From b68d24cec408f7efc3273ac99404e69e69270147 Mon Sep 17 00:00:00 2001 From: Pahansith Date: Mon, 3 May 2021 23:11:21 +0530 Subject: [PATCH 1/5] Add session scope handler (cherry picked from commit 429e76cfdc8184e99df84f1678eb17d0780b22ad) --- .../interceptor/PermissionScopeHandler.java | 65 +++++++++++++++++++ .../interceptor/util/HandlerConstants.java | 2 +- 2 files changed, 66 insertions(+), 1 deletion(-) create mode 100644 components/ui-request-interceptor/io.entgra.ui.request.interceptor/src/main/java/io/entgra/ui/request/interceptor/PermissionScopeHandler.java diff --git a/components/ui-request-interceptor/io.entgra.ui.request.interceptor/src/main/java/io/entgra/ui/request/interceptor/PermissionScopeHandler.java b/components/ui-request-interceptor/io.entgra.ui.request.interceptor/src/main/java/io/entgra/ui/request/interceptor/PermissionScopeHandler.java new file mode 100644 index 00000000000..96d1d1151f4 --- /dev/null +++ b/components/ui-request-interceptor/io.entgra.ui.request.interceptor/src/main/java/io/entgra/ui/request/interceptor/PermissionScopeHandler.java @@ -0,0 +1,65 @@ +/* + * Copyright (c) 2019, Entgra (Pvt) Ltd. (http://www.entgra.io) All Rights Reserved. + * + * Entgra (Pvt) Ltd. licenses this file to you under the Apache License, + * Version 2.0 (the "License"); you may not use this file except + * in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, + * software distributed under the License is distributed on an + * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY + * KIND, either express or implied. See the License for the + * specific language governing permissions and limitations + * under the License. + */ + +package io.entgra.ui.request.interceptor; + +import io.entgra.ui.request.interceptor.beans.AuthData; +import io.entgra.ui.request.interceptor.beans.ProxyResponse; +import io.entgra.ui.request.interceptor.util.HandlerConstants; +import io.entgra.ui.request.interceptor.util.HandlerUtil; +import org.apache.commons.lang3.StringUtils; +import org.apache.http.HttpStatus; +import org.json.JSONObject; + +import javax.servlet.ServletException; +import javax.servlet.annotation.MultipartConfig; +import javax.servlet.annotation.WebServlet; +import javax.servlet.http.HttpServlet; +import javax.servlet.http.HttpServletRequest; +import javax.servlet.http.HttpServletResponse; +import javax.servlet.http.HttpSession; +import java.io.IOException; + +@MultipartConfig +@WebServlet("/login-user/scopes") +public class PermissionScopeHandler extends HttpServlet { + @Override + protected void doGet(HttpServletRequest req, HttpServletResponse resp) throws ServletException, IOException { + HttpSession httpSession = req.getSession(false); + if (httpSession == null) { + HandlerUtil.sendUnAuthorizeResponse(resp); + return; + } + + AuthData authData = (AuthData) httpSession.getAttribute(HandlerConstants.SESSION_AUTH_DATA_KEY); + if (authData == null) { + HandlerUtil.sendUnAuthorizeResponse(resp); + return; + } + + if (!StringUtils.isEmpty(authData.getScope())) { + ProxyResponse proxyResponse = new ProxyResponse(); + JSONObject jsonObject = new JSONObject(); + jsonObject.put(HandlerConstants.USER_SCOPES, authData.getScope()); + proxyResponse.setCode(HttpStatus.SC_OK); + proxyResponse.setData(jsonObject.toString()); + HandlerUtil.handleSuccess(resp, proxyResponse); + } + HandlerUtil.handleError(resp, null); + } +} diff --git a/components/ui-request-interceptor/io.entgra.ui.request.interceptor/src/main/java/io/entgra/ui/request/interceptor/util/HandlerConstants.java