diff --git a/components/device-mgt/org.wso2.carbon.device.mgt.api/src/main/webapp/WEB-INF/web.xml b/components/device-mgt/org.wso2.carbon.device.mgt.api/src/main/webapp/WEB-INF/web.xml
index dc7eda629b9..aa494825575 100644
--- a/components/device-mgt/org.wso2.carbon.device.mgt.api/src/main/webapp/WEB-INF/web.xml
+++ b/components/device-mgt/org.wso2.carbon.device.mgt.api/src/main/webapp/WEB-INF/web.xml
@@ -74,6 +74,43 @@
ApiOriginFilter
org.wso2.carbon.device.mgt.jaxrs.ApiOriginFilter
+
+
+ HttpHeaderSecurityFilter
+ org.apache.catalina.filters.HttpHeaderSecurityFilter
+
+ hstsEnabled
+ false
+
+
+
+
+ ContentTypeBasedCachePreventionFilter
+ org.wso2.carbon.ui.filters.cache.ContentTypeBasedCachePreventionFilter
+
+ patterns
+ "text/html*","application/json*","text/plain*"
+
+
+ filterAction
+ enforce
+
+
+ httpHeaders
+ Cache-Control: no-store, no-cache, must-revalidate, private
+
+
+
+
+ HttpHeaderSecurityFilter
+ /*
+
+
+
+ ContentTypeBasedCachePreventionFilter
+ /*
+
+
ApiOriginFilter
/*
diff --git a/components/device-mgt/org.wso2.carbon.device.mgt.ui/src/main/resources/jaggeryapps/devicemgt/app/modules/init.js b/components/device-mgt/org.wso2.carbon.device.mgt.ui/src/main/resources/jaggeryapps/devicemgt/app/modules/init.js
index bc0fa5abb04..4815edd59d0 100644
--- a/components/device-mgt/org.wso2.carbon.device.mgt.ui/src/main/resources/jaggeryapps/devicemgt/app/modules/init.js
+++ b/components/device-mgt/org.wso2.carbon.device.mgt.ui/src/main/resources/jaggeryapps/devicemgt/app/modules/init.js
@@ -29,13 +29,15 @@ var carbonServer = new carbonModule.server.Server({
application.put("carbonServer", carbonServer);
var permissions = {
- "/permission/admin/device-mgt/devices/enroll": ["ui.execute"],
- "/permission/admin/device-mgt/devices/disenroll": ["ui.execute"],
- "/permission/admin/device-mgt/devices/owning-device": ["ui.execute"],
- "/permission/admin/device-mgt/groups": ["ui.execute"],
- "/permission/admin/device-mgt/notifications": ["ui.execute"],
- "/permission/admin/device-mgt/policies": ["ui.execute"],
- "/permission/admin/manage/api/subscribe": ["ui.execute"]
+ "/permission/admin/Login": ["ui.execute"]
};
+var adminPermissions = {
+ "/permission/admin": ["ui.execute"]
+};
+
+//On Startup, admin user will get both roles: devicemgt-admin and devicemgt-user
+//Average user through sign-up will only receive the role: devicemgt-user.
