navodzoysa
/
device-mgt-core
forked from community/device-mgt-core
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

Implemented permission based authorization

Browse Source
revert-70aa11f8
mharindu 8 years ago
parent 51686dce08
commit 115099c8fe
30 changed files with 437 additions and 379 deletions
Show Stats Download Patch File Download Diff File

42
components/apimgt-extensions/org.wso2.carbon.apimgt.annotations/src/main/java/org/wso2/carbon/apimgt/annotations/api/Permission.java
Unescape View File

@ -0,0 +1,42 @@
/*
* Copyright (c) 2014, WSO2 Inc. (http://www.wso2.org) All Rights Reserved.
*
* Licensed under the Apache License, Version 2.0 (the "License");
* you may not use this file except in compliance with the License.
* You may obtain a copy of the License at
*
* http://www.apache.org/licenses/LICENSE-2.0
*
* Unless required by applicable law or agreed to in writing, software
* distributed under the License is distributed on an "AS IS" BASIS,
* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
* See the License for the specific language governing permissions and
* limitations under the License.
*/
package org.wso2.carbon.apimgt.annotations.api;
import java.lang.annotation.ElementType;
import java.lang.annotation.Retention;
import java.lang.annotation.RetentionPolicy;
import java.lang.annotation.Target;
/**
* This class is the representation of custom developed Permission annotation.
*/
@Target(ElementType.METHOD)
@Retention(RetentionPolicy.RUNTIME)
public @interface Permission {
/**
* Represents the permission name.
* @return Returns permission name.
*/
String name();
/**
* Represents the permission string.
* @return Returns permission string.
*/
String permission();
}

54
components/apimgt-extensions/org.wso2.carbon.apimgt.webapp.publisher/src/main/java/org/wso2/carbon/apimgt/webapp/publisher/APIPublisherStartupHandler.java
Unescape View File

@ -44,33 +44,33 @@ public class APIPublisherStartupHandler implements ServerStartupObserver {
@Override
public void completedServerStartup() {
APIPublisherDataHolder.getInstance().setServerStarted(true);
currentAPIsStack = APIPublisherDataHolder.getInstance().getUnpublishedApis();
Thread t = new Thread(new Runnable() {
@Override
public void run() {
if (log.isDebugEnabled()) {
log.debug("Server has just started, hence started publishing unpublished APIs");
log.debug("Total number of unpublished APIs: "
+ APIPublisherDataHolder.getInstance().getUnpublishedApis().size());
}
publisher = APIPublisherDataHolder.getInstance().getApiPublisherService();
while (!failedAPIsStack.isEmpty() || !currentAPIsStack.isEmpty()) {
try {
retryTime = retryTime * CONNECTION_RETRY_FACTOR;
Thread.sleep(retryTime);
} catch (InterruptedException te) {
log.error("Error occurred while sleeping", te);
}
if (!APIPublisherDataHolder.getInstance().getUnpublishedApis().isEmpty()) {
publishAPIs(currentAPIsStack, failedAPIsStack);
} else {
publishAPIs(failedAPIsStack, currentAPIsStack);
}
}
}
});
t.start();
// APIPublisherDataHolder.getInstance().setServerStarted(true);
// currentAPIsStack = APIPublisherDataHolder.getInstance().getUnpublishedApis();
// Thread t = new Thread(new Runnable() {
// @Override
// public void run() {
// if (log.isDebugEnabled()) {
// log.debug("Server has just started, hence started publishing unpublished APIs");
// log.debug("Total number of unpublished APIs: "
// + APIPublisherDataHolder.getInstance().getUnpublishedApis().size());
// }
// publisher = APIPublisherDataHolder.getInstance().getApiPublisherService();
// while (!failedAPIsStack.isEmpty() || !currentAPIsStack.isEmpty()) {
// try {
// retryTime = retryTime * CONNECTION_RETRY_FACTOR;
// Thread.sleep(retryTime);
// } catch (InterruptedException te) {
// log.error("Error occurred while sleeping", te);
// }
// if (!APIPublisherDataHolder.getInstance().getUnpublishedApis().isEmpty()) {
// publishAPIs(currentAPIsStack, failedAPIsStack);
// } else {
// publishAPIs(failedAPIsStack, currentAPIsStack);
// }
// }
// }
// });
// t.start();
}
private void publishAPIs(Stack<API> apis, Stack<API> failedStack) {

132
components/apimgt-extensions/org.wso2.carbon.apimgt.webapp.publisher/src/main/java/org/wso2/carbon/apimgt/webapp/publisher/lifecycle/listener/APIPublisherLifecycleListener.java
Unescape View File

@ -49,72 +49,72 @@ public class APIPublisherLifecycleListener implements LifecycleListener {
@Override
public void lifecycleEvent(LifecycleEvent lifecycleEvent) {
if (Lifecycle.AFTER_START_EVENT.equals(lifecycleEvent.getType()) && WebappPublisherConfig.getInstance()
.isPublished()) {
StandardContext context = (StandardContext) lifecycleEvent.getLifecycle();
ServletContext servletContext = context.getServletContext();
String param = servletContext.getInitParameter(PARAM_MANAGED_API_ENABLED);
boolean isManagedApi = (param != null && !param.isEmpty()) && Boolean.parseBoolean(param);
String profile = System.getProperty(PROPERTY_PROFILE);
if (WebappPublisherConfig.getInstance().getProfiles().getProfile().contains(profile.toLowerCase())
&& isManagedApi) {
try {
AnnotationProcessor annotationProcessor = new AnnotationProcessor(context);
Set<String> annotatedAPIClasses = annotationProcessor.
scanStandardContext(org.wso2.carbon.apimgt.annotations.api.API.class.getName());
List<APIResourceConfiguration> apiDefinitions = annotationProcessor.extractAPIInfo(servletContext,
annotatedAPIClasses);
for (APIResourceConfiguration apiDefinition : apiDefinitions) {
APIConfig apiConfig = APIPublisherUtil.buildApiConfig(servletContext, apiDefinition);
try {
int tenantId = APIPublisherDataHolder.getInstance().getTenantManager().
getTenantId(apiConfig.getTenantDomain());
boolean isTenantActive = APIPublisherDataHolder.getInstance().
getTenantManager().isTenantActive(tenantId);
if (isTenantActive) {
apiConfig.init();
API api = APIPublisherUtil.getAPI(apiConfig);
boolean isServerStarted = APIPublisherDataHolder.getInstance().isServerStarted();
if (isServerStarted) {
APIPublisherService apiPublisherService =
APIPublisherDataHolder.getInstance().getApiPublisherService();
if (apiPublisherService == null) {
throw new IllegalStateException(
"API Publisher service is not initialized properly");
}
apiPublisherService.publishAPI(api);
} else {
if (log.isDebugEnabled()) {
log.debug("Server has not started yet. Hence adding API '" +
api.getId().getApiName() + "' to the queue");
}
APIPublisherDataHolder.getInstance().getUnpublishedApis().push(api);
}
} else {
log.error("No tenant [" + apiConfig.getTenantDomain() + "] " +
"found when publishing the Web app");
}
} catch (Throwable e) {
log.error("Error occurred while publishing API '" + apiConfig.getName() +
"' with the context '" + apiConfig.getContext() +
"' and version '" + apiConfig.getVersion() + "'", e);
}
}
} catch (IOException e) {
log.error("Error encountered while discovering annotated classes", e);
} catch (ClassNotFoundException e) {
log.error("Error while scanning class for annotations", e);
}
}
}
// if (Lifecycle.AFTER_START_EVENT.equals(lifecycleEvent.getType()) && WebappPublisherConfig.getInstance()
// .isPublished()) {
// StandardContext context = (StandardContext) lifecycleEvent.getLifecycle();
// ServletContext servletContext = context.getServletContext();
// String param = servletContext.getInitParameter(PARAM_MANAGED_API_ENABLED);
// boolean isManagedApi = (param != null && !param.isEmpty()) && Boolean.parseBoolean(param);
//
// String profile = System.getProperty(PROPERTY_PROFILE);
//
// if (WebappPublisherConfig.getInstance().getProfiles().getProfile().contains(profile.toLowerCase())
// && isManagedApi) {
// try {
// AnnotationProcessor annotationProcessor = new AnnotationProcessor(context);
// Set<String> annotatedAPIClasses = annotationProcessor.
// scanStandardContext(org.wso2.carbon.apimgt.annotations.api.API.class.getName());
//
// List<APIResourceConfiguration> apiDefinitions = annotationProcessor.extractAPIInfo(servletContext,
// annotatedAPIClasses);
//
// for (APIResourceConfiguration apiDefinition : apiDefinitions) {
//
// APIConfig apiConfig = APIPublisherUtil.buildApiConfig(servletContext, apiDefinition);
//
// try {
// int tenantId = APIPublisherDataHolder.getInstance().getTenantManager().
// getTenantId(apiConfig.getTenantDomain());
//
// boolean isTenantActive = APIPublisherDataHolder.getInstance().
// getTenantManager().isTenantActive(tenantId);
//
// if (isTenantActive) {
// apiConfig.init();
// API api = APIPublisherUtil.getAPI(apiConfig);
// boolean isServerStarted = APIPublisherDataHolder.getInstance().isServerStarted();
// if (isServerStarted) {
// APIPublisherService apiPublisherService =
// APIPublisherDataHolder.getInstance().getApiPublisherService();
// if (apiPublisherService == null) {
// throw new IllegalStateException(
// "API Publisher service is not initialized properly");
// }
// apiPublisherService.publishAPI(api);
// } else {
// if (log.isDebugEnabled()) {
// log.debug("Server has not started yet. Hence adding API '" +
// api.getId().getApiName() + "' to the queue");
// }
// APIPublisherDataHolder.getInstance().getUnpublishedApis().push(api);
// }
// } else {
// log.error("No tenant [" + apiConfig.getTenantDomain() + "] " +
// "found when publishing the Web app");
// }
// } catch (Throwable e) {
// log.error("Error occurred while publishing API '" + apiConfig.getName() +
// "' with the context '" + apiConfig.getContext() +
// "' and version '" + apiConfig.getVersion() + "'", e);
// }
// }
// } catch (IOException e) {
// log.error("Error encountered while discovering annotated classes", e);
// } catch (ClassNotFoundException e) {
// log.error("Error while scanning class for annotations", e);
// }
// }
// }
}
//TODO : Need to implemented, to merge API Definitions in cases where implementation of an API Lies in two classes

