Merge branch 'support-4.1.15-new' into 'support-4.1.15'

Sync with master fixes

See merge request entgra-support/support-carbon-device-mgt!57
4.x.x
Pahansith Gunathilake 3 years ago
commit c23d0026ea

@ -31,6 +31,7 @@ public class UIConfiguration {
private AppRegistration appRegistration; private AppRegistration appRegistration;
private List<String> scopes; private List<String> scopes;
private boolean isSsoEnable; private boolean isSsoEnable;
private int sessionTimeOut;
@XmlElement(name = "AppRegistration", required=true) @XmlElement(name = "AppRegistration", required=true)
public AppRegistration getAppRegistration() { public AppRegistration getAppRegistration() {
@ -59,4 +60,13 @@ public class UIConfiguration {
public void setSsoEnable(boolean ssoEnable) { public void setSsoEnable(boolean ssoEnable) {
isSsoEnable = ssoEnable; isSsoEnable = ssoEnable;
} }
@XmlElement(name = "SessionTimeOut")
public int getSessionTimeOut() {
return sessionTimeOut;
}
public void setSessionTimeOut(int sessionTimeOut) {
this.sessionTimeOut = sessionTimeOut;
}
} }

@ -58,6 +58,7 @@ import java.util.List;
"method", "method",
"contentType", "contentType",
"permission", "permission",
"scope",
"filterList" "filterList"
}) })
public class OperationMetadata { public class OperationMetadata {
@ -74,6 +75,9 @@ public class OperationMetadata {
@XmlElement(name = "permission") @XmlElement(name = "permission")
private String permission; private String permission;
@XmlElement(name = "scope")
private String scope;
@XmlElementWrapper(name = "filters") @XmlElementWrapper(name = "filters")
@XmlElement(name = "filter") @XmlElement(name = "filter")
private List<Filter> filterList; private List<Filter> filterList;
@ -110,6 +114,14 @@ public class OperationMetadata {
this.permission = permission; this.permission = permission;
} }
public String getScope() {
return scope;
}
public void setScope(String scope) {
this.scope = scope;
}
public List<Filter> getFilterList() { public List<Filter> getFilterList() {
return filterList; return filterList;
} }

@ -63,6 +63,7 @@ public class ConfigurationBasedFeatureManager implements FeatureManager {
private static final String OPERATION_META = "operationMeta"; private static final String OPERATION_META = "operationMeta";
private static final String CONTENT_TYPE = "contentType"; private static final String CONTENT_TYPE = "contentType";
private static final String PERMISSION = "permission"; private static final String PERMISSION = "permission";
private static final String SCOPE = "scope";
private static final String ICON = "icon"; private static final String ICON = "icon";
private static final String FILTERS = "filters"; private static final String FILTERS = "filters";
private static final String PATH_PARAMS = "pathParams"; private static final String PATH_PARAMS = "pathParams";
@ -108,6 +109,9 @@ public class ConfigurationBasedFeatureManager implements FeatureManager {
if (StringUtils.isNotEmpty(metadata.getPermission())) { if (StringUtils.isNotEmpty(metadata.getPermission())) {
operationMeta.put(PERMISSION, metadata.getPermission()); operationMeta.put(PERMISSION, metadata.getPermission());
} }
if (StringUtils.isNotEmpty(metadata.getScope())) {
operationMeta.put(SCOPE, metadata.getScope());
}
if (metadata.getFilterList() != null && metadata.getFilterList().size() > 0) { if (metadata.getFilterList() != null && metadata.getFilterList().size() > 0) {
operationMeta.put(FILTERS, metadata.getFilterList()); operationMeta.put(FILTERS, metadata.getFilterList());
} }

