diff --git a/components/apimgt-extensions/org.wso2.carbon.apimgt.application.extension.api/src/main/java/org/wso2/carbon/apimgt/application/extension/api/filter/ApiPermissionFilter.java b/components/apimgt-extensions/org.wso2.carbon.apimgt.application.extension.api/src/main/java/org/wso2/carbon/apimgt/application/extension/api/filter/ApiPermissionFilter.java index 1f043c7b86e..0c78488a2db 100644 --- a/components/apimgt-extensions/org.wso2.carbon.apimgt.application.extension.api/src/main/java/org/wso2/carbon/apimgt/application/extension/api/filter/ApiPermissionFilter.java +++ b/components/apimgt-extensions/org.wso2.carbon.apimgt.application.extension.api/src/main/java/org/wso2/carbon/apimgt/application/extension/api/filter/ApiPermissionFilter.java @@ -47,6 +47,7 @@ public class ApiPermissionFilter implements Filter { private static final String PERMISSION_PREFIX = "/permission/admin"; private static List permissions; private static final String WEBAPP_CONTEXT = "/api-application-registration"; + private static final String DEFAULT_ADMIN_ROLE = "admin"; @Override public void init(FilterConfig filterConfig) throws ServletException { InputStream permissionStream = filterConfig.getServletContext().getResourceAsStream(PERMISSION_CONFIG_PATH); @@ -122,7 +123,17 @@ public class ApiPermissionFilter implements Filter { UserRealm userRealm = APIUtil.getRealmService().getTenantUserRealm(PrivilegedCarbonContext .getThreadLocalCarbonContext().getTenantId()); String tenantAwareUsername = MultitenantUtils.getTenantAwareUsername(username); - return userRealm.getAuthorizationManager().isUserAuthorized(tenantAwareUsername, permission, action); + boolean status = userRealm.getAuthorizationManager() + .isUserAuthorized(tenantAwareUsername, permission, action); + if (!status) { + String[] roles = userRealm.getUserStoreManager().getRoleListOfUser(tenantAwareUsername); + for (String role : roles) { + if (role.equals(DEFAULT_ADMIN_ROLE)) { + return true; + } + } + } + return status; } catch (UserStoreException e) { String errorMsg = String.format("Unable to authorize the user : %s", username); log.error(errorMsg, e); diff --git a/components/device-mgt/org.wso2.carbon.device.mgt.api/src/main/java/org/wso2/carbon/device/mgt/jaxrs/service/impl/admin/DeviceTypePublisherAdminServiceImpl.java b/components/device-mgt/org.wso2.carbon.device.mgt.api/src/main/java/org/wso2/carbon/device/mgt/jaxrs/service/impl/admin/DeviceTypePublisherAdminServiceImpl.java index 26e552d0e7f..6177a1e43fc 100644 --- a/components/device-mgt/org.wso2.carbon.device.mgt.api/src/main/java/org/wso2/carbon/device/mgt/jaxrs/service/impl/admin/DeviceTypePublisherAdminServiceImpl.java +++ b/components/device-mgt/org.wso2.carbon.device.mgt.api/src/main/java/org/wso2/carbon/device/mgt/jaxrs/service/impl/admin/DeviceTypePublisherAdminServiceImpl.java @@ -20,6 +20,7 @@ package org.wso2.carbon.device.mgt.jaxrs.service.impl.admin; import org.apache.axis2.AxisFault; import org.apache.axis2.client.Options; +import org.apache.axis2.client.Stub; import org.apache.axis2.java.security.SSLProtocolSocketFactory; import org.apache.axis2.transport.http.HTTPConstants; import org.apache.commons.codec.binary.Base64; @@ -119,12 +120,14 @@ public class DeviceTypePublisherAdminServiceImpl implements DeviceTypePublisherA private static final String IOT_MGT_PORT = "${iot.manager.https.port}"; private static final String IOT_MGT_HOST_NAME = "${iot.manager.host}"; private static final String DAS_URL = DEFAULT_HTTP_PROTOCOL + "://" + DAS_HOST_NAME - + ":" + DAS_PORT + "/services/CarbonAppUploader" + "/"; + + ":" + DAS_PORT + "/services/CarbonAppUploader/"; private static final String DAS_EVENT_RECEIVER_EP = DEFAULT_HTTP_PROTOCOL + "://" + DAS_HOST_NAME - + ":" + DAS_PORT + "/services/EventReceiverAdminService" + "/"; + + ":" + DAS_PORT + "/services/EventReceiverAdminService/"; + private static