The following schema fragment specifies the expected content contained within this class.
- *
- *
The following schema fragment specifies the expected content contained within this class.
- *
- *
action;
-
- /**
- * Gets the value of the action property.
- *
- *
- * This accessor method returns a reference to the live list,
- * not a snapshot. Therefore any modification you make to the
- * returned list will be present inside the JAXB object.
- * This is why there is not a set
method for the action property.
- *
- *
- * For example, to add a new item, do as follows:
- *
- * getAction().add(newItem);
- *
- *
- *
- *
- * Objects of the following type(s) are allowed in the list
- * {@link Action }
- *
- *
- */
- public List getAction() {
- if (action == null) {
- action = new ArrayList();
- }
- return this.action;
- }
-
-}
diff --git a/components/identity-extensions/org.wso2.carbon.device.mgt.oauth.extensions/src/main/java/org/wso2/carbon/device/mgt/oauth/extensions/config/DeviceMgtScopesConfig.java b/components/identity-extensions/org.wso2.carbon.device.mgt.oauth.extensions/src/main/java/org/wso2/carbon/device/mgt/oauth/extensions/config/DeviceMgtScopesConfig.java
deleted file mode 100644
index 9f8d05760b..0000000000
--- a/components/identity-extensions/org.wso2.carbon.device.mgt.oauth.extensions/src/main/java/org/wso2/carbon/device/mgt/oauth/extensions/config/DeviceMgtScopesConfig.java
+++ /dev/null
@@ -1,67 +0,0 @@
-
-package org.wso2.carbon.device.mgt.oauth.extensions.config;
-
-import org.w3c.dom.Document;
-import org.wso2.carbon.device.mgt.oauth.extensions.OAuthExtUtils;
-import org.wso2.carbon.utils.CarbonUtils;
-
-import javax.xml.bind.JAXBContext;
-import javax.xml.bind.JAXBException;
-import javax.xml.bind.Unmarshaller;
-import java.io.File;
-import java.util.HashMap;
-import java.util.Map;
-
-/**
- * This class represents the configuration that are needed for scopes to permission map.
- */
-public class DeviceMgtScopesConfig {
-
- private static DeviceMgtScopesConfig config = new DeviceMgtScopesConfig();
- private static Map actionPermissionMap = new HashMap<>();
-
- private static final String DEVICE_MGT_SCOPES_CONFIG_PATH =
- CarbonUtils.getEtcCarbonConfigDirPath() + File.separator + "device-mgt-scopes.xml";
-
- private DeviceMgtScopesConfig() {
- }
-
- public static DeviceMgtScopesConfig getInstance() {
- return config;
- }
-
- public static void init() throws DeviceMgtScopesConfigurationFailedException {
- try {
- File deviceMgtConfig = new File(DEVICE_MGT_SCOPES_CONFIG_PATH);
- Document doc = OAuthExtUtils.convertToDocument(deviceMgtConfig);
-
- /* Un-marshaling DeviceMGtScope configuration */
- JAXBContext ctx = JAXBContext.newInstance(DeviceMgtScopes.class);
- Unmarshaller unmarshaller = ctx.createUnmarshaller();
- //unmarshaller.setSchema(getSchema());
- DeviceMgtScopes deviceMgtScopes = (DeviceMgtScopes) unmarshaller.unmarshal(doc);
- if (deviceMgtScopes != null) {
- for (Action action : deviceMgtScopes.getAction()) {
- Permissions permissions = action.getPermissions();
- if (permissions != null) {
- String permission[] = new String[permissions.getPermission().size()];
- int i = 0;
- for (String perm : permissions.getPermission()) {
- permission[i] = perm;
- i++;
- }
- actionPermissionMap.put(action.getName(), permission);
- }
- }
- }
- } catch (JAXBException e) {
- throw new DeviceMgtScopesConfigurationFailedException("Error occurred while un-marshalling Device Scope" +
- " Config", e);
- }
- }
-
- public Map getDeviceMgtScopePermissionMap() {
- return actionPermissionMap;
- }
-
-}
diff --git a/components/identity-extensions/org.wso2.carbon.device.mgt.oauth.extensions/src/main/java/org/wso2/carbon/device/mgt/oauth/extensions/config/DeviceMgtScopesConfigurationFailedException.java b/components/identity-extensions/org.wso2.carbon.device.mgt.oauth.extensions/src/main/java/org/wso2/carbon/device/mgt/oauth/extensions/config/DeviceMgtScopesConfigurationFailedException.java
deleted file mode 100644
index 7a16382c18..0000000000
--- a/components/identity-extensions/org.wso2.carbon.device.mgt.oauth.extensions/src/main/java/org/wso2/carbon/device/mgt/oauth/extensions/config/DeviceMgtScopesConfigurationFailedException.java
+++ /dev/null
@@ -1,44 +0,0 @@
-/*
- * Copyright (c) 2016, WSO2 Inc. (http://www.wso2.org) All Rights Reserved.
- *
- * WSO2 Inc. licenses this file to you under the Apache License,
- * Version 2.0 (the "License"); you may not use this file except
- * in compliance with the License.
- * You may obtain a copy of the License at
- *
- * http://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing,
- * software distributed under the License is distributed on an
- * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
- * KIND, either express or implied. See the License for the
- * specific language governing permissions and limitations
- * under the License.