2
components/certificate-mgt/org.wso2.carbon.certificate.mgt.api/src/main/java/org/wso2/carbon/certificate/mgt/jaxrs/api/CertificateMgtService.java
Unescape View File

@ -4,6 +4,7 @@ import io.swagger.annotations.ApiOperation;
import io.swagger.annotations.ApiParam;
import io.swagger.annotations.ApiResponse;
import io.swagger.annotations.ApiResponses;
import org.wso2.carbon.apimgt.annotations.api.Permission;
import org.wso2.carbon.apimgt.annotations.api.Scope;
import org.wso2.carbon.certificate.mgt.jaxrs.beans.ErrorResponse;
@ -47,6 +48,7 @@ public interface CertificateMgtService {
response = ErrorResponse.class)
})
@Scope(key = "certificate:sign-csr", name = "Sign CSR", description = "")
@Permission(name = "Sign CSR", permission = "/device-mgt/certificates/manage")
Response getSignedCertFromCSR(
@ApiParam(
name = "If-Modified-Since",

9
components/certificate-mgt/org.wso2.carbon.certificate.mgt.cert.admin.api/src/main/java/org/wso2/carbon/certificate/mgt/cert/jaxrs/api/CertificateManagementAdminService.java
Unescape View File

@ -2,6 +2,7 @@ package org.wso2.carbon.certificate.mgt.cert.jaxrs.api;
import io.swagger.annotations.*;
import org.wso2.carbon.apimgt.annotations.api.API;
import org.wso2.carbon.apimgt.annotations.api.Permission;
import org.wso2.carbon.apimgt.annotations.api.Scope;
import org.wso2.carbon.certificate.mgt.cert.jaxrs.api.beans.CertificateList;
import org.wso2.carbon.certificate.mgt.cert.jaxrs.api.beans.EnrollmentCertificate;
@ -77,7 +78,7 @@ public interface CertificateManagementAdminService {
message = "Internal Server Error. \n Server error occurred while adding certificates.",
response = ErrorResponse.class)
})
@Scope(key = "certificate:manage", name = "Add certificates", description = "")
@Permission(name = "Manage certificates", permission = "/device-mgt/certificates/manage")
Response addCertificate(
@ApiParam(
name = "enrollmentCertificates",
@ -135,7 +136,7 @@ public interface CertificateManagementAdminService {
"Server error occurred while retrieving information requested certificate.",
response = ErrorResponse.class)
})
@Scope(key = "certificate:view", name = "View certificates", description = "")
@Permission(name = "View certificates", permission = "/device-mgt/certificates/view")
Response getCertificate(
@ApiParam(name = "serialNumber",
value = "Provide the serial number of the certificate that you wish to get the details of",
@ -207,7 +208,7 @@ public interface CertificateManagementAdminService {
"Server error occurred while retrieving all certificates enrolled in the system.",
response = ErrorResponse.class)
})
@Scope(key = "certificate:view", name = "View certificates", description = "")
@Permission(name = "View certificates", permission = "/device-mgt/certificates/view")
Response getAllCertificates(
@ApiParam(
name = "offset",
@ -250,7 +251,7 @@ public interface CertificateManagementAdminService {
message = "Internal Server Error. \n " +
"Server error occurred while removing the certificate.",
response = ErrorResponse.class)})
@Scope(key = "certificate:manage", name = "Add certificates", description = "")
@Permission(name = "Manage certificates", permission = "/device-mgt/certificates/manage")
Response removeCertificate(
@ApiParam(
name = "serialNumber",

28
components/device-mgt/org.wso2.carbon.device.mgt.api/src/main/java/org/wso2/carbon/device/mgt/jaxrs/beans/RoleInfo.java
Unescape View File

@ -20,6 +20,7 @@ package org.wso2.carbon.device.mgt.jaxrs.beans;
import io.swagger.annotations.ApiModel;
import io.swagger.annotations.ApiModelProperty;
import org.wso2.carbon.user.mgt.common.UIPermissionNode;
import java.util.List;
@ -29,12 +30,19 @@ public class RoleInfo {
@ApiModelProperty(name = "roleName", value = "The name of the role.", required = true)
private String roleName;
@ApiModelProperty(name = "scopes", value = "Lists out all the scopes associated with roles.",
@ApiModelProperty(name = "permissions", value = "Lists out all the permissions associated with roles.",
required = true, dataType = "List[java.lang.String]")
private List<String> scopes;
private String[] permissions;
@ApiModelProperty(name = "users", value = "The list of users assigned to the selected role.",
required = true, dataType = "List[java.lang.String]")
private String[] users;
@ApiModelProperty(name = "permissionList", value = "This contain the following, " +
"\n resourcePath\tThe path related to the API.\n " +
"displayName\tThe name of the permission that is shown " +
"in the UI.\n" +
"nodeList\tLists out the nested permissions.",
required = true)
private UIPermissionNode permissionList;
public String getRoleName() {
return roleName;
@ -44,12 +52,12 @@ public class RoleInfo {
this.roleName = roleName;
}
public List<String> getScopes() {
return scopes;
public String[] getPermissions() {
return permissions;
}
public void setScopes(List<String> scopes) {
this.scopes = scopes;
public void setPermissions(String[] permissions) {
this.permissions = permissions;
}
public String[] getUsers() {
@ -60,4 +68,12 @@ public class RoleInfo {
this.users = users;
}
public UIPermissionNode getPermissionList() {
return permissionList;
}
public void setPermissionList(UIPermissionNode permissionList) {
this.permissionList = permissionList;
}
}

5
components/device-mgt/org.wso2.carbon.device.mgt.api/src/main/java/org/wso2/carbon/device/mgt/jaxrs/service/api/ActivityInfoProviderService.java
Unescape View File

@ -20,6 +20,7 @@ package org.wso2.carbon.device.mgt.jaxrs.service.api;
import io.swagger.annotations.*;
import org.wso2.carbon.apimgt.annotations.api.API;
import org.wso2.carbon.apimgt.annotations.api.Permission;
import org.wso2.carbon.apimgt.annotations.api.Scope;
import org.wso2.carbon.device.mgt.common.operation.mgt.Activity;
import org.wso2.carbon.device.mgt.jaxrs.beans.ActivityList;
@ -92,7 +93,7 @@ public interface ActivityInfoProviderService {
message = "Internal Server Error. \n Server error occurred while fetching activity data.",
response = ErrorResponse.class)
})
@Scope(key = "activity:view", name = "View Activities", description = "")
@Permission(name = "View Activities", permission = "/device-mgt/activities/view")
Response getActivity(
@ApiParam(
name = "id",
@ -153,7 +154,7 @@ public interface ActivityInfoProviderService {
message = "Internal Server Error. \n Server error occurred while fetching activity data.",
response = ErrorResponse.class)
})
@Scope(key = "activity:view", name = "View Activities", description = "")
@Permission(name = "View Activities", permission = "/device-mgt/activities/view")
Response getActivities(
@ApiParam(
name = "since",

5
components/device-mgt/org.wso2.carbon.device.mgt.api/src/main/java/org/wso2/carbon/device/mgt/jaxrs/service/api/ConfigurationManagementService.java
Unescape View File

@ -20,6 +20,7 @@ package org.wso2.carbon.device.mgt.jaxrs.service.api;
import io.swagger.annotations.*;
import org.wso2.carbon.apimgt.annotations.api.API;
import org.wso2.carbon.apimgt.annotations.api.Permission;
import org.wso2.carbon.apimgt.annotations.api.Scope;
import org.wso2.carbon.device.mgt.common.configuration.mgt.PlatformConfiguration;
import org.wso2.carbon.device.mgt.jaxrs.beans.ErrorResponse;
@ -81,7 +82,7 @@ public interface ConfigurationManagementService {
"platform configuration.",
response = ErrorResponse.class)
})
@Scope(key = "configuration:view", name = "View Configurations", description = "")
@Permission(name = "View Configurations", permission = "/device-mgt/configuration/view")
Response getConfiguration(
@ApiParam(
name = "If-Modified-Since",
@ -127,7 +128,7 @@ public interface ConfigurationManagementService {
"Server error occurred while modifying general platform configuration.",
response = ErrorResponse.class)
})
@Scope(key = "configuration:modify", name = "Modify Configurations", description = "")
@Permission(name = "Manage configurations", permission = "/device-mgt/configuration/manage")
Response updateConfiguration(
@ApiParam(
name = "configuration",

18
components/device-mgt/org.wso2.carbon.device.mgt.api/src/main/java/org/wso2/carbon/device/mgt/jaxrs/service/api/DeviceManagementService.java
Unescape View File

