create mb extension for authorisation

merge-requests/1/head
ayyoob 9 years ago
parent 02851637b3
commit 44662c625b

@ -136,15 +136,14 @@ This file is ciphertool compliant. Refer PRODUCT_HOME/repository/conf/security/c
REQUIRED: Clients will authorized before publishing. this will execute the class given in authorzier
Note: authentication should be REQUIRED for authorization to be REQUIRED.
-->
<authorization>NOT_REQUIRED</authorization>
<authorization>REQUIRED</authorization>
<!--Class name of the authorizer to use. class should
inherit from org.dna.mqtt.moquette.server.IAutherizer
Note: default implementation authorizes against carbon permission with the topic.
-->
<!--connectionPermission is required for a user to connect to broker-->
<authorizer class="org.wso2.carbon.andes.authorization.andes.CarbonPermissionBasedMQTTAuthorizer">
<property name="connectionPermission">/permission/admin/mqtt/connect</property>
<authorizer class="org.wso2.carbon.andes.extensions.device.mgt.mqtt.authorization.DeviceAccessBasedMQTTAuthorizer">
</authorizer>
</security>
</mqtt>

@ -0,0 +1,100 @@
<?xml version="1.0" encoding="utf-8"?>
<!--
~ Copyright (c) 2005-2014, WSO2 Inc. (http://www.wso2.org) All Rights Reserved.
~
~ WSO2 Inc. licenses this file to you under the Apache License,
~ Version 2.0 (the "License"); you may not use this file except
~ in compliance with the License.
~ You may obtain a copy of the License at
~
~ http://www.apache.org/licenses/LICENSE-2.0
~
~ Unless required by applicable law or agreed to in writing,
~ software distributed under the License is distributed on an
~ "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
~ KIND, either express or implied. See the License for the
~ specific language governing permissions and limitations
~ under the License.
-->
<project xmlns="http://maven.apache.org/POM/4.0.0" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xsi:schemaLocation="http://maven.apache.org/POM/4.0.0 http://maven.apache.org/maven-v4_0_0.xsd">
<parent>
<artifactId>mb-extensions</artifactId>
<groupId>org.wso2.iot</groupId>
<version>1.0.0-SNAPSHOT</version>
<relativePath>../pom.xml</relativePath>
</parent>
<modelVersion>4.0.0</modelVersion>
<artifactId>org.wso2.carbon.andes.extensions.device.mgt.mqtt.authorization</artifactId>
<packaging>bundle</packaging>
<name>WSO2 Carbon - Component - MQTT - Authorization Manager</name>
<description>MQTT authorization manager based on Carbon device manager</description>
<url>http://wso2.org</url>
<dependencies>
<dependency>
<groupId>org.wso2.carbon</groupId>
<artifactId>org.wso2.carbon.utils</artifactId>
</dependency>
<dependency>
<groupId>org.wso2.carbon</groupId>
<artifactId>org.wso2.carbon.core</artifactId>
</dependency>
<dependency>
<groupId>org.wso2.andes.wso2</groupId>
<artifactId>andes</artifactId>
</dependency>
<dependency>
<groupId>org.wso2.carbon.devicemgt</groupId>
<artifactId>org.wso2.carbon.device.mgt.core</artifactId>
</dependency>
<dependency>
<groupId>org.wso2.carbon.devicemgt</groupId>
<artifactId>org.wso2.carbon.device.mgt.common</artifactId>
</dependency>
</dependencies>
<build>
<plugins>
<plugin>
<groupId>org.apache.felix</groupId>
<artifactId>maven-scr-plugin</artifactId>
</plugin>
<plugin>
<groupId>org.apache.felix</groupId>
<artifactId>maven-bundle-plugin</artifactId>
<extensions>true</extensions>
<configuration>
<instructions>
<Bundle-SymbolicName>${project.artifactId}</Bundle-SymbolicName>
<Bundle-Name>${project.artifactId}</Bundle-Name>
<Private-Package>
org.wso2.carbon.andes.extensions.device.mgt.mqtt.authorization.internal
</Private-Package>
<Export-Package>
!org.wso2.carbon.andes.extensions.device.mgt.mqtt.authorization.internal,
org.wso2.carbon.andes.extensions.device.mgt.mqtt.authorization.*
</Export-Package>
<Import-Package>
org.apache.log4j,
org.dna.mqtt.moquette.server,
org.wso2.andes.configuration.enums,
org.wso2.andes.mqtt,
org.wso2.carbon.context,
org.wso2.carbon.device.mgt.common,
org.wso2.carbon.device.mgt.common.authorization,
org.apache.commons.logging,
org.osgi.service.component,
org.wso2.carbon.user.core.service,
org.wso2.carbon.user.core.tenant
</Import-Package>
</instructions>
</configuration>
</plugin>
</plugins>
</build>
</project>

