Bumping the versions of all dependent component versions to their respective latests

revert-70aa11f8
prabathabey 9 years ago
commit c74a979c8d

@ -21,27 +21,50 @@ package org.wso2.carbon.device.mgt.core.config.permission;
import javax.xml.bind.annotation.XmlElement; import javax.xml.bind.annotation.XmlElement;
import javax.xml.bind.annotation.XmlRootElement; import javax.xml.bind.annotation.XmlRootElement;
@XmlRootElement(name = "Permission") /**
public class Permission{ * This class represents the information related to permission.
*/
@XmlRootElement (name = "Permission")
public class Permission {
private String name; // permission name
private String path; // permission string
private String url; // url of the resource
private String method; // http method
public String getName() {
return name;
}
@XmlElement (name = "name", required = true)
public void setName(String name) {
this.name = name;
}
public String getPath() {
return path;
}
private String name; @XmlElement (name = "path", required = true)
private String path; public void setPath(String path) {
this.path = path;
}
public String getName() { public String getUrl() {
return name; return url;
} }
@XmlElement(name = "name", required = true) @XmlElement (name = "url", required = true)
public void setName(String name) { public void setUrl(String url) {
this.name = name; this.url = url;
} }
public String getPath() { public String getMethod() {
return path; return method;
} }
@XmlElement(name = "path", required = true) @XmlElement (name = "method", required = true)
public void setPath(String path) { public void setMethod(String method) {
this.path = path; this.method = method;
} }
} }

@ -22,17 +22,20 @@ import javax.xml.bind.annotation.XmlElement;
import javax.xml.bind.annotation.XmlRootElement; import javax.xml.bind.annotation.XmlRootElement;
import java.util.List; import java.util.List;
@XmlRootElement(name = "PermissionConfiguration") /**
* This class represents the information related to permission configuration.
*/
@XmlRootElement (name = "PermissionConfiguration")
public class PermissionConfiguration { public class PermissionConfiguration {
private List<Permission> permissions; private List<Permission> permissions;
public List<Permission> getPermissions() { public List<Permission> getPermissions() {
return permissions; return permissions;
} }
@XmlElement(name = "Permission", required = true) @XmlElement (name = "Permission", required = true)
public void setPermissions(List<Permission> permissions) { public void setPermissions(List<Permission> permissions) {
this.permissions = permissions; this.permissions = permissions;
} }
} }

@ -31,51 +31,59 @@ import java.util.List;
*/ */
public class PermissionManager { public class PermissionManager {
private static PermissionManager permissionManager; private static PermissionManager permissionManager;
private static PermissionTree permissionTree; // holds the permissions at runtime.
private PermissionManager(){}; private PermissionManager() {
}
public static PermissionManager getInstance() { public static PermissionManager getInstance() {
if (permissionManager == null) { if (permissionManager == null) {
synchronized (PermissionManager.class) { synchronized (PermissionManager.class) {
if (permissionManager == null) { if (permissionManager == null) {
permissionManager = new PermissionManager(); permissionManager = new PermissionManager();
} permissionTree = new PermissionTree();
} }
} }
return permissionManager; }
} return permissionManager;
}
public boolean addPermission(Permission permission) throws DeviceManagementException { public boolean addPermission(Permission permission) throws DeviceManagementException {
try { permissionTree.addPermission(permission); // adding a permission to the tree
return PermissionUtils.putPermission(permission); try {
} catch (DeviceManagementException e) { return PermissionUtils.putPermission(permission);
throw new DeviceManagementException("Error occurred while adding the permission : " + } catch (DeviceManagementException e) {
permission.getName(), e); throw new DeviceManagementException("Error occurred while adding the permission : " +
} permission.getName(), e);
} }
}
public boolean addPermissions(List<Permission> permissions) throws DeviceManagementException{ public boolean addPermissions(List<Permission> permissions) throws DeviceManagementException {
for(Permission permission:permissions){ for (Permission permission : permissions) {
this.addPermission(permission); this.addPermission(permission);
} }
return true; return true;
} }
public void initializePermissions(InputStream permissionStream) throws DeviceManagementException { public void initializePermissions(InputStream permissionStream) throws DeviceManagementException {
try { try {
if(permissionStream != null){ if (permissionStream != null) {
/* Un-marshaling Device Management configuration */ /* Un-marshaling Device Management configuration */
JAXBContext cdmContext = JAXBContext.newInstance(PermissionConfiguration.class); JAXBContext cdmContext = JAXBContext.newInstance(PermissionConfiguration.class);
Unmarshaller unmarshaller = cdmContext.createUnmarshaller(); Unmarshaller unmarshaller = cdmContext.createUnmarshaller();
PermissionConfiguration permissionConfiguration = (PermissionConfiguration) PermissionConfiguration permissionConfiguration = (PermissionConfiguration)
unmarshaller.unmarshal(permissionStream); unmarshaller.unmarshal(permissionStream);
if((permissionConfiguration != null) && (permissionConfiguration.getPermissions() != null)){ if (permissionConfiguration != null && permissionConfiguration.getPermissions() != null) {
this.addPermissions(permissionConfiguration.getPermissions()); this.addPermissions(permissionConfiguration.getPermissions());
} }
} }
} catch (JAXBException e) { } catch (JAXBException e) {
throw new DeviceManagementException("Error occurred while initializing Data Source config", e); throw new DeviceManagementException("Error occurred while initializing Data Source config", e);
} }
} }
public Permission getPermission(String url, String httpMethod) {
return permissionTree.getPermission(url, httpMethod);
}
} }

