From de957bec29a364186f084970264c2493d0e8c409 Mon Sep 17 00:00:00 2001 From: ayyoob Date: Thu, 12 Jan 2017 11:12:28 +0530 Subject: [PATCH 1/5] few changes after testing the cluster --- .../pom.xml | 6 +- .../authenticator/JWTAuthenticator.java | 73 ++++++++++++------- .../pom.xml | 3 + .../src/main/resources/jwt.properties | 6 +- .../conf/webapp-authenticator-config.xml | 6 +- 5 files changed, 59 insertions(+), 35 deletions(-) diff --git a/components/device-mgt/org.wso2.carbon.device.mgt.url.printer/pom.xml b/components/device-mgt/org.wso2.carbon.device.mgt.url.printer/pom.xml index 83c552cb527..3a8e2a3b4c0 100644 --- a/components/device-mgt/org.wso2.carbon.device.mgt.url.printer/pom.xml +++ b/components/device-mgt/org.wso2.carbon.device.mgt.url.printer/pom.xml @@ -59,7 +59,7 @@ ${project.artifactId} ${carbon.device.mgt.version} IoT Server Impl Bundle - org.wso2.carbon.device.mgt.iot.url.printer.internal + org.wso2.carbon.device.mgt.url.printer.internal org.osgi.framework, org.osgi.service.component, @@ -69,8 +69,8 @@ org.wso2.carbon.utils.*, - !org.wso2.carbon.device.mgt.iot.url.printer.internal, - org.wso2.carbon.device.mgt.iot.url.printer.*;version="${project.version}" + !org.wso2.carbon.device.mgt.url.printer.internal, + org.wso2.carbon.device.mgt.url.printer.*;version="${project.version}" diff --git a/components/webapp-authenticator-framework/org.wso2.carbon.webapp.authenticator.framework/src/main/java/org/wso2/carbon/webapp/authenticator/framework/authenticator/JWTAuthenticator.java b/components/webapp-authenticator-framework/org.wso2.carbon.webapp.authenticator.framework/src/main/java/org/wso2/carbon/webapp/authenticator/framework/authenticator/JWTAuthenticator.java index b269f7c2855..81f885cd363 100644 --- a/components/webapp-authenticator-framework/org.wso2.carbon.webapp.authenticator.framework/src/main/java/org/wso2/carbon/webapp/authenticator/framework/authenticator/JWTAuthenticator.java +++ b/components/webapp-authenticator-framework/org.wso2.carbon.webapp.authenticator.framework/src/main/java/org/wso2/carbon/webapp/authenticator/framework/authenticator/JWTAuthenticator.java @@ -62,7 +62,7 @@ public class JWTAuthenticator implements WebappAuthenticator { private static final String DEFAULT_TRUST_STORE_LOCATION = "Security.TrustStore.Location"; private static final String DEFAULT_TRUST_STORE_PASSWORD = "Security.TrustStore.Password"; - private static final Map publicKeyHolder = new HashMap<>(); + private static final Map publicKeyHolder = new HashMap<>(); private Properties properties; private static void loadTenantRegistry(int tenantId) throws RegistryException { @@ -106,46 +106,37 @@ public class JWTAuthenticator implements WebappAuthenticator { String username = jwsObject.getJWTClaimsSet().getStringClaim(SIGNED_JWT_AUTH_USERNAME); String tenantDomain = MultitenantUtils.getTenantDomain(username); int tenantId = Integer.parseInt(jwsObject.getJWTClaimsSet().getStringClaim(SIGNED_JWT_AUTH_TENANT_ID)); + String issuer = jwsObject.getJWTClaimsSet().getIssuer(); PrivilegedCarbonContext.startTenantFlow(); PrivilegedCarbonContext.getThreadLocalCarbonContext().setTenantDomain(tenantDomain); PrivilegedCarbonContext.getThreadLocalCarbonContext().setTenantId(tenantId); - PublicKey publicKey = publicKeyHolder.get(tenantDomain); + IssuerAlias issuerAlias = new IssuerAlias(issuer, tenantDomain); + PublicKey publicKey = publicKeyHolder.get(issuerAlias); if (publicKey == null) { loadTenantRegistry(tenantId); KeyStoreManager keyStoreManager = KeyStoreManager.getInstance(tenantId); if (MultitenantConstants.SUPER_TENANT_DOMAIN_NAME.equals(tenantDomain)) { - String defaultPublicKey = properties.getProperty("DefaultPublicKey"); - if (defaultPublicKey != null && !defaultPublicKey.isEmpty()) { - boolean isDefaultPublicKey = Boolean.parseBoolean(defaultPublicKey); - if (isDefaultPublicKey) { - publicKey = keyStoreManager.getDefaultPublicKey(); - } else { - String alias = properties.getProperty("KeyAlias"); - if (alias != null && !alias.isEmpty()) { - ServerConfiguration serverConfig = CarbonUtils.getServerConfiguration(); - KeyStore keyStore = KeyStore.getInstance(KeyStore.getDefaultType()); - String trustStorePath = serverConfig.getFirstProperty(DEFAULT_TRUST_STORE_LOCATION); - String trustStorePassword = serverConfig.getFirstProperty( - DEFAULT_TRUST_STORE_PASSWORD); - keyStore.load(new FileInputStream(trustStorePath), trustStorePassword.toCharArray()); - publicKey = keyStore.getCertificate(alias).getPublicKey(); - } else { - authenticationInfo.setStatus(Status.FAILURE); - return authenticationInfo; - } - } - + String alias = properties.getProperty(issuer); + if (alias != null && !alias.isEmpty()) { + ServerConfiguration serverConfig = CarbonUtils.getServerConfiguration(); + KeyStore keyStore = KeyStore.getInstance(KeyStore.getDefaultType()); + String trustStorePath = serverConfig.getFirstProperty(DEFAULT_TRUST_STORE_LOCATION); + String trustStorePassword = serverConfig.getFirstProperty( + DEFAULT_TRUST_STORE_PASSWORD); + keyStore.load(new FileInputStream(trustStorePath), trustStorePassword.toCharArray()); + publicKey = keyStore.getCertificate(alias).getPublicKey(); } else { - publicKey = keyStoreManager.getDefaultPublicKey(); + authenticationInfo.setStatus(Status.FAILURE); + return authenticationInfo; } - } else { String ksName = tenantDomain.trim().replace('.', '-'); String jksName = ksName + ".jks"; publicKey = keyStoreManager.getKeyStore(jksName).getCertificate(tenantDomain).getPublicKey(); } if (publicKey != null) { - publicKeyHolder.put(tenantDomain, publicKey); + issuerAlias = new IssuerAlias(tenantDomain); + publicKeyHolder.put(issuerAlias, publicKey); } } @@ -205,4 +196,34 @@ public class JWTAuthenticator implements WebappAuthenticator { } return this.properties.getProperty(name); } + + private class IssuerAlias { + + private String issuer; + private String tenantDomain; + private final String DEFAULT_ISSUER = "default"; + + public IssuerAlias(String tenantDomain) { + this.issuer = DEFAULT_ISSUER; + this.tenantDomain = tenantDomain; + } + + public IssuerAlias(String issuer, String tenantDomain) { + this.issuer = issuer; + this.tenantDomain = tenantDomain; + } + + @Override + public int hashCode() { + int result = this.issuer.hashCode(); + result = 31 * result + ("@" + this.tenantDomain).hashCode(); + return result; + } + + @Override + public boolean equals(Object obj) { + return (obj instanceof IssuerAlias) && issuer.equals( + ((IssuerAlias) obj).issuer) && tenantDomain == ((IssuerAlias) obj).tenantDomain; + } + } } diff --git a/features/device-mgt/org.wso2.carbon.device.mgt.server.feature/pom.xml b/features/device-mgt/org.wso2.carbon.device.mgt.server.feature/pom.xml index ba37ab67c8d..a18ed810001 100644 --- a/features/device-mgt/org.wso2.carbon.device.mgt.server.feature/pom.xml +++ b/features/device-mgt/org.wso2.carbon.device.mgt.server.feature/pom.xml @@ -122,6 +122,9 @@ org.wso2.carbon.devicemgt:org.wso2.carbon.device.mgt.common:${carbon.device.mgt.version} + + org.wso2.carbon.devicemgt:org.wso2.carbon.device.mgt.url.printer:${carbon.device.mgt.version} + diff --git a/features/jwt-client/org.wso2.carbon.identity.jwt.client.extension.feature/src/main/resources/jwt.properties b/features/jwt-client/org.wso2.carbon.identity.jwt.client.extension.feature/src/main/resources/jwt.properties index 9e4021a9138..3c384655811 100644 --- a/features/jwt-client/org.wso2.carbon.identity.jwt.client.extension.feature/src/main/resources/jwt.properties +++ b/features/jwt-client/org.wso2.carbon.identity.jwt.client.extension.feature/src/main/resources/jwt.properties @@ -17,13 +17,13 @@ # #issuer of the JWT -iss=iot_default +iss=wso2.org/products/iot -TokenEndpoint=https://localhost:${carbon.https.port}/oauth2/token +TokenEndpoint=https://${iot.keymanager.host}:${iot.keymanager.https.port}/oauth2/token #audience of JWT claim #comma seperated values -aud=wso2.org/products/iot +aud=devicemgt #expiration time of JWT (number of minutes from the current time) exp=1000 diff --git a/features/webapp-authenticator-framework/org.wso2.carbon.webapp.authenticator.framework.server.feature/src/main/resources/conf/webapp-authenticator-config.xml b/features/webapp-authenticator-framework/org.wso2.carbon.webapp.authenticator.framework.server.feature/src/main/resources/conf/webapp-authenticator-config.xml index 115442d9dfc..8725f4a99ae 100644 --- a/features/webapp-authenticator-framework/org.wso2.carbon.webapp.authenticator.framework.server.feature/src/main/resources/conf/webapp-authenticator-config.xml +++ b/features/webapp-authenticator-framework/org.wso2.carbon.webapp.authenticator.framework.server.feature/src/main/resources/conf/webapp-authenticator-config.xml @@ -20,9 +20,9 @@ JWT org.wso2.carbon.webapp.authenticator.framework.authenticator.JWTAuthenticator - true - - + + wso2carbon + wso2carbon From 2fbaf31b939ced4757d3fcbace1874535e010abf Mon Sep 17 00:00:00 2001 From: ayyoob Date: Thu, 12 Jan 2017 18:13:43 +0530 Subject: [PATCH 2/5] fixed permission and assigned environment variables for url context --- .../pom.xml | 5 ++ .../api/filter/ApiPermissionFilter.java | 3 + .../extension/api/util/APIUtil.java | 60 ++++++++++++++++++- .../src/main/webapp/META-INF/permissions.xml | 4 +- .../CertificateManagementAdminService.java | 13 +++- .../service/api/DeviceManagementService.java | 1 - ...DeviceAccessAuthorizationAdminService.java | 42 ++++++++++++- .../devicemgt/app/conf/config.json | 4 +- .../authenticator/framework/Utils/Utils.java | 16 +++++ .../authenticator/BSTAuthenticator.java | 2 +- .../authenticator/OAuthAuthenticator.java | 2 +- .../conf/webapp-publisher-config.xml | 2 +- .../conf/webapp-authenticator-config.xml | 5 +- 13 files changed, 145 insertions(+), 14 