Merge pull request #403 from GPrathap/IoTS-1.0.0

adding mb mqtt authorization extension
revert-dabc3590
Chatura Dilan 8 years ago committed by GitHub
commit 1f4cda26e9

@ -48,7 +48,7 @@ import java.util.Properties;
public class AndroidSenseServiceImpl implements AndroidSenseService {
private static Log log = LogFactory.getLog(AndroidSenseServiceImpl.class);
private static String DEFAULT_MQTT_ENDPOINT = "tcp://localhost:1883";
private static String DEFAULT_MQTT_ENDPOINT = "tcp://localhost:1886";
@Path("device/{deviceId}/words")
@POST

@ -40,6 +40,6 @@ public class AndroidSenseConstants {
public static final String HOST_NAME = "HostName";
public static final String LOCALHOST = "localhost";
public static final String CONFIG_TYPE = "general";
public static final String DEFAULT_ENDPOINT = "tcp://localhost:1883";
public static final String DEFAULT_ENDPOINT = "tcp://localhost:1886";
}

@ -64,7 +64,7 @@ public class ZipUtil {
private static final String HTTPS_PROTOCOL_APPENDER = "https://";
private static final String HTTP_PROTOCOL_APPENDER = "http://";
private static final String CONFIG_TYPE = "general";
private static final String DEFAULT_MQTT_ENDPOINT = "tcp://localhost:1883";
private static final String DEFAULT_MQTT_ENDPOINT = "tcp://localhost:1886";
public ZipArchive createZipFile(String owner, String tenantDomain, String deviceType,
String deviceId, String deviceName, String token,

@ -67,7 +67,7 @@ public class ZipUtil {
private static final String HTTPS_PROTOCOL_APPENDER = "https://";
private static final String HTTP_PROTOCOL_APPENDER = "http://";
private static final String CONFIG_TYPE = "general";
private static final String DEFAULT_MQTT_ENDPOINT = "tcp://localhost:1883";
private static final String DEFAULT_MQTT_ENDPOINT = "tcp://localhost:1886";
public static final String HOST_NAME = "HostName";
public ZipArchive createZipFile(String owner, String deviceType, String deviceId, String deviceName,

@ -46,7 +46,7 @@ public class VirtualFireAlarmConstants {
public static final String CARBON_CONFIG_PORT_OFFSET = "Ports.Offset";
public static final String DEFAULT_CARBON_LOCAL_IP_PROPERTY = "carbon.local.ip";
public static final int CARBON_DEFAULT_PORT_OFFSET = 0;
public static final int DEFAULT_MQTT_PORT = 1883;
public static final int DEFAULT_MQTT_PORT = 1886;
//xmpp transport related constants
public static final String XMPP_ADAPTER_NAME = "virtual_firealarm_xmpp";

@ -27,7 +27,7 @@ public class PropertyUtils {
private static final String CARBON_CONFIG_PORT_OFFSET = "Ports.Offset";
private static final String DEFAULT_CARBON_LOCAL_IP_PROPERTY = "carbon.local.ip";
private static final int CARBON_DEFAULT_PORT_OFFSET = 0;
private static final int DEFAULT_MQTT_PORT = 1883;
private static final int DEFAULT_MQTT_PORT = 1886;
//This method is only used if the mb features are within DAS.
public static String replaceMqttProperty (String urlWithPlaceholders) {

@ -29,7 +29,7 @@ dcrUrl=dcrUrl
dcrUrl.hint=dynamic client registration endpoint URL to create application (if required) eg: https://localhost:9443/dynamic-client-web/register
contentValidator=contentValidation
contentValidator.hint=Class Name of the content Validation or 'default' to set default class, required to implement (if required)
url.hint=MQTT broker url tcp://localhost:1883
url.hint=MQTT broker url tcp://localhost:1886
cleanSession=Clean Session
cleanSession.hint=Persist topic subscriptions and ack positions across client sessions
keepAlive=Keep Alive (In seconds)

@ -0,0 +1,109 @@
<?xml version="1.0" encoding="utf-8"?>
<!--
~ Copyright (c) 2005-2014, WSO2 Inc. (http://www.wso2.org) All Rights Reserved.
~
~ WSO2 Inc. licenses this file to you under the Apache License,
~ Version 2.0 (the "License"); you may not use this file except
~ in compliance with the License.
~ You may obtain a copy of the License at
~
~ http://www.apache.org/licenses/LICENSE-2.0
~
~ Unless required by applicable law or agreed to in writing,
~ software distributed under the License is distributed on an
~ "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
~ KIND, either express or implied. See the License for the
~ specific language governing permissions and limitations
~ under the License.
-->
<project xmlns="http://maven.apache.org/POM/4.0.0" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
xsi:schemaLocation="http://maven.apache.org/POM/4.0.0 http://maven.apache.org/maven-v4_0_0.xsd">
<parent>
<groupId>org.wso2.carbon.devicemgt-plugins</groupId>
<artifactId>mb-extensions</artifactId>
<version>2.2.6-SNAPSHOT</version>
<relativePath>../pom.xml</relativePath>
</parent>
<modelVersion>4.0.0</modelVersion>
<artifactId>org.wso2.carbon.andes.extensions.device.mgt.mqtt.authorization</artifactId>
<packaging>bundle</packaging>
<name>WSO2 Carbon - Component - MQTT - Authorization Manager</name>
<description>MQTT authorization manager based on Carbon device manager</description>
<url>http://wso2.org</url>
<dependencies>
<dependency>
<groupId>org.wso2.carbon</groupId>
<artifactId>org.wso2.carbon.utils</artifactId>
</dependency>
<dependency>
<groupId>org.wso2.carbon</groupId>
<artifactId>org.wso2.carbon.core</artifactId>
</dependency>
<dependency>
<groupId>org.wso2.andes.wso2</groupId>
<artifactId>andes</artifactId>
</dependency>
<dependency>
<groupId>org.wso2.carbon</groupId>
<artifactId>org.wso2.carbon.user.api</artifactId>
</dependency>
<dependency>
<groupId>org.wso2.carbon</groupId>
<artifactId>org.wso2.carbon.user.core</artifactId>
</dependency>
<dependency>
<groupId>commons-lang</groupId>
<artifactId>commons-lang</artifactId>
</dependency>
</dependencies>
<build>
<plugins>
<plugin>
<groupId>org.apache.felix</groupId>
<artifactId>maven-scr-plugin</artifactId>
</plugin>
<plugin>
<groupId>org.apache.felix</groupId>
<artifactId>maven-bundle-plugin</artifactId>
<extensions>true</extensions>
<configuration>
<instructions>
<Bundle-SymbolicName>${project.artifactId}</Bundle-SymbolicName>
<Bundle-Name>${project.artifactId}</Bundle-Name>
<Private-Package>
org.wso2.carbon.andes.extensions.device.mgt.mqtt.authorization.internal
</Private-Package>
<Export-Package>
!org.wso2.carbon.andes.extensions.device.mgt.mqtt.authorization.internal,
org.wso2.carbon.andes.extensions.device.mgt.mqtt.authorization.*
</Export-Package>
<Import-Package>
org.apache.log4j,
org.dna.mqtt.moquette.server,
org.wso2.andes.configuration.enums,
org.wso2.andes.mqtt,
org.wso2.carbon.context,
org.jaxen,
org.apache.axiom.*,
org.wso2.securevault,
org.apache.commons.*,
org.osgi.service.component,
org.wso2.carbon.user.core.service,
org.wso2.carbon.user.core.tenant,
org.wso2.carbon.user.api,
*;resolution:=optional
</Import-Package>
<DynamicImport-Package>*</DynamicImport-Package>
</instructions>
</configuration>
</plugin>
</plugins>
</build>
</project>

