diff --git a/components/apimgt-extensions/org.wso2.carbon.apimgt.application.extension.api/pom.xml b/components/apimgt-extensions/org.wso2.carbon.apimgt.application.extension.api/pom.xml
index a48a6ef2e89..2ec55c44aa3 100644
--- a/components/apimgt-extensions/org.wso2.carbon.apimgt.application.extension.api/pom.xml
+++ b/components/apimgt-extensions/org.wso2.carbon.apimgt.application.extension.api/pom.xml
@@ -173,6 +173,11 @@
org.wso2.carbon.device.mgt.common
provided
+
+ org.wso2.carbon
+ org.wso2.carbon.registry.core
+ provided
+
diff --git a/components/apimgt-extensions/org.wso2.carbon.apimgt.application.extension.api/src/main/java/org/wso2/carbon/apimgt/application/extension/api/filter/ApiPermissionFilter.java b/components/apimgt-extensions/org.wso2.carbon.apimgt.application.extension.api/src/main/java/org/wso2/carbon/apimgt/application/extension/api/filter/ApiPermissionFilter.java
index 9c1dfac4bdd..5f05dfb3373 100644
--- a/components/apimgt-extensions/org.wso2.carbon.apimgt.application.extension.api/src/main/java/org/wso2/carbon/apimgt/application/extension/api/filter/ApiPermissionFilter.java
+++ b/components/apimgt-extensions/org.wso2.carbon.apimgt.application.extension.api/src/main/java/org/wso2/carbon/apimgt/application/extension/api/filter/ApiPermissionFilter.java
@@ -56,6 +56,9 @@ public class ApiPermissionFilter implements Filter {
PermissionConfiguration permissionConfiguration = (PermissionConfiguration)
unmarshaller.unmarshal(permissionStream);
permissions = permissionConfiguration.getPermissions();
+ for (Permission permission : permissions) {
+ APIUtil.putPermission(PERMISSION_PREFIX + permission.getPath());
+ }
} catch (JAXBException e) {
log.error("invalid permissions.xml", e);
}
diff --git a/components/apimgt-extensions/org.wso2.carbon.apimgt.application.extension.api/src/main/java/org/wso2/carbon/apimgt/application/extension/api/util/APIUtil.java b/components/apimgt-extensions/org.wso2.carbon.apimgt.application.extension.api/src/main/java/org/wso2/carbon/apimgt/application/extension/api/util/APIUtil.java
index a3830019a5a..cdce160c54d 100644
--- a/components/apimgt-extensions/org.wso2.carbon.apimgt.application.extension.api/src/main/java/org/wso2/carbon/apimgt/application/extension/api/util/APIUtil.java
+++ b/components/apimgt-extensions/org.wso2.carbon.apimgt.application.extension.api/src/main/java/org/wso2/carbon/apimgt/application/extension/api/util/APIUtil.java
@@ -21,12 +21,18 @@ package org.wso2.carbon.apimgt.application.extension.api.util;
import org.apache.commons.logging.Log;
import org.apache.commons.logging.LogFactory;
import org.wso2.carbon.apimgt.application.extension.APIManagementProviderService;
+import org.wso2.carbon.base.MultitenantConstants;
import org.wso2.carbon.context.PrivilegedCarbonContext;
import org.wso2.carbon.device.mgt.common.DeviceManagementException;
import org.wso2.carbon.device.mgt.core.service.DeviceManagementProviderService;
+import org.wso2.carbon.registry.api.Resource;
+import org.wso2.carbon.registry.core.Registry;
+import org.wso2.carbon.registry.core.exceptions.RegistryException;
+import org.wso2.carbon.registry.core.service.RegistryService;
import org.wso2.carbon.user.core.service.RealmService;
import java.util.List;
+import java.util.StringTokenizer;
/**
* This class provides utility functions used by REST-API.
@@ -35,6 +41,8 @@ public class APIUtil {
private static Log log = LogFactory.getLog(APIUtil.class);
private static final String DEFAULT_CDMF_API_TAG = "device_management";
+ private static final String DEFAULT_CERT_API_TAG = "scep_management";
+ public static final String PERMISSION_PROPERTY_NAME = "name";
public static String getAuthenticatedUser() {
PrivilegedCarbonContext threadLocalCarbonContext = PrivilegedCarbonContext.getThreadLocalCarbonContext();
@@ -48,8 +56,7 @@ public class APIUtil {
public static String getTenantDomainOftheUser() {
PrivilegedCarbonContext threadLocalCarbonContext = PrivilegedCarbonContext.getThreadLocalCarbonContext();
- String tenantDomain = threadLocalCarbonContext.getTenantDomain();
- return tenantDomain;
+ return threadLocalCarbonContext.getTenantDomain();
}
public static APIManagementProviderService getAPIManagementProviderService() {
@@ -92,6 +99,55 @@ public class APIUtil {
//Todo get allowed cdmf service tags from config.