deletions(-) diff --git a/components/apimgt-extensions/org.wso2.carbon.apimgt.application.extension.api/pom.xml b/components/apimgt-extensions/org.wso2.carbon.apimgt.application.extension.api/pom.xml index a48a6ef2e89..2ec55c44aa3 100644 --- a/components/apimgt-extensions/org.wso2.carbon.apimgt.application.extension.api/pom.xml +++ b/components/apimgt-extensions/org.wso2.carbon.apimgt.application.extension.api/pom.xml @@ -173,6 +173,11 @@ org.wso2.carbon.device.mgt.common provided + + org.wso2.carbon + org.wso2.carbon.registry.core + provided + diff --git a/components/apimgt-extensions/org.wso2.carbon.apimgt.application.extension.api/src/main/java/org/wso2/carbon/apimgt/application/extension/api/filter/ApiPermissionFilter.java b/components/apimgt-extensions/org.wso2.carbon.apimgt.application.extension.api/src/main/java/org/wso2/carbon/apimgt/application/extension/api/filter/ApiPermissionFilter.java index 9c1dfac4bdd..5f05dfb3373 100644 --- a/components/apimgt-extensions/org.wso2.carbon.apimgt.application.extension.api/src/main/java/org/wso2/carbon/apimgt/application/extension/api/filter/ApiPermissionFilter.java +++ b/components/apimgt-extensions/org.wso2.carbon.apimgt.application.extension.api/src/main/java/org/wso2/carbon/apimgt/application/extension/api/filter/ApiPermissionFilter.java @@ -56,6 +56,9 @@ public class ApiPermissionFilter implements Filter { PermissionConfiguration permissionConfiguration = (PermissionConfiguration) unmarshaller.unmarshal(permissionStream); permissions = permissionConfiguration.getPermissions(); + for (Permission permission : permissions) { + APIUtil.putPermission(PERMISSION_PREFIX + permission.getPath()); + } } catch (JAXBException e) { log.error("invalid permissions.xml", e); } diff --git a/components/apimgt-extensions/org.wso2.carbon.apimgt.application.extension.api/src/main/java/org/wso2/carbon/apimgt/application/extension/api/util/APIUtil.java b/components/apimgt-extensions/org.wso2.carbon.apimgt.application.extension.api/src/main/java/org/wso2/carbon/apimgt/application/extension/api/util/APIUtil.java index a3830019a5a..cdce160c54d 100644 --- a/components/apimgt-extensions/org.wso2.carbon.apimgt.application.extension.api/src/main/java/org/wso2/carbon/apimgt/application/extension/api/util/APIUtil.java +++ b/components/apimgt-extensions/org.wso2.carbon.apimgt.application.extension.api/src/main/java/org/wso2/carbon/apimgt/application/extension/api/util/APIUtil.java @@ -21,12 +21,18 @@ package org.wso2.carbon.apimgt.application.extension.api.util; import org.apache.commons.logging.Log; import org.apache.commons.logging.LogFactory; import org.wso2.carbon.apimgt.application.extension.APIManagementProviderService; +import org.wso2.carbon.base.MultitenantConstants; import org.wso2.carbon.context.PrivilegedCarbonContext; import org.wso2.carbon.device.mgt.common.DeviceManagementException; import org.wso2.carbon.device.mgt.core.service.DeviceManagementProviderService; +import org.wso2.carbon.registry.api.Resource; +import org.wso2.carbon.registry.core.Registry; +import org.wso2.carbon.registry.core.exceptions.RegistryException; +import org.wso2.carbon.registry.core.service.RegistryService; import org.wso2.carbon.user.core.service.RealmService; import java.util.List; +import java.util.StringTokenizer; /** * This class provides utility functions used by REST-API. @@ -35,6 +41,8 @@ public class APIUtil { private static Log log = LogFactory.getLog(APIUtil.class); private static final String DEFAULT_CDMF_API_TAG = "device_management"; + private static final String DEFAULT_CERT_API_TAG = "scep_management"; + public static final String PERMISSION_PROPERTY_NAME = "name"; public static String getAuthenticatedUser() { PrivilegedCarbonContext threadLocalCarbonContext = PrivilegedCarbonContext.getThreadLocalCarbonContext(); @@ -48,8 +56,7 @@ public class APIUtil { public static String getTenantDomainOftheUser() { PrivilegedCarbonContext threadLocalCarbonContext = PrivilegedCarbonContext.getThreadLocalCarbonContext(); - String tenantDomain = threadLocalCarbonContext.getTenantDomain(); - return tenantDomain; + return threadLocalCarbonContext.getTenantDomain(); } public static APIManagementProviderService getAPIManagementProviderService() { @@ -92,6 +99,55 @@ public class APIUtil { //Todo get allowed cdmf service tags from config. List allowedApisTags = getDeviceManagementProviderService().getAvailableDeviceTypes(); allowedApisTags.add(DEFAULT_CDMF_API_TAG); + allowedApisTags.add(DEFAULT_CERT_API_TAG); return allowedApisTags; } + + public static void putPermission(String permission) { + try { + StringTokenizer tokenizer = new StringTokenizer(permission, "/"); + String lastToken = "", currentToken, tempPath; + while (tokenizer.hasMoreTokens()) { + currentToken = tokenizer.nextToken(); + tempPath = lastToken + "/" + currentToken; + if (!checkResourceExists(tempPath)) { + createRegistryCollection(tempPath, currentToken); + + } + lastToken = tempPath; + } + } catch (org.wso2.carbon.registry.api.RegistryException e) { + log.error("Failed to creation permission in registry" + permission, e); + } + } + + public static void createRegistryCollection(String path, String resourceName) + throws org.wso2.carbon.registry.api.RegistryException { + Resource resource = getGovernanceRegistry().newCollection(); + resource.addProperty(PERMISSION_PROPERTY_NAME, resourceName); + getGovernanceRegistry().beginTransaction(); + getGovernanceRegistry().put(path, resource); + getGovernanceRegistry().commitTransaction(); + } + + public static boolean checkResourceExists(String path) + throws RegistryException { + return getGovernanceRegistry().resourceExists(path); + } + + public static Registry getGovernanceRegistry() throws RegistryException { + return getRegistryService().getGovernanceSystemRegistry(MultitenantConstants.SUPER_TENANT_ID); + } + + public static RegistryService getRegistryService() { + PrivilegedCarbonContext ctx = PrivilegedCarbonContext.getThreadLocalCarbonContext(); + RegistryService registryService = + (RegistryService) ctx.getOSGiService(RegistryService.class, null); + if (registryService == null) { + String msg = "registry service has not initialized."; + log.error(msg); + throw new IllegalStateException(msg); + } + return registryService; + } } diff --git a/components/apimgt-extensions/org.wso2.carbon.apimgt.application.extension.api/src/main/webapp/META-INF/permissions.xml b/components/apimgt-extensions/org.wso2.carbon.apimgt.application.extension.api/src/main/webapp/META-INF/permissions.xml index 0124990741f..591725fa120 100644 --- a/components/apimgt-extensions/org.wso2.carbon.apimgt.application.extension.api/src/main/webapp/META-INF/permissions.xml +++ b/components/apimgt-extensions/org.wso2.carbon.apimgt.application.extension.api/src/main/webapp/META-INF/permissions.xml @@ -37,14 +37,14 @@ Register application - /device-mgt/user/api/application + /device-mgt/api/application /register POST application_user Delete application - /device-mgt/user/api/application + /device-mgt/api/application /unregister DELETE application_user diff --git a/components/certificate-mgt/org.wso2.carbon.certificate.mgt.cert.admin.api/src/main/java/org/wso2/carbon/certificate/mgt/cert/jaxrs/api/CertificateManagementAdminService.java b/components/certificate-mgt/org.wso2.carbon.certificate.mgt.cert.admin.api/src/main/java/org/wso2/carbon/certificate/mgt/cert/jaxrs/api/CertificateManagementAdminService.java index 14d06f00f04..f4a4c52c366 100644 --- a/components/certificate-mgt/org.wso2.carbon.certificate.mgt.cert.admin.api/src/main/java/org/wso2/carbon/certificate/mgt/cert/jaxrs/api/CertificateManagementAdminService.java +++ b/components/certificate-mgt/org.wso2.carbon.certificate.mgt.cert.admin.api/src/main/java/org/wso2/carbon/certificate/mgt/cert/jaxrs/api/CertificateManagementAdminService.java @@ -64,6 +64,12 @@ import javax.ws.rs.core.Response; description = "Deleting an SSL Certificate", key = "perm:admin:certificates:delete", permissions = {"/device-mgt/admin/certificates/delete"} + ), + @Scope( + name = "Verify SSL certificate", + description = "Verify SSL certificate", + key = "perm:admin:certificates:verify", + permissions = {"/device-mgt/admin/certificates/verify"} ) } ) @@ -428,7 +434,12 @@ public interface CertificateManagementAdminService { httpMethod = "POST", value = "Verify Android SSL certificate", notes = "Verify Android Certificate for the API security filter.\n", - tags = "Certificate Management") + tags = "Certificate Management", + extensions = { + @Extension(properties = { + @ExtensionProperty(name = SCOPE, value = "perm:admin:certificates:add") + }) + }) @ApiResponses( value = { @ApiResponse( diff --git a/components/device-mgt/org.wso2.carbon.device.mgt.api/src/main/java/org/wso2/carbon/device/mgt/jaxrs/service/api/DeviceManagementService.java b/components/device-mgt/org.wso2.carbon.device.mgt.api/src/main/java/org/wso2/carbon/device/mgt/jaxrs/service/api/DeviceManagementService.java index 621ec26d737..ca9be507a6e 100644 --- a/components/device-mgt/org.wso2.carbon.device.mgt.api/src/main/java/org/wso2/carbon/device/mgt/jaxrs/service/api/DeviceManagementService.java +++ b/components/device-mgt/org.wso2.carbon.device.mgt.api/src/main/java/org/wso2/carbon/device/mgt/jaxrs/service/api/DeviceManagementService.java @@ -29,7 +29,6 @@ import io.swagger.annotations.ApiParam; import io.swagger.annotations.ApiResponse; import io.swagger.annotations.ApiResponses; import io.swagger.annotations.ResponseHeader; -import org.json.JSONObject; import org.wso2.carbon.apimgt.annotations.api.Scope; import org.wso2.carbon.apimgt.annotations.api.Scopes; import org.wso2.carbon.device.mgt.common.Device; diff --git