From 115099c8fe32ef56e43a68bba080f5a4e491ef7e Mon Sep 17 00:00:00 2001 From: mharindu Date: Fri, 9 Sep 2016 02:56:21 +0530 Subject: [PATCH] Implemented permission based authorization --- .../apimgt/annotations/api/Permission.java | 42 +++++ .../publisher/APIPublisherStartupHandler.java | 54 +++--- .../APIPublisherLifecycleListener.java | 132 +++++++-------- .../mgt/jaxrs/api/CertificateMgtService.java | 2 + .../CertificateManagementAdminService.java | 9 +- .../device/mgt/jaxrs/beans/RoleInfo.java | 28 ++- .../api/ActivityInfoProviderService.java | 5 +- .../api/ConfigurationManagementService.java | 5 +- .../service/api/DeviceManagementService.java | 18 +- .../api/DeviceTypeManagementService.java | 3 +- .../api/NotificationManagementService.java | 5 +- .../service/api/PolicyManagementService.java | 19 ++- .../service/api/RoleManagementService.java | 37 ++-- .../service/api/UserManagementService.java | 19 ++- .../ApplicationManagementAdminService.java | 5 +- .../admin/DeviceManagementAdminService.java | 3 +- .../api/admin/UserManagementAdminService.java | 3 +- .../impl/RoleManagementServiceImpl.java | 159 +++++++++++------- .../mgt/common/permission/mgt/Permission.java | 28 +-- .../mgt/PermissionManagerService.java | 2 +- .../DeviceAccessAuthorizationServiceImpl.java | 6 +- .../permission/AnnotationProcessor.java | 66 +++++--- .../permission/PermissionConfiguration.java | 51 ------ .../WebAppDeploymentLifecycleListener.java | 7 - .../DeviceManagementServiceComponent.java | 9 +- .../mgt/PermissionManagerServiceImpl.java | 4 +- .../core/permission/mgt/PermissionUtils.java | 58 +++---- .../PermissionBasedScopeValidator.java | 12 +- .../authenticator/framework/Utils/Utils.java | 11 -- .../authenticator/OAuthAuthenticator.java | 14 +- 30 files changed, 437 insertions(+), 379 deletions(-) create mode 100644 components/apimgt-extensions/org.wso2.carbon.apimgt.annotations/src/main/java/org/wso2/carbon/apimgt/annotations/api/Permission.java delete mode 100644 components/device-mgt/org.wso2.carbon.device.mgt.core/src/main/java/org/wso2/carbon/device/mgt/core/config/permission/PermissionConfiguration.java diff --git a/components/apimgt-extensions/org.wso2.carbon.apimgt.annotations/src/main/java/org/wso2/carbon/apimgt/annotations/api/Permission.java b/components/apimgt-extensions/org.wso2.carbon.apimgt.annotations/src/main/java/org/wso2/carbon/apimgt/annotations/api/Permission.java new file mode 100644 index 00000000000..14d447ac2c0 --- /dev/null +++ b/components/apimgt-extensions/org.wso2.carbon.apimgt.annotations/src/main/java/org/wso2/carbon/apimgt/annotations/api/Permission.java @@ -0,0 +1,42 @@ +/* +* Copyright (c) 2014, WSO2 Inc. (http://www.wso2.org) All Rights Reserved. +* +* Licensed under the Apache License, Version 2.0 (the "License"); +* you may not use this file except in compliance with the License. +* You may obtain a copy of the License at +* +* http://www.apache.org/licenses/LICENSE-2.0 +* +* Unless required by applicable law or agreed to in writing, software +* distributed under the License is distributed on an "AS IS" BASIS, +* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +* See the License for the specific language governing permissions and +* limitations under the License. +*/ +package org.wso2.carbon.apimgt.annotations.api; + +import java.lang.annotation.ElementType; +import java.lang.annotation.Retention; +import java.lang.annotation.RetentionPolicy; +import java.lang.annotation.Target; + +/** + * This class is the representation of custom developed Permission annotation. + */ +@Target(ElementType.METHOD) +@Retention(RetentionPolicy.RUNTIME) +public @interface Permission { + + /** + * Represents the permission name. + * @return Returns permission name. + */ + String name(); + + /** + * Represents the permission string. + * @return Returns permission string. + */ + String permission(); + +} \ No newline at end of file diff --git a/components/apimgt-extensions/org.wso2.carbon.apimgt.webapp.publisher/src/main/java/org/wso2/carbon/apimgt/webapp/publisher/APIPublisherStartupHandler.java b/components/apimgt-extensions/org.wso2.carbon.apimgt.webapp.publisher/src/main/java/org/wso2/carbon/apimgt/webapp/publisher/APIPublisherStartupHandler.java index 02f75607fdd..ea5e524fc31 100644 --- a/components/apimgt-extensions/org.wso2.carbon.apimgt.webapp.publisher/src/main/java/org/wso2/carbon/apimgt/webapp/publisher/APIPublisherStartupHandler.java +++ b/components/apimgt-extensions/org.wso2.carbon.apimgt.webapp.publisher/src/main/java/org/wso2/carbon/apimgt/webapp/publisher/APIPublisherStartupHandler.java @@ -44,33 +44,33 @@ public class APIPublisherStartupHandler implements ServerStartupObserver { @Override public void completedServerStartup() { - APIPublisherDataHolder.getInstance().setServerStarted(true); - currentAPIsStack = APIPublisherDataHolder.getInstance().getUnpublishedApis(); - Thread t = new Thread(new Runnable() { - @Override - public void run() { - if (log.isDebugEnabled()) { - log.debug("Server has just started, hence started publishing unpublished APIs"); - log.debug("Total number of unpublished APIs: " - + APIPublisherDataHolder.getInstance().getUnpublishedApis().size()); - } - publisher = APIPublisherDataHolder.getInstance().getApiPublisherService(); - while (!failedAPIsStack.isEmpty() || !currentAPIsStack.isEmpty()) { - try { - retryTime = retryTime * CONNECTION_RETRY_FACTOR; - Thread.sleep(retryTime); - } catch (InterruptedException te) { - log.error("Error occurred while sleeping", te); - } - if (!APIPublisherDataHolder.getInstance().getUnpublishedApis().isEmpty()) { - publishAPIs(currentAPIsStack, failedAPIsStack); - } else { - publishAPIs(failedAPIsStack, currentAPIsStack); - } - } - } - }); - t.start(); +// APIPublisherDataHolder.getInstance().setServerStarted(true); +// currentAPIsStack = APIPublisherDataHolder.getInstance().getUnpublishedApis(); +// Thread t = new Thread(new Runnable() { +// @Override +// public void run() { +// if (log.isDebugEnabled()) { +// log.debug("Server has just started, hence started publishing unpublished APIs"); +// log.debug("Total number of unpublished APIs: " +// + APIPublisherDataHolder.getInstance().getUnpublishedApis().size()); +// } +// publisher = APIPublisherDataHolder.getInstance().getApiPublisherService(); +// while (!failedAPIsStack.isEmpty() || !currentAPIsStack.isEmpty()) { +// try { +// retryTime = retryTime * CONNECTION_RETRY_FACTOR; +// Thread.sleep(retryTime); +// } catch (InterruptedException te) { +// log.error("Error occurred while sleeping", te); +// } +// if (!APIPublisherDataHolder.getInstance().getUnpublishedApis().isEmpty()) { +// publishAPIs(currentAPIsStack, failedAPIsStack); +// } else { +// publishAPIs(failedAPIsStack, currentAPIsStack); +// } +// } +// } +// }); +// t.start(); } private void publishAPIs(Stack apis, Stack failedStack) { diff --git a/components/apimgt-extensions/org.wso2.carbon.apimgt.webapp.publisher/src/main/java/org/wso2/carbon/apimgt/webapp/publisher/lifecycle/listener/APIPublisherLifecycleListener.java b/components/apimgt-extensions/org.wso2.carbon.apimgt.webapp.publisher/src/main/java/org/wso2/carbon/apimgt/webapp/publisher/lifecycle/listener/APIPublisherLifecycleListener.java index d2932f994e5..11e991f349e 100644 --- a/components/apimgt-extensions/org.wso2.carbon.apimgt.webapp.publisher/src/main/java/org/wso2/carbon/apimgt/webapp/publisher/lifecycle/listener/APIPublisherLifecycleListener.java +++ b/components/apimgt-extensions/org.wso2.carbon.apimgt.webapp.publisher/src/main/java/org/wso2/carbon/apimgt/webapp/publisher/lifecycle/listener/APIPublisherLifecycleListener.java @@ -49,72 +49,72 @@ public class APIPublisherLifecycleListener implements LifecycleListener { @Override public void lifecycleEvent(LifecycleEvent lifecycleEvent) { - if (Lifecycle.AFTER_START_EVENT.equals(lifecycleEvent.getType()) && WebappPublisherConfig.getInstance() - .isPublished()) { - StandardContext context = (StandardContext) lifecycleEvent.getLifecycle(); - ServletContext servletContext = context.getServletContext(); - String param = servletContext.getInitParameter(PARAM_MANAGED_API_ENABLED); - boolean isManagedApi = (param != null && !param.isEmpty()) && Boolean.parseBoolean(param); - - String profile = System.getProperty(PROPERTY_PROFILE); - - if (WebappPublisherConfig.getInstance().getProfiles().getProfile().contains(profile.toLowerCase()) - && isManagedApi) { - try { - AnnotationProcessor annotationProcessor = new AnnotationProcessor(context); - Set annotatedAPIClasses = annotationProcessor. - scanStandardContext(org.wso2.carbon.apimgt.annotations.api.API.class.getName()); - - List apiDefinitions = annotationProcessor.extractAPIInfo(servletContext, - annotatedAPIClasses); - - for (APIResourceConfiguration apiDefinition : apiDefinitions) { - - APIConfig apiConfig = APIPublisherUtil.buildApiConfig(servletContext, apiDefinition); - - try { - int tenantId = APIPublisherDataHolder.getInstance().getTenantManager(). - getTenantId(apiConfig.getTenantDomain()); - - boolean isTenantActive = APIPublisherDataHolder.getInstance(). - getTenantManager().isTenantActive(tenantId); - - if (isTenantActive) { - apiConfig.init(); - API api = APIPublisherUtil.getAPI(apiConfig); - boolean isServerStarted = APIPublisherDataHolder.getInstance().isServerStarted(); - if (isServerStarted) { - APIPublisherService apiPublisherService = - APIPublisherDataHolder.getInstance().getApiPublisherService(); - if (apiPublisherService == null) { - throw new IllegalStateException( - "API Publisher service is not initialized properly"); - } - apiPublisherService.publishAPI(api); - } else { - if (log.isDebugEnabled()) { - log.debug("Server has not started yet. Hence adding API '" + - api.getId().getApiName() + "' to the queue"); - } - APIPublisherDataHolder.getInstance().getUnpublishedApis().push(api); - } - } else { - log.error("No tenant [" + apiConfig.getTenantDomain() + "] " + - "found when publishing the Web app"); - } - } catch (Throwable e) { - log.error("Error occurred while publishing API '" + apiConfig.getName() + - "' with the context '" + apiConfig.getContext() + - "' and version '" + apiConfig.getVersion() + "'", e); - } - } - } catch (IOException e) { - log.error("Error encountered while discovering annotated classes", e); - } catch (ClassNotFoundException e) { - log.error("Error while scanning class for annotations", e); - } - } - } +// if (Lifecycle.AFTER_START_EVENT.equals(lifecycleEvent.getType()) && WebappPublisherConfig.getInstance() +// .isPublished()) { +// StandardContext context = (StandardContext) lifecycleEvent.getLifecycle(); +// ServletContext servletContext = context.getServletContext(); +// String param = servletContext.getInitParameter(PARAM_MANAGED_API_ENABLED); +// boolean isManagedApi = (param != null && !param.isEmpty()) && Boolean.parseBoolean(param); +// +// String profile = System.getProperty(PROPERTY_PROFILE); +// +// if (WebappPublisherConfig.getInstance().getProfiles().getProfile().contains(profile.toLowerCase()) +// && isManagedApi) { +// try { +// AnnotationProcessor annotationProcessor = new