Merge pull request #518 from ayyoob/release-3.0.x

Moved the traffic through the gateway

components/device-types/androidsense-plugin/org.wso2.carbon.device.mgt.iot.androidsense.api/src/main/java/org/wso2/carbon/device/mgt/iot/androidsense/service/impl/AndroidSenseServiceImpl.java

@@ -48,7 +48,6 @@ import java.util.Properties;
 public class AndroidSenseServiceImpl implements AndroidSenseService {
 
     private static Log log = LogFactory.getLog(AndroidSenseServiceImpl.class);
-    private static String DEFAULT_MQTT_ENDPOINT = "tcp://localhost:1886";
 
     @Path("device/{deviceId}/words")
     @POST

components/device-types/androidsense-plugin/org.wso2.carbon.device.mgt.iot.androidsense.api/src/main/java/org/wso2/carbon/device/mgt/iot/androidsense/service/impl/constants/AndroidSenseConstants.java

@@ -40,7 +40,7 @@ public class AndroidSenseConstants {
     public static final String HOST_NAME = "HostName";
     public static final String LOCALHOST = "localhost";
     public static final String CONFIG_TYPE = "general";
-    public static final String DEFAULT_ENDPOINT = "tcp://localhost:1886";
+    public static final String DEFAULT_ENDPOINT = "tcp://${mqtt.broker.host}:${mqtt.broker.port}";
 
     public static final String SCOPE = "scope";
 

components/device-types/androidsense-plugin/org.wso2.carbon.device.mgt.iot.androidsense.api/src/main/java/org/wso2/carbon/device/mgt/iot/androidsense/service/impl/util/APIUtil.java

@@ -13,6 +13,7 @@ import org.wso2.carbon.apimgt.application.extension.APIManagementProviderService
 import org.wso2.carbon.base.ServerConfiguration;
 import org.wso2.carbon.context.CarbonContext;
 import org.wso2.carbon.context.PrivilegedCarbonContext;
+import org.wso2.carbon.core.util.Utils;
 import org.wso2.carbon.device.mgt.common.authorization.DeviceAccessAuthorizationService;
 import org.wso2.carbon.device.mgt.common.configuration.mgt.ConfigurationEntry;
 import org.wso2.carbon.device.mgt.common.configuration.mgt.ConfigurationManagementException;
@@ -205,7 +206,7 @@ public class APIUtil {
 	}
 
 	public static String getMqttEndpoint() throws ConfigurationManagementException {
-		String iotServerIP = AndroidSenseConstants.DEFAULT_ENDPOINT;
+		String iotServerIP = Utils.replaceSystemProperty(AndroidSenseConstants.DEFAULT_ENDPOINT);
 		iotServerIP = iotServerIP.replace(AndroidSenseConstants.LOCALHOST, getServerUrl());;
 		PlatformConfiguration configuration = APIUtil.getTenantConfigurationManagementService().getConfiguration(
 				AndroidSenseConstants.CONFIG_TYPE);
@@ -224,15 +225,11 @@ public class APIUtil {
 	}
 
 	public static String getServerUrl() {
-		String hostName = ServerConfiguration.getInstance().getFirstProperty(AndroidSenseConstants.HOST_NAME);
 		try {
-			if (hostName == null) {
-				hostName = NetworkUtils.getLocalHostname();
-			}
+			return org.apache.axis2.util.Utils.getIpAddress();
 		} catch (SocketException e) {
-			hostName = "localhost";
 			log.warn("Failed retrieving the hostname, therefore set to localhost", e);
+            return "localhost";
 		}
-		return hostName;
 	}
 }

components/device-types/androidsense-plugin/org.wso2.carbon.device.mgt.iot.androidsense.api/src/main/webapp/WEB-INF/web.xml

@@ -16,10 +16,6 @@
 		<servlet-name>CXFServlet</servlet-name>
 		<url-pattern>/*</url-pattern>
 	</servlet-mapping>
-	<context-param>
-		<param-name>isAdminService</param-name>
-		<param-value>false</param-value>
-	</context-param>
 	<context-param>
 		<param-name>doAuthentication</param-name>
 		<param-value>true</param-value>

components/device-types/androidsense-plugin/org.wso2.carbon.device.mgt.iot.androidsense.ui/src/main/resources/jaggeryapps/devicemgt/app/units/cdmf.unit.device.type.android_sense.type-view/private/config.json

@@ -1,6 +1,9 @@
 {
   "deviceType": {
     "label": "Android Sense",
-    "category": "iot"
+    "category": "iot",
+    "scopes" : [
+      "perm:android-sense:enroll"
+    ]
   }
 }

components/device-types/arduino-plugin/org.wso2.carbon.device.mgt.iot.arduino.api/src/main/java/org/wso2/carbon/device/mgt/iot/arduino/service/impl/util/ZipUtil.java