a/components/device-mgt/org.wso2.carbon.device.mgt.api/src/main/java/org/wso2/carbon/device/mgt/jaxrs/service/api/admin/DeviceAccessAuthorizationAdminService.java b/components/device-mgt/org.wso2.carbon.device.mgt.api/src/main/java/org/wso2/carbon/device/mgt/jaxrs/service/api/admin/DeviceAccessAuthorizationAdminService.java index bea9ebedd5d..8a46b9b194f 100644 --- a/components/device-mgt/org.wso2.carbon.device.mgt.api/src/main/java/org/wso2/carbon/device/mgt/jaxrs/service/api/admin/DeviceAccessAuthorizationAdminService.java +++ b/components/device-mgt/org.wso2.carbon.device.mgt.api/src/main/java/org/wso2/carbon/device/mgt/jaxrs/service/api/admin/DeviceAccessAuthorizationAdminService.java @@ -22,9 +22,17 @@ import io.swagger.annotations.Api; import io.swagger.annotations.ApiOperation; import io.swagger.annotations.ApiResponse; import io.swagger.annotations.ApiResponses; +import io.swagger.annotations.Extension; +import io.swagger.annotations.ExtensionProperty; +import io.swagger.annotations.Info; +import io.swagger.annotations.SwaggerDefinition; +import io.swagger.annotations.Tag; +import org.wso2.carbon.apimgt.annotations.api.Scope; +import org.wso2.carbon.apimgt.annotations.api.Scopes; import org.wso2.carbon.device.mgt.common.authorization.DeviceAuthorizationResult; import org.wso2.carbon.device.mgt.jaxrs.beans.AuthorizationRequest; import org.wso2.carbon.device.mgt.jaxrs.beans.ErrorResponse; +import org.wso2.carbon.device.mgt.jaxrs.util.Constants; import javax.ws.rs.Consumes; import javax.ws.rs.POST; @@ -37,6 +45,32 @@ import javax.ws.rs.core.Response; @Api(value = "Device Authorization Administrative Service", description = "This an API intended to be used by " + "'internal' components to log in as an admin user and validate whether the user/device are trusted entity." + "Further, this is strictly restricted to admin users only ") + +@SwaggerDefinition( + info = @Info( + version = "1.0.0", + title = "", + extensions = { + @Extension(properties = { + @ExtensionProperty(name = "name", value = "DeviceAccessAuthorizationAdminService"), + @ExtensionProperty(name = "context", value = "/api/device-mgt/v1.0/admin/authorization"), + }) + } + ), + tags = { + @Tag(name = "device_management", description = "") + } +) +@Scopes( + scopes = { + @Scope( + name = "Verify device authorization", + description = "Verify device authorization", + key = "perm:authorization:verify", + permissions = {"/device-mgt/authorization/verify"} + ) + } +) @Produces(MediaType.APPLICATION_JSON) @Consumes(MediaType.APPLICATION_JSON) /** @@ -52,7 +86,13 @@ public interface DeviceAccessAuthorizationAdminService { value = "Check for device access authorization\n", notes = "This is an internal API that can be used to check for authorization.", response = DeviceAuthorizationResult.class, - tags = "Authorization Administrative Service") + tags = "Authorization Administrative Service", + extensions = { + @Extension(properties = { + @ExtensionProperty(name = Constants.SCOPE, value = "perm:authorization:verify") + }) + }) + @ApiResponses(value = { @ApiResponse( code = 200, diff --git a/components/device-mgt/org.wso2.carbon.device.mgt.ui/src/main/resources/jaggeryapps/devicemgt/app/conf/config.json b/components/device-mgt/org.wso2.carbon.device.mgt.ui/src/main/resources/jaggeryapps/devicemgt/app/conf/config.json index 83671e61bef..b242743a43d 100644 --- a/components/device-mgt/org.wso2.carbon.device.mgt.ui/src/main/resources/jaggeryapps/devicemgt/app/conf/config.json +++ b/components/device-mgt/org.wso2.carbon.device.mgt.ui/src/main/resources/jaggeryapps/devicemgt/app/conf/config.json @@ -1,7 +1,7 @@ { "appContext": "/devicemgt/", - "httpsURL" : "https://localhost:8243", - "httpURL" : "http://localhost:8280", + "httpsURL" : "https://%server.ip%:8243", + "httpURL" : "http://%server.ip%:8280", "wssURL" : "https://localhost:9445", "wsURL" : "%http.ip%", "portalURL": "https://%server.ip%:9445", diff --git a/components/webapp-authenticator-framework/org.wso2.carbon.webapp.authenticator.framework/src/main/java/org/wso2/carbon/webapp/authenticator/framework/Utils/Utils.java b/components/webapp-authenticator-framework/org.wso2.carbon.webapp.authenticator.framework/src/main/java/org/wso2/carbon/webapp/authenticator/framework/Utils/Utils.java index ac0130a39f1..b139fa9e896 100644 --- a/components/webapp-authenticator-framework/org.wso2.carbon.webapp.authenticator.framework/src/main/java/org/wso2/carbon/webapp/authenticator/framework/Utils/Utils.java +++ b/components/webapp-authenticator-framework/org.wso2.carbon.webapp.authenticator.framework/src/main/java/org/wso2/carbon/webapp/authenticator/framework/Utils/Utils.java @@ -35,6 +35,8 @@ import org.wso2.carbon.utils.multitenancy.MultitenantUtils; import org.wso2.carbon.webapp.authenticator.framework.AuthenticationException; import java.util.Properties; +import java.util.regex.Matcher; +import java.util.regex.Pattern; public class Utils { @@ -86,4 +88,18 @@ public class Utils { } } + public static String replaceSystemProperty(String urlWithPlaceholders) { + String regex = "\\$\\{(.