few changes in coding issues

revert-dabc3590
ayyoob 8 years ago
parent bfb9c62968
commit c7a29f0637

@ -96,7 +96,7 @@ public class DeviceAuthorizer implements Authorizer {
} }
} }
} catch (FeignException e) { } catch (FeignException e) {
//do nothing logger.error(e.getMessage(), e);
} }
} }
return false; return false;
@ -110,7 +110,7 @@ public class DeviceAuthorizer implements Authorizer {
break; break;
} }
} }
if (deviceMgtServerUrl == null && deviceMgtServerUrl.isEmpty()) { if (deviceMgtServerUrl == null || deviceMgtServerUrl.isEmpty()) {
logger.error("deviceMgtServerUrl can't be empty "); logger.error("deviceMgtServerUrl can't be empty ");
} }
return deviceMgtServerUrl; return deviceMgtServerUrl;

@ -41,7 +41,7 @@ public class OAuthRequestInterceptor implements RequestInterceptor {
private long refreshTimeOffset; private long refreshTimeOffset;
private static final String API_APPLICATION_REGISTRATION_CONTEXT = "/api-application-registration"; private static final String API_APPLICATION_REGISTRATION_CONTEXT = "/api-application-registration";
private static final String DEVICE_MANAGEMENT_SERVICE_TAG[] = {"device_management"}; private static final String DEVICE_MANAGEMENT_SERVICE_TAG[] = {"device_management"};
private static final String APPLICATION_NAME = "mqtt_broker"; private static final String APPLICATION_NAME = "websocket-app";
private static final String PASSWORD_GRANT_TYPE = "password"; private static final String PASSWORD_GRANT_TYPE = "password";
private static final String REFRESH_GRANT_TYPE = "refresh_token"; private static final String REFRESH_GRANT_TYPE = "refresh_token";
private ApiApplicationRegistrationService apiApplicationRegistrationService; private ApiApplicationRegistrationService apiApplicationRegistrationService;
@ -93,9 +93,11 @@ public class OAuthRequestInterceptor implements RequestInterceptor {
.contract(new JAXRSContract()).encoder(new GsonEncoder()).decoder(new GsonDecoder()) .contract(new JAXRSContract()).encoder(new GsonEncoder()).decoder(new GsonDecoder())
.target(TokenIssuerService.class, tokenEndpoint); .target(TokenIssuerService.class, tokenEndpoint);
tokenInfo = tokenIssuerService.getToken(PASSWORD_GRANT_TYPE, username, password); tokenInfo = tokenIssuerService.getToken(PASSWORD_GRANT_TYPE, username, password);
tokenInfo.setExpires_in(System.currentTimeMillis() + tokenInfo.getExpires_in());
} }
if (System.currentTimeMillis() + refreshTimeOffset > tokenInfo.getExpires_in()) { if (System.currentTimeMillis() + refreshTimeOffset > tokenInfo.getExpires_in()) {
tokenInfo = tokenIssuerService.getToken(REFRESH_GRANT_TYPE, tokenInfo.getRefresh_token()); tokenInfo = tokenIssuerService.getToken(REFRESH_GRANT_TYPE, tokenInfo.getRefresh_token());
tokenInfo.setExpires_in(System.currentTimeMillis() + tokenInfo.getExpires_in());
} }
String headerValue = "Bearer " + tokenInfo.getAccess_token(); String headerValue = "Bearer " + tokenInfo.getAccess_token();
template.header("Authorization", headerValue); template.header("Authorization", headerValue);

@ -1,3 +1,16 @@
/*
* Copyright (c) 2016, WSO2 Inc. (http://www.wso2.org) All Rights Reserved.
*
* Licensed under the Apache License, Version 2.0 (the "License");
* you may not use this file except in compliance with the License.
* You may obtain a copy of the License at
* http://www.apache.org/licenses/LICENSE-2.0
* Unless required by applicable law or agreed to in writing, software
* distributed under the License is distributed on an "AS IS" BASIS,
* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
* See the License for the specific language governing permissions and limitations under the License.
*
*/
package org.wso2.carbon.device.mgt.output.adapter.websocket.authorization.client.dto; package org.wso2.carbon.device.mgt.output.adapter.websocket.authorization.client.dto;
import javax.ws.rs.Consumes; import javax.ws.rs.Consumes;