@ -0,0 +1,125 @@
/*
* Copyright (c) 2016, WSO2 Inc. (http://www.wso2.org) All Rights Reserved.
*
* WSO2 Inc. licenses this file to you under the Apache License,
* Version 2.0 (the "License"); you may not use this file except
* in compliance with the License.
* You may obtain a copy of the License at
*
* http://www.apache.org/licenses/LICENSE-2.0
*
* Unless required by applicable law or agreed to in writing,
* software distributed under the License is distributed on an
* "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
* KIND, either express or implied. See the License for the
* specific language governing permissions and limitations
* under the License.
*/
package org.wso2.carbon.andes.extensions.device.mgt.mqtt.authorization;
import org.apache.commons.logging.Log;
import org.apache.commons.logging.LogFactory;
import org.dna.mqtt.moquette.server.IAuthorizer;
import org.wso2.andes.configuration.enums.MQTTAuthoriztionPermissionLevel;
import org.wso2.andes.mqtt.MQTTAuthorizationSubject;
import org.wso2.carbon.andes.extensions.device.mgt.mqtt.authorization.config.AuthorizationConfigurationManager;
import org.wso2.carbon.andes.extensions.device.mgt.mqtt.authorization.internal.AuthorizationDataHolder;
import org.wso2.carbon.context.PrivilegedCarbonContext;
import org.wso2.carbon.user.api.UserRealm;
import org.wso2.carbon.user.api.UserStoreException;
import java.util.List;
/**
* Authorize the connecting users against Carbon Permission Model. Intended usage is
* via providing fully qualified class name in broker.xml
* <p/>
* This is just a simple authorization model. For dynamic topics use an implementation based on IAuthorizer
*/
public class DeviceAccessBasedMQTTAuthorizer implements IAuthorizer {
private static final String SCOPE_IDENTIFIER = "scope";
private static final String UI_EXECUTE = "ui.execute";
private static Log logger = LogFactory.getLog(DeviceAccessBasedMQTTAuthorizer.class);
AuthorizationConfigurationManager MQTTAuthorizationConfiguration;
public DeviceAccessBasedMQTTAuthorizer() {
this.MQTTAuthorizationConfiguration = AuthorizationConfigurationManager.getInstance();
}
/**
* {@inheritDoc} Authorize the user against carbon device mgt model.
*/
@Override
public boolean isAuthorizedForTopic(MQTTAuthorizationSubject authorizationSubject, String topic,
MQTTAuthoriztionPermissionLevel permissionLevel) {
if (isUserAuthorized(authorizationSubject, MQTTAuthorizationConfiguration.getAdminPermission(), UI_EXECUTE)) {
return true;
}
String topics[] = topic.split("/");
if (topics.length < 3) {
return false;
}
String tenantIdFromTopic = topics[0];
if (!tenantIdFromTopic.equals(authorizationSubject.getTenantDomain())) {
return false;
}
String deviceType = topics[1];
String deviceId = topics[2];
Object scopeObject = authorizationSubject.getProperties().get(SCOPE_IDENTIFIER);
if (!deviceId.isEmpty() && !deviceType.isEmpty() && scopeObject != null) {
List<String> scopes = (List<String>) scopeObject;
String permissionScope = MQTTAuthorizationConfiguration.getMQTTPublisherScopeIdentifier();
if (permissionLevel == MQTTAuthoriztionPermissionLevel.SUBSCRIBE) {
permissionScope = MQTTAuthorizationConfiguration.getMQTTSubscriberScopeIdentifier();
}
String requiredScope = MQTTAuthorizationConfiguration.getDevicemgtScopeIdentifier() + ":" + deviceType + ":"
+ deviceId + ":" + permissionScope;
for (String scope : scopes) {
if (requiredScope.equals(scope)) {
return true;
}
}
}
return false;
}
/**
* {@inheritDoc} Authorized the user against carbon device mgt model.
*/
@Override
public boolean isAuthorizedToConnect(MQTTAuthorizationSubject authorizationSubject) {
return isUserAuthorized(authorizationSubject, MQTTAuthorizationConfiguration.getConnectionPermission()
, UI_EXECUTE);
}
/**
* Check whether the client is authorized with the given permission and action.
*
* @param authorizationSubject this contains the client information
* @param permission Carbon permission that requires for the use
* @param action Carbon permission action that requires for the given permission.
* @return boolean - true if user is authorized else return false.
*/
private boolean isUserAuthorized(MQTTAuthorizationSubject authorizationSubject, String permission, String action) {
String username = authorizationSubject.getUsername();
try {
PrivilegedCarbonContext.startTenantFlow();
PrivilegedCarbonContext.getThreadLocalCarbonContext().setTenantDomain(
authorizationSubject.getTenantDomain(), true);
int tenantId = PrivilegedCarbonContext.getThreadLocalCarbonContext().getTenantId();
UserRealm userRealm = AuthorizationDataHolder.getInstance().getRealmService()
.getTenantUserRealm(tenantId);
return userRealm != null && userRealm.getAuthorizationManager() != null &&
userRealm.getAuthorizationManager().isUserAuthorized(username, permission, action);
} catch (UserStoreException e) {
String errorMsg = String.format("Unable to authorize the user : %s", username);
logger.error(errorMsg, e);
return false;
} finally {
PrivilegedCarbonContext.endTenantFlow();
}
}
}