final String DAS_EVENT_STREAM_EP = DEFAULT_HTTP_PROTOCOL + "://" + DAS_HOST_NAME + + ":" + DAS_PORT + "/services/EventStreamAdminService/"; private static final String IOT_MGT_URL = DEFAULT_HTTP_PROTOCOL + "://" + IOT_MGT_HOST_NAME - + ":" + IOT_MGT_PORT + "/services/CarbonAppUploader" + "/"; + + ":" + IOT_MGT_PORT + "/services/CarbonAppUploader/"; private static final String MEDIA_TYPE_XML = "application/xml"; private static final String DEVICE_MANAGEMENT_TYPE = "device_management"; private static final String TENANT_DOMAIN_PROPERTY = "\\$\\{tenant-domain\\}"; @@ -134,7 +137,6 @@ public class DeviceTypePublisherAdminServiceImpl implements DeviceTypePublisherA @POST @Path("/deploy/{type}") public Response doPublish(@PathParam("type") String type) { - try { //Getting the tenant Domain tenantDomain = PrivilegedCarbonContext.getThreadLocalCarbonContext().getTenantDomain(); @@ -159,17 +161,70 @@ public class DeviceTypePublisherAdminServiceImpl implements DeviceTypePublisherA String authValue = AUTHORIZATION_HEADER_VALUE + " " + new String(Base64.encodeBase64( jwtClient.getJwtToken(tenantAdminUser).getBytes())); - List
list = new ArrayList
(); + List
list = new ArrayList<>(); Header httpHeader = new Header(); httpHeader.setName(AUTHORIZATION_HEADER); httpHeader.setValue(authValue); list.add(httpHeader);//"https" + List streamFileList = getStreamsList(type); + List receiverFileList = getReceiversList(type); + + if (!tenantDomain.equals(MultitenantConstants.SUPER_TENANT_DOMAIN_NAME)) { + if (streamFileList != null) { + publishDynamicEventStream(type, MultitenantConstants.SUPER_TENANT_DOMAIN_NAME, streamFileList); + } + if (receiverFileList != null) { + publishDynamicEventReceivers(type, MultitenantConstants.SUPER_TENANT_DOMAIN_NAME, receiverFileList); + } + } + if (deployAnalyticsCapp(type, list)){ + return Response.status(Response.Status.BAD_REQUEST) + .entity("\"Error, Artifact does not exist.\"").build(); + } + if (receiverFileList != null) { + publishDynamicEventReceivers(type, tenantDomain, receiverFileList); + } + int tenantId = PrivilegedCarbonContext.getThreadLocalCarbonContext().getTenantId(); + Registry registry = DeviceMgtAPIUtils.getRegistryService().getConfigSystemRegistry(tenantId); + if (!registry.resourceExists(DEFAULT_RESOURCE_LOCATION + type + ".exist")) { + Resource resource = new ResourceImpl(); + resource.setContent(""); + resource.setMediaType(MEDIA_TYPE_XML); + registry.put(DEFAULT_RESOURCE_LOCATION + type + ".exist", resource); + } + return Response.status(Response.Status.CREATED).entity("\"OK. \\n Successfully uploaded the artifacts.\"") + .build(); + } catch (AxisFault e) { + log.error("failed to publish event definitions for tenantDomain:" + tenantDomain, e); + return Response.status(Response.Status.INTERNAL_SERVER_ERROR).build(); + } catch (RemoteException e) { + log.error("Failed to connect with the remote services:" + tenantDomain, e); + return Response.status(Response.Status.INTERNAL_SERVER_ERROR).build(); + } catch (JWTClientException e) { + log.error("Failed to generate jwt token for tenantDomain:" + tenantDomain, e); + return Response.status(Response.Status.INTERNAL_SERVER_ERROR).build(); + } catch (UserStoreException e) { + log.error("Failed to connect with the user store, tenantDomain: " + tenantDomain, e); + return Response.status(Response.Status.INTERNAL_SERVER_ERROR).build(); + } catch (CertificateException | UnrecoverableKeyException | KeyStoreException | + KeyManagementException | IOException | NoSuchAlgorithmException e) { + log.error("Failed to access keystore for, tenantDomain: " + tenantDomain, e); + return Response.status(Response.Status.INTERNAL_SERVER_ERROR).build(); + } catch (RegistryException e) { + log.error("Failed to load tenant, tenantDomain: " + tenantDomain, e); + return Response.status(Response.Status.INTERNAL_SERVER_ERROR).build(); + } + } + + private boolean deployAnalyticsCapp(@PathParam("type") String type, List
