diff --git a/modules/distribution/src/assembly/bin.xml b/modules/distribution/src/assembly/bin.xml
index 7b510fdd..db7463cb 100644
--- a/modules/distribution/src/assembly/bin.xml
+++ b/modules/distribution/src/assembly/bin.xml
@@ -1344,33 +1344,17 @@
- ${pom.artifactId}-${pom.version}/repository/conf/iot
- true
- 644
-
-
-
- ${pom.artifactId}-${pom.version}/repository/conf/iot
- true
- 644
-
-
-
- ${pom.artifactId}-${pom.version}/repository/conf/iot
+ ${pom.artifactId}-${pom.version}/repository/conf/etc
true
644
- ${pom.artifactId}-${pom.version}/repository/conf/iot
+ ${pom.artifactId}-${pom.version}/repository/conf/etc
true
644
diff --git a/modules/iot-extensions/components/mb-extensions/org.wso2.carbon.andes.extensions.device.mgt.mqtt.authorization/pom.xml b/modules/iot-extensions/components/mb-extensions/org.wso2.carbon.andes.extensions.device.mgt.mqtt.authorization/pom.xml
index 02887f66..61a8ba37 100644
--- a/modules/iot-extensions/components/mb-extensions/org.wso2.carbon.andes.extensions.device.mgt.mqtt.authorization/pom.xml
+++ b/modules/iot-extensions/components/mb-extensions/org.wso2.carbon.andes.extensions.device.mgt.mqtt.authorization/pom.xml
@@ -47,12 +47,12 @@
andes
- org.wso2.carbon.devicemgt
- org.wso2.carbon.device.mgt.core
+ org.wso2.carbon
+ org.wso2.carbon.user.api
- org.wso2.carbon.devicemgt
- org.wso2.carbon.device.mgt.common
+ org.wso2.carbon
+ org.wso2.carbon.user.core
@@ -83,12 +83,11 @@
org.wso2.andes.configuration.enums,
org.wso2.andes.mqtt,
org.wso2.carbon.context,
- org.wso2.carbon.device.mgt.common,
- org.wso2.carbon.device.mgt.common.authorization,
org.apache.commons.logging,
org.osgi.service.component,
org.wso2.carbon.user.core.service,
- org.wso2.carbon.user.core.tenant
+ org.wso2.carbon.user.core.tenant,
+ org.wso2.carbon.user.api
diff --git a/modules/iot-extensions/components/mb-extensions/org.wso2.carbon.andes.extensions.device.mgt.mqtt.authorization/src/main/java/org/wso2/carbon/andes/extensions/device/mgt/mqtt/authorization/DeviceAccessBasedMQTTAuthorizer.java b/modules/iot-extensions/components/mb-extensions/org.wso2.carbon.andes.extensions.device.mgt.mqtt.authorization/src/main/java/org/wso2/carbon/andes/extensions/device/mgt/mqtt/authorization/DeviceAccessBasedMQTTAuthorizer.java
index 4afc5e1c..4fe70693 100644
--- a/modules/iot-extensions/components/mb-extensions/org.wso2.carbon.andes.extensions.device.mgt.mqtt.authorization/src/main/java/org/wso2/carbon/andes/extensions/device/mgt/mqtt/authorization/DeviceAccessBasedMQTTAuthorizer.java
+++ b/modules/iot-extensions/components/mb-extensions/org.wso2.carbon.andes.extensions.device.mgt.mqtt.authorization/src/main/java/org/wso2/carbon/andes/extensions/device/mgt/mqtt/authorization/DeviceAccessBasedMQTTAuthorizer.java
@@ -24,8 +24,10 @@ import org.wso2.andes.configuration.enums.MQTTAuthoriztionPermissionLevel;
import org.wso2.andes.mqtt.MQTTAuthorizationSubject;
import org.wso2.carbon.andes.extensions.device.mgt.mqtt.authorization.internal.AuthorizationDataHolder;
import org.wso2.carbon.context.PrivilegedCarbonContext;
-import org.wso2.carbon.device.mgt.common.DeviceIdentifier;
-import org.wso2.carbon.device.mgt.common.authorization.DeviceAccessAuthorizationException;
+import org.wso2.carbon.user.api.UserRealm;
+import org.wso2.carbon.user.api.UserStoreException;
+
+import java.util.List;
/**
* Authorize the connecting users against Carbon Permission Model. Intended usage is
@@ -35,35 +37,32 @@ import org.wso2.carbon.device.mgt.common.authorization.DeviceAccessAuthorization
*/
public class DeviceAccessBasedMQTTAuthorizer implements IAuthorizer {
private static final Logger logger = Logger.getLogger(DeviceAccessBasedMQTTAuthorizer.class);
+ private static final String CONNECTION_PERMISSION = "/permission/admin/device-mgt/user";
+ private static final String SCOPE_IDENTIFIER = "scope";
+
/**
* {@inheritDoc} Authorize the user against carbon device mgt model.
