forked from community/product-iots
and the manager togetherapplication-manager-new
Shabir Mohamed
9 years ago
commit
69dcf064f9
@ -1,248 +0,0 @@
|
|||||||
<?xml version="1.0" encoding="ISO-8859-1"?>
|
|
||||||
<!--
|
|
||||||
~ Copyright (c) 2005-2011, WSO2 Inc. (http://www.wso2.org) All Rights Reserved.
|
|
||||||
~
|
|
||||||
~ WSO2 Inc. licenses this file to you under the Apache License,
|
|
||||||
~ Version 2.0 (the "License"); you may not use this file except
|
|
||||||
~ in compliance with the License.
|
|
||||||
~ You may obtain a copy of the License at
|
|
||||||
~
|
|
||||||
~ http://www.apache.org/licenses/LICENSE-2.0
|
|
||||||
~
|
|
||||||
~ Unless required by applicable law or agreed to in writing,
|
|
||||||
~ software distributed under the License is distributed on an
|
|
||||||
~ "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
|
|
||||||
~ KIND, either express or implied. See the License for the
|
|
||||||
~ specific language governing permissions and limitations
|
|
||||||
~ under the License.
|
|
||||||
-->
|
|
||||||
|
|
||||||
<Server xmlns="http://wso2.org/projects/carbon/carbon.xml">
|
|
||||||
|
|
||||||
<OpenIDServerUrl>https://localhost:9443/openidserver</OpenIDServerUrl>
|
|
||||||
|
|
||||||
<OpenIDUserPattern>https://localhost:9443/openid/</OpenIDUserPattern>
|
|
||||||
<!-- If the users must be prompted for approval -->
|
|
||||||
<OpenIDSkipUserConsent>false</OpenIDSkipUserConsent>
|
|
||||||
<!-- Expiry time of the OpenID RememberMe token in minutes -->
|
|
||||||
<OpenIDRememberMeExpiry>7200</OpenIDRememberMeExpiry>
|
|
||||||
|
|
||||||
<JDBCPersistenceManager>
|
|
||||||
<DataSource>
|
|
||||||
<!-- Include a data source name (jndiConfigName) from the set of data sources defined in master-datasources.xml -->
|
|
||||||
<Name>jdbc/WSO2AM_DB</Name>
|
|
||||||
</DataSource>
|
|
||||||
<!-- If the identity database is created from another place and if it is required to skip schema initialization during the server start up, set the following
|
|
||||||
property to "true". -->
|
|
||||||
<SkipDBSchemaCreation>true</SkipDBSchemaCreation>
|
|
||||||
</JDBCPersistenceManager>
|
|
||||||
|
|
||||||
<!--
|
|
||||||
Security configurations
|
|
||||||
-->
|
|
||||||
<Security>
|
|
||||||
<UserTrustedRPStore>
|
|
||||||
<Location>${carbon.home}/repository/resources/security/userRP.jks</Location>
|
|
||||||
<!-- Keystore type (JKS/PKCS12 etc.)-->
|
|
||||||
<Type>JKS</Type>
|
|
||||||
<!-- Keystore password-->
|
|
||||||
<Password>wso2carbon</Password>
|
|
||||||
<!-- Private Key password-->
|
|
||||||
<KeyPassword>wso2carbon</KeyPassword>
|
|
||||||
</UserTrustedRPStore>
|
|
||||||
|
|
||||||
<!--
|
|
||||||
The directory under which all other KeyStore files will be stored
|
|
||||||
-->
|
|
||||||
<KeyStoresDir>${carbon.home}/conf/keystores</KeyStoresDir>
|
|
||||||
</Security>
|
|
||||||
|
|
||||||
<Identity>
|
|
||||||
<IssuerPolicy>SelfAndManaged</IssuerPolicy>
|
|
||||||
<TokenValidationPolicy>CertValidate</TokenValidationPolicy>
|
|
||||||
<BlackList></BlackList>
|
|
||||||
<WhiteList></WhiteList>
|
|
||||||
<System>
|
|
||||||
<KeyStore></KeyStore>
|
|
||||||
<StorePass></StorePass>
|
|
||||||
</System>
|
|
||||||
</Identity>
|
|
||||||
|
|
||||||
<OAuth>
|
|
||||||
<RequestTokenUrl>https://localhost:9443/oauth/request-token</RequestTokenUrl>
|
|
||||||
<AccessTokenUrl>https://localhost:9443/oauth/access-token</AccessTokenUrl>
|
|
||||||
<AuthorizeUrl>https://localhost:9443/oauth/authorize-url</AuthorizeUrl>
|
|
||||||
<!-- Default validity period for Authorization Code in seconds -->
|
|
||||||
<AuthorizationCodeDefaultValidityPeriod>300</AuthorizationCodeDefaultValidityPeriod>
|
|
||||||
<!-- Default validity period for Access Token in seconds -->
|
|
||||||
<AccessTokenDefaultValidityPeriod>3600</AccessTokenDefaultValidityPeriod>
|
|
||||||
<!-- Default validity period for Application Access Token in seconds-If want to set this as never expired,set the value as <0 -->
|
|
||||||
<ApplicationAccessTokenDefaultValidityPeriod>3600</ApplicationAccessTokenDefaultValidityPeriod>
|
|
||||||
<!-- Default validity period for User Access Token in seconds-->
|
|
||||||
<UserAccessTokenDefaultValidityPeriod>3600</UserAccessTokenDefaultValidityPeriod>
|
|
||||||
<!-- Timestamp skew in seconds -->
|
|
||||||
<TimestampSkew>300</TimestampSkew>
|
|
||||||
<!-- Enable OAuth caching. This cache has the replication support. -->
|
|
||||||
<EnableOAuthCache>true</EnableOAuthCache>
|
|
||||||
<!-- Configure the security measures needs to be done prior to store the token in the database,
|
|
||||||
such as hashing, encrypting, etc.-->
|
|
||||||
<TokenPersistenceProcessor>
|
|
||||||
org.wso2.carbon.identity.oauth.tokenprocessor.PlainTextPersistenceProcessor
|
|
||||||
</TokenPersistenceProcessor>
|
|
||||||
<!--<ClientAuthHandlers>
|
|
||||||
<ClientAuthHandlerImplClass>org.wso2.carbon.identity.oauth2.token.handlers.clientauth.BasicAuthClientAuthHandler</ClientAuthHandlerImplClass>
|
|
||||||
</ClientAuthHandlers>-->
|
|
||||||
|
|
||||||
<ClientAuthHandlers>
|
|
||||||
<ClientAuthHandler Class="org.wso2.carbon.identity.oauth2.token.handlers.clientauth.BasicAuthClientAuthHandler">
|
|
||||||
<Property Name="StrictClientCredentialValidation">false</Property>
|
|
||||||
</ClientAuthHandler>
|
|
||||||
</ClientAuthHandlers>
|
|
||||||
<!--TokenPersistenceProcessor>
|
|
||||||
org.wso2.carbon.identity.oauth.tokenprocessor.EncryptionDecryptionPersistenceProcessor
|
|
||||||
</TokenPersistenceProcessor-->
|
|
||||||
<!-- Supported Response Types -->
|
|
||||||
<SupportedResponseTypes>
|
|
||||||
<SupportedResponseType>
|
|
||||||
<ResponseTypeName>token</ResponseTypeName>
|
|
||||||
<ResponseTypeHandlerImplClass>org.wso2.carbon.identity.oauth2.authz.handlers.TokenResponseTypeHandler</ResponseTypeHandlerImplClass>
|
|
||||||
</SupportedResponseType>
|
|
||||||
<SupportedResponseType>
|
|
||||||
<ResponseTypeName>code</ResponseTypeName>
|
|
||||||
<ResponseTypeHandlerImplClass>org.wso2.carbon.identity.oauth2.authz.handlers.CodeResponseTypeHandler</ResponseTypeHandlerImplClass>
|
|
||||||
</SupportedResponseType>
|
|
||||||
</SupportedResponseTypes>
|
|
||||||
<!-- Supported Grant Types -->
|
|
||||||
<SupportedGrantTypes>
|
|
||||||
<SupportedGrantType>
|
|
||||||
<GrantTypeName>authorization_code</GrantTypeName>
|
|
||||||
<GrantTypeHandlerImplClass>org.wso2.carbon.apimgt.keymgt.handlers.ExtendedAuthorizationCodeGrantHandler</GrantTypeHandlerImplClass>
|
|
||||||
</SupportedGrantType>
|
|
||||||
<SupportedGrantType>
|
|
||||||
<GrantTypeName>password</GrantTypeName>
|
|
||||||
<GrantTypeHandlerImplClass>org.wso2.carbon.apimgt.keymgt.handlers.ExtendedPasswordGrantHandler</GrantTypeHandlerImplClass>
|
|
||||||
</SupportedGrantType>
