Implemented permission-scope mapping for IoTs

4.x.x
Milan Perera 8 years ago
parent dd353e1bfb
commit 36ee55f493

@ -134,6 +134,7 @@ public class AnnotationProcessor {
try {
clazz = classLoader.loadClass(className);
Annotation swaggerDefinition = clazz.getAnnotation(apiClazz);
Annotation Scopes = clazz.getAnnotation(scopesClass);
List<APIResource> resourceList;
if (swaggerDefinition != null) {
if (log.isDebugEnabled()) {
@ -141,7 +142,9 @@ public class AnnotationProcessor {
}
try {
apiResourceConfig = processAPIAnnotation(swaggerDefinition);
apiScopes = processAPIScopes(swaggerDefinition);
if (Scopes != null) {
apiScopes = processAPIScopes(Scopes);
}
if(apiResourceConfig != null){
String rootContext = servletContext.getContextPath();
pathClazzMethods = pathClazz.getMethods();
@ -214,7 +217,7 @@ public class AnnotationProcessor {
aggregatedPermissions.append(permission);
aggregatedPermissions.append(" ");
}
scope.setRoles(aggregatedPermissions.toString());
scope.setRoles(aggregatedPermissions.toString().trim());
scopes.put(scope.getKey(), scope);
}
return scopes;

@ -19,9 +19,12 @@
package org.wso2.carbon.device.mgt.jaxrs.service.api.admin;
import io.swagger.annotations.*;
import org.wso2.carbon.apimgt.annotations.api.*;
import org.wso2.carbon.apimgt.annotations.api.Scope;
import org.wso2.carbon.device.mgt.common.operation.mgt.Activity;
import org.wso2.carbon.device.mgt.jaxrs.beans.ApplicationWrapper;
import org.wso2.carbon.device.mgt.jaxrs.beans.ErrorResponse;
import org.wso2.carbon.device.mgt.jaxrs.util.Constants;
import javax.ws.rs.Consumes;
import javax.ws.rs.POST;
@ -49,6 +52,16 @@ import javax.ws.rs.core.Response;
@Api(value = "Application Management Administrative Service", description = "This an API intended to be used by " +
"'internal' components to log in as an admin user and do a selected number of operations. " +
"Further, this is strictly restricted to admin users only ")
@Scopes(
scopes = {
@Scope(
name = "Manage application",
description = "",
key = "cdmf:manage-application",
permissions = {"/device-mgt/applications/manage"}
)
}
)
@Produces(MediaType.APPLICATION_JSON)
@Consumes(MediaType.APPLICATION_JSON)
public interface ApplicationManagementAdminService {
@ -63,12 +76,10 @@ public interface ApplicationManagementAdminService {
notes = "This is an internal API that can be used to install an application on a device.",
response = Activity.class,
tags = "Application Management Administrative Service",
authorizations = {
@Authorization(
value="permission",
scopes = { @AuthorizationScope(scope = "/device-mgt/applications/manage", description
= "Install/Uninstall applications") }
)
extensions = {
@Extension(properties = {
@ExtensionProperty(name = Constants.SCOPE, value = "cdmf:manage-application")
})
}
)
@ApiResponses(value = {
@ -109,12 +120,10 @@ public interface ApplicationManagementAdminService {
notes = "This is an internal API that can be used to uninstall an application.",
response = Activity.class,
tags = "Application Management Administrative Service",
authorizations = {
@Authorization(
value="permission",
scopes = { @AuthorizationScope(scope = "/device-mgt/applications/manage", description
= "Install/Uninstall applications") }
)
extensions = {
@Extension(properties = {
@ExtensionProperty(name = Constants.SCOPE, value = "cdmf:manage-application")
})
}
)
@ApiResponses(value = {