@ -0,0 +1,246 @@
/*
* Copyright (c) 2016, WSO2 Inc. (http://www.wso2.org) All Rights Reserved.
*
* WSO2 Inc. licenses this file to you under the Apache License,
* Version 2.0 (the "License"); you may not use this file except
* in compliance with the License.
* You may obtain a copy of the License at
*
* http://www.apache.org/licenses/LICENSE-2.0
*
* Unless required by applicable law or agreed to in writing,
* software distributed under the License is distributed on an
* "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
* KIND, either express or implied. See the License for the
* specific language governing permissions and limitations
* under the License.
*/
package org.wso2.carbon.andes.extensions.device.mgt.mqtt.authorization.config;
import org.apache.axiom.om.OMElement;
import org.apache.axiom.om.impl.builder.StAXOMBuilder;
import org.apache.axiom.om.xpath.AXIOMXPath;
import org.apache.commons.configuration.CompositeConfiguration;
import org.apache.commons.configuration.ConfigurationException;
import org.apache.commons.configuration.XMLConfiguration;
import org.apache.commons.configuration.tree.xpath.XPathExpressionEngine;
import org.apache.commons.lang.StringUtils;
import org.apache.commons.logging.Log;
import org.apache.commons.logging.LogFactory;
import org.jaxen.JaxenException;
import org.wso2.carbon.andes.extensions.device.mgt.mqtt.authorization.exception.AuthorizationException;
import org.wso2.carbon.utils.ServerConstants;
import org.wso2.securevault.SecretResolver;
import org.wso2.securevault.SecretResolverFactory;
import javax.xml.namespace.QName;
import javax.xml.stream.XMLStreamException;
import java.io.File;
import java.io.FileInputStream;
import java.io.FileNotFoundException;
import java.lang.reflect.InvocationTargetException;
import java.text.MessageFormat;
import java.util.ArrayList;
import java.util.Arrays;
import java.util.Iterator;
import java.util.List;
import java.util.concurrent.ConcurrentHashMap;
/**
* This class acts as a access point to retrieve config parameters used within the authorization.
* this configuration is read from broker.xml
*/
public class AuthorizationConfiguration {
/**
* Reserved Prefixes that activate different processing logic.
*/
private static final String LIST_TYPE = "LIST_";
private static final QName SECURE_VAULT_QNAME = new QName("http://org.wso2.securevault/configuration"
, "secretAlias");
/**
* Common Error states
*/
private static final String GENERIC_CONFIGURATION_PARSE_ERROR = "Error occurred when trying to parse " +
"configuration value {0}.";
private static final String NO_CHILD_FOR_KEY_IN_PROPERTY = "There was no child at the given key {0} for the " +
"parent property {1}.";
private static final String PROPERTY_NOT_A_LIST = "The input property {0} does not contain a list of child " +
"properties.";
/**
* location to broker.xml
*/
private static final String ROOT_CONFIG_FILE_PATH = System.getProperty(ServerConstants.CARBON_HOME)
+ "/repository/conf/";
/**
* File name of the main configuration file.
*/
private static final String ROOT_CONFIG_FILE_NAME = "broker.xml";
private static Log log = LogFactory.getLog(AuthorizationConfigurationManager.class);
private static CompositeConfiguration compositeConfiguration;
/**
* This hashmap is used to maintain any properties that were read from broker.xml
*/
private static ConcurrentHashMap<String, String> propertyList;
public static void initialize() throws AuthorizationException {
String brokerConfigFilePath = ROOT_CONFIG_FILE_PATH + ROOT_CONFIG_FILE_NAME;
if (log.isDebugEnabled()) {
log.debug("Configuration located at : " + brokerConfigFilePath);
}
try {
compositeConfiguration = new CompositeConfiguration();
compositeConfiguration.setDelimiterParsingDisabled(true);
XMLConfiguration rootConfiguration = new XMLConfiguration();
rootConfiguration.setDelimiterParsingDisabled(true);
rootConfiguration.setFileName(brokerConfigFilePath);
rootConfiguration.setExpressionEngine(new XPathExpressionEngine());
rootConfiguration.load();
readConfigurationFromFile(brokerConfigFilePath);
compositeConfiguration.addConfiguration(rootConfiguration);
} catch (FileNotFoundException e) {
String error = "Error occurred when trying to read the configuration file : " + brokerConfigFilePath;
log.error(error, e);
throw new AuthorizationException(error, e);
} catch (JaxenException e) {
String error = "Error occurred when trying to process file : " + brokerConfigFilePath;
log.error(error, e);
throw new AuthorizationException(error, e);
} catch (XMLStreamException e) {
String error = "Error occurred when trying to process file : " + brokerConfigFilePath;
log.error(error, e);
throw new AuthorizationException(error, e);
} catch (ConfigurationException e) {
String error = "Error occurred when trying to process file :" + brokerConfigFilePath;
log.error(error, e);
throw new AuthorizationException(error, e);
}
}
private static void readConfigurationFromFile(String filePath) throws FileNotFoundException, JaxenException
, XMLStreamException {
propertyList = new ConcurrentHashMap();
StAXOMBuilder stAXOMBuilder = new StAXOMBuilder(new FileInputStream(new File(filePath)));
OMElement dom = stAXOMBuilder.getDocumentElement();
SecretResolver secretResolver = SecretResolverFactory.create(dom, false);
AXIOMXPath xpathExpression = new AXIOMXPath("//*[@*[local-name() = \'secretAlias\']]");
List nodeList = xpathExpression.selectNodes(dom);
String propertyKey;
String propertyValue;
for (Iterator i$ = nodeList.iterator(); i$.hasNext(); propertyList.put(propertyKey, propertyValue)) {
Object o = i$.next();
propertyKey = ((OMElement) o).getAttributeValue(SECURE_VAULT_QNAME);
propertyValue = "";
if (secretResolver != null && secretResolver.isInitialized()) {
if (secretResolver.isTokenProtected(propertyKey)) {
propertyValue = secretResolver.resolve(propertyKey);
}
} else {
log.warn("Error while reading properties form file");
}
}
}
/**
* Using this method, you can access a singular property of a child.
* example,
* <authorizer class="org.wso2.carbon.andes.extensions.device.mgt.mqtt.authorization.
* DeviceAccessBasedMQTTAuthorizer">
* <property name="connectionPermission">/permission/admin/device-mgt/user</property>
* <property name="adminPermission">/permission/admin/device-mgt/admin</property>
* <property name="MQTTSubscriberScopeIdentifier">mqtt-subscriber</property>
* <property name="MQTTPublisherScopeIdentifier">mqtt-subscriber</property>
* <property name="devicemgtScopeIdentifier">device-mgt</property>
* </authorizer> scenario.
*
* @param configurationProperty relevant enum value (e.g.- above scenario -> org.wso2.carbon.andes.extensions
* .device.mgt.mqtt.authorization.config.TRANSPORT_MQTT_AUTHORIZATION_PROPERTIES)
* @param key key of the child of whom you seek the value (e.g. above scenario -> "property list")
*/
static <T> T readValueOfChildByKey(MQTTConfiguration configurationProperty, String key) {
String constructedKey = configurationProperty.get().getKeyInFile().replace("{key}",
key);
try {
return (T) deriveValidConfigurationValue(constructedKey,
configurationProperty.get().getDataType(),
configurationProperty.get().getDefaultValue());
} catch (ConfigurationException e) {
log.error(MessageFormat.format(NO_CHILD_FOR_KEY_IN_PROPERTY, key, configurationProperty), e);
return null;
}
}
/**
* Use this method when you need to acquire a list of properties of same group.
*
* @param configurationProperty relevant enum value (e.g.- org.wso2.carbon.andes.extensions
* .device.mgt.mqtt.authorization.config.LIST_TRANSPORT_MQTT_AUTHORIZATION_PROPERTIES)
* @return String list of required property values
*/
static List<String> readValueList(MQTTConfiguration configurationProperty) {
if (configurationProperty.toString().startsWith(LIST_TYPE)) {
return Arrays.asList(compositeConfiguration.getStringArray(configurationProperty.get().getKeyInFile()));
} else {
log.error(MessageFormat.format(PROPERTY_NOT_A_LIST, configurationProperty));
return new ArrayList<>();
}
}
/**
* Given the data type and the value read from a config, this returns the parsed value
* of the property.
*
* @param key The Key to the property being read (n xpath format as contained in file.)
* @param dataType Expected data type of the property
* @param defaultValue This parameter should NEVER be null since we assign a default value to
* every config property.
* @param <T> Expected data type of the property
* @return Value of config in the expected data type.
* @throws ConfigurationException if there are any configuration issues
*/
private static <T> T deriveValidConfigurationValue(String key, Class<T> dataType,
String defaultValue) throws ConfigurationException {
if (log.isDebugEnabled()) {
log.debug("Reading configuration value " + key);
}
String readValue = compositeConfiguration.getString(key);
String validValue = defaultValue;
if (StringUtils.isBlank(readValue)) {
log.warn("Error when trying to read property : " + key + ". Switching to " + "default value : " +
defaultValue);
} else {
validValue = overrideWithDecryptedValue(key, readValue);
}
if (log.isDebugEnabled()) {
log.debug("Valid value read for andes configuration property " + key + " is : " + validValue);
}
try {
return dataType.getConstructor(String.class).newInstance(validValue);
} catch (NoSuchMethodException | IllegalAccessException | InvocationTargetException | InstantiationException e) {
throw new ConfigurationException(MessageFormat.format(GENERIC_CONFIGURATION_PARSE_ERROR, key), e);
}
}
/**
* If the property is contained in the propertyList, replace the raw value with that value.
*
* @param keyInFile xpath expression used to extract the value from file.
* @param rawValue The value read from the file without any processing.
* @return the value with corresponding to actual value.
*/
private static String overrideWithDecryptedValue(String keyInFile, String rawValue) {
if (!StringUtils.isBlank(keyInFile)) {
String key = keyInFile.replaceAll("/", ".");
if (propertyList.containsKey(key)) {
return propertyList.get(key);
}
}
return rawValue;
}
}

