Resolving conflicts

application-manager-new
geethkokila 7 years ago
commit 3efdeb23c9

@ -760,109 +760,6 @@
</goals>
</execution>
<execution>
<id>replace-web-xmls-in-war-files</id>
<phase>prepare-package</phase>
<goals>
<goal>run</goal>
</goals>
<configuration>
<tasks>
<property name="tempdir" value="target/webapp-temp" />
<property name="xmldir" value="src/core/resources/web-apps/web-xml" />
<property name="srcdir" value="${basedir}/../p2-profile/iot-core-profile/target/wso2carbon-core-${carbon.kernel.version}/wso2/deployment/server/webapps" />
<property name="wso2iothome" value="${basedir}/../p2-profile/iot-core-profile/target/wso2carbon-core-${carbon.kernel.version}" />
<property name="wso2analyticshome" value="${basedir}/../p2-profile/analytics-profile/target/wso2carbon-core-${carbon.kernel.version}" />
<property name="wso2brokerhome" value="${basedir}/../p2-profile/broker-profile/target/wso2carbon-core-${carbon.kernel.version}" />
<mkdir dir="${tempdir}" />
<mkdir dir="${tempdir}/api#identity#entitlement" />
<mkdir dir="${tempdir}/authenticationendpoint" />
<mkdir dir="${tempdir}/client-registration#v0.11" />
<mkdir dir="${tempdir}/oauth2" />
<mkdir dir="${tempdir}/shindig" />
<unzip dest="${tempdir}/api#identity#entitlement">
<fileset dir="${srcdir}">
<include name="api#identity#entitlement.war" />
</fileset>
</unzip>
<unzip dest="${tempdir}/authenticationendpoint">
<fileset dir="${srcdir}">
<include name="authenticationendpoint.war" />
</fileset>
</unzip>
<unzip dest="${tempdir}/client-registration#v0.11">
<fileset dir="${srcdir}">
<include name="client-registration#v0.11.war" />
</fileset>
</unzip>
<unzip dest="${tempdir}/oauth2">
<fileset dir="${srcdir}">
<include name="oauth2.war" />
</fileset>
</unzip>
<unzip dest="${tempdir}/shindig">
<fileset dir="${srcdir}">
<include name="shindig.war" />
</fileset>
</unzip>
<delete file="${tempdir}/api#identity#entitlement/WEB-INF/web.xml" />
<delete file="${tempdir}/authenticationendpoint/WEB-INF/web.xml" />
<delete file="${tempdir}/client-registration#v0.11/WEB-INF/web.xml" />
<delete file="${tempdir}/oauth2/WEB-INF/web.xml" />
<delete file="${tempdir}/shindig/WEB-INF/web.xml" />
<!--<delete>-->
<!--<fileset dir="${tempdir}/api-application-registration/WEB-INF/lib" includes="*" />-->
<!--</delete>-->
<!--<delete>-->
<!--<fileset dir="${tempdir}/api#certificate-mgt#v1.0/WEB-INF/lib" includes="*" />-->
<!--</delete>-->
<!--<delete>-->
<!--<fileset dir="${tempdir}/api#identity#entitlement/WEB-INF/lib" includes="*" />-->
<!--</delete>-->
<!--<delete>-->
<!--<fileset dir="${tempdir}/api#scep-mgt#v1.0/WEB-INF/lib" includes="*" />-->
<!--</delete>-->
<!--<delete>-->
<!--<fileset dir="${tempdir}/authenticationendpoint/WEB-INF/lib" includes="*" />-->
<!--</delete>-->
<!--<delete>-->
<!--<fileset dir="${tempdir}/client-registration#v0.11/WEB-INF/lib" includes="*" />-->
<!--</delete>-->
<!--<delete>-->
<!--<fileset dir="${tempdir}/oauth2/WEB-INF/lib" includes="*" />-->
<!--</delete>-->
<!--<delete>-->
<!--<fileset dir="${tempdir}/shindig/WEB-INF/lib" includes="*" />-->
<!--</delete>-->
<copy file="src/core/resources/web-apps/web-xml/api#identity#entitlement/web.xml" tofile="${tempdir}/api#identity#entitlement/WEB-INF/web.xml" />
<copy file="src/core/resources/web-apps/web-xml/authenticationendpoint/web.xml" tofile="${tempdir}/authenticationendpoint/WEB-INF/web.xml" />
<copy file="src/core/resources/web-apps/web-xml/client-registration#v0.11/web.xml" tofile="${tempdir}/client-registration#v0.11/WEB-INF/web.xml" />
<copy file="src/core/resources/web-apps/web-xml/oauth2/web.xml" tofile="${tempdir}/oauth2/WEB-INF/web.xml" />
<copy file="src/core/resources/web-apps/web-xml/shindig/web.xml" tofile="${tempdir}/shindig/WEB-INF/web.xml" />
<zip destfile="${tempdir}/api#identity#entitlement.war" basedir="${tempdir}/api#identity#entitlement" />
<zip destfile="${tempdir}/authenticationendpoint.war" basedir="${tempdir}/authenticationendpoint" />
<zip destfile="${tempdir}/client-registration#v0.11.war" basedir="${tempdir}/client-registration#v0.11" />
<zip destfile="${tempdir}/oauth2.war" basedir="${tempdir}/oauth2" />
<zip destfile="${tempdir}/shindig.war" basedir="${tempdir}/shindig" />
<mkdir dir="${tempdir}/registry" />
<unzip src="${wso2iothome}/wso2/components/plugins/org.wso2.carbon.registry.indexing_${carbon.registry.version}.jar" dest="${tempdir}/registry" />
<replace file="${tempdir}/registry/core.properties" token="dataDir=../../../../solr/data" value="dataDir=../../../solr/data" />
<zip destfile="${wso2analyticshome}/wso2/components/plugins/org.wso2.carbon.registry.indexing_${carbon.registry.version}.jar" basedir="${tempdir}/registry" />
<zip destfile="${wso2iothome}/wso2/components/plugins/org.wso2.carbon.registry.indexing_${carbon.registry.version}.jar" basedir="${tempdir}/registry" />
<zip destfile="${wso2brokerhome}/wso2/components/plugins/org.wso2.carbon.registry.indexing_${carbon.registry.version}.jar" basedir="${tempdir}/registry" />
</tasks>
</configuration>
</execution>
</executions>
</plugin>

@ -5,6 +5,12 @@ echo 'Loading spark environment variables '
export CARBON_SPARK_HOME=$CARBON_HOME
export _SPARK_ASSEMBLY=$CARBON_SPARK_HOME/../components/plugins/spark-core_2.10_*.wso2*.jar
export SPARK_SCALA_VERSION=2.10
export CARBON_CONFIG_DIR_PATH=$CARBON_HOME/conf
export CARBON_INTERNAL_LIB_DIR_PATH=$CARBON_HOME/../lib
export CARBON_EXTERNAL_LIB_DIR_PATH=$CARBON_HOME/../../lib
export CARBON_DROPINS_DIR_PATH=$CARBON_HOME/../../dropins
export COMPONENTS_REPO=$CARBON_HOME/../components/plugins
export CARBON_DATA_DIR_PATH=$CARBON_HOME/repository/data
# *** jars will be added to the spark classpath in the code itself. check DAS-105
# export SPARK_CLASSPATH=`java -cp $CARBON_SPARK_HOME/repository/components/plugins/org.wso2.carbon.analytics.spark.utils*.jar org.wso2.carbon.analytics.spark.utils.ComputeClasspath $CARBON_HOME`
# export SPARK_CLASSPATH=$SPARK_CLASSPATH:$(echo $CARBON_SPARK_HOME/repository/components/lib/*.jar | tr ' ' ':')

@ -315,6 +315,13 @@ CARBON_CLASSPATH="$CARBON_CLASSPATH":"$CARBON_HOME/../components/plugins/"
#To monitor a Carbon server in remote JMX mode on linux host machines, set the below system property.
# -Djava.rmi.server.hostname="your.IP.goes.here"
export CARBON_CONFIG_DIR_PATH="$CARBON_HOME/conf"
export CARBON_INTERNAL_LIB_DIR_PATH="$CARBON_HOME/../lib"
export CARBON_EXTERNAL_LIB_DIR_PATH="$CARBON_HOME/../../lib"
export CARBON_DROPINS_DIR_PATH="$CARBON_HOME/../../dropins"
export COMPONENTS_REPO="$CARBON_HOME/../components/plugins"
export CARBON_DATA_DIR_PATH="$CARBON_HOME/repository/data"
while [ "$status" = "$START_EXIT_STATUS" ]
do
$JAVACMD \
@ -340,6 +347,7 @@ do
-Dcarbon.extensions.dir.path="$CARBON_HOME/../../extensions" \
-Dcarbon.dropins.dir.path="$CARBON_HOME/../../dropins" \
-Dcarbon.external.lib.dir.path="$CARBON_HOME/../../lib" \
-Dcarbon.data.dir.path="$CARBON_HOME/repository/data" \
-Dcarbon.patches.dir.path="$CARBON_HOME/../../patches" \
-Dcarbon.servicepacks.dir.path="$CARBON_HOME/../../servicepacks" \
-Dcarbon.internal.lib.dir.path="$CARBON_HOME/../lib" \

@ -24,7 +24,7 @@
<property key="keepAliveTimeInMillis">20000</property>
<property key="jobQueueSize">10000</property>
<property key="connectionKeepAliveInterval">60</property>
<property key="dcrUrl">https://${iot.keymanager.host}:${iot.keymanager.https.port}/client-registration/v0.11/register</property>
<property key="dcrUrl">https://${iot.keymanager.host}:${iot.keymanager.https.port}/client-registration/v0.12/register</property>
<property key="url">tcp://${mqtt.broker.host}:${mqtt.broker.port}</property>
<property key="username">admin</property>
<property key="password">admin</property>

@ -9,7 +9,7 @@
<property key="keepAliveTimeInMillis">20000</property>
<property key="jobQueueSize">10000</property>
<property key="connectionKeepAliveInterval">60</property>
<property key="dcrUrl">https://${iot.keymanager.host}:${iot.keymanager.https.port}/client-registration/v0.11/register</property>
<property key="dcrUrl">https://${iot.keymanager.host}:${iot.keymanager.https.port}/client-registration/v0.12/register</property>
<property key="tokenUrl">https://${iot.gateway.host}:${iot.gateway.https.port}/token</property>
<property key="url">tcp://${mqtt.broker.host}:${mqtt.broker.port}</property>
<property key="username">admin</property>
@ -23,7 +23,7 @@
<property key="keepAliveTimeInMillis">20000</property>
<property key="jobQueueSize">10000</property>
<property key="connectionKeepAliveInterval">60</property>
<property key="dcrUrl">https://${iot.keymanager.host}:${iot.keymanager.https.port}/client-registration/v0.11/register</property>
<property key="dcrUrl">https://${iot.keymanager.host}:${iot.keymanager.https.port}/client-registration/v0.12/register</property>
<property key="tokenUrl">https://${iot.gateway.host}:${iot.gateway.https.port}/token</property>
<property key="url">tcp://${mqtt.broker.host}:${mqtt.broker.port}</property>
<property key="username">admin</property>

