Merge pull request #714 from ruwany/master

Authorization flow changes
merge-requests/1/head
Ruwan 8 years ago committed by GitHub
commit ca2b2e5825

@ -47,6 +47,7 @@ public class ApiPermissionFilter implements Filter {
private static final String PERMISSION_PREFIX = "/permission/admin";
private static List<Permission> permissions;
private static final String WEBAPP_CONTEXT = "/api-application-registration";
private static final String DEFAULT_ADMIN_ROLE = "admin";
@Override
public void init(FilterConfig filterConfig) throws ServletException {
InputStream permissionStream = filterConfig.getServletContext().getResourceAsStream(PERMISSION_CONFIG_PATH);
@ -122,7 +123,17 @@ public class ApiPermissionFilter implements Filter {
UserRealm userRealm = APIUtil.getRealmService().getTenantUserRealm(PrivilegedCarbonContext
.getThreadLocalCarbonContext().getTenantId());
String tenantAwareUsername = MultitenantUtils.getTenantAwareUsername(username);
return userRealm.getAuthorizationManager().isUserAuthorized(tenantAwareUsername, permission, action);
boolean status = userRealm.getAuthorizationManager()
.isUserAuthorized(tenantAwareUsername, permission, action);
if (!status) {
String[] roles = userRealm.getUserStoreManager().getRoleListOfUser(tenantAwareUsername);
for (String role : roles) {
if (role.equals(DEFAULT_ADMIN_ROLE)) {
return true;
}
}
}
return status;
} catch (UserStoreException e) {
String errorMsg = String.format("Unable to authorize the user : %s", username);
log.error(errorMsg, e);

@ -20,6 +20,7 @@ package org.wso2.carbon.device.mgt.jaxrs.service.impl.admin;
import org.apache.axis2.AxisFault;
import org.apache.axis2.client.Options;
import org.apache.axis2.client.Stub;
import org.apache.axis2.java.security.SSLProtocolSocketFactory;
import org.apache.axis2.transport.http.HTTPConstants;
import org.apache.commons.codec.binary.Base64;
@ -119,12 +120,14 @@ public class DeviceTypePublisherAdminServiceImpl implements DeviceTypePublisherA
private static final String IOT_MGT_PORT = "${iot.manager.https.port}";
private static final String IOT_MGT_HOST_NAME = "${iot.manager.host}";
private static final String DAS_URL = DEFAULT_HTTP_PROTOCOL + "://" + DAS_HOST_NAME
+ ":" + DAS_PORT + "/services/CarbonAppUploader" + "/";
+ ":" + DAS_PORT + "/services/CarbonAppUploader/";
private static final String DAS_EVENT_RECEIVER_EP = DEFAULT_HTTP_PROTOCOL + "://" + DAS_HOST_NAME
+ ":" + DAS_PORT + "/services/EventReceiverAdminService" + "/";
+ ":" + DAS_PORT + "/services/EventReceiverAdminService/";
private static final String DAS_EVENT_STREAM_EP = DEFAULT_HTTP_PROTOCOL + "://" + DAS_HOST_NAME
+ ":" + DAS_PORT + "/services/EventStreamAdminService/";
private static final String IOT_MGT_URL = DEFAULT_HTTP_PROTOCOL + "://" + IOT_MGT_HOST_NAME
+ ":" + IOT_MGT_PORT + "/services/CarbonAppUploader" + "/";
+ ":" + IOT_MGT_PORT + "/services/CarbonAppUploader/";
private static final String MEDIA_TYPE_XML = "application/xml";
private static final String DEVICE_MANAGEMENT_TYPE = "device_management";
private static final String TENANT_DOMAIN_PROPERTY = "\\$\\{tenant-domain\\}";
@ -134,7 +137,6 @@ public class DeviceTypePublisherAdminServiceImpl implements DeviceTypePublisherA
@POST
@Path("/deploy/{type}")
public Response doPublish(@PathParam("type") String type) {
try {
//Getting the tenant Domain
tenantDomain = PrivilegedCarbonContext.getThreadLocalCarbonContext().getTenantDomain();
