Merge pull request #311 from susinda/master

Merge 3.1.0-test into master
application-manager-new
Susinda Perera 8 years ago committed by GitHub
commit f7fa4da7d2

@ -9,9 +9,12 @@
<property key="jobQueueSize">10000</property>
<property key="maximumHttpConnectionPerHost">2</property>
<property key="maximumTotalHttpConnection">100</property>
<property key="keymanagerUrl">https://${iot.keymanager.host}:${iot.keymanager.https.port}</property>
<property key="tokenValidationUrl">https://${iot.keymanager.host}:${iot.keymanager.https.port}</property>
<property key="username">admin</property>
<property key="password">admin</property>
<property key="tokenUrl">https://${iot.gateway.host}:${iot.gateway.https.port}/token</property>
<property key="deviceMgtServerUrl">https://${iot.gateway.host}:${iot.gateway.https.port}</property>
<property key="tokenRefreshTimeOffset">100</property>
</adapterConfig>
<adapterConfig type="oauth-mqtt">
@ -22,8 +25,9 @@
<property key="jobQueueSize">10000</property>
<property key="connectionKeepAliveInterval">60</property>
<property key="dcrUrl">https://${iot.keymanager.host}:${iot.keymanager.https.port}/client-registration/v0.11/register</property>
<property key="tokenUrl">https://${iot.gateway.host}:${iot.gateway.https.port}/token</property>
<property key="url">tcp://${mqtt.broker.host}:${mqtt.broker.port}</property>
<property key="username">admin</property>
<property key="password">admin</property>
</adapterConfig>]]></value>
</add>
</processor>

@ -12,6 +12,8 @@
<property key="dcrUrl">https://${iot.keymanager.host}:${iot.keymanager.https.port}/client-registration/v0.11/register</property>
<property key="tokenUrl">https://${iot.gateway.host}:${iot.gateway.https.port}/token</property>
<property key="url">tcp://${mqtt.broker.host}:${mqtt.broker.port}</property>
<property key="username">admin</property>
<property key="password">admin</property>
</adapterConfig>
<adapterConfig type="secured-websocket">
@ -22,7 +24,7 @@
<property key="jobQueueSize">10000</property>
<!--Authorizer holds the information of the authorizer that is used authorize a connection.-->
<property key="authenticator">org.wso2.carbon.device.mgt.output.adapter.websocket.authentication.OAuthAuthenticator</property>
<property key="keymanagerUrl">https://${iot.keymanager.host}:${iot.keymanager.https.port}</property>
<property key="tokenValidationUrl">https://${iot.keymanager.host}:${iot.keymanager.https.port}</property>
<property key="maximumHttpConnectionPerHost">2</property>
<property key="maximumTotalHttpConnection">100</property>
<property key="authorizer">org.wso2.carbon.device.mgt.output.adapter.websocket.authorization.DeviceAuthorizer</property>

@ -47,6 +47,9 @@
<exclude>**/repository/conf/security/cipher-text.properties</exclude>
<exclude>**/repository/conf/security/Owasp.CsrfGuard.Carbon.properties</exclude>
<exclude>**/repository/conf/security/cipher-tool.properties</exclude>
<exclude>**/repository/deployment/server/jaggeryapps/portal/modules/oauth/plugins/token-handler-utils.js</exclude>
<exclude>**/repository/deployment/server/jaggeryapps/portal/modules/oauth/plugins/token-handlers.js</exclude>
<exclude>**/repository/conf/security/authenticators.xml</exclude>
</excludes>
</fileSet>
<fileSet>
@ -402,6 +405,15 @@
<filtered>true</filtered>
<fileMode>644</fileMode>
</file>
<file>
<source>
src/repository/conf/security/authenticators.xml
</source>
<outputDirectory>${pom.artifactId}-${pom.version}/repository/conf/security/
</outputDirectory>
<filtered>true</filtered>
<fileMode>644</fileMode>
</file>
<!-- ************* tomcat webapp hosting related files end ********** -->
<!-- Event broker configuration for deployment sync -->
@ -723,10 +735,6 @@
<source>src/repository/conf/security/Owasp.CsrfGuard.Carbon.properties</source>
<outputDirectory>${pom.artifactId}-${pom.version}/repository/conf/security</outputDirectory>
</file>
<file>
<source>src/repository/conf/etc/jwt.properties</source>
<outputDirectory>${pom.artifactId}-${pom.version}/repository/conf/etc</outputDirectory>
</file>
<file>
<source>src/repository/conf/analytics/spark/spark-udf-config.xml</source>
<outputDirectory>${pom.artifactId}-${pom.version}/repository/conf/analytics/spark</outputDirectory>
@ -798,10 +806,25 @@
<filtered>true</filtered>
<fileMode>644</fileMode>
</file>
<file>
<source>src/repository/jaggeryapps/portal/modules/oauth/token-handler-utils.js</source>
<outputDirectory>
${pom.artifactId}-${pom.version}/repository/deployment/server/jaggeryapps/portal/modules/oauth
</outputDirectory>
<fileMode>755</fileMode>
</file>
<file>
<source>src/repository/jaggeryapps/portal/modules/oauth/token-handlers.js</source>
<outputDirectory>
${pom.artifactId}-${pom.version}/repository/deployment/server/jaggeryapps/portal/modules/oauth
</outputDirectory>
<fileMode>755</fileMode>
</file>
<!-- Adding IoT Analytics Dashboard and gadget CApps -->
<file>
<source>
../p2-profile-gen/target/wso2carbon-core-${carbon.kernel.version}/repository/deployment/server/carbonapps/org_wso2_carbon_analytics_cdmf-1.0.0.car
../p2-profile-gen/target/wso2carbon-core-${carbon.kernel.version}/repository/resources/devicetypes/device_management/org_wso2_carbon_analytics_cdmf-1.0.0.car
</source>
<outputDirectory>${pom.artifactId}-${pom.version}/repository/deployment/server/carbonapps/</outputDirectory>
<fileMode>644</fileMode>

@ -1,57 +0,0 @@
#
# Copyright (c) 2016, WSO2 Inc. (http://www.wso2.org) All Rights Reserved.
#
# WSO2 Inc. licenses this file to you under the Apache License,
# Version 2.0 (the "License"); you may not use this file except
# in compliance with the License.
# You may obtain a copy of the License at
#
# http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing,
# software distributed under the License is distributed on an
# "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
# KIND, either express or implied. See the License for the
# specific language governing permissions and limitations
# under the License.
#
#issuer of the JWT
iss=wso2.org/products/iot
TokenEndpoint=https://${iot.keymanager.host}:${iot.keymanager.https.port}/oauth2/token
#audience of JWT claim
#comma seperated values
aud=devicemgt
#expiration time of JWT (number of minutes from the current time)
exp=1000
#issued at time of JWT (number of minutes from the current time)
iat=0
#nbf time of JWT (number of minutes from current time)
nbf=0
#skew between IDP and issuer(seconds)
skew=0
# JWT Id
#jti=token123
#KeyStore to cryptographic credentials
#KeyStore=repository/resources/security/wso2carbon.jks
#Password of the KeyStore
#KeyStorePassword=wso2carbon
#Alias of the SP's private key
#PrivateKeyAlias=wso2carbon
#Private key password to retrieve the private key used to sign
#AuthnRequest and LogoutRequest messages
#PrivateKeyPassword=wso2carbon
#this will be used as the default IDP config if there isn't any config available for tenants.
default-jwt-client=true

@ -0,0 +1,78 @@
<?xml version="1.0" encoding="ISO-8859-1"?>
<!--
~ Copyright 2005-2011 WSO2, Inc. (http://wso2.com)
~
~ Licensed under the Apache License, Version 2.0 (the "License");
~ you may not use this file except in compliance with the License.
~ You may obtain a copy of the License at
~
~ http://www.apache.org/licenses/LICENSE-2.0
~
~ Unless required by applicable law or agreed to in writing, software
~ distributed under the License is distributed on an "AS IS" BASIS,
~ WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
~ See the License for the specific language governing permissions and
~ limitations under the License.
-->
<!--
This is the configuration file for Carbon authenticators. All the authenticator related configurations
should go here.
-->
<Authenticators xmlns="http://wso2.org/projects/carbon/authenticators.xml">
<!-- Authenticator Configurations for TokenUIAuthenticator -->
<Authenticator name="TokenUIAuthenticator" disabled="true">
<Priority>5</Priority>
</Authenticator>
<!-- Authenticator Configurations for SAML2SSOAuthenticator -->
<Authenticator name="SAML2SSOAuthenticator" disabled="true">
<Priority>10</Priority>
<Config>
<Parameter name="LoginPage">/carbon/admin/login.jsp</Parameter>
<Parameter name="ServiceProviderID">carbonServer</Parameter>
<Parameter name="IdentityProviderSSOServiceURL">https://localhost:9443/samlsso</Parameter>
<Parameter name="NameIDPolicyFormat">urn:oasis:names:tc:SAML:1.1:nameid-format:unspecified</Parameter>
<Parameter name="AssertionConsumerServiceURL">https://localhost:9443/acs</Parameter>
<!-- <Parameter name="IdPCertAlias">wso2carbon</Parameter> -->
<!-- <Parameter name="ResponseSignatureValidationEnabled">false</Parameter> -->
<!-- <Parameter name="AssertionSignatureValidationEnabled">false</Parameter> -->
<!-- <Parameter name="LoginAttributeName"></Parameter> -->
<!-- <Parameter name="RoleClaimAttribute"></Parameter> -->
<!-- <Parameter name="AttributeValueSeparator">,</Parameter> -->
<!-- <Parameter name="JITUserProvisioning">true</Parameter> -->
<!-- <Parameter name="ProvisioningDefaultUserstore">PRIMARY</Parameter> -->
<!-- <Parameter name="ProvisioningDefaultRole">admin</Parameter> -->
<!-- <Parameter name="IsSuperAdminRoleRequired">true</Parameter> -->
</Config>
<!-- If this authenticator should skip any URI from authentication, specify it under "SkipAuthentication"
<SkipAuthentication>
<UrlContains></UrlContains>
</SkipAuthentication> -->
<!-- If this authenticator should skip any URI from session validation, specify it under "SkipAuthentication
<SkipSessionValidation>
<UrlContains></UrlContains>
</SkipSessionValidation> -->
</Authenticator>
<Authenticator name="SignedJWTAuthenticator" disabled="false">
<Priority>5</Priority>
</Authenticator>
<!-- Authenticator Configurations for MutualSSLAuthenticator -->
<!--Authenticator name="MutualSSLAuthenticator" disabled="false">
<Priority>5</Priority>
<Config>
<Parameter name="UsernameHeader">UserName</Parameter>
<Parameter name="WhiteListEnabled">false</Parameter>
<Parameter name="WhiteList"/>
</Config>
</Authenticator-->
</Authenticators>

