From 49623a4693dcbd35f6b5305c3e29d31254fcb4ce Mon Sep 17 00:00:00 2001 From: mharindu Date: Sun, 3 Jul 2016 15:03:47 +0530 Subject: [PATCH] Implemented scope based authorization --- .../apimgt/annotations/api/Permission.java | 2 +- .../config/PermissionConfiguration.java | 10 +- .../lifecycle/util/AnnotationProcessor.java | 58 +-- .../mgt/jaxrs/api/CertificateMgtService.java | 2 +- .../CertificateManagementAdminService.java | 8 +- .../org.wso2.carbon.device.mgt.api/pom.xml | 4 +- .../api/ActivityInfoProviderService.java | 6 +- .../api/ConfigurationManagementService.java | 8 +- .../service/api/DeviceManagementService.java | 45 +-- .../api/NotificationManagementService.java | 9 +- .../service/api/PolicyManagementService.java | 41 +-- .../service/api/RoleManagementService.java | 20 +- .../service/api/UserManagementService.java | 18 +- .../ApplicationManagementAdminService.java | 5 +- .../admin/DeviceManagementAdminService.java | 4 +- .../api/admin/UserManagementAdminService.java | 5 +- .../mgt/common/permission/mgt/Permission.java | 43 +-- .../mgt/PermissionManagerService.java | 3 +- .../org.wso2.carbon.device.mgt.core/pom.xml | 28 +- .../DeviceAccessAuthorizationServiceImpl.java | 4 +- .../permission/AnnotationProcessor.java | 332 ++++++++++++++++++ .../permission/PermissionConfiguration.java | 22 +- .../WebAppDeploymentLifecycleListener.java | 48 ++- .../mgt/PermissionManagerServiceImpl.java | 6 +- .../core/permission/mgt/PermissionTree.java | 3 - .../core/permission/mgt/PermissionUtils.java | 154 ++++---- .../PermissionBasedScopeValidator.java | 4 +- .../authenticator/framework/Utils/Utils.java | 23 ++ .../authenticator/OAuthAuthenticator.java | 17 +- .../authorizer/PermissionAuthorizer.java | 51 +-- .../pom.xml | 2 +- .../src/main/resources/p2.inf | 2 +- 32 files changed, 636 insertions(+), 351 deletions(-) create mode 100644 components/device-mgt/org.wso2.carbon.device.mgt.core/src/main/java/org/wso2/carbon/device/mgt/core/config/permission/AnnotationProcessor.java diff --git a/components/apimgt-extensions/org.wso2.carbon.apimgt.annotations/src/main/java/org/wso2/carbon/apimgt/annotations/api/Permission.java b/components/apimgt-extensions/org.wso2.carbon.apimgt.annotations/src/main/java/org/wso2/carbon/apimgt/annotations/api/Permission.java index 65ade5cc3aa..bc771b72c74 100644 --- a/components/apimgt-extensions/org.wso2.carbon.apimgt.annotations/src/main/java/org/wso2/carbon/apimgt/annotations/api/Permission.java +++ b/components/apimgt-extensions/org.wso2.carbon.apimgt.annotations/src/main/java/org/wso2/carbon/apimgt/annotations/api/Permission.java @@ -40,6 +40,6 @@ public @interface Permission { * Represents the associated permissions. * @return Returns list of permissions. */ - String[] permissions(); + String[] roles(); } diff --git a/components/apimgt-extensions/org.wso2.carbon.apimgt.webapp.publisher/src/main/java/org/wso2/carbon/apimgt/webapp/publisher/config/PermissionConfiguration.java b/components/apimgt-extensions/org.wso2.carbon.apimgt.webapp.publisher/src/main/java/org/wso2/carbon/apimgt/webapp/publisher/config/PermissionConfiguration.java index 7d16d198b94..81a722e5ffe 100644 --- a/components/apimgt-extensions/org.wso2.carbon.apimgt.webapp.publisher/src/main/java/org/wso2/carbon/apimgt/webapp/publisher/config/PermissionConfiguration.java +++ b/components/apimgt-extensions/org.wso2.carbon.apimgt.webapp.publisher/src/main/java/org/wso2/carbon/apimgt/webapp/publisher/config/PermissionConfiguration.java @@ -24,7 +24,7 @@ package org.wso2.carbon.apimgt.webapp.publisher.config; public class PermissionConfiguration { private String scopeName; - private String[] permissions; + private String[] roles; public String getScopeName() { return scopeName; @@ -34,12 +34,12 @@ public class PermissionConfiguration { this.scopeName = scope; } - public String[] getPermissions() { - return permissions; + public String[] getRoles() { + return roles; } - public void setPermissions(String[] permissions) { - this.permissions = permissions; + public void setRoles(String[] roles) { + this.roles = roles; } } diff --git a/components/apimgt-extensions/org.wso2.carbon.apimgt.webapp.publisher/src/main/java/org/wso2/carbon/apimgt/webapp/publisher/lifecycle/util/AnnotationProcessor.java b/components/apimgt-extensions/org.wso2.carbon.apimgt.webapp.publisher/src/main/java/org/wso2/carbon/apimgt/webapp/publisher/lifecycle/util/AnnotationProcessor.java index a88fe00e9fe..7de4b6569b4 100644 --- a/components/apimgt-extensions/org.wso2.carbon.apimgt.webapp.publisher/src/main/java/org/wso2/carbon/apimgt/webapp/publisher/lifecycle/util/AnnotationProcessor.java +++ b/components/apimgt-extensions/org.wso2.carbon.apimgt.webapp.publisher/src/main/java/org/wso2/carbon/apimgt/webapp/publisher/lifecycle/util/AnnotationProcessor.java @@ -19,12 +19,10 @@ package org.wso2.carbon.apimgt.webapp.publisher.lifecycle.util; import org.apache.catalina.core.StandardContext; -import org.apache.commons.lang.ArrayUtils; import org.apache.commons.lang.StringUtils; import org.apache.commons.logging.Log; import org.apache.commons.logging.LogFactory; import org.scannotation.AnnotationDB; -import org.scannotation.WarUrlFinder; import org.wso2.carbon.apimgt.annotations.api.API; import org.wso2.carbon.apimgt.annotations.api.Permission; import org.wso2.carbon.apimgt.api.model.Scope; @@ -36,11 +34,14 @@ import org.wso2.carbon.apimgt.webapp.publisher.config.PermissionManagementExcept import javax.servlet.ServletContext; import javax.ws.rs.*; +import java.io.File; import java.io.IOException; import java.lang.annotation.Annotation; import java.lang.reflect.InvocationHandler; import java.lang.reflect.Method; import java.lang.reflect.Proxy; +import java.net.MalformedURLException; +import java.net.URI; import java.net.URL; import java.security.AccessController; import java.security.PrivilegedAction; @@ -58,13 +59,9 @@ public class AnnotationProcessor { private static final String WILD_CARD = "/*"; private static final String AUTH_TYPE = "Any"; - private static final String PROTOCOL_HTTP = "http"; - private static final String SERVER_HOST = "carbon.local.ip"; - private static final String HTTP_PORT = "httpPort"; private static final String STRING_ARR = "string_arr"; private static final String STRING = "string"; - private StandardContext context; private Method[] pathClazzMethods; private Class pathClazz; Class apiClazz; @@ -73,7 +70,6 @@ public class AnnotationProcessor { public AnnotationProcessor(final StandardContext context) { - this.context = context; servletContext = context.getServletContext(); classLoader = servletContext.getClassLoader(); } @@ -90,11 +86,8 @@ public class AnnotationProcessor { db.addIgnoredPackages(PACKAGE_ORG_CODEHAUS); db.addIgnoredPackages(PACKAGE_ORG_SPRINGFRAMEWORK); - URL[] libPath = WarUrlFinder.findWebInfLibClasspaths(servletContext); - URL classPath = WarUrlFinder.findWebInfClassesPath(servletContext); - URL[] urls = (URL[]) ArrayUtils.add(libPath, libPath.length, classPath); - - db.scanArchives(urls); + URL classPath = findWebInfClassesPath(servletContext); + db.scanArchives(classPath); //Returns a list of classes with given Annotation return db.getAnnotationIndex().get(className); @@ -142,7 +135,7 @@ public class AnnotationProcessor { pathClazzMethods = pathClazz.getMethods(); Annotation rootContectAnno = clazz.getAnnotation(pathClazz); - String subContext = ""; + String subContext; if (rootContectAnno != null) { subContext = invokeMethod(pathClazzMethods[0], rootContectAnno, STRING); if (subContext != null && !subContext.isEmpty()) { @@ -151,8 +144,6 @@ public class AnnotationProcessor { } else { rootContext = rootContext + "/" + subContext; } - } else { - subContext = ""; } if (log.isDebugEnabled()) { log.debug("API Root Context = " + rootContext); @@ -167,7 +158,7 @@ public class AnnotationProcessor { } } } catch (ClassNotFoundException e) { - log.error("Error when passing the api annotation for device type apis."); + log.error("Error when passing the api annotation for device type apis.", e); } return apiResourceConfig; } @@ -259,7 +250,7 @@ public class AnnotationProcessor { scope.setKey(permissionConf.getScopeName()); scope.setDescription(permissionConf.getScopeName()); scope.setName(permissionConf.getScopeName()); - String roles = StringUtils.join(permissionConf.getPermissions(), ","); + String roles = StringUtils.join(permissionConf.getRoles(), ","); scope.setRoles(roles); resource.setScope(scope); } @@ -369,10 +360,10 @@ public class AnnotationProcessor { case "scope": permissionConf.setScopeName(invokeMethod(method, permissionAnnotation, STRING)); break; - case "permissions": - String permissions[] = invokeMethod(method, permissionAnnotation); - this.addPermission(permissions); - permissionConf.setPermissions(permissions); + case "roles": + String roles[] = invokeMethod(method, permissionAnnotation); + this.addPermission(roles); + permissionConf.setRoles(roles); break; } } @@ -387,4 +378,29 @@ public class AnnotationProcessor { } } + + /** + * Find the URL pointing to "/WEB-INF/classes" This method may not work in conjunction with IteratorFactory + * if your servlet container does not extract the /WEB-INF/classes into a real file-based directory + * + * @param servletContext + * @return null if cannot determin /WEB-INF/classes + */ + public static URL findWebInfClassesPath(ServletContext servletContext) + { + String path = servletContext.getRealPath("/WEB-INF/classes"); + if (path == null) return null; + File fp = new File(path); + if (fp.exists() == false) return null; + try + { + URI uri = fp.toURI(); + return uri.toURL(); + } + catch (MalformedURLException e) + { + throw new RuntimeException(e); + } + } + } diff --git a/components/certificate-mgt/org.wso2.carbon.certificate.mgt.api/src/main/java/org/wso2/carbon/certificate/mgt/jaxrs/api/CertificateMgtService.java b/components/certificate-mgt/org.wso2.carbon.certificate.mgt.api/src/main/java/org/wso2/carbon/certificate/mgt/jaxrs/api/CertificateMgtService.java index 96351caedd7..d4b1d3e6da8 100644 --- a/components/certificate-mgt/org.wso2.carbon.certificate.mgt.api/src/main/java/org/wso2/carbon/certificate/mgt/jaxrs/api/CertificateMgtService.java +++ b/components/certificate-mgt/org.wso2.carbon.certificate.mgt.api/src/main/java/org/wso2/carbon/certificate/mgt/jaxrs/api/CertificateMgtService.java @@ -46,7 +46,7 @@ public interface CertificateMgtService { message = "Internal Server Error. \n Error occurred while retrieving signed certificate.", response = ErrorResponse.class) }) - @Permission(scope = "sign-csr", permissions = {"/permission/admin/device-mgt/scep/sign-csr"}) + @Permission(scope = "sign-csr", roles = {"emm-admin"}) Response getSignedCertFromCSR( @ApiParam( name = "If-Modified-Since", diff --git a/components/certificate-mgt/org.wso2.carbon.certificate.mgt.cert.admin.api/src/main/java/org/wso2/carbon/certificate/mgt/cert/jaxrs/api/CertificateManagementAdminService.java b/components/certificate-mgt/org.wso2.carbon.certificate.mgt.cert.admin.api/src/main/java/org/wso2/carbon/certificate/mgt/cert/jaxrs/api/CertificateManagementAdminService.java index 6988f317122..d69b3987c53 100644 --- a/components/certificate-mgt/org.wso2.carbon.certificate.mgt.cert.admin.api/src/main/java/org/wso2/carbon/certificate/mgt/cert/jaxrs/api/CertificateManagementAdminService.java +++ b/components/certificate-mgt/org.wso2.carbon.certificate.mgt.cert.admin.api/src/main/java/org/wso2/carbon/certificate/mgt/cert/jaxrs/api/CertificateManagementAdminService.java @@ -72,7 +72,7 @@ public interface CertificateManagementAdminService { message = "Internal Server Error. \n Server error occurred while adding certificates.", response = ErrorResponse.class) }) - @Permission(scope = "certificate-modify", permissions = {"/permission/admin/device-mgt/certificate/save"}) + @Permission(scope = "certificate-modify", roles = {"admin"}) Response addCertificate( @ApiParam( name = "enrollmentCertificates", @@ -130,7 +130,7 @@ public interface CertificateManagementAdminService { "Server error occurred while retrieving information requested certificate.", response = ErrorResponse.class) }) - @Permission(scope = "certificate-view", permissions = {"/permission/admin/device-mgt/certificate/view"}) + @Permission(scope = "certificate-view", roles = {"emm-admin"}) Response getCertificate( @ApiParam(name = "serialNumber", value = "Provide the serial number of the certificate that you wish to get the details of", @@ -202,7 +202,7 @@ public interface CertificateManagementAdminService { "Server error occurred while retrieving all certificates enrolled in the system.", response = ErrorResponse.class) }) - @Permission(scope = "certificate-view", permissions = {"/permission/admin/device-mgt/certificate/view"}) + @Permission(scope = "certificate-view", roles = {"emm-admin"}) Response getAllCertificates( @ApiParam( name = "offset", @@ -245,7 +245,7 @@ public interface CertificateManagementAdminService { message = "Internal Server Error. \n " + "Server error occurred while removing the certificate.", response = ErrorResponse.class)}) - @Permission(scope = "certificate-modify", permissions = {"/permission/admin/device-mgt/certificate/remove"}) + @Permission(scope = "certificate-modify", roles = {"emm-admin"}) Response removeCertificate( @ApiParam( name = "serialNumber", diff --git a/components/device-mgt/org.wso2.carbon.device.mgt.api/pom.xml b/components/device-mgt/org.wso2.carbon.device.mgt.api/pom.xml index e4be5c03ff0..36deba6c9b3 100644 --- a/components/device-mgt/org.wso2.carbon.device.mgt.api/pom.xml +++ b/components/device-mgt/org.wso2.carbon.device.mgt.api/pom.xml @@ -46,7 +46,7 @@ maven-war-plugin WEB-INF/lib/*cxf*.jar - api#device-mgt#v1.0 + api-device-mgt-v1.0 @@ -72,7 +72,7 @@ - + diff --git a/components/device-mgt/org.wso2.carbon.device.mgt.api/src/main/java/org/wso2/carbon/device/mgt/jaxrs/service/api/ActivityInfoProviderService.java b/components/device-mgt/org.wso2.carbon.device.mgt.api/src/main/java/org/wso2/carbon/device/mgt/jaxrs/service/api/ActivityInfoProviderService.java index 3cdc31ed078..d2ad14d1f1a 100644 --- a/components/device-mgt/org.wso2.carbon.device.mgt.api/src/main/java/org/wso2/carbon/device/mgt/jaxrs/service/api/ActivityInfoProviderService.java +++ b/components/device-mgt/org.wso2.carbon.device.mgt.api/src/main/java/org/wso2/carbon/device/mgt/jaxrs/service/api/ActivityInfoProviderService.java @@ -32,7 +32,7 @@ import javax.ws.rs.core.Response; /** * Activity related REST-API implementation. */ -@API(name = "Activities", version = "1.0.0", context = "/devicemgt_admin/activities", tags = {"devicemgt_admin"}) +@API(name = "Activity Info Provider", version = "1.0.0", context = "/api-device-mgt-v1.0/activities", tags = {"devicemgt_admin"}) @Path("/activities") @Api(value = "Activity Info Provider", description = "Activity related information manipulation. For example operation details " + @@ -91,7 +91,7 @@ public interface ActivityInfoProviderService { message = "Internal Server ErrorResponse. \n Server error occurred while fetching activity data.", response = ErrorResponse.class) }) - @Permission(scope = "activity-view", permissions = {"/permission/admin/device-mgt/admin/activities/view"}) + @Permission(scope = "activity-view", roles = {"emm-user", "emm-admin"}) Response getActivity( @ApiParam( name = "id", @@ -147,7 +147,7 @@ public interface ActivityInfoProviderService { message = "Internal Server ErrorResponse. \n Server error occurred while fetching activity data.", response = ErrorResponse.class) }) - @Permission(scope = "activity-view", permissions = {"/permission/admin/device-mgt/admin/activities/view"}) + @Permission(scope = "activity-view", roles = {"emm-admin"}) Response getActivities( @ApiParam( name = "since", diff --git a/components/device-mgt/org.wso2.carbon.device.mgt.api/src/main/java/org/wso2/carbon/device/mgt/jaxrs/service/api/ConfigurationManagementService.java b/components/device-mgt/org.wso2.carbon.device.mgt.api/src/main/java/org/wso2/carbon/device/mgt/jaxrs/service/api/ConfigurationManagementService.java index ab067e0e197..168eda47400 100644 --- a/components/device-mgt/org.wso2.carbon.device.mgt.api/src/main/java/org/wso2/carbon/device/mgt/jaxrs/service/api/ConfigurationManagementService.java +++ b/components/device-mgt/org.wso2.carbon.device.mgt.api/src/main/java/org/wso2/carbon/device/mgt/jaxrs/service/api/ConfigurationManagementService.java @@ -31,7 +31,7 @@ import javax.ws.rs.core.Response; /** * General Tenant Configuration REST-API. */ -@API(name = "Configuration", version = "1.0.0", context = "/devicemgt_admin/configuration", tags = {"devicemgt_admin"}) +@API(name = "Configuration Management", version = "1.0.0", context = "/api-device-mgt-v1.0/configuration", tags = {"devicemgt_admin"}) @Path("/configuration") @Api(value = "Configuration Management", description = "General Tenant Configuration management capabilities are exposed " + @@ -78,8 +78,7 @@ public interface ConfigurationManagementService { "platform configuration.", response = ErrorResponse.class) }) - @Permission(scope = "configuration-view", - permissions = {"/permission/admin/device-mgt/admin/platform-configs/view"}) + @Permission(scope = "configuration-view", roles = {"emm-admin"}) Response getConfiguration( @ApiParam( name = "If-Modified-Since", @@ -126,8 +125,7 @@ public interface ConfigurationManagementService { "Server error occurred while modifying general platform configuration.", response = ErrorResponse.class) }) - @Permission(scope = "configuration-modify", - permissions = {"/permission/admin/device-mgt/admin/platform-configs/modify"}) + @Permission(scope = "configuration-modify", roles = {"emm-admin"}) Response updateConfiguration( @ApiParam( name = "configuration", diff --git a/components/device-mgt/org.wso2.carbon.device.mgt.api/src/main/java/org/wso2/carbon/device/mgt/jaxrs/service/api/DeviceManagementService.java b/components/device-mgt/org.wso2.carbon.device.mgt.api/src/main/java/org/wso2/carbon/device/mgt/jaxrs/service/api/DeviceManagementService.java index a3958d4dacf..474677f076f 100644 --- a/components/device-mgt/org.wso2.carbon.device.mgt.api/src/main/java/org/wso2/carbon/device/mgt/jaxrs/service/api/DeviceManagementService.java +++ b/components/device-mgt/org.wso2.carbon.device.mgt.api/src/main/java/org/wso2/carbon/device/mgt/jaxrs/service/api/DeviceManagementService.java @@ -37,7 +37,7 @@ import javax.ws.rs.core.Response; /** * Device related REST-API. This can be used to manipulated device related details. */ -@API(name = "Device", version = "1.0.0", context = "/api/device-mgt/admin/devices", tags = {"devicemgt_admin"}) +@API(name = "Device Management", version = "1.0.0", context = "/api-device-mgt-v1.0/devices", tags = {"devicemgt_admin"}) @Path("/devices") @Api(value = "Device Management", description = "This API carries all device management related operations " + @@ -90,10 +90,7 @@ public interface DeviceManagementService { message = "Internal Server ErrorResponse. \n Server error occurred while fetching the device list.", response = ErrorResponse.class) }) - @Permission( - scope = "device-list", - permissions = {"/permission/admin/device-mgt/admin/devices/list"} - ) + @Permission(scope = "device-list", roles = {"emm-admin"}) Response getDevices( @ApiParam( name = "type", @@ -197,13 +194,7 @@ public interface DeviceManagementService { "Server error occurred while retrieving information requested device.", response = ErrorResponse.class) }) - @Permission( - scope = "device-view", - permissions = { - "/permission/admin/device-mgt/admin/devices/view", - "/permission/admin/device-mgt/user/devices/view" - } - ) + @Permission(scope = "device-view", roles = {"emm-admin"}) Response getDevice( @ApiParam( name = "type", @@ -283,12 +274,7 @@ public interface DeviceManagementService { "Server error occurred while retrieving feature list of the device.", response = ErrorResponse.class) }) - @Permission( - scope = "device-search", - permissions = {"/permission/admin/device-mgt/admin/devices/view", - "/permission/admin/device-mgt/user/devices/view" - } - ) + @Permission(scope = "device-search", roles = {"emm-admin"}) Response getFeaturesOfDevice( @ApiParam( name = "type", @@ -362,10 +348,7 @@ public interface DeviceManagementService { "Server error occurred while enrolling the device.", response = ErrorResponse.class) }) - @Permission( - scope = "device-search", - permissions = {"/permission/admin/device-mgt/admin/devices/list" } - ) + @Permission(scope = "device-search", roles = {"emm-admin" }) Response searchDevices( @ApiParam( name = "offset", @@ -445,13 +428,7 @@ public interface DeviceManagementService { + "the device.", response = ErrorResponse.class) }) - @Permission( - scope = "operation-view", - permissions = { - "/permission/admin/device-mgt/admin/devices/view", - "/permission/admin/device-mgt/user/devices/view" - } - ) + @Permission(scope = "operation-view", roles = {"emm-admin"}) Response getInstalledApplications( @ApiParam( name = "type", @@ -546,13 +523,7 @@ public interface DeviceManagementService { + "device.", response = ErrorResponse.class) }) - @Permission( - scope = "operation-view", - permissions = { - "/permission/admin/device-mgt/admin/devices/view", - "/permission/admin/device-mgt/user/devices/view" - } - ) + @Permission(scope = "operation-view", roles = {"emm-admin"}) Response getDeviceOperations( @ApiParam( name = "type", @@ -649,6 +620,7 @@ public interface