From 77f5f466d654fdf9ee1ca8160d1be7363f6504d7 Mon Sep 17 00:00:00 2001 From: harshanl Date: Tue, 6 Oct 2015 11:44:40 +0530 Subject: [PATCH] Added scope validator and refactored code --- .../mgt/common/permission/mgt/Permission.java | 2 +- .../mgt/PermissionManagementException.java | 3 + .../WebAppDeploymentLifecycleListener.java | 8 ++- .../DeviceManagementServiceComponent.java | 4 +- ...java => PermissionManagerServiceImpl.java} | 12 ++-- .../core/permission/mgt/PermissionUtils.java | 32 +++++++--- .../DynamicRegistrationManager.java | 4 +- .../extensions/OAuthExtensionsUtils.java | 63 ------------------- .../DeviceMgtOAuthCallbackHandler.java | 5 +- .../internal/OAuthExtensionsDataHolder.java | 2 +- .../validators/OAuth2TokenValidator.java | 37 ----------- .../extensions/validators/ScopeValidator.java | 9 ++- .../authenticator/OAuthAuthenticator.java | 3 + .../authorizer/PermissionAuthorizer.java | 5 +- 14 files changed, 62 insertions(+), 127 deletions(-) rename components/device-mgt/org.wso2.carbon.device.mgt.core/src/main/java/org/wso2/carbon/device/mgt/core/permission/mgt/{RegistryBasedPermissionManagerServiceImpl.java => PermissionManagerServiceImpl.java} (83%) delete mode 100644 components/identity-extensions/org.wso2.carbon.device.mgt.oauth.extensions/src/main/java/org/wso2/carbon/device/mgt/oauth/extensions/OAuthExtensionsUtils.java delete mode 100644 components/identity-extensions/org.wso2.carbon.device.mgt.oauth.extensions/src/main/java/org/wso2/carbon/device/mgt/oauth/extensions/validators/OAuth2TokenValidator.java diff --git a/components/device-mgt/org.wso2.carbon.device.mgt.common/src/main/java/org/wso2/carbon/device/mgt/common/permission/mgt/Permission.java b/components/device-mgt/org.wso2.carbon.device.mgt.common/src/main/java/org/wso2/carbon/device/mgt/common/permission/mgt/Permission.java index 719633825a0..ad92cb27d8d 100644 --- a/components/device-mgt/org.wso2.carbon.device.mgt.common/src/main/java/org/wso2/carbon/device/mgt/common/permission/mgt/Permission.java +++ b/components/device-mgt/org.wso2.carbon.device.mgt.common/src/main/java/org/wso2/carbon/device/mgt/common/permission/mgt/Permission.java @@ -55,7 +55,7 @@ public class Permission { return scope; } - @XmlElement(name = "scope", required = true) + @XmlElement(name = "scope", required = false) public void setScope(String scope) { this.scope = scope; } diff --git a/components/device-mgt/org.wso2.carbon.device.mgt.common/src/main/java/org/wso2/carbon/device/mgt/common/permission/mgt/PermissionManagementException.java b/components/device-mgt/org.wso2.carbon.device.mgt.common/src/main/java/org/wso2/carbon/device/mgt/common/permission/mgt/PermissionManagementException.java index 351efcaffb1..5c0abce9881 100644 --- a/components/device-mgt/org.wso2.carbon.device.mgt.common/src/main/java/org/wso2/carbon/device/mgt/common/permission/mgt/PermissionManagementException.java +++ b/components/device-mgt/org.wso2.carbon.device.mgt.common/src/main/java/org/wso2/carbon/device/mgt/common/permission/mgt/PermissionManagementException.java @@ -17,6 +17,9 @@ */ package org.wso2.carbon.device.mgt.common.permission.mgt; +/** + * Custom exception class of Permission related operations. + */ public class PermissionManagementException extends Exception { private static final long serialVersionUID = -3151279311929070298L; diff --git a/components/device-mgt/org.wso2.carbon.device.mgt.core/src/main/java/org/wso2/carbon/device/mgt/core/config/permission/lifecycle/WebAppDeploymentLifecycleListener.java b/components/device-mgt/org.wso2.carbon.device.mgt.core/src/main/java/org/wso2/carbon/device/mgt/core/config/permission/lifecycle/WebAppDeploymentLifecycleListener.java index f5a11bcdfde..557ce64859d 100644 --- a/components/device-mgt/org.wso2.carbon.device.mgt.core/src/main/java/org/wso2/carbon/device/mgt/core/config/permission/lifecycle/WebAppDeploymentLifecycleListener.java +++ b/components/device-mgt/org.wso2.carbon.device.mgt.core/src/main/java/org/wso2/carbon/device/mgt/core/config/permission/lifecycle/WebAppDeploymentLifecycleListener.java @@ -26,7 +26,7 @@ import org.apache.commons.logging.Log; import org.apache.commons.logging.LogFactory; import org.wso2.carbon.device.mgt.common.permission.mgt.PermissionManagementException; import org.wso2.carbon.device.mgt.core.config.permission.PermissionConfiguration; -import org.wso2.carbon.device.mgt.core.permission.mgt.RegistryBasedPermissionManagerServiceImpl; +import org.wso2.carbon.device.mgt.core.permission.mgt.PermissionManagerServiceImpl; import javax.servlet.ServletContext; import javax.xml.bind.JAXBContext; @@ -35,6 +35,10 @@ import javax.xml.bind.Unmarshaller; import java.io.File; import java.io.InputStream; +/** + * This listener class will initiate the permission addition of permissions defined in + * permission.xml of any web-app. + */ @SuppressWarnings("unused") public class WebAppDeploymentLifecycleListener implements LifecycleListener { @@ -56,7 +60,7 @@ public class WebAppDeploymentLifecycleListener implements LifecycleListener { unmarshaller.unmarshal(permissionStream); if (permissionConfiguration != null && permissionConfiguration.getPermissions() != null) { - RegistryBasedPermissionManagerServiceImpl.getInstance().addPermissions( + PermissionManagerServiceImpl.getInstance().addPermissions( permissionConfiguration.getPermissions()); } } diff --git a/components/device-mgt/org.wso2.carbon.device.mgt.core/src/main/java/org/wso2/carbon/device/mgt/core/internal/DeviceManagementServiceComponent.java b/components/device-mgt/org.wso2.carbon.device.mgt.core/src/main/java/org/wso2/carbon/device/mgt/core/internal/DeviceManagementServiceComponent.java index bca5e6b345b..ff5723cc223 100644 --- a/components/device-mgt/org.wso2.carbon.device.mgt.core/src/main/java/org/wso2/carbon/device/mgt/core/internal/DeviceManagementServiceComponent.java +++ b/components/device-mgt/org.wso2.carbon.device.mgt.core/src/main/java/org/wso2/carbon/device/mgt/core/internal/DeviceManagementServiceComponent.java @@ -45,7 +45,7 @@ import org.wso2.carbon.device.mgt.core.notification.mgt.NotificationManagementSe import org.wso2.carbon.device.mgt.core.notification.mgt.dao.NotificationManagementDAOFactory; import org.wso2.carbon.device.mgt.core.operation.mgt.OperationManagerImpl; import org.wso2.carbon.device.mgt.core.operation.mgt.dao.OperationManagementDAOFactory; -import org.wso2.carbon.device.mgt.core.permission.mgt.RegistryBasedPermissionManagerServiceImpl; +import org.wso2.carbon.device.mgt.core.permission.mgt.PermissionManagerServiceImpl; import org.wso2.carbon.device.mgt.core.service.DeviceManagementProviderService; import org.wso2.carbon.device.mgt.core.service.DeviceManagementProviderServiceImpl; import org.wso2.carbon.device.mgt.core.util.DeviceManagementSchemaInitializer; @@ -191,7 +191,7 @@ public class DeviceManagementServiceComponent { /* Registering PermissionManager Service */ PermissionManagerService permissionManagerService - = RegistryBasedPermissionManagerServiceImpl.getInstance(); + = PermissionManagerServiceImpl.getInstance(); bundleContext.registerService(PermissionManagerService.class.getName(), permissionManagerService, null); /* Registering App Management service */ diff --git a/components/device-mgt/org.wso2.carbon.device.mgt.core/src/main/java/org/wso2/carbon/device/mgt/core/permission/mgt/RegistryBasedPermissionManagerServiceImpl.java b/components/device-mgt/org.wso2.carbon.device.mgt.core/src/main/java/org/wso2/carbon/device/mgt/core/permission/mgt/PermissionManagerServiceImpl.java similarity index 83% rename from components/device-mgt/org.wso2.carbon.device.mgt.core/src/main/java/org/wso2/carbon/device/mgt/core/permission/mgt/RegistryBasedPermissionManagerServiceImpl.java rename to components/device-mgt/org.wso2.carbon.device.mgt.core/src/main/java/org/wso2/carbon/device/mgt/core/permission/mgt/PermissionManagerServiceImpl.java