- */
-
-package org.wso2.carbon.device.mgt.oauth.extensions.config;
-
-public class DeviceMgtScopesConfigurationFailedException extends Exception {
-
- private static final long serialVersionUID = -3151279312929070398L;
-
- public DeviceMgtScopesConfigurationFailedException(String msg, Exception nestedEx) {
- super(msg, nestedEx);
- }
-
- public DeviceMgtScopesConfigurationFailedException(String message, Throwable cause) {
- super(message, cause);
- }
-
- public DeviceMgtScopesConfigurationFailedException(String msg) {
- super(msg);
- }
-
- public DeviceMgtScopesConfigurationFailedException() {
- super();
- }
-
- public DeviceMgtScopesConfigurationFailedException(Throwable cause) {
- super(cause);
- }
-}
diff --git a/components/identity-extensions/org.wso2.carbon.device.mgt.oauth.extensions/src/main/java/org/wso2/carbon/device/mgt/oauth/extensions/config/Permissions.java b/components/identity-extensions/org.wso2.carbon.device.mgt.oauth.extensions/src/main/java/org/wso2/carbon/device/mgt/oauth/extensions/config/Permissions.java
deleted file mode 100644
index 6733a42e8d..0000000000
--- a/components/identity-extensions/org.wso2.carbon.device.mgt.oauth.extensions/src/main/java/org/wso2/carbon/device/mgt/oauth/extensions/config/Permissions.java
+++ /dev/null
@@ -1,78 +0,0 @@
-
-package org.wso2.carbon.device.mgt.oauth.extensions.config;
-
-import java.util.ArrayList;
-import java.util.List;
-import javax.xml.bind.annotation.XmlAccessType;
-import javax.xml.bind.annotation.XmlAccessorType;
-import javax.xml.bind.annotation.XmlElement;
-import javax.xml.bind.annotation.XmlType;
-
-
-/**
- * Java class for Permissions complex type.
- *
- *
The following schema fragment specifies the expected content contained within this class.
- *
- *
- * <complexType name="Permissions">
- * <complexContent>
- * <restriction base="{http://www.w3.org/2001/XMLSchema}anyType">
- * <sequence>
- * <element name="Permission" maxOccurs="unbounded" minOccurs="0">
- * <simpleType>
- * <restriction base="{http://www.w3.org/2001/XMLSchema}string">
- * <enumeration value="/permission/device-mgt/user/groups/device_operation"/>
- * <enumeration value="/permission/device-mgt/groups"/>
- * <enumeration value="/permission/device-mgt/user/groups"/>
- * <enumeration value="/permission/device-mgt/user/groups/device_monitor"/>
- * </restriction>
- * </simpleType>
- * </element>
- * </sequence>
- * </restriction>
- * </complexContent>
- * </complexType>
- *
- *
- *
- */
-@XmlAccessorType(XmlAccessType.FIELD)
-@XmlType(name = "Permissions", propOrder = {
- "permission"
-})
-public class Permissions {
-
- @XmlElement(name = "Permission")
- protected List permission;
-
- /**
- * Gets the value of the permission property.
- *
- *
- * This accessor method returns a reference to the live list,
- * not a snapshot. Therefore any modification you make to the
- * returned list will be present inside the JAXB object.
- * This is why there is not a set
method for the permission property.
- *
- *
- * For example, to add a new item, do as follows:
- *
- * getPermission().add(newItem);
- *
- *
- *
- *
- * Objects of the following type(s) are allowed in the list
- * {@link String }
- *
- *
- */
- public List getPermission() {
- if (permission == null) {
- permission = new ArrayList();
- }
- return this.permission;
- }
-
-}
diff --git a/components/identity-extensions/org.wso2.carbon.device.mgt.oauth.extensions/src/main/java/org/wso2/carbon/device/mgt/oauth/extensions/handlers/grant/ExtendedDeviceMgtJWTBearerGrantHandler.java b/components/identity-extensions/org.wso2.carbon.device.mgt.oauth.extensions/src/main/java/org/wso2/carbon/device/mgt/oauth/extensions/handlers/grant/ExtendedDeviceMgtJWTBearerGrantHandler.java
deleted file mode 100644
index 6928f1ea6d..0000000000
--- a/components/identity-extensions/org.wso2.carbon.device.mgt.oauth.extensions/src/main/java/org/wso2/carbon/device/mgt/oauth/extensions/handlers/grant/ExtendedDeviceMgtJWTBearerGrantHandler.java
+++ /dev/null
@@ -1,31 +0,0 @@
-/*
- * Copyright (c) 2016, WSO2 Inc. (http://www.wso2.org) All Rights Reserved.
- *
- * WSO2 Inc. licenses this file to you under the Apache License,
- * Version 2.0 (the "License"); you may not use this file except
- * in compliance with the License.
- * You may obtain a copy of the License at
- *
- * http://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing,
- * software distributed under the License is distributed on an
- * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
- * KIND, either express or implied. See the License for the
- * specific language governing permissions and limitations
- * under the License.
- */
-package org.wso2.carbon.device.mgt.oauth.extensions.handlers.grant;
-
-import org.wso2.carbon.device.mgt.oauth.extensions.OAuthExtUtils;
-import org.wso2.carbon.identity.oauth2.IdentityOAuth2Exception;
-import org.wso2.carbon.identity.oauth2.grant.jwt.JWTBearerGrantHandler;
-import org.wso2.carbon.identity.oauth2.token.OAuthTokenReqMessageContext;
-
-public class ExtendedDeviceMgtJWTBearerGrantHandler extends JWTBearerGrantHandler {
-
- @Override
- public boolean validateScope(OAuthTokenReqMessageContext tokReqMsgCtx) throws IdentityOAuth2Exception {
- return OAuthExtUtils.validateScope(tokReqMsgCtx);
- }
-}
diff --git a/components/identity-extensions/org.wso2.carbon.device.mgt.oauth.extensions/src/main/java/org/wso2/carbon/device/mgt/oauth/extensions/handlers/grant/ExtendedDeviceMgtPasswordGrantHandler.java b/components/identity-extensions/org.wso2.carbon.device.mgt.oauth.extensions/src/main/java/org/wso2/carbon/device/mgt/oauth/extensions/handlers/grant/ExtendedDeviceMgtPasswordGrantHandler.java
deleted file mode 100644
index 04418991ee..0000000000
--- a/components/identity-extensions/org.wso2.carbon.device.mgt.oauth.extensions/src/main/java/org/wso2/carbon/device/mgt/oauth/extensions/handlers/grant/ExtendedDeviceMgtPasswordGrantHandler.java
+++ /dev/null
@@ -1,59 +0,0 @@
-/*
- * Copyright (c) 2016, WSO2 Inc. (http://www.wso2.org) All Rights Reserved.
