From 59e2a33e4a238ec40997ad0a28d53cb6fa926991 Mon Sep 17 00:00:00 2001 From: ayyoob Date: Sat, 19 Nov 2016 11:02:48 +0530 Subject: [PATCH 1/9] exposed device access authorisation as a service --- .../mgt/jaxrs/beans/AuthorizationRequest.java | 45 +++++++++ ...DeviceAccessAuthorizationAdminService.java | 91 +++++++++++++++++++ ...ceAccessAuthorizationAdminServiceImpl.java | 85 +++++++++++++++++ .../DeviceAccessAuthorizationServiceImpl.java | 3 +- .../app/modules/oauth/token-handler-utils.js | 18 +++- .../app/modules/oauth/token-handlers.js | 64 ++++++------- .../jwt/client/extension/JWTClient.java | 3 + 7 files changed, 275 insertions(+), 34 deletions(-) create mode 100644 components/device-mgt/org.wso2.carbon.device.mgt.api/src/main/java/org/wso2/carbon/device/mgt/jaxrs/beans/AuthorizationRequest.java create mode 100644 components/device-mgt/org.wso2.carbon.device.mgt.api/src/main/java/org/wso2/carbon/device/mgt/jaxrs/service/api/admin/DeviceAccessAuthorizationAdminService.java create mode 100644 components/device-mgt/org.wso2.carbon.device.mgt.api/src/main/java/org/wso2/carbon/device/mgt/jaxrs/service/impl/admin/DeviceAccessAuthorizationAdminServiceImpl.java diff --git a/components/device-mgt/org.wso2.carbon.device.mgt.api/src/main/java/org/wso2/carbon/device/mgt/jaxrs/beans/AuthorizationRequest.java b/components/device-mgt/org.wso2.carbon.device.mgt.api/src/main/java/org/wso2/carbon/device/mgt/jaxrs/beans/AuthorizationRequest.java new file mode 100644 index 00000000000..3a63938b8b5 --- /dev/null +++ b/components/device-mgt/org.wso2.carbon.device.mgt.api/src/main/java/org/wso2/carbon/device/mgt/jaxrs/beans/AuthorizationRequest.java @@ -0,0 +1,45 @@ +package org.wso2.carbon.device.mgt.jaxrs.beans; + +import org.wso2.carbon.device.mgt.common.DeviceIdentifier; + +import java.util.List; + +public class AuthorizationRequest { + + String tenantDomain; + String username; + List deviceIdentifiers; + List permissions; + + public String getTenantDomain() { + return tenantDomain; + } + + public void setTenantDomain(String tenantDomain) { + this.tenantDomain = tenantDomain; + } + + public String getUsername() { + return username; + } + + public void setUsername(String username) { + this.username = username; + } + + public List getDeviceIdentifiers() { + return deviceIdentifiers; + } + + public void setDeviceIdentifiers(List deviceIdentifiers) { + this.deviceIdentifiers = deviceIdentifiers; + } + + public List getPermissions() { + return permissions; + } + + public void setPermissions(List permissions) { + this.permissions = permissions; + } +} diff --git a/components/device-mgt/org.wso2.carbon.device.mgt.api/src/main/java/org/wso2/carbon/device/mgt/jaxrs/service/api/admin/DeviceAccessAuthorizationAdminService.java b/components/device-mgt/org.wso2.carbon.device.mgt.api/src/main/java/org/wso2/carbon/device/mgt/jaxrs/service/api/admin/DeviceAccessAuthorizationAdminService.java new file mode 100644 index 00000000000..a779b73e750 --- /dev/null +++ b/components/device-mgt/org.wso2.carbon.device.mgt.api/src/main/java/org/wso2/carbon/device/mgt/jaxrs/service/api/admin/DeviceAccessAuthorizationAdminService.java @@ -0,0 +1,91 @@ +/* + * Copyright (c) 2016, WSO2 Inc. (http://www.wso2.org) All Rights Reserved. + * + * WSO2 Inc. licenses this file to you under the Apache License, + * Version 2.0 (the "License"); you may not use this file except + * in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, + * software distributed under the License is distributed on an + * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY + * KIND, either express or implied. See the License for the + * specific language governing permissions and limitations + * under the License. + * + */ +package org.wso2.carbon.device.mgt.jaxrs.service.api.admin; + +import io.swagger.annotations.Api; +import io.swagger.annotations.ApiOperation; +import io.swagger.annotations.ApiParam; +import io.swagger.annotations.ApiResponse; +import io.swagger.annotations.ApiResponses; +import io.swagger.annotations.ResponseHeader; +import org.wso2.carbon.apimgt.annotations.api.API; +import org.wso2.carbon.apimgt.annotations.api.Permission; +import org.wso2.carbon.device.mgt.common.Device; +import org.wso2.carbon.device.mgt.common.authorization.DeviceAuthorizationResult; +import org.wso2.carbon.device.mgt.common.operation.mgt.Activity; +import org.wso2.carbon.device.mgt.jaxrs.beans.AuthorizationRequest; +import org.wso2.carbon.device.mgt.jaxrs.beans.ErrorResponse; + +import javax.validation.constraints.Size; +import javax.ws.rs.Consumes; +import javax.ws.rs.GET; +import javax.ws.rs.HeaderParam; +import javax.ws.rs.POST; +import javax.ws.rs.Path; +import javax.ws.rs.Produces; +import javax.ws.rs.QueryParam; +import javax.ws.rs.core.MediaType; +import javax.ws.rs.core.Response; + +@API(name = "DeviceAuthorizationAdmin", version = "1.0.0", context = "/api/device-mgt/v1.0/admin/authorization", + tags = {"device_management"}) +@Path("/admin/authorization") +@Api(value = "Device Authorization Administrative Service", description = "This an API intended to be used by " + + "'internal' components to log in as an admin user and validate whether the user/device are trusted entity." + + "Further, this is strictly restricted to admin users only ") +@Produces(MediaType.APPLICATION_JSON) +@Consumes(MediaType.APPLICATION_JSON) +/** + * This interface provided the definition of the device - user access verification service. + */ +public interface DeviceAccessAuthorizationAdminService { + + @POST + @ApiOperation( + consumes = MediaType.APPLICATION_JSON, + produces = MediaType.APPLICATION_JSON, + httpMethod = "POST", + value = "Check for device access authorization\n", + notes = "This is an internal API that can be used to check for authorization.", + response = DeviceAuthorizationResult.class, + tags = "Authorization Administrative Service") + @ApiResponses(value = { + @ApiResponse( + code = 200, + message = "OK. \n Authorized device list will be delivered to the requested services", + response = DeviceAuthorizationResult.class), + @ApiResponse( + code = 400, + message = "Bad Request. \n Invalid request or validation error.", + response = ErrorResponse.class), + @ApiResponse( + code = 404, + message = "Not Found. \n The specified resource does not exist."), + @ApiResponse( + code = 415, + message = "Unsupported media type. \n The entity of the request was in a not supported format."), + @ApiResponse( + code = 500, + message = "Internal Server Error. \n Server error occurred while checking the authorization" + + " for a specified set of devices.", + response = ErrorResponse.class) + }) + @Permission(name = "Check the access authorization of the device", permission = "/device-mgt/device/authorize") + Response isAuthorized(AuthorizationRequest authorizationRequest); +} diff --git a/components/device-mgt/org.wso2.carbon.device.mgt.api/src/main/java/org/wso2/carbon/device/mgt/jaxrs/service/impl/admin/DeviceAccessAuthorizationAdminServiceImpl.java b/components/device-mgt/org.wso2.carbon.device.mgt.api/src/main/java/org/wso2/carbon/device/mgt/jaxrs/service/impl/admin/DeviceAccessAuthorizationAdminServiceImpl.java new file mode 100644 index 00000000000..6dd10edf14e --- /dev/null +++ b/components/device-mgt/org.wso2.carbon.device.mgt.api/src/main/java/org/wso2/carbon/device/mgt/jaxrs/service/impl/admin/DeviceAccessAuthorizationAdminServiceImpl.java @@ -0,0 +1,85 @@ +/* + * Copyright (c) 2016, WSO2 Inc. (http://www.wso2.org) All Rights Reserved. + * + * WSO2 Inc. licenses this file to you under the Apache License, + * Version 2.0 (the "License"); you may not use this file except + * in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, + * software distributed under the License is distributed on an + * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY + * KIND, either express or implied. See the License for the + * specific language governing permissions and limitations + * under the License. + * + */ +package org.wso2.carbon.device.mgt.jaxrs.service.impl.admin; + +import org.apache.commons.logging.Log; +import org.apache.commons.logging.LogFactory; +import org.wso2.carbon.base.MultitenantConstants; +import org.wso2.carbon.context.CarbonContext; +import org.wso2.carbon.context.PrivilegedCarbonContext; +import org.wso2.carbon.device.mgt.common.authorization.DeviceAccessAuthorizationException; +import org.wso2.carbon.device.mgt.common.authorization.DeviceAuthorizationResult; +import org.wso2.carbon.device.mgt.jaxrs.beans.AuthorizationRequest; +import org.wso2.carbon.device.mgt.jaxrs.beans.ErrorResponse; +import org.wso2.carbon.device.mgt.jaxrs.service.api.admin.DeviceAccessAuthorizationAdminService; +import org.wso2.carbon.device.mgt.jaxrs.util.DeviceMgtAPIUtils; + +import javax.ws.rs.Consumes; +import javax.ws.rs.POST; +import javax.ws.rs.Path; +import javax.ws.rs.Produces; +import javax.ws.rs.core.MediaType; +import javax.ws.rs.core.Response; + +@Path("/admin/authorization") +@Produces(MediaType.APPLICATION_JSON) +@Consumes(MediaType.APPLICATION_JSON) +public class DeviceAccessAuthorizationAdminServiceImpl implements DeviceAccessAuthorizationAdminService { + + private static final Log log = LogFactory.getLog(DeviceAccessAuthorizationAdminServiceImpl.class); + + @POST + @Override + public Response isAuthorized(AuthorizationRequest authorizationRequest) { + try { + int currentTenantId = CarbonContext.getThreadLocalCarbonContext().getTenantId(); + if (MultitenantConstants.SUPER_TENANT_ID != currentTenantId) { + return Response.status(Response.Status.UNAUTHORIZED).entity( + new ErrorResponse.ErrorResponseBuilder().setMessage( + "Current logged in user is not authorized to perform this operation").build()).build(); + } + if (authorizationRequest.getTenantDomain() == null || authorizationRequest.getTenantDomain().isEmpty()) { + authorizationRequest.setTenantDomain( + PrivilegedCarbonContext.getThreadLocalCarbonContext().getTenantDomain()); + } + PrivilegedCarbonContext.startTenantFlow(); + PrivilegedCarbonContext.getThreadLocalCarbonContext().setTenantDomain( + authorizationRequest.getTenantDomain(), true); + String[] permissionArr = null; + if (authorizationRequest.getPermissions() != null && authorizationRequest.getPermissions().size() > 0) { + permissionArr = new String[authorizationRequest.getPermissions().size()]; + permissionArr = authorizationRequest.getPermissions().toArray(permissionArr); + } + DeviceAuthorizationResult deviceAuthorizationResult = + DeviceMgtAPIUtils.getDeviceAccessAuthorizationService().isUserAuthorized( + authorizationRequest.getDeviceIdentifiers(), authorizationRequest.getUsername() + , permissionArr); + + return Response.status(Response.Status.OK).entity(deviceAuthorizationResult).build(); + } catch (DeviceAccessAuthorizationException e) { + String msg = "Error occurred at server side while fetching authorization information."; + log.error(msg, e); + return Response.serverError().entity( + new ErrorResponse.ErrorResponseBuilder().setMessage(msg).build()).build(); + } finally { + PrivilegedCarbonContext.endTenantFlow(); + } + } + +} diff --git a/components/device-mgt/org.wso2.carbon.device.mgt.core/src/main/java/org/wso2/carbon/device/mgt/core/authorization/DeviceAccessAuthorizationServiceImpl.java b/components/device-mgt/org.wso2.carbon.device.mgt.core/src/main/java/org/wso2/carbon/device/mgt/core/authorization/DeviceAccessAuthorizationServiceImpl.java index 0703d4d39d1..dbd2facc7df 100644 --- a/components/device-mgt/org.wso2.carbon.device.mgt.core/src/main/java/org/wso2/carbon/device/mgt/core/authorization/DeviceAccessAuthorizationServiceImpl.java +++ b/components/device-mgt/org.wso2.carbon.device.mgt.core/src/main/java/org/wso2/carbon/device/mgt/core/authorization/DeviceAccessAuthorizationServiceImpl.java @@ -134,7 +134,8 @@ public class DeviceAccessAuthorizationServiceImpl implements DeviceAccessAuthori } else { try { if (groupPermissions == null || groupPermissions.length == 0) { - return null; + deviceAuthorizationResult.setUnauthorizedDevices(deviceIdentifiers); + return deviceAuthorizationResult; } //check for group permissions boolean isAuthorized = true; diff --git a/components/device-mgt/org.wso2.carbon.device.mgt.ui/src/main/resources/jaggeryapps/devicemgt/app/modules/oauth/token-handler-utils.js b/components/device-mgt/org.wso2.carbon.device.mgt.ui/src/main/resources/jaggeryapps/devicemgt/app/modules/oauth/token-handler-utils.js index f31e72622c3..27fc42bd903 100644 --- a/components/device-mgt/org.wso2.carbon.device.mgt.ui/src/main/resources/jaggeryapps/devicemgt/app/modules/oauth/token-handler-utils.js +++ b/components/device-mgt/org.wso2.carbon.device.mgt.ui/src/main/resources/jaggeryapps/devicemgt/app/modules/oauth/token-handler-utils.js @@ -109,7 +109,7 @@ var utils = function () { var xhr = new XMLHttpRequest(); xhr.open("POST", requestURL, false); xhr.setRequestHeader("Content-Type", "application/json"); - xhr.setRequestHeader("Authorization", "Bearer " + jwtToken); + xhr.setRequestHeader("Authorization", "X-JWT-Assertion " + jwtToken); xhr.send(); if (xhr["status"] == 201 && xhr["responseText"]) { @@ -291,5 +291,21 @@ var utils = function () { } }; + publicMethods["getJwtToken"] = function (username) { + if (!username) { + log.error("{/app/modules/oauth/token-handler-utils.js} Error in retrieving new jwt token"); + return null; + } else { + var JWTClientManagerServicePackagePath = + "org.wso2.carbon.identity.jwt.client.extension.service.JWTClientManagerService"; + //noinspection JSUnresolvedFunction, JSUnresolvedVariable + var JWTClientManagerService = carbon.server.osgiService(JWTClientManagerServicePackagePath); + //noinspection JSUnresolvedFunction + var jwtClient = JWTClientManagerService.getJWTClient(); + // returning access token by JWT grant type + return jwtClient.getJwtToken(username); + } + }; + return publicMethods; }(); diff --git a/components/device-mgt/org.wso2.carbon.device.mgt.ui/src/main/resources/jaggeryapps/devicemgt/app/modules/oauth/token-handlers.js b/components/device-mgt/org.wso2.carbon.device.mgt.ui/src/main/resources/jaggeryapps/devicemgt/app/modules/oauth/token-handlers.js index 9fb3198e058..a9cb2b870cf 100644 --- a/components/device-mgt/org.wso2.carbon.device.mgt.ui/src/main/resources/jaggeryapps/devicemgt/app/modules/oauth/token-handlers.js +++ b/components/device-mgt/org.wso2.carbon.device.mgt.ui/src/main/resources/jaggeryapps/devicemgt/app/modules/oauth/token-handlers.js @@ -136,43 +136,43 @@ var handlers = function () { "client credentials to session context. No username of logged in user is found as " + "input - setUpEncodedTenantBasedClientAppCredentials(x)"); } else { - var dynamicClientAppCredentials = tokenUtil.getDynamicClientAppCredentials(); - if (!dynamicClientAppCredentials) { - throw new Error("{/app/modules/oauth/token-handlers.js} Could not set up encoded tenant based " + + if (devicemgtProps["apimgt-gateway"]) { + var jwtToken = tokenUtil.getJwtToken(username); + if (!jwtToken) { + throw new Error("{/app/modules/oauth/token-handlers.js} Could not set up encoded tenant based " + "client credentials to session context as the server is unable to obtain " + - "dynamic client credentials - setUpEncodedTenantBasedClientAppCredentials(x)"); - } else { - if (devicemgtProps["apimgt-gateway"]) { - var jwtToken = tokenUtil.getAccessTokenByJWTGrantType(dynamicClientAppCredentials); - if (!jwtToken) { - throw new Error("{/app/modules/oauth/token-handlers.js} Could not set up encoded tenant based " + - "client credentials to session context as the server is unable to obtain " + - "a jwt token - setUpEncodedTenantBasedClientAppCredentials(x)"); + "a jwt token - setUpEncodedTenantBasedClientAppCredentials(x)"); + } else { + var tenantBasedClientAppCredentials = tokenUtil. + getTenantBasedClientAppCredentials(username, jwtToken); + if (!tenantBasedClientAppCredentials) { + throw new Error("{/app/modules/oauth/token-handlers.js} Could not set up encoded tenant " + + "based client credentials to session context as the server is unable " + + "to obtain such credentials - setUpEncodedTenantBasedClientAppCredentials(x)"); } else { - var tenantBasedClientAppCredentials = tokenUtil. - getTenantBasedClientAppCredentials(username, jwtToken); - if (!tenantBasedClientAppCredentials) { - throw new Error("{/app/modules/oauth/token-handlers.js} Could not set up encoded tenant " + - "based client credentials to session context as the server is unable " + - "to obtain such credentials - setUpEncodedTenantBasedClientAppCredentials(x)"); - } else { - var encodedTenantBasedClientAppCredentials = - tokenUtil.encode(tenantBasedClientAppCredentials["clientId"] + ":" + - tenantBasedClientAppCredentials["clientSecret"]); - // setting up encoded tenant based client credentials to session context. - session.put(constants["ENCODED_TENANT_BASED_CLIENT_APP_CREDENTIALS"], - encodedTenantBasedClientAppCredentials); - } + var encodedTenantBasedClientAppCredentials = + tokenUtil.encode(tenantBasedClientAppCredentials["clientId"] + ":" + + tenantBasedClientAppCredentials["clientSecret"]); + // setting up encoded tenant based client credentials to session context. + session.put(constants["ENCODED_TENANT_BASED_CLIENT_APP_CREDENTIALS"], + encodedTenantBasedClientAppCredentials); } - } else { - var encodedTenantBasedClientAppCredentials = - tokenUtil.encode(dynamicClientAppCredentials["clientId"] + ":" + - dynamicClientAppCredentials["clientSecret"]); - // setting up encoded tenant based client credentials to session context. - session.put(constants["ENCODED_TENANT_BASED_CLIENT_APP_CREDENTIALS"], - encodedTenantBasedClientAppCredentials); } + } else { + var dynamicClientAppCredentials = tokenUtil.getDynamicClientAppCredentials(); + if (!dynamicClientAppCredentials) { + throw new Error("{/app/modules/oauth/token-handlers.js} Could not set up encoded tenant based " + + "client credentials to session context as the server is unable to obtain " + + "dynamic client credentials - setUpEncodedTenantBasedClientAppCredentials(x)"); + } + var encodedTenantBasedClientAppCredentials = + tokenUtil.encode(dynamicClientAppCredentials["clientId"] + ":" + + dynamicClientAppCredentials["clientSecret"]); + // setting up encoded tenant based client credentials to session context. + session.put(constants["ENCODED_TENANT_BASED_CLIENT_APP_CREDENTIALS"], + encodedTenantBasedClientAppCredentials); } + } }; diff --git a/components/identity-extensions/org.wso2.carbon.identity.jwt.client.extension/src/main/java/org/wso2/carbon/identity/jwt/client/extension/JWTClient.java b/components/identity-extensions/org.wso2.carbon.identity.jwt.client.extension/src/main/java/org/wso2/carbon/identity/jwt/client/extension/JWTClient.java index d117ef1ecaf..6698b8c12f0 100644 --- a/components/identity-extensions/org.wso2.carbon.identity.jwt.client.extension/src/main/java/org/wso2/carbon/identity/jwt/client/extension/JWTClient.java +++ b/components/identity-extensions/org.wso2.carbon.identity.jwt.client.extension/src/main/java/org/wso2/carbon/identity/jwt/client/extension/JWTClient.java @@ -156,6 +156,9 @@ public class JWTClient { return new String(Base64.encodeBase64((consumerKey + ":" + consumerSecret).getBytes())); } + public String getJwtToken(String username) throws JWTClientException { + return JWTClientUtil.generateSignedJWTAssertion(username, jwtConfig, isDefaultJWTClient); + } } From fe263efe60c528e99e3f5ed1f5710b79f23c70ba Mon Sep 17 00:00:00 2001 From: ayyoob Date: Sun, 20 Nov 2016 02:37:37 +0530 Subject: [PATCH 2/9] changed device access verification approach --- .../pom.xml | 8 +- ...ApiApplicationRegistrationServiceImpl.java | 21 +++- .../extension/api/util/APIUtil.java | 24 ++++ .../APIManagementProviderService.java | 14 --- .../APIManagementProviderServiceImpl.java | 101 ---------------- .../mgt/jaxrs/beans/AuthorizationRequest.java | 7 ++ ...DeviceAccessAuthorizationAdminService.java | 8 -- .../DeviceAccessAuthorizationServiceImpl.java | 17 +-- .../pom.xml | 26 +--- .../oauth/extensions/DeviceRequestDTO.java | 30 ----- .../mgt/oauth/extensions/OAuthConstants.java | 13 -- .../mgt/oauth/extensions/OAuthExtUtils.java | 93 --------------- .../mgt/oauth/extensions/config/Action.java | 90 -------------- .../extensions/config/DeviceMgtScopes.java | 67 ----------- .../config/DeviceMgtScopesConfig.java | 67 ----------- ...MgtScopesConfigurationFailedException.java | 44 ------- .../oauth/extensions/config/Permissions.java | 78 ------------ ...xtendedDeviceMgtJWTBearerGrantHandler.java | 31 ----- ...ExtendedDeviceMgtPasswordGrantHandler.java | 59 --------- .../OAuthExtensionServiceComponent.java | 66 ----------- .../internal/OAuthExtensionsDataHolder.java | 28 ----- .../ExtendedDeviceJWTGrantValidator.java | 38 ------ .../ExtendedDevicePasswordGrantValidator.java | 37 ------ .../PermissionBasedScopeValidator.java | 112 ------------------ .../jwt/client/extension/JWTClient.java | 8 +- .../src/main/resources/device-mgt-scopes.xml | 51 -------- .../src/main/resources/p2.inf | 3 +- 27 files changed, 78 insertions(+), 1063 deletions(-) delete mode 100644 components/identity-extensions/org.wso2.carbon.device.mgt.oauth.extensions/src/main/java/org/wso2/carbon/device/mgt/oauth/extensions/DeviceRequestDTO.java delete mode 100644 components/identity-extensions/org.wso2.carbon.device.mgt.oauth.extensions/src/main/java/org/wso2/carbon/device/mgt/oauth/extensions/OAuthConstants.java delete mode 100644 components/identity-extensions/org.wso2.carbon.device.mgt.oauth.extensions/src/main/java/org/wso2/carbon/device/mgt/oauth/extensions/config/Action.java delete mode 100644 components/identity-extensions/org.wso2.carbon.device.mgt.oauth.extensions/src/main/java/org/wso2/carbon/device/mgt/oauth/extensions/config/DeviceMgtScopes.java delete mode 100644 components/identity-extensions/org.wso2.carbon.device.mgt.oauth.extensions/src/main/java/org/wso2/carbon/device/mgt/oauth/extensions/config/DeviceMgtScopesConfig.java delete mode 100644 components/identity-extensions/org.wso2.carbon.device.mgt.oauth.extensions/src/main/java/org/wso2/carbon/device/mgt/oauth/extensions/config/DeviceMgtScopesConfigurationFailedException.java delete mode 100644 components/identity-extensions/org.wso2.carbon.device.mgt.oauth.extensions/src/main/java/org/wso2/carbon/device/mgt/oauth/extensions/config/Permissions.java delete mode 100644 components/identity-extensions/org.wso2.carbon.device.mgt.oauth.extensions/src/main/java/org/wso2/carbon/device/mgt/oauth/extensions/handlers/grant/ExtendedDeviceMgtJWTBearerGrantHandler.java delete mode 100644 components/identity-extensions/org.wso2.carbon.device.mgt.oauth.extensions/src/main/java/org/wso2/carbon/device/mgt/oauth/extensions/handlers/grant/ExtendedDeviceMgtPasswordGrantHandler.java delete mode 100644 components/identity-extensions/org.wso2.carbon.device.mgt.oauth.extensions/src/main/java/org/wso2/carbon/device/mgt/oauth/extensions/validators/ExtendedDeviceJWTGrantValidator.java delete mode 100644 components/identity-extensions/org.wso2.carbon.device.mgt.oauth.extensions/src/main/java/org/wso2/carbon/device/mgt/oauth/extensions/validators/ExtendedDevicePasswordGrantValidator.java delete mode 100644 components/identity-extensions/org.wso2.carbon.device.mgt.oauth.extensions/src/main/java/org/wso2/carbon/device/mgt/oauth/extensions/validators/PermissionBasedScopeValidator.java delete mode 100644 features/oauth-extensions/org.wso2.carbon.device.mgt.oauth.extensions.feature/src/main/resources/device-mgt-scopes.xml diff --git a/components/apimgt-extensions/org.wso2.carbon.apimgt.application.extension.api/pom.xml b/components/apimgt-extensions/org.wso2.carbon.apimgt.application.extension.api/pom.xml index d9166908114..1c1ed1d9656 100644 --- a/components/apimgt-extensions/org.wso2.carbon.apimgt.application.extension.api/pom.xml +++ b/components/apimgt-extensions/org.wso2.carbon.apimgt.application.extension.api/pom.xml @@ -163,7 +163,13 @@ org.wso2.carbon.devicemgt - org.wso2.carbon.apimgt.annotations + org.wso2.carbon.device.mgt.core + provided + + + org.wso2.carbon.devicemgt + org.wso2.carbon.device.mgt.common + provided diff --git a/components/apimgt-extensions/org.wso2.carbon.apimgt.application.extension.api/src/main/java/org/wso2/carbon/apimgt/application/extension/api/ApiApplicationRegistrationServiceImpl.java b/components/apimgt-extensions/org.wso2.carbon.apimgt.application.extension.api/src/main/java/org/wso2/carbon/apimgt/application/extension/api/ApiApplicationRegistrationServiceImpl.java index e88d80e67ce..55b82b8c9cd 100644 --- a/components/apimgt-extensions/org.wso2.carbon.apimgt.application.extension.api/src/main/java/org/wso2/carbon/apimgt/application/extension/api/ApiApplicationRegistrationServiceImpl.java +++ b/components/apimgt-extensions/org.wso2.carbon.apimgt.application.extension.api/src/main/java/org/wso2/carbon/apimgt/application/extension/api/ApiApplicationRegistrationServiceImpl.java @@ -29,6 +29,7 @@ import org.wso2.carbon.apimgt.application.extension.dto.ApiApplicationKey; import org.wso2.carbon.apimgt.application.extension.exception.APIManagerException; import org.wso2.carbon.base.MultitenantConstants; import org.wso2.carbon.context.PrivilegedCarbonContext; +import org.wso2.carbon.device.mgt.common.DeviceManagementException; import org.wso2.carbon.user.api.UserStoreException; import javax.ws.rs.DELETE; @@ -36,6 +37,8 @@ import javax.ws.rs.POST; import javax.ws.rs.Path; import javax.ws.rs.QueryParam; import javax.ws.rs.core.Response; +import java.util.ArrayList; +import java.util.Arrays; public class ApiApplicationRegistrationServiceImpl implements ApiApplicationRegistrationService { @@ -62,7 +65,8 @@ public class ApiApplicationRegistrationServiceImpl implements ApiApplicationRegi PrivilegedCarbonContext.getThreadLocalCarbonContext().setUsername(username); APIManagementProviderService apiManagementProviderService = APIUtil.getAPIManagementProviderService(); ApiApplicationKey apiApplicationKey = apiManagementProviderService.generateAndRetrieveApplicationKeys( - applicationName, ApiApplicationConstants.DEFAULT_TOKEN_TYPE, username, false); + applicationName, APIUtil.getAllowedApisTags().toArray(new String[APIUtil.getAllowedApisTags().size()]), + ApiApplicationConstants.DEFAULT_TOKEN_TYPE, username, false); return Response.status(Response.Status.CREATED).entity(apiApplicationKey.toString()).build(); } catch (APIManagerException e) { String msg = "Error occurred while registering an application '" + applicationName + "'"; @@ -72,6 +76,10 @@ public class ApiApplicationRegistrationServiceImpl implements ApiApplicationRegi String msg = "Failed to retrieve the tenant" + tenantDomain + "'"; log.error(msg, e); return Response.status(Response.Status.INTERNAL_SERVER_ERROR).entity(msg).build(); + } catch (DeviceManagementException e) { + String msg = "Failed to retrieve the device service"; + log.error(msg, e); + return Response.status(Response.Status.INTERNAL_SERVER_ERROR).entity(msg).build(); } finally { PrivilegedCarbonContext.endTenantFlow(); } @@ -81,6 +89,13 @@ public class ApiApplicationRegistrationServiceImpl implements ApiApplicationRegi @POST public Response register(RegistrationProfile registrationProfile) { try { + if (registrationProfile.getTags() == null || registrationProfile.getTags().length == 0) { + return Response.status(Response.Status.NOT_ACCEPTABLE).entity("Tags should not be empty").build(); + } + if (APIUtil.getAllowedApisTags().containsAll(Arrays.asList(registrationProfile.getTags()))) { + return Response.status(Response.Status.NOT_ACCEPTABLE).entity("APIs(Tags) are not allowed to this user." + ).build(); + } String username = APIUtil.getAuthenticatedUser() + "@" + APIUtil.getTenantDomainOftheUser(); APIManagementProviderService apiManagementProviderService = APIUtil.getAPIManagementProviderService(); if (registrationProfile.isMappingAnExistingOAuthApp()) { @@ -109,6 +124,10 @@ public class ApiApplicationRegistrationServiceImpl implements ApiApplicationRegi + registrationProfile.getApplicationName() + "'"; log.error(msg, e); return Response.status(Response.Status.INTERNAL_SERVER_ERROR).entity("false").build(); + } catch (DeviceManagementException e) { + String msg = "Failed to retrieve the device service"; + log.error(msg, e); + return Response.status(Response.Status.INTERNAL_SERVER_ERROR).entity(msg).build(); } } diff --git a/components/apimgt-extensions/org.wso2.carbon.apimgt.application.extension.api/src/main/java/org/wso2/carbon/apimgt/application/extension/api/util/APIUtil.java b/components/apimgt-extensions/org.wso2.carbon.apimgt.application.extension.api/src/main/java/org/wso2/carbon/apimgt/application/extension/api/util/APIUtil.java index 299ff01c3df..7c74fdf5237 100644 --- a/components/apimgt-extensions/org.wso2.carbon.apimgt.application.extension.api/src/main/java/org/wso2/carbon/apimgt/application/extension/api/util/APIUtil.java +++ b/components/apimgt-extensions/org.wso2.carbon.apimgt.application.extension.api/src/main/java/org/wso2/carbon/apimgt/application/extension/api/util/APIUtil.java @@ -22,14 +22,19 @@ import org.apache.commons.logging.Log; import org.apache.commons.logging.LogFactory; import org.wso2.carbon.apimgt.application.extension.APIManagementProviderService; import org.wso2.carbon.context.PrivilegedCarbonContext; +import org.wso2.carbon.device.mgt.common.DeviceManagementException; +import org.wso2.carbon.device.mgt.core.service.DeviceManagementProviderService; import org.wso2.carbon.user.core.service.RealmService; +import java.util.List; + /** * This class provides utility functions used by REST-API. */ public class APIUtil { private static Log log = LogFactory.getLog(APIUtil.class); + private static final String DEFAULT_CDMF_API_TAG = "device_management"; public static String getAuthenticatedUser() { PrivilegedCarbonContext threadLocalCarbonContext = PrivilegedCarbonContext.getThreadLocalCarbonContext(); @@ -70,4 +75,23 @@ public class APIUtil { } return realmService; } + + public static DeviceManagementProviderService getDeviceManagementProviderService() { + PrivilegedCarbonContext ctx = PrivilegedCarbonContext.getThreadLocalCarbonContext(); + DeviceManagementProviderService deviceManagementProviderService = + (DeviceManagementProviderService) ctx.getOSGiService(DeviceManagementProviderService.class, null); + if (deviceManagementProviderService == null) { + String msg = "Device Management service has not initialized."; + log.error(msg); + throw new IllegalStateException(msg); + } + return deviceManagementProviderService; + } + + public static List getAllowedApisTags() throws DeviceManagementException { + //Todo get allowed cdmf service tags from config. + List allowedApisTags = getDeviceManagementProviderService().getAvailableDeviceTypes(); + allowedApisTags.add(DEFAULT_CDMF_API_TAG); + return getAllowedApisTags(); + } } diff --git a/components/apimgt-extensions/org.wso2.carbon.apimgt.application.extension/src/main/java/org/wso2/carbon/apimgt/application/extension/APIManagementProviderService.java b/components/apimgt-extensions/org.wso2.carbon.apimgt.application.extension/src/main/java/org/wso2/carbon/apimgt/application/extension/APIManagementProviderService.java index 9d8b05dfb6a..e931c28358d 100644 --- a/components/apimgt-extensions/org.wso2.carbon.apimgt.application.extension/src/main/java/org/wso2/carbon/apimgt/application/extension/APIManagementProviderService.java +++ b/components/apimgt-extensions/org.wso2.carbon.apimgt.application.extension/src/main/java/org/wso2/carbon/apimgt/application/extension/APIManagementProviderService.java @@ -41,20 +41,6 @@ public interface APIManagementProviderService { String keyType, String username, boolean isAllowedAllDomains) throws APIManagerException; - /** - * Generate and retreive application keys. if the application does exist then - * create it and subscribe to all apis. - * - * @param apiApplicationName name of the application. - * @param keyType of the application. - * @param username to whom the application is created - * @return consumerkey and secrete of the created application. - * @throws APIManagerException - */ - ApiApplicationKey generateAndRetrieveApplicationKeys(String apiApplicationName, String keyType, - String username, boolean isAllowedAllDomains) - throws APIManagerException; - /** * Register existing Oauth application as apim application. */ diff --git a/components/apimgt-extensions/org.wso2.carbon.apimgt.application.extension/src/main/java/org/wso2/carbon/apimgt/application/extension/APIManagementProviderServiceImpl.java b/components/apimgt-extensions/org.wso2.carbon.apimgt.application.extension/src/main/java/org/wso2/carbon/apimgt/application/extension/APIManagementProviderServiceImpl.java index f205419084a..ce92eba32a0 100644 --- a/components/apimgt-extensions/org.wso2.carbon.apimgt.application.extension/src/main/java/org/wso2/carbon/apimgt/application/extension/APIManagementProviderServiceImpl.java +++ b/components/apimgt-extensions/org.wso2.carbon.apimgt.application.extension/src/main/java/org/wso2/carbon/apimgt/application/extension/APIManagementProviderServiceImpl.java @@ -43,70 +43,6 @@ public class APIManagementProviderServiceImpl implements APIManagementProviderSe private static final Log log = LogFactory.getLog(APIManagementProviderServiceImpl.class); - /** - * {@inheritDoc} - */ - @Override - public ApiApplicationKey generateAndRetrieveApplicationKeys(String apiApplicationName, String keyType, - String username, boolean isAllowedAllDomains) - throws APIManagerException { - try { - APIManagerUtil.loadTenantRegistry(); - APIConsumer apiConsumer = APIManagerFactory.getInstance().getAPIConsumer(username); - String groupId = getLoggedInUserGroupId(username, APIManagerUtil.getTenantDomain()); - int applicationId = createApplicationAndSubscribeToAllAPIs(apiApplicationName, username); - Application[] applications = apiConsumer.getApplications(apiConsumer.getSubscriber(username), groupId); - Application application = null; - for (Application app : applications) { - if (app.getId() == applicationId) { - application = app; - } - } - if (application == null) { - throw new APIManagerException("Api application creation failed for " + apiApplicationName + - " to the user " + username); - } - APIKey retrievedApiApplicationKey = null; - for (APIKey apiKey : application.getKeys()) { - String applicationKeyType = apiKey.getType(); - if (applicationKeyType != null && applicationKeyType.equals(keyType)) { - retrievedApiApplicationKey = apiKey; - break; - } - } - if (retrievedApiApplicationKey != null) { - ApiApplicationKey apiApplicationKey = new ApiApplicationKey(); - apiApplicationKey.setConsumerKey(retrievedApiApplicationKey.getConsumerKey()); - apiApplicationKey.setConsumerSecret(retrievedApiApplicationKey.getConsumerSecret()); - return apiApplicationKey; - } - String[] allowedDomains = new String[1]; - if (isAllowedAllDomains) { - allowedDomains[0] = ApiApplicationConstants.ALLOWED_DOMAINS; - } else { - allowedDomains[0] = APIManagerUtil.getTenantDomain(); - } - JSONObject jsonObject = new JSONObject(); - jsonObject.put(ApiApplicationConstants.JSONSTRING_USERNAME_TAG, username); - String ownerJsonString = jsonObject.toJSONString(); - Map keyDetails = apiConsumer.requestApprovalForApplicationRegistration(username, - apiApplicationName, - keyType, "", - allowedDomains, - ApiApplicationConstants.DEFAULT_VALIDITY_PERIOD, - "null", groupId, - ownerJsonString); - ApiApplicationKey apiApplicationKey = new ApiApplicationKey(); - apiApplicationKey.setConsumerKey((String) keyDetails.get(APIConstants.FrontEndParameterNames - .CONSUMER_KEY)); - apiApplicationKey.setConsumerSecret((String) keyDetails.get( - APIConstants.FrontEndParameterNames.CONSUMER_SECRET)); - return apiApplicationKey; - } catch (APIManagementException e) { - throw new APIManagerException("Failed to register a api application : " + apiApplicationName, e); - } - } - /** * {@inheritDoc} */ @@ -385,43 +321,6 @@ public class APIManagementProviderServiceImpl implements APIManagementProviderSe } } - /** - * This method registers an api application and then subscribe the application to the api. - * - * @param username subscription is created for the user. - * @throws APIManagerException - */ - private int createApplicationAndSubscribeToAllAPIs(String apiApplicationName, String username) - throws APIManagerException { - try { - APIConsumer apiConsumer = APIManagerFactory.getInstance().getAPIConsumer(username); - String groupId = getLoggedInUserGroupId(username, APIManagerUtil.getTenantDomain()); - int applicationId = createApplication(apiConsumer, apiApplicationName, username, groupId); - String tenantDomain = MultitenantUtils.getTenantDomain(username); - Set userVisibleAPIs = apiConsumer.getAllPublishedAPIs(tenantDomain); - if (!MultitenantConstants.SUPER_TENANT_DOMAIN_NAME.equals(tenantDomain)) { - userVisibleAPIs.addAll(apiConsumer.getAllPublishedAPIs(MultitenantConstants.SUPER_TENANT_DOMAIN_NAME)); - } - Subscriber subscriber = apiConsumer.getSubscriber(username); - Set subscribedAPIs = apiConsumer.getSubscribedAPIs(subscriber); - for (API visibleApi : userVisibleAPIs) { - APIIdentifier apiIdentifier = visibleApi.getId(); - boolean isSubscribed = false; - for (SubscribedAPI subscribedAPI : subscribedAPIs) { - if (subscribedAPI.getApiId().equals(apiIdentifier)) { - isSubscribed = true; - } - } - if (!isSubscribed) { - addSubscription(apiConsumer, apiIdentifier, applicationId, username); - } - } - return applicationId; - } catch (APIManagementException e) { - throw new APIManagerException("Failed to fetch device apis information for the user " + username, e); - } - } - private String getLoggedInUserGroupId(String username, String tenantDomain) throws APIManagerException { JSONObject loginInfoJsonObj = new JSONObject(); try { diff --git a/components/device-mgt/org.wso2.carbon.device.mgt.api/src/main/java/org/wso2/carbon/device/mgt/jaxrs/beans/AuthorizationRequest.java b/components/device-mgt/org.wso2.carbon.device.mgt.api/src/main/java/org/wso2/carbon/device/mgt/jaxrs/beans/AuthorizationRequest.java index 3a63938b8b5..7b45802a2b6 100644 --- a/components/device-mgt/org.wso2.carbon.device.mgt.api/src/main/java/org/wso2/carbon/device/mgt/jaxrs/beans/AuthorizationRequest.java +++ b/components/device-mgt/org.wso2.carbon.device.mgt.api/src/main/java/org/wso2/carbon/device/mgt/jaxrs/beans/AuthorizationRequest.java @@ -1,14 +1,21 @@ package org.wso2.carbon.device.mgt.jaxrs.beans; +import io.swagger.annotations.ApiModel; +import io.swagger.annotations.ApiModelProperty; import org.wso2.carbon.device.mgt.common.DeviceIdentifier; import java.util.List; +@ApiModel(value = "AuthorizationRequest", description = "Authorization details together with deviceIdentifier and permission") public class AuthorizationRequest { + @ApiModelProperty(name = "tenantDomain", value = "tenant domain.", required = false) String tenantDomain; + @ApiModelProperty(name = "username", value = "username of the user, to whom the device identifiers needs to be verified", required = true) String username; + @ApiModelProperty(name = "deviceIdentifiers", value = "list of devices that needs to be verified against the user", required = true) List deviceIdentifiers; + @ApiModelProperty(name = "permission", value = "if null then checks against the owner else it could be grouping permission", required = false) List permissions; public String getTenantDomain() { diff --git a/components/device-mgt/org.wso2.carbon.device.mgt.api/src/main/java/org/wso2/carbon/device/mgt/jaxrs/service/api/admin/DeviceAccessAuthorizationAdminService.java b/components/device-mgt/org.wso2.carbon.device.mgt.api/src/main/java/org/wso2/carbon/device/mgt/jaxrs/service/api/admin/DeviceAccessAuthorizationAdminService.java index a779b73e750..a0c3c23b2f0 100644 --- a/components/device-mgt/org.wso2.carbon.device.mgt.api/src/main/java/org/wso2/carbon/device/mgt/jaxrs/service/api/admin/DeviceAccessAuthorizationAdminService.java +++ b/components/device-mgt/org.wso2.carbon.device.mgt.api/src/main/java/org/wso2/carbon/device/mgt/jaxrs/service/api/admin/DeviceAccessAuthorizationAdminService.java @@ -20,26 +20,18 @@ package org.wso2.carbon.device.mgt.jaxrs.service.api.admin; import io.swagger.annotations.Api; import io.swagger.annotations.ApiOperation; -import io.swagger.annotations.ApiParam; import io.swagger.annotations.ApiResponse; import io.swagger.annotations.ApiResponses; -import io.swagger.annotations.ResponseHeader; import org.wso2.carbon.apimgt.annotations.api.API; import org.wso2.carbon.apimgt.annotations.api.Permission; -import org.wso2.carbon.device.mgt.common.Device; import org.wso2.carbon.device.mgt.common.authorization.DeviceAuthorizationResult; -import org.wso2.carbon.device.mgt.common.operation.mgt.Activity; import org.wso2.carbon.device.mgt.jaxrs.beans.AuthorizationRequest; import org.wso2.carbon.device.mgt.jaxrs.beans.ErrorResponse; -import javax.validation.constraints.Size; import javax.ws.rs.Consumes; -import javax.ws.rs.GET; -import javax.ws.rs.HeaderParam; import javax.ws.rs.POST; import javax.ws.rs.Path; import javax.ws.rs.Produces; -import javax.ws.rs.QueryParam; import javax.ws.rs.core.MediaType; import javax.ws.rs.core.Response; diff --git a/components/device-mgt/org.wso2.carbon.device.mgt.core/src/main/java/org/wso2/carbon/device/mgt/core/authorization/DeviceAccessAuthorizationServiceImpl.java b/components/device-mgt/org.wso2.carbon.device.mgt.core/src/main/java/org/wso2/carbon/device/mgt/core/authorization/DeviceAccessAuthorizationServiceImpl.java index dbd2facc7df..22d09b5184f 100644 --- a/components/device-mgt/org.wso2.carbon.device.mgt.core/src/main/java/org/wso2/carbon/device/mgt/core/authorization/DeviceAccessAuthorizationServiceImpl.java +++ b/components/device-mgt/org.wso2.carbon.device.mgt.core/src/main/java/org/wso2/carbon/device/mgt/core/authorization/DeviceAccessAuthorizationServiceImpl.java @@ -67,7 +67,7 @@ public class DeviceAccessAuthorizationServiceImpl implements DeviceAccessAuthori return !DeviceManagementDataHolder.getInstance().requireDeviceAuthorization(deviceIdentifier.getType()); } //check for admin and ownership permissions - if (isAdminOrDeviceOwner(username, tenantId, deviceIdentifier)) { + if (isAdmin(username, tenantId) || isDeviceOwner(deviceIdentifier, username)) { return true; } //check for group permissions @@ -127,9 +127,12 @@ public class DeviceAccessAuthorizationServiceImpl implements DeviceAccessAuthori return null; } DeviceAuthorizationResult deviceAuthorizationResult = new DeviceAuthorizationResult(); + if (isAdmin(username, tenantId)) { + deviceAuthorizationResult.setAuthorizedDevices(deviceIdentifiers); + } for (DeviceIdentifier deviceIdentifier : deviceIdentifiers) { //check for admin and ownership permissions - if (isAdminOrDeviceOwner(username, tenantId, deviceIdentifier)) { + if (isDeviceOwner(deviceIdentifier, username)) { deviceAuthorizationResult.addAuthorizedDevice(deviceIdentifier); } else { try { @@ -179,15 +182,13 @@ public class DeviceAccessAuthorizationServiceImpl implements DeviceAccessAuthori return isUserAuthorized(deviceIdentifiers, this.getUserName(), groupPermissions); } - private boolean isAdminOrDeviceOwner(String username, int tenantId, DeviceIdentifier deviceIdentifier) + private boolean isAdmin(String username, int tenantId) throws DeviceAccessAuthorizationException { try { - //First Check for admin users. If the user is an admin user we authorize the access to that device. - //Secondly Check for device ownership. If the user is the owner of the device we allow the access. - return (isAdminUser(username, tenantId) || isDeviceOwner(deviceIdentifier, username)); + //Check for admin users. If the user is an admin user we authorize the access to that device. + return (isAdminUser(username, tenantId)); } catch (UserStoreException e) { - throw new DeviceAccessAuthorizationException("Unable to authorize the access to device : " + - deviceIdentifier.getId() + " for the user : " + + throw new DeviceAccessAuthorizationException("Unable to authorize the access for the user : " + username, e); } } diff --git a/components/identity-extensions/org.wso2.carbon.device.mgt.oauth.extensions/pom.xml b/components/identity-extensions/org.wso2.carbon.device.mgt.oauth.extensions/pom.xml index 03e70287c5d..813dd65d98c 100644 --- a/components/identity-extensions/org.wso2.carbon.device.mgt.oauth.extensions/pom.xml +++ b/components/identity-extensions/org.wso2.carbon.device.mgt.oauth.extensions/pom.xml @@ -34,10 +34,6 @@ http://wso2.org - - org.wso2.carbon.devicemgt - org.wso2.carbon.device.mgt.common - org.wso2.carbon.identity org.wso2.carbon.identity.oauth @@ -54,18 +50,10 @@ org.wso2.carbon.apimgt org.wso2.carbon.apimgt.keymgt - - com.googlecode.json-simple.wso2 - json-simple - - - org.wso2.carbon.identity - org.wso2.carbon.identity.oauth2.grant.jwt - - - org.wso2.carbon.devicemgt - org.wso2.carbon.device.mgt.core - + + com.googlecode.json-simple.wso2 + json-simple + @@ -94,9 +82,7 @@ javax.security.auth.*, org.apache.commons.logging, org.osgi.service.component, - org.wso2.carbon.device.mgt.common.permission.mgt, org.wso2.carbon.device.mgt.oauth.extensions.*, - org.wso2.carbon.device.mgt.*, org.wso2.carbon.identity.application.common.model, org.wso2.carbon.identity.oauth.callback, org.wso2.carbon.identity.oauth2, @@ -123,10 +109,6 @@ org.wso2.carbon.utils.multitenancy, org.wso2.carbon.identity.oauth2.grant.jwt.*, org.wso2.carbon.device.mgt.core.*, - javax.xml.bind, - javax.xml.bind.annotation, - javax.xml.parsers;version="${javax.xml.parsers.import.pkg.version}";resolution:=optional, - org.w3c.dom, org.wso2.carbon.apimgt.keymgt, org.wso2.carbon.apimgt.keymgt.handlers, com.google.gson, diff --git a/components/identity-extensions/org.wso2.carbon.device.mgt.oauth.extensions/src/main/java/org/wso2/carbon/device/mgt/oauth/extensions/DeviceRequestDTO.java b/components/identity-extensions/org.wso2.carbon.device.mgt.oauth.extensions/src/main/java/org/wso2/carbon/device/mgt/oauth/extensions/DeviceRequestDTO.java deleted file mode 100644 index 75c4b35b3ab..00000000000 --- a/components/identity-extensions/org.wso2.carbon.device.mgt.oauth.extensions/src/main/java/org/wso2/carbon/device/mgt/oauth/extensions/DeviceRequestDTO.java +++ /dev/null @@ -1,30 +0,0 @@ -package org.wso2.carbon.device.mgt.oauth.extensions; - -import org.wso2.carbon.device.mgt.common.DeviceIdentifier; - -import java.util.List; - -/** - * This class holds the request format for device for grant type. - */ -public class DeviceRequestDTO { - - private List deviceIdentifiers; - private String scope; - - public List getDeviceIdentifiers() { - return deviceIdentifiers; - } - - public void setDeviceIdentifiers(List deviceIdentifiers) { - this.deviceIdentifiers = deviceIdentifiers; - } - - public String getScope() { - return scope; - } - - public void setScope(String scope) { - this.scope = scope; - } -} diff --git a/components/identity-extensions/org.wso2.carbon.device.mgt.oauth.extensions/src/main/java/org/wso2/carbon/device/mgt/oauth/extensions/OAuthConstants.java b/components/identity-extensions/org.wso2.carbon.device.mgt.oauth.extensions/src/main/java/org/wso2/carbon/device/mgt/oauth/extensions/OAuthConstants.java deleted file mode 100644 index eff890831de..00000000000 --- a/components/identity-extensions/org.wso2.carbon.device.mgt.oauth.extensions/src/main/java/org/wso2/carbon/device/mgt/oauth/extensions/OAuthConstants.java +++ /dev/null @@ -1,13 +0,0 @@ -package org.wso2.carbon.device.mgt.oauth.extensions; - - -/** - * This hold the OAuthConstants related oauth extensions. - */ -public class OAuthConstants { - - public static final String DEFAULT_DEVICE_ASSERTION = "device"; - public static final String DEFAULT_USERNAME_IDENTIFIER = "username"; - public static final String DEFAULT_PASSWORD_IDENTIFIER = "password"; - -} diff --git a/components/identity-extensions/org.wso2.carbon.device.mgt.oauth.extensions/src/main/java/org/wso2/carbon/device/mgt/oauth/extensions/OAuthExtUtils.java b/components/identity-extensions/org.wso2.carbon.device.mgt.oauth.extensions/src/main/java/org/wso2/carbon/device/mgt/oauth/extensions/OAuthExtUtils.java index 76e2dba4169..c07041c678c 100644 --- a/components/identity-extensions/org.wso2.carbon.device.mgt.oauth.extensions/src/main/java/org/wso2/carbon/device/mgt/oauth/extensions/OAuthExtUtils.java +++ b/components/identity-extensions/org.wso2.carbon.device.mgt.oauth.extensions/src/main/java/org/wso2/carbon/device/mgt/oauth/extensions/OAuthExtUtils.java @@ -18,25 +18,14 @@ package org.wso2.carbon.device.mgt.oauth.extensions; -import com.google.gson.Gson; -import org.apache.commons.codec.binary.Base64; import org.apache.commons.logging.Log; import org.apache.commons.logging.LogFactory; -import org.w3c.dom.Document; import org.wso2.carbon.apimgt.api.APIManagementException; import org.wso2.carbon.apimgt.impl.APIConstants; import org.wso2.carbon.apimgt.impl.dao.ApiMgtDAO; import org.wso2.carbon.apimgt.impl.utils.APIUtil; -import org.wso2.carbon.apimgt.keymgt.ScopesIssuer; -import org.wso2.carbon.context.PrivilegedCarbonContext; -import org.wso2.carbon.device.mgt.common.DeviceIdentifier; -import org.wso2.carbon.device.mgt.common.authorization.DeviceAccessAuthorizationException; -import org.wso2.carbon.device.mgt.common.authorization.DeviceAuthorizationResult; -import org.wso2.carbon.device.mgt.oauth.extensions.config.DeviceMgtScopesConfig; -import org.wso2.carbon.device.mgt.oauth.extensions.config.DeviceMgtScopesConfigurationFailedException; import org.wso2.carbon.device.mgt.oauth.extensions.internal.OAuthExtensionsDataHolder; import org.wso2.carbon.identity.core.util.IdentityTenantUtil; -import org.wso2.carbon.identity.oauth2.model.RequestParameter; import org.wso2.carbon.identity.oauth2.token.OAuthTokenReqMessageContext; import org.wso2.carbon.user.api.TenantManager; import org.wso2.carbon.user.api.UserRealm; @@ -44,9 +33,6 @@ import org.wso2.carbon.user.api.UserStoreException; import org.wso2.carbon.user.core.service.RealmService; import javax.cache.Caching; -import javax.xml.parsers.DocumentBuilder; -import javax.xml.parsers.DocumentBuilderFactory; -import java.io.File; import java.util.ArrayList; import java.util.Arrays; import java.util.List; @@ -126,7 +112,6 @@ public class OAuthExtUtils { restAPIScopesOfCurrentTenant = APIUtil. getRESTAPIScopesFromConfig(APIUtil.getTenantRESTAPIScopesConfig(tenantDomain)); - //call load tenant org.wso2.carbon.device.mgt.iot.output.adapter.ui.config for rest API. //then put cache appScopes.putAll(restAPIScopesOfCurrentTenant); Caching.getCacheManager(APIConstants.API_MANAGER_CACHE_MANAGER) @@ -288,82 +273,4 @@ public class OAuthExtUtils { return trimmedName.substring(START_INDEX, trimmedName.lastIndexOf('@')); } - public static boolean validateScope(OAuthTokenReqMessageContext tokReqMsgCtx) { - boolean isScopesSet = ScopesIssuer.getInstance().setScopes(tokReqMsgCtx); - if (isScopesSet) { - PrivilegedCarbonContext.startTenantFlow(); - PrivilegedCarbonContext.getThreadLocalCarbonContext().setTenantDomain( - tokReqMsgCtx.getAuthorizedUser().getTenantDomain(), true); - String username = tokReqMsgCtx.getAuthorizedUser().getUserName(); - PrivilegedCarbonContext.getThreadLocalCarbonContext().setUsername(username); - try { - - DeviceRequestDTO deviceRequestDTO = null; - RequestParameter parameters[] = tokReqMsgCtx.getOauth2AccessTokenReqDTO().getRequestParameters(); - for (RequestParameter parameter : parameters) { - if (OAuthConstants.DEFAULT_DEVICE_ASSERTION.equals(parameter.getKey())) { - String deviceJson = parameter.getValue()[0]; - Gson gson = new Gson(); - deviceRequestDTO = gson.fromJson(new String(Base64.decodeBase64(deviceJson)), - DeviceRequestDTO.class); - } - } - if (deviceRequestDTO != null) { - String requestScopes = deviceRequestDTO.getScope(); - String scopeNames[] = requestScopes.split(" "); - for (String scopeName : scopeNames) { - List deviceIdentifiers = deviceRequestDTO.getDeviceIdentifiers(); - DeviceAuthorizationResult deviceAuthorizationResult = OAuthExtensionsDataHolder.getInstance() - .getDeviceAccessAuthorizationService() - .isUserAuthorized(deviceIdentifiers, username, getPermissions(scopeName)); - if (deviceAuthorizationResult != null && - deviceAuthorizationResult.getAuthorizedDevices() != null) { - String scopes[] = tokReqMsgCtx.getScope(); - String authorizedScopes[] = new String[scopes.length + deviceAuthorizationResult - .getAuthorizedDevices().size()]; - int scopeIndex = 0; - for (String scope : scopes) { - authorizedScopes[scopeIndex] = scope; - scopeIndex++; - } - for (DeviceIdentifier deviceIdentifier : deviceAuthorizationResult.getAuthorizedDevices()) { - authorizedScopes[scopeIndex] = - DEFAULT_SCOPE_TAG + ":" + deviceIdentifier.getType() + ":" + - deviceIdentifier.getId() + ":" + scopeName; - scopeIndex++; - } - tokReqMsgCtx.setScope(authorizedScopes); - } - } - } - } catch (DeviceAccessAuthorizationException e) { - log.error("Error occurred while checking authorization for the user " + username, e); - } finally { - PrivilegedCarbonContext.endTenantFlow(); - } - } - return isScopesSet; - } - - /** - * retrieve the permission related to given scope. - * @param scopeName requested scope action - * @return set of permission associated with the given scope. - */ - private static String[] getPermissions(String scopeName) { - return DeviceMgtScopesConfig.getInstance().getDeviceMgtScopePermissionMap().get(scopeName); - } - - public static Document convertToDocument(File file) throws DeviceMgtScopesConfigurationFailedException { - DocumentBuilderFactory factory = DocumentBuilderFactory.newInstance(); - factory.setNamespaceAware(true); - try { - DocumentBuilder docBuilder = factory.newDocumentBuilder(); - return docBuilder.parse(file); - } catch (Exception e) { - throw new DeviceMgtScopesConfigurationFailedException("Error occurred while parsing file, while converting " + - "to a org.w3c.dom.Document", e); - } - } - } diff --git a/components/identity-extensions/org.wso2.carbon.device.mgt.oauth.extensions/src/main/java/org/wso2/carbon/device/mgt/oauth/extensions/config/Action.java b/components/identity-extensions/org.wso2.carbon.device.mgt.oauth.extensions/src/main/java/org/wso2/carbon/device/mgt/oauth/extensions/config/Action.java deleted file mode 100644 index 4f71e308014..00000000000 --- a/components/identity-extensions/org.wso2.carbon.device.mgt.oauth.extensions/src/main/java/org/wso2/carbon/device/mgt/oauth/extensions/config/Action.java +++ /dev/null @@ -1,90 +0,0 @@ - -package org.wso2.carbon.device.mgt.oauth.extensions.config; - -import javax.xml.bind.annotation.XmlAccessType; -import javax.xml.bind.annotation.XmlAccessorType; -import javax.xml.bind.annotation.XmlAttribute; -import javax.xml.bind.annotation.XmlElement; -import javax.xml.bind.annotation.XmlType; - - -/** - *

