From 23bb023686889974c89597e45eace2513e4d9e51 Mon Sep 17 00:00:00 2001 From: milanperera Date: Thu, 3 Sep 2015 12:07:55 +0530 Subject: [PATCH 1/9] Partial Commit for Permission Authorizer module --- .../pom.xml | 4 ++ .../authenticator/framework/Constants.java | 22 +++++++ .../WebappAuthenticatorFrameworkValve.java | 6 +- .../authorizer/PermissionAuthorizerUtil.java | 59 +++++++++++++++++++ ...AuthenticatorFrameworkBundleActivator.java | 11 ++++ .../src/main/resources/p2.inf | 3 +- 6 files changed, 102 insertions(+), 3 deletions(-) create mode 100644 components/webapp-authenticator-framework/org.wso2.carbon.webapp.authenticator.framework/src/main/java/org/wso2/carbon/webapp/authenticator/framework/authorizer/PermissionAuthorizerUtil.java diff --git a/components/webapp-authenticator-framework/org.wso2.carbon.webapp.authenticator.framework/pom.xml b/components/webapp-authenticator-framework/org.wso2.carbon.webapp.authenticator.framework/pom.xml index ebf27bf99ff..21b0e5e96f9 100644 --- a/components/webapp-authenticator-framework/org.wso2.carbon.webapp.authenticator.framework/pom.xml +++ b/components/webapp-authenticator-framework/org.wso2.carbon.webapp.authenticator.framework/pom.xml @@ -103,6 +103,10 @@ org.wso2.carbon org.wso2.carbon.core.services + + org.wso2.carbon + org.wso2.carbon.registry.api + diff --git a/components/webapp-authenticator-framework/org.wso2.carbon.webapp.authenticator.framework/src/main/java/org/wso2/carbon/webapp/authenticator/framework/Constants.java b/components/webapp-authenticator-framework/org.wso2.carbon.webapp.authenticator.framework/src/main/java/org/wso2/carbon/webapp/authenticator/framework/Constants.java index a046c5280b1..dc467e1c245 100644 --- a/components/webapp-authenticator-framework/org.wso2.carbon.webapp.authenticator.framework/src/main/java/org/wso2/carbon/webapp/authenticator/framework/Constants.java +++ b/components/webapp-authenticator-framework/org.wso2.carbon.webapp.authenticator.framework/src/main/java/org/wso2/carbon/webapp/authenticator/framework/Constants.java @@ -21,6 +21,7 @@ public final class Constants { public static final String AUTHORIZATION_HEADER_PREFIX_BEARER = "Bearer"; public static final String NO_MATCHING_AUTH_SCHEME = "noMatchedAuthScheme"; + public static final String PERMISSION_PATH = "/_system/governance/permission/admin/device-mgt/"; public static final class HTTPHeaders { private HTTPHeaders() { @@ -40,4 +41,25 @@ public final class Constants { public static final String CONTENT_TYPE_APPLICATION_XML = "application/xml"; } + public static final class HttpVerb { + private HttpVerb() { + throw new AssertionError(); + } + + public static final String GET = "GET"; + public static final String POST = "POST"; + public static final String DELETE = "DELETE"; + public static final String PUT = "PUT"; + } + + public static final class PermissionMethod { + private PermissionMethod() { + throw new AssertionError(); + } + + public static final String READ = "read"; + public static final String WRITE = "write"; + public static final String DELETE = "delete"; + public static final String ACTION = "action"; + } } diff --git a/components/webapp-authenticator-framework/org.wso2.carbon.webapp.authenticator.framework/src/main/java/org/wso2/carbon/webapp/authenticator/framework/WebappAuthenticatorFrameworkValve.java b/components/webapp-authenticator-framework/org.wso2.carbon.webapp.authenticator.framework/src/main/java/org/wso2/carbon/webapp/authenticator/framework/WebappAuthenticatorFrameworkValve.java index d27116b8fea..a26ffa5a559 100644 --- a/components/webapp-authenticator-framework/org.wso2.carbon.webapp.authenticator.framework/src/main/java/org/wso2/carbon/webapp/authenticator/framework/WebappAuthenticatorFrameworkValve.java +++ b/components/webapp-authenticator-framework/org.wso2.carbon.webapp.authenticator.framework/src/main/java/org/wso2/carbon/webapp/authenticator/framework/WebappAuthenticatorFrameworkValve.java @@ -26,6 +26,9 @@ import org.wso2.carbon.tomcat.ext.valves.CarbonTomcatValve; import org.wso2.carbon.tomcat.ext.valves.CompositeValve; import javax.servlet.http.HttpServletResponse; +import java.util.ArrayList; +import java.util.List; +import java.util.Properties; public class WebappAuthenticatorFrameworkValve extends CarbonTomcatValve { @@ -34,8 +37,7 @@ public class WebappAuthenticatorFrameworkValve extends CarbonTomcatValve { @Override public void invoke(Request request, Response response, CompositeValve compositeValve) { - String authScheme = - request.getContext().findParameter(WebappAuthenticatorFrameworkValve.AUTHENTICATION_SCHEME); + String authScheme = request.getAuthType(); if (authScheme == null || "".equals(authScheme)) { this.getNext().invoke(request, response, compositeValve); return; diff --git a/components/webapp-authenticator-framework/org.wso2.carbon.webapp.authenticator.framework/src/main/java/org/wso2/carbon/webapp/authenticator/framework/authorizer/PermissionAuthorizerUtil.java b/components/webapp-authenticator-framework/org.wso2.carbon.webapp.authenticator.framework/src/main/java/org/wso2/carbon/webapp/authenticator/framework/authorizer/PermissionAuthorizerUtil.java new file mode 100644 index 00000000000..416f96db498 --- /dev/null +++ b/components/webapp-authenticator-framework/org.wso2.carbon.webapp.authenticator.framework/src/main/java/org/wso2/carbon/webapp/authenticator/framework/authorizer/PermissionAuthorizerUtil.java @@ -0,0 +1,59 @@ +/* + * Copyright (c) 2015, WSO2 Inc. (http://www.wso2.org) All Rights Reserved. + * + * WSO2 Inc. licenses this file to you under the Apache License, + * Version 2.0 (the "License"); you may not use this file except + * in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, + * software distributed under the License is distributed on an + * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY + * KIND, either express or implied. See the License for the + * specific language governing permissions and limitations + * under the License. + */ + +package org.wso2.carbon.webapp.authenticator.framework.authorizer; + +import org.apache.commons.logging.Log; +import org.apache.commons.logging.LogFactory; +import org.wso2.carbon.context.CarbonContext; +import org.wso2.carbon.context.RegistryType; +import org.wso2.carbon.registry.api.Collection; +import org.wso2.carbon.registry.api.Registry; +import org.wso2.carbon.registry.api.RegistryException; +import org.wso2.carbon.webapp.authenticator.framework.authorizer.config.Permission; + +public class PermissionAuthorizerUtil { + + private static Registry registry = CarbonContext.getThreadLocalCarbonContext(). + getRegistry(RegistryType.SYSTEM_GOVERNANCE); + + private static final String PROPERTY_NAME = "name"; + private static final String PATH_PERMISSION = "/permission"; + private static final Log log = LogFactory.getLog(PermissionAuthorizerUtil.class); + + public static void addPermission(Permission permission) { + + if (registry == null) { + throw new IllegalArgumentException("Registry instance retrieved is null"); + } + + if (permission == null) { + throw new IllegalArgumentException("Permission argument is null"); + } + try { + Collection collection = registry.newCollection(); + collection.setProperty(PROPERTY_NAME, permission.getName()); + registry.put(PATH_PERMISSION + permission.getPath(), collection); + + } catch (RegistryException e) { + String errorMsg = "Error occured while adding permission '" + permission.getName() + + "' to registry. "; + log.error(errorMsg + e.getMessage()); + } + } +} diff --git a/components/webapp-authenticator-framework/org.wso2.carbon.webapp.authenticator.framework/src/main/java/org/wso2/carbon/webapp/authenticator/framework/internal/WebappAuthenticatorFrameworkBundleActivator.java b/components/webapp-authenticator-framework/org.wso2.carbon.webapp.authenticator.framework/src/main/java/org/wso2/carbon/webapp/authenticator/framework/internal/WebappAuthenticatorFrameworkBundleActivator.java