diff --git a/components/apimgt-extensions/org.wso2.carbon.apimgt.application.extension.api/pom.xml b/components/apimgt-extensions/org.wso2.carbon.apimgt.application.extension.api/pom.xml
index 5e7794b9523..8d3f9af30b7 100644
--- a/components/apimgt-extensions/org.wso2.carbon.apimgt.application.extension.api/pom.xml
+++ b/components/apimgt-extensions/org.wso2.carbon.apimgt.application.extension.api/pom.xml
@@ -161,6 +161,10 @@
org.wso2.carbon.user.api
provided
+
+ org.wso2.carbon.devicemgt
+ org.wso2.carbon.apimgt.annotations
+
diff --git a/components/apimgt-extensions/org.wso2.carbon.apimgt.application.extension.api/src/main/java/org/wso2/carbon/apimgt/application/extension/api/ApiApplicationRegistrationService.java b/components/apimgt-extensions/org.wso2.carbon.apimgt.application.extension.api/src/main/java/org/wso2/carbon/apimgt/application/extension/api/ApiApplicationRegistrationService.java
index 8a81a8a5ec6..8e2843cdc39 100644
--- a/components/apimgt-extensions/org.wso2.carbon.apimgt.application.extension.api/src/main/java/org/wso2/carbon/apimgt/application/extension/api/ApiApplicationRegistrationService.java
+++ b/components/apimgt-extensions/org.wso2.carbon.apimgt.application.extension.api/src/main/java/org/wso2/carbon/apimgt/application/extension/api/ApiApplicationRegistrationService.java
@@ -18,20 +18,19 @@
package org.wso2.carbon.apimgt.application.extension.api;
+import org.wso2.carbon.apimgt.annotations.api.API;
import org.wso2.carbon.apimgt.application.extension.api.util.RegistrationProfile;
-import javax.ws.rs.Consumes;
-import javax.ws.rs.DELETE;
-import javax.ws.rs.POST;
-import javax.ws.rs.PathParam;
-import javax.ws.rs.Produces;
-import javax.ws.rs.QueryParam;
+import javax.ws.rs.*;
import javax.ws.rs.core.MediaType;
import javax.ws.rs.core.Response;
/**
* This is the application registration service that exposed for apimApplicationRegistration
*/
+@API(name = "API Registration Service", version = "1.0.0",
+ context = "api-application-registration",
+ tags = {"devicemgt_admin"})
public interface ApiApplicationRegistrationService {
/**
@@ -40,6 +39,7 @@ public interface ApiApplicationRegistrationService {
@POST
@Produces(MediaType.APPLICATION_JSON)
@Consumes(MediaType.APPLICATION_JSON)
+ @Path("register/tenants")
Response register(@PathParam("tenantDomain") String tenantDomain,
@QueryParam("applicationName") String applicationName);
@@ -51,6 +51,7 @@ public interface ApiApplicationRegistrationService {
@POST
@Produces(MediaType.APPLICATION_JSON)
@Consumes(MediaType.APPLICATION_JSON)
+ @Path("register")
Response register(RegistrationProfile registrationProfile);
/**
@@ -59,5 +60,6 @@ public interface ApiApplicationRegistrationService {
* @return the response status of request.
*/
@DELETE
+ @Path("unregister")
Response unregister(@QueryParam("applicationName") String applicationName);
}
diff --git a/components/apimgt-extensions/org.wso2.carbon.apimgt.application.extension.api/src/main/webapp/WEB-INF/web.xml b/components/apimgt-extensions/org.wso2.carbon.apimgt.application.extension.api/src/main/webapp/WEB-INF/web.xml
index 549bf4c1bd4..e771ee6c090 100644
--- a/components/apimgt-extensions/org.wso2.carbon.apimgt.application.extension.api/src/main/webapp/WEB-INF/web.xml
+++ b/components/apimgt-extensions/org.wso2.carbon.apimgt.application.extension.api/src/main/webapp/WEB-INF/web.xml
@@ -47,7 +47,11 @@
managed-api-enabled
- false
+ true
+
+
+ managed-api-owner
+ admin
diff --git a/components/device-mgt/org.wso2.carbon.device.mgt.ui/src/main/resources/jaggeryapps/devicemgt/app/conf/config.json b/components/device-mgt/org.wso2.carbon.device.mgt.ui/src/main/resources/jaggeryapps/devicemgt/app/conf/config.json
index ad95aa01d65..cf19f5ec5b1 100644
--- a/components/device-mgt/org.wso2.carbon.device.mgt.ui/src/main/resources/jaggeryapps/devicemgt/app/conf/config.json
+++ b/components/device-mgt/org.wso2.carbon.device.mgt.ui/src/main/resources/jaggeryapps/devicemgt/app/conf/config.json
@@ -70,17 +70,53 @@
"copyrightSuffix" : " All Rights Reserved."