@ -0,0 +1,79 @@
/*
* Copyright (c) 2015, WSO2 Inc. (http://www.wso2.org) All Rights Reserved.
*
* WSO2 Inc. licenses this file to you under the Apache License,
* Version 2.0 (the "License"); you may not use this file except
* in compliance with the License.
* You may obtain a copy of the License at
*
* http://www.apache.org/licenses/LICENSE-2.0
*
* Unless required by applicable law or agreed to in writing,
* software distributed under the License is distributed on an
* "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
* KIND, either express or implied. See the License for the
* specific language governing permissions and limitations
* under the License.
*/
package org.wso2.carbon.device.mgt.core.config.permission;
import java.util.ArrayList;
import java.util.Collection;
import java.util.HashMap;
import java.util.List;
import java.util.Map;
/**
* This class represents the node of a permission tree.
* It holds the current path name, list of permissions associated with URL
* and the set of children.
*/
public class PermissionNode {
private String pathName;
private Map<String, Permission> permissions = new HashMap<String, Permission>();
private List<PermissionNode> children = new ArrayList<PermissionNode>();
public PermissionNode(String pathName) {
this.pathName = pathName;
}
public String getPathName() {
return pathName;
}
public void setPathName(String pathName) {
this.pathName = pathName;
}
public List<PermissionNode> getChildren() {
return children;
}
public PermissionNode getChild(String pathName) {
PermissionNode child = null;
for (PermissionNode node : children) {
if (node.getPathName().equals(pathName)) {
return node;
}
}
return child;
}
public void addChild(PermissionNode node) {
children.add(node);
}
public void addPermission(String httpMethod, Permission permission) {
permissions.put(httpMethod, permission);
}
public Permission getPermission(String httpMethod) {
return permissions.get(httpMethod);
}
public Collection<Permission> getPermissions() {
return permissions.values();
}
}

