Fixed conflicts and merged

components/apimgt-extensions/org.wso2.carbon.apimgt.webapp.publisher/src/main/java/org/wso2/carbon/apimgt/webapp/publisher/WebappPublisherUtil.java

@@ -20,6 +20,7 @@ package org.wso2.carbon.apimgt.webapp.publisher;
 
 import org.w3c.dom.Document;
 
+import javax.xml.XMLConstants;
 import javax.xml.parsers.DocumentBuilder;
 import javax.xml.parsers.DocumentBuilderFactory;
 import java.io.File;
@@ -34,6 +35,7 @@ public class WebappPublisherUtil {
         DocumentBuilderFactory factory = DocumentBuilderFactory.newInstance();
         factory.setNamespaceAware(true);
         try {
+            factory.setFeature(XMLConstants.FEATURE_SECURE_PROCESSING, true);
             DocumentBuilder docBuilder = factory.newDocumentBuilder();
             return docBuilder.parse(file);
         } catch (Exception e) {

components/certificate-mgt/org.wso2.carbon.certificate.mgt.core/pom.xml

@@ -56,7 +56,7 @@
                             org.osgi.service.component,
                             org.apache.commons.logging,
                             javax.security.auth.x500,
-                            javax.xml.parsers,
+                            javax.xml.*,
                             org.apache.commons.codec.binary,
                             org.bouncycastle.asn1,
                             org.bouncycastle.asn1.x500,

components/certificate-mgt/org.wso2.carbon.certificate.mgt.core/src/main/java/org/wso2/carbon/certificate/mgt/core/util/CertificateManagerUtil.java

@@ -28,28 +28,25 @@ import org.wso2.carbon.certificate.mgt.core.dao.CertificateManagementDAOUtil;
 import org.wso2.carbon.certificate.mgt.core.exception.CertificateManagementException;
 
 import javax.sql.DataSource;
+import javax.xml.XMLConstants;
 import javax.xml.parsers.DocumentBuilder;
 import javax.xml.parsers.DocumentBuilderFactory;
-import java.io.ByteArrayOutputStream;
 import java.io.File;
-import java.io.ObjectOutputStream;
-import java.util.ArrayList;
-import java.util.HashMap;
 import java.util.Hashtable;
 import java.util.List;
 
 public class CertificateManagerUtil {
 
-    private static final Log log = LogFactory.getLog(CertificateManagerUtil.class);
-
     public static final String GENERAL_CONFIG_RESOURCE_PATH = "general";
     public static final String MONITORING_FREQUENCY = "notifierFrequency";
+    private static final Log log = LogFactory.getLog(CertificateManagerUtil.class);
 
     public static Document convertToDocument(File file) throws CertificateManagementException {
         DocumentBuilderFactory factory = DocumentBuilderFactory.newInstance();
         factory.setNamespaceAware(true);
         try {
             DocumentBuilder docBuilder = factory.newDocumentBuilder();
+            factory.setFeature(XMLConstants.FEATURE_SECURE_PROCESSING, true);
             return docBuilder.parse(file);
         } catch (Exception e) {
             throw new CertificateManagementException("Error occurred while parsing file, while converting " +

components/certificate-mgt/org.wso2.carbon.certificate.mgt.core/src/main/java/org/wso2/carbon/certificate/mgt/core/util/ConfigurationUtil.java

@@ -21,6 +21,8 @@ import org.w3c.dom.Document;
 import org.w3c.dom.NodeList;
 import org.wso2.carbon.certificate.mgt.core.exception.KeystoreException;
 import org.xml.sax.SAXException;
+
+import javax.xml.XMLConstants;
 import javax.xml.parsers.DocumentBuilder;
 import javax.xml.parsers.DocumentBuilderFactory;
 import javax.xml.parsers.ParserConfigurationException;
@@ -48,22 +50,19 @@ public class ConfigurationUtil {
 	public static final String POST_BODY_CA_CAPS = "POSTPKIOperation\nSHA-1\nDES3\n";
 	public static final String DES_EDE = "DESede";
 	public static final String CONF_LOCATION = "conf.location";
-    private static final String CARBON_HOME = "carbon.home";
-    private static final String CERTIFICATE_CONFIG_XML = "certificate-config.xml";
-    private static final String CARBON_HOME_ENTRY = "${carbon.home}";
     public static final String DEFAULT_PRINCIPAL = "O=WSO2, OU=Mobile, C=LK";
     public static final String RSA_PRIVATE_KEY_BEGIN_TEXT = "-----BEGIN RSA PRIVATE KEY-----\n";
     public static final String RSA_PRIVATE_KEY_END_TEXT = "-----END RSA PRIVATE KEY-----";
     public static final String EMPTY_TEXT = "";
 	public static final int RSA_KEY_LENGTH = 1024;
 	public static final long MILLI_SECONDS = 1000L * 60 * 60 * 24;
-
-
-	private static ConfigurationUtil configurationUtil;
+	private static final String CARBON_HOME = "carbon.home";
+	private static final String CERTIFICATE_CONFIG_XML = "certificate-config.xml";
+	private static final String CARBON_HOME_ENTRY = "${carbon.home}";
 	private static final String[] certificateConfigEntryNames = { CA_CERT_ALIAS, RA_CERT_ALIAS,
 			CERTIFICATE_KEYSTORE, PATH_CERTIFICATE_KEYSTORE, CERTIFICATE_KEYSTORE_PASSWORD,
 			KEYSTORE_CA_CERT_PRIV_PASSWORD, KEYSTORE_RA_CERT_PRIV_PASSWORD };
-
+	private static ConfigurationUtil configurationUtil;
 	private static Map<String, String> configMap;
 