+//Admin can setup necessary permissions for the role: devicemgt-user
userModule.addRole("internal/devicemgt-user", ["admin"], permissions);
+userModule.addRole("internal/devicemgt-admin", ["admin"], adminPermissions);
diff --git a/components/device-mgt/org.wso2.carbon.device.mgt.ui/src/main/resources/jaggeryapps/devicemgt/app/units/cdmf.unit.ui.navbar.nav-menu/nav-menu.hbs b/components/device-mgt/org.wso2.carbon.device.mgt.ui/src/main/resources/jaggeryapps/devicemgt/app/units/cdmf.unit.ui.navbar.nav-menu/nav-menu.hbs
index 21687eef226..51d087ca345 100644
--- a/components/device-mgt/org.wso2.carbon.device.mgt.ui/src/main/resources/jaggeryapps/devicemgt/app/units/cdmf.unit.ui.navbar.nav-menu/nav-menu.hbs
+++ b/components/device-mgt/org.wso2.carbon.device.mgt.ui/src/main/resources/jaggeryapps/devicemgt/app/units/cdmf.unit.ui.navbar.nav-menu/nav-menu.hbs
@@ -45,33 +45,33 @@
{{/if}}
- User Management
-
- {{#if permissions.LIST_USERS}}
- - Users
- {{/if}}
+ {{#if userMgtEnabled}}
+ - User Management
+
+ {{#if permissions.LIST_USERS}}
+ - Users
+ {{/if}}
- {{#if permissions.LIST_ROLES}}
- - Roles
- {{/if}}
-
-
+ {{#if permissions.LIST_ROLES}}
+ - Roles
+ {{/if}}
+
+
+ {{/if}}
{{#if permissions.LIST_POLICIES}}
Policy Management
{{/if}}
- Configuration Management
-
+
+ {{/if}}
{{/zone}}
{{#zone "navbarCollapsableRightItems"}}
diff --git a/components/device-mgt/org.wso2.carbon.device.mgt.ui/src/main/resources/jaggeryapps/devicemgt/jaggery.conf b/components/device-mgt/org.wso2.carbon.device.mgt.ui/src/main/resources/jaggeryapps/devicemgt/jaggery.conf
index 832c1ab2528..fd500822e09 100644
--- a/components/device-mgt/org.wso2.carbon.device.mgt.ui/src/main/resources/jaggeryapps/devicemgt/jaggery.conf
+++ b/components/device-mgt/org.wso2.carbon.device.mgt.ui/src/main/resources/jaggeryapps/devicemgt/jaggery.conf
@@ -66,24 +66,39 @@
},
"filters": [
{
- "name": "URLBasedCachePreventionFilter",
- "class": "org.wso2.carbon.ui.filters.cache.URLBasedCachePreventionFilter"
+ "name": "ContentTypeBasedCachePreventionFilter",
+ "class": "org.wso2.carbon.ui.filters.cache.ContentTypeBasedCachePreventionFilter",
+ "params" : [
+ {"name" : "patterns", "value" : "text/html\" ,application/json\" ,text/plain"},
+ {"name" : "filterAction", "value" : "enforce"},
+ {"name" : "httpHeaders", "value" : "Cache-Control: no-store, no-cache, must-revalidate, private"}
+ ]
},
{
"name":"HttpHeaderSecurityFilter",
"class":"org.apache.catalina.filters.HttpHeaderSecurityFilter",
"params" : [{"name" : "hstsEnabled", "value" : "false"}]
+ },
+ {
+ "name" : "CSRFGuard",
+ "class" : "org.owasp.csrfguard.CsrfGuardFilter"
}
+
],
"filterMappings": [
- {
- "name": "URLBasedCachePreventionFilter",
- "url": "/api/*"
- },
{
