Added scope validator and refactored code

components/device-mgt/org.wso2.carbon.device.mgt.common/src/main/java/org/wso2/carbon/device/mgt/common/permission/mgt/Permission.java

@@ -55,7 +55,7 @@ public class Permission {
         return scope;
     }
 
-    @XmlElement(name = "scope", required = true)
+    @XmlElement(name = "scope", required = false)
 	public void setScope(String scope) {
 		this.scope = scope;
 	}

components/device-mgt/org.wso2.carbon.device.mgt.common/src/main/java/org/wso2/carbon/device/mgt/common/permission/mgt/PermissionManagementException.java

@@ -17,6 +17,9 @@
  */
 package org.wso2.carbon.device.mgt.common.permission.mgt;
 
+/**
+ * Custom exception class of Permission related operations.
+ */
 public class PermissionManagementException extends Exception {
 
     private static final long serialVersionUID = -3151279311929070298L;

components/device-mgt/org.wso2.carbon.device.mgt.core/src/main/java/org/wso2/carbon/device/mgt/core/config/permission/lifecycle/WebAppDeploymentLifecycleListener.java

@@ -26,7 +26,7 @@ import org.apache.commons.logging.Log;
 import org.apache.commons.logging.LogFactory;
 import org.wso2.carbon.device.mgt.common.permission.mgt.PermissionManagementException;
 import org.wso2.carbon.device.mgt.core.config.permission.PermissionConfiguration;
-import org.wso2.carbon.device.mgt.core.permission.mgt.RegistryBasedPermissionManagerServiceImpl;
+import org.wso2.carbon.device.mgt.core.permission.mgt.PermissionManagerServiceImpl;
 
 import javax.servlet.ServletContext;
 import javax.xml.bind.JAXBContext;
@@ -35,6 +35,10 @@ import javax.xml.bind.Unmarshaller;
 import java.io.File;
 import java.io.InputStream;
 
+/**
+ * This listener class will initiate the permission addition of permissions defined in
+ * permission.xml of any web-app.
+ */
 @SuppressWarnings("unused")
 public class WebAppDeploymentLifecycleListener implements LifecycleListener {
 
@@ -56,7 +60,7 @@ public class WebAppDeploymentLifecycleListener implements LifecycleListener {
 							unmarshaller.unmarshal(permissionStream);
 					if (permissionConfiguration != null &&
 					    permissionConfiguration.getPermissions() != null) {
-						RegistryBasedPermissionManagerServiceImpl.getInstance().addPermissions(
+						PermissionManagerServiceImpl.getInstance().addPermissions(
 								permissionConfiguration.getPermissions());
 					}
 				}

components/device-mgt/org.wso2.carbon.device.mgt.core/src/main/java/org/wso2/carbon/device/mgt/core/internal/DeviceManagementServiceComponent.java

@@ -45,7 +45,7 @@ import org.wso2.carbon.device.mgt.core.notification.mgt.NotificationManagementSe
 import org.wso2.carbon.device.mgt.core.notification.mgt.dao.NotificationManagementDAOFactory;
 import org.wso2.carbon.device.mgt.core.operation.mgt.OperationManagerImpl;
 import org.wso2.carbon.device.mgt.core.operation.mgt.dao.OperationManagementDAOFactory;
-import org.wso2.carbon.device.mgt.core.permission.mgt.RegistryBasedPermissionManagerServiceImpl;
+import org.wso2.carbon.device.mgt.core.permission.mgt.PermissionManagerServiceImpl;
 import org.wso2.carbon.device.mgt.core.service.DeviceManagementProviderService;
 import org.wso2.carbon.device.mgt.core.service.DeviceManagementProviderServiceImpl;
 import org.wso2.carbon.device.mgt.core.util.DeviceManagementSchemaInitializer;
@@ -191,7 +191,7 @@ public class DeviceManagementServiceComponent {
 
         /* Registering PermissionManager Service */
         PermissionManagerService permissionManagerService
-                = RegistryBasedPermissionManagerServiceImpl.getInstance();
+                = PermissionManagerServiceImpl.getInstance();
         bundleContext.registerService(PermissionManagerService.class.getName(), permissionManagerService, null);
 
