Merge branch 'release-2.0.x' of https://github.com/wso2/carbon-device-mgt into release-2.0.x

revert-70aa11f8
Imesh Chandrasiri 8 years ago
commit 153e3bb719

@ -22,13 +22,13 @@
<parent>
<artifactId>apimgt-extensions</artifactId>
<groupId>org.wso2.carbon.devicemgt</groupId>
<version>2.0.7-SNAPSHOT</version>
<version>2.0.8-SNAPSHOT</version>
<relativePath>../pom.xml</relativePath>
</parent>
<modelVersion>4.0.0</modelVersion>
<artifactId>org.wso2.carbon.apimgt.annotations</artifactId>
<version>2.0.7-SNAPSHOT</version>
<version>2.0.8-SNAPSHOT</version>
<packaging>bundle</packaging>
<name>WSO2 Carbon - API Management Annotations</name>
<description>WSO2 Carbon - API Management Custom Annotation Module</description>

@ -21,12 +21,12 @@
<parent>
<artifactId>apimgt-extensions</artifactId>
<groupId>org.wso2.carbon.devicemgt</groupId>
<version>2.0.7-SNAPSHOT</version>
<version>2.0.8-SNAPSHOT</version>
<relativePath>../pom.xml</relativePath>
</parent>
<modelVersion>4.0.0</modelVersion>
<version>2.0.7-SNAPSHOT</version>
<version>2.0.8-SNAPSHOT</version>
<artifactId>org.wso2.carbon.apimgt.application.extension.api</artifactId>
<packaging>war</packaging>
<name>WSO2 Carbon - API Application Management API</name>
@ -173,6 +173,11 @@
<artifactId>org.wso2.carbon.device.mgt.common</artifactId>
<scope>provided</scope>
</dependency>
<dependency>
<groupId>org.wso2.carbon</groupId>
<artifactId>org.wso2.carbon.registry.core</artifactId>
<scope>provided</scope>
</dependency>
</dependencies>
<build>

@ -56,6 +56,9 @@ public class ApiPermissionFilter implements Filter {
PermissionConfiguration permissionConfiguration = (PermissionConfiguration)
unmarshaller.unmarshal(permissionStream);
permissions = permissionConfiguration.getPermissions();
for (Permission permission : permissions) {
APIUtil.putPermission(PERMISSION_PREFIX + permission.getPath());
}
} catch (JAXBException e) {
log.error("invalid permissions.xml", e);
}

@ -21,12 +21,18 @@ package org.wso2.carbon.apimgt.application.extension.api.util;
import org.apache.commons.logging.Log;
import org.apache.commons.logging.LogFactory;
import org.wso2.carbon.apimgt.application.extension.APIManagementProviderService;
import org.wso2.carbon.base.MultitenantConstants;
import org.wso2.carbon.context.PrivilegedCarbonContext;
import org.wso2.carbon.device.mgt.common.DeviceManagementException;
import org.wso2.carbon.device.mgt.core.service.DeviceManagementProviderService;
import org.wso2.carbon.registry.api.Resource;
import org.wso2.carbon.registry.core.Registry;
import org.wso2.carbon.registry.core.exceptions.RegistryException;
import org.wso2.carbon.registry.core.service.RegistryService;
import org.wso2.carbon.user.core.service.RealmService;
import java.util.List;
import java.util.StringTokenizer;
/**
* This class provides utility functions used by REST-API.
@ -35,6 +41,8 @@ public class APIUtil {
private static Log log = LogFactory.getLog(APIUtil.class);
private static final String DEFAULT_CDMF_API_TAG = "device_management";
private static final String DEFAULT_CERT_API_TAG = "scep_management";
public static final String PERMISSION_PROPERTY_NAME = "name";
public static String getAuthenticatedUser() {
PrivilegedCarbonContext threadLocalCarbonContext = PrivilegedCarbonContext.getThreadLocalCarbonContext();
@ -48,8 +56,7 @@ public class APIUtil {
public static String getTenantDomainOftheUser() {
PrivilegedCarbonContext threadLocalCarbonContext = PrivilegedCarbonContext.getThreadLocalCarbonContext();
String tenantDomain = threadLocalCarbonContext.getTenantDomain();
return tenantDomain;
return threadLocalCarbonContext.getTenantDomain();
}
public static APIManagementProviderService getAPIManagementProviderService() {
@ -92,6 +99,55 @@ public class APIUtil {
//Todo get allowed cdmf service tags from config.
List<String> allowedApisTags = getDeviceManagementProviderService().getAvailableDeviceTypes();
allowedApisTags.add(DEFAULT_CDMF_API_TAG);
allowedApisTags.add(DEFAULT_CERT_API_TAG);
return allowedApisTags;
}
public static void putPermission(String permission) {
try {
StringTokenizer tokenizer = new StringTokenizer(permission, "/");
String lastToken = "", currentToken, tempPath;
while (tokenizer.hasMoreTokens()) {
currentToken = tokenizer.nextToken();
tempPath = lastToken + "/" + currentToken;
if (!checkResourceExists(tempPath)) {
createRegistryCollection(tempPath, currentToken);
}
lastToken = tempPath;
}
} catch (org.wso2.carbon.registry.api.RegistryException e) {
log.error("Failed to creation permission in registry" + permission, e);
}
}
public static void createRegistryCollection(String path, String resourceName)
throws org.wso2.carbon.registry.api.RegistryException {
Resource resource = getGovernanceRegistry().newCollection();
resource.addProperty(PERMISSION_PROPERTY_NAME, resourceName);
getGovernanceRegistry().beginTransaction();
getGovernanceRegistry().put(path, resource);
getGovernanceRegistry().commitTransaction();
}
public static boolean checkResourceExists(String path)
throws RegistryException {
return getGovernanceRegistry().resourceExists(path);
}
public static Registry getGovernanceRegistry() throws RegistryException {
return getRegistryService().getGovernanceSystemRegistry(MultitenantConstants.SUPER_TENANT_ID);
}
public static RegistryService getRegistryService() {
PrivilegedCarbonContext ctx = PrivilegedCarbonContext.getThreadLocalCarbonContext();
RegistryService registryService =
(RegistryService) ctx.getOSGiService(RegistryService.class, null);
if (registryService == null) {
String msg = "registry service has not initialized.";
log.error(msg);
throw new IllegalStateException(msg);
}
return registryService;
}
}

@ -37,14 +37,14 @@
</Permission>
<Permission>
<name>Register application</name>
<path>/device-mgt/user/api/application</path>
<path>/device-mgt/api/application</path>
<url>/register</url>
<method>POST</method>
<scope>application_user</scope>
</Permission>
<Permission>
<name>Delete application</name>
<path>/device-mgt/user/api/application</path>
<path>/device-mgt/api/application</path>
<url>/unregister</url>
<method>DELETE</method>
<scope>application_user</scope>

@ -35,10 +35,6 @@
<servlet-name>CXFServlet</servlet-name>
<url-pattern>/*</url-pattern>
</servlet-mapping>
<context-param>
<param-name>isAdminService</param-name>
<param-value>false</param-value>
</context-param>
<context-param>
<param-name>doAuthentication</param-name>
<param-value>true</param-value>

@ -22,12 +22,12 @@
<parent>
<artifactId>apimgt-extensions</artifactId>
<groupId>org.wso2.carbon.devicemgt</groupId>
<version>2.0.7-SNAPSHOT</version>
<version>2.0.8-SNAPSHOT</version>
<relativePath>../pom.xml</relativePath>
</parent>
<modelVersion>4.0.0</modelVersion>
<version>2.0.7-SNAPSHOT</version>
<version>2.0.8-SNAPSHOT</version>
<artifactId>org.wso2.carbon.apimgt.application.extension</artifactId>
<packaging>bundle</packaging>
<name>WSO2 Carbon - API Application Management</name>

@ -21,13 +21,13 @@
<parent>
<artifactId>apimgt-extensions</artifactId>
<groupId>org.wso2.carbon.devicemgt</groupId>
<version>2.0.7-SNAPSHOT</version>
<version>2.0.8-SNAPSHOT</version>
<relativePath>../pom.xml</relativePath>
</parent>
<modelVersion>4.0.0</modelVersion>
<artifactId>org.wso2.carbon.apimgt.handlers</artifactId>
<version>2.0.7-SNAPSHOT</version>
<version>2.0.8-SNAPSHOT</version>
<packaging>bundle</packaging>
<name>WSO2 Carbon - API Security Handler Component</name>
<description>WSO2 Carbon - API Management Security Handler Module</description>

@ -38,6 +38,7 @@ import java.net.URI;
import java.net.URISyntaxException;
import java.util.HashMap;
import java.util.Map;
import java.util.StringTokenizer;
/**
* Synapse gateway handler for API authentication.
@ -48,6 +49,12 @@ public class AuthenticationHandler extends AbstractHandler {
private HandlerDescription handlerDesc;
private RESTInvoker restInvoker;
private static final String X_JWT_ASSERTION = "X-JWT-Assertion";
private static final String JWTTOKEN = "JWTToken";
private static final String AUTHORIZATION = "Authorization";
private static final String BEARER = "Bearer ";
private static final String CONTENT_TYPE = "Content-Type";
private IOTServerConfiguration iotServerConfiguration;
/**
@ -62,6 +69,7 @@ public class AuthenticationHandler extends AbstractHandler {
/**
* Handling the message and checking the security.
*
* @param messageContext
* @return
*/
@ -84,14 +92,9 @@ public class AuthenticationHandler extends AbstractHandler {
if (log.isDebugEnabled()) {
log.debug("Verify Cert:\n" + mdmSignature);
}
String accessToken = Utils.getAccessToken(iotServerConfiguration);
String deviceType = this.getDeviceType(messageContext.getTo().getAddress().trim());
URI certVerifyUrl = new URI(iotServerConfiguration.getVerificationEndpoint() + deviceType);
Map<String, String> certVerifyHeaders = new HashMap<>();
certVerifyHeaders.put("Authorization", "Bearer " + accessToken);
certVerifyHeaders.put("Content-Type", "application/json");
Map<String, String> certVerifyHeaders = this.setHeaders();
Certificate certificate = new Certificate();
certificate.setPem(mdmSignature);
@ -104,15 +107,16 @@ public class AuthenticationHandler extends AbstractHandler {
null, certVerifyContent);
String str = response.getContent();
if (str.contains("JWTToken")) {
ValidationResponce validationResponce = gson.fromJson(str, ValidationResponce.class);
// TODO: send the JWT token with user details.
// headers.put("X-JWT-Assertion", validationResponce.getJWTToken());
}
if (log.isDebugEnabled()) {
log.debug("Verify response:" + response.getContent());
log.debug("Response String : " + str);
}
if (response.getHttpStatus() == 200 && str.contains(JWTTOKEN)) {
ValidationResponce validationResponce = gson.fromJson(str, ValidationResponce.class);
headers.put(X_JWT_ASSERTION, validationResponce.getJWTToken());
} else {
return false;
}
} else if (headers.containsKey(AuthConstants.PROXY_MUTUAL_AUTH_HEADER)) {
String subjectDN = headers.get(AuthConstants.PROXY_MUTUAL_AUTH_HEADER).toString();
@ -120,12 +124,10 @@ public class AuthenticationHandler extends AbstractHandler {
if (log.isDebugEnabled()) {
log.debug("Verify subject DN: " + subjectDN);
}
String accessToken = Utils.getAccessToken(iotServerConfiguration);
String deviceType = this.getDeviceType(messageContext.getTo().getAddress().trim());
URI certVerifyUrl = new URI(iotServerConfiguration.getVerificationEndpoint() + deviceType);
Map<String, String> certVerifyHeaders = new HashMap<>();
certVerifyHeaders.put("Authorization", "Bearer " + accessToken);
certVerifyHeaders.put("Content-Type", "application/json");
Map<String, String> certVerifyHeaders = this.setHeaders();
Certificate certificate = new Certificate();
certificate.setPem(subjectDN);
certificate.setTenantId(tenantId);
@ -143,11 +145,9 @@ public class AuthenticationHandler extends AbstractHandler {
if (log.isDebugEnabled()) {
log.debug("Verify Cert:\n" + encodedPem);
}
String accessToken = Utils.getAccessToken(iotServerConfiguration);
URI certVerifyUrl = new URI(iotServerConfiguration.getVerificationEndpoint() + "android");
Map<String, String> certVerifyHeaders = new HashMap<>();
certVerifyHeaders.put("Authorization", "Bearer " + accessToken);
certVerifyHeaders.put("Content-Type", "application/json");
String deviceType = this.getDeviceType(messageContext.getTo().getAddress().trim());
URI certVerifyUrl = new URI(iotServerConfiguration.getVerificationEndpoint() + deviceType);
Map<String, String> certVerifyHeaders = this.setHeaders();
Certificate certificate = new Certificate();
certificate.setPem(encodedPem);
@ -188,13 +188,21 @@ public class AuthenticationHandler extends AbstractHandler {
}
// TODO : take this from the url.
private String getDeviceType(String url) {
if (url.contains("ios")) {
return "ios";
} else if (url.contains("android")) {
return "android";
} else return null;
StringTokenizer parts = new StringTokenizer(url, "/");
while (parts.hasMoreElements()) {
if (parts.nextElement().equals("api")) {
return (String) parts.nextElement();
}
}
return null;
}
private Map<String, String> setHeaders() throws APIMCertificateMGTException {
Map<String, String> map = new HashMap<>();
String accessToken = Utils.getAccessToken(iotServerConfiguration);
map.put(AUTHORIZATION, BEARER + accessToken);
map.put(CONTENT_TYPE, "application/json");
return map;
}
}