@@ -24,6 +24,7 @@ import org.apache.commons.logging.Log;
 import org.apache.commons.logging.LogFactory;
 import org.wso2.carbon.base.MultitenantConstants;
 import org.wso2.carbon.base.ServerConfiguration;
+import org.wso2.carbon.core.util.Utils;
 import org.wso2.carbon.device.mgt.common.DeviceManagementException;
 import org.wso2.carbon.device.mgt.common.configuration.mgt.ConfigurationEntry;
 import org.wso2.carbon.device.mgt.common.configuration.mgt.ConfigurationManagementException;
@@ -59,7 +60,9 @@ public class ZipUtil {
     private static final String HTTP_PORT_PROPERTY = "httpPort";
     private static final String CONFIG_TYPE = "general";
     private static final Log log = LogFactory.getLog(ZipUtil.class);
-    public static final String HOST_NAME = "HostName";
+    private static final String LOCALHOST = "localhost";
+    private static final String HTTP_PROTOCOL_HOST = "${iot.gateway.host}";
+    private static final String HTTP_PROTOCOL_PORT = "${iot.gateway.http.port}";
 
     public ZipArchive createZipFile(String owner, String tenantDomain, String deviceType,
                                     String deviceId, String deviceName, String token,
@@ -72,8 +75,10 @@ public class ZipUtil {
         String iotServerIP;
 
         try {
-            iotServerIP = getServerUrl();
-            String httpServerPort = System.getProperty(HTTP_PORT_PROPERTY);
+            iotServerIP = Utils.replaceSystemProperty(HTTP_PROTOCOL_HOST);
+            String serverIpAddress = getServerUrl();
+            iotServerIP = iotServerIP.replace(LOCALHOST, serverIpAddress);
+            String httpServerPort = Utils.replaceSystemProperty(HTTP_PROTOCOL_PORT);
 
             Map<String, String> contextParams = new HashMap<>();
 
@@ -117,17 +122,13 @@ public class ZipUtil {
         }
     }
 
-    private static String getServerUrl() {
-        String hostName = ServerConfiguration.getInstance().getFirstProperty(HOST_NAME);
+    public static String getServerUrl() {
         try {
-            if (hostName == null) {
-                hostName = NetworkUtils.getLocalHostname();
-            }
+            return org.apache.axis2.util.Utils.getIpAddress();
         } catch (SocketException e) {
-            hostName = "localhost";
             log.warn("Failed retrieving the hostname, therefore set to localhost", e);
+            return "localhost";
         }
-        return hostName;
     }
 
     private static ZipArchive getSketchArchive(String archivesPath, String templateSketchPath, Map contextParams

components/device-types/arduino-plugin/org.wso2.carbon.device.mgt.iot.arduino.api/src/main/webapp/WEB-INF/web.xml

@@ -16,10 +16,6 @@
         <servlet-name>CXFServlet</servlet-name>
         <url-pattern>/*</url-pattern>
     </servlet-mapping>
-    <context-param>
-        <param-name>isAdminService</param-name>
-        <param-value>false</param-value>
-    </context-param>
     <context-param>
         <param-name>doAuthentication</param-name>
         <param-value>true</param-value>

components/device-types/arduino-plugin/org.wso2.carbon.device.mgt.iot.arduino.ui/src/main/resources/jaggeryapps/devicemgt/app/units/cdmf.unit.device.type.arduino.type-view/private/config.json

@@ -2,6 +2,10 @@
   "deviceType": {
     "label": "Arduino",
     "category": "iot",
-    "downloadAgentUri": "arduino/device/download"
+    "downloadAgentUri": "arduino/device/download",
+    "category": "iot",
+    "scopes" : [
+      "perm:arduino:enroll"
+    ]
   }
 }

components/device-types/raspberrypi-plugin/org.wso2.carbon.device.mgt.iot.raspberrypi.api/src/main/java/org/wso2/carbon/device/mgt/iot/raspberrypi/service/impl/util/ZipUtil.java

@@ -23,6 +23,7 @@ import org.apache.commons.io.IOUtils;
 import org.apache.commons.logging.Log;
 import org.apache.commons.logging.LogFactory;
 import org.wso2.carbon.base.ServerConfiguration;
+import org.wso2.carbon.core.util.Utils;
 import org.wso2.carbon.device.mgt.common.DeviceManagementException;
 import org.wso2.carbon.device.mgt.common.configuration.mgt.ConfigurationEntry;
 import org.wso2.carbon.device.mgt.common.configuration.mgt.ConfigurationManagementException;
@@ -56,15 +57,12 @@ import java.util.zip.ZipOutputStream;
 public class ZipUtil {
 
     private static final Log log = LogFactory.getLog(ZipUtil.class);
-    public static final String HOST_NAME = "HostName";
-    private static final String HTTPS_PORT_PROPERTY = "httpsPort";
-    private static final String HTTP_PORT_PROPERTY = "httpPort";
 
