Merge pull request #269 from milanperera/apim

Implemented API publishing to Synapse Gateway
revert-70aa11f8
Milan Perera 9 years ago
commit 073ed252e7

@ -105,10 +105,6 @@
<groupId>org.wso2.carbon.governance</groupId> <groupId>org.wso2.carbon.governance</groupId>
<artifactId>org.wso2.carbon.governance.lcm</artifactId> <artifactId>org.wso2.carbon.governance.lcm</artifactId>
</dependency> </dependency>
<dependency>
<groupId>org.wso2.carbon.devicemgt</groupId>
<artifactId>org.wso2.carbon.device.mgt.core</artifactId>
</dependency>
</dependencies> </dependencies>

@ -78,7 +78,10 @@ public class APIPublisherServiceImpl implements APIPublisherService {
+ api.getId().getVersion() + "'"); + api.getId().getVersion() + "'");
} }
} else { } else {
api.setStatus(provider.getAPI(api.getId()).getStatus()); if (provider.getAPI(api.getId()).getStatus() == APIStatus.CREATED) {
provider.changeLifeCycleStatus(api.getId(), PUBLISH_ACTION);
}
api.setStatus(APIStatus.PUBLISHED);
provider.updateAPI(api); provider.updateAPI(api);
if (log.isDebugEnabled()) { if (log.isDebugEnabled()) {
log.debug("An API already exists with the name '" + api.getId().getApiName() + log.debug("An API already exists with the name '" + api.getId().getApiName() +

@ -0,0 +1,67 @@
/*
* Copyright (c) 2016, WSO2 Inc. (http://www.wso2.org) All Rights Reserved.
*
* WSO2 Inc. licenses this file to you under the Apache License,
* Version 2.0 (the "License"); you may not use this file except
* in compliance with the License.
* You may obtain a copy of the License at
*
* http://www.apache.org/licenses/LICENSE-2.0
*
* Unless required by applicable law or agreed to in writing,
* software distributed under the License is distributed on an
* "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
* KIND, either express or implied. See the License for the
* specific language governing permissions and limitations
* under the License.
*
*/
package org.wso2.carbon.apimgt.webapp.publisher;
import org.apache.commons.logging.Log;
import org.apache.commons.logging.LogFactory;
import org.wso2.carbon.apimgt.api.model.API;
import org.wso2.carbon.apimgt.webapp.publisher.internal.APIPublisherDataHolder;
import org.wso2.carbon.core.ServerStartupObserver;
public class APIPublisherStartupHandler implements ServerStartupObserver {
private static final Log log = LogFactory.getLog(APIPublisherStartupHandler.class);
@Override
public void completingServerStartup() {
}
@Override
public void completedServerStartup() {
// adding temporary due to a bug in the platform
Thread t = new Thread(new Runnable() {
@Override
public void run() {
try {
Thread.sleep(5000);
} catch (InterruptedException e) {
log.error("Error occurred while sleeping", e);
}
APIPublisherDataHolder.getInstance().setServerStarted(true);
log.info("Server has just started, hence started publishing unpublished APIs");
if (log.isDebugEnabled()) {
log.debug("Total number of unpublished APIs: "
+ APIPublisherDataHolder.getInstance().getUnpublishedApis().size());
}
APIPublisherService publisher = APIPublisherDataHolder.getInstance().getApiPublisherService();
while (!APIPublisherDataHolder.getInstance().getUnpublishedApis().isEmpty()) {
API api = APIPublisherDataHolder.getInstance().getUnpublishedApis().pop();
try {
publisher.publishAPI(api);
} catch (java.lang.Exception e) {
log.error("Error occurred while publishing API '" + api.getId().getApiName(), e);
}
}
}
});
t.start();
}
}

@ -18,6 +18,7 @@
package org.wso2.carbon.apimgt.webapp.publisher; package org.wso2.carbon.apimgt.webapp.publisher;
import org.apache.commons.lang.StringUtils;
import org.apache.commons.logging.Log; import org.apache.commons.logging.Log;
import org.apache.commons.logging.LogFactory; import org.apache.commons.logging.LogFactory;
import org.wso2.carbon.apimgt.api.APIManagementException; import org.wso2.carbon.apimgt.api.APIManagementException;
@ -26,11 +27,9 @@ import org.wso2.carbon.apimgt.api.model.*;
import org.wso2.carbon.apimgt.impl.APIConstants; import org.wso2.carbon.apimgt.impl.APIConstants;
import org.wso2.carbon.apimgt.webapp.publisher.config.APIResource; import org.wso2.carbon.apimgt.webapp.publisher.config.APIResource;
import org.wso2.carbon.apimgt.webapp.publisher.config.APIResourceConfiguration; import org.wso2.carbon.apimgt.webapp.publisher.config.APIResourceConfiguration;
import org.wso2.carbon.apimgt.webapp.publisher.internal.APIPublisherDataHolder; import org.wso2.carbon.apimgt.webapp.publisher.config.WebappPublisherConfig;
import org.wso2.carbon.base.MultitenantConstants; import org.wso2.carbon.base.MultitenantConstants;
import org.wso2.carbon.utils.CarbonUtils; import org.wso2.carbon.core.util.Utils;
import org.wso2.carbon.utils.ConfigurationContextService;
import org.wso2.carbon.utils.NetworkUtils;
import javax.servlet.ServletContext; import javax.servlet.ServletContext;
import java.util.*; import java.util.*;
@ -96,7 +95,7 @@ public class APIPublisherUtil {
} }
api.setResponseCache(APIConstants.DISABLED); api.setResponseCache(APIConstants.DISABLED);
String endpointConfig = "{\"production_endpoints\":{\"url\":\" " + config.getEndpoint() + String endpointConfig = "{\"production_endpoints\":{\"url\":\"" + config.getEndpoint() +
"\",\"config\":null},\"implementation_status\":\"managed\",\"endpoint_type\":\"http\"}"; "\",\"config\":null},\"implementation_status\":\"managed\",\"endpoint_type\":\"http\"}";
api.setEndpointConfig(endpointConfig); api.setEndpointConfig(endpointConfig);
@ -113,7 +112,8 @@ public class APIPublisherUtil {
// adding scopes to the api // adding scopes to the api
Set<URITemplate> uriTemplates = config.getUriTemplates(); Set<URITemplate> uriTemplates = config.getUriTemplates();
Map<String, Scope> apiScopes = new HashMap<>(); Map<String, Scope> apiScopes = new HashMap<>();
Scope existingScope;
String existingPermissions;
if (uriTemplates != null) { if (uriTemplates != null) {
// this creates distinct scopes list // this creates distinct scopes list
for (URITemplate template : uriTemplates) { for (URITemplate template : uriTemplates) {
@ -121,6 +121,12 @@ public class APIPublisherUtil {
if (scope != null) { if (scope != null) {
if (apiScopes.get(scope.getKey()) == null) { if (apiScopes.get(scope.getKey()) == null) {
apiScopes.put(scope.getKey(), scope); apiScopes.put(scope.getKey(), scope);
} else {
existingScope = apiScopes.get(scope.getKey());
existingPermissions = existingScope.getRoles();
existingPermissions = getDistinctPermissions(existingPermissions + "," + scope.getRoles());
existingScope.setRoles(existingPermissions);
apiScopes.put(scope.getKey(), existingScope);
} }
} }
} }
@ -132,7 +138,7 @@ public class APIPublisherUtil {
// api scope and uri template scope // api scope and uri template scope
for (Scope scope : scopes) { for (Scope scope : scopes) {
for (URITemplate template : uriTemplates) { for (URITemplate template : uriTemplates) {
if (scope.getKey().equals(template.getScope().getKey())) { if (template.getScope() != null && scope.getKey().equals(template.getScope().getKey())) {
template.setScope(scope); template.setScope(scope);
} }
} }
@ -143,24 +149,8 @@ public class APIPublisherUtil {
} }
public static String getServerBaseUrl() { public static String getServerBaseUrl() {
// Hostname WebappPublisherConfig webappPublisherConfig = WebappPublisherConfig.getInstance();
String hostName = "localhost"; return Utils.replaceSystemProperty(webappPublisherConfig.getHost());
try {
hostName = NetworkUtils.getMgtHostName();
} catch (Exception ignored) {
}
// HTTPS port
String mgtConsoleTransport = CarbonUtils.getManagementTransport();
ConfigurationContextService configContextService =
APIPublisherDataHolder.getInstance().getConfigurationContextService();
int port = CarbonUtils.getTransportPort(configContextService, mgtConsoleTransport);
int httpsProxyPort =
CarbonUtils.getTransportProxyPort(configContextService.getServerConfigContext(),
mgtConsoleTransport);
if (httpsProxyPort > 0) {
port = httpsProxyPort;
}
return "https://" + hostName + ":" + port;
} }
public static String getApiEndpointUrl(String context) { public static String getApiEndpointUrl(String context) {
@ -262,7 +252,7 @@ public class APIPublisherUtil {
if (log.isDebugEnabled()) { if (log.isDebugEnabled()) {
log.debug("'managed-api-endpoint' attribute is not configured"); log.debug("'managed-api-endpoint' attribute is not configured");
} }
String endpointContext = servletContext.getContextPath(); String endpointContext = apiDef.getContext();
endpoint = APIPublisherUtil.getApiEndpointUrl(endpointContext); endpoint = APIPublisherUtil.getApiEndpointUrl(endpointContext);
} }
apiConfig.setEndpoint(endpoint); apiConfig.setEndpoint(endpoint);
@ -318,4 +308,9 @@ public class APIPublisherUtil {
return apiConfig; return apiConfig;
} }
private static String getDistinctPermissions(String permissions) {
String[] unique = new HashSet<String>(Arrays.asList(permissions.split(","))).toArray(new String[0]);
return StringUtils.join(unique, ",");
}
} }

@ -0,0 +1,75 @@
/*
* Copyright (c) 2016, WSO2 Inc. (http://www.wso2.org) All Rights Reserved.
*
* WSO2 Inc. licenses this file to you under the Apache License,
* Version 2.0 (the "License"); you may not use this file except
* in compliance with the License.
* You may obtain a copy of the License at
*
* http://www.apache.org/licenses/LICENSE-2.0
*
* Unless required by applicable law or agreed to in writing,
* software distributed under the License is distributed on an
* "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
* KIND, either express or implied. See the License for the
* specific language governing permissions and limitations
* under the License.
*
*/
package org.wso2.carbon.apimgt.webapp.publisher;
public class InvalidConfigurationStateException extends RuntimeException {
private static final long serialVersionUID = -3151279311329070397L;
private String errorMessage;
private int errorCode;
public InvalidConfigurationStateException(int errorCode, String message) {
super(message);
this.errorCode = errorCode;
}
public InvalidConfigurationStateException(int errorCode, String message, Throwable cause) {
super(message, cause);
this.errorCode = errorCode;
}
public int getErrorCode() {
return errorCode;
}
public String getErrorMessage() {
return errorMessage;
}
public void setErrorMessage(String errorMessage) {
this.errorMessage = errorMessage;
}
public InvalidConfigurationStateException(String msg, Exception nestedEx) {
super(msg, nestedEx);
setErrorMessage(msg);
}
public InvalidConfigurationStateException(String message, Throwable cause) {
super(message, cause);
setErrorMessage(message);
}
public InvalidConfigurationStateException(String msg) {
super(msg);
setErrorMessage(msg);
}
public InvalidConfigurationStateException() {
super();
}
public InvalidConfigurationStateException(Throwable cause) {
super(cause);
}
}

@ -0,0 +1,44 @@
/*
* Copyright (c) 2016, WSO2 Inc. (http://www.wso2.org) All Rights Reserved.
*
* WSO2 Inc. licenses this file to you under the Apache License,
* Version 2.0 (the "License"); you may not use this file except
* in compliance with the License.
* You may obtain a copy of the License at
*
* http://www.apache.org/licenses/LICENSE-2.0
*
* Unless required by applicable law or agreed to in writing,
* software distributed under the License is distributed on an
* "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
* KIND, either express or implied. See the License for the
* specific language governing permissions and limitations
* under the License.
*/
package org.wso2.carbon.apimgt.webapp.publisher;
public class WebappPublisherConfigurationFailedException extends Exception {
private static final long serialVersionUID = -3151279312929070398L;
public WebappPublisherConfigurationFailedException(String msg, Exception nestedEx) {
super(msg, nestedEx);
}
public WebappPublisherConfigurationFailedException(String message, Throwable cause) {
super(message, cause);
}
public WebappPublisherConfigurationFailedException(String msg) {
super(msg);
}
public WebappPublisherConfigurationFailedException() {
super();
}
public WebappPublisherConfigurationFailedException(Throwable cause) {
super(cause);
}
}

@ -0,0 +1,45 @@
/*
* Copyright (c) 2016, WSO2 Inc. (http://www.wso2.org) All Rights Reserved.
*
* WSO2 Inc. licenses this file to you under the Apache License,
* Version 2.0 (the "License"); you may not use this file except
* in compliance with the License.
* You may obtain a copy of the License at
*
* http://www.apache.org/licenses/LICENSE-2.0
*
* Unless required by applicable law or agreed to in writing,
* software distributed under the License is distributed on an
* "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
* KIND, either express or implied. See the License for the
* specific language governing permissions and limitations
* under the License.
*/
package org.wso2.carbon.apimgt.webapp.publisher;
import org.w3c.dom.Document;
import javax.xml.parsers.DocumentBuilder;
import javax.xml.parsers.DocumentBuilderFactory;
import java.io.File;
/**
* This class contains the util methods which are needed
* to web app publisher related functions.
*/
public class WebappPublisherUtil {
public static Document convertToDocument(File file) throws WebappPublisherConfigurationFailedException {
DocumentBuilderFactory factory = DocumentBuilderFactory.newInstance();
factory.setNamespaceAware(true);
try {
DocumentBuilder docBuilder = factory.newDocumentBuilder();
return docBuilder.parse(file);
} catch (Exception e) {
throw new WebappPublisherConfigurationFailedException("Error occurred while parsing file, while converting " +
"to a org.w3c.dom.Document", e);
}
}
}

@ -0,0 +1,94 @@
/*
* Copyright (c) 2016, WSO2 Inc. (http://www.wso2.org) All Rights Reserved.
*
* WSO2 Inc. licenses this file to you under the Apache License,
* Version 2.0 (the "License"); you may not use this file except
* in compliance with the License.
* You may obtain a copy of the License at
*
* http://www.apache.org/licenses/LICENSE-2.0
*
* Unless required by applicable law or agreed to in writing,
* software distributed under the License is distributed on an
* "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
* KIND, either express or implied. See the License for the
* specific language governing permissions and limitations
* under the License.
*/
package org.wso2.carbon.apimgt.webapp.publisher.config;
import org.w3c.dom.Document;
import org.wso2.carbon.apimgt.webapp.publisher.InvalidConfigurationStateException;
import org.wso2.carbon.apimgt.webapp.publisher.WebappPublisherConfigurationFailedException;
import org.wso2.carbon.apimgt.webapp.publisher.WebappPublisherUtil;
import org.wso2.carbon.utils.CarbonUtils;
import javax.xml.bind.JAXBContext;
import javax.xml.bind.JAXBException;
import javax.xml.bind.Unmarshaller;
import javax.xml.bind.annotation.XmlElement;
import javax.xml.bind.annotation.XmlRootElement;
import java.io.File;
/**
* This class represents the configuration that are needed
* when publishing APIs to API Manager.
*/
@XmlRootElement(name = "WebappPublisherConfigs")
public class WebappPublisherConfig {
private String host;
private boolean isPublished;
private static WebappPublisherConfig config;
private static final String WEBAPP_PUBLISHER_CONFIG_PATH =
CarbonUtils.getEtcCarbonConfigDirPath() + File.separator + "webapp-publisher-config.xml";
private WebappPublisherConfig() {
}
public static WebappPublisherConfig getInstance() {
if (config == null) {
throw new InvalidConfigurationStateException("Webapp Authenticator Configuration is not " +
"initialized properly");
}
return config;
}
@XmlElement(name = "Host", required = true)
public String getHost() {
return host;
}
public void setHost(String host) {
this.host = host;
}
@XmlElement(name = "PublishAPI", required = true)
public boolean isPublished() {
return isPublished;
}
public void setPublished(boolean published) {
isPublished = published;
}
public static void init() throws WebappPublisherConfigurationFailedException {
try {
File emailSenderConfig = new File(WEBAPP_PUBLISHER_CONFIG_PATH);
Document doc = WebappPublisherUtil.convertToDocument(emailSenderConfig);
/* Un-marshaling Email Sender configuration */
JAXBContext ctx = JAXBContext.newInstance(WebappPublisherConfig.class);
Unmarshaller unmarshaller = ctx.createUnmarshaller();
//unmarshaller.setSchema(getSchema());
config = (WebappPublisherConfig) unmarshaller.unmarshal(doc);
} catch (JAXBException e) {
throw new WebappPublisherConfigurationFailedException("Error occurred while un-marshalling Webapp " +
"Publisher Config", e);
}
}
}

@ -19,12 +19,15 @@
package org.wso2.carbon.apimgt.webapp.publisher.internal; package org.wso2.carbon.apimgt.webapp.publisher.internal;
import org.wso2.carbon.apimgt.api.model.API;
import org.wso2.carbon.apimgt.webapp.publisher.APIPublisherService; import org.wso2.carbon.apimgt.webapp.publisher.APIPublisherService;
import org.wso2.carbon.registry.core.service.RegistryService; import org.wso2.carbon.registry.core.service.RegistryService;
import org.wso2.carbon.user.core.service.RealmService; import org.wso2.carbon.user.core.service.RealmService;
import org.wso2.carbon.user.core.tenant.TenantManager; import org.wso2.carbon.user.core.tenant.TenantManager;
import org.wso2.carbon.utils.ConfigurationContextService; import org.wso2.carbon.utils.ConfigurationContextService;
import java.util.Stack;
public class APIPublisherDataHolder { public class APIPublisherDataHolder {
private APIPublisherService apiPublisherService; private APIPublisherService apiPublisherService;
@ -32,6 +35,8 @@ public class APIPublisherDataHolder {
private RealmService realmService; private RealmService realmService;
private TenantManager tenantManager; private TenantManager tenantManager;
private RegistryService registryService; private RegistryService registryService;
private boolean isServerStarted;
private Stack<API> unpublishedApis = new Stack<>();
private static APIPublisherDataHolder thisInstance = new APIPublisherDataHolder(); private static APIPublisherDataHolder thisInstance = new APIPublisherDataHolder();
@ -94,4 +99,20 @@ public class APIPublisherDataHolder {
public void setRegistryService(RegistryService registryService) { public void setRegistryService(RegistryService registryService) {
this.registryService = registryService; this.registryService = registryService;
} }
public boolean isServerStarted() {
return isServerStarted;
}
public void setServerStarted(boolean serverStarted) {
isServerStarted = serverStarted;
}
public Stack<API> getUnpublishedApis() {
return unpublishedApis;
}
public void setUnpublishedApis(Stack<API> unpublishedApis) {
this.unpublishedApis = unpublishedApis;
}
} }

@ -25,6 +25,9 @@ import org.osgi.service.component.ComponentContext;
import org.wso2.carbon.apimgt.impl.APIManagerConfigurationService; import org.wso2.carbon.apimgt.impl.APIManagerConfigurationService;
import org.wso2.carbon.apimgt.webapp.publisher.APIPublisherService; import org.wso2.carbon.apimgt.webapp.publisher.APIPublisherService;
import org.wso2.carbon.apimgt.webapp.publisher.APIPublisherServiceImpl; import org.wso2.carbon.apimgt.webapp.publisher.APIPublisherServiceImpl;
import org.wso2.carbon.apimgt.webapp.publisher.APIPublisherStartupHandler;
import org.wso2.carbon.apimgt.webapp.publisher.config.WebappPublisherConfig;
import org.wso2.carbon.core.ServerStartupObserver;
import org.wso2.carbon.registry.core.service.RegistryService; import org.wso2.carbon.registry.core.service.RegistryService;
import org.wso2.carbon.user.core.service.RealmService; import org.wso2.carbon.user.core.service.RealmService;
import org.wso2.carbon.utils.ConfigurationContextService; import org.wso2.carbon.utils.ConfigurationContextService;
@ -57,16 +60,23 @@ public class APIPublisherServiceComponent {
protected void activate(ComponentContext componentContext) { protected void activate(ComponentContext componentContext) {
try { try {
if (log.isDebugEnabled()) { if (log.isDebugEnabled()) {
log.debug("Initializing device management core bundle"); log.debug("Initializing webapp publisher bundle");
} }
if (log.isDebugEnabled()) {
log.debug("Loading webapp publisher configurations");
}
/* Initializing webapp publisher configuration */
WebappPublisherConfig.init();
/* Registering declarative service instances exposed by DeviceManagementServiceComponent */ /* Registering declarative service instances exposed by DeviceManagementServiceComponent */
this.registerServices(componentContext); this.registerServices(componentContext);
if (log.isDebugEnabled()) { if (log.isDebugEnabled()) {
log.debug("Device management core bundle has been successfully initialized"); log.debug("Webapp publisher bundle has been successfully initialized");
} }
} catch (Throwable e) { } catch (Throwable e) {
log.error("Error occurred while initializing device management core bundle", e); log.error("Error occurred while initializing webapp publisher bundle", e);
} }
} }
@ -84,6 +94,7 @@ public class APIPublisherServiceComponent {
APIPublisherService publisher = new APIPublisherServiceImpl(); APIPublisherService publisher = new APIPublisherServiceImpl();
APIPublisherDataHolder.getInstance().setApiPublisherService(publisher); APIPublisherDataHolder.getInstance().setApiPublisherService(publisher);
bundleContext.registerService(APIPublisherService.class, publisher, null); bundleContext.registerService(APIPublisherService.class, publisher, null);
bundleContext.registerService(ServerStartupObserver.class, new APIPublisherStartupHandler(), null);
} }
protected void setAPIManagerConfigurationService(APIManagerConfigurationService service) { protected void setAPIManagerConfigurationService(APIManagerConfigurationService service) {

