Add scope retrieval to tenantcreateobserver #302

Closed
shamalka1 wants to merge 4 commits from shamalka1/device-mgt-core:201013-new into scope_role_map

@ -84,6 +84,10 @@
<artifactId>okhttp</artifactId>
<scope>compile</scope>
</dependency>
<dependency>
<groupId>org.wso2.carbon</groupId>
<artifactId>org.wso2.carbon.user.api</artifactId>
</dependency>
</dependencies>
<build>
@ -121,7 +125,10 @@
org.wso2.carbon.apimgt.impl;version="${carbon.api.mgt.version.range}",
org.wso2.carbon.apimgt.impl.utils;version="${carbon.api.mgt.version.range}",
org.wso2.carbon.apimgt.impl.internal;version="${carbon.api.mgt.version.range}",
org.json
org.json,
org.wso2.carbon.user.api,
org.wso2.carbon.context;version="4.6",
org.wso2.carbon.utils.*
</Import-Package>
</instructions>
</configuration>

@ -25,6 +25,7 @@ import io.entgra.device.mgt.core.apimgt.extension.rest.api.exceptions.APIService
public interface APIApplicationServices {
APIApplicationKey createAndRetrieveApplicationCredentials() throws APIServicesException;
void createAndRetrieveApplicationCredentialsAndGenerateToken() throws APIServicesException;
AccessTokenInfo generateAccessTokenFromRegisteredApplication(String clientId, String clientSecret) throws APIServicesException;

@ -19,6 +19,10 @@
package io.entgra.device.mgt.core.apimgt.extension.rest.api;
import com.google.gson.Gson;
import io.entgra.device.mgt.core.apimgt.extension.rest.api.dto.APIInfo.Scope;
import io.entgra.device.mgt.core.apimgt.extension.rest.api.exceptions.BadRequestException;
import io.entgra.device.mgt.core.apimgt.extension.rest.api.exceptions.UnexpectedResponseException;
import io.entgra.device.mgt.core.apimgt.extension.rest.api.internal.PublisherRESTAPIDataHolder;
import org.json.JSONObject;
import io.entgra.device.mgt.core.apimgt.extension.rest.api.util.HttpsTrustManagerUtils;
import io.entgra.device.mgt.core.apimgt.extension.rest.api.dto.APIApplicationKey;
@ -35,7 +39,17 @@ import org.apache.commons.logging.Log;
import org.apache.commons.logging.LogFactory;
import org.wso2.carbon.apimgt.impl.APIManagerConfiguration;
import org.wso2.carbon.apimgt.impl.internal.ServiceReferenceHolder;
import org.wso2.carbon.context.PrivilegedCarbonContext;
import org.wso2.carbon.user.api.UserRealm;
import org.wso2.carbon.user.api.UserStoreException;
import org.wso2.carbon.user.api.UserStoreManager;
import org.wso2.carbon.utils.multitenancy.MultitenantUtils;
import java.io.IOException;
import java.security.SecureRandom;
import java.util.Arrays;
import java.util.HashMap;
import java.util.Map;
public class APIApplicationServicesImpl implements APIApplicationServices {
@ -51,9 +65,34 @@ public class APIApplicationServicesImpl implements APIApplicationServices {
public APIApplicationKey createAndRetrieveApplicationCredentials()
throws APIServicesException {
log.error("=====createAndRetrieveApplicationCredentials=====1");
String serverUser = null;
String serverPassword = null;
try {
log.error("=====createAndRetrieveApplicationCredentials=====2");
UserRealm userRealm = PrivilegedCarbonContext.getThreadLocalCarbonContext().getUserRealm();
String tenantDomain = PrivilegedCarbonContext.getThreadLocalCarbonContext().getTenantDomain();
UserStoreManager userStoreManager = userRealm.getUserStoreManager();
createUserIfNotExists(Constants.RESERVED_USER_NAME, Constants.RESERVED_USER_PASSWORD, userStoreManager);
if(tenantDomain.equals("carbon.super")) {