DeviceManagementService { response = ErrorResponse.class) } ) + @Permission(scope = "operation-view", roles = {"emm-admin"}) Response getEffectivePolicyOfDevice( @ApiParam( name = "type", @@ -689,5 +661,6 @@ public interface DeviceManagementService { message = "Error occurred while fetching the list of device types.") } ) + @Permission(scope = "operation-view", roles = {"emm-admin"}) Response getDeviceTypes(); } diff --git a/components/device-mgt/org.wso2.carbon.device.mgt.api/src/main/java/org/wso2/carbon/device/mgt/jaxrs/service/api/NotificationManagementService.java b/components/device-mgt/org.wso2.carbon.device.mgt.api/src/main/java/org/wso2/carbon/device/mgt/jaxrs/service/api/NotificationManagementService.java index de119c553e3..d547ddbcd31 100644 --- a/components/device-mgt/org.wso2.carbon.device.mgt.api/src/main/java/org/wso2/carbon/device/mgt/jaxrs/service/api/NotificationManagementService.java +++ b/components/device-mgt/org.wso2.carbon.device.mgt.api/src/main/java/org/wso2/carbon/device/mgt/jaxrs/service/api/NotificationManagementService.java @@ -34,7 +34,7 @@ import javax.ws.rs.core.Response; /** * Notifications related REST-API. */ -@API(name = "Device Notification Management API", version = "1.0.0", context = "/devicemgt_admin/notifications", +@API(name = "Device Notification Management", version = "1.0.0", context = "/api-device-mgt-v1.0/notifications", tags = {"devicemgt_admin"}) @Api(value = "Device Notification Management", description = "Device notification related operations can be found here.") @Path("/notifications") @@ -89,12 +89,7 @@ public interface NotificationManagementService { message = "Internal Server ErrorResponse. \n Server error occurred while fetching the notification list.", response = ErrorResponse.class) }) - @Permission( - scope = "device-notification-view", - permissions = { - "/permission/admin/device-mgt/admin/notifications/view", - "/permission/admin/device-mgt/user/notifications/view" - }) + @Permission(scope = "device-notification-view", roles = {"emm-admin"}) Response getNotifications( @ApiParam( name = "status", diff --git a/components/device-mgt/org.wso2.carbon.device.mgt.api/src/main/java/org/wso2/carbon/device/mgt/jaxrs/service/api/PolicyManagementService.java b/components/device-mgt/org.wso2.carbon.device.mgt.api/src/main/java/org/wso2/carbon/device/mgt/jaxrs/service/api/PolicyManagementService.java index 9b63bd0e479..e6965402f62 100644 --- a/components/device-mgt/org.wso2.carbon.device.mgt.api/src/main/java/org/wso2/carbon/device/mgt/jaxrs/service/api/PolicyManagementService.java +++ b/components/device-mgt/org.wso2.carbon.device.mgt.api/src/main/java/org/wso2/carbon/device/mgt/jaxrs/service/api/PolicyManagementService.java @@ -19,6 +19,7 @@ package org.wso2.carbon.device.mgt.jaxrs.service.api; import io.swagger.annotations.*; +import org.wso2.carbon.apimgt.annotations.api.API; import org.wso2.carbon.apimgt.annotations.api.Permission; import org.wso2.carbon.device.mgt.jaxrs.beans.ErrorResponse; import org.wso2.carbon.device.mgt.jaxrs.beans.PolicyWrapper; @@ -34,6 +35,9 @@ import java.util.List; * Policy related REST-API. This can be used to manipulated policies and associate them with devices, users, roles, * groups. */ +@API(name = "Device Policy Management", version = "1.0.0", context = "/api-device-mgt-v1.0/policies", + tags = {"devicemgt_admin"}) + @Api(value = "Device Policy Management", description = "This API carries all the necessary functionalities " + "around device policy management") @Path("/policies") @@ -94,9 +98,7 @@ public interface PolicyManagementService { "Server error occurred while adding a new policy.", response = ErrorResponse.class) }) - @Permission( - scope = "policy-modify", - permissions = {"/permission/admin/device-mgt/admin/policies/add"}) + @Permission(scope = "policy-modify", roles = {"emm-admin"}) Response addPolicy( @ApiParam( name = "policy", @@ -149,9 +151,7 @@ public interface PolicyManagementService { "policies."), response = ErrorResponse.class) }) - @Permission( - scope = "policy-view", - permissions = {"/permission/admin/device-mgt/admin/policies/list"}) + @Permission(scope = "policy-view", roles = {"emm-admin"}) Response getPolicies( @ApiParam( name = "If-Modified-Since", @@ -217,9 +217,7 @@ public interface PolicyManagementService { "policy.", response = ErrorResponse.class) }) - @Permission( - scope = "policy-view", - permissions = {"/permission/admin/device-mgt/admin/policies/list"}) + @Permission(scope = "policy-view", roles = {"emm-admin"}) Response getPolicy( @ApiParam( name = "id", @@ -281,9 +279,7 @@ public interface PolicyManagementService { "Server error occurred while updating the policy.", response = ErrorResponse.class) }) - @Permission( - scope = "policy-modify", - permissions = {"/permission/admin/device-mgt/admin/policies/update"}) + @Permission(scope = "policy-modify", roles = {"emm-admin"}) Response updatePolicy( @ApiParam( name = "id", @@ -328,9 +324,7 @@ public interface PolicyManagementService { "Server error occurred while bulk removing policies.", response = ErrorResponse.class) }) - @Permission( - scope = "policy-modify", - permissions = {"/permission/admin/device-mgt/admin/policies/remove"}) + @Permission(scope = "policy-modify", roles = {"emm-admin"}) Response removePolicies( @ApiParam( name = "policyIds", @@ -366,10 +360,7 @@ public interface PolicyManagementService { message = "ErrorResponse in activating policies.", response = ErrorResponse.class) }) - @Permission( - scope = "policy-modify", permissions = { - "/permission/admin/device-mgt/admin/policies/update", - "/permission/admin/device-mgt/admin/policies/add"}) + @Permission(scope = "policy-modify", roles = {"emm-admin"}) Response activatePolicies( @ApiParam( name = "policyIds", @@ -405,11 +396,7 @@ public interface PolicyManagementService { message = "ErrorResponse in deactivating policies.", response = ErrorResponse.class) }) - @Permission( - scope = "policy-modify", - permissions = { - "/permission/admin/device-mgt/admin/policies/update", - "/permission/admin/device-mgt/admin/policies/add"}) + @Permission(scope = "policy-modify", roles = {"emm-admin"}) Response deactivatePolicies( @ApiParam( name = "policyIds", @@ -442,7 +429,7 @@ public interface PolicyManagementService { message = "ErrorResponse in deactivating policies.", response = ErrorResponse.class) }) - @Permission(scope = "policy-modify", permissions = {"/permission/admin/device-mgt/admin/policies/update"}) + @Permission(scope = "policy-modify", roles = {"emm-admin"}) Response applyChanges(); @@ -471,9 +458,7 @@ public interface PolicyManagementService { message = "Exception in updating policy priorities.", response = ErrorResponse.class) }) - @Permission( - scope = "", - permissions = {}) + @Permission(scope = "policy-modify", roles = {"emm-admin"}) Response updatePolicyPriorities( @ApiParam( name = "priorityUpdatedPolicies", diff --git a/components/device-mgt/org.wso2.carbon.device.mgt.api/src/main/java/org/wso2/carbon/device/mgt/jaxrs/service/api/RoleManagementService.java b/components/device-mgt/org.wso2.carbon.device.mgt.api/src/main/java/org/wso2/carbon/device/mgt/jaxrs/service/api/RoleManagementService.java index 06f52e1dda9..f4533bb7543 100644 --- a/components/device-mgt/org.wso2.carbon.device.mgt.api/src/main/java/org/wso2/carbon/device/mgt/jaxrs/service/api/RoleManagementService.java +++ b/components/device-mgt/org.wso2.carbon.device.mgt.api/src/main/java/org/wso2/carbon/device/mgt/jaxrs/service/api/RoleManagementService.java @@ -32,7 +32,7 @@ import javax.ws.rs.core.MediaType; import javax.ws.rs.core.Response; import java.util.List; -@API(name = "Role", version = "1.0.0", context = "/devicemgt_admin/roles", tags = {"devicemgt_admin"}) +@API(name = "Role Management", version = "1.0.0", context = "/api-device-mgt-v1.0/roles", tags = {"devicemgt_admin"}) @Path("/roles") @Api(value = "Role Management", description = "Role management related operations can be found here.") @@ -82,11 +82,7 @@ public interface RoleManagementService { message = "Internal Server ErrorResponse. \n Server error occurred while fetching requested list of roles.", response = ErrorResponse.class) }) - @Permission(scope = "roles-view", permissions = { - "/permission/admin/device-mgt/admin/roles/list", - "/permission/admin/device-mgt/admin/users/view", - "/permission/admin/device-mgt/admin/policies/add", - "/permission/admin/device-mgt/admin/policies/update"}) + @Permission(scope = "roles-view", roles = {"emm-admin"}) Response getRoles( @ApiParam( name = "filter", @@ -167,7 +163,7 @@ public interface RoleManagementService { message = "Internal Server ErrorResponse. \n Server error occurred while fetching the permission list of the requested role.", response = ErrorResponse.class) }) - @Permission(scope = "roles-view", permissions = {"/permission/admin/device-mgt/admin/roles/list"}) + @Permission(scope = "roles-view", roles = {"emm-admin"}) Response getPermissionsOfRole( @ApiParam( name = "roleName", @@ -229,7 +225,7 @@ public interface RoleManagementService { "requested role.", response = ErrorResponse.class) }) - @Permission(scope = "roles-view", permissions = {"/permission/admin/device-mgt/admin/roles/list"}) + @Permission(scope = "roles-view", roles = {"emm-admin"}) Response getRole( @ApiParam( name = "roleName", @@ -289,7 +285,7 @@ public interface RoleManagementService { "Server error occurred while adding a new role.", response = ErrorResponse.class) }) - @Permission(scope = "roles-modify", permissions = {"/permission/admin/device-mgt/admin/roles/add"}) + @Permission(scope = "roles-modify", roles = {"emm-admin"}) Response addRole( @ApiParam( name = "role", @@ -341,7 +337,7 @@ public interface RoleManagementService { "Server error occurred while updating the role.", response = ErrorResponse.class) }) - @Permission(scope = "roles-modify", permissions = {"/permission/admin/device-mgt/admin/roles/update"}) + @Permission(scope = "roles-modify", roles = {"emm-admin"}) Response updateRole( @ApiParam( name = "roleName", @@ -378,7 +374,7 @@ public interface RoleManagementService { "Server error occurred while removing the role.", response = ErrorResponse.class) }) - @Permission(scope = "roles-modify", permissions = {"/permission/admin/device-mgt/admin/roles/remove"}) + @Permission(scope = "roles-modify", roles = {"emm-admin"}) Response deleteRole( @ApiParam( name = "roleName", @@ -436,7 +432,7 @@ public interface RoleManagementService { "Server error occurred while updating the user list of the role.", response = ErrorResponse.class) }) - @Permission(scope = "roles-modify", permissions = {"/permission/admin/device-mgt/admin/roles/update"}) + @Permission(scope = "roles-modify", roles = {"emm-admin"}) Response updateUsersOfRole( @ApiParam( name = "roleName", diff --git a/components/device-mgt/org.wso2.carbon.device.mgt.api/src/main/java/org/wso2/carbon/device/mgt/jaxrs/service/api/UserManagementService.java b/components/device-mgt/org.wso2.carbon.device.mgt.api/src/main/java/org/wso2/carbon/device/mgt/jaxrs/service/api/UserManagementService.java index fbbeb517364..29dff53c4f5 100644 --- a/components/device-mgt/org.wso2.carbon.device.mgt.api/src/main/java/org/wso2/carbon/device/mgt/jaxrs/service/api/UserManagementService.java +++ b/components/device-mgt/org.wso2.carbon.device.mgt.api/src/main/java/org/wso2/carbon/device/mgt/jaxrs/service/api/UserManagementService.java @@ -28,7 +28,7 @@ import javax.ws.rs.core.MediaType; import javax.ws.rs.core.Response; -@API(name = "User Management API", version = "1.0.0", context = "/devicemgt_admin/users", tags = {"devicemgt_admin"}) +@API(name = "User Management", version = "1.0.0", context = "/api-device-mgt-v1.0/users", tags = {"devicemgt_admin"}) @Path("/users") @Api(value = "User Management", description = "User management related operations can be found here.") @@ -87,7 +87,7 @@ public interface UserManagementService { "Server error occurred while adding a new user.", response = ErrorResponse.class) }) - @Permission(scope = "user-modify", permissions = {"/permission/admin/device-mgt/admin/user/add"}) + @Permission(scope = "user-modify", roles = {"emm-admin"}) Response addUser( @ApiParam( name = "user", @@ -138,7 +138,7 @@ public interface UserManagementService { " fetching the requested user.", response = ErrorResponse.class) }) - @Permission(scope = "user-view", permissions = {"/permission/admin/device-mgt/admin/user/view"}) + @Permission(scope = "user-view", roles = {"emm-admin"}) Response getUser( @ApiParam( name = "username", @@ -196,7 +196,7 @@ public interface UserManagementService { "Server error occurred while updating the user.", response = ErrorResponse.class) }) - @Permission(scope = "user-modify", permissions = {"/permission/admin/device-mgt/admin/user/update"}) + @Permission(scope = "user-modify", roles = {"emm-admin"}) Response updateUser( @ApiParam( name = "username", @@ -231,7 +231,7 @@ public interface UserManagementService { response = ErrorResponse.class ) }) - @Permission(scope = "user-modify", permissions = {"/permission/admin/device-mgt/admin/user/remove"}) + @Permission(scope = "user-modify", roles = {"emm-admin"}) Response removeUser( @ApiParam(name = "username", value = "Username of the user to be deleted.", required = true) @PathParam("username") String username); @@ -279,7 +279,7 @@ public interface UserManagementService { " assigned to the user.", response = ErrorResponse.class) }) - @Permission(scope = "user-view", permissions = {"/permission/admin/device-mgt/admin/user/view"}) + @Permission(scope = "user-view", roles = {"emm-admin"}) Response getRolesOfUser( @ApiParam(name = "username", value = "Username of the user.", required = true) @PathParam("username") String username); @@ -321,7 +321,7 @@ public interface UserManagementService { message = "Internal Server ErrorResponse. \n Server error occurred while fetching the user list.", response = ErrorResponse.class) }) - @Permission(scope = "user-view", permissions = {"/permission/admin/device-mgt/admin/user/list"}) + @Permission(scope = "user-view", roles = {"emm-admin"}) Response getUsers( @ApiParam( name = "filter", @@ -387,7 +387,7 @@ public interface UserManagementService { "list that matches the given filter.", response = ErrorResponse.class) }) - @Permission(scope = "user-view", permissions = {"/permission/admin/device-mgt/admin/user/list"}) + @Permission(scope = "user-view", roles = {"emm-admin"}) Response getUserNames( @ApiParam( name = "filter", @@ -439,7 +439,7 @@ public interface UserManagementService { "Server error occurred while updating credentials of the user.", response = ErrorResponse.class) }) - @Permission(scope = "user-modify", permissions = {"/permission/admin/login"}) + @Permission(scope = "user-modify", roles = {"emm-admin"}) Response resetPassword( @ApiParam( name = "username", diff --git a/components/device-mgt/org.wso2.carbon.device.mgt.api/src/main/java/org/wso2/carbon/device/mgt/jaxrs/service/api/admin/ApplicationManagementAdminService.java b/components/device-mgt/org.wso2.carbon.device.mgt.api/src/main/java/org/wso2/carbon/device/mgt/jaxrs/service/api/admin/ApplicationManagementAdminService.java index 23b6cba5abd..a1abf62db14 100644 --- a/components/device-mgt/org.wso2.carbon.device.mgt.api/src/main/java/org/wso2/carbon/device/mgt/jaxrs/service/api/admin/ApplicationManagementAdminService.java +++ b/components/device-mgt/org.wso2.carbon.device.mgt.api/src/main/java/org/wso2/carbon/device/mgt/jaxrs/service/api/admin/ApplicationManagementAdminService.java @@ -20,6 +20,7 @@ package org.wso2.carbon.device.mgt.jaxrs.service.api.admin; import io.swagger.annotations.*; import org.wso2.carbon.apimgt.annotations.api.API; +import org.wso2.carbon.apimgt.annotations.api.Permission; import org.wso2.carbon.device.mgt.common.operation.mgt.Activity; import org.wso2.carbon.device.mgt.jaxrs.beans.ApplicationWrapper; import org.wso2.carbon.device.mgt.jaxrs.beans.ErrorResponse; @@ -31,7 +32,7 @@ import javax.ws.rs.Produces; import javax.ws.rs.core.MediaType; import javax.ws.rs.core.Response; -@API(name = "Application", version = "1.0.0", context = "/devicemgt_admin/applications", tags = {"devicemgt_admin"}) +@API(name = "Application Management Admin", version = "1.0.0", context = "/api-device-mgt-v1.0/admin/applications", tags = {"devicemgt_admin"}) @Path("/admin/applications") @Api(value = "Application Management Administrative Service", description = "This an API intended to be used by " + @@ -73,6 +74,7 @@ public interface ApplicationManagementAdminService { "a given set of devices.", response = ErrorResponse.class) }) + @Permission(scope = "application-modify", roles = {"emm-admin"}) Response installApplication( @ApiParam( name = "applicationWrapper", @@ -111,6 +113,7 @@ public interface ApplicationManagementAdminService { "a given set of devices.", response = ErrorResponse.class) }) + @Permission(scope = "application-modify", roles = {"emm-admin"}) Response uninstallApplication( @ApiParam( name = "applicationWrapper", diff --git a/components/device-mgt/org.wso2.carbon.device.mgt.api/src/main/java/org/wso2/carbon/device/mgt/jaxrs/service/api/admin/DeviceManagementAdminService.java b/components/device-mgt/org.wso2.carbon.device.mgt.api/src/main/java/org/wso2/carbon/device/mgt/jaxrs/service/api/admin/DeviceManagementAdminService.java index 2396de53f15..fde865b4afe 100644 --- a/components/device-mgt/org.wso2.carbon.device.mgt.api/src/main/java/org/wso2/carbon/device/mgt/jaxrs/service/api/admin/DeviceManagementAdminService.java +++ b/components/device-mgt/org.wso2.carbon.device.mgt.api/src/main/java/org/wso2/carbon/device/mgt/jaxrs/service/api/admin/DeviceManagementAdminService.java @@ -20,6 +20,7 @@ package org.wso2.carbon.device.mgt.jaxrs.service.api.admin; import io.swagger.annotations.*; import org.wso2.carbon.apimgt.annotations.api.API; +import org.wso2.carbon.apimgt.annotations.api.Permission; import org.wso2.carbon.device.mgt.common.Device; import org.wso2.carbon.device.mgt.jaxrs.beans.ErrorResponse; @@ -27,7 +28,7 @@ import javax.ws.rs.*; import javax.ws.rs.core.MediaType; import javax.ws.rs.core.Response; -@API(name = "DeviceManagementAdmin", version = "1.0.0", context = "/devicemgt_admin/applications", +@API(name = "Device Management Admin", version = "1.0.0", context = "/api-device-mgt-v1.0/admin/devices", tags = {"devicemgt_admin"}) @Path("/admin/devices") @Api(value = "Device Management Administrative Service", description = "This an API intended to be used by " + @@ -83,6 +84,7 @@ public interface DeviceManagementAdminService { message = "Internal Server ErrorResponse. \n Server error occurred while fetching the device list.", response = ErrorResponse.class) }) + @Permission(scope = "device-view", roles = {"emm-admin"}) Response getDevicesByName( @ApiParam( name = "name", diff --git a/components/device-mgt/org.wso2.carbon.device.mgt.api/src/main/java/org/wso2/carbon/device/mgt/jaxrs/service/api/admin/UserManagementAdminService.java b/components/device-mgt/org.wso2.carbon.device.mgt.api/src/main/java/org/wso2/carbon/device/mgt/jaxrs/service/api/admin/UserManagementAdminService.java index fb8610ce438..4468044223a 100644 --- a/components/device-mgt/org.wso2.carbon.device.mgt.api/src/main/java/org/wso2/carbon/device/mgt/jaxrs/service/api/admin/UserManagementAdminService.java +++ b/components/device-mgt/org.wso2.carbon.device.mgt.api/src/main/java/org/wso2/carbon/device/mgt/jaxrs/service/api/admin/UserManagementAdminService.java @@ -19,6 +19,7 @@ package org.wso2.carbon.device.mgt.jaxrs.service.api.admin; import io.swagger.annotations.*; +import org.wso2.carbon.apimgt.annotations.api.API; import org.wso2.carbon.apimgt.annotations.api.Permission; import org.wso2.carbon.device.mgt.jaxrs.beans.ErrorResponse; import org.wso2.carbon.device.mgt.jaxrs.beans.PasswordResetWrapper; @@ -27,6 +28,8 @@ import javax.ws.rs.