@ -22,13 +22,13 @@
<parent>
<artifactId>apimgt-extensions</artifactId>
<groupId>org.wso2.carbon.devicemgt</groupId>
<version>2.0.7-SNAPSHOT</version>
<version>2.0.8-SNAPSHOT</version>
<relativePath>../pom.xml</relativePath>
</parent>
<modelVersion>4.0.0</modelVersion>
<artifactId>org.wso2.carbon.apimgt.webapp.publisher</artifactId>
<version>2.0.7-SNAPSHOT</version>
<version>2.0.8-SNAPSHOT</version>
<packaging>bundle</packaging>
<name>WSO2 Carbon - API Management Webapp Publisher</name>
<description>WSO2 Carbon - API Management Webapp Publisher</description>

@ -73,6 +73,10 @@ public class AnnotationProcessor {
private static final String SWAGGER_ANNOTATIONS_PROPERTIES_CONTEXT = "context";
private static final String SWAGGER_ANNOTATIONS_PROPERTIES_VALUE = "value";
private static final String ANNOTATIONS_SCOPES = "scopes";
private static final String ANNOTATIONS_SCOPE = "scope";
private static final String DEFAULT_SCOPE_NAME = "default admin scope";
private static final String DEFAULT_SCOPE_KEY = "perm:admin";
private static final String DEFAULT_SCOPE_PERMISSION = "/permision/device-mgt";
private static final String PERMISSION_PREFIX = "/permission/admin";
@ -273,7 +277,19 @@ public class AnnotationProcessor {
resource.setProduces(invokeMethod(producesClassMethods[0], producesAnno, STRING_ARR));
}
if (annotations[i].annotationType().getName().equals(ApiOperation.class.getName())) {
resource.setScope(this.getScope(annotations[i]));
Scope scope = this.getScope(annotations[i]);
if (scope != null) {
resource.setScope(scope);
} else {
log.warn("Scope is not defined for '" + makeContextURLReady(resourceRootContext) +
makeContextURLReady(subCtx) + "' endpoint, hence assigning the default scope");
scope = new Scope();
scope.setName(DEFAULT_SCOPE_NAME);
scope.setDescription(DEFAULT_SCOPE_NAME);
scope.setKey(DEFAULT_SCOPE_KEY);
scope.setRoles(DEFAULT_SCOPE_PERMISSION);
resource.setScope(scope);
}
}
}
resourceList.add(resource);
@ -444,19 +460,26 @@ public class AnnotationProcessor {
InvocationHandler methodHandler = Proxy.getInvocationHandler(currentMethod);
Annotation[] extensions = (Annotation[]) methodHandler.invoke(currentMethod,
apiOperation.getMethod(SWAGGER_ANNOTATIONS_EXTENSIONS, null), null);
if (extensions != null) {
methodHandler = Proxy.getInvocationHandler(extensions[0]);
Annotation[] properties = (Annotation[])methodHandler.invoke(extensions[0], extensionClass
.getMethod(SWAGGER_ANNOTATIONS_PROPERTIES,null), null);
Annotation[] properties = (Annotation[]) methodHandler.invoke(extensions[0], extensionClass
.getMethod(SWAGGER_ANNOTATIONS_PROPERTIES, null), null);
String scopeKey;
String propertyName;
for (Annotation property : properties) {
methodHandler = Proxy.getInvocationHandler(property);
String scopeKey = (String) methodHandler.invoke(property, extensionPropertyClass
.getMethod(SWAGGER_ANNOTATIONS_PROPERTIES_VALUE, null),null);
propertyName = (String) methodHandler.invoke(property, extensionPropertyClass
.getMethod(SWAGGER_ANNOTATIONS_PROPERTIES_NAME, null), null);
if (ANNOTATIONS_SCOPE.equals(propertyName)) {
scopeKey = (String) methodHandler.invoke(property, extensionPropertyClass
.getMethod(SWAGGER_ANNOTATIONS_PROPERTIES_VALUE, null), null);
if (scopeKey.isEmpty()) {
return null;
}
return apiScopes.get(scopeKey);
}
}
}
return null;
}
}

@ -22,13 +22,13 @@
<parent>
<groupId>org.wso2.carbon.devicemgt</groupId>
<artifactId>carbon-devicemgt</artifactId>
<version>2.0.7-SNAPSHOT</version>
<version>2.0.8-SNAPSHOT</version>
<relativePath>../../pom.xml</relativePath>
</parent>
<modelVersion>4.0.0</modelVersion>
<artifactId>apimgt-extensions</artifactId>
<version>2.0.7-SNAPSHOT</version>
<version>2.0.8-SNAPSHOT</version>
<packaging>pom</packaging>
<name>WSO2 Carbon - API Management Extensions Component</name>
<url>http://wso2.org</url>

@ -22,7 +22,7 @@
<parent>
<artifactId>certificate-mgt</artifactId>
<groupId>org.wso2.carbon.devicemgt</groupId>
<version>2.0.7-SNAPSHOT</version>
<version>2.0.8-SNAPSHOT</version>
<relativePath>../pom.xml</relativePath>
</parent>

@ -33,11 +33,6 @@
<session-config>
<session-timeout>60</session-timeout>
</session-config>
<context-param>
<param-name>isAdminService</param-name>
<param-value>false</param-value>
</context-param>
<context-param>
<param-name>doAuthentication</param-name>
<param-value>true</param-value>

@ -22,7 +22,7 @@
<parent>
<artifactId>certificate-mgt</artifactId>
<groupId>org.wso2.carbon.devicemgt</groupId>
<version>2.0.7-SNAPSHOT</version>
<version>2.0.8-SNAPSHOT</version>
<relativePath>../pom.xml</relativePath>
</parent>

@ -64,6 +64,12 @@ import javax.ws.rs.core.Response;
description = "Deleting an SSL Certificate",
key = "perm:admin:certificates:delete",
permissions = {"/device-mgt/admin/certificates/delete"}
),
@Scope(
name = "Verify SSL certificate",
description = "Verify SSL certificate",
key = "perm:admin:certificates:verify",
permissions = {"/device-mgt/admin/certificates/verify"}
)
}
)
@ -338,84 +344,8 @@ public interface CertificateManagementAdminService {
defaultValue = "12438035315552875930")
@PathParam("serialNumber") String serialNumber);
// /**
// * Verify IOS Certificate for the API security filter
// *
// * @param certificate to be verified as a String
// * @return Status of the certificate verification.
// */
// @POST
// @Path("/verify/ios")
// @ApiOperation(
// consumes = MediaType.APPLICATION_JSON,
// produces = MediaType.APPLICATION_JSON,
// httpMethod = "POST",
// value = "Verify IOS SSL certificate",
// notes = "Verify IOS Certificate for the API security filter.\n",
// tags = "Certificate Management")
// @ApiResponses(
// value = {
// @ApiResponse(
// code = 200,
// message = "Return the status of the IOS certificate verification.",
// responseHeaders = {
// @ResponseHeader(
// name = "Content-Type",
// description = "The content type of the body")}),
// @ApiResponse(
// code = 400,
// message = "Bad Request. \n Invalid request or validation error.",
// response = ErrorResponse.class)
// })
// Response verifyIOSCertificate(
// @ApiParam(
// name = "certificate",
// value = "The properties to verify certificate. It includes the following: \n" +
// "serial: The unique ID of the certificate. (optional) \n" +
// "pem: mdm-signature of the certificate",
// required = true) EnrollmentCertificate certificate);
//
// /**
// * Verify Android Certificate for the API security filter
// *
// * @param certificate to be verified as a String
// * @return Status of the certificate verification.
// */
// @POST
// @Path("/verify/android")
// @ApiOperation(
// consumes = MediaType.APPLICATION_JSON,
// produces = MediaType.APPLICATION_JSON,
// httpMethod = "POST",
// value = "Verify Android SSL certificate",
// notes = "Verify Android Certificate for the API security filter.\n",
// tags = "Certificate Management")
// @ApiResponses(
// value = {
// @ApiResponse(
// code = 200,
// message = "Return the status of the Android certificate verification.",
// responseHeaders = {
// @ResponseHeader(
// name = "Content-Type",
// description = "The content type of the body")}),
// @ApiResponse(
// code = 400,
// message = "Bad Request. \n Invalid request or validation error.",
// response = ErrorResponse.class)
// })
// Response verifyAndroidCertificate(
// @ApiParam(
// name = "certificate",
// value = "The properties to verify certificate. It includes the following: \n" +
// "serial: The unique ID of the certificate. (optional) \n" +
// "pem: pem String of the certificate",
// required = true) EnrollmentCertificate certificate);
//
/**
* Verify Android Certificate for the API security filter
* Verify Certificate for the API security filter
*
* @param certificate to be verified as a String
* @return Status of the certificate verification.
@ -426,14 +356,20 @@ public interface CertificateManagementAdminService {
consumes = MediaType.APPLICATION_JSON,
produces = MediaType.APPLICATION_JSON,
httpMethod = "POST",
value = "Verify Android SSL certificate",
notes = "Verify Android Certificate for the API security filter.\n",
tags = "Certificate Management")
value = "Verify SSL certificate",
notes = "Verify Certificate for the API security filter.\n",
tags = "Certificate Management",
extensions = {
@Extension(properties = {
@ExtensionProperty(name = SCOPE, value = "perm:admin:certificates:verify")
})
}
)
@ApiResponses(
value = {
@ApiResponse(
code = 200,
message = "Return the status of the Android certificate verification.",
message = "Return the status of the certificate verification.",
responseHeaders = {
@ResponseHeader(
name = "Content-Type",

@ -27,7 +27,9 @@ import javax.ws.rs.*;
import javax.ws.rs.core.Response;
import java.security.cert.X509Certificate;
import java.util.ArrayList;
import java.util.HashMap;
import java.util.List;
import java.util.Map;
@Path("/admin/certificates")
public class CertificateManagementAdminServiceImpl implements CertificateManagementAdminService {
@ -230,10 +232,20 @@ public class CertificateManagementAdminServiceImpl implements CertificateManagem
deviceIdentifier.setId(challengeToken);
deviceIdentifier.setType(DeviceManagementConstants.MobileDeviceTypes.MOBILE_DEVICE_TYPE_IOS);
TenantedDeviceWrapper tenantedDeviceWrapper = scepManager.getValidatedDevice(deviceIdentifier);
//
// var claims = {"http://wso2.org/claims/enduserTenantId": adminUserTenantId,
// "http://wso2.org/claims/enduser": adminUsername};
Map<String, String> claims = new HashMap<>();
claims.put("http://wso2.org/claims/enduserTenantId", String.valueOf(tenantedDeviceWrapper.getTenantId()));
claims.put("http://wso2.org/claims/enduser", tenantedDeviceWrapper.getDevice().getEnrolmentInfo().getOwner());
claims.put("http://wso2.org/claims/deviceIdentifier", tenantedDeviceWrapper.getDevice().getDeviceIdentifier());
claims.put("http://wso2.org/claims/deviceIdType", tenantedDeviceWrapper.getDevice().getType());
JWTClientManagerService jwtClientManagerService = CertificateMgtAPIUtils.getJwtClientManagerService();
String jwdToken = jwtClientManagerService.getJWTClient().getJwtToken(
tenantedDeviceWrapper.getDevice().getEnrolmentInfo().getOwner());
tenantedDeviceWrapper.getDevice().getEnrolmentInfo().getOwner(), claims);
ValidationResponce validationResponce = new ValidationResponce();
validationResponce.setDeviceId(challengeToken);

