Merge branch 'kernel-4.6.2' into 'kernel-4.6.x'

changes done to fix tenant login issue

See merge request entgra/carbon-device-mgt!792
kernel-4.6.x
Pahansith Gunathilake 3 years ago
commit ff747fa797

@ -21,11 +21,15 @@ import org.apache.axis2.context.ConfigurationContext;
import org.apache.commons.logging.Log; import org.apache.commons.logging.Log;
import org.apache.commons.logging.LogFactory; import org.apache.commons.logging.LogFactory;
import org.wso2.carbon.context.PrivilegedCarbonContext; import org.wso2.carbon.context.PrivilegedCarbonContext;
import org.wso2.carbon.device.mgt.core.DeviceManagementConstants;
import org.wso2.carbon.device.mgt.core.DeviceManagementConstants.User; import org.wso2.carbon.device.mgt.core.DeviceManagementConstants.User;
import org.wso2.carbon.user.api.AuthorizationManager;
import org.wso2.carbon.user.api.Permission;
import org.wso2.carbon.user.api.UserRealm; import org.wso2.carbon.user.api.UserRealm;
import org.wso2.carbon.user.api.UserStoreException; import org.wso2.carbon.user.api.UserStoreException;
import org.wso2.carbon.user.api.UserStoreManager; import org.wso2.carbon.user.api.UserStoreManager;
import org.wso2.carbon.utils.AbstractAxis2ConfigurationContextObserver; import org.wso2.carbon.utils.AbstractAxis2ConfigurationContextObserver;
import org.wso2.carbon.utils.multitenancy.MultitenantConstants;
/** /**
* Load configuration files to tenant's registry. * Load configuration files to tenant's registry.
@ -48,10 +52,36 @@ public class TenantCreateObserver extends AbstractAxis2ConfigurationContextObser
UserStoreManager userStoreManager = UserStoreManager userStoreManager =
DeviceManagementDataHolder.getInstance().getRealmService().getTenantUserRealm(tenantId) DeviceManagementDataHolder.getInstance().getRealmService().getTenantUserRealm(tenantId)
.getUserStoreManager(); .getUserStoreManager();
AuthorizationManager authorizationManager = DeviceManagementDataHolder.getInstance().getRealmService()
.getTenantUserRealm(MultitenantConstants.SUPER_TENANT_ID).getAuthorizationManager();
String tenantAdminName = userRealm.getRealmConfiguration().getAdminUserName(); String tenantAdminName = userRealm.getRealmConfiguration().getAdminUserName();
userStoreManager.addRole(User.DEFAULT_DEVICE_USER, new String[]{tenantAdminName}, User.PERMISSIONS_FOR_DEVICE_USER);
userStoreManager.addRole(User.DEFAULT_DEVICE_ADMIN, new String[]{tenantAdminName}, if (!userStoreManager.isExistingRole(DeviceManagementConstants.User.DEFAULT_DEVICE_ADMIN)) {
User.PERMISSIONS_FOR_DEVICE_ADMIN); userStoreManager.addRole(
DeviceManagementConstants.User.DEFAULT_DEVICE_ADMIN,
null,
DeviceManagementConstants.User.PERMISSIONS_FOR_DEVICE_ADMIN);
} else {
for (Permission permission : DeviceManagementConstants.User.PERMISSIONS_FOR_DEVICE_ADMIN) {
authorizationManager.authorizeRole(DeviceManagementConstants.User.DEFAULT_DEVICE_ADMIN,
permission.getResourceId(), permission.getAction());
}
}
if (!userStoreManager.isExistingRole(DeviceManagementConstants.User.DEFAULT_DEVICE_USER)) {
userStoreManager.addRole(
DeviceManagementConstants.User.DEFAULT_DEVICE_USER,
null,
DeviceManagementConstants.User.PERMISSIONS_FOR_DEVICE_USER);
} else {
for (Permission permission : DeviceManagementConstants.User.PERMISSIONS_FOR_DEVICE_USER) {
authorizationManager.authorizeRole(DeviceManagementConstants.User.DEFAULT_DEVICE_USER,
permission.getResourceId(), permission.getAction());
}
}
userStoreManager.updateRoleListOfUser(tenantAdminName, null,
new String[] {DeviceManagementConstants.User.DEFAULT_DEVICE_ADMIN,
DeviceManagementConstants.User.DEFAULT_DEVICE_USER});
if (log.isDebugEnabled()) { if (log.isDebugEnabled()) {
log.debug("Device management roles: " + User.DEFAULT_DEVICE_USER + ", " + User.DEFAULT_DEVICE_ADMIN + log.debug("Device management roles: " + User.DEFAULT_DEVICE_USER + ", " + User.DEFAULT_DEVICE_ADMIN +
" created for the tenant:" + tenantDomain + "." " created for the tenant:" + tenantDomain + "."

@ -59,6 +59,7 @@ public class PermissionScopeHandler extends HttpServlet {
proxyResponse.setCode(HttpStatus.SC_OK); proxyResponse.setCode(HttpStatus.SC_OK);
proxyResponse.setData(jsonObject.toString()); proxyResponse.setData(jsonObject.toString());
HandlerUtil.handleSuccess(resp, proxyResponse); HandlerUtil.handleSuccess(resp, proxyResponse);
return;
} }
HandlerUtil.handleError(resp, null); HandlerUtil.handleError(resp, null);
} }

@ -507,8 +507,14 @@ public class HandlerUtil {
if (log.isDebugEnabled()) { if (log.isDebugEnabled()) {
log.debug("refreshing the token"); log.debug("refreshing the token");
} }
HttpPost tokenEndpoint = new HttpPost( String iotsCorePort = System.getProperty("iot.core.https.port");
gatewayUrl + HandlerConstants.TOKEN_ENDPOINT); if (HandlerConstants.HTTP_PROTOCOL.equals(req.getScheme())) {
iotsCorePort = System.getProperty("iot.core.http.port");
}
String iotsCoreUrl = req.getScheme() + HandlerConstants.SCHEME_SEPARATOR + System.getProperty("iot.core.host")
+ HandlerConstants.COLON + iotsCorePort;
HttpPost tokenEndpoint = new HttpPost(iotsCoreUrl + HandlerConstants.TOKEN_ENDPOINT);
HttpSession session = req.getSession(false); HttpSession session = req.getSession(false);
if (session == null) { if (session == null) {
log.error("Couldn't find a session, hence it is required to login and proceed."); log.error("Couldn't find a session, hence it is required to login and proceed.");

Loading…
Cancel
Save