index b4131be1777..5ea3a09e844 100644 --- a/components/device-mgt/org.wso2.carbon.device.mgt.core/src/main/java/org/wso2/carbon/device/mgt/core/permission/mgt/RegistryBasedPermissionManagerServiceImpl.java +++ b/components/device-mgt/org.wso2.carbon.device.mgt.core/src/main/java/org/wso2/carbon/device/mgt/core/permission/mgt/PermissionManagerServiceImpl.java @@ -29,21 +29,21 @@ import java.util.Properties; * This class will add, update custom permissions defined in permission.xml in webapps and it will * use Registry as the persistence storage. */ -public class RegistryBasedPermissionManagerServiceImpl implements PermissionManagerService { +public class PermissionManagerServiceImpl implements PermissionManagerService { public static final String URL_PROPERTY = "URL"; public static final String HTTP_METHOD_PROPERTY = "HTTP_METHOD"; - private static RegistryBasedPermissionManagerServiceImpl registryBasedPermissionManager; + private static PermissionManagerServiceImpl registryBasedPermissionManager; private static PermissionTree permissionTree; // holds the permissions at runtime. - private RegistryBasedPermissionManagerServiceImpl() { + private PermissionManagerServiceImpl() { } - public static RegistryBasedPermissionManagerServiceImpl getInstance() { + public static PermissionManagerServiceImpl getInstance() { if (registryBasedPermissionManager == null) { - synchronized (RegistryBasedPermissionManagerServiceImpl.class) { + synchronized (PermissionManagerServiceImpl.class) { if (registryBasedPermissionManager == null) { - registryBasedPermissionManager = new RegistryBasedPermissionManagerServiceImpl(); + registryBasedPermissionManager = new PermissionManagerServiceImpl(); permissionTree = new PermissionTree(); } } diff --git a/components/device-mgt/org.wso2.carbon.device.mgt.core/src/main/java/org/wso2/carbon/device/mgt/core/permission/mgt/PermissionUtils.java b/components/device-mgt/org.wso2.carbon.device.mgt.core/src/main/java/org/wso2/carbon/device/mgt/core/permission/mgt/PermissionUtils.java index 03ba2bd90e0..35733cd7ca5 100644 --- a/components/device-mgt/org.wso2.carbon.device.mgt.core/src/main/java/org/wso2/carbon/device/mgt/core/permission/mgt/PermissionUtils.java +++ b/components/device-mgt/org.wso2.carbon.device.mgt.core/src/main/java/org/wso2/carbon/device/mgt/core/permission/mgt/PermissionUtils.java @@ -31,6 +31,7 @@ import org.wso2.carbon.registry.core.Registry; import javax.xml.parsers.DocumentBuilder; import javax.xml.parsers.DocumentBuilderFactory; import java.io.File; +import java.util.StringTokenizer; /** * Utility class which holds necessary utility methods required for persisting permissions in @@ -71,12 +72,16 @@ public class PermissionUtils { throws PermissionManagementException { boolean status; try { - Resource resource = PermissionUtils.getGovernanceRegistry().newCollection(); - resource.addProperty(PERMISSION_PROPERTY_NAME, permission.getName()); - PermissionUtils.getGovernanceRegistry().beginTransaction(); - PermissionUtils.getGovernanceRegistry().put(ADMIN_PERMISSION_REGISTRY_PATH + - permission.getPath(), resource); - PermissionUtils.getGovernanceRegistry().commitTransaction(); + StringTokenizer tokenizer = new StringTokenizer(permission.getPath(), "/"); + String lastToken = "", currentToken, tempPath; + while(tokenizer.hasMoreTokens()){ + currentToken = tokenizer.nextToken(); + tempPath = lastToken + "/" + currentToken; + if(!checkResourceExists(tempPath)){ + createRegistryCollection(tempPath, currentToken.substring(0)); + } + lastToken = tempPath; + } status = true; } catch (RegistryException e) { throw new PermissionManagementException( @@ -86,10 +91,21 @@ public class PermissionUtils { return status; } - public static boolean checkPermissionExistence(Permission permission) + public static void createRegistryCollection(String path, String resourceName) + throws