diff --git a/components/apimgt-extensions/org.wso2.carbon.apimgt.annotations/src/main/java/org/wso2/carbon/apimgt/annotations/api/Permission.java b/components/apimgt-extensions/org.wso2.carbon.apimgt.annotations/src/main/java/org/wso2/carbon/apimgt/annotations/api/Scope.java
similarity index 80%
rename from components/apimgt-extensions/org.wso2.carbon.apimgt.annotations/src/main/java/org/wso2/carbon/apimgt/annotations/api/Permission.java
rename to components/apimgt-extensions/org.wso2.carbon.apimgt.annotations/src/main/java/org/wso2/carbon/apimgt/annotations/api/Scope.java
index 65ade5cc3a..9e0068635b 100644
--- a/components/apimgt-extensions/org.wso2.carbon.apimgt.annotations/src/main/java/org/wso2/carbon/apimgt/annotations/api/Permission.java
+++ b/components/apimgt-extensions/org.wso2.carbon.apimgt.annotations/src/main/java/org/wso2/carbon/apimgt/annotations/api/Scope.java
@@ -28,18 +28,24 @@ import java.lang.annotation.Target;
*/
@Target(ElementType.METHOD)
@Retention(RetentionPolicy.RUNTIME)
-public @interface Permission {
+public @interface Scope {
+
+ /**
+ * Represents the scope key which should be unique.
+ * @return Returns scope key.
+ */
+ String key();
/**
* Represents the scope name.
* @return Returns scope name.
*/
- String scope();
+ String name();
/**
- * Represents the associated permissions.
- * @return Returns list of permissions.
+ * Represents the scope description.
+ * @return Returns scope description.
*/
- String[] permissions();
+ String description();
}
diff --git a/components/apimgt-extensions/org.wso2.carbon.apimgt.webapp.publisher/pom.xml b/components/apimgt-extensions/org.wso2.carbon.apimgt.webapp.publisher/pom.xml
index 21338e0129..3a565f1762 100644
--- a/components/apimgt-extensions/org.wso2.carbon.apimgt.webapp.publisher/pom.xml
+++ b/components/apimgt-extensions/org.wso2.carbon.apimgt.webapp.publisher/pom.xml
@@ -107,6 +107,10 @@
javax.ws.rs
javax.ws.rs-api
+
+ org.wso2.carbon.devicemgt
+ org.wso2.carbon.device.mgt.common
+
diff --git a/components/apimgt-extensions/org.wso2.carbon.apimgt.webapp.publisher/src/main/java/org/wso2/carbon/apimgt/webapp/publisher/APIPublisherUtil.java b/components/apimgt-extensions/org.wso2.carbon.apimgt.webapp.publisher/src/main/java/org/wso2/carbon/apimgt/webapp/publisher/APIPublisherUtil.java
index 3a2385d67c..289037e58e 100644
--- a/components/apimgt-extensions/org.wso2.carbon.apimgt.webapp.publisher/src/main/java/org/wso2/carbon/apimgt/webapp/publisher/APIPublisherUtil.java
+++ b/components/apimgt-extensions/org.wso2.carbon.apimgt.webapp.publisher/src/main/java/org/wso2/carbon/apimgt/webapp/publisher/APIPublisherUtil.java
@@ -18,7 +18,6 @@
package org.wso2.carbon.apimgt.webapp.publisher;
-import org.apache.commons.lang.StringUtils;
import org.apache.commons.logging.Log;
import org.apache.commons.logging.LogFactory;
import org.wso2.carbon.apimgt.api.APIManagementException;
@@ -30,6 +29,10 @@ import org.wso2.carbon.apimgt.webapp.publisher.config.APIResourceConfiguration;
import org.wso2.carbon.apimgt.webapp.publisher.config.WebappPublisherConfig;
import org.wso2.carbon.base.MultitenantConstants;
import org.wso2.carbon.core.util.Utils;
+import org.wso2.carbon.device.mgt.common.scope.mgt.ScopeManagementException;
+import org.wso2.carbon.device.mgt.common.scope.mgt.ScopeManagementService;
+import org.wso2.carbon.user.api.UserRealm;
+import org.wso2.carbon.user.api.UserStoreException;
import javax.servlet.ServletContext;
import java.util.*;
@@ -121,16 +124,18 @@ public class APIPublisherUtil {
if (scope != null) {
if (apiScopes.get(scope.getKey()) == null) {
apiScopes.put(scope.getKey(), scope);
- } else {
- existingScope = apiScopes.get(scope.getKey());
- existingPermissions = existingScope.getRoles();
- existingPermissions = getDistinctPermissions(existingPermissions + "," + scope.getRoles());
- existingScope.setRoles(existingPermissions);
- apiScopes.put(scope.getKey(), existingScope);
}
}
}
Set scopes = new HashSet<>(apiScopes.values());
+ // adding existing persisted roles to the scopes
+ try {
+ setExistingRoles(scopes);
+ } catch (ScopeManagementException | UserStoreException e) {
+ throw new APIManagementException("Error occurred while retrieving roles for the existing scopes");
+ }
+
+ // set current scopes to API
api.setScopes(scopes);
// this has to be done because of the use of pass by reference
@@ -307,9 +312,34 @@ public class APIPublisherUtil {
return apiConfig;
}
- private static String getDistinctPermissions(String permissions) {
- String[] unique = new HashSet(Arrays.asList(permissions.split(","))).toArray(new String[0]);
- return StringUtils.join(unique, ",");
+ /**
+ * This method is used to set the existing roles of the given scope.
+ *
+ * @param scopes List of scopes.
+ * @throws ScopeManagementException
+ */
+ private static void setExistingRoles(Set scopes) throws ScopeManagementException, UserStoreException {
+ String scopeKey;
+ String roles;
+ ScopeManagementService scopeManagementService = WebappPublisherUtil.getScopeManagementService();
+ UserRealm userRealm = WebappPublisherUtil.getUserRealm();
+
+ if (scopeManagementService == null) {
+ throw new ScopeManagementException("Error occurred while initializing scope management service");
+ } else if (userRealm == null) {
+ throw new UserStoreException("Error occurred while initializing realm service");
+ } else {
+ String adminRole = userRealm.getRealmConfiguration().getAdminRoleName();
+ for (Scope scope : scopes) {
+ scopeKey = scope.getKey();
+ roles = scopeManagementService.getRolesOfScope(scopeKey);
+ if (roles == null) {
+ roles = adminRole;
+ }
+ scope.setRoles(roles);
+
+ }
+ }
}
}
diff --git a/components/apimgt-extensions/org.wso2.carbon.apimgt.webapp.publisher/src/main/java/org/wso2/carbon/apimgt/webapp/publisher/WebappPublisherUtil.java b/components/apimgt-extensions/org.wso2.carbon.apimgt.webapp.publisher/src/main/java/org/wso2/carbon/apimgt/webapp/publisher/WebappPublisherUtil.java
index 17e2edb9a8..ca2f0cba13 100644
--- a/components/apimgt-extensions/org.wso2.carbon.apimgt.webapp.publisher/src/main/java/org/wso2/carbon/apimgt/webapp/publisher/WebappPublisherUtil.java
+++ b/components/apimgt-extensions/org.wso2.carbon.apimgt.webapp.publisher/src/main/java/org/wso2/carbon/apimgt/webapp/publisher/WebappPublisherUtil.java
@@ -18,7 +18,16 @@
package org.wso2.carbon.apimgt.webapp.publisher;
+import org.apache.commons.logging.Log;
+import org.apache.commons.logging.LogFactory;
import org.w3c.dom.Document;
+import org.wso2.carbon.context.CarbonContext;
+import org.wso2.carbon.context.PrivilegedCarbonContext;
+import org.wso2.carbon.device.mgt.common.scope.mgt.ScopeManagementService;
+import org.wso2.carbon.user.api.UserRealm;
+import org.wso2.carbon.user.api.UserStoreException;
+import org.wso2.carbon.user.api.UserStoreManager;
+import org.wso2.carbon.user.core.service.RealmService;
import javax.xml.XMLConstants;
import javax.xml.parsers.DocumentBuilder;
@@ -31,6 +40,10 @@ import java.io.File;
*/
public class WebappPublisherUtil {
+ private static Log log = LogFactory.getLog(WebappPublisherUtil.class);
+ private static final int CARBON_SUPER = -1234;
+
+
public static Document convertToDocument(File file) throws WebappPublisherConfigurationFailedException {
DocumentBuilderFactory factory = DocumentBuilderFactory.newInstance();
factory.setNamespaceAware(true);
@@ -44,4 +57,32 @@ public class WebappPublisherUtil {
}
}
+ public static ScopeManagementService getScopeManagementService() {
+ PrivilegedCarbonContext ctx = PrivilegedCarbonContext.getThreadLocalCarbonContext();
+ ScopeManagementService scopeManagementService =
+ (ScopeManagementService) ctx.getOSGiService(ScopeManagementService.class, null);
+ if (scopeManagementService == null) {
+ String msg = "Scope Management Service has not been initialized.";
+ log.error(msg);
+ throw new IllegalStateException(msg);
+ }
+ return scopeManagementService;
+ }
+
+ /**
+ * Getting the current tenant's user realm
+ */
+ public static UserRealm getUserRealm() throws UserStoreException {
+ RealmService realmService;
+ UserRealm realm;
+ PrivilegedCarbonContext ctx = PrivilegedCarbonContext.getThreadLocalCarbonContext();
+ realmService = (RealmService) ctx.getOSGiService(RealmService.class, null);
+
+ if (realmService == null) {
+ throw new IllegalStateException("Realm service not initialized");
+ }
+ realm = realmService.getTenantUserRealm(CARBON_SUPER);
+ return realm;
+ }
+
}
diff --git a/components/apimgt-extensions/org.wso2.carbon.apimgt.webapp.publisher/src/main/java/org/wso2/carbon/apimgt/webapp/publisher/config/PermissionConfiguration.java b/components/apimgt-extensions/org.wso2.carbon.apimgt.webapp.publisher/src/main/java/org/wso2/carbon/apimgt/webapp/publisher/config/PermissionConfiguration.java
deleted file mode 100644
index 7d16d198b9..0000000000
--- a/components/apimgt-extensions/org.wso2.carbon.apimgt.webapp.publisher/src/main/java/org/wso2/carbon/apimgt/webapp/publisher/config/PermissionConfiguration.java
+++ /dev/null
@@ -1,45 +0,0 @@
-/*
- * Copyright (c) 2016, WSO2 Inc. (http://www.wso2.org) All Rights Reserved.
- *
- * WSO2 Inc. licenses this file to you under the Apache License,
- * Version 2.0 (the "License"); you may not use this file except
- * in compliance with the License.
- * You may obtain a copy of the License at
- *
- * http://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing,
- * software distributed under the License is distributed on an
- * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
- * KIND, either express or implied. See the License for the
- * specific language governing permissions and limitations
- * under the License.
- */
-
-package org.wso2.carbon.apimgt.webapp.publisher.config;
-
-/**
- * This class represents the information related to permissions.
- */
-public class PermissionConfiguration {
-
- private String scopeName;
- private String[] permissions;
-
- public String getScopeName() {
- return scopeName;
- }
-
- public void setScopeName(String scope) {
- this.scopeName = scope;
- }
-
- public String[] getPermissions() {
- return permissions;
- }
-
- public void setPermissions(String[] permissions) {
- this.permissions = permissions;
- }
-
-}
diff --git a/components/apimgt-extensions/org.wso2.carbon.apimgt.webapp.publisher/src/main/java/org/wso2/carbon/apimgt/webapp/publisher/config/PermissionManagementException.java b/components/apimgt-extensions/org.wso2.carbon.apimgt.webapp.publisher/src/main/java/org/wso2/carbon/apimgt/webapp/publisher/config/PermissionManagementException.java
deleted file mode 100644
index 651c285723..0000000000
--- a/components/apimgt-extensions/org.wso2.carbon.apimgt.webapp.publisher/src/main/java/org/wso2/carbon/apimgt/webapp/publisher/config/PermissionManagementException.java
+++ /dev/null
@@ -1,60 +0,0 @@
-/*
- * Copyright (c) 2015, WSO2 Inc. (http://www.wso2.org) All Rights Reserved.
- *
- * WSO2 Inc. licenses this file to you under the Apache License,
- * Version 2.0 (the "License"); you may not use this file except
- * in compliance with the License.
- * you may obtain a copy of the License at
- *
- * http://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing,
- * software distributed under the License is distributed on an
- * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
- * KIND, either express or implied. See the License for the
- * specific language governing permissions and limitations
- * under the License.
- */
-package org.wso2.carbon.apimgt.webapp.publisher.config;
-
-/**
- * Custom exception class of Permission related operations.
- */
-public class PermissionManagementException extends Exception {
-
- private static final long serialVersionUID = -3151279311929070298L;
-
- private String errorMessage;
-
- public String getErrorMessage() {
- return errorMessage;
- }
-
- public void setErrorMessage(String errorMessage) {
- this.errorMessage = errorMessage;
- }
-
- public PermissionManagementException(String msg, Exception nestedEx) {
- super(msg, nestedEx);
- setErrorMessage(msg);
- }
-
- public PermissionManagementException(String message, Throwable cause) {
- super(message, cause);
- setErrorMessage(message);
- }
-
- public PermissionManagementException(String msg) {
- super(msg);
- setErrorMessage(msg);
- }
-
- public PermissionManagementException() {
- super();
- }
-
- public PermissionManagementException(Throwable cause) {
- super(cause);
- }
-
-}
diff --git a/components/apimgt-extensions/org.wso2.carbon.apimgt.webapp.publisher/src/main/java/org/wso2/carbon/apimgt/webapp/publisher/lifecycle/util/AnnotationProcessor.java b/components/apimgt-extensions/org.wso2.carbon.apimgt.webapp.publisher/src/main/java/org/wso2/carbon/apimgt/webapp/publisher/lifecycle/util/AnnotationProcessor.java
index 0e8550c941..bc4bf85724 100644
--- a/components/apimgt-extensions/org.wso2.carbon.apimgt.webapp.publisher/src/main/java/org/wso2/carbon/apimgt/webapp/publisher/lifecycle/util/AnnotationProcessor.java
+++ b/components/apimgt-extensions/org.wso2.carbon.apimgt.webapp.publisher/src/main/java/org/wso2/carbon/apimgt/webapp/publisher/lifecycle/util/AnnotationProcessor.java
@@ -19,20 +19,13 @@
package org.wso2.carbon.apimgt.webapp.publisher.lifecycle.util;
import org.apache.catalina.core.StandardContext;
-import org.apache.commons.lang.ArrayUtils;
import org.apache.commons.lang.StringUtils;
import org.apache.commons.logging.Log;
import org.apache.commons.logging.LogFactory;
-import org.scannotation.AnnotationDB;
-import org.scannotation.WarUrlFinder;
import org.wso2.carbon.apimgt.annotations.api.API;
-import org.wso2.carbon.apimgt.annotations.api.Permission;
-import org.wso2.carbon.apimgt.api.model.Scope;
import org.wso2.carbon.apimgt.webapp.publisher.APIPublisherUtil;
import org.wso2.carbon.apimgt.webapp.publisher.config.APIResource;
import org.wso2.carbon.apimgt.webapp.publisher.config.APIResourceConfiguration;
-import org.wso2.carbon.apimgt.webapp.publisher.config.PermissionConfiguration;
-import org.wso2.carbon.apimgt.webapp.publisher.config.PermissionManagementException;
import javax.servlet.ServletContext;
import javax.ws.rs.*;
@@ -61,11 +54,9 @@ public class AnnotationProcessor {
private static final String WILD_CARD = "/*";
private static final String AUTH_TYPE = "Any";
- private static final String PROTOCOL_HTTP = "http";
- private static final String SERVER_HOST = "carbon.local.ip";
- private static final String HTTP_PORT = "httpPort";
private static final String STRING_ARR = "string_arr";
private static final String STRING = "string";
+
Class apiClazz;
private StandardContext context;
private Method[] pathClazzMethods;
@@ -75,7 +66,6 @@ public class AnnotationProcessor {
public AnnotationProcessor(final StandardContext context) {
- this.context = context;
servletContext = context.getServletContext();
classLoader = servletContext.getClassLoader();
}
@@ -141,7 +131,7 @@ public class AnnotationProcessor {
pathClazzMethods = pathClazz.getMethods();
Annotation rootContectAnno = clazz.getAnnotation(pathClazz);
- String subContext = "";
+ String subContext;
if (rootContectAnno != null) {
subContext = invokeMethod(pathClazzMethods[0], rootContectAnno, STRING);
if (subContext != null && !subContext.isEmpty()) {
@@ -150,8 +140,6 @@ public class AnnotationProcessor {
} else {
rootContext = rootContext + "/" + subContext;
}
- } else {
- subContext = "";
}
if (log.isDebugEnabled()) {
log.debug("API Root Context = " + rootContext);
@@ -166,7 +154,7 @@ public class AnnotationProcessor {
}
}
} catch (ClassNotFoundException e) {
- log.error("Error when passing the api annotation for device type apis.");
+ log.error("Error when passing the api annotation for device type apis.", e);
}
return apiResourceConfig;
}
@@ -251,15 +239,9 @@ public class AnnotationProcessor {
Annotation producesAnno = method.getAnnotation(producesClass);
resource.setProduces(invokeMethod(producesClassMethods[0], producesAnno, STRING_ARR));
}
- if (annotations[i].annotationType().getName().equals(Permission.class.getName())) {
- PermissionConfiguration permissionConf = this.getPermission(method);
- if (permissionConf != null) {
- Scope scope = new Scope();
- scope.setKey(permissionConf.getScopeName());
- scope.setDescription(permissionConf.getScopeName());
- scope.setName(permissionConf.getScopeName());
- String roles = StringUtils.join(permissionConf.getPermissions(), ",");
- scope.setRoles(roles);
+ if (annotations[i].annotationType().getName().equals(org.wso2.carbon.apimgt.annotations.api.Scope.class.getName())) {
+ org.wso2.carbon.apimgt.api.model.Scope scope = this.getScope(method);
+ if (scope != null) {
resource.setScope(scope);
}
}
@@ -357,35 +339,32 @@ public class AnnotationProcessor {
return ((String[]) methodHandler.invoke(annotation, method, null));
}
- private PermissionConfiguration getPermission(Method currentMethod) throws Throwable {
- Class permissionClass = (Class) classLoader.loadClass(Permission.class.getName());
- Annotation permissionAnnotation = currentMethod.getAnnotation(permissionClass);
- if (permissionClass != null) {
- Method[] permissionClassMethods = permissionClass.getMethods();
- PermissionConfiguration permissionConf = new PermissionConfiguration();
+ private org.wso2.carbon.apimgt.api.model.Scope getScope(Method currentMethod) throws Throwable {
+ Class scopeClass =
+ (Class) classLoader.
+ loadClass(org.wso2.carbon.apimgt.annotations.api.Scope.class.getName());
+ Annotation permissionAnnotation = currentMethod.getAnnotation(scopeClass);
+ if (scopeClass != null) {
+ Method[] permissionClassMethods = scopeClass.getMethods();
+ org.wso2.carbon.apimgt.api.model.Scope scope = new org.wso2.carbon.apimgt.api.model.Scope();
for (Method method : permissionClassMethods) {
switch (method.getName()) {
- case "scope":
- permissionConf.setScopeName(invokeMethod(method, permissionAnnotation, STRING));
+ case "key":
+ scope.setKey(invokeMethod(method, permissionAnnotation, STRING));
+ break;
+ case "name":
+ scope.setName(invokeMethod(method, permissionAnnotation, STRING));
break;
- case "permissions":
- String permissions[] = invokeMethod(method, permissionAnnotation);
- this.addPermission(permissions);
- permissionConf.setPermissions(permissions);
+ case "description":
+ scope.setDescription(invokeMethod(method, permissionAnnotation, STRING));
break;
}
}
- return permissionConf;
+ return scope;
}
return null;
}
- private void addPermission(String[] permissions) throws PermissionManagementException {
- for (String permission : permissions) {
- PermissionUtils.addPermission(permission);
- }
- }
-
/**
* Find the URL pointing to "/WEB-INF/classes" This method may not work in conjunction with IteratorFactory
* if your servlet container does not extract the /WEB-INF/classes into a real file-based directory
diff --git a/components/apimgt-extensions/org.wso2.carbon.apimgt.webapp.publisher/src/main/java/org/wso2/carbon/apimgt/webapp/publisher/lifecycle/util/ExtendedIteratorFactory.java b/components/apimgt-extensions/org.wso2.carbon.apimgt.webapp.publisher/src/main/java/org/wso2/carbon/apimgt/webapp/publisher/lifecycle/util/ExtendedIteratorFactory.java
index a62a58f733..e20b4ba467 100644
--- a/components/apimgt-extensions/org.wso2.carbon.apimgt.webapp.publisher/src/main/java/org/wso2/carbon/apimgt/webapp/publisher/lifecycle/util/ExtendedIteratorFactory.java
+++ b/components/apimgt-extensions/org.wso2.carbon.apimgt.webapp.publisher/src/main/java/org/wso2/carbon/apimgt/webapp/publisher/lifecycle/util/ExtendedIteratorFactory.java
@@ -15,6 +15,7 @@
*/
package org.wso2.carbon.apimgt.webapp.publisher.lifecycle.util;
+
import org.scannotation.archiveiterator.DirectoryIteratorFactory;
import org.scannotation.archiveiterator.Filter;
import org.scannotation.archiveiterator.JarIterator;
diff --git a/components/apimgt-extensions/org.wso2.carbon.apimgt.webapp.publisher/src/main/java/org/wso2/carbon/apimgt/webapp/publisher/lifecycle/util/PermissionUtils.java b/components/apimgt-extensions/org.wso2.carbon.apimgt.webapp.publisher/src/main/java/org/wso2/carbon/apimgt/webapp/publisher/lifecycle/util/PermissionUtils.java
deleted file mode 100644
index 32c5bad855..0000000000
--- a/components/apimgt-extensions/org.wso2.carbon.apimgt.webapp.publisher/src/main/java/org/wso2/carbon/apimgt/webapp/publisher/lifecycle/util/PermissionUtils.java
+++ /dev/null
@@ -1,91 +0,0 @@
-/*
- * Copyright (c) 2015, WSO2 Inc. (http://www.wso2.org) All Rights Reserved.
- *
- * WSO2 Inc. licenses this file to you under the Apache License,
- * Version 2.0 (the "License"); you may not use this file except
- * in compliance with the License.
- * you may obtain a copy of the License at
- *
- * http://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing,
- * software distributed under the License is distributed on an
- * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
- * KIND, either express or implied. See the License for the
- * specific language governing permissions and limitations
- * under the License.
- */
-
-package org.wso2.carbon.apimgt.webapp.publisher.lifecycle.util;
-
-import org.wso2.carbon.apimgt.webapp.publisher.config.PermissionManagementException;
-import org.wso2.carbon.apimgt.webapp.publisher.internal.APIPublisherDataHolder;
-import org.wso2.carbon.context.PrivilegedCarbonContext;
-import org.wso2.carbon.registry.api.RegistryException;
-import org.wso2.carbon.registry.api.Resource;
-import org.wso2.carbon.registry.core.Registry;
-
-import java.util.StringTokenizer;
-
-/**
- * Utility class which holds necessary utility methods required for persisting permissions in
- * registry.
