forked from community/device-mgt-core
harshanl
9 years ago
commit
648d8ec209
@ -0,0 +1,80 @@
|
|||||||
|
/*
|
||||||
|
* Copyright (c) 2015, WSO2 Inc. (http://www.wso2.org) All Rights Reserved.
|
||||||
|
*
|
||||||
|
* WSO2 Inc. licenses this file to you under the Apache License,
|
||||||
|
* Version 2.0 (the "License"); you may not use this file except
|
||||||
|
* in compliance with the License.
|
||||||
|
* you may obtain a copy of the License at
|
||||||
|
*
|
||||||
|
* http://www.apache.org/licenses/LICENSE-2.0
|
||||||
|
*
|
||||||
|
* Unless required by applicable law or agreed to in writing,
|
||||||
|
* software distributed under the License is distributed on an
|
||||||
|
* "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
|
||||||
|
* KIND, either express or implied. See the License for the
|
||||||
|
* specific language governing permissions and limitations
|
||||||
|
* under the License.
|
||||||
|
*/
|
||||||
|
|
||||||
|
package org.wso2.carbon.device.mgt.common.permission.mgt;
|
||||||
|
|
||||||
|
import javax.xml.bind.annotation.XmlElement;
|
||||||
|
import javax.xml.bind.annotation.XmlRootElement;
|
||||||
|
|
||||||
|
/**
|
||||||
|
* This class represents the information related to permission.
|
||||||
|
*/
|
||||||
|
@XmlRootElement (name = "Permission")
|
||||||
|
public class Permission {
|
||||||
|
|
||||||
|
private String name; // permission name
|
||||||
|
private String path; // permission string
|
||||||
|
private String url; // url of the resource
|
||||||
|
private String method; // http method
|
||||||
|
private String scope; //scope of the resource
|
||||||
|
|
||||||
|
public String getName() {
|
||||||
|
return name;
|
||||||
|
}
|
||||||
|
|
||||||
|
@XmlElement (name = "name", required = true)
|
||||||
|
public void setName(String name) {
|
||||||
|
this.name = name;
|
||||||
|
}
|
||||||
|
|
||||||
|
public String getPath() {
|
||||||
|
return path;
|
||||||
|
}
|
||||||
|
|
||||||
|
@XmlElement (name = "path", required = true)
|
||||||
|
public void setPath(String path) {
|
||||||
|
this.path = path;
|
||||||
|
}
|
||||||
|
|
||||||
|
public String getScope() {
|
||||||
|
return scope;
|
||||||
|
}
|
||||||
|
|
||||||
|
@XmlElement(name = "scope", required = true)
|
||||||
|
public void setScope(String scope) {
|
||||||
|
this.scope = scope;
|
||||||
|
}
|
||||||
|
|
||||||
|
public String getUrl() {
|
||||||
|
return url;
|
||||||
|
}
|
||||||
|
|
||||||
|
@XmlElement (name = "url", required = true)
|
||||||
|
public void setUrl(String url) {
|
||||||
|
this.url = url;
|
||||||
|
}
|
||||||
|
|
||||||
|
public String getMethod() {
|
||||||
|
return method;
|
||||||
|
}
|
||||||
|
|
||||||
|
@XmlElement (name = "method", required = true)
|
||||||
|
public void setMethod(String method) {
|
||||||
|
this.method = method;
|
||||||
|
}
|
||||||
|
}
|
||||||
@ -0,0 +1,57 @@
|
|||||||
|
/*
|
||||||
|
* Copyright (c) 2015, WSO2 Inc. (http://www.wso2.org) All Rights Reserved.
|
||||||
|
*
|
||||||
|
* WSO2 Inc. licenses this file to you under the Apache License,
|
||||||
|
* Version 2.0 (the "License"); you may not use this file except
|
||||||
|
* in compliance with the License.
|
||||||
|
* you may obtain a copy of the License at
|
||||||
|
*
|
||||||
|
* http://www.apache.org/licenses/LICENSE-2.0
|
||||||
|
*
|
||||||
|
* Unless required by applicable law or agreed to in writing,
|
||||||
|
* software distributed under the License is distributed on an
|
||||||
|
* "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
|
||||||
|
* KIND, either express or implied. See the License for the
|
||||||
|
* specific language governing permissions and limitations
|
||||||
|
* under the License.