index cb3ab4ac837..47bee21e7b5 100644 --- a/components/webapp-authenticator-framework/org.wso2.carbon.webapp.authenticator.framework/src/main/java/org/wso2/carbon/webapp/authenticator/framework/internal/WebappAuthenticatorFrameworkBundleActivator.java +++ b/components/webapp-authenticator-framework/org.wso2.carbon.webapp.authenticator.framework/src/main/java/org/wso2/carbon/webapp/authenticator/framework/internal/WebappAuthenticatorFrameworkBundleActivator.java @@ -28,6 +28,10 @@ import org.wso2.carbon.webapp.authenticator.framework.DataHolder; import org.wso2.carbon.webapp.authenticator.framework.WebappAuthenticator; import org.wso2.carbon.webapp.authenticator.framework.WebappAuthenticatorFrameworkValve; import org.wso2.carbon.webapp.authenticator.framework.WebappAuthenticatorRepository; +import org.wso2.carbon.webapp.authenticator.framework.authorizer.PermissionAuthorizerUtil; +import org.wso2.carbon.webapp.authenticator.framework.authorizer.PermissionAuthorizerValve; +import org.wso2.carbon.webapp.authenticator.framework.authorizer.config.Permission; +import org.wso2.carbon.webapp.authenticator.framework.authorizer.config.PermissionAuthorizerConfig; import org.wso2.carbon.webapp.authenticator.framework.config.AuthenticatorConfig; import org.wso2.carbon.webapp.authenticator.framework.config.WebappAuthenticatorConfig; @@ -54,8 +58,15 @@ public class WebappAuthenticatorFrameworkBundleActivator implements BundleActiva } DataHolder.setWebappAuthenticatorRepository(repository); + // Adding permissions to registry +// PermissionAuthorizerConfig.init(); +// for (Permission permission : PermissionAuthorizerConfig.getInstance().getPermissions()) { +// PermissionAuthorizerUtil.addPermission(permission); +// } + List valves = new ArrayList(); valves.add(new WebappAuthenticatorFrameworkValve()); + valves.add(new PermissionAuthorizerValve()); TomcatValveContainer.addValves(valves); if (log.isDebugEnabled()) { diff --git a/features/webapp-authenticator-framework/org.wso2.carbon.webapp.authenticator.framework.server.feature/src/main/resources/p2.inf b/features/webapp-authenticator-framework/org.wso2.carbon.webapp.authenticator.framework.server.feature/src/main/resources/p2.inf index 91ac161b4ee..49291ae9be7 100644 --- a/features/webapp-authenticator-framework/org.wso2.carbon.webapp.authenticator.framework.server.feature/src/main/resources/p2.inf +++ b/features/webapp-authenticator-framework/org.wso2.carbon.webapp.authenticator.framework.server.feature/src/main/resources/p2.inf @@ -1,2 +1,3 @@ instructions.configure = \ -org.eclipse.equinox.p2.touchpoint.natives.copy(source:${installFolder}/../features/org.wso2.carbon.webapp.authenticator.framework.server_${feature.version}/conf/webapp-authenticator-config.xml,target:${installFolder}/../../conf/etc/webapp-authenticator-config.xml,overwrite:true);\ \ No newline at end of file +org.eclipse.equinox.p2.touchpoint.natives.copy(source:${installFolder}/../features/org.wso2.carbon.webapp.authenticator.framework.server_${feature.version}/conf/webapp-authenticator-config.xml,target:${installFolder}/../../conf/etc/webapp-authenticator-config.xml,overwrite:true);\ +org.eclipse.equinox.p2.touchpoint.natives.copy(source:${installFolder}/../features/org.wso2.carbon.webapp.authenticator.framework.server_${feature.version}/conf/permissions-config.xml,target:${installFolder}/../../conf/etc/permissions-config.xml,overwrite:true);\ \ No newline at end of file From 37854a2cef2c042948663c230b9318c82045724e Mon Sep 17 00:00:00 2001 From: milanperera Date: Mon, 14 Sep 2015 15:51:23 +0530 Subject: [PATCH 2/9] Partial Commit --- .../core/config/permission/Permission.java | 24 +++++++++++- .../permission/PermissionConfiguration.java | 38 ------------------- .../WebappAuthenticatorFrameworkValve.java | 6 --- 3 files changed, 22 insertions(+), 46 deletions(-) delete mode 100644 components/device-mgt/org.wso2.carbon.device.mgt.core/src/main/java/org/wso2/carbon/device/mgt/core/config/permission/PermissionConfiguration.java diff --git a/components/device-mgt/org.wso2.carbon.device.mgt.core/src/main/java/org/wso2/carbon/device/mgt/core/config/permission/Permission.java b/components/device-mgt/org.wso2.carbon.device.mgt.core/src/main/java/org/wso2/carbon/device/mgt/core/config/permission/Permission.java index 76810771b86..a6e7287fade 100644 --- a/components/device-mgt/org.wso2.carbon.device.mgt.core/src/main/java/org/wso2/carbon/device/mgt/core/config/permission/Permission.java +++ b/components/device-mgt/org.wso2.carbon.device.mgt.core/src/main/java/org/wso2/carbon/device/mgt/core/config/permission/Permission.java @@ -24,8 +24,10 @@ import javax.xml.bind.annotation.XmlRootElement; @XmlRootElement(name = "Permission") public class Permission{ - private String name; - private String path; + private String name; // permission name + private String path; // permission string + private String url; // url of the resource + private String method; // http method public String getName() { return name; @@ -44,4 +46,22 @@ public class Permission{ public void setPath(String path) { this.path = path; } + + public String getUrl() { + return url; + } + + @XmlElement(name = "url", required = true) + public void setUrl(String url) { + this.url = url; + } + + public String getMethod() { + return method; + } + + @XmlElement(name = "method", required = true) + public void setMethod(String method) { + this.method = method; + } } diff --git a/components/device-mgt/org.wso2.carbon.device.mgt.core/src/main/java/org/wso2/carbon/device/mgt/core/config/permission/PermissionConfiguration.java b/components/device-mgt/org.wso2.carbon.device.mgt.core/src/main/java/org/wso2/carbon/device/mgt/core/config/permission/PermissionConfiguration.java deleted file mode 100644 index c2c9d08e3b4..00000000000 --- a/components/device-mgt/org.wso2.carbon.device.mgt.core/src/main/java/org/wso2/carbon/device/mgt/core/config/permission/PermissionConfiguration.java +++ /dev/null @@ -1,38 +0,0 @@ -/* - * Copyright (c) 2015, WSO2 Inc. (http://www.wso2.org) All Rights Reserved. - * - * WSO2 Inc. licenses this file to you under the Apache License, - * Version 2.0 (the "License"); you may not use this file except - * in compliance with the License. - * you may obtain a copy of the License at - * - * http://www.apache.org/licenses/LICENSE-2.0 - * - * Unless required by applicable law or agreed to in writing, - * software distributed under the License is distributed on an - * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY - * KIND, either express or implied. See the License for the - * specific language governing permissions and limitations - * under the License. - */ - -package org.wso2.carbon.device.mgt.core.config.permission; - -import javax.xml.bind.annotation.XmlElement; -import javax.xml.bind.annotation.XmlRootElement; -import java.util.List; - -@XmlRootElement(name = "PermissionConfiguration") -public class PermissionConfiguration { - - private List permissions; - - public List getPermissions() { - return permissions; - } - - @XmlElement(name = "Permission", required = true) - public void setPermissions(List permissions) { - this.permissions = permissions; - } -} diff --git a/components/webapp-authenticator-framework/org.wso2.carbon.webapp.authenticator.framework/src/main/java/org/wso2/carbon/webapp/authenticator/framework/WebappAuthenticatorFrameworkValve.java b/components/webapp-authenticator-framework/org.wso2.carbon.webapp.authenticator.framework/src/main/java/org/wso2/carbon/webapp/authenticator/framework/WebappAuthenticatorFrameworkValve.java index 8496319969d..1701c7d30c9 100644 --- a/components/webapp-authenticator-framework/org.wso2.carbon.webapp.authenticator.framework/src/main/java/org/wso2/carbon/webapp/authenticator/framework/WebappAuthenticatorFrameworkValve.java +++ b/components/webapp-authenticator-framework/org.wso2.carbon.webapp.authenticator.framework/src/main/java/org/wso2/carbon/webapp/authenticator/framework/WebappAuthenticatorFrameworkValve.java @@ -27,14 +27,8 @@ import org.wso2.carbon.tomcat.ext.valves.CompositeValve; import org.wso2.carbon.webapp.authenticator.framework.authenticator.WebappAuthenticator; import javax.servlet.http.HttpServletResponse; -<<<<<<< HEAD -import java.util.ArrayList; -import java.util.List; -import java.util.Properties; -======= import java.util.Arrays; import java.util.List; ->>>>>>> e1a74e049dbebd513910e9ed69226f488d73c314 public class WebappAuthenticatorFrameworkValve extends CarbonTomcatValve { From ed937467cd86fda713c4be4d0855986336afb18c Mon Sep 17 00:00:00 2001 From: milanperera Date: Thu, 1 Oct 2015 17:35:08 +0530 Subject: [PATCH 3/9] Refactored permission authorizer module --- .../core/config/permission/Permission.java | 43 +++--- .../permission/PermissionConfiguration.java | 21 +-- .../config/permission/PermissionManager.java | 123 ++++++------------ ...missionHolder.java => PermissionNode.java} | 22 ++-- .../config/permission/PermissionUtils.java | 2 +- ...java => PermissionAuthorizationValve.java} | 6 +- .../authorizer/PermissionAuthorizer.java | 6 +- ...uthenticatorFrameworkServiceComponent.java | 5 +- 8 files changed, 99 insertions(+), 129 deletions(-) rename components/device-mgt/org.wso2.carbon.device.mgt.core/src/main/java/org/wso2/carbon/device/mgt/core/config/permission/{PermissionHolder.java => PermissionNode.java} (74%) rename components/webapp-authenticator-framework/org.wso2.carbon.webapp.authenticator.framework/src/main/java/org/wso2/carbon/webapp/authenticator/framework/authorizer/{PermissionAuthorizerValve.java => PermissionAuthorizationValve.java} (96%) diff --git a/components/device-mgt/org.wso2.carbon.device.mgt.core/src/main/java/org/wso2/carbon/device/mgt/core/config/permission/Permission.java b/components/device-mgt/org.wso2.carbon.device.mgt.core/src/main/java/org/wso2/carbon/device/mgt/core/config/permission/Permission.java index a6e7287fade..271817cfd3c 100644 --- a/components/device-mgt/org.wso2.carbon.device.mgt.core/src/main/java/org/wso2/carbon/device/mgt/core/config/permission/Permission.java +++ b/components/device-mgt/org.wso2.carbon.device.mgt.core/src/main/java/org/wso2/carbon/device/mgt/core/config/permission/Permission.java @@ -21,37 +21,40 @@ package org.wso2.carbon.device.mgt.core.config.permission; import javax.xml.bind.annotation.XmlElement; import javax.xml.bind.annotation.XmlRootElement; -@XmlRootElement(name = "Permission") -public class Permission{ +/** + * This class represents the information related to permission. + */ +@XmlRootElement (name = "Permission") +public class Permission { - private String name; // permission name - private String path; // permission string + private String name; // permission name + private String path; // permission string private String url; // url of the resource private String method; // http method - public String getName() { - return name; - } + public String getName() { + return name; + } - @XmlElement(name = "name", required = true) - public void setName(String name) { - this.name = name; - } + @XmlElement (name = "name", required = true) + public void setName(String name) { + this.name = name; + } - public String getPath() { - return path; - } + public String getPath() { + return path; + } - @XmlElement(name = "path", required = true) - public void setPath(String path) { - this.path = path; - } + @XmlElement (name = "path", required = true) + public void setPath(String path) { + this.path = path; + } public String getUrl() { return url; } - @XmlElement(name = "url", required = true) + @XmlElement (name = "url", required = true) public void setUrl(String url) { this.url = url; } @@ -60,7 +63,7 @@ public class Permission{ return method; } - @XmlElement(name = "method", required = true) + @XmlElement (name = "method", required = true) public void setMethod(String method) { this.method = method; } diff --git a/components/device-mgt/org.wso2.carbon.device.mgt.core/src/main/java/org/wso2/carbon/device/mgt/core/config/permission/PermissionConfiguration.java b/components/device-mgt/org.wso2.carbon.device.mgt.core/src/main/java/org/wso2/carbon/device/mgt/core/config/permission/PermissionConfiguration.java index c2c9d08e3b4..e5da6c5133e 100644 --- a/components/device-mgt/org.wso2.carbon.device.mgt.core/src/main/java/org/wso2/carbon/device/mgt/core/config/permission/PermissionConfiguration.java +++ b/components/device-mgt/org.wso2.carbon.device.mgt.core/src/main/java/org/wso2/carbon/device/mgt/core/config/permission/PermissionConfiguration.java @@ -22,17 +22,20 @@ import javax.xml.bind.annotation.XmlElement; import javax.xml.bind.annotation.XmlRootElement; import java.util.List; -@XmlRootElement(name = "PermissionConfiguration") +/** + * This class represents the information related to permission configuration. + */ +@XmlRootElement (name = "PermissionConfiguration") public class PermissionConfiguration { - private List permissions; + private List permissions; - public List getPermissions() { - return permissions; - } + public List getPermissions() { + return permissions; + } - @XmlElement(name = "Permission", required = true) - public void setPermissions(List permissions) { - this.permissions = permissions; - } + @XmlElement (name = "Permission", required = true) + public void setPermissions(List permissions) { + this.permissions = permissions; + } } diff --git a/components/device-mgt/org.wso2.carbon.device.mgt.core/src/main/java/org/wso2/carbon/device/mgt/core/config/permission/PermissionManager.java b/components/device-mgt/org.wso2.carbon.device.mgt.core/src/main/java/org/wso2/carbon/device/mgt/core/config/permission/PermissionManager.java index cac4226dfcf..d739256f22c 100644 --- a/components/device-mgt/org.wso2.carbon.device.mgt.core/src/main/java/org/wso2/carbon/device/mgt/core/config/permission/PermissionManager.java +++ b/components/device-mgt/org.wso2.carbon.device.mgt.core/src/main/java/org/wso2/carbon/device/mgt/core/config/permission/PermissionManager.java @@ -32,96 +32,59 @@ import java.util.StringTokenizer; */ public class PermissionManager { - private static PermissionManager permissionManager; - private static PermissionHolder rootNode; + private static PermissionManager permissionManager; + private static PermissionTree permissionTree; // holds the permissions at runtime. - private PermissionManager(){}; - - public static PermissionManager getInstance() { - if (permissionManager == null) { - synchronized (PermissionManager.class) { - if (permissionManager == null) { - permissionManager = new PermissionManager(); - rootNode = new PermissionHolder("/"); // initializing the root node. - } - } - } - return permissionManager; - } + private PermissionManager() { + } - public boolean addPermission(Permission permission) throws DeviceManagementException { - StringTokenizer st = new StringTokenizer(permission.getUrl(), "/"); - PermissionHolder tempRoot = rootNode; - PermissionHolder tempChild; - while(st.hasMoreTokens()) { - tempChild = new PermissionHolder(st.nextToken()); - tempRoot = addPermissionNode(tempRoot, tempChild); + public static PermissionManager getInstance() { + if (permissionManager == null) { + synchronized (PermissionManager.class) { + if (permissionManager == null) { + permissionManager = new PermissionManager(); + permissionTree = new PermissionTree(); + } + } } - tempRoot.addPermission(permission.getMethod(), permission); //setting permission to the vertex - try { - return PermissionUtils.putPermission(permission); - } catch (DeviceManagementException e) { - throw new DeviceManagementException("Error occurred while adding the permission : " + - permission.getName(), e); - } - } - - public boolean addPermissions(List permissions) throws DeviceManagementException{ - for(Permission