From bfb9c629686d4587c86e1902574e79d9ac3e9f90 Mon Sep 17 00:00:00 2001 From: ayyoob Date: Sun, 20 Nov 2016 02:37:42 +0530 Subject: [PATCH 1/3] changed device access verification approach --- .../analytics-view.js | 25 +-- .../service/impl/ArduinoServiceImpl.java | 2 +- .../analytics-view.js | 27 +-- .../service/impl/RaspberryPiServiceImpl.java | 2 +- .../analytics-view.js | 27 +-- .../impl/VirtualFireAlarmServiceImpl.java | 7 +- .../analytics-view.js | 27 +-- .../pom.xml | 2 +- .../pom.xml | 27 ++- .../authorization/DeviceAuthorizer.java | 99 ++++++++-- .../client/OAuthRequestInterceptor.java | 176 ++++++++++++++++++ .../client/dto/AccessTokenInfo.java | 57 ++++++ .../client/dto/ApiApplicationKey.java | 43 +++++ .../ApiApplicationRegistrationService.java | 25 +++ .../client/dto/ApiRegistrationProfile.java | 78 ++++++++ .../client/dto/AuthorizationRequest.java | 46 +++++ ...DeviceAccessAuthorizationAdminService.java | 41 ++++ .../client/dto/DeviceAuthorizationResult.java | 56 ++++++ .../client/dto/DeviceIdentifier.java | 51 +++++ .../client/dto/OAuthApplicationInfo.java | 58 ++++++ .../client/dto/RegisterInfo.java | 40 ++++ .../client/dto/RegistrationProfile.java | 65 +++++++ .../client/dto/TokenIssuerService.java | 37 ++++ .../websocket/config/WebsocketConfig.java | 10 + .../pom.xml | 35 +++- .../DeviceAccessBasedMQTTAuthorizer.java | 134 +++++++++++-- .../client/OAuthRequestInterceptor.java | 89 +++++++++ .../client/dto/AccessTokenInfo.java | 57 ++++++ .../client/dto/ApiApplicationKey.java | 43 +++++ .../ApiApplicationRegistrationService.java | 25 +++ .../client/dto/ApiRegistrationProfile.java | 78 ++++++++ .../client/dto/AuthorizationRequest.java | 46 +++++ ...DeviceAccessAuthorizationAdminService.java | 41 ++++ .../client/dto/DeviceAuthorizationResult.java | 56 ++++++ .../client/dto/DeviceIdentifier.java | 51 +++++ .../client/dto/OAuthApplicationInfo.java | 58 ++++++ .../client/dto/RegisterInfo.java | 40 ++++ .../client/dto/RegistrationProfile.java | 65 +++++++ .../client/dto/TokenIssuerService.java | 37 ++++ .../AuthorizationConfigurationManager.java | 158 ++++++++++++---- .../util/AuthorizationCacheKey.java | 33 ++++ .../pom.xml | 18 ++ .../pom.xml | 18 +- .../main/resources/websocket-validation.xml | 13 +- pom.xml | 24 +++ 45 files changed, 1984 insertions(+), 163 deletions(-) create mode 100755 components/extensions/cdmf-transport-adapters/output/org.wso2.carbon.device.mgt.output.adapter.websocket/src/main/java/org/wso2/carbon/device/mgt/output/adapter/websocket/authorization/client/OAuthRequestInterceptor.java create mode 100755 components/extensions/cdmf-transport-adapters/output/org.wso2.carbon.device.mgt.output.adapter.websocket/src/main/java/org/wso2/carbon/device/mgt/output/adapter/websocket/authorization/client/dto/AccessTokenInfo.java create mode 100644 components/extensions/cdmf-transport-adapters/output/org.wso2.carbon.device.mgt.output.adapter.websocket/src/main/java/org/wso2/carbon/device/mgt/output/adapter/websocket/authorization/client/dto/ApiApplicationKey.java create mode 100755 components/extensions/cdmf-transport-adapters/output/org.wso2.carbon.device.mgt.output.adapter.websocket/src/main/java/org/wso2/carbon/device/mgt/output/adapter/websocket/authorization/client/dto/ApiApplicationRegistrationService.java create mode 100755 components/extensions/cdmf-transport-adapters/output/org.wso2.carbon.device.mgt.output.adapter.websocket/src/main/java/org/wso2/carbon/device/mgt/output/adapter/websocket/authorization/client/dto/ApiRegistrationProfile.java create mode 100644 components/extensions/cdmf-transport-adapters/output/org.wso2.carbon.device.mgt.output.adapter.websocket/src/main/java/org/wso2/carbon/device/mgt/output/adapter/websocket/authorization/client/dto/AuthorizationRequest.java create mode 100644 components/extensions/cdmf-transport-adapters/output/org.wso2.carbon.device.mgt.output.adapter.websocket/src/main/java/org/wso2/carbon/device/mgt/output/adapter/websocket/authorization/client/dto/DeviceAccessAuthorizationAdminService.java create mode 100644 components/extensions/cdmf-transport-adapters/output/org.wso2.carbon.device.mgt.output.adapter.websocket/src/main/java/org/wso2/carbon/device/mgt/output/adapter/websocket/authorization/client/dto/DeviceAuthorizationResult.java create mode 100644 components/extensions/cdmf-transport-adapters/output/org.wso2.carbon.device.mgt.output.adapter.websocket/src/main/java/org/wso2/carbon/device/mgt/output/adapter/websocket/authorization/client/dto/DeviceIdentifier.java create mode 100755 components/extensions/cdmf-transport-adapters/output/org.wso2.carbon.device.mgt.output.adapter.websocket/src/main/java/org/wso2/carbon/device/mgt/output/adapter/websocket/authorization/client/dto/OAuthApplicationInfo.java create mode 100755 components/extensions/cdmf-transport-adapters/output/org.wso2.carbon.device.mgt.output.adapter.websocket/src/main/java/org/wso2/carbon/device/mgt/output/adapter/websocket/authorization/client/dto/RegisterInfo.java create mode 100755 components/extensions/cdmf-transport-adapters/output/org.wso2.carbon.device.mgt.output.adapter.websocket/src/main/java/org/wso2/carbon/device/mgt/output/adapter/websocket/authorization/client/dto/RegistrationProfile.java create mode 100755 components/extensions/cdmf-transport-adapters/output/org.wso2.carbon.device.mgt.output.adapter.websocket/src/main/java/org/wso2/carbon/device/mgt/output/adapter/websocket/authorization/client/dto/TokenIssuerService.java create mode 100755 components/extensions/mb-extensions/org.wso2.carbon.andes.extensions.device.mgt.mqtt.authorization/src/main/java/org/wso2/carbon/andes/extensions/device/mgt/mqtt/authorization/client/OAuthRequestInterceptor.java create mode 100755 components/extensions/mb-extensions/org.wso2.carbon.andes.extensions.device.mgt.mqtt.authorization/src/main/java/org/wso2/carbon/andes/extensions/device/mgt/mqtt/authorization/client/dto/AccessTokenInfo.java create mode 100644 components/extensions/mb-extensions/org.wso2.carbon.andes.extensions.device.mgt.mqtt.authorization/src/main/java/org/wso2/carbon/andes/extensions/device/mgt/mqtt/authorization/client/dto/ApiApplicationKey.java create mode 100755 components/extensions/mb-extensions/org.wso2.carbon.andes.extensions.device.mgt.mqtt.authorization/src/main/java/org/wso2/carbon/andes/extensions/device/mgt/mqtt/authorization/client/dto/ApiApplicationRegistrationService.java create mode 100755 components/extensions/mb-extensions/org.wso2.carbon.andes.extensions.device.mgt.mqtt.authorization/src/main/java/org/wso2/carbon/andes/extensions/device/mgt/mqtt/authorization/client/dto/ApiRegistrationProfile.java create mode 100644 components/extensions/mb-extensions/org.wso2.carbon.andes.extensions.device.mgt.mqtt.authorization/src/main/java/org/wso2/carbon/andes/extensions/device/mgt/mqtt/authorization/client/dto/AuthorizationRequest.java create mode 100644 components/extensions/mb-extensions/org.wso2.carbon.andes.extensions.device.mgt.mqtt.authorization/src/main/java/org/wso2/carbon/andes/extensions/device/mgt/mqtt/authorization/client/dto/DeviceAccessAuthorizationAdminService.java create mode 100644 components/extensions/mb-extensions/org.wso2.carbon.andes.extensions.device.mgt.mqtt.authorization/src/main/java/org/wso2/carbon/andes/extensions/device/mgt/mqtt/authorization/client/dto/DeviceAuthorizationResult.java create mode 100644 components/extensions/mb-extensions/org.wso2.carbon.andes.extensions.device.mgt.mqtt.authorization/src/main/java/org/wso2/carbon/andes/extensions/device/mgt/mqtt/authorization/client/dto/DeviceIdentifier.java create mode 100755 components/extensions/mb-extensions/org.wso2.carbon.andes.extensions.device.mgt.mqtt.authorization/src/main/java/org/wso2/carbon/andes/extensions/device/mgt/mqtt/authorization/client/dto/OAuthApplicationInfo.java create mode 100755 components/extensions/mb-extensions/org.wso2.carbon.andes.extensions.device.mgt.mqtt.authorization/src/main/java/org/wso2/carbon/andes/extensions/device/mgt/mqtt/authorization/client/dto/RegisterInfo.java create mode 100755 components/extensions/mb-extensions/org.wso2.carbon.andes.extensions.device.mgt.mqtt.authorization/src/main/java/org/wso2/carbon/andes/extensions/device/mgt/mqtt/authorization/client/dto/RegistrationProfile.java create mode 100755 components/extensions/mb-extensions/org.wso2.carbon.andes.extensions.device.mgt.mqtt.authorization/src/main/java/org/wso2/carbon/andes/extensions/device/mgt/mqtt/authorization/client/dto/TokenIssuerService.java create mode 100644 components/extensions/mb-extensions/org.wso2.carbon.andes.extensions.device.mgt.mqtt.authorization/src/main/java/org/wso2/carbon/andes/extensions/device/mgt/mqtt/authorization/util/AuthorizationCacheKey.java diff --git a/components/device-types/androidsense-plugin/org.wso2.carbon.device.mgt.iot.androidsense.ui/src/main/resources/jaggeryapps/devicemgt/app/units/cdmf.unit.device.type.android_sense.realtime.analytics-view/analytics-view.js b/components/device-types/androidsense-plugin/org.wso2.carbon.device.mgt.iot.androidsense.ui/src/main/resources/jaggeryapps/devicemgt/app/units/cdmf.unit.device.type.android_sense.realtime.analytics-view/analytics-view.js index 9bc4c8654..c5186ac12 100644 --- a/components/device-types/androidsense-plugin/org.wso2.carbon.device.mgt.iot.androidsense.ui/src/main/resources/jaggeryapps/devicemgt/app/units/cdmf.unit.device.type.android_sense.realtime.analytics-view/analytics-view.js +++ b/components/device-types/androidsense-plugin/org.wso2.carbon.device.mgt.iot.androidsense.ui/src/main/resources/jaggeryapps/devicemgt/app/units/cdmf.unit.device.type.android_sense.realtime.analytics-view/analytics-view.js @@ -24,24 +24,11 @@ function onRequest(context) { var constants = require("/app/modules/constants.js"); var websocketEndpoint = devicemgtProps["wssURL"].replace("https", "wss"); - var jwtService = carbonServer.osgiService( - 'org.wso2.carbon.identity.jwt.client.extension.service.JWTClientManagerService'); - var jwtClient = jwtService.getJWTClient(); - var encodedClientKeys = session.get(constants["ENCODED_TENANT_BASED_CLIENT_APP_CREDENTIALS"]); - if (encodedClientKeys) { - var tokenUtil = require("/app/modules/oauth/token-handler-utils.js")["utils"]; - var resp = tokenUtil.decode(encodedClientKeys).split(":"); - var deviceParam = "{\"scope\":\"stats\",\"deviceIdentifiers\":[{\"id\":\"" + device.deviceIdentifier - + "\", \"type\":\"" + device.type + "\"}]}"; - var encodedScope = tokenUtil.encode(deviceParam); - var tokenPair = jwtClient.getAccessToken(resp[0], resp[1], context.user.username,"default", - {"device": encodedScope}); - var token = ""; - if (tokenPair) { - token = tokenPair.accessToken; - } - websocketEndpoint = websocketEndpoint + "/secured-outputui/org.wso2.iot.android.sense/1.0.0?" + - "token="+ token +"&deviceId=" + device.deviceIdentifier + "&deviceType=" + device.type; - } + var tokenPair = session.get(constants["TOKEN_PAIR"]); + if (tokenPair) { + var token = parse(tokenPair)["accessToken"]; + websocketEndpoint = websocketEndpoint + "/secured-websocket/org.wso2.iot.android.sense/1.0.0?" + + "token="+ token +"&deviceId=" + device.deviceIdentifier + "&deviceType=" + device.type; + } return {"device": device, "websocketEndpoint": websocketEndpoint}; } \ No newline at end of file diff --git a/components/device-types/arduino-plugin/org.wso2.carbon.device.mgt.iot.arduino.api/src/main/java/org/wso2/carbon/device/mgt/iot/arduino/service/impl/ArduinoServiceImpl.java b/components/device-types/arduino-plugin/org.wso2.carbon.device.mgt.iot.arduino.api/src/main/java/org/wso2/carbon/device/mgt/iot/arduino/service/impl/ArduinoServiceImpl.java index acc6adae6..fc4abd858 100644 --- a/components/device-types/arduino-plugin/org.wso2.carbon.device.mgt.iot.arduino.api/src/main/java/org/wso2/carbon/device/mgt/iot/arduino/service/impl/ArduinoServiceImpl.java +++ b/components/device-types/arduino-plugin/org.wso2.carbon.device.mgt.iot.arduino.api/src/main/java/org/wso2/carbon/device/mgt/iot/arduino/service/impl/ArduinoServiceImpl.java @@ -229,7 +229,7 @@ public class ArduinoServiceImpl implements ArduinoService { ArduinoConstants.DEVICE_TYPE, tags, KEY_TYPE, applicationUsername, true); } JWTClient jwtClient = APIUtil.getJWTClientManagerService().getJWTClient(); - String scopes = "arduino_device cdmf/" + ArduinoConstants.DEVICE_TYPE + "/" + deviceId; + String scopes = " device_" + deviceId; AccessTokenInfo accessTokenInfo = jwtClient.getAccessToken(apiApplicationKey.getConsumerKey(), apiApplicationKey.getConsumerSecret(), owner, scopes); //create token diff --git a/components/device-types/arduino-plugin/org.wso2.carbon.device.mgt.iot.arduino.ui/src/main/resources/jaggeryapps/devicemgt/app/units/cdmf.unit.device.type.arduino.realtime.analytics-view/analytics-view.js b/components/device-types/arduino-plugin/org.wso2.carbon.device.mgt.iot.arduino.ui/src/main/resources/jaggeryapps/devicemgt/app/units/cdmf.unit.device.type.arduino.realtime.analytics-view/analytics-view.js index 0132400b2..1c2d56a56 100644 --- a/components/device-types/arduino-plugin/org.wso2.carbon.device.mgt.iot.arduino.ui/src/main/resources/jaggeryapps/devicemgt/app/units/cdmf.unit.device.type.arduino.realtime.analytics-view/analytics-view.js +++ b/components/device-types/arduino-plugin/org.wso2.carbon.device.mgt.iot.arduino.ui/src/main/resources/jaggeryapps/devicemgt/app/units/cdmf.unit.device.type.arduino.realtime.analytics-view/analytics-view.js @@ -18,30 +18,17 @@ function onRequest(context) { var log = new Log("stats.js"); - var carbonServer = require("carbon").server; var device = context.unit.params.device; var devicemgtProps = require("/app/modules/conf-reader/main.js")["conf"]; var constants = require("/app/modules/constants.js"); var websocketEndpoint = devicemgtProps["wssURL"].replace("https", "wss"); - var jwtService = carbonServer.osgiService( - 'org.wso2.carbon.identity.jwt.client.extension.service.JWTClientManagerService'); - var jwtClient = jwtService.getJWTClient(); - var encodedClientKeys = session.get(constants["ENCODED_TENANT_BASED_CLIENT_APP_CREDENTIALS"]); - if (encodedClientKeys) { - var tokenUtil = require("/app/modules/oauth/token-handler-utils.js")["utils"]; - var resp = tokenUtil.decode(encodedClientKeys).split(":"); - var deviceParam = "{\"scope\":\"stats\",\"deviceIdentifiers\":[{\"id\":\"" + device.deviceIdentifier - + "\", \"type\":\"" + device.type + "\"}]}"; - var encodedScope = tokenUtil.encode(deviceParam); - var tokenPair = jwtClient.getAccessToken(resp[0], resp[1], context.user.username,"default", - {"device": encodedScope}); - var token = ""; - if (tokenPair) { - token = tokenPair.accessToken; - } - websocketEndpoint = websocketEndpoint + "/secured-outputui/org.wso2.iot.devices.temperature/1.0.0?" + - "token="+ token +"&deviceId=" + device.deviceIdentifier + "&deviceType=" + device.type; - } + var tokenPair = session.get(constants["TOKEN_PAIR"]); + if (tokenPair) { + var token = parse(tokenPair)["accessToken"]; + websocketEndpoint = websocketEndpoint + "/secured-websocket/org.wso2.iot.devices.temperature/1.0.0?" + + "token="+ token +"&deviceId=" + device.deviceIdentifier + "&deviceType=" + device.type; + } + return {"device": device, "websocketEndpoint": websocketEndpoint}; } \ No newline at end of file diff --git a/components/device-types/raspberrypi-plugin/org.wso2.carbon.device.mgt.iot.raspberrypi.api/src/main/java/org/wso2/carbon/device/mgt/iot/raspberrypi/service/impl/RaspberryPiServiceImpl.java b/components/device-types/raspberrypi-plugin/org.wso2.carbon.device.mgt.iot.raspberrypi.api/src/main/java/org/wso2/carbon/device/mgt/iot/raspberrypi/service/impl/RaspberryPiServiceImpl.java index 13b131041..ed81d815a 100644 --- a/components/device-types/raspberrypi-plugin/org.wso2.carbon.device.mgt.iot.raspberrypi.api/src/main/java/org/wso2/carbon/device/mgt/iot/raspberrypi/service/impl/RaspberryPiServiceImpl.java +++ b/components/device-types/raspberrypi-plugin/org.wso2.carbon.device.mgt.iot.raspberrypi.api/src/main/java/org/wso2/carbon/device/mgt/iot/raspberrypi/service/impl/RaspberryPiServiceImpl.java @@ -213,7 +213,7 @@ public class RaspberryPiServiceImpl implements RaspberryPiService { RaspberrypiConstants.DEVICE_TYPE, tags, KEY_TYPE, applicationUsername, true); } JWTClient jwtClient = APIUtil.getJWTClientManagerService().getJWTClient(); - String scopes = "cdmf/" + RaspberrypiConstants.DEVICE_TYPE + "/" + deviceId; + String scopes = " device_" + deviceId; AccessTokenInfo accessTokenInfo = jwtClient.getAccessToken(apiApplicationKey.getConsumerKey(), apiApplicationKey.getConsumerSecret(), owner, scopes); //create token diff --git a/components/device-types/raspberrypi-plugin/org.wso2.carbon.device.mgt.iot.raspberrypi.ui/src/main/resources/jaggeryapps/devicemgt/app/units/cdmf.unit.device.type.raspberrypi.realtime.analytics-view/analytics-view.js b/components/device-types/raspberrypi-plugin/org.wso2.carbon.device.mgt.iot.raspberrypi.ui/src/main/resources/jaggeryapps/devicemgt/app/units/cdmf.unit.device.type.raspberrypi.realtime.analytics-view/analytics-view.js index 0132400b2..1c2d56a56 100644 --- a/components/device-types/raspberrypi-plugin/org.wso2.carbon.device.mgt.iot.raspberrypi.ui/src/main/resources/jaggeryapps/devicemgt/app/units/cdmf.unit.device.type.raspberrypi.realtime.analytics-view/analytics-view.js +++ b/components/device-types/raspberrypi-plugin/org.wso2.carbon.device.mgt.iot.raspberrypi.ui/src/main/resources/jaggeryapps/devicemgt/app/units/cdmf.unit.device.type.raspberrypi.realtime.analytics-view/analytics-view.js @@ -18,30 +18,17 @@ function onRequest(context) { var log = new Log("stats.js"); - var carbonServer = require("carbon").server; var device = context.unit.params.device; var devicemgtProps = require("/app/modules/conf-reader/main.js")["conf"]; var constants = require("/app/modules/constants.js"); var websocketEndpoint = devicemgtProps["wssURL"].replace("https", "wss"); - var jwtService = carbonServer.osgiService( - 'org.wso2.carbon.identity.jwt.client.extension.service.JWTClientManagerService'); - var jwtClient = jwtService.getJWTClient(); - var encodedClientKeys = session.get(constants["ENCODED_TENANT_BASED_CLIENT_APP_CREDENTIALS"]); - if (encodedClientKeys) { - var tokenUtil = require("/app/modules/oauth/token-handler-utils.js")["utils"]; - var resp = tokenUtil.decode(encodedClientKeys).split(":"); - var deviceParam = "{\"scope\":\"stats\",\"deviceIdentifiers\":[{\"id\":\"" + device.deviceIdentifier - + "\", \"type\":\"" + device.type + "\"}]}"; - var encodedScope = tokenUtil.encode(deviceParam); - var tokenPair = jwtClient.getAccessToken(resp[0], resp[1], context.user.username,"default", - {"device": encodedScope}); - var token = ""; - if (tokenPair) { - token = tokenPair.accessToken; - } - websocketEndpoint = websocketEndpoint + "/secured-outputui/org.wso2.iot.devices.temperature/1.0.0?" + - "token="+ token +"&deviceId=" + device.deviceIdentifier + "&deviceType=" + device.type; - } + var tokenPair = session.get(constants["TOKEN_PAIR"]); + if (tokenPair) { + var token = parse(tokenPair)["accessToken"]; + websocketEndpoint = websocketEndpoint + "/secured-websocket/org.wso2.iot.devices.temperature/1.0.0?" + + "token="+ token +"&deviceId=" + device.deviceIdentifier + "&deviceType=" + device.type; + } + return {"device": device, "websocketEndpoint": websocketEndpoint}; } \ No newline at end of file diff --git a/components/device-types/virtual-fire-alarm-plugin/org.wso2.carbon.device.mgt.iot.virtualfirealarm.api/src/main/java/org/wso2/carbon/device/mgt/iot/virtualfirealarm/service/impl/VirtualFireAlarmServiceImpl.java b/components/device-types/virtual-fire-alarm-plugin/org.wso2.carbon.device.mgt.iot.virtualfirealarm.api/src/main/java/org/wso2/carbon/device/mgt/iot/virtualfirealarm/service/impl/VirtualFireAlarmServiceImpl.java index ce54d9537..7e63fbf21 100644 --- a/components/device-types/virtual-fire-alarm-plugin/org.wso2.carbon.device.mgt.iot.virtualfirealarm.api/src/main/java/org/wso2/carbon/device/mgt/iot/virtualfirealarm/service/impl/VirtualFireAlarmServiceImpl.java +++ b/components/device-types/virtual-fire-alarm-plugin/org.wso2.carbon.device.mgt.iot.virtualfirealarm.api/src/main/java/org/wso2/carbon/device/mgt/iot/virtualfirealarm/service/impl/VirtualFireAlarmServiceImpl.java @@ -312,13 +312,10 @@ public class VirtualFireAlarmServiceImpl implements VirtualFireAlarmService { VirtualFireAlarmConstants.DEVICE_TYPE, tags, KEY_TYPE, applicationUsername, true); } JWTClient jwtClient = APIUtil.getJWTClientManagerService().getJWTClient(); - String device = "{ \"scope\":\"mqtt-publisher mqtt-subscriber\", \"deviceIdentifiers\":[{\"id\":\""+deviceId+"\", " + - "\"type\":\""+VirtualFireAlarmConstants.DEVICE_TYPE+"\"}]}"; - Map params = new HashMap(); - params.put("device", Base64.encodeBase64String(device.getBytes())); + String scopes = " device_" + deviceId; AccessTokenInfo accessTokenInfo = jwtClient.getAccessToken(apiApplicationKey.getConsumerKey(), apiApplicationKey.getConsumerSecret(), owner, - null, params); + scopes); String accessToken = accessTokenInfo.getAccessToken(); String refreshToken = accessTokenInfo.getRefreshToken(); XmppAccount newXmppAccount = new XmppAccount(); diff --git a/components/device-types/virtual-fire-alarm-plugin/org.wso2.carbon.device.mgt.iot.virtualfirealarm.ui/src/main/resources/jaggeryapps/devicemgt/app/units/cdmf.unit.device.type.virtual_firealarm.realtime.analytics-view/analytics-view.js b/components/device-types/virtual-fire-alarm-plugin/org.wso2.carbon.device.mgt.iot.virtualfirealarm.ui/src/main/resources/jaggeryapps/devicemgt/app/units/cdmf.unit.device.type.virtual_firealarm.realtime.analytics-view/analytics-view.js index 92d60d83d..fa9e138d0 100644 --- a/components/device-types/virtual-fire-alarm-plugin/org.wso2.carbon.device.mgt.iot.virtualfirealarm.ui/src/main/resources/jaggeryapps/devicemgt/app/units/cdmf.unit.device.type.virtual_firealarm.realtime.analytics-view/analytics-view.js +++ b/components/device-types/virtual-fire-alarm-plugin/org.wso2.carbon.device.mgt.iot.virtualfirealarm.ui/src/main/resources/jaggeryapps/devicemgt/app/units/cdmf.unit.device.type.virtual_firealarm.realtime.analytics-view/analytics-view.js @@ -24,24 +24,13 @@ function onRequest(context) { var constants = require("/app/modules/constants.js"); var websocketEndpoint = devicemgtProps["wssURL"].replace("https", "wss"); - var jwtService = carbonServer.osgiService( - 'org.wso2.carbon.identity.jwt.client.extension.service.JWTClientManagerService'); - var jwtClient = jwtService.getJWTClient(); - var encodedClientKeys = session.get(constants["ENCODED_TENANT_BASED_CLIENT_APP_CREDENTIALS"]); - if (encodedClientKeys) { - var tokenUtil = require("/app/modules/oauth/token-handler-utils.js")["utils"]; - var resp = tokenUtil.decode(encodedClientKeys).split(":"); - var deviceParam = "{\"scope\":\"stats\",\"deviceIdentifiers\":[{\"id\":\"" + device.deviceIdentifier - + "\", \"type\":\"" + device.type + "\"}]}"; - var encodedScope = tokenUtil.encode(deviceParam); - var tokenPair = jwtClient.getAccessToken(resp[0], resp[1], context.user.username,"default", - {"device": encodedScope}); - var token = ""; - if (tokenPair) { - token = tokenPair.accessToken; - } - websocketEndpoint = websocketEndpoint + "/secured-outputui/org.wso2.iot.devices.temperature/1.0.0?" + - "token=" + token + "&deviceId=" + device.deviceIdentifier + "&deviceType=" + device.type; - } + + var tokenPair = session.get(constants["TOKEN_PAIR"]); + if (tokenPair) { + var token = parse(tokenPair)["accessToken"]; + websocketEndpoint = websocketEndpoint + "/secured-websocket/org.wso2.iot.devices.temperature/1.0.0?" + + "token=" + token + "&deviceId=" + device.deviceIdentifier + "&deviceType=" + device.type; + } + return {"device": device, "websocketEndpoint": websocketEndpoint}; } \ No newline at end of file diff --git a/components/extensions/cdmf-transport-adapters/output/org.wso2.carbon.device.mgt.output.adapter.websocket.endpoint/pom.xml b/components/extensions/cdmf-transport-adapters/output/org.wso2.carbon.device.mgt.output.adapter.websocket.endpoint/pom.xml index f6aa2be6f..ffa6cd9a2 100644 --- a/components/extensions/cdmf-transport-adapters/output/org.wso2.carbon.device.mgt.output.adapter.websocket.endpoint/pom.xml +++ b/components/extensions/cdmf-transport-adapters/output/org.wso2.carbon.device.mgt.output.adapter.websocket.endpoint/pom.xml @@ -58,6 +58,6 @@ - secured-outputui + secured-websocket diff --git a/components/extensions/cdmf-transport-adapters/output/org.wso2.carbon.device.mgt.output.adapter.websocket/pom.xml b/components/extensions/cdmf-transport-adapters/output/org.wso2.carbon.device.mgt.output.adapter.websocket/pom.xml index c81ad5c49..6e8a49759 100644 --- a/components/extensions/cdmf-transport-adapters/output/org.wso2.carbon.device.mgt.output.adapter.websocket/pom.xml +++ b/components/extensions/cdmf-transport-adapters/output/org.wso2.carbon.device.mgt.output.adapter.websocket/pom.xml @@ -79,6 +79,22 @@ commons-pool.wso2 commons-pool + + io.github.openfeign + feign-core + + + io.github.openfeign + feign-jaxrs + + + io.github.openfeign + feign-gson + + + javax.ws.rs + jsr311-api + @@ -147,9 +163,18 @@ org.wso2.carbon.identity.oauth2.stub, org.wso2.carbon.identity.oauth2.stub.dto, org.wso2.carbon.user.api, - org.wso2.carbon.utils.multitenancy + org.wso2.carbon.utils.multitenancy, + feign, + feign.auth, + feign.codec, + feign.gson, + javax.cache * + + jsr311-api, + feign-jaxrs + diff --git a/components/extensions/cdmf-transport-adapters/output/org.wso2.carbon.device.mgt.output.adapter.websocket/src/main/java/org/wso2/carbon/device/mgt/output/adapter/websocket/authorization/DeviceAuthorizer.java b/components/extensions/cdmf-transport-adapters/output/org.wso2.carbon.device.mgt.output.adapter.websocket/src/main/java/org/wso2/carbon/device/mgt/output/adapter/websocket/authorization/DeviceAuthorizer.java index b82cb5713..23561e7fb 100644 --- a/components/extensions/cdmf-transport-adapters/output/org.wso2.carbon.device.mgt.output.adapter.websocket/src/main/java/org/wso2/carbon/device/mgt/output/adapter/websocket/authorization/DeviceAuthorizer.java +++ b/components/extensions/cdmf-transport-adapters/output/org.wso2.carbon.device.mgt.output.adapter.websocket/src/main/java/org/wso2/carbon/device/mgt/output/adapter/websocket/authorization/DeviceAuthorizer.java @@ -17,19 +17,52 @@ */ package org.wso2.carbon.device.mgt.output.adapter.websocket.authorization; +import feign.Feign; +import feign.FeignException; +import feign.gson.GsonDecoder; +import feign.gson.GsonEncoder; +import feign.jaxrs.JAXRSContract; +import org.apache.commons.logging.Log; +import org.apache.commons.logging.LogFactory; import org.wso2.carbon.device.mgt.output.adapter.websocket.authentication.AuthenticationInfo; -import org.wso2.carbon.device.mgt.output.adapter.websocket.constants.WebsocketConstants; +import org.wso2.carbon.device.mgt.output.adapter.websocket.authorization.client.OAuthRequestInterceptor; +import org.wso2.carbon.device.mgt.output.adapter.websocket.authorization.client.dto.AuthorizationRequest; +import org.wso2.carbon.device.mgt.output.adapter.websocket.authorization.client.dto + .DeviceAccessAuthorizationAdminService; +import org.wso2.carbon.device.mgt.output.adapter.websocket.authorization.client.dto.DeviceAuthorizationResult; +import org.wso2.carbon.device.mgt.output.adapter.websocket.authorization.client.dto.DeviceIdentifier; +import org.wso2.carbon.device.mgt.output.adapter.websocket.config.Properties; +import org.wso2.carbon.device.mgt.output.adapter.websocket.config.Property; +import org.wso2.carbon.device.mgt.output.adapter.websocket.config.WebsocketConfig; import org.wso2.carbon.device.mgt.output.adapter.websocket.util.WebSocketSessionRequest; import javax.websocket.Session; +import java.util.ArrayList; +import java.util.List; import java.util.Map; /** * This authorizer crossvalidates the request with device id and device type. */ public class DeviceAuthorizer implements Authorizer { - private static final String STATS_SCOPE_IDENTIFIER = "stats"; - private static final String DEVICE_MGT_SCOPE_IDENTIFIER = "device-mgt"; + + private static DeviceAccessAuthorizationAdminService deviceAccessAuthorizationAdminService; + private static final String CDMF_SERVER_BASE_CONTEXT = "/api/device-mgt/v1.0"; + private static final String DEVICE_MGT_SERVER_URL = "deviceMgtServerUrl"; + private static final String STAT_PERMISSION = "statsPermission"; + private static Log logger = LogFactory.getLog(DeviceAuthorizer.class); + private static List statPermissions; + + public DeviceAuthorizer() { + Properties properties = + WebsocketConfig.getInstance().getWebsocketValidationConfigs().getAuthorizer().getProperties(); + statPermissions = getPermissions(properties); + deviceAccessAuthorizationAdminService = Feign.builder() + .requestInterceptor(new OAuthRequestInterceptor()) + .contract(new JAXRSContract()).encoder(new GsonEncoder()).decoder(new GsonDecoder()) + .target(DeviceAccessAuthorizationAdminService.class, getDeviceMgtServerUrl(properties) + + CDMF_SERVER_BASE_CONTEXT); + } @Override public boolean isAuthorized(AuthenticationInfo authenticationInfo, Session session, String stream) { @@ -37,19 +70,59 @@ public class DeviceAuthorizer implements Authorizer { Map queryParams = webSocketSessionRequest.getQueryParamValuePairs(); String deviceId = queryParams.get("deviceId"); String deviceType = queryParams.get("deviceType"); - Object scopeObject = authenticationInfo.getProperties().get(WebsocketConstants.SCOPE_IDENTIFIER); - - if (deviceId != null && !deviceId.isEmpty() && deviceType != null && !deviceType.isEmpty() - && scopeObject != null) { - String scopes[] = (String[]) scopeObject; - String requiredScope = DEVICE_MGT_SCOPE_IDENTIFIER + ":" + deviceType + ":" + deviceId + ":" - + STATS_SCOPE_IDENTIFIER; - for (String scope : scopes) { - if (requiredScope.equals(scope)) { - return true; + + if (deviceId != null && !deviceId.isEmpty() && deviceType != null && !deviceType.isEmpty()) { + + AuthorizationRequest authorizationRequest = new AuthorizationRequest(); + authorizationRequest.setTenantDomain(authenticationInfo.getTenantDomain()); + if (statPermissions != null && !statPermissions.isEmpty()) { + authorizationRequest.setPermissions(statPermissions); + } + authorizationRequest.setUsername(authenticationInfo.getUsername()); + DeviceIdentifier deviceIdentifier = new DeviceIdentifier(); + deviceIdentifier.setId(deviceId); + deviceIdentifier.setType(deviceType); + List deviceIdentifiers = new ArrayList<>(); + deviceIdentifiers.add(deviceIdentifier); + authorizationRequest.setDeviceIdentifiers(deviceIdentifiers); + try { + DeviceAuthorizationResult deviceAuthorizationResult = + deviceAccessAuthorizationAdminService.isAuthorized(authorizationRequest); + List devices = deviceAuthorizationResult.getAuthorizedDevices(); + if (devices != null && devices.size() > 0) { + DeviceIdentifier authorizedDevice = devices.get(0); + if (authorizedDevice.getId().equals(deviceId) && authorizedDevice.getType().equals(deviceType)) { + return true; + } } + } catch (FeignException e) { + //do nothing } } return false; } + + private String getDeviceMgtServerUrl(Properties properties) { + String deviceMgtServerUrl = null; + for (Property property : properties.getProperty()) { + if (property.getName().equals(DEVICE_MGT_SERVER_URL)) { + deviceMgtServerUrl = property.getValue(); + break; + } + } + if (deviceMgtServerUrl == null && deviceMgtServerUrl.isEmpty()) { + logger.error("deviceMgtServerUrl can't be empty "); + } + return deviceMgtServerUrl; + } + + private List getPermissions(Properties properties) { + List permission = new ArrayList<>(); + for (Property property : properties.getProperty()) { + if (property.getName().equals(STAT_PERMISSION)) { + permission.add(property.getValue()); + } + } + return permission; + } } \ No newline at end of file diff --git a/components/extensions/cdmf-transport-adapters/output/org.wso2.carbon.device.mgt.output.adapter.websocket/src/main/java/org/wso2/carbon/device/mgt/output/adapter/websocket/authorization/client/OAuthRequestInterceptor.java b/components/extensions/cdmf-transport-adapters/output/org.wso2.carbon.device.mgt.output.adapter.websocket/src/main/java/org/wso2/carbon/device/mgt/output/adapter/websocket/authorization/client/OAuthRequestInterceptor.java new file mode 100755 index 000000000..4803c73ea --- /dev/null +++ b/components/extensions/cdmf-transport-adapters/output/org.wso2.carbon.device.mgt.output.adapter.websocket/src/main/java/org/wso2/carbon/device/mgt/output/adapter/websocket/authorization/client/OAuthRequestInterceptor.java @@ -0,0 +1,176 @@ +/* + * Copyright (c) 2016, WSO2 Inc. (http://www.wso2.org) All Rights Reserved. + * + * Licensed under the Apache License, Version 2.0 (the "License"); + * you may not use this file except in compliance with the License. + * You may obtain a copy of the License at + * http://www.apache.org/licenses/LICENSE-2.0 + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and limitations under the License. + * + */ + +package org.wso2.carbon.device.mgt.output.adapter.websocket.authorization.client; + +import feign.Feign; +import feign.RequestInterceptor; +import feign.RequestTemplate; +import feign.auth.BasicAuthRequestInterceptor; +import feign.gson.GsonDecoder; +import feign.gson.GsonEncoder; +import feign.jaxrs.JAXRSContract; +import org.apache.commons.logging.Log; +import org.apache.commons.logging.LogFactory; +import org.wso2.carbon.device.mgt.output.adapter.websocket.authorization.client.dto.AccessTokenInfo; +import org.wso2.carbon.device.mgt.output.adapter.websocket.authorization.client.dto.ApiApplicationKey; +import org.wso2.carbon.device.mgt.output.adapter.websocket.authorization.client.dto.ApiApplicationRegistrationService; +import org.wso2.carbon.device.mgt.output.adapter.websocket.authorization.client.dto.ApiRegistrationProfile; +import org.wso2.carbon.device.mgt.output.adapter.websocket.authorization.client.dto.TokenIssuerService; +import org.wso2.carbon.device.mgt.output.adapter.websocket.config.Properties; +import org.wso2.carbon.device.mgt.output.adapter.websocket.config.Property; +import org.wso2.carbon.device.mgt.output.adapter.websocket.config.WebsocketConfig; + +/** + * This is a request interceptor to add oauth token header. + */ +public class OAuthRequestInterceptor implements RequestInterceptor { + + private AccessTokenInfo tokenInfo; + private long refreshTimeOffset; + private static final String API_APPLICATION_REGISTRATION_CONTEXT = "/api-application-registration"; + private static final String DEVICE_MANAGEMENT_SERVICE_TAG[] = {"device_management"}; + private static final String APPLICATION_NAME = "mqtt_broker"; + private static final String PASSWORD_GRANT_TYPE = "password"; + private static final String REFRESH_GRANT_TYPE = "refresh_token"; + private ApiApplicationRegistrationService apiApplicationRegistrationService; + private TokenIssuerService tokenIssuerService; + + private static Log logger = LogFactory.getLog(OAuthRequestInterceptor.class); + + private static final String CONNECTION_USERNAME = "username"; + private static final String CONNECTION_PASSWORD = "password"; + private static final String TOKEN_ENDPOINT = "tokenEndpoint"; + private static final String TOKEN_REFRESH_TIME_OFFSET = "tokenRefreshTimeOffset"; + private static final String DEVICE_MGT_SERVER_URL = "deviceMgtServerUrl"; + private static String username; + private static String password; + private static String tokenEndpoint; + private static String deviceMgtServerUrl; + + /** + * Creates an interceptor that authenticates all requests. + */ + public OAuthRequestInterceptor() { + Properties properties = + WebsocketConfig.getInstance().getWebsocketValidationConfigs().getAuthorizer().getProperties(); + deviceMgtServerUrl = getDeviceMgtServerUrl(properties); + refreshTimeOffset = getRefreshTimeOffset(properties); + username = getUsername(properties); + password = getPassword(properties); + tokenEndpoint = getTokenEndpoint(properties); + apiApplicationRegistrationService = Feign.builder().requestInterceptor( + new BasicAuthRequestInterceptor(username, password)) + .contract(new JAXRSContract()).encoder(new GsonEncoder()).decoder(new GsonDecoder()) + .target(ApiApplicationRegistrationService.class, + deviceMgtServerUrl + API_APPLICATION_REGISTRATION_CONTEXT); + } + @Override + public void apply(RequestTemplate template) { + if (tokenInfo == null) { + //had to do on demand initialization due to start up error. + ApiRegistrationProfile apiRegistrationProfile = new ApiRegistrationProfile(); + apiRegistrationProfile.setApplicationName(APPLICATION_NAME); + apiRegistrationProfile.setIsAllowedToAllDomains(false); + apiRegistrationProfile.setIsMappingAnExistingOAuthApp(false); + apiRegistrationProfile.setTags(DEVICE_MANAGEMENT_SERVICE_TAG); + ApiApplicationKey apiApplicationKey = apiApplicationRegistrationService.register(apiRegistrationProfile); + String consumerKey = apiApplicationKey.getConsumerKey(); + String consumerSecret = apiApplicationKey.getConsumerSecret(); + tokenIssuerService = Feign.builder().requestInterceptor( + new BasicAuthRequestInterceptor(consumerKey, consumerSecret)) + .contract(new JAXRSContract()).encoder(new GsonEncoder()).decoder(new GsonDecoder()) + .target(TokenIssuerService.class, tokenEndpoint); + tokenInfo = tokenIssuerService.getToken(PASSWORD_GRANT_TYPE, username, password); + } + if (System.currentTimeMillis() + refreshTimeOffset > tokenInfo.getExpires_in()) { + tokenInfo = tokenIssuerService.getToken(REFRESH_GRANT_TYPE, tokenInfo.getRefresh_token()); + } + String headerValue = "Bearer " + tokenInfo.getAccess_token(); + template.header("Authorization", headerValue); + } + + private String getUsername(Properties properties) { + String username = null; + for (Property property : properties.getProperty()) { + if (property.getName().equals(CONNECTION_USERNAME)) { + username = property.getValue(); + break; + } + } + if (username == null || username.isEmpty()) { + logger.error("username can't be empty "); + } + return username; + } + + private String getPassword(Properties properties) { + String password = null; + for (Property property : properties.getProperty()) { + if (property.getName().equals(CONNECTION_PASSWORD)) { + password = property.getValue(); + break; + } + } + if (password == null || password.isEmpty()) { + logger.error("password can't be empty "); + } + return password; + } + + private String getDeviceMgtServerUrl(Properties properties) { + String deviceMgtServerUrl = null; + for (Property property : properties.getProperty()) { + if (property.getName().equals(DEVICE_MGT_SERVER_URL)) { + deviceMgtServerUrl = property.getValue(); + break; + } + } + if (deviceMgtServerUrl == null || deviceMgtServerUrl.isEmpty()) { + logger.error("deviceMgtServerUrl can't be empty "); + } + return deviceMgtServerUrl; + } + + private String getTokenEndpoint(Properties properties) { + String tokenEndpoint = null; + for (Property property : properties.getProperty()) { + if (property.getName().equals(TOKEN_ENDPOINT)) { + tokenEndpoint = property.getValue(); + break; + } + } + if (tokenEndpoint == null || tokenEndpoint.isEmpty()) { + logger.error("tokenEndpoint can't be empty "); + } + return tokenEndpoint; + } + + private long getRefreshTimeOffset(Properties properties) { + long refreshTimeOffset = 0; + try { + for (Property property : properties.getProperty()) { + if (property.getName().equals(TOKEN_REFRESH_TIME_OFFSET)) { + refreshTimeOffset = Long.parseLong(property.getValue()); + break; + } + } + } catch (NumberFormatException e) { + logger.error("refreshTimeOffset should be a number", e); + } + return refreshTimeOffset; + } + + +} diff --git a/components/extensions/cdmf-transport-adapters/output/org.wso2.carbon.device.mgt.output.adapter.websocket/src/main/java/org/wso2/carbon/device/mgt/output/adapter/websocket/authorization/client/dto/AccessTokenInfo.java b/components/extensions/cdmf-transport-adapters/output/org.wso2.carbon.device.mgt.output.adapter.websocket/src/main/java/org/wso2/carbon/device/mgt/output/adapter/websocket/authorization/client/dto/AccessTokenInfo.java new file mode 100755 index 000000000..b7b0bb5f1 --- /dev/null +++ b/components/extensions/cdmf-transport-adapters/output/org.wso2.carbon.device.mgt.output.adapter.websocket/src/main/java/org/wso2/carbon/device/mgt/output/adapter/websocket/authorization/client/dto/AccessTokenInfo.java @@ -0,0 +1,57 @@ +/* + * Copyright (c) 2016, WSO2 Inc. (http://www.wso2.org) All Rights Reserved. + * + * Licensed under the Apache License, Version 2.0 (the "License"); + * you may not use this file except in compliance with the License. + * You may obtain a copy of the License at + * http://www.apache.org/licenses/LICENSE-2.0 + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and limitations under the License. + * + */ + +package org.wso2.carbon.device.mgt.output.adapter.websocket.authorization.client.dto; + +/** + * This hold access token info that returned from the api call + */ +public class AccessTokenInfo { + public String token_type; + public long expires_in; + public String refresh_token; + public String access_token; + + public String getToken_type() { + return token_type; + } + + public void setToken_type(String token_type) { + this.token_type = token_type; + } + + public long getExpires_in() { + return expires_in; + } + + public void setExpires_in(long expires_in) { + this.expires_in = expires_in; + } + + public String getRefresh_token() { + return refresh_token; + } + + public void setRefresh_token(String refresh_token) { + this.refresh_token = refresh_token; + } + + public String getAccess_token() { + return access_token; + } + + public void setAccess_token(String access_token) { + this.access_token = access_token; + } +} diff --git a/components/extensions/cdmf-transport-adapters/output/org.wso2.carbon.device.mgt.output.adapter.websocket/src/main/java/org/wso2/carbon/device/mgt/output/adapter/websocket/authorization/client/dto/ApiApplicationKey.java b/components/extensions/cdmf-transport-adapters/output/org.wso2.carbon.device.mgt.output.adapter.websocket/src/main/java/org/wso2/carbon/device/mgt/output/adapter/websocket/authorization/client/dto/ApiApplicationKey.java new file mode 100644 index 000000000..9781e6609 --- /dev/null +++ b/components/extensions/cdmf-transport-adapters/output/org.wso2.carbon.device.mgt.output.adapter.websocket/src/main/java/org/wso2/carbon/device/mgt/output/adapter/websocket/authorization/client/dto/ApiApplicationKey.java @@ -0,0 +1,43 @@ +/* + * Copyright (c) 2016, WSO2 Inc. (http://www.wso2.org) All Rights Reserved. + * + * WSO2 Inc. licenses this file to you under the Apache License, + * Version 2.0 (the "License"); you may not use this file except + * in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, + * software distributed under the License is distributed on an + * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY + * KIND, either express or implied. See the License for the + * specific language governing permissions and limitations + * under the License. + */ + +package org.wso2.carbon.device.mgt.output.adapter.websocket.authorization.client.dto; + +/** + * This holds api application consumer key and secret. + */ +public class ApiApplicationKey { + private String client_id; + private String client_secret; + + public String getConsumerKey() { + return this.client_id; + } + + public void setClient_id(String consumerKey) { + this.client_id = consumerKey; + } + + public String getConsumerSecret() { + return this.client_secret; + } + + public void setClient_secret(String consumerSecret) { + this.client_secret = consumerSecret; + } +} diff --git a/components/extensions/cdmf-transport-adapters/output/org.wso2.carbon.device.mgt.output.adapter.websocket/src/main/java/org/wso2/carbon/device/mgt/output/adapter/websocket/authorization/client/dto/ApiApplicationRegistrationService.java b/components/extensions/cdmf-transport-adapters/output/org.wso2.carbon.device.mgt.output.adapter.websocket/src/main/java/org/wso2/carbon/device/mgt/output/adapter/websocket/authorization/client/dto/ApiApplicationRegistrationService.java new file mode 100755 index 000000000..70ace0ef4 --- /dev/null +++ b/components/extensions/cdmf-transport-adapters/output/org.wso2.carbon.device.mgt.output.adapter.websocket/src/main/java/org/wso2/carbon/device/mgt/output/adapter/websocket/authorization/client/dto/ApiApplicationRegistrationService.java @@ -0,0 +1,25 @@ +package org.wso2.carbon.device.mgt.output.adapter.websocket.authorization.client.dto; + +import javax.ws.rs.Consumes; +import javax.ws.rs.POST; +import javax.ws.rs.Path; +import javax.ws.rs.Produces; +import javax.ws.rs.core.MediaType; + +/** + * This is the application registration service that exposed for apimApplicationRegistration + */ + +@Path("/register") +public interface ApiApplicationRegistrationService { + + /** + * This method is used to register api application + * + * @param registrationProfile contains the necessary attributes that are needed in order to register an app. + */ + @POST + @Produces(MediaType.APPLICATION_JSON) + @Consumes(MediaType.APPLICATION_JSON) + ApiApplicationKey register(ApiRegistrationProfile registrationProfile); +} diff --git a/components/extensions/cdmf-transport-adapters/output/org.wso2.carbon.device.mgt.output.adapter.websocket/src/main/java/org/wso2/carbon/device/mgt/output/adapter/websocket/authorization/client/dto/ApiRegistrationProfile.java b/components/extensions/cdmf-transport-adapters/output/org.wso2.carbon.device.mgt.output.adapter.websocket/src/main/java/org/wso2/carbon/device/mgt/output/adapter/websocket/authorization/client/dto/ApiRegistrationProfile.java new file mode 100755 index 000000000..0e04bd1eb --- /dev/null +++ b/components/extensions/cdmf-transport-adapters/output/org.wso2.carbon.device.mgt.output.adapter.websocket/src/main/java/org/wso2/carbon/device/mgt/output/adapter/websocket/authorization/client/dto/ApiRegistrationProfile.java @@ -0,0 +1,78 @@ +/* + * Copyright (c) 2016, WSO2 Inc. (http://www.wso2.org) All Rights Reserved. + * + * Licensed under the Apache License, Version 2.0 (the "License"); + * you may not use this file except in compliance with the License. + * You may obtain a copy of the License at + * http://www.apache.org/licenses/LICENSE-2.0 + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and limitations under the License. + * + */ + +package org.wso2.carbon.device.mgt.output.adapter.websocket.authorization.client.dto; + + +/** + * This class represents the data that are required to register + * the oauth application. + */ +public class ApiRegistrationProfile { + + public String applicationName; + public String tags[]; + public boolean isAllowedToAllDomains; + public String consumerKey; + public String consumerSecret; + public boolean isMappingAnExistingOAuthApp; + + public String getApplicationName() { + return applicationName; + } + + public void setApplicationName(String applicationName) { + this.applicationName = applicationName; + } + + public String[] getTags() { + return tags; + } + + public void setTags(String[] tags) { + this.tags = tags; + } + + public boolean isAllowedToAllDomains() { + return isAllowedToAllDomains; + } + + public void setIsAllowedToAllDomains(boolean isAllowedToAllDomains) { + this.isAllowedToAllDomains = isAllowedToAllDomains; + } + + public boolean isMappingAnExistingOAuthApp() { + return isMappingAnExistingOAuthApp; + } + + public void setIsMappingAnExistingOAuthApp(boolean isMappingAnExistingOAuthApp) { + this.isMappingAnExistingOAuthApp = isMappingAnExistingOAuthApp; + } + + public String getConsumerKey() { + return consumerKey; + } + + public void setConsumerKey(String consumerKey) { + this.consumerKey = consumerKey; + } + + public String getConsumerSecret() { + return consumerSecret; + } + + public void setConsumerSecret(String consumerSecret) { + this.consumerSecret = consumerSecret; + } +} \ No newline at end of file diff --git a/components/extensions/cdmf-transport-adapters/output/org.wso2.carbon.device.mgt.output.adapter.websocket/src/main/java/org/wso2/carbon/device/mgt/output/adapter/websocket/authorization/client/dto/AuthorizationRequest.java b/components/extensions/cdmf-transport-adapters/output/org.wso2.carbon.device.mgt.output.adapter.websocket/src/main/java/org/wso2/carbon/device/mgt/output/adapter/websocket/authorization/client/dto/AuthorizationRequest.java new file mode 100644 index 000000000..b8d5afbb8 --- /dev/null +++ b/components/extensions/cdmf-transport-adapters/output/org.wso2.carbon.device.mgt.output.adapter.websocket/src/main/java/org/wso2/carbon/device/mgt/output/adapter/websocket/authorization/client/dto/AuthorizationRequest.java @@ -0,0 +1,46 @@ +package org.wso2.carbon.device.mgt.output.adapter.websocket.authorization.client.dto; + +import java.util.List; + +/** + * DTO of the authorization request + */ +public class AuthorizationRequest { + + String tenantDomain; + String username; + List deviceIdentifiers; + List permissions; + + public String getTenantDomain() { + return tenantDomain; + } + + public void setTenantDomain(String tenantDomain) { + this.tenantDomain = tenantDomain; + } + + public String getUsername() { + return username; + } + + public void setUsername(String username) { + this.username = username; + } + + public List getDeviceIdentifiers() { + return deviceIdentifiers; + } + + public void setDeviceIdentifiers(List deviceIdentifiers) { + this.deviceIdentifiers = deviceIdentifiers; + } + + public List getPermissions() { + return permissions; + } + + public void setPermissions(List permissions) { + this.permissions = permissions; + } +} diff --git a/components/extensions/cdmf-transport-adapters/output/org.wso2.carbon.device.mgt.output.adapter.websocket/src/main/java/org/wso2/carbon/device/mgt/output/adapter/websocket/authorization/client/dto/DeviceAccessAuthorizationAdminService.java b/components/extensions/cdmf-transport-adapters/output/org.wso2.carbon.device.mgt.output.adapter.websocket/src/main/java/org/wso2/carbon/device/mgt/output/adapter/websocket/authorization/client/dto/DeviceAccessAuthorizationAdminService.java new file mode 100644 index 000000000..7ff42b115 --- /dev/null +++ b/components/extensions/cdmf-transport-adapters/output/org.wso2.carbon.device.mgt.output.adapter.websocket/src/main/java/org/wso2/carbon/device/mgt/output/adapter/websocket/authorization/client/dto/DeviceAccessAuthorizationAdminService.java @@ -0,0 +1,41 @@ +/* + * Copyright (c) 2016, WSO2 Inc. (http://www.wso2.org) All Rights Reserved. + * + * WSO2 Inc. licenses this file to you under the Apache License, + * Version 2.0 (the "License"); you may not use this file except + * in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, + * software distributed under the License is distributed on an + * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY + * KIND, either express or implied. See the License for the + * specific language governing permissions and limitations + * under the License. + * + */ +package org.wso2.carbon.device.mgt.output.adapter.websocket.authorization.client.dto; + + +import javax.ws.rs.Consumes; +import javax.ws.rs.POST; +import javax.ws.rs.Path; +import javax.ws.rs.Produces; +import javax.ws.rs.core.MediaType; + + +@Produces(MediaType.APPLICATION_JSON) +@Consumes(MediaType.APPLICATION_JSON) +@Path("/admin/authorization") +/** + * This interface provided the definition of the device - user access verification service. + */ +public interface DeviceAccessAuthorizationAdminService { + + @POST + @Produces(MediaType.APPLICATION_JSON) + @Consumes(MediaType.APPLICATION_JSON) + DeviceAuthorizationResult isAuthorized(AuthorizationRequest authorizationRequest); +} diff --git a/components/extensions/cdmf-transport-adapters/output/org.wso2.carbon.device.mgt.output.adapter.websocket/src/main/java/org/wso2/carbon/device/mgt/output/adapter/websocket/authorization/client/dto/DeviceAuthorizationResult.java b/components/extensions/cdmf-transport-adapters/output/org.wso2.carbon.device.mgt.output.adapter.websocket/src/main/java/org/wso2/carbon/device/mgt/output/adapter/websocket/authorization/client/dto/DeviceAuthorizationResult.java new file mode 100644 index 000000000..bb355aad6 --- /dev/null +++ b/components/extensions/cdmf-transport-adapters/output/org.wso2.carbon.device.mgt.output.adapter.websocket/src/main/java/org/wso2/carbon/device/mgt/output/adapter/websocket/authorization/client/dto/DeviceAuthorizationResult.java @@ -0,0 +1,56 @@ +/* + * Copyright (c) 2015, WSO2 Inc. (http://www.wso2.org) All Rights Reserved. + * + * WSO2 Inc. licenses this file to you under the Apache License, + * Version 2.0 (the "License"); you may not use this file except + * in compliance with the License. + * you may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, + * software distributed under the License is distributed on an + * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY + * KIND, either express or implied. See the License for the + * specific language governing permissions and limitations + * under the License. + */ + +package org.wso2.carbon.device.mgt.output.adapter.websocket.authorization.client.dto; + +import java.util.ArrayList; +import java.util.List; + +/** + * Represents a DeviceAuthorizationResult including a list of authorized devices and a list of unauthorized devices. + */ +public class DeviceAuthorizationResult { + + private List authorizedDevices = new ArrayList<>(); + private List unauthorizedDevices = new ArrayList<>(); + + public List getAuthorizedDevices() { + return authorizedDevices; + } + + public void setAuthorizedDevices(List authorizedDevices) { + this.authorizedDevices = authorizedDevices; + } + + public void setUnauthorizedDevices( + List unauthorizedDevices) { + this.unauthorizedDevices = unauthorizedDevices; + } + + public void addAuthorizedDevice(DeviceIdentifier deviceIdentifier) { + authorizedDevices.add(deviceIdentifier); + } + + public List getUnauthorizedDevices() { + return unauthorizedDevices; + } + + public void addUnauthorizedDevice(DeviceIdentifier deviceIdentifier) { + unauthorizedDevices.add(deviceIdentifier); + } +} diff --git a/components/extensions/cdmf-transport-adapters/output/org.wso2.carbon.device.mgt.output.adapter.websocket/src/main/java/org/wso2/carbon/device/mgt/output/adapter/websocket/authorization/client/dto/DeviceIdentifier.java b/components/extensions/cdmf-transport-adapters/output/org.wso2.carbon.device.mgt.output.adapter.websocket/src/main/java/org/wso2/carbon/device/mgt/output/adapter/websocket/authorization/client/dto/DeviceIdentifier.java new file mode 100644 index 000000000..1e9d8d2e5 --- /dev/null +++ b/components/extensions/cdmf-transport-adapters/output/org.wso2.carbon.device.mgt.output.adapter.websocket/src/main/java/org/wso2/carbon/device/mgt/output/adapter/websocket/authorization/client/dto/DeviceIdentifier.java @@ -0,0 +1,51 @@ +/* + * Copyright (c) 2014, WSO2 Inc. (http://www.wso2.org) All Rights Reserved. + * + * WSO2 Inc. licenses this file to you under the Apache License, + * Version 2.0 (the "License"); you may not use this file except + * in compliance with the License. + * you may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, + * software distributed under the License is distributed on an + * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY + * KIND, either express or implied. See the License for the + * specific language governing permissions and limitations + * under the License. + */ +package org.wso2.carbon.device.mgt.output.adapter.websocket.authorization.client.dto; + +import java.io.Serializable; + +/** + * DTO of the device identifier + */ +public class DeviceIdentifier implements Serializable{ + + private String id; + private String type; + + public DeviceIdentifier() {} + + public DeviceIdentifier(String id, String type) { + this.id = id; + this.type = type; + } + + public String getType() { + return type; + } + + public void setType(String type) { + this.type = type.toLowerCase(); + } + public String getId() { + return id; + } + + public void setId(String id) { + this.id = id; + } +} diff --git a/components/extensions/cdmf-transport-adapters/output/org.wso2.carbon.device.mgt.output.adapter.websocket/src/main/java/org/wso2/carbon/device/mgt/output/adapter/websocket/authorization/client/dto/OAuthApplicationInfo.java b/components/extensions/cdmf-transport-adapters/output/org.wso2.carbon.device.mgt.output.adapter.websocket/src/main/java/org/wso2/carbon/device/mgt/output/adapter/websocket/authorization/client/dto/OAuthApplicationInfo.java new file mode 100755 index 000000000..b8ac23830 --- /dev/null +++ b/components/extensions/cdmf-transport-adapters/output/org.wso2.carbon.device.mgt.output.adapter.websocket/src/main/java/org/wso2/carbon/device/mgt/output/adapter/websocket/authorization/client/dto/OAuthApplicationInfo.java @@ -0,0 +1,58 @@ +/* + * Copyright (c) 2016, WSO2 Inc. (http://www.wso2.org) All