@ -0,0 +1,113 @@
/*
* Copyright (c) 2015, WSO2 Inc. (http://www.wso2.org) All Rights Reserved.
*
* WSO2 Inc. licenses this file to you under the Apache License,
* Version 2.0 (the "License"); you may not use this file except
* in compliance with the License.
* You may obtain a copy of the License at
*
* http://www.apache.org/licenses/LICENSE-2.0
*
* Unless required by applicable law or agreed to in writing,
* software distributed under the License is distributed on an
* "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
* KIND, either express or implied. See the License for the
* specific language governing permissions and limitations
* under the License.
*/
package org.wso2.carbon.device.mgt.core.config.permission;
import org.apache.commons.logging.Log;
import org.apache.commons.logging.LogFactory;
import java.util.StringTokenizer;
/**
* This class represents a tree data structure which will be used for adding and retrieving permissions.
*/
public class PermissionTree {
private PermissionNode rootNode;
private static final String DYNAMIC_PATH_NOTATION = "*";
private static final String ROOT = "/";
private static final Log log = LogFactory.getLog(PermissionTree.class);
public PermissionTree() {
rootNode = new PermissionNode(ROOT); // initializing the root node.
}
/**
* This method is used to add permissions to the tree. Once it receives the permission
* it will traverse through the given request path with respect to the permission and place
* the permission in the appropriate place in the tree.
*
* @param permission Permission object.
*/
public void addPermission(Permission permission) {
StringTokenizer st = new StringTokenizer(permission.getUrl(), ROOT);
PermissionNode tempRoot = rootNode;
PermissionNode tempChild;
while (st.hasMoreTokens()) {
tempChild = new PermissionNode(st.nextToken());
tempRoot = addPermissionNode(tempRoot, tempChild);
}
tempRoot.addPermission(permission.getMethod(), permission); //setting permission to the vertex
if (log.isDebugEnabled()) {
log.debug("Added permission '" + permission.getName() + "'");
}
}
/**
* This method is used to add vertex to the graph. The method will check for the given child
* whether exists within the list of children of the given parent.
*
* @param parent Parent PermissionNode.
* @param child Child PermissionNode.
* @return returns the newly created child or the existing child.
*/
private PermissionNode addPermissionNode(PermissionNode parent, PermissionNode child) {
PermissionNode existChild = parent.getChild(child.getPathName());
if (existChild == null) {
parent.addChild(child);
return child;
}
return existChild;
}
/**
* This method is used to retrieve the permission for a given url and http method.
* Breath First Search (BFS) is used to traverse the tree.
*
* @param url Request URL.
* @param httpMethod HTTP method of the request.
* @return returns the permission with related to the request path or null if there is
* no any permission that is stored with respected to the given request path.
*/
public Permission getPermission(String url, String httpMethod) {
StringTokenizer st = new StringTokenizer(url, ROOT);
PermissionNode tempRoot = rootNode;
while (st.hasMoreTokens()) {
String currentToken = st.nextToken();
// returns the child node which matches with the 'currentToken' path.
tempRoot = tempRoot.getChild(currentToken);
// if tempRoot is null, that means 'currentToken' is not matched with the child's path.
// It means that it is at a point where the request must have dynamic path variables.
// Therefor it looks for '*' in the request path. ('*' denotes dynamic path variable).
if (tempRoot == null) {
tempRoot = tempRoot.getChild(DYNAMIC_PATH_NOTATION);
// if tempRoot is null, that means there is no any permission which matches with the
// given path
if (tempRoot == null) {
if (log.isDebugEnabled()) {
log.debug("Permission for request path '" + url + "' does not exist");
}
return null;
}
}
}
return tempRoot.getPermission(httpMethod);
}
}

@ -84,7 +84,7 @@ public class PermissionUtils {
return status; return status;
} }
public static boolean checkPermissionExistance(Permission permission) public static boolean checkPermissionExistence(Permission permission)
throws DeviceManagementException, throws DeviceManagementException,
org.wso2.carbon.registry.core.exceptions.RegistryException { org.wso2.carbon.registry.core.exceptions.RegistryException {
return PermissionUtils.getGovernanceRegistry().resourceExists(permission.getPath()); return PermissionUtils.getGovernanceRegistry().resourceExists(permission.getPath());

@ -84,6 +84,10 @@
<groupId>org.wso2.carbon.identity</groupId> <groupId>org.wso2.carbon.identity</groupId>
<artifactId>org.wso2.carbon.identity.oauth</artifactId> <artifactId>org.wso2.carbon.identity.oauth</artifactId>
</dependency> </dependency>
<dependency>
<groupId>org.wso2.carbon.identity</groupId>
<artifactId>org.wso2.carbon.identity.sso.saml</artifactId>
</dependency>
<dependency> <dependency>
<groupId>com.googlecode.json-simple.wso2</groupId> <groupId>com.googlecode.json-simple.wso2</groupId>
<artifactId>json-simple</artifactId> <artifactId>json-simple</artifactId>