log.error("=====createAndRetrieveApplicationCredentials=====3");
serverUser = config.getFirstProperty(Constants.SERVER_USER);
serverPassword = config.getFirstProperty(Constants.SERVER_PASSWORD);
} else {
log.error("=====createAndRetrieveApplicationCredentials=====4");
serverUser = Constants.RESERVED_USER_NAME + "@" + tenantDomain;
serverPassword = Constants.RESERVED_USER_PASSWORD;
}
} catch (UserStoreException e) {
throw new RuntimeException(e);
}
String applicationEndpoint = config.getFirstProperty(Constants.DCR_END_POINT);
String serverUser = config.getFirstProperty(Constants.SERVER_USER);
String serverPassword = config.getFirstProperty(Constants.SERVER_PASSWORD);
log.error("=====createAndRetrieveApplicationCredentials=====5");
JSONObject jsonObject = new JSONObject();
jsonObject.put("callbackUrl", Constants.EMPTY_STRING);
@ -62,15 +101,98 @@ public class APIApplicationServicesImpl implements APIApplicationServices {
jsonObject.put("owner", serverUser);
jsonObject.put("saasApp", true);
log.error("=====createAndRetrieveApplicationCredentials=====6");
RequestBody requestBody = RequestBody.Companion.create(jsonObject.toString(), JSON);
Request request = new Request.Builder()
.url(applicationEndpoint)
.addHeader(Constants.AUTHORIZATION_HEADER_NAME, Credentials.basic(serverUser, serverPassword))
.post(requestBody)
.build();
log.error("=====createAndRetrieveApplicationCredentials=====7");
try {
Response response = client.newCall(request).execute();
return gson.fromJson(response.body().string(), APIApplicationKey.class);
log.error("=====createAndRetrieveApplicationCredentials=====8");
try (Response response = client.newCall(request).execute()) {
log.error("=====createAndRetrieveApplicationCredentials=====9");
return gson.fromJson(response.body().string(), APIApplicationKey.class);
}
} catch (IOException e) {
msg = "Error occurred while processing the response";
log.error(msg, e);
throw new APIServicesException(e);
}
}
@Override
public void createAndRetrieveApplicationCredentialsAndGenerateToken()
throws APIServicesException {
log.error("=====createAndRetrieveApplicationCredentials=====1");
String serverUser = null;
String serverPassword = null;
try {
log.error("=====createAndRetrieveApplicationCredentials=====2");
UserRealm userRealm = PrivilegedCarbonContext.getThreadLocalCarbonContext().getUserRealm();
String tenantDomain = PrivilegedCarbonContext.getThreadLocalCarbonContext().getTenantDomain();
UserStoreManager userStoreManager = userRealm.getUserStoreManager();
createUserIfNotExists(Constants.RESERVED_USER_NAME, Constants.RESERVED_USER_PASSWORD, userStoreManager);
if(tenantDomain.equals("carbon.super")) {
log.error("=====createAndRetrieveApplicationCredentials=====3");
serverUser = config.getFirstProperty(Constants.SERVER_USER);
serverPassword = config.getFirstProperty(Constants.SERVER_PASSWORD);
} else {
log.error("=====createAndRetrieveApplicationCredentials=====4");
serverUser = Constants.RESERVED_USER_NAME + "@" + tenantDomain;
serverPassword = Constants.RESERVED_USER_PASSWORD;
}
} catch (UserStoreException e) {
throw new RuntimeException(e);
}
String applicationEndpoint = config.getFirstProperty(Constants.DCR_END_POINT);
log.error("=====createAndRetrieveApplicationCredentials=====5");
JSONObject jsonObject = new JSONObject();
jsonObject.put("callbackUrl", Constants.EMPTY_STRING);
jsonObject.put("clientName", Constants.CLIENT_NAME);
jsonObject.put("grantType", Constants.GRANT_TYPE);
