From 36ee55f493d9ea22d21d558ad28aa096beae3656 Mon Sep 17 00:00:00 2001 From: Milan Perera Date: Wed, 14 Dec 2016 08:45:42 +0530 Subject: [PATCH] Implemented permission-scope mapping for IoTs --- .../lifecycle/util/AnnotationProcessor.java | 7 ++-- .../ApplicationManagementAdminService.java | 33 ++++++++++++------- .../admin/DeviceManagementAdminService.java | 23 +++++++++---- .../admin/GroupManagementAdminService.java | 23 +++++++++---- .../permission/AnnotationProcessor.java | 5 ++- pom.xml | 4 +-- 6 files changed, 66 insertions(+), 29 deletions(-) diff --git a/components/apimgt-extensions/org.wso2.carbon.apimgt.webapp.publisher/src/main/java/org/wso2/carbon/apimgt/webapp/publisher/lifecycle/util/AnnotationProcessor.java b/components/apimgt-extensions/org.wso2.carbon.apimgt.webapp.publisher/src/main/java/org/wso2/carbon/apimgt/webapp/publisher/lifecycle/util/AnnotationProcessor.java index 86fe381693..54f1c416d3 100644 --- a/components/apimgt-extensions/org.wso2.carbon.apimgt.webapp.publisher/src/main/java/org/wso2/carbon/apimgt/webapp/publisher/lifecycle/util/AnnotationProcessor.java +++ b/components/apimgt-extensions/org.wso2.carbon.apimgt.webapp.publisher/src/main/java/org/wso2/carbon/apimgt/webapp/publisher/lifecycle/util/AnnotationProcessor.java @@ -134,6 +134,7 @@ public class AnnotationProcessor { try { clazz = classLoader.loadClass(className); Annotation swaggerDefinition = clazz.getAnnotation(apiClazz); + Annotation Scopes = clazz.getAnnotation(scopesClass); List resourceList; if (swaggerDefinition != null) { if (log.isDebugEnabled()) { @@ -141,7 +142,9 @@ public class AnnotationProcessor { } try { apiResourceConfig = processAPIAnnotation(swaggerDefinition); - apiScopes = processAPIScopes(swaggerDefinition); + if (Scopes != null) { + apiScopes = processAPIScopes(Scopes); + } if(apiResourceConfig != null){ String rootContext = servletContext.getContextPath(); pathClazzMethods = pathClazz.getMethods(); @@ -214,7 +217,7 @@ public class AnnotationProcessor { aggregatedPermissions.append(permission); aggregatedPermissions.append(" "); } - scope.setRoles(aggregatedPermissions.toString()); + scope.setRoles(aggregatedPermissions.toString().trim()); scopes.put(scope.getKey(), scope); } return scopes; diff --git a/components/device-mgt/org.wso2.carbon.device.mgt.api/src/main/java/org/wso2/carbon/device/mgt/jaxrs/service/api/admin/ApplicationManagementAdminService.java b/components/device-mgt/org.wso2.carbon.device.mgt.api/src/main/java/org/wso2/carbon/device/mgt/jaxrs/service/api/admin/ApplicationManagementAdminService.java index 6f462837c2..8f49261202 100644 --- a/components/device-mgt/org.wso2.carbon.device.mgt.api/src/main/java/org/wso2/carbon/device/mgt/jaxrs/service/api/admin/ApplicationManagementAdminService.java +++ b/components/device-mgt/org.wso2.carbon.device.mgt.api/src/main/java/org/wso2/carbon/device/mgt/jaxrs/service/api/admin/ApplicationManagementAdminService.java @@ -19,9 +19,12 @@ package org.wso2.carbon.device.mgt.jaxrs.service.api.admin; import io.swagger.annotations.*; +import org.wso2.carbon.apimgt.annotations.api.*; +import org.wso2.carbon.apimgt.annotations.api.Scope; import org.wso2.carbon.device.mgt.common.operation.mgt.Activity; import org.wso2.carbon.device.mgt.jaxrs.beans.ApplicationWrapper; import org.wso2.carbon.device.mgt.jaxrs.beans.ErrorResponse; +import org.wso2.carbon.device.mgt.jaxrs.util.Constants; import javax.ws.rs.Consumes; import javax.ws.rs.POST; @@ -49,6 +52,16 @@ import javax.ws.rs.core.Response; @Api(value = "Application Management Administrative Service", description = "This an API intended to be used by " + "'internal' components to log