From a4e342ed08f2b6530d4414a6d95b6427bc182dc1 Mon Sep 17 00:00:00 2001
From: Menaka Jayawardena <menaka@wso2.com>
Date: Wed, 13 Sep 2017 20:17:58 +0530
Subject: [PATCH] Created Authentication Handler API for Application
 Management.

---
 .../pom.xml                                   | 192 ++++++++++++++++++
 .../handler/service/AuthHandlerService.java   |  52 +++++
 .../service/impl/AuthHandlerServiceImpl.java  | 162 +++++++++++++++
 .../mgt/auth/handler/util/Constants.java      |  34 ++++
 .../handler/util/dto/AccessTokenInfo.java     |  83 ++++++++
 .../handler/util/dto/ApiApplicationKey.java   |  49 +++++
 .../ApiApplicationRegistrationService.java    |  43 ++++
 .../util/dto/ApiRegistrationProfile.java      |  82 ++++++++
 .../util/dto/OAuthRequestInterceptor.java     |  47 +++++
 .../handler/util/dto/RegistrationProfile.java |  83 ++++++++
 .../handler/util/dto/TokenIssuerService.java  |  42 ++++
 .../handler/util/dto/TokenRevokeService.java} |  40 ++--
 .../src/main/webapp/META-INF/permissions.xml  |  35 ++++
 .../webapp/META-INF/webapp-classloading.xml   |  35 ++++
 .../src/main/webapp/WEB-INF/cxf-servlet.xml   |  38 ++++
 .../src/main/webapp/WEB-INF/web.xml           | 115 +++++++++++
 components/application-mgt/pom.xml            |   1 +
 .../pom.xml                                   | 120 +++++++++++
 .../src/main/resources/build.properties       |   1 +
 .../src/main/resources/p2.inf                 |   3 +
 .../pom.xml                                   |   2 +-
 features/application-mgt/pom.xml              |   1 +
 22 files changed, 1232 insertions(+), 28 deletions(-)
 create mode 100644 components/application-mgt/org.wso2.carbon.device.application.mgt.authhandler/pom.xml
 create mode 100644 components/application-mgt/org.wso2.carbon.device.application.mgt.authhandler/src/main/java/org/wso2/carbon/device/application/mgt/auth/handler/service/AuthHandlerService.java
 create mode 100644 components/application-mgt/org.wso2.carbon.device.application.mgt.authhandler/src/main/java/org/wso2/carbon/device/application/mgt/auth/handler/service/impl/AuthHandlerServiceImpl.java
 create mode 100644 components/application-mgt/org.wso2.carbon.device.application.mgt.authhandler/src/main/java/org/wso2/carbon/device/application/mgt/auth/handler/util/Constants.java
 create mode 100755 components/application-mgt/org.wso2.carbon.device.application.mgt.authhandler/src/main/java/org/wso2/carbon/device/application/mgt/auth/handler/util/dto/AccessTokenInfo.java
 create mode 100644 components/application-mgt/org.wso2.carbon.device.application.mgt.authhandler/src/main/java/org/wso2/carbon/device/application/mgt/auth/handler/util/dto/ApiApplicationKey.java
 create mode 100755 components/application-mgt/org.wso2.carbon.device.application.mgt.authhandler/src/main/java/org/wso2/carbon/device/application/mgt/auth/handler/util/dto/ApiApplicationRegistrationService.java
 create mode 100755 components/application-mgt/org.wso2.carbon.device.application.mgt.authhandler/src/main/java/org/wso2/carbon/device/application/mgt/auth/handler/util/dto/ApiRegistrationProfile.java
 create mode 100755 components/application-mgt/org.wso2.carbon.device.application.mgt.authhandler/src/main/java/org/wso2/carbon/device/application/mgt/auth/handler/util/dto/OAuthRequestInterceptor.java
 create mode 100755 components/application-mgt/org.wso2.carbon.device.application.mgt.authhandler/src/main/java/org/wso2/carbon/device/application/mgt/auth/handler/util/dto/RegistrationProfile.java
 create mode 100755 components/application-mgt/org.wso2.carbon.device.application.mgt.authhandler/src/main/java/org/wso2/carbon/device/application/mgt/auth/handler/util/dto/TokenIssuerService.java
 rename components/application-mgt/{org.wso2.carbon.device.application.mgt.publisher.ui/src/main/resources/publisher/src/components/Overview/PublisherOverview.jsx => org.wso2.carbon.device.application.mgt.authhandler/src/main/java/org/wso2/carbon/device/application/mgt/auth/handler/util/dto/TokenRevokeService.java} (52%)
 create mode 100644 components/application-mgt/org.wso2.carbon.device.application.mgt.authhandler/src/main/webapp/META-INF/permissions.xml
 create mode 100644 components/application-mgt/org.wso2.carbon.device.application.mgt.authhandler/src/main/webapp/META-INF/webapp-classloading.xml
 create mode 100644 components/application-mgt/org.wso2.carbon.device.application.mgt.authhandler/src/main/webapp/WEB-INF/cxf-servlet.xml
 create mode 100644 components/application-mgt/org.wso2.carbon.device.application.mgt.authhandler/src/main/webapp/WEB-INF/web.xml
 create mode 100644 features/application-mgt/org.wso2.carbon.device.application.mgt.auth.handler.feature/pom.xml
 create mode 100644 features/application-mgt/org.wso2.carbon.device.application.mgt.auth.handler.feature/src/main/resources/build.properties
 create mode 100644 features/application-mgt/org.wso2.carbon.device.application.mgt.auth.handler.feature/src/main/resources/p2.inf

diff --git a/components/application-mgt/org.wso2.carbon.device.application.mgt.authhandler/pom.xml b/components/application-mgt/org.wso2.carbon.device.application.mgt.authhandler/pom.xml
new file mode 100644
index 00000000000..7dfdd93df4e
--- /dev/null
+++ b/components/application-mgt/org.wso2.carbon.device.application.mgt.authhandler/pom.xml
@@ -0,0 +1,192 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<!--
+~ Copyright (c) 2017, WSO2 Inc. (http://www.wso2.org) All Rights Reserved.
+~
+~ WSO2 Inc. licenses this file to you under the Apache License,
+~ Version 2.0 (the "License"); you may not use this file except
+~ in compliance with the License.
+~ You may obtain a copy of the License at
+~
+~    http://www.apache.org/licenses/LICENSE-2.0
+~
+~ Unless required by applicable law or agreed to in writing,
+~ software distributed under the License is distributed on an
+~ "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+~ KIND, either express or implied.  See the License for the
+~ specific language governing permissions and limitations
+~ under the License.