@ -1,3 +1,16 @@
/*
* Copyright (c) 2016, WSO2 Inc. (http://www.wso2.org) All Rights Reserved.
*
* Licensed under the Apache License, Version 2.0 (the "License");
* you may not use this file except in compliance with the License.
* You may obtain a copy of the License at
* http://www.apache.org/licenses/LICENSE-2.0
* Unless required by applicable law or agreed to in writing, software
* distributed under the License is distributed on an "AS IS" BASIS,
* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
* See the License for the specific language governing permissions and limitations under the License.
*
*/
package org.wso2.carbon.device.mgt.output.adapter.websocket.authorization.client.dto; package org.wso2.carbon.device.mgt.output.adapter.websocket.authorization.client.dto;
import java.util.List; import java.util.List;

@ -1,3 +1,16 @@
/*
* Copyright (c) 2016, WSO2 Inc. (http://www.wso2.org) All Rights Reserved.
*
* Licensed under the Apache License, Version 2.0 (the "License");
* you may not use this file except in compliance with the License.
* You may obtain a copy of the License at
* http://www.apache.org/licenses/LICENSE-2.0
* Unless required by applicable law or agreed to in writing, software
* distributed under the License is distributed on an "AS IS" BASIS,
* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
* See the License for the specific language governing permissions and limitations under the License.
*
*/
package org.wso2.carbon.device.mgt.output.adapter.websocket.authorization.client.dto; package org.wso2.carbon.device.mgt.output.adapter.websocket.authorization.client.dto;

@ -11,9 +11,22 @@
* See the License for the specific language governing permissions and limitations under the License. * See the License for the specific language governing permissions and limitations under the License.
* *
*/ */
/*
* Copyright (c) 2016, WSO2 Inc. (http://www.wso2.org) All Rights Reserved.
*
* Licensed under the Apache License, Version 2.0 (the "License");
* you may not use this file except in compliance with the License.
* You may obtain a copy of the License at
* http://www.apache.org/licenses/LICENSE-2.0
* Unless required by applicable law or agreed to in writing, software
* distributed under the License is distributed on an "AS IS" BASIS,
* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
* See the License for the specific language governing permissions and limitations under the License.
*
*/
package org.wso2.carbon.device.mgt.output.adapter.websocket.authorization.client.dto; package org.wso2.carbon.device.mgt.output.adapter.websocket.authorization.client.dto;
import javax.ws.rs.Consumes;
import javax.ws.rs.POST; import javax.ws.rs.POST;
import javax.ws.rs.Path; import javax.ws.rs.Path;
import javax.ws.rs.Produces; import javax.ws.rs.Produces;
@ -28,10 +41,12 @@ public interface TokenIssuerService {
@POST @POST
@Produces(MediaType.APPLICATION_JSON) @Produces(MediaType.APPLICATION_JSON)
@Consumes(MediaType.APPLICATION_FORM_URLENCODED)
AccessTokenInfo getToken(@QueryParam("grant_type") String grant, @QueryParam("username") String username, AccessTokenInfo getToken(@QueryParam("grant_type") String grant, @QueryParam("username") String username,
@QueryParam("password") String password); @QueryParam("password") String password);
@POST @POST
@Produces(MediaType.APPLICATION_JSON) @Produces(MediaType.APPLICATION_JSON)
@Consumes(MediaType.APPLICATION_FORM_URLENCODED)
AccessTokenInfo getToken(@QueryParam("grant_type") String grant, @QueryParam("refresh_token") String refreshToken); AccessTokenInfo getToken(@QueryParam("grant_type") String grant, @QueryParam("refresh_token") String refreshToken);
} }