 	private static Map<String, String> readCertificateConfigurations() throws KeystoreException {
@@ -79,6 +78,7 @@ public class ConfigurationUtil {
 			try {
 				File fXmlFile = new File(certConfLocation);
 				DocumentBuilderFactory documentBuilderFactory = DocumentBuilderFactory.newInstance();
+				documentBuilderFactory.setFeature(XMLConstants.FEATURE_SECURE_PROCESSING, true);
 				DocumentBuilder documentBuilder = documentBuilderFactory.newDocumentBuilder();
 				document = documentBuilder.parse(fXmlFile);
 			} catch (ParserConfigurationException e) {

components/device-mgt/org.wso2.carbon.device.mgt.analytics.data.publisher/pom.xml

@@ -121,9 +121,7 @@
                             org.wso2.carbon.registry.common.*;version="${carbon.registry.imp.pkg.version.range}",
                             org.wso2.carbon.registry.indexing.*; version="${carbon.registry.imp.pkg.version.range}",
                             org.json;version="${commons-json.version}",
-                            javax.xml.bind,
-                            javax.xml.bind.annotation,
-                            javax.xml.parsers,
+                            javax.xml.*,
                             org.w3c.dom,
                             org.wso2.carbon.base
                         </Import-Package>

components/device-mgt/org.wso2.carbon.device.mgt.analytics.data.publisher/src/main/java/org/wso2/carbon/device/mgt/analytics/data/publisher/DataPublisherUtil.java

@@ -21,6 +21,7 @@ package org.wso2.carbon.device.mgt.analytics.data.publisher;
 import org.w3c.dom.Document;
 import org.wso2.carbon.device.mgt.analytics.data.publisher.exception.DataPublisherConfigurationException;
 
+import javax.xml.XMLConstants;
 import javax.xml.parsers.DocumentBuilder;
 import javax.xml.parsers.DocumentBuilderFactory;
 import java.io.File;
@@ -32,6 +33,7 @@ public class DataPublisherUtil {
         factory.setNamespaceAware(true);
         try {
             DocumentBuilder docBuilder = factory.newDocumentBuilder();
+            factory.setFeature(XMLConstants.FEATURE_SECURE_PROCESSING, true);
             return docBuilder.parse(file);
         } catch (Exception e) {
             throw new DataPublisherConfigurationException("Error occurred while parsing file, while converting " +

components/device-mgt/org.wso2.carbon.device.mgt.api/src/main/java/org/wso2/carbon/device/mgt/jaxrs/service/impl/PolicyManagementServiceImpl.java

@@ -28,18 +28,18 @@ import org.wso2.carbon.device.mgt.common.authorization.DeviceAccessAuthorization
 import org.wso2.carbon.device.mgt.common.authorization.DeviceAccessAuthorizationService;
 import org.wso2.carbon.device.mgt.core.internal.DeviceManagementDataHolder;
 import org.wso2.carbon.device.mgt.jaxrs.beans.ErrorResponse;
+import org.wso2.carbon.device.mgt.jaxrs.beans.PolicyList;
 import org.wso2.carbon.device.mgt.jaxrs.beans.PolicyWrapper;
+import org.wso2.carbon.device.mgt.jaxrs.beans.PriorityUpdatedPolicyWrapper;
 import org.wso2.carbon.device.mgt.jaxrs.service.api.PolicyManagementService;
-import org.wso2.carbon.device.mgt.jaxrs.service.impl.util.*;
-import org.wso2.carbon.device.mgt.jaxrs.beans.PolicyList;
 import org.wso2.carbon.device.mgt.jaxrs.service.impl.util.FilteringUtil;
+import org.wso2.carbon.device.mgt.jaxrs.service.impl.util.RequestValidationUtil;
 import org.wso2.carbon.device.mgt.jaxrs.util.DeviceMgtAPIUtils;
 import org.wso2.carbon.device.mgt.jaxrs.util.DeviceMgtUtil;
 import org.wso2.carbon.policy.mgt.common.Policy;
 import org.wso2.carbon.policy.mgt.common.PolicyAdministratorPoint;
 import org.wso2.carbon.policy.mgt.common.PolicyManagementException;
 import org.wso2.carbon.policy.mgt.core.PolicyManagerService;
-import org.wso2.carbon.device.mgt.jaxrs.beans.PriorityUpdatedPolicyWrapper;
 
