adding security fixes

revert-70aa11f8
hasuniea 9 years ago
parent fa0891d9a2
commit 1b07b18678

@ -248,6 +248,14 @@
<artifactId>jackson-annotations</artifactId> <artifactId>jackson-annotations</artifactId>
<scope>provided</scope> <scope>provided</scope>
</dependency> </dependency>
<dependency>
<groupId>org.hibernate</groupId>
<artifactId>hibernate-validator</artifactId>
</dependency>
<dependency>
<groupId>javax.ws.rs</groupId>
<artifactId>javax.ws.rs-api</artifactId>
</dependency>
</dependencies> </dependencies>
</project> </project>

@ -34,7 +34,7 @@ public class ErrorResponse {
private String moreInfo = null; private String moreInfo = null;
private List<ErrorListItem> errorItems = new ArrayList<>(); private List<ErrorListItem> errorItems = new ArrayList<>();
private ErrorResponse() { public ErrorResponse() {
} }
@JsonProperty(value = "code") @JsonProperty(value = "code")

@ -22,6 +22,7 @@ import io.swagger.annotations.ApiModel;
import io.swagger.annotations.ApiModelProperty; import io.swagger.annotations.ApiModelProperty;
import org.wso2.carbon.device.mgt.common.DeviceIdentifier; import org.wso2.carbon.device.mgt.common.DeviceIdentifier;
import javax.validation.constraints.Size;
import java.util.List; import java.util.List;
@ApiModel(value = "PolicyWrapper", description = "This class carries all information related to Policy " @ApiModel(value = "PolicyWrapper", description = "This class carries all information related to Policy "
@ -29,9 +30,11 @@ import java.util.List;
public class PolicyWrapper { public class PolicyWrapper {
@ApiModelProperty(name = "policyName", value = "The name of the policy", required = true) @ApiModelProperty(name = "policyName", value = "The name of the policy", required = true)
@Size(max = 45)
private String policyName; private String policyName;
@ApiModelProperty(name = "description", value = "Gives a description on the policy", required = true) @ApiModelProperty(name = "description", value = "Gives a description on the policy", required = true)
@Size(max = 1000)
private String description; private String description;
@ApiModelProperty(name = "compliance", value = "Provides the non-compliance rules. WSO2 EMM provides the" @ApiModelProperty(name = "compliance", value = "Provides the non-compliance rules. WSO2 EMM provides the"
@ -41,6 +44,7 @@ public class PolicyWrapper {
+ "Monitor - If the device does not adhere to the given policies the server is notified of the " + "Monitor - If the device does not adhere to the given policies the server is notified of the "
+ "violation unknown to the user and the administrator can take the necessary actions with regard" + "violation unknown to the user and the administrator can take the necessary actions with regard"
+ " to the reported", required = true) + " to the reported", required = true)
@Size(max = 100)
private String compliance; private String compliance;
@ApiModelProperty(name = "ownershipType", value = "The policy ownership type. It can be any of the " @ApiModelProperty(name = "ownershipType", value = "The policy ownership type. It can be any of the "
@ -49,6 +53,7 @@ public class PolicyWrapper {
+ "BYOD (Bring Your Own Device) - The policy will only be applied on the BYOD device type\n" + "BYOD (Bring Your Own Device) - The policy will only be applied on the BYOD device type\n"
+ "COPE (Corporate-Owned, Personally-Enabled) - The policy will only be applied on the COPE " + "COPE (Corporate-Owned, Personally-Enabled) - The policy will only be applied on the COPE "
+ "device type", required = true) + "device type", required = true)
@Size(max = 45)
private String ownershipType; private String ownershipType;
@ApiModelProperty(name = "active", value = "If the value is true it indicates that the policy is active. " @ApiModelProperty(name = "active", value = "If the value is true it indicates that the policy is active. "

@ -20,7 +20,6 @@ package org.wso2.carbon.device.mgt.jaxrs.beans;
import io.swagger.annotations.ApiModel; import io.swagger.annotations.ApiModel;
import io.swagger.annotations.ApiModelProperty; import io.swagger.annotations.ApiModelProperty;
import org.wso2.carbon.device.mgt.core.dto.DeviceType;
import javax.xml.bind.annotation.XmlElement; import javax.xml.bind.annotation.XmlElement;
import javax.xml.bind.annotation.XmlRootElement; import javax.xml.bind.annotation.XmlRootElement;

@ -0,0 +1,34 @@
/*
* Copyright (c) 2016, WSO2 Inc. (http://www.wso2.org) All Rights Reserved.
*
* WSO2 Inc. licenses this file to you under the Apache License,
* Version 2.0 (the "License"); you may not use this file except
* in compliance with the License.
* You may obtain a copy of the License at
*
* http://www.apache.org/licenses/LICENSE-2.0
*
* Unless required by applicable law or agreed to in writing,
* software distributed under the License is distributed on an
* "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
* KIND, either express or implied. See the License for the
* specific language governing permissions and limitations
* under the License.
*/
package org.wso2.carbon.device.mgt.jaxrs.exception;
import org.wso2.carbon.device.mgt.jaxrs.beans.ErrorResponse;
import javax.ws.rs.WebApplicationException;
import javax.ws.rs.core.Response;
/**
* Custom exception class for wrapping BadRequest related exceptions.
*/
public class BadRequestException extends WebApplicationException {
public BadRequestException(ErrorResponse error) {
super(Response.status(Response.Status.BAD_REQUEST).entity(error).build());
}
}

@ -0,0 +1,55 @@
/*
* Copyright (c) 2016, WSO2 Inc. (http://www.wso2.org) All Rights Reserved.
*
* WSO2 Inc. licenses this file to you under the Apache License,
* Version 2.0 (the "License"); you may not use this file except
* in compliance with the License.
* You may obtain a copy of the License at
*
* http://www.apache.org/licenses/LICENSE-2.0
*
* Unless required by applicable law or agreed to in writing,
* software distributed under the License is distributed on an
* "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
* KIND, either express or implied. See the License for the
* specific language governing permissions and limitations
* under the License.
*/
package org.wso2.carbon.device.mgt.jaxrs.exception;
import org.wso2.carbon.device.mgt.jaxrs.util.Constants;
import org.wso2.carbon.device.mgt.jaxrs.util.DeviceMgtUtil;
import javax.validation.ConstraintViolation;
import javax.ws.rs.WebApplicationException;
import javax.ws.rs.core.Response;
import java.util.Set;
public class ConstraintViolationException extends WebApplicationException {
private String message;
public <T> ConstraintViolationException(Set<ConstraintViolation<T>> violations) {
super(Response.status(Response.Status.BAD_REQUEST)
.entity(DeviceMgtUtil.getConstraintViolationErrorDTO(violations))
.header(Constants.DeviceConstants.HEADER_CONTENT_TYPE, Constants.DeviceConstants.APPLICATION_JSON)
.build());
//Set the error message
StringBuilder stringBuilder = new StringBuilder();
for (ConstraintViolation violation : violations) {
stringBuilder.append(violation.getRootBeanClass().getSimpleName());
stringBuilder.append(".");
stringBuilder.append(violation.getPropertyPath());
stringBuilder.append(": ");
stringBuilder.append(violation.getMessage());
stringBuilder.append(", ");
}
message = stringBuilder.toString();
}
@Override
public String getMessage() {
return message;
}
}

@ -0,0 +1,86 @@
/*
* Copyright (c) 2016, WSO2 Inc. (http://www.wso2.org) All Rights Reserved.
*
* WSO2 Inc. licenses this file to you under the Apache License,
* Version 2.0 (the "License"); you may not use this file except
* in compliance with the License.
* You may obtain a copy of the License at
*
* http://www.apache.org/licenses/LICENSE-2.0
*
* Unless required by applicable law or agreed to in writing,
* software distributed under the License is distributed on an
* "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
* KIND, either express or implied. See the License for the
* specific language governing permissions and limitations
* under the License.
*/
package org.wso2.carbon.device.mgt.jaxrs.exception;
import java.util.ArrayList;
import java.util.List;
public class ErrorDTO {
private Long code = null;
private String message = null;
private String description = null;
public void setMoreInfo(String moreInfo) {
this.moreInfo = moreInfo;
}
public void setCode(Long code) {
this.code = code;
}
public void setMessage(String message) {
this.message = message;
}
public void setDescription(String description) {
this.description = description;
}
public void setError(List<ErrorDTO> error) {
this.error = error;
}
private String moreInfo = null;
public String getMessage() {
return message;
}
public Long getCode() {
return code;
}
public String getDescription() {
return description;
}
public String getMoreInfo() {
return moreInfo;
}
public List<ErrorDTO> getError() {
return error;
}
public String toString() {
StringBuilder stringBuilder = new StringBuilder();
stringBuilder.append("class ErrorDTO {\n");
stringBuilder.append(" code: ").append(code).append("\n");
stringBuilder.append(" message: ").append(message).append("\n");
stringBuilder.append(" description: ").append(description).append("\n");
stringBuilder.append(" moreInfo: ").append(moreInfo).append("\n");
stringBuilder.append(" error: ").append(error).append("\n");
stringBuilder.append("}\n");
return stringBuilder.toString();
}
private List<ErrorDTO> error = new ArrayList<>();
}