@ -0,0 +1,598 @@
/*
* Copyright (c) 2016, WSO2 Inc. (http://www.wso2.org) All Rights Reserved.
*
* WSO2 Inc. licenses this file to you under the Apache License,
* Version 2.0 (the "License"); you may not use this file except
* in compliance with the License.
* You may obtain a copy of the License at
*
* http://www.apache.org/licenses/LICENSE-2.0
*
* Unless required by applicable law or agreed to in writing,
* software distributed under the License is distributed on an
* "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND,
* either express or implied. See the License for the
* specific language governing permissions and limitations
* under the License.
*/
var utils = function () {
var log = new Log("/modules/oauth/token-handler-utils.js");
var configs = require('/configs/portal.js').config();
var constants = require("/modules/constants.js");
var carbon = require("carbon");
//noinspection JSUnresolvedVariable
var Base64 = Packages.org.apache.commons.codec.binary.Base64;
//noinspection JSUnresolvedVariable
var String = Packages.java.lang.String;
var publicMethods = {};
var privateMethods = {};
publicMethods["encode"] = function (payload) {
return String(Base64.encodeBase64(String(payload).getBytes()));
};
publicMethods["decode"] = function (payload) {
return String(Base64.decodeBase64(String(payload).getBytes()));
};
/**
* Check whether this application is oauth enable or not
* @returns boolean if oauth enable
*/
publicMethods["checkOAuthEnabled"] = function () {
if (constants.AUTHORIZATION_TYPE_OAUTH === configs["authorization"]["activeMethod"]) {
return true;
}
return false;
};
/**
* Set access token into xml http request header
* @param xhr xml http request
* @returns {*} xhr which has access token it's header
*/
publicMethods["setAccessToken"] = function (xhr, callback) {
var accessToken;
if (publicMethods.checkOAuthEnabled()) {
try {
accessToken = parse(session.get(constants.ACCESS_TOKEN_PAIR_IDENTIFIER_FOR_PORTAL))["accessToken"];
xhr.setRequestHeader(constants.AUTHORIZATION_HEADER, constants.BEARER_PREFIX + accessToken);
} catch (exception) {
log.error("Access token hasn't been set yet, " + exception);
} finally {
callback(xhr);
}
}
callback(xhr);
};
/**
* Get access token of current logged user
* @param callBack response with access token
*/
publicMethods["getAccessToken"] = function (callBack) {
var accessToken = null;
if (publicMethods.checkOAuthEnabled()) {
try {
accessToken = parse(session.get(constants.ACCESS_TOKEN_PAIR_IDENTIFIER_FOR_PORTAL))["accessToken"];
} catch (exception) {
log.error("Access token hasn't been set yet, " + exception);
} finally {
callBack(accessToken);
}
}
callBack(accessToken);
};
/**
* Create error message which adhere to xml http response object
* @param statusCode response status code
* @param status response status
* @param responseText response message
* @returns {{statusCode: *, status: *, responseText: *}}
*/
publicMethods["createXHRObject"] = function (statusCode, status, responseText) {
return {"statusCode": statusCode, "status": status, "responseText": responseText};
};
/**
* check whether user already logged to system before invoking any apis
* @param callBack
*/
publicMethods["isUserAuthorized"] = function (callBack) {
if (session.get("Loged") !== constants.LOGIN_MESSAGE) {
callBack(false);
} else {
callBack(true);
}
};
/**
* Get identity provider uir
* @returns {*}
*/
publicMethods["getIdPServerURL"] = function () {
return configs["authorization"]["methods"]["oauth"]["attributes"]["oauthProvider"]["tokenServiceURL"];
};
/**
* Get an Access token pair based on client secret
* @param encodedClientKeys {{clientId:"", clientSecret:""}}
* @param scope eg: PRODUCTION
* @param idPServer identity provider url
* @returns {{accessToken: *, refreshToken: *}}
*/
publicMethods["getTokenWithClientSecretType"] = function (encodedClientKeys, scope, idPServer) {
var xhr = new XMLHttpRequest();
var tokenEndpoint = idPServer;
xhr.open(constants.HTTP_POST, tokenEndpoint, false);
xhr.setRequestHeader(constants.CONTENT_TYPE_IDENTIFIER, constants.APPLICATION_X_WWW_FOR_URLENCODED);
xhr.setRequestHeader(constants.AUTHORIZATION_HEADER, constants.BASIC_PREFIX + encodedClientKeys);
xhr.send("grant_type=client_credentials&scope=" + scope);
var tokenPair = {};
if (xhr.status == constants.HTTP_ACCEPTED) {
var data = parse(xhr.responseText);
tokenPair.refreshToken = data.refresh_token;
tokenPair.accessToken = data.access_token;
} else if (xhr.status == constants.HTTP_USER_NOT_AUTHENTICATED) {
log.error("Error in obtaining token with client secret grant type, You are not authenticated yet");
return null;
} else {
log.error("Error in obtaining token with client secret grant type, This might be a problem with client meta " +
"data which required for client secret grant type");
return null;
}
return tokenPair;
};
/**
* This will create client id and client secret for a given application
* @param properties "callbackUrl": "",
* "clientName": "",
* "owner": "",
* "applicationType": "",
* "grantType": "",
* "saasApp" :"",
* "dynamicClientRegistrationEndPoint" : ""
*
* @returns {{clientId:*, clientSecret:*}}
*/
publicMethods["getDynamicClientAppCredentials"] = function (username) {
// setting up dynamic client application properties
var dcAppProperties = {
"applicationType": configs["authorization"]["methods"]["oauth"]["attributes"]["oauthProvider"]["appRegistration"]["appType"],
"clientName": configs["authorization"]["methods"]["oauth"]["attributes"]["oauthProvider"]["appRegistration"]["clientName"],
"owner": configs["authorization"]["methods"]["oauth"]["attributes"]["oauthProvider"]["appRegistration"]["owner"],
"tokenScope": configs["authorization"]["methods"]["oauth"]["attributes"]["oauthProvider"]["appRegistration"]["tokenScope"],
"grantType": configs["authorization"]["methods"]["oauth"]["attributes"]["oauthProvider"]["appRegistration"]["grantType"],
"callbackUrl": configs["authorization"]["methods"]["oauth"]["attributes"]["oauthProvider"]["appRegistration"]["callbackUrl"],
"saasApp" : configs["authorization"]["methods"]["oauth"]["attributes"]["oauthProvider"]["appRegistration"]["saasApp"]
};
var tenantDomain = carbon.server.tenantDomain({username: username});
if (!tenantDomain) {
log.error("{/modules/oauth/token-handler-utils.js} Error in retrieving tenant " +
"based client application credentials. Unable to obtain a valid tenant domain for provided username "+
username +"- getDynamicClientAppCredentials(x)");
return null;
} else {
var cachedTenantBasedClientAppCredentials = privateMethods.
getCachedTenantBasedClientAppCredentials(tenantDomain);
if (cachedTenantBasedClientAppCredentials) {
return cachedTenantBasedClientAppCredentials;
} else {
// calling dynamic client app registration service endpoint
var requestURL = configs["authorization"]["methods"]["oauth"]["attributes"]["oauthProvider"]["appRegistration"]
["dynamicClientAppRegistrationServiceURL"];
var requestPayload = dcAppProperties;
var token = publicMethods.encode(configs["authorization"]["methods"]["oauth"]["attributes"]["oauthProvider"]
["appRegistration"]["owner"] + ":" + configs["authorization"]["methods"]["oauth"]["attributes"]
["oauthProvider"]["appRegistration"]["password"]);
var xhr = new XMLHttpRequest();
xhr.open("POST", requestURL, false);
xhr.setRequestHeader("Content-Type", "application/json");
xhr.setRequestHeader("Authorization", "Basic "+ token);
xhr.send(stringify(requestPayload));
var dynamicClientAppCredentials = {};
if (xhr["status"] == 201 || xhr["status"] == 200 && xhr["responseText"]) {
var responsePayload = parse(xhr["responseText"]);
var clientId = responsePayload["client_id"];
var clientSecret = responsePayload["client_secret"];
if(typeof clientId == "undefined"){
clientId = responsePayload["clientId"];
}
if(typeof clientSecret == "undefined"){
clientSecret = responsePayload["clientSecret"];
}
dynamicClientAppCredentials["clientId"] = clientId;
dynamicClientAppCredentials["clientSecret"] = clientSecret;
privateMethods.
setCachedTenantBasedClientAppCredentials(tenantDomain, dynamicClientAppCredentials);
} else if (xhr["status"] == 400) {
log.error("{/modules/oauth/token-handler-utils.js - getDynamicClientAppCredentials()} " +
"Bad request. Invalid data provided as dynamic client application properties.");
dynamicClientAppCredentials = null;
} else {
log.error("{/modules/oauth/token-handler-utils.js - getDynamicClientAppCredentials()} " +
"Error in retrieving dynamic client credentials.");
dynamicClientAppCredentials = null;
}
// returning dynamic client credentials
return dynamicClientAppCredentials;
}
}
};
/**
* If gateway is enable, apiManagerClientAppRegistrationServiceURL is used to create oauth application
* @param username username of current logged user
* @returns {{clientId:*, clientSecret:*}}
*/
publicMethods["getTenantBasedClientAppCredentials"] = function (username) {
if (!username) {
log.error("{/modules/oauth/token-handler-utils.js} Error in retrieving tenant " +
"based client app credentials. No username " +
"as input - getTenantBasedClientAppCredentials(x)");
return null;
} else {
//noinspection JSUnresolvedFunction, JSUnresolvedVariable
var tenantDomain = carbon.server.tenantDomain({username: username});
if (!tenantDomain) {
log.error("{/modules/oauth/token-handler-utils.js} Error in retrieving tenant " +
"based client application credentials. Unable to obtain a valid tenant domain for provided " +
"username - getTenantBasedClientAppCredentials(x, y)");
return null;
} else {
var cachedTenantBasedClientAppCredentials = privateMethods.
getCachedTenantBasedClientAppCredentials(tenantDomain);
if (cachedTenantBasedClientAppCredentials) {
return cachedTenantBasedClientAppCredentials;
} else {
var adminUsername = configs["authorization"]["methods"]["oauth"]["attributes"]["adminUser"];
var adminUserTenantId = configs["authorization"]["methods"]["oauth"]["attributes"]
["adminUserTenantId"];
//claims required for jwtAuthenticator.
var claims = {"http://wso2.org/claims/enduserTenantId": adminUserTenantId,
"http://wso2.org/claims/enduser": adminUsername};
var jwtToken = publicMethods.getJwtToken(adminUsername, claims);
// register a tenant based client app at API Manager
var applicationName = configs["authorization"]["methods"]["oauth"]["attributes"]["oauthProvider"]
["appRegistration"]["clientName"] + "_" + tenantDomain;
var requestURL = configs["authorization"]["methods"]["oauth"]["attributes"]["oauthProvider"]
["appRegistration"]["apiManagerClientAppRegistrationServiceURL"] +
"?tenantDomain=" + tenantDomain + "&applicationName=" + applicationName;
var xhr = new XMLHttpRequest();
xhr.open("POST", requestURL, false);
xhr.setRequestHeader("Content-Type", "application/json");
xhr.setRequestHeader("X-JWT-Assertion", "" + jwtToken);
xhr.send();
if ((xhr["status"] == 201 || xhr["status"] == 200) && xhr["responseText"]) {
var responsePayload = parse(xhr["responseText"]);
var tenantBasedClientAppCredentials = {};
var clientId = responsePayload["client_id"];
var clientSecret = responsePayload["client_secret"];
if(typeof clientId == "undefined"){
clientId = responsePayload["clientId"];
}
if(typeof clientSecret == "undefined"){
clientSecret = responsePayload["clientSecret"];
}
tenantBasedClientAppCredentials["clientId"] = clientId;
tenantBasedClientAppCredentials["clientSecret"] = clientSecret;
privateMethods.
setCachedTenantBasedClientAppCredentials(tenantDomain, tenantBasedClientAppCredentials);
return tenantBasedClientAppCredentials;
} else {
log.error("{/modules/oauth/token-handler-utils.js} Error in retrieving tenant " +
"based client application credentials from API " +
"Manager - getTenantBasedClientAppCredentials(x, y)");
return null;
}
}
}
}
};
/**
* Caching oauth application credentials
* @param tenantDomain tenant domain where application is been created
* @param clientAppCredentials {{clientId:*, clientSecret:*}}
*/
privateMethods["setCachedTenantBasedClientAppCredentials"] = function (tenantDomain, clientAppCredentials) {
var cachedTenantBasedClientAppCredentialsMap = application.get(constants["CACHED_CREDENTIALS_PORTAL_APP"]);
if (!cachedTenantBasedClientAppCredentialsMap) {
cachedTenantBasedClientAppCredentialsMap = {};
cachedTenantBasedClientAppCredentialsMap[tenantDomain] = clientAppCredentials;
application.put(constants["CACHED_CREDENTIALS_PORTAL_APP"], cachedTenantBasedClientAppCredentialsMap);
} else if (!cachedTenantBasedClientAppCredentialsMap[tenantDomain]) {
cachedTenantBasedClientAppCredentialsMap[tenantDomain] = clientAppCredentials;
}
};
/**
* Get oauth application credentials from cache
* @param tenantDomain tenant domain where application is been created
* @returns {{clientId:*, clientSecret:*}}
*/
privateMethods["getCachedTenantBasedClientAppCredentials"] = function (tenantDomain) {
var cachedTenantBasedClientAppCredentialsMap = application.get(constants["CACHED_CREDENTIALS_PORTAL_APP"]);
if (!cachedTenantBasedClientAppCredentialsMap ||
!cachedTenantBasedClientAppCredentialsMap[tenantDomain]) {
return null;
} else {
return cachedTenantBasedClientAppCredentialsMap[tenantDomain];
}
};
/**
* Get access token and refresh token using password grant type
* @param username username of the logged user
* @param password password of the logged user
* @param encodedClientAppCredentials {{clientId:*, clientSecret:*}}
* @param scopes scopes list
* @returns {{accessToken: *, refreshToken: *}}
*/
publicMethods["getTokenPairAndScopesByPasswordGrantType"] = function (username, password
, encodedClientAppCredentials, scopes) {
if (!username || !password || !encodedClientAppCredentials || !scopes) {
log.error("{/modules/oauth/token-handler-utils.js} Error in retrieving access token by password " +
"grant type. No username, password, encoded client app credentials or scopes are " +
"found - getTokenPairAndScopesByPasswordGrantType(a, b, c, d)");
return null;
} else {
// calling oauth provider token service endpoint
var requestURL = configs["authorization"]["methods"]["oauth"]["attributes"]["oauthProvider"]
["tokenServiceURL"];
var requestPayload = "grant_type=password&username=" +
username + "&password=" + password + "&scope=" + scopes;
var xhr = new XMLHttpRequest();
xhr.open("POST", requestURL, false);
xhr.setRequestHeader("Content-Type", "application/x-www-form-urlencoded");
xhr.setRequestHeader("Authorization", "Basic " + encodedClientAppCredentials);
xhr.send(requestPayload);
if (xhr["status"] == 200 && xhr["responseText"]) {
var responsePayload = parse(xhr["responseText"]);
var tokenData = {};
tokenData["accessToken"] = responsePayload["access_token"];
tokenData["refreshToken"] = responsePayload["refresh_token"];
tokenData["scopes"] = responsePayload["scope"];
return tokenData;
} else {
log.error("{/modules/oauth/token-handler-utils.js} Error in retrieving access token " +
"by password grant type - getTokenPairAndScopesByPasswordGrantType(a, b, c, d)");
return null;
}
}
};
/**
* Get access token and refresh token using SAML grant type
* @param assertion
* @param encodedClientAppCredentials
* @param scopes
* @returns {{accessToken: *, refreshToken: *}}
*/
publicMethods["getTokenPairAndScopesByJWTGrantType"] = function (username, encodedClientAppCredentials, scopes) {
if (!username || !encodedClientAppCredentials || !scopes) {
log.error("{/app/modules/oauth/token-handler-utils.js} Error in retrieving access token by jwt " +
"grant type. No assertion, encoded client app credentials or scopes are " +
"found - getTokenPairAndScopesByJWTGrantType(x, y, z)");
return null;
} else {
var JWTClientManagerServicePackagePath =
"org.wso2.carbon.identity.jwt.client.extension.service.JWTClientManagerService";
//noinspection JSUnresolvedFunction, JSUnresolvedVariable
var JWTClientManagerService = carbon.server.osgiService(JWTClientManagerServicePackagePath);
//noinspection JSUnresolvedFunction
var jwtClient = JWTClientManagerService.getJWTClient();
// returning access token by JWT grant type
var tokenInfo = jwtClient.getAccessToken(encodedClientAppCredentials,
username, scopes);
var tokenData = {};
tokenData["accessToken"] = tokenInfo.getAccessToken();
tokenData["refreshToken"] = tokenInfo.getRefreshToken();
tokenData["scopes"] = tokenInfo.getScopes();
return tokenData;
}
};
/**
* Get access token and refresh token using SAML grant type
* @param assertion
* @param encodedClientAppCredentials
* @param scopes
* @returns {{accessToken: *, refreshToken: *}}
*/
publicMethods["getTokenPairAndScopesBySAMLGrantType"] = function (assertion, encodedClientAppCredentials, scopes) {
if (!assertion || !encodedClientAppCredentials || !scopes) {
log.error("{/modules/oauth/token-handler-utils.js} Error in retrieving access token by saml " +
"grant type. No assertion, encoded client app credentials or scopes are " +
"found - getTokenPairAndScopesBySAMLGrantType(x, y, z)");
return null;
} else {
var assertionXML = publicMethods.decode(assertion);
/*
TODO: make assertion extraction with proper parsing.
Since Jaggery XML parser seem to add formatting which causes signature verification to fail.
*/
var assertionStartMarker = "<saml2:Assertion";
var assertionEndMarker = "<\/saml2:Assertion>";
var assertionStartIndex = assertionXML.indexOf(assertionStartMarker);
var assertionEndIndex = assertionXML.indexOf(assertionEndMarker);
var extractedAssertion;
if (assertionStartIndex == -1 || assertionEndIndex == -1) {
log.error("{/modules/oauth/token-handler-utils.js} Error in retrieving access token by saml grant " +
"type. Issue in assertion format - getTokenPairAndScopesBySAMLGrantType(x, y, z)");
return null;
} else {
extractedAssertion = assertionXML.
substring(assertionStartIndex, assertionEndIndex) + assertionEndMarker;
var encodedAssertion = publicMethods.encode(extractedAssertion);
// calling oauth provider token service endpoint
var requestURL = configs["authorization"]["methods"]["oauth"]["attributes"]["oauthProvider"]
["tokenServiceURL"];
var requestPayload = "grant_type=urn:ietf:params:oauth:grant-type:saml2-bearer&" +
"assertion=" + encodeURIComponent(encodedAssertion) + "&scope=" + scopes;
var xhr = new XMLHttpRequest();
xhr.open("POST", requestURL, false);
xhr.setRequestHeader("Content-Type", "application/x-www-form-urlencoded");
xhr.setRequestHeader("Authorization", "Basic " + encodedClientAppCredentials);
xhr.send(requestPayload);
if (xhr["status"] == 200 && xhr["responseText"]) {
var responsePayload = parse(xhr["responseText"]);
var tokenData = {};
tokenData["accessToken"] = responsePayload["access_token"];
tokenData["refreshToken"] = responsePayload["refresh_token"];
tokenData["scopes"] = responsePayload["scope"];
return tokenData;
} else {
log.error("{/modules/oauth/token-handler-utils.js} Error in retrieving access token " +
"by password grant type - getTokenPairAndScopesBySAMLGrantType(x, y, z)");
return null;
}
}
}
};
/**
* If access token is expired, try to refresh it using existing refresh token
* @param callback
*/
publicMethods["refreshAccessToken"] = function (callback) {
try {
if (publicMethods.checkOAuthEnabled()) {
var currentTokenPair = parse(session.get(constants["ACCESS_TOKEN_PAIR_IDENTIFIER_FOR_PORTAL"]));
// currentTokenPair includes current access token as well as current refresh token
var encodedClientAppCredentials
= session.get(constants["ENCODED_TENANT_BASED_CLIENT_APP_CREDENTIALS_PORTAL_APP"]);
if (!currentTokenPair || !encodedClientAppCredentials) {
callback(false);
throw new Error("{/modules/oauth/token-handlers.js} Error in refreshing tokens. Either the " +
"token pair, encoded client app credentials or both input are not found under " +
"session context - refreshTokenPair()");
} else {
var newTokenPair = publicMethods.
getNewTokenPairByRefreshToken(currentTokenPair["refreshToken"], encodedClientAppCredentials);
if (!newTokenPair) {
log.error("{/app/modules/oauth/token-handlers.js} Error in refreshing token pair. " +
"Unable to update session context with new access token pair - refreshTokenPair()");
callback(false);
} else {
session.put(constants["ACCESS_TOKEN_PAIR_IDENTIFIER_FOR_PORTAL"], stringify(newTokenPair));
callback(true);
}
}
} else {
log.error("You have not enable dynamic client yet");
callback(false);
}
} catch (exception) {
callback(false);
throw "Error while refreshing existing access token, " + exception;
}
};
/**
* Get access token and refresh token using refresh token grant type
* @param refreshToken refresh token
* @param encodedClientAppCredentials {{clientId:*, clientSecret:*}}
* @param scopes
* @returns {{accessToken: *, refreshToken: *}}
*/
publicMethods["getNewTokenPairByRefreshToken"] = function (refreshToken, encodedClientAppCredentials, scopes) {
if (!refreshToken || !encodedClientAppCredentials) {
log.error("{/modules/oauth/token-handler-utils.js} Error in retrieving new access token " +
"by current refresh token. No refresh token or encoded client app credentials are " +
"found - getNewTokenPairByRefreshToken(x, y, z)");
return null;
} else {
var requestURL = configs["authorization"]["methods"]["oauth"]["attributes"]["oauthProvider"]
["tokenServiceURL"];
var requestPayload = "grant_type=refresh_token&refresh_token=" + refreshToken;
if (scopes) {
requestPayload = requestPayload + "&scope=" + scopes;
}
var xhr = new XMLHttpRequest();
xhr.open("POST", requestURL, false);
xhr.setRequestHeader("Content-Type", "application/x-www-form-urlencoded");
xhr.setRequestHeader("Authorization", "Basic " + encodedClientAppCredentials);
xhr.send(requestPayload);
if (xhr["status"] == 200 && xhr["responseText"]) {
var responsePayload = parse(xhr["responseText"]);
var tokenPair = {};
tokenPair["accessToken"] = responsePayload["access_token"];
tokenPair["refreshToken"] = responsePayload["refresh_token"];
return tokenPair;
} else {
log.error("{/modules/oauth/token-handler-utils.js} Error in retrieving new access token by " +
"current refresh token - getNewTokenPairByRefreshToken(x, y, z)");
return null;
}
}
};
/**
* Get access token using JWT grant type
* @param clientAppCredentials {{clientId:*, clientSecret:*}}
* @returns {{accessToken: *, refreshToken: *}}
*/
publicMethods["getAccessTokenByJWTGrantType"] = function (clientAppCredentials) {
if (!clientAppCredentials) {
log.error("{/modules/oauth/token-handler-utils.js} Error in retrieving new access token " +
"by current refresh token. No client app credentials are found " +
"as input - getAccessTokenByJWTGrantType(x)");
return null;
} else {
var JWTClientManagerServicePackagePath =
"org.wso2.carbon.identity.jwt.client.extension.service.JWTClientManagerService";
//noinspection JSUnresolvedFunction, JSUnresolvedVariable
var JWTClientManagerService = carbon.server.osgiService(JWTClientManagerServicePackagePath);
//noinspection JSUnresolvedFunction
var jwtClient = JWTClientManagerService.getJWTClient();
// returning access token by JWT grant type
return jwtClient.getAccessToken(clientAppCredentials["clientId"], clientAppCredentials["clientSecret"],
configs["authorization"]["methods"]["oauth"]["attributes"]["oauthProvider"]["appRegistration"]["owner"],
null)["accessToken"];
}
};
/**
* Get jwt token
* @param username username of logged user
* @param claims claims which are required
* @returns {"jwtToken"}
*/
publicMethods["getJwtToken"] = function (username, claims) {
if (!username) {
log.error("{/modules/oauth/token-handler-utils.js} Error in retrieving new jwt token");
return null;
} else {
var JWTClientManagerServicePackagePath =
"org.wso2.carbon.identity.jwt.client.extension.service.JWTClientManagerService";
//noinspection JSUnresolvedFunction, JSUnresolvedVariable
var JWTClientManagerService = carbon.server.osgiService(JWTClientManagerServicePackagePath);
//noinspection JSUnresolvedFunction
var jwtClient = JWTClientManagerService.getJWTClient();
// returning access token by JWT grant type
if (claims) {
return jwtClient.getJwtToken(username, claims);
} else {
return jwtClient.getJwtToken(username);
}
}
};
return publicMethods;
}();

@ -0,0 +1,192 @@
/*
* Copyright (c) 2016, WSO2 Inc. (http://www.wso2.org) All Rights Reserved.
*
* WSO2 Inc. licenses this file to you under the Apache License,
* Version 2.0 (the "License"); you may not use this file except
* in compliance with the License.
* You may obtain a copy of the License at
*
* http://www.apache.org/licenses/LICENSE-2.0
*
* Unless required by applicable law or agreed to in writing,
* software distributed under the License is distributed on an
* "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND,
* either express or implied. See the License for the
* specific language governing permissions and limitations
* under the License.
*/
/**
* -----------------------------------------------------
* Following module includes handlers
* at Jaggery Layer for handling OAuth tokens.
* -----------------------------------------------------
*/
var handlers = function () {
var log = new Log("/modules/oauth/token-handlers.js");
var tokenUtil = require("/modules/oauth/token-handler-utils.js")["utils"];
var constants = require("/modules/constants.js");
var configs = require('/configs/portal.js').config();
var publicMethods = {};
var privateMethods = {};
/**
* Get an AccessToken pair based on username and password
* @param username username of the logged user
* @param password password of the logged user
*/
publicMethods["setupTokenPairByPasswordGrantType"] = function (username, password) {
if (!username || !password) {
throw new Error("{/modules/oauth/token-handlers.js} Could not set up access token pair by " +
"password grant type. Either username of logged in user, password or both are missing " +
"as input - setupTokenPairByPasswordGrantType(x, y)");
} else {
privateMethods.setUpEncodedTenantBasedClientAppCredentials(username);
var encodedClientAppCredentials =
session.get(constants["ENCODED_TENANT_BASED_CLIENT_APP_CREDENTIALS_PORTAL_APP"]);
if (!encodedClientAppCredentials) {
throw new Error("{/modules/oauth/token-handlers.js} Could not set up access token pair by " +
"password grant type. Encoded client credentials are " +
"missing - setupTokenPairByPasswordGrantType(x, y)");
} else {
var tokenData;
// tokenPair will include current access token as well as current refresh token
var arrayOfScopes = configs["authorization"]["methods"]["oauth"]["attributes"]["scopes"];
var stringOfScopes = "";
arrayOfScopes.forEach(function (entry) {
stringOfScopes += entry + " ";
});
tokenData = tokenUtil.
getTokenPairAndScopesByPasswordGrantType(username,
encodeURIComponent(password), encodedClientAppCredentials, stringOfScopes);
if (!tokenData) {
throw new Error("{/app/modules/oauth/token-handlers.js} Could not set up " +
"token pair by password grant type. Error in token " +
"retrieval - setupTokenPairByPasswordGrantType(x, y)");
} else {
var tokenPair = {};
tokenPair["accessToken"] = tokenData["accessToken"];
tokenPair["refreshToken"] = tokenData["refreshToken"];
// setting up token pair into session context as a string
session.put(constants["ACCESS_TOKEN_PAIR_IDENTIFIER_FOR_PORTAL"], stringify(tokenPair));
var scopes = tokenData.scopes.split(" ");
// adding allowed scopes to the session
session.put(constants["ALLOWED_SCOPES"], scopes);
}
}
}
};
/**
* Get an AccessToken pair based on SAML assertion
* @param samlToken SAML assertion
* @param username {{clientId:"", clientSecret:""}}
*/
publicMethods["setupTokenPairBySamlGrantType"] = function (username, samlToken) {
if (!username || !samlToken) {
throw new Error("{/modules/oauth/token-handlers.js} Could not set up access token pair by " +
"saml grant type. Either username of logged in user, samlToken or both are missing " +
"as input - setupTokenPairBySamlGrantType(x, y)");
} else {
privateMethods.setUpEncodedTenantBasedClientAppCredentials(username);
var encodedClientAppCredentials =
session.get(constants["ENCODED_TENANT_BASED_CLIENT_APP_CREDENTIALS_PORTAL_APP"]);
if (!encodedClientAppCredentials) {
throw new Error("{/app/modules/oauth/token-handlers.js} Could not set up access token pair " +
"by saml grant type. Encoded client credentials are " +
"missing - setupTokenPairBySamlGrantType(x, y)");
} else {
var tokenData;
// accessTokenPair will include current access token as well as current refresh token
tokenData = tokenUtil.
getTokenPairAndScopesByJWTGrantType(username, encodedClientAppCredentials, "PRODUCTION");
if (!tokenData) {
throw new Error("{/modules/oauth/token-handlers.js} Could not set up token " +
"pair by saml grant type. Error in token " +
"retrieval - setupTokenPairBySamlGrantType(x, y)");
} else {
var tokenPair = {};
tokenPair["accessToken"] = tokenData["accessToken"];
tokenPair["refreshToken"] = tokenData["refreshToken"];
// setting up access token pair into session context as a string
session.put(constants["ACCESS_TOKEN_PAIR_IDENTIFIER_FOR_PORTAL"], stringify(tokenPair));
var scopes = tokenData.scopes.split(" ");
// adding allowed scopes to the session
session.put(constants["ALLOWED_SCOPES"], scopes);
}
}
}
};
/**
* Set access token and refresh token using refresh token grant type
*/
publicMethods["refreshTokenPair"] = function () {
var currentTokenPair = parse(session.get(constants["ACCESS_TOKEN_PAIR_IDENTIFIER_FOR_PORTAL"]));
// currentTokenPair includes current access token as well as current refresh token
var encodedClientAppCredentials
= session.get(constants["ENCODED_TENANT_BASED_CLIENT_APP_CREDENTIALS_PORTAL_APP"]);
if (!currentTokenPair || !encodedClientAppCredentials) {
throw new Error("{/modules/oauth/token-handlers.js} Error in refreshing tokens. Either the " +
"token pair, encoded client app credentials or both input are not found under " +
"session context - refreshTokenPair()");
} else {
var newTokenPair = tokenUtil.
getNewTokenPairByRefreshToken(currentTokenPair["refreshToken"], encodedClientAppCredentials);
if (!newTokenPair) {
log.error("{/app/modules/oauth/token-handlers.js} Error in refreshing token pair. " +
"Unable to update session context with new access token pair - refreshTokenPair()");
} else {
session.put(constants["ACCESS_TOKEN_PAIR_IDENTIFIER_FOR_PORTAL"], stringify(newTokenPair));
}
}
};
/**
* If gateway is enable, apiManagerClientAppRegistrationServiceURL is used to create an oauth application or
* else DCR endpoint is used to create an oauth application
* @param username username of current logged user
*/
privateMethods["setUpEncodedTenantBasedClientAppCredentials"] = function (username) {
if (!username) {
throw new Error("{/modules/oauth/token-handlers.js} Could not set up encoded tenant based " +
"client credentials to session context. No username of logged in user is found as " +
"input - setUpEncodedTenantBasedClientAppCredentials(x)");
} else {
if (configs["authorization"]["methods"]["oauth"]["attributes"]["apimgt-gateway"]) {
var tenantBasedClientAppCredentials = tokenUtil.getTenantBasedClientAppCredentials(username);
if (!tenantBasedClientAppCredentials) {
throw new Error("{/modules/oauth/token-handlers.js} Could not set up encoded tenant " +
"based client credentials to session context as the server is unable " +
"to obtain such credentials - setUpEncodedTenantBasedClientAppCredentials(x)");
} else {
var encodedTenantBasedClientAppCredentials =
tokenUtil.encode(tenantBasedClientAppCredentials["clientId"] + ":" +
tenantBasedClientAppCredentials["clientSecret"]);
// setting up encoded tenant based client credentials to session context.
session.put(constants["ENCODED_TENANT_BASED_CLIENT_APP_CREDENTIALS_PORTAL_APP"],
encodedTenantBasedClientAppCredentials);
}
} else {
var dynamicClientAppCredentials = tokenUtil.getDynamicClientAppCredentials(username);
if (!dynamicClientAppCredentials) {
throw new Error("{/modules/oauth/token-handlers.js} Could not set up encoded tenant based " +
"client credentials to session context as the server is unable to obtain " +
"dynamic client credentials - setUpEncodedTenantBasedClientAppCredentials(x)");
}
var encodedTenantBasedClientAppCredentials =
tokenUtil.encode(dynamicClientAppCredentials["clientId"] + ":" +
dynamicClientAppCredentials["clientSecret"]);
// setting up encoded tenant based client credentials to session context.
session.put(constants["ENCODED_TENANT_BASED_CLIENT_APP_CREDENTIALS_PORTAL_APP"],
encodedTenantBasedClientAppCredentials);
}
}
};
return publicMethods;
}();

