Fix default scopes not updating issue

fix-access-authorization^2
Lasantha Dharmakeerthi 5 months ago
commit 152b1ad929

@ -18,12 +18,24 @@
package io.entgra.device.mgt.core.apimgt.webapp.publisher;
import com.google.gson.Gson;
import io.entgra.device.mgt.core.apimgt.extension.rest.api.constants.Constants;
import io.entgra.device.mgt.core.device.mgt.common.exceptions.MetadataKeyAlreadyExistsException;
import io.entgra.device.mgt.core.device.mgt.common.exceptions.MetadataManagementException;
import io.entgra.device.mgt.core.device.mgt.common.metadata.mgt.Metadata;
import io.entgra.device.mgt.core.device.mgt.common.metadata.mgt.MetadataManagementService;
import io.entgra.device.mgt.core.device.mgt.core.config.DeviceConfigurationManager;
import io.entgra.device.mgt.core.device.mgt.core.config.DeviceManagementConfig;
import io.entgra.device.mgt.core.device.mgt.core.config.permission.DefaultPermission;
import io.entgra.device.mgt.core.device.mgt.core.config.permission.DefaultPermissions;
import org.apache.commons.logging.Log;
import org.apache.commons.logging.LogFactory;
import io.entgra.device.mgt.core.apimgt.webapp.publisher.exception.APIManagerPublisherException;
import io.entgra.device.mgt.core.apimgt.webapp.publisher.internal.APIPublisherDataHolder;
import org.wso2.carbon.core.ServerStartupObserver;
import java.util.HashMap;
import java.util.Map;
import java.util.Stack;
public class APIPublisherStartupHandler implements ServerStartupObserver {
@ -34,6 +46,7 @@ public class APIPublisherStartupHandler implements ServerStartupObserver {
private static final int MAX_RETRY_COUNT = 5;
private static Stack<APIConfig> failedAPIsStack = new Stack<>();
private static Stack<APIConfig> currentAPIsStack;
private static final Gson gson = new Gson();
private APIPublisherService publisher;
@ -91,6 +104,8 @@ public class APIPublisherStartupHandler implements ServerStartupObserver {
log.error("failed to update scope role mapping.", e);
}
updateScopeMetadataEntryWithDefaultScopes();
// execute after api publishing
for (PostApiPublishingObsever observer : APIPublisherDataHolder.getInstance().getPostApiPublishingObseverList()) {
if (log.isDebugEnabled()) {
@ -116,4 +131,39 @@ public class APIPublisherStartupHandler implements ServerStartupObserver {
}
}
/**
* Update permission scope mapping entry with default scopes if perm-scope-mapping entry exists, otherwise this function
* will create that entry and update the value with default permissions.
*/
private void updateScopeMetadataEntryWithDefaultScopes() {
MetadataManagementService metadataManagementService = APIPublisherDataHolder.getInstance().getMetadataManagementService();
try {
DeviceManagementConfig deviceManagementConfig = DeviceConfigurationManager.getInstance().getDeviceManagementConfig();
DefaultPermissions defaultPermissions = deviceManagementConfig.getDefaultPermissions();
Metadata permScopeMapping = metadataManagementService.retrieveMetadata(Constants.PERM_SCOPE_MAPPING_META_KEY);
Map<String, String> permScopeMap = (permScopeMapping != null) ? gson.fromJson(permScopeMapping.getMetaValue(), HashMap.class) :
new HashMap<>();
for (DefaultPermission defaultPermission : defaultPermissions.getDefaultPermissions()) {
permScopeMap.putIfAbsent(defaultPermission.getName(),
defaultPermission.getScopeMapping().getKey());
}
APIPublisherDataHolder.getInstance().setPermScopeMapping(permScopeMap);
if (permScopeMapping != null) {
permScopeMapping.setMetaValue(gson.toJson(permScopeMap));
metadataManagementService.updateMetadata(permScopeMapping);
return;
}
permScopeMapping = new Metadata();
permScopeMapping.setMetaKey(Constants.PERM_SCOPE_MAPPING_META_KEY);
permScopeMapping.setMetaValue(gson.toJson(permScopeMap));
metadataManagementService.createMetadata(permScopeMapping);
} catch (MetadataManagementException e) {
log.error("Error encountered while updating permission scope mapping metadata with default scopes");
} catch (MetadataKeyAlreadyExistsException e) {
log.error("Metadata entry already exists for " + Constants.PERM_SCOPE_MAPPING_META_KEY);
}
}
}