+-->
+<project xmlns="http://maven.apache.org/POM/4.0.0"
+         xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
+         xsi:schemaLocation="http://maven.apache.org/POM/4.0.0 http://maven.apache.org/xsd/maven-4.0.0.xsd">
+    <modelVersion>4.0.0</modelVersion>
+
+    <parent>
+        <groupId>org.wso2.carbon.devicemgt</groupId>
+        <artifactId>application-mgt</artifactId>
+        <version>3.0.46-SNAPSHOT</version>
+    </parent>
+
+    <artifactId>org.wso2.carbon.device.application.mgt.authhandler</artifactId>
+    <version>3.0.46-SNAPSHOT</version>
+    <packaging>war</packaging>
+    <name>WSO2 Carbon - Application Management Authentication Handler API</name>
+    <description>Proxy Service for Authentication Handling in WSO2 App Manager.</description>
+    <url>http://wso2.org</url>
+
+    <build>
+        <plugins>
+            <plugin>
+                <artifactId>maven-war-plugin</artifactId>
+                <configuration>
+                    <packagingExcludes>WEB-INF/lib/*cxf*.jar</packagingExcludes>
+                    <warName>auth#application-mgt#v1.0</warName>
+                </configuration>
+            </plugin>
+        </plugins>
+    </build>
+
+    <profiles>
+        <profile>
+            <id>deploy</id>
+            <build>
+                <defaultGoal>compile</defaultGoal>
+                <plugins>
+                    <plugin>
+                        <groupId>org.apache.maven.plugins</groupId>
+                        <artifactId>maven-antrun-plugin</artifactId>
+                        <version>1.7</version>
+                        <executions>
+                            <execution>
+                                <phase>compile</phase>
+                                <goals>
+                                    <goal>run</goal>
+                                </goals>
+                                <configuration>
+                                    <tasks>
+                                        <copy todir="${basedir}/../../../repository/deployment/server/webapps" overwrite="true">
+                                            <fileset dir="${basedir}/target">
+                                                <include name="auth#application-mgt#v1.0.war" />
+                                            </fileset>
+                                        </copy>
+                                    </tasks>
+                                </configuration>
+                            </execution>
+                        </executions>
+                    </plugin>
+                </plugins>
+            </build>
+        </profile>
+        <profile>
+            <id>client</id>
+            <build>
+                <defaultGoal>test</defaultGoal>
+                <plugins>
+                    <plugin>
+                        <groupId>org.codehaus.mojo</groupId>
+                        <artifactId>exec-maven-plugin</artifactId>
+                        <version>1.2.1</version>
+                        <executions>
+                            <execution>
+                                <phase>test</phase>
+                                <goals>
+                                    <goal>java</goal>
+                                </goals>
+                            </execution>
+                        </executions>
+                    </plugin>
+                </plugins>
+            </build>
+        </profile>
+    </profiles>
+
+    <dependencies>
+        <dependency>
+            <groupId>org.apache.cxf</groupId>
+            <artifactId>cxf-rt-frontend-jaxws</artifactId>
+            <scope>provided</scope>
+        </dependency>
+        <dependency>
+            <groupId>org.apache.cxf</groupId>
+            <artifactId>cxf-rt-frontend-jaxrs</artifactId>
+            <scope>provided</scope>
+        </dependency>
+        <dependency>
+            <groupId>org.apache.cxf</groupId>
+            <artifactId>cxf-rt-transports-http</artifactId>
+            <scope>provided</scope>
+        </dependency>
+        <dependency>
+            <groupId>junit</groupId>
+            <artifactId>junit</artifactId>
+            <scope>test</scope>
+        </dependency>
+        <dependency>
+            <groupId>org.codehaus.jackson</groupId>
+            <artifactId>jackson-jaxrs</artifactId>
+        </dependency>
+        <dependency>
+            <groupId>org.codehaus.jackson</groupId>
+            <artifactId>jackson-core-asl</artifactId>
+        </dependency>
+        <dependency>
+            <groupId>javax.ws.rs</groupId>
+            <artifactId>jsr311-api</artifactId>
+            <scope>provided</scope>
+        </dependency>
+        <dependency>
+            <groupId>org.wso2.carbon</groupId>
+            <artifactId>org.wso2.carbon.utils</artifactId>
+            <scope>provided</scope>
+        </dependency>
+        <dependency>
+            <groupId>org.wso2.carbon</groupId>
+            <artifactId>org.wso2.carbon.logging</artifactId>
+            <scope>provided</scope>
+        </dependency>
+        <dependency>
+            <groupId>org.json.wso2</groupId>
+            <artifactId>json</artifactId>
+        </dependency>
+        <dependency>
+            <groupId>commons-codec.wso2</groupId>
+            <artifactId>commons-codec</artifactId>
+            <scope>provided</scope>
+        </dependency>
+        <!-- https://mvnrepository.com/artifact/io.github.openfeign/feign-core -->
+        <dependency>
+            <groupId>io.github.openfeign</groupId>
+            <artifactId>feign-core</artifactId>
+            <version>9.5.0</version>
+        </dependency>
+        <!-- https://mvnrepository.com/artifact/io.github.openfeign/feign-jackson -->
+        <dependency>
+            <groupId>io.github.openfeign</groupId>
+            <artifactId>feign-jackson</artifactId>
+            <version>9.5.0</version>
+        </dependency>
+        <!-- https://mvnrepository.com/artifact/io.github.openfeign/feign-jackson -->
+        <dependency>
+            <groupId>io.github.openfeign</groupId>
+            <artifactId>feign-jaxrs</artifactId>
+            <version>9.5.0</version>
+        </dependency>
+        <dependency>
+            <groupId>javax.servlet</groupId>
+            <artifactId>servlet-api</artifactId>
+            <scope>provided</scope>
+        </dependency>
+        <dependency>
+            <groupId>org.wso2.orbit.com.fasterxml.jackson.core</groupId>
+            <artifactId>jackson-annotations</artifactId>
+        </dependency>
+        <dependency>
+            <groupId>org.hibernate</groupId>
+            <artifactId>hibernate-validator</artifactId>
+        </dependency>
+        <dependency>
+            <groupId>javax.ws.rs</groupId>
+            <artifactId>javax.ws.rs-api</artifactId>
+        </dependency>
+    </dependencies>
+</project>
diff --git a/components/application-mgt/org.wso2.carbon.device.application.mgt.authhandler/src/main/java/org/wso2/carbon/device/application/mgt/auth/handler/service/AuthHandlerService.java b/components/application-mgt/org.wso2.carbon.device.application.mgt.authhandler/src/main/java/org/wso2/carbon/device/application/mgt/auth/handler/service/AuthHandlerService.java
new file mode 100644
index 00000000000..5e4e9314d0a
--- /dev/null
+++ b/components/application-mgt/org.wso2.carbon.device.application.mgt.authhandler/src/main/java/org/wso2/carbon/device/application/mgt/auth/handler/service/AuthHandlerService.java
@@ -0,0 +1,52 @@
+/*
+ * Copyright (c) 2017, WSO2 Inc. (http://www.wso2.org) All Rights Reserved.
+ *
+ * WSO2 Inc. licenses this file to you under the Apache License,
+ * Version 2.0 (the "License"); you may not use this file except
+ * in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing,
+ * software distributed under the License is distributed on an
+ * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+ * KIND, either express or implied.  See the License for the
+ * specific language governing permissions and limitations
+ * under the License.
+ */
+package org.wso2.carbon.device.application.mgt.auth.handler.service;
+
+import javax.ws.rs.Consumes;
+import javax.ws.rs.POST;
+import javax.ws.rs.Path;
+import javax.ws.rs.Produces;
+import javax.ws.rs.QueryParam;
+import javax.ws.rs.core.MediaType;
+import javax.ws.rs.core.Response;
+
+@Path("/auth")
+@Produces(MediaType.APPLICATION_JSON)
+@Consumes(MediaType.APPLICATION_JSON)
+public interface AuthHandlerService {
+
+    @POST
+    @Path("/login")
+    @Produces(MediaType.APPLICATION_JSON)
+    @Consumes(MediaType.APPLICATION_JSON)
+    Response login(@QueryParam("userName") String userName, @QueryParam("password") String password);
+
+    @POST
+    @Path("/refresh")
+    @Produces(MediaType.APPLICATION_JSON)
+    @Consumes(MediaType.APPLICATION_JSON)
+    Response refresh(@QueryParam("refresh_token") String refresh_token, @QueryParam("clientId") String clientId,
+                     @QueryParam("clientSecret") String clientSecret);
+
+    @POST
+    @Path("/logout")
+    @Produces(MediaType.APPLICATION_JSON)
+    @Consumes(MediaType.APPLICATION_JSON)
+    Response logout(@QueryParam("token") String token, @QueryParam("clientId") String clientId,
+                    @QueryParam("clientSecret") String clientSecret);
+}
diff --git a/components/application-mgt/org.wso2.carbon.device.application.mgt.authhandler/src/main/java/org/wso2/carbon/device/application/mgt/auth/handler/service/impl/AuthHandlerServiceImpl.java b/components/application-mgt/org.wso2.carbon.device.application.mgt.authhandler/src/main/java/org/wso2/carbon/device/application/mgt/auth/handler/service/impl/AuthHandlerServiceImpl.java
new file mode 100644
index 00000000000..cbb7846b94b
--- /dev/null
+++ b/components/application-mgt/org.wso2.carbon.device.application.mgt.authhandler/src/main/java/org/wso2/carbon/device/application/mgt/auth/handler/service/impl/AuthHandlerServiceImpl.java
@@ -0,0 +1,162 @@
+/*
+ * Copyright (c) 2017, WSO2 Inc. (http://www.wso2.org) All Rights Reserved.