@ -386,6 +386,11 @@
<fileMode>644</fileMode>
</fileSet>
<!--copy the cxf filters to cxf-runtime-->
<fileSet>
<directory>../cxf-filters/target/cxfFilters/jar</directory>
<outputDirectory>${pom.artifactId}-${pom.version}/wso2/lib/runtimes/cxf</outputDirectory>
</fileSet>
<!--Copying privacy and cookie policies -->
<fileSet>
@ -397,13 +402,6 @@
</excludes>
</fileSet>
<!--copy the cxf filters to cxf-runtime-->
<fileSet>
<directory>../cxf-filters/target/cxfFilters/jar</directory>
<outputDirectory>${pom.artifactId}-${pom.version}/wso2/lib/runtimes/cxf</outputDirectory>
</fileSet>
<!-- Copying APP Manager Publisher and Store Jaggery apps -->
<fileSet>
<directory>
@ -1659,42 +1657,6 @@
</outputDirectory>
<fileMode>755</fileMode>
</file>
<!--<file>-->
<!--<source>target/webapp-temp/client-registration#v0.11.war</source>-->
<!--<outputDirectory>-->
<!--${pom.artifactId}-${pom.version}/repository/deployment/server/webapps-->
<!--</outputDirectory>-->
<!--<fileMode>755</fileMode>-->
<!--</file>-->
<file>
<source>target/webapp-temp/api#identity#entitlement.war</source>
<outputDirectory>
${pom.artifactId}-${pom.version}/repository/deployment/server/webapps
</outputDirectory>
<fileMode>755</fileMode>
</file>
<file>
<source>target/webapp-temp/authenticationendpoint.war</source>
<outputDirectory>
${pom.artifactId}-${pom.version}/repository/deployment/server/webapps
</outputDirectory>
<fileMode>755</fileMode>
</file>
<file>
<source>target/webapp-temp/oauth2.war</source>
<outputDirectory>
${pom.artifactId}-${pom.version}/repository/deployment/server/webapps
</outputDirectory>
<fileMode>755</fileMode>
</file>
<file>
<source>target/webapp-temp/shindig.war</source>
<outputDirectory>
${pom.artifactId}-${pom.version}/repository/deployment/server/webapps
</outputDirectory>
<fileMode>755</fileMode>
</file>
<file>
<source>
src/core/cloud/portal/common.css

@ -333,6 +333,7 @@ do
-Diot.apimstore.host="localhost" \
-Diot.apimstore.https.port="9443" \
-Dmqtt.broker.https.port="9446" \
-Denable-api-scopes-sharing="true" \
org.wso2.carbon.bootstrap.Bootstrap $*
status=$?
done

@ -99,7 +99,7 @@ goto :eof
IF EXIST %DIR%..\conf\datasources\cdm-datasources.xml del %DIR%..\conf\datasources\cdm-datasources.xml
mkdir %DIR%..\repository\deployment\server\tempwebapp
copy /y %DIR%..\repository\deployment\server\webapps\oauth2.war %DIR%..\repository\deployment\server\tempwebapp\
copy /y %DIR%..\repository\deployment\server\webapps\client-registration#v0.11.war %DIR%..\repository\deployment\server\tempwebapp\
copy /y %DIR%..\repository\deployment\server\webapps\client-registration#v0.12.war %DIR%..\repository\deployment\server\tempwebapp\
copy /y %DIR%..\repository\deployment\server\webapps\authenticationendpoint.war %DIR%..\repository\deployment\server\tempwebapp\
IF EXIST %DIR%..\repository\deployment\server\webapps @RD /S /Q %DIR%..\repository\deployment\server\webapps
mkdir %DIR%..\repository\deployment\server\jaggeryapps
@ -132,12 +132,12 @@ goto :eof
IF EXIST %DIR%..\repository\deployment\server\jaggeryapps @RD /S /Q %DIR%..\repository\deployment\server\jaggeryapps
IF EXIST %DIR%..\repository\deployment\server\axis2services @RD /S /Q %DIR%..\repository\deployment\server\axis2services
IF EXIST %DIR%..\repository\deployment\server\webapps\shindig.war del %DIR%..\repository\deployment\server\webapps\shindig.war
IF EXIST %DIR%..\repository\deployment\server\webapps\api#am#publisher#v0.11.war del %DIR%..\repository\deployment\server\webapps\api#am#publisher#v0.11.war
IF EXIST %DIR%..\repository\deployment\server\webapps\api#am#store#v0.11.war del %DIR%..\repository\deployment\server\webapps\api#am#store#v0.11.war
IF EXIST %DIR%..\repository\deployment\server\webapps\api#am#publisher#v0.12.war del %DIR%..\repository\deployment\server\webapps\api#am#publisher#v0.11.war
IF EXIST %DIR%..\repository\deployment\server\webapps\api#am#store#v0.12.war del %DIR%..\repository\deployment\server\webapps\api#am#store#v0.11.war
IF EXIST %DIR%..\repository\deployment\server\webapps\api#appm#oauth#v1.0.war del %DIR%..\repository\deployment\server\webapps\api#appm#oauth#v1.0.war
IF EXIST %DIR%..\repository\deployment\server\webapps\api#appm#publisher#v1.1.war del %DIR%..\repository\deployment\server\webapps\api#appm#publisher#v1.1.war
IF EXIST %DIR%..\repository\deployment\server\webapps\api#appm#store#v1.1.war del %DIR%..\repository\deployment\server\webapps\api#appm#store#v1.1.war
IF EXIST %DIR%..\repository\deployment\server\webapps\client-registration#v0.11.war del %DIR%..\repository\deployment\server\webapps\client-registration#v0.11.war
IF EXIST %DIR%..\repository\deployment\server\webapps\client-registration#v0.12.war del %DIR%..\repository\deployment\server\webapps\client-registration#v0.11.war
mkdir %DIR%..\repository\deployment\server\jaggeryapps
mkdir %DIR%..\repository\deployment\server\axis2services
IF EXIST %DIR%..\conf\identity\sso-idp-config.xml del %DIR%..\conf\identity\sso-idp-config.xml
@ -168,8 +168,8 @@ goto :eof
IF EXIST %DIR%..\conf\synapse.properties del %DIR%..\conf\synapse.properties
IF EXIST %DIR%..\conf\passthru-http.properties del %DIR%..\conf\passthru-http.properties
mkdir %DIR%..\repository\deployment\server\tempwebapp
copy /y %DIR%..\repository\deployment\server\webapps\api#am#publisher#v0.11.war %DIR%..\repository\deployment\server\tempwebapp\
copy /y %DIR%..\repository\deployment\server\webapps\api#am#store#v0.11.war %DIR%..\repository\deployment\server\tempwebapp\
copy /y %DIR%..\repository\deployment\server\webapps\api#am#publisher#v0.12.war %DIR%..\repository\deployment\server\tempwebapp\
copy /y %DIR%..\repository\deployment\server\webapps\api#am#store#v0.12.war %DIR%..\repository\deployment\server\tempwebapp\
copy /y %DIR%..\repository\deployment\server\webapps\api#appm#oauth#v1.0.war %DIR%..\repository\deployment\server\tempwebapp\
copy /y %DIR%..\repository\deployment\server\webapps\api#appm#publisher#v1.1.war %DIR%..\repository\deployment\server\tempwebapp\
copy /y %DIR%..\repository\deployment\server\webapps\api#appm#store#v1.1.war %DIR%..\repository\deployment\server\tempwebapp\

@ -83,8 +83,8 @@ then
cp -rf ${DIR}/../repository/resources/profiles/backend/*.sh ${DIR}/../bin/
cp -rf ${DIR}/../repository/resources/profiles/backend/*.bat ${DIR}/../bin/
cp -rf ${DIR}/../repository/resources/profiles/backend/carbon.xml ${DIR}/../conf/
rm -rf ${DIR}/../repository/deployment/server/webapps/oauth2.war ${DIR}/../repository/deployment/server/webapps/shindig.war ${DIR}/../repository/deployment/server/webapps/api#am#publisher#v0.11.war ${DIR}/../repository/deployment/server/webapps/api#am#store#v0.11.war ${DIR}/../repository/deployment/server/webapps/api#appm#oauth#v1.0.war ${DIR}/../repository/deployment/server/webapps/api#appm#publisher#v1.1.war ${DIR}/../repository/deployment/server/webapps/api#appm#store#v1.1.war
rm -rf ${DIR}/../repository/deployment/server/webapps/dynamic-client-web.war ${DIR}/../repository/deployment/server/webapps/client-registration#v0.11.war
rm -rf ${DIR}/../repository/deployment/server/webapps/oauth2.war ${DIR}/../repository/deployment/server/webapps/shindig.war ${DIR}/../repository/deployment/server/webapps/api#am#publisher#v0.12.war ${DIR}/../repository/deployment/server/webapps/api#am#store#v0.11.war ${DIR}/../repository/deployment/server/webapps/api#appm#oauth#v1.0.war ${DIR}/../repository/deployment/server/webapps/api#appm#publisher#v1.1.war ${DIR}/../repository/deployment/server/webapps/api#appm#store#v1.1.war
rm -rf ${DIR}/../repository/deployment/server/webapps/dynamic-client-web.war ${DIR}/../repository/deployment/server/webapps/client-registration#v0.12.war
rm -rf ${DIR}/../repository/deployment/server/jaggeryapps/*
rm -rf ${DIR}/../repository/deployment/server/axis2services/*
rm -rf ${DIR}/../conf/identity/sso-idp-config.xml
@ -122,8 +122,8 @@ then
cp -rf ${DIR}/../repository/resources/profiles/manager/carbon.xml ${DIR}/../conf/
cp -rf ${DIR}/../repository/resources/profiles/manager/axis2/axis2.xml ${DIR}/../conf/axis2/
mkdir ${DIR}/../repository/deployment/server/tempwebapp
cp ${DIR}/../repository/deployment/server/webapps/api#am#publisher#v0.11.war ${DIR}/../repository/deployment/server/tempwebapp/
cp ${DIR}/../repository/deployment/server/webapps/api#am#store#v0.11.war ${DIR}/../repository/deployment/server/tempwebapp/
cp ${DIR}/../repository/deployment/server/webapps/api#am#publisher#v0.12.war ${DIR}/../repository/deployment/server/tempwebapp/
cp ${DIR}/../repository/deployment/server/webapps/api#am#store#v0.12.war ${DIR}/../repository/deployment/server/tempwebapp/
cp ${DIR}/../repository/deployment/server/webapps/api#appm#oauth#v1.0.war ${DIR}/../repository/deployment/server/tempwebapp/
cp ${DIR}/../repository/deployment/server/webapps/api#appm#publisher#v1.1.war ${DIR}/../repository/deployment/server/tempwebapp/
cp ${DIR}/../repository/deployment/server/webapps/api#appm#store#v1.1.war ${DIR}/../repository/deployment/server/tempwebapp/
@ -196,7 +196,7 @@ then
mkdir ${DIR}/../repository/deployment/server/tempwebapp
cp ${DIR}/../repository/deployment/server/webapps/oauth2.war ${DIR}/../repository/deployment/server/tempwebapp/
cp ${DIR}/../repository/deployment/server/webapps/throttle#data#v1.war ${DIR}/../repository/deployment/server/tempwebapp/
cp ${DIR}/../repository/deployment/server/webapps/client-registration#v0.11.war ${DIR}/../repository/deployment/server/tempwebapp/
cp ${DIR}/../repository/deployment/server/webapps/client-registration#v0.12.war ${DIR}/../repository/deployment/server/tempwebapp/
cp ${DIR}/../repository/deployment/server/webapps/authenticationendpoint.war ${DIR}/../repository/deployment/server/tempwebapp/
rm -rf ${DIR}/../repository/deployment/server/webapps/*
cp -rf ${DIR}/../repository/deployment/server/tempwebapp/* ${DIR}/../repository/deployment/server/webapps/

@ -29,7 +29,7 @@
AuthenticationEndpointURL is location of the web app containing
the authentication related pages
-->
<AuthenticationEndpointURL>/devicemgt/login</AuthenticationEndpointURL>
<AuthenticationEndpointURL>/authenticationendpoint/login.do</AuthenticationEndpointURL>
<AuthenticationEndpointRetryURL>/authenticationendpoint/retry.do</AuthenticationEndpointRetryURL>
<!--