@ -23,18 +23,19 @@ import org.json.JSONException;
import org.json.JSONObject; import org.json.JSONObject;
import org.wso2.carbon.context.CarbonContext; import org.wso2.carbon.context.CarbonContext;
import org.wso2.carbon.context.PrivilegedCarbonContext; import org.wso2.carbon.context.PrivilegedCarbonContext;
import org.wso2.carbon.context.RegistryType;
import org.wso2.carbon.dynamic.client.registration.*; import org.wso2.carbon.dynamic.client.registration.*;
import org.wso2.carbon.dynamic.client.registration.profile.RegistrationProfile; import org.wso2.carbon.dynamic.client.registration.profile.RegistrationProfile;
import org.wso2.carbon.identity.application.common.IdentityApplicationManagementException; import org.wso2.carbon.identity.application.common.IdentityApplicationManagementException;
import org.wso2.carbon.identity.application.common.model.InboundAuthenticationConfig; import org.wso2.carbon.identity.application.common.model.*;
import org.wso2.carbon.identity.application.common.model.InboundAuthenticationRequestConfig;
import org.wso2.carbon.identity.application.common.model.Property;
import org.wso2.carbon.identity.application.common.model.ServiceProvider;
import org.wso2.carbon.identity.application.mgt.ApplicationManagementService; import org.wso2.carbon.identity.application.mgt.ApplicationManagementService;
import org.wso2.carbon.identity.base.IdentityException; import org.wso2.carbon.identity.base.IdentityException;
import org.wso2.carbon.identity.oauth.IdentityOAuthAdminException; import org.wso2.carbon.identity.oauth.IdentityOAuthAdminException;
import org.wso2.carbon.identity.oauth.OAuthAdminService; import org.wso2.carbon.identity.oauth.OAuthAdminService;
import org.wso2.carbon.identity.oauth.dto.OAuthConsumerAppDTO; import org.wso2.carbon.identity.oauth.dto.OAuthConsumerAppDTO;
import org.wso2.carbon.identity.sso.saml.admin.SAMLSSOConfigAdmin;
import org.wso2.carbon.identity.sso.saml.dto.SAMLSSOServiceProviderDTO;
import org.wso2.carbon.registry.core.Registry;
import org.wso2.carbon.utils.multitenancy.MultitenantUtils; import org.wso2.carbon.utils.multitenancy.MultitenantUtils;
import java.util.Arrays; import java.util.Arrays;
@ -45,6 +46,13 @@ import java.util.Arrays;
public class DynamicClientRegistrationImpl implements DynamicClientRegistrationService { public class DynamicClientRegistrationImpl implements DynamicClientRegistrationService {
private static final String TOKEN_SCOPE = "tokenScope"; private static final String TOKEN_SCOPE = "tokenScope";
private static final String MDM = "mdm";
private static final String SAML_SSO = "samlsso";
private static final String BASIC_AUTHENTICATOR = "BasicAuthenticator";
private static final String BASIC = "basic";
private static final String LOCAL = "local";
private static final String ASSERTION_CONSUMER_URI = "https://localhost:9443/mdm/sso/acs";
private static final String AUDIENCE = "https://null:9443/oauth2/token";
private static final Log log = LogFactory.getLog(DynamicClientRegistrationService.class); private static final Log log = LogFactory.getLog(DynamicClientRegistrationService.class);
@Override @Override
@ -147,7 +155,12 @@ public class DynamicClientRegistrationImpl implements DynamicClientRegistrationS
"Error occurred while retrieving Application Management" + "Error occurred while retrieving Application Management" +
"Service"); "Service");
} }
appMgtService.createApplication(serviceProvider, tenantDomain, userName);
ServiceProvider existingServiceProvider = appMgtService.getServiceProvider(applicationName, tenantDomain);
if (existingServiceProvider == null) {
appMgtService.createApplication(serviceProvider, userName, tenantDomain);
}
ServiceProvider createdServiceProvider = appMgtService.getServiceProvider(applicationName, tenantDomain); ServiceProvider createdServiceProvider = appMgtService.getServiceProvider(applicationName, tenantDomain);