 import javax.ws.rs.*;
 import javax.ws.rs.core.MediaType;
@@ -122,7 +122,7 @@ public class PolicyManagementServiceImpl implements PolicyManagementService {
         policy.setUsers(policyWrapper.getUsers());
         policy.setCompliance(policyWrapper.getCompliance());
         //TODO iterates the device identifiers to create the object. need to implement a proper DAO layer here.
-        List<Device> devices = null;
+        List<Device> devices = new ArrayList<Device>();
         List<DeviceIdentifier> deviceIdentifiers = policyWrapper.getDeviceIdentifiers();
         if (deviceIdentifiers != null) {
             for (DeviceIdentifier id : deviceIdentifiers) {

components/device-mgt/org.wso2.carbon.device.mgt.api/src/main/java/org/wso2/carbon/device/mgt/jaxrs/service/impl/UserManagementServiceImpl.java

@@ -37,6 +37,7 @@ import javax.ws.rs.core.MediaType;
 import javax.ws.rs.core.Response;
 import java.net.URI;
 import java.net.URISyntaxException;
+import java.security.SecureRandom;
 import java.util.*;
 
 @Path("/users")
@@ -395,7 +396,7 @@ public class UserManagementServiceImpl implements UserManagementService {
         String lowerCaseCharset = "abcdefghijklmnopqrstuvwxyz";
         String upperCaseCharset = "ABCDEFGHIJKLMNOPQRSTUVWXYZ";
         String numericCharset = "0123456789";
-        Random randomGenerator = new Random();
+        SecureRandom randomGenerator = new SecureRandom();
         String totalCharset = lowerCaseCharset + upperCaseCharset + numericCharset;
         int totalCharsetLength = totalCharset.length();
         StringBuilder initialUserPassword = new StringBuilder();

components/device-mgt/org.wso2.carbon.device.mgt.core/src/main/java/org/wso2/carbon/device/mgt/core/operation/mgt/dao/impl/CommandOperationDAOImpl.java

@@ -99,7 +99,7 @@ public class CommandOperationDAOImpl extends GenericOperationDAOImpl {
 
             if (rs.next()) {
                 commandOperation = new CommandOperation();
-                commandOperation.setEnabled(rs.getInt("ENABLED") != 0);
+                commandOperation.setEnabled(rs.getBoolean("ENABLED"));
             }
         } catch (SQLException e) {
             throw new OperationManagementDAOException("SQL Error occurred while retrieving the command operation " +

components/device-mgt/org.wso2.carbon.device.mgt.core/src/main/java/org/wso2/carbon/device/mgt/core/permission/mgt/PermissionUtils.java

@@ -20,7 +20,6 @@ package org.wso2.carbon.device.mgt.core.permission.mgt;
 
 import org.w3c.dom.Document;
 import org.wso2.carbon.context.PrivilegedCarbonContext;
-import org.wso2.carbon.device.mgt.common.DeviceManagementException;
 import org.wso2.carbon.device.mgt.common.permission.mgt.Permission;
 import org.wso2.carbon.device.mgt.common.permission.mgt.PermissionManagementException;
 import org.wso2.carbon.device.mgt.core.internal.DeviceManagementDataHolder;
@@ -28,6 +27,7 @@ import org.wso2.carbon.registry.api.RegistryException;
 import org.wso2.carbon.registry.api.Resource;
 import org.wso2.carbon.registry.core.Registry;
 
+import javax.xml.XMLConstants;
 import javax.xml.parsers.DocumentBuilder;
 import javax.xml.parsers.DocumentBuilderFactory;
 import java.io.File;
@@ -116,16 +116,17 @@ public class PermissionUtils {
         return PermissionUtils.getGovernanceRegistry().resourceExists(path);
     }
 
-    public static Document convertToDocument(File file) throws PermissionManagementException {
-        DocumentBuilderFactory factory = DocumentBuilderFactory.newInstance();
-        factory.setNamespaceAware(true);
-        try {
-            DocumentBuilder docBuilder = factory.newDocumentBuilder();
-            return docBuilder.parse(file);
-        } catch (Exception e) {
-            throw new PermissionManagementException("Error occurred while parsing file, while converting " +
-                    "to a org.w3c.dom.Document", e);
-        }
-    }
+	public static Document convertToDocument(File file) throws PermissionManagementException {
+		DocumentBuilderFactory factory = DocumentBuilderFactory.newInstance();
+		factory.setNamespaceAware(true);
+		try {
+			DocumentBuilder docBuilder = factory.newDocumentBuilder();
+			factory.setFeature(XMLConstants.FEATURE_SECURE_PROCESSING, true);
+			return docBuilder.parse(file);
+		} catch (Exception e) {
+			throw new PermissionManagementException("Error occurred while parsing file, while converting " +
+			                                    "to a org.w3c.dom.Document", e);
+		}
+	}
 