 	     /* Registering App Management service */

components/device-mgt/org.wso2.carbon.device.mgt.core/src/main/java/org/wso2/carbon/device/mgt/core/permission/mgt/PermissionManagerServiceImpl.java

@@ -29,21 +29,21 @@ import java.util.Properties;
  * This class will add, update custom permissions defined in permission.xml in webapps and it will
  * use Registry as the persistence storage.
  */
-public class RegistryBasedPermissionManagerServiceImpl implements PermissionManagerService {
+public class PermissionManagerServiceImpl implements PermissionManagerService {
 
     public static final String URL_PROPERTY = "URL";
     public static final String HTTP_METHOD_PROPERTY = "HTTP_METHOD";
-    private static RegistryBasedPermissionManagerServiceImpl registryBasedPermissionManager;
+    private static PermissionManagerServiceImpl registryBasedPermissionManager;
     private static PermissionTree permissionTree; // holds the permissions at runtime.
 
-    private RegistryBasedPermissionManagerServiceImpl() {
+    private PermissionManagerServiceImpl() {
     }
 
-    public static RegistryBasedPermissionManagerServiceImpl getInstance() {
+    public static PermissionManagerServiceImpl getInstance() {
         if (registryBasedPermissionManager == null) {
-            synchronized (RegistryBasedPermissionManagerServiceImpl.class) {
+            synchronized (PermissionManagerServiceImpl.class) {
                 if (registryBasedPermissionManager == null) {
-                    registryBasedPermissionManager = new RegistryBasedPermissionManagerServiceImpl();
+                    registryBasedPermissionManager = new PermissionManagerServiceImpl();
                     permissionTree = new PermissionTree();
                 }
             }

components/device-mgt/org.wso2.carbon.device.mgt.core/src/main/java/org/wso2/carbon/device/mgt/core/permission/mgt/PermissionUtils.java

@@ -31,6 +31,7 @@ import org.wso2.carbon.registry.core.Registry;
 import javax.xml.parsers.DocumentBuilder;
 import javax.xml.parsers.DocumentBuilderFactory;
 import java.io.File;
+import java.util.StringTokenizer;
 
 /**
  * Utility class which holds necessary utility methods required for persisting permissions in
@@ -71,12 +72,16 @@ public class PermissionUtils {
 			throws PermissionManagementException {
 		boolean status;
 		try {
-			Resource resource = PermissionUtils.getGovernanceRegistry().newCollection();
+			StringTokenizer tokenizer = new StringTokenizer(permission.getPath(), "/");
-			resource.addProperty(PERMISSION_PROPERTY_NAME, permission.getName());
+			String lastToken = "", currentToken, tempPath;
-			PermissionUtils.getGovernanceRegistry().beginTransaction();
+			while(tokenizer.hasMoreTokens()){
-			PermissionUtils.getGovernanceRegistry().put(ADMIN_PERMISSION_REGISTRY_PATH +
+				currentToken = tokenizer.nextToken();
-			                                         permission.getPath(), resource);
+				tempPath = lastToken + "/" + currentToken;
-			PermissionUtils.getGovernanceRegistry().commitTransaction();
+				if(!checkResourceExists(tempPath)){
+                    createRegistryCollection(tempPath, currentToken.substring(0));
+				}
+				lastToken = tempPath;
+			}
 			status = true;
 		} catch (RegistryException e) {
 			throw new PermissionManagementException(
@@ -86,10 +91,21 @@ public class PermissionUtils {
 		return status;
 	}
 