AnnotationProcessor(context); +// Set annotatedAPIClasses = annotationProcessor. +// scanStandardContext(org.wso2.carbon.apimgt.annotations.api.API.class.getName()); +// +// List apiDefinitions = annotationProcessor.extractAPIInfo(servletContext, +// annotatedAPIClasses); +// +// for (APIResourceConfiguration apiDefinition : apiDefinitions) { +// +// APIConfig apiConfig = APIPublisherUtil.buildApiConfig(servletContext, apiDefinition); +// +// try { +// int tenantId = APIPublisherDataHolder.getInstance().getTenantManager(). +// getTenantId(apiConfig.getTenantDomain()); +// +// boolean isTenantActive = APIPublisherDataHolder.getInstance(). +// getTenantManager().isTenantActive(tenantId); +// +// if (isTenantActive) { +// apiConfig.init(); +// API api = APIPublisherUtil.getAPI(apiConfig); +// boolean isServerStarted = APIPublisherDataHolder.getInstance().isServerStarted(); +// if (isServerStarted) { +// APIPublisherService apiPublisherService = +// APIPublisherDataHolder.getInstance().getApiPublisherService(); +// if (apiPublisherService == null) { +// throw new IllegalStateException( +// "API Publisher service is not initialized properly"); +// } +// apiPublisherService.publishAPI(api); +// } else { +// if (log.isDebugEnabled()) { +// log.debug("Server has not started yet. Hence adding API '" + +// api.getId().getApiName() + "' to the queue"); +// } +// APIPublisherDataHolder.getInstance().getUnpublishedApis().push(api); +// } +// } else { +// log.error("No tenant [" + apiConfig.getTenantDomain() + "] " + +// "found when publishing the Web app"); +// } +// } catch (Throwable e) { +// log.error("Error occurred while publishing API '" + apiConfig.getName() + +// "' with the context '" + apiConfig.getContext() + +// "' and version '" + apiConfig.getVersion() + "'", e); +// } +// } +// } catch (IOException e) { +// log.error("Error encountered while discovering annotated classes", e); +// } catch (ClassNotFoundException e) { +// log.error("Error while scanning class for annotations", e); +// } +// } +// } } //TODO : Need to implemented, to merge API Definitions in cases where implementation of an API Lies in two classes diff --git a/components/certificate-mgt/org.wso2.carbon.certificate.mgt.api/src/main/java/org/wso2/carbon/certificate/mgt/jaxrs/api/CertificateMgtService.java b/components/certificate-mgt/org.wso2.carbon.certificate.mgt.api/src/main/java/org/wso2/carbon/certificate/mgt/jaxrs/api/CertificateMgtService.java index fbb94589626..6527bff32de 100644 --- a/components/certificate-mgt/org.wso2.carbon.certificate.mgt.api/src/main/java/org/wso2/carbon/certificate/mgt/jaxrs/api/CertificateMgtService.java +++ b/components/certificate-mgt/org.wso2.carbon.certificate.mgt.api/src/main/java/org/wso2/carbon/certificate/mgt/jaxrs/api/CertificateMgtService.java @@ -4,6 +4,7 @@ import io.swagger.annotations.ApiOperation; import io.swagger.annotations.ApiParam; import io.swagger.annotations.ApiResponse; import io.swagger.annotations.ApiResponses; +import org.wso2.carbon.apimgt.annotations.api.Permission; import org.wso2.carbon.apimgt.annotations.api.Scope; import org.wso2.carbon.certificate.mgt.jaxrs.beans.ErrorResponse; @@ -47,6 +48,7 @@ public interface CertificateMgtService { response = ErrorResponse.class) }) @Scope(key = "certificate:sign-csr", name = "Sign CSR", description = "") + @Permission(name = "Sign CSR", permission = "/device-mgt/certificates/manage") Response getSignedCertFromCSR( @ApiParam( name = "If-Modified-Since", diff --git a/components/certificate-mgt/org.wso2.carbon.certificate.mgt.cert.admin.api/src/main/java/org/wso2/carbon/certificate/mgt/cert/jaxrs/api/CertificateManagementAdminService.java b/components/certificate-mgt/org.wso2.carbon.certificate.mgt.cert.admin.api/src/main/java/org/wso2/carbon/certificate/mgt/cert/jaxrs/api/CertificateManagementAdminService.java index da1d54bc4ff..b417fe56a8c 100644 --- a/components/certificate-mgt/org.wso2.carbon.certificate.mgt.cert.admin.api/src/main/java/org/wso2/carbon/certificate/mgt/cert/jaxrs/api/CertificateManagementAdminService.java +++ b/components/certificate-mgt/org.wso2.carbon.certificate.mgt.cert.admin.api/src/main/java/org/wso2/carbon/certificate/mgt/cert/jaxrs/api/CertificateManagementAdminService.java @@ -2,6 +2,7 @@ package org.wso2.carbon.certificate.mgt.cert.jaxrs.api; import io.swagger.annotations.*; import org.wso2.carbon.apimgt.annotations.api.API; +import org.wso2.carbon.apimgt.annotations.api.Permission; import org.wso2.carbon.apimgt.annotations.api.Scope; import org.wso2.carbon.certificate.mgt.cert.jaxrs.api.beans.CertificateList; import org.wso2.carbon.certificate.mgt.cert.jaxrs.api.beans.EnrollmentCertificate; @@ -77,7 +78,7 @@ public interface CertificateManagementAdminService { message = "Internal Server Error. \n Server error occurred while adding certificates.", response = ErrorResponse.class) }) - @Scope(key = "certificate:manage", name = "Add certificates", description = "") + @Permission(name = "Manage certificates", permission = "/device-mgt/certificates/manage") Response addCertificate( @ApiParam( name = "enrollmentCertificates", @@ -135,7 +136,7 @@ public interface CertificateManagementAdminService { "Server error occurred while retrieving information requested certificate.", response = ErrorResponse.class) }) - @Scope(key = "certificate:view", name = "View certificates", description = "") + @Permission(name = "View certificates", permission = "/device-mgt/certificates/view") Response getCertificate( @ApiParam(name = "serialNumber", value = "Provide the serial number of the certificate that you wish to get the details of", @@ -207,7 +208,7 @@ public interface CertificateManagementAdminService { "Server error occurred while retrieving all certificates enrolled in the system.", response = ErrorResponse.class) }) - @Scope(key = "certificate:view", name = "View certificates", description = "") + @Permission(name = "View certificates", permission = "/device-mgt/certificates/view") Response getAllCertificates( @ApiParam( name = "offset", @@ -250,7 +251,7 @@ public interface CertificateManagementAdminService { message = "Internal Server Error. \n " + "Server error occurred while removing the certificate.", response = ErrorResponse.class)}) - @Scope(key = "certificate:manage", name = "Add certificates", description = "") + @Permission(name = "Manage certificates", permission = "/device-mgt/certificates/manage") Response removeCertificate( @ApiParam( name = "serialNumber", diff --git a/components/device-mgt/org.wso2.carbon.device.mgt.api/src/main/java/org/wso2/carbon/device/mgt/jaxrs/beans/RoleInfo.java b/components/device-mgt/org.wso2.carbon.device.mgt.api/src/main/java/org/wso2/carbon/device/mgt/jaxrs/beans/RoleInfo.java index 94658cd1323..80ed6c8b2ae 100644 --- a/components/device-mgt/org.wso2.carbon.device.mgt.api/src/main/java/org/wso2/carbon/device/mgt/jaxrs/beans/RoleInfo.java +++ b/components/device-mgt/org.wso2.carbon.device.mgt.api/src/main/java/org/wso2/carbon/device/mgt/jaxrs/beans/RoleInfo.java @@ -20,6 +20,7 @@ package org.wso2.carbon.device.mgt.jaxrs.beans; import io.swagger.annotations.ApiModel; import io.swagger.annotations.ApiModelProperty; +import org.wso2.carbon.user.mgt.common.UIPermissionNode; import java.util.List; @@ -29,12 +30,19 @@ public class RoleInfo { @ApiModelProperty(name = "roleName", value = "The name of the role.", required = true) private String roleName; - @ApiModelProperty(name = "scopes", value = "Lists out all the scopes associated with roles.", + @ApiModelProperty(name = "permissions", value = "Lists out all the permissions associated with roles.", required = true, dataType = "List[java.lang.String]") - private List scopes; + private String[] permissions; @ApiModelProperty(name = "users", value = "The list of users assigned to the selected role.", required = true, dataType = "List[java.lang.String]") private String[] users; + @ApiModelProperty(name = "permissionList", value = "This contain the following, " + + "\n resourcePath\tThe path related to the API.\n " + + "displayName\tThe name of the permission that is shown " + + "in the UI.\n" + + "nodeList\tLists out the nested permissions.", + required = true) + private UIPermissionNode permissionList; public String getRoleName() { return roleName; @@ -44,12 +52,12 @@ public class RoleInfo { this.roleName = roleName; } - public List getScopes() { - return scopes; + public String[] getPermissions() { + return permissions; } - public void setScopes(List scopes) { - this.scopes = scopes; + public void setPermissions(String[] permissions) { + this.permissions = permissions; } public String[] getUsers() { @@ -60,4 +68,12 @@ public class RoleInfo { this.users = users; } + public UIPermissionNode getPermissionList() { + return permissionList; + } + + public void setPermissionList(UIPermissionNode permissionList) { + this.permissionList = permissionList; + } + } diff --git a/components/device-mgt/org.wso2.carbon.device.mgt.api/src/main/java/org/wso2/carbon/device/mgt/jaxrs/service/api/ActivityInfoProviderService.java b/components/device-mgt/org.wso2.carbon.device.mgt.api/src/main/java/org/wso2/carbon/device/mgt/jaxrs/service/api/ActivityInfoProviderService.java index f91a9ccdb6f..2b8a075f9bd 100644 --- a/components/device-mgt/org.wso2.carbon.device.mgt.api/src/main/java/org/wso2/carbon/device/mgt/jaxrs/service/api/ActivityInfoProviderService.java +++ b/components/device-mgt/org.wso2.carbon.device.mgt.api/src/main/java/org/wso2/carbon/device/mgt/jaxrs/service/api/ActivityInfoProviderService.java @@ -20,6 +20,7 @@ package org.wso2.carbon.device.mgt.jaxrs.service.api; import io.swagger.annotations.*; import org.wso2.carbon.apimgt.annotations.api.API; +import org.wso2.carbon.apimgt.annotations.api.Permission; import org.wso2.carbon.apimgt.annotations.api.Scope; import org.wso2.carbon.device.mgt.common.operation.mgt.Activity; import org.wso2.carbon.device.mgt.jaxrs.beans.ActivityList; @@ -92,7 +93,7 @@ public interface ActivityInfoProviderService { message = "Internal Server Error. \n Server error occurred while fetching activity data.", response = ErrorResponse.class) }) - @Scope(key = "activity:view", name = "View Activities", description = "") + @Permission(name = "View Activities", permission = "/device-mgt/activities/view") Response getActivity( @ApiParam( name = "id", @@ -153,7 +154,7 @@ public interface ActivityInfoProviderService { message = "Internal Server Error. \n Server error occurred while fetching activity data.", response = ErrorResponse.class) }) - @Scope(key = "activity:view", name = "View Activities", description = "") + @Permission(name = "View Activities", permission = "/device-mgt/activities/view") Response getActivities( @ApiParam( name = "since", diff --git a/components/device-mgt/org.wso2.carbon.device.mgt.api/src/main/java/org/wso2/carbon/device/mgt/jaxrs/service/api/ConfigurationManagementService.java b/components/device-mgt/org.wso2.carbon.device.mgt.api/src/main/java/org/wso2/carbon/device/mgt/jaxrs/service/api/ConfigurationManagementService.java index 3708677b751..b774a9598c5 100644 --- a/components/device-mgt/org.wso2.carbon.device.mgt.api/src/main/java/org/wso2/carbon/device/mgt/jaxrs/service/api/ConfigurationManagementService.java +++ b/components/device-mgt/org.wso2.carbon.device.mgt.api/src/main/java/org/wso2/carbon/device/mgt/jaxrs/service/api/ConfigurationManagementService.java @@ -20,6 +20,7 @@ package org.wso2.carbon.device.mgt.jaxrs.service.api; import io.swagger.annotations.