + group.getName() + " Try with another group name.";
+ log.error(msg, e);
return Response.status(Response.Status.CONFLICT).entity(msg).build();
} catch (RoleDoesNotExistException e) {
return Response.status(Response.Status.BAD_REQUEST).entity(e.getMessage()).build();
diff --git a/components/device-mgt/io.entgra.device.mgt.core.device.mgt.core/src/main/java/io/entgra/device/mgt/core/device/mgt/core/dao/GroupDAO.java b/components/device-mgt/io.entgra.device.mgt.core.device.mgt.core/src/main/java/io/entgra/device/mgt/core/device/mgt/core/dao/GroupDAO.java
index fe639e63e1..e339437cb7 100644
--- a/components/device-mgt/io.entgra.device.mgt.core.device.mgt.core/src/main/java/io/entgra/device/mgt/core/device/mgt/core/dao/GroupDAO.java
+++ b/components/device-mgt/io.entgra.device.mgt.core.device.mgt.core/src/main/java/io/entgra/device/mgt/core/device/mgt/core/dao/GroupDAO.java
@@ -156,6 +156,15 @@ public interface GroupDAO {
*/
void deleteGroupsMapping(List groupIds, int tenantId) throws GroupManagementDAOException;
+ /**
+ * Delete mappings of Device Groups.
+ *
+ * @param role of Device Groups.
+ * @param tenantId of the role.
+ * @throws GroupManagementDAOException on error during deletion of mappings of groups
+ */
+ void deleteGroupsMapping(String role, int tenantId) throws GroupManagementDAOException;
+
/**
* Delete existing Device Groups.
*
diff --git a/components/device-mgt/io.entgra.device.mgt.core.device.mgt.core/src/main/java/io/entgra/device/mgt/core/device/mgt/core/dao/impl/AbstractGroupDAOImpl.java b/components/device-mgt/io.entgra.device.mgt.core.device.mgt.core/src/main/java/io/entgra/device/mgt/core/device/mgt/core/dao/impl/AbstractGroupDAOImpl.java
index 480bc735b0..1dddaa093c 100644
--- a/components/device-mgt/io.entgra.device.mgt.core.device.mgt.core/src/main/java/io/entgra/device/mgt/core/device/mgt/core/dao/impl/AbstractGroupDAOImpl.java
+++ b/components/device-mgt/io.entgra.device.mgt.core.device.mgt.core/src/main/java/io/entgra/device/mgt/core/device/mgt/core/dao/impl/AbstractGroupDAOImpl.java
@@ -544,6 +544,23 @@ public abstract class AbstractGroupDAOImpl implements GroupDAO {
}
}
+ @Override
+ public void deleteGroupsMapping(String role, int tenantId) throws GroupManagementDAOException {
+
+ try {
+ Connection conn = GroupManagementDAOFactory.getConnection();
+ String sql = "DELETE FROM DM_ROLE_GROUP_MAP WHERE ROLE = ? AND TENANT_ID = ?";
+ try (PreparedStatement stmt = conn.prepareStatement(sql)) {
+ stmt.setString(1, role);
+ stmt.setInt(2, tenantId);
+ stmt.executeUpdate();
+ }
+ } catch (SQLException e) {
+ String msg = "Error occurred while removing record from group-role mapping.";
+ log.error(msg);
+ throw new GroupManagementDAOException(msg, e);
+ }
+ }
@Override
public void deleteGroups(List groupIds, int tenantId) throws GroupManagementDAOException {
try {
diff --git a/components/device-mgt/io.entgra.device.mgt.core.device.mgt.core/src/main/java/io/entgra/device/mgt/core/device/mgt/core/service/GroupManagementProviderService.java b/components/device-mgt/io.entgra.device.mgt.core.device.mgt.core/src/main/java/io/entgra/device/mgt/core/device/mgt/core/service/GroupManagementProviderService.java
index 153b97b5bf..20d9bbd386 100644
