Fixed oauth issue with tenants

4.x.x
harshanl 9 years ago
parent 9b40f73597
commit 81b6770c08

@ -53,7 +53,7 @@ public class WebAppDeploymentLifecycleListener implements LifecycleListener {
if (Lifecycle.AFTER_START_EVENT.equals(lifecycleEvent.getType())) { if (Lifecycle.AFTER_START_EVENT.equals(lifecycleEvent.getType())) {
StandardContext context = (StandardContext) lifecycleEvent.getLifecycle(); StandardContext context = (StandardContext) lifecycleEvent.getLifecycle();
ServletContext servletContext = context.getServletContext(); ServletContext servletContext = context.getServletContext();
String contextPath = servletContext.getContextPath(); String contextPath = context.getServletContext().getContextPath();
try { try {
InputStream permissionStream = servletContext.getResourceAsStream(PERMISSION_CONFIG_PATH); InputStream permissionStream = servletContext.getResourceAsStream(PERMISSION_CONFIG_PATH);
if (permissionStream != null) { if (permissionStream != null) {
@ -77,7 +77,7 @@ public class WebAppDeploymentLifecycleListener implements LifecycleListener {
} catch (JAXBException e) { } catch (JAXBException e) {
log.error( log.error(
"Exception occurred while parsing the permission configuration of webapp : " "Exception occurred while parsing the permission configuration of webapp : "
+ servletContext.getContextPath(), e); + context.getServletContext().getContextPath(), e);
} catch (PermissionManagementException e) { } catch (PermissionManagementException e) {
log.error("Exception occurred while adding the permissions from webapp : " log.error("Exception occurred while adding the permissions from webapp : "
+ servletContext.getContextPath(), e); + servletContext.getContextPath(), e);

@ -47,13 +47,13 @@ public class GenericDeviceDAOImpl extends AbstractDeviceDAOImpl {
List<Device> devices = null; List<Device> devices = null;
try { try {
conn = this.getConnection(); conn = this.getConnection();
String sql = "SELECT d1.DEVICE_ID, d1.DESCRIPTION, d1.NAME AS DEVICE_NAME, d1.DEVICE_TYPE, " + // String sql = "SELECT d1.DEVICE_ID, d1.DESCRIPTION, d1.NAME AS DEVICE_NAME, d1.DEVICE_TYPE, " +
"d1.DEVICE_IDENTIFICATION, e.OWNER, e.OWNERSHIP, e.STATUS, e.DATE_OF_LAST_UPDATE, " + // "d1.DEVICE_IDENTIFICATION, e.OWNER, e.OWNERSHIP, e.STATUS, e.DATE_OF_LAST_UPDATE, " +
"e.DATE_OF_ENROLMENT, e.ID AS ENROLMENT_ID FROM DM_ENROLMENT e, (SELECT d.ID AS DEVICE_ID, " + // "e.DATE_OF_ENROLMENT, e.ID AS ENROLMENT_ID FROM DM_ENROLMENT e, (SELECT d.ID AS DEVICE_ID, " +
"d.DESCRIPTION, d.NAME, d.DEVICE_IDENTIFICATION, t.NAME AS DEVICE_TYPE FROM DM_DEVICE d, " + // "d.DESCRIPTION, d.NAME, d.DEVICE_IDENTIFICATION, t.NAME AS DEVICE_TYPE FROM DM_DEVICE d, " +
"DM_DEVICE_TYPE t WHERE d.DEVICE_TYPE_ID = t.ID AND d.TENANT_ID = ?) d1 " + // "DM_DEVICE_TYPE t WHERE d.DEVICE_TYPE_ID = t.ID AND d.TENANT_ID = ?) d1 " +
"WHERE d1.DEVICE_ID = e.DEVICE_ID AND TENANT_ID = ? LIMIT ?,?"; // "WHERE d1.DEVICE_ID = e.DEVICE_ID AND TENANT_ID = ? LIMIT ?,?";
// String sql = "SELECT * FROM DM_DEVICE WHERE TENANT_ID = ? LIMIT ?,?"; String sql = "SELECT * FROM DM_DEVICE WHERE TENANT_ID = ? LIMIT ?,?";
stmt = conn.prepareStatement(sql); stmt = conn.prepareStatement(sql);
stmt.setInt(1, tenantId); stmt.setInt(1, tenantId);
stmt.setInt(2, tenantId); stmt.setInt(2, tenantId);
@ -88,14 +88,14 @@ public class GenericDeviceDAOImpl extends AbstractDeviceDAOImpl {
List<Device> devices = null; List<Device> devices = null;
try { try {
conn = this.getConnection(); conn = this.getConnection();
String sql = "SELECT d1.ID AS DEVICE_ID, d1.DESCRIPTION, d1.NAME AS DEVICE_NAME, d1.DEVICE_TYPE, " + // String sql = "SELECT d1.ID AS DEVICE_ID, d1.DESCRIPTION, d1.NAME AS DEVICE_NAME, d1.DEVICE_TYPE, " +
"d1.DEVICE_IDENTIFICATION, e.OWNER, e.OWNERSHIP, e.STATUS, e.DATE_OF_LAST_UPDATE, " + // "d1.DEVICE_IDENTIFICATION, e.OWNER, e.OWNERSHIP, e.STATUS, e.DATE_OF_LAST_UPDATE, " +
"e.DATE_OF_ENROLMENT, e.ID AS ENROLMENT_ID FROM DM_ENROLMENT e, (SELECT d.ID, d.DESCRIPTION, " + // "e.DATE_OF_ENROLMENT, e.ID AS ENROLMENT_ID FROM DM_ENROLMENT e, (SELECT d.ID, d.DESCRIPTION, " +
"d.NAME, d.DEVICE_IDENTIFICATION, t.NAME AS DEVICE_TYPE FROM DM_DEVICE d, " + // "d.NAME, d.DEVICE_IDENTIFICATION, t.NAME AS DEVICE_TYPE FROM DM_DEVICE d, " +
"DM_DEVICE_TYPE t WHERE DEVICE_TYPE_ID = t.ID AND t.NAME = ? " + // "DM_DEVICE_TYPE t WHERE DEVICE_TYPE_ID = t.ID AND t.NAME = ? " +
"AND d.TENANT_ID = ?) d1 WHERE d1.ID = e.DEVICE_ID AND TENANT_ID = ? LIMIT ?,?"; // "AND d.TENANT_ID = ?) d1 WHERE d1.ID = e.DEVICE_ID AND TENANT_ID = ? LIMIT ?,?";
//String sql = "SELECT * FROM DM_DEVICE d, (SELECT t.ID AS TYPE_ID FROM DM_DEVICE_TYPE t WHERE t.NAME = ?)" + String sql = "SELECT * FROM DM_DEVICE d, (SELECT t.ID AS TYPE_ID FROM DM_DEVICE_TYPE t WHERE t.NAME = ?)" +
// " d1 WHERE TYPE_ID = d.DEVICE_TYPE_ID AND d.TENANT_ID = ? LIMIT ?,?"; " d1 WHERE TYPE_ID = d.DEVICE_TYPE_ID AND d.TENANT_ID = ? LIMIT ?,?";
stmt = conn.prepareStatement(sql); stmt = conn.prepareStatement(sql);
stmt.setString(1, type); stmt.setString(1, type);
stmt.setInt(2, tenantId); stmt.setInt(2, tenantId);