|
|
||||||
|
|
||||||
<!-- This is commented out intentionally due to a bug-->
|
|
||||||
<!--<SupportedGrantType>
|
|
||||||
<GrantTypeName>application_token</GrantTypeName>
|
|
||||||
<GrantTypeHandlerImplClass>org.wso2.carbon.apimgt.keymgt.handlers.OpenKeyManagerGrantHandler</GrantTypeHandlerImplClass>
|
|
||||||
<GrantTypeValidatorImplClass>org.wso2.carbon.apimgt.keymgt.handlers.OpenKeyManagerGrantValidator</GrantTypeValidatorImplClass>
|
|
||||||
</SupportedGrantType>-->
|
|
||||||
<SupportedGrantType>
|
|
||||||
<GrantTypeName>refresh_token</GrantTypeName>
|
|
||||||
<GrantTypeHandlerImplClass>org.wso2.carbon.identity.oauth2.token.handlers.grant.RefreshGrantHandler</GrantTypeHandlerImplClass>
|
|
||||||
</SupportedGrantType>
|
|
||||||
<SupportedGrantType>
|
|
||||||
<GrantTypeName>client_credentials</GrantTypeName>
|
|
||||||
<GrantTypeHandlerImplClass>org.wso2.carbon.apimgt.keymgt.handlers.ExtendedClientCredentialsGrantHandler</GrantTypeHandlerImplClass>
|
|
||||||
</SupportedGrantType>
|
|
||||||
<SupportedGrantType>
|
|
||||||
<GrantTypeName>urn:ietf:params:oauth:grant-type:saml2-bearer</GrantTypeName>
|
|
||||||
<GrantTypeHandlerImplClass>org.wso2.carbon.identity.oauth2.token.handlers.grant.saml.SAML2BearerGrantHandler</GrantTypeHandlerImplClass>
|
|
||||||
</SupportedGrantType>
|
|
||||||
<SupportedGrantType>
|
|
||||||
<GrantTypeName>iwa:ntlm</GrantTypeName>
|
|
||||||
<GrantTypeHandlerImplClass>org.wso2.carbon.identity.oauth2.token.handlers.grant.iwa.ntlm.NTLMAuthenticationGrantHandler</GrantTypeHandlerImplClass>
|
|
||||||
</SupportedGrantType>
|
|
||||||
</SupportedGrantTypes>
|
|
||||||
<OAuthCallbackHandlers>
|
|
||||||
<OAuthCallbackHandler Class="org.wso2.carbon.apimgt.keymgt.util.APIManagerOAuthCallbackHandler"/>
|
|
||||||
</OAuthCallbackHandlers>
|
|
||||||
<OAuthScopeValidator class="org.wso2.carbon.identity.oauth2.validators.JDBCScopeValidator"/>
|
|
||||||
|
|
||||||
<!-- Add custom user headers to the response-->
|
|
||||||
<!--<RequiredRespHeaderClaimUris>
|
|
||||||
<ClaimUri>http://wso2.org/claims/emailaddress</ClaimUri>
|
|
||||||
<ClaimUri>http://wso2.org/claims/gender</ClaimUri>
|
|
||||||
</RequiredRespHeaderClaimUris>-->
|
|
||||||
|
|
||||||
<!-- Enable/Disable OAuth Caching-->
|
|
||||||
<!--<EnableCache>true</EnableCache>-->
|
|
||||||
|
|
||||||
<!-- Assertions can be used to embedd parameters into access token.-->
|
|
||||||
<EnableAssertions>
|
|
||||||
<UserName>false</UserName>
|
|
||||||
</EnableAssertions>
|
|
||||||
|
|
||||||
<!-- This should be set to true when using multiple user stores and keys should saved
|
|
||||||
into different tables according to the user store. By default all the application keys are saved in to the same table.
|
|
||||||
UserName Assertion should be 'true' to use this.-->
|
|
||||||
<EnableAccessTokenPartitioning>false</EnableAccessTokenPartitioning>
|
|
||||||
|
|
||||||
<!-- user store domain names and mappings to new table names.
|
|
||||||
eg: if you provide 'A:foo.com', foo.com should be the user store domain name and 'A' represent the relavant mapping of
|
|
||||||
token storing table, i.e. tokens relevant to the users comming from foo.com user store will be added to a table called
|
|
||||||
IDN_OAUTH2_ACCESS_TOKEN_A. -->
|
|
||||||
<AccessTokenPartitioningDomains><!-- A:foo.com, B:bar.com --></AccessTokenPartitioningDomains>
|
|
||||||
|
|
||||||
<AuthorizationContextTokenGeneration>
|
|
||||||
<Enabled>false</Enabled>
|
|
||||||
<TokenGeneratorImplClass>org.wso2.carbon.identity.oauth2.authcontext.JWTTokenGenerator</TokenGeneratorImplClass>
|
|
||||||
<ClaimsRetrieverImplClass>org.wso2.carbon.identity.oauth2.authcontext.DefaultClaimsRetriever</ClaimsRetrieverImplClass>
|
|
||||||
<ConsumerDialectURI>http://wso2.org/claims</ConsumerDialectURI>
|
|
||||||
<SignatureAlgorithm>SHA256withRSA</SignatureAlgorithm>
|
|
||||||
<AuthorizationContextTTL>15</AuthorizationContextTTL>
|
|
||||||
</AuthorizationContextTokenGeneration>
|
|
||||||
|
|
||||||
<SAML2Grant>
|
|
||||||
<!--SAML2TokenHandler></SAML2TokenHandler-->
|
|
||||||
</SAML2Grant>
|
|
||||||
|
|
||||||
<!-- Primary/secondary login configuration for APIstore. If user likes to keep two login attributes in a distributed setup, to login the APIstore,
|
|
||||||
he should configure this section. Primary login doesn't have a claimUri associated with it. But secondary login, which is a claim attribute,
|
|
||||||
is associated with a claimuri.-->
|
|
||||||
<!-- <LoginConfig>
|
|
||||||
<UserIdLogin primary="true">
|
|
||||||
<ClaimUri></ClaimUri>
|
|
||||||
</UserIdLogin>
|
|
||||||
<EmailLogin primary="false">
|
|
||||||
<ClaimUri>http://wso2.org/claims/emailaddress</ClaimUri>
|
|
||||||
</EmailLogin>
|
|
||||||
</LoginConfig>-->
|
|
||||||
</OAuth>
|
|
||||||
|
|
||||||
<MultifactorAuthentication>
|
|
||||||
<XMPPSettings>
|
|
||||||
<XMPPConfig>
|
|
||||||
<XMPPProvider>gtalk</XMPPProvider>
|
|
||||||
<XMPPServer>talk.google.com</XMPPServer>
|
|
||||||
<XMPPPort>5222</XMPPPort>
|
|
||||||
<XMPPExt>gmail.com</XMPPExt>
|
|
||||||
<XMPPUserName>multifactor1@gmail.com</XMPPUserName>
|
|
||||||
<XMPPPassword>wso2carbon</XMPPPassword>
|
|
||||||
</XMPPConfig>
|
|
||||||
</XMPPSettings>
|
|
||||||
</MultifactorAuthentication>
|
|
||||||
|
|
||||||
<SSOService>
|
|
||||||
<IdentityProviderURL>https://localhost:9443/samlsso</IdentityProviderURL>
|
|
||||||
</SSOService>
|
|
||||||
|
|
||||||
<EntitlementSettings>
|
|
||||||
<!-- Uncomment this to enable on-demand policy loading -->
|
|
||||||
<!--OnDemandPolicyLoading>
|
|
||||||
<Enable>true</Enable>
|
|
||||||
<MaxInMemoryPolicies>100</MaxInMemoryPolicies>
|
|
||||||
</OnDemandPolicyLoading-->
|
|
||||||
<DecisionCaching>
|
|
||||||
<Enable>true</Enable>
|
|
||||||
<CachingInterval>36000</CachingInterval>
|
|
||||||
</DecisionCaching>
|
|
||||||
<AttributeCaching>
|
|
||||||
<Enable>true</Enable>
|
|
||||||
</AttributeCaching>
|
|
||||||
<ThirftBasedEntitlementConfig>
|
|
||||||
<EnableThriftService>true</EnableThriftService>
|
|
||||||
<ReceivePort>${Ports.ThriftEntitlementReceivePort}</ReceivePort>
|
|
||||||
<ClientTimeout>10000</ClientTimeout>
|
|
||||||
<KeyStore>
|
|
||||||
<Location>${carbon.home}/repository/resources/security/wso2carbon.jks</Location>
|
|
||||||
<Password>wso2carbon</Password>
|
|
||||||
</KeyStore>
|
|
||||||
</ThirftBasedEntitlementConfig>
|
|
||||||
</EntitlementSettings>
|
|
||||||
|
|
||||||
<!--To do OSGI invocations to OAuth2Service,when the entire server is in one JVM -->
|
|
||||||
<SeparateBackEnd>false</SeparateBackEnd>
|
|
||||||
</Server>
|
|
||||||
@ -0,0 +1,359 @@
|
|||||||
|
<?xml version="1.0" encoding="UTF-8"?>
|
||||||
|
|
||||||
|
<!--
|
||||||
|
~ Copyright (c) 2015, WSO2 Inc. (http://www.wso2.org) All Rights Reserved.