list) throws IOException, RegistryException { + CarbonAppUploaderStub carbonAppUploaderStub = null; + try { File directory = new File(CAR_FILE_LOCATION + File.separator + type); if (directory.isDirectory() && directory.exists()) { UploadedFileItem[] uploadedFileItems = loadCappFromFileSystem(type); if (uploadedFileItems.length > 0) { - CarbonAppUploaderStub carbonAppUploaderStub = new CarbonAppUploaderStub(Utils.replaceSystemProperty( + carbonAppUploaderStub = new CarbonAppUploaderStub(Utils.replaceSystemProperty( IOT_MGT_URL)); Options appUploaderOptions = carbonAppUploaderStub._getServiceClient().getOptions(); if (appUploaderOptions == null) { @@ -198,36 +253,14 @@ public class DeviceTypePublisherAdminServiceImpl implements DeviceTypePublisherA carbonAppUploaderStub._getServiceClient().setOptions(appUploaderOptions); carbonAppUploaderStub.uploadApp(uploadedFileItems); } - int tenantId = PrivilegedCarbonContext.getThreadLocalCarbonContext().getTenantId(); - Registry registry = DeviceMgtAPIUtils.getRegistryService().getConfigSystemRegistry(tenantId); - if (!registry.resourceExists(DEFAULT_RESOURCE_LOCATION + type + ".exist")) { - Resource resource = new ResourceImpl(); - resource.setContent(""); - resource.setMediaType(MEDIA_TYPE_XML); - registry.put(DEFAULT_RESOURCE_LOCATION + type + ".exist", resource); - } - } - - if(!tenantDomain.equals(MultitenantConstants.SUPER_TENANT_DOMAIN_NAME)) { - publishDynamicEventReceivers(type, tenantDomain); } - publishDynamicEventReceivers(type,MultitenantConstants.SUPER_TENANT_DOMAIN_NAME); - publishDynamicEventStream(type,MultitenantConstants.SUPER_TENANT_DOMAIN_NAME); - - } else { - return Response.status(Response.Status.BAD_REQUEST) - .entity("\"Error, Artifact does not exist.\"").build(); + return true; } - - } catch (Exception e) { - log.error("Capp deployment failed due to " + e.getMessage(), e); - return Response.status(Response.Status.INTERNAL_SERVER_ERROR).entity( - "\"Error, Artifact deployment has failed\"").build(); + return false; + } finally { + cleanup(carbonAppUploaderStub); } - - return Response.status(Response.Status.CREATED).entity("\"OK. \\n Successfully uploaded the artifacts.\"") - .build(); } @GET @@ -235,7 +268,7 @@ public class DeviceTypePublisherAdminServiceImpl implements DeviceTypePublisherA @Override public Response getStatus(@PathParam("type") String deviceType) { int tenantId = PrivilegedCarbonContext.getThreadLocalCarbonContext().getTenantId(); - Registry registry = null; + Registry registry; try { registry = DeviceMgtAPIUtils.getRegistryService().getConfigSystemRegistry(tenantId); if (registry.resourceExists(DEFAULT_RESOURCE_LOCATION + deviceType + ".exist")) { @@ -251,19 +284,20 @@ public class DeviceTypePublisherAdminServiceImpl implements DeviceTypePublisherA } - private void publishDynamicEventReceivers(String deviceType, String tenantDomain){ + private void publishDynamicEventReceivers(String deviceType, String tenantDomain, List receiversList) + throws IOException, UserStoreException, JWTClientException { - PrivilegedCarbonContext.getThreadLocalCarbonContext().startTenantFlow(); + PrivilegedCarbonContext.startTenantFlow(); PrivilegedCarbonContext.getThreadLocalCarbonContext().setTenantDomain(tenantDomain, true); - + EventReceiverAdminServiceStub receiverAdminServiceStub = null; try { - - EventReceiverAdminServiceStub receiverAdminServiceStub = new EventReceiverAdminServiceStub(Utils.replaceSystemProperty(DAS_EVENT_RECEIVER_EP)); + receiverAdminServiceStub = new EventReceiverAdminServiceStub + (Utils.replaceSystemProperty(DAS_EVENT_RECEIVER_EP)); Options eventReciverOptions = receiverAdminServiceStub._getServiceClient().getOptions(); if (eventReciverOptions == null) { eventReciverOptions = new Options(); } - String username=null; + String username; if(!tenantDomain.equals(MultitenantConstants.SUPER_TENANT_DOMAIN_NAME)) { username = PrivilegedCarbonContext.getThreadLocalCarbonContext().getUserRealm() .getRealmConfiguration().getAdminUserName()+"@"+tenantDomain; @@ -278,7 +312,7 @@ public class DeviceTypePublisherAdminServiceImpl implements DeviceTypePublisherA String authValue = AUTHORIZATION_HEADER_VALUE + " " + new String(Base64.encodeBase64( jwtClient.getJwtToken(username).getBytes())); - List