Java class for Action complex type. - * - *

The following schema fragment specifies the expected content contained within this class. - * - *

- * <complexType name="Action">
- *   <complexContent>
- *     <restriction base="{http://www.w3.org/2001/XMLSchema}anyType">
- *       <sequence>
- *         <element name="Permissions" type="{}Permissions"/>
- *       </sequence>
- *       <attribute name="name" type="{http://www.w3.org/2001/XMLSchema}string" />
- *     </restriction>
- *   </complexContent>
- * </complexType>
- * 
- * - * - */ -@XmlAccessorType(XmlAccessType.FIELD) -@XmlType(name = "Action", propOrder = { - "permissions" -}) -public class Action { - - @XmlElement(name = "Permissions", required = true) - protected Permissions permissions; - @XmlAttribute(name = "name") - protected String name; - - /** - * Gets the value of the permissions property. - * - * @return - * possible object is - * {@link Permissions } - * - */ - public Permissions getPermissions() { - return permissions; - } - - /** - * Sets the value of the permissions property. - * - * @param value - * allowed object is - * {@link Permissions } - * - */ - public void setPermissions(Permissions value) { - this.permissions = value; - } - - /** - * Gets the value of the name property. - * - * @return - * possible object is - * {@link String } - * - */ - public String getName() { - return name; - } - - /** - * Sets the value of the name property. - * - * @param value - * allowed object is - * {@link String } - * - */ - public void setName(String value) { - this.name = value; - } - -} diff --git a/components/identity-extensions/org.wso2.carbon.device.mgt.oauth.extensions/src/main/java/org/wso2/carbon/device/mgt/oauth/extensions/config/DeviceMgtScopes.java b/components/identity-extensions/org.wso2.carbon.device.mgt.oauth.extensions/src/main/java/org/wso2/carbon/device/mgt/oauth/extensions/config/DeviceMgtScopes.java deleted file mode 100644 index 07a46b21304..00000000000 --- a/components/identity-extensions/org.wso2.carbon.device.mgt.oauth.extensions/src/main/java/org/wso2/carbon/device/mgt/oauth/extensions/config/DeviceMgtScopes.java +++ /dev/null @@ -1,67 +0,0 @@ - -package org.wso2.carbon.device.mgt.oauth.extensions.config; - -import java.util.ArrayList; -import java.util.List; -import javax.xml.bind.annotation.XmlAccessType; -import javax.xml.bind.annotation.XmlAccessorType; -import javax.xml.bind.annotation.XmlElement; -import javax.xml.bind.annotation.XmlRootElement; -import javax.xml.bind.annotation.XmlType; - - -/** - *

Java class for DeviceMgtScopes complex type. - * - *

The following schema fragment specifies the expected content contained within this class. - * - *

- * <complexType name="DeviceMgtScopes">
- *   <complexContent>
- *     <restriction base="{http://www.w3.org/2001/XMLSchema}anyType">
- *       <sequence>
- *         <element name="Action" type="{}Action" maxOccurs="unbounded" minOccurs="0"/>
- *       </sequence>
- *     </restriction>
- *   </complexContent>
- * </complexType>
- * 
- * - * - */ -@XmlRootElement(name = "DeviceMgtScopes") -public class DeviceMgtScopes { - - @XmlElement(name = "Action") - protected List action; - - /** - * Gets the value of the action property. - * - *

- * This accessor method returns a reference to the live list, - * not a snapshot. Therefore any modification you make to the - * returned list will be present inside the JAXB object. - * This is why there is not a set method for the action property. - * - *

- * For example, to add a new item, do as follows: - *

-     *    getAction().add(newItem);
-     * 
- * - * - *

- * Objects of the following type(s) are allowed in the list - * {@link Action } - * - * - */ - public List getAction() { - if (action == null) { - action = new ArrayList(); - } - return this.action; - } - -} diff --git a/components/identity-extensions/org.wso2.carbon.device.mgt.oauth.extensions/src/main/java/org/wso2/carbon/device/mgt/oauth/extensions/config/DeviceMgtScopesConfig.java b/components/identity-extensions/org.wso2.carbon.device.mgt.oauth.extensions/src/main/java/org/wso2/carbon/device/mgt/oauth/extensions/config/DeviceMgtScopesConfig.java deleted file mode 100644 index 9f8d05760b5..00000000000 --- a/components/identity-extensions/org.wso2.carbon.device.mgt.oauth.extensions/src/main/java/org/wso2/carbon/device/mgt/oauth/extensions/config/DeviceMgtScopesConfig.java +++ /dev/null @@ -1,67 +0,0 @@ - -package org.wso2.carbon.device.mgt.oauth.extensions.config; - -import org.w3c.dom.Document; -import org.wso2.carbon.device.mgt.oauth.extensions.OAuthExtUtils; -import org.wso2.carbon.utils.CarbonUtils; - -import javax.xml.bind.JAXBContext; -import javax.xml.bind.JAXBException; -import javax.xml.bind.Unmarshaller; -import java.io.File; -import java.util.HashMap; -import java.util.Map; - -/** - * This class represents the configuration that are needed for scopes to permission map. - */ -public class DeviceMgtScopesConfig { - - private static DeviceMgtScopesConfig config = new DeviceMgtScopesConfig(); - private static Map actionPermissionMap = new HashMap<>(); - - private static final String DEVICE_MGT_SCOPES_CONFIG_PATH = - CarbonUtils.getEtcCarbonConfigDirPath() + File.separator + "device-mgt-scopes.xml"; - - private DeviceMgtScopesConfig() { - } - - public static DeviceMgtScopesConfig getInstance() { - return config; - } - - public static void init() throws DeviceMgtScopesConfigurationFailedException { - try { - File deviceMgtConfig = new File(DEVICE_MGT_SCOPES_CONFIG_PATH); - Document doc = OAuthExtUtils.convertToDocument(deviceMgtConfig); - - /* Un-marshaling DeviceMGtScope configuration */ - JAXBContext ctx = JAXBContext.newInstance(DeviceMgtScopes.class); - Unmarshaller unmarshaller = ctx.createUnmarshaller(); - //unmarshaller.setSchema(getSchema()); - DeviceMgtScopes deviceMgtScopes = (DeviceMgtScopes) unmarshaller.unmarshal(doc); - if (deviceMgtScopes != null) { - for (Action action : deviceMgtScopes.getAction()) { - Permissions permissions = action.getPermissions(); - if (permissions != null) { - String permission[] = new String[permissions.getPermission().size()]; - int i = 0; - for (String perm : permissions.getPermission()) { - permission[i] = perm; - i++; - } - actionPermissionMap.put(action.getName(), permission); - } - } - } - } catch (JAXBException e) { - throw new DeviceMgtScopesConfigurationFailedException("Error occurred while un-marshalling Device Scope" + - " Config", e); - } - } - - public Map getDeviceMgtScopePermissionMap() { - return actionPermissionMap; - } - -} diff --git a/components/identity-extensions/org.wso2.carbon.device.mgt.oauth.extensions/src/main/java/org/wso2/carbon/device/mgt/oauth/extensions/config/DeviceMgtScopesConfigurationFailedException.java b/components/identity-extensions/org.wso2.carbon.device.mgt.oauth.extensions/src/main/java/org/wso2/carbon/device/mgt/oauth/extensions/config/DeviceMgtScopesConfigurationFailedException.java deleted file mode 100644 index 7a16382c18d..00000000000 --- a/components/identity-extensions/org.wso2.carbon.device.mgt.oauth.extensions/src/main/java/org/wso2/carbon/device/mgt/oauth/extensions/config/DeviceMgtScopesConfigurationFailedException.java +++ /dev/null @@ -1,44 +0,0 @@ -/* - * Copyright (c) 2016, WSO2 Inc. (http://www.wso2.org) All Rights Reserved. - * - * WSO2 Inc. licenses this file to you under the Apache License, - * Version 2.0 (the "License"); you may not use this file except - * in compliance with the License. - * You may obtain a copy of the License at - * - * http://www.apache.org/licenses/LICENSE-2.0 - * - * Unless required by applicable law or agreed to in writing, - * software distributed under the License is distributed on an - * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY - * KIND, either express or implied. See the License for the - * specific language governing permissions and limitations - * under the License. - */ - -package org.wso2.carbon.device.mgt.oauth.extensions.config; - -public class DeviceMgtScopesConfigurationFailedException extends Exception { - - private static final long serialVersionUID = -3151279312929070398L; - - public DeviceMgtScopesConfigurationFailedException(String msg, Exception nestedEx) { - super(msg, nestedEx); - } - - public DeviceMgtScopesConfigurationFailedException(String message, Throwable cause) { - super(message, cause); - } - - public DeviceMgtScopesConfigurationFailedException(String msg) { - super(msg); - } - - public DeviceMgtScopesConfigurationFailedException() { - super(); - } - - public DeviceMgtScopesConfigurationFailedException(Throwable cause) { - super(cause); - } -} diff --git a/components/identity-extensions/org.wso2.carbon.device.mgt.oauth.extensions/src/main/java/org/wso2/carbon/device/mgt/oauth/extensions/config/Permissions.java b/components/identity-extensions/org.wso2.carbon.device.mgt.oauth.extensions/src/main/java/org/wso2/carbon/device/mgt/oauth/extensions/config/Permissions.java deleted file mode 100644 index 6733a42e8d5..00000000000 --- a/components/identity-extensions/org.wso2.carbon.device.mgt.oauth.extensions/src/main/java/org/wso2/carbon/device/mgt/oauth/extensions/config/Permissions.java +++ /dev/null @@ -1,78 +0,0 @@ - -package org.wso2.carbon.device.mgt.oauth.extensions.config; - -import java.util.ArrayList; -import java.util.List; -import javax.xml.bind.annotation.XmlAccessType; -import javax.xml.bind.annotation.XmlAccessorType; -import javax.xml.bind.annotation.XmlElement; -import javax.xml.bind.annotation.XmlType; - - -/** - *

Java class for Permissions complex type. - * - *

The following schema fragment specifies the expected content contained within this class. - * - *

- * <complexType name="Permissions">
- *   <complexContent>
- *     <restriction base="{http://www.w3.org/2001/XMLSchema}anyType">
- *       <sequence>
- *         <element name="Permission" maxOccurs="unbounded" minOccurs="0">
- *           <simpleType>
- *             <restriction base="{http://www.w3.org/2001/XMLSchema}string">
- *               <enumeration value="/permission/device-mgt/user/groups/device_operation"/>
- *               <enumeration value="/permission/device-mgt/groups"/>
- *               <enumeration value="/permission/device-mgt/user/groups"/>
- *               <enumeration value="/permission/device-mgt/user/groups/device_monitor"/>
- *             </restriction>
- *           </simpleType>
- *         </element>
- *       </sequence>
- *     </restriction>
- *   </complexContent>
- * </complexType>
- * 
- * - * - */ -@XmlAccessorType(XmlAccessType.FIELD) -@XmlType(name = "Permissions", propOrder = { - "permission" -}) -public class Permissions { - - @XmlElement(name = "Permission") - protected List permission; - - /** - * Gets the value of the permission property. - * - *

- * This accessor method returns a reference to the live list, - * not a snapshot. Therefore any modification you make to the - * returned list will be present inside the JAXB object. - * This is why there is not a set method for the permission property. - * - *