@ -0,0 +1,51 @@
/*
* Copyright (c) 2016, WSO2 Inc. (http://www.wso2.org) All Rights Reserved.
*
* WSO2 Inc. licenses this file to you under the Apache License,
* Version 2.0 (the "License"); you may not use this file except
* in compliance with the License.
* You may obtain a copy of the License at
*
* http://www.apache.org/licenses/LICENSE-2.0
*
* Unless required by applicable law or agreed to in writing,
* software distributed under the License is distributed on an
* "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
* KIND, either express or implied. See the License for the
* specific language governing permissions and limitations
* under the License.
*/
package org.wso2.carbon.device.mgt.jaxrs.exception;
import org.wso2.carbon.device.mgt.jaxrs.util.Constants;
import javax.ws.rs.WebApplicationException;
import javax.ws.rs.core.Response;
/**
* Exception class that is corresponding to 401 Forbidden response
*/
public class ForbiddenException extends WebApplicationException {
private String message;
public ForbiddenException() {
super(Response.status(Response.Status.FORBIDDEN)
.build());
}
public ForbiddenException(ErrorDTO errorDTO) {
super(Response.status(Response.Status.FORBIDDEN)
.entity(errorDTO)
.header(Constants.DeviceConstants.HEADER_CONTENT_TYPE, Constants.DeviceConstants.APPLICATION_JSON)
.build());
message = errorDTO.getDescription();
}
@Override
public String getMessage() {
return message;
}
}

@ -0,0 +1,113 @@
/*
* Copyright (c) 2016, WSO2 Inc. (http://www.wso2.org) All Rights Reserved.
*
* WSO2 Inc. licenses this file to you under the Apache License,
* Version 2.0 (the "License"); you may not use this file except
* in compliance with the License.
* You may obtain a copy of the License at
*
* http://www.apache.org/licenses/LICENSE-2.0
*
* Unless required by applicable law or agreed to in writing,
* software distributed under the License is distributed on an
* "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
* KIND, either express or implied. See the License for the
* specific language governing permissions and limitations
* under the License.
*/
package org.wso2.carbon.device.mgt.jaxrs.exception;
import com.google.gson.JsonParseException;
import org.apache.commons.logging.Log;
import org.apache.commons.logging.LogFactory;
import org.wso2.carbon.device.mgt.jaxrs.util.DeviceMgtUtil;
import javax.naming.AuthenticationException;
import javax.ws.rs.ClientErrorException;
import javax.ws.rs.core.Response;
import javax.ws.rs.ext.ExceptionMapper;
/**
* Handle the cxf level exceptions.
*/
public class GlobalThrowableMapper implements ExceptionMapper {
private static final Log log = LogFactory.getLog(GlobalThrowableMapper.class);
private ErrorDTO e500 = new ErrorDTO();
GlobalThrowableMapper() {
e500.setCode((long) 500);
e500.setMessage("Internal server error.");
e500.setMoreInfo("");
e500.setDescription("The server encountered an internal error. Please contact administrator.");
}
@Override
public Response toResponse(Throwable e) {
if (e instanceof JsonParseException) {
String errorMessage = "Malformed request body.";
if (log.isDebugEnabled()) {
log.error(errorMessage, e);
}
return DeviceMgtUtil.buildBadRequestException(errorMessage).getResponse();
}
if (e instanceof NotFoundException) {
return ((NotFoundException) e).getResponse();
}
if (e instanceof UnexpectedServerErrorException) {
if (log.isDebugEnabled()) {
log.error("Unexpected server error.", e);
}
return ((UnexpectedServerErrorException) e).getResponse();
}
if (e instanceof ConstraintViolationException) {
if (log.isDebugEnabled()) {
log.error("Constraint violation.", e);
}
return ((ConstraintViolationException) e).getResponse();
}
if (e instanceof IllegalArgumentException) {
ErrorDTO errorDetail = new ErrorDTO();
errorDetail.setCode((long) 400);
errorDetail.setMoreInfo("");
errorDetail.setMessage("");
errorDetail.setDescription(e.getMessage());
return Response
.status(Response.Status.BAD_REQUEST)
.entity(errorDetail)
.build();
}
if (e instanceof ClientErrorException) {
if (log.isDebugEnabled()) {
log.error("Client error.", e);
}
return ((ClientErrorException) e).getResponse();
}
if (e instanceof AuthenticationException) {
ErrorDTO errorDetail = new ErrorDTO();
errorDetail.setCode((long) 401);
errorDetail.setMoreInfo("");
errorDetail.setMessage("");
errorDetail.setDescription(e.getMessage());
return Response
.status(Response.Status.UNAUTHORIZED)
.entity(errorDetail)
.build();
}
if (e instanceof ForbiddenException) {
if (log.isDebugEnabled()) {
log.error("Resource forbidden.", e);
}
return ((ForbiddenException) e).getResponse();
}
//unknown exception log and return
if (log.isDebugEnabled()) {
log.error("An Unknown exception has been captured by global exception mapper.", e);
}
return Response.status(Response.Status.INTERNAL_SERVER_ERROR).header("Content-Type", "application/json")
.entity(e500).build();
}
}

@ -0,0 +1,47 @@
/*
* Copyright (c) 2016, WSO2 Inc. (http://www.wso2.org) All Rights Reserved.
*
* WSO2 Inc. licenses this file to you under the Apache License,
* Version 2.0 (the "License"); you may not use this file except
* in compliance with the License.
* You may obtain a copy of the License at
*
* http://www.apache.org/licenses/LICENSE-2.0
*
* Unless required by applicable law or agreed to in writing,
* software distributed under the License is distributed on an
* "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
* KIND, either express or implied. See the License for the
* specific language governing permissions and limitations
* under the License.
*
*/
package org.wso2.carbon.device.mgt.jaxrs.exception;
import org.wso2.carbon.device.mgt.jaxrs.beans.ErrorResponse;
import org.wso2.carbon.device.mgt.jaxrs.util.Constants;
import javax.ws.rs.WebApplicationException;
import javax.ws.rs.core.Response;
public class NotFoundException extends WebApplicationException {
private String message;
private static final long serialVersionUID = 147943572342342340L;
public NotFoundException(ErrorResponse error) {
super(Response.status(Response.Status.NOT_FOUND).entity(error).build());
}
public NotFoundException(ErrorDTO errorDTO) {
super(Response.status(Response.Status.NOT_FOUND)
.entity(errorDTO)
.header(Constants.DeviceConstants.HEADER_CONTENT_TYPE, Constants.DeviceConstants.APPLICATION_JSON)
.build());
message = errorDTO.getDescription();
}
@Override
public String getMessage() {
return message;
}
}

@ -0,0 +1,49 @@
/*
* Copyright (c) 2016, WSO2 Inc. (http://www.wso2.org) All Rights Reserved.
*
* WSO2 Inc. licenses this file to you under the Apache License,
* Version 2.0 (the "License"); you may not use this file except
* in compliance with the License.
* You may obtain a copy of the License at
*
* http://www.apache.org/licenses/LICENSE-2.0
*
* Unless required by applicable law or agreed to in writing,
* software distributed under the License is distributed on an
* "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
* KIND, either express or implied. See the License for the
* specific language governing permissions and limitations
* under the License.
*
*/
package org.wso2.carbon.device.mgt.jaxrs.exception;
import org.wso2.carbon.device.mgt.jaxrs.beans.ErrorResponse;
import org.wso2.carbon.device.mgt.jaxrs.util.Constants;
import javax.ws.rs.WebApplicationException;
import javax.ws.rs.core.Response;
public class UnexpectedServerErrorException extends WebApplicationException {
private String message;
private static final long serialVersionUID = 147943579458906890L;
public UnexpectedServerErrorException(ErrorResponse error) {
super(Response.status(Response.Status.INTERNAL_SERVER_ERROR).entity(error).build());
}
public UnexpectedServerErrorException(ErrorDTO errorDTO) {
super(Response.status(Response.Status.INTERNAL_SERVER_ERROR)
.entity(errorDTO)
.header(Constants.DeviceConstants.HEADER_CONTENT_TYPE, Constants.DeviceConstants.APPLICATION_JSON)
.build());
message = errorDTO.getDescription();
}
@Override
public String getMessage() {
return message;
}
}