-	public static boolean checkPermissionExistence(Permission permission)
+	public static void createRegistryCollection(String path, String resourceName)
+			throws PermissionManagementException,
+			       RegistryException {
+		Resource resource = PermissionUtils.getGovernanceRegistry().newCollection();
+		resource.addProperty(PERMISSION_PROPERTY_NAME, resourceName);
+		PermissionUtils.getGovernanceRegistry().beginTransaction();
+		PermissionUtils.getGovernanceRegistry().put(ADMIN_PERMISSION_REGISTRY_PATH +
+		                                            path, resource);
+		PermissionUtils.getGovernanceRegistry().commitTransaction();
+	}
+
+	public static boolean checkResourceExists(String path)
 			throws PermissionManagementException,
 			       org.wso2.carbon.registry.core.exceptions.RegistryException {
-		return PermissionUtils.getGovernanceRegistry().resourceExists(permission.getPath());
+		return PermissionUtils.getGovernanceRegistry().resourceExists(path);
 	}
 
 	public static Document convertToDocument(File file) throws PermissionManagementException {

components/identity-extensions/dynamic-client-registration/org.wso2.carbon.dynamic.client.web.app.registration/src/main/java/org/wso2/carbon/dynamic/client/web/app/registration/DynamicRegistrationManager.java

@@ -123,8 +123,8 @@ public class DynamicRegistrationManager {
             //Check whether this is an already registered application
             if (!dynamicRegistrationManager.isRegisteredOAuthApplication(webAppName)) {
                 //Construct the RegistrationProfile
-                registrationProfile = DynamicClientWebAppRegistrationUtil
+                registrationProfile = DynamicClientWebAppRegistrationUtil.
-                        .constructRegistrationProfile(servletContext, webAppName);
+                                           constructRegistrationProfile(servletContext, webAppName);
                 //Register the OAuth application
                 oAuthApp = dynamicRegistrationManager.registerOAuthApplication(
                         registrationProfile);

components/identity-extensions/org.wso2.carbon.device.mgt.oauth.extensions/src/main/java/org/wso2/carbon/device/mgt/oauth/extensions/OAuthExtensionsUtils.java

@@ -1,63 +0,0 @@
-/*
- * Copyright (c) 2015, WSO2 Inc. (http://www.wso2.org) All Rights Reserved.
- *
- * WSO2 Inc. licenses this file to you under the Apache License,
- * Version 2.0 (the "License"); you may not use this file except
- * in compliance with the License.
- * you may obtain a copy of the License at
- *
- *   http://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing,
- * software distributed under the License is distributed on an
- * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
- * KIND, either express or implied.  See the License for the
- * specific language governing permissions and limitations
- * under the License.
- */
-
-package org.wso2.carbon.device.mgt.oauth.extensions;
-
-import org.wso2.carbon.device.mgt.oauth.extensions.internal.OAuthExtensionsDataHolder;
-import org.wso2.carbon.user.api.AuthorizationManager;
-import org.wso2.carbon.user.api.UserStoreException;
-import org.wso2.carbon.user.api.UserStoreManager;
-import org.wso2.carbon.user.core.service.RealmService;
-
-/**
- * Created by harshan on 10/2/15.
- */
-public class OAuthExtensionsUtils {
-
-    public static void getRolePermissions(String role){
-        RealmService realmService = OAuthExtensionsDataHolder.getInstance().getRealmService();
-        try {
-           int tenantId = realmService.getTenantManager().getTenantId("tenant-domain");
-           AuthorizationManager
-                   authorizationManager = realmService.getTenantUserRealm(tenantId).getAuthorizationManager();
-          // authorizationManager.is
-        } catch (UserStoreException e) {
-            e.printStackTrace();
-        }
-    }
-
-    public static void getUserPermissions(String userName){
-
-    }
-
-    public static String[] getUserRoles(String userName){
-        RealmService realmService = OAuthExtensionsDataHolder.getInstance().getRealmService();
-        try {
-            int tenantId = realmService.getTenantManager().getTenantId("tenant-domain");
-            UserStoreManager userStoreManager = realmService.getTenantUserRealm(tenantId).getUserStoreManager();
-            return userStoreManager.getRoleListOfUser(userName);
-        } catch (UserStoreException e) {
-            e.printStackTrace();
-        }
-        return new String[0];
-    }
-
-    public static void getScopePermissions(String scopeKey){
-
-    }
-}

components/identity-extensions/org.wso2.carbon.device.mgt.oauth.extensions/src/main/java/org/wso2/carbon/device/mgt/oauth/extensions/handlers/DeviceMgtOAuthCallbackHandler.java