@ -159,17 +161,70 @@ public class DeviceTypePublisherAdminServiceImpl implements DeviceTypePublisherA
String authValue = AUTHORIZATION_HEADER_VALUE + " " + new String(Base64.encodeBase64(
jwtClient.getJwtToken(tenantAdminUser).getBytes()));
List<Header> list = new ArrayList<Header>();
List<Header> list = new ArrayList<>();
Header httpHeader = new Header();
httpHeader.setName(AUTHORIZATION_HEADER);
httpHeader.setValue(authValue);
list.add(httpHeader);//"https"
List<String> streamFileList = getStreamsList(type);
List<String> receiverFileList = getReceiversList(type);
if (!tenantDomain.equals(MultitenantConstants.SUPER_TENANT_DOMAIN_NAME)) {
if (streamFileList != null) {
publishDynamicEventStream(type, MultitenantConstants.SUPER_TENANT_DOMAIN_NAME, streamFileList);
}
if (receiverFileList != null) {
publishDynamicEventReceivers(type, MultitenantConstants.SUPER_TENANT_DOMAIN_NAME, receiverFileList);
}
}
if (deployAnalyticsCapp(type, list)){
return Response.status(Response.Status.BAD_REQUEST)
.entity("\"Error, Artifact does not exist.\"").build();
}
if (receiverFileList != null) {
publishDynamicEventReceivers(type, tenantDomain, receiverFileList);
}
int tenantId = PrivilegedCarbonContext.getThreadLocalCarbonContext().getTenantId();
Registry registry = DeviceMgtAPIUtils.getRegistryService().getConfigSystemRegistry(tenantId);
if (!registry.resourceExists(DEFAULT_RESOURCE_LOCATION + type + ".exist")) {
Resource resource = new ResourceImpl();
resource.setContent("</exist>");
resource.setMediaType(MEDIA_TYPE_XML);
registry.put(DEFAULT_RESOURCE_LOCATION + type + ".exist", resource);
}
return Response.status(Response.Status.CREATED).entity("\"OK. \\n Successfully uploaded the artifacts.\"")
.build();
} catch (AxisFault e) {
log.error("failed to publish event definitions for tenantDomain:" + tenantDomain, e);
return Response.status(Response.Status.INTERNAL_SERVER_ERROR).build();
} catch (RemoteException e) {
log.error("Failed to connect with the remote services:" + tenantDomain, e);
return Response.status(Response.Status.INTERNAL_SERVER_ERROR).build();
} catch (JWTClientException e) {
log.error("Failed to generate jwt token for tenantDomain:" + tenantDomain, e);
return Response.status(Response.Status.INTERNAL_SERVER_ERROR).build();
} catch (UserStoreException e) {
log.error("Failed to connect with the user store, tenantDomain: " + tenantDomain, e);
return Response.status(Response.Status.INTERNAL_SERVER_ERROR).build();
} catch (CertificateException | UnrecoverableKeyException | KeyStoreException |
KeyManagementException | IOException | NoSuchAlgorithmException e) {
log.error("Failed to access keystore for, tenantDomain: " + tenantDomain, e);
return Response.status(Response.Status.INTERNAL_SERVER_ERROR).build();
} catch (RegistryException e) {
log.error("Failed to load tenant, tenantDomain: " + tenantDomain, e);
return Response.status(Response.Status.INTERNAL_SERVER_ERROR).build();
}
}
private boolean deployAnalyticsCapp(@PathParam("type") String type, List<Header> list) throws IOException, RegistryException {
CarbonAppUploaderStub carbonAppUploaderStub = null;
try {
File directory = new File(CAR_FILE_LOCATION + File.separator + type);
if (directory.isDirectory() && directory.exists()) {
UploadedFileItem[] uploadedFileItems = loadCappFromFileSystem(type);
if (uploadedFileItems.length > 0) {
CarbonAppUploaderStub carbonAppUploaderStub = new CarbonAppUploaderStub(Utils.replaceSystemProperty(
