diff --git a/components/apimgt-extensions/org.wso2.carbon.apimgt.application.extension.api/src/main/java/org/wso2/carbon/apimgt/application/extension/api/ApiApplicationRegistrationServiceImpl.java b/components/apimgt-extensions/org.wso2.carbon.apimgt.application.extension.api/src/main/java/org/wso2/carbon/apimgt/application/extension/api/ApiApplicationRegistrationServiceImpl.java index cc0bb20a9f..6690348197 100644 --- a/components/apimgt-extensions/org.wso2.carbon.apimgt.application.extension.api/src/main/java/org/wso2/carbon/apimgt/application/extension/api/ApiApplicationRegistrationServiceImpl.java +++ b/components/apimgt-extensions/org.wso2.carbon.apimgt.application.extension.api/src/main/java/org/wso2/carbon/apimgt/application/extension/api/ApiApplicationRegistrationServiceImpl.java @@ -47,7 +47,7 @@ public class ApiApplicationRegistrationServiceImpl implements ApiApplicationRegi public Response register(@PathParam("tenantDomain") String tenantDomain, @QueryParam("applicationName") String applicationName) { String authenticatedTenantDomain = PrivilegedCarbonContext.getThreadLocalCarbonContext().getTenantDomain(); - if (authenticatedTenantDomain.equals(MultitenantConstants.SUPER_TENANT_DOMAIN_NAME)) { + if (!authenticatedTenantDomain.equals(MultitenantConstants.SUPER_TENANT_DOMAIN_NAME)) { return Response.status(Response.Status.NOT_ACCEPTABLE).build(); } try { diff --git a/components/device-mgt/org.wso2.carbon.device.mgt.ui/src/main/resources/jaggeryapps/devicemgt/app/conf/config.json b/components/device-mgt/org.wso2.carbon.device.mgt.ui/src/main/resources/jaggeryapps/devicemgt/app/conf/config.json index 7a3920667c..6fcd90c7a8 100644 --- a/components/device-mgt/org.wso2.carbon.device.mgt.ui/src/main/resources/jaggeryapps/devicemgt/app/conf/config.json +++ b/components/device-mgt/org.wso2.carbon.device.mgt.ui/src/main/resources/jaggeryapps/devicemgt/app/conf/config.json @@ -2,7 +2,7 @@ "appContext" : "/devicemgt/", "webAgentContext" : "/devicemgt-web-agent/", "apiContext" : "api", - "httpsURL" : "%https.ip%", + "httpsURL" : "https://localhost:8243", "httpURL" : "%http.ip%", "enrollmentDir": "/emm-web-agent/enrollment", "iOSConfigRoot" : "%https.ip%/ios-enrollment/", diff --git a/components/device-mgt/org.wso2.carbon.device.mgt.ui/src/main/resources/jaggeryapps/devicemgt/app/modules/api-wrapper-util.js b/components/device-mgt/org.wso2.carbon.device.mgt.ui/src/main/resources/jaggeryapps/devicemgt/app/modules/api-wrapper-util.js index 1a518bcf22..3f37cdefb8 100644 --- a/components/device-mgt/org.wso2.carbon.device.mgt.ui/src/main/resources/jaggeryapps/devicemgt/app/modules/api-wrapper-util.js +++ b/components/device-mgt/org.wso2.carbon.device.mgt.ui/src/main/resources/jaggeryapps/devicemgt/app/modules/api-wrapper-util.js @@ -21,6 +21,7 @@ var apiWrapperUtil = function () { var tokenUtil = require("/app/modules/util.js").util; var constants = require("/app/modules/constants.js"); var constants = require("/app/modules/constants.js"); + var log = new Log("/app/modules/api-wrapper-util.js"); module.refreshToken = function () { var tokenPair = session.get(constants.ACCESS_TOKEN_PAIR_IDENTIFIER); @@ -31,6 +32,10 @@ var apiWrapperUtil = function () { module.setupAccessTokenPair = function (type, properties) { var tokenPair; var clientData = tokenUtil.getDyanmicCredentials(properties); + log.info(">>>>>>>>>>>>>>>>>>>>"); + var jwtToken = tokenUtil.getTokenWithJWTGrantType(clientData); + tokenUtil.getTenantBasedAppCredentials(jwtToken); + log.info("*******************"); var encodedClientKeys = tokenUtil.encode(clientData.clientId + ":" + clientData.clientSecret); session.put(constants.ENCODED_CLIENT_KEYS_IDENTIFIER, encodedClientKeys); if (type == constants.GRANT_TYPE_PASSWORD) { diff --git a/components/device-mgt/org.wso2.carbon.device.mgt.ui/src/main/resources/jaggeryapps/devicemgt/app/modules/login.js b/components/device-mgt/org.wso2.carbon.device.mgt.ui/src/main/resources/jaggeryapps/devicemgt/app/modules/login.js index d24df7c480..4597c2d737 100644 --- a/components/device-mgt/org.wso2.carbon.device.mgt.ui/src/main/resources/jaggeryapps/devicemgt/app/modules/login.js +++ b/components/device-mgt/org.wso2.carbon.device.mgt.ui/src/main/resources/jaggeryapps/devicemgt/app/modules/login.js @@ -35,7 +35,7 @@ var onFail; } var devicemgtProps = require('/app/conf/devicemgt-props.js').config(); var carbonServer = require("carbon").server; - (new carbonServer.Server({url: devicemgtProps["httpsURL"]})) + (new carbonServer.Server({url: devicemgtProps["adminService"]})) .login(context.input.username, context.input.password); }; diff --git a/components/device-mgt/org.wso2.carbon.device.mgt.ui/src/main/resources/jaggeryapps/devicemgt/app/modules/util.js b/components/device-mgt/org.wso2.carbon.device.mgt.ui/src/main/resources/jaggeryapps/devicemgt/app/modules/util.js index 6b58c5ae1e..1be7329135 100644 --- a/components/device-mgt/org.wso2.carbon.device.mgt.ui/src/main/resources/jaggeryapps/devicemgt/app/modules/util.js +++ b/components/device-mgt/org.wso2.carbon.device.mgt.ui/src/main/resources/jaggeryapps/devicemgt/app/modules/util.js @@ -23,16 +23,15 @@ var util = function () { var String = Packages.java.lang.String; var devicemgtProps = require('/app/conf/devicemgt-props.js').config(); var carbon = require('carbon'); - var realmService = carbon.server.osgiService('org.wso2.carbon.user.core.service.RealmService'); - var adminUserName = realmService.getBootstrapRealmConfiguration().getAdminUserName(); var constants = require("/app/modules/constants.js"); + var adminUser = devicemgtProps["adminUser"]; module.getDyanmicCredentials = function (owner) { var payload = { "callbackUrl": devicemgtProps.callBackUrl, "clientName": "devicemgt", "tokenScope": "admin", - "owner": adminUserName, + "owner": adminUser, "applicationType": "webapp", "grantType": "password refresh_token urn:ietf:params:oauth:grant-type:saml2-bearer", "saasApp" :true @@ -47,6 +46,7 @@ var util = function () { var data = parse(xhr.responseText); clientData.clientId = data.client_id; clientData.clientSecret = data.client_secret; + } else if (xhr.status == 400) { throw "Invalid client meta data"; } else { @@ -137,6 +137,7 @@ var util = function () { } return tokenPair; }; + module.refreshToken = function (tokenPair, clientData, scope) { var xhr = new XMLHttpRequest(); var tokenEndpoint = devicemgtProps.idPServer + "/oauth2/token"; @@ -163,5 +164,37 @@ var util = function () { } return tokenPair; }; + + module.getTokenWithJWTGrantType = function (clientData) { + var jwtService = carbon.server.osgiService('org.wso2.carbon.identity.jwt.client.extension.service.JWTClientManagerService'); + var jwtClient = jwtService.getJWTClient(); + var jwtToken = jwtClient.getAccessToken(clientData.clientId, clientData.clientSecret, adminUser, null); + return jwtToken; + }; + + module.getTenantBasedAppCredentials = function (token) { + var tenantDomain = "carbon.super"; + var applicationName = "webapp_" + tenantDomain; + var xhr = new XMLHttpRequest(); + var endpoint = devicemgtProps["adminService"] + "/register/tenants/" + tenantDomain + "?applicationName=" + + applicationName; + log.info(">>>>>>>>>>>>>>>>>>>>>>>>>APIM App Register endpoint: " + endpoint); + xhr.open("POST", endpoint, false); + xhr.setRequestHeader("Content-Type", "application/json"); + xhr.setRequestHeader("Authorization", "X-JWT-Assertion " + token.accessToken); + xhr.send(); + var clientData = {}; + if (xhr.status == 201) { + var data = parse(xhr.responseText); + log.info(">>>>>>>>>>>>>>>>>>>>>>>>>lllllllllllllllllll: " + stringify(data)); + //clientData.clientId = data.client_id; + //clientData.clientSecret = data.client_secret; + + } else if (xhr.status == 400) { + throw "Invalid client meta data"; + } else { + throw "Error in obtaining client id and secret from APIM"; + } + } return module; }(); diff --git a/components/identity-extensions/org.wso2.carbon.identity.jwt.client.extension/src/main/java/org/wso2/carbon/identity/jwt/client/extension/service/JWTClientManagerServiceImpl.java b/components/identity-extensions/org.wso2.carbon.identity.jwt.client.extension/src/main/java/org/wso2/carbon/identity/jwt/client/extension/service/JWTClientManagerServiceImpl.java index df9a862fad..f12d295b7a 100644 --- a/components/identity-extensions/org.wso2.carbon.identity.jwt.client.extension/src/main/java/org/wso2/carbon/identity/jwt/client/extension/service/JWTClientManagerServiceImpl.java +++ b/components/identity-extensions/org.wso2.carbon.identity.jwt.client.extension/src/main/java/org/wso2/carbon/identity/jwt/client/extension/service/JWTClientManagerServiceImpl.java @@ -41,128 +41,128 @@ import java.util.concurrent.ConcurrentHashMap; /** * This creates JWT Client for each tenant and implements the JWTClientManagerService interface. */ -public class JWTClientManagerServiceImpl implements JWTClientManagerService{ +public class JWTClientManagerServiceImpl implements JWTClientManagerService { - private static Map jwtClientMap; - private static final Log log = LogFactory.getLog(JWTClientManagerServiceImpl.class); - private static final String TENANT_JWT_CONFIG_LOCATION = "/jwt-config/jwt.properties"; - private static JWTClient defaultJWTClient; + private static Map jwtClientMap; + private static final Log log = LogFactory.getLog(JWTClientManagerServiceImpl.class); + private static final String TENANT_JWT_CONFIG_LOCATION = "/jwt-config/jwt.properties"; + private static JWTClient defaultJWTClient; - public JWTClientManagerServiceImpl() { - jwtClientMap = new ConcurrentHashMap<>(); - } + public JWTClientManagerServiceImpl() { + jwtClientMap = new ConcurrentHashMap<>(); + } - /** - * this return the jwt based token client to generate token for the tenant. - */ - @Override - public JWTClient getJWTClient() throws JWTClientException { - String tenantDomain = CarbonContext.getThreadLocalCarbonContext().getTenantDomain(); - int tenantId = PrivilegedCarbonContext.getThreadLocalCarbonContext().getTenantId(true); - if (tenantId == -1) { - throw new JWTClientException("Invalid tenant domain :" + tenantDomain); - } - //Get jwt client which has been registered for the tenant. - JWTClient jwtClient = getJWTClient(tenantDomain); - if (jwtClient == null) { - //Create a new jwt client for the tenant. - try { - Properties properties = getJWTConfigProperties(tenantId); - if (properties == null) { - if (defaultJWTClient != null) { - return defaultJWTClient; - } else { - throw new JWTClientException("JWT Configuration is not available for tenant " + tenantDomain); - } - } - JWTConfig jwtConfig = new JWTConfig(properties); - jwtClient = new JWTClient(jwtConfig); - addJWTClient(tenantDomain, jwtClient); - } catch (JWTClientAlreadyExistsException e) { - log.warn("Attempting to register a jwt client for the tenant " + tenantDomain + - " when one already exists. Returning existing jwt client"); - return getJWTClient(tenantDomain); - } catch (JWTClientConfigurationException e) { - throw new