     private static final String LOCALHOST = "localhost";
-    private static final String HTTPS_PROTOCOL_APPENDER = "https://";
-    private static final String HTTP_PROTOCOL_APPENDER = "http://";
+    private static final String HTTPS_PROTOCOL_URL = "https://${iot.gateway.host}:${iot.gateway.https.port}";
+    private static final String HTTP_PROTOCOL_URL = "http://${iot.gateway.host}:${iot.gateway.http.port}";
     private static final String CONFIG_TYPE = "general";
-    private static final String DEFAULT_MQTT_ENDPOINT = "tcp://localhost:1886";
+    private static final String DEFAULT_MQTT_ENDPOINT = "tcp://${mqtt.broker.host}:${mqtt.broker.port}";
 
     public ZipArchive createZipFile(String owner, String tenantDomain, String deviceType,
                                     String deviceId, String deviceName, String token,
@@ -78,16 +76,14 @@ public class ZipUtil {
 
         try {
             iotServerIP = getServerUrl();
-            String httpsServerPort = System.getProperty(HTTPS_PORT_PROPERTY);
-            String httpServerPort = System.getProperty(HTTP_PORT_PROPERTY);
-            String httpsServerEP = HTTPS_PROTOCOL_APPENDER + iotServerIP + ":" + httpsServerPort;
-            String httpServerEP = HTTP_PROTOCOL_APPENDER + iotServerIP + ":" + httpServerPort;
-            String apimEndpoint = httpsServerEP;
-            String mqttEndpoint = DEFAULT_MQTT_ENDPOINT;
+            String httpsServerEP = Utils.replaceSystemProperty(HTTPS_PROTOCOL_URL);
+            String httpServerEP = Utils.replaceSystemProperty(HTTP_PROTOCOL_URL);
+            String mqttEndpoint = Utils.replaceSystemProperty(DEFAULT_MQTT_ENDPOINT);
             if (mqttEndpoint.contains(LOCALHOST)) {
                 mqttEndpoint = mqttEndpoint.replace(LOCALHOST, iotServerIP);
+                httpsServerEP = httpsServerEP.replace(LOCALHOST, iotServerIP);
+                httpServerEP = httpServerEP.replace(LOCALHOST, iotServerIP);
             }
-
             PlatformConfiguration configuration = APIUtil.getTenantConfigurationManagementService().getConfiguration(
                     CONFIG_TYPE);
             if (configuration != null && configuration.getConfiguration() != null && configuration
@@ -115,7 +111,7 @@ public class ZipUtil {
             contextParams.put("DEVICE_NAME", deviceName);
             contextParams.put("HTTPS_EP", httpsServerEP);
             contextParams.put("HTTP_EP", httpServerEP);
-            contextParams.put("APIM_EP", apimEndpoint);
+            contextParams.put("APIM_EP", httpsServerEP);
             contextParams.put("MQTT_EP", mqttEndpoint);
             contextParams.put("DEVICE_TOKEN", token);
             contextParams.put("DEVICE_REFRESH_TOKEN", refreshToken);
@@ -130,17 +126,13 @@ public class ZipUtil {
         }
     }
 
-    private static String getServerUrl() {
-        String hostName = ServerConfiguration.getInstance().getFirstProperty(HOST_NAME);
+    public static String getServerUrl() {
         try {
-            if (hostName == null) {
-                hostName = NetworkUtils.getLocalHostname();
-            }
+            return org.apache.axis2.util.Utils.getIpAddress();
         } catch (SocketException e) {
-            hostName = "localhost";
             log.warn("Failed retrieving the hostname, therefore set to localhost", e);
+            return "localhost";
         }
-        return hostName;
     }
 
     private static ZipArchive getSketchArchive(String archivesPath, String templateSketchPath, Map contextParams

components/device-types/raspberrypi-plugin/org.wso2.carbon.device.mgt.iot.raspberrypi.api/src/main/webapp/WEB-INF/web.xml

@@ -16,10 +16,6 @@
         <servlet-name>CXFServlet</servlet-name>
         <url-pattern>/*</url-pattern>
     </servlet-mapping>
-    <context-param>
-        <param-name>isAdminService</param-name>
-        <param-value>false</param-value>
-    </context-param>
     <context-param>
         <param-name>doAuthentication</param-name>
         <param-value>true</param-value>

components/device-types/raspberrypi-plugin/org.wso2.carbon.device.mgt.iot.raspberrypi.ui/src/main/resources/jaggeryapps/devicemgt/app/units/cdmf.unit.device.type.raspberrypi.type-view/private/config.json

@@ -2,6 +2,9 @@
   "deviceType": {
     "label": "Raspberry Pi",
     "category": "iot",
-    "downloadAgentUri": "raspberrypi/device/download"
+    "downloadAgentUri": "raspberrypi/device/download",
+    "scopes" : [
+      "perm:raspberrypi:enroll"
+    ]
   }
 }

components/device-types/virtual-fire-alarm-plugin/org.wso2.carbon.device.mgt.iot.virtualfirealarm.agent.impl/src/main/java/org/wso2/carbon/device/mgt/iot/virtualfirealarm/agent/core/AgentUtilOperations.java

