diff --git a/components/apimgt-extensions/org.wso2.carbon.apimgt.annotations/src/main/java/org/wso2/carbon/apimgt/annotations/api/Scope.java b/components/apimgt-extensions/org.wso2.carbon.apimgt.annotations/src/main/java/org/wso2/carbon/apimgt/annotations/api/Scope.java
index 701a6f183c..86d3b8f477 100644
--- a/components/apimgt-extensions/org.wso2.carbon.apimgt.annotations/src/main/java/org/wso2/carbon/apimgt/annotations/api/Scope.java
+++ b/components/apimgt-extensions/org.wso2.carbon.apimgt.annotations/src/main/java/org/wso2/carbon/apimgt/annotations/api/Scope.java
@@ -20,4 +20,6 @@ public @interface Scope {
String[] permissions();
+ String[] roles();
+
}
diff --git a/components/apimgt-extensions/org.wso2.carbon.apimgt.application.extension.api/src/main/webapp/WEB-INF/web.xml b/components/apimgt-extensions/org.wso2.carbon.apimgt.application.extension.api/src/main/webapp/WEB-INF/web.xml
index 823bf51d73..b2d4acf3c4 100644
--- a/components/apimgt-extensions/org.wso2.carbon.apimgt.application.extension.api/src/main/webapp/WEB-INF/web.xml
+++ b/components/apimgt-extensions/org.wso2.carbon.apimgt.application.extension.api/src/main/webapp/WEB-INF/web.xml
@@ -37,7 +37,7 @@
doAuthentication
- true
+ false
diff --git a/components/apimgt-extensions/org.wso2.carbon.apimgt.webapp.publisher/src/main/java/org/wso2/carbon/apimgt/webapp/publisher/APIPublisherServiceImpl.java b/components/apimgt-extensions/org.wso2.carbon.apimgt.webapp.publisher/src/main/java/org/wso2/carbon/apimgt/webapp/publisher/APIPublisherServiceImpl.java
index b1c7769768..a3cc0525a2 100644
--- a/components/apimgt-extensions/org.wso2.carbon.apimgt.webapp.publisher/src/main/java/org/wso2/carbon/apimgt/webapp/publisher/APIPublisherServiceImpl.java
+++ b/components/apimgt-extensions/org.wso2.carbon.apimgt.webapp.publisher/src/main/java/org/wso2/carbon/apimgt/webapp/publisher/APIPublisherServiceImpl.java
@@ -18,6 +18,8 @@
*/
package org.wso2.carbon.apimgt.webapp.publisher;
+import org.wso2.carbon.apimgt.webapp.publisher.dto.ApiScope;
+import org.wso2.carbon.apimgt.webapp.publisher.dto.ApiUriTemplate;
import org.wso2.carbon.apimgt.api.APIManagementException;
import org.wso2.carbon.apimgt.api.APIProvider;
import org.wso2.carbon.apimgt.api.FaultGatewaysException;
@@ -32,7 +34,6 @@ import org.wso2.carbon.apimgt.api.model.URITemplate;
import org.wso2.carbon.apimgt.impl.APIConstants;
import org.wso2.carbon.apimgt.impl.APIManagerFactory;
import org.wso2.carbon.apimgt.webapp.publisher.config.WebappPublisherConfig;
-import org.wso2.carbon.apimgt.webapp.publisher.dto.ApiUriTemplate;
import org.wso2.carbon.apimgt.webapp.publisher.exception.APIManagerPublisherException;
import org.wso2.carbon.context.PrivilegedCarbonContext;
import org.wso2.carbon.utils.multitenancy.MultitenantUtils;
@@ -61,11 +62,26 @@ public class APIPublisherServiceImpl implements APIPublisherService {
PrivilegedCarbonContext.startTenantFlow();
PrivilegedCarbonContext.getThreadLocalCarbonContext().setTenantDomain(tenantDomain, true);
PrivilegedCarbonContext.getThreadLocalCarbonContext().setUsername(apiConfig.getOwner());
+ int tenantId = PrivilegedCarbonContext.getThreadLocalCarbonContext().getTenantId();
try {
APIProvider apiProvider = API_MANAGER_FACTORY.getAPIProvider(apiConfig.getOwner());
- API api = getAPI(apiConfig);
+ APIIdentifier apiIdentifier = new APIIdentifier(apiConfig.getOwner(), apiConfig.getName(), apiConfig.getVersion());
+
+ if (!apiProvider.isAPIAvailable(apiIdentifier)) {
- if (!apiProvider.isAPIAvailable(api.getId())) {
+ // add new scopes as shared scopes
+ Set allSharedScopeKeys = apiProvider.getAllSharedScopeKeys(tenantDomain);
+ for (ApiScope apiScope : apiConfig.getScopes()) {
+ if (!allSharedScopeKeys.contains(apiScope.getKey())) {
+ Scope scope = new Scope();
+ scope.setName(apiScope.getName());
+ scope.setDescription(apiScope.getDescription());
+ scope.setKey(apiScope.getKey());
+ scope.setRoles(apiScope.getRoles());
+ apiProvider.addSharedScope(scope, tenantDomain);
+ }
+ }
+ API api = getAPI(apiConfig, true);
API createdAPI = apiProvider.addAPI(api);
if (CREATED_STATUS.equals(createdAPI.getStatus())) {
apiProvider.changeLifeCycleStatus(tenantDomain, createdAPI.getUuid(), PUBLISH_ACTION, null);
@@ -73,6 +89,7 @@ public class APIPublisherServiceImpl implements APIPublisherService {
apiRevision.setApiUUID(createdAPI.getUuid());
apiRevision.setDescription("Initial Revision");
String apiRevisionId = apiProvider.addAPIRevision(apiRevision, tenantDomain);
+
APIRevisionDeployment apiRevisionDeployment = new APIRevisionDeployment();
apiRevisionDeployment.setDeployment(API_PUBLISH_ENVIRONMENT);
apiRevisionDeployment.setVhost("localhost");
@@ -85,14 +102,83 @@ public class APIPublisherServiceImpl implements APIPublisherService {
}
} else {
if (WebappPublisherConfig.getInstance().isEnabledUpdateApi()) {
- API existingAPI = apiProvider.getAPI(api.getId());
+
+ // With 4.x to 5.x upgrade
+ // - there cannot be same local scope assigned in 2 different APIs
+ // - local scopes will be deprecated in the future, so need to move all scopes as shared scopes
+
+ // if an api scope is not available as shared scope, but already assigned as local scope -> that means, the scopes available for this API has not moved as shared scopes
+ // in order to do that :
+ // 1. update the same API removing scopes from URI templates
+ // 2. add scopes as shared scopes
+ // 3. update the API again adding scopes for the URI Templates
+
+ // if an api scope is not available as shared scope, and not assigned as local scope -> that means, there are new scopes
+ // 1. add new scopes as shared scopes
+ // 2. update the API adding scopes for the URI Templates
+
+ Set allSharedScopeKeys = apiProvider.getAllSharedScopeKeys(tenantDomain);
+ Set scopesToMoveAsSharedScopes = new HashSet<>();
+ for (ApiScope apiScope : apiConfig.getScopes()) {
+ // if the scope is not available as shared scope and it is assigned to an API as a local scope
+ // need remove the local scope and add as a shared scope
+ if (!allSharedScopeKeys.contains(apiScope.getKey())) {
+ if (apiProvider.isScopeKeyAssignedLocally(apiIdentifier, apiScope.getKey(), tenantId)) {
+ // collect scope to move as shared scopes
+ scopesToMoveAsSharedScopes.add(apiScope);
+ } else {
+ // if new scope add as shared scope
+ Scope scope = new Scope();
+ scope.setName(apiScope.getName());
+ scope.setDescription(apiScope.getDescription());
+ scope.setKey(apiScope.getKey());
+ scope.setRoles(apiScope.getRoles());
+ apiProvider.addSharedScope(scope, tenantDomain);
+ }
+ } else {
+ // if already available as shared scope -> update
+ Scope scope = new Scope();
+ scope.setName(apiScope.getName());
+ scope.setDescription(apiScope.getDescription());
+ scope.setKey(apiScope.getKey());
+ scope.setRoles(apiScope.getRoles());
+ apiProvider.updateSharedScope(scope, tenantDomain);
+ }
+ }
+
+ // Get existing API
+ API existingAPI = apiProvider.getAPI(apiIdentifier);
+
+ if (scopesToMoveAsSharedScopes.size() > 0) {
+ // update API to remove local scopes
+ API api = getAPI(apiConfig, false);
+ api.setStatus(existingAPI.getStatus());
+ apiProvider.updateAPI(api);
+
+ for (ApiScope apiScope : scopesToMoveAsSharedScopes) {
+ Scope scope = new Scope();
+ scope.setName(apiScope.getName());
+ scope.setDescription(apiScope.getDescription());
+ scope.setKey(apiScope.getKey());
+ scope.setRoles(apiScope.getRoles());
+ apiProvider.addSharedScope(scope, tenantDomain);
+ }
+ }
+
+ existingAPI = apiProvider.getAPI(apiIdentifier);
+ API api = getAPI(apiConfig, true);
api.setStatus(existingAPI.getStatus());
apiProvider.updateAPI(api);
- if (api.getId().getName().equals(existingAPI.getId().getName()) &&
- api.getId().getVersion().equals(existingAPI.getId().getVersion())) {
- if (CREATED_STATUS.equals(existingAPI.getStatus())) {
- apiProvider.changeLifeCycleStatus(tenantDomain, existingAPI.getUuid(), PUBLISH_ACTION, null);
- }
+
+ if (CREATED_STATUS.equals(existingAPI.getStatus())) {
+ apiProvider.changeLifeCycleStatus(tenantDomain, existingAPI.getUuid(), PUBLISH_ACTION, null);
+ APIRevision apiRevision = new APIRevision();
+ apiRevision.setApiUUID(existingAPI.getUuid());
+ apiRevision.setDescription("Updated Revision");
+ String apiRevisionId = apiProvider.addAPIRevision(apiRevision, tenantDomain);
+
+ List apiRevisionDeploymentList = apiProvider.getAPIRevisionDeploymentList(apiRevisionId);
+ apiProvider.deployAPIRevision(existingAPI.getUuid(), apiRevisionId, apiRevisionDeploymentList);
}
}
}
@@ -105,7 +191,7 @@ public class APIPublisherServiceImpl implements APIPublisherService {
}
}
- private API getAPI(APIConfig config) {
+ private API getAPI(APIConfig config, boolean includeScopes) {
APIIdentifier apiIdentifier = new APIIdentifier(config.getOwner(), config.getName(), config.getVersion());
API api = new API(apiIdentifier);
@@ -129,13 +215,15 @@ public class APIPublisherServiceImpl implements APIPublisherService {
uriTemplate.setHTTPVerb(apiUriTemplate.getHttpVerb());
uriTemplate.setResourceURI(apiUriTemplate.getResourceURI());
uriTemplate.setUriTemplate(apiUriTemplate.getUriTemplate());
- Scope scope = new Scope();
- if (apiUriTemplate.getScope() != null) {
- scope.setName(apiUriTemplate.getScope().getName());
- scope.setDescription(apiUriTemplate.getScope().getDescription());
- scope.setKey(apiUriTemplate.getScope().getKey());
- scope.setRoles(apiUriTemplate.getScope().getRoles());
- uriTemplate.setScope(scope);
+ if (includeScopes) {
+ Scope scope = new Scope();
+ if (apiUriTemplate.getScope() != null) {
+ scope.setName(apiUriTemplate.getScope().getName());
+ scope.setDescription(apiUriTemplate.getScope().getDescription());
+ scope.setKey(apiUriTemplate.getScope().getKey());
+ scope.setRoles(apiUriTemplate.getScope().getRoles());
+ uriTemplate.setScopes(scope);
+ }
}
uriTemplates.add(uriTemplate);
}
diff --git a/components/apimgt-extensions/org.wso2.carbon.apimgt.webapp.publisher/src/main/java/org/wso2/carbon/apimgt/webapp/publisher/dto/ApiScope.java b/components/apimgt-extensions/org.wso2.carbon.apimgt.webapp.publisher/src/main/java/org/wso2/carbon/apimgt/webapp/publisher/dto/ApiScope.java
index 016dbff37f..5578ea05df 100644
--- a/components/apimgt-extensions/org.wso2.carbon.apimgt.webapp.publisher/src/main/java/org/wso2/carbon/apimgt/webapp/publisher/dto/ApiScope.java
+++ b/components/apimgt-extensions/org.wso2.carbon.apimgt.webapp.publisher/src/main/java/org/wso2/carbon/apimgt/webapp/publisher/dto/ApiScope.java
@@ -23,6 +23,7 @@ public class ApiScope {
String key;
String name;
String roles;
+ String permissions;
String description;
int id;
@@ -61,4 +62,11 @@ public class ApiScope {
this.description = description;
}
+ public String getPermissions() {
+ return permissions;
+ }
+
+ public void setPermissions(String permissions) {
+ this.permissions = permissions;
+ }
}
diff --git a/components/apimgt-extensions/org.wso2.carbon.apimgt.webapp.publisher/src/main/java/org/wso2/carbon/apimgt/webapp/publisher/lifecycle/util/AnnotationProcessor.java b/components/apimgt-extensions/org.wso2.carbon.apimgt.webapp.publisher/src/main/java/org/wso2/carbon/apimgt/webapp/publisher/lifecycle/util/AnnotationProcessor.java
index 9cac3ca45a..0836018a0c 100644
--- a/components/apimgt-extensions/org.wso2.carbon.apimgt.webapp.publisher/src/main/java/org/wso2/carbon/apimgt/webapp/publisher/lifecycle/util/AnnotationProcessor.java
+++ b/components/apimgt-extensions/org.wso2.carbon.apimgt.webapp.publisher/src/main/java/org/wso2/carbon/apimgt/webapp/publisher/lifecycle/util/AnnotationProcessor.java
@@ -70,6 +70,7 @@ public class AnnotationProcessor {
private static final String SWAGGER_ANNOTATIONS_PROPERTIES_DESCRIPTION = "description";
private static final String SWAGGER_ANNOTATIONS_PROPERTIES_KEY = "key";
private static final String SWAGGER_ANNOTATIONS_PROPERTIES_PERMISSIONS = "permissions";
+ private static final String SWAGGER_ANNOTATIONS_PROPERTIES_ROLES = "roles";
private static final String SWAGGER_ANNOTATIONS_PROPERTIES_VERSION = "version";
private static final String SWAGGER_ANNOTATIONS_PROPERTIES_CONTEXT = "context";
private static final String SWAGGER_ANNOTATIONS_PROPERTIES_VALUE = "value";
@@ -78,6 +79,7 @@ public class AnnotationProcessor {
private static final String DEFAULT_SCOPE_NAME = "default admin scope";
private static final String DEFAULT_SCOPE_KEY = "perm:admin";
private static final String DEFAULT_SCOPE_PERMISSION = "/permision/device-mgt";
+ private static final String DEFAULT_SCOPE_ROLE = "admin";
private static final String PERMISSION_PREFIX = "/permission/admin";
@@ -217,8 +219,11 @@ public class AnnotationProcessor {
ApiScope scope;
String permissions[];
StringBuilder aggregatedPermissions;
+ String roles[];
+ StringBuilder aggregatedRoles;
for(int i=0; i permissions) {
- PermissionManagerService permissionService = DeviceMgtAPIUtils.getPermissionManagerService();
- org.wso2.carbon.device.mgt.common.permission.mgt.Permission permission = new org