@ -0,0 +1,76 @@
/*
* Copyright (c) 2015, WSO2 Inc. (http://www.wso2.org) All Rights Reserved.
*
* WSO2 Inc. licenses this file to you under the Apache License,
* Version 2.0 (the "License"); you may not use this file except
* in compliance with the License.
* You may obtain a copy of the License at
*
* http://www.apache.org/licenses/LICENSE-2.0
*
* Unless required by applicable law or agreed to in writing,
* software distributed under the License is distributed on an
* "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
* KIND, either express or implied. See the License for the
* specific language governing permissions and limitations
* under the License.
*/
package org.wso2.carbon.andes.extensions.device.mgt.mqtt.authorization;
import org.apache.log4j.Logger;
import org.dna.mqtt.moquette.server.IAuthorizer;
import org.wso2.andes.configuration.enums.MQTTAuthoriztionPermissionLevel;
import org.wso2.andes.mqtt.MQTTAuthorizationSubject;
import org.wso2.carbon.andes.extensions.device.mgt.mqtt.authorization.internal.AuthorizationDataHolder;
import org.wso2.carbon.context.PrivilegedCarbonContext;
import org.wso2.carbon.device.mgt.common.DeviceIdentifier;
import org.wso2.carbon.device.mgt.common.authorization.DeviceAccessAuthorizationException;
/**
* Authorize the connecting users against Carbon Permission Model. Intended usage is
* via providing fully qualified class name in broker.xml
* <p/>
* This is just a simple authorization model. For dynamic topics use an implementation based on IAuthorizer
*/
public class DeviceAccessBasedMQTTAuthorizer implements IAuthorizer {
private static final Logger logger = Logger.getLogger(DeviceAccessBasedMQTTAuthorizer.class);
/**
* {@inheritDoc} Authorize the user against carbon device mgt model.
*/
@Override
public boolean isAuthorizedForTopic(MQTTAuthorizationSubject authorizationSubject, String topic,
MQTTAuthoriztionPermissionLevel permissionLevel) {
try {
String topics[] = topic.split("/");
if (topics.length < 3) {
return false;
}
String tenantIdFromTopic = topics[0];
if (!tenantIdFromTopic.equals(authorizationSubject.getTenantDomain())) {
return false;
}
String deviceTypeFromTopic = topics[1];
String deviceIdFromTopic = topics[2];
PrivilegedCarbonContext.startTenantFlow();
PrivilegedCarbonContext.getThreadLocalCarbonContext().setTenantDomain(
authorizationSubject.getTenantDomain(), true);
PrivilegedCarbonContext.getThreadLocalCarbonContext().setUsername(authorizationSubject.getUsername());
return AuthorizationDataHolder.getInstance().getDeviceAccessAuthorizationService().isUserAuthorized(
new DeviceIdentifier(deviceIdFromTopic, deviceTypeFromTopic));
} catch (DeviceAccessAuthorizationException e) {
logger.error("Failed on Device Access Authorization for user " + authorizationSubject.getUsername(), e);
} finally {
PrivilegedCarbonContext.endTenantFlow();
}
return false;
}
/**
* {@inheritDoc} Authorized the user against carbon device mgt model.
*/
@Override
public boolean isAuthorizedToConnect(MQTTAuthorizationSubject authorizationSubject) {
return true;
}
}