@@ -437,7 +437,7 @@ public class AgentUtilOperations {
     }
 
     private class APIManagerTokenUtils {
-        public static final String TOKEN_ENDPOINT = "/oauth2/token";
+        public static final String TOKEN_ENDPOINT = "/token";
         public static final String GRANT_TYPE = "grant_type";
         public static final String ACCESS_TOKEN = "access_token";
         public static final String REFRESH_TOKEN = "refresh_token";

components/device-types/virtual-fire-alarm-plugin/org.wso2.carbon.device.mgt.iot.virtualfirealarm.api/src/main/java/org/wso2/carbon/device/mgt/iot/virtualfirealarm/service/impl/util/ZipUtil.java

@@ -25,14 +25,13 @@ import org.apache.commons.logging.Log;
 import org.apache.commons.logging.LogFactory;
 import org.json.JSONObject;
 import org.wso2.carbon.apimgt.application.extension.constants.ApiApplicationConstants;
-import org.wso2.carbon.base.ServerConfiguration;
+import org.wso2.carbon.core.util.Utils;
 import org.wso2.carbon.device.mgt.common.DeviceManagementException;
 import org.wso2.carbon.device.mgt.common.configuration.mgt.ConfigurationEntry;
 import org.wso2.carbon.device.mgt.common.configuration.mgt.ConfigurationManagementException;
 import org.wso2.carbon.device.mgt.common.configuration.mgt.PlatformConfiguration;
 import org.wso2.carbon.device.mgt.iot.virtualfirealarm.service.impl.xmpp.XmppConfig;
 import org.wso2.carbon.utils.CarbonUtils;
-import org.wso2.carbon.utils.NetworkUtils;
 
 import java.io.BufferedInputStream;
 import java.io.BufferedOutputStream;
@@ -64,10 +63,10 @@ public class ZipUtil {
     private static final String HTTP_PORT_PROPERTY = "httpPort";
 
     private static final String LOCALHOST = "localhost";
-    private static final String HTTPS_PROTOCOL_APPENDER = "https://";
-    private static final String HTTP_PROTOCOL_APPENDER = "http://";
+    private static final String HTTPS_PROTOCOL_URL = "https://${iot.gateway.host}:${iot.gateway.https.port}";
+    private static final String HTTP_PROTOCOL_URL = "http://${iot.gateway.host}:${iot.gateway.http.port}";
     private static final String CONFIG_TYPE = "general";
-    private static final String DEFAULT_MQTT_ENDPOINT = "tcp://localhost:1886";
+    private static final String DEFAULT_MQTT_ENDPOINT = "tcp://${mqtt.broker.host}:${mqtt.broker.port}";
     public static final String HOST_NAME = "HostName";
 
     public ZipArchive createZipFile(String owner, String deviceType, String deviceId, String deviceName,
@@ -83,13 +82,13 @@ public class ZipUtil {
 
         try {
             iotServerIP = getServerUrl();
-            String httpsServerPort = System.getProperty(HTTPS_PORT_PROPERTY);
-            String httpServerPort = System.getProperty(HTTP_PORT_PROPERTY);
-            String httpsServerEP = HTTPS_PROTOCOL_APPENDER + iotServerIP + ":" + httpsServerPort;
-            String httpServerEP = HTTP_PROTOCOL_APPENDER + iotServerIP + ":" + httpServerPort;
-            String mqttEndpoint = DEFAULT_MQTT_ENDPOINT;
+            String httpsServerEP = Utils.replaceSystemProperty(HTTPS_PROTOCOL_URL);
+            String httpServerEP = Utils.replaceSystemProperty(HTTP_PROTOCOL_URL);
+            String mqttEndpoint = Utils.replaceSystemProperty(DEFAULT_MQTT_ENDPOINT);
             if (mqttEndpoint.contains(LOCALHOST)) {
                 mqttEndpoint = mqttEndpoint.replace(LOCALHOST, iotServerIP);
+                httpsServerEP = httpsServerEP.replace(LOCALHOST, iotServerIP);
+                httpServerEP = httpServerEP.replace(LOCALHOST, iotServerIP);
             }
 
             String xmppEndpoint = "";
@@ -161,16 +160,12 @@ public class ZipUtil {
     }
 
     public static String getServerUrl() {
-        String hostName = ServerConfiguration.getInstance().getFirstProperty(HOST_NAME);
         try {
-            if (hostName == null) {
-                hostName = NetworkUtils.getLocalHostname();
-            }
+            return org.apache.axis2.util.Utils.getIpAddress();
         } catch (SocketException e) {
-            hostName = "localhost";
             log.warn("Failed retrieving the hostname, therefore set to localhost", e);
+            return "localhost";
         }
-        return hostName;
     }
 
     public static ZipArchive getSketchArchive(String archivesPath, String templateSketchPath, Map contextParams

components/device-types/virtual-fire-alarm-plugin/org.wso2.carbon.device.mgt.iot.virtualfirealarm.api/src/main/webapp/WEB-INF/web.xml