Rights Reserved. + * + * Licensed under the Apache License, Version 2.0 (the "License"); + * you may not use this file except in compliance with the License. + * You may obtain a copy of the License at + * http://www.apache.org/licenses/LICENSE-2.0 + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and limitations under the License. + * + */ + +package org.wso2.carbon.device.mgt.output.adapter.websocket.authorization.client.dto; + +/** + * This class represents an OAuth application populated with necessary data. + */ +public class OAuthApplicationInfo { + + public String client_id; + public String client_name; + public String callback_url; + public String client_secret; + + public String getClient_id() { + return client_id; + } + + public void setClient_id(String client_id) { + this.client_id = client_id; + } + + public String getClient_name() { + return client_name; + } + + public void setClient_name(String client_name) { + this.client_name = client_name; + } + + public String getCallback_url() { + return callback_url; + } + + public void setCallback_url(String callback_url) { + this.callback_url = callback_url; + } + + public String getClient_secret() { + return client_secret; + } + + public void setClient_secret(String client_secret) { + this.client_secret = client_secret; + } +} diff --git a/components/extensions/cdmf-transport-adapters/output/org.wso2.carbon.device.mgt.output.adapter.websocket/src/main/java/org/wso2/carbon/device/mgt/output/adapter/websocket/authorization/client/dto/RegisterInfo.java b/components/extensions/cdmf-transport-adapters/output/org.wso2.carbon.device.mgt.output.adapter.websocket/src/main/java/org/wso2/carbon/device/mgt/output/adapter/websocket/authorization/client/dto/RegisterInfo.java new file mode 100755 index 000000000..a1eb0a7a8 --- /dev/null +++ b/components/extensions/cdmf-transport-adapters/output/org.wso2.carbon.device.mgt.output.adapter.websocket/src/main/java/org/wso2/carbon/device/mgt/output/adapter/websocket/authorization/client/dto/RegisterInfo.java @@ -0,0 +1,40 @@ +/* + * Copyright (c) 2016, WSO2 Inc. (http://www.wso2.org) All Rights Reserved. + * + * Licensed under the Apache License, Version 2.0 (the "License"); + * you may not use this file except in compliance with the License. + * You may obtain a copy of the License at + * http://www.apache.org/licenses/LICENSE-2.0 + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and limitations under the License. + * + */ + +package org.wso2.carbon.device.mgt.output.adapter.websocket.authorization.client.dto; + +/** + * This holds the data related to registration. + */ +public class RegisterInfo { + + private boolean isRegistered; + private String msg; + + public boolean isRegistered() { + return isRegistered; + } + + public void setIsRegistered(boolean isRegistered) { + this.isRegistered = isRegistered; + } + + public String getMsg() { + return msg; + } + + public void setMsg(String msg) { + this.msg = msg; + } +} diff --git a/components/extensions/cdmf-transport-adapters/output/org.wso2.carbon.device.mgt.output.adapter.websocket/src/main/java/org/wso2/carbon/device/mgt/output/adapter/websocket/authorization/client/dto/RegistrationProfile.java b/components/extensions/cdmf-transport-adapters/output/org.wso2.carbon.device.mgt.output.adapter.websocket/src/main/java/org/wso2/carbon/device/mgt/output/adapter/websocket/authorization/client/dto/RegistrationProfile.java new file mode 100755 index 000000000..4ab595fba --- /dev/null +++ b/components/extensions/cdmf-transport-adapters/output/org.wso2.carbon.device.mgt.output.adapter.websocket/src/main/java/org/wso2/carbon/device/mgt/output/adapter/websocket/authorization/client/dto/RegistrationProfile.java @@ -0,0 +1,65 @@ +package org.wso2.carbon.device.mgt.output.adapter.websocket.authorization.client.dto; + + +/** + * This class represents the data that are required to register + * the oauth application. + */ +public class RegistrationProfile { + + public String callbackUrl; + public String clientName; + public String tokenScope; + public String owner; + public String grantType; + public String applicationType; + + public String getCallbackUrl() { + return callbackUrl; + } + + public void setCallbackUrl(String callBackUrl) { + this.callbackUrl = callBackUrl; + } + + public String getClientName() { + return clientName; + } + + public void setClientName(String clientName) { + this.clientName = clientName; + } + + public String getTokenScope() { + return tokenScope; + } + + public void setTokenScope(String tokenScope) { + this.tokenScope = tokenScope; + } + + public String getOwner() { + return owner; + } + + public void setOwner(String owner) { + this.owner = owner; + } + + public String getGrantType() { + return grantType; + } + + public void setGrantType(String grantType) { + this.grantType = grantType; + } + + public String getApplicationType() { + return applicationType; + } + + public void setApplicationType(String applicationType) { + this.applicationType = applicationType; + } + +} \ No newline at end of file diff --git a/components/extensions/cdmf-transport-adapters/output/org.wso2.carbon.device.mgt.output.adapter.websocket/src/main/java/org/wso2/carbon/device/mgt/output/adapter/websocket/authorization/client/dto/TokenIssuerService.java b/components/extensions/cdmf-transport-adapters/output/org.wso2.carbon.device.mgt.output.adapter.websocket/src/main/java/org/wso2/carbon/device/mgt/output/adapter/websocket/authorization/client/dto/TokenIssuerService.java new file mode 100755 index 000000000..6ecde4ca3 --- /dev/null +++ b/components/extensions/cdmf-transport-adapters/output/org.wso2.carbon.device.mgt.output.adapter.websocket/src/main/java/org/wso2/carbon/device/mgt/output/adapter/websocket/authorization/client/dto/TokenIssuerService.java @@ -0,0 +1,37 @@ +/* + * Copyright (c) 2016, WSO2 Inc. (http://www.wso2.org) All Rights Reserved. + * + * Licensed under the Apache License, Version 2.0 (the "License"); + * you may not use this file except in compliance with the License. + * You may obtain a copy of the License at + * http://www.apache.org/licenses/LICENSE-2.0 + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and limitations under the License. + * + */ + +package org.wso2.carbon.device.mgt.output.adapter.websocket.authorization.client.dto; + +import javax.ws.rs.POST; +import javax.ws.rs.Path; +import javax.ws.rs.Produces; +import javax.ws.rs.QueryParam; +import javax.ws.rs.core.MediaType; + +/** + * This hold the api defintion that is used as a contract with netflix feign. + */ +@Path("/token") +public interface TokenIssuerService { + + @POST + @Produces(MediaType.APPLICATION_JSON) + AccessTokenInfo getToken(@QueryParam("grant_type") String grant, @QueryParam("username") String username, + @QueryParam("password") String password); + + @POST + @Produces(MediaType.APPLICATION_JSON) + AccessTokenInfo getToken(@QueryParam("grant_type") String grant, @QueryParam("refresh_token") String refreshToken); +} diff --git a/components/extensions/cdmf-transport-adapters/output/org.wso2.carbon.device.mgt.output.adapter.websocket/src/main/java/org/wso2/carbon/device/mgt/output/adapter/websocket/config/WebsocketConfig.java b/components/extensions/cdmf-transport-adapters/output/org.wso2.carbon.device.mgt.output.adapter.websocket/src/main/java/org/wso2/carbon/device/mgt/output/adapter/websocket/config/WebsocketConfig.java index a29da168e..3499cd5e6 100644 --- a/components/extensions/cdmf-transport-adapters/output/org.wso2.carbon.device.mgt.output.adapter.websocket/src/main/java/org/wso2/carbon/device/mgt/output/adapter/websocket/config/WebsocketConfig.java +++ b/components/extensions/cdmf-transport-adapters/output/org.wso2.carbon.device.mgt.output.adapter.websocket/src/main/java/org/wso2/carbon/device/mgt/output/adapter/websocket/config/WebsocketConfig.java @@ -18,6 +18,8 @@ package org.wso2.carbon.device.mgt.output.adapter.websocket.config; +import org.apache.commons.logging.Log; +import org.apache.commons.logging.LogFactory; import org.w3c.dom.Document; import org.wso2.carbon.device.mgt.output.adapter.websocket.util.WebsocketUtils; import org.wso2.carbon.utils.CarbonUtils; @@ -34,6 +36,7 @@ public class WebsocketConfig { private static WebsocketConfig config = new WebsocketConfig(); private WebsocketValidationConfigs websocketValidationConfigs; + private static final Log log = LogFactory.getLog(WebsocketConfig.class); private static final String WEBSOCKET_VALIDATION_CONFIG_PATH = CarbonUtils.getEtcCarbonConfigDirPath() + File.separator + "websocket-validation.xml"; @@ -62,6 +65,13 @@ public class WebsocketConfig { } public WebsocketValidationConfigs getWebsocketValidationConfigs() { + if (websocketValidationConfigs == null) { + try { + init(); + } catch (WebsocketValidationConfigurationFailedException e) { + log.error("failed to initialize the config", e); + } + } return websocketValidationConfigs; } diff --git a/components/extensions/mb-extensions/org.wso2.carbon.andes.extensions.device.mgt.mqtt.authorization/pom.xml b/components/extensions/mb-extensions/org.wso2.carbon.andes.extensions.device.mgt.mqtt.authorization/pom.xml index 7e52b5976..cb65dbee0 100644 --- a/components/extensions/mb-extensions/org.wso2.carbon.andes.extensions.device.mgt.mqtt.authorization/pom.xml +++ b/components/extensions/mb-extensions/org.wso2.carbon.andes.extensions.device.mgt.mqtt.authorization/pom.xml @@ -58,6 +58,26 @@ commons-lang commons-lang + + io.github.openfeign + feign-core + + + io.github.openfeign + feign-jaxrs + + + io.github.openfeign + feign-gson + + + javax.ws.rs + jsr311-api + + + org.wso2.carbon + javax.cache.wso2 + @@ -95,9 +115,20 @@ org.wso2.carbon.user.core.service, org.wso2.carbon.user.core.tenant, org.wso2.carbon.user.api, - *;resolution:=optional + feign, + feign.auth, + feign.codec, + feign.gson, + javax.cache, + javax.xml.namespace, + javax.xml.stream, + org.wso2.carbon.base, + org.wso2.carbon.utils - * + + jsr311-api, + feign-jaxrs + diff --git a/components/extensions/mb-extensions/org.wso2.carbon.andes.extensions.device.mgt.mqtt.authorization/src/main/java/org/wso2/carbon/andes/extensions/device/mgt/mqtt/authorization/DeviceAccessBasedMQTTAuthorizer.java b/components/extensions/mb-extensions/org.wso2.carbon.andes.extensions.device.mgt.mqtt.authorization/src/main/java/org/wso2/carbon/andes/extensions/device/mgt/mqtt/authorization/DeviceAccessBasedMQTTAuthorizer.java index effd878ab..5c3e60c28 100644 --- a/components/extensions/mb-extensions/org.wso2.carbon.andes.extensions.device.mgt.mqtt.authorization/src/main/java/org/wso2/carbon/andes/extensions/device/mgt/mqtt/authorization/DeviceAccessBasedMQTTAuthorizer.java +++ b/components/extensions/mb-extensions/org.wso2.carbon.andes.extensions.device.mgt.mqtt.authorization/src/main/java/org/wso2/carbon/andes/extensions/device/mgt/mqtt/authorization/DeviceAccessBasedMQTTAuthorizer.java @@ -18,18 +18,36 @@ package org.wso2.carbon.andes.extensions.device.mgt.mqtt.authorization; +import feign.Feign; +import feign.FeignException; +import feign.gson.GsonDecoder; +import feign.gson.GsonEncoder; +import feign.jaxrs.JAXRSContract; import org.apache.commons.logging.Log; import org.apache.commons.logging.LogFactory; import org.dna.mqtt.moquette.server.IAuthorizer; import org.wso2.andes.configuration.enums.MQTTAuthoriztionPermissionLevel; import org.wso2.andes.mqtt.MQTTAuthorizationSubject; +import org.wso2.carbon.andes.extensions.device.mgt.mqtt.authorization.client.OAuthRequestInterceptor; +import org.wso2.carbon.andes.extensions.device.mgt.mqtt.authorization.client.dto.AuthorizationRequest; +import org.wso2.carbon.andes.extensions.device.mgt.mqtt.authorization.client.dto.DeviceAccessAuthorizationAdminService; +import org.wso2.carbon.andes.extensions.device.mgt.mqtt.authorization.client.dto.DeviceAuthorizationResult; +import org.wso2.carbon.andes.extensions.device.mgt.mqtt.authorization.client.dto.DeviceIdentifier; import org.wso2.carbon.andes.extensions.device.mgt.mqtt.authorization.config.AuthorizationConfigurationManager; import org.wso2.carbon.andes.extensions.device.mgt.mqtt.authorization.internal.AuthorizationDataHolder; +import org.wso2.carbon.andes.extensions.device.mgt.mqtt.authorization.util.AuthorizationCacheKey; +import org.wso2.carbon.base.MultitenantConstants; import org.wso2.carbon.context.PrivilegedCarbonContext; import org.wso2.carbon.user.api.UserRealm; import org.wso2.carbon.user.api.UserStoreException; +import javax.cache.Cache; +import javax.cache.CacheConfiguration; +import javax.cache.CacheManager; +import javax.cache.Caching; +import java.util.ArrayList; import java.util.List; +import java.util.concurrent.TimeUnit; /** * Authorize the connecting users against Carbon Permission Model. Intended usage is @@ -39,13 +57,24 @@ import java.util.List; */ public class DeviceAccessBasedMQTTAuthorizer implements IAuthorizer { - private static final String SCOPE_IDENTIFIER = "scope"; private static final String UI_EXECUTE = "ui.execute"; private static Log logger = LogFactory.getLog(DeviceAccessBasedMQTTAuthorizer.class); AuthorizationConfigurationManager MQTTAuthorizationConfiguration; + private static final String CDMF_SERVER_BASE_CONTEXT = "/api/device-mgt/v1.0"; + private static final String CACHE_MANAGER_NAME = "mqttAuthorizationCacheManager"; + private static final String CACHE_NAME = "mqttAuthorizationCache"; + private static DeviceAccessAuthorizationAdminService deviceAccessAuthorizationAdminService; + private static Cache cache; + public DeviceAccessBasedMQTTAuthorizer() { this.MQTTAuthorizationConfiguration = AuthorizationConfigurationManager.getInstance(); + createCache(); + deviceAccessAuthorizationAdminService = Feign.builder() + .requestInterceptor(new OAuthRequestInterceptor()) + .contract(new JAXRSContract()).encoder(new GsonEncoder()).decoder(new GsonDecoder()) + .target(DeviceAccessAuthorizationAdminService.class, + MQTTAuthorizationConfiguration.getDeviceMgtServerUrl() + CDMF_SERVER_BASE_CONTEXT); } /** @@ -54,35 +83,73 @@ public class DeviceAccessBasedMQTTAuthorizer implements IAuthorizer { @Override public boolean isAuthorizedForTopic(MQTTAuthorizationSubject authorizationSubject, String topic, MQTTAuthoriztionPermissionLevel permissionLevel) { - if (isUserAuthorized(authorizationSubject, MQTTAuthorizationConfiguration.getAdminPermission(), UI_EXECUTE)) { - return true; - } String topics[] = topic.split("/"); - if (topics.length < 3) { + String tenantDomainFromTopic = topics[0]; + if (!tenantDomainFromTopic.equals(authorizationSubject.getTenantDomain())) { return false; } - String tenantIdFromTopic = topics[0]; - if (!tenantIdFromTopic.equals(authorizationSubject.getTenantDomain())) { - return false; + if (topics.length < 3) { + AuthorizationCacheKey authorizationCacheKey = new AuthorizationCacheKey(tenantDomainFromTopic + ,authorizationSubject.getUsername(), "", ""); + if (cache.get(authorizationCacheKey)) { + return true; + } + AuthorizationRequest authorizationRequest = new AuthorizationRequest(); + authorizationRequest.setTenantDomain(tenantDomainFromTopic); + try { + DeviceAuthorizationResult deviceAuthorizationResult = + deviceAccessAuthorizationAdminService.isAuthorized(authorizationRequest); + if (deviceAuthorizationResult != null) { + cache.put(authorizationCacheKey, true); + return true; + } + return false; + } catch (FeignException e) { + return false; + } } String deviceType = topics[1]; String deviceId = topics[2]; - Object scopeObject = authorizationSubject.getProperties().get(SCOPE_IDENTIFIER); + AuthorizationCacheKey authorizationCacheKey = new AuthorizationCacheKey(tenantDomainFromTopic + ,authorizationSubject.getUsername(), deviceId, deviceType); + if (cache.get(authorizationCacheKey)) { + return true; + } - if (!deviceId.isEmpty() && !deviceType.isEmpty() && scopeObject != null) { - List scopes = (List) scopeObject; - String permissionScope = MQTTAuthorizationConfiguration.getMQTTPublisherScopeIdentifier(); - if (permissionLevel == MQTTAuthoriztionPermissionLevel.SUBSCRIBE) { - permissionScope = MQTTAuthorizationConfiguration.getMQTTSubscriberScopeIdentifier(); - } - String requiredScope = MQTTAuthorizationConfiguration.getDevicemgtScopeIdentifier() + ":" + deviceType + ":" - + deviceId + ":" + permissionScope; - for (String scope : scopes) { - if (requiredScope.equals(scope)) { + List requiredPermission; + if (permissionLevel == MQTTAuthoriztionPermissionLevel.SUBSCRIBE) { + requiredPermission = MQTTAuthorizationConfiguration.getSubscriberPermissions(); + } else { + requiredPermission = MQTTAuthorizationConfiguration.getPublisherPermissions(); + } + + AuthorizationRequest authorizationRequest = new AuthorizationRequest(); + authorizationRequest.setTenantDomain(tenantDomainFromTopic); + if (requiredPermission != null) { + authorizationRequest.setPermissions(requiredPermission); + } + authorizationRequest.setUsername(authorizationSubject.getUsername()); + DeviceIdentifier deviceIdentifier = new DeviceIdentifier(); + deviceIdentifier.setId(deviceId); + deviceIdentifier.setType(deviceType); + List deviceIdentifiers = new ArrayList<>(); + deviceIdentifiers.add(deviceIdentifier); + authorizationRequest.setDeviceIdentifiers(deviceIdentifiers); + try { + DeviceAuthorizationResult deviceAuthorizationResult = + deviceAccessAuthorizationAdminService.isAuthorized(authorizationRequest); + List devices = deviceAuthorizationResult.getAuthorizedDevices(); + if (devices != null && devices.size() > 0) { + DeviceIdentifier authorizedDevice = devices.get(0); + if (authorizedDevice.getId().equals(deviceId) && authorizedDevice.getType().equals(deviceType)) { + cache.put(authorizationCacheKey, true); return true; } } + } catch (FeignException e) { + // do nothing. } + return false; } @@ -91,6 +158,11 @@ public class DeviceAccessBasedMQTTAuthorizer implements IAuthorizer { */ @Override public boolean isAuthorizedToConnect(MQTTAuthorizationSubject authorizationSubject) { + if (MQTTAuthorizationConfiguration.getConnectionPermission() == null || + MQTTAuthorizationConfiguration.getConnectionPermission().isEmpty()) { + //allow authenticated client to connect. + return true; + } return isUserAuthorized(authorizationSubject, MQTTAuthorizationConfiguration.getConnectionPermission() , UI_EXECUTE); } @@ -122,4 +194,28 @@ public class DeviceAccessBasedMQTTAuthorizer implements IAuthorizer { PrivilegedCarbonContext.endTenantFlow(); } } + + /** + * This method is used to create the Caches. + * @return Cachemanager + */ + private void createCache() { + PrivilegedCarbonContext.startTenantFlow(); + PrivilegedCarbonContext.getThreadLocalCarbonContext().setTenantDomain( + MultitenantConstants.SUPER_TENANT_DOMAIN_NAME, true); + try { + CacheManager cacheManager = Caching.getCacheManagerFactory().getCacheManager(CACHE_MANAGER_NAME); + if (MQTTAuthorizationConfiguration.getCacheDuration() == 0) { + cache = cacheManager.getCache(CACHE_NAME); + } else { + cache = cacheManager.createCacheBuilder(CACHE_NAME). + setExpiry(CacheConfiguration.ExpiryType.MODIFIED, new