+ *
+ * WSO2 Inc. licenses this file to you under the Apache License,
+ * Version 2.0 (the "License"); you may not use this file except
+ * in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing,
+ * software distributed under the License is distributed on an
+ * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+ * KIND, either express or implied.  See the License for the
+ * specific language governing permissions and limitations
+ * under the License.
+ */
+package org.wso2.carbon.device.application.mgt.auth.handler.service.impl;
+
+import feign.Client;
+import feign.Feign;
+import feign.auth.BasicAuthRequestInterceptor;
+import feign.jackson.JacksonDecoder;
+import feign.jackson.JacksonEncoder;
+import feign.jaxrs.JAXRSContract;
+import org.json.JSONObject;
+import org.wso2.carbon.device.application.mgt.auth.handler.service.AuthHandlerService;
+import org.wso2.carbon.device.application.mgt.auth.handler.util.Constants;
+import org.wso2.carbon.device.application.mgt.auth.handler.util.dto.AccessTokenInfo;
+import org.wso2.carbon.device.application.mgt.auth.handler.util.dto.ApiApplicationKey;
+import org.wso2.carbon.device.application.mgt.auth.handler.util.dto.ApiApplicationRegistrationService;
+import org.wso2.carbon.device.application.mgt.auth.handler.util.dto.ApiRegistrationProfile;
+import org.wso2.carbon.device.application.mgt.auth.handler.util.dto.TokenIssuerService;
+import org.wso2.carbon.device.application.mgt.auth.handler.util.dto.TokenRevokeService;
+
+import javax.net.ssl.HostnameVerifier;
+import javax.net.ssl.SSLContext;
+import javax.net.ssl.SSLSession;
+import javax.net.ssl.SSLSocketFactory;
+import javax.net.ssl.TrustManager;
+import javax.net.ssl.X509TrustManager;
+import javax.ws.rs.POST;
+import javax.ws.rs.Path;
+import javax.ws.rs.Produces;
+import javax.ws.rs.QueryParam;
+import javax.ws.rs.core.MediaType;
+import javax.ws.rs.core.Response;
+import java.security.KeyManagementException;
+import java.security.NoSuchAlgorithmException;
+
+@Path("/auth")
+public class AuthHandlerServiceImpl implements AuthHandlerService {
+
+    private TrustManager[] trustAllCerts = new TrustManager[]{
+            new X509TrustManager() {
+                public java.security.cert.X509Certificate[] getAcceptedIssuers() {
+                    return null;
+                }
+
+                public void checkClientTrusted(
+                        java.security.cert.X509Certificate[] certs, String authType) {
+                }
+
+                public void checkServerTrusted(
+                        java.security.cert.X509Certificate[] certs, String authType) {
+                }
+            }
+    };
+
+    private Client disableHostnameVerification = new Client.Default(getTrustedSSLSocketFactory(), new HostnameVerifier() {
+        @Override
+        public boolean verify(String s, SSLSession sslSession) {
+            return true;
+        }
+    });
+
+    @POST
+    @Path("/login")
+    @Produces(MediaType.APPLICATION_JSON)
+    @Override
+    public Response login(@QueryParam("userName") String userName, @QueryParam("password") String password) {
+
+        try {
+            ApiApplicationRegistrationService apiApplicationRegistrationService = Feign.builder()
+                    .client(disableHostnameVerification)
+                    .requestInterceptor(new BasicAuthRequestInterceptor(userName, password))
+                    .contract(new JAXRSContract()).encoder(new JacksonEncoder()).decoder(new JacksonDecoder())
+                    .target(ApiApplicationRegistrationService.class, Constants.API_APPLICATION_ENDPOINT);
+            ApiRegistrationProfile apiRegistrationProfile = new ApiRegistrationProfile();
+            apiRegistrationProfile.setApplicationName(Constants.APPLICATION_NAME);
+            apiRegistrationProfile.setIsAllowedToAllDomains(false);
+            apiRegistrationProfile.setIsMappingAnExistingOAuthApp(false);
+            apiRegistrationProfile.setTags(Constants.TAGS);
+            ApiApplicationKey apiApplicationKey = apiApplicationRegistrationService.register(apiRegistrationProfile);
+
+            //PasswordGrantType
+            TokenIssuerService tokenIssuerService = Feign.builder().client(disableHostnameVerification)
+                    .requestInterceptor(new BasicAuthRequestInterceptor(apiApplicationKey.getConsumerKey(),
+                            apiApplicationKey.getConsumerSecret()))
+                    .contract(new JAXRSContract()).encoder(new JacksonEncoder()).decoder(new JacksonDecoder())
+                    .target(TokenIssuerService.class, Constants.TOKEN_ENDPOINT);
+            AccessTokenInfo accessTokenInfo = tokenIssuerService.getToken(Constants.PASSWORD_GRANT_TYPE,
+                    userName, password, Constants.SCOPES);
+            JSONObject loginInfo = new JSONObject(accessTokenInfo);
+            loginInfo.append(Constants.USER_NAME, userName);
+            loginInfo.append(Constants.APPLICATION_INFO, new JSONObject(apiApplicationKey));
+            System.out.println(loginInfo);
+            return Response.status(200).entity(loginInfo.toString()).build();
+        } catch (Exception e) {
+            //return Response.status(500).build();
+        }
+        return Response.status(200).build();
+    }
+
+    @POST
+    @Path("/refresh")
+    @Produces(MediaType.APPLICATION_JSON)
+    @Override
+    public Response refresh(@QueryParam("refresh_token") String refresh_token, @QueryParam("clientId") String clientId,
+                            @QueryParam("clientSecret") String clientSecret) {
+        try {
+            TokenIssuerService tokenIssuerService = Feign.builder().client(disableHostnameVerification)
+                    .requestInterceptor(new BasicAuthRequestInterceptor(clientId, clientSecret))
+                    .contract(new JAXRSContract()).encoder(new JacksonEncoder()).decoder(new JacksonDecoder())
+                    .target(TokenIssuerService.class, Constants.TOKEN_ENDPOINT);
+            AccessTokenInfo accessTokenInfo = tokenIssuerService.getRefreshToken(Constants.REFRESH_GRANT_TYPE, refresh_token);
+            return Response.status(200).entity(new JSONObject(accessTokenInfo)).build();
+        } catch (Exception e) {
+            return Response.status(500).build();
+        }
+    }
+
+
+
+    @POST
+    @Path("/logout")
+    @Override
+    public Response logout(@QueryParam("token") String token, @QueryParam("clientId") String clientId,
+                           @QueryParam("clientSecret") String clientSecret) {
+        try {
+            TokenRevokeService tokenRevokeService = Feign.builder().client(disableHostnameVerification)
+                    .requestInterceptor(new BasicAuthRequestInterceptor(clientId, clientSecret))
+                    .contract(new JAXRSContract()).encoder(new JacksonEncoder()).decoder(new JacksonDecoder())
+                    .target(TokenRevokeService.class, Constants.TOKEN_ENDPOINT);
+            tokenRevokeService.revoke(token);
+
+            return Response.status(200).build();
+        } catch (Exception e) {
+            return Response.status(500).build();
+        }
+    }
+
+    private SSLSocketFactory getTrustedSSLSocketFactory() {
+        try {
+            SSLContext sc = SSLContext.getInstance("SSL");
+            sc.init(null, trustAllCerts, new java.security.SecureRandom());
+            return sc.getSocketFactory();
+        } catch (KeyManagementException | NoSuchAlgorithmException e) {
+            return null;
+        }
+    }
+}
diff --git a/components/application-mgt/org.wso2.carbon.device.application.mgt.authhandler/src/main/java/org/wso2/carbon/device/application/mgt/auth/handler/util/Constants.java b/components/application-mgt/org.wso2.carbon.device.application.mgt.authhandler/src/main/java/org/wso2/carbon/device/application/mgt/auth/handler/util/Constants.java
new file mode 100644
index 00000000000..9cb64b83fcf
--- /dev/null
+++ b/components/application-mgt/org.wso2.carbon.device.application.mgt.authhandler/src/main/java/org/wso2/carbon/device/application/mgt/auth/handler/util/Constants.java
@@ -0,0 +1,34 @@
+/*
+ * Copyright (c) 2017, WSO2 Inc. (http://www.wso2.org) All Rights Reserved.