permission:permissions){ - this.addPermission(permission); - } - return true; - } + return permissionManager; + } - public void initializePermissions(InputStream permissionStream) throws DeviceManagementException { - try { - if(permissionStream != null){ - /* Un-marshaling Device Management configuration */ - JAXBContext cdmContext = JAXBContext.newInstance(PermissionConfiguration.class); - Unmarshaller unmarshaller = cdmContext.createUnmarshaller(); - PermissionConfiguration permissionConfiguration = (PermissionConfiguration) - unmarshaller.unmarshal(permissionStream); - if((permissionConfiguration != null) && (permissionConfiguration.getPermissions() != null)){ - this.addPermissions(permissionConfiguration.getPermissions()); - } - } - } catch (JAXBException e) { - throw new DeviceManagementException("Error occurred while initializing Data Source config", e); - } - } + public boolean addPermission(Permission permission) throws DeviceManagementException { + permissionTree.addPermission(permission); // adding a permission to the tree + try { + return PermissionUtils.putPermission(permission); + } catch (DeviceManagementException e) { + throw new DeviceManagementException("Error occurred while adding the permission : " + + permission.getName(), e); + } + } - private PermissionHolder addPermissionNode(PermissionHolder parent, PermissionHolder child) { - PermissionHolder existChild = parent.getChild(child.getPathName()); - if (existChild == null) { - parent.addChild(child); - return child; + public boolean addPermissions(List permissions) throws DeviceManagementException { + for (Permission permission : permissions) { + this.addPermission(permission); } - return existChild; + return true; } - public Permission getPermission(String url, String httpMethod) { - StringTokenizer st = new StringTokenizer(url, "/"); - PermissionHolder tempRoot = rootNode; - PermissionHolder previousRoot; - while (st.hasMoreTokens()) { - String currentToken = st.nextToken(); - previousRoot = tempRoot; - tempRoot = tempRoot.getChild(currentToken); - if (tempRoot == null) { - tempRoot = previousRoot; - int leftTokens = st.countTokens(); - for (int i = 0; i <= leftTokens; i++) { - if (tempRoot == null) { - return null; - } - tempRoot = tempRoot.getChild("*"); + public void initializePermissions(InputStream permissionStream) throws DeviceManagementException { + try { + if (permissionStream != null) { + /* Un-marshaling Device Management configuration */ + JAXBContext cdmContext = JAXBContext.newInstance(PermissionConfiguration.class); + Unmarshaller unmarshaller = cdmContext.createUnmarshaller(); + PermissionConfiguration permissionConfiguration = (PermissionConfiguration) + unmarshaller.unmarshal(permissionStream); + if (permissionConfiguration != null && permissionConfiguration.getPermissions() != null) { + this.addPermissions(permissionConfiguration.getPermissions()); } - break; } + } catch (JAXBException e) { + throw new DeviceManagementException("Error occurred while initializing Data Source config", e); } - if (tempRoot == null) { - return null; - } - return tempRoot.getPermission(httpMethod); + } + + public Permission getPermission(String url, String httpMethod) { + return permissionTree.getPermission(url, httpMethod); } } diff --git a/components/device-mgt/org.wso2.carbon.device.mgt.core/src/main/java/org/wso2/carbon/device/mgt/core/config/permission/PermissionHolder.java b/components/device-mgt/org.wso2.carbon.device.mgt.core/src/main/java/org/wso2/carbon/device/mgt/core/config/permission/PermissionNode.java similarity index 74% rename from components/device-mgt/org.wso2.carbon.device.mgt.core/src/main/java/org/wso2/carbon/device/mgt/core/config/permission/PermissionHolder.java rename to components/device-mgt/org.wso2.carbon.device.mgt.core/src/main/java/org/wso2/carbon/device/mgt/core/config/permission/PermissionNode.java index b83b97c0ed5..0c248cfe6eb 100644 --- a/components/device-mgt/org.wso2.carbon.device.mgt.core/src/main/java/org/wso2/carbon/device/mgt/core/config/permission/PermissionHolder.java +++ b/components/device-mgt/org.wso2.carbon.device.mgt.core/src/main/java/org/wso2/carbon/device/mgt/core/config/permission/PermissionNode.java @@ -25,15 +25,15 @@ import java.util.List; import java.util.Map; /** - * This class represents the node of a permission graph. + * This class represents the node of a permission tree. */ -public class PermissionHolder { +public class PermissionNode { - String pathName; - Map permissions = new HashMap(); - List children = new ArrayList(); + private String pathName; + private Map permissions = new HashMap(); + private List children = new ArrayList(); - public PermissionHolder(String pathName) { + public PermissionNode(String pathName) { this.pathName = pathName; } @@ -45,13 +45,13 @@ public class PermissionHolder { this.pathName = pathName; } - public List getChildren() { + public List getChildren() { return children; } - public PermissionHolder getChild(String pathName) { - PermissionHolder child = null; - for (PermissionHolder node : children) { + public PermissionNode getChild(String pathName) { + PermissionNode child = null; + for (PermissionNode node : children) { if (node.getPathName().equals(pathName)) { return node; } @@ -59,7 +59,7 @@ public class PermissionHolder { return child; } - public void addChild(PermissionHolder node) { + public void addChild(PermissionNode node) { children.add(node); } diff --git a/components/device-mgt/org.wso2.carbon.device.mgt.core/src/main/java/org/wso2/carbon/device/mgt/core/config/permission/PermissionUtils.java b/components/device-mgt/org.wso2.carbon.device.mgt.core/src/main/java/org/wso2/carbon/device/mgt/core/config/permission/PermissionUtils.java index 7e1f45a833c..78911ab1b19 100644 --- a/components/device-mgt/org.wso2.carbon.device.mgt.core/src/main/java/org/wso2/carbon/device/mgt/core/config/permission/PermissionUtils.java +++ b/components/device-mgt/org.wso2.carbon.device.mgt.core/src/main/java/org/wso2/carbon/device/mgt/core/config/permission/PermissionUtils.java @@ -84,7 +84,7 @@ public class PermissionUtils { return status; } - public static boolean checkPermissionExistance(Permission permission) + public static boolean checkPermissionExistence(Permission permission) throws DeviceManagementException, org.wso2.carbon.registry.core.exceptions.RegistryException { return PermissionUtils.getGovernanceRegistry().resourceExists(permission.getPath()); diff --git a/components/webapp-authenticator-framework/org.wso2.carbon.webapp.authenticator.framework/src/main/java/org/wso2/carbon/webapp/authenticator/framework/authorizer/PermissionAuthorizerValve.java b/components/webapp-authenticator-framework/org.wso2.carbon.webapp.authenticator.framework/src/main/java/org/wso2/carbon/webapp/authenticator/framework/authorizer/PermissionAuthorizationValve.java similarity index 96% rename from components/webapp-authenticator-framework/org.wso2.carbon.webapp.authenticator.framework/src/main/java/org/wso2/carbon/webapp/authenticator/framework/authorizer/PermissionAuthorizerValve.java rename to components/webapp-authenticator-framework/org.wso2.carbon.webapp.authenticator.framework/src/main/java/org/wso2/carbon/webapp/authenticator/framework/authorizer/PermissionAuthorizationValve.java index b02eac2f9b8..27042131a5b 100644 --- a/components/webapp-authenticator-framework/org.wso2.carbon.webapp.authenticator.framework/src/main/java/org/wso2/carbon/webapp/authenticator/framework/authorizer/PermissionAuthorizerValve.java +++ b/components/webapp-authenticator-framework/org.wso2.carbon.webapp.authenticator.framework/src/main/java/org/wso2/carbon/webapp/authenticator/framework/authorizer/PermissionAuthorizationValve.java @@ -29,9 +29,9 @@ import org.wso2.carbon.webapp.authenticator.framework.authenticator.WebappAuthen import javax.servlet.http.HttpServletResponse; -public class PermissionAuthorizerValve