List allowedApisTags = getDeviceManagementProviderService().getAvailableDeviceTypes();
allowedApisTags.add(DEFAULT_CDMF_API_TAG);
+ allowedApisTags.add(DEFAULT_CERT_API_TAG);
return allowedApisTags;
}
+
+ public static void putPermission(String permission) {
+ try {
+ StringTokenizer tokenizer = new StringTokenizer(permission, "/");
+ String lastToken = "", currentToken, tempPath;
+ while (tokenizer.hasMoreTokens()) {
+ currentToken = tokenizer.nextToken();
+ tempPath = lastToken + "/" + currentToken;
+ if (!checkResourceExists(tempPath)) {
+ createRegistryCollection(tempPath, currentToken);
+
+ }
+ lastToken = tempPath;
+ }
+ } catch (org.wso2.carbon.registry.api.RegistryException e) {
+ log.error("Failed to creation permission in registry" + permission, e);
+ }
+ }
+
+ public static void createRegistryCollection(String path, String resourceName)
+ throws org.wso2.carbon.registry.api.RegistryException {
+ Resource resource = getGovernanceRegistry().newCollection();
+ resource.addProperty(PERMISSION_PROPERTY_NAME, resourceName);
+ getGovernanceRegistry().beginTransaction();
+ getGovernanceRegistry().put(path, resource);
+ getGovernanceRegistry().commitTransaction();
+ }
+
+ public static boolean checkResourceExists(String path)
+ throws RegistryException {
+ return getGovernanceRegistry().resourceExists(path);
+ }
+
+ public static Registry getGovernanceRegistry() throws RegistryException {
+ return getRegistryService().getGovernanceSystemRegistry(MultitenantConstants.SUPER_TENANT_ID);
+ }
+
+ public static RegistryService getRegistryService() {
+ PrivilegedCarbonContext ctx = PrivilegedCarbonContext.getThreadLocalCarbonContext();
+ RegistryService registryService =
+ (RegistryService) ctx.getOSGiService(RegistryService.class, null);
+ if (registryService == null) {
+ String msg = "registry service has not initialized.";
+ log.error(msg);
+ throw new IllegalStateException(msg);
+ }
+ return registryService;
+ }
}
diff --git a/components/apimgt-extensions/org.wso2.carbon.apimgt.application.extension.api/src/main/webapp/META-INF/permissions.xml b/components/apimgt-extensions/org.wso2.carbon.apimgt.application.extension.api/src/main/webapp/META-INF/permissions.xml
index 0124990741f..591725fa120 100644
--- a/components/apimgt-extensions/org.wso2.carbon.apimgt.application.extension.api/src/main/webapp/META-INF/permissions.xml
+++ b/components/apimgt-extensions/org.wso2.carbon.apimgt.application.extension.api/src/main/webapp/META-INF/permissions.xml
@@ -37,14 +37,14 @@
Register application
- /device-mgt/user/api/application
+ /device-mgt/api/application
/register
POST
application_user
Delete application
- /device-mgt/user/api/application
+ /device-mgt/api/application
/unregister
DELETE
application_user
diff --git a/components/certificate-mgt/org.wso2.carbon.certificate.mgt.cert.admin.api/src/main/java/org/wso2/carbon/certificate/mgt/cert/jaxrs/api/CertificateManagementAdminService.java b/components/certificate-mgt/org.wso2.carbon.certificate.mgt.cert.admin.api/src/main/java/org/wso2/carbon/certificate/mgt/cert/jaxrs/api/CertificateManagementAdminService.java
index 14d06f00f04..f4a4c52c366 100644
--- a/components/certificate-mgt/org.wso2.carbon.certificate.mgt.cert.admin.api/src/main/java/org/wso2/carbon/certificate/mgt/cert/jaxrs/api/CertificateManagementAdminService.java
+++ b/components/certificate-mgt/org.wso2.carbon.certificate.mgt.cert.admin.api/src/main/java/org/wso2/carbon/certificate/mgt/cert/jaxrs/api/CertificateManagementAdminService.java
@@ -64,6 +64,12 @@ import javax.ws.rs.core.Response;
description = "Deleting an SSL Certificate",
key = "perm:admin:certificates:delete",
permissions = {"/device-mgt/admin/certificates/delete"}
+ ),
+ @Scope(
+ name = "Verify SSL certificate",
+ description = "Verify SSL certificate",