if (createdServiceProvider == null) { if (createdServiceProvider == null) {
@ -167,7 +180,10 @@ public class DynamicClientRegistrationImpl implements DynamicClientRegistrationS
log.debug("Creating OAuth App " + applicationName); log.debug("Creating OAuth App " + applicationName);
} }
oAuthAdminService.registerOAuthApplicationData(oAuthConsumerApp); if (existingServiceProvider == null) {
oAuthAdminService.registerOAuthApplicationData(oAuthConsumerApp);
}
if (log.isDebugEnabled()) { if (log.isDebugEnabled()) {
log.debug("Created OAuth App " + applicationName); log.debug("Created OAuth App " + applicationName);
} }
@ -181,10 +197,10 @@ public class DynamicClientRegistrationImpl implements DynamicClientRegistrationS
InboundAuthenticationConfig inboundAuthenticationConfig = InboundAuthenticationConfig inboundAuthenticationConfig =
new InboundAuthenticationConfig(); new InboundAuthenticationConfig();
InboundAuthenticationRequestConfig[] inboundAuthenticationRequestConfigs = new InboundAuthenticationRequestConfig[] inboundAuthenticationRequestConfigs = new
InboundAuthenticationRequestConfig[1]; InboundAuthenticationRequestConfig[2];
InboundAuthenticationRequestConfig inboundAuthenticationRequestConfig = new InboundAuthenticationRequestConfig inboundAuthenticationRequestConfig = new
InboundAuthenticationRequestConfig(); InboundAuthenticationRequestConfig();
inboundAuthenticationRequestConfig.setInboundAuthKey(createdApp.getOauthConsumerKey()); inboundAuthenticationRequestConfig.setInboundAuthKey(createdApp.getOauthConsumerKey());
inboundAuthenticationRequestConfig.setInboundAuthType("oauth2"); inboundAuthenticationRequestConfig.setInboundAuthType("oauth2");
if (createdApp.getOauthConsumerSecret() != null && !createdApp. if (createdApp.getOauthConsumerSecret() != null && !createdApp.
@ -197,10 +213,41 @@ public class DynamicClientRegistrationImpl implements DynamicClientRegistrationS
inboundAuthenticationRequestConfig.setProperties(properties); inboundAuthenticationRequestConfig.setProperties(properties);
} }
SAMLSSOServiceProviderDTO samlssoServiceProviderDTO = new SAMLSSOServiceProviderDTO();
samlssoServiceProviderDTO.setIssuer(MDM);
samlssoServiceProviderDTO.setAssertionConsumerUrl(ASSERTION_CONSUMER_URI);
samlssoServiceProviderDTO.setDoSignResponse(true);
samlssoServiceProviderDTO.setRequestedAudiences(new String[]{AUDIENCE});
SAMLSSOConfigAdmin configAdmin = new SAMLSSOConfigAdmin(getConfigSystemRegistry());
configAdmin.addRelyingPartyServiceProvider(samlssoServiceProviderDTO);
InboundAuthenticationRequestConfig samlAuthenticationRequest = new InboundAuthenticationRequestConfig();
samlAuthenticationRequest.setInboundAuthKey(MDM);
samlAuthenticationRequest.setInboundAuthType(SAML_SSO);
LocalAuthenticatorConfig localAuth = new LocalAuthenticatorConfig();
localAuth.setName(BASIC_AUTHENTICATOR);
localAuth.setDisplayName(BASIC);
localAuth.setEnabled(true);
AuthenticationStep authStep = new AuthenticationStep();
authStep.setStepOrder(1);
authStep.setSubjectStep(true);
authStep.setAttributeStep(true);
authStep.setLocalAuthenticatorConfigs(new LocalAuthenticatorConfig[]{localAuth});
LocalAndOutboundAuthenticationConfig localOutboundAuthConfig = new LocalAndOutboundAuthenticationConfig();
localOutboundAuthConfig.setAuthenticationType(LOCAL);
localOutboundAuthConfig.setAuthenticationSteps(new AuthenticationStep[]{authStep});
inboundAuthenticationRequestConfigs[0] = inboundAuthenticationRequestConfig; inboundAuthenticationRequestConfigs[0] = inboundAuthenticationRequestConfig;
inboundAuthenticationRequestConfigs[1] = samlAuthenticationRequest;
inboundAuthenticationConfig inboundAuthenticationConfig