@ -31,7 +31,6 @@ import org.wso2.carbon.apimgt.webapp.publisher.APIPublisherUtil;
import org.wso2.carbon.apimgt.webapp.publisher.config.APIResourceConfiguration; import org.wso2.carbon.apimgt.webapp.publisher.config.APIResourceConfiguration;
import org.wso2.carbon.apimgt.webapp.publisher.internal.APIPublisherDataHolder; import org.wso2.carbon.apimgt.webapp.publisher.internal.APIPublisherDataHolder;
import org.wso2.carbon.apimgt.webapp.publisher.lifecycle.util.AnnotationProcessor; import org.wso2.carbon.apimgt.webapp.publisher.lifecycle.util.AnnotationProcessor;
import org.wso2.carbon.device.mgt.core.DeviceManagementConstants;
import javax.servlet.ServletContext; import javax.servlet.ServletContext;
import java.io.IOException; import java.io.IOException;
@ -43,6 +42,9 @@ public class APIPublisherLifecycleListener implements LifecycleListener {
private static final Log log = LogFactory.getLog(APIPublisherLifecycleListener.class); private static final Log log = LogFactory.getLog(APIPublisherLifecycleListener.class);
private static final String PARAM_MANAGED_API_ENABLED = "managed-api-enabled"; private static final String PARAM_MANAGED_API_ENABLED = "managed-api-enabled";
public static final String PROPERTY_PROFILE = "profile";
public static final String PROFILE_DT_WORKER = "dtWorker";
public static final String PROFILE_DEFAULT = "default";
@Override @Override
public void lifecycleEvent(LifecycleEvent lifecycleEvent) { public void lifecycleEvent(LifecycleEvent lifecycleEvent) {
@ -52,10 +54,10 @@ public class APIPublisherLifecycleListener implements LifecycleListener {
String param = servletContext.getInitParameter(PARAM_MANAGED_API_ENABLED); String param = servletContext.getInitParameter(PARAM_MANAGED_API_ENABLED);
boolean isManagedApi = (param != null && !param.isEmpty()) && Boolean.parseBoolean(param); boolean isManagedApi = (param != null && !param.isEmpty()) && Boolean.parseBoolean(param);
String profile = System.getProperty(DeviceManagementConstants.Common.PROPERTY_PROFILE); String profile = System.getProperty(PROPERTY_PROFILE);
if ((profile.equalsIgnoreCase(DeviceManagementConstants.Common.PROFILE_DT_WORKER) || if ((profile.equalsIgnoreCase(PROFILE_DT_WORKER) ||
profile.equalsIgnoreCase(DeviceManagementConstants.Common.PROFILE_DEFAULT)) && isManagedApi) { profile.equalsIgnoreCase(PROFILE_DEFAULT)) && isManagedApi) {
try { try {
AnnotationProcessor annotationProcessor = new AnnotationProcessor(context); AnnotationProcessor annotationProcessor = new AnnotationProcessor(context);
Set<String> annotatedAPIClasses = annotationProcessor. Set<String> annotatedAPIClasses = annotationProcessor.
@ -78,13 +80,22 @@ public class APIPublisherLifecycleListener implements LifecycleListener {
if (isTenantActive) { if (isTenantActive) {
apiConfig.init(); apiConfig.init();
API api = APIPublisherUtil.getAPI(apiConfig); API api = APIPublisherUtil.getAPI(apiConfig);
APIPublisherService apiPublisherService = boolean isServerStarted = APIPublisherDataHolder.getInstance().isServerStarted();
APIPublisherDataHolder.getInstance().getApiPublisherService(); if (isServerStarted) {
if (apiPublisherService == null) { APIPublisherService apiPublisherService =
throw new IllegalStateException( APIPublisherDataHolder.getInstance().getApiPublisherService();
"API Publisher service is not initialized properly"); if (apiPublisherService == null) {
throw new IllegalStateException(
"API Publisher service is not initialized properly");
}
apiPublisherService.publishAPI(api);
} else {
if (log.isDebugEnabled()) {
log.debug("Server has not started yet. Hence adding API '" +
api.getId().getApiName() + "' to the queue");
}
APIPublisherDataHolder.getInstance().getUnpublishedApis().push(api);
} }
apiPublisherService.publishAPI(api);
} else { } else {
log.error("No tenant [" + apiConfig.getTenantDomain() + "] " + log.error("No tenant [" + apiConfig.getTenantDomain() + "] " +
"found when publishing the Web app"); "found when publishing the Web app");

@ -28,12 +28,11 @@ import org.scannotation.WarUrlFinder;
import org.wso2.carbon.apimgt.annotations.api.API; import org.wso2.carbon.apimgt.annotations.api.API;
import org.wso2.carbon.apimgt.annotations.api.Permission; import org.wso2.carbon.apimgt.annotations.api.Permission;
import org.wso2.carbon.apimgt.api.model.Scope; import org.wso2.carbon.apimgt.api.model.Scope;
import org.wso2.carbon.apimgt.webapp.publisher.APIPublisherUtil;
import org.wso2.carbon.apimgt.webapp.publisher.config.APIResource; import org.wso2.carbon.apimgt.webapp.publisher.config.APIResource;
import org.wso2.carbon.apimgt.webapp.publisher.config.APIResourceConfiguration; import org.wso2.carbon.apimgt.webapp.publisher.config.APIResourceConfiguration;
import org.wso2.carbon.apimgt.webapp.publisher.config.PermissionConfiguration; import org.wso2.carbon.apimgt.webapp.publisher.config.PermissionConfiguration;
import org.wso2.carbon.apimgt.webapp.publisher.config.PermissionManagementException; import org.wso2.carbon.apimgt.webapp.publisher.config.PermissionManagementException;
import org.wso2.carbon.device.mgt.core.config.DeviceConfigurationManager;
import org.wso2.carbon.device.mgt.core.config.deviceType.DTConfiguration;
import javax.servlet.ServletContext; import javax.servlet.ServletContext;
import javax.ws.rs.*; import javax.ws.rs.*;
@ -137,7 +136,6 @@ public class AnnotationProcessor {
try { try {
apiResourceConfig = processAPIAnnotation(apiAnno); apiResourceConfig = processAPIAnnotation(apiAnno);
// All the apis should map to same root "/"
String rootContext = servletContext.getContextPath(); String rootContext = servletContext.getContextPath();
pathClazz = (Class<Path>) classLoader.loadClass(Path.class.getName()); pathClazz = (Class<Path>) classLoader.loadClass(Path.class.getName());
pathClazzMethods = pathClazz.getMethods(); pathClazzMethods = pathClazz.getMethods();
@ -147,7 +145,11 @@ public class AnnotationProcessor {
if (rootContectAnno != null) { if (rootContectAnno != null) {
subContext = invokeMethod(pathClazzMethods[0], rootContectAnno, STRING); subContext = invokeMethod(pathClazzMethods[0], rootContectAnno, STRING);
if (subContext != null && !subContext.isEmpty()) { if (subContext != null && !subContext.isEmpty()) {
rootContext = rootContext + "/" + subContext; if (subContext.trim().startsWith("/")) {
rootContext = rootContext + subContext;
} else {
rootContext = rootContext + "/" + subContext;
}
} else { } else {
subContext = ""; subContext = "";
} }
@ -157,7 +159,7 @@ public class AnnotationProcessor {
} }
Method[] annotatedMethods = clazz.getDeclaredMethods(); Method[] annotatedMethods = clazz.getDeclaredMethods();
resourceList = getApiResources(rootContext, subContext, annotatedMethods); resourceList = getApiResources(rootContext, annotatedMethods);
apiResourceConfig.setResources(resourceList); apiResourceConfig.setResources(resourceList);
} catch (Throwable throwable) { } catch (Throwable throwable) {
log.error("Error encountered while scanning for annotations", throwable); log.error("Error encountered while scanning for annotations", throwable);
@ -209,33 +211,30 @@ public class AnnotationProcessor {
* Get Resources for each API * Get Resources for each API
* *
* @param resourceRootContext * @param resourceRootContext
* @param apiRootContext
* @param annotatedMethods * @param annotatedMethods
* @return * @return
* @throws Throwable * @throws Throwable
*/ */
private List<APIResource> getApiResources(String resourceRootContext, String apiRootContext, private List<APIResource> getApiResources(String resourceRootContext, Method[] annotatedMethods) throws Throwable {
Method[] annotatedMethods) throws Throwable { List<APIResource> resourceList = new ArrayList<>();
List<APIResource> resourceList; String subCtx = null;
resourceList = new ArrayList<APIResource>();
for (Method method : annotatedMethods) { for (Method method : annotatedMethods) {
Annotation methodContextAnno = method.getAnnotation(pathClazz); Annotation[] annotations = method.getDeclaredAnnotations();
if (methodContextAnno != null) { APIResource resource = new APIResource();
String subCtx = invokeMethod(pathClazzMethods[0], methodContextAnno, STRING);
APIResource resource = new APIResource(); if (isHttpMethodAvailable(annotations)) {
resource.setUriTemplate(makeContextURLReady(apiRootContext + subCtx)); Annotation methodContextAnno = method.getAnnotation(pathClazz);
if (methodContextAnno != null) {
DTConfiguration deviceTypeConfig = DeviceConfigurationManager.getInstance(). subCtx = invokeMethod(pathClazzMethods[0], methodContextAnno, STRING);
getDeviceManagementConfig().getDTDeploymentConfiguration(); } else {
subCtx = "/*";
String serverIP = deviceTypeConfig.getDtHostAddress(); }
String httpServerPort = deviceTypeConfig.getDtHostPort(); resource.setUriTemplate(makeContextURLReady(subCtx));
resource.setUri(PROTOCOL_HTTP + "://" + serverIP + ":" + httpServerPort + makeContextURLReady( resource.setUri(APIPublisherUtil.getServerBaseUrl() + makeContextURLReady(resourceRootContext) +
resourceRootContext) + makeContextURLReady(subCtx)); makeContextURLReady(subCtx));
resource.setAuthType(AUTH_TYPE); resource.setAuthType(AUTH_TYPE);
Annotation[] annotations = method.getDeclaredAnnotations();
for (int i = 0; i < annotations.length; i++) { for (int i = 0; i < annotations.length; i++) {
processHTTPMethodAnnotation(resource, annotations[i]); processHTTPMethodAnnotation(resource, annotations[i]);
if (annotations[i].annotationType().getName().equals(Consumes.class.getName())) { if (annotations[i].annotationType().getName().equals(Consumes.class.getName())) {
@ -295,6 +294,23 @@ public class AnnotationProcessor {
} }
} }
private boolean isHttpMethodAvailable(Annotation[] annotations) {
for (Annotation annotation : annotations) {
if (annotation.annotationType().getName().equals(GET.class.getName())) {
return true;
} else if (annotation.annotationType().getName().equals(POST.class.getName())) {
return true;
} else if (annotation.annotationType().getName().equals(OPTIONS.class.getName())) {
return true;
} else if (annotation.annotationType().getName().equals(DELETE.class.getName())) {
return true;
} else if (annotation.annotationType().getName().equals(PUT.class.getName())) {
return true;
}
}
return false;
}
/** /**
* Append '/' to the context and make it URL ready * Append '/' to the context and make it URL ready
* *

@ -143,9 +143,19 @@
<scope>provided</scope> <scope>provided</scope>
</dependency> </dependency>
<dependency> <dependency>
<groupId>org.wso2.carbon.commons</groupId> <groupId>org.wso2.carbon.identity</groupId>
<artifactId>org.wso2.carbon.user.mgt</artifactId> <artifactId>org.wso2.carbon.user.mgt</artifactId>
<scope>provided</scope> <scope>provided</scope>
<exclusions>
<exclusion>
<groupId>org.slf4j</groupId>
<artifactId>slf4j-api</artifactId>
</exclusion>
<exclusion>
<groupId>org.slf4j</groupId>
<artifactId>jcl-over-slf4j</artifactId>
</exclusion>
</exclusions>
</dependency> </dependency>
<dependency> <dependency>
<groupId>org.wso2.carbon</groupId> <groupId>org.wso2.carbon</groupId>
@ -227,6 +237,10 @@
<artifactId>servlet-api</artifactId> <artifactId>servlet-api</artifactId>
<scope>provided</scope> <scope>provided</scope>
</dependency> </dependency>
<dependency>
<groupId>org.wso2.carbon.devicemgt</groupId>
<artifactId>org.wso2.carbon.apimgt.annotations</artifactId>
</dependency>
</dependencies> </dependencies>
</project> </project>

@ -19,6 +19,8 @@
package org.wso2.carbon.device.mgt.jaxrs.api; package org.wso2.carbon.device.mgt.jaxrs.api;
import io.swagger.annotations.*; import io.swagger.annotations.*;
import org.wso2.carbon.apimgt.annotations.api.API;
import org.wso2.carbon.apimgt.annotations.api.Permission;
import org.wso2.carbon.certificate.mgt.core.dto.CertificateResponse; import org.wso2.carbon.certificate.mgt.core.dto.CertificateResponse;
import org.wso2.carbon.device.mgt.common.PaginationResult; import org.wso2.carbon.device.mgt.common.PaginationResult;
import org.wso2.carbon.device.mgt.jaxrs.api.common.MDMAPIException; import org.wso2.carbon.device.mgt.jaxrs.api.common.MDMAPIException;
@ -31,6 +33,9 @@ import javax.ws.rs.core.Response;
/** /**
* All the certificate related tasks such as saving certificates, can be done through this endpoint. * All the certificate related tasks such as saving certificates, can be done through this endpoint.
*/ */
@API(name = "Certificate", version = "1.0.0", context = "/devicemgt_admin/certificates", tags = {"devicemgt_admin"})
// Below Api is for swagger annotations
@Api(value = "Certificate", description = "Certificate related tasks such as saving certificates, " + @Api(value = "Certificate", description = "Certificate related tasks such as saving certificates, " +
"can be done through this API") "can be done through this API")
@SuppressWarnings("NonJaxWsWebServices") @SuppressWarnings("NonJaxWsWebServices")
@ -58,6 +63,7 @@ public interface Certificate {
@ApiResponse(code = 200, message = "Added successfully"), @ApiResponse(code = 200, message = "Added successfully"),
@ApiResponse(code = 500, message = "Error occurred while saving the certificate") @ApiResponse(code = 500, message = "Error occurred while saving the certificate")
}) })
@Permission(scope = "certificate-modify", permissions = {"/permission/admin/device-mgt/certificate/save"})
Response saveCertificate(@HeaderParam("Accept") String acceptHeader, Response saveCertificate(@HeaderParam("Accept") String acceptHeader,
@ApiParam(name = "enrollmentCertificates", value = "certificate with serial, " @ApiParam(name = "enrollmentCertificates", value = "certificate with serial, "
+ "pem and tenant id", required = true) EnrollmentCertificate[] + "pem and tenant id", required = true) EnrollmentCertificate[]
@ -83,6 +89,7 @@ public interface Certificate {
@ApiResponse(code = 400, message = "Notification status updated successfully"), @ApiResponse(code = 400, message = "Notification status updated successfully"),
@ApiResponse(code = 500, message = "Error occurred while converting PEM file to X509Certificate") @ApiResponse(code = 500, message = "Error occurred while converting PEM file to X509Certificate")
}) })
@Permission(scope = "certificate-view", permissions = {"/permission/admin/device-mgt/certificate/view"})
Response getCertificate(@HeaderParam("Accept") String acceptHeader, Response getCertificate(@HeaderParam("Accept") String acceptHeader,
@ApiParam(name = "serialNumber", value = "Provide the serial number of the " @ApiParam(name = "serialNumber", value = "Provide the serial number of the "
+ "certificate that you wish to get the details of", required = true) + "certificate that you wish to get the details of", required = true)
@ -113,6 +120,7 @@ public interface Certificate {
@ApiResponse(code = 400, message = "Invalid length value"), @ApiResponse(code = 400, message = "Invalid length value"),
@ApiResponse(code = 500, message = "Error occurred while fetching all certificates") @ApiResponse(code = 500, message = "Error occurred while fetching all certificates")
}) })
@Permission(scope = "certificate-view", permissions = {"/permission/admin/device-mgt/certificate/view"})
Response getAllCertificates(@HeaderParam("Accept") String acceptHeader, Response getAllCertificates(@HeaderParam("Accept") String acceptHeader,
@ApiParam(name = "start", @ApiParam(name = "start",
value = "Provide the starting pagination index as the value", required = true) value = "Provide the starting pagination index as the value", required = true)
@ -135,6 +143,7 @@ public interface Certificate {
@ApiResponse(code = 400, message = "Invalid start index"), @ApiResponse(code = 400, message = "Invalid start index"),
@ApiResponse(code = 500, message = "Error when deleting the certificate" @ApiResponse(code = 500, message = "Error when deleting the certificate"
) }) ) })
@Permission(scope = "certificate-modify", permissions = {"/permission/admin/device-mgt/certificate/remove"})
Response removeCertificate(@HeaderParam("Accept") String acceptHeader, Response removeCertificate(@HeaderParam("Accept") String acceptHeader,
@ApiParam(name = "serialNumber", value = "Provide the serial number of the " @ApiParam(name = "serialNumber", value = "Provide the serial number of the "
+ "certificate that you wish to delete", required = true) + "certificate that you wish to delete", required = true)

@ -19,6 +19,7 @@
package org.wso2.carbon.device.mgt.jaxrs.api; package org.wso2.carbon.device.mgt.jaxrs.api;
import io.swagger.annotations.*; import io.swagger.annotations.*;
import org.wso2.carbon.apimgt.annotations.api.*;
import org.wso2.carbon.device.mgt.common.configuration.mgt.TenantConfiguration; import org.wso2.carbon.device.mgt.common.configuration.mgt.TenantConfiguration;
import javax.ws.rs.*; import javax.ws.rs.*;
@ -29,6 +30,9 @@ import javax.ws.rs.core.Response;
* General Tenant Configuration REST-API implementation. * General Tenant Configuration REST-API implementation.
* All end points support JSON, XMl with content negotiation. * All end points support JSON, XMl with content negotiation.
*/ */
@API(name = "Configuration", version = "1.0.0", context = "/devicemgt_admin/configuration", tags = {"devicemgt_admin"})
// Below Api is for swagger annotations
@Path("/configuration") @Path("/configuration")
@Api(value = "Configuration", description = "General Tenant Configuration management capabilities are exposed " + @Api(value = "Configuration", description = "General Tenant Configuration management capabilities are exposed " +
"through this API") "through this API")
@ -48,6 +52,7 @@ public interface Configuration {
@ApiResponse(code = 201, message = "Tenant configuration saved successfully"), @ApiResponse(code = 201, message = "Tenant configuration saved successfully"),
@ApiResponse(code = 500, message = "Error occurred while saving the tenant configuration") @ApiResponse(code = 500, message = "Error occurred while saving the tenant configuration")
}) })
@Permission(scope = "configuration-modify", permissions = {"/permission/admin/device-mgt/admin/platform-configs/modify"})
Response saveTenantConfiguration(@ApiParam(name = "configuration", value = "The required properties to " Response saveTenantConfiguration(@ApiParam(name = "configuration", value = "The required properties to "
+ "update the platform configurations the as the <JSON_PAYLOAD> value", + "update the platform configurations the as the <JSON_PAYLOAD> value",
required = true) TenantConfiguration configuration); required = true) TenantConfiguration configuration);
@ -64,6 +69,7 @@ public interface Configuration {
@ApiResponse(code = 200, message = "OK"), @ApiResponse(code = 200, message = "OK"),
@ApiResponse(code = 500, message = "Error occurred while retrieving the tenant configuration") @ApiResponse(code = 500, message = "Error occurred while retrieving the tenant configuration")
}) })
@Permission(scope = "configuration-view", permissions = {"/permission/admin/device-mgt/admin/platform-configs/view"})
Response getConfiguration(); Response getConfiguration();
@PUT @PUT
@ -77,6 +83,7 @@ public interface Configuration {
@ApiResponse(code = 201, message = "Tenant configuration updated successfully"), @ApiResponse(code = 201, message = "Tenant configuration updated successfully"),
@ApiResponse(code = 500, message = "Error occurred while updating the tenant configuration") @ApiResponse(code = 500, message = "Error occurred while updating the tenant configuration")
}) })
@Permission(scope = "configuration-modify", permissions = {"/permission/admin/device-mgt/admin/platform-configs/modify"})
Response updateConfiguration(@ApiParam(name = "configuration", value = "The required properties to update" Response updateConfiguration(@ApiParam(name = "configuration", value = "The required properties to update"
+ " the platform configurations the as the <JSON_PAYLOAD> value", + " the platform configurations the as the <JSON_PAYLOAD> value",
required = true) TenantConfiguration configuration); required = true) TenantConfiguration configuration);

