diff --git a/components/device-mgt/org.wso2.carbon.device.mgt.core/src/main/java/org/wso2/carbon/device/mgt/core/config/permission/PermissionConfiguration.java b/components/device-mgt/org.wso2.carbon.device.mgt.core/src/main/java/org/wso2/carbon/device/mgt/core/config/permission/PermissionConfiguration.java index 482f80b6f7c..f974ea5f20e 100644 --- a/components/device-mgt/org.wso2.carbon.device.mgt.core/src/main/java/org/wso2/carbon/device/mgt/core/config/permission/PermissionConfiguration.java +++ b/components/device-mgt/org.wso2.carbon.device.mgt.core/src/main/java/org/wso2/carbon/device/mgt/core/config/permission/PermissionConfiguration.java @@ -31,6 +31,16 @@ import java.util.List; public class PermissionConfiguration { private List permissions; + private String apiVersion; + + public String getApiVersion() { + return apiVersion; + } + + @XmlElement (name = "APIVersion", required = true) + public void setApiVersion(String apiVersion) { + this.apiVersion = apiVersion; + } public List getPermissions() { return permissions; diff --git a/components/device-mgt/org.wso2.carbon.device.mgt.core/src/main/java/org/wso2/carbon/device/mgt/core/config/permission/lifecycle/WebAppDeploymentLifecycleListener.java b/components/device-mgt/org.wso2.carbon.device.mgt.core/src/main/java/org/wso2/carbon/device/mgt/core/config/permission/lifecycle/WebAppDeploymentLifecycleListener.java index 557ce64859d..ae7b9f709e9 100644 --- a/components/device-mgt/org.wso2.carbon.device.mgt.core/src/main/java/org/wso2/carbon/device/mgt/core/config/permission/lifecycle/WebAppDeploymentLifecycleListener.java +++ b/components/device-mgt/org.wso2.carbon.device.mgt.core/src/main/java/org/wso2/carbon/device/mgt/core/config/permission/lifecycle/WebAppDeploymentLifecycleListener.java @@ -24,9 +24,11 @@ import org.apache.catalina.LifecycleListener; import org.apache.catalina.core.StandardContext; import org.apache.commons.logging.Log; import org.apache.commons.logging.LogFactory; +import org.wso2.carbon.device.mgt.common.permission.mgt.Permission; import org.wso2.carbon.device.mgt.common.permission.mgt.PermissionManagementException; import org.wso2.carbon.device.mgt.core.config.permission.PermissionConfiguration; import org.wso2.carbon.device.mgt.core.permission.mgt.PermissionManagerServiceImpl; +import org.wso2.carbon.device.mgt.core.permission.mgt.PermissionUtils; import javax.servlet.ServletContext; import javax.xml.bind.JAXBContext; @@ -34,6 +36,7 @@ import javax.xml.bind.JAXBException; import javax.xml.bind.Unmarshaller; import java.io.File; import java.io.InputStream; +import java.util.List; /** * This listener class will initiate the permission addition of permissions defined in @@ -50,6 +53,7 @@ public class WebAppDeploymentLifecycleListener implements LifecycleListener { if (Lifecycle.AFTER_START_EVENT.equals(lifecycleEvent.getType())) { StandardContext context = (StandardContext) lifecycleEvent.getLifecycle(); ServletContext servletContext = context.getServletContext(); + String contextPath = servletContext.getContextPath(); try { InputStream permissionStream = servletContext.getResourceAsStream(PERMISSION_CONFIG_PATH); if (permissionStream != null) { @@ -58,10 +62,16 @@ public class WebAppDeploymentLifecycleListener implements LifecycleListener { Unmarshaller unmarshaller = cdmContext.createUnmarshaller(); PermissionConfiguration permissionConfiguration = (PermissionConfiguration) unmarshaller.unmarshal(permissionStream); - if (permissionConfiguration != null && - permissionConfiguration.getPermissions() != null) { - PermissionManagerServiceImpl.getInstance().addPermissions( - permissionConfiguration.getPermissions()); + List permissions = permissionConfiguration.getPermissions(); + String apiVersion = permissionConfiguration.getApiVersion(); + if (permissionConfiguration != null && permissions != null) { + for (Permission permission : permissions) { + // update the permission path to absolute permission path + permission.setPath(PermissionUtils.getAbsolutePermissionPath(permission.getPath())); + permission.setUrl(PermissionUtils.getAbsoluteContextPathOfAPI(contextPath, apiVersion, + permission.getUrl())); + PermissionManagerServiceImpl.getInstance().addPermission(permission); + } } } } catch (JAXBException e) { diff --git a/components/device-mgt/org.wso2.carbon.device.mgt.core/src/main/java/org/wso2/carbon/device/mgt/core/permission/mgt/PermissionManagerServiceImpl.java b/components/device-mgt/org.wso2.carbon.device.mgt.core/src/main/java/org/wso2/carbon/device/mgt/core/permission/mgt/PermissionManagerServiceImpl.java index bee2ce06460..190b90dbc7f 100644 --- a/components/device-mgt/org.wso2.carbon.device.mgt.core/src/main/java/org/wso2/carbon/device/mgt/core/permission/mgt/PermissionManagerServiceImpl.java +++ b/components/device-mgt/org.wso2.carbon.device.mgt.core/src/main/java/org/wso2/carbon/device/mgt/core/permission/mgt/PermissionManagerServiceImpl.java @@ -51,17 +51,8 @@ public class PermissionManagerServiceImpl implements PermissionManagerService { return registryBasedPermissionManager; } - public boolean addPermissions(List permissions) throws PermissionManagementException { - for (Permission permission : permissions) { - this.addPermission(permission); - } - return true; - } - @Override public boolean addPermission(Permission permission) throws PermissionManagementException { - // update the permission path to absolute permission path - permission.setPath(PermissionUtils.getAbsolutePermissionPath(permission.getPath())); // adding a permission to the tree permissionTree.addPermission(permission); return PermissionUtils.putPermission(permission); diff --git a/components/device-mgt/org.wso2.carbon.device.mgt.core/src/main/java/org/wso2/carbon/device/mgt/core/permission/mgt/PermissionUtils.java b/components/device-mgt/org.wso2.carbon.device.mgt.core/src/main/java/org/wso2/carbon/device/mgt/core/permission/mgt/PermissionUtils.java index 3ed44c63b1a..d70247f683b 100644 --- a/components/device-mgt/org.wso2.carbon.device.mgt.core/src/main/java/org/wso2/carbon/device/mgt/core/permission/mgt/PermissionUtils.java +++ b/components/device-mgt/org.wso2.carbon.device.mgt.core/src/main/java/org/wso2/carbon/device/mgt/core/permission/mgt/PermissionUtils.java @@ -59,6 +59,13 @@ public class PermissionUtils { return PermissionUtils.ADMIN_PERMISSION_REGISTRY_PATH + permissionPath; } + public static String getAbsoluteContextPathOfAPI(String contextPath, String version, String url) { + if((version != null) && !version.isEmpty()) { + return contextPath + "/" + version + url; + } + return contextPath + url; + } + public static Permission getPermission(String path) throws PermissionManagementException { try { Resource resource = PermissionUtils.getGovernanceRegistry().get(path); diff --git a/components/identity-extensions/dynamic-client-registration/org.wso2.carbon.dynamic.client.web.app.registration/src/main/java/org/wso2/carbon/dynamic/client/web/app/registration/DynamicClientWebAppRegistrationManager.java b/components/identity-extensions/dynamic-client-registration/org.wso2.carbon.dynamic.client.web.app.registration/src/main/java/org/wso2/carbon/dynamic/client/web/app/registration/DynamicClientWebAppRegistrationManager.java index d7456f4f8eb..fbb60232510 100644 --- a/components/identity-extensions/dynamic-client-registration/org.wso2.carbon.dynamic.client.web.app.registration/src/main/java/org/wso2/carbon/dynamic/client/web/app/registration/DynamicClientWebAppRegistrationManager.java +++ b/components/identity-extensions/dynamic-client-registration/org.wso2.carbon.dynamic.client.web.app.registration/src/main/java/org/wso2/carbon/dynamic/client/web/app/registration/DynamicClientWebAppRegistrationManager.java @@ -120,10 +120,9 @@ public class DynamicClientWebAppRegistrationManager { String requiredDynamicClientRegistration, webAppName; ServletContext servletContext; RegistrationProfile registrationProfile; - OAuthAppDetails oAuthAppDetails = null; + OAuthAppDetails oAuthAppDetails; DynamicClientWebAppRegistrationManager dynamicClientWebAppRegistrationManager = DynamicClientWebAppRegistrationManager.getInstance(); - //todo move enumeration to while loop Enumeration enumeration = new IteratorEnumeration(DynamicClientWebAppRegistrationManager. webAppContexts.keySet().iterator()); if (log.isDebugEnabled()) { diff --git a/components/identity-extensions/org.wso2.carbon.device.mgt.oauth.extensions/src/main/java/org/wso2/carbon/device/mgt/oauth/extensions/validators/PermissionBasedScopeValidator.java b/components/identity-extensions/org.wso2.carbon.device.mgt.oauth.extensions/src/main/java/org/wso2/carbon/device/mgt/oauth/extensions/validators/PermissionBasedScopeValidator.java index ba561436688..78eed7d06a7 100644 --- a/components/identity-extensions/org.wso2.carbon.device.mgt.oauth.extensions/src/main/java/org/wso2/carbon/device/mgt/oauth/extensions/validators/PermissionBasedScopeValidator.java +++ b/components/identity-extensions/org.wso2.carbon.device.mgt.oauth.extensions/src/main/java/org/wso2/carbon/device/mgt/oauth/extensions/validators/PermissionBasedScopeValidator.java @@ -51,6 +51,7 @@ public class PermissionBasedScopeValidator extends OAuth2ScopeValidator { public static final String WRITE = "write"; public static final String DELETE = "delete"; public static final String ACTION = "action"; + public static final String UI_EXECUTE = "ui.execute"; } private static final Log log = LogFactory.getLog(PermissionBasedScopeValidator.class); @@ -77,7 +78,7 @@ public class PermissionBasedScopeValidator extends OAuth2ScopeValidator { if (userRealm != null && userRealm.getAuthorizationManager() != null) { status = userRealm.getAuthorizationManager() .isUserAuthorized(username, permission.getPath(), - PermissionMethod.READ); + PermissionMethod.UI_EXECUTE); } } } catch (PermissionManagementException e) { diff --git a/components/webapp-authenticator-framework/org.wso2.carbon.webapp.authenticator.framework/src/main/java/org/wso2/carbon/webapp/authenticator/framework/authenticator/OAuthAuthenticator.java b/components/webapp-authenticator-framework/org.wso2.carbon.webapp.authenticator.framework/src/main/java/org/wso2/carbon/webapp/authenticator/framework/authenticator/OAuthAuthenticator.java index 241e7de9b49..fd63a5efd12 100644 --- a/components/webapp-authenticator-framework/org.wso2.carbon.webapp.authenticator.framework/src/main/java/org/wso2/carbon/webapp/authenticator/framework/authenticator/OAuthAuthenticator.java +++ b/components/webapp-authenticator-framework/org.wso2.carbon.webapp.authenticator.framework/src/main/java/org/wso2/carbon/webapp/authenticator/framework/authenticator/OAuthAuthenticator.java @@ -81,8 +81,8 @@ public class OAuthAuthenticator implements WebappAuthenticator { authenticationInfo.setStatus(Status.CONTINUE); } String apiVersion = tokenizer.nextToken(); - String authLevel = authenticator.getResourceAuthenticationScheme(context, apiVersion, requestUri, requestMethod); - //String authLevel = "any"; + //String authLevel = authenticator.getResourceAuthenticationScheme(context, apiVersion, requestUri, requestMethod); + String authLevel = "any"; try { if (Constants.NO_MATCHING_AUTH_SCHEME.equals(authLevel)) { AuthenticationFrameworkUtil.handleNoMatchAuthScheme(request, response, requestMethod, apiVersion,