|
||||||
|
*/
|
||||||
|
package org.wso2.carbon.device.mgt.common.permission.mgt;
|
||||||
|
|
||||||
|
public class PermissionManagementException extends Exception {
|
||||||
|
|
||||||
|
private static final long serialVersionUID = -3151279311929070298L;
|
||||||
|
|
||||||
|
private String errorMessage;
|
||||||
|
|
||||||
|
public String getErrorMessage() {
|
||||||
|
return errorMessage;
|
||||||
|
}
|
||||||
|
|
||||||
|
public void setErrorMessage(String errorMessage) {
|
||||||
|
this.errorMessage = errorMessage;
|
||||||
|
}
|
||||||
|
|
||||||
|
public PermissionManagementException(String msg, Exception nestedEx) {
|
||||||
|
super(msg, nestedEx);
|
||||||
|
setErrorMessage(msg);
|
||||||
|
}
|
||||||
|
|
||||||
|
public PermissionManagementException(String message, Throwable cause) {
|
||||||
|
super(message, cause);
|
||||||
|
setErrorMessage(message);
|
||||||
|
}
|
||||||
|
|
||||||
|
public PermissionManagementException(String msg) {
|
||||||
|
super(msg);
|
||||||
|
setErrorMessage(msg);
|
||||||
|
}
|
||||||
|
|
||||||
|
public PermissionManagementException() {
|
||||||
|
super();
|
||||||
|
}
|
||||||
|
|
||||||
|
public PermissionManagementException(Throwable cause) {
|
||||||
|
super(cause);
|
||||||
|
}
|
||||||
|
|
||||||
|
}
|
||||||
@ -0,0 +1,47 @@
|
|||||||
|
/*
|
||||||
|
* Copyright (c) 2015, WSO2 Inc. (http://www.wso2.org) All Rights Reserved.
|
||||||
|
*
|
||||||
|
* WSO2 Inc. licenses this file to you under the Apache License,
|
||||||
|
* Version 2.0 (the "License"); you may not use this file except
|
||||||
|
* in compliance with the License.
|
||||||
|
* you may obtain a copy of the License at
|
||||||
|
*
|
||||||
|
* http://www.apache.org/licenses/LICENSE-2.0
|
||||||
|
*
|
||||||
|
* Unless required by applicable law or agreed to in writing,
|
||||||
|
* software distributed under the License is distributed on an
|
||||||
|
* "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
|
||||||
|
* KIND, either express or implied. See the License for the
|
||||||
|
* specific language governing permissions and limitations
|
||||||
|
* under the License.
|
||||||
|
*/
|
||||||
|
|
||||||
|
package org.wso2.carbon.device.mgt.common.permission.mgt;
|
||||||
|
|
||||||
|
import java.util.Properties;
|
||||||
|
|
||||||
|
/**
|
||||||
|
* This represents the Permission management functionality which should be implemented by
|
||||||
|
* required PermissionManagers.
|
||||||
|
*/
|
||||||
|
public interface PermissionManagerService {
|
||||||
|
|
||||||
|
/**
|
||||||
|
*
|
||||||
|
* @param permission - Permission to be added
|
||||||
|
* @return The status of the operation.
|
||||||
|
* @throws PermissionManagementException If some unusual behaviour is observed while adding the
|
||||||
|
* permission.
|
||||||
|
*/
|
||||||
|
public boolean addPermission(Permission permission) throws PermissionManagementException;
|
||||||
|
|
||||||
|
/**
|
||||||
|
*
|
||||||
|
* @param properties - Properties of the permission to be fetched.
|
||||||
|
* @return The matched Permission object.
|
||||||
|
* @throws PermissionManagementException If some unusual behaviour is observed while fetching the
|
||||||
|
* permission.
|
||||||
|
*/
|
||||||
|
public Permission getPermission(Properties properties) throws PermissionManagementException;
|
||||||
|
|
||||||
|
}
|
||||||
@ -1,57 +0,0 @@
|
|||||||
/*
|
|
||||||
* Copyright (c) 2015, WSO2 Inc. (http://www.wso2.org) All Rights Reserved.
|
|
||||||
*
|
|
||||||
* WSO2 Inc. licenses this file to you under the Apache License,
|
|
||||||
* Version 2.0 (the "License"); you may not use this file except
|
|
||||||
* in compliance with the License.
|
|
||||||
* you may obtain a copy of the License at
|
|
||||||
*
|
|
||||||
* http://www.apache.org/licenses/LICENSE-2.0
|
|
||||||
*
|
|
||||||
* Unless required by applicable law or agreed to in writing,
|
|
||||||
* software distributed under the License is distributed on an
|
|
||||||
* "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
|
|
||||||
* KIND, either express or implied. See the License for the
|
|
||||||
* specific language governing permissions and limitations
|
|
||||||
* under the License.