@ -19,6 +19,7 @@
package org.wso2.carbon.device.mgt.jaxrs.api; package org.wso2.carbon.device.mgt.jaxrs.api;
import io.swagger.annotations.*; import io.swagger.annotations.*;
import org.wso2.carbon.apimgt.annotations.api.*;
import org.wso2.carbon.device.mgt.common.EnrolmentInfo; import org.wso2.carbon.device.mgt.common.EnrolmentInfo;
import org.wso2.carbon.device.mgt.core.dto.DeviceType; import org.wso2.carbon.device.mgt.core.dto.DeviceType;
@ -29,6 +30,9 @@ import javax.ws.rs.core.Response;
/** /**
* Device related operations such as get all the available devices, etc. * Device related operations such as get all the available devices, etc.
*/ */
@API(name = "Device", version = "1.0.0", context = "/devicemgt_admin/devices", tags = {"devicemgt_admin"})
// Below Api is for swagger annotations
@Path("/devices") @Path("/devices")
@Api(value = "Device", description = "Device related operations such as get all the available devices, etc.") @Api(value = "Device", description = "Device related operations such as get all the available devices, etc.")
@SuppressWarnings("NonJaxWsWebServices") @SuppressWarnings("NonJaxWsWebServices")
@ -55,6 +59,7 @@ public interface Device {
@ApiResponse(code = 200, message = "List of Devices"), @ApiResponse(code = 200, message = "List of Devices"),
@ApiResponse(code = 500, message = "Error occurred while fetching the device list") @ApiResponse(code = 500, message = "Error occurred while fetching the device list")
}) })
@Permission(scope = "device-list", permissions = {"/permission/admin/device-mgt/admin/devices/list"})
Response getAllDevices(@ApiParam(name = "type", value = "Provide the device type, such as ios, android or" Response getAllDevices(@ApiParam(name = "type", value = "Provide the device type, such as ios, android or"
+ " windows", required = true) @QueryParam("type") String type, + " windows", required = true) @QueryParam("type") String type,
@ApiParam(name = "user", value = "Get the details of the devices registered to a " @ApiParam(name = "user", value = "Get the details of the devices registered to a "
@ -86,6 +91,9 @@ public interface Device {
@GET @GET
@Path("view") @Path("view")
@Produces({ MediaType.APPLICATION_JSON }) @Produces({ MediaType.APPLICATION_JSON })
@Permission(scope = "device-view", permissions = {
"/permission/admin/device-mgt/admin/devices/view",
"/permission/admin/device-mgt/user/devices/view"})
Response getDevice(@QueryParam("type") String type, @QueryParam("id") String id); Response getDevice(@QueryParam("type") String type, @QueryParam("id") String id);
/** /**
@ -96,6 +104,9 @@ public interface Device {
*/ */
@GET @GET
@Path("user/{user}") @Path("user/{user}")
@Permission(scope = "device-view-own", permissions = {
"/permission/admin/device-mgt/user/devices/list",
"/permission/admin/device-mgt/admin/devices/list"})
Response getDeviceOfUser(@PathParam("user") String user); Response getDeviceOfUser(@PathParam("user") String user);
/** /**
@ -106,6 +117,9 @@ public interface Device {
*/ */
@GET @GET
@Path("user/{user}/count") @Path("user/{user}/count")
@Permission(scope = "device-count-own", permissions = {
"/permission/admin/device-mgt/user/devices/list",
"/permission/admin/device-mgt/admin/devices/list"})
Response getDeviceCountOfUser(@PathParam("user") String user); Response getDeviceCountOfUser(@PathParam("user") String user);
/** /**
@ -124,6 +138,7 @@ public interface Device {
@ApiResponse(code = 200, message = "Device count"), @ApiResponse(code = 200, message = "Device count"),
@ApiResponse(code = 500, message = "Error occurred while fetching the device count") @ApiResponse(code = 500, message = "Error occurred while fetching the device count")
}) })
@Permission(scope = "device-list", permissions = {"/permission/admin/device-mgt/admin/devices/list"})
Response getDeviceCount(); Response getDeviceCount();
/** /**
@ -135,6 +150,7 @@ public interface Device {
*/ */
@GET @GET
@Path("name/{name}/{tenantDomain}") @Path("name/{name}/{tenantDomain}")
@ApiOperation( @ApiOperation(
httpMethod = "GET", httpMethod = "GET",
value = "Get the device details of a specific device via the REST API", value = "Get the device details of a specific device via the REST API",
@ -145,11 +161,12 @@ public interface Device {
@ApiResponse(code = 200, message = "List of devices"), @ApiResponse(code = 200, message = "List of devices"),
@ApiResponse(code = 500, message = "Error occurred while fetching the devices list of device name") @ApiResponse(code = 500, message = "Error occurred while fetching the devices list of device name")
}) })
Response getDevicesByName(@ApiParam(name = "name", value = "The name of the device or windows", @Permission(scope = "device-list", permissions = {"/permission/admin/device-mgt/admin/devices/list"})
required = true) @PathParam("name") String deviceName, Response getDevicesByName(@ApiParam(name = "name", value = "The name of the device or windows", required = true)
@PathParam("name") String deviceName,
@ApiParam(name = "tenantDomain", value = "Tenant domain name. The default " @ApiParam(name = "tenantDomain", value = "Tenant domain name. The default "
+ "tenant domain of WSO2 EMM is carbon.super", required = true) + "tenant domain of WSO2 EMM is carbon.super", required = true)
@PathParam("tenantDomain") String tenantDomain); @PathParam("tenantDomain") String tenantDomain);
/** /**
* Get the list of available device types. * Get the list of available device types.
@ -168,6 +185,7 @@ public interface Device {
@ApiResponses(value = { @ApiResponses(value = {
@ApiResponse(code = 200, message = "List of devices based on the type"), @ApiResponse(code = 200, message = "List of devices based on the type"),
@ApiResponse(code = 500, message = "Error occurred while fetching the list of device types") }) @ApiResponse(code = 500, message = "Error occurred while fetching the list of device types") })
@Permission(scope = "device-list", permissions = {"/permission/admin/device-mgt/admin/devices/list"})
Response getDeviceTypes(); Response getDeviceTypes();
/** /**
@ -177,6 +195,8 @@ public interface Device {
*/ */
@PUT @PUT
@Path("type/{type}/id/{deviceId}") @Path("type/{type}/id/{deviceId}")
@Permission(scope = "device-modify", permissions = {
"/permission/admin/device-mgt/user/devices/modify", "/permission/admin/device-mgt/admin/devices/modify"})
Response updateDevice(@PathParam("type") String deviceType, @PathParam("deviceId") String deviceId, Response updateDevice(@PathParam("type") String deviceType, @PathParam("deviceId") String deviceId,
org.wso2.carbon.device.mgt.common.Device updatedDevice); org.wso2.carbon.device.mgt.common.Device updatedDevice);
@ -187,6 +207,8 @@ public interface Device {
*/ */
@DELETE @DELETE
@Path("type/{type}/id/{deviceId}") @Path("type/{type}/id/{deviceId}")
@Permission(scope = "device-modify", permissions = {
"/permission/admin/device-mgt/user/devices/modify", "/permission/admin/device-mgt/admin/devices/modify"})
Response disenrollDevice(@PathParam("type") String deviceType, @PathParam("deviceId") String deviceId); Response disenrollDevice(@PathParam("type") String deviceType, @PathParam("deviceId") String deviceId);
} }

@ -19,6 +19,7 @@
package org.wso2.carbon.device.mgt.jaxrs.api; package org.wso2.carbon.device.mgt.jaxrs.api;
import io.swagger.annotations.*; import io.swagger.annotations.*;
import org.wso2.carbon.apimgt.annotations.api.*;
import org.wso2.carbon.device.mgt.common.DeviceIdentifier; import org.wso2.carbon.device.mgt.common.DeviceIdentifier;
import org.wso2.carbon.device.mgt.common.device.details.DeviceInfo; import org.wso2.carbon.device.mgt.common.device.details.DeviceInfo;
import org.wso2.carbon.device.mgt.common.device.details.DeviceLocation; import org.wso2.carbon.device.mgt.common.device.details.DeviceLocation;
@ -34,6 +35,9 @@ import java.util.List;
/** /**
* Device information related operations. * Device information related operations.
*/ */
@API(name = "Device Information", version = "1.0.0", context = "/devicemgt_admin/information", tags = {"devicemgt_admin"})
// Below Api is for swagger annotations
@Path("/information") @Path("/information")
@Api(value = "DeviceInformation", description = "Device information related operations can be found here.") @Api(value = "DeviceInformation", description = "Device information related operations can be found here.")
@SuppressWarnings("NonJaxWsWebServices") @SuppressWarnings("NonJaxWsWebServices")
@ -53,6 +57,7 @@ public interface DeviceInformation {
@ApiResponse(code = 400, message = ""), @ApiResponse(code = 400, message = ""),
@ApiResponse(code = 500, message = "Internal Server Error") @ApiResponse(code = 500, message = "Internal Server Error")
}) })
@Permission(scope = "device-info", permissions = {"/permission/admin/device-mgt/admin/devices/list"})
Response getDeviceInfo(@ApiParam(name = "type", value = "Provide the device type, such as ios, android " Response getDeviceInfo(@ApiParam(name = "type", value = "Provide the device type, such as ios, android "
+ "or windows", required = true) @PathParam("type") String type, + "or windows", required = true) @PathParam("type") String type,
@ApiParam(name = "id", value = "Provide the device identifier", required = true) @ApiParam(name = "id", value = "Provide the device identifier", required = true)
@ -60,7 +65,7 @@ public interface DeviceInformation {
@POST @POST
@Path("{list}") @Path("list")
@ApiOperation( @ApiOperation(
produces = MediaType.APPLICATION_JSON, produces = MediaType.APPLICATION_JSON,
httpMethod = "POST", httpMethod = "POST",
@ -75,6 +80,7 @@ public interface DeviceInformation {
@ApiResponse(code = 400, message = ""), @ApiResponse(code = 400, message = ""),
@ApiResponse(code = 500, message = "Internal Server Error") @ApiResponse(code = 500, message = "Internal Server Error")
}) })
@Permission(scope = "device-info", permissions = {"/permission/admin/device-mgt/admin/devices/list"})
Response getDevicesInfo(@ApiParam(name = "deviceIdentifiers", value = "List of device identifiers", Response getDevicesInfo(@ApiParam(name = "deviceIdentifiers", value = "List of device identifiers",
required = true) List<DeviceIdentifier> deviceIdentifiers); required = true) List<DeviceIdentifier> deviceIdentifiers);
@ -93,6 +99,7 @@ public interface DeviceInformation {
@ApiResponse(code = 400, message = ""), @ApiResponse(code = 400, message = ""),
@ApiResponse(code = 500, message = "Internal Server Error") @ApiResponse(code = 500, message = "Internal Server Error")
}) })
@Permission(scope = "device-info", permissions = {"/permission/admin/device-mgt/admin/devices/list"})
Response getDeviceLocation(@ApiParam(name = "type", value = "Provide the device type, such as ios, " Response getDeviceLocation(@ApiParam(name = "type", value = "Provide the device type, such as ios, "
+ "android or windows", required = true) @PathParam("type") String type, + "android or windows", required = true) @PathParam("type") String type,
@ApiParam(name = "id", value = "Provide the device identifier", @ApiParam(name = "id", value = "Provide the device identifier",

@ -18,21 +18,11 @@
package org.wso2.carbon.device.mgt.jaxrs.api; package org.wso2.carbon.device.mgt.jaxrs.api;
import io.swagger.annotations.Api; import io.swagger.annotations.*;
import io.swagger.annotations.ApiOperation; import org.wso2.carbon.apimgt.annotations.api.*;
import io.swagger.annotations.ApiParam;
import io.swagger.annotations.ApiResponse;
import io.swagger.annotations.ApiResponses;
import org.wso2.carbon.device.mgt.common.notification.mgt.Notification; import org.wso2.carbon.device.mgt.common.notification.mgt.Notification;
import org.wso2.carbon.device.mgt.jaxrs.api.util.ResponsePayload;
import javax.ws.rs.Consumes; import javax.ws.rs.*;
import javax.ws.rs.GET;
import javax.ws.rs.POST;
import javax.ws.rs.PUT;
import javax.ws.rs.Path;
import javax.ws.rs.PathParam;
import javax.ws.rs.Produces;
import javax.ws.rs.core.MediaType; import javax.ws.rs.core.MediaType;
import javax.ws.rs.core.Response; import javax.ws.rs.core.Response;
@ -40,6 +30,9 @@ import javax.ws.rs.core.Response;
* DeviceNotification management REST-API implementation. * DeviceNotification management REST-API implementation.
* All end points support JSON, XMl with content negotiation. * All end points support JSON, XMl with content negotiation.
*/ */
@API(name = "Device Notification", version = "1.0.0", context = "/devicemgt_admin/notifications", tags = {"devicemgt_admin"})
// Below Api is for swagger annotations
@Api(value = "DeviceNotification", description = "Device notification related operations can be found here.") @Api(value = "DeviceNotification", description = "Device notification related operations can be found here.")
@SuppressWarnings("NonJaxWsWebServices") @SuppressWarnings("NonJaxWsWebServices")
@Path("/notifications") @Path("/notifications")
@ -62,6 +55,9 @@ public interface DeviceNotification {
responseContainer = "List"), responseContainer = "List"),
@ApiResponse(code = 500, message = "Error occurred while retrieving the notification list") @ApiResponse(code = 500, message = "Error occurred while retrieving the notification list")
}) })
@Permission(scope = "device-notification-view", permissions = {
"/permission/admin/device-mgt/admin/notifications/view",
"/permission/admin/device-mgt/user/notifications/view"})
Response getNotifications(); Response getNotifications();
@GET @GET
@ -80,6 +76,9 @@ public interface DeviceNotification {
responseContainer = "List"), responseContainer = "List"),
@ApiResponse(code = 500, message = "Error occurred while retrieving the notification list") @ApiResponse(code = 500, message = "Error occurred while retrieving the notification list")
}) })
@Permission(scope = "device-notification-view", permissions = {
"/permission/admin/device-mgt/admin/notifications/view",
"/permission/admin/device-mgt/user/notifications/view"})
Response getNotificationsByStatus(@ApiParam(name = "status", value = "Provide the notification status as" Response getNotificationsByStatus(@ApiParam(name = "status", value = "Provide the notification status as"
+ " the value for {status}", required = true) + " the value for {status}", required = true)
@PathParam("status") Notification.Status status); @PathParam("status") Notification.Status status);
@ -97,6 +96,8 @@ public interface DeviceNotification {
@ApiResponse(code = 201, message = "Notification status updated successfully"), @ApiResponse(code = 201, message = "Notification status updated successfully"),
@ApiResponse(code = 500, message = "Error occurred while updating notification status") @ApiResponse(code = 500, message = "Error occurred while updating notification status")
}) })
@Permission(scope = "device-notification-modify",
permissions = {"/permission/admin/device-mgt/admin/notifications/modify"})
Response updateNotificationStatus(@ApiParam(name = "id", value = "Provide the ID of the notification" Response updateNotificationStatus(@ApiParam(name = "id", value = "Provide the ID of the notification"
+ " you wish you update", required = true) @PathParam("id") int id, + " you wish you update", required = true) @PathParam("id") int id,
@ApiParam(name = "status", value = "Provide the notification status as" @ApiParam(name = "status", value = "Provide the notification status as"
@ -114,6 +115,8 @@ public interface DeviceNotification {
@ApiResponse(code = 201, message = "NNotification has added successfully"), @ApiResponse(code = 201, message = "NNotification has added successfully"),
@ApiResponse(code = 500, message = "Error occurred while updating notification status") @ApiResponse(code = 500, message = "Error occurred while updating notification status")
}) })
@Permission(scope = "device-notification-modify",
permissions = {"/permission/admin/device-mgt/admin/notifications/modify"})
Response addNotification(Notification notification); Response addNotification(Notification notification);
} }

@ -19,6 +19,7 @@
package org.wso2.carbon.device.mgt.jaxrs.api; package org.wso2.carbon.device.mgt.jaxrs.api;
import io.swagger.annotations.*; import io.swagger.annotations.*;
import org.wso2.carbon.apimgt.annotations.api.*;
import org.wso2.carbon.device.mgt.common.device.details.DeviceWrapper; import org.wso2.carbon.device.mgt.common.device.details.DeviceWrapper;
import org.wso2.carbon.device.mgt.common.search.SearchContext; import org.wso2.carbon.device.mgt.common.search.SearchContext;
@ -30,6 +31,9 @@ import javax.ws.rs.core.Response;
/** /**
* Device search related operations such as getting device information. * Device search related operations such as getting device information.
*/ */
@API(name = "Device Search", version = "1.0.0", context = "/devicemgt_admin/search", tags = {"devicemgt_admin"})
// Below Api is for swagger annotations
@Path("/search") @Path("/search")
@Api(value = "DeviceSearch", description = "Device searching related operations can be found here.") @Api(value = "DeviceSearch", description = "Device searching related operations can be found here.")
@SuppressWarnings("NonJaxWsWebServices") @SuppressWarnings("NonJaxWsWebServices")
@ -47,6 +51,7 @@ public interface DeviceSearch {
@ApiResponse(code = 200, message = "OK", response = DeviceWrapper.class, responseContainer = "List"), @ApiResponse(code = 200, message = "OK", response = DeviceWrapper.class, responseContainer = "List"),
@ApiResponse(code = 500, message = "Error occurred while searching the device information") @ApiResponse(code = 500, message = "Error occurred while searching the device information")
}) })
@Permission(scope = "device-search", permissions = {"/permission/admin/device-mgt/admin/devices/list"})
Response getFilteredDeviceInfo(@ApiParam(name = "enrollmentCertificates", value = "List of search conditions", Response getFilteredDeviceInfo(@ApiParam(name = "enrollmentCertificates", value = "List of search conditions",
required = true) SearchContext searchContext); required = true) SearchContext searchContext);
} }

@ -19,19 +19,18 @@
package org.wso2.carbon.device.mgt.jaxrs.api; package org.wso2.carbon.device.mgt.jaxrs.api;
import io.swagger.annotations.*; import io.swagger.annotations.*;
import org.wso2.carbon.apimgt.annotations.api.*;
import javax.ws.rs.Consumes; import javax.ws.rs.*;
import javax.ws.rs.GET;
import javax.ws.rs.Path;
import javax.ws.rs.PathParam;
import javax.ws.rs.Produces;
import javax.ws.rs.core.MediaType; import javax.ws.rs.core.MediaType;
import javax.ws.rs.core.Response; import javax.ws.rs.core.Response;
/** /**
* Features * Features
*/ */
@API(name = "Device Search", version = "1.0.0", context = "/devicemgt_admin/features", tags = {"devicemgt_admin"})
// Below Api is for swagger annotations
@Api(value = "Feature", description = "Feature management related operations can be found here.") @Api(value = "Feature", description = "Feature management related operations can be found here.")
@SuppressWarnings("NonJaxWsWebServices") @SuppressWarnings("NonJaxWsWebServices")
@Path("/features") @Path("/features")
@ -59,6 +58,8 @@ public interface Feature {
@ApiResponses(value = { @ApiResponse(code = 200, message = "List of Features"), @ApiResponses(value = { @ApiResponse(code = 200, message = "List of Features"),
@ApiResponse(code = 500, message = "Error occurred while retrieving the list of features" + @ApiResponse(code = 500, message = "Error occurred while retrieving the list of features" +
".") }) ".") })
@Permission(scope = "device-search", permissions = {"/permission/admin/device-mgt/admin/devices/view",
"/permission/admin/device-mgt/user/devices/view"})
Response getFeatures(@ApiParam(name = "type", value = "Provide the device type, such as ios, android or windows", Response getFeatures(@ApiParam(name = "type", value = "Provide the device type, such as ios, android or windows",
required = true) @PathParam("type") String type); required = true) @PathParam("type") String type);