carbonAppUploaderStub = new CarbonAppUploaderStub(Utils.replaceSystemProperty(
IOT_MGT_URL));
Options appUploaderOptions = carbonAppUploaderStub._getServiceClient().getOptions();
if (appUploaderOptions == null) {
@ -198,36 +253,14 @@ public class DeviceTypePublisherAdminServiceImpl implements DeviceTypePublisherA
carbonAppUploaderStub._getServiceClient().setOptions(appUploaderOptions);
carbonAppUploaderStub.uploadApp(uploadedFileItems);
}
int tenantId = PrivilegedCarbonContext.getThreadLocalCarbonContext().getTenantId();
Registry registry = DeviceMgtAPIUtils.getRegistryService().getConfigSystemRegistry(tenantId);
if (!registry.resourceExists(DEFAULT_RESOURCE_LOCATION + type + ".exist")) {
Resource resource = new ResourceImpl();
resource.setContent("</exist>");
resource.setMediaType(MEDIA_TYPE_XML);
registry.put(DEFAULT_RESOURCE_LOCATION + type + ".exist", resource);
}
}
if(!tenantDomain.equals(MultitenantConstants.SUPER_TENANT_DOMAIN_NAME)) {
publishDynamicEventReceivers(type, tenantDomain);
}
publishDynamicEventReceivers(type,MultitenantConstants.SUPER_TENANT_DOMAIN_NAME);
publishDynamicEventStream(type,MultitenantConstants.SUPER_TENANT_DOMAIN_NAME);
} else {
return Response.status(Response.Status.BAD_REQUEST)
.entity("\"Error, Artifact does not exist.\"").build();
return true;
}
} catch (Exception e) {
log.error("Capp deployment failed due to " + e.getMessage(), e);
return Response.status(Response.Status.INTERNAL_SERVER_ERROR).entity(
"\"Error, Artifact deployment has failed\"").build();
return false;
} finally {
cleanup(carbonAppUploaderStub);
}
return Response.status(Response.Status.CREATED).entity("\"OK. \\n Successfully uploaded the artifacts.\"")
.build();
}
@GET
@ -235,7 +268,7 @@ public class DeviceTypePublisherAdminServiceImpl implements DeviceTypePublisherA
@Override
public Response getStatus(@PathParam("type") String deviceType) {
int tenantId = PrivilegedCarbonContext.getThreadLocalCarbonContext().getTenantId();
Registry registry = null;
Registry registry;
try {
registry = DeviceMgtAPIUtils.getRegistryService().getConfigSystemRegistry(tenantId);
if (registry.resourceExists(DEFAULT_RESOURCE_LOCATION + deviceType + ".exist")) {
@ -251,19 +284,20 @@ public class DeviceTypePublisherAdminServiceImpl implements DeviceTypePublisherA
}
private void publishDynamicEventReceivers(String deviceType, String tenantDomain){
private void publishDynamicEventReceivers(String deviceType, String tenantDomain, List<String> receiversList)
throws IOException, UserStoreException, JWTClientException {
PrivilegedCarbonContext.getThreadLocalCarbonContext().startTenantFlow();
PrivilegedCarbonContext.startTenantFlow();
PrivilegedCarbonContext.getThreadLocalCarbonContext().setTenantDomain(tenantDomain, true);
EventReceiverAdminServiceStub receiverAdminServiceStub = null;
try {
EventReceiverAdminServiceStub receiverAdminServiceStub = new EventReceiverAdminServiceStub(Utils.replaceSystemProperty(DAS_EVENT_RECEIVER_EP));
receiverAdminServiceStub = new EventReceiverAdminServiceStub
(Utils.replaceSystemProperty(DAS_EVENT_RECEIVER_EP));
Options eventReciverOptions = receiverAdminServiceStub._getServiceClient().getOptions();
if (eventReciverOptions == null) {
eventReciverOptions = new Options();
}
String username=null;
String username;
if(!tenantDomain.equals(MultitenantConstants.SUPER_TENANT_DOMAIN_NAME)) {
username = PrivilegedCarbonContext.getThreadLocalCarbonContext().getUserRealm()