@@ -16,18 +16,10 @@
         <servlet-name>CXFServlet</servlet-name>
         <url-pattern>/*</url-pattern>
     </servlet-mapping>
-    <context-param>
-        <param-name>isAdminService</param-name>
-        <param-value>false</param-value>
-    </context-param>
     <context-param>
         <param-name>doAuthentication</param-name>
         <param-value>true</param-value>
     </context-param>
-    <context-param>
-        <param-name>providerTenantDomain</param-name>
-        <param-value>carbon.super</param-value>
-    </context-param>
 
     <!--publish to apim-->
     <context-param>

components/device-types/virtual-fire-alarm-plugin/org.wso2.carbon.device.mgt.iot.virtualfirealarm.ui/src/main/resources/jaggeryapps/devicemgt/app/units/cdmf.unit.device.type.virtual_firealarm.type-view/private/config.json

@@ -3,6 +3,9 @@
     "label": "Virtual Firealarm",
     "category": "virtual",
     "downloadAgentUri": "virtual_firealarm/device/download",
+    "scopes" : [
+      "perm:firealarm:enroll"
+    ],
     "features": {
       "buzz": {
         "icon" : "fw-dial-up"

components/extensions/cdmf-transport-adapters/input/org.wso2.carbon.device.mgt.input.adapter.mqtt/src/main/resources/org/wso2/carbon/device/mgt/input/adapter/mqtt/i18n/Resources.properties

@@ -31,7 +31,7 @@ dcrUrl=dcrUrl
 dcrUrl.hint=dynamic client registration endpoint URL to create application (if required) eg: https://localhost:9443/dynamic-client-web/register
 contentValidator=contentValidation
 contentValidator.hint=Class Name of the content Validation or 'default' to set default class, required to implement  (if required)
-url.hint=MQTT broker url tcp://localhost:1886
+url.hint=MQTT broker url tcp://localhost:1883
 cleanSession=Clean Session
 cleanSession.hint=Persist topic subscriptions and ack positions across client sessions
 keepAlive=Keep Alive (In seconds)

components/extensions/cdmf-transport-adapters/output/org.wso2.carbon.device.mgt.output.adapter.websocket/src/main/java/org/wso2/carbon/device/mgt/output/adapter/websocket/authorization/DeviceAuthorizer.java

@@ -61,6 +61,11 @@ public class DeviceAuthorizer implements Authorizer {
     @Override
     public void init(Map<String, String> globalProperties) {
         statPermissions = getPermissions(globalProperties);
+        if (statPermissions != null && !statPermissions.isEmpty()) {
+            for (String permission : statPermissions) {
+                PermissionUtil.putPermission(permission);
+            }
+        }
         try {
             deviceAccessAuthorizationAdminService = Feign.builder()
                     .requestInterceptor(new OAuthRequestInterceptor(globalProperties))

components/extensions/cdmf-transport-adapters/output/org.wso2.carbon.device.mgt.output.adapter.websocket/src/main/java/org/wso2/carbon/device/mgt/output/adapter/websocket/authorization/PermissionUtil.java

@@ -0,0 +1,76 @@
+/*
+ * Copyright (c) 2015, WSO2 Inc. (http://www.wso2.org) All Rights Reserved.
+ *
+ * WSO2 Inc. licenses this file to you under the Apache License,
+ * Version 2.0 (the "License"); you may not use this file except
+ * in compliance with the License.
+ * you may obtain a copy of the License at
+ *
+ *   http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing,
+ * software distributed under the License is distributed on an
+ * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+ * KIND, either express or implied.  See the License for the
+ * specific language governing permissions and limitations
+ * under the License.
+ */
+package org.wso2.carbon.device.mgt.output.adapter.websocket.authorization;
+
+import org.apache.commons.logging.Log;
+import org.apache.commons.logging.LogFactory;
+import org.wso2.carbon.base.MultitenantConstants;
+import org.wso2.carbon.device.mgt.output.adapter.websocket.internal.WebsocketEventAdaptorServiceDataHolder;
+import org.wso2.carbon.registry.api.Resource;
+import org.wso2.carbon.registry.core.Registry;
+import org.wso2.carbon.registry.core.exceptions.RegistryException;
+
+import java.util.StringTokenizer;
+
+/**
+ * Utility class which holds necessary utility methods required for persisting permissions in
+ * registry.
+ */
+public class PermissionUtil {
+
+    public static final String PERMISSION_PROPERTY_NAME = "name";
+    private static Log log = LogFactory.getLog(DeviceAuthorizer.class);
+
+    public static void putPermission(String permission) {
+        try {
+            StringTokenizer tokenizer = new StringTokenizer(permission, "/");
+            String lastToken = "", currentToken, tempPath;
+            while (tokenizer.hasMoreTokens()) {
+                currentToken = tokenizer.nextToken();
+                tempPath = lastToken + "/" + currentToken;
+                if (!checkResourceExists(tempPath)) {
+                    createRegistryCollection(tempPath, currentToken);
+
+                }
+                lastToken = tempPath;
+            }
+        } catch (org.wso2.carbon.registry.api.RegistryException e) {
+            log.error("Failed to creation permission in registry" + permission, e);
+        }
+    }
+
+    public static void createRegistryCollection(String path, String resourceName)
+            throws org.wso2.carbon.registry.api.RegistryException {
+        Resource resource = getGovernanceRegistry().newCollection();
+        resource.addProperty(PERMISSION_PROPERTY_NAME, resourceName);
+        getGovernanceRegistry().beginTransaction();
+        getGovernanceRegistry().put(path, resource);
+        getGovernanceRegistry().commitTransaction();
+    }
+
+    public static boolean checkResourceExists(String path)
+            throws RegistryException {
+        return getGovernanceRegistry().resourceExists(path);
+    }
+
+    public static Registry getGovernanceRegistry() throws RegistryException {
+        return WebsocketEventAdaptorServiceDataHolder.getRegistryService()
+                    .getGovernanceSystemRegistry(MultitenantConstants.SUPER_TENANT_ID);
+    }
+
+}