@ -33,6 +33,12 @@
<Enable>true</Enable>
<CleanUpTimeout>20160</CleanUpTimeout>
<CleanUpPeriod>1140</CleanUpPeriod>
<!--Instead of deleting all the records at once, we are deleting the records in chunks to prevent the -->
<!--possible deadlock and lock scenarios. The following property defines the chunk size.-->
<DeleteChunkSize>50000</DeleteChunkSize>
<!--Instead of deleting all the records at once, we are deleting the records in chunks to prevent the -->
<!--possible deadlock and lock scenarios. The following property defines the chunk size.-->
<DeleteChunkSize>50000</DeleteChunkSize>
</SessionDataCleanUp>
<OperationDataCleanUp>
<Enable>true</Enable>
@ -217,13 +223,44 @@
<GrantTypeValidatorImplClass>org.wso2.carbon.device.mgt.oauth.extensions.validators.AccessTokenGrantValidator</GrantTypeValidatorImplClass>
</SupportedGrantType>
</SupportedGrantTypes>
<!--
Defines the grant types that will filter user claims based on user consent in their responses such as
id_token or user info response.
Default grant types that filter user claims based on user consent are 'authorization_code' and 'implicit'.
Supported versions: IS 5.5.0 onwards.
-->
<UserConsentEnabledGrantTypes>
<UserConsentEnabledGrantType>
<GrantTypeName>authorization_code</GrantTypeName>
</UserConsentEnabledGrantType>
<UserConsentEnabledGrantType>
<GrantTypeName>implicit</GrantTypeName>
</UserConsentEnabledGrantType>
</UserConsentEnabledGrantTypes>
<OAuthCallbackHandlers>
<OAuthCallbackHandler Class="org.wso2.carbon.apimgt.keymgt.util.APIManagerOAuthCallbackHandler"/>
</OAuthCallbackHandlers>
<OAuthScopeValidator class="org.wso2.carbon.device.mgt.oauth.extensions.handlers.ScopeValidationHandler"/>
<!--TokenValidators>
<TokenValidators>
<TokenValidator type="bearer" class="org.wso2.carbon.identity.oauth2.validators.DefaultOAuth2TokenValidator"/>
</TokenValidators-->
<TokenValidator type="jwt" class="org.wso2.carbon.identity.oauth2.validators.OAuth2JWTTokenValidator"/>
</TokenValidators>
<!-- Scope validators list. The validators registered here wil be executed during token validation. -->
<ScopeValidators>
<ScopeValidator class="org.wso2.carbon.device.mgt.oauth.extensions.handlers.ScopeValidationHandler"/>
</ScopeValidators>
<!-- Scope handlers list. The handlers registered here will be executed at the scope validation phase while
issuing access tokens. -->
<ScopeHandlers>
<ScopeHandler class="org.wso2.carbon.identity.oauth2.validators.OIDCScopeHandler" />
</ScopeHandlers>
<!-- Assertions can be used to embedd parameters into access token. -->
<EnableAssertions>
<UserName>false</UserName>
@ -254,6 +291,26 @@
<OpenIDConnect>
<IDTokenBuilder>org.wso2.carbon.identity.openidconnect.DefaultIDTokenBuilder</IDTokenBuilder>
<SignatureAlgorithm>SHA256withRSA</SignatureAlgorithm>
<!-- Default asymmetric encryption algorithm that used to encrypt CEK. -->
<IDTokenEncryptionAlgorithm>RSA-OAEP</IDTokenEncryptionAlgorithm>
<!-- Default symmetric encryption algorithm that used to encrypt JWT claims set. -->
<IDTokenEncryptionMethod>A128GCM</IDTokenEncryptionMethod>
<!-- Supported versions: IS 5.5.0 onwards. -->
<SupportedIDTokenEncryptionAlgorithms>
<SupportedIDTokenEncryptionAlgorithm>RSA1_5</SupportedIDTokenEncryptionAlgorithm>
<SupportedIDTokenEncryptionAlgorithm>RSA-OAEP</SupportedIDTokenEncryptionAlgorithm>
</SupportedIDTokenEncryptionAlgorithms>
<SupportedIDTokenEncryptionMethods>
<SupportedIDTokenEncryptionMethod>A128GCM</SupportedIDTokenEncryptionMethod>
<SupportedIDTokenEncryptionMethod>A192GCM</SupportedIDTokenEncryptionMethod>
<SupportedIDTokenEncryptionMethod>A256GCM</SupportedIDTokenEncryptionMethod>
<SupportedIDTokenEncryptionMethod>A128CBC-HS256</SupportedIDTokenEncryptionMethod>
<SupportedIDTokenEncryptionMethod>A128CBC+HS256</SupportedIDTokenEncryptionMethod>
</SupportedIDTokenEncryptionMethods>
<EnableAudiences>true</EnableAudiences>
<!-- Comment out to add Audience values to the JWT token (id_token) -->
<!--Audiences>
<Audience>${carbon.protocol}://${carbon.host}:${carbon.management.port}/oauth2/token</Audience>
@ -264,13 +321,44 @@
-->
<IDTokenIssuerID>${carbon.protocol}://${carbon.host}:${carbon.management.port}/oauth2/token</IDTokenIssuerID>
<IDTokenCustomClaimsCallBackHandler>org.wso2.carbon.identity.openidconnect.SAMLAssertionClaimsCallback</IDTokenCustomClaimsCallBackHandler>
<UserInfoJWTSignatureAlgorithm>SHA256withRSA</UserInfoJWTSignatureAlgorithm>
<IDTokenExpiration>3600</IDTokenExpiration>
<UserInfoEndpointClaimRetriever>org.wso2.carbon.identity.oauth.endpoint.user.impl.UserInfoUserStoreClaimRetriever</UserInfoEndpointClaimRetriever>
<UserInfoEndpointRequestValidator>org.wso2.carbon.identity.oauth.endpoint.user.impl.UserInforRequestDefaultValidator</UserInfoEndpointRequestValidator>
<UserInfoEndpointAccessTokenValidator>org.wso2.carbon.identity.oauth.endpoint.user.impl.UserInfoISAccessTokenValidator</UserInfoEndpointAccessTokenValidator>
<UserInfoEndpointResponseBuilder>org.wso2.carbon.identity.oauth.endpoint.user.impl.UserInfoJSONResponseBuilder</UserInfoEndpointResponseBuilder>
<SkipUserConsent>false</SkipUserConsent>
<!-- Sign the ID Token with Service Provider Tenant Private Key-->
<SignJWTWithSPKey>false</SignJWTWithSPKey>
<!--
Expiry period of the logout token used in OIDC Back Channel Logout in seconds.
Supported versions: IS 5.5.0 onwards
-->
<LogoutTokenExpiration>120</LogoutTokenExpiration>
<!--
OIDC Request Object builder implementation.
Supported versions: IS 5.4.0 onwards
-->
<RequestObjectBuilders>
<RequestObjectBuilder>
<BuilderName>request_param_value_builder</BuilderName>
<RequestObjectBuilderImplClass>org.wso2.carbon.identity.openidconnect.RequestParamRequestObjectBuilder</RequestObjectBuilderImplClass>
</RequestObjectBuilder>
</RequestObjectBuilders>
<!--
OIDC Request Object validator implementation.
Supported versions: IS 5.4.0 onwards
-->
<RequestObjectValidator>org.wso2.carbon.identity.openidconnect.RequestObjectValidatorImpl</RequestObjectValidator>
</OpenIDConnect>
<!-- Configs related to OAuth2 token persistence -->
<TokenPersistence>
<Enable>true</Enable>
<PoolSize>0</PoolSize>
<RetryCount>5</RetryCount>
</TokenPersistence>
</OAuth>
<MultifactorAuthentication>
<!--Enable>false</Enable-->
@ -315,6 +403,12 @@
<SAMLDefaultDigestAlgorithmURI>http://www.w3.org/2000/09/xmldsig#sha1</SAMLDefaultDigestAlgorithmURI>
<SLOHostNameVerificationEnabled>true</SLOHostNameVerificationEnabled>
</SSOService>
<Consent>
<!--Specify whether consent management should be enable during SSO.-->
<EnableSSOConsentManagement>true</EnableSSOConsentManagement>
</Consent>
<SecurityTokenService>
<!--
Default value for IdentityProviderURL is built in following format
@ -368,6 +462,17 @@
</Authenticator>
</SCIMAuthenticators>
</SCIM>
<SCIM2>
<!--
Default value for UserEPUrl and GroupEPUrl are built in following format
https://<HostName>:<MgtTrpProxyPort except 443>/<ProxyContextPath>/<context>/<path>
If that doesn't satisfy uncomment the following config and explicitly configure the value
-->
<!--UserEPUrl>${carbon.protocol}://${carbon.host}:${carbon.management.port}/scim2/Users</UserEPUrl-->
<!--GroupEPUrl>${carbon.protocol}://${carbon.host}:${carbon.management.port}/scim2/Groups</GroupEPUrl-->
</SCIM2>
<!--Recovery>
<Notification>
<Password>
@ -401,10 +506,15 @@
<EmailVerification>
<Enable>false</Enable>
<ExpiryTime>1440</ExpiryTime>
<LockOnCreation>true</LockOnCreation>
<Notification>
<InternallyManage>true</InternallyManage>
</Notification>
<AskPassword>
<ExpiryTime>1440</ExpiryTime>
<PasswordGenerator>org.wso2.carbon.user.mgt.common.DefaultPasswordGenerator</PasswordGenerator>
</AskPassword>
</EmailVerification>
<SelfRegistration>
@ -415,74 +525,251 @@
</Notification>
<ReCaptcha>false</ReCaptcha>
</SelfRegistration-->
<EnableAskPasswordAdminUI>true</EnableAskPasswordAdminUI>
<EnableRecoveryEndpoint>true</EnableRecoveryEndpoint>
<EnableSelfSignUpEndpoint>true</EnableSelfSignUpEndpoint>
<AuthenticationPolicy>
<CheckAccountExist>true</CheckAccountExist>
</AuthenticationPolicy>
<EventListeners>
<EventListener enable="true" name="org.wso2.carbon.user.mgt.workflow.userstore.UserStoreActionListener" orderId="10" type="org.wso2.carbon.user.core.listener.UserOperationEventListener"/>
<EventListener enable="false" name="org.wso2.carbon.identity.mgt.IdentityMgtEventListener" orderId="50" type="org.wso2.carbon.user.core.listener.UserOperationEventListener"/>
<EventListener enable="true" name="org.wso2.carbon.identity.governance.listener.IdentityMgtEventListener" orderId="95" type="org.wso2.carbon.user.core.listener.UserOperationEventListener"/>
<EventListener enable="true" name="org.wso2.carbon.identity.scim.common.listener.SCIMUserOperationListener" orderId="90" type="org.wso2.carbon.user.core.listener.UserOperationEventListener"/>
<EventListener enable="true" name="org.wso2.carbon.identity.governance.listener.IdentityStoreEventListener" orderId="97" type="org.wso2.carbon.user.core.listener.UserOperationEventListener">
<EventListener type="org.wso2.carbon.user.core.listener.UserOperationEventListener"
name="org.wso2.carbon.user.mgt.workflow.userstore.UserStoreActionListener"
orderId="10" enable="true"/>
<EventListener type="org.wso2.carbon.user.core.listener.UserOperationEventListener"
name="org.wso2.carbon.identity.mgt.IdentityMgtEventListener"
orderId="50" enable="false"/>
<EventListener type="org.wso2.carbon.user.core.listener.UserOperationEventListener"
name="org.wso2.carbon.identity.scim.common.listener.SCIMUserOperationListener"
orderId="90" enable="true"/>
<!-- Enable the following SCIM2 event listener and disable the above SCIM event listener if SCIM2 is used. -->
<EventListener type="org.wso2.carbon.user.core.listener.UserOperationEventListener"
name="org.wso2.carbon.identity.scim2.common.listener.SCIMUserOperationListener"
orderId="93" enable="false"/>
<EventListener type="org.wso2.carbon.user.core.listener.UserOperationEventListener"
name="org.wso2.carbon.identity.governance.listener.IdentityMgtEventListener"
orderId="95" enable="true"/>
<EventListener type="org.wso2.carbon.user.core.listener.UserOperationEventListener" name="org.wso2.carbon.identity.governance.listener.IdentityStoreEventListener"
orderId="97" enable="true">
<Property name="Data.Store">org.wso2.carbon.identity.governance.store.JDBCIdentityDataStore</Property>
</EventListener>
<EventListener enable="false" name="org.wso2.carbon.identity.data.publisher.application.authentication.impl.DASLoginDataPublisherImpl" orderId="10" type="org.wso2.carbon.identity.core.handler.AbstractIdentityMessageHandler"/>
<EventListener enable="false" name="org.wso2.carbon.identity.data.publisher.application.authentication.impl.DASSessionDataPublisherImpl" orderId="11" type="org.wso2.carbon.identity.core.handler.AbstractIdentityMessageHandler"/>
<EventListener enable="true" name="org.wso2.carbon.identity.data.publisher.application.authentication.AuthnDataPublisherProxy" orderId="11" type="org.wso2.carbon.identity.core.handler.AbstractIdentityMessageHandler"/>
<EventListener type="org.wso2.carbon.identity.core.handler.AbstractIdentityMessageHandler"
name="org.wso2.carbon.identity.data.publisher.application.authentication.impl.DASLoginDataPublisherImpl"
orderId="10" enable="false"/>
<EventListener type="org.wso2.carbon.identity.core.handler.AbstractIdentityMessageHandler"
name="org.wso2.carbon.identity.data.publisher.application.authentication.impl.DASSessionDataPublisherImpl"
orderId="11" enable="false"/>
<EventListener type="org.wso2.carbon.identity.core.handler.AbstractIdentityMessageHandler"
name="org.wso2.carbon.identity.data.publisher.application.authentication.AuthnDataPublisherProxy"
orderId="11" enable="true"/>
<!-- Enable this listener to call DeleteEventRecorders. -->
<EventListener type="org.wso2.carbon.user.core.listener.UserOperationEventListener"
name="org.wso2.carbon.user.mgt.listeners.UserDeletionEventListener"
orderId="98" enable="false"/>
<EventListener type="org.wso2.carbon.identity.core.handler.AbstractIdentityHandler"
name="org.wso2.carbon.identity.application.authentication.framework.handler.request.impl.consent.ConsentMgtPostAuthnHandler"
orderId="110" enable="true"/>
</EventListeners>
<!-- These recorders are used to write user delete information to specific sources. Default event recorder is CSV
file recorder. This recorder is disabled by default. Enable it by setting enable="true". To run these recorders,
EventListener "rg.wso2.carbon.user.mgt.listeners.UserDeletionEventListener" also should be enabled. Which is
also disabled by default. -->
<UserDeleteEventRecorders>
<UserDeleteEventRecorder name="org.wso2.carbon.user.mgt.recorder.DefaultUserDeletionEventRecorder" enable="false">
<!-- Un comment below line if you need to write entries to a separate .csv file. Otherwise this will be
written in to a log file using a separate appender. -->
<!--<Property name="path">${carbon.home}/repository/logs/delete-records.csv</Property>-->
</UserDeleteEventRecorder>
</UserDeleteEventRecorders>
<CacheConfig>
<!-- Identity cache configuration.
Timeouts are in seconds.
Capacity is the maximum cache size.
