From fe263efe60c528e99e3f5ed1f5710b79f23c70ba Mon Sep 17 00:00:00 2001 From: ayyoob Date: Sun, 20 Nov 2016 02:37:37 +0530 Subject: [PATCH] changed device access verification approach --- .../pom.xml | 8 +- ...ApiApplicationRegistrationServiceImpl.java | 21 +++- .../extension/api/util/APIUtil.java | 24 ++++ .../APIManagementProviderService.java | 14 --- .../APIManagementProviderServiceImpl.java | 101 ---------------- .../mgt/jaxrs/beans/AuthorizationRequest.java | 7 ++ ...DeviceAccessAuthorizationAdminService.java | 8 -- .../DeviceAccessAuthorizationServiceImpl.java | 17 +-- .../pom.xml | 26 +--- .../oauth/extensions/DeviceRequestDTO.java | 30 ----- .../mgt/oauth/extensions/OAuthConstants.java | 13 -- .../mgt/oauth/extensions/OAuthExtUtils.java | 93 --------------- .../mgt/oauth/extensions/config/Action.java | 90 -------------- .../extensions/config/DeviceMgtScopes.java | 67 ----------- .../config/DeviceMgtScopesConfig.java | 67 ----------- ...MgtScopesConfigurationFailedException.java | 44 ------- .../oauth/extensions/config/Permissions.java | 78 ------------ ...xtendedDeviceMgtJWTBearerGrantHandler.java | 31 ----- ...ExtendedDeviceMgtPasswordGrantHandler.java | 59 --------- .../OAuthExtensionServiceComponent.java | 66 ----------- .../internal/OAuthExtensionsDataHolder.java | 28 ----- .../ExtendedDeviceJWTGrantValidator.java | 38 ------ .../ExtendedDevicePasswordGrantValidator.java | 37 ------ .../PermissionBasedScopeValidator.java | 112 ------------------ .../jwt/client/extension/JWTClient.java | 8 +- .../src/main/resources/device-mgt-scopes.xml | 51 -------- .../src/main/resources/p2.inf | 3 +- 27 files changed, 78 insertions(+), 1063 deletions(-) delete mode 100644 components/identity-extensions/org.wso2.carbon.device.mgt.oauth.extensions/src/main/java/org/wso2/carbon/device/mgt/oauth/extensions/DeviceRequestDTO.java delete mode 100644 components/identity-extensions/org.wso2.carbon.device.mgt.oauth.extensions/src/main/java/org/wso2/carbon/device/mgt/oauth/extensions/OAuthConstants.java delete mode 100644 components/identity-extensions/org.wso2.carbon.device.mgt.oauth.extensions/src/main/java/org/wso2/carbon/device/mgt/oauth/extensions/config/Action.java delete mode 100644 components/identity-extensions/org.wso2.carbon.device.mgt.oauth.extensions/src/main/java/org/wso2/carbon/device/mgt/oauth/extensions/config/DeviceMgtScopes.java delete mode 100644 components/identity-extensions/org.wso2.carbon.device.mgt.oauth.extensions/src/main/java/org/wso2/carbon/device/mgt/oauth/extensions/config/DeviceMgtScopesConfig.java delete mode 100644 components/identity-extensions/org.wso2.carbon.device.mgt.oauth.extensions/src/main/java/org/wso2/carbon/device/mgt/oauth/extensions/config/DeviceMgtScopesConfigurationFailedException.java delete mode 100644 components/identity-extensions/org.wso2.carbon.device.mgt.oauth.extensions/src/main/java/org/wso2/carbon/device/mgt/oauth/extensions/config/Permissions.java delete mode 100644 components/identity-extensions/org.wso2.carbon.device.mgt.oauth.extensions/src/main/java/org/wso2/carbon/device/mgt/oauth/extensions/handlers/grant/ExtendedDeviceMgtJWTBearerGrantHandler.java delete mode 100644 components/identity-extensions/org.wso2.carbon.device.mgt.oauth.extensions/src/main/java/org/wso2/carbon/device/mgt/oauth/extensions/handlers/grant/ExtendedDeviceMgtPasswordGrantHandler.java delete mode 100644 components/identity-extensions/org.wso2.carbon.device.mgt.oauth.extensions/src/main/java/org/wso2/carbon/device/mgt/oauth/extensions/validators/ExtendedDeviceJWTGrantValidator.java delete mode 100644 components/identity-extensions/org.wso2.carbon.device.mgt.oauth.extensions/src/main/java/org/wso2/carbon/device/mgt/oauth/extensions/validators/ExtendedDevicePasswordGrantValidator.java delete mode 100644 components/identity-extensions/org.wso2.carbon.device.mgt.oauth.extensions/src/main/java/org/wso2/carbon/device/mgt/oauth/extensions/validators/PermissionBasedScopeValidator.java delete mode 100644 features/oauth-extensions/org.wso2.carbon.device.mgt.oauth.extensions.feature/src/main/resources/device-mgt-scopes.xml diff --git a/components/apimgt-extensions/org.wso2.carbon.apimgt.application.extension.api/pom.xml b/components/apimgt-extensions/org.wso2.carbon.apimgt.application.extension.api/pom.xml index d9166908114..1c1ed1d9656 100644 --- a/components/apimgt-extensions/org.wso2.carbon.apimgt.application.extension.api/pom.xml +++ b/components/apimgt-extensions/org.wso2.carbon.apimgt.application.extension.api/pom.xml @@ -163,7 +163,13 @@ org.wso2.carbon.devicemgt - org.wso2.carbon.apimgt.annotations + org.wso2.carbon.device.mgt.core + provided + + + org.wso2.carbon.devicemgt + org.wso2.carbon.device.mgt.common + provided diff --git a/components/apimgt-extensions/org.wso2.carbon.apimgt.application.extension.api/src/main/java/org/wso2/carbon/apimgt/application/extension/api/ApiApplicationRegistrationServiceImpl.java b/components/apimgt-extensions/org.wso2.carbon.apimgt.application.extension.api/src/main/java/org/wso2/carbon/apimgt/application/extension/api/ApiApplicationRegistrationServiceImpl.java index e88d80e67ce..55b82b8c9cd 100644 --- a/components/apimgt-extensions/org.wso2.carbon.apimgt.application.extension.api/src/main/java/org/wso2/carbon/apimgt/application/extension/api/ApiApplicationRegistrationServiceImpl.java +++ b/components/apimgt-extensions/org.wso2.carbon.apimgt.application.extension.api/src/main/java/org/wso2/carbon/apimgt/application/extension/api/ApiApplicationRegistrationServiceImpl.java @@ -29,6 +29,7 @@ import org.wso2.carbon.apimgt.application.extension.dto.ApiApplicationKey; import org.wso2.carbon.apimgt.application.extension.exception.APIManagerException; import org.wso2.carbon.base.MultitenantConstants; import org.wso2.carbon.context.PrivilegedCarbonContext; +import org.wso2.carbon.device.mgt.common.DeviceManagementException; import org.wso2.carbon.user.api.UserStoreException; import javax.ws.rs.DELETE; @@ -36,6 +37,8 @@ import javax.ws.rs.POST; import javax.ws.rs.Path; import javax.ws.rs.QueryParam; import javax.ws.rs.core.Response; +import java.util.ArrayList; +import java.util.Arrays; public class ApiApplicationRegistrationServiceImpl implements ApiApplicationRegistrationService { @@ -62,7 +65,8 @@ public class ApiApplicationRegistrationServiceImpl implements ApiApplicationRegi PrivilegedCarbonContext.getThreadLocalCarbonContext().setUsername(username); APIManagementProviderService apiManagementProviderService = APIUtil.getAPIManagementProviderService(); ApiApplicationKey apiApplicationKey = apiManagementProviderService.generateAndRetrieveApplicationKeys( - applicationName, ApiApplicationConstants.DEFAULT_TOKEN_TYPE, username, false); + applicationName, APIUtil.getAllowedApisTags().toArray(new String[APIUtil.getAllowedApisTags().size()]), + ApiApplicationConstants.DEFAULT_TOKEN_TYPE, username, false); return Response.status(Response.Status.CREATED).entity(apiApplicationKey.toString()).build(); } catch (APIManagerException e) { String msg = "Error occurred while registering an application '" + applicationName + "'"; @@ -72,6 +76,10 @@ public class ApiApplicationRegistrationServiceImpl implements ApiApplicationRegi String msg = "Failed to retrieve the tenant" + tenantDomain + "'"; log.error(msg, e); return Response.status(Response.Status.INTERNAL_SERVER_ERROR).entity(msg).build(); + } catch (DeviceManagementException e) { + String msg = "Failed to retrieve the device service"; + log.error(msg, e); + return Response.status(Response.Status.INTERNAL_SERVER_ERROR).entity(msg).build(); } finally { PrivilegedCarbonContext.endTenantFlow(); } @@ -81,6 +89,13 @@ public class ApiApplicationRegistrationServiceImpl implements ApiApplicationRegi @POST public Response register(RegistrationProfile registrationProfile) { try { + if (registrationProfile.getTags() == null || registrationProfile.getTags().length == 0) { + return Response.status(Response.Status.NOT_ACCEPTABLE).entity("Tags should not be empty").build(); + } + if (APIUtil.getAllowedApisTags().containsAll(Arrays.asList(registrationProfile.getTags()))) { + return Response.status(Response.Status.NOT_ACCEPTABLE).entity("APIs(Tags) are not allowed to this user." + ).build(); + } String username = APIUtil.getAuthenticatedUser() + "@" + APIUtil.getTenantDomainOftheUser(); APIManagementProviderService apiManagementProviderService = APIUtil.getAPIManagementProviderService(); if (registrationProfile.isMappingAnExistingOAuthApp()) { @@ -109,6 +124,10 @@ public class ApiApplicationRegistrationServiceImpl implements ApiApplicationRegi + registrationProfile.getApplicationName() + "'"; log.error(msg, e); return Response.status(Response.Status.INTERNAL_SERVER_ERROR).entity("false").build(); + } catch (DeviceManagementException e) { + String msg = "Failed to retrieve the device service"; + log.error(msg, e); + return