|
||||||
|
~
|
||||||
|
~ Licensed under the Apache License, Version 2.0 (the "License");
|
||||||
|
~ you may not use this file except in compliance with the License.
|
||||||
|
~ You may obtain a copy of the License at
|
||||||
|
~
|
||||||
|
~ http://www.apache.org/licenses/LICENSE-2.0
|
||||||
|
~
|
||||||
|
~ Unless required by applicable law or agreed to in writing, software
|
||||||
|
~ distributed under the License is distributed on an "AS IS" BASIS,
|
||||||
|
~ WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
|
||||||
|
~ See the License for the specific language governing permissions and
|
||||||
|
~ limitations under the License.
|
||||||
|
-->
|
||||||
|
|
||||||
|
<Server xmlns="http://wso2.org/projects/carbon/carbon.xml">
|
||||||
|
<JDBCPersistenceManager>
|
||||||
|
<DataSource>
|
||||||
|
<!-- Include a data source name (jndiConfigName) from the set of data
|
||||||
|
sources defined in master-datasources.xml -->
|
||||||
|
<Name>jdbc/WSO2AM_DB</Name>
|
||||||
|
</DataSource>
|
||||||
|
<!-- If the identity database is created from another place and if it is
|
||||||
|
required to skip schema initialization during the server start up, set the
|
||||||
|
following property to "true". -->
|
||||||
|
<!-- <SkipDBSchemaCreation>false</SkipDBSchemaCreation> -->
|
||||||
|
<!--SessionDataPersist>
|
||||||
|
<Enable>true</Enable>
|
||||||
|
<EnableCleanUp>true</EnableCleanUp>
|
||||||
|
<Temporary>false</Temporary-->
|
||||||
|
<!--/SessionDataPersist-->
|
||||||
|
</JDBCPersistenceManager>
|
||||||
|
<!-- Time configurations are in minutes -->
|
||||||
|
<TimeConfig>
|
||||||
|
<SessionIdleTimeout>15</SessionIdleTimeout>
|
||||||
|
<RememberMeTimeout>20160</RememberMeTimeout>
|
||||||
|
<PersistanceCleanUpTimeout>20160</PersistanceCleanUpTimeout>
|
||||||
|
<PersistanceCleanUpPeriod>1140</PersistanceCleanUpPeriod>
|
||||||
|
</TimeConfig>
|
||||||
|
<!-- Security configurations -->
|
||||||
|
<Security>
|
||||||
|
<!-- The directory under which all other KeyStore files will be stored -->
|
||||||
|
<KeyStoresDir>${carbon.home}/conf/keystores</KeyStoresDir>
|
||||||
|
</Security>
|
||||||
|
<Identity>
|
||||||
|
<IssuerPolicy>SelfAndManaged</IssuerPolicy>
|
||||||
|
<TokenValidationPolicy>CertValidate</TokenValidationPolicy>
|
||||||
|
<BlackList/>
|
||||||
|
<WhiteList/>
|
||||||
|
<System>
|
||||||
|
<KeyStore/>
|
||||||
|
<StorePass/>
|
||||||
|
</System>
|
||||||
|
</Identity>
|
||||||
|
<OpenID>
|
||||||
|
<!--
|
||||||
|
Default values for OpenIDServerUrl and OpenIDUSerPattern are built in following format
|
||||||
|
https://<HostName>:<MgtTrpProxyPort except 443>/<ProxyContextPath>/<context>
|
||||||
|
If above format doesn't satisfy uncomment the following configs and explicitly configure the values
|
||||||
|
-->
|
||||||
|
<!--OpenIDServerUrl>https://localhost:9443/openidserver</OpenIDServerUrl-->
|
||||||
|
<!--OpenIDUserPattern>https://localhost:9443/openid/</OpenIDUserPattern-->
|
||||||
|
<!-- If the users must be prompted for approval -->
|
||||||
|
<OpenIDSkipUserConsent>false</OpenIDSkipUserConsent>
|
||||||
|
<!-- Expiry time of the OpenID RememberMe token in minutes -->
|
||||||
|
<OpenIDRememberMeExpiry>7200</OpenIDRememberMeExpiry>
|
||||||
|
<!-- Multifactor Authentication configuration -->
|
||||||
|
<UseMultifactorAuthentication>false</UseMultifactorAuthentication>
|
||||||
|
<!-- To enable or disable openid dumb mode -->
|
||||||
|
<DisableOpenIDDumbMode>false</DisableOpenIDDumbMode>
|
||||||
|
<!-- remember me session timeout in seconds -->
|
||||||
|
<SessionTimeout>36000</SessionTimeout>
|
||||||
|
<!-- skips authentication if valid SAML2 Web SSO browser session available -->
|
||||||
|
<AcceptSAMLSSOLogin>false</AcceptSAMLSSOLogin>
|
||||||
|
<ClaimsRetrieverImplClass>org.wso2.carbon.identity.provider.openid.claims.DefaultClaimsRetriever
|
||||||
|
</ClaimsRetrieverImplClass>
|
||||||
|
<!--
|
||||||
|
OpenID private association store is configurable from following configs.
|
||||||
|
It includes two new replication stores,
|
||||||
|
i. OpenIDServerAssociationStore (Default association store)
|
||||||
|
ii. PrivateAssociationCryptoStore
|
||||||
|
iii. PrivateAssociationReplicationStore
|
||||||
|
-->
|
||||||
|
<!-- Specify full qualified class name of the class which going to use as private association store -->
|
||||||
|
<!--
|
||||||
|
<OpenIDPrivateAssociationStoreClass>org.wso2.carbon.identity.provider.openid.PrivateAssociationCryptoStore</OpenIDPrivateAssociationStoreClass>
|
||||||
|
-->
|
||||||
|
<!-- The exiration time (in minutes) for the OpenID association -->
|
||||||
|
<!--
|
||||||
|
<OpenIDAssociationExpiryTime>15</OpenIDAssociationExpiryTime>
|
||||||
|
-->
|
||||||
|
<!-- Configs specific to PrivateAssociationCryptoStore -->
|
||||||
|
<!-- Server secret. This value should be the same in all nodes in the cluster -->
|
||||||
|
<!--
|
||||||
|
<OpenIDPrivateAssociationServerKey>qewlj324lmasc</OpenIDPrivateAssociationServerKey>
|
||||||
|
-->
|
||||||
|
<!-- Configs specific to PrivateAssociationCryptoStore -->
|
||||||
|
<!-- This enable private association cleanup task which cleans expired private associations -->
|
||||||
|
<!--
|
||||||
|
<EnableOpenIDAssociationCleanupTask>true</EnableOpenIDAssociationCleanupTask>
|
||||||
|
-->
|
||||||
|
<!-- Time Period (in minutes) that cleanup task would run -->
|
||||||
|
<!--
|
||||||
|
<OpenIDAssociationCleanupPeriod>15</OpenIDAssociationCleanupPeriod>
|
||||||
|
-->
|
||||||
|
</OpenID>
|
||||||
|
<OAuth>
|
||||||
|
<AppInfoCacheTimeout>-1</AppInfoCacheTimeout>
|
||||||
|
<AuthorizationGrantCacheTimeout>-1</AuthorizationGrantCacheTimeout>
|
||||||
|
<SessionDataCacheTimeout>-1</SessionDataCacheTimeout>
|
||||||
|
<ClaimCacheTimeout>-1</ClaimCacheTimeout>
|
||||||
|
<!--
|
||||||
|
Default values for OAuth1RequestTokenUrl, OAuth1AccessTokenUrl, OAuth1AuthorizeUrl
|
||||||
|
OAuth2AuthzEPUrl, OAuth2TokenEPUrl and OAuth2UserInfoEPUrl are built in following format
|
||||||
|
https://<HostName>:<MgtTrpProxyPort except 443>/<ProxyContextPath>/<context>/<path>
|
||||||
|
If above format doesn't satisfy uncomment the following configs and explicitly configure the values
|
||||||
|
-->
|
||||||
|
<!--OAuth1RequestTokenUrl>https://localhost:9443/oauth/request-token</OAuth1RequestTokenUrl-->
|
||||||
|
<!--OAuth1AuthorizeUrl>https://localhost:9443/oauth/authorize-url</OAuth1AuthorizeUrl-->
|
||||||
|
<!--OAuth1AccessTokenUrl>https://localhost:9443/oauth/access-token</OAuth1AccessTokenUrl-->
|
||||||
|
<!--OAuth2AuthzEPUrl>https://localhost:9443/oauth2/authorize</OAuth2AuthzEPUrl-->
|
||||||
|
<!--OAuth2TokenEPUrl>https://localhost:9443/oauth2/token</OAuth2TokenEPUrl-->
|
||||||
|
<!--OAuth2UserInfoEPUrl>https://localhost:9443/oauth2/userinfo</OAuth2UserInfoEPUrl-->
|
||||||
|
<!--OIDCConsentPage>https://localhost:9443/authenticationendpoint/oauth2_consent.do</OIDCConsentPage-->