- .wso2.carbon.device.mgt.common.permission.mgt.Permission();
-
for (String path : permissions) {
- permission.setPath(path);
- permission.setUrl(path);
try {
- permissionService.addPermission(permission);
+ PermissionUtils.putPermission(path);
} catch (PermissionManagementException e) {
String msg = "Error occurred adding permission";
log.error(msg, e);
diff --git a/components/device-mgt/io.entgra.carbon.device.mgt.config.api/src/main/java/io/entgra/carbon/device/mgt/config/jaxrs/util/DeviceMgtAPIUtils.java b/components/device-mgt/io.entgra.carbon.device.mgt.config.api/src/main/java/io/entgra/carbon/device/mgt/config/jaxrs/util/DeviceMgtAPIUtils.java
index 96ef7c0cbc..cf098c6edc 100644
--- a/components/device-mgt/io.entgra.carbon.device.mgt.config.api/src/main/java/io/entgra/carbon/device/mgt/config/jaxrs/util/DeviceMgtAPIUtils.java
+++ b/components/device-mgt/io.entgra.carbon.device.mgt.config.api/src/main/java/io/entgra/carbon/device/mgt/config/jaxrs/util/DeviceMgtAPIUtils.java
@@ -21,7 +21,6 @@ package io.entgra.carbon.device.mgt.config.jaxrs.util;
import org.apache.commons.logging.Log;
import org.apache.commons.logging.LogFactory;
import org.wso2.carbon.context.PrivilegedCarbonContext;
-import org.wso2.carbon.device.mgt.common.permission.mgt.PermissionManagerService;
import org.wso2.carbon.device.mgt.core.service.DeviceManagementProviderService;
import org.wso2.carbon.user.core.service.RealmService;
@@ -33,7 +32,6 @@ public class DeviceMgtAPIUtils {
private static final Log log = LogFactory.getLog(DeviceMgtAPIUtils.class);
private static DeviceManagementProviderService deviceManagementProviderService = null;
- private static PermissionManagerService permissionManagerService = null;
private static RealmService realmService = null;
public static DeviceManagementProviderService getDeviceManagementService() {
@@ -50,20 +48,6 @@ public class DeviceMgtAPIUtils {
return deviceManagementProviderService;
}
- public static PermissionManagerService getPermissionManagerService() {
- if (permissionManagerService == null) {
- PrivilegedCarbonContext ctx = PrivilegedCarbonContext.getThreadLocalCarbonContext();
- permissionManagerService =
- (PermissionManagerService) ctx.getOSGiService(PermissionManagerService.class, null);
- if (permissionManagerService == null) {
- String msg = "Permission Management provider service has not initialized.";
- log.error(msg);
- throw new IllegalStateException(msg);
- }
- }
- return permissionManagerService;
- }
-
public static RealmService getRealmService() {
if (realmService == null) {
PrivilegedCarbonContext ctx = PrivilegedCarbonContext.getThreadLocalCarbonContext();
diff --git a/components/device-mgt/org.wso2.carbon.device.mgt.api/src/main/java/org/wso2/carbon/device/mgt/jaxrs/service/api/ActivityInfoProviderService.java b/components/device-mgt/org.wso2.carbon.device.mgt.api/src/main/java/org/wso2/carbon/device/mgt/jaxrs/service/api/ActivityInfoProviderService.java
index 18241eab75..43bd7e847b 100644
--- a/components/device-mgt/org.wso2.carbon.device.mgt.api/src/main/java/org/wso2/carbon/device/mgt/jaxrs/service/api/ActivityInfoProviderService.java
+++ b/components/device-mgt/org.wso2.carbon.device.mgt.api/src/main/java/org/wso2/carbon/device/mgt/jaxrs/service/api/ActivityInfoProviderService.java
@@ -76,6 +76,7 @@ import javax.ws.rs.core.Response;
name = "Get activities",
description = "Get activities",
key = "perm:get-activity",
+ roles = {"Internal/devicemgt-user"},
permissions = {"/device-mgt/devices/owning-device/view"}
)
}
diff --git a/components/device-mgt/org.wso2.carbon.device.mgt.api/src/main/java/org/wso2/carbon/device/mgt/jaxrs/service/api/AnalyticsArtifactsManagementService.java b/components/device-mgt/org.wso2.carbon.device.mgt.api/src/main/java/org/wso2/carbon/device/mgt/jaxrs/service/api/AnalyticsArtifactsManagementService.java
index 9ff8ecc44d..608d19fb92 100644
--- a/components/device-mgt/org.wso2.carbon.device.mgt.api/src/main/java/org/wso2/carbon/device/mgt/jaxrs/service/api/AnalyticsArtifactsManagementService.java
+++ b/components/device-mgt/org.wso2.carbon.device.mgt.api/src/main/java/org/wso2/carbon/device/mgt/jaxrs/service/api/AnalyticsArtifactsManagementService.java
@@ -68,41 +68,49 @@ import javax.ws.rs.core.Response;
name = "Create Event Stream Artifact",
description = "Create Event Stream Artifact",
key = "perm:analytics:artifacts:stream",
+ roles = {"Internal/devicemgt-user"},
permissions = {"/device-mgt/analytics/artifacts/stream/add"}),
@Scope(
name = "Delete Stream Artifact",
description = "Delete Stream Artifact",
key = "perm:analytics:artifacts:stream:delete",
+ roles = {"Internal/devicemgt-user"},
permissions = {"/device-mgt/analytics/artifacts/stream/delete"}),
@Scope(
name = "Create Event Receiver Artifact",
description = "Create Event Receiver Artifact",
key = "perm:analytics:artifacts:receiver",
+ roles = {"Internal/devicemgt-user"},
permissions = {"/device-mgt/analytics/artifacts/receiver/add"}),
@Scope(
name = "Delete Receiver Artifact",
description = "Delete Receiver Artifact",
key = "perm:analytics:artifacts:receiver:delete",
+ roles = {"Internal/devicemgt-user"},
permissions = {"/device-mgt/analytics/artifacts/receiver/delete"}),
@Scope(
name = "Create Event Publisher Artifact",
description = "Create Event Publisher Artifact",
key = "perm:analytics:artifacts:publisher",
+ roles = {"Internal/devicemgt-user"},
permissions = {"/device-mgt/analytics/artifacts/publisher/add"}),
@Scope(
name = "Delete Publisher Artifact",
description = "Delete Publisher Artifact",
key = "perm:analytics:artifacts:publisher:delete",
+ roles = {"Internal/devicemgt-user"},
permissions = {"/device-mgt/analytics/artifacts/publisher/delete"}),
@Scope(
name = "Create Siddhi Script Artifact",
description = "Create Siddhi Script Artifact",
key = "perm:analytics:artifacts:siddhi",
+ roles = {"Internal/devicemgt-user"},
permissions = {"/device-mgt/analytics/artifacts/siddhi-script/add"}),
@Scope(
name = "Delete Siddhi Script Artifact",
description = "Delete Siddhi Script Artifact",
key = "perm:analytics:artifacts:siddhi:delete",
+ roles = {"Internal/devicemgt-user"},
permissions = {"/device-mgt/analytics/artifacts/siddhi-script/delete"})
}
)
diff --git a/components/device-mgt/org.wso2.carbon.device.mgt.api/src/main/java/org/wso2/carbon/device/mgt/jaxrs/service/api/ConfigurationManagementService.java b/components/device-mgt/org.wso2.carbon.device.mgt.api/src/main/java/org/wso2/carbon/device/mgt/jaxrs/service/api/ConfigurationManagementService.java
index ce744e42bb..fe328f9f8c 100644
--- a/components/device-mgt/org.wso2.carbon.device.mgt.api/src/main/java/org/wso2/carbon/device/mgt/jaxrs/service/api/ConfigurationManagementService.java
+++ b/components/device-mgt/org.wso2.carbon.device.mgt.api/src/main/java/org/wso2/carbon/device/mgt/jaxrs/service/api/ConfigurationManagementService.java
@@ -69,12 +69,14 @@ import javax.ws.rs.core.Response;
name = "View configurations",
description = "",
key = "perm:view-configuration",
+ roles = {"Internal/devicemgt-user"},
permissions = {"/device-mgt/platform-configurations/view"}
),
@Scope(
name = "Manage configurations",
description = "",
key = "perm:manage-configuration",
+ roles = {"Internal/devicemgt-user"},
permissions = {"/device-mgt/platform-configurations/manage"}
)
}
diff --git a/components/device-mgt/org.wso2.carbon.device.mgt.api/src/main/java/org/wso2/carbon/device/mgt/jaxrs/service/api/DeviceAgentService.java b/components/device-mgt/org.wso2.carbon.device.mgt.api/src/main/java/org/wso2/carbon/device/mgt/jaxrs/service/api/DeviceAgentService.java
index 0cf94395f7..467ae522a2 100644
--- a/components/device-mgt/org.wso2.carbon.device.mgt.api/src/main/java/org/wso2/carbon/device/mgt/jaxrs/service/api/DeviceAgentService.java
+++ b/components/device-mgt/org.wso2.carbon.device.mgt.api/src/main/java/org/wso2/carbon/device/mgt/jaxrs/service/api/DeviceAgentService.java
@@ -77,30 +77,35 @@ import java.util.Map;
name = "Enroll Device",
description = "Register a device",
key = "perm:device:enroll",
+ roles = {"Internal/devicemgt-user"},
permissions = {"/device-mgt/devices/owning-device/add"}
),
@Scope(
name = "Modify Device",
description = "Modify a device",
key = "perm:device:modify",
+ roles = {"Internal/devicemgt-user"},
permissions = {"/device-mgt/devices/owning-device/modify"}
),
@Scope(
name = "Disenroll Device",
description = "Disenroll a device",
key = "perm:device:disenroll",
+ roles = {"Internal/devicemgt-user"},
permissions = {"/device-mgt/devices/owning-device/remove"}
),
@Scope(
name = "Publish Event",
description = "publish device event",
key = "perm:device:publish-event",
+ roles = {"Internal/devicemgt-user"},
permissions = {"/device-mgt/devices/owning-device/event"}
),
@Scope(
name = "Getting Device Operation Details",
description = "Getting Device Operation Details",
key = "perm:device:operations",
+ roles = {"Internal/devicemgt-user"},
permissions = {"/device-mgt/devices/owning-device/view"}
)
}
diff --git a/components/device-mgt/org.wso2.carbon.device.mgt.api/src/main/java/org/wso2/carbon/device/mgt/jaxrs/service/api/DeviceEventManagementService.java b/components/device-mgt/org.wso2.carbon.device.mgt.api/src/main/java/org/wso2/carbon/device/mgt/jaxrs/service/api/DeviceEventManagementService.java
index 205f1b8ee2..dbba4be604 100644
--- a/components/device-mgt/org.wso2.carbon.device.mgt.api/src/main/java/org/wso2/carbon/device/mgt/jaxrs/service/api/DeviceEventManagementService.java
+++ b/components/device-mgt/org.wso2.carbon.device.mgt.api/src/main/java/org/wso2/carbon/device/mgt/jaxrs/service/api/DeviceEventManagementService.java
@@ -51,12 +51,14 @@ import javax.ws.rs.core.Response;
name = "Add or Delete Event Definition for device type",
description = "Add or Delete Event Definition for device type",
key = "perm:device-types:events",
+ roles = {"Internal/devicemgt-user"},
permissions = {"/device-mgt/device-type/add"}
),
@Scope(
name = "Get Events Details of a Device Type",
description = "Get Events Details of a Device Type",
key = "perm:device-types:events:view",
+ roles = {"Internal/devicemgt-user"},
permissions = {"/device-mgt/devices/owning-device/view"}
)
}
diff --git a/components/device-mgt/org.wso2.carbon.device.mgt.api/src/main/java/org/wso2/carbon/device/mgt/jaxrs/service/api/DeviceManagementService.java b/components/device-mgt/org.wso2.carbon.device.mgt.api/src/main/java/org/wso2/carbon/device/mgt/jaxrs/service/api/DeviceManagementService.java
index 01145b05ec..de81d28918 100644
--- a/components/device-mgt/org.wso2.carbon.device.mgt.api/src/main/java/org/wso2/carbon/device/mgt/jaxrs/service/api/DeviceManagementService.java
+++ b/components/device-mgt/org.wso2.carbon.device.mgt.api/src/main/java/org/wso2/carbon/device/mgt/jaxrs/service/api/DeviceManagementService.java
@@ -107,66 +107,77 @@ import java.util.List;
name = "Getting Details of Registered Devices",
description = "Getting Details of Registered Devices",
key = "perm:devices:view",
+ roles = {"Internal/devicemgt-user"},
permissions = {"/device-mgt/devices/owning-device/view"}
),
@Scope(
name = "Getting Details of a Device",
description = "Getting Details of a Device",
key = "perm:devices:details",
+ roles = {"Internal/devicemgt-user"},
permissions = {"/device-mgt/devices/owning-device/view"}
),
@Scope(
name = "Update the device specified by device id",
description = "Update the device specified by device id",
key = "perm:devices:update",
+ roles = {"Internal/devicemgt-user"},
permissions = {"/device-mgt/devices/owning-device/view"}
),
@Scope(
name = "Delete the device specified by device id",
description = "Delete the device specified by device id",
key = "perm:devices:delete",
+ roles = {"Internal/devicemgt-user"},
permissions = {"/device-mgt/devices/owning-device/view"}
),
@Scope(
name = "Getting Feature Details of a Device",
description = "Getting Feature Details of a Device",
key = "perm:devices:features",
+ roles = {"Internal/devicemgt-user"},
permissions = {"/device-mgt/devices/owning-device/view"}
),
@Scope(
name = "Advanced Search for Devices",
description = "Advanced Search for Devices",
key = "perm:devices:search",
+ roles = {"Internal/devicemgt-user"},
permissions = {"/device-mgt/devices/owning-device/view"}
),
@Scope(
name = "Getting Installed Application Details of a Device",
description = "Getting Installed Application Details of a Device",
key = "perm:devices:applications",
+ roles = {"Internal/devicemgt-user"},
permissions = {"/device-mgt/devices/owning-device/view"}
),
@Scope(
name = "Getting Device Operation Details",
description = "Getting Device Operation Details",
key = "perm:devices:operations",
+ roles = {"Internal/devicemgt-user"},
permissions = {"/device-mgt/devices/owning-device/view"}
),
@Scope(
name = "Get the details of the policy that is enforced on a device.",
description = "Get the details of the policy that is enforced on a device.",