*; import org.wso2.carbon.apimgt.annotations.api.API; +import org.wso2.carbon.apimgt.annotations.api.Permission; import org.wso2.carbon.apimgt.annotations.api.Scope; import org.wso2.carbon.device.mgt.common.configuration.mgt.PlatformConfiguration; import org.wso2.carbon.device.mgt.jaxrs.beans.ErrorResponse; @@ -81,7 +82,7 @@ public interface ConfigurationManagementService { "platform configuration.", response = ErrorResponse.class) }) - @Scope(key = "configuration:view", name = "View Configurations", description = "") + @Permission(name = "View Configurations", permission = "/device-mgt/configuration/view") Response getConfiguration( @ApiParam( name = "If-Modified-Since", @@ -127,7 +128,7 @@ public interface ConfigurationManagementService { "Server error occurred while modifying general platform configuration.", response = ErrorResponse.class) }) - @Scope(key = "configuration:modify", name = "Modify Configurations", description = "") + @Permission(name = "Manage configurations", permission = "/device-mgt/configuration/manage") Response updateConfiguration( @ApiParam( name = "configuration", diff --git a/components/device-mgt/org.wso2.carbon.device.mgt.api/src/main/java/org/wso2/carbon/device/mgt/jaxrs/service/api/DeviceManagementService.java b/components/device-mgt/org.wso2.carbon.device.mgt.api/src/main/java/org/wso2/carbon/device/mgt/jaxrs/service/api/DeviceManagementService.java index ce100352dad..fd85ca7b274 100644 --- a/components/device-mgt/org.wso2.carbon.device.mgt.api/src/main/java/org/wso2/carbon/device/mgt/jaxrs/service/api/DeviceManagementService.java +++ b/components/device-mgt/org.wso2.carbon.device.mgt.api/src/main/java/org/wso2/carbon/device/mgt/jaxrs/service/api/DeviceManagementService.java @@ -20,6 +20,7 @@ package org.wso2.carbon.device.mgt.jaxrs.service.api; import io.swagger.annotations.*; import org.wso2.carbon.apimgt.annotations.api.API; +import org.wso2.carbon.apimgt.annotations.api.Permission; import org.wso2.carbon.apimgt.annotations.api.Scope; import org.wso2.carbon.device.mgt.common.Device; import org.wso2.carbon.device.mgt.common.Feature; @@ -92,7 +93,7 @@ public interface DeviceManagementService { message = "Internal Server Error. \n Server error occurred while fetching the device list.", response = ErrorResponse.class) }) - @Scope(key = "device:view", name = "View Devices", description = "") + @Permission(name = "View Devices", permission = "/device-mgt/devices/view") Response getDevices( @ApiParam( name = "name", @@ -199,7 +200,7 @@ public interface DeviceManagementService { "Server error occurred while retrieving information requested device.", response = ErrorResponse.class) }) - @Scope(key = "device:view", name = "View Devices", description = "") + @Permission(name = "View Devices", permission = "/device-mgt/devices/view") Response getDevice( @ApiParam( name = "type", @@ -281,7 +282,7 @@ public interface DeviceManagementService { "Server error occurred while retrieving feature list of the device.", response = ErrorResponse.class) }) - @Scope(key = "device:view", name = "View Devices", description = "") + @Permission(name = "View Devices", permission = "/device-mgt/devices/view") Response getFeaturesOfDevice( @ApiParam( name = "type", @@ -357,7 +358,7 @@ public interface DeviceManagementService { "Server error occurred while enrolling the device.", response = ErrorResponse.class) }) - @Scope(key = "device:view", name = "View Devices", description = "") + @Permission(name = "View Devices", permission = "/device-mgt/devices/view") Response searchDevices( @ApiParam( name = "offset", @@ -436,8 +437,7 @@ public interface DeviceManagementService { "Server error occurred while retrieving installed application list of the device.", response = ErrorResponse.class) }) - @Scope(key = "device:view", name = "View Devices", description = "") - + @Permission(name = "View Devices", permission = "/device-mgt/devices/view") Response getInstalledApplications( @ApiParam( name = "type", @@ -533,7 +533,7 @@ public interface DeviceManagementService { "Server error occurred while retrieving operation list scheduled for the device.", response = ErrorResponse.class) }) - @Scope(key = "device:view", name = "View Devices", description = "") + @Permission(name = "View Devices", permission = "/device-mgt/devices/view") Response getDeviceOperations( @ApiParam( name = "type", @@ -631,7 +631,7 @@ public interface DeviceManagementService { response = ErrorResponse.class) } ) - @Scope(key = "device:view", name = "View Devices", description = "") + @Permission(name = "View Devices", permission = "/device-mgt/devices/view") Response getEffectivePolicyOfDevice( @ApiParam( name = "type", @@ -683,7 +683,7 @@ public interface DeviceManagementService { response = ErrorResponse.class) } ) - @Scope(key = "device:view", name = "View Devices", description = "") + @Permission(name = "View Devices", permission = "/device-mgt/devices/view") Response getComplianceDataOfDevice( @ApiParam( name = "type", diff --git a/components/device-mgt/org.wso2.carbon.device.mgt.api/src/main/java/org/wso2/carbon/device/mgt/jaxrs/service/api/DeviceTypeManagementService.java b/components/device-mgt/org.wso2.carbon.device.mgt.api/src/main/java/org/wso2/carbon/device/mgt/jaxrs/service/api/DeviceTypeManagementService.java index 2da0537b6bc..b8141d45fa9 100644 --- a/components/device-mgt/org.wso2.carbon.device.mgt.api/src/main/java/org/wso2/carbon/device/mgt/jaxrs/service/api/DeviceTypeManagementService.java +++ b/components/device-mgt/org.wso2.carbon.device.mgt.api/src/main/java/org/wso2/carbon/device/mgt/jaxrs/service/api/DeviceTypeManagementService.java @@ -20,6 +20,7 @@ package org.wso2.carbon.device.mgt.jaxrs.service.api; import io.swagger.annotations.*; import org.wso2.carbon.apimgt.annotations.api.API; +import org.wso2.carbon.apimgt.annotations.api.Permission; import org.wso2.carbon.apimgt.annotations.api.Scope; import org.wso2.carbon.device.mgt.jaxrs.beans.DeviceTypeList; import org.wso2.carbon.device.mgt.jaxrs.beans.ErrorResponse; @@ -78,7 +79,7 @@ public interface DeviceTypeManagementService { response = ErrorResponse.class) } ) - @Scope(key = "device-type:admin:view", name = "View device types", description = "") + @Permission(name = "View Device Types", permission = "/device-mgt/devices/view") Response getDeviceTypes( @ApiParam( name = "If-Modified-Since", diff --git a/components/device-mgt/org.wso2.carbon.device.mgt.api/src/main/java/org/wso2/carbon/device/mgt/jaxrs/service/api/NotificationManagementService.java b/components/device-mgt/org.wso2.carbon.device.mgt.api/src/main/java/org/wso2/carbon/device/mgt/jaxrs/service/api/NotificationManagementService.java index 34bc726c66d..e0a2a3b1f72 100644 --- a/components/device-mgt/org.wso2.carbon.device.mgt.api/src/main/java/org/wso2/carbon/device/mgt/jaxrs/service/api/NotificationManagementService.java +++ b/components/device-mgt/org.wso2.carbon.device.mgt.api/src/main/java/org/wso2/carbon/device/mgt/jaxrs/service/api/NotificationManagementService.java @@ -20,6 +20,7 @@ package org.wso2.carbon.device.mgt.jaxrs.service.api; import io.swagger.annotations.*; import org.wso2.carbon.apimgt.annotations.api.API; +import org.wso2.carbon.apimgt.annotations.api.Permission; import org.wso2.carbon.apimgt.annotations.api.Scope; import org.wso2.carbon.device.mgt.common.notification.mgt.Notification; import org.wso2.carbon.device.mgt.jaxrs.NotificationList; @@ -90,7 +91,7 @@ public interface NotificationManagementService { "\n Server error occurred while fetching the notification list.", response = ErrorResponse.class) }) - @Scope(key = "notification:view", name = "View and manage notifications", description = "") + @Permission(name = "View notifications", permission = "/device-mgt/notifications/view") Response getNotifications( @ApiParam( name = "status", @@ -142,7 +143,7 @@ public interface NotificationManagementService { message = "Error occurred while updating notification status.") } ) - @Scope(key = "notification:view", name = "View and manage notifications", description = "") + @Permission(name = "View notifications", permission = "/device-mgt/notifications/view") Response updateNotificationStatus( @ApiParam( name = "id", diff --git a/components/device-mgt/org.wso2.carbon.device.mgt.api/src/main/java/org/wso2/carbon/device/mgt/jaxrs/service/api/PolicyManagementService.java b/components/device-mgt/org.wso2.carbon.device.mgt.api/src/main/java/org/wso2/carbon/device/mgt/jaxrs/service/api/PolicyManagementService.java index da0931e10fe..70edb9126f9 100644 --- a/components/device-mgt/org.wso2.carbon.device.mgt.api/src/main/java/org/wso2/carbon/device/mgt/jaxrs/service/api/PolicyManagementService.java +++ b/components/device-mgt/org.wso2.carbon.device.mgt.api/src/main/java/org/wso2/carbon/device/mgt/jaxrs/service/api/PolicyManagementService.java @@ -20,6 +20,7 @@ package org.wso2.carbon.device.mgt.jaxrs.service.api; import io.swagger.annotations.*; import org.wso2.carbon.apimgt.annotations.api.API; +import org.wso2.carbon.apimgt.annotations.api.Permission; import org.wso2.carbon.apimgt.annotations.api.Scope; import org.wso2.carbon.device.mgt.jaxrs.beans.ErrorResponse; import org.wso2.carbon.device.mgt.jaxrs.beans.PolicyWrapper; @@ -100,7 +101,7 @@ public interface PolicyManagementService { "Server error occurred while adding a new policy.", response = ErrorResponse.class) }) - @Scope(key = "policy:manage", name = "Add policies", description = "") + @Permission(name = "Manage policies", permission = "/device-mgt/policies/manage") Response addPolicy( @ApiParam( name = "policy", @@ -154,7 +155,7 @@ public interface PolicyManagementService { "policies."), response = ErrorResponse.class) }) - @Scope(key = "policy:view", name = "Views policies", description = "") + @Permission(name = "View policies", permission = "/device-mgt/policies/view") Response getPolicies( @ApiParam( name = "If-Modified-Since", @@ -220,7 +221,7 @@ public interface PolicyManagementService { "policy.", response = ErrorResponse.class) }) - @Scope(key = "policy:view", name = "View policies", description = "") + @Permission(name = "View policies", permission = "/device-mgt/policies/view") Response getPolicy( @ApiParam( name = "id", @@ -284,7 +285,7 @@ public interface PolicyManagementService { "Server error occurred while updating the policy.", response = ErrorResponse.class) }) - @Scope(key = "policy:manage", name = "Add policies", description = "") + @Permission(name = "Manage policies", permission = "/device-mgt/policies/manage") Response updatePolicy( @ApiParam( name = "id", @@ -330,7 +331,7 @@ public interface PolicyManagementService { "Server error occurred while bulk removing policies.", response = ErrorResponse.class) }) - @Scope(key = "policy:manage", name = "Add policies", description = "") + @Permission(name = "Manage policies", permission = "/device-mgt/policies/manage") Response removePolicies( @ApiParam( name = "policyIds", @@ -366,7 +367,7 @@ public interface PolicyManagementService { message = "ErrorResponse in activating policies.", response = ErrorResponse.class) }) - @Scope(key = "policy:manage", name = "Add policies", description = "") + @Permission(name = "Manage policies", permission = "/device-mgt/policies/manage") Response activatePolicies( @ApiParam( name = "policyIds", @@ -402,7 +403,7 @@ public interface PolicyManagementService { message = "ErrorResponse in deactivating policies.", response = ErrorResponse.class) }) - @Scope(key = "policy:manage", name = "Add policies", description = "") + @Permission(name = "Manage policies", permission = "/device-mgt/policies/manage") Response deactivatePolicies( @ApiParam( name = "policyIds", @@ -435,7 +436,7 @@ public interface PolicyManagementService { message = "ErrorResponse in deactivating policies.", response = ErrorResponse.class) }) - @Scope(key = "policy:manage", name = "Add policies", description = "") + @Permission(name = "Manage policies", permission = "/device-mgt/policies/manage") Response applyChanges(); @@ -464,7 +465,7 @@ public interface PolicyManagementService { message = "Exception in updating policy priorities.", response = ErrorResponse.class) }) - @Scope(key = "policy:manage", name = "Add policies", description = "") + @Permission(name = "Manage policies", permission = "/device-mgt/policies/manage") Response updatePolicyPriorities( @ApiParam( name = "priorityUpdatedPolicies", diff --git a/components/device-mgt/org.wso2.carbon.device.mgt.api/src/main/java/org/wso2/carbon/device/mgt/jaxrs/service/api/RoleManagementService.java b/components/device-mgt/org.wso2.carbon.device.mgt.api/src/main/java/org/wso2/carbon/device/mgt/jaxrs/service/api/RoleManagementService.java index b85b605ead0..4571c02a83e 100644 --- a/components/device-mgt/org.wso2.carbon.device.mgt.api/src/main/java/org/wso2/carbon/device/mgt/jaxrs/service/api/RoleManagementService.java +++ b/components/device-mgt/org.wso2.carbon.device.mgt.api/src/main/java/org/wso2/carbon/device/mgt/jaxrs/service/api/RoleManagementService.java @@ -20,10 +20,12 @@ package org.wso2.carbon.device.mgt.jaxrs.service.api; import io.swagger.annotations.*; import org.wso2.carbon.apimgt.annotations.api.API; +import org.wso2.carbon.apimgt.annotations.api.Permission; import org.wso2.carbon.device.mgt.jaxrs.beans.ErrorResponse; import org.wso2.carbon.device.mgt.jaxrs.beans.RoleInfo; import org.wso2.carbon.device.mgt.jaxrs.beans.RoleList; import org.wso2.carbon.device.mgt.jaxrs.beans.Scope; +import org.wso2.carbon.user.mgt.common.UIPermissionNode; import javax.ws.rs.*; import javax.ws.rs.core.MediaType; @@ -76,7 +78,7 @@ public interface RoleManagementService { message = "Internal Server Error. \n Server error occurred while fetching requested list of roles.", response = ErrorResponse.class) }) - @org.wso2.carbon.apimgt.annotations.api.Scope(key = "role:view", name = "View roles", description = "") + @Permission(name = "View Roles", permission = "/device-mgt/roles/view") Response getRoles( @ApiParam( name = "filter", @@ -105,16 +107,16 @@ public interface RoleManagementService { @QueryParam("limit") int limit); @GET - @Path("/scopes") + @Path("/{roleName}/permissions") @ApiOperation( produces = MediaType.APPLICATION_JSON, httpMethod = "GET", - value = "Getting authorization scopes.", + value = "Getting permission details of a role.", notes = "In an organization an individual is associated a with set of responsibilities based on their " + - "role. In EMM you are able to configure scopes based on the responsibilities carried " + - "out by a role. Therefore if you wish to retrieve the scopes details of roles, you can do " + + "role. In EMM you are able to configure permissions based on the responsibilities carried " + + "out by a role. Therefore if you wish to retrieve the permission details of a role, you can do " + "so using this REST API.", - response = List.class, + response = UIPermissionNode.class, responseContainer = "List", tags = "Role Management" ) @@ -122,8 +124,8 @@ public interface RoleManagementService { value = { @ApiResponse( code = 200, - message = "OK. \n Successfully fetched the scopes list.", - response = List.class, + message = "OK. \n Successfully fetched the permission list of the given role.", + response = UIPermissionNode.class, responseContainer = "List", responseHeaders = { @ResponseHeader( @@ -158,8 +160,13 @@ public interface RoleManagementService { message = "Internal Server ErrorResponse. \n Server error occurred while fetching the permission list of the requested role.", response = ErrorResponse.class) }) - @org.wso2.carbon.apimgt.annotations.api.Scope(key = "role:view", name = "View roles", description = "") - Response getScopes( + @Permission(name = "View Roles", permission = "/device-mgt/roles/view") + Response getPermissionsOfRole( + @ApiParam( + name = "roleName", + value = "Name of the role.", + required = true) + @PathParam("roleName") String roleName, @ApiParam( name = "If-Modified-Since", value = "Validates if the requested variant has not been modified since the time specified", @@ -216,7 +223,7 @@ public interface RoleManagementService { "requested role.", response = ErrorResponse.class) }) - @org.wso2.carbon.apimgt.annotations.api.Scope(key = "role:view", name = "View roles", description = "") + @Permission(name = "View Roles", permission = "/device-mgt/roles/view") Response getRole( @ApiParam( name = "roleName", @@ -276,7 +283,7 @@ public interface RoleManagementService { message = "Internal Server Error. \n Server error occurred while adding a new role.", response = ErrorResponse.class) }) - @org.wso2.carbon.apimgt.annotations.api.Scope(key = "role:manage", name = "Add roles", description = "") + @Permission(name = "Manage Roles", permission = "/device-mgt/roles/manage") Response addRole( @ApiParam( name = "role", @@ -326,7 +333,7 @@ public interface RoleManagementService { message = "Internal Server Error. \n Server error occurred while updating the role.", response = ErrorResponse.class) }) - @org.wso2.carbon.apimgt.annotations.api.Scope(key = "role:manage", name = "Add roles", description = "") + @Permission(name = "Manage Roles", permission = "/device-mgt/roles/manage") Response updateRole( @ApiParam( name = "roleName", @@ -363,7 +370,7 @@ public interface RoleManagementService { message = "Internal Server Error. \n Server error occurred while removing the role.", response = ErrorResponse.class) }) - @org.wso2.carbon.apimgt.annotations.api.Scope(key = "role:manage", name = "Add roles", description = "") + @Permission(name = "Manage Roles", permission = "/device-mgt/roles/manage") Response deleteRole( @ApiParam( name = "roleName", @@ -421,7 +428,7 @@ public interface RoleManagementService { "Server error occurred while updating the user list of the role.", response = ErrorResponse.class) }) - @org.wso2.carbon.apimgt.annotations.api.Scope(key = "role:manage", name = "Add roles", description = "") + @Permission(name = "Manage Roles", permission = "/device-mgt/roles/manage") Response updateUsersOfRole( @ApiParam( name = "roleName", diff --git a/components/device-mgt/org.wso2.carbon.device.mgt.api/src/main/java/org/wso2/carbon/device/mgt/jaxrs/service/api/UserManagementService.java b/components/device-mgt/org.wso2.carbon.device.mgt.api/src/main/java/org/wso2/carbon/device/mgt/jaxrs/service/api/UserManagementService.java index 27fdf848e03..6097b4e43ad 100644 --- a/components/device-mgt/org.wso2.carbon.device.mgt.api/src/main/java/org/wso2/carbon/device/mgt/jaxrs/service/api/UserManagementService.java +++ b/components/device-mgt/org.wso2.carbon.device.mgt.api/src/main/java/org/wso2/carbon/device/mgt/jaxrs/service/api/UserManagementService.java @@ -20,6 +20,7 @@ package org.wso2.carbon.device.mgt.jaxrs.service.api; import io.swagger.annotations.*; import org.wso2.carbon.apimgt.annotations.api.API; +import org.wso2.carbon.apimgt.annotations.api.Permission; import org.wso2.carbon.apimgt.annotations.api.Scope; import org.wso2.carbon.device.mgt.jaxrs.beans.*; @@ -83,7 +84,7 @@ public interface UserManagementService { message = "Internal Server Error. \n Server error occurred while adding a new user.", response = ErrorResponse.class) }) - @Scope(key = "user:manage", name = "Add users", description = "") + @Permission(name = "Manage Users", permission = "/device-mgt/users/manage") Response addUser( @ApiParam( name = "user", @@ -135,7 +136,7 @@ public interface UserManagementService { " fetching the requested user.", response = ErrorResponse.class) }) - @Scope(key = "user:view", name = "View users", description = "") + @Permission(name = "View Users", permission = "/device-mgt/users/view") Response getUser( @ApiParam( name = "username", @@ -192,7 +193,7 @@ public interface UserManagementService { "Server error occurred while updating the user.", response = ErrorResponse.class) }) - @Scope(key = "user:manage", name = "Add users", description = "") + @Permission(name = "Manage Users", permission = "/device-mgt/users/manage") Response updateUser( @ApiParam( name = "username", @@ -227,7 +228,7 @@ public interface UserManagementService { response = ErrorResponse.class ) }) - @Scope(key = "user:manage", name = "Add users", description = "") + @Permission(name = "Manage Users", permission = "/device-mgt/users/manage") Response removeUser( @ApiParam(name = "username", value = "Username of the user to be deleted.", required = true) @PathParam("username") String username); @@ -276,7 +277,7 @@ public interface UserManagementService { " assigned to the user.", response = ErrorResponse.class) }) - @Scope(key = "user:view", name = "View users", description = "") + @Permission(name = "View Users", permission = "/device-mgt/users/view") Response getRolesOfUser( @ApiParam(name = "username", value = "Username of the user.", required = true) @PathParam("username") String username); @@ -319,7 +320,7 @@ public interface UserManagementService { message = "Internal Server Error. \n Server error occurred while fetching the user list.", response = ErrorResponse.class) }) - @Scope(key = "user:view", name = "View users", description = "") + @Permission(name = "View Users", permission = "/device-mgt/users/view") Response getUsers( @ApiParam( name = "filter", @@ -386,7 +387,7 @@ public interface UserManagementService { "list that matches the given filter.", response = ErrorResponse.class) }) - @Scope(key = "user:view", name = "View users", description = "") + @Permission(name = "View Users", permission = "/device-mgt/users/view") Response getUserNames( @ApiParam( name = "filter", @@ -440,7 +441,7 @@ public interface UserManagementService { "Server error occurred while updating credentials of the user.", response = ErrorResponse.class) }) - @Scope(key = "user:view", name = "View users", description = "") + @Permission(name = "View Users", permission = "/device-mgt/users/view") Response resetPassword( @ApiParam( name = "username", @@ -483,7 +484,7 @@ public interface UserManagementService { "Server error occurred while updating credentials of the user.", response = ErrorResponse.class) }) - @Scope(key = "user:manage", name = "Add users", description = "") + @Permission(name = "Manage Users", permission = "/device-mgt/users/manage") Response inviteExistingUsersToEnrollDevice( @ApiParam( name = "users", diff --git a/components/device-mgt/org.wso2.carbon.device.mgt.api/src/main/java/org/wso2/carbon/device/mgt/jaxrs/service/api/admin/ApplicationManagementAdminService.java b/components/device-mgt/org.wso2.carbon.device.mgt.api/src/main/java/org/wso2/carbon/device/mgt/jaxrs/service/api/admin/ApplicationManagementAdminService.java index 546f6d96b19..e5bf357f753 100644 --- a/components/device-mgt/org.wso2.carbon.device.mgt.api/src/main/java/org/wso2/carbon/device/mgt/jaxrs/service/api/admin/ApplicationManagementAdminService.java +++ b/components/device-mgt/org.wso2.carbon.device.mgt.api/src/main/java/org/wso2/carbon/device/mgt/jaxrs/service/api/admin/ApplicationManagementAdminService.java @@ -20,6 +20,7 @@ package org.wso2.carbon.device.mgt.jaxrs.service.api.admin; import io.swagger.annotations.