@ -0,0 +1,67 @@
/*
* Copyright (c) 2014, WSO2 Inc. (http://www.wso2.org) All Rights Reserved.
*
* WSO2 Inc. licenses this file to you under the Apache License,
* Version 2.0 (the "License"); you may not use this file except
* in compliance with the License.
* you may obtain a copy of the License at
*
* http://www.apache.org/licenses/LICENSE-2.0
*
* Unless required by applicable law or agreed to in writing,
* software distributed under the License is distributed on an
* "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
* KIND, either express or implied. See the License for the
* specific language governing permissions and limitations
* under the License.
*/
package org.wso2.carbon.andes.extensions.device.mgt.mqtt.authorization.internal;
import org.wso2.carbon.device.mgt.common.authorization.DeviceAccessAuthorizationService;
import org.wso2.carbon.user.core.service.RealmService;
import org.wso2.carbon.user.core.tenant.TenantManager;
public class AuthorizationDataHolder {
private RealmService realmService;
private TenantManager tenantManager;
private DeviceAccessAuthorizationService deviceAccessAuthorizationService;
private static AuthorizationDataHolder thisInstance = new AuthorizationDataHolder();
private AuthorizationDataHolder() {}
public static AuthorizationDataHolder getInstance() {
return thisInstance;
}
public RealmService getRealmService() {
return realmService;
}
public void setRealmService(RealmService realmService) {
this.realmService = realmService;
this.setTenantManager(realmService);
}
private void setTenantManager(RealmService realmService) {
if (realmService == null) {
throw new IllegalStateException("Realm service is not initialized properly");
}
this.tenantManager = realmService.getTenantManager();
}
public TenantManager getTenantManager() {
return tenantManager;
}
public DeviceAccessAuthorizationService getDeviceAccessAuthorizationService() {
return deviceAccessAuthorizationService;
}
public void setDeviceAccessAuthorizationService(DeviceAccessAuthorizationService deviceAccessAuthorizationService) {
this.deviceAccessAuthorizationService = deviceAccessAuthorizationService;
}
}