key = "perm:devices:effective-policy",
+ roles = {"Internal/devicemgt-user"},
permissions = {"/device-mgt/devices/owning-device/view"}
),
@Scope(
name = "Getting Policy Compliance Details of a Device",
description = "Getting Policy Compliance Details of a Device",
key = "perm:devices:compliance-data",
+ roles = {"Internal/devicemgt-user"},
permissions = {"/device-mgt/devices/owning-device/view"}
),
@Scope(
name = "Change device status.",
description = "Change device status.",
key = "perm:devices:change-status",
+ roles = {"Internal/devicemgt-user"},
permissions = {"/device-mgt/devices/change-status"}
),
}
diff --git a/components/device-mgt/org.wso2.carbon.device.mgt.api/src/main/java/org/wso2/carbon/device/mgt/jaxrs/service/api/DeviceTypeManagementService.java b/components/device-mgt/org.wso2.carbon.device.mgt.api/src/main/java/org/wso2/carbon/device/mgt/jaxrs/service/api/DeviceTypeManagementService.java
index c328433596..933ce64517 100644
--- a/components/device-mgt/org.wso2.carbon.device.mgt.api/src/main/java/org/wso2/carbon/device/mgt/jaxrs/service/api/DeviceTypeManagementService.java
+++ b/components/device-mgt/org.wso2.carbon.device.mgt.api/src/main/java/org/wso2/carbon/device/mgt/jaxrs/service/api/DeviceTypeManagementService.java
@@ -87,24 +87,28 @@ import javax.ws.rs.core.Response;
name = "Getting the Supported Device Platforms",
description = "Getting the Supported Device Platforms",
key = "perm:device-types:types",
+ roles = {"Internal/devicemgt-user"},
permissions = {"/device-mgt/device-type/view"}
),
@Scope(
name = "Get Feature Details of a Device Type",
description = "Get Feature Details of a Device Type",
key = "perm:device-types:features",
+ roles = {"Internal/devicemgt-user"},
permissions = {"/device-mgt/device-type/features/view"}
),
@Scope(
name = "Get Config Details of a Device Type",
description = "Get Config Details of a Device Type",
key = "perm:device-types:configs",
+ roles = {"Internal/devicemgt-user"},
permissions = {"/device-mgt/device-type/config/view"}
),
@Scope(
name = "Getting Details of Policies",
description = "Getting Details of Policies",
key = "perm:policies:get-details",
+ roles = {"Internal/devicemgt-user"},
permissions = {"/device-mgt/policies/view"}
)
}
diff --git a/components/device-mgt/org.wso2.carbon.device.mgt.api/src/main/java/org/wso2/carbon/device/mgt/jaxrs/service/api/GeoLocationBasedService.java b/components/device-mgt/org.wso2.carbon.device.mgt.api/src/main/java/org/wso2/carbon/device/mgt/jaxrs/service/api/GeoLocationBasedService.java
index a0cd0854c4..75fb07ef87 100644
--- a/components/device-mgt/org.wso2.carbon.device.mgt.api/src/main/java/org/wso2/carbon/device/mgt/jaxrs/service/api/GeoLocationBasedService.java
+++ b/components/device-mgt/org.wso2.carbon.device.mgt.api/src/main/java/org/wso2/carbon/device/mgt/jaxrs/service/api/GeoLocationBasedService.java
@@ -73,18 +73,21 @@ import java.util.List;
name = "View Analytics",
description = "",
key = "perm:geo-service:analytics-view",
+ roles = {"Internal/devicemgt-user"},
permissions = {"/device-mgt/devices/owning-device/view-analytics"}
),
@Scope(
name = "Manage Alerts",
description = "",
key = "perm:geo-service:alerts-manage",
+ roles = {"Internal/devicemgt-user"},
permissions = {"/device-mgt/devices/owning-device/manage-alerts"}
),
@Scope(
name = "Manage Geo Fences",
description = "",
key = "perm:geo-service:geo-fence",
+ roles = {"Internal/devicemgt-user"},
permissions = {"/device-mgt/devices/owning-device/manage-geo-fence"}
)
}
diff --git a/components/device-mgt/org.wso2.carbon.device.mgt.api/src/main/java/org/wso2/carbon/device/mgt/jaxrs/service/api/GroupManagementService.java b/components/device-mgt/org.wso2.carbon.device.mgt.api/src/main/java/org/wso2/carbon/device/mgt/jaxrs/service/api/GroupManagementService.java
index f61d212493..fc2bfadc56 100644
--- a/components/device-mgt/org.wso2.carbon.device.mgt.api/src/main/java/org/wso2/carbon/device/mgt/jaxrs/service/api/GroupManagementService.java
+++ b/components/device-mgt/org.wso2.carbon.device.mgt.api/src/main/java/org/wso2/carbon/device/mgt/jaxrs/service/api/GroupManagementService.java
@@ -82,84 +82,98 @@ import java.util.List;
name = "Get the list of groups belongs to current user.",
description = "Get the list of groups belongs to current user.",
key = "perm:groups:groups",
+ roles = {"Internal/devicemgt-user"},
permissions = {"/device-mgt/groups/view"}
),
@Scope(
name = "Get the count of groups belongs to current user.",
description = "Get the count of groups belongs to current user.",
key = "perm:groups:count",
+ roles = {"Internal/devicemgt-user"},
permissions = {"/device-mgt/groups/view"}
),
@Scope(
name = "Add new device group to the system.",
description = "Add new device group to the system.",
key = "perm:groups:add",
+ roles = {"Internal/devicemgt-user"},
permissions = {"/device-mgt/groups/add"}
),
@Scope(
name = "View group specified",
description = "View group specified",
key = "perm:groups:groups-view",
+ roles = {"Internal/devicemgt-user"},
permissions = {"/device-mgt/groups/view"}
),
@Scope(
name = "Update a group",
description = "Update a group",
key = "perm:groups:update",
+ roles = {"Internal/devicemgt-user"},
permissions = {"/device-mgt/groups/update"}
),
@Scope(
name = "Delete a group",
description = "Delete a group",
key = "perm:groups:remove",
+ roles = {"Internal/devicemgt-user"},
permissions = {"/device-mgt/groups/remove"}
),
@Scope(
name = "Manage group sharing with a user",
description = "Manage group sharing with a user",
key = "perm:groups:share",
+ roles = {"Internal/devicemgt-user"},
permissions = {"/device-mgt/groups/share"}
),
@Scope(
name = "View list of roles of a device group",
description = "View list of roles of a device group",
key = "perm:groups:roles",
+ roles = {"Internal/devicemgt-user"},
permissions = {"/device-mgt/groups/roles/view"}
),
@Scope(
name = "View list of devices in the device group",
description = "View list of devices in the device group",
key = "perm:groups:devices",
+ roles = {"Internal/devicemgt-user"},
permissions = {"/device-mgt/groups/devices/view"}
),
@Scope(
name = "View list of device count in the device group",
description = "View list of device count in the device group",
key = "perm:groups:devices-count",
+ roles = {"Internal/devicemgt-user"},
permissions = {"/device-mgt/groups/devices/view"}
),
@Scope(
name = "Add devices to group",
description = "Add devices to group",
key = "perm:groups:devices-add",
+ roles = {"Internal/devicemgt-user"},
permissions = {"/device-mgt/groups/devices/add"}
),
@Scope(
name = "Remove devices from group",
description = "Remove devices from group",
key = "perm:groups:devices-remove",
+ roles = {"Internal/devicemgt-user"},
permissions = {"/device-mgt/groups/devices/remove"}
),
@Scope(
name = "Assign devices to groups",
description = "Assign devices to groups",
key = "perm:groups:assign",
+ roles = {"Internal/devicemgt-user"},
permissions = {"/device-mgt/groups/devices/add"}
),
@Scope(
name = "List of groups that have the device",
description = "List of groups that have the device",
key = "perm:groups:device",
+ roles = {"Internal/devicemgt-user"},
permissions = {"/device-mgt/groups/devices/view"}
)
}
diff --git a/components/device-mgt/org.wso2.carbon.device.mgt.api/src/main/java/org/wso2/carbon/device/mgt/jaxrs/service/api/MetadataService.java b/components/device-mgt/org.wso2.carbon.device.mgt.api/src/main/java/org/wso2/carbon/device/mgt/jaxrs/service/api/MetadataService.java
index 3a22364ed5..446944729b 100644
--- a/components/device-mgt/org.wso2.carbon.device.mgt.api/src/main/java/org/wso2/carbon/device/mgt/jaxrs/service/api/MetadataService.java
+++ b/components/device-mgt/org.wso2.carbon.device.mgt.api/src/main/java/org/wso2/carbon/device/mgt/jaxrs/service/api/MetadataService.java
@@ -73,24 +73,28 @@ import javax.ws.rs.core.Response;
name = "View metadata records",
description = "View metadata records",
key = "perm:metadata:view",
+ roles = {"Internal/devicemgt-user"},
permissions = {"/device-mgt/metadata/view"}
),
@Scope(
name = "Create a metadata record",
description = "Create a metadata record",
key = "perm:metadata:create",
+ roles = {"Internal/devicemgt-user"},
permissions = {"/device-mgt/metadata/create"}
),
@Scope(
name = "Update a metadata record",
description = "Updating a specified metadata record",
key = "perm:metadata:update",
+ roles = {"Internal/devicemgt-user"},
permissions = {"/device-mgt/metadata/update"}
),
@Scope(
name = "Delete a metadata record",
description = "Delete a specified metadata record",
key = "perm:metadata:remove",
+ roles = {"Internal/devicemgt-user"},
permissions = {"/device-mgt/metadata/remove"}
)
}
diff --git a/components/device-mgt/org.wso2.carbon.device.mgt.api/src/main/java/org/wso2/carbon/device/mgt/jaxrs/service/api/NotificationManagementService.java b/components/device-mgt/org.wso2.carbon.device.mgt.api/src/main/java/org/wso2/carbon/device/mgt/jaxrs/service/api/NotificationManagementService.java
index 71d173c11f..7de2265e59 100644
--- a/components/device-mgt/org.wso2.carbon.device.mgt.api/src/main/java/org/wso2/carbon/device/mgt/jaxrs/service/api/NotificationManagementService.java
+++ b/components/device-mgt/org.wso2.carbon.device.mgt.api/src/main/java/org/wso2/carbon/device/mgt/jaxrs/service/api/NotificationManagementService.java
@@ -73,12 +73,14 @@ import javax.ws.rs.core.Response;
name = "Getting All Device Notification Details",
description = "Getting All Device Notification Details",
key = "perm:notifications:view",
+ roles = {"Internal/devicemgt-user"},
permissions = {"/device-mgt/notifications/view"}
),
@Scope(
name = "Updating the Device Notification Status",
description = "Updating the Device Notification Status",
key = "perm:notifications:mark-checked",
+ roles = {"Internal/devicemgt-user"},
permissions = {"/device-mgt/notifications/view"}
)
}
diff --git a/components/device-mgt/org.wso2.carbon.device.mgt.api/src/main/java/org/wso2/carbon/device/mgt/jaxrs/service/api/PolicyManagementService.java b/components/device-mgt/org.wso2.carbon.device.mgt.api/src/main/java/org/wso2/carbon/device/mgt/jaxrs/service/api/PolicyManagementService.java
index 607a4a8ef0..a84d4e7f03 100644
--- a/components/device-mgt/org.wso2.carbon.device.mgt.api/src/main/java/org/wso2/carbon/device/mgt/jaxrs/service/api/PolicyManagementService.java
+++ b/components/device-mgt/org.wso2.carbon.device.mgt.api/src/main/java/org/wso2/carbon/device/mgt/jaxrs/service/api/PolicyManagementService.java
@@ -79,60 +79,70 @@ import java.util.List;
name = "Adding a Policy",
description = "Adding a Policy",
key = "perm:policies:manage",
+ roles = {"Internal/devicemgt-user"},
permissions = {"/device-mgt/policies/manage"}
),
@Scope(
name = "Getting Details of Policies",
description = "Getting Details of Policies",
key = "perm:policies:get-details",
+ roles = {"Internal/devicemgt-user"},
permissions = {"/device-mgt/policies/view"}
),
@Scope(
name = "Getting Details of a Policy",
description = "Getting Details of a Policy",
key = "perm:policies:get-policy-details",
+ roles = {"Internal/devicemgt-user"},
permissions = {"/device-mgt/policies/view"}
),
@Scope(
name = "Updating a Policy",
description = "Updating a Policy",
key = "perm:policies:update",
+ roles = {"Internal/devicemgt-user"},
permissions = {"/device-mgt/policies/manage"}
),
@Scope(
name = "Removing Multiple Policies",
description = "Removing Multiple Policies",
key = "perm:policies:remove",
+ roles = {"Internal/devicemgt-user"},
permissions = {"/device-mgt/policies/manage"}
),
@Scope(
name = "Activating Policies",
description = "Activating Policies",
key = "perm:policies:activate",
+ roles = {"Internal/devicemgt-user"},
permissions = {"/device-mgt/policies/manage"}
),
@Scope(
name = "Deactivating Policies",
description = "Deactivating Policies",
key = "perm:policies:deactivate",
+ roles = {"Internal/devicemgt-user"},
permissions = {"/device-mgt/policies/manage"}
),
@Scope(
name = "Applying Changes on Policies",
description = "Applying Changes on Policies",
key = "perm:policies:changes",
+ roles = {"Internal/devicemgt-user"},
permissions = {"/device-mgt/policies/manage"}
),
@Scope(
name = "Updating the Policy Priorities",
description = "Updating the Policy Priorities",
key = "perm:policies:priorities",
+ roles = {"Internal/devicemgt-user"},
permissions = {"/device-mgt/policies/manage"}
),
@Scope(
name = "Fetching the Effective Policy",
description = "Fetching the Effective Policy",
key = "perm:policies:effective-policy",
+ roles = {"Internal/devicemgt-user"},
permissions = {"/device-mgt/policies/view"}
)
}
diff --git a/components/device-mgt/org.wso2.carbon.device.mgt.api/src/main/java/org/wso2/carbon/device/mgt/jaxrs/service/api/RemoteSessionService.java b/components/device-mgt/org.wso2.carbon.device.mgt.api/src/main/java/org/wso2/carbon/device/mgt/jaxrs/service/api/RemoteSessionService.java
