Implemented permission-scope mapping for IoTs

4.x.x
Milan Perera 8 years ago
parent dd353e1bfb
commit 36ee55f493

@ -134,6 +134,7 @@ public class AnnotationProcessor {
try { try {
clazz = classLoader.loadClass(className); clazz = classLoader.loadClass(className);
Annotation swaggerDefinition = clazz.getAnnotation(apiClazz); Annotation swaggerDefinition = clazz.getAnnotation(apiClazz);
Annotation Scopes = clazz.getAnnotation(scopesClass);
List<APIResource> resourceList; List<APIResource> resourceList;
if (swaggerDefinition != null) { if (swaggerDefinition != null) {
if (log.isDebugEnabled()) { if (log.isDebugEnabled()) {
@ -141,7 +142,9 @@ public class AnnotationProcessor {
} }
try { try {
apiResourceConfig = processAPIAnnotation(swaggerDefinition); apiResourceConfig = processAPIAnnotation(swaggerDefinition);
apiScopes = processAPIScopes(swaggerDefinition); if (Scopes != null) {
apiScopes = processAPIScopes(Scopes);
}
if(apiResourceConfig != null){ if(apiResourceConfig != null){
String rootContext = servletContext.getContextPath(); String rootContext = servletContext.getContextPath();
pathClazzMethods = pathClazz.getMethods(); pathClazzMethods = pathClazz.getMethods();
@ -214,7 +217,7 @@ public class AnnotationProcessor {
aggregatedPermissions.append(permission); aggregatedPermissions.append(permission);
aggregatedPermissions.append(" "); aggregatedPermissions.append(" ");
} }
scope.setRoles(aggregatedPermissions.toString()); scope.setRoles(aggregatedPermissions.toString().trim());
scopes.put(scope.getKey(), scope); scopes.put(scope.getKey(), scope);
} }
return scopes; return scopes;

@ -19,9 +19,12 @@
package org.wso2.carbon.device.mgt.jaxrs.service.api.admin; package org.wso2.carbon.device.mgt.jaxrs.service.api.admin;
import io.swagger.annotations.*; import io.swagger.annotations.*;
import org.wso2.carbon.apimgt.annotations.api.*;
import org.wso2.carbon.apimgt.annotations.api.Scope;
import org.wso2.carbon.device.mgt.common.operation.mgt.Activity; import org.wso2.carbon.device.mgt.common.operation.mgt.Activity;
import org.wso2.carbon.device.mgt.jaxrs.beans.ApplicationWrapper; import org.wso2.carbon.device.mgt.jaxrs.beans.ApplicationWrapper;
import org.wso2.carbon.device.mgt.jaxrs.beans.ErrorResponse; import org.wso2.carbon.device.mgt.jaxrs.beans.ErrorResponse;
import org.wso2.carbon.device.mgt.jaxrs.util.Constants;
import javax.ws.rs.Consumes; import javax.ws.rs.Consumes;
import javax.ws.rs.POST; import javax.ws.rs.POST;
@ -49,6 +52,16 @@ import javax.ws.rs.core.Response;
@Api(value = "Application Management Administrative Service", description = "This an API intended to be used by " + @Api(value = "Application Management Administrative Service", description = "This an API intended to be used by " +
"'internal' components to log in as an admin user and do a selected number of operations. " + "'internal' components to log in as an admin user and do a selected number of operations. " +
"Further, this is strictly restricted to admin users only ") "Further, this is strictly restricted to admin users only ")
@Scopes(
scopes = {
@Scope(
name = "Manage application",
description = "",
key = "cdmf:manage-application",
permissions = {"/device-mgt/applications/manage"}
)
}
)
@Produces(MediaType.APPLICATION_JSON) @Produces(MediaType.APPLICATION_JSON)
@Consumes(MediaType.APPLICATION_JSON) @Consumes(MediaType.APPLICATION_JSON)
public interface ApplicationManagementAdminService { public interface ApplicationManagementAdminService {
@ -63,12 +76,10 @@ public interface ApplicationManagementAdminService {
notes = "This is an internal API that can be used to install an application on a device.", notes = "This is an internal API that can be used to install an application on a device.",
response = Activity.class, response = Activity.class,
tags = "Application Management Administrative Service", tags = "Application Management Administrative Service",
authorizations = { extensions = {
@Authorization( @Extension(properties = {
value="permission", @ExtensionProperty(name = Constants.SCOPE, value = "cdmf:manage-application")
scopes = { @AuthorizationScope(scope = "/device-mgt/applications/manage", description })
= "Install/Uninstall applications") }
)
} }
) )
@ApiResponses(value = { @ApiResponses(value = {
@ -109,12 +120,10 @@ public interface ApplicationManagementAdminService {
notes = "This is an internal API that can be used to uninstall an application.", notes = "This is an internal API that can be used to uninstall an application.",
response = Activity.class, response = Activity.class,
tags = "Application Management Administrative Service", tags = "Application Management Administrative Service",
authorizations = { extensions = {
@Authorization( @Extension(properties = {
value="permission", @ExtensionProperty(name = Constants.SCOPE, value = "cdmf:manage-application")
scopes = { @AuthorizationScope(scope = "/device-mgt/applications/manage", description })
= "Install/Uninstall applications") }
)
} }
) )
@ApiResponses(value = { @ApiResponses(value = {

