forked from community/device-mgt-core
Merge branch 'apim' of https://github.com/milanperera/carbon-device-mgt
mharindu
9 years ago
commit
9ebf2ab6d9
@ -0,0 +1,67 @@
|
|||||||
|
/*
|
||||||
|
* Copyright (c) 2016, WSO2 Inc. (http://www.wso2.org) All Rights Reserved.
|
||||||
|
*
|
||||||
|
* WSO2 Inc. licenses this file to you under the Apache License,
|
||||||
|
* Version 2.0 (the "License"); you may not use this file except
|
||||||
|
* in compliance with the License.
|
||||||
|
* You may obtain a copy of the License at
|
||||||
|
*
|
||||||
|
* http://www.apache.org/licenses/LICENSE-2.0
|
||||||
|
*
|
||||||
|
* Unless required by applicable law or agreed to in writing,
|
||||||
|
* software distributed under the License is distributed on an
|
||||||
|
* "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
|
||||||
|
* KIND, either express or implied. See the License for the
|
||||||
|
* specific language governing permissions and limitations
|
||||||
|
* under the License.
|
||||||
|
*
|
||||||
|
*/
|
||||||
|
|
||||||
|
package org.wso2.carbon.apimgt.webapp.publisher;
|
||||||
|
|
||||||
|
import org.apache.commons.logging.Log;
|
||||||
|
import org.apache.commons.logging.LogFactory;
|
||||||
|
import org.wso2.carbon.apimgt.api.model.API;
|
||||||
|
import org.wso2.carbon.apimgt.webapp.publisher.internal.APIPublisherDataHolder;
|
||||||
|
import org.wso2.carbon.core.ServerStartupObserver;
|
||||||
|
|
||||||
|
public class APIPublisherStartupHandler implements ServerStartupObserver {
|
||||||
|
|
||||||
|
private static final Log log = LogFactory.getLog(APIPublisherStartupHandler.class);
|
||||||
|
|
||||||
|
@Override
|
||||||
|
public void completingServerStartup() {
|
||||||
|
|
||||||
|
}
|
||||||
|
|
||||||
|
@Override
|
||||||
|
public void completedServerStartup() {
|
||||||
|
// adding temporary due to a bug in the platform
|
||||||
|
Thread t = new Thread(new Runnable() {
|
||||||
|
@Override
|
||||||
|
public void run() {
|
||||||
|
try {
|
||||||
|
Thread.sleep(5000);
|
||||||
|
} catch (InterruptedException e) {
|
||||||
|
log.error("Error occurred while sleeping", e);
|
||||||
|
}
|
||||||
|
APIPublisherDataHolder.getInstance().setServerStarted(true);
|
||||||
|
log.info("Server has just started, hence started publishing unpublished APIs");
|
||||||
|
if (log.isDebugEnabled()) {
|
||||||
|
log.debug("Total number of unpublished APIs: "
|
||||||
|
+ APIPublisherDataHolder.getInstance().getUnpublishedApis().size());
|
||||||
|
}
|
||||||
|
APIPublisherService publisher = APIPublisherDataHolder.getInstance().getApiPublisherService();
|
||||||
|
while (!APIPublisherDataHolder.getInstance().getUnpublishedApis().isEmpty()) {
|
||||||
|
API api = APIPublisherDataHolder.getInstance().getUnpublishedApis().pop();
|
||||||
|
try {
|
||||||
|
publisher.publishAPI(api);
|
||||||
|
} catch (java.lang.Exception e) {
|
||||||
|
log.error("Error occurred while publishing API '" + api.getId().getApiName(), e);
|
||||||
|
}
|
||||||
|
}
|
||||||
|
}
|
||||||
|
});
|
||||||
|
t.start();
|
||||||
|
}
|
||||||
|
}
|
||||||
@ -0,0 +1,75 @@
|
|||||||
|
/*
|
||||||
|
* Copyright (c) 2016, WSO2 Inc. (http://www.wso2.org) All Rights Reserved.
|
||||||
|
*
|
||||||
|
* WSO2 Inc. licenses this file to you under the Apache License,
|
||||||
|
* Version 2.0 (the "License"); you may not use this file except
|
||||||
|
* in compliance with the License.