@ -17,7 +17,8 @@
~ under the License. ~ under the License.
--> -->
<project xmlns="http://maven.apache.org/POM/4.0.0" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xsi:schemaLocation="http://maven.apache.org/POM/4.0.0 http://maven.apache.org/xsd/maven-4.0.0.xsd"> <project xmlns="http://maven.apache.org/POM/4.0.0" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
xsi:schemaLocation="http://maven.apache.org/POM/4.0.0 http://maven.apache.org/xsd/maven-4.0.0.xsd">
<parent> <parent>
<groupId>org.wso2.carbon.devicemgt</groupId> <groupId>org.wso2.carbon.devicemgt</groupId>
@ -72,10 +73,25 @@
<Private-Package>org.wso2.carbon.device.mgt.oauth.extensions.internal</Private-Package> <Private-Package>org.wso2.carbon.device.mgt.oauth.extensions.internal</Private-Package>
<Export-Package> <Export-Package>
!org.wso2.carbon.device.mgt.oauth.extensions.internal, !org.wso2.carbon.device.mgt.oauth.extensions.internal,
org.wso2.carbon.device.mgt.oauth.extensions.handlers.*, org.wso2.carbon.device.mgt.oauth.extensions.*
org.wso2.carbon.device.mgt.oauth.extensions.validators.*
</Export-Package> </Export-Package>
<DynamicImport-Package>*</DynamicImport-Package> <Import-Package>
javax.security.auth.*,
org.apache.commons.logging,
org.osgi.service.component,
org.wso2.carbon.device.mgt.common.permission.mgt,
org.wso2.carbon.device.mgt.oauth.extensions.*,
org.wso2.carbon.device.mgt.*
org.wso2.carbon.identity.application.common.model,
org.wso2.carbon.identity.oauth.callback,
org.wso2.carbon.identity.oauth2,
org.wso2.carbon.identity.oauth2.model,
org.wso2.carbon.identity.oauth2.validators,
org.wso2.carbon.user.api,
org.wso2.carbon.user.core.service,
org.wso2.carbon.identity.application.common.model,
org.wso2.carbon.user.core.tenant
</Import-Package>
</instructions> </instructions>
</configuration> </configuration>
</plugin> </plugin>

