From 520c07693dc0123bb68b5445e9118f71ea45b3e1 Mon Sep 17 00:00:00 2001 From: harshanl Date: Mon, 2 Nov 2015 20:45:43 +0530 Subject: [PATCH 1/4] Added support for non-secured endpoints within a security enabled webapp --- .../framework/WebappAuthenticationValve.java | 38 +++++++++++++++++-- 1 file changed, 34 insertions(+), 4 deletions(-) diff --git a/components/webapp-authenticator-framework/org.wso2.carbon.webapp.authenticator.framework/src/main/java/org/wso2/carbon/webapp/authenticator/framework/WebappAuthenticationValve.java b/components/webapp-authenticator-framework/org.wso2.carbon.webapp.authenticator.framework/src/main/java/org/wso2/carbon/webapp/authenticator/framework/WebappAuthenticationValve.java index bdc5428984..f6f077e100 100644 --- a/components/webapp-authenticator-framework/org.wso2.carbon.webapp.authenticator.framework/src/main/java/org/wso2/carbon/webapp/authenticator/framework/WebappAuthenticationValve.java +++ b/components/webapp-authenticator-framework/org.wso2.carbon.webapp.authenticator.framework/src/main/java/org/wso2/carbon/webapp/authenticator/framework/WebappAuthenticationValve.java @@ -29,6 +29,7 @@ import org.wso2.carbon.webapp.authenticator.framework.authenticator.WebappAuthen import javax.servlet.http.HttpServletResponse; import java.util.Arrays; +import java.util.HashMap; import java.util.List; import java.util.StringTokenizer; @@ -36,6 +37,7 @@ public class WebappAuthenticationValve extends CarbonTomcatValve { private static final Log log = LogFactory.getLog(WebappAuthenticationValve.class); private static final String BYPASS_URIS = "bypass-uris"; + private static HashMap nonSecuredEndpoints = new HashMap<>(); @Override public void invoke(Request request, Response response, CompositeValve compositeValve) { @@ -90,7 +92,7 @@ public class WebappAuthenticationValve extends CarbonTomcatValve { private boolean skipAuthentication(Request request) { String param = request.getContext().findParameter("doAuthentication"); - return (param == null || !Boolean.parseBoolean(param)); + return (param == null || !Boolean.parseBoolean(param) || isNonSecuredEndPoint(request)); } private boolean isContextSkipped(Request request) { @@ -112,6 +114,35 @@ public class WebappAuthenticationValve extends CarbonTomcatValve { return (ctx.equalsIgnoreCase("carbon") || ctx.equalsIgnoreCase("services")); } + private boolean isNonSecuredEndPoint(Request request) { + String uri = request.getRequestURI(); + if(!uri.endsWith("/")) { + uri = uri + "/"; + } + String ctx = request.getContextPath(); + //Check the context in nonSecuredEndpoints. If so it means current context is a skippedContext. + if (nonSecuredEndpoints.containsKey(uri)) { + return true; + } + String param = request.getContext().findParameter("nonSecuredEndPoints"); + String skippedEndPoint; + if (param != null && !param.isEmpty()) { + //Add the nonSecured end-points to cache + StringTokenizer tokenizer = new StringTokenizer(param, ","); + while (tokenizer.hasMoreTokens()) { + skippedEndPoint = ctx + tokenizer.nextToken(); + if(!skippedEndPoint.endsWith("/")) { + skippedEndPoint = skippedEndPoint + "/"; + } + nonSecuredEndpoints.put(skippedEndPoint, "true"); + } + if (nonSecuredEndpoints.containsKey(uri)) { + return true; + } + } + return false; + } + private void processRequest(Request request, Response response, CompositeValve