"name":"HttpHeaderSecurityFilter",
"url":"*"
+ },
+ {
+ "name" : "CSRFGuard",
+ "url" : "/*"
+ },
+ {
+ "name":"ContentTypeBasedCachePreventionFilter",
+ "url":"*"
}
+
],
"listeners" : [
{
@@ -108,7 +123,7 @@
"contextParams" : [
{
"name" : "Owasp.CsrfGuard.Config",
- "value" : "/repository/conf/security/Owasp.CsrfGuard.dashboard.properties"
+ "value" : "repository/conf/security/Owasp.CsrfGuard.dashboard.properties"
}
]
}
\ No newline at end of file
diff --git a/features/device-mgt/org.wso2.carbon.device.mgt.server.feature/src/main/resources/dbscripts/cdm/mssql.sql b/features/device-mgt/org.wso2.carbon.device.mgt.server.feature/src/main/resources/dbscripts/cdm/mssql.sql
index 900eeefde12..db405cdc1eb 100644
--- a/features/device-mgt/org.wso2.carbon.device.mgt.server.feature/src/main/resources/dbscripts/cdm/mssql.sql
+++ b/features/device-mgt/org.wso2.carbon.device.mgt.server.feature/src/main/resources/dbscripts/cdm/mssql.sql
@@ -192,8 +192,8 @@ CREATE TABLE DM_PROFILE (
CREATED_TIME DATETIME NOT NULL ,
UPDATED_TIME DATETIME NOT NULL ,
PRIMARY KEY (ID) ,
- CONSTRAINT DM_PROFILE_DEVICE_TYPE FOREIGN KEY (DEVICE_TYPE) REFERENCES
- DM_DEVICE_TYPE (NAME) ON DELETE NO ACTION ON UPDATE NO ACTION
+ CONSTRAINT DM_PROFILE_DEVICE_TYPE FOREIGN KEY (DEVICE_TYPE, TENANT_ID) REFERENCES
+ DM_DEVICE_TYPE (NAME, PROVIDER_TENANT_ID) ON DELETE NO ACTION ON UPDATE NO ACTION
);
IF NOT EXISTS (SELECT * FROM SYS.OBJECTS WHERE OBJECT_ID = OBJECT_ID(N'[DBO].[DM_POLICY]') AND TYPE IN (N'U'))
@@ -234,8 +234,6 @@ CREATE TABLE DM_DEVICE_TYPE_POLICY (
POLICY_ID INTEGER NOT NULL ,
PRIMARY KEY (ID) ,
CONSTRAINT FK_DEVICE_TYPE_POLICY FOREIGN KEY (POLICY_ID) REFERENCES DM_POLICY (ID)
- ON DELETE NO ACTION ON UPDATE NO ACTION,
- CONSTRAINT FK_DEVICE_TYPE_POLICY_DEVICE_TYPE FOREIGN KEY (DEVICE_TYPE_ID) REFERENCES DM_DEVICE_TYPE (ID)
ON DELETE NO ACTION ON UPDATE NO ACTION
);
diff --git a/features/device-mgt/org.wso2.carbon.device.mgt.server.feature/src/main/resources/dbscripts/cdm/mysql.sql b/features/device-mgt/org.wso2.carbon.device.mgt.server.feature/src/main/resources/dbscripts/cdm/mysql.sql
index e5c79b2f392..5d8faece3f2 100644
--- a/features/device-mgt/org.wso2.carbon.device.mgt.server.feature/src/main/resources/dbscripts/cdm/mysql.sql
+++ b/features/device-mgt/org.wso2.carbon.device.mgt.server.feature/src/main/resources/dbscripts/cdm/mysql.sql
@@ -170,8 +170,8 @@ CREATE TABLE IF NOT EXISTS DM_PROFILE (
UPDATED_TIME DATETIME NOT NULL ,
PRIMARY KEY (ID) ,
CONSTRAINT DM_PROFILE_DEVICE_TYPE
- FOREIGN KEY (DEVICE_TYPE)
- REFERENCES DM_DEVICE_TYPE (NAME)
+ FOREIGN KEY (DEVICE_TYPE, TENANT_ID)
+ REFERENCES DM_DEVICE_TYPE (NAME, PROVIDER_TENANT_ID)
ON DELETE NO ACTION
ON UPDATE NO ACTION
)ENGINE = InnoDB;