index 9717ce1c27..010e7ffeca 100644
--- a/components/device-mgt/org.wso2.carbon.device.mgt.api/src/main/java/org/wso2/carbon/device/mgt/jaxrs/service/api/RemoteSessionService.java
+++ b/components/device-mgt/org.wso2.carbon.device.mgt.api/src/main/java/org/wso2/carbon/device/mgt/jaxrs/service/api/RemoteSessionService.java
@@ -61,6 +61,7 @@ import javax.ws.rs.core.Response;
name = "Remote Session Connection",
description = "",
key = "perm:remote-session-service:connect",
+ roles = {"Internal/devicemgt-user"},
permissions = {"/device-mgt/devices/owning-device/remote-session"}
)
}
diff --git a/components/device-mgt/org.wso2.carbon.device.mgt.api/src/main/java/org/wso2/carbon/device/mgt/jaxrs/service/api/ReportManagementService.java b/components/device-mgt/org.wso2.carbon.device.mgt.api/src/main/java/org/wso2/carbon/device/mgt/jaxrs/service/api/ReportManagementService.java
index 3f1f88a6c6..00929b71b0 100644
--- a/components/device-mgt/org.wso2.carbon.device.mgt.api/src/main/java/org/wso2/carbon/device/mgt/jaxrs/service/api/ReportManagementService.java
+++ b/components/device-mgt/org.wso2.carbon.device.mgt.api/src/main/java/org/wso2/carbon/device/mgt/jaxrs/service/api/ReportManagementService.java
@@ -66,6 +66,7 @@ import java.util.List;
name = "Getting Details of Registered Devices",
description = "Getting Details of Registered Devices",
key = "perm:devices:view",
+ roles = {"Internal/devicemgt-user"},
permissions = {"/device-mgt/devices/owning-device/view"}
),
}
diff --git a/components/device-mgt/org.wso2.carbon.device.mgt.api/src/main/java/org/wso2/carbon/device/mgt/jaxrs/service/api/RoleManagementService.java b/components/device-mgt/org.wso2.carbon.device.mgt.api/src/main/java/org/wso2/carbon/device/mgt/jaxrs/service/api/RoleManagementService.java
index ebc4c49984..d0e8f0d201 100644
--- a/components/device-mgt/org.wso2.carbon.device.mgt.api/src/main/java/org/wso2/carbon/device/mgt/jaxrs/service/api/RoleManagementService.java
+++ b/components/device-mgt/org.wso2.carbon.device.mgt.api/src/main/java/org/wso2/carbon/device/mgt/jaxrs/service/api/RoleManagementService.java
@@ -53,48 +53,56 @@ import java.util.List;
name = "Getting the List of Roles",
description = "Getting the List of Roles",
key = "perm:roles:view",
+ roles = {"Internal/devicemgt-user"},
permissions = {"/device-mgt/roles/view"}
),
@Scope(
name = "Getting Permission Details of a Role",
description = "Getting Permission Details of a Role",
key = "perm:roles:permissions",
+ roles = {"Internal/devicemgt-user"},
permissions = {"/device-mgt/roles/view"}
),
@Scope(
name = "Getting the List of Roles",
description = "Getting the List of Roles",
key = "perm:roles:details",
+ roles = {"Internal/devicemgt-user"},
permissions = {"/device-mgt/roles/view"}
),
@Scope(
name = "Adding a Role",
description = "Adding a Role",
key = "perm:roles:add",
+ roles = {"Internal/devicemgt-user"},
permissions = {"/device-mgt/roles/manage"}
),
@Scope(
name = "Adding a combined Role",
description = "Adding a combined Role",
key = "perm:roles:create-combined-role",
+ roles = {"Internal/devicemgt-user"},
permissions = {"/device-mgt/roles/manage"}
),
@Scope(
name = "Updating Role Details",
description = "Updating Role Details",
key = "perm:roles:update",
+ roles = {"Internal/devicemgt-user"},
permissions = {"/device-mgt/roles/manage"}
),
@Scope(
name = "Deleting a Role",
description = "Deleting a Role",
key = "perm:roles:delete",
+ roles = {"Internal/devicemgt-user"},
permissions = {"/device-mgt/roles/manage"}
),
@Scope(
name = "Adding Users to a Role",
description = "Adding Users to a Role",
key = "perm:roles:add-users",
+ roles = {"Internal/devicemgt-user"},
permissions = {"/device-mgt/roles/manage"}
)
}
diff --git a/components/device-mgt/org.wso2.carbon.device.mgt.api/src/main/java/org/wso2/carbon/device/mgt/jaxrs/service/api/UserManagementService.java b/components/device-mgt/org.wso2.carbon.device.mgt.api/src/main/java/org/wso2/carbon/device/mgt/jaxrs/service/api/UserManagementService.java
index 5e580f6a06..f27d740099 100644
--- a/components/device-mgt/org.wso2.carbon.device.mgt.api/src/main/java/org/wso2/carbon/device/mgt/jaxrs/service/api/UserManagementService.java
+++ b/components/device-mgt/org.wso2.carbon.device.mgt.api/src/main/java/org/wso2/carbon/device/mgt/jaxrs/service/api/UserManagementService.java
@@ -97,78 +97,91 @@ import javax.ws.rs.core.Response;
name = "Adding a User",
description = "Adding a User",
key = "perm:users:add",
+ roles = {"Internal/devicemgt-user"},
permissions = {"/device-mgt/users/manage"}
),
@Scope(
name = "Getting Details of a User",
description = "Getting Details of a User",
key = "perm:users:details",
+ roles = {"Internal/devicemgt-user"},
permissions = {"/device-mgt/users/view"}
),
@Scope(
name = "Updating Details of a User",
description = "Updating Details of a User",
key = "perm:users:update",
+ roles = {"Internal/devicemgt-user"},
permissions = {"/device-mgt/users/manage"}
),
@Scope(
name = "Deleting a User",
description = "Deleting a User",
key = "perm:users:delete",
+ roles = {"Internal/devicemgt-user"},
permissions = {"/device-mgt/users/manage"}
),
@Scope(
name = "Getting the Role Details of a User",
description = "Getting the Role Details of a User",
key = "perm:users:roles",
+ roles = {"Internal/devicemgt-user"},
permissions = {"/device-mgt/users/view"}
),
@Scope(
name = "Getting Details of Users",
description = "Getting Details of Users",
key = "perm:users:user-details",
+ roles = {"Internal/devicemgt-user"},
permissions = {"/device-mgt/users/view"}
),
@Scope(
name = "Getting the User Count",
description = "Getting the User Count",
key = "perm:users:count",
+ roles = {"Internal/devicemgt-user"},
permissions = {"/device-mgt/users/view"}
),
@Scope(
name = "Getting the User existence status",
description = "Getting the User existence status",
key = "perm:users:is-exist",
+ roles = {"Internal/devicemgt-user"},
permissions = {"/device-mgt/users/view"}
),
@Scope(
name = "Searching for a User Name",
description = "Searching for a User Name",
key = "perm:users:search",
+ roles = {"Internal/devicemgt-user"},
permissions = {"/device-mgt/users/view"}
),
@Scope(
name = "Changing the User Password",
description = "Adding a User",
key = "perm:users:credentials",
+ roles = {"Internal/devicemgt-user"},
permissions = {"/login"}
),
@Scope(
name = "Sending Enrollment Invitations to Users",
description = "Sending Enrollment Invitations to Users",
key = "perm:users:send-invitation",
+ roles = {"Internal/devicemgt-user"},
permissions = {"/device-mgt/users/manage"}
),
@Scope(
name = "Get activities",
description = "Get activities",
key = "perm:get-activity",
+ roles = {"Internal/devicemgt-user"},
permissions = {"/device-mgt/devices/owning-device/view"}
),
@Scope(
name = "Getting the Permissions of the User",
description = "Getting the Permissions of the User",
key = "perm:user:permission-view",
+ roles = {"Internal/devicemgt-user"},
permissions = {"/login"}
)
}
diff --git a/components/device-mgt/org.wso2.carbon.device.mgt.api/src/main/java/org/wso2/carbon/device/mgt/jaxrs/service/api/admin/ApplicationManagementAdminService.java b/components/device-mgt/org.wso2.carbon.device.mgt.api/src/main/java/org/wso2/carbon/device/mgt/jaxrs/service/api/admin/ApplicationManagementAdminService.java
index 92c42bfb3b..f87d256ef5 100644
--- a/components/device-mgt/org.wso2.carbon.device.mgt.api/src/main/java/org/wso2/carbon/device/mgt/jaxrs/service/api/admin/ApplicationManagementAdminService.java
+++ b/components/device-mgt/org.wso2.carbon.device.mgt.api/src/main/java/org/wso2/carbon/device/mgt/jaxrs/service/api/admin/ApplicationManagementAdminService.java
@@ -67,12 +67,14 @@ import javax.ws.rs.core.Response;
name = "Installing an Application (Internal API)",
description = "Installing an Application (Internal API)",
key = "perm:applications:install",
+ roles = {"Internal/devicemgt-admin"},
permissions = {"/device-mgt/applications/manage"}
),
@Scope(
name = "Uninstalling an Application (Internal API)",
description = "Uninstalling an Application (Internal API)",
key = "perm:applications:uninstall",
+ roles = {"Internal/devicemgt-admin"},
permissions = {"/device-mgt/applications/manage"}
)
}
diff --git a/components/device-mgt/org.wso2.carbon.device.mgt.api/src/main/java/org/wso2/carbon/device/mgt/jaxrs/service/api/admin/DeviceAccessAuthorizationAdminService.java b/components/device-mgt/org.wso2.carbon.device.mgt.api/src/main/java/org/wso2/carbon/device/mgt/jaxrs/service/api/admin/DeviceAccessAuthorizationAdminService.java
index 6a4b12d72e..45a8fe606b 100644
--- a/components/device-mgt/org.wso2.carbon.device.mgt.api/src/main/java/org/wso2/carbon/device/mgt/jaxrs/service/api/admin/DeviceAccessAuthorizationAdminService.java
+++ b/components/device-mgt/org.wso2.carbon.device.mgt.api/src/main/java/org/wso2/carbon/device/mgt/jaxrs/service/api/admin/DeviceAccessAuthorizationAdminService.java
@@ -67,6 +67,7 @@ import javax.ws.rs.core.Response;
name = "Verify device authorization",
description = "Verify device authorization",
key = "perm:authorization:verify",
+ roles = {"Internal/devicemgt-admin"},
permissions = {"/device-mgt/authorization/verify"}
)
}
diff --git a/components/device-mgt/org.wso2.carbon.device.mgt.api/src/main/java/org/wso2/carbon/device/mgt/jaxrs/service/api/admin/DeviceAnalyticsArtifactUploaderAdminService.java b/components/device-mgt/org.wso2.carbon.device.mgt.api/src/main/java/org/wso2/carbon/device/mgt/jaxrs/service/api/admin/DeviceAnalyticsArtifactUploaderAdminService.java
index 94220ef8cd..0deeafb2b5 100644
--- a/components/device-mgt/org.wso2.carbon.device.mgt.api/src/main/java/org/wso2/carbon/device/mgt/jaxrs/service/api/admin/DeviceAnalyticsArtifactUploaderAdminService.java
+++ b/components/device-mgt/org.wso2.carbon.device.mgt.api/src/main/java/org/wso2/carbon/device/mgt/jaxrs/service/api/admin/DeviceAnalyticsArtifactUploaderAdminService.java
@@ -57,6 +57,7 @@ import javax.ws.rs.core.Response;
name = "Devicetype deployment",
description = "Deploy devicetype",
key = "perm:devicetype:deployment",
+ roles = {"Internal/devicemgt-admin"},
permissions = {"/device-mgt/devicetype/deploy"}
)
}
diff --git a/components/device-mgt/org.wso2.carbon.device.mgt.api/src/main/java/org/wso2/carbon/device/mgt/jaxrs/service/api/admin/DeviceManagementAdminService.java b/components/device-mgt/org.wso2.carbon.device.mgt.api/src/main/java/org/wso2/carbon/device/mgt/jaxrs/service/api/admin/DeviceManagementAdminService.java
index a5d8adf59c..3079dd4ad3 100644
--- a/components/device-mgt/org.wso2.carbon.device.mgt.api/src/main/java/org/wso2/carbon/device/mgt/jaxrs/service/api/admin/DeviceManagementAdminService.java
+++ b/components/device-mgt/org.wso2.carbon.device.mgt.api/src/main/java/org/wso2/carbon/device/mgt/jaxrs/service/api/admin/DeviceManagementAdminService.java
@@ -94,18 +94,21 @@ import java.util.List;
name = "Getting Details of a Device",
description = "Getting Details of a Device",
key = "perm:admin:devices:view",
+ roles = {"Internal/devicemgt-admin"},
permissions = {"/device-mgt/devices/owning-device/view"}
),
@Scope(
name = "Update the Device Owner",
description = "Update the ownership of the device",
key = "perm:admin:devices:update-enrollment",
+ roles = {"Internal/devicemgt-admin"},
permissions = {"/device-mgt/admin/devices/update-enrollment"}
),
@Scope(
name = "Permanently Delete the device specified by device id",
description = "Permanently Delete the device specified by device id",
key = "perm:devices:permanent-delete",
+ roles = {"Internal/devicemgt-admin"},
permissions = {"/device-mgt/admin/devices/permanent-delete"}
)
}
diff --git a/components/device-mgt/org.wso2.carbon.device.mgt.api/src/main/java/org/wso2/carbon/device/mgt/jaxrs/service/api/admin/DeviceTypeManagementAdminService.java b/components/device-mgt/org.wso2.carbon.device.mgt.api/src/main/java/org/wso2/carbon/device/mgt/jaxrs/service/api/admin/DeviceTypeManagementAdminService.java
index 899f84ec70..4449f1e60d 100644
--- a/components/device-mgt/org.wso2.carbon.device.mgt.api/src/main/java/org/wso2/carbon/device/mgt/jaxrs/service/api/admin/DeviceTypeManagementAdminService.java
+++ b/components/device-mgt/org.wso2.carbon.device.mgt.api/src/main/java/org/wso2/carbon/device/mgt/jaxrs/service/api/admin/DeviceTypeManagementAdminService.java
@@ -92,18 +92,21 @@ import javax.ws.rs.core.Response;
name = "Manage a Device Type",
description = "Add, Edit or View a Device Type",
key = "perm:admin:device-type",
+ roles = {"Internal/devicemgt-admin"},
permissions = {"/device-mgt/admin/device-type"}
),
@Scope(
name = "Getting Details of a Device Type",
description = "Getting Details of a Device Type",
key = "perm:admin:device-type:view",
+ roles = {"Internal/devicemgt-admin"},
permissions = {"/device-mgt/admin/device-type/view"}
),
@Scope(
name = "Add Device Type Config",
description = "Add Platform Config of a Device Type",
key = "perm:admin:device-type:configs",