@ -31,8 +31,11 @@ import io.swagger.annotations.ApiParam;
import io.swagger.annotations.ApiResponse; import io.swagger.annotations.ApiResponse;
import io.swagger.annotations.ApiResponses; import io.swagger.annotations.ApiResponses;
import io.swagger.annotations.ResponseHeader; import io.swagger.annotations.ResponseHeader;
import org.wso2.carbon.apimgt.annotations.api.Scope;
import org.wso2.carbon.apimgt.annotations.api.Scopes;
import org.wso2.carbon.device.mgt.common.Device; import org.wso2.carbon.device.mgt.common.Device;
import org.wso2.carbon.device.mgt.jaxrs.beans.ErrorResponse; import org.wso2.carbon.device.mgt.jaxrs.beans.ErrorResponse;
import org.wso2.carbon.device.mgt.jaxrs.util.Constants;
import javax.validation.constraints.Size; import javax.validation.constraints.Size;
import javax.ws.rs.*; import javax.ws.rs.*;
@ -60,6 +63,16 @@ import javax.ws.rs.core.Response;
"Further, this is strictly restricted to admin users only ") "Further, this is strictly restricted to admin users only ")
@Produces(MediaType.APPLICATION_JSON) @Produces(MediaType.APPLICATION_JSON)
@Consumes(MediaType.APPLICATION_JSON) @Consumes(MediaType.APPLICATION_JSON)
@Scopes(
scopes = {
@Scope(
name = "Manage device",
description = "",
key = "cdmf:manage-own-device",
permissions = {"/device-mgt/devices/owning-device/view"}
)
}
)
public interface DeviceManagementAdminService { public interface DeviceManagementAdminService {
@GET @GET
@ -71,12 +84,10 @@ public interface DeviceManagementAdminService {
response = Device.class, response = Device.class,
responseContainer = "List", responseContainer = "List",
tags = "Device Management Administrative Service", tags = "Device Management Administrative Service",
authorizations = { extensions = {
@Authorization( @Extension(properties = {
value="permission", @ExtensionProperty(name = Constants.SCOPE, value = "cdmf:manage-own-device")
scopes = { @AuthorizationScope(scope = "/device-mgt/devices/owning-device/view", description })
= "View Devices") }
)
} }
) )
@ApiResponses(value = { @ApiResponses(value = {