- */
-public class PermissionUtils {
-
- public static final String ADMIN_PERMISSION_REGISTRY_PATH = "/permission/admin";
- public static final String PERMISSION_PROPERTY_NAME = "name";
-
- public static Registry getGovernanceRegistry() throws PermissionManagementException {
- try {
- int tenantId = PrivilegedCarbonContext.getThreadLocalCarbonContext().getTenantId();
- return APIPublisherDataHolder.getInstance().getRegistryService()
- .getGovernanceSystemRegistry(
- tenantId);
- } catch (RegistryException e) {
- throw new PermissionManagementException(
- "Error in retrieving governance registry instance: " +
- e.getMessage(), e);
- }
- }
-
- public static void addPermission(String permission) throws PermissionManagementException {
- String resourcePermission = getAbsolutePermissionPath(permission);
- try {
- StringTokenizer tokenizer = new StringTokenizer(resourcePermission, "/");
- String lastToken = "", currentToken, tempPath;
- while (tokenizer.hasMoreTokens()) {
- currentToken = tokenizer.nextToken();
- tempPath = lastToken + "/" + currentToken;
- if (!checkResourceExists(tempPath)) {
- createRegistryCollection(tempPath, currentToken);
- }
- lastToken = tempPath;
- }
- } catch (RegistryException e) {
- throw new PermissionManagementException("Error occurred while persisting permission : " +
- resourcePermission, e);
- }
- }
-
- public static void createRegistryCollection(String path, String resourceName)
- throws PermissionManagementException,
- RegistryException {
- Resource resource = PermissionUtils.getGovernanceRegistry().newCollection();
- resource.addProperty(PERMISSION_PROPERTY_NAME, resourceName);
- PermissionUtils.getGovernanceRegistry().beginTransaction();
- PermissionUtils.getGovernanceRegistry().put(path, resource);
- PermissionUtils.getGovernanceRegistry().commitTransaction();
- }
-
- public static boolean checkResourceExists(String path)
- throws PermissionManagementException,
- org.wso2.carbon.registry.core.exceptions.RegistryException {
- return PermissionUtils.getGovernanceRegistry().resourceExists(path);
- }
-
- private static String getAbsolutePermissionPath(String permissionPath) {
- return PermissionUtils.ADMIN_PERMISSION_REGISTRY_PATH + permissionPath;
- }
-
-}
diff --git a/components/certificate-mgt/org.wso2.carbon.certificate.mgt.api/pom.xml b/components/certificate-mgt/org.wso2.carbon.certificate.mgt.api/pom.xml
index 714b002d9b..d55e743327 100644
--- a/components/certificate-mgt/org.wso2.carbon.certificate.mgt.api/pom.xml
+++ b/components/certificate-mgt/org.wso2.carbon.certificate.mgt.api/pom.xml
@@ -76,7 +76,7 @@
-
+
diff --git a/components/certificate-mgt/org.wso2.carbon.certificate.mgt.api/src/main/java/org/wso2/carbon/certificate/mgt/jaxrs/api/CertificateMgtService.java b/components/certificate-mgt/org.wso2.carbon.certificate.mgt.api/src/main/java/org/wso2/carbon/certificate/mgt/jaxrs/api/CertificateMgtService.java
index 96351caedd..fbb9458962 100644
--- a/components/certificate-mgt/org.wso2.carbon.certificate.mgt.api/src/main/java/org/wso2/carbon/certificate/mgt/jaxrs/api/CertificateMgtService.java
+++ b/components/certificate-mgt/org.wso2.carbon.certificate.mgt.api/src/main/java/org/wso2/carbon/certificate/mgt/jaxrs/api/CertificateMgtService.java
@@ -4,7 +4,7 @@ import io.swagger.annotations.ApiOperation;
import io.swagger.annotations.ApiParam;
import io.swagger.annotations.ApiResponse;
import io.swagger.annotations.ApiResponses;
-import org.wso2.carbon.apimgt.annotations.api.Permission;
+import org.wso2.carbon.apimgt.annotations.api.Scope;
import org.wso2.carbon.certificate.mgt.jaxrs.beans.ErrorResponse;
import javax.ws.rs.*;
@@ -46,7 +46,7 @@ public interface CertificateMgtService {
message = "Internal Server Error. \n Error occurred while retrieving signed certificate.",
response = ErrorResponse.class)
})
- @Permission(scope = "sign-csr", permissions = {"/permission/admin/device-mgt/scep/sign-csr"})
+ @Scope(key = "certificate:sign-csr", name = "Sign CSR", description = "")
Response getSignedCertFromCSR(
@ApiParam(
name = "If-Modified-Since",
diff --git a/components/certificate-mgt/org.wso2.carbon.certificate.mgt.cert.admin.api/pom.xml b/components/certificate-mgt/org.wso2.carbon.certificate.mgt.cert.admin.api/pom.xml
index f0c8147017..803d3bd954 100644
--- a/components/certificate-mgt/org.wso2.carbon.certificate.mgt.cert.admin.api/pom.xml
+++ b/components/certificate-mgt/org.wso2.carbon.certificate.mgt.cert.admin.api/pom.xml
@@ -72,7 +72,7 @@
-
+
diff --git a/components/certificate-mgt/org.wso2.carbon.certificate.mgt.cert.admin.api/src/main/java/org/wso2/carbon/certificate/mgt/cert/jaxrs/api/CertificateManagementAdminService.java b/components/certificate-mgt/org.wso2.carbon.certificate.mgt.cert.admin.api/src/main/java/org/wso2/carbon/certificate/mgt/cert/jaxrs/api/CertificateManagementAdminService.java
index 6988f31712..da1d54bc4f 100644
--- a/components/certificate-mgt/org.wso2.carbon.certificate.mgt.cert.admin.api/src/main/java/org/wso2/carbon/certificate/mgt/cert/jaxrs/api/CertificateManagementAdminService.java
+++ b/components/certificate-mgt/org.wso2.carbon.certificate.mgt.cert.admin.api/src/main/java/org/wso2/carbon/certificate/mgt/cert/jaxrs/api/CertificateManagementAdminService.java
@@ -1,7 +1,8 @@
package org.wso2.carbon.certificate.mgt.cert.jaxrs.api;
import io.swagger.annotations.*;
-import org.wso2.carbon.apimgt.annotations.api.Permission;
+import org.wso2.carbon.apimgt.annotations.api.API;
+import org.wso2.carbon.apimgt.annotations.api.Scope;
import org.wso2.carbon.certificate.mgt.cert.jaxrs.api.beans.CertificateList;
import org.wso2.carbon.certificate.mgt.cert.jaxrs.api.beans.EnrollmentCertificate;
import org.wso2.carbon.certificate.mgt.cert.jaxrs.api.beans.ErrorResponse;
@@ -11,6 +12,10 @@ import javax.ws.rs.*;
import javax.ws.rs.core.MediaType;
import javax.ws.rs.core.Response;
+@API(name = "Certificate Management", version = "1.0.0",
+ context = "api/certificate-mgt/v1.0/admin/certificates",
+ tags = {"devicemgt_admin"})
+
@Api(value = "Certificate Management", description = "This API carries all certificate management related operations " +
"such as get all the available devices, etc.")
@Path("/admin/certificates")
@@ -72,7 +77,7 @@ public interface CertificateManagementAdminService {
message = "Internal Server Error. \n Server error occurred while adding certificates.",
response = ErrorResponse.class)
})
- @Permission(scope = "certificate-modify", permissions = {"/permission/admin/device-mgt/certificate/save"})
+ @Scope(key = "certificate:manage", name = "Add certificates", description = "")
Response addCertificate(
@ApiParam(
name = "enrollmentCertificates",
@@ -130,7 +135,7 @@ public interface CertificateManagementAdminService {
"Server error occurred while retrieving information requested certificate.",
response = ErrorResponse.class)
})
- @Permission(scope = "certificate-view", permissions = {"/permission/admin/device-mgt/certificate/view"})
+ @Scope(key = "certificate:view", name = "View certificates", description = "")
Response getCertificate(
@ApiParam(name = "serialNumber",
value = "Provide the serial number of the certificate that you wish to get the details of",
@@ -202,7 +207,7 @@ public interface CertificateManagementAdminService {
"Server error occurred while retrieving all certificates enrolled in the system.",
response = ErrorResponse.class)
})
- @Permission(scope = "certificate-view", permissions = {"/permission/admin/device-mgt/certificate/view"})
+ @Scope(key = "certificate:view", name = "View certificates", description = "")
Response getAllCertificates(
@ApiParam(
name = "offset",
@@ -245,7 +250,7 @@ public interface CertificateManagementAdminService {
message = "Internal Server Error. \n " +
"Server error occurred while removing the certificate.",
response = ErrorResponse.class)})
- @Permission(scope = "certificate-modify", permissions = {"/permission/admin/device-mgt/certificate/remove"})
+ @Scope(key = "certificate:manage", name = "Add certificates", description = "")
Response removeCertificate(
@ApiParam(
name = "serialNumber",
diff --git a/components/certificate-mgt/org.wso2.carbon.certificate.mgt.cert.admin.api/src/main/webapp/WEB-INF/cxf-servlet.xml b/components/certificate-mgt/org.wso2.carbon.certificate.mgt.cert.admin.api/src/main/webapp/WEB-INF/cxf-servlet.xml
index a22b8681cd..68a07fcb86 100644
--- a/components/certificate-mgt/org.wso2.carbon.certificate.mgt.cert.admin.api/src/main/webapp/WEB-INF/cxf-servlet.xml
+++ b/components/certificate-mgt/org.wso2.carbon.certificate.mgt.cert.admin.api/src/main/webapp/WEB-INF/cxf-servlet.xml
@@ -44,7 +44,7 @@
-
+
diff --git a/components/device-mgt/org.wso2.carbon.device.mgt.api/pom.xml b/components/device-mgt/org.wso2.carbon.device.mgt.api/pom.xml
index 127e554f50..98bdddfd20 100644
--- a/components/device-mgt/org.wso2.carbon.device.mgt.api/pom.xml
+++ b/components/device-mgt/org.wso2.carbon.device.mgt.api/pom.xml
@@ -110,14 +110,17 @@
org.apache.cxf
cxf-rt-frontend-jaxws
+ provided
org.apache.cxf
cxf-rt-frontend-jaxrs
+ provided
org.apache.cxf
cxf-rt-transports-http
+ provided
junit
@@ -237,6 +240,7 @@
org.wso2.carbon.devicemgt
org.wso2.carbon.apimgt.annotations
+ provided
org.wso2.carbon.devicemgt
diff --git a/components/device-mgt/org.wso2.carbon.device.mgt.api/src/main/java/org/wso2/carbon/device/mgt/jaxrs/beans/RoleInfo.java b/components/device-mgt/org.wso2.carbon.device.mgt.api/src/main/java/org/wso2/carbon/device/mgt/jaxrs/beans/RoleInfo.java
index e62b5a4a3c..701d341133 100644
--- a/components/device-mgt/org.wso2.carbon.device.mgt.api/src/main/java/org/wso2/carbon/device/mgt/jaxrs/beans/RoleInfo.java
+++ b/components/device-mgt/org.wso2.carbon.device.mgt.api/src/main/java/org/wso2/carbon/device/mgt/jaxrs/beans/RoleInfo.java
@@ -20,7 +20,8 @@ package org.wso2.carbon.device.mgt.jaxrs.beans;
import io.swagger.annotations.ApiModel;
import io.swagger.annotations.ApiModelProperty;
-import org.wso2.carbon.user.mgt.common.UIPermissionNode;
+
+import java.util.List;
@ApiModel(value = "RoleInfo", description = "Role details including permission and the users in the roles are " +
"wrapped here.")
@@ -28,19 +29,12 @@ public class RoleInfo {
@ApiModelProperty(name = "roleName", value = "The name of the role.", required = true)
private String roleName;
- @ApiModelProperty(name = "permissions", value = "Lists out all the permissions associated with roles.",
- required = true, dataType = "List[java.lang.String]")
- private String[] permissions;
+ @ApiModelProperty(name = "scopes", value = "Lists out all the scopes associated with roles.",
+ required = true, dataType = "List[org.wso2.carbon.device.mgt.jaxrs.beans.Scope]")
+ private List scopes;
@ApiModelProperty(name = "users", value = "The list of users assigned to the selected role.",
required = true, dataType = "List[java.lang.String]")
private String[] users;
- @ApiModelProperty(name = "permissionList", value = "This contain the following, " +
- "\n resourcePath\tThe path related to the API.\n " +
- "displayName\tThe name of the permission that is shown " +
- "in the UI.\n" +
- "nodeList\tLists out the nested permissions.",
- required = true)
- private UIPermissionNode permissionList;
public String getRoleName() {
return roleName;
@@ -50,12 +44,12 @@ public class RoleInfo {
this.roleName = roleName;
}
- public String[] getPermissions() {
- return permissions;
+ public List getScopes() {
+ return scopes;
}
- public void setPermissions(String[] permissions) {
- this.permissions = permissions;
+ public void setScopes(List scopes) {
+ this.scopes = scopes;
}
public String[] getUsers() {
@@ -66,11 +60,4 @@ public class RoleInfo {
this.users = users;
}
- public UIPermissionNode getPermissionList() {
- return permissionList;
- }
-
- public void setPermissionList(UIPermissionNode permissionList) {
- this.permissionList = permissionList;
- }
}
diff --git a/components/device-mgt/org.wso2.carbon.device.mgt.api/src/main/java/org/wso2/carbon/device/mgt/jaxrs/beans/Scope.java b/components/device-mgt/org.wso2.carbon.device.mgt.api/src/main/java/org/wso2/carbon/device/mgt/jaxrs/beans/Scope.java
new file mode 100644
index 0000000000..0badaa417c
--- /dev/null
+++ b/components/device-mgt/org.wso2.carbon.device.mgt.api/src/main/java/org/wso2/carbon/device/mgt/jaxrs/beans/Scope.java
@@ -0,0 +1,71 @@
+/*
+* Copyright (c) 2014, WSO2 Inc. (http://www.wso2.org) All Rights Reserved.
+*
+* Licensed under the Apache License, Version 2.0 (the "License");
+* you may not use this file except in compliance with the License.
+* You may obtain a copy of the License at
+*
+* http://www.apache.org/licenses/LICENSE-2.0
+*
+* Unless required by applicable law or agreed to in writing, software
+* distributed under the License is distributed on an "AS IS" BASIS,
+* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+* See the License for the specific language governing permissions and
+* limitations under the License.
+*/
+package org.wso2.carbon.device.mgt.jaxrs.beans;
+
+import io.swagger.annotations.ApiModel;
+import io.swagger.annotations.ApiModelProperty;
+
+@ApiModel(value = "Scope", description = "Template of the authorization scope")
+public class Scope {
+
+ @ApiModelProperty(name = "scope key", value = "An unique string as a key.", required = true)
+ private String key;
+
+ @ApiModelProperty(name = "scope name", value = "Scope name.", required = true)
+ private String name;
+
+ @ApiModelProperty(name = "roles", value = "List of roles to be associated with the scope", required = true)
+ private String roles;
+
+ @ApiModelProperty(name = "scope description", value = "A description of the scope", required = true)
+ private String description;
+
+ public Scope() {
+ }
+
+ public String getKey() {
+ return this.key;
+ }
+
+ public void setKey(String key) {
+ this.key = key;
+ }
+
+ public String getName() {
+ return this.name;
+ }
+
+ public void setName(String name) {
+ this.name = name;
+ }
+
+ public String getRoles() {
+ return this.roles;
+ }
+
+ public void setRoles(String roles) {
+ this.roles = roles;
+ }
+
+ public String getDescription() {
+ return this.description;
+ }
+
+ public void setDescription(String description) {
+ this.description = description;
+ }
+
+}
diff --git a/components/device-mgt/org.wso2.carbon.device.mgt.api/src/main/java/org/wso2/carbon/device/mgt/jaxrs/service/api/ActivityInfoProviderService.java b/components/device-mgt/org.wso2.carbon.device.mgt.api/src/main/java/org/wso2/carbon/device/mgt/jaxrs/service/api/ActivityInfoProviderService.java
index 78ce621a05..f91a9ccdb6 100644
--- a/components/device-mgt/org.wso2.carbon.device.mgt.api/src/main/java/org/wso2/carbon/device/mgt/jaxrs/service/api/ActivityInfoProviderService.java
+++ b/components/device-mgt/org.wso2.carbon.device.mgt.api/src/main/java/org/wso2/carbon/device/mgt/jaxrs/service/api/ActivityInfoProviderService.java
@@ -20,7 +20,7 @@ package org.wso2.carbon.device.mgt.jaxrs.service.api;
import io.swagger.annotations.*;
import org.wso2.carbon.apimgt.annotations.api.API;
-import org.wso2.carbon.apimgt.annotations.api.Permission;
+import org.wso2.carbon.apimgt.annotations.api.Scope;
import org.wso2.carbon.device.mgt.common.operation.mgt.Activity;
import org.wso2.carbon.device.mgt.jaxrs.beans.ActivityList;
import org.wso2.carbon.device.mgt.jaxrs.beans.ErrorResponse;
@@ -33,7 +33,7 @@ import javax.ws.rs.core.Response;
/**
* Activity related REST-API implementation.
*/
-@API(name = "Activities", version = "1.0.0", context = "/devicemgt_admin/activities", tags = {"devicemgt_admin"})
+@API(name = "Activity Info Provider", version = "1.0.0", context = "/api/device-mgt/v1.0/activities", tags = {"devicemgt_admin"})
@Path("/activities")
@Api(value = "Activity Info Provider", description = "Activity related information manipulation. For example operation details " +
@@ -92,10 +92,7 @@ public interface ActivityInfoProviderService {
message = "Internal Server Error. \n Server error occurred while fetching activity data.",
response = ErrorResponse.class)
})
- @Permission(
- scope = "activity-view",
- permissions = {"/permission/admin/device-mgt/admin/activities/view"}
- )
+ @Scope(key = "activity:view", name = "View Activities", description = "")
Response getActivity(
@ApiParam(
name = "id",
@@ -156,10 +153,7 @@ public interface ActivityInfoProviderService {
message = "Internal Server Error. \n Server error occurred while fetching activity data.",
response = ErrorResponse.class)
})
- @Permission(
- scope = "activity-view",
- permissions = {"/permission/admin/device-mgt/admin/activities/view"}
- )
+ @Scope(key = "activity:view", name = "View Activities", description = "")
Response getActivities(
@ApiParam(
name = "since",
diff --git a/components/device-mgt/org.wso2.carbon.device.mgt.api/src/main/java/org/wso2/carbon/device/mgt/jaxrs/service/api/ConfigurationManagementService.java b/components/device-mgt/org.wso2.carbon.device.mgt.api/src/main/java/org/wso2/carbon/device/mgt/jaxrs/service/api/ConfigurationManagementService.java
index fa6ed7527b..3708677b75 100644
--- a/components/device-mgt/org.wso2.carbon.device.mgt.api/src/main/java/org/wso2/carbon/device/mgt/jaxrs/service/api/ConfigurationManagementService.java
+++ b/components/device-mgt/org.wso2.carbon.device.mgt.api/src/main/java/org/wso2/carbon/device/mgt/jaxrs/service/api/ConfigurationManagementService.java
@@ -20,7 +20,7 @@ package org.wso2.carbon.device.mgt.jaxrs.service.api;
import io.swagger.annotations.*;
import org.wso2.carbon.apimgt.annotations.api.API;
-import org.wso2.carbon.apimgt.annotations.api.Permission;
+import org.wso2.carbon.apimgt.annotations.api.Scope;
import org.wso2.carbon.device.mgt.common.configuration.mgt.PlatformConfiguration;
import org.wso2.carbon.device.mgt.jaxrs.beans.ErrorResponse;
@@ -31,7 +31,7 @@ import javax.ws.rs.core.Response;
/**
* General Tenant Configuration REST-API.
*/
-@API(name = "Configuration", version = "1.0.0", context = "/devicemgt_admin/configuration", tags = {"devicemgt_admin"})
+@API(name = "Configuration Management", version = "1.0.0", context = "/api/device-mgt/v1.0/configuration", tags = {"devicemgt_admin"})
@Path("/configuration")
@Api(value = "Configuration Management", description = "General Tenant Configuration management capabilities are exposed " +
@@ -80,12 +80,8 @@ public interface ConfigurationManagementService {
message = "Internal Server Error. \n Server error occurred while fetching the general " +
"platform configuration.",
response = ErrorResponse.class)
- }
- )
- @Permission(
- scope = "configuration-view",
- permissions = {"/permission/admin/device-mgt/admin/platform-configs/view"}
- )
+ })
+ @Scope(key = "configuration:view", name = "View Configurations", description = "")
Response getConfiguration(
@ApiParam(
name = "If-Modified-Since",
@@ -130,12 +126,8 @@ public interface ConfigurationManagementService {
message = "Internal Server Error. \n " +
"Server error occurred while modifying general platform configuration.",
response = ErrorResponse.class)
- }
- )
- @Permission(
- scope = "configuration-modify",
- permissions = {"/permission/admin/device-mgt/admin/platform-configs/modify"}
- )
+ })
+ @Scope(key = "configuration:modify", name = "Modify Configurations", description = "")
Response updateConfiguration(
@ApiParam(
name = "configuration",
diff --git a/components/device-mgt/org.wso2.carbon.device.mgt.api/src/main/java/org/wso2/carbon/device/mgt/jaxrs/service/api/DeviceManagementService.java b/components/device-mgt/org.wso2.carbon.device.mgt.api/src/main/java/org/wso2/carbon/device/mgt/jaxrs/service/api/DeviceManagementService.java
index a72a4e5657..b4714623b2 100644
--- a/components/device-mgt/org.wso2.carbon.device.mgt.api/src/main/java/org/wso2/carbon/device/mgt/jaxrs/service/api/DeviceManagementService.java
+++ b/components/device-mgt/org.wso2.carbon.device.mgt.api/src/main/java/org/wso2/carbon/device/mgt/jaxrs/service/api/DeviceManagementService.java
@@ -20,7 +20,7 @@ package org.wso2.carbon.device.mgt.jaxrs.service.api;
import io.swagger.annotations.*;
import org.wso2.carbon.apimgt.annotations.api.API;
-import org.wso2.carbon.apimgt.annotations.api.Permission;
+import org.wso2.carbon.apimgt.annotations.api.Scope;
import org.wso2.carbon.device.mgt.common.Device;
import org.wso2.carbon.device.mgt.common.Feature;
import org.wso2.carbon.device.mgt.common.app.mgt.Application;
@@ -39,7 +39,7 @@ import javax.ws.rs.core.Response;
/**
* Device related REST-API. This can be used to manipulated device related details.
*/
-@API(name = "Device", version = "1.0.0", context = "/api/device-mgt/admin/devices", tags = {"devicemgt_admin"})
+@API(name = "Device Management", version = "1.0.0", context = "/api/device-mgt/v1.0/devices", tags = {"devicemgt_admin"})
@Path("/devices")
@Api(value = "Device Management", description = "This API carries all device management related operations " +
@@ -92,10 +92,7 @@ public interface DeviceManagementService {
message = "Internal Server Error. \n Server error occurred while fetching the device list.",
response = ErrorResponse.class)
})
- @Permission(
- scope = "device-list",
- permissions = {"/permission/admin/device-mgt/admin/devices/list"}
- )
+ @Scope(key = "device:view", name = "View Devices", description = "")
Response getDevices(
@ApiParam(
name = "name",
@@ -210,13 +207,7 @@ public interface DeviceManagementService {
"Server error occurred while retrieving information requested device.",
response = ErrorResponse.class)
})
- @Permission(
- scope = "device-view",
- permissions = {
- "/permission/admin/device-mgt/admin/devices/view",
- "/permission/admin/device-mgt/user/devices/view"
- }
- )
+ @Scope(key = "device:view", name = "View Devices", description = "")
Response getDevice(
@ApiParam(
name = "type",
@@ -298,12 +289,7 @@ public interface DeviceManagementService {
"Server error occurred while retrieving feature list of the device.",
response = ErrorResponse.class)
})
- @Permission(
- scope = "device-search",
- permissions = {"/permission/admin/device-mgt/admin/devices/view",
- "/permission/admin/device-mgt/user/devices/view"
- }
- )
+ @Scope(key = "device:view", name = "View Devices", description = "")
Response getFeaturesOfDevice(
@ApiParam(
name = "type",
@@ -379,10 +365,7 @@ public interface DeviceManagementService {
"Server error occurred while enrolling the device.",
response = ErrorResponse.class)
})
- @Permission(
- scope = "device-search",
- permissions = {"/permission/admin/device-mgt/admin/devices/list"}
- )
+ @Scope(key = "device:view", name = "View Devices", description = "")
Response searchDevices(
@ApiParam(
name = "offset",
@@ -461,13 +444,8 @@ public interface DeviceManagementService {
"Server error occurred while retrieving installed application list of the device.",
response = ErrorResponse.class)
})
- @Permission(
- scope = "operation-view",
- permissions = {
- "/permission/admin/device-mgt/admin/devices/view",
- "/permission/admin/device-mgt/user/devices/view"
- }
- )
+ @Scope(key = "device:view", name = "View Devices", description = "")
+
Response getInstalledApplications(
@ApiParam(
name = "type",
@@ -563,13 +541,7 @@ public interface DeviceManagementService {
"Server error occurred while retrieving operation list scheduled for the device.",
response = ErrorResponse.class)
})
- @Permission(
- scope = "operation-view",
- permissions = {
- "/permission/admin/device-mgt/admin/devices/view",
- "/permission/admin/device-mgt/user/devices/view"
- }
- )
+ @Scope(key = "device:view", name = "View Devices", description = "")
Response getDeviceOperations(
@ApiParam(
name = "type",
@@ -667,6 +639,7 @@ public interface DeviceManagementService {
response = ErrorResponse.class)
}
)
+ @Scope(key = "device:view", name = "View Devices", description = "")
Response getEffectivePolicyOfDevice(
@ApiParam(
name = "type",
@@ -718,6 +691,7 @@ public interface DeviceManagementService {
response = ErrorResponse.class)
}
)
+ @Scope(key = "device:view", name = "View Devices", description = "")
Response getComplianceDataOfDevice(
@ApiParam(
name = "type",
diff --git a/components/device-mgt/org.wso2.carbon.device.mgt.api/src/main/java/org/wso2/carbon/device/mgt/jaxrs/service/api/GroupManagementService.java b/components/device-mgt/org.wso2.carbon.device.mgt.api/src/main/java/org/wso2/carbon/device/mgt/jaxrs/service/api/GroupManagementService.java
index 46588ccbc9..2fa4297881 100644
--- a/components/device-mgt/org.wso2.carbon.device.mgt.api/src/main/java/org/wso2/carbon/device/mgt/jaxrs/service/api/GroupManagementService.java
+++ b/components/device-mgt/org.wso2.carbon.device.mgt.api/src/main/java/org/wso2/carbon/device/mgt/jaxrs/service/api/GroupManagementService.java
@@ -18,7 +18,7 @@
*/
package org.wso2.carbon.device.mgt.jaxrs.service.api;
-import org.wso2.carbon.apimgt.annotations.api.Permission;
+import org.wso2.carbon.apimgt.annotations.api.Scope;
import org.wso2.carbon.device.mgt.common.DeviceIdentifier;
import org.wso2.carbon.device.mgt.common.group.mgt.DeviceGroup;
diff --git a/components/device-mgt/org.wso2.carbon.device.mgt.api/src/main/java/org/wso2/carbon/device/mgt/jaxrs/service/api/NotificationManagementService.java b/components/device-mgt/org.wso2.carbon.device.mgt.api/src/main/java/org/wso2/carbon/device/mgt/jaxrs/service/api/NotificationManagementService.java
index 67851128e3..34bc726c66 100644
--- a/components/device-mgt/org.wso2.carbon.device.mgt.api/src/main/java/org/wso2/carbon/device/mgt/jaxrs/service/api/NotificationManagementService.java
+++ b/components/device-mgt/org.wso2.carbon.device.mgt.api/src/main/java/org/wso2/carbon/device/mgt/jaxrs/service/api/NotificationManagementService.java
@@ -20,7 +20,7 @@ package org.wso2.carbon.device.mgt.jaxrs.service.api;
import io.swagger.annotations.*;
import org.wso2.carbon.apimgt.annotations.api.API;
-import org.wso2.carbon.apimgt.annotations.api.Permission;
+import org.wso2.carbon.apimgt.annotations.api.Scope;
import org.wso2.carbon.device.mgt.common.notification.mgt.Notification;
import org.wso2.carbon.device.mgt.jaxrs.NotificationList;
import org.wso2.carbon.device.mgt.jaxrs.beans.ErrorResponse;
@@ -34,7 +34,7 @@ import javax.ws.rs.core.Response;
/**
* Notifications related REST-API.