|
||||||
|
<!--OAuth2ConsentPage>https://localhost:9443/authenticationendpoint/oauth2_authz.do</OAuth2ConsentPage-->
|
||||||
|
<!-- Default validity period for Authorization Code in seconds -->
|
||||||
|
<AuthorizationCodeDefaultValidityPeriod>300</AuthorizationCodeDefaultValidityPeriod>
|
||||||
|
<!-- Default validity period for application access tokens in seconds -->
|
||||||
|
<AccessTokenDefaultValidityPeriod>3600</AccessTokenDefaultValidityPeriod>
|
||||||
|
<!-- Default validity period for user access tokens in seconds -->
|
||||||
|
<UserAccessTokenDefaultValidityPeriod>3600</UserAccessTokenDefaultValidityPeriod>
|
||||||
|
<!-- Validity period for refresh token -->
|
||||||
|
<RefreshTokenValidityPeriod>84600</RefreshTokenValidityPeriod>
|
||||||
|
<!-- Timestamp skew in seconds -->
|
||||||
|
<TimestampSkew>300</TimestampSkew>
|
||||||
|
<!-- Enable OAuth caching -->
|
||||||
|
<EnableOAuthCache>true</EnableOAuthCache>
|
||||||
|
<!-- Enable renewal of refresh token for refresh_token grant -->
|
||||||
|
<RenewRefreshTokenForRefreshGrant>true</RenewRefreshTokenForRefreshGrant>
|
||||||
|
<!-- Process the token before storing it in database, e.g. encrypting -->
|
||||||
|
<TokenPersistenceProcessor>org.wso2.carbon.identity.oauth.tokenprocessor.PlainTextPersistenceProcessor</TokenPersistenceProcessor>
|
||||||
|
<!-- Supported Client Authentication Methods -->
|
||||||
|
<ClientAuthHandlers>
|
||||||
|
<ClientAuthHandler Class="org.wso2.carbon.identity.oauth2.token.handlers.clientauth.BasicAuthClientAuthHandler">
|
||||||
|
<Property Name="StrictClientCredentialValidation">false</Property>
|
||||||
|
</ClientAuthHandler>
|
||||||
|
</ClientAuthHandlers>
|
||||||
|
<!-- Supported Response Types -->
|
||||||
|
<SupportedResponseTypes>
|
||||||
|
<SupportedResponseType>
|
||||||
|
<ResponseTypeName>token</ResponseTypeName>
|
||||||
|
<ResponseTypeHandlerImplClass>org.wso2.carbon.identity.oauth2.authz.handlers.TokenResponseTypeHandler</ResponseTypeHandlerImplClass>
|
||||||
|
</SupportedResponseType>
|
||||||
|
<SupportedResponseType>
|
||||||
|
<ResponseTypeName>code</ResponseTypeName>
|
||||||
|
<ResponseTypeHandlerImplClass>org.wso2.carbon.identity.oauth2.authz.handlers.CodeResponseTypeHandler</ResponseTypeHandlerImplClass>
|
||||||
|
</SupportedResponseType>
|
||||||
|
</SupportedResponseTypes>
|
||||||
|
<!-- Supported Grant Types -->
|
||||||
|
<SupportedGrantTypes>
|
||||||
|
<SupportedGrantType>
|
||||||
|
<GrantTypeName>authorization_code</GrantTypeName>
|
||||||
|
<GrantTypeHandlerImplClass>org.wso2.carbon.apimgt.keymgt.handlers.ExtendedAuthorizationCodeGrantHandler</GrantTypeHandlerImplClass>
|
||||||
|
</SupportedGrantType>
|
||||||
|
<SupportedGrantType>
|
||||||
|
<GrantTypeName>password</GrantTypeName>
|
||||||
|
<GrantTypeHandlerImplClass>org.wso2.carbon.apimgt.keymgt.handlers.ExtendedPasswordGrantHandler</GrantTypeHandlerImplClass>
|
||||||
|
</SupportedGrantType>
|
||||||
|
<SupportedGrantType>
|
||||||
|
<GrantTypeName>refresh_token</GrantTypeName>
|
||||||
|
<GrantTypeHandlerImplClass>org.wso2.carbon.identity.oauth2.token.handlers.grant.RefreshGrantHandler</GrantTypeHandlerImplClass>
|
||||||
|
</SupportedGrantType>
|
||||||
|
<SupportedGrantType>
|
||||||
|
<GrantTypeName>client_credentials</GrantTypeName>
|
||||||
|
<GrantTypeHandlerImplClass>org.wso2.carbon.apimgt.keymgt.handlers.ExtendedClientCredentialsGrantHandler</GrantTypeHandlerImplClass>
|
||||||
|
</SupportedGrantType>
|
||||||
|
<SupportedGrantType>
|
||||||
|
<GrantTypeName>urn:ietf:params:oauth:grant-type:saml2-bearer</GrantTypeName>
|
||||||
|
<GrantTypeHandlerImplClass>org.wso2.carbon.apimgt.keymgt.handlers.ExtendedSAML2BearerGrantHandler</GrantTypeHandlerImplClass>
|
||||||
|
</SupportedGrantType>
|
||||||
|
<SupportedGrantType>
|
||||||
|
<GrantTypeName>iwa:ntlm</GrantTypeName>
|
||||||
|
<GrantTypeHandlerImplClass>org.wso2.carbon.identity.oauth2.token.handlers.grant.iwa.ntlm.NTLMAuthenticationGrantHandler</GrantTypeHandlerImplClass>
|
||||||
|
</SupportedGrantType>
|
||||||
|
<SupportedGrantType>
|
||||||
|
<GrantTypeName>devicecloud</GrantTypeName>
|
||||||
|
<GrantTypeHandlerImplClass>org.wso2.carbon.devicemgt.grant.DeviceGrant</GrantTypeHandlerImplClass>
|
||||||
|
<GrantTypeValidatorImplClass>org.wso2.carbon.devicemgt.grant.DeviceGrantValidator</GrantTypeValidatorImplClass>
|
||||||
|
</SupportedGrantType>
|
||||||
|
</SupportedGrantTypes>
|
||||||
|
<OAuthCallbackHandlers>
|
||||||
|
<OAuthCallbackHandler Class="org.wso2.carbon.apimgt.keymgt.util.APIManagerOAuthCallbackHandler"/>
|
||||||
|
</OAuthCallbackHandlers>
|
||||||
|
<OAuthScopeValidator class="org.wso2.carbon.identity.oauth2.validators.JDBCScopeValidator"/>
|
||||||
|
<!--TokenValidators>
|
||||||
|
<TokenValidator type="bearer" class="org.wso2.carbon.identity.oauth2.validators.DefaultOAuth2TokenValidator"/>
|
||||||
|
</TokenValidators-->
|
||||||
|
<!-- Assertions can be used to embedd parameters into access token. -->
|
||||||
|
<EnableAssertions>
|
||||||
|
<UserName>false</UserName>
|
||||||
|
</EnableAssertions>
|
||||||
|
<!-- This should be set to true when using multiple user stores and keys
|
||||||
|
should saved into different tables according to the user store. By default
|
||||||
|
all the application keys are saved in to the same table. UserName Assertion
|
||||||
|
should be 'true' to use this. -->
|
||||||
|
<EnableAccessTokenPartitioning>false</EnableAccessTokenPartitioning>
|
||||||
|
<!-- user store domain names and mapping to new table name. eg: if you
|
||||||
|
provide 'A:foo.com', foo.com should be the user store domain name and 'A'
|
||||||
|
represent the relavant mapping of token store table, i.e. tokens will be
|
||||||
|
added to a table called IDN_OAUTH2_ACCESS_TOKEN_A. -->
|
||||||
|
<AccessTokenPartitioningDomains>
|
||||||
|
<!-- A:foo.com, B:bar.com -->
|
||||||
|
</AccessTokenPartitioningDomains>
|
||||||
|
<AuthorizationContextTokenGeneration>
|
||||||
|
<Enabled>false</Enabled>
|
||||||
|
<TokenGeneratorImplClass>org.wso2.carbon.identity.oauth2.authcontext.JWTTokenGenerator</TokenGeneratorImplClass>
|
||||||
|
<ClaimsRetrieverImplClass>org.wso2.carbon.identity.oauth2.authcontext.DefaultClaimsRetriever</ClaimsRetrieverImplClass>
|
||||||
|
<ConsumerDialectURI>http://wso2.org/claims</ConsumerDialectURI>
|
||||||
|
<SignatureAlgorithm>SHA256withRSA</SignatureAlgorithm>
|
||||||
|
<AuthorizationContextTTL>15</AuthorizationContextTTL>
|
||||||
|
</AuthorizationContextTokenGeneration>
|
||||||
|
<SAML2Grant>
|
||||||
|
<!--SAML2TokenHandler></SAML2TokenHandler-->
|
||||||
|
</SAML2Grant>
|
||||||
|
<OpenIDConnect>
|
||||||
|
<IDTokenBuilder>org.wso2.carbon.identity.openidconnect.DefaultIDTokenBuilder</IDTokenBuilder>
|
||||||
|
<!--
|
||||||
|
Default value for IDTokenIssuerID, is OAuth2TokenEPUrl.