+ key = "perm:admin:certificates:verify",
+ permissions = {"/device-mgt/admin/certificates/verify"}
)
}
)
@@ -428,7 +434,12 @@ public interface CertificateManagementAdminService {
httpMethod = "POST",
value = "Verify Android SSL certificate",
notes = "Verify Android Certificate for the API security filter.\n",
- tags = "Certificate Management")
+ tags = "Certificate Management",
+ extensions = {
+ @Extension(properties = {
+ @ExtensionProperty(name = SCOPE, value = "perm:admin:certificates:add")
+ })
+ })
@ApiResponses(
value = {
@ApiResponse(
diff --git a/components/device-mgt/org.wso2.carbon.device.mgt.api/src/main/java/org/wso2/carbon/device/mgt/jaxrs/service/api/DeviceManagementService.java b/components/device-mgt/org.wso2.carbon.device.mgt.api/src/main/java/org/wso2/carbon/device/mgt/jaxrs/service/api/DeviceManagementService.java
index 621ec26d737..ca9be507a6e 100644
--- a/components/device-mgt/org.wso2.carbon.device.mgt.api/src/main/java/org/wso2/carbon/device/mgt/jaxrs/service/api/DeviceManagementService.java
+++ b/components/device-mgt/org.wso2.carbon.device.mgt.api/src/main/java/org/wso2/carbon/device/mgt/jaxrs/service/api/DeviceManagementService.java
@@ -29,7 +29,6 @@ import io.swagger.annotations.ApiParam;
import io.swagger.annotations.ApiResponse;
import io.swagger.annotations.ApiResponses;
import io.swagger.annotations.ResponseHeader;
-import org.json.JSONObject;
import org.wso2.carbon.apimgt.annotations.api.Scope;
import org.wso2.carbon.apimgt.annotations.api.Scopes;
import org.wso2.carbon.device.mgt.common.Device;
diff --git a/components/device-mgt/org.wso2.carbon.device.mgt.api/src/main/java/org/wso2/carbon/device/mgt/jaxrs/service/api/admin/DeviceAccessAuthorizationAdminService.java b/components/device-mgt/org.wso2.carbon.device.mgt.api/src/main/java/org/wso2/carbon/device/mgt/jaxrs/service/api/admin/DeviceAccessAuthorizationAdminService.java
index bea9ebedd5d..8a46b9b194f 100644
--- a/components/device-mgt/org.wso2.carbon.device.mgt.api/src/main/java/org/wso2/carbon/device/mgt/jaxrs/service/api/admin/DeviceAccessAuthorizationAdminService.java
+++ b/components/device-mgt/org.wso2.carbon.device.mgt.api/src/main/java/org/wso2/carbon/device/mgt/jaxrs/service/api/admin/DeviceAccessAuthorizationAdminService.java
@@ -22,9 +22,17 @@ import io.swagger.annotations.Api;
import io.swagger.annotations.ApiOperation;
import io.swagger.annotations.ApiResponse;
import io.swagger.annotations.ApiResponses;
+import io.swagger.annotations.Extension;
+import io.swagger.annotations.ExtensionProperty;
+import io.swagger.annotations.Info;
+import io.swagger.annotations.SwaggerDefinition;
+import io.swagger.annotations.Tag;
+import org.wso2.carbon.apimgt.annotations.api.Scope;
+import org.wso2.carbon.apimgt.annotations.api.Scopes;
import org.wso2.carbon.device.mgt.common.authorization.DeviceAuthorizationResult;
import org.wso2.carbon.device.mgt.jaxrs.beans.AuthorizationRequest;
import org.wso2.carbon.device.mgt.jaxrs.beans.ErrorResponse;
+import org.wso2.carbon.device.mgt.jaxrs.util.Constants;
import javax.ws.rs.Consumes;
import javax.ws.rs.POST;
@@ -37,6 +45,32 @@ import javax.ws.rs.core.Response;
@Api(value = "Device Authorization Administrative Service", description = "This an API intended to be used by " +
"'internal' components to log in as an admin user and validate whether the user/device are trusted entity." +
"Further, this is strictly restricted to admin users only ")
+
+@SwaggerDefinition(
+ info = @Info(
+ version = "1.0.0",
+ title = "",
+ extensions = {
+ @Extension(properties = {
+ @ExtensionProperty(name = "name", value = "DeviceAccessAuthorizationAdminService"),
+ @ExtensionProperty(name = "context", value = "/api/device-mgt/v1.0/admin/authorization"),
+ })
+ }
+ ),
+ tags = {
+ @Tag(name = "device_management", description = "")
+ }
+)