@ -38,11 +38,6 @@
<session-config>
<session-timeout>60</session-timeout>
</session-config>
<context-param>
<param-name>isAdminService</param-name>
<param-value>false</param-value>
</context-param>
<context-param>
<param-name>doAuthentication</param-name>
<param-value>true</param-value>

@ -21,13 +21,13 @@
<parent>
<groupId>org.wso2.carbon.devicemgt</groupId>
<artifactId>certificate-mgt</artifactId>
<version>2.0.7-SNAPSHOT</version>
<version>2.0.8-SNAPSHOT</version>
<relativePath>../pom.xml</relativePath>
</parent>
<modelVersion>4.0.0</modelVersion>
<artifactId>org.wso2.carbon.certificate.mgt.core</artifactId>
<version>2.0.7-SNAPSHOT</version>
<version>2.0.8-SNAPSHOT</version>
<packaging>bundle</packaging>
<name>WSO2 Carbon - Certificate Management Core</name>
<description>WSO2 Carbon - Certificate Management Core</description>

@ -22,14 +22,14 @@
<parent>
<groupId>org.wso2.carbon.devicemgt</groupId>
<artifactId>carbon-devicemgt</artifactId>
<version>2.0.7-SNAPSHOT</version>
<version>2.0.8-SNAPSHOT</version>
<relativePath>../../pom.xml</relativePath>
</parent>
<modelVersion>4.0.0</modelVersion>
<groupId>org.wso2.carbon.devicemgt</groupId>
<artifactId>certificate-mgt</artifactId>
<version>2.0.7-SNAPSHOT</version>
<version>2.0.8-SNAPSHOT</version>
<packaging>pom</packaging>
<name>WSO2 Carbon - Certificate Management Component</name>
<url>http://wso2.org</url>

@ -22,7 +22,7 @@
<parent>
<artifactId>device-mgt-extensions</artifactId>
<groupId>org.wso2.carbon.devicemgt</groupId>
<version>2.0.7-SNAPSHOT</version>
<version>2.0.8-SNAPSHOT</version>
<relativePath>../pom.xml</relativePath>
</parent>

@ -22,7 +22,7 @@
<parent>
<artifactId>device-mgt-extensions</artifactId>
<groupId>org.wso2.carbon.devicemgt</groupId>
<version>2.0.7-SNAPSHOT</version>
<version>2.0.8-SNAPSHOT</version>
<relativePath>../pom.xml</relativePath>
</parent>

@ -22,7 +22,7 @@
<parent>
<artifactId>device-mgt-extensions</artifactId>
<groupId>org.wso2.carbon.devicemgt</groupId>
<version>2.0.7-SNAPSHOT</version>
<version>2.0.8-SNAPSHOT</version>
<relativePath>../pom.xml</relativePath>
</parent>

@ -22,7 +22,7 @@
<parent>
<artifactId>device-mgt-extensions</artifactId>
<groupId>org.wso2.carbon.devicemgt</groupId>
<version>2.0.7-SNAPSHOT</version>
<version>2.0.8-SNAPSHOT</version>
<relativePath>../pom.xml</relativePath>
</parent>

@ -22,7 +22,7 @@
<parent>
<artifactId>carbon-devicemgt</artifactId>
<groupId>org.wso2.carbon.devicemgt</groupId>
<version>2.0.7-SNAPSHOT</version>
<version>2.0.8-SNAPSHOT</version>
<relativePath>../../pom.xml</relativePath>
</parent>

@ -3,7 +3,7 @@
<parent>
<groupId>org.wso2.carbon.devicemgt</groupId>
<artifactId>device-mgt</artifactId>
<version>2.0.7-SNAPSHOT</version>
<version>2.0.8-SNAPSHOT</version>
<relativePath>../pom.xml</relativePath>
</parent>

@ -22,7 +22,7 @@
<parent>
<groupId>org.wso2.carbon.devicemgt</groupId>
<artifactId>device-mgt</artifactId>
<version>2.0.7-SNAPSHOT</version>
<version>2.0.8-SNAPSHOT</version>
<relativePath>../pom.xml</relativePath>
</parent>

@ -22,7 +22,7 @@
<parent>
<artifactId>device-mgt</artifactId>
<groupId>org.wso2.carbon.devicemgt</groupId>
<version>2.0.7-SNAPSHOT</version>
<version>2.0.8-SNAPSHOT</version>
<relativePath>../pom.xml</relativePath>
</parent>

@ -29,7 +29,6 @@ import io.swagger.annotations.ApiParam;
import io.swagger.annotations.ApiResponse;
import io.swagger.annotations.ApiResponses;
import io.swagger.annotations.ResponseHeader;
import org.json.JSONObject;
import org.wso2.carbon.apimgt.annotations.api.Scope;
import org.wso2.carbon.apimgt.annotations.api.Scopes;
import org.wso2.carbon.device.mgt.common.Device;
@ -80,6 +79,12 @@ import javax.ws.rs.core.Response;
key = "perm:devices:details",
permissions = {"/device-mgt/devices/owning-device/view"}
),
@Scope(
name = "Update the device specified by device id",
description = "Update the device specified by device id",
key = "perm:devices:update",
permissions = {"/device-mgt/devices/owning-device/view"}
),
@Scope(
name = "Delete the device specified by device id",
description = "Delete the device specified by device id",

@ -18,27 +18,36 @@
*/
package org.wso2.carbon.device.mgt.jaxrs.service.api;
import io.swagger.annotations.SwaggerDefinition;
import io.swagger.annotations.Info;
import io.swagger.annotations.ExtensionProperty;
import io.swagger.annotations.Extension;
import io.swagger.annotations.Tag;
import io.swagger.annotations.Api;
import io.swagger.annotations.ApiOperation;
import io.swagger.annotations.ApiParam;
import io.swagger.annotations.ApiResponse;
import io.swagger.annotations.ApiResponses;
import io.swagger.annotations.Extension;
import io.swagger.annotations.ExtensionProperty;
import io.swagger.annotations.Info;
import io.swagger.annotations.ResponseHeader;
import io.swagger.annotations.SwaggerDefinition;
import io.swagger.annotations.Tag;
import org.wso2.carbon.apimgt.annotations.api.Scope;
import org.wso2.carbon.apimgt.annotations.api.Scopes;
import org.wso2.carbon.device.mgt.common.policy.mgt.Policy;
import org.wso2.carbon.device.mgt.jaxrs.beans.ErrorResponse;
import org.wso2.carbon.device.mgt.jaxrs.beans.PolicyWrapper;
import org.wso2.carbon.device.mgt.jaxrs.beans.PriorityUpdatedPolicyWrapper;
import org.wso2.carbon.device.mgt.jaxrs.util.Constants;
import org.wso2.carbon.device.mgt.common.policy.mgt.Policy;
import javax.validation.Valid;
import javax.ws.rs.*;
import javax.validation.constraints.Size;
import javax.ws.rs.Consumes;
import javax.ws.rs.GET;
import javax.ws.rs.HeaderParam;
import javax.ws.rs.POST;
import javax.ws.rs.PUT;
import javax.ws.rs.Path;
import javax.ws.rs.PathParam;
import javax.ws.rs.Produces;
import javax.ws.rs.QueryParam;
import javax.ws.rs.core.MediaType;
import javax.ws.rs.core.Response;
import java.util.List;
@ -118,6 +127,12 @@ import java.util.List;
description = "Updating the Policy Priorities",
key = "perm:policies:priorities",
permissions = {"/device-mgt/policies/manage"}
),
@Scope(
name = "Fetching the Effective Policy",
description = "Fetching the Effective Policy",
key = "perm:policies:effective-policy",
permissions = {"/device-mgt/policies/view"}
)
}
)
@ -605,6 +620,69 @@ public interface PolicyManagementService {
@GET
@Path("/effective-policy/{deviceType}/{deviceId}")
Response getEffectivePolicy(@PathParam("deviceId") String deviceId, @PathParam("deviceType") String deviceType);
@ApiOperation(
consumes = MediaType.APPLICATION_JSON,
produces = MediaType.APPLICATION_JSON,
httpMethod = "GET",
value = "Getting the Effective Policy",
notes = "Retrieve the effective policy of a device using this API.",
tags = "Device Policy Management",
extensions = {
@Extension(properties = {
@ExtensionProperty(name = Constants.SCOPE, value = "perm:policies:effective-policy")
})
}
)
@ApiResponses(
value = {
@ApiResponse(
code = 200,
message = "OK. \n Successfully fetched the policy.",
response = Policy.class,
responseHeaders = {
@ResponseHeader(
name = "Content-Type",
description = "The content type of the body"),
@ResponseHeader(
name = "ETag",
description = "Entity Tag of the response resource.\n" +
"Used by caches, or in conditional requests."),
@ResponseHeader(
name = "Last-Modified",
description = "Date and time the resource was last modified.\n" +
"Used by caches, or in conditional requests."),
}
),
@ApiResponse(
code = 304,
message = "Not Modified. \n Empty body because the client already has the latest version of the requested resource.\n"),
@ApiResponse(
code = 404,
message = "Not Found. \n A specified policy was not found.",
response = ErrorResponse.class),
@ApiResponse(
code = 406,
message = "Not Acceptable.\n The requested media type is not supported."),
@ApiResponse(
code = 500,
message = "Internal Server Error. \n Server error occurred while fetching the " +
"policy.",
response = ErrorResponse.class)
})
Response getEffectivePolicy(
@ApiParam(
name = "deviceType",
value = "The device type, such as ios, android or windows.",
required = true,
allowableValues = "android, ios, windows")
@PathParam("deviceType")
@Size(max = 45)
String deviceType,
@ApiParam(
name = "deviceId",
value = "The device identifier of the device you want ot get details.",
required = true)
@PathParam("deviceId")
@Size(max = 45)
String deviceId);
}

@ -771,11 +771,10 @@ public interface UserManagementService {
value = "Sending Enrollment Invitations to email address",
notes = "Send the a mail inviting recipients to enroll devices.",
tags = "User Management",
authorizations = {
@Authorization(
value = "permission",
scopes = {@AuthorizationScope(scope = "/device-mgt/users/invite", description = "Invite Users")}
)
extensions = {
@Extension(properties = {
@ExtensionProperty(name = Constants.SCOPE, value = "perm:users:send-invitation")
})
}
)
@ApiResponses(value = {

@ -22,9 +22,17 @@ import io.swagger.annotations.Api;
import io.swagger.annotations.ApiOperation;
import io.swagger.annotations.ApiResponse;
import io.swagger.annotations.ApiResponses;
import io.swagger.annotations.Extension;
import io.swagger.annotations.ExtensionProperty;
import io.swagger.annotations.Info;
import io.swagger.annotations.SwaggerDefinition;
import io.swagger.annotations.Tag;
import org.wso2.carbon.apimgt.annotations.api.Scope;
import org.wso2.carbon.apimgt.annotations.api.Scopes;
import org.wso2.carbon.device.mgt.common.authorization.DeviceAuthorizationResult;
import org.wso2.carbon.device.mgt.jaxrs.beans.AuthorizationRequest;
import org.wso2.carbon.device.mgt.jaxrs.beans.ErrorResponse;
import org.wso2.carbon.device.mgt.jaxrs.util.Constants;
import javax.ws.rs.Consumes;
import javax.ws.rs.POST;
@ -37,6 +45,32 @@ import javax.ws.rs.core.Response;
@Api(value = "Device Authorization Administrative Service", description = "This an API intended to be used by " +
"'internal' components to log in as an admin user and validate whether the user/device are trusted entity." +
"Further, this is strictly restricted to admin users only ")
@SwaggerDefinition(
info = @Info(
version = "1.0.0",
title = "",
extensions = {
@Extension(properties = {
@ExtensionProperty(name = "name", value = "DeviceAccessAuthorizationAdminService"),
@ExtensionProperty(name = "context", value = "/api/device-mgt/v1.0/admin/authorization"),
})
}
),
tags = {
@Tag(name = "device_management", description = "")
}
)
@Scopes(
scopes = {
@Scope(
name = "Verify device authorization",
description = "Verify device authorization",
key = "perm:authorization:verify",
permissions = {"/device-mgt/authorization/verify"}
)
}
)
@Produces(MediaType.APPLICATION_JSON)
@Consumes(MediaType.APPLICATION_JSON)
/**
@ -52,7 +86,13 @@ public interface DeviceAccessAuthorizationAdminService {
value = "Check for device access authorization\n",
notes = "This is an internal API that can be used to check for authorization.",
response = DeviceAuthorizationResult.class,
tags = "Authorization Administrative Service")
tags = "Authorization Administrative Service",
extensions = {
@Extension(properties = {
@ExtensionProperty(name = Constants.SCOPE, value = "perm:authorization:verify")
})
})
@ApiResponses(value = {
@ApiResponse(
code = 200,