@ -0,0 +1,93 @@
/*
* Copyright (c) 2014, WSO2 Inc. (http://www.wso2.org) All Rights Reserved.
*
* WSO2 Inc. licenses this file to you under the Apache License,
* Version 2.0 (the "License"); you may not use this file except
* in compliance with the License.
* you may obtain a copy of the License at
*
* http://www.apache.org/licenses/LICENSE-2.0
*
* Unless required by applicable law or agreed to in writing,
* software distributed under the License is distributed on an
* "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
* KIND, either express or implied. See the License for the
* specific language governing permissions and limitations
* under the License.
*/
package org.wso2.carbon.andes.extensions.device.mgt.mqtt.authorization.internal;
import org.apache.commons.logging.Log;
import org.apache.commons.logging.LogFactory;
import org.osgi.service.component.ComponentContext;
import org.wso2.carbon.device.mgt.common.authorization.DeviceAccessAuthorizationService;
import org.wso2.carbon.user.core.service.RealmService;
/**
* @scr.component name="org.wso2.carbon.devicemgt.policy.manager" immediate="true"
* @scr.reference name="user.realmservice.default"
* interface="org.wso2.carbon.user.core.service.RealmService"
* cardinality="1..1"
* policy="dynamic"
* bind="setRealmService"
* unbind="unsetRealmService"
* @scr.reference name="org.wso2.carbon.device.access.authorization"
* interface="org.wso2.carbon.device.mgt.common.authorization.DeviceAccessAuthorizationService"
* cardinality="1..1"
* policy="dynamic"
* bind="setDeviceAccessAuthorizationService"
* unbind="unsetDeviceAccessAuthorizationService"
*/
@SuppressWarnings("unused")
public class AuthorizationServiceComponent {
private static Log log = LogFactory.getLog(AuthorizationServiceComponent.class);
protected void activate(ComponentContext componentContext) {
}
@SuppressWarnings("unused")
protected void deactivate(ComponentContext componentContext) {
}
/**
* Sets Realm Service
*
* @param realmService An instance of RealmService
*/
protected void setRealmService(RealmService realmService) {
if (log.isDebugEnabled()) {
log.debug("Setting Realm Service");
}
AuthorizationDataHolder.getInstance().setRealmService(realmService);
}
/**
* Unsets Realm Service
*
* @param realmService An instance of RealmService
*/
protected void unsetRealmService(RealmService realmService) {
if (log.isDebugEnabled()) {
log.debug("Unsetting Realm Service");
}
AuthorizationDataHolder.getInstance().setRealmService(null);
}
protected void setDeviceAccessAuthorizationService(DeviceAccessAuthorizationService deviceAccessAuthorizationService) {
if (log.isDebugEnabled()) {
log.debug("Setting Device Access Authorization Service");
}
AuthorizationDataHolder.getInstance().setDeviceAccessAuthorizationService(deviceAccessAuthorizationService);
}
protected void unsetDeviceAccessAuthorizationService(DeviceAccessAuthorizationService deviceAccessAuthorizationService) {
if (log.isDebugEnabled()) {
log.debug("Removing Device Access Authorization Service");
}
AuthorizationDataHolder.getInstance().setDeviceAccessAuthorizationService(null);
}
}

@ -0,0 +1,38 @@
<?xml version="1.0" encoding="UTF-8"?>
<!--
~ Copyright (c) 2014, WSO2 Inc. (http://www.wso2.org) All Rights Reserved.
~
~ WSO2 Inc. licenses this file to you under the Apache License,
~ Version 2.0 (the "License"); you may not use this file except
~ in compliance with the License.
~ You may obtain a copy of the License at
~
~ http://www.apache.org/licenses/LICENSE-2.0
~
~ Unless required by applicable law or agreed to in writing,
~ software distributed under the License is distributed on an
~ "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
~ KIND, either express or implied. See the License for the
~ specific language governing permissions and limitations
~ under the License.
-->
<project xmlns="http://maven.apache.org/POM/4.0.0" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xsi:schemaLocation="http://maven.apache.org/POM/4.0.0 http://maven.apache.org/xsd/maven-4.0.0.xsd">
<parent>
<groupId>org.wso2.iot</groupId>
<artifactId>iot-extensions</artifactId>
<version>1.0.0-SNAPSHOT</version>
<relativePath>../../pom.xml</relativePath>
</parent>
<modelVersion>4.0.0</modelVersion>
<artifactId>mb-extensions</artifactId>
<packaging>pom</packaging>
<name>WSO2 Carbon - MB Extension</name>
<url>http://wso2.org</url>
<modules>
<module>org.wso2.carbon.andes.extensions.device.mgt.mqtt.authorization</module>
</modules>
</project>