PermissionManagementException, + RegistryException { + Resource resource = PermissionUtils.getGovernanceRegistry().newCollection(); + resource.addProperty(PERMISSION_PROPERTY_NAME, resourceName); + PermissionUtils.getGovernanceRegistry().beginTransaction(); + PermissionUtils.getGovernanceRegistry().put(ADMIN_PERMISSION_REGISTRY_PATH + + path, resource); + PermissionUtils.getGovernanceRegistry().commitTransaction(); + } + + public static boolean checkResourceExists(String path) throws PermissionManagementException, org.wso2.carbon.registry.core.exceptions.RegistryException { - return PermissionUtils.getGovernanceRegistry().resourceExists(permission.getPath()); + return PermissionUtils.getGovernanceRegistry().resourceExists(path); } public static Document convertToDocument(File file) throws PermissionManagementException { diff --git a/components/identity-extensions/dynamic-client-registration/org.wso2.carbon.dynamic.client.web.app.registration/src/main/java/org/wso2/carbon/dynamic/client/web/app/registration/DynamicRegistrationManager.java b/components/identity-extensions/dynamic-client-registration/org.wso2.carbon.dynamic.client.web.app.registration/src/main/java/org/wso2/carbon/dynamic/client/web/app/registration/DynamicRegistrationManager.java index a2793873325..bef3b10ae81 100644 --- a/components/identity-extensions/dynamic-client-registration/org.wso2.carbon.dynamic.client.web.app.registration/src/main/java/org/wso2/carbon/dynamic/client/web/app/registration/DynamicRegistrationManager.java +++ b/components/identity-extensions/dynamic-client-registration/org.wso2.carbon.dynamic.client.web.app.registration/src/main/java/org/wso2/carbon/dynamic/client/web/app/registration/DynamicRegistrationManager.java @@ -123,8 +123,8 @@ public class DynamicRegistrationManager { //Check whether this is an already registered application if (!dynamicRegistrationManager.isRegisteredOAuthApplication(webAppName)) { //Construct the RegistrationProfile - registrationProfile = DynamicClientWebAppRegistrationUtil - .constructRegistrationProfile(servletContext, webAppName); + registrationProfile = DynamicClientWebAppRegistrationUtil. + constructRegistrationProfile(servletContext, webAppName); //Register the OAuth application oAuthApp = dynamicRegistrationManager.registerOAuthApplication( registrationProfile); diff --git a/components/identity-extensions/org.wso2.carbon.device.mgt.oauth.extensions/src/main/java/org/wso2/carbon/device/mgt/oauth/extensions/OAuthExtensionsUtils.java b/components/identity-extensions/org.wso2.carbon.device.mgt.oauth.extensions/src/main/java/org/wso2/carbon/device/mgt/oauth/extensions/OAuthExtensionsUtils.java deleted file mode 100644 index 2356a6affaa..00000000000 --- a/components/identity-extensions/org.wso2.carbon.device.mgt.oauth.extensions/src/main/java/org/wso2/carbon/device/mgt/oauth/extensions/OAuthExtensionsUtils.java +++ /dev/null @@ -1,63 +0,0 @@ -/* - * Copyright (c) 2015, WSO2 Inc. (http://www.wso2.org) All Rights Reserved. - * - * WSO2 Inc. licenses this file to you under the Apache License, - * Version 2.0 (the "License"); you may not use this file except - * in compliance with the License. - * you may obtain a copy of the License at - * - * http://www.apache.org/licenses/LICENSE-2.0 - * - * Unless required by applicable law or agreed to in writing, - * software distributed under the License is distributed on an - * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY - * KIND, either express or implied. See the License for the - * specific language governing permissions and limitations - * under the License. - */ - -package org.wso2.carbon.device.mgt.oauth.extensions; - -import org.wso2.carbon.device.mgt.oauth.extensions.internal.OAuthExtensionsDataHolder; -import org.wso2.carbon.user.api.AuthorizationManager; -import org.wso2.carbon.user.api.UserStoreException; -import org.wso2.carbon.user.api.UserStoreManager; -import org.wso2.carbon.user.core.service.RealmService; - -/** - * Created