+ roles = {"Internal/devicemgt-admin"},
permissions = {"/device-mgt/admin/device-type/config"}
)
}
diff --git a/components/device-mgt/org.wso2.carbon.device.mgt.api/src/main/java/org/wso2/carbon/device/mgt/jaxrs/service/api/admin/GroupManagementAdminService.java b/components/device-mgt/org.wso2.carbon.device.mgt.api/src/main/java/org/wso2/carbon/device/mgt/jaxrs/service/api/admin/GroupManagementAdminService.java
index f631b1dc51..e430611e90 100644
--- a/components/device-mgt/org.wso2.carbon.device.mgt.api/src/main/java/org/wso2/carbon/device/mgt/jaxrs/service/api/admin/GroupManagementAdminService.java
+++ b/components/device-mgt/org.wso2.carbon.device.mgt.api/src/main/java/org/wso2/carbon/device/mgt/jaxrs/service/api/admin/GroupManagementAdminService.java
@@ -70,18 +70,21 @@ import javax.ws.rs.core.Response;
name = "View groups",
description = "",
key = "perm:admin-groups:view",
+ roles = {"Internal/devicemgt-admin"},
permissions = {"/device-mgt/admin/groups/view"}
),
@Scope(
name = "Count groups",
description = "",
key = "perm:admin-groups:count",
+ roles = {"Internal/devicemgt-admin"},
permissions = {"/device-mgt/admin/groups/view"}
),
@Scope(
name = "Add groups",
description = "",
key = "perm:admin-groups:add",
+ roles = {"Internal/devicemgt-admin"},
permissions = {"/device-mgt/admin/groups/add"}
)
}
diff --git a/components/device-mgt/org.wso2.carbon.device.mgt.api/src/main/java/org/wso2/carbon/device/mgt/jaxrs/service/api/admin/UserManagementAdminService.java b/components/device-mgt/org.wso2.carbon.device.mgt.api/src/main/java/org/wso2/carbon/device/mgt/jaxrs/service/api/admin/UserManagementAdminService.java
index bbe64367c4..29260f31e0 100644
--- a/components/device-mgt/org.wso2.carbon.device.mgt.api/src/main/java/org/wso2/carbon/device/mgt/jaxrs/service/api/admin/UserManagementAdminService.java
+++ b/components/device-mgt/org.wso2.carbon.device.mgt.api/src/main/java/org/wso2/carbon/device/mgt/jaxrs/service/api/admin/UserManagementAdminService.java
@@ -53,12 +53,14 @@ import javax.ws.rs.core.Response;
name = "View Users",
description = "View Users",
key = "perm:admin-users:view",
+ roles = {"Internal/devicemgt-admin"},
permissions = {"/device-mgt/users/manage"}
),
@Scope(
name = "Delete Users Device Information",
description = "Delete users device details",
key = "perm:admin-users:remove",
+ roles = {"Internal/devicemgt-admin"},
permissions = {"/device-mgt/users/manage"}
)
}
diff --git a/components/device-mgt/org.wso2.carbon.device.mgt.api/src/main/java/org/wso2/carbon/device/mgt/jaxrs/util/DeviceMgtAPIUtils.java b/components/device-mgt/org.wso2.carbon.device.mgt.api/src/main/java/org/wso2/carbon/device/mgt/jaxrs/util/DeviceMgtAPIUtils.java
index 49a734cdee..4f45ea3980 100644
--- a/components/device-mgt/org.wso2.carbon.device.mgt.api/src/main/java/org/wso2/carbon/device/mgt/jaxrs/util/DeviceMgtAPIUtils.java
+++ b/components/device-mgt/org.wso2.carbon.device.mgt.api/src/main/java/org/wso2/carbon/device/mgt/jaxrs/util/DeviceMgtAPIUtils.java
@@ -74,7 +74,6 @@ import org.wso2.carbon.device.mgt.common.group.mgt.GroupManagementException;
import org.wso2.carbon.device.mgt.common.metadata.mgt.MetadataManagementService;
import org.wso2.carbon.device.mgt.common.notification.mgt.NotificationManagementService;
import org.wso2.carbon.device.mgt.common.operation.mgt.Operation;
-import org.wso2.carbon.device.mgt.common.permission.mgt.PermissionManagerService;
import org.wso2.carbon.device.mgt.common.report.mgt.ReportManagementService;
import org.wso2.carbon.device.mgt.common.spi.DeviceTypeGeneratorService;
import org.wso2.carbon.device.mgt.common.spi.OTPManagementService;
@@ -549,16 +548,6 @@ public class DeviceMgtAPIUtils {
return searchManagerService;
}
- public static PermissionManagerService getPermissionManagerService() {
- PrivilegedCarbonContext ctx = PrivilegedCarbonContext.getThreadLocalCarbonContext();
- PermissionManagerService PermissionManagerService =
- (PermissionManagerService) ctx.getOSGiService(PermissionManagerService.class, null);
- if (PermissionManagerService == null) {
- throw new IllegalStateException("Permission manager service is not initialized.");
- }
- return PermissionManagerService;
- }
-
public static GeoLocationProviderService getGeoService() {
PrivilegedCarbonContext ctx = PrivilegedCarbonContext.getThreadLocalCarbonContext();
GeoLocationProviderService
diff --git a/components/device-mgt/org.wso2.carbon.device.mgt.common/src/main/java/org/wso2/carbon/device/mgt/common/permission/mgt/Permission.java b/components/device-mgt/org.wso2.carbon.device.mgt.common/src/main/java/org/wso2/carbon/device/mgt/common/permission/mgt/Permission.java
index ff194a7b86..241d8039e3 100644
--- a/components/device-mgt/org.wso2.carbon.device.mgt.common/src/main/java/org/wso2/carbon/device/mgt/common/permission/mgt/Permission.java
+++ b/components/device-mgt/org.wso2.carbon.device.mgt.common/src/main/java/org/wso2/carbon/device/mgt/common/permission/mgt/Permission.java
@@ -18,9 +18,6 @@
package org.wso2.carbon.device.mgt.common.permission.mgt;
-import javax.xml.bind.annotation.XmlElement;
-import javax.xml.bind.annotation.XmlRootElement;
-
/**
* This class represents the information related to permission.
*/
@@ -30,6 +27,7 @@ public class Permission {
private String path; // permission string
private String url; // url of the resource
private String method; // http method
+ private String urlPattern;
public String getUrl() {
return url;
@@ -62,4 +60,12 @@ public class Permission {
public void setPath(String path) {
this.path = path;
}
+
+ public String getUrlPattern() {
+ return urlPattern;
+ }
+
+ public void setUrlPattern(String urlPattern) {
+ this.urlPattern = urlPattern;
+ }
}
diff --git a/components/device-mgt/org.wso2.carbon.device.mgt.common/src/main/java/org/wso2/carbon/device/mgt/common/permission/mgt/PermissionManagerService.java b/components/device-mgt/org.wso2.carbon.device.mgt.common/src/main/java/org/wso2/carbon/device/mgt/common/permission/mgt/PermissionManagerService.java
index 68b81a9de4..2c765c6824 100644
--- a/components/device-mgt/org.wso2.carbon.device.mgt.common/src/main/java/org/wso2/carbon/device/mgt/common/permission/mgt/PermissionManagerService.java
+++ b/components/device-mgt/org.wso2.carbon.device.mgt.common/src/main/java/org/wso2/carbon/device/mgt/common/permission/mgt/PermissionManagerService.java
@@ -18,7 +18,7 @@
package org.wso2.carbon.device.mgt.common.permission.mgt;
-import java.util.Properties;
+import java.util.List;
/**
* This represents the Permission management functionality which should be implemented by
@@ -26,22 +26,8 @@ import java.util.Properties;
*/
public interface PermissionManagerService {
- /**
- * Adds a permission.
- *
- * @param permission - Permission to be added
- * @return A boolean indicating the status of the operation.
- * @throws PermissionManagementException If some unusual behaviour is observed while adding the permission.
- */
- boolean addPermission(Permission permission) throws PermissionManagementException;
+ boolean addPermission(String context, List permissions) throws PermissionManagementException;
- /**
- * Fetches a given permission.
- *
- * @param properties - Properties of the permission to be fetched.
- * @return The matched Permission object.
- * @throws PermissionManagementException If some unusual behaviour is observed while fetching the permission.
- */
- Permission getPermission(Properties properties) throws PermissionManagementException;
+ List getPermission(String context) throws PermissionManagementException;
}
diff --git a/components/device-mgt/org.wso2.carbon.device.mgt.core/src/main/java/org/wso2/carbon/device/mgt/core/DeviceManagementConstants.java b/components/device-mgt/org.wso2.carbon.device.mgt.core/src/main/java/org/wso2/carbon/device/mgt/core/DeviceManagementConstants.java
index f29afccfcf..1d0f581451 100644
--- a/components/device-mgt/org.wso2.carbon.device.mgt.core/src/main/java/org/wso2/carbon/device/mgt/core/DeviceManagementConstants.java
+++ b/components/device-mgt/org.wso2.carbon.device.mgt.core/src/main/java/org/wso2/carbon/device/mgt/core/DeviceManagementConstants.java
@@ -42,6 +42,7 @@ public final class DeviceManagementConstants {
public static final String DM_CACHE_MANAGER = "DM_CACHE_MANAGER";
public static final String DEVICE_CACHE = "DEVICE_CACHE";
+ public static final String API_RESOURCE_PERMISSION_CACHE = "API_RESOURCE_CACHE_CACHE";
public static final String GEOFENCE_CACHE = "GEOFENCE_CACHE";
public static final String ENROLLMENT_NOTIFICATION_API_ENDPOINT = "/api/device-mgt/enrollment-notification";
public static final String URL_SEPERATOR = "/";
diff --git a/components/device-mgt/org.wso2.carbon.device.mgt.core/src/main/java/org/wso2/carbon/device/mgt/core/cache/APIResourcePermissionCacheKey.java b/components/device-mgt/org.wso2.carbon.device.mgt.core/src/main/java/org/wso2/carbon/device/mgt/core/cache/APIResourcePermissionCacheKey.java
new file mode 100644
index 0000000000..2db061a6d0
--- /dev/null
+++ b/components/device-mgt/org.wso2.carbon.device.mgt.core/src/main/java/org/wso2/carbon/device/mgt/core/cache/APIResourcePermissionCacheKey.java
@@ -0,0 +1,64 @@
+/*
+ * Copyright (c) 2021, WSO2 Inc. (http://www.wso2.org) All Rights Reserved.
+ *
+ * WSO2 Inc. licenses this file to you under the Apache License,
+ * Version 2.0 (the "License"); you may not use this file except
+ * in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing,
+ * software distributed under the License is distributed on an
+ * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+ * KIND, either express or implied. See the License for the
+ * specific language governing permissions and limitations
+ * under the License.
+ */
+package org.wso2.carbon.device.mgt.core.cache;
+
+import java.util.Objects;
+
+public class APIResourcePermissionCacheKey {
+
+ private String context;
+ private volatile int hashCode;
+
+ public APIResourcePermissionCacheKey(String context) {
+ this.context = context;
+ }
+
+
+ public String getContext() {
+ return context;
+ }
+
+ public void setContext(String context) {
+ this.context = context;
+ }
+
+ @Override
+ public boolean equals(Object obj) {
+ if (obj == null) {
+ return false;
+ }
+ if (!APIResourcePermissionCacheKey.class.isAssignableFrom(obj.getClass())) {
+ return false;
+ }
+ final APIResourcePermissionCacheKey other = (APIResourcePermissionCacheKey) obj;
+ String thisId = this.context;
+ String otherId = other.context;
+ if (!thisId.equals(otherId)) {
+ return false;
+ }
+ return true;
+ }
+
+ @Override
+ public int hashCode() {
+ if (hashCode == 0) {
+ hashCode = Objects.hash(context);
+ }
+ return hashCode;
+ }
+}
diff --git a/components/device-mgt/org.wso2.carbon.device.mgt.core/src/main/java/org/wso2/carbon/device/mgt/core/cache/APIResourcePermissionCacheManager.java b/components/device-mgt/org.wso2.carbon.device.mgt.core/src/main/java/org/wso2/carbon/device/mgt/core/cache/APIResourcePermissionCacheManager.java
new file mode 100644
index 0000000000..4dac439cc4
--- /dev/null
+++ b/components/device-mgt/org.wso2.carbon.device.mgt.core/src/main/java/org/wso2/carbon/device/mgt/core/cache/APIResourcePermissionCacheManager.java
@@ -0,0 +1,31 @@
+/*
+ * Copyright (c) 2021, WSO2 Inc. (http://www.wso2.org) All Rights Reserved.
+ *
+ * WSO2 Inc. licenses this file to you under the Apache License,
+ * Version 2.0 (the "License"); you may not use this file except
+ * in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing,
+ * software distributed under the License is distributed on an
+ * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+ * KIND, either express or implied. See the License for the
+ * specific language governing permissions and limitations
+ * under the License.
+ */
+package org.wso2.carbon.device.mgt.core.cache;
+
+import org.wso2.carbon.device.mgt.common.permission.mgt.Permission;
+
+import java.util.List;
+
+public interface APIResourcePermissionCacheManager {
+
+ void addAPIResourcePermissionToCache(APIResourcePermissionCacheKey cacheKey, List permissions);
+
+ void updateAPIResourcePermissionInCache(APIResourcePermissionCacheKey cacheKey, List permissions);
+
+ List getAPIResourceRermissionFromCache(APIResourcePermissionCacheKey cacheKey);
+}
diff --git a/components/device-mgt/org.wso2.carbon.device.mgt.core/src/main/java/org/wso2/carbon/device/mgt/core/cache/impl/APIResourcePermissionCacheManagerImpl.java b/components/device-mgt/org.wso2.carbon.device.mgt.core/src/main/java/org/wso2/carbon/device/mgt/core/cache/impl/APIResourcePermissionCacheManagerImpl.java
new file mode 100644
index 0000000000..3b08a8d8b2
--- /dev/null
+++ b/components/device-mgt/org.wso2.carbon.device.mgt.core/src/main/java/org/wso2/carbon/device/mgt/core/cache/impl/APIResourcePermissionCacheManagerImpl.java
@@ -0,0 +1,84 @@
+/*
+ * Copyright (c) 2021, WSO2 Inc. (http://www.wso2.org) All Rights Reserved.