*/
-@API(name = "Device Notification Management API", version = "1.0.0", context = "/devicemgt_admin/notifications",
+@API(name = "Device Notification Management", version = "1.0.0", context = "/api/device-mgt/v1.0/notifications",
tags = {"devicemgt_admin"})
@Api(value = "Device Notification Management", description = "Device notification related operations can be found here.")
@Path("/notifications")
@@ -89,14 +89,8 @@ public interface NotificationManagementService {
message = "Internal Server Error. " +
"\n Server error occurred while fetching the notification list.",
response = ErrorResponse.class)
- }
- )
- @Permission(
- scope = "device-notification-view",
- permissions = {
- "/permission/admin/device-mgt/admin/notifications/view",
- "/permission/admin/device-mgt/user/notifications/view" }
- )
+ })
+ @Scope(key = "notification:view", name = "View and manage notifications", description = "")
Response getNotifications(
@ApiParam(
name = "status",
@@ -148,10 +142,7 @@ public interface NotificationManagementService {
message = "Error occurred while updating notification status.")
}
)
- @Permission(
- scope = "",
- permissions = { "" }
- )
+ @Scope(key = "notification:view", name = "View and manage notifications", description = "")
Response updateNotificationStatus(
@ApiParam(
name = "id",
diff --git a/components/device-mgt/org.wso2.carbon.device.mgt.api/src/main/java/org/wso2/carbon/device/mgt/jaxrs/service/api/PolicyManagementService.java b/components/device-mgt/org.wso2.carbon.device.mgt.api/src/main/java/org/wso2/carbon/device/mgt/jaxrs/service/api/PolicyManagementService.java
index 2531435683..da0931e10f 100644
--- a/components/device-mgt/org.wso2.carbon.device.mgt.api/src/main/java/org/wso2/carbon/device/mgt/jaxrs/service/api/PolicyManagementService.java
+++ b/components/device-mgt/org.wso2.carbon.device.mgt.api/src/main/java/org/wso2/carbon/device/mgt/jaxrs/service/api/PolicyManagementService.java
@@ -19,7 +19,8 @@
package org.wso2.carbon.device.mgt.jaxrs.service.api;
import io.swagger.annotations.*;
-import org.wso2.carbon.apimgt.annotations.api.Permission;
+import org.wso2.carbon.apimgt.annotations.api.API;
+import org.wso2.carbon.apimgt.annotations.api.Scope;
import org.wso2.carbon.device.mgt.jaxrs.beans.ErrorResponse;
import org.wso2.carbon.device.mgt.jaxrs.beans.PolicyWrapper;
import org.wso2.carbon.device.mgt.jaxrs.beans.PriorityUpdatedPolicyWrapper;
@@ -35,6 +36,9 @@ import java.util.List;
* Policy related REST-API. This can be used to manipulated policies and associate them with devices, users, roles,
* groups.
*/
+@API(name = "Device Policy Management", version = "1.0.0", context = "/api/device-mgt/v1.0/policies",
+ tags = {"devicemgt_admin"})
+
@Api(value = "Device Policy Management", description = "This API carries all the necessary functionalities " +
"around device policy management")
@Path("/policies")
@@ -95,12 +99,8 @@ public interface PolicyManagementService {
message = "Internal Server Error. \n " +
"Server error occurred while adding a new policy.",
response = ErrorResponse.class)
- }
- )
- @Permission(
- scope = "policy-modify",
- permissions = {"/permission/admin/device-mgt/admin/policies/add"}
- )
+ })
+ @Scope(key = "policy:manage", name = "Add policies", description = "")
Response addPolicy(
@ApiParam(
name = "policy",
@@ -153,12 +153,8 @@ public interface PolicyManagementService {
message = ("Internal Server Error. \n Server error occurred while fetching " +
"policies."),
response = ErrorResponse.class)
- }
- )
- @Permission(
- scope = "policy-view",
- permissions = {"/permission/admin/device-mgt/admin/policies/list"}
- )
+ })
+ @Scope(key = "policy:view", name = "Views policies", description = "")
Response getPolicies(
@ApiParam(
name = "If-Modified-Since",
@@ -224,10 +220,7 @@ public interface PolicyManagementService {
"policy.",
response = ErrorResponse.class)
})
- @Permission(
- scope = "policy-view",
- permissions = {"/permission/admin/device-mgt/admin/policies/list"}
- )
+ @Scope(key = "policy:view", name = "View policies", description = "")
Response getPolicy(
@ApiParam(
name = "id",
@@ -290,12 +283,8 @@ public interface PolicyManagementService {
message = "Internal Server Error. \n " +
"Server error occurred while updating the policy.",
response = ErrorResponse.class)
- }
- )
- @Permission(
- scope = "policy-modify",
- permissions = {"/permission/admin/device-mgt/admin/policies/update"}
- )
+ })
+ @Scope(key = "policy:manage", name = "Add policies", description = "")
Response updatePolicy(
@ApiParam(
name = "id",
@@ -340,12 +329,8 @@ public interface PolicyManagementService {
message = "Internal Server Error. \n " +
"Server error occurred while bulk removing policies.",
response = ErrorResponse.class)
- }
- )
- @Permission(
- scope = "policy-modify",
- permissions = {"/permission/admin/device-mgt/admin/policies/remove"}
- )
+ })
+ @Scope(key = "policy:manage", name = "Add policies", description = "")
Response removePolicies(
@ApiParam(
name = "policyIds",
@@ -380,13 +365,8 @@ public interface PolicyManagementService {
code = 500,
message = "ErrorResponse in activating policies.",
response = ErrorResponse.class)
- }
- )
- @Permission(
- scope = "policy-modify", permissions = {
- "/permission/admin/device-mgt/admin/policies/update",
- "/permission/admin/device-mgt/admin/policies/add"}
- )
+ })
+ @Scope(key = "policy:manage", name = "Add policies", description = "")
Response activatePolicies(
@ApiParam(
name = "policyIds",
@@ -421,14 +401,8 @@ public interface PolicyManagementService {
code = 500,
message = "ErrorResponse in deactivating policies.",
response = ErrorResponse.class)
- }
- )
- @Permission(
- scope = "policy-modify",
- permissions = {
- "/permission/admin/device-mgt/admin/policies/update",
- "/permission/admin/device-mgt/admin/policies/add"}
- )
+ })
+ @Scope(key = "policy:manage", name = "Add policies", description = "")
Response deactivatePolicies(
@ApiParam(
name = "policyIds",
@@ -460,12 +434,8 @@ public interface PolicyManagementService {
code = 500,
message = "ErrorResponse in deactivating policies.",
response = ErrorResponse.class)
- }
- )
- @Permission(
- scope = "policy-modify",
- permissions = {"/permission/admin/device-mgt/admin/policies/update"}
- )
+ })
+ @Scope(key = "policy:manage", name = "Add policies", description = "")
Response applyChanges();
@@ -493,11 +463,8 @@ public interface PolicyManagementService {
code = 500,
message = "Exception in updating policy priorities.",
response = ErrorResponse.class)
- }
- )
- @Permission(
- scope = "",
- permissions = {})
+ })
+ @Scope(key = "policy:manage", name = "Add policies", description = "")
Response updatePolicyPriorities(
@ApiParam(
name = "priorityUpdatedPolicies",
diff --git a/components/device-mgt/org.wso2.carbon.device.mgt.api/src/main/java/org/wso2/carbon/device/mgt/jaxrs/service/api/RoleManagementService.java b/components/device-mgt/org.wso2.carbon.device.mgt.api/src/main/java/org/wso2/carbon/device/mgt/jaxrs/service/api/RoleManagementService.java
index a42758e215..83b8e5851f 100644
--- a/components/device-mgt/org.wso2.carbon.device.mgt.api/src/main/java/org/wso2/carbon/device/mgt/jaxrs/service/api/RoleManagementService.java
+++ b/components/device-mgt/org.wso2.carbon.device.mgt.api/src/main/java/org/wso2/carbon/device/mgt/jaxrs/service/api/RoleManagementService.java
@@ -20,18 +20,17 @@ package org.wso2.carbon.device.mgt.jaxrs.service.api;
import io.swagger.annotations.*;
import org.wso2.carbon.apimgt.annotations.api.API;
-import org.wso2.carbon.apimgt.annotations.api.Permission;
import org.wso2.carbon.device.mgt.jaxrs.beans.ErrorResponse;
import org.wso2.carbon.device.mgt.jaxrs.beans.RoleInfo;
import org.wso2.carbon.device.mgt.jaxrs.beans.RoleList;
-import org.wso2.carbon.user.mgt.common.UIPermissionNode;
+import org.wso2.carbon.device.mgt.jaxrs.beans.Scope;
import javax.ws.rs.*;
import javax.ws.rs.core.MediaType;
import javax.ws.rs.core.Response;
import java.util.List;
-@API(name = "Role", version = "1.0.0", context = "/devicemgt_admin/roles", tags = {"devicemgt_admin"})
+@API(name = "Role Management", version = "1.0.0", context = "/api/device-mgt/v1.0/roles", tags = {"devicemgt_admin"})
@Path("/roles")
@Api(value = "Role Management", description = "Role management related operations can be found here.")
@@ -77,11 +76,7 @@ public interface RoleManagementService {
message = "Internal Server Error. \n Server error occurred while fetching requested list of roles.",
response = ErrorResponse.class)
})
- @Permission(scope = "roles-view", permissions = {
- "/permission/admin/device-mgt/admin/roles/list",
- "/permission/admin/device-mgt/admin/users/view",
- "/permission/admin/device-mgt/admin/policies/add",
- "/permission/admin/device-mgt/admin/policies/update"})
+ @org.wso2.carbon.apimgt.annotations.api.Scope(key = "role:view", name = "View roles", description = "")
Response getRoles(
@ApiParam(
name = "filter",
@@ -110,16 +105,16 @@ public interface RoleManagementService {
@QueryParam("limit") int limit);
@GET
- @Path("/{roleName}/permissions")
+ @Path("/scopes")
@ApiOperation(
produces = MediaType.APPLICATION_JSON,
httpMethod = "GET",
- value = "Getting permission details of a role.",
+ value = "Getting authorization scopes.",
notes = "In an organization an individual is associated a with set of responsibilities based on their " +
- "role. In EMM you are able to configure permissions based on the responsibilities carried " +
- "out by a role. Therefore if you wish to retrieve the permission details of a role, you can do " +
+ "role. In EMM you are able to configure scopes based on the responsibilities carried " +
+ "out by a role. Therefore if you wish to retrieve the scopes details of roles, you can do " +
"so using this REST API.",
- response = UIPermissionNode.class,
+ response = List.class,
responseContainer = "List",
tags = "Role Management"
)
@@ -127,8 +122,8 @@ public interface RoleManagementService {
value = {
@ApiResponse(
code = 200,
- message = "OK. \n Successfully fetched the permission list of the given role.",
- response = UIPermissionNode.class,
+ message = "OK. \n Successfully fetched the scopes list.",
+ response = List.class,
responseContainer = "List",
responseHeaders = {
@ResponseHeader(
@@ -163,19 +158,63 @@ public interface RoleManagementService {
message = "Internal Server ErrorResponse. \n Server error occurred while fetching the permission list of the requested role.",
response = ErrorResponse.class)
})
- @Permission(scope = "roles-view", permissions = {"/permission/admin/device-mgt/admin/roles/list"})
- Response getPermissionsOfRole(
- @ApiParam(
- name = "roleName",
- value = "Name of the role.",
- required = true)
- @PathParam("roleName") String roleName,
+ @org.wso2.carbon.apimgt.annotations.api.Scope(key = "role:view", name = "View roles", description = "")
+ Response getScopes(
@ApiParam(
name = "If-Modified-Since",
value = "Validates if the requested variant has not been modified since the time specified",
required = false)
@HeaderParam("If-Modified-Since") String ifModifiedSince);
+ @PUT
+ @Path("/scopes")
+ @ApiOperation(
+ produces = MediaType.APPLICATION_JSON,
+ httpMethod = "PUT",
+ value = "Updating authorization scopes.",
+ notes = "This REST API can be used to update the associated roles of the scopes",
+ tags = "Role Management"
+ )
+ @ApiResponses(value = {
+ @ApiResponse(
+ code = 200,
+ message = "OK. \n Scopes has been updated successfully",
+ responseHeaders = {
+ @ResponseHeader(
+ name = "Content-Type",
+ description = "Content type of the body"),
+ @ResponseHeader(
+ name = "ETag",
+ description = "Entity Tag of the response resource.\n" +
+ "Used by caches, or in conditional requests."),
+ @ResponseHeader(
+ name = "Last-Modified",
+ description = "Date and time the resource has been modified the last time.\n" +
+ "Used by caches, or in conditional requests.")}),
+ @ApiResponse(
+ code = 400,
+ message = "Bad Request. \n Invalid request or validation error.",
+ response = ErrorResponse.class),
+ @ApiResponse(
+ code = 404,
+ message = "Not Found. \n Scopes to be updated does not exist.",
+ response = ErrorResponse.class),
+ @ApiResponse(
+ code = 415,
+ message = "Unsupported media type. \n The entity of the request was in a not supported format.",
+ response = ErrorResponse.class),
+ @ApiResponse(
+ code = 500,
+ message = "Internal Server Error. \n Server error occurred while updating the scopes.",
+ response = ErrorResponse.class)
+ })
+ @org.wso2.carbon.apimgt.annotations.api.Scope(key = "role:manage", name = "Add roles", description = "")
+ Response updateScopes(
+ @ApiParam(
+ name = "Scopes",
+ value = "List of scopes to be updated",
+ required = true) List scopes);
+
@GET
@Path("/{roleName}")
@ApiOperation(
@@ -226,7 +265,7 @@ public interface RoleManagementService {
"requested role.",
response = ErrorResponse.class)
})
- @Permission(scope = "roles-view", permissions = {"/permission/admin/device-mgt/admin/roles/list"})
+ @org.wso2.carbon.apimgt.annotations.api.Scope(key = "role:view", name = "View roles", description = "")
Response getRole(
@ApiParam(
name = "roleName",
@@ -286,7 +325,7 @@ public interface RoleManagementService {
message = "Internal Server Error. \n Server error occurred while adding a new role.",
response = ErrorResponse.class)
})
- @Permission(scope = "roles-modify", permissions = {"/permission/admin/device-mgt/admin/roles/add"})
+ @org.wso2.carbon.apimgt.annotations.api.Scope(key = "role:manage", name = "Add roles", description = "")
Response addRole(
@ApiParam(
name = "role",
@@ -336,7 +375,7 @@ public interface RoleManagementService {
message = "Internal Server Error. \n Server error occurred while updating the role.",
response = ErrorResponse.class)
})
- @Permission(scope = "roles-modify", permissions = {"/permission/admin/device-mgt/admin/roles/update"})
+ @org.wso2.carbon.apimgt.annotations.api.Scope(key = "role:manage", name = "Add roles", description = "")
Response updateRole(
@ApiParam(
name = "roleName",
@@ -373,13 +412,17 @@ public interface RoleManagementService {
message = "Internal Server Error. \n Server error occurred while removing the role.",
response = ErrorResponse.class)
})
- @Permission(scope = "roles-modify", permissions = {"/permission/admin/device-mgt/admin/roles/remove"})
+ @org.wso2.carbon.apimgt.annotations.api.Scope(key = "role:manage", name = "Add roles", description = "")
Response deleteRole(
@ApiParam(
name = "roleName",
value = "Name of the role to de deleted.",
required = true)
- @PathParam("roleName") String roleName);
+ @PathParam("roleName") String roleName,
+ @ApiParam(
+ name = "role",
+ value = "Details about the role to be added.",
+ required = true) RoleInfo role);
@PUT
@Path("/{roleName}/users")
@@ -431,7 +474,7 @@ public interface RoleManagementService {
"Server error occurred while updating the user list of the role.",
response = ErrorResponse.class)
})
- @Permission(scope = "roles-modify", permissions = {"/permission/admin/device-mgt/admin/roles/update"})
+ @org.wso2.carbon.apimgt.annotations.api.Scope(key = "role:manage", name = "Add roles", description = "")
Response updateUsersOfRole(
@ApiParam(
name = "roleName",
diff --git a/components/device-mgt/org.wso2.carbon.device.mgt.api/src/main/java/org/wso2/carbon/device/mgt/jaxrs/service/api/UserManagementService.java b/components/device-mgt/org.wso2.carbon.device.mgt.api/src/main/java/org/wso2/carbon/device/mgt/jaxrs/service/api/UserManagementService.java
index de93bea82b..27fdf848e0 100644
--- a/components/device-mgt/org.wso2.carbon.device.mgt.api/src/main/java/org/wso2/carbon/device/mgt/jaxrs/service/api/UserManagementService.java
+++ b/components/device-mgt/org.wso2.carbon.device.mgt.api/src/main/java/org/wso2/carbon/device/mgt/jaxrs/service/api/UserManagementService.java
@@ -20,7 +20,7 @@ package org.wso2.carbon.device.mgt.jaxrs.service.api;
import io.swagger.annotations.*;
import org.wso2.carbon.apimgt.annotations.api.API;
-import org.wso2.carbon.apimgt.annotations.api.Permission;
+import org.wso2.carbon.apimgt.annotations.api.Scope;
import org.wso2.carbon.device.mgt.jaxrs.beans.*;
import javax.ws.rs.*;
@@ -29,7 +29,7 @@ import javax.ws.rs.core.Response;
import java.util.List;
-@API(name = "User Management API", version = "1.0.0", context = "/devicemgt_admin/users", tags = {"devicemgt_admin"})
+@API(name = "User Management", version = "1.0.0", context = "/api/device-mgt/v1.0/users", tags = {"devicemgt_admin"})
@Path("/users")
@Api(value = "User Management", description = "User management related operations can be found here.")
