diff --git a/components/extensions/cdmf-transport-adapters/output/org.wso2.carbon.device.mgt.output.adapter.websocket/src/main/java/org/wso2/carbon/device/mgt/output/adapter/websocket/authorization/DeviceAuthorizer.java b/components/extensions/cdmf-transport-adapters/output/org.wso2.carbon.device.mgt.output.adapter.websocket/src/main/java/org/wso2/carbon/device/mgt/output/adapter/websocket/authorization/DeviceAuthorizer.java index 23561e7fb..f02470625 100644 --- a/components/extensions/cdmf-transport-adapters/output/org.wso2.carbon.device.mgt.output.adapter.websocket/src/main/java/org/wso2/carbon/device/mgt/output/adapter/websocket/authorization/DeviceAuthorizer.java +++ b/components/extensions/cdmf-transport-adapters/output/org.wso2.carbon.device.mgt.output.adapter.websocket/src/main/java/org/wso2/carbon/device/mgt/output/adapter/websocket/authorization/DeviceAuthorizer.java @@ -96,7 +96,7 @@ public class DeviceAuthorizer implements Authorizer { } } } catch (FeignException e) { - //do nothing + logger.error(e.getMessage(), e); } } return false; @@ -110,7 +110,7 @@ public class DeviceAuthorizer implements Authorizer { break; } } - if (deviceMgtServerUrl == null && deviceMgtServerUrl.isEmpty()) { + if (deviceMgtServerUrl == null || deviceMgtServerUrl.isEmpty()) { logger.error("deviceMgtServerUrl can't be empty "); } return deviceMgtServerUrl; diff --git a/components/extensions/cdmf-transport-adapters/output/org.wso2.carbon.device.mgt.output.adapter.websocket/src/main/java/org/wso2/carbon/device/mgt/output/adapter/websocket/authorization/client/OAuthRequestInterceptor.java b/components/extensions/cdmf-transport-adapters/output/org.wso2.carbon.device.mgt.output.adapter.websocket/src/main/java/org/wso2/carbon/device/mgt/output/adapter/websocket/authorization/client/OAuthRequestInterceptor.java index 4803c73ea..068f3e34c 100755 --- a/components/extensions/cdmf-transport-adapters/output/org.wso2.carbon.device.mgt.output.adapter.websocket/src/main/java/org/wso2/carbon/device/mgt/output/adapter/websocket/authorization/client/OAuthRequestInterceptor.java +++ b/components/extensions/cdmf-transport-adapters/output/org.wso2.carbon.device.mgt.output.adapter.websocket/src/main/java/org/wso2/carbon/device/mgt/output/adapter/websocket/authorization/client/OAuthRequestInterceptor.java @@ -41,7 +41,7 @@ public class OAuthRequestInterceptor implements RequestInterceptor { private long refreshTimeOffset; private static final String API_APPLICATION_REGISTRATION_CONTEXT = "/api-application-registration"; private static final String DEVICE_MANAGEMENT_SERVICE_TAG[] = {"device_management"}; - private static final String APPLICATION_NAME = "mqtt_broker"; + private static final String APPLICATION_NAME = "websocket-app"; private static final String PASSWORD_GRANT_TYPE = "password"; private static final String REFRESH_GRANT_TYPE = "refresh_token"; private ApiApplicationRegistrationService apiApplicationRegistrationService; @@ -93,9 +93,11 @@ public class OAuthRequestInterceptor implements RequestInterceptor { .contract(new JAXRSContract()).encoder(new GsonEncoder()).decoder(new GsonDecoder()) .target(TokenIssuerService.class, tokenEndpoint); tokenInfo = tokenIssuerService.getToken(PASSWORD_GRANT_TYPE, username, password); + tokenInfo.setExpires_in(System.currentTimeMillis() + tokenInfo.getExpires_in()); } if (System.currentTimeMillis() + refreshTimeOffset > tokenInfo.getExpires_in()) { tokenInfo = tokenIssuerService.getToken(REFRESH_GRANT_TYPE, tokenInfo.getRefresh_token()); + tokenInfo.setExpires_in(System.currentTimeMillis() + tokenInfo.getExpires_in()); } String headerValue = "Bearer " + tokenInfo.getAccess_token(); template.header("Authorization", headerValue); diff --git a/components/extensions/cdmf-transport-adapters/output/org.wso2.carbon.device.mgt.output.adapter.websocket/src/main/java/org/wso2/carbon/device/mgt/output/adapter/websocket/authorization/client/dto/ApiApplicationRegistrationService.java b/components/extensions/cdmf-transport-adapters/output/org.wso2.carbon.device.mgt.output.adapter.websocket/src/main/java/org/wso2/carbon/device/mgt/output/adapter/websocket/authorization/client/dto/ApiApplicationRegistrationService.java index 70ace0ef4..53bfd55db 100755 --- a/components/extensions/cdmf-transport-adapters/output/org.wso2.carbon.device.mgt.output.adapter.websocket/src/main/java/org/wso2/carbon/device/mgt/output/adapter/websocket/authorization/client/dto/ApiApplicationRegistrationService.java +++ b/components/extensions/cdmf-transport-adapters/output/org.wso2.carbon.device.mgt.output.adapter.websocket/src/main/java/org/wso2/carbon/device/mgt/output/adapter/websocket/authorization/client/dto/ApiApplicationRegistrationService.java @@ -1,3 +1,16 @@ +/* + * Copyright (c) 2016, WSO2 Inc. (http://www.wso2.org) All Rights Reserved. + * + * Licensed under the Apache License, Version 2.0 (the "License"); + * you may not use this file except in compliance with the License. + * You may obtain a copy of the License at + * http://www.apache.org/licenses/LICENSE-2.0 + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and limitations under the License. + * + */ package org.wso2.carbon.device.mgt.output.adapter.websocket.authorization.client.dto; import javax.ws.rs.Consumes; diff --git a/components/extensions/cdmf-transport-adapters/output/org.wso2.carbon.device.mgt.output.adapter.websocket/src/main/java/org/wso2/carbon/device/mgt/output/adapter/websocket/authorization/client/dto/AuthorizationRequest.java b/components/extensions/cdmf-transport-adapters/output/org.wso2.carbon.device.mgt.output.adapter.websocket/src/main/java/org/wso2/carbon/device/mgt/output/adapter/websocket/authorization/client/dto/AuthorizationRequest.java index b8d5afbb8..2ca2821bb 100644 --- a/components/extensions/cdmf-transport-adapters/output/org.wso2.carbon.device.mgt.output.adapter.websocket/src/main/java/org/wso2/carbon/device/mgt/output/adapter/websocket/authorization/client/dto/AuthorizationRequest.java +++ b/components/extensions/cdmf-transport-adapters/output/org.wso2.carbon.device.mgt.output.adapter.websocket/src/main/java/org/wso2/carbon/device/mgt/output/adapter/websocket/authorization/client/dto/AuthorizationRequest.java @@ -1,3 +1,16 @@ +/* + * Copyright (c) 2016, WSO2 Inc. (http://www.wso2.org) All Rights Reserved. + * + * Licensed under the Apache License, Version 2.0 (the "License"); + * you may not use this file except in compliance with the License. + * You may obtain a copy of the License at + * http://www.apache.org/licenses/LICENSE-2.0 + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and limitations under the License. + * + */ package org.wso2.carbon.device.mgt.output.adapter.websocket.authorization.client.dto; import java.util.List; diff --git a/components/extensions/cdmf-transport-adapters/output/org.wso2.carbon.device.mgt.output.adapter.websocket/src/main/java/org/wso2/carbon/device/mgt/output/adapter/websocket/authorization/client/dto/RegistrationProfile.java b/components/extensions/cdmf-transport-adapters/output/org.wso2.carbon.device.mgt.output.adapter.websocket/src/main/java/org/wso2/carbon/device/mgt/output/adapter/websocket/authorization/client/dto/RegistrationProfile.java index 4ab595fba..c1fb9988d 100755 --- a/components/extensions/cdmf-transport-adapters/output/org.wso2.carbon.device.mgt.output.adapter.websocket/src/main/java/org/wso2/carbon/device/mgt/output/adapter/websocket/authorization/client/dto/RegistrationProfile.java +++ b/components/extensions/cdmf-transport-adapters/output/org.wso2.carbon.device.mgt.output.adapter.websocket/src/main/java/org/wso2/carbon/device/mgt/output/adapter/websocket/authorization/client/dto/RegistrationProfile.java @@ -1,3 +1,16 @@ +/* + * Copyright (c) 2016, WSO2 Inc. (http://www.wso2.org) All Rights Reserved. + * + * Licensed under the Apache License, Version 2.0 (the "License"); + * you may not use this file except in compliance with the License. + * You may obtain a copy of the License at + * http://www.apache.org/licenses/LICENSE-2.0 + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and limitations under the License. + * + */ package org.wso2.carbon.device.mgt.output.adapter.websocket.authorization.client.dto; diff --git a/components/extensions/cdmf-transport-adapters/output/org.wso2.carbon.device.mgt.output.adapter.websocket/src/main/java/org/wso2/carbon/device/mgt/output/adapter/websocket/authorization/client/dto/TokenIssuerService.java b/components/extensions/cdmf-transport-adapters/output/org.wso2.carbon.device.mgt.output.adapter.websocket/src/main/java/org/wso2/carbon/device/mgt/output/adapter/websocket/authorization/client/dto/TokenIssuerService.java index 6ecde4ca3..9680d50f9 100755 --- a/components/extensions/cdmf-transport-adapters/output/org.wso2.carbon.device.mgt.output.adapter.websocket/src/main/java/org/wso2/carbon/device/mgt/output/adapter/websocket/authorization/client/dto/TokenIssuerService.java +++ b/components/extensions/cdmf-transport-adapters/output/org.wso2.carbon.device.mgt.output.adapter.websocket/src/main/java/org/wso2/carbon/device/mgt/output/adapter/websocket/authorization/client/dto/TokenIssuerService.java @@ -11,9 +11,22 @@ * See the License for the specific language governing permissions and limitations under the License. * */ - +/* + * Copyright (c) 2016, WSO2 Inc. (http://www.wso2.org) All Rights Reserved. + * + * Licensed under the Apache License, Version 2.0 (the "License"); + * you may not use this file except in compliance with the License. + * You may obtain a copy of the License at + * http://www.apache.org/licenses/LICENSE-2.0 + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and limitations under the License. + * + */ package org.wso2.carbon.device.mgt.output.adapter.websocket.authorization.client.dto; +import javax.ws.rs.Consumes; import javax.ws.rs.POST; import javax.ws.rs.Path; import javax.ws.rs.Produces; @@ -28,10 +41,12 @@ public interface TokenIssuerService { @POST @Produces(MediaType.APPLICATION_JSON) + @Consumes(MediaType.APPLICATION_FORM_URLENCODED) AccessTokenInfo getToken(@QueryParam("grant_type") String grant, @QueryParam("username") String username, @QueryParam("password") String password); @POST @Produces(MediaType.APPLICATION_JSON) + @Consumes(MediaType.APPLICATION_FORM_URLENCODED) AccessTokenInfo getToken(@QueryParam("grant_type") String grant, @QueryParam("refresh_token") String refreshToken); -} +} \ No newline at end of file diff --git a/components/extensions/mb-extensions/org.wso2.carbon.andes.extensions.device.mgt.mqtt.authorization/src/main/java/org/wso2/carbon/andes/extensions/device/mgt/mqtt/authorization/DeviceAccessBasedMQTTAuthorizer.java b/components/extensions/mb-extensions/org.wso2.carbon.andes.extensions.device.mgt.mqtt.authorization/src/main/java/org/wso2/carbon/andes/extensions/device/mgt/mqtt/authorization/DeviceAccessBasedMQTTAuthorizer.java index 5c3e60c28..d64a77b0b 100644 --- a/components/extensions/mb-extensions/org.wso2.carbon.andes.extensions.device.mgt.mqtt.authorization/src/main/java/org/wso2/carbon/andes/extensions/device/mgt/mqtt/authorization/DeviceAccessBasedMQTTAuthorizer.java +++ b/components/extensions/mb-extensions/org.wso2.carbon.andes.extensions.device.mgt.mqtt.authorization/src/main/java/org/wso2/carbon/andes/extensions/device/mgt/mqtt/authorization/DeviceAccessBasedMQTTAuthorizer.java @@ -50,7 +50,7 @@ import java.util.List; import java.util.concurrent.TimeUnit; /** - * Authorize the connecting users against Carbon Permission Model. Intended usage is + * Authorize the connecting users against CDMF. Intended usage is * via providing fully qualified class name in broker.xml *
* This is just a simple authorization model. For dynamic topics use an implementation based on IAuthorizer @@ -83,71 +83,79 @@ public class DeviceAccessBasedMQTTAuthorizer implements IAuthorizer { @Override public boolean isAuthorizedForTopic(MQTTAuthorizationSubject authorizationSubject, String topic, MQTTAuthoriztionPermissionLevel permissionLevel) { - String topics[] = topic.split("/"); - String tenantDomainFromTopic = topics[0]; - if (!tenantDomainFromTopic.equals(authorizationSubject.getTenantDomain())) { - return false; - } - if (topics.length < 3) { + PrivilegedCarbonContext.startTenantFlow(); + PrivilegedCarbonContext.getThreadLocalCarbonContext().setTenantDomain( + MultitenantConstants.SUPER_TENANT_DOMAIN_NAME, true); + try { + String topics[] = topic.split("/"); + String tenantDomainFromTopic = topics[0]; + if (!tenantDomainFromTopic.equals(authorizationSubject.getTenantDomain())) { + return false; + } + if (topics.length < 3) { + AuthorizationCacheKey authorizationCacheKey = new AuthorizationCacheKey(tenantDomainFromTopic + , authorizationSubject.getUsername(), "", ""); + if (cache.get(authorizationCacheKey) != null && cache.get(authorizationCacheKey)) { + return true; + } + AuthorizationRequest authorizationRequest = new AuthorizationRequest(); + authorizationRequest.setTenantDomain(tenantDomainFromTopic); + try { + DeviceAuthorizationResult deviceAuthorizationResult = + deviceAccessAuthorizationAdminService.isAuthorized(authorizationRequest); + if (deviceAuthorizationResult != null) { + cache.put(authorizationCacheKey, true); + return true; + } + return false; + } catch (FeignException e) { + logger.error(e.getMessage(), e); + return false; + } + } + String deviceType = topics[1]; + String deviceId = topics[2]; AuthorizationCacheKey authorizationCacheKey = new AuthorizationCacheKey(tenantDomainFromTopic - ,authorizationSubject.getUsername(), "", ""); - if (cache.get(authorizationCacheKey)) { + , authorizationSubject.getUsername(), deviceId, deviceType); + if (cache.get(authorizationCacheKey) != null && cache.get(authorizationCacheKey)) { return true; } + + List