- *
- * WSO2 Inc. licenses this file to you under the Apache License,
- * Version 2.0 (the "License"); you may not use this file except
- * in compliance with the License.
- * You may obtain a copy of the License at
- *
- * http://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing,
- * software distributed under the License is distributed on an
- * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
- * KIND, either express or implied. See the License for the
- * specific language governing permissions and limitations
- * under the License.
- */
-
-package org.wso2.carbon.device.mgt.oauth.extensions.handlers.grant;
-
-import org.apache.commons.logging.Log;
-import org.apache.commons.logging.LogFactory;
-import org.wso2.carbon.apimgt.keymgt.handlers.ExtendedPasswordGrantHandler;
-import org.wso2.carbon.device.mgt.oauth.extensions.OAuthConstants;
-import org.wso2.carbon.device.mgt.oauth.extensions.OAuthExtUtils;
-import org.wso2.carbon.identity.oauth2.IdentityOAuth2Exception;
-import org.wso2.carbon.identity.oauth2.model.RequestParameter;
-import org.wso2.carbon.identity.oauth2.token.OAuthTokenReqMessageContext;
-
-@SuppressWarnings("unused")
-public class ExtendedDeviceMgtPasswordGrantHandler extends ExtendedPasswordGrantHandler {
-
- private static Log log = LogFactory.getLog(ExtendedDeviceMgtPasswordGrantHandler.class);
-
- @Override
- public boolean validateGrant(OAuthTokenReqMessageContext tokReqMsgCtx) throws IdentityOAuth2Exception {
- RequestParameter parameters[] = tokReqMsgCtx.getOauth2AccessTokenReqDTO().getRequestParameters();
- for (RequestParameter parameter : parameters) {
- switch (parameter.getKey()) {
- case OAuthConstants.DEFAULT_USERNAME_IDENTIFIER:
- String username = parameter.getValue()[0];
- tokReqMsgCtx.getOauth2AccessTokenReqDTO().setResourceOwnerUsername(username);
- break;
-
- case OAuthConstants.DEFAULT_PASSWORD_IDENTIFIER:
- String password = parameter.getValue()[0];
- tokReqMsgCtx.getOauth2AccessTokenReqDTO().setResourceOwnerPassword(password);
- break;
- }
- }
- return super.validateGrant(tokReqMsgCtx);
- }
-
- @Override
- public boolean validateScope(OAuthTokenReqMessageContext tokReqMsgCtx) {
- return OAuthExtUtils.validateScope(tokReqMsgCtx);
- }
-
-}
diff --git a/components/identity-extensions/org.wso2.carbon.device.mgt.oauth.extensions/src/main/java/org/wso2/carbon/device/mgt/oauth/extensions/internal/OAuthExtensionServiceComponent.java b/components/identity-extensions/org.wso2.carbon.device.mgt.oauth.extensions/src/main/java/org/wso2/carbon/device/mgt/oauth/extensions/internal/OAuthExtensionServiceComponent.java
index d43c86297f..dfcdc2dff2 100644
--- a/components/identity-extensions/org.wso2.carbon.device.mgt.oauth.extensions/src/main/java/org/wso2/carbon/device/mgt/oauth/extensions/internal/OAuthExtensionServiceComponent.java
+++ b/components/identity-extensions/org.wso2.carbon.device.mgt.oauth.extensions/src/main/java/org/wso2/carbon/device/mgt/oauth/extensions/internal/OAuthExtensionServiceComponent.java
@@ -24,12 +24,6 @@ import org.osgi.service.component.ComponentContext;
import org.wso2.carbon.apimgt.api.APIManagementException;
import org.wso2.carbon.apimgt.impl.APIConstants;
import org.wso2.carbon.apimgt.impl.APIManagerConfiguration;
-import org.wso2.carbon.device.mgt.common.authorization.DeviceAccessAuthorizationException;
-import org.wso2.carbon.device.mgt.common.authorization.DeviceAccessAuthorizationService;
-import org.wso2.carbon.device.mgt.common.permission.mgt.PermissionManagerService;
-import org.wso2.carbon.device.mgt.core.service.DeviceManagementProviderService;
-import org.wso2.carbon.device.mgt.oauth.extensions.config.DeviceMgtScopesConfig;
-import org.wso2.carbon.device.mgt.oauth.extensions.config.DeviceMgtScopesConfigurationFailedException;
import org.wso2.carbon.identity.oauth2.OAuth2TokenValidationService;
import org.wso2.carbon.user.core.service.RealmService;
import org.wso2.carbon.utils.CarbonUtils;
@@ -52,18 +46,6 @@ import java.util.List;
* policy="dynamic"
* bind="setOAuth2ValidationService"
* unbind="unsetOAuth2ValidationService"
- * @scr.reference name="permission.manager.service"
- * interface="org.wso2.carbon.device.mgt.common.permission.mgt.PermissionManagerService"
- * cardinality="1..1"
- * policy="dynamic"
- * bind="setPermissionManagerService"
- * unbind="unsetPermissionManagerService"
- * @scr.reference name="org.wso2.carbon.device.authorization"
- * interface="org.wso2.carbon.device.mgt.common.authorization.DeviceAccessAuthorizationService"
- * cardinality="1..1"
- * policy="dynamic"
- * bind="setDeviceAccessAuthorizationService"
- * unbind="unsetDeviceAccessAuthorizationService"
*/
public class OAuthExtensionServiceComponent {
@@ -79,7 +61,6 @@ public class OAuthExtensionServiceComponent {
log.debug("Starting OAuthExtensionBundle");
}
try {
- DeviceMgtScopesConfig.init();
APIManagerConfiguration configuration = new APIManagerConfiguration();
String filePath = new StringBuilder().