@ -0,0 +1,140 @@
/*
* Copyright (c) 2016, WSO2 Inc. (http://www.wso2.org) All Rights Reserved.
*
* WSO2 Inc. licenses this file to you under the Apache License,
* Version 2.0 (the "License"); you may not use this file except
* in compliance with the License.
* You may obtain a copy of the License at
*
* http://www.apache.org/licenses/LICENSE-2.0
*
* Unless required by applicable law or agreed to in writing,
* software distributed under the License is distributed on an
* "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
* KIND, either express or implied. See the License for the
* specific language governing permissions and limitations
* under the License.
*/
package org.wso2.carbon.andes.extensions.device.mgt.mqtt.authorization.config;
import org.apache.commons.logging.Log;
import org.apache.commons.logging.LogFactory;
import java.util.List;
public class AuthorizationConfigurationManager {
private static final String CONNECTION_PERMISSION = "connectionPermission";
private static final String ADMIN_PERMISSION = "adminPermission";
private static final String MQTT_PUBLISHER_SCOPE_IDENTIFIER = "MQTTPublisherScopeIdentifier";
private static final String MQTT_SUBSCRIBER_SCOPE_IDENTIFIER = "MQTTSubscriberScopeIdentifier";
private static final String DEVICE_MGT_SCOPE_IDENTIFIER = "devicemgtScopeIdentifier";
private static final AuthorizationConfigurationManager oAuthConfigurationManager
= new AuthorizationConfigurationManager();
private static Log logger = LogFactory.getLog(AuthorizationConfigurationManager.class);
private String connectionPermission;
private String adminPermission;
private String MQTTPublisherScopeIdentifier;
private String MQTTSubscriberScopeIdentifier;
private String devicemgtScopeIdentifier;
private AuthorizationConfigurationManager() {
}
public static AuthorizationConfigurationManager getInstance() {
return oAuthConfigurationManager;
}
public String getConnectionPermission() {
return connectionPermission;
}
public void setConnectionPermission(String connectionPermission) {
if (connectionPermission != null) {
this.connectionPermission = connectionPermission;
} else {
logger.error("Connection permission can't be null ");
}
}
public String getAdminPermission() {
return adminPermission;
}
public void setAdminPermission(String adminPermission) {
if (adminPermission != null) {
this.adminPermission = adminPermission;
} else {
logger.error("admin permission can't be null ");
}
}
public String getMQTTPublisherScopeIdentifier() {
return MQTTPublisherScopeIdentifier;
}
public void setMQTTPublisherScopeIdentifier(String MQTTPublisherScopeIdentifier) {
if (MQTTPublisherScopeIdentifier != null) {
this.MQTTPublisherScopeIdentifier = MQTTPublisherScopeIdentifier;
} else {
logger.error("MQTT publisher scope identifier can't be null ");
}
}
public String getMQTTSubscriberScopeIdentifier() {
return MQTTSubscriberScopeIdentifier;
}
public void setMQTTSubscriberScopeIdentifier(String MQTTSubscriberScopeIdentifier) {
if (MQTTSubscriberScopeIdentifier != null) {
this.MQTTSubscriberScopeIdentifier = MQTTSubscriberScopeIdentifier;
} else {
logger.error("MQTT subscriber scope identifier can't be null ");
}
}
public String getDevicemgtScopeIdentifier() {
return devicemgtScopeIdentifier;
}
public void setDevicemgtScopeIdentifier(String devicemgtScopeIdentifier) {
if (devicemgtScopeIdentifier != null) {
this.devicemgtScopeIdentifier = devicemgtScopeIdentifier;
} else {
logger.error("Device management scope identifier can't be null ");
}
}
/**
* Initialize the configuration properties that required for MQTT Authorization
*/
public synchronized void initConfig() {
List<String> mqttTransportAuthorizationProperties = AuthorizationConfiguration.readValueList(MQTTConfiguration
.LIST_TRANSPORT_MQTT_AUTHORIZATION_PROPERTIES);
for (String property : mqttTransportAuthorizationProperties) {
String propertyValue = AuthorizationConfiguration.readValueOfChildByKey(
MQTTConfiguration.TRANSPORT_MQTT_AUTHORIZATION_PROPERTIES, property);
switch (property) {
case CONNECTION_PERMISSION:
setConnectionPermission(propertyValue);
break;
case ADMIN_PERMISSION:
setAdminPermission(propertyValue);
break;
case MQTT_PUBLISHER_SCOPE_IDENTIFIER:
setMQTTPublisherScopeIdentifier(propertyValue);
break;
case MQTT_SUBSCRIBER_SCOPE_IDENTIFIER:
setMQTTSubscriberScopeIdentifier(propertyValue);
break;
case DEVICE_MGT_SCOPE_IDENTIFIER:
setDevicemgtScopeIdentifier(propertyValue);
break;
default:
break;
}
}
}
}