.setInboundAuthenticationRequestConfigs(inboundAuthenticationRequestConfigs); .setInboundAuthenticationRequestConfigs(inboundAuthenticationRequestConfigs);
createdServiceProvider.setInboundAuthenticationConfig(inboundAuthenticationConfig); createdServiceProvider.setInboundAuthenticationConfig(inboundAuthenticationConfig);
createdServiceProvider.setLocalAndOutBoundAuthenticationConfig(localOutboundAuthConfig);
// Update the Service Provider app to add OAuthApp as an Inbound Authentication Config // Update the Service Provider app to add OAuthApp as an Inbound Authentication Config
appMgtService.updateApplication(createdServiceProvider, tenantDomain, userName); appMgtService.updateApplication(createdServiceProvider, tenantDomain, userName);
@ -217,6 +264,7 @@ public class DynamicClientRegistrationImpl implements DynamicClientRegistrationS
oAuthApplicationInfo.addParameter( oAuthApplicationInfo.addParameter(
ApplicationConstants.ClientMetadata.OAUTH_CLIENT_GRANT, ApplicationConstants.ClientMetadata.OAUTH_CLIENT_GRANT,
createdApp.getGrantTypes()); createdApp.getGrantTypes());
return oAuthApplicationInfo; return oAuthApplicationInfo;
} catch (IdentityApplicationManagementException e) { } catch (IdentityApplicationManagementException e) {
throw new DynamicClientRegistrationException( throw new DynamicClientRegistrationException(
@ -230,6 +278,11 @@ public class DynamicClientRegistrationImpl implements DynamicClientRegistrationS
} }
} }
protected Registry getConfigSystemRegistry() {
return (Registry) PrivilegedCarbonContext.getThreadLocalCarbonContext().
getRegistry(RegistryType.SYSTEM_CONFIGURATION);
}
@Override @Override
public boolean unregisterOAuthApplication(String userId, String applicationName, public boolean unregisterOAuthApplication(String userId, String applicationName,
String consumerKey) throws DynamicClientRegistrationException { String consumerKey) throws DynamicClientRegistrationException {
@ -264,7 +317,14 @@ public class DynamicClientRegistrationImpl implements DynamicClientRegistrationS
oAuthAdminService.removeOAuthApplicationData(consumerKey); oAuthAdminService.removeOAuthApplicationData(consumerKey);
ApplicationManagementService appMgtService = ApplicationManagementService.getInstance(); ApplicationManagementService appMgtService = ApplicationManagementService.getInstance();
if (appMgtService == null) {
throw new IllegalStateException(
"Error occurred while retrieving Application Management" +
"Service");
}
ServiceProvider createdServiceProvider = appMgtService.getServiceProvider(applicationName, tenantDomain); ServiceProvider createdServiceProvider = appMgtService.getServiceProvider(applicationName, tenantDomain);
if (createdServiceProvider == null) { if (createdServiceProvider == null) {
throw new DynamicClientRegistrationException( throw new DynamicClientRegistrationException(
"Couldn't retrieve Service Provider Application " + applicationName); "Couldn't retrieve Service Provider Application " + applicationName);
@ -286,6 +346,12 @@ public class DynamicClientRegistrationImpl implements DynamicClientRegistrationS
@Override @Override
public boolean isOAuthApplicationExists(String applicationName) throws DynamicClientRegistrationException { public boolean isOAuthApplicationExists(String applicationName) throws DynamicClientRegistrationException {
ApplicationManagementService appMgtService = ApplicationManagementService.getInstance();
if (appMgtService == null) {
throw new IllegalStateException(
"Error occurred while retrieving Application Management" +
"Service");
}
try { try {
if (ApplicationManagementService.getInstance().getServiceProvider(applicationName, if (ApplicationManagementService.getInstance().getServiceProvider(applicationName,
CarbonContext.getThreadLocalCarbonContext().getTenantDomain()) != null) { CarbonContext.getThreadLocalCarbonContext().getTenantDomain()) != null) {