+ *
+ * WSO2 Inc. licenses this file to you under the Apache License,
+ * Version 2.0 (the "License"); you may not use this file except
+ * in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing,
+ * software distributed under the License is distributed on an
+ * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+ * KIND, either express or implied. See the License for the
+ * specific language governing permissions and limitations
+ * under the License.
+ */
+package org.wso2.carbon.device.mgt.core.cache.impl;
+
+import org.apache.commons.logging.Log;
+import org.apache.commons.logging.LogFactory;
+import org.wso2.carbon.device.mgt.common.permission.mgt.Permission;
+import org.wso2.carbon.device.mgt.core.cache.APIResourcePermissionCacheKey;
+import org.wso2.carbon.device.mgt.core.cache.APIResourcePermissionCacheManager;
+import org.wso2.carbon.device.mgt.core.util.DeviceManagerUtil;
+
+import javax.cache.Cache;
+import java.util.List;
+
+public class APIResourcePermissionCacheManagerImpl implements APIResourcePermissionCacheManager {
+
+
+ private static final Log log = LogFactory.getLog(APIResourcePermissionCacheManagerImpl.class);
+
+ private static APIResourcePermissionCacheManagerImpl apiResourceCacgeManager;
+
+ private APIResourcePermissionCacheManagerImpl() {
+ }
+
+ public static APIResourcePermissionCacheManagerImpl getInstance() {
+ if (apiResourceCacgeManager == null) {
+ synchronized (APIResourcePermissionCacheManagerImpl.class) {
+ if (apiResourceCacgeManager == null) {
+ apiResourceCacgeManager = new APIResourcePermissionCacheManagerImpl();
+ }
+ }
+ }
+ return apiResourceCacgeManager;
+ }
+
+
+ @Override
+ public void addAPIResourcePermissionToCache(APIResourcePermissionCacheKey cacheKey, List permissions) {
+ Cache> lCache = DeviceManagerUtil.getAPIResourcePermissionCache();
+ if (lCache != null) {
+ if (lCache.containsKey(cacheKey)) {
+ this.updateAPIResourcePermissionInCache(cacheKey, permissions);
+ } else {
+ lCache.put(cacheKey, permissions);
+ }
+ }
+ }
+
+ @Override
+ public void updateAPIResourcePermissionInCache(APIResourcePermissionCacheKey cacheKey, List permissions) {
+
+ Cache> lCache = DeviceManagerUtil.getAPIResourcePermissionCache();
+ if (lCache != null) {
+ if (lCache.containsKey(cacheKey)) {
+ lCache.replace(cacheKey, permissions);
+ }
+ }
+
+ }
+
+ @Override
+ public List getAPIResourceRermissionFromCache(APIResourcePermissionCacheKey cacheKey) {
+ Cache> lCache = DeviceManagerUtil.getAPIResourcePermissionCache();
+ if (lCache != null) {
+ return lCache.get(cacheKey);
+ }
+ return null;
+ }
+}
diff --git a/components/device-mgt/org.wso2.carbon.device.mgt.core/src/main/java/org/wso2/carbon/device/mgt/core/config/permission/AnnotationProcessor.java b/components/device-mgt/org.wso2.carbon.device.mgt.core/src/main/java/org/wso2/carbon/device/mgt/core/config/permission/AnnotationProcessor.java
index d6a6a84118..e60b14eee9 100644
--- a/components/device-mgt/org.wso2.carbon.device.mgt.core/src/main/java/org/wso2/carbon/device/mgt/core/config/permission/AnnotationProcessor.java
+++ b/components/device-mgt/org.wso2.carbon.device.mgt.core/src/main/java/org/wso2/carbon/device/mgt/core/config/permission/AnnotationProcessor.java
@@ -67,6 +67,7 @@ public class AnnotationProcessor {
private static final String SWAGGER_ANNOTATIONS_PROPERTIES_DESCRIPTION = "description";
private static final String SWAGGER_ANNOTATIONS_PROPERTIES_KEY = "key";
private static final String SWAGGER_ANNOTATIONS_PROPERTIES_PERMISSIONS = "permissions";
+ private static final String SWAGGER_ANNOTATIONS_PROPERTIES_ROLES = "roles";
private static final String ANNOTATIONS_SCOPES = "scopes";
private static final String ANNOTATIONS_SCOPE = "scope";
private static final String DEFAULT_PERM_NAME = "default";
@@ -239,6 +240,7 @@ public class AnnotationProcessor {
subCtx = makeContextURLReady(resourceRootContext) + makeContextURLReady(subCtx);
}
permission.setUrl(replaceDynamicPathVariables(subCtx));
+ permission.setUrlPattern(permission.getUrl().replace("*", "[a-zA-Z0-9-_]+"));
String httpMethod;
for (int i = 0; i < annotations.length; i++) {
httpMethod = getHTTPMethodAnnotation(annotations[i]);
@@ -398,7 +400,7 @@ public class AnnotationProcessor {
if (scope != null) {
permission.setName(scope.getName());
//TODO: currently permission tree supports only adding one permission per API point.
- permission.setPath(scope.getRoles().split(" ")[0]);
+ permission.setPath(scope.getPermissions().split(" ")[0]);
} else {
log.warn("No Scope mapping is done for scope key: " + scopeKey);
permission.setName(DEFAULT_PERM_NAME);
@@ -420,8 +422,11 @@ public class AnnotationProcessor {
Scope scope;
String permissions[];
StringBuilder aggregatedPermissions;
+ String roles[];
+ StringBuilder aggregatedRoles;
for(int i=0; i permissions = annotationProcessor.extractPermissions(annotatedAPIClasses);
PermissionManagerService permissionManagerService = PermissionManagerServiceImpl.getInstance();
- if (permissions != null) {
- for (Permission permission : permissions) {
- permissionManagerService.addPermission(permission);
- }
- }
+ permissionManagerService.addPermission(contextPath, permissions);
+
} catch (PermissionManagementException e) {
log.error("Exception occurred while adding the permissions from webapp : "
+ servletContext.getContextPath(), e);
diff --git a/components/device-mgt/org.wso2.carbon.device.mgt.core/src/main/java/org/wso2/carbon/device/mgt/core/internal/DeviceManagementServiceComponent.java b/components/device-mgt/org.wso2.carbon.device.mgt.core/src/main/java/org/wso2/carbon/device/mgt/core/internal/DeviceManagementServiceComponent.java
index 5bd7a3730b..859659bdf5 100644
--- a/components/device-mgt/org.wso2.carbon.device.mgt.core/src/main/java/org/wso2/carbon/device/mgt/core/internal/DeviceManagementServiceComponent.java
+++ b/components/device-mgt/org.wso2.carbon.device.mgt.core/src/main/java/org/wso2/carbon/device/mgt/core/internal/DeviceManagementServiceComponent.java
@@ -22,11 +22,12 @@ import org.apache.commons.logging.Log;
import org.apache.commons.logging.LogFactory;
import org.osgi.framework.BundleContext;
import org.osgi.service.component.ComponentContext;
-import org.wso2.carbon.device.mgt.common.event.config.EventConfigurationProviderService;
-import org.wso2.carbon.device.mgt.common.exceptions.DeviceManagementException;
+import org.wso2.carbon.core.ServerStartupObserver;
import org.wso2.carbon.device.mgt.common.app.mgt.ApplicationManagementException;
import org.wso2.carbon.device.mgt.common.authorization.DeviceAccessAuthorizationService;
import org.wso2.carbon.device.mgt.common.configuration.mgt.PlatformConfigurationManagementService;
+import org.wso2.carbon.device.mgt.common.event.config.EventConfigurationProviderService;
+import org.wso2.carbon.device.mgt.common.exceptions.DeviceManagementException;
import org.wso2.carbon.device.mgt.common.geo.service.GeoLocationProviderService;
import org.wso2.carbon.device.mgt.common.group.mgt.GroupManagementException;
import org.wso2.carbon.device.mgt.common.metadata.mgt.MetadataManagementService;
@@ -48,6 +49,7 @@ import org.wso2.carbon.device.mgt.core.config.DeviceConfigurationManager;
import org.wso2.carbon.device.mgt.core.config.DeviceManagementConfig;
import org.wso2.carbon.device.mgt.core.config.datasource.DataSourceConfig;
import org.wso2.carbon.device.mgt.core.config.tenant.PlatformConfigurationManagementServiceImpl;
+import org.wso2.carbon.device.mgt.core.config.ui.UIConfigurationManager;
import org.wso2.carbon.device.mgt.core.dao.DeviceManagementDAOFactory;
import org.wso2.carbon.device.mgt.core.dao.GroupManagementDAOFactory;
import org.wso2.carbon.device.mgt.core.device.details.mgt.DeviceInformationManager;
@@ -75,7 +77,6 @@ import org.wso2.carbon.device.mgt.core.service.DeviceManagementProviderServiceIm
import org.wso2.carbon.device.mgt.core.service.GroupManagementProviderService;
import org.wso2.carbon.device.mgt.core.service.GroupManagementProviderServiceImpl;
import org.wso2.carbon.device.mgt.core.task.DeviceTaskManagerService;
-import org.wso2.carbon.device.mgt.core.config.ui.UIConfigurationManager;
import org.wso2.carbon.device.mgt.core.util.DeviceManagementSchemaInitializer;
import org.wso2.carbon.device.mgt.core.util.DeviceManagerUtil;
import org.wso2.carbon.device.mgt.core.util.DeviceMgtTenantMgtListener;
@@ -291,6 +292,9 @@ public class DeviceManagementServiceComponent {
TenantCreateObserver listener = new TenantCreateObserver();
bundleContext.registerService(Axis2ConfigurationContextObserver.class.getName(), listener, null);
+ UserRoleCreateObserver userRoleCreateObserver = new UserRoleCreateObserver();
+ bundleContext.registerService(ServerStartupObserver.class.getName(), userRoleCreateObserver, null);
+
/* Registering Device Management Service */
DeviceManagementProviderService deviceManagementProvider = new DeviceManagementProviderServiceImpl();
DeviceManagementDataHolder.getInstance().setDeviceManagementProvider(deviceManagementProvider);
diff --git a/components/device-mgt/org.wso2.carbon.device.mgt.core/src/main/java/org/wso2/carbon/device/mgt/core/internal/TenantCreateObserver.java b/components/device-mgt/org.wso2.carbon.device.mgt.core/src/main/java/org/wso2/carbon/device/mgt/core/internal/TenantCreateObserver.java
index ffc3724a81..79a5309296 100644
--- a/components/device-mgt/org.wso2.carbon.device.mgt.core/src/main/java/org/wso2/carbon/device/mgt/core/internal/TenantCreateObserver.java
+++ b/components/device-mgt/org.wso2.carbon.device.mgt.core/src/main/java/org/wso2/carbon/device/mgt/core/internal/TenantCreateObserver.java
@@ -49,7 +49,7 @@ public class TenantCreateObserver extends AbstractAxis2ConfigurationContextObser
DeviceManagementDataHolder.getInstance().getRealmService().getTenantUserRealm(tenantId)
.getUserStoreManager();
String tenantAdminName = userRealm.getRealmConfiguration().getAdminUserName();
- userStoreManager.addRole(User.DEFAULT_DEVICE_USER, null, User.PERMISSIONS_FOR_DEVICE_USER);
+ userStoreManager.addRole(User.DEFAULT_DEVICE_USER, new String[]{tenantAdminName}, User.PERMISSIONS_FOR_DEVICE_USER);
userStoreManager.addRole(User.DEFAULT_DEVICE_ADMIN, new String[]{tenantAdminName},
User.PERMISSIONS_FOR_DEVICE_ADMIN);
if (log.isDebugEnabled()) {
diff --git a/components/device-mgt/org.wso2.carbon.device.mgt.core/src/main/java/org/wso2/carbon/device/mgt/core/internal/UserRoleCreateObserver.java b/components/device-mgt/org.wso2.carbon.device.mgt.core/src/main/java/org/wso2/carbon/device/mgt/core/internal/UserRoleCreateObserver.java
new file mode 100644
index 0000000000..ce16866524
--- /dev/null
+++ b/components/device-mgt/org.wso2.carbon.device.mgt.core/src/main/java/org/wso2/carbon/device/mgt/core/internal/UserRoleCreateObserver.java
@@ -0,0 +1,65 @@
+/*
+ * Copyright (c) 2021, WSO2 Inc. (http://www.wso2.org) All Rights Reserved.
+ *
+ * WSO2 Inc. licenses this file to you under the Apache License,
+ * Version 2.0 (the "License"); you may not use this file except
+ * in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing,
+ * software distributed under the License is distributed on an
+ * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+ * KIND, either express or implied. See the License for the
+ * specific language governing permissions and limitations
+ * under the License.
+ */
+package org.wso2.carbon.device.mgt.core.internal;
+
+import org.apache.commons.logging.Log;
+import org.apache.commons.logging.LogFactory;
+import org.wso2.carbon.core.ServerStartupObserver;
+import org.wso2.carbon.device.mgt.core.DeviceManagementConstants;
+import org.wso2.carbon.user.api.UserStoreException;
+import org.wso2.carbon.user.api.UserStoreManager;
+import org.wso2.carbon.utils.multitenancy.MultitenantConstants;
+
+public class UserRoleCreateObserver implements ServerStartupObserver {
+ private static final Log log = LogFactory.getLog(UserRoleCreateObserver.class);
+ @Override
+ public void completingServerStartup() {
+
+ }
+
+ @Override
+ public void completedServerStartup() {
+ String tenantDomain = MultitenantConstants.SUPER_TENANT_DOMAIN_NAME;
+ String tenantAdminName = "admin";
+
+ try {
+ UserStoreManager userStoreManager =
+ DeviceManagementDataHolder.getInstance().getRealmService().getTenantUserRealm(
+ MultitenantConstants.SUPER_TENANT_ID).getUserStoreManager();
+ userStoreManager.addRole(
+ DeviceManagementConstants.User.DEFAULT_DEVICE_ADMIN,
+ new String[]{tenantAdminName},
+ DeviceManagementConstants.User.PERMISSIONS_FOR_DEVICE_ADMIN);
+ userStoreManager.addRole(
+ DeviceManagementConstants.User.DEFAULT_DEVICE_USER,
+ new String[]{tenantAdminName},
+ DeviceManagementConstants.User.PERMISSIONS_FOR_DEVICE_USER);
+
+ if (log.isDebugEnabled()) {
+ log.debug("Device management roles: " + DeviceManagementConstants.User.DEFAULT_DEVICE_USER + ", " +
+ DeviceManagementConstants.User.DEFAULT_DEVICE_ADMIN + " created for the tenant:" + tenantDomain + "."
+ );
+ log.debug("Tenant administrator: " + tenantAdminName + "@" + tenantDomain +
+ " is assigned to the role:" + DeviceManagementConstants.User.DEFAULT_DEVICE_ADMIN + "."