@ -0,0 +1,81 @@
<?xml version="1.0" encoding="utf-8"?>
<!--
~ Copyright (c) 2015, WSO2 Inc. (http://www.wso2.org) All Rights Reserved.
~
~ WSO2 Inc. licenses this file to you under the Apache License,
~ Version 2.0 (the "License"); you may not use this file except
~ in compliance with the License.
~ You may obtain a copy of the License at
~
~ http://www.apache.org/licenses/LICENSE-2.0
~
~ Unless required by applicable law or agreed to in writing,
~ software distributed under the License is distributed on an
~ "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
~ KIND, either express or implied. See the License for the
~ specific language governing permissions and limitations
~ under the License.
-->
<project xmlns="http://maven.apache.org/POM/4.0.0" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xsi:schemaLocation="http://maven.apache.org/POM/4.0.0 http://maven.apache.org/maven-v4_0_0.xsd">
<parent>
<artifactId>mb-extensions-feature</artifactId>
<groupId>org.wso2.iot</groupId>
<version>1.0.0-SNAPSHOT</version>
<relativePath>../pom.xml</relativePath>
</parent>
<modelVersion>4.0.0</modelVersion>
<artifactId>org.wso2.carbon.andes.extensions.device.mgt.mqtt.authorization.feature</artifactId>
<packaging>pom</packaging>
<name>WSO2 Carbon - MQTT Authorization Feature</name>
<url>http://wso2.org</url>
<description>This feature contains the bundles required for mqtt authorization</description>
<dependencies>
<dependency>
<groupId>org.wso2.iot</groupId>
<artifactId>org.wso2.carbon.andes.extensions.device.mgt.mqtt.authorization</artifactId>
</dependency>
</dependencies>
<build>
<plugins>
<plugin>
<groupId>org.wso2.maven</groupId>
<artifactId>carbon-p2-plugin</artifactId>
<version>${carbon.p2.plugin.version}</version>
<executions>
<execution>
<id>4-p2-feature-generation</id>
<phase>package</phase>
<goals>
<goal>p2-feature-gen</goal>
</goals>
<configuration>
<id>org.wso2.carbon.andes.extensions.device.mgt.mqtt.authorization</id>
<propertiesFile>../../etc/feature.properties</propertiesFile>
<adviceFile>
<properties>
<propertyDef>org.wso2.carbon.p2.category.type:server</propertyDef>
<propertyDef>org.eclipse.equinox.p2.type.group:true</propertyDef>
</properties>
</adviceFile>
<bundles>
<bundleDef>
org.wso2.iot:org.wso2.carbon.andes.extensions.device.mgt.mqtt.authorization:${carbon.iot.device.mgt.version}
</bundleDef>
</bundles>
<importFeatures>
<importFeatureDef>org.wso2.carbon.core.server:${carbon.kernel.version}</importFeatureDef>
<importFeatureDef>org.wso2.carbon.device.mgt.server:${carbon.device.mgt.version}</importFeatureDef>
</importFeatures>
</configuration>
</execution>
</executions>
</plugin>
</plugins>
</build>
</project>

@ -0,0 +1,19 @@
#
# Copyright (c) 2005-2014, WSO2 Inc. (http://www.wso2.org) All Rights Reserved.
#
# WSO2 Inc. licenses this file to you under the Apache License,
# Version 2.0 (the "License"); you may not use this file except
# in compliance with the License.
# You may obtain a copy of the License at
#
# http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing,
# software distributed under the License is distributed on an
# "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
# KIND, either express or implied. See the License for the
# specific language governing permissions and limitations
# under the License.
#
custom = true

@ -0,0 +1,40 @@
<?xml version="1.0" encoding="UTF-8"?>
<!--
~ Copyright (c) 2016, WSO2 Inc. (http://www.wso2.org) All Rights Reserved.
~
~ WSO2 Inc. licenses this file to you under the Apache License,
~ Version 2.0 (the "License"); you may not use this file except
~ in compliance with the License.
~ You may obtain a copy of the License at
~
~ http://www.apache.org/licenses/LICENSE-2.0
~
~ Unless required by applicable law or agreed to in writing,
~ software distributed under the License is distributed on an
~ "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
~ KIND, either express or implied. See the License for the
~ specific language governing permissions and limitations
~ under the License.
-->
<project xmlns="http://maven.apache.org/POM/4.0.0" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xsi:schemaLocation="http://maven.apache.org/POM/4.0.0 http://maven.apache.org/xsd/maven-4.0.0.xsd">
<parent>
<groupId>org.wso2.iot</groupId>
<artifactId>iot-extensions</artifactId>
<version>1.0.0-SNAPSHOT</version>
<relativePath>../../pom.xml</relativePath>
</parent>
<modelVersion>4.0.0</modelVersion>
<artifactId>mb-extensions-feature</artifactId>
<version>1.0.0-SNAPSHOT</version>
<packaging>pom</packaging>
<name>WSO2 Carbon - Device Management, MB Extensions Feature</name>
<url>http://wso2.org</url>
<modules>
<module>org.wso2.carbon.andes.extensions.device.mgt.mqtt.authorization.feature</module>
</modules>
</project>