CacheConfiguration.Duration( + TimeUnit.SECONDS, MQTTAuthorizationConfiguration.getCacheDuration())). + setStoreByValue(false).build(); + } + } finally { + PrivilegedCarbonContext.endTenantFlow(); + } + } + } \ No newline at end of file diff --git a/components/extensions/mb-extensions/org.wso2.carbon.andes.extensions.device.mgt.mqtt.authorization/src/main/java/org/wso2/carbon/andes/extensions/device/mgt/mqtt/authorization/client/OAuthRequestInterceptor.java b/components/extensions/mb-extensions/org.wso2.carbon.andes.extensions.device.mgt.mqtt.authorization/src/main/java/org/wso2/carbon/andes/extensions/device/mgt/mqtt/authorization/client/OAuthRequestInterceptor.java new file mode 100755 index 000000000..0f7906fb9 --- /dev/null +++ b/components/extensions/mb-extensions/org.wso2.carbon.andes.extensions.device.mgt.mqtt.authorization/src/main/java/org/wso2/carbon/andes/extensions/device/mgt/mqtt/authorization/client/OAuthRequestInterceptor.java @@ -0,0 +1,89 @@ +/* + * Copyright (c) 2016, WSO2 Inc. (http://www.wso2.org) All Rights Reserved. + * + * Licensed under the Apache License, Version 2.0 (the "License"); + * you may not use this file except in compliance with the License. + * You may obtain a copy of the License at + * http://www.apache.org/licenses/LICENSE-2.0 + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and limitations under the License. + * + */ + +package org.wso2.carbon.andes.extensions.device.mgt.mqtt.authorization.client; + +import feign.Feign; +import feign.RequestInterceptor; +import feign.RequestTemplate; +import feign.auth.BasicAuthRequestInterceptor; +import feign.gson.GsonDecoder; +import feign.gson.GsonEncoder; +import feign.jaxrs.JAXRSContract; +import org.wso2.carbon.andes.extensions.device.mgt.mqtt.authorization.client.dto.AccessTokenInfo; +import org.wso2.carbon.andes.extensions.device.mgt.mqtt.authorization.client.dto.ApiApplicationKey; +import org.wso2.carbon.andes.extensions.device.mgt.mqtt.authorization.client.dto.ApiApplicationRegistrationService; +import org.wso2.carbon.andes.extensions.device.mgt.mqtt.authorization.client.dto.ApiRegistrationProfile; +import org.wso2.carbon.andes.extensions.device.mgt.mqtt.authorization.client.dto.TokenIssuerService; +import org.wso2.carbon.andes.extensions.device.mgt.mqtt.authorization.config.AuthorizationConfigurationManager; + +/** + * This is a request interceptor to add oauth token header. + */ +public class OAuthRequestInterceptor implements RequestInterceptor { + + private AccessTokenInfo tokenInfo; + private long refreshTimeOffset; + private static final String API_APPLICATION_REGISTRATION_CONTEXT = "/api-application-registration"; + private static final String DEVICE_MANAGEMENT_SERVICE_TAG[] = {"device_management"}; + private static final String APPLICATION_NAME = "mqtt_broker"; + private static final String PASSWORD_GRANT_TYPE = "password"; + private static final String REFRESH_GRANT_TYPE = "refresh_token"; + private ApiApplicationRegistrationService apiApplicationRegistrationService; + private TokenIssuerService tokenIssuerService; + + /** + * Creates an interceptor that authenticates all requests. + */ + public OAuthRequestInterceptor() { + refreshTimeOffset = AuthorizationConfigurationManager.getInstance().getTokenRefreshTimeOffset(); + String username = AuthorizationConfigurationManager.getInstance().getUsername(); + String password = AuthorizationConfigurationManager.getInstance().getPassword(); + apiApplicationRegistrationService = Feign.builder().requestInterceptor( + new BasicAuthRequestInterceptor(username, password)) + .contract(new JAXRSContract()).encoder(new GsonEncoder()).decoder(new GsonDecoder()) + .target(ApiApplicationRegistrationService.class, + AuthorizationConfigurationManager.getInstance().getDeviceMgtServerUrl() + + API_APPLICATION_REGISTRATION_CONTEXT); + } + + @Override + public void apply(RequestTemplate template) { + if (tokenInfo == null) { + //had to do on demand initialization due to start up error. + ApiRegistrationProfile apiRegistrationProfile = new ApiRegistrationProfile(); + apiRegistrationProfile.setApplicationName(APPLICATION_NAME); + apiRegistrationProfile.setIsAllowedToAllDomains(false); + apiRegistrationProfile.setIsMappingAnExistingOAuthApp(false); + apiRegistrationProfile.setTags(DEVICE_MANAGEMENT_SERVICE_TAG); + ApiApplicationKey apiApplicationKey = apiApplicationRegistrationService.register(apiRegistrationProfile); + String consumerKey = apiApplicationKey.getConsumerKey(); + String consumerSecret = apiApplicationKey.getConsumerSecret(); + String username = AuthorizationConfigurationManager.getInstance().getUsername(); + String password = AuthorizationConfigurationManager.getInstance().getPassword(); + tokenIssuerService = Feign.builder().requestInterceptor( + new BasicAuthRequestInterceptor(consumerKey, consumerSecret)) + .contract(new JAXRSContract()).encoder(new GsonEncoder()).decoder(new GsonDecoder()) + .target(TokenIssuerService.class, AuthorizationConfigurationManager.getInstance().getTokenEndpoint()); + tokenInfo = tokenIssuerService.getToken(PASSWORD_GRANT_TYPE, username, password); + } + if (System.currentTimeMillis() + refreshTimeOffset > tokenInfo.getExpires_in()) { + tokenInfo = tokenIssuerService.getToken(REFRESH_GRANT_TYPE, tokenInfo.getRefresh_token()); + } + String headerValue = "Bearer " + tokenInfo.getAccess_token(); + template.header("Authorization", headerValue); + } + + +} diff --git a/components/extensions/mb-extensions/org.wso2.carbon.andes.extensions.device.mgt.mqtt.authorization/src/main/java/org/wso2/carbon/andes/extensions/device/mgt/mqtt/authorization/client/dto/AccessTokenInfo.java b/components/extensions/mb-extensions/org.wso2.carbon.andes.extensions.device.mgt.mqtt.authorization/src/main/java/org/wso2/carbon/andes/extensions/device/mgt/mqtt/authorization/client/dto/AccessTokenInfo.java new file mode 100755 index 000000000..8f7ed9977 --- /dev/null +++ b/components/extensions/mb-extensions/org.wso2.carbon.andes.extensions.device.mgt.mqtt.authorization/src/main/java/org/wso2/carbon/andes/extensions/device/mgt/mqtt/authorization/client/dto/AccessTokenInfo.java @@ -0,0 +1,57 @@ +/* + * Copyright (c) 2016, WSO2 Inc. (http://www.wso2.org) All Rights Reserved. + * + * Licensed under the Apache License, Version 2.0 (the "License"); + * you may not use this file except in compliance with the License. + * You may obtain a copy of the License at + * http://www.apache.org/licenses/LICENSE-2.0 + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and limitations under the License. + * + */ + +package org.wso2.carbon.andes.extensions.device.mgt.mqtt.authorization.client.dto; + +/** + * This hold access token info that returned from the api call + */ +public class AccessTokenInfo { + public String token_type; + public long expires_in; + public String refresh_token; + public String access_token; + + public String getToken_type() { + return token_type; + } + + public void setToken_type(String token_type) { + this.token_type = token_type; + } + + public long getExpires_in() { + return expires_in; + } + + public void setExpires_in(long expires_in) { + this.expires_in = expires_in; + } + + public String getRefresh_token() { + return refresh_token; + } + + public void setRefresh_token(String refresh_token) { + this.refresh_token = refresh_token; + } + + public String getAccess_token() { + return access_token; + } + + public void setAccess_token(String access_token) { + this.access_token = access_token; + } +} diff --git a/components/extensions/mb-extensions/org.wso2.carbon.andes.extensions.device.mgt.mqtt.authorization/src/main/java/org/wso2/carbon/andes/extensions/device/mgt/mqtt/authorization/client/dto/ApiApplicationKey.java b/components/extensions/mb-extensions/org.wso2.carbon.andes.extensions.device.mgt.mqtt.authorization/src/main/java/org/wso2/carbon/andes/extensions/device/mgt/mqtt/authorization/client/dto/ApiApplicationKey.java new file mode 100644 index 000000000..1cb4a7f54 --- /dev/null +++ b/components/extensions/mb-extensions/org.wso2.carbon.andes.extensions.device.mgt.mqtt.authorization/src/main/java/org/wso2/carbon/andes/extensions/device/mgt/mqtt/authorization/client/dto/ApiApplicationKey.java @@ -0,0 +1,43 @@ +/* + * Copyright (c) 2016, WSO2 Inc. (http://www.wso2.org) All Rights Reserved. + * + * WSO2 Inc. licenses this file to you under the Apache License, + * Version 2.0 (the "License"); you may not use this file except + * in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, + * software distributed under the License is distributed on an + * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY + * KIND, either express or implied. See the License for the + * specific language governing permissions and limitations + * under the License. + */ + +package org.wso2.carbon.andes.extensions.device.mgt.mqtt.authorization.client.dto; + +/** + * This holds api application consumer key and secret. + */ +public class ApiApplicationKey { + private String client_id; + private String client_secret; + + public String getConsumerKey() { + return this.client_id; + } + + public void setClient_id(String consumerKey) { + this.client_id = consumerKey; + } + + public String getConsumerSecret() { + return this.client_secret; + } + + public void setClient_secret(String consumerSecret) { + this.client_secret = consumerSecret; + } +} diff --git a/components/extensions/mb-extensions/org.wso2.carbon.andes.extensions.device.mgt.mqtt.authorization/src/main/java/org/wso2/carbon/andes/extensions/device/mgt/mqtt/authorization/client/dto/ApiApplicationRegistrationService.java b/components/extensions/mb-extensions/org.wso2.carbon.andes.extensions.device.mgt.mqtt.authorization/src/main/java/org/wso2/carbon/andes/extensions/device/mgt/mqtt/authorization/client/dto/ApiApplicationRegistrationService.java new file mode 100755 index 000000000..e8fafa1d0 --- /dev/null +++ b/components/extensions/mb-extensions/org.wso2.carbon.andes.extensions.device.mgt.mqtt.authorization/src/main/java/org/wso2/carbon/andes/extensions/device/mgt/mqtt/authorization/client/dto/ApiApplicationRegistrationService.java @@ -0,0 +1,25 @@ +package org.wso2.carbon.andes.extensions.device.mgt.mqtt.authorization.client.dto; + +import javax.ws.rs.Consumes; +import javax.ws.rs.POST; +import javax.ws.rs.Path; +import javax.ws.rs.Produces; +import javax.ws.rs.core.MediaType; + +/** + * This is the application registration service that exposed for apimApplicationRegistration + */ + +@Path("/register") +public interface ApiApplicationRegistrationService { + + /** + * This method is used to register api application + * + * @param registrationProfile contains the necessary attributes that are needed in order to register an app. + */ + @POST + @Produces(MediaType.APPLICATION_JSON) + @Consumes(MediaType.APPLICATION_JSON) + ApiApplicationKey register(ApiRegistrationProfile registrationProfile); +} diff --git a/components/extensions/mb-extensions/org.wso2.carbon.andes.extensions.device.mgt.mqtt.authorization/src/main/java/org/wso2/carbon/andes/extensions/device/mgt/mqtt/authorization/client/dto/ApiRegistrationProfile.java b/components/extensions/mb-extensions/org.wso2.carbon.andes.extensions.device.mgt.mqtt.authorization/src/main/java/org/wso2/carbon/andes/extensions/device/mgt/mqtt/authorization/client/dto/ApiRegistrationProfile.java new file mode 100755 index 000000000..c200f603d --- /dev/null +++ b/components/extensions/mb-extensions/org.wso2.carbon.andes.extensions.device.mgt.mqtt.authorization/src/main/java/org/wso2/carbon/andes/extensions/device/mgt/mqtt/authorization/client/dto/ApiRegistrationProfile.java @@ -0,0 +1,78 @@ +/* + * Copyright (c) 2016, WSO2 Inc. (http://www.wso2.org) All Rights Reserved. + * + * Licensed under the Apache License, Version 2.0 (the "License"); + * you may not use this file except in compliance with the License. + * You may obtain a copy of the License at + * http://www.apache.org/licenses/LICENSE-2.0 + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and limitations under the License. + * + */ + +package org.wso2.carbon.andes.extensions.device.mgt.mqtt.authorization.client.dto; + + +/** + * This class represents the data that are required to register + * the oauth application. + */ +public class ApiRegistrationProfile { + + public String applicationName; + public String tags[]; + public boolean isAllowedToAllDomains; + public String consumerKey; + public String consumerSecret; + public boolean isMappingAnExistingOAuthApp; + + public String getApplicationName() { + return applicationName; + } + + public void setApplicationName(String applicationName) { + this.applicationName = applicationName; + } + + public String[] getTags() { + return tags; + } + + public void setTags(String[] tags) { + this.tags = tags; + } + + public boolean isAllowedToAllDomains() { + return isAllowedToAllDomains; + } + + public void setIsAllowedToAllDomains(boolean isAllowedToAllDomains) { + this.isAllowedToAllDomains = isAllowedToAllDomains; + } + + public boolean isMappingAnExistingOAuthApp() { + return isMappingAnExistingOAuthApp; + } + + public void setIsMappingAnExistingOAuthApp(boolean isMappingAnExistingOAuthApp) { + this.isMappingAnExistingOAuthApp = isMappingAnExistingOAuthApp; + } + + public String getConsumerKey() { + return consumerKey; + } + + public void setConsumerKey(String consumerKey) { + this.consumerKey = consumerKey; + } + + public String getConsumerSecret() { + return consumerSecret; + } + + public void setConsumerSecret(String consumerSecret) { + this.consumerSecret = consumerSecret; + } +} \ No newline at end of file diff --git a/components/extensions/mb-extensions/org.wso2.carbon.andes.extensions.device.mgt.mqtt.authorization/src/main/java/org/wso2/carbon/andes/extensions/device/mgt/mqtt/authorization/client/dto/AuthorizationRequest.java b/components/extensions/mb-extensions/org.wso2.carbon.andes.extensions.device.mgt.mqtt.authorization/src/main/java/org/wso2/carbon/andes/extensions/device/mgt/mqtt/authorization/client/dto/AuthorizationRequest.java new file mode 100644 index 000000000..bb2693f5b --- /dev/null +++ b/components/extensions/mb-extensions/org.wso2.carbon.andes.extensions.device.mgt.mqtt.authorization/src/main/java/org/wso2/carbon/andes/extensions/device/mgt/mqtt/authorization/client/dto/AuthorizationRequest.java @@ -0,0 +1,46 @@ +package org.wso2.carbon.andes.extensions.device.mgt.mqtt.authorization.client.dto; + +import java.util.List; + +/** + * DTO of the authorization request + */ +public class AuthorizationRequest { + + String tenantDomain; + String username; + List deviceIdentifiers; + List permissions; + + public String getTenantDomain() { + return tenantDomain; + } + + public void setTenantDomain(String tenantDomain) { + this.tenantDomain = tenantDomain; + } + + public String getUsername() { + return username; + } + + public void setUsername(String username) { + this.username = username; + } + + public List getDeviceIdentifiers() { + return deviceIdentifiers; + } + + public void setDeviceIdentifiers(List deviceIdentifiers) { + this.deviceIdentifiers = deviceIdentifiers; + } + + public List getPermissions() { + return permissions; + } + + public void setPermissions(List permissions) { + this.permissions = permissions; + } +} diff --git a/components/extensions/mb-extensions/org.wso2.carbon.andes.extensions.device.mgt.mqtt.authorization/src/main/java/org/wso2/carbon/andes/extensions/device/mgt/mqtt/authorization/client/dto/DeviceAccessAuthorizationAdminService.java b/components/extensions/mb-extensions/org.wso2.carbon.andes.extensions.device.mgt.mqtt.authorization/src/main/java/org/wso2/carbon/andes/extensions/device/mgt/mqtt/authorization/client/dto/DeviceAccessAuthorizationAdminService.java new file mode 100644 index 000000000..12338acfd --- /dev/null +++ b/components/extensions/mb-extensions/org.wso2.carbon.andes.extensions.device.mgt.mqtt.authorization/src/main/java/org/wso2/carbon/andes/extensions/device/mgt/mqtt/authorization/client/dto/DeviceAccessAuthorizationAdminService.java @@ -0,0 +1,41 @@ +/* + * Copyright (c) 2016, WSO2 Inc. (http://www.wso2.org) All Rights Reserved. + * + * WSO2 Inc. licenses this file to you under the Apache License, + * Version 2.0 (the "License"); you may not use this file except + * in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, + * software distributed under the License is distributed on an + * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY + * KIND, either express or implied. See the License for the + * specific language governing permissions and limitations + * under the License. + * + */ +package org.wso2.carbon.andes.extensions.device.mgt.mqtt.authorization.client.dto; + + +import javax.ws.rs.Consumes; +import javax.ws.rs.POST; +import javax.ws.rs.Path; +import javax.ws.rs.Produces; +import javax.ws.rs.core.MediaType; + + +@Produces(MediaType.APPLICATION_JSON) +@Consumes(MediaType.APPLICATION_JSON) +@Path("/admin/authorization") +/** + * This interface provided the definition of the device - user access verification service. + */ +public interface DeviceAccessAuthorizationAdminService { + + @POST + @Produces(MediaType.APPLICATION_JSON) + @Consumes(MediaType.APPLICATION_JSON) + DeviceAuthorizationResult isAuthorized(AuthorizationRequest authorizationRequest); +} diff --git a/components/extensions/mb-extensions/org.wso2.carbon.andes.extensions.device.mgt.mqtt.authorization/src/main/java/org/wso2/carbon/andes/extensions/device/mgt/mqtt/authorization/client/dto/DeviceAuthorizationResult.java b/components/extensions/mb-extensions/org.wso2.carbon.andes.extensions.device.mgt.mqtt.authorization/src/main/java/org/wso2/carbon/andes/extensions/device/mgt/mqtt/authorization/client/dto/DeviceAuthorizationResult.java new file mode 100644 index 000000000..11f98e55c --- /dev/null +++ b/components/extensions/mb-extensions/org.wso2.carbon.andes.extensions.device.mgt.mqtt.authorization/src/main/java/org/wso2/carbon/andes/extensions/device/mgt/mqtt/authorization/client/dto/DeviceAuthorizationResult.java @@ -0,0 +1,56 @@ +/* + * Copyright (c) 2015, WSO2 Inc. (http://www.wso2.org) All Rights Reserved. + * + * WSO2 Inc. licenses this file to you under the Apache License, + * Version 2.0 (the "License"); you may not use this file except + * in compliance with the License. + * you may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, + * software distributed under the License is distributed on an + * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY + * KIND, either express or implied. See the License for the + * specific language governing permissions and limitations + * under the License. + */ + +package org.wso2.carbon.andes.extensions.device.mgt.mqtt.authorization.client.dto; + +import java.util.ArrayList; +import java.util.List; + +/** + * Represents a DeviceAuthorizationResult including a list of authorized devices and a list of unauthorized devices. + */ +public class DeviceAuthorizationResult { + + private List