b/components/ui-request-interceptor/io.entgra.ui.request.interceptor/src/main/java/io/entgra/ui/request/interceptor/util/HandlerConstants.java index 6760fcf236d..b94309be57e 100644 --- a/components/ui-request-interceptor/io.entgra.ui.request.interceptor/src/main/java/io/entgra/ui/request/interceptor/util/HandlerConstants.java +++ b/components/ui-request-interceptor/io.entgra.ui.request.interceptor/src/main/java/io/entgra/ui/request/interceptor/util/HandlerConstants.java @@ -80,5 +80,5 @@ public class HandlerConstants { public static final String IOT_GW_HOST_ENV_VAR = "iot.gateway.host"; public static final String IOT_GW_HTTP_PORT_ENV_VAR = "iot.gateway.http.port"; public static final String IOT_GW_HTTPS_PORT_ENV_VAR = "iot.gateway.https.port"; - + public static final String USER_SCOPES = "user-scopes"; } From f725151e916124ece4c8054c7436a13691e53eab Mon Sep 17 00:00:00 2001 From: vigneshan Date: Thu, 6 May 2021 22:42:37 +0530 Subject: [PATCH 2/5] Fix session expire issue during sso authorization (cherry picked from commit c2369cde71ec6c8ef96539d636d2804fd815eb2e) --- .../interceptor/SsoLoginCallbackHandler.java | 19 +++++++++++++------ .../request/interceptor/SsoLoginHandler.java | 2 +- 2 files changed, 14 insertions(+), 7 deletions(-) diff --git a/components/ui-request-interceptor/io.entgra.ui.request.interceptor/src/main/java/io/entgra/ui/request/interceptor/SsoLoginCallbackHandler.java b/components/ui-request-interceptor/io.entgra.ui.request.interceptor/src/main/java/io/entgra/ui/request/interceptor/SsoLoginCallbackHandler.java index 92bd0e6b709..c437398d20a 100644 --- a/components/ui-request-interceptor/io.entgra.ui.request.interceptor/src/main/java/io/entgra/ui/request/interceptor/SsoLoginCallbackHandler.java +++ b/components/ui-request-interceptor/io.entgra.ui.request.interceptor/src/main/java/io/entgra/ui/request/interceptor/SsoLoginCallbackHandler.java @@ -27,7 +27,6 @@ import io.entgra.ui.request.interceptor.util.HandlerUtil; import org.apache.commons.logging.Log; import org.apache.commons.logging.LogFactory; import org.apache.http.HttpHeaders; -import org.apache.http.HttpStatus; import org.apache.http.client.methods.HttpPost; import org.apache.http.entity.ContentType; import org.apache.http.entity.StringEntity; @@ -50,9 +49,7 @@ public class SsoLoginCallbackHandler extends HttpServlet { protected void doGet(HttpServletRequest req, HttpServletResponse resp) throws IOException { String code = req.getParameter("code"); HttpSession session = req.getSession(false); - String scope = session.getAttribute("scope").toString(); String iotsCorePort = System.getProperty(HandlerConstants.IOT_CORE_HTTPS_PORT_ENV_VAR); - if (HandlerConstants.HTTP_PROTOCOL.equals(req.getScheme())) { iotsCorePort = System.getProperty(HandlerConstants.IOT_CORE_HTTP_PORT_ENV_VAR); } @@ -62,6 +59,19 @@ public class SsoLoginCallbackHandler extends HttpServlet { String iotsCoreUrl = req.getScheme() + HandlerConstants.SCHEME_SEPARATOR + System.getProperty(HandlerConstants.IOT_CORE_HOST_ENV_VAR) + HandlerConstants.COLON + iotsCorePort; + if (session == null) { + String baseContextPath = req.getContextPath(); + String applicationName = baseContextPath.substring(1, baseContextPath.indexOf("-ui-request-handler")); + if (applicationName.equals("entgra")) { + resp.sendRedirect(iotsCoreUrl + "/endpoint-mgt"); + } else { + resp.sendRedirect(iotsCoreUrl + "/" + applicationName); + } + return; + } + + String scope = session.getAttribute("scope").toString(); + HttpPost tokenEndpoint = new HttpPost(gatewayUrl + HandlerConstants.TOKEN_ENDPOINT); tokenEndpoint.setHeader(HttpHeaders.AUTHORIZATION, HandlerConstants.BASIC + session.getAttribute("encodedClientApp")); tokenEndpoint.setHeader(HttpHeaders.CONTENT_TYPE, ContentType.APPLICATION_FORM_URLENCODED.toString()); @@ -76,11 +86,9 @@ public class SsoLoginCallbackHandler extends HttpServlet { ProxyResponse tokenResultResponse = HandlerUtil.execute(tokenEndpoint); JsonParser jsonParser = new JsonParser(); - JsonElement jTokenResult = jsonParser.parse(tokenResultResponse.getData()); if (jTokenResult.isJsonObject()) { JsonObject jTokenResultAsJsonObject = jTokenResult.getAsJsonObject(); - AuthData authData = new AuthData(); authData.setClientId(session.getAttribute("clientId").toString()); authData.setClientSecret(session.getAttribute("clientSecret").toString()); @@ -89,7 +97,6 @@ public class SsoLoginCallbackHandler extends HttpServlet { authData.setRefreshToken(jTokenResultAsJsonObject.get("refresh_token").getAsString()); authData.setScope(jTokenResultAsJsonObject.get("scope").getAsString()); session.setAttribute(HandlerConstants.SESSION_AUTH_DATA_KEY, authData); - resp.sendRedirect(session.getAttribute("redirectUrl").toString()); } } diff --git a/components/ui-request-interceptor/io.entgra.ui.request.interceptor/src/main/java/io/entgra/ui/request/interceptor/SsoLoginHandler.java b/components/ui-request-interceptor/io.entgra.ui.request.interceptor/src/main/java/io/entgra/ui/request/interceptor/SsoLoginHandler.java index 1a5a550571d..e23019d2c86 100644 --- a/components/ui-request-interceptor/io.entgra.ui.request.interceptor/src/main/java/io/entgra/ui/request/interceptor/SsoLoginHandler.java +++ b/components/ui-request-interceptor/io.entgra.ui.request.interceptor/src/main/java/io/entgra/ui/request/interceptor/SsoLoginHandler.java @@ -88,12 +88,12 @@ public class SsoLoginHandler extends HttpServlet { protected void doGet(HttpServletRequest req, HttpServletResponse resp) { try { httpSession = req.getSession(false); - if (httpSession != null) { httpSession.invalidate(); } httpSession = req.getSession(true); + httpSession.setMaxInactiveInterval(Math.toIntExact(HandlerConstants.TIMEOUT)); initializeAdminCredentials(); baseContextPath = req.getContextPath(); applicationName = baseContextPath.substring(1, baseContextPath.indexOf("-ui-request-handler")); From 83047b497f67279c1520af4db4be02fd627ef3e2 Mon Sep 17 00:00:00 2001 From: inoshperera Date: Mon, 17 May 2021 12:04:21 +0530 Subject: [PATCH 3/5] Support AE with QR code based enrollment Fixes https://gitlab.com/entgra/emm-proprietary-plugins/-/merge_requests/601 (cherry picked from commit 2f73bcb0c7a635d3b7c077dcb73faddb3b4f10a6) --- .../src/main/resources/conf/mdm-ui-config.xml | 1 + 1 file changed, 1 insertion(+) diff --git a/features/device-mgt/org.wso2.carbon.device.mgt.basics.feature/src/main/resources/conf/mdm-ui-config.xml b/features/device-mgt/org.wso2.carbon.device.mgt.basics.feature/src/main/resources/conf/mdm-ui-config.xml index a0ba89e8b77..3a425274f1f 100644 --- a/features/device-mgt/org.wso2.carbon.device.mgt.basics.feature/src/main/resources/conf/mdm-ui-config.xml +++ b/features/device-mgt/org.wso2.carbon.device.mgt.basics.feature/src/main/resources/conf/mdm-ui-config.xml @@ -177,6 +177,7 @@ perm:metadata:view perm:metadata:create perm:metadata:update + perm:android:google-account device-mgt From 0c3185f7d60b3609b8ef3faf4c8c84feced85f93 Mon Sep 17 00:00:00 2001 From: MalshaPiumini Date: Mon, 24 May 2021 22:36:09 +0530 Subject: [PATCH 4/5] Increase session time for sso and non-sso login. (cherry picked from commit