From 81b6770c089b4bb16580d447d74b6a4f028940bc Mon Sep 17 00:00:00 2001 From: harshanl Date: Sun, 18 Oct 2015 01:44:28 +0530 Subject: [PATCH] Fixed oauth issue with tenants --- .../WebAppDeploymentLifecycleListener.java | 4 +- .../core/dao/impl/GenericDeviceDAOImpl.java | 30 ++++++------ .../pom.xml | 24 ++++++++-- .../mgt/oauth/extensions/OAuthExtUtils.java | 48 +++++++++++++++++++ .../PermissionBasedScopeValidator.java | 11 +++-- 5 files changed, 92 insertions(+), 25 deletions(-) create mode 100644 components/identity-extensions/org.wso2.carbon.device.mgt.oauth.extensions/src/main/java/org/wso2/carbon/device/mgt/oauth/extensions/OAuthExtUtils.java diff --git a/components/device-mgt/org.wso2.carbon.device.mgt.core/src/main/java/org/wso2/carbon/device/mgt/core/config/permission/lifecycle/WebAppDeploymentLifecycleListener.java b/components/device-mgt/org.wso2.carbon.device.mgt.core/src/main/java/org/wso2/carbon/device/mgt/core/config/permission/lifecycle/WebAppDeploymentLifecycleListener.java index ae7b9f709e9..1d004f7e090 100644 --- a/components/device-mgt/org.wso2.carbon.device.mgt.core/src/main/java/org/wso2/carbon/device/mgt/core/config/permission/lifecycle/WebAppDeploymentLifecycleListener.java +++ b/components/device-mgt/org.wso2.carbon.device.mgt.core/src/main/java/org/wso2/carbon/device/mgt/core/config/permission/lifecycle/WebAppDeploymentLifecycleListener.java @@ -53,7 +53,7 @@ public class WebAppDeploymentLifecycleListener implements LifecycleListener { if (Lifecycle.AFTER_START_EVENT.equals(lifecycleEvent.getType())) { StandardContext context = (StandardContext) lifecycleEvent.getLifecycle(); ServletContext servletContext = context.getServletContext(); - String contextPath = servletContext.getContextPath(); + String contextPath = context.getServletContext().getContextPath(); try { InputStream permissionStream = servletContext.getResourceAsStream(PERMISSION_CONFIG_PATH); if (permissionStream != null) { @@ -77,7 +77,7 @@ public class WebAppDeploymentLifecycleListener implements LifecycleListener { } catch (JAXBException e) { log.error( "Exception occurred while parsing the permission configuration of webapp : " - + servletContext.getContextPath(), e); + + context.getServletContext().getContextPath(), e); } catch (PermissionManagementException e) { log.error("Exception occurred while adding the permissions from webapp : " + servletContext.getContextPath(), e); diff --git a/components/device-mgt/org.wso2.carbon.device.mgt.core/src/main/java/org/wso2/carbon/device/mgt/core/dao/impl/GenericDeviceDAOImpl.java b/components/device-mgt/org.wso2.carbon.device.mgt.core/src/main/java/org/wso2/carbon/device/mgt/core/dao/impl/GenericDeviceDAOImpl.java index efd0d39da54..c824a5bf23b 100644 --- a/components/device-mgt/org.wso2.carbon.device.mgt.core/src/main/java/org/wso2/carbon/device/mgt/core/dao/impl/GenericDeviceDAOImpl.java +++ b/components/device-mgt/org.wso2.carbon.device.mgt.core/src/main/java/org/wso2/carbon/device/mgt/core/dao/impl/GenericDeviceDAOImpl.java @@ -47,13 +47,13 @@ public