authorizedDevices = new ArrayList<>(); + private List unauthorizedDevices = new ArrayList<>(); + + public List getAuthorizedDevices() { + return authorizedDevices; + } + + public void setAuthorizedDevices(List authorizedDevices) { + this.authorizedDevices = authorizedDevices; + } + + public void setUnauthorizedDevices( + List unauthorizedDevices) { + this.unauthorizedDevices = unauthorizedDevices; + } + + public void addAuthorizedDevice(DeviceIdentifier deviceIdentifier) { + authorizedDevices.add(deviceIdentifier); + } + + public List getUnauthorizedDevices() { + return unauthorizedDevices; + } + + public void addUnauthorizedDevice(DeviceIdentifier deviceIdentifier) { + unauthorizedDevices.add(deviceIdentifier); + } +} diff --git a/components/extensions/mb-extensions/org.wso2.carbon.andes.extensions.device.mgt.mqtt.authorization/src/main/java/org/wso2/carbon/andes/extensions/device/mgt/mqtt/authorization/client/dto/DeviceIdentifier.java b/components/extensions/mb-extensions/org.wso2.carbon.andes.extensions.device.mgt.mqtt.authorization/src/main/java/org/wso2/carbon/andes/extensions/device/mgt/mqtt/authorization/client/dto/DeviceIdentifier.java new file mode 100644 index 000000000..5b54351c5 --- /dev/null +++ b/components/extensions/mb-extensions/org.wso2.carbon.andes.extensions.device.mgt.mqtt.authorization/src/main/java/org/wso2/carbon/andes/extensions/device/mgt/mqtt/authorization/client/dto/DeviceIdentifier.java @@ -0,0 +1,51 @@ +/* + * Copyright (c) 2014, WSO2 Inc. (http://www.wso2.org) All Rights Reserved. + * + * WSO2 Inc. licenses this file to you under the Apache License, + * Version 2.0 (the "License"); you may not use this file except + * in compliance with the License. + * you may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, + * software distributed under the License is distributed on an + * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY + * KIND, either express or implied. See the License for the + * specific language governing permissions and limitations + * under the License. + */ +package org.wso2.carbon.andes.extensions.device.mgt.mqtt.authorization.client.dto; + +import java.io.Serializable; + +/** + * DTO of the device identifier + */ +public class DeviceIdentifier implements Serializable{ + + private String id; + private String type; + + public DeviceIdentifier() {} + + public DeviceIdentifier(String id, String type) { + this.id = id; + this.type = type; + } + + public String getType() { + return type; + } + + public void setType(String type) { + this.type = type.toLowerCase(); + } + public String getId() { + return id; + } + + public void setId(String id) { + this.id = id; + } +} diff --git a/components/extensions/mb-extensions/org.wso2.carbon.andes.extensions.device.mgt.mqtt.authorization/src/main/java/org/wso2/carbon/andes/extensions/device/mgt/mqtt/authorization/client/dto/OAuthApplicationInfo.java b/components/extensions/mb-extensions/org.wso2.carbon.andes.extensions.device.mgt.mqtt.authorization/src/main/java/org/wso2/carbon/andes/extensions/device/mgt/mqtt/authorization/client/dto/OAuthApplicationInfo.java new file mode 100755 index 000000000..b23316ea7 --- /dev/null +++ b/components/extensions/mb-extensions/org.wso2.carbon.andes.extensions.device.mgt.mqtt.authorization/src/main/java/org/wso2/carbon/andes/extensions/device/mgt/mqtt/authorization/client/dto/OAuthApplicationInfo.java @@ -0,0 +1,58 @@ +/* + * Copyright (c) 2016, WSO2 Inc. (http://www.wso2.org) All Rights Reserved. + * + * Licensed under the Apache License, Version 2.0 (the "License"); + * you may not use this file except in compliance with the License. + * You may obtain a copy of the License at + * http://www.apache.org/licenses/LICENSE-2.0 + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and limitations under the License. + * + */ + +package org.wso2.carbon.andes.extensions.device.mgt.mqtt.authorization.client.dto; + +/** + * This class represents an OAuth application populated with necessary data. + */ +public class OAuthApplicationInfo { + + public String client_id; + public String client_name; + public String callback_url; + public String client_secret; + + public String getClient_id() { + return client_id; + } + + public void setClient_id(String client_id) { + this.client_id = client_id; + } + + public String getClient_name() { + return client_name; + } + + public void setClient_name(String client_name) { + this.client_name = client_name; + } + + public String getCallback_url() { + return callback_url; + } + + public void setCallback_url(String callback_url) { + this.callback_url = callback_url; + } + + public String getClient_secret() { + return client_secret; + } + + public void setClient_secret(String client_secret) { + this.client_secret = client_secret; + } +} diff --git a/components/extensions/mb-extensions/org.wso2.carbon.andes.extensions.device.mgt.mqtt.authorization/src/main/java/org/wso2/carbon/andes/extensions/device/mgt/mqtt/authorization/client/dto/RegisterInfo.java b/components/extensions/mb-extensions/org.wso2.carbon.andes.extensions.device.mgt.mqtt.authorization/src/main/java/org/wso2/carbon/andes/extensions/device/mgt/mqtt/authorization/client/dto/RegisterInfo.java new file mode 100755 index 000000000..6d9dcf0d6 --- /dev/null +++ b/components/extensions/mb-extensions/org.wso2.carbon.andes.extensions.device.mgt.mqtt.authorization/src/main/java/org/wso2/carbon/andes/extensions/device/mgt/mqtt/authorization/client/dto/RegisterInfo.java @@ -0,0 +1,40 @@ +/* + * Copyright (c) 2016, WSO2 Inc. (http://www.wso2.org) All Rights Reserved. + * + * Licensed under the Apache License, Version 2.0 (the "License"); + * you may not use this file except in compliance with the License. + * You may obtain a copy of the License at + * http://www.apache.org/licenses/LICENSE-2.0 + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and limitations under the License. + * + */ + +package org.wso2.carbon.andes.extensions.device.mgt.mqtt.authorization.client.dto; + +/** + * This holds the data related to registration. + */ +public class RegisterInfo { + + private boolean isRegistered; + private String msg; + + public boolean isRegistered() { + return isRegistered; + } + + public void setIsRegistered(boolean isRegistered) { + this.isRegistered = isRegistered; + } + + public String getMsg() { + return msg; + } + + public void setMsg(String msg) { + this.msg = msg; + } +} diff --git a/components/extensions/mb-extensions/org.wso2.carbon.andes.extensions.device.mgt.mqtt.authorization/src/main/java/org/wso2/carbon/andes/extensions/device/mgt/mqtt/authorization/client/dto/RegistrationProfile.java b/components/extensions/mb-extensions/org.wso2.carbon.andes.extensions.device.mgt.mqtt.authorization/src/main/java/org/wso2/carbon/andes/extensions/device/mgt/mqtt/authorization/client/dto/RegistrationProfile.java new file mode 100755 index 000000000..cb5c7d772 --- /dev/null +++ b/components/extensions/mb-extensions/org.wso2.carbon.andes.extensions.device.mgt.mqtt.authorization/src/main/java/org/wso2/carbon/andes/extensions/device/mgt/mqtt/authorization/client/dto/RegistrationProfile.java @@ -0,0 +1,65 @@ +package org.wso2.carbon.andes.extensions.device.mgt.mqtt.authorization.client.dto; + + +/** + * This class represents the data that are required to register + * the oauth application. + */ +public class RegistrationProfile { + + public String callbackUrl; + public String clientName; + public String tokenScope; + public String owner; + public String grantType; + public String applicationType; + + public String getCallbackUrl() { + return callbackUrl; + } + + public void setCallbackUrl(String callBackUrl) { + this.callbackUrl = callBackUrl; + } + + public String getClientName() { + return clientName; + } + + public void setClientName(String clientName) { + this.clientName = clientName; + } + + public String getTokenScope() { + return tokenScope; + } + + public void setTokenScope(String tokenScope) { + this.tokenScope = tokenScope; + } + + public String getOwner() { + return owner; + } + + public void setOwner(String owner) { + this.owner = owner; + } + + public String getGrantType() { + return grantType; + } + + public void setGrantType(String grantType) { + this.grantType = grantType; + } + + public String getApplicationType() { + return applicationType; + } + + public void setApplicationType(String applicationType) { + this.applicationType = applicationType; + } + +} \ No newline at end of file diff --git a/components/extensions/mb-extensions/org.wso2.carbon.andes.extensions.device.mgt.mqtt.authorization/src/main/java/org/wso2/carbon/andes/extensions/device/mgt/mqtt/authorization/client/dto/TokenIssuerService.java b/components/extensions/mb-extensions/org.wso2.carbon.andes.extensions.device.mgt.mqtt.authorization/src/main/java/org/wso2/carbon/andes/extensions/device/mgt/mqtt/authorization/client/dto/TokenIssuerService.java new file mode 100755 index 000000000..bd36c0ad6 --- /dev/null +++ b/components/extensions/mb-extensions/org.wso2.carbon.andes.extensions.device.mgt.mqtt.authorization/src/main/java/org/wso2/carbon/andes/extensions/device/mgt/mqtt/authorization/client/dto/TokenIssuerService.java @@ -0,0 +1,37 @@ +/* + * Copyright (c) 2016, WSO2 Inc. (http://www.wso2.org) All Rights Reserved. + * + * Licensed under the Apache License, Version 2.0 (the "License"); + * you may not use this file except in compliance with the License. + * You may obtain a copy of the License at + * http://www.apache.org/licenses/LICENSE-2.0 + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and limitations under the License. + * + */ + +package org.wso2.carbon.andes.extensions.device.mgt.mqtt.authorization.client.dto; + +import javax.ws.rs.POST; +import javax.ws.rs.Path; +import javax.ws.rs.Produces; +import javax.ws.rs.QueryParam; +import javax.ws.rs.core.MediaType; + +/** + * This hold the api defintion that is used as a contract with netflix feign. + */ +@Path("/token") +public interface TokenIssuerService { + + @POST + @Produces(MediaType.APPLICATION_JSON) + AccessTokenInfo getToken(@QueryParam("grant_type") String grant, @QueryParam("username") String username, + @QueryParam("password") String password); + + @POST + @Produces(MediaType.APPLICATION_JSON) + AccessTokenInfo getToken(@QueryParam("grant_type") String grant, @QueryParam("refresh_token") String refreshToken); +} diff --git a/components/extensions/mb-extensions/org.wso2.carbon.andes.extensions.device.mgt.mqtt.authorization/src/main/java/org/wso2/carbon/andes/extensions/device/mgt/mqtt/authorization/config/AuthorizationConfigurationManager.java b/components/extensions/mb-extensions/org.wso2.carbon.andes.extensions.device.mgt.mqtt.authorization/src/main/java/org/wso2/carbon/andes/extensions/device/mgt/mqtt/authorization/config/AuthorizationConfigurationManager.java index c477af77a..8d0f5c799 100644 --- a/components/extensions/mb-extensions/org.wso2.carbon.andes.extensions.device.mgt.mqtt.authorization/src/main/java/org/wso2/carbon/andes/extensions/device/mgt/mqtt/authorization/config/AuthorizationConfigurationManager.java +++ b/components/extensions/mb-extensions/org.wso2.carbon.andes.extensions.device.mgt.mqtt.authorization/src/main/java/org/wso2/carbon/andes/extensions/device/mgt/mqtt/authorization/config/AuthorizationConfigurationManager.java @@ -21,23 +21,34 @@ package org.wso2.carbon.andes.extensions.device.mgt.mqtt.authorization.config; import org.apache.commons.logging.Log; import org.apache.commons.logging.LogFactory; +import java.util.ArrayList; import java.util.List; public class AuthorizationConfigurationManager { private static final String CONNECTION_PERMISSION = "connectionPermission"; - private static final String ADMIN_PERMISSION = "adminPermission"; - private static final String MQTT_PUBLISHER_SCOPE_IDENTIFIER = "MQTTPublisherScopeIdentifier"; - private static final String MQTT_SUBSCRIBER_SCOPE_IDENTIFIER = "MQTTSubscriberScopeIdentifier"; - private static final String DEVICE_MGT_SCOPE_IDENTIFIER = "devicemgtScopeIdentifier"; + private static final String MQTT_PUBLISHER_PERMISSION = "publisherPermission"; + private static final String MQTT_SUBSCRIBER_PERMISSION = "subscriberPermission"; + private static final String CONNECTION_USERNAME = "username"; + private static final String CONNECTION_PASSWORD = "password"; + private static final String TOKEN_ENDPOINT = "tokenEndpoint"; + private static final String TOKEN_REFRESH_TIME_OFFSET = "tokenRefreshTimeOffset"; + private static final String DEVICE_MGT_SERVER_URL = "deviceMgtServerUrl"; + private static final String MQTT_CACHE_DURATION = "cacheDurationSeconds"; + private static final AuthorizationConfigurationManager oAuthConfigurationManager = new AuthorizationConfigurationManager(); private static Log logger = LogFactory.getLog(AuthorizationConfigurationManager.class); private String connectionPermission; - private String adminPermission; - private String MQTTPublisherScopeIdentifier; - private String MQTTSubscriberScopeIdentifier; - private String devicemgtScopeIdentifier; + private String username; + private String password; + private String tokenEndpoint; + private long tokenRefreshTimeOffset; + private String deviceMgtServerUrl; + private long cacheDuration; + + private List publisherPermissions = new ArrayList<>(); + private List subscriberPermissions = new ArrayList<>(); private AuthorizationConfigurationManager() { @@ -59,51 +70,104 @@ public class AuthorizationConfigurationManager { } } - public String getAdminPermission() { - return adminPermission; + public List getPublisherPermissions() { + return publisherPermissions; } - public void setAdminPermission(String adminPermission) { - if (adminPermission != null) { - this.adminPermission = adminPermission; + public void setPublisherPermission(String publisherPermission) { + if (publisherPermission != null && !publisherPermission.isEmpty()) { + this.publisherPermissions.add(publisherPermission); } else { - logger.error("admin permission can't be null "); + logger.error("MQTT publisher permission can't be empty "); } } - public String getMQTTPublisherScopeIdentifier() { - return MQTTPublisherScopeIdentifier; + public List getSubscriberPermissions() { + return subscriberPermissions; } - public void setMQTTPublisherScopeIdentifier(String MQTTPublisherScopeIdentifier) { - if (MQTTPublisherScopeIdentifier != null) { - this.MQTTPublisherScopeIdentifier = MQTTPublisherScopeIdentifier; + public void setSubscriberPermission(String subscriberPermission) { + if (subscriberPermission != null && !subscriberPermission.isEmpty()) { + this.subscriberPermissions.add(subscriberPermission); } else { - logger.error("MQTT publisher scope identifier can't be null "); + logger.error("MQTT subscriber permissions can't be null "); } } - public String getMQTTSubscriberScopeIdentifier() { - return MQTTSubscriberScopeIdentifier; + public String getUsername() { + return username; + } + + public void setUsername(String username) { + if (username != null && !username.isEmpty()) { + this.username = username; + } else { + logger.error("username can't be empty "); + } + + } + + public String getPassword() { + return password; } - public void setMQTTSubscriberScopeIdentifier(String MQTTSubscriberScopeIdentifier) { - if (MQTTSubscriberScopeIdentifier != null) { - this.MQTTSubscriberScopeIdentifier = MQTTSubscriberScopeIdentifier; + public void setPassword(String password) { + if (password != null && !password.isEmpty()) { + this.password = password; } else { - logger.error("MQTT subscriber scope identifier can't be null "); + logger.error("password can't be empty "); } } - public String getDevicemgtScopeIdentifier() { - return devicemgtScopeIdentifier; + public String getTokenEndpoint() { + return tokenEndpoint; } - public void setDevicemgtScopeIdentifier(String devicemgtScopeIdentifier) { - if (devicemgtScopeIdentifier != null) { - this.devicemgtScopeIdentifier = devicemgtScopeIdentifier; + public void setTokenEndpoint(String tokenEndpoint) { + if (tokenEndpoint != null && !tokenEndpoint.isEmpty()) { + this.tokenEndpoint = tokenEndpoint; } else { - logger.error("Device management scope identifier can't be null "); + logger.error("tokenEndpoint can't be empty "); + } + } + + public long getTokenRefreshTimeOffset() { + return tokenRefreshTimeOffset; + } + + public void setTokenRefreshTimeOffset(String tokenRefreshTimeOffset) { + try { + if (tokenRefreshTimeOffset != null && !tokenRefreshTimeOffset.isEmpty()) { + this.tokenRefreshTimeOffset = Long.parseLong(tokenRefreshTimeOffset); + } + } catch (NumberFormatException e) { + logger.error("tokenRefreshTimeOffset is not a number(long)"); + } + } + + public String getDeviceMgtServerUrl() { + return deviceMgtServerUrl; + } + + public void setDeviceMgtServerUrl(String deviceMgtServerUrl) { + if (deviceMgtServerUrl != null && !deviceMgtServerUrl.isEmpty()) { + this.deviceMgtServerUrl = deviceMgtServerUrl; + } else { + logger.error("deviceMgtServerUrl can't be empty "); + } + } + + public long getCacheDuration() { + return cacheDuration; + } + + public void setCacheDuration(String cacheDuration) { + try { + if (cacheDuration != null && !cacheDuration.isEmpty()) { + this.cacheDuration = Long.parseLong(cacheDuration); + } + } catch (NumberFormatException e) { + this.cacheDuration = 0; } } @@ -120,18 +184,32 @@ public class AuthorizationConfigurationManager { case CONNECTION_PERMISSION: setConnectionPermission(propertyValue); break; - case ADMIN_PERMISSION: - setAdminPermission(propertyValue); + case MQTT_PUBLISHER_PERMISSION: + setPublisherPermission(propertyValue); + break; + case MQTT_SUBSCRIBER_PERMISSION: + setSubscriberPermission(propertyValue); + break; + case CONNECTION_USERNAME: + setUsername(propertyValue); break; - case MQTT_PUBLISHER_SCOPE_IDENTIFIER: - setMQTTPublisherScopeIdentifier(propertyValue); + case CONNECTION_PASSWORD: + setPassword(propertyValue); break; - case MQTT_SUBSCRIBER_SCOPE_IDENTIFIER: - setMQTTSubscriberScopeIdentifier(propertyValue); + case TOKEN_ENDPOINT: + setTokenEndpoint(propertyValue); break; - case DEVICE_MGT_SCOPE_IDENTIFIER: - setDevicemgtScopeIdentifier(propertyValue); + case TOKEN_REFRESH_TIME_OFFSET: + setTokenRefreshTimeOffset(propertyValue); break; + case DEVICE_MGT_SERVER_URL: + setDeviceMgtServerUrl(propertyValue); + break; + case MQTT_CACHE_DURATION: + setCacheDuration(propertyValue); + break; + + default: break; } diff --git a/components/extensions/mb-extensions/org.wso2.carbon.andes.extensions.device.mgt.mqtt.authorization/src/main/java/org/wso2/carbon/andes/extensions/device/mgt/mqtt/authorization/util/AuthorizationCacheKey.java b/components/extensions/mb-extensions/org.wso2.carbon.andes.extensions.device.mgt.mqtt.authorization/src/main/java/org/wso2/carbon/andes/extensions/device/mgt/mqtt/authorization/util/AuthorizationCacheKey.java new file mode 100644 index 000000000..7509612ca --- /dev/null +++ b/components/extensions/mb-extensions/org.wso2.carbon.andes.extensions.device.mgt.mqtt.authorization/src/main/java/org/wso2/carbon/andes/extensions/device/mgt/mqtt/authorization/util/AuthorizationCacheKey.java @@ -0,0 +1,33 @@ +package org.wso2.carbon.andes.extensions.device.mgt.mqtt.authorization.util; + +public class AuthorizationCacheKey { + String tenantDomain; + String deviceId; + String deviceType; + String username; + + public AuthorizationCacheKey(String tenantDomain, String username, String deviceId, String deviceType) { + this.username = username; + this.tenantDomain = tenantDomain; + this.deviceId = deviceId; + this.deviceType = deviceType; + } + + @Override + public int hashCode() { + int result = this.deviceType.hashCode(); + result = 31 * result + ("@" + this.deviceId + "@" + this.tenantDomain + "@" + this.username).hashCode(); + + return result; + } + + @Override + public boolean equals(Object obj) { + return (obj instanceof AuthorizationCacheKey) && deviceType.equals( + ((AuthorizationCacheKey) obj).deviceType) && tenantDomain.equals( + ((AuthorizationCacheKey) obj).tenantDomain ) && deviceId.equals( + ((AuthorizationCacheKey) obj).deviceId) && username.equals( + ((AuthorizationCacheKey) obj).username); + } + +} diff --git a/features/extensions-feature/org.wso2.carbon.andes.extensions.device.mgt.mqtt.authorization.feature/pom.xml b/features/extensions-feature/org.wso2.carbon.andes.extensions.device.mgt.mqtt.authorization.feature/pom.xml index 430f8069f..3cf921c0c 100644 --- a/features/extensions-feature/org.wso2.carbon.andes.extensions.device.mgt.mqtt.authorization.feature/pom.xml +++ b/features/extensions-feature/org.wso2.carbon.andes.extensions.device.mgt.mqtt.authorization.feature/pom.xml @@ -39,6 +39,18 @@ org.wso2.carbon.devicemgt-plugins org.wso2.carbon.andes.extensions.device.mgt.mqtt.authorization + + io.github.openfeign + feign-jaxrs + + + io.github.openfeign + feign-gson + + + io.github.openfeign + feign-jaxrs + @@ -66,6 +78,12 @@ org.wso2.carbon.devicemgt-plugins:org.wso2.carbon.andes.extensions.device.mgt.mqtt.authorization:${carbon.devicemgt.plugins.version} + + io.github.openfeign:feign-core:${io.github.openfeign.version} + + + io.github.openfeign:feign-gson:${io.github.openfeign.version} + org.wso2.carbon.core.server:4.4.9 diff --git a/features/extensions-feature/org.wso2.carbon.device.mgt.adapter.feature/pom.xml b/features/extensions-feature/org.wso2.carbon.device.mgt.adapter.feature/pom.xml index e1896f33b..833d30993 100644 --- a/features/extensions-feature/org.wso2.carbon.device.mgt.adapter.feature/pom.xml +++ b/features/extensions-feature/org.wso2.carbon.device.mgt.adapter.feature/pom.xml @@ -68,6 +68,16 @@ com.jayway.jsonpath json-path + + io.github.openfeign + feign-jaxrs + ${io.github.openfeign.version} + + + io.github.openfeign + feign-gson + ${io.github.openfeign.version} + @@ -92,7 +102,7 @@ ${project.build.directory}/maven-shared-archive-resources/webapps/ - secured-outputui.war + secured-websocket.war @@ -180,6 +190,12 @@ com.jayway.jsonpath:json-path + + io.github.openfeign:feign-core:${io.github.openfeign.version} + + + io.github.openfeign:feign-gson:${io.github.openfeign.version} + diff --git a/features/extensions-feature/org.wso2.carbon.device.mgt.adapter.feature/src/main/resources/websocket-validation.xml b/features/extensions-feature/org.wso2.carbon.device.mgt.adapter.feature/src/main/resources/websocket-validation.xml index b36677fec..b8c789dc7 100644 --- a/features/extensions-feature/org.wso2.carbon.device.mgt.adapter.feature/src/main/resources/websocket-validation.xml +++ b/features/extensions-feature/org.wso2.carbon.device.mgt.adapter.feature/src/main/resources/websocket-validation.xml @@ -35,5 +35,16 @@ - + + + + /permission/device-mgt/user/groups/device_monitor + admin + admin + https://localhost:9443/oauth2 + + 100 + https://localhost:9443 + + \ No newline at end of file diff --git a/pom.xml b/pom.xml index 014b3d71e..435d33398 100644 --- a/pom.xml +++ b/pom.xml @@ -239,6 +239,11 @@ org.wso2.carbon.ndatasource.core ${carbon.kernel.version} + + org.wso2.carbon + javax.cache.wso2 + ${carbon.kernel.version} + @@ -1155,6 +1160,21 @@ commons-lang ${commons.lang.version} + + io.github.openfeign + feign-core + ${io.github.openfeign.version} + + + io.github.openfeign + feign-jaxrs + ${io.github.openfeign.version} + + + io.github.openfeign + feign-gson + ${io.github.openfeign.version} + @@ -1317,6 +1337,10 @@ 3.1.11 + + + 9.3.1 + [1.1.0, 2.0.0) From c7a29f0637d0807130445cb965a14db626f02278 Mon Sep 17 00:00:00 2001 From: ayyoob Date: Mon, 21 Nov 2016 19:14:21 +0530 Subject: [PATCH 2/3] few changes in coding issues --- .../authorization/DeviceAuthorizer.java | 4 +- .../client/OAuthRequestInterceptor.java | 4 +- .../ApiApplicationRegistrationService.java | 13 ++ .../client/dto/AuthorizationRequest.java | 13 ++ .../client/dto/RegistrationProfile.java | 13 ++ .../client/dto/TokenIssuerService.java | 19 ++- .../DeviceAccessBasedMQTTAuthorizer.java | 118 ++++++++++-------- .../client/OAuthRequestInterceptor.java | 2 + .../ApiApplicationRegistrationService.java | 13 ++ .../client/dto/AuthorizationRequest.java | 13 ++ .../client/dto/RegistrationProfile.java | 13 ++ .../client/dto/TokenIssuerService.java | 3 + 12 files changed, 168 insertions(+), 60 deletions(-) diff --git a/components/extensions/cdmf-transport-adapters/output/org.wso2.carbon.device.mgt.output.adapter.websocket/src/main/java/org/wso2/carbon/device/mgt/output/adapter/websocket/authorization/DeviceAuthorizer.java b/components/extensions/cdmf-transport-adapters/output/org.wso2.carbon.device.mgt.output.adapter.websocket/src/main/java/org/wso2/carbon/device/mgt/output/adapter/websocket/authorization/DeviceAuthorizer.java index 23561e7fb..f02470625 100644 --- a/components/extensions/cdmf-transport-adapters/output/org.wso2.carbon.device.mgt.output.adapter.websocket/src/main/java/org/wso2/carbon/device/mgt/output/adapter/websocket/authorization/DeviceAuthorizer.java +++ b/components/extensions/cdmf-transport-adapters/output/org.wso2.carbon.device.mgt.output.adapter.websocket/src/main/java/org/wso2/carbon/device/mgt/output/adapter/websocket/authorization/DeviceAuthorizer.java @@ -96,7 +96,7 @@ public class DeviceAuthorizer implements Authorizer { } } } catch (FeignException e) { - //do nothing + logger.error(e.getMessage(), e); } } return false; @@ -110,7 +110,7 @@ public class DeviceAuthorizer implements Authorizer { break; } } - if (deviceMgtServerUrl == null && deviceMgtServerUrl.isEmpty()) { + if (deviceMgtServerUrl == null || deviceMgtServerUrl.isEmpty()) { logger.error("deviceMgtServerUrl can't be empty "); } return deviceMgtServerUrl; diff --git a/components/extensions/cdmf-transport-adapters/output/org.wso2.carbon.device.mgt.output.adapter.websocket/src/main/java/org/wso2/carbon/device/mgt/output/adapter/websocket/authorization/client/OAuthRequestInterceptor.java b/components/extensions/cdmf-transport-adapters/output/org.wso2.carbon.device.mgt.output.adapter.websocket/src/main/java/org/wso2/carbon/device/mgt/output/adapter/websocket/authorization/client/OAuthRequestInterceptor.java index 4803c73ea..068f3e34c 100755 --- a/components/extensions/cdmf-transport-adapters/output/org.wso2.carbon.device.mgt.output.adapter.websocket/src/main/java/org/wso2/carbon/device/mgt/output/adapter/websocket/authorization/client/OAuthRequestInterceptor.java +++ b/components/extensions/cdmf-transport-adapters/output/org.wso2.carbon.device.mgt.output.adapter.websocket/src/main/java/org/wso2/carbon/device/mgt/output/adapter/websocket/authorization/client/OAuthRequestInterceptor.java @@ -41,7 +41,7 @@ public class OAuthRequestInterceptor implements RequestInterceptor { private long refreshTimeOffset; private static final String API_APPLICATION_REGISTRATION_CONTEXT = "/api-application-registration"; private static final String DEVICE_MANAGEMENT_SERVICE_TAG[] = {"device_management"}; - private static final String APPLICATION_NAME = "mqtt_broker"; + private static final String APPLICATION_NAME = "websocket-app"; private static final String PASSWORD_GRANT_TYPE = "password"; private static final String REFRESH_GRANT_TYPE = "refresh_token"; private ApiApplicationRegistrationService apiApplicationRegistrationService; @@ -93,9 +93,11 @@ public class OAuthRequestInterceptor implements RequestInterceptor { .contract(new JAXRSContract()).encoder(new GsonEncoder()).decoder(new GsonDecoder()) .target(TokenIssuerService.class, tokenEndpoint); tokenInfo = tokenIssuerService.getToken(PASSWORD_GRANT_TYPE, username, password); + tokenInfo.setExpires_in(System.currentTimeMillis() + tokenInfo.getExpires_in()); } if (System.currentTimeMillis() + refreshTimeOffset > tokenInfo.getExpires_in()) { tokenInfo = tokenIssuerService.getToken(REFRESH_GRANT_TYPE, tokenInfo.getRefresh_token()); + tokenInfo.setExpires_in(System.currentTimeMillis() + tokenInfo.getExpires_in()); } String headerValue = "Bearer " + tokenInfo.getAccess_token(); template.header("Authorization", headerValue); diff --git a/components/extensions/cdmf-transport-adapters/output/org.wso2.carbon.device.mgt.output.adapter.websocket/src/main/java/org/wso2/carbon/device/mgt/output/adapter/websocket/authorization/client/dto/ApiApplicationRegistrationService.java b/components/extensions/cdmf-transport-adapters/output/org.wso2.carbon.device.mgt.output.adapter.websocket/src/main/java/org/wso2/carbon/device/mgt/output/adapter/websocket/authorization/client/dto/ApiApplicationRegistrationService.java index 70ace0ef4..53bfd55db 100755 --- a/components/extensions/cdmf-transport-adapters/output/org.wso2.carbon.device.mgt.output.adapter.websocket/src/main/java/org/wso2/carbon/device/mgt/output/adapter/websocket/authorization/client/dto/ApiApplicationRegistrationService.java +++ b/components/extensions/cdmf-transport-adapters/output/org.wso2.carbon.device.mgt.output.adapter.websocket/src/main/java/org/wso2/carbon/device/mgt/output/adapter/websocket/authorization/client/dto/ApiApplicationRegistrationService.java @@ -1,3 +1,16 @@ +/* + * Copyright (c) 2016, WSO2 Inc. (http://www.wso2.org) All Rights Reserved. + * + * Licensed under the Apache License, Version 2.0 (the "License"); + * you may not use this file except in compliance with the License. + * You may obtain a copy of the License at + * http://www.apache.org/licenses/LICENSE-2.0 + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and limitations under the License. + * + */ package org.wso2.carbon.device.mgt.output.adapter.websocket.authorization.client.dto; import javax.ws.rs.Consumes; diff --git a/components/extensions/cdmf-transport-adapters/output/org.wso2.carbon.device.mgt.output.adapter.websocket/src/main/java/org/wso2/carbon/device/mgt/output/adapter/websocket/authorization/client/dto/AuthorizationRequest.java b/components/extensions/cdmf-transport-adapters/output/org.wso2.carbon.device.mgt.output.adapter.websocket/src/main/java/org/wso2/carbon/device/mgt/output/adapter/websocket/authorization/client/dto/AuthorizationRequest.java index b8d5afbb8..2ca2821bb 100644 --- a/components/extensions/cdmf-transport-adapters/output/org.wso2.carbon.device.mgt.output.adapter.websocket/src/main/java/org/wso2/carbon/device/mgt/output/adapter/websocket/authorization/client/dto/AuthorizationRequest.java +++ b/components/extensions/cdmf-transport-adapters/output/org.wso2.carbon.device.mgt.output.adapter.websocket/src/main/java/org/wso2/carbon/device/mgt/output/adapter/websocket/authorization/client/dto/AuthorizationRequest.java @@ -1,3 +1,16 @@ +/* + * Copyright (c) 2016, WSO2 Inc. (http://www.wso2.org) All Rights Reserved. + * + * Licensed under the Apache License, Version 2.0 (the "License"); + * you may not use this file except in compliance with the License. + * You may obtain a copy of the License at + * http://www.apache.org/licenses/LICENSE-2.0 + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and limitations under the License. + * + */ package org.wso2.carbon.device.mgt.output.adapter.websocket.authorization.client.dto; import java.util.List; diff --git a/components/extensions/cdmf-transport-adapters/output/org.wso2.carbon.device.mgt.output.adapter.websocket/src/main/java/org/wso2/carbon/device/mgt/output/adapter/websocket/authorization/client/dto/RegistrationProfile.java b/components/extensions/cdmf-transport-adapters/output/org.wso2.carbon.device.mgt.output.adapter.websocket/src/main/java/org/wso2/carbon/device/mgt/output/adapter/websocket/authorization/client/dto/RegistrationProfile.java index 4ab595fba..c1fb9988d 100755 --- a/components/extensions/cdmf-transport-adapters/output/org.wso2.carbon.device.mgt.output.adapter.websocket/src/main/java/org/wso2/carbon/device/mgt/output/adapter/websocket/authorization/client/dto/RegistrationProfile.java +++ b/components/extensions/cdmf-transport-adapters/output/org.wso2.carbon.device.mgt.output.adapter.websocket/src/main/java/org/wso2/carbon/device/mgt/output/adapter/websocket/authorization/client/dto/RegistrationProfile.java @@ -1,3 +1,16 @@ +/* + * Copyright (c) 2016, WSO2 Inc. (http://www.wso2.org) All Rights Reserved. + * + * Licensed under the Apache License, Version 2.0 (the "License"); + * you may not use this file except in compliance with the License. + * You may obtain a copy of the License at + * http://www.apache.org/licenses/LICENSE-2.0 + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and limitations under the License. + * + */ package org.wso2.carbon.device.mgt.output.adapter.websocket.authorization.client.dto; diff --git a/components/extensions/cdmf-transport-adapters/output/org.wso2.carbon.device.mgt.output.adapter.websocket/src/main/java/org/wso2/carbon/device/mgt/output/adapter/websocket/authorization/client/dto/TokenIssuerService.java b/components/extensions/cdmf-transport-adapters/output/org.wso2.carbon.device.mgt.output.adapter.websocket/src/main/java/org/wso2/carbon/device/mgt/output/adapter/websocket/authorization/client/dto/TokenIssuerService.java index 6ecde4ca3..9680d50f9 100755 --- a/components/extensions/cdmf-transport-adapters/output/org.wso2.carbon.device.mgt.output.adapter.websocket/src/main/java/org/wso2/carbon/device/mgt/output/adapter/websocket/authorization/client/dto/TokenIssuerService.java +++ b/components/extensions/cdmf-transport-adapters/output/org.wso2.carbon.device.mgt.output.adapter.websocket/src/main/java/org/wso2/carbon/device/mgt/output/adapter/websocket/authorization/client/dto/TokenIssuerService.java @@ -11,9 +11,22 @@ * See the License for the specific language governing permissions and limitations under the License. * */ - +/* + * Copyright (c) 2016, WSO2 Inc. (http://www.wso2.org) All Rights Reserved. + * + * Licensed under the Apache License, Version 2.0 (the "License"); + * you may not use this file except in compliance with the License. + * You may obtain a copy of the License at + * http://www.apache.org/licenses/LICENSE-2.0 + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and limitations under the License. + * + */ package org.wso2.carbon.device.mgt.output.adapter.websocket.authorization.client.dto; +import javax.ws.rs.Consumes; import javax.ws.rs.POST; import javax.ws.rs.Path; import javax.ws.rs.Produces; @@ -28,10 +41,12 @@ public interface TokenIssuerService { @POST @Produces(MediaType.APPLICATION_JSON) + @Consumes(MediaType.APPLICATION_FORM_URLENCODED) AccessTokenInfo getToken(@QueryParam("grant_type") String grant, @QueryParam("username") String username, @QueryParam("password") String password); @POST @Produces(MediaType.APPLICATION_JSON) + @Consumes(MediaType.APPLICATION_FORM_URLENCODED) AccessTokenInfo getToken(@QueryParam("grant_type") String grant, @QueryParam("refresh_token") String refreshToken); -} +} \ No newline at end of file diff --git a/components/extensions/mb-extensions/org.wso2.carbon.andes.extensions.device.mgt.mqtt.authorization/src/main/java/org/wso2/carbon/andes/extensions/device/mgt/mqtt/authorization/DeviceAccessBasedMQTTAuthorizer.java b/components/extensions/mb-extensions/org.wso2.carbon.andes.extensions.device.mgt.mqtt.authorization/src/main/java/org/wso2/carbon/andes/extensions/device/mgt/mqtt/authorization/DeviceAccessBasedMQTTAuthorizer.java index 5c3e60c28..d64a77b0b 100644 --- a/components/extensions/mb-extensions/org.wso2.carbon.andes.extensions.device.mgt.mqtt.authorization/src/main/java/org/wso2/carbon/andes/extensions/device/mgt/mqtt/authorization/DeviceAccessBasedMQTTAuthorizer.java +++ b/components/extensions/mb-extensions/org.wso2.carbon.andes.extensions.device.mgt.mqtt.authorization/src/main/java/org/wso2/carbon/andes/extensions/device/mgt/mqtt/authorization/DeviceAccessBasedMQTTAuthorizer.java @@ -50,7 +50,7 @@ import java.util.List; import java.util.concurrent.TimeUnit; /** - * Authorize the connecting users against Carbon Permission Model. Intended usage is + * Authorize the connecting users against CDMF. Intended usage is * via providing fully qualified class name in broker.xml *