@ -33,8 +33,11 @@ import io.swagger.annotations.ApiResponse;
import io.swagger.annotations.ApiResponses; import io.swagger.annotations.ApiResponses;
import io.swagger.annotations.ResponseHeader; import io.swagger.annotations.ResponseHeader;
import org.apache.axis2.transport.http.HTTPConstants; import org.apache.axis2.transport.http.HTTPConstants;
import org.wso2.carbon.apimgt.annotations.api.Scope;
import org.wso2.carbon.apimgt.annotations.api.Scopes;
import org.wso2.carbon.device.mgt.jaxrs.beans.DeviceGroupList; import org.wso2.carbon.device.mgt.jaxrs.beans.DeviceGroupList;
import org.wso2.carbon.device.mgt.jaxrs.beans.ErrorResponse; import org.wso2.carbon.device.mgt.jaxrs.beans.ErrorResponse;
import org.wso2.carbon.device.mgt.jaxrs.util.Constants;
import javax.ws.rs.*; import javax.ws.rs.*;
import javax.ws.rs.core.MediaType; import javax.ws.rs.core.MediaType;
@ -61,6 +64,16 @@ import javax.ws.rs.core.Response;
@Api(value = "Group Management Administrative Service", description = "This an API intended to be used by " + @Api(value = "Group Management Administrative Service", description = "This an API intended to be used by " +
"'internal' components to log in as an admin user and do a selected number of operations. " + "'internal' components to log in as an admin user and do a selected number of operations. " +
"Further, this is strictly restricted to admin users only ") "Further, this is strictly restricted to admin users only ")
@Scopes(
scopes = {
@Scope(
name = "View groups",
description = "",
key = "cdmf:view-groups",
permissions = {"/device-mgt/admin/groups/view"}
)
}
)
public interface GroupManagementAdminService { public interface GroupManagementAdminService {
@GET @GET
@ -70,12 +83,10 @@ public interface GroupManagementAdminService {
value = "Get the list of groups.", value = "Get the list of groups.",
notes = "Returns all groups enrolled with the system.", notes = "Returns all groups enrolled with the system.",
tags = "Device Group Management", tags = "Device Group Management",
authorizations = { extensions = {
@Authorization( @Extension(properties = {
value="permission", @ExtensionProperty(name = Constants.SCOPE, value = "cdmf:view-groups")
scopes = { @AuthorizationScope(scope = "/device-mgt/admin/groups/view", description })
= "View Groups") }
)
} }
) )
@ApiResponses(value = { @ApiResponses(value = {

@ -150,7 +150,10 @@ public class AnnotationProcessor {
try { try {
clazz = classLoader.loadClass(className); clazz = classLoader.loadClass(className);
Annotation apiAnno = clazz.getAnnotation(apiClazz); Annotation apiAnno = clazz.getAnnotation(apiClazz);
apiScopes = processAPIScopes(apiAnno); Annotation scopesAnno = clazz.getAnnotation(scopesClass);
if (scopesAnno != null) {
apiScopes = processAPIScopes(scopesAnno);
}
List<Permission> resourceList; List<Permission> resourceList;
if (apiAnno != null) { if (apiAnno != null) {
if (log.isDebugEnabled()) { if (log.isDebugEnabled()) {

@ -1812,7 +1812,7 @@
<!-- Carbon Identity --> <!-- Carbon Identity -->
<carbon.identity.framework.version>5.2.2</carbon.identity.framework.version> <carbon.identity.framework.version>5.2.2</carbon.identity.framework.version>
<identity.inbound.auth.oauth.version>5.2.7</identity.inbound.auth.oauth.version> <identity.inbound.auth.oauth.version>5.1.1</identity.inbound.auth.oauth.version>
<identity.inbound.auth.saml.version>5.1.1</identity.inbound.auth.saml.version> <identity.inbound.auth.saml.version>5.1.1</identity.inbound.auth.saml.version>
<!-- Carbon Multi-tenancy --> <!-- Carbon Multi-tenancy -->
@ -1837,7 +1837,7 @@
<commons-lang.wso2.osgi.version.range>[2.6.0,3.0.0)</commons-lang.wso2.osgi.version.range> <commons-lang.wso2.osgi.version.range>[2.6.0,3.0.0)</commons-lang.wso2.osgi.version.range>
<!-- Carbon API Management --> <!-- Carbon API Management -->
<carbon.api.mgt.version>6.1.2-SNAPSHOT</carbon.api.mgt.version> <carbon.api.mgt.version>6.0.6-SNAPSHOT</carbon.api.mgt.version>
<carbon.api.mgt.version.range>(5.0.0,7.0.0]</carbon.api.mgt.version.range> <carbon.api.mgt.version.range>(5.0.0,7.0.0]</carbon.api.mgt.version.range>
<!-- Carbon Analytics Commons --> <!-- Carbon Analytics Commons -->

Loading…
Cancel
Save