*; import org.wso2.carbon.apimgt.annotations.api.API; +import org.wso2.carbon.apimgt.annotations.api.Permission; import org.wso2.carbon.apimgt.annotations.api.Scope; import org.wso2.carbon.device.mgt.common.operation.mgt.Activity; import org.wso2.carbon.device.mgt.jaxrs.beans.ApplicationWrapper; @@ -74,7 +75,7 @@ public interface ApplicationManagementAdminService { "a given set of devices.", response = ErrorResponse.class) }) - @Scope(key = "application:manage", name = "Install/Uninstall applications", description = "") + @Permission(name = "Install/Uninstall applications", permission = "/device-mgt/applications/manage") Response installApplication( @ApiParam( name = "applicationWrapper", @@ -113,7 +114,7 @@ public interface ApplicationManagementAdminService { "a given set of devices.", response = ErrorResponse.class) }) - @Scope(key = "application:manage", name = "Install/Uninstall applications", description = "") + @Permission(name = "Install/Uninstall applications", permission = "/device-mgt/applications/manage") Response uninstallApplication( @ApiParam( name = "applicationWrapper", diff --git a/components/device-mgt/org.wso2.carbon.device.mgt.api/src/main/java/org/wso2/carbon/device/mgt/jaxrs/service/api/admin/DeviceManagementAdminService.java b/components/device-mgt/org.wso2.carbon.device.mgt.api/src/main/java/org/wso2/carbon/device/mgt/jaxrs/service/api/admin/DeviceManagementAdminService.java index 66a3c75f057..81449f4b133 100644 --- a/components/device-mgt/org.wso2.carbon.device.mgt.api/src/main/java/org/wso2/carbon/device/mgt/jaxrs/service/api/admin/DeviceManagementAdminService.java +++ b/components/device-mgt/org.wso2.carbon.device.mgt.api/src/main/java/org/wso2/carbon/device/mgt/jaxrs/service/api/admin/DeviceManagementAdminService.java @@ -20,6 +20,7 @@ package org.wso2.carbon.device.mgt.jaxrs.service.api.admin; import io.swagger.annotations.*; import org.wso2.carbon.apimgt.annotations.api.API; +import org.wso2.carbon.apimgt.annotations.api.Permission; import org.wso2.carbon.apimgt.annotations.api.Scope; import org.wso2.carbon.device.mgt.common.Device; import org.wso2.carbon.device.mgt.jaxrs.beans.ErrorResponse; @@ -85,7 +86,7 @@ public interface DeviceManagementAdminService { message = "Internal Server Error. \n Server error occurred while fetching the device list.", response = ErrorResponse.class) }) - @Scope(key = "device:admin:view", name = "View Devices", description = "") + @Permission(name = "View Devices", permission = "/device-mgt/admin/devices/view") Response getDevicesByName( @ApiParam( name = "name", diff --git a/components/device-mgt/org.wso2.carbon.device.mgt.api/src/main/java/org/wso2/carbon/device/mgt/jaxrs/service/api/admin/UserManagementAdminService.java b/components/device-mgt/org.wso2.carbon.device.mgt.api/src/main/java/org/wso2/carbon/device/mgt/jaxrs/service/api/admin/UserManagementAdminService.java index 6307ee00e61..596f998845a 100644 --- a/components/device-mgt/org.wso2.carbon.device.mgt.api/src/main/java/org/wso2/carbon/device/mgt/jaxrs/service/api/admin/UserManagementAdminService.java +++ b/components/device-mgt/org.wso2.carbon.device.mgt.api/src/main/java/org/wso2/carbon/device/mgt/jaxrs/service/api/admin/UserManagementAdminService.java @@ -20,6 +20,7 @@ package org.wso2.carbon.device.mgt.jaxrs.service.api.admin; import io.swagger.annotations.*; import org.wso2.carbon.apimgt.annotations.api.API; +import org.wso2.carbon.apimgt.annotations.api.Permission; import org.wso2.carbon.apimgt.annotations.api.Scope; import org.wso2.carbon.device.mgt.jaxrs.beans.ErrorResponse; import org.wso2.carbon.device.mgt.jaxrs.beans.PasswordResetWrapper; @@ -68,7 +69,7 @@ public interface UserManagementAdminService { "Server error occurred while updating credentials of the user.", response = ErrorResponse.class) }) - @Scope(key = "user:admin:reset-password", name = "View users", description = "") + @Permission(name = "View Users", permission = "/device-mgt/admin/users/view") Response resetUserPassword( @ApiParam( name = "username", diff --git a/components/device-mgt/org.wso2.carbon.device.mgt.api/src/main/java/org/wso2/carbon/device/mgt/jaxrs/service/impl/RoleManagementServiceImpl.java b/components/device-mgt/org.wso2.carbon.device.mgt.api/src/main/java/org/wso2/carbon/device/mgt/jaxrs/service/impl/RoleManagementServiceImpl.java index fa7560702cb..6cae3ad776c 100644 --- a/components/device-mgt/org.wso2.carbon.device.mgt.api/src/main/java/org/wso2/carbon/device/mgt/jaxrs/service/impl/RoleManagementServiceImpl.java +++ b/components/device-mgt/org.wso2.carbon.device.mgt.api/src/main/java/org/wso2/carbon/device/mgt/jaxrs/service/impl/RoleManagementServiceImpl.java @@ -20,6 +20,8 @@ package org.wso2.carbon.device.mgt.jaxrs.service.impl; import org.apache.commons.logging.Log; import org.apache.commons.logging.LogFactory; +import org.wso2.carbon.CarbonConstants; +import org.wso2.carbon.base.MultitenantConstants; import org.wso2.carbon.device.mgt.common.scope.mgt.ScopeManagementException; import org.wso2.carbon.device.mgt.common.scope.mgt.ScopeManagementService; import org.wso2.carbon.device.mgt.jaxrs.beans.ErrorResponse; @@ -32,11 +34,11 @@ import org.wso2.carbon.device.mgt.jaxrs.service.impl.util.RequestValidationUtil; import org.wso2.carbon.device.mgt.jaxrs.util.DeviceMgtAPIUtils; import org.wso2.carbon.device.mgt.jaxrs.util.DeviceMgtUtil; import org.wso2.carbon.device.mgt.jaxrs.util.SetReferenceTransformer; -import org.wso2.carbon.user.api.AuthorizationManager; -import org.wso2.carbon.user.api.UserRealm; -import org.wso2.carbon.user.api.UserStoreException; -import org.wso2.carbon.user.api.UserStoreManager; +import org.wso2.carbon.user.api.*; import org.wso2.carbon.user.core.common.AbstractUserStoreManager; +import org.wso2.carbon.user.mgt.UserRealmProxy; +import org.wso2.carbon.user.mgt.common.UIPermissionNode; +import org.wso2.carbon.user.mgt.common.UserAdminException; import javax.ws.rs.*; import javax.ws.rs.core.MediaType; @@ -90,26 +92,64 @@ public class RoleManagementServiceImpl implements RoleManagementService { } @GET - @Path("/scopes") + @Path("/{roleName}/permissions") @Override - public Response getScopes( + public Response getPermissionsOfRole( + @PathParam("roleName") String roleName, @HeaderParam("If-Modified-Since") String ifModifiedSince) { - - List scopes = new ArrayList<>(); + RequestValidationUtil.validateRoleName(roleName); try { - ScopeManagementService scopeManagementService = DeviceMgtAPIUtils.getScopeManagementService(); - if (scopeManagementService == null) { - log.error("Scope management service initialization is failed, hence scopes will not be retrieved"); - } else { - scopes = DeviceMgtUtil.convertAPIScopestoScopes(scopeManagementService.getAllScopes()); + final UserRealm userRealm = DeviceMgtAPIUtils.getUserRealm(); + if (!userRealm.getUserStoreManager().isExistingRole(roleName)) { + return Response.status(404).entity(new ErrorResponse.ErrorResponseBuilder().setMessage( + "No role exists with the name '" + roleName + "'").build()).build(); + } + + final UIPermissionNode rolePermissions = this.getUIPermissionNode(roleName, userRealm); + if (rolePermissions == null) { + if (log.isDebugEnabled()) { + log.debug("No permissions found for the role '" + roleName + "'"); + } } - return Response.status(Response.Status.OK).entity(scopes).build(); - } catch (ScopeManagementException e) { - String msg = "Error occurred while retrieving the scopes"; + return Response.status(Response.Status.OK).entity(rolePermissions).build(); + } catch (UserAdminException e) { + String msg = "Error occurred while retrieving the permissions of role '" + roleName + "'"; log.error(msg, e); return Response.serverError().entity( new ErrorResponse.ErrorResponseBuilder().setMessage(msg).build()).build(); + } catch (UserStoreException e) { + String msg = "Error occurred while retrieving the underlying user realm attached to the " + + "current logged in user"; + log.error(msg, e); + return Response.serverError().entity( + new ErrorResponse.ErrorResponseBuilder().setMessage(msg).build()).build(); + } + } + + private UIPermissionNode getUIPermissionNode(String roleName, UserRealm userRealm) + throws UserAdminException { + org.wso2.carbon.user.core.UserRealm userRealmCore = null; + if (userRealm instanceof org.wso2.carbon.user.core.UserRealm) { + userRealmCore = (org.wso2.carbon.user.core.UserRealm) userRealm; } + final UserRealmProxy userRealmProxy = new UserRealmProxy(userRealmCore); + final UIPermissionNode rolePermissions = + userRealmProxy.getRolePermissions(roleName, MultitenantConstants.SUPER_TENANT_ID); + UIPermissionNode[] deviceMgtPermissions = new UIPermissionNode[2]; + + for (UIPermissionNode permissionNode : rolePermissions.getNodeList()) { + if (permissionNode.getResourcePath().equals("/permission/admin")) { + for (UIPermissionNode node : permissionNode.getNodeList()) { + if (node.getResourcePath().equals("/permission/admin/device-mgt")) { + deviceMgtPermissions[0] = node; + } else if (node.getResourcePath().equals("/permission/admin/login")) { + deviceMgtPermissions[1] = node; + } + } + } + } + rolePermissions.setNodeList(deviceMgtPermissions); + return rolePermissions; } @GET @@ -122,49 +162,62 @@ public class RoleManagementServiceImpl implements RoleManagementService { } RequestValidationUtil.validateRoleName(roleName); RoleInfo roleInfo = new RoleInfo(); - List scopes = new ArrayList<>(); try { final UserStoreManager userStoreManager = DeviceMgtAPIUtils.getUserStoreManager(); + final UserRealm userRealm = DeviceMgtAPIUtils.getUserRealm(); if (!userStoreManager.isExistingRole(roleName)) { - return Response.status(Response.Status.NOT_FOUND).entity( + return Response.status(404).entity( new ErrorResponse.ErrorResponseBuilder().setMessage("No role exists with the name '" + roleName + "'").build()).build(); } - ScopeManagementService scopeManagementService = DeviceMgtAPIUtils.getScopeManagementService(); - if (scopeManagementService == null) { - log.error("Scope management service initialization is failed, hence scopes will not be retrieved"); - } else { - scopes = DeviceMgtUtil.convertAPIScopesToScopeKeys(scopeManagementService.getScopesOfRole(roleName)); - } roleInfo.setRoleName(roleName); roleInfo.setUsers(userStoreManager.getUserListOfRole(roleName)); - roleInfo.setScopes(scopes); + // Get the permission nodes and hand picking only device management and login perms + final UIPermissionNode rolePermissions = this.getUIPermissionNode(roleName, userRealm); + List permList = new ArrayList<>(); + this.iteratePermissions(rolePermissions, permList); + roleInfo.setPermissionList(rolePermissions); + String[] permListAr = new String[permList.size()]; + roleInfo.setPermissions(permList.toArray(permListAr)); + return Response.status(Response.Status.OK).entity(roleInfo).build(); - } catch (UserStoreException e) { + } catch (UserStoreException | UserAdminException e) { String msg = "Error occurred while retrieving the user role '" + roleName + "'"; log.error(msg, e); return Response.serverError().entity( new ErrorResponse.ErrorResponseBuilder().setMessage(msg).build()).build(); - } catch (ScopeManagementException e) { - String msg = "Error occurred while retrieving the scopes"; - log.error(msg, e); - return Response.serverError().entity( - new ErrorResponse.ErrorResponseBuilder().setMessage(msg).build()).build(); } } + private List iteratePermissions(UIPermissionNode uiPermissionNode, List list) { + for (UIPermissionNode permissionNode : uiPermissionNode.getNodeList()) { + list.add(permissionNode.getResourcePath()); + if (permissionNode.getNodeList() != null && permissionNode.getNodeList().length > 0) { + iteratePermissions(permissionNode, list); + } + } + return list; + } + @POST @Override public Response addRole(RoleInfo roleInfo) { RequestValidationUtil.validateRoleDetails(roleInfo); RequestValidationUtil.validateRoleName(roleInfo.getRoleName()); - try { UserStoreManager userStoreManager = DeviceMgtAPIUtils.getUserStoreManager(); if (log.isDebugEnabled()) { log.debug("Persisting the role in the underlying user store"); } - userStoreManager.addRole(roleInfo.getRoleName(), roleInfo.getUsers(), null); + Permission[] permissions = null; + if (roleInfo.getPermissions() != null && roleInfo.getPermissions().length > 0) { + permissions = new Permission[roleInfo.getPermissions().length]; + for (int i = 0; i < permissions.length; i++) { + String permission = roleInfo.getPermissions()[i]; + permissions[i] = new Permission(permission, CarbonConstants.UI_PERMISSION_ACTION); + } + } + userStoreManager.addRole(roleInfo.getRoleName(), roleInfo.getUsers(), permissions); //TODO fix what's returned in the entity return Response.created(new URI(API_BASE_PATH + "/" + roleInfo.getRoleName())).entity( @@ -194,7 +247,7 @@ public class RoleManagementServiceImpl implements RoleManagementService { final UserRealm userRealm = DeviceMgtAPIUtils.getUserRealm(); final UserStoreManager userStoreManager = userRealm.getUserStoreManager(); if (!userStoreManager.isExistingRole(roleName)) { - return Response.status(Response.Status.NOT_FOUND).entity( + return Response.status(404).entity( new ErrorResponse.ErrorResponseBuilder().setMessage("No role exists with the name '" + roleName + "'").build()).build(); } @@ -220,12 +273,14 @@ public class RoleManagementServiceImpl implements RoleManagementService { userStoreManager.updateUserListOfRole(newRoleName, usersToDelete, usersToAdd); } - if (roleInfo.getScopes() != null) { - ScopeManagementService scopeManagementService = DeviceMgtAPIUtils.getScopeManagementService(); - if (scopeManagementService == null) { - log.error("Scope management service initialization is failed, hence scopes will not be updated"); - } else { - scopeManagementService.updateScopes(roleInfo.getScopes(), roleName); + if (roleInfo.getPermissions() != null) { + // Delete all authorizations for the current role before authorizing the permission tree + authorizationManager.clearRoleAuthorization(roleName); + if (roleInfo.getPermissions().length > 0) { + for (int i = 0; i < roleInfo.getPermissions().length; i++) { + String permission = roleInfo.getPermissions()[i]; + authorizationManager.authorizeRole(roleName, permission, CarbonConstants.UI_PERMISSION_ACTION); + } } } //TODO: Need to send the updated role information in the entity back to the client @@ -236,11 +291,6 @@ public class RoleManagementServiceImpl implements RoleManagementService { log.error(msg, e); return Response.serverError().entity( new ErrorResponse.ErrorResponseBuilder().setMessage(msg).build()).build(); - } catch (ScopeManagementException e) { - String msg = "Error occurred while updating scopes of role '" + roleName + "'"; - log.error(msg, e); - return Response.serverError().entity( - new ErrorResponse.ErrorResponseBuilder().setMessage(msg).build()).build(); } } @@ -249,12 +299,11 @@ public class RoleManagementServiceImpl implements RoleManagementService { @Override public Response deleteRole(@PathParam("roleName") String roleName) { RequestValidationUtil.validateRoleName(roleName); - try { final UserRealm userRealm = DeviceMgtAPIUtils.getUserRealm(); final UserStoreManager userStoreManager = userRealm.getUserStoreManager(); if (!userStoreManager.isExistingRole(roleName)) { - return Response.status(Response.Status.NOT_FOUND).entity( + return Response.status(404).entity( new ErrorResponse.ErrorResponseBuilder().setMessage("No role exists with the name '" + roleName + "'").build()).build(); } @@ -267,26 +316,12 @@ public class RoleManagementServiceImpl implements RoleManagementService { // Delete all authorizations for the current role before deleting authorizationManager.clearRoleAuthorization(roleName); - //removing scopes - ScopeManagementService scopeManagementService = DeviceMgtAPIUtils.getScopeManagementService(); - if (scopeManagementService == null) { - log.error("Scope management service initialization is failed, hence scopes will not be updated"); - } else { - scopeManagementService.removeScopes(roleName); - } - - return Response.status(Response.Status.OK).entity("Role '" + roleName + "' has " + - "successfully been deleted").build(); + return Response.status(Response.Status.OK).build(); } catch (UserStoreException e) { String msg = "Error occurred while deleting the role '" + roleName + "'"; log.error(msg, e); return Response.serverError().entity( new ErrorResponse.ErrorResponseBuilder().setMessage(msg).build()).build(); - } catch (ScopeManagementException e) { - String msg = "Error occurred while deleting scopes of role '" + roleName + "'"; - log.error(msg, e); - return Response.serverError().entity( - new ErrorResponse.ErrorResponseBuilder().setMessage(msg).build()).build(); } } diff --git a/components/device-mgt/org.wso2.carbon.device.mgt.common/src/main/java/org/wso2/carbon/device/mgt/common/permission/mgt/Permission.java b/components/device-mgt/org.wso2.carbon.device.mgt.common/src/main/java/org/wso2/carbon/device/mgt/common/permission/mgt/Permission.java index 6ba2f675c0a..ff194a7b86f 100644 --- a/components/device-mgt/org.wso2.carbon.device.mgt.common/src/main/java/org/wso2/carbon/device/mgt/common/permission/mgt/Permission.java +++ b/components/device-mgt/org.wso2.carbon.device.mgt.common/src/main/java/org/wso2/carbon/device/mgt/common/permission/mgt/Permission.java @@ -26,18 +26,10 @@ import javax.xml.bind.annotation.XmlRootElement; */ public class Permission { + private String name; // permission name + private String path; // permission string private String url; // url of the resource - private String urlTemplate; // resource template private String method; // http method - private String context; - - public String getContext() { - return context; - } - - public void setContext(String context) { - this.context = context; - } public String getUrl() { return url; @@ -55,11 +47,19 @@ public class Permission { this.method = method; } - public String getUrlTemplate() { - return urlTemplate; + public String getName() { + return name; + } + + public void setName(String name) { + this.name = name; + } + + public String getPath() { + return path; } - public void setUrlTemplate(String urlTemplate) { - this.urlTemplate = urlTemplate; + public void setPath(String path) { + this.path = path; } } diff --git a/components/device-mgt/org.wso2.carbon.device.mgt.common/src/main/java/org/wso2/carbon/device/mgt/common/permission/mgt/PermissionManagerService.java b/components/device-mgt/org.wso2.carbon.device.mgt.common/src/main/java/org/wso2/carbon/device/mgt/common/permission/mgt/PermissionManagerService.java index 10bb59bcb4d..5a310136632 100644 --- a/components/device-mgt/org.wso2.carbon.device.mgt.common/src/main/java/org/wso2/carbon/device/mgt/common/permission/mgt/PermissionManagerService.java +++ b/components/device-mgt/org.wso2.carbon.device.mgt.common/src/main/java/org/wso2/carbon/device/mgt/common/permission/mgt/PermissionManagerService.java @@ -32,7 +32,7 @@ public interface PermissionManagerService { * @throws PermissionManagementException If some unusual behaviour is observed while adding the * permission. */ - void addPermission(Permission permission) throws PermissionManagementException; + boolean addPermission(Permission permission) throws PermissionManagementException; /** * diff --git a/components/device-mgt/org.wso2.carbon.device.mgt.core/src/main/java/org/wso2/carbon/device/mgt/core/authorization/DeviceAccessAuthorizationServiceImpl.java b/components/device-mgt/org.wso2.carbon.device.mgt.core/src/main/java/org/wso2/carbon/device/mgt/core/authorization/DeviceAccessAuthorizationServiceImpl.java index 60b791a5fad..a5ac284b998 100644 --- a/components/device-mgt/org.wso2.carbon.device.mgt.core/src/main/java/org/wso2/carbon/device/mgt/core/authorization/DeviceAccessAuthorizationServiceImpl.java +++ b/components/device-mgt/org.wso2.carbon.device.mgt.core/src/main/java/org/wso2/carbon/device/mgt/core/authorization/DeviceAccessAuthorizationServiceImpl.java @@ -48,6 +48,7 @@ import java.util.Map; public class DeviceAccessAuthorizationServiceImpl implements DeviceAccessAuthorizationService { private final static String CDM_ADMIN_PERMISSION = "/device-mgt/admin"; + private final static String CDM_ADMIN = "Device Management Administrator"; private static Log log = LogFactory.getLog(DeviceAccessAuthorizationServiceImpl.class); public DeviceAccessAuthorizationServiceImpl() { @@ -243,7 +244,10 @@ public class DeviceAccessAuthorizationServiceImpl implements DeviceAccessAuthori } private boolean addAdminPermissionToRegistry() throws PermissionManagementException { - return PermissionUtils.putPermission(PermissionUtils.getAbsolutePermissionPath(CDM_ADMIN_PERMISSION)); + Permission permission = new Permission(); + permission.setName(CDM_ADMIN); + permission.setPath(CDM_ADMIN_PERMISSION); + return PermissionUtils.putPermission(permission); } private Map getOwnershipOfDevices(List devices) { diff --git a/components/device-mgt/org.wso2.carbon.device.mgt.core/src/main/java/org/wso2/carbon/device/mgt/core/config/permission/AnnotationProcessor.java b/components/device-mgt/org.wso2.carbon.device.mgt.core/src/main/java/org/wso2/carbon/device/mgt/core/config/permission/AnnotationProcessor.java index a847255a6e6..855698032bf 100644 --- a/components/device-mgt/org.wso2.carbon.device.mgt.core/src/main/java/org/wso2/carbon/device/mgt/core/config/permission/AnnotationProcessor.java +++ b/components/device-mgt/org.wso2.carbon.device.mgt.core/src/main/java/org/wso2/carbon/device/mgt/core/config/permission/AnnotationProcessor.java @@ -21,8 +21,8 @@ package org.wso2.carbon.device.mgt.core.config.permission; import org.apache.catalina.core.StandardContext; import org.apache.commons.logging.Log; import org.apache.commons.logging.LogFactory; -import org.scannotation.AnnotationDB; import org.wso2.carbon.apimgt.annotations.api.API; +import org.wso2.carbon.device.mgt.common.permission.mgt.Permission; import javax.servlet.ServletContext; import javax.ws.rs.