@ -43,10 +43,11 @@
"password":"admin",
"dynamicClientAppRegistrationServiceURL": "https://localhost:9443/dynamic-client-web/register",
"apiManagerClientAppRegistrationServiceURL": "https://localhost:9443/api-application-registration/register/tenants",
"grantType": "password refresh_token urn:ietf:params:oauth:grant-type:saml2-bearer urn:ietf:params:oauth:grant-type:jwt-bearer",
"grantType": "urn:ietf:urn:ietf:params:oauth:grant-type:saml2-bearer",
"tokenScope": "admin",
"callbackUrl": "https://localhost:9445/portal",
"saasApp":true
},
"tokenServiceURL": "https://localhost:9443/oauth2/token"
},

@ -395,6 +395,9 @@
<featureArtifactDef>
org.wso2.carbon.devicemgt-plugins:org.wso2.extension.siddhi.execution.json.feature:${carbon.device.mgt.plugin.version}
</featureArtifactDef>
<featureArtifactDef>
org.wso2.carbon.identity:org.wso2.carbon.identity.authenticator.mutualssl.feature:${identity.carbon.auth.mutual.ssl.version}
</featureArtifactDef>
</featureArtifacts>
</configuration>
</execution>

@ -7,7 +7,7 @@
<!-- Add the scope validator config element -->
<add>
<after>//s:Server/s:OAuth/s:OAuthCallbackHandlers</after>
<value><![CDATA[<OAuthScopeValidator class="org.wso2.carbon.device.mgt.oauth.extensions.validators.ExtendedJDBCScopeValidator"/>]]></value>
<value><![CDATA[<OAuthScopeValidator class="org.wso2.carbon.device.mgt.oauth.extensions.handlers.ScopeValidationHandler"/>]]></value>
</add>
<!-- Add the ntlm grant type validator config element -->
<add>
@ -25,7 +25,7 @@
<value>
<![CDATA[<SupportedGrantType>
<GrantTypeName>urn:ietf:params:oauth:grant-type:jwt-bearer</GrantTypeName>
<GrantTypeHandlerImplClass>org.wso2.carbon.identity.oauth2.grant.jwt.JWTBearerGrantHandler</GrantTypeHandlerImplClass>
<GrantTypeHandlerImplClass>org.wso2.carbon.device.mgt.oauth.extensions.handlers.grant.ExtendedJWTGrantHandler</GrantTypeHandlerImplClass>
<GrantTypeValidatorImplClass>org.wso2.carbon.identity.oauth2.grant.jwt.JWTGrantValidator</GrantTypeValidatorImplClass>
</SupportedGrantType>]]></value>
</add>

@ -9,9 +9,12 @@
<property key="jobQueueSize">10000</property>
<property key="maximumHttpConnectionPerHost">2</property>
<property key="maximumTotalHttpConnection">100</property>
<property key="keymanagerUrl">https://${iot.keymanager.host}:${iot.keymanager.https.port}</property>
<property key="tokenValidationUrl">https://${iot.keymanager.host}:${iot.keymanager.https.port}</property>
<property key="username">admin</property>
<property key="password">admin</property>
<property key="tokenUrl">https://${iot.gateway.host}:${iot.gateway.https.port}/token</property>
<property key="deviceMgtServerUrl">https://${iot.gateway.host}:${iot.gateway.https.port}</property>
<property key="tokenRefreshTimeOffset">100</property>
</adapterConfig>
<adapterConfig type="oauth-mqtt">
@ -22,8 +25,9 @@
<property key="jobQueueSize">10000</property>
<property key="connectionKeepAliveInterval">60</property>
<property key="dcrUrl">https://${iot.keymanager.host}:${iot.keymanager.https.port}/client-registration/v0.11/register</property>
<property key="tokenUrl">https://${iot.gateway.host}:${iot.gateway.https.port}/token</property>
<property key="url">tcp://${mqtt.broker.host}:${mqtt.broker.port}</property>
<property key="username">admin</property>
<property key="password">admin</property>
</adapterConfig>]]></value>
</add>
</processor>

@ -12,6 +12,8 @@
<property key="dcrUrl">https://${iot.keymanager.host}:${iot.keymanager.https.port}/client-registration/v0.11/register</property>
<property key="tokenUrl">https://${iot.gateway.host}:${iot.gateway.https.port}/token</property>
<property key="url">tcp://${mqtt.broker.host}:${mqtt.broker.port}</property>
<property key="username">admin</property>
<property key="password">admin</property>
</adapterConfig>
<adapterConfig type="secured-websocket">
@ -22,7 +24,7 @@
<property key="jobQueueSize">10000</property>
<!--Authorizer holds the information of the authorizer that is used authorize a connection.-->
<property key="authenticator">org.wso2.carbon.device.mgt.output.adapter.websocket.authentication.OAuthAuthenticator</property>
<property key="keymanagerUrl">https://${iot.keymanager.host}:${iot.keymanager.https.port}</property>
<property key="tokenValidationUrl">https://${iot.keymanager.host}:${iot.keymanager.https.port}</property>
<property key="maximumHttpConnectionPerHost">2</property>
<property key="maximumTotalHttpConnection">100</property>
<property key="authorizer">org.wso2.carbon.device.mgt.output.adapter.websocket.authorization.DeviceAuthorizer</property>

@ -140,7 +140,11 @@
<token>(org.wso2.carbon.identity.oauth.callback.DefaultCallbackHandler)</token>
<value>org.wso2.carbon.apimgt.keymgt.util.APIManagerOAuthCallbackHandler</value>
</replacement>
<replacement>
<xpath>/Server/SSOService/UseAuthenticatedUserDomainCrypto</xpath>
<token>(false)</token>
<value>true</value>
</replacement>
</replacements>
</configuration>
</execution>

@ -73,7 +73,7 @@
<exclude>**/lib/httpmime*</exclude>
<exclude>**/lib/encoder*</exclude>
<exclude>**/plugins/jaxb*</exclude>
<exclude>**/security/authenticators.xml</exclude>
<exclude>**/repository/conf/security/authenticators.xml</exclude>
<exclude>**/user-mgt.xml</exclude>
<exclude>**/plugins/org.wso2.carbon.localentry.ui*</exclude>
@ -115,6 +115,11 @@
<exclude>**/repository/conf/security/Owasp.CsrfGuard.Carbon.properties</exclude>
<exclude>**/repository/components/plugins/httpclient_4.3.2.wso2v1.jar</exclude>
<exclude>**/conf/tomcat/carbon/WEB-INF/web.xml</exclude>
<exclude>**/repository/components/plugins/org.wso2.carbon.hostobjects.sso_4.5.4.jar</exclude>
<exclude>**/bin/wso2server.sh</exclude>
<exclude>**/bin/wso2server.bat</exclude>
<exclude>**/repository/deployment/server/jaggeryapps/portal/modules/oauth/plugins/token-handler-utils.js</exclude>
<exclude>**/repository/deployment/server/jaggeryapps/portal/modules/oauth/plugins/token-handlers.js</exclude>
</excludes>
</fileSet>
@ -128,18 +133,6 @@
<include>*/**</include>
</includes>
</fileSet>
<fileSet>
<directory>target/wso2carbon-core-${carbon.kernel.version}</directory>
<outputDirectory>${pom.artifactId}-${pom.version}</outputDirectory>
<includes>
<include>**/*.sh</include>
</includes>
<excludes>
<exclude>bin/wso2server.sh</exclude>
<exclude>bin/wso2server.bat</exclude>
</excludes>
<fileMode>755</fileMode>
</fileSet>
<!-- Multi-tenancy related file -->
<fileSet>
@ -414,7 +407,7 @@
<outputDirectory>${pom.artifactId}-${pom.version}/repository/deployment/server/carbonapps
</outputDirectory>
</fileSet>
<fileSet>
<fileSet>
<directory>
../p2-profile-gen/target/wso2carbon-core-${carbon.kernel.version}/repository/resources
</directory>
@ -755,6 +748,29 @@
<include>**/*</include>
</includes>
</fileSet>
<!-- Files required to mobile-qsg -->
<fileSet>
<directory>../scripts/mobile-qsg/resources</directory>
<outputDirectory>
${pom.artifactId}-${pom.version}/samples/mobile-qsg
</outputDirectory>
<includes>
<include>**/**</include>
</includes>
</fileSet>
<fileSet>
<directory>../scripts/mobile-qsg/target</directory>
<outputDirectory>
${pom.artifactId}-${pom.version}/repository/deployment/server/webapps
</outputDirectory>
<includes>
<include>**/**</include>
</includes>
</fileSet>
<!-- Files required to mobile-qsg -->
</fileSets>
<dependencySets>
@ -797,6 +813,20 @@
</outputDirectory>
<fileMode>755</fileMode>
</file>
<file>
<source>src/repository/jaggeryapps/portal/modules/oauth/token-handler-utils.js</source>
<outputDirectory>
${pom.artifactId}-${pom.version}/repository/deployment/server/jaggeryapps/portal/modules/oauth
</outputDirectory>
<fileMode>755</fileMode>
</file>
<file>
<source>src/repository/jaggeryapps/portal/modules/oauth/token-handlers.js</source>
<outputDirectory>
${pom.artifactId}-${pom.version}/repository/deployment/server/jaggeryapps/portal/modules/oauth
</outputDirectory>
<fileMode>755</fileMode>
</file>
<!-- End of "portal" app specific modifications -->
<!-- Copying config file for enabling sso in api-store-->
@ -953,6 +983,14 @@
<outputDirectory>${pom.artifactId}-${pom.version}/repository/conf</outputDirectory>
<fileMode>644</fileMode>
</file>
<!-- Copying apim-integration.xml -->
<file>
<source>
../p2-profile-gen/target/wso2carbon-core-${carbon.kernel.version}/repository/conf/apim-integration.xml
</source>
<outputDirectory>${pom.artifactId}-${pom.version}/repository/conf</outputDirectory>
<fileMode>644</fileMode>
</file>
<!-- Copying api-manager.xml -->
<file>
<source>src/repository/conf/api-manager.xml</source>
@ -986,7 +1024,7 @@
-->
<file>
<source>
src/repository/conf/cdm-config.xml
../p2-profile-gen/target/wso2carbon-core-${carbon.kernel.version}/repository/conf/cdm-config.xml
</source>
<outputDirectory>${pom.artifactId}-${pom.version}/repository/conf</outputDirectory>
<filtered>true</filtered>
@ -1305,9 +1343,9 @@
<!-- Adding IoT Analytics Dashboard and gadget CApps -->
<file>
<source>
../p2-profile-gen/target/wso2carbon-core-${carbon.kernel.version}/repository/deployment/server/carbonapps/org_wso2_carbon_analytics_cdmf-1.0.0.car
../p2-profile-gen/target/wso2carbon-core-${carbon.kernel.version}/repository/resources/devicetypes/device_management/org_wso2_carbon_analytics_cdmf-1.0.0.car
</source>
<outputDirectory>${pom.artifactId}-${pom.version}/repository/deployment/server/carbonapps/</outputDirectory>
<outputDirectory>${pom.artifactId}-${pom.version}/repository/resources/devicetypes/device_management/</outputDirectory>
<fileMode>644</fileMode>
</file>
<!-- Copying webapp-publisher-config.xml -->
@ -1441,5 +1479,43 @@
</outputDirectory>
<fileMode>755</fileMode>
</file>
<file>
<source>
src/repository/cloud/portal/common.css
</source>
<outputDirectory>${pom.artifactId}-${pom.version}/repository/deployment/server/jaggeryapps/portal/css
</outputDirectory>
</file>
<file>
<source>
src/repository/cloud/portal/portal.js
</source>
<outputDirectory>${pom.artifactId}-${pom.version}/repository/deployment/server/jaggeryapps/portal/js
</outputDirectory>
</file>
<file>
<source>
src/repository/cloud/portal/global-navigation.jag
</source>
<outputDirectory>${pom.artifactId}-${pom.version}/repository/deployment/server/jaggeryapps/portal/theme/templates
</outputDirectory>
</file>
<!-- Copying mobile-qsg jar -->
<file>
<source>../scripts/mobile-qsg/target/mobile-qsg.jar</source>
<outputDirectory>
${pom.artifactId}-${pom.version}/samples/mobile-qsg
</outputDirectory>
</file>
<file>
<source>../scripts/mobile-qsg/target/org.wso2.carbon.appmgt.oauth.core-1.2.5.jar</source>
<outputDirectory>
${pom.artifactId}-${pom.version}/repository/components/dropins
</outputDirectory>
</file>
</files>
</assembly>

@ -162,7 +162,7 @@ set CARBON_CLASSPATH=.\lib;%CARBON_CLASSPATH%
set JAVA_ENDORSED=".\lib\endorsed";"%JAVA_HOME%\jre\lib\endorsed";"%JAVA_HOME%\lib\endorsed"
set CMD_LINE_ARGS=-Xbootclasspath/a:%CARBON_XBOOTCLASSPATH% -Xms256m -Xmx1024m -XX:MaxPermSize=512m -XX:+HeapDumpOnOutOfMemoryError -XX:HeapDumpPath="%CARBON_HOME%\repository\logs\heap-dump.hprof" -Dcom.sun.management.jmxremote -classpath %CARBON_CLASSPATH% %JAVA_OPTS% -Djava.endorsed.dirs=%JAVA_ENDORSED% -Dcarbon.registry.root=/ -Dcarbon.home="%CARBON_HOME%" -Dlogger.server.name="IoT-Core" -Dwso2.server.standalone=true -Djava.command="%JAVA_HOME%\bin\java" -Djava.opts="%JAVA_OPTS%" -Djava.io.tmpdir="%CARBON_HOME%\tmp" -Dcatalina.base="%CARBON_HOME%\lib\tomcat" -Dwso2.carbon.xml=%CARBON_HOME%\repository\conf\carbon.xml -Dwso2.registry.xml="%CARBON_HOME%\repository\conf\registry.xml" -Dwso2.user.mgt.xml="%CARBON_HOME%\repository\conf\user-mgt.xml" -Dwso2.transports.xml="%CARBON_HOME%\repository\conf\mgt-transports.xml" -Djava.util.logging.config.file="%CARBON_HOME%\repository\conf\etc\logging-bridge.properties" -Djava.util.logging.manager=org.apache.juli.ClassLoaderLogManager -Dcarbon.config.dir.path="%CARBON_HOME%\repository\conf" -Dcomponents.repo="%CARBON_HOME%\repository\components" -Dconf.location="%CARBON_HOME%\repository\conf" -Dcom.atomikos.icatch.file="%CARBON_HOME%\lib\transactions.properties" -Dcom.atomikos.icatch.hide_init_file_path="true" -Dorg.apache.jasper.compiler.Parser.STRICT_QUOTE_ESCAPING=false -Dorg.apache.jasper.runtime.BodyContentImpl.LIMIT_BUFFER=true -Dcom.sun.jndi.ldap.connect.pool.authentication=simple -Dcom.sun.jndi.ldap.connect.pool.timeout=3000 -Dorg.terracotta.quartz.skipUpdateCheck=true -Dcarbon.classpath=%CARBON_CLASSPATH% -Dfile.encoding=UTF8 -Dorg.wso2.ignoreHostnameVerification=true -Dorg.opensaml.httpclient.https.disableHostnameVerification=true -Diot.analytics.host="localhost" -Diot.analytics.https.port="9445" -Dmqtt.broker.host="localhost" -Dmqtt.broker.port="1886" -Diot.core.host="localhost" -Diot.core.https.port="9443" -Diot.keymanager.host="localhost" -Diot.keymanager.https.port="9443" -Diot.gateway.host="localhost" -Diot.gateway.https.port="8243" -Diot.gateway.http.port="8280"
set CMD_LINE_ARGS=-Xbootclasspath/a:%CARBON_XBOOTCLASSPATH% -Xms256m -Xmx1024m -XX:MaxPermSize=512m -XX:+HeapDumpOnOutOfMemoryError -XX:HeapDumpPath="%CARBON_HOME%\repository\logs\heap-dump.hprof" -Dcom.sun.management.jmxremote -classpath %CARBON_CLASSPATH% %JAVA_OPTS% -Djava.endorsed.dirs=%JAVA_ENDORSED% -Dcarbon.registry.root=/ -Dcarbon.home="%CARBON_HOME%" -Dlogger.server.name="IoT-Core" -Dwso2.server.standalone=true -Djava.command="%JAVA_HOME%\bin\java" -Djava.opts="%JAVA_OPTS%" -Djava.io.tmpdir="%CARBON_HOME%\tmp" -Dcatalina.base="%CARBON_HOME%\lib\tomcat" -Dwso2.carbon.xml=%CARBON_HOME%\repository\conf\carbon.xml -Dwso2.registry.xml="%CARBON_HOME%\repository\conf\registry.xml" -Dwso2.user.mgt.xml="%CARBON_HOME%\repository\conf\user-mgt.xml" -Dwso2.transports.xml="%CARBON_HOME%\repository\conf\mgt-transports.xml" -Djava.util.logging.config.file="%CARBON_HOME%\repository\conf\etc\logging-bridge.properties" -Djava.util.logging.manager=org.apache.juli.ClassLoaderLogManager -Dcarbon.config.dir.path="%CARBON_HOME%\repository\conf" -Dcomponents.repo="%CARBON_HOME%\repository\components" -Dconf.location="%CARBON_HOME%\repository\conf" -Dcom.atomikos.icatch.file="%CARBON_HOME%\lib\transactions.properties" -Dcom.atomikos.icatch.hide_init_file_path="true" -Dorg.apache.jasper.compiler.Parser.STRICT_QUOTE_ESCAPING=false -Dorg.apache.jasper.runtime.BodyContentImpl.LIMIT_BUFFER=true -Dcom.sun.jndi.ldap.connect.pool.authentication=simple -Dcom.sun.jndi.ldap.connect.pool.timeout=3000 -Dorg.terracotta.quartz.skipUpdateCheck=true -Dcarbon.classpath=%CARBON_CLASSPATH% -Dfile.encoding=UTF8 -Dorg.wso2.ignoreHostnameVerification=true -Dorg.opensaml.httpclient.https.disableHostnameVerification=true -Diot.analytics.host="localhost" -Diot.analytics.https.port="9445" -Diot.manager.host="localhost" -Diot.manager.https.port="9445" -Dmqtt.broker.host="localhost" -Dmqtt.broker.port="1886" -Diot.core.host="localhost" -Diot.core.https.port="9443" -Diot.keymanager.host="localhost" -Diot.keymanager.https.port="9443" -Diot.gateway.host="localhost" -Diot.gateway.https.port="8243" -Diot.gateway.http.port="8280" -Diot.apimpublisher.host="localhost" -Diot.apimpublisher.https.port="9443" -Diot.apimstore.host="localhost" -Diot.apimstore.https.port="8243"
:runJava
echo JAVA_HOME environment variable is set to %JAVA_HOME%

