few changed mqtt authoriser

modules/distribution/src/assembly/bin.xml

@@ -1344,33 +1344,17 @@
         </file>
         <file>
             <source>
-                ../p2-profile-gen/target/wso2carbon-core-${carbon.kernel.version}/repository/conf/iot/devicemgt-config.xml
+                ../p2-profile-gen/target/wso2carbon-core-${carbon.kernel.version}/repository/conf/etc/mqtt.properties
             </source>
-            <outputDirectory>${pom.artifactId}-${pom.version}/repository/conf/iot</outputDirectory>
+            <outputDirectory>${pom.artifactId}-${pom.version}/repository/conf/etc</outputDirectory>
-            <filtered>true</filtered>
-            <fileMode>644</fileMode>
-        </file>
-        <file>
-            <source>
-                ../p2-profile-gen/target/wso2carbon-core-${carbon.kernel.version}/repository/conf/iot/mqtt.properties
-            </source>
-            <outputDirectory>${pom.artifactId}-${pom.version}/repository/conf/iot</outputDirectory>
-            <filtered>true</filtered>
-            <fileMode>644</fileMode>
-        </file>
-        <file>
-            <source>
-                ../p2-profile-gen/target/wso2carbon-core-${carbon.kernel.version}/repository/conf/iot/xmpp.properties
-            </source>
-            <outputDirectory>${pom.artifactId}-${pom.version}/repository/conf/iot</outputDirectory>
             <filtered>true</filtered>
             <fileMode>644</fileMode>
         </file>
         <file>
             <source>
-                ../p2-profile-gen/target/wso2carbon-core-${carbon.kernel.version}/repository/conf/iot/devicemgt-config.xsd
+                ../p2-profile-gen/target/wso2carbon-core-${carbon.kernel.version}/repository/conf/etc/xmpp.properties
             </source>
-            <outputDirectory>${pom.artifactId}-${pom.version}/repository/conf/iot</outputDirectory>
+            <outputDirectory>${pom.artifactId}-${pom.version}/repository/conf/etc</outputDirectory>
             <filtered>true</filtered>
             <fileMode>644</fileMode>
         </file>

modules/iot-extensions/components/mb-extensions/org.wso2.carbon.andes.extensions.device.mgt.mqtt.authorization/pom.xml

@@ -47,12 +47,12 @@
             <artifactId>andes</artifactId>
         </dependency>
         <dependency>
-            <groupId>org.wso2.carbon.devicemgt</groupId>
+            <groupId>org.wso2.carbon</groupId>
-            <artifactId>org.wso2.carbon.device.mgt.core</artifactId>
+            <artifactId>org.wso2.carbon.user.api</artifactId>
         </dependency>
         <dependency>
-            <groupId>org.wso2.carbon.devicemgt</groupId>
+            <groupId>org.wso2.carbon</groupId>
-            <artifactId>org.wso2.carbon.device.mgt.common</artifactId>
+            <artifactId>org.wso2.carbon.user.core</artifactId>
         </dependency>
     </dependencies>
 
@@ -83,12 +83,11 @@
                             org.wso2.andes.configuration.enums,
                             org.wso2.andes.mqtt,
                             org.wso2.carbon.context,
-                            org.wso2.carbon.device.mgt.common,
-                            org.wso2.carbon.device.mgt.common.authorization,
                             org.apache.commons.logging,
                             org.osgi.service.component,
                             org.wso2.carbon.user.core.service,
-                            org.wso2.carbon.user.core.tenant
+                            org.wso2.carbon.user.core.tenant,
+                            org.wso2.carbon.user.api
                         </Import-Package>
                     </instructions>
                 </configuration>

modules/iot-extensions/components/mb-extensions/org.wso2.carbon.andes.extensions.device.mgt.mqtt.authorization/src/main/java/org/wso2/carbon/andes/extensions/device/mgt/mqtt/authorization/DeviceAccessBasedMQTTAuthorizer.java

@@ -24,8 +24,10 @@ import org.wso2.andes.configuration.enums.MQTTAuthoriztionPermissionLevel;
 import org.wso2.andes.mqtt.MQTTAuthorizationSubject;
 import org.wso2.carbon.andes.extensions.device.mgt.mqtt.authorization.internal.AuthorizationDataHolder;
 import org.wso2.carbon.context.PrivilegedCarbonContext;
-import org.wso2.carbon.device.mgt.common.DeviceIdentifier;
+import org.wso2.carbon.user.api.UserRealm;
-import org.wso2.carbon.device.mgt.common.authorization.DeviceAccessAuthorizationException;
+import org.wso2.carbon.user.api.UserStoreException;
+
+import java.util.List;
 