class GenericDeviceDAOImpl extends AbstractDeviceDAOImpl { List devices = null; try { conn = this.getConnection(); - String sql = "SELECT d1.DEVICE_ID, d1.DESCRIPTION, d1.NAME AS DEVICE_NAME, d1.DEVICE_TYPE, " + - "d1.DEVICE_IDENTIFICATION, e.OWNER, e.OWNERSHIP, e.STATUS, e.DATE_OF_LAST_UPDATE, " + - "e.DATE_OF_ENROLMENT, e.ID AS ENROLMENT_ID FROM DM_ENROLMENT e, (SELECT d.ID AS DEVICE_ID, " + - "d.DESCRIPTION, d.NAME, d.DEVICE_IDENTIFICATION, t.NAME AS DEVICE_TYPE FROM DM_DEVICE d, " + - "DM_DEVICE_TYPE t WHERE d.DEVICE_TYPE_ID = t.ID AND d.TENANT_ID = ?) d1 " + - "WHERE d1.DEVICE_ID = e.DEVICE_ID AND TENANT_ID = ? LIMIT ?,?"; - // String sql = "SELECT * FROM DM_DEVICE WHERE TENANT_ID = ? LIMIT ?,?"; +// String sql = "SELECT d1.DEVICE_ID, d1.DESCRIPTION, d1.NAME AS DEVICE_NAME, d1.DEVICE_TYPE, " + +// "d1.DEVICE_IDENTIFICATION, e.OWNER, e.OWNERSHIP, e.STATUS, e.DATE_OF_LAST_UPDATE, " + +// "e.DATE_OF_ENROLMENT, e.ID AS ENROLMENT_ID FROM DM_ENROLMENT e, (SELECT d.ID AS DEVICE_ID, " + +// "d.DESCRIPTION, d.NAME, d.DEVICE_IDENTIFICATION, t.NAME AS DEVICE_TYPE FROM DM_DEVICE d, " + +// "DM_DEVICE_TYPE t WHERE d.DEVICE_TYPE_ID = t.ID AND d.TENANT_ID = ?) d1 " + +// "WHERE d1.DEVICE_ID = e.DEVICE_ID AND TENANT_ID = ? LIMIT ?,?"; + String sql = "SELECT * FROM DM_DEVICE WHERE TENANT_ID = ? LIMIT ?,?"; stmt = conn.prepareStatement(sql); stmt.setInt(1, tenantId); stmt.setInt(2, tenantId); @@ -88,14 +88,14 @@ public class GenericDeviceDAOImpl extends AbstractDeviceDAOImpl { List devices = null; try { conn = this.getConnection(); - String sql = "SELECT d1.ID AS DEVICE_ID, d1.DESCRIPTION, d1.NAME AS DEVICE_NAME, d1.DEVICE_TYPE, " + - "d1.DEVICE_IDENTIFICATION, e.OWNER, e.OWNERSHIP, e.STATUS, e.DATE_OF_LAST_UPDATE, " + - "e.DATE_OF_ENROLMENT, e.ID AS ENROLMENT_ID FROM DM_ENROLMENT e, (SELECT d.ID, d.DESCRIPTION, " + - "d.NAME, d.DEVICE_IDENTIFICATION, t.NAME AS DEVICE_TYPE FROM DM_DEVICE d, " + - "DM_DEVICE_TYPE t WHERE DEVICE_TYPE_ID = t.ID AND t.NAME = ? " + - "AND d.TENANT_ID = ?) d1 WHERE d1.ID = e.DEVICE_ID AND TENANT_ID = ? LIMIT ?,?"; - //String sql = "SELECT * FROM DM_DEVICE d, (SELECT t.ID AS TYPE_ID FROM DM_DEVICE_TYPE t WHERE t.NAME = ?)" + - // " d1 WHERE TYPE_ID = d.DEVICE_TYPE_ID AND d.TENANT_ID = ? LIMIT ?,?"; +// String sql = "SELECT d1.ID AS DEVICE_ID, d1.DESCRIPTION, d1.NAME AS DEVICE_NAME, d1.DEVICE_TYPE, " + +// "d1.DEVICE_IDENTIFICATION, e.OWNER, e.OWNERSHIP, e.STATUS, e.DATE_OF_LAST_UPDATE, " + +// "e.DATE_OF_ENROLMENT, e.ID AS ENROLMENT_ID FROM DM_ENROLMENT e, (SELECT d.ID, d.DESCRIPTION, " + +// "d.NAME, d.DEVICE_IDENTIFICATION, t.NAME AS DEVICE_TYPE FROM DM_DEVICE d, " + +// "DM_DEVICE_TYPE t WHERE DEVICE_TYPE_ID = t.ID AND t.NAME = ? " + +// "AND d.TENANT_ID = ?) d1 WHERE d1.ID = e.DEVICE_ID AND TENANT_ID = ? LIMIT ?,?"; + String sql = "SELECT * FROM DM_DEVICE d, (SELECT t.ID AS TYPE_ID FROM DM_DEVICE_TYPE t WHERE t.NAME = ?)" + + " d1 WHERE TYPE_ID = d.DEVICE_TYPE_ID AND d.TENANT_ID = ? LIMIT ?,?"; stmt = conn.prepareStatement(sql); stmt.setString(1, type); stmt.setInt(2, tenantId); diff --git a/components/identity-extensions/org.wso2.carbon.device.mgt.oauth.extensions/pom.xml b/components/identity-extensions/org.wso2.carbon.device.mgt.oauth.extensions/pom.xml index e3547c731d5..275f92c61a3 100644 --- a/components/identity-extensions/org.wso2.carbon.device.mgt.oauth.extensions/pom.xml +++ b/components/identity-extensions/org.wso2.carbon.device.mgt.oauth.extensions/pom.xml @@ -17,7 +17,8 @@ ~ under the License. --> - + org.wso2.carbon.devicemgt @@ -72,10 +73,25 @@ org.wso2.carbon.device.mgt.oauth.extensions.internal !org.wso2.carbon.device.mgt.oauth.extensions.internal, - org.wso2.carbon.device.mgt.oauth.extensions.handlers.*, - org.wso2.carbon.device.mgt.oauth.extensions.validators.* + org.wso2.carbon.device.mgt.oauth.extensions.* - * + + javax.security.auth.*, + org.apache.commons.logging, + org.osgi.service.component, + org.wso2.carbon.device.mgt.common.permission.mgt, + org.wso2.carbon.device.mgt.oauth.extensions.*, + org.wso2.carbon.device.mgt.* + org.wso2.carbon.identity.application.common.model, + org.wso2.carbon.identity.oauth.callback, + org.wso2.carbon.identity.oauth2, + org.wso2.carbon.identity.oauth2.model, + org.wso2.carbon.identity.oauth2.validators, + org.wso2.carbon.user.api, + org.wso2.carbon.user.core.service, + org.wso2.carbon.identity.application.common.model, + org.wso2.carbon.user.core.tenant + diff --git a/components/identity-extensions/org.wso2.carbon.device.mgt.oauth.extensions/src/main/java/org/wso2/carbon/device/mgt/oauth/extensions/OAuthExtUtils.java b/components/identity-extensions/org.wso2.carbon.device.mgt.oauth.extensions/src/main/java/org/wso2/carbon/device/mgt/oauth/extensions/OAuthExtUtils.java new file mode 100644 index 00000000000..aa5a73b1401 --- /dev/null +++ b/components/identity-extensions/org.wso2.carbon.device.mgt.oauth.extensions/src/main/java/org/wso2/carbon/device/mgt/oauth/extensions/OAuthExtUtils.java @@ -0,0 +1,48 @@ +/* + * Copyright (c) 2015, WSO2 Inc. (http://www.wso2.org) All Rights Reserved. + * + * WSO2 Inc. licenses this file to you under the Apache License, + * Version 2.0 (the "License"); you may not use this file except + * in compliance with the License. + * you may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, + * software distributed under the License is distributed on an + * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY + * KIND, either express or implied. See the License for the + * specific language governing permissions and limitations + * under the License. + */ + +package org.wso2.carbon.device.mgt.oauth.extensions; + +import org.apache.commons.logging.Log; +import org.apache.commons.logging.LogFactory; +import org.wso2.carbon.device.mgt.oauth.extensions.internal.OAuthExtensionsDataHolder; +import org.wso2.carbon.user.api.TenantManager; +import org.wso2.carbon.user.api.UserStoreException; + +/** + * This class holds util methods used by OAuth extension bundle. + */ +public class OAuthExtUtils { + + private static final Log log = LogFactory.getLog(OAuthExtUtils.class); + + public