@ -19,6 +19,8 @@
package org.wso2.carbon.device.mgt.jaxrs.api; package org.wso2.carbon.device.mgt.jaxrs.api;
import io.swagger.annotations.Api; import io.swagger.annotations.Api;
import org.wso2.carbon.apimgt.annotations.api.API;
import org.wso2.carbon.apimgt.annotations.api.Permission;
import org.wso2.carbon.device.mgt.common.DeviceIdentifier; import org.wso2.carbon.device.mgt.common.DeviceIdentifier;
import org.wso2.carbon.device.mgt.common.group.mgt.DeviceGroup; import org.wso2.carbon.device.mgt.common.group.mgt.DeviceGroup;
@ -35,80 +37,93 @@ import javax.ws.rs.QueryParam;
import javax.ws.rs.core.Response; import javax.ws.rs.core.Response;
import java.util.List; import java.util.List;
@API(name = "Group", version = "1.0.0", context = "/devicemgt_admin/groups", tags = {"devicemgt_admin"})
// Below Api is for swagger annotations
@Path("/groups") @Path("/groups")
@Api(value = "Group", description = "Group related operations such as get all the available groups, etc.") @Api(value = "Group", description = "Group related operations such as get all the available groups, etc.")
@SuppressWarnings("NonJaxWsWebServices") @SuppressWarnings("NonJaxWsWebServices")
public interface Group { public interface Group {
@GET
@Produces("application/json")
@Permission(scope = "group-view", permissions = {"/permission/admin/device-mgt/user/groups/list"})
Response getGroups(@QueryParam("start") int startIndex, @QueryParam("length") int length);
@POST @POST
@Consumes("application/json") @Consumes("application/json")
@Permission(scope = "group-add", permissions = {"/permission/admin/device-mgt/user/groups/add"})
Response createGroup(DeviceGroup group); Response createGroup(DeviceGroup group);
@Path("/owner/{owner}/name/{groupName}")
@GET
@Produces("application/json")
@Permission(scope = "group-view", permissions = {"/permission/admin/device-mgt/user/groups/view"})
Response getGroup(@PathParam("groupName") String groupName, @PathParam("owner") String owner);
@Path("/owner/{owner}/name/{groupName}") @Path("/owner/{owner}/name/{groupName}")
@PUT @PUT
@Consumes("application/json") @Consumes("application/json")
@Produces("application/json") @Produces("application/json")
@Permission(scope = "group-modify", permissions = {"/permission/admin/device-mgt/user/groups/update"})
Response updateGroup(@PathParam("groupName") String groupName, @PathParam("owner") String owner, Response updateGroup(@PathParam("groupName") String groupName, @PathParam("owner") String owner,
DeviceGroup deviceGroup); DeviceGroup deviceGroup);
@Path("/owner/{owner}/name/{groupName}") @Path("/owner/{owner}/name/{groupName}")
@DELETE @DELETE
@Permission(scope = "group-remove", permissions = {"/permission/admin/device-mgt/user/groups/remove"})
Response deleteGroup(@PathParam("groupName") String groupName, @PathParam("owner") String owner); Response deleteGroup(@PathParam("groupName") String groupName, @PathParam("owner") String owner);
@GET
@Produces("application/json")
Response getGroups(@QueryParam("start") int startIndex, @QueryParam("length") int length);
@Path("/all") @Path("/all")
@GET @GET
@Produces("application/json") @Produces("application/json")
@Permission(scope = "group-view", permissions = {"/permission/admin/device-mgt/user/groups/list"})
Response getAllGroups(); Response getAllGroups();
@Path("/user/{user}") @Path("/user/{user}")
@GET @GET
@Produces("application/json") @Produces("application/json")
@Permission(scope = "group-view", permissions = {"/permission/admin/device-mgt/user/groups/list"})
Response getGroups(@PathParam("user") String userName, @QueryParam("start") int startIndex, Response getGroups(@PathParam("user") String userName, @QueryParam("start") int startIndex,
@QueryParam("length") int length); @QueryParam("length") int length);
@Path("/user/{user}/all")
@GET
@Produces("application/json")
Response getGroups(@PathParam("user") String userName);
@Path("/owner/{owner}/name/{groupName}")
@GET
@Produces("application/json")
Response getGroup(@PathParam("groupName") String groupName, @PathParam("owner") String owner);
@Path("/user/{user}/search") @Path("/user/{user}/search")
@GET @GET
@Produces("application/json") @Produces("application/json")
@Permission(scope = "group-view", permissions = {"/permission/admin/device-mgt/user/groups/list"})
Response findGroups(@QueryParam("groupName") String groupName, @PathParam("user") String user); Response findGroups(@QueryParam("groupName") String groupName, @PathParam("user") String user);
@Path("/user/{user}/all") @Path("/user/{user}/all")
@GET @GET
@Produces("application/json") @Produces("application/json")
@Permission(scope = "group-view", permissions = {"/permission/admin/device-mgt/user/groups/list"})
Response getGroups(@PathParam("user") String userName, @QueryParam("permission") String permission); Response getGroups(@PathParam("user") String userName, @QueryParam("permission") String permission);
@Path("/count") @Path("/count")
@GET @GET
@Produces("application/json") @Produces("application/json")
@Permission(scope = "group-view", permissions = {"/permission/admin/device-mgt/user/groups/list"})
Response getAllGroupCount(); Response getAllGroupCount();
@Path("/user/{user}/count") @Path("/user/{user}/count")
@GET @GET
@Produces("application/json") @Produces("application/json")
@Permission(scope = "group-view", permissions = {"/permission/admin/device-mgt/user/groups/list"})
Response getGroupCount(@PathParam("user") String userName); Response getGroupCount(@PathParam("user") String userName);
@Path("/owner/{owner}/name/{groupName}/share") @Path("/owner/{owner}/name/{groupName}/share")
@PUT @PUT
@Produces("application/json") @Produces("application/json")
@Permission(scope = "group-share", permissions = {"/permission/admin/device-mgt/user/groups/share"})
Response shareGroup(@PathParam("groupName") String groupName, @PathParam("owner") String owner, Response shareGroup(@PathParam("groupName") String groupName, @PathParam("owner") String owner,
@FormParam("shareUser") String shareUser, @FormParam("roleName") String sharingRole); @FormParam("shareUser") String shareUser, @FormParam("roleName") String sharingRole);
@Path("/owner/{owner}/name/{groupName}/unshare") @Path("/owner/{owner}/name/{groupName}/unshare")
@PUT @PUT
@Produces("application/json") @Produces("application/json")
@Permission(scope = "group-share", permissions = {"/permission/admin/device-mgt/user/groups/unshare"})
Response unShareGroup(@PathParam("groupName") String groupName, @PathParam("owner") String owner, Response unShareGroup(@PathParam("groupName") String groupName, @PathParam("owner") String owner,
@FormParam("unShareUser") String unShareUser, @FormParam("unShareUser") String unShareUser,
@FormParam("roleName") String sharingRole); @FormParam("roleName") String sharingRole);
@ -116,58 +131,68 @@ public interface Group {
@Path("/owner/{owner}/name/{groupName}/share/roles/{roleName}/permissions") @Path("/owner/{owner}/name/{groupName}/share/roles/{roleName}/permissions")
@PUT @PUT
@Produces("application/json") @Produces("application/json")
@Permission(scope = "group-add", permissions = {"/permission/admin/device-mgt/admin/groups/roles/permissions/add"})
Response addSharing(@QueryParam("shareUser") String shareUser, @PathParam("groupName") String groupName, Response addSharing(@QueryParam("shareUser") String shareUser, @PathParam("groupName") String groupName,
@PathParam("owner") String owner, @PathParam("roleName") String roleName, String[] permissions); @PathParam("owner") String owner, @PathParam("roleName") String roleName, String[] permissions);
@DELETE @DELETE
@Path("/owner/{owner}/name/{groupName}/share/roles/{roleName}/permissions") @Path("/owner/{owner}/name/{groupName}/share/roles/{roleName}/permissions")
@Produces("application/json") @Produces("application/json")
@Permission(scope = "group-remove", permissions = {"/permission/admin/device-mgt/admin/groups/roles/permissions/remove"})
Response removeSharing(@QueryParam("userName") String userName, @PathParam("groupName") String groupName, Response removeSharing(@QueryParam("userName") String userName, @PathParam("groupName") String groupName,
@PathParam("owner") String owner, @PathParam("roleName") String roleName); @PathParam("owner") String owner, @PathParam("roleName") String roleName);
@GET @GET
@Path("/owner/{owner}/name/{groupName}/share/roles") @Path("/owner/{owner}/name/{groupName}/share/roles")
@Produces("application/json") @Produces("application/json")
@Permission(scope = "group-view", permissions = {"/permission/admin/device-mgt/admin/groups/roles"})
Response getRoles(@PathParam("groupName") String groupName, @PathParam("owner") String owner, Response getRoles(@PathParam("groupName") String groupName, @PathParam("owner") String owner,
@QueryParam("userName") String userName); @QueryParam("userName") String userName);
@PUT @PUT
@Path("/owner/{owner}/name/{groupName}/user/{userName}/share/roles") @Path("/owner/{owner}/name/{groupName}/user/{userName}/share/roles")
@Produces("application/json") @Produces("application/json")
@Permission(scope = "group-modify", permissions = {"/permission/admin/device-mgt/admin/groups/roles"})
Response setRoles(@PathParam("groupName") String groupName, @PathParam("owner") String owner, Response setRoles(@PathParam("groupName") String groupName, @PathParam("owner") String owner,
@PathParam("userName") String userName, List<String> selectedRoles); @PathParam("userName") String userName, List<String> selectedRoles);
@GET @GET
@Path("/owner/{owner}/name/{groupName}/users") @Path("/owner/{owner}/name/{groupName}/users")
@Produces("application/json") @Produces("application/json")
@Permission(scope = "group-view", permissions = {"/permission/admin/device-mgt/user/groups/list"})
Response getUsers(@PathParam("groupName") String groupName, @PathParam("owner") String owner); Response getUsers(@PathParam("groupName") String groupName, @PathParam("owner") String owner);
@GET @GET
@Path("/owner/{owner}/name/{groupName}/devices") @Path("/owner/{owner}/name/{groupName}/devices")
@Produces("application/json") @Produces("application/json")
@Permission(scope = "group-view", permissions = {"/permission/admin/device-mgt/admin/groups/roles"})
Response getDevices(@PathParam("groupName") String groupName, @PathParam("owner") String owner, Response getDevices(@PathParam("groupName") String groupName, @PathParam("owner") String owner,
@QueryParam("start") int startIdx, @QueryParam("length") int length); @QueryParam("start") int startIdx, @QueryParam("length") int length);
@GET @GET
@Path("/owner/{owner}/name/{groupName}/devices/count") @Path("/owner/{owner}/name/{groupName}/devices/count")
@Produces("application/json") @Produces("application/json")
@Permission(scope = "group-view", permissions = {"/permission/admin/device-mgt/user/groups/devices/count"})
Response getDeviceCount(@PathParam("groupName") String groupName, @PathParam("owner") String owner); Response getDeviceCount(@PathParam("groupName") String groupName, @PathParam("owner") String owner);
@POST @POST
@Path("/owner/{owner}/name/{groupName}/devices") @Path("/owner/{owner}/name/{groupName}/devices")
@Produces("application/json") @Produces("application/json")
@Permission(scope = "group-add", permissions = {"/permission/admin/device-mgt/user/groups/devices/add"})
Response addDevice(@PathParam("groupName") String groupName, @PathParam("owner") String owner, Response addDevice(@PathParam("groupName") String groupName, @PathParam("owner") String owner,
DeviceIdentifier deviceIdentifier); DeviceIdentifier deviceIdentifier);
@DELETE @DELETE
@Path("/owner/{owner}/name/{groupName}/devices/{deviceType}/{deviceId}") @Path("/owner/{owner}/name/{groupName}/devices/{deviceType}/{deviceId}")
@Produces("application/json") @Produces("application/json")
@Permission(scope = "group-remove", permissions = {"/permission/admin/device-mgt/user/groups/devices/remove"})
Response removeDevice(@PathParam("groupName") String groupName, @PathParam("owner") String owner, Response removeDevice(@PathParam("groupName") String groupName, @PathParam("owner") String owner,
@PathParam("deviceId") String deviceId, @PathParam("deviceType") String deviceType); @PathParam("deviceId") String deviceId, @PathParam("deviceType") String deviceType);
@GET @GET
@Path("/owner/{owner}/name/{groupName}/users/{userName}/permissions") @Path("/owner/{owner}/name/{groupName}/users/{userName}/permissions")
@Produces("application/json") @Produces("application/json")
@Permission(scope = "group-view", permissions = {"/permission/admin/device-mgt/user/groups/roles/permissions"})
Response getPermissions(@PathParam("userName") String userName, @PathParam("groupName") String groupName, Response getPermissions(@PathParam("userName") String userName, @PathParam("groupName") String groupName,
@PathParam("owner") String owner); @PathParam("owner") String owner);
} }

@ -19,6 +19,7 @@
package org.wso2.carbon.device.mgt.jaxrs.api; package org.wso2.carbon.device.mgt.jaxrs.api;
import io.swagger.annotations.Api; import io.swagger.annotations.Api;
import org.wso2.carbon.apimgt.annotations.api.*;
import javax.ws.rs.*; import javax.ws.rs.*;
import javax.ws.rs.core.MediaType; import javax.ws.rs.core.MediaType;
@ -27,6 +28,9 @@ import javax.ws.rs.core.Response;
/** /**
* This class represents license related operations. * This class represents license related operations.
*/ */
@API(name = "License", version = "1.0.0", context = "/devicemgt_admin/license", tags = {"devicemgt_admin"})
// Below Api is for swagger annotations
@Api(value = "License") @Api(value = "License")
@Path("/license") @Path("/license")
@SuppressWarnings("NonJaxWsWebServices") @SuppressWarnings("NonJaxWsWebServices")
@ -42,6 +46,8 @@ public interface License {
@GET @GET
@Path("{deviceType}/{languageCode}") @Path("{deviceType}/{languageCode}")
@Produces({ MediaType.APPLICATION_JSON }) @Produces({ MediaType.APPLICATION_JSON })
@Permission(scope = "license-view", permissions = {"/permission/admin/device-mgt/admin/device/view",
"/permission/admin/device-mgt/user/devices/view"})
Response getLicense(@PathParam("deviceType") String deviceType, Response getLicense(@PathParam("deviceType") String deviceType,
@PathParam("languageCode") String languageCode); @PathParam("languageCode") String languageCode);
@ -54,6 +60,7 @@ public interface License {
*/ */
@POST @POST
@Path("{deviceType}") @Path("{deviceType}")
@Permission(scope = "license-add", permissions = {"/permission/admin/device-mgt/admin/devices/view"})
Response addLicense(@PathParam("deviceType") String deviceType, Response addLicense(@PathParam("deviceType") String deviceType,
org.wso2.carbon.device.mgt.common.license.mgt.License license); org.wso2.carbon.device.mgt.common.license.mgt.License license);
} }

@ -19,6 +19,7 @@
package org.wso2.carbon.device.mgt.jaxrs.api; package org.wso2.carbon.device.mgt.jaxrs.api;
import io.swagger.annotations.*; import io.swagger.annotations.*;
import org.wso2.carbon.apimgt.annotations.api.*;
import org.wso2.carbon.device.mgt.common.app.mgt.Application; import org.wso2.carbon.device.mgt.common.app.mgt.Application;
import org.wso2.carbon.device.mgt.jaxrs.api.common.MDMAPIException; import org.wso2.carbon.device.mgt.jaxrs.api.common.MDMAPIException;
import org.wso2.carbon.device.mgt.jaxrs.api.context.DeviceOperationContext; import org.wso2.carbon.device.mgt.jaxrs.api.context.DeviceOperationContext;
@ -31,12 +32,18 @@ import javax.ws.rs.core.Response;
/** /**
* *
*/ */
@API(name = "Operation", version = "1.0.0", context = "/devicemgt_admin/operations", tags = {"devicemgt_admin"})
// Below Api is for swagger annotations
@Path("/operations") @Path("/operations")
@Api(value = "Operation", description = "Operation management related operations can be found here.") @Api(value = "Operation", description = "Operation management related operations can be found here.")
public interface Operation { public interface Operation {
/* @deprecated */ /* @deprecated */
@GET @GET
@Permission(scope = "operation-view", permissions = {
"/permission/admin/device-mgt/admin/devices/view",
"/permission/admin/device-mgt/user/devices/view"})
Response getAllOperations(); Response getAllOperations();
@GET @GET
@ -56,6 +63,9 @@ public interface Operation {
@ApiResponses(value = {@ApiResponse(code = 200, message = "List of Operations on a device."), @ApiResponses(value = {@ApiResponse(code = 200, message = "List of Operations on a device."),
@ApiResponse(code = 500, message = "Error occurred while fetching the operations for the " + @ApiResponse(code = 500, message = "Error occurred while fetching the operations for the " +
"device.")}) "device.")})
@Permission(scope = "operation-view", permissions = {
"/permission/admin/device-mgt/admin/devices/view",
"/permission/admin/device-mgt/user/devices/view"})
Response getDeviceOperations(@ApiParam(name = "type", value = "Define the device type as the value for {type}. " + Response getDeviceOperations(@ApiParam(name = "type", value = "Define the device type as the value for {type}. " +
"Example: ios, android or windows.", "Example: ios, android or windows.",
required = true) @PathParam("type") String type, required = true) @PathParam("type") String type,
@ -85,6 +95,9 @@ public interface Operation {
@ApiResponses(value = {@ApiResponse(code = 200, message = "List of Operations on a device."), @ApiResponses(value = {@ApiResponse(code = 200, message = "List of Operations on a device."),
@ApiResponse(code = 500, message = "Error occurred while fetching the operations for the " + @ApiResponse(code = 500, message = "Error occurred while fetching the operations for the " +
"device.")}) "device.")})
@Permission(scope = "operation-view", permissions = {
"/permission/admin/device-mgt/admin/devices/view",
"/permission/admin/device-mgt/user/devices/view"})
Response getAllDeviceOperations(@ApiParam(name = "type", value = "Define the device type as the value for {type}. " + Response getAllDeviceOperations(@ApiParam(name = "type", value = "Define the device type as the value for {type}. " +
"Example: ios, android or windows.", "Example: ios, android or windows.",
required = true) @PathParam("type") String type, required = true) @PathParam("type") String type,
@ -93,6 +106,8 @@ public interface Operation {
/* @deprecated */ /* @deprecated */
@POST @POST
@Permission(scope = "operation-modify", permissions = {
"/permission/admin/device-mgt/admin/devices/add"})
Response addOperation(DeviceOperationContext operationContext); Response addOperation(DeviceOperationContext operationContext);
@GET @GET
@ -108,6 +123,9 @@ public interface Operation {
@ApiResponses(value = {@ApiResponse(code = 200, message = "List of installed application details of a device.", response = Application.class, responseContainer = "List"), @ApiResponses(value = {@ApiResponse(code = 200, message = "List of installed application details of a device.", response = Application.class, responseContainer = "List"),
@ApiResponse(code = 500, message = "Error occurred while fetching the apps of the device" + @ApiResponse(code = 500, message = "Error occurred while fetching the apps of the device" +
".")}) ".")})
@Permission(scope = "operation-view", permissions = {
"/permission/admin/device-mgt/admin/devices/view",
"/permission/admin/device-mgt/user/devices/view"})
Response getInstalledApps(@ApiParam(name = "type", value = "Define the device type as the value for {type}. " + Response getInstalledApps(@ApiParam(name = "type", value = "Define the device type as the value for {type}. " +
"Example: ios, android or windows.", "Example: ios, android or windows.",
required = true) @PathParam("type") String type, required = true) @PathParam("type") String type,
@ -116,6 +134,8 @@ public interface Operation {
@POST @POST
@Path("installApp/{tenantDomain}") @Path("installApp/{tenantDomain}")
@Permission(scope = "operation-install",
permissions = {"/permission/admin/device-mgt/admin/operations/applications/install-applications"})
@ApiOperation( @ApiOperation(
consumes = MediaType.APPLICATION_JSON + ", " + MediaType.APPLICATION_XML, consumes = MediaType.APPLICATION_JSON + ", " + MediaType.APPLICATION_XML,
produces = MediaType.APPLICATION_JSON + ", " + MediaType.APPLICATION_XML, produces = MediaType.APPLICATION_JSON + ", " + MediaType.APPLICATION_XML,
@ -143,6 +163,8 @@ public interface Operation {
notes = "Uninstall a selected application from a device.") notes = "Uninstall a selected application from a device.")
@ApiResponses(value = {@ApiResponse(code = 200, message = "Operation was successfully added to the queue."), @ApiResponses(value = {@ApiResponse(code = 200, message = "Operation was successfully added to the queue."),
@ApiResponse(code = 500, message = "Error occurred while saving the operation.")}) @ApiResponse(code = 500, message = "Error occurred while saving the operation.")})
@Permission(scope = "operation-uninstall",
permissions = {"/permission/admin/device-mgt/admin/operations/applications/uninstall-applications"})
Response uninstallApplication(@ApiParam(name = "applicationWrapper", value = "Details about the application and" + Response uninstallApplication(@ApiParam(name = "applicationWrapper", value = "Details about the application and" +
" the users and roles it should be " + " the users and roles it should be " +
"uninstalled.", "uninstalled.",
@ -163,6 +185,7 @@ public interface Operation {
notes = "This will return the operation details including the responses from the devices") notes = "This will return the operation details including the responses from the devices")
@ApiResponses(value = {@ApiResponse(code = 200, message = "Activity details provided successfully.."), @ApiResponses(value = {@ApiResponse(code = 200, message = "Activity details provided successfully.."),
@ApiResponse(code = 500, message = "Error occurred while fetching the activity for the supplied id.")}) @ApiResponse(code = 500, message = "Error occurred while fetching the activity for the supplied id.")})
@Permission(scope = "operation-view", permissions = {"/permission/admin/device-mgt/admin/devices/view"})
Response getActivity(@ApiParam(name = "id", value = "Provide activity id {id} as ACTIVITY_(number)", Response getActivity(@ApiParam(name = "id", value = "Provide activity id {id} as ACTIVITY_(number)",
required = true) @PathParam("id") String id) required = true) @PathParam("id") String id)
throws MDMAPIException; throws MDMAPIException;