*; @@ -91,21 +91,20 @@ public class AnnotationProcessor { * @param entityClasses * @return */ - public List - extractPermissions(Set entityClasses) { + public List + extractPermissions(Set entityClasses) { - List permissions = new ArrayList<>(); + List permissions = new ArrayList<>(); if (entityClasses != null && !entityClasses.isEmpty()) { for (final String className : entityClasses) { - List resourcePermissions = + List resourcePermissions = AccessController.doPrivileged(new PrivilegedAction>() { public List run() { Class clazz; - List apiPermissions = - new ArrayList<>(); + List apiPermissions = new ArrayList<>(); try { clazz = classLoader.loadClass(className); @@ -114,7 +113,7 @@ public class AnnotationProcessor { .class.getName()); Annotation apiAnno = clazz.getAnnotation(apiClazz); - List resourceList; + List resourceList; if (apiAnno != null) { @@ -170,15 +169,13 @@ public class AnnotationProcessor { * @return * @throws Throwable */ - private List - getApiResources(String resourceRootContext, Method[] annotatedMethods) throws Throwable { + private List getApiResources(String resourceRootContext, Method[] annotatedMethods) throws Throwable { - List permissions = new ArrayList<>(); + List permissions = new ArrayList<>(); + Permission permission; String subCtx; for (Method method : annotatedMethods) { Annotation[] annotations = method.getDeclaredAnnotations(); - org.wso2.carbon.device.mgt.common.permission.mgt.Permission permission = - new org.wso2.carbon.device.mgt.common.permission.mgt.Permission(); if (isHttpMethodAvailable(annotations)) { Annotation methodContextAnno = method.getAnnotation(pathClazz); @@ -187,9 +184,7 @@ public class AnnotationProcessor { } else { subCtx = WILD_CARD; } - permission.setContext(makeContextURLReady(resourceRootContext)); - permission.setUrlTemplate(makeContextURLReady(subCtx)); - + permission = new Permission(); // this check is added to avoid url resolving conflict which happens due // to adding of '*' notation for dynamic path variables. if (WILD_CARD.equals(subCtx)) { @@ -203,10 +198,14 @@ public class AnnotationProcessor { httpMethod = getHTTPMethodAnnotation(annotations[i]); if (httpMethod != null) { permission.setMethod(httpMethod); - break; + } + if (annotations[i].annotationType().getName(). + equals(org.wso2.carbon.apimgt.annotations.api.Permission.class.getName())) { + this.setPermission(method, permission); } } permissions.add(permission); + } } return permissions; @@ -214,6 +213,7 @@ public class AnnotationProcessor { /** * Read Method annotations indicating HTTP Methods + * * @param annotation */ private String getHTTPMethodAnnotation(Annotation annotation) { @@ -255,7 +255,7 @@ public class AnnotationProcessor { * @return */ private String makeContextURLReady(String context) { - if (context != null && ! context.isEmpty()) { + if (context != null && !context.isEmpty()) { if (context.startsWith("/")) { return context; } else { @@ -294,19 +294,15 @@ public class AnnotationProcessor { * @param servletContext * @return null if cannot determin /WEB-INF/classes */ - public static URL findWebInfClassesPath(ServletContext servletContext) - { + public static URL findWebInfClassesPath(ServletContext servletContext) { String path = servletContext.getRealPath("/WEB-INF/classes"); if (path == null) return null; File fp = new File(path); if (fp.exists() == false) return null; - try - { + try { URI uri = fp.toURI(); return uri.toURL(); - } - catch (MalformedURLException e) - { + } catch (MalformedURLException e) { throw new RuntimeException(e); } } @@ -329,4 +325,24 @@ public class AnnotationProcessor { return replacedPath.toString(); } + private void setPermission(Method currentMethod, Permission permission) throws Throwable { + Class permissionClass = + (Class) classLoader. + loadClass(org.wso2.carbon.apimgt.annotations.api.Permission.class.getName()); + Annotation permissionAnnotation = currentMethod.getAnnotation(permissionClass); + if (permissionClass != null) { + Method[] permissionClassMethods = permissionClass.getMethods(); + for (Method method : permissionClassMethods) { + switch (method.getName()) { + case "name": + permission.setName(invokeMethod(method, permissionAnnotation, STRING)); + break; + case "permission": + permission.setPath(invokeMethod(method, permissionAnnotation, STRING)); + break; + } + } + } + } + } diff --git a/components/device-mgt/org.wso2.carbon.device.mgt.core/src/main/java/org/wso2/carbon/device/mgt/core/config/permission/PermissionConfiguration.java b/components/device-mgt/org.wso2.carbon.device.mgt.core/src/main/java/org/wso2/carbon/device/mgt/core/config/permission/PermissionConfiguration.java deleted file mode 100644 index 7911ff7cdfc..00000000000 --- a/components/device-mgt/org.wso2.carbon.device.mgt.core/src/main/java/org/wso2/carbon/device/mgt/core/config/permission/PermissionConfiguration.java +++ /dev/null @@ -1,51 +0,0 @@ -/* - * Copyright (c) 2015, WSO2 Inc. (http://www.wso2.org) All Rights Reserved. - * - * WSO2 Inc. licenses this file to you under the Apache License, - * Version 2.0 (the "License"); you may not use this file except - * in compliance with the License. - * you may obtain a copy of the License at - * - * http://www.apache.org/licenses/LICENSE-2.0 - * - * Unless required by applicable law or agreed to in writing, - * software distributed under the License is distributed on an - * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY - * KIND, either express or implied. See the License for the - * specific language governing permissions and limitations - * under the License. - */ - -package org.wso2.carbon.device.mgt.core.config.permission; - -import org.wso2.carbon.device.mgt.common.permission.mgt.Permission; - -import javax.xml.bind.annotation.XmlElement; -import javax.xml.bind.annotation.XmlRootElement; -import java.util.List; - -/** - * This class represents the information related to permissions. - */ -public class PermissionConfiguration { - - private String scopeName; - private String[] permissions; - - public String getScopeName() { - return scopeName; - } - - public void setScopeName(String scope) { - this.scopeName = scope; - } - - public String[] getPermissions() { - return permissions; - } - - public void setPermissions(String[] permissions) { - this.permissions = permissions; - } - -} diff --git a/components/device-mgt/org.wso2.carbon.device.mgt.core/src/main/java/org/wso2/carbon/device/mgt/core/config/permission/lifecycle/WebAppDeploymentLifecycleListener.java b/components/device-mgt/org.wso2.carbon.device.mgt.core/src/main/java/org/wso2/carbon/device/mgt/core/config/permission/lifecycle/WebAppDeploymentLifecycleListener.java index fbde8047e3f..8b7f5b9bca9 100644 --- a/components/device-mgt/org.wso2.carbon.device.mgt.core/src/main/java/org/wso2/carbon/device/mgt/core/config/permission/lifecycle/WebAppDeploymentLifecycleListener.java +++ b/components/device-mgt/org.wso2.carbon.device.mgt.core/src/main/java/org/wso2/carbon/device/mgt/core/config/permission/lifecycle/WebAppDeploymentLifecycleListener.java @@ -28,17 +28,10 @@ import org.wso2.carbon.device.mgt.common.permission.mgt.Permission; import org.wso2.carbon.device.mgt.common.permission.mgt.PermissionManagementException; import org.wso2.carbon.device.mgt.common.permission.mgt.PermissionManagerService; import org.wso2.carbon.device.mgt.core.config.permission.AnnotationProcessor; -import org.wso2.carbon.device.mgt.core.config.permission.PermissionConfiguration; import org.wso2.carbon.device.mgt.core.permission.mgt.PermissionManagerServiceImpl; -import org.wso2.carbon.device.mgt.core.permission.mgt.PermissionUtils; import javax.servlet.ServletContext; -import javax.xml.bind.JAXBContext; -import javax.xml.bind.JAXBException; -import javax.xml.bind.Unmarshaller; -import java.io.File; import java.io.IOException; -import java.io.InputStream; import java.util.List; import java.util.Set; diff --git a/components/device-mgt/org.wso2.carbon.device.mgt.core/src/main/java/org/wso2/carbon/device/mgt/core/internal/DeviceManagementServiceComponent.java b/components/device-mgt/org.wso2.carbon.device.mgt.core/src/main/java/org/wso2/carbon/device/mgt/core/internal/DeviceManagementServiceComponent.java index 03a96ea520a..a7827370ad5 100644 --- a/components/device-mgt/org.wso2.carbon.device.mgt.core/src/main/java/org/wso2/carbon/device/mgt/core/internal/DeviceManagementServiceComponent.java +++ b/components/device-mgt/org.wso2.carbon.device.mgt.core/src/main/java/org/wso2/carbon/device/mgt/core/internal/DeviceManagementServiceComponent.java @@ -31,7 +31,6 @@ import org.wso2.carbon.device.mgt.common.notification.mgt.NotificationManagement import org.wso2.carbon.device.mgt.common.operation.mgt.OperationManagementException; import org.wso2.carbon.device.mgt.common.operation.mgt.OperationManager; import org.wso2.carbon.device.mgt.common.permission.mgt.PermissionManagerService; -import org.wso2.carbon.device.mgt.common.scope.mgt.ScopeManagementService; import org.wso2.carbon.device.mgt.common.spi.DeviceManagementService; import org.wso2.carbon.device.mgt.core.DeviceManagementConstants; import org.wso2.carbon.device.mgt.core.DeviceManagementPluginRepository; @@ -52,7 +51,6 @@ import org.wso2.carbon.device.mgt.core.operation.mgt.OperationManagerImpl; import org.wso2.carbon.device.mgt.core.operation.mgt.dao.OperationManagementDAOFactory; import org.wso2.carbon.device.mgt.core.permission.mgt.PermissionManagerServiceImpl; import org.wso2.carbon.device.mgt.core.push.notification.mgt.PushNotificationProviderRepository; -import org.wso2.carbon.device.mgt.core.scope.mgt.ScopeManagementServiceImpl; import org.wso2.carbon.device.mgt.core.scope.mgt.dao.ScopeManagementDAOFactory; import org.wso2.carbon.device.mgt.core.service.DeviceManagementProviderService; import org.wso2.carbon.device.mgt.core.service.DeviceManagementProviderServiceImpl; @@ -243,9 +241,10 @@ public class DeviceManagementServiceComponent { = new NotificationManagementServiceImpl(); bundleContext.registerService(NotificationManagementService.class.getName(), notificationManagementService, null); - /* Registering Scope Management Service */ - ScopeManagementService scopeManagementService = new