|
||||||
|
If that doesn't satisfy uncomment the following config and explicitly configure the value
|
||||||
|
-->
|
||||||
|
<!--IDTokenIssuerID>https://localhost:9443/oauth2/token</IDTokenIssuerID-->
|
||||||
|
<IDTokenSubjectClaim>http://wso2.org/claims/givenname</IDTokenSubjectClaim>
|
||||||
|
<IDTokenCustomClaimsCallBackHandler>org.wso2.carbon.identity.openidconnect.SAMLAssertionClaimsCallback</IDTokenCustomClaimsCallBackHandler>
|
||||||
|
<IDTokenExpiration>3600</IDTokenExpiration>
|
||||||
|
<UserInfoEndpointClaimDialect>http://wso2.org/claims</UserInfoEndpointClaimDialect>
|
||||||
|
<UserInfoEndpointClaimRetriever>org.wso2.carbon.identity.oauth.endpoint.user.impl.UserInfoUserStoreClaimRetriever</UserInfoEndpointClaimRetriever>
|
||||||
|
<UserInfoEndpointRequestValidator>org.wso2.carbon.identity.oauth.endpoint.user.impl.UserInforRequestDefaultValidator</UserInfoEndpointRequestValidator>
|
||||||
|
<UserInfoEndpointAccessTokenValidator>org.wso2.carbon.identity.oauth.endpoint.user.impl.UserInfoISAccessTokenValidator</UserInfoEndpointAccessTokenValidator>
|
||||||
|
<UserInfoEndpointResponseBuilder>org.wso2.carbon.identity.oauth.endpoint.user.impl.UserInfoJSONResponseBuilder</UserInfoEndpointResponseBuilder>
|
||||||
|
<SkipUserConsent>false</SkipUserConsent>
|
||||||
|
</OpenIDConnect>
|
||||||
|
</OAuth>
|
||||||
|
<MultifactorAuthentication>
|
||||||
|
<!--Enable>false</Enable-->
|
||||||
|
<XMPPSettings>
|
||||||
|
<XMPPConfig>
|
||||||
|
<XMPPProvider>gtalk</XMPPProvider>
|
||||||
|
<XMPPServer>talk.google.com</XMPPServer>
|
||||||
|
<XMPPPort>5222</XMPPPort>
|
||||||
|
<XMPPExt>gmail.com</XMPPExt>
|
||||||
|
<XMPPUserName>multifactor1@gmail.com</XMPPUserName>
|
||||||
|
<XMPPPassword>wso2carbon</XMPPPassword>
|
||||||
|
</XMPPConfig>
|
||||||
|
</XMPPSettings>
|
||||||
|
</MultifactorAuthentication>
|
||||||
|
<SSOService>
|
||||||
|
<PersistanceCacheTimeout>157680000</PersistanceCacheTimeout>
|
||||||
|
<SessionIndexCacheTimeout>157680000</SessionIndexCacheTimeout>
|
||||||
|
<EntityId>localhost</EntityId>
|
||||||
|
<!--
|
||||||
|
Default value for IdentityProviderURL is built in following format
|
||||||
|
https://<HostName>:<MgtTrpProxyPort except 443>/<ProxyContextPath>/samlsso
|
||||||
|
If that doesn't satisfy uncomment the following config and explicitly configure the value
|
||||||
|
-->
|
||||||
|
<!--IdentityProviderURL>https://localhost:9443/samlsso</IdentityProviderURL-->
|
||||||
|
<SingleLogoutRetryCount>5</SingleLogoutRetryCount>
|
||||||
|
<SingleLogoutRetryInterval>60000</SingleLogoutRetryInterval>
|
||||||
|
<!-- in milli seconds -->
|
||||||
|
<TenantPartitioningEnabled>false</TenantPartitioningEnabled>
|
||||||
|
<SessionTimeout>36000</SessionTimeout>
|
||||||
|
<!-- remember me session timeout in seconds -->
|
||||||
|
<!-- skips authentication if valid SAML2 Web SSO browser session available -->
|
||||||
|
<AttributeStatementBuilder>org.wso2.carbon.identity.sso.saml.attributes.UserAttributeStatementBuilder</AttributeStatementBuilder>
|
||||||
|
<AttributesClaimDialect>http://wso2.org/claims</AttributesClaimDialect>
|
||||||
|
<AcceptOpenIDLogin>false</AcceptOpenIDLogin>
|
||||||
|
<ClaimsRetrieverImplClass>org.wso2.carbon.identity.sso.saml.builders.claims.DefaultClaimsRetriever</ClaimsRetrieverImplClass>
|
||||||
|
<SAMLSSOAssertionBuilder>org.wso2.carbon.identity.sso.saml.builders.assertion.DefaultSAMLAssertionBuilder</SAMLSSOAssertionBuilder>
|
||||||
|
<SAMLSSOEncrypter>org.wso2.carbon.identity.sso.saml.builders.encryption.DefaultSSOEncrypter</SAMLSSOEncrypter>
|
||||||
|
<SAMLSSOSigner>org.wso2.carbon.identity.sso.saml.builders.signature.DefaultSSOSigner</SAMLSSOSigner>
|
||||||
|
<SAML2HTTPRedirectSignatureValidator>org.wso2.carbon.identity.sso.saml.validators.SAML2HTTPRedirectDeflateSignatureValidator</SAML2HTTPRedirectSignatureValidator>
|
||||||
|
<!--SAMLSSOResponseBuilder>org.wso2.carbon.identity.sso.saml.builders.DefaultResponseBuilder</SAMLSSOResponseBuilder-->
|
||||||
|
<!-- SAML Token validity period in minutes -->
|
||||||
|
<SAMLResponseValidityPeriod>5</SAMLResponseValidityPeriod>
|
||||||
|
<UseAuthenticatedUserDomainCrypto>false</UseAuthenticatedUserDomainCrypto>
|
||||||
|
<SAMLDefaultSigningAlgorithmURI>http://www.w3.org/2000/09/xmldsig#rsa-sha1</SAMLDefaultSigningAlgorithmURI>
|
||||||
|
<SAMLDefaultDigestAlgorithmURI>http://www.w3.org/2000/09/xmldsig#sha1</SAMLDefaultDigestAlgorithmURI>
|
||||||
|
</SSOService>
|
||||||
|
<SecurityTokenService>
|
||||||
|
<!--
|
||||||
|
Default value for IdentityProviderURL is built in following format
|
||||||
|
https://<HostName>:<MgtTrpProxyPort except 443>/<ProxyContextPath>/services/wso2carbon-sts
|
||||||
|
If that doesn't satisfy uncomment the following config and explicitly configure the value
|
||||||
|
-->
|
||||||
|
<!--IdentityProviderURL>https://localhost:9443/services/wso2carbon-sts</IdentityProviderURL-->
|
||||||
|
</SecurityTokenService>
|
||||||
|
<PassiveSTS>
|
||||||
|
<!--
|
||||||
|
Default value for IdentityProviderURL is built in following format
|
||||||
|
https://<HostName>:<MgtTrpProxyPort except 443>/<ProxyContextPath>/passivests
|
||||||
|
If that doesn't satisfy uncomment the following config and explicitly configure the value
|
||||||
|
-->
|
||||||
|
<!--IdentityProviderURL>https://localhost:9443/passivests</IdentityProviderURL-->
|
||||||
|
</PassiveSTS>
|
||||||
|
<EntitlementSettings>
|
||||||
|
<ThirftBasedEntitlementConfig>
|
||||||
|
<EnableThriftService>false</EnableThriftService>
|
||||||
|
<ReceivePort>${Ports.ThriftEntitlementReceivePort}</ReceivePort>
|
||||||
|
<ClientTimeout>10000</ClientTimeout>
|
||||||
|
<KeyStore>
|
||||||
|
<Location>${carbon.home}/repository/resources/security/wso2carbon.jks</Location>
|
||||||
|
<Password>wso2carbon</Password>
|
||||||
|
</KeyStore>
|
||||||
|
<!-- Enable this element to mention the host-name of your IS machine -->
|
||||||
|
<ThriftHostName>localhost</ThriftHostName>
|
||||||
|
</ThirftBasedEntitlementConfig>
|
||||||
|
</EntitlementSettings>
|
||||||
|
<SCIM>
|
||||||
|
<!--
|
||||||
|
Default value for UserEPUrl and GroupEPUrl are built in following format
|
||||||
|
https://<HostName>:<MgtTrpProxyPort except 443>/<ProxyContextPath>/<context>/<path>
|
||||||
|
If that doesn't satisfy uncomment the following config and explicitly configure the value