@ -39,6 +39,7 @@ import org.apache.http.entity.ContentType;
import org.apache.http.entity.StringEntity; import org.apache.http.entity.StringEntity;
import org.apache.http.protocol.HTTP; import org.apache.http.protocol.HTTP;
import io.entgra.ui.request.interceptor.beans.ProxyResponse; import io.entgra.ui.request.interceptor.beans.ProxyResponse;
import org.json.JSONString;
import javax.servlet.annotation.MultipartConfig; import javax.servlet.annotation.MultipartConfig;
import javax.servlet.annotation.WebServlet; import javax.servlet.annotation.WebServlet;
@ -69,13 +70,14 @@ public class LoginHandler extends HttpServlet {
httpSession.invalidate(); httpSession.invalidate();
} }
httpSession = req.getSession(true); httpSession = req.getSession(true);
//setting session to expiry in 5 minutes
httpSession.setMaxInactiveInterval(Math.toIntExact(HandlerConstants.TIMEOUT));
JsonObject uiConfigJsonObject = HandlerUtil.getUIConfigAndPersistInSession(uiConfigUrl, gatewayUrl, httpSession, resp); JsonObject uiConfigJsonObject = HandlerUtil.getUIConfigAndPersistInSession(uiConfigUrl, gatewayUrl, httpSession, resp);
JsonArray tags = uiConfigJsonObject.get("appRegistration").getAsJsonObject().get("tags").getAsJsonArray(); JsonArray tags = uiConfigJsonObject.get("appRegistration").getAsJsonObject().get("tags").getAsJsonArray();
JsonArray scopes = uiConfigJsonObject.get("scopes").getAsJsonArray(); JsonArray scopes = uiConfigJsonObject.get("scopes").getAsJsonArray();
int sessionTimeOut = Integer.parseInt(String.valueOf(uiConfigJsonObject.get("sessionTimeOut")));
//setting session to expire in 1h
httpSession.setMaxInactiveInterval(sessionTimeOut);
// Check if OAuth app cache exists. If not create a new application. // Check if OAuth app cache exists. If not create a new application.
LoginCacheManager loginCacheManager = new LoginCacheManager(); LoginCacheManager loginCacheManager = new LoginCacheManager();

@ -0,0 +1,65 @@
/*
* Copyright (c) 2019, Entgra (Pvt) Ltd. (http://www.entgra.io) All Rights Reserved.
*
* Entgra (Pvt) Ltd. licenses this file to you under the Apache License,
* Version 2.0 (the "License"); you may not use this file except
* in compliance with the License.
* You may obtain a copy of the License at
*
* http://www.apache.org/licenses/LICENSE-2.0
*
* Unless required by applicable law or agreed to in writing,
* software distributed under the License is distributed on an
* "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
* KIND, either express or implied. See the License for the
* specific language governing permissions and limitations
* under the License.
*/
package io.entgra.ui.request.interceptor;
import io.entgra.ui.request.interceptor.beans.AuthData;
import io.entgra.ui.request.interceptor.beans.ProxyResponse;
import io.entgra.ui.request.interceptor.util.HandlerConstants;
import io.entgra.ui.request.interceptor.util.HandlerUtil;
import org.apache.commons.lang3.StringUtils;
import org.apache.http.HttpStatus;
import org.json.JSONObject;
import javax.servlet.ServletException;
import javax.servlet.annotation.MultipartConfig;
import javax.servlet.annotation.WebServlet;
import javax.servlet.http.HttpServlet;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;
import javax.servlet.http.HttpSession;
import java.io.IOException;
@MultipartConfig
@WebServlet("/login-user/scopes")
public class PermissionScopeHandler extends HttpServlet {
@Override
protected void doGet(HttpServletRequest req, HttpServletResponse resp) throws ServletException, IOException {
HttpSession httpSession = req.getSession(false);
if (httpSession == null) {
HandlerUtil.sendUnAuthorizeResponse(resp);
return;
}
AuthData authData = (AuthData) httpSession.getAttribute(HandlerConstants.SESSION_AUTH_DATA_KEY);
if (authData == null) {
HandlerUtil.sendUnAuthorizeResponse(resp);
return;
}
if (!StringUtils.isEmpty(authData.getScope())) {
ProxyResponse proxyResponse = new ProxyResponse();
JSONObject jsonObject = new JSONObject();
jsonObject.put(HandlerConstants.USER_SCOPES, authData.getScope());
proxyResponse.setCode(HttpStatus.SC_OK);
proxyResponse.setData(jsonObject.toString());
HandlerUtil.handleSuccess(resp, proxyResponse);
}
HandlerUtil.handleError(resp, null);
}
}