@ -20,6 +20,7 @@ package org.wso2.carbon.device.mgt.jaxrs.service.api;
import io.swagger.annotations.*;
import org.wso2.carbon.apimgt.annotations.api.API;
import org.wso2.carbon.apimgt.annotations.api.Permission;
import org.wso2.carbon.apimgt.annotations.api.Scope;
import org.wso2.carbon.device.mgt.common.Device;
import org.wso2.carbon.device.mgt.common.Feature;
@ -92,7 +93,7 @@ public interface DeviceManagementService {
message = "Internal Server Error. \n Server error occurred while fetching the device list.",
response = ErrorResponse.class)
})
@Scope(key = "device:view", name = "View Devices", description = "")
@Permission(name = "View Devices", permission = "/device-mgt/devices/view")
Response getDevices(
@ApiParam(
name = "name",
@ -199,7 +200,7 @@ public interface DeviceManagementService {
"Server error occurred while retrieving information requested device.",
response = ErrorResponse.class)
})
@Scope(key = "device:view", name = "View Devices", description = "")
@Permission(name = "View Devices", permission = "/device-mgt/devices/view")
Response getDevice(
@ApiParam(
name = "type",
@ -281,7 +282,7 @@ public interface DeviceManagementService {
"Server error occurred while retrieving feature list of the device.",
response = ErrorResponse.class)
})
@Scope(key = "device:view", name = "View Devices", description = "")
@Permission(name = "View Devices", permission = "/device-mgt/devices/view")
Response getFeaturesOfDevice(
@ApiParam(
name = "type",
@ -357,7 +358,7 @@ public interface DeviceManagementService {
"Server error occurred while enrolling the device.",
response = ErrorResponse.class)
})
@Scope(key = "device:view", name = "View Devices", description = "")
@Permission(name = "View Devices", permission = "/device-mgt/devices/view")
Response searchDevices(
@ApiParam(
name = "offset",
@ -436,8 +437,7 @@ public interface DeviceManagementService {
"Server error occurred while retrieving installed application list of the device.",
response = ErrorResponse.class)
})
@Scope(key = "device:view", name = "View Devices", description = "")
@Permission(name = "View Devices", permission = "/device-mgt/devices/view")
Response getInstalledApplications(
@ApiParam(
name = "type",
@ -533,7 +533,7 @@ public interface DeviceManagementService {
"Server error occurred while retrieving operation list scheduled for the device.",
response = ErrorResponse.class)
})
@Scope(key = "device:view", name = "View Devices", description = "")
@Permission(name = "View Devices", permission = "/device-mgt/devices/view")
Response getDeviceOperations(
@ApiParam(
name = "type",
@ -631,7 +631,7 @@ public interface DeviceManagementService {
response = ErrorResponse.class)
}
)
@Scope(key = "device:view", name = "View Devices", description = "")
@Permission(name = "View Devices", permission = "/device-mgt/devices/view")
Response getEffectivePolicyOfDevice(
@ApiParam(
name = "type",
@ -683,7 +683,7 @@ public interface DeviceManagementService {
response = ErrorResponse.class)
}
)
@Scope(key = "device:view", name = "View Devices", description = "")
@Permission(name = "View Devices", permission = "/device-mgt/devices/view")
Response getComplianceDataOfDevice(
@ApiParam(
name = "type",

3
components/device-mgt/org.wso2.carbon.device.mgt.api/src/main/java/org/wso2/carbon/device/mgt/jaxrs/service/api/DeviceTypeManagementService.java
Unescape View File

@ -20,6 +20,7 @@ package org.wso2.carbon.device.mgt.jaxrs.service.api;
import io.swagger.annotations.*;
import org.wso2.carbon.apimgt.annotations.api.API;
import org.wso2.carbon.apimgt.annotations.api.Permission;
import org.wso2.carbon.apimgt.annotations.api.Scope;
import org.wso2.carbon.device.mgt.jaxrs.beans.DeviceTypeList;
import org.wso2.carbon.device.mgt.jaxrs.beans.ErrorResponse;
@ -78,7 +79,7 @@ public interface DeviceTypeManagementService {
response = ErrorResponse.class)
}
)
@Scope(key = "device-type:admin:view", name = "View device types", description = "")
@Permission(name = "View Device Types", permission = "/device-mgt/devices/view")
Response getDeviceTypes(
@ApiParam(
name = "If-Modified-Since",

5
components/device-mgt/org.wso2.carbon.device.mgt.api/src/main/java/org/wso2/carbon/device/mgt/jaxrs/service/api/NotificationManagementService.java
Unescape View File

@ -20,6 +20,7 @@ package org.wso2.carbon.device.mgt.jaxrs.service.api;
import io.swagger.annotations.*;
import org.wso2.carbon.apimgt.annotations.api.API;
import org.wso2.carbon.apimgt.annotations.api.Permission;
import org.wso2.carbon.apimgt.annotations.api.Scope;
import org.wso2.carbon.device.mgt.common.notification.mgt.Notification;
import org.wso2.carbon.device.mgt.jaxrs.NotificationList;
@ -90,7 +91,7 @@ public interface NotificationManagementService {
"\n Server error occurred while fetching the notification list.",
response = ErrorResponse.class)
})
@Scope(key = "notification:view", name = "View and manage notifications", description = "")
@Permission(name = "View notifications", permission = "/device-mgt/notifications/view")
Response getNotifications(
@ApiParam(
name = "status",
@ -142,7 +143,7 @@ public interface NotificationManagementService {
message = "Error occurred while updating notification status.")
}
)
@Scope(key = "notification:view", name = "View and manage notifications", description = "")
@Permission(name = "View notifications", permission = "/device-mgt/notifications/view")
Response updateNotificationStatus(
@ApiParam(
name = "id",

19
components/device-mgt/org.wso2.carbon.device.mgt.api/src/main/java/org/wso2/carbon/device/mgt/jaxrs/service/api/PolicyManagementService.java
Unescape View File

@ -20,6 +20,7 @@ package org.wso2.carbon.device.mgt.jaxrs.service.api;
import io.swagger.annotations.*;
import org.wso2.carbon.apimgt.annotations.api.API;
import org.wso2.carbon.apimgt.annotations.api.Permission;
import org.wso2.carbon.apimgt.annotations.api.Scope;
import org.wso2.carbon.device.mgt.jaxrs.beans.ErrorResponse;
import org.wso2.carbon.device.mgt.jaxrs.beans.PolicyWrapper;
@ -100,7 +101,7 @@ public interface PolicyManagementService {
"Server error occurred while adding a new policy.",
response = ErrorResponse.class)
})
@Scope(key = "policy:manage", name = "Add policies", description = "")
@Permission(name = "Manage policies", permission = "/device-mgt/policies/manage")
Response addPolicy(
@ApiParam(
name = "policy",
@ -154,7 +155,7 @@ public interface PolicyManagementService {
"policies."),
response = ErrorResponse.class)
})
@Scope(key = "policy:view", name = "Views policies", description = "")
@Permission(name = "View policies", permission = "/device-mgt/policies/view")
Response getPolicies(
@ApiParam(
name = "If-Modified-Since",
@ -220,7 +221,7 @@ public interface PolicyManagementService {
"policy.",
response = ErrorResponse.class)
})
@Scope(key = "policy:view", name = "View policies", description = "")
@Permission(name = "View policies", permission = "/device-mgt/policies/view")
Response getPolicy(
@ApiParam(
name = "id",
@ -284,7 +285,7 @@ public interface PolicyManagementService {
"Server error occurred while updating the policy.",
response = ErrorResponse.class)
})
@Scope(key = "policy:manage", name = "Add policies", description = "")
@Permission(name = "Manage policies", permission = "/device-mgt/policies/manage")
Response updatePolicy(
@ApiParam(
name = "id",
@ -330,7 +331,7 @@ public interface PolicyManagementService {
"Server error occurred while bulk removing policies.",
response = ErrorResponse.class)
})
@Scope(key = "policy:manage", name = "Add policies", description = "")
@Permission(name = "Manage policies", permission = "/device-mgt/policies/manage")
Response removePolicies(
@ApiParam(
name = "policyIds",
@ -366,7 +367,7 @@ public interface PolicyManagementService {
message = "ErrorResponse in activating policies.",
response = ErrorResponse.class)
})
@Scope(key = "policy:manage", name = "Add policies", description = "")
@Permission(name = "Manage policies", permission = "/device-mgt/policies/manage")
Response activatePolicies(
@ApiParam(
name = "policyIds",
@ -402,7 +403,7 @@ public interface PolicyManagementService {
message = "ErrorResponse in deactivating policies.",
response = ErrorResponse.class)
})
@Scope(key = "policy:manage", name = "Add policies", description = "")
@Permission(name = "Manage policies", permission = "/device-mgt/policies/manage")
Response deactivatePolicies(
@ApiParam(
name = "policyIds",
@ -435,7 +436,7 @@ public interface PolicyManagementService {
message = "ErrorResponse in deactivating policies.",
response = ErrorResponse.class)
})
@Scope(key = "policy:manage", name = "Add policies", description = "")
@Permission(name = "Manage policies", permission = "/device-mgt/policies/manage")
Response applyChanges();
@ -464,7 +465,7 @@ public interface PolicyManagementService {
message = "Exception in updating policy priorities.",
response = ErrorResponse.class)
})
@Scope(key = "policy:manage", name = "Add policies", description = "")
@Permission(name = "Manage policies", permission = "/device-mgt/policies/manage")
Response updatePolicyPriorities(
@ApiParam(
name = "priorityUpdatedPolicies",

