From 9f481456143ea937269999c5e06301f4dd593960 Mon Sep 17 00:00:00 2001 From: prabathabey Date: Tue, 31 May 2016 13:12:57 +0530 Subject: [PATCH] Improving device admin service impl --- .../admin/DeviceManagementAdminService.java | 3 ++ .../DeviceManagementAdminServiceImpl.java | 23 ++++++++++--- .../util/UnauthorizedAccessException.java | 34 +++++++++++++++++++ 3 files changed, 56 insertions(+), 4 deletions(-) create mode 100644 components/device-mgt/org.wso2.carbon.device.mgt.api/src/main/java/org/wso2/carbon/device/mgt/jaxrs/service/impl/util/UnauthorizedAccessException.java diff --git a/components/device-mgt/org.wso2.carbon.device.mgt.api/src/main/java/org/wso2/carbon/device/mgt/jaxrs/service/api/admin/DeviceManagementAdminService.java b/components/device-mgt/org.wso2.carbon.device.mgt.api/src/main/java/org/wso2/carbon/device/mgt/jaxrs/service/api/admin/DeviceManagementAdminService.java index 2112a89e81a..2ed4403b681 100644 --- a/components/device-mgt/org.wso2.carbon.device.mgt.api/src/main/java/org/wso2/carbon/device/mgt/jaxrs/service/api/admin/DeviceManagementAdminService.java +++ b/components/device-mgt/org.wso2.carbon.device.mgt.api/src/main/java/org/wso2/carbon/device/mgt/jaxrs/service/api/admin/DeviceManagementAdminService.java @@ -65,6 +65,9 @@ public interface DeviceManagementAdminService { @ApiResponse( code = 304, message = "Not Modified. \n Empty body because the client has already the latest version of the requested resource."), + @ApiResponse( + code = 401, + message = "Unauthorized.\n The requested resource access is unauthorized"), @ApiResponse( code = 406, message = "Not Acceptable.\n The requested media type is not supported"), diff --git a/components/device-mgt/org.wso2.carbon.device.mgt.api/src/main/java/org/wso2/carbon/device/mgt/jaxrs/service/impl/admin/DeviceManagementAdminServiceImpl.java b/components/device-mgt/org.wso2.carbon.device.mgt.api/src/main/java/org/wso2/carbon/device/mgt/jaxrs/service/impl/admin/DeviceManagementAdminServiceImpl.java index 9a07245cd25..7c6d7795913 100644 --- a/components/device-mgt/org.wso2.carbon.device.mgt.api/src/main/java/org/wso2/carbon/device/mgt/jaxrs/service/impl/admin/DeviceManagementAdminServiceImpl.java +++ b/components/device-mgt/org.wso2.carbon.device.mgt.api/src/main/java/org/wso2/carbon/device/mgt/jaxrs/service/impl/admin/DeviceManagementAdminServiceImpl.java @@ -20,9 +20,14 @@ package org.wso2.carbon.device.mgt.jaxrs.service.impl.admin; import org.apache.commons.logging.Log; import org.apache.commons.logging.LogFactory; +import org.wso2.carbon.base.MultitenantConstants; +import org.wso2.carbon.context.CarbonContext; +import org.wso2.carbon.context.PrivilegedCarbonContext; import org.wso2.carbon.device.mgt.common.Device; import org.wso2.carbon.device.mgt.common.DeviceManagementException; +import org.wso2.carbon.device.mgt.jaxrs.beans.ErrorResponse; import org.wso2.carbon.device.mgt.jaxrs.service.api.admin.DeviceManagementAdminService; +import org.wso2.carbon.device.mgt.jaxrs.service.impl.util.UnauthorizedAccessException; import org.wso2.carbon.device.mgt.jaxrs.util.DeviceMgtAPIUtils; import javax.ws.rs.*; @@ -45,18 +50,28 @@ public class DeviceManagementAdminServiceImpl implements DeviceManagementAdminSe @HeaderParam("If-Modified-Since") String ifModifiedSince, @QueryParam("offset") int offset, @QueryParam("limit") int limit) { - List devices; try { - devices = DeviceMgtAPIUtils.getDeviceManagementService().getDevicesByName(name); - if (devices == null || devices.size() == 0) { + int currentTenantId = CarbonContext.getThreadLocalCarbonContext().getTenantId(); + if (MultitenantConstants.SUPER_TENANT_ID != currentTenantId) { + throw new UnauthorizedAccessException( + new ErrorResponse.ErrorResponseBuilder().setCode(401l).setMessage( + "Current logged in user is not authorized to perform this operation").build()); + } + PrivilegedCarbonContext.startTenantFlow(); + PrivilegedCarbonContext.getThreadLocalCarbonContext().setTenantDomain(tenantDomain); + + List devices = DeviceMgtAPIUtils.getDeviceManagementService().getDevicesByName(name); + if (devices == null) { return Response.status(Response.Status.NOT_FOUND).entity("No device, which carries the name '" + name + "', is currently enrolled in the system").build(); } return Response.status(Response.Status.OK).entity(devices).build(); } catch (DeviceManagementException e) { - String msg = "ErrorResponse occurred while fetching the devices that carry the name '" + name + "'"; + String msg = "Error occurred while fetching the devices that carry the name '" + name + "'"; log.error(msg, e); return Response.status(Response.Status.INTERNAL_SERVER_ERROR).entity(msg).build(); + } finally { + PrivilegedCarbonContext.endTenantFlow(); } } diff --git a/components/device-mgt/org.wso2.carbon.device.mgt.api/src/main/java/org/wso2/carbon/device/mgt/jaxrs/service/impl/util/UnauthorizedAccessException.java b/components/device-mgt/org.wso2.carbon.device.mgt.api/src/main/java/org/wso2/carbon/device/mgt/jaxrs/service/impl/util/UnauthorizedAccessException.java new file mode 100644 index 00000000000..c0f05c9c57d --- /dev/null +++ b/components/device-mgt/org.wso2.carbon.device.mgt.api/src/main/java/org/wso2/carbon/device/mgt/jaxrs/service/impl/util/UnauthorizedAccessException.java @@ -0,0 +1,34 @@ +/* + * Copyright (c) 2016, WSO2 Inc. (http://www.wso2.org) All Rights Reserved. + * + * WSO2 Inc. licenses this file to you under the Apache License, + * Version 2.0 (the "License"); you may not use this file except + * in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, + * software distributed under the License is distributed on an + * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY + * KIND, either express or implied. See the License for the + * specific language governing permissions and limitations + * under the License. + * + */ +package org.wso2.carbon.device.mgt.jaxrs.service.impl.util; + +import org.wso2.carbon.device.mgt.jaxrs.beans.ErrorResponse; + +import javax.ws.rs.WebApplicationException; +import javax.ws.rs.core.Response; + +public class UnauthorizedAccessException extends WebApplicationException { + + private static final long serialVersionUID = 147943579458906890L; + + public UnauthorizedAccessException(ErrorResponse error) { + super(Response.status(Response.Status.UNAUTHORIZED).entity(error).build()); + } + +}