compositeValve, AuthenticationInfo authenticationInfo) { switch (authenticationInfo.getStatus()) { @@ -121,7 +152,7 @@ public class WebappAuthenticationValve extends CarbonTomcatValve { break; case FAILURE: String msg = "Failed to authorize incoming request"; - if(authenticationInfo.getMessage() != null && !authenticationInfo.getMessage().isEmpty()) { + if (authenticationInfo.getMessage() != null && !authenticationInfo.getMessage().isEmpty()) { msg = authenticationInfo.getMessage(); response.setHeader("WWW-Authenticate", msg); } @@ -132,5 +163,4 @@ public class WebappAuthenticationValve extends CarbonTomcatValve { break; } } - -} +} \ No newline at end of file From 2b9239d2086dc860ca558f74a87a6160fb17241a Mon Sep 17 00:00:00 2001 From: harshanl Date: Tue, 3 Nov 2015 14:29:38 +0530 Subject: [PATCH 2/4] Optimized the authenticator framework --- .../framework/WebappAuthenticationValve.java | 17 +---------------- 1 file changed, 1 insertion(+), 16 deletions(-) diff --git a/components/webapp-authenticator-framework/org.wso2.carbon.webapp.authenticator.framework/src/main/java/org/wso2/carbon/webapp/authenticator/framework/WebappAuthenticationValve.java b/components/webapp-authenticator-framework/org.wso2.carbon.webapp.authenticator.framework/src/main/java/org/wso2/carbon/webapp/authenticator/framework/WebappAuthenticationValve.java index f6f077e100..bf9a80e5ca 100644 --- a/components/webapp-authenticator-framework/org.wso2.carbon.webapp.authenticator.framework/src/main/java/org/wso2/carbon/webapp/authenticator/framework/WebappAuthenticationValve.java +++ b/components/webapp-authenticator-framework/org.wso2.carbon.webapp.authenticator.framework/src/main/java/org/wso2/carbon/webapp/authenticator/framework/WebappAuthenticationValve.java @@ -36,7 +36,6 @@ import java.util.StringTokenizer; public class WebappAuthenticationValve extends CarbonTomcatValve { private static final Log log = LogFactory.getLog(WebappAuthenticationValve.class); - private static final String BYPASS_URIS = "bypass-uris"; private static HashMap nonSecuredEndpoints = new HashMap<>(); @Override @@ -47,21 +46,6 @@ public class WebappAuthenticationValve extends CarbonTomcatValve { return; } - String byPassURIs = request.getContext().findParameter(WebappAuthenticationValve.BYPASS_URIS); - - if (byPassURIs != null && !byPassURIs.isEmpty()) { - List requestURI = Arrays.asList(byPassURIs.split(",")); - if (requestURI != null && requestURI.size() > 0) { - for (String pathURI : requestURI) { - pathURI = pathURI.replace("\n", "").replace("\r", "").trim(); - if (request.getRequestURI().equals(pathURI)) { - this.getNext().invoke(request, response, compositeValve); - return; - } - } - } - } - WebappAuthenticator authenticator = WebappAuthenticatorFactory.getAuthenticator(request); if (authenticator == null) { String msg = "Failed to load an appropriate authenticator to authenticate the request"; @@ -131,6 +115,7 @@ public class WebappAuthenticationValve extends CarbonTomcatValve { StringTokenizer tokenizer = new StringTokenizer(param, ","); while (tokenizer.hasMoreTokens()) { skippedEndPoint = ctx + tokenizer.nextToken(); + skippedEndPoint = skippedEndPoint.replace("\n", "").replace("\r", "").trim(); if(!skippedEndPoint.endsWith("/")) { skippedEndPoint = skippedEndPoint + "/"; } From 30c53b7d1455a75264cc778b26727d4a0ba4a4ba Mon Sep 17 