@@ -83,7 +83,7 @@ public interface UserManagementService {
message = "Internal Server Error. \n Server error occurred while adding a new user.",
response = ErrorResponse.class)
})
- @Permission(scope = "user-modify", permissions = {"/permission/admin/device-mgt/admin/user/add"})
+ @Scope(key = "user:manage", name = "Add users", description = "")
Response addUser(
@ApiParam(
name = "user",
@@ -135,7 +135,7 @@ public interface UserManagementService {
" fetching the requested user.",
response = ErrorResponse.class)
})
- @Permission(scope = "user-view", permissions = {"/permission/admin/device-mgt/admin/user/view"})
+ @Scope(key = "user:view", name = "View users", description = "")
Response getUser(
@ApiParam(
name = "username",
@@ -192,7 +192,7 @@ public interface UserManagementService {
"Server error occurred while updating the user.",
response = ErrorResponse.class)
})
- @Permission(scope = "user-modify", permissions = {"/permission/admin/device-mgt/admin/user/update"})
+ @Scope(key = "user:manage", name = "Add users", description = "")
Response updateUser(
@ApiParam(
name = "username",
@@ -227,7 +227,7 @@ public interface UserManagementService {
response = ErrorResponse.class
)
})
- @Permission(scope = "user-modify", permissions = {"/permission/admin/device-mgt/admin/user/remove"})
+ @Scope(key = "user:manage", name = "Add users", description = "")
Response removeUser(
@ApiParam(name = "username", value = "Username of the user to be deleted.", required = true)
@PathParam("username") String username);
@@ -276,7 +276,7 @@ public interface UserManagementService {
" assigned to the user.",
response = ErrorResponse.class)
})
- @Permission(scope = "user-view", permissions = {"/permission/admin/device-mgt/admin/user/view"})
+ @Scope(key = "user:view", name = "View users", description = "")
Response getRolesOfUser(
@ApiParam(name = "username", value = "Username of the user.", required = true)
@PathParam("username") String username);
@@ -319,7 +319,7 @@ public interface UserManagementService {
message = "Internal Server Error. \n Server error occurred while fetching the user list.",
response = ErrorResponse.class)
})
- @Permission(scope = "user-view", permissions = {"/permission/admin/device-mgt/admin/user/list"})
+ @Scope(key = "user:view", name = "View users", description = "")
Response getUsers(
@ApiParam(
name = "filter",
@@ -386,7 +386,7 @@ public interface UserManagementService {
"list that matches the given filter.",
response = ErrorResponse.class)
})
- @Permission(scope = "user-view", permissions = {"/permission/admin/device-mgt/admin/user/list"})
+ @Scope(key = "user:view", name = "View users", description = "")
Response getUserNames(
@ApiParam(
name = "filter",
@@ -440,7 +440,7 @@ public interface UserManagementService {
"Server error occurred while updating credentials of the user.",
response = ErrorResponse.class)
})
- @Permission(scope = "user-modify", permissions = {"/permission/admin/login"})
+ @Scope(key = "user:view", name = "View users", description = "")
Response resetPassword(
@ApiParam(
name = "username",
@@ -483,7 +483,7 @@ public interface UserManagementService {
"Server error occurred while updating credentials of the user.",
response = ErrorResponse.class)
})
- @Permission(scope = "user-invite", permissions = {"/permission/admin/device-mgt/admin/user/invite"})
+ @Scope(key = "user:manage", name = "Add users", description = "")
Response inviteExistingUsersToEnrollDevice(
@ApiParam(
name = "users",
diff --git a/components/device-mgt/org.wso2.carbon.device.mgt.api/src/main/java/org/wso2/carbon/device/mgt/jaxrs/service/api/admin/ApplicationManagementAdminService.java b/components/device-mgt/org.wso2.carbon.device.mgt.api/src/main/java/org/wso2/carbon/device/mgt/jaxrs/service/api/admin/ApplicationManagementAdminService.java
index 49f15dccb1..546f6d96b1 100644
--- a/components/device-mgt/org.wso2.carbon.device.mgt.api/src/main/java/org/wso2/carbon/device/mgt/jaxrs/service/api/admin/ApplicationManagementAdminService.java
+++ b/components/device-mgt/org.wso2.carbon.device.mgt.api/src/main/java/org/wso2/carbon/device/mgt/jaxrs/service/api/admin/ApplicationManagementAdminService.java
@@ -20,6 +20,7 @@ package org.wso2.carbon.device.mgt.jaxrs.service.api.admin;
import io.swagger.annotations.*;
import org.wso2.carbon.apimgt.annotations.api.API;
+import org.wso2.carbon.apimgt.annotations.api.Scope;
import org.wso2.carbon.device.mgt.common.operation.mgt.Activity;
import org.wso2.carbon.device.mgt.jaxrs.beans.ApplicationWrapper;
import org.wso2.carbon.device.mgt.jaxrs.beans.ErrorResponse;
@@ -31,7 +32,7 @@ import javax.ws.rs.Produces;
import javax.ws.rs.core.MediaType;
import javax.ws.rs.core.Response;
-@API(name = "Application", version = "1.0.0", context = "/devicemgt_admin/applications", tags = {"devicemgt_admin"})
+@API(name = "Application Management Admin", version = "1.0.0", context = "/api/device-mgt/v1.0/admin/applications", tags = {"devicemgt_admin"})
@Path("/admin/applications")
@Api(value = "Application Management Administrative Service", description = "This an API intended to be used by " +
@@ -73,6 +74,7 @@ public interface ApplicationManagementAdminService {
"a given set of devices.",
response = ErrorResponse.class)
})
+ @Scope(key = "application:manage", name = "Install/Uninstall applications", description = "")
Response installApplication(
@ApiParam(
name = "applicationWrapper",
@@ -111,6 +113,7 @@ public interface ApplicationManagementAdminService {
"a given set of devices.",
response = ErrorResponse.class)
})
+ @Scope(key = "application:manage", name = "Install/Uninstall applications", description = "")
Response uninstallApplication(
@ApiParam(
name = "applicationWrapper",
diff --git a/components/device-mgt/org.wso2.carbon.device.mgt.api/src/main/java/org/wso2/carbon/device/mgt/jaxrs/service/api/admin/DeviceManagementAdminService.java b/components/device-mgt/org.wso2.carbon.device.mgt.api/src/main/java/org/wso2/carbon/device/mgt/jaxrs/service/api/admin/DeviceManagementAdminService.java
index 34d3ba0fe3..66a3c75f05 100644
--- a/components/device-mgt/org.wso2.carbon.device.mgt.api/src/main/java/org/wso2/carbon/device/mgt/jaxrs/service/api/admin/DeviceManagementAdminService.java
+++ b/components/device-mgt/org.wso2.carbon.device.mgt.api/src/main/java/org/wso2/carbon/device/mgt/jaxrs/service/api/admin/DeviceManagementAdminService.java
@@ -20,6 +20,7 @@ package org.wso2.carbon.device.mgt.jaxrs.service.api.admin;
import io.swagger.annotations.*;
import org.wso2.carbon.apimgt.annotations.api.API;
+import org.wso2.carbon.apimgt.annotations.api.Scope;
import org.wso2.carbon.device.mgt.common.Device;
import org.wso2.carbon.device.mgt.jaxrs.beans.ErrorResponse;
@@ -28,7 +29,7 @@ import javax.ws.rs.*;
import javax.ws.rs.core.MediaType;
import javax.ws.rs.core.Response;
-@API(name = "DeviceManagementAdmin", version = "1.0.0", context = "/devicemgt_admin/applications",
+@API(name = "Device Management Admin", version = "1.0.0", context = "/api/device-mgt/v1.0/admin/devices",
tags = {"devicemgt_admin"})
@Path("/admin/devices")
@Api(value = "Device Management Administrative Service", description = "This an API intended to be used by " +
@@ -84,6 +85,7 @@ public interface DeviceManagementAdminService {
message = "Internal Server Error. \n Server error occurred while fetching the device list.",
response = ErrorResponse.class)
})
+ @Scope(key = "device:admin:view", name = "View Devices", description = "")
Response getDevicesByName(
@ApiParam(
name = "name",
diff --git a/components/device-mgt/org.wso2.carbon.device.mgt.api/src/main/java/org/wso2/carbon/device/mgt/jaxrs/service/api/admin/DeviceTypeManagementService.java b/components/device-mgt/org.wso2.carbon.device.mgt.api/src/main/java/org/wso2/carbon/device/mgt/jaxrs/service/api/admin/DeviceTypeManagementService.java
index 4ce4ac2147..4212f65ceb 100644
--- a/components/device-mgt/org.wso2.carbon.device.mgt.api/src/main/java/org/wso2/carbon/device/mgt/jaxrs/service/api/admin/DeviceTypeManagementService.java
+++ b/components/device-mgt/org.wso2.carbon.device.mgt.api/src/main/java/org/wso2/carbon/device/mgt/jaxrs/service/api/admin/DeviceTypeManagementService.java
@@ -20,7 +20,7 @@ package org.wso2.carbon.device.mgt.jaxrs.service.api.admin;
import io.swagger.annotations.*;
import org.wso2.carbon.apimgt.annotations.api.API;
-import org.wso2.carbon.apimgt.annotations.api.Permission;
+import org.wso2.carbon.apimgt.annotations.api.Scope;
import org.wso2.carbon.device.mgt.jaxrs.beans.DeviceTypeList;
import org.wso2.carbon.device.mgt.jaxrs.beans.ErrorResponse;
@@ -28,7 +28,7 @@ import javax.ws.rs.*;
import javax.ws.rs.core.MediaType;
import javax.ws.rs.core.Response;
-@API(name = "Device Type Management", version = "1.0.0", context = "/admin/device-types", tags = {"devicemgt_admin"})
+@API(name = "Device Type Management", version = "1.0.0", context = "/api/device-mgt/v1.0/admin/device-types", tags = {"devicemgt_admin"})
@Path("/admin/device-types")
@Api(value = "Device Type Management", description = "This API corresponds to all tasks related to device " +
@@ -78,10 +78,7 @@ public interface DeviceTypeManagementService {
response = ErrorResponse.class)
}
)
- @Permission(
- scope = "read:device-types",
- permissions = {"/permission/admin/device-mgt/admin/device-types/view"}
- )
+ @Scope(key = "device-type:admin:view", name = "View device types", description = "")
Response getDeviceTypes(
@ApiParam(
name = "If-Modified-Since",
diff --git a/components/device-mgt/org.wso2.carbon.device.mgt.api/src/main/java/org/wso2/carbon/device/mgt/jaxrs/service/api/admin/GroupManagementAdminService.java b/components/device-mgt/org.wso2.carbon.device.mgt.api/src/main/java/org/wso2/carbon/device/mgt/jaxrs/service/api/admin/GroupManagementAdminService.java
index 4d5915684b..0580d8504d 100644
--- a/components/device-mgt/org.wso2.carbon.device.mgt.api/src/main/java/org/wso2/carbon/device/mgt/jaxrs/service/api/admin/GroupManagementAdminService.java
+++ b/components/device-mgt/org.wso2.carbon.device.mgt.api/src/main/java/org/wso2/carbon/device/mgt/jaxrs/service/api/admin/GroupManagementAdminService.java
@@ -19,7 +19,7 @@
package org.wso2.carbon.device.mgt.jaxrs.service.api.admin;
import io.swagger.annotations.*;
-import org.wso2.carbon.apimgt.annotations.api.Permission;
+import org.wso2.carbon.apimgt.annotations.api.Scope;
import org.wso2.carbon.policy.mgt.common.DeviceGroupWrapper;
import javax.ws.rs.*;
diff --git a/components/device-mgt/org.wso2.carbon.device.mgt.api/src/main/java/org/wso2/carbon/device/mgt/jaxrs/service/api/admin/UserManagementAdminService.java b/components/device-mgt/org.wso2.carbon.device.mgt.api/src/main/java/org/wso2/carbon/device/mgt/jaxrs/service/api/admin/UserManagementAdminService.java
index 8d3700473c..6307ee00e6 100644
--- a/components/device-mgt/org.wso2.carbon.device.mgt.api/src/main/java/org/wso2/carbon/device/mgt/jaxrs/service/api/admin/UserManagementAdminService.java
+++ b/components/device-mgt/org.wso2.carbon.device.mgt.api/src/main/java/org/wso2/carbon/device/mgt/jaxrs/service/api/admin/UserManagementAdminService.java
@@ -19,7 +19,8 @@
package org.wso2.carbon.device.mgt.jaxrs.service.api.admin;
import io.swagger.annotations.*;
-import org.wso2.carbon.apimgt.annotations.api.Permission;
+import org.wso2.carbon.apimgt.annotations.api.API;
+import org.wso2.carbon.apimgt.annotations.api.Scope;
import org.wso2.carbon.device.mgt.jaxrs.beans.ErrorResponse;
import org.wso2.carbon.device.mgt.jaxrs.beans.PasswordResetWrapper;
@@ -28,6 +29,8 @@ import javax.ws.rs.*;
import javax.ws.rs.core.MediaType;
import javax.ws.rs.core.Response;
+@API(name = "User Management Admin", version = "1.0.0", context = "/api/device-mgt/v1.0/admin/users", tags = {"devicemgt_admin"})
+
@Path("/admin/users")
@Produces(MediaType.APPLICATION_JSON)
@Consumes(MediaType.APPLICATION_JSON)
@@ -65,7 +68,7 @@ public interface UserManagementAdminService {
"Server error occurred while updating credentials of the user.",
response = ErrorResponse.class)
})
- @Permission(scope = "user-modify", permissions = {"/permission/admin/login"})
+ @Scope(key = "user:admin:reset-password", name = "View users", description = "")
Response resetUserPassword(
@ApiParam(
name = "username",
diff --git a/components/device-mgt/org.wso2.carbon.device.mgt.api/src/main/java/org/wso2/carbon/device/mgt/jaxrs/service/impl/RoleManagementServiceImpl.java b/components/device-mgt/org.wso2.carbon.device.mgt.api/src/main/java/org/wso2/carbon/device/mgt/jaxrs/service/impl/RoleManagementServiceImpl.java
index d1c559ec5c..37fe8b214e 100644
--- a/components/device-mgt/org.wso2.carbon.device.mgt.api/src/main/java/org/wso2/carbon/device/mgt/jaxrs/service/impl/RoleManagementServiceImpl.java
+++ b/components/device-mgt/org.wso2.carbon.device.mgt.api/src/main/java/org/wso2/carbon/device/mgt/jaxrs/service/impl/RoleManagementServiceImpl.java
@@ -20,21 +20,23 @@ package org.wso2.carbon.device.mgt.jaxrs.service.impl;
import org.apache.commons.logging.Log;
import org.apache.commons.logging.LogFactory;
-import org.wso2.carbon.CarbonConstants;
-import org.wso2.carbon.base.MultitenantConstants;
+import org.wso2.carbon.device.mgt.common.scope.mgt.ScopeManagementException;
+import org.wso2.carbon.device.mgt.common.scope.mgt.ScopeManagementService;
import org.wso2.carbon.device.mgt.jaxrs.beans.ErrorResponse;
import org.wso2.carbon.device.mgt.jaxrs.beans.RoleInfo;
import org.wso2.carbon.device.mgt.jaxrs.beans.RoleList;
+import org.wso2.carbon.device.mgt.jaxrs.beans.Scope;
import org.wso2.carbon.device.mgt.jaxrs.service.api.RoleManagementService;
import org.wso2.carbon.device.mgt.jaxrs.service.impl.util.FilteringUtil;
import org.wso2.carbon.device.mgt.jaxrs.service.impl.util.RequestValidationUtil;
import org.wso2.carbon.device.mgt.jaxrs.util.DeviceMgtAPIUtils;
+import org.wso2.carbon.device.mgt.jaxrs.util.DeviceMgtUtil;
import org.wso2.carbon.device.mgt.jaxrs.util.SetReferenceTransformer;
-import org.wso2.carbon.user.api.*;
+import org.wso2.carbon.user.api.AuthorizationManager;
+import org.wso2.carbon.user.api.UserRealm;
+import org.wso2.carbon.user.api.UserStoreException;
+import org.wso2.carbon.user.api.UserStoreManager;
import org.wso2.carbon.user.core.common.AbstractUserStoreManager;
-import org.wso2.carbon.user.mgt.UserRealmProxy;
-import org.wso2.carbon.user.mgt.common.UIPermissionNode;
-import org.wso2.carbon.user.mgt.common.UserAdminException;
import javax.ws.rs.*;
import javax.ws.rs.core.MediaType;
@@ -88,64 +90,47 @@ public class RoleManagementServiceImpl implements RoleManagementService {
}
@GET
- @Path("/{roleName}/permissions")
+ @Path("/scopes")
@Override
- public Response getPermissionsOfRole(
- @PathParam("roleName") String roleName,
+ public Response getScopes(
@HeaderParam("If-Modified-Since") String ifModifiedSince) {
- RequestValidationUtil.validateRoleName(roleName);
- try {
- final UserRealm userRealm = DeviceMgtAPIUtils.getUserRealm();
- if (!userRealm.getUserStoreManager().isExistingRole(roleName)) {
- return Response.status(Response.Status.NOT_FOUND).entity(new ErrorResponse.ErrorResponseBuilder().setMessage(
- "No role exists with the name '" + roleName + "'").build()).build();
- }
- final UIPermissionNode rolePermissions = this.getUIPermissionNode(roleName, userRealm);
- if (rolePermissions == null) {
- if (log.isDebugEnabled()) {
- log.debug("No permissions found for the role '" + roleName + "'");
- }
+ List scopes = new ArrayList<>();
+ try {
+ ScopeManagementService scopeManagementService = DeviceMgtAPIUtils.getScopeManagementService();
+ if (scopeManagementService == null) {
+ log.error("Scope management service initialization is failed, hence scopes will not be retrieved");
+ } else {
+ scopes = DeviceMgtUtil.convertAPIScopestoScopes(scopeManagementService.getAllScopes());
}
- return Response.status(Response.Status.OK).entity(rolePermissions).build();
- } catch (UserAdminException e) {
- String msg = "Error occurred while retrieving the permissions of role '" + roleName + "'";
- log.error(msg, e);
- return Response.serverError().entity(
- new ErrorResponse.ErrorResponseBuilder().setMessage(msg).build()).build();
- } catch (UserStoreException e) {
- String msg = "Error occurred while retrieving the underlying user realm attached to the " +
- "current logged in user";
+ return Response.status(Response.Status.OK).entity(scopes).build();
+ } catch (ScopeManagementException e) {
+ String msg = "Error occurred while retrieving the scopes";
log.error(msg, e);
return Response.serverError().entity(
new ErrorResponse.ErrorResponseBuilder().setMessage(msg).build()).build();
}
}
- private UIPermissionNode getUIPermissionNode(String roleName, UserRealm userRealm)
- throws UserAdminException {
- org.wso2.carbon.user.core.UserRealm userRealmCore = null;
- if (userRealm instanceof org.wso2.carbon.user.core.UserRealm) {
- userRealmCore = (org.wso2.carbon.user.core.UserRealm) userRealm;
- }
- final UserRealmProxy userRealmProxy = new UserRealmProxy(userRealmCore);
- final UIPermissionNode rolePermissions =
- userRealmProxy.getRolePermissions(roleName, MultitenantConstants.SUPER_TENANT_ID);
- UIPermissionNode[] deviceMgtPermissions = new UIPermissionNode[2];
-
- for (UIPermissionNode permissionNode : rolePermissions.getNodeList()) {
- if ("/permission/admin".equals(permissionNode.getResourcePath())) {
- for (UIPermissionNode node : permissionNode.getNodeList()) {
- if ("/permission/admin/device-mgt".equals(node.getResourcePath())) {
- deviceMgtPermissions[0] = node;
- } else if ("/permission/admin/login".equals(node.getResourcePath())) {
- deviceMgtPermissions[1] = node;
- }
- }
+ @PUT
+ @Path("/scopes")
+ @Override
+ public Response updateScopes(List scopes) {
+ RequestValidationUtil.validateScopes(scopes);
+ try {
+ ScopeManagementService scopeManagementService = DeviceMgtAPIUtils.getScopeManagementService();
+ if (scopeManagementService == null) {
+ log.error("Scope management service initialization is failed, hence scopes will not be retrieved");
+ } else {
+ scopeManagementService.updateScopes(DeviceMgtUtil.convertScopestoAPIScopes(scopes));
}
+ return Response.status(Response.Status.OK).entity("Scopes has been successfully updated").build();
+ } catch (ScopeManagementException e) {
+ String msg = "Error occurred while updating the scopes";
+ log.error(msg, e);
+ return Response.serverError().entity(
+ new ErrorResponse.ErrorResponseBuilder().setMessage(msg).build()).build();
}
- rolePermissions.setNodeList(deviceMgtPermissions);
- return rolePermissions;
}
@GET
@@ -160,7 +145,6 @@ public class RoleManagementServiceImpl implements RoleManagementService {
RoleInfo roleInfo = new RoleInfo();
try {
final UserStoreManager userStoreManager = DeviceMgtAPIUtils.getUserStoreManager();
- final UserRealm userRealm = DeviceMgtAPIUtils.getUserRealm();
if (!userStoreManager.isExistingRole(roleName)) {
return Response.status(Response.Status.NOT_FOUND).entity(
new ErrorResponse.ErrorResponseBuilder().setMessage("No role exists with the name '" +
@@ -168,16 +152,9 @@ public class RoleManagementServiceImpl implements RoleManagementService {
}
roleInfo.setRoleName(roleName);
roleInfo.setUsers(userStoreManager.getUserListOfRole(roleName));
- // Get the permission nodes and hand picking only device management and login perms
- final UIPermissionNode rolePermissions = this.getUIPermissionNode(roleName, userRealm);
- List permList = new ArrayList<>();
- this.iteratePermissions(rolePermissions, permList);
- roleInfo.setPermissionList(rolePermissions);
- String[] permListAr = new String[permList.size()];
- roleInfo.setPermissions(permList.toArray(permListAr));
return Response.status(Response.Status.OK).entity(roleInfo).build();
- } catch (UserStoreException | UserAdminException e) {
+ } catch (UserStoreException e) {
String msg = "Error occurred while retrieving the user role '" + roleName + "'";
log.error(msg, e);
return Response.serverError().entity(
@@ -185,35 +162,18 @@ public class RoleManagementServiceImpl implements RoleManagementService {
}
}
- private List iteratePermissions(UIPermissionNode uiPermissionNode, List list) {
- for (UIPermissionNode permissionNode : uiPermissionNode.getNodeList()) {
- list.add(permissionNode.getResourcePath());
- if (permissionNode.getNodeList() != null && permissionNode.getNodeList().length > 0) {
- iteratePermissions(permissionNode, list);
- }
- }
- return list;
- }
-
@POST
@Override
public Response addRole(RoleInfo roleInfo) {
RequestValidationUtil.validateRoleDetails(roleInfo);
RequestValidationUtil.validateRoleName(roleInfo.getRoleName());
+
try {
UserStoreManager userStoreManager = DeviceMgtAPIUtils.getUserStoreManager();
if (log.isDebugEnabled()) {
log.debug("Persisting the role in the underlying user store");
}
- Permission[] permissions = null;
- if (roleInfo.getPermissions() != null && roleInfo.getPermissions().length > 0) {
- permissions = new Permission[roleInfo.getPermissions().length];
- for (int i = 0; i < permissions.length; i++) {
- String permission = roleInfo.getPermissions()[i];
- permissions[i] = new Permission(permission, CarbonConstants.UI_PERMISSION_ACTION);
- }
- }
- userStoreManager.addRole(roleInfo.getRoleName(), roleInfo.getUsers(), permissions);
+ userStoreManager.addRole(roleInfo.getRoleName(), roleInfo.getUsers(), null);
//TODO fix what's returned in the entity
return Response.created(new URI(API_BASE_PATH + "/" + roleInfo.getRoleName())).entity(
@@ -269,14 +229,12 @@ public class RoleManagementServiceImpl implements RoleManagementService {
userStoreManager.updateUserListOfRole(newRoleName, usersToDelete, usersToAdd);
}
- if (roleInfo.getPermissions() != null) {
- // Delete all authorizations for the current role before authorizing the permission tree
- authorizationManager.clearRoleAuthorization(roleName);
- if (roleInfo.getPermissions().length > 0) {
- for (int i = 0; i < roleInfo.getPermissions().length; i++) {
- String permission = roleInfo.getPermissions()[i];
- authorizationManager.authorizeRole(roleName, permission, CarbonConstants.UI_PERMISSION_ACTION);
- }
+ if (roleInfo.getScopes() != null) {
+ ScopeManagementService scopeManagementService = DeviceMgtAPIUtils.getScopeManagementService();
+ if (scopeManagementService == null) {
+ log.error("Scope management service initialization is failed, hence scopes will not be updated");
+ } else {
+ scopeManagementService.updateScopes(DeviceMgtUtil.convertScopestoAPIScopes(roleInfo.getScopes()));
}
}
//TODO: Need to send the updated role information in the entity back to the client
@@ -287,14 +245,21 @@ public class RoleManagementServiceImpl implements RoleManagementService {
log.error(msg, e);
return Response.serverError().entity(
new ErrorResponse.ErrorResponseBuilder().setMessage(msg).build()).build();
+ } catch (ScopeManagementException e) {
+ String msg = "Error occurred while updating scopes of role '" + roleName + "'";
+ log.error(msg, e);
+ return Response.serverError().entity(
+ new ErrorResponse.ErrorResponseBuilder().setMessage(msg).build()).build();
}
}
@DELETE
@Path("/{roleName}")
@Override
- public Response deleteRole(@PathParam("roleName") String roleName) {
+ public Response deleteRole(@PathParam("roleName") String roleName, RoleInfo roleInfo) {
RequestValidationUtil.validateRoleName(roleName);
+ RequestValidationUtil.validateScopes(roleInfo.getScopes());
+
try {
final UserRealm userRealm = DeviceMgtAPIUtils.getUserRealm();
final UserStoreManager userStoreManager = userRealm.getUserStoreManager();
@@ -312,12 +277,25 @@ public class RoleManagementServiceImpl implements RoleManagementService {
// Delete all authorizations for the current role before deleting
authorizationManager.clearRoleAuthorization(roleName);
+ //updating scopes
+ ScopeManagementService scopeManagementService = DeviceMgtAPIUtils.getScopeManagementService();
+ if (scopeManagementService == null) {
+ log.error("Scope management service initialization is failed, hence scopes will not be updated");
+ } else {
+ scopeManagementService.updateScopes(DeviceMgtUtil.convertScopestoAPIScopes(roleInfo.getScopes()));
+ }
+
return Response.status(Response.Status.OK).build();
} catch (UserStoreException e) {
String msg = "Error occurred while deleting the role '" + roleName + "'";
log.error(msg, e);
return Response.serverError().entity(
new ErrorResponse.ErrorResponseBuilder().setMessage(msg).build()).build();
+ } catch (ScopeManagementException e) {
+ String msg = "Error occurred while updating scopes of role '" + roleName + "'";
+ log.error(msg, e);
+ return Response.serverError().entity(
+ new ErrorResponse.ErrorResponseBuilder().setMessage(msg).build()).build();
}
}
diff --git a/components/device-mgt/org.wso2.carbon.device.mgt.api/src/main/java/org/wso2/carbon/device/mgt/jaxrs/service/impl/util/RequestValidationUtil.java b/components/device-mgt/org.wso2.carbon.device.mgt.api/src/main/java/org/wso2/carbon/device/mgt/jaxrs/service/impl/util/RequestValidationUtil.java
index 6e99def60f..6fbc75264c 100644
--- a/components/device-mgt/org.wso2.carbon.device.mgt.api/src/main/java/org/wso2/carbon/device/mgt/jaxrs/service/impl/util/RequestValidationUtil.java
+++ b/components/device-mgt/org.wso2.carbon.device.mgt.api/src/main/java/org/wso2/carbon/device/mgt/jaxrs/service/impl/util/RequestValidationUtil.java
@@ -18,6 +18,7 @@
*/
package org.wso2.carbon.device.mgt.jaxrs.service.impl.util;
+import org.wso2.carbon.device.mgt.jaxrs.beans.Scope;
import org.wso2.carbon.device.mgt.common.DeviceIdentifier;
import org.wso2.carbon.device.mgt.common.configuration.mgt.PlatformConfiguration;
import org.wso2.carbon.device.mgt.common.notification.mgt.Notification;
@@ -313,6 +314,14 @@ public class RequestValidationUtil {
}
}
+ public static void validateScopes(List scopes) {
+ if (scopes == null || scopes.isEmpty()) {
+ throw new InputValidationException(
+ new ErrorResponse.ErrorResponseBuilder().setCode(400l).setMessage("Scope details of the request body" +
+ " is incorrect or empty").build());
+ }
+ }
+
public static void validatePaginationParameters(int offset, int limit) {
if (offset < 0) {
throw new InputValidationException(
diff --git a/components/device-mgt/org.wso2.carbon.device.mgt.api/src/main/java/org/wso2/carbon/device/mgt/jaxrs/swagger/extension/SecurityDefinitionConfigurator.java b/components/device-mgt/org.wso2.carbon.device.mgt.api/src/main/java/org/wso2/carbon/device/mgt/jaxrs/swagger/extension/SecurityDefinitionConfigurator.java
index 2ad4b54aa5..45cadd4738 100644
--- a/components/device-mgt/org.wso2.carbon.device.mgt.api/src/main/java/org/wso2/carbon/device/mgt/jaxrs/swagger/extension/SecurityDefinitionConfigurator.java
+++ b/components/device-mgt/org.wso2.carbon.device.mgt.api/src/main/java/org/wso2/carbon/device/mgt/jaxrs/swagger/extension/SecurityDefinitionConfigurator.java
@@ -29,7 +29,7 @@ import java.util.HashMap;
import java.util.Map;
@SwaggerDefinition(
- basePath = "/api/device-mgt/v1.0",
+ basePath = "/api-device-mgt-v1.0",
host = "localhost:9443"
)
public class SecurityDefinitionConfigurator implements ReaderListener {
diff --git a/components/device-mgt/org.wso2.carbon.device.mgt.api/src/main/java/org/wso2/carbon/device/mgt/jaxrs/util/DeviceMgtAPIUtils.java b/components/device-mgt/org.wso2.carbon.device.mgt.api/src/main/java/org/wso2/carbon/device/mgt/jaxrs/util/DeviceMgtAPIUtils.java
index d9c998c622..aa748fdae5 100644
--- a/components/device-mgt/org.wso2.carbon.device.mgt.api/src/main/java/org/wso2/carbon/device/mgt/jaxrs/util/DeviceMgtAPIUtils.java
+++ b/components/device-mgt/org.wso2.carbon.device.mgt.api/src/main/java/org/wso2/carbon/device/mgt/jaxrs/util/DeviceMgtAPIUtils.java
@@ -28,6 +28,7 @@ import org.wso2.carbon.device.mgt.common.configuration.mgt.ConfigurationEntry;
import org.wso2.carbon.device.mgt.common.configuration.mgt.PlatformConfiguration;
import org.wso2.carbon.device.mgt.common.configuration.mgt.PlatformConfigurationManagementService;
import org.wso2.carbon.device.mgt.common.notification.mgt.NotificationManagementService;
+import org.wso2.carbon.device.mgt.common.scope.mgt.ScopeManagementService;
import org.wso2.carbon.device.mgt.core.app.mgt.ApplicationManagementProviderService;
import org.wso2.carbon.device.mgt.core.device.details.mgt.DeviceInformationManager;
import org.wso2.carbon.device.mgt.core.search.mgt.SearchManagerService;
@@ -248,6 +249,16 @@ public class DeviceMgtAPIUtils {
return gadgetDataService;
}
+ public static ScopeManagementService getScopeManagementService() {
+ PrivilegedCarbonContext ctx = PrivilegedCarbonContext.getThreadLocalCarbonContext();
+ ScopeManagementService scopeManagementService =
+ (ScopeManagementService) ctx.getOSGiService(ScopeManagementService.class, null);
+ if (scopeManagementService == null) {
+ throw new IllegalStateException("Scope Management Service has not been initialized.");
+ }
+ return scopeManagementService;
+ }
+
public static int getTenantId(String tenantDomain) throws DeviceManagementException {
RealmService realmService =
(RealmService) PrivilegedCarbonContext.getThreadLocalCarbonContext().getOSGiService(RealmService.class, null);
diff --git a/components/device-mgt/org.wso2.carbon.device.mgt.api/src/main/java/org/wso2/carbon/device/mgt/jaxrs/util/DeviceMgtUtil.java b/components/device-mgt/org.wso2.carbon.device.mgt.api/src/main/java/org/wso2/carbon/device/mgt/jaxrs/util/DeviceMgtUtil.java
index 6d53ee2bc9..0c198a1587 100644
--- a/components/device-mgt/org.wso2.carbon.device.mgt.api/src/main/java/org/wso2/carbon/device/mgt/jaxrs/util/DeviceMgtUtil.java
+++ b/components/device-mgt/org.wso2.carbon.device.mgt.api/src/main/java/org/wso2/carbon/device/mgt/jaxrs/util/DeviceMgtUtil.java
@@ -18,6 +18,7 @@
package org.wso2.carbon.device.mgt.jaxrs.util;
+import org.wso2.carbon.apimgt.api.model.Scope;
import org.wso2.carbon.device.mgt.jaxrs.beans.ErrorListItem;
import org.wso2.carbon.device.mgt.jaxrs.beans.ErrorResponse;
import org.wso2.carbon.device.mgt.jaxrs.beans.ProfileFeature;
@@ -64,6 +65,34 @@ public class DeviceMgtUtil {
}
+ public static List convertScopestoAPIScopes(List scopes) {
+ List convertedScopes = new ArrayList<>();
+ Scope convertedScope;
+ for (org.wso2.carbon.device.mgt.jaxrs.beans.Scope scope : scopes) {
+ convertedScope = new Scope();
+ convertedScope.setKey(scope.getKey());
+ convertedScope.setName(scope.getName());
+ convertedScope.setDescription(scope.getDescription());
+ convertedScope.setRoles(scope.getRoles());
+ convertedScopes.add(convertedScope);
+ }
+ return convertedScopes;
+ }
+
+ public static List convertAPIScopestoScopes(List scopes) {
+ List convertedScopes = new ArrayList<>();
+ org.wso2.carbon.device.mgt.jaxrs.beans.Scope convertedScope;
+ for (Scope scope : scopes) {
+ convertedScope = new org.wso2.carbon.device.mgt.jaxrs.beans.Scope();
+ convertedScope.setKey(scope.getKey());
+ convertedScope.setName(scope.getName());
+ convertedScope.setDescription(scope.getDescription());
+ convertedScope.setRoles(scope.getRoles());
+ convertedScopes.add(convertedScope);
+ }
+ return convertedScopes;
+ }
+
/**
* Returns a new BadRequestException
*
diff --git a/components/device-mgt/org.wso2.carbon.device.mgt.common/pom.xml b/components/device-mgt/org.wso2.carbon.device.mgt.common/pom.xml
index d8950c54e6..adfb7059fe 100644
--- a/components/device-mgt/org.wso2.carbon.device.mgt.common/pom.xml
+++ b/components/device-mgt/org.wso2.carbon.device.mgt.common/pom.xml
@@ -50,6 +50,7 @@
javax.xml.bind.annotation,
com.fasterxml.jackson.annotation,
+ org.wso2.carbon.apimgt.api.model,
io.swagger.annotations.*;resolution:=optional
@@ -68,6 +69,10 @@
com.fasterxml.jackson.core
jackson-annotations
+
+ org.wso2.carbon.apimgt
+ org.wso2.carbon.apimgt.api
+
diff --git a/components/device-mgt/org.wso2.carbon.device.mgt.common/src/main/java/org/wso2/carbon/device/mgt/common/permission/mgt/Permission.java b/components/device-mgt/org.wso2.carbon.device.mgt.common/src/main/java/org/wso2/carbon/device/mgt/common/permission/mgt/Permission.java
index ad92cb27d8..6ba2f675c0 100644
--- a/components/device-mgt/org.wso2.carbon.device.mgt.common/src/main/java/org/wso2/carbon/device/mgt/common/permission/mgt/Permission.java
+++ b/components/device-mgt/org.wso2.carbon.device.mgt.common/src/main/java/org/wso2/carbon/device/mgt/common/permission/mgt/Permission.java
@@ -24,47 +24,25 @@ import javax.xml.bind.annotation.XmlRootElement;
/**
* This class represents the information related to permission.