by harshan on 10/2/15. - */ -public class OAuthExtensionsUtils { - - public static void getRolePermissions(String role){ - RealmService realmService = OAuthExtensionsDataHolder.getInstance().getRealmService(); - try { - int tenantId = realmService.getTenantManager().getTenantId("tenant-domain"); - AuthorizationManager - authorizationManager = realmService.getTenantUserRealm(tenantId).getAuthorizationManager(); - // authorizationManager.is - } catch (UserStoreException e) { - e.printStackTrace(); - } - } - - public static void getUserPermissions(String userName){ - - } - - public static String[] getUserRoles(String userName){ - RealmService realmService = OAuthExtensionsDataHolder.getInstance().getRealmService(); - try { - int tenantId = realmService.getTenantManager().getTenantId("tenant-domain"); - UserStoreManager userStoreManager = realmService.getTenantUserRealm(tenantId).getUserStoreManager(); - return userStoreManager.getRoleListOfUser(userName); - } catch (UserStoreException e) { - e.printStackTrace(); - } - return new String[0]; - } - - public static void getScopePermissions(String scopeKey){ - - } -} diff --git a/components/identity-extensions/org.wso2.carbon.device.mgt.oauth.extensions/src/main/java/org/wso2/carbon/device/mgt/oauth/extensions/handlers/DeviceMgtOAuthCallbackHandler.java b/components/identity-extensions/org.wso2.carbon.device.mgt.oauth.extensions/src/main/java/org/wso2/carbon/device/mgt/oauth/extensions/handlers/DeviceMgtOAuthCallbackHandler.java index 0a785b1c5b6..e621ee4a8b4 100644 --- a/components/identity-extensions/org.wso2.carbon.device.mgt.oauth.extensions/src/main/java/org/wso2/carbon/device/mgt/oauth/extensions/handlers/DeviceMgtOAuthCallbackHandler.java +++ b/components/identity-extensions/org.wso2.carbon.device.mgt.oauth.extensions/src/main/java/org/wso2/carbon/device/mgt/oauth/extensions/handlers/DeviceMgtOAuthCallbackHandler.java @@ -27,7 +27,8 @@ import javax.security.auth.callback.UnsupportedCallbackException; import java.io.IOException; /** - * Created by harshan on 10/1/15. + * This class represents a Custom OAuthCallback Handler implementation. This should be implemented + * if there's any necessity of custom logic to authorize OAuthCallbacks. */ public class DeviceMgtOAuthCallbackHandler extends AbstractOAuthCallbackHandler { @@ -55,7 +56,7 @@ public class DeviceMgtOAuthCallbackHandler extends AbstractOAuthCallbackHandler String[] scopes = oauthCallback.getRequestedScope(); oauthCallback.setApprovedScope(scopes); oauthCallback.setValidScope(true); - //TODO Need to write the necessary logic to validate the scope + //Add the necessary logic if we are doing the scope validation upon token issue } } diff --git a/components/identity-extensions/org.wso2.carbon.device.mgt.oauth.extensions/src/main/java/org/wso2/carbon/device/mgt/oauth/extensions/internal/OAuthExtensionsDataHolder.java b/components/identity-extensions/org.wso2.carbon.device.mgt.oauth.extensions/src/main/java/org/wso2/carbon/device/mgt/oauth/extensions/internal/OAuthExtensionsDataHolder.java index 568dea8a13e..f87ac765d38 100644 --- a/components/identity-extensions/org.wso2.carbon.device.mgt.oauth.extensions/src/main/java/org/wso2/carbon/device/mgt/oauth/extensions/internal/OAuthExtensionsDataHolder.java +++ b/components/identity-extensions/org.wso2.carbon.device.mgt.oauth.extensions/src/main/java/org/wso2/carbon/device/mgt/oauth/extensions/internal/OAuthExtensionsDataHolder.java @@ -23,7 +23,7 @@ import org.wso2.carbon.identity.oauth2.OAuth2TokenValidationService; import org.wso2.carbon.user.core.service.RealmService; /** - * Created by harshan on 10/2/15. + * This holds the OSGi service references required for oauth extensions bundle. */ public class OAuthExtensionsDataHolder { diff --git a/components/identity-extensions/org.wso2.carbon.device.mgt.oauth.extensions/src/main/java/org/wso2/carbon/device/mgt/oauth/extensions/validators/OAuth2TokenValidator.java