extends CarbonTomcatValve { +public class PermissionAuthorizationValve extends CarbonTomcatValve { - private static final Log log = LogFactory.getLog(PermissionAuthorizerValve.class); + private static final Log log = LogFactory.getLog(PermissionAuthorizationValve.class); private static final String AUTHORIZATION_ENABLED = "authorization-enabled"; @@ -44,7 +44,7 @@ public class PermissionAuthorizerValve extends CarbonTomcatValve { this.processResponse(request, response, compositeValve, WebappAuthenticator.Status.CONTINUE); return; } - // check whether the permission checking function is enabled + // check whether the permission checking function is enabled in web.xml boolean isEnabled = new Boolean(permissionStatus); if (!isEnabled) { this.processResponse(request, response, compositeValve, WebappAuthenticator.Status.CONTINUE); diff --git a/components/webapp-authenticator-framework/org.wso2.carbon.webapp.authenticator.framework/src/main/java/org/wso2/carbon/webapp/authenticator/framework/authorizer/PermissionAuthorizer.java b/components/webapp-authenticator-framework/org.wso2.carbon.webapp.authenticator.framework/src/main/java/org/wso2/carbon/webapp/authenticator/framework/authorizer/PermissionAuthorizer.java index 33baf447d31..530f5ea5ec2 100644 --- a/components/webapp-authenticator-framework/org.wso2.carbon.webapp.authenticator.framework/src/main/java/org/wso2/carbon/webapp/authenticator/framework/authorizer/PermissionAuthorizer.java +++ b/components/webapp-authenticator-framework/org.wso2.carbon.webapp.authenticator.framework/src/main/java/org/wso2/carbon/webapp/authenticator/framework/authorizer/PermissionAuthorizer.java @@ -39,12 +39,11 @@ public class PermissionAuthorizer { public WebappAuthenticator.Status authorize(Request request, Response response) { - // contextOperation is used to get defined operation type from the web.xml String requestUri = request.getRequestURI(); String requestMethod = request.getMethod(); if (requestUri == null || requestUri.isEmpty() || - requestMethod == null || requestMethod.isEmpty()) { + requestMethod == null || requestMethod.isEmpty()) { return WebappAuthenticator.Status.CONTINUE; } @@ -61,7 +60,10 @@ public class PermissionAuthorizer { String permissionString = requestPermission.getPath(); // This is added temporarily until authentication works. + // TODO remove below line. String username = "admin"; + // TODO uncomment this once the authentication works. + //String username = CarbonContext.getThreadLocalCarbonContext().getUsername(); boolean isUserAuthorized; try { diff --git a/components/webapp-authenticator-framework/org.wso2.carbon.webapp.authenticator.framework/src/main/java/org/wso2/carbon/webapp/authenticator/framework/internal/WebappAuthenticatorFrameworkServiceComponent.java b/components/webapp-authenticator-framework/org.wso2.carbon.webapp.authenticator.framework/src/main/java/org/wso2/carbon/webapp/authenticator/framework/internal/WebappAuthenticatorFrameworkServiceComponent.java index 5dc7ce49ead..a2894fab538 100644 --- a/components/webapp-authenticator-framework/org.wso2.carbon.webapp.authenticator.framework/src/main/java/org/wso2/carbon/webapp/authenticator/framework/internal/WebappAuthenticatorFrameworkServiceComponent.java +++ b/components/webapp-authenticator-framework/org.wso2.carbon.webapp.authenticator.framework/src/main/java/org/wso2/carbon/webapp/authenticator/framework/internal/WebappAuthenticatorFrameworkServiceComponent.java @@ -23,7 +23,6 @@ import org.apache.commons.logging.LogFactory; import org.osgi.service.component.ComponentContext; import org.wso2.carbon.certificate.mgt.core.service.CertificateManagementService; import org.wso2.carbon.device.mgt.core.scep.SCEPManager; -import org.wso2.carbon.device.mgt.core.service.DeviceManagementProviderService; import org.wso2.carbon.tomcat.ext.valves.CarbonTomcatValve; import org.wso2.carbon.tomcat.ext.valves.TomcatValveContainer; import org.wso2.carbon.user.core.service.RealmService; @@ -31,7 +30,7 @@ import org.wso2.carbon.webapp.authenticator.framework.DataHolder; import org.wso2.carbon.webapp.authenticator.framework.WebappAuthenticationHandler; import org.wso2.carbon.webapp.authenticator.framework.authenticator.WebappAuthenticator; import org.wso2.carbon.webapp.authenticator.framework.WebappAuthenticatorRepository; -import org.wso2.carbon.webapp.authenticator.framework.authorizer.PermissionAuthorizerValve; +import org.wso2.carbon.webapp.authenticator.framework.authorizer.PermissionAuthorizationValve; import org.wso2.carbon.webapp.authenticator.framework.config.AuthenticatorConfig; import org.wso2.carbon.webapp.authenticator.framework.config.WebappAuthenticatorConfig; @@ -87,7 +86,7 @@ public class WebappAuthenticatorFrameworkServiceComponent { List valves = new ArrayList(); valves.add(new WebappAuthenticationHandler()); - valves.add(new PermissionAuthorizerValve()); + valves.add(new PermissionAuthorizationValve()); TomcatValveContainer.addValves(valves); if (log.isDebugEnabled()) { From 02ad7fb8e10ade7f6ed0126e8505fb7fab35534c Mon Sep 17 00:00:00 2001 From: milanperera Date: Fri, 2 Oct 2015 16:40:13 +0530 Subject: [PATCH 4/9] Refactored authorization module --- .../device/mgt/core/config/permission/PermissionNode.java | 2 ++ 1 file changed, 2 insertions(+) diff --git a/components/device-mgt/org.wso2.carbon.device.mgt.core/src/main/java/org/wso2/carbon/device/mgt/core/config/permission/PermissionNode.java b/components/device-mgt/org.wso2.carbon.device.mgt.core/src/main/java/org/wso2/carbon/device/mgt/core/config/permission/PermissionNode.java index 0c248cfe6eb..b3dc92b95f4 100644 --- a/components/device-mgt/org.wso2.carbon.device.mgt.core/src/main/java/org/wso2/carbon/device/mgt/core/config/permission/PermissionNode.java +++ b/components/device-mgt/org.wso2.carbon.device.mgt.core/src/main/java/org/wso2/carbon/device/mgt/core/config/permission/PermissionNode.java @@ -26,6 +26,8 @@ import java.util.Map; /** * This class represents the node of a permission tree. + * It holds the current path name, list of permissions associated with URL + * and the set of children. */ public class PermissionNode { From a84edd7a99d58fdb512084c98910c98f37c393f7 Mon Sep 17 00:00:00 2001 From: milanperera Date: Fri, 2 Oct 2015 16:40:52 +0530 Subject: [PATCH 5/9] Added seperate permission tree class --- .../config/permission/PermissionTree.java | 112 ++++++++++++++++++ 1 file changed, 112 insertions(+) create mode 100644 components/device-mgt/org.wso2.carbon.device.mgt.core/src/main/java/org/wso2/carbon/device/mgt/core/config/permission/PermissionTree.java diff --git a/components/device-mgt/org.wso2.carbon.device.mgt.core/src/main/java/org/wso2/carbon/device/mgt/core/config/permission/PermissionTree.java b/components/device-mgt/org.wso2.carbon.device.mgt.core/src/main/java/org/wso2/carbon/device/mgt/core/config/permission/PermissionTree.java new file mode 100644 index 00000000000..4017ae059b4 --- /dev/null +++ b/components/device-mgt/org.wso2.carbon.device.mgt.core/src/main/java/org/wso2/carbon/device/mgt/core/config/permission/PermissionTree.java @@ -0,0 +1,112 @@ +/* + * Copyright (c) 2015, WSO2 Inc. (http://www.wso2.org) All Rights Reserved. + * + * WSO2 Inc. licenses this file to you under the Apache License, + * Version 2.0 (the "License"); you may not use this file except + * in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, + * software distributed under the License is distributed on an + * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY + * KIND, either express or implied. See the License for the + * specific language governing permissions and limitations + * under the License. + */ + +package org.wso2.carbon.device.mgt.core.config.permission; + +import org.apache.commons.logging.Log; +import org.apache.commons.logging.LogFactory; + +import java.util.StringTokenizer; + +/** + * This class represents a tree data structure which will