@ -27,7 +27,6 @@ import io.entgra.ui.request.interceptor.util.HandlerUtil;
import org.apache.commons.logging.Log; import org.apache.commons.logging.Log;
import org.apache.commons.logging.LogFactory; import org.apache.commons.logging.LogFactory;
import org.apache.http.HttpHeaders; import org.apache.http.HttpHeaders;
import org.apache.http.HttpStatus;
import org.apache.http.client.methods.HttpPost; import org.apache.http.client.methods.HttpPost;
import org.apache.http.entity.ContentType; import org.apache.http.entity.ContentType;
import org.apache.http.entity.StringEntity; import org.apache.http.entity.StringEntity;
@ -50,9 +49,7 @@ public class SsoLoginCallbackHandler extends HttpServlet {
protected void doGet(HttpServletRequest req, HttpServletResponse resp) throws IOException { protected void doGet(HttpServletRequest req, HttpServletResponse resp) throws IOException {
String code = req.getParameter("code"); String code = req.getParameter("code");
HttpSession session = req.getSession(false); HttpSession session = req.getSession(false);
String scope = session.getAttribute("scope").toString();
String iotsCorePort = System.getProperty(HandlerConstants.IOT_CORE_HTTPS_PORT_ENV_VAR); String iotsCorePort = System.getProperty(HandlerConstants.IOT_CORE_HTTPS_PORT_ENV_VAR);
if (HandlerConstants.HTTP_PROTOCOL.equals(req.getScheme())) { if (HandlerConstants.HTTP_PROTOCOL.equals(req.getScheme())) {
iotsCorePort = System.getProperty(HandlerConstants.IOT_CORE_HTTP_PORT_ENV_VAR); iotsCorePort = System.getProperty(HandlerConstants.IOT_CORE_HTTP_PORT_ENV_VAR);
} }
@ -62,6 +59,19 @@ public class SsoLoginCallbackHandler extends HttpServlet {
String iotsCoreUrl = req.getScheme() + HandlerConstants.SCHEME_SEPARATOR + System.getProperty(HandlerConstants.IOT_CORE_HOST_ENV_VAR) String iotsCoreUrl = req.getScheme() + HandlerConstants.SCHEME_SEPARATOR + System.getProperty(HandlerConstants.IOT_CORE_HOST_ENV_VAR)
+ HandlerConstants.COLON + iotsCorePort; + HandlerConstants.COLON + iotsCorePort;
if (session == null) {
String baseContextPath = req.getContextPath();
String applicationName = baseContextPath.substring(1, baseContextPath.indexOf("-ui-request-handler"));
if (applicationName.equals("entgra")) {
resp.sendRedirect(iotsCoreUrl + "/endpoint-mgt");
} else {
resp.sendRedirect(iotsCoreUrl + "/" + applicationName);
}
return;
}
String scope = session.getAttribute("scope").toString();
HttpPost tokenEndpoint = new HttpPost(gatewayUrl + HandlerConstants.TOKEN_ENDPOINT); HttpPost tokenEndpoint = new HttpPost(gatewayUrl + HandlerConstants.TOKEN_ENDPOINT);
tokenEndpoint.setHeader(HttpHeaders.AUTHORIZATION, HandlerConstants.BASIC + session.getAttribute("encodedClientApp")); tokenEndpoint.setHeader(HttpHeaders.AUTHORIZATION, HandlerConstants.BASIC + session.getAttribute("encodedClientApp"));
tokenEndpoint.setHeader(HttpHeaders.CONTENT_TYPE, ContentType.APPLICATION_FORM_URLENCODED.toString()); tokenEndpoint.setHeader(HttpHeaders.CONTENT_TYPE, ContentType.APPLICATION_FORM_URLENCODED.toString());
@ -76,11 +86,9 @@ public class SsoLoginCallbackHandler extends HttpServlet {
ProxyResponse tokenResultResponse = HandlerUtil.execute(tokenEndpoint); ProxyResponse tokenResultResponse = HandlerUtil.execute(tokenEndpoint);
JsonParser jsonParser = new JsonParser(); JsonParser jsonParser = new JsonParser();
JsonElement jTokenResult = jsonParser.parse(tokenResultResponse.getData()); JsonElement jTokenResult = jsonParser.parse(tokenResultResponse.getData());
if (jTokenResult.isJsonObject()) { if (jTokenResult.isJsonObject()) {
JsonObject jTokenResultAsJsonObject = jTokenResult.getAsJsonObject(); JsonObject jTokenResultAsJsonObject = jTokenResult.getAsJsonObject();
AuthData authData = new AuthData(); AuthData authData = new AuthData();
authData.setClientId(session.getAttribute("clientId").toString()); authData.setClientId(session.getAttribute("clientId").toString());
authData.setClientSecret(session.getAttribute("clientSecret").toString()); authData.setClientSecret(session.getAttribute("clientSecret").toString());
@ -89,7 +97,6 @@ public class SsoLoginCallbackHandler extends HttpServlet {
authData.setRefreshToken(jTokenResultAsJsonObject.get("refresh_token").getAsString()); authData.setRefreshToken(jTokenResultAsJsonObject.get("refresh_token").getAsString());
authData.setScope(jTokenResultAsJsonObject.get("scope").getAsString()); authData.setScope(jTokenResultAsJsonObject.get("scope").getAsString());
session.setAttribute(HandlerConstants.SESSION_AUTH_DATA_KEY, authData); session.setAttribute(HandlerConstants.SESSION_AUTH_DATA_KEY, authData);
resp.sendRedirect(session.getAttribute("redirectUrl").toString()); resp.sendRedirect(session.getAttribute("redirectUrl").toString());
} }
} }