Unless specifically mentioned, you do not need to set the isDistributed flag.
-->
<CacheManager name="IdentityApplicationManagementCacheManager">
<Cache capacity="5000" enable="false" isDistributed="false" name="AppAuthFrameworkSessionContextCache" timeout="1"/>
<Cache capacity="5000" enable="false" isDistributed="false" name="AuthenticationContextCache" timeout="1"/>
<Cache capacity="5000" enable="false" isDistributed="false" name="AuthenticationRequestCache" timeout="1"/>
<Cache capacity="5000" enable="false" isDistributed="false" name="AuthenticationResultCache" timeout="1"/>
<Cache capacity="5000" enable="true" isDistributed="false" name="AppInfoCache" timeout="1"/>
<Cache capacity="5000" enable="false" isDistributed="false" name="AuthorizationGrantCache" timeout="1"/>
<Cache capacity="5000" enable="false" isDistributed="false" name="OAuthCache" timeout="1"/>
<Cache capacity="5000" enable="false" isDistributed="false" name="OAuthSessionDataCache" timeout="1"/>
<Cache capacity="5000" enable="false" isDistributed="false" name="SAMLSSOParticipantCache" timeout="1"/>
<Cache capacity="5000" enable="false" isDistributed="false" name="SAMLSSOSessionIndexCache" timeout="1"/>
<Cache capacity="5000" enable="false" isDistributed="false" name="SAMLSSOSessionDataCache" timeout="1"/>
<Cache capacity="5000" enable="true" isDistributed="false" name="ServiceProviderCache" timeout="1"/>
<Cache capacity="5000" enable="true" isDistributed="false" name="ProvisioningConnectorCache" timeout="1"/>
<Cache capacity="5000" enable="false" isDistributed="false" name="ProvisioningEntityCache" timeout="1"/>
<Cache capacity="5000" enable="true" isDistributed="false" name="ServiceProviderProvisioningConnectorCache" timeout="1"/>
<Cache capacity="5000" enable="true" isDistributed="false" name="IdPCacheByAuthProperty" timeout="1"/>
<Cache capacity="5000" enable="true" isDistributed="false" name="IdPCacheByHRI" timeout="1"/>
<Cache capacity="5000" enable="true" isDistributed="false" name="IdPCacheByName" timeout="1"/>
<Cache name="AppAuthFrameworkSessionContextCache"
enable="true" timeout="300" capacity="5000" isDistributed="false"/>
<Cache name="AuthenticationContextCache" enable="true" timeout="300" capacity="5000" isDistributed="false"/>
<Cache name="AuthenticationRequestCache" enable="true" timeout="300" capacity="5000" isDistributed="false"/>
<Cache name="AuthenticationResultCache" enable="true" timeout="300" capacity="5000" isDistributed="false"/>
<Cache name="AppInfoCache" enable="true" timeout="900" capacity="5000" isDistributed="false"/>
<Cache name="AuthorizationGrantCache" enable="true" timeout="300" capacity="5000" isDistributed="false"/>
<Cache name="OAuthCache" enable="true" timeout="300" capacity="5000" isDistributed="false"/>
<Cache name="OAuthScopeCache" enable="true" timeout="300" capacity="5000" isDistributed="false"/>
<Cache name="OAuthSessionDataCache" enable="true" timeout="300" capacity="5000" isDistributed="false"/>
<Cache name="SAMLSSOParticipantCache" enable="true" timeout="300" capacity="5000" isDistributed="false"/>
<Cache name="SAMLSSOSessionIndexCache" enable="true" timeout="300" capacity="5000" isDistributed="false"/>
<Cache name="SAMLSSOSessionDataCache" enable="true" timeout="300" capacity="5000" isDistributed="false"/>
<Cache name="ServiceProviderCache" enable="true" timeout="900" capacity="5000" isDistributed="false"/>
<Cache name="ProvisioningConnectorCache" enable="true" timeout="900" capacity="5000" isDistributed="false"/>
<Cache name="ProvisioningEntityCache" enable="true" timeout="900" capacity="5000" isDistributed="false"/>
<Cache name="ServiceProviderProvisioningConnectorCache" enable="true" timeout="900" capacity="5000" isDistributed="false"/>
<Cache name="IdPCacheByAuthProperty" enable="true" timeout="900" capacity="5000" isDistributed="false"/>
<Cache name="IdPCacheByHRI" enable="true" timeout="900" capacity="5000" isDistributed="false"/>
<Cache name="IdPCacheByName" enable="true" timeout="900" capacity="5000" isDistributed="false"/>
</CacheManager>
</CacheConfig>
<!--Cookies>
<Cookie name="commonAuthId" domain="localhost" httpOnly="true" secure="true" />
</Cookies-->
<ResourceAccessControl>
<Resource context="(.*)/api/identity/user/(.*)" http-method="all" secured="true"/>
<Resource context="(.*)/api/identity/recovery/(.*)" http-method="all" secured="true"/>
<Resource context="(.*)/.well-known(.*)" http-method="all" secured="true"/>
<Resource context="(.*)/identity/register(.*)" http-method="all" secured="true">
<Resource context="(.*)/api/identity/user/v1.0/validate-code" secured="true" http-method="all"/>
<Resource context="(.*)/api/identity/user/v1.0/resend-code" secured="true" http-method="all"/>
<Resource context="(.*)/api/identity/user/v1.0/me" secured="true" http-method="POST"/>
<Resource context="(.*)/api/identity/user/v1.0/me" secured="true" http-method="GET"/>
<Resource context="(.*)/api/identity/user/v1.0/pi-info" secured="true" http-method="all">
<Permissions>/permission/admin/manage/identity/usermgt/view</Permissions>
</Resource>
<Resource context="(.*)/api/identity/user/v1.0/pi-info/(.*)" secured="true" http-method="all">
<Permissions>/permission/admin/manage/identity/usermgt/view</Permissions>
</Resource>
<Resource context="(.*)/api/identity/consent-mgt/v1.0/consents" secured="true" http-method="all"/>
<Resource context="(.*)/api/identity/consent-mgt/v1.0/consents/receipts/(.*)" secured="true" http-method="all"/>
<Resource context="(.*)/api/identity/consent-mgt/v1.0/consents/purposes" secured="true" http-method="POST">
<Permissions>/permission/admin/manage/identity/consentmgt/add</Permissions>
</Resource>
<Resource context="(.*)/api/identity/consent-mgt/v1.0/consents/purposes(.*)" secured="true" http-method="GET"/>
<Resource context="(.*)/api/identity/consent-mgt/v1.0/consents/purposes(.+)" secured="true" http-method="DELETE">
<Permissions>/permission/admin/manage/identity/consentmgt/delete</Permissions>
</Resource>
<Resource context="(.*)/api/identity/consent-mgt/v1.0/consents/pii-categories" secured="true" http-method="POST">
<Permissions>/permission/admin/manage/identity/consentmgt/add</Permissions>
</Resource>
<Resource context="(.*)/api/identity/consent-mgt/v1.0/consents/pii-categories(.*)" secured="true" http-method="GET"/>
<Resource context="(.*)/api/identity/consent-mgt/v1.0/consents/pii-categories(.+)" secured="true" http-method="DELETE">
<Permissions>/permission/admin/manage/identity/consentmgt/delete</Permissions>
</Resource>
<Resource context="(.*)/api/identity/consent-mgt/v1.0/consents/purpose-categories" secured="true" http-method="POST">
<Permissions>/permission/admin/manage/identity/consentmgt/add</Permissions>
</Resource>
<Resource context="(.*)/api/identity/consent-mgt/v1.0/consents/purpose-categories(.*)" secured="true" http-method="GET"/>
<Resource context="(.*)/api/identity/consent-mgt/v1.0/consents/purpose-categories(.+)" secured="true" http-method="DELETE">
<Permissions>/permission/admin/manage/identity/consentmgt/delete</Permissions>
</Resource>
<Resource context="(.*)/api/identity/recovery/(.*)" secured="true" http-method="all"/>
<Resource context="(.*)/.well-known(.*)" secured="true" http-method="all"/>
<Resource context="(.*)/api/identity/oauth2/dcr/v1.0/register(.*)" secured="true" http-method="POST">
<Permissions>/permission/admin/manage/identity/applicationmgt/create</Permissions>
</Resource>
<Resource context="(.*)/api/identity/oauth2/dcr/v1.0/register(.*)" secured="true" http-method="DELETE">
<Permissions>/permission/admin/manage/identity/applicationmgt/delete</Permissions>
</Resource>
<Resource context="(.*)/identity/connect/register(.*)" http-method="all" secured="true">
<Resource context="(.*)/api/identity/oauth2/dcr/v1.0/register(.*)" secured="true" http-method="PUT">
<Permissions>/permission/admin/manage/identity/applicationmgt/update</Permissions>
</Resource>
<Resource context="(.*)/api/identity/oauth2/dcr/v1.0/register(.*)" secured="true" http-method="GET">
<Permissions>/permission/admin/manage/identity/applicationmgt/view</Permissions>
</Resource>
<Resource context="(.*)/identity/register(.*)" secured="true" http-method="all">
<Permissions>/permission/admin/manage/identity/applicationmgt/delete</Permissions>
</Resource>
<Resource context="(.*)/identity/connect/register(.*)" secured="true" http-method="all">
<Permissions>/permission/admin/manage/identity/applicationmgt/create</Permissions>
</Resource>
<Resource context="(.*)/oauth2/introspect(.*)" http-method="all" secured="true">
<Resource context="(.*)/oauth2/introspect(.*)" secured="true" http-method="all">
<Permissions>/permission/admin/manage/identity/applicationmgt/view</Permissions>
</Resource>
<Resource context="(.*)/api/identity/entitlement/(.*)" http-method="all" secured="true">
<Resource context="(.*)/api/identity/entitlement/(.*)" secured="true" http-method="all">
<Permissions>/permission/admin/manage/identity/pep</Permissions>
</Resource>
<Resource context="(.*)/scim2/Users" secured="true" http-method="POST">
<Permissions>/permission/admin/manage/identity/usermgt/create</Permissions>
</Resource>
<Resource context="(.*)/scim2/Users" secured="true" http-method="GET">
<Permissions>/permission/admin/manage/identity/usermgt/list</Permissions>
</Resource>
<Resource context="(.*)/scim2/Groups" secured="true" http-method="POST">
<Permissions>/permission/admin/manage/identity/rolemgt/create</Permissions>
</Resource>
<Resource context="(.*)/scim2/Groups" secured="true" http-method="GET">
<Permissions>/permission/admin/manage/identity/rolemgt/view</Permissions>
</Resource>
<Resource context="(.*)/scim2/Users/(.*)" secured="true" http-method="GET">
<Permissions>/permission/admin/manage/identity/usermgt/view</Permissions>
</Resource>
<Resource context="(.*)/scim2/Users/(.*)" secured="true" http-method="PUT">
<Permissions>/permission/admin/manage/identity/usermgt/update</Permissions>
</Resource>
<Resource context="(.*)/scim2/Users/(.*)" secured="true" http-method="PATCH">
<Permissions>/permission/admin/manage/identity/usermgt/update</Permissions>
</Resource>
<Resource context="(.*)/scim2/Users/(.*)" secured="true" http-method="DELETE">
<Permissions>/permission/admin/manage/identity/usermgt/delete</Permissions>
</Resource>
<Resource context="(.*)/scim2/Groups/(.*)" secured="true" http-method="GET">
<Permissions>/permission/admin/manage/identity/rolemgt/view</Permissions>
</Resource>
<Resource context="(.*)/scim2/Groups/(.*)" secured="true" http-method="PUT">
<Permissions>/permission/admin/manage/identity/rolemgt/update</Permissions>
</Resource>
<Resource context="(.*)/scim2/Groups/(.*)" secured="true" http-method="PATCH">
<Permissions>/permission/admin/manage/identity/rolemgt/update</Permissions>
</Resource>
<Resource context="(.*)/scim2/Groups/(.*)" secured="true" http-method="DELETE">
<Permissions>/permission/admin/manage/identity/rolemgt/delete</Permissions>
</Resource>
<Resource context="(.*)/scim2/Me" secured="true" http-method="GET">
<Permissions>/permission/admin/login</Permissions>
</Resource>
<Resource context="(.*)/scim2/Me" secured="true" http-method="DELETE">
<Permissions>/permission/admin/manage/identity/usermgt/delete</Permissions>
</Resource>
<Resource context="(.*)/scim2/Me" secured="true" http-method="PUT">
<Permissions>/permission/admin/login</Permissions>
</Resource>
<Resource context="(.*)/scim2/Me" secured="true" http-method="PATCH">
<Permissions>/permission/admin/login</Permissions>
</Resource>
<Resource context="(.*)/scim2/Me" secured="true" http-method="POST">
<Permissions>/permission/admin/manage/identity/usermgt/create</Permissions>
</Resource>
<Resource context="/scim2/ServiceProviderConfig" secured="false" http-method="all">
<Permissions></Permissions>
</Resource>
<Resource context="/scim2/ResourceType" secured="false" http-method="all">
<Permissions></Permissions>
</Resource>
<Resource context="/scim2/Bulk" secured="true" http-method="all">
<Permissions>/permission/admin/manage/identity/usermgt</Permissions>
</Resource>
<Resource context="(.*)/api/identity/oauth2/dcr/(.*)" secured="true" http-method="all">
<Permissions>/permission/admin/manage/identity/applicationmgt</Permissions>
</Resource>
</ResourceAccessControl>
<ClientAppAuthentication>
<Application hash="66cd9688a2ae068244ea01e70f0e230f5623b7fa4cdecb65070a09ec06452262" name="dashboard"/>
<Application name="dashboard" hash="66cd9688a2ae068244ea01e70f0e230f5623b7fa4cdecb65070a09ec06452262"/>
</ClientAppAuthentication>
<TenantContextsToRewrite>
<WebApp>
<Context>/api/identity/user/v0.9</Context>
<Context>/api/identity/recovery/v0.9</Context>
<Context>/oauth2</Context>
<Context>/api/identity/entitlement</Context>
<Context>/api/identity/user/v1.0/</Context>
<Context>/api/identity/consent-mgt/v1.0/</Context>
<Context>/api/identity/recovery/v0.9/</Context>
<Context>/oauth2/</Context>
<Context>/scim2/</Context>
<Context>/api/identity/entitlement/</Context>
<Context>/api/identity/oauth2/dcr/v1.0/</Context>
</WebApp>
<Servlet>
<Context>/identity/(.*)</Context>
</Servlet>
</TenantContextsToRewrite>
<!-- Server Synchronization Tolerance Configuration in seconds -->
<ClockSkew>300</ClockSkew>
</Server>