Response.status(Response.Status.INTERNAL_SERVER_ERROR).entity(msg).build(); } } diff --git a/components/apimgt-extensions/org.wso2.carbon.apimgt.application.extension.api/src/main/java/org/wso2/carbon/apimgt/application/extension/api/util/APIUtil.java b/components/apimgt-extensions/org.wso2.carbon.apimgt.application.extension.api/src/main/java/org/wso2/carbon/apimgt/application/extension/api/util/APIUtil.java index 299ff01c3df..7c74fdf5237 100644 --- a/components/apimgt-extensions/org.wso2.carbon.apimgt.application.extension.api/src/main/java/org/wso2/carbon/apimgt/application/extension/api/util/APIUtil.java +++ b/components/apimgt-extensions/org.wso2.carbon.apimgt.application.extension.api/src/main/java/org/wso2/carbon/apimgt/application/extension/api/util/APIUtil.java @@ -22,14 +22,19 @@ import org.apache.commons.logging.Log; import org.apache.commons.logging.LogFactory; import org.wso2.carbon.apimgt.application.extension.APIManagementProviderService; import org.wso2.carbon.context.PrivilegedCarbonContext; +import org.wso2.carbon.device.mgt.common.DeviceManagementException; +import org.wso2.carbon.device.mgt.core.service.DeviceManagementProviderService; import org.wso2.carbon.user.core.service.RealmService; +import java.util.List; + /** * This class provides utility functions used by REST-API. */ public class APIUtil { private static Log log = LogFactory.getLog(APIUtil.class); + private static final String DEFAULT_CDMF_API_TAG = "device_management"; public static String getAuthenticatedUser() { PrivilegedCarbonContext threadLocalCarbonContext = PrivilegedCarbonContext.getThreadLocalCarbonContext(); @@ -70,4 +75,23 @@ public class APIUtil { } return realmService; } + + public static DeviceManagementProviderService getDeviceManagementProviderService() { + PrivilegedCarbonContext ctx = PrivilegedCarbonContext.getThreadLocalCarbonContext(); + DeviceManagementProviderService deviceManagementProviderService = + (DeviceManagementProviderService) ctx.getOSGiService(DeviceManagementProviderService.class, null); + if (deviceManagementProviderService == null) { + String msg = "Device Management service has not initialized."; + log.error(msg); + throw new IllegalStateException(msg); + } + return deviceManagementProviderService; + } + + public static List getAllowedApisTags() throws DeviceManagementException { + //Todo get allowed cdmf service tags from config. + List allowedApisTags = getDeviceManagementProviderService().getAvailableDeviceTypes(); + allowedApisTags.add(DEFAULT_CDMF_API_TAG); + return getAllowedApisTags(); + } } diff --git a/components/apimgt-extensions/org.wso2.carbon.apimgt.application.extension/src/main/java/org/wso2/carbon/apimgt/application/extension/APIManagementProviderService.java b/components/apimgt-extensions/org.wso2.carbon.apimgt.application.extension/src/main/java/org/wso2/carbon/apimgt/application/extension/APIManagementProviderService.java index 9d8b05dfb6a..e931c28358d 100644 --- a/components/apimgt-extensions/org.wso2.carbon.apimgt.application.extension/src/main/java/org/wso2/carbon/apimgt/application/extension/APIManagementProviderService.java +++ b/components/apimgt-extensions/org.wso2.carbon.apimgt.application.extension/src/main/java/org/wso2/carbon/apimgt/application/extension/APIManagementProviderService.java @@ -41,20 +41,6 @@ public interface APIManagementProviderService { String keyType, String username, boolean isAllowedAllDomains) throws APIManagerException; - /** - * Generate and retreive application keys. if the application does exist then - * create it and subscribe to all apis. - * - * @param apiApplicationName name of the application. - * @param keyType of the application. - * @param username to whom the application is created - * @return consumerkey and secrete of the created application. - * @throws APIManagerException - */ - ApiApplicationKey generateAndRetrieveApplicationKeys(String apiApplicationName, String keyType, - String username, boolean isAllowedAllDomains) - throws APIManagerException; - /** * Register existing Oauth application as apim application. */ diff --git a/components/apimgt-extensions/org.wso2.carbon.apimgt.application.extension/src/main/java/org/wso2/carbon/apimgt/application/extension/APIManagementProviderServiceImpl.java b/components/apimgt-extensions/org.wso2.carbon.apimgt.application.extension/src/main/java/org/wso2/carbon/apimgt/application/extension/APIManagementProviderServiceImpl.java index f205419084a..ce92eba32a0 100644 --- a/components/apimgt-extensions/org.wso2.carbon.apimgt.application.extension/src/main/java/org/wso2/carbon/apimgt/application/extension/APIManagementProviderServiceImpl.java +++ b/components/apimgt-extensions/org.wso2.carbon.apimgt.application.extension/src/main/java/org/wso2/carbon/apimgt/application/extension/APIManagementProviderServiceImpl.java @@ -43,70 +43,6 @@ public class APIManagementProviderServiceImpl implements APIManagementProviderSe private static final Log log = LogFactory.getLog(APIManagementProviderServiceImpl.class); - /** - * {@inheritDoc} - */ - @Override - public ApiApplicationKey generateAndRetrieveApplicationKeys(String apiApplicationName, String keyType, - String username, boolean isAllowedAllDomains) - throws APIManagerException { - try { - APIManagerUtil.loadTenantRegistry(); - APIConsumer apiConsumer = APIManagerFactory.getInstance().getAPIConsumer(username); - String groupId = getLoggedInUserGroupId(username, APIManagerUtil.getTenantDomain()); - int applicationId = createApplicationAndSubscribeToAllAPIs(apiApplicationName, username); - Application[] applications = apiConsumer.getApplications(apiConsumer.getSubscriber(username), groupId); - Application application = null; - for (Application app : applications) { - if (app.getId() == applicationId) { - application = app; - } - } - if (application == null) { - throw new APIManagerException("Api application creation failed for " + apiApplicationName + - " to the user " + username); - } - APIKey retrievedApiApplicationKey = null; - for (APIKey apiKey : application.getKeys()) { - String applicationKeyType = apiKey.getType(); - if (applicationKeyType != null && applicationKeyType.equals(keyType)) { - retrievedApiApplicationKey = apiKey; - break; - } - } - if (retrievedApiApplicationKey != null) { - ApiApplicationKey apiApplicationKey = new ApiApplicationKey(); - apiApplicationKey.setConsumerKey(retrievedApiApplicationKey.getConsumerKey()); - apiApplicationKey.setConsumerSecret(retrievedApiApplicationKey.getConsumerSecret()); - return apiApplicationKey; - } - String[] allowedDomains = new String[1]; - if (isAllowedAllDomains) { - allowedDomains[0] = ApiApplicationConstants.ALLOWED_DOMAINS; - } else { - allowedDomains[0] = APIManagerUtil.getTenantDomain(); - } - JSONObject jsonObject = new JSONObject(); - jsonObject.put(ApiApplicationConstants.JSONSTRING_USERNAME_TAG, username); - String ownerJsonString = jsonObject.toJSONString(); - Map keyDetails = apiConsumer.requestApprovalForApplicationRegistration(username, - apiApplicationName, - keyType, "", - allowedDomains, - ApiApplicationConstants.DEFAULT_VALIDITY_PERIOD, - "null", groupId, - ownerJsonString); - ApiApplicationKey apiApplicationKey = new ApiApplicationKey(); - apiApplicationKey.setConsumerKey((String) keyDetails.get(APIConstants.FrontEndParameterNames - .CONSUMER_KEY)); - apiApplicationKey.setConsumerSecret((String) keyDetails.get( - APIConstants.FrontEndParameterNames.CONSUMER_SECRET)); - return apiApplicationKey; - } catch (APIManagementException e) { - throw new APIManagerException("Failed to register a api application : " + apiApplicationName, e); - } - } - /** * {@inheritDoc} */ @@ -385,43 +321,6 @@ public class APIManagementProviderServiceImpl implements APIManagementProviderSe } } - /** - * This method registers an api application and then subscribe the application to the api. - * - * @param username subscription is created for the user. - * @throws APIManagerException - */ - private int createApplicationAndSubscribeToAllAPIs(String apiApplicationName, String username) - throws APIManagerException { - try { - APIConsumer apiConsumer = APIManagerFactory.getInstance().getAPIConsumer(username); - String groupId = getLoggedInUserGroupId(username, APIManagerUtil.getTenantDomain()); - int applicationId = createApplication(apiConsumer, apiApplicationName, username, groupId); - String tenantDomain = MultitenantUtils.getTenantDomain(username); - Set userVisibleAPIs = apiConsumer.getAllPublishedAPIs(tenantDomain); - if (!MultitenantConstants.SUPER_TENANT_DOMAIN_NAME.equals(tenantDomain)) { - userVisibleAPIs.addAll(apiConsumer.getAllPublishedAPIs(MultitenantConstants.SUPER_TENANT_DOMAIN_NAME)); - } - Subscriber subscriber = apiConsumer.getSubscriber(username); - Set subscribedAPIs = apiConsumer.getSubscribedAPIs(subscriber); - for (API visibleApi : userVisibleAPIs) { - APIIdentifier apiIdentifier = visibleApi.getId(); - boolean isSubscribed = false; - for (SubscribedAPI subscribedAPI : subscribedAPIs) { - if (subscribedAPI.getApiId().equals(apiIdentifier)) { - isSubscribed = true; - } - } - if (!isSubscribed) { - addSubscription(apiConsumer, apiIdentifier, applicationId, username); - } - } - return applicationId; - } catch (APIManagementException e) { - throw new APIManagerException("Failed to fetch device apis information for the user " + username, e); - } - } - private String getLoggedInUserGroupId(String username, String tenantDomain) throws APIManagerException { JSONObject loginInfoJsonObj = new JSONObject(); try { diff --git a/components/device-mgt/org.wso2.carbon.device.mgt.api/src/main/java/org/wso2/carbon/device/mgt/jaxrs/beans/AuthorizationRequest.java b/components/device-mgt/org.wso2.carbon.device.mgt.api/src/main/java/org/wso2/carbon/device/mgt/jaxrs/beans/AuthorizationRequest.java index 3a63938b8b5..7b45802a2b6 100644 --- a/components/device-mgt/org.wso2.carbon.device.mgt.api/src/main/java/org/wso2/carbon/device/mgt/jaxrs/beans/AuthorizationRequest.java +++ b/components/device-mgt/org.wso2.carbon.device.mgt.api/src/main/java/org/wso2/carbon/device/mgt/jaxrs/beans/AuthorizationRequest.java @@ -1,14 +1,21 @@ package org.wso2.carbon.device.mgt.jaxrs.beans; +import io.swagger.annotations.ApiModel; +import io.swagger.annotations.ApiModelProperty; import org.wso2.carbon.device.mgt.common.DeviceIdentifier; import java.util.List; +@ApiModel(value = "AuthorizationRequest", description = "Authorization details together with deviceIdentifier and permission") public class AuthorizationRequest { + @ApiModelProperty(name = "tenantDomain", value = "tenant domain.", required = false) String tenantDomain; + @ApiModelProperty(name = "username", value = "username of the user, to whom the device identifiers needs to be verified", required = true) String username; + @ApiModelProperty(name = "deviceIdentifiers", value = "list of devices that needs to be verified against the user", required = true) List deviceIdentifiers; + @ApiModelProperty(name = "permission", value = "if null then checks against the owner else it could be grouping permission", required = false) List permissions; public String getTenantDomain() { diff --git a/components/device-mgt/org.wso2.carbon.device.mgt.api/src/main/java/org/wso2/carbon/device/mgt/jaxrs/service/api/admin/DeviceAccessAuthorizationAdminService.java b/components/device-mgt/org.wso2.carbon.device.mgt.api/src/main/java/org/wso2/carbon/device/mgt/jaxrs/service/api/admin/DeviceAccessAuthorizationAdminService.java index a779b73e750..a0c3c23b2f0 100644 --- a/components/device-mgt/org.wso2.carbon.device.mgt.api/src/main/java/org/wso2/carbon/device/mgt/jaxrs/service/api/admin/DeviceAccessAuthorizationAdminService.java +++ b/components/device-mgt/org.wso2.carbon.device.mgt.api/src/main/java/org/wso2/carbon/device/mgt/jaxrs/service/api/admin/DeviceAccessAuthorizationAdminService.java @@ -20,26 +20,18 @@ package org.wso2.carbon.device.mgt.jaxrs.service.api.admin; import io.swagger.annotations.Api; import io.swagger.annotations.ApiOperation; -import io.swagger.annotations.ApiParam; import io.swagger.annotations.ApiResponse; import io.swagger.annotations.ApiResponses; -import io.swagger.annotations.ResponseHeader; import org.wso2.carbon.apimgt.annotations.api.API; import org.wso2.carbon.apimgt.annotations.api.Permission; -import org.wso2.carbon.device.mgt.common.Device; import org.wso2.carbon.device.mgt.common.authorization.DeviceAuthorizationResult; -import org.wso2.carbon.device.mgt.common.operation.mgt.Activity; import org.wso2.carbon.device.mgt.jaxrs.beans.AuthorizationRequest; import org.wso2.carbon.device.mgt.jaxrs.beans.ErrorResponse; -import javax.validation.constraints.Size; import javax.ws.rs.Consumes; -import javax.ws.rs.GET; -import javax.ws.rs.HeaderParam; import javax.ws.rs.POST; import javax.ws.rs.Path; import javax.ws.rs.Produces; -import javax.ws.rs.QueryParam; import javax.ws.rs.core.MediaType; import javax.ws.rs.core.Response; diff --git a/components/device-mgt/org.wso2.carbon.device.mgt.core/src/main/java/org/wso2/carbon/device/mgt/core/authorization/DeviceAccessAuthorizationServiceImpl.java b/components/device-mgt/org.wso2.carbon.device.mgt.core/src/main/java/org/wso2/carbon/device/mgt/core/authorization/DeviceAccessAuthorizationServiceImpl.java index dbd2facc7df..22d09b5184f 100644 --- a/components/device-mgt/org.wso2.carbon.device.mgt.core/src/main/java/org/wso2/carbon/device/mgt/core/authorization/DeviceAccessAuthorizationServiceImpl.java +++ b/components/device-mgt/org.wso2.carbon.device.mgt.core/src/main/java/org/wso2/carbon/device/mgt/core/authorization/DeviceAccessAuthorizationServiceImpl.java @@ -67,7 +67,7 @@ public class DeviceAccessAuthorizationServiceImpl implements DeviceAccessAuthori return !DeviceManagementDataHolder.getInstance().requireDeviceAuthorization(deviceIdentifier.getType()); } //check for admin and ownership permissions - if (isAdminOrDeviceOwner(username, tenantId, deviceIdentifier)) { + if (isAdmin(username, tenantId) || isDeviceOwner(deviceIdentifier, username)) { return true; } //check for group permissions @@ -127,9 +127,12 @@ public class DeviceAccessAuthorizationServiceImpl implements DeviceAccessAuthori return null; } DeviceAuthorizationResult deviceAuthorizationResult = new DeviceAuthorizationResult(); + if (isAdmin(username, tenantId)) { + deviceAuthorizationResult.setAuthorizedDevices(deviceIdentifiers); + } for (DeviceIdentifier deviceIdentifier : deviceIdentifiers) { //check for admin and ownership permissions - if (isAdminOrDeviceOwner(username, tenantId, deviceIdentifier)) { + if (isDeviceOwner(deviceIdentifier, username)) { deviceAuthorizationResult.addAuthorizedDevice(deviceIdentifier); } else { try { @@ -179,15 +182,13 @@ public class DeviceAccessAuthorizationServiceImpl implements DeviceAccessAuthori return isUserAuthorized(deviceIdentifiers, this.getUserName(), groupPermissions); } - private boolean isAdminOrDeviceOwner(String username, int tenantId, DeviceIdentifier deviceIdentifier) + private boolean isAdmin(String username, int tenantId) throws DeviceAccessAuthorizationException { try { - //First Check for admin users. If the user is an admin user we authorize the access to that device. - //Secondly Check for device ownership. If the user is the owner of the device we allow the access. - return (isAdminUser(username, tenantId) || isDeviceOwner(deviceIdentifier, username)); + //Check for admin users. If the user is an admin user we authorize the access to that device. + return (isAdminUser(username, tenantId)); } catch (UserStoreException e) { - throw new DeviceAccessAuthorizationException("Unable to authorize the access to device : " + - deviceIdentifier.getId() + " for the user : " + + throw new DeviceAccessAuthorizationException("Unable to authorize the access for the user : " + username, e); } } diff --git a/components/identity-extensions/org.wso2.carbon.device.mgt.oauth.extensions/pom.xml b/components/identity-extensions/org.wso2.carbon.device.mgt.oauth.extensions/pom.xml index 03e70287c5d..813dd65d98c 100644 --- a/components/identity-extensions/org.wso2.carbon.device.mgt.oauth.extensions/pom.xml +++ b/components/identity-extensions/org.wso2.carbon.device.mgt.oauth.extensions/pom.xml @@ -34,10 +34,6 @@ http://wso2.org - - org.wso2.carbon.devicemgt - org.wso2.carbon.device.mgt.common - org.wso2.carbon.identity org.wso2.carbon.identity.oauth @@ -54,18 +50,10 @@ org.wso2.carbon.apimgt org.wso2.carbon.apimgt.keymgt - - com.googlecode.json-simple.wso2 - json-simple - - - org.wso2.carbon.identity - org.wso2.carbon.identity.oauth2.grant.jwt - - - org.wso2.carbon.devicemgt - org.wso2.carbon.device.mgt.core - + + com.googlecode.json-simple.wso2 + json-simple + @@ -94,9 +82,7 @@ javax.security.auth.*, org.apache.commons.logging, org.osgi.service.component, - org.wso2.carbon.device.mgt.common.permission.mgt, org.wso2.carbon.device.mgt.oauth.extensions.*, - org.wso2.carbon.device.mgt.*, org.wso2.carbon.identity.application.common.model, org.wso2.carbon.identity.oauth.callback, org.wso2.carbon.identity.oauth2, @@ -123,10 +109,6 @@ org.wso2.carbon.utils.multitenancy, org.wso2.carbon.identity.oauth2.grant.jwt.*, org.wso2.carbon.device.mgt.core.