@ -72,6 +72,7 @@ public class SsoLoginHandler extends HttpServlet {
private static String adminPassword; private static String adminPassword;
private static String gatewayUrl; private static String gatewayUrl;
private static String iotsCoreUrl; private static String iotsCoreUrl;
private static int sessionTimeOut;
private static String encodedAdminCredentials; private static String encodedAdminCredentials;
private static String encodedClientApp; private static String encodedClientApp;
private static String applicationId; private static String applicationId;
@ -88,12 +89,12 @@ public class SsoLoginHandler extends HttpServlet {
protected void doGet(HttpServletRequest req, HttpServletResponse resp) { protected void doGet(HttpServletRequest req, HttpServletResponse resp) {
try { try {
httpSession = req.getSession(false); httpSession = req.getSession(false);
if (httpSession != null) { if (httpSession != null) {
httpSession.invalidate(); httpSession.invalidate();
} }
httpSession = req.getSession(true); httpSession = req.getSession(true);
initializeAdminCredentials(); initializeAdminCredentials();
baseContextPath = req.getContextPath(); baseContextPath = req.getContextPath();
applicationName = baseContextPath.substring(1, baseContextPath.indexOf("-ui-request-handler")); applicationName = baseContextPath.substring(1, baseContextPath.indexOf("-ui-request-handler"));
@ -157,6 +158,7 @@ public class SsoLoginHandler extends HttpServlet {
uiConfigJsonObject = HandlerUtil.getUIConfigAndPersistInSession(uiConfigUrl, gatewayUrl, httpSession, resp); uiConfigJsonObject = HandlerUtil.getUIConfigAndPersistInSession(uiConfigUrl, gatewayUrl, httpSession, resp);
JsonArray tags = uiConfigJsonObject.get("appRegistration").getAsJsonObject().get("tags").getAsJsonArray(); JsonArray tags = uiConfigJsonObject.get("appRegistration").getAsJsonObject().get("tags").getAsJsonArray();
JsonArray scopes = uiConfigJsonObject.get("scopes").getAsJsonArray(); JsonArray scopes = uiConfigJsonObject.get("scopes").getAsJsonArray();
sessionTimeOut = Integer.parseInt(String.valueOf(uiConfigJsonObject.get("sessionTimeOut")));
// Register the client application // Register the client application
HttpPost apiRegEndpoint = new HttpPost(gatewayUrl + HandlerConstants.APP_REG_ENDPOINT); HttpPost apiRegEndpoint = new HttpPost(gatewayUrl + HandlerConstants.APP_REG_ENDPOINT);
@ -294,6 +296,7 @@ public class SsoLoginHandler extends HttpServlet {
httpSession.setAttribute("encodedClientApp", encodedClientApp); httpSession.setAttribute("encodedClientApp", encodedClientApp);
httpSession.setAttribute("scope", scopes); httpSession.setAttribute("scope", scopes);
httpSession.setAttribute("redirectUrl", req.getParameter("redirect")); httpSession.setAttribute("redirectUrl", req.getParameter("redirect"));
httpSession.setMaxInactiveInterval(sessionTimeOut);
} }
/*** /***

@ -80,5 +80,5 @@ public class HandlerConstants {
public static final String IOT_GW_HOST_ENV_VAR = "iot.gateway.host"; public static final String IOT_GW_HOST_ENV_VAR = "iot.gateway.host";
public static final String IOT_GW_HTTP_PORT_ENV_VAR = "iot.gateway.http.port"; public static final String IOT_GW_HTTP_PORT_ENV_VAR = "iot.gateway.http.port";
public static final String IOT_GW_HTTPS_PORT_ENV_VAR = "iot.gateway.https.port"; public static final String IOT_GW_HTTPS_PORT_ENV_VAR = "iot.gateway.https.port";
public static final String USER_SCOPES = "userScopes";
} }

@ -20,6 +20,8 @@
<UIConfiguration> <UIConfiguration>
<EnableOAuth>true</EnableOAuth> <EnableOAuth>true</EnableOAuth>
<EnableSSO>true</EnableSSO> <EnableSSO>true</EnableSSO>
<!-- session time out in seconds -->
<SessionTimeOut>3600</SessionTimeOut>
<AppRegistration> <AppRegistration>
<Tags> <Tags>
<Tag>application_management</Tag> <Tag>application_management</Tag>
@ -177,6 +179,7 @@
<Scope>perm:metadata:view</Scope> <Scope>perm:metadata:view</Scope>
<Scope>perm:metadata:create</Scope> <Scope>perm:metadata:create</Scope>
<Scope>perm:metadata:update</Scope> <Scope>perm:metadata:update</Scope>
<Scope>perm:android:google-account</Scope>
</Scopes> </Scopes>
<SSOConfiguration> <SSOConfiguration>
<Issuer>device-mgt</Issuer> <Issuer>device-mgt</Issuer>

Loading…
Cancel
Save