 }

components/device-mgt/org.wso2.carbon.device.mgt.core/src/main/java/org/wso2/carbon/device/mgt/core/search/mgt/Constants.java

@@ -21,8 +21,8 @@ package org.wso2.carbon.device.mgt.core.search.mgt;
 
 public class Constants {
 
-    public static String GENERAL = "GENERAL";
-    public static String PROP_AND = "PROP_AND";
-    public static String PROP_OR = "PROP_OR";
-    public static String LOCATION = "LOCATION";
+    public static final String GENERAL = "GENERAL";
+    public static final String PROP_AND = "PROP_AND";
+    public static final String PROP_OR = "PROP_OR";
+    public static final String LOCATION = "LOCATION";
 }

components/device-mgt/org.wso2.carbon.device.mgt.core/src/main/java/org/wso2/carbon/device/mgt/core/service/DeviceManagementProviderServiceImpl.java

@@ -392,7 +392,7 @@ public class DeviceManagementProviderServiceImpl implements DeviceManagementProv
                 }
             } catch (DeviceDetailsMgtDAOException e) {
                 log.error("Error occurred while retrieving advance info of '" + device.getType() +
-                        "' that carries the id '" + device.getDeviceIdentifier() + "'");
+                        "' that carries the id '" + device.getDeviceIdentifier() + "'", e);
             } catch (SQLException e) {
                 log.error("Error occurred while opening a connection to the data source", e);
             } finally {

components/device-mgt/org.wso2.carbon.device.mgt.core/src/main/java/org/wso2/carbon/device/mgt/core/util/DeviceManagerUtil.java

@@ -21,7 +21,6 @@ import org.apache.commons.logging.Log;
 import org.apache.commons.logging.LogFactory;
 import org.w3c.dom.Document;
 import org.wso2.carbon.base.MultitenantConstants;
-import org.wso2.carbon.context.PrivilegedCarbonContext;
 import org.wso2.carbon.device.mgt.common.Device;
 import org.wso2.carbon.device.mgt.common.DeviceIdentifier;
 import org.wso2.carbon.device.mgt.common.DeviceManagementException;
@@ -41,14 +40,11 @@ import org.wso2.carbon.utils.ConfigurationContextService;
 import org.wso2.carbon.utils.NetworkUtils;
 
 import javax.sql.DataSource;
+import javax.xml.XMLConstants;
 import javax.xml.parsers.DocumentBuilder;
 import javax.xml.parsers.DocumentBuilderFactory;
 import java.io.File;
 import java.util.*;
-import java.util.HashMap;
-import java.util.Hashtable;
-import java.util.List;
-import java.util.Map;
 
 
 public final class DeviceManagerUtil {
@@ -60,6 +56,7 @@ public final class DeviceManagerUtil {
         factory.setNamespaceAware(true);
         try {
             DocumentBuilder docBuilder = factory.newDocumentBuilder();
+            factory.setFeature(XMLConstants.FEATURE_SECURE_PROCESSING, true);
             return docBuilder.parse(file);
         } catch (Exception e) {
             throw new DeviceManagementException("Error occurred while parsing file, while converting " +

components/device-mgt/org.wso2.carbon.device.mgt.core/src/test/java/org/wso2/carbon/device/mgt/core/common/TestDataHolder.java

@@ -27,13 +27,13 @@ import java.util.Properties;
 
 public class TestDataHolder {
 
+    public final static String TEST_DEVICE_TYPE = "Test";
+    public final static Integer SUPER_TENANT_ID = -1234;
+    public final static String SUPER_TENANT_DOMAIN = "carbon.super";
+    public final static String initialDeviceIdentifier = "12345";
+    public final static String OWNER = "admin";
     public static Device initialTestDevice;
     public static DeviceType initialTestDeviceType;
-    public static String TEST_DEVICE_TYPE = "Test";
-    public static Integer SUPER_TENANT_ID = -1234;
-    public static String SUPER_TENANT_DOMAIN="carbon.super";
-    public static String initialDeviceIdentifier = "12345";
-    public static String OWNER = "admin";
 
     public static Device generateDummyDeviceData(String deviceType){
 

components/device-mgt/org.wso2.carbon.device.mgt.ui/src/main/resources/jaggeryapps/devicemgt/api/data-tables-invoker-api.jag