@ -25,7 +25,7 @@
<property key="keepAliveTimeInMillis">20000</property>
<property key="jobQueueSize">10000</property>
<property key="connectionKeepAliveInterval">60</property>
<property key="dcrUrl">https://${iot.keymanager.host}:${iot.keymanager.https.port}/client-registration/v0.11/register</property>
<property key="dcrUrl">https://${iot.keymanager.host}:${iot.keymanager.https.port}/client-registration/v0.12/register</property>
<property key="url">tcp://${mqtt.broker.host}:${mqtt.broker.port}</property>
<property key="username">admin</property>
<property key="password">admin</property>

@ -9,7 +9,7 @@
<property key="keepAliveTimeInMillis">20000</property>
<property key="jobQueueSize">10000</property>
<property key="connectionKeepAliveInterval">60</property>
<property key="dcrUrl">https://${iot.keymanager.host}:${iot.keymanager.https.port}/client-registration/v0.11/register</property>
<property key="dcrUrl">https://${iot.keymanager.host}:${iot.keymanager.https.port}/client-registration/v0.12/register</property>
<property key="tokenUrl">https://${iot.gateway.host}:${iot.gateway.https.port}/token</property>
<property key="url">tcp://${mqtt.broker.host}:${mqtt.broker.port}</property>
<property key="username">admin</property>

@ -1,127 +0,0 @@
<?xml version="1.0" encoding="UTF-8"?>
<!--
~ Copyright (c) 2016, WSO2 Inc. (http://www.wso2.org) All Rights Reserved.
~
~ WSO2 Inc. licenses this file to you under the Apache License,
~ Version 2.0 (the "License"); you may not use this file except
~ in compliance with the License.
~ You may obtain a copy of the License at
~
~ http://www.apache.org/licenses/LICENSE-2.0
~
~ Unless required by applicable law or agreed to in writing, software
~ distributed under the License is distributed on an "AS IS" BASIS,
~ WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
~ See the License for the specific language governing permissions and
~ limitations under the License.
-->
<web-app version="2.5" xmlns="http://java.sun.com/xml/ns/javaee"
xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
xsi:schemaLocation="http://java.sun.com/xml/ns/javaee
http://java.sun.com/xml/ns/javaee/web-app_2_5.xsd">
<display-name>Entitlement-Service-Provider</display-name>
<!-- SWAGGER FILTER -->
<filter>
<filter-name>ApiOriginFilter</filter-name>
<filter-class>org.wso2.carbon.identity.entitlement.endpoint.filter.ApiOriginFilter</filter-class>
</filter>
<filter>
<filter-name>HttpHeaderSecurityFilter</filter-name>
<filter-class>org.apache.catalina.filters.HttpHeaderSecurityFilter</filter-class>
<init-param>
<param-name>hstsEnabled</param-name>
<param-value>false</param-value>
</init-param>
</filter>
<filter>
<filter-name>ContentTypeBasedCachePreventionFilter</filter-name>
<filter-class>org.wso2.carbon.ui.filters.cache.ContentTypeBasedCachePreventionFilter</filter-class>
<init-param>
<param-name>patterns</param-name>
<param-value>text/html" ,application/json" ,text/plain</param-value>
</init-param>
<init-param>
<param-name>filterAction</param-name>
<param-value>enforce</param-value>
</init-param>
<init-param>
<param-name>httpHeaders</param-name>
<param-value>Cache-Control: no-store, no-cache, must-revalidate, private</param-value>
</init-param>
</filter>
<filter-mapping>
<filter-name>HttpHeaderSecurityFilter</filter-name>
<url-pattern>/*</url-pattern>
</filter-mapping>
<filter-mapping>
<filter-name>ContentTypeBasedCachePreventionFilter</filter-name>
<url-pattern>/*</url-pattern>
</filter-mapping>
<filter-mapping>
<filter-name>ApiOriginFilter</filter-name>
<url-pattern>/*</url-pattern>
</filter-mapping>
<servlet>
<servlet-name>EntitlementServlet</servlet-name>
<display-name>EntitlementServlet</display-name>
<description>Entitlement Endpoints</description>
<servlet-class>org.apache.cxf.transport.servlet.CXFServlet</servlet-class>
<load-on-startup>1</load-on-startup>
<!-- set the base path for the swagger application -->
<init-param>
<param-name>swagger.api.basepath</param-name>
<param-value>https://localhost:9443/entitlement</param-value>
</init-param>
</servlet>
<servlet-mapping>
<servlet-name>EntitlementServlet</servlet-name>
<url-pattern>/*</url-pattern>
</servlet-mapping>
<session-config>
<session-timeout>60</session-timeout>
<cookie-config>
<secure>true</secure>
</cookie-config>
</session-config>
<security-constraint>
<web-resource-collection>
<web-resource-name>secured services</web-resource-name>
<url-pattern>/decision/*</url-pattern>
</web-resource-collection>
<!--we take default name for everyone role.If it is changed in user-mgt.xml,this needs to be changed as well.-->
<!--<auth-constraint>
<role-name>Internal/everyone</role-name>
</auth-constraint>-->
<user-data-constraint>
<!-- transport-guarantee can be CONFIDENTIAL, INTEGRAL, or NONE -->
<transport-guarantee>CONFIDENTIAL</transport-guarantee>
</user-data-constraint>
</security-constraint>
<listener>
<listener-class>org.wso2.carbon.identity.entitlement.endpoint.impl.ApplicationInitializer</listener-class>
</listener>
<!--login-config>
<auth-method>BASIC</auth-method>
</login-config>
<context-param>
<param-name>carbon.enable.saas</param-name>
<param-value>*</param-value>
</context-param-->
</web-app>