JWTClientException("Failed to parse jwt configuration for tenant " + tenantDomain, e); - } - } - return jwtClient; - } + /** + * this return the jwt based token client to generate token for the tenant. + */ + @Override + public JWTClient getJWTClient() throws JWTClientException { + String tenantDomain = CarbonContext.getThreadLocalCarbonContext().getTenantDomain(); + int tenantId = PrivilegedCarbonContext.getThreadLocalCarbonContext().getTenantId(true); + if (tenantId == -1) { + throw new JWTClientException("Invalid tenant domain :" + tenantDomain); + } + //Get jwt client which has been registered for the tenant. + JWTClient jwtClient = getJWTClient(tenantDomain); + if (jwtClient == null) { + //Create a new jwt client for the tenant. + try { + Properties properties = getJWTConfigProperties(tenantId); + if (properties == null) { + if (defaultJWTClient != null) { + return defaultJWTClient; + } else { + throw new JWTClientException("JWT Configuration is not available for tenant " + tenantDomain); + } + } + JWTConfig jwtConfig = new JWTConfig(properties); + jwtClient = new JWTClient(jwtConfig); + addJWTClient(tenantDomain, jwtClient); + } catch (JWTClientAlreadyExistsException e) { + log.warn("Attempting to register a jwt client for the tenant " + tenantDomain + + " when one already exists. Returning existing jwt client"); + return getJWTClient(tenantDomain); + } catch (JWTClientConfigurationException e) { + throw new JWTClientException("Failed to parse jwt configuration for tenant " + tenantDomain, e); + } + } + return jwtClient; + } - /** - * This will set the default JWT Client that will be used if there is any available for tenants. - */ - @Override - public void setDefaultJWTClient(Properties properties) throws JWTClientConfigurationException { - if (properties == null) { - throw new JWTClientConfigurationException("Failed to load jwt configuration for super tenant."); - } - String defaultJWTClientMode = properties.getProperty(JWTConstants.DEFAULT_JWT_CLIENT); - boolean isDefaultJwtClient = false; - if (defaultJWTClientMode != null && !defaultJWTClientMode.isEmpty()) { - isDefaultJwtClient = Boolean.parseBoolean(defaultJWTClientMode); - } - if (isDefaultJwtClient) { - try { - JWTConfig jwtConfig = new JWTConfig(properties); - defaultJWTClient = new JWTClient(jwtConfig, true); - addJWTClient(MultitenantConstants.SUPER_TENANT_DOMAIN_NAME, defaultJWTClient); - } catch (JWTClientAlreadyExistsException e) { - log.warn("Attempting to register a jwt client for the super tenant" + - " when one already exists. Returning existing jwt client"); - } - } - } + /** + * This will set the default JWT Client that will be used if there is any available for tenants. + */ + @Override + public void setDefaultJWTClient(Properties properties) throws JWTClientConfigurationException { + if (properties == null) { + throw new JWTClientConfigurationException("Failed to load jwt configuration for super tenant."); + } + String defaultJWTClientMode = properties.getProperty(JWTConstants.DEFAULT_JWT_CLIENT); + boolean isDefaultJwtClient = false; + if (defaultJWTClientMode != null && !defaultJWTClientMode.isEmpty()) { + isDefaultJwtClient = Boolean.parseBoolean(defaultJWTClientMode); + } + if (isDefaultJwtClient) { + try { + JWTConfig jwtConfig = new JWTConfig(properties); + defaultJWTClient = new JWTClient(jwtConfig, true); + addJWTClient(MultitenantConstants.SUPER_TENANT_DOMAIN_NAME, defaultJWTClient); + } catch (JWTClientAlreadyExistsException e) { + log.warn("Attempting to register a jwt client for the super tenant" + + " when one already exists. Returning existing jwt client"); + } + } + } - /** - * Fetch the jwt client which has