*/
-@XmlRootElement (name = "Permission")
public class Permission {
- private String name; // permission name
- private String path; // permission string
private String url; // url of the resource
+ private String urlTemplate; // resource template
private String method; // http method
- private String scope; //scope of the resource
+ private String context;
- public String getName() {
- return name;
+ public String getContext() {
+ return context;
}
- @XmlElement (name = "name", required = true)
- public void setName(String name) {
- this.name = name;
+ public void setContext(String context) {
+ this.context = context;
}
- public String getPath() {
- return path;
- }
-
- @XmlElement (name = "path", required = true)
- public void setPath(String path) {
- this.path = path;
- }
-
- public String getScope() {
- return scope;
- }
-
- @XmlElement(name = "scope", required = false)
- public void setScope(String scope) {
- this.scope = scope;
- }
-
public String getUrl() {
return url;
}
- @XmlElement (name = "url", required = true)
public void setUrl(String url) {
this.url = url;
}
@@ -73,8 +51,15 @@ public class Permission {
return method;
}
- @XmlElement (name = "method", required = true)
public void setMethod(String method) {
this.method = method;
}
+
+ public String getUrlTemplate() {
+ return urlTemplate;
+ }
+
+ public void setUrlTemplate(String urlTemplate) {
+ this.urlTemplate = urlTemplate;
+ }
}
diff --git a/components/device-mgt/org.wso2.carbon.device.mgt.common/src/main/java/org/wso2/carbon/device/mgt/common/permission/mgt/PermissionManagerService.java b/components/device-mgt/org.wso2.carbon.device.mgt.common/src/main/java/org/wso2/carbon/device/mgt/common/permission/mgt/PermissionManagerService.java
index 30b771565d..10bb59bcb4 100644
--- a/components/device-mgt/org.wso2.carbon.device.mgt.common/src/main/java/org/wso2/carbon/device/mgt/common/permission/mgt/PermissionManagerService.java
+++ b/components/device-mgt/org.wso2.carbon.device.mgt.common/src/main/java/org/wso2/carbon/device/mgt/common/permission/mgt/PermissionManagerService.java
@@ -29,11 +29,10 @@ public interface PermissionManagerService {
/**
*
* @param permission - Permission to be added
- * @return The status of the operation.
* @throws PermissionManagementException If some unusual behaviour is observed while adding the
* permission.
*/
- boolean addPermission(Permission permission) throws PermissionManagementException;
+ void addPermission(Permission permission) throws PermissionManagementException;
/**
*
diff --git a/components/device-mgt/org.wso2.carbon.device.mgt.common/src/main/java/org/wso2/carbon/device/mgt/common/scope/mgt/ScopeManagementException.java b/components/device-mgt/org.wso2.carbon.device.mgt.common/src/main/java/org/wso2/carbon/device/mgt/common/scope/mgt/ScopeManagementException.java
new file mode 100644
index 0000000000..ed5082a72c
--- /dev/null
+++ b/components/device-mgt/org.wso2.carbon.device.mgt.common/src/main/java/org/wso2/carbon/device/mgt/common/scope/mgt/ScopeManagementException.java
@@ -0,0 +1,57 @@
+/*
+* Copyright (c) 2014, WSO2 Inc. (http://www.wso2.org) All Rights Reserved.
+*
+* Licensed under the Apache License, Version 2.0 (the "License");
+* you may not use this file except in compliance with the License.
+* You may obtain a copy of the License at
+*
+* http://www.apache.org/licenses/LICENSE-2.0
+*
+* Unless required by applicable law or agreed to in writing, software
+* distributed under the License is distributed on an "AS IS" BASIS,
+* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+* See the License for the specific language governing permissions and
+* limitations under the License.
+*/
+package org.wso2.carbon.device.mgt.common.scope.mgt;
+
+/**
+ * This exception is used to throw when there is an issue in scope management service.
+ */
+public class ScopeManagementException extends Exception {
+
+ private static final long serialVersionUID = -315127931137779899L;
+
+ private String errorMessage;
+
+ public String getErrorMessage() {
+ return errorMessage;
+ }
+
+ public void setErrorMessage(String errorMessage) {
+ this.errorMessage = errorMessage;
+ }
+
+ public ScopeManagementException(String msg, Exception nestedEx) {
+ super(msg, nestedEx);
+ setErrorMessage(msg);
+ }
+
+ public ScopeManagementException(String message, Throwable cause) {
+ super(message, cause);
+ setErrorMessage(message);
+ }
+
+ public ScopeManagementException(String msg) {
+ super(msg);
+ setErrorMessage(msg);
+ }
+
+ public ScopeManagementException() {
+ super();
+ }
+
+ public ScopeManagementException(Throwable cause) {
+ super(cause);
+ }
+}
diff --git a/components/device-mgt/org.wso2.carbon.device.mgt.common/src/main/java/org/wso2/carbon/device/mgt/common/scope/mgt/ScopeManagementService.java b/components/device-mgt/org.wso2.carbon.device.mgt.common/src/main/java/org/wso2/carbon/device/mgt/common/scope/mgt/ScopeManagementService.java
new file mode 100644
index 0000000000..b90011aaf0
--- /dev/null
+++ b/components/device-mgt/org.wso2.carbon.device.mgt.common/src/main/java/org/wso2/carbon/device/mgt/common/scope/mgt/ScopeManagementService.java
@@ -0,0 +1,53 @@
+/*
+* Copyright (c) 2016 WSO2 Inc. (http://www.wso2.org) All Rights Reserved.
+*
+* WSO2 Inc. licenses this file to you under the Apache License,
+* Version 2.0 (the "License"); you may not use this file except
+* in compliance with the License.
+* You may obtain a copy of the License at
+*
+* http://www.apache.org/licenses/LICENSE-2.0
+*
+* Unless required by applicable law or agreed to in writing,
+* software distributed under the License is distributed on an
+* "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+* KIND, either express or implied. See the License for the
+* specific language governing permissions and limitations
+* under the License.
+*/
+
+package org.wso2.carbon.device.mgt.common.scope.mgt;
+
+import java.util.List;
+import org.wso2.carbon.apimgt.api.model.Scope;
+
+/**
+ * This interface contains the basic operations related to scope management.
+ */
+public interface ScopeManagementService {
+
+ /**
+ * This method is used to update the given list of scopes.
+ *
+ * @param scopes List of scopes to be updated.
+ * @throws ScopeManagementException
+ */
+ void updateScopes(List scopes) throws ScopeManagementException;
+
+ /**
+ * This method is used to retrieve all the scopes.
+ *
+ * @return List of scopes.
+ * @throws ScopeManagementException
+ */
+ List getAllScopes() throws ScopeManagementException;
+
+ /**
+ * This method is to retrieve the roles of the given scope
+ * @param scopeKey key of the scope
+ * @return List of roles
+ * @throws ScopeManagementException
+ */
+ String getRolesOfScope(String scopeKey) throws ScopeManagementException;
+
+}
diff --git a/components/device-mgt/org.wso2.carbon.device.mgt.core/pom.xml b/components/device-mgt/org.wso2.carbon.device.mgt.core/pom.xml
index b96ddcac8d..e317b1d1b9 100644
--- a/components/device-mgt/org.wso2.carbon.device.mgt.core/pom.xml
+++ b/components/device-mgt/org.wso2.carbon.device.mgt.core/pom.xml
@@ -91,6 +91,10 @@
!org.wso2.carbon.device.mgt.core.internal,
org.wso2.carbon.device.mgt.core.*
+
+ javax.ws.rs-api,
+ scribe;scope=compile|runtime;inline=false;
+
*
@@ -228,6 +232,7 @@
commons-collections.wso2
commons-collections
+
org.wso2.carbon.devicemgt
org.wso2.carbon.email.sender.core
@@ -236,15 +241,12 @@
mysql
mysql-connector-java
- 5.1.34
test
-
com.google.code.gson
gson
- 1.7.1
@@ -253,6 +255,26 @@
provided
+
+ org.wso2.orbit.org.scannotation
+ scannotation
+
+
+
+ org.wso2.carbon.devicemgt
+ org.wso2.carbon.apimgt.annotations
+
+
+
+ javax.ws.rs
+ javax.ws.rs-api
+
+
+
+ javax.ws.rs
+ jsr311-api
+
+
diff --git a/components/device-mgt/org.wso2.carbon.device.mgt.core/src/main/java/org/wso2/carbon/device/mgt/core/authorization/DeviceAccessAuthorizationServiceImpl.java b/components/device-mgt/org.wso2.carbon.device.mgt.core/src/main/java/org/wso2/carbon/device/mgt/core/authorization/DeviceAccessAuthorizationServiceImpl.java
index 45149c970e..60b791a5fa 100644
--- a/components/device-mgt/org.wso2.carbon.device.mgt.core/src/main/java/org/wso2/carbon/device/mgt/core/authorization/DeviceAccessAuthorizationServiceImpl.java
+++ b/components/device-mgt/org.wso2.carbon.device.mgt.core/src/main/java/org/wso2/carbon/device/mgt/core/authorization/DeviceAccessAuthorizationServiceImpl.java
@@ -243,9 +243,7 @@ public class DeviceAccessAuthorizationServiceImpl implements DeviceAccessAuthori
}
private boolean addAdminPermissionToRegistry() throws PermissionManagementException {
- Permission permission = new Permission();
- permission.setPath(PermissionUtils.getAbsolutePermissionPath(CDM_ADMIN_PERMISSION));
- return PermissionUtils.putPermission(permission);
+ return PermissionUtils.putPermission(PermissionUtils.getAbsolutePermissionPath(CDM_ADMIN_PERMISSION));
}
private Map getOwnershipOfDevices(List devices) {
diff --git a/components/device-mgt/org.wso2.carbon.device.mgt.core/src/main/java/org/wso2/carbon/device/mgt/core/config/permission/AnnotationProcessor.java b/components/device-mgt/org.wso2.carbon.device.mgt.core/src/main/java/org/wso2/carbon/device/mgt/core/config/permission/AnnotationProcessor.java
new file mode 100644
index 0000000000..a847255a6e
--- /dev/null
+++ b/components/device-mgt/org.wso2.carbon.device.mgt.core/src/main/java/org/wso2/carbon/device/mgt/core/config/permission/AnnotationProcessor.java
@@ -0,0 +1,332 @@
+/*
+ * Copyright (c) 2015, WSO2 Inc. (http://www.wso2.org) All Rights Reserved.
+ *
+ * WSO2 Inc. licenses this file to you under the Apache License,
+ * Version 2.0 (the "License"); you may not use this file except
+ * in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing,
+ * software distributed under the License is distributed on an
+ * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+ * KIND, either express or implied. See the License for the
+ * specific language governing permissions and limitations
+ * under the License.
+ */
+
+package org.wso2.carbon.device.mgt.core.config.permission;
+
+import org.apache.catalina.core.StandardContext;
+import org.apache.commons.logging.Log;
+import org.apache.commons.logging.LogFactory;
+import org.scannotation.AnnotationDB;
+import org.wso2.carbon.apimgt.annotations.api.API;
+
+import javax.servlet.ServletContext;
+import javax.ws.rs.*;
+import java.io.File;
+import java.io.IOException;
+import java.lang.annotation.Annotation;
+import java.lang.reflect.InvocationHandler;
+import java.lang.reflect.Method;
+import java.lang.reflect.Proxy;
+import java.net.MalformedURLException;
+import java.net.URI;
+import java.net.URL;
+import java.security.AccessController;
+import java.security.PrivilegedAction;
+import java.util.ArrayList;
+import java.util.List;
+import java.util.Set;
+import java.util.StringTokenizer;
+
+public class AnnotationProcessor {
+
+ private static final Log log = LogFactory.getLog(AnnotationProcessor.class);
+
+ private static final String PACKAGE_ORG_APACHE = "org.apache";
+ private static final String PACKAGE_ORG_CODEHAUS = "org.codehaus";
+ private static final String PACKAGE_ORG_SPRINGFRAMEWORK = "org.springframework";
+ private static final String WILD_CARD = "/*";
+ private static final String URL_SEPARATOR = "/";
+
+ private static final String STRING_ARR = "string_arr";
+ private static final String STRING = "string";
+
+ private Method[] pathClazzMethods;
+ private Class pathClazz;
+ Class apiClazz;
+ private ClassLoader classLoader;
+ private ServletContext servletContext;
+
+
+ public AnnotationProcessor(final StandardContext context) {
+ servletContext = context.getServletContext();
+ classLoader = servletContext.getClassLoader();
+ }
+
+ /**
+ * Scan the context for classes with annotations
+ *
+ * @return
+ * @throws IOException
+ */
+ public Set scanStandardContext(String className) throws IOException {
+ ExtendedAnnotationDB db = new ExtendedAnnotationDB();
+ db.addIgnoredPackages(PACKAGE_ORG_APACHE);
+ db.addIgnoredPackages(PACKAGE_ORG_CODEHAUS);
+ db.addIgnoredPackages(PACKAGE_ORG_SPRINGFRAMEWORK);
+ URL classPath = findWebInfClassesPath(servletContext);
+ db.scanArchives(classPath);
+
+ //Returns a list of classes with given Annotation
+ return db.getAnnotationIndex().get(className);
+ }
+
+ /**
+ * Method identifies the URL templates and context by reading the annotations of a class
+ *
+ * @param entityClasses
+ * @return
+ */
+ public List
+ extractPermissions(Set entityClasses) {
+
+ List permissions = new ArrayList<>();
+
+ if (entityClasses != null && !entityClasses.isEmpty()) {
+
+ for (final String className : entityClasses) {
+
+ List resourcePermissions =
+ AccessController.doPrivileged(new PrivilegedAction>() {
+ public List run() {
+ Class clazz;
+ List apiPermissions =
+ new ArrayList<>();
+ try {
+ clazz = classLoader.loadClass(className);
+
+ apiClazz = (Class)
+ classLoader.loadClass(org.wso2.carbon.apimgt.annotations.api.API
+ .class.getName());
+
+ Annotation apiAnno = clazz.getAnnotation(apiClazz);
+ List resourceList;
+
+ if (apiAnno != null) {
+
+ if (log.isDebugEnabled()) {
+ log.debug("Application Context root = " + servletContext.getContextPath());
+ }
+
+ try {
+ String rootContext = servletContext.getContextPath();
+ pathClazz = (Class) classLoader.loadClass(Path.class.getName());
+ pathClazzMethods = pathClazz.getMethods();
+
+ Annotation rootContectAnno = clazz.getAnnotation(pathClazz);
+ String subContext = "";
+ if (rootContectAnno != null) {
+ subContext = invokeMethod(pathClazzMethods[0], rootContectAnno, STRING);
+ if (subContext != null && !subContext.isEmpty()) {
+ if (subContext.trim().startsWith("/")) {
+ rootContext = rootContext + subContext;
+ } else {
+ rootContext = rootContext + "/" + subContext;
+ }
+ }
+ if (log.isDebugEnabled()) {
+ log.debug("API Root Context = " + rootContext);
+ }
+ }
+
+ Method[] annotatedMethods = clazz.getDeclaredMethods();
+ apiPermissions = getApiResources(rootContext, annotatedMethods);
+ } catch (Throwable throwable) {
+ log.error("Error encountered while scanning for annotations", throwable);
+ }
+ }
+ } catch (ClassNotFoundException e) {
+ log.error("Error when passing the api annotation for device type apis.");
+ }
+ return apiPermissions;
+ }
+ });
+ permissions.addAll(resourcePermissions);
+ }
+ }
+ return permissions;
+ }
+
+
+ /**
+ * Get Resources for each API
+ *
+ * @param resourceRootContext
+ * @param annotatedMethods
+ * @return
+ * @throws Throwable
+ */
+ private List
+ getApiResources(String resourceRootContext, Method[] annotatedMethods) throws Throwable {
+
+ List permissions = new ArrayList<>();
+ String subCtx;
+ for (Method method : annotatedMethods) {
+ Annotation[] annotations = method.getDeclaredAnnotations();
+ org.wso2.carbon.device.mgt.common.permission.mgt.Permission permission =
+ new org.wso2.carbon.device.mgt.common.permission.mgt.Permission();
+
+ if (isHttpMethodAvailable(annotations)) {
+ Annotation methodContextAnno = method.getAnnotation(pathClazz);
+ if (methodContextAnno != null) {
+ subCtx = invokeMethod(pathClazzMethods[0], methodContextAnno, STRING);
+ } else {
+ subCtx = WILD_CARD;
+ }
+ permission.setContext(makeContextURLReady(resourceRootContext));
+ permission.setUrlTemplate(makeContextURLReady(subCtx));
+
+ // this check is added to avoid url resolving conflict which happens due
+ // to adding of '*' notation for dynamic path variables.
+ if (WILD_CARD.equals(subCtx)) {
+ subCtx = makeContextURLReady(resourceRootContext);
+ } else {
+ subCtx = makeContextURLReady(resourceRootContext) + makeContextURLReady(subCtx);
+ }
+ permission.setUrl(replaceDynamicPathVariables(subCtx));
+ String httpMethod;
+ for (int i = 0; i < annotations.length; i++) {
+ httpMethod = getHTTPMethodAnnotation(annotations[i]);
+ if (httpMethod != null) {
+ permission.setMethod(httpMethod);
+ break;
+ }
+ }
+ permissions.add(permission);
+ }
+ }
+ return permissions;
+ }
+
+ /**
+ * Read Method annotations indicating HTTP Methods
+ * @param annotation
+ */
+ private String getHTTPMethodAnnotation(Annotation annotation) {
+ if (annotation.annotationType().getName().equals(GET.class.getName())) {
+ return HttpMethod.GET;
+ } else if (annotation.annotationType().getName().equals(POST.class.getName())) {
+ return HttpMethod.POST;
+ } else if (annotation.annotationType().getName().equals(OPTIONS.class.getName())) {
+ return HttpMethod.OPTIONS;
+ } else if (annotation.annotationType().getName().equals(DELETE.class.getName())) {
+ return HttpMethod.DELETE;
+ } else if (annotation.annotationType().getName().equals(PUT.class.getName())) {
+ return HttpMethod.PUT;
+ }
+ return null;
+ }
+
+ private boolean isHttpMethodAvailable(Annotation[] annotations) {
+ for (Annotation annotation : annotations) {
+ if (annotation.annotationType().getName().equals(GET.class.getName())) {
+ return true;
+ } else if (annotation.annotationType().getName().equals(POST.class.getName())) {
+ return true;
+ } else if (annotation.annotationType().getName().equals(OPTIONS.class.getName())) {
+ return true;
+ } else if (annotation.annotationType().getName().equals(DELETE.class.getName())) {
+ return true;
+ } else if (annotation.annotationType().getName().equals(PUT.class.getName())) {
+ return true;
+ }
+ }
+ return false;
+ }
+
+ /**
+ * Append '/' to the context and make it URL ready
+ *
+ * @param context
+ * @return
+ */
+ private String makeContextURLReady(String context) {
+ if (context != null && ! context.isEmpty()) {
+ if (context.startsWith("/")) {
+ return context;
+ } else {
+ return "/" + context;
+ }
+ }
+ return "";
+ }
+
+ /**
+ * When an annotation and method is passed, this method invokes that executes said method against the annotation
+ *
+ * @param method
+ * @param annotation
+ * @param returnType
+ * @return
+ * @throws Throwable
+ */
+ private String invokeMethod(Method method, Annotation annotation, String returnType) throws Throwable {
+ InvocationHandler methodHandler = Proxy.getInvocationHandler(annotation);
+ switch (returnType) {
+ case STRING:
+ return (String) methodHandler.invoke(annotation, method, null);
+ case STRING_ARR:
+ return ((String[]) methodHandler.invoke(annotation, method, null))[0];
+ default:
+ return null;
+ }
+ }
+
+
+ /**
+ * Find the URL pointing to "/WEB-INF/classes" This method may not work in conjunction with IteratorFactory
+ * if your servlet container does not extract the /WEB-INF/classes into a real file-based directory
+ *
+ * @param servletContext
+ * @return null if cannot determin /WEB-INF/classes
+ */
+ public static URL findWebInfClassesPath(ServletContext servletContext)
+ {
+ String path = servletContext.getRealPath("/WEB-INF/classes");
+ if (path == null) return null;
+ File fp = new File(path);
+ if (fp.exists() == false) return null;
+ try
+ {
+ URI uri = fp.toURI();
+ return uri.toURL();
+ }
+ catch (MalformedURLException e)
+ {
+ throw new RuntimeException(e);
+ }
+ }
+
+ private String replaceDynamicPathVariables(String path) {
+ StringBuilder replacedPath = new StringBuilder();
+ StringTokenizer st = new StringTokenizer(path, URL_SEPARATOR);
+ String currentToken;
+ while (st.hasMoreTokens()) {
+ currentToken = st.nextToken();
+ if (currentToken.charAt(0) == '{') {
+ if (currentToken.charAt(currentToken.length() - 1) == '}') {
+ replacedPath.append(WILD_CARD);
+ }
+ } else {
+ replacedPath.append(URL_SEPARATOR);
+ replacedPath.append(currentToken);
+ }
+ }
+ return replacedPath.toString();
+ }
+
+}
diff --git a/components/device-mgt/org.wso2.carbon.device.mgt.core/src/main/java/org/wso2/carbon/device/mgt/core/config/permission/ExtendedAnnotationDB.java b/components/device-mgt/org.wso2.carbon.device.mgt.core/src/main/java/org/wso2/carbon/device/mgt/core/config/permission/ExtendedAnnotationDB.java
new file mode 100644
index 0000000000..dbbd97e3a6
--- /dev/null
+++ b/components/device-mgt/org.wso2.carbon.device.mgt.core/src/main/java/org/wso2/carbon/device/mgt/core/config/permission/ExtendedAnnotationDB.java
@@ -0,0 +1,92 @@
+/*
+* Copyright (c) 2014, WSO2 Inc. (http://www.wso2.org) All Rights Reserved.