 /**
  * Authorize the connecting users against Carbon Permission Model. Intended usage is
@@ -35,35 +37,32 @@ import org.wso2.carbon.device.mgt.common.authorization.DeviceAccessAuthorization
  */
 public class DeviceAccessBasedMQTTAuthorizer implements IAuthorizer {
     private static final Logger logger = Logger.getLogger(DeviceAccessBasedMQTTAuthorizer.class);
+    private static final String CONNECTION_PERMISSION = "/permission/admin/device-mgt/user";
+    private static final String SCOPE_IDENTIFIER = "scope";
+
     /**
      * {@inheritDoc} Authorize the user against carbon device mgt model.
      */
     @Override
     public boolean isAuthorizedForTopic(MQTTAuthorizationSubject authorizationSubject, String topic,
                                         MQTTAuthoriztionPermissionLevel permissionLevel) {
-        try {
+        String topics[] = topic.split("/");
-            String topics[] = topic.split("/");
+        if (topics.length < 3) {
-            if (topics.length < 3) {
+            return false;
-                return false;
+        }
-            }
+        String tenantIdFromTopic = topics[0];
-            String tenantIdFromTopic = topics[0];
+        if (!tenantIdFromTopic.equals(authorizationSubject.getTenantDomain())) {
-            if (!tenantIdFromTopic.equals(authorizationSubject.getTenantDomain())) {
+            return false;
-                return false;
+        }
+        String deviceTypeFromTopic = topics[1];
+        String deviceIdFromTopic = topics[2];
+        List<String> scopes = (List<String>) authorizationSubject.getProperties().get(SCOPE_IDENTIFIER);
+        if (scopes != null) {
+            for (String scope : scopes) {
+                //TODO : have to validate token with scopes.
             }
-            String deviceTypeFromTopic = topics[1];
-            String deviceIdFromTopic = topics[2];
-            PrivilegedCarbonContext.startTenantFlow();
-            PrivilegedCarbonContext.getThreadLocalCarbonContext().setTenantDomain(
-                    authorizationSubject.getTenantDomain(), true);
-            PrivilegedCarbonContext.getThreadLocalCarbonContext().setUsername(authorizationSubject.getUsername());
-            return AuthorizationDataHolder.getInstance().getDeviceAccessAuthorizationService().isUserAuthorized(
-                    new DeviceIdentifier(deviceIdFromTopic, deviceTypeFromTopic));
-        } catch (DeviceAccessAuthorizationException e) {
-            logger.error("Failed on Device Access Authorization for user " + authorizationSubject.getUsername(), e);
-        } finally {
-            PrivilegedCarbonContext.endTenantFlow();
         }
-        return false;
+        return true;
     }
 
     /**
@@ -71,6 +70,36 @@ public class DeviceAccessBasedMQTTAuthorizer implements IAuthorizer {
      */
     @Override
     public boolean isAuthorizedToConnect(MQTTAuthorizationSubject authorizationSubject) {
-        return true;
+        return isUserAuthorized(authorizationSubject, CONNECTION_PERMISSION, "ui.execute");
+    }
+
+    /**
+     * Check whether the client is authorized with the given permission and action.
+     *
+     * @param authorizationSubject this contains the client information
+     * @param permission           Carbon permission that requires for the use
+     * @param action               Carbon permission action that requires for the given permission.
+     * @return boolean - true if user is authorized else return false.
+     */
+    private boolean isUserAuthorized(MQTTAuthorizationSubject authorizationSubject, String permission, String action) {
+        String username = authorizationSubject.getUsername();
+        try {
+            PrivilegedCarbonContext.startTenantFlow();
+            PrivilegedCarbonContext.getThreadLocalCarbonContext().setTenantDomain(
+                    authorizationSubject.getTenantDomain(), true);
+            int tenantId = PrivilegedCarbonContext.getThreadLocalCarbonContext().getTenantId();
+            UserRealm userRealm = AuthorizationDataHolder.getInstance().getRealmService()
+                    .getTenantUserRealm(tenantId);
+            if (userRealm != null && userRealm.getAuthorizationManager() != null) {
+                return userRealm.getAuthorizationManager().isUserAuthorized(username, permission, action);
+            }
+            return false;
+        } catch (UserStoreException e) {
+            String errorMsg = String.format("Unable to authorize the user : %s", username);
+            logger.error(errorMsg, e);
+            return false;
+        } finally {
+            PrivilegedCarbonContext.endTenantFlow();
+        }
     }
 }

modules/iot-extensions/components/mb-extensions/org.wso2.carbon.andes.extensions.device.mgt.mqtt.authorization/src/main/java/org/wso2/carbon/andes/extensions/device/mgt/mqtt/authorization/internal/AuthorizationDataHolder.java

@@ -18,7 +18,6 @@
 
 package org.wso2.carbon.andes.extensions.device.mgt.mqtt.authorization.internal;
 
-import org.wso2.carbon.device.mgt.common.authorization.DeviceAccessAuthorizationService;
 import org.wso2.carbon.user.core.service.RealmService;
 import org.wso2.carbon.user.core.tenant.TenantManager;
 