37
components/device-mgt/org.wso2.carbon.device.mgt.api/src/main/java/org/wso2/carbon/device/mgt/jaxrs/service/api/RoleManagementService.java
Unescape View File

@ -20,10 +20,12 @@ package org.wso2.carbon.device.mgt.jaxrs.service.api;
import io.swagger.annotations.*;
import org.wso2.carbon.apimgt.annotations.api.API;
import org.wso2.carbon.apimgt.annotations.api.Permission;
import org.wso2.carbon.device.mgt.jaxrs.beans.ErrorResponse;
import org.wso2.carbon.device.mgt.jaxrs.beans.RoleInfo;
import org.wso2.carbon.device.mgt.jaxrs.beans.RoleList;
import org.wso2.carbon.device.mgt.jaxrs.beans.Scope;
import org.wso2.carbon.user.mgt.common.UIPermissionNode;
import javax.ws.rs.*;
import javax.ws.rs.core.MediaType;
@ -76,7 +78,7 @@ public interface RoleManagementService {
message = "Internal Server Error. \n Server error occurred while fetching requested list of roles.",
response = ErrorResponse.class)
})
@org.wso2.carbon.apimgt.annotations.api.Scope(key = "role:view", name = "View roles", description = "")
@Permission(name = "View Roles", permission = "/device-mgt/roles/view")
Response getRoles(
@ApiParam(
name = "filter",
@ -105,16 +107,16 @@ public interface RoleManagementService {
@QueryParam("limit") int limit);
@GET
@Path("/scopes")
@Path("/{roleName}/permissions")
@ApiOperation(
produces = MediaType.APPLICATION_JSON,
httpMethod = "GET",
value = "Getting authorization scopes.",
value = "Getting permission details of a role.",
notes = "In an organization an individual is associated a with set of responsibilities based on their " +
"role. In EMM you are able to configure scopes based on the responsibilities carried " +
"out by a role. Therefore if you wish to retrieve the scopes details of roles, you can do " +
"role. In EMM you are able to configure permissions based on the responsibilities carried " +
"out by a role. Therefore if you wish to retrieve the permission details of a role, you can do " +
"so using this REST API.",
response = List.class,
response = UIPermissionNode.class,
responseContainer = "List",
tags = "Role Management"
)
@ -122,8 +124,8 @@ public interface RoleManagementService {
value = {
@ApiResponse(
code = 200,
message = "OK. \n Successfully fetched the scopes list.",
response = List.class,
message = "OK. \n Successfully fetched the permission list of the given role.",
response = UIPermissionNode.class,
responseContainer = "List",
responseHeaders = {
@ResponseHeader(
@ -158,8 +160,13 @@ public interface RoleManagementService {
message = "Internal Server ErrorResponse. \n Server error occurred while fetching the permission list of the requested role.",
response = ErrorResponse.class)
})
@org.wso2.carbon.apimgt.annotations.api.Scope(key = "role:view", name = "View roles", description = "")
Response getScopes(
@Permission(name = "View Roles", permission = "/device-mgt/roles/view")
Response getPermissionsOfRole(
@ApiParam(
name = "roleName",
value = "Name of the role.",
required = true)
@PathParam("roleName") String roleName,
@ApiParam(
name = "If-Modified-Since",
value = "Validates if the requested variant has not been modified since the time specified",
@ -216,7 +223,7 @@ public interface RoleManagementService {
"requested role.",
response = ErrorResponse.class)
})
@org.wso2.carbon.apimgt.annotations.api.Scope(key = "role:view", name = "View roles", description = "")
@Permission(name = "View Roles", permission = "/device-mgt/roles/view")
Response getRole(
@ApiParam(
name = "roleName",
@ -276,7 +283,7 @@ public interface RoleManagementService {
message = "Internal Server Error. \n Server error occurred while adding a new role.",
response = ErrorResponse.class)
})
@org.wso2.carbon.apimgt.annotations.api.Scope(key = "role:manage", name = "Add roles", description = "")
@Permission(name = "Manage Roles", permission = "/device-mgt/roles/manage")
Response addRole(
@ApiParam(
name = "role",
@ -326,7 +333,7 @@ public interface RoleManagementService {
message = "Internal Server Error. \n Server error occurred while updating the role.",
response = ErrorResponse.class)
})
@org.wso2.carbon.apimgt.annotations.api.Scope(key = "role:manage", name = "Add roles", description = "")
@Permission(name = "Manage Roles", permission = "/device-mgt/roles/manage")
Response updateRole(
@ApiParam(
name = "roleName",
@ -363,7 +370,7 @@ public interface RoleManagementService {
message = "Internal Server Error. \n Server error occurred while removing the role.",
response = ErrorResponse.class)
})
@org.wso2.carbon.apimgt.annotations.api.Scope(key = "role:manage", name = "Add roles", description = "")
@Permission(name = "Manage Roles", permission = "/device-mgt/roles/manage")
Response deleteRole(
@ApiParam(
name = "roleName",
@ -421,7 +428,7 @@ public interface RoleManagementService {
"Server error occurred while updating the user list of the role.",
response = ErrorResponse.class)
})
@org.wso2.carbon.apimgt.annotations.api.Scope(key = "role:manage", name = "Add roles", description = "")
@Permission(name = "Manage Roles", permission = "/device-mgt/roles/manage")
Response updateUsersOfRole(
@ApiParam(
name = "roleName",

19
components/device-mgt/org.wso2.carbon.device.mgt.api/src/main/java/org/wso2/carbon/device/mgt/jaxrs/service/api/UserManagementService.java
Unescape View File

@ -20,6 +20,7 @@ package org.wso2.carbon.device.mgt.jaxrs.service.api;
import io.swagger.annotations.*;
import org.wso2.carbon.apimgt.annotations.api.API;
import org.wso2.carbon.apimgt.annotations.api.Permission;
import org.wso2.carbon.apimgt.annotations.api.Scope;
import org.wso2.carbon.device.mgt.jaxrs.beans.*;
@ -83,7 +84,7 @@ public interface UserManagementService {
message = "Internal Server Error. \n Server error occurred while adding a new user.",
response = ErrorResponse.class)
})
@Scope(key = "user:manage", name = "Add users", description = "")
@Permission(name = "Manage Users", permission = "/device-mgt/users/manage")
Response addUser(
@ApiParam(
name = "user",
@ -135,7 +136,7 @@ public interface UserManagementService {
" fetching the requested user.",
response = ErrorResponse.class)
})
@Scope(key = "user:view", name = "View users", description = "")
@Permission(name = "View Users", permission = "/device-mgt/users/view")
Response getUser(
@ApiParam(
name = "username",
@ -192,7 +193,7 @@ public interface UserManagementService {
"Server error occurred while updating the user.",
response = ErrorResponse.class)
})
@Scope(key = "user:manage", name = "Add users", description = "")
@Permission(name = "Manage Users", permission = "/device-mgt/users/manage")
Response updateUser(
@ApiParam(
name = "username",
@ -227,7 +228,7 @@ public interface UserManagementService {
response = ErrorResponse.class
)
})
@Scope(key = "user:manage", name = "Add users", description = "")
@Permission(name = "Manage Users", permission = "/device-mgt/users/manage")
Response removeUser(
@ApiParam(name = "username", value = "Username of the user to be deleted.", required = true)
@PathParam("username") String username);
@ -276,7 +277,7 @@ public interface UserManagementService {
" assigned to the user.",
response = ErrorResponse.class)
})
@Scope(key = "user:view", name = "View users", description = "")
@Permission(name = "View Users", permission = "/device-mgt/users/view")
Response getRolesOfUser(
@ApiParam(name = "username", value = "Username of the user.", required = true)
@PathParam("username") String username);
@ -319,7 +320,7 @@ public interface UserManagementService {
message = "Internal Server Error. \n Server error occurred while fetching the user list.",
response = ErrorResponse.class)
})
@Scope(key = "user:view", name = "View users", description = "")
@Permission(name = "View Users", permission = "/device-mgt/users/view")
Response getUsers(
@ApiParam(
name = "filter",
@ -386,7 +387,7 @@ public interface UserManagementService {
"list that matches the given filter.",
response = ErrorResponse.class)
})
@Scope(key = "user:view", name = "View users", description = "")
@Permission(name = "View Users", permission = "/device-mgt/users/view")
Response getUserNames(
@ApiParam(
name = "filter",
@ -440,7 +441,7 @@ public interface UserManagementService {
"Server error occurred while updating credentials of the user.",
response = ErrorResponse.class)
})
@Scope(key = "user:view", name = "View users", description = "")
@Permission(name = "View Users", permission = "/device-mgt/users/view")
Response resetPassword(
@ApiParam(
name = "username",
@ -483,7 +484,7 @@ public interface UserManagementService {
"Server error occurred while updating credentials of the user.",
response = ErrorResponse.class)
})
@Scope(key = "user:manage", name = "Add users", description = "")
@Permission(name = "Manage Users", permission = "/device-mgt/users/manage")
Response inviteExistingUsersToEnrollDevice(
@ApiParam(
name = "users",

5
components/device-mgt/org.wso2.carbon.device.mgt.api/src/main/java/org/wso2/carbon/device/mgt/jaxrs/service/api/admin/ApplicationManagementAdminService.java
Unescape View File