@ -309,6 +309,8 @@ do
-Dorg.opensaml.httpclient.https.disableHostnameVerification=true \
-Diot.analytics.host="localhost" \
-Diot.analytics.https.port="9445" \
-Diot.manager.host="localhost" \
-Diot.manager.https.port="9443" \
-Dmqtt.broker.host="localhost" \
-Dmqtt.broker.port="1886" \
-Diot.core.host="localhost" \
@ -318,6 +320,10 @@ do
-Diot.gateway.host="localhost" \
-Diot.gateway.https.port="8243" \
-Diot.gateway.http.port="8280" \
-Diot.apimpublisher.host="localhost" \
-Diot.apimpublisher.https.port="9443" \
-Diot.apimstore.host="localhost" \
-Diot.apimstore.https.port="9443" \
org.wso2.carbon.bootstrap.Bootstrap $*
status=$?
done

@ -0,0 +1,245 @@
/*
* Copyright (c) 2015, WSO2 Inc. (http://www.wso2.org) All Rights Reserved.
*
* Licensed under the Apache License, Version 2.0 (the "License");
* you may not use this file except in compliance with the License.
* You may obtain a copy of the License at
*
* http://www.apache.org/licenses/LICENSE-2.0
*
* Unless required by applicable law or agreed to in writing, software
* distributed under the License is distributed on an "AS IS" BASIS,
* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
* See the License for the specific language governing permissions and
* limitations under the License.
*/
.truncate {
white-space: nowrap;
overflow: hidden;
text-overflow: ellipsis;
}
/**
* Validation messages
*/
.required {
color: #e74c3c;
}
.required-error {
background: #a94442;
border: 1px solid #a94442;
padding: 6px 12px;
color: #fff;
}
/**
* Theme overrides
*/
.breadcrumb li .fw-home {
float: left;
padding-top: 2px;
margin-right: 5px;
}
/**
* Auth menu
*/
.auth .hidden-xs {
line-height: 38px;
}
.auth-xs {
color: #fff;
}
.auth-xs ul {
list-style: none;
padding: 0;
margin: 0;
line-height: 28px;
background-color: #2a80b9;
}
.auth-xs li {
color: #ccc;
}
.auth-xs li a {
display: block;
color: #fff;
}
.auth-xs li a:hover {
background-color: #499dd5;
}
ul.dropdown-menu.more-actions-button {
list-style-type: none;
margin: 0;
padding: 0;
overflow: hidden;
width: 40px;
background: #F9F9F9;
border-bottom: 1px solid #EFEFEF;
min-width: 45px;
}
ul.dropdown-menu.more-actions-button > li {
height: 40px;
width: 40px;
border: 1px;
}
ul.dropdown-menu.more-actions-button > li > button {
border-bottom: 1px solid #e4e4e4;
border-top: 1px solid darkred;
}
.btn-group.open .dropdown-toggle {
-webkit-box-shadow: none;
box-shadow: none;
border: 0px;
}
.btn-custom {
border-width: 1px;
}
.cloud-menu .popover {
border-radius: 0px;
width: 24em;
left: -21.1em !important;
max-width: 32em;
background-color: #006690
}
.cloud-menu .popover-title,.navbar-header .popover-title {
background-color: #006690;
font-size: 16px;
border-bottom: none;
font-weight: 400;
}
.cloud-menu .popover.bottom>.arrow{
margin-left:-2px;
}
.cloud-menu .popover.bottom>.arrow:after,.navbar-header .popover.bottom>.arrow:after{
border-bottom-color: #006690;
}
.cloud-block {
float: left;
width: 8.2em;
height: 8.2em;
background-color: #fff;
margin: 0.5em 0em 0.5em 0.5em;
text-align: center;
vertical-align: middle;
}
.cloud-name {
font-size:14px;
margin-top: .5em;
font-weight: 400;
}
.cloud-menu-popover {
position: relative;
float: right;
padding: 0px 8px;
background-color: transparent;
background-image: none;
border: 1px solid transparent;
border-radius: 4px;
color: #fff;
cursor: pointer;
}
#cloud-menu-popover-xs {
color: #fff;
line-height:24px;
border: none;
margin-right: 15px!important;
}
.navbar-toggle{
border:none;
border-radius: 0px;
}
.navbar-header .popover {
border-radius: 0px;
width: 21em;
max-width:32em;
background-color: #006690;
}
.navbar-header .popover .popover-content{
padding:0px;
}
.cloud-menu .popover-content {
padding: 0px;
}
.cloud-actions {
background-color: #005578;
float: left;
position: absolute;
width: 100%;
left: 0px;
overflow:hidden;
}
.cloud-actions h3 {
font-size: 16px;
font-weight: 400;
padding-left: 14px;
margin-top: 10px;
}
.cloud-block-invert {
color: #fff;
float: left;
width: 8.2em;
height: 8.2em;
background-color: #1f1f1f;
margin: 0.5em 0em 0.5em 0.5em;
text-align: center;
cursor: pointer;
}
.cloud-block-default {
color: #006690;
background-color: #fff;
cursor: pointer;
}
.cloud-actions a:hover {
color: #d7d5d5;
background-color: #3d3d3d;
text-decoration: none
}
.cloud-apps a {
text-decoration: none;
color: #006690 !important;
cursor: pointer
}
.cloud-apps a:hover {
text-decoration: none;
color: #006690;
background-color: #c5c5c5;
}
.cloud-apps .cloud-actions a {
color: #fff
}
.add-padding-top-3x {
padding-top: 15px !important;
}
.nav li a{
color: #fff;
}
.cloud-menu-content li a{
color:inherit;
}
html{
height: 100%;
}
body{
height: calc(100% - 50px);
}

@ -0,0 +1,329 @@
<%
/*
* Copyright (c) 2015, WSO2 Inc. (http://www.wso2.org) All Rights Reserved.
*
* Licensed under the Apache License, Version 2.0 (the "License");
* you may not use this file except in compliance with the License.
* You may obtain a copy of the License at
*
* http://www.apache.org/licenses/LICENSE-2.0
*
* Unless required by applicable law or agreed to in writing, software
* distributed under the License is distributed on an "AS IS" BASIS,
* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
* See the License for the specific language governing permissions and
* limitations under the License.
*/
%>
<%
var query = request.getQueryString();
var dest = encodeURIComponent(originalURI + (query ? '?' + query : ''));
var configs = require('/configs/portal.js').config();
var isCloud = configs.isCloud;
%>
<header class="header header-default">
<div class="container-fluid">
<div class="pull-left brand float-remove-xs text-center-xs">
<a href="<%=tenantedUrlPrefix%>./dashboards">
<img src="<%=urlPrefix%>libs/theme-wso2_1.0/images/logo-inverse.svg" alt="WSO2" title="WSO2" class="logo">
<% if (isCloud) { %>
<h1>Cloud</h1>
<% } else { %>
<h1><%=i18n.localize("dashboard.server.label")%></h1>
<% } %>
</a>
</div>
<% if (isCloud) { %>
<div class="pull-right auth float-remove-xs text-center-xs">
<% if (user) { %>
<ul class="nav navbar-right float-remove-xs text-center-xs">
<li class="visible-inline-block">
<a href="#" target="_self" title="
<%=user.domain%>
">
<span class="icon fw-stack fw-lg">
<i class="fw fw-organization fw-stack-1x" title=" {{@user.domain}}"></i>
</span>
<span class="hidden-xs">
<%=user.domain%>
</span>
</a>
</li>
<li class="visible-inline-block">
<a href="#" target="_blank" class="dropdown" data-toggle="dropdown" title="Account">
<span class="icon fw-stack fw-lg" style="color: red">
<i class="fw fw-resource fw-stack-1x" title="Account"></i>
</span>
<span class="hidden-xs" style="color: red">
Trial 14 days to upgrade
</span>
<span class="caret"></span>
</a>
<ul class="dropdown-menu dropdown-menu-right float-remove-xs position-static-xs text-center-xs remove-margin-xs slideInDown"
role="menu">
<li>
<a title="Upgrade Now"
href="https://cloudmgt.clouddev.wso2.com/cloudmgt/site/pages/payment-plans.jag?cloud-type=device_cloud"
target="_self">
<i class="fw fw-export" title="Upgrade Now"></i> Upgrade Now
</a>
</li>
<li>
<a title="Monetization"
href="https://cloudmgt.clouddev.wso2.com/cloudmgt/site/pages/monetization-dashboard.jag"
target="_self">
<i class="fa fa-money fa-lg" title="Monetization"></i> Monetization
</a>
</li>
<li>
<a title="Request Extension"
href="https://cloudmgt.clouddev.wso2.com/cloudmgt/site/pages/contact-us.jag?cloud-type=device_cloud&amp;request-extension=true"
target="_blank">
<i class="fw fw-mail" title="Request Extension"></i> Request Extension
</a>
</li>
</ul>
</li>
<li class="visible-inline-block">
<a href="#" target="null" class="dropdown" data-toggle="dropdown" title="App Management">
<span class="icon fw-stack fw-lg">
<i class="fw fw-settings fw-stack-1x" title="App Management"></i>
</span>
<span class="hidden-xs">
App Management
</span>
<span class="caret"></span>
</a>
<ul class="dropdown-menu dropdown-menu-right float-remove-xs position-static-xs text-center-xs remove-margin-xs slideInDown"
role="menu">
<li class="visible-inline-block">
<a title="Mobile App Publisher" href="https://devicemgt.clouddev.wso2.com/publisher"
target="_self">
<i class="fw fw-user" title="Mobilr App Publisher"></i> App Publisher
</a>
</li>
<li class="visible-inline-block">
<a title="App Store " href="https://devicemgt.clouddev.wso2.com/store"
target="_self">
<i class="fw fw-store" title="App Store"></i> App Store
</a>
</li>
</ul>
</li>
<li class="visible-inline-block">
<a href="https://cloudmgt.clouddev.wso2.com/cloudmgt/site/pages/contact-us.jag" target="_self"
title="Support">
<span class="icon fw-stack fw-lg" style="color: #ff8c27;">
<i class="fw fw-mail fw-stack-1x" title="Support"></i>
</span>
<span class="hidden-xs" style="color: #ff8c27;">
Support
</span>
</a>
</li>
<li class="visible-inline-block">
<a href="#" target="null" class="dropdown" data-toggle="dropdown" title="Documentation">
<span class="icon fw-stack fw-lg">
<i class="fw fw-document fw-stack-1x" title="Documentation"></i>
</span>
<span class="hidden-xs">
Documentation
</span>
<span class="caret"></span>
</a>
<ul class="dropdown-menu dropdown-menu-right float-remove-xs position-static-xs text-center-xs remove-margin-xs slideInDown"
role="menu">
<li>
<a title="API Cloud"
href="https://docs.wso2.com/display/APICloud/WSO2+API+Cloud+Documentation"
target="_blank">
<i class="fw fw-api" title="API Cloud"></i> API Cloud
</a>
</li>
<li>
<a title="App Cloud"
href="https://docs.wso2.com/display/AppCloud/WSO2+App+Cloud+Documentation"
target="_blank">
<i class="fw fw-application" title="App Cloud"></i> App Cloud
</a>
</li>
<li>
<a title="App Cloud"
href="https://docs.wso2.com/display/AppCloud/WSO2+Device+Cloud+Documentation"
target="_blank">
<i class="fw fw-application" title="App Cloud"></i> Device Cloud
</a>
</li>
<li>
<a title="API Cloud Walkthrough"
href="https://api.clouddev.wso2.com/publisher?interactiveTutorial=true"
target="_self">
<i class="fw fw-document" title="API Cloud Walkthrough"></i> API Cloud Walkthrough
</a>
</li>
</ul>
</li>
<li class="visible-inline-block">
<a href="#" class="dropdown" data-toggle="dropdown" title="user">
<span class="icon fw-stack fw-lg">
<i class="fw fw-circle-outline fw-stack-2x" title="User"></i>
<i class="fw fw-user fw-stack-1x" title="User"></i>
</span>
<span class="hidden-xs">
<%=user.username%></span><span class="caret"></span>
</a>
<ul class="dropdown-menu dropdown-menu-right float-remove-xs position-static-xs text-center-xs remove-margin-xs slideInDown"
role="menu">
<li>
<a title="Profile"
href="https://cloudmgt.clouddev.wso2.com/cloudmgt/site/pages/user-profile.jag"
target="_self">
<i class="fw fw-user" title="Profile"></i> Profile
</a>
</li>
<li>
<a title="Change Password"
href="https://cloudmgt.clouddev.wso2.com/cloudmgt/site/pages/change-password.jag"
target="_self">
<i class="fw fw-lock" title="Change Password"></i> Change Password
</a>
</li>
<li>
<a title="Logout" href="https://api.clouddev.wso2.com/publisher/site/pages/logout.jag"
target="_self">
<i class="fw fw-sign-out" title="Logout"></i> Logout
</a>
</li>
</ul>
</li>
<li class="visible-inline-block cloud-menu">
<a href="#" id="cloud-menu-popover">
<span class="icon fw-stack fw-lg">
<i class="fw fw-tiles fw-stack-1x" data-toggle="popover" data-placement="bottom"
data-original-title="" title=""></i>
</span>
<span class="hidden-xs">
</span>
</a>
</li>
</ul>
</div>
<% } else { %>
<a href="<%=urlPrefix%>login?destination=<%=dest%>" class="dropdown" data-toggle="dropdown">
<%= i18n.localize("login.label")%>
</a>
<% } %>
</div>
<div class="cloud-menu-content hide">
<div id="popover-head" class="hide">Navigate to Cloud</div>
<div id="popover-content" class="hide">
<div class="cloud-apps">
<a href="https://api.cloud.wso2.com/publisher" target="_self" class="cloud-block add-padding-top-3x">
<i class="fw fw-api fw-3x"></i>
<div class="cloud-name">API Cloud</div>
</a>
<a href="https://apps.cloud.wso2.com/appmgt" target="_self" class="cloud-block add-padding-top-3x">
<i class="fw fw-application fw-3x"></i>
<div class="cloud-name">App Cloud</div>
</a>
<a href="https://devicemgt.cloud.wso2.com/devicemgt" target="_self" class="cloud-block add-padding-top-3x">
<i class="fw fw-mobile fw-3x"></i>
<div class="cloud-name">Device Cloud</div>
</a>
<div class="clearfix"></div><!-- to make seperate -->
</div>
<div class="cloud-actions">
<h3>Manage your cloud</h3>
<a href="https://cloudmgt.cloud.wso2.com/cloudmgt/site/pages/organization.jag" target="_self" class="cloud-block-invert add-padding-top-3x">
<i class="fw fw-organization fw-3x"></i>
<div class="cloud-name">Organization</div>
</a>
<a href="https://cloudmgt.cloud.wso2.com/cloudmgt/site/pages/user.jag" target="_self" class="cloud-block-invert add-padding-top-3x">
<i class="fa fa-users fa-3x"></i>
<div class="cloud-name">Members</div>
</a>
</div>
</div>
</div>
<% } else { %>
<div class="pull-right auth float-remove-xs text-center-xs">
<% if (user) { %>
<span class="hidden-xs">
<a href="#" class="dropdown" data-toggle="dropdown">
<span class="add-margin-left-2x add-margin-right-1x"><%=user.username%></span>
<span class="fw fw-user add-margin-right-1x"></span>
<span class="caret add-margin-right-2x"></span>
</a>
<ul class="dropdown-menu dropdown-menu-right" role="menu">
<li class="dropdown-header visible-xs"><%=user.username%> <span class="caret"></span></li>
<li><a href="<%=urlPrefix%>logout?destination=<%=dest%>"><%= i18n.localize("logout.label")%></a></li>
</ul>
</span>
<div class="visible-xs auth-xs">
<a href="#" class="collapsed" data-toggle="collapse" data-target="#auth-menu-items" aria-expanded="false">
<span class="icon fw-stack fw">
<i class="fw fw-user fw-stack-1x"></i>
</span>
<span class="caret"></span>
</a>
<div id="auth-menu-items" class="collapse">
<ul >
<li><%=user.username%></li>
<li><a href="<%=urlPrefix%>logout?destination=<%=dest%>"><%= i18n.localize("logout.label")%></a></li>
</ul>
</div>
</div>
<% } else { %>
<a href="<%=urlPrefix%>login?destination=<%=dest%>" class="dropdown" data-toggle="dropdown">
<%= i18n.localize("login.label")%>
</a>
<% } %>
</div>
<% } %>
</div>
</header>

