Refactored permission authorizer module

components/device-mgt/org.wso2.carbon.device.mgt.core/src/main/java/org/wso2/carbon/device/mgt/core/config/permission/Permission.java

@@ -21,8 +21,11 @@ package org.wso2.carbon.device.mgt.core.config.permission;
 import javax.xml.bind.annotation.XmlElement;
 import javax.xml.bind.annotation.XmlRootElement;
 
-@XmlRootElement(name = "Permission")
+/**
-public class Permission{
+ * This class represents the information related to permission.
+ */
+@XmlRootElement (name = "Permission")
+public class Permission {
 
     private String name; // permission name
     private String path; // permission string
@@ -33,7 +36,7 @@ public class Permission{
         return name;
     }
 
-	@XmlElement(name = "name", required = true)
+    @XmlElement (name = "name", required = true)
     public void setName(String name) {
         this.name = name;
     }
@@ -42,7 +45,7 @@ public class Permission{
         return path;
     }
 
-	@XmlElement(name = "path", required = true)
+    @XmlElement (name = "path", required = true)
     public void setPath(String path) {
         this.path = path;
     }
@@ -51,7 +54,7 @@ public class Permission{
         return url;
     }
 
-    @XmlElement(name = "url", required = true)
+    @XmlElement (name = "url", required = true)
     public void setUrl(String url) {
         this.url = url;
     }
@@ -60,7 +63,7 @@ public class Permission{
         return method;
     }
 
-    @XmlElement(name = "method", required = true)
+    @XmlElement (name = "method", required = true)
     public void setMethod(String method) {
         this.method = method;
     }

components/device-mgt/org.wso2.carbon.device.mgt.core/src/main/java/org/wso2/carbon/device/mgt/core/config/permission/PermissionConfiguration.java

@@ -22,7 +22,10 @@ import javax.xml.bind.annotation.XmlElement;
 import javax.xml.bind.annotation.XmlRootElement;
 import java.util.List;
 
-@XmlRootElement(name = "PermissionConfiguration")
+/**
+ * This class represents the information related to permission configuration.
+ */
+@XmlRootElement (name = "PermissionConfiguration")
 public class PermissionConfiguration {
 
     private List<Permission> permissions;
@@ -31,7 +34,7 @@ public class PermissionConfiguration {
         return permissions;
     }
 
-	@XmlElement(name = "Permission", required = true)
+    @XmlElement (name = "Permission", required = true)
     public void setPermissions(List<Permission> permissions) {
         this.permissions = permissions;
     }

components/device-mgt/org.wso2.carbon.device.mgt.core/src/main/java/org/wso2/carbon/device/mgt/core/config/permission/PermissionManager.java

@@ -33,16 +33,17 @@ import java.util.StringTokenizer;
 public class PermissionManager {
 
     private static PermissionManager permissionManager;
-    private static PermissionHolder rootNode;
+    private static PermissionTree permissionTree; // holds the permissions at runtime.
 
-	private PermissionManager(){};
+    private PermissionManager() {
+    }
 
     public static PermissionManager getInstance() {
         if (permissionManager == null) {
             synchronized (PermissionManager.class) {
                 if (permissionManager == null) {
                     permissionManager = new PermissionManager();
-                    rootNode = new PermissionHolder("/"); // initializing the root node.
+                    permissionTree = new PermissionTree();
                 }
             }
         }
@@ -50,14 +51,7 @@ public class PermissionManager {
     }
 
     public boolean addPermission(Permission permission) throws DeviceManagementException {
-        StringTokenizer st = new StringTokenizer(permission.getUrl(), "/");
+        permissionTree.addPermission(permission); // adding a permission to the tree
-        PermissionHolder tempRoot = rootNode;
-        PermissionHolder tempChild;
-        while(st.hasMoreTokens()) {
-            tempChild = new PermissionHolder(st.nextToken());
-            tempRoot = addPermissionNode(tempRoot, tempChild);
-        }
-        tempRoot.addPermission(permission.getMethod(), permission); //setting permission to the vertex
         try {
             return PermissionUtils.putPermission(permission);
         } catch (DeviceManagementException e) {
@@ -66,8 +60,8 @@ public class PermissionManager {
         }
     }
 