|
||||||
|
* You may obtain a copy of the License at
|
||||||
|
*
|
||||||
|
* http://www.apache.org/licenses/LICENSE-2.0
|
||||||
|
*
|
||||||
|
* Unless required by applicable law or agreed to in writing,
|
||||||
|
* software distributed under the License is distributed on an
|
||||||
|
* "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
|
||||||
|
* KIND, either express or implied. See the License for the
|
||||||
|
* specific language governing permissions and limitations
|
||||||
|
* under the License.
|
||||||
|
*
|
||||||
|
*/
|
||||||
|
|
||||||
|
package org.wso2.carbon.apimgt.webapp.publisher;
|
||||||
|
|
||||||
|
public class InvalidConfigurationStateException extends RuntimeException {
|
||||||
|
|
||||||
|
private static final long serialVersionUID = -3151279311329070397L;
|
||||||
|
|
||||||
|
private String errorMessage;
|
||||||
|
private int errorCode;
|
||||||
|
|
||||||
|
public InvalidConfigurationStateException(int errorCode, String message) {
|
||||||
|
super(message);
|
||||||
|
this.errorCode = errorCode;
|
||||||
|
}
|
||||||
|
|
||||||
|
public InvalidConfigurationStateException(int errorCode, String message, Throwable cause) {
|
||||||
|
super(message, cause);
|
||||||
|
this.errorCode = errorCode;
|
||||||
|
}
|
||||||
|
|
||||||
|
public int getErrorCode() {
|
||||||
|
return errorCode;
|
||||||
|
}
|
||||||
|
|
||||||
|
|
||||||
|
public String getErrorMessage() {
|
||||||
|
return errorMessage;
|
||||||
|
}
|
||||||
|
|
||||||
|
public void setErrorMessage(String errorMessage) {
|
||||||
|
this.errorMessage = errorMessage;
|
||||||
|
}
|
||||||
|
|
||||||
|
public InvalidConfigurationStateException(String msg, Exception nestedEx) {
|
||||||
|
super(msg, nestedEx);
|
||||||
|
setErrorMessage(msg);
|
||||||
|
}
|
||||||
|
|
||||||
|
public InvalidConfigurationStateException(String message, Throwable cause) {
|
||||||
|
super(message, cause);
|
||||||
|
setErrorMessage(message);
|
||||||
|
}
|
||||||
|
|
||||||
|
public InvalidConfigurationStateException(String msg) {
|
||||||
|
super(msg);
|
||||||
|
setErrorMessage(msg);
|
||||||
|
}
|
||||||
|
|
||||||
|
public InvalidConfigurationStateException() {
|
||||||
|
super();
|
||||||
|
}
|
||||||
|
|
||||||
|
public InvalidConfigurationStateException(Throwable cause) {
|
||||||
|
super(cause);
|
||||||
|
}
|
||||||
|
|
||||||
|
}
|
||||||
@ -0,0 +1,44 @@
|
|||||||
|
/*
|
||||||
|
* Copyright (c) 2016, WSO2 Inc. (http://www.wso2.org) All Rights Reserved.
|
||||||
|
*
|
||||||
|
* WSO2 Inc. licenses this file to you under the Apache License,
|
||||||
|
* Version 2.0 (the "License"); you may not use this file except
|
||||||
|
* in compliance with the License.
|
||||||
|
* You may obtain a copy of the License at
|
||||||
|
*
|
||||||
|
* http://www.apache.org/licenses/LICENSE-2.0
|
||||||
|
*
|
||||||
|
* Unless required by applicable law or agreed to in writing,
|
||||||
|
* software distributed under the License is distributed on an
|
||||||
|
* "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
|
||||||
|
* KIND, either express or implied. See the License for the
|
||||||
|
* specific language governing permissions and limitations
|
||||||
|
* under the License.