@@ -108,8 +89,6 @@ public class OAuthExtensionServiceComponent {
OAuthExtensionsDataHolder.getInstance().setWhitelistedScopes(whiteList);
} catch (APIManagementException e) {
log.error("Error occurred while loading DeviceMgtConfig configurations", e);
- } catch (DeviceMgtScopesConfigurationFailedException e) {
- log.error("Failed to initialize device scope configuration.", e);
}
}
@@ -168,50 +147,5 @@ public class OAuthExtensionServiceComponent {
OAuthExtensionsDataHolder.getInstance().setoAuth2TokenValidationService(null);
}
- /**
- * Sets PermissionManagerService Service.
- *
- * @param permissionManagerService An instance of PermissionManagerService
- */
- protected void setPermissionManagerService(PermissionManagerService permissionManagerService) {
- if (log.isDebugEnabled()) {
- log.debug("Setting PermissionManager Service");
- }
- OAuthExtensionsDataHolder.getInstance().setPermissionManagerService(permissionManagerService);
- }
-
- /**
- * Unsets PermissionManagerService Service.
- *
- * @param permissionManagerService An instance of PermissionManagerService
- */
- protected void unsetPermissionManagerService(PermissionManagerService permissionManagerService) {
- if (log.isDebugEnabled()) {
- log.debug("Unsetting PermissionManager Service");
- }
- OAuthExtensionsDataHolder.getInstance().setPermissionManagerService(null);
- }
-
- /**
- * Set DeviceManagementProviderService
- * @param deviceAccessAuthorizationService An instance of deviceAccessAuthorizationService
- */
- protected void setDeviceAccessAuthorizationService(DeviceAccessAuthorizationService deviceAccessAuthorizationService) {
- if (log.isDebugEnabled()) {
- log.debug("Setting Device Management Service");
- }
- OAuthExtensionsDataHolder.getInstance().setDeviceAccessAuthorizationService(deviceAccessAuthorizationService);
- }
-
- /**
- * unset DeviceManagementProviderService
- * @param deviceAccessAuthorizationService An instance of deviceAccessAuthorizationService
- */
- protected void unsetDeviceAccessAuthorizationService(DeviceAccessAuthorizationService deviceAccessAuthorizationService) {
- if (log.isDebugEnabled()) {
- log.debug("Removing Device Management Service");
- }
- OAuthExtensionsDataHolder.getInstance().setDeviceAccessAuthorizationService(null);
- }
}
diff --git a/components/identity-extensions/org.wso2.carbon.device.mgt.oauth.extensions/src/main/java/org/wso2/carbon/device/mgt/oauth/extensions/internal/OAuthExtensionsDataHolder.java b/components/identity-extensions/org.wso2.carbon.device.mgt.oauth.extensions/src/main/java/org/wso2/carbon/device/mgt/oauth/extensions/internal/OAuthExtensionsDataHolder.java
index 5e4d953fc4..4f401b3db5 100644
--- a/components/identity-extensions/org.wso2.carbon.device.mgt.oauth.extensions/src/main/java/org/wso2/carbon/device/mgt/oauth/extensions/internal/OAuthExtensionsDataHolder.java
+++ b/components/identity-extensions/org.wso2.carbon.device.mgt.oauth.extensions/src/main/java/org/wso2/carbon/device/mgt/oauth/extensions/internal/OAuthExtensionsDataHolder.java
@@ -18,9 +18,6 @@
package org.wso2.carbon.device.mgt.oauth.extensions.internal;
-import org.wso2.carbon.device.mgt.common.authorization.DeviceAccessAuthorizationService;
-import org.wso2.carbon.device.mgt.common.permission.mgt.PermissionManagerService;
-import org.wso2.carbon.device.mgt.core.service.DeviceManagementProviderService;
import org.wso2.carbon.identity.oauth2.OAuth2TokenValidationService;
import org.wso2.carbon.user.core.service.RealmService;
@@ -33,10 +30,7 @@ public class OAuthExtensionsDataHolder {
private RealmService realmService;
private OAuth2TokenValidationService oAuth2TokenValidationService;
- private PermissionManagerService permissionManagerService;
private List whitelistedScopes;
- private String deviceScope;
- private DeviceAccessAuthorizationService deviceAccessAuthorizationService;
private static OAuthExtensionsDataHolder thisInstance = new OAuthExtensionsDataHolder();
@@ -69,17 +63,6 @@ public class OAuthExtensionsDataHolder {
this.oAuth2TokenValidationService = oAuth2TokenValidationService;
}
- public void setPermissionManagerService(PermissionManagerService permissionManagerService) {
- this.permissionManagerService = permissionManagerService;
- }
-
- public PermissionManagerService getPermissionManagerService() {
- if (permissionManagerService == null) {
- throw new IllegalStateException("PermissionManager service is not initialized properly");
- }
- return permissionManagerService;
- }
-
public List getWhitelistedScopes() {
return whitelistedScopes;
}
@@ -88,15 +71,4 @@ public class OAuthExtensionsDataHolder {
this.whitelistedScopes = whitelistedScopes;
}
- public String getDeviceScope() {
- return deviceScope;
- }
-
- public DeviceAccessAuthorizationService getDeviceAccessAuthorizationService() {
- return deviceAccessAuthorizationService;
- }
-
- public void setDeviceAccessAuthorizationService(DeviceAccessAuthorizationService deviceAccessAuthorizationService) {
- this.deviceAccessAuthorizationService = deviceAccessAuthorizationService;
- }
}
diff --git a/components/identity-extensions/org.wso2.carbon.device.mgt.oauth.extensions/src/main/java/org/wso2/carbon/device/mgt/oauth/extensions/validators/ExtendedDeviceJWTGrantValidator.java b/components/identity-extensions/org.wso2.carbon.device.mgt.oauth.extensions/src/main/java/org/wso2/carbon/device/mgt/oauth/extensions/validators/ExtendedDeviceJWTGrantValidator.java
deleted file mode 100644
index 903c3997d4..0000000000
--- a/components/identity-extensions/org.wso2.carbon.device.mgt.oauth.extensions/src/main/java/org/wso2/carbon/device/mgt/oauth/extensions/validators/ExtendedDeviceJWTGrantValidator.java
+++ /dev/null
@@ -1,38 +0,0 @@
-/*
- * Copyright (c) 2016, WSO2 Inc. (http://www.wso2.org) All Rights Reserved.