@@ -0,0 +1,59 @@
+<%
+/*
+ * Copyright (c) 2015, WSO2 Inc. (http://www.wso2.org) All Rights Reserved.
+ *
+ * WSO2 Inc. licenses this file to you under the Apache License,
+ * Version 2.0 (the "License"); you may not use this file except
+ * in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ *      http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing,
+ * software distributed under the License is distributed on an
+ * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND,
+ * either express or implied. See the License for the
+ * specific language governing permissions and limitations
+ * under the License.
+ */
+
+var log = new Log("api/data-tables-invoker-api.jag");
+
+var uri = request.getRequestURI();
+var uriMatcher = new URIMatcher(String(uri));
+
+var devicemgtProps = require('/app/conf/devicemgt-props.js').config();
+var serviceInvokers = require("/app/modules/backend-service-invoker.js")["backendServiceInvoker"];
+
+if (uriMatcher.match("/{context}/api/data-tables/invoker")) {
+    var url = request.getParameter("url");
+    var targetURL;
+    var payload = request.getContent();
+
+    function appendQueryParam (url, queryParam , value) {
+        if (url.indexOf("?") > 0) {
+            return url + "&" + queryParam + "=" + value;
+        }
+        return url + "?" + queryParam + "=" + value;
+    }
+    targetURL = devicemgtProps["httpsURL"] + request.getParameter("url");
+
+    var allParams = request.getAllParameters();
+
+    for (var key in allParams) {
+        if (allParams.hasOwnProperty(key)) {
+            if(key == "limit" || key == "offset" || key == "filter"){
+                targetURL = appendQueryParam(targetURL, key, allParams[key]);
+            }
+        }
+    }
+
+    serviceInvokers.XMLHttp.get(
+        targetURL,
+        // response callback
+        function (backendResponse) {
+            response["status"] = backendResponse["status"];
+            response["content"] =  backendResponse["responseText"];
+        }
+    );
+}

components/device-mgt/org.wso2.carbon.device.mgt.ui/src/main/resources/jaggeryapps/devicemgt/api/invoker-api.jag

@@ -17,94 +17,88 @@
  * under the License.
  */
 
+var log = new Log("api/invoker-api.jag");
+
 var uri = request.getRequestURI();
 var uriMatcher = new URIMatcher(String(uri));
 
-var log = new Log("api/invoker-api.jag");
-
 var constants = require("/app/modules/constants.js");
 var devicemgtProps = require('/app/conf/devicemgt-props.js').config();
-var serviceInvokers = require("/app/modules/backend-service-invoker.js").backendServiceInvoker;
-
-var result;
+var serviceInvokers = require("/app/modules/backend-service-invoker.js")["backendServiceInvoker"];
 