|
||||||
|
*/
|
||||||
|
|
||||||
|
package org.wso2.carbon.apimgt.webapp.publisher;
|
||||||
|
|
||||||
|
public class WebappPublisherConfigurationFailedException extends Exception {
|
||||||
|
|
||||||
|
private static final long serialVersionUID = -3151279312929070398L;
|
||||||
|
|
||||||
|
public WebappPublisherConfigurationFailedException(String msg, Exception nestedEx) {
|
||||||
|
super(msg, nestedEx);
|
||||||
|
}
|
||||||
|
|
||||||
|
public WebappPublisherConfigurationFailedException(String message, Throwable cause) {
|
||||||
|
super(message, cause);
|
||||||
|
}
|
||||||
|
|
||||||
|
public WebappPublisherConfigurationFailedException(String msg) {
|
||||||
|
super(msg);
|
||||||
|
}
|
||||||
|
|
||||||
|
public WebappPublisherConfigurationFailedException() {
|
||||||
|
super();
|
||||||
|
}
|
||||||
|
|
||||||
|
public WebappPublisherConfigurationFailedException(Throwable cause) {
|
||||||
|
super(cause);
|
||||||
|
}
|
||||||
|
}
|
||||||
@ -0,0 +1,45 @@
|
|||||||
|
/*
|
||||||
|
* Copyright (c) 2016, WSO2 Inc. (http://www.wso2.org) All Rights Reserved.
|
||||||
|
*
|
||||||
|
* WSO2 Inc. licenses this file to you under the Apache License,
|
||||||
|
* Version 2.0 (the "License"); you may not use this file except
|
||||||
|
* in compliance with the License.
|
||||||
|
* You may obtain a copy of the License at
|
||||||
|
*
|
||||||
|
* http://www.apache.org/licenses/LICENSE-2.0
|
||||||
|
*
|
||||||
|
* Unless required by applicable law or agreed to in writing,
|
||||||
|
* software distributed under the License is distributed on an
|
||||||
|
* "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
|
||||||
|
* KIND, either express or implied. See the License for the
|
||||||
|
* specific language governing permissions and limitations
|
||||||
|
* under the License.
|
||||||
|
*/
|
||||||
|
|
||||||
|
package org.wso2.carbon.apimgt.webapp.publisher;
|
||||||
|
|
||||||
|
import org.w3c.dom.Document;
|
||||||
|
|
||||||
|
import javax.xml.parsers.DocumentBuilder;
|
||||||
|
import javax.xml.parsers.DocumentBuilderFactory;
|
||||||
|
import java.io.File;
|
||||||
|
|
||||||
|
/**
|
||||||
|
* This class contains the util methods which are needed
|
||||||
|
* to web app publisher related functions.
|
||||||
|
*/
|
||||||
|
public class WebappPublisherUtil {
|
||||||
|
|
||||||
|
public static Document convertToDocument(File file) throws WebappPublisherConfigurationFailedException {
|
||||||
|
DocumentBuilderFactory factory = DocumentBuilderFactory.newInstance();
|
||||||
|
factory.setNamespaceAware(true);
|
||||||
|
try {
|
||||||
|
DocumentBuilder docBuilder = factory.newDocumentBuilder();
|
||||||
|
return docBuilder.parse(file);
|
||||||
|
} catch (Exception e) {
|
||||||
|
throw new WebappPublisherConfigurationFailedException("Error occurred while parsing file, while converting " +
|
||||||
|
"to a org.w3c.dom.Document", e);
|
||||||
|
}
|
||||||
|
}
|
||||||
|
|
||||||
|
}
|
||||||
@ -0,0 +1,94 @@
|
|||||||
|
/*
|
||||||
|
* Copyright (c) 2016, WSO2 Inc. (http://www.wso2.org) All Rights Reserved.
|
||||||
|
*
|
||||||
|
* WSO2 Inc. licenses this file to you under the Apache License,
|
||||||
|
* Version 2.0 (the "License"); you may not use this file except
|
||||||
|
* in compliance with the License.
|
||||||
|
* You may obtain a copy of the License at
|
||||||
|
*
|
||||||
|
* http://www.apache.org/licenses/LICENSE-2.0
|
||||||
|
*
|
||||||
|
* Unless required by applicable law or agreed to in writing,
|
||||||
|
* software distributed under the License is distributed on an
|
||||||
|
* "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
|
||||||
|
* KIND, either express or implied. See the License for the
|
||||||
|
* specific language governing permissions and limitations
|
||||||
|
* under the License.