--- a/components/device-mgt/io.entgra.device.mgt.core.device.mgt.core/src/main/java/io/entgra/device/mgt/core/device/mgt/core/service/GroupManagementProviderService.java
+++ b/components/device-mgt/io.entgra.device.mgt.core.device.mgt.core/src/main/java/io/entgra/device/mgt/core/device/mgt/core/service/GroupManagementProviderService.java
@@ -30,6 +30,8 @@ import io.entgra.device.mgt.core.device.mgt.common.group.mgt.GroupAlreadyExistEx
import io.entgra.device.mgt.core.device.mgt.common.group.mgt.GroupManagementException;
import io.entgra.device.mgt.core.device.mgt.common.group.mgt.GroupNotExistException;
import io.entgra.device.mgt.core.device.mgt.common.group.mgt.RoleDoesNotExistException;
+import org.wso2.carbon.user.api.AuthorizationManager;
+import org.wso2.carbon.user.api.UserStoreManager;
import java.util.List;
@@ -57,7 +59,7 @@ public interface GroupManagementProviderService {
* @param defaultPermissions of the default role
* @throws GroupManagementException
*/
- void createGroupWithRoles(DeviceGroupRoleWrapper groups, String defaultRole, String[] defaultPermissions) throws GroupManagementException, GroupAlreadyExistException, RoleDoesNotExistException;
+ void createGroupWithRoles(DeviceGroupRoleWrapper groups, String defaultRole, String[] defaultPermissions) throws GroupAlreadyExistException,GroupManagementException, RoleDoesNotExistException;
/**
* Update existing device group.
@@ -79,6 +81,18 @@ public interface GroupManagementProviderService {
*/
boolean deleteGroup(int groupId, boolean isDeleteChildren) throws GroupManagementException;
+ /**
+ * Delete existing device group.
+ *
+ * @param role to be deleted with the userStore name.
+ * @param roleToDelete to delete the role.
+ * @param tenantId to belongs to roles.
+ * @param userStoreManager with details.
+ * @param authorizationManager with details.
+ * @throws GroupManagementException
+ */
+ void deleteRoleAndRoleGroupMapping(String role, String roleToDelete, int tenantId, UserStoreManager userStoreManager, AuthorizationManager authorizationManager) throws GroupManagementException;
+
/**
* Get the device group provided the device group id.
*
diff --git a/components/device-mgt/io.entgra.device.mgt.core.device.mgt.core/src/main/java/io/entgra/device/mgt/core/device/mgt/core/service/GroupManagementProviderServiceImpl.java b/components/device-mgt/io.entgra.device.mgt.core.device.mgt.core/src/main/java/io/entgra/device/mgt/core/device/mgt/core/service/GroupManagementProviderServiceImpl.java
index 3b83d49c01..ee489dedc3 100644
--- a/components/device-mgt/io.entgra.device.mgt.core.device.mgt.core/src/main/java/io/entgra/device/mgt/core/device/mgt/core/service/GroupManagementProviderServiceImpl.java
+++ b/components/device-mgt/io.entgra.device.mgt.core.device.mgt.core/src/main/java/io/entgra/device/mgt/core/device/mgt/core/service/GroupManagementProviderServiceImpl.java
@@ -35,7 +35,6 @@ import io.entgra.device.mgt.core.device.mgt.core.dao.GroupManagementDAOFactory;
import org.apache.commons.lang.StringUtils;
import org.apache.commons.logging.Log;
import org.apache.commons.logging.LogFactory;
-import org.netbeans.lib.cvsclient.commandLine.command.status;
import org.wso2.carbon.CarbonConstants;
import org.wso2.carbon.context.CarbonContext;