},
"scopes" : [
- "license-add", "license-view", "device-view",
- "device-info", "device-list", "device-view-own", "device-modify", "device-search",
- "operation-install", "operation-view", "operation-modify", "operation-uninstall",
- "group-add", "group-share", "group-modify", "group-view", "group-remove",
- "certificate-modify", "certificate-view",
- "configuration-view", "configuration-modify",
- "policy-view", "policy-modify",
- "device-notification-view", "device-notification-modify",
- "feature-view",
- "roles-view", "roles-modify", "roles-remove", "roles-add",
- "user-password-reset", "user-password-modify", "user-modify", "user-view", "user-invite", "user-remove", "user-add"
+ "user:manage",
+ "user:view",
+ "device-type:admin:view",
+ "device:view",
+ "notification:view",
+ "device:admin:view",
+ "application:manage",
+ "activity:view",
+ "user:admin:reset-password",
+ "policy:manage",
+ "policy:view",
+ "role:manage",
+ "role:view",
+ "configuration:view",
+ "configuration:modify",
+ "device:android:operation:reboot",
+ "device:android:operation:camera",
+ "device:android:operation:vpn",
+ "device:android:operation:lock",
+ "device:android:operation:ring",
+ "device:android:operation:update-app",
+ "device:android:operation:wipe",
+ "device:android:operation:encrypt",
+ "device:android:operation:blacklist-app",
+ "device:android:operation:applications",
+ "device:android:operation:enterprise-wipe",
+ "device:android:operation:info",
+ "device:android:operation:wifi",
+ "device:android:operation:uninstall-app",
+ "device:android:operation:change-lock",
+ "device:android:operation:notification",
+ "device:android:operation:upgrade",
+ "device:android:operation:unlock",
+ "device:android:operation:mute",
+ "device:android:operation:location",
+ "device:android:operation:webclip",
+ "device:android:operation:clear-password",
+ "device:android:operation:password-policy",
+ "device:android:operation:install-app",
+ "device:android:event:write",
+ "device:android:event:read",
+ "device:android:enroll",
+ "configuration:manage",
+ "configuration:view",
+ "device:android:enroll",
+ "certificate:view",
+ "certificate:manage"
],
"isOAuthEnabled" : true,
"backendRestEndpoints" : {
diff --git a/components/device-mgt/org.wso2.carbon.device.mgt.ui/src/main/resources/jaggeryapps/devicemgt/app/modules/constants.js b/components/device-mgt/org.wso2.carbon.device.mgt.ui/src/main/resources/jaggeryapps/devicemgt/app/modules/constants.js
index f1ebedd948a..38a30750641 100644
--- a/components/device-mgt/org.wso2.carbon.device.mgt.ui/src/main/resources/jaggeryapps/devicemgt/app/modules/constants.js
+++ b/components/device-mgt/org.wso2.carbon.device.mgt.ui/src/main/resources/jaggeryapps/devicemgt/app/modules/constants.js
@@ -83,3 +83,4 @@ var HTTP_CONFLICT = 409;
var HTTP_CREATED = 201;
var CACHED_CREDENTIALS = "tenantBasedCredentials";
+var ALLOWED_SCOPES = "scopes";
diff --git a/components/device-mgt/org.wso2.carbon.device.mgt.ui/src/main/resources/jaggeryapps/devicemgt/app/modules/oauth/token-handler-utils.js b/components/device-mgt/org.wso2.carbon.device.mgt.ui/src/main/resources/jaggeryapps/devicemgt/app/modules/oauth/token-handler-utils.js
index 180438518f7..ba7827173bb 100644
--- a/components/device-mgt/org.wso2.carbon.device.mgt.ui/src/main/resources/jaggeryapps/devicemgt/app/modules/oauth/token-handler-utils.js
+++ b/components/device-mgt/org.wso2.carbon.device.mgt.ui/src/main/resources/jaggeryapps/devicemgt/app/modules/oauth/token-handler-utils.js
@@ -172,10 +172,11 @@ var utils = function () {
if (xhr["status"] == 200 && xhr["responseText"]) {
var responsePayload = parse(xhr["responseText"]);
- var tokenPair = {};
- tokenPair["accessToken"] = responsePayload["access_token"];
- tokenPair["refreshToken"] = responsePayload["refresh_token"];
- return tokenPair;
+ var tokenData = {};
+ tokenData["accessToken"] = responsePayload["access_token"];
+ tokenData["refreshToken"] = responsePayload["refresh_token"];
+ tokenData["scopes"] = responsePayload["scope"];
+ return tokenData;
} else {
log.error("{/app/modules/oauth/token-handler-utils.js} Error in retrieving access token " +
"by password grant type - getTokenPairByPasswordGrantType(a, b, c, d)");
@@ -224,10 +225,11 @@ var utils = function () {
if (xhr["status"] == 200 && xhr["responseText"]) {
var responsePayload = parse(xhr["responseText"]);
- var tokenPair = {};
- tokenPair["accessToken"] = responsePayload["access_token"];
- tokenPair["refreshToken"] = responsePayload["refresh_token"];
- return tokenPair;