|
||||||
|
*/
|
||||||
|
|
||||||
|
package org.wso2.carbon.apimgt.webapp.publisher.config;
|
||||||
|
|
||||||
|
import org.w3c.dom.Document;
|
||||||
|
import org.wso2.carbon.apimgt.webapp.publisher.InvalidConfigurationStateException;
|
||||||
|
import org.wso2.carbon.apimgt.webapp.publisher.WebappPublisherConfigurationFailedException;
|
||||||
|
import org.wso2.carbon.apimgt.webapp.publisher.WebappPublisherUtil;
|
||||||
|
import org.wso2.carbon.utils.CarbonUtils;
|
||||||
|
|
||||||
|
import javax.xml.bind.JAXBContext;
|
||||||
|
import javax.xml.bind.JAXBException;
|
||||||
|
import javax.xml.bind.Unmarshaller;
|
||||||
|
import javax.xml.bind.annotation.XmlElement;
|
||||||
|
import javax.xml.bind.annotation.XmlRootElement;
|
||||||
|
import java.io.File;
|
||||||
|
|
||||||
|
/**
|
||||||
|
* This class represents the configuration that are needed
|
||||||
|
* when publishing APIs to API Manager.
|
||||||
|
*/
|
||||||
|
@XmlRootElement(name = "WebappPublisherConfigs")
|
||||||
|
public class WebappPublisherConfig {
|
||||||
|
|
||||||
|
private String host;
|
||||||
|
private boolean isPublished;
|
||||||
|
|
||||||
|
private static WebappPublisherConfig config;
|
||||||
|
|
||||||
|
private static final String WEBAPP_PUBLISHER_CONFIG_PATH =
|
||||||
|
CarbonUtils.getEtcCarbonConfigDirPath() + File.separator + "webapp-publisher-config.xml";
|
||||||
|
|
||||||
|
private WebappPublisherConfig() {
|
||||||
|
}
|
||||||
|
|
||||||
|
public static WebappPublisherConfig getInstance() {
|
||||||
|
if (config == null) {
|
||||||
|
throw new InvalidConfigurationStateException("Webapp Authenticator Configuration is not " +
|
||||||
|
"initialized properly");
|
||||||
|
}
|
||||||
|
return config;
|
||||||
|
}
|
||||||
|
|
||||||
|
@XmlElement(name = "Host", required = true)
|
||||||
|
public String getHost() {
|
||||||
|
return host;
|
||||||
|
}
|
||||||
|
|
||||||
|
public void setHost(String host) {
|
||||||
|
this.host = host;
|
||||||
|
}
|
||||||
|
|
||||||
|
@XmlElement(name = "PublishAPI", required = true)
|
||||||
|
public boolean isPublished() {
|
||||||
|
return isPublished;
|
||||||
|
}
|
||||||
|
|
||||||
|
public void setPublished(boolean published) {
|
||||||
|
isPublished = published;
|
||||||
|
}
|
||||||
|
|
||||||
|
public static void init() throws WebappPublisherConfigurationFailedException {
|
||||||
|
try {
|
||||||
|
File emailSenderConfig = new File(WEBAPP_PUBLISHER_CONFIG_PATH);
|
||||||
|
Document doc = WebappPublisherUtil.convertToDocument(emailSenderConfig);
|
||||||
|
|
||||||
|
/* Un-marshaling Email Sender configuration */
|
||||||
|
JAXBContext ctx = JAXBContext.newInstance(WebappPublisherConfig.class);
|
||||||
|
Unmarshaller unmarshaller = ctx.createUnmarshaller();
|
||||||
|
//unmarshaller.setSchema(getSchema());
|
||||||
|
config = (WebappPublisherConfig) unmarshaller.unmarshal(doc);
|
||||||
|
} catch (JAXBException e) {
|
||||||
|
throw new WebappPublisherConfigurationFailedException("Error occurred while un-marshalling Webapp " +
|
||||||
|
"Publisher Config", e);
|
||||||
|
}
|
||||||
|
}
|
||||||
|
|
||||||
|
}
|
||||||
@ -1,53 +0,0 @@
|
|||||||
/*
|
|
||||||
* Copyright (c) 2016, WSO2 Inc. (http://www.wso2.org) All Rights Reserved.