@ -0,0 +1,48 @@
/*
* Copyright (c) 2015, WSO2 Inc. (http://www.wso2.org) All Rights Reserved.
*
* WSO2 Inc. licenses this file to you under the Apache License,
* Version 2.0 (the "License"); you may not use this file except
* in compliance with the License.
* you may obtain a copy of the License at
*
* http://www.apache.org/licenses/LICENSE-2.0
*
* Unless required by applicable law or agreed to in writing,
* software distributed under the License is distributed on an
* "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
* KIND, either express or implied. See the License for the
* specific language governing permissions and limitations
* under the License.
*/
package org.wso2.carbon.device.mgt.oauth.extensions;
import org.apache.commons.logging.Log;
import org.apache.commons.logging.LogFactory;
import org.wso2.carbon.device.mgt.oauth.extensions.internal.OAuthExtensionsDataHolder;
import org.wso2.carbon.user.api.TenantManager;
import org.wso2.carbon.user.api.UserStoreException;
/**
* This class holds util methods used by OAuth extension bundle.
*/
public class OAuthExtUtils {
private static final Log log = LogFactory.getLog(OAuthExtUtils.class);
public static int getTenantId(String tenantDomain) {
int tenantId = 0;
if (tenantDomain != null) {
try {
TenantManager tenantManager = OAuthExtensionsDataHolder.getInstance().getRealmService().getTenantManager();
tenantId = tenantManager.getTenantId(tenantDomain);
} catch (UserStoreException e) {
String errorMsg = "Error when getting the tenant id from the tenant domain : " +
tenantDomain;
log.error(errorMsg, e);
}
}
return tenantId;
}
}

@ -20,11 +20,12 @@ package org.wso2.carbon.device.mgt.oauth.extensions.validators;
import org.apache.commons.logging.Log; import org.apache.commons.logging.Log;
import org.apache.commons.logging.LogFactory; import org.apache.commons.logging.LogFactory;
import org.wso2.carbon.context.CarbonContext;
import org.wso2.carbon.device.mgt.common.permission.mgt.Permission; import org.wso2.carbon.device.mgt.common.permission.mgt.Permission;
import org.wso2.carbon.device.mgt.common.permission.mgt.PermissionManagementException; import org.wso2.carbon.device.mgt.common.permission.mgt.PermissionManagementException;
import org.wso2.carbon.device.mgt.common.permission.mgt.PermissionManagerService; import org.wso2.carbon.device.mgt.common.permission.mgt.PermissionManagerService;
import org.wso2.carbon.device.mgt.oauth.extensions.OAuthExtUtils;
import org.wso2.carbon.device.mgt.oauth.extensions.internal.OAuthExtensionsDataHolder; import org.wso2.carbon.device.mgt.oauth.extensions.internal.OAuthExtensionsDataHolder;
import org.wso2.carbon.identity.application.common.model.User;
import org.wso2.carbon.identity.oauth2.IdentityOAuth2Exception; import org.wso2.carbon.identity.oauth2.IdentityOAuth2Exception;
import org.wso2.carbon.identity.oauth2.model.AccessTokenDO; import org.wso2.carbon.identity.oauth2.model.AccessTokenDO;
import org.wso2.carbon.identity.oauth2.validators.OAuth2ScopeValidator; import org.wso2.carbon.identity.oauth2.validators.OAuth2ScopeValidator;
@ -72,9 +73,11 @@ public class PermissionBasedScopeValidator extends OAuth2ScopeValidator {
getPermissionManagerService(); getPermissionManagerService();
try { try {
Permission permission = permissionManagerService.getPermission(properties); Permission permission = permissionManagerService.getPermission(properties);
if ((permission != null) && (accessTokenDO.getAuthzUser() != null)) { User authzUser = accessTokenDO.getAuthzUser();
String username = accessTokenDO.getAuthzUser().getUserName(); if ((permission != null) && (authzUser != null)) {
UserRealm userRealm = CarbonContext.getThreadLocalCarbonContext().getUserRealm(); String username = authzUser.getUserName();
int tenantId = OAuthExtUtils.getTenantId(authzUser.getTenantDomain());
UserRealm userRealm = OAuthExtensionsDataHolder.getInstance().getRealmService().getTenantUserRealm(tenantId);
if (userRealm != null && userRealm.getAuthorizationManager() != null) { if (userRealm != null && userRealm.getAuthorizationManager() != null) {
status = userRealm.getAuthorizationManager() status = userRealm.getAuthorizationManager()
.isUserAuthorized(username, permission.getPath(), .isUserAuthorized(username, permission.getPath(),

Loading…
Cancel
Save