@ -95,6 +95,7 @@
org.wso2.carbon.apimgt.impl, org.wso2.carbon.apimgt.impl,
org.wso2.carbon.certificate.mgt.core.service, org.wso2.carbon.certificate.mgt.core.service,
org.wso2.carbon.certificate.mgt.core.exception, org.wso2.carbon.certificate.mgt.core.exception,
org.wso2.carbon.device.mgt.core.config.permission,
org.wso2.carbon.device.mgt.common, org.wso2.carbon.device.mgt.common,
org.wso2.carbon.device.mgt.core.scep org.wso2.carbon.device.mgt.core.scep
</Import-Package> </Import-Package>

@ -40,4 +40,14 @@ public final class Constants {
public static final String CONTENT_TYPE_APPLICATION_XML = "application/xml"; public static final String CONTENT_TYPE_APPLICATION_XML = "application/xml";
} }
public static final class PermissionMethod {
private PermissionMethod() {
throw new AssertionError();
}
public static final String READ = "read";
public static final String WRITE = "write";
public static final String DELETE = "delete";
public static final String ACTION = "action";
}
} }

@ -0,0 +1,76 @@
/*
* Copyright (c) 2015, WSO2 Inc. (http://www.wso2.org) All Rights Reserved.
*
* WSO2 Inc. licenses this file to you under the Apache License,
* Version 2.0 (the "License"); you may not use this file except
* in compliance with the License.
* You may obtain a copy of the License at
*
* http://www.apache.org/licenses/LICENSE-2.0
*
* Unless required by applicable law or agreed to in writing,
* software distributed under the License is distributed on an
* "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
* KIND, either express or implied. See the License for the
* specific language governing permissions and limitations
* under the License.
*/
package org.wso2.carbon.webapp.authenticator.framework.authorizer;
import org.apache.catalina.connector.Request;
import org.apache.catalina.connector.Response;
import org.apache.commons.logging.Log;
import org.apache.commons.logging.LogFactory;
import org.wso2.carbon.tomcat.ext.valves.CarbonTomcatValve;
import org.wso2.carbon.tomcat.ext.valves.CompositeValve;
import org.wso2.carbon.webapp.authenticator.framework.AuthenticationFrameworkUtil;
import org.wso2.carbon.webapp.authenticator.framework.authenticator.WebappAuthenticator;
import javax.servlet.http.HttpServletResponse;
public class PermissionAuthorizationValve extends CarbonTomcatValve {
private static final Log log = LogFactory.getLog(PermissionAuthorizationValve.class);
private static final String AUTHORIZATION_ENABLED = "authorization-enabled";
@Override
public void invoke(Request request, Response response, CompositeValve compositeValve) {
String permissionStatus =
request.getContext().findParameter(AUTHORIZATION_ENABLED);
if (permissionStatus == null || permissionStatus.isEmpty()) {
this.processResponse(request, response, compositeValve, WebappAuthenticator.Status.CONTINUE);
return;
}
// check whether the permission checking function is enabled in web.xml
boolean isEnabled = new Boolean(permissionStatus);
if (!isEnabled) {
this.processResponse(request, response, compositeValve, WebappAuthenticator.Status.CONTINUE);
return;
}
if (log.isDebugEnabled()) {
log.debug("Checking permission of request: " + request.getRequestURI());
}
PermissionAuthorizer permissionAuthorizer = new PermissionAuthorizer();
WebappAuthenticator.Status status = permissionAuthorizer.authorize(request, response);
this.processResponse(request, response, compositeValve, status);
}
private void processResponse(Request request, Response response, CompositeValve compositeValve,
WebappAuthenticator.Status status) {
switch (status) {
case SUCCESS:
case CONTINUE:
this.getNext().invoke(request, response, compositeValve);
break;
case FAILURE:
String msg = "Failed to authorize incoming request";
log.error(msg);
AuthenticationFrameworkUtil.handleResponse(request, response, HttpServletResponse.SC_UNAUTHORIZED, msg);
break;
}
}
}

@ -0,0 +1,90 @@
/*
* Copyright (c) 2015, WSO2 Inc. (http://www.wso2.org) All Rights Reserved.
*
* WSO2 Inc. licenses this file to you under the Apache License,
* Version 2.0 (the "License"); you may not use this file except
* in compliance with the License.
* You may obtain a copy of the License at
*
* http://www.apache.org/licenses/LICENSE-2.0
*
* Unless required by applicable law or agreed to in writing,
* software distributed under the License is distributed on an
* "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
* KIND, either express or implied. See the License for the
* specific language governing permissions and limitations
* under the License.
*/
package org.wso2.carbon.webapp.authenticator.framework.authorizer;
import org.apache.catalina.connector.Request;
import org.apache.catalina.connector.Response;
import org.apache.commons.logging.Log;
import org.apache.commons.logging.LogFactory;
import org.wso2.carbon.context.CarbonContext;
import org.wso2.carbon.device.mgt.core.config.permission.Permission;
import org.wso2.carbon.device.mgt.core.config.permission.PermissionManager;
import org.wso2.carbon.user.api.UserStoreException;
import org.wso2.carbon.webapp.authenticator.framework.Constants;
import org.wso2.carbon.webapp.authenticator.framework.authenticator.WebappAuthenticator;
import java.util.StringTokenizer;
/**
* This class represents the methods that are used to authorize requests.
*/
public class PermissionAuthorizer {
private static final Log log = LogFactory.getLog(PermissionAuthorizer.class);
public WebappAuthenticator.Status authorize(Request request, Response response) {
String requestUri = request.getRequestURI();
String requestMethod = request.getMethod();
if (requestUri == null || requestUri.isEmpty() ||
requestMethod == null || requestMethod.isEmpty()) {
return WebappAuthenticator.Status.CONTINUE;
}
PermissionManager permissionManager = PermissionManager.getInstance();
Permission requestPermission = permissionManager.getPermission(requestUri, requestMethod);
if (requestPermission == null) {
if (log.isDebugEnabled()) {
log.debug("Permission to request '" + requestUri + "' is not defined in the configuration");
}
return WebappAuthenticator.Status.FAILURE;
}
String permissionString = requestPermission.getPath();
// This is added temporarily until authentication works.
// TODO remove below line.
String username = "admin";
// TODO uncomment this once the authentication works.
//String username = CarbonContext.getThreadLocalCarbonContext().getUsername();
boolean isUserAuthorized;
try {
isUserAuthorized = CarbonContext.getThreadLocalCarbonContext().getUserRealm().
getAuthorizationManager().isUserAuthorized(username, permissionString,
Constants.PermissionMethod.READ);
} catch (UserStoreException e) {
log.error("Error occurred while retrieving user store. " + e.getMessage());
return WebappAuthenticator.Status.FAILURE;
}
if (log.isDebugEnabled()) {
log.debug("Is user authorized: " + isUserAuthorized);
}
if (isUserAuthorized) {
return WebappAuthenticator.Status.SUCCESS;
} else {
return WebappAuthenticator.Status.FAILURE;
}
}
}