components/extensions/cdmf-transport-adapters/output/org.wso2.carbon.device.mgt.output.adapter.websocket/src/main/java/org/wso2/carbon/device/mgt/output/adapter/websocket/authorization/client/OAuthRequestInterceptor.java

@@ -45,6 +45,7 @@ public class OAuthRequestInterceptor implements RequestInterceptor {
     private static final String APPLICATION_NAME = "websocket-app";
     private static final String PASSWORD_GRANT_TYPE = "password";
     private static final String REFRESH_GRANT_TYPE = "refresh_token";
+    private static final String REQUIRED_SCOPE = "perm:authorization:verify";
     private ApiApplicationRegistrationService apiApplicationRegistrationService;
     private TokenIssuerService tokenIssuerService;
 
@@ -76,7 +77,6 @@ public class OAuthRequestInterceptor implements RequestInterceptor {
             username = getUsername(globalProperties);
             password = getPassword(globalProperties);
             tokenEndpoint = getTokenEndpoint(globalProperties);
-            scopes = getScopes(globalProperties);
             apiApplicationRegistrationService = Feign.builder().requestInterceptor(
                     new BasicAuthRequestInterceptor(username, password))
                     .contract(new JAXRSContract()).encoder(new GsonEncoder()).decoder(new GsonDecoder())
@@ -104,11 +104,7 @@ public class OAuthRequestInterceptor implements RequestInterceptor {
                     new BasicAuthRequestInterceptor(consumerKey, consumerSecret))
                     .contract(new JAXRSContract()).encoder(new GsonEncoder()).decoder(new GsonDecoder())
                     .target(TokenIssuerService.class, tokenEndpoint);
-            if (scopes == null || scopes.isEmpty()) {
-                tokenInfo = tokenIssuerService.getToken(PASSWORD_GRANT_TYPE, username, password);
-            } else {
-                tokenInfo = tokenIssuerService.getToken(PASSWORD_GRANT_TYPE, username, password, scopes);
-            }
+            tokenInfo = tokenIssuerService.getToken(PASSWORD_GRANT_TYPE, username, password, REQUIRED_SCOPE);
             tokenInfo.setExpires_in(System.currentTimeMillis() + tokenInfo.getExpires_in());
         }
         synchronized(this) {
@@ -163,9 +159,4 @@ public class OAuthRequestInterceptor implements RequestInterceptor {
         return refreshTimeOffset;
     }
 
-    private String getScopes(Map<String, String> globalProperties) {
-        return globalProperties.get(TOKEN_SCOPES);
-    }
-
-
 }

components/extensions/cdmf-transport-adapters/output/org.wso2.carbon.device.mgt.output.adapter.websocket/src/main/java/org/wso2/carbon/device/mgt/output/adapter/websocket/authorization/client/dto/TokenIssuerService.java

@@ -27,6 +27,7 @@
 package org.wso2.carbon.device.mgt.output.adapter.websocket.authorization.client.dto;
 
 import javax.ws.rs.Consumes;
+import javax.ws.rs.FormParam;
 import javax.ws.rs.POST;
 import javax.ws.rs.Path;
 import javax.ws.rs.Produces;
@@ -48,7 +49,7 @@ public interface TokenIssuerService {
     @Produces(MediaType.APPLICATION_JSON)
     @Consumes(MediaType.APPLICATION_FORM_URLENCODED)
     AccessTokenInfo getToken(@QueryParam("grant_type") String grant, @QueryParam("username") String username,
-                             @QueryParam("password") String password, @QueryParam("scopes") String scopes);
+                             @QueryParam("password") String password, @QueryParam("scope") String scopes);
 