in as an admin user and do a selected number of operations. " + "Further, this is strictly restricted to admin users only ") +@Scopes( + scopes = { + @Scope( + name = "Manage application", + description = "", + key = "cdmf:manage-application", + permissions = {"/device-mgt/applications/manage"} + ) + } +) @Produces(MediaType.APPLICATION_JSON) @Consumes(MediaType.APPLICATION_JSON) public interface ApplicationManagementAdminService { @@ -63,12 +76,10 @@ public interface ApplicationManagementAdminService { notes = "This is an internal API that can be used to install an application on a device.", response = Activity.class, tags = "Application Management Administrative Service", - authorizations = { - @Authorization( - value="permission", - scopes = { @AuthorizationScope(scope = "/device-mgt/applications/manage", description - = "Install/Uninstall applications") } - ) + extensions = { + @Extension(properties = { + @ExtensionProperty(name = Constants.SCOPE, value = "cdmf:manage-application") + }) } ) @ApiResponses(value = { @@ -109,12 +120,10 @@ public interface ApplicationManagementAdminService { notes = "This is an internal API that can be used to uninstall an application.", response = Activity.class, tags = "Application Management Administrative Service", - authorizations = { - @Authorization( - value="permission", - scopes = { @AuthorizationScope(scope = "/device-mgt/applications/manage", description - = "Install/Uninstall applications") } - ) + extensions = { + @Extension(properties = { + @ExtensionProperty(name = Constants.SCOPE, value = "cdmf:manage-application") + }) } ) @ApiResponses(value = { diff --git a/components/device-mgt/org.wso2.carbon.device.mgt.api/src/main/java/org/wso2/carbon/device/mgt/jaxrs/service/api/admin/DeviceManagementAdminService.java b/components/device-mgt/org.wso2.carbon.device.mgt.api/src/main/java/org/wso2/carbon/device/mgt/jaxrs/service/api/admin/DeviceManagementAdminService.java index 6266a9b737..a2e80bcbf9 100644 --- a/components/device-mgt/org.wso2.carbon.device.mgt.api/src/main/java/org/wso2/carbon/device/mgt/jaxrs/service/api/admin/DeviceManagementAdminService.java +++ b/components/device-mgt/org.wso2.carbon.device.mgt.api/src/main/java/org/wso2/carbon/device/mgt/jaxrs/service/api/admin/DeviceManagementAdminService.java @@ -31,8 +31,11 @@ import io.swagger.annotations.ApiParam; import io.swagger.annotations.ApiResponse; import io.swagger.annotations.ApiResponses; import io.swagger.annotations.ResponseHeader; +import org.wso2.carbon.apimgt.annotations.api.Scope; +import org.wso2.carbon.apimgt.annotations.api.Scopes; import org.wso2.carbon.device.mgt.common.Device; import org.wso2.carbon.device.mgt.jaxrs.beans.ErrorResponse; +import org.wso2.carbon.device.mgt.jaxrs.util.Constants; import javax.validation.constraints.Size; import javax.ws.rs.*; @@ -60,6 +63,16 @@ import javax.ws.rs.core.Response; "Further, this is strictly restricted to admin users only ") @Produces(MediaType.APPLICATION_JSON) @Consumes(MediaType.APPLICATION_JSON) +@Scopes( + scopes = { + @Scope( + name = "Manage device", + description = "", + key = "cdmf:manage-own-device", + permissions = {"/device-mgt/devices/owning-device/view"} + ) + } +) public interface DeviceManagementAdminService { @GET @@ -71,12 +84,10 @@ public interface DeviceManagementAdminService { response = Device.class, responseContainer = "List", tags = "Device Management Administrative Service", - authorizations = { - @Authorization( - value="permission", - scopes = { @AuthorizationScope(scope = "/device-mgt/devices/owning-device/view", description - = "View Devices") } - ) + extensions = { + @Extension(properties = { + @ExtensionProperty(name = Constants.SCOPE, value = "cdmf:manage-own-device") + }) } ) @ApiResponses(value = { diff --git a/components/device-mgt/org.wso2.carbon.device.mgt.api/src/main/java/org/wso2/carbon/device/mgt/jaxrs/service/api/admin/GroupManagementAdminService.java b/components/device-mgt/org.wso2.carbon.device.mgt.api/src/main/java/org/wso2/carbon/device/mgt/jaxrs/service/api/admin/GroupManagementAdminService.java index daffe2a6c5..b5716e9db3 100644 --- a/components/device-mgt/org.wso2.carbon.device.mgt.api/src/main/java/org/wso2/carbon/device/mgt/jaxrs/service/api/admin/GroupManagementAdminService.java +++ b/components/device-mgt/org.wso2.carbon.device.mgt.api/src/main/java/org/wso2/carbon/device/mgt/jaxrs/service/api/admin/GroupManagementAdminService.java @@ -33,8 +33,11 @@ import io.swagger.annotations.ApiResponse; import io.swagger.annotations.ApiResponses; import io.swagger.annotations.ResponseHeader; import org.apache.axis2.transport.http.HTTPConstants; +import org.wso2.carbon.apimgt.annotations.api.Scope; +import org.wso2.carbon.apimgt.annotations.api.Scopes; import org.wso2.carbon.device.mgt.jaxrs.beans.DeviceGroupList; import org.wso2.carbon.device.mgt.jaxrs.beans.ErrorResponse; +import org.wso2.carbon.device.mgt.jaxrs.util.Constants; import javax.ws.rs.*; import javax.ws.rs.core.MediaType; @@ -61,6 +64,16 @@ import javax.ws.rs.core.Response; @Api(value = "Group Management Administrative Service", description = "This an API intended to be used by " + "'internal' components to log in as an admin user and do a selected number of operations. " + "Further, this is strictly restricted to admin users only ") +@Scopes( + scopes = { + @Scope( + name = "View groups", + description = "", + key = "cdmf:view-groups", + permissions = {"/device-mgt/admin/groups/view"} + ) + } +) public interface GroupManagementAdminService { @GET @@ -70,12 +83,10 @@ public interface GroupManagementAdminService { value = "Get the list of groups.", notes = "Returns all groups enrolled with the system.", tags = "Device Group Management", - authorizations = { - @Authorization( - value="permission", - scopes = { @AuthorizationScope(scope = "/device-mgt/admin/groups/view", description - = "View Groups") } - ) + extensions = { + @Extension(properties = { + @ExtensionProperty(name = Constants.SCOPE, value = "cdmf:view-groups") + }) } ) @ApiResponses(value = { diff --git a/components/device-mgt/org.wso2.carbon.device.mgt.core/src/main/java/org/wso2/carbon/device/mgt/core/config/permission/AnnotationProcessor.java b/components/device-mgt/org.wso2.carbon.device.mgt.core/src/main/java/org/wso2/carbon/device/mgt/core/config/permission/AnnotationProcessor.java index c28604fc4c..ee2ebb4c2e 100644 --- a/components/device-mgt/org.wso2.carbon.device.mgt.core/src/main/java/org/wso2/carbon/device/mgt/core/config/permission/AnnotationProcessor.java +++ b/components/device-mgt/org.wso2.carbon.device.mgt.core/src/main/java/org/wso2/carbon/device/mgt/core/config/permission/AnnotationProcessor.java @@ -150,7 +150,10 @@ public class AnnotationProcessor { try { clazz = classLoader.loadClass(className); Annotation apiAnno = clazz.getAnnotation(apiClazz); - apiScopes = processAPIScopes(apiAnno); + Annotation scopesAnno = clazz.getAnnotation(scopesClass); + if (scopesAnno != null) { + apiScopes = processAPIScopes(scopesAnno); + } List resourceList; if (apiAnno != null) { if (log.isDebugEnabled()) { diff --git a/pom.xml b/pom.xml index d3c359fff7..5f59f54b6a 100644 --- a/pom.xml +++ b/pom.xml @@ -1812,7 +1812,7 @@ 5.2.2 - 5.2.7 + 5.1.1 5.1.1 @@ -1837,7 +1837,7 @@ [2.6.0,3.0.0) - 6.1.2-SNAPSHOT + 6.0.6-SNAPSHOT (5.0.0,7.0.0]