*, - javax.xml.bind, - javax.xml.bind.annotation, - javax.xml.parsers;version="${javax.xml.parsers.import.pkg.version}";resolution:=optional, - org.w3c.dom, org.wso2.carbon.apimgt.keymgt, org.wso2.carbon.apimgt.keymgt.handlers, com.google.gson, diff --git a/components/identity-extensions/org.wso2.carbon.device.mgt.oauth.extensions/src/main/java/org/wso2/carbon/device/mgt/oauth/extensions/DeviceRequestDTO.java b/components/identity-extensions/org.wso2.carbon.device.mgt.oauth.extensions/src/main/java/org/wso2/carbon/device/mgt/oauth/extensions/DeviceRequestDTO.java deleted file mode 100644 index 75c4b35b3ab..00000000000 --- a/components/identity-extensions/org.wso2.carbon.device.mgt.oauth.extensions/src/main/java/org/wso2/carbon/device/mgt/oauth/extensions/DeviceRequestDTO.java +++ /dev/null @@ -1,30 +0,0 @@ -package org.wso2.carbon.device.mgt.oauth.extensions; - -import org.wso2.carbon.device.mgt.common.DeviceIdentifier; - -import java.util.List; - -/** - * This class holds the request format for device for grant type. - */ -public class DeviceRequestDTO { - - private List deviceIdentifiers; - private String scope; - - public List getDeviceIdentifiers() { - return deviceIdentifiers; - } - - public void setDeviceIdentifiers(List deviceIdentifiers) { - this.deviceIdentifiers = deviceIdentifiers; - } - - public String getScope() { - return scope; - } - - public void setScope(String scope) { - this.scope = scope; - } -} diff --git a/components/identity-extensions/org.wso2.carbon.device.mgt.oauth.extensions/src/main/java/org/wso2/carbon/device/mgt/oauth/extensions/OAuthConstants.java b/components/identity-extensions/org.wso2.carbon.device.mgt.oauth.extensions/src/main/java/org/wso2/carbon/device/mgt/oauth/extensions/OAuthConstants.java deleted file mode 100644 index eff890831de..00000000000 --- a/components/identity-extensions/org.wso2.carbon.device.mgt.oauth.extensions/src/main/java/org/wso2/carbon/device/mgt/oauth/extensions/OAuthConstants.java +++ /dev/null @@ -1,13 +0,0 @@ -package org.wso2.carbon.device.mgt.oauth.extensions; - - -/** - * This hold the OAuthConstants related oauth extensions. - */ -public class OAuthConstants { - - public static final String DEFAULT_DEVICE_ASSERTION = "device"; - public static final String DEFAULT_USERNAME_IDENTIFIER = "username"; - public static final String DEFAULT_PASSWORD_IDENTIFIER = "password"; - -} diff --git a/components/identity-extensions/org.wso2.carbon.device.mgt.oauth.extensions/src/main/java/org/wso2/carbon/device/mgt/oauth/extensions/OAuthExtUtils.java b/components/identity-extensions/org.wso2.carbon.device.mgt.oauth.extensions/src/main/java/org/wso2/carbon/device/mgt/oauth/extensions/OAuthExtUtils.java index 76e2dba4169..c07041c678c 100644 --- a/components/identity-extensions/org.wso2.carbon.device.mgt.oauth.extensions/src/main/java/org/wso2/carbon/device/mgt/oauth/extensions/OAuthExtUtils.java +++ b/components/identity-extensions/org.wso2.carbon.device.mgt.oauth.extensions/src/main/java/org/wso2/carbon/device/mgt/oauth/extensions/OAuthExtUtils.java @@ -18,25 +18,14 @@ package org.wso2.carbon.device.mgt.oauth.extensions; -import com.google.gson.Gson; -import org.apache.commons.codec.binary.Base64; import org.apache.commons.logging.Log; import org.apache.commons.logging.LogFactory; -import org.w3c.dom.Document; import org.wso2.carbon.apimgt.api.APIManagementException; import org.wso2.carbon.apimgt.impl.APIConstants; import org.wso2.carbon.apimgt.impl.dao.ApiMgtDAO; import org.wso2.carbon.apimgt.impl.utils.APIUtil; -import org.wso2.carbon.apimgt.keymgt.ScopesIssuer; -import org.wso2.carbon.context.PrivilegedCarbonContext; -import org.wso2.carbon.device.mgt.common.DeviceIdentifier; -import org.wso2.carbon.device.mgt.common.authorization.DeviceAccessAuthorizationException; -import org.wso2.carbon.device.mgt.common.authorization.DeviceAuthorizationResult; -import org.wso2.carbon.device.mgt.oauth.extensions.config.DeviceMgtScopesConfig; -import org.wso2.carbon.device.mgt.oauth.extensions.config.DeviceMgtScopesConfigurationFailedException; import org.wso2.carbon.device.mgt.oauth.extensions.internal.OAuthExtensionsDataHolder; import org.wso2.carbon.identity.core.util.IdentityTenantUtil; -import org.wso2.carbon.identity.oauth2.model.RequestParameter; import org.wso2.carbon.identity.oauth2.token.OAuthTokenReqMessageContext; import org.wso2.carbon.user.api.TenantManager; import org.wso2.carbon.user.api.UserRealm; @@ -44,9 +33,6 @@ import org.wso2.carbon.user.api.UserStoreException; import org.wso2.carbon.user.core.service.RealmService; import javax.cache.Caching; -import javax.xml.parsers.DocumentBuilder; -import javax.xml.parsers.DocumentBuilderFactory; -import java.io.File; import java.util.ArrayList; import java.util.Arrays; import java.util.List; @@ -126,7 +112,6 @@ public class OAuthExtUtils { restAPIScopesOfCurrentTenant = APIUtil. getRESTAPIScopesFromConfig(APIUtil.getTenantRESTAPIScopesConfig(tenantDomain)); - //call load tenant org.wso2.carbon.device.mgt.iot.output.adapter.ui.config for rest API. //then put cache appScopes.putAll(restAPIScopesOfCurrentTenant); Caching.getCacheManager(APIConstants.API_MANAGER_CACHE_MANAGER) @@ -288,82 +273,4 @@ public class OAuthExtUtils { return trimmedName.substring(START_INDEX, trimmedName.lastIndexOf('@')); } - public static boolean validateScope(OAuthTokenReqMessageContext tokReqMsgCtx) { - boolean isScopesSet = ScopesIssuer.getInstance().setScopes(tokReqMsgCtx); - if (isScopesSet) { - PrivilegedCarbonContext.startTenantFlow(); - PrivilegedCarbonContext.getThreadLocalCarbonContext().setTenantDomain( - tokReqMsgCtx.getAuthorizedUser().getTenantDomain(), true); - String username = tokReqMsgCtx.getAuthorizedUser().getUserName(); - PrivilegedCarbonContext.getThreadLocalCarbonContext().setUsername(username); - try { - - DeviceRequestDTO deviceRequestDTO = null; - RequestParameter parameters[] = tokReqMsgCtx.getOauth2AccessTokenReqDTO().getRequestParameters(); - for (RequestParameter parameter : parameters) { - if (OAuthConstants.DEFAULT_DEVICE_ASSERTION.equals(parameter.getKey())) { - String deviceJson = parameter.getValue()[0]; - Gson gson = new Gson(); - deviceRequestDTO = gson.fromJson(new String(Base64.decodeBase64(deviceJson)), - DeviceRequestDTO.class); - } - } - if (deviceRequestDTO != null) { - String requestScopes = deviceRequestDTO.getScope(); - String scopeNames[] = requestScopes.split(" "); - for (String scopeName : scopeNames) { - List deviceIdentifiers = deviceRequestDTO.getDeviceIdentifiers(); - DeviceAuthorizationResult deviceAuthorizationResult = OAuthExtensionsDataHolder.getInstance() - .getDeviceAccessAuthorizationService() - .isUserAuthorized(deviceIdentifiers, username, getPermissions(scopeName)); - if (deviceAuthorizationResult != null && - deviceAuthorizationResult.getAuthorizedDevices() != null) { - String scopes[] = tokReqMsgCtx.getScope(); - String authorizedScopes[] = new String[scopes.length + deviceAuthorizationResult - .getAuthorizedDevices().size()]; - int scopeIndex = 0; - for (String scope : scopes) { - authorizedScopes[scopeIndex] = scope; - scopeIndex++; - } - for (DeviceIdentifier deviceIdentifier : deviceAuthorizationResult.getAuthorizedDevices()) { - authorizedScopes[scopeIndex] = - DEFAULT_SCOPE_TAG + ":" + deviceIdentifier.getType() + ":" + - deviceIdentifier.getId() + ":" + scopeName; - scopeIndex++; - } - tokReqMsgCtx.setScope(authorizedScopes); - } - } - } - } catch (DeviceAccessAuthorizationException e) { - log.error("Error occurred while checking authorization for the user " + username, e); - } finally { - PrivilegedCarbonContext.endTenantFlow(); - } - } - return isScopesSet; - } - - /** - * retrieve the permission related to given scope. - * @param scopeName requested scope action - * @return set of permission associated with the given scope. - */ - private static String[] getPermissions(String scopeName) { - return DeviceMgtScopesConfig.getInstance().getDeviceMgtScopePermissionMap().get(scopeName); - } - - public static Document convertToDocument(File file) throws DeviceMgtScopesConfigurationFailedException { - DocumentBuilderFactory factory = DocumentBuilderFactory.newInstance(); - factory.setNamespaceAware(true); - try { - DocumentBuilder docBuilder = factory.newDocumentBuilder(); - return docBuilder.parse(file); - } catch (Exception e) { - throw new DeviceMgtScopesConfigurationFailedException("Error occurred while parsing file, while converting " + - "to a org.w3c.dom.Document", e); - } - } - } diff --git a/components/identity-extensions/org.wso2.carbon.device.mgt.oauth.extensions/src/main/java/org/wso2/carbon/device/mgt/oauth/extensions/config/Action.java b/components/identity-extensions/org.wso2.carbon.device.mgt.oauth.extensions/src/main/java/org/wso2/carbon/device/mgt/oauth/extensions/config/Action.java deleted file mode 100644 index 4f71e308014..00000000000 --- a/components/identity-extensions/org.wso2.carbon.device.mgt.oauth.extensions/src/main/java/org/wso2/carbon/device/mgt/oauth/extensions/config/Action.java +++ /dev/null @@ -1,90 +0,0 @@ - -package org.wso2.carbon.device.mgt.oauth.extensions.config; - -import javax.xml.bind.annotation.XmlAccessType; -import javax.xml.bind.annotation.XmlAccessorType; -import javax.xml.bind.annotation.XmlAttribute; -import javax.xml.bind.annotation.XmlElement; -import javax.xml.bind.annotation.XmlType; - - -/** - *