-	public boolean addPermissions(List<Permission> permissions) throws DeviceManagementException{
+    public boolean addPermissions(List<Permission> permissions) throws DeviceManagementException {
-		for(Permission permission:permissions){
+        for (Permission permission : permissions) {
             this.addPermission(permission);
         }
         return true;
@@ -75,13 +69,13 @@ public class PermissionManager {
 
     public void initializePermissions(InputStream permissionStream) throws DeviceManagementException {
         try {
-			if(permissionStream != null){
+            if (permissionStream != null) {
                 /* Un-marshaling Device Management configuration */
                 JAXBContext cdmContext = JAXBContext.newInstance(PermissionConfiguration.class);
                 Unmarshaller unmarshaller = cdmContext.createUnmarshaller();
                 PermissionConfiguration permissionConfiguration = (PermissionConfiguration)
                         unmarshaller.unmarshal(permissionStream);
-				if((permissionConfiguration != null) && (permissionConfiguration.getPermissions() != null)){
+                if (permissionConfiguration != null && permissionConfiguration.getPermissions() != null) {
                     this.addPermissions(permissionConfiguration.getPermissions());
                 }
             }
@@ -90,38 +84,7 @@ public class PermissionManager {
         }
     }
 
-    private PermissionHolder addPermissionNode(PermissionHolder parent, PermissionHolder child) {
-        PermissionHolder existChild = parent.getChild(child.getPathName());
-        if (existChild == null) {
-            parent.addChild(child);
-            return child;
-        }
-        return existChild;
-    }
-
     public Permission getPermission(String url, String httpMethod) {
-        StringTokenizer st = new StringTokenizer(url, "/");
+        return permissionTree.getPermission(url, httpMethod);
-        PermissionHolder tempRoot = rootNode;
-        PermissionHolder previousRoot;
-        while (st.hasMoreTokens()) {
-            String currentToken = st.nextToken();
-            previousRoot = tempRoot;
-            tempRoot = tempRoot.getChild(currentToken);
-            if (tempRoot == null) {
-                tempRoot = previousRoot;
-                int leftTokens = st.countTokens();
-                for (int i = 0; i <= leftTokens; i++) {
-                    if (tempRoot == null) {
-                        return null;
-                    }
-                    tempRoot = tempRoot.getChild("*");
-                }
-                break;
-            }
-        }
-        if (tempRoot == null) {
-            return null;
-        }
-        return tempRoot.getPermission(httpMethod);
     }
 }

components/device-mgt/org.wso2.carbon.device.mgt.core/src/main/java/org/wso2/carbon/device/mgt/core/config/permission/PermissionNode.java

@@ -25,15 +25,15 @@ import java.util.List;
 import java.util.Map;
 
 /**
- * This class represents the node of a permission graph.
+ * This class represents the node of a permission tree.
  */
-public class PermissionHolder {
+public class PermissionNode {
 
-    String pathName;
+    private String pathName;
-    Map<String, Permission> permissions = new HashMap<String, Permission>();
+    private Map<String, Permission> permissions = new HashMap<String, Permission>();
-    List<PermissionHolder> children = new ArrayList<PermissionHolder>();
+    private List<PermissionNode> children = new ArrayList<PermissionNode>();
 
-    public PermissionHolder(String pathName) {
+    public PermissionNode(String pathName) {
         this.pathName = pathName;
     }
 
@@ -45,13 +45,13 @@ public class PermissionHolder {
         this.pathName = pathName;
     }
 
-    public List<PermissionHolder> getChildren() {
+    public List<PermissionNode> getChildren() {
         return children;
     }
 
-    public PermissionHolder getChild(String pathName) {
+    public PermissionNode getChild(String pathName) {
-        PermissionHolder child = null;
+        PermissionNode child = null;
-        for (PermissionHolder node : children) {
+        for (PermissionNode node : children) {
             if (node.getPathName().equals(pathName)) {
                 return node;
             }
@@ -59,7 +59,7 @@ public class PermissionHolder {
         return child;
     }
 
-    public void addChild(PermissionHolder node) {
+    public void addChild(PermissionNode node) {
         children.add(node);
     }
 

components/device-mgt/org.wso2.carbon.device.mgt.core/src/main/java/org/wso2/carbon/device/mgt/core/config/permission/PermissionUtils.java

@@ -84,7 +84,7 @@ public class PermissionUtils {
 		return status;
 	}
 
-	public static boolean checkPermissionExistance(Permission permission)
+	public static boolean checkPermissionExistence(Permission permission)
 			throws DeviceManagementException,
 			       org.wso2.carbon.registry.core.exceptions.RegistryException {
 		return PermissionUtils.getGovernanceRegistry().resourceExists(permission.getPath());

components/webapp-authenticator-framework/org.wso2.carbon.webapp.authenticator.framework/src/main/java/org/wso2/carbon/webapp/authenticator/framework/authorizer/PermissionAuthorizationValve.java