*/
@Override
public boolean isAuthorizedForTopic(MQTTAuthorizationSubject authorizationSubject, String topic,
MQTTAuthoriztionPermissionLevel permissionLevel) {
- try {
- String topics[] = topic.split("/");
- if (topics.length < 3) {
- return false;
- }
- String tenantIdFromTopic = topics[0];
- if (!tenantIdFromTopic.equals(authorizationSubject.getTenantDomain())) {
- return false;
+ String topics[] = topic.split("/");
+ if (topics.length < 3) {
+ return false;
+ }
+ String tenantIdFromTopic = topics[0];
+ if (!tenantIdFromTopic.equals(authorizationSubject.getTenantDomain())) {
+ return false;
+ }
+ String deviceTypeFromTopic = topics[1];
+ String deviceIdFromTopic = topics[2];
+ List scopes = (List) authorizationSubject.getProperties().get(SCOPE_IDENTIFIER);
+ if (scopes != null) {
+ for (String scope : scopes) {
+ //TODO : have to validate token with scopes.
}
- String deviceTypeFromTopic = topics[1];
- String deviceIdFromTopic = topics[2];
- PrivilegedCarbonContext.startTenantFlow();
- PrivilegedCarbonContext.getThreadLocalCarbonContext().setTenantDomain(
- authorizationSubject.getTenantDomain(), true);
- PrivilegedCarbonContext.getThreadLocalCarbonContext().setUsername(authorizationSubject.getUsername());
- return AuthorizationDataHolder.getInstance().getDeviceAccessAuthorizationService().isUserAuthorized(
- new DeviceIdentifier(deviceIdFromTopic, deviceTypeFromTopic));
- } catch (DeviceAccessAuthorizationException e) {
- logger.error("Failed on Device Access Authorization for user " + authorizationSubject.getUsername(), e);
- } finally {
- PrivilegedCarbonContext.endTenantFlow();
}
- return false;
+ return true;
}
/**
@@ -71,6 +70,36 @@ public class DeviceAccessBasedMQTTAuthorizer implements IAuthorizer {
*/
@Override
public boolean isAuthorizedToConnect(MQTTAuthorizationSubject authorizationSubject) {
- return true;
+ return isUserAuthorized(authorizationSubject, CONNECTION_PERMISSION, "ui.execute");
+ }
+
+ /**
+ * Check whether the client is authorized with the given permission and action.
+ *
+ * @param authorizationSubject this contains the client information
+ * @param permission Carbon permission that requires for the use
+ * @param action Carbon permission action that requires for the given permission.
+ * @return boolean - true if user is authorized else return false.