|
|
||||||
*/
|
|
||||||
|
|
||||||
package org.wso2.carbon.device.mgt.core.config.permission;
|
|
||||||
|
|
||||||
import javax.xml.bind.annotation.XmlElement;
|
|
||||||
import javax.xml.bind.annotation.XmlRootElement;
|
|
||||||
|
|
||||||
@XmlRootElement(name = "Permission")
|
|
||||||
public class Permission{
|
|
||||||
|
|
||||||
private String name;
|
|
||||||
private String path;
|
|
||||||
private String scope;
|
|
||||||
|
|
||||||
public String getScope() {
|
|
||||||
return scope;
|
|
||||||
}
|
|
||||||
|
|
||||||
@XmlElement(name = "scope", required = true)
|
|
||||||
public void setScope(String scope) {
|
|
||||||
this.scope = scope;
|
|
||||||
}
|
|
||||||
|
|
||||||
public String getName() {
|
|
||||||
return name;
|
|
||||||
}
|
|
||||||
|
|
||||||
@XmlElement(name = "name", required = true)
|
|
||||||
public void setName(String name) {
|
|
||||||
this.name = name;
|
|
||||||
}
|
|
||||||
|
|
||||||
public String getPath() {
|
|
||||||
return path;
|
|
||||||
}
|
|
||||||
|
|
||||||
@XmlElement(name = "path", required = true)
|
|
||||||
public void setPath(String path) {
|
|
||||||
this.path = path;
|
|
||||||
}
|
|
||||||
}
|
|
||||||
@ -1,81 +0,0 @@
|
|||||||
/*
|
|
||||||
* Copyright (c) 2015, WSO2 Inc. (http://www.wso2.org) All Rights Reserved.
|
|
||||||
*
|
|
||||||
* WSO2 Inc. licenses this file to you under the Apache License,
|
|
||||||
* Version 2.0 (the "License"); you may not use this file except
|
|
||||||
* in compliance with the License.
|
|
||||||
* you may obtain a copy of the License at
|
|
||||||
*
|
|
||||||
* http://www.apache.org/licenses/LICENSE-2.0
|
|
||||||
*
|
|
||||||
* Unless required by applicable law or agreed to in writing,
|
|
||||||
* software distributed under the License is distributed on an
|
|
||||||
* "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
|
|
||||||
* KIND, either express or implied. See the License for the
|
|
||||||
* specific language governing permissions and limitations
|
|
||||||
* under the License.
|
|
||||||
*/
|
|
||||||
|
|
||||||
package org.wso2.carbon.device.mgt.core.config.permission;
|
|
||||||
|
|
||||||
import org.wso2.carbon.device.mgt.common.DeviceManagementException;
|
|
||||||
|
|
||||||
import javax.xml.bind.JAXBContext;
|
|
||||||
import javax.xml.bind.JAXBException;
|
|
||||||
import javax.xml.bind.Unmarshaller;
|
|
||||||
import java.io.InputStream;
|
|
||||||
import java.util.List;
|
|
||||||
|
|
||||||
/**
|
|
||||||
* This class will add, update custom permissions defined in permission.xml in webapps.
|
|
||||||
*/
|
|
||||||
public class PermissionManager {
|
|
||||||
|
|
||||||
private static PermissionManager permissionManager;
|
|
||||||
|
|
||||||
private PermissionManager(){};
|
|
||||||
|
|
||||||
public static PermissionManager getInstance() {
|
|
||||||
if (permissionManager == null) {
|
|
||||||
synchronized (PermissionManager.class) {
|
|
||||||
if (permissionManager == null) {
|
|
||||||
permissionManager = new PermissionManager();
|
|
||||||
}
|
|
||||||
}
|
|
||||||
}
|
|
||||||
return permissionManager;
|
|
||||||
}
|
|
||||||
|
|
||||||
public boolean addPermission(Permission permission) throws DeviceManagementException {
|
|
||||||
try {
|
|
||||||
return PermissionUtils.putPermission(permission);
|
|
||||||
} catch (DeviceManagementException e) {
|
|
||||||
throw new DeviceManagementException("Error occurred while adding the permission : " +
|
|
||||||
permission.getName(), e);
|
|
||||||
}
|
|
||||||
}
|
|
||||||
|
|
||||||
public boolean addPermissions(List<Permission> permissions) throws DeviceManagementException{
|
|
||||||
for(Permission permission:permissions){
|
|
||||||
this.addPermission(permission);
|
|
||||||
}
|
|
||||||
return true;
|
|
||||||
}
|
|
||||||
|
|
||||||
public void initializePermissions(InputStream permissionStream) throws DeviceManagementException {
|
|
||||||
try {
|
|
||||||
if(permissionStream != null){
|
|
||||||
/* Un-marshaling Device Management configuration */
|
|
||||||
JAXBContext cdmContext = JAXBContext.newInstance(PermissionConfiguration.class);
|
|
||||||
Unmarshaller unmarshaller = cdmContext.createUnmarshaller();
|
|
||||||
PermissionConfiguration permissionConfiguration = (PermissionConfiguration)
|
|
||||||
unmarshaller.unmarshal(permissionStream);
|
|
||||||
if((permissionConfiguration != null) && (permissionConfiguration.getPermissions() != null)){
|
|
||||||
this.addPermissions(permissionConfiguration.getPermissions());
|
|
||||||
}
|
|
||||||
}
|
|
||||||
} catch (JAXBException e) {
|
|
||||||
throw new DeviceManagementException("Error occurred while initializing Data Source config", e);
|
|
||||||
}
|
|
||||||
}
|
|
||||||
}
|
|
||||||
@ -0,0 +1,81 @@
|
|||||||
|
/*
|
||||||
|
* Copyright (c) 2015, WSO2 Inc. (http://www.wso2.org) All Rights Reserved.