ScopeManagementServiceImpl(); - bundleContext.registerService(ScopeManagementService.class.getName(), scopeManagementService, null); + /* Registering PermissionManager Service */ + PermissionManagerService permissionManagerService + = PermissionManagerServiceImpl.getInstance(); + bundleContext.registerService(PermissionManagerService.class.getName(), permissionManagerService, null); /* Registering DeviceAccessAuthorization Service */ DeviceAccessAuthorizationService deviceAccessAuthorizationService = new DeviceAccessAuthorizationServiceImpl(); diff --git a/components/device-mgt/org.wso2.carbon.device.mgt.core/src/main/java/org/wso2/carbon/device/mgt/core/permission/mgt/PermissionManagerServiceImpl.java b/components/device-mgt/org.wso2.carbon.device.mgt.core/src/main/java/org/wso2/carbon/device/mgt/core/permission/mgt/PermissionManagerServiceImpl.java index 0cdae216175..1cd85960f03 100644 --- a/components/device-mgt/org.wso2.carbon.device.mgt.core/src/main/java/org/wso2/carbon/device/mgt/core/permission/mgt/PermissionManagerServiceImpl.java +++ b/components/device-mgt/org.wso2.carbon.device.mgt.core/src/main/java/org/wso2/carbon/device/mgt/core/permission/mgt/PermissionManagerServiceImpl.java @@ -53,9 +53,11 @@ public class PermissionManagerServiceImpl implements PermissionManagerService { } @Override - public void addPermission(Permission permission) throws PermissionManagementException { + public boolean addPermission(Permission permission) throws PermissionManagementException { // adding a permission to the tree + permission.setPath(PermissionUtils.getAbsolutePermissionPath(permission.getPath())); permissionTree.addPermission(permission); + return PermissionUtils.putPermission(permission); } @Override diff --git a/components/device-mgt/org.wso2.carbon.device.mgt.core/src/main/java/org/wso2/carbon/device/mgt/core/permission/mgt/PermissionUtils.java b/components/device-mgt/org.wso2.carbon.device.mgt.core/src/main/java/org/wso2/carbon/device/mgt/core/permission/mgt/PermissionUtils.java index 9f73a36e1c1..35f6a6d6eb1 100644 --- a/components/device-mgt/org.wso2.carbon.device.mgt.core/src/main/java/org/wso2/carbon/device/mgt/core/permission/mgt/PermissionUtils.java +++ b/components/device-mgt/org.wso2.carbon.device.mgt.core/src/main/java/org/wso2/carbon/device/mgt/core/permission/mgt/PermissionUtils.java @@ -66,24 +66,23 @@ public class PermissionUtils { return contextPath + url; } - // public static Permission getPermission(String path) throws PermissionManagementException { -// try { -// Resource resource = PermissionUtils.getGovernanceRegistry().get(path); -// Permission permission = new Permission(); -// permission.setName(resource.getProperty(PERMISSION_PROPERTY_NAME)); -// permission.setPath(resource.getPath()); -// return permission; -// } catch (RegistryException e) { -// throw new PermissionManagementException("Error in retrieving registry resource : " + -// e.getMessage(), e); -// } -// } -// - public static boolean putPermission(String permissionPath) - throws PermissionManagementException { + public static Permission getPermission(String path) throws PermissionManagementException { + try { + Resource resource = PermissionUtils.getGovernanceRegistry().get(path); + Permission permission = new Permission(); + permission.setName(resource.getProperty(PERMISSION_PROPERTY_NAME)); + permission.setPath(resource.getPath()); + return permission; + } catch (RegistryException e) { + throw new PermissionManagementException("Error in retrieving registry resource : " + + e.getMessage(), e); + } + } + + public static boolean putPermission(Permission permission) throws PermissionManagementException { boolean status; try { - StringTokenizer tokenizer = new StringTokenizer(permissionPath, "/"); + StringTokenizer tokenizer = new StringTokenizer(permission.getPath(), "/"); String lastToken = "", currentToken, tempPath; while (tokenizer.hasMoreTokens()) { currentToken = tokenizer.nextToken(); @@ -95,7 +94,8 @@ public class PermissionUtils { } status = true; } catch (RegistryException e) { - throw new PermissionManagementException("Error occurred while persisting permission", e); + throw new PermissionManagementException("Error occurred while persisting permission : " + + permission.getName(), e); } return status; } @@ -116,17 +116,17 @@ public class PermissionUtils { return PermissionUtils.getGovernanceRegistry().resourceExists(path); } - public static Document convertToDocument(File file) throws PermissionManagementException { - DocumentBuilderFactory factory = DocumentBuilderFactory.newInstance(); - factory.setNamespaceAware(true); - try { - DocumentBuilder docBuilder = factory.newDocumentBuilder(); - factory.setFeature(XMLConstants.FEATURE_SECURE_PROCESSING, true); - return docBuilder.parse(file); - } catch (Exception e) { - throw new PermissionManagementException("Error occurred while parsing file, while converting " + - "to a org.w3c.dom.Document", e); - } - } + public static Document convertToDocument(File file) throws PermissionManagementException { + DocumentBuilderFactory factory = DocumentBuilderFactory.newInstance(); + factory.setNamespaceAware(true); + try { + DocumentBuilder docBuilder = factory.newDocumentBuilder(); + factory.setFeature(XMLConstants.FEATURE_SECURE_PROCESSING, true); + return docBuilder.parse(file); + } catch (Exception e) { + throw new PermissionManagementException("Error occurred while parsing file, while converting " + + "to a org.w3c.dom.Document", e); + } + } } diff --git a/components/identity-extensions/org.wso2.carbon.device.mgt.oauth.extensions/src/main/java/org/wso2/carbon/device/mgt/oauth/extensions/validators/PermissionBasedScopeValidator.java b/components/identity-extensions/org.wso2.carbon.device.mgt.oauth.extensions/src/main/java/org/wso2/carbon/device/mgt/oauth/extensions/validators/PermissionBasedScopeValidator.java index b4a5521e0ba..a032df38a3a 100644 --- a/components/identity-extensions/org.wso2.carbon.device.mgt.oauth.extensions/src/main/java/org/wso2/carbon/device/mgt/oauth/extensions/validators/PermissionBasedScopeValidator.java +++ b/components/identity-extensions/org.wso2.carbon.device.mgt.oauth.extensions/src/main/java/org/wso2/carbon/device/mgt/oauth/extensions/validators/PermissionBasedScopeValidator.java @@ -60,7 +60,7 @@ public class PermissionBasedScopeValidator extends OAuth2ScopeValidator { @Override public boolean validateScope(AccessTokenDO accessTokenDO, String resource) throws IdentityOAuth2Exception { - boolean status = false; + boolean status = true; //Extract the url & http method int idx = resource.lastIndexOf(':'); String url = resource.substring(0, idx); @@ -80,6 +80,12 @@ public class PermissionBasedScopeValidator extends OAuth2ScopeValidator { Permission permission = permissionManagerService.getPermission(properties); User authzUser = accessTokenDO.getAuthzUser(); if ((permission != null) && (authzUser != null)) { + if (permission.getPath() == null) { + if (log.isDebugEnabled()) { + log.debug("Permission is not defined for the resource '" + resource + "'"); + } + return true; + } String username = authzUser.getUserName(); String userStore = authzUser.getUserStoreDomain(); int tenantId = OAuthExtUtils.getTenantId(authzUser.getTenantDomain()); @@ -87,11 +93,11 @@ public class PermissionBasedScopeValidator extends OAuth2ScopeValidator { if (userRealm != null && userRealm.getAuthorizationManager() != null) { if (userStore != null) { status = userRealm.getAuthorizationManager() - .isUserAuthorized(userStore + "/" + username, permission.getUrl(), + .isUserAuthorized(userStore + "/" + username, permission.getPath(), PermissionMethod.UI_EXECUTE); } else { status = userRealm.getAuthorizationManager() - .isUserAuthorized(username, permission.getUrl(), PermissionMethod.UI_EXECUTE); + .isUserAuthorized(username, permission.getPath(), PermissionMethod.UI_EXECUTE); } } } diff --git a/components/webapp-authenticator-framework/org.wso2.carbon.webapp.authenticator.framework/src/main/java/org/wso2/carbon/webapp/authenticator/framework/Utils/Utils.java b/components/webapp-authenticator-framework/org.wso2.carbon.webapp.authenticator.framework/src/main/java/org/wso2/carbon/webapp/authenticator/framework/Utils/Utils.java index 163e8287fe2..ac0130a39f1 100644 --- a/components/webapp-authenticator-framework/org.wso2.carbon.webapp.authenticator.framework/src/main/java/org/wso2/carbon/webapp/authenticator/framework/Utils/Utils.java +++ b/components/webapp-authenticator-framework/org.wso2.carbon.webapp.authenticator.framework/src/main/java/org/wso2/carbon/webapp/authenticator/framework/Utils/Utils.java @@ -86,15 +86,4 @@ public class Utils { } } - public static String getResourceUri(String url, String httpMethod) throws PermissionManagementException { - properties = new Properties(); - properties.put(URL_PROPERTY, url); - properties.put(HTTP_METHOD_PROPERTY, httpMethod); - permission = permissionManagerService.getPermission(properties); - if (permission != null) { - return permission.getContext() + "/1.0.0/1.0.0" + permission.getUrlTemplate() + ":" + permission.getMethod(); - } - return null; - } - } diff --git a/components/webapp-authenticator-framework/org.wso2.carbon.webapp.authenticator.framework/src/main/java/org/wso2/carbon/webapp/authenticator/framework/authenticator/OAuthAuthenticator.java b/components/webapp-authenticator-framework/org.wso2.carbon.webapp.authenticator.framework/src/main/java/org/wso2/carbon/webapp/authenticator/framework/authenticator/OAuthAuthenticator.java index f6169eace91..797a4f5afd0 100644 --- a/components/webapp-authenticator-framework/org.wso2.carbon.webapp.authenticator.framework/src/main/java/org/wso2/carbon/webapp/authenticator/framework/authenticator/OAuthAuthenticator.java +++ b/components/webapp-authenticator-framework/org.wso2.carbon.webapp.authenticator.framework/src/main/java/org/wso2/carbon/webapp/authenticator/framework/authenticator/OAuthAuthenticator.java @@ -121,17 +121,7 @@ public class OAuthAuthenticator implements WebappAuthenticator { } else { String bearerToken = getBearerToken(request); - int urlParamIndex = requestUri.indexOf('?'); - if(urlParamIndex > 0) { - requestUri = requestUri.substring(0, urlParamIndex); - } - String resource = Utils.getResourceUri(requestUri, requestMethod); - - if (resource == null || resource.isEmpty()) { - authenticationInfo.setStatus(Status.FAILURE); - authenticationInfo.setMessage("Authorization failed. Requested API resource does not exist"); - return authenticationInfo; - } + String resource = requestUri + ":" + requestMethod; OAuthValidationResponse oAuthValidationResponse = this.tokenValidator.validateToken(bearerToken, resource); @@ -153,8 +143,6 @@ public class OAuthAuthenticator implements WebappAuthenticator { log.error("Failed to authenticate the incoming request", e); } catch (OAuthTokenValidationException e) { log.error("Failed to authenticate the incoming request due to oauth token validation error.", e); - } catch (PermissionManagementException e) { - log.error("Failed to authenticate the incoming request due to error in permission initialization", e); } return authenticationInfo; }