@ -376,7 +376,7 @@ public class PolicyManagementServiceImpl implements PolicyManagementService {
@GET
@Path("/effective-policy/{deviceType}/{deviceId}")
@Override
public Response getEffectivePolicy(@PathParam("deviceId") String deviceId, @PathParam("deviceType") String deviceType) {
public Response getEffectivePolicy(@PathParam("deviceType") String deviceType, @PathParam("deviceId") String deviceId) {
PolicyManagerService policyManagementService = DeviceMgtAPIUtils.getPolicyManagementService();
final Policy policy;
try {

@ -40,30 +40,10 @@
<session-timeout>60</session-timeout>
</session-config>
<context-param>
<param-name>isAdminService</param-name>
<param-value>false</param-value>
</context-param>
<context-param>
<param-name>doAuthentication</param-name>
<param-value>true</param-value>
</context-param>
<!--context-param>
<param-name>managed-api-enabled</param-name>
<param-value>true</param-value>
</context-param>
<context-param>
<param-name>managed-api-owner</param-name>
<param-value>admin</param-value>
</context-param>
<context-param>
<param-name>managed-api-version</param-name>
<param-value>1.0.0</param-value>
</context-param>
<context-param>
<param-name>managed-api-isSecured</param-name>
<param-value>true</param-value>
</context-param-->
<!--publish to apim-->
<context-param>

@ -21,7 +21,7 @@
<parent>
<artifactId>device-mgt</artifactId>
<groupId>org.wso2.carbon.devicemgt</groupId>
<version>2.0.7-SNAPSHOT</version>
<version>2.0.8-SNAPSHOT</version>
<relativePath>../pom.xml</relativePath>
</parent>

@ -22,7 +22,7 @@
<parent>
<groupId>org.wso2.carbon.devicemgt</groupId>
<artifactId>device-mgt</artifactId>
<version>2.0.7-SNAPSHOT</version>
<version>2.0.8-SNAPSHOT</version>
<relativePath>../pom.xml</relativePath>
</parent>

@ -70,7 +70,9 @@ public class AnnotationProcessor {
private static final String SWAGGER_ANNOTATIONS_PROPERTIES_KEY = "key";
private static final String SWAGGER_ANNOTATIONS_PROPERTIES_PERMISSIONS = "permissions";
private static final String ANNOTATIONS_SCOPES = "scopes";
private static final String ANNOTATIONS_SCOPE = "scope";
private static final String DEFAULT_PERM_NAME = "default";
private static final String DEFAULT_PERM = "/device-mgt";
private static final String PERMISSION_PREFIX = "/permission/admin";
private StandardContext context;
@ -251,9 +253,14 @@ public class AnnotationProcessor {
this.setPermission(annotations[i], permission);
}
}
if (permission.getName() == null || permission.getPath() == null) {
log.warn("Permission not assigned to the resource url - " + permission.getMethod() + ":"
+ permission.getUrl());
} else {
permissions.add(permission);
}
}
}
return permissions;
}
@ -375,19 +382,33 @@ public class AnnotationProcessor {
InvocationHandler methodHandler = Proxy.getInvocationHandler(currentMethod);
Annotation[] extensions = (Annotation[]) methodHandler.invoke(currentMethod,
apiOperation.getMethod(SWAGGER_ANNOTATIONS_EXTENSIONS, null), null);
if (extensions != null) {
methodHandler = Proxy.getInvocationHandler(extensions[0]);
Annotation[] properties = (Annotation[])methodHandler.invoke(extensions[0], extensionClass
.getMethod(SWAGGER_ANNOTATIONS_PROPERTIES,null), null);
Annotation[] properties = (Annotation[]) methodHandler.invoke(extensions[0], extensionClass
.getMethod(SWAGGER_ANNOTATIONS_PROPERTIES, null), null);
Scope scope;
String scopeKey;
String propertyName;
for (Annotation property : properties) {
methodHandler = Proxy.getInvocationHandler(property);
String scopeKey = (String) methodHandler.invoke(property, extensionPropertyClass
.getMethod(SWAGGER_ANNOTATIONS_PROPERTIES_VALUE, null),null);
propertyName = (String) methodHandler.invoke(property, extensionPropertyClass
.getMethod(SWAGGER_ANNOTATIONS_PROPERTIES_NAME, null), null);
if (ANNOTATIONS_SCOPE.equals(propertyName)) {
scopeKey = (String) methodHandler.invoke(property, extensionPropertyClass
.getMethod(SWAGGER_ANNOTATIONS_PROPERTIES_VALUE, null), null);
if (!scopeKey.isEmpty()) {
scope = apiScopes.get(scopeKey);
if (scope != null) {
permission.setName(scope.getName());
//TODO: currently permission tree supports only adding one permission per API point.
permission.setPath(scope.getRoles().split(" ")[0]);
} else {
log.warn("No Scope mapping is done for scope key: " + scopeKey);
permission.setName(DEFAULT_PERM_NAME);
permission.setPath(DEFAULT_PERM);
}
}
}
}
}
}

@ -55,7 +55,7 @@ public class PermissionManagerServiceImpl implements PermissionManagerService {
@Override
public boolean addPermission(Permission permission) throws PermissionManagementException {
// adding a permission to the tree
permission.setPath(PermissionUtils.getAbsolutePermissionPath(permission.getPath()));
permission.setPath(permission.getPath());
permissionTree.addPermission(permission);
return PermissionUtils.putPermission(permission);
}

@ -22,7 +22,7 @@
<parent>
<artifactId>device-mgt</artifactId>
<groupId>org.wso2.carbon.devicemgt</groupId>
<version>2.0.7-SNAPSHOT</version>
<version>2.0.8-SNAPSHOT</version>
<relativePath>../pom.xml</relativePath>
</parent>

@ -22,7 +22,7 @@
<parent>
<artifactId>device-mgt</artifactId>
<groupId>org.wso2.carbon.devicemgt</groupId>
<version>2.0.7-SNAPSHOT</version>
<version>2.0.8-SNAPSHOT</version>
<relativePath>../pom.xml</relativePath>
</parent>

@ -1,7 +1,7 @@
{
"appContext": "/devicemgt/",
"httpsURL" : "https://localhost:8243",
"httpURL" : "http://localhost:8280",
"httpsURL" : "https://%server.ip%:8243",
"httpURL" : "http://%server.ip%:8280",
"wssURL" : "https://localhost:9445",
"wsURL" : "%http.ip%",
"portalURL": "https://%server.ip%:9445",
@ -139,7 +139,9 @@
"perm:admin:certificates:delete",
"perm:admin:certificates:details",
"perm:admin:certificates:view",
"perm:admin:certificates:add"
"perm:admin:certificates:add",
"perm:admin:certificates:verify",
"perm:admin"
],
"isOAuthEnabled" : true,
"backendRestEndpoints" : {

@ -28,6 +28,7 @@ var handlers = function () {
var tokenUtil = require("/app/modules/oauth/token-handler-utils.js")["utils"];
var constants = require("/app/modules/constants.js");
var devicemgtProps = require("/app/modules/conf-reader/main.js")["conf"];
var utility = require("/app/modules/utility.js")["utility"];
var publicMethods = {};
var privateMethods = {};
@ -49,6 +50,7 @@ var handlers = function () {
var tokenData;
// tokenPair will include current access token as well as current refresh token
var arrayOfScopes = devicemgtProps["scopes"];
arrayOfScopes = arrayOfScopes.concat(utility.getDeviceTypesScopesList());
var stringOfScopes = "";
arrayOfScopes.forEach(function (entry) {
stringOfScopes += entry + " ";
@ -79,7 +81,7 @@ var handlers = function () {
if (!username || !samlToken) {
throw new Error("{/app/modules/oauth/token-handlers.js} Could not set up access token pair by " +
"saml grant type. Either username of logged in user, samlToken or both are missing " +
"as input - setupTokenPairByPasswordGrantType(x, y)");
"as input - setupTokenPairBySamlGrantType(x, y)");
} else {
privateMethods.setUpEncodedTenantBasedClientAppCredentials(username);
privateMethods.setUpEncodedTenantBasedWebSocketClientAppCredentials(username);
@ -87,10 +89,11 @@ var handlers = function () {
if (!encodedClientAppCredentials) {
throw new Error("{/app/modules/oauth/token-handlers.js} Could not set up access token pair " +
"by saml grant type. Encoded client credentials are " +
"missing - setupTokenPairByPasswordGrantType(x, y)");
"missing - setupTokenPairBySamlGrantType(x, y)");
} else {
var tokenData;
var arrayOfScopes = devicemgtProps["scopes"];
arrayOfScopes = arrayOfScopes.concat(utility.getDeviceTypesScopesList());
var stringOfScopes = "";
arrayOfScopes.forEach(function (entry) {
stringOfScopes += entry + " ";
@ -102,7 +105,7 @@ var handlers = function () {
if (!tokenData) {
throw new Error("{/app/modules/oauth/token-handlers.js} Could not set up token " +
"pair by password grant type. Error in token " +
"retrieval - setupTokenPairByPasswordGrantType(x, y)");
"retrieval - setupTokenPairBySamlGrantType(x, y)");
} else {
var tokenPair = {};
tokenPair["accessToken"] = tokenData["accessToken"];

@ -125,5 +125,33 @@ utility = function () {
return null;
};
publicMethods.getDeviceTypesScopesList = function () {
var dirs = new File("/app/units/").listFiles();
var scopesList = [];
for (var i = 0; i < dirs.length; i++) {
var unitName = dirs[i].getName();
if (unitName.match(/^cdmf\.unit\.device\.type\..*\.type-view$/g)) {
var deviceTypeConfigFile = new File("/app/units/" + unitName + "/private/config.json");
if (deviceTypeConfigFile.isExists()) {
try {
deviceTypeConfigFile.open("r");
var config = deviceTypeConfigFile.readAll();
config = config.replace("%https.ip%", server.address("https"));
config = config.replace("%http.ip%", server.address("http"));
var deviceTypeConfig = parse(config);
if (deviceTypeConfig.deviceType && deviceTypeConfig.deviceType.scopes) {
scopesList = scopesList.concat(deviceTypeConfig.deviceType.scopes);
}
} catch (err) {
log.error("Error while reading device config file for `" + deviceType + "`: " + err);
} finally {
deviceTypeConfigFile.close();
}
}
}
}
return scopesList;
};
return publicMethods;
}();

@ -20,7 +20,7 @@
</td>
<td class="remove-padding-top" data-search="{{enrolmentInfo.owner}}" data-display="{{enrolmentInfo.owner}}" data-grid-label="Owner">{{enrolmentInfo.owner}}</td>
<td class="remove-padding-top" data-search="{{enrolmentInfo.status}}" data-display="{{enrolmentInfo.status}}" data-grid-label="Status">
{{#equal enrolmentInfo.status "ACTIVE"}}<span><i class="fw fw-ok icon-success"></i> Active</span>{{/equal}}
{{#equal enrolmentInfo.status "ACTIVE"}}<span><i class="fw fw-success icon-success"></i> Active</span>{{/equal}}
{{#equal enrolmentInfo.status "INACTIVE"}}<span><i class="fw fw-warning icon-warning"></i> Inactive</span>{{/equal}}
{{#equal enrolmentInfo.status "BLOCKED"}}<span><i class="fw fw-remove icon-danger"></i> Blocked</span>{{/equal}}
{{#equal enrolmentInfo.status "REMOVED"}}<span><i class="fw fw-delete icon-danger"></i> Removed</span>{{/equal}}