list = new ArrayList
(); + List
list = new ArrayList<>(); Header httpHeader = new Header(); httpHeader.setName(AUTHORIZATION_HEADER); httpHeader.setValue(authValue); @@ -287,40 +321,28 @@ public class DeviceTypePublisherAdminServiceImpl implements DeviceTypePublisherA eventReciverOptions.setProperty(HTTPConstants.HTTP_HEADERS, list); eventReciverOptions.setProperty(HTTPConstants.CUSTOM_PROTOCOL_HANDLER , new Protocol(DEFAULT_HTTP_PROTOCOL - , (ProtocolSocketFactory) new SSLProtocolSocketFactory(sslContext) - , Integer.parseInt(Utils.replaceSystemProperty(DAS_PORT)))); + , (ProtocolSocketFactory) new SSLProtocolSocketFactory(sslContext) + , Integer.parseInt(Utils.replaceSystemProperty(DAS_PORT)))); receiverAdminServiceStub._getServiceClient().setOptions(eventReciverOptions); - - List receiversList = getReceiversList(deviceType); for (String receiverContent:receiversList) { receiverAdminServiceStub.deployEventReceiverConfiguration(receiverContent); } - - } catch (AxisFault e) { - log.error("publishing dynamic event receiver is failed due to " + e.getMessage(), e); - } catch (RemoteException e) { - log.error("publishing dynamic event receiver is failed due to " + e.getMessage(), e); - } catch (IOException e) { - log.error("publishing dynamic event receiver is failed due to " + e.getMessage(), e); - } catch (JWTClientException e) { - log.error("publishing dynamic event receiver is failed due to " + e.getMessage(), e); - } catch (UserStoreException e) { - log.error("publishing dynamic event receiver is failed due to " + e.getMessage(), e); } finally { + cleanup(receiverAdminServiceStub); PrivilegedCarbonContext.endTenantFlow(); } } + private void publishDynamicEventStream(String deviceType, String tenantDomain, List streamList) + throws IOException, UserStoreException, JWTClientException { - private void publishDynamicEventStream(String deviceType, String tenantDomain){ - - PrivilegedCarbonContext.getThreadLocalCarbonContext().startTenantFlow(); + PrivilegedCarbonContext.startTenantFlow(); PrivilegedCarbonContext.getThreadLocalCarbonContext().setTenantDomain(tenantDomain, true); - + EventStreamAdminServiceStub eventStreamAdminServiceStub = null; try { - - EventStreamAdminServiceStub eventStreamAdminServiceStub = new EventStreamAdminServiceStub(Utils.replaceSystemProperty(DAS_EVENT_RECEIVER_EP)); + eventStreamAdminServiceStub = new EventStreamAdminServiceStub + (Utils.replaceSystemProperty(DAS_EVENT_STREAM_EP)); Options eventReciverOptions = eventStreamAdminServiceStub._getServiceClient().getOptions(); if (eventReciverOptions == null) { eventReciverOptions = new Options(); @@ -340,7 +362,7 @@ public class DeviceTypePublisherAdminServiceImpl implements DeviceTypePublisherA String authValue = AUTHORIZATION_HEADER_VALUE + " " + new String(Base64.encodeBase64( jwtClient.getJwtToken(username).getBytes())); - List
list = new ArrayList
(); + List