|
|
||||||
*
|
|
||||||
* WSO2 Inc. licenses this file to you under the Apache License,
|
|
||||||
* Version 2.0 (the "License"); you may not use this file except
|
|
||||||
* in compliance with the License.
|
|
||||||
* You may obtain a copy of the License at
|
|
||||||
*
|
|
||||||
* http://www.apache.org/licenses/LICENSE-2.0
|
|
||||||
*
|
|
||||||
* Unless required by applicable law or agreed to in writing,
|
|
||||||
* software distributed under the License is distributed on an
|
|
||||||
* "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
|
|
||||||
* KIND, either express or implied. See the License for the
|
|
||||||
* specific language governing permissions and limitations
|
|
||||||
* under the License.
|
|
||||||
*/
|
|
||||||
|
|
||||||
|
|
||||||
/**
|
|
||||||
* This class will read the configurations related to task. This task will be responsible for adding the operations.
|
|
||||||
*/
|
|
||||||
package org.wso2.carbon.device.mgt.core.config.deviceType;
|
|
||||||
|
|
||||||
import javax.xml.bind.annotation.XmlElement;
|
|
||||||
import javax.xml.bind.annotation.XmlRootElement;
|
|
||||||
|
|
||||||
@XmlRootElement(name = "DTDepyloymentConfiguration")
|
|
||||||
public class DTConfiguration {
|
|
||||||
|
|
||||||
private String dtHostAddress;
|
|
||||||
private String dtHostPort;
|
|
||||||
|
|
||||||
@XmlElement(name = "DTHostAddress", required = true)
|
|
||||||
public String getDtHostAddress() {
|
|
||||||
return dtHostAddress;
|
|
||||||
}
|
|
||||||
|
|
||||||
public void setDtHostAddress(String dtHostAddress) {
|
|
||||||
this.dtHostAddress = dtHostAddress;
|
|
||||||
}
|
|
||||||
|
|
||||||
@XmlElement(name = "DTHostPort", required = true)
|
|
||||||
public String getDtHostPort() {
|
|
||||||
return dtHostPort;
|
|
||||||
}
|
|
||||||
|
|
||||||
public void setDtHostPort(String dtHostPort) {
|
|
||||||
this.dtHostPort = dtHostPort;
|
|
||||||
}
|
|
||||||
|
|
||||||
|
|
||||||
}
|
|
||||||
@ -0,0 +1,200 @@
|
|||||||
|
/*
|
||||||
|
* Copyright (c) 2016, WSO2 Inc. (http://www.wso2.org) All Rights Reserved.
|
||||||
|
*
|
||||||
|
* WSO2 Inc. licenses this file to you under the Apache License,
|
||||||
|
* Version 2.0 (the "License"); you may not use this file except
|
||||||
|
* in compliance with the License.
|
||||||
|
* You may obtain a copy of the License at
|
||||||
|
*
|
||||||
|
* http://www.apache.org/licenses/LICENSE-2.0
|
||||||
|
*
|
||||||
|
* Unless required by applicable law or agreed to in writing,
|
||||||
|
* software distributed under the License is distributed on an
|
||||||
|
* "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
|
||||||
|
* KIND, either express or implied. See the License for the
|
||||||
|
* specific language governing permissions and limitations
|
||||||
|
* under the License.