- * For example, to add a new item, do as follows: - *

-     *    getPermission().add(newItem);
-     * 
- * - * - *

- * Objects of the following type(s) are allowed in the list - * {@link String } - * - * - */ - public List getPermission() { - if (permission == null) { - permission = new ArrayList(); - } - return this.permission; - } - -} diff --git a/components/identity-extensions/org.wso2.carbon.device.mgt.oauth.extensions/src/main/java/org/wso2/carbon/device/mgt/oauth/extensions/handlers/grant/ExtendedDeviceMgtJWTBearerGrantHandler.java b/components/identity-extensions/org.wso2.carbon.device.mgt.oauth.extensions/src/main/java/org/wso2/carbon/device/mgt/oauth/extensions/handlers/grant/ExtendedDeviceMgtJWTBearerGrantHandler.java deleted file mode 100644 index 6928f1ea6dd..00000000000 --- a/components/identity-extensions/org.wso2.carbon.device.mgt.oauth.extensions/src/main/java/org/wso2/carbon/device/mgt/oauth/extensions/handlers/grant/ExtendedDeviceMgtJWTBearerGrantHandler.java +++ /dev/null @@ -1,31 +0,0 @@ -/* - * Copyright (c) 2016, WSO2 Inc. (http://www.wso2.org) All Rights Reserved. - * - * WSO2 Inc. licenses this file to you under the Apache License, - * Version 2.0 (the "License"); you may not use this file except - * in compliance with the License. - * You may obtain a copy of the License at - * - * http://www.apache.org/licenses/LICENSE-2.0 - * - * Unless required by applicable law or agreed to in writing, - * software distributed under the License is distributed on an - * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY - * KIND, either express or implied. See the License for the - * specific language governing permissions and limitations - * under the License. - */ -package org.wso2.carbon.device.mgt.oauth.extensions.handlers.grant; - -import org.wso2.carbon.device.mgt.oauth.extensions.OAuthExtUtils; -import org.wso2.carbon.identity.oauth2.IdentityOAuth2Exception; -import org.wso2.carbon.identity.oauth2.grant.jwt.JWTBearerGrantHandler; -import org.wso2.carbon.identity.oauth2.token.OAuthTokenReqMessageContext; - -public class ExtendedDeviceMgtJWTBearerGrantHandler extends JWTBearerGrantHandler { - - @Override - public boolean validateScope(OAuthTokenReqMessageContext tokReqMsgCtx) throws IdentityOAuth2Exception { - return OAuthExtUtils.validateScope(tokReqMsgCtx); - } -} diff --git a/components/identity-extensions/org.wso2.carbon.device.mgt.oauth.extensions/src/main/java/org/wso2/carbon/device/mgt/oauth/extensions/handlers/grant/ExtendedDeviceMgtPasswordGrantHandler.java b/components/identity-extensions/org.wso2.carbon.device.mgt.oauth.extensions/src/main/java/org/wso2/carbon/device/mgt/oauth/extensions/handlers/grant/ExtendedDeviceMgtPasswordGrantHandler.java deleted file mode 100644 index 04418991eed..00000000000 --- a/components/identity-extensions/org.wso2.carbon.device.mgt.oauth.extensions/src/main/java/org/wso2/carbon/device/mgt/oauth/extensions/handlers/grant/ExtendedDeviceMgtPasswordGrantHandler.java +++ /dev/null @@ -1,59 +0,0 @@ -/* - * Copyright (c) 2016, WSO2 Inc. (http://www.wso2.org) All Rights Reserved. - * - * WSO2 Inc. licenses this file to you under the Apache License, - * Version 2.0 (the "License"); you may not use this file except - * in compliance with the License. - * You may obtain a copy of the License at - * - * http://www.apache.org/licenses/LICENSE-2.0 - * - * Unless required by applicable law or agreed to in writing, - * software distributed under the License is distributed on an - * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY - * KIND, either express or implied. See the License for the - * specific language governing permissions and limitations - * under the License. - */ - -package org.wso2.carbon.device.mgt.oauth.extensions.handlers.grant; - -import org.apache.commons.logging.Log; -import org.apache.commons.logging.LogFactory; -import org.wso2.carbon.apimgt.keymgt.handlers.ExtendedPasswordGrantHandler; -import org.wso2.carbon.device.mgt.oauth.extensions.OAuthConstants; -import org.wso2.carbon.device.mgt.oauth.extensions.OAuthExtUtils; -import org.wso2.carbon.identity.oauth2.IdentityOAuth2Exception; -import org.wso2.carbon.identity.oauth2.model.RequestParameter; -import org.wso2.carbon.identity.oauth2.token.OAuthTokenReqMessageContext; - -@SuppressWarnings("unused") -public class ExtendedDeviceMgtPasswordGrantHandler extends ExtendedPasswordGrantHandler { - - private static Log log = LogFactory.getLog(ExtendedDeviceMgtPasswordGrantHandler.class); - - @Override - public boolean validateGrant(OAuthTokenReqMessageContext tokReqMsgCtx) throws IdentityOAuth2Exception { - RequestParameter parameters[] = tokReqMsgCtx.getOauth2AccessTokenReqDTO().getRequestParameters(); - for (RequestParameter parameter : parameters) { - switch (parameter.getKey()) { - case OAuthConstants.DEFAULT_USERNAME_IDENTIFIER: - String username = parameter.getValue()[0]; - tokReqMsgCtx.getOauth2AccessTokenReqDTO().setResourceOwnerUsername(username); - break; - - case OAuthConstants.DEFAULT_PASSWORD_IDENTIFIER: - String password = parameter.getValue()[0]; - tokReqMsgCtx.getOauth2AccessTokenReqDTO().setResourceOwnerPassword(password); - break; - } - } - return super.validateGrant(tokReqMsgCtx); - } - - @Override - public boolean validateScope(OAuthTokenReqMessageContext tokReqMsgCtx) { - return OAuthExtUtils.validateScope(tokReqMsgCtx); - } - -} diff --git a/components/identity-extensions/org.wso2.carbon.device.mgt.oauth.extensions/src/main/java/org/wso2/carbon/device/mgt/oauth/extensions/internal/OAuthExtensionServiceComponent.java b/components/identity-extensions/org.wso2.carbon.device.mgt.oauth.extensions/src/main/java/org/wso2/carbon/device/mgt/oauth/extensions/internal/OAuthExtensionServiceComponent.java index d43c86297f4..dfcdc2dff27 100644 --- a/components/identity-extensions/org.wso2.carbon.device.mgt.oauth.extensions/src/main/java/org/wso2/carbon/device/mgt/oauth/extensions/internal/OAuthExtensionServiceComponent.java +++ b/components/identity-extensions/org.wso2.carbon.device.mgt.oauth.extensions/src/main/java/org/wso2/carbon/device/mgt/oauth/extensions/internal/OAuthExtensionServiceComponent.java @@ -24,12 +24,6 @@ import org.osgi.service.component.ComponentContext; import org.wso2.carbon.apimgt.api.APIManagementException; import org.wso2.carbon.apimgt.impl.APIConstants; import org.wso2.carbon.apimgt.impl.APIManagerConfiguration; -import org.wso2.carbon.device.mgt.common.authorization.DeviceAccessAuthorizationException; -import org.wso2.carbon.device.mgt.common.authorization.DeviceAccessAuthorizationService; -import org.wso2.carbon.device.mgt.common.permission.mgt.PermissionManagerService; -import org.wso2.carbon.device.mgt.core.service.DeviceManagementProviderService; -import org.wso2.carbon.device.mgt.oauth.extensions.config.DeviceMgtScopesConfig; -import org.wso2.carbon.device.mgt.oauth.extensions.config.DeviceMgtScopesConfigurationFailedException; import org.wso2.carbon.identity.oauth2.OAuth2TokenValidationService; import org.wso2.carbon.user.core.service.RealmService; import org.wso2.carbon.utils.CarbonUtils; @@ -52,18 +46,6 @@ import java.util.List; * policy="dynamic" * bind="setOAuth2ValidationService" * unbind="unsetOAuth2ValidationService" - * @scr.reference name="permission.manager.service" - * interface="org.wso2.carbon.device.mgt.common.permission.mgt.PermissionManagerService" - * cardinality="1..1" - * policy="dynamic" - * bind="setPermissionManagerService" - * unbind="unsetPermissionManagerService" - * @scr.reference name="org.wso2.carbon.device.authorization" - * interface="org.wso2.carbon.device.mgt.common.authorization.DeviceAccessAuthorizationService" - * cardinality="1..1" - * policy="dynamic" - * bind="setDeviceAccessAuthorizationService" - * unbind="unsetDeviceAccessAuthorizationService" */ public class OAuthExtensionServiceComponent { @@ -79,7 +61,6 @@ public class OAuthExtensionServiceComponent { log.debug("Starting OAuthExtensionBundle"); } try { - DeviceMgtScopesConfig.init(); APIManagerConfiguration configuration = new APIManagerConfiguration(); String filePath = new StringBuilder(). @@ -108,8 +89,6 @@ public class OAuthExtensionServiceComponent { OAuthExtensionsDataHolder.getInstance().setWhitelistedScopes(whiteList); } catch (APIManagementException e) { log.error("Error occurred while loading DeviceMgtConfig configurations", e); - } catch (DeviceMgtScopesConfigurationFailedException e) { - log.error("Failed to initialize device scope configuration.", e); } } @@ -168,50 +147,5 @@ public class OAuthExtensionServiceComponent { OAuthExtensionsDataHolder.getInstance().setoAuth2TokenValidationService(null); } - /** - * Sets PermissionManagerService Service. - * - * @param permissionManagerService An instance of PermissionManagerService - */ - protected void setPermissionManagerService(PermissionManagerService permissionManagerService) { - if (log.isDebugEnabled()) { - log.debug("Setting PermissionManager Service"); - } - OAuthExtensionsDataHolder.getInstance().setPermissionManagerService(permissionManagerService); - } - - /** - * Unsets PermissionManagerService Service. - * - * @param permissionManagerService An instance of PermissionManagerService - */ - protected void unsetPermissionManagerService(PermissionManagerService permissionManagerService) { - if (log.isDebugEnabled()) { - log.debug("Unsetting PermissionManager Service"); - } - OAuthExtensionsDataHolder.getInstance().setPermissionManagerService(null); - } - - /** - * Set DeviceManagementProviderService - * @param deviceAccessAuthorizationService An instance of deviceAccessAuthorizationService - */ - protected void setDeviceAccessAuthorizationService(DeviceAccessAuthorizationService deviceAccessAuthorizationService) { - if (log.isDebugEnabled()) { - log.debug("Setting Device Management Service"); - } - OAuthExtensionsDataHolder.getInstance().setDeviceAccessAuthorizationService(deviceAccessAuthorizationService); - } - - /** - * unset DeviceManagementProviderService - * @param deviceAccessAuthorizationService An instance of deviceAccessAuthorizationService - */ - protected void unsetDeviceAccessAuthorizationService(DeviceAccessAuthorizationService deviceAccessAuthorizationService) { - if (log.isDebugEnabled()) { - log.debug("Removing Device Management Service"); - } - OAuthExtensionsDataHolder.getInstance().setDeviceAccessAuthorizationService(null); - } } diff --git a/components/identity-extensions/org.wso2.carbon.device.mgt.oauth.extensions/src/main/java/org/wso2/carbon/device/mgt/oauth/extensions/internal/OAuthExtensionsDataHolder.java b/components/identity-extensions/org.wso2.carbon.device.mgt.oauth.extensions/src/main/java/org/wso2/carbon/device/mgt/oauth/extensions/internal/OAuthExtensionsDataHolder.java index 5e4d953fc4b..4f401b3db56 100644 --- a/components/identity-extensions/org.wso2.carbon.device.mgt.oauth.extensions/src/main/java/org/wso2/carbon/device/mgt/oauth/extensions/internal/OAuthExtensionsDataHolder.java +++ b/components/identity-extensions/org.wso2.carbon.device.mgt.oauth.extensions/src/main/java/org/wso2/carbon/device/mgt/oauth/extensions/internal/OAuthExtensionsDataHolder.java @@ -18,9 +18,6 @@ package org.wso2.carbon.device.mgt.oauth.extensions.internal; -import org.wso2.carbon.device.mgt.common.authorization.DeviceAccessAuthorizationService; -import org.wso2.carbon.device.mgt.common.permission.mgt.PermissionManagerService; -import org.wso2.carbon.device.mgt.core.service.DeviceManagementProviderService; import org.wso2.carbon.identity.oauth2.OAuth2TokenValidationService; import org.wso2.carbon.user.core.service.RealmService; @@ -33,10 +30,7 @@ public class OAuthExtensionsDataHolder { private RealmService realmService; private OAuth2TokenValidationService oAuth2TokenValidationService; - private PermissionManagerService permissionManagerService; private List whitelistedScopes; - private String deviceScope; - private DeviceAccessAuthorizationService deviceAccessAuthorizationService; private static OAuthExtensionsDataHolder thisInstance = new OAuthExtensionsDataHolder(); @@ -69,17 +63,6 @@ public class OAuthExtensionsDataHolder { this.oAuth2TokenValidationService = oAuth2TokenValidationService; } - public void setPermissionManagerService(PermissionManagerService permissionManagerService) { - this.permissionManagerService = permissionManagerService; - } - - public PermissionManagerService getPermissionManagerService() { - if (permissionManagerService == null) { - throw new IllegalStateException("PermissionManager service is not initialized properly"); - } - return permissionManagerService; - } - public List getWhitelistedScopes() { return whitelistedScopes; } @@ -88,15 +71,4 @@ public class OAuthExtensionsDataHolder { this.whitelistedScopes = whitelistedScopes; } - public String getDeviceScope() { - return deviceScope; - } - - public DeviceAccessAuthorizationService getDeviceAccessAuthorizationService() { - return deviceAccessAuthorizationService; - } - - public void setDeviceAccessAuthorizationService(DeviceAccessAuthorizationService deviceAccessAuthorizationService) { - this.deviceAccessAuthorizationService = deviceAccessAuthorizationService; - } } diff --git a/components/identity-extensions/org.wso2.carbon.device.mgt.oauth.extensions/src/main/java/org/wso2/carbon/device/mgt/oauth/extensions/validators/ExtendedDeviceJWTGrantValidator.java b/components/identity-extensions/org.wso2.carbon.device.mgt.oauth.extensions/src/main/java/org/wso2/carbon/device/mgt/oauth/extensions/validators/ExtendedDeviceJWTGrantValidator.java deleted file mode 100644 index 903c3997d46..00000000000 --- a/components/identity-extensions/org.wso2.carbon.device.mgt.oauth.extensions/src/main/java/org/wso2/carbon/device/mgt/oauth/extensions/validators/ExtendedDeviceJWTGrantValidator.java +++ /dev/null @@ -1,38 +0,0 @@ -/* - * Copyright (c) 2016, WSO2 Inc. (http://www.wso2.org) All Rights Reserved. - * - * WSO2 Inc. licenses this file to you under the Apache License, - * Version 2.0 (the "License"); you may not use this file except - * in compliance with the License. - * You may obtain a copy of the License at - * - * http://www.apache.org/licenses/LICENSE-2.0 - * - * Unless required by applicable law or agreed to in writing, - * software distributed under the License is distributed on an - * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY - * KIND, either express or implied. See the License for the - * specific language governing permissions and limitations - * under the License - */ - -package org.wso2.carbon.device.mgt.oauth.extensions.validators; - -import org.apache.oltu.oauth2.common.OAuth; -import org.apache.oltu.oauth2.common.validators.AbstractValidator; -import org.wso2.carbon.device.mgt.oauth.extensions.OAuthConstants; - -import javax.servlet.http.HttpServletRequest; - -/** - * Grant validator for JSON Web Tokens - * For JWT Grant to be valid the required parameters are - * grant_type and assertion - */ -public class ExtendedDeviceJWTGrantValidator extends AbstractValidator { - - public ExtendedDeviceJWTGrantValidator() { - requiredParams.add(OAuth.OAUTH_GRANT_TYPE); - requiredParams.add(OAuth.OAUTH_ASSERTION); - } -} \ No newline at end of file diff --git a/components/identity-extensions/org.wso2.carbon.device.mgt.oauth.extensions/src/main/java/org/wso2/carbon/device/mgt/oauth/extensions/validators/ExtendedDevicePasswordGrantValidator.java b/components/identity-extensions/org.wso2.carbon.device.mgt.oauth.extensions/src/main/java/org/wso2/carbon/device/mgt/oauth/extensions/validators/ExtendedDevicePasswordGrantValidator.java deleted file mode 100644 index e22b211f5f1..00000000000 --- a/components/identity-extensions/org.wso2.carbon.device.mgt.oauth.extensions/src/main/java/org/wso2/carbon/device/mgt/oauth/extensions/validators/ExtendedDevicePasswordGrantValidator.java +++ /dev/null @@ -1,37 +0,0 @@ -/* - * Copyright (c) 2016, WSO2 Inc. (http://www.wso2.org) All Rights Reserved. - * - * WSO2 Inc. licenses this file to you under the Apache License, - * Version 2.0 (the "License"); you may not use this file except - * in compliance with the License. - * You may obtain a copy of the License at - * - * http://www.apache.org/licenses/LICENSE-2.0 - * - * Unless required by applicable law or agreed to in writing, - * software distributed under the License is distributed on an - * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY - * KIND, either express or implied. See the License for the - * specific language governing permissions and limitations - * under the License - */ - -package org.wso2.carbon.device.mgt.oauth.extensions.validators; - -import org.apache.oltu.oauth2.common.OAuth; -import org.apache.oltu.oauth2.common.validators.AbstractValidator; -import org.wso2.carbon.device.mgt.oauth.extensions.OAuthConstants; - -import javax.servlet.http.HttpServletRequest; - -/** - * Grant validator for Device Object with Password Grant type - */ -public class ExtendedDevicePasswordGrantValidator extends AbstractValidator { - - public ExtendedDevicePasswordGrantValidator() { - requiredParams.add(OAuth.OAUTH_USERNAME); - requiredParams.add(OAuth.OAUTH_PASSWORD); - requiredParams.add(OAuthConstants.DEFAULT_DEVICE_ASSERTION); - } -} \ No newline at end of file diff --git a/components/identity-extensions/org.wso2.carbon.device.mgt.oauth.extensions/src/main/java/org/wso2/carbon/device/mgt/oauth/extensions/validators/PermissionBasedScopeValidator.java b/components/identity-extensions/org.wso2.carbon.device.mgt.oauth.extensions/src/main/java/org/wso2/carbon/device/mgt/oauth/extensions/validators/PermissionBasedScopeValidator.java deleted file mode 100644 index a032df38a3a..00000000000 --- a/components/identity-extensions/org.wso2.carbon.device.mgt.oauth.extensions/src/main/java/org/wso2/carbon/device/mgt/oauth/extensions/validators/PermissionBasedScopeValidator.java +++ /dev/null @@ -1,112 +0,0 @@ -/* - * Copyright (c) 2015, WSO2 Inc. (http://www.wso2.org) All Rights Reserved. - * - * WSO2 Inc. licenses this file to you under the Apache License, - * Version 2.0 (the "License"); you may not use this file except - * in compliance with the License. - * you may obtain a copy of the License at - * - * http://www.apache.org/licenses/LICENSE-2.0 - * - * Unless required by applicable law or agreed to in writing, - * software distributed under the License is distributed on an - * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY - * KIND, either express or implied. See the License for the - * specific language governing permissions and limitations - * under the License. - */ - -package org.wso2.carbon.device.mgt.oauth.extensions.validators; - -import org.apache.commons.logging.Log; -import org.apache.commons.logging.LogFactory; -import org.wso2.carbon.device.mgt.common.permission.mgt.Permission; -import org.wso2.carbon.device.mgt.common.permission.mgt.PermissionManagementException; -import org.wso2.carbon.device.mgt.common.permission.mgt.PermissionManagerService; -import org.wso2.carbon.device.mgt.oauth.extensions.OAuthExtUtils; -import org.wso2.carbon.device.mgt.oauth.extensions.internal.OAuthExtensionsDataHolder; -import org.wso2.carbon.identity.application.common.model.User; -import org.wso2.carbon.identity.oauth2.IdentityOAuth2Exception; -import org.wso2.carbon.identity.oauth2.model.AccessTokenDO; -import org.wso2.carbon.identity.oauth2.validators.OAuth2ScopeValidator; -import org.wso2.carbon.user.api.UserRealm; -import org.wso2.carbon.user.api.UserStoreException; - -import java.util.Properties; - -/** - * Custom OAuth2Token Scope validation implementation for DeviceManagement. This will validate the - * user permissions before dispatching the HTTP request to the actual endpoint. - */ -public class PermissionBasedScopeValidator extends OAuth2ScopeValidator { - - private static final String URL_PROPERTY = "URL"; - private static final String HTTP_METHOD_PROPERTY = "HTTP_METHOD"; - - public static final class PermissionMethod { - private PermissionMethod() { - throw new AssertionError(); - } - - public static final String READ = "read"; - public static final String WRITE = "write"; - public static final String DELETE = "delete"; - public static final String ACTION = "action"; - public static final String UI_EXECUTE = "ui.execute"; - } - - private static final Log log = LogFactory.getLog(PermissionBasedScopeValidator.class); - - @Override - public boolean validateScope(AccessTokenDO accessTokenDO, String resource) - throws IdentityOAuth2Exception { - boolean status = true; - //Extract the url & http method - int idx = resource.lastIndexOf(':'); - String url = resource.substring(0, idx); - String method = resource.substring(++idx, resource.length()); - //This is to remove the url params for request path. - int urlParamIndex = url.indexOf('?'); - if(urlParamIndex > 0) { - url = url.substring(0, urlParamIndex); - } - - Properties properties = new Properties(); - properties.put(PermissionBasedScopeValidator.URL_PROPERTY, url.toLowerCase()); - properties.put(PermissionBasedScopeValidator.HTTP_METHOD_PROPERTY, method.toUpperCase()); - PermissionManagerService permissionManagerService = OAuthExtensionsDataHolder.getInstance(). - getPermissionManagerService(); - try { - Permission permission = permissionManagerService.getPermission(properties); - User authzUser = accessTokenDO.getAuthzUser(); - if ((permission != null) && (authzUser != null)) { - if (permission.getPath() == null) { - if (log.isDebugEnabled()) { - log.debug("Permission is not defined for the resource '" + resource + "'"); - } - return true; - } - String username = authzUser.getUserName(); - String userStore = authzUser.getUserStoreDomain(); - int tenantId = OAuthExtUtils.getTenantId(authzUser.getTenantDomain()); - UserRealm userRealm = OAuthExtensionsDataHolder.getInstance().getRealmService().getTenantUserRealm(tenantId); - if (userRealm != null && userRealm.getAuthorizationManager() != null) { - if (userStore != null) { - status = userRealm.getAuthorizationManager() - .isUserAuthorized(userStore + "/" + username, permission.getPath(), - PermissionMethod.UI_EXECUTE); - } else { - status = userRealm.getAuthorizationManager() - .isUserAuthorized(username, permission.getPath(), PermissionMethod.UI_EXECUTE); - } - } - } - } catch (PermissionManagementException e) { - log.error("Error occurred while validating the resource scope for : " + resource + - ", Msg = " + e.getMessage(), e); - } catch (UserStoreException e) { - log.error("Error occurred while retrieving user store. " + e.getMessage()); - } - return status; - } -} diff --git a/components/identity-extensions/org.wso2.carbon.identity.jwt.client.extension/src/main/java/org/wso2/carbon/identity/jwt/client/extension/JWTClient.java b/components/identity-extensions/org.wso2.carbon.identity.jwt.client.extension/src/main/java/org/wso2/carbon/identity/jwt/client/extension/JWTClient.java index 6698b8c12f0..93a576f77e2 100644 --- a/components/identity-extensions/org.wso2.carbon.identity.jwt.client.extension/src/main/java/org/wso2/carbon/identity/jwt/client/extension/JWTClient.java +++ b/components/identity-extensions/org.wso2.carbon.identity.jwt.client.extension/src/main/java/org/wso2/carbon/identity/jwt/client/extension/JWTClient.java @@ -73,7 +73,9 @@ public class JWTClient { throw new JWTClientException("JWT is not configured properly for user : " + username); } params.add(new BasicNameValuePair(JWTConstants.JWT_PARAM_NAME, assertion)); - params.add(new BasicNameValuePair(JWTConstants.SCOPE_PARAM_NAME, scopes)); + if (scopes != null && !scopes.isEmpty()) { + params.add(new BasicNameValuePair(JWTConstants.SCOPE_PARAM_NAME, scopes)); + } return getTokenInfo(params, consumerKey, consumerSecret); } @@ -87,7 +89,9 @@ public class JWTClient { throw new JWTClientException("JWT is not configured properly for user : " + username); } params.add(new BasicNameValuePair(JWTConstants.JWT_PARAM_NAME, assertion)); - params.add(new BasicNameValuePair(JWTConstants.SCOPE_PARAM_NAME, scopes)); + if (scopes != null && !scopes.isEmpty()) { + params.add(new BasicNameValuePair(JWTConstants.SCOPE_PARAM_NAME, scopes)); + } if (paramsMap != null) { for (String key : paramsMap.keySet()) { params.add(new BasicNameValuePair(key, paramsMap.get(key))); diff --git a/features/oauth-extensions/org.wso2.carbon.device.mgt.oauth.extensions.feature/src/main/resources/device-mgt-scopes.xml b/features/oauth-extensions/org.wso2.carbon.device.mgt.oauth.extensions.feature/src/main/resources/device-mgt-scopes.xml deleted file mode 100644 index a76191cce0b..00000000000 --- a/features/oauth-extensions/org.wso2.carbon.device.mgt.oauth.extensions.feature/src/main/resources/device-mgt-scopes.xml +++ /dev/null @@ -1,51 +0,0 @@ - - - - - - - - - /permission/device-mgt/user/groups/device_operation - /permission/device-mgt/admin/groups - /permission/device-mgt/user/groups - - - - - /permission/device-mgt/user/groups/device_monitor - /permission/device-mgt/admin/groups - /permission/device-mgt/user/groups - - - - - /permission/device-mgt/user/groups/device_monitor - /permission/device-mgt/admin/groups - /permission/device-mgt/user/groups - - - - - /permission/device-mgt/user/groups/device_operation - /permission/device-mgt/admin/groups - /permission/device-mgt/user/groups - - - \ No newline at end of file diff --git a/features/oauth-extensions/org.wso2.carbon.device.mgt.oauth.extensions.feature/src/main/resources/p2.inf b/features/oauth-extensions/org.wso2.carbon.device.mgt.oauth.extensions.feature/src/main/resources/p2.inf index 6f97c8724c6..7ab37b9d7d7 100644 --- a/features/oauth-extensions/org.wso2.carbon.device.mgt.oauth.extensions.feature/src/main/resources/p2.inf +++ b/features/oauth-extensions/org.wso2.carbon.device.mgt.oauth.extensions.feature/src/main/resources/p2.inf @@ -1,2 +1 @@ -instructions.configure = \ -org.eclipse.equinox.p2.touchpoint.natives.copy(source:${installFolder}/../features/org.wso2.carbon.device.mgt.oauth.extensions_${feature.version}/device-mgt-scopes.xml,target:${installFolder}/../../conf/etc/device-mgt-scopes.xml,overwrite:true);\ +instructions.configure = \ \ No newline at end of file From c29bf24a756ff75c0975bb3da78e0a18e2efe37d Mon Sep 17 00:00:00 2001 From: Madawa Soysa Date: Thu, 17 Nov 2016 17:54:25 +0530 Subject: [PATCH 3/9] Adding mobile devices to default groupes based on device ownership Adding mobile devices to default system generated groups based on the device ownership (BYOD, COPE) --- .../mgt/common/group/mgt/DeviceGroup.java | 7 ++ .../group/mgt/DeviceGroupConstants.java | 12 ++++ .../DeviceManagementProviderServiceImpl.java | 72 ++++++++++++++++++- .../GroupManagementProviderService.java | 25 ++++++- .../GroupManagementProviderServiceImpl.java | 49 +++++++++++++ 5 files changed, 161 insertions(+), 4 deletions(-) diff --git a/components/device-mgt/org.wso2.carbon.device.mgt.common/src/main/java/org/wso2/carbon/device/mgt/common/group/mgt/DeviceGroup.java b/components/device-mgt/org.wso2.carbon.device.mgt.common/src/main/java/org/wso2/carbon/device/mgt/common/group/mgt/DeviceGroup.java index d4417bf58a7..bb59bd17983 100644 --- a/components/device-mgt/org.wso2.carbon.device.mgt.common/src/main/java/org/wso2/carbon/device/mgt/common/group/mgt/DeviceGroup.java +++ b/components/device-mgt/org.wso2.carbon.device.mgt.common/src/main/java/org/wso2/carbon/device/mgt/common/group/mgt/DeviceGroup.java @@ -48,6 +48,13 @@ public class DeviceGroup implements Serializable { private Long dateOfLastUpdate; private String owner; + public DeviceGroup() {} + + public DeviceGroup(String name, String description) { + this.name = name; + this.description = description; + } + public int getGroupId() { return id; } diff --git a/components/device-mgt/org.wso2.carbon.device.mgt.common/src/main/java/org/wso2/carbon/device/mgt/common/group/mgt/DeviceGroupConstants.java b/components/device-mgt/org.wso2.carbon.device.mgt.common/src/main/java/org/wso2/carbon/device/mgt/common/group/mgt/DeviceGroupConstants.java index aab0fc16f3a..488c8034e2a 100644 --- a/components/device-mgt/org.wso2.carbon.device.mgt.common/src/main/java/org/wso2/carbon/device/mgt/common/group/mgt/DeviceGroupConstants.java +++ b/components/device-mgt/org.wso2.carbon.device.mgt.common/src/main/java/org/wso2/carbon/device/mgt/common/group/mgt/DeviceGroupConstants.java @@ -79,4 +79,16 @@ public class DeviceGroupConstants { public static final String[] DEFAULT_VIEW_EVENTS_PERMISSIONS = {"/permission/device-mgt/user/groups/device_events"}; } + + /** + * Holds the constants related to default (System Generated) groups. + */ + public static class DefaultGroups { + public static final String BYOD_GROUP_NAME = "BYOD"; + public static final String BYOD_GROUP_DESCRIPTION = "This is the default group for BYOD (Bring Your Own Device)" + + " type devices."; + public static final String COPE_GROUP_NAME = "COPE"; + public static final String COPE_GROUP_DESCRIPTION = "This is the default group for COPE (Corporate Owned) type" + + " devices."; + } } diff --git a/components/device-mgt/org.wso2.carbon.device.mgt.core/src/main/java/org/wso2/carbon/device/mgt/core/service/DeviceManagementProviderServiceImpl.java b/components/device-mgt/org.wso2.carbon.device.mgt.core/src/main/java/org/wso2/carbon/device/mgt/core/service/DeviceManagementProviderServiceImpl.java index 1811cc36f37..37d9cb9fe31 100644 --- a/components/device-mgt/org.wso2.carbon.device.mgt.core/src/main/java/org/wso2/carbon/device/mgt/core/service/DeviceManagementProviderServiceImpl.java +++ b/components/device-mgt/org.wso2.carbon.device.mgt.core/src/main/java/org/wso2/carbon/device/mgt/core/service/DeviceManagementProviderServiceImpl.java @@ -20,11 +20,16 @@ package org.wso2.carbon.device.mgt.core.service; import org.apache.commons.logging.Log; import org.apache.commons.logging.LogFactory; import org.wso2.carbon.context.CarbonContext; +import org.wso2.carbon.context.PrivilegedCarbonContext; import org.wso2.carbon.device.mgt.common.*; import org.wso2.carbon.device.mgt.common.app.mgt.Application; import org.wso2.carbon.device.mgt.common.configuration.mgt.PlatformConfiguration; import org.wso2.carbon.device.mgt.common.device.details.DeviceInfo; import org.wso2.carbon.device.mgt.common.device.details.DeviceLocation; +import org.wso2.carbon.device.mgt.common.group.mgt.DeviceGroup; +import org.wso2.carbon.device.mgt.common.group.mgt.DeviceGroupConstants; +import org.wso2.carbon.device.mgt.common.group.mgt.GroupAlreadyExistException; +import org.wso2.carbon.device.mgt.common.group.mgt.GroupManagementException; import org.wso2.carbon.device.mgt.common.license.mgt.License; import org.wso2.carbon.device.mgt.common.license.mgt.LicenseManagementException; import org.wso2.carbon.device.mgt.common.operation.mgt.Activity; @@ -130,7 +135,6 @@ public class DeviceManagementProviderServiceImpl implements DeviceManagementProv return false; } deviceManager.enrollDevice(device); - if (deviceManager.isClaimable(deviceIdentifier)) { device.getEnrolmentInfo().setStatus(EnrolmentInfo.Status.INACTIVE); } else { @@ -221,6 +225,9 @@ public class DeviceManagementProviderServiceImpl implements DeviceManagementProv status = true; } + if (status) { + addDeviceToGroups(deviceIdentifier, device.getEnrolmentInfo().getOwnership()); + } return status; } @@ -1834,4 +1841,67 @@ public class DeviceManagementProviderServiceImpl implements DeviceManagementProv return deviceManagementService.getDeviceManager(); } + /** + * Adds the enrolled devices to the default groups based on ownership + * + * @param deviceIdentifier of the device. + * @param ownerShip of the device. + * @throws DeviceManagementException If error occurred in adding the device to the group. + */ + private void addDeviceToGroups(DeviceIdentifier deviceIdentifier, EnrolmentInfo.OwnerShip ownerShip) + throws DeviceManagementException { + GroupManagementProviderService groupManagementProviderService = new GroupManagementProviderServiceImpl(); + DeviceGroup defaultGroup = null; + try { + if (ownerShip == EnrolmentInfo.OwnerShip.BYOD) { + defaultGroup = createDefaultGroup(groupManagementProviderService, + DeviceGroupConstants.DefaultGroups.BYOD_GROUP_NAME, + DeviceGroupConstants.DefaultGroups.BYOD_GROUP_DESCRIPTION); + } else if (ownerShip == EnrolmentInfo.OwnerShip.COPE) { + defaultGroup = createDefaultGroup(groupManagementProviderService, + DeviceGroupConstants.DefaultGroups.COPE_GROUP_NAME, + DeviceGroupConstants.DefaultGroups.COPE_GROUP_DESCRIPTION); + } + if (defaultGroup != null) { + groupManagementProviderService.addDevice(defaultGroup.getGroupId(), deviceIdentifier); + } + } catch (DeviceNotFoundException e) { + throw new DeviceManagementException("Unable to find the device with the id: '" + deviceIdentifier.getId(), + e); + } catch (GroupManagementException | GroupAlreadyExistException e) { + throw new DeviceManagementException("An error occurred when adding the device to the group.", e); + } + } + + /** + * Checks for the default group existence and create group based on device ownership + * + * @param service {@link GroupManagementProviderService} + * @param groupName of the group to create. + * @param groupDescription of the group to create. + * @return Group with details. + * @throws GroupManagementException + * @throws GroupAlreadyExistException + */ + private DeviceGroup createDefaultGroup(GroupManagementProviderService service, String groupName, + String groupDescription) throws GroupManagementException, GroupAlreadyExistException { + DeviceGroup defaultGroup = service.getGroup(groupName); + if (defaultGroup == null) { + defaultGroup = new DeviceGroup(groupName, groupDescription); + defaultGroup.setOwner(PrivilegedCarbonContext.getThreadLocalCarbonContext().getUsername()); + defaultGroup.setDateOfCreation(new Date().getTime()); + defaultGroup.setDateOfLastUpdate(new Date().getTime()); + try { + service.createGroup(defaultGroup, DeviceGroupConstants.Roles.DEFAULT_ADMIN_ROLE, + DeviceGroupConstants.Permissions.DEFAULT_ADMIN_PERMISSIONS); + } catch (GroupAlreadyExistException e) { + if (log.isDebugEnabled()) { + log.debug("Default group: " + defaultGroup.getName() + " already exists.", e); + } + } + return service.getGroup(groupName); + } else { + return defaultGroup; + } + } } diff --git a/components/device-mgt/org.wso2.carbon.device.mgt.core/src/main/java/org/wso2/carbon/device/mgt/core/service/GroupManagementProviderService.java b/components/device-mgt/org.wso2.carbon.device.mgt.core/src/main/java/org/wso2/carbon/device/mgt/core/service/GroupManagementProviderService.java index 4be6e298d83..7fcdb6708c9 100644 --- a/components/device-mgt/org.wso2.carbon.device.mgt.core/src/main/java/org/wso2/carbon/device/mgt/core/service/GroupManagementProviderService.java +++ b/components/device-mgt/org.wso2.carbon.device.mgt.core/src/main/java/org/wso2/carbon/device/mgt/core/service/GroupManagementProviderService.java @@ -29,6 +29,7 @@ import org.wso2.carbon.device.mgt.common.group.mgt.GroupAlreadyExistException; import org.wso2.carbon.device.mgt.common.group.mgt.GroupManagementException; import org.wso2.carbon.device.mgt.common.group.mgt.GroupUser; import org.wso2.carbon.device.mgt.common.group.mgt.RoleDoesNotExistException; +import org.wso2.carbon.device.mgt.core.dao.GroupManagementDAOException; import org.wso2.carbon.user.core.multiplecredentials.UserDoesNotExistException; import java.util.List; @@ -76,6 +77,15 @@ public interface GroupManagementProviderService { */ DeviceGroup getGroup(int groupId) throws GroupManagementException; + /** + * Get the device group provided the device group id. + * + * @param groupName of the group. + * @return group with details. + * @throws GroupManagementException + */ + DeviceGroup getGroup(String groupName) throws GroupManagementException; + /** * Get all device groups in tenant. * @@ -211,15 +221,24 @@ public interface GroupManagementProviderService { */ int getDeviceCount(int groupId) throws GroupManagementException; + /** + * @param groupId of the group. + * @param deviceIdentifier of the device to add. + * @throws DeviceNotFoundException If device does not exist. + * @throws GroupManagementException If unable to add device to the group. + */ + void addDevice(int groupId, DeviceIdentifier deviceIdentifier) + throws DeviceNotFoundException, GroupManagementException; + /** * Add device to device group. * - * @param groupId of the group. + * @param groupId of the group. * @param deviceIdentifiers of devices. * @throws GroupManagementException */ - void addDevices(int groupId, List deviceIdentifiers) throws GroupManagementException, - DeviceNotFoundException; + void addDevices(int groupId, List deviceIdentifiers) + throws GroupManagementException, DeviceNotFoundException; /** * Remove device from device group. diff --git a/components/device-mgt/org.wso2.carbon.device.mgt.core/src/main/java/org/wso2/carbon/device/mgt/core/service/GroupManagementProviderServiceImpl.java b/components/device-mgt/org.wso2.carbon.device.mgt.core/src/main/java/org/wso2/carbon/device/mgt/core/service/GroupManagementProviderServiceImpl.java index 575f19dcbe9..a711a45da62 100644 --- a/components/device-mgt/org.wso2.carbon.device.mgt.core/src/main/java/org/wso2/carbon/device/mgt/core/service/GroupManagementProviderServiceImpl.java +++ b/components/device-mgt/org.wso2.carbon.device.mgt.core/src/main/java/org/wso2/carbon/device/mgt/core/service/GroupManagementProviderServiceImpl.java @@ -188,6 +188,25 @@ public class GroupManagementProviderServiceImpl implements GroupManagementProvid return deviceGroup; } + /** + * {@inheritDoc} + */ + @Override + public DeviceGroup getGroup(String groupName) throws GroupManagementException { + DeviceGroup deviceGroup; + try { + GroupManagementDAOFactory.openConnection(); + deviceGroup = this.groupDAO.getGroup(groupName, CarbonContext.getThreadLocalCarbonContext().getTenantId()); + } catch (GroupManagementDAOException e) { + throw new GroupManagementException("Error occurred while obtaining group with name: '" + groupName + "'", e); + } catch (SQLException e) { + throw new GroupManagementException("Error occurred while opening a connection to the data source.", e); + } finally { + GroupManagementDAOFactory.closeConnection(); + } + return deviceGroup; + } + @Override public List getGroups() throws GroupManagementException { List deviceGroups = new ArrayList<>(); @@ -587,6 +606,36 @@ public class GroupManagementProviderServiceImpl implements GroupManagementProvid } } + /** + * {@inheritDoc} + */ + @Override + public void addDevice(int groupId, DeviceIdentifier deviceIdentifier) + throws DeviceNotFoundException, GroupManagementException { + Device device; + try { + int tenantId = CarbonContext.getThreadLocalCarbonContext().getTenantId(); + GroupManagementDAOFactory.beginTransaction(); + device = DeviceManagementDataHolder.getInstance().getDeviceManagementProvider().getDevice(deviceIdentifier); + if (device == null) { + throw new DeviceNotFoundException("Device not found for id '" + deviceIdentifier.getId() + "'"); + } + if (!this.groupDAO.isDeviceMappedToGroup(groupId, device.getId(), tenantId)) { + this.groupDAO.addDevice(groupId, device.getId(), tenantId); + } + GroupManagementDAOFactory.commitTransaction(); + } catch (DeviceManagementException e) { + throw new GroupManagementException("Error occurred while retrieving device.", e); + } catch (GroupManagementDAOException e) { + GroupManagementDAOFactory.rollbackTransaction(); + throw new GroupManagementException("Error occurred while adding device to group.", e); + } catch (TransactionManagementException e) { + throw new GroupManagementException("Error occurred while initiating transaction.", e); + } finally { + GroupManagementDAOFactory.closeConnection(); + } + } + /** * {@inheritDoc} */ From 2164a30f8805313f2c6ba7bea858adb3e8c4d91c Mon Sep 17 00:00:00 2001 From: Madawa Soysa Date: Mon, 21 Nov 2016 16:16:00 +0530 Subject: [PATCH 4/9] changing group owner to super user Changing the owner of the default system generated groups from the group creator to the super user of the system. --- .../DeviceManagementProviderServiceImpl.java | 15 +++++++++------ 1 file changed, 9 insertions(+), 6 deletions(-) diff --git a/components/device-mgt/org.wso2.carbon.device.mgt.core/src/main/java/org/wso2/carbon/device/mgt/core/service/DeviceManagementProviderServiceImpl.java b/components/device-mgt/org.wso2.carbon.device.mgt.core/src/main/java/org/wso2/carbon/device/mgt/core/service/DeviceManagementProviderServiceImpl.java index 37d9cb9fe31..6c62345aaa7 100644 --- a/components/device-mgt/org.wso2.carbon.device.mgt.core/src/main/java/org/wso2/carbon/device/mgt/core/service/DeviceManagementProviderServiceImpl.java +++ b/components/device-mgt/org.wso2.carbon.device.mgt.core/src/main/java/org/wso2/carbon/device/mgt/core/service/DeviceManagementProviderServiceImpl.java @@ -37,6 +37,7 @@ import org.wso2.carbon.device.mgt.common.operation.mgt.Operation; import org.wso2.carbon.device.mgt.common.operation.mgt.OperationManagementException; import org.wso2.carbon.device.mgt.common.spi.DeviceManagementService; import org.wso2.carbon.device.mgt.core.DeviceManagementPluginRepository; +import org.wso2.carbon.device.mgt.core.config.identity.IdentityConfigurations; import org.wso2.carbon.device.mgt.core.dao.*; import org.wso2.carbon.device.mgt.core.device.details.mgt.dao.DeviceDetailsDAO; import org.wso2.carbon.device.mgt.core.device.details.mgt.dao.DeviceDetailsMgtDAOException; @@ -1868,7 +1869,7 @@ public class DeviceManagementProviderServiceImpl implements DeviceManagementProv } catch (DeviceNotFoundException e) { throw new DeviceManagementException("Unable to find the device with the id: '" + deviceIdentifier.getId(), e); - } catch (GroupManagementException | GroupAlreadyExistException e) { + } catch (GroupManagementException | UserStoreException e) { throw new DeviceManagementException("An error occurred when adding the device to the group.", e); } } @@ -1876,19 +1877,20 @@ public class DeviceManagementProviderServiceImpl implements DeviceManagementProv /** * Checks for the default group existence and create group based on device ownership * - * @param service {@link GroupManagementProviderService} + * @param service {@link GroupManagementProviderService} instance. * @param groupName of the group to create. * @param groupDescription of the group to create. * @return Group with details. * @throws GroupManagementException - * @throws GroupAlreadyExistException */ private DeviceGroup createDefaultGroup(GroupManagementProviderService service, String groupName, - String groupDescription) throws GroupManagementException, GroupAlreadyExistException { + String groupDescription) throws GroupManagementException, UserStoreException { DeviceGroup defaultGroup = service.getGroup(groupName); if (defaultGroup == null) { defaultGroup = new DeviceGroup(groupName, groupDescription); - defaultGroup.setOwner(PrivilegedCarbonContext.getThreadLocalCarbonContext().getUsername()); + defaultGroup.setOwner( + PrivilegedCarbonContext.getThreadLocalCarbonContext().getUserRealm().getRealmConfiguration() + .getAdminUserName()); defaultGroup.setDateOfCreation(new Date().getTime()); defaultGroup.setDateOfLastUpdate(new Date().getTime()); try { @@ -1896,7 +1898,8 @@ public class DeviceManagementProviderServiceImpl implements DeviceManagementProv DeviceGroupConstants.Permissions.DEFAULT_ADMIN_PERMISSIONS); } catch (GroupAlreadyExistException e) { if (log.isDebugEnabled()) { - log.debug("Default group: " + defaultGroup.getName() + " already exists.", e); + log.debug("Default group: " + defaultGroup.getName() + " already exists. Skipping group creation.", + e); } } return service.getGroup(groupName); From 8ab73ce07d72ad9c3d6bf3ee3ca374c5f6396a91 Mon Sep 17 00:00:00 2001 From: Madawa Soysa Date: Mon, 21 Nov 2016 16:16:33 +0530 Subject: [PATCH 5/9] fixing issue with javadocs --- .../device/mgt/core/service/GroupManagementProviderService.java | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/components/device-mgt/org.wso2.carbon.device.mgt.core/src/main/java/org/wso2/carbon/device/mgt/core/service/GroupManagementProviderService.java b/components/device-mgt/org.wso2.carbon.device.mgt.core/src/main/java/org/wso2/carbon/device/mgt/core/service/GroupManagementProviderService.java index 7fcdb6708c9..3aded5fc07c 100644 --- a/components/device-mgt/org.wso2.carbon.device.mgt.core/src/main/java/org/wso2/carbon/device/mgt/core/service/GroupManagementProviderService.java +++ b/components/device-mgt/org.wso2.carbon.device.mgt.core/src/main/java/org/wso2/carbon/device/mgt/core/service/GroupManagementProviderService.java @@ -78,7 +78,7 @@ public interface GroupManagementProviderService { DeviceGroup getGroup(int groupId) throws GroupManagementException; /** - * Get the device group provided the device group id. + * Get the device group provided the device group name. * * @param groupName of the group. * @return group with details. From fede8ec40912f939693c636208b29ba595bba105 Mon Sep 17 00:00:00 2001 From: ayyoob Date: Mon, 21 Nov 2016 19:13:59 +0530 Subject: [PATCH 6/9] few changes after testing with authoriser --- .../pom.xml | 2 ++ ...ApiApplicationRegistrationServiceImpl.java | 2 +- .../extension/api/util/APIUtil.java | 2 +- ...ceAccessAuthorizationAdminServiceImpl.java | 28 +++++++++------ .../src/main/webapp/META-INF/permissions.xml | 6 ++++ .../src/main/webapp/WEB-INF/cxf-servlet.xml | 2 ++ .../DeviceAccessAuthorizationServiceImpl.java | 1 + .../app/modules/oauth/token-handler-utils.js | 27 ++++++++++----- .../app/modules/oauth/token-handlers.js | 34 +++++++------------ .../jwt/client/extension/JWTClient.java | 5 +++ .../client/extension/util/JWTClientUtil.java | 17 ++++++++-- .../authenticator/BasicAuthAuthenticator.java | 30 +++++++++++++++- .../src/main/resources/jwt.properties | 4 +-- 13 files changed, 114 insertions(+), 46 deletions(-) diff --git a/components/apimgt-extensions/org.wso2.carbon.apimgt.application.extension.api/pom.xml