@ -0,0 +1,204 @@
/*
* Copyright (c) 2015, WSO2 Inc. (http://www.wso2.org) All Rights Reserved.
*
* Licensed under the Apache License, Version 2.0 (the "License");
* you may not use this file except in compliance with the License.
* You may obtain a copy of the License at
*
* http://www.apache.org/licenses/LICENSE-2.0
*
* Unless required by applicable law or agreed to in writing, software
* distributed under the License is distributed on an "AS IS" BASIS,
* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
* See the License for the specific language governing permissions and
* limitations under the License.
*/
$(function () {
var dashboardsApi = ues.utils.tenantPrefix() + 'apis/dashboards';
var dashboards = [];
var isStillLoading = false;
var nextStart = 0;
var hasMore = true;
/**
* Page count.
* @const
*/
var PAGE_COUNT = 10;
// Pre-compiling handlebar templates
var dashboardsListHbs = Handlebars.compile($("#ues-dashboards-list-hbs").html());
var dashboardThumbnailHbs = Handlebars.compile($("#ues-dashboard-thumbnail-hbs").html());
var dashboardConfirmHbs = Handlebars.compile($("#ues-dashboard-confirm-hbs").html());
var dashboardsEmptyHbs = Handlebars.compile($("#ues-dashboards-empty-hbs").html());
Handlebars.registerPartial('ues-dashboard-thumbnail-hbs', dashboardThumbnailHbs);
/**
* Find the dashboard using dashboard id.
* @param id
* @return {object}
* @private
* */
var findDashboard = function (id) {
var i;
var dashboard;
var length = dashboards.length;
for (i = 0; i < length; i++) {
dashboard = dashboards[i];
if (dashboard.id === id) {
return dashboard;
}
}
};
/**
* Delete the selected dashboard
* @param el:-selected dashboard element
* @private
* */
var deleteDashboard = function (el) {
var button = Ladda.create(el[0]);
button.start();
var id = el.closest('.ues-dashboard').data('id');
$.ajax({
url: dashboardsApi + '/' + id,
method: 'DELETE',
async : false,
success: function () {
button.stop();
location.reload();
},
error: function () {
button.stop();
}
});
};
/**
* Load the list of dashboards available.
* @private
* */
var loadDashboards = function () {
isStillLoading = true;
if (!hasMore) {
isStillLoading = false;
$('.ues-dashboard').each(function (i, obj) {
if ($(this).find('.ues-dashboard-share').length) {
$(this).addClass("shared");
}
});
return;
}
ues.store.assets('dashboard', {
start: nextStart,
count: PAGE_COUNT
}, function (err, data) {
var dashboardsEl = $('#ues-portal').find('.ues-dashboards');
hasMore = data.length;
if (!hasMore && nextStart === 0) {
dashboardsEl.append(dashboardsEmptyHbs());
return;
}
nextStart += PAGE_COUNT;
dashboards = dashboards.concat(data);
dashboardsEl.append(dashboardsListHbs(data));
var win = $(window);
var doc = $(document);
isStillLoading = false;
if (doc.height() > win.height()) {
return;
}
loadDashboards();
$(".disable").on('click', function (event) {
event.preventDefault();
});
});
};
/**
* Initialize the UI functionality such as binding events.
* @private
* */
var initUI = function () {
var portal = $('#ues-portal');
portal.on('click', '.ues-dashboards .ues-dashboard-trash-handle', function (e) {
e.preventDefault();
var thiz = $(this);
var dashboardEl = thiz.closest('.ues-dashboard');
var id = dashboardEl.data('id');
var dashboard = findDashboard(id);
dashboardEl.html(dashboardConfirmHbs(dashboard));
});
portal.on('click', '.ues-dashboards .ues-dashboard-trash-confirm', function (e) {
e.preventDefault();
deleteDashboard($(this));
});
portal.on('click', '.ues-dashboards .ues-dashboard-trash-cancel', function (e) {
e.preventDefault();
var thiz = $(this);
var dashboardEl = thiz.closest('.ues-dashboard');
var id = dashboardEl.data('id');
var dashboard = findDashboard(id);
dashboardEl.html(dashboardThumbnailHbs(dashboard));
});
portal.on('click', '.ues-view:not(.disable)', function(e) {
e.preventDefault();
window.open($(this).attr('href'), '_blank');
});
$('#filter-dashboards a').on('click', function () {
$('#filter').html($(this).text());
var filter = $(this).data('filter');
$('.ues-dashboard-container').each(function (i, obj) {
if (filter === "All") {
$(this).show();
} else {
if ($(this).find('.ues-dashboard-share').length) {
filter === "Shared" ? $(this).show() : $(this).hide();
} else {
filter === "Shared" ? $(this).hide() : $(this).show();
}
}
});
});
$(window).scroll(function () {
var win = $(window);
var doc = $(document);
if (win.scrollTop() + win.height() < doc.height() - 100) {
return;
}
if (!isStillLoading) {
loadDashboards();
}
});
};
$(document).ready(function () {
if($('#cloud-menu-popover').length) {
$('#cloud-menu-popover i.fw-tiles').popover({
html: true,
trigger:'click',
title: function() {
return $("#popover-head").html();
},
content: function() {
return $("#popover-content").html();
}
});
}
});
initUI();
loadDashboards();
});

@ -253,10 +253,10 @@
<ApplicationTokenScope>am_application_scope</ApplicationTokenScope>
<!-- All scopes under the ScopeWhitelist element are not validating against roles that has assigned to it.
By default ^device_.* and openid scopes have been white listed internally. -->
<!--ScopeWhitelist>
<ScopeWhitelist>
<Scope>^device_.*</Scope>
<Scope>openid</Scope>
</ScopeWhitelist-->
<!--<Scope>openid</Scope>-->
</ScopeWhitelist>
<!-- Name of the token API -->
<TokenEndPointName>/oauth2/token</TokenEndPointName>
<!-- This the API URL for revoke API. When we revoke tokens revoke requests should go through this

@ -1,63 +0,0 @@
<?xml version="1.0" encoding="ISO-8859-1"?>
<!--
~ Copyright (c) 2015, WSO2 Inc. (http://www.wso2.org) All Rights Reserved.
~
~ WSO2 Inc. licenses this file to you under the Apache License,
~ Version 2.0 (the "License"); you may not use this file except
~ in compliance with the License.
~ you may obtain a copy of the License at
~
~ http://www.apache.org/licenses/LICENSE-2.0
~
~ Unless required by applicable law or agreed to in writing,
~ software distributed under the License is distributed on an
~ "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
~ KIND, either express or implied. See the License for the
~ specific language governing permissions and limitations
~ under the License.
-->
<DeviceMgtConfiguration>
<ManagementRepository>
<DataSourceConfiguration>
<JndiLookupDefinition>
<Name>jdbc/DM_DS</Name>
</JndiLookupDefinition>
</DataSourceConfiguration>
</ManagementRepository>
<PushNotificationProviders>
<Provider>org.wso2.carbon.device.mgt.extensions.push.notification.provider.mqtt.MQTTBasedPushNotificationProvider</Provider>
<Provider>org.wso2.carbon.device.mgt.extensions.push.notification.provider.xmpp.XMPPBasedPushNotificationProvider</Provider>
<!--<Provider>org.wso2.carbon.device.mgt.extensions.push.notification.provider.gcm.GCMBasedPushNotificationProvider</Provider>-->
<!--<Provider>org.wso2.carbon.device.mgt.mobile.impl.ios.apns.APNSBasedPushNotificationProvider</Provider>-->
</PushNotificationProviders>
<IdentityConfiguration>
<ServerUrl>https://localhost:9443</ServerUrl>
<AdminUsername>admin</AdminUsername>
<AdminPassword>admin</AdminPassword>
</IdentityConfiguration>
<PolicyConfiguration>
<MonitoringClass>org.wso2.carbon.policy.mgt</MonitoringClass>
<MonitoringEnable>false</MonitoringEnable>
<MonitoringFrequency>60000</MonitoringFrequency>
<MaxRetries>5</MaxRetries>
<MinRetriesToMarkUnreachable>8</MinRetriesToMarkUnreachable>
<MinRetriesToMarkInactive>20</MinRetriesToMarkInactive>
<!--Set the policy evaluation point name (Simple/Merged)-->
<!--Simple - Simple policy evaluation point-->
<!--Merged - Merged policy evaluation point -->
<PolicyEvaluationPoint>Simple</PolicyEvaluationPoint>
</PolicyConfiguration>
<TaskConfiguration>
<Enable>true</Enable>
<Frequency>60000</Frequency>
<TaskClass>org.wso2.carbon.device.mgt.core.task.impl.DeviceDetailsRetrieverTask</TaskClass>
</TaskConfiguration>
<!-- Default Page size configuration for paginated DM APIs-->
<PaginationConfiguration>
<DeviceListPageSize>20</DeviceListPageSize>
<NotificationListPageSize>20</NotificationListPageSize>
<ActivityListPageSize>20</ActivityListPageSize>
<OperationListPageSize>20</OperationListPageSize>
</PaginationConfiguration>
</DeviceMgtConfiguration>

@ -35,6 +35,6 @@
<!--Webapp will be published only when running below profiles-->
<Profiles>
<Profile>default</Profile>
<Profile>devicetype-publisher</Profile>
<Profile>device-manager</Profile>
</Profiles>
</WebappPublisherConfigs>

@ -44,7 +44,7 @@
</AuthenticationStep>
</AuthenticationSteps>
<UseUserstoreDomainInUsername>true</UseUserstoreDomainInUsername>
<UseTenantDomainInUsername>false</UseTenantDomainInUsername>
<UseTenantDomainInUsername>true</UseTenantDomainInUsername>
</LocalAndOutBoundAuthenticationConfig>
<RequestPathAuthenticatorConfigs>
</RequestPathAuthenticatorConfigs>

@ -44,7 +44,7 @@
</AuthenticationStep>
</AuthenticationSteps>
<UseUserstoreDomainInUsername>true</UseUserstoreDomainInUsername>
<UseTenantDomainInUsername>false</UseTenantDomainInUsername>
<UseTenantDomainInUsername>true</UseTenantDomainInUsername>
</LocalAndOutBoundAuthenticationConfig>
<RequestPathAuthenticatorConfigs>
</RequestPathAuthenticatorConfigs>

@ -44,7 +44,7 @@
</AuthenticationStep>
</AuthenticationSteps>
<UseUserstoreDomainInUsername>true</UseUserstoreDomainInUsername>
<UseTenantDomainInUsername>false</UseTenantDomainInUsername>
<UseTenantDomainInUsername>true</UseTenantDomainInUsername>
</LocalAndOutBoundAuthenticationConfig>
<RequestPathAuthenticatorConfigs>
</RequestPathAuthenticatorConfigs>

@ -44,7 +44,7 @@
</AuthenticationStep>
</AuthenticationSteps>
<UseUserstoreDomainInUsername>true</UseUserstoreDomainInUsername>
<UseTenantDomainInUsername>false</UseTenantDomainInUsername>
<UseTenantDomainInUsername>true</UseTenantDomainInUsername>
</LocalAndOutBoundAuthenticationConfig>
<RequestPathAuthenticatorConfigs>
</RequestPathAuthenticatorConfigs>

@ -44,7 +44,7 @@
</AuthenticationStep>
</AuthenticationSteps>
<UseUserstoreDomainInUsername>true</UseUserstoreDomainInUsername>
<UseTenantDomainInUsername>false</UseTenantDomainInUsername>
<UseTenantDomainInUsername>true</UseTenantDomainInUsername>
</LocalAndOutBoundAuthenticationConfig>
<RequestPathAuthenticatorConfigs>
</RequestPathAuthenticatorConfigs>

@ -476,6 +476,7 @@ org.owasp.csrfguard.unprotected.socialAcs=%servletContext%/social/acs
org.owasp.csrfguard.unprotected.socialApis=%servletContext%/social/apis
org.owasp.csrfguard.unprotected.appStoreDevices=%servletContext%/store/apps/devices/*
org.owasp.csrfguard.unprotected.appStoreApis=%servletContext%/store/apis/*
org.owasp.csrfguard.unprotected.appPortalClient=%servletContext%/portal/apis/*
#carbon

@ -25,22 +25,35 @@
<Authenticators xmlns="http://wso2.org/projects/carbon/authenticators.xml">
<!-- authenticator Configurations for OAuthAuthenticator -->
<Authenticator name="OAuthAuthenticator" disabled="false">
<Priority>10</Priority>
<Config>
<Parameter name="isRemote">false</Parameter>
<Parameter name="hostURL">https://localhost:9443</Parameter>
<Parameter name="adminUsername">admin</Parameter>
<Parameter name="adminPassword">admin</Parameter>
</Config>
</Authenticator>
<Authenticator name="SignedJWTAuthenticator" disabled="false">
<Priority>5</Priority>
</Authenticator>
<Authenticator name="OAuthAuthenticator" disabled="true">
<Priority>10</Priority>
<Config>
<Parameter name="isRemote">false</Parameter>
<Parameter name="hostURL">https://localhost:9443</Parameter>
<Parameter name="adminUsername">admin</Parameter>
<Parameter name="adminPassword">admin</Parameter>
</Config>
</Authenticator>
<!-- authenticator Configurations for TokenUIAuthenticator -->
<Authenticator name="TokenUIAuthenticator" disabled="false">
<Priority>5</Priority>
</Authenticator>
<!-- authenticator Configurations for SAML2SSOAuthenticator -->
<!-- Authenticator Configurations for MutualSSLAuthenticator -->
<!--Authenticator name="MutualSSLAuthenticator" disabled="false">
<Priority>5</Priority>
<Config>
<Parameter name="UsernameHeader">UserName</Parameter>
<Parameter name="WhiteListEnabled">false</Parameter>
<Parameter name="WhiteList"/>
</Config>
</Authenticator-->
<!-- authenticator Configurations for SAML2SSOAuthenticator -->
<Authenticator name="SAML2SSOAuthenticator" disabled="true">
<Priority>10</Priority>
<Config>

@ -0,0 +1,99 @@
<?xml version='1.0' encoding='utf-8'?>
<!--
Licensed to the Apache Software Foundation (ASF) under one or more
contributor license agreements. See the NOTICE file distributed with
this work for additional information regarding copyright ownership.
The ASF licenses this file to You under the Apache License, Version 2.0
(the "License"); you may not use this file except in compliance with
the License. You may obtain a copy of the License at
http://www.apache.org/licenses/LICENSE-2.0
Unless required by applicable law or agreed to in writing, software
distributed under the License is distributed on an "AS IS" BASIS,
WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
See the License for the specific language governing permissions and
limitations under the License.
-->
<Server port="8005" shutdown="SHUTDOWN">
<Service className="org.wso2.carbon.tomcat.ext.service.ExtendedStandardService" name="Catalina">
<!--
optional attributes:
proxyPort="80"
-->
<Connector protocol="org.apache.coyote.http11.Http11NioProtocol"
port="9763"
redirectPort="9443"
bindOnInit="false"
maxHttpHeaderSize="8192"
acceptorThreadCount="2"
maxThreads="250"
minSpareThreads="50"
disableUploadTimeout="false"
connectionUploadTimeout="120000"
maxKeepAliveRequests="200"
acceptCount="200"
server="WSO2 Carbon Server"
compression="on"
compressionMinSize="2048"
noCompressionUserAgents="gozilla, traviata"
compressableMimeType="text/html,text/javascript,application/x-javascript,application/javascript,application/xml,text/css,application/xslt+xml,text/xsl,image/gif,image/jpg,image/jpeg"
URIEncoding="UTF-8"/>
<!--
optional attributes:
proxyPort="443"
Added sslEnabledProtocols="TLSv1,TLSv1.1,TLSv1.2" for poodle vulnerability fix
-->
<Connector protocol="org.apache.coyote.http11.Http11NioProtocol"
port="9443"
bindOnInit="false"
sslProtocol="TLS"
sslEnabledProtocols="TLSv1,TLSv1.1,TLSv1.2"
maxHttpHeaderSize="8192"
acceptorThreadCount="2"
maxThreads="250"
minSpareThreads="50"
disableUploadTimeout="false"
enableLookups="false"
connectionUploadTimeout="120000"
maxKeepAliveRequests="200"
acceptCount="200"
server="WSO2 Carbon Server"
clientAuth="want"
compression="on"
scheme="https"
secure="true"
SSLEnabled="true"
compressionMinSize="2048"
noCompressionUserAgents="gozilla, traviata"
compressableMimeType="text/html,text/javascript,application/x-javascript,application/javascript,application/xml,text/css,application/xslt+xml,text/xsl,image/gif,image/jpg,image/jpeg"
keystoreFile="${carbon.home}/repository/resources/security/wso2carbon.jks"
keystorePass="wso2carbon"
URIEncoding="UTF-8"/>
<Engine name="Catalina" defaultHost="localhost">
<!--Realm className="org.apache.catalina.realm.MemoryRealm" pathname="${carbon.home}/repository/conf/tomcat/tomcat-users.xml"/-->
<Realm className="org.wso2.carbon.tomcat.ext.realms.CarbonTomcatRealm"/>
<Host name="localhost" unpackWARs="true" deployOnStartup="false" autoDeploy="false"
appBase="${carbon.home}/repository/deployment/server/webapps/">
<Valve className="org.wso2.carbon.tomcat.ext.valves.CarbonContextCreatorValve"/>
<Valve className="org.apache.catalina.valves.AccessLogValve" directory="${carbon.home}/repository/logs"
prefix="http_access_" suffix=".log"
pattern="combined"/>
<Valve className="org.wso2.carbon.tomcat.ext.valves.CarbonStuckThreadDetectionValve" threshold="600"/>
<Valve className="org.wso2.carbon.tomcat.ext.valves.CompositeValve"/>
</Host>
</Engine>
</Service>
</Server>

@ -1,4 +1,5 @@
{
"isCloud" : false,
"store": {
"types": ["fs"]
},
@ -20,7 +21,7 @@
"acs": "%https.host%/portal/acs",
"identityAlias": "wso2carbon",
"defaultNameIDPolicy": "urn:oasis:names:tc:SAML:1.1:nameid-format:unspecified",
"useTenantKey": false,
"useTenantKey": true,
"isPassive": false
}
},
@ -34,7 +35,7 @@
"methods": {
"oauth": {
"attributes": {
"apimgt-gateway": false,
"apimgt-gateway": true,
"oauthProvider": {
"appRegistration": {
"appType": "webapp",
@ -46,7 +47,8 @@
"grantType": "password refresh_token urn:ietf:params:oauth:grant-type:saml2-bearer urn:ietf:params:oauth:grant-type:jwt-bearer",
"tokenScope": "admin",
"callbackUrl": "%https.host%/portal",
"saasApp":true
"saasApp":true,
"samlGrantTypeName":"urn:ietf:params:oauth:grant-type:saml2-bearer"
},
"tokenServiceURL": "https://localhost:9443/oauth2/token"
},