list = new ArrayList<>(); Header httpHeader = new Header(); httpHeader.setName(AUTHORIZATION_HEADER); httpHeader.setValue(authValue); @@ -349,45 +371,37 @@ public class DeviceTypePublisherAdminServiceImpl implements DeviceTypePublisherA eventReciverOptions.setProperty(HTTPConstants.HTTP_HEADERS, list); eventReciverOptions.setProperty(HTTPConstants.CUSTOM_PROTOCOL_HANDLER , new Protocol(DEFAULT_HTTP_PROTOCOL - , (ProtocolSocketFactory) new SSLProtocolSocketFactory(sslContext) - , Integer.parseInt(Utils.replaceSystemProperty(DAS_PORT)))); + , (ProtocolSocketFactory) new SSLProtocolSocketFactory(sslContext) + , Integer.parseInt(Utils.replaceSystemProperty(DAS_PORT)))); eventStreamAdminServiceStub._getServiceClient().setOptions(eventReciverOptions); - - List streamList = getStreamsList(deviceType); for (String streamContent:streamList) { JSONParser jsonParser = new JSONParser(); JSONObject steamJson = (JSONObject)jsonParser.parse(streamContent); String name = (String) steamJson.get("name"); String version = (String) steamJson.get("version"); String streamId = name +":"+version; - if(eventStreamAdminServiceStub.getStreamDefinitionAsString(streamId)==null) { - + if (eventStreamAdminServiceStub.getStreamDefinitionDto(streamId) == null) { + log.error("its not there"); eventStreamAdminServiceStub.addEventStreamDefinitionAsString(streamContent); + } else { + log.error("its there"); } } - - } catch (AxisFault e) { - log.error("publishing dynamic event receiver is failed due to " + e.getMessage(), e); - } catch (RemoteException e) { - log.error("publishing dynamic event receiver is failed due to " + e.getMessage(), e); - } catch (IOException e) { - log.error("publishing dynamic event receiver is failed due to " + e.getMessage(), e); - } catch (JWTClientException e) { - log.error("publishing dynamic event receiver is failed due to " + e.getMessage(), e); - } catch (UserStoreException e) { - log.error("publishing dynamic event receiver is failed due to " + e.getMessage(), e); } catch (ParseException e) { - log.error("publishing dynamic event receiver is failed due to " + e.getMessage(), e); + e.printStackTrace(); } finally { + cleanup(eventStreamAdminServiceStub); PrivilegedCarbonContext.endTenantFlow(); } } private List getReceiversList(String deviceType) throws IOException { - File directory = new File(CAR_FILE_LOCATION + File.separator + deviceType+File.separator+"receiver"); + if (!directory.exists()) { + return null; + } File[] receiverFiles = directory.listFiles(new FilenameFilter() { @Override public boolean accept(File dir, String name) { @@ -396,8 +410,8 @@ public class DeviceTypePublisherAdminServiceImpl implements DeviceTypePublisherA }); List receiverList = new ArrayList<>(); for (File receiverFile:receiverFiles) { - String receiverContent =new String(Files.readAllBytes(receiverFile.toPath())); - receiverContent.replaceAll(TENANT_DOMAIN_PROPERTY,tenantDomain.toLowerCase()); + String receiverContentTemplate =new String(Files.readAllBytes(receiverFile.toPath())); + final String receiverContent = receiverContentTemplate.replaceAll(TENANT_DOMAIN_PROPERTY, tenantDomain.toLowerCase()); receiverList.add(receiverContent); } @@ -405,8 +419,10 @@ public class DeviceTypePublisherAdminServiceImpl implements DeviceTypePublisherA } private List getStreamsList(String deviceType) throws IOException { - File directory = new File(CAR_FILE_LOCATION + File.separator + deviceType+File.separator+"streams"); + if (!directory.exists()) { + return null; + } File[] receiverFiles = directory.listFiles(new FilenameFilter() { @Override public boolean accept(File dir, String name) { @@ -415,11 +431,9 @@ public class DeviceTypePublisherAdminServiceImpl implements DeviceTypePublisherA }); List streamList = new ArrayList<>(); for (File StreamFile:receiverFiles) { - String receiverContent =new String(Files.readAllBytes(StreamFile.toPath())); - receiverContent.replaceAll(TENANT_DOMAIN_PROPERTY,tenantDomain.toLowerCase()); - streamList.add(receiverContent); + String streamContent =new String(Files.readAllBytes(StreamFile.toPath())); + streamList.add(streamContent); } - return streamList; } @@ -507,6 +521,15 @@ public class DeviceTypePublisherAdminServiceImpl implements DeviceTypePublisherA SSLContext.setDefault(sslContext); } + private void cleanup(Stub stub) { + if (stub != null) { + try { + stub.cleanup(); + } catch (AxisFault axisFault) { + //do nothing + } + } + } }