 if (uriMatcher.match("/{context}/api/invoker/execute/")) {
-    var method = request.getContent().actionMethod;
-    var targetURL = getTargetUrl(devicemgtProps.httpsURL, request.getContent().actionUrl);
-    var payload = request.getContent().actionPayload;
-    var contentType = request.getHeader(constants.CONTENT_TYPE_IDENTIFIER);
-    var acceptType = request.getHeader(constants.ACCEPT_IDENTIFIER);
-    if (method == undefined && payload == undefined) {
-        method = parse(request.getContent()).actionMethod;
-        targetURL = getTargetUrl(devicemgtProps.httpsURL, parse(request.getContent()).actionUrl);
-        payload = parse(request.getContent()).actionPayload;
+    var restAPIRequestDetails = request.getContent();
+
+    var requestMethod = restAPIRequestDetails["requestMethod"];
+    var requestURL = restAPIRequestDetails["requestURL"];
+    var requestPayload = restAPIRequestDetails["requestPayload"];
+
+    if (!requestMethod) {
+        requestMethod = parse(restAPIRequestDetails)["requestMethod"];
+    }
+
+    if (!requestURL) {
+        requestURL = parse(restAPIRequestDetails)["requestURL"];
     }
+
+    if (!requestPayload) {
+        requestPayload = parse(restAPIRequestDetails)["requestPayload"];
+    }
+
+    var restAPIEndpoint = devicemgtProps["httpsURL"] + requestURL;
+
     try {
-        switch (method) {
-            case constants.HTTP_GET:
-                var responseData = serviceInvokers.XMLHttp.get(
-                        targetURL, function (responsePayload) {
-                            response.status = 200;
-                            response.content = responsePayload;
-                        },
-                        function (responsePayload) {
-                            response.status = responsePayload.status;
-                            response.content = responsePayload.responseText;
-                        },
-                        contentType,
-                        acceptType);
+        switch (requestMethod) {
+            case constants["HTTP_GET"]:
+                serviceInvokers.XMLHttp.get(
+                    restAPIEndpoint,
+                    function (restAPIResponse) {
+                        response["status"] = restAPIResponse["status"];
+                        if (restAPIResponse["responseText"]) {
+                            response["content"] = restAPIResponse["responseText"];
+                        }
+                    }
+                );
                 break;
-            case constants.HTTP_POST:
-                var responseData = serviceInvokers.XMLHttp.post(
-                        targetURL, payload, function (responsePayload) {
-                            response.status = 200;
-                            response.content = responsePayload;
-                        },
-                        function (responsePayload) {
-                            response.status = responsePayload.status;
-                            response.content = responsePayload.responseText;
-                        },
-                        contentType,
-                        acceptType);
+            case constants["HTTP_POST"]:
+                serviceInvokers.XMLHttp.post(
+                    restAPIEndpoint,
+                    requestPayload,
+                    function (restAPIResponse) {
+                        response["status"] = restAPIResponse["status"];
+                        if (restAPIResponse["responseText"]) {
+                            response["content"] = restAPIResponse["responseText"];
+                        }
+                    }
+                );
                 break;
-            case constants.HTTP_PUT:
-                var responseData = serviceInvokers.XMLHttp.put(
-                        targetURL, payload, function (responsePayload) {
-                            response.status = 200;
-                            response.content = responsePayload;
-                        },
-                        function (responsePayload) {
-                            response.status = responsePayload.status;
-                            response.content = responsePayload.responseText;
-                        },
-                        contentType,
-                        acceptType);
+            case constants["HTTP_PUT"]:
+                serviceInvokers.XMLHttp.put(
+                    restAPIEndpoint,
+                    requestPayload,
+                    function (restAPIResponse) {
+                        response["status"] = restAPIResponse["status"];
+                        if (restAPIResponse["responseText"]) {
+                            response["content"] = restAPIResponse["responseText"];
+                        }
+                    }
+                );
                 break;
-            case constants.HTTP_DELETE:
-                var responseData = serviceInvokers.XMLHttp.delete(
-                        targetURL, function (responsePayload) {
-                            response.status = 200;
-                            response.content = responsePayload;
-                        },
-                        function (responsePayload) {
-                            response.status = responsePayload.status;
-                            response.content = responsePayload.responseText;
-                        },
-                        contentType,
-                        acceptType);
+            case constants["HTTP_DELETE"]:
+                serviceInvokers.XMLHttp.delete(
+                    restAPIEndpoint,
+                    function (restAPIResponse) {
+                        response["status"] = restAPIResponse["status"];
+                        if (restAPIResponse["responseText"]) {
+                            response["content"] = restAPIResponse["responseText"];
+                        }
+                    }
+                );
                 break;
         }
     } catch (e) {
-        log.error("Exception occurred while accessing sevices", e);
+        log.error("Exception occurred while trying to access backend " +
+            "REST API services from Jaggery API invoker layer", e);
     }
 }
-
-function getTargetUrl(serverUrl, actionUrl){
-    if(actionUrl == undefined || actionUrl.lastIndexOf("http", 0) === 0){
-        return actionUrl;
-    } else {
-        return serverUrl + actionUrl;
-    }
-}
-
 %>

components/device-mgt/org.wso2.carbon.device.mgt.ui/src/main/resources/jaggeryapps/devicemgt/api/operation-api.jag

@@ -0,0 +1,60 @@
+<%
+/*
+ * Copyright (c) 2015, WSO2 Inc. (http://www.wso2.org) All Rights Reserved.
+ *
+ * WSO2 Inc. licenses this file to you under the Apache License,
+ * Version 2.0 (the "License"); you may not use this file except
+ * in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ *      http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing,
+ * software distributed under the License is distributed on an
+ * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND,
+ * either express or implied. See the License for the
+ * specific language governing permissions and limitations
+ * under the License.
+ */
+
+var uri = request.getRequestURI();
+var uriMatcher = new URIMatcher(String(uri));
+
+var log = new Log("api/operation-api.jag");
+
+var serviceInvokers = require("/app/modules/backend-service-invoker.js")["backendServiceInvoker"];
+var devicemgtProps = require('/app/conf/devicemgt-props.js').config();
+
+if (uriMatcher.match("/{context}/api/operation/paginate")) {
+    var deviceType = request.getParameter("deviceType");
+    var deviceId = request.getParameter("deviceId");
+    var index = request.getParameter("start");
+    var length = request.getParameter("length");
+    var search = request.getParameter("search[value]");
+
+    var restAPIEndpoint = devicemgtProps["httpsURL"] + devicemgtProps["backendRestEndpoints"]["deviceMgt"] + "/devices/" +
+        deviceType + "/" + deviceId + "/operations?offset=" + index + "&limit=" + length;
+
+    serviceInvokers.XMLHttp.get(
+        restAPIEndpoint,
+        function (restAPIResponse) {
+            if (restAPIResponse["status"] == 200 && restAPIResponse["responseText"]) {
+                var responsePayload = parse(restAPIResponse["responseText"]);
+
+                var paginatedResult = {};
+                paginatedResult["recordsTotal"] = responsePayload["count"];
+                paginatedResult["recordsFiltered"] = responsePayload["count"];
+                paginatedResult["data"] = responsePayload["operations"];
+
+                response["status"] = 200;
+                response["content"] = paginatedResult;
+            } else {
+                response["status"] = restAPIResponse["status"];
+                if (restAPIResponse["responseText"]) {
+                    response["content"] =  parse(restAPIResponse["responseText"]);
+                }
+            }
+        }
+    );
+}
+%>

components/device-mgt/org.wso2.carbon.device.mgt.ui/src/main/resources/jaggeryapps/devicemgt/api/policy-api.jag