@ -0,0 +1,598 @@
/*
* Copyright (c) 2016, WSO2 Inc. (http://www.wso2.org) All Rights Reserved.
*
* WSO2 Inc. licenses this file to you under the Apache License,
* Version 2.0 (the "License"); you may not use this file except
* in compliance with the License.
* You may obtain a copy of the License at
*
* http://www.apache.org/licenses/LICENSE-2.0
*
* Unless required by applicable law or agreed to in writing,
* software distributed under the License is distributed on an
* "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND,
* either express or implied. See the License for the
* specific language governing permissions and limitations
* under the License.
*/
var utils = function () {
var log = new Log("/modules/oauth/token-handler-utils.js");
var configs = require('/configs/portal.js').config();
var constants = require("/modules/constants.js");
var carbon = require("carbon");
//noinspection JSUnresolvedVariable
var Base64 = Packages.org.apache.commons.codec.binary.Base64;
//noinspection JSUnresolvedVariable
var String = Packages.java.lang.String;
var publicMethods = {};
var privateMethods = {};
publicMethods["encode"] = function (payload) {
return String(Base64.encodeBase64(String(payload).getBytes()));
};
publicMethods["decode"] = function (payload) {
return String(Base64.decodeBase64(String(payload).getBytes()));
};
/**
* Check whether this application is oauth enable or not
* @returns boolean if oauth enable
*/
publicMethods["checkOAuthEnabled"] = function () {
if (constants.AUTHORIZATION_TYPE_OAUTH === configs["authorization"]["activeMethod"]) {
return true;
}
return false;
};
/**
* Set access token into xml http request header
* @param xhr xml http request
* @returns {*} xhr which has access token it's header
*/
publicMethods["setAccessToken"] = function (xhr, callback) {
var accessToken;
if (publicMethods.checkOAuthEnabled()) {
try {
accessToken = parse(session.get(constants.ACCESS_TOKEN_PAIR_IDENTIFIER_FOR_PORTAL))["accessToken"];
xhr.setRequestHeader(constants.AUTHORIZATION_HEADER, constants.BEARER_PREFIX + accessToken);
} catch (exception) {
log.error("Access token hasn't been set yet, " + exception);
} finally {
callback(xhr);
}
}
callback(xhr);
};
/**
* Get access token of current logged user
* @param callBack response with access token
*/
publicMethods["getAccessToken"] = function (callBack) {
var accessToken = null;
if (publicMethods.checkOAuthEnabled()) {
try {
accessToken = parse(session.get(constants.ACCESS_TOKEN_PAIR_IDENTIFIER_FOR_PORTAL))["accessToken"];
} catch (exception) {
log.error("Access token hasn't been set yet, " + exception);
} finally {
callBack(accessToken);
}
}
callBack(accessToken);
};
/**
* Create error message which adhere to xml http response object
* @param statusCode response status code
* @param status response status
* @param responseText response message
* @returns {{statusCode: *, status: *, responseText: *}}
*/
publicMethods["createXHRObject"] = function (statusCode, status, responseText) {
return {"statusCode": statusCode, "status": status, "responseText": responseText};
};
/**
* check whether user already logged to system before invoking any apis
* @param callBack
*/
publicMethods["isUserAuthorized"] = function (callBack) {
if (session.get("Loged") !== constants.LOGIN_MESSAGE) {
callBack(false);
} else {
callBack(true);
}
};
/**
* Get identity provider uir
* @returns {*}
*/
publicMethods["getIdPServerURL"] = function () {
return configs["authorization"]["methods"]["oauth"]["attributes"]["oauthProvider"]["tokenServiceURL"];
};
/**
* Get an Access token pair based on client secret
* @param encodedClientKeys {{clientId:"", clientSecret:""}}
* @param scope eg: PRODUCTION
* @param idPServer identity provider url
* @returns {{accessToken: *, refreshToken: *}}
*/
publicMethods["getTokenWithClientSecretType"] = function (encodedClientKeys, scope, idPServer) {
var xhr = new XMLHttpRequest();
var tokenEndpoint = idPServer;
xhr.open(constants.HTTP_POST, tokenEndpoint, false);
xhr.setRequestHeader(constants.CONTENT_TYPE_IDENTIFIER, constants.APPLICATION_X_WWW_FOR_URLENCODED);
xhr.setRequestHeader(constants.AUTHORIZATION_HEADER, constants.BASIC_PREFIX + encodedClientKeys);
xhr.send("grant_type=client_credentials&scope=" + scope);
var tokenPair = {};
if (xhr.status == constants.HTTP_ACCEPTED) {
var data = parse(xhr.responseText);
tokenPair.refreshToken = data.refresh_token;
tokenPair.accessToken = data.access_token;
} else if (xhr.status == constants.HTTP_USER_NOT_AUTHENTICATED) {
log.error("Error in obtaining token with client secret grant type, You are not authenticated yet");
return null;
} else {
log.error("Error in obtaining token with client secret grant type, This might be a problem with client meta " +
"data which required for client secret grant type");
return null;
}
return tokenPair;
};
/**
* This will create client id and client secret for a given application
* @param properties "callbackUrl": "",
* "clientName": "",
* "owner": "",
* "applicationType": "",
* "grantType": "",
* "saasApp" :"",
* "dynamicClientRegistrationEndPoint" : ""
*
* @returns {{clientId:*, clientSecret:*}}
*/
publicMethods["getDynamicClientAppCredentials"] = function (username) {
// setting up dynamic client application properties
var dcAppProperties = {
"applicationType": configs["authorization"]["methods"]["oauth"]["attributes"]["oauthProvider"]["appRegistration"]["appType"],
"clientName": configs["authorization"]["methods"]["oauth"]["attributes"]["oauthProvider"]["appRegistration"]["clientName"],
"owner": configs["authorization"]["methods"]["oauth"]["attributes"]["oauthProvider"]["appRegistration"]["owner"],
"tokenScope": configs["authorization"]["methods"]["oauth"]["attributes"]["oauthProvider"]["appRegistration"]["tokenScope"],
"grantType": configs["authorization"]["methods"]["oauth"]["attributes"]["oauthProvider"]["appRegistration"]["grantType"],
"callbackUrl": configs["authorization"]["methods"]["oauth"]["attributes"]["oauthProvider"]["appRegistration"]["callbackUrl"],
"saasApp" : configs["authorization"]["methods"]["oauth"]["attributes"]["oauthProvider"]["appRegistration"]["saasApp"]
};
var tenantDomain = carbon.server.tenantDomain({username: username});
if (!tenantDomain) {
log.error("{/modules/oauth/token-handler-utils.js} Error in retrieving tenant " +
"based client application credentials. Unable to obtain a valid tenant domain for provided username "+
username +"- getDynamicClientAppCredentials(x)");
return null;
} else {
var cachedTenantBasedClientAppCredentials = privateMethods.
getCachedTenantBasedClientAppCredentials(tenantDomain);
if (cachedTenantBasedClientAppCredentials) {
return cachedTenantBasedClientAppCredentials;
} else {
// calling dynamic client app registration service endpoint
var requestURL = configs["authorization"]["methods"]["oauth"]["attributes"]["oauthProvider"]["appRegistration"]
["dynamicClientAppRegistrationServiceURL"];
var requestPayload = dcAppProperties;
var token = publicMethods.encode(configs["authorization"]["methods"]["oauth"]["attributes"]["oauthProvider"]
["appRegistration"]["owner"] + ":" + configs["authorization"]["methods"]["oauth"]["attributes"]
["oauthProvider"]["appRegistration"]["password"]);
var xhr = new XMLHttpRequest();
xhr.open("POST", requestURL, false);
xhr.setRequestHeader("Content-Type", "application/json");
xhr.setRequestHeader("Authorization", "Basic "+ token);
xhr.send(stringify(requestPayload));
var dynamicClientAppCredentials = {};
if (xhr["status"] == 201 || xhr["status"] == 200 && xhr["responseText"]) {
var responsePayload = parse(xhr["responseText"]);
var clientId = responsePayload["client_id"];
var clientSecret = responsePayload["client_secret"];
if(typeof clientId == "undefined"){
clientId = responsePayload["clientId"];
}
if(typeof clientSecret == "undefined"){
clientSecret = responsePayload["clientSecret"];
}
dynamicClientAppCredentials["clientId"] = clientId;
dynamicClientAppCredentials["clientSecret"] = clientSecret;
privateMethods.
setCachedTenantBasedClientAppCredentials(tenantDomain, dynamicClientAppCredentials);
} else if (xhr["status"] == 400) {
log.error("{/modules/oauth/token-handler-utils.js - getDynamicClientAppCredentials()} " +
"Bad request. Invalid data provided as dynamic client application properties.");
dynamicClientAppCredentials = null;
} else {
log.error("{/modules/oauth/token-handler-utils.js - getDynamicClientAppCredentials()} " +
"Error in retrieving dynamic client credentials.");
dynamicClientAppCredentials = null;
}
// returning dynamic client credentials
return dynamicClientAppCredentials;
}
}
};
/**
* If gateway is enable, apiManagerClientAppRegistrationServiceURL is used to create oauth application
* @param username username of current logged user
* @returns {{clientId:*, clientSecret:*}}
*/
publicMethods["getTenantBasedClientAppCredentials"] = function (username) {
if (!username) {
log.error("{/modules/oauth/token-handler-utils.js} Error in retrieving tenant " +
"based client app credentials. No username " +
"as input - getTenantBasedClientAppCredentials(x)");
return null;
} else {
//noinspection JSUnresolvedFunction, JSUnresolvedVariable
var tenantDomain = carbon.server.tenantDomain({username: username});
if (!tenantDomain) {
log.error("{/modules/oauth/token-handler-utils.js} Error in retrieving tenant " +
"based client application credentials. Unable to obtain a valid tenant domain for provided " +
"username - getTenantBasedClientAppCredentials(x, y)");
return null;
} else {
var cachedTenantBasedClientAppCredentials = privateMethods.
getCachedTenantBasedClientAppCredentials(tenantDomain);
if (cachedTenantBasedClientAppCredentials) {
return cachedTenantBasedClientAppCredentials;
} else {
var adminUsername = configs["authorization"]["methods"]["oauth"]["attributes"]["adminUser"];
var adminUserTenantId = configs["authorization"]["methods"]["oauth"]["attributes"]
["adminUserTenantId"];
//claims required for jwtAuthenticator.
var claims = {"http://wso2.org/claims/enduserTenantId": adminUserTenantId,
"http://wso2.org/claims/enduser": adminUsername};
var jwtToken = publicMethods.getJwtToken(adminUsername, claims);
// register a tenant based client app at API Manager
var applicationName = configs["authorization"]["methods"]["oauth"]["attributes"]["oauthProvider"]
["appRegistration"]["clientName"] + "_" + tenantDomain;
var requestURL = configs["authorization"]["methods"]["oauth"]["attributes"]["oauthProvider"]
["appRegistration"]["apiManagerClientAppRegistrationServiceURL"] +
"?tenantDomain=" + tenantDomain + "&applicationName=" + applicationName;
var xhr = new XMLHttpRequest();
xhr.open("POST", requestURL, false);
xhr.setRequestHeader("Content-Type", "application/json");
xhr.setRequestHeader("X-JWT-Assertion", "" + jwtToken);
xhr.send();
if ((xhr["status"] == 201 || xhr["status"] == 200) && xhr["responseText"]) {
var responsePayload = parse(xhr["responseText"]);
var tenantBasedClientAppCredentials = {};
var clientId = responsePayload["client_id"];
var clientSecret = responsePayload["client_secret"];
if(typeof clientId == "undefined"){
clientId = responsePayload["clientId"];
}
if(typeof clientSecret == "undefined"){
clientSecret = responsePayload["clientSecret"];
}
tenantBasedClientAppCredentials["clientId"] = clientId;
tenantBasedClientAppCredentials["clientSecret"] = clientSecret;
privateMethods.
setCachedTenantBasedClientAppCredentials(tenantDomain, tenantBasedClientAppCredentials);
return tenantBasedClientAppCredentials;
} else {
log.error("{/modules/oauth/token-handler-utils.js} Error in retrieving tenant " +
"based client application credentials from API " +
"Manager - getTenantBasedClientAppCredentials(x, y)");
return null;
}
}
}
}
};
/**
* Caching oauth application credentials
* @param tenantDomain tenant domain where application is been created
* @param clientAppCredentials {{clientId:*, clientSecret:*}}
*/
privateMethods["setCachedTenantBasedClientAppCredentials"] = function (tenantDomain, clientAppCredentials) {
var cachedTenantBasedClientAppCredentialsMap = application.get(constants["CACHED_CREDENTIALS_PORTAL_APP"]);
if (!cachedTenantBasedClientAppCredentialsMap) {
cachedTenantBasedClientAppCredentialsMap = {};
cachedTenantBasedClientAppCredentialsMap[tenantDomain] = clientAppCredentials;
application.put(constants["CACHED_CREDENTIALS_PORTAL_APP"], cachedTenantBasedClientAppCredentialsMap);
} else if (!cachedTenantBasedClientAppCredentialsMap[tenantDomain]) {
cachedTenantBasedClientAppCredentialsMap[tenantDomain] = clientAppCredentials;
}
};
/**
* Get oauth application credentials from cache
* @param tenantDomain tenant domain where application is been created
* @returns {{clientId:*, clientSecret:*}}
*/
privateMethods["getCachedTenantBasedClientAppCredentials"] = function (tenantDomain) {
var cachedTenantBasedClientAppCredentialsMap = application.get(constants["CACHED_CREDENTIALS_PORTAL_APP"]);
if (!cachedTenantBasedClientAppCredentialsMap ||
!cachedTenantBasedClientAppCredentialsMap[tenantDomain]) {
return null;
} else {
return cachedTenantBasedClientAppCredentialsMap[tenantDomain];
}
};
/**
* Get access token and refresh token using password grant type
* @param username username of the logged user
* @param password password of the logged user
* @param encodedClientAppCredentials {{clientId:*, clientSecret:*}}
* @param scopes scopes list
* @returns {{accessToken: *, refreshToken: *}}
*/
publicMethods["getTokenPairAndScopesByPasswordGrantType"] = function (username, password
, encodedClientAppCredentials, scopes) {
if (!username || !password || !encodedClientAppCredentials || !scopes) {
log.error("{/modules/oauth/token-handler-utils.js} Error in retrieving access token by password " +
"grant type. No username, password, encoded client app credentials or scopes are " +
"found - getTokenPairAndScopesByPasswordGrantType(a, b, c, d)");
return null;
} else {
// calling oauth provider token service endpoint
var requestURL = configs["authorization"]["methods"]["oauth"]["attributes"]["oauthProvider"]
["tokenServiceURL"];
var requestPayload = "grant_type=password&username=" +
username + "&password=" + password + "&scope=" + scopes;
var xhr = new XMLHttpRequest();
xhr.open("POST", requestURL, false);
xhr.setRequestHeader("Content-Type", "application/x-www-form-urlencoded");
xhr.setRequestHeader("Authorization", "Basic " + encodedClientAppCredentials);
xhr.send(requestPayload);
if (xhr["status"] == 200 && xhr["responseText"]) {
var responsePayload = parse(xhr["responseText"]);
var tokenData = {};
tokenData["accessToken"] = responsePayload["access_token"];
tokenData["refreshToken"] = responsePayload["refresh_token"];
tokenData["scopes"] = responsePayload["scope"];
return tokenData;
} else {
log.error("{/modules/oauth/token-handler-utils.js} Error in retrieving access token " +
"by password grant type - getTokenPairAndScopesByPasswordGrantType(a, b, c, d)");
return null;
}
}
};
/**
* Get access token and refresh token using SAML grant type
* @param assertion
* @param encodedClientAppCredentials
* @param scopes
* @returns {{accessToken: *, refreshToken: *}}
*/
publicMethods["getTokenPairAndScopesByJWTGrantType"] = function (username, encodedClientAppCredentials, scopes) {
if (!username || !encodedClientAppCredentials || !scopes) {
log.error("{/app/modules/oauth/token-handler-utils.js} Error in retrieving access token by jwt " +
"grant type. No assertion, encoded client app credentials or scopes are " +
"found - getTokenPairAndScopesByJWTGrantType(x, y, z)");
return null;
} else {
var JWTClientManagerServicePackagePath =
"org.wso2.carbon.identity.jwt.client.extension.service.JWTClientManagerService";
//noinspection JSUnresolvedFunction, JSUnresolvedVariable
var JWTClientManagerService = carbon.server.osgiService(JWTClientManagerServicePackagePath);
//noinspection JSUnresolvedFunction
var jwtClient = JWTClientManagerService.getJWTClient();
// returning access token by JWT grant type
var tokenInfo = jwtClient.getAccessToken(encodedClientAppCredentials,
username, scopes);
var tokenData = {};
tokenData["accessToken"] = tokenInfo.getAccessToken();
tokenData["refreshToken"] = tokenInfo.getRefreshToken();
tokenData["scopes"] = tokenInfo.getScopes();
return tokenData;
}
};
/**
* Get access token and refresh token using SAML grant type
* @param assertion
* @param encodedClientAppCredentials
* @param scopes
* @returns {{accessToken: *, refreshToken: *}}
*/
publicMethods["getTokenPairAndScopesBySAMLGrantType"] = function (assertion, encodedClientAppCredentials, scopes) {
if (!assertion || !encodedClientAppCredentials || !scopes) {
log.error("{/modules/oauth/token-handler-utils.js} Error in retrieving access token by saml " +
"grant type. No assertion, encoded client app credentials or scopes are " +
"found - getTokenPairAndScopesBySAMLGrantType(x, y, z)");
return null;
} else {
var assertionXML = publicMethods.decode(assertion);
/*
TODO: make assertion extraction with proper parsing.
Since Jaggery XML parser seem to add formatting which causes signature verification to fail.
*/
var assertionStartMarker = "<saml2:Assertion";
var assertionEndMarker = "<\/saml2:Assertion>";
var assertionStartIndex = assertionXML.indexOf(assertionStartMarker);
var assertionEndIndex = assertionXML.indexOf(assertionEndMarker);
var extractedAssertion;
if (assertionStartIndex == -1 || assertionEndIndex == -1) {
log.error("{/modules/oauth/token-handler-utils.js} Error in retrieving access token by saml grant " +
"type. Issue in assertion format - getTokenPairAndScopesBySAMLGrantType(x, y, z)");
return null;
} else {
extractedAssertion = assertionXML.
substring(assertionStartIndex, assertionEndIndex) + assertionEndMarker;
var encodedAssertion = publicMethods.encode(extractedAssertion);
// calling oauth provider token service endpoint
var requestURL = configs["authorization"]["methods"]["oauth"]["attributes"]["oauthProvider"]
["tokenServiceURL"];
var requestPayload = "grant_type=urn:ietf:params:oauth:grant-type:saml2-bearer&" +
"assertion=" + encodeURIComponent(encodedAssertion) + "&scope=" + scopes;
var xhr = new XMLHttpRequest();
xhr.open("POST", requestURL, false);
xhr.setRequestHeader("Content-Type", "application/x-www-form-urlencoded");
xhr.setRequestHeader("Authorization", "Basic " + encodedClientAppCredentials);
xhr.send(requestPayload);
if (xhr["status"] == 200 && xhr["responseText"]) {
var responsePayload = parse(xhr["responseText"]);
var tokenData = {};
tokenData["accessToken"] = responsePayload["access_token"];
tokenData["refreshToken"] = responsePayload["refresh_token"];
tokenData["scopes"] = responsePayload["scope"];
return tokenData;
} else {
log.error("{/modules/oauth/token-handler-utils.js} Error in retrieving access token " +
"by password grant type - getTokenPairAndScopesBySAMLGrantType(x, y, z)");
return null;
}
}
}
};
/**
* If access token is expired, try to refresh it using existing refresh token
* @param callback
*/
publicMethods["refreshAccessToken"] = function (callback) {
try {
if (publicMethods.checkOAuthEnabled()) {
var currentTokenPair = parse(session.get(constants["ACCESS_TOKEN_PAIR_IDENTIFIER_FOR_PORTAL"]));
// currentTokenPair includes current access token as well as current refresh token
var encodedClientAppCredentials
= session.get(constants["ENCODED_TENANT_BASED_CLIENT_APP_CREDENTIALS_PORTAL_APP"]);
if (!currentTokenPair || !encodedClientAppCredentials) {
callback(false);
throw new Error("{/modules/oauth/token-handlers.js} Error in refreshing tokens. Either the " +
"token pair, encoded client app credentials or both input are not found under " +
"session context - refreshTokenPair()");
} else {
var newTokenPair = publicMethods.
getNewTokenPairByRefreshToken(currentTokenPair["refreshToken"], encodedClientAppCredentials);
if (!newTokenPair) {
log.error("{/app/modules/oauth/token-handlers.js} Error in refreshing token pair. " +
"Unable to update session context with new access token pair - refreshTokenPair()");
callback(false);
} else {
session.put(constants["ACCESS_TOKEN_PAIR_IDENTIFIER_FOR_PORTAL"], stringify(newTokenPair));
callback(true);
}
}
} else {
log.error("You have not enable dynamic client yet");
callback(false);
}
} catch (exception) {
callback(false);
throw "Error while refreshing existing access token, " + exception;
}
};
/**
* Get access token and refresh token using refresh token grant type
* @param refreshToken refresh token
* @param encodedClientAppCredentials {{clientId:*, clientSecret:*}}
* @param scopes
* @returns {{accessToken: *, refreshToken: *}}
*/
publicMethods["getNewTokenPairByRefreshToken"] = function (refreshToken, encodedClientAppCredentials, scopes) {
if (!refreshToken || !encodedClientAppCredentials) {
log.error("{/modules/oauth/token-handler-utils.js} Error in retrieving new access token " +
"by current refresh token. No refresh token or encoded client app credentials are " +
"found - getNewTokenPairByRefreshToken(x, y, z)");
return null;
} else {
var requestURL = configs["authorization"]["methods"]["oauth"]["attributes"]["oauthProvider"]
["tokenServiceURL"];
var requestPayload = "grant_type=refresh_token&refresh_token=" + refreshToken;
if (scopes) {
requestPayload = requestPayload + "&scope=" + scopes;
}
var xhr = new XMLHttpRequest();
xhr.open("POST", requestURL, false);
xhr.setRequestHeader("Content-Type", "application/x-www-form-urlencoded");
xhr.setRequestHeader("Authorization", "Basic " + encodedClientAppCredentials);
xhr.send(requestPayload);
if (xhr["status"] == 200 && xhr["responseText"]) {
var responsePayload = parse(xhr["responseText"]);
var tokenPair = {};
tokenPair["accessToken"] = responsePayload["access_token"];
tokenPair["refreshToken"] = responsePayload["refresh_token"];
return tokenPair;
} else {
log.error("{/modules/oauth/token-handler-utils.js} Error in retrieving new access token by " +
"current refresh token - getNewTokenPairByRefreshToken(x, y, z)");
return null;
}
}
};
/**
* Get access token using JWT grant type
* @param clientAppCredentials {{clientId:*, clientSecret:*}}
* @returns {{accessToken: *, refreshToken: *}}
*/
publicMethods["getAccessTokenByJWTGrantType"] = function (clientAppCredentials) {
if (!clientAppCredentials) {
log.error("{/modules/oauth/token-handler-utils.js} Error in retrieving new access token " +
"by current refresh token. No client app credentials are found " +
"as input - getAccessTokenByJWTGrantType(x)");
return null;
} else {
var JWTClientManagerServicePackagePath =
"org.wso2.carbon.identity.jwt.client.extension.service.JWTClientManagerService";
//noinspection JSUnresolvedFunction, JSUnresolvedVariable
var JWTClientManagerService = carbon.server.osgiService(JWTClientManagerServicePackagePath);
//noinspection JSUnresolvedFunction
var jwtClient = JWTClientManagerService.getJWTClient();
// returning access token by JWT grant type
return jwtClient.getAccessToken(clientAppCredentials["clientId"], clientAppCredentials["clientSecret"],
configs["authorization"]["methods"]["oauth"]["attributes"]["oauthProvider"]["appRegistration"]["owner"],
null)["accessToken"];
}
};
/**
* Get jwt token
* @param username username of logged user
* @param claims claims which are required
* @returns {"jwtToken"}
*/
publicMethods["getJwtToken"] = function (username, claims) {
if (!username) {
log.error("{/modules/oauth/token-handler-utils.js} Error in retrieving new jwt token");
return null;
} else {
var JWTClientManagerServicePackagePath =
"org.wso2.carbon.identity.jwt.client.extension.service.JWTClientManagerService";
//noinspection JSUnresolvedFunction, JSUnresolvedVariable
var JWTClientManagerService = carbon.server.osgiService(JWTClientManagerServicePackagePath);
//noinspection JSUnresolvedFunction
var jwtClient = JWTClientManagerService.getJWTClient();
// returning access token by JWT grant type
if (claims) {
return jwtClient.getJwtToken(username, claims);
} else {
return jwtClient.getJwtToken(username);
}
}
};
return publicMethods;
}();