@ -277,7 +277,7 @@ function loadDevices(searchType, searchParam) {
var html;
switch (status) {
case 'ACTIVE' :
html = '<span><i class="fw fw-ok icon-success"></i> Active</span>';
html = '<span><i class="fw fw-success icon-success"></i> Active</span>';
break;
case 'INACTIVE' :
html = '<span><i class="fw fw-warning icon-warning"></i> Inactive</span>';

@ -182,9 +182,9 @@
{{#each policyListToView}}
<tr data-type="selectable" data-id="{{id}}" data-status="{{status}}">
<td class="remove-padding icon-only content-fill viewEnabledIcon"
data-url="{{@app.context}}/policy/view?id={{id}}" data-id="{{id}}">
<div class="thumbnail icon" style="padding-top: 30px; padding-bottom: 30px;">
<i class="fw fw-{{deviceTypeIcon}}" style="font-size: 59px"></i>
data-url="{{@app.context}}/policy/view?id={{id}}&deviceType={{platform}}" data-id="{{id}}">
<div class="thumbnail icon">
<img src="{{icon}}">
</div>
</td>
<td
@ -196,7 +196,7 @@
<span><i class="fw fw-warning icon-success"></i> Active/Updated</span>
{{/equal}}
{{#equal status "Active"}}
<span><i class="fw fw-ok icon-success"></i> Active</span>
<span><i class="fw fw-success icon-success"></i> Active</span>
{{/equal}}
{{#equal status "Inactive/Updated"}}
<span><i class="fw fw-warning icon-warning"></i> Inactive/Updated</span>
@ -239,7 +239,7 @@
</td>
<td class="text-right content-fill text-left-on-grid-view no-wrap">
<!--suppress HtmlUnknownTarget -->
<a href="{{@app.context}}/policy/edit?id={{id}}"
<a href="{{@app.context}}/policy/edit?id={{id}}&deviceType={{platform}}"
data-id="{{id}}"
data-click-event="remove-form"
class="btn padding-reduce-on-grid-view policy-update-link">

@ -30,9 +30,15 @@ function onRequest(context) {
var page = {};
var policyModule = require("/app/modules/business-controllers/policy.js")["policyModule"];
var userModule = require("/app/modules/business-controllers/user.js")["userModule"];
var utility = require("/app/modules/utility.js")["utility"];
var response = policyModule.getAllPolicies();
if (response["status"] == "success") {
var policyListToView = response["content"];
for(var index in policyListToView) {
if(policyListToView.hasOwnProperty(index)) {
policyListToView[index]["icon"] = utility.getDeviceThumb(policyListToView[index]["platform"]);
}
}
page["policyListToView"] = policyListToView;
var policyCount = policyListToView.length;
if (policyCount == 0) {

@ -121,12 +121,12 @@ $(document).ready(function(){
$("#add-user-btn").prop('disabled', false);
if (data == 200) {
$('.wr-validation-summary strong').html(
"<i class=\"icon fw fw-ok\"></i> Successfully Submitted.");
"<i class=\"icon fw fw-success\"></i> Successfully Submitted.");
$('.wr-validation-summary').removeClass("alert-danger");
$('.wr-validation-summary').addClass("alert-success");
} else if (data == 201) {
$('.wr-validation-summary strong').html(
"<i class=\"icon fw fw-ok\"></i> User created succssfully. You will be " +
"<i class=\"icon fw fw-success\"></i> User created succssfully. You will be " +
"redirected to login page.");
$('.wr-validation-summary').removeClass("alert-danger");
$('.wr-validation-summary').addClass("alert-success");

@ -51,7 +51,7 @@
<td class="sorting_1" style="padding:10px 15px;">Status</td>
<td style="padding:10px 15px;">
{{#equal device.status "ACTIVE"}}<span><i
class="fw fw-ok icon-success"></i> Active</span>{{/equal}}
class="fw fw-success icon-success"></i> Active</span>{{/equal}}
{{#equal device.status "INACTIVE"}}<span><i
class="fw fw-warning icon-warning"></i> Inactive</span>{{/equal}}
{{#equal device.status "BLOCKED"}}<span><i class="fw fw-remove icon-danger"></i> Blocked</span>{{/equal}}

@ -16,7 +16,7 @@
under the License.
}}
{{#if virtualDeviceTypesList}}
{{#if deviceTypesList}}
<div class="row wr-device-board">
<div class="col-lg-12 wr-secondary-bar">
<span class="page-sub-title">Device Types</span>

@ -81,7 +81,7 @@
var html;
switch (status) {
case "COMPLETED" :
html = "<span><i class='fw fw-ok icon-success'></i> Completed</span>";
html = "<span><i class='fw fw-success icon-success'></i> Completed</span>";
break;
case "PENDING" :
html = "<span><i class='fw fw-warning icon-warning'></i> Pending</span>";
@ -90,10 +90,10 @@
html = "<span><i class='fw fw-error icon-danger'></i> Error</span>";
break;
case "IN_PROGRESS" :
html = "<span><i class='fw fw-ok icon-warning'></i> In Progress</span>";
html = "<span><i class='fw fw-success icon-warning'></i> In Progress</span>";
break;
case "REPEATED" :
html = "<span><i class='fw fw-ok icon-warning'></i> Repeated</span>";
html = "<span><i class='fw fw-success icon-warning'></i> Repeated</span>";
break;
}
return html;

@ -26,7 +26,7 @@
<div>
<b>Compliance :</b>
{{#equal compliance "COMPLIANT"}}
<span><i class="fw fw-ok icon-success"></i> Compliant</span>
<span><i class="fw fw-success icon-success"></i> Compliant</span>
{{/equal}}
{{#equal compliance "NON-COMPLIANT"}}
<span><i class="fw fw-warning icon-danger"></i> Not Compliant</span>
@ -62,7 +62,7 @@
<tr data-type="selectable">
<td data-display="{{featureCode}}" data-grid-label="Feature Code">{{featureCode}}</td>
<td data-display="{{compliance}}" data-grid-label="Status">
{{#equal compliance true}}<span><i class="fw fw-ok icon-success"></i> Compliant</span>{{/equal}}
{{#equal compliance true}}<span><i class="fw fw-success icon-success"></i> Compliant</span>{{/equal}}
{{#equal compliance false}}<span><i class="fw fw-warning icon-danger"></i> Not Compliant</span>{{/equal}}
</td>
</tr>

@ -15,7 +15,7 @@
<i class="fw fw-warning icon-success"></i> Active/Updated</span>
{{/equal}}
{{#equal status "Active"}}
<i class="fw fw-ok icon-success"></i> Active</span>
<i class="fw fw-success icon-success"></i> Active</span>
{{/equal}}
{{#equal status "Inactive/Updated"}}
<i class="fw fw-warning icon-warning"></i> Inactive/Updated</span>

@ -30,7 +30,7 @@ var displayPolicy = function (policyPayloadObj) {
if (policyPayloadObj["active"] == true && policyPayloadObj["updated"] == true) {
policyStatus = '<i class="fw fw-warning icon-success"></i> Active/Updated</span>';
} else if (policyPayloadObj["active"] == true && policyPayloadObj["updated"] == false) {
policyStatus = '<i class="fw fw-ok icon-success"></i> Active</span>';
policyStatus = '<i class="fw fw-success icon-success"></i> Active</span>';
} else if (policyPayloadObj["active"] == false && policyPayloadObj["updated"] == true) {
policyStatus = '<i class="fw fw-warning icon-warning"></i> Inactive/Updated</span>';
} else if (policyPayloadObj["active"] == false && policyPayloadObj["updated"] == false) {

@ -2,6 +2,8 @@
{{#if isAuthorized }}
<span id="logged-in-user" class="hidden" data-username="{{user.username}}" data-domain="{{user.domain}}"
data-tenant-id="{{user.tenantId}}"></span>
<span id="policy-operations" class="hidden" data-template="{{policyOperations.template}}"
data-script="{{policyOperations.script}}" data-style="{{policyOperations.style}}"></span>
<div class="row">
<div class="col-md-12">

@ -17,8 +17,8 @@
*/
function onRequest(context) {
var log = new Log("policy-view-edit-unit backend js");
var deviceType = request.getParameter("deviceType");
var utility = require("/app/modules/utility.js").utility;
var userModule = require("/app/modules/business-controllers/user.js")["userModule"];
var groupModule = require("/app/modules/business-controllers/group.js")["groupModule"];
@ -31,12 +31,30 @@ function onRequest(context) {
if (usersResult.status == "success") {
context.users = usersResult.content;
}
context["groups"] = groupModule.getGroups();
var user = userModule.getCarbonUser();
context["user"] = {username: user.username, domain: user.domain, tenantId: user.tenantId};
context["policyOperations"] = {};
var policyEditSrc = "/app/units/" + utility.getTenantedDeviceUnitName(deviceType, "policy-edit");
if (new File(policyEditSrc).isExists()) {
var policyOperationsTemplateSrc = policyEditSrc + "/public/templates/" + deviceType + "-policy-edit.hbs";
if (new File(policyOperationsTemplateSrc).isExists()) {
context["policyOperations"].template = "/public/cdmf.unit.device.type." + deviceType +
".policy-edit/templates/" + deviceType + "-policy-edit.hbs";
}
var policyOperationsScriptSrc = policyEditSrc + "/public/js/" + deviceType + "-policy-edit.js";
if (new File(policyOperationsScriptSrc).isExists()) {
context["policyOperations"].script = "/public/cdmf.unit.device.type." + deviceType + ".policy-edit/js/" +
deviceType + "-policy-edit.js";
}
var policyOperationsStylesSrc = policyEditSrc + "/public/css/" + deviceType + "-policy-edit.css";
if (new File(policyOperationsStylesSrc).isExists()) {
context["policyOperations"].style = "/public/cdmf.unit.device.type." + deviceType + ".policy-edit/css/" +
deviceType + "-policy-edit.css";
}
}
context.isAuthorized = userModule.isAuthorized("/permission/admin/device-mgt/policies/manage");
context.isAuthorizedViewUsers = userModule.isAuthorized("/permission/admin/device-mgt/roles/view");
context.isAuthorizedViewRoles = userModule.isAuthorized("/permission/admin/device-mgt/users/view");

@ -179,27 +179,27 @@ skipStep["policy-platform"] = function (policyPayloadObj) {
$("#policy-profile-page-wizard-title").text("EDIT " + policy["platform"] + " POLICY - " + policy["name"]);
var deviceType = policy["platform"];
var policyOperationsTemplateSrc = context + '/public/cdmf.unit.device.type.' + deviceType +
'.policy-edit/templates/' + deviceType + '-policy-edit.hbs';
var policyOperationsScriptSrc = context + '/public/cdmf.unit.device.type.' + deviceType +
'.policy-edit/js/' + deviceType + '-policy-edit.js';
var policyOperationsStylesSrc = context + '/public/cdmf.unit.device.type.' + deviceType +
'.policy-edit/css/' + deviceType + '-policy-edit.css';
var policyOperationsTemplateCacheKey = deviceType + '-policy-operations';
$.isResourceExists(policyOperationsTemplateSrc, function (status) {
if (status) {
$.template(policyOperationsTemplateCacheKey, policyOperationsTemplateSrc, function (template) {
var content = template();
$("#device-type-policy-operations").html(content).removeClass("hidden");
$(".policy-platform").addClass("hidden");
$.isResourceExists(policyOperationsScriptSrc, function (status) {
if (status) {
hasPolicyProfileScript = true;
var policyOperations = $("#policy-operations");
var policyEditTemplateSrc = $(policyOperations).data("template");
var policyEditScriptSrc = $(policyOperations).data("script");
var policyEditStylesSrc = $(policyOperations).data("style");
var policyEditTemplateCacheKey = deviceType + '-policy-edit';
if (policyEditTemplateSrc) {
if (policyEditScriptSrc) {
var script = document.createElement('script');
script.type = 'text/javascript';
script.src = policyOperationsScriptSrc;
script.src = context + policyEditScriptSrc;
$(".wr-advance-operations").prepend(script);
hasPolicyProfileScript = true;
} else {
hasPolicyProfileScript = false;
}
$.template(policyEditTemplateCacheKey, context + policyEditTemplateSrc, function (template) {
var content = template();
$("#device-type-policy-operations").html(content).removeClass("hidden");
$(".policy-platform").addClass("hidden");
if (hasPolicyProfileScript) {
/*
This method should be implemented in the relevant plugin side and should include the logic to
populate the policy profile in the plugin specific UI.
@ -207,24 +207,19 @@ skipStep["policy-platform"] = function (policyPayloadObj) {
polulateProfileOperations(policyPayloadObj["profile"]["profileFeaturesList"]);
}
});
});
$.isResourceExists(policyOperationsStylesSrc, function (status) {
if (status) {
} else {
$("#generic-policy-operations").removeClass("hidden");
}
if (policyEditStylesSrc) {
var style = document.createElement('link');
style.type = 'text/css';
style.rel = 'stylesheet';
style.href = policyOperationsStylesSrc;
style.href = context + policyEditStylesSrc;
$(".wr-advance-operations").prepend(style);
}
});
} else {
$("#generic-policy-operations").removeClass("hidden");
}
$(".wr-advance-operations-init").addClass("hidden");
});
if(!hasPolicyProfileScript) {
if (!hasPolicyProfileScript) {
populateGenericProfileOperations(policyPayloadObj["profile"]["profileFeaturesList"]);
}
};