- *
- * WSO2 Inc. licenses this file to you under the Apache License,
- * Version 2.0 (the "License"); you may not use this file except
- * in compliance with the License.
- * You may obtain a copy of the License at
- *
- * http://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing,
- * software distributed under the License is distributed on an
- * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
- * KIND, either express or implied. See the License for the
- * specific language governing permissions and limitations
- * under the License
- */
-
-package org.wso2.carbon.device.mgt.oauth.extensions.validators;
-
-import org.apache.oltu.oauth2.common.OAuth;
-import org.apache.oltu.oauth2.common.validators.AbstractValidator;
-import org.wso2.carbon.device.mgt.oauth.extensions.OAuthConstants;
-
-import javax.servlet.http.HttpServletRequest;
-
-/**
- * Grant validator for JSON Web Tokens
- * For JWT Grant to be valid the required parameters are
- * grant_type and assertion
- */
-public class ExtendedDeviceJWTGrantValidator extends AbstractValidator {
-
- public ExtendedDeviceJWTGrantValidator() {
- requiredParams.add(OAuth.OAUTH_GRANT_TYPE);
- requiredParams.add(OAuth.OAUTH_ASSERTION);
- }
-}
\ No newline at end of file
diff --git a/components/identity-extensions/org.wso2.carbon.device.mgt.oauth.extensions/src/main/java/org/wso2/carbon/device/mgt/oauth/extensions/validators/ExtendedDevicePasswordGrantValidator.java b/components/identity-extensions/org.wso2.carbon.device.mgt.oauth.extensions/src/main/java/org/wso2/carbon/device/mgt/oauth/extensions/validators/ExtendedDevicePasswordGrantValidator.java
deleted file mode 100644
index e22b211f5f..0000000000
--- a/components/identity-extensions/org.wso2.carbon.device.mgt.oauth.extensions/src/main/java/org/wso2/carbon/device/mgt/oauth/extensions/validators/ExtendedDevicePasswordGrantValidator.java
+++ /dev/null
@@ -1,37 +0,0 @@
-/*
- * Copyright (c) 2016, WSO2 Inc. (http://www.wso2.org) All Rights Reserved.
- *
- * WSO2 Inc. licenses this file to you under the Apache License,
- * Version 2.0 (the "License"); you may not use this file except
- * in compliance with the License.
- * You may obtain a copy of the License at
- *
- * http://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing,
- * software distributed under the License is distributed on an
- * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
- * KIND, either express or implied. See the License for the
- * specific language governing permissions and limitations
- * under the License
- */
-
-package org.wso2.carbon.device.mgt.oauth.extensions.validators;
-
-import org.apache.oltu.oauth2.common.OAuth;
-import org.apache.oltu.oauth2.common.validators.AbstractValidator;
-import org.wso2.carbon.device.mgt.oauth.extensions.OAuthConstants;
-
-import javax.servlet.http.HttpServletRequest;
-
-/**
- * Grant validator for Device Object with Password Grant type
- */
-public class ExtendedDevicePasswordGrantValidator extends AbstractValidator {
-
- public ExtendedDevicePasswordGrantValidator() {
- requiredParams.add(OAuth.OAUTH_USERNAME);
- requiredParams.add(OAuth.OAUTH_PASSWORD);
- requiredParams.add(OAuthConstants.DEFAULT_DEVICE_ASSERTION);
- }
-}
\ No newline at end of file
diff --git a/components/identity-extensions/org.wso2.carbon.device.mgt.oauth.extensions/src/main/java/org/wso2/carbon/device/mgt/oauth/extensions/validators/PermissionBasedScopeValidator.java b/components/identity-extensions/org.wso2.carbon.device.mgt.oauth.extensions/src/main/java/org/wso2/carbon/device/mgt/oauth/extensions/validators/PermissionBasedScopeValidator.java
deleted file mode 100644
index a032df38a3..0000000000
--- a/components/identity-extensions/org.wso2.carbon.device.mgt.oauth.extensions/src/main/java/org/wso2/carbon/device/mgt/oauth/extensions/validators/PermissionBasedScopeValidator.java
+++ /dev/null
@@ -1,112 +0,0 @@
-/*
- * Copyright (c) 2015, WSO2 Inc. (http://www.wso2.org) All Rights Reserved.
- *
- * WSO2 Inc. licenses this file to you under the Apache License,
- * Version 2.0 (the "License"); you may not use this file except
- * in compliance with the License.
- * you may obtain a copy of the License at
- *
- * http://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing,
- * software distributed under the License is distributed on an
- * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
- * KIND, either express or implied. See the License for the
- * specific language governing permissions and limitations
- * under the License.