import org.wso2.carbon.context.PrivilegedCarbonContext;
@@ -46,14 +45,13 @@ import io.entgra.device.mgt.core.device.mgt.common.exceptions.DeviceManagementEx
import io.entgra.device.mgt.core.device.mgt.common.exceptions.DeviceNotFoundException;
import io.entgra.device.mgt.core.device.mgt.common.GroupPaginationRequest;
import io.entgra.device.mgt.core.device.mgt.common.PaginationResult;
-import io.entgra.device.mgt.core.device.mgt.common.exceptions.TrackerAlreadyExistException;
import io.entgra.device.mgt.core.device.mgt.common.exceptions.TransactionManagementException;
import io.entgra.device.mgt.core.device.mgt.core.event.config.GroupAssignmentEventOperationExecutor;
import io.entgra.device.mgt.core.device.mgt.core.geo.task.GeoFenceEventOperationManager;
import io.entgra.device.mgt.core.device.mgt.core.internal.DeviceManagementDataHolder;
import io.entgra.device.mgt.core.device.mgt.core.operation.mgt.OperationMgtConstants;
import io.entgra.device.mgt.core.device.mgt.core.util.DeviceManagerUtil;
-import io.entgra.device.mgt.core.device.mgt.core.util.HttpReportingUtil;
+import org.wso2.carbon.user.api.AuthorizationManager;
import org.wso2.carbon.user.api.UserRealm;
import org.wso2.carbon.user.api.UserStoreException;
import org.wso2.carbon.user.api.UserStoreManager;
@@ -148,7 +146,7 @@ public class GroupManagementProviderServiceImpl implements GroupManagementProvid
}
}
- public void createGroupWithRoles(DeviceGroupRoleWrapper groups, String defaultRole, String[] defaultPermissions) throws GroupManagementException {
+ public void createGroupWithRoles(DeviceGroupRoleWrapper groups, String defaultRole, String[] defaultPermissions) throws GroupAlreadyExistException, GroupManagementException {
if (groups == null) {
String msg = "Received incomplete data for createGroup";
log.error(msg);
@@ -181,7 +179,7 @@ public class GroupManagementProviderServiceImpl implements GroupManagementProvid
}
GroupManagementDAOFactory.commitTransaction();
} else {
- throw new GroupManagementException("Group exist with name " + groups.getName());
+ throw new GroupAlreadyExistException("Group already exists with name : " + groups.getName() + " Try with another group name.");
}
} catch (GroupManagementDAOException e) {
GroupManagementDAOFactory.rollbackTransaction();
@@ -359,6 +357,40 @@ public class GroupManagementProviderServiceImpl implements GroupManagementProvid
}
}
+ /**
+ * {@inheritDoc}
+ */
+ @Override
+ public void deleteRoleAndRoleGroupMapping(String roleName, String roleToDelete, int tenantId, UserStoreManager userStoreManager, AuthorizationManager authorizationManager) throws GroupManagementException {
+ if (log.isDebugEnabled()) {
+ log.debug("Delete roles");
+ }
+ try {
+ GroupManagementDAOFactory.beginTransaction();
+ groupDAO.deleteGroupsMapping(roleToDelete, tenantId);
+ userStoreManager.deleteRole(roleName);
+ // Delete all authorizations for the current role before deleting
+ authorizationManager.clearRoleAuthorization(roleName);
+ GroupManagementDAOFactory.commitTransaction();
+ } catch (UserStoreException e) {
+ GroupManagementDAOFactory.rollbackTransaction();
+ String msg = "Error occurred while deleting the role '" + roleName + "'";
+ log.error(msg, e);
+ throw new GroupManagementException(msg, e);