@ -0,0 +1,192 @@
/*
* Copyright (c) 2016, WSO2 Inc. (http://www.wso2.org) All Rights Reserved.
*
* WSO2 Inc. licenses this file to you under the Apache License,
* Version 2.0 (the "License"); you may not use this file except
* in compliance with the License.
* You may obtain a copy of the License at
*
* http://www.apache.org/licenses/LICENSE-2.0
*
* Unless required by applicable law or agreed to in writing,
* software distributed under the License is distributed on an
* "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND,
* either express or implied. See the License for the
* specific language governing permissions and limitations
* under the License.
*/
/**
* -----------------------------------------------------
* Following module includes handlers
* at Jaggery Layer for handling OAuth tokens.
* -----------------------------------------------------
*/
var handlers = function () {
var log = new Log("/modules/oauth/token-handlers.js");
var tokenUtil = require("/modules/oauth/token-handler-utils.js")["utils"];
var constants = require("/modules/constants.js");
var configs = require('/configs/portal.js').config();
var publicMethods = {};
var privateMethods = {};
/**
* Get an AccessToken pair based on username and password
* @param username username of the logged user
* @param password password of the logged user
*/
publicMethods["setupTokenPairByPasswordGrantType"] = function (username, password) {
if (!username || !password) {
throw new Error("{/modules/oauth/token-handlers.js} Could not set up access token pair by " +
"password grant type. Either username of logged in user, password or both are missing " +
"as input - setupTokenPairByPasswordGrantType(x, y)");
} else {
privateMethods.setUpEncodedTenantBasedClientAppCredentials(username);
var encodedClientAppCredentials =
session.get(constants["ENCODED_TENANT_BASED_CLIENT_APP_CREDENTIALS_PORTAL_APP"]);
if (!encodedClientAppCredentials) {
throw new Error("{/modules/oauth/token-handlers.js} Could not set up access token pair by " +
"password grant type. Encoded client credentials are " +
"missing - setupTokenPairByPasswordGrantType(x, y)");
} else {
var tokenData;
// tokenPair will include current access token as well as current refresh token
var arrayOfScopes = configs["authorization"]["methods"]["oauth"]["attributes"]["scopes"];
var stringOfScopes = "";
arrayOfScopes.forEach(function (entry) {
stringOfScopes += entry + " ";
});
tokenData = tokenUtil.
getTokenPairAndScopesByPasswordGrantType(username,
encodeURIComponent(password), encodedClientAppCredentials, stringOfScopes);
if (!tokenData) {
throw new Error("{/app/modules/oauth/token-handlers.js} Could not set up " +
"token pair by password grant type. Error in token " +
"retrieval - setupTokenPairByPasswordGrantType(x, y)");
} else {
var tokenPair = {};
tokenPair["accessToken"] = tokenData["accessToken"];
tokenPair["refreshToken"] = tokenData["refreshToken"];
// setting up token pair into session context as a string
session.put(constants["ACCESS_TOKEN_PAIR_IDENTIFIER_FOR_PORTAL"], stringify(tokenPair));
var scopes = tokenData.scopes.split(" ");
// adding allowed scopes to the session
session.put(constants["ALLOWED_SCOPES"], scopes);
}
}
}
};
/**
* Get an AccessToken pair based on SAML assertion
* @param samlToken SAML assertion
* @param username {{clientId:"", clientSecret:""}}
*/
publicMethods["setupTokenPairBySamlGrantType"] = function (username, samlToken) {
if (!username || !samlToken) {
throw new Error("{/modules/oauth/token-handlers.js} Could not set up access token pair by " +
"saml grant type. Either username of logged in user, samlToken or both are missing " +
"as input - setupTokenPairBySamlGrantType(x, y)");
} else {
privateMethods.setUpEncodedTenantBasedClientAppCredentials(username);
var encodedClientAppCredentials =
session.get(constants["ENCODED_TENANT_BASED_CLIENT_APP_CREDENTIALS_PORTAL_APP"]);
if (!encodedClientAppCredentials) {
throw new Error("{/app/modules/oauth/token-handlers.js} Could not set up access token pair " +
"by saml grant type. Encoded client credentials are " +
"missing - setupTokenPairBySamlGrantType(x, y)");
} else {
var tokenData;
// accessTokenPair will include current access token as well as current refresh token
tokenData = tokenUtil.
getTokenPairAndScopesByJWTGrantType(username, encodedClientAppCredentials, "PRODUCTION");
if (!tokenData) {
throw new Error("{/modules/oauth/token-handlers.js} Could not set up token " +
"pair by saml grant type. Error in token " +
"retrieval - setupTokenPairBySamlGrantType(x, y)");
} else {
var tokenPair = {};
tokenPair["accessToken"] = tokenData["accessToken"];
tokenPair["refreshToken"] = tokenData["refreshToken"];
// setting up access token pair into session context as a string
session.put(constants["ACCESS_TOKEN_PAIR_IDENTIFIER_FOR_PORTAL"], stringify(tokenPair));
var scopes = tokenData.scopes.split(" ");
// adding allowed scopes to the session
session.put(constants["ALLOWED_SCOPES"], scopes);
}
}
}
};
/**
* Set access token and refresh token using refresh token grant type
*/
publicMethods["refreshTokenPair"] = function () {
var currentTokenPair = parse(session.get(constants["ACCESS_TOKEN_PAIR_IDENTIFIER_FOR_PORTAL"]));
// currentTokenPair includes current access token as well as current refresh token
var encodedClientAppCredentials
= session.get(constants["ENCODED_TENANT_BASED_CLIENT_APP_CREDENTIALS_PORTAL_APP"]);
if (!currentTokenPair || !encodedClientAppCredentials) {
throw new Error("{/modules/oauth/token-handlers.js} Error in refreshing tokens. Either the " +
"token pair, encoded client app credentials or both input are not found under " +
"session context - refreshTokenPair()");
} else {
var newTokenPair = tokenUtil.
getNewTokenPairByRefreshToken(currentTokenPair["refreshToken"], encodedClientAppCredentials);
if (!newTokenPair) {
log.error("{/app/modules/oauth/token-handlers.js} Error in refreshing token pair. " +
"Unable to update session context with new access token pair - refreshTokenPair()");
} else {
session.put(constants["ACCESS_TOKEN_PAIR_IDENTIFIER_FOR_PORTAL"], stringify(newTokenPair));
}
}
};
/**
* If gateway is enable, apiManagerClientAppRegistrationServiceURL is used to create an oauth application or
* else DCR endpoint is used to create an oauth application
* @param username username of current logged user
*/
privateMethods["setUpEncodedTenantBasedClientAppCredentials"] = function (username) {
if (!username) {
throw new Error("{/modules/oauth/token-handlers.js} Could not set up encoded tenant based " +
"client credentials to session context. No username of logged in user is found as " +
"input - setUpEncodedTenantBasedClientAppCredentials(x)");
} else {
if (configs["authorization"]["methods"]["oauth"]["attributes"]["apimgt-gateway"]) {
var tenantBasedClientAppCredentials = tokenUtil.getTenantBasedClientAppCredentials(username);
if (!tenantBasedClientAppCredentials) {
throw new Error("{/modules/oauth/token-handlers.js} Could not set up encoded tenant " +
"based client credentials to session context as the server is unable " +
"to obtain such credentials - setUpEncodedTenantBasedClientAppCredentials(x)");
} else {
var encodedTenantBasedClientAppCredentials =
tokenUtil.encode(tenantBasedClientAppCredentials["clientId"] + ":" +
tenantBasedClientAppCredentials["clientSecret"]);
// setting up encoded tenant based client credentials to session context.
session.put(constants["ENCODED_TENANT_BASED_CLIENT_APP_CREDENTIALS_PORTAL_APP"],
encodedTenantBasedClientAppCredentials);
}
} else {
var dynamicClientAppCredentials = tokenUtil.getDynamicClientAppCredentials(username);
if (!dynamicClientAppCredentials) {
throw new Error("{/modules/oauth/token-handlers.js} Could not set up encoded tenant based " +
"client credentials to session context as the server is unable to obtain " +
"dynamic client credentials - setUpEncodedTenantBasedClientAppCredentials(x)");
}
var encodedTenantBasedClientAppCredentials =
tokenUtil.encode(dynamicClientAppCredentials["clientId"] + ":" +
dynamicClientAppCredentials["clientSecret"]);
// setting up encoded tenant based client credentials to session context.
session.put(constants["ENCODED_TENANT_BASED_CLIENT_APP_CREDENTIALS_PORTAL_APP"],
encodedTenantBasedClientAppCredentials);
}
}
};
return publicMethods;
}();

@ -55,7 +55,10 @@ var client = {};
client.validateSignature = function (samlObj, config) {
var tDomain = Util.getDomainName(samlObj);
var tId = carbon.server.tenantId({domain: tDomain});
if (tId != carbon.server.superTenant.tenantId) {
var identityTenantUtil = Packages.org.wso2.carbon.identity.core.util.IdentityTenantUtil;
identityTenantUtil.initializeRegistry(tId,tDomain);
}
return Util.validateSignature(samlObj,
config.KEY_STORE_NAME, config.KEY_STORE_PASSWORD, config.IDP_ALIAS, tId, tDomain);
};

@ -146,6 +146,9 @@
<featureArtifactDef>
org.wso2.carbon.devicemgt:org.wso2.carbon.apimgt.application.extension.feature:${carbon.device.mgt.version}
</featureArtifactDef>
<featureArtifactDef>
org.wso2.carbon.devicemgt:org.wso2.carbon.apimgt.integration.client.feature:${carbon.device.mgt.version}
</featureArtifactDef>
<featureArtifactDef>
org.wso2.carbon.devicemgt:org.wso2.carbon.apimgt.handler.server.feature:${carbon.device.mgt.version}
</featureArtifactDef>
@ -158,6 +161,9 @@
<featureArtifactDef>
org.wso2.carbon.devicemgt:org.wso2.carbon.device.mgt.extensions.push.notification.provider.mqtt.feature:${carbon.device.mgt.version}
</featureArtifactDef>
<featureArtifactDef>
org.wso2.carbon.devicemgt:org.wso2.carbon.device.mgt.extensions.push.notification.provider.gcm.feature:${carbon.device.mgt.version}
</featureArtifactDef>
<featureArtifactDef>
org.wso2.carbon.devicemgt:org.wso2.carbon.device.mgt.extensions.push.notification.provider.xmpp.feature:${carbon.device.mgt.version}
</featureArtifactDef>
@ -359,9 +365,6 @@
<featureArtifactDef>
org.wso2.carbon.identity.framework:org.wso2.carbon.identity.thrift.authentication.feature:${carbon.identity.framework.version.iotcore}
</featureArtifactDef>
<featureArtifactDef>
org.wso2.carbon.identity:org.wso2.carbon.identity.authenticator.mutualssl.feature:${identity.carbon.auth.mutual.ssl.version}
</featureArtifactDef>
<featureArtifactDef>
org.wso2.carbon.identity.metadata.saml2:org.wso2.carbon.identity.inbound.metadata.saml2.server.feature:0.1.1
</featureArtifactDef>
@ -618,6 +621,12 @@
<featureArtifactDef>
org.wso2.carbon.apimgt:org.wso2.carbon.apimgt.rest.api.dcr.feature:${carbon.api.mgt.version}
</featureArtifactDef>
<featureArtifactDef>
org.wso2.carbon.apimgt:org.wso2.carbon.apimgt.rest.api.publisher.feature:${carbon.api.mgt.version}
</featureArtifactDef>
<featureArtifactDef>
org.wso2.carbon.apimgt:org.wso2.carbon.apimgt.rest.api.store.feature:${carbon.api.mgt.version}
</featureArtifactDef>
<!-- End of API Management Features -->
<!-- TCP Transport -->
@ -770,7 +779,7 @@
</configuration>
</execution>
<execution>
<id>p2-profile-generation-devicetype-publisher-profile</id>
<id>p2-profile-generation-device-manager-profile</id>
<phase>package</phase>
<goals>
<goal>materialize-product</goal>
@ -782,11 +791,11 @@
<targetPath>
file:${basedir}/target/wso2carbon-core-${carbon.kernel.version}/repository/components
</targetPath>
<profile>devicetype-publisher</profile>
<profile>device-manager</profile>
</configuration>
</execution>
<execution>
<id>p2-profile-generation-devicetype-worker-profile</id>
<id>p2-profile-generation-device-backend-profile</id>
<phase>package</phase>
<goals>
<goal>materialize-product</goal>
@ -798,7 +807,7 @@
<targetPath>
file:${basedir}/target/wso2carbon-core-${carbon.kernel.version}/repository/components
</targetPath>
<profile>devicetype-worker</profile>
<profile>device-backend</profile>
</configuration>
</execution>
<execution>
@ -846,10 +855,6 @@
<id>org.wso2.carbon.appmgt.core.feature.group</id>
<version>${appmgt.feature.version}</version>
</feature>
<feature>
<id>org.wso2.carbon.store.feature.group</id>
<version>${carbon.store.version}</version>
</feature>
<feature>
<id>org.wso2.carbon.appmgt.mdm.wso2emm.feature.group</id>
<version>${appmgt.feature.version}</version>
@ -866,6 +871,10 @@
<id>org.wso2.carbon.appmgt.services.api.feature.group</id>
<version>${appmgt.feature.version}</version>
</feature>
<feature>
<id>org.wso2.carbon.store.feature.group</id>
<version>${carbon.store.version}</version>
</feature>
<feature>
<id>org.wso2.carbon.appmgt.store.feature.group</id>
<version>${appmgt.feature.version}</version>
@ -893,6 +902,10 @@
<id>org.wso2.carbon.apimgt.application.extension.feature.group</id>
<version>${carbon.device.mgt.version}</version>
</feature>
<feature>
<id>org.wso2.carbon.apimgt.integration.client.feature.group</id>
<version>${carbon.device.mgt.version}</version>
</feature>
<feature>
<id>org.wso2.carbon.email.sender.feature.group</id>
<version>${carbon.device.mgt.version}</version>
@ -945,6 +958,10 @@
<id>org.wso2.carbon.device.mgt.extensions.push.notification.provider.mqtt.feature.group</id>
<version>${carbon.device.mgt.version}</version>
</feature>
<feature>
<id>org.wso2.carbon.device.mgt.extensions.push.notification.provider.gcm.feature.group</id>
<version>${carbon.device.mgt.version}</version>
</feature>
<feature>
<id>org.wso2.carbon.device.mgt.extensions.push.notification.provider.xmpp.feature.group</id>
<version>${carbon.device.mgt.version}</version>
@ -1053,6 +1070,14 @@
<id>org.wso2.carbon.apimgt.rest.api.dcr.feature.group</id>
<version>${carbon.api.mgt.version}</version>
</feature>
<feature>
<id>org.wso2.carbon.apimgt.rest.api.publisher.feature.group</id>
<version>${carbon.api.mgt.version}</version>
</feature>
<feature>
<id>org.wso2.carbon.apimgt.rest.api.store.feature.group</id>
<version>${carbon.api.mgt.version}</version>
</feature>
<!-- API Manager Publisher and Store Features -->
<feature>
<id>org.wso2.carbon.apimgt.gateway.feature.group</id>
@ -1883,6 +1908,10 @@
<id>org.wso2.carbon.device.mgt.extensions.push.notification.provider.mqtt.feature.group</id>
<version>${carbon.device.mgt.version}</version>
</feature>
<feature>
<id>org.wso2.carbon.device.mgt.extensions.push.notification.provider.gcm.feature.group</id>
<version>${carbon.device.mgt.version}</version>
</feature>
<feature>
<id>org.wso2.carbon.device.mgt.extensions.push.notification.provider.xmpp.feature.group</id>
<version>${carbon.device.mgt.version}</version>
@ -1911,6 +1940,10 @@
<id>org.wso2.carbon.apimgt.application.extension.feature.group</id>
<version>${carbon.device.mgt.version}</version>
</feature>
<feature>
<id>org.wso2.carbon.apimgt.integration.client.feature.group</id>
<version>${carbon.device.mgt.version}</version>
</feature>
<feature>
<id>org.wso2.carbon.certificate.mgt.server.feature.group</id>
<version>${carbon.device.mgt.version}</version>
@ -2327,6 +2360,10 @@
<id>org.wso2.carbon.apimgt.application.extension.feature.group</id>
<version>${carbon.device.mgt.version}</version>
</feature>
<feature>
<id>org.wso2.carbon.apimgt.integration.client.feature.group</id>
<version>${carbon.device.mgt.version}</version>
</feature>
<feature>
<id>org.wso2.carbon.dynamic.client.registration.server.feature.group</id>
<version>${carbon.device.mgt.version}</version>
@ -2366,6 +2403,10 @@
<id>org.wso2.carbon.device.mgt.extensions.push.notification.provider.mqtt.feature.group</id>
<version>${carbon.device.mgt.version}</version>
</feature>
<feature>
<id>org.wso2.carbon.device.mgt.extensions.push.notification.provider.gcm.feature.group</id>
<version>${carbon.device.mgt.version}</version>
</feature>
<feature>
<id>org.wso2.carbon.device.mgt.extensions.push.notification.provider.xmpp.feature.group</id>
<version>${carbon.device.mgt.version}</version>
@ -2390,6 +2431,10 @@
<id>org.wso2.carbon.apimgt.application.extension.feature.group</id>
<version>${carbon.device.mgt.version}</version>
</feature>
<feature>
<id>org.wso2.carbon.apimgt.integration.client.feature.group</id>
<version>${carbon.device.mgt.version}</version>
</feature>
<feature>
<id>org.wso2.carbon.certificate.mgt.api.feature.group</id>
<version>${carbon.device.mgt.version}</version>
@ -2433,7 +2478,7 @@
<goal>p2-profile-gen</goal>
</goals>
<configuration>
<profile>devicetype-publisher</profile>
<profile>device-manager</profile>
<metadataRepository>file:${basedir}/target/p2-repo</metadataRepository>
<artifactRepository>file:${basedir}/target/p2-repo</artifactRepository>
<destination>
@ -2447,7 +2492,6 @@
<version>${product.iot.version}</version>
</feature>
<!-- End of IoTServer Features -->
<!-- App management features-->
<feature>
<id>org.wso2.carbon.appmgt.core.feature.group</id>
@ -2512,6 +2556,10 @@
<id>org.wso2.carbon.apimgt.application.extension.feature.group</id>
<version>${carbon.device.mgt.version}</version>
</feature>
<feature>
<id>org.wso2.carbon.apimgt.integration.client.feature.group</id>
<version>${carbon.device.mgt.version}</version>
</feature>
<feature>
<id>org.wso2.carbon.email.sender.feature.group</id>
<version>${carbon.device.mgt.version}</version>
@ -2568,6 +2616,10 @@
<id>org.wso2.carbon.device.mgt.extensions.push.notification.provider.mqtt.feature.group</id>
<version>${carbon.device.mgt.version}</version>
</feature>
<feature>
<id>org.wso2.carbon.device.mgt.extensions.push.notification.provider.gcm.feature.group</id>
<version>${carbon.device.mgt.version}</version>
</feature>
<feature>
<id>org.wso2.carbon.device.mgt.extensions.push.notification.provider.xmpp.feature.group</id>
<version>${carbon.device.mgt.version}</version>
@ -2863,6 +2915,18 @@
<id>org.wso2.carbon.apimgt.gateway.feature.group</id>
<version>${carbon.api.mgt.version}</version>
</feature>
<feature>
<id>org.wso2.carbon.apimgt.rest.api.dcr.feature.group</id>
<version>${carbon.api.mgt.version}</version>
</feature>
<feature>
<id>org.wso2.carbon.apimgt.rest.api.publisher.feature.group</id>
<version>${carbon.api.mgt.version}</version>
</feature>
<feature>
<id>org.wso2.carbon.apimgt.rest.api.store.feature.group</id>
<version>${carbon.api.mgt.version}</version>
</feature>
<feature>
<id>org.wso2.carbon.apimgt.core.feature.group</id>
<version>${carbon.api.mgt.version}</version>
@ -2997,6 +3061,10 @@
<id>org.wso2.carbon.device.mgt.extensions.push.notification.provider.mqtt.feature.group</id>
<version>${carbon.device.mgt.version}</version>
</feature>
<feature>
<id>org.wso2.carbon.device.mgt.extensions.push.notification.provider.gcm.feature.group</id>
<version>${carbon.device.mgt.version}</version>
</feature>
<feature>
<id>org.wso2.carbon.device.mgt.extensions.push.notification.provider.xmpp.feature.group</id>
<version>${carbon.device.mgt.version}</version>
@ -3021,6 +3089,10 @@
<id>org.wso2.carbon.apimgt.application.extension.feature.group</id>
<version>${carbon.device.mgt.version}</version>
</feature>
<feature>
<id>org.wso2.carbon.apimgt.integration.client.feature.group</id>
<version>${carbon.device.mgt.version}</version>
</feature>
<feature>
<id>org.wso2.carbon.certificate.mgt.api.feature.group</id>
<version>${carbon.device.mgt.version}</version>
@ -3091,7 +3163,7 @@
<goal>p2-profile-gen</goal>
</goals>
<configuration>
<profile>devicetype-worker</profile>
<profile>device-backend</profile>
<metadataRepository>file:${basedir}/target/p2-repo</metadataRepository>
<artifactRepository>file:${basedir}/target/p2-repo</artifactRepository>
<destination>
@ -3106,23 +3178,39 @@
</feature>
<!-- End of IoTServer Features -->
<!-- App management features-->
<feature>
<id>org.wso2.carbon.appmgt.core.feature.group</id>
<version>${appmgt.feature.version}</version>
</feature>
<feature>
<id>org.wso2.carbon.appmgt.mdm.wso2emm.feature.group</id>
<version>${appmgt.feature.version}</version>
</feature>
<feature>
<id>org.wso2.carbon.appmgt.mobile.feature.group</id>
<version>${appmgt.feature.version}</version>
</feature>
<feature>
<id>org.wso2.carbon.appmgt.services.api.feature.group</id>
<version>${appmgt.feature.version}</version>
</feature>
<!-- App management features-->
<feature>
<id>org.wso2.carbon.appmgt.core.feature.group</id>
<version>${appmgt.feature.version}</version>
</feature>
<feature>
<id>org.wso2.carbon.appmgt.mdm.wso2emm.feature.group</id>
<version>${appmgt.feature.version}</version>
</feature>
<feature>
<id>org.wso2.carbon.appmgt.mobile.feature.group</id>
<version>${appmgt.feature.version}</version>
</feature>
<feature>
<id>org.wso2.carbon.appmgt.publisher.feature.group</id>
<version>${appmgt.feature.version}</version>
</feature>
<feature>
<id>org.wso2.carbon.appmgt.services.api.feature.group</id>
<version>${appmgt.feature.version}</version>
</feature>
<feature>
<id>org.wso2.carbon.store.feature.group</id>
<version>${carbon.store.version}</version>
</feature>
<feature>
<id>org.wso2.carbon.appmgt.store.feature.group</id>
<version>${appmgt.feature.version}</version>
</feature>
<feature>
<id>org.wso2.carbon.social.feature.group</id>
<version>${carbon.store.version}</version>
</feature>
<feature>
<id>org.wso2.carbon.appmgt.mdm.osgiconnector.feature.group</id>
<version>${carbon.device.mgt.plugin.version}</version>
@ -3131,7 +3219,7 @@
<id>org.wso2.carbon.appmgt.mdm.restconnector.feature.group</id>
<version>${carbon.device.mgt.plugin.version}</version>
</feature>
<!-- End of app management features-->
<!-- End of app management features-->
<!-- Device Management Features -->
<feature>
@ -3150,6 +3238,10 @@
<id>org.wso2.carbon.apimgt.application.extension.feature.group</id>
<version>${carbon.device.mgt.version}</version>
</feature>
<feature>
<id>org.wso2.carbon.apimgt.integration.client.feature.group</id>
<version>${carbon.device.mgt.version}</version>
</feature>
<feature>
<id>org.wso2.carbon.email.sender.feature.group</id>
<version>${carbon.device.mgt.version}</version>
@ -3198,6 +3290,10 @@
<id>org.wso2.carbon.device.mgt.extensions.push.notification.provider.mqtt.feature.group</id>
<version>${carbon.device.mgt.version}</version>
</feature>
<feature>
<id>org.wso2.carbon.device.mgt.extensions.push.notification.provider.gcm.feature.group</id>
<version>${carbon.device.mgt.version}</version>
</feature>
<feature>
<id>org.wso2.carbon.device.mgt.extensions.push.notification.provider.xmpp.feature.group</id>
<version>${carbon.device.mgt.version}</version>
@ -3215,6 +3311,7 @@
<version>${carbon.device.mgt.version}</version>
</feature>
<!-- End of Device Management Features -->
<feature>
<id>org.wso2.carbon.device.mgt.adapter.feature.group</id>
<version>${carbon.device.mgt.plugin.version}</version>
@ -3481,6 +3578,18 @@
<id>org.wso2.carbon.apimgt.store.feature.group</id>
<version>${carbon.api.mgt.version}</version>
</feature>
<feature>
<id>org.wso2.carbon.apimgt.rest.api.dcr.feature.group</id>
<version>${carbon.api.mgt.version}</version>
</feature>
<feature>
<id>org.wso2.carbon.apimgt.rest.api.publisher.feature.group</id>
<version>${carbon.api.mgt.version}</version>
</feature>
<feature>
<id>org.wso2.carbon.apimgt.rest.api.store.feature.group</id>
<version>${carbon.api.mgt.version}</version>
</feature>
<feature>
<id>org.wso2.carbon.registry.extensions.feature.group</id>
<version>${carbon.governance.version}</version>
@ -3607,6 +3716,10 @@
<id>org.wso2.carbon.device.mgt.extensions.push.notification.provider.mqtt.feature.group</id>
<version>${carbon.device.mgt.version}</version>
</feature>
<feature>
<id>org.wso2.carbon.device.mgt.extensions.push.notification.provider.gcm.feature.group</id>
<version>${carbon.device.mgt.version}</version>
</feature>
<feature>
<id>org.wso2.carbon.device.mgt.extensions.push.notification.provider.xmpp.feature.group</id>
<version>${carbon.device.mgt.version}</version>
@ -3631,6 +3744,10 @@
<id>org.wso2.carbon.apimgt.application.extension.feature.group</id>
<version>${carbon.device.mgt.version}</version>
</feature>
<feature>
<id>org.wso2.carbon.apimgt.integration.client.feature.group</id>
<version>${carbon.device.mgt.version}</version>
</feature>
<feature>
<id>org.wso2.carbon.certificate.mgt.server.feature.group</id>
<version>${carbon.device.mgt.version}</version>
@ -3686,6 +3803,24 @@
<version>${identity.inbound.auth.saml.version.iotcore}</version>
</feature>
<!-- SSO Fix-->
<!-- Dashboard Features -->
<feature>
<id>org.wso2.carbon.dashboards.shindig.feature.group</id>
<version>${carbon.dashboard.version}</version>
</feature>
<feature>
<id>org.wso2.carbon.dashboards.portal.feature.group</id>
<version>${carbon.dashboard.version}</version>
</feature>
<feature>
<id>org.wso2.carbon.dashboard.deployment.feature.group</id>
<version>${carbon.dashboard.version}</version>
</feature>
<feature>
<id>org.wso2.carbon.iot.device.statistics.dashboard.feature.group</id>
<version>${carbon.device.mgt.plugin.version}</version>
</feature>
</features>
</configuration>
</execution>