.getRealmConfiguration().getAdminUserName()+"@"+tenantDomain;
@ -278,7 +312,7 @@ public class DeviceTypePublisherAdminServiceImpl implements DeviceTypePublisherA
String authValue = AUTHORIZATION_HEADER_VALUE + " " + new String(Base64.encodeBase64(
jwtClient.getJwtToken(username).getBytes()));
List<Header> list = new ArrayList<Header>();
List<Header> list = new ArrayList<>();
Header httpHeader = new Header();
httpHeader.setName(AUTHORIZATION_HEADER);
httpHeader.setValue(authValue);
@ -291,36 +325,24 @@ public class DeviceTypePublisherAdminServiceImpl implements DeviceTypePublisherA
, Integer.parseInt(Utils.replaceSystemProperty(DAS_PORT))));
receiverAdminServiceStub._getServiceClient().setOptions(eventReciverOptions);
List<String> receiversList = getReceiversList(deviceType);
for (String receiverContent:receiversList) {
receiverAdminServiceStub.deployEventReceiverConfiguration(receiverContent);
}
} catch (AxisFault e) {
log.error("publishing dynamic event receiver is failed due to " + e.getMessage(), e);
} catch (RemoteException e) {
log.error("publishing dynamic event receiver is failed due to " + e.getMessage(), e);
} catch (IOException e) {
log.error("publishing dynamic event receiver is failed due to " + e.getMessage(), e);
} catch (JWTClientException e) {
log.error("publishing dynamic event receiver is failed due to " + e.getMessage(), e);
} catch (UserStoreException e) {
log.error("publishing dynamic event receiver is failed due to " + e.getMessage(), e);
} finally {
cleanup(receiverAdminServiceStub);
PrivilegedCarbonContext.endTenantFlow();
}
}
private void publishDynamicEventStream(String deviceType, String tenantDomain, List<String> streamList)
throws IOException, UserStoreException, JWTClientException {
private void publishDynamicEventStream(String deviceType, String tenantDomain){
PrivilegedCarbonContext.getThreadLocalCarbonContext().startTenantFlow();
PrivilegedCarbonContext.startTenantFlow();
PrivilegedCarbonContext.getThreadLocalCarbonContext().setTenantDomain(tenantDomain, true);
EventStreamAdminServiceStub eventStreamAdminServiceStub = null;
try {
EventStreamAdminServiceStub eventStreamAdminServiceStub = new EventStreamAdminServiceStub(Utils.replaceSystemProperty(DAS_EVENT_RECEIVER_EP));
eventStreamAdminServiceStub = new EventStreamAdminServiceStub
(Utils.replaceSystemProperty(DAS_EVENT_STREAM_EP));
Options eventReciverOptions = eventStreamAdminServiceStub._getServiceClient().getOptions();
if (eventReciverOptions == null) {
eventReciverOptions = new Options();
@ -340,7 +362,7 @@ public class DeviceTypePublisherAdminServiceImpl implements DeviceTypePublisherA
String authValue = AUTHORIZATION_HEADER_VALUE + " " + new String(Base64.encodeBase64(
jwtClient.getJwtToken(username).getBytes()));
List<Header> list = new ArrayList<Header>();
List<Header> list = new ArrayList<>();
Header httpHeader = new Header();
httpHeader.setName(AUTHORIZATION_HEADER);
httpHeader.setValue(authValue);
@ -353,41 +375,33 @@ public class DeviceTypePublisherAdminServiceImpl implements DeviceTypePublisherA
, Integer.parseInt(Utils.replaceSystemProperty(DAS_PORT))));
eventStreamAdminServiceStub._getServiceClient().setOptions(eventReciverOptions);
List<String> streamList = getStreamsList(deviceType);
for (String streamContent:streamList) {
JSONParser jsonParser = new JSONParser();
JSONObject steamJson = (JSONObject)jsonParser.parse(streamContent);