@ -0,0 +1,122 @@
/*
* Copyright (c) 2016, WSO2 Inc. (http://www.wso2.org) All Rights Reserved.
*
* WSO2 Inc. licenses this file to you under the Apache License,
* Version 2.0 (the "License"); you may not use this file except
* in compliance with the License.
* You may obtain a copy of the License at
*
* http://www.apache.org/licenses/LICENSE-2.0
*
* Unless required by applicable law or agreed to in writing,
* software distributed under the License is distributed on an
* "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
* KIND, either express or implied. See the License for the
* specific language governing permissions and limitations
* under the License.
*/
package org.wso2.carbon.device.mgt.jaxrs.exception;
import org.apache.commons.logging.Log;
import org.apache.commons.logging.LogFactory;
import org.apache.cxf.interceptor.Fault;
import org.apache.cxf.jaxrs.lifecycle.ResourceProvider;
import org.apache.cxf.jaxrs.model.ClassResourceInfo;
import org.apache.cxf.jaxrs.model.OperationResourceInfo;
import org.apache.cxf.message.Message;
import org.apache.cxf.message.MessageContentsList;
import org.apache.cxf.phase.AbstractPhaseInterceptor;
import org.apache.cxf.phase.Phase;
import javax.validation.ConstraintViolation;
import javax.validation.Validation;
import javax.validation.Validator;
import javax.validation.ValidatorFactory;
import javax.validation.executable.ExecutableValidator;
import java.lang.reflect.Method;
import java.util.List;
import java.util.Set;
public class ValidationInterceptor extends AbstractPhaseInterceptor<Message> {
private Log log = LogFactory.getLog(getClass());
private Validator validator = null; //validator interface is thread-safe
public ValidationInterceptor() {
super(Phase.PRE_INVOKE);
ValidatorFactory defaultFactory = Validation.buildDefaultValidatorFactory();
validator = defaultFactory.getValidator();
if (validator == null) {
log.warn("Bean Validation provider could not be found, no validation will be performed");
} else {
log.debug("Validation In-Interceptor initialized successfully");
}
}
@Override
public void handleMessage(Message message) throws Fault {
final OperationResourceInfo operationResource = message.getExchange().get(OperationResourceInfo.class);
if (operationResource == null) {
log.info("OperationResourceInfo is not available, skipping validation");
return;
}
final ClassResourceInfo classResource = operationResource.getClassResourceInfo();
if (classResource == null) {
log.info("ClassResourceInfo is not available, skipping validation");
return;
}
final ResourceProvider resourceProvider = classResource.getResourceProvider();
if (resourceProvider == null) {
log.info("ResourceProvider is not available, skipping validation");
return;
}
final List<Object> arguments = MessageContentsList.getContentsList(message);
final Method method = operationResource.getAnnotatedMethod();
final Object instance = resourceProvider.getInstance(message);
if (method != null && arguments != null) {
//validate the parameters(arguments) over the invoked method
validate(method, arguments.toArray(), instance);
//validate the fields of each argument
for (Object arg : arguments) {
if (arg != null)
validate(arg);
}
}
}
public <T> void validate(final Method method, final Object[] arguments, final T instance) {
if (validator == null) {
log.warn("Bean Validation provider could not be found, no validation will be performed");
return;
}
ExecutableValidator methodValidator = validator.forExecutables();
Set<ConstraintViolation<T>> violations = methodValidator.validateParameters(instance,
method, arguments);
if (!violations.isEmpty()) {
throw new ConstraintViolationException(violations);
}
}
public <T> void validate(final T object) {
if (validator == null) {
log.warn("Bean Validation provider could be found, no validation will be performed");
return;
}
Set<ConstraintViolation<T>> violations = validator.validate(object);
if (!violations.isEmpty()) {
throw new ConstraintViolationException(violations);
}
}
public void handleFault(org.apache.cxf.message.Message messageParam) {
}
}

@ -25,6 +25,7 @@ import org.wso2.carbon.device.mgt.common.operation.mgt.Activity;
import org.wso2.carbon.device.mgt.jaxrs.beans.ActivityList; import org.wso2.carbon.device.mgt.jaxrs.beans.ActivityList;
import org.wso2.carbon.device.mgt.jaxrs.beans.ErrorResponse; import org.wso2.carbon.device.mgt.jaxrs.beans.ErrorResponse;
import javax.validation.constraints.Size;
import javax.ws.rs.*; import javax.ws.rs.*;
import javax.ws.rs.core.MediaType; import javax.ws.rs.core.MediaType;
import javax.ws.rs.core.Response; import javax.ws.rs.core.Response;
@ -100,7 +101,9 @@ public interface ActivityInfoProviderService {
name = "id", name = "id",
value = "Activity id of the operation/activity to be retrieved.", value = "Activity id of the operation/activity to be retrieved.",
required = true) required = true)
@PathParam("id") String id, @PathParam("id")
@Size(max = 45)
String id,
@ApiParam( @ApiParam(
name = "If-Modified-Since", name = "If-Modified-Since",
value = "Validates if the requested variant has not been modified since the time specified", value = "Validates if the requested variant has not been modified since the time specified",