+*
+* Licensed under the Apache License, Version 2.0 (the "License");
+* you may not use this file except in compliance with the License.
+* You may obtain a copy of the License at
+*
+* http://www.apache.org/licenses/LICENSE-2.0
+*
+* Unless required by applicable law or agreed to in writing, software
+* distributed under the License is distributed on an "AS IS" BASIS,
+* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+* See the License for the specific language governing permissions and
+* limitations under the License.
+*/
+package org.wso2.carbon.device.mgt.core.config.permission;
+
+import org.scannotation.AnnotationDB;
+import org.scannotation.archiveiterator.Filter;
+import org.scannotation.archiveiterator.StreamIterator;
+
+import java.io.IOException;
+import java.io.InputStream;
+import java.net.URL;
+
+public class ExtendedAnnotationDB extends AnnotationDB {
+
+ public ExtendedAnnotationDB() {
+ super();
+ }
+
+ public void scanArchives(URL... urls) throws IOException {
+ URL[] arr$ = urls;
+ int len$ = urls.length;
+
+ for(int i$ = 0; i$ < len$; ++i$) {
+ URL url = arr$[i$];
+ Filter filter = new Filter() {
+ public boolean accepts(String filename) {
+ if(filename.endsWith(".class")) {
+ if(filename.startsWith("/") || filename.startsWith("\\")) {
+ filename = filename.substring(1);
+ }
+
+ if(!ExtendedAnnotationDB.this.ignoreScan(filename.replace('/', '.'))) {
+ return true;
+ }
+ }
+ return false;
+ }
+ };
+ StreamIterator it = ExtendedIteratorFactory.create(url, filter);
+
+ InputStream stream;
+ while((stream = it.next()) != null) {
+ this.scanClass(stream);
+ }
+ }
+
+ }
+
+ private boolean ignoreScan(String intf) {
+ String[] arr$;
+ int len$;
+ int i$;
+ String ignored;
+ if(this.scanPackages != null) {
+ arr$ = this.scanPackages;
+ len$ = arr$.length;
+
+ for(i$ = 0; i$ < len$; ++i$) {
+ ignored = arr$[i$];
+ if(intf.startsWith(ignored + ".")) {
+ return false;
+ }
+ }
+
+ return true;
+ } else {
+ arr$ = this.ignoredPackages;
+ len$ = arr$.length;
+
+ for(i$ = 0; i$ < len$; ++i$) {
+ ignored = arr$[i$];
+ if(intf.startsWith(ignored + ".")) {
+ return true;
+ }
+ }
+ return false;
+ }
+ }
+}
diff --git a/components/device-mgt/org.wso2.carbon.device.mgt.core/src/main/java/org/wso2/carbon/device/mgt/core/config/permission/ExtendedFileProtocolIteratorFactory.java b/components/device-mgt/org.wso2.carbon.device.mgt.core/src/main/java/org/wso2/carbon/device/mgt/core/config/permission/ExtendedFileProtocolIteratorFactory.java
new file mode 100644
index 0000000000..1394375656
--- /dev/null
+++ b/components/device-mgt/org.wso2.carbon.device.mgt.core/src/main/java/org/wso2/carbon/device/mgt/core/config/permission/ExtendedFileProtocolIteratorFactory.java
@@ -0,0 +1,32 @@
+/*
+* Copyright (c) 2014, WSO2 Inc. (http://www.wso2.org) All Rights Reserved.
+*
+* Licensed under the Apache License, Version 2.0 (the "License");
+* you may not use this file except in compliance with the License.
+* You may obtain a copy of the License at
+*
+* http://www.apache.org/licenses/LICENSE-2.0
+*
+* Unless required by applicable law or agreed to in writing, software
+* distributed under the License is distributed on an "AS IS" BASIS,
+* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+* See the License for the specific language governing permissions and
+* limitations under the License.
+*/
+package org.wso2.carbon.device.mgt.core.config.permission;
+
+import org.scannotation.archiveiterator.*;
+
+import java.io.File;
+import java.io.IOException;
+import java.net.URL;
+
+public class ExtendedFileProtocolIteratorFactory implements DirectoryIteratorFactory {
+
+ @Override
+ public StreamIterator create(URL url, Filter filter) throws IOException {
+ File f = new File(java.net.URLDecoder.decode(url.getPath(), "UTF-8"));
+ return f.isDirectory()?new FileIterator(f, filter):new JarIterator(url.openStream(), filter);
+ }
+
+}
diff --git a/components/device-mgt/org.wso2.carbon.device.mgt.core/src/main/java/org/wso2/carbon/device/mgt/core/config/permission/ExtendedIteratorFactory.java b/components/device-mgt/org.wso2.carbon.device.mgt.core/src/main/java/org/wso2/carbon/device/mgt/core/config/permission/ExtendedIteratorFactory.java
new file mode 100644
index 0000000000..18c8b7620c
--- /dev/null
+++ b/components/device-mgt/org.wso2.carbon.device.mgt.core/src/main/java/org/wso2/carbon/device/mgt/core/config/permission/ExtendedIteratorFactory.java
@@ -0,0 +1,54 @@
+/*
+* Copyright (c) 2014, WSO2 Inc. (http://www.wso2.org) All Rights Reserved.
+*
+* Licensed under the Apache License, Version 2.0 (the "License");
+* you may not use this file except in compliance with the License.
+* You may obtain a copy of the License at
+*
+* http://www.apache.org/licenses/LICENSE-2.0
+*
+* Unless required by applicable law or agreed to in writing, software
+* distributed under the License is distributed on an "AS IS" BASIS,
+* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+* See the License for the specific language governing permissions and
+* limitations under the License.
+*/
+package org.wso2.carbon.device.mgt.core.config.permission;
+
+import org.scannotation.archiveiterator.DirectoryIteratorFactory;
+import org.scannotation.archiveiterator.Filter;
+import org.scannotation.archiveiterator.JarIterator;
+import org.scannotation.archiveiterator.StreamIterator;
+
+import java.io.IOException;
+import java.net.URL;
+import java.util.concurrent.ConcurrentHashMap;
+
+public class ExtendedIteratorFactory {
+
+ private static final ConcurrentHashMap registry = new ConcurrentHashMap();
+
+ public static StreamIterator create(URL url, Filter filter) throws IOException {
+ String urlString = url.toString();
+ if(urlString.endsWith("!/")) {
+ urlString = urlString.substring(4);
+ urlString = urlString.substring(0, urlString.length() - 2);
+ url = new URL(urlString);
+ }
+
+ if(!urlString.endsWith("/")) {
+ return new JarIterator(url.openStream(), filter);
+ } else {
+ DirectoryIteratorFactory factory = registry.get(url.getProtocol());
+ if(factory == null) {
+ throw new IOException("Unable to scan directory of protocol: " + url.getProtocol());
+ } else {
+ return factory.create(url, filter);
+ }
+ }
+ }
+
+ static {
+ registry.put("file", new ExtendedFileProtocolIteratorFactory());
+ }
+}
diff --git a/components/device-mgt/org.wso2.carbon.device.mgt.core/src/main/java/org/wso2/carbon/device/mgt/core/config/permission/PermissionConfiguration.java b/components/device-mgt/org.wso2.carbon.device.mgt.core/src/main/java/org/wso2/carbon/device/mgt/core/config/permission/PermissionConfiguration.java
index f974ea5f20..7911ff7cdf 100644
--- a/components/device-mgt/org.wso2.carbon.device.mgt.core/src/main/java/org/wso2/carbon/device/mgt/core/config/permission/PermissionConfiguration.java
+++ b/components/device-mgt/org.wso2.carbon.device.mgt.core/src/main/java/org/wso2/carbon/device/mgt/core/config/permission/PermissionConfiguration.java
@@ -25,29 +25,27 @@ import javax.xml.bind.annotation.XmlRootElement;
import java.util.List;
/**
- * This class represents the information related to permission configuration.
+ * This class represents the information related to permissions.
*/
-@XmlRootElement (name = "PermissionConfiguration")
public class PermissionConfiguration {
- private List permissions;
- private String apiVersion;
+ private String scopeName;
+ private String[] permissions;
- public String getApiVersion() {
- return apiVersion;
+ public String getScopeName() {
+ return scopeName;
}
- @XmlElement (name = "APIVersion", required = true)
- public void setApiVersion(String apiVersion) {
- this.apiVersion = apiVersion;
+ public void setScopeName(String scope) {
+ this.scopeName = scope;
}
- public List getPermissions() {
+ public String[] getPermissions() {
return permissions;
}
- @XmlElement (name = "Permission", required = true)
- public void setPermissions(List permissions) {
+ public void setPermissions(String[] permissions) {
this.permissions = permissions;
}
+
}
diff --git a/components/device-mgt/org.wso2.carbon.device.mgt.core/src/main/java/org/wso2/carbon/device/mgt/core/config/permission/lifecycle/WebAppDeploymentLifecycleListener.java b/components/device-mgt/org.wso2.carbon.device.mgt.core/src/main/java/org/wso2/carbon/device/mgt/core/config/permission/lifecycle/WebAppDeploymentLifecycleListener.java
index f274eee845..fbde8047e3 100644
--- a/components/device-mgt/org.wso2.carbon.device.mgt.core/src/main/java/org/wso2/carbon/device/mgt/core/config/permission/lifecycle/WebAppDeploymentLifecycleListener.java
+++ b/components/device-mgt/org.wso2.carbon.device.mgt.core/src/main/java/org/wso2/carbon/device/mgt/core/config/permission/lifecycle/WebAppDeploymentLifecycleListener.java
@@ -26,6 +26,8 @@ import org.apache.commons.logging.Log;
import org.apache.commons.logging.LogFactory;
import org.wso2.carbon.device.mgt.common.permission.mgt.Permission;
import org.wso2.carbon.device.mgt.common.permission.mgt.PermissionManagementException;
+import org.wso2.carbon.device.mgt.common.permission.mgt.PermissionManagerService;
+import org.wso2.carbon.device.mgt.core.config.permission.AnnotationProcessor;
import org.wso2.carbon.device.mgt.core.config.permission.PermissionConfiguration;
import org.wso2.carbon.device.mgt.core.permission.mgt.PermissionManagerServiceImpl;
import org.wso2.carbon.device.mgt.core.permission.mgt.PermissionUtils;
@@ -35,8 +37,10 @@ import javax.xml.bind.JAXBContext;
import javax.xml.bind.JAXBException;
import javax.xml.bind.Unmarshaller;
import java.io.File;
+import java.io.IOException;
import java.io.InputStream;
import java.util.List;
+import java.util.Set;
/**
* This listener class will initiate the permission addition of permissions defined in
@@ -45,7 +49,8 @@ import java.util.List;
@SuppressWarnings("unused")
public class WebAppDeploymentLifecycleListener implements LifecycleListener {
- private static final String PERMISSION_CONFIG_PATH = "META-INF" + File.separator + "permissions.xml";
+ private static final String PARAM_MANAGED_API_ENABLED = "managed-api-enabled";
+
private static final Log log = LogFactory.getLog(WebAppDeploymentLifecycleListener.class);
@Override
@@ -54,34 +59,27 @@ public class WebAppDeploymentLifecycleListener implements LifecycleListener {
StandardContext context = (StandardContext) lifecycleEvent.getLifecycle();
ServletContext servletContext = context.getServletContext();
String contextPath = context.getServletContext().getContextPath();
- try {
- InputStream permissionStream = servletContext.getResourceAsStream(PERMISSION_CONFIG_PATH);
- if (permissionStream != null) {
- /* Un-marshaling Device Management configuration */
- JAXBContext cdmContext = JAXBContext.newInstance(PermissionConfiguration.class);
- Unmarshaller unmarshaller = cdmContext.createUnmarshaller();
- PermissionConfiguration permissionConfiguration = (PermissionConfiguration)
- unmarshaller.unmarshal(permissionStream);
- List permissions = permissionConfiguration.getPermissions();
- String apiVersion = permissionConfiguration.getApiVersion();
- if (permissionConfiguration != null && permissions != null) {
+ String param = servletContext.getInitParameter(PARAM_MANAGED_API_ENABLED);
+ boolean isManagedApi = (param != null && !param.isEmpty()) && Boolean.parseBoolean(param);
+
+ if (isManagedApi) {
+ try {
+ AnnotationProcessor annotationProcessor = new AnnotationProcessor(context);
+ Set annotatedAPIClasses = annotationProcessor.
+ scanStandardContext(org.wso2.carbon.apimgt.annotations.api.API.class.getName());
+ List permissions = annotationProcessor.extractPermissions(annotatedAPIClasses);
+ PermissionManagerService permissionManagerService = PermissionManagerServiceImpl.getInstance();
+ if (permissions != null) {
for (Permission permission : permissions) {
- // update the permission path to absolute permission path
- permission.setPath(PermissionUtils.getAbsolutePermissionPath(permission.getPath()));
- permission.setUrl(PermissionUtils.getAbsoluteContextPathOfAPI(contextPath, apiVersion,
- permission.getUrl()).toLowerCase());
- permission.setMethod(permission.getMethod().toUpperCase());
- PermissionManagerServiceImpl.getInstance().addPermission(permission);
+ permissionManagerService.addPermission(permission);
}
}
+ } catch (PermissionManagementException e) {
+ log.error("Exception occurred while adding the permissions from webapp : "
+ + servletContext.getContextPath(), e);
+ } catch (IOException e) {
+ log.error("Cannot find API annotation Class in the webapp '" + contextPath + "' class path", e);
}
- } catch (JAXBException e) {
- log.error(
- "Exception occurred while parsing the permission configuration of webapp : "
- + context.getServletContext().getContextPath(), e);
- } catch (PermissionManagementException e) {
- log.error("Exception occurred while adding the permissions from webapp : "
- + servletContext.getContextPath(), e);
}
}
diff --git a/components/device-mgt/org.wso2.carbon.device.mgt.core/src/main/java/org/wso2/carbon/device/mgt/core/internal/DeviceManagementDataHolder.java b/components/device-mgt/org.wso2.carbon.device.mgt.core/src/main/java/org/wso2/carbon/device/mgt/core/internal/DeviceManagementDataHolder.java
index 8ca3ca45cc..7f5f5f5e97 100644
--- a/components/device-mgt/org.wso2.carbon.device.mgt.core/src/main/java/org/wso2/carbon/device/mgt/core/internal/DeviceManagementDataHolder.java
+++ b/components/device-mgt/org.wso2.carbon.device.mgt.core/src/main/java/org/wso2/carbon/device/mgt/core/internal/DeviceManagementDataHolder.java
@@ -18,6 +18,7 @@
package org.wso2.carbon.device.mgt.core.internal;
+import org.wso2.carbon.apimgt.impl.APIManagerConfiguration;
import org.wso2.carbon.device.mgt.common.app.mgt.ApplicationManager;
import org.wso2.carbon.device.mgt.common.authorization.DeviceAccessAuthorizationService;
import org.wso2.carbon.device.mgt.common.license.mgt.LicenseManager;
@@ -56,6 +57,16 @@ public class DeviceManagementDataHolder {
private EmailSenderService emailSenderService;
private PushNotificationProviderRepository pushNotificationProviderRepository;
+ public APIManagerConfiguration getApiManagerConfiguration() {
+ return apiManagerConfiguration;
+ }
+
+ public void setApiManagerConfiguration(APIManagerConfiguration apiManagerConfiguration) {
+ this.apiManagerConfiguration = apiManagerConfiguration;
+ }
+
+ private APIManagerConfiguration apiManagerConfiguration;
+
private DeviceManagementDataHolder() {}
public static DeviceManagementDataHolder getInstance() {
diff --git a/components/device-mgt/org.wso2.carbon.device.mgt.core/src/main/java/org/wso2/carbon/device/mgt/core/internal/DeviceManagementServiceComponent.java b/components/device-mgt/org.wso2.carbon.device.mgt.core/src/main/java/org/wso2/carbon/device/mgt/core/internal/DeviceManagementServiceComponent.java
index 0ff2b680fe..834eefb5b1 100644
--- a/components/device-mgt/org.wso2.carbon.device.mgt.core/src/main/java/org/wso2/carbon/device/mgt/core/internal/DeviceManagementServiceComponent.java
+++ b/components/device-mgt/org.wso2.carbon.device.mgt.core/src/main/java/org/wso2/carbon/device/mgt/core/internal/DeviceManagementServiceComponent.java
@@ -21,6 +21,7 @@ import org.apache.commons.logging.Log;
import org.apache.commons.logging.LogFactory;
import org.osgi.framework.BundleContext;
import org.osgi.service.component.ComponentContext;
+import org.wso2.carbon.apimgt.impl.APIManagerConfiguration;
import org.wso2.carbon.apimgt.impl.APIManagerConfigurationService;
import org.wso2.carbon.device.mgt.common.DeviceManagementException;
import org.wso2.carbon.device.mgt.common.app.mgt.ApplicationManagementException;
@@ -30,6 +31,7 @@ import org.wso2.carbon.device.mgt.common.notification.mgt.NotificationManagement
import org.wso2.carbon.device.mgt.common.operation.mgt.OperationManagementException;
import org.wso2.carbon.device.mgt.common.operation.mgt.OperationManager;
import org.wso2.carbon.device.mgt.common.permission.mgt.PermissionManagerService;
+import org.wso2.carbon.device.mgt.common.scope.mgt.ScopeManagementService;
import org.wso2.carbon.device.mgt.common.spi.DeviceManagementService;
import org.wso2.carbon.device.mgt.core.DeviceManagementConstants;
import org.wso2.carbon.device.mgt.core.DeviceManagementPluginRepository;
@@ -50,6 +52,8 @@ import org.wso2.carbon.device.mgt.core.operation.mgt.OperationManagerImpl;
import org.wso2.carbon.device.mgt.core.operation.mgt.dao.OperationManagementDAOFactory;
import org.wso2.carbon.device.mgt.core.permission.mgt.PermissionManagerServiceImpl;
import org.wso2.carbon.device.mgt.core.push.notification.mgt.PushNotificationProviderRepository;
+import org.wso2.carbon.device.mgt.core.scope.mgt.ScopeManagementServiceImpl;
+import org.wso2.carbon.device.mgt.core.scope.mgt.dao.ScopeManagementDAOFactory;
import org.wso2.carbon.device.mgt.core.service.DeviceManagementProviderService;
import org.wso2.carbon.device.mgt.core.service.DeviceManagementProviderServiceImpl;
import org.wso2.carbon.device.mgt.core.service.GroupManagementProviderService;
@@ -59,8 +63,10 @@ import org.wso2.carbon.email.sender.core.service.EmailSenderService;
import org.wso2.carbon.ndatasource.core.DataSourceService;
import org.wso2.carbon.registry.core.service.RegistryService;
import org.wso2.carbon.user.core.service.RealmService;
+import org.wso2.carbon.utils.CarbonUtils;
import org.wso2.carbon.utils.ConfigurationContextService;
+import java.io.File;
import java.util.ArrayList;
import java.util.List;
@@ -117,6 +123,9 @@ public class DeviceManagementServiceComponent {
private static List deviceManagers = new ArrayList<>();
private static List startupListeners = new ArrayList<>();
private DeviceManagementPluginRepository pluginRepository = new DeviceManagementPluginRepository();
+ private static final String APIM_CONFIGURATION_PATH = CarbonUtils.getCarbonHome() + File.separator + "repository" +
+ File.separator + "conf" + File.separator + "api-manager.xml";
+ private static final String DATA_SOURCE_NAME = "DataSourceName";
public static void registerPluginInitializationListener(PluginInitializationListener listener) {
synchronized (LOCK) {
@@ -149,12 +158,19 @@ public class DeviceManagementServiceComponent {
DeviceConfigurationManager.getInstance().getDeviceManagementConfig();
DataSourceConfig dsConfig = config.getDeviceManagementConfigRepository().getDataSourceConfig();
+
+ APIManagerConfiguration apiManagerConfiguration = new APIManagerConfiguration();
+ apiManagerConfiguration.load(APIM_CONFIGURATION_PATH);
+ DeviceManagementDataHolder.getInstance().setApiManagerConfiguration(apiManagerConfiguration);
+
DeviceManagementDAOFactory.init(dsConfig);
GroupManagementDAOFactory.init(dsConfig);
NotificationManagementDAOFactory.init(dsConfig);
-
OperationManagementDAOFactory.init(dsConfig);
+ String apiManagerDataSource = apiManagerConfiguration.getFirstProperty(DATA_SOURCE_NAME);
+ ScopeManagementDAOFactory.init(apiManagerDataSource);
+
/* Initialize Operation Manager */
this.initOperationsManager();
@@ -227,10 +243,9 @@ public class DeviceManagementServiceComponent {
= new NotificationManagementServiceImpl();
bundleContext.registerService(NotificationManagementService.class.getName(), notificationManagementService, null);
- /* Registering PermissionManager Service */
- PermissionManagerService permissionManagerService
- = PermissionManagerServiceImpl.getInstance();
- bundleContext.registerService(PermissionManagerService.class.getName(), permissionManagerService, null);
+ /* Registering Scope Management Service */
+ ScopeManagementService scopeManagementService = new ScopeManagementServiceImpl();
+ bundleContext.registerService(ScopeManagementService.class.getName(), scopeManagementService, null);
/* Registering DeviceAccessAuthorization Service */
DeviceAccessAuthorizationService deviceAccessAuthorizationService = new DeviceAccessAuthorizationServiceImpl();
diff --git a/components/device-mgt/org.wso2.carbon.device.mgt.core/src/main/java/org/wso2/carbon/device/mgt/core/permission/mgt/PermissionManagerServiceImpl.java b/components/device-mgt/org.wso2.carbon.device.mgt.core/src/main/java/org/wso2/carbon/device/mgt/core/permission/mgt/PermissionManagerServiceImpl.java
index 190b90dbc7..0cdae21617 100644
--- a/components/device-mgt/org.wso2.carbon.device.mgt.core/src/main/java/org/wso2/carbon/device/mgt/core/permission/mgt/PermissionManagerServiceImpl.java
+++ b/components/device-mgt/org.wso2.carbon.device.mgt.core/src/main/java/org/wso2/carbon/device/mgt/core/permission/mgt/PermissionManagerServiceImpl.java
@@ -22,8 +22,9 @@ import org.wso2.carbon.device.mgt.common.permission.mgt.Permission;
import org.wso2.carbon.device.mgt.common.permission.mgt.PermissionManagementException;
import org.wso2.carbon.device.mgt.common.permission.mgt.PermissionManagerService;
-import java.util.List;
+import java.util.HashSet;
import java.util.Properties;
+import java.util.Set;
/**
* This class will add, update custom permissions defined in permission.xml in webapps and it will
@@ -52,16 +53,19 @@ public class PermissionManagerServiceImpl implements PermissionManagerService {
}
@Override
- public boolean addPermission(Permission permission) throws PermissionManagementException {
+ public void addPermission(Permission permission) throws PermissionManagementException {
// adding a permission to the tree
permissionTree.addPermission(permission);
- return PermissionUtils.putPermission(permission);
}
@Override
public Permission getPermission(Properties properties) throws PermissionManagementException {
String url = (String) properties.get(URL_PROPERTY);
String httpMethod = (String) properties.get(HTTP_METHOD_PROPERTY);
+
+ if (url == null || url.isEmpty() || httpMethod == null || httpMethod.isEmpty()) {
+ throw new PermissionManagementException("Resource URI/HTTP method is empty");
+ }
return permissionTree.getPermission(url, httpMethod);
}
}
diff --git a/components/device-mgt/org.wso2.carbon.device.mgt.core/src/main/java/org/wso2/carbon/device/mgt/core/permission/mgt/PermissionTree.java b/components/device-mgt/org.wso2.carbon.device.mgt.core/src/main/java/org/wso2/carbon/device/mgt/core/permission/mgt/PermissionTree.java
index 8294cce8a0..62af312e66 100644
--- a/components/device-mgt/org.wso2.carbon.device.mgt.core/src/main/java/org/wso2/carbon/device/mgt/core/permission/mgt/PermissionTree.java
+++ b/components/device-mgt/org.wso2.carbon.device.mgt.core/src/main/java/org/wso2/carbon/device/mgt/core/permission/mgt/PermissionTree.java
@@ -54,9 +54,6 @@ public class PermissionTree {
tempRoot = addPermissionNode(tempRoot, tempChild);
}
tempRoot.addPermission(permission.getMethod(), permission); //setting permission to the vertex
- if (log.isDebugEnabled()) {
- log.debug("Added permission '" + permission.getName() + "'");
- }
}
/**
diff --git a/components/device-mgt/org.wso2.carbon.device.mgt.core/src/main/java/org/wso2/carbon/device/mgt/core/permission/mgt/PermissionUtils.java b/components/device-mgt/org.wso2.carbon.device.mgt.core/src/main/java/org/wso2/carbon/device/mgt/core/permission/mgt/PermissionUtils.java
index 27b95e56cc..9f73a36e1c 100644
--- a/components/device-mgt/org.wso2.carbon.device.mgt.core/src/main/java/org/wso2/carbon/device/mgt/core/permission/mgt/PermissionUtils.java
+++ b/components/device-mgt/org.wso2.carbon.device.mgt.core/src/main/java/org/wso2/carbon/device/mgt/core/permission/mgt/PermissionUtils.java
@@ -39,84 +39,82 @@ import java.util.StringTokenizer;
*/
public class PermissionUtils {
- public static final String ADMIN_PERMISSION_REGISTRY_PATH = "/permission/admin";
- public static final String PERMISSION_PROPERTY_NAME = "name";
+ public static final String ADMIN_PERMISSION_REGISTRY_PATH = "/permission/admin";
+ public static final String PERMISSION_PROPERTY_NAME = "name";
- public static Registry getGovernanceRegistry() throws PermissionManagementException {
- try {
- int tenantId = PrivilegedCarbonContext.getThreadLocalCarbonContext().getTenantId();
- return DeviceManagementDataHolder.getInstance().getRegistryService()
- .getGovernanceSystemRegistry(
- tenantId);
- } catch (RegistryException e) {
- throw new PermissionManagementException(
- "Error in retrieving governance registry instance: " +
- e.getMessage(), e);
- }
- }
+ public static Registry getGovernanceRegistry() throws PermissionManagementException {
+ try {
+ int tenantId = PrivilegedCarbonContext.getThreadLocalCarbonContext().getTenantId();
+ return DeviceManagementDataHolder.getInstance().getRegistryService()
+ .getGovernanceSystemRegistry(
+ tenantId);
+ } catch (RegistryException e) {
+ throw new PermissionManagementException(
+ "Error in retrieving governance registry instance: " +
+ e.getMessage(), e);
+ }
+ }
- public static String getAbsolutePermissionPath(String permissionPath) {
- return PermissionUtils.ADMIN_PERMISSION_REGISTRY_PATH + permissionPath;
- }
+ public static String getAbsolutePermissionPath(String permissionPath) {
+ return PermissionUtils.ADMIN_PERMISSION_REGISTRY_PATH + permissionPath;
+ }
public static String getAbsoluteContextPathOfAPI(String contextPath, String version, String url) {
- if((version != null) && !version.isEmpty()) {
- return contextPath + "/" + version + url;
+ if ((version != null) && !version.isEmpty()) {
+ return contextPath + "/" + version + url;
}
return contextPath + url;
}
- public static Permission getPermission(String path) throws PermissionManagementException {
- try {
- Resource resource = PermissionUtils.getGovernanceRegistry().get(path);
- Permission permission = new Permission();
- permission.setName(resource.getProperty(PERMISSION_PROPERTY_NAME));
- permission.setPath(resource.getPath());
- return permission;
- } catch (RegistryException e) {
- throw new PermissionManagementException("Error in retrieving registry resource : " +
- e.getMessage(), e);
- }
- }
-
- public static boolean putPermission(Permission permission)
- throws PermissionManagementException {
- boolean status;
- try {
- StringTokenizer tokenizer = new StringTokenizer(permission.getPath(), "/");
- String lastToken = "", currentToken, tempPath;
- while(tokenizer.hasMoreTokens()) {
- currentToken = tokenizer.nextToken();
- tempPath = lastToken + "/" + currentToken;
- if(!checkResourceExists(tempPath)) {
+ // public static Permission getPermission(String path) throws PermissionManagementException {
+// try {
+// Resource resource = PermissionUtils.getGovernanceRegistry().get(path);
+// Permission permission = new Permission();
+// permission.setName(resource.getProperty(PERMISSION_PROPERTY_NAME));
+// permission.setPath(resource.getPath());
+// return permission;
+// } catch (RegistryException e) {
+// throw new PermissionManagementException("Error in retrieving registry resource : " +
+// e.getMessage(), e);
+// }
+// }
+//
+ public static boolean putPermission(String permissionPath)
+ throws PermissionManagementException {
+ boolean status;
+ try {
+ StringTokenizer tokenizer = new StringTokenizer(permissionPath, "/");
+ String lastToken = "", currentToken, tempPath;
+ while (tokenizer.hasMoreTokens()) {
+ currentToken = tokenizer.nextToken();
+ tempPath = lastToken + "/" + currentToken;
+ if (!checkResourceExists(tempPath)) {
createRegistryCollection(tempPath, currentToken);
- }
- lastToken = tempPath;
- }
- status = true;
- } catch (RegistryException e) {
- throw new PermissionManagementException(
- "Error occurred while persisting permission : " +
- permission.getName(), e);
- }
- return status;
- }
+ }
+ lastToken = tempPath;
+ }
+ status = true;
+ } catch (RegistryException e) {
+ throw new PermissionManagementException("Error occurred while persisting permission", e);
+ }
+ return status;
+ }
- public static void createRegistryCollection(String path, String resourceName)
- throws PermissionManagementException,
- RegistryException {
- Resource resource = PermissionUtils.getGovernanceRegistry().newCollection();
- resource.addProperty(PERMISSION_PROPERTY_NAME, resourceName);
- PermissionUtils.getGovernanceRegistry().beginTransaction();
- PermissionUtils.getGovernanceRegistry().put(path, resource);
- PermissionUtils.getGovernanceRegistry().commitTransaction();
- }
+ public static void createRegistryCollection(String path, String resourceName)
+ throws PermissionManagementException,
+ RegistryException {
+ Resource resource = PermissionUtils.getGovernanceRegistry().newCollection();
+ resource.addProperty(PERMISSION_PROPERTY_NAME, resourceName);
+ PermissionUtils.getGovernanceRegistry().beginTransaction();
+ PermissionUtils.getGovernanceRegistry().put(path, resource);
+ PermissionUtils.getGovernanceRegistry().commitTransaction();
+ }
- public static boolean checkResourceExists(String path)
- throws PermissionManagementException,
- org.wso2.carbon.registry.core.exceptions.RegistryException {
- return PermissionUtils.getGovernanceRegistry().resourceExists(path);
- }
+ public static boolean checkResourceExists(String path)
+ throws PermissionManagementException,
+ org.wso2.carbon.registry.core.exceptions.RegistryException {
+ return PermissionUtils.getGovernanceRegistry().resourceExists(path);
+ }
public static Document convertToDocument(File file) throws PermissionManagementException {
DocumentBuilderFactory factory = DocumentBuilderFactory.newInstance();
diff --git a/components/device-mgt/org.wso2.carbon.device.mgt.core/src/main/java/org/wso2/carbon/device/mgt/core/scope/mgt/ScopeManagementServiceImpl.java b/components/device-mgt/org.wso2.carbon.device.mgt.core/src/main/java/org/wso2/carbon/device/mgt/core/scope/mgt/ScopeManagementServiceImpl.java
new file mode 100644
index 0000000000..59418e760f
--- /dev/null
+++ b/components/device-mgt/org.wso2.carbon.device.mgt.core/src/main/java/org/wso2/carbon/device/mgt/core/scope/mgt/ScopeManagementServiceImpl.java
@@ -0,0 +1,97 @@
+/*
+* Copyright (c) 2016 WSO2 Inc. (http://www.wso2.org) All Rights Reserved.