+ } catch (TransactionManagementException e) {
+ String msg = "Error occurred while initiating transaction.";
+ log.error(msg, e);
+ throw new GroupManagementException(msg, e);
+ } catch (GroupManagementDAOException e) {
+ GroupManagementDAOFactory.rollbackTransaction();
+ String msg = "Error occurred while deleting the role";
+ log.error(msg, e);
+ throw new GroupManagementException(msg, e);
+ } finally {
+ GroupManagementDAOFactory.closeConnection();
+ }
+ }
+
/**
* {@inheritDoc}
*/
From a0d6c2bd213b5e49d1714a3136d448acb8b7f74c Mon Sep 17 00:00:00 2001
From: prathabanKavin
Date: Tue, 11 Jul 2023 15:53:09 +0530
Subject: [PATCH 28/29] Add missing ios scopes in mdm-ui-config
---
.../src/main/resources/conf/mdm-ui-config.xml | 13 +++++++++++++
1 file changed, 13 insertions(+)
diff --git a/features/device-mgt/io.entgra.device.mgt.core.device.mgt.basics.feature/src/main/resources/conf/mdm-ui-config.xml b/features/device-mgt/io.entgra.device.mgt.core.device.mgt.basics.feature/src/main/resources/conf/mdm-ui-config.xml
index 809c856038..b16935562d 100644
--- a/features/device-mgt/io.entgra.device.mgt.core.device.mgt.basics.feature/src/main/resources/conf/mdm-ui-config.xml
+++ b/features/device-mgt/io.entgra.device.mgt.core.device.mgt.basics.feature/src/main/resources/conf/mdm-ui-config.xml
@@ -227,6 +227,19 @@
perm:android:clear-application
perm:android:suspend-package
perm:android:alternate-install
+ perm:ios:lock
+ perm:ios:location
+ perm:ios:ring
+ perm:ios:clear-passcode
+ perm:ios:enterprise-wipe
+ perm:ios:notification
+ perm:ios:wipe-data
+ perm:ios:boolean-setting
+ perm:ios:wallpaper
+ perm:ios:app-attributes
+ perm:ios:app-configurations
+ perm:mac-os:restart
+ perm:mac-os:shut-down
device-mgt
From 90741dc502a0c02f3a31346ca1003a0f968bfe50 Mon Sep 17 00:00:00 2001
From: navodzoysa
Date: Tue, 11 Jul 2023 23:08:33 +0530
Subject: [PATCH 29/29] Fix class not found error in analytics component
---
.../api/impl/GrafanaAPIProxyServiceImpl.java | 6 +--
.../api/impl/util/GrafanaMgtAPIUtils.java | 52 +++++++++++++++++++
.../pom.xml | 2 +-
.../GrafanaManagementServiceComponent.java | 1 -
4 files changed, 56 insertions(+), 5 deletions(-)
create mode 100644 components/analytics-mgt/grafana-mgt/io.entgra.device.mgt.core.analytics.mgt.grafana.proxy.api/src/main/java/io/entgra/device/mgt/core/analytics/mgt/grafana/proxy/api/impl/util/GrafanaMgtAPIUtils.java
diff --git a/components/analytics-mgt/grafana-mgt/io.entgra.device.mgt.core.analytics.mgt.grafana.proxy.api/src/main/java/io/entgra/device/mgt/core/analytics/mgt/grafana/proxy/api/impl/GrafanaAPIProxyServiceImpl.java b/components/analytics-mgt/grafana-mgt/io.entgra.device.mgt.core.analytics.mgt.grafana.proxy.api/src/main/java/io/entgra/device/mgt/core/analytics/mgt/grafana/proxy/api/impl/GrafanaAPIProxyServiceImpl.java
index 9c91a23e2b..8ed6fe1ca1 100644
--- a/components/analytics-mgt/grafana-mgt/io.entgra.device.mgt.core.analytics.mgt.grafana.proxy.api/src/main/java/io/entgra/device/mgt/core/analytics/mgt/grafana/proxy/api/impl/GrafanaAPIProxyServiceImpl.java
+++ b/components/analytics-mgt/grafana-mgt/io.entgra.device.mgt.core.analytics.mgt.grafana.proxy.api/src/main/java/io/entgra/device/mgt/core/analytics/mgt/grafana/proxy/api/impl/GrafanaAPIProxyServiceImpl.java