@ -23,14 +23,14 @@ import org.apache.commons.logging.LogFactory;
import org.osgi.service.component.ComponentContext; import org.osgi.service.component.ComponentContext;
import org.wso2.carbon.certificate.mgt.core.service.CertificateManagementService; import org.wso2.carbon.certificate.mgt.core.service.CertificateManagementService;
import org.wso2.carbon.device.mgt.core.scep.SCEPManager; import org.wso2.carbon.device.mgt.core.scep.SCEPManager;
import org.wso2.carbon.device.mgt.core.service.DeviceManagementProviderService;
import org.wso2.carbon.tomcat.ext.valves.CarbonTomcatValve; import org.wso2.carbon.tomcat.ext.valves.CarbonTomcatValve;
import org.wso2.carbon.tomcat.ext.valves.TomcatValveContainer; import org.wso2.carbon.tomcat.ext.valves.TomcatValveContainer;
import org.wso2.carbon.user.core.service.RealmService; import org.wso2.carbon.user.core.service.RealmService;
import org.wso2.carbon.webapp.authenticator.framework.DataHolder; import org.wso2.carbon.webapp.authenticator.framework.DataHolder;
import org.wso2.carbon.webapp.authenticator.framework.WebappAuthenticationHandler; import org.wso2.carbon.webapp.authenticator.framework.WebappAuthenticationHandler;
import org.wso2.carbon.webapp.authenticator.framework.WebappAuthenticatorRepository;
import org.wso2.carbon.webapp.authenticator.framework.authenticator.WebappAuthenticator; import org.wso2.carbon.webapp.authenticator.framework.authenticator.WebappAuthenticator;
import org.wso2.carbon.webapp.authenticator.framework.WebappAuthenticatorRepository;
import org.wso2.carbon.webapp.authenticator.framework.authorizer.PermissionAuthorizationValve;
import org.wso2.carbon.webapp.authenticator.framework.config.AuthenticatorConfig; import org.wso2.carbon.webapp.authenticator.framework.config.AuthenticatorConfig;
import org.wso2.carbon.webapp.authenticator.framework.config.WebappAuthenticatorConfig; import org.wso2.carbon.webapp.authenticator.framework.config.WebappAuthenticatorConfig;
@ -79,6 +79,7 @@ public class WebappAuthenticatorFrameworkServiceComponent {
List<CarbonTomcatValve> valves = new ArrayList<CarbonTomcatValve>(); List<CarbonTomcatValve> valves = new ArrayList<CarbonTomcatValve>();
valves.add(new WebappAuthenticationHandler()); valves.add(new WebappAuthenticationHandler());
valves.add(new PermissionAuthorizationValve());
TomcatValveContainer.addValves(valves); TomcatValveContainer.addValves(valves);
if (log.isDebugEnabled()) { if (log.isDebugEnabled()) {

@ -935,6 +935,11 @@
<artifactId>org.wso2.carbon.identity.oauth</artifactId> <artifactId>org.wso2.carbon.identity.oauth</artifactId>
<version>${carbon.identity.version}</version> <version>${carbon.identity.version}</version>
</dependency> </dependency>
<dependency>
<groupId>org.wso2.carbon.identity</groupId>
<artifactId>org.wso2.carbon.identity.sso.saml</artifactId>
<version>${carbon.identity.version}</version>
</dependency>
<dependency> <dependency>
<groupId>com.googlecode.json-simple.wso2</groupId> <groupId>com.googlecode.json-simple.wso2</groupId>
<artifactId>json-simple</artifactId> <artifactId>json-simple</artifactId>

Loading…
Cancel
Save