b/components/identity-extensions/org.wso2.carbon.device.mgt.oauth.extensions/src/main/java/org/wso2/carbon/device/mgt/oauth/extensions/validators/OAuth2TokenValidator.java deleted file mode 100644 index af4e857eab2..00000000000 --- a/components/identity-extensions/org.wso2.carbon.device.mgt.oauth.extensions/src/main/java/org/wso2/carbon/device/mgt/oauth/extensions/validators/OAuth2TokenValidator.java +++ /dev/null @@ -1,37 +0,0 @@ -/* - * Copyright (c) 2015, WSO2 Inc. (http://www.wso2.org) All Rights Reserved. - * - * WSO2 Inc. licenses this file to you under the Apache License, - * Version 2.0 (the "License"); you may not use this file except - * in compliance with the License. - * you may obtain a copy of the License at - * - * http://www.apache.org/licenses/LICENSE-2.0 - * - * Unless required by applicable law or agreed to in writing, - * software distributed under the License is distributed on an - * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY - * KIND, either express or implied. See the License for the - * specific language governing permissions and limitations - * under the License. - */ - -package org.wso2.carbon.device.mgt.oauth.extensions.validators; - -import org.wso2.carbon.identity.oauth2.IdentityOAuth2Exception; -import org.wso2.carbon.identity.oauth2.validators.DefaultOAuth2TokenValidator; -import org.wso2.carbon.identity.oauth2.validators.OAuth2TokenValidationMessageContext; - -/** - * OAuth2 Token validator implementation which supports custom token validation logic specific - * to MDM. - */ -public class OAuth2TokenValidator extends DefaultOAuth2TokenValidator { - - @Override - public boolean validateAccessToken( - OAuth2TokenValidationMessageContext validationReqDTO) throws IdentityOAuth2Exception { - //for now there's no specific logic to handle in token validation - return true; - } -} diff --git a/components/identity-extensions/org.wso2.carbon.device.mgt.oauth.extensions/src/main/java/org/wso2/carbon/device/mgt/oauth/extensions/validators/ScopeValidator.java b/components/identity-extensions/org.wso2.carbon.device.mgt.oauth.extensions/src/main/java/org/wso2/carbon/device/mgt/oauth/extensions/validators/ScopeValidator.java index b8be09e6b77..ed68a04a554 100644 --- a/components/identity-extensions/org.wso2.carbon.device.mgt.oauth.extensions/src/main/java/org/wso2/carbon/device/mgt/oauth/extensions/validators/ScopeValidator.java +++ b/components/identity-extensions/org.wso2.carbon.device.mgt.oauth.extensions/src/main/java/org/wso2/carbon/device/mgt/oauth/extensions/validators/ScopeValidator.java @@ -28,12 +28,14 @@ import org.wso2.carbon.device.mgt.oauth.extensions.internal.OAuthExtensionsDataH import org.wso2.carbon.identity.oauth2.IdentityOAuth2Exception; import org.wso2.carbon.identity.oauth2.model.AccessTokenDO; import org.wso2.carbon.identity.oauth2.validators.OAuth2ScopeValidator; +import org.wso2.carbon.user.api.UserRealm; import org.wso2.carbon.user.api.UserStoreException; import java.util.Properties; /** - * Custom OAuth2Token Scope validation implementation. + * Custom OAuth2Token Scope validation implementation for DeviceManagement. This will validate the + * user permissions before dispatching the HTTP request to the actual endpoint. */ public class ScopeValidator extends OAuth2ScopeValidator { @@ -72,6 +74,11 @@ public class ScopeValidator extends OAuth2ScopeValidator { status = CarbonContext.getThreadLocalCarbonContext().getUserRealm(). getAuthorizationManager().isUserAuthorized(username, permission.getPath(), ScopeValidator.PermissionMethod.READ); + UserRealm userRealm = CarbonContext.getThreadLocalCarbonContext().getUserRealm(); + if(userRealm != null && userRealm.getAuthorizationManager() != null){ + status = userRealm.getAuthorizationManager().isUserAuthorized(username, permission.getPath(), + ScopeValidator.PermissionMethod.READ); + } } catch (PermissionManagementException