@@ -26,7 +25,6 @@ public class AuthorizationDataHolder {
 
     private RealmService realmService;
     private TenantManager tenantManager;
-    private DeviceAccessAuthorizationService deviceAccessAuthorizationService;
 
     private static AuthorizationDataHolder thisInstance = new AuthorizationDataHolder();
 
@@ -56,12 +54,4 @@ public class AuthorizationDataHolder {
         return tenantManager;
     }
 
-    public DeviceAccessAuthorizationService getDeviceAccessAuthorizationService() {
-        return deviceAccessAuthorizationService;
-    }
-
-    public void setDeviceAccessAuthorizationService(DeviceAccessAuthorizationService deviceAccessAuthorizationService) {
-        this.deviceAccessAuthorizationService = deviceAccessAuthorizationService;
-    }
-
 }

modules/iot-extensions/components/mb-extensions/org.wso2.carbon.andes.extensions.device.mgt.mqtt.authorization/src/main/java/org/wso2/carbon/andes/extensions/device/mgt/mqtt/authorization/internal/AuthorizationServiceComponent.java

@@ -21,7 +21,6 @@ package org.wso2.carbon.andes.extensions.device.mgt.mqtt.authorization.internal;
 import org.apache.commons.logging.Log;
 import org.apache.commons.logging.LogFactory;
 import org.osgi.service.component.ComponentContext;
-import org.wso2.carbon.device.mgt.common.authorization.DeviceAccessAuthorizationService;
 import org.wso2.carbon.user.core.service.RealmService;
 
 /**
@@ -32,12 +31,6 @@ import org.wso2.carbon.user.core.service.RealmService;
  * policy="dynamic"
  * bind="setRealmService"
  * unbind="unsetRealmService"
- * @scr.reference name="org.wso2.carbon.device.access.authorization"
- * interface="org.wso2.carbon.device.mgt.common.authorization.DeviceAccessAuthorizationService"
- * cardinality="1..1"
- * policy="dynamic"
- * bind="setDeviceAccessAuthorizationService"
- * unbind="unsetDeviceAccessAuthorizationService"
  */
 @SuppressWarnings("unused")
 public class AuthorizationServiceComponent {
@@ -76,18 +69,4 @@ public class AuthorizationServiceComponent {
         AuthorizationDataHolder.getInstance().setRealmService(null);
     }
 
-    protected void setDeviceAccessAuthorizationService(DeviceAccessAuthorizationService deviceAccessAuthorizationService) {
-        if (log.isDebugEnabled()) {
-            log.debug("Setting Device Access Authorization Service");
-        }
-        AuthorizationDataHolder.getInstance().setDeviceAccessAuthorizationService(deviceAccessAuthorizationService);
-    }
-
-    protected void unsetDeviceAccessAuthorizationService(DeviceAccessAuthorizationService deviceAccessAuthorizationService) {
-        if (log.isDebugEnabled()) {
-            log.debug("Removing Device Access Authorization Service");
-        }
-        AuthorizationDataHolder.getInstance().setDeviceAccessAuthorizationService(null);
-    }
-
 }

modules/iot-extensions/features/mb-extensions-feature/org.wso2.carbon.andes.extensions.device.mgt.mqtt.authorization.feature/pom.xml

@@ -69,7 +69,6 @@
                             </bundles>
                             <importFeatures>
                                 <importFeatureDef>org.wso2.carbon.core.server:${carbon.kernel.version}</importFeatureDef>
-                                <importFeatureDef>org.wso2.carbon.device.mgt.server:${carbon.device.mgt.version}</importFeatureDef>
                             </importFeatures>
                         </configuration>
                     </execution>

modules/samples/connectedcup/component/agent/src/main/java/org/coffeeking/agent/transport/mqtt/ConnectedCupMQttTransportHandler.java

@@ -20,7 +20,7 @@ public class ConnectedCupMQttTransportHandler extends MQTTTransportHandler {
 
     private static ConnectedCupMQttTransportHandler connectedCupMQttTransportHandler;
 
-    private static String publishTopic = "wso2/%s/" + DEVICE_TYPE + "/%s";
+    private static String publishTopic = "%s/" + DEVICE_TYPE + "/%s";
 
     protected ConnectedCupMQttTransportHandler() {
         super(iotServerSubscriber, DEVICE_TYPE, "tcp://localhost:1883", "");

modules/samples/connectedcup/component/plugin/src/main/java/org/coffeeking/connectedcup/plugin/impl/ConnectedCupManagerService.java

@@ -57,7 +57,7 @@ public class ConnectedCupManagerService implements DeviceManagementService{
 
 	@Override
 	public ProvisioningConfig getProvisioningConfig() {
-		return new ProvisioningConfig("carbon.super", true);
+		return new ProvisioningConfig("carbon.super", false);
 	}
 
 	@Override