Java class for Action complex type. - * - *

The following schema fragment specifies the expected content contained within this class. - * - *

- * <complexType name="Action">
- *   <complexContent>
- *     <restriction base="{http://www.w3.org/2001/XMLSchema}anyType">
- *       <sequence>
- *         <element name="Permissions" type="{}Permissions"/>
- *       </sequence>
- *       <attribute name="name" type="{http://www.w3.org/2001/XMLSchema}string" />
- *     </restriction>
- *   </complexContent>
- * </complexType>
- * 
- * - * - */ -@XmlAccessorType(XmlAccessType.FIELD) -@XmlType(name = "Action", propOrder = { - "permissions" -}) -public class Action { - - @XmlElement(name = "Permissions", required = true) - protected Permissions permissions; - @XmlAttribute(name = "name") - protected String name; - - /** - * Gets the value of the permissions property. - * - * @return - * possible object is - * {@link Permissions } - * - */ - public Permissions getPermissions() { - return permissions; - } - - /** - * Sets the value of the permissions property. - * - * @param value - * allowed object is - * {@link Permissions } - * - */ - public void setPermissions(Permissions value) { - this.permissions = value; - } - - /** - * Gets the value of the name property. - * - * @return - * possible object is - * {@link String } - * - */ - public String getName() { - return name; - } - - /** - * Sets the value of the name property. - * - * @param value - * allowed object is - * {@link String } - * - */ - public void setName(String value) { - this.name = value; - } - -} diff --git a/components/identity-extensions/org.wso2.carbon.device.mgt.oauth.extensions/src/main/java/org/wso2/carbon/device/mgt/oauth/extensions/config/DeviceMgtScopes.java b/components/identity-extensions/org.wso2.carbon.device.mgt.oauth.extensions/src/main/java/org/wso2/carbon/device/mgt/oauth/extensions/config/DeviceMgtScopes.java deleted file mode 100644 index 07a46b21304..00000000000 --- a/components/identity-extensions/org.wso2.carbon.device.mgt.oauth.extensions/src/main/java/org/wso2/carbon/device/mgt/oauth/extensions/config/DeviceMgtScopes.java +++ /dev/null @@ -1,67 +0,0 @@ - -package org.wso2.carbon.device.mgt.oauth.extensions.config; - -import java.util.ArrayList; -import java.util.List; -import javax.xml.bind.annotation.XmlAccessType; -import javax.xml.bind.annotation.XmlAccessorType; -import javax.xml.bind.annotation.XmlElement; -import javax.xml.bind.annotation.XmlRootElement; -import javax.xml.bind.annotation.XmlType; - - -/** - *

Java class for DeviceMgtScopes complex type. - * - *

The following schema fragment specifies the expected content contained within this class. - * - *

- * <complexType name="DeviceMgtScopes">
- *   <complexContent>
- *     <restriction base="{http://www.w3.org/2001/XMLSchema}anyType">
- *       <sequence>
- *         <element name="Action" type="{}Action" maxOccurs="unbounded" minOccurs="0"/>
- *       </sequence>
- *     </restriction>
- *   </complexContent>
- * </complexType>
- * 
- * - * - */ -@XmlRootElement(name = "DeviceMgtScopes") -public class DeviceMgtScopes { - - @XmlElement(name = "Action") - protected List action; - - /** - * Gets the value of the action property. - * - *

- * This accessor method returns a reference to the live list, - * not a snapshot. Therefore any modification you make to the - * returned list will be present inside the JAXB object. - * This is why there is not a set method for the action property. - * - *

- * For example, to add a new item, do as follows: - *

-     *    getAction().add(newItem);
-     * 
- * - * - *

- * Objects of the following type(s) are allowed in the list - * {@link Action } - * - * - */ - public List getAction() { - if (action == null) { - action = new ArrayList(); - } - return this.action; - } - -} diff --git a/components/identity-extensions/org.wso2.carbon.device.mgt.oauth.extensions/src/main/java/org/wso2/carbon/device/mgt/oauth/extensions/config/DeviceMgtScopesConfig.java b/components/identity-extensions/org.wso2.carbon.device.mgt.oauth.extensions/src/main/java/org/wso2/carbon/device/mgt/oauth/extensions/config/DeviceMgtScopesConfig.java deleted file mode 100644 index 9f8d05760b5..00000000000 --- a/components/identity-extensions/org.wso2.carbon.device.mgt.oauth.extensions/src/main/java/org/wso2/carbon/device/mgt/oauth/extensions/config/DeviceMgtScopesConfig.java +++ /dev/null @@ -1,67 +0,0 @@ - -package org.wso2.carbon.device.mgt.oauth.extensions.config; - -import org.w3c.dom.Document; -import org.wso2.carbon.device.mgt.oauth.extensions.OAuthExtUtils; -import org.wso2.carbon.utils.CarbonUtils; - -import javax.xml.bind.JAXBContext; -import javax.xml.bind.JAXBException; -import javax.xml.bind.Unmarshaller; -import java.io.File; -import java.util.HashMap; -import java.util.Map; - -/** - * This class represents the configuration that are needed for scopes to permission map. - */ -public class DeviceMgtScopesConfig { - - private static DeviceMgtScopesConfig config = new DeviceMgtScopesConfig(); - private static Map actionPermissionMap = new HashMap<>(); - - private static final String DEVICE_MGT_SCOPES_CONFIG_PATH = - CarbonUtils.getEtcCarbonConfigDirPath() + File.separator + "device-mgt-scopes.xml"; - - private DeviceMgtScopesConfig() { - } - - public static DeviceMgtScopesConfig getInstance() { - return config; - } - - public static void init() throws DeviceMgtScopesConfigurationFailedException { - try { - File deviceMgtConfig = new File(DEVICE_MGT_SCOPES_CONFIG_PATH); - Document doc = OAuthExtUtils.convertToDocument(deviceMgtConfig); - - /* Un-marshaling DeviceMGtScope configuration */ - JAXBContext ctx = JAXBContext.newInstance(DeviceMgtScopes.class); - Unmarshaller unmarshaller = ctx.createUnmarshaller(); - //unmarshaller.setSchema(getSchema()); - DeviceMgtScopes deviceMgtScopes = (DeviceMgtScopes) unmarshaller.unmarshal(doc); - if (deviceMgtScopes != null) { - for (Action action : deviceMgtScopes.getAction()) { - Permissions permissions = action.getPermissions(); - if (permissions != null) { - String permission[] = new String[permissions.getPermission().size()]; - int i = 0; - for (String perm : permissions.getPermission()) { - permission[i] = perm; - i++; - } - actionPermissionMap.put(action.getName(), permission); - } - } - } - } catch (JAXBException e) { - throw new DeviceMgtScopesConfigurationFailedException("Error occurred while un-marshalling Device Scope" + - " Config", e); - } - } - - public Map getDeviceMgtScopePermissionMap() { - return actionPermissionMap; - } - -} diff --git a/components/identity-extensions/org.wso2.carbon.device.mgt.oauth.extensions/src/main/java/org/wso2/carbon/device/mgt/oauth/extensions/config/DeviceMgtScopesConfigurationFailedException.java b/components/identity-extensions/org.wso2.carbon.device.mgt.oauth.extensions/src/main/java/org/wso2/carbon/device/mgt/oauth/extensions/config/DeviceMgtScopesConfigurationFailedException.java deleted file mode 100644 index 7a16382c18d..00000000000 --- a/components/identity-extensions/org.wso2.carbon.device.mgt.oauth.extensions/src/main/java/org/wso2/carbon/device/mgt/oauth/extensions/config/DeviceMgtScopesConfigurationFailedException.java +++ /dev/null @@ -1,44 +0,0 @@ -/* - * Copyright (c) 2016, WSO2 Inc. (http://www.wso2.org) All Rights Reserved. - * - * WSO2 Inc. licenses this file to you under the Apache License, - * Version 2.0 (the "License"); you may not use this file except - * in compliance with the License. - * You may obtain a copy of the License at - * - * http://www.apache.org/licenses/LICENSE-2.0 - * - * Unless required by applicable law or agreed to in writing, - * software distributed under the License is distributed on an - * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY - * KIND, either express or implied. See the License for the - * specific language governing permissions and limitations - * under the License. - */ - -package org.wso2.carbon.device.mgt.oauth.extensions.config; - -public class DeviceMgtScopesConfigurationFailedException extends Exception { - - private static final long serialVersionUID = -3151279312929070398L; - - public DeviceMgtScopesConfigurationFailedException(String msg, Exception nestedEx) { - super(msg, nestedEx); - } - - public DeviceMgtScopesConfigurationFailedException(String message, Throwable cause) { - super(message, cause); - } - - public DeviceMgtScopesConfigurationFailedException(String msg) { - super(msg); - } - - public DeviceMgtScopesConfigurationFailedException() { - super(); - } - - public DeviceMgtScopesConfigurationFailedException(Throwable cause) { - super(cause); - } -} diff --git a/components/identity-extensions/org.wso2.carbon.device.mgt.oauth.extensions/src/main/java/org/wso2/carbon/device/mgt/oauth/extensions/config/Permissions.java b/components/identity-extensions/org.wso2.carbon.device.mgt.oauth.extensions/src/main/java/org/wso2/carbon/device/mgt/oauth/extensions/config/Permissions.java deleted file mode 100644 index 6733a42e8d5..00000000000 --- a/components/identity-extensions/org.wso2.carbon.device.mgt.oauth.extensions/src/main/java/org/wso2/carbon/device/mgt/oauth/extensions/config/Permissions.java +++ /dev/null @@ -1,78 +0,0 @@ - -package org.wso2.carbon.device.mgt.oauth.extensions.config; - -import java.util.ArrayList; -import java.util.List; -import javax.xml.bind.annotation.XmlAccessType; -import javax.xml.bind.annotation.XmlAccessorType; -import javax.xml.bind.annotation.XmlElement; -import javax.xml.bind.annotation.XmlType; - - -/** - *