@ -32,7 +32,7 @@ var displayPolicy = function (policyPayloadObj) {
if (policyPayloadObj["active"] == true && policyPayloadObj["updated"] == true) {
policyStatus = '<i class="fw fw-warning icon-success"></i> Active/Updated</span>';
} else if (policyPayloadObj["active"] == true && policyPayloadObj["updated"] == false) {
policyStatus = '<i class="fw fw-ok icon-success"></i> Active</span>';
policyStatus = '<i class="fw fw-success icon-success"></i> Active</span>';
} else if (policyPayloadObj["active"] == false && policyPayloadObj["updated"] == true) {
policyStatus = '<i class="fw fw-warning icon-warning"></i> Inactive/Updated</span>';
} else if (policyPayloadObj["active"] == false && policyPayloadObj["updated"] == false) {
@ -67,27 +67,27 @@ var displayPolicy = function (policyPayloadObj) {
}
var deviceType = policy["platform"];
var policyOperationsTemplateSrc = context + '/public/cdmf.unit.device.type.' + deviceType +
'.policy-view/templates/' + deviceType + '-policy-view.hbs';
var policyOperationsScriptSrc = context + '/public/cdmf.unit.device.type.' + deviceType +
'.policy-view/js/' + deviceType + '-policy-view.js';
var policyOperationsStylesSrc = context + '/public/cdmf.unit.device.type.' + deviceType +
'.policy-view/css/' + deviceType + '-policy-view.css';
var policyOperationsTemplateCacheKey = deviceType + '-policy-operations';
var policyOperations = $("#policy-operations");
var policyViewTemplateSrc = $(policyOperations).data("template");
var policyViewScriptSrc = $(policyOperations).data("script");
var policyViewStylesSrc = $(policyOperations).data("style");
var policyViewTemplateCacheKey = deviceType + '-policy-view';
$.isResourceExists(policyOperationsTemplateSrc, function (status) {
if (status) {
$.template(policyOperationsTemplateCacheKey, policyOperationsTemplateSrc, function (template) {
var content = template();
$("#device-type-policy-operations").html(content).removeClass("hidden");
$(".policy-platform").addClass("hidden");
$.isResourceExists(policyOperationsScriptSrc, function (status) {
if (status) {
hasPolicyProfileScript = true;
if (policyViewTemplateSrc) {
if (policyViewScriptSrc) {
var script = document.createElement('script');
script.type = 'text/javascript';
script.src = policyOperationsScriptSrc;
script.src = context + policyViewScriptSrc;
$(".wr-advance-operations").prepend(script);
hasPolicyProfileScript = true;
} else {
hasPolicyProfileScript = false;
}
$.template(policyViewTemplateCacheKey, context + policyViewTemplateSrc, function (template) {
var content = template();
$("#device-type-policy-operations").html(content).removeClass("hidden");
$(".policy-platform").addClass("hidden");
if (hasPolicyProfileScript) {
/*
This method should be implemented in the relevant plugin side and should include the logic to
populate the policy profile in the plugin specific UI.
@ -95,24 +95,19 @@ var displayPolicy = function (policyPayloadObj) {
polulateProfileOperations(policyPayloadObj["profile"]["profileFeaturesList"]);
}
});
});
$.isResourceExists(policyOperationsStylesSrc, function (status) {
if (status) {
} else {
$("#generic-policy-operations").removeClass("hidden");
}
if (policyViewStylesSrc) {
var style = document.createElement('link');
style.type = 'text/css';
style.rel = 'stylesheet';
style.href = policyOperationsStylesSrc;
style.href = context + policyViewStylesSrc;
$(".wr-advance-operations").prepend(style);
}
});
} else {
$("#generic-policy-operations").removeClass("hidden");
}
$(".wr-advance-operations-init").addClass("hidden");
});
if(!hasPolicyProfileScript) {
if (!hasPolicyProfileScript) {
populateGenericProfileOperations(policyPayloadObj["profile"]["profileFeaturesList"]);
}
};

@ -8,7 +8,8 @@
</div>
</div>
{{/defineZone}}
<span id="policy-operations" class="hidden" data-template="{{template}}" data-script="{{script}}"
data-style="{{style}}"></span>
<!-- #page-content-wrapper -->
<div class="page-content-wrapper">
<div class="row no-gutter add-padding-5x add-margin-top-5x" style="border: 1px solid #e4e4e4;">

@ -17,10 +17,27 @@
*/
function onRequest(context) {
// var log = new Log("policy-view-edit-unit backend js");
// var userModule = require("/app/modules/business-controllers/user.js")["userModule"];
// context.roles = userModule.getRoles();
context.isAuthorized = userModule.isAuthorized("/permission/admin/device-mgt/policies/view");
return context;
var utility = require("/app/modules/utility.js").utility;
var page = {};
var deviceType = request.getParameter("deviceType");
var policyViewSrc = "/app/units/" + utility.getTenantedDeviceUnitName(deviceType, "policy-view");
if (new File(policyViewSrc).isExists()) {
var policyOperationsTemplateSrc = policyViewSrc + "/public/templates/" + deviceType + "-policy-view.hbs";
if (new File(policyOperationsTemplateSrc).isExists()) {
page.template = "/public/cdmf.unit.device.type." + deviceType + ".policy-view/templates/" + deviceType +
"-policy-view.hbs";
}
var policyOperationsScriptSrc = policyViewSrc + "/public/js/" + deviceType + "-policy-view.js";
if (new File(policyOperationsScriptSrc).isExists()) {
page.script = "/public/cdmf.unit.device.type." + deviceType + ".policy-view/js/" + deviceType +
"-policy-view.js";
}
var policyOperationsStylesSrc = policyViewSrc + "/public/css/" + deviceType + "-policy-view.css";
if (new File(policyOperationsStylesSrc).isExists()) {
page.style = "/public/cdmf.unit.device.type." + deviceType + ".policy-view/css/" + deviceType +
"-policy-view.css";
}
}
page.isAuthorized = userModule.isAuthorized("/permission/admin/device-mgt/policies/view");
return page;
}

@ -23,7 +23,7 @@
<parent>
<artifactId>device-mgt</artifactId>
<groupId>org.wso2.carbon.devicemgt</groupId>
<version>2.0.7-SNAPSHOT</version>
<version>2.0.8-SNAPSHOT</version>
<relativePath>../pom.xml</relativePath>
</parent>
@ -59,7 +59,7 @@
<Bundle-Name>${project.artifactId}</Bundle-Name>
<Bundle-Version>${carbon.device.mgt.version}</Bundle-Version>
<Bundle-Description>IoT Server Impl Bundle</Bundle-Description>
<Private-Package>org.wso2.carbon.device.mgt.iot.url.printer.internal</Private-Package>
<Private-Package>org.wso2.carbon.device.mgt.url.printer.internal</Private-Package>
<Import-Package>
org.osgi.framework,
org.osgi.service.component,
@ -69,8 +69,8 @@
org.wso2.carbon.utils.*,
</Import-Package>
<Export-Package>
!org.wso2.carbon.device.mgt.iot.url.printer.internal,
org.wso2.carbon.device.mgt.iot.url.printer.*;version="${project.version}"
!org.wso2.carbon.device.mgt.url.printer.internal,
org.wso2.carbon.device.mgt.url.printer.*;version="${project.version}"
</Export-Package>
</instructions>
</configuration>

@ -22,7 +22,7 @@
<parent>
<groupId>org.wso2.carbon.devicemgt</groupId>
<artifactId>carbon-devicemgt</artifactId>
<version>2.0.7-SNAPSHOT</version>
<version>2.0.8-SNAPSHOT</version>
<relativePath>../../pom.xml</relativePath>
</parent>

@ -22,7 +22,7 @@
<parent>
<groupId>org.wso2.carbon.devicemgt</groupId>
<artifactId>email-sender</artifactId>
<version>2.0.7-SNAPSHOT</version>
<version>2.0.8-SNAPSHOT</version>
<relativePath>../pom.xml</relativePath>
</parent>

@ -22,7 +22,7 @@
<parent>
<groupId>org.wso2.carbon.devicemgt</groupId>
<artifactId>carbon-devicemgt</artifactId>
<version>2.0.7-SNAPSHOT</version>
<version>2.0.8-SNAPSHOT</version>
<relativePath>../../pom.xml</relativePath>
</parent>

@ -21,7 +21,7 @@
<parent>
<artifactId>dynamic-client-registration</artifactId>
<groupId>org.wso2.carbon.devicemgt</groupId>
<version>2.0.7-SNAPSHOT</version>
<version>2.0.8-SNAPSHOT</version>
<relativePath>../pom.xml</relativePath>
</parent>

@ -21,7 +21,7 @@
<parent>
<artifactId>dynamic-client-registration</artifactId>
<groupId>org.wso2.carbon.devicemgt</groupId>
<version>2.0.7-SNAPSHOT</version>
<version>2.0.8-SNAPSHOT</version>
<relativePath>../pom.xml</relativePath>
</parent>

@ -21,13 +21,13 @@
<parent>
<artifactId>dynamic-client-registration</artifactId>
<groupId>org.wso2.carbon.devicemgt</groupId>
<version>2.0.7-SNAPSHOT</version>
<version>2.0.8-SNAPSHOT</version>
<relativePath>../pom.xml</relativePath>
</parent>
<modelVersion>4.0.0</modelVersion>
<artifactId>org.wso2.carbon.dynamic.client.registration</artifactId>
<version>2.0.7-SNAPSHOT</version>
<version>2.0.8-SNAPSHOT</version>
<packaging>bundle</packaging>
<name>WSO2 Carbon - Dynamic client registration service</name>
<description>WSO2 Carbon - Dynamic Client Registration Service</description>

@ -21,13 +21,13 @@
<parent>
<artifactId>dynamic-client-registration</artifactId>
<groupId>org.wso2.carbon.devicemgt</groupId>
<version>2.0.7-SNAPSHOT</version>
<version>2.0.8-SNAPSHOT</version>
<relativePath>../pom.xml</relativePath>
</parent>
<modelVersion>4.0.0</modelVersion>
<artifactId>org.wso2.carbon.dynamic.client.web.app.registration</artifactId>
<version>2.0.7-SNAPSHOT</version>
<version>2.0.8-SNAPSHOT</version>
<packaging>bundle</packaging>
<name>WSO2 Carbon - Dynamic client web app registration</name>
<description>WSO2 Carbon - Dynamic Client Web-app Registration Service</description>