be used for adding and retrieving permissions. + */ +public class PermissionTree { + + private PermissionNode rootNode; + private static final String DYNAMIC_PATH_NOTATION = "*"; + private static final Log log = LogFactory.getLog(PermissionTree.class); + + public PermissionTree() { + rootNode = new PermissionNode("/"); // initializing the root node. + } + + /** + * This method is used to add permissions to the tree. Once it receives the permission + * it will traverse through the given request path with respect to the permission and place + * the permission in the appropriate place in the tree. + * + * @param permission Permission object. + */ + public void addPermission(Permission permission) { + StringTokenizer st = new StringTokenizer(permission.getUrl(), "/"); + PermissionNode tempRoot = rootNode; + PermissionNode tempChild; + while (st.hasMoreTokens()) { + tempChild = new PermissionNode(st.nextToken()); + tempRoot = addPermissionNode(tempRoot, tempChild); + } + tempRoot.addPermission(permission.getMethod(), permission); //setting permission to the vertex + if (log.isDebugEnabled()) { + log.debug("Added permission '" + permission.getName() + "'"); + } + } + + /** + * This method is used to add vertex to the graph. The method will check for the given child + * whether exists within the list of children of the given parent. + * + * @param parent Parent PermissionNode. + * @param child Child PermissionNode. + * @return returns the newly created child or the existing child. + */ + private PermissionNode addPermissionNode(PermissionNode parent, PermissionNode child) { + PermissionNode existChild = parent.getChild(child.getPathName()); + if (existChild == null) { + parent.addChild(child); + return child; + } + return existChild; + } + + /** + * This method is used to retrieve the permission for a given url and http method. + * Breath First Search (BFS) is used to traverse the tree. + * + * @param url Request URL. + * @param httpMethod HTTP method of the request. + * @return returns the permission with related to the request path or null if there is + * no any permission that is stored with respected to the given request path. + */ + public Permission getPermission(String url, String httpMethod) { + StringTokenizer st = new StringTokenizer(url, "/"); + PermissionNode tempRoot = rootNode; + while (st.hasMoreTokens()) { + String currentToken = st.nextToken(); + + // returns the child node which matches with the 'currentToken' path. + tempRoot = tempRoot.getChild(currentToken); + + // if tempRoot is null, that means 'currentToken' is not matched with the child's path. + // It means that it is at a point where the request must have dynamic path variables. + // Therefor it looks for '*' in the request path. ('*' denotes dynamic path variable). + if (tempRoot == null) { + tempRoot = tempRoot.getChild(DYNAMIC_PATH_NOTATION); + // if tempRoot is null, that means there is no any permission which matches with the + // given path + if (tempRoot == null) { + if (log.isDebugEnabled()) { + log.debug("Permission for request path '" + url + "' does not exist"); + } + return null; + } + } + } + return tempRoot.getPermission(httpMethod); + } +} From a0187b905bfba7c533979c1a385ddced72af14dc Mon Sep 17 00:00:00 2001 From: milanperera Date: Fri, 2 Oct 2015 16:57:42 +0530 Subject: [PATCH 6/9] Removed unneccessary imports and code segments --- .../mgt/core/config/permission/PermissionManager.java | 1 - .../WebappAuthenticatorFrameworkServiceComponent.java | 6 ------ 2 files changed, 7 deletions(-) diff --git a/components/device-mgt/org.wso2.carbon.device.mgt.core/src/main/java/org/wso2/carbon/device/mgt/core/config/permission/PermissionManager.java b/components/device-mgt/org.wso2.carbon.device.mgt.core/src/main/java/org/wso2/carbon/device/mgt/core/config/permission/PermissionManager.java index d739256f22c..34e8105bd5d 100644 --- a/components/device-mgt/org.wso2.carbon.device.mgt.core/src/main/java/org/wso2/carbon/device/mgt/core/config/permission/PermissionManager.java +++ b/components/device-mgt/org.wso2.carbon.device.mgt.core/src/main/java/org/wso2/carbon/device/mgt/core/config/permission/PermissionManager.java @@ -25,7 +25,6 @@ import javax.xml.bind.JAXBException; import javax.xml.bind.Unmarshaller; import java.io.InputStream; import java.util.List; -import java.util.StringTokenizer; /** * This class will add, update custom permissions defined in permission.xml in webapps. diff --git a/components/webapp-authenticator-framework/org.wso2.carbon.webapp.authenticator.framework/src/main/java/org/wso2/carbon/webapp/authenticator/framework/internal/WebappAuthenticatorFrameworkServiceComponent.java b/components/webapp-authenticator-framework/org.wso2.carbon.webapp.authenticator.framework/src/main/java/org/wso2/carbon/webapp/authenticator/framework/internal/WebappAuthenticatorFrameworkServiceComponent.java index a2894fab538..8efb262b1a0 100644 --- a/components/webapp-authenticator-framework/org.wso2.carbon.webapp.authenticator.framework/src/main/java/org/wso2/carbon/webapp/authenticator/framework/internal/WebappAuthenticatorFrameworkServiceComponent.java +++ b/components/webapp-authenticator-framework/org.wso2.carbon.webapp.authenticator.framework/src/main/java/org/wso2/carbon/webapp/authenticator/framework/internal/WebappAuthenticatorFrameworkServiceComponent.java @@ -78,12 +78,6 @@ public class WebappAuthenticatorFrameworkServiceComponent { } DataHolder.getInstance().setWebappAuthenticatorRepository(repository); - // Adding permissions to registry -// PermissionAuthorizerConfig.init(); -// for (Permission permission : PermissionAuthorizerConfig.getInstance().getPermissions()) { -// PermissionAuthorizerUtil.addPermission(permission); -// } - List valves = new ArrayList(); valves.add(new WebappAuthenticationHandler()); valves.add(new PermissionAuthorizationValve()); From e408d500379c5ec629cbae4a8a2375aadc2f9d11 Mon Sep 17 00:00:00 2001 From: milanperera Date: Fri, 2 Oct 2015 17:07:57 +0530 Subject: [PATCH 7/9] Refactored permission module --- .../device/mgt/core/config/permission/PermissionTree.java | 7 ++++--- .../framework/authorizer/PermissionAuthorizer.java | 4 +++- 2 files changed, 7 insertions(+), 4 deletions(-) diff --git a/components/device-mgt/org.wso2.carbon.device.mgt.core/src/main/java/org/wso2/carbon/device/mgt/core/config/permission/PermissionTree.java b/components/device-mgt/org.wso2.carbon.device.mgt.core/src/main/java/org/wso2/carbon/device/mgt/core/config/permission/PermissionTree.java index 4017ae059b4..d74ae1505c5 100644 --- a/components/device-mgt/org.wso2.carbon.device.mgt.core/src/main/java/org/wso2/carbon/device/mgt/core/config/permission/PermissionTree.java +++ b/components/device-mgt/org.wso2.carbon.device.mgt.core/src/main/java/org/wso2/carbon/device/mgt/core/config/permission/PermissionTree.java @@ -30,10 +30,11 @@ public class PermissionTree { private PermissionNode rootNode; private static final String DYNAMIC_PATH_NOTATION = "*"; + private static final String ROOT = "/"; private static final Log log = LogFactory.getLog(PermissionTree.class); public PermissionTree() { - rootNode = new PermissionNode("/"); // initializing the root node. + rootNode = new PermissionNode(ROOT); // initializing the root node. } /** @@ -44,7 +45,7 @@ public class PermissionTree { * @param permission Permission object. */ public void addPermission(Permission permission) { - StringTokenizer st = new StringTokenizer(permission.getUrl(), "/"); + StringTokenizer st = new StringTokenizer(permission.getUrl(), ROOT); PermissionNode tempRoot = rootNode; PermissionNode tempChild; while (st.hasMoreTokens()) { @@ -84,7 +85,7 @@ public class PermissionTree { * no any permission that is stored with respected to the given request path. */ public Permission getPermission(String url, String httpMethod) { - StringTokenizer st = new StringTokenizer(url, "/"); + StringTokenizer