@ -31,6 +31,7 @@ import org.wso2.carbon.device.mgt.jaxrs.beans.ErrorResponse;
import org.wso2.carbon.policy.mgt.common.Policy; import org.wso2.carbon.policy.mgt.common.Policy;
import org.wso2.carbon.policy.mgt.common.monitor.ComplianceData; import org.wso2.carbon.policy.mgt.common.monitor.ComplianceData;
import javax.validation.constraints.Size;
import javax.ws.rs.*; import javax.ws.rs.*;
import javax.ws.rs.core.MediaType; import javax.ws.rs.core.MediaType;
import javax.ws.rs.core.Response; import javax.ws.rs.core.Response;
@ -100,62 +101,68 @@ public interface DeviceManagementService {
name = "name", name = "name",
value = "The device name, such as shamu, bullhead or angler.", value = "The device name, such as shamu, bullhead or angler.",
required = false) required = false)
String name, @Size(max = 45)
String name,
@ApiParam( @ApiParam(
name = "type", name = "type",
value = "The device type, such as ios, android or windows.", value = "The device type, such as ios, android or windows.",
required = false) required = false)
@QueryParam("type") @QueryParam("type")
String type, @Size(max = 45)
String type,
@ApiParam( @ApiParam(
name = "user", name = "user",
value = "Username of owner of the devices.", value = "Username of owner of the devices.",
required = false) required = false)
@QueryParam("user") @QueryParam("user")
String user, @Size(max = 45)
String user,
@ApiParam( @ApiParam(
name = "roleName", name = "roleName",
value = "Role name of the devices to be fetched.", value = "Role name of the devices to be fetched.",
required = false) required = false)
@QueryParam("roleName") @QueryParam("roleName")
String roleName, @Size(max = 45)
String roleName,
@ApiParam( @ApiParam(
name = "ownership", name = "ownership",
allowableValues = "BYOD, COPE", allowableValues = "BYOD, COPE",
value = "Ownership of the devices to be fetched registered under.", value = "Ownership of the devices to be fetched registered under.",
required = false) required = false)
@QueryParam("ownership") @QueryParam("ownership")
String ownership, @Size(max = 45)
String ownership,
@ApiParam( @ApiParam(
name = "status", name = "status",
value = "Enrollment status of devices to be fetched.", value = "Enrollment status of devices to be fetched.",
required = false) required = false)
@QueryParam("status") @QueryParam("status")
String status, @Size(max = 45)
String status,
@ApiParam( @ApiParam(
name = "since", name = "since",
value = "Last modified timestamp", value = "Last modified timestamp",
required = false) required = false)
@QueryParam("since") @QueryParam("since")
String since, String since,
@ApiParam( @ApiParam(
name = "If-Modified-Since", name = "If-Modified-Since",
value = "Timestamp of the last modified date", value = "Timestamp of the last modified date",
required = false) required = false)
@HeaderParam("If-Modified-Since") @HeaderParam("If-Modified-Since")
String timestamp, String timestamp,
@ApiParam( @ApiParam(
name = "offset", name = "offset",
value = "Starting point within the complete list of items qualified.", value = "Starting point within the complete list of items qualified.",
required = false) required = false)
@QueryParam("offset") @QueryParam("offset")
int offset, int offset,
@ApiParam( @ApiParam(
name = "limit", name = "limit",
value = "Maximum size of resource array to return.", value = "Maximum size of resource array to return.",
required = false) required = false)
@QueryParam("limit") @QueryParam("limit")
int limit); int limit);
@GET @GET
@ -206,8 +213,8 @@ public interface DeviceManagementService {
@Permission( @Permission(
scope = "device-view", scope = "device-view",
permissions = { permissions = {
"/permission/admin/device-mgt/admin/devices/view", "/permission/admin/device-mgt/admin/devices/view",
"/permission/admin/device-mgt/user/devices/view" "/permission/admin/device-mgt/user/devices/view"
} }
) )
Response getDevice( Response getDevice(
@ -216,19 +223,21 @@ public interface DeviceManagementService {
value = "The device type, such as ios, android or windows.", value = "The device type, such as ios, android or windows.",
required = true) required = true)
@PathParam("type") @PathParam("type")
String type, @Size(max = 45)
String type,
@ApiParam( @ApiParam(
name = "id", name = "id",
value = "The device identifier of the device.", value = "The device identifier of the device.",
required = true) required = true)
@PathParam("id") @PathParam("id")
String id, @Size(max = 45)
String id,
@ApiParam( @ApiParam(
name = "If-Modified-Since", name = "If-Modified-Since",
value = "Validates if the requested variant has not been modified since the time specified", value = "Validates if the requested variant has not been modified since the time specified",
required = false) required = false)
@HeaderParam("If-Modified-Since") @HeaderParam("If-Modified-Since")
String ifModifiedSince); String ifModifiedSince);
@GET @GET
@Path("/{type}/{id}/features") @Path("/{type}/{id}/features")
@ -292,7 +301,7 @@ public interface DeviceManagementService {
@Permission( @Permission(
scope = "device-search", scope = "device-search",
permissions = {"/permission/admin/device-mgt/admin/devices/view", permissions = {"/permission/admin/device-mgt/admin/devices/view",
"/permission/admin/device-mgt/user/devices/view" "/permission/admin/device-mgt/user/devices/view"
} }
) )
Response getFeaturesOfDevice( Response getFeaturesOfDevice(
@ -301,19 +310,21 @@ public interface DeviceManagementService {
value = "The device type, such as ios, android or windows.", value = "The device type, such as ios, android or windows.",
required = true) required = true)
@PathParam("type") @PathParam("type")
String type, @Size(max = 45)
String type,
@ApiParam( @ApiParam(
name = "id", name = "id",
value = "The device identifier of the device.", value = "The device identifier of the device.",
required = true) required = true)
@PathParam("id") @PathParam("id")
String id, @Size(max = 45)
String id,
@ApiParam( @ApiParam(
name = "If-Modified-Since", name = "If-Modified-Since",
value = "Validates if the requested variant has not been modified since the time specified", value = "Validates if the requested variant has not been modified since the time specified",
required = false) required = false)
@HeaderParam("If-Modified-Since") @HeaderParam("If-Modified-Since")
String ifModifiedSince); String ifModifiedSince);
@POST @POST
@Path("/search-devices") @Path("/search-devices")
@ -370,7 +381,7 @@ public interface DeviceManagementService {
}) })
@Permission( @Permission(
scope = "device-search", scope = "device-search",
permissions = {"/permission/admin/device-mgt/admin/devices/list" } permissions = {"/permission/admin/device-mgt/admin/devices/list"}
) )
Response searchDevices( Response searchDevices(
@ApiParam( @ApiParam(
@ -378,18 +389,18 @@ public interface DeviceManagementService {
value = "Starting point within the complete list of items qualified.", value = "Starting point within the complete list of items qualified.",
required = false) required = false)
@QueryParam("offset") @QueryParam("offset")
int offset, int offset,
@ApiParam( @ApiParam(
name = "limit", name = "limit",
value = "Maximum size of resource array to return.", value = "Maximum size of resource array to return.",
required = false) required = false)
@QueryParam("limit") @QueryParam("limit")
int limit, int limit,
@ApiParam( @ApiParam(
name = "searchContext", name = "searchContext",
value = "List of search conditions.", value = "List of search conditions.",
required = true) required = true)
SearchContext searchContext); SearchContext searchContext);
@GET @GET
@Path("/{type}/{id}/applications") @Path("/{type}/{id}/applications")
@ -453,8 +464,8 @@ public interface DeviceManagementService {
@Permission( @Permission(
scope = "operation-view", scope = "operation-view",
permissions = { permissions = {
"/permission/admin/device-mgt/admin/devices/view", "/permission/admin/device-mgt/admin/devices/view",
"/permission/admin/device-mgt/user/devices/view" "/permission/admin/device-mgt/user/devices/view"
} }
) )
Response getInstalledApplications( Response getInstalledApplications(
@ -462,31 +473,33 @@ public interface DeviceManagementService {
name = "type", name = "type",
value = "The device type, such as ios, android or windows.", required = true) value = "The device type, such as ios, android or windows.", required = true)
@PathParam("type") @PathParam("type")
String type, @Size(max = 45)
String type,
@ApiParam( @ApiParam(
name = "id", name = "id",
value = "The device identifier of the device.", value = "The device identifier of the device.",
required = true) required = true)
@PathParam("id") @PathParam("id")
String id, @Size(max = 45)
String id,
@ApiParam( @ApiParam(
name = "If-Modified-Since", name = "If-Modified-Since",
value = "Validates if the requested variant has not been modified since the time specified", value = "Validates if the requested variant has not been modified since the time specified",
required = false) required = false)
@HeaderParam("If-Modified-Since") @HeaderParam("If-Modified-Since")
String ifModifiedSince, String ifModifiedSince,
@ApiParam( @ApiParam(
name = "offset", name = "offset",
value = "Starting point within the complete list of items qualified.", value = "Starting point within the complete list of items qualified.",
required = false) required = false)
@QueryParam("offset") @QueryParam("offset")
int offset, int offset,
@ApiParam( @ApiParam(
name = "limit", name = "limit",
value = "Maximum size of resource array to return.", value = "Maximum size of resource array to return.",
required = false) required = false)
@QueryParam("limit") @QueryParam("limit")
int limit); int limit);
@GET @GET
@ -553,8 +566,8 @@ public interface DeviceManagementService {
@Permission( @Permission(
scope = "operation-view", scope = "operation-view",
permissions = { permissions = {
"/permission/admin/device-mgt/admin/devices/view", "/permission/admin/device-mgt/admin/devices/view",
"/permission/admin/device-mgt/user/devices/view" "/permission/admin/device-mgt/user/devices/view"
} }
) )
Response getDeviceOperations( Response getDeviceOperations(
@ -563,32 +576,34 @@ public interface DeviceManagementService {
value = "The device type, such as ios, android or windows.", value = "The device type, such as ios, android or windows.",
required = true) required = true)
@PathParam("type") @PathParam("type")
String type, @Size(max = 45)
String type,
@ApiParam( @ApiParam(
name = "id", name = "id",
value = "The device identifier of the device.", value = "The device identifier of the device.",
required = true) required = true)
@PathParam("id") @PathParam("id")
String id, @Size(max = 45)
String id,
@ApiParam( @ApiParam(
name = "If-Modified-Since", name = "If-Modified-Since",
value = "Validates if the requested variant has not been modified since the time " value = "Validates if the requested variant has not been modified since the time "
+ "specified", + "specified",
required = false) required = false)
@HeaderParam("If-Modified-Since") @HeaderParam("If-Modified-Since")
String ifModifiedSince, String ifModifiedSince,
@ApiParam( @ApiParam(
name = "offset", name = "offset",
value = "Starting point within the complete list of items qualified.", value = "Starting point within the complete list of items qualified.",
required = false) required = false)
@QueryParam("offset") @QueryParam("offset")
int offset, int offset,
@ApiParam( @ApiParam(
name = "limit", name = "limit",
value = "Maximum size of resource array to return.", value = "Maximum size of resource array to return.",
required = false) required = false)
@QueryParam("limit") @QueryParam("limit")
int limit); int limit);
@GET @GET
@Path("/{type}/{id}/effective-policy") @Path("/{type}/{id}/effective-policy")
@ -658,21 +673,22 @@ public interface DeviceManagementService {
value = "The device type, such as ios, android or windows.", value = "The device type, such as ios, android or windows.",
required = true) required = true)
@PathParam("type") @PathParam("type")
String type, @Size(max = 45)
String type,
@ApiParam( @ApiParam(
name = "id", name = "id",
value = "Device Identifier", value = "Device Identifier",
required = true) required = true)
@PathParam("id") @PathParam("id")
String id, @Size(max = 45)
String id,
@ApiParam( @ApiParam(
name = "If-Modified-Since", name = "If-Modified-Since",
value = "Validates if the requested variant has not been modified since the time " value = "Validates if the requested variant has not been modified since the time "
+ "specified", + "specified",
required = false) required = false)
@HeaderParam("If-Modified-Since") @HeaderParam("If-Modified-Since")
String ifModifiedSince); String ifModifiedSince);
@GET @GET
@ -708,10 +724,13 @@ public interface DeviceManagementService {
value = "The device type, such as ios, android or windows.", value = "The device type, such as ios, android or windows.",
required = true) required = true)
@PathParam("type") @PathParam("type")
String type, @Size(max = 45)
String type,
@ApiParam( @ApiParam(
name = "id", name = "id",
value = "Device Identifier", value = "Device Identifier",
required = true) required = true)
@PathParam("id") String id); @PathParam("id")
@Size(max = 45)
String id);
} }