@ -22,14 +22,14 @@
<parent>
<groupId>org.wso2.carbon.devicemgt</groupId>
<artifactId>identity-extensions</artifactId>
<version>2.0.7-SNAPSHOT</version>
<version>2.0.8-SNAPSHOT</version>
<relativePath>../pom.xml</relativePath>
</parent>
<modelVersion>4.0.0</modelVersion>
<groupId>org.wso2.carbon.devicemgt</groupId>
<artifactId>dynamic-client-registration</artifactId>
<version>2.0.7-SNAPSHOT</version>
<version>2.0.8-SNAPSHOT</version>
<packaging>pom</packaging>
<name>WSO2 Carbon - Dynamic client registration</name>
<url>http://wso2.org</url>

@ -22,13 +22,13 @@
<parent>
<groupId>org.wso2.carbon.devicemgt</groupId>
<artifactId>identity-extensions</artifactId>
<version>2.0.7-SNAPSHOT</version>
<version>2.0.8-SNAPSHOT</version>
<relativePath>../pom.xml</relativePath>
</parent>
<modelVersion>4.0.0</modelVersion>
<artifactId>org.wso2.carbon.device.mgt.oauth.extensions</artifactId>
<version>2.0.7-SNAPSHOT</version>
<version>2.0.8-SNAPSHOT</version>
<packaging>bundle</packaging>
<name>WSO2 Carbon - OAuth Extensions</name>
<url>http://wso2.org</url>

@ -21,7 +21,7 @@
<parent>
<artifactId>identity-extensions</artifactId>
<groupId>org.wso2.carbon.devicemgt</groupId>
<version>2.0.7-SNAPSHOT</version>
<version>2.0.8-SNAPSHOT</version>
</parent>
<modelVersion>4.0.0</modelVersion>

@ -22,7 +22,7 @@
<parent>
<groupId>org.wso2.carbon.devicemgt</groupId>
<artifactId>identity-extensions</artifactId>
<version>2.0.7-SNAPSHOT</version>
<version>2.0.8-SNAPSHOT</version>
<relativePath>../pom.xml</relativePath>
</parent>

@ -22,7 +22,7 @@
<parent>
<groupId>org.wso2.carbon.devicemgt</groupId>
<artifactId>carbon-devicemgt</artifactId>
<version>2.0.7-SNAPSHOT</version>
<version>2.0.8-SNAPSHOT</version>
<relativePath>../../pom.xml</relativePath>
</parent>

@ -22,14 +22,14 @@
<parent>
<groupId>org.wso2.carbon.devicemgt</groupId>
<artifactId>policy-mgt</artifactId>
<version>2.0.7-SNAPSHOT</version>
<version>2.0.8-SNAPSHOT</version>
<relativePath>../pom.xml</relativePath>
</parent>
<modelVersion>4.0.0</modelVersion>
<groupId>org.wso2.carbon.devicemgt</groupId>
<artifactId>org.wso2.carbon.complex.policy.decision.point</artifactId>
<version>2.0.7-SNAPSHOT</version>
<version>2.0.8-SNAPSHOT</version>
<packaging>bundle</packaging>
<name>WSO2 Carbon - Policy Decision Point</name>
<description>WSO2 Carbon - Policy Decision Point</description>

@ -3,14 +3,14 @@
<parent>
<groupId>org.wso2.carbon.devicemgt</groupId>
<artifactId>policy-mgt</artifactId>
<version>2.0.7-SNAPSHOT</version>
<version>2.0.8-SNAPSHOT</version>
<relativePath>../pom.xml</relativePath>
</parent>
<modelVersion>4.0.0</modelVersion>
<groupId>org.wso2.carbon.devicemgt</groupId>
<artifactId>org.wso2.carbon.policy.decision.point</artifactId>
<version>2.0.7-SNAPSHOT</version>
<version>2.0.8-SNAPSHOT</version>
<packaging>bundle</packaging>
<name>WSO2 Carbon - Policy Decision Point</name>
<description>WSO2 Carbon - Policy Decision Point</description>

@ -3,7 +3,7 @@
<parent>
<groupId>org.wso2.carbon.devicemgt</groupId>
<artifactId>policy-mgt</artifactId>
<version>2.0.7-SNAPSHOT</version>
<version>2.0.8-SNAPSHOT</version>
<relativePath>../pom.xml</relativePath>
</parent>
@ -11,7 +11,7 @@
<modelVersion>4.0.0</modelVersion>
<groupId>org.wso2.carbon.devicemgt</groupId>
<artifactId>org.wso2.carbon.policy.information.point</artifactId>
<version>2.0.7-SNAPSHOT</version>
<version>2.0.8-SNAPSHOT</version>
<packaging>bundle</packaging>
<name>WSO2 Carbon - Policy Information Point</name>
<description>WSO2 Carbon - Policy Information Point</description>

@ -22,14 +22,14 @@
<parent>
<groupId>org.wso2.carbon.devicemgt</groupId>
<artifactId>policy-mgt</artifactId>
<version>2.0.7-SNAPSHOT</version>
<version>2.0.8-SNAPSHOT</version>
<relativePath>../pom.xml</relativePath>
</parent>
<modelVersion>4.0.0</modelVersion>
<groupId>org.wso2.carbon.devicemgt</groupId>
<artifactId>org.wso2.carbon.policy.mgt.common</artifactId>
<version>2.0.7-SNAPSHOT</version>
<version>2.0.8-SNAPSHOT</version>
<packaging>bundle</packaging>
<name>WSO2 Carbon - Policy Management Common</name>
<description>WSO2 Carbon - Policy Management Common</description>

@ -22,14 +22,14 @@
<parent>
<groupId>org.wso2.carbon.devicemgt</groupId>
<artifactId>policy-mgt</artifactId>
<version>2.0.7-SNAPSHOT</version>
<version>2.0.8-SNAPSHOT</version>
<relativePath>../pom.xml</relativePath>
</parent>
<modelVersion>4.0.0</modelVersion>
<groupId>org.wso2.carbon.devicemgt</groupId>
<artifactId>org.wso2.carbon.policy.mgt.core</artifactId>
<version>2.0.7-SNAPSHOT</version>
<version>2.0.8-SNAPSHOT</version>
<packaging>bundle</packaging>
<name>WSO2 Carbon - Policy Management Core</name>
<description>WSO2 Carbon - Policy Management Core</description>

@ -23,13 +23,13 @@
<parent>
<groupId>org.wso2.carbon.devicemgt</groupId>
<artifactId>carbon-devicemgt</artifactId>
<version>2.0.7-SNAPSHOT</version>
<version>2.0.8-SNAPSHOT</version>
<relativePath>../../pom.xml</relativePath>
</parent>
<modelVersion>4.0.0</modelVersion>
<artifactId>policy-mgt</artifactId>
<version>2.0.7-SNAPSHOT</version>
<version>2.0.8-SNAPSHOT</version>
<packaging>pom</packaging>
<name>WSO2 Carbon - Policy Management Component</name>
<url>http://wso2.org</url>

@ -21,14 +21,14 @@
<parent>
<groupId>org.wso2.carbon.devicemgt</groupId>
<artifactId>webapp-authenticator-framework</artifactId>
<version>2.0.7-SNAPSHOT</version>
<version>2.0.8-SNAPSHOT</version>
<relativePath>../pom.xml</relativePath>
</parent>
<modelVersion>4.0.0</modelVersion>
<groupId>org.wso2.carbon.devicemgt</groupId>
<artifactId>org.wso2.carbon.webapp.authenticator.framework</artifactId>
<version>2.0.7-SNAPSHOT</version>
<version>2.0.8-SNAPSHOT</version>
<packaging>bundle</packaging>
<name>WSO2 Carbon - Web Application Authenticator Framework Bundle</name>
<description>WSO2 Carbon - Web Application Authenticator Framework Bundle</description>

@ -35,6 +35,8 @@ import org.wso2.carbon.utils.multitenancy.MultitenantUtils;
import org.wso2.carbon.webapp.authenticator.framework.AuthenticationException;
import java.util.Properties;
import java.util.regex.Matcher;
import java.util.regex.Pattern;
public class Utils {
@ -86,4 +88,18 @@ public class Utils {
}
}
public static String replaceSystemProperty(String urlWithPlaceholders) {
String regex = "\\$\\{(.*?)\\}";
Pattern pattern = Pattern.compile(regex);
Matcher matchPattern = pattern.matcher(urlWithPlaceholders);
while (matchPattern.find()) {
String sysPropertyName = matchPattern.group(1);
String sysPropertyValue = System.getProperty(sysPropertyName);
if (sysPropertyValue != null && !sysPropertyName.isEmpty()) {
urlWithPlaceholders = urlWithPlaceholders.replaceAll("\\$\\{(" + sysPropertyName + ")\\}", sysPropertyValue);
}
}
return urlWithPlaceholders;
}
}

@ -41,7 +41,7 @@ public class WebappAuthenticationValve extends CarbonTomcatValve {
@Override
public void invoke(Request request, Response response, CompositeValve compositeValve) {
if (this.isContextSkipped(request) || (!this.isAdminService(request) && this.skipAuthentication(request))) {
if (this.isContextSkipped(request) || this.skipAuthentication(request)) {
this.getNext().invoke(request, response, compositeValve);
return;
}
@ -74,11 +74,6 @@ public class WebappAuthenticationValve extends CarbonTomcatValve {
}
}
private boolean isAdminService(Request request) {
String param = request.getContext().findParameter("isAdminService");
return (param != null && Boolean.parseBoolean(param));
}
private boolean skipAuthentication(Request request) {
String param = request.getContext().findParameter("doAuthentication");
return (param == null || !Boolean.parseBoolean(param) || isNonSecuredEndPoint(request));

@ -66,7 +66,7 @@ public class BSTAuthenticator implements WebappAuthenticator {
"are not provided");
}
String url = this.properties.getProperty("TokenValidationEndpointUrl");
String url = Utils.replaceSystemProperty(this.properties.getProperty("TokenValidationEndpointUrl"));
if ((url == null) || (url.isEmpty())) {
throw new IllegalArgumentException("OAuth token validation endpoint url is not provided");
}

@ -62,7 +62,7 @@ public class JWTAuthenticator implements WebappAuthenticator {
private static final String DEFAULT_TRUST_STORE_LOCATION = "Security.TrustStore.Location";
private static final String DEFAULT_TRUST_STORE_PASSWORD = "Security.TrustStore.Password";
private static final Map<String, PublicKey> publicKeyHolder = new HashMap<>();
private static final Map<IssuerAlias, PublicKey> publicKeyHolder = new HashMap<>();
private Properties properties;
private static void loadTenantRegistry(int tenantId) throws RegistryException {
@ -106,21 +106,17 @@ public class JWTAuthenticator implements WebappAuthenticator {
String username = jwsObject.getJWTClaimsSet().getStringClaim(SIGNED_JWT_AUTH_USERNAME);
String tenantDomain = MultitenantUtils.getTenantDomain(username);
int tenantId = Integer.parseInt(jwsObject.getJWTClaimsSet().getStringClaim(SIGNED_JWT_AUTH_TENANT_ID));
String issuer = jwsObject.getJWTClaimsSet().getIssuer();
PrivilegedCarbonContext.startTenantFlow();
PrivilegedCarbonContext.getThreadLocalCarbonContext().setTenantDomain(tenantDomain);
PrivilegedCarbonContext.getThreadLocalCarbonContext().setTenantId(tenantId);
PublicKey publicKey = publicKeyHolder.get(tenantDomain);
IssuerAlias issuerAlias = new IssuerAlias(issuer, tenantDomain);
PublicKey publicKey = publicKeyHolder.get(issuerAlias);
if (publicKey == null) {
loadTenantRegistry(tenantId);
KeyStoreManager keyStoreManager = KeyStoreManager.getInstance(tenantId);
if (MultitenantConstants.SUPER_TENANT_DOMAIN_NAME.equals(tenantDomain)) {
String defaultPublicKey = properties.getProperty("DefaultPublicKey");
if (defaultPublicKey != null && !defaultPublicKey.isEmpty()) {
boolean isDefaultPublicKey = Boolean.parseBoolean(defaultPublicKey);
if (isDefaultPublicKey) {
publicKey = keyStoreManager.getDefaultPublicKey();
} else {
String alias = properties.getProperty("KeyAlias");
String alias = properties.getProperty(issuer);
if (alias != null && !alias.isEmpty()) {
ServerConfiguration serverConfig = CarbonUtils.getServerConfiguration();
KeyStore keyStore = KeyStore.getInstance(KeyStore.getDefaultType());
@ -133,19 +129,14 @@ public class JWTAuthenticator implements WebappAuthenticator {
authenticationInfo.setStatus(Status.FAILURE);
return authenticationInfo;
}
}
} else {
publicKey = keyStoreManager.getDefaultPublicKey();
}
} else {
String ksName = tenantDomain.trim().replace('.', '-');
String jksName = ksName + ".jks";
publicKey = keyStoreManager.getKeyStore(jksName).getCertificate(tenantDomain).getPublicKey();
}
if (publicKey != null) {
publicKeyHolder.put(tenantDomain, publicKey);
issuerAlias = new IssuerAlias(tenantDomain);
publicKeyHolder.put(issuerAlias, publicKey);
}
}
@ -205,4 +196,34 @@ public class JWTAuthenticator implements WebappAuthenticator {
}
return this.properties.getProperty(name);
}
private class IssuerAlias {
private String issuer;
private String tenantDomain;
private final String DEFAULT_ISSUER = "default";
public IssuerAlias(String tenantDomain) {
this.issuer = DEFAULT_ISSUER;
this.tenantDomain = tenantDomain;
}
public IssuerAlias(String issuer, String tenantDomain) {
this.issuer = issuer;
this.tenantDomain = tenantDomain;
}
@Override
public int hashCode() {
int result = this.issuer.hashCode();
result = 31 * result + ("@" + this.tenantDomain).hashCode();
return result;
}
@Override
public boolean equals(Object obj) {
return (obj instanceof IssuerAlias) && issuer.equals(
((IssuerAlias) obj).issuer) && tenantDomain == ((IssuerAlias) obj).tenantDomain;
}
}
}