+ *
+ * WSO2 Inc. licenses this file to you under the Apache License,
+ * Version 2.0 (the "License"); you may not use this file except
+ * in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing,
+ * software distributed under the License is distributed on an
+ * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+ * KIND, either express or implied.  See the License for the
+ * specific language governing permissions and limitations
+ * under the License.
+ */
+
+package org.wso2.carbon.device.application.mgt.auth.handler.util;
+
+public class Constants {
+    public static String SCOPES = "perm:application:get perm:application:create perm:application:update " +
+            "perm:application-mgt:login perm:application:delete perm:platform:add perm:platform:remove " +
+            "perm:roles:view perm:devices:view perm:platform:get";
+
+    public static String[] TAGS = {"device_management"};
+    public static String USER_NAME = "userName";
+    public static String APPLICATION_NAME = "applicationmgt_publisher";
+    public static String TOKEN_ENDPOINT = "https://localhost:8243";
+    public static String PASSWORD_GRANT_TYPE = "password";
+    public static String REFRESH_GRANT_TYPE = "refresh_token";
+    public static String API_APPLICATION_ENDPOINT = "https://localhost:9443/api-application-registration/";
+    public static String APPLICATION_INFO = "application_info";
+}
diff --git a/components/application-mgt/org.wso2.carbon.device.application.mgt.authhandler/src/main/java/org/wso2/carbon/device/application/mgt/auth/handler/util/dto/AccessTokenInfo.java b/components/application-mgt/org.wso2.carbon.device.application.mgt.authhandler/src/main/java/org/wso2/carbon/device/application/mgt/auth/handler/util/dto/AccessTokenInfo.java
new file mode 100755
index 00000000000..6f750d7cb9a
--- /dev/null
+++ b/components/application-mgt/org.wso2.carbon.device.application.mgt.authhandler/src/main/java/org/wso2/carbon/device/application/mgt/auth/handler/util/dto/AccessTokenInfo.java
@@ -0,0 +1,83 @@
+/*
+ * Copyright (c) 2017, WSO2 Inc. (http://www.wso2.org) All Rights Reserved.
+ *
+ * WSO2 Inc. licenses this file to you under the Apache License,
+ * Version 2.0 (the "License"); you may not use this file except
+ * in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing,
+ * software distributed under the License is distributed on an
+ * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+ * KIND, either express or implied.  See the License for the
+ * specific language governing permissions and limitations
+ * under the License.
+ */
+
+package org.wso2.carbon.device.application.mgt.auth.handler.util.dto;
+
+import com.fasterxml.jackson.annotation.JsonIgnoreProperties;
+
+import javax.xml.bind.annotation.XmlElement;
+import javax.xml.bind.annotation.XmlRootElement;
+
+/**
+ * This hold access token info that returned from the api call
+ */
+@XmlRootElement(name = "AccessTokenInfo")
+@JsonIgnoreProperties(ignoreUnknown = true)
+public class AccessTokenInfo {
+
+    @XmlElement(required = true, name = "token_type")
+    private String token_type;
+
+    @XmlElement(required = true, name = "expires_in")
+    private String expires_in;
+
+    @XmlElement(required = true, name = "refresh_token")
+    private String refresh_token;
+
+    @XmlElement(required = true, name = "access_token")
+    private String access_token;
+
+    public AccessTokenInfo() {}
+
+    public String getToken_type() {
+        return token_type;
+    }
+
+    public void setToken_type(String token_type) {
+        this.token_type = token_type;
+    }
+
+    public String getExpires_in() {
+        return expires_in;
+    }
+
+    public void setExpires_in(String expires_in) {
+        this.expires_in = expires_in;
+    }
+
+    public String getRefresh_token() {
+        return refresh_token;
+    }
+
+    public void setRefresh_token(String refresh_token) {
+        this.refresh_token = refresh_token;
+    }
+
+    public String getAccess_token() {
+        return access_token;
+    }
+
+    public void setAccess_token(String access_token) {
+        this.access_token = access_token;
+    }
+
+    @Override
+    public String toString() {
+        return access_token + " " + token_type + " " + refresh_token + " ";
+    }
+}
diff --git a/components/application-mgt/org.wso2.carbon.device.application.mgt.authhandler/src/main/java/org/wso2/carbon/device/application/mgt/auth/handler/util/dto/ApiApplicationKey.java b/components/application-mgt/org.wso2.carbon.device.application.mgt.authhandler/src/main/java/org/wso2/carbon/device/application/mgt/auth/handler/util/dto/ApiApplicationKey.java
new file mode 100644
index 00000000000..d66b4691fb8
--- /dev/null
+++ b/components/application-mgt/org.wso2.carbon.device.application.mgt.authhandler/src/main/java/org/wso2/carbon/device/application/mgt/auth/handler/util/dto/ApiApplicationKey.java
@@ -0,0 +1,49 @@
+/*
+ * Copyright (c) 2017, WSO2 Inc. (http://www.wso2.org) All Rights Reserved.
+ *
+ * WSO2 Inc. licenses this file to you under the Apache License,
+ * Version 2.0 (the "License"); you may not use this file except
+ * in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing,
+ * software distributed under the License is distributed on an
+ * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+ * KIND, either express or implied.  See the License for the
+ * specific language governing permissions and limitations
+ * under the License.
+ */
+
+package org.wso2.carbon.device.application.mgt.auth.handler.util.dto;
+
+import javax.xml.bind.annotation.XmlElement;
+import javax.xml.bind.annotation.XmlRootElement;
+
+/**
+ * This holds api application consumer key and secret.
+ */
+@XmlRootElement
+public class ApiApplicationKey {
+    @XmlElement
+    private String client_id;
+    @XmlElement
+    private String client_secret;
+
+    public String getConsumerKey() {
+        return this.client_id;
+    }
+
+    public void setClient_id(String consumerKey) {
+        this.client_id = consumerKey;
+    }
+
+    public String getConsumerSecret() {
+        return this.client_secret;
+    }
+
+    public void setClient_secret(String consumerSecret) {
+        this.client_secret = consumerSecret;
+    }
+}
diff --git a/components/application-mgt/org.wso2.carbon.device.application.mgt.authhandler/src/main/java/org/wso2/carbon/device/application/mgt/auth/handler/util/dto/ApiApplicationRegistrationService.java b/components/application-mgt/org.wso2.carbon.device.application.mgt.authhandler/src/main/java/org/wso2/carbon/device/application/mgt/auth/handler/util/dto/ApiApplicationRegistrationService.java
new file mode 100755
index 00000000000..913e0e51c92
--- /dev/null
+++ b/components/application-mgt/org.wso2.carbon.device.application.mgt.authhandler/src/main/java/org/wso2/carbon/device/application/mgt/auth/handler/util/dto/ApiApplicationRegistrationService.java
@@ -0,0 +1,43 @@
+/*
+ * Copyright (c) 2017, WSO2 Inc. (http://www.wso2.org) All Rights Reserved.
+ *
+ * WSO2 Inc. licenses this file to you under the Apache License,
+ * Version 2.0 (the "License"); you may not use this file except
+ * in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing,
+ * software distributed under the License is distributed on an
+ * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+ * KIND, either express or implied.  See the License for the
+ * specific language governing permissions and limitations
+ * under the License.
+ */
+
+package org.wso2.carbon.device.application.mgt.auth.handler.util.dto;
+
+import javax.ws.rs.Consumes;
+import javax.ws.rs.POST;
+import javax.ws.rs.Path;
+import javax.ws.rs.Produces;
+import javax.ws.rs.core.MediaType;
+
+/**
+ * This is the application registration service that exposed for apimApplicationRegistration
+ */
+
+@Path("/register")
+public interface ApiApplicationRegistrationService {
+
+    /**
+     * This method is used to register api application
+     *
+     * @param registrationProfile contains the necessary attributes that are needed in order to register an app.