a1567d8a3ded0ab3a0076add05a1b6064808fba3) --- .../device/mgt/core/config/ui/UIConfiguration.java | 10 ++++++++++ .../io/entgra/ui/request/interceptor/LoginHandler.java | 8 +++++--- .../entgra/ui/request/interceptor/SsoLoginHandler.java | 5 ++++- .../src/main/resources/conf/mdm-ui-config.xml | 2 ++ 4 files changed, 21 insertions(+), 4 deletions(-) diff --git a/components/device-mgt/org.wso2.carbon.device.mgt.core/src/main/java/org/wso2/carbon/device/mgt/core/config/ui/UIConfiguration.java b/components/device-mgt/org.wso2.carbon.device.mgt.core/src/main/java/org/wso2/carbon/device/mgt/core/config/ui/UIConfiguration.java index 914597687c1..1c4a1e91cdf 100644 --- a/components/device-mgt/org.wso2.carbon.device.mgt.core/src/main/java/org/wso2/carbon/device/mgt/core/config/ui/UIConfiguration.java +++ b/components/device-mgt/org.wso2.carbon.device.mgt.core/src/main/java/org/wso2/carbon/device/mgt/core/config/ui/UIConfiguration.java @@ -31,6 +31,7 @@ public class UIConfiguration { private AppRegistration appRegistration; private List scopes; private boolean isSsoEnable; + private int sessionTimeOut; @XmlElement(name = "AppRegistration", required=true) public AppRegistration getAppRegistration() { @@ -59,4 +60,13 @@ public class UIConfiguration { public void setSsoEnable(boolean ssoEnable) { isSsoEnable = ssoEnable; } + + @XmlElement(name = "SessionTimeOut") + public int getSessionTimeOut() { + return sessionTimeOut; + } + + public void setSessionTimeOut(int sessionTimeOut) { + this.sessionTimeOut = sessionTimeOut; + } } diff --git a/components/ui-request-interceptor/io.entgra.ui.request.interceptor/src/main/java/io/entgra/ui/request/interceptor/LoginHandler.java b/components/ui-request-interceptor/io.entgra.ui.request.interceptor/src/main/java/io/entgra/ui/request/interceptor/LoginHandler.java index e4246fbfc09..60dd31ab2de 100644 --- a/components/ui-request-interceptor/io.entgra.ui.request.interceptor/src/main/java/io/entgra/ui/request/interceptor/LoginHandler.java +++ b/components/ui-request-interceptor/io.entgra.ui.request.interceptor/src/main/java/io/entgra/ui/request/interceptor/LoginHandler.java @@ -39,6 +39,7 @@ import org.apache.http.entity.ContentType; import org.apache.http.entity.StringEntity; import org.apache.http.protocol.HTTP; import io.entgra.ui.request.interceptor.beans.ProxyResponse; +import org.json.JSONString; import javax.servlet.annotation.MultipartConfig; import javax.servlet.annotation.WebServlet; @@ -69,13 +70,14 @@ public class LoginHandler extends HttpServlet { httpSession.invalidate(); } httpSession = req.getSession(true); - //setting session to expiry in 5 minutes - httpSession.setMaxInactiveInterval(Math.toIntExact(HandlerConstants.TIMEOUT)); JsonObject uiConfigJsonObject = HandlerUtil.getUIConfigAndPersistInSession(uiConfigUrl, gatewayUrl, httpSession, resp); - JsonArray tags = uiConfigJsonObject.get("appRegistration").getAsJsonObject().get("tags").getAsJsonArray(); JsonArray scopes = uiConfigJsonObject.get("scopes").getAsJsonArray(); + int sessionTimeOut = Integer.parseInt(String.valueOf(uiConfigJsonObject.get("sessionTimeOut"))); + + //setting session to expire in 1h + httpSession.setMaxInactiveInterval(sessionTimeOut); // Check if OAuth app cache exists. If not create a new application. LoginCacheManager loginCacheManager = new LoginCacheManager(); diff --git a/components/ui-request-interceptor/io.entgra.ui.request.interceptor/src/main/java/io/entgra/ui/request/interceptor/SsoLoginHandler.java b/components/ui-request-interceptor/io.entgra.ui.request.interceptor/src/main/java/io/entgra/ui/request/interceptor/SsoLoginHandler.java