static int getTenantId(String tenantDomain) { + int tenantId = 0; + if (tenantDomain != null) { + try { + TenantManager tenantManager = OAuthExtensionsDataHolder.getInstance().getRealmService().getTenantManager(); + tenantId = tenantManager.getTenantId(tenantDomain); + } catch (UserStoreException e) { + String errorMsg = "Error when getting the tenant id from the tenant domain : " + + tenantDomain; + log.error(errorMsg, e); + } + } + return tenantId; + } +} diff --git a/components/identity-extensions/org.wso2.carbon.device.mgt.oauth.extensions/src/main/java/org/wso2/carbon/device/mgt/oauth/extensions/validators/PermissionBasedScopeValidator.java b/components/identity-extensions/org.wso2.carbon.device.mgt.oauth.extensions/src/main/java/org/wso2/carbon/device/mgt/oauth/extensions/validators/PermissionBasedScopeValidator.java index 78eed7d06a7..67b944dc165 100644 --- a/components/identity-extensions/org.wso2.carbon.device.mgt.oauth.extensions/src/main/java/org/wso2/carbon/device/mgt/oauth/extensions/validators/PermissionBasedScopeValidator.java +++ b/components/identity-extensions/org.wso2.carbon.device.mgt.oauth.extensions/src/main/java/org/wso2/carbon/device/mgt/oauth/extensions/validators/PermissionBasedScopeValidator.java @@ -20,11 +20,12 @@ package org.wso2.carbon.device.mgt.oauth.extensions.validators; import org.apache.commons.logging.Log; import org.apache.commons.logging.LogFactory; -import org.wso2.carbon.context.CarbonContext; import org.wso2.carbon.device.mgt.common.permission.mgt.Permission; import org.wso2.carbon.device.mgt.common.permission.mgt.PermissionManagementException; import org.wso2.carbon.device.mgt.common.permission.mgt.PermissionManagerService; +import org.wso2.carbon.device.mgt.oauth.extensions.OAuthExtUtils; import org.wso2.carbon.device.mgt.oauth.extensions.internal.OAuthExtensionsDataHolder; +import org.wso2.carbon.identity.application.common.model.User; import org.wso2.carbon.identity.oauth2.IdentityOAuth2Exception; import org.wso2.carbon.identity.oauth2.model.AccessTokenDO; import org.wso2.carbon.identity.oauth2.validators.OAuth2ScopeValidator; @@ -72,9 +73,11 @@ public class PermissionBasedScopeValidator extends OAuth2ScopeValidator { getPermissionManagerService(); try { Permission permission = permissionManagerService.getPermission(properties); - if ((permission != null) && (accessTokenDO.getAuthzUser() != null)) { - String username = accessTokenDO.getAuthzUser().getUserName(); - UserRealm userRealm = CarbonContext.getThreadLocalCarbonContext().getUserRealm(); + User authzUser = accessTokenDO.getAuthzUser(); + if ((permission != null) && (authzUser != null)) { + String username = authzUser.getUserName(); + int tenantId = OAuthExtUtils.getTenantId(authzUser.getTenantDomain()); + UserRealm userRealm = OAuthExtensionsDataHolder.getInstance().getRealmService().getTenantUserRealm(tenantId); if (userRealm != null && userRealm.getAuthorizationManager() != null) { status = userRealm.getAuthorizationManager() .isUserAuthorized(username, permission.getPath(),