     @POST
     @Produces(MediaType.APPLICATION_JSON)

components/extensions/cdmf-transport-adapters/output/org.wso2.carbon.device.mgt.output.adapter.websocket/src/main/java/org/wso2/carbon/device/mgt/output/adapter/websocket/internal/WebsocketEventAdaptorServiceDataHolder.java

@@ -20,6 +20,7 @@ package org.wso2.carbon.device.mgt.output.adapter.websocket.internal;
 
 import org.wso2.carbon.device.mgt.output.adapter.websocket.WebsocketOutputCallbackControllerServiceImpl;
 import org.wso2.carbon.event.stream.core.EventStreamService;
+import org.wso2.carbon.registry.core.service.RegistryService;
 
 import java.util.concurrent.ConcurrentHashMap;
 import java.util.concurrent.LinkedBlockingDeque;
@@ -35,6 +36,7 @@ public final class WebsocketEventAdaptorServiceDataHolder {
     private static ConcurrentHashMap<Integer, ConcurrentHashMap<String, LinkedBlockingDeque<Object>>>
             tenantSpecificStreamEventMap = new ConcurrentHashMap<>();
     private static EventStreamService eventStreamService;
+    private static RegistryService registryService;
 
     public static void registerEventStreamService(EventStreamService eventBuilderService) {
         WebsocketEventAdaptorServiceDataHolder.eventStreamService = eventBuilderService;
@@ -63,4 +65,15 @@ public final class WebsocketEventAdaptorServiceDataHolder {
     getTenantSpecificStreamEventMap() {
         return tenantSpecificStreamEventMap;
     }
+
+    public static RegistryService getRegistryService() {
+        if (registryService == null) {
+            throw new IllegalStateException("Registry service is not initialized properly");
+        }
+        return registryService;
+    }
+
+    public static void setRegistryService(RegistryService registryService) {
+        WebsocketEventAdaptorServiceDataHolder.registryService = registryService;
+    }
 }

components/extensions/cdmf-transport-adapters/output/org.wso2.carbon.device.mgt.output.adapter.websocket/src/main/java/org/wso2/carbon/device/mgt/output/adapter/websocket/internal/WebsocketLocalEventAdapterServiceComponent.java

@@ -26,12 +26,19 @@ import org.wso2.carbon.device.mgt.output.adapter.websocket.WebsocketOutputCallba
 import org.wso2.carbon.event.output.adapter.core.OutputEventAdapterFactory;
 import org.wso2.carbon.device.mgt.output.adapter.websocket.WebsocketOutputCallbackControllerService;
 import org.wso2.carbon.event.stream.core.EventStreamService;
+import org.wso2.carbon.registry.core.service.RegistryService;
 
 /**
  * @scr.component component.name="output.extensions.secured.websocket.AdapterService.component" immediate="true"
  * @scr.reference name="eventStreamService.service"
  * interface="org.wso2.carbon.event.stream.core.EventStreamService" cardinality="1..1"
  * policy="dynamic" bind="setEventStreamService" unbind="unsetEventStreamService"
+ * @scr.reference name="registry.service"
+ * interface="org.wso2.carbon.registry.core.service.RegistryService"
+ * cardinality="1..1"
+ * policy="dynamic"
+ * bind="setRegistryService"
+ * unbind="unsetRegistryService"
  */
 public class WebsocketLocalEventAdapterServiceComponent {
 
@@ -80,4 +87,28 @@ public class WebsocketLocalEventAdapterServiceComponent {
         }
         WebsocketEventAdaptorServiceDataHolder.registerEventStreamService(null);
     }
+
+    /**
+     * Sets Registry Service.
+     *
+     * @param registryService An instance of RegistryService
+     */
+    protected void setRegistryService(RegistryService registryService) {
+        if (log.isDebugEnabled()) {
+            log.debug("Setting Registry Service");
+        }
+        WebsocketEventAdaptorServiceDataHolder.setRegistryService(registryService);
+    }
+
+    /**
+     * Unsets Registry Service.
+     *
+     * @param registryService An instance of RegistryService
+     */
+    protected void unsetRegistryService(RegistryService registryService) {
+        if (log.isDebugEnabled()) {
+            log.debug("Un setting Registry Service");
+        }
+        WebsocketEventAdaptorServiceDataHolder.setRegistryService(null);
+    }
 }

components/extensions/mb-extensions/org.wso2.carbon.andes.extensions.device.mgt.mqtt.authorization/src/main/java/org/wso2/carbon/andes/extensions/device/mgt/mqtt/authorization/client/OAuthRequestInterceptor.java