|
||||||
|
-->
|
||||||
|
<!--UserEPUrl>https://localhost:9443/wso2/scim/Users</UserEPUrl-->
|
||||||
|
<!--GroupEPUrl>https://localhost:9443/wso2/scim/Groups</GroupEPUrl-->
|
||||||
|
<SCIMAuthenticators>
|
||||||
|
<Authenticator class="org.wso2.carbon.identity.scim.provider.auth.BasicAuthHandler">
|
||||||
|
<Property name="Priority">5</Property>
|
||||||
|
</Authenticator>
|
||||||
|
<Authenticator class="org.wso2.carbon.identity.scim.provider.auth.OAuthHandler">
|
||||||
|
<Property name="Priority">10</Property>
|
||||||
|
<Property name="AuthorizationServer">local://services</Property>
|
||||||
|
<!--Property name="AuthorizationServer">https://localhost:9443/services</Property>
|
||||||
|
<Property name="UserName">admin</Property>
|
||||||
|
<Property name="Password">admin</Property-->
|
||||||
|
</Authenticator>
|
||||||
|
</SCIMAuthenticators>
|
||||||
|
</SCIM>
|
||||||
|
<!--SessionContextCache>
|
||||||
|
<Enable>true</Enable>
|
||||||
|
<Capacity>100000</Capacity>
|
||||||
|
</SessionContextCache-->
|
||||||
|
<EventListeners>
|
||||||
|
<EventListener enable="true"
|
||||||
|
name="org.wso2.carbon.user.mgt.workflow.userstore.UserStoreActionListener"
|
||||||
|
orderId="10" type="org.wso2.carbon.user.core.listener.UserOperationEventListener"/>
|
||||||
|
<EventListener enable="false"
|
||||||
|
name="org.wso2.carbon.identity.mgt.IdentityMgtEventListener"
|
||||||
|
orderId="50" type="org.wso2.carbon.user.core.listener.UserOperationEventListener"/>
|
||||||
|
<EventListener enable="false"
|
||||||
|
name="org.wso2.carbon.identity.oauth.listener.IdentityOathEventListener"
|
||||||
|
orderId="60" type="org.wso2.carbon.user.core.listener.UserOperationEventListener"/>
|
||||||
|
<EventListener enable="false"
|
||||||
|
name="org.wso2.carbon.identity.provider.openid.listener.IdentityOpenIDUserEventListener"
|
||||||
|
orderId="70" type="org.wso2.carbon.user.core.listener.UserOperationEventListener"/>
|
||||||
|
</EventListeners>
|
||||||
|
</Server>
|
||||||
340
modules/samples/firealarm/src/org.wso2.carbon.device.mgt.iot.sample.firealarm.service.impl/src/main/java/org/wso2/carbon/device/mgt/iot/sample/firealarm/service/impl/FireAlarmControllerService.java → modules/samples/firealarm/src/org.wso2.carbon.device.mgt.iot.sample.firealarm.service.impl/src/main/java/org/wso2/carbon/device/mgt/iot/sample/firealarm/service/impl/FireAlarmService.java
340
modules/samples/firealarm/src/org.wso2.carbon.device.mgt.iot.sample.firealarm.service.impl/src/main/java/org/wso2/carbon/device/mgt/iot/sample/firealarm/service/impl/FireAlarmControllerService.java → modules/samples/firealarm/src/org.wso2.carbon.device.mgt.iot.sample.firealarm.service.impl/src/main/java/org/wso2/carbon/device/mgt/iot/sample/firealarm/service/impl/FireAlarmService.java
@ -1,350 +0,0 @@
|
|||||||
/*
|
|
||||||
* Copyright (c) 2014, WSO2 Inc. (http://www.wso2.org) All Rights Reserved.
|
|
||||||
*
|
|
||||||
* Licensed under the Apache License, Version 2.0 (the "License");
|
|
||||||
* you may not use this file except in compliance with the License.
|
|
||||||
* You may obtain a copy of the License at
|
|
||||||
*
|
|
||||||
* http://www.apache.org/licenses/LICENSE-2.0
|
|
||||||
*
|
|
||||||
* Unless required by applicable law or agreed to in writing, software
|
|
||||||
* distributed under the License is distributed on an "AS IS" BASIS,
|
|
||||||
* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
|
|
||||||
* See the License for the specific language governing permissions and
|
|
||||||
* limitations under the License.
|
|
||||||
*/
|
|
||||||
|
|
||||||
package org.wso2.carbon.device.mgt.iot.sample.virtual.firealarm.service.impl;
|
|
||||||
|
|
||||||
|
|
||||||
import org.apache.commons.logging.Log;
|
|
||||||
import org.apache.commons.logging.LogFactory;
|
|
||||||
import org.wso2.carbon.device.mgt.common.Device;
|
|
||||||
import org.wso2.carbon.device.mgt.common.DeviceIdentifier;
|
|
||||||
import org.wso2.carbon.device.mgt.common.DeviceManagementException;
|
|
||||||
import org.wso2.carbon.device.mgt.common.EnrolmentInfo;
|
|
||||||
import org.wso2.carbon.device.mgt.iot.common.DeviceManagement;
|
|
||||||
import org.wso2.carbon.device.mgt.iot.common.apimgt.AccessTokenInfo;
|
|
||||||
import org.wso2.carbon.device.mgt.iot.common.apimgt.TokenClient;
|
|
||||||
import org.wso2.carbon.device.mgt.iot.common.controlqueue.xmpp.XmppAccount;
|
|
||||||
import org.wso2.carbon.device.mgt.iot.common.controlqueue.xmpp.XmppConfig;
|
|
||||||
import org.wso2.carbon.device.mgt.iot.common.controlqueue.xmpp.XmppServerClient;
|
|
||||||
import org.wso2.carbon.device.mgt.iot.common.exception.AccessTokenException;
|
|
||||||
import org.wso2.carbon.device.mgt.iot.common.exception.DeviceControllerException;
|
|
||||||
import org.wso2.carbon.device.mgt.iot.common.util.ZipArchive;
|
|
||||||
import org.wso2.carbon.device.mgt.iot.common.util.ZipUtil;
|
|
||||||
import org.wso2.carbon.device.mgt.iot.sample.virtual.firealarm.plugin.constants
|
|
||||||
.VirtualFireAlarmConstants;
|
|
||||||
|
|
||||||
import javax.servlet.http.HttpServletResponse;
|
|
||||||
import javax.ws.rs.Consumes;
|
|
||||||
import javax.ws.rs.DELETE;
|
|
||||||
import javax.ws.rs.GET;
|
|
||||||
import javax.ws.rs.POST;
|
|
||||||
import javax.ws.rs.PUT;
|
|
||||||
import javax.ws.rs.Path;
|
|
||||||
import javax.ws.rs.PathParam;
|
|
||||||
import javax.ws.rs.Produces;
|
|
||||||
import javax.ws.rs.QueryParam;
|
|
||||||
import javax.ws.rs.core.Context;
|
|
||||||
import javax.ws.rs.core.Response;
|
|
||||||
import java.nio.ByteBuffer;
|
|
||||||
import java.nio.charset.StandardCharsets;
|
|
||||||
import java.util.ArrayList;
|
|
||||||
import java.util.Date;
|
|
||||||
import java.util.List;
|
|
||||||
import java.util.UUID;
|
|
||||||
|
|
||||||
//@Path("/VirtualFireAlarmDeviceManager")
|
|
||||||
public class VirtualFireAlarmManagerService {
|
|
||||||
|
|
||||||
private static Log log = LogFactory.getLog(VirtualFireAlarmManagerService.class);
|
|
||||||
|
|
||||||
//TODO; replace this tenant domain
|
|
||||||
private final String SUPER_TENANT = "carbon.super";
|
|
||||||
@Context //injected response proxy supporting multiple thread
|
|
||||||
private HttpServletResponse response;
|
|
||||||
|
|
||||||
@Path("/device/register")
|
|
||||||
@PUT
|
|
||||||