+     */
+    @POST
+    @Produces(MediaType.APPLICATION_JSON)
+    @Consumes(MediaType.APPLICATION_JSON)
+    ApiApplicationKey register(ApiRegistrationProfile registrationProfile);
+}
diff --git a/components/application-mgt/org.wso2.carbon.device.application.mgt.authhandler/src/main/java/org/wso2/carbon/device/application/mgt/auth/handler/util/dto/ApiRegistrationProfile.java b/components/application-mgt/org.wso2.carbon.device.application.mgt.authhandler/src/main/java/org/wso2/carbon/device/application/mgt/auth/handler/util/dto/ApiRegistrationProfile.java
new file mode 100755
index 00000000000..cbe488dbb80
--- /dev/null
+++ b/components/application-mgt/org.wso2.carbon.device.application.mgt.authhandler/src/main/java/org/wso2/carbon/device/application/mgt/auth/handler/util/dto/ApiRegistrationProfile.java
@@ -0,0 +1,82 @@
+/*
+ * Copyright (c) 2017, WSO2 Inc. (http://www.wso2.org) All Rights Reserved.
+ *
+ * WSO2 Inc. licenses this file to you under the Apache License,
+ * Version 2.0 (the "License"); you may not use this file except
+ * in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing,
+ * software distributed under the License is distributed on an
+ * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+ * KIND, either express or implied.  See the License for the
+ * specific language governing permissions and limitations
+ * under the License.
+ */
+
+package org.wso2.carbon.device.application.mgt.auth.handler.util.dto;
+
+
+/**
+ * This class represents the data that are required to register
+ * the oauth application.
+ */
+public class ApiRegistrationProfile {
+
+    public String applicationName;
+    public String tags[];
+    public boolean isAllowedToAllDomains;
+    public String consumerKey;
+    public String consumerSecret;
+    public boolean isMappingAnExistingOAuthApp;
+
+    public String getApplicationName() {
+        return applicationName;
+    }
+
+    public void setApplicationName(String applicationName) {
+        this.applicationName = applicationName;
+    }
+
+    public String[] getTags() {
+        return tags;
+    }
+
+    public void setTags(String[] tags) {
+        this.tags = tags;
+    }
+
+    public boolean isAllowedToAllDomains() {
+        return isAllowedToAllDomains;
+    }
+
+    public void setIsAllowedToAllDomains(boolean isAllowedToAllDomains) {
+        this.isAllowedToAllDomains = isAllowedToAllDomains;
+    }
+
+    public boolean isMappingAnExistingOAuthApp() {
+        return isMappingAnExistingOAuthApp;
+    }
+
+    public void setIsMappingAnExistingOAuthApp(boolean isMappingAnExistingOAuthApp) {
+        this.isMappingAnExistingOAuthApp = isMappingAnExistingOAuthApp;
+    }
+
+    public String getConsumerKey() {
+        return consumerKey;
+    }
+
+    public void setConsumerKey(String consumerKey) {
+        this.consumerKey = consumerKey;
+    }
+
+    public String getConsumerSecret() {
+        return consumerSecret;
+    }
+
+    public void setConsumerSecret(String consumerSecret) {
+        this.consumerSecret = consumerSecret;
+    }
+}
\ No newline at end of file
diff --git a/components/application-mgt/org.wso2.carbon.device.application.mgt.authhandler/src/main/java/org/wso2/carbon/device/application/mgt/auth/handler/util/dto/OAuthRequestInterceptor.java b/components/application-mgt/org.wso2.carbon.device.application.mgt.authhandler/src/main/java/org/wso2/carbon/device/application/mgt/auth/handler/util/dto/OAuthRequestInterceptor.java
new file mode 100755
index 00000000000..c99a738b7b6
--- /dev/null
+++ b/components/application-mgt/org.wso2.carbon.device.application.mgt.authhandler/src/main/java/org/wso2/carbon/device/application/mgt/auth/handler/util/dto/OAuthRequestInterceptor.java
@@ -0,0 +1,47 @@
+/*
+ * Copyright (c) 2017, WSO2 Inc. (http://www.wso2.org) All Rights Reserved.
+ *
+ * WSO2 Inc. licenses this file to you under the Apache License,
+ * Version 2.0 (the "License"); you may not use this file except
+ * in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing,
+ * software distributed under the License is distributed on an
+ * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+ * KIND, either express or implied.  See the License for the
+ * specific language governing permissions and limitations
+ * under the License.
+ */
+
+package org.wso2.carbon.device.application.mgt.auth.handler.util.dto;
+
+
+import feign.RequestInterceptor;
+import feign.RequestTemplate;
+
+import static feign.Util.checkNotNull;
+
+/**
+ * This is a request interceptor to add oauth token header.
+ */
+public class OAuthRequestInterceptor implements RequestInterceptor {
+
+    private final String headerValue;
+
+    /**
+     * Creates an interceptor that authenticates all requests with the specified OAUTH token
+     *
+     * @param token the access token to use for authentication
+     */
+    public OAuthRequestInterceptor(String token) {
+        checkNotNull(token, "access_token");
+        headerValue = "Bearer " + token;
+    }
+    @Override
+    public void apply(RequestTemplate template) {
+        template.header("Authorization", headerValue);
+    }
+}
diff --git a/components/application-mgt/org.wso2.carbon.device.application.mgt.authhandler/src/main/java/org/wso2/carbon/device/application/mgt/auth/handler/util/dto/RegistrationProfile.java b/components/application-mgt/org.wso2.carbon.device.application.mgt.authhandler/src/main/java/org/wso2/carbon/device/application/mgt/auth/handler/util/dto/RegistrationProfile.java
new file mode 100755
index 00000000000..d1893280998
--- /dev/null
+++ b/components/application-mgt/org.wso2.carbon.device.application.mgt.authhandler/src/main/java/org/wso2/carbon/device/application/mgt/auth/handler/util/dto/RegistrationProfile.java
@@ -0,0 +1,83 @@
+/*
+ * Copyright (c) 2017, WSO2 Inc. (http://www.wso2.org) All Rights Reserved.
+ *
+ * WSO2 Inc. licenses this file to you under the Apache License,
+ * Version 2.0 (the "License"); you may not use this file except
+ * in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing,
+ * software distributed under the License is distributed on an
+ * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+ * KIND, either express or implied.  See the License for the
+ * specific language governing permissions and limitations
+ * under the License.
+ */
+package org.wso2.carbon.device.application.mgt.auth.handler.util.dto;
+
+/**
+ * This class represents the data that are required to register
+ * the oauth application.
+ */
+public class RegistrationProfile {
+
+    public String callbackUrl;
+    public String clientName;
+    public String tokenScope;
+    public String owner;
+    public String grantType;
+    public String applicationType;
+
+    private static final String TAG = RegistrationProfile.class.getSimpleName();
+
+    public String getCallbackUrl() {
+        return callbackUrl;
+    }
+
+    public void setCallbackUrl(String callBackUrl) {
+        this.callbackUrl = callBackUrl;
+    }
+
+    public String getClientName() {
+        return clientName;
+    }
+
+    public void setClientName(String clientName) {
+        this.clientName = clientName;
+    }
+
+    public String getTokenScope() {
+        return tokenScope;
+    }
+
+    public void setTokenScope(String tokenScope) {
+        this.tokenScope = tokenScope;
+    }
+
+    public String getOwner() {
+        return owner;
+    }
+
+    public void setOwner(String owner) {
+        this.owner = owner;
+    }
+
+    public String getGrantType() {
+        return grantType;
+    }
+
+    public void setGrantType(String grantType) {
+        this.grantType = grantType;
+    }
+
+    public String getApplicationType() {
+        return applicationType;
+    }
+
+    public void setApplicationType(String applicationType) {
+        this.applicationType = applicationType;
+    }
+
+}
\ No newline at end of file
diff --git a/components/application-mgt/org.wso2.carbon.device.application.mgt.authhandler/src/main/java/org/wso2/carbon/device/application/mgt/auth/handler/util/dto/TokenIssuerService.java b/components/application-mgt/org.wso2.carbon.device.application.mgt.authhandler/src/main/java/org/wso2/carbon/device/application/mgt/auth/handler/util/dto/TokenIssuerService.java
new file mode 100755
index 00000000000..86eae76471c
--- /dev/null
+++ b/components/application-mgt/org.wso2.carbon.device.application.mgt.authhandler/src/main/java/org/wso2/carbon/device/application/mgt/auth/handler/util/dto/TokenIssuerService.java
@@ -0,0 +1,42 @@
+/*
+ * Copyright (c) 2017, WSO2 Inc. (http://www.wso2.org) All Rights Reserved.