|
||||||
|
*
|
||||||
|
* WSO2 Inc. licenses this file to you under the Apache License,
|
||||||
|
* Version 2.0 (the "License"); you may not use this file except
|
||||||
|
* in compliance with the License.
|
||||||
|
* you may obtain a copy of the License at
|
||||||
|
*
|
||||||
|
* http://www.apache.org/licenses/LICENSE-2.0
|
||||||
|
*
|
||||||
|
* Unless required by applicable law or agreed to in writing,
|
||||||
|
* software distributed under the License is distributed on an
|
||||||
|
* "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
|
||||||
|
* KIND, either express or implied. See the License for the
|
||||||
|
* specific language governing permissions and limitations
|
||||||
|
* under the License.
|
||||||
|
*/
|
||||||
|
|
||||||
|
package org.wso2.carbon.device.mgt.core.permission.mgt;
|
||||||
|
|
||||||
|
import org.wso2.carbon.device.mgt.common.permission.mgt.Permission;
|
||||||
|
|
||||||
|
import java.util.ArrayList;
|
||||||
|
import java.util.Collection;
|
||||||
|
import java.util.HashMap;
|
||||||
|
import java.util.List;
|
||||||
|
import java.util.Map;
|
||||||
|
|
||||||
|
/**
|
||||||
|
* This class represents the node of a permission tree.
|
||||||
|
* It holds the current path name, list of permissions associated with URL
|
||||||
|
* and the set of children.
|
||||||
|
*/
|
||||||
|
public class PermissionNode {
|
||||||
|
|
||||||
|
private String pathName;
|
||||||
|
private Map<String, Permission> permissions = new HashMap<String, Permission>();
|
||||||
|
private List<PermissionNode> children = new ArrayList<PermissionNode>();
|
||||||
|
|
||||||
|
public PermissionNode(String pathName) {
|
||||||
|
this.pathName = pathName;
|
||||||
|
}
|
||||||
|
|
||||||
|
public String getPathName() {
|
||||||
|
return pathName;
|
||||||
|
}
|
||||||
|
|
||||||
|
public void setPathName(String pathName) {
|
||||||
|
this.pathName = pathName;
|
||||||
|
}
|
||||||
|
|
||||||
|
public List<PermissionNode> getChildren() {
|
||||||
|
return children;
|
||||||
|
}
|
||||||
|
|
||||||
|
public PermissionNode getChild(String pathName) {
|
||||||
|
PermissionNode child = null;
|
||||||
|
for (PermissionNode node : children) {
|
||||||
|
if (node.getPathName().equals(pathName)) {
|
||||||
|
return node;
|
||||||
|
}
|
||||||
|
}
|
||||||
|
return child;
|
||||||
|
}
|
||||||
|
|
||||||
|
public void addChild(PermissionNode node) {
|
||||||
|
children.add(node);
|
||||||
|
}
|
||||||
|
|
||||||
|
public void addPermission(String httpMethod, Permission permission) {
|
||||||
|
permissions.put(httpMethod, permission);
|
||||||
|
}
|
||||||
|
|
||||||
|
public Permission getPermission(String httpMethod) {
|
||||||
|
return permissions.get(httpMethod);
|
||||||
|
}
|
||||||
|
|
||||||
|
public Collection<Permission> getPermissions() {
|
||||||
|
return permissions.values();
|
||||||
|
}
|
||||||
|
}
|
||||||
@ -0,0 +1,114 @@
|
|||||||
|
/*
|
||||||
|
* Copyright (c) 2015, WSO2 Inc. (http://www.wso2.org) All Rights Reserved.
|
||||||
|
*
|
||||||
|
* WSO2 Inc. licenses this file to you under the Apache License,
|
||||||
|
* Version 2.0 (the "License"); you may not use this file except
|
||||||
|
* in compliance with the License.
|
||||||
|
* you may obtain a copy of the License at
|
||||||
|
*
|
||||||
|
* http://www.apache.org/licenses/LICENSE-2.0
|
||||||
|
*
|
||||||
|
* Unless required by applicable law or agreed to in writing,
|
||||||
|
* software distributed under the License is distributed on an
|
||||||
|
* "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
|
||||||
|
* KIND, either express or implied. See the License for the
|
||||||
|
* specific language governing permissions and limitations
|
||||||
|
* under the License.
|
||||||
|
*/
|
||||||
|
|
||||||
|
package org.wso2.carbon.device.mgt.core.permission.mgt;
|
||||||
|
|
||||||
|
import org.apache.commons.logging.Log;
|
||||||
|
import org.apache.commons.logging.LogFactory;
|
||||||
|
import org.wso2.carbon.device.mgt.common.permission.mgt.Permission;
|
||||||
|
|
||||||
|
import java.util.StringTokenizer;
|
||||||
|
|
||||||
|
/**
|
||||||
|
* This class represents a tree data structure which will be used for adding and retrieving permissions.
