diff --git a/components/device-mgt/org.wso2.carbon.device.mgt.core/src/main/java/org/wso2/carbon/device/mgt/core/permission/mgt/PermissionManagerServiceImpl.java b/components/device-mgt/org.wso2.carbon.device.mgt.core/src/main/java/org/wso2/carbon/device/mgt/core/permission/mgt/PermissionManagerServiceImpl.java index 5ea3a09e844..bee2ce06460 100644 --- a/components/device-mgt/org.wso2.carbon.device.mgt.core/src/main/java/org/wso2/carbon/device/mgt/core/permission/mgt/PermissionManagerServiceImpl.java +++ b/components/device-mgt/org.wso2.carbon.device.mgt.core/src/main/java/org/wso2/carbon/device/mgt/core/permission/mgt/PermissionManagerServiceImpl.java @@ -60,7 +60,10 @@ public class PermissionManagerServiceImpl implements PermissionManagerService { @Override public boolean addPermission(Permission permission) throws PermissionManagementException { - permissionTree.addPermission(permission); // adding a permission to the tree + // update the permission path to absolute permission path + permission.setPath(PermissionUtils.getAbsolutePermissionPath(permission.getPath())); + // adding a permission to the tree + permissionTree.addPermission(permission); return PermissionUtils.putPermission(permission); } diff --git a/components/device-mgt/org.wso2.carbon.device.mgt.core/src/main/java/org/wso2/carbon/device/mgt/core/permission/mgt/PermissionTree.java b/components/device-mgt/org.wso2.carbon.device.mgt.core/src/main/java/org/wso2/carbon/device/mgt/core/permission/mgt/PermissionTree.java index 380aeebe1b2..8294cce8a0f 100644 --- a/components/device-mgt/org.wso2.carbon.device.mgt.core/src/main/java/org/wso2/carbon/device/mgt/core/permission/mgt/PermissionTree.java +++ b/components/device-mgt/org.wso2.carbon.device.mgt.core/src/main/java/org/wso2/carbon/device/mgt/core/permission/mgt/PermissionTree.java @@ -87,18 +87,19 @@ public class PermissionTree { */ public Permission getPermission(String url, String httpMethod) { StringTokenizer st = new StringTokenizer(url, ROOT); - PermissionNode tempRoot = rootNode; + PermissionNode tempRoot; + PermissionNode currentRoot = rootNode; while (st.hasMoreTokens()) { String currentToken = st.nextToken(); // returns the child node which matches with the 'currentToken' path. - tempRoot = tempRoot.getChild(currentToken); + tempRoot = currentRoot.getChild(currentToken); // if tempRoot is null, that means 'currentToken' is not matched with the child's path. // It means that it is at a point where the request must have dynamic path variables. // Therefor it looks for '*' in the request path. ('*' denotes dynamic path variable). if (tempRoot == null) { - tempRoot = tempRoot.getChild(DYNAMIC_PATH_NOTATION); + tempRoot = currentRoot.getChild(DYNAMIC_PATH_NOTATION); // if tempRoot is null, that means there is no any permission which matches with the // given path if (tempRoot == null) { @@ -108,7 +109,8 @@ public class PermissionTree { return null; } } + currentRoot = tempRoot; } - return tempRoot.getPermission(httpMethod); + return currentRoot.getPermission(httpMethod); } } diff --git a/components/device-mgt/org.wso2.carbon.device.mgt.core/src/main/java/org/wso2/carbon/device/mgt/core/permission/mgt/PermissionUtils.java b/components/device-mgt/org.wso2.carbon.device.mgt.core/src/main/java/org/wso2/carbon/device/mgt/core/permission/mgt/PermissionUtils.java index 35733cd7ca5..d81d7a157c6 100644 --- a/components/device-mgt/org.wso2.carbon.device.mgt.core/src/main/java/org/wso2/carbon/device/mgt/core/permission/mgt/PermissionUtils.java +++ b/components/device-mgt/org.wso2.carbon.device.mgt.core/src/main/java/org/wso2/carbon/device/mgt/core/permission/mgt/PermissionUtils.java @@ -55,6 +55,10 @@ public class PermissionUtils { } } + public static String getAbsolutePermissionPath(String permissionPath) { + return PermissionUtils.ADMIN_PERMISSION_REGISTRY_PATH + permissionPath; + } + public static Permission getPermission(String path) throws PermissionManagementException { try { Resource resource = PermissionUtils.getGovernanceRegistry().get(path); @@ -97,8 +101,7 @@ public class PermissionUtils { Resource resource = PermissionUtils.getGovernanceRegistry().newCollection(); resource.addProperty(PERMISSION_PROPERTY_NAME, resourceName); PermissionUtils.getGovernanceRegistry().beginTransaction(); - PermissionUtils.getGovernanceRegistry().put(ADMIN_PERMISSION_REGISTRY_PATH + - path, resource); + PermissionUtils.getGovernanceRegistry().put(path, resource); PermissionUtils.getGovernanceRegistry().commitTransaction(); } diff --git a/components/identity-extensions/org.wso2.carbon.device.mgt.oauth.extensions/src/main/java/org/wso2/carbon/device/mgt/oauth/extensions/validators/ScopeValidator.java b/components/identity-extensions/org.wso2.carbon.device.mgt.oauth.extensions/src/main/java/org/wso2/carbon/device/mgt/oauth/extensions/validators/ScopeValidator.java index ed68a04a554..2f534f38fe8 100644 --- a/components/identity-extensions/org.wso2.carbon.device.mgt.oauth.extensions/src/main/java/org/wso2/carbon/device/mgt/oauth/extensions/validators/ScopeValidator.java +++ b/components/identity-extensions/org.wso2.carbon.device.mgt.oauth.extensions/src/main/java/org/wso2/carbon/device/mgt/oauth/extensions/validators/ScopeValidator.java @@ -70,16 +70,14 @@ public class ScopeValidator extends OAuth2ScopeValidator { getPermissionManagerService(); try { Permission permission = permissionManagerService.getPermission(properties); - String username = accessTokenDO.getAuthzUser(); - status = CarbonContext.getThreadLocalCarbonContext().getUserRealm(). - getAuthorizationManager().isUserAuthorized(username, permission.getPath(), - ScopeValidator.PermissionMethod.READ); - UserRealm userRealm = CarbonContext.getThreadLocalCarbonContext().getUserRealm(); - if(userRealm != null && userRealm.getAuthorizationManager() != null){ - status = userRealm.getAuthorizationManager().isUserAuthorized(username, permission.getPath(), - ScopeValidator.PermissionMethod.READ); + if(permission != null){ + String username = accessTokenDO.getAuthzUser(); + UserRealm userRealm = CarbonContext.getThreadLocalCarbonContext().getUserRealm(); + if(userRealm != null && userRealm.getAuthorizationManager() != null){ + status = userRealm.getAuthorizationManager().isUserAuthorized(username, permission.getPath(), + PermissionMethod.READ); + } } - } catch (PermissionManagementException e) { log.error("Error occurred while validating the resource scope for : " + resource + ", Msg = " + e.getMessage(), e);