00:00:00 2001 From: geethkokila Date: Tue, 3 Nov 2015 16:24:49 +0530 Subject: [PATCH 3/4] Fixing the EMM-900, Ading the LB host name and port to the email url --- .../config/email/EmailConfigurations.java | 20 +++++++++++++++++++ .../DeviceManagementProviderServiceImpl.java | 16 +++++++++++++++ .../src/main/resources/conf/cdm-config.xml | 2 ++ 3 files changed, 38 insertions(+) diff --git a/components/device-mgt/org.wso2.carbon.device.mgt.core/src/main/java/org/wso2/carbon/device/mgt/core/config/email/EmailConfigurations.java b/components/device-mgt/org.wso2.carbon.device.mgt.core/src/main/java/org/wso2/carbon/device/mgt/core/config/email/EmailConfigurations.java index b0a242df46..b0e3a9009a 100644 --- a/components/device-mgt/org.wso2.carbon.device.mgt.core/src/main/java/org/wso2/carbon/device/mgt/core/config/email/EmailConfigurations.java +++ b/components/device-mgt/org.wso2.carbon.device.mgt.core/src/main/java/org/wso2/carbon/device/mgt/core/config/email/EmailConfigurations.java @@ -28,6 +28,8 @@ public class EmailConfigurations { private int maxNumOfThread; private int keepAliveTime; private int threadQueueCapacity; + private String lBHostPortPrefix; + private String enrollmentContextPath; @XmlElement(name = "minimumThread", required = true) public int getMinNumOfThread() { @@ -62,4 +64,22 @@ public class EmailConfigurations { public void setThreadQueueCapacity(int threadQueueCapacity) { this.threadQueueCapacity = threadQueueCapacity; } + + @XmlElement(name = "LBHostPortPrefix", required = true) + public String getlBHostPortPrefix() { + return lBHostPortPrefix; + } + + public void setlBHostPortPrefix(String lBHostPortPrefix) { + this.lBHostPortPrefix = lBHostPortPrefix; + } + + @XmlElement(name = "enrollmentContextPath", required = true) + public String getEnrollmentContextPath() { + return enrollmentContextPath; + } + + public void setEnrollmentContextPath(String enrollmentContextPath) { + this.enrollmentContextPath = enrollmentContextPath; + } } diff --git a/components/device-mgt/org.wso2.carbon.device.mgt.core/src/main/java/org/wso2/carbon/device/mgt/core/service/DeviceManagementProviderServiceImpl.java b/components/device-mgt/org.wso2.carbon.device.mgt.core/src/main/java/org/wso2/carbon/device/mgt/core/service/DeviceManagementProviderServiceImpl.java index 054e4c5e3b..26d5245ad0 100644 --- a/components/device-mgt/org.wso2.carbon.device.mgt.core/src/main/java/org/wso2/carbon/device/mgt/core/service/DeviceManagementProviderServiceImpl.java +++ b/components/device-mgt/org.wso2.carbon.device.mgt.core/src/main/java/org/wso2/carbon/device/mgt/core/service/DeviceManagementProviderServiceImpl.java @@ -29,6 +29,7 @@ import org.wso2.carbon.device.mgt.common.operation.mgt.OperationManagementExcept import org.wso2.carbon.device.mgt.common.spi.DeviceManagementService; import org.wso2.carbon.device.mgt.core.DeviceManagementPluginRepository; import org.wso2.carbon.device.mgt.core.config.DeviceConfigurationManager; +import org.wso2.carbon.device.mgt.core.config.email.EmailConfigurations; import org.wso2.carbon.device.mgt.core.config.email.NotificationMessages; import org.wso2.carbon.device.mgt.core.dao.