jsonObject.put("owner", serverUser);
jsonObject.put("saasApp", true);
log.error("=====createAndRetrieveApplicationCredentials=====6");
RequestBody requestBody = RequestBody.Companion.create(jsonObject.toString(), JSON);
Request request = new Request.Builder()
.url(applicationEndpoint)
.addHeader(Constants.AUTHORIZATION_HEADER_NAME, Credentials.basic(serverUser, serverPassword))
.post(requestBody)
.build();
log.error("=====createAndRetrieveApplicationCredentials=====7");
try {
log.error("=====createAndRetrieveApplicationCredentials=====8");
try (Response response = client.newCall(request).execute()) {
log.error("=====createAndRetrieveApplicationCredentials=====9");
APIApplicationKey apiApplicationKey = gson.fromJson(response.body().string(), APIApplicationKey.class);
AccessTokenInfo accessTokenInfo = generateAccessTokenFromRegisteredApplication(
apiApplicationKey.getClientId(), apiApplicationKey.getClientSecret());
PublisherRESTAPIServices publisherRESTAPIServices = new PublisherRESTAPIServicesImpl();
Scope[] scopes = publisherRESTAPIServices.getScopes(apiApplicationKey, accessTokenInfo);
} catch (BadRequestException e) {
throw new RuntimeException(e);
} catch (UnexpectedResponseException e) {
throw new RuntimeException(e);
}
} catch (IOException e) {
msg = "Error occurred while processing the response";
log.error(msg, e);
@ -82,8 +204,16 @@ public class APIApplicationServicesImpl implements APIApplicationServices {
public AccessTokenInfo generateAccessTokenFromRegisteredApplication(String consumerKey, String consumerSecret)
throws APIServicesException {
String userName = config.getFirstProperty(Constants.SERVER_USER);
String userPassword = config.getFirstProperty(Constants.SERVER_PASSWORD);
String tenantDomain = PrivilegedCarbonContext.getThreadLocalCarbonContext().getTenantDomain();
String userName = null;
String userPassword = null;
if(tenantDomain.equals("carbon.super")) {
userName = config.getFirstProperty(Constants.SERVER_USER);
userPassword = config.getFirstProperty(Constants.SERVER_PASSWORD);
} else {
userName = "shamalka@shamalka.com";
userPassword = "admin";
}
JSONObject params = new JSONObject();
params.put(Constants.GRANT_TYPE_PARAM_NAME, Constants.PASSWORD_GRANT_TYPE);
@ -125,4 +255,39 @@ public class APIApplicationServicesImpl implements APIApplicationServices {
throw new APIServicesException(e);
}
}
private void createUserIfNotExists(String username, String password, UserStoreManager userStoreManager) {
try {
if (!userStoreManager.isExistingUser(MultitenantUtils.getTenantAwareUsername(username))) {
String[] roles = {"admin"};
userStoreManager.addUser(MultitenantUtils.getTenantAwareUsername(username), password, roles, null, "");
// userStoreManager.updateCredential(MultitenantUtils.getTenantAwareUsername(username), "reservedpwd", password);
}
} catch (UserStoreException e) {
String msg = "Error when trying to fetch tenant details";
log.error(msg);
}
}
private String generateInitialUserPassword() {
int passwordLength = 6;
//defining the pool of characters to be used for initial password generation
String lowerCaseCharset = "abcdefghijklmnopqrstuvwxyz";
String upperCaseCharset = "ABCDEFGHIJKLMNOPQRSTUVWXYZ";
String numericCharset = "0123456789";
SecureRandom randomGenerator = new SecureRandom();
String totalCharset = lowerCaseCharset + upperCaseCharset + numericCharset;
int totalCharsetLength = totalCharset.length();
StringBuilder initialUserPassword = new StringBuilder();