index e23019d2c86..fb4f93b0c92 100644 --- a/components/ui-request-interceptor/io.entgra.ui.request.interceptor/src/main/java/io/entgra/ui/request/interceptor/SsoLoginHandler.java +++ b/components/ui-request-interceptor/io.entgra.ui.request.interceptor/src/main/java/io/entgra/ui/request/interceptor/SsoLoginHandler.java @@ -72,6 +72,7 @@ public class SsoLoginHandler extends HttpServlet { private static String adminPassword; private static String gatewayUrl; private static String iotsCoreUrl; + private static int sessionTimeOut; private static String encodedAdminCredentials; private static String encodedClientApp; private static String applicationId; @@ -93,7 +94,7 @@ public class SsoLoginHandler extends HttpServlet { } httpSession = req.getSession(true); - httpSession.setMaxInactiveInterval(Math.toIntExact(HandlerConstants.TIMEOUT)); + initializeAdminCredentials(); baseContextPath = req.getContextPath(); applicationName = baseContextPath.substring(1, baseContextPath.indexOf("-ui-request-handler")); @@ -157,6 +158,7 @@ public class SsoLoginHandler extends HttpServlet { uiConfigJsonObject = HandlerUtil.getUIConfigAndPersistInSession(uiConfigUrl, gatewayUrl, httpSession, resp); JsonArray tags = uiConfigJsonObject.get("appRegistration").getAsJsonObject().get("tags").getAsJsonArray(); JsonArray scopes = uiConfigJsonObject.get("scopes").getAsJsonArray(); + sessionTimeOut = Integer.parseInt(String.valueOf(uiConfigJsonObject.get("sessionTimeOut"))); // Register the client application HttpPost apiRegEndpoint = new HttpPost(gatewayUrl + HandlerConstants.APP_REG_ENDPOINT); @@ -294,6 +296,7 @@ public class SsoLoginHandler extends HttpServlet { httpSession.setAttribute("encodedClientApp", encodedClientApp); httpSession.setAttribute("scope", scopes); httpSession.setAttribute("redirectUrl", req.getParameter("redirect")); + httpSession.setMaxInactiveInterval(sessionTimeOut); } /*** diff --git a/features/device-mgt/org.wso2.carbon.device.mgt.basics.feature/src/main/resources/conf/mdm-ui-config.xml b/features/device-mgt/org.wso2.carbon.device.mgt.basics.feature/src/main/resources/conf/mdm-ui-config.xml index 3a425274f1f..eba51b1d840 100644 --- a/features/device-mgt/org.wso2.carbon.device.mgt.basics.feature/src/main/resources/conf/mdm-ui-config.xml +++ b/features/device-mgt/org.wso2.carbon.device.mgt.basics.feature/src/main/resources/conf/mdm-ui-config.xml @@ -20,6 +20,8 @@ true true + + 3600 application_management From 726d37847fd1bc04c3c5cac47b8192db6ecaeef3 Mon Sep 17 00:00:00 2001 From: Farheen99 Date: Sun, 16 May 2021 20:31:20 +0530 Subject: [PATCH 5/5] Add code changes to read a new xml element named scope from android.xml file (cherry picked from commit 5ac273f362841f64ac0541460cb413d65d6c3ff0) --- .../type/template/config/OperationMetadata.java | 12 ++++++++++++ .../feature/ConfigurationBasedFeatureManager.java | 4 ++++ .../request/interceptor/util/HandlerConstants.java | 2 +- 3 files changed, 17 insertions(+), 1 deletion(-) diff --git a/components/device-mgt/org.wso2.carbon.device.mgt.extensions/src/main/java/org/wso2/carbon/device/mgt/extensions/device/type/template/config/OperationMetadata.java b/components/device-mgt/org.wso2.carbon.device.mgt.extensions/src/main/java/org/wso2/carbon/device/mgt/extensions/device/type/template/config/OperationMetadata.java index 81a4139d8e5..9fc9715f4db 100644 --- a/components/device-mgt/org.wso2.carbon.device.mgt.extensions/src/main/java/org/wso2/carbon/device/mgt/extensions/device/type/template/config/OperationMetadata.java +++ b/components/device-mgt/org.wso2.carbon.device.mgt.extensions/src/main/java/org/wso2/carbon/device/mgt/extensions/device/type/template/config/OperationMetadata.java @@ -58,6 +58,7 @@ import java.util.List; "method", "contentType", "permission", + "scope", "filterList" }) public class OperationMetadata { @@ -74,6 +75,9 @@ public class OperationMetadata { @XmlElement(name = "permission") private String permission; + @XmlElement(name = "scope") + private String scope; + @XmlElementWrapper(name = "filters") @XmlElement(name = "filter") private List filterList; @@ -110,6 +114,14 @@ public class OperationMetadata { this.permission = permission; } + public String getScope() { + return scope; + } + + public void setScope(String scope) { + this.scope = scope; + } + public List getFilterList() { return filterList; } diff --git a/components/device-mgt/org.wso2.carbon.device.mgt.extensions/src/main/java/org/wso2/carbon/device/mgt/extensions/device/type/template/feature/ConfigurationBasedFeatureManager.java b/components/device-mgt/org.wso2.carbon.device.mgt.extensions/src/main/java/org/wso2/carbon/device/mgt/extensions/device/type/template/feature/ConfigurationBasedFeatureManager.java index 10436283693..95c702041f5 100644 --- a/components/device-mgt/org.wso2.carbon.device.mgt.extensions/src/main/java/org/wso2/carbon/device/mgt/extensions/device/type/template/feature/ConfigurationBasedFeatureManager.java +++ b/components/device-mgt/org.wso2.carbon.device.mgt.extensions/src/main/java/org/wso2/carbon/device/mgt/extensions/device/type/template/feature/ConfigurationBasedFeatureManager.java @@ -63,6 +63,7 @@ public class ConfigurationBasedFeatureManager implements FeatureManager { private static final String OPERATION_META = "operationMeta"; private static final String CONTENT_TYPE = "contentType"; private static final String PERMISSION = "permission"; + private static final String SCOPE = "scope"; private static final String ICON = "icon"; private static final String FILTERS = "filters"; private static final String PATH_PARAMS = "pathParams"; @@ -108,6 +109,9 @@ public class ConfigurationBasedFeatureManager implements FeatureManager { if (StringUtils.isNotEmpty(metadata.getPermission())) { operationMeta.put(PERMISSION, metadata.getPermission()); } + if (StringUtils.isNotEmpty(metadata.getScope())) { + operationMeta.put(SCOPE, metadata.getScope()); + } if (metadata.getFilterList() != null && metadata.getFilterList().size() > 0) { operationMeta.put(FILTERS, metadata.getFilterList()); } diff --git a/components/ui-request-interceptor/io.entgra.ui.request.interceptor/src/main/java/io/entgra/ui/request/interceptor/util/HandlerConstants.java b/components/ui-request-interceptor/io.entgra.ui.request.interceptor/src/main/java/io/entgra/ui/request/interceptor/util/HandlerConstants.java index b94309be57e..acddc17ce92 100644 --- a/components/ui-request-interceptor/io.entgra.ui.request.interceptor/src/main/java/io/entgra/ui/request/interceptor/util/HandlerConstants.java +++ b/components/ui-request-interceptor/io.entgra.ui.request.interceptor/src/main/java/io/entgra/ui/request/interceptor/util/HandlerConstants.java @@ -80,5 +80,5 @@ public class HandlerConstants { public static final String IOT_GW_HOST_ENV_VAR = "iot.gateway.host"; public static final String IOT_GW_HTTP_PORT_ENV_VAR = "iot.gateway.http.port"; public static final String IOT_GW_HTTPS_PORT_ENV_VAR = "iot.gateway.https.port"; - public static final String USER_SCOPES = "user-scopes"; + public static final String USER_SCOPES = "userScopes"; }