+ *
+ * WSO2 Inc. licenses this file to you under the Apache License,
+ * Version 2.0 (the "License"); you may not use this file except
+ * in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing,
+ * software distributed under the License is distributed on an
+ * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+ * KIND, either express or implied.  See the License for the
+ * specific language governing permissions and limitations
+ * under the License.
+ */
+
+package org.wso2.carbon.device.application.mgt.auth.handler.util.dto;
+
+import javax.ws.rs.POST;
+import javax.ws.rs.Path;
+import javax.ws.rs.Produces;
+import javax.ws.rs.QueryParam;
+import javax.ws.rs.core.MediaType;
+
+/**
+ * This hold the api definition that is used as a contract with netflix feign.
+ */
+@Path("/token")
+public interface TokenIssuerService {
+
+    @POST
+    @Produces(MediaType.APPLICATION_JSON)
+    AccessTokenInfo getToken(@QueryParam("grant_type") String grant, @QueryParam("username") String username,
+                             @QueryParam("password") String password, @QueryParam("scope") String scope);
+
+    @POST
+    @Produces(MediaType.APPLICATION_JSON)
+    AccessTokenInfo getRefreshToken(@QueryParam("grant_type") String grantType,
+                                    @QueryParam("refreshToken") String refreshToken);
+}
diff --git a/components/application-mgt/org.wso2.carbon.device.application.mgt.publisher.ui/src/main/resources/publisher/src/components/Overview/PublisherOverview.jsx b/components/application-mgt/org.wso2.carbon.device.application.mgt.authhandler/src/main/java/org/wso2/carbon/device/application/mgt/auth/handler/util/dto/TokenRevokeService.java
similarity index 52%
rename from components/application-mgt/org.wso2.carbon.device.application.mgt.publisher.ui/src/main/resources/publisher/src/components/Overview/PublisherOverview.jsx
rename to components/application-mgt/org.wso2.carbon.device.application.mgt.authhandler/src/main/java/org/wso2/carbon/device/application/mgt/auth/handler/util/dto/TokenRevokeService.java
index c5ba536d067..331d24d333a 100644
--- a/components/application-mgt/org.wso2.carbon.device.application.mgt.publisher.ui/src/main/resources/publisher/src/components/Overview/PublisherOverview.jsx
+++ b/components/application-mgt/org.wso2.carbon.device.application.mgt.authhandler/src/main/java/org/wso2/carbon/device/application/mgt/auth/handler/util/dto/TokenRevokeService.java
@@ -11,39 +11,25 @@
  * Unless required by applicable law or agreed to in writing,
  * software distributed under the License is distributed on an
  * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
- * KIND, either express or implied. See the License for the
+ * KIND, either express or implied.  See the License for the
  * specific language governing permissions and limitations
  * under the License.
  */
-import React, {Component} from 'react';
-import DataTable from '../UIComponents/DataTable';
 
-/**
- *
- * ***NEW***
- * The Publisher overview component.
- * This component could be used to view app analytics.
- * i.e number of overall downloads, ratings ect.
- * */
-class PublisherOverview extends Component {
-
-    constructor() {
-        super();
-    }
+package org.wso2.carbon.device.application.mgt.auth.handler.util.dto;
 
-    componentWillMount() {
-    }
+import javax.ws.rs.POST;
+import javax.ws.rs.Path;
+import javax.ws.rs.QueryParam;
+import javax.ws.rs.core.Response;
 
-    render() {
-
-        return (
+/**
+ * Api definition for token revoke that will be used as Feign contract.
+ * */
+@Path("/revoke")
+public interface TokenRevokeService {
 
-            <div>
-                Overview
+    @POST
+    Response revoke(@QueryParam("token")String accessToken);
 
-            </div>
-        );
-    }
 }
-
-export default PublisherOverview;
\ No newline at end of file
diff --git a/components/application-mgt/org.wso2.carbon.device.application.mgt.authhandler/src/main/webapp/META-INF/permissions.xml b/components/application-mgt/org.wso2.carbon.device.application.mgt.authhandler/src/main/webapp/META-INF/permissions.xml
new file mode 100644
index 00000000000..4fe224af469
--- /dev/null
+++ b/components/application-mgt/org.wso2.carbon.device.application.mgt.authhandler/src/main/webapp/META-INF/permissions.xml
@@ -0,0 +1,35 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<!--
+  ~ Copyright (c) 2016, WSO2 Inc. (http://www.wso2.org) All Rights Reserved.
+  ~
+  ~ WSO2 Inc. licenses this file to you under the Apache License,
+  ~ Version 2.0 (the "License"); you may not use this file except
+  ~ in compliance with the License.
+  ~ You may obtain a copy of the License at
+  ~
+  ~ http://www.apache.org/licenses/LICENSE-2.0
+  ~
+  ~ Unless required by applicable law or agreed to in writing,
+  ~ software distributed under the License is distributed on an
+  ~ "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+  ~ KIND, either express or implied. See the License for the
+  ~ specific language governing permissions and limitations
+  ~ under the License.
+  -->
+
+<!-- This file contains the list of permissions that are associated with URL end points
+    of the web app. Each permission should contain the name, permission path ,API path
+    (URL) , HTTP method and OAUTH2 authorization scope (not-required).
+    When defining dynamic paths for APIs, path variables are denoted by '*' notation.
+    For ex:
+    Actual API endpoint: devicemgt_admin/1.0.0/devices/{device-id}
+    URL to be represented here: /devices/*
+    NOTE: All the endpoints of the web app should be available in this file. Otherwise
+    it will result 403 error at the runtime.
+-->
+<PermissionConfiguration>
+    <APIVersion></APIVersion>
+
+    <!-- Application related permissions -->
+
+</PermissionConfiguration>
diff --git a/components/application-mgt/org.wso2.carbon.device.application.mgt.authhandler/src/main/webapp/META-INF/webapp-classloading.xml b/components/application-mgt/org.wso2.carbon.device.application.mgt.authhandler/src/main/webapp/META-INF/webapp-classloading.xml
new file mode 100644
index 00000000000..ed2ed216247
--- /dev/null
+++ b/components/application-mgt/org.wso2.carbon.device.application.mgt.authhandler/src/main/webapp/META-INF/webapp-classloading.xml
@@ -0,0 +1,35 @@
+<?xml version="1.0" encoding="ISO-8859-1"?>
+
+<!--
+  ~ Copyright (c) 2015, WSO2 Inc. (http://www.wso2.org) All Rights Reserved.
+  ~
+  ~ WSO2 Inc. licenses this file to you under the Apache License,
+  ~ Version 2.0 (the "License"); you may not use this file except
+  ~ in compliance with the License.
+  ~ You may obtain a copy of the License at
+  ~
+  ~ http://www.apache.org/licenses/LICENSE-2.0
+  ~
+  ~ Unless required by applicable law or agreed to in writing,
+  ~ software distributed under the License is distributed on an
+  ~ "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+  ~ KIND, either express or implied.  See the License for the
+  ~ specific language governing permissions and limitations
+  ~ under the License.
+  -->
+
+<!--
+    This file defines class loading policy of the whole container. But this behaviour can be overridden by individual webapps by putting this file into the META-INF/ directory.   