b/components/apimgt-extensions/org.wso2.carbon.apimgt.application.extension.api/pom.xml index 1c1ed1d9656..fa78abe0771 100644 --- a/components/apimgt-extensions/org.wso2.carbon.apimgt.application.extension.api/pom.xml +++ b/components/apimgt-extensions/org.wso2.carbon.apimgt.application.extension.api/pom.xml @@ -78,10 +78,12 @@ org.wso2.carbon org.wso2.carbon.base + provided com.googlecode.json-simple.wso2 json-simple + provided org.wso2.carbon diff --git a/components/apimgt-extensions/org.wso2.carbon.apimgt.application.extension.api/src/main/java/org/wso2/carbon/apimgt/application/extension/api/ApiApplicationRegistrationServiceImpl.java b/components/apimgt-extensions/org.wso2.carbon.apimgt.application.extension.api/src/main/java/org/wso2/carbon/apimgt/application/extension/api/ApiApplicationRegistrationServiceImpl.java index 55b82b8c9cd..ca3c77f093e 100644 --- a/components/apimgt-extensions/org.wso2.carbon.apimgt.application.extension.api/src/main/java/org/wso2/carbon/apimgt/application/extension/api/ApiApplicationRegistrationServiceImpl.java +++ b/components/apimgt-extensions/org.wso2.carbon.apimgt.application.extension.api/src/main/java/org/wso2/carbon/apimgt/application/extension/api/ApiApplicationRegistrationServiceImpl.java @@ -92,7 +92,7 @@ public class ApiApplicationRegistrationServiceImpl implements ApiApplicationRegi if (registrationProfile.getTags() == null || registrationProfile.getTags().length == 0) { return Response.status(Response.Status.NOT_ACCEPTABLE).entity("Tags should not be empty").build(); } - if (APIUtil.getAllowedApisTags().containsAll(Arrays.asList(registrationProfile.getTags()))) { + if (!APIUtil.getAllowedApisTags().containsAll(Arrays.asList(registrationProfile.getTags()))) { return Response.status(Response.Status.NOT_ACCEPTABLE).entity("APIs(Tags) are not allowed to this user." ).build(); } diff --git a/components/apimgt-extensions/org.wso2.carbon.apimgt.application.extension.api/src/main/java/org/wso2/carbon/apimgt/application/extension/api/util/APIUtil.java b/components/apimgt-extensions/org.wso2.carbon.apimgt.application.extension.api/src/main/java/org/wso2/carbon/apimgt/application/extension/api/util/APIUtil.java index 7c74fdf5237..a3830019a5a 100644 --- a/components/apimgt-extensions/org.wso2.carbon.apimgt.application.extension.api/src/main/java/org/wso2/carbon/apimgt/application/extension/api/util/APIUtil.java +++ b/components/apimgt-extensions/org.wso2.carbon.apimgt.application.extension.api/src/main/java/org/wso2/carbon/apimgt/application/extension/api/util/APIUtil.java @@ -92,6 +92,6 @@ public class APIUtil { //Todo get allowed cdmf service tags from config. List allowedApisTags = getDeviceManagementProviderService().getAvailableDeviceTypes(); allowedApisTags.add(DEFAULT_CDMF_API_TAG); - return getAllowedApisTags(); + return allowedApisTags; } } diff --git a/components/device-mgt/org.wso2.carbon.device.mgt.api/src/main/java/org/wso2/carbon/device/mgt/jaxrs/service/impl/admin/DeviceAccessAuthorizationAdminServiceImpl.java b/components/device-mgt/org.wso2.carbon.device.mgt.api/src/main/java/org/wso2/carbon/device/mgt/jaxrs/service/impl/admin/DeviceAccessAuthorizationAdminServiceImpl.java index 6dd10edf14e..fc3fe169baa 100644 --- a/components/device-mgt/org.wso2.carbon.device.mgt.api/src/main/java/org/wso2/carbon/device/mgt/jaxrs/service/impl/admin/DeviceAccessAuthorizationAdminServiceImpl.java +++ b/components/device-mgt/org.wso2.carbon.device.mgt.api/src/main/java/org/wso2/carbon/device/mgt/jaxrs/service/impl/admin/DeviceAccessAuthorizationAdminServiceImpl.java @@ -47,17 +47,25 @@ public class DeviceAccessAuthorizationAdminServiceImpl implements DeviceAccessAu @POST @Override public Response isAuthorized(AuthorizationRequest authorizationRequest) { - try { - int currentTenantId = CarbonContext.getThreadLocalCarbonContext().getTenantId(); - if (MultitenantConstants.SUPER_TENANT_ID != currentTenantId) { - return Response.status(Response.Status.UNAUTHORIZED).entity( - new ErrorResponse.ErrorResponseBuilder().setMessage( - "Current logged in user is not authorized to perform this operation").build()).build(); - } - if (authorizationRequest.getTenantDomain() == null || authorizationRequest.getTenantDomain().isEmpty()) { - authorizationRequest.setTenantDomain( - PrivilegedCarbonContext.getThreadLocalCarbonContext().getTenantDomain()); + int currentTenantId = CarbonContext.getThreadLocalCarbonContext().getTenantId(); + String loggedinUserTenantDomain = CarbonContext.getThreadLocalCarbonContext().getTenantDomain(); + if (authorizationRequest.getTenantDomain() != null) { + if (!loggedinUserTenantDomain.equals(authorizationRequest.getTenantDomain())) { + if (MultitenantConstants.SUPER_TENANT_ID != currentTenantId) { + return Response.status(Response.Status.UNAUTHORIZED).entity( + new ErrorResponse.ErrorResponseBuilder().setMessage( + "Current logged in user is not authorized to perform this operation").build()) + .build(); + } } + } else { + authorizationRequest.setTenantDomain(loggedinUserTenantDomain); + } + if (authorizationRequest.getTenantDomain() == null || authorizationRequest.getTenantDomain().isEmpty()) { + authorizationRequest.setTenantDomain( + PrivilegedCarbonContext.getThreadLocalCarbonContext().getTenantDomain()); + } + try { PrivilegedCarbonContext.startTenantFlow(); PrivilegedCarbonContext.getThreadLocalCarbonContext().setTenantDomain( authorizationRequest.getTenantDomain(), true); diff --git a/components/device-mgt/org.wso2.carbon.device.mgt.api/src/main/webapp/META-INF/permissions.xml b/components/device-mgt/org.wso2.carbon.device.mgt.api/src/main/webapp/META-INF/permissions.xml index 7c77cd9bf44..befabcd0977 100644 --- a/components/device-mgt/org.wso2.carbon.device.mgt.api/src/main/webapp/META-INF/permissions.xml +++ b/components/device-mgt/org.wso2.carbon.device.mgt.api/src/main/webapp/META-INF/permissions.xml @@ -110,6 +110,12 @@ /admin/devices GET + + Verify device authorization + /device-mgt/devices + /admin/authorization + POST + View device types /device-mgt/devices/Admin-DeviceType-View diff --git a/components/device-mgt/org.wso2.carbon.device.mgt.api/src/main/webapp/WEB-INF/cxf-servlet.xml b/components/device-mgt/org.wso2.carbon.device.mgt.api/src/main/webapp/WEB-INF/cxf-servlet.xml index ac127d15006..76503166871 100644 --- a/components/device-mgt/org.wso2.carbon.device.mgt.api/src/main/webapp/WEB-INF/cxf-servlet.xml +++ b/components/device-mgt/org.wso2.carbon.device.mgt.api/src/main/webapp/WEB-INF/cxf-servlet.xml @@ -27,6 +27,7 @@ + @@ -80,6 +81,7 @@ + diff --git a/components/device-mgt/org.wso2.carbon.device.mgt.core/src/main/java/org/wso2/carbon/device/mgt/core/authorization/DeviceAccessAuthorizationServiceImpl.java b/components/device-mgt/org.wso2.carbon.device.mgt.core/src/main/java/org/wso2/carbon/device/mgt/core/authorization/DeviceAccessAuthorizationServiceImpl.java index 22d09b5184f..f5f209d61fb 100644 --- a/components/device-mgt/org.wso2.carbon.device.mgt.core/src/main/java/org/wso2/carbon/device/mgt/core/authorization/DeviceAccessAuthorizationServiceImpl.java +++ b/components/device-mgt/org.wso2.carbon.device.mgt.core/src/main/java/org/wso2/carbon/device/mgt/core/authorization/DeviceAccessAuthorizationServiceImpl.java @@ -129,6 +129,7 @@ public class DeviceAccessAuthorizationServiceImpl implements DeviceAccessAuthori DeviceAuthorizationResult deviceAuthorizationResult = new DeviceAuthorizationResult(); if (isAdmin(username, tenantId)) { deviceAuthorizationResult.setAuthorizedDevices(deviceIdentifiers); + return deviceAuthorizationResult; } for (DeviceIdentifier deviceIdentifier : deviceIdentifiers) { //check for admin and ownership permissions diff --git a/components/device-mgt/org.wso2.carbon.device.mgt.ui/src/main/resources/jaggeryapps/devicemgt/app/modules/oauth/token-handler-utils.js b/components/device-mgt/org.wso2.carbon.device.mgt.ui/src/main/resources/jaggeryapps/devicemgt/app/modules/oauth/token-handler-utils.js index 27fc42bd903..48bde5a3733 100644 --- a/components/device-mgt/org.wso2.carbon.device.mgt.ui/src/main/resources/jaggeryapps/devicemgt/app/modules/oauth/token-handler-utils.js +++ b/components/device-mgt/org.wso2.carbon.device.mgt.ui/src/main/resources/jaggeryapps/devicemgt/app/modules/oauth/token-handler-utils.js @@ -80,14 +80,14 @@ var utils = function () { return dynamicClientAppCredentials; }; - publicMethods["getTenantBasedClientAppCredentials"] = function (username, jwtToken) { - if (!username || !jwtToken) { + publicMethods["getTenantBasedClientAppCredentials"] = function (username) { + if (!username) { log.error("{/app/modules/oauth/token-handler-utils.js} Error in retrieving tenant " + - "based client app credentials. No username or jwt token is found " + - "as input - getTenantBasedClientAppCredentials(x, y)"); + "based client app credentials. No username " + + "as input - getTenantBasedClientAppCredentials(x)"); return null; } else { - //noinspection JSUnresolvedFunction, JSUnresolvedVariable + //noinspection JSUnresolvedFunction, JSUnresolvedVariable var tenantDomain = carbon.server.tenantDomain({username: username}); if (!tenantDomain) { log.error("{/app/modules/oauth/token-handler-utils.js} Error in retrieving tenant " + @@ -100,6 +100,12 @@ var utils = function () { if (cachedTenantBasedClientAppCredentials) { return cachedTenantBasedClientAppCredentials; } else { + var adminUsername = deviceMgtProps["adminUser"]; + //claims required for jwtAuthenticator. + var claims = {"http://wso2.org/claims/enduserTenantId": "-1234", + "http://wso2.org/claims/enduser": adminUsername}; + var jwtToken = publicMethods.getJwtToken(adminUsername, claims); + // register a tenant based client app at API Manager var applicationName = "webapp_" + tenantDomain; var requestURL = deviceMgtProps["oauthProvider"]["appRegistration"] @@ -109,7 +115,7 @@ var utils = function () { var xhr = new XMLHttpRequest(); xhr.open("POST", requestURL, false); xhr.setRequestHeader("Content-Type", "application/json"); - xhr.setRequestHeader("Authorization", "X-JWT-Assertion " + jwtToken); + xhr.setRequestHeader("X-JWT-Assertion", "" + jwtToken); xhr.send(); if (xhr["status"] == 201 && xhr["responseText"]) { @@ -291,7 +297,7 @@ var utils = function () { } }; - publicMethods["getJwtToken"] = function (username) { + publicMethods["getJwtToken"] = function (username, claims) { if (!username) { log.error("{/app/modules/oauth/token-handler-utils.js} Error in retrieving new jwt token"); return null; @@ -303,7 +309,12 @@ var utils = function () { //noinspection JSUnresolvedFunction var jwtClient = JWTClientManagerService.getJWTClient(); // returning access token by JWT grant type - return jwtClient.getJwtToken(username); + if (claims) { + return jwtClient.getJwtToken(username, claims); + } else { + return jwtClient.getJwtToken(username); + } + } }; diff --git a/components/device-mgt/org.wso2.carbon.device.mgt.ui/src/main/resources/jaggeryapps/devicemgt/app/modules/oauth/token-handlers.js b/components/device-mgt/org.wso2.carbon.device.mgt.ui/src/main/resources/jaggeryapps/devicemgt/app/modules/oauth/token-handlers.js index a9cb2b870cf..d5154711980 100644 --- a/components/device-mgt/org.wso2.carbon.device.mgt.ui/src/main/resources/jaggeryapps/devicemgt/app/modules/oauth/token-handlers.js +++ b/components/device-mgt/org.wso2.carbon.device.mgt.ui/src/main/resources/jaggeryapps/devicemgt/app/modules/oauth/token-handlers.js @@ -137,27 +137,19 @@ var handlers = function () { "input - setUpEncodedTenantBasedClientAppCredentials(x)"); } else { if (devicemgtProps["apimgt-gateway"]) { - var jwtToken = tokenUtil.getJwtToken(username); - if (!jwtToken) { - throw new Error("{/app/modules/oauth/token-handlers.js} Could not set up encoded tenant based " + - "client credentials to session context as the server is unable to obtain " + - "a jwt token - setUpEncodedTenantBasedClientAppCredentials(x)"); - } else { - var tenantBasedClientAppCredentials = tokenUtil. - getTenantBasedClientAppCredentials(username, jwtToken); - if (!tenantBasedClientAppCredentials) { - throw new Error("{/app/modules/oauth/token-handlers.js} Could not set up encoded tenant " + - "based client credentials to session context as the server is unable " + - "to obtain such credentials - setUpEncodedTenantBasedClientAppCredentials(x)"); - } else { - var encodedTenantBasedClientAppCredentials = - tokenUtil.encode(tenantBasedClientAppCredentials["clientId"] + ":" + - tenantBasedClientAppCredentials["clientSecret"]); - // setting up encoded tenant based client credentials to session context. - session.put(constants["ENCODED_TENANT_BASED_CLIENT_APP_CREDENTIALS"], - encodedTenantBasedClientAppCredentials); - } - } + var tenantBasedClientAppCredentials = tokenUtil.getTenantBasedClientAppCredentials(username); + if (!tenantBasedClientAppCredentials) { + throw new Error("{/app/modules/oauth/token-handlers.js} Could not set up encoded tenant " + + "based client credentials to session context as the server is unable " + + "to obtain such credentials - setUpEncodedTenantBasedClientAppCredentials(x)"); + } else { + var encodedTenantBasedClientAppCredentials = + tokenUtil.encode(tenantBasedClientAppCredentials["clientId"] + ":" + + tenantBasedClientAppCredentials["clientSecret"]); + // setting up encoded tenant based client credentials to session context. + session.put(constants["ENCODED_TENANT_BASED_CLIENT_APP_CREDENTIALS"], + encodedTenantBasedClientAppCredentials); + } } else { var dynamicClientAppCredentials = tokenUtil.getDynamicClientAppCredentials(); if (!dynamicClientAppCredentials) { diff --git a/components/identity-extensions/org.wso2.carbon.identity.jwt.client.extension/src/main/java/org/wso2/carbon/identity/jwt/client/extension/JWTClient.java b/components/identity-extensions/org.wso2.carbon.identity.jwt.client.extension/src/main/java/org/wso2/carbon/identity/jwt/client/extension/JWTClient.java index 93a576f77e2..ad7d5470901 100644 --- a/components/identity-extensions/org.wso2.carbon.identity.jwt.client.extension/src/main/java/org/wso2/carbon/identity/jwt/client/extension/JWTClient.java +++ b/components/identity-extensions/org.wso2.carbon.identity.jwt.client.extension/src/main/java/org/wso2/carbon/identity/jwt/client/extension/JWTClient.java @@ -43,6 +43,7 @@ import java.security.KeyManagementException; import java.security.KeyStoreException; import java.security.NoSuchAlgorithmException; import java.util.ArrayList; +import java.util.HashMap; import java.util.List; import java.util.Map; @@ -164,6 +165,10 @@ public class JWTClient { return JWTClientUtil.generateSignedJWTAssertion(username, jwtConfig, isDefaultJWTClient); } + public String getJwtToken(String username, Map claims) throws JWTClientException { + return JWTClientUtil.generateSignedJWTAssertion(username, jwtConfig, isDefaultJWTClient, claims); + } + } diff --git a/components/identity-extensions/org.wso2.carbon.identity.jwt.client.extension/src/main/java/org/wso2/carbon/identity/jwt/client/extension/util/JWTClientUtil.java b/components/identity-extensions/org.wso2.carbon.identity.jwt.client.extension/src/main/java/org/wso2/carbon/identity/jwt/client/extension/util/JWTClientUtil.java index 4f62dd6a628..20ff82c5313 100644 --- a/components/identity-extensions/org.wso2.carbon.identity.jwt.client.extension/src/main/java/org/wso2/carbon/identity/jwt/client/extension/util/JWTClientUtil.java +++ b/components/identity-extensions/org.wso2.carbon.identity.jwt.client.extension/src/main/java/org/wso2/carbon/identity/jwt/client/extension/util/JWTClientUtil.java @@ -33,6 +33,7 @@ import org.apache.http.conn.ssl.SSLContextBuilder; import org.apache.http.conn.ssl.TrustSelfSignedStrategy; import org.apache.http.impl.client.HttpClients; import org.apache.http.util.EntityUtils; +import org.apache.solr.common.util.Hash; import org.wso2.carbon.base.MultitenantConstants; import org.wso2.carbon.context.PrivilegedCarbonContext; import org.wso2.carbon.core.util.KeyStoreManager; @@ -55,7 +56,9 @@ import java.security.*; import java.security.cert.CertificateException; import java.security.interfaces.RSAPrivateKey; import java.util.Date; +import java.util.HashMap; import java.util.List; +import java.util.Map; import java.util.Properties; /** @@ -193,8 +196,13 @@ public class JWTClientUtil { tenantRegistryLoader.loadTenantRegistry(tenantId); } - public static String generateSignedJWTAssertion(String username, JWTConfig jwtConfig, boolean isDefaultJWTClient) - throws JWTClientException { + public static String generateSignedJWTAssertion(String username, JWTConfig jwtConfig, boolean isDefaultJWTClient) + throws JWTClientException { + return generateSignedJWTAssertion(username, jwtConfig, isDefaultJWTClient, null); + } + + public static String generateSignedJWTAssertion(String username, JWTConfig jwtConfig, boolean isDefaultJWTClient, + Map customClaims) throws JWTClientException { try { String subject = username; long currentTimeMillis = System.currentTimeMillis(); @@ -222,6 +230,11 @@ public class JWTClientUtil { claimsSet.setNotBeforeTime(new Date(nbf)); claimsSet.setJWTID(jti); claimsSet.setAudience(aud); + if (customClaims != null && !customClaims.isEmpty()) { + for (String key : customClaims.keySet()) { + claimsSet.setClaim(key, customClaims.get(key)); + } + } // get Keystore params String keyStorePath = jwtConfig.getKeyStorePath(); diff --git a/components/webapp-authenticator-framework/org.wso2.carbon.webapp.authenticator.framework/src/main/java/org/wso2/carbon/webapp/authenticator/framework/authenticator/BasicAuthAuthenticator.java b/components/webapp-authenticator-framework/org.wso2.carbon.webapp.authenticator.framework/src/main/java/org/wso2/carbon/webapp/authenticator/framework/authenticator/BasicAuthAuthenticator.java index 7b752ce77a0..908613cf359 100644 --- a/components/webapp-authenticator-framework/org.wso2.carbon.webapp.authenticator.framework/src/main/java/org/wso2/carbon/webapp/authenticator/framework/authenticator/BasicAuthAuthenticator.java +++ b/components/webapp-authenticator-framework/org.wso2.carbon.webapp.authenticator.framework/src/main/java/org/wso2/carbon/webapp/authenticator/framework/authenticator/BasicAuthAuthenticator.java @@ -21,17 +21,25 @@ package org.wso2.carbon.webapp.authenticator.framework.authenticator; import org.apache.catalina.connector.Request; import org.apache.catalina.connector.Response; import org.apache.catalina.util.Base64; +import org.apache.commons.logging.Log; +import org.apache.commons.logging.LogFactory; import org.apache.tomcat.util.buf.ByteChunk; import org.apache.tomcat.util.buf.CharChunk; import org.apache.tomcat.util.buf.MessageBytes; +import org.wso2.carbon.user.api.UserStoreException; +import org.wso2.carbon.user.api.UserStoreManager; +import org.wso2.carbon.webapp.authenticator.framework.AuthenticationException; +import org.wso2.carbon.webapp.authenticator.framework.AuthenticatorFrameworkDataHolder; import org.wso2.carbon.webapp.authenticator.framework.Constants; import org.wso2.carbon.webapp.authenticator.framework.AuthenticationInfo; +import org.wso2.carbon.webapp.authenticator.framework.Utils.Utils; import java.util.Properties; public class BasicAuthAuthenticator implements WebappAuthenticator { private static final String BASIC_AUTH_AUTHENTICATOR = "BasicAuth"; + private static final Log log = LogFactory.getLog(BasicAuthAuthenticator.class); @Override public void init() { @@ -54,7 +62,27 @@ public class BasicAuthAuthenticator implements WebappAuthenticator { @Override public AuthenticationInfo authenticate(Request request, Response response) { - return new AuthenticationInfo(); + AuthenticationInfo authenticationInfo = new AuthenticationInfo(); + Credentials credentials = getCredentials(request); + try { + int tenantId = Utils.getTenantIdOFUser(credentials.getUsername()); + UserStoreManager userStore = AuthenticatorFrameworkDataHolder.getInstance().getRealmService(). + getTenantUserRealm(tenantId).getUserStoreManager(); + boolean authenticated = userStore.authenticate(credentials.getUsername(), credentials.getPassword()); + if (authenticated) { + authenticationInfo.setStatus(Status.CONTINUE); + authenticationInfo.setUsername(credentials.getUsername()); + authenticationInfo.setTenantDomain(Utils.getTenantDomain(tenantId)); + authenticationInfo.setTenantId(tenantId); + } else { + authenticationInfo.setStatus(Status.FAILURE); + } + } catch (UserStoreException e) { + log.error("Error occurred while authenticating the user." + credentials.getUsername(), e); + } catch (AuthenticationException e) { + log.error("Error occurred while obtaining the tenant Id for user." + credentials.getUsername(), e); + } + return authenticationInfo; } @Override diff --git a/features/jwt-client/org.wso2.carbon.identity.jwt.client.extension.feature/src/main/resources/jwt.properties b/features/jwt-client/org.wso2.carbon.identity.jwt.client.extension.feature/src/main/resources/jwt.properties index 2b22f91475b..9e4021a9138 100644 --- a/features/jwt-client/org.wso2.carbon.identity.jwt.client.extension.feature/src/main/resources/jwt.properties +++ b/features/jwt-client/org.wso2.carbon.identity.jwt.client.extension.feature/src/main/resources/jwt.properties @@ -17,13 +17,13 @@ # #issuer of the JWT -iss=CDMF_DEFAULT_IDP +iss=iot_default TokenEndpoint=https://localhost:${carbon.https.port}/oauth2/token #audience of JWT claim #comma seperated values -aud=JwtIdentityAudience +aud=wso2.org/products/iot #expiration time of JWT (number of minutes from the current time) exp=1000 From e3849ef21e4bf5c3ba9f5b25e1412ecdb56877da Mon Sep 17 00:00:00 2001 From: ayyoob Date: Mon, 21 Nov 2016 20:49:27 +0530 Subject: [PATCH 7/9] removed feature lifecycle implementation --- .../pom.xml | 8 +- ...DeviceAccessAuthorizationAdminService.java | 4 - .../pom.xml | 73 +--- .../feature/mgt/GenericFeatureManager.java | 77 ----- .../feature/mgt/annotations/DeviceType.java | 29 -- .../feature/mgt/annotations/Feature.java | 35 -- .../FeatureManagementLifecycleListener.java | 90 ----- .../feature/mgt/util/AnnotationProcessor.java | 314 ------------------ .../mgt/util/ExtendedAnnotationDB.java | 92 ----- .../ExtendedFileProtocolIteratorFactory.java | 34 -- .../mgt/util/ExtendedIteratorFactory.java | 54 --- pom.xml | 1 + 12 files changed, 11 insertions(+), 800 deletions(-) delete mode 100644 components/device-mgt/org.wso2.carbon.device.mgt.extensions/src/main/java/org/wso2/carbon/device/mgt/extensions/feature/mgt/GenericFeatureManager.java delete mode 100644 components/device-mgt/org.wso2.carbon.device.mgt.extensions/src/main/java/org/wso2/carbon/device/mgt/extensions/feature/mgt/annotations/DeviceType.java delete mode 100644 components/device-mgt/org.wso2.carbon.device.mgt.extensions/src/main/java/org/wso2/carbon/device/mgt/extensions/feature/mgt/annotations/Feature.java delete mode 100644 components/device-mgt/org.wso2.carbon.device.mgt.extensions/src/main/java/org/wso2/carbon/device/mgt/extensions/feature/mgt/lifecycle/listener/FeatureManagementLifecycleListener.java delete mode 100644 components/device-mgt/org.wso2.carbon.device.mgt.extensions/src/main/java/org/wso2/carbon/device/mgt/extensions/feature/mgt/util/AnnotationProcessor.java delete mode 100644 components/device-mgt/org.wso2.carbon.device.mgt.extensions/src/main/java/org/wso2/carbon/device/mgt/extensions/feature/mgt/util/ExtendedAnnotationDB.java delete mode 100644 components/device-mgt/org.wso2.carbon.device.mgt.extensions/src/main/java/org/wso2/carbon/device/mgt/extensions/feature/mgt/util/ExtendedFileProtocolIteratorFactory.java delete mode 100644 components/device-mgt/org.wso2.carbon.device.mgt.extensions/src/main/java/org/wso2/carbon/device/mgt/extensions/feature/mgt/util/ExtendedIteratorFactory.java diff --git a/components/device-mgt-extensions/org.wso2.carbon.device.mgt.extensions.device.type.deployer/pom.xml b/components/device-mgt-extensions/org.wso2.carbon.device.mgt.extensions.device.type.deployer/pom.xml index bbcbae134ac..9c830e083cf 100644 --- a/components/device-mgt-extensions/org.wso2.carbon.device.mgt.extensions.device.type.deployer/pom.xml +++ b/components/device-mgt-extensions/org.wso2.carbon.device.mgt.extensions.device.type.deployer/pom.xml @@ -34,6 +34,10 @@ http://wso2.org + + commons-lang.wso2 + commons-lang + org.apache.axis2.wso2 axis2 @@ -81,7 +85,7 @@ ${carbon.device.mgt.version} Device Type Deployer Bundle - !org.wso2.carbon.device.mgt.extensions.push.notification.provider.internal, + !org.wso2.carbon.device.mgt.extensions.device.type.deployer.internal, org.wso2.carbon.device.mgt.extensions.device.type.deployer.