@@ -29,9 +29,9 @@ import org.wso2.carbon.webapp.authenticator.framework.authenticator.WebappAuthen
 
 import javax.servlet.http.HttpServletResponse;
 
-public class PermissionAuthorizerValve extends CarbonTomcatValve {
+public class PermissionAuthorizationValve extends CarbonTomcatValve {
 
-    private static final Log log = LogFactory.getLog(PermissionAuthorizerValve.class);
+    private static final Log log = LogFactory.getLog(PermissionAuthorizationValve.class);
     private static final String AUTHORIZATION_ENABLED = "authorization-enabled";
 
 
@@ -44,7 +44,7 @@ public class PermissionAuthorizerValve extends CarbonTomcatValve {
             this.processResponse(request, response, compositeValve, WebappAuthenticator.Status.CONTINUE);
             return;
         }
-        // check whether the permission checking function is enabled
+        // check whether the permission checking function is enabled in web.xml
         boolean isEnabled = new Boolean(permissionStatus);
         if (!isEnabled) {
             this.processResponse(request, response, compositeValve, WebappAuthenticator.Status.CONTINUE);

components/webapp-authenticator-framework/org.wso2.carbon.webapp.authenticator.framework/src/main/java/org/wso2/carbon/webapp/authenticator/framework/authorizer/PermissionAuthorizer.java

@@ -39,7 +39,6 @@ public class PermissionAuthorizer {
 
     public WebappAuthenticator.Status authorize(Request request, Response response) {
 
-        // contextOperation is used to get defined operation type from the web.xml
         String requestUri = request.getRequestURI();
         String requestMethod = request.getMethod();
 
@@ -61,7 +60,10 @@ public class PermissionAuthorizer {
         String permissionString = requestPermission.getPath();
 
         // This is added temporarily until authentication works.
+        // TODO remove below line.
         String username = "admin";
+        // TODO uncomment this once the authentication works.
+        //String username = CarbonContext.getThreadLocalCarbonContext().getUsername();
 
         boolean isUserAuthorized;
         try {

components/webapp-authenticator-framework/org.wso2.carbon.webapp.authenticator.framework/src/main/java/org/wso2/carbon/webapp/authenticator/framework/internal/WebappAuthenticatorFrameworkServiceComponent.java

@@ -23,7 +23,6 @@ import org.apache.commons.logging.LogFactory;
 import org.osgi.service.component.ComponentContext;
 import org.wso2.carbon.certificate.mgt.core.service.CertificateManagementService;
 import org.wso2.carbon.device.mgt.core.scep.SCEPManager;
-import org.wso2.carbon.device.mgt.core.service.DeviceManagementProviderService;
 import org.wso2.carbon.tomcat.ext.valves.CarbonTomcatValve;
 import org.wso2.carbon.tomcat.ext.valves.TomcatValveContainer;
 import org.wso2.carbon.user.core.service.RealmService;
@@ -31,7 +30,7 @@ import org.wso2.carbon.webapp.authenticator.framework.DataHolder;
 import org.wso2.carbon.webapp.authenticator.framework.WebappAuthenticationHandler;
 import org.wso2.carbon.webapp.authenticator.framework.authenticator.WebappAuthenticator;
 import org.wso2.carbon.webapp.authenticator.framework.WebappAuthenticatorRepository;
-import org.wso2.carbon.webapp.authenticator.framework.authorizer.PermissionAuthorizerValve;
+import org.wso2.carbon.webapp.authenticator.framework.authorizer.PermissionAuthorizationValve;
 import org.wso2.carbon.webapp.authenticator.framework.config.AuthenticatorConfig;
 import org.wso2.carbon.webapp.authenticator.framework.config.WebappAuthenticatorConfig;
 
@@ -87,7 +86,7 @@ public class WebappAuthenticatorFrameworkServiceComponent {
 
             List<CarbonTomcatValve> valves = new ArrayList<CarbonTomcatValve>();
             valves.add(new WebappAuthenticationHandler());
-            valves.add(new PermissionAuthorizerValve());
+            valves.add(new PermissionAuthorizationValve());
             TomcatValveContainer.addValves(valves);
 
             if (log.isDebugEnabled()) {