@ -64,6 +64,72 @@
</execution>
</executions>
</plugin>
<plugin>
<groupId>org.apache.maven.plugins</groupId>
<artifactId>maven-antrun-plugin</artifactId>
<executions>
<execution>
<id>download-appm-store.war</id>
<phase>prepare-package</phase>
<goals>
<goal>run</goal>
</goals>
<configuration>
<target>
<get src="http://maven.wso2.org/nexus/content/groups/wso2-public/org/wso2/carbon/appmgt/org.wso2.carbon.appmgt.rest.api.store/1.2.5/org.wso2.carbon.appmgt.rest.api.store-1.2.5.war"
dest="${project.build.directory}/api#appm#store#v1.1.war"
verbose="false"
usetimestamp="true"/>
</target>
</configuration>
</execution>
<execution>
<id>download-appm-publisher.war</id>
<phase>prepare-package</phase>
<goals>
<goal>run</goal>
</goals>
<configuration>
<target>
<get src="http://maven.wso2.org/nexus/content/groups/wso2-public/org/wso2/carbon/appmgt/org.wso2.carbon.appmgt.rest.api.publisher/1.2.5/org.wso2.carbon.appmgt.rest.api.publisher-1.2.5.war"
dest="${project.build.directory}/api#appm#publisher#v1.1.war"
verbose="false"
usetimestamp="true"/>
</target>
</configuration>
</execution>
<execution>
<id>download-appm-ouath-webapp.war</id>
<phase>prepare-package</phase>
<goals>
<goal>run</goal>
</goals>
<configuration>
<target>
<get src="http://maven.wso2.org/nexus/content/groups/wso2-public/org/wso2/carbon/appmgt/org.wso2.carbon.appmgt.oauth.webapp/1.2.5/org.wso2.carbon.appmgt.oauth.webapp-1.2.5.war"
dest="${project.build.directory}/api#appm#oauth#v1.0.war"
verbose="false"
usetimestamp="true"/>
</target>
</configuration>
</execution>
<execution>
<id>download-appm-ouath-core.jar</id>
<phase>prepare-package</phase>
<goals>
<goal>run</goal>
</goals>
<configuration>
<target>
<get src="http://maven.wso2.org/nexus/content/groups/wso2-public/org/wso2/carbon/appmgt/org.wso2.carbon.appmgt.oauth.core/1.2.5/org.wso2.carbon.appmgt.oauth.core-1.2.5.jar"
dest="${project.build.directory}/"
verbose="false"
usetimestamp="true"/>
</target>
</configuration>
</execution>
</executions>
</plugin>
</plugins>
<finalName>${project.artifactId}</finalName>
</build>

@ -1,10 +1,7 @@
IoTs 3.0.0 QSG Setup guide
1. Navigate to this folder using the terminal, Note that this (Readme.txt) flie should be located under <IoTS_HOME>/core/samples/mobile-qsg/ directory.
2. Stop the WSO2 IoTS if already runing
3. Then execute the copy-files.sh script
4. Start the WSO2 IoTS server
5. Once server is started execute the mobile-qsg.sh script
6. Then login to the https://<your-server>:9443/devicemgt/ and use the username,password as alex alex@IoTS, Note that for this sample we have configured above user from the script. If you want to run this script again you have to login as admin and remove the user alex, chris and role iotMobileUser from the IoT Server.
IoTs 3.1.0 QSG Setup guide
1. Start the WSO2 IoTS server
2. Navigate to <IoTS_HOME>/core/samples/mobile-qsg/ directory using the terminal.
3. Once server is started execute the mobile-qsg.sh script
4. Then login to the https://<your-server>:9443/devicemgt/ and use the username,password as alex alex@IoTS,
+Note that for this sample we have configured above user from the script. If you want to run this script again you have to login as admin and remove the user alex, chris and role iotMobileUser from the IoT Server.

Binary file not shown.

After

Width:  |  Height:  |  Size: 58 KiB

Binary file not shown.

After

Width:  |  Height:  |  Size: 58 KiB

Binary file not shown.

After

Width:  |  Height:  |  Size: 58 KiB

Binary file not shown.

After

Width:  |  Height:  |  Size: 58 KiB

Binary file not shown.

After

Width:  |  Height:  |  Size: 58 KiB

Binary file not shown.

After

Width:  |  Height:  |  Size: 58 KiB

Binary file not shown.

After

Width:  |  Height:  |  Size: 58 KiB

Binary file not shown.

After

Width:  |  Height:  |  Size: 58 KiB

Binary file not shown.

After

Width:  |  Height:  |  Size: 58 KiB

Binary file not shown.

After

Width:  |  Height:  |  Size: 58 KiB

@ -1,8 +0,0 @@
#!/bin/bash
# product-emm qsg sample setup script for copying the required files
echo "Copying the required files for wso2iots-3.0.0 QSG setup ..."
cp dropings/* ../../repository/components/dropins/
cp webapps/* ../../repository/deployment/server/webapps/

@ -46,12 +46,12 @@
</includes>
</fileSet>
<!--<fileSet>-->
<!--<directory>src/resources/bin</directory>-->
<!--<outputDirectory>wso2iot-${product.iot.version}/bin</outputDirectory>-->
<!--<includes>-->
<!--<include>*/**</include>-->
<!--</includes>-->
<!--<fileMode>755</fileMode>-->
<!--<directory>src/resources/bin</directory>-->
<!--<outputDirectory>wso2iot-${product.iot.version}/bin</outputDirectory>-->
<!--<includes>-->
<!--<include>*/**</include>-->
<!--</includes>-->
<!--<fileMode>755</fileMode>-->
<!--</fileSet>-->
<fileSet>
<directory>${basedir}/src/resources/plugins</directory>
@ -60,37 +60,38 @@
<include>*/**</include>
</includes>
<fileMode>644</fileMode>
<filtered>true</filtered>
<filtered>true</filtered>
</fileSet>
<fileSet>
<directory>${basedir}/src/resources/samples</directory>
<outputDirectory>wso2iot-${product.iot.version}/samples</outputDirectory>
<includes>
<include>*/**</include>
</includes>
<fileSet>
<directory>${basedir}/src/resources/samples</directory>
<outputDirectory>wso2iot-${product.iot.version}/samples</outputDirectory>
<includes>
<include>*/**</include>
</includes>
<excludes>
<exclude>**/*samples-deployer.xml</exclude>
<exclude>**/*connectedcup/pom.xml</exclude>
</excludes>
<fileMode>644</fileMode>
</fileSet>
<fileMode>644</fileMode>
</fileSet>
</fileSets>
<files>
<file>
<source>
<files>
<file>
<source>
${basedir}/src/resources/samples/samples-deployer.xml
</source>
<outputDirectory>wso2iot-${product.iot.version}/samples/</outputDirectory>
<filtered>true</filtered>
<fileMode>644</fileMode>
</file>
<file>
<source>
</source>
<outputDirectory>wso2iot-${product.iot.version}/samples/</outputDirectory>
<filtered>true</filtered>
<fileMode>644</fileMode>
</file>
<file>
<source>
${basedir}/src/resources/samples/connectedcup/pom.xml
</source>
<outputDirectory>wso2iot-${product.iot.version}/samples/connectedcup</outputDirectory>
<filtered>true</filtered>
<fileMode>644</fileMode>
</file>
</files>
</source>
<outputDirectory>wso2iot-${product.iot.version}/samples/connectedcup</outputDirectory>
<filtered>true</filtered>
<fileMode>644</fileMode>
</file>
</files>
</assembly>

@ -111,7 +111,7 @@
<configuration>
<tasks>
<copy todir="../analytics/repository/deployment/server/carbonapps">
<fileset dir="../core/repository/deployment/server/carbonapps">
<fileset dir="../core/repository/resources/devicetypes">
<include name="*.car"/>
</fileset>
</copy>

@ -20,9 +20,7 @@
<eventReceiver name="connected_cup_receiver" statistics="disable" trace="disable" xmlns="http://wso2.org/carbon/eventreceiver">
<from eventAdapterType="oauth-mqtt">
<property name="topic">carbon.super/connectedcup/#</property>
<property name="username">admin</property>
<property name="password">admin</property>
<property name="contentValidator">org.wso2.carbon.device.mgt.input.adapter.mqtt.util.MQTTContentValidator</property>
<property name="contentValidator">iot-mqtt</property>
<property name="contentTransformer">default</property>
<property name="cleanSession">true</property>
</from>

@ -33,8 +33,8 @@
<modules>
<module>tests-artifacts</module>
<module>tests-common</module>
<module>tests-integration</module>
<!--module>tests-iot-web-ui</module-->
<!--<module>tests-integration</module>-->
<module>tests-iot-web-ui</module>
</modules>
</project>

@ -16,7 +16,8 @@
~ specific language governing permissions and limitations
~ under the License.
-->
<project xmlns="http://maven.apache.org/POM/4.0.0" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xsi:schemaLocation="http://maven.apache.org/POM/4.0.0 http://maven.apache.org/xsd/maven-4.0.0.xsd">
<project xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xmlns="http://maven.apache.org/POM/4.0.0"
xsi:schemaLocation="http://maven.apache.org/POM/4.0.0 http://maven.apache.org/xsd/maven-4.0.0.xsd">
<parent>
<groupId>org.wso2.iot</groupId>
<artifactId>wso2iot-integration</artifactId>

@ -27,6 +27,7 @@ import org.wso2.carbon.automation.test.utils.http.client.HttpResponse;
*/
public class OAuthUtil {
public static String getScopes(String backendHTTPURL, String backendHTTPSURL) throws Exception {
return getOAuthTokenPair(backendHTTPURL, backendHTTPSURL).get(Constants.SCOPE).toString();
}

@ -1534,21 +1534,23 @@
<carbon.governance.version>4.7.0</carbon.governance.version>
<!-- Carbon Device Management -->
<carbon.device.mgt.version>2.0.13</carbon.device.mgt.version>
<carbon.device.mgt.version>2.0.20-SNAPSHOT</carbon.device.mgt.version>
<carbon.device.mgt.version.range>[2.0.0, 3.0.0)</carbon.device.mgt.version.range>
<!-- IOT Device Management -->
<product.iot.version>3.1.0-SNAPSHOT</product.iot.version>
<!-- Carbon Device Management Plugins-->
<carbon.device.mgt.plugin.version>3.0.10</carbon.device.mgt.plugin.version>
<carbon.device.mgt.plugin.version>3.0.12-SNAPSHOT</carbon.device.mgt.plugin.version>
<!-- API Management -->
<carbon.api.mgt.version>6.1.35</carbon.api.mgt.version>
<carbon.api.mgt.version>6.1.72</carbon.api.mgt.version>
<carbon.api.mgt.version.range>(6.0.0,7.0.0]</carbon.api.mgt.version.range>
<!-- Carbon Mediation -->
<carbon.mediation.version>4.6.9</carbon.mediation.version>
<carbon.mediation.version>4.6.10</carbon.mediation.version>
<!-- Carbon Analytics Common (DAS) -->
<carbon.analytics.common.version>5.1.5</carbon.analytics.common.version>
@ -1681,7 +1683,7 @@
<eclipse.paho.version>1.0.2</eclipse.paho.version>
<!-- CDMF Analytics -->
<cdmf.analytics.version>1.0.3</cdmf.analytics.version>
<cdmf.analytics.version>1.0.4-SNAPSHOT</cdmf.analytics.version>
<apache.httpmime.version>4.2.5</apache.httpmime.version>
<apache.httpclient.version>4.5.2</apache.httpclient.version>

Loading…
Cancel
Save