@ -50,7 +50,7 @@ import java.util.List;
import java.util.concurrent.TimeUnit; import java.util.concurrent.TimeUnit;
/** /**
* Authorize the connecting users against Carbon Permission Model. Intended usage is * Authorize the connecting users against CDMF. Intended usage is
* via providing fully qualified class name in broker.xml * via providing fully qualified class name in broker.xml
* <p/> * <p/>
* This is just a simple authorization model. For dynamic topics use an implementation based on IAuthorizer * This is just a simple authorization model. For dynamic topics use an implementation based on IAuthorizer
@ -83,71 +83,79 @@ public class DeviceAccessBasedMQTTAuthorizer implements IAuthorizer {
@Override @Override
public boolean isAuthorizedForTopic(MQTTAuthorizationSubject authorizationSubject, String topic, public boolean isAuthorizedForTopic(MQTTAuthorizationSubject authorizationSubject, String topic,
MQTTAuthoriztionPermissionLevel permissionLevel) { MQTTAuthoriztionPermissionLevel permissionLevel) {
String topics[] = topic.split("/"); PrivilegedCarbonContext.startTenantFlow();
String tenantDomainFromTopic = topics[0]; PrivilegedCarbonContext.getThreadLocalCarbonContext().setTenantDomain(
if (!tenantDomainFromTopic.equals(authorizationSubject.getTenantDomain())) { MultitenantConstants.SUPER_TENANT_DOMAIN_NAME, true);
return false; try {
} String topics[] = topic.split("/");
if (topics.length < 3) { String tenantDomainFromTopic = topics[0];
if (!tenantDomainFromTopic.equals(authorizationSubject.getTenantDomain())) {
return false;
}
if (topics.length < 3) {
AuthorizationCacheKey authorizationCacheKey = new AuthorizationCacheKey(tenantDomainFromTopic
, authorizationSubject.getUsername(), "", "");
if (cache.get(authorizationCacheKey) != null && cache.get(authorizationCacheKey)) {
return true;
}
AuthorizationRequest authorizationRequest = new AuthorizationRequest();
authorizationRequest.setTenantDomain(tenantDomainFromTopic);
try {
DeviceAuthorizationResult deviceAuthorizationResult =
deviceAccessAuthorizationAdminService.isAuthorized(authorizationRequest);
if (deviceAuthorizationResult != null) {
cache.put(authorizationCacheKey, true);
return true;
}
return false;
} catch (FeignException e) {
logger.error(e.getMessage(), e);
return false;
}
}
String deviceType = topics[1];
String deviceId = topics[2];
AuthorizationCacheKey authorizationCacheKey = new AuthorizationCacheKey(tenantDomainFromTopic AuthorizationCacheKey authorizationCacheKey = new AuthorizationCacheKey(tenantDomainFromTopic
,authorizationSubject.getUsername(), "", ""); , authorizationSubject.getUsername(), deviceId, deviceType);
if (cache.get(authorizationCacheKey)) { if (cache.get(authorizationCacheKey) != null && cache.get(authorizationCacheKey)) {
return true; return true;
} }
List<String> requiredPermission;
if (permissionLevel == MQTTAuthoriztionPermissionLevel.SUBSCRIBE) {
requiredPermission = MQTTAuthorizationConfiguration.getSubscriberPermissions();
} else {
requiredPermission = MQTTAuthorizationConfiguration.getPublisherPermissions();
}
AuthorizationRequest authorizationRequest = new AuthorizationRequest(); AuthorizationRequest authorizationRequest = new AuthorizationRequest();
authorizationRequest.setTenantDomain(tenantDomainFromTopic); authorizationRequest.setTenantDomain(tenantDomainFromTopic);
if (requiredPermission != null) {
authorizationRequest.setPermissions(requiredPermission);
}
authorizationRequest.setUsername(authorizationSubject.getUsername());
DeviceIdentifier deviceIdentifier = new DeviceIdentifier();
deviceIdentifier.setId(deviceId);
deviceIdentifier.setType(deviceType);
List<DeviceIdentifier> deviceIdentifiers = new ArrayList<>();
deviceIdentifiers.add(deviceIdentifier);
authorizationRequest.setDeviceIdentifiers(deviceIdentifiers);
try { try {
DeviceAuthorizationResult deviceAuthorizationResult = DeviceAuthorizationResult deviceAuthorizationResult =
deviceAccessAuthorizationAdminService.isAuthorized(authorizationRequest); deviceAccessAuthorizationAdminService.isAuthorized(authorizationRequest);
if (deviceAuthorizationResult != null) { List<DeviceIdentifier> devices = deviceAuthorizationResult.getAuthorizedDevices();
cache.put(authorizationCacheKey, true); if (devices != null && devices.size() > 0) {
return true; DeviceIdentifier authorizedDevice = devices.get(0);
if (authorizedDevice.getId().equals(deviceId) && authorizedDevice.getType().equals(deviceType)) {
cache.put(authorizationCacheKey, true);
return true;
}
} }
return false;
} catch (FeignException e) { } catch (FeignException e) {
return false; logger.error(e.getMessage(), e);
}
}
String deviceType = topics[1];
String deviceId = topics[2];
AuthorizationCacheKey authorizationCacheKey = new AuthorizationCacheKey(tenantDomainFromTopic
,authorizationSubject.getUsername(), deviceId, deviceType);
if (cache.get(authorizationCacheKey)) {
return true;
}
List<String> requiredPermission;
if (permissionLevel == MQTTAuthoriztionPermissionLevel.SUBSCRIBE) {
requiredPermission = MQTTAuthorizationConfiguration.getSubscriberPermissions();
} else {
requiredPermission = MQTTAuthorizationConfiguration.getPublisherPermissions();
}
AuthorizationRequest authorizationRequest = new AuthorizationRequest();
authorizationRequest.setTenantDomain(tenantDomainFromTopic);
if (requiredPermission != null) {
authorizationRequest.setPermissions(requiredPermission);
}
authorizationRequest.setUsername(authorizationSubject.getUsername());
DeviceIdentifier deviceIdentifier = new DeviceIdentifier();
deviceIdentifier.setId(deviceId);
deviceIdentifier.setType(deviceType);
List<DeviceIdentifier> deviceIdentifiers = new ArrayList<>();
deviceIdentifiers.add(deviceIdentifier);
authorizationRequest.setDeviceIdentifiers(deviceIdentifiers);
try {
DeviceAuthorizationResult deviceAuthorizationResult =
deviceAccessAuthorizationAdminService.isAuthorized(authorizationRequest);
List<DeviceIdentifier> devices = deviceAuthorizationResult.getAuthorizedDevices();
if (devices != null && devices.size() > 0) {
DeviceIdentifier authorizedDevice = devices.get(0);
if (authorizedDevice.getId().equals(deviceId) && authorizedDevice.getType().equals(deviceType)) {
cache.put(authorizationCacheKey, true);
return true;
}
} }
} catch (FeignException e) { } finally {
// do nothing. PrivilegedCarbonContext.endTenantFlow();
} }
return false; return false;