@ -0,0 +1,62 @@
/*
* Copyright (c) 2016, WSO2 Inc. (http://www.wso2.org) All Rights Reserved.
*
* WSO2 Inc. licenses this file to you under the Apache License,
* Version 2.0 (the "License"); you may not use this file except
* in compliance with the License.
* You may obtain a copy of the License at
*
* http://www.apache.org/licenses/LICENSE-2.0
*
* Unless required by applicable law or agreed to in writing,
* software distributed under the License is distributed on an
* "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
* KIND, either express or implied. See the License for the
* specific language governing permissions and limitations
* under the License.
*/
package org.wso2.carbon.andes.extensions.device.mgt.mqtt.authorization.config;
import org.wso2.carbon.andes.extensions.device.mgt.mqtt.authorization.util.ImmutableMetaProperties;
import org.wso2.carbon.andes.extensions.device.mgt.mqtt.authorization.util.MetaProperties;
import java.util.List;
public enum MQTTConfiguration {
/**
* List of properties that can define how the server will authenticate the user with the authentication service.
*/
LIST_TRANSPORT_MQTT_AUTHORIZATION_PROPERTIES("transports/mqtt/security/authorizer/property/@name", "", List.class),
/**
* This can be used to access a property by giving its key. e.g. hosturl
*/
TRANSPORT_MQTT_AUTHORIZATION_PROPERTIES("transports/mqtt/security/authorizer/property[@name = '{key}']", ""
, String.class);
/**
* Meta data about configuration.
*/
private final MetaProperties metaProperties;
/**
* Constructor to define a configuration in broker.
*
* @param keyInFile Xpath (or any key value) which can be used to identify the configuration in the file.
* @param defaultValue the default value
* @param dataType data type of the config ( e.g. boolean, string )
*/
MQTTConfiguration(String keyInFile, String defaultValue, Class<?> dataType) {
// We need to pass the enum name as the identifier : therefore this.name()
this.metaProperties = new ImmutableMetaProperties(this.name(), keyInFile, defaultValue, dataType);
}
public MetaProperties get() {
return metaProperties;
}
}