@ -34,7 +34,9 @@
<modules>
<module>components/das-extensions</module>
<module>components/mb-extensions</module>
<module>features/das-extensions-feature</module>
<module>features/mb-extensions-feature</module>
</modules>
</project>

@ -157,6 +157,9 @@
<featureArtifactDef>
org.wso2.carbon.devicemgt-plugins:org.wso2.carbon.device.mgt.iot.feature:${carbon.device.mgt.plugin.version}
</featureArtifactDef>
<featureArtifactDef>
org.wso2.carbon.devicemgt-plugins:org.wso2.carbon.device.mgt.iot.adapter.feature:${carbon.device.mgt.plugin.version}
</featureArtifactDef>
<featureArtifactDef>
org.wso2.carbon.devicemgt-plugins:org.wso2.carbon.device.mgt.iot.androidsense.feature:${carbon.device.mgt.plugin.version}
</featureArtifactDef>
@ -389,6 +392,9 @@
<featureArtifactDef>
org.wso2.iot:org.wso2.carbon.event.adapter.extensions.server.feature:${carbon.iot.device.mgt.version}
</featureArtifactDef>
<featureArtifactDef>
org.wso2.iot:org.wso2.carbon.andes.extensions.device.mgt.mqtt.authorization.feature:${carbon.iot.device.mgt.version}
</featureArtifactDef>
<!-- Mediation Features -->
<featureArtifactDef>
@ -783,6 +789,10 @@
<id>org.wso2.carbon.event.adapter.extensions.server.feature.group</id>
<version>${carbon.iot.device.mgt.version}</version>
</feature>
<feature>
<id>org.wso2.carbon.andes.extensions.device.mgt.mqtt.authorization.feature.group</id>
<version>${carbon.iot.device.mgt.version}</version>
</feature>
<!-- End of IoTServer Features -->
<!-- Device Management Features -->
@ -853,6 +863,10 @@
<id>org.wso2.carbon.device.mgt.iot.feature.group</id>
<version>${carbon.device.mgt.plugin.version}</version>
</feature>
<feature>
<id>org.wso2.carbon.device.mgt.iot.adapter.feature.group</id>
<version>${carbon.device.mgt.plugin.version}</version>
</feature>
<feature>
<id>org.wso2.carbon.device.mgt.iot.androidsense.feature.group</id>
<version>${carbon.device.mgt.plugin.version}</version>

@ -1041,12 +1041,21 @@
<version>${carbon.iot.device.mgt.version}</version>
</dependency>
<!--mqtt-->
<dependency>
<groupId>org.wso2.iot</groupId>
<artifactId>org.wso2.carbon.andes.extensions.device.mgt.mqtt.authorization</artifactId>
<version>${carbon.iot.device.mgt.version}</version>
</dependency>
<dependency>
<groupId>org.eclipse.paho</groupId>
<artifactId>org.eclipse.paho.client.mqttv3</artifactId>
<version>${eclipse.paho.version}</version>
</dependency>
<dependency>
<groupId>org.wso2.andes.wso2</groupId>
<artifactId>andes</artifactId>
<version>${carbon.messaging.version}</version>
</dependency>
</dependencies>
</dependencyManagement>

Loading…
Cancel
Save