*; import javax.ws.rs.core.MediaType; import javax.ws.rs.core.Response; +@API(name = "User Management Admin", version = "1.0.0", context = "/api-device-mgt-v1.0/admin/users", tags = {"devicemgt_admin"}) + @Path("/admin/users") @Produces(MediaType.APPLICATION_JSON) @Consumes(MediaType.APPLICATION_JSON) @@ -64,7 +67,7 @@ public interface UserManagementAdminService { "Server error occurred while updating credentials of the user.", response = ErrorResponse.class) }) - @Permission(scope = "user-modify", permissions = {"/permission/admin/login"}) + @Permission(scope = "user-modify", roles = {"emm-admin"}) Response resetUserPassword( @ApiParam( name = "username", diff --git a/components/device-mgt/org.wso2.carbon.device.mgt.common/src/main/java/org/wso2/carbon/device/mgt/common/permission/mgt/Permission.java b/components/device-mgt/org.wso2.carbon.device.mgt.common/src/main/java/org/wso2/carbon/device/mgt/common/permission/mgt/Permission.java index ad92cb27d8d..6ba2f675c0a 100644 --- a/components/device-mgt/org.wso2.carbon.device.mgt.common/src/main/java/org/wso2/carbon/device/mgt/common/permission/mgt/Permission.java +++ b/components/device-mgt/org.wso2.carbon.device.mgt.common/src/main/java/org/wso2/carbon/device/mgt/common/permission/mgt/Permission.java @@ -24,47 +24,25 @@ import javax.xml.bind.annotation.XmlRootElement; /** * This class represents the information related to permission. */ -@XmlRootElement (name = "Permission") public class Permission { - private String name; // permission name - private String path; // permission string private String url; // url of the resource + private String urlTemplate; // resource template private String method; // http method - private String scope; //scope of the resource + private String context; - public String getName() { - return name; + public String getContext() { + return context; } - @XmlElement (name = "name", required = true) - public void setName(String name) { - this.name = name; + public void setContext(String context) { + this.context = context; } - public String getPath() { - return path; - } - - @XmlElement (name = "path", required = true) - public void setPath(String path) { - this.path = path; - } - - public String getScope() { - return scope; - } - - @XmlElement(name = "scope", required = false) - public void setScope(String scope) { - this.scope = scope; - } - public String getUrl() { return url; } - @XmlElement (name = "url", required = true) public void setUrl(String url) { this.url = url; } @@ -73,8 +51,15 @@ public class Permission { return method; } - @XmlElement (name = "method", required = true) public void setMethod(String method) { this.method = method; } + + public String getUrlTemplate() { + return urlTemplate; + } + + public void setUrlTemplate(String urlTemplate) { + this.urlTemplate = urlTemplate; + } } diff --git a/components/device-mgt/org.wso2.carbon.device.mgt.common/src/main/java/org/wso2/carbon/device/mgt/common/permission/mgt/PermissionManagerService.java b/components/device-mgt/org.wso2.carbon.device.mgt.common/src/main/java/org/wso2/carbon/device/mgt/common/permission/mgt/PermissionManagerService.java index 30b771565de..10bb59bcb4d 100644 --- a/components/device-mgt/org.wso2.carbon.device.mgt.common/src/main/java/org/wso2/carbon/device/mgt/common/permission/mgt/PermissionManagerService.java +++ b/components/device-mgt/org.wso2.carbon.device.mgt.common/src/main/java/org/wso2/carbon/device/mgt/common/permission/mgt/PermissionManagerService.java @@ -29,11 +29,10 @@ public interface PermissionManagerService { /** * * @param permission - Permission to be added - * @return The status of the operation. * @throws PermissionManagementException If some unusual behaviour is observed while adding the * permission. */ - boolean addPermission(Permission permission) throws PermissionManagementException; + void addPermission(Permission permission) throws PermissionManagementException; /** * diff --git a/components/device-mgt/org.wso2.carbon.device.mgt.core/pom.xml b/components/device-mgt/org.wso2.carbon.device.mgt.core/pom.xml index 9f3b0bee454..be896513a28 100644 --- a/components/device-mgt/org.wso2.carbon.device.mgt.core/pom.xml +++ b/components/device-mgt/org.wso2.carbon.device.mgt.core/pom.xml @@ -91,6 +91,10 @@ !org.wso2.carbon.device.mgt.core.internal, org.wso2.carbon.device.mgt.core.* + + javax.ws.rs-api, + scribe;scope=compile|runtime;inline=false; + * @@ -228,6 +232,7 @@ commons-collections.wso2 commons-collections + org.wso2.carbon.devicemgt org.wso2.carbon.email.sender.core @@ -236,15 +241,12 @@ mysql mysql-connector-java - 5.1.34 test - com.google.code.gson gson - 1.7.1 @@ -253,6 +255,26 @@ provided + + org.wso2.orbit.org.scannotation + scannotation + + + + org.wso2.carbon.devicemgt + org.wso2.carbon.apimgt.annotations + + + + javax.ws.rs + javax.ws.rs-api + + + + javax.ws.rs + jsr311-api + + diff --git a/components/device-mgt/org.wso2.carbon.device.mgt.core/src/main/java/org/wso2/carbon/device/mgt/core/authorization/DeviceAccessAuthorizationServiceImpl.java b/components/device-mgt/org.wso2.carbon.device.mgt.core/src/main/java/org/wso2/carbon/device/mgt/core/authorization/DeviceAccessAuthorizationServiceImpl.java index 4c2e57d8bda..dc10c5c7767 100644 --- a/components/device-mgt/org.wso2.carbon.device.mgt.core/src/main/java/org/wso2/carbon/device/mgt/core/authorization/DeviceAccessAuthorizationServiceImpl.java +++ b/components/device-mgt/org.wso2.carbon.device.mgt.core/src/main/java/org/wso2/carbon/device/mgt/core/authorization/DeviceAccessAuthorizationServiceImpl.java @@ -248,9 +248,7 @@ public class DeviceAccessAuthorizationServiceImpl implements DeviceAccessAuthori } private boolean addAdminPermissionToRegistry() throws PermissionManagementException { - Permission permission = new Permission(); - permission.setPath(PermissionUtils.getAbsolutePermissionPath(CDM_ADMIN_PERMISSION)); - return PermissionUtils.putPermission(permission); + return PermissionUtils.putPermission(PermissionUtils.getAbsolutePermissionPath(CDM_ADMIN_PERMISSION)); } private Map getOwnershipOfDevices(List devices) { diff --git a/components/device-mgt/org.wso2.carbon.device.mgt.core/src/main/java/org/wso2/carbon/device/mgt/core/config/permission/AnnotationProcessor.java b/components/device-mgt/org.wso2.carbon.device.mgt.core/src/main/java/org/wso2/carbon/device/mgt/core/config/permission/AnnotationProcessor.java new file mode 100644 index 00000000000..6e7fa12c716 --- /dev/null +++ b/components/device-mgt/org.wso2.carbon.device.mgt.core/src/main/java/org/wso2/carbon/device/mgt/core/config/permission/AnnotationProcessor.java @@ -0,0 +1,332 @@ +/* + * Copyright (c) 2015, WSO2 Inc. (http://www.wso2.org) All Rights Reserved. + * + * WSO2 Inc. licenses this file to you under the Apache License, + * Version 2.0 (the "License"); you may not use this file except + * in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, + * software distributed under the License is distributed on an + * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY + * KIND, either express or implied. See the License for the + * specific language governing permissions and limitations + * under the License. + */ + +package org.wso2.carbon.device.mgt.core.config.permission; + +import org.apache.catalina.core.StandardContext; +import org.apache.commons.logging.Log; +import org.apache.commons.logging.LogFactory; +import org.scannotation.AnnotationDB; +import org.wso2.carbon.apimgt.annotations.api.API; + +import javax.servlet.ServletContext; +import javax.ws.rs.*; +import java.io.File; +import java.io.IOException; +import java.lang.annotation.Annotation; +import java.lang.reflect.InvocationHandler; +import java.lang.reflect.Method; +import java.lang.reflect.Proxy; +import java.net.MalformedURLException; +import java.net.URI; +import java.net.URL; +import java.security.AccessController; +import java.security.PrivilegedAction; +import java.util.ArrayList; +import java.util.List; +import java.util.Set; +import java.util.StringTokenizer; + +public class AnnotationProcessor { + + private static final Log log = LogFactory.getLog(AnnotationProcessor.class); + + private static final String PACKAGE_ORG_APACHE = "org.apache"; + private static final String PACKAGE_ORG_CODEHAUS = "org.codehaus"; + private static final String PACKAGE_ORG_SPRINGFRAMEWORK = "org.springframework"; + private static final String WILD_CARD = "/*"; + private static final String URL_SEPARATOR = "/"; + + private static final String STRING_ARR = "string_arr"; + private static final String STRING = "string"; + + private Method[] pathClazzMethods; + private Class pathClazz; + Class apiClazz; + private ClassLoader classLoader; + private ServletContext servletContext; + + + public AnnotationProcessor(final StandardContext context) { + servletContext = context.getServletContext(); + classLoader = servletContext.getClassLoader(); + } + + /** + * Scan the context for classes with annotations + * + * @return + * @throws IOException + */ + public Set scanStandardContext(String className) throws IOException { + AnnotationDB db = new AnnotationDB(); + db.addIgnoredPackages(PACKAGE_ORG_APACHE); + db.addIgnoredPackages(PACKAGE_ORG_CODEHAUS); + db.addIgnoredPackages(PACKAGE_ORG_SPRINGFRAMEWORK); + URL classPath = findWebInfClassesPath(servletContext); + db.scanArchives(classPath); + + //Returns a list of classes with given Annotation + return db.getAnnotationIndex().get(className); + } + + /** + * Method identifies the URL templates and context by reading the annotations of a class + * + * @param entityClasses + * @return + */ + public List + extractPermissions(Set entityClasses) { + + List permissions = new ArrayList<>(); + + if (entityClasses != null && !entityClasses.isEmpty()) { + + for (final String className : entityClasses) { + + List resourcePermissions = + AccessController.doPrivileged(new PrivilegedAction>() { + public List run() { + Class clazz; + List apiPermissions = + new ArrayList<>(); + try { + clazz = classLoader.loadClass(className); + + apiClazz = (Class) + classLoader.loadClass(org.wso2.carbon.apimgt.annotations.api.API + .class.getName()); + + Annotation apiAnno = clazz.getAnnotation(apiClazz); + List resourceList; + + if (apiAnno != null) { + + if (log.isDebugEnabled()) { + log.debug("Application Context root = " + servletContext.getContextPath()); + } + + try { + String rootContext = servletContext.getContextPath(); + pathClazz = (Class) classLoader.loadClass(Path.class.getName()); + pathClazzMethods = pathClazz.getMethods(); + + Annotation rootContectAnno = clazz.getAnnotation(pathClazz); + String subContext = ""; + if (rootContectAnno != null) { + subContext = invokeMethod(pathClazzMethods[0], rootContectAnno, STRING); + if (subContext != null && !subContext.isEmpty()) { + if (subContext.trim().startsWith("/")) { + rootContext = rootContext + subContext; + } else { + rootContext = rootContext + "/" + subContext; + } + } + if (log.isDebugEnabled()) { + log.debug("API Root Context = " + rootContext); + } + } + + Method[] annotatedMethods = clazz.getDeclaredMethods(); + apiPermissions = getApiResources(rootContext, annotatedMethods); + } catch (Throwable throwable) { + log.error("Error encountered while scanning for annotations", throwable); + } + } + } catch (ClassNotFoundException e) { + log.error("Error when passing the api annotation for device type apis."); + } + return apiPermissions; + } + }); + permissions.addAll(resourcePermissions); + } + } + return permissions; + } + + + /** + * Get Resources for each API + * + * @param resourceRootContext + * @param annotatedMethods + * @return + * @throws Throwable + */ + private List + getApiResources(String resourceRootContext, Method[] annotatedMethods) throws Throwable { + + List permissions = new ArrayList<>(); + String subCtx; + for (Method method : annotatedMethods) { + Annotation[] annotations = method.getDeclaredAnnotations(); + org.wso2.carbon.device.mgt.common.permission.mgt.Permission permission = + new org.wso2.carbon.device.mgt.common.permission.mgt.Permission(); + + if (isHttpMethodAvailable(annotations)) { + Annotation methodContextAnno = method.getAnnotation(pathClazz); + if (methodContextAnno != null) { + subCtx = invokeMethod(pathClazzMethods[0], methodContextAnno, STRING); + } else { + subCtx = WILD_CARD; + } + permission.setContext(makeContextURLReady(resourceRootContext)); + permission.setUrlTemplate(makeContextURLReady(subCtx)); + + // this check is added to avoid url resolving conflict which happens due + // to adding of '*' notation for dynamic path variables. + if (WILD_CARD.equals(subCtx)) { + subCtx = makeContextURLReady(resourceRootContext); + } else { + subCtx = makeContextURLReady(resourceRootContext) + makeContextURLReady(subCtx); + } + permission.setUrl(replaceDynamicPathVariables(subCtx)); + String httpMethod; + for (int i = 0; i < annotations.length; i++) { + httpMethod = getHTTPMethodAnnotation(annotations[i]); + if (httpMethod != null) { + permission.setMethod(httpMethod); + break; + } + } + permissions.add(permission); + } + } + return permissions; + } + + /** + * Read Method annotations indicating HTTP Methods + * @param annotation + */ + private String getHTTPMethodAnnotation(Annotation annotation) { + if (annotation.annotationType().getName().equals(GET.class.getName())) { + return HttpMethod.GET; + } else if (annotation.annotationType().getName().equals(POST.class.getName())) { + return HttpMethod.POST; + } else if (annotation.annotationType().getName().equals(OPTIONS.class.getName())) { + return HttpMethod.OPTIONS; + } else if (annotation.annotationType().getName().equals(DELETE.class.getName())) { + return HttpMethod.DELETE; + } else if (annotation.annotationType().getName().equals(PUT.class.getName())) { + return HttpMethod.PUT; + } + return null; + } + + private boolean isHttpMethodAvailable(Annotation[] annotations) { + for (Annotation annotation : annotations) { + if (annotation.annotationType().getName().equals(GET.class.getName())) { + return true; + } else if (annotation.annotationType().getName().equals(POST.class.getName())) { + return true; + } else if (annotation.annotationType().getName().equals(OPTIONS.class.getName())) { + return true; + } else if (annotation.annotationType().getName().equals(DELETE.class.getName())) { + return true; + } else if (annotation.annotationType().getName().equals(PUT.class.getName())) { + return true; + } + } + return false; + } + + /** + * Append '/' to the context and make it URL ready + * + * @param context + * @return + */ + private String makeContextURLReady(String context) { + if (context != null && ! context.isEmpty()) { + if (context.startsWith("/")) { + return context; + } else { + return "/" + context; + } + } + return ""; + } + + /** + * When an annotation and method is passed, this method invokes that executes said method against the annotation + * + * @param method + * @param annotation + * @param returnType + * @return + * @throws Throwable + */ + private String invokeMethod(Method method, Annotation annotation, String returnType) throws Throwable { + InvocationHandler methodHandler = Proxy.getInvocationHandler(annotation); + switch (returnType) { + case STRING: + return (String) methodHandler.invoke(annotation, method, null); + case STRING_ARR: + return ((String[]) methodHandler.invoke(annotation, method, null))[0]; + default: + return null; + } + } + + + /** + * Find the URL pointing to "/WEB-INF/classes" This method may not work in conjunction with IteratorFactory + * if your servlet container does not extract the /WEB-INF/classes into a real file-based directory + * + * @param servletContext + * @return null if cannot determin /WEB-INF/classes + */ + public static URL findWebInfClassesPath(ServletContext servletContext) + { + String path = servletContext.getRealPath("/WEB-INF/classes"); + if (path == null) return null; + File fp = new File(path); + if (fp.exists() == false) return null; + try + { + URI uri = fp.toURI(); + return uri.toURL(); + } + catch (MalformedURLException e) + { + throw new RuntimeException(e); + } + } + + private String replaceDynamicPathVariables(String path) { + StringBuilder replacedPath = new StringBuilder(); + StringTokenizer st = new StringTokenizer(path, URL_SEPARATOR); + String currentToken; + while (st.hasMoreTokens()) { + currentToken = st.nextToken(); + if (currentToken.charAt(0) == '{') { + if (currentToken.charAt(currentToken.length() - 1) == '}') { + replacedPath.append(WILD_CARD); + } + } else { + replacedPath.append(URL_SEPARATOR); + replacedPath.append(currentToken); + } + } + return replacedPath.toString(); + } + +} diff --git a/components/device-mgt/org.wso2.carbon.device.mgt.core/src/main/java/org/wso2/carbon/device/mgt/core/config/permission/PermissionConfiguration.java b/components/device-mgt/org.wso2.carbon.device.mgt.core/src/main/java/org/wso2/carbon/device/mgt/core/config/permission/PermissionConfiguration.java index f974ea5f20e..7911ff7cdfc 100644 --- a/components/device-mgt/org.wso2.carbon.device.mgt.core/src/main/java/org/wso2/carbon/device/mgt/core/config/permission/PermissionConfiguration.java +++ b/components/device-mgt/org.wso2.carbon.device.mgt.core/src/main/java/org/wso2/carbon/device/mgt/core/config/permission/PermissionConfiguration.java @@ -25,29 +25,27 @@ import javax.xml.bind.annotation.XmlRootElement; import java.util.List; /** - * This class represents the information related to permission configuration. + * This class represents the information related to permissions. */ -@XmlRootElement (name = "PermissionConfiguration") public class PermissionConfiguration { - private List permissions; - private String apiVersion; + private String scopeName; + private String[] permissions; - public String getApiVersion() { - return apiVersion; + public String getScopeName() { + return scopeName; } - @XmlElement (name = "APIVersion", required = true) - public void setApiVersion(String apiVersion) { - this.apiVersion = apiVersion; + public void setScopeName(String scope) { + this.scopeName = scope; } - public List getPermissions() { + public String[] getPermissions() { return permissions; } - @XmlElement (name = "Permission", required = true) - public void setPermissions(List permissions) { + public void setPermissions(String[] permissions) { this.permissions = permissions; } + } diff --git a/components/device-mgt/org.wso2.carbon.device.mgt.core/src/main/java/org/wso2/carbon/device/mgt/core/config/permission/lifecycle/WebAppDeploymentLifecycleListener.java b/components/device-mgt/org.wso2.carbon.device.mgt.core/src/main/java/org/wso2/carbon/device/mgt/core/config/permission/lifecycle/WebAppDeploymentLifecycleListener.java index f274eee8459..fbde8047e3f 100644 --- a/components/device-mgt/org.wso2.carbon.device.mgt.core/src/main/java/org/wso2/carbon/device/mgt/core/config/permission/lifecycle/WebAppDeploymentLifecycleListener.java +++ b/components/device-mgt/org.wso2.carbon.device.mgt.core/src/main/java/org/wso2/carbon/device/mgt/core/config/permission/lifecycle/WebAppDeploymentLifecycleListener.java @@ -26,6 +26,8 @@ import org.apache.commons.logging.Log; import org.apache.commons.logging.LogFactory; import org.wso2.carbon.device.mgt.common.permission.mgt.Permission; import org.wso2.carbon.device.mgt.common.permission.mgt.PermissionManagementException; +import org.wso2.carbon.device.mgt.common.permission.mgt.PermissionManagerService; +import org.wso2.carbon.device.mgt.core.config.permission.AnnotationProcessor; import org.wso2.carbon.device.mgt.core.config.permission.PermissionConfiguration; import org.wso2.carbon.device.mgt.core.permission.mgt.PermissionManagerServiceImpl; import org.wso2.carbon.device.mgt.core.permission.mgt.PermissionUtils; @@ -35,8 +37,10 @@ import javax.xml.bind.JAXBContext; import javax.xml.bind.JAXBException; import javax.xml.bind.Unmarshaller; import java.io.File; +import java.io.IOException; import java.io.InputStream; import java.util.List; +import java.util.Set; /** * This listener class will initiate the permission addition of permissions defined in @@ -45,7 +49,8 @@ import java.util.List; @SuppressWarnings("unused") public class WebAppDeploymentLifecycleListener implements LifecycleListener { - private static final String PERMISSION_CONFIG_PATH = "META-INF" + File.separator + "permissions.xml"; + private static final String PARAM_MANAGED_API_ENABLED = "managed-api-enabled"; + private static final Log log = LogFactory.getLog(WebAppDeploymentLifecycleListener.class); @Override @@ -54,34 +59,27 @@ public class WebAppDeploymentLifecycleListener implements LifecycleListener { StandardContext context = (StandardContext) lifecycleEvent.getLifecycle(); ServletContext servletContext = context.getServletContext(); String contextPath = context.getServletContext().getContextPath(); - try { - InputStream permissionStream = servletContext.getResourceAsStream(PERMISSION_CONFIG_PATH); - if (permissionStream != null) { - /* Un-marshaling Device Management configuration */ - JAXBContext cdmContext = JAXBContext.newInstance(PermissionConfiguration.class); - Unmarshaller unmarshaller = cdmContext.createUnmarshaller(); - PermissionConfiguration permissionConfiguration = (PermissionConfiguration) - unmarshaller.unmarshal(permissionStream); - List permissions = permissionConfiguration.getPermissions(); - String apiVersion = permissionConfiguration.getApiVersion(); - if (permissionConfiguration != null && permissions != null) { + String param = servletContext.getInitParameter(PARAM_MANAGED_API_ENABLED); + boolean isManagedApi = (param != null && !param.isEmpty()) && Boolean.parseBoolean(param); + + if (isManagedApi) { + try { + AnnotationProcessor annotationProcessor = new AnnotationProcessor(context); + Set annotatedAPIClasses = annotationProcessor. + scanStandardContext(org.wso2.carbon.apimgt.annotations.api.API.class.getName()); + List permissions = annotationProcessor.extractPermissions(annotatedAPIClasses); + PermissionManagerService permissionManagerService = PermissionManagerServiceImpl.getInstance(); + if (permissions != null) { for (Permission permission : permissions) { - // update the permission path to absolute permission path - permission.setPath(PermissionUtils.getAbsolutePermissionPath(permission.getPath())); - permission.setUrl(PermissionUtils.getAbsoluteContextPathOfAPI(contextPath, apiVersion, - permission.getUrl()).toLowerCase()); - permission.setMethod(permission.getMethod().toUpperCase()); - PermissionManagerServiceImpl.getInstance().addPermission(permission); + permissionManagerService.addPermission(permission); } } + } catch (PermissionManagementException e) { + log.error("Exception occurred while adding the permissions from webapp : " + + servletContext.getContextPath(), e); + } catch (IOException e) { + log.error("Cannot find API annotation Class in the webapp '" + contextPath + "' class path", e); } - } catch (JAXBException e) { - log.error( - "Exception occurred while parsing the permission configuration of webapp : " - + context.getServletContext().getContextPath(), e); - } catch (PermissionManagementException e) { - log.error("Exception occurred while adding the permissions from webapp : " - + servletContext.getContextPath(), e); } } diff --git a/components/device-mgt/org.wso2.carbon.device.mgt.core/src/main/java/org/wso2/carbon/device/mgt/core/permission/mgt/PermissionManagerServiceImpl.java b/components/device-mgt/org.wso2.carbon.device.mgt.core/src/main/java/org/wso2/carbon/device/mgt/core/permission/mgt/PermissionManagerServiceImpl.java index 190b90dbc7f..9dd03555a29 100644 --- a/components/device-mgt/org.wso2.carbon.device.mgt.core/src/main/java/org/wso2/carbon/device/mgt/core/permission/mgt/PermissionManagerServiceImpl.java +++ b/components/device-mgt/org.wso2.carbon.device.mgt.core/src/main/java/org/wso2/carbon/device/mgt/core/permission/mgt/PermissionManagerServiceImpl.java @@ -22,8 +22,9 @@ import org.wso2.carbon.device.mgt.common.permission.mgt.Permission; import org.wso2.carbon.device.mgt.common.permission.mgt.PermissionManagementException; import org.wso2.carbon.device.mgt.common.permission.mgt.PermissionManagerService; -import java.util.List; +import java.util.HashSet; import java.util.Properties; +import java.util.Set; /** * This class will add, update custom permissions defined in permission.xml in webapps and it will @@ -52,10 +53,9 @@ public class PermissionManagerServiceImpl implements PermissionManagerService { } @Override - public boolean addPermission(Permission permission) throws PermissionManagementException { + public void addPermission(Permission permission) throws PermissionManagementException { // adding a permission to the tree permissionTree.addPermission(permission); - return PermissionUtils.putPermission(permission); } @Override diff --git a/components/device-mgt/org.wso2.carbon.device.mgt.core/src/main/java/org/wso2/carbon/device/mgt/core/permission/mgt/PermissionTree.java b/components/device-mgt/org.wso2.carbon.device.mgt.core/src/main/java/org/wso2/carbon/device/mgt/core/permission/mgt/PermissionTree.java index 8294cce8a0f..62af312e66f 100644 --- a/components/device-mgt/org.wso2.carbon.device.mgt.core/src/main/java/org/wso2/carbon/device/mgt/core/permission/mgt/PermissionTree.java +++ b/components/device-mgt/org.wso2.carbon.device.mgt.core/src/main/java/org/wso2/carbon/device/mgt/core/permission/mgt/PermissionTree.java @@ -54,9 +54,6 @@ public class PermissionTree { tempRoot = addPermissionNode(tempRoot, tempChild); } tempRoot.addPermission(permission.getMethod(), permission); //setting permission to the vertex - if (log.isDebugEnabled()) { - log.debug("Added permission '" + permission.getName() + "'"); - } } /** diff --git a/components/device-mgt/org.wso2.carbon.device.mgt.core/src/main/java/org/wso2/carbon/device/mgt/core/permission/mgt/PermissionUtils.java b/components/device-mgt/org.wso2.carbon.device.mgt.core/src/main/java/org/wso2/carbon/device/mgt/core/permission/mgt/PermissionUtils.java index d70247f683b..8ab98b9fd89 100644 --- a/components/device-mgt/org.wso2.carbon.device.mgt.core/src/main/java/org/wso2/carbon/device/mgt/core/permission/mgt/PermissionUtils.java +++ b/components/device-mgt/org.wso2.carbon.device.mgt.core/src/main/java/org/wso2/carbon/device/mgt/core/permission/mgt/PermissionUtils.java @@ -39,95 +39,93 @@ import java.util.StringTokenizer; */ public class PermissionUtils { - public static final String ADMIN_PERMISSION_REGISTRY_PATH = "/permission/admin"; - public static final String PERMISSION_PROPERTY_NAME = "name"; + public static final String ADMIN_PERMISSION_REGISTRY_PATH = "/permission/admin"; + public static final String PERMISSION_PROPERTY_NAME = "name"; - public static Registry getGovernanceRegistry() throws PermissionManagementException { - try { - int tenantId = PrivilegedCarbonContext.getThreadLocalCarbonContext().getTenantId(); - return DeviceManagementDataHolder.getInstance().getRegistryService() - .getGovernanceSystemRegistry( - tenantId); - } catch (RegistryException e) { - throw new PermissionManagementException( - "Error in retrieving governance registry instance: " + - e.getMessage(), e); - } - } + public static Registry getGovernanceRegistry() throws PermissionManagementException { + try { + int tenantId = PrivilegedCarbonContext.getThreadLocalCarbonContext().getTenantId(); + return DeviceManagementDataHolder.getInstance().getRegistryService() + .getGovernanceSystemRegistry( + tenantId); + } catch (RegistryException e) { + throw new PermissionManagementException( + "Error in retrieving governance registry instance: " + + e.getMessage(), e); + } + } - public static String getAbsolutePermissionPath(String permissionPath) { - return PermissionUtils.ADMIN_PERMISSION_REGISTRY_PATH + permissionPath; - } + public static String getAbsolutePermissionPath(String permissionPath) { + return PermissionUtils.ADMIN_PERMISSION_REGISTRY_PATH + permissionPath; + } public static String getAbsoluteContextPathOfAPI(String contextPath, String version, String url) { - if((version != null) && !version.isEmpty()) { - return contextPath + "/" + version + url; + if ((version != null) && !version.isEmpty()) { + return contextPath + "/" + version + url; } return contextPath + url; } - public static Permission getPermission(String path) throws PermissionManagementException { - try { - Resource resource = PermissionUtils.getGovernanceRegistry().get(path); - Permission permission = new Permission(); - permission.setName(resource.getProperty(PERMISSION_PROPERTY_NAME)); - permission.setPath(resource.getPath()); - return permission; - } catch (RegistryException e) { - throw new PermissionManagementException("Error in retrieving registry resource : " + - e.getMessage(), e); - } - } - - public static boolean putPermission(Permission permission) - throws PermissionManagementException { - boolean status; - try { - StringTokenizer tokenizer = new StringTokenizer(permission.getPath(), "/"); - String lastToken = "", currentToken, tempPath; - while(tokenizer.hasMoreTokens()) { - currentToken = tokenizer.nextToken(); - tempPath = lastToken + "/" + currentToken; - if(!checkResourceExists(tempPath)) { + // public static Permission getPermission(String path) throws PermissionManagementException { +// try { +// Resource resource = PermissionUtils.getGovernanceRegistry().get(path); +// Permission permission = new Permission(); +// permission.setName(resource.getProperty(PERMISSION_PROPERTY_NAME)); +// permission.setPath(resource.getPath()); +// return permission; +// } catch (RegistryException e) { +// throw new PermissionManagementException("Error in retrieving registry resource : " + +// e.getMessage(), e); +// } +// } +// + public static boolean putPermission(String permissionPath) + throws PermissionManagementException { + boolean status; + try { + StringTokenizer tokenizer = new StringTokenizer(permissionPath, "/"); + String lastToken = "", currentToken, tempPath; + while (tokenizer.hasMoreTokens()) { + currentToken = tokenizer.nextToken(); + tempPath = lastToken + "/" + currentToken; + if (!checkResourceExists(tempPath)) { createRegistryCollection(tempPath, currentToken); - } - lastToken = tempPath; - } - status = true; - } catch (RegistryException e) { - throw new PermissionManagementException( - "Error occurred while persisting permission : " + - permission.getName(), e); - } - return status; - } + } + lastToken = tempPath; + } + status = true; + } catch (RegistryException e) { + throw new PermissionManagementException("Error occurred while persisting permission", e); + } + return status; + } - public static void createRegistryCollection(String path, String resourceName) - throws PermissionManagementException, - RegistryException { - Resource resource = PermissionUtils.getGovernanceRegistry().newCollection(); - resource.addProperty(PERMISSION_PROPERTY_NAME, resourceName); - PermissionUtils.getGovernanceRegistry().beginTransaction(); - PermissionUtils.getGovernanceRegistry().put(path, resource); - PermissionUtils.getGovernanceRegistry().commitTransaction(); - } + public static void createRegistryCollection(String path, String resourceName) + throws PermissionManagementException, + RegistryException { + Resource resource = PermissionUtils.getGovernanceRegistry().newCollection(); + resource.addProperty(PERMISSION_PROPERTY_NAME, resourceName); + PermissionUtils.getGovernanceRegistry().beginTransaction(); + PermissionUtils.getGovernanceRegistry().put(path, resource); + PermissionUtils.getGovernanceRegistry().commitTransaction(); + } - public static boolean checkResourceExists(String path) - throws PermissionManagementException, - org.wso2.carbon.registry.core.exceptions.RegistryException { - return PermissionUtils.getGovernanceRegistry().resourceExists(path); - } + public static boolean checkResourceExists(String path) + throws PermissionManagementException, + org.wso2.carbon.registry.core.exceptions.RegistryException { + return PermissionUtils.getGovernanceRegistry().resourceExists(path); + } - public static Document convertToDocument(File file) throws PermissionManagementException { - DocumentBuilderFactory factory = DocumentBuilderFactory.newInstance(); - factory.setNamespaceAware(true); - try { - DocumentBuilder docBuilder = factory.newDocumentBuilder(); - return docBuilder.parse(file); - } catch (Exception e) { - throw new PermissionManagementException("Error occurred while parsing file, while converting " + - "to a org.w3c.dom.Document", e); - } - } + public static Document convertToDocument(File file) throws PermissionManagementException { + DocumentBuilderFactory factory = DocumentBuilderFactory.newInstance(); + factory.setNamespaceAware(true); + try { + DocumentBuilder docBuilder = factory.newDocumentBuilder(); + return docBuilder.parse(file); + } catch (Exception e) { + throw new PermissionManagementException("Error occurred while parsing file, while converting " + + "to a org.w3c.dom.Document", e); + } + } } diff --git a/components/identity-extensions/org.wso2.carbon.device.mgt.oauth.extensions/src/main/java/org/wso2/carbon/device/mgt/oauth/extensions/validators/PermissionBasedScopeValidator.java b/components/identity-extensions/org.wso2.carbon.device.mgt.oauth.extensions/src/main/java/org/wso2/carbon/device/mgt/oauth/extensions/validators/PermissionBasedScopeValidator.java index 04fc9996cdc..b4a5521e0ba 100644 --- a/components/identity-extensions/org.wso2.carbon.device.mgt.oauth.extensions/src/main/java/org/wso2/carbon/device/mgt/oauth/extensions/validators/PermissionBasedScopeValidator.java +++ b/components/identity-extensions/org.wso2.carbon.device.mgt.oauth.extensions/src/main/java/org/wso2/carbon/device/mgt/oauth/extensions/validators/PermissionBasedScopeValidator.java @@ -87,11 +87,11 @@ public class PermissionBasedScopeValidator extends OAuth2ScopeValidator { if (userRealm != null && userRealm.getAuthorizationManager() != null) { if (userStore != null) { status = userRealm.getAuthorizationManager() - .isUserAuthorized(userStore + "/" + username, permission.getPath(), + .isUserAuthorized(userStore + "/" + username, permission.getUrl(), PermissionMethod.UI_EXECUTE); } else { status = userRealm.getAuthorizationManager() - .isUserAuthorized(username, permission.getPath(), PermissionMethod.UI_EXECUTE); + .isUserAuthorized(username, permission.getUrl(), PermissionMethod.UI_EXECUTE); } } } diff --git a/components/webapp-authenticator-framework/org.wso2.carbon.webapp.authenticator.framework/src/main/java/org/wso2/carbon/webapp/authenticator/framework/Utils/Utils.java b/components/webapp-authenticator-framework/org.wso2.carbon.webapp.authenticator.framework/src/main/java/org/wso2/carbon/webapp/authenticator/framework/Utils/Utils.java index 96326492772..163e8287fe2 100644 --- a/components/webapp-authenticator-framework/org.wso2.carbon.webapp.authenticator.framework/src/main/java/org/wso2/carbon/webapp/authenticator/framework/Utils/Utils.java +++ b/components/webapp-authenticator-framework/org.wso2.carbon.webapp.authenticator.framework/src/main/java/org/wso2/carbon/webapp/authenticator/framework/Utils/Utils.java @@ -23,6 +23,10 @@ import org.apache.commons.logging.Log; import org.apache.commons.logging.LogFactory; import org.wso2.carbon.base.MultitenantConstants; import org.wso2.carbon.context.PrivilegedCarbonContext; +import org.wso2.carbon.device.mgt.common.permission.mgt.Permission; +import org.wso2.carbon.device.mgt.common.permission.mgt.PermissionManagementException; +import org.wso2.carbon.device.mgt.common.permission.mgt.PermissionManagerService; +import org.wso2.carbon.device.mgt.core.permission.mgt.PermissionManagerServiceImpl; import org.wso2.carbon.identity.core.util.IdentityTenantUtil; import org.wso2.carbon.user.api.TenantManager; import org.wso2.carbon.user.api.UserStoreException; @@ -30,9 +34,17 @@ import org.wso2.carbon.user.core.service.RealmService; import org.wso2.carbon.utils.multitenancy.MultitenantUtils; import org.wso2.carbon.webapp.authenticator.framework.AuthenticationException; +import java.util.Properties; + public class Utils { private static final Log log = LogFactory.getLog(Utils.class); + private static PermissionManagerService permissionManagerService = PermissionManagerServiceImpl.getInstance(); + private static Properties properties; + private static Permission permission; + + public static final String URL_PROPERTY = "URL"; + public static final String HTTP_METHOD_PROPERTY = "HTTP_METHOD"; public static int getTenantIdOFUser(String username) throws AuthenticationException { int tenantId = 0; @@ -74,4 +86,15 @@ public class Utils { } } + public static String getResourceUri(String url, String httpMethod) throws PermissionManagementException { + properties = new Properties(); + properties.put(URL_PROPERTY, url); + properties.put(HTTP_METHOD_PROPERTY, httpMethod); + permission = permissionManagerService.getPermission(properties); + if (permission != null) { + return permission.getContext() + "/1.0.0/1.0.0" + permission.getUrlTemplate() + ":" + permission.getMethod(); + } + return null; + } + } diff --git a/components/webapp-authenticator-framework/org.wso2.carbon.webapp.authenticator.framework/src/main/java/org/wso2/carbon/webapp/authenticator/framework/authenticator/OAuthAuthenticator.java b/components/webapp-authenticator-framework/org.wso2.carbon.webapp.authenticator.framework/src/main/java/org/wso2/carbon/webapp/authenticator/framework/authenticator/OAuthAuthenticator.java index bbeab152a3f..abb0178cc64 100644 --- a/components/webapp-authenticator-framework/org.wso2.carbon.webapp.authenticator.framework/src/main/java/org/wso2/carbon/webapp/authenticator/framework/authenticator/OAuthAuthenticator.java +++ b/components/webapp-authenticator-framework/org.wso2.carbon.webapp.authenticator.framework/src/main/java/org/wso2/carbon/webapp/authenticator/framework/authenticator/OAuthAuthenticator.java @@ -23,6 +23,7 @@ import org.apache.commons.logging.Log; import org.apache.commons.logging.LogFactory; import org.apache.tomcat.util.buf.ByteChunk; import org.apache.tomcat.util.buf.MessageBytes; +import org.wso2.carbon.device.mgt.common.permission.mgt.PermissionManagementException; import org.wso2.carbon.webapp.authenticator.framework.AuthenticationException; import org.wso2.carbon.webapp.authenticator.framework.AuthenticationFrameworkUtil; import org.wso2.carbon.webapp.authenticator.framework.AuthenticationInfo; @@ -105,7 +106,7 @@ public class OAuthAuthenticator implements WebappAuthenticator { StringTokenizer tokenizer = new StringTokenizer(requestUri, "/"); String context = tokenizer.nextToken(); - if ((context == null) || ("".equals(context))) { + if ((context == null) || (context.isEmpty())) { authenticationInfo.setStatus(WebappAuthenticator.Status.CONTINUE); } String apiVersion = tokenizer.nextToken(); @@ -120,7 +121,17 @@ public class OAuthAuthenticator implements WebappAuthenticator { } else { String bearerToken = getBearerToken(request); - String resource = requestUri + ":" + requestMethod; + int urlParamIndex = requestUri.indexOf('?'); + if(urlParamIndex > 0) { + requestUri = requestUri.substring(0, urlParamIndex); + } + String resource = Utils.getResourceUri(requestUri, requestMethod); + + if (resource == null || resource.isEmpty()) { + authenticationInfo.setStatus(Status.FAILURE); + authenticationInfo.setMessage("Requested resource does not exist"); + return authenticationInfo; + } OAuthValidationResponse oAuthValidationResponse = this.tokenValidator.validateToken(bearerToken, resource); @@ -142,6 +153,8 @@ public class OAuthAuthenticator implements WebappAuthenticator { log.error("Failed to authenticate the incoming request", e); } catch (OAuthTokenValidationException e) { log.error("Failed to authenticate the incoming request due to oauth token validation error.", e); + } catch (PermissionManagementException e) { + log.error("Failed to authenticate the incoming request due to error in permission initialization", e); } return authenticationInfo; } diff --git a/components/webapp-authenticator-framework/org.wso2.carbon.webapp.authenticator.framework/src/main/java/org/wso2/carbon/webapp/authenticator/framework/authorizer/PermissionAuthorizer.java b/components/webapp-authenticator-framework/org.wso2.carbon.webapp.authenticator.framework/src/main/java/org/wso2/carbon/webapp/authenticator/framework/authorizer/PermissionAuthorizer.java index 6d5138d3a2f..c17d6fcc6ad 100644 --- a/components/webapp-authenticator-framework/org.wso2.carbon.webapp.authenticator.framework/src/main/java/org/wso2/carbon/webapp/authenticator/framework/authorizer/PermissionAuthorizer.java +++ b/components/webapp-authenticator-framework/org.wso2.carbon.webapp.authenticator.framework/src/main/java/org/wso2/carbon/webapp/authenticator/framework/authorizer/PermissionAuthorizer.java @@ -42,56 +42,7 @@ public class PermissionAuthorizer { public WebappAuthenticator.Status authorize(Request request, Response response) { - String requestUri = request.getRequestURI(); - String requestMethod = request.getMethod(); - - if (requestUri == null || requestUri.isEmpty() || requestMethod == null || requestMethod.isEmpty()) { - return WebappAuthenticator.Status.CONTINUE; - } - - PermissionManagerServiceImpl registryBasedPermissionManager = PermissionManagerServiceImpl.getInstance(); - Properties properties = new Properties(); - properties.put("",requestUri); - properties.put("",requestMethod); - Permission requestPermission = null; - try { - requestPermission = registryBasedPermissionManager.getPermission(properties); - } catch (PermissionManagementException e) { - log.error( - "Error occurred while fetching the permission for URI : " + Encode.forJava(requestUri) + " ," + - " METHOD : " + requestMethod + ", msg = " + e.getMessage()); - } - - if (requestPermission == null) { - if (log.isDebugEnabled()) { - log.debug("Permission to request '" + Encode.forJava(requestUri) + "' is not defined in the configuration"); - } - return WebappAuthenticator.Status.FAILURE; - } - - String permissionString = requestPermission.getPath(); - - // This is added temporarily until authentication works. - // TODO remove below line. - String username = "admin"; - // TODO uncomment this once the authentication works. - //String username = CarbonContext.getThreadLocalCarbonContext().getUsername(); - - boolean isUserAuthorized; - try { - isUserAuthorized = CarbonContext.getThreadLocalCarbonContext().getUserRealm(). - getAuthorizationManager().isUserAuthorized(username, permissionString, - Constants.PermissionMethod.READ); - } catch (UserStoreException e) { - log.error("Error occurred while retrieving user store. " + e.getMessage()); - return WebappAuthenticator.Status.FAILURE; - } - - if (isUserAuthorized) { - return WebappAuthenticator.Status.SUCCESS; - } else { - return WebappAuthenticator.Status.FAILURE; - } + return WebappAuthenticator.Status.SUCCESS; } } diff --git a/features/device-mgt/org.wso2.carbon.device.mgt.api.feature/pom.xml b/features/device-mgt/org.wso2.carbon.device.mgt.api.feature/pom.xml index d3fcbc2c5da..2ed84f06003 100644 --- a/features/device-mgt/org.wso2.carbon.device.mgt.api.feature/pom.xml +++ b/features/device-mgt/org.wso2.carbon.device.mgt.api.feature/pom.xml @@ -57,7 +57,7 @@ ${project.build.directory}/maven-shared-archive-resources/webapps - api#device-mgt#v1.0.war + api-device-mgt-v1.0.war diff --git a/features/device-mgt/org.wso2.carbon.device.mgt.api.feature/src/main/resources/p2.inf b/features/device-mgt/org.wso2.carbon.device.mgt.api.feature/src/main/resources/p2.inf index e0423d3cc3c..032e7e18c83 100644 --- a/features/device-mgt/org.wso2.carbon.device.mgt.api.feature/src/main/resources/p2.inf +++ b/features/device-mgt/org.wso2.carbon.device.mgt.api.feature/src/main/resources/p2.inf @@ -1,3 +1,3 @@ instructions.configure = \ org.eclipse.equinox.p2.touchpoint.natives.mkdir(path:${installFolder}/../../deployment/server/webapps/);\ -org.eclipse.equinox.p2.touchpoint.natives.copy(source:${installFolder}/../features/org.wso2.carbon.device.mgt.api_${feature.version}/webapps/api#device-mgt#v1.0.war,target:${installFolder}/../../deployment/server/webapps/api#device-mgt#v1.0.war,overwrite:true);\ \ No newline at end of file +org.eclipse.equinox.p2.touchpoint.natives.copy(source:${installFolder}/../features/org.wso2.carbon.device.mgt.api_${feature.version}/webapps/api-device-mgt-v1.0.war,target:${installFolder}/../../deployment/server/webapps/api-device-mgt-v1.0.war,overwrite:true);\ \ No newline at end of file