public boolean register(@QueryParam("deviceId") String deviceId,
|
|
||||||
@QueryParam("name") String name, @QueryParam("owner") String owner) {
|
|
||||||
|
|
||||||
DeviceManagement deviceManagement = new DeviceManagement(SUPER_TENANT);
|
|
||||||
|
|
||||||
DeviceIdentifier deviceIdentifier = new DeviceIdentifier();
|
|
||||||
deviceIdentifier.setId(deviceId);
|
|
||||||
deviceIdentifier.setType(VirtualFireAlarmConstants.DEVICE_TYPE);
|
|
||||||
try {
|
|
||||||
if (deviceManagement.getDeviceManagementService().isEnrolled(deviceIdentifier)) {
|
|
||||||
response.setStatus(Response.Status.CONFLICT.getStatusCode());
|
|
||||||
return false;
|
|
||||||
}
|
|
||||||
|
|
||||||
Device device = new Device();
|
|
||||||
device.setDeviceIdentifier(deviceId);
|
|
||||||
EnrolmentInfo enrolmentInfo = new EnrolmentInfo();
|
|
||||||
|
|
||||||
enrolmentInfo.setDateOfEnrolment(new Date().getTime());
|
|
||||||
enrolmentInfo.setDateOfLastUpdate(new Date().getTime());
|
|
||||||
enrolmentInfo.setStatus(EnrolmentInfo.Status.ACTIVE);
|
|
||||||
enrolmentInfo.setOwnership(EnrolmentInfo.OwnerShip.BYOD);
|
|
||||||
|
|
||||||
device.setName(name);
|
|
||||||
device.setType(VirtualFireAlarmConstants.DEVICE_TYPE);
|
|
||||||
enrolmentInfo.setOwner(owner);
|
|
||||||
device.setEnrolmentInfo(enrolmentInfo);
|
|
||||||
boolean added = deviceManagement.getDeviceManagementService().enrollDevice(device);
|
|
||||||
|
|
||||||
if (added) {
|
|
||||||
response.setStatus(Response.Status.OK.getStatusCode());
|
|
||||||
} else {
|
|
||||||
response.setStatus(Response.Status.NOT_ACCEPTABLE.getStatusCode());
|
|
||||||
}
|
|
||||||
|
|
||||||
return added;
|
|
||||||
} catch (DeviceManagementException e) {
|
|
||||||
response.setStatus(Response.Status.INTERNAL_SERVER_ERROR.getStatusCode());
|
|
||||||
return false;
|
|
||||||
} finally {
|
|
||||||
deviceManagement.endTenantFlow();
|
|
||||||
}
|
|
||||||
}
|
|
||||||
|
|
||||||
@Path("/device/remove/{device_id}")
|
|
||||||
@DELETE
|
|
||||||
public void removeDevice(@PathParam("device_id") String deviceId,
|
|
||||||
@Context HttpServletResponse response) {
|
|
||||||
|
|
||||||
DeviceManagement deviceManagement = new DeviceManagement(SUPER_TENANT);
|
|
||||||
DeviceIdentifier deviceIdentifier = new DeviceIdentifier();
|
|
||||||
deviceIdentifier.setId(deviceId);
|
|
||||||
deviceIdentifier.setType(VirtualFireAlarmConstants.DEVICE_TYPE);
|
|
||||||
try {
|
|
||||||
boolean removed = deviceManagement.getDeviceManagementService().disenrollDevice(
|
|
||||||
deviceIdentifier);
|
|
||||||
if (removed) {
|
|
||||||
response.setStatus(Response.Status.OK.getStatusCode());
|
|
||||||
|
|
||||||
} else {
|
|
||||||
response.setStatus(Response.Status.NOT_ACCEPTABLE.getStatusCode());
|
|
||||||
|
|
||||||
}
|
|
||||||
} catch (DeviceManagementException e) {
|
|
||||||
response.setStatus(Response.Status.INTERNAL_SERVER_ERROR.getStatusCode());
|
|
||||||
} finally {
|
|
||||||
deviceManagement.endTenantFlow();
|
|
||||||
}
|
|
||||||
|
|
||||||
}
|
|
||||||
|
|
||||||
@Path("/device/update/{device_id}")
|
|
||||||
@POST
|
|
||||||
public boolean updateDevice(@PathParam("device_id") String deviceId,
|
|
||||||
@QueryParam("name") String name,
|
|
||||||
@Context HttpServletResponse response) {
|
|
||||||
|
|
||||||
DeviceManagement deviceManagement = new DeviceManagement(SUPER_TENANT);
|
|
||||||
|
|
||||||
DeviceIdentifier deviceIdentifier = new DeviceIdentifier();
|
|
||||||
deviceIdentifier.setId(deviceId);
|
|
||||||
deviceIdentifier.setType(VirtualFireAlarmConstants.DEVICE_TYPE);
|
|
||||||
try {
|
|
||||||
Device device = deviceManagement.getDeviceManagementService().getDevice(
|
|
||||||
deviceIdentifier);
|
|
||||||
device.setDeviceIdentifier(deviceId);
|
|
||||||
|
|
||||||
// device.setDeviceTypeId(deviceTypeId);
|
|
||||||
device.getEnrolmentInfo().setDateOfLastUpdate(new Date().getTime());
|
|
||||||
|
|
||||||
device.setName(name);
|
|
||||||
device.setType(VirtualFireAlarmConstants.DEVICE_TYPE);
|
|
||||||
|
|
||||||
boolean updated = deviceManagement.getDeviceManagementService().modifyEnrollment(
|
|
||||||
device);
|
|
||||||
|
|
||||||
if (updated) {
|
|
||||||
response.setStatus(Response.Status.OK.getStatusCode());
|
|
||||||
|
|
||||||
} else {
|
|
||||||
response.setStatus(Response.Status.NOT_ACCEPTABLE.getStatusCode());
|
|
||||||
|
|
||||||
}
|
|
||||||
return updated;
|
|
||||||
} catch (DeviceManagementException e) {
|
|
||||||
response.setStatus(Response.Status.INTERNAL_SERVER_ERROR.getStatusCode());
|
|
||||||
return false;
|
|
||||||
} finally {
|
|
||||||
deviceManagement.endTenantFlow();
|
|
||||||
}
|
|
||||||
|
|
||||||
}
|
|
||||||
|
|
||||||
@Path("/device/{device_id}")
|
|
||||||
@GET
|
|
||||||
@Consumes("application/json")
|
|
||||||
@Produces("application/json")
|
|
||||||
public Device getDevice(@PathParam("device_id") String deviceId) {
|
|
||||||
|
|
||||||
DeviceManagement deviceManagement = new DeviceManagement(SUPER_TENANT);
|
|
||||||
DeviceIdentifier deviceIdentifier = new DeviceIdentifier();
|
|
||||||
deviceIdentifier.setId(deviceId);
|
|
||||||
deviceIdentifier.setType(VirtualFireAlarmConstants.DEVICE_TYPE);
|
|
||||||
|
|
||||||
try {
|
|
||||||
return deviceManagement.getDeviceManagementService().getDevice(deviceIdentifier);
|
|
||||||
|
|
||||||
} catch (DeviceManagementException e) {
|
|
||||||
response.setStatus(Response.Status.INTERNAL_SERVER_ERROR.getStatusCode());
|
|
||||||
return null;
|
|
||||||
} finally {
|
|
||||||
deviceManagement.endTenantFlow();
|
|
||||||
}
|
|
||||||
|
|
||||||
}
|
|
||||||
|
|
||||||
@Path("/devices/{username}")
|
|
||||||
@GET
|
|
||||||
@Consumes("application/json")
|
|
||||||
@Produces("application/json")
|
|
||||||
public Device[] getFirealarmDevices(@PathParam("username") String username) {
|
|
||||||
|
|
||||||
DeviceManagement deviceManagement = new DeviceManagement(SUPER_TENANT);
|
|
||||||
|
|
||||||
try {
|
|
||||||
List<Device> userDevices =
|
|
||||||
deviceManagement.getDeviceManagementService().getDevicesOfUser(
|
|
||||||
username);
|
|
||||||
ArrayList<Device> userDevicesforFirealarm = new ArrayList<Device>();
|
|
||||||
for (Device device : userDevices) {
|
|
||||||
|
|
||||||
if (device.getType().equals(VirtualFireAlarmConstants.DEVICE_TYPE) &&
|
|
||||||
device.getEnrolmentInfo().getStatus().equals(
|
|
||||||