@@ -18,6 +18,8 @@ import feign.Feign;
 import feign.RequestInterceptor;
 import feign.RequestTemplate;
 import feign.auth.BasicAuthRequestInterceptor;
+import feign.codec.EncodeException;
+import feign.codec.Encoder;
 import feign.gson.GsonDecoder;
 import feign.gson.GsonEncoder;
 import feign.jaxrs.JAXRSContract;
@@ -40,6 +42,7 @@ public class OAuthRequestInterceptor implements RequestInterceptor {
     private static final String APPLICATION_NAME = "mqtt_broker";
     private static final String PASSWORD_GRANT_TYPE = "password";
     private static final String REFRESH_GRANT_TYPE = "refresh_token";
+    private static final String REQUIRED_SCOPE = "perm:authorization:verify";
     private ApiApplicationRegistrationService apiApplicationRegistrationService;
     private TokenIssuerService tokenIssuerService;
 
@@ -75,8 +78,9 @@ public class OAuthRequestInterceptor implements RequestInterceptor {
             tokenIssuerService = Feign.builder().requestInterceptor(
                     new BasicAuthRequestInterceptor(consumerKey, consumerSecret))
                     .contract(new JAXRSContract()).encoder(new GsonEncoder()).decoder(new GsonDecoder())
-                    .target(TokenIssuerService.class, AuthorizationConfigurationManager.getInstance().getTokenEndpoint());
-            tokenInfo = tokenIssuerService.getToken(PASSWORD_GRANT_TYPE, username, password);
+                    .target(TokenIssuerService.class,
+                            AuthorizationConfigurationManager.getInstance().getTokenEndpoint());
+            tokenInfo = tokenIssuerService.getToken(PASSWORD_GRANT_TYPE, username, password, REQUIRED_SCOPE);
             tokenInfo.setExpires_in(System.currentTimeMillis() + tokenInfo.getExpires_in());
         }
         synchronized (this) {
@@ -89,5 +93,4 @@ public class OAuthRequestInterceptor implements RequestInterceptor {
         template.header("Authorization", headerValue);
     }
 
-
 }

components/extensions/mb-extensions/org.wso2.carbon.andes.extensions.device.mgt.mqtt.authorization/src/main/java/org/wso2/carbon/andes/extensions/device/mgt/mqtt/authorization/client/dto/TokenIssuerService.java

@@ -33,6 +33,12 @@ public interface TokenIssuerService {
     AccessTokenInfo getToken(@QueryParam("grant_type") String grant, @QueryParam("username") String username,
                              @QueryParam("password") String password);
 
+    @POST
+    @Produces(MediaType.APPLICATION_JSON)
+    @Consumes(MediaType.APPLICATION_FORM_URLENCODED)
+    AccessTokenInfo getToken(@QueryParam("grant_type") String grant, @QueryParam("username") String username,
+                             @QueryParam("password") String password, @QueryParam("scope") String scopes);
+
     @POST
     @Produces(MediaType.APPLICATION_JSON)
     @Consumes(MediaType.APPLICATION_FORM_URLENCODED)

components/mobile-plugins/android-plugin/org.wso2.carbon.device.mgt.mobile.android.api/src/main/webapp/WEB-INF/web.xml

@@ -42,11 +42,6 @@
     <session-config>
         <session-timeout>60</session-timeout>
     </session-config>
-
-    <context-param>
-        <param-name>isAdminService</param-name>
-        <param-value>false</param-value>
-    </context-param>
     <context-param>
         <param-name>managed-api-enabled</param-name>
         <param-value>true</param-value>

components/mobile-plugins/android-plugin/org.wso2.carbon.device.mgt.mobile.android.ui/src/main/resources/jaggeryapps/devicemgt/app/units/cdmf.unit.device.type.android.type-view/private/config.json

@@ -4,6 +4,9 @@
         "category": "mobile",
         "analyticsEnabled": "false",
         "groupingEnabled": "false",
+        "scopes" : [
+          "perm:android:enroll"
+        ],
         "features": {
             "DEVICE_RING": {
                 "icon": "fw-dial-up",

components/mobile-plugins/windows-plugin/org.wso2.carbon.device.mgt.mobile.windows.api/src/main/webapp/WEB-INF/web.xml

@@ -48,10 +48,6 @@
     <session-config>
         <session-timeout>60</session-timeout>
     </session-config>
-    <context-param>
-        <param-name>isAdminService</param-name>
-        <param-value>false</param-value>
-    </context-param>
     <context-param>
         <param-name>managed-api-enabled</param-name>
         <param-value>true</param-value>

components/mobile-plugins/windows-plugin/org.wso2.carbon.device.mgt.mobile.windows.ui/src/main/resources/jaggeryapps/devicemgt/app/units/cdmf.unit.device.type.windows.type-view/private/config.json

@@ -2,6 +2,9 @@
     "deviceType": {
         "label": "Windows",
         "category": "mobile",
+        "scopes" : [
+          "perm:windows:enroll"
+        ],
         "analyticsEnabled": "false",
         "groupingEnabled": "false",
         "features": {