- */
-
-package org.wso2.carbon.device.mgt.oauth.extensions.validators;
-
-import org.apache.commons.logging.Log;
-import org.apache.commons.logging.LogFactory;
-import org.wso2.carbon.device.mgt.common.permission.mgt.Permission;
-import org.wso2.carbon.device.mgt.common.permission.mgt.PermissionManagementException;
-import org.wso2.carbon.device.mgt.common.permission.mgt.PermissionManagerService;
-import org.wso2.carbon.device.mgt.oauth.extensions.OAuthExtUtils;
-import org.wso2.carbon.device.mgt.oauth.extensions.internal.OAuthExtensionsDataHolder;
-import org.wso2.carbon.identity.application.common.model.User;
-import org.wso2.carbon.identity.oauth2.IdentityOAuth2Exception;
-import org.wso2.carbon.identity.oauth2.model.AccessTokenDO;
-import org.wso2.carbon.identity.oauth2.validators.OAuth2ScopeValidator;
-import org.wso2.carbon.user.api.UserRealm;
-import org.wso2.carbon.user.api.UserStoreException;
-
-import java.util.Properties;
-
-/**
- * Custom OAuth2Token Scope validation implementation for DeviceManagement. This will validate the
- * user permissions before dispatching the HTTP request to the actual endpoint.
- */
-public class PermissionBasedScopeValidator extends OAuth2ScopeValidator {
-
- private static final String URL_PROPERTY = "URL";
- private static final String HTTP_METHOD_PROPERTY = "HTTP_METHOD";
-
- public static final class PermissionMethod {
- private PermissionMethod() {
- throw new AssertionError();
- }
-
- public static final String READ = "read";
- public static final String WRITE = "write";
- public static final String DELETE = "delete";
- public static final String ACTION = "action";
- public static final String UI_EXECUTE = "ui.execute";
- }
-
- private static final Log log = LogFactory.getLog(PermissionBasedScopeValidator.class);
-
- @Override
- public boolean validateScope(AccessTokenDO accessTokenDO, String resource)
- throws IdentityOAuth2Exception {
- boolean status = true;
- //Extract the url & http method
- int idx = resource.lastIndexOf(':');
- String url = resource.substring(0, idx);
- String method = resource.substring(++idx, resource.length());
- //This is to remove the url params for request path.
- int urlParamIndex = url.indexOf('?');
- if(urlParamIndex > 0) {
- url = url.substring(0, urlParamIndex);
- }
-
- Properties properties = new Properties();
- properties.put(PermissionBasedScopeValidator.URL_PROPERTY, url.toLowerCase());
- properties.put(PermissionBasedScopeValidator.HTTP_METHOD_PROPERTY, method.toUpperCase());
- PermissionManagerService permissionManagerService = OAuthExtensionsDataHolder.getInstance().
- getPermissionManagerService();
- try {
- Permission permission = permissionManagerService.getPermission(properties);
- User authzUser = accessTokenDO.getAuthzUser();
- if ((permission != null) && (authzUser != null)) {
- if (permission.getPath() == null) {
- if (log.isDebugEnabled()) {
- log.debug("Permission is not defined for the resource '" + resource + "'");
- }
- return true;
- }
- String username = authzUser.getUserName();
- String userStore = authzUser.getUserStoreDomain();
- int tenantId = OAuthExtUtils.getTenantId(authzUser.getTenantDomain());
- UserRealm userRealm = OAuthExtensionsDataHolder.getInstance().getRealmService().getTenantUserRealm(tenantId);
- if (userRealm != null && userRealm.getAuthorizationManager() != null) {
- if (userStore != null) {
- status = userRealm.getAuthorizationManager()
- .isUserAuthorized(userStore + "/" + username, permission.getPath(),
- PermissionMethod.UI_EXECUTE);
- } else {
- status = userRealm.getAuthorizationManager()
- .isUserAuthorized(username, permission.getPath(), PermissionMethod.UI_EXECUTE);
- }
- }
- }
- } catch (PermissionManagementException e) {
- log.error("Error occurred while validating the resource scope for : " + resource +
- ", Msg = " + e.getMessage(), e);
- } catch (UserStoreException e) {
- log.error("Error occurred while retrieving user store. " + e.getMessage());
- }
- return status;
- }
-}
diff --git a/components/identity-extensions/org.wso2.carbon.identity.jwt.client.extension/src/main/java/org/wso2/carbon/identity/jwt/client/extension/JWTClient.java b/components/identity-extensions/org.wso2.carbon.identity.jwt.client.extension/src/main/java/org/wso2/carbon/identity/jwt/client/extension/JWTClient.java
index d117ef1eca..ad7d547090 100644
--- a/components/identity-extensions/org.wso2.carbon.identity.jwt.client.extension/src/main/java/org/wso2/carbon/identity/jwt/client/extension/JWTClient.java
+++ b/components/identity-extensions/org.wso2.carbon.identity.jwt.client.extension/src/main/java/org/wso2/carbon/identity/jwt/client/extension/JWTClient.java
@@ -43,6 +43,7 @@ import java.security.KeyManagementException;
import java.security.KeyStoreException;
import java.security.NoSuchAlgorithmException;
import java.util.ArrayList;
+import java.util.HashMap;
import java.util.List;
import java.util.Map;
@@ -73,7 +74,9 @@ public class JWTClient {
throw new JWTClientException("JWT is not configured properly for user : " + username);
}
params.add(new BasicNameValuePair(JWTConstants.JWT_PARAM_NAME, assertion));
- params.add(new BasicNameValuePair(JWTConstants.SCOPE_PARAM_NAME, scopes));
+ if (scopes != null && !scopes.isEmpty()) {
+ params.add(new BasicNameValuePair(JWTConstants.SCOPE_PARAM_NAME, scopes));
+ }
return getTokenInfo(params, consumerKey, consumerSecret);
}
@@ -87,7 +90,9 @@ public class JWTClient {
throw new JWTClientException("JWT is not configured properly for user : " + username);
}
params.add(new BasicNameValuePair(JWTConstants.JWT_PARAM_NAME, assertion));
- params.add(new BasicNameValuePair(JWTConstants.SCOPE_PARAM_NAME, scopes));
+ if (scopes != null && !scopes.isEmpty()) {