EnrolmentInfo.Status.ACTIVE)) {
|
|
||||||
userDevicesforFirealarm.add(device);
|
|
||||||
|
|
||||||
}
|
|
||||||
}
|
|
||||||
|
|
||||||
return userDevicesforFirealarm.toArray(new Device[]{});
|
|
||||||
} catch (DeviceManagementException e) {
|
|
||||||
response.setStatus(Response.Status.INTERNAL_SERVER_ERROR.getStatusCode());
|
|
||||||
return null;
|
|
||||||
} finally {
|
|
||||||
deviceManagement.endTenantFlow();
|
|
||||||
}
|
|
||||||
|
|
||||||
}
|
|
||||||
|
|
||||||
@Path("/device/{sketch_type}/download")
|
|
||||||
@GET
|
|
||||||
@Produces("application/octet-stream")
|
|
||||||
public Response downloadSketch(@QueryParam("owner") String owner,
|
|
||||||
@PathParam("sketch_type") String sketchType) {
|
|
||||||
|
|
||||||
ZipArchive zipFile = null;
|
|
||||||
try {
|
|
||||||
zipFile = createDownloadFile(owner, sketchType);
|
|
||||||
Response.ResponseBuilder rb = Response.ok(zipFile.getZipFile());
|
|
||||||
rb.header("Content-Disposition",
|
|
||||||
"attachment; filename=\"" + zipFile.getFileName() + "\"");
|
|
||||||
return rb.build();
|
|
||||||
} catch (IllegalArgumentException ex) {
|
|
||||||
return Response.status(400).entity(ex.getMessage()).build();//bad request
|
|
||||||
} catch (DeviceManagementException ex) {
|
|
||||||
return Response.status(500).entity(ex.getMessage()).build();
|
|
||||||
} catch (AccessTokenException ex) {
|
|
||||||
return Response.status(500).entity(ex.getMessage()).build();
|
|
||||||
} catch (DeviceControllerException ex) {
|
|
||||||
return Response.status(500).entity(ex.getMessage()).build();
|
|
||||||
}
|
|
||||||
|
|
||||||
}
|
|
||||||
|
|
||||||
@Path("/device/{sketch_type}/generate_link")
|
|
||||||
@GET
|
|
||||||
public Response generateSketchLink(@QueryParam("owner") String owner,
|
|
||||||
@PathParam("sketch_type") String sketchType) {
|
|
||||||
|
|
||||||
ZipArchive zipFile = null;
|
|
||||||
try {
|
|
||||||
zipFile = createDownloadFile(owner, sketchType);
|
|
||||||
Response.ResponseBuilder rb = Response.ok(zipFile.getDeviceId());
|
|
||||||
return rb.build();
|
|
||||||
} catch (IllegalArgumentException ex) {
|
|
||||||
return Response.status(400).entity(ex.getMessage()).build();//bad request
|
|
||||||
} catch (DeviceManagementException ex) {
|
|
||||||
return Response.status(500).entity(ex.getMessage()).build();
|
|
||||||
} catch (AccessTokenException ex) {
|
|
||||||
return Response.status(500).entity(ex.getMessage()).build();
|
|
||||||
} catch (DeviceControllerException ex) {
|
|
||||||
return Response.status(500).entity(ex.getMessage()).build();
|
|
||||||
}
|
|
||||||
|
|
||||||
}
|
|
||||||
|
|
||||||
private ZipArchive createDownloadFile(String owner, String sketchType)
|
|
||||||
throws DeviceManagementException, AccessTokenException, DeviceControllerException {
|
|
||||||
if (owner == null) {
|
|
||||||
throw new IllegalArgumentException("Error on createDownloadFile() Owner is null!");
|
|
||||||
}
|
|
||||||
|
|
||||||
//create new device id
|
|
||||||
String deviceId = shortUUID();
|
|
||||||
|
|
||||||
TokenClient accessTokenClient = new TokenClient(VirtualFireAlarmConstants.DEVICE_TYPE);
|
|
||||||
AccessTokenInfo accessTokenInfo = null;
|
|
||||||
|
|
||||||
accessTokenInfo = accessTokenClient.getAccessToken(owner, deviceId);
|
|
||||||
|
|
||||||
//create token
|
|
||||||
String accessToken = accessTokenInfo.getAccess_token();
|
|
||||||
String refreshToken = accessTokenInfo.getRefresh_token();
|
|
||||||
//adding registering data
|
|
||||||
|
|
||||||
XmppAccount newXmppAccount = new XmppAccount();
|
|
||||||
newXmppAccount.setAccountName(owner + "_" + deviceId);
|
|
||||||
newXmppAccount.setUsername(deviceId);
|
|
||||||
newXmppAccount.setPassword(accessToken);
|
|
||||||
newXmppAccount.setEmail(deviceId + "@wso2.com");
|
|
||||||
|
|
||||||
XmppServerClient xmppServerClient = new XmppServerClient();
|
|
||||||
xmppServerClient.initControlQueue();
|
|
||||||
boolean status;
|
|
||||||
if(XmppConfig.getInstance().isEnabled()) {
|
|
||||||
status = xmppServerClient.createXMPPAccount(newXmppAccount);
|
|
||||||
|
|
||||||
if (!status) {
|
|
||||||
String msg =
|
|
||||||
"XMPP Account was not created for device - " + deviceId + " of owner - " +
|
|
||||||
owner +
|
|
||||||
". XMPP might have been disabled in org.wso2.carbon.device.mgt.iot.common.config.server.configs";
|
|
||||||
log.warn(msg);
|
|
||||||
throw new DeviceManagementException(msg);
|
|
||||||
}
|
|
||||||
}
|
|
||||||
status = register(deviceId, owner + "s_" + sketchType + "_" + deviceId.substring(0,
|
|
||||||
3),
|
|
||||||
owner);
|
|
||||||
if (!status) {
|
|
||||||
String msg = "Error occurred while registering the device with " + "id: " + deviceId
|
|
||||||
+ " owner:" + owner;
|
|
||||||
throw new DeviceManagementException(msg);
|
|
||||||
}
|
|
||||||
|
|
||||||
|
|
||||||
ZipUtil ziputil = new ZipUtil();
|
|
||||||
ZipArchive zipFile = null;
|
|
||||||
|
|
||||||
zipFile = ziputil.downloadSketch(owner,SUPER_TENANT, sketchType, deviceId, accessToken, refreshToken);
|
|
||||||
zipFile.setDeviceId(deviceId);
|
|
||||||
return zipFile;
|
|
||||||
}
|
|
||||||
|
|
||||||
private static String shortUUID() {
|
|
||||||
UUID uuid = UUID.randomUUID();
|
|
||||||
long l = ByteBuffer.wrap(uuid.toString().getBytes(StandardCharsets.UTF_8)).getLong();
|
|
||||||
return Long.toString(l, Character.MAX_RADIX);
|
|
||||||
}
|
|
||||||
|
|
||||||
}
|
|
||||||
486
modules/samples/virtual_firealarm/src/org.wso2.carbon.device.mgt.iot.sample.virtual.firealarm.service.impl/src/main/java/org/wso2/carbon/device/mgt/iot/sample/virtual/firealarm/service/impl/VirtualFireAlarmControllerService.java → modules/samples/virtual_firealarm/src/org.wso2.carbon.device.mgt.iot.sample.virtual.firealarm.service.impl/src/main/java/org/wso2/carbon/device/mgt/iot/sample/virtual/firealarm/service/impl/VirtualFireAlarmService.java
486
modules/samples/virtual_firealarm/src/org.wso2.carbon.device.mgt.iot.sample.virtual.firealarm.service.impl/src/main/java/org/wso2/carbon/device/mgt/iot/sample/virtual/firealarm/service/impl/VirtualFireAlarmControllerService.java → modules/samples/virtual_firealarm/src/org.wso2.carbon.device.mgt.iot.sample.virtual.firealarm.service.impl/src/main/java/org/wso2/carbon/device/mgt/iot/sample/virtual/firealarm/service/impl/VirtualFireAlarmService.java
Loading…
Reference in new issue