@ -21,12 +21,12 @@ package org.wso2.carbon.device.mgt.jaxrs.service.api;
import io.swagger.annotations.*; import io.swagger.annotations.*;
import org.wso2.carbon.apimgt.annotations.api.API; import org.wso2.carbon.apimgt.annotations.api.API;
import org.wso2.carbon.apimgt.annotations.api.Permission; import org.wso2.carbon.apimgt.annotations.api.Permission;
import org.wso2.carbon.device.mgt.common.DeviceIdentifier;
import org.wso2.carbon.device.mgt.common.notification.mgt.Notification; import org.wso2.carbon.device.mgt.common.notification.mgt.Notification;
import org.wso2.carbon.device.mgt.jaxrs.NotificationContext;
import org.wso2.carbon.device.mgt.jaxrs.NotificationList; import org.wso2.carbon.device.mgt.jaxrs.NotificationList;
import org.wso2.carbon.device.mgt.jaxrs.beans.ErrorResponse; import org.wso2.carbon.device.mgt.jaxrs.beans.ErrorResponse;
import javax.validation.constraints.Max;
import javax.validation.constraints.Size;
import javax.ws.rs.*; import javax.ws.rs.*;
import javax.ws.rs.core.MediaType; import javax.ws.rs.core.MediaType;
import javax.ws.rs.core.Response; import javax.ws.rs.core.Response;
@ -103,7 +103,7 @@ public interface NotificationManagementService {
value = "Status of the notification.", value = "Status of the notification.",
allowableValues = "NEW, CHECKED", allowableValues = "NEW, CHECKED",
required = false) required = false)
@QueryParam("status") @QueryParam("status") @Size(max = 45)
String status, String status,
@ApiParam( @ApiParam(
name = "If-Modified-Since", name = "If-Modified-Since",
@ -157,6 +157,6 @@ public interface NotificationManagementService {
name = "id", name = "id",
value = "Notification ID.", value = "Notification ID.",
required = true) required = true)
@PathParam("id") @PathParam("id") @Max(45)
int id); int id);
} }

@ -22,9 +22,10 @@ import io.swagger.annotations.*;
import org.wso2.carbon.apimgt.annotations.api.Permission; import org.wso2.carbon.apimgt.annotations.api.Permission;
import org.wso2.carbon.device.mgt.jaxrs.beans.ErrorResponse; import org.wso2.carbon.device.mgt.jaxrs.beans.ErrorResponse;
import org.wso2.carbon.device.mgt.jaxrs.beans.PolicyWrapper; import org.wso2.carbon.device.mgt.jaxrs.beans.PolicyWrapper;
import org.wso2.carbon.policy.mgt.common.Policy;
import org.wso2.carbon.device.mgt.jaxrs.beans.PriorityUpdatedPolicyWrapper; import org.wso2.carbon.device.mgt.jaxrs.beans.PriorityUpdatedPolicyWrapper;
import org.wso2.carbon.policy.mgt.common.Policy;
import javax.validation.Valid;
import javax.ws.rs.*; import javax.ws.rs.*;
import javax.ws.rs.core.MediaType; import javax.ws.rs.core.MediaType;
import javax.ws.rs.core.Response; import javax.ws.rs.core.Response;
@ -105,7 +106,7 @@ public interface PolicyManagementService {
name = "policy", name = "policy",
value = "Policy details related to the operation.", value = "Policy details related to the operation.",
required = true) required = true)
PolicyWrapper policy); @Valid PolicyWrapper policy);
@GET @GET
@ApiOperation( @ApiOperation(
@ -306,7 +307,7 @@ public interface PolicyManagementService {
name = "policy", name = "policy",
value = "Policy details related to the operation.", value = "Policy details related to the operation.",
required = true) required = true)
PolicyWrapper policy); @Valid PolicyWrapper policy);
@POST @POST
@Path("/remove-policy") @Path("/remove-policy")

@ -23,6 +23,7 @@ import org.wso2.carbon.apimgt.annotations.api.API;
import org.wso2.carbon.device.mgt.common.Device; import org.wso2.carbon.device.mgt.common.Device;
import org.wso2.carbon.device.mgt.jaxrs.beans.ErrorResponse; import org.wso2.carbon.device.mgt.jaxrs.beans.ErrorResponse;
import javax.validation.constraints.Size;
import javax.ws.rs.*; import javax.ws.rs.*;
import javax.ws.rs.core.MediaType; import javax.ws.rs.core.MediaType;
import javax.ws.rs.core.Response; import javax.ws.rs.core.Response;
@ -88,12 +89,16 @@ public interface DeviceManagementAdminService {
name = "name", name = "name",
value = "Name of the device.", value = "Name of the device.",
required = true) required = true)
@QueryParam("name") String name, @QueryParam("name")
@Size(max = 45)
String name,
@ApiParam( @ApiParam(
name = "type", name = "type",
value = "Type of the device.", value = "Type of the device.",
required = true) required = true)
@QueryParam("type") String type, @QueryParam("type")
@Size(min = 2, max = 45)
String type,
@ApiParam( @ApiParam(
name = "tenant-domain", name = "tenant-domain",
value = "Name of the tenant.", value = "Name of the tenant.",

@ -23,6 +23,7 @@ import org.wso2.carbon.apimgt.annotations.api.Permission;
import org.wso2.carbon.device.mgt.jaxrs.beans.ErrorResponse; import org.wso2.carbon.device.mgt.jaxrs.beans.ErrorResponse;
import org.wso2.carbon.device.mgt.jaxrs.beans.PasswordResetWrapper; import org.wso2.carbon.device.mgt.jaxrs.beans.PasswordResetWrapper;
import javax.validation.constraints.Size;
import javax.ws.rs.*; import javax.ws.rs.*;
import javax.ws.rs.core.MediaType; import javax.ws.rs.core.MediaType;
import javax.ws.rs.core.Response; import javax.ws.rs.core.Response;
@ -70,7 +71,9 @@ public interface UserManagementAdminService {
name = "username", name = "username",
value = "Username of the user.", value = "Username of the user.",
required = true) required = true)
@PathParam("username") String username, @PathParam("username")
@Size(max = 45)
String username,
@ApiParam( @ApiParam(
name = "credentials", name = "credentials",
value = "Credential.", value = "Credential.",

@ -29,6 +29,7 @@ import org.wso2.carbon.device.mgt.jaxrs.service.api.ActivityInfoProviderService;
import org.wso2.carbon.device.mgt.jaxrs.service.impl.util.RequestValidationUtil; import org.wso2.carbon.device.mgt.jaxrs.service.impl.util.RequestValidationUtil;
import org.wso2.carbon.device.mgt.jaxrs.util.DeviceMgtAPIUtils; import org.wso2.carbon.device.mgt.jaxrs.util.DeviceMgtAPIUtils;
import javax.validation.constraints.Size;
import javax.ws.rs.*; import javax.ws.rs.*;
import javax.ws.rs.core.MediaType; import javax.ws.rs.core.MediaType;
import javax.ws.rs.core.Response; import javax.ws.rs.core.Response;
@ -47,7 +48,8 @@ public class ActivityProviderServiceImpl implements ActivityInfoProviderService
@GET @GET
@Override @Override
@Path("/{id}") @Path("/{id}")
public Response getActivity(@PathParam("id") String id, public Response getActivity(@PathParam("id")
@Size(max = 45) String id,
@HeaderParam("If-Modified-Since") String ifModifiedSince) { @HeaderParam("If-Modified-Since") String ifModifiedSince) {
Activity activity; Activity activity;
DeviceManagementProviderService dmService; DeviceManagementProviderService dmService;

@ -26,7 +26,6 @@ import org.wso2.carbon.device.mgt.common.configuration.mgt.PlatformConfiguration
import org.wso2.carbon.device.mgt.jaxrs.beans.ErrorResponse; import org.wso2.carbon.device.mgt.jaxrs.beans.ErrorResponse;
import org.wso2.carbon.device.mgt.jaxrs.service.api.ConfigurationManagementService; import org.wso2.carbon.device.mgt.jaxrs.service.api.ConfigurationManagementService;
import org.wso2.carbon.device.mgt.jaxrs.service.impl.util.RequestValidationUtil; import org.wso2.carbon.device.mgt.jaxrs.service.impl.util.RequestValidationUtil;
import org.wso2.carbon.device.mgt.jaxrs.service.impl.util.UnexpectedServerErrorException;
import org.wso2.carbon.device.mgt.jaxrs.util.DeviceMgtAPIUtils; import org.wso2.carbon.device.mgt.jaxrs.util.DeviceMgtAPIUtils;
import org.wso2.carbon.device.mgt.jaxrs.util.MDMAppConstants; import org.wso2.carbon.device.mgt.jaxrs.util.MDMAppConstants;
import org.wso2.carbon.policy.mgt.common.PolicyManagementException; import org.wso2.carbon.policy.mgt.common.PolicyManagementException;