@@ -226,11 +226,6 @@ CREATE TABLE IF NOT EXISTS DM_DEVICE_TYPE_POLICY (
FOREIGN KEY (POLICY_ID )
REFERENCES DM_POLICY (ID )
ON DELETE NO ACTION
- ON UPDATE NO ACTION,
- CONSTRAINT FK_DEVICE_TYPE_POLICY_DEVICE_TYPE
- FOREIGN KEY (DEVICE_TYPE )
- REFERENCES DM_DEVICE_TYPE (NAME )
- ON DELETE NO ACTION
ON UPDATE NO ACTION
)ENGINE = InnoDB;
diff --git a/features/device-mgt/org.wso2.carbon.device.mgt.server.feature/src/main/resources/dbscripts/cdm/oracle.sql b/features/device-mgt/org.wso2.carbon.device.mgt.server.feature/src/main/resources/dbscripts/cdm/oracle.sql
index c29c6bcb532..f2e71c9c9c3 100644
--- a/features/device-mgt/org.wso2.carbon.device.mgt.server.feature/src/main/resources/dbscripts/cdm/oracle.sql
+++ b/features/device-mgt/org.wso2.carbon.device.mgt.server.feature/src/main/resources/dbscripts/cdm/oracle.sql
@@ -270,8 +270,8 @@ CREATE TABLE DM_PROFILE (
UPDATED_TIME TIMESTAMP(0) NOT NULL ,
CONSTRAINT PK_DM_PROFILE PRIMARY KEY (ID) ,
CONSTRAINT DM_PROFILE_DEVICE_TYPE
- FOREIGN KEY (DEVICE_TYPE )
- REFERENCES DM_DEVICE_TYPE (NAME )
+ FOREIGN KEY (DEVICE_TYPE, TENANT_ID)
+ REFERENCES DM_DEVICE_TYPE (NAME, PROVIDER_TENANT_ID)
)
/
-- Generate ID using sequence and trigger
@@ -358,10 +358,7 @@ CREATE TABLE DM_DEVICE_TYPE_POLICY (
CONSTRAINT PK_DEV_TYPE_POLICY PRIMARY KEY (ID) ,
CONSTRAINT FK_DEV_TYPE_POLICY
FOREIGN KEY (POLICY_ID )
- REFERENCES DM_POLICY (ID ),
- CONSTRAINT FK_DEV_TYPE_POLICY_DEV_TYPE
- FOREIGN KEY (DEVICE_TYPE )
- REFERENCES DM_DEVICE_TYPE (NAME )
+ REFERENCES DM_POLICY (ID )
)
/
diff --git a/features/device-mgt/org.wso2.carbon.device.mgt.server.feature/src/main/resources/dbscripts/cdm/postgresql.sql b/features/device-mgt/org.wso2.carbon.device.mgt.server.feature/src/main/resources/dbscripts/cdm/postgresql.sql
index a5ea7af0421..d5c035e26b1 100644
--- a/features/device-mgt/org.wso2.carbon.device.mgt.server.feature/src/main/resources/dbscripts/cdm/postgresql.sql
+++ b/features/device-mgt/org.wso2.carbon.device.mgt.server.feature/src/main/resources/dbscripts/cdm/postgresql.sql
@@ -150,8 +150,8 @@ CREATE TABLE IF NOT EXISTS DM_PROFILE (
CREATED_TIME TIMESTAMP NOT NULL ,
UPDATED_TIME TIMESTAMP NOT NULL ,
CONSTRAINT DM_PROFILE_DEVICE_TYPE
- FOREIGN KEY (DEVICE_TYPE )
- REFERENCES DM_DEVICE_TYPE (NAME )
+ FOREIGN KEY (DEVICE_TYPE, TENANT_ID)
+ REFERENCES DM_DEVICE_TYPE (NAME, PROVIDER_TENANT_ID)
ON DELETE NO ACTION
ON UPDATE NO ACTION
);
@@ -201,11 +201,6 @@ CREATE TABLE IF NOT EXISTS DM_DEVICE_TYPE_POLICY (
FOREIGN KEY (POLICY_ID )
REFERENCES DM_POLICY (ID )
ON DELETE NO ACTION
- ON UPDATE NO ACTION,
- CONSTRAINT FK_DEVICE_TYPE_POLICY_DEVICE_TYPE
- FOREIGN KEY (DEVICE_TYPE )
- REFERENCES DM_DEVICE_TYPE (NAME )
- ON DELETE NO ACTION
ON UPDATE NO ACTION
);