*?)\\}"; + Pattern pattern = Pattern.compile(regex); + Matcher matchPattern = pattern.matcher(urlWithPlaceholders); + while (matchPattern.find()) { + String sysPropertyName = matchPattern.group(1); + String sysPropertyValue = System.getProperty(sysPropertyName); + if (sysPropertyValue != null && !sysPropertyName.isEmpty()) { + urlWithPlaceholders = urlWithPlaceholders.replaceAll("\\$\\{(" + sysPropertyName + ")\\}", sysPropertyValue); + } + } + return urlWithPlaceholders; + } + } diff --git a/components/webapp-authenticator-framework/org.wso2.carbon.webapp.authenticator.framework/src/main/java/org/wso2/carbon/webapp/authenticator/framework/authenticator/BSTAuthenticator.java b/components/webapp-authenticator-framework/org.wso2.carbon.webapp.authenticator.framework/src/main/java/org/wso2/carbon/webapp/authenticator/framework/authenticator/BSTAuthenticator.java index 51e92a139bc..ceb78d8a344 100644 --- a/components/webapp-authenticator-framework/org.wso2.carbon.webapp.authenticator.framework/src/main/java/org/wso2/carbon/webapp/authenticator/framework/authenticator/BSTAuthenticator.java +++ b/components/webapp-authenticator-framework/org.wso2.carbon.webapp.authenticator.framework/src/main/java/org/wso2/carbon/webapp/authenticator/framework/authenticator/BSTAuthenticator.java @@ -66,7 +66,7 @@ public class BSTAuthenticator implements WebappAuthenticator { "are not provided"); } - String url = this.properties.getProperty("TokenValidationEndpointUrl"); + String url = Utils.replaceSystemProperty(this.properties.getProperty("TokenValidationEndpointUrl")); if ((url == null) || (url.isEmpty())) { throw new IllegalArgumentException("OAuth token validation endpoint url is not provided"); } diff --git a/components/webapp-authenticator-framework/org.wso2.carbon.webapp.authenticator.framework/src/main/java/org/wso2/carbon/webapp/authenticator/framework/authenticator/OAuthAuthenticator.java b/components/webapp-authenticator-framework/org.wso2.carbon.webapp.authenticator.framework/src/main/java/org/wso2/carbon/webapp/authenticator/framework/authenticator/OAuthAuthenticator.java index 797a4f5afd0..0033e54dd86 100644 --- a/components/webapp-authenticator-framework/org.wso2.carbon.webapp.authenticator.framework/src/main/java/org/wso2/carbon/webapp/authenticator/framework/authenticator/OAuthAuthenticator.java +++ b/components/webapp-authenticator-framework/org.wso2.carbon.webapp.authenticator.framework/src/main/java/org/wso2/carbon/webapp/authenticator/framework/authenticator/OAuthAuthenticator.java @@ -55,7 +55,7 @@ public class OAuthAuthenticator implements WebappAuthenticator { "are not provided"); } - String url = this.properties.getProperty("TokenValidationEndpointUrl"); + String url = Utils.replaceSystemProperty(this.properties.getProperty("TokenValidationEndpointUrl")); if ((url == null) || (url.isEmpty())) { throw new IllegalArgumentException("OAuth token validation endpoint url is not provided"); } diff --git a/features/apimgt-extensions/org.wso2.carbon.apimgt.webapp.publisher.feature/src/main/resources/conf/webapp-publisher-config.xml b/features/apimgt-extensions/org.wso2.carbon.apimgt.webapp.publisher.feature/src/main/resources/conf/webapp-publisher-config.xml index 214e5aa38d7..067a6af7f8e 100644 --- a/features/apimgt-extensions/org.wso2.carbon.apimgt.webapp.publisher.feature/src/main/resources/conf/webapp-publisher-config.xml +++ b/features/apimgt-extensions/org.wso2.carbon.apimgt.webapp.publisher.feature/src/main/resources/conf/webapp-publisher-config.xml @@ -24,7 +24,7 @@ - https://localhost:${carbon.https.port} + https://${iot.core.host}:${iot.core.https.port} true diff --git a/features/webapp-authenticator-framework/org.wso2.carbon.webapp.authenticator.framework.server.feature/src/main/resources/conf/webapp-authenticator-config.xml b/features/webapp-authenticator-framework/org.wso2.carbon.webapp.authenticator.framework.server.feature/src/main/resources/conf/webapp-authenticator-config.xml index 8725f4a99ae..b3a4f47c175 100644 --- a/features/webapp-authenticator-framework/org.wso2.carbon.webapp.authenticator.framework.server.feature/src/main/resources/conf/webapp-authenticator-config.xml +++ b/features/webapp-authenticator-framework/org.wso2.carbon.webapp.authenticator.framework.server.feature/src/main/resources/conf/webapp-authenticator-config.xml @@ -5,7 +5,7 @@ org.wso2.carbon.webapp.authenticator.framework.authenticator.OAuthAuthenticator false - https://localhost:9443 + https://${iot.keymanager.host}:${iot.keymanager.https.port} admin admin 100 @@ -23,6 +23,7 @@ wso2carbon wso2carbon + wso2carbon @@ -34,7 +35,7 @@ org.wso2.carbon.webapp.authenticator.framework.authenticator.BSTAuthenticator false - https://localhost:9443 + https://${iot.keymanager.host}:${iot.keymanager.https.port} admin admin 100 From cdd144237f58a2c00c3ced8ceac4a9c9007ac3af Mon Sep 17 00:00:00 2001 From: ayyoob Date: Thu, 12 Jan 2017 19:09:01 +0530 Subject: [PATCH 3/5] removed unused parameter --- .../src/main/webapp/WEB-INF/web.xml | 4 ---- .../src/main/webapp/WEB-INF/web.xml | 5 ----- .../src/main/webapp/WEB-INF/web.xml | 5 ----- .../src/main/webapp/WEB-INF/web.xml | 20 ------------------- .../framework/WebappAuthenticationValve.java | 7 +------ 5 files changed, 1 insertion(+), 40 deletions(-) diff --git a/components/apimgt-extensions/org.wso2.carbon.apimgt.application.extension.api/src/main/webapp/WEB-INF/web.xml b/components/apimgt-extensions/org.wso2.carbon.apimgt.application.extension.api/src/main/webapp/WEB-INF/web.xml index e771ee6c090..9850eb5da5f 100644 --- a/components/apimgt-extensions/org.wso2.carbon.apimgt.application.extension.api/src/main/webapp/WEB-INF/web.xml +++ b/components/apimgt-extensions/org.wso2.carbon.apimgt.application.extension.api/src/main/webapp/WEB-INF/web.xml @@ -35,10 +35,6 @@ CXFServlet /* - - isAdminService - false - doAuthentication true diff --git a/components/certificate-mgt/org.wso2.carbon.certificate.mgt.api/src/main/webapp/WEB-INF/web.xml b/components/certificate-mgt/org.wso2.carbon.certificate.mgt.api/src/main/webapp/WEB-INF/web.xml index 93933546b51..62a814568e1 100644 --- a/components/certificate-mgt/org.wso2.carbon.certificate.mgt.api/src/main/webapp/WEB-INF/web.xml +++ b/components/certificate-mgt/org.wso2.carbon.certificate.mgt.api/src/main/webapp/WEB-INF/web.xml @@ -33,11 +33,6 @@ 60 - - - isAdminService - false - doAuthentication true diff --git a/components/certificate-mgt/org.wso2.carbon.certificate.mgt.cert.admin.api/src/main/webapp/WEB-INF/web.xml b/components/certificate-mgt/org.wso2.carbon.certificate.mgt.cert.admin.api/src/main/webapp/WEB-INF/web.xml index 0efd4bc25a8..72020e147e4 100644 --- a/components/certificate-mgt/org.wso2.carbon.certificate.mgt.cert.admin.api/src/main/webapp/WEB-INF/web.xml +++ b/components/certificate-mgt/org.wso2.carbon.certificate.mgt.cert.admin.api/src/main/webapp/WEB-INF/web.xml @@ -38,11 +38,6 @@ 60 - - - isAdminService - false - doAuthentication true diff --git a/components/device-mgt/org.wso2.carbon.device.mgt.api/src/main/webapp/WEB-INF/web.xml b/components/device-mgt/org.wso2.carbon.device.mgt.api/src/main/webapp/WEB-INF/web.xml index 1f3c59562b8..dc7eda629b9 100644 --- a/components/device-mgt/org.wso2.carbon.device.mgt.api/src/main/webapp/WEB-INF/web.xml +++ b/components/device-mgt/org.wso2.carbon.device.mgt.api/src/main/webapp/WEB-INF/web.xml @@ -40,30 +40,10 @@ 60 - - isAdminService - false - doAuthentication true - diff --git a/components/webapp-authenticator-framework/org.wso2.carbon.webapp.authenticator.framework/src/main/java/org/wso2/carbon/webapp/authenticator/framework/WebappAuthenticationValve.java b/components/webapp-authenticator-framework/org.wso2.carbon.webapp.authenticator.framework/src/main/java/org/wso2/carbon/webapp/authenticator/framework/WebappAuthenticationValve.java index 36d1da87cbf..5a357a3ab52 100644 --- a/components/webapp-authenticator-framework/org.wso2.carbon.webapp.authenticator.framework/src/main/java/org/wso2/carbon/webapp/authenticator/framework/WebappAuthenticationValve.java +++ b/components/webapp-authenticator-framework/org.wso2.carbon.webapp.authenticator.framework/src/main/java/org/wso2/carbon/webapp/authenticator/framework/WebappAuthenticationValve.java @@ -41,7 +41,7 @@ public class WebappAuthenticationValve extends CarbonTomcatValve { @Override public void invoke(Request request, Response response, CompositeValve compositeValve) { - if (this.isContextSkipped(request) || (!this.isAdminService(request) && this.skipAuthentication(request))) { + if (this.isContextSkipped(request) || this.skipAuthentication(request)) { this.getNext().invoke(request, response, compositeValve); return; } @@ -74,11 +74,6 @@ public class WebappAuthenticationValve extends CarbonTomcatValve { } } - private boolean isAdminService(Request request) { - String param = request.getContext().findParameter("isAdminService"); - return (param != null && Boolean.parseBoolean(param)); - } - private boolean skipAuthentication(Request request) { String param = request.getContext().findParameter("doAuthentication"); return (param == null || !Boolean.parseBoolean(param) || isNonSecuredEndPoint(request)); From 5b3a8091ecae8e2525cfb21561461f6c7dc1c8c5 Mon Sep 17 00:00:00 2001 From: ayyoob Date: Thu, 12 Jan 2017 23:18:54 +0530 Subject: [PATCH 4/5] fixed Null pointer exception --- .../lifecycle/util/AnnotationProcessor.java | 6 +++++- .../config/permission/AnnotationProcessor.java | 15 +++++++++++---- 2 files changed, 16 insertions(+), 5 deletions(-) diff --git