Java class for Permissions complex type. - * - *

The following schema fragment specifies the expected content contained within this class. - * - *

- * <complexType name="Permissions">
- *   <complexContent>
- *     <restriction base="{http://www.w3.org/2001/XMLSchema}anyType">
- *       <sequence>
- *         <element name="Permission" maxOccurs="unbounded" minOccurs="0">
- *           <simpleType>
- *             <restriction base="{http://www.w3.org/2001/XMLSchema}string">
- *               <enumeration value="/permission/device-mgt/user/groups/device_operation"/>
- *               <enumeration value="/permission/device-mgt/groups"/>
- *               <enumeration value="/permission/device-mgt/user/groups"/>
- *               <enumeration value="/permission/device-mgt/user/groups/device_monitor"/>
- *             </restriction>
- *           </simpleType>
- *         </element>
- *       </sequence>
- *     </restriction>
- *   </complexContent>
- * </complexType>
- * 
- * - * - */ -@XmlAccessorType(XmlAccessType.FIELD) -@XmlType(name = "Permissions", propOrder = { - "permission" -}) -public class Permissions { - - @XmlElement(name = "Permission") - protected List permission; - - /** - * Gets the value of the permission property. - * - *

- * This accessor method returns a reference to the live list, - * not a snapshot. Therefore any modification you make to the - * returned list will be present inside the JAXB object. - * This is why there is not a set method for the permission property. - * - *