String name = (String) steamJson.get("name");
String version = (String) steamJson.get("version");
String streamId = name +":"+version;
if(eventStreamAdminServiceStub.getStreamDefinitionAsString(streamId)==null) {
if (eventStreamAdminServiceStub.getStreamDefinitionDto(streamId) == null) {
log.error("its not there");
eventStreamAdminServiceStub.addEventStreamDefinitionAsString(streamContent);
} else {
log.error("its there");
}
}
} catch (AxisFault e) {
log.error("publishing dynamic event receiver is failed due to " + e.getMessage(), e);
} catch (RemoteException e) {
log.error("publishing dynamic event receiver is failed due to " + e.getMessage(), e);
} catch (IOException e) {
log.error("publishing dynamic event receiver is failed due to " + e.getMessage(), e);
} catch (JWTClientException e) {
log.error("publishing dynamic event receiver is failed due to " + e.getMessage(), e);
} catch (UserStoreException e) {
log.error("publishing dynamic event receiver is failed due to " + e.getMessage(), e);
} catch (ParseException e) {
log.error("publishing dynamic event receiver is failed due to " + e.getMessage(), e);
e.printStackTrace();
} finally {
cleanup(eventStreamAdminServiceStub);
PrivilegedCarbonContext.endTenantFlow();
}
}
private List<String> getReceiversList(String deviceType) throws IOException {
File directory = new File(CAR_FILE_LOCATION + File.separator + deviceType+File.separator+"receiver");
if (!directory.exists()) {
return null;
}
File[] receiverFiles = directory.listFiles(new FilenameFilter() {
@Override
public boolean accept(File dir, String name) {
@ -396,8 +410,8 @@ public class DeviceTypePublisherAdminServiceImpl implements DeviceTypePublisherA
});
List<String> receiverList = new ArrayList<>();
for (File receiverFile:receiverFiles) {
String receiverContent =new String(Files.readAllBytes(receiverFile.toPath()));
receiverContent.replaceAll(TENANT_DOMAIN_PROPERTY,tenantDomain.toLowerCase());
String receiverContentTemplate =new String(Files.readAllBytes(receiverFile.toPath()));
final String receiverContent = receiverContentTemplate.replaceAll(TENANT_DOMAIN_PROPERTY, tenantDomain.toLowerCase());
receiverList.add(receiverContent);
}
@ -405,8 +419,10 @@ public class DeviceTypePublisherAdminServiceImpl implements DeviceTypePublisherA
}
private List<String> getStreamsList(String deviceType) throws IOException {
File directory = new File(CAR_FILE_LOCATION + File.separator + deviceType+File.separator+"streams");
if (!directory.exists()) {
return null;
}
File[] receiverFiles = directory.listFiles(new FilenameFilter() {
@Override
public boolean accept(File dir, String name) {
@ -415,11 +431,9 @@ public class DeviceTypePublisherAdminServiceImpl implements DeviceTypePublisherA
});
List<String> streamList = new ArrayList<>();
for (File StreamFile:receiverFiles) {
String receiverContent =new String(Files.readAllBytes(StreamFile.toPath()));
receiverContent.replaceAll(TENANT_DOMAIN_PROPERTY,tenantDomain.toLowerCase());
streamList.add(receiverContent);
String streamContent =new String(Files.readAllBytes(StreamFile.toPath()));
streamList.add(streamContent);
}
return streamList;
}
@ -507,6 +521,15 @@ public class DeviceTypePublisherAdminServiceImpl implements DeviceTypePublisherA
SSLContext.setDefault(sslContext);
}
private void cleanup(Stub stub) {
if (stub != null) {
try {
stub.cleanup();
} catch (AxisFault axisFault) {
//do nothing
}
}
}
}

Loading…
Cancel
Save