a/components/apimgt-extensions/org.wso2.carbon.apimgt.webapp.publisher/src/main/java/org/wso2/carbon/apimgt/webapp/publisher/lifecycle/util/AnnotationProcessor.java b/components/apimgt-extensions/org.wso2.carbon.apimgt.webapp.publisher/src/main/java/org/wso2/carbon/apimgt/webapp/publisher/lifecycle/util/AnnotationProcessor.java index 0e7aa9cb0ea..2c2f21f19c8 100644 --- a/components/apimgt-extensions/org.wso2.carbon.apimgt.webapp.publisher/src/main/java/org/wso2/carbon/apimgt/webapp/publisher/lifecycle/util/AnnotationProcessor.java +++ b/components/apimgt-extensions/org.wso2.carbon.apimgt.webapp.publisher/src/main/java/org/wso2/carbon/apimgt/webapp/publisher/lifecycle/util/AnnotationProcessor.java @@ -74,6 +74,7 @@ public class AnnotationProcessor { private static final String SWAGGER_ANNOTATIONS_PROPERTIES_VALUE = "value"; private static final String ANNOTATIONS_SCOPES = "scopes"; private static final String ANNOTATIONS_SCOPE = "scope"; + private static final String DEFAULT_SCOPE_NAME = "default admin scope"; private static final String DEFAULT_SCOPE_KEY = "perm:admin"; private static final String DEFAULT_SCOPE_PERMISSION = "/permision/device-mgt"; @@ -280,8 +281,11 @@ public class AnnotationProcessor { if (scope != null) { resource.setScope(scope); } else { - log.error("Scope is not defined for '" + makeContextURLReady(resourceRootContext) + + log.warn("Scope is not defined for '" + makeContextURLReady(resourceRootContext) + makeContextURLReady(subCtx) + "' endpoint, hence assigning the default scope"); + scope = new Scope(); + scope.setName(DEFAULT_SCOPE_NAME); + scope.setDescription(DEFAULT_SCOPE_NAME); scope.setKey(DEFAULT_SCOPE_KEY); scope.setRoles(DEFAULT_SCOPE_PERMISSION); resource.setScope(scope); diff --git a/components/device-mgt/org.wso2.carbon.device.mgt.core/src/main/java/org/wso2/carbon/device/mgt/core/config/permission/AnnotationProcessor.java b/components/device-mgt/org.wso2.carbon.device.mgt.core/src/main/java/org/wso2/carbon/device/mgt/core/config/permission/AnnotationProcessor.java index ec4c9442439..1fae1c525e1 100644 --- a/components/device-mgt/org.wso2.carbon.device.mgt.core/src/main/java/org/wso2/carbon/device/mgt/core/config/permission/AnnotationProcessor.java +++ b/components/device-mgt/org.wso2.carbon.device.mgt.core/src/main/java/org/wso2/carbon/device/mgt/core/config/permission/AnnotationProcessor.java @@ -71,7 +71,8 @@ public class AnnotationProcessor { private static final String SWAGGER_ANNOTATIONS_PROPERTIES_PERMISSIONS = "permissions"; private static final String ANNOTATIONS_SCOPES = "scopes"; private static final String ANNOTATIONS_SCOPE = "scope"; - + private static final String DEFAULT_PERM_NAME = "default"; + private static final String DEFAULT_PERM = "/device-mgt"; private static final String PERMISSION_PREFIX = "/permission/admin"; private StandardContext context; @@ -392,9 +393,15 @@ public class AnnotationProcessor { .getMethod(SWAGGER_ANNOTATIONS_PROPERTIES_VALUE, null), null); if (!scopeKey.isEmpty()) { scope = apiScopes.get(scopeKey); - permission.setName(scope.getName()); - //TODO: currently permission tree supports only adding one permission per API point. - permission.setPath(scope.getRoles().split(" ")[0]); + if (scope != null) { + permission.setName(scope.getName()); + //TODO: currently permission tree supports only adding one permission per API point. + permission.setPath(scope.getRoles().split(" ")[0]); + } else { + log.warn("No Scope mapping is done for scope key: " + scopeKey); + permission.setName(DEFAULT_PERM_NAME); + permission.setPath(DEFAULT_PERM); + } } } } From 44d09e09ea51941aa194cb5655698161bf950ecf Mon Sep 17 00:00:00 2001 From: ayyoob Date: Fri, 13 Jan 2017 04:49:17 +0530 Subject: [PATCH 5/5] few changes after testing the gateway --- .../mgt/core/config/permission/AnnotationProcessor.java | 7 ++++++- 1 file changed, 6 insertions(+), 1 deletion(-) diff --git a/components/device-mgt/org.wso2.carbon.device.mgt.core/src/main/java/org/wso2/carbon/device/mgt/core/config/permission/AnnotationProcessor.java b/components/device-mgt/org.wso2.carbon.device.mgt.core/src/main/java/org/wso2/carbon/device/mgt/core/config/permission/AnnotationProcessor.java index 1fae1c525e1..52c59d753fd 100644 --- a/components/device-mgt/org.wso2.carbon.device.mgt.core/src/main/java/org/wso2/carbon/device/mgt/core/config/permission/AnnotationProcessor.java +++ b/components/device-mgt/org.wso2.carbon.device.mgt.core/src/main/java/org/wso2/carbon/device/mgt/core/config/permission/AnnotationProcessor.java @@ -253,7 +253,12 @@ public class AnnotationProcessor { this.setPermission(annotations[i], permission); } } - permissions.add(permission); + if (permission.getName() == null || permission.getPath() == null) { + log.warn("Permission not assigned to the resource url - " + permission.getMethod() + ":" + + permission.getUrl()); + } else { + permissions.add(permission); + } } } return permissions;