@@ -0,0 +1,52 @@
+<%
+/*
+ * Copyright (c) 2015, WSO2 Inc. (http://www.wso2.org) All Rights Reserved.
+ *
+ * WSO2 Inc. licenses this file to you under the Apache License,
+ * Version 2.0 (the "License"); you may not use this file except
+ * in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ *      http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing,
+ * software distributed under the License is distributed on an
+ * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND,
+ * either express or implied. See the License for the
+ * specific language governing permissions and limitations
+ * under the License.
+ */
+
+/*
+ @Deprecated
+ */
+
+var uri = request.getRequestURI();
+var uriMatcher = new URIMatcher(String(uri));
+
+var log = new Log("api/policy-api.jag");
+
+var constants = require("/modules/constants.js");
+var policyModule = require("/modules/policy.js").policyModule;
+
+var result;
+if (uriMatcher.match("/{context}/api/policies/update")) {
+    payload = request.getContent();
+    policyModule.updatePolicyPriorities(payload);
+} else if (uriMatcher.match("/{context}/api/policies/{id}/delete")) {
+    elements = uriMatcher.elements();
+    policyId = elements.id;
+    try {
+        result = policyModule.deletePolicy(policyId);
+    } catch (e) {
+        log.error("Exception occurred while trying to delete policy for id:" + policyId, e);
+        // http status code 500 refers to - Internal Server Error.
+        result = 500;
+    }
+}
+
+// returning the result.
+if (result) {
+    response.content = result;
+}
+%>

components/email-sender/org.wso2.carbon.email.sender.core/src/main/java/org/wso2/carbon/email/sender/core/EmailSenderUtil.java

@@ -19,11 +19,8 @@
 package org.wso2.carbon.email.sender.core;
 
 import org.w3c.dom.Document;
-import org.wso2.carbon.email.sender.core.internal.EmailSenderDataHolder;
-import org.wso2.carbon.utils.CarbonUtils;
-import org.wso2.carbon.utils.ConfigurationContextService;
-import org.wso2.carbon.utils.NetworkUtils;
 
+import javax.xml.XMLConstants;
 import javax.xml.parsers.DocumentBuilder;
 import javax.xml.parsers.DocumentBuilderFactory;
 import java.io.File;
@@ -35,6 +32,7 @@ public class EmailSenderUtil {
         factory.setNamespaceAware(true);
         try {
             DocumentBuilder docBuilder = factory.newDocumentBuilder();
+            factory.setFeature(XMLConstants.FEATURE_SECURE_PROCESSING, true);
             return docBuilder.parse(file);
         } catch (Exception e) {
             throw new EmailSenderConfigurationFailedException("Error occurred while parsing file, while converting " +

components/identity-extensions/org.wso2.carbon.identity.authenticator.backend.oauth/src/main/java/org/wso2/carbon/identity/authenticator/backend/oauth/OauthAuthenticatorConstants.java

@@ -24,6 +24,6 @@ public class OauthAuthenticatorConstants {
     public static final String BEARER_TOKEN_IDENTIFIER = "token";
     public static final String AUTHENTICATOR_NAME = "OAuthAuthenticator";
     public static final String SPLITING_CHARACTOR = " ";
-    public static String OAUTH_ENDPOINT_POSTFIX =
+    public static final String OAUTH_ENDPOINT_POSTFIX =
             "/services/OAuth2TokenValidationService.OAuth2TokenValidationServiceHttpsSoap12Endpoint/";
 }

components/identity-extensions/org.wso2.carbon.identity.jwt.client.extension/src/main/java/org/wso2/carbon/identity/jwt/client/extension/util/JWTClientUtil.java

@@ -36,11 +36,11 @@ import org.apache.http.util.EntityUtils;
 import org.wso2.carbon.base.MultitenantConstants;
 import org.wso2.carbon.context.PrivilegedCarbonContext;
 import org.wso2.carbon.core.util.KeyStoreManager;
-import org.wso2.carbon.identity.jwt.client.extension.service.JWTClientManagerService;
 import org.wso2.carbon.identity.jwt.client.extension.dto.JWTConfig;
 import org.wso2.carbon.identity.jwt.client.extension.exception.JWTClientConfigurationException;
 import org.wso2.carbon.identity.jwt.client.extension.exception.JWTClientException;
 import org.wso2.carbon.identity.jwt.client.extension.internal.JWTClientExtensionDataHolder;
+import org.wso2.carbon.identity.jwt.client.extension.service.JWTClientManagerService;
 import org.wso2.carbon.registry.core.Registry;
 import org.wso2.carbon.registry.core.Resource;
 import org.wso2.carbon.registry.core.exceptions.RegistryException;
@@ -48,24 +48,15 @@ import org.wso2.carbon.registry.core.service.RegistryService;
 import org.wso2.carbon.registry.core.service.TenantRegistryLoader;
 import org.wso2.carbon.utils.CarbonUtils;
 