+@Scopes(
+ scopes = {
+ @Scope(
+ name = "Verify device authorization",
+ description = "Verify device authorization",
+ key = "perm:authorization:verify",
+ permissions = {"/device-mgt/authorization/verify"}
+ )
+ }
+)
@Produces(MediaType.APPLICATION_JSON)
@Consumes(MediaType.APPLICATION_JSON)
/**
@@ -52,7 +86,13 @@ public interface DeviceAccessAuthorizationAdminService {
value = "Check for device access authorization\n",
notes = "This is an internal API that can be used to check for authorization.",
response = DeviceAuthorizationResult.class,
- tags = "Authorization Administrative Service")
+ tags = "Authorization Administrative Service",
+ extensions = {
+ @Extension(properties = {
+ @ExtensionProperty(name = Constants.SCOPE, value = "perm:authorization:verify")
+ })
+ })
+
@ApiResponses(value = {
@ApiResponse(
code = 200,
diff --git a/components/device-mgt/org.wso2.carbon.device.mgt.ui/src/main/resources/jaggeryapps/devicemgt/app/conf/config.json b/components/device-mgt/org.wso2.carbon.device.mgt.ui/src/main/resources/jaggeryapps/devicemgt/app/conf/config.json
index 83671e61bef..b242743a43d 100644
--- a/components/device-mgt/org.wso2.carbon.device.mgt.ui/src/main/resources/jaggeryapps/devicemgt/app/conf/config.json
+++ b/components/device-mgt/org.wso2.carbon.device.mgt.ui/src/main/resources/jaggeryapps/devicemgt/app/conf/config.json
@@ -1,7 +1,7 @@
{
"appContext": "/devicemgt/",
- "httpsURL" : "https://localhost:8243",
- "httpURL" : "http://localhost:8280",
+ "httpsURL" : "https://%server.ip%:8243",
+ "httpURL" : "http://%server.ip%:8280",
"wssURL" : "https://localhost:9445",
"wsURL" : "%http.ip%",
"portalURL": "https://%server.ip%:9445",
diff --git a/components/webapp-authenticator-framework/org.wso2.carbon.webapp.authenticator.framework/src/main/java/org/wso2/carbon/webapp/authenticator/framework/Utils/Utils.java b/components/webapp-authenticator-framework/org.wso2.carbon.webapp.authenticator.framework/src/main/java/org/wso2/carbon/webapp/authenticator/framework/Utils/Utils.java
index ac0130a39f1..b139fa9e896 100644
--- a/components/webapp-authenticator-framework/org.wso2.carbon.webapp.authenticator.framework/src/main/java/org/wso2/carbon/webapp/authenticator/framework/Utils/Utils.java
+++ b/components/webapp-authenticator-framework/org.wso2.carbon.webapp.authenticator.framework/src/main/java/org/wso2/carbon/webapp/authenticator/framework/Utils/Utils.java
@@ -35,6 +35,8 @@ import org.wso2.carbon.utils.multitenancy.MultitenantUtils;
import org.wso2.carbon.webapp.authenticator.framework.AuthenticationException;
import java.util.Properties;
+import java.util.regex.Matcher;
+import java.util.regex.Pattern;
public class Utils {
@@ -86,4 +88,18 @@ public class Utils {
}
}
+ public static String replaceSystemProperty(String urlWithPlaceholders) {
+ String regex = "\\$\\{(.*?)\\}";
+ Pattern pattern = Pattern.compile(regex);
+ Matcher matchPattern = pattern.matcher(urlWithPlaceholders);
+ while (matchPattern.find()) {
+ String sysPropertyName = matchPattern.group(1);
+ String sysPropertyValue = System.getProperty(sysPropertyName);
+ if (sysPropertyValue != null && !sysPropertyName.isEmpty()) {
+ urlWithPlaceholders = urlWithPlaceholders.replaceAll("\\$\\{(" + sysPropertyName + ")\\}", sysPropertyValue);
+ }
+ }
+ return urlWithPlaceholders;
+ }
+
}
diff --git a/components/webapp-authenticator-framework/org.wso2.carbon.webapp.authenticator.framework/src/main/java/org/wso2/carbon/webapp/authenticator/framework/authenticator/BSTAuthenticator.java b/components/webapp-authenticator-framework/org.wso2.carbon.webapp.authenticator.framework/src/main/java/org/wso2/carbon/webapp/authenticator/framework/authenticator/BSTAuthenticator.java
index 51e92a139bc..ceb78d8a344 100644