@ -20,6 +20,7 @@ package org.wso2.carbon.device.mgt.jaxrs.service.api.admin;
import io.swagger.annotations.*;
import org.wso2.carbon.apimgt.annotations.api.API;
import org.wso2.carbon.apimgt.annotations.api.Permission;
import org.wso2.carbon.apimgt.annotations.api.Scope;
import org.wso2.carbon.device.mgt.common.operation.mgt.Activity;
import org.wso2.carbon.device.mgt.jaxrs.beans.ApplicationWrapper;
@ -74,7 +75,7 @@ public interface ApplicationManagementAdminService {
"a given set of devices.",
response = ErrorResponse.class)
})
@Scope(key = "application:manage", name = "Install/Uninstall applications", description = "")
@Permission(name = "Install/Uninstall applications", permission = "/device-mgt/applications/manage")
Response installApplication(
@ApiParam(
name = "applicationWrapper",
@ -113,7 +114,7 @@ public interface ApplicationManagementAdminService {
"a given set of devices.",
response = ErrorResponse.class)
})
@Scope(key = "application:manage", name = "Install/Uninstall applications", description = "")
@Permission(name = "Install/Uninstall applications", permission = "/device-mgt/applications/manage")
Response uninstallApplication(
@ApiParam(
name = "applicationWrapper",

3
components/device-mgt/org.wso2.carbon.device.mgt.api/src/main/java/org/wso2/carbon/device/mgt/jaxrs/service/api/admin/DeviceManagementAdminService.java
Unescape View File

@ -20,6 +20,7 @@ package org.wso2.carbon.device.mgt.jaxrs.service.api.admin;
import io.swagger.annotations.*;
import org.wso2.carbon.apimgt.annotations.api.API;
import org.wso2.carbon.apimgt.annotations.api.Permission;
import org.wso2.carbon.apimgt.annotations.api.Scope;
import org.wso2.carbon.device.mgt.common.Device;
import org.wso2.carbon.device.mgt.jaxrs.beans.ErrorResponse;
@ -85,7 +86,7 @@ public interface DeviceManagementAdminService {
message = "Internal Server Error. \n Server error occurred while fetching the device list.",
response = ErrorResponse.class)
})
@Scope(key = "device:admin:view", name = "View Devices", description = "")
@Permission(name = "View Devices", permission = "/device-mgt/admin/devices/view")
Response getDevicesByName(
@ApiParam(
name = "name",

3
components/device-mgt/org.wso2.carbon.device.mgt.api/src/main/java/org/wso2/carbon/device/mgt/jaxrs/service/api/admin/UserManagementAdminService.java
Unescape View File

@ -20,6 +20,7 @@ package org.wso2.carbon.device.mgt.jaxrs.service.api.admin;
import io.swagger.annotations.*;
import org.wso2.carbon.apimgt.annotations.api.API;
import org.wso2.carbon.apimgt.annotations.api.Permission;
import org.wso2.carbon.apimgt.annotations.api.Scope;
import org.wso2.carbon.device.mgt.jaxrs.beans.ErrorResponse;
import org.wso2.carbon.device.mgt.jaxrs.beans.PasswordResetWrapper;
@ -68,7 +69,7 @@ public interface UserManagementAdminService {
"Server error occurred while updating credentials of the user.",
response = ErrorResponse.class)
})
@Scope(key = "user:admin:reset-password", name = "View users", description = "")
@Permission(name = "View Users", permission = "/device-mgt/admin/users/view")
Response resetUserPassword(
@ApiParam(
name = "username",

159
components/device-mgt/org.wso2.carbon.device.mgt.api/src/main/java/org/wso2/carbon/device/mgt/jaxrs/service/impl/RoleManagementServiceImpl.java
Unescape View File