@ -19,6 +19,7 @@
package org.wso2.carbon.device.mgt.jaxrs.api; package org.wso2.carbon.device.mgt.jaxrs.api;
import io.swagger.annotations.*; import io.swagger.annotations.*;
import org.wso2.carbon.apimgt.annotations.api.*;
import org.wso2.carbon.device.mgt.jaxrs.api.common.MDMAPIException; import org.wso2.carbon.device.mgt.jaxrs.api.common.MDMAPIException;
import org.wso2.carbon.device.mgt.jaxrs.beans.PolicyWrapper; import org.wso2.carbon.device.mgt.jaxrs.beans.PolicyWrapper;
import org.wso2.carbon.device.mgt.jaxrs.beans.PriorityUpdatedPolicyWrapper; import org.wso2.carbon.device.mgt.jaxrs.beans.PriorityUpdatedPolicyWrapper;
@ -28,6 +29,9 @@ import javax.ws.rs.core.MediaType;
import javax.ws.rs.core.Response; import javax.ws.rs.core.Response;
import java.util.List; import java.util.List;
@API(name = "Policy", version = "1.0.0", context = "/devicemgt_admin/policies", tags = {"devicemgt_admin"})
// Below Api is for swagger annotations
@Path("/policies") @Path("/policies")
@Api(value = "Policy", description = "Policy management related operations can be found here.") @Api(value = "Policy", description = "Policy management related operations can be found here.")
public interface Policy { public interface Policy {
@ -45,6 +49,7 @@ public interface Policy {
@ApiResponses(value = {@ApiResponse(code = 201, message = "Created the policy."), @ApiResponses(value = {@ApiResponse(code = 201, message = "Created the policy."),
@ApiResponse(code = 500, message = "Policy Management related error occurred when " + @ApiResponse(code = 500, message = "Policy Management related error occurred when " +
"adding the policy")}) "adding the policy")})
@Permission(scope = "policy-modify", permissions = {"/permission/admin/device-mgt/admin/policies/add"})
Response addPolicy(@ApiParam(name = "policyWrapper", value = "Policy details related to the operation.", Response addPolicy(@ApiParam(name = "policyWrapper", value = "Policy details related to the operation.",
required = true) PolicyWrapper policyWrapper); required = true) PolicyWrapper policyWrapper);
@ -62,6 +67,7 @@ public interface Policy {
@ApiResponses(value = {@ApiResponse(code = 201, message = "Created the policy."), @ApiResponses(value = {@ApiResponse(code = 201, message = "Created the policy."),
@ApiResponse(code = 500, message = "Policy Management related error occurred when " + @ApiResponse(code = 500, message = "Policy Management related error occurred when " +
"adding the policy")}) "adding the policy")})
@Permission(scope = "policy-modify", permissions = {"/permission/admin/device-mgt/admin/policies/add"})
Response addActivePolicy(@ApiParam(name = "policyWrapper", value = "Policy details related to the operation.", Response addActivePolicy(@ApiParam(name = "policyWrapper", value = "Policy details related to the operation.",
required = true) PolicyWrapper policyWrapper); required = true) PolicyWrapper policyWrapper);
@ -79,6 +85,7 @@ public interface Policy {
response = org.wso2.carbon.policy.mgt.common.Policy.class, responseContainer = "List"), response = org.wso2.carbon.policy.mgt.common.Policy.class, responseContainer = "List"),
@ApiResponse(code = 500, message = "Policy Management related error occurred when " + @ApiResponse(code = 500, message = "Policy Management related error occurred when " +
"fetching the policies.")}) "fetching the policies.")})
@Permission(scope = "policy-view", permissions = {"/permission/admin/device-mgt/admin/policies/list"})
Response getAllPolicies(); Response getAllPolicies();
@GET @GET
@ -94,6 +101,7 @@ public interface Policy {
@ApiResponses(value = {@ApiResponse(code = 200, message = "Fetched policy details."), @ApiResponses(value = {@ApiResponse(code = 200, message = "Fetched policy details."),
@ApiResponse(code = 500, message = "Policy Management related error occurred when " + @ApiResponse(code = 500, message = "Policy Management related error occurred when " +
"fetching the policies.")}) "fetching the policies.")})
@Permission(scope = "policy-view", permissions = {"/permission/admin/device-mgt/admin/policies/list"})
Response getPolicy(@ApiParam(name = "id", value = "Policy ID value to identify a policy uniquely.", Response getPolicy(@ApiParam(name = "id", value = "Policy ID value to identify a policy uniquely.",
required = true) @PathParam("id") int policyId); required = true) @PathParam("id") int policyId);
@ -108,6 +116,7 @@ public interface Policy {
response = int.class) response = int.class)
@ApiResponses(value = {@ApiResponse(code = 200, message = "Fetched the policy count."), @ApiResponses(value = {@ApiResponse(code = 200, message = "Fetched the policy count."),
@ApiResponse(code = 500, message = "Error while Fetching the policy count.")}) @ApiResponse(code = 500, message = "Error while Fetching the policy count.")})
@Permission(scope = "policy-view", permissions = {"/permission/admin/device-mgt/admin/policies/list"})
Response getPolicyCount(); Response getPolicyCount();
@PUT @PUT
@ -122,6 +131,7 @@ public interface Policy {
@ApiResponses(value = {@ApiResponse(code = 201, message = "Policy has been updated successfully."), @ApiResponses(value = {@ApiResponse(code = 201, message = "Policy has been updated successfully."),
@ApiResponse(code = 500, message = "Policy Management related exception in policy " + @ApiResponse(code = 500, message = "Policy Management related exception in policy " +
"update")}) "update")})
@Permission(scope = "policy-modify", permissions = {"/permission/admin/device-mgt/admin/policies/update"})
Response updatePolicy(@ApiParam(name = "policyWrapper", value = "Policy details related to the operation.", Response updatePolicy(@ApiParam(name = "policyWrapper", value = "Policy details related to the operation.",
required = true) PolicyWrapper policyWrapper, required = true) PolicyWrapper policyWrapper,
@ApiParam(name = "id", value = "Policy ID value to identify a policy uniquely.", @ApiParam(name = "id", value = "Policy ID value to identify a policy uniquely.",
@ -141,6 +151,7 @@ public interface Policy {
@ApiResponses(value = {@ApiResponse(code = 200, message = "Policy Priorities successfully updated."), @ApiResponses(value = {@ApiResponse(code = 200, message = "Policy Priorities successfully updated."),
@ApiResponse(code = 400, message = "Policy priorities did not update."), @ApiResponse(code = 400, message = "Policy priorities did not update."),
@ApiResponse(code = 500, message = "Error in updating policy priorities.")}) @ApiResponse(code = 500, message = "Error in updating policy priorities.")})
@Permission(scope = "policy-modify", permissions = {"/permission/admin/device-mgt/admin/policies/update"})
Response updatePolicyPriorities(@ApiParam(name = "priorityUpdatedPolicies", Response updatePolicyPriorities(@ApiParam(name = "priorityUpdatedPolicies",
value = "List of policy update details..", value = "List of policy update details..",
required = true) List<PriorityUpdatedPolicyWrapper> priorityUpdatedPolicies); required = true) List<PriorityUpdatedPolicyWrapper> priorityUpdatedPolicies);
@ -158,6 +169,7 @@ public interface Policy {
@ApiResponses(value = {@ApiResponse(code = 200, message = "Policies have been successfully deleted."), @ApiResponses(value = {@ApiResponse(code = 200, message = "Policies have been successfully deleted."),
@ApiResponse(code = 400, message = "Policy does not exist."), @ApiResponse(code = 400, message = "Policy does not exist."),
@ApiResponse(code = 500, message = "Error in deleting policies.")}) @ApiResponse(code = 500, message = "Error in deleting policies.")})
@Permission(scope = "policy-modify", permissions = {"/permission/admin/device-mgt/admin/policies/remove"})
Response bulkRemovePolicy(@ApiParam(name = "policyIds", value = "Policy ID list to be deleted.", Response bulkRemovePolicy(@ApiParam(name = "policyIds", value = "Policy ID list to be deleted.",
required = true) List<Integer> policyIds); required = true) List<Integer> policyIds);
@ -173,6 +185,9 @@ public interface Policy {
"in the inactive state to the active state.") "in the inactive state to the active state.")
@ApiResponses(value = {@ApiResponse(code = 200, message = "Policies have been successfully activated."), @ApiResponses(value = {@ApiResponse(code = 200, message = "Policies have been successfully activated."),
@ApiResponse(code = 500, message = "Error in activating policies.")}) @ApiResponse(code = 500, message = "Error in activating policies.")})
@Permission(scope = "policy-modify", permissions = {
"/permission/admin/device-mgt/admin/policies/update",
"/permission/admin/device-mgt/admin/policies/add"})
Response activatePolicy(@ApiParam(name = "policyIds", value = "Policy ID list to be activated.", Response activatePolicy(@ApiParam(name = "policyIds", value = "Policy ID list to be activated.",
required = true) List<Integer> policyIds); required = true) List<Integer> policyIds);
@ -188,6 +203,9 @@ public interface Policy {
"is in the active state to the inactive state.") "is in the active state to the inactive state.")
@ApiResponses(value = {@ApiResponse(code = 200, message = "Policies have been successfully deactivated."), @ApiResponses(value = {@ApiResponse(code = 200, message = "Policies have been successfully deactivated."),
@ApiResponse(code = 500, message = "Error in deactivating policies.")}) @ApiResponse(code = 500, message = "Error in deactivating policies.")})
@Permission(scope = "policy-modify", permissions = {
"/permission/admin/device-mgt/admin/policies/update",
"/permission/admin/device-mgt/admin/policies/add"})
Response inactivatePolicy(@ApiParam(name = "policyIds", value = "Policy ID list to be deactivated.", Response inactivatePolicy(@ApiParam(name = "policyIds", value = "Policy ID list to be deactivated.",
required = true) List<Integer> policyIds) throws MDMAPIException; required = true) List<Integer> policyIds) throws MDMAPIException;
@ -206,6 +224,7 @@ public interface Policy {
" you need to apply the changes to push the policy changes to the existing devices.") " you need to apply the changes to push the policy changes to the existing devices.")
@ApiResponses(value = {@ApiResponse(code = 200, message = "Changes have been successfully updated."), @ApiResponses(value = {@ApiResponse(code = 200, message = "Changes have been successfully updated."),
@ApiResponse(code = 500, message = "Error in updating policies.")}) @ApiResponse(code = 500, message = "Error in updating policies.")})
@Permission(scope = "policy-modify", permissions = {"/permission/admin/device-mgt/admin/policies/update"})
Response applyChanges(); Response applyChanges();
@GET @GET
@ -223,23 +242,28 @@ public interface Policy {
@ApiResponses(value = {@ApiResponse(code = 200, message = "Policy monitoring service started successfully."), @ApiResponses(value = {@ApiResponse(code = 200, message = "Policy monitoring service started successfully."),
@ApiResponse(code = 500, message = "Policy Management related exception when starting " + @ApiResponse(code = 500, message = "Policy Management related exception when starting " +
"monitoring service.")}) "monitoring service.")})
@Permission(scope = "policy-modify", permissions = {"/permission/admin/device-mgt/admin/policies/add"})
Response startTaskService(@ApiParam(name = "milliseconds", value = "Policy monitoring frequency in milliseconds.", Response startTaskService(@ApiParam(name = "milliseconds", value = "Policy monitoring frequency in milliseconds.",
required = true) @PathParam("milliseconds") int monitoringFrequency); required = true) @PathParam("milliseconds") int monitoringFrequency);
@GET @GET
@Path("update-task/{milliseconds}") @Path("update-task/{milliseconds}")
@Permission(scope = "policy-modify", permissions = {"/permission/admin/device-mgt/admin/policies/add"})
Response updateTaskService(@PathParam("milliseconds") int monitoringFrequency); Response updateTaskService(@PathParam("milliseconds") int monitoringFrequency);
@GET @GET
@Path("stop-task") @Path("stop-task")
@Permission(scope = "policy-modify", permissions = {"/permission/admin/device-mgt/admin/policies/add"})
Response stopTaskService(); Response stopTaskService();
@GET @GET
@Path("{type}/{id}") @Path("{type}/{id}")
@Permission(scope = "policy-view", permissions = {"/permission/admin/device-mgt/admin/policies/list"})
Response getComplianceDataOfDevice(@PathParam("type") String type, @PathParam("id") String id); Response getComplianceDataOfDevice(@PathParam("type") String type, @PathParam("id") String id);
@GET @GET
@Path("{type}/{id}/active-policy") @Path("{type}/{id}/active-policy")
@Permission(scope = "policy-view", permissions = {"/permission/admin/device-mgt/admin/policies/list"})
@ApiOperation( @ApiOperation(
consumes = MediaType.APPLICATION_JSON, consumes = MediaType.APPLICATION_JSON,
produces = MediaType.APPLICATION_JSON, produces = MediaType.APPLICATION_JSON,

@ -19,6 +19,7 @@
package org.wso2.carbon.device.mgt.jaxrs.api; package org.wso2.carbon.device.mgt.jaxrs.api;
import io.swagger.annotations.Api; import io.swagger.annotations.Api;
import org.wso2.carbon.apimgt.annotations.api.*;
import javax.ws.rs.DELETE; import javax.ws.rs.DELETE;
import javax.ws.rs.POST; import javax.ws.rs.POST;
@ -29,20 +30,26 @@ import javax.ws.rs.core.Response;
/** /**
* These end points provide profile related operations. * These end points provide profile related operations.
*/ */
@API(name = "Profile", version = "1.0.0", context = "/devicemgt_admin/profiles", tags = {"devicemgt_admin"})
// Below Api is for swagger annotations
@Api(value = "Profile") @Api(value = "Profile")
@Path("/profiles") @Path("/profiles")
@SuppressWarnings("NonJaxWsWebServices") @SuppressWarnings("NonJaxWsWebServices")
public interface Profile { public interface Profile {
@POST @POST
@Permission(scope = "profile", permissions = {"/permission/admin/device-mgt/admin/policies/add"})
Response addProfile(org.wso2.carbon.policy.mgt.common.Profile profile); Response addProfile(org.wso2.carbon.policy.mgt.common.Profile profile);
@POST @POST
@Path("{id}") @Path("{id}")
@Permission(scope = "profile", permissions = {"/permission/admin/device-mgt/admin/policies/update"})
Response updateProfile(org.wso2.carbon.policy.mgt.common.Profile profile, Response updateProfile(org.wso2.carbon.policy.mgt.common.Profile profile,
@PathParam("id") String profileId); @PathParam("id") String profileId);
@DELETE @DELETE
@Path("{id}") @Path("{id}")
@Permission(scope = "profile", permissions = {"/permission/admin/device-mgt/admin/policies/remove"})
Response deleteProfile(@PathParam("id") int profileId); Response deleteProfile(@PathParam("id") int profileId);
} }