+ );
+ }
+ } catch (UserStoreException e) {
+ log.error("Error occurred while creating roles for the tenant: " + tenantDomain + ".");
+ }
+ }
+}
diff --git a/components/device-mgt/org.wso2.carbon.device.mgt.core/src/main/java/org/wso2/carbon/device/mgt/core/permission/mgt/PermissionManagerServiceImpl.java b/components/device-mgt/org.wso2.carbon.device.mgt.core/src/main/java/org/wso2/carbon/device/mgt/core/permission/mgt/PermissionManagerServiceImpl.java
index 07865c5095..c2591a1df6 100644
--- a/components/device-mgt/org.wso2.carbon.device.mgt.core/src/main/java/org/wso2/carbon/device/mgt/core/permission/mgt/PermissionManagerServiceImpl.java
+++ b/components/device-mgt/org.wso2.carbon.device.mgt.core/src/main/java/org/wso2/carbon/device/mgt/core/permission/mgt/PermissionManagerServiceImpl.java
@@ -18,13 +18,16 @@
package org.wso2.carbon.device.mgt.core.permission.mgt;
+import org.apache.commons.logging.Log;
+import org.apache.commons.logging.LogFactory;
import org.wso2.carbon.device.mgt.common.permission.mgt.Permission;
import org.wso2.carbon.device.mgt.common.permission.mgt.PermissionManagementException;
import org.wso2.carbon.device.mgt.common.permission.mgt.PermissionManagerService;
+import org.wso2.carbon.device.mgt.core.cache.APIResourcePermissionCacheKey;
+import org.wso2.carbon.device.mgt.core.cache.impl.APIResourcePermissionCacheManagerImpl;
-import java.util.HashSet;
+import java.util.List;
import java.util.Properties;
-import java.util.Set;
/**
* This class will add, update custom permissions defined in permission.xml in webapps and it will
@@ -32,10 +35,7 @@ import java.util.Set;
*/
public class PermissionManagerServiceImpl implements PermissionManagerService {
- public static final String URL_PROPERTY = "URL";
- public static final String HTTP_METHOD_PROPERTY = "HTTP_METHOD";
private static PermissionManagerServiceImpl registryBasedPermissionManager;
- private static PermissionTree permissionTree; // holds the permissions at runtime.
private PermissionManagerServiceImpl() {
}
@@ -45,7 +45,6 @@ public class PermissionManagerServiceImpl implements PermissionManagerService {
synchronized (PermissionManagerServiceImpl.class) {
if (registryBasedPermissionManager == null) {
registryBasedPermissionManager = new PermissionManagerServiceImpl();
- permissionTree = new PermissionTree();
}
}
}
@@ -53,21 +52,22 @@ public class PermissionManagerServiceImpl implements PermissionManagerService {
}
@Override
- public boolean addPermission(Permission permission) throws PermissionManagementException {
- // adding a permission to the tree
- permission.setPath(permission.getPath());
- permissionTree.addPermission(permission);
- return PermissionUtils.putPermission(permission);
+ public boolean addPermission(String context, List permissions) throws PermissionManagementException {
+ try {
+ for (Permission permission : permissions) {
+ PermissionUtils.putPermission(permission);
+ }
+ APIResourcePermissionCacheManagerImpl.getInstance().addAPIResourcePermissionToCache(
+ new APIResourcePermissionCacheKey(context), permissions);
+ } catch (PermissionManagementException e) {
+ return false;
+ }
+ return true;
}
@Override
- public Permission getPermission(Properties properties) throws PermissionManagementException {
- String url = (String) properties.get(URL_PROPERTY);
- String httpMethod = (String) properties.get(HTTP_METHOD_PROPERTY);
-
- if (url == null || url.isEmpty() || httpMethod == null || httpMethod.isEmpty()) {
- throw new PermissionManagementException("Resource URI/HTTP method is empty");
- }
- return permissionTree.getPermission(url, httpMethod);
+ public List getPermission(String context) throws PermissionManagementException {
+ return APIResourcePermissionCacheManagerImpl.getInstance().getAPIResourceRermissionFromCache(
+ new APIResourcePermissionCacheKey(context));
}
}
diff --git a/components/device-mgt/org.wso2.carbon.device.mgt.core/src/main/java/org/wso2/carbon/device/mgt/core/util/DeviceManagerUtil.java b/components/device-mgt/org.wso2.carbon.device.mgt.core/src/main/java/org/wso2/carbon/device/mgt/core/util/DeviceManagerUtil.java
index 0a2932e930..f83e19c62f 100644
--- a/components/device-mgt/org.wso2.carbon.device.mgt.core/src/main/java/org/wso2/carbon/device/mgt/core/util/DeviceManagerUtil.java
+++ b/components/device-mgt/org.wso2.carbon.device.mgt.core/src/main/java/org/wso2/carbon/device/mgt/core/util/DeviceManagerUtil.java
@@ -73,8 +73,10 @@ import org.wso2.carbon.device.mgt.common.group.mgt.DeviceGroup;
import org.wso2.carbon.device.mgt.common.group.mgt.GroupManagementException;
import org.wso2.carbon.device.mgt.common.notification.mgt.NotificationManagementException;
import org.wso2.carbon.device.mgt.common.operation.mgt.OperationManagementException;
+import org.wso2.carbon.device.mgt.common.permission.mgt.Permission;
import org.wso2.carbon.device.mgt.common.type.mgt.DeviceTypeMetaDefinition;
import org.wso2.carbon.device.mgt.core.DeviceManagementConstants;
+import org.wso2.carbon.device.mgt.core.cache.APIResourcePermissionCacheKey;
import org.wso2.carbon.device.mgt.core.cache.DeviceCacheKey;
import org.wso2.carbon.device.mgt.core.cache.GeoCacheKey;
import org.wso2.carbon.device.mgt.core.config.DeviceConfigurationManager;
@@ -136,6 +138,7 @@ public final class DeviceManagerUtil {
public static final String GENERAL_CONFIG_RESOURCE_PATH = "general";
private static boolean isDeviceCacheInitialized = false;
+ private static boolean isAPIResourcePermissionCacheInitialized = false;
private static boolean isGeoFenceCacheInitialized = false;
public static Document convertToDocument(File file) throws DeviceManagementException {
@@ -596,19 +599,6 @@ public final class DeviceManagerUtil {
return Caching.getCacheManagerFactory().getCacheManager(DeviceManagementConstants.DM_CACHE_MANAGER);
}
- //todo:amalka
-// public static EventsPublisherService getEventPublisherService() {
-// PrivilegedCarbonContext ctx = PrivilegedCarbonContext.getThreadLocalCarbonContext();
-// EventsPublisherService eventsPublisherService =
-// (EventsPublisherService) ctx.getOSGiService(EventsPublisherService.class, null);
-// if (eventsPublisherService == null) {
-// String msg = "Event Publisher service has not initialized.";
-// log.error(msg);
-// throw new IllegalStateException(msg);
-// }
-// return eventsPublisherService;
-// }
-
/**
* Retrieve EventConfigurationProviderService osgi service component
* @return {@link EventConfigurationProviderService} service component
@@ -663,6 +653,18 @@ public final class DeviceManagerUtil {
}
}
+ public static void initializeAPIResourcePermissionCache() {
+ CacheManager manager = getCacheManager();
+ if(!isAPIResourcePermissionCacheInitialized) {
+ isAPIResourcePermissionCacheInitialized = true;
+ if (manager != null) {
+ manager.getCache(DeviceManagementConstants.API_RESOURCE_PERMISSION_CACHE);
+ } else {
+ Caching.getCacheManager().getCache(DeviceManagementConstants.API_RESOURCE_PERMISSION_CACHE);
+ }
+ }
+ }
+
/**
* Enable Geofence caching according to the configurations proviced by cdm-config.xml
*/
@@ -722,6 +724,21 @@ public final class DeviceManagerUtil {
return deviceCache;
}
+ public static Cache> getAPIResourcePermissionCache() {
+ CacheManager manager = getCacheManager();
+ Cache> apiResourcePermissionCache = null;
+ if(!isAPIResourcePermissionCacheInitialized) {
+ initializeAPIResourcePermissionCache();
+ }
+ if (manager != null) {
+ apiResourcePermissionCache = manager.getCache(DeviceManagementConstants.API_RESOURCE_PERMISSION_CACHE);
+ } else {
+ apiResourcePermissionCache = Caching.getCacheManager(DeviceManagementConstants.DM_CACHE_MANAGER)
+ .getCache(DeviceManagementConstants.API_RESOURCE_PERMISSION_CACHE);
+ }
+ return apiResourcePermissionCache;
+ }
+
/**
* Get geofence cache object
* @return {@link Cache}
diff --git a/components/identity-extensions/org.wso2.carbon.identity.jwt.client.extension/src/main/java/org/wso2/carbon/identity/jwt/client/extension/util/JWTClientUtil.java b/components/identity-extensions/org.wso2.carbon.identity.jwt.client.extension/src/main/java/org/wso2/carbon/identity/jwt/client/extension/util/JWTClientUtil.java
index 93f6e6fd17..f9980d2122 100644
--- a/components/identity-extensions/org.wso2.carbon.identity.jwt.client.extension/src/main/java/org/wso2/carbon/identity/jwt/client/extension/util/JWTClientUtil.java
+++ b/components/identity-extensions/org.wso2.carbon.identity.jwt.client.extension/src/main/java/org/wso2/carbon/identity/jwt/client/extension/util/JWTClientUtil.java
@@ -232,18 +232,18 @@ public class JWTClientUtil {
}
List aud = jwtConfig.getAudiences();
//set up the basic claims
- JWTClaimsSet claimsSet = new JWTClaimsSet();
- claimsSet.setIssueTime(new Date(iat));
- claimsSet.setExpirationTime(new Date(exp));
- claimsSet.setIssuer(iss);
- claimsSet.setSubject(username);
- claimsSet.setNotBeforeTime(new Date(nbf));
- claimsSet.setJWTID(jti);
- claimsSet.setAudience(aud);
- claimsSet.setClaim(SIGNED_JWT_AUTH_USERNAME, username);
+ JWTClaimsSet.Builder claimsSet = new JWTClaimsSet.Builder();
+ claimsSet.issueTime(new Date(iat));
+ claimsSet.expirationTime(new Date(exp));
+ claimsSet.issuer(iss);
+ claimsSet.subject(username);
+ claimsSet.notBeforeTime(new Date(nbf));
+ claimsSet.jwtID(jti);
+ claimsSet.audience(aud);
+ claimsSet.claim(SIGNED_JWT_AUTH_USERNAME, username);
if (customClaims != null && !customClaims.isEmpty()) {
for (String key : customClaims.keySet()) {
- claimsSet.setClaim(key, customClaims.get(key));
+ claimsSet.claim(key, customClaims.get(key));
}
}
@@ -280,7 +280,7 @@ public class JWTClientUtil {
}
}
JWSSigner signer = new RSASSASigner(rsaPrivateKey);
- SignedJWT signedJWT = new SignedJWT(new JWSHeader(JWSAlgorithm.RS256), claimsSet);
+ SignedJWT signedJWT = new SignedJWT(new JWSHeader(JWSAlgorithm.RS256), claimsSet.build());
signedJWT.sign(signer);
String assertion = signedJWT.serialize();
return assertion;
diff --git a/components/transport-mgt/sms-handler/io.entgra.transport.mgt.sms.handler.api/src/main/java/io/entgra/transport/mgt/sms/handler/api/service/ConfigurationManagementService.java b/components/transport-mgt/sms-handler/io.entgra.transport.mgt.sms.handler.api/src/main/java/io/entgra/transport/mgt/sms/handler/api/service/ConfigurationManagementService.java
index 3a771222c7..18d295b53a 100644
--- a/components/transport-mgt/sms-handler/io.entgra.transport.mgt.sms.handler.api/src/main/java/io/entgra/transport/mgt/sms/handler/api/service/ConfigurationManagementService.java
+++ b/components/transport-mgt/sms-handler/io.entgra.transport.mgt.sms.handler.api/src/main/java/io/entgra/transport/mgt/sms/handler/api/service/ConfigurationManagementService.java
@@ -64,6 +64,7 @@ import javax.ws.rs.core.Response;
name = "View configurations",
description = "",
key = "perm:sms-handler:view-configuration",
+ roles = {"Internal/devicemgt-user"},
permissions = {"/sms-handler/platform-configurations/view"}
)
})
diff --git a/components/webapp-authenticator-framework/org.wso2.carbon.webapp.authenticator.framework/pom.xml b/components/webapp-authenticator-framework/org.wso2.carbon.webapp.authenticator.framework/pom.xml
index e041b45f83..2bf0318675 100644
--- a/components/webapp-authenticator-framework/org.wso2.carbon.webapp.authenticator.framework/pom.xml
+++ b/components/webapp-authenticator-framework/org.wso2.carbon.webapp.authenticator.framework/pom.xml
@@ -55,22 +55,22 @@
org.wso2.carbon.webapp.authenticator.framework.*
- com.nimbusds.jose,
- com.nimbusds.jose.crypto,
- com.nimbusds.jwt,
+ com.nimbusds.jose;version="${nimbus.orbit.version.range}",
+ com.nimbusds.jose.crypto;version="${nimbus.orbit.version.range}",
+ com.nimbusds.jwt;version="${nimbus.orbit.version.range}",
javax.xml.bind,
javax.xml.bind.annotation,
javax.xml.parsers;version="${javax.xml.parsers.import.pkg.version}";resolution:=optional,
javax.xml.validation,
-
-
-
+ org.apache.catalina;version="9.0",
+ org.apache.catalina.connector;version="9.0",
+ org.apache.catalina.util;version="9.0",
org.apache.commons.logging,
-
-
-
- org.osgi.service.component,
- org.osgi.framework,
+ org.apache.coyote;version="9.0",
+ org.apache.tomcat.util.buf;version="9.0",
+ org.apache.tomcat.util.http;version="9.0",
+ org.osgi.framework.*;version="${imp.package.version.osgi.framework}",
+ org.osgi.service.*;version="${imp.package.version.osgi.service}",
org.w3c.dom,
org.wso2.carbon.context,
org.wso2.carbon.core.util,
@@ -85,15 +85,15 @@
org.wso2.carbon.utils,
org.wso2.carbon.utils.multitenancy,
org.xml.sax,
- com.google.gson.*,
+
javax.servlet,
javax.servlet.http,
javax.xml,
org.apache.axis2.transport.http,
org.wso2.carbon.certificate.mgt.core.*,
- org.wso2.carbon.device.mgt.core.permission.mgt,
+ org.wso2.carbon.device.mgt.core.permission.mgt.*,
org.wso2.carbon.device.mgt.common.*,
- org.wso2.carbon.device.mgt.common.permission.mgt,
+ org.wso2.carbon.device.mgt.common.permission.mgt.*,
org.apache.axis2,
org.apache.axis2.client,
org.apache.commons.codec.binary;version="${commons-codec.wso2.osgi.version.range}",