@ -31,8 +31,11 @@ import io.swagger.annotations.ApiParam;
import io.swagger.annotations.ApiResponse;
import io.swagger.annotations.ApiResponses;
import io.swagger.annotations.ResponseHeader;
import org.wso2.carbon.apimgt.annotations.api.Scope;
import org.wso2.carbon.apimgt.annotations.api.Scopes;
import org.wso2.carbon.device.mgt.common.Device;
import org.wso2.carbon.device.mgt.jaxrs.beans.ErrorResponse;
import org.wso2.carbon.device.mgt.jaxrs.util.Constants;
import javax.validation.constraints.Size;
import javax.ws.rs.*;
@ -60,6 +63,16 @@ import javax.ws.rs.core.Response;
"Further, this is strictly restricted to admin users only ")
@Produces(MediaType.APPLICATION_JSON)
@Consumes(MediaType.APPLICATION_JSON)
@Scopes(
scopes = {
@Scope(
name = "Manage device",
description = "",
key = "cdmf:manage-own-device",
permissions = {"/device-mgt/devices/owning-device/view"}
)
}
)
public interface DeviceManagementAdminService {
@GET
@ -71,12 +84,10 @@ public interface DeviceManagementAdminService {
response = Device.class,
responseContainer = "List",
tags = "Device Management Administrative Service",
authorizations = {
@Authorization(
value="permission",
scopes = { @AuthorizationScope(scope = "/device-mgt/devices/owning-device/view", description
= "View Devices") }
)
extensions = {
@Extension(properties = {
@ExtensionProperty(name = Constants.SCOPE, value = "cdmf:manage-own-device")
})
}
)
@ApiResponses(value = {

@ -33,8 +33,11 @@ import io.swagger.annotations.ApiResponse;
import io.swagger.annotations.ApiResponses;
import io.swagger.annotations.ResponseHeader;
import org.apache.axis2.transport.http.HTTPConstants;
import org.wso2.carbon.apimgt.annotations.api.Scope;
import org.wso2.carbon.apimgt.annotations.api.Scopes;
import org.wso2.carbon.device.mgt.jaxrs.beans.DeviceGroupList;
import org.wso2.carbon.device.mgt.jaxrs.beans.ErrorResponse;
import org.wso2.carbon.device.mgt.jaxrs.util.Constants;
import javax.ws.rs.*;
import javax.ws.rs.core.MediaType;
@ -61,6 +64,16 @@ import javax.ws.rs.core.Response;
@Api(value = "Group Management Administrative Service", description = "This an API intended to be used by " +
"'internal' components to log in as an admin user and do a selected number of operations. " +
"Further, this is strictly restricted to admin users only ")
@Scopes(
scopes = {
@Scope(
name = "View groups",
description = "",
key = "cdmf:view-groups",
permissions = {"/device-mgt/admin/groups/view"}
)
}
)
public interface GroupManagementAdminService {
@GET
@ -70,12 +83,10 @@ public interface GroupManagementAdminService {
value = "Get the list of groups.",
notes = "Returns all groups enrolled with the system.",
tags = "Device Group Management",
authorizations = {
@Authorization(
value="permission",
scopes = { @AuthorizationScope(scope = "/device-mgt/admin/groups/view", description
= "View Groups") }
)
extensions = {
@Extension(properties = {
@ExtensionProperty(name = Constants.SCOPE, value = "cdmf:view-groups")
})
}
)
@ApiResponses(value = {

@ -150,7 +150,10 @@ public class AnnotationProcessor {
try {
clazz = classLoader.loadClass(className);
Annotation apiAnno = clazz.getAnnotation(apiClazz);
apiScopes = processAPIScopes(apiAnno);
Annotation scopesAnno = clazz.getAnnotation(scopesClass);
if (scopesAnno != null) {
apiScopes = processAPIScopes(scopesAnno);
}
List<Permission> resourceList;
if (apiAnno != null) {
if (log.isDebugEnabled()) {

@ -1812,7 +1812,7 @@
<!-- Carbon Identity -->
<carbon.identity.framework.version>5.2.2</carbon.identity.framework.version>
<identity.inbound.auth.oauth.version>5.2.7</identity.inbound.auth.oauth.version>
<identity.inbound.auth.oauth.version>5.1.1</identity.inbound.auth.oauth.version>
<identity.inbound.auth.saml.version>5.1.1</identity.inbound.auth.saml.version>
<!-- Carbon Multi-tenancy -->
@ -1837,7 +1837,7 @@
<commons-lang.wso2.osgi.version.range>[2.6.0,3.0.0)</commons-lang.wso2.osgi.version.range>
<!-- Carbon API Management -->
<carbon.api.mgt.version>6.1.2-SNAPSHOT</carbon.api.mgt.version>
<carbon.api.mgt.version>6.0.6-SNAPSHOT</carbon.api.mgt.version>
<carbon.api.mgt.version.range>(5.0.0,7.0.0]</carbon.api.mgt.version.range>
<!-- Carbon Analytics Commons -->

Loading…
Cancel
Save