@ -19,6 +19,7 @@
package org.wso2.carbon.device.mgt.jaxrs.api; package org.wso2.carbon.device.mgt.jaxrs.api;
import io.swagger.annotations.*; import io.swagger.annotations.*;
import org.wso2.carbon.apimgt.annotations.api.*;
import org.wso2.carbon.device.mgt.jaxrs.beans.RoleWrapper; import org.wso2.carbon.device.mgt.jaxrs.beans.RoleWrapper;
import org.wso2.carbon.user.mgt.common.UIPermissionNode; import org.wso2.carbon.user.mgt.common.UIPermissionNode;
@ -27,6 +28,9 @@ import javax.ws.rs.core.MediaType;
import javax.ws.rs.core.Response; import javax.ws.rs.core.Response;
import java.util.List; import java.util.List;
@API(name = "Role", version = "1.0.0", context = "/devicemgt_admin/roles", tags = {"devicemgt_admin"})
// Below Api is for swagger annotations
@Path("/roles") @Path("/roles")
@Api(value = "Role", description = "Role management related operations can be found here.") @Api(value = "Role", description = "Role management related operations can be found here.")
public interface Role { public interface Role {
@ -43,6 +47,11 @@ public interface Role {
response = String.class) response = String.class)
@ApiResponses(value = { @ApiResponse(code = 200, message = "List of available roles"), @ApiResponses(value = { @ApiResponse(code = 200, message = "List of available roles"),
@ApiResponse(code = 500, message = "Error occurred while fetching the role list.") }) @ApiResponse(code = 500, message = "Error occurred while fetching the role list.") })
@Permission(scope = "roles-view", permissions = {
"/permission/admin/device-mgt/admin/roles/list",
"/permission/admin/device-mgt/admin/users/view",
"/permission/admin/device-mgt/admin/policies/add",
"/permission/admin/device-mgt/admin/policies/update"})
Response getAllRoles(); Response getAllRoles();
@GET @GET
@ -58,6 +67,9 @@ public interface Role {
response = String.class) response = String.class)
@ApiResponses(value = { @ApiResponse(code = 200, message = "List of available roles"), @ApiResponses(value = { @ApiResponse(code = 200, message = "List of available roles"),
@ApiResponse(code = 500, message = "Error occurred while fetching the role list.") }) @ApiResponse(code = 500, message = "Error occurred while fetching the role list.") })
@Permission(scope = "roles-view", permissions = {
"/permission/admin/device-mgt/admin/users/add",
"/permission/admin/device-mgt/admin/roles/list"})
Response getRolesOfUserStore(@ApiParam(name = "userStore", value = "Provide the name of the UserStore you wish to get the" + Response getRolesOfUserStore(@ApiParam(name = "userStore", value = "Provide the name of the UserStore you wish to get the" +
" details from ", " details from ",
required = true) @PathParam("userStore") String userStore); required = true) @PathParam("userStore") String userStore);
@ -79,6 +91,9 @@ public interface Role {
@ApiResponses(value = { @ApiResponse(code = 200, message = "List of matching roles"), @ApiResponses(value = { @ApiResponse(code = 200, message = "List of matching roles"),
@ApiResponse(code = 500, message = "Error occurred while fetching the matching role list" + @ApiResponse(code = 500, message = "Error occurred while fetching the matching role list" +
".") }) ".") })
@Permission(scope = "roles-view", permissions = {
"/permission/admin/device-mgt/admin/users/add",
"/permission/admin/device-mgt/admin/roles/list"})
Response getMatchingRoles(@ApiParam(name = "filter", value = "Provide a character or a few characters in the" + Response getMatchingRoles(@ApiParam(name = "filter", value = "Provide a character or a few characters in the" +
" role name.", " role name.",
required = true) @QueryParam("filter") String filter); required = true) @QueryParam("filter") String filter);
@ -99,6 +114,7 @@ public interface Role {
@ApiResponses(value = { @ApiResponse(code = 200, message = "Permission details of a role"), @ApiResponses(value = { @ApiResponse(code = 200, message = "Permission details of a role"),
@ApiResponse(code = 500, message = "Error occurred while fetching the permission " + @ApiResponse(code = 500, message = "Error occurred while fetching the permission " +
"details of a role.") }) "details of a role.") })
@Permission(scope = "roles-view", permissions = {"/permission/admin/device-mgt/admin/roles/list"})
Response getPermissions(@ApiParam(name = "rolename", value = "Provide the name of the role you wish to get the " + Response getPermissions(@ApiParam(name = "rolename", value = "Provide the name of the role you wish to get the " +
"permission details.", "permission details.",
required = true) @QueryParam("rolename") String roleName); required = true) @QueryParam("rolename") String roleName);
@ -115,6 +131,7 @@ public interface Role {
response = RoleWrapper.class) response = RoleWrapper.class)
@ApiResponses(value = { @ApiResponse(code = 200, message = "Details of a role."), @ApiResponses(value = { @ApiResponse(code = 200, message = "Details of a role."),
@ApiResponse(code = 500, message = "Error occurred while retrieving the user role.") }) @ApiResponse(code = 500, message = "Error occurred while retrieving the user role.") })
@Permission(scope = "roles-view", permissions = {"/permission/admin/device-mgt/admin/roles/list"})
Response getRole(@ApiParam(name = "rolename", value = "Provide the name of the role you wish to get the " + Response getRole(@ApiParam(name = "rolename", value = "Provide the name of the role you wish to get the " +
"details.", "details.",
required = true) @QueryParam("rolename") String roleName); required = true) @QueryParam("rolename") String roleName);
@ -129,6 +146,7 @@ public interface Role {
notes = "You are able to add a new role to WSO2 EMM using the REST API.") notes = "You are able to add a new role to WSO2 EMM using the REST API.")
@ApiResponses(value = { @ApiResponse(code = 200, message = "Added the role."), @ApiResponses(value = { @ApiResponse(code = 200, message = "Added the role."),
@ApiResponse(code = 500, message = "Error occurred while adding the user role.") }) @ApiResponse(code = 500, message = "Error occurred while adding the user role.") })
@Permission(scope = "roles-modify", permissions = {"/permission/admin/device-mgt/admin/roles/add"})
Response addRole(@ApiParam(name = "roleWrapper", value = "Role and permission details.", Response addRole(@ApiParam(name = "roleWrapper", value = "Role and permission details.",
required = true) RoleWrapper roleWrapper); required = true) RoleWrapper roleWrapper);
@ -144,6 +162,7 @@ public interface Role {
@ApiResponses(value = { @ApiResponse(code = 200, message = "Updated the role."), @ApiResponses(value = { @ApiResponse(code = 200, message = "Updated the role."),
@ApiResponse(code = 500, message = "Error occurred while updating the user role details" + @ApiResponse(code = 500, message = "Error occurred while updating the user role details" +
".") }) ".") })
@Permission(scope = "roles-modify", permissions = {"/permission/admin/device-mgt/admin/roles/update"})
Response updateRole(@ApiParam(name = "rolename", value = "Provide the name of the role you wish to update.", Response updateRole(@ApiParam(name = "rolename", value = "Provide the name of the role you wish to update.",
required = true) @QueryParam("rolename") String roleName, required = true) @QueryParam("rolename") String roleName,
@ApiParam(name = "roleWrapper", value = "Role and permission details.", @ApiParam(name = "roleWrapper", value = "Role and permission details.",
@ -161,6 +180,7 @@ public interface Role {
@ApiResponses(value = { @ApiResponse(code = 200, message = "Deleted the role."), @ApiResponses(value = { @ApiResponse(code = 200, message = "Deleted the role."),
@ApiResponse(code = 500, message = "Error occurred while deleting the user role details" + @ApiResponse(code = 500, message = "Error occurred while deleting the user role details" +
".") }) ".") })
@Permission(scope = "roles-modify", permissions = {"/permission/admin/device-mgt/admin/roles/remove"})
Response deleteRole(@ApiParam(name = "rolename", value = "Provide the name of the role you wish to delete.", Response deleteRole(@ApiParam(name = "rolename", value = "Provide the name of the role you wish to delete.",
required = true) @QueryParam("rolename") String roleName); required = true) @QueryParam("rolename") String roleName);
@ -180,6 +200,7 @@ public interface Role {
"role using this API.") "role using this API.")
@ApiResponses(value = { @ApiResponse(code = 200, message = "Added Users to a Role."), @ApiResponses(value = { @ApiResponse(code = 200, message = "Added Users to a Role."),
@ApiResponse(code = 500, message = "Error occurred while saving the users of the role.") }) @ApiResponse(code = 500, message = "Error occurred while saving the users of the role.") })
@Permission(scope = "roles-modify", permissions = {"/permission/admin/device-mgt/admin/roles/update"})
Response updateUsers(@ApiParam(name = "rolename", value = "Provide the name of the role you wish to update.", Response updateUsers(@ApiParam(name = "rolename", value = "Provide the name of the role you wish to update.",
required = true) @QueryParam("rolename") String roleName, required = true) @QueryParam("rolename") String roleName,
@ApiParam(name = "userList", value = "Provide the names of the users you will to update.", @ApiParam(name = "userList", value = "Provide the names of the users you will to update.",
@ -196,6 +217,7 @@ public interface Role {
notes = "Get the number of roles in WSO2 EMM.") notes = "Get the number of roles in WSO2 EMM.")
@ApiResponses(value = { @ApiResponse(code = 200, message = "Retrieved the role count."), @ApiResponses(value = { @ApiResponse(code = 200, message = "Retrieved the role count."),
@ApiResponse(code = 500, message = "Error occurred while retrieving the role count.") }) @ApiResponse(code = 500, message = "Error occurred while retrieving the role count.") })
@Permission(scope = "roles-modify", permissions = {"/permission/admin/device-mgt/admin/roles/list"})
Response getRoleCount(); Response getRoleCount();
} }

@ -20,6 +20,7 @@ package org.wso2.carbon.device.mgt.jaxrs.api;
import io.swagger.annotations.*; import io.swagger.annotations.*;
import org.apache.axis2.databinding.types.soapencoding.Integer; import org.apache.axis2.databinding.types.soapencoding.Integer;
import org.wso2.carbon.apimgt.annotations.api.*;
import org.wso2.carbon.device.mgt.jaxrs.beans.UserCredentialWrapper; import org.wso2.carbon.device.mgt.jaxrs.beans.UserCredentialWrapper;
import org.wso2.carbon.device.mgt.jaxrs.beans.UserWrapper; import org.wso2.carbon.device.mgt.jaxrs.beans.UserWrapper;
@ -31,6 +32,9 @@ import java.util.List;
/** /**
* This represents the JAX-RS services of User related functionality. * This represents the JAX-RS services of User related functionality.
*/ */
@API(name = "User", version = "1.0.0", context = "/devicemgt_admin/users", tags = {"devicemgt_admin"})
// Below Api is for swagger annotations
@Path("/users") @Path("/users")
@Api(value = "User", description = "User management related operations can be found here.") @Api(value = "User", description = "User management related operations can be found here.")
public interface User { public interface User {
@ -48,6 +52,7 @@ public interface User {
@ApiResponse(code = 201, message = "Created"), @ApiResponse(code = 201, message = "Created"),
@ApiResponse(code = 500, message = "Exception in trying to add user by username: 'username'") @ApiResponse(code = 500, message = "Exception in trying to add user by username: 'username'")
}) })
@Permission(scope = "user-modify", permissions = {"/permission/admin/device-mgt/admin/user/add"})
Response addUser(@ApiParam(name = "userWrapper", value = "Includes the required properties to add a user" Response addUser(@ApiParam(name = "userWrapper", value = "Includes the required properties to add a user"
+ " as the <JSON_PAYLOAD> value", required = true) UserWrapper userWrapper); + " as the <JSON_PAYLOAD> value", required = true) UserWrapper userWrapper);
@ -66,6 +71,7 @@ public interface User {
@ApiResponse(code = 400, message = "User by username: 'username' does not exist"), @ApiResponse(code = 400, message = "User by username: 'username' does not exist"),
@ApiResponse(code = 500, message = "Exception in trying to retrieve user by username: 'username'") @ApiResponse(code = 500, message = "Exception in trying to retrieve user by username: 'username'")
}) })
@Permission(scope = "user-view", permissions = {"/permission/admin/device-mgt/admin/user/view"})
Response getUser(@ApiParam(name = "username", value = "Provide the name of the user you wish to get the" Response getUser(@ApiParam(name = "username", value = "Provide the name of the user you wish to get the"
+ " details of as the value", required = true) + " details of as the value", required = true)
@QueryParam("username") String username); @QueryParam("username") String username);
@ -86,6 +92,7 @@ public interface User {
+ "request made to update user was refused"), + "request made to update user was refused"),
@ApiResponse(code = 500, message = "Exception in trying to update user by username: 'username'") @ApiResponse(code = 500, message = "Exception in trying to update user by username: 'username'")
}) })
@Permission(scope = "user-modify", permissions = {"/permission/admin/device-mgt/admin/user/update"})
Response updateUser(@ApiParam(name = "userWrapper", value = "Provide the name of the user you wish to get" Response updateUser(@ApiParam(name = "userWrapper", value = "Provide the name of the user you wish to get"
+ " the details of as the value", required = true) UserWrapper userWrapper, + " the details of as the value", required = true) UserWrapper userWrapper,
@ApiParam(name = "username", value = "Provide the name of the user you wish to get " @ApiParam(name = "username", value = "Provide the name of the user you wish to get "
@ -106,6 +113,7 @@ public interface User {
@ApiResponse(code = 400, message = "User by username: 'username' does not exist for removal"), @ApiResponse(code = 400, message = "User by username: 'username' does not exist for removal"),
@ApiResponse(code = 500, message = "Exception in trying to remove user by username: 'username'") @ApiResponse(code = 500, message = "Exception in trying to remove user by username: 'username'")
}) })
@Permission(scope = "user-modify", permissions = {"/permission/admin/device-mgt/admin/user/remove"})
Response removeUser(@ApiParam(name = "username", value = "Provide the name of the user you wish to delete" Response removeUser(@ApiParam(name = "username", value = "Provide the name of the user you wish to delete"
+ " as the value for {username}", required = true) + " as the value for {username}", required = true)
@QueryParam("username") String username); @QueryParam("username") String username);
@ -126,6 +134,7 @@ public interface User {
@ApiResponse(code = 400, message = "User by username: 'username' does not exist for role retrieval"), @ApiResponse(code = 400, message = "User by username: 'username' does not exist for role retrieval"),
@ApiResponse(code = 500, message = "Exception in trying to retrieve roles for user by username: 'username'") @ApiResponse(code = 500, message = "Exception in trying to retrieve roles for user by username: 'username'")
}) })
@Permission(scope = "user-view", permissions = {"/permission/admin/device-mgt/admin/user/view"})
Response getRolesOfUser(@ApiParam(name = "username", value = "Provide the user name of the user you wish to get" Response getRolesOfUser(@ApiParam(name = "username", value = "Provide the user name of the user you wish to get"
+ " the role details", required = true) @QueryParam("username") String username); + " the role details", required = true) @QueryParam("username") String username);
@ -143,11 +152,13 @@ public interface User {
@ApiResponse(code = 201, message = "All users were successfully retrieved"), @ApiResponse(code = 201, message = "All users were successfully retrieved"),
@ApiResponse(code = 500, message = "Error occurred while retrieving the list of users") @ApiResponse(code = 500, message = "Error occurred while retrieving the list of users")
}) })
@Permission(scope = "user-view", permissions = {"/permission/admin/device-mgt/admin/user/list"})
Response getAllUsers(); Response getAllUsers();
@GET @GET
@Path("{filter}") @Path("{filter}")
@Produces({MediaType.APPLICATION_JSON}) @Produces({MediaType.APPLICATION_JSON})
@Permission(scope = "user-view", permissions = {"/permission/admin/device-mgt/admin/user/list"})
Response getMatchingUsers(@PathParam("filter") String filter); Response getMatchingUsers(@PathParam("filter") String filter);
@GET @GET
@ -167,6 +178,7 @@ public interface User {
+ " user count: 'count'"), + " user count: 'count'"),
@ApiResponse(code = 500, message = "Error occurred while retrieving the list of users") @ApiResponse(code = 500, message = "Error occurred while retrieving the list of users")
}) })
@Permission(scope = "user-view", permissions = {"/permission/admin/device-mgt/admin/user/list"})
Response getAllUsersByUsername(@ApiParam(name = "username", value = "Provide any user detail of the user" Response getAllUsersByUsername(@ApiParam(name = "username", value = "Provide any user detail of the user"
+ " as the value for {username} to retrieve the user details, such " + " as the value for {username} to retrieve the user details, such "
+ "as email address, first name or last name", required = true) + "as email address, first name or last name", required = true)
@ -190,6 +202,7 @@ public interface User {
+ " user count: 'count'"), + " user count: 'count'"),
@ApiResponse(code = 500, message = "Error occurred while retrieving the list of users") @ApiResponse(code = 500, message = "Error occurred while retrieving the list of users")
}) })
@Permission(scope = "user-view", permissions = {"/permission/admin/device-mgt/admin/user/list"})
Response getAllUserNamesByUsername(@ApiParam(name = "username", value = "Provide a character or a few " Response getAllUserNamesByUsername(@ApiParam(name = "username", value = "Provide a character or a few "
+ "character in the user name as the value for {username}", + "character in the user name as the value for {username}",
required = true) @QueryParam("username") String userName); required = true) @QueryParam("username") String userName);
@ -207,6 +220,7 @@ public interface User {
@ApiResponse(code = 200, message = "Email invitation was successfully sent to user"), @ApiResponse(code = 200, message = "Email invitation was successfully sent to user"),
@ApiResponse(code = 500, message = "Error occurred while retrieving the list of users") @ApiResponse(code = 500, message = "Error occurred while retrieving the list of users")
}) })
@Permission(scope = "user-modify", permissions = {"/permission/admin/device-mgt/admin/users/invite"})
Response inviteExistingUsersToEnrollDevice(@ApiParam(name = "usernames", value = "List of the users to be" Response inviteExistingUsersToEnrollDevice(@ApiParam(name = "usernames", value = "List of the users to be"
+ " invited as the <JSON_PAYLOAD>", required = true) + " invited as the <JSON_PAYLOAD>", required = true)
List<String> usernames); List<String> usernames);
@ -226,6 +240,9 @@ public interface User {
@ApiResponse(code = 200, message = "OK"), @ApiResponse(code = 200, message = "OK"),
@ApiResponse(code = 500, message = "Device management error") @ApiResponse(code = 500, message = "Device management error")
}) })
@Permission(scope = "user-view", permissions = {
"/permission/admin/device-mgt/user/devices/list",
"/permission/admin/device-mgt/admin/devices/list"})
Response getAllDeviceOfUser(@ApiParam(name = "username", value = "Provide the name of the user you wish " Response getAllDeviceOfUser(@ApiParam(name = "username", value = "Provide the name of the user you wish "
+ "to get the details", required = true) @QueryParam("username") + "to get the details", required = true) @QueryParam("username")
String username, String username,
@ -247,11 +264,13 @@ public interface User {
@ApiResponse(code = 500, message = "Error occurred while retrieving the list of users that exist" @ApiResponse(code = 500, message = "Error occurred while retrieving the list of users that exist"
+ " within the current tenant") + " within the current tenant")
}) })
@Permission(scope = "user-view", permissions = {"/permission/admin/device-mgt/admin/user/list"})
Response getUserCount(); Response getUserCount();
@PUT @PUT
@Path("{roleName}/users") @Path("{roleName}/users")
@Produces({MediaType.APPLICATION_JSON}) @Produces({MediaType.APPLICATION_JSON})
@Permission(scope = "user-modify", permissions = {"/permission/admin/device-mgt/admin/user/update"})
Response updateRoles(@PathParam("roleName") String roleName, List<String> userList); Response updateRoles(@PathParam("roleName") String roleName, List<String> userList);
@POST @POST
@ -272,6 +291,7 @@ public interface User {
+ " Character Encoding is not supported"), + " Character Encoding is not supported"),
@ApiResponse(code = 500, message = "Internal Server Error") @ApiResponse(code = 500, message = "Internal Server Error")
}) })
@Permission(scope = "user-modify", permissions = {"/permission/admin/login"})
Response resetPassword(@ApiParam(name = "credentials", value = "Include the required properties to change" Response resetPassword(@ApiParam(name = "credentials", value = "Include the required properties to change"
+ " the user password as <JSON_PAYLOAD> value", required = true) + " the user password as <JSON_PAYLOAD> value", required = true)
UserCredentialWrapper credentials); UserCredentialWrapper credentials);
@ -297,6 +317,7 @@ public interface User {
+ " Character Encoding is not supported"), + " Character Encoding is not supported"),
@ApiResponse(code = 500, message = "Internal Server Error") @ApiResponse(code = 500, message = "Internal Server Error")
}) })
@Permission(scope = "user-modify", permissions = {"/permission/admin/device-mgt/admin/users/password-reset"})
Response resetPasswordByAdmin(@ApiParam(name = "credentials", value = "Include the required properties " Response resetPasswordByAdmin(@ApiParam(name = "credentials", value = "Include the required properties "
+ "to change a user password as <JSON_PAYLOAD> value", + "to change a user password as <JSON_PAYLOAD> value",
required = true) UserCredentialWrapper credentials); required = true) UserCredentialWrapper credentials);

@ -174,25 +174,6 @@ public class GroupImpl implements Group {
} }
} }
@Override
@Path("/user/{user}/all")
@GET
@Produces("application/json")
public Response getGroups(@PathParam("user") String userName) {
try {
List<DeviceGroup> deviceGroups = DeviceMgtAPIUtils.getGroupManagementProviderService()
.getGroups(userName);
if (deviceGroups.size() > 0) {
return Response.status(Response.Status.OK).entity(deviceGroups).build();
} else {
return Response.status(Response.Status.NOT_FOUND).build();
}
} catch (GroupManagementException e) {
log.error(e.getMessage(), e);
return Response.status(Response.Status.INTERNAL_SERVER_ERROR).entity(e.getMessage()).build();
}
}
@Override @Override
@Path("/owner/{owner}/name/{groupName}") @Path("/owner/{owner}/name/{groupName}")
@GET @GET

@ -943,13 +943,13 @@
</Permission> </Permission>
<Permission> <Permission>
<name>get certificate in the database</name> <name>get certificate in the database</name>
<path>/device-mgt/android/certificate/Get</path> <path>/device-mgt/android/certificate/view</path>
<url>/certificates/*</url> <url>/certificates/*</url>
<method>GET</method> <method>GET</method>
</Permission> </Permission>
<Permission> <Permission>
<name>get certificate in the database</name> <name>Remove certificate in the database</name>
<path>/device-mgt/android/certificate/Get</path> <path>/device-mgt/android/certificate/remove</path>
<url>/certificates/*</url> <url>/certificates/*</url>
<method>DELETE</method> <method>DELETE</method>
</Permission> </Permission>
@ -986,7 +986,7 @@
<Permission> <Permission>
<name>Group Delete</name> <name>Group Delete</name>
<path>/device-mgt/user/groups/delete</path> <path>/device-mgt/user/groups/remove</path>
<url>/groups/owner/*/name/*</url> <url>/groups/owner/*/name/*</url>
<method>DELETE</method> <method>DELETE</method>
</Permission> </Permission>
@ -1091,7 +1091,7 @@
<Permission> <Permission>
<name>Group Delete Permissions</name> <name>Group Delete Permissions</name>
<path>/device-mgt/admin/groups/roles/permissions/delete</path> <path>/device-mgt/admin/groups/roles/permissions/remove</path>
<url>/groups/owner/*/name/*/share/roles/*/permissions</url> <url>/groups/owner/*/name/*/share/roles/*/permissions</url>
<method>DELETE</method> <method>DELETE</method>
</Permission> </Permission>

@ -70,6 +70,16 @@
<param-value>true</param-value> <param-value>true</param-value>
</context-param--> </context-param-->
<!--publish to apim-->
<context-param>
<param-name>managed-api-enabled</param-name>
<param-value>true</param-value>
</context-param>
<context-param>
<param-name>managed-api-owner</param-name>
<param-value>admin</param-value>
</context-param>
<!-- Below configuration is used to redirect http requests to https --> <!-- Below configuration is used to redirect http requests to https -->
<security-constraint> <security-constraint>
<web-resource-collection> <web-resource-collection>

@ -28,9 +28,6 @@ public final class DeviceManagementConstants {
public static final String PROPERTY_SETUP = "setup"; public static final String PROPERTY_SETUP = "setup";
public static final String DEFAULT_LICENSE_CONFIG_XML_NAME = "license-config.xml"; public static final String DEFAULT_LICENSE_CONFIG_XML_NAME = "license-config.xml";
public static final String PROPERTY_PROFILE = "profile";
public static final String PROFILE_DT_WORKER = "dtWorker";
public static final String PROFILE_DEFAULT = "default";
} }
public static final class AppManagement { public static final class AppManagement {