|
||||||
|
*/
|
||||||
|
public class PermissionTree {
|
||||||
|
|
||||||
|
private PermissionNode rootNode;
|
||||||
|
private static final String DYNAMIC_PATH_NOTATION = "*";
|
||||||
|
private static final String ROOT = "/";
|
||||||
|
private static final Log log = LogFactory.getLog(PermissionTree.class);
|
||||||
|
|
||||||
|
public PermissionTree() {
|
||||||
|
rootNode = new PermissionNode(ROOT); // initializing the root node.
|
||||||
|
}
|
||||||
|
|
||||||
|
/**
|
||||||
|
* This method is used to add permissions to the tree. Once it receives the permission
|
||||||
|
* it will traverse through the given request path with respect to the permission and place
|
||||||
|
* the permission in the appropriate place in the tree.
|
||||||
|
*
|
||||||
|
* @param permission Permission object.
|
||||||
|
*/
|
||||||
|
public void addPermission(Permission permission) {
|
||||||
|
StringTokenizer st = new StringTokenizer(permission.getUrl(), ROOT);
|
||||||
|
PermissionNode tempRoot = rootNode;
|
||||||
|
PermissionNode tempChild;
|
||||||
|
while (st.hasMoreTokens()) {
|
||||||
|
tempChild = new PermissionNode(st.nextToken());
|
||||||
|
tempRoot = addPermissionNode(tempRoot, tempChild);
|
||||||
|
}
|
||||||
|
tempRoot.addPermission(permission.getMethod(), permission); //setting permission to the vertex
|
||||||
|
if (log.isDebugEnabled()) {
|
||||||
|
log.debug("Added permission '" + permission.getName() + "'");
|
||||||
|
}
|
||||||
|
}
|
||||||
|
|
||||||
|
/**
|
||||||
|
* This method is used to add vertex to the graph. The method will check for the given child
|
||||||
|
* whether exists within the list of children of the given parent.
|
||||||
|
*
|
||||||
|
* @param parent Parent PermissionNode.
|
||||||
|
* @param child Child PermissionNode.
|
||||||
|
* @return returns the newly created child or the existing child.
|
||||||
|
*/
|
||||||
|
private PermissionNode addPermissionNode(PermissionNode parent, PermissionNode child) {
|
||||||
|
PermissionNode existChild = parent.getChild(child.getPathName());
|
||||||
|
if (existChild == null) {
|
||||||
|
parent.addChild(child);
|
||||||
|
return child;
|
||||||
|
}
|
||||||
|
return existChild;
|
||||||
|
}
|
||||||
|
|
||||||
|
/**
|
||||||
|
* This method is used to retrieve the permission for a given url and http method.
|
||||||
|
* Breath First Search (BFS) is used to traverse the tree.
|
||||||
|
*
|
||||||
|
* @param url Request URL.
|
||||||
|
* @param httpMethod HTTP method of the request.
|
||||||
|
* @return returns the permission with related to the request path or null if there is
|
||||||
|
* no any permission that is stored with respected to the given request path.
|
||||||
|
*/
|
||||||
|
public Permission getPermission(String url, String httpMethod) {
|
||||||
|
StringTokenizer st = new StringTokenizer(url, ROOT);
|
||||||
|
PermissionNode tempRoot = rootNode;
|
||||||
|
while (st.hasMoreTokens()) {
|
||||||
|
String currentToken = st.nextToken();
|
||||||
|
|
||||||
|
// returns the child node which matches with the 'currentToken' path.
|
||||||
|
tempRoot = tempRoot.getChild(currentToken);
|
||||||
|
|
||||||
|
// if tempRoot is null, that means 'currentToken' is not matched with the child's path.
|
||||||
|
// It means that it is at a point where the request must have dynamic path variables.
|
||||||
|
// Therefor it looks for '*' in the request path. ('*' denotes dynamic path variable).
|
||||||
|
if (tempRoot == null) {
|
||||||
|
tempRoot = tempRoot.getChild(DYNAMIC_PATH_NOTATION);
|
||||||
|
// if tempRoot is null, that means there is no any permission which matches with the
|
||||||
|
// given path
|
||||||
|
if (tempRoot == null) {
|
||||||
|
if (log.isDebugEnabled()) {
|
||||||
|
log.debug("Permission for request path '" + url + "' does not exist");
|
||||||
|
}
|
||||||
|
return null;
|
||||||
|
}
|
||||||
|
}
|
||||||
|
}
|
||||||
|
return tempRoot.getPermission(httpMethod);
|
||||||
|
}
|
||||||
|
}
|
||||||
@ -0,0 +1,73 @@
|
|||||||
|
/*
|
||||||
|
* Copyright (c) 2015, WSO2 Inc. (http://www.wso2.org) All Rights Reserved.