+ var tokenData = {};
+ tokenData["accessToken"] = responsePayload["access_token"];
+ tokenData["refreshToken"] = responsePayload["refresh_token"];
+ tokenData["scopes"] = responsePayload["scope"];
+ return tokenData;
} else {
log.error("{/app/modules/oauth/token-handler-utils.js} Error in retrieving access token " +
"by password grant type - getTokenPairBySAMLGrantType(x, y, z)");
diff --git a/components/device-mgt/org.wso2.carbon.device.mgt.ui/src/main/resources/jaggeryapps/devicemgt/app/modules/oauth/token-handlers.js b/components/device-mgt/org.wso2.carbon.device.mgt.ui/src/main/resources/jaggeryapps/devicemgt/app/modules/oauth/token-handlers.js
index af8a7e66741..fc1016eb851 100644
--- a/components/device-mgt/org.wso2.carbon.device.mgt.ui/src/main/resources/jaggeryapps/devicemgt/app/modules/oauth/token-handlers.js
+++ b/components/device-mgt/org.wso2.carbon.device.mgt.ui/src/main/resources/jaggeryapps/devicemgt/app/modules/oauth/token-handlers.js
@@ -45,23 +45,30 @@ var handlers = function () {
"password grant type. Encoded client credentials are " +
"missing - setupTokenPairByPasswordGrantType(x, y)");
} else {
- var tokenPair;
+ var tokenData;
// tokenPair will include current access token as well as current refresh token
var arrayOfScopes = devicemgtProps["scopes"];
var stringOfScopes = "";
arrayOfScopes.forEach(function (entry) {
stringOfScopes += entry + " ";
});
- tokenPair = tokenUtil.
+ tokenData = tokenUtil.
getTokenPairByPasswordGrantType(username,
encodeURIComponent(password), encodedClientAppCredentials, stringOfScopes);
- if (!tokenPair) {
+ if (!tokenData) {
throw new Error("{/app/modules/oauth/token-handlers.js} Could not set up " +
"token pair by password grant type. Error in token " +
"retrieval - setupTokenPairByPasswordGrantType(x, y)");
} else {
- // setting up access token pair into session context as a string
+ var tokenPair = {};
+ tokenPair["accessToken"] = tokenData["accessToken"];
+ tokenPair["refreshToken"] = tokenData["refreshToken"];
+ // setting up token pair into session context as a string
session.put(constants["TOKEN_PAIR"], stringify(tokenPair));
+
+ var scopes = tokenData.scopes.split(" ");
+ // adding allowed scopes to the session
+ session.put(constants["ALLOWED_SCOPES"], scopes);
}
}
}
@@ -80,17 +87,24 @@ var handlers = function () {
"by saml grant type. Encoded client credentials are " +
"missing - setupTokenPairByPasswordGrantType(x, y)");
} else {
- var tokenPair;
+ var tokenData;
// accessTokenPair will include current access token as well as current refresh token
- tokenPair = tokenUtil.
+ tokenData = tokenUtil.
getTokenPairBySAMLGrantType(samlToken, encodedClientAppCredentials, "PRODUCTION");
- if (!tokenPair) {
+ if (!tokenData) {
throw new Error("{/app/modules/oauth/token-handlers.js} Could not set up token " +
"pair by password grant type. Error in token " +
"retrieval - setupTokenPairByPasswordGrantType(x, y)");
} else {
+ var tokenPair = {};
+ tokenPair["accessToken"] = tokenData["accessToken"];
+ tokenPair["refreshToken"] = tokenData["refreshToken"];
// setting up access token pair into session context as a string
session.put(constants["TOKEN_PAIR"], stringify(tokenPair));
+
+ var scopes = tokenData.scopes.split(" ");
+ // adding allowed scopes to the session
+ session.put(constants["ALLOWED_SCOPES"], scopes);
}
}
}
diff --git a/components/webapp-authenticator-framework/org.wso2.carbon.webapp.authenticator.framework/src/main/java/org/wso2/carbon/webapp/authenticator/framework/authenticator/OAuthAuthenticator.java b/components/webapp-authenticator-framework/org.wso2.carbon.webapp.authenticator.framework/src/main/java/org/wso2/carbon/webapp/authenticator/framework/authenticator/OAuthAuthenticator.java
index abb0178cc64..f6169eace91 100644
--- a/components/webapp-authenticator-framework/org.wso2.carbon.webapp.authenticator.framework/src/main/java/org/wso2/carbon/webapp/authenticator/framework/authenticator/OAuthAuthenticator.java
+++ b/components/webapp-authenticator-framework/org.wso2.carbon.webapp.authenticator.framework/src/main/java/org/wso2/carbon/webapp/authenticator/framework/authenticator/OAuthAuthenticator.java
@@ -129,7 +129,7 @@ public class OAuthAuthenticator implements WebappAuthenticator {
if (resource == null || resource.isEmpty()) {
authenticationInfo.setStatus(Status.FAILURE);
- authenticationInfo.setMessage("Requested resource does not exist");
+ authenticationInfo.setMessage("Authorization failed. Requested API resource does not exist");
return authenticationInfo;
}