@ -1,280 +0,0 @@
<?xml version="1.0" encoding="UTF-8"?><!--
~ Copyright (c) 2014, WSO2 Inc. (http://www.wso2.org) All Rights Reserved.
~
~ WSO2 Inc. licenses this file to you under the Apache License,
~ Version 2.0 (the "License"); you may not use this file except
~ in compliance with the License.
~ You may obtain a copy of the License at
~
~ http://www.apache.org/licenses/LICENSE-2.0
~
~ Unless required by applicable law or agreed to in writing,
~ software distributed under the License is distributed on an
~ "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
~ KIND, either express or implied. See the License for the
~ specific language governing permissions and limitations
~ under the License.
-->
<!DOCTYPE web-app PUBLIC "-//Sun Microsystems, Inc.//DTD Web Application 2.3//EN"
"http://java.sun.com/dtd/web-app_2_3.dtd" >
<web-app>
<!-- Custom Page configurations -->
<!-- *************** Application specific configurations ********************** -->
<!--context-param>
<param-name>ServiceProviderApp-/samlsso_login.do</param-name>
<param-value>http://localhost:8080/customauthenticationendpoint/login.do</param-value>
</context-param-->
<!--context-param>
<param-name>ServiceProviderApp-/oauth2_authz.do</param-name>
<param-value>http://localhost:8080/authenticationendpoint/oauth2_authz.do</param-value>
</context-param-->
<!--context-param>
<param-name>ServiceProviderApp-/oauth2_error.do</param-name>
<param-value>http://localhost:8080/authenticationendpoint/oauth2_error.do</param-value>
</context-param-->
<!--context-param>
<param-name>ServiceProviderApp-/oauth2_consent.do</param-name>
<param-value>http://localhost:8080/authenticationendpoint/oauth2_consent.do</param-value>
</context-param-->
<!-- **************** End of Application specific configurations ************************* -->
<!-- *************** Global configurations ********************** -->
<!--context-param>
<param-name>/retry.do</param-name>
<param-value>http://localhost:8080/customauthenticationendpoint/retry.do?type=retry.do</param-value>
</context-param-->
<!-- *************** End of Global configurations ********************** -->
<!-- *************** Account Recovery Endpoint Context URL Configuration ********************** -->
<!--context-param>
<param-name>IdentityManagementEndpointContextURL</param-name>
<param-value>https://localhost:9443/accountrecoveryendpoint</param-value>
</context-param-->
<context-param>
<param-name>AccountRecoveryRESTEndpointURL</param-name>
<param-value>https://localhost:9443/t/tenant-domain/api/identity/user/v0.9/</param-value>
</context-param>
<!-- *************** End of Account Recovery Endpoint Context URL Configuration ********************** -->
<!--Display scopes in the consent page.-->
<context-param>
<param-name>displayScopes</param-name>
<param-value>true</param-value>
</context-param>
<filter>
<filter-name>HttpHeaderSecurityFilter</filter-name>
<filter-class>org.apache.catalina.filters.HttpHeaderSecurityFilter</filter-class>
<init-param>
<param-name>hstsEnabled</param-name>
<param-value>false</param-value>
</init-param>
</filter>
<filter-mapping>
<filter-name>HttpHeaderSecurityFilter</filter-name>
<url-pattern>*</url-pattern>
</filter-mapping>
<filter>
<filter-name>AuthenticationEndpointFilter</filter-name>
<filter-class>
org.wso2.carbon.identity.application.authentication.endpoint.util.filter.AuthenticationEndpointFilter
</filter-class>
</filter>
<filter-mapping>
<filter-name>AuthenticationEndpointFilter</filter-name>
<url-pattern>/*</url-pattern>
</filter-mapping>
<listener>
<listener-class>
org.wso2.carbon.identity.application.authentication.endpoint.util.listener.AuthenticationEndpointContextListener
</listener-class>
</listener>
<servlet>
<servlet-name>retry.do</servlet-name>
<jsp-file>/retry.jsp</jsp-file>
</servlet>
<servlet>
<servlet-name>claims.do</servlet-name>
<jsp-file>/requested-claims.jsp</jsp-file>
</servlet>
<servlet>
<servlet-name>oauth2_login.do</servlet-name>
<jsp-file>/login.jsp</jsp-file>
</servlet>
<servlet>
<servlet-name>oauth2_authz.do</servlet-name>
<jsp-file>/oauth2_authz.jsp</jsp-file>
</servlet>
<servlet>
<servlet-name>oauth2_consent.do</servlet-name>
<jsp-file>/oauth2_consent.jsp</jsp-file>
</servlet>
<servlet>
<servlet-name>oauth2_logout_consent.do</servlet-name>
<jsp-file>/oauth2_logout_consent.jsp</jsp-file>
</servlet>
<servlet>
<servlet-name>oauth2_logout.do</servlet-name>
<jsp-file>/logout.jsp</jsp-file>
</servlet>
<servlet>
<servlet-name>oauth2_error.do</servlet-name>
<jsp-file>/oauth2_error.jsp</jsp-file>
</servlet>
<servlet>
<servlet-name>samlsso_login.do</servlet-name>
<jsp-file>/login.jsp</jsp-file>
</servlet>
<servlet>
<servlet-name>samlsso_logout.do</servlet-name>
<jsp-file>/logout.jsp</jsp-file>
</servlet>
<servlet>
<servlet-name>samlsso_redirect.do</servlet-name>
<jsp-file>/login.jsp</jsp-file>
</servlet>
<servlet>
<servlet-name>samlsso_notification.do</servlet-name>
<jsp-file>/samlsso_notification.jsp</jsp-file>
</servlet>
<servlet>
<servlet-name>openid_login.do</servlet-name>
<jsp-file>/login.jsp</jsp-file>
</servlet>
<servlet>
<servlet-name>openid_profile.do</servlet-name>
<jsp-file>/openid_profile.jsp</jsp-file>
</servlet>
<servlet>
<servlet-name>passivests_login.do</servlet-name>
<jsp-file>/login.jsp</jsp-file>
</servlet>
<servlet>
<servlet-name>tenantlistrefresher.do</servlet-name>
<jsp-file>/tenant_refresh_endpoint.jsp</jsp-file>
</servlet>
<servlet>
<servlet-name>registration.do</servlet-name>
<jsp-file>/registration.jsp</jsp-file>
</servlet>
<servlet-mapping>
<servlet-name>retry.do</servlet-name>
<url-pattern>/retry.do</url-pattern>
</servlet-mapping>
<servlet-mapping>
<servlet-name>oauth2_login.do</servlet-name>
<url-pattern>/oauth2_login.do</url-pattern>
</servlet-mapping>
<servlet-mapping>
<servlet-name>oauth2_authz.do</servlet-name>
<url-pattern>/oauth2_authz.do</url-pattern>
</servlet-mapping>
<servlet-mapping>
<servlet-name>oauth2_consent.do</servlet-name>
<url-pattern>/oauth2_consent.do</url-pattern>
</servlet-mapping>
<servlet-mapping>
<servlet-name>oauth2_logout_consent.do</servlet-name>
<url-pattern>/oauth2_logout_consent.do</url-pattern>
</servlet-mapping>
<servlet-mapping>
<servlet-name>oauth2_logout.do</servlet-name>
<url-pattern>/oauth2_logout.do</url-pattern>
</servlet-mapping>
<servlet-mapping>
<servlet-name>oauth2_error.do</servlet-name>
<url-pattern>/oauth2_error.do</url-pattern>
</servlet-mapping>
<servlet-mapping>
<servlet-name>samlsso_login.do</servlet-name>
<url-pattern>/samlsso_login.do</url-pattern>
</servlet-mapping>
<servlet-mapping>
<servlet-name>samlsso_logout.do</servlet-name>
<url-pattern>/samlsso_logout.do</url-pattern>
</servlet-mapping>
<servlet-mapping>
<servlet-name>samlsso_redirect.do</servlet-name>
<url-pattern>/samlsso_redirect.do</url-pattern>
</servlet-mapping>
<servlet-mapping>
<servlet-name>samlsso_notification.do</servlet-name>
<url-pattern>/samlsso_notification.do</url-pattern>
</servlet-mapping>
<servlet-mapping>
<servlet-name>openid_login.do</servlet-name>
<url-pattern>/openid_login.do</url-pattern>
</servlet-mapping>
<servlet-mapping>
<servlet-name>openid_profile.do</servlet-name>
<url-pattern>/openid_profile.do</url-pattern>
</servlet-mapping>
<servlet-mapping>
<servlet-name>passivests_login.do</servlet-name>
<url-pattern>/passivests_login.do</url-pattern>
</servlet-mapping>
<servlet-mapping>
<servlet-name>tenantlistrefresher.do</servlet-name>
<url-pattern>/tenantlistrefresher.do</url-pattern>
</servlet-mapping>
<servlet-mapping>
<servlet-name>registration.do</servlet-name>
<url-pattern>/registration.do</url-pattern>
</servlet-mapping>
<servlet-mapping>
<servlet-name>claims.do</servlet-name>
<url-pattern>/claims.do</url-pattern>
</servlet-mapping>
<error-page>
<exception-type>java.lang.Throwable</exception-type>
<location>/generic-exception-response.jsp</location>
</error-page>
<session-config>
<cookie-config>
<secure>true</secure>
</cookie-config>
</session-config>
</web-app>

@ -1,87 +0,0 @@
<?xml version="1.0" encoding="UTF-8"?>
<!--
~ /*
~ * Copyright (c) 2015, WSO2 Inc. (http://www.wso2.org) All Rights Reserved.
~ *
~ * WSO2 Inc. licenses this file to you under the Apache License,
~ * Version 2.0 (the "License"); you may not use this file except
~ * in compliance with the License.
~ * You may obtain a copy of the License at
~ *
~ * http://www.apache.org/licenses/LICENSE-2.0
~ *
~ * Unless required by applicable law or agreed to in writing,
~ * software distributed under the License is distributed on an
~ * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
~ * KIND, either express or implied. See the License for the
~ * specific language governing permissions and limitations
~ * under the License.
~ */
-->
<web-app xmlns="http://java.sun.com/xml/ns/j2ee"
xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
xsi:schemaLocation="http://java.sun.com/xml/ns/j2ee http://java.sun.com/xml/ns/j2ee/web-app_2_4.xsd"
version="2.4">
<description>JAX-WS/JAX-RS Device Registration Agent Endpoint</description>
<display-name>JAX-WS/JAX-RS Servlet</display-name>
<context-param>
<param-name>contextConfigLocation</param-name>
<param-value>WEB-INF/beans.xml</param-value>
</context-param>
<listener>
<listener-class>
org.springframework.web.context.ContextLoaderListener
</listener-class>
</listener>
<servlet>
<description>JAX-WS/JAX-RS Device Registration Agent Endpoint</description>
<display-name>JAX-WS/JAX-RS Servlet</display-name>
<servlet-name>CXFServlet</servlet-name>
<servlet-class>
org.apache.cxf.transport.servlet.CXFServlet
</servlet-class>
<load-on-startup>1</load-on-startup>
</servlet>
<servlet-mapping>
<servlet-name>CXFServlet</servlet-name>
<url-pattern>/*</url-pattern>
</servlet-mapping>
<filter>
<filter-name>HttpHeaderSecurityFilter</filter-name>
<filter-class>org.apache.catalina.filters.HttpHeaderSecurityFilter</filter-class>
<init-param>
<param-name>hstsEnabled</param-name>
<param-value>false</param-value>
</init-param>
</filter>
<filter>
<filter-name>ContentTypeBasedCachePreventionFilter</filter-name>
<filter-class>org.wso2.carbon.ui.filters.cache.ContentTypeBasedCachePreventionFilter</filter-class>
<init-param>
<param-name>patterns</param-name>
<param-value>text/html" ,application/json" ,text/plain</param-value>
</init-param>
<init-param>
<param-name>filterAction</param-name>
<param-value>enforce</param-value>
</init-param>
<init-param>
<param-name>httpHeaders</param-name>
<param-value>Cache-Control: no-store, no-cache, must-revalidate, private</param-value>
</init-param>
</filter>
<filter-mapping>
<filter-name>HttpHeaderSecurityFilter</filter-name>
<url-pattern>/*</url-pattern>
</filter-mapping>
<filter-mapping>
<filter-name>ContentTypeBasedCachePreventionFilter</filter-name>
<url-pattern>/*</url-pattern>
</filter-mapping>
</web-app>