@ -47,7 +47,7 @@ import java.util.Map;
*/ */
public class DeviceAccessAuthorizationServiceImpl implements DeviceAccessAuthorizationService { public class DeviceAccessAuthorizationServiceImpl implements DeviceAccessAuthorizationService {
private final static String EMM_ADMIN_PERMISSION = "/device-mgt/admin-device-access"; private final static String CDM_ADMIN_PERMISSION = "/device-mgt/admin";
private static Log log = LogFactory.getLog(DeviceAccessAuthorizationServiceImpl.class); private static Log log = LogFactory.getLog(DeviceAccessAuthorizationServiceImpl.class);
public DeviceAccessAuthorizationServiceImpl() { public DeviceAccessAuthorizationServiceImpl() {
@ -221,7 +221,7 @@ public class DeviceAccessAuthorizationServiceImpl implements DeviceAccessAuthori
if (userRealm != null && userRealm.getAuthorizationManager() != null) { if (userRealm != null && userRealm.getAuthorizationManager() != null) {
return userRealm.getAuthorizationManager() return userRealm.getAuthorizationManager()
.isUserAuthorized(removeTenantDomain(username), .isUserAuthorized(removeTenantDomain(username),
PermissionUtils.getAbsolutePermissionPath(EMM_ADMIN_PERMISSION), PermissionUtils.getAbsolutePermissionPath(CDM_ADMIN_PERMISSION),
PermissionMethod.UI_EXECUTE); PermissionMethod.UI_EXECUTE);
} }
return false; return false;
@ -249,7 +249,7 @@ public class DeviceAccessAuthorizationServiceImpl implements DeviceAccessAuthori
private boolean addAdminPermissionToRegistry() throws PermissionManagementException { private boolean addAdminPermissionToRegistry() throws PermissionManagementException {
Permission permission = new Permission(); Permission permission = new Permission();
permission.setPath(PermissionUtils.getAbsolutePermissionPath(EMM_ADMIN_PERMISSION)); permission.setPath(PermissionUtils.getAbsolutePermissionPath(CDM_ADMIN_PERMISSION));
return PermissionUtils.putPermission(permission); return PermissionUtils.putPermission(permission);
} }

@ -17,7 +17,6 @@
*/ */
package org.wso2.carbon.device.mgt.core.config; package org.wso2.carbon.device.mgt.core.config;
import org.wso2.carbon.device.mgt.core.config.deviceType.DTConfiguration;
import org.wso2.carbon.device.mgt.core.config.identity.IdentityConfigurations; import org.wso2.carbon.device.mgt.core.config.identity.IdentityConfigurations;
import org.wso2.carbon.device.mgt.core.config.policy.PolicyConfiguration; import org.wso2.carbon.device.mgt.core.config.policy.PolicyConfiguration;
import org.wso2.carbon.device.mgt.core.config.task.TaskConfiguration; import org.wso2.carbon.device.mgt.core.config.task.TaskConfiguration;
@ -39,7 +38,7 @@ public final class DeviceManagementConfig {
private IdentityConfigurations identityConfigurations; private IdentityConfigurations identityConfigurations;
private PolicyConfiguration policyConfiguration; private PolicyConfiguration policyConfiguration;
private List<String> pushNotificationProviders; private List<String> pushNotificationProviders;
private DTConfiguration dTDepyloymentConfiguration;
@XmlElement(name = "ManagementRepository", required = true) @XmlElement(name = "ManagementRepository", required = true)
public DeviceManagementConfigRepository getDeviceManagementConfigRepository() { public DeviceManagementConfigRepository getDeviceManagementConfigRepository() {
@ -78,16 +77,6 @@ public final class DeviceManagementConfig {
this.taskConfiguration = taskConfiguration; this.taskConfiguration = taskConfiguration;
} }
@XmlElement(name = "DTDeploymentConfiguration", required = true)
public DTConfiguration getDTDeploymentConfiguration() {
return dTDepyloymentConfiguration;
}
public void setDTDeploymentConfiguration(DTConfiguration dTDeploymentConfiguration) {
this.dTDepyloymentConfiguration = dTDeploymentConfiguration;
}
@XmlElementWrapper(name = "PushNotificationProviders", required = true) @XmlElementWrapper(name = "PushNotificationProviders", required = true)
@XmlElement(name = "Provider", required = true) @XmlElement(name = "Provider", required = true)
public List<String> getPushNotificationProviders() { public List<String> getPushNotificationProviders() {

@ -1,53 +0,0 @@
/*
* Copyright (c) 2016, WSO2 Inc. (http://www.wso2.org) All Rights Reserved.
*
* WSO2 Inc. licenses this file to you under the Apache License,
* Version 2.0 (the "License"); you may not use this file except
* in compliance with the License.
* You may obtain a copy of the License at
*
* http://www.apache.org/licenses/LICENSE-2.0
*
* Unless required by applicable law or agreed to in writing,
* software distributed under the License is distributed on an
* "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
* KIND, either express or implied. See the License for the
* specific language governing permissions and limitations
* under the License.
*/
/**
* This class will read the configurations related to task. This task will be responsible for adding the operations.
*/
package org.wso2.carbon.device.mgt.core.config.deviceType;
import javax.xml.bind.annotation.XmlElement;
import javax.xml.bind.annotation.XmlRootElement;
@XmlRootElement(name = "DTDepyloymentConfiguration")
public class DTConfiguration {
private String dtHostAddress;
private String dtHostPort;
@XmlElement(name = "DTHostAddress", required = true)
public String getDtHostAddress() {
return dtHostAddress;
}
public void setDtHostAddress(String dtHostAddress) {
this.dtHostAddress = dtHostAddress;
}
@XmlElement(name = "DTHostPort", required = true)
public String getDtHostPort() {
return dtHostPort;
}
public void setDtHostPort(String dtHostPort) {
this.dtHostPort = dtHostPort;
}
}

@ -24,7 +24,6 @@ import org.apache.catalina.core.StandardContext;
import org.apache.commons.logging.Log; import org.apache.commons.logging.Log;
import org.apache.commons.logging.LogFactory; import org.apache.commons.logging.LogFactory;
import org.wso2.carbon.device.mgt.common.Feature; import org.wso2.carbon.device.mgt.common.Feature;
import org.wso2.carbon.device.mgt.core.DeviceManagementConstants;
import org.wso2.carbon.device.mgt.extensions.feature.mgt.GenericFeatureManager; import org.wso2.carbon.device.mgt.extensions.feature.mgt.GenericFeatureManager;
import org.wso2.carbon.device.mgt.extensions.feature.mgt.annotations.DeviceType; import org.wso2.carbon.device.mgt.extensions.feature.mgt.annotations.DeviceType;
import org.wso2.carbon.device.mgt.extensions.feature.mgt.util.AnnotationProcessor; import org.wso2.carbon.device.mgt.extensions.feature.mgt.util.AnnotationProcessor;
@ -44,6 +43,9 @@ public class FeatureManagementLifecycleListener implements LifecycleListener {
private static final Log log = LogFactory.getLog(FeatureManagementLifecycleListener.class); private static final Log log = LogFactory.getLog(FeatureManagementLifecycleListener.class);
private static final String UNLIMITED = "Unlimited"; private static final String UNLIMITED = "Unlimited";
public static final String PROPERTY_PROFILE = "profile";
public static final String PROFILE_DT_WORKER = "dtWorker";
public static final String PROFILE_DEFAULT = "default";
@Override @Override
public void lifecycleEvent(LifecycleEvent lifecycleEvent) { public void lifecycleEvent(LifecycleEvent lifecycleEvent) {
@ -53,10 +55,10 @@ public class FeatureManagementLifecycleListener implements LifecycleListener {
String param = servletContext.getInitParameter(PARAM_MANAGED_API_ENABLED); String param = servletContext.getInitParameter(PARAM_MANAGED_API_ENABLED);
boolean isManagedApi = (param != null && !param.isEmpty()) && Boolean.parseBoolean(param); boolean isManagedApi = (param != null && !param.isEmpty()) && Boolean.parseBoolean(param);
String profile = System.getProperty(DeviceManagementConstants.Common.PROPERTY_PROFILE); String profile = System.getProperty(PROPERTY_PROFILE);
if ((profile.equalsIgnoreCase(DeviceManagementConstants.Common.PROFILE_DT_WORKER) || if ((profile.equalsIgnoreCase(PROFILE_DT_WORKER) ||
profile.equalsIgnoreCase(DeviceManagementConstants.Common.PROFILE_DEFAULT)) && isManagedApi) { profile.equalsIgnoreCase(PROFILE_DEFAULT)) && isManagedApi) {
try { try {
AnnotationProcessor annotationProcessor = new AnnotationProcessor(context); AnnotationProcessor annotationProcessor = new AnnotationProcessor(context);
Set<String> annotatedAPIClasses = annotationProcessor.scanStandardContext(DeviceType.class.getName()); Set<String> annotatedAPIClasses = annotationProcessor.scanStandardContext(DeviceType.class.getName());

@ -52,7 +52,7 @@ public class EmailSenderServiceComponent {
if (log.isDebugEnabled()) { if (log.isDebugEnabled()) {
log.debug("Initializing email sender core bundle"); log.debug("Initializing email sender core bundle");
} }
/* Initializing email sende configuration */ /* Initializing email sender configuration */
EmailSenderConfig.init(); EmailSenderConfig.init();
/* Setting up default email templates */ /* Setting up default email templates */

@ -113,7 +113,12 @@
org.wso2.carbon.user.core, org.wso2.carbon.user.core,
org.wso2.carbon.user.core.config, org.wso2.carbon.user.core.config,
org.wso2.carbon.user.core.util, org.wso2.carbon.user.core.util,
org.wso2.carbon.utils org.wso2.carbon.utils,
org.wso2.carbon.context,
org.wso2.carbon.identity.oauth.cache,
org.wso2.carbon.identity.oauth.config,
org.wso2.carbon.identity.oauth2.dao,
org.wso2.carbon.utils.multitenancy
</Import-Package> </Import-Package>
</instructions> </instructions>
</configuration> </configuration>

@ -47,6 +47,7 @@ public class OAuthExtUtils {
private static final String DEFAULT_SCOPE_NAME = "default"; private static final String DEFAULT_SCOPE_NAME = "default";
private static final String UI_EXECUTE = "ui.execute"; private static final String UI_EXECUTE = "ui.execute";
private static final String REST_API_SCOPE_CACHE = "REST_API_SCOPE_CACHE"; private static final String REST_API_SCOPE_CACHE = "REST_API_SCOPE_CACHE";
private static final int START_INDEX = 0;
/** /**
* This method is used to get the tenant id when given tenant domain. * This method is used to get the tenant id when given tenant domain.
@ -260,4 +261,12 @@ public class OAuthExtUtils {
return authorizedScopes; return authorizedScopes;
} }
public static String extractUserName(String username) {
if (username == null || username.isEmpty()) {
return null;
}
String trimmedName = username.trim();
return trimmedName.substring(START_INDEX, trimmedName.lastIndexOf('@'));
}
} }

@ -0,0 +1,200 @@
/*
* Copyright (c) 2016, WSO2 Inc. (http://www.wso2.org) All Rights Reserved.
*
* WSO2 Inc. licenses this file to you under the Apache License,
* Version 2.0 (the "License"); you may not use this file except
* in compliance with the License.
* You may obtain a copy of the License at
*
* http://www.apache.org/licenses/LICENSE-2.0
*
* Unless required by applicable law or agreed to in writing,
* software distributed under the License is distributed on an
* "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
* KIND, either express or implied. See the License for the
* specific language governing permissions and limitations
* under the License.
*/
package org.wso2.carbon.device.mgt.oauth.extensions.validators;
import org.apache.commons.logging.Log;
import org.apache.commons.logging.LogFactory;
import org.wso2.carbon.base.MultitenantConstants;
import org.wso2.carbon.context.PrivilegedCarbonContext;
import org.wso2.carbon.device.mgt.oauth.extensions.internal.OAuthExtensionsDataHolder;
import org.wso2.carbon.identity.application.common.model.User;
import org.wso2.carbon.identity.core.util.IdentityTenantUtil;
import org.wso2.carbon.identity.oauth.cache.CacheEntry;
import org.wso2.carbon.identity.oauth.cache.OAuthCache;
import org.wso2.carbon.identity.oauth.cache.OAuthCacheKey;
import org.wso2.carbon.identity.oauth.config.OAuthServerConfiguration;
import org.wso2.carbon.identity.oauth2.IdentityOAuth2Exception;
import org.wso2.carbon.identity.oauth2.dao.TokenMgtDAO;
import org.wso2.carbon.identity.oauth2.model.AccessTokenDO;
import org.wso2.carbon.identity.oauth2.model.ResourceScopeCacheEntry;
import org.wso2.carbon.identity.oauth2.validators.OAuth2ScopeValidator;
import org.wso2.carbon.user.api.AuthorizationManager;
import org.wso2.carbon.user.api.UserStoreException;
import org.wso2.carbon.user.core.service.RealmService;
import org.wso2.carbon.utils.multitenancy.MultitenantUtils;
import java.util.ArrayList;
import java.util.Arrays;
import java.util.List;
import java.util.Set;
@SuppressWarnings("unused")
public class ExtendedJDBCScopeValidator extends OAuth2ScopeValidator{
private static final Log log = LogFactory.getLog(ExtendedJDBCScopeValidator.class);
private static final String UI_EXECUTE = "ui.execute";
@Override
public boolean validateScope(AccessTokenDO accessTokenDO, String resource) throws IdentityOAuth2Exception {
//Get the list of scopes associated with the access token
String[] scopes = accessTokenDO.getScope();
//If no scopes are associated with the token
if (scopes == null || scopes.length == 0) {
return true;
}
String resourceScope = null;
TokenMgtDAO tokenMgtDAO = new TokenMgtDAO();
boolean cacheHit = false;
// Check the cache, if caching is enabled.
if (OAuthServerConfiguration.getInstance().isCacheEnabled()) {
OAuthCache oauthCache = OAuthCache.getInstance();
OAuthCacheKey cacheKey = new OAuthCacheKey(resource);
CacheEntry result = oauthCache.getValueFromCache(cacheKey);
//Cache hit
if (result instanceof ResourceScopeCacheEntry) {
resourceScope = ((ResourceScopeCacheEntry) result).getScope();
cacheHit = true;
}
}
if (!cacheHit) {
resourceScope = tokenMgtDAO.findScopeOfResource(resource);
if (OAuthServerConfiguration.getInstance().isCacheEnabled()) {
OAuthCache oauthCache = OAuthCache.getInstance();
OAuthCacheKey cacheKey = new OAuthCacheKey(resource);
ResourceScopeCacheEntry cacheEntry = new ResourceScopeCacheEntry(resourceScope);
//Store resourceScope in cache even if it is null (to avoid database calls when accessing resources for
//which scopes haven't been defined).
oauthCache.addToCache(cacheKey, cacheEntry);
}
}
//Return TRUE if - There does not exist a scope definition for the resource
if (resourceScope == null) {
if(log.isDebugEnabled()){
log.debug("Resource '" + resource + "' is not protected with a scope");
}
return true;
}
List<String> scopeList = new ArrayList<>(Arrays.asList(scopes));
//If the access token does not bear the scope required for accessing the Resource.
if(!scopeList.contains(resourceScope)){
if(log.isDebugEnabled()){
log.debug("Access token '" + accessTokenDO.getAccessToken() + "' does not bear the scope '" +
resourceScope + "'");
}
return false;
}
try {
//Get the permissions associated with the scope, if any
Set<String> permissionsOfScope = tokenMgtDAO.getRolesOfScopeByScopeKey(resourceScope);
//If the scope doesn't have any permissions associated with it.
if(permissionsOfScope == null || permissionsOfScope.isEmpty()){
if(log.isDebugEnabled()){
log.debug("Did not find any roles associated to the scope " + resourceScope);
}
return true;
}
if(log.isDebugEnabled()){
StringBuilder logMessage = new StringBuilder("Found permissions of scope '" + resourceScope + "' ");
for(String permission : permissionsOfScope){
logMessage.append(permission);
logMessage.append(", ");
}
log.debug(logMessage.toString());
}
User authorizedUser = accessTokenDO.getAuthzUser();
RealmService realmService = OAuthExtensionsDataHolder.getInstance().getRealmService();
int tenantId = realmService.getTenantManager().getTenantId(authorizedUser.getTenantDomain());
if (tenantId == 0 || tenantId == -1) {
tenantId = IdentityTenantUtil.getTenantIdOfUser(authorizedUser.getUserName());
}
AuthorizationManager authorizationManager;
String[] userRoles;
boolean tenantFlowStarted = false;
try{
//If this is a tenant user
if(tenantId != MultitenantConstants.SUPER_TENANT_ID){
PrivilegedCarbonContext.startTenantFlow();
PrivilegedCarbonContext.getThreadLocalCarbonContext().setTenantDomain(
realmService.getTenantManager().getDomain(tenantId),true);
tenantFlowStarted = true;
}
authorizationManager = realmService.getTenantUserRealm(tenantId).getAuthorizationManager();
} finally {
if (tenantFlowStarted) {
PrivilegedCarbonContext.endTenantFlow();
}
}
boolean status = false;
String username = MultitenantUtils.getTenantAwareUsername(authorizedUser.getUserName());
for (String permission : permissionsOfScope) {
if (authorizationManager != null) {
String userStore = authorizedUser.getUserStoreDomain();
if (userStore != null) {
status = authorizationManager
.isUserAuthorized(userStore + "/" + username, permission, UI_EXECUTE);
} else {
status = authorizationManager.isUserAuthorized(username , permission, UI_EXECUTE);
}
if (status) {
break;
}
}
}
if (status) {
if(log.isDebugEnabled()){
log.debug("User '" + authorizedUser.getUserName() + "' is authorized");
}
return true;
}
if(log.isDebugEnabled()){
log.debug("No permissions associated for the user " + authorizedUser.getUserName());
}
return false;
} catch (UserStoreException e) {
//Log and return since we do not want to stop issuing the token in case of scope validation failures.
log.error("Error when getting the tenant's UserStoreManager or when getting roles of user ", e);
return false;
}
}
}

@ -117,7 +117,10 @@
org.apache.axiom.soap.impl.builder, org.apache.axiom.soap.impl.builder,
org.apache.axiom.om, org.apache.axiom.om,
org.apache.axiom.om.impl.builder, org.apache.axiom.om.impl.builder,
org.apache.axiom.om.util org.apache.axiom.om.util,
org.wso2.carbon.registry.core.*,
org.wso2.carbon.registry.common.*;version="${carbon.registry.imp.pkg.version.range}",
org.wso2.carbon.registry.indexing.*; version="${carbon.registry.imp.pkg.version.range}",
</Import-Package> </Import-Package>
</instructions> </instructions>
</configuration> </configuration>
@ -214,6 +217,14 @@
<groupId>commons-pool.wso2</groupId> <groupId>commons-pool.wso2</groupId>
<artifactId>commons-pool</artifactId> <artifactId>commons-pool</artifactId>
</dependency> </dependency>
<dependency>
<groupId>org.wso2.carbon.registry</groupId>
<artifactId>org.wso2.carbon.registry.indexing</artifactId>
</dependency>
<dependency>
<groupId>org.wso2.carbon</groupId>
<artifactId>org.wso2.carbon.registry.core</artifactId>
</dependency>
</dependencies> </dependencies>
</project> </project>