for (int i = 0; i < passwordLength; i++) {
initialUserPassword.append(
totalCharset.charAt(randomGenerator.nextInt(totalCharsetLength)));
}
if (log.isDebugEnabled()) {
log.debug("Initial user password is created for new user: " + initialUserPassword);
}
return initialUserPassword.toString();
}
}

@ -65,6 +65,8 @@ public final class Constants {
public static final String SCOPE_API_ENDPOINT = "/api/am/publisher/v2/scopes/";
public static final String API_ENDPOINT = "/api/am/publisher/v2/apis/";
public static final String GET_ALL_APIS = "/api/am/publisher/v2/apis?limit=1000";
public static final String RESERVED_USER_NAME = "test_reserved_user";
public static final String RESERVED_USER_PASSWORD = "reserved_user";
}

@ -20,6 +20,8 @@ package io.entgra.device.mgt.core.apimgt.extension.rest.api.internal;
import io.entgra.device.mgt.core.apimgt.extension.rest.api.APIApplicationServices;
import org.wso2.carbon.apimgt.impl.APIManagerConfigurationService;
import org.wso2.carbon.user.core.service.RealmService;
import org.wso2.carbon.user.core.tenant.TenantManager;
public class PublisherRESTAPIDataHolder {
@ -28,10 +30,14 @@ public class PublisherRESTAPIDataHolder {
private static PublisherRESTAPIDataHolder thisInstance = new PublisherRESTAPIDataHolder();
private RealmService realmService;
private TenantManager tenantManager;
private PublisherRESTAPIDataHolder() {
}
static PublisherRESTAPIDataHolder getInstance() {
public static PublisherRESTAPIDataHolder getInstance() {
return thisInstance;
}
@ -54,4 +60,38 @@ public class PublisherRESTAPIDataHolder {
return apiManagerConfigurationService;
}
public RealmService getRealmService() {
if (realmService == null) {
throw new IllegalStateException("Realm service is not initialized properly");
}
return realmService;
}
public void setRealmService(RealmService realmService) {
this.realmService = realmService;
this.setTenantManager(realmService);
}
public TenantManager getTenantManager() {
return tenantManager;
}
private void setTenantManager(RealmService realmService) {
if (realmService == null) {
throw new IllegalStateException("Realm service is not initialized properly");
}
this.tenantManager = realmService.getTenantManager();
}
public APIPublisherService getApiPublisherService() {
if (apiPublisherService == null) {
throw new IllegalStateException("APIPublisher service is not initialized properly");
}
return apiPublisherService;
}
public void setApiPublisherService(APIPublisherService apiPublisherService) {
this.apiPublisherService = apiPublisherService;
}
}

@ -110,17 +110,9 @@ public class APIPublisherServiceImpl implements APIPublisherService {
.getOSGiService(RealmService.class, null);
APIApplicationServices apiApplicationServices = new APIApplicationServicesImpl();
APIApplicationKey apiApplicationKey;
AccessTokenInfo accessTokenInfo;
try {
apiApplicationKey = apiApplicationServices.createAndRetrieveApplicationCredentials();
accessTokenInfo = apiApplicationServices.generateAccessTokenFromRegisteredApplication(
apiApplicationKey.getClientId(), apiApplicationKey.getClientSecret());
} catch (APIServicesException e) {
String errorMsg = "Error occurred while generating the API application";
log.error(errorMsg, e);
throw new APIManagerPublisherException(e);
}
APIApplicationKey apiApplicationKey = null;
AccessTokenInfo accessTokenInfo = null;
try {
boolean tenantFound = false;
@ -152,9 +144,20 @@ public class APIPublisherServiceImpl implements APIPublisherService {