@ -1,100 +0,0 @@
<?xml version="1.0" encoding="UTF-8"?>
<!--
~ Copyright 2011 WSO2, Inc. (http://wso2.com)
~
~ Licensed under the Apache License, Version 2.0 (the "License");
~ you may not use this file except in compliance with the License.
~ You may obtain a copy of the License at
~
~ http://www.apache.org/licenses/LICENSE-2.0
~
~ Unless required by applicable law or agreed to in writing, software
~ distributed under the License is distributed on an "AS IS" BASIS,
~ WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
~ See the License for the specific language governing permissions and
~ limitations under the License.
-->
<web-app version="2.5" xmlns="http://java.sun.com/xml/ns/javaee"
xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
xsi:schemaLocation="http://java.sun.com/xml/ns/javaee
http://java.sun.com/xml/ns/javaee/web-app_2_5.xsd">
<display-name>OAuth2 Endpoints</display-name>
<filter>
<filter-name>HttpHeaderSecurityFilter</filter-name>
<filter-class>org.apache.catalina.filters.HttpHeaderSecurityFilter</filter-class>
<init-param>
<param-name>hstsEnabled</param-name>
<param-value>false</param-value>
</init-param>
</filter>
<filter>
<filter-name>ContentTypeBasedCachePreventionFilter</filter-name>
<filter-class>org.wso2.carbon.ui.filters.cache.ContentTypeBasedCachePreventionFilter</filter-class>
<init-param>
<param-name>patterns</param-name>
<param-value>text/html" ,application/json" ,text/plain</param-value>
</init-param>
<init-param>
<param-name>filterAction</param-name>
<param-value>enforce</param-value>
</init-param>
<init-param>
<param-name>httpHeaders</param-name>
<param-value>Cache-Control: no-store, no-cache, must-revalidate, private</param-value>
</init-param>
</filter>
<filter-mapping>
<filter-name>HttpHeaderSecurityFilter</filter-name>
<url-pattern>/*</url-pattern>
</filter-mapping>
<filter-mapping>
<filter-name>ContentTypeBasedCachePreventionFilter</filter-name>
<url-pattern>/*</url-pattern>
</filter-mapping>
<servlet>
<servlet-name>OAuth2Endpoints</servlet-name>
<servlet-class>org.apache.cxf.transport.servlet.CXFServlet</servlet-class>
<load-on-startup>1</load-on-startup>
<!-- Application based page loading configs -->
<!-- *********** Pages for the SampleApp *************** -->
<!--init-param>
<description>Login page for the application SampleApp</description>
<param-name>SampleApp-LoginPage</param-name>
<param-value>https://localhost:9443/mypages/sampleapp-login</param-value>
</init-param>
<init-param>
<description>Error page for the application SampleApp</description>
<param-name>SampleApp-ErrorPage</param-name>
<param-value>https://localhost:9443/mypages/sampleapp-error</param-value>
</init-param>
<init-param>
<description>Consent page for the application SampleApp</description>
<param-name>SampleApp-ConsentPage</param-name>
<param-value>https://localhost:9443/mypages/sampleapp-consent</param-value>
</init-param-->
<!-- ******************* End of SampleApp configs ***************** -->
</servlet>
<servlet-mapping>
<servlet-name>OAuth2Endpoints</servlet-name>
<url-pattern>/*</url-pattern>
</servlet-mapping>
<session-config>
<cookie-config>
<secure>true</secure>
</cookie-config>
</session-config>
</web-app>

@ -1,423 +0,0 @@
<?xml version="1.0" encoding="UTF-8"?>
<!--
~ Copyright (c) 2016, WSO2 Inc. (http://www.wso2.org) All Rights Reserved.
~
~ Licensed under the Apache License, Version 2.0 (the "License");
~ you may not use this file except in compliance with the License.
~ You may obtain a copy of the License at
~
~ http://www.apache.org/licenses/LICENSE-2.0
~
~ Unless required by applicable law or agreed to in writing, software
~ distributed under the License is distributed on an "AS IS" BASIS,
~ WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
~ See the License for the specific language governing permissions and
~ limitations under the License.
-->
<web-app xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
xmlns="http://java.sun.com/xml/ns/javaee"
xmlns:web="http://java.sun.com/xml/ns/javaee/web-app_2_5.xsd"
xsi:schemaLocation="http://java.sun.com/xml/ns/javaee http://java.sun.com/xml/ns/javaee/web-app_2_5.xsd"
id="Shindig"
version="2.5">
<display-name>Shindig</display-name>
<!-- configuration -->
<!-- If you have your own Guice module(s), put them here as a colon-separated list. -->
<!-- Note that any extras modules are optional -->
<context-param>
<param-name>guice-modules</param-name>
<param-value>
org.apache.shindig.common.PropertiesModule:
org.apache.shindig.gadgets.DefaultGuiceModule:
org.apache.shindig.social.core.config.SocialApiGuiceModule:
org.apache.shindig.social.sample.SampleModule:
org.apache.shindig.gadgets.oauth.OAuthModule:
org.apache.shindig.gadgets.oauth2.OAuth2Module:
org.apache.shindig.gadgets.oauth2.OAuth2MessageModule:
org.apache.shindig.gadgets.oauth2.handler.OAuth2HandlerModule:
org.apache.shindig.gadgets.oauth2.persistence.sample.OAuth2PersistenceModule:
org.apache.shindig.common.cache.ehcache.EhCacheModule:
org.apache.shindig.sample.shiro.ShiroGuiceModule:
org.apache.shindig.sample.container.SampleContainerGuiceModule:
org.apache.shindig.extras.ShindigExtrasGuiceModule:
org.apache.shindig.gadgets.admin.GadgetAdminModule:
org.wso2.carbon.dashboard.shindig.features.WSO2ShindigFeaturesModule
</param-value>
</context-param>
<!--
Syntax: <key>=<value> separated by a newline
system.properties specifies the environmental variables that will be set to the JVM System Properties at server startup time.
Alternatively, you may add these values in your app server (ex: Tomcat) as
VM arguments like this: -Dshindig.host="my.production.shindig.server.com".
Here are a few properties that can be set for Shindig:
shindig.host: the server name that Shindig is deployed and running on
shindig.port: the port number of shindig.host server
Make sure you escape all HTML values for the web.xml to be parsed correctly.
-->
<context-param>
<param-name>system.properties</param-name>
<param-value>
<![CDATA[
shindig.host=
shindig.port=
aKey=/shindig/gadgets/proxy?container=default&url=
]]>
</param-value>
</context-param>
<filter>
<filter-name>HttpHeaderSecurityFilter</filter-name>
<filter-class>org.apache.catalina.filters.HttpHeaderSecurityFilter</filter-class>
<init-param>
<param-name>hstsEnabled</param-name>
<param-value>false</param-value>
</init-param>
<init-param>
<param-name>antiClickJackingOption</param-name>
<param-value>SAMEORIGIN</param-value>
</init-param>
</filter>
<filter>
<filter-name>ContentTypeBasedCachePreventionFilter</filter-name>
<filter-class>org.wso2.carbon.ui.filters.cache.ContentTypeBasedCachePreventionFilter</filter-class>
<init-param>
<param-name>patterns</param-name>
<param-value>text/html" ,application/json" ,text/plain</param-value>
</init-param>
<init-param>
<param-name>filterAction</param-name>
<param-value>enforce</param-value>
</init-param>
<init-param>
<param-name>httpHeaders</param-name>
<param-value>Cache-Control: no-store, no-cache, must-revalidate, private</param-value>
</init-param>
</filter>
<filter-mapping>
<filter-name>HttpHeaderSecurityFilter</filter-name>
<url-pattern>/*</url-pattern>
</filter-mapping>
<filter-mapping>
<filter-name>ContentTypeBasedCachePreventionFilter</filter-name>
<url-pattern>/*</url-pattern>
</filter-mapping>
<filter-mapping>
<filter-name>HttpHeaderSecurityFilter</filter-name>
<url-pattern>*</url-pattern>
</filter-mapping>
<filter>
<filter-name>hostFilter</filter-name>
<filter-class>org.apache.shindig.common.servlet.HostFilter</filter-class>
</filter>
<filter-mapping>
<filter-name>hostFilter</filter-name>
<url-pattern>/gadgets/ifr</url-pattern>
<url-pattern>/gadgets/js/*</url-pattern>
<url-pattern>/gadgets/proxy/*</url-pattern>
<url-pattern>/gadgets/concat</url-pattern>
<url-pattern>/gadgets/makeRequest</url-pattern>
<url-pattern>/rpc/*</url-pattern>
<url-pattern>/rest/*</url-pattern>
</filter-mapping>
<filter>
<filter-name>ShiroFilter</filter-name>
<filter-class>org.apache.shiro.web.servlet.IniShiroFilter</filter-class>
<init-param>
<param-name>config</param-name>
<param-value>
<![CDATA[
# The ShiroFilter configuration is very powerful and flexible, while still remaining succinct.
# Please read the comprehensive example, with full comments and explanations, in the JavaDoc:
#
# http://www.jsecurity.org/api/org/jsecurity/web/servlet/JSecurityFilter.html
[main]
shindigSampleRealm = org.apache.shindig.sample.shiro.SampleShiroRealm
securityManager.realm = $shindigSampleRealm
authc.loginUrl = /login.jsp
[urls]
# The /login.jsp is not restricted to authenticated users (otherwise no one could log in!), but
# the 'authc' filter must still be specified for it so it can process that url's
# login submissions. It is 'smart' enough to allow those requests through as specified by the
# shiro.loginUrl above.
/login.jsp = authc
/oauth/authorize/** = authc
/oauth2/authorize/** = authc
]]>
</param-value>
</init-param>
</filter>
<filter>
<filter-name>authFilter</filter-name>
<filter-class>org.apache.shindig.auth.AuthenticationServletFilter</filter-class>
</filter>
<filter>
<filter-name>etagFilter</filter-name>
<filter-class>org.apache.shindig.gadgets.servlet.ETagFilter</filter-class>
</filter>
<filter-mapping>
<filter-name>ShiroFilter</filter-name>
<url-pattern>/oauth/authorize</url-pattern>
</filter-mapping>
<filter-mapping>
<filter-name>ShiroFilter</filter-name>
<url-pattern>/oauth2/authorize</url-pattern>
</filter-mapping>
<filter-mapping>
<filter-name>ShiroFilter</filter-name>
<url-pattern>*.jsp</url-pattern>
</filter-mapping>
<filter-mapping>
<filter-name>authFilter</filter-name>
<url-pattern>/social/*</url-pattern>
<url-pattern>/gadgets/ifr</url-pattern>
<url-pattern>/gadgets/makeRequest</url-pattern>
<url-pattern>/gadgets/proxy</url-pattern>
<url-pattern>/gadgets/api/rpc/*</url-pattern>
<url-pattern>/gadgets/api/rest/*</url-pattern>
<url-pattern>/rpc/*</url-pattern>
<url-pattern>/rest/*</url-pattern>
</filter-mapping>
<filter-mapping>
<filter-name>etagFilter</filter-name>
<url-pattern>*</url-pattern>
</filter-mapping>
<listener>
<listener-class>org.apache.shindig.common.servlet.GuiceServletContextListener</listener-class>
</listener>
<!-- Render a Gadget -->
<servlet>
<servlet-name>xml-to-html</servlet-name>
<servlet-class>
org.wso2.carbon.dashboard.shindig.extensions.WSO2GadgetRenderingServlet
</servlet-class>
</servlet>
<servlet>
<servlet-name>accel</servlet-name>
<servlet-class>
org.apache.shindig.gadgets.servlet.HtmlAccelServlet
</servlet-class>
</servlet>
<!-- Proxy -->
<servlet>
<servlet-name>proxy</servlet-name>
<servlet-class>
org.apache.shindig.gadgets.servlet.ProxyServlet
</servlet-class>
</servlet>
<!-- makeRequest -->
<servlet>
<servlet-name>makeRequest</servlet-name>
<servlet-class>
org.apache.shindig.gadgets.servlet.MakeRequestServlet
</servlet-class>
</servlet>
<!-- Concat -->
<servlet>
<servlet-name>concat</servlet-name>
<servlet-class>
org.apache.shindig.gadgets.servlet.ConcatProxyServlet
</servlet-class>
</servlet>
<!-- OAuth callback -->
<servlet>
<servlet-name>oauthCallback</servlet-name>
<servlet-class>
org.apache.shindig.gadgets.servlet.OAuthCallbackServlet
</servlet-class>
</servlet>
<!-- OAuth2 callback -->
<servlet>
<servlet-name>oauth2callback</servlet-name>
<servlet-class>
org.apache.shindig.gadgets.servlet.OAuth2CallbackServlet
</servlet-class>
</servlet>
<!-- Metadata RPC -->
<servlet>
<servlet-name>metadata</servlet-name>
<servlet-class>
org.apache.shindig.gadgets.servlet.RpcServlet
</servlet-class>
</servlet>
<!-- javascript serving -->
<servlet>
<servlet-name>js</servlet-name>
<servlet-class>org.apache.shindig.gadgets.servlet.JsServlet</servlet-class>
</servlet>
<servlet>
<servlet-name>restapiServlet</servlet-name>
<servlet-class>
org.apache.shindig.protocol.DataServiceServlet
</servlet-class>
<init-param>
<param-name>handlers</param-name>
<param-value>org.apache.shindig.handlers</param-value>
</init-param>
</servlet>
<!-- Serve social RPC api -->
<servlet>
<servlet-name>jsonRpcServlet</servlet-name>
<servlet-class>
org.apache.shindig.protocol.JsonRpcServlet
</servlet-class>
<init-param>
<param-name>handlers</param-name>
<param-value>org.apache.shindig.handlers</param-value>
</init-param>
</servlet>
<!-- Serve sample OAuth apis -->
<servlet>
<servlet-name>sampleOAuth</servlet-name>
<servlet-class>
org.apache.shindig.social.sample.oauth.SampleOAuthServlet
</servlet-class>
</servlet>
<!-- Serve OAuth 2 APIs -->
<servlet>
<servlet-name>OAuth2Servlet</servlet-name>
<servlet-class>
org.apache.shindig.social.core.oauth2.OAuth2Servlet
</servlet-class>
</servlet>
<servlet>
<servlet-name>rpcSwf</servlet-name>
<servlet-class>
org.apache.shindig.gadgets.servlet.RpcSwfServlet
</servlet-class>
</servlet>
<servlet-mapping>
<servlet-name>js</servlet-name>
<url-pattern>/gadgets/js/*</url-pattern>
</servlet-mapping>
<servlet-mapping>
<servlet-name>proxy</servlet-name>
<url-pattern>/gadgets/proxy/*</url-pattern>
</servlet-mapping>
<servlet-mapping>
<servlet-name>makeRequest</servlet-name>
<url-pattern>/gadgets/makeRequest</url-pattern>
</servlet-mapping>
<servlet-mapping>
<servlet-name>jsonRpcServlet</servlet-name>
<url-pattern>/rpc/*</url-pattern>
<url-pattern>/gadgets/api/rpc/*</url-pattern>
<url-pattern>/social/rpc/*</url-pattern>
</servlet-mapping>
<servlet-mapping>
<servlet-name>restapiServlet</servlet-name>
<url-pattern>/rest/*</url-pattern>
<url-pattern>/gadgets/api/rest/*</url-pattern>
<url-pattern>/social/rest/*</url-pattern>
</servlet-mapping>
<servlet-mapping>
<servlet-name>concat</servlet-name>
<url-pattern>/gadgets/concat</url-pattern>
</servlet-mapping>
<servlet-mapping>
<servlet-name>oauthCallback</servlet-name>
<url-pattern>/gadgets/oauthcallback</url-pattern>
</servlet-mapping>
<servlet-mapping>
<servlet-name>oauth2callback</servlet-name>
<url-pattern>/gadgets/oauth2callback</url-pattern>
</servlet-mapping>
<servlet-mapping>
<servlet-name>xml-to-html</servlet-name>
<url-pattern>/gadgets/ifr</url-pattern>
</servlet-mapping>
<servlet-mapping>
<servlet-name>accel</servlet-name>
<url-pattern>/gadgets/accel</url-pattern>
</servlet-mapping>
<servlet-mapping>
<servlet-name>metadata</servlet-name>
<url-pattern>/gadgets/metadata</url-pattern>
</servlet-mapping>
<servlet-mapping>
<servlet-name>sampleOAuth</servlet-name>
<url-pattern>/oauth/*</url-pattern>
</servlet-mapping>
<servlet-mapping>
<servlet-name>OAuth2Servlet</servlet-name>
<url-pattern>/oauth2/*</url-pattern>
</servlet-mapping>
<servlet-mapping>
<servlet-name>rpcSwf</servlet-name>
<url-pattern>/xpc*</url-pattern>
</servlet-mapping>
<error-page>
<error-code>404</error-code>
<location>/error-pages/error404.html</location>
</error-page>
<error-page>
<error-code>401</error-code>
<location>/error-pages/error401.html</location>
</error-page>
<error-page>
<error-code>403</error-code>
<location>/error-pages/error403.html</location>
</error-page>
<error-page>
<error-code>405</error-code>
<location>/error-pages/error405.html</location>
</error-page>
<error-page>
<error-code>500</error-code>
<location>/error-pages/error500.html</location>
</error-page>
</web-app>