+*
+* WSO2 Inc. licenses this file to you under the Apache License,
+* Version 2.0 (the "License"); you may not use this file except
+* in compliance with the License.
+* You may obtain a copy of the License at
+*
+* http://www.apache.org/licenses/LICENSE-2.0
+*
+* Unless required by applicable law or agreed to in writing,
+* software distributed under the License is distributed on an
+* "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+* KIND, either express or implied. See the License for the
+* specific language governing permissions and limitations
+* under the License.
+*/
+
+package org.wso2.carbon.device.mgt.core.scope.mgt;
+
+import org.wso2.carbon.apimgt.api.model.Scope;
+import org.wso2.carbon.device.mgt.common.TransactionManagementException;
+import org.wso2.carbon.device.mgt.common.scope.mgt.ScopeManagementException;
+import org.wso2.carbon.device.mgt.common.scope.mgt.ScopeManagementService;
+import org.wso2.carbon.device.mgt.core.scope.mgt.dao.ScopeManagementDAO;
+import org.wso2.carbon.device.mgt.core.scope.mgt.dao.ScopeManagementDAOException;
+import org.wso2.carbon.device.mgt.core.scope.mgt.dao.ScopeManagementDAOFactory;
+
+import java.lang.annotation.Inherited;
+import java.sql.SQLException;
+import java.util.ArrayList;
+import java.util.List;
+
+/**
+ * This is an implementation of a Scope Management Service.
+ */
+public class ScopeManagementServiceImpl implements ScopeManagementService {
+
+ private ScopeManagementDAO scopeManagementDAO;
+
+ public ScopeManagementServiceImpl() {
+ this.scopeManagementDAO = ScopeManagementDAOFactory.getScopeManagementDAO();
+ }
+
+ @Override
+ public void updateScopes(List scopes) throws ScopeManagementException {
+ try{
+ ScopeManagementDAOFactory.beginTransaction();
+ scopeManagementDAO.updateScopes(scopes);
+ ScopeManagementDAOFactory.commitTransaction();
+ } catch (TransactionManagementException e) {
+ ScopeManagementDAOFactory.rollbackTransaction();
+ throw new ScopeManagementException("Transactional error occurred while adding the scopes.", e);
+ } catch (ScopeManagementDAOException e) {
+ ScopeManagementDAOFactory.rollbackTransaction();
+ throw new ScopeManagementException("Error occurred while adding the scopes to database.", e);
+ } finally {
+ ScopeManagementDAOFactory.closeConnection();
+ }
+ }
+
+ @Override
+ public List getAllScopes() throws ScopeManagementException {
+ List scopes = new ArrayList<>();
+ try{
+ ScopeManagementDAOFactory.openConnection();
+ scopes = scopeManagementDAO.getAllScopes();
+ } catch (SQLException e) {
+ throw new ScopeManagementException("SQL error occurred while retrieving scopes from database.", e);
+ } catch (ScopeManagementDAOException e) {
+ throw new ScopeManagementException("Error occurred while retrieving scopes from database.", e);
+ } finally {
+ ScopeManagementDAOFactory.closeConnection();
+ }
+ return scopes;
+ }
+
+ @Override
+ public String getRolesOfScope(String scopeKey) throws ScopeManagementException {
+ String roles;
+ if (scopeKey == null || scopeKey.isEmpty()) {
+ throw new ScopeManagementException("Scope key is null or empty");
+ }
+ try {
+ ScopeManagementDAOFactory.openConnection();
+ roles = scopeManagementDAO.getRolesOfScope(scopeKey);
+ } catch (SQLException e) {
+ throw new ScopeManagementException("SQL error occurred while retrieving roles of scope from database.", e);
+ } catch (ScopeManagementDAOException e) {
+ throw new ScopeManagementException("Error occurred while retrieving roles of scope from database.", e);
+ } finally {
+ ScopeManagementDAOFactory.closeConnection();
+ }
+ return roles;
+ }
+
+}
diff --git a/components/device-mgt/org.wso2.carbon.device.mgt.core/src/main/java/org/wso2/carbon/device/mgt/core/scope/mgt/dao/ScopeManagementDAO.java b/components/device-mgt/org.wso2.carbon.device.mgt.core/src/main/java/org/wso2/carbon/device/mgt/core/scope/mgt/dao/ScopeManagementDAO.java
new file mode 100644
index 0000000000..38517f6c4e
--- /dev/null
+++ b/components/device-mgt/org.wso2.carbon.device.mgt.core/src/main/java/org/wso2/carbon/device/mgt/core/scope/mgt/dao/ScopeManagementDAO.java
@@ -0,0 +1,54 @@
+/*
+* Copyright (c) 2016 WSO2 Inc. (http://www.wso2.org) All Rights Reserved.
+*
+* WSO2 Inc. licenses this file to you under the Apache License,
+* Version 2.0 (the "License"); you may not use this file except
+* in compliance with the License.
+* You may obtain a copy of the License at
+*
+* http://www.apache.org/licenses/LICENSE-2.0
+*
+* Unless required by applicable law or agreed to in writing,
+* software distributed under the License is distributed on an
+* "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+* KIND, either express or implied. See the License for the
+* specific language governing permissions and limitations
+* under the License.
+*/
+
+package org.wso2.carbon.device.mgt.core.scope.mgt.dao;
+
+import org.wso2.carbon.apimgt.api.model.Scope;
+
+import java.util.List;
+
+/**
+ * This interface contains the basic database operations related to scope management.
+ */
+public interface ScopeManagementDAO {
+
+ /**
+ * This method is used to update the list of scopes.
+ *
+ * @param scopes List of scopes to be updated.
+ * @throws ScopeManagementDAOException
+ */
+ void updateScopes(List scopes) throws ScopeManagementDAOException;
+
+ /**
+ * This method is used to retrieve all the scopes.
+ *
+ * @return List of scopes.
+ * @throws ScopeManagementDAOException
+ */
+ List getAllScopes() throws ScopeManagementDAOException;
+
+ /**
+ * This method is to retrieve the roles of the given scope
+ * @param scopeKey key of the scope
+ * @return List of roles
+ * @throws ScopeManagementDAOException
+ */
+ String getRolesOfScope(String scopeKey) throws ScopeManagementDAOException;
+
+}
diff --git a/components/device-mgt/org.wso2.carbon.device.mgt.core/src/main/java/org/wso2/carbon/device/mgt/core/scope/mgt/dao/ScopeManagementDAOException.java b/components/device-mgt/org.wso2.carbon.device.mgt.core/src/main/java/org/wso2/carbon/device/mgt/core/scope/mgt/dao/ScopeManagementDAOException.java
new file mode 100644
index 0000000000..61ea7de2e2
--- /dev/null
+++ b/components/device-mgt/org.wso2.carbon.device.mgt.core/src/main/java/org/wso2/carbon/device/mgt/core/scope/mgt/dao/ScopeManagementDAOException.java
@@ -0,0 +1,57 @@
+/*
+* Copyright (c) 2016 WSO2 Inc. (http://www.wso2.org) All Rights Reserved.
+*
+* WSO2 Inc. licenses this file to you under the Apache License,
+* Version 2.0 (the "License"); you may not use this file except
+* in compliance with the License.
+* You may obtain a copy of the License at
+*
+* http://www.apache.org/licenses/LICENSE-2.0
+*
+* Unless required by applicable law or agreed to in writing,
+* software distributed under the License is distributed on an
+* "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+* KIND, either express or implied. See the License for the
+* specific language governing permissions and limitations
+* under the License.
+*/
+package org.wso2.carbon.device.mgt.core.scope.mgt.dao;
+
+public class ScopeManagementDAOException extends Exception {
+
+ private static final long serialVersionUID = -315127931137771199L;
+
+ private String errorMessage;
+
+ public String getErrorMessage() {
+ return errorMessage;
+ }
+
+ public void setErrorMessage(String errorMessage) {
+ this.errorMessage = errorMessage;
+ }
+
+ public ScopeManagementDAOException(String msg, Exception nestedEx) {
+ super(msg, nestedEx);
+ setErrorMessage(msg);
+ }
+
+ public ScopeManagementDAOException(String message, Throwable cause) {
+ super(message, cause);
+ setErrorMessage(message);
+ }
+
+ public ScopeManagementDAOException(String msg) {
+ super(msg);
+ setErrorMessage(msg);
+ }
+
+ public ScopeManagementDAOException() {
+ super();
+ }
+
+ public ScopeManagementDAOException(Throwable cause) {
+ super(cause);
+ }
+
+}
diff --git a/components/device-mgt/org.wso2.carbon.device.mgt.core/src/main/java/org/wso2/carbon/device/mgt/core/scope/mgt/dao/ScopeManagementDAOFactory.java b/components/device-mgt/org.wso2.carbon.device.mgt.core/src/main/java/org/wso2/carbon/device/mgt/core/scope/mgt/dao/ScopeManagementDAOFactory.java
new file mode 100644
index 0000000000..cb53d76f29
--- /dev/null
+++ b/components/device-mgt/org.wso2.carbon.device.mgt.core/src/main/java/org/wso2/carbon/device/mgt/core/scope/mgt/dao/ScopeManagementDAOFactory.java
@@ -0,0 +1,139 @@
+/*
+ * Copyright (c) 2016, WSO2 Inc. (http://www.wso2.org) All Rights Reserved.
+ *
+ * WSO2 Inc. licenses this file to you under the Apache License,
+ * Version 2.0 (the "License"); you may not use this file except
+ * in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing,
+ * software distributed under the License is distributed on an
+ * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+ * KIND, either express or implied. See the License for the
+ * specific language governing permissions and limitations
+ * under the License.
+ */
+package org.wso2.carbon.device.mgt.core.scope.mgt.dao;
+
+
+import org.apache.commons.logging.Log;
+import org.apache.commons.logging.LogFactory;
+import org.wso2.carbon.device.mgt.common.IllegalTransactionStateException;
+import org.wso2.carbon.device.mgt.common.TransactionManagementException;
+import org.wso2.carbon.device.mgt.core.dao.util.DeviceManagementDAOUtil;
+import org.wso2.carbon.device.mgt.core.scope.mgt.dao.impl.ScopeManagementDAOImpl;
+
+import javax.sql.DataSource;
+import java.sql.Connection;
+import java.sql.SQLException;
+
+public class ScopeManagementDAOFactory {
+
+ private static final Log log = LogFactory.getLog(ScopeManagementDAOFactory.class);
+ private static DataSource dataSource;
+ private static String databaseEngine;
+ private static ThreadLocal currentConnection = new ThreadLocal();
+
+ public static ScopeManagementDAO getScopeManagementDAO() {
+ return new ScopeManagementDAOImpl();
+ }
+
+ public static void init(String dataSourceName) {
+ dataSource = resolveDataSource(dataSourceName);
+ try {
+ databaseEngine = dataSource.getConnection().getMetaData().getDatabaseProductName();
+ } catch (SQLException e) {
+ log.error("Error occurred while retrieving config.datasource connection", e);
+ }
+ }
+
+ public static void beginTransaction() throws TransactionManagementException {
+ try {
+ Connection conn = dataSource.getConnection();
+ conn.setAutoCommit(false);
+ currentConnection.set(conn);
+ } catch (SQLException e) {
+ throw new TransactionManagementException(
+ "Error occurred while retrieving config.datasource connection", e);
+ }
+ }
+
+ public static void openConnection() throws SQLException {
+ currentConnection.set(dataSource.getConnection());
+ }
+
+ public static Connection getConnection() throws SQLException {
+ if (currentConnection.get() == null) {
+ throw new IllegalTransactionStateException("No connection is associated with the current transaction. " +
+ "This might have ideally caused by not properly initiating the transaction via " +
+ "'beginTransaction'/'openConnection' methods");
+ }
+ return currentConnection.get();
+ }
+
+ public static void closeConnection() {
+ Connection con = currentConnection.get();
+ if (con != null) {
+ try {
+ con.close();
+ } catch (SQLException e) {
+ log.error("Error occurred while close the connection");
+ }
+ currentConnection.remove();
+ }
+ }
+
+ public static void commitTransaction() {
+ try {
+ Connection conn = currentConnection.get();
+ if (conn != null) {
+ conn.commit();
+ } else {
+ if (log.isDebugEnabled()) {
+ log.debug("Datasource connection associated with the current thread is null, hence commit " +
+ "has not been attempted");
+ }
+ }
+ } catch (SQLException e) {
+ log.error("Error occurred while committing the transaction", e);
+ }
+ }
+
+ public static void rollbackTransaction() {
+ try {
+ Connection conn = currentConnection.get();
+ if (conn != null) {
+ conn.rollback();
+ } else {
+ if (log.isDebugEnabled()) {
+ log.debug("Datasource connection associated with the current thread is null, hence rollback " +
+ "has not been attempted");
+ }
+ }
+ } catch (SQLException e) {
+ log.error("Error occurred while roll-backing the transaction", e);
+ }
+ }
+
+ /**
+ * Resolve data source from the data source name.
+ *
+ * @param dataSourceName data source name
+ * @return data source resolved from the data source definition
+ */
+ private static DataSource resolveDataSource(String dataSourceName) {
+ DataSource dataSource;
+ if (dataSourceName == null || dataSourceName.isEmpty()) {
+ throw new RuntimeException("Scope Management Repository data source configuration is null and " +
+ "thus, is not initialized");
+ }
+ if (log.isDebugEnabled()) {
+ log.debug("Initializing Scope Management Repository data source using the JNDI Lookup Definition");
+ }
+ dataSource = DeviceManagementDAOUtil.lookupDataSource(dataSourceName, null);
+ return dataSource;
+ }
+
+}
diff --git a/components/device-mgt/org.wso2.carbon.device.mgt.core/src/main/java/org/wso2/carbon/device/mgt/core/scope/mgt/dao/ScopeManagementDAOUtil.java b/components/device-mgt/org.wso2.carbon.device.mgt.core/src/main/java/org/wso2/carbon/device/mgt/core/scope/mgt/dao/ScopeManagementDAOUtil.java
new file mode 100644
index 0000000000..570b4ce07d
--- /dev/null
+++ b/components/device-mgt/org.wso2.carbon.device.mgt.core/src/main/java/org/wso2/carbon/device/mgt/core/scope/mgt/dao/ScopeManagementDAOUtil.java
@@ -0,0 +1,57 @@
+/*
+ * Copyright (c) 2016, WSO2 Inc. (http://www.wso2.org) All Rights Reserved.
+ *
+ * WSO2 Inc. licenses this file to you under the Apache License,
+ * Version 2.0 (the "License"); you may not use this file except
+ * in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing,
+ * software distributed under the License is distributed on an
+ * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+ * KIND, either express or implied. See the License for the
+ * specific language governing permissions and limitations
+ * under the License.
+ *
+ */
+package org.wso2.carbon.device.mgt.core.scope.mgt.dao;
+
+import org.apache.commons.logging.Log;
+import org.apache.commons.logging.LogFactory;
+
+import java.sql.ResultSet;
+import java.sql.SQLException;
+import java.sql.Statement;
+
+public class ScopeManagementDAOUtil {
+
+ private static final Log log = LogFactory.getLog(ScopeManagementDAOUtil.class);
+
+ public static void cleanupResources(Statement stmt, ResultSet rs) {
+ if (rs != null) {
+ try {
+ rs.close();
+ } catch (SQLException e) {
+ log.warn("Error occurred while closing the result set", e);
+ }
+ }
+ if (stmt != null) {
+ try {
+ stmt.close();
+ } catch (SQLException e) {
+ log.warn("Error occurred while closing the statement", e);
+ }
+ }
+ }
+ public static void cleanupResources(Statement stmt) {
+ if (stmt != null) {
+ try {
+ stmt.close();
+ } catch (SQLException e) {
+ log.warn("Error occurred while closing the statement", e);
+ }
+ }
+ }
+}
diff --git a/components/device-mgt/org.wso2.carbon.device.mgt.core/src/main/java/org/wso2/carbon/device/mgt/core/scope/mgt/dao/impl/ScopeManagementDAOImpl.java b/components/device-mgt/org.wso2.carbon.device.mgt.core/src/main/java/org/wso2/carbon/device/mgt/core/scope/mgt/dao/impl/ScopeManagementDAOImpl.java
new file mode 100644
index 0000000000..7e46392446
--- /dev/null
+++ b/components/device-mgt/org.wso2.carbon.device.mgt.core/src/main/java/org/wso2/carbon/device/mgt/core/scope/mgt/dao/impl/ScopeManagementDAOImpl.java
@@ -0,0 +1,121 @@
+/*
+* Copyright (c) 2016 WSO2 Inc. (http://www.wso2.org) All Rights Reserved.
+*
+* WSO2 Inc. licenses this file to you under the Apache License,
+* Version 2.0 (the "License"); you may not use this file except
+* in compliance with the License.
+* You may obtain a copy of the License at
+*
+* http://www.apache.org/licenses/LICENSE-2.0
+*
+* Unless required by applicable law or agreed to in writing,
+* software distributed under the License is distributed on an
+* "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+* KIND, either express or implied. See the License for the
+* specific language governing permissions and limitations
+* under the License.