* @@ -92,7 +96,7 @@ javax.xml.parsers; version="${javax.xml.parsers.import.pkg.version}", org.apache.axis2.context, org.apache.axis2.deployment.*, - org.apache.commons.lang, + org.apache.commons.lang;version="${commons-lang.wso2.osgi.version.range}", org.apache.commons.logging, org.osgi.framework, org.osgi.service.component, diff --git a/components/device-mgt/org.wso2.carbon.device.mgt.api/src/main/java/org/wso2/carbon/device/mgt/jaxrs/service/api/admin/DeviceAccessAuthorizationAdminService.java b/components/device-mgt/org.wso2.carbon.device.mgt.api/src/main/java/org/wso2/carbon/device/mgt/jaxrs/service/api/admin/DeviceAccessAuthorizationAdminService.java index a0c3c23b2f0..3ee519e356d 100644 --- a/components/device-mgt/org.wso2.carbon.device.mgt.api/src/main/java/org/wso2/carbon/device/mgt/jaxrs/service/api/admin/DeviceAccessAuthorizationAdminService.java +++ b/components/device-mgt/org.wso2.carbon.device.mgt.api/src/main/java/org/wso2/carbon/device/mgt/jaxrs/service/api/admin/DeviceAccessAuthorizationAdminService.java @@ -22,7 +22,6 @@ import io.swagger.annotations.Api; import io.swagger.annotations.ApiOperation; import io.swagger.annotations.ApiResponse; import io.swagger.annotations.ApiResponses; -import org.wso2.carbon.apimgt.annotations.api.API; import org.wso2.carbon.apimgt.annotations.api.Permission; import org.wso2.carbon.device.mgt.common.authorization.DeviceAuthorizationResult; import org.wso2.carbon.device.mgt.jaxrs.beans.AuthorizationRequest; @@ -35,8 +34,6 @@ import javax.ws.rs.Produces; import javax.ws.rs.core.MediaType; import javax.ws.rs.core.Response; -@API(name = "DeviceAuthorizationAdmin", version = "1.0.0", context = "/api/device-mgt/v1.0/admin/authorization", - tags = {"device_management"}) @Path("/admin/authorization") @Api(value = "Device Authorization Administrative Service", description = "This an API intended to be used by " + "'internal' components to log in as an admin user and validate whether the user/device are trusted entity." + @@ -78,6 +75,5 @@ public interface DeviceAccessAuthorizationAdminService { " for a specified set of devices.", response = ErrorResponse.class) }) - @Permission(name = "Check the access authorization of the device", permission = "/device-mgt/device/authorize") Response isAuthorized(AuthorizationRequest authorizationRequest); } diff --git a/components/device-mgt/org.wso2.carbon.device.mgt.extensions/pom.xml b/components/device-mgt/org.wso2.carbon.device.mgt.extensions/pom.xml index 639285bc712..b45913a1058 100644 --- a/components/device-mgt/org.wso2.carbon.device.mgt.extensions/pom.xml +++ b/components/device-mgt/org.wso2.carbon.device.mgt.extensions/pom.xml @@ -62,63 +62,6 @@ org.wso2.carbon org.wso2.carbon.utils - - org.wso2.orbit.org.scannotation - scannotation - - - org.eclipse.osgi - org.eclipse.osgi - - - org.eclipse.osgi - org.eclipse.osgi.services - - - org.wso2.tomcat - tomcat - - - org.wso2.tomcat - tomcat-servlet-api - - - javax.ws.rs - jsr311-api - - - org.apache.axis2.wso2 - axis2 - - - commons-lang.wso2 - commons-lang - - - org.eclipse.paho - org.eclipse.paho.client.mqttv3 - provided - - - com.google.code.gson - gson - - - org.json.wso2 - json - - - org.wso2.carbon.analytics-common - org.wso2.carbon.event.output.adapter.core - - - org.wso2.carbon.apimgt - org.wso2.carbon.apimgt.api - - - org.wso2.carbon.apimgt - org.wso2.carbon.apimgt.impl - @@ -147,18 +90,10 @@ org.wso2.carbon.registry.core, org.wso2.carbon.registry.core.exceptions, org.wso2.carbon.registry.core.session, - javax.xml.bind, - org.wso2.carbon.utils, - org.apache.commons.logging, - org.apache.catalina, - org.apache.catalina.core, - javax.servlet;resolution:=optional, - javax.xml.*;resolution:=optional, - org.apache.commons.lang, - javax.ws.rs;version="0.0.0";resolution:=optional, - org.scannotation, - org.scannotation.archiveiterator, - org.wso2.carbon.base + org.wso2.carbon.base, + javax.xml.bind, + org.apache.commons.logging, + org.wso2.carbon.utils diff --git a/components/device-mgt/org.wso2.carbon.device.mgt.extensions/src/main/java/org/wso2/carbon/device/mgt/extensions/feature/mgt/GenericFeatureManager.java b/components/device-mgt/org.wso2.carbon.device.mgt.extensions/src/main/java/org/wso2/carbon/device/mgt/extensions/feature/mgt/GenericFeatureManager.java deleted file mode 100644 index 2f498ba5895..00000000000 --- a/components/device-mgt/org.wso2.carbon.device.mgt.extensions/src/main/java/org/wso2/carbon/device/mgt/extensions/feature/mgt/GenericFeatureManager.java +++ /dev/null @@ -1,77 +0,0 @@ -/* - * Copyright (c) 2016, WSO2 Inc. (http://www.wso2.org) All Rights Reserved. - * - * WSO2 Inc. licenses this file to you under the Apache License, - * Version 2.0 (the "License"); you may not use this file except - * in compliance with the License. - * You may obtain a copy of the License at - * - * http://www.apache.org/licenses/LICENSE-2.0 - * - * Unless required by applicable law or agreed to in writing, - * software distributed under the License is distributed on an - * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY - * KIND, either express or implied. See the License for the - * specific language governing permissions and limitations - * under the License. - */ -package org.wso2.carbon.device.mgt.extensions.feature.mgt; - -import org.apache.commons.logging.Log; -import org.apache.commons.logging.LogFactory; -import org.wso2.carbon.device.mgt.common.DeviceManagementException; -import org.wso2.carbon.device.mgt.common.DeviceTypeIdentifier; -import org.wso2.carbon.device.mgt.common.Feature; - -import java.util.HashMap; -import java.util.List; -import java.util.Map; - -/** - * This stores the features for device types that are mentioned through the annotations. - */ -public class GenericFeatureManager { - - private static final Log log = LogFactory.getLog(GenericFeatureManager.class); - private static Map> featureSet = new HashMap<>(); - private static GenericFeatureManager instance = new GenericFeatureManager(); - - private GenericFeatureManager() { - } - - public static GenericFeatureManager getInstance() { - return instance; - } - - /** - * @param deviceTypeFeatures feature list for each device type. - */ - public void addFeatures(Map> deviceTypeFeatures) { - this.featureSet.putAll(deviceTypeFeatures); - } - - /** - * @param deviceType - * @param featureName - * @return the extracted feature for the which matches the feature name and device type. - */ - public Feature getFeature(DeviceTypeIdentifier deviceType, String featureName) { - Feature extractedFeature = null; - List deviceFeatureList = featureSet.get(deviceType); - for (Feature feature : deviceFeatureList) { - if (feature.getName().equalsIgnoreCase(featureName)) { - extractedFeature = feature; - } - } - return extractedFeature; - } - - /** - * @param deviceType returns the features for the device type. - * @return - */ - public List getFeatures(DeviceTypeIdentifier deviceType) { - return featureSet.get(deviceType); - } - -} \ No newline at end of file diff --git a/components/device-mgt/org.wso2.carbon.device.mgt.extensions/src/main/java/org/wso2/carbon/device/mgt/extensions/feature/mgt/annotations/DeviceType.java b/components/device-mgt/org.wso2.carbon.device.mgt.extensions/src/main/java/org/wso2/carbon/device/mgt/extensions/feature/mgt/annotations/DeviceType.java deleted file mode 100644 index 7c7d6358897..00000000000 --- a/components/device-mgt/org.wso2.carbon.device.mgt.extensions/src/main/java/org/wso2/carbon/device/mgt/extensions/feature/mgt/annotations/DeviceType.java +++ /dev/null @@ -1,29 +0,0 @@ -/* - * Copyright (c) 2016, WSO2 Inc. (http://www.wso2.org) All Rights Reserved. - * - * WSO2 Inc. licenses this file to you under the Apache License, - * Version 2.0 (the "License"); you may not use this file except - * in compliance with the License. - * You may obtain a copy of the License at - * - * http://www.apache.org/licenses/LICENSE-2.0 - * - * Unless required by applicable law or agreed to in writing, - * software distributed under the License is distributed on an - * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY - * KIND, either express or implied. See the License for the - * specific language governing permissions and limitations - * under the License. - */ -package org.wso2.carbon.device.mgt.extensions.feature.mgt.annotations; - -import java.lang.annotation.ElementType; -import java.lang.annotation.Retention; -import java.lang.annotation.RetentionPolicy; -import java.lang.annotation.Target; - -@Target(ElementType.TYPE) -@Retention(RetentionPolicy.RUNTIME) -public @interface DeviceType { - String value(); -} diff --git a/components/device-mgt/org.wso2.carbon.device.mgt.extensions/src/main/java/org/wso2/carbon/device/mgt/extensions/feature/mgt/annotations/Feature.java b/components/device-mgt/org.wso2.carbon.device.mgt.extensions/src/main/java/org/wso2/carbon/device/mgt/extensions/feature/mgt/annotations/Feature.java deleted file mode 100644 index 02c9ba96e15..00000000000 --- a/components/device-mgt/org.wso2.carbon.device.mgt.extensions/src/main/java/org/wso2/carbon/device/mgt/extensions/feature/mgt/annotations/Feature.java +++ /dev/null @@ -1,35 +0,0 @@ -/* - * Copyright (c) 2016, WSO2 Inc. (http://www.wso2.org) All Rights Reserved. - * - * WSO2 Inc. licenses this file to you under the Apache License, - * Version 2.0 (the "License"); you may not use this file except - * in compliance with the License. - * You may obtain a copy of the License at - * - * http://www.apache.org/licenses/LICENSE-2.0 - * - * Unless required by applicable law or agreed to in writing, - * software distributed under the License is distributed on an - * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY - * KIND, either express or implied. See the License for the - * specific language governing permissions and limitations - * under the License. - */ -package org.wso2.carbon.device.mgt.extensions.feature.mgt.annotations; - -import java.lang.annotation.ElementType; -import java.lang.annotation.Retention; -import java.lang.annotation.RetentionPolicy; -import java.lang.annotation.Target; - -@Target(ElementType.METHOD) -@Retention(RetentionPolicy.RUNTIME) -public @interface Feature { - - String code(); - - String name(); - - String description(); - -} diff --git a/components/device-mgt/org.wso2.carbon.device.mgt.extensions/src/main/java/org/wso2/carbon/device/mgt/extensions/feature/mgt/lifecycle/listener/FeatureManagementLifecycleListener.java b/components/device-mgt/org.wso2.carbon.device.mgt.extensions/src/main/java/org/wso2/carbon/device/mgt/extensions/feature/mgt/lifecycle/listener/FeatureManagementLifecycleListener.java deleted file mode 100644 index a0ecf87f6dd..00000000000 --- a/components/device-mgt/org.wso2.carbon.device.mgt.extensions/src/main/java/org/wso2/carbon/device/mgt/extensions/feature/mgt/lifecycle/listener/FeatureManagementLifecycleListener.java +++ /dev/null @@ -1,90 +0,0 @@ -/* - * Copyright (c) 2016, WSO2 Inc. (http://www.wso2.org) All Rights Reserved. - * - * WSO2 Inc. licenses this file to you under the Apache License, - * Version 2.0 (the "License"); you may not use this file except - * in compliance with the License. - * You may obtain a copy of the License at - * - * http://www.apache.org/licenses/LICENSE-2.0 - * - * Unless required by applicable law or agreed to in writing, - * software distributed under the License is distributed on an - * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY - * KIND, either express or implied. See the License for the - * specific language governing permissions and limitations - * under the License. - */ -package org.wso2.carbon.device.mgt.extensions.feature.mgt.lifecycle.listener; - -import org.apache.catalina.Lifecycle; -import org.apache.catalina.LifecycleEvent; -import org.apache.catalina.LifecycleListener; -import org.apache.catalina.core.StandardContext; -import org.apache.commons.logging.Log; -import org.apache.commons.logging.LogFactory; -import org.wso2.carbon.base.MultitenantConstants; -import org.wso2.carbon.context.PrivilegedCarbonContext; -import org.wso2.carbon.device.mgt.common.DeviceTypeIdentifier; -import org.wso2.carbon.device.mgt.common.Feature; -import org.wso2.carbon.device.mgt.extensions.feature.mgt.GenericFeatureManager; -import org.wso2.carbon.device.mgt.extensions.feature.mgt.annotations.DeviceType; -import org.wso2.carbon.device.mgt.extensions.feature.mgt.util.AnnotationProcessor; - -import javax.servlet.ServletContext; -import java.io.IOException; -import java.util.List; -import java.util.Map; -import java.util.Set; - -@SuppressWarnings("unused") -public class FeatureManagementLifecycleListener implements LifecycleListener { - - private static final String API_CONFIG_DEFAULT_VERSION = "1.0.0"; - - private static final String PARAM_MANAGED_API_ENABLED = "managed-api-enabled"; - private static final String PARAM_SHARED_WITH_ALL_TENANTS = "isSharedWithAllTenants"; - private static final String PARAM_PROVIDER_TENANT_DOMAIN = "providerTenantDomain"; - - private static final Log log = LogFactory.getLog(FeatureManagementLifecycleListener.class); - - @Override - public void lifecycleEvent(LifecycleEvent lifecycleEvent) { - if (Lifecycle.AFTER_START_EVENT.equals(lifecycleEvent.getType())) { - StandardContext context = (StandardContext) lifecycleEvent.getLifecycle(); - ServletContext servletContext = context.getServletContext(); - String param = servletContext.getInitParameter(PARAM_MANAGED_API_ENABLED); - boolean isManagedApi = (param != null && !param.isEmpty()) && Boolean.parseBoolean(param); - if (isManagedApi) { - try { - AnnotationProcessor annotationProcessor = new AnnotationProcessor(context); - Set annotatedAPIClasses = annotationProcessor.scanStandardContext(DeviceType.class.getName()); - String tenantDomain = servletContext.getInitParameter(PARAM_PROVIDER_TENANT_DOMAIN); - tenantDomain = (tenantDomain != null && !tenantDomain.isEmpty()) ? tenantDomain : - MultitenantConstants.SUPER_TENANT_DOMAIN_NAME; - try { - PrivilegedCarbonContext.startTenantFlow(); - PrivilegedCarbonContext.getThreadLocalCarbonContext().setTenantDomain(tenantDomain, true); - int tenantId = PrivilegedCarbonContext.getThreadLocalCarbonContext().getTenantId(); - - String sharingValueParam = servletContext.getInitParameter(PARAM_SHARED_WITH_ALL_TENANTS); - boolean isSharedWithAllTenants = Boolean.parseBoolean(sharingValueParam); - - Map> features = annotationProcessor.extractFeatures( - annotatedAPIClasses, tenantId, isSharedWithAllTenants); - if (features != null && !features.isEmpty()) { - GenericFeatureManager.getInstance().addFeatures(features); - } - } finally { - PrivilegedCarbonContext.endTenantFlow(); - } - } catch (IOException e) { - log.error("Error enconterd while discovering annotated classes.", e); - } catch (ClassNotFoundException e) { - log.error("Error while scanning class for annotations.", e); - } - } - } - } - -} diff --git a/components/device-mgt/org.wso2.carbon.device.mgt.extensions/src/main/java/org/wso2/carbon/device/mgt/extensions/feature/mgt/util/AnnotationProcessor.java b/components/device-mgt/org.wso2.carbon.device.mgt.extensions/src/main/java/org/wso2/carbon/device/mgt/extensions/feature/mgt/util/AnnotationProcessor.java deleted file mode 100644 index b766103671d..00000000000 --- a/components/device-mgt/org.wso2.carbon.device.mgt.extensions/src/main/java/org/wso2/carbon/device/mgt/extensions/feature/mgt/util/AnnotationProcessor.java +++ /dev/null @@ -1,314 +0,0 @@ -/* - * Copyright (c) 2016, WSO2 Inc. (http://www.wso2.org) All Rights Reserved. - * - * WSO2 Inc. licenses this file to you under the Apache License, - * Version 2.0 (the "License"); you may not use this file except - * in compliance with the License. - * You may obtain a copy of the License at - * - * http://www.apache.org/licenses/LICENSE-2.0 - * - * Unless required by applicable law or agreed to in writing, - * software distributed under the License is distributed on an - * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY - * KIND, either express or implied. See the License for the - * specific language governing permissions and limitations - * under the License. - */ - -package org.wso2.carbon.device.mgt.extensions.feature.mgt.util; - -import org.apache.catalina.core.StandardContext; -import org.apache.commons.lang.ArrayUtils; -import org.apache.commons.logging.Log; -import org.apache.commons.logging.LogFactory; -import org.scannotation.AnnotationDB; -import org.scannotation.WarUrlFinder; -import org.wso2.carbon.device.mgt.common.DeviceTypeIdentifier; -import org.wso2.carbon.device.mgt.common.Feature; -import org.wso2.carbon.device.mgt.extensions.feature.mgt.annotations.DeviceType; - -import javax.servlet.ServletContext; -import javax.ws.rs.DELETE; -import javax.ws.rs.FormParam; -import javax.ws.rs.GET; -import javax.ws.rs.HttpMethod; -import javax.ws.rs.OPTIONS; -import javax.ws.rs.POST; -import javax.ws.rs.PUT; -import javax.ws.rs.Path; -import javax.ws.rs.PathParam; -import javax.ws.rs.QueryParam; -import java.io.File; -import java.io.IOException; -import java.lang.annotation.Annotation; -import java.lang.reflect.InvocationHandler; -import java.lang.reflect.Method; -import java.lang.reflect.Proxy; -import java.net.MalformedURLException; -import java.net.URI; -import java.net.URL; -import java.security.AccessController; -import java.security.PrivilegedAction; -import java.util.ArrayList; -import java.util.HashMap; -import java.util.List; -import java.util.Map; -import java.util.Set; - -/** - * This has the utility function to extract feature information. - */ -public class AnnotationProcessor { - - private static final Log log = LogFactory.getLog(AnnotationProcessor.class); - - private static final String PACKAGE_ORG_APACHE = "org.apache"; - private static final String PACKAGE_ORG_CODEHAUS = "org.codehaus"; - private static final String PACKAGE_ORG_SPRINGFRAMEWORK = "org.springframework"; - private static final String STRING_ARR = "string_arr"; - private static final String STRING = "string"; - private static final String METHOD = "method"; - private Class - featureAnnotationClazz; - private ClassLoader classLoader; - private ServletContext servletContext; - - - public AnnotationProcessor(final StandardContext context) { - servletContext = context.getServletContext(); - classLoader = servletContext.getClassLoader(); - } - - /** - * Scan the context for classes with annotations - */ - public Set scanStandardContext(String className) throws IOException { - ExtendedAnnotationDB db = new ExtendedAnnotationDB(); - db.addIgnoredPackages(PACKAGE_ORG_APACHE); - db.addIgnoredPackages(PACKAGE_ORG_CODEHAUS); - db.addIgnoredPackages(PACKAGE_ORG_SPRINGFRAMEWORK); - - URL classPath = findWebInfClassesPath(servletContext); - db.scanArchives(classPath); - - //Returns a list of classes with given Annotation - return db.getAnnotationIndex().get(className); - } - - /** - * Method identifies the URL templates and context by reading the annotations of a class - */ - public Map> extractFeatures(Set entityClasses, final int tenantId, - final boolean isSharedWithAllTenants) - throws ClassNotFoundException { - Map> features = null; - if (entityClasses != null && !entityClasses.isEmpty()) { - features = new HashMap<>(); - for (final String className : entityClasses) { - final Map> featureMap = - AccessController.doPrivileged(new PrivilegedAction>>() { - public Map> run() { - Map> featureMap = new HashMap<>(); - try { - Class clazz = classLoader.loadClass(className); - Class deviceTypeClazz = (Class) classLoader.loadClass( - DeviceType.class.getName()); - Annotation deviceTypeAnno = clazz.getAnnotation(deviceTypeClazz); - if (deviceTypeAnno != null) { - Method[] deviceTypeMethod = deviceTypeClazz.getMethods(); - String deviceType = invokeMethod(deviceTypeMethod[0], deviceTypeAnno, STRING); - featureAnnotationClazz = - (Class) classLoader.loadClass( - org.wso2.carbon.device.mgt.extensions.feature.mgt - .annotations.Feature.class.getName()); - List featureList = getFeatures(clazz.getDeclaredMethods()); - DeviceTypeIdentifier deviceTypeIdentifier; - if (isSharedWithAllTenants) { - deviceTypeIdentifier = new DeviceTypeIdentifier(deviceType); - } else { - deviceTypeIdentifier = new DeviceTypeIdentifier(deviceType, tenantId); - } - featureMap.put(deviceTypeIdentifier, featureList); - } - } catch (Throwable e) { - log.error("Failed to load the annotation from the features in the " + - "class " + className, e); - } - return featureMap; - } - }); - - features.putAll(featureMap); - } - } - return features; - } - - private List getFeatures(Method[] methodsList) throws Throwable { - List featureList = new ArrayList<>(); - for (Method currentMethod : methodsList) { - Annotation featureAnnotation = currentMethod.getAnnotation(featureAnnotationClazz); - if (featureAnnotation != null) { - Feature feature = new Feature(); - feature = processFeatureAnnotation(feature, currentMethod); - Annotation[] annotations = currentMethod.getDeclaredAnnotations(); - Feature.MetadataEntry metadataEntry = new Feature.MetadataEntry(); - metadataEntry.setId(-1); - Map apiParams = new HashMap<>(); - for (int i = 0; i < annotations.length; i++) { - Annotation currentAnnotation = annotations[i]; - processHttpMethodAnnotation(apiParams, currentAnnotation); - if (currentAnnotation.annotationType().getName().equals(Path.class.getName())) { - String uri = getPathAnnotationValue(currentMethod); - apiParams.put("uri", uri); - } - apiParams = processParamAnnotations(apiParams, currentMethod); - } - metadataEntry.setValue(apiParams); - List metaInfoList = new ArrayList<>(); - metaInfoList.add(metadataEntry); - feature.setMetadataEntries(metaInfoList); - featureList.add(feature); - } - } - return featureList; - } - - private Map processParamAnnotations(Map apiParams, Method currentMethod) - throws Throwable{ - try { - apiParams.put("pathParams", processParamAnnotations(currentMethod, PathParam.class)); - apiParams.put("queryParams", processParamAnnotations(currentMethod, QueryParam.class)); - apiParams.put("formParams", processParamAnnotations(currentMethod, FormParam.class)); - } catch (ClassNotFoundException e) { - log.debug("No Form Param found for class " + featureAnnotationClazz.getName()); - } - return apiParams; - } - - private List processParamAnnotations(Method currentMethod, Class clazz) throws Throwable{ - List params = new ArrayList<>(); - try { - Class paramClazz = (Class) classLoader.loadClass(clazz.getName()); - Method[] formMethods = paramClazz.getMethods(); - //Extract method parameter information and store same as feature meta info - Annotation[][] paramAnnotations = currentMethod.getParameterAnnotations(); - Method valueMethod = formMethods[0]; - for (int j = 0; j < paramAnnotations.length; j++) { - for (Annotation anno : paramAnnotations[j]) { - if (anno.annotationType().getName().equals(clazz.getName())) { - params.add(invokeMethod(valueMethod, anno, STRING)); - } - } - } - } catch (ClassNotFoundException e) { - log.debug("No "+ clazz.getName() +" Param found for class " + featureAnnotationClazz.getName()); - } - return params; - } - - /** - * Read Method annotations indicating HTTP Methods - */ - private void processHttpMethodAnnotation(Map apiParams, Annotation currentAnnotation) { - //Extracting method with which feature is exposed - if (currentAnnotation.annotationType().getName().equals(GET.class.getName())) { - apiParams.put(METHOD, HttpMethod.GET); - } else if (currentAnnotation.annotationType().getName().equals(POST.class.getName())) { - apiParams.put(METHOD, HttpMethod.POST); - } else if (currentAnnotation.annotationType().getName().equals(OPTIONS.class.getName())) { - apiParams.put(METHOD, HttpMethod.OPTIONS); - } else if (currentAnnotation.annotationType().getName().equals(DELETE.class.getName())) { - apiParams.put(METHOD, HttpMethod.DELETE); - } else if (currentAnnotation.annotationType().getName().equals(PUT.class.getName())) { - apiParams.put(METHOD, HttpMethod.PUT); - } - } - - /** - * Read Feature annotation and Identify Features - * @param feature - * @param currentMethod - * @return - * @throws Throwable - */ - private Feature processFeatureAnnotation(Feature feature, Method currentMethod) throws Throwable{ - Method[] featureAnnoMethods = featureAnnotationClazz.getMethods(); - Annotation featureAnno = currentMethod.getAnnotation(featureAnnotationClazz); - for (int k = 0; k < featureAnnoMethods.length; k++) { - switch (featureAnnoMethods[k].getName()) { - case "name": - feature.setName(invokeMethod(featureAnnoMethods[k], featureAnno, STRING)); - break; - case "code": - feature.setCode(invokeMethod(featureAnnoMethods[k], featureAnno, STRING)); - break; - case "description": - feature.setDescription(invokeMethod(featureAnnoMethods[k], featureAnno, STRING)); - break; - } - } - return feature; - } - - /** - * Get value depicted by Path Annotation - * @param currentMethod - * @return - * @throws Throwable - */ - public String getPathAnnotationValue(Method currentMethod) throws Throwable{ - String uri = ""; - try { - Class pathClazz = (Class) classLoader.loadClass(Path.class.getName()); - Annotation pathAnnno = currentMethod.getAnnotation(pathClazz); - Method[] pathMethods = pathClazz.getMethods(); - Method valueMethod = pathMethods[0]; - uri = invokeMethod(valueMethod, pathAnnno, STRING); - } catch (ClassNotFoundException e) { - log.debug("No Path Param found for class " + featureAnnotationClazz.getName()); - } - return uri; - } - - /** - * When an annotation and method is passed, this method invokes that executes said method against the annotation - */ - private String invokeMethod(Method method, Annotation annotation, String returnType) throws Throwable { - InvocationHandler methodHandler = Proxy.getInvocationHandler(annotation); - switch (returnType) { - case STRING: - return (String) methodHandler.invoke(annotation, method, null); - case STRING_ARR: - return ((String[]) methodHandler.invoke(annotation, method, null))[0]; - default: - return null; - } - } - - /** - * Find the URL pointing to "/WEB-INF/classes" This method may not work in conjunction with IteratorFactory - * if your servlet container does not extract the /WEB-INF/classes into a real file-based directory - * - * @param servletContext - * @return null if cannot determin /WEB-INF/classes - */ - public static URL findWebInfClassesPath(ServletContext servletContext) - { - String path = servletContext.getRealPath("/WEB-INF/classes"); - if (path == null) return null; - File fp = new File(path); - if (fp.exists() == false) return null; - try - { - URI uri = fp.toURI(); - return uri.toURL(); - } - catch (MalformedURLException e) - { - throw new RuntimeException(e); - } - } -} \ No newline at end of file diff --git a/components/device-mgt/org.wso2.carbon.device.mgt.extensions/src/main/java/org/wso2/carbon/device/mgt/extensions/feature/mgt/util/ExtendedAnnotationDB.java b/components/device-mgt/org.wso2.carbon.device.mgt.extensions/src/main/java/org/wso2/carbon/device/mgt/extensions/feature/mgt/util/ExtendedAnnotationDB.java deleted file mode 100644 index 5d9c55ed06d..00000000000 --- a/components/device-mgt/org.wso2.carbon.device.mgt.extensions/src/main/java/org/wso2/carbon/device/mgt/extensions/feature/mgt/util/ExtendedAnnotationDB.java +++ /dev/null @@ -1,92 +0,0 @@ -/* -* Copyright (c) 2014, WSO2 Inc. (http://www.wso2.org) All Rights Reserved. -* -* Licensed under the Apache License, Version 2.0 (the "License"); -* you may not use this file except in compliance with the License. -* You may obtain a copy of the License at -* -* http://www.apache.org/licenses/LICENSE-2.0 -* -* Unless required by applicable law or agreed to in writing, software -* distributed under the License is distributed on an "AS IS" BASIS, -* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -* See the License for the specific language governing permissions and -* limitations under the License. -*/ -package org.wso2.carbon.device.mgt.extensions.feature.mgt.util; - -import org.scannotation.AnnotationDB; -import org.scannotation.archiveiterator.Filter; -import org.scannotation.archiveiterator.StreamIterator; - -import java.io.IOException; -import java.io.InputStream; -import java.net.URL; - -public class ExtendedAnnotationDB extends AnnotationDB { - - public ExtendedAnnotationDB() { - super(); - } - - public void scanArchives(URL... urls) throws IOException { - URL[] arr$ = urls; - int len$ = urls.length; - - for(int i$ = 0; i$ < len$; ++i$) { - URL url = arr$[i$]; - Filter filter = new Filter() { - public boolean accepts(String filename) { - if(filename.endsWith(".class")) { - if(filename.startsWith("/") || filename.startsWith("\\")) { - filename = filename.substring(1); - } - - if(!ExtendedAnnotationDB.this.ignoreScan(filename.replace('/', '.'))) { - return true; - } - } - return false; - } - }; - StreamIterator it = ExtendedIteratorFactory.create(url, filter); - - InputStream stream; - while((stream = it.next()) != null) { - this.scanClass(stream); - } - } - - } - - private boolean ignoreScan(String intf) { - String[] arr$; - int len$; - int i$; - String ignored; - if(this.scanPackages != null) { - arr$ = this.scanPackages; - len$ = arr$.length; - - for(i$ = 0; i$ < len$; ++i$) { - ignored = arr$[i$]; - if(intf.startsWith(ignored + ".")) { - return false; - } - } - - return true; - } else { - arr$ = this.ignoredPackages; - len$ = arr$.length; - - for(i$ = 0; i$ < len$; ++i$) { - ignored = arr$[i$]; - if(intf.startsWith(ignored + ".")) { - return true; - } - } - return false; - } - } -} diff --git a/components/device-mgt/org.wso2.carbon.device.mgt.extensions/src/main/java/org/wso2/carbon/device/mgt/extensions/feature/mgt/util/ExtendedFileProtocolIteratorFactory.java b/components/device-mgt/org.wso2.carbon.device.mgt.extensions/src/main/java/org/wso2/carbon/device/mgt/extensions/feature/mgt/util/ExtendedFileProtocolIteratorFactory.java deleted file mode 100644 index 6ee0cc7c008..00000000000 --- a/components/device-mgt/org.wso2.carbon.device.mgt.extensions/src/main/java/org/wso2/carbon/device/mgt/extensions/feature/mgt/util/ExtendedFileProtocolIteratorFactory.java +++ /dev/null @@ -1,34 +0,0 @@ -/* -* Copyright (c) 2014, WSO2 Inc. (http://www.wso2.org) All Rights Reserved. -* -* Licensed under the Apache License, Version 2.0 (the "License"); -* you may not use this file except in compliance with the License. -* You may obtain a copy of the License at -* -* http://www.apache.org/licenses/LICENSE-2.0 -* -* Unless required by applicable law or agreed to in writing, software -* distributed under the License is distributed on an "AS IS" BASIS, -* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -* See the License for the specific language governing permissions and -* limitations under the License. -*/ -package org.wso2.carbon.device.mgt.extensions.feature.mgt.util; - -import org.scannotation.archiveiterator.*; - -import java.io.File; -import java.io.IOException; -import java.net.URL; - -public class ExtendedFileProtocolIteratorFactory implements DirectoryIteratorFactory { - - private static final String ENCODING_SCHEME = "UTF-8"; - - @Override - public StreamIterator create(URL url, Filter filter) throws IOException { - File f = new File(java.net.URLDecoder.decode(url.getPath(), ENCODING_SCHEME)); - return f.isDirectory()?new FileIterator(f, filter):new JarIterator(url.openStream(), filter); - } - -} diff --git a/components/device-mgt/org.wso2.carbon.device.mgt.extensions/src/main/java/org/wso2/carbon/device/mgt/extensions/feature/mgt/util/ExtendedIteratorFactory.java b/components/device-mgt/org.wso2.carbon.device.mgt.extensions/src/main/java/org/wso2/carbon/device/mgt/extensions/feature/mgt/util/ExtendedIteratorFactory.java deleted file mode 100644 index 0845ff83e33..00000000000 --- a/components/device-mgt/org.wso2.carbon.device.mgt.extensions/src/main/java/org/wso2/carbon/device/mgt/extensions/feature/mgt/util/ExtendedIteratorFactory.java +++ /dev/null @@ -1,54 +0,0 @@ -/* -* Copyright (c) 2014, WSO2 Inc. (http://www.wso2.org) All Rights Reserved. -* -* Licensed under the Apache License, Version 2.0 (the "License"); -* you may not use this file except in compliance with the License. -* You may obtain a copy of the License at -* -* http://www.apache.org/licenses/LICENSE-2.0 -* -* Unless required by applicable law or agreed to in writing, software -* distributed under the License is distributed on an "AS IS" BASIS, -* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -* See the License for the specific language governing permissions and -* limitations under the License. -*/ -package org.wso2.carbon.device.mgt.extensions.feature.mgt.util; - -import org.scannotation.archiveiterator.DirectoryIteratorFactory; -import org.scannotation.archiveiterator.Filter; -import org.scannotation.archiveiterator.JarIterator; -import org.scannotation.archiveiterator.StreamIterator; - -import java.io.IOException; -import java.net.URL; -import java.util.concurrent.ConcurrentHashMap; - -public class ExtendedIteratorFactory { - - private static final ConcurrentHashMap registry = new ConcurrentHashMap(); - - public static StreamIterator create(URL url, Filter filter) throws IOException { - String urlString = url.toString(); - if(urlString.endsWith("!/")) { - urlString = urlString.substring(4); - urlString = urlString.substring(0, urlString.length() - 2); - url = new URL(urlString); - } - - if(!urlString.endsWith("/")) { - return new JarIterator(url.openStream(), filter); - } else { - DirectoryIteratorFactory factory = registry.get(url.getProtocol()); - if(factory == null) { - throw new IOException("Unable to scan directory of protocol: " + url.getProtocol()); - } else { - return factory.create(url, filter); - } - } - } - - static { - registry.put("file", new ExtendedFileProtocolIteratorFactory()); - } -} diff --git a/pom.xml b/pom.xml index 99d970cd9cf..7f0b6e41124 100644 --- a/pom.xml +++ b/pom.xml @@ -1830,6 +1830,7 @@ 1.4.0.wso2v1 2.4.0.wso2v1 2.6.0.wso2v1 + [2.6.0,3.0.0) 6.0.5 From 2f431504fe817f3f72b0b535a16749de66f8a757 Mon Sep 17 00:00:00 2001 From: Madawa Soysa Date: Tue, 22 Nov 2016 13:25:27 +0530 Subject: [PATCH 8/9] creating groups from ownership and changing group owner This commit includes following changes, Creating groups using the device ownership Changing the default system group owner to wso2.system.user --- .../mgt/common/group/mgt/DeviceGroup.java | 3 +- .../group/mgt/DeviceGroupConstants.java | 12 ------- .../DeviceManagementProviderServiceImpl.java | 31 ++++++------------- 3 files changed, 11 insertions(+), 35 deletions(-) diff --git a/components/device-mgt/org.wso2.carbon.device.mgt.common/src/main/java/org/wso2/carbon/device/mgt/common/group/mgt/DeviceGroup.java b/components/device-mgt/org.wso2.carbon.device.mgt.common/src/main/java/org/wso2/carbon/device/mgt/common/group/mgt/DeviceGroup.java index bb59bd17983..6617ab3bc85 100644 --- a/components/device-mgt/org.wso2.carbon.device.mgt.common/src/main/java/org/wso2/carbon/device/mgt/common/group/mgt/DeviceGroup.java +++ b/components/device-mgt/org.wso2.carbon.device.mgt.common/src/main/java/org/wso2/carbon/device/mgt/common/group/mgt/DeviceGroup.java @@ -50,9 +50,8 @@ public class DeviceGroup implements Serializable { public DeviceGroup() {} - public DeviceGroup(String name, String description) { + public DeviceGroup(String name) { this.name = name; - this.description = description; } public int getGroupId() { diff --git a/components/device-mgt/org.wso2.carbon.device.mgt.common/src/main/java/org/wso2/carbon/device/mgt/common/group/mgt/DeviceGroupConstants.java b/components/device-mgt/org.wso2.carbon.device.mgt.common/src/main/java/org/wso2/carbon/device/mgt/common/group/mgt/DeviceGroupConstants.java index 488c8034e2a..aab0fc16f3a 100644 --- a/components/device-mgt/org.wso2.carbon.device.mgt.common/src/main/java/org/wso2/carbon/device/mgt/common/group/mgt/DeviceGroupConstants.java +++ b/components/device-mgt/org.wso2.carbon.device.mgt.common/src/main/java/org/wso2/carbon/device/mgt/common/group/mgt/DeviceGroupConstants.java @@ -79,16 +79,4 @@ public class DeviceGroupConstants { public static final String[] DEFAULT_VIEW_EVENTS_PERMISSIONS = {"/permission/device-mgt/user/groups/device_events"}; } - - /** - * Holds the constants related to default (System Generated) groups. - */ - public static class DefaultGroups { - public static final String BYOD_GROUP_NAME = "BYOD"; - public static final String BYOD_GROUP_DESCRIPTION = "This is the default group for BYOD (Bring Your Own Device)" - + " type devices."; - public static final String COPE_GROUP_NAME = "COPE"; - public static final String COPE_GROUP_DESCRIPTION = "This is the default group for COPE (Corporate Owned) type" - + " devices."; - } } diff --git a/components/device-mgt/org.wso2.carbon.device.mgt.core/src/main/java/org/wso2/carbon/device/mgt/core/service/DeviceManagementProviderServiceImpl.java b/components/device-mgt/org.wso2.carbon.device.mgt.core/src/main/java/org/wso2/carbon/device/mgt/core/service/DeviceManagementProviderServiceImpl.java index 6c62345aaa7..eeac1846d4c 100644 --- a/components/device-mgt/org.wso2.carbon.device.mgt.core/src/main/java/org/wso2/carbon/device/mgt/core/service/DeviceManagementProviderServiceImpl.java +++ b/components/device-mgt/org.wso2.carbon.device.mgt.core/src/main/java/org/wso2/carbon/device/mgt/core/service/DeviceManagementProviderServiceImpl.java @@ -19,8 +19,8 @@ package org.wso2.carbon.device.mgt.core.service; import org.apache.commons.logging.Log; import org.apache.commons.logging.LogFactory; +import org.wso2.carbon.CarbonConstants; import org.wso2.carbon.context.CarbonContext; -import org.wso2.carbon.context.PrivilegedCarbonContext; import org.wso2.carbon.device.mgt.common.*; import org.wso2.carbon.device.mgt.common.app.mgt.Application; import org.wso2.carbon.device.mgt.common.configuration.mgt.PlatformConfiguration; @@ -1846,30 +1846,21 @@ public class DeviceManagementProviderServiceImpl implements DeviceManagementProv * Adds the enrolled devices to the default groups based on ownership * * @param deviceIdentifier of the device. - * @param ownerShip of the device. + * @param ownership of the device. * @throws DeviceManagementException If error occurred in adding the device to the group. */ - private void addDeviceToGroups(DeviceIdentifier deviceIdentifier, EnrolmentInfo.OwnerShip ownerShip) + private void addDeviceToGroups(DeviceIdentifier deviceIdentifier, EnrolmentInfo.OwnerShip ownership) throws DeviceManagementException { GroupManagementProviderService groupManagementProviderService = new GroupManagementProviderServiceImpl(); - DeviceGroup defaultGroup = null; try { - if (ownerShip == EnrolmentInfo.OwnerShip.BYOD) { - defaultGroup = createDefaultGroup(groupManagementProviderService, - DeviceGroupConstants.DefaultGroups.BYOD_GROUP_NAME, - DeviceGroupConstants.DefaultGroups.BYOD_GROUP_DESCRIPTION); - } else if (ownerShip == EnrolmentInfo.OwnerShip.COPE) { - defaultGroup = createDefaultGroup(groupManagementProviderService, - DeviceGroupConstants.DefaultGroups.COPE_GROUP_NAME, - DeviceGroupConstants.DefaultGroups.COPE_GROUP_DESCRIPTION); - } + DeviceGroup defaultGroup = createDefaultGroup(groupManagementProviderService, ownership.toString()); if (defaultGroup != null) { groupManagementProviderService.addDevice(defaultGroup.getGroupId(), deviceIdentifier); } } catch (DeviceNotFoundException e) { throw new DeviceManagementException("Unable to find the device with the id: '" + deviceIdentifier.getId(), e); - } catch (GroupManagementException | UserStoreException e) { + } catch (GroupManagementException e) { throw new DeviceManagementException("An error occurred when adding the device to the group.", e); } } @@ -1879,18 +1870,16 @@ public class DeviceManagementProviderServiceImpl implements DeviceManagementProv * * @param service {@link GroupManagementProviderService} instance. * @param groupName of the group to create. - * @param groupDescription of the group to create. * @return Group with details. * @throws GroupManagementException */ - private DeviceGroup createDefaultGroup(GroupManagementProviderService service, String groupName, - String groupDescription) throws GroupManagementException, UserStoreException { + private DeviceGroup createDefaultGroup(GroupManagementProviderService service, String groupName) + throws GroupManagementException { DeviceGroup defaultGroup = service.getGroup(groupName); if (defaultGroup == null) { - defaultGroup = new DeviceGroup(groupName, groupDescription); - defaultGroup.setOwner( - PrivilegedCarbonContext.getThreadLocalCarbonContext().getUserRealm().getRealmConfiguration() - .getAdminUserName()); + defaultGroup = new DeviceGroup(groupName); + // Setting system level user (wso2.system.user) as the owner + defaultGroup.setOwner(CarbonConstants.REGISTRY_SYSTEM_USERNAME); defaultGroup.setDateOfCreation(new Date().getTime()); defaultGroup.setDateOfLastUpdate(new Date().getTime()); try { From ec3dbd37ddc3c4695b6bb19b8e3eb3323b2aa1a8 Mon Sep 17 00:00:00 2001 From: ayyoob Date: Tue, 22 Nov 2016 15:03:23 +0530 Subject: [PATCH 9/9] fixed commit comments --- .../mgt/jaxrs/beans/AuthorizationRequest.java | 13 +++++++++++++ .../jaggeryapps/devicemgt/app/conf/config.json | 1 + .../app/modules/oauth/token-handler-utils.js | 3 ++- 3 files changed, 16 insertions(+), 1 deletion(-) diff --git a/components/device-mgt/org.wso2.carbon.device.mgt.api/src/main/java/org/wso2/carbon/device/mgt/jaxrs/beans/AuthorizationRequest.java b/components/device-mgt/org.wso2.carbon.device.mgt.api/src/main/java/org/wso2/carbon/device/mgt/jaxrs/beans/AuthorizationRequest.java index 7b45802a2b6..d37183abc7f 100644 --- a/components/device-mgt/org.wso2.carbon.device.mgt.api/src/main/java/org/wso2/carbon/device/mgt/jaxrs/beans/AuthorizationRequest.java +++ b/components/device-mgt/org.wso2.carbon.device.mgt.api/src/main/java/org/wso2/carbon/device/mgt/jaxrs/beans/AuthorizationRequest.java @@ -1,3 +1,16 @@ +/* + * Copyright (c) 2016, WSO2 Inc. (http://www.wso2.org) All Rights Reserved. + * + * Licensed under the Apache License, Version 2.0 (the "License"); + * you may not use this file except in compliance with the License. + * You may obtain a copy of the License at + * http://www.apache.org/licenses/LICENSE-2.0 + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and limitations under the License. + * + */ package org.wso2.carbon.device.mgt.jaxrs.beans; import io.swagger.annotations.ApiModel; diff --git a/components/device-mgt/org.wso2.carbon.device.mgt.ui/src/main/resources/jaggeryapps/devicemgt/app/conf/config.json b/components/device-mgt/org.wso2.carbon.device.mgt.ui/src/main/resources/jaggeryapps/devicemgt/app/conf/config.json index 6eaf99a8ef6..4cdc2b4b6c4 100644 --- a/components/device-mgt/org.wso2.carbon.device.mgt.ui/src/main/resources/jaggeryapps/devicemgt/app/conf/config.json +++ b/components/device-mgt/org.wso2.carbon.device.mgt.ui/src/main/resources/jaggeryapps/devicemgt/app/conf/config.json @@ -28,6 +28,7 @@ "tokenServiceURL": "%https.ip%/oauth2/token" }, "adminUser":"admin@carbon.super", + "adminUserTenantId":"-1234", "adminRole":"admin", "usernameLength":30, "pageSize":10, diff --git a/components/device-mgt/org.wso2.carbon.device.mgt.ui/src/main/resources/jaggeryapps/devicemgt/app/modules/oauth/token-handler-utils.js b/components/device-mgt/org.wso2.carbon.device.mgt.ui/src/main/resources/jaggeryapps/devicemgt/app/modules/oauth/token-handler-utils.js index 48bde5a3733..e6cecaeba62 100644 --- a/components/device-mgt/org.wso2.carbon.device.mgt.ui/src/main/resources/jaggeryapps/devicemgt/app/modules/oauth/token-handler-utils.js +++ b/components/device-mgt/org.wso2.carbon.device.mgt.ui/src/main/resources/jaggeryapps/devicemgt/app/modules/oauth/token-handler-utils.js @@ -101,8 +101,9 @@ var utils = function () { return cachedTenantBasedClientAppCredentials; } else { var adminUsername = deviceMgtProps["adminUser"]; + var adminUserTenantId = deviceMgtProps["adminUserTenantId"]; //claims required for jwtAuthenticator. - var claims = {"http://wso2.org/claims/enduserTenantId": "-1234", + var claims = {"http://wso2.org/claims/enduserTenantId": adminUserTenantId, "http://wso2.org/claims/enduser": adminUsername}; var jwtToken = publicMethods.getJwtToken(adminUsername, claims);