|
||||||
|
*
|
||||||
|
* WSO2 Inc. licenses this file to you under the Apache License,
|
||||||
|
* Version 2.0 (the "License"); you may not use this file except
|
||||||
|
* in compliance with the License.
|
||||||
|
* you may obtain a copy of the License at
|
||||||
|
*
|
||||||
|
* http://www.apache.org/licenses/LICENSE-2.0
|
||||||
|
*
|
||||||
|
* Unless required by applicable law or agreed to in writing,
|
||||||
|
* software distributed under the License is distributed on an
|
||||||
|
* "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
|
||||||
|
* KIND, either express or implied. See the License for the
|
||||||
|
* specific language governing permissions and limitations
|
||||||
|
* under the License.
|
||||||
|
*/
|
||||||
|
|
||||||
|
package org.wso2.carbon.device.mgt.core.permission.mgt;
|
||||||
|
|
||||||
|
import org.wso2.carbon.device.mgt.common.permission.mgt.Permission;
|
||||||
|
import org.wso2.carbon.device.mgt.common.permission.mgt.PermissionManagementException;
|
||||||
|
import org.wso2.carbon.device.mgt.common.permission.mgt.PermissionManagerService;
|
||||||
|
|
||||||
|
import java.util.List;
|
||||||
|
import java.util.Properties;
|
||||||
|
|
||||||
|
/**
|
||||||
|
* This class will add, update custom permissions defined in permission.xml in webapps and it will
|
||||||
|
* use Registry as the persistence storage.
|
||||||
|
*/
|
||||||
|
public class RegistryBasedPermissionManagerServiceImpl implements PermissionManagerService {
|
||||||
|
|
||||||
|
public static final String URL_PROPERTY = "URL";
|
||||||
|
public static final String HTTP_METHOD_PROPERTY = "HTTP_METHOD";
|
||||||
|
private static RegistryBasedPermissionManagerServiceImpl registryBasedPermissionManager;
|
||||||
|
private static PermissionTree permissionTree; // holds the permissions at runtime.
|
||||||
|
|
||||||
|
private RegistryBasedPermissionManagerServiceImpl() {
|
||||||
|
}
|
||||||
|
|
||||||
|
public static RegistryBasedPermissionManagerServiceImpl getInstance() {
|
||||||
|
if (registryBasedPermissionManager == null) {
|
||||||
|
synchronized (RegistryBasedPermissionManagerServiceImpl.class) {
|
||||||
|
if (registryBasedPermissionManager == null) {
|
||||||
|
registryBasedPermissionManager = new RegistryBasedPermissionManagerServiceImpl();
|
||||||
|
permissionTree = new PermissionTree();
|
||||||
|
}
|
||||||
|
}
|
||||||
|
}
|
||||||
|
return registryBasedPermissionManager;
|
||||||
|
}
|
||||||
|
|
||||||
|
public boolean addPermissions(List<Permission> permissions) throws PermissionManagementException {
|
||||||
|
for (Permission permission : permissions) {
|
||||||
|
this.addPermission(permission);
|
||||||
|
}
|
||||||
|
return true;
|
||||||
|
}
|
||||||
|
|
||||||
|
@Override
|
||||||
|
public boolean addPermission(Permission permission) throws PermissionManagementException {
|
||||||
|
permissionTree.addPermission(permission); // adding a permission to the tree
|
||||||
|
return PermissionUtils.putPermission(permission);
|
||||||
|
}
|
||||||
|
|
||||||
|
@Override
|
||||||
|
public Permission getPermission(Properties properties) throws PermissionManagementException {
|
||||||
|
String url = (String) properties.get(URL_PROPERTY);
|
||||||
|
String httpMethod = (String) properties.get(HTTP_METHOD_PROPERTY);
|
||||||
|
return permissionTree.getPermission(url, httpMethod);
|
||||||
|
}
|
||||||
|
}
|
||||||
@ -0,0 +1,76 @@
|
|||||||
|
/*
|
||||||
|
* Copyright (c) 2015, WSO2 Inc. (http://www.wso2.org) All Rights Reserved.
|
||||||
|
*
|
||||||
|
* WSO2 Inc. licenses this file to you under the Apache License,
|
||||||
|
* Version 2.0 (the "License"); you may not use this file except
|
||||||
|
* in compliance with the License.
|
||||||
|
* You may obtain a copy of the License at
|
||||||
|
*
|
||||||
|
* http://www.apache.org/licenses/LICENSE-2.0
|
||||||
|
*
|
||||||
|
* Unless required by applicable law or agreed to in writing,
|
||||||
|
* software distributed under the License is distributed on an
|
||||||
|
* "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
|
||||||
|
* KIND, either express or implied. See the License for the
|
||||||
|
* specific language governing permissions and limitations
|
||||||
|
* under the License.