- * For example, to add a new item, do as follows: - *

-     *    getPermission().add(newItem);
-     * 
- * - * - *

- * Objects of the following type(s) are allowed in the list - * {@link String } - * - * - */ - public List getPermission() { - if (permission == null) { - permission = new ArrayList(); - } - return this.permission; - } - -} diff --git a/components/identity-extensions/org.wso2.carbon.device.mgt.oauth.extensions/src/main/java/org/wso2/carbon/device/mgt/oauth/extensions/handlers/grant/ExtendedDeviceMgtJWTBearerGrantHandler.java b/components/identity-extensions/org.wso2.carbon.device.mgt.oauth.extensions/src/main/java/org/wso2/carbon/device/mgt/oauth/extensions/handlers/grant/ExtendedDeviceMgtJWTBearerGrantHandler.java deleted file mode 100644 index 6928f1ea6dd..00000000000 --- a/components/identity-extensions/org.wso2.carbon.device.mgt.oauth.extensions/src/main/java/org/wso2/carbon/device/mgt/oauth/extensions/handlers/grant/ExtendedDeviceMgtJWTBearerGrantHandler.java +++ /dev/null @@ -1,31 +0,0 @@ -/* - * Copyright (c) 2016, WSO2 Inc. (http://www.wso2.org) All Rights Reserved. - * - * WSO2 Inc. licenses this file to you under the Apache License, - * Version 2.0 (the "License"); you may not use this file except - * in compliance with the License. - * You may obtain a copy of the License at - * - * http://www.apache.org/licenses/LICENSE-2.0 - * - * Unless required by applicable law or agreed to in writing, - * software distributed under the License is distributed on an - * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY - * KIND, either express or implied. See the License for the - * specific language governing permissions and limitations - * under the License. - */ -package org.wso2.carbon.device.mgt.oauth.extensions.handlers.grant; - -import org.wso2.carbon.device.mgt.oauth.extensions.OAuthExtUtils; -import org.wso2.carbon.identity.oauth2.IdentityOAuth2Exception; -import org.wso2.carbon.identity.oauth2.grant.jwt.JWTBearerGrantHandler; -import org.wso2.carbon.identity.oauth2.token.OAuthTokenReqMessageContext; - -public class ExtendedDeviceMgtJWTBearerGrantHandler extends JWTBearerGrantHandler { - - @Override - public boolean validateScope(OAuthTokenReqMessageContext tokReqMsgCtx) throws IdentityOAuth2Exception { - return OAuthExtUtils.validateScope(tokReqMsgCtx); - } -} diff --git a/components/identity-extensions/org.wso2.carbon.device.mgt.oauth.extensions/src/main/java/org/wso2/carbon/device/mgt/oauth/extensions/handlers/grant/ExtendedDeviceMgtPasswordGrantHandler.java b/components/identity-extensions/org.wso2.carbon.device.mgt.oauth.extensions/src/main/java/org/wso2/carbon/device/mgt/oauth/extensions/handlers/grant/ExtendedDeviceMgtPasswordGrantHandler.java deleted file mode 100644 index 04418991eed..00000000000 --- a/components/identity-extensions/org.wso2.carbon.device.mgt.oauth.extensions/src/main/java/org/wso2/carbon/device/mgt/oauth/extensions/handlers/grant/ExtendedDeviceMgtPasswordGrantHandler.java +++ /dev/null @@ -1,59 +0,0 @@ -/* - * Copyright (c) 2016, WSO2 Inc. (http://www.wso2.org) All Rights Reserved. - * - * WSO2 Inc. licenses this file to you under the Apache License, - * Version 2.0 (the "License"); you may not use this file except - * in compliance with the License. - * You may obtain a copy of the License at - * - * http://www.apache.org/licenses/LICENSE-2.0 - * - * Unless required by applicable law or agreed to in writing, - * software distributed under the License is distributed on an - * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY - * KIND, either express or implied. See the License for the - * specific language governing permissions and limitations - * under the License. - */ - -package org.wso2.carbon.device.mgt.oauth.extensions.handlers.grant; - -import org.apache.commons.logging.Log; -import org.apache.commons.logging.LogFactory; -import org.wso2.carbon.apimgt.keymgt.handlers.ExtendedPasswordGrantHandler; -import org.wso2.carbon.device.mgt.oauth.extensions.OAuthConstants; -import org.wso2.carbon.device.mgt.oauth.extensions.OAuthExtUtils; -import org.wso2.carbon.identity.oauth2.IdentityOAuth2Exception; -import org.wso2.carbon.identity.oauth2.model.RequestParameter; -import org.wso2.carbon.identity.oauth2.token.OAuthTokenReqMessageContext; - -@SuppressWarnings("unused") -public class ExtendedDeviceMgtPasswordGrantHandler extends ExtendedPasswordGrantHandler { - - private static Log log = LogFactory.getLog(ExtendedDeviceMgtPasswordGrantHandler.class); - - @Override - public boolean validateGrant(OAuthTokenReqMessageContext tokReqMsgCtx) throws IdentityOAuth2Exception { - RequestParameter parameters[] = tokReqMsgCtx.getOauth2AccessTokenReqDTO().getRequestParameters(); - for (RequestParameter parameter : parameters) { - switch (parameter.getKey()) { - case OAuthConstants.DEFAULT_USERNAME_IDENTIFIER: - String username = parameter.getValue()[0]; - tokReqMsgCtx.getOauth2AccessTokenReqDTO().setResourceOwnerUsername(username); - break; - - case OAuthConstants.DEFAULT_PASSWORD_IDENTIFIER: - String password = parameter.getValue()[0]; - tokReqMsgCtx.getOauth2AccessTokenReqDTO().setResourceOwnerPassword(password); - break; - } - } - return super.validateGrant(tokReqMsgCtx); - } - - @Override - public boolean validateScope(OAuthTokenReqMessageContext tokReqMsgCtx) { - return OAuthExtUtils.validateScope(tokReqMsgCtx); - } - -} diff --git a/components/identity-extensions/org.wso2.carbon.device.mgt.oauth.extensions/src/main/java/org/wso2/carbon/device/mgt/oauth/extensions/internal/OAuthExtensionServiceComponent.java b/components/identity-extensions/org.wso2.carbon.device.mgt.oauth.extensions/src/main/java/org/wso2/carbon/device/mgt/oauth/extensions/internal/OAuthExtensionServiceComponent.java index d43c86297f4..dfcdc2dff27 100644 --- a/components/identity-extensions/org.wso2.carbon.device.mgt.oauth.extensions/src/main/java/org/wso2/carbon/device/mgt/oauth/extensions/internal/OAuthExtensionServiceComponent.java +++ b/components/identity-extensions/org.wso2.carbon.device.mgt.oauth.extensions/src/main/java/org/wso2/carbon/device/mgt/oauth/extensions/internal/OAuthExtensionServiceComponent.java @@ -24,12 +24,6 @@ import org.osgi.service.component.ComponentContext; import org.wso2.carbon.apimgt.api.APIManagementException; import org.wso2.carbon.apimgt.impl.APIConstants; import org.wso2.carbon.apimgt.impl.APIManagerConfiguration; -import org.wso2.carbon.device.mgt.common.authorization.DeviceAccessAuthorizationException; -import org.wso2.carbon.device.mgt.common.authorization.DeviceAccessAuthorizationService; -import org.wso2.carbon.device.mgt.common.permission.mgt.PermissionManagerService; -import org.wso2.carbon.device.mgt.core.service.DeviceManagementProviderService; -import org.wso2.carbon.device.mgt.oauth.extensions.config.DeviceMgtScopesConfig; -import org.wso2.carbon.device.mgt.oauth.extensions.config.DeviceMgtScopesConfigurationFailedException; import org.wso2.carbon.identity.oauth2.OAuth2TokenValidationService; import org.wso2.carbon.user.core.service.RealmService; import org.wso2.carbon.utils.CarbonUtils; @@ -52,18 +46,6 @@ import java.util.List; * policy="dynamic" * bind="setOAuth2ValidationService" * unbind="unsetOAuth2ValidationService" - * @scr.reference name="permission.manager.service" - * interface="org.wso2.carbon.device.mgt.common.permission.mgt.PermissionManagerService" - * cardinality="1..1" - * policy="dynamic" - * bind="setPermissionManagerService" - * unbind="unsetPermissionManagerService" - * @scr.reference name="org.wso2.carbon.device.authorization" - * interface="org.wso2.carbon.device.mgt.common.authorization.DeviceAccessAuthorizationService" - * cardinality="1..1" - * policy="dynamic" - * bind="setDeviceAccessAuthorizationService" - * unbind="unsetDeviceAccessAuthorizationService" */ public class OAuthExtensionServiceComponent { @@ -79,7 +61,6 @@ public class OAuthExtensionServiceComponent { log.debug("Starting OAuthExtensionBundle"); } try { - DeviceMgtScopesConfig.init(); APIManagerConfiguration configuration = new APIManagerConfiguration(); String filePath = new StringBuilder(). @@ -108,8 +89,6 @@ public class OAuthExtensionServiceComponent { OAuthExtensionsDataHolder.getInstance().setWhitelistedScopes(whiteList); } catch (APIManagementException e) { log.error("Error occurred while loading DeviceMgtConfig configurations", e); - } catch (DeviceMgtScopesConfigurationFailedException e) { - log.error("Failed to initialize device scope configuration.", e); } } @@ -168,50 +147,5 @@ public class OAuthExtensionServiceComponent { OAuthExtensionsDataHolder.getInstance().setoAuth2TokenValidationService(null); } - /** - * Sets PermissionManagerService Service. - * - * @param permissionManagerService An instance of PermissionManagerService - */ - protected void setPermissionManagerService(PermissionManagerService permissionManagerService) { - if (log.isDebugEnabled()) { - log.debug("Setting PermissionManager Service"); - } - OAuthExtensionsDataHolder.getInstance().setPermissionManagerService(permissionManagerService); - } - - /** - * Unsets PermissionManagerService Service. - * - * @param permissionManagerService An instance of PermissionManagerService - */ - protected void unsetPermissionManagerService(PermissionManagerService permissionManagerService) { - if (log.isDebugEnabled()) { - log.debug("Unsetting PermissionManager Service"); - } - OAuthExtensionsDataHolder.getInstance().setPermissionManagerService(null); - } - - /** - * Set DeviceManagementProviderService - * @param deviceAccessAuthorizationService An instance of deviceAccessAuthorizationService - */ - protected void setDeviceAccessAuthorizationService(DeviceAccessAuthorizationService deviceAccessAuthorizationService) { - if (log.isDebugEnabled()) { - log.debug("Setting Device Management Service"); - } - OAuthExtensionsDataHolder.getInstance().setDeviceAccessAuthorizationService(deviceAccessAuthorizationService); - } - - /** - * unset DeviceManagementProviderService - * @param deviceAccessAuthorizationService An instance of deviceAccessAuthorizationService - */ - protected void unsetDeviceAccessAuthorizationService(DeviceAccessAuthorizationService deviceAccessAuthorizationService) { - if (log.isDebugEnabled()) { - log.debug("Removing Device Management Service"); - } - OAuthExtensionsDataHolder.getInstance().setDeviceAccessAuthorizationService(null); - } } diff --git a/components/identity-extensions/org.wso2.carbon.device.mgt.oauth.extensions/src/main/java/org/wso2/carbon/device/mgt/oauth/extensions/internal/OAuthExtensionsDataHolder.java b/components/identity-extensions/org.wso2.carbon.device.mgt.oauth.extensions/src/main/java/org/wso2/carbon/device/mgt/oauth/extensions/internal/OAuthExtensionsDataHolder.java index 5e4d953fc4b..4f401b3db56 100644 --- a/components/identity-extensions/org.wso2.carbon.device.mgt.oauth.extensions/src/main/java/org/wso2/carbon/device/mgt/oauth/extensions/internal/OAuthExtensionsDataHolder.java +++ b/components/identity-extensions/org.wso2.carbon.device.mgt.oauth.extensions/src/main/java/org/wso2/carbon/device/mgt/oauth/extensions/internal/OAuthExtensionsDataHolder.java @@ -18,9 +18,6 @@ package org.wso2.carbon.device.mgt.oauth.extensions.internal; -import org.wso2.carbon.device.mgt.common.authorization.DeviceAccessAuthorizationService; -import org.wso2.carbon.device.mgt.common.permission.mgt.PermissionManagerService; -import org.wso2.carbon.device.mgt.core.service.DeviceManagementProviderService; import org.wso2.carbon.identity.oauth2.OAuth2TokenValidationService; import org.wso2.carbon.user.core.service.RealmService; @@ -33,10 +30,7 @@ public class OAuthExtensionsDataHolder { private RealmService realmService; private OAuth2TokenValidationService oAuth2TokenValidationService; - private PermissionManagerService permissionManagerService; private List whitelistedScopes; - private String deviceScope; - private DeviceAccessAuthorizationService deviceAccessAuthorizationService; private static OAuthExtensionsDataHolder thisInstance = new OAuthExtensionsDataHolder(); @@ -69,17 +63,6 @@ public class OAuthExtensionsDataHolder { this.oAuth2TokenValidationService = oAuth2TokenValidationService; } - public void setPermissionManagerService(PermissionManagerService permissionManagerService) { - this.permissionManagerService = permissionManagerService; - } - - public PermissionManagerService getPermissionManagerService() { - if (permissionManagerService == null) { - throw new IllegalStateException("PermissionManager service is not initialized properly"); - } - return permissionManagerService; - } - public List getWhitelistedScopes() { return whitelistedScopes; } @@ -88,15 +71,4 @@ public class OAuthExtensionsDataHolder { this.whitelistedScopes = whitelistedScopes; } - public String getDeviceScope() { - return deviceScope; - } - - public DeviceAccessAuthorizationService getDeviceAccessAuthorizationService() { - return deviceAccessAuthorizationService; - } - - public void setDeviceAccessAuthorizationService(DeviceAccessAuthorizationService