+*/
+
+package org.wso2.carbon.device.mgt.core.scope.mgt.dao.impl;
+
+import org.wso2.carbon.apimgt.api.model.Scope;
+import org.wso2.carbon.device.mgt.core.scope.mgt.dao.ScopeManagementDAO;
+import org.wso2.carbon.device.mgt.core.scope.mgt.dao.ScopeManagementDAOException;
+import org.wso2.carbon.device.mgt.core.scope.mgt.dao.ScopeManagementDAOFactory;
+import org.wso2.carbon.device.mgt.core.scope.mgt.dao.ScopeManagementDAOUtil;
+
+import java.sql.Connection;
+import java.sql.PreparedStatement;
+import java.sql.ResultSet;
+import java.sql.SQLException;
+import java.util.ArrayList;
+import java.util.List;
+
+public class ScopeManagementDAOImpl implements ScopeManagementDAO {
+
+ @Override
+ public void updateScopes(List scopes) throws ScopeManagementDAOException {
+ Connection conn;
+ PreparedStatement stmt = null;
+ ResultSet rs = null;
+
+ try {
+ conn = this.getConnection();
+ String sql = "UPDATE IDN_OAUTH2_SCOPE SET ROLES=? WHERE SCOPE_KEY=?";
+ stmt = conn.prepareStatement(sql);
+
+ // creating a batch request
+ for (Scope scope : scopes) {
+ stmt.setString(1, scope.getRoles());
+ stmt.setString(2, scope.getKey());
+ stmt.addBatch();
+ }
+ stmt.executeBatch();
+ } catch (SQLException e) {
+ throw new ScopeManagementDAOException("Error occurred while updating the details of the scopes.", e);
+ } finally {
+ ScopeManagementDAOUtil.cleanupResources(stmt, rs);
+ }
+
+ }
+
+
+ public List getAllScopes() throws ScopeManagementDAOException {
+ Connection conn;
+ PreparedStatement stmt = null;
+ ResultSet rs = null;
+ List scopes = new ArrayList<>();
+ Scope scope;
+
+ try {
+ conn = this.getConnection();
+ String sql = "SELECT * FROM IDN_OAUTH2_SCOPE";
+ stmt = conn.prepareStatement(sql);
+ rs = stmt.executeQuery();
+
+ while (rs.next()) {
+ scope = new Scope();
+ scope.setKey(rs.getString("SCOPE_KEY"));
+ scope.setName(rs.getString("NAME"));
+ scope.setDescription(rs.getString("DESCRIPTION"));
+ scope.setRoles(rs.getString("ROLES"));
+ scopes.add(scope);
+ }
+ return scopes;
+ } catch (SQLException e) {
+ throw new ScopeManagementDAOException("Error occurred while fetching the details of the scopes.", e);
+ } finally {
+ ScopeManagementDAOUtil.cleanupResources(stmt, rs);
+ }
+ }
+
+ @Override
+ public String getRolesOfScope(String scopeKey) throws ScopeManagementDAOException {
+ Connection conn;
+ PreparedStatement stmt = null;
+ ResultSet rs = null;
+ String roles = null;
+
+ try {
+ conn = this.getConnection();
+ String sql = "SELECT ROLES FROM IDN_OAUTH2_SCOPE WHERE SCOPE_KEY = ?";
+ stmt = conn.prepareStatement(sql);
+ stmt.setString(1, scopeKey);
+ rs = stmt.executeQuery();
+
+ if (rs.next()) {
+ roles = rs.getString("ROLES");
+ }
+ return roles;
+ } catch (SQLException e) {
+ throw new ScopeManagementDAOException("Error occurred while fetching the details of the scopes.", e);
+ } finally {
+ ScopeManagementDAOUtil.cleanupResources(stmt, rs);
+ }
+ }
+
+ private Connection getConnection() throws SQLException {
+ return ScopeManagementDAOFactory.getConnection();
+ }
+
+}
diff --git a/components/identity-extensions/org.wso2.carbon.device.mgt.oauth.extensions/src/main/java/org/wso2/carbon/device/mgt/oauth/extensions/validators/PermissionBasedScopeValidator.java b/components/identity-extensions/org.wso2.carbon.device.mgt.oauth.extensions/src/main/java/org/wso2/carbon/device/mgt/oauth/extensions/validators/PermissionBasedScopeValidator.java
index 04fc9996cd..b4a5521e0b 100644
--- a/components/identity-extensions/org.wso2.carbon.device.mgt.oauth.extensions/src/main/java/org/wso2/carbon/device/mgt/oauth/extensions/validators/PermissionBasedScopeValidator.java
+++ b/components/identity-extensions/org.wso2.carbon.device.mgt.oauth.extensions/src/main/java/org/wso2/carbon/device/mgt/oauth/extensions/validators/PermissionBasedScopeValidator.java
@@ -87,11 +87,11 @@ public class PermissionBasedScopeValidator extends OAuth2ScopeValidator {
if (userRealm != null && userRealm.getAuthorizationManager() != null) {
if (userStore != null) {
status = userRealm.getAuthorizationManager()
- .isUserAuthorized(userStore + "/" + username, permission.getPath(),
+ .isUserAuthorized(userStore + "/" + username, permission.getUrl(),
PermissionMethod.UI_EXECUTE);
} else {
status = userRealm.getAuthorizationManager()
- .isUserAuthorized(username, permission.getPath(), PermissionMethod.UI_EXECUTE);
+ .isUserAuthorized(username, permission.getUrl(), PermissionMethod.UI_EXECUTE);
}
}
}
diff --git a/components/webapp-authenticator-framework/org.wso2.carbon.webapp.authenticator.framework/src/main/java/org/wso2/carbon/webapp/authenticator/framework/Utils/Utils.java b/components/webapp-authenticator-framework/org.wso2.carbon.webapp.authenticator.framework/src/main/java/org/wso2/carbon/webapp/authenticator/framework/Utils/Utils.java
index 9632649277..163e8287fe 100644
--- a/components/webapp-authenticator-framework/org.wso2.carbon.webapp.authenticator.framework/src/main/java/org/wso2/carbon/webapp/authenticator/framework/Utils/Utils.java
+++ b/components/webapp-authenticator-framework/org.wso2.carbon.webapp.authenticator.framework/src/main/java/org/wso2/carbon/webapp/authenticator/framework/Utils/Utils.java
@@ -23,6 +23,10 @@ import org.apache.commons.logging.Log;
import org.apache.commons.logging.LogFactory;
import org.wso2.carbon.base.MultitenantConstants;
import org.wso2.carbon.context.PrivilegedCarbonContext;
+import org.wso2.carbon.device.mgt.common.permission.mgt.Permission;
+import org.wso2.carbon.device.mgt.common.permission.mgt.PermissionManagementException;
+import org.wso2.carbon.device.mgt.common.permission.mgt.PermissionManagerService;
+import org.wso2.carbon.device.mgt.core.permission.mgt.PermissionManagerServiceImpl;
import org.wso2.carbon.identity.core.util.IdentityTenantUtil;
import org.wso2.carbon.user.api.TenantManager;
import org.wso2.carbon.user.api.UserStoreException;
@@ -30,9 +34,17 @@ import org.wso2.carbon.user.core.service.RealmService;
import org.wso2.carbon.utils.multitenancy.MultitenantUtils;
import org.wso2.carbon.webapp.authenticator.framework.AuthenticationException;
+import java.util.Properties;
+
public class Utils {
private static final Log log = LogFactory.getLog(Utils.class);
+ private static PermissionManagerService permissionManagerService = PermissionManagerServiceImpl.getInstance();
+ private static Properties properties;
+ private static Permission permission;
+
+ public static final String URL_PROPERTY = "URL";
+ public static final String HTTP_METHOD_PROPERTY = "HTTP_METHOD";
public static int getTenantIdOFUser(String username) throws AuthenticationException {
int tenantId = 0;
@@ -74,4 +86,15 @@ public class Utils {
}
}
+ public static String getResourceUri(String url, String httpMethod) throws PermissionManagementException {
+ properties = new Properties();
+ properties.put(URL_PROPERTY, url);
+ properties.put(HTTP_METHOD_PROPERTY, httpMethod);
+ permission = permissionManagerService.getPermission(properties);
+ if (permission != null) {
+ return permission.getContext() + "/1.0.0/1.0.0" + permission.getUrlTemplate() + ":" + permission.getMethod();
+ }
+ return null;
+ }
+
}
diff --git a/components/webapp-authenticator-framework/org.wso2.carbon.webapp.authenticator.framework/src/main/java/org/wso2/carbon/webapp/authenticator/framework/authenticator/OAuthAuthenticator.java b/components/webapp-authenticator-framework/org.wso2.carbon.webapp.authenticator.framework/src/main/java/org/wso2/carbon/webapp/authenticator/framework/authenticator/OAuthAuthenticator.java
index bbeab152a3..abb0178cc6 100644
--- a/components/webapp-authenticator-framework/org.wso2.carbon.webapp.authenticator.framework/src/main/java/org/wso2/carbon/webapp/authenticator/framework/authenticator/OAuthAuthenticator.java
+++ b/components/webapp-authenticator-framework/org.wso2.carbon.webapp.authenticator.framework/src/main/java/org/wso2/carbon/webapp/authenticator/framework/authenticator/OAuthAuthenticator.java
@@ -23,6 +23,7 @@ import org.apache.commons.logging.Log;
import org.apache.commons.logging.LogFactory;
import org.apache.tomcat.util.buf.ByteChunk;
import org.apache.tomcat.util.buf.MessageBytes;
+import org.wso2.carbon.device.mgt.common.permission.mgt.PermissionManagementException;
import org.wso2.carbon.webapp.authenticator.framework.AuthenticationException;
import org.wso2.carbon.webapp.authenticator.framework.AuthenticationFrameworkUtil;
import org.wso2.carbon.webapp.authenticator.framework.AuthenticationInfo;
@@ -105,7 +106,7 @@ public class OAuthAuthenticator implements WebappAuthenticator {
StringTokenizer tokenizer = new StringTokenizer(requestUri, "/");
String context = tokenizer.nextToken();
- if ((context == null) || ("".equals(context))) {
+ if ((context == null) || (context.isEmpty())) {
authenticationInfo.setStatus(WebappAuthenticator.Status.CONTINUE);
}
String apiVersion = tokenizer.nextToken();
@@ -120,7 +121,17 @@ public class OAuthAuthenticator implements WebappAuthenticator {
} else {
String bearerToken = getBearerToken(request);
- String resource = requestUri + ":" + requestMethod;
+ int urlParamIndex = requestUri.indexOf('?');
+ if(urlParamIndex > 0) {
+ requestUri = requestUri.substring(0, urlParamIndex);
+ }
+ String resource = Utils.getResourceUri(requestUri, requestMethod);
+
+ if (resource == null || resource.isEmpty()) {
+ authenticationInfo.setStatus(Status.FAILURE);
+ authenticationInfo.setMessage("Requested resource does not exist");
+ return authenticationInfo;
+ }
OAuthValidationResponse oAuthValidationResponse =
this.tokenValidator.validateToken(bearerToken, resource);
@@ -142,6 +153,8 @@ public class OAuthAuthenticator implements WebappAuthenticator {
log.error("Failed to authenticate the incoming request", e);
} catch (OAuthTokenValidationException e) {
log.error("Failed to authenticate the incoming request due to oauth token validation error.", e);
+ } catch (PermissionManagementException e) {
+ log.error("Failed to authenticate the incoming request due to error in permission initialization", e);
}
return authenticationInfo;
}
diff --git a/components/webapp-authenticator-framework/org.wso2.carbon.webapp.authenticator.framework/src/main/java/org/wso2/carbon/webapp/authenticator/framework/authorizer/PermissionAuthorizer.java b/components/webapp-authenticator-framework/org.wso2.carbon.webapp.authenticator.framework/src/main/java/org/wso2/carbon/webapp/authenticator/framework/authorizer/PermissionAuthorizer.java
index 6d5138d3a2..c17d6fcc6a 100644
--- a/components/webapp-authenticator-framework/org.wso2.carbon.webapp.authenticator.framework/src/main/java/org/wso2/carbon/webapp/authenticator/framework/authorizer/PermissionAuthorizer.java
+++ b/components/webapp-authenticator-framework/org.wso2.carbon.webapp.authenticator.framework/src/main/java/org/wso2/carbon/webapp/authenticator/framework/authorizer/PermissionAuthorizer.java
@@ -42,56 +42,7 @@ public class PermissionAuthorizer {
public WebappAuthenticator.Status authorize(Request request, Response response) {
- String requestUri = request.getRequestURI();
- String requestMethod = request.getMethod();
-
- if (requestUri == null || requestUri.isEmpty() || requestMethod == null || requestMethod.isEmpty()) {
- return WebappAuthenticator.Status.CONTINUE;
- }
-
- PermissionManagerServiceImpl registryBasedPermissionManager = PermissionManagerServiceImpl.getInstance();
- Properties properties = new Properties();
- properties.put("",requestUri);
- properties.put("",requestMethod);
- Permission requestPermission = null;
- try {
- requestPermission = registryBasedPermissionManager.getPermission(properties);
- } catch (PermissionManagementException e) {
- log.error(
- "Error occurred while fetching the permission for URI : " + Encode.forJava(requestUri) + " ," +
- " METHOD : " + requestMethod + ", msg = " + e.getMessage());
- }
-
- if (requestPermission == null) {
- if (log.isDebugEnabled()) {
- log.debug("Permission to request '" + Encode.forJava(requestUri) + "' is not defined in the configuration");
- }
- return WebappAuthenticator.Status.FAILURE;
- }
-
- String permissionString = requestPermission.getPath();
-
- // This is added temporarily until authentication works.
- // TODO remove below line.
- String username = "admin";
- // TODO uncomment this once the authentication works.
- //String username = CarbonContext.getThreadLocalCarbonContext().getUsername();
-
- boolean isUserAuthorized;
- try {
- isUserAuthorized = CarbonContext.getThreadLocalCarbonContext().getUserRealm().
- getAuthorizationManager().isUserAuthorized(username, permissionString,
- Constants.PermissionMethod.READ);
- } catch (UserStoreException e) {
- log.error("Error occurred while retrieving user store. " + e.getMessage());
- return WebappAuthenticator.Status.FAILURE;
- }
-
- if (isUserAuthorized) {
- return WebappAuthenticator.Status.SUCCESS;
- } else {
- return WebappAuthenticator.Status.FAILURE;
- }
+ return WebappAuthenticator.Status.SUCCESS;
}
}
diff --git a/features/apimgt-extensions/org.wso2.carbon.apimgt.application.extension.feature/pom.xml b/features/apimgt-extensions/org.wso2.carbon.apimgt.application.extension.feature/pom.xml
index ec5779c3e0..cfdd047c2b 100644
--- a/features/apimgt-extensions/org.wso2.carbon.apimgt.application.extension.feature/pom.xml
+++ b/features/apimgt-extensions/org.wso2.carbon.apimgt.application.extension.feature/pom.xml
@@ -111,7 +111,7 @@
org.wso2.carbon.p2.category.type:server
- org.eclipse.equinox.p2.type.group:false
+ org.eclipse.equinox.p2.type.group:true
diff --git a/features/dynamic-client-registration/org.wso2.carbon.dynamic.client.registration.server.feature/pom.xml b/features/dynamic-client-registration/org.wso2.carbon.dynamic.client.registration.server.feature/pom.xml
index a591217aee..270103b983 100644
--- a/features/dynamic-client-registration/org.wso2.carbon.dynamic.client.registration.server.feature/pom.xml
+++ b/features/dynamic-client-registration/org.wso2.carbon.dynamic.client.registration.server.feature/pom.xml
@@ -127,7 +127,7 @@
org.wso2.carbon.p2.category.type:server
- org.eclipse.equinox.p2.type.group:false
+ org.eclipse.equinox.p2.type.group:true
diff --git a/features/etc/feature.properties b/features/etc/feature.properties
new file mode 100644
index 0000000000..a84f4e33e9
--- /dev/null
+++ b/features/etc/feature.properties
@@ -0,0 +1,241 @@
+################################################################################
+# Copyright 2015 WSO2, Inc. (http://wso2.com)
+#
+# WSO2 Inc. Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+################################################################################
+
+providerName=WSO2 Inc.
+
+########################## license properties ##################################
+licenseURL=http://www.apache.org/licenses/LICENSE-2.0
+
+license=\
+ Apache License\n\
+ Version 2.0, January 2004\n\
+ http://www.apache.org/licenses/\n\
+\n\
+ TERMS AND CONDITIONS FOR USE, REPRODUCTION, AND DISTRIBUTION\n\
+\n\
+ 1. Definitions.\n\
+\n\
+ "License" shall mean the terms and conditions for use, reproduction,\n\
+ and distribution as defined by Sections 1 through 9 of this document.\n\
+\n\
+ "Licensor" shall mean the copyright owner or entity authorized by\n\
+ the copyright owner that is granting the License.\n\
+\n\
+ "Legal Entity" shall mean the union of the acting entity and all\n\
+ other entities that control, are controlled by, or are under common\n\
+ control with that entity. For the purposes of this definition,\n\
+ "control" means (i) the power, direct or indirect, to cause the\n\
+ direction or management of such entity, whether by contract or\n\
+ otherwise, or (ii) ownership of fifty percent (50%) or more of the\n\
+ outstanding shares, or (iii) beneficial ownership of such entity.\n\
+\n\
+ "You" (or "Your") shall mean an individual or Legal Entity\n\
+ exercising permissions granted by this License.\n\
+\n\
+ "Source" form shall mean the preferred form for making modifications,\n\
+ including but not limited to software source code, documentation\n\
+ source, and configuration files.\n\
+\n\
+ "Object" form shall mean any form resulting from mechanical\n\
+ transformation or translation of a Source form, including but\n\
+ not limited to compiled object code, generated documentation,\n\
+ and conversions to other media types.\n\
+\n\
+ "Work" shall mean the work of authorship, whether in Source or\n\
+ Object form, made available under the License, as indicated by a\n\
+ copyright notice that is included in or attached to the work\n\
+ (an example is provided in the Appendix below).\n\
+\n\
+ "Derivative Works" shall mean any work, whether in Source or Object\n\
+ form, that is based on (or derived from) the Work and for which the\n\
+ editorial revisions, annotations, elaborations, or other modifications\n\
+ represent, as a whole, an original work of authorship. For the purposes\n\
+ of this License, Derivative Works shall not include works that remain\n\
+ separable from, or merely link (or bind by name) to the interfaces of,\n\
+ the Work and Derivative Works thereof.\n\
+\n\
+ "Contribution" shall mean any work of authorship, including\n\
+ the original version of the Work and any modifications or additions\n\
+ to that Work or Derivative Works thereof, that is intentionally\n\
+ submitted to Licensor for inclusion in the Work by the copyright owner\n\
+ or by an individual or Legal Entity authorized to submit on behalf of\n\
+ the copyright owner. For the purposes of this definition, "submitted"\n\
+ means any form of electronic, verbal, or written communication sent\n\
+ to the Licensor or its representatives, including but not limited to\n\
+ communication on electronic mailing lists, source code control systems,\n\
+ and issue tracking systems that are managed by, or on behalf of, the\n\
+ Licensor for the purpose of discussing and improving the Work, but\n\
+ excluding communication that is conspicuously marked or otherwise\n\
+ designated in writing by the copyright owner as "Not a Contribution."\n\
+\n\
+ "Contributor" shall mean Licensor and any individual or Legal Entity\n\
+ on behalf of whom a Contribution has been received by Licensor and\n\
+ subsequently incorporated within the Work.\n\
+\n\
+ 2. Grant of Copyright License. Subject to the terms and conditions of\n\
+ this License, each Contributor hereby grants to You a perpetual,\n\
+ worldwide, non-exclusive, no-charge, royalty-free, irrevocable\n\
+ copyright license to reproduce, prepare Derivative Works of,\n\
+ publicly display, publicly perform, sublicense, and distribute the\n\
+ Work and such Derivative Works in Source or Object form.\n\
+\n\
+ 3. Grant of Patent License. Subject to the terms and conditions of\n\
+ this License, each Contributor hereby grants to You a perpetual,\n\
+ worldwide, non-exclusive, no-charge, royalty-free, irrevocable\n\
+ (except as stated in this section) patent license to make, have made,\n\
+ use, offer to sell, sell, import, and otherwise transfer the Work,\n\
+ where such license applies only to those patent claims licensable\n\
+ by such Contributor that are necessarily infringed by their\n\
+ Contribution(s) alone or by combination of their Contribution(s)\n\
+ with the Work to which such Contribution(s) was submitted. If You\n\
+ institute patent litigation against any entity (including a\n\
+ cross-claim or counterclaim in a lawsuit) alleging that the Work\n\
+ or a Contribution incorporated within the Work constitutes direct\n\
+ or contributory patent infringement, then any patent licenses\n\
+ granted to You under this License for that Work shall terminate\n\
+ as of the date such litigation is filed.\n\
+\n\
+ 4. Redistribution. You may reproduce and distribute copies of the\n\
+ Work or Derivative Works thereof in any medium, with or without\n\
+ modifications, and in Source or Object form, provided that You\n\
+ meet the following conditions:\n\
+\n\
+ (a) You must give any other recipients of the Work or\n\
+ Derivative Works a copy of this License; and\n\
+\n\
+ (b) You must cause any modified files to carry prominent notices\n\
+ stating that You changed the files; and\n\
+\n\
+ (c) You must retain, in the Source form of any Derivative Works\n\
+ that You distribute, all copyright, patent, trademark, and\n\
+ attribution notices from the Source form of the Work,\n\
+ excluding those notices that do not pertain to any part of\n\
+ the Derivative Works; and\n\
+\n\
+ (d) If the Work includes a "NOTICE" text file as part of its\n\
+ distribution, then any Derivative Works that You distribute must\n\
+ include a readable copy of the attribution notices contained\n\
+ within such NOTICE file, excluding those notices that do not\n\
+ pertain to any part of the Derivative Works, in at least one\n\
+ of the following places: within a NOTICE text file distributed\n\
+ as part of the Derivative Works; within the Source form or\n\
+ documentation, if provided along with the Derivative Works; or,\n\
+ within a display generated by the Derivative Works, if and\n\
+ wherever such third-party notices normally appear. The contents\n\
+ of the NOTICE file are for informational purposes only and\n\
+ do not modify the License. You may add Your own attribution\n\
+ notices within Derivative Works that You distribute, alongside\n\
+ or as an addendum to the NOTICE text from the Work, provided\n\
+ that such additional attribution notices cannot be construed\n\
+ as modifying the License.\n\
+\n\
+ You may add Your own copyright statement to Your modifications and\n\
+ may provide additional or different license terms and conditions\n\
+ for use, reproduction, or distribution of Your modifications, or\n\
+ for any such Derivative Works as a whole, provided Your use,\n\
+ reproduction, and distribution of the Work otherwise complies with\n\
+ the conditions stated in this License.\n\
+\n\
+ 5. Submission of Contributions. Unless You explicitly state otherwise,\n\
+ any Contribution intentionally submitted for inclusion in the Work\n\
+ by You to the Licensor shall be under the terms and conditions of\n\
+ this License, without any additional terms or conditions.\n\
+ Notwithstanding the above, nothing herein shall supersede or modify\n\
+ the terms of any separate license agreement you may have executed\n\
+ with Licensor regarding such Contributions.\n\
+\n\
+ 6. Trademarks. This License does not grant permission to use the trade\n\
+ names, trademarks, service marks, or product names of the Licensor,\n\
+ except as required for reasonable and customary use in describing the\n\
+ origin of the Work and reproducing the content of the NOTICE file.\n\
+\n\
+ 7. Disclaimer of Warranty. Unless required by applicable law or\n\
+ agreed to in writing, Licensor provides the Work (and each\n\
+ Contributor provides its Contributions) on an "AS IS" BASIS,\n\
+ WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or\n\
+ implied, including, without limitation, any warranties or conditions\n\
+ of TITLE, NON-INFRINGEMENT, MERCHANTABILITY, or FITNESS FOR A\n\
+ PARTICULAR PURPOSE. You are solely responsible for determining the\n\
+ appropriateness of using or redistributing the Work and assume any\n\
+ risks associated with Your exercise of permissions under this License.\n\
+\n\
+ 8. Limitation of Liability. In no event and under no legal theory,\n\
+ whether in tort (including negligence), contract, or otherwise,\n\
+ unless required by applicable law (such as deliberate and grossly\n\
+ negligent acts) or agreed to in writing, shall any Contributor be\n\
+ liable to You for damages, including any direct, indirect, special,\n\
+ incidental, or consequential damages of any character arising as a\n\
+ result of this License or out of the use or inability to use the\n\
+ Work (including but not limited to damages for loss of goodwill,\n\
+ work stoppage, computer failure or malfunction, or any and all\n\
+ other commercial damages or losses), even if such Contributor\n\
+ has been advised of the possibility of such damages.\n\
+\n\
+ 9. Accepting Warranty or Additional Liability. While redistributing\n\
+ the Work or Derivative Works thereof, You may choose to offer,\n\
+ and charge a fee for, acceptance of support, warranty, indemnity,\n\
+ or other liability obligations and/or rights consistent with this\n\
+ License. However, in accepting such obligations, You may act only\n\
+ on Your own behalf and on Your sole responsibility, not on behalf\n\
+ of any other Contributor, and only if You agree to indemnify,\n\
+ defend, and hold each Contributor harmless for any liability\n\
+ incurred by, or claims asserted against, such Contributor by reason\n\
+ of your accepting any such warranty or additional liability.\n\
+\n\
+ END OF TERMS AND CONDITIONS\n\
+\n\
+ APPENDIX: How to apply the Apache License to your work.\n\
+\n\
+ To apply the Apache License to your work, attach the following\n\
+ boilerplate notice, with the fields enclosed by brackets "[]"\n\
+ replaced with your own identifying information. (Don't include\n\
+ the brackets!) The text should be enclosed in the appropriate\n\
+ comment syntax for the file format. We also recommend that a\n\
+ file or class name and description of purpose be included on the\n\
+ same "printed page" as the copyright notice for easier\n\
+ identification within third-party archives.\n\
+\n\
+ Copyright [yyyy] [name of copyright owner]\n\
+\n\
+ Licensed under the Apache License, Version 2.0 (the "License");\n\
+ you may not use this file except in compliance with the License.\n\
+ You may obtain a copy of the License at\n\
+\n\
+ http://www.apache.org/licenses/LICENSE-2.0\n\
+\n\
+ Unless required by applicable law or agreed to in writing, software\n\
+ distributed under the License is distributed on an "AS IS" BASIS,\n\
+ WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.\n\
+ See the License for the specific language governing permissions and\n\
+ limitations under the License.\n
+
+######################### copyright properties #################################
+copyrightURL=TODO
+
+copyright=\
+Copyright (c) WSO2 Inc. (http://wso2.com)\n\
+\n\
+WSO2 Inc. Licensed under the Apache License, Version 2.0 (the "License");\n\
+you may not use this file except in compliance with the License.\n\
+You may obtain a copy of the License at\n\
+\n\
+http://www.apache.org/licenses/LICENSE-2.0\n\
+\n\
+Unless required by applicable law or agreed to in writing, software\n\
+distributed under the License is distributed on an "AS IS" BASIS,\n\
+WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.\n\
+See the License for the specific language governing permissions and\n\
+limitations under the License.\n