@ -22,10 +22,6 @@ import io.entgra.device.mgt.core.apimgt.webapp.publisher.dto.ApiScope;
import io.entgra.device.mgt.core.device.mgt.common.exceptions.MetadataManagementException;
import io.entgra.device.mgt.core.device.mgt.common.metadata.mgt.Metadata;
import io.entgra.device.mgt.core.device.mgt.common.metadata.mgt.MetadataManagementService;
import io.entgra.device.mgt.core.device.mgt.core.config.DeviceConfigurationManager;
import io.entgra.device.mgt.core.device.mgt.core.config.DeviceManagementConfig;
import io.entgra.device.mgt.core.device.mgt.core.config.permission.DefaultPermission;
import io.entgra.device.mgt.core.device.mgt.core.config.permission.DefaultPermissions;
import org.apache.catalina.Lifecycle;
import org.apache.catalina.LifecycleEvent;
import org.apache.catalina.LifecycleListener;
@ -131,19 +127,13 @@ public class APIPublisherLifecycleListener implements LifecycleListener {
Metadata existingMetaData = metadataManagementService.retrieveMetadata("perm-scope" +
"-mapping");
if (existingMetaData != null) {
existingMetaData.setMetaValue(new Gson().toJson(permScopeMap));
metadataManagementService.updateMetadata(existingMetaData);
} else {
Metadata newMetaData = new Metadata();
newMetaData.setMetaKey("perm-scope-mapping");
DeviceManagementConfig deviceManagementConfig = DeviceConfigurationManager.getInstance().getDeviceManagementConfig();
DefaultPermissions defaultPermissions = deviceManagementConfig.getDefaultPermissions();
for (DefaultPermission defaultPermission : defaultPermissions.getDefaultPermissions()) {
permScopeMap.put(defaultPermission.getName(), defaultPermission.getScopeMapping().getKey());
}
newMetaData.setMetaValue(new Gson().toJson(permScopeMap));
metadataManagementService.createMetadata(newMetaData);
}

@ -46,7 +46,6 @@ import org.wso2.carbon.user.api.UserStoreException;
import org.wso2.carbon.user.api.UserStoreManager;
import org.wso2.carbon.utils.AbstractAxis2ConfigurationContextObserver;
import org.wso2.carbon.utils.multitenancy.MultitenantConstants;
import org.wso2.carbon.utils.multitenancy.MultitenantUtils;
import java.util.ArrayList;
import java.util.Arrays;
@ -143,26 +142,6 @@ public class TenantCreateObserver extends AbstractAxis2ConfigurationContextObser
*/
private void publishScopesToTenant(String tenantDomain) throws TenantManagementException {
if (!MultitenantConstants.SUPER_TENANT_DOMAIN_NAME.equals(tenantDomain)) {
MetadataManagementService metadataManagementService = DeviceManagementDataHolder.getInstance().getMetadataManagementService();
Map<String, String> superTenantPermScopeMapping = getPermScopeMapping(MultitenantConstants.SUPER_TENANT_DOMAIN_NAME);
Map<String, String> subTenantPermScopeMapping = getPermScopeMapping(tenantDomain);
if (superTenantPermScopeMapping == null) {
msg = "Error occurred while retrieving meta key '" + Constants.PERM_SCOPE_MAPPING_META_KEY + "' for tenant '" +
MultitenantConstants.SUPER_TENANT_DOMAIN_NAME + "'. Hence aborting publishing scopes to tenant: '" +
tenantDomain + "'.";
log.error(msg);
throw new TenantManagementException(msg);
}
if (superTenantPermScopeMapping.equals(subTenantPermScopeMapping)) {
if (log.isDebugEnabled()) {
log.debug( "Scopes in '" + tenantDomain + "' are up to date with super tenant scopes.");
}
return;
}
APIApplicationServices apiApplicationServices = DeviceManagementDataHolder.getInstance().getApiApplicationServices();
APIApplicationKey apiApplicationKey;
AccessTokenInfo accessTokenInfo;
@ -268,10 +247,6 @@ public class TenantCreateObserver extends AbstractAxis2ConfigurationContextObser
}
}
}
if (missingScopes.size() > 0 || deletedScopes.size() > 0) {
updatePermScopeMetaData(superTenantPermScopeMapping, metadataManagementService);
}
} else {
if (log.isDebugEnabled()) {
log.debug("Starting to publish shared scopes to newly created tenant: '" + tenantDomain + "'.");
@ -279,7 +254,6 @@ public class TenantCreateObserver extends AbstractAxis2ConfigurationContextObser
publishSharedScopes(Arrays.asList(superTenantScopes), publisherRESTAPIServices,
apiApplicationKey, accessTokenInfo);
updatePermScopeMetaData(superTenantPermScopeMapping, metadataManagementService);
}
} else {
msg = "Unable to publish scopes to sub tenants due to super tenant scopes list being empty.";
@ -298,15 +272,6 @@ public class TenantCreateObserver extends AbstractAxis2ConfigurationContextObser
msg = "Error occurred while publishing scopes to '" + tenantDomain + "' tenant space.";
log.error(msg, e);
throw new TenantManagementException(msg, e);
} catch (MetadataManagementException e) {
msg = "Error occurred trying to create metadata entry '" + Constants.PERM_SCOPE_MAPPING_META_KEY + "'.";
log.error(msg);
throw new TenantManagementException(msg);
} catch (MetadataKeyAlreadyExistsException e) {
msg = "Error occurred trying to create metadata entry '" + Constants.PERM_SCOPE_MAPPING_META_KEY + "'. The meta key " +
"already exists.";
log.error(msg);
throw new TenantManagementException(msg);
} finally {
APIPublisherUtils.removeScopePublishUserIfExists(tenantDomain);
PrivilegedCarbonContext.endTenantFlow();

Loading…
Cancel
Save