@ -77,9 +77,11 @@ public class OAuthRequestInterceptor implements RequestInterceptor {
.contract(new JAXRSContract()).encoder(new GsonEncoder()).decoder(new GsonDecoder()) .contract(new JAXRSContract()).encoder(new GsonEncoder()).decoder(new GsonDecoder())
.target(TokenIssuerService.class, AuthorizationConfigurationManager.getInstance().getTokenEndpoint()); .target(TokenIssuerService.class, AuthorizationConfigurationManager.getInstance().getTokenEndpoint());
tokenInfo = tokenIssuerService.getToken(PASSWORD_GRANT_TYPE, username, password); tokenInfo = tokenIssuerService.getToken(PASSWORD_GRANT_TYPE, username, password);
tokenInfo.setExpires_in(System.currentTimeMillis() + tokenInfo.getExpires_in());
} }
if (System.currentTimeMillis() + refreshTimeOffset > tokenInfo.getExpires_in()) { if (System.currentTimeMillis() + refreshTimeOffset > tokenInfo.getExpires_in()) {
tokenInfo = tokenIssuerService.getToken(REFRESH_GRANT_TYPE, tokenInfo.getRefresh_token()); tokenInfo = tokenIssuerService.getToken(REFRESH_GRANT_TYPE, tokenInfo.getRefresh_token());
tokenInfo.setExpires_in(System.currentTimeMillis() + tokenInfo.getExpires_in());
} }
String headerValue = "Bearer " + tokenInfo.getAccess_token(); String headerValue = "Bearer " + tokenInfo.getAccess_token();
template.header("Authorization", headerValue); template.header("Authorization", headerValue);