--- a/components/webapp-authenticator-framework/org.wso2.carbon.webapp.authenticator.framework/src/main/java/org/wso2/carbon/webapp/authenticator/framework/authenticator/BSTAuthenticator.java
+++ b/components/webapp-authenticator-framework/org.wso2.carbon.webapp.authenticator.framework/src/main/java/org/wso2/carbon/webapp/authenticator/framework/authenticator/BSTAuthenticator.java
@@ -66,7 +66,7 @@ public class BSTAuthenticator implements WebappAuthenticator {
"are not provided");
}
- String url = this.properties.getProperty("TokenValidationEndpointUrl");
+ String url = Utils.replaceSystemProperty(this.properties.getProperty("TokenValidationEndpointUrl"));
if ((url == null) || (url.isEmpty())) {
throw new IllegalArgumentException("OAuth token validation endpoint url is not provided");
}
diff --git a/components/webapp-authenticator-framework/org.wso2.carbon.webapp.authenticator.framework/src/main/java/org/wso2/carbon/webapp/authenticator/framework/authenticator/OAuthAuthenticator.java b/components/webapp-authenticator-framework/org.wso2.carbon.webapp.authenticator.framework/src/main/java/org/wso2/carbon/webapp/authenticator/framework/authenticator/OAuthAuthenticator.java
index 797a4f5afd0..0033e54dd86 100644
--- a/components/webapp-authenticator-framework/org.wso2.carbon.webapp.authenticator.framework/src/main/java/org/wso2/carbon/webapp/authenticator/framework/authenticator/OAuthAuthenticator.java
+++ b/components/webapp-authenticator-framework/org.wso2.carbon.webapp.authenticator.framework/src/main/java/org/wso2/carbon/webapp/authenticator/framework/authenticator/OAuthAuthenticator.java
@@ -55,7 +55,7 @@ public class OAuthAuthenticator implements WebappAuthenticator {
"are not provided");
}
- String url = this.properties.getProperty("TokenValidationEndpointUrl");
+ String url = Utils.replaceSystemProperty(this.properties.getProperty("TokenValidationEndpointUrl"));
if ((url == null) || (url.isEmpty())) {
throw new IllegalArgumentException("OAuth token validation endpoint url is not provided");
}
diff --git a/features/apimgt-extensions/org.wso2.carbon.apimgt.webapp.publisher.feature/src/main/resources/conf/webapp-publisher-config.xml b/features/apimgt-extensions/org.wso2.carbon.apimgt.webapp.publisher.feature/src/main/resources/conf/webapp-publisher-config.xml
index 214e5aa38d7..067a6af7f8e 100644
--- a/features/apimgt-extensions/org.wso2.carbon.apimgt.webapp.publisher.feature/src/main/resources/conf/webapp-publisher-config.xml
+++ b/features/apimgt-extensions/org.wso2.carbon.apimgt.webapp.publisher.feature/src/main/resources/conf/webapp-publisher-config.xml
@@ -24,7 +24,7 @@
- https://localhost:${carbon.https.port}
+ https://${iot.core.host}:${iot.core.https.port}
true
diff --git a/features/webapp-authenticator-framework/org.wso2.carbon.webapp.authenticator.framework.server.feature/src/main/resources/conf/webapp-authenticator-config.xml b/features/webapp-authenticator-framework/org.wso2.carbon.webapp.authenticator.framework.server.feature/src/main/resources/conf/webapp-authenticator-config.xml
index 8725f4a99ae..b3a4f47c175 100644
--- a/features/webapp-authenticator-framework/org.wso2.carbon.webapp.authenticator.framework.server.feature/src/main/resources/conf/webapp-authenticator-config.xml
+++ b/features/webapp-authenticator-framework/org.wso2.carbon.webapp.authenticator.framework.server.feature/src/main/resources/conf/webapp-authenticator-config.xml
@@ -5,7 +5,7 @@
org.wso2.carbon.webapp.authenticator.framework.authenticator.OAuthAuthenticator
false
- https://localhost:9443
+ https://${iot.keymanager.host}:${iot.keymanager.https.port}
admin
admin
100
@@ -23,6 +23,7 @@
wso2carbon
wso2carbon
+ wso2carbon
@@ -34,7 +35,7 @@
org.wso2.carbon.webapp.authenticator.framework.authenticator.BSTAuthenticator
false
- https://localhost:9443
+ https://${iot.keymanager.host}:${iot.keymanager.https.port}
admin
admin
100