@@ -27,7 +27,8 @@ import javax.security.auth.callback.UnsupportedCallbackException;
 import java.io.IOException;
 
 /**
- * Created by harshan on 10/1/15.
+ * This class represents a Custom OAuthCallback Handler implementation. This should be implemented
+ * if there's any necessity of custom logic to authorize OAuthCallbacks.
  */
 public class DeviceMgtOAuthCallbackHandler  extends AbstractOAuthCallbackHandler {
 
@@ -55,7 +56,7 @@ public class DeviceMgtOAuthCallbackHandler  extends AbstractOAuthCallbackHandler
                 String[] scopes = oauthCallback.getRequestedScope();
                 oauthCallback.setApprovedScope(scopes);
                 oauthCallback.setValidScope(true);
-                //TODO Need to write the necessary logic to validate the scope
+                //Add the necessary logic if we are doing the scope validation upon token issue
             }
         }
 

components/identity-extensions/org.wso2.carbon.device.mgt.oauth.extensions/src/main/java/org/wso2/carbon/device/mgt/oauth/extensions/internal/OAuthExtensionsDataHolder.java

@@ -23,7 +23,7 @@ import org.wso2.carbon.identity.oauth2.OAuth2TokenValidationService;
 import org.wso2.carbon.user.core.service.RealmService;
 
 /**
- * Created by harshan on 10/2/15.
+ * This holds the OSGi service references required for oauth extensions bundle.
  */
 public class OAuthExtensionsDataHolder {
 

components/identity-extensions/org.wso2.carbon.device.mgt.oauth.extensions/src/main/java/org/wso2/carbon/device/mgt/oauth/extensions/validators/OAuth2TokenValidator.java

@@ -1,37 +0,0 @@
-/*
- * Copyright (c) 2015, WSO2 Inc. (http://www.wso2.org) All Rights Reserved.
- *
- * WSO2 Inc. licenses this file to you under the Apache License,
- * Version 2.0 (the "License"); you may not use this file except
- * in compliance with the License.
- * you may obtain a copy of the License at
- *
- *   http://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing,
- * software distributed under the License is distributed on an
- * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
- * KIND, either express or implied.  See the License for the
- * specific language governing permissions and limitations
- * under the License.
- */
-
-package org.wso2.carbon.device.mgt.oauth.extensions.validators;
-
-import org.wso2.carbon.identity.oauth2.IdentityOAuth2Exception;
-import org.wso2.carbon.identity.oauth2.validators.DefaultOAuth2TokenValidator;
-import org.wso2.carbon.identity.oauth2.validators.OAuth2TokenValidationMessageContext;
-
-/**
- * OAuth2 Token validator implementation which supports custom token validation logic specific
- * to MDM.
- */
-public class OAuth2TokenValidator extends DefaultOAuth2TokenValidator {
-
-    @Override
-    public boolean validateAccessToken(
-            OAuth2TokenValidationMessageContext validationReqDTO) throws IdentityOAuth2Exception {
-        //for now there's no specific logic to handle in token validation
-        return true;
-    }
-}

components/identity-extensions/org.wso2.carbon.device.mgt.oauth.extensions/src/main/java/org/wso2/carbon/device/mgt/oauth/extensions/validators/ScopeValidator.java

@@ -28,12 +28,14 @@ import org.wso2.carbon.device.mgt.oauth.extensions.internal.OAuthExtensionsDataH
 import org.wso2.carbon.identity.oauth2.IdentityOAuth2Exception;
 import org.wso2.carbon.identity.oauth2.model.AccessTokenDO;
 import org.wso2.carbon.identity.oauth2.validators.OAuth2ScopeValidator;
+import org.wso2.carbon.user.api.UserRealm;
 import org.wso2.carbon.user.api.UserStoreException;
 
 import java.util.Properties;
 