e) { log.error("Error occurred while validating the resource scope for : " + resource + diff --git a/components/webapp-authenticator-framework/org.wso2.carbon.webapp.authenticator.framework/src/main/java/org/wso2/carbon/webapp/authenticator/framework/authenticator/OAuthAuthenticator.java b/components/webapp-authenticator-framework/org.wso2.carbon.webapp.authenticator.framework/src/main/java/org/wso2/carbon/webapp/authenticator/framework/authenticator/OAuthAuthenticator.java index a3f70e972b7..3fd3027592c 100644 --- a/components/webapp-authenticator-framework/org.wso2.carbon.webapp.authenticator.framework/src/main/java/org/wso2/carbon/webapp/authenticator/framework/authenticator/OAuthAuthenticator.java +++ b/components/webapp-authenticator-framework/org.wso2.carbon.webapp.authenticator.framework/src/main/java/org/wso2/carbon/webapp/authenticator/framework/authenticator/OAuthAuthenticator.java @@ -30,6 +30,7 @@ import org.wso2.carbon.identity.base.IdentityException; import org.wso2.carbon.identity.core.util.IdentityUtil; import org.wso2.carbon.identity.oauth2.dto.OAuth2TokenValidationRequestDTO; import org.wso2.carbon.identity.oauth2.dto.OAuth2TokenValidationResponseDTO; +import org.wso2.carbon.utils.multitenancy.MultitenantUtils; import org.wso2.carbon.webapp.authenticator.framework.AuthenticationException; import org.wso2.carbon.webapp.authenticator.framework.AuthenticationFrameworkUtil; import org.wso2.carbon.webapp.authenticator.framework.Constants; @@ -122,6 +123,8 @@ public class OAuthAuthenticator implements WebappAuthenticator { PrivilegedCarbonContext.getThreadLocalCarbonContext().setTenantId( IdentityUtil.getTenantIdOFUser(username)); PrivilegedCarbonContext.getThreadLocalCarbonContext().setUsername(username); + PrivilegedCarbonContext.getThreadLocalCarbonContext().setTenantDomain( + MultitenantUtils.getTenantDomain(username)); } catch (IdentityException e) { throw new AuthenticationException( "Error occurred while retrieving the tenant ID of user '" + diff --git a/components/webapp-authenticator-framework/org.wso2.carbon.webapp.authenticator.framework/src/main/java/org/wso2/carbon/webapp/authenticator/framework/authorizer/PermissionAuthorizer.java b/components/webapp-authenticator-framework/org.wso2.carbon.webapp.authenticator.framework/src/main/java/org/wso2/carbon/webapp/authenticator/framework/authorizer/PermissionAuthorizer.java index e58f4e0c50f..ce4623b4cba 100644 --- a/components/webapp-authenticator-framework/org.wso2.carbon.webapp.authenticator.framework/src/main/java/org/wso2/carbon/webapp/authenticator/framework/authorizer/PermissionAuthorizer.java +++ b/components/webapp-authenticator-framework/org.wso2.carbon.webapp.authenticator.framework/src/main/java/org/wso2/carbon/webapp/authenticator/framework/authorizer/PermissionAuthorizer.java @@ -25,7 +25,7 @@ import org.apache.commons.logging.LogFactory; import org.wso2.carbon.context.CarbonContext; import org.wso2.carbon.device.mgt.common.permission.mgt.Permission; import org.wso2.carbon.device.mgt.common.permission.mgt.PermissionManagementException; -import org.wso2.carbon.device.mgt.core.permission.mgt.RegistryBasedPermissionManagerServiceImpl; +import org.wso2.carbon.device.mgt.core.permission.mgt.PermissionManagerServiceImpl; import org.wso2.carbon.user.api.UserStoreException; import org.wso2.carbon.webapp.authenticator.framework.Constants; import org.wso2.carbon.webapp.authenticator.framework.authenticator.WebappAuthenticator; @@ -49,7 +49,8 @@ public class PermissionAuthorizer { return WebappAuthenticator.Status.CONTINUE; } - RegistryBasedPermissionManagerServiceImpl registryBasedPermissionManager = RegistryBasedPermissionManagerServiceImpl.getInstance(); + PermissionManagerServiceImpl + registryBasedPermissionManager = PermissionManagerServiceImpl.getInstance(); Properties properties = new Properties(); properties.put("",requestUri); properties.put("",requestMethod);