@@ -194,6 +194,16 @@
org.wso2.carbon.identity.inbound.auth.oauth2
org.wso2.carbon.identity.oauth
+
+
+ org.wso2.orbit.com.nimbusds
+ nimbus-jose-jwt
+
+
+ com.nimbusds
+ nimbus-jose-jwt
+
+
org.wso2.carbon
@@ -202,6 +212,7 @@
org.wso2.orbit.com.nimbusds
nimbus-jose-jwt
+ compile
org.wso2.carbon.devicemgt
diff --git a/components/webapp-authenticator-framework/org.wso2.carbon.webapp.authenticator.framework/src/main/java/org/wso2/carbon/webapp/authenticator/framework/AuthenticationFrameworkUtil.java b/components/webapp-authenticator-framework/org.wso2.carbon.webapp.authenticator.framework/src/main/java/org/wso2/carbon/webapp/authenticator/framework/AuthenticationFrameworkUtil.java
index 7c506737e7..c6d12b9286 100644
--- a/components/webapp-authenticator-framework/org.wso2.carbon.webapp.authenticator.framework/src/main/java/org/wso2/carbon/webapp/authenticator/framework/AuthenticationFrameworkUtil.java
+++ b/components/webapp-authenticator-framework/org.wso2.carbon.webapp.authenticator.framework/src/main/java/org/wso2/carbon/webapp/authenticator/framework/AuthenticationFrameworkUtil.java
@@ -73,7 +73,7 @@ public class AuthenticationFrameworkUtil {
}
}
- static boolean isUserAuthorized(int tenantId, String tenantDomain, String username, String
+ public static boolean isUserAuthorized(int tenantId, String tenantDomain, String username, String
permission) throws
AuthenticationException {
boolean tenantFlowStarted = false;
diff --git a/components/webapp-authenticator-framework/org.wso2.carbon.webapp.authenticator.framework/src/main/java/org/wso2/carbon/webapp/authenticator/framework/WebappAuthenticationValve.java b/components/webapp-authenticator-framework/org.wso2.carbon.webapp.authenticator.framework/src/main/java/org/wso2/carbon/webapp/authenticator/framework/WebappAuthenticationValve.java
index 897bba0812..6547c48f35 100644
--- a/components/webapp-authenticator-framework/org.wso2.carbon.webapp.authenticator.framework/src/main/java/org/wso2/carbon/webapp/authenticator/framework/WebappAuthenticationValve.java
+++ b/components/webapp-authenticator-framework/org.wso2.carbon.webapp.authenticator.framework/src/main/java/org/wso2/carbon/webapp/authenticator/framework/WebappAuthenticationValve.java
@@ -18,11 +18,9 @@
*/
package org.wso2.carbon.webapp.authenticator.framework;
-import com.google.gson.Gson;
import org.apache.catalina.Context;
import org.apache.catalina.connector.Request;
import org.apache.catalina.connector.Response;
-import org.apache.commons.lang.StringUtils;
import org.apache.commons.logging.Log;
import org.apache.commons.logging.LogFactory;
import org.owasp.encoder.Encode;
@@ -33,6 +31,7 @@ import org.wso2.carbon.user.api.Tenant;
import org.wso2.carbon.user.api.UserStoreException;
import org.wso2.carbon.user.core.service.RealmService;
import org.wso2.carbon.webapp.authenticator.framework.authenticator.WebappAuthenticator;
+import org.wso2.carbon.webapp.authenticator.framework.authorizer.PermissionAuthorizer;
import org.wso2.carbon.webapp.authenticator.framework.authorizer.WebappTenantAuthorizer;
import javax.servlet.http.HttpServletResponse;
@@ -48,9 +47,6 @@ public class WebappAuthenticationValve extends CarbonTomcatValve {
private static final Log log = LogFactory.getLog(WebappAuthenticationValve.class);
private static final TreeMap nonSecuredEndpoints = new TreeMap<>();
- private static final String PERMISSION_PREFIX = "/permission/admin";
- public static final String AUTHORIZE_PERMISSION = "Authorize-Permission";
-
private static InetAddress inetAddress = null;
@Override
@@ -81,8 +77,7 @@ public class WebappAuthenticationValve extends CarbonTomcatValve {
}
}
- if ((this.isContextSkipped(request) || this.skipAuthentication(request))
- && (StringUtils.isEmpty(request.getHeader(AUTHORIZE_PERMISSION)))) {
+ if ((this.isContextSkipped(request) || this.skipAuthentication(request))) {
this.getNext().invoke(request, response, compositeValve);
return;
}
@@ -103,29 +98,12 @@ public class WebappAuthenticationValve extends CarbonTomcatValve {
// This section will allow to validate a given access token is authenticated to access given
// resource(permission)
if (request.getCoyoteRequest() != null
- && StringUtils.isNotEmpty(request.getHeader(AUTHORIZE_PERMISSION))
&& (authenticationInfo.getStatus() == WebappAuthenticator.Status.CONTINUE ||
authenticationInfo.getStatus() == WebappAuthenticator.Status.SUCCESS)) {
boolean isAllowed;
- try {
- isAllowed = AuthenticationFrameworkUtil.isUserAuthorized(
- authenticationInfo.getTenantId(), authenticationInfo.getTenantDomain(),
- authenticationInfo.getUsername(),
- PERMISSION_PREFIX + request.getHeader (AUTHORIZE_PERMISSION));
- } catch (AuthenticationException e) {
- String msg = "Could not authorize permission";
- log.error(msg);
- AuthenticationFrameworkUtil.handleResponse(request, response,
- HttpServletResponse.SC_INTERNAL_SERVER_ERROR, msg);
- return;
- }
-
- if (isAllowed) {
- Gson gson = new Gson();
- AuthenticationFrameworkUtil.handleResponse(request, response, HttpServletResponse.SC_OK,
- gson.toJson(authenticationInfo));
- return;
- } else {
+ WebappAuthenticator.Status authorizeStatus = PermissionAuthorizer.authorize(request, authenticationInfo);
+ isAllowed = WebappAuthenticator.Status.SUCCESS == authorizeStatus;
+ if (!isAllowed) {
log.error("Unauthorized message from user " + authenticationInfo.getUsername());
AuthenticationFrameworkUtil.handleResponse(request, response,
HttpServletResponse.SC_FORBIDDEN, "Unauthorized to access the API");
@@ -133,7 +111,7 @@ public class WebappAuthenticationValve extends CarbonTomcatValve {
}
}
- Tenant tenant = null;
+ Tenant tenant = null;
if (authenticationInfo.getTenantId() != -1) {
try {
PrivilegedCarbonContext.startTenantFlow();
diff --git a/components/webapp-authenticator-framework/org.wso2.carbon.webapp.authenticator.framework/src/main/java/org/wso2/carbon/webapp/authenticator/framework/authorizer/MatchingResource.java b/components/webapp-authenticator-framework/org.wso2.carbon.webapp.authenticator.framework/src/main/java/org/wso2/carbon/webapp/authenticator/framework/authorizer/MatchingResource.java
new file mode 100644
index 0000000000..0c24986171
--- /dev/null
+++ b/components/webapp-authenticator-framework/org.wso2.carbon.webapp.authenticator.framework/src/main/java/org/wso2/carbon/webapp/authenticator/framework/authorizer/MatchingResource.java
@@ -0,0 +1,30 @@
+package org.wso2.carbon.webapp.authenticator.framework.authorizer;
+
+/**
+ * Created by amalka on 6/26/21.
+ */
+public class MatchingResource {
+ private String urlPattern;
+ private String permission;
+
+ public MatchingResource(String urlPattern, String permission) {
+ this.urlPattern = urlPattern;
+ this.permission = permission;
+ }
+
+ public String getUrlPattern() {
+ return urlPattern;
+ }
+
+ public void setUrlPattern(String urlPattern) {
+ this.urlPattern = urlPattern;
+ }
+
+ public String getPermission() {
+ return permission;
+ }
+
+ public void setPermission(String permission) {
+ this.permission = permission;
+ }
+}
diff --git a/components/webapp-authenticator-framework/org.wso2.carbon.webapp.authenticator.framework/src/main/java/org/wso2/carbon/webapp/authenticator/framework/authorizer/PermissionAuthorizer.java b/components/webapp-authenticator-framework/org.wso2.carbon.webapp.authenticator.framework/src/main/java/org/wso2/carbon/webapp/authenticator/framework/authorizer/PermissionAuthorizer.java
new file mode 100644
index 0000000000..dd3e8cceff
--- /dev/null
+++ b/components/webapp-authenticator-framework/org.wso2.carbon.webapp.authenticator.framework/src/main/java/org/wso2/carbon/webapp/authenticator/framework/authorizer/PermissionAuthorizer.java
@@ -0,0 +1,143 @@
+/*
+ * Copyright (c) 2021, WSO2 Inc. (http://www.wso2.org) All Rights Reserved.
+ *
+ * WSO2 Inc. licenses this file to you under the Apache License,
+ * Version 2.0 (the "License"); you may not use this file except
+ * in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing,
+ * software distributed under the License is distributed on an
+ * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+ * KIND, either express or implied. See the License for the
+ * specific language governing permissions and limitations
+ * under the License.
+ */
+package org.wso2.carbon.webapp.authenticator.framework.authorizer;
+
+import org.apache.catalina.connector.Request;
+import org.apache.commons.logging.Log;
+import org.apache.commons.logging.LogFactory;
+import org.wso2.carbon.device.mgt.common.permission.mgt.Permission;
+import org.wso2.carbon.device.mgt.common.permission.mgt.PermissionManagementException;
+import org.wso2.carbon.device.mgt.common.permission.mgt.PermissionManagerService;
+import org.wso2.carbon.device.mgt.core.permission.mgt.PermissionManagerServiceImpl;
+import org.wso2.carbon.webapp.authenticator.framework.AuthenticationException;
+import org.wso2.carbon.webapp.authenticator.framework.AuthenticationFrameworkUtil;
+import org.wso2.carbon.webapp.authenticator.framework.AuthenticationInfo;
+import org.wso2.carbon.webapp.authenticator.framework.authenticator.WebappAuthenticator;
+
+import java.util.ArrayList;
+import java.util.List;
+import java.util.StringTokenizer;
+
+public class PermissionAuthorizer {
+
+ private static final Log log = LogFactory.getLog(PermissionAuthorizer.class);
+
+ public static WebappAuthenticator.Status authorize(Request request, AuthenticationInfo authenticationInfo) {
+ String requestUri = request.getRequestURI();
+ String requestMethod = request.getMethod();
+ String context = request.getContextPath();
+
+ if (requestUri == null || requestUri.isEmpty() || requestMethod == null || requestMethod.isEmpty()) {
+ return WebappAuthenticator.Status.CONTINUE;
+ }
+
+ PermissionManagerService registryBasedPermissionManager =
+ PermissionManagerServiceImpl.getInstance();
+ List matchingPermissions = null;
+ try {
+ matchingPermissions = registryBasedPermissionManager.getPermission(context);
+ } catch (PermissionManagementException e) {
+ log.error(
+ "Error occurred while fetching the permission for URI : " + requestUri +
+ ", msg = " + e.getMessage());
+ }
+
+ if (matchingPermissions == null) {
+ if (log.isDebugEnabled()) {
+ log.debug("Permission to request '" + requestUri + "' is not defined in the configuration");
+ }
+ return WebappAuthenticator.Status.FAILURE;
+ }
+
+ String requiredPermission = null;
+ List matchingResources = new ArrayList<>();
+ for (Permission permission : matchingPermissions) {
+ if (requestMethod.equals(permission.getMethod()) && requestUri.matches(permission.getUrlPattern())) {
+ if (requestUri.equals(permission.getUrl())) { // is there a exact match
+ requiredPermission = permission.getPath();
+ break;
+ } else { // all templated urls add to a list
+ matchingResources.add(new MatchingResource(permission.getUrlPattern().replace(context, ""), permission.getPath()));
+ }
+ }
+ }
+
+ if (requiredPermission == null) {
+ if (matchingResources.size() == 1) { // only 1 templated url found
+ requiredPermission = matchingResources.get(0).getPermission();
+ }
+
+ if (matchingResources.size() > 1) { // more than 1 templated urls found
+ String urlWithoutContext = requestUri.replace(context, "");
+ StringTokenizer st = new StringTokenizer(urlWithoutContext, "/");
+ int tokenPosition = 1;
+ while (st.hasMoreTokens()) {
+ List tempList = new ArrayList<>();
+ String currentToken = st.nextToken();
+ for (MatchingResource matchingResource : matchingResources) {
+ StringTokenizer stmr = new StringTokenizer(matchingResource.getUrlPattern(), "/");
+ int internalTokenPosition = 1;
+ while (stmr.hasMoreTokens()) {
+ String internalToken = stmr.nextToken();
+ if ((tokenPosition == internalTokenPosition) && currentToken.equals(internalToken)) {
+ tempList.add(matchingResource);
+ }
+ internalTokenPosition++;
+ if (tokenPosition < internalTokenPosition) {
+ break;
+ }
+ }
+ }
+ if (tempList.size() == 1) {
+ requiredPermission = tempList.get(0).getPermission();
+ break;
+ }
+ tokenPosition++;
+ }
+ }
+ }
+
+ if (requiredPermission == null) {
+ if (log.isDebugEnabled()) {
+ log.debug("Matching permission not found for " + requestUri);
+ }
+ return WebappAuthenticator.Status.FAILURE;
+ }
+
+ boolean isUserAuthorized;
+ try {
+ isUserAuthorized = AuthenticationFrameworkUtil.isUserAuthorized(
+ authenticationInfo.getTenantId(), authenticationInfo.getTenantDomain(),
+ authenticationInfo.getUsername(), requiredPermission);
+ } catch (AuthenticationException e) {
+ log.error("Error occurred while retrieving user store. " + e.getMessage());
+ return WebappAuthenticator.Status.FAILURE;
+ }
+
+ if (isUserAuthorized) {
+ return WebappAuthenticator.Status.SUCCESS;
+ } else {
+ return WebappAuthenticator.Status.FAILURE;
+ }
+
+ }
+
+}
+
+
+
diff --git a/pom.xml b/pom.xml
index ea11339d6e..eacfe8acda 100644
--- a/pom.xml
+++ b/pom.xml
@@ -2175,8 +2175,8 @@
1.0.2
- 2.26.1.wso2v3
- [2.26.1, 3.0.0)
+ 7.3.0.wso2v1
+ [7.3, 8)
2.0.1