@ -1,3 +1,16 @@
/*
* Copyright (c) 2016, WSO2 Inc. (http://www.wso2.org) All Rights Reserved.
*
* Licensed under the Apache License, Version 2.0 (the "License");
* you may not use this file except in compliance with the License.
* You may obtain a copy of the License at
* http://www.apache.org/licenses/LICENSE-2.0
* Unless required by applicable law or agreed to in writing, software
* distributed under the License is distributed on an "AS IS" BASIS,
* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
* See the License for the specific language governing permissions and limitations under the License.
*
*/
package org.wso2.carbon.andes.extensions.device.mgt.mqtt.authorization.client.dto; package org.wso2.carbon.andes.extensions.device.mgt.mqtt.authorization.client.dto;
import javax.ws.rs.Consumes; import javax.ws.rs.Consumes;

@ -1,3 +1,16 @@
/*
* Copyright (c) 2016, WSO2 Inc. (http://www.wso2.org) All Rights Reserved.
*
* Licensed under the Apache License, Version 2.0 (the "License");
* you may not use this file except in compliance with the License.
* You may obtain a copy of the License at
* http://www.apache.org/licenses/LICENSE-2.0
* Unless required by applicable law or agreed to in writing, software
* distributed under the License is distributed on an "AS IS" BASIS,
* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
* See the License for the specific language governing permissions and limitations under the License.
*
*/
package org.wso2.carbon.andes.extensions.device.mgt.mqtt.authorization.client.dto; package org.wso2.carbon.andes.extensions.device.mgt.mqtt.authorization.client.dto;
import java.util.List; import java.util.List;

@ -1,3 +1,16 @@
/*
* Copyright (c) 2016, WSO2 Inc. (http://www.wso2.org) All Rights Reserved.
*
* Licensed under the Apache License, Version 2.0 (the "License");
* you may not use this file except in compliance with the License.
* You may obtain a copy of the License at
* http://www.apache.org/licenses/LICENSE-2.0
* Unless required by applicable law or agreed to in writing, software
* distributed under the License is distributed on an "AS IS" BASIS,
* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
* See the License for the specific language governing permissions and limitations under the License.
*
*/
package org.wso2.carbon.andes.extensions.device.mgt.mqtt.authorization.client.dto; package org.wso2.carbon.andes.extensions.device.mgt.mqtt.authorization.client.dto;

@ -14,6 +14,7 @@
package org.wso2.carbon.andes.extensions.device.mgt.mqtt.authorization.client.dto; package org.wso2.carbon.andes.extensions.device.mgt.mqtt.authorization.client.dto;
import javax.ws.rs.Consumes;
import javax.ws.rs.POST; import javax.ws.rs.POST;
import javax.ws.rs.Path; import javax.ws.rs.Path;
import javax.ws.rs.Produces; import javax.ws.rs.Produces;
@ -28,10 +29,12 @@ public interface TokenIssuerService {
@POST @POST
@Produces(MediaType.APPLICATION_JSON) @Produces(MediaType.APPLICATION_JSON)
@Consumes(MediaType.APPLICATION_FORM_URLENCODED)
AccessTokenInfo getToken(@QueryParam("grant_type") String grant, @QueryParam("username") String username, AccessTokenInfo getToken(@QueryParam("grant_type") String grant, @QueryParam("username") String username,
@QueryParam("password") String password); @QueryParam("password") String password);
@POST @POST
@Produces(MediaType.APPLICATION_JSON) @Produces(MediaType.APPLICATION_JSON)
@Consumes(MediaType.APPLICATION_FORM_URLENCODED)
AccessTokenInfo getToken(@QueryParam("grant_type") String grant, @QueryParam("refresh_token") String refreshToken); AccessTokenInfo getToken(@QueryParam("grant_type") String grant, @QueryParam("refresh_token") String refreshToken);
} }

Loading…
Cancel
Save