+ params.add(new BasicNameValuePair(JWTConstants.SCOPE_PARAM_NAME, scopes));
+ }
if (paramsMap != null) {
for (String key : paramsMap.keySet()) {
params.add(new BasicNameValuePair(key, paramsMap.get(key)));
@@ -156,6 +161,13 @@ public class JWTClient {
return new String(Base64.encodeBase64((consumerKey + ":" + consumerSecret).getBytes()));
}
+ public String getJwtToken(String username) throws JWTClientException {
+ return JWTClientUtil.generateSignedJWTAssertion(username, jwtConfig, isDefaultJWTClient);
+ }
+
+ public String getJwtToken(String username, Map claims) throws JWTClientException {
+ return JWTClientUtil.generateSignedJWTAssertion(username, jwtConfig, isDefaultJWTClient, claims);
+ }
}
diff --git a/components/identity-extensions/org.wso2.carbon.identity.jwt.client.extension/src/main/java/org/wso2/carbon/identity/jwt/client/extension/util/JWTClientUtil.java b/components/identity-extensions/org.wso2.carbon.identity.jwt.client.extension/src/main/java/org/wso2/carbon/identity/jwt/client/extension/util/JWTClientUtil.java
index 4f62dd6a62..20ff82c531 100644
--- a/components/identity-extensions/org.wso2.carbon.identity.jwt.client.extension/src/main/java/org/wso2/carbon/identity/jwt/client/extension/util/JWTClientUtil.java
+++ b/components/identity-extensions/org.wso2.carbon.identity.jwt.client.extension/src/main/java/org/wso2/carbon/identity/jwt/client/extension/util/JWTClientUtil.java
@@ -33,6 +33,7 @@ import org.apache.http.conn.ssl.SSLContextBuilder;
import org.apache.http.conn.ssl.TrustSelfSignedStrategy;
import org.apache.http.impl.client.HttpClients;
import org.apache.http.util.EntityUtils;
+import org.apache.solr.common.util.Hash;
import org.wso2.carbon.base.MultitenantConstants;
import org.wso2.carbon.context.PrivilegedCarbonContext;
import org.wso2.carbon.core.util.KeyStoreManager;
@@ -55,7 +56,9 @@ import java.security.*;
import java.security.cert.CertificateException;
import java.security.interfaces.RSAPrivateKey;
import java.util.Date;
+import java.util.HashMap;
import java.util.List;
+import java.util.Map;
import java.util.Properties;
/**
@@ -193,8 +196,13 @@ public class JWTClientUtil {
tenantRegistryLoader.loadTenantRegistry(tenantId);
}
- public static String generateSignedJWTAssertion(String username, JWTConfig jwtConfig, boolean isDefaultJWTClient)
- throws JWTClientException {
+ public static String generateSignedJWTAssertion(String username, JWTConfig jwtConfig, boolean isDefaultJWTClient)
+ throws JWTClientException {
+ return generateSignedJWTAssertion(username, jwtConfig, isDefaultJWTClient, null);
+ }
+
+ public static String generateSignedJWTAssertion(String username, JWTConfig jwtConfig, boolean isDefaultJWTClient,
+ Map customClaims) throws JWTClientException {
try {
String subject = username;
long currentTimeMillis = System.currentTimeMillis();
@@ -222,6 +230,11 @@ public class JWTClientUtil {
claimsSet.setNotBeforeTime(new Date(nbf));
claimsSet.setJWTID(jti);
claimsSet.setAudience(aud);
+ if (customClaims != null && !customClaims.isEmpty()) {
+ for (String key : customClaims.keySet()) {
+ claimsSet.setClaim(key, customClaims.get(key));
+ }
+ }
// get Keystore params
String keyStorePath = jwtConfig.getKeyStorePath();
diff --git a/components/webapp-authenticator-framework/org.wso2.carbon.webapp.authenticator.framework/src/main/java/org/wso2/carbon/webapp/authenticator/framework/authenticator/BasicAuthAuthenticator.java b/components/webapp-authenticator-framework/org.wso2.carbon.webapp.authenticator.framework/src/main/java/org/wso2/carbon/webapp/authenticator/framework/authenticator/BasicAuthAuthenticator.java
index 7b752ce77a..908613cf35 100644
--- a/components/webapp-authenticator-framework/org.wso2.carbon.webapp.authenticator.framework/src/main/java/org/wso2/carbon/webapp/authenticator/framework/authenticator/BasicAuthAuthenticator.java
+++ b/components/webapp-authenticator-framework/org.wso2.carbon.webapp.authenticator.framework/src/main/java/org/wso2/carbon/webapp/authenticator/framework/authenticator/BasicAuthAuthenticator.java
@@ -21,17 +21,25 @@ package org.wso2.carbon.webapp.authenticator.framework.authenticator;
import org.apache.catalina.connector.Request;
import org.apache.catalina.connector.Response;
import org.apache.catalina.util.Base64;
+import org.apache.commons.logging.Log;
+import org.apache.commons.logging.LogFactory;
import org.apache.tomcat.util.buf.ByteChunk;
import org.apache.tomcat.util.buf.CharChunk;
import org.apache.tomcat.util.buf.MessageBytes;
+import org.wso2.carbon.user.api.UserStoreException;
+import org.wso2.carbon.user.api.UserStoreManager;
+import org.wso2.carbon.webapp.authenticator.framework.AuthenticationException;
+import org.wso2.carbon.webapp.authenticator.framework.AuthenticatorFrameworkDataHolder;
import org.wso2.carbon.webapp.authenticator.framework.Constants;
import org.wso2.carbon.webapp.authenticator.framework.AuthenticationInfo;
+import org.wso2.carbon.webapp.authenticator.framework.Utils.Utils;
import java.util.Properties;
public class BasicAuthAuthenticator implements WebappAuthenticator {
private static final String BASIC_AUTH_AUTHENTICATOR = "BasicAuth";
+ private static final Log log = LogFactory.getLog(BasicAuthAuthenticator.class);
@Override
public void init() {
@@ -54,7 +62,27 @@ public class BasicAuthAuthenticator implements WebappAuthenticator {
@Override
public AuthenticationInfo authenticate(Request request, Response response) {
- return new AuthenticationInfo();
+ AuthenticationInfo authenticationInfo = new AuthenticationInfo();
+ Credentials credentials = getCredentials(request);
+ try {
+ int tenantId = Utils.getTenantIdOFUser(credentials.getUsername());
+ UserStoreManager userStore = AuthenticatorFrameworkDataHolder.getInstance().getRealmService().