@@ -22,11 +22,11 @@ import com.google.gson.JsonObject;
import io.entgra.device.mgt.core.analytics.mgt.grafana.proxy.api.GrafanaAPIProxyService;
import io.entgra.device.mgt.core.analytics.mgt.grafana.proxy.api.bean.ErrorResponse;
import io.entgra.device.mgt.core.analytics.mgt.grafana.proxy.api.exception.RefererNotValid;
+import io.entgra.device.mgt.core.analytics.mgt.grafana.proxy.api.impl.util.GrafanaMgtAPIUtils;
import io.entgra.device.mgt.core.analytics.mgt.grafana.proxy.api.impl.util.GrafanaRequestHandlerUtil;
import io.entgra.device.mgt.core.analytics.mgt.grafana.proxy.common.exception.GrafanaManagementException;
import io.entgra.device.mgt.core.analytics.mgt.grafana.proxy.core.bean.GrafanaPanelIdentifier;
import io.entgra.device.mgt.core.analytics.mgt.grafana.proxy.core.exception.MaliciousQueryAttempt;
-import io.entgra.device.mgt.core.analytics.mgt.grafana.proxy.core.internal.GrafanaMgtDataHolder;
import org.apache.commons.logging.Log;
import org.apache.commons.logging.LogFactory;
import io.entgra.device.mgt.core.device.mgt.common.exceptions.DBConnectionException;
@@ -57,8 +57,8 @@ public class GrafanaAPIProxyServiceImpl implements GrafanaAPIProxyService {
public Response queryDatasource(JsonObject body, @Context HttpHeaders headers, @Context UriInfo requestUriInfo) {
try {
GrafanaPanelIdentifier panelIdentifier = GrafanaRequestHandlerUtil.getPanelIdentifier(headers);
- GrafanaMgtDataHolder.getInstance().getGrafanaQueryService().
- buildSafeQuery(body, panelIdentifier.getDashboardId(), panelIdentifier.getPanelId(), requestUriInfo.getRequestUri());
+ GrafanaMgtAPIUtils.getGrafanaQueryService().buildSafeQuery(body, panelIdentifier.getDashboardId(),
+ panelIdentifier.getPanelId(), requestUriInfo.getRequestUri());
return GrafanaRequestHandlerUtil.proxyPassPostRequest(body, requestUriInfo, panelIdentifier.getOrgId());
} catch (MaliciousQueryAttempt e) {
return Response.status(Response.Status.BAD_REQUEST).entity(
diff --git a/components/analytics-mgt/grafana-mgt/io.entgra.device.mgt.core.analytics.mgt.grafana.proxy.api/src/main/java/io/entgra/device/mgt/core/analytics/mgt/grafana/proxy/api/impl/util/GrafanaMgtAPIUtils.java b/components/analytics-mgt/grafana-mgt/io.entgra.device.mgt.core.analytics.mgt.grafana.proxy.api/src/main/java/io/entgra/device/mgt/core/analytics/mgt/grafana/proxy/api/impl/util/GrafanaMgtAPIUtils.java
new file mode 100644
index 0000000000..07a4293b49
--- /dev/null
+++ b/components/analytics-mgt/grafana-mgt/io.entgra.device.mgt.core.analytics.mgt.grafana.proxy.api/src/main/java/io/entgra/device/mgt/core/analytics/mgt/grafana/proxy/api/impl/util/GrafanaMgtAPIUtils.java
@@ -0,0 +1,52 @@
+/*
+ * Copyright (c) 2018 - 2023, Entgra (Pvt) Ltd. (http://www.entgra.io) All Rights Reserved.
+ *
+ * Entgra (Pvt) Ltd. licenses this file to you under the Apache License,
+ * Version 2.0 (the "License"); you may not use this file except
+ * in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing,
+ * software distributed under the License is distributed on an
+ * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+ * KIND, either express or implied. See the License for the
+ * specific language governing permissions and limitations
+ * under the License.