+-->
+<Classloading xmlns="http://wso2.org/projects/as/classloading">
+
+    <!-- Parent-first or child-first. Default behaviour is child-first.-->
+    <ParentFirst>false</ParentFirst>
+
+    <!-- 
+	Default environments that contains provides to all the webapps. This can be overridden by individual webapps by specifing required environments 
+	Tomcat environment is the default and every webapps gets it even if they didn't specify it.
+	e.g. If a webapps requires CXF, they will get both Tomcat and CXF.
+     -->
+    <Environments>CXF,Carbon</Environments>
+</Classloading>
diff --git a/components/application-mgt/org.wso2.carbon.device.application.mgt.authhandler/src/main/webapp/WEB-INF/cxf-servlet.xml b/components/application-mgt/org.wso2.carbon.device.application.mgt.authhandler/src/main/webapp/WEB-INF/cxf-servlet.xml
new file mode 100644
index 00000000000..64efa8991d9
--- /dev/null
+++ b/components/application-mgt/org.wso2.carbon.device.application.mgt.authhandler/src/main/webapp/WEB-INF/cxf-servlet.xml
@@ -0,0 +1,38 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<!--
+  ~ Copyright (c) 2017, WSO2 Inc. (http://www.wso2.org) All Rights Reserved.
+  ~
+  ~ WSO2 Inc. licenses this file to you under the Apache License,
+  ~ Version 2.0 (the "License"); you may not use this file except
+  ~ in compliance with the License.
+  ~ You may obtain a copy of the License at
+  ~
+  ~ http://www.apache.org/licenses/LICENSE-2.0
+  ~
+  ~ Unless required by applicable law or agreed to in writing,
+  ~ software distributed under the License is distributed on an
+  ~ "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+  ~ KIND, either express or implied. See the License for the
+  ~ specific language governing permissions and limitations
+  ~ under the License.
+  -->
+<beans xmlns="http://www.springframework.org/schema/beans"
+       xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
+       xmlns:jaxrs="http://cxf.apache.org/jaxrs"
+       xsi:schemaLocation="
+http://www.springframework.org/schema/beans http://www.springframework.org/schema/beans/spring-beans-2.0.xsd
+http://cxf.apache.org/jaxrs http://cxf.apache.org/schemas/jaxrs.xsd">
+
+    <jaxrs:server id="applicationMgtAuthService" address="/">
+        <jaxrs:serviceBeans>
+            <ref bean="applicationMgtAuthServiceBean"/>
+        </jaxrs:serviceBeans>
+    </jaxrs:server>
+
+    <bean id="applicationMgtAuthServiceBean"
+          class="org.wso2.carbon.device.application.mgt.auth.handler.service.impl.AuthHandlerServiceImpl"/>
+
+
+</beans>
+
+
diff --git a/components/application-mgt/org.wso2.carbon.device.application.mgt.authhandler/src/main/webapp/WEB-INF/web.xml b/components/application-mgt/org.wso2.carbon.device.application.mgt.authhandler/src/main/webapp/WEB-INF/web.xml
new file mode 100644
index 00000000000..52559eead94
--- /dev/null
+++ b/components/application-mgt/org.wso2.carbon.device.application.mgt.authhandler/src/main/webapp/WEB-INF/web.xml
@@ -0,0 +1,115 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<!--
+  ~ Copyright (c) 2016, WSO2 Inc. (http://www.wso2.org) All Rights Reserved.
+  ~
+  ~ WSO2 Inc. licenses this file to you under the Apache License,
+  ~ Version 2.0 (the "License"); you may not use this file except
+  ~ in compliance with the License.
+  ~ You may obtain a copy of the License at
+  ~
+  ~ http://www.apache.org/licenses/LICENSE-2.0
+  ~
+  ~ Unless required by applicable law or agreed to in writing,
+  ~ software distributed under the License is distributed on an
+  ~ "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+  ~ KIND, either express or implied. See the License for the
+  ~ specific language governing permissions and limitations
+  ~ under the License.
+  -->
+<web-app xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xmlns="http://java.sun.com/xml/ns/javaee"
+         xsi:schemaLocation="http://java.sun.com/xml/ns/javaee http://java.sun.com/xml/ns/javaee/web-app_2_5.xsd"
+         version="2.5">
+    <display-name>Application Management Auth Webapp</display-name>
+    <servlet>
+        <description>JAX-WS/JAX-RS Application Management Endpoint</description>
+        <display-name>JAX-WS/JAX-RS Servlet</display-name>
+        <servlet-name>CXFServlet</servlet-name>
+        <servlet-class>
+            org.apache.cxf.transport.servlet.CXFServlet
+        </servlet-class>
+     </servlet>
+    <servlet-mapping>
+        <servlet-name>CXFServlet</servlet-name>
+        <url-pattern>/*</url-pattern>
+    </servlet-mapping>
+    <session-config>
+        <session-timeout>60</session-timeout>
+    </session-config>
+    <context-param>
+        <param-name>doAuthentication</param-name>
+        <param-value>false</param-value>
+    </context-param>
+
+    <!--publish to apim-->
+    <context-param>
+        <param-name>managed-api-enabled</param-name>
+        <param-value>false</param-value>
+    </context-param>
+    <context-param>
+        <param-name>managed-api-owner</param-name>
+        <param-value>admin</param-value>
+    </context-param>
+    <context-param>
+        <param-name>isSharedWithAllTenants</param-name>
+        <param-value>true</param-value>
+    </context-param>
+
+    <filter>
+        <filter-name>CorsFilter</filter-name>
+        <filter-class>org.apache.catalina.filters.CorsFilter</filter-class>
+        <init-param>
+            <param-name>cors.allowed.origins</param-name>
+            <param-value>*</param-value>
+        </init-param>
+        <init-param>
+            <param-name>cors.allowed.methods</param-name>
+            <param-value>GET,POST,DELETE,PUT</param-value>
+        </init-param>
+        <init-param>
+            <param-name>cors.allowed.headers</param-name>
+            <param-value>Content-Type</param-value>
+        </init-param>
+    </filter>
+
+    <filter>
+        <filter-name>HttpHeaderSecurityFilter</filter-name>
+        <filter-class>org.apache.catalina.filters.HttpHeaderSecurityFilter</filter-class>
+        <init-param>
+            <param-name>hstsEnabled</param-name>
+            <param-value>false</param-value>
+        </init-param>
+    </filter>
+
+    <filter>
+        <filter-name>ContentTypeBasedCachePreventionFilter</filter-name>
+        <filter-class>org.wso2.carbon.ui.filters.cache.ContentTypeBasedCachePreventionFilter</filter-class>
+        <init-param>
+            <param-name>patterns</param-name>
+            <param-value>text/html" ,application/json" ,text/plain</param-value>
+        </init-param>
+        <init-param>
+            <param-name>filterAction</param-name>
+            <param-value>enforce</param-value>
+        </init-param>
+        <init-param>
+            <param-name>httpHeaders</param-name>
+            <param-value>Cache-Control: no-store, no-cache, must-revalidate, private</param-value>
+        </init-param>
+    </filter>
+
+    <filter-mapping>
+        <filter-name>HttpHeaderSecurityFilter</filter-name>
+        <url-pattern>/*</url-pattern>
+    </filter-mapping>
+
+    <filter-mapping>
+        <filter-name>ContentTypeBasedCachePreventionFilter</filter-name>
+        <url-pattern>/*</url-pattern>
+    </filter-mapping>
+
+    <filter-mapping>
+        <filter-name>CorsFilter</filter-name>
+        <url-pattern>/*</url-pattern>
+    </filter-mapping>
+
+</web-app>
\ No newline at end of file
diff --git a/components/application-mgt/pom.xml b/components/application-mgt/pom.xml
index 61523a4ba9f..5b7f9cad9d9 100644
--- a/components/application-mgt/pom.xml
+++ b/components/application-mgt/pom.xml
@@ -38,6 +38,7 @@
         <module>org.wso2.carbon.device.application.mgt.common</module>
         <module>org.wso2.carbon.device.application.mgt.api</module>
         <module>org.wso2.carbon.device.application.mgt.publisher.ui</module>
+        <module>org.wso2.carbon.device.application.mgt.authhandler</module>
     </modules>
 
     <build>
diff --git a/features/application-mgt/org.wso2.carbon.device.application.mgt.auth.handler.feature/pom.xml b/features/application-mgt/org.wso2.carbon.device.application.mgt.auth.handler.feature/pom.xml
new file mode 100644
index 00000000000..06e460a5911
--- /dev/null
+++ b/features/application-mgt/org.wso2.carbon.device.application.mgt.auth.handler.feature/pom.xml
@@ -0,0 +1,120 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<!--
+~ Copyright (c) 2017, WSO2 Inc. (http://www.wso2.org) All Rights Reserved.