|
||||||
|
*/
|
||||||
|
|
||||||
|
package org.wso2.carbon.device.mgt.oauth.extensions.validators;
|
||||||
|
|
||||||
|
import org.apache.commons.logging.Log;
|
||||||
|
import org.apache.commons.logging.LogFactory;
|
||||||
|
import org.wso2.carbon.base.MultitenantConstants;
|
||||||
|
import org.wso2.carbon.context.PrivilegedCarbonContext;
|
||||||
|
import org.wso2.carbon.device.mgt.oauth.extensions.internal.OAuthExtensionsDataHolder;
|
||||||
|
import org.wso2.carbon.identity.application.common.model.User;
|
||||||
|
import org.wso2.carbon.identity.core.util.IdentityTenantUtil;
|
||||||
|
import org.wso2.carbon.identity.oauth.cache.CacheEntry;
|
||||||
|
import org.wso2.carbon.identity.oauth.cache.OAuthCache;
|
||||||
|
import org.wso2.carbon.identity.oauth.cache.OAuthCacheKey;
|
||||||
|
import org.wso2.carbon.identity.oauth.config.OAuthServerConfiguration;
|
||||||
|
import org.wso2.carbon.identity.oauth2.IdentityOAuth2Exception;
|
||||||
|
import org.wso2.carbon.identity.oauth2.dao.TokenMgtDAO;
|
||||||
|
import org.wso2.carbon.identity.oauth2.model.AccessTokenDO;
|
||||||
|
import org.wso2.carbon.identity.oauth2.model.ResourceScopeCacheEntry;
|
||||||
|
import org.wso2.carbon.identity.oauth2.validators.OAuth2ScopeValidator;
|
||||||
|
import org.wso2.carbon.user.api.AuthorizationManager;
|
||||||
|
import org.wso2.carbon.user.api.UserStoreException;
|
||||||
|
import org.wso2.carbon.user.core.service.RealmService;
|
||||||
|
import org.wso2.carbon.utils.multitenancy.MultitenantUtils;
|
||||||
|
|
||||||
|
import java.util.ArrayList;
|
||||||
|
import java.util.Arrays;
|
||||||
|
import java.util.List;
|
||||||
|
import java.util.Set;
|
||||||
|
|
||||||
|
@SuppressWarnings("unused")
|
||||||
|
public class ExtendedJDBCScopeValidator extends OAuth2ScopeValidator{
|
||||||
|
|
||||||
|
private static final Log log = LogFactory.getLog(ExtendedJDBCScopeValidator.class);
|
||||||
|
private static final String UI_EXECUTE = "ui.execute";
|
||||||
|
|
||||||
|
|
||||||
|
@Override
|
||||||
|
public boolean validateScope(AccessTokenDO accessTokenDO, String resource) throws IdentityOAuth2Exception {
|
||||||
|
//Get the list of scopes associated with the access token
|
||||||
|
String[] scopes = accessTokenDO.getScope();
|
||||||
|
|
||||||
|
//If no scopes are associated with the token
|
||||||
|
if (scopes == null || scopes.length == 0) {
|
||||||
|
return true;
|
||||||
|
}
|
||||||
|
|
||||||
|
String resourceScope = null;
|
||||||
|
TokenMgtDAO tokenMgtDAO = new TokenMgtDAO();
|
||||||
|
|
||||||
|
boolean cacheHit = false;
|
||||||
|
// Check the cache, if caching is enabled.
|
||||||
|
if (OAuthServerConfiguration.getInstance().isCacheEnabled()) {
|
||||||
|
OAuthCache oauthCache = OAuthCache.getInstance();
|
||||||
|
OAuthCacheKey cacheKey = new OAuthCacheKey(resource);
|
||||||
|
CacheEntry result = oauthCache.getValueFromCache(cacheKey);
|
||||||
|
|
||||||
|
//Cache hit
|
||||||
|
if (result instanceof ResourceScopeCacheEntry) {
|
||||||
|
resourceScope = ((ResourceScopeCacheEntry) result).getScope();
|
||||||
|
cacheHit = true;
|
||||||
|
}
|
||||||
|
}
|
||||||
|
|
||||||
|
if (!cacheHit) {
|
||||||
|
resourceScope = tokenMgtDAO.findScopeOfResource(resource);
|
||||||
|
|
||||||
|
if (OAuthServerConfiguration.getInstance().isCacheEnabled()) {
|
||||||
|
OAuthCache oauthCache = OAuthCache.getInstance();
|
||||||
|
OAuthCacheKey cacheKey = new OAuthCacheKey(resource);
|
||||||
|
ResourceScopeCacheEntry cacheEntry = new ResourceScopeCacheEntry(resourceScope);
|
||||||
|
//Store resourceScope in cache even if it is null (to avoid database calls when accessing resources for
|
||||||
|
//which scopes haven't been defined).