@ -20,6 +20,8 @@ package org.wso2.carbon.device.mgt.jaxrs.service.impl;
import org.apache.commons.logging.Log;
import org.apache.commons.logging.LogFactory;
import org.wso2.carbon.CarbonConstants;
import org.wso2.carbon.base.MultitenantConstants;
import org.wso2.carbon.device.mgt.common.scope.mgt.ScopeManagementException;
import org.wso2.carbon.device.mgt.common.scope.mgt.ScopeManagementService;
import org.wso2.carbon.device.mgt.jaxrs.beans.ErrorResponse;
@ -32,11 +34,11 @@ import org.wso2.carbon.device.mgt.jaxrs.service.impl.util.RequestValidationUtil;
import org.wso2.carbon.device.mgt.jaxrs.util.DeviceMgtAPIUtils;
import org.wso2.carbon.device.mgt.jaxrs.util.DeviceMgtUtil;
import org.wso2.carbon.device.mgt.jaxrs.util.SetReferenceTransformer;
import org.wso2.carbon.user.api.AuthorizationManager;
import org.wso2.carbon.user.api.UserRealm;
import org.wso2.carbon.user.api.UserStoreException;
import org.wso2.carbon.user.api.UserStoreManager;
import org.wso2.carbon.user.api.*;
import org.wso2.carbon.user.core.common.AbstractUserStoreManager;
import org.wso2.carbon.user.mgt.UserRealmProxy;
import org.wso2.carbon.user.mgt.common.UIPermissionNode;
import org.wso2.carbon.user.mgt.common.UserAdminException;
import javax.ws.rs.*;
import javax.ws.rs.core.MediaType;
@ -90,26 +92,64 @@ public class RoleManagementServiceImpl implements RoleManagementService {
}
@GET
@Path("/scopes")
@Path("/{roleName}/permissions")
@Override
public Response getScopes(
public Response getPermissionsOfRole(
@PathParam("roleName") String roleName,
@HeaderParam("If-Modified-Since") String ifModifiedSince) {
List<Scope> scopes = new ArrayList<>();
RequestValidationUtil.validateRoleName(roleName);
try {
ScopeManagementService scopeManagementService = DeviceMgtAPIUtils.getScopeManagementService();
if (scopeManagementService == null) {
log.error("Scope management service initialization is failed, hence scopes will not be retrieved");
} else {
scopes = DeviceMgtUtil.convertAPIScopestoScopes(scopeManagementService.getAllScopes());
final UserRealm userRealm = DeviceMgtAPIUtils.getUserRealm();
if (!userRealm.getUserStoreManager().isExistingRole(roleName)) {
return Response.status(404).entity(new ErrorResponse.ErrorResponseBuilder().setMessage(
"No role exists with the name '" + roleName + "'").build()).build();
}
final UIPermissionNode rolePermissions = this.getUIPermissionNode(roleName, userRealm);
if (rolePermissions == null) {
if (log.isDebugEnabled()) {
log.debug("No permissions found for the role '" + roleName + "'");
}
}
return Response.status(Response.Status.OK).entity(scopes).build();
} catch (ScopeManagementException e) {
String msg = "Error occurred while retrieving the scopes";
return Response.status(Response.Status.OK).entity(rolePermissions).build();
} catch (UserAdminException e) {
String msg = "Error occurred while retrieving the permissions of role '" + roleName + "'";
log.error(msg, e);
return Response.serverError().entity(
new ErrorResponse.ErrorResponseBuilder().setMessage(msg).build()).build();
} catch (UserStoreException e) {
String msg = "Error occurred while retrieving the underlying user realm attached to the " +
"current logged in user";
log.error(msg, e);
return Response.serverError().entity(
new ErrorResponse.ErrorResponseBuilder().setMessage(msg).build()).build();
}
}
private UIPermissionNode getUIPermissionNode(String roleName, UserRealm userRealm)
throws UserAdminException {
org.wso2.carbon.user.core.UserRealm userRealmCore = null;
if (userRealm instanceof org.wso2.carbon.user.core.UserRealm) {
userRealmCore = (org.wso2.carbon.user.core.UserRealm) userRealm;
}
final UserRealmProxy userRealmProxy = new UserRealmProxy(userRealmCore);
final UIPermissionNode rolePermissions =
userRealmProxy.getRolePermissions(roleName, MultitenantConstants.SUPER_TENANT_ID);
UIPermissionNode[] deviceMgtPermissions = new UIPermissionNode[2];
for (UIPermissionNode permissionNode : rolePermissions.getNodeList()) {
if (permissionNode.getResourcePath().equals("/permission/admin")) {
for (UIPermissionNode node : permissionNode.getNodeList()) {
if (node.getResourcePath().equals("/permission/admin/device-mgt")) {
deviceMgtPermissions[0] = node;
} else if (node.getResourcePath().equals("/permission/admin/login")) {
deviceMgtPermissions[1] = node;
}
}
}
}
rolePermissions.setNodeList(deviceMgtPermissions);
return rolePermissions;
}
@GET
@ -122,49 +162,62 @@ public class RoleManagementServiceImpl implements RoleManagementService {
}
RequestValidationUtil.validateRoleName(roleName);
RoleInfo roleInfo = new RoleInfo();
List<String> scopes = new ArrayList<>();
try {
final UserStoreManager userStoreManager = DeviceMgtAPIUtils.getUserStoreManager();
final UserRealm userRealm = DeviceMgtAPIUtils.getUserRealm();
if (!userStoreManager.isExistingRole(roleName)) {
return Response.status(Response.Status.NOT_FOUND).entity(
return Response.status(404).entity(
new ErrorResponse.ErrorResponseBuilder().setMessage("No role exists with the name '" +
roleName + "'").build()).build();
}
ScopeManagementService scopeManagementService = DeviceMgtAPIUtils.getScopeManagementService();
if (scopeManagementService == null) {
log.error("Scope management service initialization is failed, hence scopes will not be retrieved");
} else {
scopes = DeviceMgtUtil.convertAPIScopesToScopeKeys(scopeManagementService.getScopesOfRole(roleName));
}
roleInfo.setRoleName(roleName);
roleInfo.setUsers(userStoreManager.getUserListOfRole(roleName));
roleInfo.setScopes(scopes);
// Get the permission nodes and hand picking only device management and login perms
final UIPermissionNode rolePermissions = this.getUIPermissionNode(roleName, userRealm);
List<String> permList = new ArrayList<>();
this.iteratePermissions(rolePermissions, permList);
roleInfo.setPermissionList(rolePermissions);
String[] permListAr = new String[permList.size()];
roleInfo.setPermissions(permList.toArray(permListAr));
return Response.status(Response.Status.OK).entity(roleInfo).build();
} catch (UserStoreException e) {
} catch (UserStoreException | UserAdminException e) {
String msg = "Error occurred while retrieving the user role '" + roleName + "'";
log.error(msg, e);
return Response.serverError().entity(
new ErrorResponse.ErrorResponseBuilder().setMessage(msg).build()).build();
} catch (ScopeManagementException e) {
String msg = "Error occurred while retrieving the scopes";
log.error(msg, e);
return Response.serverError().entity(
new ErrorResponse.ErrorResponseBuilder().setMessage(msg).build()).build();
}
}
private List<String> iteratePermissions(UIPermissionNode uiPermissionNode, List<String> list) {
for (UIPermissionNode permissionNode : uiPermissionNode.getNodeList()) {
list.add(permissionNode.getResourcePath());
if (permissionNode.getNodeList() != null && permissionNode.getNodeList().length > 0) {
iteratePermissions(permissionNode, list);
}
}
return list;
}
@POST
@Override
public Response addRole(RoleInfo roleInfo) {
RequestValidationUtil.validateRoleDetails(roleInfo);
RequestValidationUtil.validateRoleName(roleInfo.getRoleName());
try {
UserStoreManager userStoreManager = DeviceMgtAPIUtils.getUserStoreManager();
if (log.isDebugEnabled()) {
log.debug("Persisting the role in the underlying user store");
}
userStoreManager.addRole(roleInfo.getRoleName(), roleInfo.getUsers(), null);
Permission[] permissions = null;
if (roleInfo.getPermissions() != null && roleInfo.getPermissions().length > 0) {
permissions = new Permission[roleInfo.getPermissions().length];
for (int i = 0; i < permissions.length; i++) {
String permission = roleInfo.getPermissions()[i];
permissions[i] = new Permission(permission, CarbonConstants.UI_PERMISSION_ACTION);
}
}
userStoreManager.addRole(roleInfo.getRoleName(), roleInfo.getUsers(), permissions);
//TODO fix what's returned in the entity
return Response.created(new URI(API_BASE_PATH + "/" + roleInfo.getRoleName())).entity(
@ -194,7 +247,7 @@ public class RoleManagementServiceImpl implements RoleManagementService {
final UserRealm userRealm = DeviceMgtAPIUtils.getUserRealm();
final UserStoreManager userStoreManager = userRealm.getUserStoreManager();
if (!userStoreManager.isExistingRole(roleName)) {
return Response.status(Response.Status.NOT_FOUND).entity(
return Response.status(404).entity(
new ErrorResponse.ErrorResponseBuilder().setMessage("No role exists with the name '" +
roleName + "'").build()).build();
}
@ -220,12 +273,14 @@ public class RoleManagementServiceImpl implements RoleManagementService {
userStoreManager.updateUserListOfRole(newRoleName, usersToDelete, usersToAdd);
}
if (roleInfo.getScopes() != null) {
ScopeManagementService scopeManagementService = DeviceMgtAPIUtils.getScopeManagementService();
if (scopeManagementService == null) {
log.error("Scope management service initialization is failed, hence scopes will not be updated");
} else {
scopeManagementService.updateScopes(roleInfo.getScopes(), roleName);
if (roleInfo.getPermissions() != null) {
// Delete all authorizations for the current role before authorizing the permission tree
authorizationManager.clearRoleAuthorization(roleName);
if (roleInfo.getPermissions().length > 0) {
for (int i = 0; i < roleInfo.getPermissions().length; i++) {
String permission = roleInfo.getPermissions()[i];
authorizationManager.authorizeRole(roleName, permission, CarbonConstants.UI_PERMISSION_ACTION);
}
}
}
//TODO: Need to send the updated role information in the entity back to the client
@ -236,11 +291,6 @@ public class RoleManagementServiceImpl implements RoleManagementService {
log.error(msg, e);
return Response.serverError().entity(
new ErrorResponse.ErrorResponseBuilder().setMessage(msg).build()).build();
} catch (ScopeManagementException e) {
String msg = "Error occurred while updating scopes of role '" + roleName + "'";
log.error(msg, e);
return Response.serverError().entity(
new ErrorResponse.ErrorResponseBuilder().setMessage(msg).build()).build();
}
}
@ -249,12 +299,11 @@ public class RoleManagementServiceImpl implements RoleManagementService {
@Override
public Response deleteRole(@PathParam("roleName") String roleName) {
RequestValidationUtil.validateRoleName(roleName);
try {
final UserRealm userRealm = DeviceMgtAPIUtils.getUserRealm();
final UserStoreManager userStoreManager = userRealm.getUserStoreManager();
if (!userStoreManager.isExistingRole(roleName)) {
return Response.status(Response.Status.NOT_FOUND).entity(
return Response.status(404).entity(
new ErrorResponse.ErrorResponseBuilder().setMessage("No role exists with the name '" +
roleName + "'").build()).build();
}
@ -267,26 +316,12 @@ public class RoleManagementServiceImpl implements RoleManagementService {
// Delete all authorizations for the current role before deleting
authorizationManager.clearRoleAuthorization(roleName);
//removing scopes
ScopeManagementService scopeManagementService = DeviceMgtAPIUtils.getScopeManagementService();
if (scopeManagementService == null) {
log.error("Scope management service initialization is failed, hence scopes will not be updated");
} else {
scopeManagementService.removeScopes(roleName);
}
return Response.status(Response.Status.OK).entity("Role '" + roleName + "' has " +
"successfully been deleted").build();
return Response.status(Response.Status.OK).build();
} catch (UserStoreException e) {
String msg = "Error occurred while deleting the role '" + roleName + "'";
log.error(msg, e);
return Response.serverError().entity(
new ErrorResponse.ErrorResponseBuilder().setMessage(msg).build()).build();
} catch (ScopeManagementException e) {
String msg = "Error occurred while deleting scopes of role '" + roleName + "'";
log.error(msg, e);
return Response.serverError().entity(
new ErrorResponse.ErrorResponseBuilder().setMessage(msg).build()).build();
}
}

28
components/device-mgt/org.wso2.carbon.device.mgt.common/src/main/java/org/wso2/carbon/device/mgt/common/permission/mgt/Permission.java
Unescape View File

@ -26,18 +26,10 @@ import javax.xml.bind.annotation.XmlRootElement;
*/
public class Permission {
private String name; // permission name
private String path; // permission string
private String url; // url of the resource
private String urlTemplate; // resource template
private String method; // http method
private String context;
public String getContext() {
return context;
}
public void setContext(String context) {
this.context = context;
}
public String getUrl() {
return url;
@ -55,11 +47,19 @@ public class Permission {
this.method = method;
}
public String getUrlTemplate() {
return urlTemplate;
public String getName() {
return name;
}
public void setName(String name) {
this.name = name;
}
public String getPath() {
return path;
}
public void setUrlTemplate(String urlTemplate) {
this.urlTemplate = urlTemplate;
public void setPath(String path) {
this.path = path;
}
}

2
components/device-mgt/org.wso2.carbon.device.mgt.common/src/main/java/org/wso2/carbon/device/mgt/common/permission/mgt/PermissionManagerService.java
Unescape View File

@ -32,7 +32,7 @@ public interface PermissionManagerService {
* @throws PermissionManagementException If some unusual behaviour is observed while adding the
* permission.
*/
void addPermission(Permission permission) throws PermissionManagementException;
boolean addPermission(Permission permission) throws PermissionManagementException;
/**
*

6
components/device-mgt/org.wso2.carbon.device.mgt.core/src/main/java/org/wso2/carbon/device/mgt/core/authorization/DeviceAccessAuthorizationServiceImpl.java
Unescape View File

@ -48,6 +48,7 @@ import java.util.Map;
public class DeviceAccessAuthorizationServiceImpl implements DeviceAccessAuthorizationService {
private final static String CDM_ADMIN_PERMISSION = "/device-mgt/admin";
private final static String CDM_ADMIN = "Device Management Administrator";
private static Log log = LogFactory.getLog(DeviceAccessAuthorizationServiceImpl.class);
public DeviceAccessAuthorizationServiceImpl() {
@ -243,7 +244,10 @@ public class DeviceAccessAuthorizationServiceImpl implements DeviceAccessAuthori
}
private boolean addAdminPermissionToRegistry() throws PermissionManagementException {
return PermissionUtils.putPermission(PermissionUtils.getAbsolutePermissionPath(CDM_ADMIN_PERMISSION));
Permission permission = new Permission();
permission.setName(CDM_ADMIN);
permission.setPath(CDM_ADMIN_PERMISSION);
return PermissionUtils.putPermission(permission);
}
private Map<String, String> getOwnershipOfDevices(List<Device> devices) {