@ -44,6 +44,7 @@ import org.wso2.carbon.policy.mgt.common.monitor.ComplianceData;
import org.wso2.carbon.policy.mgt.common.monitor.PolicyComplianceException; import org.wso2.carbon.policy.mgt.common.monitor.PolicyComplianceException;
import org.wso2.carbon.policy.mgt.core.PolicyManagerService; import org.wso2.carbon.policy.mgt.core.PolicyManagerService;
import javax.validation.constraints.Size;
import javax.ws.rs.*; import javax.ws.rs.*;
import javax.ws.rs.core.MediaType; import javax.ws.rs.core.MediaType;
import javax.ws.rs.core.Response; import javax.ws.rs.core.Response;
@ -62,12 +63,12 @@ public class DeviceManagementServiceImpl implements DeviceManagementService {
@GET @GET
@Override @Override
public Response getDevices( public Response getDevices(
@QueryParam("name") String name, @QueryParam("name") @Size(max = 45) String name,
@QueryParam("type") String type, @QueryParam("type") @Size(max = 45) String type,
@QueryParam("user") String user, @QueryParam("user") @Size(max = 45) String user,
@QueryParam("roleName") String roleName, @QueryParam("roleName") @Size(max = 45) String roleName,
@QueryParam("ownership") String ownership, @QueryParam("ownership") @Size(max = 45) String ownership,
@QueryParam("status") String status, @QueryParam("status") @Size(max = 45) String status,
@QueryParam("since") String since, @QueryParam("since") String since,
@HeaderParam("If-Modified-Since") String ifModifiedSince, @HeaderParam("If-Modified-Since") String ifModifiedSince,
@QueryParam("offset") int offset, @QueryParam("offset") int offset,
@ -80,7 +81,7 @@ public class DeviceManagementServiceImpl implements DeviceManagementService {
PaginationResult result; PaginationResult result;
DeviceList devices = new DeviceList(); DeviceList devices = new DeviceList();
if(name != null && !name.isEmpty()){ if (name != null && !name.isEmpty()) {
request.setDeviceName(name); request.setDeviceName(name);
} }
if (type != null && !type.isEmpty()) { if (type != null && !type.isEmpty()) {
@ -180,8 +181,8 @@ public class DeviceManagementServiceImpl implements DeviceManagementService {
@Path("/{type}/{id}") @Path("/{type}/{id}")
@Override @Override
public Response getDevice( public Response getDevice(
@PathParam("type") String type, @PathParam("type") @Size(max = 45) String type,
@PathParam("id") String id, @PathParam("id") @Size(max = 45) String id,
@HeaderParam("If-Modified-Since") String ifModifiedSince) { @HeaderParam("If-Modified-Since") String ifModifiedSince) {
Device device; Device device;
try { try {
@ -207,8 +208,8 @@ public class DeviceManagementServiceImpl implements DeviceManagementService {
@Path("/{type}/{id}/features") @Path("/{type}/{id}/features")
@Override @Override
public Response getFeaturesOfDevice( public Response getFeaturesOfDevice(
@PathParam("type") String type, @PathParam("type") @Size(max = 45) String type,
@PathParam("id") String id, @PathParam("id") @Size(max = 45) String id,
@HeaderParam("If-Modified-Since") String ifModifiedSince) { @HeaderParam("If-Modified-Since") String ifModifiedSince) {
List<Feature> features; List<Feature> features;
DeviceManagementProviderService dms; DeviceManagementProviderService dms;
@ -258,8 +259,8 @@ public class DeviceManagementServiceImpl implements DeviceManagementService {
@Path("/{type}/{id}/applications") @Path("/{type}/{id}/applications")
@Override @Override
public Response getInstalledApplications( public Response getInstalledApplications(
@PathParam("type") String type, @PathParam("type") @Size(max = 45) String type,
@PathParam("id") String id, @PathParam("id") @Size(max = 45) String id,
@HeaderParam("If-Modified-Since") String ifModifiedSince, @HeaderParam("If-Modified-Since") String ifModifiedSince,
@QueryParam("offset") int offset, @QueryParam("offset") int offset,
@QueryParam("limit") int limit) { @QueryParam("limit") int limit) {
@ -287,8 +288,8 @@ public class DeviceManagementServiceImpl implements DeviceManagementService {
@Path("/{type}/{id}/operations") @Path("/{type}/{id}/operations")
@Override @Override
public Response getDeviceOperations( public Response getDeviceOperations(
@PathParam("type") String type, @PathParam("type") @Size(max = 45) String type,
@PathParam("id") String id, @PathParam("id") @Size(max = 45) String id,
@HeaderParam("If-Modified-Since") String ifModifiedSince, @HeaderParam("If-Modified-Since") String ifModifiedSince,
@QueryParam("offset") int offset, @QueryParam("offset") int offset,
@QueryParam("limit") int limit) { @QueryParam("limit") int limit) {
@ -318,8 +319,8 @@ public class DeviceManagementServiceImpl implements DeviceManagementService {
@GET @GET
@Path("/{type}/{id}/effective-policy") @Path("/{type}/{id}/effective-policy")
@Override @Override
public Response getEffectivePolicyOfDevice(@PathParam("type") String type, public Response getEffectivePolicyOfDevice(@PathParam("type") @Size(max = 45) String type,
@PathParam("id") String id, @PathParam("id") @Size(max = 45) String id,
@HeaderParam("If-Modified-Since") String ifModifiedSince) { @HeaderParam("If-Modified-Since") String ifModifiedSince) {
try { try {
RequestValidationUtil.validateDeviceIdentifier(type, id); RequestValidationUtil.validateDeviceIdentifier(type, id);
@ -339,8 +340,8 @@ public class DeviceManagementServiceImpl implements DeviceManagementService {
@GET @GET
@Path("{type}/{id}/compliance-data") @Path("{type}/{id}/compliance-data")
public Response getComplianceDataOfDevice(@PathParam("type") String type, public Response getComplianceDataOfDevice(@PathParam("type") @Size(max = 45) String type,
@PathParam("id") String id) { @PathParam("id") @Size(max = 45) String id) {
RequestValidationUtil.validateDeviceIdentifier(type, id); RequestValidationUtil.validateDeviceIdentifier(type, id);
PolicyManagerService policyManagementService = DeviceMgtAPIUtils.getPolicyManagementService(); PolicyManagerService policyManagementService = DeviceMgtAPIUtils.getPolicyManagementService();

@ -31,6 +31,8 @@ import org.wso2.carbon.device.mgt.jaxrs.service.impl.util.RequestValidationUtil;
import org.wso2.carbon.device.mgt.jaxrs.service.impl.util.UnexpectedServerErrorException; import org.wso2.carbon.device.mgt.jaxrs.service.impl.util.UnexpectedServerErrorException;
import org.wso2.carbon.device.mgt.jaxrs.util.DeviceMgtAPIUtils; import org.wso2.carbon.device.mgt.jaxrs.util.DeviceMgtAPIUtils;
import javax.validation.constraints.Max;
import javax.validation.constraints.Size;
import javax.ws.rs.*; import javax.ws.rs.*;
import javax.ws.rs.core.MediaType; import javax.ws.rs.core.MediaType;
import javax.ws.rs.core.Response; import javax.ws.rs.core.Response;
@ -46,7 +48,7 @@ public class NotificationManagementServiceImpl implements NotificationManagement
@GET @GET
@Override @Override
public Response getNotifications( public Response getNotifications(
@QueryParam("status") String status, @QueryParam("status") @Size(max = 45) String status,
@HeaderParam("If-Modified-Since") String ifModifiedSince, @HeaderParam("If-Modified-Since") String ifModifiedSince,
@QueryParam("offset") int offset, @QueryParam("limit") int limit) { @QueryParam("offset") int offset, @QueryParam("limit") int limit) {
@ -79,7 +81,7 @@ public class NotificationManagementServiceImpl implements NotificationManagement
@PUT @PUT
@Path("/{id}/mark-checked") @Path("/{id}/mark-checked")
public Response updateNotificationStatus( public Response updateNotificationStatus(
@PathParam("id") int id) { @PathParam("id") @Max(45)int id) {
String msg; String msg;
Notification.Status status = Notification.Status.CHECKED; Notification.Status status = Notification.Status.CHECKED;
Notification notification; Notification notification;