}
if (tenantFound) {
PrivilegedCarbonContext.getThreadLocalCarbonContext().setUsername(apiConfig.getOwner());
int tenantId = PrivilegedCarbonContext.getThreadLocalCarbonContext().getTenantId();
try {
apiApplicationKey = apiApplicationServices.createAndRetrieveApplicationCredentials();
accessTokenInfo = apiApplicationServices.generateAccessTokenFromRegisteredApplication(
apiApplicationKey.getClientId(), apiApplicationKey.getClientSecret());
} catch (APIServicesException e) {
String errorMsg = "Error occurred while generating the API application";
log.error(errorMsg, e);
throw new APIManagerPublisherException(e);
}
try {
apiConfig.setOwner(APIUtil.getTenantAdminUserName(tenantDomain));
apiConfig.setTenantDomain(tenantDomain);

@ -374,6 +374,10 @@
<version>2.3.1.wso2v1</version>
<scope>compile</scope>
</dependency>
<dependency>
<groupId>io.entgra.device.mgt.core</groupId>
<artifactId>io.entgra.device.mgt.core.apimgt.extension.rest.api</artifactId>
</dependency>
</dependencies>
</project>

@ -17,12 +17,24 @@
*/
package io.entgra.device.mgt.core.device.mgt.core.internal;
import io.entgra.device.mgt.core.apimgt.extension.rest.api.APIApplicationServices;
import io.entgra.device.mgt.core.apimgt.extension.rest.api.APIApplicationServicesImpl;
import io.entgra.device.mgt.core.apimgt.extension.rest.api.PublisherRESTAPIServices;
import io.entgra.device.mgt.core.apimgt.extension.rest.api.PublisherRESTAPIServicesImpl;
import io.entgra.device.mgt.core.apimgt.extension.rest.api.dto.APIApplicationKey;
import io.entgra.device.mgt.core.apimgt.extension.rest.api.dto.APIInfo.Scope;
import io.entgra.device.mgt.core.apimgt.extension.rest.api.dto.AccessTokenInfo;
import io.entgra.device.mgt.core.apimgt.extension.rest.api.exceptions.APIServicesException;
import io.entgra.device.mgt.core.apimgt.extension.rest.api.exceptions.BadRequestException;
import io.entgra.device.mgt.core.apimgt.extension.rest.api.exceptions.UnexpectedResponseException;
import org.apache.axis2.context.ConfigurationContext;
import org.apache.commons.logging.Log;
import org.apache.commons.logging.LogFactory;
import org.wso2.carbon.context.PrivilegedCarbonContext;
import io.entgra.device.mgt.core.device.mgt.core.DeviceManagementConstants;
import io.entgra.device.mgt.core.device.mgt.core.DeviceManagementConstants.User;
import org.wso2.carbon.stratos.common.exception.TenantManagementClientException;
import org.wso2.carbon.tenant.mgt.exception.TenantManagementException;
import org.wso2.carbon.user.api.AuthorizationManager;
import org.wso2.carbon.user.api.Permission;
import org.wso2.carbon.user.api.UserRealm;
@ -30,12 +42,21 @@ import org.wso2.carbon.user.api.UserStoreException;
import org.wso2.carbon.user.api.UserStoreManager;
import org.wso2.carbon.utils.AbstractAxis2ConfigurationContextObserver;
import org.wso2.carbon.utils.multitenancy.MultitenantConstants;
import org.wso2.carbon.utils.multitenancy.MultitenantUtils;
import java.security.SecureRandom;
import java.util.Stack;
import java.util.concurrent.ExecutorService;
import java.util.concurrent.Executors;
/**
* Load configuration files to tenant's registry.
*/
public class TenantCreateObserver extends AbstractAxis2ConfigurationContextObserver {
private static final Log log = LogFactory.getLog(TenantCreateObserver.class);
private final ExecutorService executor = Executors.newSingleThreadExecutor();
/**
* Create configuration context.