been registered under the tenant domain. - * - * @param tenantDomain - The tenant domain under which the jwt client is registered - * @return - Instance of the jwt client which was registered. Null if not registered. - */ - private JWTClient getJWTClient(String tenantDomain) { - if (jwtClientMap.containsKey(tenantDomain)) { - return jwtClientMap.get(tenantDomain); - } - return null; - } + /** + * Fetch the jwt client which has been registered under the tenant domain. + * + * @param tenantDomain - The tenant domain under which the jwt client is registered + * @return - Instance of the jwt client which was registered. Null if not registered. + */ + private JWTClient getJWTClient(String tenantDomain) { + if (jwtClientMap.containsKey(tenantDomain)) { + return jwtClientMap.get(tenantDomain); + } + return null; + } - /** - * Adds a jwt client to the jwt client map. - * - * @param tenantDomain - The tenant domain under which the jwt client will be registered. - * @param jwtClient - Instance of the jwt client - * @throws JWTClientAlreadyExistsException - If a jwt client has already been registered under the tenantdomain - */ - private void addJWTClient(String tenantDomain, JWTClient jwtClient) throws JWTClientAlreadyExistsException { - synchronized (jwtClientMap) { - if (jwtClientMap.containsKey(tenantDomain)) { - throw new JWTClientAlreadyExistsException( - "A jwt client has already been created for the tenant " + tenantDomain); - } - jwtClientMap.put(tenantDomain, jwtClient); - } - } + /** + * Adds a jwt client to the jwt client map. + * + * @param tenantDomain - The tenant domain under which the jwt client will be registered. + * @param jwtClient - Instance of the jwt client + * @throws JWTClientAlreadyExistsException - If a jwt client has already been registered under the tenantdomain + */ + private void addJWTClient(String tenantDomain, JWTClient jwtClient) throws JWTClientAlreadyExistsException { + synchronized (jwtClientMap) { + if (jwtClientMap.containsKey(tenantDomain)) { + throw new JWTClientAlreadyExistsException( + "A jwt client has already been created for the tenant " + tenantDomain); + } + jwtClientMap.put(tenantDomain, jwtClient); + } + } - /** - * Retrieve JWT configs from registry. - */ - private Properties getJWTConfigProperties(int tenantId) throws JWTClientConfigurationException { - try { - Resource config = JWTClientUtil.getConfigRegistryResourceContent(tenantId, TENANT_JWT_CONFIG_LOCATION); - Properties properties = null; - if (config != null) { - properties = new Properties(); - properties.load(config.getContentStream()); - } - return properties; - } catch (RegistryException e) { - throw new JWTClientConfigurationException("Failed to load the content from registry for tenant " + - tenantId, e); - } catch (IOException e) { - throw new JWTClientConfigurationException( - "Failed to parse the content from the registry for tenant " + tenantId, e); - } - } + /** + * Retrieve JWT configs from registry. + */ + private Properties getJWTConfigProperties(int tenantId) throws JWTClientConfigurationException { + try { + Resource config = JWTClientUtil.getConfigRegistryResourceContent(tenantId, TENANT_JWT_CONFIG_LOCATION); + Properties properties = null; + if (config != null) { + properties = new Properties(); + properties.load(config.getContentStream()); + } + return properties; + } catch (RegistryException e) { + throw new JWTClientConfigurationException("Failed to load the content from registry for tenant " + + tenantId, e); + } catch (IOException e) { + throw new JWTClientConfigurationException( + "Failed to parse the content from the registry for tenant " + tenantId, e); + } + } }