+ */
+ private boolean isUserAuthorized(MQTTAuthorizationSubject authorizationSubject, String permission, String action) {
+ String username = authorizationSubject.getUsername();
+ try {
+ PrivilegedCarbonContext.startTenantFlow();
+ PrivilegedCarbonContext.getThreadLocalCarbonContext().setTenantDomain(
+ authorizationSubject.getTenantDomain(), true);
+ int tenantId = PrivilegedCarbonContext.getThreadLocalCarbonContext().getTenantId();
+ UserRealm userRealm = AuthorizationDataHolder.getInstance().getRealmService()
+ .getTenantUserRealm(tenantId);
+ if (userRealm != null && userRealm.getAuthorizationManager() != null) {
+ return userRealm.getAuthorizationManager().isUserAuthorized(username, permission, action);
+ }
+ return false;
+ } catch (UserStoreException e) {
+ String errorMsg = String.format("Unable to authorize the user : %s", username);
+ logger.error(errorMsg, e);
+ return false;
+ } finally {
+ PrivilegedCarbonContext.endTenantFlow();
+ }
}
}
\ No newline at end of file
diff --git a/modules/iot-extensions/components/mb-extensions/org.wso2.carbon.andes.extensions.device.mgt.mqtt.authorization/src/main/java/org/wso2/carbon/andes/extensions/device/mgt/mqtt/authorization/internal/AuthorizationDataHolder.java b/modules/iot-extensions/components/mb-extensions/org.wso2.carbon.andes.extensions.device.mgt.mqtt.authorization/src/main/java/org/wso2/carbon/andes/extensions/device/mgt/mqtt/authorization/internal/AuthorizationDataHolder.java
index e14e4cdd..c2d9e967 100644
--- a/modules/iot-extensions/components/mb-extensions/org.wso2.carbon.andes.extensions.device.mgt.mqtt.authorization/src/main/java/org/wso2/carbon/andes/extensions/device/mgt/mqtt/authorization/internal/AuthorizationDataHolder.java
+++ b/modules/iot-extensions/components/mb-extensions/org.wso2.carbon.andes.extensions.device.mgt.mqtt.authorization/src/main/java/org/wso2/carbon/andes/extensions/device/mgt/mqtt/authorization/internal/AuthorizationDataHolder.java
@@ -18,7 +18,6 @@
package org.wso2.carbon.andes.extensions.device.mgt.mqtt.authorization.internal;
-import org.wso2.carbon.device.mgt.common.authorization.DeviceAccessAuthorizationService;
import org.wso2.carbon.user.core.service.RealmService;
import org.wso2.carbon.user.core.tenant.TenantManager;
@@ -26,7 +25,6 @@ public class AuthorizationDataHolder {
private RealmService realmService;
private TenantManager tenantManager;
- private DeviceAccessAuthorizationService deviceAccessAuthorizationService;
private static AuthorizationDataHolder thisInstance = new AuthorizationDataHolder();
@@ -56,12 +54,4 @@ public class AuthorizationDataHolder {
return tenantManager;
}
- public DeviceAccessAuthorizationService getDeviceAccessAuthorizationService() {
- return deviceAccessAuthorizationService;
- }
-
- public void setDeviceAccessAuthorizationService(DeviceAccessAuthorizationService deviceAccessAuthorizationService) {
- this.deviceAccessAuthorizationService = deviceAccessAuthorizationService;
- }
-
}
diff --git a/modules/iot-extensions/components/mb-extensions/org.wso2.carbon.andes.extensions.device.mgt.mqtt.authorization/src/main/java/org/wso2/carbon/andes/extensions/device/mgt/mqtt/authorization/internal/AuthorizationServiceComponent.java b/modules/iot-extensions/components/mb-extensions/org.wso2.carbon.andes.extensions.device.mgt.mqtt.authorization/src/main/java/org/wso2/carbon/andes/extensions/device/mgt/mqtt/authorization/internal/AuthorizationServiceComponent.java
index 3ebb099e..b0827e1b 100644
--- a/modules/iot-extensions/components/mb-extensions/org.wso2.carbon.andes.extensions.device.mgt.mqtt.authorization/src/main/java/org/wso2/carbon/andes/extensions/device/mgt/mqtt/authorization/internal/AuthorizationServiceComponent.java
+++ b/modules/iot-extensions/components/mb-extensions/org.wso2.carbon.andes.extensions.device.mgt.mqtt.authorization/src/main/java/org/wso2/carbon/andes/extensions/device/mgt/mqtt/authorization/internal/AuthorizationServiceComponent.java
@@ -21,7 +21,6 @@ package org.wso2.carbon.andes.extensions.device.mgt.mqtt.authorization.internal;
import org.apache.commons.logging.Log;
import org.apache.commons.logging.LogFactory;