@ -0,0 +1,84 @@
/*
* Copyright (c) 2016, WSO2 Inc. (http://www.wso2.org) All Rights Reserved.
*
* WSO2 Inc. licenses this file to you under the Apache License,
* Version 2.0 (the "License"); you may not use this file except
* in compliance with the License.
* You may obtain a copy of the License at
*
* http://www.apache.org/licenses/LICENSE-2.0
*
* Unless required by applicable law or agreed to in writing,
* software distributed under the License is distributed on an
* "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
* KIND, either express or implied. See the License for the
* specific language governing permissions and limitations
* under the License.
*/
package org.wso2.carbon.andes.extensions.device.mgt.mqtt.authorization.exception;
public class AuthorizationException extends Exception {
/**
* Default Serialization UID
*/
private static final long serialVersionUID = 1L;
/**
* error code for our custom exception type to identify specific scenarios and handle them properly.
*/
private String errorCode = "";
public AuthorizationException() {
}
public AuthorizationException(String message) {
super(message);
}
/***
* Constructor
* @param message descriptive message
* @param errorCode one of the above defined constants that classifies the error.
*/
public AuthorizationException(String message, String errorCode) {
super(message);
this.errorCode = errorCode;
}
/***
* Constructor
* @param message descriptive message
* @param cause reference to the exception for reference.
*/
public AuthorizationException(String message, Throwable cause) {
super(message, cause);
}
/***
* Constructor
* @param message descriptive message
* @param errorCode one of the above defined constants that classifies the error.
* @param cause reference to the exception for reference.
*/
public AuthorizationException(String message, String errorCode, Throwable cause) {
super(message, cause);
this.errorCode = errorCode;
}
/***
* Constructor
* @param cause reference to the exception for reference.
*/
public AuthorizationException(Throwable cause) {
super(cause);
}
/***
* One of the above defined constants that classifies the error. e.g.- MESSAGE_CONTENT_OBSOLETE
* @return
*/
public String getErrorCode() {
return errorCode;
}
}

@ -0,0 +1,57 @@
/*
* Copyright (c) 2016, WSO2 Inc. (http://www.wso2.org) All Rights Reserved.
*
* WSO2 Inc. licenses this file to you under the Apache License,
* Version 2.0 (the "License"); you may not use this file except
* in compliance with the License.
* You may obtain a copy of the License at
*
* http://www.apache.org/licenses/LICENSE-2.0
*
* Unless required by applicable law or agreed to in writing,
* software distributed under the License is distributed on an
* "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
* KIND, either express or implied. See the License for the
* specific language governing permissions and limitations
* under the License.
*/
package org.wso2.carbon.andes.extensions.device.mgt.mqtt.authorization.internal;
import org.wso2.carbon.user.core.service.RealmService;
import org.wso2.carbon.user.core.tenant.TenantManager;
public class AuthorizationDataHolder {
private static AuthorizationDataHolder thisInstance = new AuthorizationDataHolder();
private RealmService realmService;
private TenantManager tenantManager;
private AuthorizationDataHolder() {
}
public static AuthorizationDataHolder getInstance() {
return thisInstance;
}
public RealmService getRealmService() {
return realmService;
}
public void setRealmService(RealmService realmService) {
this.realmService = realmService;
this.setTenantManager(realmService);
}
public TenantManager getTenantManager() {
return tenantManager;
}
private void setTenantManager(RealmService realmService) {
if (realmService == null) {
throw new IllegalStateException("Realm service is not initialized properly");
}
this.tenantManager = realmService.getTenantManager();
}
}

@ -0,0 +1,81 @@
/*
* Copyright (c) 2016, WSO2 Inc. (http://www.wso2.org) All Rights Reserved.
*
* WSO2 Inc. licenses this file to you under the Apache License,
* Version 2.0 (the "License"); you may not use this file except
* in compliance with the License.
* You may obtain a copy of the License at
*
* http://www.apache.org/licenses/LICENSE-2.0
*
* Unless required by applicable law or agreed to in writing,
* software distributed under the License is distributed on an
* "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
* KIND, either express or implied. See the License for the
* specific language governing permissions and limitations
* under the License.
*/
package org.wso2.carbon.andes.extensions.device.mgt.mqtt.authorization.internal;
import org.apache.commons.logging.Log;
import org.apache.commons.logging.LogFactory;
import org.osgi.service.component.ComponentContext;
import org.wso2.carbon.andes.extensions.device.mgt.mqtt.authorization.config.AuthorizationConfiguration;
import org.wso2.carbon.andes.extensions.device.mgt.mqtt.authorization.config.AuthorizationConfigurationManager;
import org.wso2.carbon.user.core.service.RealmService;
/**
* @scr.component name="org.wso2.carbon.devicemgt.policy.manager" immediate="true"
* @scr.reference name="user.realmservice.default"
* interface="org.wso2.carbon.user.core.service.RealmService"
* cardinality="1..1"
* policy="dynamic"
* bind="setRealmService"
* unbind="unsetRealmService"
*/
@SuppressWarnings("unused")
public class AuthorizationServiceComponent {
private static Log log = LogFactory.getLog(AuthorizationServiceComponent.class);
protected void activate(ComponentContext componentContext) {
try {
AuthorizationConfiguration.initialize();
AuthorizationConfigurationManager.getInstance().initConfig();
} catch (Throwable e) {
log.error("Failed to activate org.wso2.carbon.andes.authorization.internal." +
"AuthorizationServiceComponent : " + e);
}
}
@SuppressWarnings("unused")
protected void deactivate(ComponentContext componentContext) {
}
/**
* Sets Realm Service
*
* @param realmService An instance of RealmService
*/
protected void setRealmService(RealmService realmService) {
if (log.isDebugEnabled()) {
log.debug("Setting Realm Service");
}
AuthorizationDataHolder.getInstance().setRealmService(realmService);
}
/**
* Unsets Realm Service
*
* @param realmService An instance of RealmService
*/
protected void unsetRealmService(RealmService realmService) {
if (log.isDebugEnabled()) {
log.debug("Unsetting Realm Service");
}
AuthorizationDataHolder.getInstance().setRealmService(null);
}
}