+ getTenantUserRealm(tenantId).getUserStoreManager();
+ boolean authenticated = userStore.authenticate(credentials.getUsername(), credentials.getPassword());
+ if (authenticated) {
+ authenticationInfo.setStatus(Status.CONTINUE);
+ authenticationInfo.setUsername(credentials.getUsername());
+ authenticationInfo.setTenantDomain(Utils.getTenantDomain(tenantId));
+ authenticationInfo.setTenantId(tenantId);
+ } else {
+ authenticationInfo.setStatus(Status.FAILURE);
+ }
+ } catch (UserStoreException e) {
+ log.error("Error occurred while authenticating the user." + credentials.getUsername(), e);
+ } catch (AuthenticationException e) {
+ log.error("Error occurred while obtaining the tenant Id for user." + credentials.getUsername(), e);
+ }
+ return authenticationInfo;
}
@Override
diff --git a/features/jwt-client/org.wso2.carbon.identity.jwt.client.extension.feature/src/main/resources/jwt.properties b/features/jwt-client/org.wso2.carbon.identity.jwt.client.extension.feature/src/main/resources/jwt.properties
index 2b22f91475..9e4021a913 100644
--- a/features/jwt-client/org.wso2.carbon.identity.jwt.client.extension.feature/src/main/resources/jwt.properties
+++ b/features/jwt-client/org.wso2.carbon.identity.jwt.client.extension.feature/src/main/resources/jwt.properties
@@ -17,13 +17,13 @@
#
#issuer of the JWT
-iss=CDMF_DEFAULT_IDP
+iss=iot_default
TokenEndpoint=https://localhost:${carbon.https.port}/oauth2/token
#audience of JWT claim
#comma seperated values
-aud=JwtIdentityAudience
+aud=wso2.org/products/iot
#expiration time of JWT (number of minutes from the current time)
exp=1000
diff --git a/features/oauth-extensions/org.wso2.carbon.device.mgt.oauth.extensions.feature/src/main/resources/device-mgt-scopes.xml b/features/oauth-extensions/org.wso2.carbon.device.mgt.oauth.extensions.feature/src/main/resources/device-mgt-scopes.xml
deleted file mode 100644
index a76191cce0..0000000000
--- a/features/oauth-extensions/org.wso2.carbon.device.mgt.oauth.extensions.feature/src/main/resources/device-mgt-scopes.xml
+++ /dev/null
@@ -1,51 +0,0 @@
-
-
-
-
-
-
-
-
- /permission/device-mgt/user/groups/device_operation
- /permission/device-mgt/admin/groups
- /permission/device-mgt/user/groups
-
-
-
-
- /permission/device-mgt/user/groups/device_monitor
- /permission/device-mgt/admin/groups
- /permission/device-mgt/user/groups
-
-
-
-
- /permission/device-mgt/user/groups/device_monitor
- /permission/device-mgt/admin/groups
- /permission/device-mgt/user/groups
-
-
-
-
- /permission/device-mgt/user/groups/device_operation
- /permission/device-mgt/admin/groups
- /permission/device-mgt/user/groups
-
-
-
\ No newline at end of file
diff --git a/features/oauth-extensions/org.wso2.carbon.device.mgt.oauth.extensions.feature/src/main/resources/p2.inf b/features/oauth-extensions/org.wso2.carbon.device.mgt.oauth.extensions.feature/src/main/resources/p2.inf
index 6f97c8724c..7ab37b9d7d 100644
--- a/features/oauth-extensions/org.wso2.carbon.device.mgt.oauth.extensions.feature/src/main/resources/p2.inf
+++ b/features/oauth-extensions/org.wso2.carbon.device.mgt.oauth.extensions.feature/src/main/resources/p2.inf
@@ -1,2 +1 @@
-instructions.configure = \
-org.eclipse.equinox.p2.touchpoint.natives.copy(source:${installFolder}/../features/org.wso2.carbon.device.mgt.oauth.extensions_${feature.version}/device-mgt-scopes.xml,target:${installFolder}/../../conf/etc/device-mgt-scopes.xml,overwrite:true);\
+instructions.configure = \
\ No newline at end of file
diff --git a/pom.xml b/pom.xml
index 99d970cd9c..7f0b6e4112 100644
--- a/pom.xml
+++ b/pom.xml
@@ -1830,6 +1830,7 @@
1.4.0.wso2v1
2.4.0.wso2v1
2.6.0.wso2v1
+ [2.6.0,3.0.0)
6.0.5