deviceAccessAuthorizationService) { - this.deviceAccessAuthorizationService = deviceAccessAuthorizationService; - } } diff --git a/components/identity-extensions/org.wso2.carbon.device.mgt.oauth.extensions/src/main/java/org/wso2/carbon/device/mgt/oauth/extensions/validators/ExtendedDeviceJWTGrantValidator.java b/components/identity-extensions/org.wso2.carbon.device.mgt.oauth.extensions/src/main/java/org/wso2/carbon/device/mgt/oauth/extensions/validators/ExtendedDeviceJWTGrantValidator.java deleted file mode 100644 index 903c3997d46..00000000000 --- a/components/identity-extensions/org.wso2.carbon.device.mgt.oauth.extensions/src/main/java/org/wso2/carbon/device/mgt/oauth/extensions/validators/ExtendedDeviceJWTGrantValidator.java +++ /dev/null @@ -1,38 +0,0 @@ -/* - * Copyright (c) 2016, WSO2 Inc. (http://www.wso2.org) All Rights Reserved. - * - * WSO2 Inc. licenses this file to you under the Apache License, - * Version 2.0 (the "License"); you may not use this file except - * in compliance with the License. - * You may obtain a copy of the License at - * - * http://www.apache.org/licenses/LICENSE-2.0 - * - * Unless required by applicable law or agreed to in writing, - * software distributed under the License is distributed on an - * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY - * KIND, either express or implied. See the License for the - * specific language governing permissions and limitations - * under the License - */ - -package org.wso2.carbon.device.mgt.oauth.extensions.validators; - -import org.apache.oltu.oauth2.common.OAuth; -import org.apache.oltu.oauth2.common.validators.AbstractValidator; -import org.wso2.carbon.device.mgt.oauth.extensions.OAuthConstants; - -import javax.servlet.http.HttpServletRequest; - -/** - * Grant validator for JSON Web Tokens - * For JWT Grant to be valid the required parameters are - * grant_type and assertion - */ -public class ExtendedDeviceJWTGrantValidator extends AbstractValidator { - - public ExtendedDeviceJWTGrantValidator() { - requiredParams.add(OAuth.OAUTH_GRANT_TYPE); - requiredParams.add(OAuth.OAUTH_ASSERTION); - } -} \ No newline at end of file diff --git a/components/identity-extensions/org.wso2.carbon.device.mgt.oauth.extensions/src/main/java/org/wso2/carbon/device/mgt/oauth/extensions/validators/ExtendedDevicePasswordGrantValidator.java b/components/identity-extensions/org.wso2.carbon.device.mgt.oauth.extensions/src/main/java/org/wso2/carbon/device/mgt/oauth/extensions/validators/ExtendedDevicePasswordGrantValidator.java deleted file mode 100644 index e22b211f5f1..00000000000 --- a/components/identity-extensions/org.wso2.carbon.device.mgt.oauth.extensions/src/main/java/org/wso2/carbon/device/mgt/oauth/extensions/validators/ExtendedDevicePasswordGrantValidator.java +++ /dev/null @@ -1,37 +0,0 @@ -/* - * Copyright (c) 2016, WSO2 Inc. (http://www.wso2.org) All Rights Reserved. - * - * WSO2 Inc. licenses this file to you under the Apache License, - * Version 2.0 (the "License"); you may not use this file except - * in compliance with the License. - * You may obtain a copy of the License at - * - * http://www.apache.org/licenses/LICENSE-2.0 - * - * Unless required by applicable law or agreed to in writing, - * software distributed under the License is distributed on an - * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY - * KIND, either express or implied. See the License for the - * specific language governing permissions and limitations - * under the License - */ - -package org.wso2.carbon.device.mgt.oauth.extensions.validators; - -import org.apache.oltu.oauth2.common.OAuth; -import org.apache.oltu.oauth2.common.validators.AbstractValidator; -import org.wso2.carbon.device.mgt.oauth.extensions.OAuthConstants; - -import javax.servlet.http.HttpServletRequest; - -/** - * Grant validator for Device Object with Password Grant type - */ -public class ExtendedDevicePasswordGrantValidator extends AbstractValidator { - - public ExtendedDevicePasswordGrantValidator() { - requiredParams.add(OAuth.OAUTH_USERNAME); - requiredParams.add(OAuth.OAUTH_PASSWORD); - requiredParams.add(OAuthConstants.DEFAULT_DEVICE_ASSERTION); - } -} \ No newline at end of file diff --git a/components/identity-extensions/org.wso2.carbon.device.mgt.oauth.extensions/src/main/java/org/wso2/carbon/device/mgt/oauth/extensions/validators/PermissionBasedScopeValidator.java b/components/identity-extensions/org.wso2.carbon.device.mgt.oauth.extensions/src/main/java/org/wso2/carbon/device/mgt/oauth/extensions/validators/PermissionBasedScopeValidator.java deleted file mode 100644 index a032df38a3a..00000000000 --- a/components/identity-extensions/org.wso2.carbon.device.mgt.oauth.extensions/src/main/java/org/wso2/carbon/device/mgt/oauth/extensions/validators/PermissionBasedScopeValidator.java +++ /dev/null @@ -1,112 +0,0 @@ -/* - * Copyright (c) 2015, WSO2 Inc. (http://www.wso2.org) All Rights Reserved. - * - * WSO2 Inc. licenses this file to you under the Apache License, - * Version 2.0 (the "License"); you may not use this file except - * in compliance with the License. - * you may obtain a copy of the License at - * - * http://www.apache.org/licenses/LICENSE-2.0 - * - * Unless required by applicable law or agreed to in writing, - * software distributed under the License is distributed on an - * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY - * KIND, either express or implied. See the License for the - * specific language governing permissions and limitations - * under the License. - */ - -package org.wso2.carbon.device.mgt.oauth.extensions.validators; - -import org.apache.commons.logging.Log; -import org.apache.commons.logging.LogFactory; -import org.wso2.carbon.device.mgt.common.permission.mgt.Permission; -import org.wso2.carbon.device.mgt.common.permission.mgt.PermissionManagementException; -import org.wso2.carbon.device.mgt.common.permission.mgt.PermissionManagerService; -import org.wso2.carbon.device.mgt.oauth.extensions.OAuthExtUtils; -import org.wso2.carbon.device.mgt.oauth.extensions.internal.OAuthExtensionsDataHolder; -import org.wso2.carbon.identity.application.common.model.User; -import org.wso2.carbon.identity.oauth2.IdentityOAuth2Exception; -import org.wso2.carbon.identity.oauth2.model.AccessTokenDO; -import org.wso2.carbon.identity.oauth2.validators.OAuth2ScopeValidator; -import org.wso2.carbon.user.api.UserRealm; -import org.wso2.carbon.user.api.UserStoreException; - -import java.util.Properties; - -/** - * Custom OAuth2Token Scope validation implementation for DeviceManagement. This will validate the - * user permissions before dispatching the HTTP request to the actual endpoint. - */ -public class PermissionBasedScopeValidator extends OAuth2ScopeValidator { - - private static final String URL_PROPERTY = "URL"; - private static final String HTTP_METHOD_PROPERTY = "HTTP_METHOD"; - - public static final class PermissionMethod { - private PermissionMethod() { - throw new AssertionError(); - } - - public static final String READ = "read"; - public static final String WRITE = "write"; - public static final String DELETE = "delete"; - public static final String ACTION = "action"; - public static final String UI_EXECUTE = "ui.execute"; - } - - private static final Log log = LogFactory.getLog(PermissionBasedScopeValidator.class); - - @Override - public boolean validateScope(AccessTokenDO accessTokenDO, String resource) - throws IdentityOAuth2Exception { - boolean status = true; - //Extract the url & http method - int idx = resource.lastIndexOf(':'); - String url = resource.substring(0, idx); - String method = resource.substring(++idx, resource.length()); - //This is to remove the url params for request path. - int urlParamIndex = url.indexOf('?'); - if(urlParamIndex > 0) { - url = url.substring(0, urlParamIndex); - } - - Properties properties = new Properties(); - properties.put(PermissionBasedScopeValidator.URL_PROPERTY, url.toLowerCase()); - properties.put(PermissionBasedScopeValidator.HTTP_METHOD_PROPERTY, method.toUpperCase()); - PermissionManagerService permissionManagerService = OAuthExtensionsDataHolder.getInstance(). - getPermissionManagerService(); - try { - Permission permission = permissionManagerService.getPermission(properties); - User authzUser = accessTokenDO.getAuthzUser(); - if ((permission != null) && (authzUser != null)) { - if (permission.getPath() == null) { - if (log.isDebugEnabled()) { - log.debug("Permission is not defined for the resource '" + resource + "'"); - } - return true; - } - String username = authzUser.getUserName(); - String userStore = authzUser.getUserStoreDomain(); - int tenantId = OAuthExtUtils.getTenantId(authzUser.getTenantDomain()); - UserRealm userRealm = OAuthExtensionsDataHolder.getInstance().getRealmService().getTenantUserRealm(tenantId); - if (userRealm != null && userRealm.getAuthorizationManager() != null) { - if (userStore != null) { - status = userRealm.getAuthorizationManager() - .isUserAuthorized(userStore + "/" + username, permission.getPath(), - PermissionMethod.UI_EXECUTE); - } else { - status = userRealm.getAuthorizationManager() - .isUserAuthorized(username, permission.getPath(), PermissionMethod.UI_EXECUTE); - } - } - } - } catch (PermissionManagementException e) { - log.error("Error occurred while validating the resource scope for : " + resource + - ", Msg = " + e.getMessage(), e); - } catch (UserStoreException e) { - log.error("Error occurred while retrieving user store. " + e.getMessage()); - } - return status; - } -} diff --git a/components/identity-extensions/org.wso2.carbon.identity.jwt.client.extension/src/main/java/org/wso2/carbon/identity/jwt/client/extension/JWTClient.java b/components/identity-extensions/org.wso2.carbon.identity.jwt.client.extension/src/main/java/org/wso2/carbon/identity/jwt/client/extension/JWTClient.java index 6698b8c12f0..93a576f77e2 100644 --- a/components/identity-extensions/org.wso2.carbon.identity.jwt.client.extension/src/main/java/org/wso2/carbon/identity/jwt/client/extension/JWTClient.java +++ b/components/identity-extensions/org.wso2.carbon.identity.jwt.client.extension/src/main/java/org/wso2/carbon/identity/jwt/client/extension/JWTClient.java @@ -73,7 +73,9 @@ public class JWTClient { throw new JWTClientException("JWT is not configured properly for user : " + username); } params.add(new BasicNameValuePair(JWTConstants.JWT_PARAM_NAME, assertion)); - params.add(new BasicNameValuePair(JWTConstants.SCOPE_PARAM_NAME, scopes)); + if (scopes != null && !scopes.isEmpty()) { + params.add(new BasicNameValuePair(JWTConstants.SCOPE_PARAM_NAME, scopes)); + } return getTokenInfo(params, consumerKey, consumerSecret); } @@ -87,7 +89,9 @@ public class JWTClient { throw new JWTClientException("JWT is not configured properly for user : " + username); } params.add(new BasicNameValuePair(JWTConstants.JWT_PARAM_NAME, assertion)); - params.add(new BasicNameValuePair(JWTConstants.SCOPE_PARAM_NAME, scopes)); + if (scopes != null && !scopes.isEmpty()) { + params.add(new BasicNameValuePair(JWTConstants.SCOPE_PARAM_NAME, scopes)); + } if (paramsMap != null) { for (String key : paramsMap.keySet()) { params.add(new BasicNameValuePair(key, paramsMap.get(key))); diff --git a/features/oauth-extensions/org.wso2.carbon.device.mgt.oauth.extensions.feature/src/main/resources/device-mgt-scopes.xml b/features/oauth-extensions/org.wso2.carbon.device.mgt.oauth.extensions.feature/src/main/resources/device-mgt-scopes.xml deleted file mode 100644 index a76191cce0b..00000000000 --- a/features/oauth-extensions/org.wso2.carbon.device.mgt.oauth.extensions.feature/src/main/resources/device-mgt-scopes.xml +++ /dev/null @@ -1,51 +0,0 @@ - - - - - - - - - /permission/device-mgt/user/groups/device_operation - /permission/device-mgt/admin/groups - /permission/device-mgt/user/groups - - - - - /permission/device-mgt/user/groups/device_monitor - /permission/device-mgt/admin/groups - /permission/device-mgt/user/groups - - - - - /permission/device-mgt/user/groups/device_monitor - /permission/device-mgt/admin/groups - /permission/device-mgt/user/groups - - - - - /permission/device-mgt/user/groups/device_operation - /permission/device-mgt/admin/groups - /permission/device-mgt/user/groups - - - \ No newline at end of file diff --git a/features/oauth-extensions/org.wso2.carbon.device.mgt.oauth.extensions.feature/src/main/resources/p2.inf b/features/oauth-extensions/org.wso2.carbon.device.mgt.oauth.extensions.feature/src/main/resources/p2.inf index 6f97c8724c6..7ab37b9d7d7 100644 --- a/features/oauth-extensions/org.wso2.carbon.device.mgt.oauth.extensions.feature/src/main/resources/p2.inf +++ b/features/oauth-extensions/org.wso2.carbon.device.mgt.oauth.extensions.feature/src/main/resources/p2.inf @@ -1,2 +1 @@ -instructions.configure = \ -org.eclipse.equinox.p2.touchpoint.natives.copy(source:${installFolder}/../features/org.wso2.carbon.device.mgt.oauth.extensions_${feature.version}/device-mgt-scopes.xml,target:${installFolder}/../../conf/etc/device-mgt-scopes.xml,overwrite:true);\ +instructions.configure = \ \ No newline at end of file