@ -41,6 +41,7 @@ import org.wso2.carbon.policy.mgt.common.PolicyAdministratorPoint;
import org.wso2.carbon.policy.mgt.common.PolicyManagementException; import org.wso2.carbon.policy.mgt.common.PolicyManagementException;
import org.wso2.carbon.policy.mgt.core.PolicyManagerService; import org.wso2.carbon.policy.mgt.core.PolicyManagerService;
import javax.validation.Valid;
import javax.ws.rs.*; import javax.ws.rs.*;
import javax.ws.rs.core.MediaType; import javax.ws.rs.core.MediaType;
import javax.ws.rs.core.Response; import javax.ws.rs.core.Response;
@ -59,7 +60,7 @@ public class PolicyManagementServiceImpl implements PolicyManagementService {
@POST @POST
@Override @Override
public Response addPolicy(PolicyWrapper policyWrapper) { public Response addPolicy(@Valid PolicyWrapper policyWrapper) {
RequestValidationUtil.validatePolicyDetails(policyWrapper); RequestValidationUtil.validatePolicyDetails(policyWrapper);
PolicyManagerService policyManagementService = DeviceMgtAPIUtils.getPolicyManagementService(); PolicyManagerService policyManagementService = DeviceMgtAPIUtils.getPolicyManagementService();
@ -111,7 +112,7 @@ public class PolicyManagementServiceImpl implements PolicyManagementService {
} }
} }
private Policy getPolicyFromWrapper(PolicyWrapper policyWrapper) throws DeviceManagementException { private Policy getPolicyFromWrapper(@Valid PolicyWrapper policyWrapper) throws DeviceManagementException {
Policy policy = new Policy(); Policy policy = new Policy();
policy.setPolicyName(policyWrapper.getPolicyName()); policy.setPolicyName(policyWrapper.getPolicyName());
policy.setDescription(policyWrapper.getDescription()); policy.setDescription(policyWrapper.getDescription());
@ -187,7 +188,7 @@ public class PolicyManagementServiceImpl implements PolicyManagementService {
@PUT @PUT
@Path("/{id}") @Path("/{id}")
@Override @Override
public Response updatePolicy(@PathParam("id") int id, PolicyWrapper policyWrapper) { public Response updatePolicy(@PathParam("id") int id, @Valid PolicyWrapper policyWrapper) {
RequestValidationUtil.validatePolicyDetails(policyWrapper); RequestValidationUtil.validatePolicyDetails(policyWrapper);
PolicyManagerService policyManagementService = DeviceMgtAPIUtils.getPolicyManagementService(); PolicyManagerService policyManagementService = DeviceMgtAPIUtils.getPolicyManagementService();
try { try {

@ -31,6 +31,7 @@ import org.wso2.carbon.device.mgt.jaxrs.service.api.admin.DeviceManagementAdminS
import org.wso2.carbon.device.mgt.jaxrs.service.impl.util.RequestValidationUtil; import org.wso2.carbon.device.mgt.jaxrs.service.impl.util.RequestValidationUtil;
import org.wso2.carbon.device.mgt.jaxrs.util.DeviceMgtAPIUtils; import org.wso2.carbon.device.mgt.jaxrs.util.DeviceMgtAPIUtils;
import javax.validation.constraints.Size;
import javax.ws.rs.*; import javax.ws.rs.*;
import javax.ws.rs.core.MediaType; import javax.ws.rs.core.MediaType;
import javax.ws.rs.core.Response; import javax.ws.rs.core.Response;
@ -45,8 +46,8 @@ public class DeviceManagementAdminServiceImpl implements DeviceManagementAdminSe
@Override @Override
@GET @GET
public Response getDevicesByName(@QueryParam("name") String name, public Response getDevicesByName(@QueryParam("name") @Size(max = 45) String name,
@QueryParam("type") String type, @QueryParam("type") @Size(min = 2, max = 45) String type,
@QueryParam("tenant-domain") String tenantDomain, @QueryParam("tenant-domain") String tenantDomain,
@HeaderParam("If-Modified-Since") String ifModifiedSince, @HeaderParam("If-Modified-Since") String ifModifiedSince,
@QueryParam("offset") int offset, @QueryParam("offset") int offset,

@ -22,6 +22,7 @@ import org.wso2.carbon.device.mgt.jaxrs.beans.PasswordResetWrapper;
import org.wso2.carbon.device.mgt.jaxrs.service.api.admin.UserManagementAdminService; import org.wso2.carbon.device.mgt.jaxrs.service.api.admin.UserManagementAdminService;
import org.wso2.carbon.device.mgt.jaxrs.util.CredentialManagementResponseBuilder; import org.wso2.carbon.device.mgt.jaxrs.util.CredentialManagementResponseBuilder;
import javax.validation.constraints.Size;
import javax.ws.rs.*; import javax.ws.rs.*;
import javax.ws.rs.core.MediaType; import javax.ws.rs.core.MediaType;
import javax.ws.rs.core.Response; import javax.ws.rs.core.Response;
@ -34,7 +35,9 @@ public class UserManagementAdminServiceImpl implements UserManagementAdminServic
@POST @POST
@Path("/{username}/credentials") @Path("/{username}/credentials")
@Override @Override
public Response resetUserPassword(@PathParam("username") String user, PasswordResetWrapper credentials) { public Response resetUserPassword(@PathParam("username")
@Size(max = 45)
String user, PasswordResetWrapper credentials) {
return CredentialManagementResponseBuilder.buildResetPasswordResponse(user, credentials); return CredentialManagementResponseBuilder.buildResetPasswordResponse(user, credentials);
} }

@ -19,10 +19,10 @@
package org.wso2.carbon.device.mgt.jaxrs.service.impl.util; package org.wso2.carbon.device.mgt.jaxrs.service.impl.util;
import org.wso2.carbon.device.mgt.common.DeviceIdentifier; import org.wso2.carbon.device.mgt.common.DeviceIdentifier;
import org.wso2.carbon.device.mgt.common.PaginationRequest;
import org.wso2.carbon.device.mgt.common.configuration.mgt.PlatformConfiguration; import org.wso2.carbon.device.mgt.common.configuration.mgt.PlatformConfiguration;
import org.wso2.carbon.device.mgt.common.notification.mgt.Notification; import org.wso2.carbon.device.mgt.common.notification.mgt.Notification;
import org.wso2.carbon.device.mgt.jaxrs.beans.*; import org.wso2.carbon.device.mgt.jaxrs.beans.*;
import java.util.ArrayList; import java.util.ArrayList;
import java.util.List; import java.util.List;
@ -317,13 +317,19 @@ public class RequestValidationUtil {
if (offset < 0) { if (offset < 0) {
throw new InputValidationException( throw new InputValidationException(
new ErrorResponse.ErrorResponseBuilder().setCode(400l).setMessage("Request parameter offset is s " + new ErrorResponse.ErrorResponseBuilder().setCode(400l).setMessage("Request parameter offset is s " +
"negative value.").build()); "negative value.").build());
} }
if (limit < 0) { if (limit < 0) {
throw new InputValidationException( throw new InputValidationException(
new ErrorResponse.ErrorResponseBuilder().setCode(400l).setMessage("Request parameter limit is a " + new ErrorResponse.ErrorResponseBuilder().setCode(400l).setMessage("Request parameter limit is a " +
"negative value.").build()); "negative value.").build());
}
if (limit - offset > 100) {
throw new InputValidationException(
new ErrorResponse.ErrorResponseBuilder().setCode(400l).setMessage("Request results list should" +
" be less than or equal 100 values.").build());
} }
} }
} }

@ -27,4 +27,18 @@ public class Constants {
public static final String USER_CLAIM_FIRST_NAME = "http://wso2.org/claims/givenname"; public static final String USER_CLAIM_FIRST_NAME = "http://wso2.org/claims/givenname";
public static final String USER_CLAIM_LAST_NAME = "http://wso2.org/claims/lastname"; public static final String USER_CLAIM_LAST_NAME = "http://wso2.org/claims/lastname";
public final class ErrorMessages {
private ErrorMessages () { throw new AssertionError(); }
public static final String STATUS_BAD_REQUEST_MESSAGE_DEFAULT = "Bad Request";
}
public final class DeviceConstants {
private DeviceConstants () { throw new AssertionError(); }
public static final String APPLICATION_JSON = "application/json";
public static final String HEADER_CONTENT_TYPE = "Content-Type";
}
} }