+~
+~ WSO2 Inc. licenses this file to you under the Apache License,
+~ Version 2.0 (the "License"); you may not use this file except
+~ in compliance with the License.
+~ You may obtain a copy of the License at
+~
+~    http://www.apache.org/licenses/LICENSE-2.0
+~
+~ Unless required by applicable law or agreed to in writing,
+~ software distributed under the License is distributed on an
+~ "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+~ KIND, either express or implied.  See the License for the
+~ specific language governing permissions and limitations
+~ under the License.
+-->
+<project xmlns="http://maven.apache.org/POM/4.0.0"
+         xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
+         xsi:schemaLocation="http://maven.apache.org/POM/4.0.0 http://maven.apache.org/xsd/maven-4.0.0.xsd">
+    <parent>
+        <groupId>org.wso2.carbon.devicemgt</groupId>
+        <artifactId>application-mgt-feature</artifactId>
+        <version>3.0.46-SNAPSHOT</version>
+    </parent>
+
+    <modelVersion>4.0.0</modelVersion>
+    <artifactId>org.wso2.carbon.device.application.mgt.auth.handler.feature</artifactId>
+    <version>3.0.46-SNAPSHOT</version>
+    <packaging>pom</packaging>
+    <name>WSO2 Carbon - Application Management Authentication Handler Feature</name>
+    <description>This feature contains the Authentication Handler implementation for Publisher and Store.</description>
+    <url>http://wso2.org</url>
+
+    <build>
+        <plugins>
+            <plugin>
+                <groupId>org.apache.maven.plugins</groupId>
+                <artifactId>maven-dependency-plugin</artifactId>
+                <executions>
+                    <execution>
+                        <id>copy</id>
+                        <phase>package</phase>
+                        <goals>
+                            <goal>copy</goal>
+                        </goals>
+                        <configuration>
+                            <artifactItems>
+                                <artifactItem>
+                                    <groupId>org.wso2.carbon.devicemgt</groupId>
+                                    <artifactId>org.wso2.carbon.device.application.mgt.authhandler
+                                    </artifactId>
+                                    <version>${project.version}</version>
+                                    <type>war</type>
+                                    <overWrite>true</overWrite>
+                                    <outputDirectory>
+                                        ${project.build.directory}/maven-shared-archive-resources/webapps
+                                    </outputDirectory>
+                                    <destFileName>auth#application-mgt#v1.0.war</destFileName>
+                                </artifactItem>
+                            </artifactItems>
+                        </configuration>
+                    </execution>
+                </executions>
+            </plugin>
+            <plugin>
+                <groupId>org.apache.maven.plugins</groupId>
+                <artifactId>maven-resources-plugin</artifactId>
+                <executions>
+                    <execution>
+                        <id>copy-resources</id>
+                        <phase>generate-resources</phase>
+                        <goals>
+                            <goal>copy-resources</goal>
+                        </goals>
+                        <configuration>
+                            <outputDirectory>src/main/resources</outputDirectory>
+                            <resources>
+                                <resource>
+                                    <directory>resources</directory>
+                                    <includes>
+                                        <include>build.properties</include>
+                                        <include>p2.inf</include>
+                                    </includes>
+                                </resource>
+                            </resources>
+                        </configuration>
+                    </execution>
+                </executions>
+            </plugin>
+            <plugin>
+                <groupId>org.wso2.maven</groupId>
+                <artifactId>carbon-p2-plugin</artifactId>
+                <executions>
+                    <execution>
+                        <id>p2-feature-generation</id>
+                        <phase>package</phase>
+                        <goals>
+                            <goal>p2-feature-gen</goal>
+                        </goals>
+                        <configuration>
+                            <id>org.wso2.carbon.device.application.mgt.auth.handler</id>
+                            <propertiesFile>../../../features/etc/feature.properties
+                            </propertiesFile>
+                            <adviceFile>
+                                <properties>
+                                    <propertyDef>org.wso2.carbon.p2.category.type:server
+                                    </propertyDef>
+                                    <propertyDef>org.eclipse.equinox.p2.type.group:false
+                                    </propertyDef>
+                                </properties>
+                            </adviceFile>
+                        </configuration>
+                    </execution>
+                </executions>
+            </plugin>
+        </plugins>
+    </build>
+</project>
diff --git a/features/application-mgt/org.wso2.carbon.device.application.mgt.auth.handler.feature/src/main/resources/build.properties b/features/application-mgt/org.wso2.carbon.device.application.mgt.auth.handler.feature/src/main/resources/build.properties
new file mode 100644
index 00000000000..9c86577d768
--- /dev/null
+++ b/features/application-mgt/org.wso2.carbon.device.application.mgt.auth.handler.feature/src/main/resources/build.properties
@@ -0,0 +1 @@
+custom = true
diff --git a/features/application-mgt/org.wso2.carbon.device.application.mgt.auth.handler.feature/src/main/resources/p2.inf b/features/application-mgt/org.wso2.carbon.device.application.mgt.auth.handler.feature/src/main/resources/p2.inf
new file mode 100644
index 00000000000..8cc8bbdfd5e
--- /dev/null
+++ b/features/application-mgt/org.wso2.carbon.device.application.mgt.auth.handler.feature/src/main/resources/p2.inf
@@ -0,0 +1,3 @@
+instructions.configure = \
+org.eclipse.equinox.p2.touchpoint.natives.mkdir(path:${installFolder}/../../deployment/server/webapps/);\
+org.eclipse.equinox.p2.touchpoint.natives.copy(source:${installFolder}/../features/org.wso2.carbon.device.application.mgt.auth.handler_${feature.version}/webapps/auth#application-mgt#v1.0.war,target:${installFolder}/../../deployment/server/webapps/auth#application-mgt#v1.0.war,overwrite:true);\
\ No newline at end of file
diff --git a/features/application-mgt/org.wso2.carbon.device.application.mgt.feature/pom.xml b/features/application-mgt/org.wso2.carbon.device.application.mgt.feature/pom.xml
index 913e58579a5..76e3387876e 100644
--- a/features/application-mgt/org.wso2.carbon.device.application.mgt.feature/pom.xml
+++ b/features/application-mgt/org.wso2.carbon.device.application.mgt.feature/pom.xml
@@ -42,7 +42,7 @@
         </dependency>
         <dependency>
             <groupId>org.wso2.carbon.devicemgt</groupId>
-            <artifactId>org.wso2.carbon.device.application.mgt.ui.feature</artifactId>
+            <artifactId>org.wso2.carbon.device.application.mgt.publisher.ui.feature</artifactId>
             <type>zip</type>
         </dependency>
         <dependency>
diff --git a/features/application-mgt/pom.xml b/features/application-mgt/pom.xml
index f70cb75863b..878b9f5a0cd 100644
--- a/features/application-mgt/pom.xml
+++ b/features/application-mgt/pom.xml
@@ -35,6 +35,7 @@
 
     <modules>
         <module>org.wso2.carbon.device.application.mgt.api.feature</module>
+        <module>org.wso2.carbon.device.application.mgt.auth.handler.feature</module>
         <!--<module>org.wso2.carbon.device.application.mgt.ui.feature</module>-->
         <module>org.wso2.carbon.device.application.mgt.feature</module>
         <!--<module>org.wso2.carbon.device.application.mgt.extensions.feature</module>-->