|
||||||
|
*/
|
||||||
|
|
||||||
|
package org.wso2.carbon.webapp.authenticator.framework.authorizer;
|
||||||
|
|
||||||
|
import org.apache.catalina.connector.Request;
|
||||||
|
import org.apache.catalina.connector.Response;
|
||||||
|
import org.apache.commons.logging.Log;
|
||||||
|
import org.apache.commons.logging.LogFactory;
|
||||||
|
import org.wso2.carbon.tomcat.ext.valves.CarbonTomcatValve;
|
||||||
|
import org.wso2.carbon.tomcat.ext.valves.CompositeValve;
|
||||||
|
import org.wso2.carbon.webapp.authenticator.framework.AuthenticationFrameworkUtil;
|
||||||
|
import org.wso2.carbon.webapp.authenticator.framework.authenticator.WebappAuthenticator;
|
||||||
|
|
||||||
|
import javax.servlet.http.HttpServletResponse;
|
||||||
|
|
||||||
|
public class PermissionAuthorizationValve extends CarbonTomcatValve {
|
||||||
|
|
||||||
|
private static final Log log = LogFactory.getLog(PermissionAuthorizationValve.class);
|
||||||
|
private static final String AUTHORIZATION_ENABLED = "authorization-enabled";
|
||||||
|
|
||||||
|
|
||||||
|
@Override
|
||||||
|
public void invoke(Request request, Response response, CompositeValve compositeValve) {
|
||||||
|
|
||||||
|
String permissionStatus =
|
||||||
|
request.getContext().findParameter(AUTHORIZATION_ENABLED);
|
||||||
|
if (permissionStatus == null || permissionStatus.isEmpty()) {
|
||||||
|
this.processResponse(request, response, compositeValve, WebappAuthenticator.Status.CONTINUE);
|
||||||
|
return;
|
||||||
|
}
|
||||||
|
// check whether the permission checking function is enabled in web.xml
|
||||||
|
boolean isEnabled = new Boolean(permissionStatus);
|
||||||
|
if (!isEnabled) {
|
||||||
|
this.processResponse(request, response, compositeValve, WebappAuthenticator.Status.CONTINUE);
|
||||||
|
return;
|
||||||
|
}
|
||||||
|
|
||||||
|
if (log.isDebugEnabled()) {
|
||||||
|
log.debug("Checking permission of request: " + request.getRequestURI());
|
||||||
|
}
|
||||||
|
PermissionAuthorizer permissionAuthorizer = new PermissionAuthorizer();
|
||||||
|
WebappAuthenticator.Status status = permissionAuthorizer.authorize(request, response);
|
||||||
|
this.processResponse(request, response, compositeValve, status);
|
||||||
|
}
|
||||||
|
|
||||||
|
private void processResponse(Request request, Response response, CompositeValve compositeValve,
|
||||||
|
WebappAuthenticator.Status status) {
|
||||||
|
switch (status) {
|
||||||
|
case SUCCESS:
|
||||||
|
case CONTINUE:
|
||||||
|
this.getNext().invoke(request, response, compositeValve);
|
||||||
|
break;
|
||||||
|
case FAILURE:
|
||||||
|
String msg = "Failed to authorize incoming request";
|
||||||
|
log.error(msg);
|
||||||
|
AuthenticationFrameworkUtil.handleResponse(request, response, HttpServletResponse.SC_UNAUTHORIZED, msg);
|
||||||
|
break;
|
||||||
|
}
|
||||||
|
}
|
||||||
|
}
|
||||||
@ -0,0 +1,101 @@
|
|||||||
|
/*
|
||||||
|
* Copyright (c) 2015, WSO2 Inc. (http://www.wso2.org) All Rights Reserved.
|
||||||
|
*
|
||||||
|
* WSO2 Inc. licenses this file to you under the Apache License,
|
||||||
|
* Version 2.0 (the "License"); you may not use this file except
|
||||||
|
* in compliance with the License.
|
||||||
|
* You may obtain a copy of the License at
|
||||||
|
*
|
||||||
|
* http://www.apache.org/licenses/LICENSE-2.0
|
||||||
|
*
|
||||||
|
* Unless required by applicable law or agreed to in writing,
|
||||||
|
* software distributed under the License is distributed on an
|
||||||
|
* "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
|
||||||
|
* KIND, either express or implied. See the License for the
|
||||||
|
* specific language governing permissions and limitations
|
||||||
|
* under the License.