66
components/device-mgt/org.wso2.carbon.device.mgt.core/src/main/java/org/wso2/carbon/device/mgt/core/config/permission/AnnotationProcessor.java
Unescape View File

@ -21,8 +21,8 @@ package org.wso2.carbon.device.mgt.core.config.permission;
import org.apache.catalina.core.StandardContext;
import org.apache.commons.logging.Log;
import org.apache.commons.logging.LogFactory;
import org.scannotation.AnnotationDB;
import org.wso2.carbon.apimgt.annotations.api.API;
import org.wso2.carbon.device.mgt.common.permission.mgt.Permission;
import javax.servlet.ServletContext;
import javax.ws.rs.*;
@ -91,21 +91,20 @@ public class AnnotationProcessor {
* @param entityClasses
* @return
*/
public List<org.wso2.carbon.device.mgt.common.permission.mgt.Permission>
extractPermissions(Set<String> entityClasses) {
public List<Permission>
extractPermissions(Set<String> entityClasses) {
List<org.wso2.carbon.device.mgt.common.permission.mgt.Permission> permissions = new ArrayList<>();
List<Permission> permissions = new ArrayList<>();
if (entityClasses != null && !entityClasses.isEmpty()) {
for (final String className : entityClasses) {
List<org.wso2.carbon.device.mgt.common.permission.mgt.Permission> resourcePermissions =
List<Permission> resourcePermissions =
AccessController.doPrivileged(new PrivilegedAction<List<org.wso2.carbon.device.mgt.common.permission.mgt.Permission>>() {
public List<org.wso2.carbon.device.mgt.common.permission.mgt.Permission> run() {
Class<?> clazz;
List<org.wso2.carbon.device.mgt.common.permission.mgt.Permission> apiPermissions =
new ArrayList<>();
List<Permission> apiPermissions = new ArrayList<>();
try {
clazz = classLoader.loadClass(className);
@ -114,7 +113,7 @@ public class AnnotationProcessor {
.class.getName());
Annotation apiAnno = clazz.getAnnotation(apiClazz);
List<org.wso2.carbon.device.mgt.common.permission.mgt.Permission> resourceList;
List<Permission> resourceList;
if (apiAnno != null) {
@ -170,15 +169,13 @@ public class AnnotationProcessor {
* @return
* @throws Throwable
*/
private List<org.wso2.carbon.device.mgt.common.permission.mgt.Permission>
getApiResources(String resourceRootContext, Method[] annotatedMethods) throws Throwable {
private List<Permission> getApiResources(String resourceRootContext, Method[] annotatedMethods) throws Throwable {
List<org.wso2.carbon.device.mgt.common.permission.mgt.Permission> permissions = new ArrayList<>();
List<Permission> permissions = new ArrayList<>();
Permission permission;
String subCtx;
for (Method method : annotatedMethods) {
Annotation[] annotations = method.getDeclaredAnnotations();
org.wso2.carbon.device.mgt.common.permission.mgt.Permission permission =
new org.wso2.carbon.device.mgt.common.permission.mgt.Permission();
if (isHttpMethodAvailable(annotations)) {
Annotation methodContextAnno = method.getAnnotation(pathClazz);
@ -187,9 +184,7 @@ public class AnnotationProcessor {
} else {
subCtx = WILD_CARD;
}
permission.setContext(makeContextURLReady(resourceRootContext));
permission.setUrlTemplate(makeContextURLReady(subCtx));
permission = new Permission();
// this check is added to avoid url resolving conflict which happens due
// to adding of '*' notation for dynamic path variables.
if (WILD_CARD.equals(subCtx)) {
@ -203,10 +198,14 @@ public class AnnotationProcessor {
httpMethod = getHTTPMethodAnnotation(annotations[i]);
if (httpMethod != null) {
permission.setMethod(httpMethod);
break;
}
if (annotations[i].annotationType().getName().
equals(org.wso2.carbon.apimgt.annotations.api.Permission.class.getName())) {
this.setPermission(method, permission);
}
}
permissions.add(permission);
}
}
return permissions;
@ -214,6 +213,7 @@ public class AnnotationProcessor {
/**
* Read Method annotations indicating HTTP Methods
*
* @param annotation
*/
private String getHTTPMethodAnnotation(Annotation annotation) {
@ -255,7 +255,7 @@ public class AnnotationProcessor {
* @return
*/
private String makeContextURLReady(String context) {
if (context != null && ! context.isEmpty()) {
if (context != null && !context.isEmpty()) {
if (context.startsWith("/")) {
return context;
} else {
@ -294,19 +294,15 @@ public class AnnotationProcessor {
* @param servletContext
* @return null if cannot determin /WEB-INF/classes
*/
public static URL findWebInfClassesPath(ServletContext servletContext)
{
public static URL findWebInfClassesPath(ServletContext servletContext) {
String path = servletContext.getRealPath("/WEB-INF/classes");
if (path == null) return null;
File fp = new File(path);
if (fp.exists() == false) return null;
try
{
try {
URI uri = fp.toURI();
return uri.toURL();
}
catch (MalformedURLException e)
{
} catch (MalformedURLException e) {
throw new RuntimeException(e);
}
}
@ -329,4 +325,24 @@ public class AnnotationProcessor {
return replacedPath.toString();
}
private void setPermission(Method currentMethod, Permission permission) throws Throwable {
Class<org.wso2.carbon.apimgt.annotations.api.Permission> permissionClass =
(Class<org.wso2.carbon.apimgt.annotations.api.Permission>) classLoader.
loadClass(org.wso2.carbon.apimgt.annotations.api.Permission.class.getName());
Annotation permissionAnnotation = currentMethod.getAnnotation(permissionClass);
if (permissionClass != null) {
Method[] permissionClassMethods = permissionClass.getMethods();
for (Method method : permissionClassMethods) {
switch (method.getName()) {
case "name":
permission.setName(invokeMethod(method, permissionAnnotation, STRING));
break;
case "permission":
permission.setPath(invokeMethod(method, permissionAnnotation, STRING));
break;
}
}
}
}
}

51
components/device-mgt/org.wso2.carbon.device.mgt.core/src/main/java/org/wso2/carbon/device/mgt/core/config/permission/PermissionConfiguration.java
Unescape View File

@ -1,51 +0,0 @@
/*
* Copyright (c) 2015, WSO2 Inc. (http://www.wso2.org) All Rights Reserved.
*
* WSO2 Inc. licenses this file to you under the Apache License,
* Version 2.0 (the "License"); you may not use this file except
* in compliance with the License.
* you may obtain a copy of the License at
*
* http://www.apache.org/licenses/LICENSE-2.0
*
* Unless required by applicable law or agreed to in writing,
* software distributed under the License is distributed on an
* "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
* KIND, either express or implied. See the License for the
* specific language governing permissions and limitations
* under the License.
*/
package org.wso2.carbon.device.mgt.core.config.permission;
import org.wso2.carbon.device.mgt.common.permission.mgt.Permission;
import javax.xml.bind.annotation.XmlElement;
import javax.xml.bind.annotation.XmlRootElement;
import java.util.List;
/**
* This class represents the information related to permissions.
*/
public class PermissionConfiguration {
private String scopeName;
private String[] permissions;
public String getScopeName() {
return scopeName;
}
public void setScopeName(String scope) {
this.scopeName = scope;
}
public String[] getPermissions() {
return permissions;
}
public void setPermissions(String[] permissions) {
this.permissions = permissions;
}
}

7
components/device-mgt/org.wso2.carbon.device.mgt.core/src/main/java/org/wso2/carbon/device/mgt/core/config/permission/lifecycle/WebAppDeploymentLifecycleListener.java
Unescape View File

@ -28,17 +28,10 @@ import org.wso2.carbon.device.mgt.common.permission.mgt.Permission;
import org.wso2.carbon.device.mgt.common.permission.mgt.PermissionManagementException;
import org.wso2.carbon.device.mgt.common.permission.mgt.PermissionManagerService;
import org.wso2.carbon.device.mgt.core.config.permission.AnnotationProcessor;
import org.wso2.carbon.device.mgt.core.config.permission.PermissionConfiguration;
import org.wso2.carbon.device.mgt.core.permission.mgt.PermissionManagerServiceImpl;
import org.wso2.carbon.device.mgt.core.permission.mgt.PermissionUtils;
import javax.servlet.ServletContext;
import javax.xml.bind.JAXBContext;
import javax.xml.bind.JAXBException;
import javax.xml.bind.Unmarshaller;
import java.io.File;
import java.io.IOException;
import java.io.InputStream;
import java.util.List;
import java.util.Set;

9
components/device-mgt/org.wso2.carbon.device.mgt.core/src/main/java/org/wso2/carbon/device/mgt/core/internal/DeviceManagementServiceComponent.java
Unescape View File