|
||||||
|
oauthCache.addToCache(cacheKey, cacheEntry);
|
||||||
|
}
|
||||||
|
}
|
||||||
|
|
||||||
|
//Return TRUE if - There does not exist a scope definition for the resource
|
||||||
|
if (resourceScope == null) {
|
||||||
|
if(log.isDebugEnabled()){
|
||||||
|
log.debug("Resource '" + resource + "' is not protected with a scope");
|
||||||
|
}
|
||||||
|
return true;
|
||||||
|
}
|
||||||
|
|
||||||
|
List<String> scopeList = new ArrayList<>(Arrays.asList(scopes));
|
||||||
|
|
||||||
|
//If the access token does not bear the scope required for accessing the Resource.
|
||||||
|
if(!scopeList.contains(resourceScope)){
|
||||||
|
if(log.isDebugEnabled()){
|
||||||
|
log.debug("Access token '" + accessTokenDO.getAccessToken() + "' does not bear the scope '" +
|
||||||
|
resourceScope + "'");
|
||||||
|
}
|
||||||
|
return false;
|
||||||
|
}
|
||||||
|
|
||||||
|
try {
|
||||||
|
//Get the permissions associated with the scope, if any
|
||||||
|
Set<String> permissionsOfScope = tokenMgtDAO.getRolesOfScopeByScopeKey(resourceScope);
|
||||||
|
|
||||||
|
//If the scope doesn't have any permissions associated with it.
|
||||||
|
if(permissionsOfScope == null || permissionsOfScope.isEmpty()){
|
||||||
|
if(log.isDebugEnabled()){
|
||||||
|
log.debug("Did not find any roles associated to the scope " + resourceScope);
|
||||||
|
}
|
||||||
|
return true;
|
||||||
|
}
|
||||||
|
|
||||||
|
if(log.isDebugEnabled()){
|
||||||
|
StringBuilder logMessage = new StringBuilder("Found permissions of scope '" + resourceScope + "' ");
|
||||||
|
for(String permission : permissionsOfScope){
|
||||||
|
logMessage.append(permission);
|
||||||
|
logMessage.append(", ");
|
||||||
|
}
|
||||||
|
log.debug(logMessage.toString());
|
||||||
|
}
|
||||||
|
|
||||||
|
User authorizedUser = accessTokenDO.getAuthzUser();
|
||||||
|
RealmService realmService = OAuthExtensionsDataHolder.getInstance().getRealmService();
|
||||||
|
|
||||||
|
int tenantId = realmService.getTenantManager().getTenantId(authorizedUser.getTenantDomain());
|
||||||
|
|
||||||
|
if (tenantId == 0 || tenantId == -1) {
|
||||||
|
tenantId = IdentityTenantUtil.getTenantIdOfUser(authorizedUser.getUserName());
|
||||||
|
}
|
||||||
|
|
||||||
|
AuthorizationManager authorizationManager;
|
||||||
|
String[] userRoles;
|
||||||
|
boolean tenantFlowStarted = false;
|
||||||
|
|
||||||
|
try{
|
||||||
|
//If this is a tenant user
|
||||||
|
if(tenantId != MultitenantConstants.SUPER_TENANT_ID){
|
||||||
|
PrivilegedCarbonContext.startTenantFlow();
|
||||||
|
PrivilegedCarbonContext.getThreadLocalCarbonContext().setTenantDomain(
|
||||||
|
realmService.getTenantManager().getDomain(tenantId),true);
|
||||||
|
tenantFlowStarted = true;
|
||||||
|
}
|
||||||
|
|
||||||
|
authorizationManager = realmService.getTenantUserRealm(tenantId).getAuthorizationManager();
|
||||||
|
|
||||||
|
} finally {
|
||||||
|
if (tenantFlowStarted) {
|
||||||
|
PrivilegedCarbonContext.endTenantFlow();
|
||||||
|
}
|
||||||
|
}
|
||||||
|
boolean status = false;
|
||||||
|
String username = MultitenantUtils.getTenantAwareUsername(authorizedUser.getUserName());
|
||||||
|
for (String permission : permissionsOfScope) {