@ -55,7 +55,7 @@ public class OAuthAuthenticator implements WebappAuthenticator {
"are not provided");
}
String url = this.properties.getProperty("TokenValidationEndpointUrl");
String url = Utils.replaceSystemProperty(this.properties.getProperty("TokenValidationEndpointUrl"));
if ((url == null) || (url.isEmpty())) {
throw new IllegalArgumentException("OAuth token validation endpoint url is not provided");
}

@ -22,14 +22,14 @@
<parent>
<groupId>org.wso2.carbon.devicemgt</groupId>
<artifactId>carbon-devicemgt</artifactId>
<version>2.0.7-SNAPSHOT</version>
<version>2.0.8-SNAPSHOT</version>
<relativePath>../../pom.xml</relativePath>
</parent>
<modelVersion>4.0.0</modelVersion>
<groupId>org.wso2.carbon.devicemgt</groupId>
<artifactId>webapp-authenticator-framework</artifactId>
<version>2.0.7-SNAPSHOT</version>
<version>2.0.8-SNAPSHOT</version>
<packaging>pom</packaging>
<name>WSO2 Carbon - Webapp Authenticator Framework</name>
<url>http://wso2.org</url>

@ -21,14 +21,14 @@
<parent>
<groupId>org.wso2.carbon.devicemgt</groupId>
<artifactId>apimgt-extensions-feature</artifactId>
<version>2.0.7-SNAPSHOT</version>
<version>2.0.8-SNAPSHOT</version>
<relativePath>../pom.xml</relativePath>
</parent>
<modelVersion>4.0.0</modelVersion>
<artifactId>org.wso2.carbon.apimgt.application.extension.feature</artifactId>
<packaging>pom</packaging>
<version>2.0.7-SNAPSHOT</version>
<version>2.0.8-SNAPSHOT</version>
<name>WSO2 Carbon - API Management Application Extension Feature</name>
<url>http://wso2.org</url>
<description>This feature contains an implementation of a api application registration, which takes care of subscription

@ -22,14 +22,14 @@
<parent>
<groupId>org.wso2.carbon.devicemgt</groupId>
<artifactId>apimgt-extensions-feature</artifactId>
<version>2.0.7-SNAPSHOT</version>
<version>2.0.8-SNAPSHOT</version>
<relativePath>../pom.xml</relativePath>
</parent>
<modelVersion>4.0.0</modelVersion>
<artifactId>org.wso2.carbon.apimgt.handler.server.feature</artifactId>
<packaging>pom</packaging>
<version>2.0.7-SNAPSHOT</version>
<version>2.0.8-SNAPSHOT</version>
<name>WSO2 Carbon - Device Management - APIM handler Server Feature</name>
<url>http://wso2.org</url>
<description>This feature contains the handler for the api authentications

@ -21,14 +21,14 @@
<parent>
<groupId>org.wso2.carbon.devicemgt</groupId>
<artifactId>apimgt-extensions-feature</artifactId>
<version>2.0.7-SNAPSHOT</version>
<version>2.0.8-SNAPSHOT</version>
<relativePath>../pom.xml</relativePath>
</parent>
<modelVersion>4.0.0</modelVersion>
<artifactId>org.wso2.carbon.apimgt.webapp.publisher.feature</artifactId>
<packaging>pom</packaging>
<version>2.0.7-SNAPSHOT</version>
<version>2.0.8-SNAPSHOT</version>
<name>WSO2 Carbon - API Management Webapp Publisher Feature</name>
<url>http://wso2.org</url>
<description>This feature contains an implementation of a Tomcat lifecycle listener, which takes care of publishing

@ -24,7 +24,7 @@
<WebappPublisherConfigs>
<!-- This host is used to define the host address which is used to publish APIs -->
<Host>https://localhost:${carbon.https.port}</Host>
<Host>https://${iot.core.host}:${iot.core.https.port}</Host>
<!-- If it is true, the APIs of this instance will be published to the defined host -->
<PublishAPI>true</PublishAPI>

@ -22,14 +22,14 @@
<parent>
<groupId>org.wso2.carbon.devicemgt</groupId>
<artifactId>carbon-devicemgt</artifactId>
<version>2.0.7-SNAPSHOT</version>
<version>2.0.8-SNAPSHOT</version>
<relativePath>../../pom.xml</relativePath>
</parent>
<modelVersion>4.0.0</modelVersion>
<groupId>org.wso2.carbon.devicemgt</groupId>
<artifactId>apimgt-extensions-feature</artifactId>
<version>2.0.7-SNAPSHOT</version>
<version>2.0.8-SNAPSHOT</version>
<packaging>pom</packaging>
<name>WSO2 Carbon - API Management Extensions Feature</name>
<url>http://wso2.org</url>

@ -22,7 +22,7 @@
<parent>
<groupId>org.wso2.carbon.devicemgt</groupId>
<artifactId>certificate-mgt-feature</artifactId>
<version>2.0.7-SNAPSHOT</version>
<version>2.0.8-SNAPSHOT</version>
<relativePath>../pom.xml</relativePath>
</parent>

@ -22,7 +22,7 @@
<parent>
<groupId>org.wso2.carbon.devicemgt</groupId>
<artifactId>certificate-mgt-feature</artifactId>
<version>2.0.7-SNAPSHOT</version>
<version>2.0.8-SNAPSHOT</version>
<relativePath>../pom.xml</relativePath>
</parent>

@ -22,14 +22,14 @@
<parent>
<groupId>org.wso2.carbon.devicemgt</groupId>
<artifactId>certificate-mgt-feature</artifactId>
<version>2.0.7-SNAPSHOT</version>
<version>2.0.8-SNAPSHOT</version>
<relativePath>../pom.xml</relativePath>
</parent>
<modelVersion>4.0.0</modelVersion>
<artifactId>org.wso2.carbon.certificate.mgt.server.feature</artifactId>
<packaging>pom</packaging>
<version>2.0.7-SNAPSHOT</version>
<version>2.0.8-SNAPSHOT</version>
<name>WSO2 Carbon - Certificate Management Server Feature</name>
<url>http://wso2.org</url>
<description>This feature contains the core bundles required for back-end Certificate Management functionality

@ -22,14 +22,14 @@
<parent>
<groupId>org.wso2.carbon.devicemgt</groupId>
<artifactId>carbon-devicemgt</artifactId>
<version>2.0.7-SNAPSHOT</version>
<version>2.0.8-SNAPSHOT</version>
<relativePath>../../pom.xml</relativePath>
</parent>
<modelVersion>4.0.0</modelVersion>
<groupId>org.wso2.carbon.devicemgt</groupId>
<artifactId>certificate-mgt-feature</artifactId>
<version>2.0.7-SNAPSHOT</version>
<version>2.0.8-SNAPSHOT</version>
<packaging>pom</packaging>
<name>WSO2 Carbon - Certificate Management Feature</name>
<url>http://wso2.org</url>

@ -22,14 +22,14 @@
<parent>
<groupId>org.wso2.carbon.devicemgt</groupId>
<artifactId>device-mgt-extensions-feature</artifactId>
<version>2.0.7-SNAPSHOT</version>
<version>2.0.8-SNAPSHOT</version>
<relativePath>../pom.xml</relativePath>
</parent>
<modelVersion>4.0.0</modelVersion>
<artifactId>org.wso2.carbon.device.mgt.extensions.device.type.deployer.feature</artifactId>
<packaging>pom</packaging>
<version>2.0.7-SNAPSHOT</version>
<version>2.0.8-SNAPSHOT</version>
<name>WSO2 Carbon - Device Type Deployer Feature</name>
<url>http://wso2.org</url>
<description>WSO2 Carbon - Device Type Deployer Feature</description>

@ -22,14 +22,14 @@
<parent>
<groupId>org.wso2.carbon.devicemgt</groupId>
<artifactId>device-mgt-extensions-feature</artifactId>
<version>2.0.7-SNAPSHOT</version>
<version>2.0.8-SNAPSHOT</version>
<relativePath>../pom.xml</relativePath>
</parent>
<modelVersion>4.0.0</modelVersion>
<artifactId>org.wso2.carbon.device.mgt.extensions.push.notification.provider.gcm.feature</artifactId>
<packaging>pom</packaging>
<version>2.0.7-SNAPSHOT</version>
<version>2.0.8-SNAPSHOT</version>
<name>WSO2 Carbon - GCM Based Push Notification Provider Feature</name>
<url>http://wso2.org</url>
<description>WSO2 Carbon - MQTT Based Push Notification Provider Feature</description>

@ -22,14 +22,14 @@
<parent>
<groupId>org.wso2.carbon.devicemgt</groupId>
<artifactId>device-mgt-extensions-feature</artifactId>
<version>2.0.7-SNAPSHOT</version>
<version>2.0.8-SNAPSHOT</version>
<relativePath>../pom.xml</relativePath>
</parent>
<modelVersion>4.0.0</modelVersion>
<artifactId>org.wso2.carbon.device.mgt.extensions.push.notification.provider.mqtt.feature</artifactId>
<packaging>pom</packaging>
<version>2.0.7-SNAPSHOT</version>
<version>2.0.8-SNAPSHOT</version>
<name>WSO2 Carbon - MQTT Based Push Notification Provider Feature</name>
<url>http://wso2.org</url>
<description>WSO2 Carbon - MQTT Based Push Notification Provider Feature</description>

@ -22,14 +22,14 @@
<parent>
<groupId>org.wso2.carbon.devicemgt</groupId>
<artifactId>device-mgt-extensions-feature</artifactId>
<version>2.0.7-SNAPSHOT</version>
<version>2.0.8-SNAPSHOT</version>
<relativePath>../pom.xml</relativePath>
</parent>
<modelVersion>4.0.0</modelVersion>
<artifactId>org.wso2.carbon.device.mgt.extensions.push.notification.provider.xmpp.feature</artifactId>
<packaging>pom</packaging>
<version>2.0.7-SNAPSHOT</version>
<version>2.0.8-SNAPSHOT</version>
<name>WSO2 Carbon - XMPP Based Push Notification Provider Feature</name>
<url>http://wso2.org</url>
<description>WSO2 Carbon - XMPP Based Push Notification Provider Feature</description>

@ -22,7 +22,7 @@
<parent>
<groupId>org.wso2.carbon.devicemgt</groupId>
<artifactId>carbon-devicemgt</artifactId>
<version>2.0.7-SNAPSHOT</version>
<version>2.0.8-SNAPSHOT</version>
<relativePath>../../pom.xml</relativePath>
</parent>

Some files were not shown because too many files have changed in this diff Show More

Loading…
Cancel
Save