@ -31,7 +31,6 @@ import org.wso2.carbon.device.mgt.common.notification.mgt.NotificationManagement
import org.wso2.carbon.device.mgt.common.operation.mgt.OperationManagementException;
import org.wso2.carbon.device.mgt.common.operation.mgt.OperationManager;
import org.wso2.carbon.device.mgt.common.permission.mgt.PermissionManagerService;
import org.wso2.carbon.device.mgt.common.scope.mgt.ScopeManagementService;
import org.wso2.carbon.device.mgt.common.spi.DeviceManagementService;
import org.wso2.carbon.device.mgt.core.DeviceManagementConstants;
import org.wso2.carbon.device.mgt.core.DeviceManagementPluginRepository;
@ -52,7 +51,6 @@ import org.wso2.carbon.device.mgt.core.operation.mgt.OperationManagerImpl;
import org.wso2.carbon.device.mgt.core.operation.mgt.dao.OperationManagementDAOFactory;
import org.wso2.carbon.device.mgt.core.permission.mgt.PermissionManagerServiceImpl;
import org.wso2.carbon.device.mgt.core.push.notification.mgt.PushNotificationProviderRepository;
import org.wso2.carbon.device.mgt.core.scope.mgt.ScopeManagementServiceImpl;
import org.wso2.carbon.device.mgt.core.scope.mgt.dao.ScopeManagementDAOFactory;
import org.wso2.carbon.device.mgt.core.service.DeviceManagementProviderService;
import org.wso2.carbon.device.mgt.core.service.DeviceManagementProviderServiceImpl;
@ -243,9 +241,10 @@ public class DeviceManagementServiceComponent {
= new NotificationManagementServiceImpl();
bundleContext.registerService(NotificationManagementService.class.getName(), notificationManagementService, null);
/* Registering Scope Management Service */
ScopeManagementService scopeManagementService = new ScopeManagementServiceImpl();
bundleContext.registerService(ScopeManagementService.class.getName(), scopeManagementService, null);
/* Registering PermissionManager Service */
PermissionManagerService permissionManagerService
= PermissionManagerServiceImpl.getInstance();
bundleContext.registerService(PermissionManagerService.class.getName(), permissionManagerService, null);
/* Registering DeviceAccessAuthorization Service */
DeviceAccessAuthorizationService deviceAccessAuthorizationService = new DeviceAccessAuthorizationServiceImpl();

4
components/device-mgt/org.wso2.carbon.device.mgt.core/src/main/java/org/wso2/carbon/device/mgt/core/permission/mgt/PermissionManagerServiceImpl.java
Unescape View File

@ -53,9 +53,11 @@ public class PermissionManagerServiceImpl implements PermissionManagerService {
}
@Override
public void addPermission(Permission permission) throws PermissionManagementException {
public boolean addPermission(Permission permission) throws PermissionManagementException {
// adding a permission to the tree
permission.setPath(PermissionUtils.getAbsolutePermissionPath(permission.getPath()));
permissionTree.addPermission(permission);
return PermissionUtils.putPermission(permission);
}
@Override

58
components/device-mgt/org.wso2.carbon.device.mgt.core/src/main/java/org/wso2/carbon/device/mgt/core/permission/mgt/PermissionUtils.java
Unescape View File

@ -66,24 +66,23 @@ public class PermissionUtils {
return contextPath + url;
}
// public static Permission getPermission(String path) throws PermissionManagementException {
// try {
// Resource resource = PermissionUtils.getGovernanceRegistry().get(path);
// Permission permission = new Permission();
// permission.setName(resource.getProperty(PERMISSION_PROPERTY_NAME));
// permission.setPath(resource.getPath());
// return permission;
// } catch (RegistryException e) {
// throw new PermissionManagementException("Error in retrieving registry resource : " +
// e.getMessage(), e);
// }
// }
//
public static boolean putPermission(String permissionPath)
throws PermissionManagementException {
public static Permission getPermission(String path) throws PermissionManagementException {
try {
Resource resource = PermissionUtils.getGovernanceRegistry().get(path);
Permission permission = new Permission();
permission.setName(resource.getProperty(PERMISSION_PROPERTY_NAME));
permission.setPath(resource.getPath());
return permission;
} catch (RegistryException e) {
throw new PermissionManagementException("Error in retrieving registry resource : " +
e.getMessage(), e);
}
}
public static boolean putPermission(Permission permission) throws PermissionManagementException {
boolean status;
try {
StringTokenizer tokenizer = new StringTokenizer(permissionPath, "/");
StringTokenizer tokenizer = new StringTokenizer(permission.getPath(), "/");
String lastToken = "", currentToken, tempPath;
while (tokenizer.hasMoreTokens()) {
currentToken = tokenizer.nextToken();
@ -95,7 +94,8 @@ public class PermissionUtils {
}
status = true;
} catch (RegistryException e) {
throw new PermissionManagementException("Error occurred while persisting permission", e);
throw new PermissionManagementException("Error occurred while persisting permission : " +
permission.getName(), e);
}
return status;
}
@ -116,17 +116,17 @@ public class PermissionUtils {
return PermissionUtils.getGovernanceRegistry().resourceExists(path);
}
public static Document convertToDocument(File file) throws PermissionManagementException {
DocumentBuilderFactory factory = DocumentBuilderFactory.newInstance();
factory.setNamespaceAware(true);
try {
DocumentBuilder docBuilder = factory.newDocumentBuilder();
factory.setFeature(XMLConstants.FEATURE_SECURE_PROCESSING, true);
return docBuilder.parse(file);
} catch (Exception e) {
throw new PermissionManagementException("Error occurred while parsing file, while converting " +
"to a org.w3c.dom.Document", e);
}
}
public static Document convertToDocument(File file) throws PermissionManagementException {
DocumentBuilderFactory factory = DocumentBuilderFactory.newInstance();
factory.setNamespaceAware(true);
try {
DocumentBuilder docBuilder = factory.newDocumentBuilder();
factory.setFeature(XMLConstants.FEATURE_SECURE_PROCESSING, true);
return docBuilder.parse(file);
} catch (Exception e) {
throw new PermissionManagementException("Error occurred while parsing file, while converting " +
"to a org.w3c.dom.Document", e);
}
}
}

12
components/identity-extensions/org.wso2.carbon.device.mgt.oauth.extensions/src/main/java/org/wso2/carbon/device/mgt/oauth/extensions/validators/PermissionBasedScopeValidator.java
Unescape View File

@ -60,7 +60,7 @@ public class PermissionBasedScopeValidator extends OAuth2ScopeValidator {
@Override
public boolean validateScope(AccessTokenDO accessTokenDO, String resource)
throws IdentityOAuth2Exception {
boolean status = false;
boolean status = true;
//Extract the url & http method
int idx = resource.lastIndexOf(':');
String url = resource.substring(0, idx);
@ -80,6 +80,12 @@ public class PermissionBasedScopeValidator extends OAuth2ScopeValidator {
Permission permission = permissionManagerService.getPermission(properties);
User authzUser = accessTokenDO.getAuthzUser();
if ((permission != null) && (authzUser != null)) {
if (permission.getPath() == null) {
if (log.isDebugEnabled()) {
log.debug("Permission is not defined for the resource '" + resource + "'");
}
return true;
}
String username = authzUser.getUserName();
String userStore = authzUser.getUserStoreDomain();
int tenantId = OAuthExtUtils.getTenantId(authzUser.getTenantDomain());
@ -87,11 +93,11 @@ public class PermissionBasedScopeValidator extends OAuth2ScopeValidator {
if (userRealm != null && userRealm.getAuthorizationManager() != null) {
if (userStore != null) {
status = userRealm.getAuthorizationManager()
.isUserAuthorized(userStore + "/" + username, permission.getUrl(),
.isUserAuthorized(userStore + "/" + username, permission.getPath(),
PermissionMethod.UI_EXECUTE);
} else {
status = userRealm.getAuthorizationManager()
.isUserAuthorized(username, permission.getUrl(), PermissionMethod.UI_EXECUTE);
.isUserAuthorized(username, permission.getPath(), PermissionMethod.UI_EXECUTE);
}
}
}

11
components/webapp-authenticator-framework/org.wso2.carbon.webapp.authenticator.framework/src/main/java/org/wso2/carbon/webapp/authenticator/framework/Utils/Utils.java
Unescape View File

@ -86,15 +86,4 @@ public class Utils {
}
}
public static String getResourceUri(String url, String httpMethod) throws PermissionManagementException {
properties = new Properties();
properties.put(URL_PROPERTY, url);
properties.put(HTTP_METHOD_PROPERTY, httpMethod);
permission = permissionManagerService.getPermission(properties);
if (permission != null) {
return permission.getContext() + "/1.0.0/1.0.0" + permission.getUrlTemplate() + ":" + permission.getMethod();
}
return null;
}
}

14
components/webapp-authenticator-framework/org.wso2.carbon.webapp.authenticator.framework/src/main/java/org/wso2/carbon/webapp/authenticator/framework/authenticator/OAuthAuthenticator.java
Unescape View File

@ -121,17 +121,7 @@ public class OAuthAuthenticator implements WebappAuthenticator {
} else {
String bearerToken = getBearerToken(request);
int urlParamIndex = requestUri.indexOf('?');
if(urlParamIndex > 0) {
requestUri = requestUri.substring(0, urlParamIndex);
}
String resource = Utils.getResourceUri(requestUri, requestMethod);
if (resource == null || resource.isEmpty()) {
authenticationInfo.setStatus(Status.FAILURE);
authenticationInfo.setMessage("Authorization failed. Requested API resource does not exist");
return authenticationInfo;
}
String resource = requestUri + ":" + requestMethod;
OAuthValidationResponse oAuthValidationResponse =
this.tokenValidator.validateToken(bearerToken, resource);
@ -153,8 +143,6 @@ public class OAuthAuthenticator implements WebappAuthenticator {
log.error("Failed to authenticate the incoming request", e);
} catch (OAuthTokenValidationException e) {
log.error("Failed to authenticate the incoming request due to oauth token validation error.", e);
} catch (PermissionManagementException e) {
log.error("Failed to authenticate the incoming request due to error in permission initialization", e);
}
return authenticationInfo;
}

Write Preview
Loading…
Cancel
Save