diff --git a/components/apimgt-extensions/org.wso2.carbon.apimgt.annotations/src/main/java/org/wso2/carbon/apimgt/annotations/api/Permission.java b/components/apimgt-extensions/org.wso2.carbon.apimgt.annotations/src/main/java/org/wso2/carbon/apimgt/annotations/api/Permission.java deleted file mode 100644 index 14d447ac2c0..00000000000 --- a/components/apimgt-extensions/org.wso2.carbon.apimgt.annotations/src/main/java/org/wso2/carbon/apimgt/annotations/api/Permission.java +++ /dev/null @@ -1,42 +0,0 @@ -/* -* Copyright (c) 2014, WSO2 Inc. (http://www.wso2.org) All Rights Reserved. -* -* Licensed under the Apache License, Version 2.0 (the "License"); -* you may not use this file except in compliance with the License. -* You may obtain a copy of the License at -* -* http://www.apache.org/licenses/LICENSE-2.0 -* -* Unless required by applicable law or agreed to in writing, software -* distributed under the License is distributed on an "AS IS" BASIS, -* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -* See the License for the specific language governing permissions and -* limitations under the License. -*/ -package org.wso2.carbon.apimgt.annotations.api; - -import java.lang.annotation.ElementType; -import java.lang.annotation.Retention; -import java.lang.annotation.RetentionPolicy; -import java.lang.annotation.Target; - -/** - * This class is the representation of custom developed Permission annotation. - */ -@Target(ElementType.METHOD) -@Retention(RetentionPolicy.RUNTIME) -public @interface Permission { - - /** - * Represents the permission name. - * @return Returns permission name. - */ - String name(); - - /** - * Represents the permission string. - * @return Returns permission string. - */ - String permission(); - -} \ No newline at end of file diff --git a/components/apimgt-extensions/org.wso2.carbon.apimgt.annotations/src/main/java/org/wso2/carbon/apimgt/annotations/api/Scope.java b/components/apimgt-extensions/org.wso2.carbon.apimgt.annotations/src/main/java/org/wso2/carbon/apimgt/annotations/api/Scope.java index 9e0068635be..701a6f183c5 100644 --- a/components/apimgt-extensions/org.wso2.carbon.apimgt.annotations/src/main/java/org/wso2/carbon/apimgt/annotations/api/Scope.java +++ b/components/apimgt-extensions/org.wso2.carbon.apimgt.annotations/src/main/java/org/wso2/carbon/apimgt/annotations/api/Scope.java @@ -1,21 +1,3 @@ -/* - * Copyright (c) 2016, WSO2 Inc. (http://www.wso2.org) All Rights Reserved. - * - * WSO2 Inc. licenses this file to you under the Apache License, - * Version 2.0 (the "License"); you may not use this file except - * in compliance with the License. - * You may obtain a copy of the License at - * - * http://www.apache.org/licenses/LICENSE-2.0 - * - * Unless required by applicable law or agreed to in writing, - * software distributed under the License is distributed on an - * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY - * KIND, either express or implied. See the License for the - * specific language governing permissions and limitations - * under the License. - */ - package org.wso2.carbon.apimgt.annotations.api; import java.lang.annotation.ElementType; @@ -24,28 +6,18 @@ import java.lang.annotation.RetentionPolicy; import java.lang.annotation.Target; /** - * This class is the representation of custom developed Permission annotation. + * This class is the representation of custom developed Scopes annotation. */ @Target(ElementType.METHOD) @Retention(RetentionPolicy.RUNTIME) public @interface Scope { - /** - * Represents the scope key which should be unique. - * @return Returns scope key. - */ - String key(); - - /** - * Represents the scope name. - * @return Returns scope name. - */ String name(); - /** - * Represents the scope description. - * @return Returns scope description. - */ String description(); + String key(); + + String[] permissions(); + } diff --git a/components/apimgt-extensions/org.wso2.carbon.apimgt.annotations/src/main/java/org/wso2/carbon/apimgt/annotations/api/Scopes.java b/components/apimgt-extensions/org.wso2.carbon.apimgt.annotations/src/main/java/org/wso2/carbon/apimgt/annotations/api/Scopes.java new file mode 100644 index 00000000000..ebbda6f9d49 --- /dev/null +++ b/components/apimgt-extensions/org.wso2.carbon.apimgt.annotations/src/main/java/org/wso2/carbon/apimgt/annotations/api/Scopes.java @@ -0,0 +1,35 @@ +/* + * Copyright (c) 2016, WSO2 Inc. (http://www.wso2.org) All Rights Reserved. + * + * WSO2 Inc. licenses this file to you under the Apache License, + * Version 2.0 (the "License"); you may not use this file except + * in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, + * software distributed under the License is distributed on an + * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY + * KIND, either express or implied. See the License for the + * specific language governing permissions and limitations + * under the License. + */ + +package org.wso2.carbon.apimgt.annotations.api; + +import java.lang.annotation.ElementType; +import java.lang.annotation.Retention; +import java.lang.annotation.RetentionPolicy; +import java.lang.annotation.Target; + +/** + * This class is the representation of custom developed Scopes annotation. + */ +@Target(ElementType.TYPE) +@Retention(RetentionPolicy.RUNTIME) +public @interface Scopes { + + Scope[] scopes(); + +} diff --git a/components/apimgt-extensions/org.wso2.carbon.apimgt.webapp.publisher/src/main/java/org/wso2/carbon/apimgt/webapp/publisher/APIPublisherUtil.java b/components/apimgt-extensions/org.wso2.carbon.apimgt.webapp.publisher/src/main/java/org/wso2/carbon/apimgt/webapp/publisher/APIPublisherUtil.java index c1719f2296e..a4afb01808b 100644 --- a/components/apimgt-extensions/org.wso2.carbon.apimgt.webapp.publisher/src/main/java/org/wso2/carbon/apimgt/webapp/publisher/APIPublisherUtil.java +++ b/components/apimgt-extensions/org.wso2.carbon.apimgt.webapp.publisher/src/main/java/org/wso2/carbon/apimgt/webapp/publisher/APIPublisherUtil.java @@ -269,18 +269,7 @@ public class APIPublisherUtil { } apiConfig.setOwner(owner); - String isSecuredParam = servletContext.getInitParameter(PARAM_MANAGED_API_IS_SECURED); - boolean isSecured; - if (isSecuredParam == null || isSecuredParam.isEmpty()) { - if (log.isDebugEnabled()) { - log.debug("'managed-api-isSecured' attribute is not configured. Therefore, using the default, " + - "which is 'true'"); - } - isSecured = false; - } else { - isSecured = Boolean.parseBoolean(isSecuredParam); - } - apiConfig.setSecured(isSecured); + apiConfig.setSecured(false); String transports = servletContext.getInitParameter(PARAM_MANAGED_API_TRANSPORTS); if (transports == null || transports.isEmpty()) { diff --git a/components/apimgt-extensions/org.wso2.carbon.apimgt.webapp.publisher/src/main/java/org/wso2/carbon/apimgt/webapp/publisher/lifecycle/util/AnnotationProcessor.java b/components/apimgt-extensions/org.wso2.carbon.apimgt.webapp.publisher/src/main/java/org/wso2/carbon/apimgt/webapp/publisher/lifecycle/util/AnnotationProcessor.java index 5611b563ca2..b820a4426fc 100644 --- a/components/apimgt-extensions/org.wso2.carbon.apimgt.webapp.publisher/src/main/java/org/wso2/carbon/apimgt/webapp/publisher/lifecycle/util/AnnotationProcessor.java +++ b/components/apimgt-extensions/org.wso2.carbon.apimgt.webapp.publisher/src/main/java/org/wso2/carbon/apimgt/webapp/publisher/lifecycle/util/AnnotationProcessor.java @@ -16,10 +16,12 @@ package org.wso2.carbon.apimgt.webapp.publisher.lifecycle.util; +import io.swagger.annotations.ApiOperation; import io.swagger.annotations.SwaggerDefinition; import org.apache.catalina.core.StandardContext; import org.apache.commons.logging.Log; import org.apache.commons.logging.LogFactory; +import org.wso2.carbon.apimgt.api.model.Scope; import org.wso2.carbon.apimgt.webapp.publisher.APIPublisherUtil; import org.wso2.carbon.apimgt.webapp.publisher.config.APIResource; import org.wso2.carbon.apimgt.webapp.publisher.config.APIResourceConfiguration; @@ -37,9 +39,7 @@ import java.net.URI; import java.net.URL; import java.security.AccessController; import java.security.PrivilegedAction; -import java.util.ArrayList; -import java.util.List; -import java.util.Set; +import java.util.*; public class AnnotationProcessor { @@ -58,9 +58,15 @@ public class AnnotationProcessor { private static final String SWAGGER_ANNOTATIONS_EXTENSIONS = "extensions"; private static final String SWAGGER_ANNOTATIONS_PROPERTIES = "properties"; private static final String SWAGGER_ANNOTATIONS_PROPERTIES_NAME = "name"; + private static final String SWAGGER_ANNOTATIONS_PROPERTIES_DESCRIPTION = "description"; + private static final String SWAGGER_ANNOTATIONS_PROPERTIES_KEY = "key"; + private static final String SWAGGER_ANNOTATIONS_PROPERTIES_PERMISSIONS = "permissions"; private static final String SWAGGER_ANNOTATIONS_PROPERTIES_VERSION = "version"; private static final String SWAGGER_ANNOTATIONS_PROPERTIES_CONTEXT = "context"; private static final String SWAGGER_ANNOTATIONS_PROPERTIES_VALUE = "value"; + private static final String ANNOTATIONS_SCOPES = "scopes"; + + private static final String PERMISSION_PREFIX = "/permission/admin"; private StandardContext context; @@ -75,6 +81,10 @@ public class AnnotationProcessor { private Class tagClass; private Class extensionClass; private Class extensionPropertyClass; + private Class apiOperation; + private Class scopeClass; + private Class scopesClass; + private Map apiScopes; public AnnotationProcessor(final StandardContext context) { servletContext = context.getServletContext(); @@ -91,7 +101,13 @@ public class AnnotationProcessor { extensionClass = (Class)classLoader .loadClass((io.swagger.annotations.Extension.class.getName())); extensionPropertyClass = (Class)classLoader - .loadClass((io.swagger.annotations.ExtensionProperty.class.getName())); + .loadClass(io.swagger.annotations.ExtensionProperty.class.getName()); + scopeClass = (Class) classLoader + .loadClass(org.wso2.carbon.apimgt.annotations.api.Scope.class.getName()); + scopesClass = (Class) classLoader + .loadClass(org.wso2.carbon.apimgt.annotations.api.Scopes.class.getName()); + apiOperation = (Class)classLoader + .loadClass((io.swagger.annotations.ApiOperation.class.getName())); } catch (ClassNotFoundException e) { log.error("An error has occurred while loading classes ", e); } @@ -120,6 +136,7 @@ public class AnnotationProcessor { try { clazz = classLoader.loadClass(className); Annotation swaggerDefinition = clazz.getAnnotation(apiClazz); + Annotation Scopes = clazz.getAnnotation(scopesClass); List resourceList; if (swaggerDefinition != null) { if (log.isDebugEnabled()) { @@ -127,6 +144,9 @@ public class AnnotationProcessor { } try { apiResourceConfig = processAPIAnnotation(swaggerDefinition); + if (Scopes != null) { + apiScopes = processAPIScopes(Scopes); + } if(apiResourceConfig != null){ String rootContext = servletContext.getContextPath(); pathClazzMethods = pathClazz.getMethods(); @@ -158,7 +178,7 @@ public class AnnotationProcessor { } catch (ClassNotFoundException e1) { String msg = "Failed to load service class " + className + " for publishing APIs." + " This API will not be published."; - log.error(msg); + log.error(msg, e1); } catch (RuntimeException e) { log.error("Unexpected error has been occurred while publishing "+ className +"hence, this API will not be published."); @@ -174,6 +194,39 @@ public class AnnotationProcessor { return apiResourceConfigs; } + private Map processAPIScopes(Annotation annotation) throws Throwable { + Map scopes = new HashMap<>(); + + InvocationHandler methodHandler = Proxy.getInvocationHandler(annotation); + Annotation[] annotatedScopes = (Annotation[]) methodHandler.invoke(annotation, scopesClass + .getMethod(ANNOTATIONS_SCOPES, null), null); + + Scope scope; + String permissions[]; + StringBuilder aggregatedPermissions; + for(int i=0; i apiOperation; private Class authorizationClass; private Class authorizationScopeClass; + private Class extensionClass; + private Class extensionPropertyClass; + private Class scopeClass; + private Class scopesClass; + private Map apiScopes; public AnnotationProcessor(final StandardContext context) { @@ -90,6 +98,15 @@ public class AnnotationProcessor { .loadClass((io.swagger.annotations.Authorization.class.getName())); authorizationScopeClass = (Class)classLoader .loadClass((io.swagger.annotations.AuthorizationScope.class.getName())); + extensionClass = (Class)classLoader + .loadClass((io.swagger.annotations.Extension.class.getName())); + extensionPropertyClass = (Class)classLoader + .loadClass(io.swagger.annotations.ExtensionProperty.class.getName()); + scopeClass = (Class) classLoader + .loadClass(org.wso2.carbon.apimgt.annotations.api.Scope.class.getName()); + scopesClass = (Class) classLoader + .loadClass(org.wso2.carbon.apimgt.annotations.api.Scopes.class.getName()); + } catch (ClassNotFoundException e) { log.error("An error has occurred while loading classes ", e); } @@ -135,6 +152,10 @@ public class AnnotationProcessor { try { clazz = classLoader.loadClass(className); Annotation apiAnno = clazz.getAnnotation(apiClazz); + Annotation scopesAnno = clazz.getAnnotation(scopesClass); + if (scopesAnno != null) { + apiScopes = processAPIScopes(scopesAnno); + } List resourceList; if (apiAnno != null) { if (log.isDebugEnabled()) { @@ -165,7 +186,9 @@ public class AnnotationProcessor { } } } catch (ClassNotFoundException e) { - log.error("Error when passing the api annotation for device type apis."); + log.error("Error when passing the api annotation for device type apis.", e); + } catch (Throwable e) { + log.error("Error when passing the scopes annotation for device type apis.", e); } return apiPermissions; } @@ -342,28 +365,55 @@ public class AnnotationProcessor { private void setPermission(Annotation currentMethod, Permission permission) throws Throwable { InvocationHandler methodHandler = Proxy.getInvocationHandler(currentMethod); - Annotation[] authorizations = (Annotation[]) methodHandler.invoke(currentMethod - , apiOperation.getMethod(SWAGGER_ANNOTATIONS_AUTHORIZATIONS,null),null); - for(int i=0; i processAPIScopes(Annotation annotation) throws Throwable { + Map scopes = new HashMap<>(); + + InvocationHandler methodHandler = Proxy.getInvocationHandler(annotation); + Annotation[] annotatedScopes = (Annotation[]) methodHandler.invoke(annotation, scopesClass + .getMethod(ANNOTATIONS_SCOPES, null), null); + + Scope scope; + String permissions[]; + StringBuilder aggregatedPermissions; + for(int i=0; i 2.2.1 6.1.1 - 4.4.10 + 4.4.11 4.4.9 [4.4.0, 5.0.0) 1.5.4 @@ -1914,12 +1914,12 @@ 4.7.2 - 5.6.89 - 5.2.33 - 5.2.14 + 5.7.0 + 5.3.1 + 5.3.0 - [5.6.0, 6.0.0) + [5.7.0, 6.0.0) [5.2.0, 6.0.0) [5.1.0, 6.0.0) @@ -1945,7 +1945,7 @@ [2.6.0,3.0.0) - 6.1.2 + 6.1.35 (6.0.0,7.0.0]