st = new StringTokenizer(url, ROOT); PermissionNode tempRoot = rootNode; while (st.hasMoreTokens()) { String currentToken = st.nextToken(); diff --git a/components/webapp-authenticator-framework/org.wso2.carbon.webapp.authenticator.framework/src/main/java/org/wso2/carbon/webapp/authenticator/framework/authorizer/PermissionAuthorizer.java b/components/webapp-authenticator-framework/org.wso2.carbon.webapp.authenticator.framework/src/main/java/org/wso2/carbon/webapp/authenticator/framework/authorizer/PermissionAuthorizer.java index 530f5ea5ec2..469b085e20c 100644 --- a/components/webapp-authenticator-framework/org.wso2.carbon.webapp.authenticator.framework/src/main/java/org/wso2/carbon/webapp/authenticator/framework/authorizer/PermissionAuthorizer.java +++ b/components/webapp-authenticator-framework/org.wso2.carbon.webapp.authenticator.framework/src/main/java/org/wso2/carbon/webapp/authenticator/framework/authorizer/PermissionAuthorizer.java @@ -26,6 +26,7 @@ import org.wso2.carbon.context.CarbonContext; import org.wso2.carbon.device.mgt.core.config.permission.Permission; import org.wso2.carbon.device.mgt.core.config.permission.PermissionManager; import org.wso2.carbon.user.api.UserStoreException; +import org.wso2.carbon.webapp.authenticator.framework.Constants; import org.wso2.carbon.webapp.authenticator.framework.authenticator.WebappAuthenticator; import java.util.StringTokenizer; @@ -68,7 +69,8 @@ public class PermissionAuthorizer { boolean isUserAuthorized; try { isUserAuthorized = CarbonContext.getThreadLocalCarbonContext().getUserRealm(). - getAuthorizationManager().isUserAuthorized(username, permissionString, "read"); + getAuthorizationManager().isUserAuthorized(username, permissionString, + Constants.PermissionMethod.READ); } catch (UserStoreException e) { log.error("Error occurred while retrieving user store. " + e.getMessage()); return WebappAuthenticator.Status.FAILURE; From 17112c36162c99db9ead57a70f7bac51b4cda9f9 Mon Sep 17 00:00:00 2001 From: milanperera Date: Fri, 2 Oct 2015 17:12:14 +0530 Subject: [PATCH 8/9] Removed unused constants --- .../webapp/authenticator/framework/Constants.java | 12 ------------ 1 file changed, 12 deletions(-) diff --git a/components/webapp-authenticator-framework/org.wso2.carbon.webapp.authenticator.framework/src/main/java/org/wso2/carbon/webapp/authenticator/framework/Constants.java b/components/webapp-authenticator-framework/org.wso2.carbon.webapp.authenticator.framework/src/main/java/org/wso2/carbon/webapp/authenticator/framework/Constants.java index dc467e1c245..9d85c6bb46c 100644 --- a/components/webapp-authenticator-framework/org.wso2.carbon.webapp.authenticator.framework/src/main/java/org/wso2/carbon/webapp/authenticator/framework/Constants.java +++ b/components/webapp-authenticator-framework/org.wso2.carbon.webapp.authenticator.framework/src/main/java/org/wso2/carbon/webapp/authenticator/framework/Constants.java @@ -21,7 +21,6 @@ public final class Constants { public static final String AUTHORIZATION_HEADER_PREFIX_BEARER = "Bearer"; public static final String NO_MATCHING_AUTH_SCHEME = "noMatchedAuthScheme"; - public static final String PERMISSION_PATH = "/_system/governance/permission/admin/device-mgt/"; public static final class HTTPHeaders { private HTTPHeaders() { @@ -41,17 +40,6 @@ public final class Constants { public static final String CONTENT_TYPE_APPLICATION_XML = "application/xml"; } - public static final class HttpVerb { - private HttpVerb() { - throw new AssertionError(); - } - - public static final String GET = "GET"; - public static final String POST = "POST"; - public static final String DELETE = "DELETE"; - public static final String PUT = "PUT"; - } - public static final class PermissionMethod { private PermissionMethod() { throw new AssertionError(); From 0d259b2a6e64e77a37efc4769838ab2be093e9c3 Mon Sep 17 00:00:00 2001 From: Dilshan Edirisuriya Date: Mon, 5 Oct 2015 11:34:14 +0530 Subject: [PATCH 9/9] Enabling SAML --- .../pom.xml | 4 + .../impl/DynamicClientRegistrationImpl.java | 95 +++++++++++++++---- pom.xml | 5 + 3 files changed, 86 insertions(+), 18 deletions(-) diff --git a/components/dynamic-client-registration/org.wso2.carbon.dynamic.client.registration/pom.xml b/components/dynamic-client-registration/org.wso2.carbon.dynamic.client.registration/pom.xml index f9f1d342062..51bce89c192 100644 --- a/components/dynamic-client-registration/org.wso2.carbon.dynamic.client.registration/pom.xml +++ b/components/dynamic-client-registration/org.wso2.carbon.dynamic.client.registration/pom.xml @@ -84,6 +84,10 @@ org.wso2.carbon.identity org.wso2.carbon.identity.oauth + + org.wso2.carbon.identity + org.wso2.carbon.identity.sso.saml + com.googlecode.json-simple.wso2 json-simple diff --git a/components/dynamic-client-registration/org.wso2.carbon.dynamic.client.registration/src/main/java/org/wso2/carbon/dynamic/client/registration/impl/DynamicClientRegistrationImpl.java b/components/dynamic-client-registration/org.wso2.carbon.dynamic.client.registration/src/main/java/org/wso2/carbon/dynamic/client/registration/impl/DynamicClientRegistrationImpl.java index 599619cfc1b..94cc4bf81cf 100644 --- a/components/dynamic-client-registration/org.wso2.carbon.dynamic.client.registration/src/main/java/org/wso2/carbon/dynamic/client/registration/impl/DynamicClientRegistrationImpl.java +++ b/components/dynamic-client-registration/org.wso2.carbon.dynamic.client.registration/src/main/java/org/wso2/carbon/dynamic/client/registration/impl/DynamicClientRegistrationImpl.java @@ -24,20 +24,27 @@ import org.json.JSONException; import org.json.JSONObject; import org.wso2.carbon.context.CarbonContext; import org.wso2.carbon.context.PrivilegedCarbonContext; +import org.wso2.carbon.context.RegistryType; import org.wso2.carbon.dynamic.client.registration.ApplicationConstants; import org.wso2.carbon.dynamic.client.registration.DynamicClientRegistrationException; import org.wso2.carbon.dynamic.client.registration.DynamicClientRegistrationService; import org.wso2.carbon.dynamic.client.registration.OAuthApplicationInfo; import org.wso2.carbon.dynamic.client.registration.profile.RegistrationProfile; import org.wso2.carbon.identity.application.common.IdentityApplicationManagementException; +import org.wso2.carbon.identity.application.common.model.AuthenticationStep; import org.wso2.carbon.identity.application.common.model.InboundAuthenticationConfig; import org.wso2.carbon.identity.application.common.model.InboundAuthenticationRequestConfig; +import org.wso2.carbon.identity.application.common.model.LocalAndOutboundAuthenticationConfig; +import org.wso2.carbon.identity.application.common.model.LocalAuthenticatorConfig; import org.wso2.carbon.identity.application.common.model.Property; import org.wso2.carbon.identity.application.common.model.ServiceProvider; import org.wso2.carbon.identity.application.mgt.ApplicationManagementService; import org.wso2.carbon.identity.base.IdentityException; import org.wso2.carbon.identity.oauth.OAuthAdminService; import org.wso2.carbon.identity.oauth.dto.OAuthConsumerAppDTO; +import org.wso2.carbon.identity.sso.saml.admin.SAMLSSOConfigAdmin; +import org.wso2.carbon.identity.sso.saml.dto.SAMLSSOServiceProviderDTO; +import org.wso2.carbon.registry.core.Registry; import org.wso2.carbon.utils.multitenancy.MultitenantUtils; import java.util.Arrays; @@ -48,6 +55,13 @@ import java.util.Arrays; public class DynamicClientRegistrationImpl implements DynamicClientRegistrationService { private static final String TOKEN_SCOPE = "tokenScope"; + private static final String MDM = "mdm"; + private static final String SAML_SSO = "samlsso"; + private static final String BASIC_AUTHENTICATOR = "BasicAuthenticator"; + private static final String BASIC = "basic"; + private static final String LOCAL = "local"; + private static final String ASSERTION_CONSUMER_URI = "https://localhost:9443/mdm/sso/acs"; + private