|
||||||
|
*/
|
||||||
|
|
||||||
|
package org.wso2.carbon.webapp.authenticator.framework.authorizer;
|
||||||
|
|
||||||
|
import org.apache.catalina.connector.Request;
|
||||||
|
import org.apache.catalina.connector.Response;
|
||||||
|
import org.apache.commons.logging.Log;
|
||||||
|
import org.apache.commons.logging.LogFactory;
|
||||||
|
import org.wso2.carbon.context.CarbonContext;
|
||||||
|
import org.wso2.carbon.device.mgt.common.permission.mgt.Permission;
|
||||||
|
import org.wso2.carbon.device.mgt.common.permission.mgt.PermissionManagementException;
|
||||||
|
import org.wso2.carbon.device.mgt.core.permission.mgt.RegistryBasedPermissionManagerServiceImpl;
|
||||||
|
import org.wso2.carbon.user.api.UserStoreException;
|
||||||
|
import org.wso2.carbon.webapp.authenticator.framework.Constants;
|
||||||
|
import org.wso2.carbon.webapp.authenticator.framework.authenticator.WebappAuthenticator;
|
||||||
|
|
||||||
|
import java.util.Properties;
|
||||||
|
|
||||||
|
/**
|
||||||
|
* This class represents the methods that are used to authorize requests.
|
||||||
|
*/
|
||||||
|
public class PermissionAuthorizer {
|
||||||
|
|
||||||
|
private static final Log log = LogFactory.getLog(PermissionAuthorizer.class);
|
||||||
|
|
||||||
|
public WebappAuthenticator.Status authorize(Request request, Response response) {
|
||||||
|
|
||||||
|
String requestUri = request.getRequestURI();
|
||||||
|
String requestMethod = request.getMethod();
|
||||||
|
|
||||||
|
if (requestUri == null || requestUri.isEmpty() ||
|
||||||
|
requestMethod == null || requestMethod.isEmpty()) {
|
||||||
|
return WebappAuthenticator.Status.CONTINUE;
|
||||||
|
}
|
||||||
|
|
||||||
|
RegistryBasedPermissionManagerServiceImpl registryBasedPermissionManager = RegistryBasedPermissionManagerServiceImpl.getInstance();
|
||||||
|
Properties properties = new Properties();
|
||||||
|
properties.put("",requestUri);
|
||||||
|
properties.put("",requestMethod);
|
||||||
|
Permission requestPermission = null;
|
||||||
|
try {
|
||||||
|
requestPermission = registryBasedPermissionManager.getPermission(properties);
|
||||||
|
} catch (PermissionManagementException e) {
|
||||||
|
log.error(
|
||||||
|
"Error occurred while fetching the permission for URI : " + requestUri + " ," +
|
||||||
|
" METHOD : " + requestMethod + ", msg = " + e.getMessage());
|
||||||
|
}
|
||||||
|
|
||||||
|
if (requestPermission == null) {
|
||||||
|
if (log.isDebugEnabled()) {
|
||||||
|
log.debug("Permission to request '" + requestUri + "' is not defined in the configuration");
|
||||||
|
}
|
||||||
|
return WebappAuthenticator.Status.FAILURE;
|
||||||
|
}
|
||||||
|
|
||||||
|
String permissionString = requestPermission.getPath();
|
||||||
|
|
||||||
|
// This is added temporarily until authentication works.
|
||||||
|
// TODO remove below line.
|
||||||
|
String username = "admin";
|
||||||
|
// TODO uncomment this once the authentication works.
|
||||||
|
//String username = CarbonContext.getThreadLocalCarbonContext().getUsername();
|
||||||
|
|
||||||
|
boolean isUserAuthorized;
|
||||||
|
try {
|
||||||
|
isUserAuthorized = CarbonContext.getThreadLocalCarbonContext().getUserRealm().
|
||||||
|
getAuthorizationManager().isUserAuthorized(username, permissionString,
|
||||||
|
Constants.PermissionMethod.READ);
|
||||||
|
} catch (UserStoreException e) {
|
||||||
|
log.error("Error occurred while retrieving user store. " + e.getMessage());
|
||||||
|
return WebappAuthenticator.Status.FAILURE;
|
||||||
|
}
|
||||||
|
|
||||||
|
if (log.isDebugEnabled()) {
|
||||||
|
log.debug("Is user authorized: " + isUserAuthorized);
|
||||||
|
}
|
||||||
|
|
||||||
|
if (isUserAuthorized) {
|
||||||
|
return WebappAuthenticator.Status.SUCCESS;
|
||||||
|
} else {
|
||||||
|
return WebappAuthenticator.Status.FAILURE;
|
||||||
|
}
|
||||||
|
}
|
||||||
|
|
||||||
|
}
|
||||||
@ -1,2 +1,2 @@
|
|||||||
instructions.configure = \
|
instructions.configure = \
|
||||||
org.eclipse.equinox.p2.touchpoint.natives.copy(source:${installFolder}/../features/org.wso2.carbon.webapp.authenticator.framework.server_${feature.version}/conf/webapp-authenticator-config.xml,target:${installFolder}/../../conf/etc/webapp-authenticator-config.xml,overwrite:true);\
|
org.eclipse.equinox.p2.touchpoint.natives.copy(source:${installFolder}/../features/org.wso2.carbon.webapp.authenticator.framework.server_${feature.version}/conf/webapp-authenticator-config.xml,target:${installFolder}/../../conf/etc/webapp-authenticator-config.xml,overwrite:true);\
|
||||||
|
|||||||
Loading…
Reference in new issue