import org.osgi.service.component.ComponentContext;
-import org.wso2.carbon.device.mgt.common.authorization.DeviceAccessAuthorizationService;
import org.wso2.carbon.user.core.service.RealmService;
/**
@@ -32,12 +31,6 @@ import org.wso2.carbon.user.core.service.RealmService;
* policy="dynamic"
* bind="setRealmService"
* unbind="unsetRealmService"
- * @scr.reference name="org.wso2.carbon.device.access.authorization"
- * interface="org.wso2.carbon.device.mgt.common.authorization.DeviceAccessAuthorizationService"
- * cardinality="1..1"
- * policy="dynamic"
- * bind="setDeviceAccessAuthorizationService"
- * unbind="unsetDeviceAccessAuthorizationService"
*/
@SuppressWarnings("unused")
public class AuthorizationServiceComponent {
@@ -76,18 +69,4 @@ public class AuthorizationServiceComponent {
AuthorizationDataHolder.getInstance().setRealmService(null);
}
- protected void setDeviceAccessAuthorizationService(DeviceAccessAuthorizationService deviceAccessAuthorizationService) {
- if (log.isDebugEnabled()) {
- log.debug("Setting Device Access Authorization Service");
- }
- AuthorizationDataHolder.getInstance().setDeviceAccessAuthorizationService(deviceAccessAuthorizationService);
- }
-
- protected void unsetDeviceAccessAuthorizationService(DeviceAccessAuthorizationService deviceAccessAuthorizationService) {
- if (log.isDebugEnabled()) {
- log.debug("Removing Device Access Authorization Service");
- }
- AuthorizationDataHolder.getInstance().setDeviceAccessAuthorizationService(null);
- }
-
}
diff --git a/modules/iot-extensions/features/mb-extensions-feature/org.wso2.carbon.andes.extensions.device.mgt.mqtt.authorization.feature/pom.xml b/modules/iot-extensions/features/mb-extensions-feature/org.wso2.carbon.andes.extensions.device.mgt.mqtt.authorization.feature/pom.xml
index 41fba9b0..5b54749e 100644
--- a/modules/iot-extensions/features/mb-extensions-feature/org.wso2.carbon.andes.extensions.device.mgt.mqtt.authorization.feature/pom.xml
+++ b/modules/iot-extensions/features/mb-extensions-feature/org.wso2.carbon.andes.extensions.device.mgt.mqtt.authorization.feature/pom.xml
@@ -69,7 +69,6 @@
org.wso2.carbon.core.server:${carbon.kernel.version}
- org.wso2.carbon.device.mgt.server:${carbon.device.mgt.version}
diff --git a/modules/samples/connectedcup/component/agent/src/main/java/org/coffeeking/agent/transport/mqtt/ConnectedCupMQttTransportHandler.java b/modules/samples/connectedcup/component/agent/src/main/java/org/coffeeking/agent/transport/mqtt/ConnectedCupMQttTransportHandler.java
index fe7d4669..797ddc3b 100644
--- a/modules/samples/connectedcup/component/agent/src/main/java/org/coffeeking/agent/transport/mqtt/ConnectedCupMQttTransportHandler.java
+++ b/modules/samples/connectedcup/component/agent/src/main/java/org/coffeeking/agent/transport/mqtt/ConnectedCupMQttTransportHandler.java
@@ -20,7 +20,7 @@ public class ConnectedCupMQttTransportHandler extends MQTTTransportHandler {
private static ConnectedCupMQttTransportHandler connectedCupMQttTransportHandler;
- private static String publishTopic = "wso2/%s/" + DEVICE_TYPE + "/%s";
+ private static String publishTopic = "%s/" + DEVICE_TYPE + "/%s";
protected ConnectedCupMQttTransportHandler() {
super(iotServerSubscriber, DEVICE_TYPE, "tcp://localhost:1883", "");
diff --git a/modules/samples/connectedcup/component/plugin/src/main/java/org/coffeeking/connectedcup/plugin/impl/ConnectedCupManagerService.java b/modules/samples/connectedcup/component/plugin/src/main/java/org/coffeeking/connectedcup/plugin/impl/ConnectedCupManagerService.java
index d7ad1aa8..0f007334 100644
--- a/modules/samples/connectedcup/component/plugin/src/main/java/org/coffeeking/connectedcup/plugin/impl/ConnectedCupManagerService.java
+++ b/modules/samples/connectedcup/component/plugin/src/main/java/org/coffeeking/connectedcup/plugin/impl/ConnectedCupManagerService.java
@@ -57,7 +57,7 @@ public class ConnectedCupManagerService implements DeviceManagementService{
@Override
public ProvisioningConfig getProvisioningConfig() {
- return new ProvisioningConfig("carbon.super", true);
+ return new ProvisioningConfig("carbon.super", false);
}
@Override