@ -21,6 +21,8 @@ package org.wso2.carbon.webapp.authenticator.framework;
import org.wso2.carbon.certificate.mgt.core.service.CertificateManagementService; import org.wso2.carbon.certificate.mgt.core.service.CertificateManagementService;
import org.wso2.carbon.device.mgt.core.scep.SCEPManager; import org.wso2.carbon.device.mgt.core.scep.SCEPManager;
import org.wso2.carbon.identity.oauth2.OAuth2TokenValidationService; import org.wso2.carbon.identity.oauth2.OAuth2TokenValidationService;
import org.wso2.carbon.registry.core.service.TenantRegistryLoader;
import org.wso2.carbon.registry.indexing.service.TenantIndexingLoader;
import org.wso2.carbon.user.core.service.RealmService; import org.wso2.carbon.user.core.service.RealmService;
public class AuthenticatorFrameworkDataHolder { public class AuthenticatorFrameworkDataHolder {
@ -30,6 +32,8 @@ public class AuthenticatorFrameworkDataHolder {
private CertificateManagementService certificateManagementService; private CertificateManagementService certificateManagementService;
private SCEPManager scepManager; private SCEPManager scepManager;
private OAuth2TokenValidationService oAuth2TokenValidationService; private OAuth2TokenValidationService oAuth2TokenValidationService;
private TenantIndexingLoader tenantIndexingLoader;
private TenantRegistryLoader tenantRegistryLoader;
private static AuthenticatorFrameworkDataHolder private static AuthenticatorFrameworkDataHolder
thisInstance = new AuthenticatorFrameworkDataHolder(); thisInstance = new AuthenticatorFrameworkDataHolder();
@ -92,4 +96,21 @@ public class AuthenticatorFrameworkDataHolder {
OAuth2TokenValidationService oAuth2TokenValidationService) { OAuth2TokenValidationService oAuth2TokenValidationService) {
this.oAuth2TokenValidationService = oAuth2TokenValidationService; this.oAuth2TokenValidationService = oAuth2TokenValidationService;
} }
public TenantIndexingLoader getTenantIndexingLoader() {
return tenantIndexingLoader;
}
public void setTenantIndexingLoader(
TenantIndexingLoader tenantIndexingLoader) {
this.tenantIndexingLoader = tenantIndexingLoader;
}
public void setTenantRegistryLoader(TenantRegistryLoader tenantRegistryLoader) {
this.tenantRegistryLoader = tenantRegistryLoader;
}
public TenantRegistryLoader getTenantRegistryLoader() {
return tenantRegistryLoader;
}
} }

@ -22,23 +22,24 @@ import com.nimbusds.jose.JOSEException;
import com.nimbusds.jose.JWSVerifier; import com.nimbusds.jose.JWSVerifier;
import com.nimbusds.jose.crypto.RSASSAVerifier; import com.nimbusds.jose.crypto.RSASSAVerifier;
import com.nimbusds.jwt.SignedJWT; import com.nimbusds.jwt.SignedJWT;
import org.apache.axiom.util.base64.Base64Utils;
import org.apache.axis2.transport.http.HTTPConstants;
import org.apache.catalina.connector.Request; import org.apache.catalina.connector.Request;
import org.apache.catalina.connector.Response; import org.apache.catalina.connector.Response;
import org.apache.commons.logging.Log; import org.apache.commons.logging.Log;
import org.apache.commons.logging.LogFactory; import org.apache.commons.logging.LogFactory;
import org.wso2.carbon.core.util.KeyStoreManager; import org.wso2.carbon.core.util.KeyStoreManager;
import org.wso2.carbon.user.api.TenantManager; import org.wso2.carbon.registry.core.exceptions.RegistryException;
import org.wso2.carbon.registry.core.service.TenantRegistryLoader;
import org.wso2.carbon.user.api.UserStoreException; import org.wso2.carbon.user.api.UserStoreException;
import org.wso2.carbon.user.api.UserStoreManager; import org.wso2.carbon.user.api.UserStoreManager;
import org.wso2.carbon.utils.multitenancy.MultitenantConstants;
import org.wso2.carbon.utils.multitenancy.MultitenantUtils; import org.wso2.carbon.utils.multitenancy.MultitenantUtils;
import org.wso2.carbon.webapp.authenticator.framework.AuthenticationInfo; import org.wso2.carbon.webapp.authenticator.framework.AuthenticationInfo;
import org.wso2.carbon.webapp.authenticator.framework.AuthenticatorFrameworkDataHolder; import org.wso2.carbon.webapp.authenticator.framework.AuthenticatorFrameworkDataHolder;
import java.security.PublicKey;
import java.security.interfaces.RSAPublicKey; import java.security.interfaces.RSAPublicKey;
import java.text.ParseException; import java.text.ParseException;
import java.util.HashMap;
import java.util.Map;
import java.util.Properties; import java.util.Properties;
import java.util.StringTokenizer; import java.util.StringTokenizer;
@ -47,11 +48,12 @@ import java.util.StringTokenizer;
*/ */
public class JWTAuthenticator implements WebappAuthenticator { public class JWTAuthenticator implements WebappAuthenticator {
private static final Log log = LogFactory.getLog(JWTAuthenticator.class); private static final Log log = LogFactory.getLog(JWTAuthenticator.class);
public static final String SIGNED_JWT_AUTH_USERNAME = "Username"; private static final String SIGNED_JWT_AUTH_USERNAME = "http://wso2.org/claims/enduser";
private static final String JWT_AUTHENTICATOR = "JWT"; private static final String SIGNED_JWT_AUTH_TENANT_ID = "http://wso2.org/claims/enduserTenantId";
private static final String JWT_ASSERTION_HEADER = "X-JWT-Assertion"; private static final String JWT_AUTHENTICATOR = "JWT";
private static final String JWT_ASSERTION_HEADER = "X-JWT-Assertion";
private static final Map<String, PublicKey> publicKeyHolder = new HashMap<>();
@Override @Override
public void init() { public void init() {
@ -59,46 +61,49 @@ public class JWTAuthenticator implements WebappAuthenticator {
@Override @Override
public boolean canHandle(Request request) { public boolean canHandle(Request request) {
String authorizationHeader = request.getHeader(JWTAuthenticator.JWT_ASSERTION_HEADER); String authorizationHeader = request.getHeader(JWTAuthenticator.JWT_ASSERTION_HEADER);
if((authorizationHeader != null) && !authorizationHeader.isEmpty()){ if ((authorizationHeader != null) && !authorizationHeader.isEmpty()) {
return true; return true;
} }
return false; return false;
} }
@Override @Override
public AuthenticationInfo authenticate(Request request, Response response) { public AuthenticationInfo authenticate(Request request, Response response) {
String requestUri = request.getRequestURI(); String requestUri = request.getRequestURI();
AuthenticationInfo authenticationInfo = new AuthenticationInfo(); AuthenticationInfo authenticationInfo = new AuthenticationInfo();
if (requestUri == null || "".equals(requestUri)) { if (requestUri == null || "".equals(requestUri)) {
authenticationInfo.setStatus(Status.CONTINUE); authenticationInfo.setStatus(Status.CONTINUE);
} }
StringTokenizer tokenizer = new StringTokenizer(requestUri, "/"); StringTokenizer tokenizer = new StringTokenizer(requestUri, "/");
String context = tokenizer.nextToken(); String context = tokenizer.nextToken();
if (context == null || "".equals(context)) { if (context == null || "".equals(context)) {
authenticationInfo.setStatus(Status.CONTINUE); authenticationInfo.setStatus(Status.CONTINUE);
} }
//Get the filesystem keystore default primary certificate try {
KeyStoreManager keyStoreManager = KeyStoreManager.getInstance(MultitenantConstants.SUPER_TENANT_ID); String authorizationHeader = request.getHeader(JWT_ASSERTION_HEADER);
try {
keyStoreManager.getDefaultPrimaryCertificate(); SignedJWT jwsObject = SignedJWT.parse(authorizationHeader);
String authorizationHeader = request.getHeader(HTTPConstants.HEADER_AUTHORIZATION); String username = jwsObject.getJWTClaimsSet().getStringClaim(SIGNED_JWT_AUTH_USERNAME);
String headerData = decodeAuthorizationHeader(authorizationHeader); String tenantDomain = MultitenantUtils.getTenantDomain(username);
JWSVerifier verifier = int tenantId = Integer.parseInt(jwsObject.getJWTClaimsSet().getStringClaim(SIGNED_JWT_AUTH_TENANT_ID));
new RSASSAVerifier((RSAPublicKey) keyStoreManager.getDefaultPublicKey()); PublicKey publicKey = publicKeyHolder.get(tenantDomain);
SignedJWT jwsObject = SignedJWT.parse(headerData); if (publicKey == null) {
if (jwsObject.verify(verifier)) { loadTenantRegistry(tenantId);
String username = jwsObject.getJWTClaimsSet().getStringClaim(SIGNED_JWT_AUTH_USERNAME); KeyStoreManager keyStoreManager = KeyStoreManager.getInstance(tenantId);
String tenantDomain = MultitenantUtils.getTenantDomain(username); publicKey = keyStoreManager.getDefaultPublicKey();
username = MultitenantUtils.getTenantAwareUsername(username); publicKeyHolder.put(tenantDomain, publicKey);
TenantManager tenantManager = AuthenticatorFrameworkDataHolder.getInstance().getRealmService(). }
getTenantManager();
int tenantId = tenantManager.getTenantId(tenantDomain); //Get the filesystem keystore default primary certificate
if (tenantId == -1) { JWSVerifier verifier = new RSASSAVerifier((RSAPublicKey) publicKey);
log.error("tenantDomain is not valid. username : " + username + ", tenantDomain " + if (jwsObject.verify(verifier)) {
": " + tenantDomain); username = MultitenantUtils.getTenantAwareUsername(username);
} else { if (tenantId == -1) {
log.error("tenantDomain is not valid. username : " + username + ", tenantDomain " +
": " + tenantDomain);
} else {
UserStoreManager userStore = AuthenticatorFrameworkDataHolder.getInstance().getRealmService(). UserStoreManager userStore = AuthenticatorFrameworkDataHolder.getInstance().getRealmService().
getTenantUserRealm(tenantId).getUserStoreManager(); getTenantUserRealm(tenantId).getUserStoreManager();
if (userStore.isExistingUser(username)) { if (userStore.isExistingUser(username)) {
@ -108,41 +113,25 @@ public class JWTAuthenticator implements WebappAuthenticator {
authenticationInfo.setStatus(Status.CONTINUE); authenticationInfo.setStatus(Status.CONTINUE);
} }
} }
} } else {
} catch (UserStoreException e) { authenticationInfo.setStatus(Status.FAILURE);
log.error("Error occurred while obtaining the user.", e); }
} catch (ParseException e) { } catch (UserStoreException e) {
log.error("Error occurred while parsing the JWT header.", e); log.error("Error occurred while obtaining the user.", e);
} catch (JOSEException e) { } catch (ParseException e) {
log.error("Error occurred while verifying the JWT header.", e); log.error("Error occurred while parsing the JWT header.", e);
} catch (Exception e) { } catch (JOSEException e) {
log.error("Error occurred while verifying the JWT header.", e); log.error("Error occurred while verifying the JWT header.", e);
} } catch (Exception e) {
return authenticationInfo; log.error("Error occurred while verifying the JWT header.", e);
} }
return authenticationInfo;
private String decodeAuthorizationHeader(String authorizationHeader) { }
if(authorizationHeader == null) { @Override
return null; public String getName() {
} return JWTAuthenticator.JWT_AUTHENTICATOR;
}
String[] splitValues = authorizationHeader.trim().split(" ");
byte[] decodedBytes = Base64Utils.decode(splitValues[1].trim());
if (decodedBytes != null) {
return new String(decodedBytes);
} else {
if (log.isDebugEnabled()) {
log.debug("Error decoding authorization header.");
}
return null;
}
}
@Override
public String getName() {
return JWTAuthenticator.JWT_AUTHENTICATOR;
}
@Override @Override
public void setProperties(Properties properties) { public void setProperties(Properties properties) {
@ -158,4 +147,11 @@ public class JWTAuthenticator implements WebappAuthenticator {
public String getProperty(String name) { public String getProperty(String name) {
return null; return null;
} }
private static void loadTenantRegistry(int tenantId) throws RegistryException {
TenantRegistryLoader tenantRegistryLoader = AuthenticatorFrameworkDataHolder.getInstance().
getTenantRegistryLoader();
AuthenticatorFrameworkDataHolder.getInstance().getTenantIndexingLoader().loadTenantIndex(tenantId);
tenantRegistryLoader.loadTenantRegistry(tenantId);
}
} }

@ -25,6 +25,8 @@ import org.osgi.service.component.ComponentContext;
import org.wso2.carbon.certificate.mgt.core.service.CertificateManagementService; import org.wso2.carbon.certificate.mgt.core.service.CertificateManagementService;
import org.wso2.carbon.device.mgt.core.scep.SCEPManager; import org.wso2.carbon.device.mgt.core.scep.SCEPManager;
import org.wso2.carbon.identity.oauth2.OAuth2TokenValidationService; import org.wso2.carbon.identity.oauth2.OAuth2TokenValidationService;
import org.wso2.carbon.registry.core.service.TenantRegistryLoader;
import org.wso2.carbon.registry.indexing.service.TenantIndexingLoader;
import org.wso2.carbon.tomcat.ext.valves.CarbonTomcatValve; import org.wso2.carbon.tomcat.ext.valves.CarbonTomcatValve;
import org.wso2.carbon.tomcat.ext.valves.TomcatValveContainer; import org.wso2.carbon.tomcat.ext.valves.TomcatValveContainer;
import org.wso2.carbon.user.core.service.RealmService; import org.wso2.carbon.user.core.service.RealmService;
@ -67,6 +69,17 @@ import java.util.Properties;
* policy="dynamic" * policy="dynamic"
* bind="setOAuth2ValidationService" * bind="setOAuth2ValidationService"
* unbind="unsetOAuth2ValidationService" * unbind="unsetOAuth2ValidationService"
* @scr.reference name="tenant.indexloader"
* interface="org.wso2.carbon.registry.indexing.service.TenantIndexingLoader"
* cardinality="1..1"
* policy="dynamic"
* bind="setTenantIndexLoader"
* unbind="unsetTenantIndexLoader"
* @scr.reference name="tenant.registryloader"
* interface="org.wso2.carbon.registry.core.service.TenantRegistryLoader"
* cardinality="1..1" policy="dynamic"
* bind="setTenantRegistryLoader"
* unbind="unsetTenantRegistryLoader"
*/ */
public class WebappAuthenticatorFrameworkServiceComponent { public class WebappAuthenticatorFrameworkServiceComponent {
@ -183,4 +196,20 @@ public class WebappAuthenticatorFrameworkServiceComponent {
} }
AuthenticatorFrameworkDataHolder.getInstance().setOAuth2TokenValidationService(null); AuthenticatorFrameworkDataHolder.getInstance().setOAuth2TokenValidationService(null);
} }
protected void setTenantIndexLoader(TenantIndexingLoader tenantIndexLoader) {
AuthenticatorFrameworkDataHolder.getInstance().setTenantIndexingLoader(tenantIndexLoader);
}
protected void unsetTenantIndexLoader(TenantIndexingLoader tenantIndexLoader) {
AuthenticatorFrameworkDataHolder.getInstance().setTenantIndexingLoader(null);
}
protected void setTenantRegistryLoader(TenantRegistryLoader tenantRegistryLoader) {
AuthenticatorFrameworkDataHolder.getInstance().setTenantRegistryLoader(tenantRegistryLoader);
}
protected void unsetTenantRegistryLoader(TenantRegistryLoader tenantRegistryLoader) {
AuthenticatorFrameworkDataHolder.getInstance().setTenantRegistryLoader(null);
}
} }

@ -0,0 +1,32 @@
<?xml version="1.0" encoding="ISO-8859-1"?>
<!--
~ Copyright (c) 2016, WSO2 Inc. (http://www.wso2.org) All Rights Reserved.
~
~ WSO2 Inc. licenses this file to you under the Apache License,
~ Version 2.0 (the "License"); you may not use this file except
~ in compliance with the License.
~ you may obtain a copy of the License at
~
~ http://www.apache.org/licenses/LICENSE-2.0
~
~ Unless required by applicable law or agreed to in writing,
~ software distributed under the License is distributed on an
~ "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
~ KIND, either express or implied. See the License for the
~ specific language governing permissions and limitations
~ under the License.
-->
<!--
This configuration file represents the configuration that are needed
when publishing APIs to API Manager
-->
<WebappPublisherConfigs>
<!-- This host is used to define the host address which is used to publish APIs -->
<Host>http://localhost:${carbon.http.port}</Host>
<!-- If it is true, the APIs of this instance will be published to the defined host -->
<PublishAPI>true</PublishAPI>
</WebappPublisherConfigs>

@ -0,0 +1,2 @@
instructions.configure = \
org.eclipse.equinox.p2.touchpoint.natives.copy(source:${installFolder}/../features/org.wso2.carbon.apimgt.webapp.publisher_${feature.version}/conf/webapp-publisher-config.xml,target:${installFolder}/../../conf/etc/webapp-publisher-config.xml,overwrite:true);\

@ -120,6 +120,7 @@
<bundleDef> <bundleDef>
org.wso2.carbon.identity:org.wso2.carbon.identity.oauth.stub:${carbon.identity.version} org.wso2.carbon.identity:org.wso2.carbon.identity.oauth.stub:${carbon.identity.version}
</bundleDef> </bundleDef>
<!-- Below should be bundled with the email verification -->
</bundles> </bundles>
<importFeatures> <importFeatures>
<importFeatureDef>org.wso2.carbon.core.server:${carbon.kernel.version}</importFeatureDef> <importFeatureDef>org.wso2.carbon.core.server:${carbon.kernel.version}</importFeatureDef>

@ -1378,16 +1378,16 @@
<artifactId>org.wso2.carbon.databridge.core</artifactId> <artifactId>org.wso2.carbon.databridge.core</artifactId>
<version>${carbon.analytics.common.version}</version> <version>${carbon.analytics.common.version}</version>
</dependency> </dependency>
<dependency> <!--<dependency>-->
<groupId>org.wso2.carbon.commons</groupId> <!--<groupId>org.wso2.carbon.commons</groupId>-->
<artifactId>org.wso2.carbon.databridge.commons</artifactId> <!--<artifactId>org.wso2.carbon.databridge.commons</artifactId>-->
<version>${carbon.commons.version}</version> <!--<version>${carbon.commons.version}</version>-->
</dependency> <!--</dependency>-->
<dependency> <!--<dependency>-->
<groupId>org.wso2.carbon.commons</groupId> <!--<groupId>org.wso2.carbon.commons</groupId>-->
<artifactId>org.wso2.carbon.databridge.commons.thrift</artifactId> <!--<artifactId>org.wso2.carbon.databridge.commons.thrift</artifactId>-->
<version>${carbon.commons.version}</version> <!--<version>${carbon.commons.version}</version>-->
</dependency> <!--</dependency>-->
<dependency> <dependency>
<groupId>org.wso2.carbon.analytics-common</groupId> <groupId>org.wso2.carbon.analytics-common</groupId>
<artifactId>org.wso2.carbon.databridge.commons</artifactId> <artifactId>org.wso2.carbon.databridge.commons</artifactId>
@ -1448,9 +1448,9 @@
</dependency> </dependency>
<dependency> <dependency>
<groupId>org.wso2.carbon.commons</groupId> <groupId>org.wso2.carbon.identity</groupId>
<artifactId>org.wso2.carbon.user.mgt</artifactId> <artifactId>org.wso2.carbon.user.mgt</artifactId>
<version>${carbon.commons.version}</version> <version>${carbon.identity.version}</version>
<scope>provided</scope> <scope>provided</scope>
</dependency> </dependency>
@ -1721,7 +1721,7 @@
<properties> <properties>
<testng.version>6.1.1</testng.version> <testng.version>6.1.1</testng.version>
<carbon.kernel.version>4.4.3</carbon.kernel.version> <carbon.kernel.version>4.4.3</carbon.kernel.version>
<carbon.kernel.version.range>[4.4.0, 4.5.0)</carbon.kernel.version.range> <carbon.kernel.version.range>[4.4.0, 5.0.0)</carbon.kernel.version.range>
<carbon.p2.plugin.version>1.5.4</carbon.p2.plugin.version> <carbon.p2.plugin.version>1.5.4</carbon.p2.plugin.version>
<maven-buildnumber-plugin.version>1.3</maven-buildnumber-plugin.version> <maven-buildnumber-plugin.version>1.3</maven-buildnumber-plugin.version>
@ -1768,9 +1768,6 @@
<!-- Carbon Multi-tenancy --> <!-- Carbon Multi-tenancy -->
<carbon.multitenancy.version>4.5.0</carbon.multitenancy.version> <carbon.multitenancy.version>4.5.0</carbon.multitenancy.version>
<!-- Carbon Registry -->
<carbon.registry.version>4.4.8</carbon.registry.version>
<!-- Carbon Governance --> <!-- Carbon Governance -->
<carbon.governance.version>4.5.8</carbon.governance.version> <carbon.governance.version>4.5.8</carbon.governance.version>
@ -1789,7 +1786,7 @@
<version.commons.lang>2.6.0.wso2v1</version.commons.lang> <version.commons.lang>2.6.0.wso2v1</version.commons.lang>
<!-- Carbon API Management --> <!-- Carbon API Management -->
<carbon.api.mgt.version>5.0.3</carbon.api.mgt.version> <carbon.api.mgt.version>5.0.4</carbon.api.mgt.version>
<carbon.api.mgt.version.range>(5.0.0,6.0.0]</carbon.api.mgt.version.range> <carbon.api.mgt.version.range>(5.0.0,6.0.0]</carbon.api.mgt.version.range>
<!-- Carbon Analytics Commons --> <!-- Carbon Analytics Commons -->

Loading…
Cancel
Save