@ -0,0 +1,86 @@
/*
* Copyright (c) 2016, WSO2 Inc. (http://www.wso2.org) All Rights Reserved.
*
* WSO2 Inc. licenses this file to you under the Apache License,
* Version 2.0 (the "License"); you may not use this file except
* in compliance with the License.
* You may obtain a copy of the License at
*
* http://www.apache.org/licenses/LICENSE-2.0
*
* Unless required by applicable law or agreed to in writing,
* software distributed under the License is distributed on an
* "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
* KIND, either express or implied. See the License for the
* specific language governing permissions and limitations
* under the License.
*/
package org.wso2.carbon.andes.extensions.device.mgt.mqtt.authorization.util;
/**
* This class contains the immutable meta attributes of a config property. These are
* immutable so that enums can contain them.
*/
public final class ImmutableMetaProperties implements MetaProperties {
private final String keyInFile;
private final String defaultValue;
private final Class<?> dataType;
private final String name;
/**
* constructor
*
* @param keyInFile xpath expression to the property in the config file
* @param defaultValue default value of property in case its not specified or found in config files.
* @param dataType expected data type of the property
*/
public ImmutableMetaProperties(String name, String keyInFile, String defaultValue, Class<?> dataType) {
this.name = name;
this.keyInFile = keyInFile;
this.defaultValue = defaultValue;
this.dataType = dataType;
}
/**
* {@inheritDoc}
*/
@Override
public String getKeyInFile() {
return keyInFile;
}
/**
* {@inheritDoc}
*/
@Override
public String getDefaultValue() {
return defaultValue;
}
/**
* {@inheritDoc}
*/
@Override
public Class<?> getDataType() {
return dataType;
}
/**
* {@inheritDoc}
*/
@Override
public String getName() {
return name;
}
/**
* {@inheritDoc}
*/
@Override
public String toString() {
return "Property : " + keyInFile + " data-type : " + dataType.getName() + " default value" +
" : " + defaultValue;
}
}

@ -0,0 +1,48 @@
/*
* Copyright (c) 2016, WSO2 Inc. (http://www.wso2.org) All Rights Reserved.
*
* WSO2 Inc. licenses this file to you under the Apache License,
* Version 2.0 (the "License"); you may not use this file except
* in compliance with the License.
* You may obtain a copy of the License at
*
* http://www.apache.org/licenses/LICENSE-2.0
*
* Unless required by applicable law or agreed to in writing,
* software distributed under the License is distributed on an
* "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
* KIND, either express or implied. See the License for the
* specific language governing permissions and limitations
* under the License.
*/
package org.wso2.carbon.andes.extensions.device.mgt.mqtt.authorization.util;
/**
* Contains methods that should be implemented to access meta properties of a config
* property.
*/
public interface MetaProperties {
/**
* @return actual key with which the property is set in relevant config file.
*/
String getKeyInFile();
/**
* @return Default value specified for the config property,
* in case it is not set in file.
*/
String getDefaultValue();
/**
* @return Datatype of the property. (There could be numeric,date or boolean values.)
*/
Class<?> getDataType();
/**
* @return Name of the property (e.g. TRANSPORTS_AMQP_DEFAULT_CONNECTION_PORT)
*/
String getName();
}

@ -0,0 +1,58 @@
<?xml version="1.0" encoding="UTF-8"?>
<!--
~ Copyright (c) 2014, WSO2 Inc. (http://www.wso2.org) All Rights Reserved.
~
~ WSO2 Inc. licenses this file to you under the Apache License,
~ Version 2.0 (the "License"); you may not use this file except
~ in compliance with the License.
~ You may obtain a copy of the License at
~
~ http://www.apache.org/licenses/LICENSE-2.0
~
~ Unless required by applicable law or agreed to in writing,
~ software distributed under the License is distributed on an
~ "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
~ KIND, either express or implied. See the License for the
~ specific language governing permissions and limitations
~ under the License.
-->
<project xmlns="http://maven.apache.org/POM/4.0.0" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xsi:schemaLocation="http://maven.apache.org/POM/4.0.0 http://maven.apache.org/xsd/maven-4.0.0.xsd">
<parent>
<groupId>org.wso2.carbon.devicemgt-plugins</groupId>
<artifactId>extensions</artifactId>
<version>2.2.6-SNAPSHOT</version>
<relativePath>../pom.xml</relativePath>
</parent>
<modelVersion>4.0.0</modelVersion>
<artifactId>mb-extensions</artifactId>
<packaging>pom</packaging>
<name>WSO2 Carbon - MB Extension</name>
<url>http://wso2.org</url>
<modules>
<module>org.wso2.carbon.andes.extensions.device.mgt.mqtt.authorization</module>
</modules>
<build>
<pluginManagement>
<plugins>
<plugin>
<groupId>org.apache.felix</groupId>
<artifactId>maven-scr-plugin</artifactId>
<version>1.7.2</version>
<executions>
<execution>
<id>generate-scr-scrdescriptor</id>
<goals>
<goal>scr</goal>
</goals>
</execution>
</executions>
</plugin>
</plugins>
</pluginManagement>
</build>
</project>

@ -35,6 +35,7 @@
<modules>
<module>appm-connector</module>
<module>cdmf-transport-adapters</module>
<module>mb-extensions</module>
</modules>
<build>

@ -57,7 +57,7 @@
<!--if file based properties is set to false then the configuration will be picked from platform configuration-->
<ConfigProperties>
<Property Name="mqtt.adapter.name">androidsense.mqtt.adapter</Property>
<Property Name="url">tcp://localhost:1883</Property>
<Property Name="url">tcp://localhost:1886</Property>
<Property Name="username">admin</Property>
<Property Name="dcrUrl">https://localhost:9443/dynamic-client-web/register</Property>
<Property Name="qos">0</Property>

@ -39,7 +39,7 @@
<!--if file based properties is set to false then the configuration will be picked from platform configuration-->
<ConfigProperties>
<Property Name="mqtt.adapter.name">raspberrypi.mqtt.adapter</Property>
<Property Name="url">tcp://localhost:1883</Property>
<Property Name="url">tcp://localhost:1886</Property>
<Property Name="username">admin</Property>
<Property Name="dcrUrl">https://localhost:9443/dynamic-client-web/register</Property>
<Property Name="qos">0</Property>

@ -23,7 +23,7 @@
<EventListenerProvider>MQTT</EventListenerProvider>
<Properties>
<Property Name="mqtt.adapter.name">virtualfirealarm.mqtt.adapter</Property>
<Property Name="url">tcp://localhost:1883</Property>
<Property Name="url">tcp://localhost:1886</Property>
<Property Name="username">admin</Property>
<Property Name="dcrUrl">https://localhost:9443/dynamic-client-web/register</Property>
<Property Name="qos">0</Property>