|
||||||
|
if (authorizationManager != null) {
|
||||||
|
String userStore = authorizedUser.getUserStoreDomain();
|
||||||
|
|
||||||
|
if (userStore != null) {
|
||||||
|
status = authorizationManager
|
||||||
|
.isUserAuthorized(userStore + "/" + username, permission, UI_EXECUTE);
|
||||||
|
} else {
|
||||||
|
status = authorizationManager.isUserAuthorized(username , permission, UI_EXECUTE);
|
||||||
|
}
|
||||||
|
if (status) {
|
||||||
|
break;
|
||||||
|
}
|
||||||
|
}
|
||||||
|
}
|
||||||
|
|
||||||
|
if (status) {
|
||||||
|
if(log.isDebugEnabled()){
|
||||||
|
log.debug("User '" + authorizedUser.getUserName() + "' is authorized");
|
||||||
|
}
|
||||||
|
return true;
|
||||||
|
}
|
||||||
|
|
||||||
|
if(log.isDebugEnabled()){
|
||||||
|
log.debug("No permissions associated for the user " + authorizedUser.getUserName());
|
||||||
|
}
|
||||||
|
return false;
|
||||||
|
|
||||||
|
} catch (UserStoreException e) {
|
||||||
|
//Log and return since we do not want to stop issuing the token in case of scope validation failures.
|
||||||
|
log.error("Error when getting the tenant's UserStoreManager or when getting roles of user ", e);
|
||||||
|
return false;
|
||||||
|
}
|
||||||
|
}
|
||||||
|
|
||||||
|
}
|
||||||
@ -0,0 +1 @@
|
|||||||
|
custom = true
|
||||||
@ -0,0 +1,32 @@
|
|||||||
|
<?xml version="1.0" encoding="ISO-8859-1"?>
|
||||||
|
<!--
|
||||||
|
~ Copyright (c) 2016, WSO2 Inc. (http://www.wso2.org) All Rights Reserved.
|
||||||
|
~
|
||||||
|
~ WSO2 Inc. licenses this file to you under the Apache License,
|
||||||
|
~ Version 2.0 (the "License"); you may not use this file except
|
||||||
|
~ in compliance with the License.
|
||||||
|
~ you may obtain a copy of the License at
|
||||||
|
~
|
||||||
|
~ http://www.apache.org/licenses/LICENSE-2.0
|
||||||
|
~
|
||||||
|
~ Unless required by applicable law or agreed to in writing,
|
||||||
|
~ software distributed under the License is distributed on an
|
||||||
|
~ "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
|
||||||
|
~ KIND, either express or implied. See the License for the
|
||||||
|
~ specific language governing permissions and limitations
|
||||||
|
~ under the License.
|
||||||
|
-->
|
||||||
|
|
||||||
|
<!--
|
||||||
|
This configuration file represents the configuration that are needed
|
||||||
|
when publishing APIs to API Manager
|
||||||
|
-->
|
||||||
|
<WebappPublisherConfigs>
|
||||||
|
|
||||||
|
<!-- This host is used to define the host address which is used to publish APIs -->
|
||||||
|
<Host>http://localhost:${carbon.http.port}</Host>
|
||||||
|
|
||||||
|
<!-- If it is true, the APIs of this instance will be published to the defined host -->
|
||||||
|
<PublishAPI>true</PublishAPI>
|
||||||
|
|
||||||
|
</WebappPublisherConfigs>
|
||||||
@ -0,0 +1,2 @@
|
|||||||
|
instructions.configure = \
|
||||||
|
org.eclipse.equinox.p2.touchpoint.natives.copy(source:${installFolder}/../features/org.wso2.carbon.apimgt.webapp.publisher_${feature.version}/conf/webapp-publisher-config.xml,target:${installFolder}/../../conf/etc/webapp-publisher-config.xml,overwrite:true);\
|
||||||
Loading…
Reference in new issue