 /**
- * Custom OAuth2Token Scope validation implementation.
+ * Custom OAuth2Token Scope validation implementation for DeviceManagement. This will validate the
+ * user permissions before dispatching the HTTP request to the actual endpoint.
  */
 public class ScopeValidator extends OAuth2ScopeValidator {
 
@@ -72,6 +74,11 @@ public class ScopeValidator extends OAuth2ScopeValidator {
             status = CarbonContext.getThreadLocalCarbonContext().getUserRealm().
                     getAuthorizationManager().isUserAuthorized(username, permission.getPath(),
                                                                ScopeValidator.PermissionMethod.READ);
+            UserRealm userRealm = CarbonContext.getThreadLocalCarbonContext().getUserRealm();
+            if(userRealm != null && userRealm.getAuthorizationManager() != null){
+                status = userRealm.getAuthorizationManager().isUserAuthorized(username, permission.getPath(),
+                                                                              ScopeValidator.PermissionMethod.READ);
+            }
 
         } catch (PermissionManagementException e) {
             log.error("Error occurred while validating the resource scope for : " + resource +

components/webapp-authenticator-framework/org.wso2.carbon.webapp.authenticator.framework/src/main/java/org/wso2/carbon/webapp/authenticator/framework/authenticator/OAuthAuthenticator.java

@@ -30,6 +30,7 @@ import org.wso2.carbon.identity.base.IdentityException;
 import org.wso2.carbon.identity.core.util.IdentityUtil;
 import org.wso2.carbon.identity.oauth2.dto.OAuth2TokenValidationRequestDTO;
 import org.wso2.carbon.identity.oauth2.dto.OAuth2TokenValidationResponseDTO;
+import org.wso2.carbon.utils.multitenancy.MultitenantUtils;
 import org.wso2.carbon.webapp.authenticator.framework.AuthenticationException;
 import org.wso2.carbon.webapp.authenticator.framework.AuthenticationFrameworkUtil;
 import org.wso2.carbon.webapp.authenticator.framework.Constants;
@@ -122,6 +123,8 @@ public class OAuthAuthenticator implements WebappAuthenticator {
                         PrivilegedCarbonContext.getThreadLocalCarbonContext().setTenantId(
                                 IdentityUtil.getTenantIdOFUser(username));
                         PrivilegedCarbonContext.getThreadLocalCarbonContext().setUsername(username);
+                        PrivilegedCarbonContext.getThreadLocalCarbonContext().setTenantDomain(
+                                MultitenantUtils.getTenantDomain(username));
                     } catch (IdentityException e) {
                         throw new AuthenticationException(
                                 "Error occurred while retrieving the tenant ID of user '" +

components/webapp-authenticator-framework/org.wso2.carbon.webapp.authenticator.framework/src/main/java/org/wso2/carbon/webapp/authenticator/framework/authorizer/PermissionAuthorizer.java

@@ -25,7 +25,7 @@ import org.apache.commons.logging.LogFactory;
 import org.wso2.carbon.context.CarbonContext;
 import org.wso2.carbon.device.mgt.common.permission.mgt.Permission;
 import org.wso2.carbon.device.mgt.common.permission.mgt.PermissionManagementException;
-import org.wso2.carbon.device.mgt.core.permission.mgt.RegistryBasedPermissionManagerServiceImpl;
+import org.wso2.carbon.device.mgt.core.permission.mgt.PermissionManagerServiceImpl;
 import org.wso2.carbon.user.api.UserStoreException;
 import org.wso2.carbon.webapp.authenticator.framework.Constants;
 import org.wso2.carbon.webapp.authenticator.framework.authenticator.WebappAuthenticator;
@@ -49,7 +49,8 @@ public class PermissionAuthorizer {
             return WebappAuthenticator.Status.CONTINUE;
         }
 
-        RegistryBasedPermissionManagerServiceImpl registryBasedPermissionManager = RegistryBasedPermissionManagerServiceImpl.getInstance();
+        PermissionManagerServiceImpl
+                registryBasedPermissionManager = PermissionManagerServiceImpl.getInstance();
         Properties properties = new Properties();
         properties.put("",requestUri);
         properties.put("",requestMethod);