diff --git a/components/device-mgt/org.wso2.carbon.device.mgt.core/src/main/java/org/wso2/carbon/device/mgt/core/internal/TenantCreateObserver.java b/components/device-mgt/org.wso2.carbon.device.mgt.core/src/main/java/org/wso2/carbon/device/mgt/core/internal/TenantCreateObserver.java index 79a53092962..98dc6c500ed 100644 --- a/components/device-mgt/org.wso2.carbon.device.mgt.core/src/main/java/org/wso2/carbon/device/mgt/core/internal/TenantCreateObserver.java +++ b/components/device-mgt/org.wso2.carbon.device.mgt.core/src/main/java/org/wso2/carbon/device/mgt/core/internal/TenantCreateObserver.java @@ -21,11 +21,15 @@ import org.apache.axis2.context.ConfigurationContext; import org.apache.commons.logging.Log; import org.apache.commons.logging.LogFactory; import org.wso2.carbon.context.PrivilegedCarbonContext; +import org.wso2.carbon.device.mgt.core.DeviceManagementConstants; import org.wso2.carbon.device.mgt.core.DeviceManagementConstants.User; +import org.wso2.carbon.user.api.AuthorizationManager; +import org.wso2.carbon.user.api.Permission; import org.wso2.carbon.user.api.UserRealm; import org.wso2.carbon.user.api.UserStoreException; import org.wso2.carbon.user.api.UserStoreManager; import org.wso2.carbon.utils.AbstractAxis2ConfigurationContextObserver; +import org.wso2.carbon.utils.multitenancy.MultitenantConstants; /** * Load configuration files to tenant's registry. @@ -48,10 +52,36 @@ public class TenantCreateObserver extends AbstractAxis2ConfigurationContextObser UserStoreManager userStoreManager = DeviceManagementDataHolder.getInstance().getRealmService().getTenantUserRealm(tenantId) .getUserStoreManager(); + AuthorizationManager authorizationManager = DeviceManagementDataHolder.getInstance().getRealmService() + .getTenantUserRealm(MultitenantConstants.SUPER_TENANT_ID).getAuthorizationManager(); + String tenantAdminName = userRealm.getRealmConfiguration().getAdminUserName(); - userStoreManager.addRole(User.DEFAULT_DEVICE_USER, new String[]{tenantAdminName}, User.PERMISSIONS_FOR_DEVICE_USER); - userStoreManager.addRole(User.DEFAULT_DEVICE_ADMIN, new String[]{tenantAdminName}, - User.PERMISSIONS_FOR_DEVICE_ADMIN); + + if (!userStoreManager.isExistingRole(DeviceManagementConstants.User.DEFAULT_DEVICE_ADMIN)) { + userStoreManager.addRole( + DeviceManagementConstants.User.DEFAULT_DEVICE_ADMIN, + null, + DeviceManagementConstants.User.PERMISSIONS_FOR_DEVICE_ADMIN); + } else { + for (Permission permission : DeviceManagementConstants.User.PERMISSIONS_FOR_DEVICE_ADMIN) { + authorizationManager.authorizeRole(DeviceManagementConstants.User.DEFAULT_DEVICE_ADMIN, + permission.getResourceId(), permission.getAction()); + } + } + if (!userStoreManager.isExistingRole(DeviceManagementConstants.User.DEFAULT_DEVICE_USER)) { + userStoreManager.addRole( + DeviceManagementConstants.User.DEFAULT_DEVICE_USER, + null, + DeviceManagementConstants.User.PERMISSIONS_FOR_DEVICE_USER); + } else { + for (Permission permission : DeviceManagementConstants.User.PERMISSIONS_FOR_DEVICE_USER) { + authorizationManager.authorizeRole(DeviceManagementConstants.User.DEFAULT_DEVICE_USER, + permission.getResourceId(), permission.getAction()); + } + } + userStoreManager.updateRoleListOfUser(tenantAdminName, null, + new String[] {DeviceManagementConstants.User.DEFAULT_DEVICE_ADMIN, + DeviceManagementConstants.User.DEFAULT_DEVICE_USER}); if (log.isDebugEnabled()) { log.debug("Device management roles: " + User.DEFAULT_DEVICE_USER + ", " + User.DEFAULT_DEVICE_ADMIN + " created for the tenant:" + tenantDomain + "." diff --git a/components/ui-request-interceptor/io.entgra.ui.request.interceptor/src/main/java/io/entgra/ui/request/interceptor/PermissionScopeHandler.java b/components/ui-request-interceptor/io.entgra.ui.request.interceptor/src/main/java/io/entgra/ui/request/interceptor/PermissionScopeHandler.java index 96d1d1151f4..9ccb10c7965 100644 --- a/components/ui-request-interceptor/io.entgra.ui.request.interceptor/src/main/java/io/entgra/ui/request/interceptor/PermissionScopeHandler.java +++ b/components/ui-request-interceptor/io.entgra.ui.request.interceptor/src/main/java/io/entgra/ui/request/interceptor/PermissionScopeHandler.java @@ -59,6 +59,7 @@ public class PermissionScopeHandler extends HttpServlet { proxyResponse.setCode(HttpStatus.SC_OK); proxyResponse.setData(jsonObject.toString()); HandlerUtil.handleSuccess(resp, proxyResponse); + return; } HandlerUtil.handleError(resp, null); } diff --git a/components/ui-request-interceptor/io.entgra.ui.request.interceptor/src/main/java/io/entgra/ui/request/interceptor/util/HandlerUtil.java b/components/ui-request-interceptor/io.entgra.ui.request.interceptor/src/main/java/io/entgra/ui/request/interceptor/util/HandlerUtil.java index ab702eb9ad0..9e4cb0c70b4 100644 --- a/components/ui-request-interceptor/io.entgra.ui.request.interceptor/src/main/java/io/entgra/ui/request/interceptor/util/HandlerUtil.java +++ b/components/ui-request-interceptor/io.entgra.ui.request.interceptor/src/main/java/io/entgra/ui/request/interceptor/util/HandlerUtil.java @@ -507,8 +507,14 @@ public class HandlerUtil { if (log.isDebugEnabled()) { log.debug("refreshing the token"); } - HttpPost tokenEndpoint = new HttpPost( - gatewayUrl + HandlerConstants.TOKEN_ENDPOINT); + String iotsCorePort = System.getProperty("iot.core.https.port"); + if (HandlerConstants.HTTP_PROTOCOL.equals(req.getScheme())) { + iotsCorePort = System.getProperty("iot.core.http.port"); + } + String iotsCoreUrl = req.getScheme() + HandlerConstants.SCHEME_SEPARATOR + System.getProperty("iot.core.host") + + HandlerConstants.COLON + iotsCorePort; + + HttpPost tokenEndpoint = new HttpPost(iotsCoreUrl + HandlerConstants.TOKEN_ENDPOINT); HttpSession session = req.getSession(false); if (session == null) { log.error("Couldn't find a session, hence it is required to login and proceed.");