@ -1,7 +1,7 @@
<?xml version="1.0" encoding="UTF-8"?>
<?pde version="3.5"?>
<product name="Carbon Product" uid="carbon.product.id" id="carbon.product" application="carbon.application" version="4.4.25" useFeatures="true" includeLaunchers="true">
<product name="Carbon Product" uid="carbon.product.id" id="carbon.product" application="carbon.application" version="4.4.26" useFeatures="true" includeLaunchers="true">
<configIni use="default">
</configIni>
@ -13,7 +13,7 @@
</plugins>
<features>
<feature id="org.wso2.carbon.core.runtime" version="4.4.25"/>
<feature id="org.wso2.carbon.core.runtime" version="4.4.26"/>
</features>
<configurations>

@ -1,7 +1,7 @@
<?xml version="1.0" encoding="UTF-8"?>
<?pde version="3.5"?>
<product name="Carbon Product" uid="carbon.product.id" id="carbon.product" application="carbon.application" version="4.4.25" useFeatures="true" includeLaunchers="true">
<product name="Carbon Product" uid="carbon.product.id" id="carbon.product" application="carbon.application" version="4.4.26" useFeatures="true" includeLaunchers="true">
<configIni use="default">
</configIni>
@ -13,7 +13,7 @@
</plugins>
<features>
<feature id="org.wso2.carbon.core.runtime" version="4.4.25"/>
<feature id="org.wso2.carbon.core.runtime" version="4.4.26"/>
</features>
<configurations>

@ -2,7 +2,7 @@
<?pde version="3.5"?>
<product name="Carbon Product" uid="carbon.product.id" id="carbon.product" application="carbon.application"
version="4.4.25" useFeatures="true" includeLaunchers="true">
version="4.4.26" useFeatures="true" includeLaunchers="true">
<configIni use="default">
</configIni>
@ -14,7 +14,7 @@ version="4.4.25" useFeatures="true" includeLaunchers="true">
</plugins>
<features>
<feature id="org.wso2.carbon.core.runtime" version="4.4.25"/>
<feature id="org.wso2.carbon.core.runtime" version="4.4.26"/>
</features>
<configurations>

@ -1460,7 +1460,7 @@
<properties>
<!--Carbon kernel versions-->
<carbon.kernel.version>4.4.25</carbon.kernel.version>
<carbon.kernel.version>4.4.26</carbon.kernel.version>
<carbon.kernel.version.range>[4.4.0, 4.5.0)</carbon.kernel.version.range>
<carbon.ui.menu.stratos.version>2.2.0</carbon.ui.menu.stratos.version>
@ -1503,14 +1503,14 @@
<carbon.deployment.version>4.7.15</carbon.deployment.version>
<!-- Carbon Identity -->
<carbon.identity.framework.version>5.11.139</carbon.identity.framework.version>
<carbon.identity.framework.version>5.11.145</carbon.identity.framework.version>
<carbon.identity.framework.version.range>[5.2.0, 6.0.0)
</carbon.identity.framework.version.range>
<identity.local.auth.basicauth.version>5.3.7</identity.local.auth.basicauth.version>
<identity.inbound.auth.openid.version>5.2.5</identity.inbound.auth.openid.version>
<identity.inbound.auth.saml.version>5.4.4</identity.inbound.auth.saml.version>
<identity.carbon.auth.saml2.version>5.2.5</identity.carbon.auth.saml2.version>
<identity.inbound.auth.oauth.version>5.6.53</identity.inbound.auth.oauth.version>
<identity.inbound.auth.oauth.version>5.6.61</identity.inbound.auth.oauth.version>
<identity.carbon.auth.mutual.ssl.version>5.1.3</identity.carbon.auth.mutual.ssl.version>
<identity.user.ws.version>5.1.8</identity.user.ws.version>
<identity.outbound.auth.requestpath.basicauth.version>5.1.5</identity.outbound.auth.requestpath.basicauth.version>
@ -1539,26 +1539,26 @@
<carbon.governance.version>4.7.23</carbon.governance.version>
<!-- Carbon Device Management-->
<carbon.device.mgt.version>3.1.3</carbon.device.mgt.version>
<carbon.device.mgt.version>3.1.13</carbon.device.mgt.version>
<carbon.device.mgt.version.range>[3.1.0, 4.0.0)</carbon.device.mgt.version.range>
<!-- IOT Device Management -->
<product.iot.version>${project.version}</product.iot.version>
<!-- Carbon Device Management Plugins-->
<carbon.device.mgt.plugin.version>4.1.1</carbon.device.mgt.plugin.version>
<carbon.device.mgt.plugin.version>4.1.2</carbon.device.mgt.plugin.version>
<!-- API Management -->
<carbon.api.mgt.version>6.2.170</carbon.api.mgt.version>
<carbon.api.mgt.version>6.2.192</carbon.api.mgt.version>
<carbon.api.mgt.version.range>(6.0.0,7.0.0]</carbon.api.mgt.version.range>
<!-- Carbon Mediation -->
<carbon.mediation.version>4.6.61</carbon.mediation.version>
<carbon.mediation.version>4.6.62</carbon.mediation.version>
<!-- Carbon Analytics Common (DAS) -->
<carbon.analytics.common.version>5.1.33</carbon.analytics.common.version>
<carbon.analytics.version>1.3.16</carbon.analytics.version>
<carbon.analytics.das.version>1.3.16</carbon.analytics.das.version>
<carbon.analytics.common.version>5.1.37</carbon.analytics.common.version>
<carbon.analytics.version>1.3.25</carbon.analytics.version>
<carbon.analytics.das.version>1.3.25</carbon.analytics.das.version>
<product.iot.analytics.version>${project.version}</product.iot.analytics.version>
<product.das.version>3.1.0</product.das.version>
<product.mb.version>3.1.0</product.mb.version>
@ -1591,7 +1591,7 @@
<!--IOT Analytics-->
<shindig.version>2.0.2</shindig.version>
<carbon.data.version>4.4.41</carbon.data.version>
<carbon.data.version>4.4.43</carbon.data.version>
<equinox.osgi.version>3.8.1.v20120830-144521</equinox.osgi.version>
<analytics.shared.version>1.0.3</analytics.shared.version>
@ -1623,7 +1623,7 @@
<commons.lang3.version>3.3.2</commons.lang3.version>
<commons.lang.version>2.2</commons.lang.version>
<commons.io.version>2.4</commons.io.version>
<axis2.wso2.version>1.6.1.wso2v23</axis2.wso2.version>
<axis2.wso2.version>1.6.1-wso2v24</axis2.wso2.version>
<carbon.p2.plugin.version>1.5.4</carbon.p2.plugin.version>
<gson.version>2.3.1</gson.version>
<slf4j.log4j12.version>1.6.1</slf4j.log4j12.version>
@ -1643,7 +1643,7 @@
<orbit.version.joda-time>2.8.2.wso2v1</orbit.version.joda-time>
<orbit.version.json>2.0.0.wso2v1</orbit.version.json>
<carbon.dashboard.version>2.0.7</carbon.dashboard.version>
<carbon.event-processing.version>2.1.19</carbon.event-processing.version>
<carbon.event-processing.version>2.1.23</carbon.event-processing.version>
<imp.pkg.version.javax.servlet>[2.6.0,3.0.0)</imp.pkg.version.javax.servlet>
<akka.version>2.3.4-spark</akka.version>

Loading…
Cancel
Save