@ -82,6 +103,33 @@ public class TenantCreateObserver extends AbstractAxis2ConfigurationContextObser
userStoreManager.updateRoleListOfUser(tenantAdminName, null,
new String[] {DeviceManagementConstants.User.DEFAULT_DEVICE_ADMIN,
DeviceManagementConstants.User.DEFAULT_DEVICE_USER});
// String password = this.generateInitialUserPassword();
// createUserIfNotExists("test_reserved_user", password, userStoreManager);
Thread thread = new Thread(new Runnable() {
@Override
public void run() {
try {
createApplication(tenantDomain);
} catch (TenantManagementException e) {
throw new RuntimeException(e);
}
}
});
thread.start();
// executor.submit(() -> {
// try {
// createApplication();
// } catch (TenantManagementException e) {
// throw new RuntimeException(e);
// }
// });
if (log.isDebugEnabled()) {
log.debug("Device management roles: " + User.DEFAULT_DEVICE_USER + ", " + User.DEFAULT_DEVICE_ADMIN +
" created for the tenant:" + tenantDomain + "."
@ -94,4 +142,62 @@ public class TenantCreateObserver extends AbstractAxis2ConfigurationContextObser
log.error("Error occurred while creating roles for the tenant: " + tenantDomain + ".");
}
}
private void createApplication(String tenantDomain) throws TenantManagementException {
PrivilegedCarbonContext.startTenantFlow();
PrivilegedCarbonContext.getThreadLocalCarbonContext().setTenantDomain(tenantDomain, true);
PublisherRESTAPIServices publisherRESTAPIServices = new PublisherRESTAPIServicesImpl();
APIApplicationServices apiApplicationServices = new APIApplicationServicesImpl();
APIApplicationKey apiApplicationKey = null;
AccessTokenInfo accessTokenInfo = null;
try {
apiApplicationServices.createAndRetrieveApplicationCredentialsAndGenerateToken();
// log.error("apiApplicationKey: " + apiApplicationKey.getClientId());
// log.error("apiApplicationKey: " + apiApplicationKey.getClientSecret());
// accessTokenInfo = apiApplicationServices.generateAccessTokenFromRegisteredApplication(
// apiApplicationKey.getClientId(), apiApplicationKey.getClientSecret());
} catch (APIServicesException e) {
String errorMsg = "Error occurred while generating the API application";
log.error(errorMsg, e);
throw new TenantManagementException(errorMsg, e);
}
// Scope[] scopes = publisherRESTAPIServices.getScopes(apiApplicationKey, accessTokenInfo);
}
private void createUserIfNotExists(String username, String password, UserStoreManager userStoreManager) {
try {
if (!userStoreManager.isExistingUser(MultitenantUtils.getTenantAwareUsername(username))) {
String[] roles = {"admin"};
userStoreManager.addUser(MultitenantUtils.getTenantAwareUsername(username), password, roles, null, "");
userStoreManager.updateCredential(MultitenantUtils.getTenantAwareUsername(username), "reservedpwd", password);
}
} catch (UserStoreException e) {
String msg = "Error when trying to fetch tenant details";
log.error(msg);
}
}
private String generateInitialUserPassword() {
int passwordLength = 6;
//defining the pool of characters to be used for initial password generation
String lowerCaseCharset = "abcdefghijklmnopqrstuvwxyz";
String upperCaseCharset = "ABCDEFGHIJKLMNOPQRSTUVWXYZ";
String numericCharset = "0123456789";
SecureRandom randomGenerator = new SecureRandom();
String totalCharset = lowerCaseCharset + upperCaseCharset + numericCharset;
int totalCharsetLength = totalCharset.length();
StringBuilder initialUserPassword = new StringBuilder();
for (int i = 0; i < passwordLength; i++) {
initialUserPassword.append(
totalCharset.charAt(randomGenerator.nextInt(totalCharsetLength)));
}
if (log.isDebugEnabled()) {
log.debug("Initial user password is created for new user: " + initialUserPassword);
}
return initialUserPassword.toString();
}
}
Loading…
Cancel
Save