*; import org.wso2.carbon.device.mgt.core.dto.DeviceType; @@ -494,6 +495,13 @@ public class DeviceManagementProviderServiceImpl implements DeviceManagementProv StringBuilder messageBuilder = new StringBuilder(); try { + + // Reading the download url from the cdm-config.xml file + EmailConfigurations emailConfig = + DeviceConfigurationManager.getInstance().getDeviceManagementConfig(). + getDeviceManagementConfigRepository().getEmailConfigurations(); + emailMessageProperties.setEnrolmentUrl(emailConfig.getlBHostPortPrefix()+ emailConfig.getEnrollmentContextPath()); + messageHeader = messageHeader.replaceAll("\\{" + EmailConstants.EnrolmentEmailConstants.FIRST_NAME + "\\}", URLEncoder.encode(emailMessageProperties.getFirstName(), EmailConstants.EnrolmentEmailConstants.ENCODED_SCHEME)); @@ -549,6 +557,14 @@ public class DeviceManagementProviderServiceImpl implements DeviceManagementProv StringBuilder messageBuilder = new StringBuilder(); try { + + // Reading the download url from the cdm-config.xml file + EmailConfigurations emailConfig = + DeviceConfigurationManager.getInstance().getDeviceManagementConfig(). + getDeviceManagementConfigRepository().getEmailConfigurations(); + emailMessageProperties.setEnrolmentUrl(emailConfig.getlBHostPortPrefix()+ emailConfig.getEnrollmentContextPath()); + + messageHeader = messageHeader.replaceAll("\\{" + EmailConstants.EnrolmentEmailConstants.FIRST_NAME + "\\}", URLEncoder.encode(emailMessageProperties.getFirstName(), EmailConstants.EnrolmentEmailConstants.ENCODED_SCHEME)); diff --git a/features/device-mgt/org.wso2.carbon.device.mgt.server.feature/src/main/resources/conf/cdm-config.xml b/features/device-mgt/org.wso2.carbon.device.mgt.server.feature/src/main/resources/conf/cdm-config.xml index 0f5861cc1d..2fdabf455a 100644 --- a/features/device-mgt/org.wso2.carbon.device.mgt.server.feature/src/main/resources/conf/cdm-config.xml +++ b/features/device-mgt/org.wso2.carbon.device.mgt.server.feature/src/main/resources/conf/cdm-config.xml @@ -29,6 +29,8 @@ 100 20 1000 + https://localhost:9443 + /mdm/enrollment https://localhost:9443 From 74a3b0e3460d844dc4fcbd52403921d2d8e5f674 Mon Sep 17 00:00:00 2001 From: harshanl Date: Tue, 3 Nov 2015 18:58:52 +0530 Subject: [PATCH 4/4] Fixed EMM-910 --- .../mgt/core/service/DeviceManagementProviderServiceImpl.java | 4 +++- 1 file changed, 3 insertions(+), 1 deletion(-) diff --git a/components/device-mgt/org.wso2.carbon.device.mgt.core/src/main/java/org/wso2/carbon/device/mgt/core/service/DeviceManagementProviderServiceImpl.java b/components/device-mgt/org.wso2.carbon.device.mgt.core/src/main/java/org/wso2/carbon/device/mgt/core/service/DeviceManagementProviderServiceImpl.java index 054e4c5e3b..979adf852f 100644 --- a/components/device-mgt/org.wso2.carbon.device.mgt.core/src/main/java/org/wso2/carbon/device/mgt/core/service/DeviceManagementProviderServiceImpl.java +++ b/components/device-mgt/org.wso2.carbon.device.mgt.core/src/main/java/org/wso2/carbon/device/mgt/core/service/DeviceManagementProviderServiceImpl.java @@ -144,7 +144,9 @@ public class DeviceManagementProviderServiceImpl implements DeviceManagementProv this.modifyEnrollment(device); status = true; } else { - this.setStatus(deviceIdentifier, existingEnrolmentInfo.getOwner(), EnrolmentInfo.Status.INACTIVE); + if (!EnrolmentInfo.Status.REMOVED.equals(existingEnrolmentInfo.getStatus())) { + this.setStatus(deviceIdentifier, existingEnrolmentInfo.getOwner(), EnrolmentInfo.Status.INACTIVE); + } int enrolmentId; try { DeviceManagementDAOFactory.beginTransaction();