-import java.io.BufferedReader;
-import java.io.File;
-import java.io.IOException;
-import java.io.InputStream;
-import java.io.InputStreamReader;
+import java.io.*;
 import java.net.URI;
 import java.net.URL;
-import java.security.KeyManagementException;
-import java.security.KeyStore;
-import java.security.KeyStoreException;
-import java.security.NoSuchAlgorithmException;
-import java.security.UnrecoverableKeyException;
+import java.security.*;
 import java.security.cert.CertificateException;
 import java.security.interfaces.RSAPrivateKey;
 import java.util.Date;
 import java.util.List;
 import java.util.Properties;
-import java.util.Random;
 
 /**
  * This is the utility class that is used for JWT Client.
@@ -210,7 +201,7 @@ public class JWTClientUtil {
 			long nbf = currentTimeMillis + jwtConfig.getValidityPeriodFromCurrentTime() * 60 * 1000;
 			String jti = jwtConfig.getJti();
 			if (jti == null) {
-				String defaultTokenId = currentTimeMillis + "" + new Random().nextInt();
+				String defaultTokenId = currentTimeMillis + "" + new SecureRandom().nextInt();
 				jti = defaultTokenId;
 			}
 			List<String> aud = jwtConfig.getAudiences();

components/policy-mgt/org.wso2.carbon.policy.mgt.core/pom.xml

@@ -60,8 +60,7 @@
                             javax.sql,
                             javax.cache,
                             javax.naming,
-                            javax.xml.bind.*,
-                            javax.xml.parsers.*,
+                            javax.xml.*,
                             org.w3c.dom,
                             org.wso2.carbon.policy.mgt.common.*,
                             org.wso2.carbon.user.core.*,

components/policy-mgt/org.wso2.carbon.policy.mgt.core/src/main/java/org/wso2/carbon/policy/mgt/core/util/PolicyManagerUtil.java

@@ -44,6 +44,7 @@ import javax.cache.Cache;
 import javax.cache.CacheManager;
 import javax.cache.Caching;
 import javax.sql.DataSource;
+import javax.xml.XMLConstants;
 import javax.xml.parsers.DocumentBuilder;
 import javax.xml.parsers.DocumentBuilderFactory;
 import java.io.ByteArrayOutputStream;
@@ -53,17 +54,16 @@ import java.util.*;
 
 public class PolicyManagerUtil {
 
-    private static final Log log = LogFactory.getLog(PolicyManagerUtil.class);
-
     public static final String GENERAL_CONFIG_RESOURCE_PATH = "general";
     public static final String MONITORING_FREQUENCY = "notifierFrequency";
-
+    private static final Log log = LogFactory.getLog(PolicyManagerUtil.class);
 
     public static Document convertToDocument(File file) throws PolicyManagementException {
         DocumentBuilderFactory factory = DocumentBuilderFactory.newInstance();
         factory.setNamespaceAware(true);
         try {
             DocumentBuilder docBuilder = factory.newDocumentBuilder();
+            factory.setFeature(XMLConstants.FEATURE_SECURE_PROCESSING, true);
             return docBuilder.parse(file);
         } catch (Exception e) {
             throw new PolicyManagementException("Error occurred while parsing file, while converting " +
@@ -153,11 +153,7 @@ public class PolicyManagerUtil {
 
     public static boolean convertIntToBoolean(int x) {
 
-        if (x == 1) {
-            return true;
-        } else {
-            return false;
-        }
+        return x == 1;
     }
 
 

components/webapp-authenticator-framework/org.wso2.carbon.webapp.authenticator.framework/src/main/java/org/wso2/carbon/webapp/authenticator/framework/AuthenticationFrameworkUtil.java

@@ -31,6 +31,7 @@ import org.wso2.carbon.context.PrivilegedCarbonContext;
 import org.wso2.carbon.webapp.authenticator.framework.Utils.Utils;
 
 import javax.servlet.http.HttpServletResponse;
+import javax.xml.XMLConstants;
 import javax.xml.parsers.DocumentBuilder;
 import javax.xml.parsers.DocumentBuilderFactory;
 import java.io.File;
@@ -97,6 +98,7 @@ public class AuthenticationFrameworkUtil {
         factory.setNamespaceAware(true);
         try {
             DocumentBuilder docBuilder = factory.newDocumentBuilder();
+            factory.setFeature(XMLConstants.FEATURE_SECURE_PROCESSING, true);
             return docBuilder.parse(file);
         } catch (Exception e) {
             throw new AuthenticatorFrameworkException("Error occurred while parsing file, while converting " +