+ */
+
+package io.entgra.device.mgt.core.analytics.mgt.grafana.proxy.api.impl.util;
+
+import io.entgra.device.mgt.core.analytics.mgt.grafana.proxy.core.service.GrafanaQueryService;
+import org.apache.commons.logging.Log;
+import org.apache.commons.logging.LogFactory;
+import org.wso2.carbon.context.PrivilegedCarbonContext;
+
+public class GrafanaMgtAPIUtils {
+
+ private static final Log log = LogFactory.getLog(GrafanaMgtAPIUtils.class);
+ private static volatile GrafanaQueryService grafanaQueryService;
+
+ /**
+ * Accessing GrafanaQueryService from OSGI service context
+ * @return GrafanaQueryService instance
+ */
+ public static GrafanaQueryService getGrafanaQueryService() {
+ if (grafanaQueryService == null) {
+ synchronized (GrafanaMgtAPIUtils.class) {
+ if (grafanaQueryService == null) {
+ PrivilegedCarbonContext ctx = PrivilegedCarbonContext.getThreadLocalCarbonContext();
+ grafanaQueryService =
+ (GrafanaQueryService) ctx.getOSGiService(GrafanaQueryService.class, null);
+ if (grafanaQueryService == null) {
+ String msg = "Grafana Query service has not initialized.";
+ log.error(msg);
+ throw new IllegalStateException(msg);
+ }
+ }
+ }
+ }
+ return grafanaQueryService;
+ }
+}
diff --git a/components/analytics-mgt/grafana-mgt/io.entgra.device.mgt.core.analytics.mgt.grafana.proxy.core/pom.xml b/components/analytics-mgt/grafana-mgt/io.entgra.device.mgt.core.analytics.mgt.grafana.proxy.core/pom.xml
index 5ccdb13257..24f5dbdcab 100644
--- a/components/analytics-mgt/grafana-mgt/io.entgra.device.mgt.core.analytics.mgt.grafana.proxy.core/pom.xml
+++ b/components/analytics-mgt/grafana-mgt/io.entgra.device.mgt.core.analytics.mgt.grafana.proxy.core/pom.xml
@@ -88,7 +88,7 @@
io.entgra.device.mgt.core.application.mgt.core.*
- !io.entgra.device.mgt.core.transport.mgt.email.sender.core.internal,
+ !io.entgra.device.mgt.core.analytics.mgt.grafana.proxy.core.internal,
io.entgra.device.mgt.core.analytics.mgt.grafana.proxy.core.*
diff --git a/components/analytics-mgt/grafana-mgt/io.entgra.device.mgt.core.analytics.mgt.grafana.proxy.core/src/main/java/io/entgra/device/mgt/core/analytics/mgt/grafana/proxy/core/internal/GrafanaManagementServiceComponent.java b/components/analytics-mgt/grafana-mgt/io.entgra.device.mgt.core.analytics.mgt.grafana.proxy.core/src/main/java/io/entgra/device/mgt/core/analytics/mgt/grafana/proxy/core/internal/GrafanaManagementServiceComponent.java
index 8438c61156..cc4ab33920 100644
--- a/components/analytics-mgt/grafana-mgt/io.entgra.device.mgt.core.analytics.mgt.grafana.proxy.core/src/main/java/io/entgra/device/mgt/core/analytics/mgt/grafana/proxy/core/internal/GrafanaManagementServiceComponent.java
+++ b/components/analytics-mgt/grafana-mgt/io.entgra.device.mgt.core.analytics.mgt.grafana.proxy.core/src/main/java/io/entgra/device/mgt/core/analytics/mgt/grafana/proxy/core/internal/GrafanaManagementServiceComponent.java
@@ -26,7 +26,6 @@ import org.apache.commons.logging.Log;
import org.apache.commons.logging.LogFactory;
import org.osgi.framework.BundleContext;
import org.osgi.service.component.ComponentContext;
-import org.wso2.carbon.context.PrivilegedCarbonContext;
/**
* @scr.component name="io.entgra.analytics.mgt.grafana.proxy.grafanamanagementservicecomponent" immediate="true"