static final String AUDIENCE = "https://null:9443/oauth2/token"; private static final Log log = LogFactory.getLog(DynamicClientRegistrationService.class); @Override @@ -89,16 +103,16 @@ public class DynamicClientRegistrationImpl implements DynamicClientRegistrationS if (jsonObject.has(ApplicationConstants.ClientMetadata.OAUTH_REDIRECT_URIS)) { oAuthApplicationInfo .addParameter(ApplicationConstants.ClientMetadata.OAUTH_REDIRECT_URIS, - jsonObject - .get(ApplicationConstants.ClientMetadata. - OAUTH_REDIRECT_URIS)); + jsonObject + .get(ApplicationConstants.ClientMetadata. + OAUTH_REDIRECT_URIS)); } if (jsonObject.has(ApplicationConstants.ClientMetadata.OAUTH_CLIENT_GRANT)) { oAuthApplicationInfo.addParameter(ApplicationConstants.ClientMetadata. - OAUTH_CLIENT_GRANT, jsonObject - .get(ApplicationConstants.ClientMetadata. - OAUTH_CLIENT_GRANT)); + OAUTH_CLIENT_GRANT, jsonObject + .get(ApplicationConstants.ClientMetadata. + OAUTH_CLIENT_GRANT)); } } catch (JSONException e) { throw new DynamicClientRegistrationException( @@ -148,9 +162,14 @@ public class DynamicClientRegistrationImpl implements DynamicClientRegistrationS if (appMgtService == null) { throw new IllegalStateException( "Error occurred while retrieving Application Management" + - "Service"); + "Service"); + } + + ServiceProvider existingServiceProvider = appMgtService.getApplication(applicationName); + + if(existingServiceProvider == null) { + appMgtService.createApplication(serviceProvider); } - appMgtService.createApplication(serviceProvider); ServiceProvider createdServiceProvider = appMgtService.getApplication(applicationName); if (createdServiceProvider == null) { @@ -170,14 +189,17 @@ public class DynamicClientRegistrationImpl implements DynamicClientRegistrationS log.debug("Creating OAuth App " + applicationName); } - oAuthAdminService.registerOAuthApplicationData(oAuthConsumerAppDTO); + if(existingServiceProvider == null) { + oAuthAdminService.registerOAuthApplicationData(oAuthConsumerAppDTO); + } + if (log.isDebugEnabled()) { log.debug("Created OAuth App " + applicationName); } OAuthConsumerAppDTO createdApp = oAuthAdminService.getOAuthApplicationDataByAppName(oAuthConsumerAppDTO - .getApplicationName()); + .getApplicationName()); if (log.isDebugEnabled()) { log.debug("Retrieved Details for OAuth App " + createdApp.getApplicationName()); } @@ -185,15 +207,15 @@ public class DynamicClientRegistrationImpl implements DynamicClientRegistrationS InboundAuthenticationConfig inboundAuthenticationConfig = new InboundAuthenticationConfig(); InboundAuthenticationRequestConfig[] inboundAuthenticationRequestConfigs = new - InboundAuthenticationRequestConfig[1]; + InboundAuthenticationRequestConfig[2]; + InboundAuthenticationRequestConfig inboundAuthenticationRequestConfig = new InboundAuthenticationRequestConfig(); - inboundAuthenticationRequestConfig.setInboundAuthKey(createdApp.getOauthConsumerKey()); inboundAuthenticationRequestConfig.setInboundAuthType("oauth2"); if (createdApp.getOauthConsumerSecret() != null && !createdApp. - getOauthConsumerSecret() - .isEmpty()) { + getOauthConsumerSecret() + .isEmpty()) { Property property = new Property(); property.setName("oauthConsumerSecret"); property.setValue(createdApp.getOauthConsumerSecret()); @@ -201,10 +223,41 @@ public class DynamicClientRegistrationImpl implements DynamicClientRegistrationS inboundAuthenticationRequestConfig.setProperties(properties); } + SAMLSSOServiceProviderDTO samlssoServiceProviderDTO = new SAMLSSOServiceProviderDTO(); + samlssoServiceProviderDTO.setIssuer(MDM); + samlssoServiceProviderDTO.setAssertionConsumerUrl(ASSERTION_CONSUMER_URI); + samlssoServiceProviderDTO.setDoSignResponse(true); + samlssoServiceProviderDTO.setRequestedAudiences(new String[]{AUDIENCE}); + + SAMLSSOConfigAdmin configAdmin = new SAMLSSOConfigAdmin(getConfigSystemRegistry()); + configAdmin.addRelyingPartyServiceProvider(samlssoServiceProviderDTO); + + InboundAuthenticationRequestConfig samlAuthenticationRequest = new InboundAuthenticationRequestConfig(); + samlAuthenticationRequest.setInboundAuthKey(MDM); + samlAuthenticationRequest.setInboundAuthType(SAML_SSO); + + LocalAuthenticatorConfig localAuth = new LocalAuthenticatorConfig(); + localAuth.setName(BASIC_AUTHENTICATOR); + localAuth.setDisplayName(BASIC); + localAuth.setEnabled(true); + + AuthenticationStep authStep = new AuthenticationStep(); + authStep.setStepOrder(1); + authStep.setSubjectStep(true); + authStep.setAttributeStep(true); + + authStep.setLocalAuthenticatorConfigs(new LocalAuthenticatorConfig[]{localAuth}); + + LocalAndOutboundAuthenticationConfig localOutboundAuthConfig = new LocalAndOutboundAuthenticationConfig(); + localOutboundAuthConfig.setAuthenticationType(LOCAL); + localOutboundAuthConfig.setAuthenticationSteps(new AuthenticationStep[]{authStep}); + inboundAuthenticationRequestConfigs[0] = inboundAuthenticationRequestConfig; + inboundAuthenticationRequestConfigs[1] = samlAuthenticationRequest; inboundAuthenticationConfig .setInboundAuthenticationRequestConfigs(inboundAuthenticationRequestConfigs); createdServiceProvider.setInboundAuthenticationConfig(inboundAuthenticationConfig); + createdServiceProvider.setLocalAndOutBoundAuthenticationConfig(localOutboundAuthConfig); // Update the Service Provider app to add OAuthApp as an Inbound Authentication Config appMgtService.updateApplication(createdServiceProvider); @@ -221,6 +274,7 @@ public class DynamicClientRegistrationImpl implements DynamicClientRegistrationS oAuthApplicationInfo.addParameter( ApplicationConstants.ClientMetadata.OAUTH_CLIENT_GRANT, createdApp.getGrantTypes()); + return oAuthApplicationInfo; } catch (IdentityApplicationManagementException e) { throw new DynamicClientRegistrationException( @@ -234,6 +288,11 @@ public class DynamicClientRegistrationImpl implements DynamicClientRegistrationS } } + protected Registry getConfigSystemRegistry() { + return (Registry)PrivilegedCarbonContext.getThreadLocalCarbonContext(). + getRegistry(RegistryType.SYSTEM_CONFIGURATION); + } + @Override public boolean unregisterOAuthApplication(String userId, String applicationName, String consumerKey) @@ -250,7 +309,7 @@ public class DynamicClientRegistrationImpl implements DynamicClientRegistrationS if (userId == null || userId.isEmpty()) { throw new DynamicClientRegistrationException( "Error occurred while unregistering Application: userId cannot " + - "be null/empty"); + "be null/empty"); } try { OAuthAdminService oAuthAdminService = new OAuthAdminService(); @@ -260,7 +319,7 @@ public class DynamicClientRegistrationImpl implements DynamicClientRegistrationS if (oAuthConsumerAppDTO == null) { throw new DynamicClientRegistrationException( "Couldn't retrieve OAuth Consumer Application associated with the " + - "given consumer key: " + consumerKey); + "given consumer key: " + consumerKey); } oAuthAdminService.removeOAuthApplicationData(consumerKey); @@ -269,7 +328,7 @@ public class DynamicClientRegistrationImpl implements DynamicClientRegistrationS if (appMgtService == null) { throw new IllegalStateException( "Error occurred while retrieving Application Management" + - "Service"); + "Service"); } ServiceProvider createdServiceProvider = appMgtService.getApplication(applicationName); @@ -299,7 +358,7 @@ public class DynamicClientRegistrationImpl implements DynamicClientRegistrationS if (appMgtService == null) { throw new IllegalStateException( "Error occurred while retrieving Application Management" + - "Service"); + "Service"); } try { if (appMgtService.getApplication(applicationName) != null) { diff --git a/pom.xml b/pom.xml index ce2f4a193fb..af165f29196 100644 --- a/pom.xml +++ b/pom.xml @@ -935,6 +935,11 @@ org.wso2.carbon.identity.oauth ${carbon.identity.version} + + org.wso2.carbon.identity + org.wso2.carbon.identity.sso.saml + ${carbon.identity.version} + com.googlecode.json-simple.wso2 json-simple