@ -18,11 +18,16 @@
package org.wso2.carbon.device.mgt.jaxrs.util; package org.wso2.carbon.device.mgt.jaxrs.util;
import org.wso2.carbon.device.mgt.jaxrs.beans.ErrorListItem;
import org.wso2.carbon.device.mgt.jaxrs.beans.ErrorResponse;
import org.wso2.carbon.device.mgt.jaxrs.beans.ProfileFeature; import org.wso2.carbon.device.mgt.jaxrs.beans.ProfileFeature;
import org.wso2.carbon.device.mgt.jaxrs.exception.BadRequestException;
import org.wso2.carbon.policy.mgt.common.Profile; import org.wso2.carbon.policy.mgt.common.Profile;
import javax.validation.ConstraintViolation;
import java.util.ArrayList; import java.util.ArrayList;
import java.util.List; import java.util.List;
import java.util.Set;
public class DeviceMgtUtil { public class DeviceMgtUtil {
@ -58,4 +63,49 @@ public class DeviceMgtUtil {
return profileFeature; return profileFeature;
} }
/**
* Returns a new BadRequestException
*
* @param description description of the exception
* @return a new BadRequestException with the specified details as a response DTO
*/
public static BadRequestException buildBadRequestException(String description) {
ErrorResponse errorResponse = getErrorResponse(Constants.
ErrorMessages.STATUS_BAD_REQUEST_MESSAGE_DEFAULT,400l, description);
return new BadRequestException(errorResponse);
}
/**
* Returns generic ErrorResponse.
* @param message specific error message
* @param code
* @param description
* @return generic Response with error specific details.
*/
public static ErrorResponse getErrorResponse(String message, Long code, String description) {
ErrorResponse errorResponse = new ErrorResponse();
errorResponse.setCode(code);
errorResponse.setMoreInfo("");
errorResponse.setMessage(message);
errorResponse.setDescription(description);
return errorResponse;
}
public static <T> ErrorResponse getConstraintViolationErrorDTO(Set<ConstraintViolation<T>> violations) {
ErrorResponse errorResponse = new ErrorResponse();
errorResponse.setDescription("Validation Error");
errorResponse.setMessage("Bad Request");
errorResponse.setCode(400l);
errorResponse.setMoreInfo("");
List<ErrorListItem> errorListItems = new ArrayList<>();
for (ConstraintViolation violation : violations) {
ErrorListItem errorListItemDTO = new ErrorListItem();
errorListItemDTO.setCode(400 + "_" + violation.getPropertyPath());
errorListItemDTO.setMessage(violation.getPropertyPath() + ": " + violation.getMessage());
errorListItems.add(errorListItemDTO);
}
errorResponse.setErrorItems(errorListItems);
return errorResponse;
}
} }

@ -17,12 +17,11 @@
~ under the License. ~ under the License.
--> -->
<beans xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" <beans xmlns="http://www.springframework.org/schema/beans"
xmlns:jaxrs="http://cxf.apache.org/jaxrs" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
xmlns="http://www.springframework.org/schema/beans" xmlns:jaxrs="http://cxf.apache.org/jaxrs" xmlns:cxf="http://cxf.apache.org/core"
xsi:schemaLocation=" xsi:schemaLocation="http://www.springframework.org/schema/beans http://www.springframework.org/schema/beans/spring-beans-2.0.xsd
http://www.springframework.org/schema/beans http://www.springframework.org/schema/beans/spring-beans-2.0.xsd http://cxf.apache.org/jaxrs http://cxf.apache.org/schemas/jaxrs.xsd http://cxf.apache.org/core http://cxf.apache.org/schemas/core.xsd">
http://cxf.apache.org/jaxrs http://cxf.apache.org/schemas/jaxrs.xsd">
<jaxrs:server id="services" address="/"> <jaxrs:server id="services" address="/">
<jaxrs:serviceBeans> <jaxrs:serviceBeans>
@ -51,6 +50,8 @@
<bean id="swaggerWriter" class="io.swagger.jaxrs.listing.SwaggerSerializers" /> <bean id="swaggerWriter" class="io.swagger.jaxrs.listing.SwaggerSerializers" />
<bean id="swaggerResource" class="io.swagger.jaxrs.listing.ApiListingResource" /> <bean id="swaggerResource" class="io.swagger.jaxrs.listing.ApiListingResource" />
<bean id="ValidationInterceptor" class="org.wso2.carbon.device.mgt.jaxrs.exception.ValidationInterceptor"/>
<bean id="GlobalExceptionMapper" class="org.wso2.carbon.device.mgt.jaxrs.exception.GlobalThrowableMapper"/>
<bean id="swaggerConfig" class="io.swagger.jaxrs.config.BeanConfig"> <bean id="swaggerConfig" class="io.swagger.jaxrs.config.BeanConfig">
<property name="resourcePackage" value="org.wso2.carbon.device.mgt.jaxrs"/> <property name="resourcePackage" value="org.wso2.carbon.device.mgt.jaxrs"/>
@ -80,6 +81,12 @@
<bean id="dashboardServiceBean" class="org.wso2.carbon.device.mgt.jaxrs.service.impl.DashboardImpl"/> <bean id="dashboardServiceBean" class="org.wso2.carbon.device.mgt.jaxrs.service.impl.DashboardImpl"/>
<bean id="deviceTypeManagementAdminService" class="org.wso2.carbon.device.mgt.jaxrs.service.impl.admin.DeviceTypeManagementServiceImpl"/> <bean id="deviceTypeManagementAdminService" class="org.wso2.carbon.device.mgt.jaxrs.service.impl.admin.DeviceTypeManagementServiceImpl"/>
<bean id="jsonProvider" class="org.wso2.carbon.device.mgt.jaxrs.common.GsonMessageBodyHandler"/> <bean id="jsonProvider" class="org.wso2.carbon.device.mgt.jaxrs.common.GsonMessageBodyHandler"/>
<!--<bean id="errorHandler" class="org.wso2.carbon.device.mgt.jaxrs.common.ErrorHandler"/>--> <!--<bean id="errorHandler" class="org.wso2.carbon.device.mgt.jaxrs.common.ErrorHandler"/>-->
<cxf:bus>
<cxf:inInterceptors>
<ref bean="ValidationInterceptor"/>
</cxf:inInterceptors>
</cxf:bus>
</beans> </beans>

@ -63,7 +63,7 @@ public class DeviceAccessAuthorizationServiceImpl implements DeviceAccessAuthori
throws DeviceAccessAuthorizationException { throws DeviceAccessAuthorizationException {
int tenantId = this.getTenantId(); int tenantId = this.getTenantId();
if (username == null || username.isEmpty()) { if (username == null || username.isEmpty()) {
return false; return !DeviceManagementDataHolder.getInstance().requireDeviceAuthorization(deviceIdentifier.getType());
} }
//check for admin and ownership permissions //check for admin and ownership permissions
if (isAdminOrDeviceOwner(username, tenantId, deviceIdentifier)) { if (isAdminOrDeviceOwner(username, tenantId, deviceIdentifier)) {

@ -1080,10 +1080,6 @@
<groupId>asm</groupId> <groupId>asm</groupId>
<artifactId>asm</artifactId> <artifactId>asm</artifactId>
</exclusion> </exclusion>
<exclusion>
<groupId>org.apache.cxf</groupId>
<artifactId>cxf-api</artifactId>
</exclusion>
<exclusion> <exclusion>
<groupId>org.apache.cxf</groupId> <groupId>org.apache.cxf</groupId>
<artifactId>cxf-rt-core</artifactId> <artifactId>cxf-rt-core</artifactId>
@ -1111,10 +1107,6 @@
<groupId>javax.ws.rs</groupId> <groupId>javax.ws.rs</groupId>
<artifactId>jsr311-api</artifactId> <artifactId>jsr311-api</artifactId>
</exclusion> </exclusion>
<exclusion>
<groupId>org.apache.cxf</groupId>
<artifactId>cxf-api</artifactId>
</exclusion>
<exclusion> <exclusion>
<groupId>org.apache.cxf</groupId> <groupId>org.apache.cxf</groupId>
<artifactId>cxf-rt-core</artifactId> <artifactId>cxf-rt-core</artifactId>
@ -1140,12 +1132,6 @@
<groupId>org.apache.cxf</groupId> <groupId>org.apache.cxf</groupId>
<artifactId>cxf-rt-transports-http</artifactId> <artifactId>cxf-rt-transports-http</artifactId>
<version>${cxf.version}</version> <version>${cxf.version}</version>
<exclusions>
<exclusion>
<groupId>org.apache.cxf</groupId>
<artifactId>cxf-api</artifactId>
</exclusion>
</exclusions>
</dependency> </dependency>
<dependency> <dependency>
<groupId>org.apache.cxf</groupId> <groupId>org.apache.cxf</groupId>
@ -1521,6 +1507,11 @@
<artifactId>encoder</artifactId> <artifactId>encoder</artifactId>
<version>${owasp.encoder.version}</version> <version>${owasp.encoder.version}</version>
</dependency> </dependency>
<dependency>
<groupId>org.hibernate</groupId>
<artifactId>hibernate-validator</artifactId>
<version>${hibernate-validator.version}</version>
</dependency>
</dependencies> </dependencies>
</dependencyManagement> </dependencyManagement>
@ -1891,6 +1882,8 @@
<identity.jwt.extension.version>1.0.2</identity.jwt.extension.version> <identity.jwt.extension.version>1.0.2</identity.jwt.extension.version>
<jackson-annotations.version>2.7.4</jackson-annotations.version> <jackson-annotations.version>2.7.4</jackson-annotations.version>
<owasp.encoder.version>1.2.0.wso2v1</owasp.encoder.version> <owasp.encoder.version>1.2.0.wso2v1</owasp.encoder.version>
<hibernate-validator.version>5.0.2.Final</hibernate-validator.version>
</properties> </properties>
</project> </project>

Loading…
Cancel
Save