* This is just a simple authorization model. For dynamic topics use an implementation based on IAuthorizer @@ -83,71 +83,79 @@ public class DeviceAccessBasedMQTTAuthorizer implements IAuthorizer { @Override public boolean isAuthorizedForTopic(MQTTAuthorizationSubject authorizationSubject, String topic, MQTTAuthoriztionPermissionLevel permissionLevel) { - String topics[] = topic.split("/"); - String tenantDomainFromTopic = topics[0]; - if (!tenantDomainFromTopic.equals(authorizationSubject.getTenantDomain())) { - return false; - } - if (topics.length < 3) { + PrivilegedCarbonContext.startTenantFlow(); + PrivilegedCarbonContext.getThreadLocalCarbonContext().setTenantDomain( + MultitenantConstants.SUPER_TENANT_DOMAIN_NAME, true); + try { + String topics[] = topic.split("/"); + String tenantDomainFromTopic = topics[0]; + if (!tenantDomainFromTopic.equals(authorizationSubject.getTenantDomain())) { + return false; + } + if (topics.length < 3) { + AuthorizationCacheKey authorizationCacheKey = new AuthorizationCacheKey(tenantDomainFromTopic + , authorizationSubject.getUsername(), "", ""); + if (cache.get(authorizationCacheKey) != null && cache.get(authorizationCacheKey)) { + return true; + } + AuthorizationRequest authorizationRequest = new AuthorizationRequest(); + authorizationRequest.setTenantDomain(tenantDomainFromTopic); + try { + DeviceAuthorizationResult deviceAuthorizationResult = + deviceAccessAuthorizationAdminService.isAuthorized(authorizationRequest); + if (deviceAuthorizationResult != null) { + cache.put(authorizationCacheKey, true); + return true; + } + return false; + } catch (FeignException e) { + logger.error(e.getMessage(), e); + return false; + } + } + String deviceType = topics[1]; + String deviceId = topics[2]; AuthorizationCacheKey authorizationCacheKey = new AuthorizationCacheKey(tenantDomainFromTopic - ,authorizationSubject.getUsername(), "", ""); - if (cache.get(authorizationCacheKey)) { + , authorizationSubject.getUsername(), deviceId, deviceType); + if (cache.get(authorizationCacheKey) != null && cache.get(authorizationCacheKey)) { return true; } + + List requiredPermission; + if (permissionLevel == MQTTAuthoriztionPermissionLevel.SUBSCRIBE) { + requiredPermission = MQTTAuthorizationConfiguration.getSubscriberPermissions(); + } else { + requiredPermission = MQTTAuthorizationConfiguration.getPublisherPermissions(); + } + AuthorizationRequest authorizationRequest = new AuthorizationRequest(); authorizationRequest.setTenantDomain(tenantDomainFromTopic); + if (requiredPermission != null) { + authorizationRequest.setPermissions(requiredPermission); + } + authorizationRequest.setUsername(authorizationSubject.getUsername()); + DeviceIdentifier deviceIdentifier = new DeviceIdentifier(); + deviceIdentifier.setId(deviceId); + deviceIdentifier.setType(deviceType); + List deviceIdentifiers = new ArrayList<>(); + deviceIdentifiers.add(deviceIdentifier); + authorizationRequest.setDeviceIdentifiers(deviceIdentifiers); try { DeviceAuthorizationResult deviceAuthorizationResult = deviceAccessAuthorizationAdminService.isAuthorized(authorizationRequest); - if (deviceAuthorizationResult != null) { - cache.put(authorizationCacheKey, true); - return true; + List devices = deviceAuthorizationResult.getAuthorizedDevices(); + if (devices != null && devices.size() > 0) { + DeviceIdentifier authorizedDevice = devices.get(0); + if (authorizedDevice.getId().equals(deviceId) && authorizedDevice.getType().equals(deviceType)) { + cache.put(authorizationCacheKey, true); + return true; + } } - return false; } catch (FeignException e) { - return false; - } - } - String deviceType = topics[1]; - String deviceId = topics[2]; - AuthorizationCacheKey authorizationCacheKey = new AuthorizationCacheKey(tenantDomainFromTopic - ,authorizationSubject.getUsername(), deviceId, deviceType); - if (cache.get(authorizationCacheKey)) { - return true; - } - - List requiredPermission; - if (permissionLevel == MQTTAuthoriztionPermissionLevel.SUBSCRIBE) { - requiredPermission = MQTTAuthorizationConfiguration.getSubscriberPermissions(); - } else { - requiredPermission = MQTTAuthorizationConfiguration.getPublisherPermissions(); - } - - AuthorizationRequest authorizationRequest = new AuthorizationRequest(); - authorizationRequest.setTenantDomain(tenantDomainFromTopic); - if (requiredPermission != null) { - authorizationRequest.setPermissions(requiredPermission); - } - authorizationRequest.setUsername(authorizationSubject.getUsername()); - DeviceIdentifier deviceIdentifier = new DeviceIdentifier(); - deviceIdentifier.setId(deviceId); - deviceIdentifier.setType(deviceType); - List deviceIdentifiers = new ArrayList<>(); - deviceIdentifiers.add(deviceIdentifier); - authorizationRequest.setDeviceIdentifiers(deviceIdentifiers); - try { - DeviceAuthorizationResult deviceAuthorizationResult = - deviceAccessAuthorizationAdminService.isAuthorized(authorizationRequest); - List devices = deviceAuthorizationResult.getAuthorizedDevices(); - if (devices != null && devices.size() > 0) { - DeviceIdentifier authorizedDevice = devices.get(0); - if (authorizedDevice.getId().equals(deviceId) && authorizedDevice.getType().equals(deviceType)) { - cache.put(authorizationCacheKey, true); - return true; - } + logger.error(e.getMessage(), e); } - } catch (FeignException e) { - // do nothing. + } finally { + PrivilegedCarbonContext.endTenantFlow(); } return false; diff --git a/components/extensions/mb-extensions/org.wso2.carbon.andes.extensions.device.mgt.mqtt.authorization/src/main/java/org/wso2/carbon/andes/extensions/device/mgt/mqtt/authorization/client/OAuthRequestInterceptor.java b/components/extensions/mb-extensions/org.wso2.carbon.andes.extensions.device.mgt.mqtt.authorization/src/main/java/org/wso2/carbon/andes/extensions/device/mgt/mqtt/authorization/client/OAuthRequestInterceptor.java index 0f7906fb9..9c8832f00 100755 --- a/components/extensions/mb-extensions/org.wso2.carbon.andes.extensions.device.mgt.mqtt.authorization/src/main/java/org/wso2/carbon/andes/extensions/device/mgt/mqtt/authorization/client/OAuthRequestInterceptor.java +++ b/components/extensions/mb-extensions/org.wso2.carbon.andes.extensions.device.mgt.mqtt.authorization/src/main/java/org/wso2/carbon/andes/extensions/device/mgt/mqtt/authorization/client/OAuthRequestInterceptor.java @@ -77,9 +77,11 @@ public class OAuthRequestInterceptor implements RequestInterceptor { .contract(new JAXRSContract()).encoder(new GsonEncoder()).decoder(new GsonDecoder()) .target(TokenIssuerService.class, AuthorizationConfigurationManager.getInstance().getTokenEndpoint()); tokenInfo = tokenIssuerService.getToken(PASSWORD_GRANT_TYPE, username, password); + tokenInfo.setExpires_in(System.currentTimeMillis() + tokenInfo.getExpires_in()); } if (System.currentTimeMillis() + refreshTimeOffset > tokenInfo.getExpires_in()) { tokenInfo = tokenIssuerService.getToken(REFRESH_GRANT_TYPE, tokenInfo.getRefresh_token()); + tokenInfo.setExpires_in(System.currentTimeMillis() + tokenInfo.getExpires_in()); } String headerValue = "Bearer " + tokenInfo.getAccess_token(); template.header("Authorization", headerValue); diff --git a/components/extensions/mb-extensions/org.wso2.carbon.andes.extensions.device.mgt.mqtt.authorization/src/main/java/org/wso2/carbon/andes/extensions/device/mgt/mqtt/authorization/client/dto/ApiApplicationRegistrationService.java b/components/extensions/mb-extensions/org.wso2.carbon.andes.extensions.device.mgt.mqtt.authorization/src/main/java/org/wso2/carbon/andes/extensions/device/mgt/mqtt/authorization/client/dto/ApiApplicationRegistrationService.java index e8fafa1d0..fd4798f2d 100755 --- a/components/extensions/mb-extensions/org.wso2.carbon.andes.extensions.device.mgt.mqtt.authorization/src/main/java/org/wso2/carbon/andes/extensions/device/mgt/mqtt/authorization/client/dto/ApiApplicationRegistrationService.java +++ b/components/extensions/mb-extensions/org.wso2.carbon.andes.extensions.device.mgt.mqtt.authorization/src/main/java/org/wso2/carbon/andes/extensions/device/mgt/mqtt/authorization/client/dto/ApiApplicationRegistrationService.java @@ -1,3 +1,16 @@ +/* + * Copyright (c) 2016, WSO2 Inc. (http://www.wso2.org) All Rights Reserved. + * + * Licensed under the Apache License, Version 2.0 (the "License"); + * you may not use this file except in compliance with the License. + * You may obtain a copy of the License at + * http://www.apache.org/licenses/LICENSE-2.0 + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and limitations under the License. + * + */ package org.wso2.carbon.andes.extensions.device.mgt.mqtt.authorization.client.dto; import javax.ws.rs.Consumes; diff --git a/components/extensions/mb-extensions/org.wso2.carbon.andes.extensions.device.mgt.mqtt.authorization/src/main/java/org/wso2/carbon/andes/extensions/device/mgt/mqtt/authorization/client/dto/AuthorizationRequest.java b/components/extensions/mb-extensions/org.wso2.carbon.andes.extensions.device.mgt.mqtt.authorization/src/main/java/org/wso2/carbon/andes/extensions/device/mgt/mqtt/authorization/client/dto/AuthorizationRequest.java index bb2693f5b..a19eb9de5 100644 --- a/components/extensions/mb-extensions/org.wso2.carbon.andes.extensions.device.mgt.mqtt.authorization/src/main/java/org/wso2/carbon/andes/extensions/device/mgt/mqtt/authorization/client/dto/AuthorizationRequest.java +++ b/components/extensions/mb-extensions/org.wso2.carbon.andes.extensions.device.mgt.mqtt.authorization/src/main/java/org/wso2/carbon/andes/extensions/device/mgt/mqtt/authorization/client/dto/AuthorizationRequest.java @@ -1,3 +1,16 @@ +/* + * Copyright (c) 2016, WSO2 Inc. (http://www.wso2.org) All Rights Reserved. + * + * Licensed under the Apache License, Version 2.0 (the "License"); + * you may not use this file except in compliance with the License. + * You may obtain a copy of the License at + * http://www.apache.org/licenses/LICENSE-2.0 + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and limitations under the License. + * + */ package org.wso2.carbon.andes.extensions.device.mgt.mqtt.authorization.client.dto; import java.util.List; diff --git a/components/extensions/mb-extensions/org.wso2.carbon.andes.extensions.device.mgt.mqtt.authorization/src/main/java/org/wso2/carbon/andes/extensions/device/mgt/mqtt/authorization/client/dto/RegistrationProfile.java b/components/extensions/mb-extensions/org.wso2.carbon.andes.extensions.device.mgt.mqtt.authorization/src/main/java/org/wso2/carbon/andes/extensions/device/mgt/mqtt/authorization/client/dto/RegistrationProfile.java index cb5c7d772..1c0c95f79 100755 --- a/components/extensions/mb-extensions/org.wso2.carbon.andes.extensions.device.mgt.mqtt.authorization/src/main/java/org/wso2/carbon/andes/extensions/device/mgt/mqtt/authorization/client/dto/RegistrationProfile.java +++ b/components/extensions/mb-extensions/org.wso2.carbon.andes.extensions.device.mgt.mqtt.authorization/src/main/java/org/wso2/carbon/andes/extensions/device/mgt/mqtt/authorization/client/dto/RegistrationProfile.java @@ -1,3 +1,16 @@ +/* + * Copyright (c) 2016, WSO2 Inc. (http://www.wso2.org) All Rights Reserved. + * + * Licensed under the Apache License, Version 2.0 (the "License"); + * you may not use this file except in compliance with the License. + * You may obtain a copy of the License at + * http://www.apache.org/licenses/LICENSE-2.0 + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and limitations under the License. + * + */ package org.wso2.carbon.andes.extensions.device.mgt.mqtt.authorization.client.dto; diff --git a/components/extensions/mb-extensions/org.wso2.carbon.andes.extensions.device.mgt.mqtt.authorization/src/main/java/org/wso2/carbon/andes/extensions/device/mgt/mqtt/authorization/client/dto/TokenIssuerService.java b/components/extensions/mb-extensions/org.wso2.carbon.andes.extensions.device.mgt.mqtt.authorization/src/main/java/org/wso2/carbon/andes/extensions/device/mgt/mqtt/authorization/client/dto/TokenIssuerService.java index bd36c0ad6..3e8413b45 100755 --- a/components/extensions/mb-extensions/org.wso2.carbon.andes.extensions.device.mgt.mqtt.authorization/src/main/java/org/wso2/carbon/andes/extensions/device/mgt/mqtt/authorization/client/dto/TokenIssuerService.java +++ b/components/extensions/mb-extensions/org.wso2.carbon.andes.extensions.device.mgt.mqtt.authorization/src/main/java/org/wso2/carbon/andes/extensions/device/mgt/mqtt/authorization/client/dto/TokenIssuerService.java @@ -14,6 +14,7 @@ package org.wso2.carbon.andes.extensions.device.mgt.mqtt.authorization.client.dto; +import javax.ws.rs.Consumes; import javax.ws.rs.POST; import javax.ws.rs.Path; import javax.ws.rs.Produces; @@ -28,10 +29,12 @@ public interface TokenIssuerService { @POST @Produces(MediaType.APPLICATION_JSON) + @Consumes(MediaType.APPLICATION_FORM_URLENCODED) AccessTokenInfo getToken(@QueryParam("grant_type") String grant, @QueryParam("username") String username, @QueryParam("password") String password); @POST @Produces(MediaType.APPLICATION_JSON) + @Consumes(MediaType.APPLICATION_FORM_URLENCODED) AccessTokenInfo getToken(@QueryParam("grant_type") String grant, @QueryParam("refresh_token") String refreshToken); } From cf5525dc3f5ce381725ae6deb433d5f614236399 Mon Sep 17 00:00:00 2001 From: ayyoob Date: Mon, 21 Nov 2016 20:55:12 +0530 Subject: [PATCH 3/3] removed device type and feature annotation --- .../iot/androidsense/service/impl/AndroidSenseService.java | 6 ------ .../device/mgt/iot/arduino/service/impl/ArduinoService.java | 4 ---- .../iot/raspberrypi/service/impl/RaspberryPiService.java | 4 ---- .../service/impl/VirtualFireAlarmService.java | 4 ---- 4 files changed, 18 deletions(-) diff --git a/components/device-types/androidsense-plugin/org.wso2.carbon.device.mgt.iot.androidsense.api/src/main/java/org/wso2/carbon/device/mgt/iot/androidsense/service/impl/AndroidSenseService.java b/components/device-types/androidsense-plugin/org.wso2.carbon.device.mgt.iot.androidsense.api/src/main/java/org/wso2/carbon/device/mgt/iot/androidsense/service/impl/AndroidSenseService.java index e09fd22ff..2c60c0b4d 100644 --- a/components/device-types/androidsense-plugin/org.wso2.carbon.device.mgt.iot.androidsense.api/src/main/java/org/wso2/carbon/device/mgt/iot/androidsense/service/impl/AndroidSenseService.java +++ b/components/device-types/androidsense-plugin/org.wso2.carbon.device.mgt.iot.androidsense.api/src/main/java/org/wso2/carbon/device/mgt/iot/androidsense/service/impl/AndroidSenseService.java @@ -25,13 +25,10 @@ import io.swagger.annotations.ExtensionProperty; import io.swagger.annotations.Extension; import io.swagger.annotations.Tag; import org.wso2.carbon.apimgt.annotations.api.Scope; -import org.wso2.carbon.device.mgt.extensions.feature.mgt.annotations.DeviceType; -import org.wso2.carbon.device.mgt.extensions.feature.mgt.annotations.Feature; import javax.ws.rs.*; import javax.ws.rs.core.Response; -@DeviceType(value = "android_sense") @SwaggerDefinition( info = @Info( version = "1.0.0", @@ -57,7 +54,6 @@ public interface AndroidSenseService { */ @Path("device/{deviceId}/words") @POST - @Feature(code = "keywords", name = "Add Keywords", description = "Send keywords to the device") @Scope(key = "device:android-sense:enroll", name = "", description = "") Response sendKeyWords(@PathParam("deviceId") String deviceId, @QueryParam("keywords") String keywords); @@ -69,13 +65,11 @@ public interface AndroidSenseService { */ @Path("device/{deviceId}/words/threshold") @POST - @Feature(code = "threshold", name = "Add a Threshold", description = "Set a threshold for word in the device") @Scope(key = "device:android-sense:enroll", name = "", description = "") Response sendThreshold(@PathParam("deviceId") String deviceId, @QueryParam("threshold") String threshold); @Path("device/{deviceId}/words") @DELETE - @Feature(code = "remove", name = "Remove Keywords", description = "Remove the keywords") @Scope(key = "device:android-sense:enroll", name = "", description = "") Response removeKeyWords(@PathParam("deviceId") String deviceId, @QueryParam("words") String words); diff --git a/components/device-types/arduino-plugin/org.wso2.carbon.device.mgt.iot.arduino.api/src/main/java/org/wso2/carbon/device/mgt/iot/arduino/service/impl/ArduinoService.java b/components/device-types/arduino-plugin/org.wso2.carbon.device.mgt.iot.arduino.api/src/main/java/org/wso2/carbon/device/mgt/iot/arduino/service/impl/ArduinoService.java index 97cf4ad1f..cd0ef710b 100644 --- a/components/device-types/arduino-plugin/org.wso2.carbon.device.mgt.iot.arduino.api/src/main/java/org/wso2/carbon/device/mgt/iot/arduino/service/impl/ArduinoService.java +++ b/components/device-types/arduino-plugin/org.wso2.carbon.device.mgt.iot.arduino.api/src/main/java/org/wso2/carbon/device/mgt/iot/arduino/service/impl/ArduinoService.java @@ -25,8 +25,6 @@ import io.swagger.annotations.Extension; import io.swagger.annotations.Tag; import org.wso2.carbon.apimgt.annotations.api.Scope; -import org.wso2.carbon.device.mgt.extensions.feature.mgt.annotations.DeviceType; -import org.wso2.carbon.device.mgt.extensions.feature.mgt.annotations.Feature; import javax.ws.rs.*; import javax.ws.rs.core.Response; @@ -46,12 +44,10 @@ import javax.ws.rs.core.Response; @Tag(name = "arduino", description = "") } ) -@DeviceType(value = "arduino") public interface ArduinoService { @Path("device/{deviceId}/bulb") @POST - @Feature(code = "bulb", name = "Control Bulb", description = "Control Bulb on Arduino Uno") @Scope(key = "device:arduino:enroll", name = "", description = "") Response switchBulb(@PathParam("deviceId") String deviceId, @QueryParam("state") String state); diff --git a/components/device-types/raspberrypi-plugin/org.wso2.carbon.device.mgt.iot.raspberrypi.api/src/main/java/org/wso2/carbon/device/mgt/iot/raspberrypi/service/impl/RaspberryPiService.java b/components/device-types/raspberrypi-plugin/org.wso2.carbon.device.mgt.iot.raspberrypi.api/src/main/java/org/wso2/carbon/device/mgt/iot/raspberrypi/service/impl/RaspberryPiService.java index 757e6ff56..812c58439 100644 --- a/components/device-types/raspberrypi-plugin/org.wso2.carbon.device.mgt.iot.raspberrypi.api/src/main/java/org/wso2/carbon/device/mgt/iot/raspberrypi/service/impl/RaspberryPiService.java +++ b/components/device-types/raspberrypi-plugin/org.wso2.carbon.device.mgt.iot.raspberrypi.api/src/main/java/org/wso2/carbon/device/mgt/iot/raspberrypi/service/impl/RaspberryPiService.java @@ -24,8 +24,6 @@ import io.swagger.annotations.ExtensionProperty; import io.swagger.annotations.Extension; import io.swagger.annotations.Tag; import org.wso2.carbon.apimgt.annotations.api.Scope; -import org.wso2.carbon.device.mgt.extensions.feature.mgt.annotations.DeviceType; -import org.wso2.carbon.device.mgt.extensions.feature.mgt.annotations.Feature; import javax.ws.rs.*; import javax.ws.rs.core.MediaType; @@ -46,12 +44,10 @@ import javax.ws.rs.core.Response; @Tag(name = "raspberrypi", description = "") } ) -@DeviceType(value = "raspberrypi") public interface RaspberryPiService { @Path("device/{deviceId}/bulb") @POST - @Feature(code = "bulb", name = "Bulb On / Off", description = "Switch on/off Raspberry Pi agent's bulb. (On / Off)") @Scope(key = "device:raspberrypi:enroll", name = "", description = "") Response switchBulb(@PathParam("deviceId") String deviceId, @QueryParam("state") String state); diff --git a/components/device-types/virtual-fire-alarm-plugin/org.wso2.carbon.device.mgt.iot.virtualfirealarm.api/src/main/java/org/wso2/carbon/device/mgt/iot/virtualfirealarm/service/impl/VirtualFireAlarmService.java b/components/device-types/virtual-fire-alarm-plugin/org.wso2.carbon.device.mgt.iot.virtualfirealarm.api/src/main/java/org/wso2/carbon/device/mgt/iot/virtualfirealarm/service/impl/VirtualFireAlarmService.java index faf40c962..75db835b7 100644 --- a/components/device-types/virtual-fire-alarm-plugin/org.wso2.carbon.device.mgt.iot.virtualfirealarm.api/src/main/java/org/wso2/carbon/device/mgt/iot/virtualfirealarm/service/impl/VirtualFireAlarmService.java +++ b/components/device-types/virtual-fire-alarm-plugin/org.wso2.carbon.device.mgt.iot.virtualfirealarm.api/src/main/java/org/wso2/carbon/device/mgt/iot/virtualfirealarm/service/impl/VirtualFireAlarmService.java @@ -24,8 +24,6 @@ import io.swagger.annotations.ExtensionProperty; import io.swagger.annotations.Extension; import io.swagger.annotations.Tag; import org.wso2.carbon.apimgt.annotations.api.Scope; -import org.wso2.carbon.device.mgt.extensions.feature.mgt.annotations.DeviceType; -import org.wso2.carbon.device.mgt.extensions.feature.mgt.annotations.Feature; import javax.ws.rs.*; import javax.ws.rs.core.Response; @@ -52,7 +50,6 @@ import javax.ws.rs.core.Response; @Tag(name = "virtual_firealarm", description = "") } ) -@DeviceType(value = "virtual_firealarm") public interface VirtualFireAlarmService { /** @@ -67,7 +64,6 @@ public interface VirtualFireAlarmService { @POST @Path("device/{deviceId}/buzz") @Scope(key = "device:firealarm:enroll", name = "", description = "") - @Feature(code = "buzz", name = "Buzzer On / Off", description = "Switch on/off Virtual Fire Alarm Buzzer. (On / Off)") Response switchBuzzer(@PathParam("deviceId") String deviceId, @FormParam("state") String state);