@ -39,7 +39,7 @@
<!--if file based properties is set to false then the configuration will be picked from platform configuration-->
<ConfigProperties>
<Property Name="mqtt.adapter.name">virtualfirealarm.mqtt.adapter</Property>
<Property Name="url">tcp://localhost:1883</Property>
<Property Name="url">tcp://localhost:1886</Property>
<Property Name="username">admin</Property>
<Property Name="dcrUrl">https://localhost:9443/dynamic-client-web/register</Property>
<Property Name="qos">0</Property>

@ -0,0 +1,79 @@
<?xml version="1.0" encoding="utf-8"?>
<!--
~ Copyright (c) 2015, WSO2 Inc. (http://www.wso2.org) All Rights Reserved.
~
~ WSO2 Inc. licenses this file to you under the Apache License,
~ Version 2.0 (the "License"); you may not use this file except
~ in compliance with the License.
~ You may obtain a copy of the License at
~
~ http://www.apache.org/licenses/LICENSE-2.0
~
~ Unless required by applicable law or agreed to in writing,
~ software distributed under the License is distributed on an
~ "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
~ KIND, either express or implied. See the License for the
~ specific language governing permissions and limitations
~ under the License.
-->
<project xmlns="http://maven.apache.org/POM/4.0.0" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xsi:schemaLocation="http://maven.apache.org/POM/4.0.0 http://maven.apache.org/maven-v4_0_0.xsd">
<parent>
<groupId>org.wso2.carbon.devicemgt-plugins</groupId>
<artifactId>extensions-feature</artifactId>
<version>2.2.6-SNAPSHOT</version>
<relativePath>../pom.xml</relativePath>
</parent>
<modelVersion>4.0.0</modelVersion>
<artifactId>org.wso2.carbon.andes.extensions.device.mgt.mqtt.authorization.feature</artifactId>
<packaging>pom</packaging>
<name>WSO2 Carbon - MQTT Authorization Feature</name>
<url>http://wso2.org</url>
<description>This feature contains the bundles required for mqtt authorization</description>
<dependencies>
<dependency>
<groupId>org.wso2.carbon.devicemgt-plugins</groupId>
<artifactId>org.wso2.carbon.andes.extensions.device.mgt.mqtt.authorization</artifactId>
</dependency>
</dependencies>
<build>
<plugins>
<plugin>
<groupId>org.wso2.maven</groupId>
<artifactId>carbon-p2-plugin</artifactId>
<version>${carbon.p2.plugin.version}</version>
<executions>
<execution>
<id>4-p2-feature-generation</id>
<phase>package</phase>
<goals>
<goal>p2-feature-gen</goal>
</goals>
<configuration>
<id>org.wso2.carbon.andes.extensions.device.mgt.mqtt.authorization</id>
<propertiesFile>../../etc/feature.properties</propertiesFile>
<adviceFile>
<properties>
<propertyDef>org.wso2.carbon.p2.category.type:server</propertyDef>
<propertyDef>org.eclipse.equinox.p2.type.group:true</propertyDef>
</properties>
</adviceFile>
<bundles>
<bundleDef>
org.wso2.carbon.devicemgt-plugins:org.wso2.carbon.andes.extensions.device.mgt.mqtt.authorization:${carbon.devicemgt.plugins.version}
</bundleDef>
</bundles>
<importFeatures>
<importFeatureDef>org.wso2.carbon.core.server:4.4.9</importFeatureDef>
</importFeatures>
</configuration>
</execution>
</executions>
</plugin>
</plugins>
</build>
</project>

@ -0,0 +1,19 @@
#
# Copyright (c) 2005-2014, WSO2 Inc. (http://www.wso2.org) All Rights Reserved.
#
# WSO2 Inc. licenses this file to you under the Apache License,
# Version 2.0 (the "License"); you may not use this file except
# in compliance with the License.
# You may obtain a copy of the License at
#
# http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing,
# software distributed under the License is distributed on an
# "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
# KIND, either express or implied. See the License for the
# specific language governing permissions and limitations
# under the License.
#
custom = true

@ -36,6 +36,7 @@
<modules>
<module>org.wso2.carbon.appmgt.mdm.osgiconnector.feature</module>
<module>org.wso2.carbon.device.mgt.adapter.feature</module>
<module>org.wso2.carbon.andes.extensions.device.mgt.mqtt.authorization.feature</module>
</modules>
</project>

@ -1139,6 +1139,22 @@
<artifactId>org.wso2.carbon.apimgt.keymgt.client</artifactId>
<version>${carbon.api.mgt.version}</version>
</dependency>
<!--MB feature -->
<dependency>
<groupId>org.wso2.andes.wso2</groupId>
<artifactId>andes</artifactId>
<version>${carbon.messaging.version}</version>
</dependency>
<dependency>
<groupId>org.wso2.carbon.devicemgt-plugins</groupId>
<artifactId>org.wso2.carbon.andes.extensions.device.mgt.mqtt.authorization</artifactId>
<version>${carbon.devicemgt.plugins.version}</version>
</dependency>
<dependency>
<groupId>commons-lang</groupId>
<artifactId>commons-lang</artifactId>
<version>${commons.lang.version}</version>
</dependency>
</dependencies>
</dependencyManagement>
@ -1245,6 +1261,7 @@
<apache-felix.version>1.0.8</apache-felix.version>
<googlecode.plist.version>1.8</googlecode.plist.version>
<jsonpath.version>0.9.1</jsonpath.version>
<commons.lang.version>2.2</commons.lang.version>
<orbit.version.commons-httpclient>3.1.0.wso2v2</orbit.version.commons-httpclient>
@ -1297,6 +1314,9 @@
<hibernate-validator.version>5.0.2.Final</hibernate-validator.version>
<javax.xml.parsers.import.pkg.version>[0.0.0,1.0.0)</javax.xml.parsers.import.pkg.version>
<!-- MB Features -->
<carbon.messaging.version>3.1.11</carbon.messaging.version>
</properties>
<scm>

Loading…
Cancel
Save